cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-12-02 21:33:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cwchristerw:c19c415cfcf5f0539e15dbbf471f11b937bcaaed
Branches Tags
cwchristerw:master
..
compare: cwchristerw:master
Branches Tags
cwchristerw:master

18 Commits
c19c415cfc ... master

Author SHA1 Message Date
Christer Warén
c9425a79b4 Font Awesome 7.1.0 Update 2025-10-04 03:53:01 +03:00
Christer Warén
f8f71ef9f0 Deployer: Keycloak - Add groups to users 2025-10-01 02:17:30 +03:00
Christer Warén
82aba2e352 Inventories Update 2025-10-01 01:20:13 +03:00
Christer Warén
2db35ab086 Deployer: Nextcloud - Change config directory owner 2025-10-01 00:35:01 +03:00
Christer Warén
e6f3eb3655 Add email address to Keycloak users 2025-10-01 00:09:45 +03:00
Christer Warén
1fe2b0eae1 Deployer: Keycloak - Add more delay before configuring 2025-09-30 23:36:54 +03:00
Christer Warén
9f9ed5d029 Inventories Update 2025-09-30 23:17:18 +03:00
Christer Warén
870ecc035c Add Python 3 interpreter in some tasks 2025-09-30 22:58:39 +03:00
Christer Warén
86285e9af0 Inventories Update 2025-09-30 22:56:13 +03:00
Christer Warén
228a22700c Migrater: Fix typo in copy secrets task 2025-09-30 14:38:06 +03:00
Christer Warén
b3a4646e49 Change interface to variable instead of static interface 2025-09-30 12:49:39 +03:00
Christer Warén
da74f99bb7 Move Ansible to different directory 2025-09-30 12:12:04 +03:00
Christer Warén
d8f5a8fd77 Init: Move Ansible to different directory and remove sudo 2025-09-30 11:59:45 +03:00
Christer Warén
61e167e43f INSTRUCTIONS: Kirjaudu pääkäyttäjänä tai kohota oikeudet 2025-09-30 11:58:07 +03:00
Christer Warén
8d04583f0f Refreshing Repo 2025-09-18 16:21:43 +03:00
Christer Warén
3f6d1fde93 Inventories Update 2025-09-18 15:30:06 +03:00
Christer Warén
dd36ecf07d Remove my key from the SSH authorized keys 2025-09-18 15:16:56 +03:00
Christer Warén
25b7baf668 Adding configuration tasks for Keycloak 2025-09-15 15:07:03 +03:00
23 changed files with 701 additions and 274 deletions
Expand all files Collapse all files

22
INSTRUCTIONS.md
View File

@@ -1,4 +1,4 @@
# Tietojärjestelmäasentajien Infra # TIETOJÄRJESTELMÄASENTAJIEN INFRA
## Ylläpitäjän ohjeet ## Ylläpitäjän ohjeet
**Työaseman asennus** **Työaseman asennus**
@@ -18,14 +18,16 @@
2. Vaihda oletusarvoinen käyttöjärjestelmä `wsl --set-default Debian` 2. Vaihda oletusarvoinen käyttöjärjestelmä `wsl --set-default Debian`
3. Käynnistä uudelleen käyttöjärjestelmä `wsl -t Debian` 3. Käynnistä uudelleen käyttöjärjestelmä `wsl -t Debian`
4. Sulje ikkuna 4. Sulje ikkuna
6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian` 6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
7. Asenna curl-paketti käyttämällä APT-paketinhallintaa `sudo apt update && sudo apt install curl` 7. Kohota oikeudet `sudo su`
8. Lataa ja suorita Init.sh skripti `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)` 8. Asenna curl-paketti käyttämällä APT-paketinhallintaa `apt update && apt install curl`
9. Lataa ja suorita Init.sh skripti `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
**Palvelimen asennus** **Palvelimen asennus**
1. Asenna Debian-käyttöjärjestelmä 1. Asenna Debian-käyttöjärjestelmä
2. Asenna curl-paketti käyttämällä APT-paketinhallintaa `apt update && apt install curl` 2. Kirjaudu root käyttäjänä tai kohota oikeudet `sudo su`
3. Lataa ja suorita Init.sh skripti `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)` 3. Asenna curl-paketti käyttämällä APT-paketinhallintaa `apt update && apt install curl`
4. Lataa ja suorita Init.sh skripti `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
**Verkkolaitteiden konfigurointi** **Verkkolaitteiden konfigurointi**
1. Kytke verkkolaitteen Console (Ethernet) porttiin serial portti adapteri sekä yhdistä siihen serial portti USB-adapteri 1. Kytke verkkolaitteen Console (Ethernet) porttiin serial portti adapteri sekä yhdistä siihen serial portti USB-adapteri
@@ -155,7 +157,7 @@ banner motd ^C
`--' `-----' `--' `--' `-----' `--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO TIETOJÄRJESTELMÄASENTAJIEN INFRA
r1.net.tjas r1.net.tjas
^C ^C
@@ -217,7 +219,7 @@ banner motd "
`--' `-----' `--' `--' `-----' `--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO TIETOJÄRJESTELMÄASENTAJIEN INFRA
s1.net.tjas s1.net.tjas
" "
@@ -328,7 +330,7 @@ banner motd "
`--' `-----' `--' `--' `-----' `--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO TIETOJÄRJESTELMÄASENTAJIEN INFRA
s2.net.tjas s2.net.tjas
" "
@@ -407,7 +409,7 @@ banner motd "
`--' `-----' `--' `--' `-----' `--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO TIETOJÄRJESTELMÄASENTAJIEN INFRA
s3.net.tjas s3.net.tjas
" "

2
ansible.cfg
View File

@@ -1,5 +1,5 @@
[defaults] [defaults]
inventory = inventories/pvjjk-1vos-niinisalo inventory = inventories
hash_behaviour = merge hash_behaviour = merge
gathering = smart gathering = smart
display_skipped_hosts = false display_skipped_hosts = false

2
files/issue
View File

@@ -12,9 +12,9 @@
`--' `-----' `--' `--' `-----' `--' `-----' `--' `--' `-----'
{{ location | upper }}
TIETOJÄRJESTELMÄASENTAJIEN INTRA TIETOJÄRJESTELMÄASENTAJIEN INTRA
{{ hostname | upper }} {{ hostname | upper }}
{{ location | upper }}
Made by Made by
Jääkäri Warén Jääkäri Warén

6
files/kea/kea-dhcp4.conf
View File

@@ -1,7 +1,7 @@
{ {
"Dhcp4": { "Dhcp4": {
"interfaces-config": { "interfaces-config": {
"interfaces": [ "enp0s25.20" ] "interfaces": [ "{{ ansible_facts.interfaces | select('search', '^enp') | first }}.20" ]
}, },
"control-socket": { "control-socket": {
"socket-type": "unix", "socket-type": "unix",
@@ -69,7 +69,7 @@
{ {
"id": 2, "id": 2,
"subnet": "192.168.2.0/27", "subnet": "192.168.2.0/27",
"interface": "enp0s25.20", "interface": "{{ ansible_facts.interfaces | select('search', '^enp') | first }}.20",
"pools": [ "pools": [
{ {
"pool": "192.168.2.1 - 192.168.2.30" "pool": "192.168.2.1 - 192.168.2.30"
@@ -161,7 +161,7 @@
{ {
"id": 69, "id": 69,
"subnet": "192.168.69.0/26", "subnet": "192.168.69.0/26",
"interface": "enp0s25.69", "interface": "{{ ansible_facts.interfaces | select('search', '^enp') | first }}.69",
"pools": [ "pools": [
{ {
"pool": "192.168.69.1 - 192.168.69.62" "pool": "192.168.69.1 - 192.168.69.62"

2
files/motd
View File

@@ -15,9 +15,9 @@
|_| |_|
{{ location | upper }}
TIETOJÄRJESTELMÄASENTAJIEN INTRA TIETOJÄRJESTELMÄASENTAJIEN INTRA
{{ hostname | upper }} {{ hostname | upper }}
{{ location | upper }}
Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan
ylikirjoittaa automatisoidusti. ylikirjoittaa automatisoidusti.

