cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-04 05:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cwchristerw:d694c4cbf6fd572a96699d76b3b0aa874114e47c
Branches Tags
cwchristerw:master
..
compare: cwchristerw:master
Branches Tags
cwchristerw:master

68 Commits
d694c4cbf6 ... master

Author SHA1 Message Date
Christer Warén
cf65e1ac85 Update workstation installation guide 2025-09-01 16:30:51 +03:00
Christer Warén
177bafaa93 Fix typos in Init script 2025-09-01 15:56:52 +03:00
Christer Warén
89c5cc2437 FIx to work in WSL 2025-09-01 15:49:37 +03:00
Christer Warén
586ea6bd0e Fix missing sudo in INSTRUCTIONS.md 2025-09-01 15:39:42 +03:00
Christer Warén
13d07913ef Add workstation installation guide to INSTRUCTIONS.md 2025-09-01 15:33:12 +03:00
Christer Warén
718874a63d Beautification of Protect script 2025-09-01 15:21:41 +03:00
Christer Warén
859b96eb88 Beautification of Init script 2025-09-01 15:21:19 +03:00
Christer Warén
e149ba3db0 Inventories Update 2025-09-01 15:20:42 +03:00
Christer Warén
2224e2c596 Inventories Update 2025-09-01 10:25:36 +03:00
Christer Warén
2b6921e9f3 Fix typo in Yggdrasil configuration 2025-09-01 10:12:30 +03:00
Christer Warén
b895ac02b9 Yggdrasil Configuration 2025-09-01 09:03:41 +03:00
Christer Warén
edbf3f6191 Inventories Update 2025-09-01 09:03:27 +03:00
Christer Warén
79e45822c1 Protect Update 2025-09-01 09:03:04 +03:00
Christer Warén
a4e7218050 Fix Kea configuration commands in Deployer tasks 2025-08-30 18:52:23 +03:00
Christer Warén
f1a5f0caa5 Add NET_BIND_SERVICE capability to PowerDNS containers 2025-08-28 12:43:16 +03:00
Christer Warén
7f8b4a1e13 Add NET_BIND_SERVICE capability to dnsdist container 2025-08-28 11:55:16 +03:00
Christer Warén
e1a1e4889a Add parameters to dnsdist in Deployer tasks 2025-08-28 10:44:11 +03:00
Christer Warén
d5b99d3146 FIx PowerDNS container names in Deployer tasks 2025-08-27 14:03:04 +03:00
Christer Warén
be900d5785 Add useClientSubnet to dnsdist configuration 2025-08-27 13:55:05 +03:00
Christer Warén
84884d9015 Add PowerDNS Recursor to Deployer 2025-08-26 19:42:00 +03:00
Christer Warén
5589d94f11 Update Issue & MOTD 2025-08-26 13:37:04 +03:00
Christer Warén
491ad0aba8 Update VSCode settings 2025-08-26 13:36:48 +03:00
Christer Warén
dec30dd66b Fix typo in server network configuration 2025-08-26 13:04:54 +03:00
Christer Warén
5008c1be97 Allow DHCP & DNS from FirewallD 2025-08-26 12:49:41 +03:00
Christer Warén
56b53fdc5b Update network device configurations to INSTRUCTIONS.md 2025-08-26 12:49:22 +03:00
Christer Warén
2b671f8a6d Add interfaces to subnets to restrict them to specific vlan 2025-08-26 09:08:10 +03:00
Christer Warén
ada1aa726d Start Kea server in Deployer tasks 2025-08-26 08:31:00 +03:00
Christer Warén
89d03c5141 Set statiic IPs for interfaces 2025-08-26 08:11:46 +03:00
Christer Warén
b889bd2054 Update Kea tasks 2025-08-25 14:58:22 +03:00
Christer Warén
877cbc1005 Restore unique MAC addresses to interfaces 2025-08-25 14:05:25 +03:00
Christer Warén
6b83b10523 Remove static IPs from network interfaces 2025-08-25 13:59:24 +03:00
Christer Warén
21fcb394cd Update Issue & MOTD 2025-08-25 12:23:01 +03:00
Christer Warén
aab33c9c21 Change name of office laptop 2025-08-25 12:11:40 +03:00
Christer Warén
742e77a1fc Update 2025-08-25 12:10:41 +03:00
Christer Warén
63f6266f2c Update 2025-08-25 12:02:51 +03:00
Christer Warén
c89ab05b1a Add Issue and MOTD to Installer tasks 2025-08-25 12:02:23 +03:00
Christer Warén
41d961ce6b Restart Networking during Installer tasks 2025-08-25 10:59:00 +03:00
Christer Warén
f81480af87 Network Changes 2025-08-25 10:26:26 +03:00
Christer Warén
76e57329ce Fix typo in interfaces file 2025-08-16 14:57:18 +03:00
Christer Warén
c6b2c2cd25 Add vlan to packages to install in Installer tasks 2025-08-16 14:27:18 +03:00
Christer Warén
37114a0f8d Update network interfaces 2025-08-16 14:20:32 +03:00
Christer Warén
47e7f0415b Update Kea configuration 2025-08-16 14:20:23 +03:00
Christer Warén
296b3b5502 Add Kea database upgrade task to Deployer tasks 2025-08-16 14:04:20 +03:00
Christer Warén
681999d4e2 Deployer Tasks - Uodate 2025-08-16 13:54:33 +03:00
Christer Warén
41008ed852 Add database configuration task for Kea in Deployer tasks 2025-08-16 13:45:18 +03:00
Christer Warén
79c6ee8af8 Adding more tags to Installer tasks 2025-08-16 13:25:30 +03:00
Christer Warén
5339d47d11 Installer Tasks: Add mariadb-client package to dependencies for MariaDB 2025-08-16 13:17:40 +03:00
Christer Warén
8d1a7820c9 Fix syntax in Kea configuration 2025-08-16 13:01:14 +03:00
Christer Warén
b9d58a6822 Change database server address in Kea configuration 2025-08-16 12:41:46 +03:00
Christer Warén
4cfaf5f0a4 Fix wrong mac address of s3 switch in Kea configuration 2025-08-16 12:38:41 +03:00
Christer Warén
9e898bd5e3 Remove unnecessary hooks-libraries from Kea configuration 2025-08-16 12:29:18 +03:00
Christer Warén
669fdcc6a6 Fix typos in Kea configuration 2025-08-16 11:05:50 +03:00
Christer Warén
ffd215d9f8 Fix typo in Deployer tasks 2025-08-13 14:44:01 +03:00
Christer Warén
19fb89cfb2 Add interfaces to Kea configuration 2025-08-13 14:39:26 +03:00
Christer Warén
f17f1bfb7b Update Deployer tasks: Add tags and replace DHCPD with Kea 2025-08-13 13:39:33 +03:00
Christer Warén
ee486ad369 Remove DHCPD configuration and update Kea configuration 2025-08-13 13:38:25 +03:00
Christer Warén
00cf46fe10 Commenting forcing to pull images due to Docker Hub limits 2025-08-08 19:33:40 +03:00
Christer Warén
811f681ba4 Fix MariaDB tasks in Deployer tasks with adding conditions 2025-08-08 19:08:08 +03:00
Christer Warén
034a790501 Fix typo in Deployer tasks 2025-08-08 18:57:02 +03:00
Christer Warén
c486c307c1 Fix typo in olympus.juva.tjas host variables 2025-08-08 18:52:55 +03:00
Christer Warén
21acf6f0cb Rename olympus.intra.tjas to olympus.juva.tjas 2025-08-08 18:42:01 +03:00
Christer Warén
b86a8c9c4b Fix typo in Deployer tasks 2025-08-08 18:33:33 +03:00
Christer Warén
b0b1a0f19d Add kea-dhcp4.conf to Kea files 2025-08-08 18:28:03 +03:00
Christer Warén
8931fda671 Update olympus host variables 2025-08-08 18:27:30 +03:00
Christer Warén
9803cad577 Install Kea server as new DHCP server in Deployer tasks 2025-08-08 18:27:30 +03:00
Christer Warén
03a4760ab5 Update data directory location to be static in root user directory 2025-08-08 18:27:30 +03:00
Christer Warén
30e04c8667 Update DHCP server configuration 2025-08-08 18:27:30 +03:00
Christer Warén
fa8775abc1 Update network device configurations to INSTRUCTIONS.md 2025-08-08 18:26:36 +03:00
26 changed files with 1040 additions and 326 deletions
Expand all files Collapse all files

