mirror of
https://github.com/cwchristerw/tjas-infra
synced 2025-08-09 04:44:38 +00:00
318 lines
9.0 KiB
YAML
318 lines
9.0 KiB
YAML
---
|
|
- name: "Deployer - SSH - Add Authorized Keys"
|
|
ansible.builtin.template:
|
|
src: './files/ssh/authorized_keys'
|
|
dest: '/root/.ssh/authorized_keys'
|
|
tags:
|
|
- ssh
|
|
|
|
- name: "Deployer - SSH - Config"
|
|
ansible.builtin.template:
|
|
src: './files/ssh/sshd_config'
|
|
dest: '/etc/ssh/sshd_config'
|
|
register: deployerTaskS1
|
|
tags:
|
|
- ssh
|
|
|
|
- name: "Deployer : SSH : Restart"
|
|
ansible.builtin.systemd_service:
|
|
name: ssh
|
|
state: restarted
|
|
enabled: true
|
|
when:
|
|
- (deployerTaskS1 is defined and deployerTaskS1.changed) or deployerTaskS1 is undefined
|
|
|
|
- name: "Deployer - Yggdrasil - Configure - Create Folder"
|
|
ansible.builtin.file:
|
|
path: "/root/data/yggdrasil/"
|
|
state: directory
|
|
tags:
|
|
- yggdrasil
|
|
|
|
- name: "Deployer - Yggdrasil - Configure - Create Subfolders"
|
|
ansible.builtin.file:
|
|
dest: '/root/data/yggdrasil/{{ item.path }}'
|
|
state: directory
|
|
with_filetree: './files/yggdrasil/'
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
when:
|
|
- item.state == 'directory'
|
|
tags:
|
|
- yggdrasil
|
|
|
|
- name: "Deployer - Yggdrasil - Configure - Generating & Transferring Files"
|
|
ansible.builtin.template:
|
|
src: '{{ item.src }}'
|
|
dest: '/root/data/yggdrasil/{{ item.path }}'
|
|
register: deployerTaskY1
|
|
with_filetree: './files/yggdrasil/'
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
when:
|
|
- item.state == 'file'
|
|
tags:
|
|
- yggdrasil
|
|
|
|
- name: "Deployer - Yggdrasil - Pull Image"
|
|
containers.podman.podman_image:
|
|
name: docker.io/library/golang
|
|
tag: alpine
|
|
force: true
|
|
register: deployerTaskY2
|
|
|
|
- name: "Deployer - Yggdrasil - Clone Repository"
|
|
ansible.builtin.git:
|
|
repo: "https://github.com/yggdrasil-network/yggdrasil-go.git"
|
|
dest: ".cache/git/yggdrasil"
|
|
register: deployerTaskY3
|
|
|
|
- name: "Deployer - Yggdrasil - Pull Image"
|
|
containers.podman.podman_image:
|
|
name: pvjjk-1vos-tjas/yggdrasil
|
|
tag: latest
|
|
path: "/root/data/yggdrasil"
|
|
build:
|
|
format: docker
|
|
force: true
|
|
register: deployerTaskY4
|
|
|
|
- name: "Deployer - Yggdrasil - Run Container"
|
|
containers.podman.podman_container:
|
|
name: yggdrasil
|
|
image: pvjjk-1vos-tjas/yggdrasil:latest
|
|
state: started
|
|
recreate: on
|
|
network: host
|
|
capabilities:
|
|
- net_admin
|
|
device:
|
|
- "/dev/net/tun"
|
|
volumes:
|
|
- "{{ ansible_facts.user_dir }}/data/yggdrasil/config.conf:/etc/yggdrasil-network/config.conf"
|
|
restart_policy: always
|
|
when:
|
|
- (deployerTaskY1 is defined and deployerTaskY1.changed) or deployerTaskY1 is undefined or (deployerTaskY2 is defined and deployerTaskY2.changed) or deployerTaskY2 is undefined or (deployerTaskY3 is defined and deployerTaskY3.changed) or deployerTaskY3 is undefined or (deployerTaskY4 is defined and deployerTaskY4.changed) or deployerTaskY4 is undefined
|
|
tags:
|
|
- yggdrasil
|
|
|
|
- name: "Deployer - MariaDB - Create Folder"
|
|
ansible.builtin.file:
|
|
