diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..d62ccb2 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,3 @@ +skip_list: + - '403' # allow for latest packages + - name[casing] diff --git a/group_vars/linodes.yml b/group_vars/linodes.yml index 7ba4156..17daa2a 100644 --- a/group_vars/linodes.yml +++ b/group_vars/linodes.yml @@ -9,7 +9,6 @@ services: - name: nextcloud - name: nginx-proxy-manager - name: uptime-kuma -#- name: docker-volume-backup - name: mariadb - name: photoprism - name: olivetin diff --git a/host_vars/qnap.yml b/host_vars/qnap.yml index 40e960c..2814354 100644 --- a/host_vars/qnap.yml +++ b/host_vars/qnap.yml @@ -42,8 +42,6 @@ services: endpoint_id: 2 - name: vpn-stack endpoint_id: 2 -#- name: docker-volume-backup -# endpoint_id: 2 - name: mariadb endpoint_id: 2 - name: photoprism diff --git a/playbooks/backup-docker-volumes.yml b/playbooks/backup-docker-volumes.yml index b577e5c..64a5b3e 100644 --- a/playbooks/backup-docker-volumes.yml +++ b/playbooks/backup-docker-volumes.yml @@ -1,5 +1,6 @@ --- -- hosts: qnap +- name: Backup Docker Volumes. + hosts: qnap become: true vars: # corrsponds to which category of backups will be used. @@ -8,12 +9,11 @@ pre_tasks: - name: Include vault variables. - include_vars: '../{{vault_file}}' + include_vars: '../{{ vault_file }}' tags: [always] tasks: - name: Find Containers With Backup Label - register: docker_info docker_host_info: containers: true containers_filters: @@ -21,12 +21,11 @@ - "ie.cianhatton.backup.enabled=true" - "ie.cianhatton.backup.schedule={{ schedule }}" register: filter_output - - debug: msg="{{filter_output}}" - name: Get Container Names set_fact: container_names="{{ filter_output.containers | map(attribute="Names") | flatten }}" - - debug: msg="{{container_names}}" + - debug: msg="{{ container_names }}" - name: Backup Containers with backup label include_role: diff --git a/playbooks/verify-homelab.yml b/playbooks/verify-homelab.yml index 55cdc2b..03eba59 100644 --- a/playbooks/verify-homelab.yml +++ b/playbooks/verify-homelab.yml @@ -30,7 +30,7 @@ register: image_details - name: Assert desired images exist assert: - that: {{item in image_details.images | map(attribute='RepoTags') | flatten: !!null ''}: !!null ''} + that: "{{ item in image_details.images | map(attribute='RepoTags') | flatten }}" with_items: '{{desired_docker_images}}' - name: Fetch Sudoers Files diff --git a/roles/setup_hosted_services/tasks/main.yml b/roles/setup_hosted_services/tasks/main.yml index f12bf68..8204f9a 100644 --- a/roles/setup_hosted_services/tasks/main.yml +++ b/roles/setup_hosted_services/tasks/main.yml @@ -106,20 +106,22 @@ with_items: '{{services}}' - name: Ensure Nightly Cron Backups + tags: ["cron"] ansible.builtin.cron: name: backup docker volumes (nightly) weekday: "0" minute: "0" hour: "3" user: ansible - job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=nightly" + job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=nightly >> /home/cianhatton/logs/nightly.log 2>&1" cron_file: ansible_nightly_docker_volume_backup - name: Ensure Monthly Cron Backups + tags: ["cron"] ansible.builtin.cron: name: backup docker volumes (monthly) month: "*" day : "1" user: ansible - job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=monthly" + job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=monthly >> /home/cianhatton/logs/monthly.log 2>&1" cron_file: ansible_monthly_docker_volume_backup diff --git a/roles/setup_mergerfs/tasks/main.yml b/roles/setup_mergerfs/tasks/main.yml index f10494d..08dcd2a 100644 --- a/roles/setup_mergerfs/tasks/main.yml +++ b/roles/setup_mergerfs/tasks/main.yml @@ -37,4 +37,4 @@ include_role: name: sprat.mergerfs vars: - mergerfs_mounts: '{{mounts}}' + mergerfs_mounts: '{{ mounts }}' diff --git a/roles/setup_portainer/meta/main.yml b/roles/setup_portainer/meta/main.yml index 6bfa85e..dd1892f 100644 --- a/roles/setup_portainer/meta/main.yml +++ b/roles/setup_portainer/meta/main.yml @@ -1,53 +1,15 @@ galaxy_info: author: Cian Hatton namespace: chatton - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 + description: Setup Portainer for my Home Lab license: MIT - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 + min_ansible_version: "2.1" + platforms: + - name: Debian + versions: + - all galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/setup_portainer/tasks/main.yml b/roles/setup_portainer/tasks/main.yml index da20b12..cfebbb7 100644 --- a/roles/setup_portainer/tasks/main.yml +++ b/roles/setup_portainer/tasks/main.yml @@ -1,27 +1,27 @@ -- name: Portainer | Create directory if it does not exist +--- +- name: Portainer | Create directory if it does not exist. ansible.builtin.file: - path: '{{directories.docker_compose_directory}}' + path: '{{ directories.docker_compose_directory }}' state: directory mode: '0755' -- name: Portainer | Copy docker compose file - copy: +- name: Portainer | Copy docker compose file. + ansible.builtin.copy: src: docker-compose.yml - dest: '{{directories.docker_compose_directory}}/docker-compose.yml' + dest: '{{ directories.docker_compose_directory }}/docker-compose.yml' - name: Portainer | Check if volume exists - shell: docker volume ls -f name=portainer_portainer_data --format '{{ '{{' }} .Name - {{ '}}' }}' + ansible.builtin.shell: docker volume ls -f name=portainer_portainer_data --format '{{ '{{' }} .Name {{ '}}' }}' register: portainer_volume changed_when: false - name: Portainer | Pull images docker_image: - name: '{{item}}' + name: '{{ item }}' source: pull with_items: - - ubuntu - - busybox + - ubuntu + - busybox - name: Docker Volume Backup | Restore Portainer volume from S3 when: (portainer_volume.stdout_lines | length) == 0 @@ -31,34 +31,17 @@ name: s3-restore-portainer cleanup: true # delete container after it's done. state: started # container should execute. - detach: no # task fails if container exits. + detach: false # task fails if container exits. volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /tmp:/tmp # temp s3 archive goes here + - /var/run/docker.sock:/var/run/docker.sock + - /tmp:/tmp # temp s3 archive goes here env: - AWS_ACCESS_KEY_ID: '{{aws_s3.aws_access_key}}' - AWS_SECRET_ACCESS_KEY: '{{aws_s3.aws_secret_key}}' - AWS_DEFAULT_REGION: '{{aws_s3.region}}' - AWS_BUCKET: '{{aws_s3.bucket}}' - AWS_ENDPOINT: '{{aws_s3.s3_url}}' - + AWS_ACCESS_KEY_ID: '{{ aws_s3.aws_access_key }}' + AWS_SECRET_ACCESS_KEY: '{{ aws_s3.aws_secret_key }}' + AWS_DEFAULT_REGION: '{{ aws_s3.region }}' + AWS_BUCKET: '{{ aws_s3.bucket }}' + AWS_ENDPOINT: '{{ aws_s3.s3_url }}' - name: Portainer | Docker compose up community.docker.docker_compose: - project_src: '{{directories.docker_compose_directory}}/portainer' - -# Don't really need this as long as there is an S3 backup. -#- name: Portainer | Register Admin User -# when: (portainer_volume.stdout_lines | length) == 0 -# uri: -# url: http://localhost:9000/api/users/admin/init -# method: POST -# body: -# Username: admin -# Password: "{{portainer.password}}" -# status_code: 200 -# body_format: json -# register: result -# until: result.status == 200 -# retries: 60 -# delay: 1 + project_src: '{{ directories.docker_compose_directory }}/portainer' diff --git a/roles/setup_samba/defaults/main.yml b/roles/setup_samba/defaults/main.yml index b33b858..1316efe 100644 --- a/roles/setup_samba/defaults/main.yml +++ b/roles/setup_samba/defaults/main.yml @@ -1,9 +1,10 @@ +--- samba_group: smbgroup samba_user: smbuser users: -- name: cianhatton + - name: cianhatton shares: -- /share -- /share/public_files -- /share/private_files -- /share/cian_files + - /share + - /share/public_files + - /share/private_files + - /share/cian_files diff --git a/roles/setup_samba/meta/main.yml b/roles/setup_samba/meta/main.yml index 6bfa85e..5cd1659 100644 --- a/roles/setup_samba/meta/main.yml +++ b/roles/setup_samba/meta/main.yml @@ -1,53 +1,15 @@ galaxy_info: author: Cian Hatton namespace: chatton - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 + description: Setup Samba Shares for my Home Lab. license: MIT - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 + min_ansible_version: "2.1" + platforms: + - name: Debian + versions: + - all galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/setup_samba/tasks/main.yml b/roles/setup_samba/tasks/main.yml index 04f9c57..0531306 100644 --- a/roles/setup_samba/tasks/main.yml +++ b/roles/setup_samba/tasks/main.yml @@ -1,53 +1,57 @@ -- name: Install samba packages using apt - apt: +--- +- name: Install samba packages using apt. + ansible.builtin.apt: name: - - samba + - samba state: present update_cache: true -- name: Ensure samba group exists +- name: Ensure samba group exists. ansible.builtin.group: - name: '{{samba_group}}' + name: '{{ samba_group }}' state: present system: true notify: - - reload-samba + - reload-samba -- name: Ensure samba user +- name: Ensure samba user. ansible.builtin.user: - name: '{{samba_user}}' + name: '{{ samba_user }}' comment: Samba user - group: '{{samba_group}}' + group: '{{ samba_group }}' shell: /bin/false create_home: false notify: - - reload-samba + - reload-samba -- name: Add the User(s) to Samba group - user: +- name: Add the User(s) to Samba group. + ansible.builtin.user: name: '{{ item.name }}' groups: '{{ samba_group }}' append: true - with_items: '{{users}}' + with_items: '{{ users }}' -- name: Ensure Share directories +- name: Ensure Share directories. ansible.builtin.file: - path: '{{item}}' + path: '{{ item }}' recurse: true state: directory - owner: '{{samba_user}}' - group: '{{samba_group}}' + owner: '{{ samba_user }}' + group: '{{ samba_group }}' mode: u+rw,g+rw - with_items: '{{shares}}' + with_items: '{{ shares }}' notify: - - reload-samba + - reload-samba -- name: Copy smb conf files - copy: - src: '{{item}}' - dest: /etc/samba/{{item}} +- name: Copy smb conf files. + ansible.builtin.copy: + src: '{{ item }}' + dest: "/etc/samba/{{ item }}" + mode: 0644 + owner: "{{ samba_user }}" + group: "{{ samba_group }}" with_items: - - smb.conf - - shares.conf + - smb.conf + - shares.conf notify: - - reload-samba + - reload-samba diff --git a/roles/setup_users/meta/main.yml b/roles/setup_users/meta/main.yml index 6bfa85e..a12128c 100644 --- a/roles/setup_users/meta/main.yml +++ b/roles/setup_users/meta/main.yml @@ -1,53 +1,15 @@ galaxy_info: author: Cian Hatton namespace: chatton - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 + description: Setup users for my Home Lab license: MIT - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 + min_ansible_version: "2.1" + platforms: + - name: Debian + versions: + - all galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/setup_users/tasks/main.yml b/roles/setup_users/tasks/main.yml index f8989ce..f9f9dba 100644 --- a/roles/setup_users/tasks/main.yml +++ b/roles/setup_users/tasks/main.yml @@ -1,39 +1,42 @@ # https://stackoverflow.com/questions/37333305/ansible-create-a-user-with-sudo-privileges -- name: Install Sudo - apt: +- name: Install Sudo. + ansible.builtin.apt: pkg: - - sudo + - sudo state: latest update_cache: true -- name: Make sure we have a groups - group: +- name: Make sure we have a groups. + ansible.builtin.group: name: '{{ item.group }}' state: present with_items: '{{ users }}' -- name: Add Users +- name: Add Users. ansible.builtin.user: name: '{{ item.name }}' comment: '{{ item.name }} user' group: '{{ item.group }}' with_items: '{{ users }}' -- name: Add sudoers - template: +- name: Add sudoers. + ansible.builtin.template: src: sudoers.j2 - dest: /etc/sudoers.d/{{item.name}} + dest: /etc/sudoers.d/{{ item.name }} mode: 0440 with_items: '{{ users }}' - when: item.passwordless_sudo == true + when: item.passwordless_sudo -- name: Set authorized key +- name: Set authorized key. authorized_key: user: '{{ homelab_user }}' state: present key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" -- name: Copy Bashrc - copy: +- name: Copy Bashrc. + ansible.builtin.copy: src: bash_rc dest: "/home/{{ homelab_user }}/.bash_rc" + group: "{{ homelab_user }}" + owner: "{{ homelab_user }}" + mode: 0644