cwchristerw/tjas-infra
1
0
Fork 0
mirror of https://github.com/cwchristerw/tjas-infra synced 2025-09-05 19:43:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cwchristerw:master
Branches Tags
cwchristerw:master
..
compare: cwchristerw:b059214c0aaed8a286cf3ec4602594dc31be9249
Branches Tags
cwchristerw:master

3 Commits
master ... b059214c0a

Author SHA1 Message Date
Christer Warén
b059214c0a Update data directory location to be static in root user directory 2025-08-06 15:57:26 +03:00
Christer Warén
72af6d2110 Update DHCP server configuration 2025-08-06 15:51:31 +03:00
Christer Warén
587d9032ac Update network device configurations to INSTRUCTIONS.md 2025-08-06 15:28:04 +03:00
25 changed files with 434 additions and 1087 deletions
Expand all files Collapse all files

1
.vscode/settings.json vendored
View File

@@ -1,5 +1,6 @@
{
"files.trimTrailingWhitespace": true,
"files.insertFinalNewline": true,
"files.trimFinalNewlines": true,
"editor.renderFinalNewline": false
}

247
INSTRUCTIONS.md
View File

@@ -1,28 +1,7 @@
#Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS Niinisalo
## PVJJK 1.VOS TJAS - Infra
### Ylläpitäjän ohjeet
**Työaseman asennus**
1. Asenna Windows Subsystem for Linux vaihtoehtoisista järjestelmäominaisuuksista.
2. Käynnistä työasema uudelleen
3. Asenna Debian käyttöjärjestelmä
1. Avaa Powershell järjestelmänvalvojana
2. Suorita asennuskomento `wsl --install -d Debian`
3. Aseta käyttäjätunnukseksi `asentaja` ja salasanaksi sama kuin työaseman Windows käyttäjän salasana.
4. Vaihda isännän nimi
1. Lisää Network kohtaan tai luo Network kohta `echo "[network]" > /etc/wsl.conf`
2. Lisää isännän nimi `echo "hostname = argo.aito.tjas" > /etc/wsl.conf`
3. Lisää Hosts tiedoston generointi `echo "generateHosts = true" > /etc/wsl.conf`
5. Sulje ikkuna
4. Aseta Debian oletusarvoiseksi käyttöjärjestelmäksi ja käynnistä se uudelleen
1. Avaa Powershell järjestelmänvalvojana
2. Vaihda oletusarvoinen käyttöjärjestelmä `wsl --set-default Debian`
3. Käynnistä uudelleen käyttöjärjestelmä `wsl -t Debian`
4. Sulje ikkuna
6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
7. Asenna curl-paketti käyttämällä APT-paketinhallintaa `sudo apt update && sudo apt install curl`
8. Lataa ja suorita Init.sh skripti `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
**Palvelimen asennus**
1. Asenna Debian-käyttöjärjestelmä
2. Asenna curl-paketti käyttämällä APT-paketinhallintaa `apt update && apt install curl`
@@ -35,12 +14,12 @@
r1.net.tjas
```
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
!
hostname r1.net.tjas
!
boot-start-marker
@@ -83,35 +62,27 @@ interface FastEthernet0/1.10
description "TINU - INTERNET"
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.224
ip access-group 10 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.20
description "JUVA - INTRA"
encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.224
ip access-group 20 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.30
description "AITO - TOIMISTO"
encapsulation dot1Q 30
ip address 192.168.3.1 255.255.255.224
ip access-group 30 out
ip helper-address 192.168.2.10
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.69
description "SIVE - HALLINTA"
encapsulation dot1Q 69
ip address 192.168.69.1 255.255.255.192
ip access-group 69 in
ip access-group 69 out
ip helper-address 192.168.69.20
no snmp trap link-status
!
@@ -123,48 +94,15 @@ interface GigabitEthernet0/0/0
ip classless
!
ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.31
access-list 1 permit 192.168.2.0 0.0.0.31
access-list 1 permit 192.168.3.0 0.0.0.31
access-list 10 deny 192.168.0.0 0.0.255.255
access-list 10 permit any
access-list 20 permit 192.168.2.0 0.0.0.31
access-list 20 deny 192.168.0.0 0.0.255.255
access-list 20 permit any
access-list 30 permit 192.168.2.10
access-list 30 permit 192.168.3.0 0.0.0.31
access-list 30 deny 192.168.0.0 0.0.255.255
access-list 30 permit any
access-list 69 permit 192.168.69.0 0.0.0.63
!
control-plane
!
banner motd ^C
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
r1.net.tjas
^C
!
line con 0
line aux 0
line vty 0 4
password ********
password TJAS1234
login
!
