You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/site.yml

288 lines
8.5 KiB
YAML

---
- name: Configure local repository
hosts: 127.0.0.1
connection: local
gather_facts: no
tasks:
- name: Create local directory for credentials & keys
file:
path: "{{ item }}"
owner: "{{ global_local_user }}"
group: "{{ global_local_user }}"
mode: "u=rwx,g=rx,o=rx"
state: directory
loop:
- "{{ global_credentials_directory }}"
- "{{ global_public_key_directory }}"
- "{{ global_ssh_key_directory }}"
- "{{ global_ssh_host_key_directory }}"
- "{{ global_wireguard_private_directory }}"
- "{{ global_wireguard_public_directory }}"
- name: Install required tools
become: yes
become_user: root
become_method: sudo
apt:
name:
- sshpass
- wireguard-tools
state: present
- name: Configure secure root access to hosts
hosts: bootstrap
gather_facts: no
roles:
- role: bootstrap
- hosts: all
strategy: free
roles:
- role: hostname
fqdn: "{{ inventory_hostname }}"
- role: common
- role: account
username: "zocker"
password: "{{ zocker_password }}"
sudo: yes
- name: Install wireguard vpn
hosts: all
strategy: free
roles:
- role: wireguard/application
- name: Configure nvak
tags:
- test
hosts: nvak.banananet.work
vars:
nvak_dns_slaves: []
pre_tasks:
- name: Load ssh host key dns fingerprint for host
local_action:
module: command cat "{{ global_ssh_host_key_directory | quote }}/{{ item | quote }}/dns"
register: ssh_key_dns_fpr_raw
changed_when: False
loop: "{{ groups['all'] }}"
- name: Remap ssh host key dns fingerprints
set_fact:
ssh_key_dns_fpr_map: "{{ ssh_key_dns_fpr_raw.results | items2dict(key_name='item', value_name='stdout') }}"
roles:
- role: dns/master
domain: banananet.work
main_nameserver_domain: ns1.banananet.work.
responsible_mail_name: admin.banananet.work.
slaves: "{{ nvak_dns_slaves }}"
entries: |
; Name Servers
@ IN NS ns1
ns1 IN A {{ ansible_default_ipv4.address }}
ns1 IN AAAA {{ ansible_default_ipv6.address }}
@ IN NS ns2
ns2 IN A {{ hostvars['rurapenthe.banananet.work'].ansible_default_ipv4.address }}
ns2 IN AAAA {{ hostvars['rurapenthe.banananet.work'].ansible_default_ipv6.address }}
; Automatic server addresses
; TODO only if addresses not local
{% for fqdn, facts in hostvars.items() %}
{{ fqdn }}. IN A {{ facts.ansible_default_ipv4.address }}
{{ fqdn }}. IN AAAA {{ facts.ansible_default_ipv6.address }}
{{ ssh_key_dns_fpr_map[fqdn] }}
{% endfor %}
; Public use domains
@ IN A {{ ansible_default_ipv4.address }}
@ IN AAAA {{ ansible_default_ipv6.address }}
auth IN CNAME nvak
cloud IN CNAME nvak
test.cloud IN CNAME nvak
dsa IN CNAME nvak
firefox.quvat IN CNAME nvak ; TODO Legacy domain
git IN CNAME nvak
keys IN CNAME nvak
rss IN CNAME nvak
; Mail
@ IN MX 10 nvak.banananet.work
mail IN CNAME nvak
imap IN CNAME nvak
smtp IN CNAME nvak
- role: dns/master
domain: forumderschan.de
main_nameserver_domain: ns1.banananet.work.
responsible_mail_name: admin.banananet.work.
slaves: "{{ nvak_dns_slaves }}"
entries: |
; Name Servers
@ IN NS ns1.banananet.work.
@ IN NS ns2.banananet.work.
; WebPage
@ IN A {{ ansible_default_ipv4.address }}
@ IN AAAA {{ ansible_default_ipv6.address }}
www IN A {{ ansible_default_ipv4.address }}
www IN AAAA {{ ansible_default_ipv6.address }}
; Mail
@ IN MX 10 nvak.banananet.work
- role: dns/master
domain: spotme.fun
main_nameserver_domain: ns1.banananet.work.
responsible_mail_name: admin.banananet.work.
slaves: "{{ nvak_dns_slaves }}"
entries: |
; Name Servers
@ IN NS ns1.banananet.work.
@ IN NS ns2.banananet.work.