1
.vscode/settings.json vendored
View File

@@ -1,6 +1,5 @@
{
"files.trimTrailingWhitespace": true,
"files.insertFinalNewline": true,
"files.trimFinalNewlines": true,
"editor.renderFinalNewline": false
}

277
INSTRUCTIONS.md
View File

@@ -1,7 +1,28 @@
# Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS TJAS - Infra
## PVJJK 1.VOS Niinisalo
### Ylläpitäjän ohjeet
**Työaseman asennus**
1. Asenna Windows Subsystem for Linux vaihtoehtoisista järjestelmäominaisuuksista.
2. Käynnistä työasema uudelleen
3. Asenna Debian käyttöjärjestelmä
1. Avaa Powershell järjestelmänvalvojana
2. Suorita asennuskomento `wsl --install -d Debian`
3. Aseta käyttäjätunnukseksi `asentaja` ja salasanaksi sama kuin työaseman Windows käyttäjän salasana.
4. Vaihda isännän nimi
1. Lisää Network kohtaan tai luo Network kohta `echo "[network]" > /etc/wsl.conf`
2. Lisää isännän nimi `echo "hostname = argo.aito.tjas" > /etc/wsl.conf`
3. Lisää Hosts tiedoston generointi `echo "generateHosts = true" > /etc/wsl.conf`
5. Sulje ikkuna
4. Aseta Debian oletusarvoiseksi käyttöjärjestelmäksi ja käynnistä se uudelleen
1. Avaa Powershell järjestelmänvalvojana
2. Vaihda oletusarvoinen käyttöjärjestelmä `wsl --set-default Debian`
3. Käynnistä uudelleen käyttöjärjestelmä `wsl -t Debian`
4. Sulje ikkuna
6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
7. Asenna curl-paketti käyttämällä APT-paketinhallintaa `sudo apt update && sudo apt install curl`
8. Lataa ja suorita Init.sh skripti `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
**Palvelimen asennus**
1. Asenna Debian-käyttöjärjestelmä
2. Asenna curl-paketti käyttämällä APT-paketinhallintaa `apt update && apt install curl`
@@ -61,28 +82,36 @@ interface FastEthernet0/1
interface FastEthernet0/1.10
description "TINU - INTERNET"
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.0
ip address 192.168.1.1 255.255.255.224
ip access-group 10 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.20
description "JUVA - INTRA"
encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.0
ip address 192.168.2.1 255.255.255.224
ip access-group 20 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.30
description "AITO - TOIMISTO"
encapsulation dot1Q 30
ip address 192.168.3.1 255.255.255.0
ip address 192.168.3.1 255.255.255.224
ip access-group 30 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.69
description "SIVE - HALLINTA"
encapsulation dot1Q 69
ip address 192.168.69.1 255.255.255.0
ip address 192.168.69.1 255.255.255.192
ip access-group 69 in
ip access-group 69 out
ip helper-address 192.168.69.20
no snmp trap link-status
!
@@ -94,15 +123,43 @@ interface GigabitEthernet0/0/0
ip classless
!
ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.0.0
access-list 1 permit 192.168.1.0
access-list 1 permit 192.168.2.0
access-list 1 permit 192.168.3.0
access-list 1 deny any
access-list 1 permit 192.168.1.0 0.0.0.31
access-list 1 permit 192.168.2.0 0.0.0.31
access-list 1 permit 192.168.3.0 0.0.0.31
access-list 10 deny 192.168.0.0 0.0.255.255
access-list 10 permit any
access-list 20 permit 192.168.2.0 0.0.0.31
access-list 20 deny 192.168.0.0 0.0.255.255
access-list 20 permit any
access-list 30 permit 192.168.2.10
access-list 30 permit 192.168.3.0 0.0.0.31
access-list 30 deny 192.168.0.0 0.0.255.255
access-list 30 permit any
access-list 69 permit 192.168.69.0 0.0.0.63
!
control-plane
!
banner motd ^C
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
r1.net.tjas
^C
!
line con 0
line aux 0
@@ -118,58 +175,164 @@ end
s1.net.tjas
```
hostname "s1.net.tjas"
ip default-gateway 192.168.1.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-52
untagged 4-52
ip address dhcp-bootp
no untagged 1-3
exit
vlan 10
name "TINU"
ip address 192.168.1.2 255.255.255.0
ip address 192.168.1.2 255.255.255.224
tagged 1
exit
vlan 20
name "JUVA"
no ip address
tagged 1-2
exit
vlan 30
name "AITO"
no ip address
tagged 1,3
exit
vlan 69
name "SIVE"
ip address 192.168.69.11 255.255.255.0
tagged 1,2,3
ip address 192.168.69.11 255.255.255.192
tagged 1-3
exit
ip authorized-managers 192.168.69.20
ip authorized-managers 192.168.69.20 255.255.255.255
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s1.net.tjas
"
ip ssh
password manager
```
s2.net.tjas
```
hostname "s2.net.tjas"
interface 3
disable
exit
interface 4
disable
exit
interface 5
disable
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
interface 13
disable
exit
interface 14
disable
exit
interface 15
disable
exit
interface 16
disable
exit
interface 17
disable
exit
interface 18
disable
exit
interface 19
disable
exit
interface 20
disable
exit
interface 21
disable
exit
interface 22
disable
exit
interface 23
disable
exit
interface 24
disable
exit
ip default-gateway 192.168.2.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 25-28
untagged 3-28
ip address dhcp-bootp
no untagged 1-24
no untagged 1-2
exit
vlan 20
name "JUVA"
untagged 2-24
ip address 192.168.2.2 255.255.255.0
tagged 1
untagged 3-24
ip address 192.168.2.2 255.255.255.224
tagged 1-2
exit
vlan 69
name "SIVE"
ip address 192.168.69.12 255.255.255.0
tagged 1,2
ip address 192.168.69.12 255.255.255.192
tagged 1-2
exit
ip authorized-managers 192.168.69.20 255.255.255.255
ip authorized-managers 192.168.69.20
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s2.net.tjas
"
ip ssh
password manager
```
@@ -177,6 +340,40 @@ password manager
s3.net.tjas
```
hostname "s3.net.tjas"
interface 2
disable
exit
interface 3
disable
exit
interface 4
disable
exit
interface 5
disable
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
ip default-gateway 192.168.3.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
@@ -186,17 +383,41 @@ vlan 1
exit
vlan 30
name "AITO"
untagged 2-24
ip address 192.168.3.2 255.255.255.0
untagged 13-24
ip address 192.168.3.2 255.255.255.224
tagged 1
exit
vlan 69
name "SIVE"
untagged 2-24
ip address 192.168.69.13 255.255.255.0
ip address 192.168.69.13 255.255.255.192
tagged 1
exit
ip authorized-managers 192.168.69.20 255.255.255.255
ip authorized-managers 192.168.69.20
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s3.net.tjas
"
ip ssh
password manager
```
# LÄHTEET
## ISSUE - ASCII ART
ASCII Art Generator
https://www.textmods.com/ascii-art

