diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index dd3265c6..85079f40 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -15,13 +15,15 @@ jobs: run: actionlint -ignore 'label "CI-CD" is unknown' .github/workflows/CI.yml - name: Run codespell - run: codespell --enable-colors + run: codespell --enable-colors -L chage - name: Run mdl run: mdl --style .github/workflows/mdl_style.rb . - name: Run ansible-lint - run: ansible-lint -q --force-color --config-file .github/workflows/ansible-lint.conf --project-dir Ansible/playbooks/ + run: ansible-lint -q --force-color + working-directory: Ansible - name: Run ansible-inventory - run: error=$( { ansible-inventory --list --yaml -i Ansible/inventories/ > /dev/null; } 2>&1 ); [ -n "${error}" ] && echo "${error}" && exit 1 || exit 0 + run: error=$( { ansible-inventory --list --yaml > /dev/null; } 2>&1 ); [ -n "${error}" ] && echo "${error}" && exit 1 || exit 0 + working-directory: Ansible diff --git a/.github/workflows/ansible-lint.conf b/Ansible/.ansible-lint.yml similarity index 100% rename from .github/workflows/ansible-lint.conf rename to Ansible/.ansible-lint.yml diff --git a/Ansible/Jenkins_Pipeline_Update_Infra.groovy b/Ansible/Jenkins_Pipeline_Update_Infra.groovy index 8352e81a..a1948da5 100644 --- a/Ansible/Jenkins_Pipeline_Update_Infra.groovy +++ b/Ansible/Jenkins_Pipeline_Update_Infra.groovy @@ -2,221 +2,124 @@ pipeline { agent any stages { - stage('Update Docker Containers - VMs - Dev') { + stage('Update Podman Containers) { steps { script { def result = build( - job: 'Update_Docker_Containers', + job: 'Update_Podman_Containers', parameters: [ - string(name: 'SERVER_TYPE', value: 'VMs'), - string(name: 'ENV', value: 'dev'), - string(name: 'SERVERS', value: 'all'), + string(name: 'SERVERS', value: 'podman'), string(name: 'DANGLING', value: 'true') ], propagate: true, wait: true ) if (result == 'FAILURE') { - error("Update Docker Containers - VMs - Dev failed. Aborting pipeline.") + error("Update Podman Containers failed. Aborting pipeline.") } } } } - stage('Update Docker Containers - VMs - Prod') { - steps { - script { - def result = build( - job: 'Update_Docker_Containers', - parameters: [ - string(name: 'SERVER_TYPE', value: 'VMs'), - string(name: 'ENV', value: 'prod'), - string(name: 'SERVERS', value: 'all'), - string(name: 'DANGLING', value: 'true') - ], - propagate: true, - wait: true - ) - if (result == 'FAILURE') { - error("Update Docker Containers - VMs - Prod failed. Aborting pipeline.") - } - } - } - } - - stage('Update Docker Containers - VPS - Prod') { - steps { - script { - def result = build( - job: 'Update_Docker_Containers', - parameters: [ - string(name: 'SERVER_TYPE', value: 'VPS'), - string(name: 'ENV', value: 'prod'), - string(name: 'SERVERS', value: 'all'), - string(name: 'DANGLING', value: 'true') - ], - propagate: true, - wait: true - ) - if (result == 'FAILURE') { - error("Update Docker Containers - VPS - Prod failed. Aborting pipeline.") - } - } - } - } - - stage('Update Docker Containers - Proxmox - Prod') { - steps { - script { - def result = build( - job: 'Update_Docker_Containers', - parameters: [ - string(name: 'SERVER_TYPE', value: 'Proxmox'), - string(name: 'ENV', value: 'prod'), - string(name: 'SERVERS', value: 'all'), - string(name: 'DANGLING', value: 'true') - ], - propagate: true, - wait: true - ) - if (result == 'FAILURE') { - error("Update Docker Containers - Proxmox - Prod failed. Aborting pipeline.") - } - } - } - } - - stage('Update Servers - VMs - Dev - All') { - steps { - script { - def result = build( - job: 'Update_Servers', - parameters: [ - string(name: 'SERVER_TYPE', value: 'VMs'), - string(name: 'ENV', value: 'dev'), - string(name: 'SERVERS', value: 'all') - ], - propagate: true, - wait: true - ) - if (result == 'FAILURE') { - error("Update Servers - VMs - Dev - All failed. Aborting pipeline.") - } - } - } - } - - stage('Update Servers - VMs - Prod - Pmx01') { + stage('Update Servers - LXC Core01') { steps { script { def result = build( job: 'Update_Servers', parameters: [ - string(name: 'SERVER_TYPE', value: 'VMs'), - string(name: 'ENV', value: 'prod'), - string(name: 'SERVERS', value: 'pmx01') + string(name: 'SERVERS', value: 'lxc_core01') ], propagate: true, wait: true ) if (result == 'FAILURE') { - error("Update Servers - VMs - Prod - Pmx01 failed. Aborting pipeline.") + error("Update Servers - Core01 failed. Aborting pipeline.") } } } } - stage('Update Servers - VMs - Prod - Pmx02') { + stage('Update Servers - LXC Core02') { steps { script { def result = build( job: 'Update_Servers', parameters: [ - string(name: 'SERVER_TYPE', value: 'VMs'), - string(name: 'ENV', value: 'prod'), - string(name: 'SERVERS', value: 'pmx02') + string(name: 'SERVERS', value: 'lxc_core02') ], propagate: true, wait: true ) if (result == 'FAILURE') { - error("Update Servers - VMs - Prod - Pmx02 failed. Aborting pipeline.") + error("Update Servers - Core02 failed. Aborting pipeline.") } } } } - stage('Update Servers - VPS - Prod - All') { + stage('Update Servers - VPS') { steps { script { def result = build( job: 'Update_Servers', parameters: [ - string(name: 'SERVER_TYPE', value: 'VPS'), - string(name: 'ENV', value: 'prod'), - string(name: 'SERVERS', value: 'all') + string(name: 'SERVERS', value: 'vps') ], propagate: true, wait: true ) if (result == 'FAILURE') { - error("Update Servers - VPS - Prod - All failed. Aborting pipeline.") + error("Update Servers - VPS failed. Aborting pipeline.") } } } } - stage('Update Servers - Rasp - Prod - All') { + stage('Update Servers - Rasp') { steps { script { def result = build( job: 'Update_Servers', parameters: [ - string(name: 'SERVER_TYPE', value: 'Rasp'), - string(name: 'ENV', value: 'prod'), - string(name: 'SERVERS', value: 'all') + string(name: 'SERVERS', value: 'rasp') ], propagate: true, wait: true ) if (result == 'FAILURE') { - error("Update Servers - Rasp - Prod - All failed. Aborting pipeline.") + error("Update Servers - Rasp failed. Aborting pipeline.") } } } } - stage('Update Servers - Proxmox - Prod - Pmx02') { + stage('Update Servers - Core02') { steps { script { def result = build( job: 'Update_Servers', parameters: [ - string(name: 'SERVER_TYPE', value: 'Proxmox'), - string(name: 'ENV', value: 'prod'), - string(name: 'SERVERS', value: 'pmx02') + string(name: 'SERVERS', value: 'core02.rc') ], propagate: true, wait: true ) if (result == 'FAILURE') { - error("Update Servers - Proxmox - Prod - Pmx02 failed. Aborting pipeline.") + error("Update Servers - Core02 