--- - name: Configure local repository hosts: 127.0.0.1 connection: local gather_facts: no tasks: - name: Create local directory for credentials & keys file: path: "{{ item }}" owner: "{{ global_local_user }}" group: "{{ global_local_user }}" mode: "u=rwx,g=rx,o=rx" state: directory loop: - "{{ global_credentials_directory }}" - "{{ global_public_key_directory }}" - "{{ global_ssh_key_directory }}" - "{{ global_ssh_host_key_directory }}" - "{{ global_wireguard_private_directory }}" - "{{ global_wireguard_public_directory }}" - name: Install required tools become: yes become_user: root become_method: sudo apt: name: - sshpass - wireguard-tools state: present - name: Configure secure root access to hosts hosts: bootstrap gather_facts: no roles: - role: bootstrap - hosts: all strategy: free roles: - role: hostname fqdn: "{{ inventory_hostname }}" - role: common - role: account username: "zocker" password: "{{ zocker_password }}" sudo: yes - name: Install wireguard vpn hosts: all strategy: free roles: - role: wireguard/application - name: Configure nvak tags: - test hosts: nvak.banananet.work vars: nvak_dns_slaves: [] pre_tasks: - name: Load ssh host key dns fingerprint for host command: cat "{{ global_ssh_host_key_directory | quote }}/{{ item | quote }}/dns" delegate_to: localhost register: ssh_key_dns_fpr_raw changed_when: False loop: "{{ groups['all'] }}" - name: Remap ssh host key dns fingerprints set_fact: ssh_key_dns_fpr_map: "{{ ssh_key_dns_fpr_raw.results | items2dict(key_name='item', value_name='stdout') }}" roles: - role: dns/master domain: banananet.work main_nameserver_domain: ns1.banananet.work. responsible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1 ns1 IN A {{ ansible_default_ipv4.address }} ns1 IN AAAA {{ ansible_default_ipv6.address }} @ IN NS ns2 ns2 IN A {{ hostvars['rurapenthe.banananet.work'].ansible_default_ipv4.address }} ns2 IN AAAA {{ hostvars['rurapenthe.banananet.work'].ansible_default_ipv6.address }} ; Automatic server addresses ; TODO only if addresses not local {% for fqdn, facts in hostvars.items() %} {{ fqdn }}. IN A {{ facts.ansible_default_ipv4.address }} {{ fqdn }}. IN AAAA {{ facts.ansible_default_ipv6.address }} {{ ssh_key_dns_fpr_map[fqdn] }} {% endfor %} ; Public use domains @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} auth IN CNAME nvak cloud IN CNAME nvak test.cloud IN CNAME nvak dsa IN CNAME nvak firefox IN CNAME nvak git IN CNAME nvak keys IN CNAME nvak rss IN CNAME nvak ; Mail @ IN MX 10 nvak @ IN TXT "v=spf1 +mx -all" mail IN CNAME nvak imap IN CNAME nvak smtp IN CNAME nvak - role: dns/master domain: forumderschan.de main_nameserver_domain: ns1.banananet.work. responsible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1.banananet.work. @ IN NS ns2.banananet.work. ; WebPage @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} www IN A {{ ansible_default_ipv4.address }} www IN AAAA {{ ansible_default_ipv6.address }} ; Mail @ IN MX 10 nvak @ IN TXT "v=spf1 +mx -all" - role: dns/master domain: spotme.fun main_nameserver_domain: ns1.banananet.work. responsible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1.banananet.work. @ IN NS ns2.banananet.work. ; Web Page @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} www IN A {{ ansible_default_ipv4.address }} www IN AAAA {{ ansible_default_ipv6.address }} ; Mail @ IN MX 10 nvak @ IN TXT "v=spf1 +mx -all" - role: dns/master domain: stadtpiraten-karlsruhe.de main_nameserver_domain: ns1.banananet.work. resposible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1.banananet.work. @ IN NS ns2.banananet.work. ; WebPages @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} www IN A {{ ansible_default_ipv4.address }} www IN AAAA {{ ansible_default_ipv6.address }} forum IN A {{ ansible_default_ipv4.address }} forum IN AAAA {{ ansible_default_ipv6.address }} ; Mail @ IN MX 10 nvak @ IN TXT "v=spf1 +mx -all" # Git Server - role: server/gitea domain: git.banananet.work # Banananet.work - role: server/static domain: banananet.work repo: git@git.banananet.work:banananetwork/main-static.git # SpotMe Server # - role: server/spotme # domain: spotme.fun # # Admin Panel # - role: server/php # domain: nvak.banananet.work # repo: PHPMYADMIN # TODO # BananaNetwork Keys - role: server/node domain: keys.banananet.work repo: git@git.banananet.work:banananetwork/keys.git app_port: 12822 system_user: keys-banananet-work # Nextcloud Server - role: server/nextcloud domain: cloud.banananet.work # Firefox Sync Server - role: server/firefox-sync domain: firefox.banananet.work # # RSS Server # - role: server/php # domain: rss.banananet.work # repo: TTRSS # TODO # DSA Seite - role: server/node domain: dsa.banananet.work repo: git@git.banananet.work:dsaGroup/dsaPage.git app_port: 12821 system_user: dsaPage # # Forum der Schande # - role: server/php # name: strichliste # domain: forumderschan.de # repo: git@git.banananet.work:strichliste/strichliste-php.git # root: html # includes: # - includes - role: nginx/forward domain: www.forumderschan.de dest: forumderschan.de # # Stadtpiraten # - role: server/typo3 # domain: piraten.dev.banananet.work # - role: server/php # domain: forum.piraten.dev.banananet.work # repo: PHPBB # TODO # version: master # # Stadtpiraten (prod) # - role: nginx/forward # domain: www.stadtpiraten-karlsruhe.de # dest: stadtpiraten-karlsruhe.de #- hosts: quvat.banananet.work # roles: # - role: hostname # fqdn: quvat.banananet.work # # - role: server/static # domain: banananet.work # repo: git@git.banananet.work:banananetwork/main-static.git # # - role: server/php # domain: quvat.banananet.work # repo: "MISSING" # TODO # # - role: nginx/forward # domain: server.banananet.work # forward: quvat.banananet.work # # - role: server/node # domain: keys.banananet.work # repo: git@git.banananet.work:banananetwork/keys.git # # - role: server/nextcloud # domain: cloud.banananet.work # nextcloud_admin_user: "{{ common_user }}" # nextcloud_admin_pass: "{{ common_pass }}" # # - role: server/tt-rss # domain: rss.banananet.work # # - role: server/firefox-sync # domain: firefox.quvat.banananet.work # # - role: server/node # domain: dsa.banananet.work # repo: git@git.banananet.work:dsaGroup/dsaPage.git # # - role: server/php # domain: forumderschan.de # repo: git@git.banananet.work:strichliste/strichliste-php.git # html: /html # # - role: nginx/forward # domain: www.forumderschan.de # forward: forumderschan.de # # - role: server/typo3 # domain: piraten.dev.banananet.work # # - role: server/php # TODO Maybe php-bb special configuration # domain: forum.piraten.dev.banananet.work #- name: Configure rurapenthe # hosts: rurapenthe.banananet.work # roles: # - role: dns/slave # domain: banananet.work # masters: # - nvak.banananet.work # - role: dns/slave # domain: forumderschan.de # masters: # - nvak.banananet.work # - role: dns/slave # domain: stadtpiraten-karlsruhe.de # masters: # - nvak.banananet.work # - role: dns/slave # domain: spotme.fun # masters: # - nvak.banananet.work #- hosts: 192.168.1.8 # hardie.khitomer.banananet.work # roles: # - role: mysql/application