2
README.md
View File

@@ -1,5 +1,5 @@
# Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS TJAS - Infra
## PVJJK 1.VOS NIINISALO
Infran toteutus aloitettiin vuonna 2025 ja sen on suunnitellut [Jääkäri Warén](https://christerwaren.fi).

2
ansible.cfg
View File

@@ -1,5 +1,5 @@
[defaults]
inventory = inventories/pvjjk-1vos-tjas
inventory = inventories/pvjjk-1vos-niinisalo
hash_behaviour = merge
gathering = smart
display_skipped_hosts = false

125
files/dhcp/dhcpd.conf
View File

@@ -1,125 +0,0 @@
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "intra.tjas";
option domain-name-servers 192.168.2.10;
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.example.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.example.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.254;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.2 192.168.2.254;
option routers 192.168.2.1;
option broadcast-address 192.168.2.255;
}
subnet 192.168.3.0 netmask 255.255.255.0 {
range 192.168.3.2 192.168.3.254;
option routers 192.168.3.1;
option broadcast-address 192.168.3.255;
}

12
files/dnsdist/config.conf Normal file
View File

@@ -0,0 +1,12 @@
setLocal('0.0.0.0:53')
addLocal('[::]:53')
setACL({'0.0.0.0/0', '::/0'})
setECSOverride(true)
setECSSourcePrefixV4(32)
setECSSourcePrefixV6(128)
newServer({address='127.0.0.1:531', useClientSubnet=true, pool='authorative'})
newServer({ address='127.0.0.1:532', useClientSubnet=true, pool='recursor' })
addAction('tjas', PoolAction('authorative'))
addAction(AllRule(), PoolAction('recursor'))
setSecurityPollSuffix("")
setServFailWhenNoServer(true)

25
files/issue Normal file
View File

@@ -0,0 +1,25 @@
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
olympus.juva.tjas
Made by
Jääkäri Warén
https://christerwaren.fi

232
files/kea/kea-dhcp4.conf Normal file
View File

@@ -0,0 +1,232 @@
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "enp0s25.20" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea/kea4-ctrl-socket"
},
"lease-database": {
"type": "mysql",
"name": "{{ config.mariadb.users['kea'].database }}",
"user": "{{ config.mariadb.users['kea'].username }}",
"password": "{{ config.mariadb.users['kea'].password }}",
"host": "127.0.0.1",
"port": 3306
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"subnet4": [
{
"id": 1,
"subnet": "192.168.1.0/27",
"pools": [
{
"pool": "192.168.1.1 - 192.168.1.30"
}
],
"option-data": [
{
"name": "routers",
"data": "192.168.1.1"
},
{
"name": "domain-name-servers",
"data": "1.1.1.1"
},
{
"name": "domain-search",
"data": "puolustusvoimat.fi"
}
],
"user-context": {
"name": "Tinu",
"purpose": "Internet"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.1.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "9c:8e:99:9b:c3:80",
"ip-address": "192.168.1.2",
"hostname": "s1.net.tjas"
}
]
},
{
"id": 2,
"subnet": "192.168.2.0/27",
"interface": "enp0s25.20",
"pools": [
{
"pool": "192.168.2.1 - 192.168.2.30"
}
],
"option-data": [
{
"name": "routers",
"data": "192.168.2.1"
},
{
"name": "domain-name-servers",
"data": "192.168.2.10, 1.1.1.1"
},
{
"name": "domain-name",
"data": "juva.tjas"
},
{
"name": "domain-search",
"data": "juva.tjas, tjas"
}
],
"user-context": {
"name": "Juva",
"purpose": "Intra"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.2.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "00:24:a8:f1:c7:40",
"ip-address": "192.168.2.2",
"hostname": "s2.net.tjas"
},
{
"hw-address": "90:1b:0e:5b:18:fb",
"ip-address": "192.168.2.10",
"hostname": "olympus.juva.tjas"
}
]
},
{
"id": 3,
"subnet": "192.168.3.0/27",
"pools": [
{
"pool": "192.168.3.1 - 192.168.3.30"
}
],
"option-data": [
{
"name": "routers",
"data": "192.168.3.1"
},
{
"name": "domain-name-servers",
"data": "192.168.2.10"
},
{
"name": "domain-name",
"data": "aito.tjas"
},
{
"name": "domain-search",
"data": "aito.tjas, tjas"
}
],
"user-context": {
"name": "Aito",
"purpose": "Toimisto"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.3.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "00:1f:fe:ab:9e:c0",
"ip-address": "192.168.3.2",
"hostname": "s3.net.tjas"
}
]
},
{
"id": 69,
"subnet": "192.168.69.0/26",
"interface": "enp0s25.69",
"pools": [
{
"pool": "192.168.69.1 - 192.168.69.62"
}
],
"option-data": [
{
"name": "domain-name-servers",
"data": "192.168.69.20"
},
{
"name": "domain-name",
"data": "sive.tjas"
},
{
"name": "domain-search",
"data": "sive.tjas"
}
],
"user-context": {
"name": "Sive",
"purpose": "Hallinta"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.69.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "9c:8e:99:9b:c3:80",
"ip-address": "192.168.69.11",
"hostname": "s1.net.tjas"
},
{
"hw-address": "00:24:a8:f1:c7:40",
"ip-address": "192.168.69.12",
"hostname": "s2.net.tjas"
},
{
"hw-address": "00:1f:fe:ab:9e:c0",
"ip-address": "192.168.69.13",
"hostname": "s3.net.tjas"
},
{
"hw-address": "90:1b:0e:5b:18:fc",
"ip-address": "192.168.69.20",
"hostname": "olympus.juva.tjas"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "stdout",
"pattern": "%-5p %m\n"
}
],
"severity": "ERROR",
"debuglevel": 0
}
]
}
}

