You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/site.yml

306 lines
7.6 KiB
YAML

---
- name: Configure local repository
hosts: 127.0.0.1
connection: local
gather_facts: no
tasks:
- name: Create local directory for credentials & keys
file:
path: "{{ item }}"
owner: "{{ global_local_user }}"
group: "{{ global_local_user }}"
mode: "u=rwx,g=rx,o=rx"
state: directory
loop:
- "{{ global_credentials_directory }}"
- "{{ global_public_key_directory }}"
- "{{ global_ssh_key_directory }}"
- "{{ global_ssh_host_key_directory }}"
- "{{ global_wireguard_private_directory }}"
- "{{ global_wireguard_public_directory }}"
- name: Install required tools
become: yes
become_user: root
become_method: sudo
apt:
name:
- sshpass
- wireguard-tools
state: present
- name: Configure secure root access to hosts
hosts: bootstrap
gather_facts: no
roles:
- role: bootstrap
- hosts: all
strategy: free
roles:
- role: hostname
fqdn: "{{ inventory_hostname }}"
- role: common
- role: account
username: "zocker"
password: "{{ zocker_password }}"
authorized_keys: "{{ zocker_authorized_keys_url }}"
sudo: yes
- name: Configure bwcloud nodes
import_playbook: playbooks/group_bwcloud.yml
- name: Configure wireguard network
import_playbook: playbooks/wireguard.yml
- name: Include dns configuration
import_playbook: playbooks/dns.yml
- name: Configure nvak
tags:
- test
hosts: nvak.banananet.work
roles:
# Git Server
- role: server/gitea
domain: git.banananet.work
gitea_system_user: git
# Banananet.work
- role: server/static
domain: banananet.work
repo: git@git.banananet.work:banananetwork/main-static.git
# SpotMe Server
# - role: server/spotme
# domain: spotme.fun
# spotme_system_user: spotme
# # Admin Panel
# - role: server/php
# domain: nvak.banananet.work
# repo: PHPMYADMIN # TODO
# BananaNetwork Keys
# - role: server/node
# domain: keys.banananet.work
# repo: git@git.banananet.work:banananetwork/keys.git
# app_port: 12822
# system_user: keys-banananet-work
# Nextcloud Server
- role: server/nextcloud
domain: cloud.banananet.work
system_user: nextcloud
nextcloud_admin_user: zocker
nextcloud_admin_pass: "{{ zocker_password }}"
enabled_apps_list:
- accessibility
- activity
- admin_audit
- apporder
- bruteforcesettings
- calendar
- checksum
- cloud_federation_api
- comments
- contacts
- cospend
- dav
- deck
- dicomviewer
- external
- federatedfilesharing
- federation
- files
- files_automatedtagging
- files_ebookreader
- files_external
- files_markdown
- files_pdfviewer
- files_readmemd
- files_rightclick
- files_sharing
- files_texteditor
- files_trashbin
- files_versions
- files_videoplayer
- firstrunwizard
- gallery
- logreader
- lookup_server_connector
- mail
- metadata
- nextcloud_announcements
- notes
- notifications
- oauth2
- ocdownloader
- password_policy
- phonetrack
- polls
- privacy
- provisioning_api
- quota_warning
- serverinfo
- sharebymail
- sharerenamer
- social
- sociallogin
- socialsharing_email
- spreed
- support
- suspicious_login
- systemtags
- tasks
- theming
- twofactor_admin
- twofactor_backupcodes
- twofactor_gateway
- twofactor_nextcloud_notification
- twofactor_totp
- twofactor_u2f
- updatenotification
- viewer
- workflowengine
disabled_apps_list:
- encryption
- recommendations
- survey_client
- user_ldap
# Firefox Sync Server
- role: server/firefox-sync
domain: firefox.banananet.work
# RSS Server
# TODO Manual initialization of database required
- role: server/tt-rss
domain: rss.banananet.work
# DSA Seite
# - role: server/node
# domain: dsa.banananet.work
# repo: git@git.banananet.work:dsaGroup/dsaPage.git
# app_port: 12821
# system_user: dsaPage
# Forum der Schande
- role: server/php
domain: forumderschan.de
repo: git@git.banananet.work:strichliste/strichliste-php.git
root: html
installation_includes:
- includes
- role: nginx/forward
domain: www.forumderschan.de
dest: forumderschan.de
# WG Nextcloud
- role: server/nextcloud
domain: wg.banananet.work
nextcloud_admin_user: felix
enabled_apps_list:
- accessibility
- activity
- apporder
- bruteforcesettings
- calendar
- checksum
- cloud_federation_api
- comments
- contacts
- cookbook
- cospend
- dav
- deck
- encryption
- external
- federatedfilesharing
- federation
- files
- files_automatedtagging
- files_ebookreader
- files_external
- files_markdown
- files_pdfviewer
- files_readmemd
- files_rightclick
- files_sharing
- files_texteditor
- files_trashbin
- files_versions
- files_videoplayer
- firstrunwizard
- gallery
- logreader
- lookup_server_connector
- metadata
- nextcloud_announcements
- notes
- notifications
- oauth2
- ocdownloader
- password_policy
- polls
- privacy
- provisioning_api
- quota_warning
- serverinfo
- sharebymail
- sharerenamer
- sociallogin
- socialsharing_email
- spreed
- support
- suspicious_login
- systemtags
- tasks
- theming
- twofactor_admin
- twofactor_backupcodes
- twofactor_gateway
- twofactor_nextcloud_notification
- twofactor_totp
- twofactor_u2f
- updatenotification
- viewer
- workflowengine
disabled_apps_list:
- admin_audit
- recommendations
- survey_client
- user_ldap
# # Stadtpiraten
# - role: server/typo3
# domain: piraten.dev.banananet.work
# - role: server/php
# domain: forum.piraten.dev.banananet.work
# repo: PHPBB # TODO
# version: master
# # Stadtpiraten (prod)
# - role: nginx/forward
# domain: www.stadtpiraten-karlsruhe.de
# dest: stadtpiraten-karlsruhe.de
- name: Configure rurapenthe
hosts: rurapenthe.banananet.work
roles:
# - role: dns/slave
# domain: banananet.work
# masters:
# - nvak.banananet.work
# - role: dns/slave
# domain: forumderschan.de
# masters:
# - nvak.banananet.work
# - role: dns/slave
# domain: stadtpiraten-karlsruhe.de
# masters:
# - nvak.banananet.work
# - role: dns/slave
# domain: spotme.fun
# masters:
# - nvak.banananet.work
- role: server/node
domain: keys.banananet.work
repo: git@git.banananet.work:banananetwork/keys.git
app_port: 12822
system_user: keys-banananet-work
environment_vars:
REGISTER_PASS: "{{ global_ip_discover_register_pass }}"
- hosts: hardie.khitomer.banananet.work
roles:
- role: misc/ip_discover