cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-04 03:43:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cwchristerw:c6b2c2cd25d9bb059b801acc8c0cd439db940191
Branches Tags
cwchristerw:master
...
compare: cwchristerw:master
Branches Tags
cwchristerw:master

39 Commits
c6b2c2cd25 ... master

Author SHA1 Message Date
Christer Warén
cf65e1ac85 Update workstation installation guide 2025-09-01 16:30:51 +03:00
Christer Warén
177bafaa93 Fix typos in Init script 2025-09-01 15:56:52 +03:00
Christer Warén
89c5cc2437 FIx to work in WSL 2025-09-01 15:49:37 +03:00
Christer Warén
586ea6bd0e Fix missing sudo in INSTRUCTIONS.md 2025-09-01 15:39:42 +03:00
Christer Warén
13d07913ef Add workstation installation guide to INSTRUCTIONS.md 2025-09-01 15:33:12 +03:00
Christer Warén
718874a63d Beautification of Protect script 2025-09-01 15:21:41 +03:00
Christer Warén
859b96eb88 Beautification of Init script 2025-09-01 15:21:19 +03:00
Christer Warén
e149ba3db0 Inventories Update 2025-09-01 15:20:42 +03:00
Christer Warén
2224e2c596 Inventories Update 2025-09-01 10:25:36 +03:00
Christer Warén
2b6921e9f3 Fix typo in Yggdrasil configuration 2025-09-01 10:12:30 +03:00
Christer Warén
b895ac02b9 Yggdrasil Configuration 2025-09-01 09:03:41 +03:00
Christer Warén
edbf3f6191 Inventories Update 2025-09-01 09:03:27 +03:00
Christer Warén
79e45822c1 Protect Update 2025-09-01 09:03:04 +03:00
Christer Warén
a4e7218050 Fix Kea configuration commands in Deployer tasks 2025-08-30 18:52:23 +03:00
Christer Warén
f1a5f0caa5 Add NET_BIND_SERVICE capability to PowerDNS containers 2025-08-28 12:43:16 +03:00
Christer Warén
7f8b4a1e13 Add NET_BIND_SERVICE capability to dnsdist container 2025-08-28 11:55:16 +03:00
Christer Warén
e1a1e4889a Add parameters to dnsdist in Deployer tasks 2025-08-28 10:44:11 +03:00
Christer Warén
d5b99d3146 FIx PowerDNS container names in Deployer tasks 2025-08-27 14:03:04 +03:00
Christer Warén
be900d5785 Add useClientSubnet to dnsdist configuration 2025-08-27 13:55:05 +03:00
Christer Warén
84884d9015 Add PowerDNS Recursor to Deployer 2025-08-26 19:42:00 +03:00
Christer Warén
5589d94f11 Update Issue & MOTD 2025-08-26 13:37:04 +03:00
Christer Warén
491ad0aba8 Update VSCode settings 2025-08-26 13:36:48 +03:00
Christer Warén
dec30dd66b Fix typo in server network configuration 2025-08-26 13:04:54 +03:00
Christer Warén
5008c1be97 Allow DHCP & DNS from FirewallD 2025-08-26 12:49:41 +03:00
Christer Warén
56b53fdc5b Update network device configurations to INSTRUCTIONS.md 2025-08-26 12:49:22 +03:00
Christer Warén
2b671f8a6d Add interfaces to subnets to restrict them to specific vlan 2025-08-26 09:08:10 +03:00
Christer Warén
ada1aa726d Start Kea server in Deployer tasks 2025-08-26 08:31:00 +03:00
Christer Warén
89d03c5141 Set statiic IPs for interfaces 2025-08-26 08:11:46 +03:00
Christer Warén
b889bd2054 Update Kea tasks 2025-08-25 14:58:22 +03:00
Christer Warén
877cbc1005 Restore unique MAC addresses to interfaces 2025-08-25 14:05:25 +03:00
Christer Warén
6b83b10523 Remove static IPs from network interfaces 2025-08-25 13:59:24 +03:00
Christer Warén
21fcb394cd Update Issue & MOTD 2025-08-25 12:23:01 +03:00
Christer Warén
aab33c9c21 Change name of office laptop 2025-08-25 12:11:40 +03:00
Christer Warén
742e77a1fc Update 2025-08-25 12:10:41 +03:00
Christer Warén
63f6266f2c Update 2025-08-25 12:02:51 +03:00
Christer Warén
c89ab05b1a Add Issue and MOTD to Installer tasks 2025-08-25 12:02:23 +03:00
Christer Warén
41d961ce6b Restart Networking during Installer tasks 2025-08-25 10:59:00 +03:00
Christer Warén
f81480af87 Network Changes 2025-08-25 10:26:26 +03:00
Christer Warén
76e57329ce Fix typo in interfaces file 2025-08-16 14:57:18 +03:00
24 changed files with 684 additions and 153 deletions
Expand all files Collapse all files

1
.vscode/settings.json vendored
View File

@@ -1,6 +1,5 @@
{
"files.trimTrailingWhitespace": true,
"files.insertFinalNewline": true,
"files.trimFinalNewlines": true,
"editor.renderFinalNewline": false
}

247
INSTRUCTIONS.md
View File