29
files/motd Normal file
View File

@@ -0,0 +1,29 @@
_____ _ _ _ _
|_ _|_ _ _ __ __ _ ___ | |_ _| (_) ___| |_
| |/ _` | '_ \ / _` |/ _ \ _ | | | | | | |/ _ \ __|
| | (_| | | | | (_| | (_) | | |_| | |_| | | | __/ |_
|_|\__,_|_| |_|\__, |\___/ \___/ \__,_|_|_|\___|\__|
_ _ |___/ ____ _
/ \ | |_ __ | |__ __ _ / ___|(_) ___ _ __ _ __ __ _
/ _ \ | | '_ \| '_ \ / _` | \___ \| |/ _ \ '__| '__/ _` |
/ ___ \| | |_) | | | | (_| | ___) | | __/ | | | | (_| |
/_/ \_\_| .__/|_| |_|\__,_| |____/|_|\___|_| |_| \__,_|
|_|
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
olympus.juva.tjas
Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan
ylikirjoittaa automatisoidusti.
https://github.com/cwchristerw/tjas-intra

9
files/network/interfaces → files/networking/interfaces
View File

@@ -12,7 +12,12 @@ allow-hotplug enp0s25
iface enp0s25 inet dhcp
auto enp0s25.20
iface enp0s25.20 inet dhcp
iface enp0s25.20 inet static
address 192.168.2.10/27
gateway 192.168.2.1
hwaddress 90:1b:0e:5b:18:fb
auto enp0s25.69
iface enp0s25.69 inet dhcp
iface enp0s25.69 inet static
address 192.168.69.20/26
hwaddress 90:1b:0e:5b:18:fc

6
files/nginx/conf/000-default.conf
View File

@@ -37,8 +37,8 @@ server {
# http2 on;
# ssl_certificate /etc/nginx/certs/pvjjk-1vos-tjas/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-tjas/privkey.pem;
# ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ecdh_curve X25519:prime256v1:secp384r1;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
@@ -46,7 +46,7 @@ server {
# ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 180m;
# ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-tjas/chain.pem;
# ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;
# expires off;
# etag off;

4
files/powerdns/config.conf → files/powerdns-authorative/config.conf
View File

@@ -1,6 +1,6 @@
local-address=0.0.0.0,::
local-port=53
default-soa-content=s1.intra.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
local-port=531
default-soa-content=olympus.juva.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
launch=gmysql
gmysql-host=127.0.0.1
gmysql-port=3306

9
files/powerdns-recursor/config.conf Normal file
View File

@@ -0,0 +1,9 @@
incoming:
listen:
- 127.0.0.1:532
recursor:
forward_zones:
- zone: tjas
recurse: false
forwarders:
- 127.0.0.1:531

2
files/ssh/authorized_keys
View File

@@ -1,2 +1,2 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 l1.office.tjas
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw

16
files/yggdrasil/config.conf
View File

@@ -6,11 +6,17 @@
# use this section when you may connect via different interfaces.
Peers: [
#TRUSTED PEERS - Waren Group
#aurora.devices.waren.io
#201:361f:bbfb:7210:c5b8:3f74:a285:adb9
"tls://[2a01:4f9:2a:60c::2]:18836",
"tls://95.216.5.243:18836",
{% if config.yggdrasil.peers is defined %}
#TRUSTED PEERS
{% for peer in config.yggdrasil.peers %}
{% if peer.name is defined and peer.address is defined and peer.address is defined %}
#{{ peer.name }}
"{{ peer.address }}"{% if not loop.last %},{% endif %}
{% endif %}
{% endfor %}
{% endif %}
]
# List of connection strings for static peers in URI format, arranged