scheduler allocate 20000 1000
@@ -175,13 +113,11 @@ end
s1.net.tjas
```
hostname "s1.net.tjas"
ip default-gateway 192.168.1.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 4-52
untagged 1-52
ip address dhcp-bootp
no untagged 1-3
exit
vlan 10
name "TINU"
@@ -204,24 +140,6 @@ vlan 69
tagged 1-3
exit
ip authorized-managers 192.168.69.20 255.255.255.255
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s1.net.tjas
"
ip ssh
password manager
```
@@ -229,83 +147,16 @@ password manager
s2.net.tjas
```
hostname "s2.net.tjas"
interface 3
disable
exit
interface 4
disable
exit
interface 5
disable
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
interface 13
disable
exit
interface 14
disable
exit
interface 15
disable
exit
interface 16
disable
exit
interface 17
disable
exit
interface 18
disable
exit
interface 19
disable
exit
interface 20
disable
exit
interface 21
disable
exit
interface 22
disable
exit
interface 23
disable
exit
interface 24
disable
exit
ip default-gateway 192.168.2.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 3-28
untagged 25-28
ip address dhcp-bootp
no untagged 1-2
no untagged 1-24
exit
vlan 20
name "JUVA"
untagged 3-24
untagged 2-24
ip address 192.168.2.2 255.255.255.224
tagged 1-2
exit
@@ -314,25 +165,7 @@ vlan 69
ip address 192.168.69.12 255.255.255.192
tagged 1-2
exit
ip authorized-managers 192.168.69.20
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s2.net.tjas
"
ip authorized-managers 192.168.69.20 255.255.255.255
ip ssh
password manager
```
@@ -340,40 +173,6 @@ password manager
s3.net.tjas
```
hostname "s3.net.tjas"
interface 2
disable
exit
interface 3
disable
exit
interface 4
disable
exit
interface 5
disable
exit
interface 6
disable
exit
interface 7
disable
exit
interface 8
disable
exit
interface 9
disable
exit
interface 10
disable
exit
interface 11
disable
exit
interface 12
disable
exit
ip default-gateway 192.168.3.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
@@ -383,9 +182,9 @@ vlan 1
exit
vlan 30
name "AITO"
untagged 13-24
ip address 192.168.3.2 255.255.255.224
tagged 1
tagged 1,13-24
untagged
exit
vlan 69
name "SIVE"
@@ -393,31 +192,7 @@ vlan 69
ip address 192.168.69.13 255.255.255.192
tagged 1
exit
ip authorized-managers 192.168.69.20
banner motd "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
s3.net.tjas
"
ip authorized-managers 192.168.69.20 255.255.255.255
ip ssh
password manager
```
# LÄHTEET
## ISSUE - ASCII ART
ASCII Art Generator
https://www.textmods.com/ascii-art

2
README.md
View File

@@ -1,5 +1,5 @@
# Tietojärjestelmäasentajien Infra
## PVJJK 1.VOS NIINISALO
## PVJJK 1.VOS TJAS - Infra
Infran toteutus aloitettiin vuonna 2025 ja sen on suunnitellut [Jääkäri Warén](https://christerwaren.fi).

2
ansible.cfg
View File

@@ -1,5 +1,5 @@
[defaults]
inventory = inventories/pvjjk-1vos-niinisalo
inventory = inventories/pvjjk-1vos-tjas
hash_behaviour = merge
gathering = smart
display_skipped_hosts = false

190
files/dhcp/dhcpd.conf Normal file
View File

@@ -0,0 +1,190 @@
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "intra.tjas";
option domain-name-servers 192.168.2.10;
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
#subnet 10.254.239.0 netmask 255.255.255.224 {
# range 10.254.239.10 10.254.239.20;
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
# range 10.5.5.26 10.5.5.30;
# option domain-name-servers ns1.internal.example.org;
# option domain-name "internal.example.org";
# option routers 10.5.5.1;
# option broadcast-address 10.5.5.31;
# default-lease-time 600;
# max-lease-time 7200;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
#host passacaglia {
# hardware ethernet 0:0:c0:5d:bd:95;
# filename "vmunix.passacaglia";
# server-name "toccata.example.com";
#}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
# hardware ethernet 08:00:07:26:c0:a5;
# fixed-address fantasia.example.com;
#}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
#class "foo" {
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}
#shared-network 224-29 {
# subnet 10.17.224.0 netmask 255.255.255.0 {
# option routers rtr-224.example.org;
# }
# subnet 10.0.29.0 netmask 255.255.255.0 {
# option routers rtr-29.example.org;
# }
# pool {
# allow members of "foo";
# range 10.17.224.10 10.17.224.250;
# }
# pool {
# deny members of "foo";
# range 10.0.29.10 10.0.29.230;
# }
#}
subnet 192.168.1.0 netmask 255.255.255.240 {
range 192.168.1.2 192.168.1.14;
option routers 192.168.1.1;
option broadcast-address 192.168.1.15;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.1.1;
}
host s1.net.tjas {
hardware ethernet 9c:8e:99:9b:c3:80;
fixed-address 192.168.1.2;
}
}
subnet 192.168.2.0 netmask 255.255.255.224 {
range 192.168.2.2 192.168.2.30;
option routers 192.168.2.1;
option broadcast-address 192.168.2.31;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.2.1;
}
host s2.net.tjas {
hardware ethernet 00:24:a8:f1:c7:40;
fixed-address 192.168.2.2;
}
host olympus.intra.tjas {
hardware ethernet 90:1b:0e:5b:18:fa;
fixed-address 192.168.2.10;
}
}
subnet 192.168.3.0 netmask 255.255.255.224 {
range 192.168.3.2 192.168.3.30;
option routers 192.168.3.1;
option broadcast-address 192.168.3.31;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.3.1;
}
host s3.net.tjas {
hardware ethernet 00:1f:fe:ab:9e:c0;
fixed-address 192.168.3.2;
}
}
subnet 192.168.69.0 netmask 255.255.255.192 {
range 192.168.69.2 192.168.69.62;
option broadcast-address 192.168.69.63;
host r1.net.tjas {
hardware ethernet 00:1d:46:dc:80:09;
fixed-address 192.168.69.1;
}
host s1.net.tjas {
hardware ethernet 9c:8e.99:9b:c3:80;
fixed-address 192.168.3.11;
}
host s2.net.tjas {
hardware ethernet 00:24:a8:f1:c7:40;
fixed-address 192.168.3.12;
}
host s3.net.tjas {
hardware ethernet 00:1f:fe:ab:9e:c0;
fixed-address 192.168.3.13;
}
host olympus.intra.tjas {
hardware ethernet 90:1b:0e:5b:18:fa;
fixed-address 192.168.69.20;
}
}

12
files/dnsdist/config.conf
View File

@@ -1,12 +0,0 @@
setLocal('0.0.0.0:53')
addLocal('[::]:53')
setACL({'0.0.0.0/0', '::/0'})
setECSOverride(true)
setECSSourcePrefixV4(32)
setECSSourcePrefixV6(128)
newServer({address='127.0.0.1:531', useClientSubnet=true, pool='authorative'})
newServer({ address='127.0.0.1:532', useClientSubnet=true, pool='recursor' })
addAction('tjas', PoolAction('authorative'))
addAction(AllRule(), PoolAction('recursor'))
setSecurityPollSuffix("")
setServFailWhenNoServer(true)

25
files/issue
View File

@@ -1,25 +0,0 @@
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :` `.
