about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--base_apps.yml88
-rw-r--r--bootstrap.yml58
-rw-r--r--certs.yml38
-rw-r--r--docker.yml78
4 files changed, 126 insertions, 136 deletions
diff --git a/base_apps.yml b/base_apps.yml
index 2534efd..76e2365 100644
--- a/base_apps.yml
+++ b/base_apps.yml
@@ -1,46 +1,46 @@
 ---
-  - name: Base
-    hosts: tamriel
-    remote_user: ansible_worker
-    become: yes
-    tasks:
-    - name: docker gpg keys
-      apt_key:
-        url: https://download.docker.com/linux/debian/gpg
-    - name: Ensure apt has https transport
-      apt: name=apt-transport-https
-    - name: docker debian repository
-      apt_repository:
-        repo: deb [arch=amd64] https://download.docker.com/linux/debian stretch stable 
-        update_cache: true
-    - name: Base packages
-      apt:
-        name: "{{ item }}"
-      with_items:
-      - tmux
-      - htop
-      - syncthing
-      - docker-ce
-      - tig
-      - git
-      - hugo
-      - rsync
-      - python-pip
-      - mc
-    - name: Upgrade all packages
-      apt:
-        upgrade: full
-    - name: Install docker-compose
-      pip:
-        name: "{{ item }}"
-      with_items:
-      - docker
-      - docker-compose
+- name: Base
+  hosts: tamriel
+  remote_user: ansible_worker
+  become: yes
+  tasks:
+  - name: docker gpg keys
+    apt_key:
+      url: https://download.docker.com/linux/debian/gpg
+  - name: Ensure apt has https transport
+    apt: name=apt-transport-https
+  - name: docker debian repository
+    apt_repository:
+      repo: deb [arch=amd64] https://download.docker.com/linux/debian stretch stable 
+      update_cache: true
+  - name: Base packages
+    apt:
+      name: "{{ item }}"
+    with_items:
+    - tmux
+    - htop
+    - syncthing
+    - docker-ce
+    - tig
+    - git
+    - hugo
+    - rsync
+    - python-pip
+    - mc
+  - name: Upgrade all packages
+    apt:
+      upgrade: full
+  - name: Install docker-compose
+    pip:
+      name: "{{ item }}"
+    with_items:
+    - docker
+    - docker-compose
 
-    - name: Enable services
-      systemd:
-        enabled: true
-        state: started
-        name: "{{ item }}"
-      with_items:
-      - "syncthing@pawel"
+  - name: Enable services
+    systemd:
+      enabled: true
+      state: started
+      name: "{{ item }}"
+    with_items:
+    - "syncthing@pawel"
diff --git a/bootstrap.yml b/bootstrap.yml
index 6a00e93..022194e 100644
--- a/bootstrap.yml
+++ b/bootstrap.yml
@@ -1,36 +1,26 @@
 ---
-  - name: Bootstrap base systems
-    hosts: tamriel
-    remote_user: root
-    vars:
-      users:
-      - login: pawel
-        groups: ['sudo', 'remote_access', 'docker']
-        pubkey: "{{ lookup('file', '/home/pawel/.ssh/id_rsa.pub') }}"
-        shell: /bin/zsh
-      - login: ansible_worker
-        groups: ['sudo', 'remote_access', 'docker']
-        pubkey: "{{ lookup('file', '/home/pawel/.ssh/id_rsa.pub') }}"
-        shell: /bin/bash
-    roles:
-    - base_users
-    tasks:
-    - name: zsh
-      apt: 
-        name: zsh
-        update_cache: true
-    - name: Allow paswordless sudo
-      lineinfile:
-        dest: /etc/sudoers
-        state: present
-        insertafter: "^%sudo"
-        line: "ansible_worker\tALL=(ALL:ALL) NOPASSWD: ALL"
-        validate: '/usr/sbin/visudo -cf %s'
-    #    line: "%sudo ALL=(ALL) NOPASSWD: ALL"
-    - file:
-        path: /home/pawel/.zshrc
-        owner: pawel
-        group: pawel
-        state: touch
-        mode: 0660
+- name: Bootstrap base systems
+  hosts: tamriel
+  remote_user: root
+  vars:
+    users:
+    - login: pawel
+      groups: ['sudo', 'remote_access', 'docker']
+      pubkey: "{{ lookup('file', '/home/pawel/.ssh/id_rsa.pub') }}"
+      shell: /bin/bash
+    - login: ansible_worker
+      groups: ['sudo', 'remote_access', 'docker']
+      pubkey: "{{ lookup('file', '/home/pawel/.ssh/id_rsa.pub') }}"