@@ -1,7 +1,28 @@
#Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS TJAS - Infra
# Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS Niinisalo
### Ylläpitäjän ohjeet
**Työaseman asennus**
1. Asenna Windows Subsystem for Linux vaihtoehtoisista järjestelmäominaisuuksista.
2. Käynnistä työasema uudelleen
3. Asenna Debian käyttöjärjestelmä
1. Avaa Powershell järjestelmänvalvojana
2. Suorita asennuskomento `wsl --install -d Debian`
3. Aseta käyttäjätunnukseksi `asentaja` ja salasanaksi sama kuin työaseman Windows käyttäjän salasana.
4. Vaihda isännän nimi
1. Lisää Network kohtaan tai luo Network kohta `echo "[network]" > /etc/wsl.conf`
2. Lisää isännän nimi `echo "hostname = argo.aito.tjas" > /etc/wsl.conf`
3. Lisää Hosts tiedoston generointi `echo "generateHosts = true" > /etc/wsl.conf`
5. Sulje ikkuna
4. Aseta Debian oletusarvoiseksi käyttöjärjestelmäksi ja käynnistä se uudelleen
1. Avaa Powershell järjestelmänvalvojana
2. Vaihda oletusarvoinen käyttöjärjestelmä `wsl --set-default Debian`
3. Käynnistä uudelleen käyttöjärjestelmä `wsl -t Debian`
4. Sulje ikkuna
6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
7. Asenna curl-paketti käyttämällä APT-paketinhallintaa `sudo apt update && sudo apt install curl`
8. Lataa ja suorita Init.sh skripti `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
**Palvelimen asennus**
1. Asenna Debian-käyttöjärjestelmä
2. Asenna curl-paketti käyttämällä APT-paketinhallintaa `apt update && apt install curl`
@@ -14,12 +35,12 @@
r1.net.tjas
```
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
!
hostname r1.net.tjas
!
boot-start-marker
@@ -62,27 +83,35 @@ interface FastEthernet0/1.10
description "TINU - INTERNET"
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.224
ip access-group 10 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.20
description "JUVA - INTRA"
encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.224
ip access-group 20 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.30
description "AITO - TOIMISTO"
encapsulation dot1Q 30
ip address 192.168.3.1 255.255.255.224
ip access-group 30 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.69
description "SIVE - HALLINTA"
encapsulation dot1Q 69
ip address 192.168.69.1 255.255.255.192
ip access-group 69 in
ip access-group 69 out
ip helper-address 192.168.69.20
no snmp trap link-status
!
@@ -94,10 +123,43 @@ interface GigabitEthernet0/0/0
ip classless
!
ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.31
access-list 1 permit 192.168.2.0 0.0.0.31
access-list 1 permit 192.168.3.0 0.0.0.31
access-list 10 deny 192.168.0.0 0.0.255.255
access-list 10 permit any
access-list 20 permit 192.168.2.0 0.0.0.31
access-list 20 deny 192.168.0.0 0.0.255.255
access-list 20 permit any
access-list 30 permit 192.168.2.10
access-list 30 permit 192.168.3.0 0.0.0.31
access-list 30 deny 192.168.0.0 0.0.255.255
access-list 30 permit any
access-list 69 permit 192.168.69.0 0.0.0.63
!
control-plane
!
banner motd ^C
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
r1.net.tjas
^C
!