| | | `-'| | \| |_.' | '..`''.)
| | ,--. | | | .-. |.-._) \
| | | '-' / | | | |\ /
`--' `-----' `--' `--' `-----'
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
olympus.juva.tjas
Made by
Jääkäri Warén
https://christerwaren.fi

232
files/kea/kea-dhcp4.conf
View File

@@ -1,232 +0,0 @@
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "enp0s25.20" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea/kea4-ctrl-socket"
},
"lease-database": {
"type": "mysql",
"name": "{{ config.mariadb.users['kea'].database }}",
"user": "{{ config.mariadb.users['kea'].username }}",
"password": "{{ config.mariadb.users['kea'].password }}",
"host": "127.0.0.1",
"port": 3306
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"subnet4": [
{
"id": 1,
"subnet": "192.168.1.0/27",
"pools": [
{
"pool": "192.168.1.1 - 192.168.1.30"
}
],
"option-data": [
{
"name": "routers",
"data": "192.168.1.1"
},
{
"name": "domain-name-servers",
"data": "1.1.1.1"
},
{
"name": "domain-search",
"data": "puolustusvoimat.fi"
}
],
"user-context": {
"name": "Tinu",
"purpose": "Internet"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.1.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "9c:8e:99:9b:c3:80",
"ip-address": "192.168.1.2",
"hostname": "s1.net.tjas"
}
]
},
{
"id": 2,
"subnet": "192.168.2.0/27",
"interface": "enp0s25.20",
"pools": [
{
"pool": "192.168.2.1 - 192.168.2.30"
}
],
"option-data": [
{
"name": "routers",
"data": "192.168.2.1"
},
{
"name": "domain-name-servers",
"data": "192.168.2.10, 1.1.1.1"
},
{
"name": "domain-name",
"data": "juva.tjas"
},
{
"name": "domain-search",
"data": "juva.tjas, tjas"
}
],
"user-context": {
"name": "Juva",
"purpose": "Intra"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.2.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "00:24:a8:f1:c7:40",
"ip-address": "192.168.2.2",
"hostname": "s2.net.tjas"
},
{
"hw-address": "90:1b:0e:5b:18:fb",
"ip-address": "192.168.2.10",
"hostname": "olympus.juva.tjas"
}
]
},
{
"id": 3,
"subnet": "192.168.3.0/27",
"pools": [
{
"pool": "192.168.3.1 - 192.168.3.30"
}
],
"option-data": [
{
"name": "routers",
"data": "192.168.3.1"
},
{
"name": "domain-name-servers",
"data": "192.168.2.10"
},
{
"name": "domain-name",
"data": "aito.tjas"
},
{
"name": "domain-search",
"data": "aito.tjas, tjas"
}
],
"user-context": {
"name": "Aito",
"purpose": "Toimisto"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.3.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "00:1f:fe:ab:9e:c0",
"ip-address": "192.168.3.2",
"hostname": "s3.net.tjas"
}
]
},
{
"id": 69,
"subnet": "192.168.69.0/26",
"interface": "enp0s25.69",
"pools": [
{
"pool": "192.168.69.1 - 192.168.69.62"
}
],
"option-data": [
{
"name": "domain-name-servers",
"data": "192.168.69.20"
},
{
"name": "domain-name",
"data": "sive.tjas"
},
{
"name": "domain-search",
"data": "sive.tjas"
}
],
"user-context": {
"name": "Sive",
"purpose": "Hallinta"
},
"reservations": [
{
"hw-address": "00:1d:46:dc:80:09",
"ip-address": "192.168.69.1",
"hostname": "r1.net.tjas"
},
{
"hw-address": "9c:8e:99:9b:c3:80",
"ip-address": "192.168.69.11",
"hostname": "s1.net.tjas"
},
{
"hw-address": "00:24:a8:f1:c7:40",
"ip-address": "192.168.69.12",
"hostname": "s2.net.tjas"
},
{
"hw-address": "00:1f:fe:ab:9e:c0",
"ip-address": "192.168.69.13",
"hostname": "s3.net.tjas"
},
{
"hw-address": "90:1b:0e:5b:18:fc",
"ip-address": "192.168.69.20",
"hostname": "olympus.juva.tjas"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "stdout",
"pattern": "%-5p %m\n"
}
],
"severity": "ERROR",
"debuglevel": 0
}
]
}
}

29
files/motd
View File

@@ -1,29 +0,0 @@
_____ _ _ _ _
|_ _|_ _ _ __ __ _ ___ | |_ _| (_) ___| |_
| |/ _` | '_ \ / _` |/ _ \ _ | | | | | | |/ _ \ __|
| | (_| | | | | (_| | (_) | | |_| | |_| | | | __/ |_
|_|\__,_|_| |_|\__, |\___/ \___/ \__,_|_|_|\___|\__|
_ _ |___/ ____ _
/ \ | |_ __ | |__ __ _ / ___|(_) ___ _ __ _ __ __ _
/ _ \ | | '_ \| '_ \ / _` | \___ \| |/ _ \ '__| '__/ _` |
/ ___ \| | |_) | | | | (_| | ___) | | __/ | | | | (_| |
/_/ \_\_| .__/|_| |_|\__,_| |____/|_|\___|_| |_| \__,_|
|_|
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
olympus.juva.tjas
Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan
ylikirjoittaa automatisoidusti.
