commit b6c92161fd4afee3de0d08e326f323db8afc259c Author: J. Doe Date: Sat Sep 21 19:42:08 2019 +0200 boilerplate diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..caa8231 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +roles/ +.vagrant diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..2fda69b --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,32 @@ +stages: + # - ansible-lint + - deploy_app + +# ansible-lint: +# only: +# - master +# stage: ansible-lint +# image: yokogawa/ansible-lint +# allow_failure: true +# script: + +# - 'ansible-lint setup.yml' + +deploy_app: + only: + - master + stage: deploy_app + # TODO: use private ubuntu w/ ansible image to not reinstall ansible at every build + # not working: + # image: williamyeh/ansible:ubuntu18.04 + # running systemd requires privileged container so instead of running services we run processes as daemons + # not working: + # image: jrei/systemd-ubuntu:latest + image: ubuntu:latest + script: + - apt-add-repository --yes --update ppa:ansible/ansible + # useless? + # - apt update + # sudo is used by some roles and not installed on docker + - apt install --yes sudo software-properties-common ansible + - "ansible-playbook -i gitlab-ci-inventory.ini setup.yml -vv --extra-var docker_enabled=true" diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..7b68024 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "roles/synapse"] + path = roles/synapse + url = https://gitlab.com/famedly/ansible/synapse diff --git a/README.md b/README.md new file mode 100644 index 0000000..958fd66 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# Fuz Playbooks + +Playbooks for (relatively) easy sysadmin! \ No newline at end of file diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..677fb9a --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,72 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + config.vm.box = "ubuntu/bionic64" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine and only allow access + # via 127.0.0.1 to disable public access + config.vm.network "forwarded_port", guest: 8008, host: 8008, host_ip: "127.0.0.1" + config.vm.network "forwarded_port", guest: 8448, host: 8448, host_ip: "127.0.0.1" + config.vm.network "forwarded_port", guest: 443, host: 443, host_ip: "127.0.0.1" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # Display the VirtualBox GUI when booting the machine + # vb.gui = true + + # Customize the amount of memory on the VM: + vb.memory = "4096" + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + # config.vm.provision "shell", inline: <<-SHELL + # apt-get update + # apt-get install -y apache2 + # SHELL +end diff --git a/ansible-pull-cron.yml b/ansible-pull-cron.yml new file mode 100644 index 0000000..b855cb4 --- /dev/null +++ b/ansible-pull-cron.yml @@ -0,0 +1 @@ +# Configure crontab of ansible pull to this repo to create a puppet-like kind of config \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..dbd6b04 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +inventory = hosts.ini +host_key_checking = False \ No newline at end of file diff --git a/certificate.yml b/certificate.yml new file mode 100644 index 0000000..6b1c2a0 --- /dev/null +++ b/certificate.yml @@ -0,0 +1 @@ +# Correctly setup Let's Encrypt certificate renewal \ No newline at end of file diff --git a/gitlab-ci-inventory.ini b/gitlab-ci-inventory.ini new file mode 100644 index 0000000..e1fe8be --- /dev/null +++ b/gitlab-ci-inventory.ini @@ -0,0 +1,5 @@ +docker-shared-runner ansible_connection=local become=true +[postgresql] +docker-shared-runner +[synapse] +docker-shared-runner \ No newline at end of file diff --git a/nextcloud.yml b/nextcloud.yml new file mode 100644 index 0000000..5017995 --- /dev/null +++ b/nextcloud.yml @@ -0,0 +1 @@ +# Nextcloud with Calendar, Notes and Kanban enabled. \ No newline at end of file diff --git a/setup.yml b/setup.yml new file mode 100644 index 0000000..e62e9a0 --- /dev/null +++ b/setup.yml @@ -0,0 +1,12 @@ +--- + +- hosts: + - postgresql + - synapse + + roles: + - geerlingguy.pip + +- import_playbook: postgres.yml +# todo: create synapse user +- import_playbook: synapse.yml \ No newline at end of file diff --git a/synapse.yml b/synapse.yml new file mode 100644 index 0000000..4f8db83 --- /dev/null +++ b/synapse.yml @@ -0,0 +1,28 @@ +--- +- hosts: synapse +# todo: create user for synapse + vars: + # matrix_synapse_version: "v1.3.1" + # localhosts causes certificate generation bugs + # matrix_server_name: localhost + matrix_server_name: dev + matrix_synapse_deployment_method: pip + matrix_synapse_baseurl: "https://{{ matrix_server_name }}" + matrix_synapse_signing_key_path: "{{ matrix_synapse_base_path }}/tls/{{ matrix_server_name }}.signing.key" + # Test variables, doesn't seem to be working. Maybe a hostname problem + matrix_synapse_tls_cert: "" + matrix_synapse_tls_key: "" + + matrix_synapse_pg_host: localhost + matrix_synapse_pg_user: "{{ synapse_dbuser }}" + matrix_synapse_pg_pass: "{{ synapse_dbpw }}" + matrix_synapse_pg_db: "{{ synapse_dbname }}" + matrix_synapse_report_stats: false # Report stats to matrix.org? + + matrix_synapse_extra_config: # no_tls:true disables port 8448 + no_tls: false + + # pre_tasks: + # tasks: + roles: + - synapse \ No newline at end of file diff --git a/website.yml b/website.yml new file mode 100644 index 0000000..738d875 --- /dev/null +++ b/website.yml @@ -0,0 +1 @@ +# Static site deployment with Hugo? \ No newline at end of file