line con 0
line aux 0
@@ -113,11 +175,13 @@ end
s1.net.tjas
```
hostname "s1.net.tjas"
ip default-gateway 192.168.1.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-52
untagged 4-52
ip address dhcp-bootp
no untagged 1-3
exit
vlan 10
name "TINU"
@@ -140,6 +204,24 @@ vlan 69
tagged 1-3
exit
ip authorized-managers 192.168.69.20 255.255.255.255
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s1.net.tjas
"
ip ssh
password manager
```
@@ -147,16 +229,83 @@ password manager
s2.net.tjas
```
hostname "s2.net.tjas"
interface 3
disable
exit
interface 4
disable
exit
interface 5
disable
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
interface 13
disable
exit
interface 14
disable
exit
interface 15
disable
exit
interface 16
disable
exit
interface 17
disable
exit
interface 18
disable
exit
interface 19
disable
exit
interface 20
disable
exit
interface 21
disable
exit
interface 22
disable
exit
interface 23
disable
exit
interface 24
disable
exit
ip default-gateway 192.168.2.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 25-28
untagged 3-28
ip address dhcp-bootp
no untagged 1-24
no untagged 1-2
exit
vlan 20
name "JUVA"
untagged 2-24
untagged 3-24
ip address 192.168.2.2 255.255.255.224
tagged 1-2
exit
@@ -165,7 +314,25 @@ vlan 69
ip address 192.168.69.12 255.255.255.192
tagged 1-2
exit
ip authorized-managers 192.168.69.20 255.255.255.255
ip authorized-managers 192.168.69.20
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s2.net.tjas
"
ip ssh
password manager
```
@@ -173,6 +340,40 @@ password manager
s3.net.tjas
```
hostname "s3.net.tjas"
interface 2
disable
exit
interface 3
disable
exit
interface 4
disable
exit
interface 5
disable
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
ip default-gateway 192.168.3.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
@@ -182,9 +383,9 @@ vlan 1
exit
vlan 30
name "AITO"
untagged 13-24
ip address 192.168.3.2 255.255.255.224
tagged 1,13-24
untagged
tagged 1
exit
vlan 69
name "SIVE"
@@ -192,7 +393,31 @@ vlan 69
ip address 192.168.69.13 255.255.255.192
tagged 1
exit
ip authorized-managers 192.168.69.20 255.255.255.255
ip authorized-managers 192.168.69.20
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s3.net.tjas
"
ip ssh
password manager
```
# LÄHTEET
## ISSUE - ASCII ART
ASCII Art Generator
https://www.textmods.com/ascii-art

2
README.md
View File

@@ -1,5 +1,5 @@
# Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS TJAS - Infra
## PVJJK 1.VOS NIINISALO
Infran toteutus aloitettiin vuonna 2025 ja sen on suunnitellut [Jääkäri Warén](https://christerwaren.fi).

2
ansible.cfg
View File

@@ -1,5 +1,5 @@
[defaults]
inventory = inventories/pvjjk-1vos-tjas
inventory = inventories/pvjjk-1vos-niinisalo
hash_behaviour = merge
gathering = smart
display_skipped_hosts = false

12
files/dnsdist/config.conf Normal file
View File

@@ -0,0 +1,12 @@
setLocal('0.0.0.0:53')
addLocal('[::]:53')
setACL({'0.0.0.0/0', '::/0'})
setECSOverride(true)
setECSSourcePrefixV4(32)
setECSSourcePrefixV6(128)
newServer({address='127.0.0.1:531', useClientSubnet=true, pool='authorative'})
newServer({ address='127.0.0.1:532', useClientSubnet=true, pool='recursor' })
addAction('tjas', PoolAction('authorative'))
addAction(AllRule(), PoolAction('recursor'))
setSecurityPollSuffix("")
setServFailWhenNoServer(true)

25
files/issue Normal file
View File

@@ -0,0 +1,25 @@
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
olympus.juva.tjas
Made by
Jääkäri Warén
https://christerwaren.fi

4
files/kea/kea-dhcp4.conf
View File

@@ -1,7 +1,7 @@
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "enp0s25.20", "enp0s25.69" ]
"interfaces": [ "enp0s25.20" ]
},
"control-socket": {
"socket-type": "unix",
@@ -69,6 +69,7 @@
{
"id": 2,
"subnet": "192.168.2.0/27",
"interface": "enp0s25.20",
"pools": [
{
"pool": "192.168.2.1 - 192.168.2.30"
@@ -160,6 +161,7 @@
{
"id": 69,
"subnet": "192.168.69.0/26",
"interface": "enp0s25.69",
"pools": [
{
"pool": "192.168.69.1 - 192.168.69.62"

29
files/motd Normal file
View File

@@ -0,0 +1,29 @@
_____ _ _ _ _
|_ _|_ _ _ __ __ _ ___ | |_ _| (_) ___| |_
| |/ _` | '_ \ / _` |/ _ \ _ | | | | | | |/ _ \ __|
| | (_| | | | | (_| | (_) | | |_| | |_| | | | __/ |_
|_|\__,_|_| |_|\__, |\___/ \___/ \__,_|_|_|\___|\__|
_ _ |___/ ____ _
/ \ | |_ __ | |__ __ _ / ___|(_) ___ _ __ _ __ __ _
/ _ \ | | '_ \| '_ \ / _` | \___ \| |/ _ \ '__| '__/ _` |
/ ___ \| | |_) | | | | (_| | ___) | | __/ | | | | (_| |
/_/ \_\_| .__/|_| |_|\__,_| |____/|_|\___|_| |_| \__,_|
|_|
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
olympus.juva.tjas
Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan
ylikirjoittaa automatisoidusti.