12
files/networking/interfaces
View File

@@ -8,16 +8,16 @@ auto lo
iface lo inet loopback iface lo inet loopback
# The primary network interface # The primary network interface
allow-hotplug enp0s25 allow-hotplug {{ ansible_facts.interfaces | select('search', '^enp') | first }}
iface enp0s25 inet dhcp iface {{ ansible_facts.interfaces | select('search', '^enp') | first }} inet dhcp
auto enp0s25.20 auto {{ ansible_facts.interfaces | select('search', '^enp') | first }}.20
iface enp0s25.20 inet static iface {{ ansible_facts.interfaces | select('search', '^enp') | first }}.20 inet static
address 192.168.2.10/27 address 192.168.2.10/27
gateway 192.168.2.1 gateway 192.168.2.1
hwaddress 90:1b:0e:5b:18:fb hwaddress 90:1b:0e:5b:18:fb
auto enp0s25.69 auto {{ ansible_facts.interfaces | select('search', '^enp') | first }}.69
iface enp0s25.69 inet static iface {{ ansible_facts.interfaces | select('search', '^enp') | first }}.69 inet static
address 192.168.69.20/26 address 192.168.69.20/26
hwaddress 90:1b:0e:5b:18:fc hwaddress 90:1b:0e:5b:18:fc

6
files/nginx/index.html
View File

@@ -16,8 +16,8 @@
<!-- Link: Preconnect & DNS Prefetch & Preload --> <!-- Link: Preconnect & DNS Prefetch & Preload -->
<link rel="preconnect" href="//cdn.waren.io"> <link rel="preconnect" href="//cdn.waren.io">
<link rel="dns-prefetch" href="//cdn.waren.io"> <link rel="dns-prefetch" href="//cdn.waren.io">
<link rel="preload" as="style" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/css/all.min.css" crossorigin="anonymous"> <link rel="preload" as="style" href="https://cdn.waren.io/frameworks/font-awesome/7.1.0/css/all.min.css" crossorigin="anonymous">
<link rel="preload" as="font" type="font/woff2" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/webfonts/fa-solid-900.woff2" crossorigin="anonymous"> <link rel="preload" as="font" type="font/woff2" href="https://cdn.waren.io/frameworks/font-awesome/7.1.0/webfonts/fa-solid-900.woff2" crossorigin="anonymous">
<style> <style>
body { body {
@@ -67,7 +67,7 @@
</style> </style>
<!-- Link: CSS --> <!-- Link: CSS -->
<link rel="stylesheet" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/css/all.min.css" crossorigin="anonymous" media="screen"> <link rel="stylesheet" href="https://cdn.waren.io/frameworks/font-awesome/7.1.0/css/all.min.css" crossorigin="anonymous" media="screen">
</head> </head>
<body> <body>
<header> <header>

1
files/ssh/authorized_keys
View File

@@ -1,2 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw

26
init.sh
View File

@@ -38,39 +38,39 @@ exit 1
} }
ti-header "Haetaan pakettien tiedot..." ti-header "Haetaan pakettien tiedot..."
sudo apt update apt update
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansiblen järjestelmäpaketti riippuvuudet..." ti-header "Asennetaan Ansiblen järjestelmäpaketti riippuvuudet..."
sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release apt-get install -y python3-pip python3-venv jq git curl lsb-release
echo -e "\n\n" echo -e "\n\n"
ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..." ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
python3 -m venv $HOME/.venv/ansible python3 -m venv /opt/ansible
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansiblen Python-kirjasto riippuvuudet..." ti-header "Asennetaan Ansiblen Python-kirjasto riippuvuudet..."
$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect /opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansible..." ti-header "Asennetaan Ansible..."
$HOME/.venv/ansible/bin/pip3 install ansible /opt/ansible/bin/pip3 install ansible
echo -e "\n\n" echo -e "\n\n"
ti-header "Asennetaan Ansible kokoelmat..." ti-header "Asennetaan Ansible kokoelmat..."
$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade /opt/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
echo -e "\n\n" echo -e "\n\n"
mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null mkdir -p $HOME/.ssh/keys &> /dev/null
if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]] if [[ ! -f $HOME/.ssh/keys/infra ]]
then then
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..." ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn) ssh-keygen -f $HOME/.ssh/keys/infra -t ed25519 -N '' -C $(hostname --fqdn)
echo -e "\n\n" echo -e "\n\n"
fi fi
ti-header "Lisää SSH-avain Infra-repon käyttöön..." ti-header "Lisää SSH-avain Infra-repon käyttöön..."
cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub cat $HOME/.ssh/keys/infra.pub
echo -n "Onko avain lisätty Github-repoon? [K/E]" echo -n "Onko avain lisätty Github-repoon? [K/E]"
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]] while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -80,7 +80,7 @@ done
echo -e "\n\n" echo -e "\n\n"
mkdir -p $HOME/.ansible/vault &> /dev/null mkdir -p $HOME/.ansible/vault &> /dev/null
if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]] if [[ ! -f $HOME/.ansible/vault/infra ]]
then then
ti-header "Syötä Ansible Vaultin salasana..." ti-header "Syötä Ansible Vaultin salasana..."
echo -n "Salasana: " echo -n "Salasana: "
@@ -90,14 +90,14 @@ then
if [[ ! -z $VAULT_PASSWORD ]] if [[ ! -z $VAULT_PASSWORD ]]
then then
echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/infra
fi fi
done done
echo -e "\n\n" echo -e "\n\n"
fi fi
ti-header "Suoritetaan Infran asennus..." ti-header "Suoritetaan Infran asennus..."
$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer /opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/infra --accept-host-key --private-key $HOME/.ssh/keys/infra --vault-password-file $HOME/.ansible/vault/infra tasks.yml -t installer
echo -e "\n\n" echo -e "\n\n"
echo " echo "

6
inventories/host_vars/argo.aito.tjas Normal file
View File

@@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.2;AES256;infra
33386430326363383437666438386537326335363734643930613236613831626230643064356334
3135626438653437383961306332336232656231313435390a346433363530366262653830363231
65313965383261326366633238613662316663333735616136316332326534376331316364633633
6531653864313533350a306437396165373635313063306636663761303762623633346536666437
3961