https://github.com/cwchristerw/tjas-intra

9
files/networking/interfaces → files/network/interfaces
View File

@@ -12,12 +12,7 @@ allow-hotplug enp0s25
iface enp0s25 inet dhcp
auto enp0s25.20
iface enp0s25.20 inet static
address 192.168.2.10/27
gateway 192.168.2.1
hwaddress 90:1b:0e:5b:18:fb
iface enp0s25.20 inet dhcp
auto enp0s25.69
iface enp0s25.69 inet static
address 192.168.69.20/26
hwaddress 90:1b:0e:5b:18:fc
iface enp0s25.69 inet dhcp

6
files/nginx/conf/000-default.conf
View File

@@ -37,8 +37,8 @@ server {
# http2 on;
# ssl_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-niinisalo/privkey.pem;
# ssl_certificate /etc/nginx/certs/pvjjk-1vos-tjas/fullchain.pem;
# ssl_certificate_key /etc/nginx/certs/pvjjk-1vos-tjas/privkey.pem;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ecdh_curve X25519:prime256v1:secp384r1;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
@@ -46,7 +46,7 @@ server {
# ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 180m;
# ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-niinisalo/chain.pem;
# ssl_trusted_certificate /etc/nginx/certs/pvjjk-1vos-tjas/chain.pem;
# expires off;
# etag off;

9
files/powerdns-recursor/config.conf
View File

@@ -1,9 +0,0 @@
incoming:
listen:
- 127.0.0.1:532
recursor:
forward_zones:
- zone: tjas
recurse: false
forwarders:
- 127.0.0.1:531

4
files/powerdns-authorative/config.conf → files/powerdns/config.conf
View File

@@ -1,6 +1,6 @@
local-address=0.0.0.0,::
local-port=531
default-soa-content=olympus.juva.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
local-port=53
default-soa-content=s1.intra.tjas no-reply.intra.tjas 0 10800 3600 604800 3600
launch=gmysql
gmysql-host=127.0.0.1
gmysql-port=3306

2
files/ssh/authorized_keys
View File

@@ -1,2 +1,2 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 l1.office.tjas
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw

16
files/yggdrasil/config.conf
View File

@@ -6,17 +6,11 @@
# use this section when you may connect via different interfaces.
Peers: [
{% if config.yggdrasil.peers is defined %}
#TRUSTED PEERS
{% for peer in config.yggdrasil.peers %}
{% if peer.name is defined and peer.address is defined and peer.address is defined %}
#{{ peer.name }}
"{{ peer.address }}"{% if not loop.last %},{% endif %}
{% endif %}
{% endfor %}
{% endif %}
#TRUSTED PEERS - Waren Group
#aurora.devices.waren.io
#201:361f:bbfb:7210:c5b8:3f74:a285:adb9
"tls://[2a01:4f9:2a:60c::2]:18836",
"tls://95.216.5.243:18836",
]
# List of connection strings for static peers in URI format, arranged

61
init.sh
View File

@@ -4,74 +4,63 @@ if [ ! "$BASH_VERSION" ] ; then
exit 1
fi
underline=`tput smul`
nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
ti-header(){
echo ${bold}$1${normal}
echo $(tput bold)$1$(tput sgr0)
}
echo "${bold}"
echo "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.)
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
==============================
PVJJK 1.VOS TJAS - Infra
Init Script
------------------------------
"
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
INIT SCRIPT
"
echo -n "${normal}"
stop () {
echo "
==============================
"
exit 1
}
ti-header "Haetaan pakettien tiedot..."
sudo apt update
apt update
echo -e "\n\n"
ti-header "Asennetaan PVJJK 1.VOS TJAS Infran riippuvuudet APT-paketinhallinnalla..."
sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release
apt-get install -y python3-pip python3-venv jq git curl lsb-release
echo -e "\n\n"
mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
mkdir -p /root/.ssh/keys/pvjjk-1vos-tjas &> /dev/null
if [[ ! -f /root/.ssh/keys/pvjjk-1vos-tjas/infra ]]
then
ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
ssh-keygen -f /root/.ssh/keys/pvjjk-1vos-tjas/infra -t ed25519 -N '' -C $(hostname --fqdn)
echo -e "\n\n"
fi
ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
python3 -m venv $HOME/.venv/ansible
python3 -m venv /root/.venv/ansible
echo -e "\n\n"
ti-header "Asennetaan Ansiblen riippuvuudet..."
$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
/root/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
echo -e "\n\n"
ti-header "Asennetaan Ansible..."
$HOME/.venv/ansible/bin/pip3 install ansible
/root/.venv/ansible/bin/pip3 install ansible
echo -e "\n\n"
ti-header "Asennetaan Ansible kokoelmat..."
$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
/root/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
echo -e "\n\n"
ti-header "Lisää SSH-avain Infra-repon käyttöön..."
cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
cat /root/.ssh/keys/pvjjk-1vos-tjas/infra.pub
echo -n "Onko avain lisätty Github-repoon? [K/E]"
while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -80,8 +69,8 @@ do
done
echo -e "\n\n"
mkdir -p $HOME/.ansible/vault &> /dev/null
if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]]
mkdir -p /root/.ansible/vault &> /dev/null
if [[ ! -f /root/.ansible/vault/pvjjk-1vos-tjas ]]
then
ti-header "Syötä Ansible Vaultin salasana..."
echo -n "Salasana: "
@@ -91,14 +80,14 @@ then
if [[ ! -z $VAULT_PASSWORD ]]
then
echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo
echo "$VAULT_PASSWORD" > /root/.ansible/vault/pvjjk-1vos-tjas
fi
done
echo -e "\n\n"
fi
ti-header "Suoritetaan Infran asennus..."