https://github.com/cwchristerw/tjas-intra

11
files/network/interfaces → files/networking/interfaces
View File

@@ -12,9 +12,12 @@ allow-hotplug enp0s25
iface enp0s25 inet dhcp
auto enp0s25.20
iface enp0s25.20 inet dhcp
hw-mac-address: 90:1b:0e:5b:18:fb
iface enp0s25.20 inet static
address 192.168.2.10/27
gateway 192.168.2.1
hwaddress 90:1b:0e:5b:18:fb
auto enp0s25.69
iface enp0s25.69 inet dhcp
hw-mac-address: 90:1b:0e:5b:18:fc
iface enp0s25.69 inet static
address 192.168.69.20/26
hwaddress 90:1b:0e:5b:18:fc

6
files/nginx/conf/000-default.conf
View File

@@ -37,8 +37,8 @@ server {
# http2 on;
# ssl_certificate /etc/nginx/certs/pvjjk-1vos-tjas/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-tjas/privkey.pem;
# ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ecdh_curve X25519:prime256v1:secp384r1;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
@@ -46,7 +46,7 @@ server {
# ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 180m;
# ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-tjas/chain.pem;
# ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;
# expires off;
# etag off;

4
files/powerdns/config.conf → files/powerdns-authorative/config.conf
View File

@@ -1,6 +1,6 @@
local-address=0.0.0.0,::
local-port=53
default-soa-content=s1.intra.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
local-port=531
default-soa-content=olympus.juva.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
launch=gmysql
gmysql-host=127.0.0.1
gmysql-port=3306

9
files/powerdns-recursor/config.conf Normal file
View File

@@ -0,0 +1,9 @@
incoming:
listen:
- 127.0.0.1:532
recursor:
forward_zones:
- zone: tjas
recurse: false
forwarders:
- 127.0.0.1:531

2
files/ssh/authorized_keys
View File

@@ -1,2 +1,2 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 l1.office.tjas
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw

16
files/yggdrasil/config.conf
View File

@@ -6,11 +6,17 @@
# use this section when you may connect via different interfaces.
Peers: [
#TRUSTED PEERS - Waren Group
#aurora.devices.waren.io
#201:361f:bbfb:7210:c5b8:3f74:a285:adb9
"tls://[2a01:4f9:2a:60c::2]:18836",
"tls://95.216.5.243:18836",
{% if config.yggdrasil.peers is defined %}
#TRUSTED PEERS
{% for peer in config.yggdrasil.peers %}
{% if peer.name is defined and peer.address is defined and peer.address is defined %}
#{{ peer.name }}
"{{ peer.address }}"{% if not loop.last %},{% endif %}
{% endif %}
{% endfor %}
{% endif %}
]
# List of connection strings for static peers in URI format, arranged

61
init.sh
View File

@@ -4,63 +4,74 @@ if [ ! "$BASH_VERSION" ] ; then
exit 1
fi
underline=`tput smul`
nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
ti-header(){
echo $(tput bold)$1$(tput sgr0)
echo ${bold}$1${normal}
}
echo "${bold}"
echo "
==============================
PVJJK 1.VOS TJAS - Infra
Init Script
------------------------------
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.)
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
"
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
INIT SCRIPT
"
echo -n "${normal}"
stop () {
echo "
==============================
"
exit 1
}
ti-header "Haetaan pakettien tiedot..."
apt update
sudo apt update
echo -e "\n\n"
ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnalla..."
apt-get install -y python3-pip python3-venv jq git curl lsb-release
sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release
echo -e "\n\n"
mkdir -p /root/.ssh/keys/pvjjk-1vos-tjas &> /dev/null
if [[ ! -f /root/.ssh/keys/pvjjk-1vos-tjas/infra ]]
mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
then
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
ssh-keygen -f /root/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn)
ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
echo -e "\n\n"
fi
ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
python3 -m venv /root/.venv/ansible
python3 -m venv $HOME/.venv/ansible
echo -e "\n\n"
ti-header "Asennetaan Ansiblen riippuvuudet..."