151
inventories/host_vars/olympus.juva.tjas Normal file
View File

@@ -0,0 +1,151 @@
$ANSIBLE_VAULT;1.2;AES256;infra
66646230653763333733613633343366663932356161303735316330396335626533613935623464
3731306166663664633633343864666464376466353638620a313738393261326239383363366264
66386264666265653937646439646531643431613665393830343939333339376636633265376261
6563393338386236390a346233613363373337313335373139323433356161353231346336306632
38393932323338343461373834626163356565353765366437636137376136356230366335616438
38346437306161303331366537356630623566666566393364383161306663663837653430326232
35313064313531316263333034316266383561666539313936363539646435646463346233616565
34613962623633356232343838653435656365656563373637653131653336646139343862613831
33623061656439383833346334396461643661626366326263386238396330646563333535643432
35353335653463306237633961363431333734333638613462306365616635646130623239373732
30323832313562356131663539343239643633323666363461356434373634633938313639626261
34346561363962386666366565373435303130326534353039613831666366393863333439303331
66363132326230626632306635363937656236626262646333623534323037356233333136643664
30316363623835356334633230303961393230626161316661396166386638653836323330333933
31323039643039353062636437646262663662633430636563613461313962343163663239366233
62643665333363326239633064323033386136303831336230663831343633356535383330316262
64353661396563373036653165383462626432653636316337373337373364636530323339313266
61363238613966646464303934393161623463356132386562663066363564343363653734636565
35616137376363373031346461633931336164323638663137303230373233366132613739386238
36616134376263663561306461653637363835353930636165613439373265386462623736656161
30333066383930633139616333613965636162316634613739633463616163653132623033666563
61656466636130323937393334653464666636613631656239656263636339306563396162366637
32613036323631643038653561383733663561363162656435626461356532323331636332316665
63393637306661663231623061323138356166323534663630663239653034316538623763633435
64633162623831636263613939643939356634306636616263323139333430663038336335663232
37636537393835333737393365303530646666386133393732626235346133653138313432663734
37386634633763356130343732363134393430656133373939623834646362343431663964373262
33326361393433663266643636663935313066326561643765353061623832626166323337313835
61303235626639346162373566343639643030333436323064376365343733623866646465636233
33343930376534623663346136643739353963326163336538336530313061333432383664396432
31393936643762353965653962666330323062633166346462646335316534656634383762323265
66346436393836633064646139346433373436613533333133333736396531646564363135346436
65613430353133313663386166386163643835373730353531343135396339346162336562623032
64613033616466626437353036653530633037653332313962623466303436353039616133393261
31633537343430316365366161386237353930633861626161303461626636373037336331356139
61326532646230383535613538323735356639643834393837646638313965356262356532313562
35333534613033653633303731353231363931346335363561346131353964633531326364303663
30633336306334666535633030306334656130336161633637636163383066383330336664326561
36383963656430303739303463366639643466636132323433323439383037323565636262346363
39623637306233353836636639323639333832303563303364653763656235663963326466623630
32373363313164663130666138333361343838316130623835623631373533386437663034376562
32383533333832653361363333356266376666613661653632373562326561313837666263613464
66646432633564313639656666306337313135666538396166396266633137383264313664613063
34326563613335626564656336383434613133626232333733393233306365333039393138663235
61396564343830386636643366393332636338366562333061626334636335626364633938613932
33333139356537373966306565376366343765663434343936633930653033353564633165393065
35646434643566333035303730373761616130653530636137353333323139663363636135343666
34386662303136336239646263313366393762393664303030623934663861326237346536376239
61643530636138626631626664343033363734366466386530666435336632363534616363333561
62373936356637313334623064393865343264363932663839653936643365633161623764386562
65363737653737333738646262336365386534653636336434636639366139616163386333393463
32613566353564376334653735343034663630376364393532313233363837386639303666343136
65623561316335303166643630383363633438373634653731633764346166323061333237363237
35356564353339323636373435393661303633333338343063663335333163666430613137343565
39373537636137383931376639666236343039353362623861633639313931323862376463626239
39643239653030383737633132386436356631626263396166393834663936616563366661633666
38363633616461623133636438333833363562653863323363373136313566393738333961396131
61626564306537383434333931633839323663346565623765636636336266336366323137303232
66323537353631636262373930386538623964393731653265383462666664356330663238346334
30613539316163383165363732643665316462326534316138363963363563373631326633653766
63343137393136663166373035333130366361666364373732316161383065646238326233383665
38323133313863656431376238303830653935353762386537353539333534373337323230616131
61323739393663643562363066373663393135663238353765633264666537626639343939616463
63636339396366313835636466666536346465643536366434653534396465626261656263333361
65326435383165343964623363646536356366336335663262386362393432653063363736623861
65353036316630646163323439383438303638626562376134633363643830656561333163303466
39363561306263396562646464623030623431393764393933393663343361633162353136626534
35613465313063323531653365373361633866636161616366386230396232653863336663313064
36633233656638643035316539366364613336303138643461653133323662666337323933643838
30306335616132313634646332346565383638663062643439653461303062373439313631663738
36353538643430663463396365636136383731646363633065623532396333326166643436373839
63613735646230633635353130613130303362306661376361343632373661616364323037303435
37636632313733343236323535663136633434653164373962303865373565616131316434646164
33303865393864633439623366616335666439393261353634613532306331323261356662623031
34333939626633623963383939373464303763316532393037363338393839653238663635656165
32303132653235303762326532343436643763636232386162663834333635663761396532643165
38326262653565626363366463663233396464356166393661366432383037663034346366653038
34656633373933386661343030646362323032343736616461656166626432313633626239346132
32366661643761376639393438303665633266653233303433346461313538343333393962613632
39666231386535393366333965646363336636376565383732373133386462623763386666343938
37363962346238386161356238626538646533333739633938643065313435396336323534616137
30363665343832326136633662623966346235383739666431393161383238313933656464396264
33343731363734386530663731623864663139343730343063613038323564343461366438366165
32343330656436373033393538613334373462303434336562373263653838383138343564393639
66306538616333616138326666373965616563323739663363303036626439633761316538663132
62636633383936663436636637633863633561646339396463643031653338383465333336386166
64303435353661383663303466633732373236656134623965623237623737626363656232346336
36376663316630386265316135653334623564623939663138383266396537313532663839393366
31623033346564623633343166646330386536333937626630343338396235663166623164386335
63666437363439333866306131343831616434613033636431646263323039663761663830656431
33633537643130373662386439656564386136383539386564646438353130363130313836316631
31363365316138393734373666313631393331636136386364303131386231623838333863313337
30343832336561336234616537646630633937646530666664623531366664343866643765326265
34653764646237636563306134613762333235313362396662346261623035313331313435663536
63643031353230653462333064383636383464393438396365633964656334376638366164343437
34373766636665346361363064663962363161393464656566393630373831386235613837396138
63656336623466643663656264353666363038353661653732393537653731646362393439653962
36356663613638636139636530376363333132656135333531323735366338633730663366366335
37653063626537373066653733326638336234393136323036313763666134333661636230393139
34623038656435393466363836623566663732623135306437396435336636633166313337633761
38346534643339616265333463373264383139323565353933623666353535353862633463373962
36356432623431346235653231383664623466306635663939646362366663313362316561343239
32663766356161353163666136663061653866656562383931336337316663396534616261336466
31396130336638663232663031326461303939376463636633393830393566343630303934363365
36313631643066393536346261336133303135333032333837303735303231306631336135303462
66623962393936366665623330373133663630633730353336373165393138616565303432663066
39633134643137326165353861336265316435663534616638663733353037633239643635363434
63376538663163333336313433643133616262663036363164636334303336333563623339316237
66643036366337303066356131643964663861626266333764663763313133373463343465633238
39313930386662373638383831303264333537343064303365396166653135303235323861666638
33343036303733666536633534663166343437656664303439373330643062663263343032653939
64346365633934663536646562366133643665373636356137623161326433356336663836323436
65636432366531373063383138386235373761393661613737346237303937303433353036393533
34613233623964643961623335613934343665323062613963616435663833346465623061353161
39643064303332643536656166313139623933653466353063356134653538366161636661663733
38303536326333316366333339306538336334356365656661363861623130346337323063303138
36376634386534313432326435633732303562326366636135653234333366643730353763313931
30323365613436343733616330623734316262663165336537306635653966663764626463643764
31393635323332363265666237363365326434353764306162303937613231386262613665333838
33646133373663626161356566633333326165313461623131343539396430373463366539366634
31643238666438306434383934363065643031613861393830663532643361613363353230356666
65326666386264613135613664623834656234376431346665313235393463356536366132356239
36613562376265346234623434643635333761376335363161353934333137616230383630323363
36643433656139316364633566616161363036343537643037343632306331343864656239343536
34343839326638663365383362656262366361313830653735336633623232616233633733656465
65633333343261356563356434393361303162666335336335363361663362353466393233636638
31316162303631306465383865353262336633393637613534313238623436623165643439353865
36633364383839626134326661663037313336613835646232323236393838386438613134383432
64663166616438623663633438343663646161633137353438393839366466663862623739613536
66383232373434666263333136346434303637303164306563393739313038343031376630316138
34303636363837353031363134633563366633373636363830663530623862656365336238623232
37613063656531666631303566393461656266303839656266646563373135383930393231333065
32396339636533306335633965633264633634613233336165623062363965643135363133376430
30653063653736326164613833313036343236343838313036313035333361356132373439623865
61616662383139663466353264373835313934623765623237323030613036346161646461613732
36376236383463356565353830323335623238376533336636383539336539643134663234323930
63373431326138396566313034613536643737633465663632623136376138663937383961653536
38396339393434626436383530366130323864373131343038636337373437343263353561646132
35613866366639666361396530303266383233646638333232366261653837643766363939383437
38363732333166616331386562383933633964386433613136353034656231306237633238323261
64383037333837323037646464343063326361333061613634663739363634653137363362636531
33633033393665306464373238376535386435313831613861373130343661336638376237306366
32343438366666646239343133333562333037626363316163626438663534633366383961626431
61336534396163343062316330626431626433313563393638343365306639383861343437353132
64376433333764656662323265343861643266366130623365353032373861363238643662616666
32376534313364376461393132306633383266326534633034653331396466343537373931316235
33646563356661393639663934333465343361303361393166356664306264353063313635343465
30626435333565636637353539306264393166343936363066373861396134653435626262353139
63363831363837633962303264393461333736363639313031323564333335343838393039313461
3234353366373830613739383537393336353061306534336566

