mmckinnon/homelab
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

chore: update workflow and add separate yml files for hosts

Browse Source
This commit is contained in:
Matthew McKinnon
2025-10-11 18:52:15 +10:00
parent d08ee33972
commit 21997f3c33
7 changed files with 202 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
all.yml
View File

@@ -1,12 +1,24 @@
--- ---
- name: Prepare all servers - hosts: all
hosts: all become: yes
become: true name: Configure all servers
pre_tasks: pre_tasks:
- name: Create directories - name: Create directories
file: file:
path: "/data" path: "/data"
state: directory state: directory
roles:
- role: geerlingguy.docker
docker_users:
- administrator
tasks:
- name: Gather facts (always, even with tags)
ansible.builtin.setup:
tags: always
- name: Setup base system - name: Setup base system
import_tasks: tasks/base.yml import_tasks: tasks/base.yml

22
cloud.yml Normal file
View File

@@ -0,0 +1,22 @@
---
- hosts: cloud
become: yes
roles:
- name: traefik
vars:
traefik_host: traefik01.comprofix.com
tags: traefik_install
tasks:
- name: Deploy Vaultwarden
import_tasks: tasks/vaultwarden.yml
tags: vaultwarden_install
- name: Deploy gitea
import_tasks: tasks/gitea.yml
tags: gitea_install
- name: Gotify
import_tasks: tasks/gotify.yml
tags: gotify_install
tags: cloud_install

102
docker.yml Normal file
View File

@@ -0,0 +1,102 @@
---
- hosts: docker
become: yes
vars_files:
- vars/gitea-images.yml
pre_tasks:
- name: Connect iscsi
import_tasks: tasks/iscsi.yml
tags: iscsi_connect
roles:
- role: nfs
mounts:
- name: Data share
path: /mnt/nfs/data
src: truenas.comprofix.xyz:/mnt/datapool/data
tags: nfs_install
- role: traefik
vars:
traefik_host: traefik02.comprofix.xyz
tags: traefik_install
tasks:
- name: Deploy comprofix.com website
import_tasks: tasks/comprofix.com.yml
tags: comprofix_install
- name: Deploy iDrac Fan Controller
import_tasks: tasks/idrac.yml
tags: idrac_install
- name: Deploy MariaDB
import_tasks: tasks/mariadb.yml
tags: mariadb_install
- name: Deploy InvoiceNinja
import_tasks: tasks/invoiceninja.yml
tags: invoiceninja_install
- name: Deploy Homepage
import_tasks: tasks/homepage.yml
tags: homepage_install
- name: Deploy speedtest-tracker
import_tasks: tasks/speedtest.yml
tags: speedtest_install
- name: Deploy dozzle
import_tasks: tasks/dozzle.yml
tags: dozzle_install
- name: Deploy jellyseerr
import_tasks: tasks/jellyseerr.yml
tags: jellyseerr_install
- name: Deploy lidarr
import_tasks: tasks/lidarr.yml
tags: lidarr_install
- name: Deploy prowlarr
import_tasks: tasks/prowlarr.yml
tags: prowlarr_install
- name: Deploy radarr
import_tasks: tasks/radarr.yml
tags: radarr_install
- name: Deploy sonarr
import_tasks: tasks/sonarr.yml
tags: sonarr_install
- name: Deploy sabnzbd
import_tasks: tasks/sabnzbd.yml
tags: sabnzbd_install
- name: Deploy mealie
import_tasks: tasks/mealie.yml
tags: mealie_install
- name: Deploy pyKMS
import_tasks: tasks/pykms.yml
tags: pykms_install
- name: Deploy mediawiki
import_tasks: tasks/mediawiki.yml
tags: mediawiki_install
- name: Deploy traggo
import_tasks: tasks/traggo.yml
tags: traggo_install
- name: Deploy gitea-runner-homelab
import_tasks: tasks/gitea-runner-homelab.yml
tags: gitea-runner-homelab_install
# - name: Deploy mssql
# import_tasks: tasks/mssql.yml
# tags: mssql_install
tags: dockerserver_install

3
hosts.ini
View File

@@ -14,3 +14,6 @@ vps01.comprofix.com
jellyfin.comprofix.xyz jellyfin.comprofix.xyz
[internetfacing]
vps01.comprofix.com
vps02.comprofix.com

35
internetfacing.yml Normal file
View File

@@ -0,0 +1,35 @@
---
- name: Install fail2ban on internet facing servers
hosts: internetfacing
become: true
roles:
- role: grzegorzfranus.fail2ban
vars:
fail2ban_ignoreip:
- 127.0.0.1/8 # loopback
- 10.0.0.0/8 # Private
- 172.16.0.0/12 # Private
- 192.168.0.0/16 # Private
- 169.254.0.0/16 # link-local / APIPA
- 100.64.0.0/10 # CGNAT
- 203.0.113.0/24 # TEST-NETs
- 192.0.2.0/24 # TEST-NETs
- 198.51.100.0/24 # TEST-NETs
- ::1 # ULA - fc00::/7 # Private
- fe80::/10 # Private
fail2ban_bantime: "1h"
fail2ban_findtime: "30m"
fail2ban_maxretry: 3
fail2ban_custom_jail_files:
- name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf
content: |
[sshd-strict]
enabled = true
filter = sshd
port = ssh
logpath = journal
backend = systemd
maxretry = 3
bantime = 3600
findtime = 300