failed. Aborting pipeline.") } - input("Proceed with Update Servers - Proxmox - Prod - Pmx01?") + input("Proceed with Update Servers - Core01?") } } } - stage('Update Servers - Proxmox - Prod - Pmx01') { + stage('Update Servers - Core01') { steps { script { catchError(buildResult: 'FAILURE', stageResult: 'SUCCESS') { build( job: 'Update_Servers', parameters: [ - string(name: 'SERVER_TYPE', value: 'Proxmox'), - string(name: 'ENV', value: 'prod'), - string(name: 'SERVERS', value: 'pmx01') + string(name: 'SERVERS', value: 'core01.rc') ], propagate: true, wait: true diff --git a/Ansible/ansible.cfg b/Ansible/ansible.cfg new file mode 100644 index 00000000..87a60f33 --- /dev/null +++ b/Ansible/ansible.cfg @@ -0,0 +1,7 @@ +[defaults] +force_color = True +host_key_checking = False +interpreter_python = "/usr/bin/python3" +inventory = inventory +roles_path = roles +retry_files_enabled = False diff --git a/Ansible/inventories/Antiz.fr/dev b/Ansible/inventories/Antiz.fr/dev deleted file mode 100644 index 740e346e..00000000 --- a/Ansible/inventories/Antiz.fr/dev +++ /dev/null @@ -1 +0,0 @@ -wsdev02.rc diff --git a/Ansible/inventories/Antiz.fr/prod b/Ansible/inventories/Antiz.fr/prod deleted file mode 100644 index 70a5f03d..00000000 --- a/Ansible/inventories/Antiz.fr/prod +++ /dev/null @@ -1 +0,0 @@ -wsprd02.rc diff --git a/Ansible/inventories/Proxmox/prod b/Ansible/inventories/Proxmox/prod deleted file mode 100644 index 1ce2b198..00000000 --- a/Ansible/inventories/Proxmox/prod +++ /dev/null @@ -1,9 +0,0 @@ -[pmx01] -pmx01.rc - -[pmx02] -pmx02.rc - -[docker] -pmx01.rc -pmx02.rc diff --git a/Ansible/inventories/Rasp/prod b/Ansible/inventories/Rasp/prod deleted file mode 100644 index d076d2f4..00000000 --- a/Ansible/inventories/Rasp/prod +++ /dev/null @@ -1,2 +0,0 @@ -[rasp01] -rasp01.rc diff --git a/Ansible/inventories/Template/inventory b/Ansible/inventories/Template/inventory deleted file mode 100644 index 93417758..00000000 --- a/Ansible/inventories/Template/inventory +++ /dev/null @@ -1 +0,0 @@ -template.rc diff --git a/Ansible/inventories/VMs/dev b/Ansible/inventories/VMs/dev deleted file mode 100644 index 86f4258b..00000000 --- a/Ansible/inventories/VMs/dev +++ /dev/null @@ -1,13 +0,0 @@ -# Server types -[ws] -wsdev02.rc - -[as] -asdev02.rc - -# Services -[docker] -asdev02.rc - -[ssl] -wsdev02.rc key=true diff --git a/Ansible/inventories/VMs/prod b/Ansible/inventories/VMs/prod deleted file mode 100644 index 9f2fcc08..00000000 --- a/Ansible/inventories/VMs/prod +++ /dev/null @@ -1,69 +0,0 @@ -# Server types -[am] -amprd01.rc ansible_connection=local - -[dn] -dnprd01a.rc -dnprd01b.rc - -[vn] -vnprd01.rc - -[fs] -fsprd01.rc - -[as] -asprd01.rc - -[ws] -wsprd01a.rc -wsprd01b.rc - -[db] -dbprd01.rc - -[mn] -mnprd01.rc - -[dh] -dhprd01a.rc -dhprd01b.rc - -[vs] -vsprd01.rc -vsprd02.rc - -# Proxmox Servers -[pmx01] -amprd01.rc -dnprd01a.rc -vnprd01.rc -fsprd01.rc -asprd01.rc -wsprd01a.rc -dbprd01.rc -mnprd01.rc -dhprd01a.rc -vsprd01.rc -vsprd02.rc - -[pmx02] -dnprd01b.rc -wsprd01b.rc -dhprd01b.rc - -# Services -[docker] -vnprd01.rc -fsprd01.rc -asprd01.rc -dbprd01.rc -mnprd01.rc - -[runner] -vsprd01.rc - -[ssl] -wsprd01a.rc key=true -wsprd01b.rc key=true -vsprd01.rc diff --git a/Ansible/inventories/VPS/prod b/Ansible/inventories/VPS/prod deleted file mode 100644 index 9a74808d..00000000 --- a/Ansible/inventories/VPS/prod +++ /dev/null @@ -1,7 +0,0 @@ -# Server types -[ws] -wsprd02.rc - -# Services -[docker] -wsprd02.rc diff --git a/Ansible/inventory b/Ansible/inventory new file mode 100644 index 00000000..3bfae529 --- /dev/null +++ b/Ansible/inventory @@ -0,0 +1,48 @@ +[bare] +core01.rc +core02.rc + +[vps] +web02.rc + +[rasp] +rasp01.rc + +[lxc:children] +lxc_core01 +lxc_core02 + +[lxc_core01] +auto01.rc ansible_connection=local +dns01a.rc +dhcp01a.rc +web01a.rc +runner01.rc +git01.rc + +[lxc_core02] +dns01b.rc +dhcp01b.rc +web01b.rc + +[podman] +core01.rc +web02.rc + +[antiz_fr] +web01a.rc env=dev +web01b.rc env=dev +web02.rc env=prod + +[ssl] +web01a.rc key=true +web01b.rc key=true +git01.rc + +[lxc_template] +lxc-arch-template-core01.rc +lxc-arch-template-core02.rc +lxc-alpine-template-core01.rc +lxc-alpine-template-core02.rc +lxc-debian-template-core01.rc +lxc-debian-template-core02.rc diff --git a/Ansible/playbooks/backup_lxc_containers.yml b/Ansible/playbooks/backup_lxc_containers.yml new file mode 100644 index 00000000..45f1a594 --- /dev/null +++ b/Ansible/playbooks/backup_lxc_containers.yml @@ -0,0 +1,6 @@ +--- +- name: "Backup lxc containers" + hosts: bare + become: true + roles: + - role: "backup_lxc_containers" diff --git a/Ansible/playbooks/backup_podman_containers_volumes.yml b/Ansible/playbooks/backup_podman_containers_volumes.yml new file mode 100644 index 00000000..2f96c2c1 --- /dev/null +++ b/Ansible/playbooks/backup_podman_containers_volumes.yml @@ -0,0 +1,6 @@ +--- +- name: "Backup podman containers volumes" + hosts: podman:!web02.rc + become: true + roles: + - role: "backup_podman_containers_volumes" diff --git a/Ansible/playbooks/clean_runners.yml b/Ansible/playbooks/clean_runners.yml index 13d26f2c..5970214d 100644 --- a/Ansible/playbooks/clean_runners.yml +++ b/Ansible/playbooks/clean_runners.yml @@ -1,6 +1,6 @@ --- - name: "Clean runners" - hosts: runner + hosts: runner01.rc become: true roles: - role: "clean_runners" diff --git a/Ansible/playbooks/configure_template.yml b/Ansible/playbooks/configure_template.yml deleted file mode 100644 index ae15a50d..00000000 --- a/Ansible/playbooks/configure_template.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "Configure Template" - hosts: all - become: true - roles: - - role: "configure_template" diff --git a/Ansible/playbooks/core_system_backup.yml b/Ansible/playbooks/core_system_backup.yml new file mode 100644 index 00000000..94670b3b --- /dev/null +++ b/Ansible/playbooks/core_system_backup.yml @@ -0,0 +1,6 @@ +--- +- name: "Core Servers System Backup" + hosts: bare + become: true + roles: + - role: "core_system_backup" diff --git a/Ansible/playbooks/deploy_lxc_template.yml b/Ansible/playbooks/deploy_lxc_template.yml new file mode 100644 index 00000000..bbf9056d --- /dev/null +++ b/Ansible/playbooks/deploy_lxc_template.yml @@ -0,0 +1,7 @@ +--- +- name: "Deploy LXC Template" + hosts: lxc_template + gather_facts: false + become: true + roles: + - role: "deploy_lxc_template" diff --git a/Ansible/playbooks/dump_databases.yml b/Ansible/playbooks/dump_databases.yml index 3df7c03c..6ac5f177 100644 --- a/Ansible/playbooks/dump_databases.yml +++ b/Ansible/playbooks/dump_databases.yml @@ -1,6 +1,6 @@ --- - name: "Create a dump of all databases" - hosts: db + hosts: core01.rc become: true roles: - role: "dump_databases" diff --git a/Ansible/playbooks/nvchecker.yml b/Ansible/playbooks/nvchecker.yml index 2e9c1d66..6bff76a7 100644 --- a/Ansible/playbooks/nvchecker.yml +++ b/Ansible/playbooks/nvchecker.yml @@ -1,5 +1,5 @@ --- - name: "Run nvchecker" - hosts: amprd01.rc + hosts: auto01.rc roles: - role: "nvchecker" diff --git a/Ansible/playbooks/proxmox_system_backup.yml b/Ansible/playbooks/proxmox_system_backup.yml deleted file mode 100644 index 028e6f30..00000000 --- a/Ansible/playbooks/proxmox_system_backup.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "Proxmox System Backup" - hosts: all - become: true - roles: - - role: "proxmox_system_backup" diff --git a/Ansible/playbooks/roles/configure_template/README.md b/Ansible/playbooks/roles/configure_template/README.md deleted file mode 100644 index 7b3ae930..00000000 --- a/Ansible/playbooks/roles/configure_template/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# Configure Template - -Configure new servers cloned from my Proxmox templates: -Set hostname, `/etc/hosts` entries, IP address and Zabbix configuration, then update and reboot the server. - -Support for Debian, Arch Linux and Alpine Linux. - -## Variables - -The following variable is set in `vars/main.yml`: - -- domain: `.rc` (default domain for my servers). - -The following variables should be set at the inventory level, the playbook level or as `--extra-vars`: - -- ip: IPv4 address to set (example: `192.168.1.100`). -- hostname: hostname to set, **not including domain** (see the `domain` variable in `defaults/main.yml`, the full FQDN is `{{ hostname }}{{ domain }}`) (example: `myserver`). -- root_passwd: password to set for the root user (example: `strong_password`). diff --git a/Ansible/playbooks/roles/configure_template/tasks/main.yml b/Ansible/playbooks/roles/configure_template/tasks/main.yml deleted file mode 100644 index 6ab44e6e..00000000 --- a/Ansible/playbooks/roles/configure_template/tasks/main.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# tasks file for template - -- name: "Fail if the 'ip' variable is empty or undefined" - ansible.builtin.fail: - msg: "The 'ip' variable is empty" - when: ip is undefined or ip | length == 0 - -- name: "Fail if the 'hostname' variable is empty or undefined" - ansible.builtin.fail: - msg: "The 'hostname' variable is empty" - when: hostname is undefined or hostname | length == 0 - -- name: "Fail if the 'root_passwd' variable is empty or undefined" - ansible.builtin.fail: - msg: "The 'root_passwd' variable is empty" - when: root_passwd is undefined or root_passwd | length == 0 - -- name: "Clean known template.rc SSH hosts" - ansible.builtin.lineinfile: - path: /home/ansible/.ssh/known_hosts - regexp: '^[template.rc]' - state: absent - delegate_to: localhost - -- name: "Update hostname" - ansible.builtin.hostname: - name: "{{ hostname }}{{ domain }}" - -- name: "Update hosts file (loopback)" - ansible.builtin.lineinfile: - path: /etc/hosts - regexp: "^127.0.1.1" - line: "127.0.1.1\t{{ hostname }}{{ domain }} {{ hostname }}" - -- name: "Update hosts file (IP)" - ansible.builtin.lineinfile: - path: /etc/hosts - regexp: "^192.168.96.100" - line: "{{ ip }}\t{{ hostname }}{{ domain }} {{ hostname }}" - -- name: "Update IP address - Debian & Alpine" - ansible.builtin.replace: - path: /etc/network/interfaces - regexp: "192.168.96.100" - replace: "{{ ip }}" - when: ansible_facts['distribution'] == "Debian" or ansible_facts['distribution'] == "Alpine" - -- name: "Update IP address - Arch" - ansible.builtin.replace: - path: /etc/NetworkManager/system-connections/Wired connection 1.nmconnection - regexp: "192.168.96.100" - replace: "{{ ip }}" - when: ansible_facts['distribution'] == "Archlinux" - -- name: "Update Zabbix Agent configuration" - ansible.builtin.replace: - path: /etc/zabbix/zabbix_agentd.conf - regexp: "template.rc" - replace: "{{ hostname }}{{ domain }}" - -- name: "Update root password" - ansible.builtin.user: - name: root - password: "{{ root_passwd | password_hash('sha256') }}" - update_password: always - -- name: "Update server - Debian" - ansible.builtin.apt: - update_cache: true - upgrade: full - autoremove: true - when: ansible_facts['distribution'] == "Debian" - -- name: "Update server - Arch" - community.general.pacman: - update_cache: true - upgrade: true - when: ansible_facts['distribution'] == "Archlinux" - -- name: "Update server - Alpine" - community.general.apk: - update_cache: true - available: true - upgrade: true - when: ansible_facts['distribution'] == "Alpine" - -- name: "Reboot server" - ansible.builtin.reboot: - async: 1 - poll: 0 - -- name: "End message" - ansible.builtin.debug: - msg: - - "Configuration for {{ hostname }} ({{ ip }} is done" - - "The server has been rebooted" - delegate_to: localhost - run_once: true diff --git a/Ansible/playbooks/roles/configure_template/vars/main.yml b/Ansible/playbooks/roles/configure_template/vars/main.yml deleted file mode 100644 index abf0b37c..00000000 --- a/Ansible/playbooks/roles/configure_template/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# vars file for template - -domain: ".rc" diff --git a/Ansible/playbooks/roles/proxmox_system_backup/README.md b/Ansible/playbooks/roles/proxmox_system_backup/README.md deleted file mode 100644 index e313eb8c..00000000 --- a/Ansible/playbooks/roles/proxmox_system_backup/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Proxmox System Backup - -Perform a full system backup of my Proxmox servers. diff --git a/Ansible/playbooks/roles/proxmox_system_backup/defaults/main.yml b/Ansible/playbooks/roles/proxmox_system_backup/defaults/main.yml deleted file mode 100644 index 8ff3c0b6..00000000 --- a/Ansible/playbooks/roles/proxmox_system_backup/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for proxmox_system_backup diff --git a/Ansible/playbooks/roles/proxmox_system_backup/handlers/main.yml b/Ansible/playbooks/roles/proxmox_system_backup/handlers/main.yml deleted file mode 100644 index 7e89dad7..00000000 --- a/Ansible/playbooks/roles/proxmox_system_backup/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for proxmox_system_backup diff --git a/Ansible/playbooks/roles/proxmox_system_backup/tasks/main.yml b/Ansible/playbooks/roles/proxmox_system_backup/tasks/main.yml deleted file mode 100644 index 74f64289..00000000 --- a/Ansible/playbooks/roles/proxmox_system_backup/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# tasks file for proxmox_system_backup - -- name: "Proxmox System Backup" - ansible.builtin.shell: - cmd: system-backup --create --scheduled - register: proxmox_system_backup - changed_when: true - -- name: "Show output" - ansible.builtin.debug: - msg: "{{ proxmox_system_backup.stdout_lines }}" - when: proxmox_system_backup.stdout_lines | length > 0 - -- name: "List Proxmox System Backup archives" - ansible.builtin.shell: - cmd: ls -ltrh /data/System_Backup - register: proxmox_system_backup_list_archives - changed_when: false - -- name: "Show Proxmox System Backup archives list" - ansible.builtin.debug: - msg: "{{ proxmox_system_backup_list_archives.stdout_lines }}" - when: proxmox_system_backup_list_archives.stdout_lines | length > 0 diff --git a/Ansible/playbooks/roles/proxmox_system_backup/vars/main.yml b/Ansible/playbooks/roles/proxmox_system_backup/vars/main.yml deleted file mode 100644 index 32111390..00000000 --- a/Ansible/playbooks/roles/proxmox_system_backup/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for proxmox_system_backup diff --git a/Ansible/playbooks/roles/update_docker_container/defaults/main.yml b/Ansible/playbooks/roles/update_docker_container/defaults/main.yml deleted file mode 100644 index 187e70e6..00000000 --- a/Ansible/playbooks/roles/update_docker_container/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# defaults file for update_docker_container -dangling: "true" diff --git a/Ansible/playbooks/roles/update_docker_container/handlers/main.yml b/Ansible/playbooks/roles/update_docker_container/handlers/main.yml deleted file mode 100644 index dc65feb4..00000000 --- a/Ansible/playbooks/roles/update_docker_container/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for update_docker_container diff --git a/Ansible/playbooks/roles/update_docker_container/vars/main.yml b/Ansible/playbooks/roles/update_docker_container/vars/main.yml deleted file mode 100644 index 6d89f1d4..00000000 --- a/Ansible/playbooks/roles/update_docker_container/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for update_docker_container diff --git a/Ansible/playbooks/roles/update_server/README.md b/Ansible/playbooks/roles/update_server/README.md deleted file mode 100644 index 54c0b071..00000000 --- a/Ansible/playbooks/roles/update_server/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Update Server - -Update my servers. -Also prints orphan packages and pacnew files for Arch Linux & orphan packages and apk-new files for Alpine Linux. - -Support for Debian, Arch Linux and Alpine Linux. diff --git a/Ansible/playbooks/roles/update_server/defaults/main.yml b/Ansible/playbooks/roles/update_server/defaults/main.yml deleted file mode 100644 index 25e35e78..00000000 --- a/Ansible/playbooks/roles/update_server/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for update_server diff --git a/Ansible/playbooks/roles/update_server/handlers/main.yml b/Ansible/playbooks/roles/update_server/handlers/main.yml deleted file mode 100644 index 9178bb6a..00000000 --- a/Ansible/playbooks/roles/update_server/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for update_server diff --git a/Ansible/playbooks/roles/update_server/vars/main.yml b/Ansible/playbooks/roles/update_server/vars/main.yml deleted file mode 100644 index 50ba4ab7..00000000 --- a/Ansible/playbooks/roles/update_server/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for update_server diff --git a/Ansible/playbooks/sync_crystal_repo.yml b/Ansible/playbooks/sync_crystal_repo.yml index 21da773e..a1d25fbb 100644 --- a/Ansible/playbooks/sync_crystal_repo.yml +++ b/Ansible/playbooks/sync_crystal_repo.yml @@ -1,6 +1,6 @@ --- - name: "Sync Crystal Repo" - hosts: ws + hosts: web02.rc become: true roles: - role: "sync_crystal_repo" diff --git a/Ansible/playbooks/update_antiz_website.yml b/Ansible/playbooks/update_antiz_website.yml index cd277ad2..fad298a7 100644 --- a/Ansible/playbooks/update_antiz_website.yml +++ b/Ansible/playbooks/update_antiz_website.yml @@ -1,6 +1,6 @@ --- - name: "Update the antiz.fr website on web servers" - hosts: all + hosts: antiz_fr become: true roles: - role: "update_antiz_website" diff --git a/Ansible/playbooks/update_docker_container.yml b/Ansible/playbooks/update_docker_container.yml deleted file mode 100644 index 28c21b8b..00000000 --- a/Ansible/playbooks/update_docker_container.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "Update docker containers on hosts" - hosts: docker - become: true - roles: - - role: "update_docker_container" diff --git a/Ansible/playbooks/update_docker_containers.yml b/Ansible/playbooks/update_docker_containers.yml new file mode 100644 index 00000000..d79682e6 --- /dev/null +++ b/Ansible/playbooks/update_docker_containers.yml @@ -0,0 +1,6 @@ +--- +- name: "Update docker containers" + hosts: docker + become: true + roles: + - role: "update_docker_containers" diff --git a/Ansible/playbooks/update_podman_containers.yml b/Ansible/playbooks/update_podman_containers.yml new file mode 100644 index 00000000..c6f471e2 --- /dev/null +++ b/Ansible/playbooks/update_podman_containers.yml @@ -0,0 +1,7 @@ +--- +- name: "Update podman containers" + hosts: podman + become: true + become_user: service + roles: + - role: "update_podman_containers" diff --git a/Ansible/playbooks/update_server.yml b/Ansible/playbooks/update_server.yml deleted file mode 100644 index 4b06b960..00000000 --- a/Ansible/playbooks/update_server.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "Update hosts" - hosts: all - become: true - roles: - - role: "update_server" diff --git a/Ansible/playbooks/update_servers.yml b/Ansible/playbooks/update_servers.yml new file mode 100644 index 00000000..bf92c6a6 --- /dev/null +++ b/Ansible/playbooks/update_servers.yml @@ -0,0 +1,6 @@ +--- +- name: "Update Servers" + hosts: all + become: true + roles: + - role: "update_servers" diff --git a/Ansible/playbooks/vps_system_backup.yml b/Ansible/playbooks/vps_system_backup.yml index e317e906..d346cd40 100644 --- a/Ansible/playbooks/vps_system_backup.yml +++ b/Ansible/playbooks/vps_system_backup.yml @@ -1,6 +1,6 @@ --- - name: "VPS System Backup" - hosts: all + hosts: web02.rc become: true roles: - role: "vps_system_backup" diff --git a/Ansible/playbooks/roles/add_package/.travis.yml b/Ansible/roles/add_package/.travis.yml similarity index 100% rename from Ansible/playbooks/roles/add_package/.travis.yml rename to Ansible/roles/add_package/.travis.yml diff --git