18
inventories/hosts.yml Normal file
View File

@@ -0,0 +1,18 @@
$ANSIBLE_VAULT;1.2;AES256;infra
39633132376130303332653737373230626537373837343436343262663632626635633634653232
3032316237633864646435336637353135383637653565640a323432326439303363643533636361
35343364663632663366306465353138663036313131633366613463643337633233323436363836
3564313436633339320a346637343865303138306562613965373762316331623933633434616538
36393165643062303336323639326535613936363131383566633061323564393337366331366539
38333037653139336361313931353861396361616364333230343663366361346634613765346233
30326465353139643133626364306263383033336463333639393338613936343862636339663231
63616361363861386164373135313265343338313038333962656535383139313830373939303730
35373936613161366163316132336132356238313735663834356366373233633938386136656630
38383361316565306164376264363239666663363134613336656366613863636335376431656239
34336235653166373265633438386138336238373761366163326664616537643639663434363036
34643335663835383336316664323963386464643061636461643732333534356161633234313361
37396161333065333636336133616131333735366535663864646633643231396337356462353835
30383831356236616564663739653031303638363937313965663365663464313138396231623134
30353735363463623132323965333730303030393631633638386561396630316439653466626339
61363165656561663236343463613066336235666631343365303663333535616337666637323166
3965

7
inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo
View File

@@ -1,7 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
37623635363162376361343137303239633766373665356664316265313934643038656535353034
3562643166633064613064636265366431316264316165330a313133343131643234323066383761
65313837313461623432643462643465396163313066363566333237663936393432346430316231
3262626564386666650a303035346537343139636366363438383334336662303364306332623964
32333834346136363533306534363335386561333532366663326166666131653762353765303531
6331353865343330306337346138373136636633353565303534

6
inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas
View File

@@ -1,6 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
62343762666534316333653638623331666135316433623665646138663732386435653761633839
6132616566626636386333636135646564353261366161370a396636666564613034323331353739
64616430633430396666373038383239383766376532633965646535386239383962626363646261
6563396539383263370a353931303465383239313135396564373834373565343662366134393763
3266