61
init.sh
View File

@@ -4,63 +4,74 @@ if [ ! "$BASH_VERSION" ] ; then
exit 1
fi
underline=`tput smul`
nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
ti-header(){
echo $(tput bold)$1$(tput sgr0)
echo ${bold}$1${normal}
}
echo "${bold}"
echo "
==============================
PVJJK 1.VOS TJAS - Infra
Init Script
------------------------------
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.)
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
"
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
INIT SCRIPT
"
echo -n "${normal}"
stop () {
echo "
==============================
"
exit 1
}
ti-header "Haetaan pakettien tiedot..."
apt update
sudo apt update
echo -e "\n\n"
ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnalla..."
apt-get install -y python3-pip python3-venv jq git curl lsb-release
sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release
echo -e "\n\n"
mkdir -p ~/.ssh/keys/pvjjk-1vos-tjas &> /dev/null
if [[ ! -f ~/.ssh/keys/pvjjk-1vos-tjas/infra ]]
mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
then
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
ssh-keygen -f ~/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn)
ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
echo -e "\n\n"
fi
ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
python3 -m venv ~/.venv/ansible
python3 -m venv $HOME/.venv/ansible
echo -e "\n\n"
ti-header "Asennetaan Ansiblen riippuvuudet..."
~/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
echo -e "\n\n"
ti-header "Asennetaan Ansible..."
~/.venv/ansible/bin/pip3 install ansible
$HOME/.venv/ansible/bin/pip3 install ansible
echo -e "\n\n"
ti-header "Asennetaan Ansible kokoelmat..."
~/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
echo -e "\n\n"
ti-header "Lisää SSH-avain Infra-repon käyttöön..."
cat ~/.ssh/keys/pvjjk-1vos-tjas/infra.pub
cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
echo -n "Onko avain lisätty Github-repoon? [K/E]"
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -69,8 +80,8 @@ do
done
echo -e "\n\n"
mkdir -p ~/.ansible/vault &> /dev/null
if [[ ! -f ~/.ansible/vault/pvjjk-1vos-tjas ]]
mkdir -p $HOME/.ansible/vault &> /dev/null
if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]]
then
ti-header "Syötä Ansible Vaultin salasana..."
echo -n "Salasana: "
@@ -80,14 +91,14 @@ then
if [[ ! -z $VAULT_PASSWORD ]]
then
echo "$VAULT_PASSWORD" > ~/.ansible/vault/pvjjk-1vos-tjas
echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo
fi
done
echo -e "\n\n"
fi
ti-header "Suoritetaan Infran asennus..."
~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer
$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
echo -e "\n\n"
echo "

6
inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo Normal file
View File

@@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30383633646132396336336135366264386137643166376336666261316465346632353333616361
3134623361333633653666313035633536396662613234320a386239373636623061383331663438
64366431613763376239613036633365346266643163396331653237313662346231623731373530
6630653939373762380a363939383862623336666361303032653431356139383766663331656335
3438

6
inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas Normal file
View File

@@ -0,0 +1,6 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
37353031396164353032396635313539613734613432323435383137303835383439663439363337
6230323066313361383061633932616230363465326239640a333739323064653263336337633639
64343833623362323734363239653866383037313331613738653133636364623237326637313232
3462636261386230380a313634313965343733616137663532623965393835306562633635633831
3166

51
inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas Normal file
View File

@@ -0,0 +1,51 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30386163316331336461633036653363613064366361653938616138353736366463643664393933
6533383232616130626431353164663738346630616465300a393062663634356566656562646137
36623535313932316262663064366535616565386436653761336463323163646439656563303262
6531373030393264310a623933386234306532643664363335386231626664643531656433323731
30373237626531336431343965313239616339356162383262313363363262613463303236643734
62303636646232383235316137393634626235386662616339343231626661376331396138343361
31663630306431653532666463326536636365663163663162643136366363333638333930373234
36306166366533636562363063336436333465393231316363343864373335646437373561353538
31613162643664633435363831326230373635313165633566323135303263323034636265393163
62373234613334393261356464643262616132343963383165303534346335373634396161383532
31623330373935613866336135323038343030353865373863633562303134613662353762376134
61653035313965316134666534366435663333386235636266376164663731646365626135613166
39333934653563623966366466613436313635313537363337386133356433356336303938333366
66653735636462383666396332656333666234333435333062356338383034656637323438316134
62386136663962336232623663666438333931376561303964636563306664313134373338303339
32313635643136396365383834343438633463366262366330653034333332653038356331346566
30336164393136383434646636376239656162643734643735306436303961326565346566333461
33383861356537656262646131386134303165636632343134383264353466316633663732396334
33373664633239396234366534636365346631643063373836666233626565626234363433313866
31663464346264393731623364373035616134376430333764383836353132386339636537326637
36366662333336373633653330353939396239623037653862393932373932353834373339373934
61663338666164663235653337336238626462653336313532643131383638336535376232303465
64363530393065383639663731383036613338343436313937663162643434323835353363653738
62613139343934656135313832323532623263653038353166313531643036303538613436323664
33356434623633643462326564383263323833376165366536633264656366353137316265653534
36656561353634626330636363636133356265306336623737643961663061343630383330386538
63636434303066646261636338323563373663323835386563393539616663636139356536393462
37363766356138616232333162666562333261626661646538613862306264336636396562313665
35373266366134623263663363376630343263623335666663396438663238636534393130623134
36653465383763646563386361636530393366323538336532393661306362346333353661303334
32633966303964383861653365626332316135373731393935313262383164346233353765396561
33323864306336353732623937386235646366663764653965633764643864366331666262386639
66326335326562646630346435663533313335373034663565333839323961383366643263356133
64303030366263356231343530343566623935306431653866613165393633643835653330666436
38663535373666333763386436646337656133303262396237663931323864336630646466306462
65656536336533343065316637613034626333343837616363376263636635363866383638393234
39373030663230383865396131363638376537363362666439636235626461303930396464313532
63306136613265636438333764646465306565333435666233656534656538646465636263363433
37356131353530363665336564386264616235613564363065356234336537363561313666653637
35336638623730633735643465316164323739316636353762653965633831626561313532626139
62303933376637376334666362306133383035376561333361326338663762363230303533363632
62383539626263363636636164366139306666333165636130323765643532363338656261396135
36336664656335383561643637383066653531303236323765356666343765616134343036313538
34623935616531323536383565313238333564613635343332303238626534613337353430303864
30383131346163636335363563656465316263316439646530663665386636393261386536306265
34656230643662653665383730396335646562306161663233353835666131633730663237336434
62643631653738633638366133396364623837343138613765616362633262333333646639396637
36386533386439623866346335376164336439366133643266663938643333383836346538636536
35376335306435616236323163616163656366366630656535393233643966313166346530383365
3630646439643335393964313862363134396566636661643666

5
inventories/pvjjk-1vos-tjas/hosts.yml → inventories/pvjjk-1vos-niinisalo/hosts.yml
View File

@@ -1,6 +1,7 @@
---
pvjjk_1vos_tjas:
pvjjk_1vos_niinisalo:
hosts:
olympus.intra.tjas:
argo.aito.tjas:
olympus.juva.tjas:
vars:
ansible_python_interpreter: /usr/bin/python3

