home/hypervisors
Archived
2
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity

reorganize

Browse source
This commit is contained in:
Pim Kunis 2023-04-26 17:45:19 +02:00
parent de9c0019fa
commit c2521842a0
15 changed files with 90 additions and 94 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
ansible/atlas.yml
View file

@ -8,24 +8,6 @@
cmd: ifup -a cmd: ifup -a
pre_tasks: pre_tasks:
- name: Start libvirtd
systemd:
name: libvirtd
enabled: true
state: started
- name: Add root to libvirt group
user:
name: root
groups: libvirt
append: yes
- name: Disable apparmor
systemd:
name: apparmor
enabled: false
state: stopped
- name: Copy interfaces configuration - name: Copy interfaces configuration
copy: copy:
src: dmz.conf src: dmz.conf
@ -39,8 +21,10 @@
mode: og=rwx mode: og=rwx
roles: roles:
- {role: setup-apt, tags: setup-apt} - {role: setup_apt, tags: setup_apt}
- {role: libvirt, tags: libvirt}
- {role: postgresql, tags: postgresql} - {role: postgresql, tags: postgresql}
- {role: githubixx.ansible_role_wireguard, tags: wireguard} - {role: wireguard, tags: wireguard}
- {role: ssh_ca, tags: ssh_ca} - {role: ssh_ca, tags: ssh_ca}
- {role: backupng, tags: backupng} - {role: ssh, tags: ssh}
- {role: borg, tags: borg}

7
ansible/inventory/host_vars/atlas/apt.yml Normal file
View file

@ -0,0 +1,7 @@
apt_install_packages:
- qemu-kvm
- libvirt-daemon-system
- postgresql
- python3-psycopg2
- sudo
- bridge-utils

31
ansible/inventory/host_vars/atlas.yml → ansible/inventory/host_vars/atlas/ssh_ca.yml
View file

@ -1,34 +1,3 @@
backup_share_user: "backup-share"
backup_control_user: "backup-control"
user_ca: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
storage_pools: [iso, disk, init]
wireguard_addresses:
- "10.42.0.1/32"
wireguard_endpoint: "atlas.hyp"
wireguard_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
65666463346536363662353234666662376330396365656361636530663032366436653336383134
6463636362636530316434626561623866306165313638330a633761626361393963303933313738
30336535333761393663396534373363333465306232343238666538383039636138393661373839
3935626664326237310a386337306364663463663764376631336431363062656137376635366361
35393135626261626565333261316363633838353833666163666132363462636431626234383864
3039633631356339663234656233343635653236356235623532
wireguard_unmanaged_peers:
pim:
public_key: "xQ1hkwpIf5x7Wkx1leQHXx3RK8fjGWt2ZmG9XUN3V08="
allowed_ips: "10.42.0.2/32"
niels:
public_key: "WJO/DQUJyDp4rFW291F2Ai51lotU2IC+OATu+5P3Jio="
allowed_ips: "10.42.0.3/32"
apt_install_packages:
- qemu-kvm
- libvirt-daemon-system
- postgresql
- python3-psycopg2
- sudo
- bridge-utils
ssh_ca_dir: /root/ssh_ca ssh_ca_dir: /root/ssh_ca
ssh_ca_key_pairs: ssh_ca_key_pairs:
- name: dmz_user - name: dmz_user

18
ansible/inventory/host_vars/atlas/wireguard.yml Normal file
View file

@ -0,0 +1,18 @@
wireguard_addresses:
- "10.42.0.1/32"
wireguard_endpoint: "atlas.hyp"
wireguard_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
65666463346536363662353234666662376330396365656361636530663032366436653336383134
6463636362636530316434626561623866306165313638330a633761626361393963303933313738
30336535333761393663396534373363333465306232343238666538383039636138393661373839
3935626664326237310a386337306364663463663764376631336431363062656137376635366361
35393135626261626565333261316363633838353833666163666132363462636431626234383864
3039633631356339663234656233343635653236356235623532
wireguard_unmanaged_peers:
pim:
public_key: "xQ1hkwpIf5x7Wkx1leQHXx3RK8fjGWt2ZmG9XUN3V08="
allowed_ips: "10.42.0.2/32"
niels:
public_key: "WJO/DQUJyDp4rFW291F2Ai51lotU2IC+OATu+5P3Jio="
allowed_ips: "10.42.0.3/32"

4
ansible/requirements.yml
View file

@ -1,6 +1,8 @@
- name: setup-apt - name: setup_apt
src: https://github.com/sunscrapers/ansible-role-apt.git src: https://github.com/sunscrapers/ansible-role-apt.git
scm: git scm: git
- name: ssh_ca - name: ssh_ca
src: https://git.pim.kunis.nl/pim/ansible-role-ssh-ca src: https://git.pim.kunis.nl/pim/ansible-role-ssh-ca
scm: git scm: git
- name: wireguard
src: githubixx.ansible_role_wireguard

0
ansible/roles/backupng/files/backup.service → ansible/roles/borg/files/backup.service
View file

0
ansible/roles/backupng/files/backup.timer → ansible/roles/borg/files/backup.timer
View file

0
ansible/roles/backupng/files/backup.yml → ansible/roles/borg/files/backup.yml
View file

0
ansible/roles/backupng/files/start_vms.sh → ansible/roles/borg/files/start_vms.sh
View file

0
ansible/roles/backupng/files/stop_vms.sh → ansible/roles/borg/files/stop_vms.sh
View file

0
ansible/roles/backupng/handlers/main.yml → ansible/roles/borg/handlers/main.yml
View file

40
ansible/roles/borg/tasks/main.yml Normal file
View file

@ -0,0 +1,40 @@
- name: Install Borg
apt:
pkg:
- borgbackup
- borgmatic
- name: Copy Borgmatic script
template:
src: "{{ role_path }}/files/backup.yml"
dest: /root/backup.yml
- name: Copy start_vms.sh
copy:
src: "{{ role_path }}/files/start_vms.sh"
dest: /root/start_vms.sh
mode: preserve
- name: Copy stop_vms.sh
copy:
src: "{{ role_path }}/files/stop_vms.sh"
dest: /root/stop_vms.sh
mode: preserve
- name: Copy systemd backup unit
copy:
src: "{{ role_path }}/files/backup.service"
dest: /etc/systemd/system/backup.service
notify: systemd daemon reload
- name: Copy systemd backup timer
copy:
src: "{{ role_path }}/files/backup.timer"
dest: /etc/systemd/system/backup.timer
notify: systemd daemon reload
- name: Enable backup timer
systemd:
name: backup.timer
enabled: true
state: started

17
ansible/roles/libvirt/tasks/main.yml Normal file
View file

@ -0,0 +1,17 @@
- name: Start libvirtd
systemd:
name: libvirtd
enabled: true
state: started
- name: Add root to libvirt group
user:
name: root
groups: libvirt
append: yes
- name: Disable apparmor
systemd:
name: apparmor
enabled: false
state: stopped

0
ansible/roles/backupng/files/ssh_user_certificate.conf → ansible/roles/ssh/files/ssh_user_certificate.conf
View file

41
ansible/roles/backupng/tasks/main.yml → ansible/roles/ssh/tasks/main.yml
View file

@ -29,47 +29,6 @@
src: "{{ role_path }}/files/ssh_user_certificate.conf" src: "{{ role_path }}/files/ssh_user_certificate.conf"
dest: /etc/ssh/ssh_config.d/user_certificate.conf dest: /etc/ssh/ssh_config.d/user_certificate.conf
- name: Install Borg
apt:
pkg:
- borgbackup
- borgmatic
- name: Copy Borgmatic script
template:
src: "{{ role_path }}/files/backup.yml"
dest: /root/backup.yml
- name: Copy start_vms.sh
copy:
src: "{{ role_path }}/files/start_vms.sh"
dest: /root/start_vms.sh
mode: preserve
- name: Copy stop_vms.sh
copy:
src: "{{ role_path }}/files/stop_vms.sh"
dest: /root/stop_vms.sh
mode: preserve
- name: Copy systemd backup unit
copy:
src: "{{ role_path }}/files/backup.service"
dest: /etc/systemd/system/backup.service
notify: systemd daemon reload
- name: Copy systemd backup timer
copy:
src: "{{ role_path }}/files/backup.timer"
dest: /etc/systemd/system/backup.timer
notify: systemd daemon reload
- name: Enable backup timer
systemd:
name: backup.timer
enabled: true
state: started
- name: Add SSH host CA known host - name: Add SSH host CA known host
known_hosts: known_hosts:
key: '@cert-authority *.dmz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ' key: '@cert-authority *.dmz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ'