mirror of
https://github.com/MatteZ02/infra.git
synced 2024-12-22 08:23:18 +00:00
131 lines
3.7 KiB
YAML
131 lines
3.7 KiB
YAML
---
|
|
- name: "Installer - Ansible - Python Library"
|
|
pip:
|
|
name: ansible
|
|
state: latest
|
|
extra_args: --upgrade
|
|
virtualenv: ~/.venv/ansible
|
|
virtualenv_command: "python3 -m venv"
|
|
tags:
|
|
- ansible
|
|
|
|
- name: "Installer : Ansible : Create Folder"
|
|
file:
|
|
path: ~/bin
|
|
state: directory
|
|
tags:
|
|
- ansible
|
|
|
|
- name: "Installer : Ansible : Create Symbolic Links"
|
|
ansible.builtin.file:
|
|
src: ~/.venv/ansible/bin/{{ binary }}
|
|
dest: ~/bin/{{ binary }}
|
|
state: link
|
|
vars:
|
|
binaries:
|
|
- ansible
|
|
- ansible-community
|
|
- ansible-config
|
|
- ansible-console
|
|
- ansible-doc
|
|
- ansible-galaxy
|
|
- ansible-inventory
|
|
- ansible-playbook
|
|
- ansible-pull
|
|
- ansible-test
|
|
- ansible-vault
|
|
loop: "{{ binaries }}"
|
|
loop_control:
|
|
label: "{{ binary }}"
|
|
loop_var: "binary"
|
|
tags:
|
|
- ansible
|
|
|
|
- name: "Installer - Ansible - Dependencies / Python Libraries"
|
|
pip:
|
|
name: "{{ library }}"
|
|
state: latest
|
|
extra_args: --upgrade
|
|
virtualenv: ~/.venv/ansible
|
|
virtualenv_command: "python3 -m venv"
|
|
vars:
|
|
libraries:
|
|
- cryptography
|
|
- dnspython
|
|
- hvac
|
|
- jmespath
|
|
- netaddr
|
|
- pexpect
|
|
loop: "{{ libraries }}"
|
|
loop_control:
|
|
label: "{{ library }}"
|
|
loop_var: "library"
|
|
|
|
- name: "Installer : Certbot : Auth Hook - Create Folder"
|
|
file:
|
|
path: ~/data/certbot/auth-hooks
|
|
state: directory
|
|
tags:
|
|
- certbot
|
|
|
|
- name: "Installer : Certbot : Auth Hook - Download"
|
|
get_url:
|
|
url: "https://git.waren.io/warengroup/acme-dns-auth/raw/branch/master/acme-dns-auth.py"
|
|
dest: "~/data/certbot/auth-hooks/acme-dns.py"
|
|
mode: '700'
|
|
force: true
|
|
tags:
|
|
- certbot
|
|
|
|
- name: "Installer : Certbot : Create Certificates"
|
|
containers.podman.podman_container:
|
|
name: certbot
|
|
image: "docker.io/certbot/certbot:latest"
|
|
state: started
|
|
network: host
|
|
volumes:
|
|
- "{{ ansible_facts.user_dir }}/data/certbot:/etc/letsencrypt"
|
|
command: "certonly --cert-name {{ cert.name }} --manual --preferred-challenges dns-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook /etc/letsencrypt/auth-hooks/acme-dns.py --debug-challenges --key-type rsa -d {{ cert.domains | join(' -d ') }}"
|
|
detach: false
|
|
register: task
|
|
changed_when:
|
|
- task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1
|
|
loop: "{{ certs }}"
|
|
loop_control:
|
|
label: "{{ cert.name }}"
|
|
loop_var: "cert"
|
|
vars:
|
|
certs:
|
|
- name: arcadiamc
|
|
email: mattez02.contact@gmail.com
|
|
domains:
|
|
- arcadiamc.wgi.fi
|
|
tags:
|
|
- certbot
|
|
|
|
- name: "Installer : Schedule : Maintenance"
|
|
cron:
|
|
name: "Matte - Infra - Maintenance"
|
|
hour: "*/3"
|
|
minute: "0"
|
|
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t maintenance"
|
|
tags:
|
|
- cron
|
|
|
|
- name: "Installer : Schedule : Deployer"
|
|
cron:
|
|
name: "Matte - Infra - Deployer"
|
|
minute: "*/5"
|
|
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t deployer"
|
|
tags:
|
|
- cron
|
|
|
|
- name: "Installer : Schedule : Backup"
|
|
cron:
|
|
name: "Matte - Infra - Backup"
|
|
hour: "5"
|
|
minute: "0"
|
|
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/MatteZ02/infra -d ~/.ansible/pull/matte/infra --accept-host-key --private-key ~/.ssh/keys/matte/infra --vault-password-file ~/.ansible/vault/matte.yml tasks.yml -t backup"
|
|
tags:
|
|
- cron
|