prepare for full automation
This commit is contained in:
6
roles/backupscript/defaults/main.yaml
Normal file
6
roles/backupscript/defaults/main.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
backup:
|
||||
host: backup.stargate.internal
|
||||
internal: true
|
||||
prearecommand: ""
|
||||
basedir: /mnt/backupstore
|
||||
@ -3,6 +3,14 @@
|
||||
|
||||
{{backup.prearecommand}}
|
||||
|
||||
time ( rsync -azP --delete {{backup.folder}} backup@backup.stargate.internal:/mnt/backupstore/{{servicename}}/staging )
|
||||
{% if backup.internal %}
|
||||
|
||||
time ( ssh backup@backup.stargate.internal 'tar -zcvf /mnt/backupstore/{{servicename}}/{{servicename}}-$(date +"%Y-%m-%d").tar.gz -C /mnt/backupstore/{{servicename}}/staging {{backup.tarfolder}}' )
|
||||
time ( rsync -azP --delete {{backup.folder}} backup@{{backup.host}}:{{backup.basedir}}/{{servicename}}/staging )
|
||||
|
||||
time ( ssh backup@{{backup.host}} 'tar -zcvf {{backup.basedir}}/{{servicename}}/{{servicename}}-$(date +"%Y-%m-%d").tar.gz -C {{backup.basedir}}/{{servicename}}/staging {{backup.tarfolder}}' )
|
||||
|
||||
{% else %}
|
||||
|
||||
time ( rsync -azPr --delete --prune-empty-dirs --include "*/" --include="*.tar.gz" --include="*.sql" --include="*.zip" --exclude="*" {{backup.basedir}}/ backup@{{backup.host}}:/mnt/backup/{{servicename}} )
|
||||
|
||||
{% endif %}
|
||||
|
||||
@ -1,19 +0,0 @@
|
||||
---
|
||||
- name: "Install MariaDB via apt"
|
||||
apt:
|
||||
update_cache: yes
|
||||
state: present
|
||||
name:
|
||||
- mariadb-server
|
||||
|
||||
- name: Enable and restart MariaDB daemon
|
||||
service:
|
||||
name: mariadb
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Allow mysql port via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: "3306"
|
||||
proto: tcp
|
||||
3
roles/netplan/defaults/main.yaml
Normal file
3
roles/netplan/defaults/main.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
netplan:
|
||||
additionalinterfaces: []
|
||||
@ -8,4 +8,31 @@ network:
|
||||
dhcp-identifier: mac
|
||||
dhcp4-overrides:
|
||||
use-routes: false
|
||||
gateway4: {{default_gateway}}
|
||||
{% if netplan.default_gateway is defined and netplan.default_gateway|length > 0 %}
|
||||
gateway4: {{netplan.default_gateway}}
|
||||
{% endif %}
|
||||
{% for interface in additionalinterfaces %}
|
||||
{{ interface.name }}:
|
||||
dhcp4: {{ interface.dhcp4 }}
|
||||
dhcp6: {{ interface.dhcp6 }}
|
||||
dhcp-identifier: mac
|
||||
dhcp4-overrides:
|
||||
use-routes: false
|
||||
{% if interface.addresses is defined and interface.addresses|length > 0 %}
|
||||
addresses:
|
||||
{% for address in interface.addresses %}
|
||||
- {{address}}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if interface.gateway4 is defined and interface.gateway4|length > 0 %}
|
||||
gateway4: {{interface.gateway4}}
|
||||
{% endif %}
|
||||
{% if interface.gateway6 is defined and interface.gateway6|length > 0 %}
|
||||
gateway4: {{interface.gateway6}}
|
||||
{% endif %}
|
||||
{% if interface.denydns %}
|
||||
nameservers:
|
||||
addresses: []
|
||||
search: []
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
@ -1,37 +0,0 @@
|
||||
---
|
||||
- name: "Install PostgreSQL via apt"
|
||||
apt:
|
||||
update_cache: yes
|
||||
state: present
|
||||
name:
|
||||
- postgresql
|
||||
|
||||
- name: Add access to every host on local network
|
||||
postgresql_pg_hba:
|
||||
dest: /var/lib/postgres/data/pg_hba.conf
|
||||
contype: host
|
||||
users: all
|
||||
databases: all
|
||||
address: samenet
|
||||
state: present
|
||||
|
||||
- name: Add access to every host via tls on local network
|
||||
postgresql_pg_hba:
|
||||
dest: /var/lib/postgres/data/pg_hba.conf
|
||||
contype: hostssl
|
||||
users: all
|
||||
databases: all
|
||||
address: samenet
|
||||
state: present
|
||||
|
||||
- name: Enable and restart PostgreSQL daemon
|
||||
service:
|
||||
name: postgresql
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Allow postgresql port via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: "5432"
|
||||
proto: tcp
|
||||
@ -23,4 +23,4 @@
|
||||
- name: Allow smtp port via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: smtp
|
||||
port: smtp
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
webserver:
|
||||
customrule: ""
|
||||
defaultservername: "_"
|
||||
- domain: "_"
|
||||
port: 8080
|
||||
|
||||
@ -54,8 +54,6 @@ http {
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
|
||||
{{webserver.customrule}}
|
||||
|
||||
server {
|
||||
|
||||
listen 80 default_server;
|
||||
@ -64,14 +62,17 @@ http {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
{% for server in webserver %}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name {{webserver.defaultservername}};
|
||||
server_name {{ server.domain }};
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
location /{
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
proxy_pass http://127.0.01{{ server.port }};
|
||||
}
|
||||
}
|
||||
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user