adding makefile

3 years ago · f095a3467d
parent b435fe12af
commit f095a3467d
8 changed files with 83 additions and 40 deletions
--- a/16
+++ b/16
@ -0,0 +1,16 @@
+#!/usr/bin/make -f
+all: deps bootstrap homelab
+
+SHELL := /bin/bash
+bootstrap:
+	ansible-playbook bootstrap.yml -K -e ansible_ssh_user=cianhatton -e ansible_ssh_private_key_file=~/.ssh/id_rsa
+
+qnap:
+	ansible-playbook setup-homelab.yml --limit qnap
+
+homelab:
+	ansible-playbook setup-homelab.yml
+
+deps:
+	pip install -r requirements.txt
+	ansible-galaxy install -r requirements.yml
--- a/bootstrap.yml
+++ b/bootstrap.yml
@ -1,5 +1,19 @@
 ---
+# needs to be run with a different user with access to create ansible key and user.
+# e.g.
+# ansible-playbook bootstrap.yml -e ansible_ssh_user=cianhatton
+# might additionally require -K if your user requires password for sudo.
+
+- name: Generate SSH Key for ansible
+  hosts: localhost
+  connection: local
+  tasks:
+    - name: Generate an OpenSSH rsa keypair for ansible
+      community.crypto.openssh_keypair:
+        path: ~/.ssh/ansible
+        passphrase: ""
+
 - hosts: all
  become: true
  roles:
-    - role: 'roles/bootstrap'
+    - role: bootstrap
--- a/group_vars/servers.yml
+++ b/group_vars/servers.yml
@ -24,7 +24,6 @@ olivetin:

 docker_networks: []

-homelab_group: cianhatton
 homelab_user: cianhatton

 configure_samba: true
@ -32,6 +31,9 @@ samba_group: smbgroup
 samba_user: smbuser
 users:
  - name: cianhatton
+    group: cianhatton
+    passwordless_sudo: true
+
 shares:
  - /share
  - /share/public_files
--- a/hosts.ini
+++ b/hosts.ini
@ -7,6 +7,10 @@ linodes
 [qnaps]
 qnap

+
+[dockerhosts]
+qnap
+
 # BEGIN ANSIBLE MANAGED BLOCK
 [linodes]
 # END ANSIBLE MANAGED BLOCK
--- a/roles/bootstrap/tasks/main.yml
+++ b/roles/bootstrap/tasks/main.yml
@ -14,6 +14,7 @@
  user:
    name: ansible
    groups: root
+    system: true

 - name: Add ssh key for ansible
  authorized_key:
--- a/roles/setup_users/tasks/main.yml
+++ b/roles/setup_users/tasks/main.yml
@ -6,24 +6,25 @@
    state: latest
    update_cache: true

- name: Make sure we have a '{{homelab_group}}' group
+- name: Make sure we have a  groups
  group:
-    name: "{{homelab_group}}"
+    name: "{{item.group}}"
    state: present
- name: Allow '{{homelab_user}}' group to have passwordless sudo
-  lineinfile:
-    dest: /etc/sudoers
-    state: present
-    regexp: '^%{{homelab_user}}'
-    line: '%{{homelab_user}} ALL=(ALL) NOPASSWD: ALL'
-    validate: 'visudo -cf %s'
+  with_items: "{{users}}"

- name: Add User
+- name: Add Users
  ansible.builtin.user:
-    name: "{{homelab_user}}"
-    comment: "{{homelab_user}} user"
-    uid: 1000
-    group: "{{homelab_group}}"
+    name: "{{item.name}}"
+    comment: "{{item.name}} user"
+    group: "{{item.group}}"
+  with_items: "{{users}}"
+
+- name: Add sudoers
+  template:
+    src: sudoers.j2
+    dest: "/etc/sudoers.d/{{item.name}}"
+  with_items: "{{users}}"
+  when: item.passwordless_sudo == true

 - name: Set authorized key
  authorized_key:
--- a/roles/setup_users/templates/sudoers.j2
+++ b/roles/setup_users/templates/sudoers.j2
@ -0,0 +1 @@
+{{item.name}} ALL=(ALL) NOPASSWD: ALL
--- a/setup-homelab.yml
+++ b/setup-homelab.yml
@ -1,31 +1,42 @@
 ---
- hosts: qnap
+- name: Update packages and ensure users on all hosts
+  tags: ["always"]
+  hosts: all
  become: true
-
  pre_tasks:
-    - name: Include vault variables.
-      include_vars: "{{vault_file}}"
-      tags: ["always"]
    - name: Update Packages
      apt:
        upgrade: dist
        update_cache: true
+  roles:
+    - role: setup_users
+
+- name: Install docker on docker hosts
+  hosts: dockerhosts
+  become: true
+  roles:
+    - role: setup_docker
+      tags: ["setup","docker"]
+
+- name: Setup and deploy services on the QNAP
+  hosts: qnap
+  become: true
+  pre_tasks:
+    - name: Include vault variables.
+      include_vars: "{{vault_file}}"
      tags: ["always"]

  roles:
-    - role: 'roles/setup_mergerfs'
+    - role: setup_mergerfs
      tags: ["mergerfs"]
-    - role: 'roles/setup_users'
-      tags: ["users"]
-    - role: 'roles/setup_samba'
+    - role: setup_samba
      tags: ["samba"]
-    - role: 'roles/setup_docker'
-      tags: ["docker"]
-    - role: 'roles/setup_portainer'
-      tags: ["portainer"]
-    - role: 'roles/setup_hosted_services'
+    - role: setup_portainer
+      tags: ["services", "portainer"]
+    - role: setup_hosted_services
      tags: ["services"]

+
 - hosts: linodes
  become: true

@ -33,18 +44,11 @@
    - name: Include vault variables.
      include_vars: "{{vault_file}}"
      tags: ["always"]
-    - name: Update Packages
-      apt:
-        upgrade: dist
-        update_cache: true
-      tags: ["always"]

  roles:
-    - role: 'roles/setup_users'
-      tags: ["users"]
-    - role: 'roles/setup_samba'
+    - role: setup_samba
      tags: ["samba"]
-    - role: 'roles/setup_docker'
+    - role: setup_docker
      tags: ["docker"]
-    - role: 'roles/setup_hosted_services'
+    - role: setup_hosted_services
      tags: ["services"]