banananetwork
/
ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dehydrated
wip
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'wip'
${ noResults }
ansible/site.yml

295 lines
8.7 KiB
YAML
Raw Permalink Blame History

---
- name: Configure local repository
hosts: 127.0.0.1
connection: local
gather_facts: no
tasks:
- name: Create local directory for credentials & keys
file:
path: "{{ item }}"
owner: "{{ global_local_user }}"
group: "{{ global_local_user }}"
mode: "u=rwx,g=rx,o=rx"
state: directory
loop:
- "{{ global_credentials_directory }}"
- "{{ global_public_key_directory }}"
- "{{ global_ssh_key_directory }}"
- "{{ global_ssh_host_key_directory }}"
- "{{ global_wireguard_private_directory }}"
- "{{ global_wireguard_public_directory }}"
- name: Install required tools
become: yes
become_user: root
become_method: sudo
apt:
name:
- sshpass
- wireguard-tools
state: present
- name: Configure secure root access to hosts
hosts: bootstrap
gather_facts: no
roles:
- role: bootstrap
- hosts: all
strategy: free
roles:
- role: hostname
fqdn: "{{ inventory_hostname }}"
- role: common
- role: account
username: "zocker"
password: "{{ zocker_password }}"
sudo: yes
- name: Install wireguard vpn
hosts: all
strategy: free
roles:
- role: wireguard/application
- name: Configure nvak
tags:
- test
hosts: nvak.banananet.work
vars:
nvak_dns_slaves: []
pre_tasks:
- name: Load ssh host key dns fingerprint for host
local_action:
module: command cat "{{ global_ssh_host_key_directory | quote }}/{{ item | quote }}/dns"
register: ssh_key_dns_fpr_raw
changed_when: False
loop: "{{ groups['all'] }}"
- name: Remap ssh host key dns fingerprints
set_fact:
ssh_key_dns_fpr_map: "{{ ssh_key_dns_fpr_raw.results | items2dict(key_name='item', value_name='stdout') }}"
roles:
- role: dns/master
domain: banananet.work
main_nameserver_domain: ns1.banananet.work.
responsible_mail_name: admin.banananet.work.
slaves: "{{ nvak_dns_slaves }}"
entries: |
; Name Servers
@ IN NS ns1
ns1 IN A {{ ansible_default_ipv4.address }}
ns1 IN AAAA {{ ansible_default_ipv6.address }}
@ IN NS ns2
ns2 IN A {{ hostvars['rurapenthe.banananet.work'].ansible_default_ipv4.address }}
ns2 IN AAAA {{ hostvars['rurapenthe.banananet.work'].ansible_default_ipv6.address }}
; Automatic server addresses
; TODO only if addresses not local
{% for fqdn, facts in hostvars.items() %}
{{ fqdn }}. IN A {{ facts.ansible_default_ipv4.address }}
{{ fqdn }}. IN AAAA {{ facts.ansible_default_ipv6.address }}
{{ ssh_key_dns_fpr_map[fqdn] }}
{% endfor %}
; Public use domains
@ IN A {{ ansible_default_ipv4.address }}
@ IN AAAA {{ ansible_default_ipv6.address }}
auth IN CNAME nvak
cloud IN CNAME nvak
test.cloud IN CNAME nvak
dsa IN CNAME nvak
firefox IN CNAME nvak
git IN CNAME nvak
keys IN CNAME nvak
rss IN CNAME nvak
; Mail
@ IN MX 10 nvak
@ IN TXT "v=spf1 +mx -all"
mail IN CNAME nvak
imap IN CNAME nvak
smtp IN CNAME nvak
- role: dns/master
domain: forumderschan.de
main_nameserver_domain: ns1.banananet.work.
responsible_mail_name: admin.banananet.work.
slaves: "{{ nvak_dns_slaves }}"
entries: |
; Name Servers
@ IN NS ns1.banananet.work.
@ IN NS ns2.banananet.work.
; WebPage
@ IN A {{ ansible_default_ipv4.address }}
@ IN AAAA {{ ansible_default_ipv6.address }}
www IN A {{ ansible_default_ipv4.address }}
www IN AAAA {{ ansible_default_ipv6.address }}
; Mail
@ IN MX 10 nvak
@ IN TXT "v=spf1 +mx -all"
- role: dns/master
domain: spotme.fun
main_nameserver_domain: ns1.banananet.work.
responsible_mail_name: admin.banananet.work.
slaves: "{{ nvak_dns_slaves }}"
entries: |
; Name Servers
@ IN NS ns1.banananet.work.
@ IN NS ns2.banananet.work.