$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t installer
echo -e "\n\n"
echo "

6
inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo
View File

@@ -1,6 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30383633646132396336336135366264386137643166376336666261316465346632353333616361
3134623361333633653666313035633536396662613234320a386239373636623061383331663438
64366431613763376239613036633365346266643163396331653237313662346231623731373530
6630653939373762380a363939383862623336666361303032653431356139383766663331656335
3438

6
inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas
View File

@@ -1,6 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
37353031396164353032396635313539613734613432323435383137303835383439663439363337
6230323066313361383061633932616230363465326239640a333739323064653263336337633639
64343833623362323734363239653866383037313331613738653133636364623237326637313232
3462636261386230380a313634313965343733616137663532623965393835306562633635633831
3166

51
inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas
View File

@@ -1,51 +0,0 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
30386163316331336461633036653363613064366361653938616138353736366463643664393933
6533383232616130626431353164663738346630616465300a393062663634356566656562646137
36623535313932316262663064366535616565386436653761336463323163646439656563303262
6531373030393264310a623933386234306532643664363335386231626664643531656433323731
30373237626531336431343965313239616339356162383262313363363262613463303236643734
62303636646232383235316137393634626235386662616339343231626661376331396138343361
31663630306431653532666463326536636365663163663162643136366363333638333930373234
36306166366533636562363063336436333465393231316363343864373335646437373561353538
31613162643664633435363831326230373635313165633566323135303263323034636265393163
62373234613334393261356464643262616132343963383165303534346335373634396161383532
31623330373935613866336135323038343030353865373863633562303134613662353762376134
61653035313965316134666534366435663333386235636266376164663731646365626135613166
39333934653563623966366466613436313635313537363337386133356433356336303938333366
66653735636462383666396332656333666234333435333062356338383034656637323438316134
62386136663962336232623663666438333931376561303964636563306664313134373338303339
32313635643136396365383834343438633463366262366330653034333332653038356331346566
30336164393136383434646636376239656162643734643735306436303961326565346566333461
33383861356537656262646131386134303165636632343134383264353466316633663732396334
33373664633239396234366534636365346631643063373836666233626565626234363433313866
31663464346264393731623364373035616134376430333764383836353132386339636537326637
36366662333336373633653330353939396239623037653862393932373932353834373339373934
61663338666164663235653337336238626462653336313532643131383638336535376232303465
64363530393065383639663731383036613338343436313937663162643434323835353363653738
62613139343934656135313832323532623263653038353166313531643036303538613436323664
33356434623633643462326564383263323833376165366536633264656366353137316265653534
36656561353634626330636363636133356265306336623737643961663061343630383330386538
63636434303066646261636338323563373663323835386563393539616663636139356536393462
37363766356138616232333162666562333261626661646538613862306264336636396562313665
35373266366134623263663363376630343263623335666663396438663238636534393130623134
36653465383763646563386361636530393366323538336532393661306362346333353661303334
32633966303964383861653365626332316135373731393935313262383164346233353765396561
33323864306336353732623937386235646366663764653965633764643864366331666262386639
66326335326562646630346435663533313335373034663565333839323961383366643263356133
64303030366263356231343530343566623935306431653866613165393633643835653330666436
38663535373666333763386436646337656133303262396237663931323864336630646466306462
65656536336533343065316637613034626333343837616363376263636635363866383638393234
39373030663230383865396131363638376537363362666439636235626461303930396464313532
63306136613265636438333764646465306565333435666233656534656538646465636263363433
37356131353530363665336564386264616235613564363065356234336537363561313666653637
35336638623730633735643465316164323739316636353762653965633831626561313532626139
62303933376637376334666362306133383035376561333361326338663762363230303533363632
62383539626263363636636164366139306666333165636130323765643532363338656261396135
36336664656335383561643637383066653531303236323765356666343765616134343036313538
34623935616531323536383565313238333564613635343332303238626534613337353430303864
30383131346163636335363563656465316263316439646530663665386636393261386536306265
34656230643662653665383730396335646562306161663233353835666131633730663237336434
62643631653738633638366133396364623837343138613765616362633262333333646639396637
36386533386439623866346335376164336439366133643266663938643333383836346538636536
35376335306435616236323163616163656366366630656535393233643966313166346530383365
3630646439643335393964313862363134396566636661643666

34
inventories/pvjjk-1vos-tjas/host_vars/olympus.intra.tjas Normal file
View File

@@ -0,0 +1,34 @@
$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-tjas
33376562363863333566646437313135363332623231643964346461613335623062303161643566
3038343664303937646664393536356463633966613633320a626663353131613163316234316433
31323230383964383634636338333836613264613064316664616537313934303830303166386633
6363653364646434360a633235636339336531666234666134666166653539623634343363643161
33656438306262356132346163626566656166653333643465366136653465373535353838383439
64626663376536633834336564663665353632393537326366313130633330646562666238353936
30363230323330316534343165373433663036393866626438613035636339616164303761333135
65316437663663663764663463333833663937346636383364303366393264393061383164353533
33323230383464313565316134346334343565643331653333316437396461633133323662626635
61633362303261643039313566616537316333346562366165373961383734663934653236663934
39653261663730373136363130626332303836636362613661306164643361363062353864393465
66383833653261383562313939656465623736656132383530313739313264356335616631613864
30373338346563346361383462336338303235306139346530363665376335363230386232323734
61316463656135356431313236613132323937303533356433376633626462303632616462663730
30313163306233616164306136643032393839353230373439653363323863383266363432356438
35366361623731353934646230333165636635346166366530633863343936393138306534343563
65396136656438613931313965396638353333313962663133663632613430396331656230356264
66343731396534633761323863303936323937306334366539346264373936663231613961313637
65306161356539366234613131386565343666653133363635336335316263663431373837636636
63633232623733343932363862366233326666626164313330353830383563316533636539636263
35386339393663623739623663396333643662343031363530343738663833663166313632376433
63303861633063333365306137373739633030393133333733636266306237383034653635396664
32373831636435613235623862613037663838333731386336656665646634373339626637653661
30343435323934626538353631383533363163633662326263646364383437383961656136626664
61306662646435343538333737386535623763376566373833393133353030346563326136383435
66363838343539383462313933366531333339333032363530636235633461316162643065313333
36633338326530653336353030363536363932663038373337653766373630313237343536323762
66633137383631333333386532303864633930663031653639373438643564613338646463623963
31323366373330346430393435393638363032613864633334303138363765363162613638346234
31633831313535373862646132616562623532303266623666333164613638646339643838333839
31623533393830353234303664313662373737373139323035366430646266393939626333376136
33346432356339323732393864363838656430633035303864636436393066393531333030636337
61333432666539333534383663313964636433306161353465346366333766623138

5
inventories/pvjjk-1vos-niinisalo/hosts.yml → inventories/pvjjk-1vos-tjas/hosts.yml
View File

@@ -1,7 +1,6 @@
---
pvjjk_1vos_niinisalo:
pvjjk_1vos_tjas:
hosts:
argo.aito.tjas:
olympus.juva.tjas:
olympus.intra.tjas:
vars:
ansible_python_interpreter: /usr/bin/python3

50
protect.sh
View File

@@ -5,37 +5,23 @@ nounderline=`tput rmul`
bold=$(tput bold)
normal=$(tput sgr0)
echo "${bold}"
echo "
.-') _ ('-. .-')
( OO) ) ( OO ).-. ( OO ).
/ '._ ,--. / . --. /(_)---\_)
|'--...__) .-')| ,| | \-. \ / _ |
'--. .--'( OO |(_|.-'-' | |\ :\` \`.
| | | \`-'| | \| |_.' | '..\`''.)
| | ,--. | | | .-. |.-._) \\
| | | '-' / | | | |\ /
\`--' \`-----' \`--' \`--' \`-----'
"
echo "
PVJJK 1.VOS NIINISALO
TIETOJÄRJESTELMÄASENTAJIEN INTRA
PROTECT SCRIPT
"
echo -n "${normal}"
echo "${bold}PVJJK 1.VOS TJAS / Infra / Protect${normal}"
action=$1
encrypt() {
execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
echo "${underline}Encrypting...${nounderline}"
execute "ansible-vault encrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
}
decrypt() {
execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
echo "${underline}Decrypting...${nounderline}"
execute "ansible-vault decrypt --vault-id pvjjk-1vos-tjas@vault/pvjjk-1vos-tjas"
}
list() {
echo "${underline}Listing...${nounderline}"
i=0
for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
@@ -43,8 +29,7 @@ list() {
}
execute() {
i=0
for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
for file in inventories/*/group_vars/* inventories/*/host_vars/*;
do
i=$((i + 1))
echo $i")"$file
@@ -55,23 +40,18 @@ for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
case $action in
encrypt)
echo "${underline}Encrypting...${nounderline}"
encrypt pvjjk-1vos-niinisalo
encrypt
;;
decrypt)
echo "${underline}Decrypting...${nounderline}"
decrypt pvjjk-1vos-niinisalo
decrypt
;;
list)
echo "${underline}Listing...${nounderline}"
list pvjjk-1vos-niinisalo
list
;;
help)
echo "encrypt, decrypt, list"
;;
*)
echo "${underline}HELP${nounderline}"
echo "encrypt - Encrypt Files"
echo "decrypt - Decrypt Files"
echo "list - List Files"
echo "..."
;;
esac
echo -e "\n\n\n"

6
tasks.yml
View File

@@ -10,8 +10,6 @@
import_tasks: tasks/installer.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- installer
- never
@@ -20,8 +18,6 @@
import_tasks: tasks/maintenance.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- maintenance
- never
@@ -30,8 +26,6 @@
import_tasks: tasks/deployer.yml
vars:
ansible_python_interpreter: "{{ ansible_facts.user_dir }}/.venv/ansible/bin/python3"
when:
- inventory_hostname == "olympus.juva.tjas"
tags:
- deployer
- never

275
tasks/deployer.yml
View File

@@ -58,6 +58,7 @@
containers.podman.podman_image:
name: docker.io/library/golang
tag: alpine
force: true
register: deployerTaskY2
- name: "Deployer - Yggdrasil - Clone Repository"
@@ -66,9 +67,9 @@
dest: ".cache/git/yggdrasil"
register: deployerTaskY3
- name: "Deployer - Yggdrasil - Build Image"
- name: "Deployer - Yggdrasil - Pull Image"
containers.podman.podman_image:
name: pvjjk-1vos-niinisalo/yggdrasil
name: pvjjk-1vos-tjas/nginx
tag: latest
path: "/root/data/yggdrasil"
build:
@@ -79,7 +80,7 @@
- name: "Deployer - Yggdrasil - Run Container"
containers.podman.podman_container:
name: yggdrasil
image: pvjjk-1vos-niinisalo/yggdrasil:latest
image: pvjjk-1vos-tjas/nginx:latest
state: started
recreate: on
network: host
@@ -95,18 +96,40 @@
tags:
- yggdrasil