34
inventories/pvjjk-1vos-tjas/host_vars/olympus.intra.tjas
View File

@@ -1,34 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-tjas
33376562363863333566646437313135363332623231643964346461613335623062303161643566
3038343664303937646664393536356463633966613633320a626663353131613163316234316433
31323230383964383634636338333836613264613064316664616537313934303830303166386633
6363653364646434360a633235636339336531666234666134666166653539623634343363643161
33656438306262356132346163626566656166653333643465366136653465373535353838383439
64626663376536633834336564663665353632393537326366313130633330646562666238353936
30363230323330316534343165373433663036393866626438613035636339616164303761333135
65316437663663663764663463333833663937346636383364303366393264393061383164353533
33323230383464313565316134346334343565643331653333316437396461633133323662626635
61633362303261643039313566616537316333346562366165373961383734663934653236663934
39653261663730373136363130626332303836636362613661306164643361363062353864393465
66383833653261383562313939656465623736656132383530313739313264356335616631613864
30373338346563346361383462336338303235306139346530363665376335363230386232323734
61316463656135356431313236613132323937303533356433376633626462303632616462663730
30313163306233616164306136643032393839353230373439653363323863383266363432356438
35366361623731353934646230333165636635346166366530633863343936393138306534343563
65396136656438613931313965396638353333313962663133663632613430396331656230356264
66343731396534633761323863303936323937306334366539346264373936663231613961313637
65306161356539366234613131386565343666653133363635336335316263663431373837636636
63633232623733343932363862366233326666626164313330353830383563316533636539636263
35386339393663623739623663396333643662343031363530343738663833663166313632376433
63303861633063333365306137373739633030393133333733636266306237383034653635396664
32373831636435613235623862613037663838333731386336656665646634373339626637653661
30343435323934626538353631383533363163633662326263646364383437383961656136626664
61306662646435343538333737386535623763376566373833393133353030346563326136383435
66363838343539383462313933366531333339333032363530636235633461316162643065313333
36633338326530653336353030363536363932663038373337653766373630313237343536323762
66633137383631333333386532303864633930663031653639373438643564613338646463623963
31323366373330346430393435393638363032613864633334303138363765363162613638346234
31633831313535373862646132616562623532303266623666333164613638646339643838333839
31623533393830353234303664313662373737373139323035366430646266393939626333376136
33346432356339323732393864363838656430633035303864636436393066393531333030636337
61333432666539333534383663313964636433306161353465346366333766623138

50
protect.sh
View File

@@ -5,23 +5,37 @@ nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
echo "${bold}PVJJK 1.VOS TJAS / Infra / Protect${normal}"
echo "${bold}"
echo "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.)
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
"
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
PROTECT SCRIPT
"
echo -n "${normal}"
action=$1
encrypt() {
echo "${underline}Encrypting...${nounderline}"
execute "ansible-vault encrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
}
decrypt() {
echo "${underline}Decrypting...${nounderline}"
execute "ansible-vault decrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
}
list() {
echo "${underline}Listing...${nounderline}"
i=0
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
@@ -29,7 +43,8 @@ list() {
}
execute() {
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
i=0
for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
@@ -40,18 +55,23 @@ for file in inventories/*/group_vars/* inventories/*/host_vars/*;
case $action in
encrypt)
encrypt
echo "${underline}Encrypting...${nounderline}"
encrypt pvjjk-1vos-niinisalo
;;
decrypt)
decrypt
echo "${underline}Decrypting...${nounderline}"
decrypt pvjjk-1vos-niinisalo
;;
list)
list
;;
help)
echo "encrypt, decrypt, list"
echo "${underline}Listing...${nounderline}"
list pvjjk-1vos-niinisalo
;;
*)
echo "..."
echo "${underline}HELP${nounderline}"
echo "encrypt - Encrypt Files"
echo "decrypt - Decrypt Files"
echo "list - List Files"
;;
esac
echo -e "\n\n\n"

6
tasks.yml
View File

@@ -10,6 +10,8 @@
import_tasks: tasks/installer.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- installer
- never
@@ -18,6 +20,8 @@
import_tasks: tasks/maintenance.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- maintenance
- never
@@ -26,6 +30,8 @@
import_tasks: tasks/deployer.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- deployer
- never

