From 5c5e8578b7b588a2e1dff3a2c6385fd7bb2e6f10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torma=20Krist=C3=B3f?= Date: Sat, 16 Apr 2022 23:37:46 +0200 Subject: [PATCH] ansible user --- ansiblefuckery.yaml | 6 ++++++ dbhosts.yaml | 2 +- docker-host.yaml | 3 ++- host_vars/backup.yaml | 1 + host_vars/bitwarden.yaml | 3 +++ host_vars/drone-runner.yaml | 3 +++ host_vars/drone.yaml | 3 +++ host_vars/git.yaml | 1 + host_vars/guacamole.yaml | 3 +++ host_vars/keycloak.yaml | 3 +++ host_vars/mariadb.yaml | 14 ------------- host_vars/neko.yaml | 1 + host_vars/nextcloud.yaml | 3 +++ host_vars/nexus.yaml | 1 + host_vars/openvpn.yaml | 1 + host_vars/postgres.yaml | 1 + host_vars/smtp.yaml | 3 +++ host_vars/sonar.yaml | 3 +++ host_vars/swagger.yaml | 3 +++ host_vars/webgateway.yaml | 3 +++ inventory.yaml | 26 ++++++++----------------- roles/ansibleuser/files/authorized_keys | 1 + roles/ansibleuser/tasks/main.yaml | 20 +++++++++++++++++++ 23 files changed, 74 insertions(+), 34 deletions(-) create mode 100644 ansiblefuckery.yaml create mode 100644 host_vars/bitwarden.yaml create mode 100644 host_vars/drone-runner.yaml create mode 100644 host_vars/drone.yaml create mode 100644 host_vars/guacamole.yaml create mode 100644 host_vars/keycloak.yaml delete mode 100644 host_vars/mariadb.yaml create mode 100644 host_vars/nextcloud.yaml create mode 100644 host_vars/smtp.yaml create mode 100644 host_vars/sonar.yaml create mode 100644 host_vars/swagger.yaml create mode 100644 host_vars/webgateway.yaml create mode 100644 roles/ansibleuser/files/authorized_keys create mode 100644 roles/ansibleuser/tasks/main.yaml diff --git a/ansiblefuckery.yaml b/ansiblefuckery.yaml new file mode 100644 index 0000000..0652db4 --- /dev/null +++ b/ansiblefuckery.yaml @@ -0,0 +1,6 @@ +--- +- name: "Add ansible stuff" + hosts: all + roles: + - ansibleuser +... diff --git a/dbhosts.yaml b/dbhosts.yaml index 330b75b..ba2fe5d 100644 --- a/dbhosts.yaml +++ b/dbhosts.yaml @@ -1,6 +1,6 @@ --- - name: "Deploy database server base" - hosts: postgres, mariadb + hosts: postgres roles: - netplan - common diff --git a/docker-host.yaml b/docker-host.yaml index 20be74b..38ff3d6 100644 --- a/docker-host.yaml +++ b/docker-host.yaml @@ -1,9 +1,10 @@ --- - name: "Deploy basic webhost with Docker" - hosts: keycloak, drone, swagger, guacamole, bitwarden, nexus, nextcloud + hosts: docker-webhosts roles: - netplan - common - docker - webserver - internalsmtp +... diff --git a/host_vars/backup.yaml b/host_vars/backup.yaml index ddb6123..f8f7ae5 100644 --- a/host_vars/backup.yaml +++ b/host_vars/backup.yaml @@ -1,4 +1,5 @@ --- +ansible_host: backup.stargate.internal servicename: mckay backup: host: oniel.tormakristof.eu diff --git a/host_vars/bitwarden.yaml b/host_vars/bitwarden.yaml new file mode 100644 index 0000000..514f442 --- /dev/null +++ b/host_vars/bitwarden.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: bitwarden.stargate.internal +... diff --git a/host_vars/drone-runner.yaml b/host_vars/drone-runner.yaml new file mode 100644 index 0000000..49f6736 --- /dev/null +++ b/host_vars/drone-runner.