move from homeservers repo

2023-02-25 15:35:35 +01:00 · 2023-02-25 15:35:35 +01:00 · e7492b10e3
commit e7492b10e3
10 changed files with 110 additions and 0 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,8 @@
 [defaults]
 roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
 inventory=inventory
 vault_password_file=util/secret-service-client.sh
 interpreter_python=/usr/bin/python3
 [diff]
 always = True
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -0,0 +1,9 @@
 borg_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIBTag7YToG5W+H2kEUz40kOH+7cs0Lp3owFFKkmHBiWM"
 dataserver_public_key: "AAAAC3NzaC1lZDI1NTE5AAAAIJsLVptkoOwmxs6DnenN8u7Q1Tm/Psh0QdI6vjrTgb6D"
 kingston1tb_mount_point: "/mnt/kingston1TB"
 kingston1tb_uuid: "622a8d81-aa2f-460b-a563-c3cdb6285609"
 backup_location: "{{ kingston1tb_mount_point }}/homeserver_backup"
 admin_public_keys:
  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -0,0 +1,7 @@
 all:
  children:
    dataserver:
      hosts:
        lewis:
          ansible_user: root
          ansible_host: lewis.lan
--- a/playbooks/all.yml
+++ b/playbooks/all.yml
@ -0,0 +1,6 @@
 - name: Setup homeserver
  hosts: dataserver
  roles:
    - {role: 'common', tags: 'common'}
    - {role: 'system', tags: 'system'}
    - {role: 'borg', tags: 'borg'}
--- a/roles/borg/tasks/main.yml
+++ b/roles/borg/tasks/main.yml
@ -0,0 +1,22 @@
 - name: Create extra disk moint point
  file:
    path: "{{ kingston1tb_mount_point }}"
    state: directory
 - name: Mount extra disk
  ansible.posix.mount:
    path: "{{kingston1tb_mount_point }}"
    src: "UUID={{ kingston1tb_uuid }}"
    fstype: ext4
    passno: 1
    state: present
 - name: Install borg
  apt:
    name: borgbackup
 - name: Add Borg public key
  authorized_key:
    key: "ssh-ed25519 {{ borg_public_key }} root@max"
    user: "{{ ansible_user_id }}"
 - name: Create Borg repository
  command:
    cmd: "borg init -e none {{ backup_location }}"
    creates: "{{ backup_location }}"
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -0,0 +1,7 @@
 - name: APT upgrade
  apt:
    autoremove: true
    upgrade: yes
    state: latest
    update_cache: yes
    cache_valid_time: 86400 # One day
--- a/roles/system/files/ssh_host_ed25519_key
+++ b/roles/system/files/ssh_host_ed25519_key
@ -0,0 +1,25 @@
 $ANSIBLE_VAULT;1.1;AES256
 38633038656332643033396338303864343332636434633331366266383235316235313236646361
 6634313931303637616535373966316165656564366437330a393465356237626631303063363061
 62323737343635316139636664663937333233323737376238656566633037613938383737306132
 6237633230623962320a643433323532646261366532346234653332323336653162366433626465
 31386461393535303730333865356364646137386634643630353831383039353763396536313439
 30333335623364306166346232303862633636633066323062313531363234396362653232316261
 36666132623030323332623334323632636639646239363032626364646334643461346662616366
 39656266643937663531656137353031353130366238326535383261333539353439353566313537
 38353632353039643530613766313033313063333331333733613939383731663262623766626266
 64363061306166353633333634363332633461346538316661666364626639366132356434343631
 61373432633863643237386435386633366161393934646562343261386335353638353033343932
 62393633366163613064393966663830646237613265396462376238396639363566363865303861
 36343666326632626166323430303137323236346137346131623636653236353061343633383437
 61396534636166353038626162376335363137636164616631646261366332303135306237356432
 61626261656332666536343039316333303431653931666233363366613166663266663130656633
 39316363326532653665626136393135373863383234326638303466353930653038303433643536
 30666237363230306634333162396562623034386232666465343631306433373764626634613635
 63343965623163356536626162613863373033396565366361353538323933656165653932653937
 34666538353139636366333765363733336134396566613134303530633666326165306131353535
 33653133663166333964326330366530643730363861626261666366383334613661303762636663
 34376531343732346630643466616638323537633665373333346162306361393836326533636630
 61656335306337643930613662613832626530653630343566643661356666313331316438366538
 37333166636639363838303665626137643731626338356662656338393335343239376635303633
 35663237653238313133
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@ -0,0 +1,15 @@
 - name: Add admins' authorized keys
  authorized_key:
    key: "{{ item }}"
    user: "{{ ansible_user_id }}"
  loop: "{{ admin_public_keys }}"
 - name: Copy host public key
  template:
    src: "{{ role_path }}/templates/ssh_host_ed25519_key.pub.j2"
    dest: "/etc/ssh/ssh_host_ed25519_key.pub"
    mode: 0644
 - name: Copy host private key
  copy:
    src: "{{ role_path }}/files/ssh_host_ed25519_key"
    dest: "/etc/ssh/ssh_host_ed25519_key"
    mode: 0600
--- a/roles/system/templates/ssh_host_ed25519_key.pub.j2
+++ b/roles/system/templates/ssh_host_ed25519_key.pub.j2
@ -0,0 +1 @@
 ssh-ed25519 {{ dataserver_public_key }} root@lewis
--- a/util/secret-service-client.sh
+++ b/util/secret-service-client.sh
@ -0,0 +1,10 @@
 #!/bin/bash
 pass=`secret-tool lookup ansible_vault dataserver`
 retval=$?
 if [ $retval -ne 0 ]; then
 	echo Provide password:
 	read -s pass
 fi
 echo $pass
		`@ -0,0 +1 @@`
							`ssh-ed25519 {{ dataserver_public_key }} root@lewis`