295
tasks/deployer.yml
View File

@@ -2,7 +2,7 @@
- name: "Deployer - SSH - Add Authorized Keys"
ansible.builtin.template:
src: './files/ssh/authorized_keys'
dest: '~/.ssh/authorized_keys'
dest: '/root/.ssh/authorized_keys'
tags:
- ssh
@@ -24,14 +24,14 @@
- name: "Deployer - Yggdrasil - Configure - Create Folder"
ansible.builtin.file:
path: "~/data/yggdrasil/"
path: "/root/data/yggdrasil/"
state: directory
tags:
- yggdrasil
- name: "Deployer - Yggdrasil - Configure - Create Subfolders"
ansible.builtin.file:
dest: '~/data/yggdrasil/{{ item.path }}'
dest: '/root/data/yggdrasil/{{ item.path }}'
state: directory
with_filetree: './files/yggdrasil/'
loop_control:
@@ -44,7 +44,7 @@
- name: "Deployer - Yggdrasil - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '~/data/yggdrasil/{{ item.path }}'
dest: '/root/data/yggdrasil/{{ item.path }}'
register: deployerTaskY1
with_filetree: './files/yggdrasil/'
loop_control:
@@ -58,7 +58,6 @@
containers.podman.podman_image:
name: docker.io/library/golang
tag: alpine
force: true
register: deployerTaskY2
- name: "Deployer - Yggdrasil - Clone Repository"
@@ -67,11 +66,11 @@
dest: ".cache/git/yggdrasil"
register: deployerTaskY3
- name: "Deployer - Yggdrasil - Pull Image"
- name: "Deployer - Yggdrasil - Build Image"
containers.podman.podman_image:
name: pvjjk-1vos-tjas/nginx
name: pvjjk-1vos-niinisalo/yggdrasil
tag: latest
path: "~/data/yggdrasil"
path: "/root/data/yggdrasil"
build:
format: docker
force: true
@@ -80,7 +79,7 @@
- name: "Deployer - Yggdrasil - Run Container"
containers.podman.podman_container:
name: yggdrasil
image: pvjjk-1vos-tjas/nginx:latest
image: pvjjk-1vos-niinisalo/yggdrasil:latest
state: started
recreate: on
network: host
@@ -96,40 +95,18 @@
tags:
- yggdrasil
# - name: "Deployer - DHCP - Install"
# ansible.builtin.apt:
# name:
# - isc-dhcp-server
# state: latest
# - name: "Deployer - DHCP - Config"
# ansible.builtin.template:
# src: './files/dhcp/dhcpd.conf'
# dest: '/etc/dhcp/dhcpd.conf'
# register: deployerTaskD1
# tags:
# - dhcp
# - name: "Deployer : DHCP : Restart"
# ansible.builtin.systemd_service:
# name: isc-dhcp-server
# state: restarted
# enabled: true
# when:
# - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined
- name: "Deployer - MariaDB - Create Folder"
ansible.builtin.file:
path: ~/data/mariadb
path: /root/data/mariadb
state: directory
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Pull Image"
containers.podman.podman_image:
name: docker.io/library/mariadb
tag: latest
force: true
register: deployerTaskM1
- name: "Deployer - MariaDB - Run Container"
@@ -140,7 +117,7 @@
restart: on
network: host
volumes:
- "~/data/mariadb:/var/lib/mysql"
- "/root/data/mariadb:/var/lib/mysql"
restart_policy: always
env:
MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}"
@@ -149,6 +126,7 @@
- (deployerTaskM1 is defined and deployerTaskM1.changed) or deployerTaskM1 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Wait"
ansible.builtin.wait_for:
@@ -159,6 +137,7 @@
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Upgrade"
containers.podman.podman_container_exec:
@@ -171,6 +150,7 @@
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Create Users"
community.mysql.mysql_user:
@@ -187,8 +167,14 @@
loop_var: "user"
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
- config.mariadb.users is defined
- config.mariadb.users[user] is defined
- config.mariadb.users[user].username is defined
- config.mariadb.users[user].password is defined
- config.mariadb.users[user].database is defined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Create Database"
community.mysql.mysql_db:
@@ -202,73 +188,260 @@
loop_var: "user"
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
- config.mariadb.users is defined
- config.mariadb.users[user] is defined
- config.mariadb.users[user].username is defined
- config.mariadb.users[user].password is defined
- config.mariadb.users[user].database is defined
tags:
- mariadb
- database
- name: "Deployer - PowerDNS - Configure - Create Folder"
- name: "Deployer - Kea - Install"
ansible.builtin.apt:
name:
- kea
state: latest
- name: "Deployer - Kea - Configure - DHCP4"
ansible.builtin.template:
src: './files/kea/kea-dhcp4.conf'
dest: '/etc/kea/kea-dhcp4.conf'
register: deployerTaskK1
tags:
- kea
- dhcp
- name: "Deployer - Kea - Configure - Database : Init"
ansible.builtin.command:
cmd: "/usr/sbin/kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
register: deployerTaskK2
changed_when:
- deployerTaskK2.stdout.find('Initializing database') != -1
failed_when:
- deployerTaskK2.stdout.find('ERROR') != -1
- deployerTaskK2.stdout.find('Expected empty database kea.') == -1
tags:
- kea
- dhcp
- name: "Deployer - Kea - Configure - Database : Upgrade"
ansible.builtin.command:
cmd: "/usr/sbin/kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
tags:
- kea
- dhcp
- name: "Deployer : Kea : Restart"
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: restarted
when:
- (deployerTaskK1 is defined and deployerTaskK1.changed) or deployerTaskK1 is undefined or (deployerTaskK2 is defined and deployerTaskK2.changed) or deployerTaskK2 is undefined
tags:
- kea
- dhcp
- name: "Deployer : Kea : Start"
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: started
tags:
- kea
- dhcp
- name: "Deployer - dnsdist - Configure - Create Folder"
ansible.builtin.file:
path: "~/data/powerdns/"
path: "/root/data/dnsdist/"
state: directory
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS - Configure - Create Subfolders"
- name: "Deployer - dnsdist - Configure - Create Subfolders"
ansible.builtin.file:
dest: '~/data/powerdns/{{ item.path }}'
dest: '/root/data/dnsdist/{{ item.path }}'
state: directory
with_filetree: './files/powerdns/'
with_filetree: './files/dnsdist/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
- name: "Deployer - dnsdist - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '~/data/powerdns/{{ item.path }}'
register: deployerTaskP1
with_filetree: './files/powerdns/'
dest: '/root/data/dnsdist/{{ item.path }}'
register: deployerTaskD1
with_filetree: './files/dnsdist/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS - Pull Image"
- name: "Deployer - dnsdist - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-auth-49
name: docker.io/powerdns/dnsdist-20
tag: latest
force: true
register: deployerTaskP2
register: deployerTaskD2
- name: "Deployer - PowerDNS - Run Container"
- name: "Deployer - dnsdist - Run Container"
containers.podman.podman_container:
name: powerdns
image: docker.io/powerdns/pdns-auth-49:latest
name: dnsdist
image: docker.io/powerdns/dnsdist-20:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "~/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
- "/root/data/dnsdist/config.conf:/etc/dnsdist/dnsdist.conf:ro"
tty: yes
interactive: yes
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
- (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined or (deployerTaskD2 is defined and deployerTaskD2.changed) or deployerTaskD2 is undefined
tags:
- powerdns
- dnsdist
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-authorative/"
state: directory
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-authorative/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-authorative/{{ item.path }}'
register: deployerTaskPA1
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-auth-50
tag: latest
register: deployerTaskPA2
- name: "Deployer - PowerDNS Authorative - Run Container"
containers.podman.podman_container:
name: powerdns-authorative
image: docker.io/powerdns/pdns-auth-50:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-authorative/config.conf:/etc/powerdns/pdns.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPA1 is defined and deployerTaskPA1.changed) or deployerTaskPA1 is undefined or (deployerTaskPA2 is defined and deployerTaskPA2.changed) or deployerTaskPA2 is undefined
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-recursor/"
state: directory
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-recursor/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-recursor/{{ item.path }}'
register: deployerTaskPR1
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-recursor-52
tag: latest
register: deployerTaskPR2
- name: "Deployer - PowerDNS Recursor - Run Container"
containers.podman.podman_container:
name: powerdns-recursor
image: docker.io/powerdns/pdns-recursor-52:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-recursor/config.conf:/etc/powerdns/recursor.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPR1 is defined and deployerTaskPR1.changed) or deployerTaskPR1 is undefined or (deployerTaskPR2 is defined and deployerTaskPR2.changed) or deployerTaskPR2 is undefined
tags:
- powerdns-recursor
- dns
- name: "Deployer - Nginx - Configure - Create Folder"
ansible.builtin.file:
path: "~/data/nginx/"
path: "/root/data/nginx/"
state: directory
tags:
- nginx
- www
- name: "Deployer - Nginx - Configure - Create Subfolders"
ansible.builtin.file:
dest: '~/data/nginx/{{ item.path }}'
dest: '/root/data/nginx/{{ item.path }}'
state: directory
with_filetree: './files/nginx/'
loop_control:
@@ -277,11 +450,12 @@
- item.state == 'directory'
tags:
- nginx
- www
- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '~/data/nginx/{{ item.path }}'
dest: '/root/data/nginx/{{ item.path }}'
register: deployerTaskN1
with_filetree: './files/nginx/'
loop_control:
@@ -290,12 +464,12 @@
- item.state == 'file'
tags:
- nginx
- www
- name: "Deployer - Nginx - Pull Image"
containers.podman.podman_image:
name: docker.io/library/nginx
tag: latest
force: true
register: deployerTaskN2
- name: "Deployer - Nginx - Run Container"
@@ -315,3 +489,4 @@
- (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined
tags:
- nginx
- www