148
inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas
View File

@@ -1,148 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
33363831356333653137343362393964373634653530373236623436656434336561616330656361
6334626339616432613839343961346637646463616532620a666534303332623462336634303537
66306462333566323532393466393637616466336139343165353865643964356232626532326535
3131333164346532310a353338336461663532333038653430366133616265353530613838343737
32613630353233386565396430313839376131613062306430623838353033646133343636666335
62633861376230396235326364366462316230333261326264623965616132616162643664633732
36656339656561373763646338616631306631353937663734336366653639383230353136393634
39653066653334663838656632636365623361663566333036383833356432326464656534633631
62303464613066633232306538343166643432363430643330353464373831653666303564373733
36353939303231646666666332663339356665383431313137396466316231636631666565633635
61663365366162333132613165303662623634373937303263633036303239636665616531343837
30323035326231343065323764326435653165616637343431373936346266643234383862333365
31363932613437333737316232363337386366653239656637303131353239306139633330396235
65353138376130386437376236663333316666613630346637663030393764633231396231613064
39663337366664623063336263636166373930383032616464313465653130333438643136366236
31306238333633626630373830366166333364366265626162623433363661363437316361383635
63616666303665303832363436376637396263303863643334623732623139646335323461653665
35353365633031373637643433663537636563343931376232623934626364666535353964643530
62653232613031313834393535313266306237613736383031366232653566363839383435396532
38363063633364303932336331643832663935643335633737663337656262383961396339316435
33393831363663343137383737623736616163363165633161383631663633663235396236366462
30613864613739373830333265333932383230336562383361386663376262323039393439393461
39313531393233623839653539383265656261646437636461356566643735356336376466373735
37626364663535316634343063646664653330386666343661346236646461336630666561333331
65393264656462396162333538643261656433623731383633303139343239316664613634303035
64663333646665363438303165356336323236666566383634313238346463316161363338363465
35333036353964333265626133643230313332613331633533623933323631326636656266333436
36393336613365343133626135613439376535656134376331333232663439313436393739313037
37316130333936343464643161623561346237663666643734633361613132393366393833653238
62333638613730323164623536393437343036383134313465356334306662646361303764613464
62366536326139623334633064333531346161376433326434353562353836663466346337316165
65613032313162393331343066613337393737373532613531386465353266373162336164323764
66333365333366356636333066663435333065333362383035316439343862393334383239363333
37353865623037373962623738353034353762303836383335353630643730646565313033356135
33373037646337326665313063656430303462373631386137666438323630383533313465333862
36373839306535353138353864353761623331373836333164303032303631333438323564633064
37326162613764383233386661613534623535383330343036353566646139653933383232623663
36326134646238626534663634393538663061316330643435376135613330393932386532616232
64373832343538366263396261333137366139353732353962306263383931343931393761663164
39366561643561333831353432373333636264343564343534333262663936353064666338623535
32656562363765303639396139346261396662306661623263396630393734323161383730656261
36336235623266316236643236663535666664326535363936313539343232643736626562316639
38656136623362623338373336353039333365333937343962666166623962326365333966633461
30656563323831353532643837633862333663356532313964313234646237376638346332393964
34396435306262663931613366346363343437346661633563386336643637303163376562623533
63386438386435663133333639363763393838393837346133383134303733303662336266653662
32306237353332376466326463656638613965366564316139343938343263353730656466653736
32663838306435643638343637363537623363313065383738646338313333363733653730393232
30333831386330303862383965616464313966653031373132323066393136613831396266386331
37303830626138393439393534646536363466653431316535653165386465303733333130323537
61363065376230323831313637653733363232633865393435653763306638383132376133373833
30646539343465656638323839363932613532333364626535653233383165643336346338356563
66366136643866356539663936633665313164646130346666373233326561633164356565633665
64646331353662376166383831396534623736363938343639303336313063393665396365666461
37303031316364653064316535623039333763643435313434666436613035316561333138623963
61633164663130633335303766646330666666363737346432306339326131623339316562306339
37343330373163316461666537623862333437323132633633396636363737303639653165353566
63373262616265353332343534613739663064623563363532633338636461353336656136306137
34393034303239383230633963646265313663303865663134313736363838613937303337386537
34396138333234343034396238376461626531313233386462366365306163316336323739363565
33376563616136333236646263373663323131666165626235323039663634373662316563666363
38656665636335396464313365623135323738363430616430663133663535623932313364333530
34303361356233383736663432626263383164303335326537353135346364383065343763646538
36656330376339623266653735376361383732666637333730323034653664643463346636633863
36633036393531306630346132653839636263373063303934663439353236616536626334333766
63343335316532613037636562323735636632393330313738323063346632303033383865366334
31386637306463333932666236396466643965306532303963336437613837316264303866636631
36373032373030656332343736343561346161383435633330303639666364653762393738333461
35323633356534636437326266626265633335366165336331383138663837313333643761646636
63613936316132363266383061613239623964646631303063396436373866356239653835363933
36356361613362626265643762643830626138376165313731366635646333323763626362653665
65663166376236373438363531653939393735653831326361633562623835623833653266613032
37633761613633643934316233313934376239613933323164366661356634383832646533393861
34666237663065333133316536646463653264653061363333623035373762386631613438326262
33376364653064656165346166636562656438393531643535363137393339346562396631643463
64643131303037616530363536353938383531613937393337346462653234663663386139326264
37353837633430376438356238356565613235656166623335383931666339623233623863623861
31393363326165313933303565623564376633383636626636333964343566323030396330353230
63383164313235353463633134356339383233616166383731616631363636356131616234666662
66666337373731306233643963626166653334636563393839626539346633313133613938363338
34633333333738393631346563383932326564326561333834623232653236386663633931383332
63376363343130636562373130366334363365306661363834313466313537303666306364643163
37666662323964386635623662323736313262333231313230353534613839326462386463653933
66613363643565306362363735383861656238383863383535663233326665643938316230323063
33386433613961366137626631303939363066343535303462336331313139633562663363333665
36306634356466373662633534643731656235353866343233346435373338306439303966343534
63316336646538613038633335616464623636663030346238393036646532636432393339633865
36366231623732376539333835323538303435663461373065373161303861386331666666363834
66346136323334656365396635303832623564663238323964373863616365366266343563316136
63363762643336656539303532336538653365323131623465633331623334623831653839376135
65313037346430633032363063386537396261316262613037623161326136323930356335613836
32303733623663396230363432333137626435333232656265613935653339643865376633613239
65353638663332613863333331643433653864316565386264313665343165663334303036303331
38323036366565633234336265616532323837363464346530383362646631623835613566326561
66326633613333353738376666363034653736343431356430656331336436373866623734386464
61323835626464323766353233383135633263326338366639393266623533336366636531326166
36386566316439633666666330303533363861353434333939383838656462623863323537656337
39353264396336666664656461336564306366646635636561663533633234626565316666646130
65643334393963613236623134616336643362303562636361633438383430633438356332313830
30636531366432613237656535383934366161313661643966393739653932333235643933613865
65613662333639306430643939353133623463373739643833386236653166303433313233366135
30333963333331336531643336393837333332646130656630616165626161306530383934353536
35386337373539343165363832383536346466653666393532653633373030343566323365353665
34373136393034366133316334393332656362623437633437636630393636363366366131313730
62623035646234303532663239373262663338383636613931616230643464383233373035383632
66303139643139316535383234316462656431663731326464336434666231336262656536336139
38366664353763343038313236613834636262306635633463373437633136336131616534303636
34333863396564346664386130343430666361613461343439333138633433353136383439373437
61393636313035346537313331333037633633663039376263366432633338366238626231303434
39663136306564303938353736393131363338323234386630393032633831396664383938303561
34333536333066383135373138663662646161343130663836303031363965366337393237653134
61386239333766323664373631616138653538643331656338663432393333356461363933353866
33643334313863653261326661613538386666376330633530666436373436373435333861383436
62323232393633656538613465663864353263633937313632353133393435396265396334636465
35623861366166316664326362313534363137313438303561353730356439393566616231646133
61366539663237376535303135313466646662306137373338383634343766656535393365343933
35633830663933663439323266306536313238353338656564356365626664643532373965303863
62633463666238313531653234383934396334623061613964306464313033616133633335373063
65343133623335663732623834626530326339376534323632653230383364643661353734623764
62343633663733306334336466363564343137306664316365383131633732643439303239393564
36633466373732623065386135323230306335396131343734626334363139643735393936643739
31623536313830313139633236346166643039663638623363343666353465393733383461613464
64326465396432633038616437653032386637336562613065356133663037653133643231613965
32333466363263663935303264353334393938616564633132663539306137373461373730656365
30613766316535343162623163366664396438636135613861333232646232623733643538323766
36626539616665343061343465353361623432323661343938626234393237316238653035633331
36616364326434613332376132633433363336393563653361323039303538366134303434396632
37303837393566336238306137313864646232346232656135633466643830663839623433613736
34666334393938666636643465393563376233333836313138623034393539646436646430323533
37393563346231366266393530326130666334626232373736626563393363326161356537373036
31646464636239373332373735376462393334636264333064323030363834306637623062303461
35646161316363306231356537356263343166353336373932306438393734643561663061623964
38396264306366326638363761313862356166396466393666323738626565353662396661396633
33633436373866303036303961656364623531323636623135346637373466353236326366653662
32336535633564643130626266643730636133636539643661613063656233626530303439626563
62326439636437396133303161316434666266306538633630346538383662613733363730353363
36336137613961653765383033653335333336303834643363336639633231393461643264646333
63303464323264313466623862323835373337366434623230383035633964303635643133656262
34623065383164363565323064616230623539313064313035656635373433633661303362393137
31316238313136353166313237653766333539386438323065666632636338616234663039376537
37313734363333663136356539306237393532383533356463353435633131363264393637323239
61653964396364616335313037643262663930393262393136316234326334656366383636643037
35636138333238363234633966303832363138316265336337353333366362393033323731336337
30333666373662393864633430316532343533333935633630363861633165613162663436336130
32303337326633396264643434653733653764383265316236393364663431323135653130636535
32343934333266316235626331653334613031303761343864386239663233636134303438363337
616365306531626431343532356262356262

9
inventories/pvjjk-1vos-niinisalo/hosts.yml
View File

@@ -1,9 +0,0 @@
---
pvjjk_1vos_niinisalo:
hosts:
argo.aito.tjas:
hostname: argo.aito.tjas
olympus.juva.tjas:
hostname: olympus.juva.tjas
vars:
ansible_python_interpreter: /usr/bin/python3

2
maintainer.sh
View File

@@ -18,7 +18,7 @@ echo "
\`--' \`-----' \`--' \`--' \`-----' \`--' \`-----' \`--' \`--' \`-----'
" "
echo " echo "
TIETOJÄRJESTELMÄASENTAJIEN INTRA TIETOJÄRJESTELMÄASENTAJIEN INFRA
MAINTAINER SCRIPT MAINTAINER SCRIPT
" "
echo -n "${normal}" echo -n "${normal}"

16
protect.sh
View File

@@ -18,23 +18,23 @@ echo "
\`--' \`-----' \`--' \`--' \`-----' \`--' \`-----' \`--' \`--' \`-----'
" "
echo " echo "
TIETOJÄRJESTELMÄASENTAJIEN INTRA TIETOJÄRJESTELMÄASENTAJIEN INFRA
PROTECT SCRIPT PROTECT SCRIPT
" "
echo -n "${normal}" echo -n "${normal}"
action=$1 action=$1
encrypt() { encrypt() {
execute "ansible-vault encrypt --vault-id $1@vault/$1" $1 execute "ansible-vault encrypt --vault-id infra@vault/infra"
} }
decrypt() { decrypt() {
execute "ansible-vault decrypt --vault-id $1@vault/$1" $1 execute "ansible-vault decrypt --vault-id infra@vault/infra"
} }
list() { list() {
i=0 i=0
for file in inventories/$1/group_vars/* inventories/$1/host_vars/*; for file in inventories/hosts.yml inventories/host_vars/*;
do do
i=$((i + 1)) i=$((i + 1))
echo $i")"$file echo $i")"$file
@@ -43,7 +43,7 @@ list() {
execute() { execute() {
i=0 i=0
for file in inventories/$2/group_vars/* inventories/$2/host_vars/*; for file in inventories/hosts.yml inventories/host_vars/*;
do do
i=$((i + 1)) i=$((i + 1))
echo $i")"$file echo $i")"$file
@@ -55,15 +55,15 @@ for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
case $action in case $action in
encrypt) encrypt)
echo "${underline}Encrypting...${nounderline}" echo "${underline}Encrypting...${nounderline}"
encrypt pvjjk-1vos-niinisalo encrypt
;; ;;
decrypt) decrypt)
echo "${underline}Decrypting...${nounderline}" echo "${underline}Decrypting...${nounderline}"
decrypt pvjjk-1vos-niinisalo decrypt
;; ;;
list) list)
echo "${underline}Listing...${nounderline}" echo "${underline}Listing...${nounderline}"
list pvjjk-1vos-niinisalo list
;; ;;
*) *)
echo "${underline}HELP${nounderline}" echo "${underline}HELP${nounderline}"

6
tasks.yml
View File

@@ -8,8 +8,6 @@
tasks: tasks:
- name: "Installer" - name: "Installer"
import_tasks: tasks/installer.yml import_tasks: tasks/installer.yml
vars:
ansible_python_interpreter: "/root/.venv/ansible/bin/python3"
when: when:
- inventory_hostname == "olympus.juva.tjas" - inventory_hostname == "olympus.juva.tjas"
tags: tags:
@@ -18,8 +16,6 @@
- name: "Maintenance" - name: "Maintenance"
import_tasks: tasks/maintenance.yml import_tasks: tasks/maintenance.yml
vars:
ansible_python_interpreter: "/root/.venv/ansible/bin/python3"
when: when:
- inventory_hostname == "olympus.juva.tjas" - inventory_hostname == "olympus.juva.tjas"
tags: tags:
@@ -28,8 +24,6 @@
- name: "Deployer" - name: "Deployer"
import_tasks: tasks/deployer.yml import_tasks: tasks/deployer.yml
vars:
ansible_python_interpreter: "/root/.venv/ansible/bin/python3"
when: when:
- inventory_hostname == "olympus.juva.tjas" - inventory_hostname == "olympus.juva.tjas"
tags: tags:

