|
|
|
---
|
|
|
|
|
|
|
|
- name: Configure local repository
|
|
|
|
hosts: 127.0.0.1
|
|
|
|
connection: local
|
|
|
|
gather_facts: no
|
|
|
|
tasks:
|
|
|
|
- name: Create local directory for credentials & keys
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
owner: "{{ global_local_user }}"
|
|
|
|
group: "{{ global_local_user }}"
|
|
|
|
mode: "u=rwx,g=rx,o=rx"
|
|
|
|
state: directory
|
|
|
|
loop:
|
|
|
|
- "{{ global_credentials_directory }}"
|
|
|
|
- "{{ global_public_key_directory }}"
|
|
|
|
- "{{ global_ssh_key_directory }}"
|
|
|
|
- "{{ global_ssh_host_key_directory }}"
|
|
|
|
- "{{ global_wireguard_private_directory }}"
|
|
|
|
- "{{ global_wireguard_public_directory }}"
|
|
|
|
- name: Install required tools
|
|
|
|
become: yes
|
|
|
|
become_user: root
|
|
|
|
become_method: sudo
|
|
|
|
apt:
|
|
|
|
name:
|
|
|
|
- sshpass
|
|
|
|
- wireguard-tools
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Configure secure root access to hosts
|
|
|
|
hosts: bootstrap
|
|
|
|
gather_facts: no
|
|
|
|
roles:
|
|
|
|
- role: bootstrap
|
|
|
|
|
|
|
|
- hosts: all
|
|
|
|
strategy: free
|
|
|
|
roles:
|
|
|
|
- role: hostname
|
|
|
|
fqdn: "{{ inventory_hostname }}"
|
|
|
|
- role: common
|
|
|
|
- role: account
|
|
|
|
username: "zocker"
|
|
|
|
password: "{{ zocker_password }}"
|
|
|
|
authorized_keys: "{{ zocker_authorized_keys_url }}"
|
|
|
|
sudo: yes
|
|
|
|
|
|
|
|
- name: Configure wireguard network
|
|
|
|
import_playbook: playbooks/wireguard.yml
|
|
|
|
|
|
|
|
- name: Include dns configuration
|
|
|
|
import_playbook: playbooks/dns.yml
|
|
|
|
|
|
|
|
- name: Configure nvak
|
|
|
|
tags:
|
|
|
|
- test
|
|
|
|
hosts: nvak.banananet.work
|
|
|
|
roles:
|
|
|
|
# Git Server
|
|
|
|
- role: server/gitea
|
|
|
|
domain: git.banananet.work
|
|
|
|
gitea_system_user: git
|
|
|
|
# Banananet.work
|
|
|
|
- role: server/static
|
|
|
|
domain: banananet.work
|
|
|
|
repo: git@git.banananet.work:banananetwork/main-static.git
|
|
|
|
# SpotMe Server
|
|
|
|
# - role: server/spotme
|
|
|
|
# domain: spotme.fun
|
|
|
|
# spotme_system_user: spotme
|
|
|
|
# # Admin Panel
|
|
|
|
# - role: server/php
|
|
|
|
# domain: nvak.banananet.work
|
|
|
|
# repo: PHPMYADMIN # TODO
|
|
|
|
# BananaNetwork Keys
|
|
|
|
# - role: server/node
|
|
|
|
# domain: keys.banananet.work
|
|
|
|
# repo: git@git.banananet.work:banananetwork/keys.git
|
|
|
|
# app_port: 12822
|
|
|
|
# system_user: keys-banananet-work
|
|
|
|
# Nextcloud Server
|
|
|
|
- role: server/nextcloud
|
|
|
|
domain: cloud.banananet.work
|
|
|
|
system_user: nextcloud
|
|
|
|
nextcloud_admin_user: zocker
|
|
|
|
nextcloud_admin_pass: "{{ zocker_password }}"
|
|
|
|
enabled_apps_list:
|
|
|
|
- accessibility
|
|
|
|
- activity
|
|
|
|
- admin_audit
|
|
|