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: drone-runner.stargate.internal +... diff --git a/host_vars/drone.yaml b/host_vars/drone.yaml new file mode 100644 index 0000000..dd4ca07 --- /dev/null +++ b/host_vars/drone.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: drone.stargate.internal +... diff --git a/host_vars/git.yaml b/host_vars/git.yaml index 133f676..6ea6e31 100644 --- a/host_vars/git.yaml +++ b/host_vars/git.yaml @@ -1,4 +1,5 @@ --- +ansible_host: git.stargate.internal servicename: git backup: folder: "/home/service-user" diff --git a/host_vars/guacamole.yaml b/host_vars/guacamole.yaml new file mode 100644 index 0000000..44c3989 --- /dev/null +++ b/host_vars/guacamole.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: guacamole.stargate.internal +... diff --git a/host_vars/keycloak.yaml b/host_vars/keycloak.yaml new file mode 100644 index 0000000..af21fcc --- /dev/null +++ b/host_vars/keycloak.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: keycloak.stargate.internal +... diff --git a/host_vars/mariadb.yaml b/host_vars/mariadb.yaml deleted file mode 100644 index a35eb05..0000000 --- a/host_vars/mariadb.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -servicename: mysql -firewall: - - port: "3306" - proto: tcp - interface: "eth0" -backup: - folder: "/var/lib/mysql/backup" - tarfolder: "backup" - host: backup.stargate.internal - internal: true - prearecommand: "time ( mysqldump --all-databases --single-transaction --quick --lock-tables=false > /var/lib/mysql/backup/mysqldump.sql" - basedir: /mnt/backupstore -... diff --git a/host_vars/neko.yaml b/host_vars/neko.yaml index 7562fbc..bf9b7f1 100644 --- a/host_vars/neko.yaml +++ b/host_vars/neko.yaml @@ -1,4 +1,5 @@ --- +ansible_host: zelenka.stargate.internal firewall: - port: "ssh" proto: tcp diff --git a/host_vars/nextcloud.yaml b/host_vars/nextcloud.yaml new file mode 100644 index 0000000..40edad3 --- /dev/null +++ b/host_vars/nextcloud.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: nextcloud.stargate.internal +... diff --git a/host_vars/nexus.yaml b/host_vars/nexus.yaml index 38a3145..f7d11db 100644 --- a/host_vars/nexus.yaml +++ b/host_vars/nexus.yaml @@ -1,4 +1,5 @@ --- +ansible_host: nexus.stargate.internal webserver: - domain: "nexus.kmlabz.com" port: 8080 diff --git a/host_vars/openvpn.yaml b/host_vars/openvpn.yaml index 5e45f21..813fcfc 100644 --- a/host_vars/openvpn.yaml +++ b/host_vars/openvpn.yaml @@ -1,4 +1,5 @@ --- +ansible_host: openvpn.stargate.internal firewall: - port: "1194" proto: udp diff --git a/host_vars/postgres.yaml b/host_vars/postgres.yaml index f2de49c..4a2e42d 100644 --- a/host_vars/postgres.yaml +++ b/host_vars/postgres.yaml @@ -1,4 +1,5 @@ --- +ansible_host: postgres.stargate.internal servicename: postgres firewall: - port: "5432" diff --git a/host_vars/smtp.yaml b/host_vars/smtp.yaml new file mode 100644 index 0000000..2707e05 --- /dev/null +++ b/host_vars/smtp.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: smtp.stargate.internal +... \ No newline at end of file diff --git a/host_vars/sonar.yaml b/host_vars/sonar.yaml new file mode 100644 index 0000000..b453bea --- /dev/null +++ b/host_vars/sonar.