a/Ansible/playbooks/roles/add_package/README.md b/Ansible/roles/add_package/README.md similarity index 100% rename from Ansible/playbooks/roles/add_package/README.md rename to Ansible/roles/add_package/README.md diff --git a/Ansible/playbooks/roles/add_package/defaults/main.yml b/Ansible/roles/add_package/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/add_package/defaults/main.yml rename to Ansible/roles/add_package/defaults/main.yml diff --git a/Ansible/playbooks/roles/add_package/handlers/main.yml b/Ansible/roles/add_package/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/add_package/handlers/main.yml rename to Ansible/roles/add_package/handlers/main.yml diff --git a/Ansible/playbooks/roles/add_package/meta/main.yml b/Ansible/roles/add_package/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/add_package/meta/main.yml rename to Ansible/roles/add_package/meta/main.yml diff --git a/Ansible/playbooks/roles/add_package/tasks/main.yml b/Ansible/roles/add_package/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/add_package/tasks/main.yml rename to Ansible/roles/add_package/tasks/main.yml diff --git a/Ansible/playbooks/roles/add_package/tests/inventory b/Ansible/roles/add_package/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/add_package/tests/inventory rename to Ansible/roles/add_package/tests/inventory diff --git a/Ansible/playbooks/roles/add_package/tests/test.yml b/Ansible/roles/add_package/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/add_package/tests/test.yml rename to Ansible/roles/add_package/tests/test.yml diff --git a/Ansible/playbooks/roles/add_package/vars/main.yml b/Ansible/roles/add_package/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/add_package/vars/main.yml rename to Ansible/roles/add_package/vars/main.yml diff --git a/Ansible/roles/backup_lxc_containers/README.md b/Ansible/roles/backup_lxc_containers/README.md new file mode 100644 index 00000000..a7b05cfb --- /dev/null +++ b/Ansible/roles/backup_lxc_containers/README.md @@ -0,0 +1,14 @@ +# Backup LXC Containers + +Backup all lxc containers. + +## Variables + +The following variable is defined in `defaults/main.yml`: + +- backup_retention: `3` (numbers of backups to keep). + +The following variables are defined in `vars/main.yml`: + +- source_dir: `/data/lxc/` (directory containing the lxc containers to backup). +- backup_base_dir: `/backup/lxc/` (base directory to store backups). diff --git a/Ansible/roles/backup_lxc_containers/defaults/main.yml b/Ansible/roles/backup_lxc_containers/defaults/main.yml new file mode 100644 index 00000000..3d69dfbc --- /dev/null +++ b/Ansible/roles/backup_lxc_containers/defaults/main.yml @@ -0,0 +1,5 @@ +#SPDX-License-Identifier: MIT-0 +--- +# defaults file for backup_lxc_containers + +backup_retention: 3 diff --git a/Ansible/roles/backup_lxc_containers/handlers/main.yml b/Ansible/roles/backup_lxc_containers/handlers/main.yml new file mode 100644 index 00000000..b9756479 --- /dev/null +++ b/Ansible/roles/backup_lxc_containers/handlers/main.yml @@ -0,0 +1,3 @@ +#SPDX-License-Identifier: MIT-0 +--- +# handlers file for backup_lxc_containers diff --git a/Ansible/playbooks/roles/nvchecker/meta/main.yml b/Ansible/roles/backup_lxc_containers/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/nvchecker/meta/main.yml rename to Ansible/roles/backup_lxc_containers/meta/main.yml diff --git a/Ansible/roles/backup_lxc_containers/tasks/main.yml b/Ansible/roles/backup_lxc_containers/tasks/main.yml new file mode 100644 index 00000000..e76e7ec5 --- /dev/null +++ b/Ansible/roles/backup_lxc_containers/tasks/main.yml @@ -0,0 +1,40 @@ +#SPDX-License-Identifier: MIT-0 +--- +# tasks file for backup_lxc_containers + +- name: "Create backup directory" + ansible.builtin.file: + path: "{{ backup_base_dir }}{{ ansible_facts['date_time']['date'] }}" + state: directory + mode: "0750" + +- name: "Backup lxc containers via RSYNC" # noqa: command-instead-of-module + ansible.builtin.shell: + cmd: rsync -aAXHv --numeric-ids --delete "{{ source_dir }}" "{{ ansible_facts['date_time']['date'] }}" + changed_when: true + args: + chdir: "{{ backup_base_dir }}" + +- name: "Get backup directories list" + ansible.builtin.find: + paths: "{{ backup_base_dir }}" + file_type: directory + register: list_backup_dirs + +- name: "Delete old backup directories" + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ (list_backup_dirs.files | sort(attribute='ctime'))[:-backup_retention] }}" + when: list_backup_dirs.files | length > backup_retention + +- name: "List backup directories" + ansible.builtin.shell: + cmd: ls -ltrh "{{ backup_base_dir }}" + register: ls_backup_dirs + changed_when: false + +- name: "Show backup directories" + ansible.builtin.debug: + msg: "{{ ls_backup_dirs.stdout_lines }}" + when: ls_backup_dirs.stdout_lines | length > 0 diff --git a/Ansible/playbooks/roles/nvchecker/tests/inventory b/Ansible/roles/backup_lxc_containers/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/nvchecker/tests/inventory rename to Ansible/roles/backup_lxc_containers/tests/inventory diff --git a/Ansible/roles/backup_lxc_containers/tests/test.yml b/Ansible/roles/backup_lxc_containers/tests/test.yml new file mode 100644 index 00000000..56adf9e9 --- /dev/null +++ b/Ansible/roles/backup_lxc_containers/tests/test.yml @@ -0,0 +1,6 @@ +#SPDX-License-Identifier: MIT-0 +--- +- hosts: localhost + remote_user: root + roles: + - backup_lxc_containers diff --git a/Ansible/roles/backup_lxc_containers/vars/main.yml b/Ansible/roles/backup_lxc_containers/vars/main.yml new file mode 100644 index 00000000..065bd59c --- /dev/null +++ b/Ansible/roles/backup_lxc_containers/vars/main.yml @@ -0,0 +1,6 @@ +#SPDX-License-Identifier: MIT-0 +--- +# vars file for backup_lxc_containers + +source_dir: "/data/lxc/" +backup_base_dir: "/backup/lxc/" diff --git a/Ansible/roles/backup_podman_containers_volumes/README.md b/Ansible/roles/backup_podman_containers_volumes/README.md new file mode 100644 index 00000000..5d76e340 --- /dev/null +++ b/Ansible/roles/backup_podman_containers_volumes/README.md @@ -0,0 +1,14 @@ +# Backup Podman Containers Volumes + +Backup all podman containers' volumes. + +## Variables + +The following variable is defined in `defaults/main.yml`: + +- backup_retention: `3` (numbers of backups to keep). + +The following variables are defined in `vars/main.yml`: + +- source_dir: `/data/podman/volumes/` (directory containing the podman containers' volumes to backup). +- backup_base_dir: `/backup/podman/` (base directory to