203
main.yml
View File

@@ -1,200 +1,7 @@
--- ---
- hosts: all - import_playbook: all.yml
name: Configure all servers - import_playbook: internetfacing.yml
tasks: - import_playbook: cloud.yml
- name: Gather facts (always, even with tags) - import_playbook: docker.yml
ansible.builtin.setup: - import_playbook: omada.yml
tags: always
- name: Prepare all servers
hosts: all
become: true
pre_tasks:
- name: Create directories
file:
path: "/data"
state: directory
- name: Setup base system
import_tasks: tasks/base.yml
roles:
- role: geerlingguy.docker
docker_users:
- administrator
- role: grzegorzfranus.fail2ban
vars:
fail2ban_ignoreip:
- 127.0.0.1/8 # loopback
- 10.0.0.0/8 # Private
- 172.16.0.0/12 # Private
- 192.168.0.0/16 # Private
- 169.254.0.0/16 # link-local / APIPA
- 100.64.0.0/10 # CGNAT
- 203.0.113.0/24 # TEST-NETs
- 192.0.2.0/24 # TEST-NETs
- 198.51.100.0/24 # TEST-NETs
- ::1 # ULA - fc00::/7 # Private
- fe80::/10 # Private
fail2ban_bantime: "1h"
fail2ban_findtime: "30m"
fail2ban_maxretry: 3
fail2ban_custom_jail_files:
- name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf
content: |
[sshd-strict]
enabled = true
filter = sshd
port = ssh
logpath = journal
backend = systemd
maxretry = 3
bantime = 3600
findtime = 300
tags: base_install
- hosts: cloud
become: yes
roles:
- name: traefik
vars:
traefik_host: traefik01.comprofix.com
tags: traefik_install
tasks:
- name: Deploy Vaultwarden
import_tasks: tasks/vaultwarden.yml
tags: vaultwarden_install
- name: Deploy gitea
import_tasks: tasks/gitea.yml
tags: gitea_install
- name: Gotify
import_tasks: tasks/gotify.yml
tags: gotify_install
tags: cloud_install
- hosts: docker
become: yes
vars_files:
- vars/gitea-images.yml
pre_tasks:
- name: Connect iscsi
import_tasks: tasks/iscsi.yml
tags: iscsi_connect
roles:
- role: nfs
mounts:
- name: Data share
path: /mnt/nfs/data
src: truenas.comprofix.xyz:/mnt/datapool/data
tags: nfs_install
- role: traefik
vars:
traefik_host: traefik02.comprofix.xyz
tags: traefik_install
tasks:
- name: Deploy comprofix.com website
import_tasks: tasks/comprofix.com.yml
tags: comprofix_install
- name: Deploy iDrac Fan Controller
import_tasks: tasks/idrac.yml
tags: idrac_install
- name: Deploy MariaDB
import_tasks: tasks/mariadb.yml
tags: mariadb_install
- name: Deploy InvoiceNinja
import_tasks: tasks/invoiceninja.yml
tags: invoiceninja_install
- name: Deploy Homepage
import_tasks: tasks/homepage.yml
tags: homepage_install
- name: Deploy speedtest-tracker
import_tasks: tasks/speedtest.yml
tags: speedtest_install
- name: Deploy dozzle
import_tasks: tasks/dozzle.yml
tags: dozzle_install
- name: Deploy jellyseerr
import_tasks: tasks/jellyseerr.yml
tags: jellyseerr_install
- name: Deploy lidarr
import_tasks: tasks/lidarr.yml
tags: lidarr_install
- name: Deploy prowlarr
import_tasks: tasks/prowlarr.yml
tags: prowlarr_install
- name: Deploy radarr
import_tasks: tasks/radarr.yml
tags: radarr_install
- name: Deploy sonarr
import_tasks: tasks/sonarr.yml
tags: sonarr_install
- name: Deploy sabnzbd
import_tasks: tasks/sabnzbd.yml
tags: sabnzbd_install
- name: Deploy mealie
import_tasks: tasks/mealie.yml
tags: mealie_install
- name: Deploy pyKMS
import_tasks: tasks/pykms.yml
tags: pykms_install
- name: Deploy mediawiki
import_tasks: tasks/mediawiki.yml
tags: mediawiki_install
- name: Deploy traggo
import_tasks: tasks/traggo.yml
tags: traggo_install
- name: Deploy gitea-runner-homelab
import_tasks: tasks/gitea-runner-homelab.yml
tags: gitea-runner-homelab_install
# - name: Deploy mssql
# import_tasks: tasks/mssql.yml
# tags: mssql_install
tags: dockerserver_install
- hosts: omada
become: yes
roles:
- role: nfs
mounts:
- name: Data share
path: /data
src: truenas.comprofix.xyz:/mnt/datapool/docker
tags: nfs_install
tasks:
- name: Deploy Dozzle Agent
import_tasks: tasks/dozzle-agent.yml
tags: dozzle-agent_install
- name: Deploy Omada
import_tasks: tasks/omada.yml
tags: omada_install
tags: omada_lxc_install

19
omada.yml Normal file
View File

@@ -0,0 +1,19 @@
---
- hosts: omada
become: yes
roles:
- role: nfs
mounts:
- name: Data share
path: /data
src: truenas.comprofix.xyz:/mnt/datapool/docker
tags: nfs_install
tasks:
- name: Deploy Dozzle Agent
import_tasks: tasks/dozzle-agent.yml
tags: dozzle-agent_install
- name: Deploy Omada
import_tasks: tasks/omada.yml
tags: omada_install
tags: omada_lxc_install