270
tasks/deployer.yml
View File

@@ -1,4 +1,10 @@
--- ---
- name: "Migrater"
ansible.builtin.import_tasks:
file: 'tasks/migrater.yml'
tags:
- migrater
- name: "Deployer - SSH - Add Authorized Keys" - name: "Deployer - SSH - Add Authorized Keys"
ansible.builtin.template: ansible.builtin.template:
src: './files/ssh/authorized_keys' src: './files/ssh/authorized_keys'
@@ -68,7 +74,7 @@
- name: "Deployer - Yggdrasil - Build Image" - name: "Deployer - Yggdrasil - Build Image"
containers.podman.podman_image: containers.podman.podman_image:
name: pvjjk-1vos-niinisalo/yggdrasil name: tjas-infra/yggdrasil
tag: latest tag: latest
path: "/root/data/yggdrasil" path: "/root/data/yggdrasil"
build: build:
@@ -79,7 +85,7 @@
- name: "Deployer - Yggdrasil - Run Container" - name: "Deployer - Yggdrasil - Run Container"
containers.podman.podman_container: containers.podman.podman_container:
name: yggdrasil name: yggdrasil
image: pvjjk-1vos-niinisalo/yggdrasil:latest image: tjas-infra/yggdrasil:latest
state: started state: started
recreate: on recreate: on
network: host network: host
@@ -192,8 +198,7 @@
- name: "Deployer - Kea - Install" - name: "Deployer - Kea - Install"
ansible.builtin.apt: ansible.builtin.apt:
name: name: kea
- kea
state: latest state: latest
- name: "Deployer - Kea - Configure - DHCP4" - name: "Deployer - Kea - Configure - DHCP4"
@@ -899,10 +904,265 @@
- keycloak - keycloak
- sso - sso
- name: "Deployer - Keacloak - Configure - Wait"
ansible.builtin.wait_for:
host: "127.0.0.1"
port: 8080
delay: 30
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Groups : Create"
community.general.keycloak_group:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
name: "{{ group }}"
vars:
task_vars:
groups:
- admin
- users
loop: "{{ task_vars.groups }}"
loop_control:
label: "{{ group }}"
loop_var: group
- name: "Deployer - Keacloak - Configure - Users : Create"
community.general.keycloak_user:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
username: "{{ config.keycloak.users[username].username }}"
email: "{{ username }}@tjas"
emailVerified: on
credentials:
- type: password
value: "{{ config.keycloak.users[username].password }}"
temporary: false
groups: "{{ config.keycloak.users[username].groups | map('regex_replace', '^(.*)$', '{\"name\": \"\\1\", \"state\": \"present\"}') | map('from_json') | list }}"
enabled: on
state: present
loop: "{{ config.keycloak.users.keys() | list }}"
loop_control:
label: "{{ username }}"
loop_var: username
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Realms : Modify"
community.general.keycloak_realm:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
displayName: "PVJJK TJAS"
display_name_html: ""
enabled: on
state: present
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Realms : Configure - Login"
community.general.keycloak_realm:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
rememberMe: on
loginWithEmailAllowed: off
duplicateEmailsAllowed: on
verifyEmail: off
editUsernameAllowed: on
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Realms : Configure - Themes"
community.general.keycloak_realm:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
loginTheme: "pvjjk-tjas"
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Realms : Configure - Client Scopes"
community.general.keycloak_clientscope:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
name: "groups"
protocol: openid-connect
protocol_mappers:
- name: groups
protocol: openid-connect
protocolMapper: oidc-group-membership-mapper
config:
claim.name: groups
userinfo.token.claim: "true"
state: present
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Realms : Configure - Client Scopes : Types"
community.general.keycloak_clientscope_type:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
default_clientscopes: "{{ default }}"
optional_clientscopes: "{{ optional }}"
vars:
default:
- acr
- basic
- email
- profile
- role_list
- roles
- saml_organization
- web-origins
optional:
- address
- groups
- microprofile-jwt
- offline_access
- organization
- phone
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Realms : Configure - User Profile"
community.general.keycloak_userprofile:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
config:
kc_user_profile_config:
- unmanagedAttributePolicy: ADMIN_EDIT
state: present
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Users : Configure - Attributes"
community.general.keycloak_user:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
username: "{{ config.keycloak.users.admin.username }}"
email: "{{ config.keycloak.users.admin.username }}@tjas"
emailVerified: on
attributes:
- name: is_temporary_admin
values: "false"
state: present
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Realms : Configure - Clients"
community.general.keycloak_client:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
client_id: "{{ sso.client.id }}"
secret: "{{ sso.client.secret }}"
name: "{{ sso.client.name }}"
publicClient: false
baseUrl: "{{ sso.client.url.base }}"
redirectUris: "{{ sso.client.url.redirect }}"
default_client_scopes: "{{ default | ansible.builtin.difference(sso.scope.split(' ')[1:]) }}"
optional_client_scopes: "{{ optional + sso.scope.split(' ')[1:] }}"
state: present
vars:
default:
- acr
- basic
- email
- profile
- role_list
- roles
- saml_organization
- web-origins
optional:
- address
- microprofile-jwt
- offline_access
- organization
- phone
loop: "{{ hostvars | json_query('*.config[].*.integrations.sso') | flatten(1) }}"
loop_control:
label: "{{ sso.client.id }}"
loop_var: "sso"
tags:
- keycloak
- sso
- name: "Deployer - Keacloak - Configure - Realms : Configure - Clients : Scopes"
community.general.keycloak_clientscope_type:
auth_keycloak_url: "http://127.0.0.1:8080"
auth_realm: master
auth_username: "{{ config.keycloak.users.admin.username }}"
auth_password: "{{ config.keycloak.users.admin.password }}"
realm: "master"
client_id: "{{ sso.client.id }}"
default_clientscopes: "{{ default | ansible.builtin.difference(sso.scope.split(' ')[1:]) }}"
optional_clientscopes: "{{ optional + sso.scope.split(' ')[1:] }}"
vars:
default:
- acr
- basic
- email
- profile
- role_list
- roles
- saml_organization
- web-origins
optional:
- address
- microprofile-jwt
- offline_access
- organization
- phone
loop: "{{ hostvars | json_query('*.config[].*.integrations.sso') | flatten(1) }}"
loop_control:
label: "{{ sso.client.id }}"
loop_var: "sso"
tags:
- keycloak
- sso
- name: "Deployer - Nextcloud - Files - Create Folder" - name: "Deployer - Nextcloud - Files - Create Folder"
ansible.builtin.file: ansible.builtin.file:
path: "/root/data/nextcloud/{{ folder }}" path: "/root/data/nextcloud/{{ folder }}"
state: directory state: directory
owner: www-data
group: www-data
loop: "{{ folders }}" loop: "{{ folders }}"
loop_control: loop_control:
label: "{{ folder }}" label: "{{ folder }}"
@@ -921,6 +1181,8 @@
ansible.builtin.file: ansible.builtin.file:
dest: '/root/data/nextcloud/{{ item.path }}' dest: '/root/data/nextcloud/{{ item.path }}'
state: directory state: directory
owner: www-data
group: www-data
with_filetree: './files/nextcloud/' with_filetree: './files/nextcloud/'
loop_control: loop_control:
label: "{{ item.path }}" label: "{{ item.path }}"

118
tasks/installer.yml
View File

@@ -1,35 +1,35 @@
--- ---
- name: "Init : Python 3 : Install" - name: "Installer : Python 3 : Install"
ansible.builtin.raw: apt install -y python3 python3-pip python3-setuptools python3-venv python3-dev ansible.builtin.raw: apt install -y python3 python3-pip python3-setuptools python3-venv python3-dev
register: task register: task
changed_when: changed_when:
- "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1" - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
- name: "Init: Python 3 : Libraries - APT" - name: "Installer: Python 3 : Libraries - APT"
ansible.builtin.raw: apt install -y python3-apt ansible.builtin.raw: apt install -y python3-apt
register: task register: task
changed_when: changed_when:
- "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1" - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
- name: "Init : Python 3 : Configure - Virtual Environment : Test" - name: "Installer : Python 3 : Configure - Virtual Environment : Test"
ansible.builtin.raw: "/root/.venv/ansible/bin/pip3" ansible.builtin.raw: "/opt/ansible/bin/pip3"
register: task632 register: task632
changed_when: false changed_when: false
failed_when: false failed_when: false
- name: "Init : Python 3 : Configure - Virtual Environment : Delete" - name: "Installer : Python 3 : Configure - Virtual Environment : Delete"
ansible.builtin.file: ansible.builtin.file:
path: "/root/.venv/ansible" path: "/opt/ansible"
state: absent state: absent
when: when:
- "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1" - "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
- name: "Init : Python 3 : Configure - Virtual Environment : Create" - name: "Installer : Python 3 : Configure - Virtual Environment : Create"
ansible.builtin.pip: ansible.builtin.pip:
name: pip name: pip
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: /root/.venv/ansible virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
- name: "Installer : Tools : Install" - name: "Installer : Tools : Install"
@@ -103,18 +103,27 @@
- name: "Installer : FirewallD : Dependencies - Packages" - name: "Installer : FirewallD : Dependencies - Packages"
ansible.builtin.apt: ansible.builtin.apt:
name: name: "{{ package }}"
state: latest
vars:
ansible_python_interpreter: /usr/bin/python3
packages:
- python3-firewall - python3-firewall
- iptables - iptables
state: latest loop: "{{ packages }}"
loop_control:
label: "{{ package }}"
loop_var: "package"
tags: tags:
- firewalld - firewalld
- firewall - firewall
- name: "Installer : FirewallD : Install" - name: "Installer : FirewallD : Install"
ansible.builtin.apt: ansible.builtin.apt:
name: "firewalld" name: firewalld
state: latest state: latest
vars:
ansible_python_interpreter: /usr/bin/python3
tags: tags:
- firewalld - firewalld
- firewall - firewall
@@ -136,6 +145,7 @@
immediate: true immediate: true
offline: true offline: true
vars: vars:
ansible_python_interpreter: /usr/bin/python3
services: services:
- http - http
- https - https
@@ -150,12 +160,47 @@
- firewalld - firewalld
- firewall - firewall
- name: "Installer : Ansible : Dependencies - Packages (APT / Debian & Ubuntu & Linux Mint)"
ansible.builtin.apt:
name: "{{ packages }}"
state: latest
vars:
ansible_python_interpreter: /usr/bin/python3
packages:
- sshpass
- lsb-release
loop: "{{ packages }}"
loop_control:
label: "{{ package }}"
loop_var: "package"
- name: "Installer : Ansible : Dependencies - Python Libraries"
ansible.builtin.pip:
name: "{{ library }}"
state: latest
extra_args: --upgrade
virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv"
vars:
libraries:
- cryptography
- dnspython
- hvac
- jmespath
- netaddr
- pexpect
- xmltodict
loop: "{{ libraries }}"
loop_control:
label: "{{ library }}"
loop_var: "library"
- name: "Installer - Ansible - Python Library" - name: "Installer - Ansible - Python Library"
ansible.builtin.pip: ansible.builtin.pip:
name: ansible name: ansible
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: /root/.venv/ansible virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
tags: tags:
- ansible - ansible
@@ -169,7 +214,7 @@
- name: "Installer : Ansible : Create Symbolic Links" - name: "Installer : Ansible : Create Symbolic Links"
ansible.builtin.file: ansible.builtin.file:
src: /root/.venv/ansible/bin/{{ binary }} src: /opt/ansible/bin/{{ binary }}
dest: /root/bin/{{ binary }} dest: /root/bin/{{ binary }}
state: link state: link
vars: vars:
@@ -192,34 +237,12 @@
tags: tags:
- ansible - ansible
- name: "Installer - Ansible - Dependencies - Python Libraries"
ansible.builtin.pip:
name: "{{ library }}"
state: latest
extra_args: --upgrade
virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv"
vars:
libraries:
- cryptography
- dnspython
- hvac
- jmespath
- netaddr
- pexpect
loop: "{{ libraries }}"
loop_control:
label: "{{ library }}"
loop_var: "library"
tags:
- ansible
- name: "Installer : MariaDB : Dependencies - Python Library : pymysql" - name: "Installer : MariaDB : Dependencies - Python Library : pymysql"
ansible.builtin.pip: ansible.builtin.pip:
name: pymysql name: pymysql
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: /root/.venv/ansible virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
tags: tags:
- mariadb - mariadb
@@ -227,37 +250,46 @@
- name: "Installer : MariaDB : Dependencies - Package : mariadb-client" - name: "Installer : MariaDB : Dependencies - Package : mariadb-client"
ansible.builtin.apt: ansible.builtin.apt:
name: "mariadb-client" name: mariadb-client
state: latest state: latest
vars:
ansible_python_interpreter: /usr/bin/python3
tags: tags:
- mariadb - mariadb
- database - database
- name: "Installer : Podman : Install" - name: "Installer : Podman : Install"
ansible.builtin.apt: ansible.builtin.apt:
name: name: "{{ package }}"
state: latest
vars:
ansible_python_interpreter: /usr/bin/python3
packages:
- podman - podman
- podman-compose - podman-compose
- netavark - netavark
- buildah - buildah
- slirp4netns - slirp4netns
state: latest loop: "{{ packages }}"
loop_control:
label: "{{ package }}"
loop_var: "package"
tags: tags:
- podman - podman
- name: "Installer : Schedule : Maintenance" - name: "Installer : Schedule : Maintenance"
ansible.builtin.cron: ansible.builtin.cron:
name: "{{ location | upper }} - Infra - Maintenance" name: "Tietojärjestelmäasentajien Infra - Maintenance"
hour: "*/3" hour: "*/3"
minute: "0" minute: "0"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance" job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t maintenance"
tags: tags:
- cron - cron
- name: "Installer : Schedule : Deployer" - name: "Installer : Schedule : Deployer"
ansible.builtin.cron: ansible.builtin.cron:
name: "{{ location | upper }} - Infra - Deployer" name: "Tietojärjestelmäasentajien Infra - Deployer"
minute: "*/5" minute: "*/5"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer" job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t deployer"
tags: tags:
- cron - cron