/root/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
echo -e "\n\n"
ti-header "Asennetaan Ansible..."
/root/.venv/ansible/bin/pip3 install ansible
$HOME/.venv/ansible/bin/pip3 install ansible
echo -e "\n\n"
ti-header "Asennetaan Ansible kokoelmat..."
/root/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
echo -e "\n\n"
ti-header "Lisää SSH-avain Infra-repon käyttöön..."
cat /root/.ssh/keys/pvjjk-1vos-tjas/infra.pub
cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
echo -n "Onko avain lisätty Github-repoon? [K/E]"
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -69,8 +80,8 @@ do
done
echo -e "\n\n"
mkdir -p /root/.ansible/vault &> /dev/null
if [[ ! -f /root/.ansible/vault/pvjjk-1vos-tjas ]]
mkdir -p $HOME/.ansible/vault &> /dev/null
if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]]
then
ti-header "Syötä Ansible Vaultin salasana..."
echo -n "Salasana: "
@@ -80,14 +91,14 @@ then
if [[ ! -z $VAULT_PASSWORD ]]
then
echo "$VAULT_PASSWORD" > /root/.ansible/vault/pvjjk-1vos-tjas
echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo
fi
done
echo -e "\n\n"
fi
ti-header "Suoritetaan Infran asennus..."
/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer
$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
echo -e "\n\n"
echo "

6
inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo Normal file
View File

@@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30383633646132396336336135366264386137643166376336666261316465346632353333616361
3134623361333633653666313035633536396662613234320a386239373636623061383331663438
64366431613763376239613036633365346266643163396331653237313662346231623731373530
6630653939373762380a363939383862623336666361303032653431356139383766663331656335
3438

6
inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas Normal file
View File

@@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
37353031396164353032396635313539613734613432323435383137303835383439663439363337
6230323066313361383061633932616230363465326239640a333739323064653263336337633639
64343833623362323734363239653866383037313331613738653133636364623237326637313232
3462636261386230380a313634313965343733616137663532623965393835306562633635633831
3166

51
inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas Normal file
View File

@@ -0,0 +1,51 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30386163316331336461633036653363613064366361653938616138353736366463643664393933
6533383232616130626431353164663738346630616465300a393062663634356566656562646137
36623535313932316262663064366535616565386436653761336463323163646439656563303262
6531373030393264310a623933386234306532643664363335386231626664643531656433323731
30373237626531336431343965313239616339356162383262313363363262613463303236643734
62303636646232383235316137393634626235386662616339343231626661376331396138343361
31663630306431653532666463326536636365663163663162643136366363333638333930373234
36306166366533636562363063336436333465393231316363343864373335646437373561353538
31613162643664633435363831326230373635313165633566323135303263323034636265393163
62373234613334393261356464643262616132343963383165303534346335373634396161383532
31623330373935613866336135323038343030353865373863633562303134613662353762376134
61653035313965316134666534366435663333386235636266376164663731646365626135613166
39333934653563623966366466613436313635313537363337386133356433356336303938333366
66653735636462383666396332656333666234333435333062356338383034656637323438316134
62386136663962336232623663666438333931376561303964636563306664313134373338303339
32313635643136396365383834343438633463366262366330653034333332653038356331346566
30336164393136383434646636376239656162643734643735306436303961326565346566333461
33383861356537656262646131386134303165636632343134383264353466316633663732396334
33373664633239396234366534636365346631643063373836666233626565626234363433313866
31663464346264393731623364373035616134376430333764383836353132386339636537326637
36366662333336373633653330353939396239623037653862393932373932353834373339373934
61663338666164663235653337336238626462653336313532643131383638336535376232303465
64363530393065383639663731383036613338343436313937663162643434323835353363653738
62613139343934656135313832323532623263653038353166313531643036303538613436323664
33356434623633643462326564383263323833376165366536633264656366353137316265653534
36656561353634626330636363636133356265306336623737643961663061343630383330386538
63636434303066646261636338323563373663323835386563393539616663636139356536393462
37363766356138616232333162666562333261626661646538613862306264336636396562313665
35373266366134623263663363376630343263623335666663396438663238636534393130623134
36653465383763646563386361636530393366323538336532393661306362346333353661303334
32633966303964383861653365626332316135373731393935313262383164346233353765396561
33323864306336353732623937386235646366663764653965633764643864366331666262386639
66326335326562646630346435663533313335373034663565333839323961383366643263356133
64303030366263356231343530343566623935306431653866613165393633643835653330666436
