diff --git a/.gitignore b/.gitignore index 2447124..1c4aedc 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +playbook.retry terraform.tfstate.backup diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml new file mode 100644 index 0000000..40c2a6c --- /dev/null +++ b/ansible/group_vars/all.yml @@ -0,0 +1,47 @@ +root_sshkeys: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io + +root_castles: + - tboerger/homeshick-base + - tboerger/homeshick-vim + - tboerger/homeshick-linux + +users: + - name: tboerger + uid: 1000 + shell: /bin/bash + castles: + - tboerger/homeshick-base + - tboerger/homeshick-vim + - tboerger/homeshick-linux + groups: + - sudo + sshkeys: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCc1nE4kCs9WXEEbotF+0Rivnr/9I0fc56QLZTqIr4Rsl3iZcvVDgYJmh6rPcl9xKBptNo/jK1EJF/bm2APf6wIU5Q7tNjeIw5IMJnBRBfPdQujXumb1LZMGnQvPT/gHdpVZvPkYlKkBocOJGPG99GZL0FlXXpc4eDYrgCMfCzRFG1SbQWcUdipbJJgELmbiOy7c5eHtb9i51x7g99pC91WnpInuN4pa0AFHwDQpBhS8RSLFEAfWNNs4T3SiYiUUq0lIHBoIoTM8fTTzhshXAlGWuwsZ9c9luEAw+n4QL8oD9a2ycWTJ3JCRK3CC/+J2MqCROSL4zpVA7+PFrloScMV tboerger@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1vlBRSgKE2LN6Tbp5pQ4qVVOXlqUnhI4fkEJLCGAGmsQGu5usxNvp9UJq0cGt6Sq1htoDmgIjEZwCE/np8/O7ZQPyHpwOWtUlS4WWiXKW0GYaeoYsuMabMLbuV1CpSZhb93zy7ZLIKUYpP7WHyZmivDaXnYkn2IOu3fvDtTQdXbwlCer96dIQjNE/KEH4/gUXetrLMYYg26gUnSDeHaxGrLQAfA9jNG1EbXiUkx8cFmZLEREHjwkBAHcwZDkqbLvZr+ExAKIVUcSzj1ep5sOrtSpbwxRtmDscviFPruJmsx/Jjl9fMhpZq8lIQb6aQ0qq09KGv1WP4YbLGRItvq9T tboerger@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjASyOuvhSdzOeJCC/9crxcuztTY/AeFV7v59wQrCwozS2hPBcy5UJ4li80ly79t2D/ppCsiGDQjxCpMUKq++canqCIRZ1d6/6ylQPZIQw0rCGRHXDIKlc99i3Fz94XD85ZtFdGe2TWq1T2EEgmCRM9dGWq+f5iloRxnoSrCTXpy8JshnO5kMyQovChKzLBKdHIxddBDlEHxvWI0UcvWNuA8J2nrrOfMdMVKdPa5xeveX2V5oW3YClku7b/W6jO1rdkZ0tyl1n+wbETGmWQC+V4HE5qxK0u+Zmyz/4J+82sKQC6uEWbC9dFRslq+84rd4LyCD2467ZmzzV6HcyWJhL tboerger@gitea.io + - name: lunny + uid: 1001 + shell: /bin/bash + castles: + - tboerger/homeshick-base + - tboerger/homeshick-vim + - tboerger/homeshick-linux + groups: + - sudo + sshkeys: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io + - name: bkc + uid: 1002 + shell: /bin/bash + castles: + - tboerger/homeshick-base + - tboerger/homeshick-vim + - tboerger/homeshick-linux + groups: + - sudo + sshkeys: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCc1nE4kCs9WXEEbotF+0Rivnr/9I0fc56QLZTqIr4Rsl3iZcvVDgYJmh6rPcl9xKBptNo/jK1EJF/bm2APf6wIU5Q7tNjeIw5IMJnBRBfPdQujXumb1LZMGnQvPT/gHdpVZvPkYlKkBocOJGPG99GZL0FlXXpc4eDYrgCMfCzRFG1SbQWcUdipbJJgELmbiOy7c5eHtb9i51x7g99pC91WnpInuN4pa0AFHwDQpBhS8RSLFEAfWNNs4T3SiYiUUq0lIHBoIoTM8fTTzhshXAlGWuwsZ9c9luEAw+n4QL8oD9a2ycWTJ3JCRK3CC/+J2MqCROSL4zpVA7+PFrloScMV tboerger@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1vlBRSgKE2LN6Tbp5pQ4qVVOXlqUnhI4fkEJLCGAGmsQGu5usxNvp9UJq0cGt6Sq1htoDmgIjEZwCE/np8/O7ZQPyHpwOWtUlS4WWiXKW0GYaeoYsuMabMLbuV1CpSZhb93zy7ZLIKUYpP7WHyZmivDaXnYkn2IOu3fvDtTQdXbwlCer96dIQjNE/KEH4/gUXetrLMYYg26gUnSDeHaxGrLQAfA9jNG1EbXiUkx8cFmZLEREHjwkBAHcwZDkqbLvZr+ExAKIVUcSzj1ep5sOrtSpbwxRtmDscviFPruJmsx/Jjl9fMhpZq8lIQb6aQ0qq09KGv1WP4YbLGRItvq9T tboerger@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjASyOuvhSdzOeJCC/9crxcuztTY/AeFV7v59wQrCwozS2hPBcy5UJ4li80ly79t2D/ppCsiGDQjxCpMUKq++canqCIRZ1d6/6ylQPZIQw0rCGRHXDIKlc99i3Fz94XD85ZtFdGe2TWq1T2EEgmCRM9dGWq+f5iloRxnoSrCTXpy8JshnO5kMyQovChKzLBKdHIxddBDlEHxvWI0UcvWNuA8J2nrrOfMdMVKdPa5xeveX2V5oW3YClku7b/W6jO1rdkZ0tyl1n+wbETGmWQC+V4HE5qxK0u+Zmyz/4J+82sKQC6uEWbC9dFRslq+84rd4LyCD2467ZmzzV6HcyWJhL tboerger@gitea.io + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io diff --git a/ansible/group_vars/server.yml b/ansible/group_vars/server.yml new file mode 100644 index 0000000..6555c40 --- /dev/null +++ b/ansible/group_vars/server.yml @@ -0,0 +1,4 @@ +users_available: + - tboerger + - lunny + - bkc diff --git a/ansible/host_vars/laozi.yml b/ansible/host_vars/laozi.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/hosts.ini b/ansible/hosts.ini new file mode 100644 index 0000000..a1f20cf --- /dev/null +++ b/ansible/hosts.ini @@ -0,0 +1,2 @@ +[server] +laozi ansible_user=root ansible_host=laozi.gitea.io diff --git a/ansible/playbook.yml b/ansible/playbook.yml new file mode 100644 index 0000000..0eb7168 --- /dev/null +++ b/ansible/playbook.yml @@ -0,0 +1,6 @@ +- hosts: server + roles: + - base + - root + - users + - docker diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml new file mode 100644 index 0000000..65b82d8 --- /dev/null +++ b/ansible/roles/base/tasks/main.yml @@ -0,0 +1,7 @@ +- name: vars + include_vars: ubuntu.yml + when: ansible_distribution == 'Ubuntu' + +- name: ubuntu + include: ubuntu.yml + when: ansible_distribution == 'Ubuntu' diff --git a/ansible/roles/base/tasks/ubuntu.yml b/ansible/roles/base/tasks/ubuntu.yml new file mode 100644 index 0000000..ecc04e3 --- /dev/null +++ b/ansible/roles/base/tasks/ubuntu.yml @@ -0,0 +1,5 @@ +- name: install + with_items: '{{ base_packages }}' + package: + name: '{{ item }}' + state: present diff --git a/ansible/roles/base/vars/ubuntu.yml b/ansible/roles/base/vars/ubuntu.yml new file mode 100644 index 0000000..eafee18 --- /dev/null +++ b/ansible/roles/base/vars/ubuntu.yml @@ -0,0 +1,3 @@ +base_packages: + - apt-transport-https + - software-properties-common diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml new file mode 100644 index 0000000..38445fa --- /dev/null +++ b/ansible/roles/docker/defaults/main.yml @@ -0,0 +1,5 @@ +docker_packages: + - docker-engine + +docker_services: + - docker diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml new file mode 100644 index 0000000..cf7f576 --- /dev/null +++ b/ansible/roles/docker/handlers/main.yml @@ -0,0 +1,6 @@ +- name: restart docker + with_items: '{{ docker_services }}' + systemd: + name: '{{ item }}' + state: restarted + daemon_reload: yes diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml new file mode 100644 index 0000000..d7556aa --- /dev/null +++ b/ansible/roles/docker/tasks/main.yml @@ -0,0 +1,41 @@ +- name: key + apt_key: + keyserver: hkp://p80.pool.sks-keyservers.net:80 + id: 58118E89F3A912897C070ADBF76221572C52609D + state: present + +- name: repo + apt_repository: + repo: deb https://apt.dockerproject.org/repo ubuntu-xenial main + filename: docker.list + update_cache: yes + state: present + +- name: install + with_items: '{{ docker_packages }}' + package: + name: '{{ item }}' + state: present + +- name: service + notify: + - restart docker + template: + src: service.j2 + dest: /etc/systemd/system/docker.service + +- name: default + notify: + - restart docker + template: + src: default.j2 + dest: /etc/default/docker + +- name: start + with_items: '{{ docker_services }}' + systemd: + name: '{{ item }}' + state: started + daemon_reload: yes + masked: no + enabled: yes diff --git a/ansible/roles/docker/templates/default.j2 b/ansible/roles/docker/templates/default.j2 new file mode 100644 index 0000000..b981802 --- /dev/null +++ b/ansible/roles/docker/templates/default.j2 @@ -0,0 +1 @@ +DOCKER_OPTS="" diff --git a/ansible/roles/docker/templates/service.j2 b/ansible/roles/docker/templates/service.j2 new file mode 100644 index 0000000..b6000fb --- /dev/null +++ b/ansible/roles/docker/templates/service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Docker + +After=network.target +After=docker.socket +Requires=docker.socket + +[Service] +EnvironmentFile=-/etc/default/docker + +Type=notify +TimeoutStartSec=0 +Delegate=yes +KillMode=process +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity + +ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS +ExecReload=/bin/kill -s HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/root/defaults/main.yml b/ansible/roles/root/defaults/main.yml new file mode 100644 index 0000000..eaf2dde --- /dev/null +++ b/ansible/roles/root/defaults/main.yml @@ -0,0 +1,4 @@ +root_castles: [] +root_sshkeys: +root_private_key: +root_public_key: diff --git a/ansible/roles/root/tasks/main.yml b/ansible/roles/root/tasks/main.yml new file mode 100644 index 0000000..9aabc96 --- /dev/null +++ b/ansible/roles/root/tasks/main.yml @@ -0,0 +1,36 @@ +- name: install + with_items: + - git + package: + name: '{{ item }}' + state: present + +- name: homeshick + git: + repo: https://github.com/andsens/homeshick.git + dest: /root/.homesick/repos/homeshick + +- name: castles + with_items: '{{ root_castles }}' + when: root_castles|default(None) != None + git: + repo: https://github.com/{{ item }}.git + dest: /root/.homesick/repos/{{ item | basename }} + +- name: links + with_items: '{{ root_castles }}' + when: root_castles|default(None) != None + command: /root/.homesick/repos/homeshick/bin/homeshick -f -b -q link {{ item | basename }} + +- name: sshkeys + when: root_sshkeys|default(None) != None + authorized_key: + user: root + key: '{{ root_sshkeys }}' + path: /root/.ssh/instance_keys + exclusive: yes + state: present + +- name: fetchkeys + when: root_sshkeys|default(None) != None + command: scw-fetch-ssh-keys --upgrade diff --git a/ansible/roles/users/defaults/main.yml b/ansible/roles/users/defaults/main.yml new file mode 100644 index 0000000..be3d6d7 --- /dev/null +++ b/ansible/roles/users/defaults/main.yml @@ -0,0 +1,2 @@ +users: [] +users_available: [] diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml new file mode 100644 index 0000000..847f7ac --- /dev/null +++ b/ansible/roles/users/tasks/main.yml @@ -0,0 +1,62 @@ +- name: install + with_items: + - git + package: + name: '{{ item }}' + state: present + +- name: group + with_items: '{{ users }}' + when: item.name in users_available + group: + name: '{{ item.name }}' + gid: '{{ item.uid }}' + state: present + +- name: create + with_items: '{{ users }}' + when: item.name in users_available + user: + name: '{{ item.name }}' + uid: '{{ item.uid }}' + group: '{{ item.name }}' + shell: '{{ item.shell }}' + groups: '{{ item.groups | join(",") }}' + generate_ssh_key: yes + append: yes + createhome: yes + state: present + +- name: homeshick + with_items: '{{ users }}' + when: item.name in users_available + become: yes + become_user: '{{ item.name }}' + git: + repo: https://github.com/andsens/homeshick.git + dest: /home/{{ item.name }}/.homesick/repos/homeshick + +- name: castles + with_subelements: ['{{ users }}', castles] + when: item.0.name in users_available + become: yes + become_user: '{{ item.0.name }}' + git: + repo: https://github.com/{{ item.1 }}.git + dest: /home/{{ item.0.name }}/.homesick/repos/{{ item.1 | basename }} + +- name: links + with_subelements: ['{{ users }}', castles] + when: item.0.name in users_available + become: yes + become_user: '{{ item.0.name }}' + command: /home/{{ item.0.name }}/.homesick/repos/homeshick/bin/homeshick -f -b -q link {{ item.1 | basename }} + +- name: sshkeys + with_items: '{{ users }}' + when: item.name in users_available + authorized_key: + user: '{{ item.name }}' + key: '{{ item.sshkeys }}' + exclusive: yes + state: present