# - name: "Deployer - DHCP - Install"
# ansible.builtin.apt:
# name:
# - isc-dhcp-server
# state: latest
# - name: "Deployer - DHCP - Config"
# ansible.builtin.template:
# src: './files/dhcp/dhcpd.conf'
# dest: '/etc/dhcp/dhcpd.conf'
# register: deployerTaskD1
# tags:
# - dhcp
# - name: "Deployer : DHCP : Restart"
# ansible.builtin.systemd_service:
# name: isc-dhcp-server
# state: restarted
# enabled: true
# when:
# - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined
- name: "Deployer - MariaDB - Create Folder"
ansible.builtin.file:
path: /root/data/mariadb
state: directory
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Pull Image"
containers.podman.podman_image:
name: docker.io/library/mariadb
tag: latest
force: true
register: deployerTaskM1
- name: "Deployer - MariaDB - Run Container"
@@ -126,7 +149,6 @@
- (deployerTaskM1 is defined and deployerTaskM1.changed) or deployerTaskM1 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Wait"
ansible.builtin.wait_for:
@@ -137,7 +159,6 @@
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Upgrade"
containers.podman.podman_container_exec:
@@ -150,7 +171,6 @@
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Create Users"
community.mysql.mysql_user:
@@ -167,14 +187,8 @@
loop_var: "user"
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
- config.mariadb.users is defined
- config.mariadb.users[user] is defined
- config.mariadb.users[user].username is defined
- config.mariadb.users[user].password is defined
- config.mariadb.users[user].database is defined
tags:
- mariadb
- database
- name: "Deployer - MariaDB - Create Database"
community.mysql.mysql_db:
@@ -188,248 +202,62 @@
loop_var: "user"
when:
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
- config.mariadb.users is defined
- config.mariadb.users[user] is defined
- config.mariadb.users[user].username is defined
- config.mariadb.users[user].password is defined
- config.mariadb.users[user].database is defined
tags:
- mariadb
- database
- name: "Deployer - Kea - Install"
ansible.builtin.apt:
name:
- kea
state: latest
- name: "Deployer - Kea - Configure - DHCP4"
ansible.builtin.template:
src: './files/kea/kea-dhcp4.conf'
dest: '/etc/kea/kea-dhcp4.conf'
register: deployerTaskK1
tags:
- kea
- dhcp
- name: "Deployer - Kea - Configure - Database : Init"
ansible.builtin.command:
cmd: "/usr/sbin/kea-admin db-init mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
register: deployerTaskK2
changed_when:
- deployerTaskK2.stdout.find('Initializing database') != -1
failed_when:
- deployerTaskK2.stdout.find('ERROR') != -1
- deployerTaskK2.stdout.find('Expected empty database kea.') == -1
tags:
- kea
- dhcp
- name: "Deployer - Kea - Configure - Database : Upgrade"
ansible.builtin.command:
cmd: "/usr/sbin/kea-admin db-upgrade mysql -h 127.0.0.1 -n {{ config.mariadb.users['kea'].database }} -u {{ config.mariadb.users['kea'].username }} -p {{ config.mariadb.users['kea'].password }}"
tags:
- kea
- dhcp
- name: "Deployer : Kea : Restart"
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: restarted
when:
- (deployerTaskK1 is defined and deployerTaskK1.changed) or deployerTaskK1 is undefined or (deployerTaskK2 is defined and deployerTaskK2.changed) or deployerTaskK2 is undefined
tags:
- kea
- dhcp
- name: "Deployer : Kea : Start"
ansible.builtin.systemd_service:
name: kea-dhcp4-server
state: started
tags:
- kea
- dhcp
- name: "Deployer - dnsdist - Configure - Create Folder"
- name: "Deployer - PowerDNS - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/dnsdist/"
path: "/root/data/powerdns/"
state: directory
tags:
- dnsdist
- dns
- powerdns
- name: "Deployer - dnsdist - Configure - Create Subfolders"
- name: "Deployer - PowerDNS - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/dnsdist/{{ item.path }}'
dest: '/root/data/powerdns/{{ item.path }}'
state: directory
with_filetree: './files/dnsdist/'
with_filetree: './files/powerdns/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- dnsdist
- dns
- powerdns
- name: "Deployer - dnsdist - Configure - Generating & Transferring Files"
- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/dnsdist/{{ item.path }}'
register: deployerTaskD1
with_filetree: './files/dnsdist/'
dest: '/root/data/powerdns/{{ item.path }}'
register: deployerTaskP1
with_filetree: './files/powerdns/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- dnsdist
- dns
- powerdns
- name: "Deployer - dnsdist - Pull Image"
- name: "Deployer - PowerDNS - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/dnsdist-20
name: docker.io/powerdns/pdns-auth-49
tag: latest
register: deployerTaskD2
force: true
register: deployerTaskP2
- name: "Deployer - dnsdist - Run Container"
- name: "Deployer - PowerDNS - Run Container"
containers.podman.podman_container:
name: dnsdist
image: docker.io/powerdns/dnsdist-20:latest
name: powerdns
image: docker.io/powerdns/pdns-auth-49:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/dnsdist/config.conf:/etc/dnsdist/dnsdist.conf:ro"
tty: yes
interactive: yes
capabilities:
- NET_BIND_SERVICE
- /root/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
when:
- (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined or (deployerTaskD2 is defined and deployerTaskD2.changed) or deployerTaskD2 is undefined
- (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
tags:
- dnsdist
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-authorative/"
state: directory
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-authorative/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-authorative/{{ item.path }}'
register: deployerTaskPA1
with_filetree: './files/powerdns-authorative/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Authorative - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-auth-50
tag: latest
register: deployerTaskPA2
- name: "Deployer - PowerDNS Authorative - Run Container"