|
- apporder
|
|
|
|
- bruteforcesettings
|
|
|
|
- calendar
|
|
|
|
- checksum
|
|
|
|
- cloud_federation_api
|
|
|
|
- comments
|
|
|
|
- contacts
|
|
|
|
- cookbook
|
|
|
|
- cospend
|
|
|
|
- dav
|
|
|
|
- deck
|
|
|
|
- dicomviewer
|
|
|
|
- external
|
|
|
|
- federatedfilesharing
|
|
|
|
- federation
|
|
|
|
- files
|
|
|
|
- files_automatedtagging
|
|
|
|
- files_ebookreader
|
|
|
|
- files_external
|
|
|
|
- files_markdown
|
|
|
|
- files_pdfviewer
|
|
|
|
- files_readmemd
|
|
|
|
- files_rightclick
|
|
|
|
- files_sharing
|
|
|
|
- files_texteditor
|
|
|
|
- files_trashbin
|
|
|
|
- files_versions
|
|
|
|
- files_videoplayer
|
|
|
|
- firstrunwizard
|
|
|
|
- gallery
|
|
|
|
- logreader
|
|
|
|
- lookup_server_connector
|
|
|
|
- mail
|
|
|
|
- metadata
|
|
|
|
- nextcloud_announcements
|
|
|
|
- notes
|
|
|
|
- notifications
|
|
|
|
- oauth2
|
|
|
|
- ocdownloader
|
|
|
|
- password_policy
|
|
|
|
- phonetrack
|
|
|
|
- polls
|
|
|
|
- privacy
|
|
|
|
- provisioning_api
|
|
|
|
- quota_warning
|
|
|
|
- serverinfo
|
|
|
|
- sharebymail
|
|
|
|
- sharerenamer
|
|
|
|
- social
|
|
|
|
- sociallogin
|
|
|
|
- socialsharing_email
|
|
|
|
- spreed
|
|
|
|
- support
|
|
|
|
- suspicious_login
|
|
|
|
- systemtags
|
|
|
|
- tasks
|
|
|
|
- theming
|
|
|
|
- twofactor_admin
|
|
|
|
- twofactor_backupcodes
|
|
|
|
- twofactor_gateway
|
|
|
|
- twofactor_nextcloud_notification
|
|
|
|
- twofactor_totp
|
|
|
|
- twofactor_u2f
|
|
|
|
- updatenotification
|
|
|
|
- viewer
|
|
|
|
- workflowengine
|
|
|
|
disabled_apps_list:
|
|
|
|
- encryption
|
|
|
|
- recommendations
|
|
|
|
- survey_client
|
|
|
|
- user_ldap
|
|
|
|
# Firefox Sync Server
|
|
|
|
- role: server/firefox-sync
|
|
|
|
domain: firefox.banananet.work
|
|
|
|
# RSS Server
|
|
|
|
# TODO Manual initialization of database required
|
|
|
|
- role: server/tt-rss
|
|
|
|
domain: rss.banananet.work
|
|
|
|
# DSA Seite
|
|
|
|
# - role: server/node
|
|
|
|
# domain: dsa.banananet.work
|
|
|
|
# repo: git@git.banananet.work:dsaGroup/dsaPage.git
|
|
|
|
# app_port: 12821
|
|
|
|
# system_user: dsaPage
|
|
|
|
# Forum der Schande
|
|
|
|
- role: server/php
|
|
|
|
domain: forumderschan.de
|
|
|
|
repo: git@git.banananet.work:strichliste/strichliste-php.git
|
|
|
|
root: html
|
|
|
|
installation_includes:
|
|
|
|
- includes
|
|
|
|
- role: nginx/forward
|
|
|
|
domain: www.forumderschan.de
|
|
|
|
dest: forumderschan.de
|
|
|
|
# WG Nextcloud
|
|
|
|
- role: server/nextcloud
|
|
|
|
domain: wg.banananet.work
|
|
|
|
nextcloud_admin_user: felix
|
|
|
|
enabled_apps_list:
|
|
|
|
- accessibility
|
|
|
|
- activity
|
|
|
|
- apporder
|
|
|
|
- bruteforcesettings
|
|
|
|
- calendar
|
|
|
|
- checksum
|
|
|
|
- cloud_federation_api
|
|
|
|
- comments
|
|
|
|
- contacts