93
tasks/installer.yml
View File

@@ -12,14 +12,14 @@
- "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
- name: "Init : Python 3 : Configure - Virtual Environment : Test"
ansible.builtin.raw: "~/.venv/ansible/bin/pip3"
ansible.builtin.raw: "/root/.venv/ansible/bin/pip3"
register: task632
changed_when: false
failed_when: false
- name: "Init : Python 3 : Configure - Virtual Environment : Delete"
ansible.builtin.file:
path: "~/.venv/ansible"
path: "/root/.venv/ansible"
state: absent
when:
- "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
@@ -29,7 +29,7 @@
name: pip
state: latest
extra_args: --upgrade
virtualenv: ~/.venv/ansible
virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv"
- name: "Installer : Tools : Install"
@@ -50,15 +50,49 @@
- pkg-config
- etckeeper
- picocom
- vlan
loop: "{{ packages }}"
loop_control:
label: "{{ package }}"
loop_var: "package"
- name: "Installer : Network : Configure"
- name: "Installer : Issue : Configure - Copy File"
ansible.builtin.template:
src: './files/network/interfaces'
src: './files/issue'
dest: '/etc/{{ file }}'
vars:
files:
- "issue"
- "issue.net"
loop: "{{ files }}"
loop_control:
label: "{{ file }}"
loop_var: "file"
tags:
- issue
- name: "Installer : Motd : Configure - Copy File"
ansible.builtin.template:
src: './files/motd'
dest: '/etc/motd'
tags:
- motd
- name: "Installer : Networking : Configure - Copy Configuration"
ansible.builtin.template:
src: './files/networking/interfaces'
dest: '/etc/network/interfaces'
tags:
- networking
- network
- name: "Installer : Networking : Start - Restart Service"
ansible.builtin.systemd_service:
name: networking
state: restarted
tags:
- networking
- network
- name: "Installer : FirewallD : Dependencies - Packages"
ansible.builtin.apt:
@@ -66,17 +100,26 @@
- python3-firewall
- iptables
state: latest
tags:
- firewalld
- firewall
- name: "Installer : FirewallD : Install"
ansible.builtin.apt:
name: "firewalld"
state: latest
tags:
- firewalld
- firewall
- name: "Installer : FirewallD : Start"
ansible.builtin.systemd_service:
name: firewalld
state: started
enabled: true
tags:
- firewalld
- firewall
- name: "Installer : FirewallD : Rules"
ansible.posix.firewalld:
@@ -90,34 +133,37 @@
- http
- https
- ssh
- dhcp
- dns
loop: "{{ services }}"
loop_control:
label: "{{ service }}"
loop_var: "service"
tags:
- firewalld
- firewall
- name: "Installer - Ansible - Python Library"
ansible.builtin.pip:
name: ansible
state: latest
extra_args: --upgrade
virtualenv: ~/.venv/ansible
virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv"
tags:
- ansible
- name: "Installer : Ansible : Create Folder"
ansible.builtin.file:
path: ~/bin
path: /root/bin
state: directory
tags:
- ansible
- name: "Installer : Ansible : Create Symbolic Links"
ansible.builtin.file:
src: ~/.venv/ansible/bin/{{ binary }}
dest: ~/bin/{{ binary }}
src: /root/.venv/ansible/bin/{{ binary }}
dest: /root/bin/{{ binary }}
state: link
vars:
binaries:
@@ -139,12 +185,12 @@
tags:
- ansible
- name: "Installer - Ansible - Dependencies / Python Libraries"
- name: "Installer - Ansible - Dependencies - Python Libraries"
ansible.builtin.pip:
name: "{{ library }}"
state: latest
extra_args: --upgrade
virtualenv: ~/.venv/ansible
virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv"
vars:
libraries:
@@ -158,16 +204,27 @@
loop_control:
label: "{{ library }}"
loop_var: "library"
tags:
- ansible
- name: "Installer : MariaDB : Dependencies / Python Library : pymysql"
- name: "Installer : MariaDB : Dependencies - Python Library : pymysql"
ansible.builtin.pip:
name: pymysql
state: latest
extra_args: --upgrade
virtualenv: ~/.venv/ansible
virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv"
tags:
- mariadb
- database
- name: "Installer : MariaDB : Dependencies - Package : mariadb-client"
ansible.builtin.apt:
name: "mariadb-client"
state: latest
tags:
- mariadb
- database
- name: "Installer : Podman : Install"
ansible.builtin.apt:
@@ -178,13 +235,15 @@
- buildah
- slirp4netns
state: latest
tags:
- podman
- name: "Installer : Schedule : Maintenance"
ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
hour: "*/3"
minute: "0"
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance"
tags:
- cron
@@ -192,6 +251,6 @@
ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Deployer"
minute: "*/5"
job: "~/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d ~/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key ~/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file ~/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer"
tags:
- cron

6
tasks/maintenance.yml
View File

@@ -4,7 +4,7 @@
name: "{{ library }}"
state: latest
extra_args: --upgrade
virtualenv: ~/.venv/ansible
virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv"
vars:
libraries:
@@ -24,7 +24,7 @@
name: ansible
state: latest
extra_args: --upgrade
virtualenv: ~/.venv/ansible
virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv"
- name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
@@ -32,7 +32,7 @@
name: pymysql
state: latest
extra_args: --upgrade
virtualenv: ~/.venv/ansible
virtualenv: /root/.venv/ansible
virtualenv_command: "python3 -m venv"
- name: "Maintenance : Podman : Prune"