kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactored playbooks and optimized main.py

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-03-19 13:05:03 +01:00
parent bd4241d74e
commit 83de47921d
17 changed files with 513 additions and 444 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
tasks/README.md Normal file
View File

@@ -0,0 +1,82 @@
# Installation
This guide explains how to deploy and manage the Cyber Master Infrastructure Solution (CyMaIS) using Ansible. CyMaIS is based on a collection of playbooks that are designed for your servers and personal computers. The playbooks use different “modes” to control behavior such as updates, backups, resets, and cleanup tasks. This document outlines how to use Ansible Vault, describes the various operating modes, and shows example commands to run the playbooks.
This guide should give you a comprehensive starting point for managing your infrastructure with CyMaIS. For further details, consult the individual role documentation and the accompanying repository README files.
## Prerequisites
- **Inventory File:** Have an inventory file that lists your servers and PCs. (Paths in examples are general; adjust them to your environment.)
- **Vault Password File (Optional):** Prepare a file with your vault password if you prefer not to enter it interactively.
## Operating Modes
CyMaIS playbooks support several modes that control which tasks are executed:
- **mode_reset** (`true`/`false`):
When enabled, cleans up all CyMaIS-related files. Use this mode when you need to reinitialize the system completely. _Note: Run the full playbook when using reset mode._
- **mode_test** (`true`/`false`):
Executes test routines instead of production routines. Useful for staging or validation.
- **mode_update** (`true`/`false`):
Enables update tasks to upgrade packages and Docker images. Set to `false` if you want to skip updates.
- **mode_backup** (`true`/`false`):
Activates backup procedures before applying updates. This ensures your data is backed up prior to any changes.
- **mode_cleanup** (`true`/`false`):
Performs cleanup of unused files and configurations (e.g., removing obsolete certificates or Docker volumes).
These modes are defined in your group variables (e.g., in a file like `group_vars/all/01_modes.yml`) and can be overridden via extra variables when running playbooks.
---
## Deploying on Servers
To deploy CyMaIS on your servers, use an Ansible playbook that targets your server inventory. Below are some example commands:
### Configure All Servers
```bash
ansible-playbook -i /path/to/your/inventory/servers.yml "$(pkgmgr path cymais)playbook.servers.yml" --ask-vault-pass
```
### Configure a Specific Server
For example, to target a server named `galaxyserver`:
```bash
ansible-playbook -i /path/to/your/inventory/servers.tmp "$(pkgmgr path cymais)playbook.servers.yml" --limit galaxyserver --ask-vault-pass
```
### Run in Temporary Mode Without Update
```bash
ansible-playbook -i /path/to/your/inventory/servers.tmp "$(pkgmgr path cymais)playbook.servers.yml" --limit galaxyserver -e "mode_update=false" --ask-vault-pass
```
### Run Without Update and Backup
```bash
ansible-playbook -i /path/to/your/inventory/servers.tmp "$(pkgmgr path cymais)playbook.servers.yml" --limit galaxyserver -e "mode_update=false" -e "mode_backup=false" --ask-vault-pass
```
### Run with Cleanup and Debug (Using a Vault Password File)
```bash
ansible-playbook -i /path/to/your/inventory/servers.tmp "$(pkgmgr path cymais)playbook.servers.yml" --limit galaxyserver -e "mode_update=false" -e "mode_backup=false" -e "mode_cleanup=true" -e "enable_debug=true" -v --vault-password-file /path/to/your/vault_pass.txt
```
---
## Using a Password File
To avoid entering your vault password interactively every time, use the `--vault-password-file` option:
```bash
--vault-password-file /path/to/your/vault_pass.txt
```
Ensure the vault password file is stored securely.
---
## Final Notes
- **Combining Modes:**
The different modes (reset, test, update, backup, cleanup) can be combined by passing extra variables (using `-e`) on the command line. This flexibility allows you to tailor the playbook run to your current needs.
- **Debugging:**
If you need more verbose output or troubleshooting information, add the `-v` (or `-vvv`) option when running the playbook.

109
tasks/constructor.yml Normal file
View File

@@ -0,0 +1,109 @@
---
- name: Merge variables
block:
- name: Merge users
set_fact:
users: "{{ default_users | combine(users, recursive=True) }}"
- name: Merge system_email definitions
set_fact:
system_email: "{{ default_system_email | combine(system_email | default({}, true), recursive=True) }}"
- name: Merge domain definitions
set_fact:
domains: "{{ defaults_domains | combine(domains | default({}, true), recursive=True) }}"
- name: Merge redirect domain definitions into dictionary
set_fact:
combined_mapping: >-
{{
(defaults_redirect_domain_mappings | items2dict(key_name='source', value_name='target'))
| combine(
(redirect_domain_mappings | default([]) | items2dict(key_name='source', value_name='target')),
recursive=True
)
}}
- name: Transform combined mapping to list with source and target keys
set_fact:
redirect_domain_mappings: "{{ redirect_domain_mappings | default([]) + [ {'source': item.key, 'target': item.value} ] }}"
loop: "{{ combined_mapping | dict2items }}"
- name: Merge application definitions
set_fact:
applications: "{{ defaults_applications | combine(applications | default({}, true), recursive=True) }}"
- name: Merge networks definitions
set_fact:
networks: "{{ defaults_networks | combine(networks | default({}, true), recursive=True) }}"
- name: Merge oidc configuration
set_fact:
oidc: "{{ defaults_oidc | combine(oidc | default({}, true), recursive=True) }}"
- name: Merge design configuration
set_fact:
design: "{{ defaults_design | combine(design | default({}, true), recursive=True) }}"
- name: Merge service_provider configuration
set_fact:
service_provider: "{{ defaults_service_provider | combine(service_provider | default({}, true), recursive=True) }}"
- name: "Merged Variables"
# Add new merged variables here
debug:
msg:
domains: "{{domains}}"
applications: "{{applications}}"
oidc: "{{oidc}}"
service_provider: "{{service_provider}}"
users: "{{users}}"
when: enable_debug | bool
- name: update device
include_role:
name: update
when: mode_update | bool
- name: setup standard wireguard
when: ("wireguard_server" in group_names)
include_role:
name: wireguard
# vpn setup
- name: setup wireguard client behind firewall\nat
when: ("wireguard_behind_firewall" in group_names)
include_role:
name: client-wireguard-behind-firewall
- name: setup wireguard client
when: ("wireguard_client" in group_names)
include_role:
name: client-wireguard
## backup setup
- name: setup replica backup hosts
when: ("backup_remote_to_local" in group_names)
include_role:
name: backup-remote-to-local
- name: setup backup to swappable
when: ("backup_to_usb" in group_names)
include_role:
name: backup-data-to-usb
## driver setup
- name: driver-intel
when: ("intel" in group_names)
include_role:
name: driver-intel
- name: setup multiprinter hosts
when: ("epson_multiprinter" in group_names)
include_role:
name: driver-epson-multiprinter
## system setup
- name: setup swapfile hosts
when: ("swapfile" in group_names)
include_role:
name: system-swapfile

4
tasks/destructor.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: optimize storage performance
include_role:
name: system-storage-optimizer
when: "(path_mass_storage is defined or path_rapid_storage is defined) and enable_system_storage_optimizer | bool and (docker_enabled is defined and docker_enabled | bool) "

90
tasks/personal_computer.yml Normal file
View File

@@ -0,0 +1,90 @@
---
## pc applications
- name: general host setup
when: ("personal_computers" in group_names)
include_role:
name: "{{ item }}"
loop:
- pc-administrator-tools
- driver-non-free
- name: pc-office
when: ("collection_officetools
include_role:
name: "{{ item }}"
loop:
- pc-office
- pc-jrnl
- name: personal computer for business
when: ("business_personal_computer" in group_names)
include_role:
name: pc-gnucash
- name: pc-designer-tools
when: ("collection_designer" in group_names)
include_role:
name: pc-designer-tools
- name: pc-qbittorrent
when: ("collection_torrent" in group_names)
include_role:
name: pc-qbittorrent
- name: pc-streaming-tools
when: ("collection_streamer" in group_names)
include_role:
name: pc-streaming-tools
- name: pc-bluray-player-tools
when: ("collection_bluray_player" in group_names)
include_role:
name: pc-bluray-player-tools
- name: pc-latex
when: ("latex" in group_names)
include_role:
name: pc-latex
- name: GNOME setup
when: ("gnome
include_role:
name: pc-gnome
- name: setup ssh client
when: ("ssh" in group_names)
become: false
include_role:
name: pc-ssh
- name: setup gaming hosts
when: ("gaming" in group_names)
include_role:
name: pc-games
- name: setup entertainment hosts
when: ("entertainment" in group_names)
include_role:
name: pc-spotify
- name: setup torbrowser hosts
when: ("torbrowser" in group_names)
include_role:
name: pc-torbrowser
- name: setup nextcloud
when: ("nextcloud_client" in group_names)
include_role:
name: pc-nextcloud
- name: setup docker
when: ("dockerin group_names)
include_role:
name: pc-docker
# driver
- name: setup msi rgb keyboard
when: ("msi_perkeyrgb" in group_names)
include_role:
name: driver-msi-keyboard-color

222
tasks/server.yml Normal file
View File

@@ -0,0 +1,222 @@
---
- name: servers host setup
when: ("servers" in group_names)
include_role:
name: "{{ item }}"
loop:
- system-security
- journalctl
- health-disc-space
- cleanup-disc-space
- health-btrfs
- system-btrfs-auto-balancer
- name: "setup corporate identity"
when: ("corporate_identity" in group_names)
include_role:
name: corporate-identity
#########################################################################
### Docker Roles ###
#########################################################################
- name: "setup matomo"
when: ("matomo" in group_names)
include_role:
name: docker-matomo
- name: setup ldap
when: ("ldap" in group_names)
include_role:
name: docker-ldap
- name: setup keycloak
when: ("keycloak" in group_names)
include_role:
name: docker-keycloak
- name: setup nextcloud hosts
when: ("nextcloud" in group_names)
include_role:
name: docker-nextcloud
- name: setup gitea hosts
when: ("gitea" in group_names)
include_role:
name: docker-gitea
vars:
run_mode: prod
- name: setup wordpress hosts
when: ("wordpress" in group_names)
include_role:
name: docker-wordpress
- name: setup mediawiki hosts
when: ("mediawiki" in group_names)
include_role:
name: docker-mediawiki
- name: setup mybb hosts
when: ("mybb" in group_names)
include_role:
name: docker-mybb
vars:
mybb_domains: "{{domains.mybb}}"
- name: setup yourls hosts
when: ("yourls" in group_names)
include_role:
name: docker-yourls
- name: setup mailu hosts
when: ("mailu" in group_names)
include_role:
name: docker-mailu
- name: setup elk hosts
when: ("elk" in group_names)
include_role:
name: docker-elk
- name: setup mastodon hosts
when: ("mastodon" in group_names)
include_role:
name: docker-mastodon
- name: setup pixelfed hosts
when: ("pixelfed" in group_names)
include_role:
name: docker-pixelfed
- name: setup peertube hosts
when: ("peertube" in group_names)
include_role:
name: docker-peertube
- name: setup bigbluebutton hosts
when: ("bigbluebutton" in group_names)
include_role:
name: docker-bigbluebutton
vars:
domain: "{{domains.bigbluebutton}}"
- name: setup funkwhale hosts
when: ("funkwhale" in group_names)
include_role:
name: docker-funkwhale
- name: setup roulette-wheel hosts
when: ("roulette-wheel" in group_names)
include_role:
name: docker-roulette-wheel
- name: setup joomla hosts
when: ("joomla" in group_names)
include_role:
name: docker-joomla
- name: setup attendize
when: ("attendize" in group_names)
include_role:
name: docker-attendize
- name: setup baserow hosts
when: ("baserow" in group_names)
include_role:
name: docker-baserow
- name: setup listmonk
when: ("listmonk" in group_names)
include_role:
name: docker-listmonk
- name: setup discourse
when: ("discourse" in group_names)
include_role:
name: docker-discourse
- name: setup matrix with flavor 'ansible'
include_role:
name: docker-matrix-ansible
when: applications.matrix.role == 'ansible' and ("matrix" in group_names)
- name: setup matrix with flavor 'compose'
include_role:
name: docker-matrix-compose
when: applications.matrix.role == 'compose' and ("matrix" in group_names)
- name: setup open project instances
when: ("openproject" in group_names)
include_role:
name: docker-openproject
- name: setup gitlab hosts
when: ("gitlab" in group_names)
include_role:
name: docker-gitlab
- name: setup akaunting hosts
when: ("akaunting" in group_names)
include_role:
name: docker-akaunting
- name: setup moodle instance
when: ("moodle" in group_names)
include_role:
name: docker-moodle
- name: setup taiga instance
when: ("taiga" in group_names)
include_role:
name: docker-taiga
- name: setup friendica hosts
when: ("friendica" in group_names)
include_role:
name: docker-friendica
- name: setup portfolio
when: ("portfolio" in group_names)
include_role:
name: docker-portfolio
- name: setup bluesky
when: ("bluesky" in group_names)
include_role:
name: docker-bluesky
- name: setup PHPMyAdmin
when: ("phpmyadmin" in group_names)
include_role:
name: docker-phpmyadmin
- name: setup SNIPE-IT
when: ("snipe_it" in group_names)
include_role:
name: docker-snipe_it
- name: setup sphinx
when: ("sphinx" in group_names)
include_role:
name: docker-sphinx
# Native Webserver Roles
- name: setup nginx-serve-htmls
when: ("nginx-serve-htmls" in group_names)
include_role:
name: nginx-serve-html
vars:
domain: "{{primary_domain}}"
- name: setup redirect hosts
when: ("redirect" in group_names)
include_role:
name: nginx-redirect-domain
vars:
domain_mappings: "{{redirect_domain_mappings}}"
- name: setup www redirect
when: ("www_redirect" in group_names)
include_role:
name: nginx-redirect-www