containers.podman.podman_container:
name: powerdns-authorative
image: docker.io/powerdns/pdns-auth-50:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-authorative/config.conf:/etc/powerdns/pdns.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPA1 is defined and deployerTaskPA1.changed) or deployerTaskPA1 is undefined or (deployerTaskPA2 is defined and deployerTaskPA2.changed) or deployerTaskPA2 is undefined
tags:
- powerdns-authorative
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Folder"
ansible.builtin.file:
path: "/root/data/powerdns-recursor/"
state: directory
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Create Subfolders"
ansible.builtin.file:
dest: '/root/data/powerdns-recursor/{{ item.path }}'
state: directory
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Configure - Generating & Transferring Files"
ansible.builtin.template:
src: '{{ item.src }}'
dest: '/root/data/powerdns-recursor/{{ item.path }}'
register: deployerTaskPR1
with_filetree: './files/powerdns-recursor/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- powerdns-recursor
- dns
- name: "Deployer - PowerDNS Recursor - Pull Image"
containers.podman.podman_image:
name: docker.io/powerdns/pdns-recursor-52
tag: latest
register: deployerTaskPR2
- name: "Deployer - PowerDNS Recursor - Run Container"
containers.podman.podman_container:
name: powerdns-recursor
image: docker.io/powerdns/pdns-recursor-52:latest
state: started
recreate: on
network: host
restart_policy: always
volumes:
- "/root/data/powerdns-recursor/config.conf:/etc/powerdns/recursor.conf:ro"
capabilities:
- NET_BIND_SERVICE
when:
- (deployerTaskPR1 is defined and deployerTaskPR1.changed) or deployerTaskPR1 is undefined or (deployerTaskPR2 is defined and deployerTaskPR2.changed) or deployerTaskPR2 is undefined
tags:
- powerdns-recursor
- dns
- powerdns
- name: "Deployer - Nginx - Configure - Create Folder"
ansible.builtin.file:
@@ -437,7 +265,6 @@
state: directory
tags:
- nginx
- www
- name: "Deployer - Nginx - Configure - Create Subfolders"
ansible.builtin.file:
@@ -450,7 +277,6 @@
- item.state == 'directory'
tags:
- nginx
- www
- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
ansible.builtin.template:
@@ -464,12 +290,12 @@
- item.state == 'file'
tags:
- nginx
- www
- name: "Deployer - Nginx - Pull Image"
containers.podman.podman_image:
name: docker.io/library/nginx
tag: latest
force: true
register: deployerTaskN2
- name: "Deployer - Nginx - Run Container"
@@ -489,4 +315,3 @@
- (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined
tags:
- nginx
- www

75
tasks/installer.yml
View File

@@ -50,49 +50,15 @@
- pkg-config
- etckeeper
- picocom
- vlan
loop: "{{ packages }}"
loop_control:
label: "{{ package }}"
loop_var: "package"
- name: "Installer : Issue : Configure - Copy File"
- name: "Installer : Network : Configure"
ansible.builtin.template:
src: './files/issue'
dest: '/etc/{{ file }}'
vars:
files:
- "issue"
- "issue.net"
loop: "{{ files }}"
loop_control:
label: "{{ file }}"
loop_var: "file"
tags:
- issue
- name: "Installer : Motd : Configure - Copy File"
ansible.builtin.template:
src: './files/motd'
dest: '/etc/motd'
tags:
- motd
- name: "Installer : Networking : Configure - Copy Configuration"
ansible.builtin.template:
src: './files/networking/interfaces'
src: './files/network/interfaces'
dest: '/etc/network/interfaces'
tags:
- networking
- network
- name: "Installer : Networking : Start - Restart Service"
ansible.builtin.systemd_service:
name: networking
state: restarted
tags:
- networking
- network
- name: "Installer : FirewallD : Dependencies - Packages"
ansible.builtin.apt:
@@ -100,26 +66,17 @@
- python3-firewall
- iptables
state: latest
tags:
- firewalld
- firewall
- name: "Installer : FirewallD : Install"
ansible.builtin.apt:
name: "firewalld"
state: latest
tags:
- firewalld
- firewall
- name: "Installer : FirewallD : Start"
ansible.builtin.systemd_service:
name: firewalld
state: started
enabled: true
tags:
- firewalld
- firewall
- name: "Installer : FirewallD : Rules"
ansible.posix.firewalld:
@@ -133,15 +90,12 @@
- http
- https
- ssh
- dhcp
- dns
loop: "{{ services }}"
loop_control:
label: "{{ service }}"
loop_var: "service"
tags:
- firewalld
- firewall
- name: "Installer - Ansible - Python Library"
ansible.builtin.pip:
@@ -185,7 +139,7 @@
tags:
- ansible
- name: "Installer - Ansible - Dependencies - Python Libraries"
- name: "Installer - Ansible - Dependencies / Python Libraries"
ansible.builtin.pip:
name: "{{ library }}"
state: latest
@@ -204,10 +158,8 @@
loop_control:
label: "{{ library }}"
loop_var: "library"
tags:
- ansible
- name: "Installer : MariaDB : Dependencies - Python Library : pymysql"
- name: "Installer : MariaDB : Dependencies / Python Library : pymysql"
ansible.builtin.pip:
name: pymysql
state: latest
@@ -216,15 +168,6 @@
virtualenv_command: "python3 -m venv"
tags:
- mariadb
- database
- name: "Installer : MariaDB : Dependencies - Package : mariadb-client"
ansible.builtin.apt:
name: "mariadb-client"
state: latest
tags:
- mariadb
- database
- name: "Installer : Podman : Install"
ansible.builtin.apt:
@@ -235,15 +178,13 @@
- buildah
- slirp4netns
state: latest
tags:
- podman
- name: "Installer : Schedule : Maintenance"
ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Maintenance"
hour: "*/3"
minute: "0"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t maintenance"
tags:
- cron
@@ -251,6 +192,6 @@
ansible.builtin.cron:
name: "PVJJK 1.VOS TJAS - Infra - Deployer"
minute: "*/5"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer"
job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-tjas/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-tjas/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-tjas tasks.yml -t deployer"
tags:
- cron