reorganize

2023-04-26 17:45:19 +02:00 · 2023-04-26 17:45:19 +02:00 · c2521842a0
commit c2521842a0
parent de9c0019fa
15 changed files with 90 additions and 94 deletions
--- a/ansible/atlas.yml
+++ b/ansible/atlas.yml
@ -8,24 +8,6 @@
        cmd: ifup -a

  pre_tasks:
-    - name: Start libvirtd
-      systemd:
-        name: libvirtd
-        enabled: true
-        state: started
-
-    - name: Add root to libvirt group
-      user:
-        name: root
-        groups: libvirt
-        append: yes
-
-    - name: Disable apparmor
-      systemd:
-        name: apparmor
-        enabled: false
-        state: stopped
-
    - name: Copy interfaces configuration
      copy:
        src: dmz.conf
@ -39,8 +21,10 @@
        mode: og=rwx

  roles:
-    - {role: setup-apt, tags: setup-apt}
+    - {role: setup_apt, tags: setup_apt}
+    - {role: libvirt, tags: libvirt}
    - {role: postgresql, tags: postgresql}
-    - {role: githubixx.ansible_role_wireguard, tags: wireguard}
+    - {role: wireguard, tags: wireguard}
    - {role: ssh_ca, tags: ssh_ca}
-    - {role: backupng, tags: backupng}
+    - {role: ssh, tags: ssh}
+    - {role: borg, tags: borg}
--- a/ansible/inventory/host_vars/atlas/apt.yml
+++ b/ansible/inventory/host_vars/atlas/apt.yml
@ -0,0 +1,7 @@
+apt_install_packages:
+  - qemu-kvm
+  - libvirt-daemon-system
+  - postgresql
+  - python3-psycopg2
+  - sudo
+  - bridge-utils
--- a/ansible/inventory/host_vars/atlas/ssh_ca.yml
+++ b/ansible/inventory/host_vars/atlas/ssh_ca.yml
@ -1,34 +1,3 @@
-backup_share_user: "backup-share"
-backup_control_user: "backup-control"
-user_ca: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
-storage_pools: [iso, disk, init]
-wireguard_addresses:
-  - "10.42.0.1/32"
-wireguard_endpoint: "atlas.hyp"
-wireguard_private_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          65666463346536363662353234666662376330396365656361636530663032366436653336383134
-          6463636362636530316434626561623866306165313638330a633761626361393963303933313738
-          30336535333761393663396534373363333465306232343238666538383039636138393661373839
-          3935626664326237310a386337306364663463663764376631336431363062656137376635366361
-          35393135626261626565333261316363633838353833666163666132363462636431626234383864
-          3039633631356339663234656233343635653236356235623532
-wireguard_unmanaged_peers:
-  pim:
-    public_key: "xQ1hkwpIf5x7Wkx1leQHXx3RK8fjGWt2ZmG9XUN3V08="
-    allowed_ips: "10.42.0.2/32"
-  niels:
-    public_key: "WJO/DQUJyDp4rFW291F2Ai51lotU2IC+OATu+5P3Jio="
-    allowed_ips: "10.42.0.3/32"
-
-apt_install_packages:
-  - qemu-kvm
-  - libvirt-daemon-system
-  - postgresql
-  - python3-psycopg2
-  - sudo
-  - bridge-utils
-
 ssh_ca_dir: /root/ssh_ca
 ssh_ca_key_pairs:
  - name: dmz_user
--- a/ansible/inventory/host_vars/atlas/wireguard.yml
+++ b/ansible/inventory/host_vars/atlas/wireguard.yml
@ -0,0 +1,18 @@
+wireguard_addresses:
+  - "10.42.0.1/32"
+wireguard_endpoint: "atlas.hyp"
+wireguard_private_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65666463346536363662353234666662376330396365656361636530663032366436653336383134
+          6463636362636530316434626561623866306165313638330a633761626361393963303933313738
+          30336535333761393663396534373363333465306232343238666538383039636138393661373839
+          3935626664326237310a386337306364663463663764376631336431363062656137376635366361
+          35393135626261626565333261316363633838353833666163666132363462636431626234383864
+          3039633631356339663234656233343635653236356235623532
+wireguard_unmanaged_peers:
+  pim:
+    public_key: "xQ1hkwpIf5x7Wkx1leQHXx3RK8fjGWt2ZmG9XUN3V08="
+    allowed_ips: "10.42.0.2/32"
+  niels:
+    public_key: "WJO/DQUJyDp4rFW291F2Ai51lotU2IC+OATu+5P3Jio="
+    allowed_ips: "10.42.0.3/32"
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -1,6 +1,8 @@
- name: setup-apt
+- name: setup_apt
  src: https://github.com/sunscrapers/ansible-role-apt.git
  scm: git
 - name: ssh_ca
  src: https://git.pim.kunis.nl/pim/ansible-role-ssh-ca
  scm: git
+- name: wireguard
+  src: githubixx.ansible_role_wireguard
--- a/ansible/roles/backupng/files/backup.service
+++ b/ansible/roles/backupng/files/backup.service
--- a/ansible/roles/backupng/files/backup.timer
+++ b/ansible/roles/backupng/files/backup.timer
--- a/ansible/roles/backupng/files/backup.yml
+++ b/ansible/roles/backupng/files/backup.yml
--- a/ansible/roles/backupng/files/start_vms.sh
+++ b/ansible/roles/backupng/files/start_vms.sh
--- a/ansible/roles/backupng/files/stop_vms.sh
+++ b/ansible/roles/backupng/files/stop_vms.sh
--- a/ansible/roles/backupng/handlers/main.yml
+++ b/ansible/roles/backupng/handlers/main.yml
--- a/ansible/roles/borg/tasks/main.yml
+++ b/ansible/roles/borg/tasks/main.yml
@ -0,0 +1,40 @@
+- name: Install Borg
+  apt:
+    pkg:
+      - borgbackup
+      - borgmatic
+
+- name: Copy Borgmatic script
+  template:
+    src: "{{ role_path }}/files/backup.yml"
+    dest: /root/backup.yml
+
+- name: Copy start_vms.sh
+  copy:
+    src: "{{ role_path }}/files/start_vms.sh"
+    dest: /root/start_vms.sh
+    mode: preserve
+
+- name: Copy stop_vms.sh
+  copy:
+    src: "{{ role_path }}/files/stop_vms.sh"
+    dest: /root/stop_vms.sh
+    mode: preserve
+
+- name: Copy systemd backup unit
+  copy:
+    src: "{{ role_path }}/files/backup.service"
+    dest: /etc/systemd/system/backup.service
+  notify: systemd daemon reload
+
+- name: Copy systemd backup timer
+  copy:
+    src: "{{ role_path }}/files/backup.timer"
+    dest: /etc/systemd/system/backup.timer
+  notify: systemd daemon reload
+
+- name: Enable backup timer
+  systemd:
+    name: backup.timer
+    enabled: true
+    state: started
--- a/ansible/roles/libvirt/tasks/main.yml
+++ b/ansible/roles/libvirt/tasks/main.yml
@ -0,0 +1,17 @@
+- name: Start libvirtd
+  systemd:
+    name: libvirtd
+    enabled: true
+    state: started
+
+- name: Add root to libvirt group
+  user:
+    name: root
+    groups: libvirt
+    append: yes
+
+- name: Disable apparmor
+  systemd:
+    name: apparmor
+    enabled: false
+    state: stopped
--- a/ansible/roles/backupng/files/ssh_user_certificate.conf
+++ b/ansible/roles/backupng/files/ssh_user_certificate.conf
--- a/ansible/roles/backupng/tasks/main.yml
+++ b/ansible/roles/backupng/tasks/main.yml
@ -29,47 +29,6 @@
    src: "{{ role_path }}/files/ssh_user_certificate.conf"
    dest: /etc/ssh/ssh_config.d/user_certificate.conf

- name: Install Borg
-  apt:
-    pkg:
-      - borgbackup
-      - borgmatic
-
- name: Copy Borgmatic script
-  template:
-    src: "{{ role_path }}/files/backup.yml"
-    dest: /root/backup.yml
-
- name: Copy start_vms.sh
-  copy:
-    src: "{{ role_path }}/files/start_vms.sh"
-    dest: /root/start_vms.sh
-    mode: preserve
-
- name: Copy stop_vms.sh
-  copy:
-    src: "{{ role_path }}/files/stop_vms.sh"
-    dest: /root/stop_vms.sh
-    mode: preserve
-
- name: Copy systemd backup unit
-  copy:
-    src: "{{ role_path }}/files/backup.service"
-    dest: /etc/systemd/system/backup.service
-  notify: systemd daemon reload
-
- name: Copy systemd backup timer
-  copy:
-    src: "{{ role_path }}/files/backup.timer"
-    dest: /etc/systemd/system/backup.timer
-  notify: systemd daemon reload
-
- name: Enable backup timer
-  systemd:
-    name: backup.timer
-    enabled: true
-    state: started
-
 - name: Add SSH host CA known host
  known_hosts:
    key: '@cert-authority *.dmz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ'