diff --git a/all.yml b/all.yml index ce6be56..ef9bc6f 100644 --- a/all.yml +++ b/all.yml @@ -1,12 +1,24 @@ --- -- name: Prepare all servers - hosts: all - become: true +- hosts: all + become: yes + name: Configure all servers pre_tasks: - name: Create directories file: path: "/data" state: directory + roles: + - role: geerlingguy.docker + docker_users: + - administrator + tasks: + - name: Gather facts (always, even with tags) + ansible.builtin.setup: + tags: always - name: Setup base system - import_tasks: tasks/base.yml \ No newline at end of file + import_tasks: tasks/base.yml + + + + \ No newline at end of file diff --git a/cloud.yml b/cloud.yml new file mode 100644 index 0000000..794195a --- /dev/null +++ b/cloud.yml @@ -0,0 +1,22 @@ +--- +- hosts: cloud + become: yes + roles: + - name: traefik + vars: + traefik_host: traefik01.comprofix.com + tags: traefik_install + + tasks: + - name: Deploy Vaultwarden + import_tasks: tasks/vaultwarden.yml + tags: vaultwarden_install + + - name: Deploy gitea + import_tasks: tasks/gitea.yml + tags: gitea_install + + - name: Gotify + import_tasks: tasks/gotify.yml + tags: gotify_install + tags: cloud_install \ No newline at end of file diff --git a/docker.yml b/docker.yml new file mode 100644 index 0000000..5ea2888 --- /dev/null +++ b/docker.yml @@ -0,0 +1,102 @@ +--- +- hosts: docker + become: yes + vars_files: + - vars/gitea-images.yml + + pre_tasks: + - name: Connect iscsi + import_tasks: tasks/iscsi.yml + tags: iscsi_connect + + roles: + - role: nfs + mounts: + - name: Data share + path: /mnt/nfs/data + src: truenas.comprofix.xyz:/mnt/datapool/data + tags: nfs_install + + - role: traefik + vars: + traefik_host: traefik02.comprofix.xyz + tags: traefik_install + + tasks: + - name: Deploy comprofix.com website + import_tasks: tasks/comprofix.com.yml + tags: comprofix_install + + - name: Deploy iDrac Fan Controller + import_tasks: tasks/idrac.yml + tags: idrac_install + + - name: Deploy MariaDB + import_tasks: tasks/mariadb.yml + tags: mariadb_install + + - name: Deploy InvoiceNinja + import_tasks: tasks/invoiceninja.yml + tags: invoiceninja_install + + - name: Deploy Homepage + import_tasks: tasks/homepage.yml + tags: homepage_install + + - name: Deploy speedtest-tracker + import_tasks: tasks/speedtest.yml + tags: speedtest_install + + - name: Deploy dozzle + import_tasks: tasks/dozzle.yml + tags: dozzle_install + + - name: Deploy jellyseerr + import_tasks: tasks/jellyseerr.yml + tags: jellyseerr_install + + - name: Deploy lidarr + import_tasks: tasks/lidarr.yml + tags: lidarr_install + + - name: Deploy prowlarr + import_tasks: tasks/prowlarr.yml + tags: prowlarr_install + + - name: Deploy radarr + import_tasks: tasks/radarr.yml + tags: radarr_install + + - name: Deploy sonarr + import_tasks: tasks/sonarr.yml + tags: sonarr_install + + - name: Deploy sabnzbd + import_tasks: tasks/sabnzbd.yml + tags: sabnzbd_install + + - name: Deploy mealie + import_tasks: tasks/mealie.yml + tags: mealie_install + + - name: Deploy pyKMS + import_tasks: tasks/pykms.yml + tags: pykms_install + + - name: Deploy mediawiki + import_tasks: tasks/mediawiki.yml + tags: mediawiki_install + + - name: Deploy traggo + import_tasks: tasks/traggo.yml + tags: traggo_install + + - name: Deploy gitea-runner-homelab + import_tasks: tasks/gitea-runner-homelab.yml + tags: gitea-runner-homelab_install + + # - name: Deploy mssql + # import_tasks: tasks/mssql.yml + # tags: mssql_install + + tags: dockerserver_install diff --git a/hosts.ini b/hosts.ini index b2c36da..9d6fdd8 100644 --- a/hosts.ini +++ b/hosts.ini @@ -14,3 +14,6 @@ vps01.comprofix.com jellyfin.comprofix.xyz +[internetfacing] +vps01.comprofix.com +vps02.comprofix.com \ No newline at end of file diff --git a/internetfacing.yml b/internetfacing.yml new file mode 100644 index 0000000..7f1af3d --- /dev/null +++ b/internetfacing.yml @@ -0,0 +1,35 @@ +--- +- name: Install fail2ban on internet facing servers + hosts: internetfacing + become: true + roles: + - role: grzegorzfranus.fail2ban + vars: + fail2ban_ignoreip: + - 127.0.0.1/8 # loopback + - 10.0.0.0/8 # Private + - 172.16.0.0/12 # Private + - 192.168.0.0/16 # Private + - 169.254.0.0/16 # link-local / APIPA + - 100.64.0.0/10 # CGNAT + - 203.0.113.0/24 # TEST-NETs + - 192.0.2.0/24 # TEST-NETs + - 198.51.100.0/24 # TEST-NETs + - ::1 # ULA - fc00::/7 # Private + - fe80::/10 # Private + fail2ban_bantime: "1h" + fail2ban_findtime: "30m" + fail2ban_maxretry: 3 + fail2ban_custom_jail_files: + - name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf + content: | + [sshd-strict] + enabled = true + filter = sshd + port = ssh + logpath = journal + backend = systemd + maxretry = 3 + bantime = 3600 + findtime = 300 + \ No newline at end of file diff --git a/main.yml b/main.yml index 2c4fe55..c829885 100644 --- a/main.yml +++ b/main.yml @@ -1,200 +1,7 @@ --- -- hosts: all - name: Configure all servers - tasks: - - name: Gather facts (always, even with tags) - ansible.builtin.setup: - tags: always +- import_playbook: all.yml +- import_playbook: internetfacing.yml +- import_playbook: cloud.yml +- import_playbook: docker.yml +- import_playbook: omada.yml - -- name: Prepare all servers - hosts: all - become: true - pre_tasks: - - name: Create directories - file: - path: "/data" - state: directory - - - name: Setup base system - import_tasks: tasks/base.yml - - roles: - - role: geerlingguy.docker - docker_users: - - administrator - - - role: grzegorzfranus.fail2ban - vars: - fail2ban_ignoreip: - - 127.0.0.1/8 # loopback - - 10.0.0.0/8 # Private - - 172.16.0.0/12 # Private - - 192.168.0.0/16 # Private - - 169.254.0.0/16 # link-local / APIPA - - 100.64.0.0/10 # CGNAT - - 203.0.113.0/24 # TEST-NETs - - 192.0.2.0/24 # TEST-NETs - - 198.51.100.0/24 # TEST-NETs - - ::1 # ULA - fc00::/7 # Private - - fe80::/10 # Private - fail2ban_bantime: "1h" - fail2ban_findtime: "30m" - fail2ban_maxretry: 3 - fail2ban_custom_jail_files: - - name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf - content: | - [sshd-strict] - enabled = true - filter = sshd - port = ssh - logpath = journal - backend = systemd - maxretry = 3 - bantime = 3600 - findtime = 300 - tags: base_install - - -- hosts: cloud - become: yes - roles: - - name: traefik - vars: - traefik_host: traefik01.comprofix.com - tags: traefik_install - - tasks: - - name: Deploy Vaultwarden - import_tasks: tasks/vaultwarden.yml - tags: vaultwarden_install - - - name: Deploy gitea - import_tasks: tasks/gitea.yml - tags: gitea_install - - - name: Gotify - import_tasks: tasks/gotify.yml - tags: gotify_install - tags: cloud_install - -- hosts: docker - become: yes - vars_files: - - vars/gitea-images.yml - - pre_tasks: - - name: Connect iscsi - import_tasks: tasks/iscsi.yml - tags: iscsi_connect - - roles: - - role: nfs - mounts: - - name: Data share - path: /mnt/nfs/data - src: truenas.comprofix.xyz:/mnt/datapool/data - tags: nfs_install - - - role: traefik - vars: - traefik_host: traefik02.comprofix.xyz - tags: traefik_install - - tasks: - - name: Deploy comprofix.com website - import_tasks: tasks/comprofix.com.yml - tags: comprofix_install - - - name: Deploy iDrac Fan Controller - import_tasks: tasks/idrac.yml - tags: idrac_install - - - name: Deploy MariaDB - import_tasks: tasks/mariadb.yml - tags: mariadb_install - - - name: Deploy InvoiceNinja - import_tasks: tasks/invoiceninja.yml - tags: invoiceninja_install - - - name: Deploy Homepage - import_tasks: tasks/homepage.yml - tags: homepage_install - - - name: Deploy speedtest-tracker - import_tasks: tasks/speedtest.yml - tags: speedtest_install - - - name: Deploy dozzle - import_tasks: tasks/dozzle.yml - tags: dozzle_install - - - name: Deploy jellyseerr - import_tasks: tasks/jellyseerr.yml - tags: jellyseerr_install - - - name: Deploy lidarr - import_tasks: tasks/lidarr.yml - tags: lidarr_install - - - name: Deploy prowlarr - import_tasks: tasks/prowlarr.yml - tags: prowlarr_install - - - name: Deploy radarr - import_tasks: tasks/radarr.yml - tags: radarr_install - - - name: Deploy sonarr - import_tasks: tasks/sonarr.yml - tags: sonarr_install - - - name: Deploy sabnzbd - import_tasks: tasks/sabnzbd.yml - tags: sabnzbd_install - - - name: Deploy mealie - import_tasks: tasks/mealie.yml - tags: mealie_install - - - name: Deploy pyKMS - import_tasks: tasks/pykms.yml - tags: pykms_install - - - name: Deploy mediawiki - import_tasks: tasks/mediawiki.yml - tags: mediawiki_install - - - name: Deploy traggo - import_tasks: tasks/traggo.yml - tags: traggo_install - - - name: Deploy gitea-runner-homelab - import_tasks: tasks/gitea-runner-homelab.yml - tags: gitea-runner-homelab_install - - # - name: Deploy mssql - # import_tasks: tasks/mssql.yml - # tags: mssql_install - - tags: dockerserver_install - -- hosts: omada - become: yes - roles: - - role: nfs - mounts: - - name: Data share - path: /data - src: truenas.comprofix.xyz:/mnt/datapool/docker - tags: nfs_install - tasks: - - name: Deploy Dozzle Agent - import_tasks: tasks/dozzle-agent.yml - tags: dozzle-agent_install - - - name: Deploy Omada - import_tasks: tasks/omada.yml - tags: omada_install - tags: omada_lxc_install diff --git a/omada.yml b/omada.yml new file mode 100644 index 0000000..f198702 --- /dev/null +++ b/omada.yml @@ -0,0 +1,19 @@ +--- +- hosts: omada + become: yes + roles: + - role: nfs + mounts: + - name: Data share + path: /data + src: truenas.comprofix.xyz:/mnt/datapool/docker + tags: nfs_install + tasks: + - name: Deploy Dozzle Agent + import_tasks: tasks/dozzle-agent.yml + tags: dozzle-agent_install + + - name: Deploy Omada + import_tasks: tasks/omada.yml + tags: omada_install + tags: omada_lxc_install