--- - name: Configure local repository hosts: 127.0.0.1 connection: local gather_facts: no tasks: - name: Create local directory for credentials & keys file: path: "{{ item }}" owner: "{{ global_local_user }}" group: "{{ global_local_user }}" mode: "u=rwx,g=rx,o=rx" state: directory loop: - "{{ global_credentials_directory }}" - "{{ global_public_key_directory }}" - "{{ global_ssh_key_directory }}" - "{{ global_ssh_host_key_directory }}" - "{{ global_wireguard_private_directory }}" - "{{ global_wireguard_public_directory }}" - name: Install required tools become: yes become_user: root become_method: sudo apt: name: - sshpass - wireguard-tools state: present - name: Configure secure root access to hosts hosts: bootstrap gather_facts: no roles: - role: bootstrap - hosts: all strategy: free roles: - role: hostname fqdn: "{{ inventory_hostname }}" - role: common - role: account username: "zocker" password: "{{ zocker_password }}" sudo: yes - name: Install wireguard vpn hosts: all strategy: free roles: - role: wireguard/application - name: Configure nvak tags: - test hosts: nvak.banananet.work vars: nvak_dns_slaves: [] pre_tasks: - name: Load ssh host key dns fingerprint for host local_action: module: command cat "{{ global_ssh_host_key_directory | quote }}/{{ item | quote }}/dns" register: ssh_key_dns_fpr_raw changed_when: False loop: "{{ groups['all'] }}" - name: Remap ssh host key dns fingerprints set_fact: ssh_key_dns_fpr_map: "{{ ssh_key_dns_fpr_raw.results | items2dict(key_name='item', value_name='stdout') }}" roles: - role: dns/master domain: banananet.work main_nameserver_domain: ns1.banananet.work. responsible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1 ns1 IN A {{ ansible_default_ipv4.address }} ns1 IN AAAA {{ ansible_default_ipv6.address }} @ IN NS ns2 ns2 IN A {{ hostvars['rurapenthe.banananet.work'].ansible_default_ipv4.address }} ns2 IN AAAA {{ hostvars['rurapenthe.banananet.work'].ansible_default_ipv6.address }} ; Automatic server addresses ; TODO only if addresses not local {% for fqdn, facts in hostvars.items() %} {{ fqdn }}. IN A {{ facts.ansible_default_ipv4.address }} {{ fqdn }}. IN AAAA {{ facts.ansible_default_ipv6.address }} {{ ssh_key_dns_fpr_map[fqdn] }} {% endfor %} ; Public use domains @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} auth IN CNAME nvak cloud IN CNAME nvak test.cloud IN CNAME nvak dsa IN CNAME nvak firefox.quvat IN CNAME nvak ; TODO Legacy domain git IN CNAME nvak keys IN CNAME nvak rss IN CNAME nvak ; Mail @ IN MX 10 nvak @ IN TXT "v=spf1 +mx -all" mail IN CNAME nvak imap IN CNAME nvak smtp IN CNAME nvak - role: dns/master domain: forumderschan.de main_nameserver_domain: ns1.banananet.work. responsible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1.banananet.work. @ IN NS ns2.banananet.work. ; WebPage @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} www IN A {{ ansible_default_ipv4.address }} www IN AAAA {{ ansible_default_ipv6.address }} ; Mail @ IN MX 10 nvak.banananet.work - role: dns/master domain: spotme.fun main_nameserver_domain: ns1.banananet.work. responsible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1.banananet.work. @ IN NS ns2.banananet.work. ; Web Page @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} www IN A {{ ansible_default_ipv4.address }} www IN AAAA {{ ansible_default_ipv6.address }} ; Mail @ IN MX 10 nvak.banananet.work - role: dns/master domain: stadtpiraten-karlsruhe.de main_nameserver_domain: ns1.banananet.work. resposible_mail_name: admin.banananet.work. slaves: "{{ nvak_dns_slaves }}" entries: | ; Name Servers @ IN NS ns1.banananet.work. @ IN NS ns2.banananet.work. ; WebPages @ IN A {{ ansible_default_ipv4.address }} @ IN AAAA {{ ansible_default_ipv6.address }} www IN A {{ ansible_default_ipv4.address }} www IN AAAA {{ ansible_default_ipv6.address }} forum IN A {{ ansible_default_ipv4.address }} forum IN AAAA {{ ansible_default_ipv6.address }} ; Mail @ IN MX 10 nvak.banananet.work # Git Server - role: server/gitea domain: git.banananet.work # Banananet.work - role: server/static domain: banananet.work repo: git@git.banananet.work:banananetwork/main-static.git # SpotMe Server # - role: server/spotme # domain: spotme.fun # # Admin Panel # - role: server/php # domain: nvak.banananet.work # repo: PHPMYADMIN # TODO # BananaNetwork Keys - role: server/node domain: keys.banananet.work repo: git@git.banananet.work:banananetwork/keys.git app_port: 12822 system_user: keys-banananet-work # Nextcloud Server - role: server/nextcloud domain: cloud.banananet.work # # RSS Server # - role: server/php # domain: rss.banananet.work # repo: TTRSS # TODO # DSA Seite - role: server/node domain: dsa.banananet.work repo: git@git.banananet.work:dsaGroup/dsaPage.git app_port: 12821 system_user: dsaPage # # Forum der Schande # - role: server/php # name: strichliste # domain: forumderschan.de # repo: git@git.banananet.work:strichliste/strichliste-php.git # root: html # includes: # - includes - role: nginx/forward domain: www.forumderschan.de dest: forumderschan.de # # Stadtpiraten # - role: server/typo3 # domain: piraten.dev.banananet.work # - role: server/php # domain: forum.piraten.dev.banananet.work # repo: PHPBB # TODO # version: master # # Stadtpiraten (prod) # - role: nginx/forward # domain: www.stadtpiraten-karlsruhe.de # dest: stadtpiraten-karlsruhe.de #- hosts: quvat.banananet.work # roles: # - role: hostname # fqdn: quvat.banananet.work # # - role: server/static # domain: banananet.work # repo: git@git.banananet.work:banananetwork/main-static.git # # - role: server/php # domain: quvat.banananet.work # repo: "MISSING" # TODO # # - role: nginx/forward # domain: server.banananet.work # forward: quvat.banananet.work # # - role: server/node # domain: keys.banananet.work # repo: git@git.banananet.work:banananetwork/keys.git # # - role: server/nextcloud # domain: cloud.banananet.work # nextcloud_admin_user: "{{ common_user }}" # nextcloud_admin_pass: "{{ common_pass }}" # # - role: server/tt-rss # domain: rss.banananet.work # # - role: server/firefox-sync # domain: firefox.quvat.banananet.work # # - role: server/node # domain: dsa.banananet.work # repo: git@git.banananet.work:dsaGroup/dsaPage.git # # - role: server/php # domain: forumderschan.de # repo: git@git.banananet.work:strichliste/strichliste-php.git # html: /html # # - role: nginx/forward # domain: www.forumderschan.de # forward: forumderschan.de # # - role: server/typo3 # domain: piraten.dev.banananet.work # # - role: server/php # TODO Maybe php-bb special configuration # domain: forum.piraten.dev.banananet.work #- name: Configure rurapenthe # hosts: rurapenthe.banananet.work # roles: # - role: dns/slave # domain: banananet.work # masters: # - nvak.banananet.work # - role: dns/slave # domain: forumderschan.de # masters: # - nvak.banananet.work # - role: dns/slave # domain: stadtpiraten-karlsruhe.de # masters: # - nvak.banananet.work # - role: dns/slave # domain: spotme.fun # masters: # - nvak.banananet.work #- hosts: 192.168.1.8 # hardie.khitomer.banananet.work # roles: # - role: mysql/application