path: /root/data/mariadb
|
|
state: directory
|
|
tags:
|
|
- mariadb
|
|
|
|
- name: "Deployer - MariaDB - Pull Image"
|
|
containers.podman.podman_image:
|
|
name: docker.io/library/mariadb
|
|
tag: latest
|
|
force: true
|
|
register: deployerTaskM1
|
|
|
|
- name: "Deployer - MariaDB - Run Container"
|
|
containers.podman.podman_container:
|
|
name: mariadb
|
|
image: docker.io/library/mariadb:latest
|
|
state: started
|
|
restart: on
|
|
network: host
|
|
volumes:
|
|
- "/root/data/mariadb:/var/lib/mysql"
|
|
restart_policy: always
|
|
env:
|
|
MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}"
|
|
register: deployerTaskM2
|
|
when:
|
|
- (deployerTaskM1 is defined and deployerTaskM1.changed) or deployerTaskM1 is undefined
|
|
tags:
|
|
- mariadb
|
|
|
|
- name: "Deployer - MariaDB - Wait"
|
|
ansible.builtin.wait_for:
|
|
host: "127.0.0.1"
|
|
port: "3306"
|
|
delay: 10
|
|
when:
|
|
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
|
|
tags:
|
|
- mariadb
|
|
|
|
- name: "Deployer - MariaDB - Upgrade"
|
|
containers.podman.podman_container_exec:
|
|
name: "mariadb"
|
|
command: "mariadb-upgrade --host=127.0.0.1 --user=root --password={{ config.mariadb.users.root.password }}"
|
|
register: task
|
|
ignore_errors: yes
|
|
changed_when: task.stdout.find("This installation of MariaDB is already upgraded") == -1
|
|
when:
|
|
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
|
|
tags:
|
|
- mariadb
|
|
|
|
- name: "Deployer - MariaDB - Create Users"
|
|
community.mysql.mysql_user:
|
|
login_host: "127.0.0.1"
|
|
login_user: root
|
|
login_password: "{{ config.mariadb.users.root.password }}"
|
|
name: "{{ config.mariadb.users[user].username }}"
|
|
host: "%"
|
|
password: "{{ config.mariadb.users[user].password }}"
|
|
priv: "{{ config.mariadb.users[user].database }}.*:ALL"
|
|
loop: "{{ config.mariadb.users.keys() }}"
|
|
loop_control:
|
|
label: "{{ user }}"
|
|
loop_var: "user"
|
|
when:
|
|
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
|
|
tags:
|
|
- mariadb
|
|
|
|
- name: "Deployer - MariaDB - Create Database"
|
|
community.mysql.mysql_db:
|
|
login_host: "127.0.0.1"
|
|
login_user: "{{ config.mariadb.users[user].username }}"
|
|
login_password: "{{ config.mariadb.users[user].password }}"
|
|
name: "{{ config.mariadb.users[user].database }}"
|
|
loop: "{{ config.mariadb.users.keys() }}"
|
|
loop_control:
|
|
label: "{{ user }}"
|
|
loop_var: "user"
|
|
when:
|
|
- (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
|
|
tags:
|
|
- mariadb
|
|
|
|
- name: "Deployer - Kea - Install"
|
|
ansible.builtin.apt:
|
|
name:
|
|
- kea
|
|
state: latest
|
|
|
|
# - name: "Deployer - DHCP - Config"
|
|
# ansible.builtin.template:
|
|
# src: './files/dhcp/dhcpd.conf'
|
|
# dest: '/etc/dhcp/dhcpd.conf'
|
|
# register: deployerTaskD1
|
|
# tags:
|
|
# - dhcp
|
|
|
|
# - name: "Deployer : DHCP : Restart"
|
|
# ansible.builtin.systemd_service:
|
|
# name: isc-dhcp-server
|
|
# state: restarted
|
|
# enabled: true
|
|
# when:
|
|
# - (deployerTaskD1 is defined and deployerTaskD1.changed) or deployerTaskD1 is undefined
|
|
|
|
- name: "Deployer - PowerDNS - Configure - Create Folder"
|
|
ansible.builtin.file:
|
|
path: "/root/data/powerdns/"
|
|
state: directory
|
|
tags:
|
|
- powerdns
|
|
|
|
- name: "Deployer - PowerDNS - Configure - Create Subfolders"
|
|
ansible.builtin.file:
|
|
dest: '/root/data/powerdns/{{ item.path }}'
|
|
state: directory
|
|
with_filetree: './files/powerdns/'
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
when:
|
|
- item.state == 'directory'
|
|
tags:
|
|
- powerdns
|
|
|
|
- name: "Deployer - PowerDNS - Configure - Generating & Transferring Files"
|
|
ansible.builtin.template:
|
|
src: '{{ item.src }}'
|
|
dest: '/root/data/powerdns/{{ item.path }}'
|
|
register: deployerTaskP1
|
|
with_filetree: './files/powerdns/'
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
when:
|
|
- item.state == 'file'
|
|
tags:
|
|
- powerdns
|
|
|
|
- name: "Deployer - PowerDNS - Pull Image"
|
|
containers.podman.podman_image:
|
|
name: docker.io/powerdns/pdns-auth-49
|
|
tag: latest
|
|
force: true
|
|
register: deployerTaskP2
|
|
|
|
- name: "Deployer - PowerDNS - Run Container"
|
|
containers.podman.podman_container:
|
|
name: powerdns
|
|
image: docker.io/powerdns/pdns-auth-49:latest
|
|
state: started
|
|
recreate: on
|
|
network: host
|
|
restart_policy: always
|
|
volumes:
|
|
- /root/data/powerdns/config.conf:/etc/powerdns/pdns.conf:ro"
|
|
when:
|
|
- (deployerTaskP1 is defined and deployerTaskP1.changed) or deployerTaskP1 is undefined or (deployerTaskP2 is defined and deployerTaskP2.changed) or deployerTaskP2 is undefined
|
|
tags:
|
|
- powerdns
|
|
|
|
- name: "Deployer - Nginx - Configure - Create Folder"
|
|
ansible.builtin.file:
|
|
path: "/root/data/nginx/"
|
|
state: directory
|
|
tags:
|
|
- nginx
|
|
|
|
- name: "Deployer - Nginx - Configure - Create Subfolders"
|
|
ansible.builtin.file:
|
|
dest: '/root/data/nginx/{{ item.path }}'
|
|
state: directory
|
|
with_filetree: './files/nginx/'
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
when:
|
|
- item.state == 'directory'
|
|
tags:
|
|
- nginx
|
|
|
|
- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
|
|
ansible.builtin.template:
|
|
src: '{{ item.src }}'
|
|
dest: '/root/data/nginx/{{ item.path }}'
|
|
register: deployerTaskN1
|
|
with_filetree: './files/nginx/'
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
when:
|
|
- item.state == 'file'
|
|
tags:
|
|
- nginx
|
|
|
|
- name: "Deployer - Nginx - Pull Image"
|
|
containers.podman.podman_image:
|
|
name: docker.io/library/nginx
|
|
tag: latest
|
|
force: true
|
|
register: deployerTaskN2
|
|
|
|
- name: "Deployer - Nginx - Run Container"
|
|
containers.podman.podman_container:
|
|
name: nginx
|
|
image: docker.io/library/nginx:latest
|
|
state: started
|
|
recreate: on
|
|
network: host
|
|
volumes:
|
|
- "{{ ansible_facts.user_dir }}/data/nginx/index.html:/usr/share/nginx/html/index.html:ro"
|
|
- "{{ ansible_facts.user_dir }}/data/nginx/config.conf:/etc/nginx/nginx.conf:ro"
|
|
- "{{ ansible_facts.user_dir }}/data/nginx/conf/:/etc/nginx/conf.d/:ro"
|
|
#- "{{ ansible_facts.user_dir }}/data/certs/:/etc/nginx/certs/:ro"
|
|
restart_policy: always
|
|
when:
|
|
- (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined
|
|
tags:
|
|
- nginx
|