First Upload
This commit is contained in:
Ansible Bot
commit
fa82987e71
|
|
@ -0,0 +1,15 @@
|
|||
[defaults]
|
||||
# Wo liegen meine Server?
|
||||
inventory = inventory/hosts.ini
|
||||
|
||||
# Wo liegen meine Rollen?
|
||||
roles_path = roles
|
||||
|
||||
# Host Key checking ausschalten -> sonst "Are you sure .. fingerprint" - da homelab sicher
|
||||
host_key_checking = False
|
||||
|
||||
# keine retry dateien erstellen
|
||||
retry_files_enabled = False
|
||||
|
||||
# Output zu YAML und nicht JSON
|
||||
stdout_callback = yaml
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
# GRUPPE: alle Debian LXC Container
|
||||
[lxc_debian]
|
||||
# +Format: Alias_Name ansible_host=IP-Adresse
|
||||
test1 ansible_host=192.168.178.49 enable_wireguard_routing=True
|
||||
|
||||
# +Pi-Hole Beispiel, Host-Variable gewinnt vor Gruppen-Variable
|
||||
#pihole ansible_host=192.168.178.11 enable_wireguard_routing=True
|
||||
|
||||
# VARIABLEN fuer die Gruppe [lxc_debian]
|
||||
[lxc_debian:vars]
|
||||
# +Login immer als root
|
||||
ansible_user=root
|
||||
# +WireGuard Routen Konfig
|
||||
wg_gateway=192.168.178.12
|
||||
wg_subnet=10.0.0.0/24
|
||||
# +WireGuard Route default disable
|
||||
enable_wireguard_routing=False
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
# GRUPPE: alle Debian LXC Container
|
||||
[lxc_debian]
|
||||
# +Format: Alias_Name ansible_host=IP-Adresse
|
||||
pihole ansible_host=192.168.178.11 enable_wireguard_routing=true
|
||||
#wireguardGW ansible_host=192.168.178.12
|
||||
web1 ansible_host=192.168.178.13 enable_wireguard_routing=true
|
||||
web-conectare ansible_host=192.168.178.14 enable_wireguard_routing=true
|
||||
vaultwarden ansible_host=192.168.178.15 enable_wireguard_routing=true
|
||||
guacamole ansible_host=192.168.178.16 enable_wireguard_routing=true
|
||||
checkmk ansible_host=192.168.178.19 enable_wireguard_routing=true
|
||||
gitea ansible_host=192.168.178.20 enable_wireguard_routing=true
|
||||
ansible_ctl ansible_host=127.0.0.1 ansible_connection=local
|
||||
test1 ansible_host=192.168.178.49
|
||||
|
||||
# +Pi-Hole Beispiel, Host-Variable gewinnt vor Gruppen-Variable
|
||||
#pihole ansible_host=192.168.178.11 enable_wireguard_routing=true
|
||||
|
||||
# VARIABLEN fuer die Gruppe [lxc_debian]
|
||||
[lxc_debian:vars]
|
||||
# +Login immer als root
|
||||
ansible_user=root
|
||||
# +WireGuard Routen Konfig
|
||||
wg_gateway=192.168.178.12
|
||||
wg_subnet=10.0.0.0/24
|
||||
# +WireGuard Route default disable
|
||||
enable_wireguard_routing=false
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- name: Setup Base Config for LXCs von Debain Base
|
||||
# auf welche Hosts soll das angewendet werden? -> Auf die lxc debian grp
|
||||
hosts: lxc_debian
|
||||
# sudo werden? Ja
|
||||
become: yes
|
||||
# welche Rollen sollen durchlaufen?
|
||||
roles:
|
||||
- debian_base
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
# Dieser Handler wird aufgerufen, wenn wir die Route in /etc/network/interfaces eingetragen haben.
|
||||
# # Er sorgt dafür, dass die Route SOFORT aktiv ist, ohne Reboot.
|
||||
|
||||
- name: Set route live
|
||||
command: ip route add {{ wg_subnet }} via {{ wg_gateway }} dev eth0
|
||||
# ignore_errors: Falls die Route zufällig doch schon da ist (manuell gesetzt), stürzt Ansible nicht ab.
|
||||
ignore_errors: true
|
||||
# Wir führen das auch nur aus, wenn WireGuard Routing aktiv sein soll (Sicherheitshalber)
|
||||
when: enable_wireguard_routing | default(false) | bool
|
||||
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
- name: Update apt cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: Ensure locales package is installed
|
||||
apt:
|
||||
name: locales
|
||||
state: present
|
||||
|
||||
- name: Generate locales (en_US and de_DE)
|
||||
locale_gen:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- en_US.UTF-8
|
||||
- de_DE.UTF-8
|
||||
|
||||
- name: Set default system locale to en_US.UTF-8
|
||||
command: update-locale LANG=en_US.UTF-8
|
||||
changed_when: false
|
||||
|
||||
- name: Install standard packages
|
||||
apt:
|
||||
name:
|
||||
- vim
|
||||
- curl
|
||||
- wget
|
||||
- htop
|
||||
- net-tools
|
||||
- git
|
||||
- bash-completion
|
||||
- iproute2
|
||||
state: present
|
||||
|
||||
- name: Set vim as default editor
|
||||
command: update-alternatives --set editor /usr/bin/vim.basic
|
||||
ignore_errors: true
|
||||
changed_when: false
|
||||
|
||||
- name: Ensure WireGuard static route in in /etc/network/interfaces
|
||||
lineinfile:
|
||||
path: /etc/network/interfaces
|
||||
regexp: '^up ip route add {{ wg_subnet }} via {{ wg_gateway }}'
|
||||
line: 'up ip route add {{ wg_subnet }} via {{ wg_gateway }} dev eth0'
|
||||
state: present
|
||||
when: enable_wireguard_routing | default(false) | bool
|
||||
notify: Set route live
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
1) ansible/ansible.cfg
|
||||
Grundsaetzliches Verhalten von Ansible
|
||||
Regelwerk fuers Projekt
|
||||
|
||||
2) ansible/inventory/hosts.ini
|
||||
Ist das "Telefonbuch" - hier stehen alle Server drin die Ansible kennen soll
|
||||
Man kann diese gruppieren
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Haben alle Ziel-Hosts deinen SSH-Key?
|
||||
Falls nicht: ssh-copy-id root@192.168.178.12 (für Pihole), .20 (Gitea) usw.
|
||||
|
||||
Testlauf:
|
||||
|
||||
bash
|
||||
cd ~/projects/infra-konstrukt/ansible
|
||||
ansible-playbook playbooks/site.yml --check
|
||||
(Das --check ist der Trockenlauf. Er zeigt dir, was er tun WÜRDE.)
|
||||
Loading…
Reference in New Issue