|
|
|
|
- cookbook
|
|
|
|
- cospend
|
|
|
|
- dav
|
|
|
|
- deck
|
|
|
|
- encryption
|
|
|
|
- external
|
|
|
|
- federatedfilesharing
|
|
|
|
- federation
|
|
|
|
- files
|
|
|
|
- files_automatedtagging
|
|
|
|
- files_ebookreader
|
|
|
|
- files_external
|
|
|
|
- files_markdown
|
|
|
|
- files_pdfviewer
|
|
|
|
- files_readmemd
|
|
|
|
- files_rightclick
|
|
|
|
- files_sharing
|
|
|
|
- files_texteditor
|
|
|
|
- files_trashbin
|
|
|
|
- files_versions
|
|
|
|
- files_videoplayer
|
|
|
|
- firstrunwizard
|
|
|
|
- gallery
|
|
|
|
- logreader
|
|
|
|
- lookup_server_connector
|
|
|
|
- metadata
|
|
|
|
- nextcloud_announcements
|
|
|
|
- notes
|
|
|
|
- notifications
|
|
|
|
- oauth2
|
|
|
|
- ocdownloader
|
|
|
|
- password_policy
|
|
|
|
- polls
|
|
|
|
- privacy
|
|
|
|
- provisioning_api
|
|
|
|
- quota_warning
|
|
|
|
- serverinfo
|
|
|
|
- sharebymail
|
|
|
|
- sharerenamer
|
|
|
|
- sociallogin
|
|
|
|
- socialsharing_email
|
|
|
|
- spreed
|
|
|
|
- support
|
|
|
|
- suspicious_login
|
|
|
|
- systemtags
|
|
|
|
- tasks
|
|
|
|
- theming
|
|
|
|
- twofactor_admin
|
|
|
|
- twofactor_backupcodes
|
|
|
|
- twofactor_gateway
|
|
|
|
- twofactor_nextcloud_notification
|
|
|
|
- twofactor_totp
|
|
|
|
- twofactor_u2f
|
|
|
|
- updatenotification
|
|
|
|
- viewer
|
|
|
|
- workflowengine
|
|
|
|
disabled_apps_list:
|
|
|
|
- admin_audit
|
|
|
|
- recommendations
|
|
|
|
- survey_client
|
|
|
|
- user_ldap
|
|
|
|
# # Stadtpiraten
|
|
|
|
# - role: server/typo3
|
|
|
|
# domain: piraten.dev.banananet.work
|
|
|
|
# - role: server/php
|
|
|
|
# domain: forum.piraten.dev.banananet.work
|
|
|
|
# repo: PHPBB # TODO
|
|
|
|
# version: master
|
|
|
|
# # Stadtpiraten (prod)
|
|
|
|
# - role: nginx/forward
|
|
|
|
# domain: www.stadtpiraten-karlsruhe.de
|
|
|
|
# dest: stadtpiraten-karlsruhe.de
|
|
|
|
|
|
|
|
- name: Configure rurapenthe
|
|
|
|
hosts: rurapenthe.banananet.work
|
|
|
|
roles:
|
|
|
|
# - role: dns/slave
|
|
|
|
# domain: banananet.work
|
|
|
|
# masters:
|
|
|
|
# - nvak.banananet.work
|
|
|
|
# - role: dns/slave
|
|
|
|
# domain: forumderschan.de
|
|
|
|
# masters:
|
|
|
|
# - nvak.banananet.work
|
|
|
|
# - role: dns/slave
|
|
|
|
# domain: stadtpiraten-karlsruhe.de
|
|
|
|
# masters:
|
|
|
|
# - nvak.banananet.work
|
|
|
|
# - role: dns/slave
|
|
|
|
# domain: spotme.fun
|
|
|
|
# masters:
|
|
|
|
# - nvak.banananet.work
|
|
|
|
- role: server/node
|
|
|
|
domain: keys.banananet.work
|
|
|
|
repo: git@git.banananet.work:banananetwork/keys.git
|
|
|
|
app_port: 12822
|
|
|
|
system_user: keys-banananet-work
|
|
|
|
environment_vars:
|
|
|
|
REGISTER_PASS: "{{ global_ip_discover_register_pass }}"
|
|
|
|
|
|
|
|
- hosts: hardie.khitomer.banananet.work
|
|
|
|
roles:
|
|
|
|
- role: misc/ip_discover
|