38663535373666333763386436646337656133303262396237663931323864336630646466306462
65656536336533343065316637613034626333343837616363376263636635363866383638393234
39373030663230383865396131363638376537363362666439636235626461303930396464313532
63306136613265636438333764646465306565333435666233656534656538646465636263363433
37356131353530363665336564386264616235613564363065356234336537363561313666653637
35336638623730633735643465316164323739316636353762653965633831626561313532626139
62303933376637376334666362306133383035376561333361326338663762363230303533363632
62383539626263363636636164366139306666333165636130323765643532363338656261396135
36336664656335383561643637383066653531303236323765356666343765616134343036313538
34623935616531323536383565313238333564613635343332303238626534613337353430303864
30383131346163636335363563656465316263316439646530663665386636393261386536306265
34656230643662653665383730396335646562306161663233353835666131633730663237336434
62643631653738633638366133396364623837343138613765616362633262333333646639396637
36386533386439623866346335376164336439366133643266663938643333383836346538636536
35376335306435616236323163616163656366366630656535393233643966313166346530383365
3630646439643335393964313862363134396566636661643666

3
inventories/pvjjk-1vos-tjas/hosts.yml → inventories/pvjjk-1vos-niinisalo/hosts.yml
View File

@@ -1,6 +1,7 @@
---
pvjjk_1vos_tjas:
pvjjk_1vos_niinisalo:
hosts:
argo.aito.tjas:
olympus.juva.tjas:
vars:
ansible_python_interpreter: /usr/bin/python3

42
inventories/pvjjk-1vos-tjas/host_vars/olympus.juva.tjas
View File

@@ -1,42 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-tjas
36333262326535303062303034316566616661393864633434306135396637383732353833306434
6538373638316233346562343231656236646633366337650a613433663364363865343465653665
36303832626265373666333336366565393164373339326464376432663337643537373561343435
3832356131373466390a656566396365363931363062353564386163643335343165303264383265
31653738613561616164633130653736313037653165623261383662313262373937386262343562
62356330363261303039386231646265366264666633626662386332323461343565333661383433
35366430303931316631363331346237616230313664316138373239313138626639393831373965
38643763393832363763323331316538326337383965323962363563626165653064326434376563
63383763333630366662636663386365343731303366363030366634613339633863393137356634
65396332323234653439303966316230323634356139636666643635323237313365373361363831
61636238323530613164303965653931393337383139653630653761643039626332313462643064
65346637623264396462646662656534313861633162663665643164366330343134353633383462
62333433636635626330363438343766316263616235643833623165376265376330363832616664
31636265396431616335373934393661353835306162633262636362393165316537383631616637
35666362353731663264376364343162386466303462336261333734313665353034646430393030
36333665613264633464326133316333386561323532623966396434636135313531306366313539
33316533313437343534623133663866393832383633343664626239366335623964656339313666
39363530316333663665633638333830383037393731376463653630376133316532666462333430
37643364636534383036346666346666636439366365363830653664356138313330356334626632
33353363613735333138326231396562633437353730383063353663396437396532643961373565
63313831376666643263343235663666666331313734326465306330633464343038383038336531
32636261373532303835653536396163643030626138616566613033623336363237646534333266
39373665383338343965616231346331303939306330323239333130363839653839386131616561
64373865303338333530623763306664323738393535393737623364316439373232393636376438
65366330303663653332653835646237346134323062393362333361663732363261383066303266
32396166326633343338663136646633613164653238376463653962376163323333616630616362
33313330663233363764316539316538633636653461623534386537653531353337356233303934
62393136393566363239383963633530626237353133633332383537616537326233396438393335
33323430643235313138393533653230373631336636303063343136346237646530666561353636
63333739363364623130356333386362303663303863313236313631373332346237653865636263
61663166663131626666646531633039306336353339356638316336626137616238646231316434
35616536323633363732313236303134353431363937633466383463363738633863396436333966
62363833323530383634643635643435396164343762363366663435343765633534313166323331
38333733313437316537353866353635303633373934326436396138373232343831323162363163
62333634306161353434616563336439336137356130616562646338616436623865396664633633
35366231666338303139646136316539373738626536383639633632626166326431386239653339
64613162653731643230613330623861313630393562306439653837316439383634396331613332
62326533363239616338613234343032386663396563313831353166636663363535363636626465
65323933623538653133303137323765383164333238623963633330313939646435646133633838
39376438323966313566613733306562666439373639633430323933373162313438336464656232
6434

50
protect.sh
View File

@@ -5,23 +5,37 @@ nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
echo "${bold}PVJJK 1.VOS TJAS / Infra / Protect${normal}"
echo "${bold}"
echo "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.)
