From 950953410987f0abf4af356a5d324ff7fdb19a7d Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 6 Dec 2023 16:29:34 +0100 Subject: [PATCH] refactored playbooks, tracking and implemented multi domain for mybb --- playbook-common.yml | 61 +++++++++ playbook-pcs.yml | 102 +++++++++++++++ playbook.yml => playbook-servers.yml | 180 ++++----------------------- roles/docker-mybb/tasks/main.yml | 17 ++- roles/nginx/tasks/main.yml | 5 - tasks/create-domain-conf.yml | 5 + tasks/implement-matomo-tracking.yml | 4 + tasks/nginx-docker-proxy-domain.yml | 8 ++ 8 files changed, 208 insertions(+), 174 deletions(-) create mode 100644 playbook-common.yml create mode 100644 playbook-pcs.yml rename playbook.yml => playbook-servers.yml (59%) create mode 100644 tasks/create-domain-conf.yml create mode 100644 tasks/implement-matomo-tracking.yml create mode 100644 tasks/nginx-docker-proxy-domain.yml diff --git a/playbook-common.yml b/playbook-common.yml new file mode 100644 index 00000000..97818c51 --- /dev/null +++ b/playbook-common.yml @@ -0,0 +1,61 @@ +--- +# general setup +- name: general setup + hosts: all + become: true + tasks: + roles: + - role: update + when: execute_updates is true + +- name: setup standard wireguard + hosts: wireguard_server + become: true + roles: + - wireguard + +# vpn setup +- name: setup wireguard client behind firewall\nat + hosts: wireguard_behind_firewall + become: true + roles: + - client-wireguard-behind-firewall + +- name: setup wireguard client + hosts: wireguard_client + become: true + roles: + - client-wireguard + +## backup setup +- name: setup replica backup hosts + hosts: replica_backup + become: true + roles: + - role: backup-remote-to-local + +- name: setup backup to swappable + hosts: backup_to_usb + become: true + roles: + - backup-data-to-usb + +## driver setup +- name: driver-intel + hosts: intel + become: true + roles: + - driver-intel + +- name: setup multiprinter hosts + hosts: epson_multiprinter + become: true + roles: + - driver-epson-multiprinter + +## system setup +- name: setup swapfile hosts + hosts: swapfile + become: false + roles: + - system-swapfile \ No newline at end of file diff --git a/playbook-pcs.yml b/playbook-pcs.yml new file mode 100644 index 00000000..32995ea7 --- /dev/null +++ b/playbook-pcs.yml @@ -0,0 +1,102 @@ +--- + +- import_playbook: playbook-common.yml + +## pc applications +- name: general host setup + hosts: personal_computers + become: true + roles: + - pc-administrator-tools + - driver-non-free + +- name: pc-office + hosts: collection_officetools + become: true + roles: + - pc-office + +- name: personal computer for business + hosts: business_personal_computer + become: true + roles: + - pc-gnucash + +- name: pc-designer-tools + hosts: collection_designer + become: true + roles: + - pc-designer-tools + +- name: pc-qbittorrent + hosts: collection_torrent + become: true + roles: + - pc-qbittorrent + +- name: pc-streaming-tools + hosts: collection_streamer + become: true + roles: + - pc-streaming-tools + +- name: pc-bluray-player-tools + hosts: collection_bluray_player + become: true + roles: + - pc-bluray-player-tools + +- name: pc-latex + hosts: latex + become: true + roles: + - pc-latex + +- name: GNOME setup + hosts: gnome + become: true + roles: + - pc-gnome + +- name: setup ssh client + hosts: ssh + become: false + roles: + - pc-ssh + +- name: setup gaming hosts + hosts: gaming + become: true + roles: + - pc-games + +- name: setup entertainment hosts + hosts: entertainment + become: true + roles: + - pc-spotify + +- name: setup torbrowser hosts + hosts: torbrowser + become: true + roles: + - pc-torbrowser + +- name: setup nextcloud + hosts: nextcloud_client + become: true + roles: + - pc-nextcloud + +- name: setup docker + hosts: docker + become: true + roles: + - pc-docker + +# driver +- name: setup msi rgb keyboard + hosts: msi_perkeyrgb + become: true + roles: + - driver-msi-keyboard-color \ No newline at end of file diff --git a/playbook.yml b/playbook-servers.yml similarity index 59% rename from playbook.yml rename to playbook-servers.yml index faa8770d..638349d4 100644 --- a/playbook.yml +++ b/playbook-servers.yml @@ -1,11 +1,6 @@ --- -- name: general setup - hosts: all - become: true - tasks: - roles: - - role: update - when: execute_updates is true + +- import_playbook: playbook-common.yml - name: servers host setup hosts: servers @@ -17,25 +12,6 @@ - cleanup-disc-space - health-btrfs -# Wireguard Rollen -- name: setup standard wireguard - hosts: wireguard_server - become: true - roles: - - wireguard - -- name: setup wireguard client behind firewall\nat - hosts: wireguard_behind_firewall - become: true - roles: - - client-wireguard-behind-firewall - -- name: setup wireguard client - hosts: wireguard_client - become: true - roles: - - client-wireguard - # Native Webserver Roles - name: setup nginx-homepages hosts: homepage @@ -61,6 +37,7 @@ vars: domain: cloud.{{top_domain}} http_port: 8001 + - name: setup gitea hosts hosts: gitea become: true @@ -71,13 +48,13 @@ http_port: 8002 ssh_port: 2201 run_mode: prod + - name: setup wordpress hosts hosts: wordpress become: true roles: - role: docker-wordpress vars: - domain: "{{ item }}" http_port: 8003 - name: setup mediawiki hosts @@ -88,14 +65,16 @@ vars: domain: wiki.{{top_domain}} http_port: 8004 + - name: setup mybb hosts hosts: mybb become: true roles: - role: docker-mybb vars: - domain: forum.{{top_domain}} + domains: "{{mybb_domains}}" http_port: 8005 + - name: setup yourls hosts hosts: yourls become: true @@ -104,6 +83,7 @@ vars: domain: s.{{top_domain}} http_port: 8006 + - name: setup mailu hosts hosts: mailu become: true @@ -112,6 +92,7 @@ vars: domain: "mail.{{top_domain}}" http_port: 8007 + - name: setup elk hosts hosts: elk become: true @@ -120,6 +101,7 @@ vars: domain: "elk.{{top_domain}}" http_port: 8008 + - name: setup mastodon hosts hosts: mastodon become: true @@ -129,6 +111,7 @@ domain: "mastodon.{{top_domain}}" http_port: 8009 stream_port: 4001 + - name: setup pixelfed hosts hosts: pixelfed become: true @@ -137,6 +120,7 @@ vars: domain: pixelfed.{{top_domain}} http_port: 8010 + - name: setup peertube hosts hosts: peertube become: true @@ -145,6 +129,7 @@ vars: domain: peertube.{{top_domain}} http_port: 8011 + - name: setup bigbluebutton hosts hosts: bigbluebutton become: true @@ -160,6 +145,7 @@ vars: domain: funkwhale.{{top_domain}} http_port: 8012 + - name: setup roulette-wheel hosts hosts: roulette_wheel become: true @@ -168,6 +154,7 @@ vars: domain: roulette.{{top_domain}} http_port: 8013 + - name: setup joomla hosts hosts: joomla become: true @@ -176,6 +163,7 @@ vars: domain: "joomla.{{top_domain}}" http_port: 8014 + - name: setup attendize hosts: attendize become: true @@ -185,6 +173,7 @@ domain: "tickets.{{top_domain}}" http_port: 8015 mail_interface_http_port: 8016 + - name: setup baserow hosts hosts: baserow become: true @@ -193,6 +182,7 @@ vars: domain: baserow.{{top_domain}} http_port: 8017 + - name: setup matomo hosts hosts: matomo become: true @@ -201,6 +191,7 @@ vars: domain: matomo.{{top_domain}} http_port: 8018 + - name: setup listmonk hosts: listmonk become: true @@ -209,6 +200,7 @@ vars: domain: listmonk.{{top_domain}} http_port: 8019 + - name: setup akaunting hosts hosts: akaunting become: true @@ -216,134 +208,4 @@ - role: docker-akaunting vars: domain: akaunting.{{top_domain}} - http_port: 8080 - -# Backup Roles -- name: setup replica backup hosts - hosts: replica_backup - become: true - roles: - - role: backup-remote-to-local - -## PC services -- name: general host setup - hosts: personal_computers - become: true - roles: - - pc-administrator-tools - - driver-non-free - -- name: pc-office - hosts: collection_officetools - become: true - roles: - - pc-office - -- name: personal computer for business - hosts: business_personal_computer - become: true - roles: - - pc-gnucash - -- name: pc-designer-tools - hosts: collection_designer - become: true - roles: - - pc-designer-tools - -- name: pc-qbittorrent - hosts: collection_torrent - become: true - roles: - - pc-qbittorrent - -- name: pc-streaming-tools - hosts: collection_streamer - become: true - roles: - - pc-streaming-tools - -- name: pc-bluray-player-tools - hosts: collection_bluray_player - become: true - roles: - - pc-bluray-player-tools - -- name: driver-intel - hosts: intel - become: true - roles: - - driver-intel - -- name: pc-latex - hosts: latex - become: true - roles: - - pc-latex - -- name: GNOME setup - hosts: gnome - become: true - roles: - - pc-gnome - -- name: setup msi rgb keyboard - hosts: msi_perkeyrgb - become: true - roles: - - driver-msi-keyboard-color - -- name: setup ssh hosts - hosts: ssh - become: false - roles: - - pc-ssh - -- name: setup swapfile hosts - hosts: swapfile - become: false - roles: - - system-swapfile - -- name: setup gaming hosts - hosts: gaming - become: true - roles: - - pc-games - -- name: setup entertainment hosts - hosts: entertainment - become: true - roles: - - pc-spotify - -- name: setup multiprinter hosts - hosts: epson_multiprinter - become: true - roles: - - driver-epson-multiprinter - -- name: setup torbrowser hosts - hosts: torbrowser - become: true - roles: - - pc-torbrowser - -- name: setup nextcloud - hosts: nextcloud_client - become: true - roles: - - pc-nextcloud - -- name: setup docker - hosts: docker - become: true - roles: - - pc-docker - - -- name: setup backup to swappable - hosts: backup_to_usb - become: true - roles: - - backup-data-to-usb \ No newline at end of file + http_port: 8080 \ No newline at end of file diff --git a/roles/docker-mybb/tasks/main.yml b/roles/docker-mybb/tasks/main.yml index 53a1555f..641cdb9a 100644 --- a/roles/docker-mybb/tasks/main.yml +++ b/roles/docker-mybb/tasks/main.yml @@ -1,16 +1,13 @@ --- -- name: recieve {{domain}} certificate - command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} +- name: "include tasks nginx-docker-proxy-domain.yml" + include_tasks: nginx-docker-proxy-domain.yml + loop: "{{ domains }}" + loop_control: + loop_var: domain -- name: configure {{domain}}.conf - template: - src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" - dest: "/etc/nginx/conf.d/{{domain}}.conf" - notify: restart nginx - -- name: "create {{conf_d_docker_directory}} and parent directories" +- name: "create {{conf_d_server_directory}} and parent directories" file: - path: "{{conf_d_docker_directory}}" + path: "{{conf_d_server_directory}}" state: directory mode: 0755 recurse: yes diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 21e62952..476d79ad 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -9,11 +9,6 @@ state: directory mode: 0755 -- name: Activate NGINX matomo tracking - include_role: - name: nginx-matomo-tracking - when: nginx_matomo_tracking_active and domain is defined - - name: create nginx config file template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf notify: restart nginx diff --git a/tasks/create-domain-conf.yml b/tasks/create-domain-conf.yml new file mode 100644 index 00000000..0c85714e --- /dev/null +++ b/tasks/create-domain-conf.yml @@ -0,0 +1,5 @@ +- name: configure {{domain}}.conf + template: + src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" + dest: "/etc/nginx/conf.d/{{domain}}.conf" + notify: restart nginx \ No newline at end of file diff --git a/tasks/implement-matomo-tracking.yml b/tasks/implement-matomo-tracking.yml new file mode 100644 index 00000000..4d4d9017 --- /dev/null +++ b/tasks/implement-matomo-tracking.yml @@ -0,0 +1,4 @@ +- name: Activate NGINX matomo tracking + include_role: + name: nginx-matomo-tracking + when: nginx_matomo_tracking_active and domain is defined \ No newline at end of file diff --git a/tasks/nginx-docker-proxy-domain.yml b/tasks/nginx-docker-proxy-domain.yml new file mode 100644 index 00000000..b34b9569 --- /dev/null +++ b/tasks/nginx-docker-proxy-domain.yml @@ -0,0 +1,8 @@ +- name: "include task receive certbot certificate" + include_tasks: recieve-certbot-certificate.yml + +- name: "include task implement-matomo-tracking.yml" + include_tasks: implement-matomo-tracking.yml + +- name: "include task create-domain-conf.yml" + include_tasks: create-domain-conf.yml