; Web Page
@ IN A {{ ansible_default_ipv4.address }}
@ IN AAAA {{ ansible_default_ipv6.address }}
www IN A {{ ansible_default_ipv4.address }}
www IN AAAA {{ ansible_default_ipv6.address }}
; Mail
@ IN MX 10 nvak
@ IN TXT "v=spf1 +mx -all"
- role: dns/master
domain: stadtpiraten-karlsruhe.de
main_nameserver_domain: ns1.banananet.work.
resposible_mail_name: admin.banananet.work.
slaves: "{{ nvak_dns_slaves }}"
entries: |
; Name Servers
@ IN NS ns1.banananet.work.
@ IN NS ns2.banananet.work.
; WebPages
@ IN A {{ ansible_default_ipv4.address }}
@ IN AAAA {{ ansible_default_ipv6.address }}
www IN A {{ ansible_default_ipv4.address }}
www IN AAAA {{ ansible_default_ipv6.address }}
forum IN A {{ ansible_default_ipv4.address }}
forum IN AAAA {{ ansible_default_ipv6.address }}
; Mail
@ IN MX 10 nvak
@ IN TXT "v=spf1 +mx -all"
# Git Server
- role: server/gitea
domain: git.banananet.work
# Banananet.work
- role: server/static
domain: banananet.work
repo: git@git.banananet.work:banananetwork/main-static.git
# SpotMe Server
# - role: server/spotme
# domain: spotme.fun
# # Admin Panel
# - role: server/php
# domain: nvak.banananet.work
# repo: PHPMYADMIN # TODO
# BananaNetwork Keys
- role: server/node
domain: keys.banananet.work
repo: git@git.banananet.work:banananetwork/keys.git
app_port: 12822
system_user: keys-banananet-work
# Nextcloud Server
- role: server/nextcloud
domain: cloud.banananet.work
# Firefox Sync Server
- role: server/firefox-sync
domain: firefox.banananet.work
# # RSS Server
# - role: server/php
# domain: rss.banananet.work
# repo: TTRSS # TODO
# DSA Seite
- role: server/node
domain: dsa.banananet.work
repo: git@git.banananet.work:dsaGroup/dsaPage.git
app_port: 12821
system_user: dsaPage
# # Forum der Schande
# - role: server/php
# name: strichliste
# domain: forumderschan.de
# repo: git@git.banananet.work:strichliste/strichliste-php.git
# root: html
# includes:
# - includes
- role: nginx/forward
domain: www.forumderschan.de
dest: forumderschan.de
# # Stadtpiraten
# - role: server/typo3
# domain: piraten.dev.banananet.work
# - role: server/php
# domain: forum.piraten.dev.banananet.work
# repo: PHPBB # TODO
# version: master
# # Stadtpiraten (prod)
# - role: nginx/forward
# domain: www.stadtpiraten-karlsruhe.de
# dest: stadtpiraten-karlsruhe.de
#- hosts: quvat.banananet.work
# roles:
# - role: hostname
# fqdn: quvat.banananet.work
#
# - role: server/static
# domain: banananet.work
# repo: git@git.banananet.work:banananetwork/main-static.git
#
# - role: server/php
# domain: quvat.banananet.work
# repo: "MISSING" # TODO
#
# - role: nginx/forward
# domain: server.banananet.work
# forward: quvat.banananet.work
#
# - role: server/node
# domain: keys.banananet.work
# repo: git@git.banananet.work:banananetwork/keys.git
#
# - role: server/nextcloud
# domain: cloud.banananet.work
# nextcloud_admin_user: "{{ common_user }}"
# nextcloud_admin_pass: "{{ common_pass }}"
#
# - role: server/tt-rss
# domain: rss.banananet.work
#
# - role: server/firefox-sync
# domain: firefox.quvat.banananet.work
#
# - role: server/node
# domain: dsa.banananet.work
# repo: git@git.banananet.work:dsaGroup/dsaPage.git
#
# - role: server/php
# domain: forumderschan.de
# repo: git@git.banananet.work:strichliste/strichliste-php.git
# html: /html
#
# - role: nginx/forward
# domain: www.forumderschan.de
# forward: forumderschan.de
#
# - role: server/typo3
# domain: piraten.dev.banananet.work
#
# - role: server/php # TODO Maybe php-bb special configuration
# domain: forum.piraten.dev.banananet.work
#- name: Configure rurapenthe
# hosts: rurapenthe.banananet.work
# roles:
# - role: dns/slave
# domain: banananet.work
# masters:
# - nvak.banananet.work
# - role: dns/slave
# domain: forumderschan.de
# masters:
# - nvak.banananet.work
# - role: dns/slave
# domain: stadtpiraten-karlsruhe.de
# masters:
# - nvak.banananet.work
# - role: dns/slave
# domain: spotme.fun
# masters:
# - nvak.banananet.work
#- hosts: 192.168.1.8 # hardie.khitomer.banananet.work
# roles:
# - role: mysql/application
Reference in New Issue View Git Blame Copy Permalink