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
"
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
PROTECT SCRIPT
"
echo -n "${normal}"
action=$1
encrypt() {
echo "${underline}Encrypting...${nounderline}"
execute "ansible-vault encrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
}
decrypt() {
echo "${underline}Decrypting...${nounderline}"
execute "ansible-vault decrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
}
list() {
echo "${underline}Listing...${nounderline}"
i=0
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
@@ -29,7 +43,8 @@ list() {
}
execute() {
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
i=0
for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
@@ -40,18 +55,23 @@ for file in inventories/*/group_vars/* inventories/*/host_vars/*;
case $action in
encrypt)
encrypt
echo "${underline}Encrypting...${nounderline}"
encrypt pvjjk-1vos-niinisalo
;;
decrypt)
decrypt
echo "${underline}Decrypting...${nounderline}"
decrypt pvjjk-1vos-niinisalo
;;
list)
list
;;
help)
echo "encrypt, decrypt, list"
echo "${underline}Listing...${nounderline}"
list pvjjk-1vos-niinisalo
;;
*)
echo "..."
echo "${underline}HELP${nounderline}"
echo "encrypt - Encrypt Files"
echo "decrypt - Decrypt Files"
echo "list - List Files"
;;
esac
echo -e "\n\n\n"

6
tasks.yml
View File

@@ -10,6 +10,8 @@
import_tasks: tasks/installer.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- installer
- never
@@ -18,6 +20,8 @@
import_tasks: tasks/maintenance.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- maintenance
- never
@@ -26,6 +30,8 @@
import_tasks: tasks/deployer.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- deployer
- never

199
tasks/deployer.yml
View File

@@ -58,7 +58,6 @@
containers.podman.podman_image:
name: docker.io/library/golang
tag: alpine
# force: true
register: deployerTaskY2
- name: "Deployer - Yggdrasil - Clone Repository"
@@ -69,7 +68,7 @@
- name: "Deployer - Yggdrasil - Build Image"
containers.podman.podman_image:
name: pvjjk-1vos-tjas/yggdrasil
name: pvjjk-1vos-niinisalo/yggdrasil
tag: latest
path: "/root/data/yggdrasil"
build:
@@ -80,7 +79,7 @@
- name: "Deployer - Yggdrasil - Run Container"
containers.podman.podman_container:
name: yggdrasil
image: pvjjk-1vos-tjas/yggdrasil:latest
image: pvjjk-1vos-niinisalo/yggdrasil:latest
state: started
recreate: on
network: host
@@ -108,7 +107,6 @@
containers.podman.podman_image:
name: docker.io/library/mariadb
tag: latest
# force: true
register: deployerTaskM1
- name: "Deployer - MariaDB - Run Container"
@@ -209,27 +207,27 @@
ansible.builtin.template:
src: './files/kea/kea-dhcp4.conf'
dest: '/etc/kea/kea-dhcp4.conf'
register: deployerTaskD1
register: deployerTaskK1
tags:
- kea
- dhcp
- name: "Deployer - Kea - Configure - Database : Init"
ansible.builtin.command:
cmd: "kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
register: deployerTaskD2
cmd: "/usr/sbin/kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
register: deployerTaskK2
changed_when:
- deployerTaskD2.stdout.find('Initializing database') != -1
- deployerTaskK2.stdout.find('Initializing database') != -1
failed_when:
- deployerTaskD2.stdout.find('ERROR') != -1
- deployerTaskD2.stdout.find('Expected empty database kea.') == -1
- deployerTaskK2.stdout.find('ERROR') != -1
- deployerTaskK2.stdout.find('Expected empty database kea.') == -1
tags:
- kea
- dhcp
- name: "Deployer - Kea - Configure - Database : Upgrade"
ansible.builtin.command:
cmd: "kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
cmd: "/usr/sbin/kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
tags:
- kea
- dhcp
@@ -238,69 +236,199 @@
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: restarted
enabled: true
when:
- (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined or (deployerTaskD2 is defined and deployerTaskD2.changed) or deployerTaskD2 is undefined
- (deployerTaskK1 is defined and deployerTaskK1.changed) or deployerTaskK1 is undefined or (deployerTaskK2 is defined and deployerTaskK2.changed) or deployerTaskK2 is undefined
tags:
- kea
- dhcp
- name: "Deployer - PowerDNS - Configure - Create Folder"
- name: "Deployer : Kea : Start"
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: started
tags:
- kea
- dhcp
- name: "Deployer - dnsdist - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns/"
path: "/root/data/dnsdist/"
state: directory
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS - Configure - Create Subfolders"
- name: "Deployer - dnsdist - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns/{{ item.path }}'
dest: '/root/data/dnsdist/{{ item.path }}'
state: directory