; Web Page
@ IN A {{ ansible_default_ipv4.address }}
@ IN AAAA {{ ansible_default_ipv6.address }}
www IN A {{ ansible_default_ipv4.address }}
www IN AAAA {{ ansible_default_ipv6.address }}
; Mail
@ IN MX 10 nvak.banananet.work
- role: dns/master
domain: stadtpiraten-karlsruhe.de
main_nameserver_domain: ns1.banananet.work.
resposible_mail_name: admin.banananet.work.
slaves: "{{ nvak_dns_slaves }}"
entries: |
; Name Servers
@ IN NS ns1.banananet.work.
@ IN NS ns2.banananet.work.
; WebPages
@ IN A {{ ansible_default_ipv4.address }}
@ IN AAAA {{ ansible_default_ipv6.address }}
www IN A {{ ansible_default_ipv4.address }}
www IN AAAA {{ ansible_default_ipv6.address }}
forum IN A {{ ansible_default_ipv4.address }}
forum IN AAAA {{ ansible_default_ipv6.address }}
; Mail
@ IN MX 10 nvak.banananet.work
# Git Server
- role: server/gitea
domain: git.banananet.work
# Banananet.work
- role: server/static
domain: banananet.work
repo: git@git.banananet.work:banananetwork/main-static.git
# SpotMe Server
# - role: server/spotme
# domain: spotme.fun
# # Admin Panel
# - role: server/php
# domain: nvak.banananet.work
# repo: PHPMYADMIN # TODO
# BananaNetwork Keys
- role: server/node
domain: keys.banananet.work
repo: git@git.banananet.work:banananetwork/keys.git
app_port: 12822
system_user: keys-banananet-work
# Nextcloud Server
- role: server/nextcloud
domain: cloud.banananet.work
# # RSS Server
# - role: server/php
# domain: rss.banananet.work
# repo: TTRSS # TODO
# DSA Seite
- role: server/node
domain: dsa.banananet.work
repo: git@git.banananet.work:dsaGroup/dsaPage.git
app_port: 12821
system_user: dsaPage
# # Forum der Schande
# - role: server/php
# name: strichliste
# domain: forumderschan.de
# repo: git@git.banananet.work:strichliste/strichliste-php.git
# root: html
# includes:
# - includes
- role: nginx/forward
domain: www.forumderschan.de
dest: forumderschan.de
# # Stadtpiraten
# - role: server/typo3
# domain: piraten.dev.banananet.work
# - role: server/php
# domain: forum.piraten.dev.banananet.work
# repo: PHPBB # TODO
# version: master
# # Stadtpiraten (prod)
# - role: nginx/forward
# domain: www.stadtpiraten-karlsruhe.de
# dest: stadtpiraten-karlsruhe.de
#- hosts: quvat.banananet.work
# roles:
# - role: hostname
# fqdn: quvat.banananet.work
#
# - role: server/static
# domain: banananet.work
# repo: git@git.banananet.work:banananetwork/main-static.git
#
# - role: server/php
# domain: quvat.banananet.work
# repo: "MISSING" # TODO
#
# - role: nginx/forward
# domain: server.banananet.work
# forward: quvat.banananet.work
#
# - role: server/node
# domain: keys.banananet.work
# repo: git@git.banananet.work:banananetwork/keys.git
#
# - role: server/nextcloud
# domain: cloud.banananet.work
# nextcloud_admin_user: "{{ common_user }}"
# nextcloud_admin_pass: "{{ common_pass }}"
#
# - role: server/tt-rss
# domain: rss.banananet.work
#
# - role: server/firefox-sync
# domain: firefox.quvat.banananet.work
#
# - role: server/node
# domain: dsa.banananet.work
# repo: git@git.banananet.work:dsaGroup/dsaPage.git
#
# - role: server/php
# domain: forumderschan.de
# repo: git@git.banananet.work:strichliste/strichliste-php.git
# html: /html
#
# - role: nginx/forward
# domain: www.forumderschan.de
# forward: forumderschan.de
#
# - role: server/typo3
# domain: piraten.dev.banananet.work
#
# - role: server/php # TODO Maybe php-bb special configuration
# domain: forum.piraten.dev.banananet.work
#- name: Configure rurapenthe
# hosts: rurapenthe.banananet.work
# roles:
# - role: dns/slave
# domain: banananet.work
# masters:
# - nvak.banananet.work
# - role: dns/slave
# domain: forumderschan.de
# masters:
# - nvak.banananet.work
# - role: dns/slave
# domain: stadtpiraten-karlsruhe.de
# masters:
# - nvak.banananet.work
# - role: dns/slave
# domain: spotme.fun
# masters:
# - nvak.banananet.work
#- hosts: 192.168.1.8 # hardie.khitomer.banananet.work
# roles:
# - role: mysql/application