store backups). diff --git a/Ansible/roles/backup_podman_containers_volumes/defaults/main.yml b/Ansible/roles/backup_podman_containers_volumes/defaults/main.yml new file mode 100644 index 00000000..829e2e43 --- /dev/null +++ b/Ansible/roles/backup_podman_containers_volumes/defaults/main.yml @@ -0,0 +1,5 @@ +#SPDX-License-Identifier: MIT-0 +--- +# defaults file for backup_podman_containers_volumes + +backup_retention: 3 diff --git a/Ansible/roles/backup_podman_containers_volumes/handlers/main.yml b/Ansible/roles/backup_podman_containers_volumes/handlers/main.yml new file mode 100644 index 00000000..435945ad --- /dev/null +++ b/Ansible/roles/backup_podman_containers_volumes/handlers/main.yml @@ -0,0 +1,3 @@ +#SPDX-License-Identifier: MIT-0 +--- +# handlers file for backup_podman_containers_volumes diff --git a/Ansible/roles/backup_podman_containers_volumes/meta/main.yml b/Ansible/roles/backup_podman_containers_volumes/meta/main.yml new file mode 100644 index 00000000..6f91fd33 --- /dev/null +++ b/Ansible/roles/backup_podman_containers_volumes/meta/main.yml @@ -0,0 +1,35 @@ +#SPDX-License-Identifier: MIT-0 +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/Ansible/roles/backup_podman_containers_volumes/tasks/main.yml b/Ansible/roles/backup_podman_containers_volumes/tasks/main.yml new file mode 100644 index 00000000..5fc820b6 --- /dev/null +++ b/Ansible/roles/backup_podman_containers_volumes/tasks/main.yml @@ -0,0 +1,40 @@ +#SPDX-License-Identifier: MIT-0 +--- +# tasks file for backup_podman_containers_volumes + +- name: "Create backup directory" + ansible.builtin.file: + path: "{{ backup_base_dir }}{{ ansible_facts['date_time']['date'] }}" + state: directory + mode: "0750" + +- name: "Backup podman containers volumes via RSYNC" # noqa: command-instead-of-module + ansible.builtin.shell: + cmd: rsync -aAXHv --numeric-ids --delete "{{ source_dir }}" "{{ ansible_facts['date_time']['date'] }}" + changed_when: true + args: + chdir: "{{ backup_base_dir }}" + +- name: "Get backup directories list" + ansible.builtin.find: + paths: "{{ backup_base_dir }}" + file_type: directory + register: list_backup_dirs + +- name: "Delete old backup directories" + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ (list_backup_dirs.files | sort(attribute='ctime'))[:-backup_retention] }}" + when: list_backup_dirs.files | length > backup_retention + +- name: "List backup directories" + ansible.builtin.shell: + cmd: ls -ltrh "{{ backup_base_dir }}" + register: ls_backup_dirs + changed_when: false + +- name: "Show backup directories" + ansible.builtin.debug: + msg: "{{ ls_backup_dirs.stdout_lines }}" + when: ls_backup_dirs.stdout_lines | length > 0 diff --git a/Ansible/roles/backup_podman_containers_volumes/tests/inventory b/Ansible/roles/backup_podman_containers_volumes/tests/inventory new file mode 100644 index 00000000..03ca42fd --- /dev/null +++ b/Ansible/roles/backup_podman_containers_volumes/tests/inventory @@ -0,0 +1,3 @@ +#SPDX-License-Identifier: MIT-0 +localhost + diff --git a/Ansible/roles/backup_podman_containers_volumes/tests/test.yml b/Ansible/roles/backup_podman_containers_volumes/tests/test.yml new file mode 100644 index 00000000..97e3156f --- /dev/null +++ b/Ansible/roles/backup_podman_containers_volumes/tests/test.yml @@ -0,0 +1,6 @@ +#SPDX-License-Identifier: MIT-0 +--- +- hosts: localhost + remote_user: root + roles: + - backup_podman_containers_volumes diff --git a/Ansible/roles/backup_podman_containers_volumes/vars/main.yml b/Ansible/roles/backup_podman_containers_volumes/vars/main.yml new file mode 100644 index 00000000..54c6077e --- /dev/null +++ b/Ansible/roles/backup_podman_containers_volumes/vars/main.yml @@ -0,0 +1,6 @@ +#SPDX-License-Identifier: MIT-0 +--- +# vars file for backup_podman_containers_volumes + +source_dir: "/data/podman/volumes/" +backup_base_dir: "/backup/podman/" diff --git a/Ansible/playbooks/roles/clean_runners/.travis.yml b/Ansible/roles/clean_runners/.travis.yml similarity index 100% rename from Ansible/playbooks/roles/clean_runners/.travis.yml rename to Ansible/roles/clean_runners/.travis.yml diff --git a/Ansible/playbooks/roles/clean_runners/README.md b/Ansible/roles/clean_runners/README.md similarity index 100% rename from Ansible/playbooks/roles/clean_runners/README.md rename to Ansible/roles/clean_runners/README.md diff --git a/Ansible/playbooks/roles/clean_runners/defaults/main.yml b/Ansible/roles/clean_runners/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/clean_runners/defaults/main.yml rename to Ansible/roles/clean_runners/defaults/main.yml diff --git a/Ansible/playbooks/roles/clean_runners/handlers/main.yml b/Ansible/roles/clean_runners/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/clean_runners/handlers/main.yml rename to Ansible/roles/clean_runners/handlers/main.yml diff --git a/Ansible/playbooks/roles/clean_runners/meta/main.yml b/Ansible/roles/clean_runners/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/clean_runners/meta/main.yml rename to Ansible/roles/clean_runners/meta/main.yml diff --git a/Ansible/playbooks/roles/clean_runners/tasks/main.yml b/Ansible/roles/clean_runners/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/clean_runners/tasks/main.yml rename to Ansible/roles/clean_runners/tasks/main.yml diff --git a/Ansible/playbooks/roles/clean_runners/tests/inventory b/Ansible/roles/clean_runners/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/clean_runners/tests/inventory rename to Ansible/roles/clean_runners/tests/inventory diff --git a/Ansible/playbooks/roles/clean_runners/tests/test.yml b/Ansible/roles/clean_runners/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/clean_runners/tests/test.yml rename to Ansible/roles/clean_runners/tests/test.yml diff --git a/Ansible/playbooks/roles/clean_runners/vars/main.yml b/Ansible/roles/clean_runners/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/clean_runners/vars/main.yml rename to Ansible/roles/clean_runners/vars/main.yml diff --git a/Ansible/roles/core_system_backup/README.md b/Ansible/roles/core_system_backup/README.md new file mode 100644 index 00000000..87011e62 --- /dev/null +++ b/Ansible/roles/core_system_backup/README.md @@ -0,0 +1,3 @@ +# Core System Backup + +Perform a full system backup of my Core servers. diff --git a/Ansible/roles/core_system_backup/defaults/main.yml b/Ansible/roles/core_system_backup/defaults/main.yml new file mode 100644 index 00000000..8fb6a085 --- /dev/null +++ b/Ansible/roles/core_system_backup/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for