with_filetree: './files/powerdns/'
with_filetree: './files/dnsdist/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
- name: "Deployer - dnsdist - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns/{{ item.path }}'
register: deployerTaskP1
with_filetree: './files/powerdns/'
dest: '/root/data/dnsdist/{{ item.path }}'
register: deployerTaskD1
with_filetree: './files/dnsdist/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS - Pull Image"
- name: "Deployer - dnsdist - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-auth-49
name: docker.io/powerdns/dnsdist-20
tag: latest
# force: true
register: deployerTaskP2
register: deployerTaskD2
- name: "Deployer - PowerDNS - Run Container"
- name: "Deployer - dnsdist - Run Container"
containers.podman.podman_container:
name: powerdns
image: docker.io/powerdns/pdns-auth-49:latest
name: dnsdist
image: docker.io/powerdns/dnsdist-20:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
- "/root/data/dnsdist/config.conf:/etc/dnsdist/dnsdist.conf:ro"
tty: yes
interactive: yes
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
- (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined or (deployerTaskD2 is defined and deployerTaskD2.changed) or deployerTaskD2 is undefined
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-authorative/"
state: directory
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-authorative/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-authorative/{{ item.path }}'
register: deployerTaskPA1
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-auth-50
tag: latest
register: deployerTaskPA2
- name: "Deployer - PowerDNS Authorative - Run Container"
containers.podman.podman_container:
name: powerdns-authorative
image: docker.io/powerdns/pdns-auth-50:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-authorative/config.conf:/etc/powerdns/pdns.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPA1 is defined and deployerTaskPA1.changed) or deployerTaskPA1 is undefined or (deployerTaskPA2 is defined and deployerTaskPA2.changed) or deployerTaskPA2 is undefined
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-recursor/"
state: directory
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-recursor/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-recursor/{{ item.path }}'
register: deployerTaskPR1
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-recursor-52
tag: latest
register: deployerTaskPR2
- name: "Deployer - PowerDNS Recursor - Run Container"
containers.podman.podman_container:
name: powerdns-recursor
image: docker.io/powerdns/pdns-recursor-52:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-recursor/config.conf:/etc/powerdns/recursor.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPR1 is defined and deployerTaskPR1.changed) or deployerTaskPR1 is undefined or (deployerTaskPR2 is defined and deployerTaskPR2.changed) or deployerTaskPR2 is undefined
tags:
- powerdns-recursor
- dns
- name: "Deployer - Nginx - Configure - Create Folder"
@@ -342,7 +470,6 @@
containers.podman.podman_image:
name: docker.io/library/nginx
tag: latest
# force: true
register: deployerTaskN2
- name: "Deployer - Nginx - Run Container"

43
tasks/installer.yml
View File

@@ -56,10 +56,43 @@
label: "{{ package }}"
loop_var: "package"
- name: "Installer : Network : Configure"
- name: "Installer : Issue : Configure - Copy File"
ansible.builtin.template:
src: './files/network/interfaces'
src: './files/issue'
dest: '/etc/{{ file }}'
vars:
files:
- "issue"
- "issue.net"
loop: "{{ files }}"
loop_control:
label: "{{ file }}"
loop_var: "file"
tags:
- issue
- name: "Installer : Motd : Configure - Copy File"
ansible.builtin.template:
src: './files/motd'
dest: '/etc/motd'
tags:
- motd
- name: "Installer : Networking : Configure - Copy Configuration"
ansible.builtin.template:
src: './files/networking/interfaces'
dest: '/etc/network/interfaces'
tags:
- networking
- network
- name: "Installer : Networking : Start - Restart Service"
ansible.builtin.systemd_service:
name: networking
state: restarted
tags:
- networking
- network
- name: "Installer : FirewallD : Dependencies - Packages"
ansible.builtin.apt:
@@ -100,6 +133,8 @@
- http
- https
- ssh
- dhcp
- dns
loop: "{{ services }}"
loop_control:
label: "{{ service }}"
@@ -208,7 +243,7 @@
name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
hour: "*/3"
minute: "0"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance"
tags:
- cron
@@ -216,6 +251,6 @@
ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Deployer"
minute: "*/5"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer"
tags:
- cron