From 9cf149184f2cfafad27c1f54e29f37159004f6be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Thu, 24 Jul 2025 13:13:09 +0300 Subject: [PATCH] Add Tasks to repo --- tasks.yml | 31 ++++++++++ tasks/deployer.yml | 56 ++++++++++++++++++ tasks/installer.yml | 129 ++++++++++++++++++++++++++++++++++++++++++ tasks/maintenance.yml | 44 ++++++++++++++ 4 files changed, 260 insertions(+) create mode 100644 tasks.yml create mode 100644 tasks/deployer.yml create mode 100644 tasks/installer.yml create mode 100644 tasks/maintenance.yml diff --git a/tasks.yml b/tasks.yml new file mode 100644 index 0000000..c7306ce --- /dev/null +++ b/tasks.yml @@ -0,0 +1,31 @@ +--- +- name: "Tasks" + hosts: all + module_defaults: + ansible.builtin.gather_facts: + gather_timeout: 10 + + tasks: + - name: "Installer" + import_tasks: tasks/installer.yml + vars: + ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3" + tags: + - installer + - never + + - name: "Maintenance" + import_tasks: tasks/maintenance.yml + vars: + ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3" + tags: + - maintenance + - never + + - name: "Deployer" + import_tasks: tasks/deployer.yml + vars: + ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3" + tags: + - deployer + - never diff --git a/tasks/deployer.yml b/tasks/deployer.yml new file mode 100644 index 0000000..a28e348 --- /dev/null +++ b/tasks/deployer.yml @@ -0,0 +1,56 @@ +--- +- name: "Deployer - Nginx - Configure - Create Folder" + ansible.builtin.file: + path: "~/data/nginx/" + state: directory + tags: + - nginx + +- name: "Deployer - Nginx - Configure - Create Subfolders" + ansible.builtin.file: + dest: '~/data/nginx/{{ item.path }}' + state: directory + with_filetree: './files/nginx/' + loop_control: + label: "{{ item.path }}" + when: + - item.state == 'directory' + tags: + - nginx + + - name: "Deployer - Nginx - Configure - Generating & Transferring Files" + ansible.builtin.template: + src: '{{ item.src }}' + dest: '~/data/nginx/{{ item.path }}' + with_filetree: './files/nginx/' + loop_control: + label: "{{ item.path }}" + when: + - item.state == 'file' + tags: + - nginx + + - name: "Deployer - Nginx - Pull Image" + containers.podman.podman_image: + name: docker.io/library/nginx + tag: latest + force: true + register: deployerTask3 + +- name: "Deployer - Nginx - Run Container" + containers.podman.podman_container: + name: nginx + image: docker.io/library/nginx:latest + state: started + recreate: on + network: host + volumes: + - "{{ ansible_facts.user_dir }}/data/nginx/index.html:/usr/share/nginx/html/index.html:ro" + - "{{ ansible_facts.user_dir }}/data/nginx/config.conf:/etc/nginx/nginx.conf:ro" + - "{{ ansible_facts.user_dir }}/data/nginx/conf/:/etc/nginx/conf.d/:ro" + - "{{ ansible_facts.user_dir }}/data/certs/:/etc/nginx/certs/:ro" + restart_policy: always + when: + - (deployerTask3 is defined and deployerTask3.changed) or deployerTask3 is undefined + tags: + - nginx diff --git a/tasks/installer.yml b/tasks/installer.yml new file mode 100644 index 0000000..6fb5308 --- /dev/null +++ b/tasks/installer.yml @@ -0,0 +1,129 @@ +--- +- name: "Installer : Tools : Install" + ansible.builtin.apt: + name: "{{ package }}" + state: latest + vars: + packages: + - git + - rsync + - unzip + - nano + - tar + - gnupg + - screen + - jq + - sudo + - pkg-config + - etckeeper + loop: "{{ packages }}" + loop_control: + label: "{{ package }}" + loop_var: "package" + +- name: "Installer : FirewallD : Dependencies - Packages" + ansible.builtin.apt: + name: + - python3-firewall + - iptables + state: latest + +- name: "Installer : FirewallD : Install" + ansible.builtin.apt: + name: "firewalld" + state: latest + +- name: "Installer : FirewallD : Start" + ansible.builtin.systemd_service: + name: firewalld + state: started + enabled: true + +- name: "Installer - Ansible - Python Library" + ansible.builtin.pip: + name: ansible + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + tags: + - ansible + +- name: "Installer : Ansible : Create Folder" + ansible.builtin.file: + path: ~/bin + state: directory + tags: + - ansible + +- name: "Installer : Ansible : Create Symbolic Links" + ansible.builtin.file: + src: ~/.venv/ansible/bin/{{ binary }} + dest: ~/bin/{{ binary }} + state: link + vars: + binaries: + - ansible + - ansible-community + - ansible-config + - ansible-console + - ansible-doc + - ansible-galaxy + - ansible-inventory + - ansible-playbook + - ansible-pull + - ansible-test + - ansible-vault + loop: "{{ binaries }}" + loop_control: + label: "{{ binary }}" + loop_var: "binary" + tags: + - ansible + +- name: "Installer - Ansible - Dependencies / Python Libraries" + ansible.builtin.pip: + name: "{{ library }}" + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + vars: + libraries: + - cryptography + - dnspython + - hvac + - jmespath + - netaddr + - pexpect + loop: "{{ libraries }}" + loop_control: + label: "{{ library }}" + loop_var: "library" + +- name: "Installer : MariaDB : Dependencies / Python Library : pymysql" + ansible.builtin.pip: + name: pymysql + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + tags: + - mariadb + +- name: "Installer : Schedule : Maintenance" + ansible.builtin.cron: + name: "PVJJK 1.VOS TJAS - Infra - Maintenance" + hour: "*/3" + minute: "0" + job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas.yml tasks.yml -t maintenance" + tags: + - cron + +- name: "Installer : Schedule : Deployer" + ansible.builtin.cron: + name: "PVJJK 1.VOS TJAS - Infra - Deployer" + minute: "*/5" + job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas.yml tasks.yml -t deployer" + tags: + - cron diff --git a/tasks/maintenance.yml b/tasks/maintenance.yml new file mode 100644 index 0000000..52813f8 --- /dev/null +++ b/tasks/maintenance.yml @@ -0,0 +1,44 @@ +--- +- name: "Installer - Ansible - Dependencies / Python Libraries" + ansible.builtin.pip: + name: "{{ library }}" + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + vars: + libraries: + - cryptography + - dnspython + - hvac + - jmespath + - netaddr + - pexpect + loop: "{{ libraries }}" + loop_control: + label: "{{ library }}" + loop_var: "library" + +- name: "Maintenance : Ansible : Update" + ansible.builtin.pip: + name: ansible + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + +- name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql" + ansible.builtin.pip: + name: pymysql + state: latest + extra_args: --upgrade + virtualenv: ~/.venv/ansible + virtualenv_command: "python3 -m venv" + +- name: "Maintenance : Podman : Prune" + containers.podman.podman_prune: + container: yes + image: yes + image_filters: + dangling_only: no + volume: yes