+      shell: /bin/bash
+  roles:
+  - base_users
+  tasks:
+  - name: Allow paswordless sudo
+    lineinfile:
+      dest: /etc/sudoers
+      state: present
+      insertafter: "^%sudo"
+      line: "ansible_worker\tALL=(ALL:ALL) NOPASSWD: ALL"
+      validate: '/usr/sbin/visudo -cf %s'
+  #    line: "%sudo ALL=(ALL) NOPASSWD: ALL"
 
diff --git a/certs.yml b/certs.yml
index e8a81e0..8f72a8b 100644
--- a/certs.yml
+++ b/certs.yml
@@ -1,20 +1,20 @@
 ---
-  - name: Certbot
-    hosts: tamriel
-    remote_user: ansible_worker
-    tasks:
-    - synchronize:
-        src: ~/.ovh/
-        dest: ~/ovh
-    - docker_container:
-        image: certbot/dns-ovh
-        name: certbot-ovh
-        #auto_remove: true
-        volumes:
-          - /etc/letsencrypt:/etc/letsencrypt:rw
-          - /var/lib/letsencrypt:/var/lib/letsencrypt:rw
-          - /home/ansible_worker/ovh:/opt/ovh:ro
-        command: certonly --dns-ovh --dns-ovh-propagation-seconds 60 --dns-ovh-credentials /opt/ovh/credentials.ini -d "dybiec.info,*.dybiec.info"
-    - file:
-        path: ~/ovh
-        state: absent
+- name: Certbot
+  hosts: tamriel
+  remote_user: ansible_worker
+  tasks:
+  - synchronize:
+      src: ~/.ovh/
+      dest: ~/ovh
+  - docker_container:
+      image: certbot/dns-ovh
+      name: certbot-ovh
+      #auto_remove: true
+      volumes:
+        - /etc/letsencrypt:/etc/letsencrypt:rw
+        - /var/lib/letsencrypt:/var/lib/letsencrypt:rw
+        - /home/ansible_worker/ovh:/opt/ovh:ro
+      command: certonly --dns-ovh --dns-ovh-propagation-seconds 60 --dns-ovh-credentials /opt/ovh/credentials.ini -d "dybiec.info,*.dybiec.info"
+  - file:
+      path: ~/ovh
+      state: absent
diff --git a/docker.yml b/docker.yml
index 05812f1..d1d08b1 100644
--- a/docker.yml
+++ b/docker.yml
@@ -1,40 +1,40 @@
 ---
-  - name: Docker apps
-    hosts: tamriel
-    remote_user: ansible_worker
-    tasks:
-    - name: synchronize docker composefiles
-      synchronize:
-        src: composer/
-        dest: composer
-    - name: counter app
-      docker_service:
-        project_src: composer/app
-    - name: nginx
-      docker_service:
-        project_src: composer/nginx
-    - name: gitea
-      docker_service:
-        project_src: composer/gitea
-    - name: grafana
-      docker_service:
-        project_src: composer/grafana
-    - name: registry
-      docker_service:
-        project_src: composer/registry
-    - name: vpn
-      docker_service:
-        project_name: vpn
-        definition:
-          version: '2'
-          volumes:
-            openvpn-certs:
-              external:
-                name: openvpn-pawel
-          services:
-            openvpn:
-              image: kylemanna/openvpn
-              network_mode: host
-              volumes:
-                - "openvpn-certs:/etc/openvpn"
-              privileged: true
+- name: Docker apps
+  hosts: tamriel
+  remote_user: ansible_worker
+  tasks:
+  - name: Synchronize docker-compose files
+    synchronize:
+      src: composer/
+      dest: composer
+  - name: counter app
+    docker_service:
+      project_src: composer/app
+  - name: nginx
+    docker_service:
+      project_src: composer/nginx
+  - name: gitea
+    docker_service:
+      project_src: composer/gitea
+  - name: grafana
+    docker_service:
+      project_src: composer/grafana
+  - name: registry
+    docker_service:
+      project_src: composer/registry
+  - name: vpn
+    docker_service:
+      project_name: vpn
+      definition:
+        version: '2'
+        volumes:
+          openvpn-certs:
+            external:
+              name: openvpn-pawel
+        services:
+          openvpn:
+            image: kylemanna/openvpn
+            network_mode: host
+            volumes:
+              - "openvpn-certs:/etc/openvpn"
+            privileged: true
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-03 00:21:55 +0000