6
tasks/maintenance.yml
View File

@@ -4,7 +4,7 @@
name: "{{ library }}" name: "{{ library }}"
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: /root/.venv/ansible virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
vars: vars:
libraries: libraries:
@@ -24,7 +24,7 @@
name: ansible name: ansible
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: /root/.venv/ansible virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
- name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql" - name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
@@ -32,7 +32,7 @@
name: pymysql name: pymysql
state: latest state: latest
extra_args: --upgrade extra_args: --upgrade
virtualenv: /root/.venv/ansible virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv" virtualenv_command: "python3 -m venv"
- name: "Maintenance : Podman : Prune" - name: "Maintenance : Podman : Prune"

133
tasks/migrater.yml Normal file
View File

@@ -0,0 +1,133 @@
---
- name: "Migrater - Copy Secrets"
ansible.builtin.copy:
src: "{{ file.src }}"
dest: "{{ file.dest }}"
vars:
files:
- src: /root/.ssh/keys/{{ location | lower | replace('.', '') | replace(' ', '-') }}/infra
dest: /root/.ssh/keys/infra
- src: /root/.ansible/vault/{{ location | lower | replace('.', '') | replace(' ', '-') }}/infra
dest: /root/.ansible/vault/infra
loop: "{{ files }}"
loop_control:
label: "{{ file }}"
loop_var: "file"
when:
- file.src is ansible.builtin.file
- name: "Migrater : Python 3 : Configure - Virtual Environment : Test"
ansible.builtin.raw: "/opt/ansible/bin/pip3"
register: task632
changed_when: false
failed_when: false
- name: "Migrater : Python 3 : Configure - Virtual Environment : Delete"
ansible.builtin.file:
path: "/opt/ansible"
state: absent
when:
- "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
- name: "Migrater : Python 3 : Configure - Virtual Environment : Create"
ansible.builtin.pip:
name: pip
state: latest
extra_args: --upgrade
virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv"
- name: "Migrater : Ansible : Dependencies - Packages"
ansible.builtin.apt:
name: "{{ package }}"
state: latest
vars:
ansible_python_interpreter: /usr/bin/python3
packages:
- sshpass
- lsb-release
loop: "{{ packages }}"
loop_control:
label: "{{ package }}"
loop_var: "package"
- name: "Migrater : Ansible : Dependencies - Python Libraries"
ansible.builtin.pip:
name: "{{ library }}"
state: latest
extra_args: --upgrade
virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv"
vars:
libraries:
- cryptography
- dnspython
- hvac
- jmespath
- netaddr
- pexpect
- xmltodict
loop: "{{ libraries }}"
loop_control:
label: "{{ library }}"
loop_var: "library"
- name: "Migrater - Ansible - Python Library"
ansible.builtin.pip:
name: ansible
state: latest
extra_args: --upgrade
virtualenv: /opt/ansible
virtualenv_command: "python3 -m venv"
tags:
- ansible
- name: "Migrater : Ansible : Create Symbolic Links"
ansible.builtin.file:
src: /opt/ansible/bin/{{ binary }}
dest: /bin/{{ binary }}
state: link
vars:
binaries:
- ansible
- ansible-community
- ansible-config
- ansible-console
- ansible-doc
- ansible-galaxy
- ansible-inventory
- ansible-playbook
- ansible-pull
- ansible-test
- ansible-vault
loop: "{{ binaries }}"
loop_control:
label: "{{ binary }}"
loop_var: "binary"
tags:
- ansible
- name: "Migrater - Schedule : Maintenance"
ansible.builtin.cron:
name: "Tietojärjestelmäasentajien Infra - Maintenance"
hour: "*/3"
minute: "0"
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t maintenance"
- name: "Migrater - Schedule : Maintenance"
ansible.builtin.cron:
name: "Tietojärjestelmäasentajien Infra - Maintenance"
minute: "*/5"
job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t deployer"
- name: "Migrater - Schedule : Deployer"
ansible.builtin.cron:
name: "{{ location | upper }} - Infra - Deployer"
state: absent
- name: "Migrater - Schedule : Maintenance"
ansible.builtin.cron:
name: "{{ location | upper }} - Infra - Maintenance"
state: absent
tags:
- cron