From af28c9ad766b5732878a3a4ea6a070e24edea0db Mon Sep 17 00:00:00 2001 From: Cian Hatton Date: Wed, 7 Sep 2022 18:50:49 +0100 Subject: [PATCH] Add SNUNMU server (#28) --- Makefile | 9 +++++++- group_vars/servers.yml | 12 +++++++---- host_vars/qnap.yml | 24 ++++++++------------- host_vars/snunmu.yml | 9 ++++++++ hosts.ini | 4 ++++ playbooks/bootstrap.yml | 1 + playbooks/setup-homelab.yml | 17 ++++++--------- roles/bootstrap/files/sources_list | 8 +++++++ roles/bootstrap/files/sudoer_ansible | 1 - roles/bootstrap/tasks/main.yml | 19 ++++++++++++---- roles/bootstrap/templates/sudoer_file | 1 + roles/deploy_portainer_stack/tasks/main.yml | 1 + roles/setup_hosted_services/tasks/main.yml | 15 ++++++++----- 13 files changed, 81 insertions(+), 40 deletions(-) create mode 100644 host_vars/snunmu.yml create mode 100644 roles/bootstrap/files/sources_list delete mode 100644 roles/bootstrap/files/sudoer_ansible create mode 100644 roles/bootstrap/templates/sudoer_file diff --git a/Makefile b/Makefile index 338511b..a313b40 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,14 @@ bootstrap: qnap: ansible-playbook playbooks/setup-homelab.yml --limit qnap -homelab: bootstrap +services: + ansible-playbook playbooks/setup-homelab.yml --tags services + +snunmu: + ansible-playbook playbooks/setup-homelab.yml --limit snunmu + + +homelab: ansible-playbook playbooks/setup-homelab.yml verify: diff --git a/group_vars/servers.yml b/group_vars/servers.yml index 8535acd..c6f8119 100644 --- a/group_vars/servers.yml +++ b/group_vars/servers.yml @@ -15,11 +15,11 @@ olivetin: config_file: config.yml config_directory: /etc/config/OliveTin -docker_networks: [] - homelab_user: cianhatton -configure_samba: true + +configure_mergerfs: false +configure_samba: false samba_group: smbgroup samba_user: smbuser users: @@ -51,4 +51,8 @@ directories: desired_docker_images: - ubuntu:latest - - busybox:latest + +portainer_endpoint: -1 +portainer_host: false +portainer_base_url: "http://qnap:9000" +external_docker_networks: [] diff --git a/host_vars/qnap.yml b/host_vars/qnap.yml index 7be206f..0c2349f 100644 --- a/host_vars/qnap.yml +++ b/host_vars/qnap.yml @@ -1,6 +1,7 @@ # all encrypted variables should go in the linked file. vault_file: vault_vars/qnap-vault.yml # any qnap specific variables go here +configure_mergerfs: true mounts: - path: /mnt/mergerfs state: mounted @@ -10,6 +11,10 @@ mounts: - /mnt/data/device2 options: allow_other,use_ino + +configure_samba: true +portainer_host: true + devices: - uuid: a54c1bde-1400-4975-bf24-08c603ca3a11 # /dev/sdc1 path: /mnt/data/device0 @@ -25,48 +30,37 @@ devices: external_docker_networks: - mariadb_net +ansible_pull_path: /home/{{ homelab_user }}/.local/bin/ansible-pull + +portainer_endpoint: 2 + services: - name: gitea - endpoint_id: &qnap_endpoint 2 template_vars: image: gitea/gitea tag: 1.16.9 - name: mealie - endpoint_id: *qnap_endpoint - template_vars: {} - - name: linkding - endpoint_id: *qnap_endpoint template_vars: {} - name: overseerr - endpoint_id: *qnap_endpoint template_vars: {} - name: nextcloud - endpoint_id: *qnap_endpoint template_vars: default_network: mariadb_net - name: dashboards - endpoint_id: *qnap_endpoint template_vars: {} - name: nginx-proxy-manager - endpoint_id: *qnap_endpoint template_vars: {} - name: plex - endpoint_id: *qnap_endpoint template_vars: {} - name: uptime-kuma - endpoint_id: *qnap_endpoint template_vars: {} - name: vpn-stack - endpoint_id: *qnap_endpoint template_vars: {} - name: mariadb - endpoint_id: *qnap_endpoint template_vars: default_network: mariadb_net - name: photoprism - endpoint_id: *qnap_endpoint template_vars: default_network: mariadb_net - name: olivetin - endpoint_id: *qnap_endpoint template_vars: {} diff --git a/host_vars/snunmu.yml b/host_vars/snunmu.yml new file mode 100644 index 0000000..f214e5c --- /dev/null +++ b/host_vars/snunmu.yml @@ -0,0 +1,9 @@ +--- +vault_file: vault_vars/qnap-vault.yml + +portainer_endpoint: 23 +services: + - name: linkding + template_vars: {} + +ansible_pull_path: /usr/local/bin/ansible-pull diff --git a/hosts.ini b/hosts.ini index 1139785..1a573fc 100644 --- a/hosts.ini +++ b/hosts.ini @@ -3,13 +3,17 @@ [servers:children] qnaps linodes +snunmus [qnaps] qnap +[snunmus] +snunmu [dockerhosts] qnap +snunmu # BEGIN ANSIBLE MANAGED BLOCK [linodes] diff --git a/playbooks/bootstrap.yml b/playbooks/bootstrap.yml index ce5ceb2..b36a63d 100644 --- a/playbooks/bootstrap.yml +++ b/playbooks/bootstrap.yml @@ -15,5 +15,6 @@ - name: Bootstrap Ansible hosts. hosts: all become: true + become_method: su roles: - role: bootstrap diff --git a/playbooks/setup-homelab.yml b/playbooks/setup-homelab.yml