From d4796323d8ed08f4cfb1fc088cfaf5a46f4deb5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Mon, 16 Dec 2024 15:00:59 +0200 Subject: [PATCH] Tasks Add --- tasks/.gitkeep | 0 tasks/deployer.yml | 25 ++++++++ tasks/installer.yml | 131 ++++++++++++++++++++++++++++++++++++++++++ tasks/maintenance.yml | 36 ++++++++++++ 4 files changed, 192 insertions(+) delete mode 100644 tasks/.gitkeep create mode 100644 tasks/deployer.yml create mode 100644 tasks/installer.yml create mode 100644 tasks/maintenance.yml diff --git a/tasks/.gitkeep b/tasks/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/tasks/deployer.yml b/tasks/deployer.yml new file mode 100644 index 0000000..5987b91 --- /dev/null +++ b/tasks/deployer.yml @@ -0,0 +1,25 @@ +--- +- name: "Deployer - Certbot - Renew Certificates" + command: "certbot renew --config-dir ~/data/letsencrypt/config --logs-dir ~/data/letsencrypt/logs --work-dir ~/data/letsencrypt/work" + register: task + changed_when: task.stdout.find("No renewals were attempted.") == -1 + tags: + - certbot + - tls + +- name: "Deployer - Certbot - Copy Certificates" + copy: + src: "~/data/letsencrypt/live/{{ cert }}/" + dest: "~/data/certificates/{{ cert }}/" + follow: true + loop: "{{ certs }}" + loop_control: + label: "{{ cert }}" + loop_var: "cert" + vars: + certs: + - arcadiamc + register: task + tags: + - certbot + - tls diff --git a/tasks/installer.yml b/tasks/installer.yml new file mode 100644 index 0000000..99acc8a --- /dev/null +++ b/tasks/installer.yml @@ -0,0 +1,131 @@ +--- +- name: "Installer - Ansible - Python Library" + pip: + name: ansible + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + tags: + - ansible + +- name: "Installer : Ansible : Create Folder" + file: + path: ~/bin + state: directory + tags: + - ansible + +- name: "Installer : Ansible : Create Symbolic Links" + ansible.builtin.file: + src: ~/.venv/ansible/bin/{{ binary }} + dest: ~/bin/{{ binary }} + state: link + vars: + binaries: + - ansible + - ansible-community + - ansible-config + - ansible-console + - ansible-doc + - ansible-galaxy + - ansible-inventory + - ansible-playbook + - ansible-pull + - ansible-test + - ansible-vault + loop: "{{ binaries }}" + loop_control: + label: "{{ binary }}" + loop_var: "binary" + tags: + - ansible + +- name: "Installer - Ansible - Dependencies / Python Libraries" + pip: + name: "{{ library }}" + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + vars: + libraries: + - cryptography + - dnspython + - hvac + - jmespath + - netaddr + - pexpect + loop: "{{ libraries }}" + loop_control: + label: "{{ library }}" + loop_var: "library" + +- name: "Installer : Certbot : Install" + pip: + name: certbot + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + tags: + - certbot + +- name: "Installer : Certbot : Create Symbolic Links" + ansible.builtin.file: + src: ~/.venv/ansible/bin/{{ binary }} + dest: ~/bin/{{ binary }} + state: link + vars: + binaries: + - certbot + loop: "{{ binaries }}" + loop_control: + label: "{{ binary }}" + loop_var: "binary" + tags: + - certbot + +- name: "Installer : Certbot : Auth Hook" + get_url: + url: "https://git.waren.io/warengroup/acme-dns-auth/raw/branch/master/acme-dns-auth.py" + dest: "~/data/letsencrypt/config/renewal-hooks/pre/acme-dns-auth.py" + mode: '700' + force: true + tags: + - certbot + +- name: "Installer : Certbot : Create Certificates" + command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges dns-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook ~/data/letsencrypt/config/renewal-hooks/pre/acme-dns-auth.py --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }} --config-dir ~/data/letsencrypt/config --logs-dir ~/data/letsencrypt/logs --work-dir ~/data/letsencrypt/work" + loop: "{{ certs }}" + loop_control: + label: "{{ cert.name }}" + loop_var: "cert" + vars: + certs: + arcadiamc: + name: arcadiamc + email: mattez02.contact@gmail.com + domains: + - arcadiamc.wgi.fi + register: task + changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1 + tags: + - certbot + +- name: "Installer : Schedule : Maintenance" + cron: + name: "Matte - Maintenance" + hour: "*/3" + minute: "0" + job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t maintenance" + tags: + - cron + +- name: "Installer : Schedule : Deployer" + cron: + name: "Matte - Deployer" + minute: "*/5" + job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t deployer" + tags: + - cron diff --git a/tasks/maintenance.yml b/tasks/maintenance.yml new file mode 100644 index 0000000..7cd4414 --- /dev/null +++ b/tasks/maintenance.yml @@ -0,0 +1,36 @@ +--- +- name: "Installer - Ansible - Dependencies / Python Libraries" + pip: + name: "{{ library }}" + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + vars: + libraries: + - cryptography + - dnspython + - hvac + - jmespath + - netaddr + - pexpect + loop: "{{ libraries }}" + loop_control: + label: "{{ library }}" + loop_var: "library" + +- name: "Maintenance : Ansible : Update" + pip: + name: ansible + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + +- name: "Maintenance : Podman : Prune" + containers.podman.podman_prune: + container: yes + image: yes + image_filters: + dangling_only: no + volume: yes