core_system_backup diff --git a/Ansible/roles/core_system_backup/handlers/main.yml b/Ansible/roles/core_system_backup/handlers/main.yml new file mode 100644 index 00000000..cf15da04 --- /dev/null +++ b/Ansible/roles/core_system_backup/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for core_system_backup diff --git a/Ansible/playbooks/roles/configure_template/meta/main.yml b/Ansible/roles/core_system_backup/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/configure_template/meta/main.yml rename to Ansible/roles/core_system_backup/meta/main.yml diff --git a/Ansible/roles/core_system_backup/tasks/main.yml b/Ansible/roles/core_system_backup/tasks/main.yml new file mode 100644 index 00000000..2725e17e --- /dev/null +++ b/Ansible/roles/core_system_backup/tasks/main.yml @@ -0,0 +1,24 @@ +--- +# tasks file for core_system_backup + +- name: "Core System Backup" + ansible.builtin.shell: + cmd: system-backup --create --scheduled + register: core_system_backup + changed_when: true + +- name: "Show output" + ansible.builtin.debug: + msg: "{{ core_system_backup.stdout_lines }}" + when: core_system_backup.stdout_lines | length > 0 + +- name: "List Core System Backup archives" + ansible.builtin.shell: + cmd: ls -ltrh /backup/System_Backup + register: core_system_backup_list_archives + changed_when: false + +- name: "Show Core System Backup archives list" + ansible.builtin.debug: + msg: "{{ core_system_backup_list_archives.stdout_lines }}" + when: core_system_backup_list_archives.stdout_lines | length > 0 diff --git a/Ansible/playbooks/roles/configure_template/tests/inventory b/Ansible/roles/core_system_backup/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/configure_template/tests/inventory rename to Ansible/roles/core_system_backup/tests/inventory diff --git a/Ansible/playbooks/roles/proxmox_system_backup/tests/test.yml b/Ansible/roles/core_system_backup/tests/test.yml similarity index 65% rename from Ansible/playbooks/roles/proxmox_system_backup/tests/test.yml rename to Ansible/roles/core_system_backup/tests/test.yml index da9576b5..2fd76ee8 100644 --- a/Ansible/playbooks/roles/proxmox_system_backup/tests/test.yml +++ b/Ansible/roles/core_system_backup/tests/test.yml @@ -2,4 +2,4 @@ - hosts: localhost remote_user: root roles: - - proxmox_system_backup + - core_system_backup diff --git a/Ansible/roles/core_system_backup/vars/main.yml b/Ansible/roles/core_system_backup/vars/main.yml new file mode 100644 index 00000000..5def12d4 --- /dev/null +++ b/Ansible/roles/core_system_backup/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for core_system_backup diff --git a/Ansible/playbooks/roles/configure_template/.travis.yml b/Ansible/roles/create_update_user/.travis.yml similarity index 100% rename from Ansible/playbooks/roles/configure_template/.travis.yml rename to Ansible/roles/create_update_user/.travis.yml diff --git a/Ansible/playbooks/roles/create_update_user/README.md b/Ansible/roles/create_update_user/README.md similarity index 100% rename from Ansible/playbooks/roles/create_update_user/README.md rename to Ansible/roles/create_update_user/README.md diff --git a/Ansible/playbooks/roles/create_update_user/defaults/main.yml b/Ansible/roles/create_update_user/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/create_update_user/defaults/main.yml rename to Ansible/roles/create_update_user/defaults/main.yml diff --git a/Ansible/playbooks/roles/create_update_user/handlers/main.yml b/Ansible/roles/create_update_user/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/create_update_user/handlers/main.yml rename to Ansible/roles/create_update_user/handlers/main.yml diff --git a/Ansible/playbooks/roles/create_update_user/meta/main.yml b/Ansible/roles/create_update_user/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/create_update_user/meta/main.yml rename to Ansible/roles/create_update_user/meta/main.yml diff --git a/Ansible/playbooks/roles/create_update_user/tasks/main.yml b/Ansible/roles/create_update_user/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/create_update_user/tasks/main.yml rename to Ansible/roles/create_update_user/tasks/main.yml diff --git a/Ansible/playbooks/roles/create_update_user/tests/inventory b/Ansible/roles/create_update_user/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/create_update_user/tests/inventory rename to Ansible/roles/create_update_user/tests/inventory diff --git a/Ansible/playbooks/roles/create_update_user/tests/test.yml b/Ansible/roles/create_update_user/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/create_update_user/tests/test.yml rename to Ansible/roles/create_update_user/tests/test.yml diff --git a/Ansible/playbooks/roles/create_update_user/vars/main.yml b/Ansible/roles/create_update_user/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/create_update_user/vars/main.yml rename to Ansible/roles/create_update_user/vars/main.yml diff --git a/Ansible/playbooks/roles/create_update_user/.travis.yml b/Ansible/roles/delete_user/.travis.yml similarity index 100% rename from Ansible/playbooks/roles/create_update_user/.travis.yml rename to Ansible/roles/delete_user/.travis.yml diff --git a/Ansible/playbooks/roles/delete_user/README.md b/Ansible/roles/delete_user/README.md similarity index 100% rename from Ansible/playbooks/roles/delete_user/README.md rename to Ansible/roles/delete_user/README.md diff --git a/Ansible/playbooks/roles/delete_user/defaults/main.yml b/Ansible/roles/delete_user/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/delete_user/defaults/main.yml rename to Ansible/roles/delete_user/defaults/main.yml diff --git a/Ansible/playbooks/roles/delete_user/handlers/main.yml b/Ansible/roles/delete_user/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/delete_user/handlers/main.yml rename to Ansible/roles/delete_user/handlers/main.yml diff --git a/Ansible/playbooks/roles/delete_user/meta/main.yml b/Ansible/roles/delete_user/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/delete_user/meta/main.yml rename to Ansible/roles/delete_user/meta/main.yml diff --git a/Ansible/playbooks/roles/delete_user/tasks/main.yml b/Ansible/roles/delete_user/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/delete_user/tasks/main.yml rename to Ansible/roles/delete_user/tasks/main.yml diff --git a/Ansible/playbooks/roles/delete_user/tests/inventory b/Ansible/roles/delete_user/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/delete_user/tests/inventory rename to Ansible/roles/delete_user/tests/inventory