index ec9dd84..18c32b0 100644 --- a/playbooks/setup-homelab.yml +++ b/playbooks/setup-homelab.yml @@ -11,15 +11,8 @@ roles: - role: setup_users -- name: Install docker on docker hosts - hosts: dockerhosts - become: true - roles: - - role: setup_docker - tags: [setup, docker] - -- name: Setup and deploy services on the QNAP - hosts: qnap +- name: Setup and deploy services. + hosts: servers become: true pre_tasks: - name: Include vault variables. @@ -29,14 +22,18 @@ roles: - role: setup_mergerfs tags: [mergerfs] + when: configure_mergerfs - role: setup_samba + when: configure_samba tags: [samba] + - role: setup_docker + tags: [setup, docker] - role: setup_portainer + when: portainer_host tags: [services, portainer] - role: setup_hosted_services tags: [services] - - name: Setup home lab on linode instances. hosts: linodes become: true diff --git a/roles/bootstrap/files/sources_list b/roles/bootstrap/files/sources_list new file mode 100644 index 0000000..4209473 --- /dev/null +++ b/roles/bootstrap/files/sources_list @@ -0,0 +1,8 @@ +deb http://deb.debian.org/debian bullseye main +deb-src http://deb.debian.org/debian bullseye main + +deb http://deb.debian.org/debian-security/ bullseye-security main +deb-src http://deb.debian.org/debian-security/ bullseye-security main + +deb http://deb.debian.org/debian bullseye-updates main +deb-src http://deb.debian.org/debian bullseye-updates main diff --git a/roles/bootstrap/files/sudoer_ansible b/roles/bootstrap/files/sudoer_ansible deleted file mode 100644 index 9888393..0000000 --- a/roles/bootstrap/files/sudoer_ansible +++ /dev/null @@ -1 +0,0 @@ -ansible ALL=(ALL) NOPASSWD: ALL diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index ca8cdbd..48ce1da 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: Add sources list + ansible.builtin.copy: + src: sources_list + dest: /etc/apt/sources.list + owner: root + group: root + mode: 0440 + - name: Update Packages ansible.builtin.apt: upgrade: dist @@ -16,10 +24,13 @@ state: present key: "{{ lookup('file', '~/.ssh/ansible.pub') }}" -- name: Add sudoers file for ansible - ansible.builtin.copy: - src: sudoer_ansible - dest: /etc/sudoers.d/ansible +- name: Add sudoers files + ansible.builtin.template: + src: sudoer_file + dest: "/etc/sudoers.d/{{ item }}" owner: root group: root mode: 0440 + with_items: + - ansible + - cianhatton diff --git a/roles/bootstrap/templates/sudoer_file b/roles/bootstrap/templates/sudoer_file new file mode 100644 index 0000000..43a250a --- /dev/null +++ b/roles/bootstrap/templates/sudoer_file @@ -0,0 +1 @@ +{{ item }} ALL=(ALL) NOPASSWD: ALL diff --git a/roles/deploy_portainer_stack/tasks/main.yml b/roles/deploy_portainer_stack/tasks/main.yml index 0b63809..03ad358 100644 --- a/roles/deploy_portainer_stack/tasks/main.yml +++ b/roles/deploy_portainer_stack/tasks/main.yml @@ -56,6 +56,7 @@ chatton.portainer.portainer_stack: username: admin password: '{{ portainer.password }}' + base_url: '{{ portainer_base_url }}' docker_compose_file_path: '{{ directories.docker_compose_directory }}/{{ portainer_stack_name }}/docker-compose.yml' stack_name: '{{ portainer_stack_name }}' endpoint_id: '{{ portainer_stack_endpoint_id }}' diff --git a/roles/setup_hosted_services/tasks/main.yml b/roles/setup_hosted_services/tasks/main.yml index 2b8fc1d..38ce430 100644 --- a/roles/setup_hosted_services/tasks/main.yml +++ b/roles/setup_hosted_services/tasks/main.yml @@ -1,4 +1,9 @@ --- +- name: Install Modules for Python + ansible.builtin.pip: + name: + - boto3 + - name: Docker | Pull images docker_image: name: '{{ item }}' @@ -47,7 +52,7 @@ name: deploy_portainer_stack vars: portainer_stack_name: "{{ item.name }}" - portainer_stack_endpoint_id: "{{ item.endpoint_id }}" + portainer_stack_endpoint_id: "{{ portainer_endpoint }}" portainer_stack_template_vars: "{{ item.template_vars | default({}) }}" with_items: "{{ services }}" @@ -67,8 +72,8 @@ hour: "4" user: "{{ homelab_user }}" job: > - /home/{{ homelab_user }}/.local/bin/ansible-pull - -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=nightly >> ~/logs/nightly.log 2>&1 + {{ ansible_pull_path }} + -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=nightly >> ~/logs/nightly.log 2>&1 cron_file: ansible_nightly_docker_volume_backup state: present @@ -80,7 +85,7 @@ day: "0" user: "{{ homelab_user }}" job: > - /home/{{ homelab_user }}/.local/bin/ansible-pull - -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=monthly >> ~/logs/monthly.log 2>&1 + {{ ansible_pull_path }} + -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=monthly >> ~/logs/monthly.log 2>&1 cron_file: ansible_monthly_docker_volume_backup state: present