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: sonar.stargate.internal +... diff --git a/host_vars/swagger.yaml b/host_vars/swagger.yaml new file mode 100644 index 0000000..451a2ee --- /dev/null +++ b/host_vars/swagger.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: swagger.stargate.internal +... diff --git a/host_vars/webgateway.yaml b/host_vars/webgateway.yaml new file mode 100644 index 0000000..fac77e5 --- /dev/null +++ b/host_vars/webgateway.yaml @@ -0,0 +1,3 @@ +--- +ansible_host: apache.stargate.internal +... diff --git a/inventory.yaml b/inventory.yaml index 7c25bfc..2236c7c 100644 --- a/inventory.yaml +++ b/inventory.yaml @@ -7,39 +7,29 @@ all: woolsey: hosts: neko: - ansible_host: zelenka.stargate.internal drone: - ansible_host: drone.stargate.internal keycloak: - ansible_host: keycloak.stargate.internal sonar: - ansible_host: sonar.stargate.internal swagger: - ansible_host: swagger.stargate.internal drone-runner: - ansible_host: drone-runner.stargate.internal smtp: - ansible_host: smtp.stargate.internal webgateway: - ansible_host: apache.stargate.internal openvpn: - ansible_host: openvpn.stargate.internal nexus: - ansible_host: nexus.stargate.internal git: - ansible_host: git.stargate.internal postgres: - ansible_host: postgres.stargate.internal mckay: hosts: guacamole: - ansible_host: guacamole.stargate.internal bitwarden: - ansible_host: bitwarden.stargate.internal nextcloud: - ansible_host: nextcloud.stargate.internal - mariadb: - ansible_host: mysql.stargate.internal backup: - ansible_host: backup.stargate.internal + docker-webhosts: + keycloak: + drone: + swagger: + guacamole: + bitwarden: + nexus: + nextcloud : ... diff --git a/roles/ansibleuser/files/authorized_keys b/roles/ansibleuser/files/authorized_keys new file mode 100644 index 0000000..a251cae --- /dev/null +++ b/roles/ansibleuser/files/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFkYMmPYQ8hs6D5tuTt+sEofoMd2GTXyS97mh8maXmets3eS8iMm2W4Pppaqj9lMIsYdDX0BZvbmuQa+iNKchj6HJPtvdx2Rhus1UGn74iy/NtgogWFHL9YEYILzc5lBqotV5o3z/wRMfSwqnVwYBZ7OI+LJenwf76bIUm6lVqyh2Qh9/wWOyGpUVitDpUVi/h2J3xZf8Z2r1vHFdMHJygrrKn3C4vsZobHJ48iq8QWj1vwfMavq6dgJtiS4/WUTvHuzjfHdyyO7akBM66Ul41UlGG5iqkIKTIzLECXPPWWe/vCIcumkeMxtoY0pxpsgKu1kgqhNs8Q+hgF/H+lIlXtzsZ5gKUwhS7sUNejNywaMjcOUVvnRVXh3FaH9t8HK7mGouaN7q+ghNbMKLlxueP5mpgzK+APaRcNjA/4JyXN750l22xM6YQkxqOeuK5FS/TVmn2H6otaxGrfGz1sfYyynvWSMqpNStuCjCYfEHBLqPKX5tpG8z/gGNa/51CQvM= tormakris@woolsey.tormakris.dev \ No newline at end of file diff --git a/roles/ansibleuser/tasks/main.yaml b/roles/ansibleuser/tasks/main.yaml new file mode 100644 index 0000000..8710672 --- /dev/null +++ b/roles/ansibleuser/tasks/main.yaml @@ -0,0 +1,20 @@ +--- +- name: "Add ansible user" + ansible.builtin.user: + name: ansible + comment: Ansible + shell: /bin/bash + +- name: "Add ansible user to sudo group" + ansible.builtin.user: + name: ansible + comment: Ansible + groups: sudo + append: yes + +- name: Add public key to authorized keys + ansible.posix.authorized_key: + user: ansible + state: present + key: authorized_keys +...