--- - name: Configure local repository hosts: 127.0.0.1 connection: local gather_facts: no tasks: - name: Create local directory for credentials & keys file: path: "{{ item }}" owner: "{{ global_local_user }}" group: "{{ global_local_user }}" mode: "u=rwx,g=rx,o=rx" state: directory loop: - "{{ global_credentials_directory }}" - "{{ global_public_key_directory }}" - "{{ global_ssh_key_directory }}" - "{{ global_ssh_host_key_directory }}" - "{{ global_wireguard_private_directory }}" - "{{ global_wireguard_public_directory }}" - name: Install required tools become: yes become_user: root become_method: sudo apt: name: - sshpass - wireguard-tools state: present - name: Configure secure root access to hosts hosts: bootstrap gather_facts: no roles: - role: bootstrap - hosts: all strategy: free roles: - role: hostname fqdn: "{{ inventory_hostname }}" - role: common - role: account username: "zocker" password: "{{ zocker_password }}" authorized_keys: "{{ zocker_authorized_keys_url }}" sudo: yes - name: Configure wireguard network import_playbook: playbooks/wireguard.yml - name: Configure nvak tags: - test hosts: nvak.banananet.work vars: nvak_dns_slaves: [] pre_tasks: - name: Load ssh host key dns fingerprint for host command: cat "{{ global_ssh_host_key_directory | quote }}/{{ item | quote }}/dns" delegate_to: localhost register: ssh_key_dns_fpr_raw changed_when: False loop: "{{ groups['all'] }}" - name: Remap ssh host key dns fingerprints set_fact: ssh_key_dns_fpr_map: "{{ ssh_key_dns_fpr_raw.results | items2dict(key_name='item', value_name='stdout') }}" roles: - role: dns/master domain: banananet.work main_nameserver_domain: ns1.banananet.work. responsible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1 ns1 IN A {{ ansible_default_ipv4.address }} ns1 IN AAAA {{ ansible_default_ipv6.address }} ; Automatic server addresses {% for fqdn in groups['public_available'] %} {{ fqdn }}. IN A {{ hostvars[fqdn].ansible_default_ipv4.address }} {{ fqdn }}. IN AAAA {{ hostvars[fqdn].ansible_default_ipv6.address }} {{ ssh_key_dns_fpr_map[fqdn] }} {% endfor %} ; Public use domains @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} auth IN CNAME nvak cloud IN CNAME nvak test.cloud IN CNAME nvak dsa IN CNAME nvak firefox IN CNAME nvak git IN CNAME nvak keys IN CNAME rurapenthe rss IN CNAME nvak wg IN CNAME nvak ; Mail @ IN MX 10 nvak @ IN TXT "v=spf1 +mx -all" mail IN CNAME nvak imap IN CNAME nvak smtp IN CNAME nvak - role: dns/master domain: forumderschan.de main_nameserver_domain: ns1.banananet.work. responsible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1.banananet.work. @ IN NS ns2.banananet.work. ; WebPage @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} www IN A {{ ansible_default_ipv4.address }} www IN AAAA {{ ansible_default_ipv6.address }} ; Mail @ IN MX 10 nvak @ IN TXT "v=spf1 +mx -all" - role: dns/master domain: spotme.fun main_nameserver_domain: ns1.banananet.work. responsible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1.banananet.work. @ IN NS ns2.banananet.work. ; Web Page @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} www IN A {{ ansible_default_ipv4.address }} www IN AAAA {{ ansible_default_ipv6.address }} ; Mail @ IN MX 10 nvak @ IN TXT "v=spf1 +mx -all" - role: dns/master domain: stadtpiraten-karlsruhe.de main_nameserver_domain: ns1.banananet.work. resposible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1.banananet.work. @ IN NS ns2.banananet.work. ; WebPages @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} www IN A {{ ansible_default_ipv4.address }} www IN AAAA {{ ansible_default_ipv6.address }} forum IN A {{ ansible_default_ipv4.address }} forum IN AAAA {{ ansible_default_ipv6.address }} ; Mail @ IN MX 10 nvak @ IN TXT "v=spf1 +mx -all" # Git Server - role: server/gitea domain: git.banananet.work gitea_system_user: git # Banananet.work - role: server/static domain: banananet.work repo: git@git.banananet.work:banananetwork/main-static.git # SpotMe Server # - role: server/spotme # domain: spotme.fun # spotme_system_user: spotme # # Admin Panel # - role: server/php # domain: nvak.banananet.work # repo: PHPMYADMIN # TODO # BananaNetwork Keys - role: server/node domain: keys.banananet.work repo: git@git.banananet.work:banananetwork/keys.git app_port: 12822 system_user: keys-banananet-work # Nextcloud Server - role: server/nextcloud domain: cloud.banananet.work system_user: nextcloud nextcloud_admin_user: zocker nextcloud_admin_pass: "{{ zocker_password }}" # Firefox Sync Server - role: server/firefox-sync domain: firefox.banananet.work # RSS Server # TODO Manual initialization of database required - role: server/tt-rss domain: rss.banananet.work # DSA Seite # - role: server/node # domain: dsa.banananet.work # repo: git@git.banananet.work:dsaGroup/dsaPage.git # app_port: 12821 # system_user: dsaPage # Forum der Schande - role: server/php domain: forumderschan.de repo: git@git.banananet.work:strichliste/strichliste-php.git root: html installation_includes: - includes - role: nginx/forward domain: www.forumderschan.de dest: forumderschan.de # WG Nextcloud - role: server/nextcloud domain: wg.banananet.work nextcloud_admin_user: felix enabled_apps_list: - accessibility - activity - admin_audit - apporder - bruteforcesettings - calendar - checksum - cloud_federation_api - comments - contacts - cookbook - cospend - dav - deck - encryption - external - federatedfilesharing - federation - files - files_automatedtagging - files_ebookreader - files_external - files_markdown - files_pdfviewer - files_rightclick - files_sharing - files_texteditor - files_trashbin - files_versions - files_videoplayer - firstrunwizard - gallery - logreader - lookup_server_connector - metadata - nextcloud_announcements - notes - notifications - oauth2 - ocdownloader - password_policy - polls - privacy - provisioning_api - quota_warning - serverinfo - sharebymail - sharerenamer - sociallogin - socialsharing_email - spreed - support - suspicious_login - systemtags - theming - twofactor_admin - twofactor_backupcodes - twofactor_gateway - twofactor_nextcloud_notification - twofactor_totp - twofactor_u2f - updatenotification - viewer - workflowengine disabled_apps_list: - recommendations - survey_client - user_ldap # # Stadtpiraten # - role: server/typo3 # domain: piraten.dev.banananet.work # - role: server/php # domain: forum.piraten.dev.banananet.work # repo: PHPBB # TODO # version: master # # Stadtpiraten (prod) # - role: nginx/forward # domain: www.stadtpiraten-karlsruhe.de # dest: stadtpiraten-karlsruhe.de - name: Configure rurapenthe hosts: rurapenthe.banananet.work roles: # - role: dns/slave # domain: banananet.work # masters: # - nvak.banananet.work # - role: dns/slave # domain: forumderschan.de # masters: # - nvak.banananet.work # - role: dns/slave # domain: stadtpiraten-karlsruhe.de # masters: # - nvak.banananet.work # - role: dns/slave # domain: spotme.fun # masters: # - nvak.banananet.work - role: server/node domain: keys.banananet.work repo: git@git.banananet.work:banananetwork/keys.git app_port: 12822 system_user: keys-banananet-work #- hosts: 192.168.1.8 # hardie.khitomer.banananet.work # roles: # - role: mysql/application