diff --git a/Ansible/playbooks/roles/delete_user/tests/test.yml b/Ansible/roles/delete_user/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/delete_user/tests/test.yml rename to Ansible/roles/delete_user/tests/test.yml diff --git a/Ansible/playbooks/roles/delete_user/vars/main.yml b/Ansible/roles/delete_user/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/delete_user/vars/main.yml rename to Ansible/roles/delete_user/vars/main.yml diff --git a/Ansible/playbooks/roles/delete_user/.travis.yml b/Ansible/roles/deploy_lxc_template/.travis.yml similarity index 100% rename from Ansible/playbooks/roles/delete_user/.travis.yml rename to Ansible/roles/deploy_lxc_template/.travis.yml diff --git a/Ansible/roles/deploy_lxc_template/README.md b/Ansible/roles/deploy_lxc_template/README.md new file mode 100644 index 00000000..45f7b7cd --- /dev/null +++ b/Ansible/roles/deploy_lxc_template/README.md @@ -0,0 +1,28 @@ +# Deploy LXC Template + +Configure new servers cloned from my LXC template: + +Set hostname, `/etc/hosts` entries, IP address and Zabbix configuration. +Then update the system, delete `/etc/machine-id` and ssh host keys, and restart the container. + +Support for Debian, Arch Linux and Alpine Linux. + +## Variables + +The following variable is set in `defaults/main.yml`: + +- autostart: `true` (controls whether the deployed LXC container should start automatically at boot or not, expects a boolean `true` or `false` value). + +The following variables are set in `vars/main.yml`: + +- domain: `.rc` (default domain for my servers). +- lxc_data_dir: `/data/lxc` (path to LXC data directory where containers are stored). +- lxc_user: `service` (name of the user to deploy the LXC container with). +- core_server: `"{{ (lxc_template | regex_search('core0[12]')) ~ '.rc' }}"` (Core server to deploy the LXC container on (e.g. `core01.rc`), automatically/dynamically extracted from the `lxc_template` variable). + +The following variables should be set at the inventory level, the playbook level or as `--extra-vars`: + +- lxc_template: Name of the LXC template to deploy (example: `lxc-arch-template-core01`). **Note:** The same name + domain (e.g. `lxc-arch-template-core01.rc`) should be passed as `-l / --limit` when running a playbook calling this role. +- ip: IPv4 address to set (example: `192.168.1.100`). +- hostname: hostname to set, **not including domain** (see the `domain` variable in `defaults/main.yml`, the full FQDN is `{{ hostname }}{{ domain }}`) (example: `myserver`). +- root_passwd: password to set for the root user (example: `strong_password`). diff --git a/Ansible/playbooks/roles/configure_template/defaults/main.yml b/Ansible/roles/deploy_lxc_template/defaults/main.yml similarity index 66% rename from Ansible/playbooks/roles/configure_template/defaults/main.yml rename to Ansible/roles/deploy_lxc_template/defaults/main.yml index 477f1f08..8a4e83e1 100644 --- a/Ansible/playbooks/roles/configure_template/defaults/main.yml +++ b/Ansible/roles/deploy_lxc_template/defaults/main.yml @@ -1,2 +1,4 @@ --- # defaults file for template + +autostart: true diff --git a/Ansible/playbooks/roles/configure_template/handlers/main.yml b/Ansible/roles/deploy_lxc_template/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/configure_template/handlers/main.yml rename to Ansible/roles/deploy_lxc_template/handlers/main.yml diff --git a/Ansible/playbooks/roles/dump_databases/meta/main.yml b/Ansible/roles/deploy_lxc_template/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/dump_databases/meta/main.yml rename to Ansible/roles/deploy_lxc_template/meta/main.yml diff --git a/Ansible/roles/deploy_lxc_template/tasks/main.yml b/Ansible/roles/deploy_lxc_template/tasks/main.yml new file mode 100644 index 00000000..45e92035 --- /dev/null +++ b/Ansible/roles/deploy_lxc_template/tasks/main.yml @@ -0,0 +1,153 @@ +--- +# tasks file for template + +- name: "Fail if the 'lxc_template' variable is empty or undefined" + ansible.builtin.fail: + msg: "The 'lxc_template' variable is empty" + when: lxc_template is undefined or lxc_template | length == 0 + delegate_to: localhost + +- name: "Fail if the 'core_server' variable is empty or undefined" + ansible.builtin.fail: + msg: "The 'core_server' variable is empty" + when: core_server is undefined or core_server | length == 0 + delegate_to: localhost + +- name: "Fail if the 'ip' variable is empty or undefined" + ansible.builtin.fail: + msg: "The 'ip' variable is empty" + when: ip is undefined or ip | length == 0 + delegate_to: localhost + +- name: "Fail if the 'hostname' variable is empty or undefined" + ansible.builtin.fail: + msg: "The 'hostname' variable is empty" + when: hostname is undefined or hostname | length == 0 + delegate_to: localhost + +- name: "Fail if the 'root_passwd' variable is empty or undefined" + ansible.builtin.fail: + msg: "The 'root_passwd' variable is empty" + when: root_passwd is undefined or root_passwd | length == 0 + delegate_to: localhost + +- name: "Deploy LXC Template: {{ lxc_template }}" + ansible.builtin.shell: + cmd: lxc-copy -n "{{ lxc_template }}" -N "{{ hostname }}" + become: true + become_user: "{{ lxc_user }}" + changed_when: true + delegate_to: "{{ core_server }}" + +- name: "Start LXC container: {{ hostname }}" + ansible.builtin.shell: + cmd: machinectl shell "{{ lxc_user }}"@ /bin/bash -lc "lxc-start -n {{ hostname }}" + changed_when: true + delegate_to: "{{ core_server }}" + +- name: "Wait for LXC container SSH daemon to be up and running" + ansible.builtin.wait_for_connection: + timeout: 30 + +- name: "Gather Ansible facts from LXC container" + ansible.builtin.setup: + +- name: "Update hostname" + ansible.builtin.hostname: + name: "{{ hostname }}{{ domain }}" + +- name: "Update hosts file (loopback)" + ansible.builtin.lineinfile: + path: /etc/hosts + regexp: "^127.0.1.1" + line: "127.0.1.1\t{{ hostname }}{{ domain }} {{ hostname }}" + +- name: "Update hosts file (IP)" + ansible.builtin.lineinfile: + path: /etc/hosts + regexp: "^{{ ansible_facts['default_ipv4']['address'] }}" + line: "{{ ip }}\t{{ hostname }}{{ domain }} {{ hostname }}" + +- name: "Update IP address - Debian & Alpine" + ansible.builtin.replace: + path: /etc/network/interfaces + regexp: "{{ ansible_facts['default_ipv4']['address'] }}" + replace: "{{ ip }}" + when: ansible_facts['distribution'] == "Debian" or ansible_facts['distribution'] == "Alpine" + +- name: "Update IP address - Arch" + ansible.builtin.replace: + path: /etc/systemd/network/eth0.network + regexp: "{{ ansible_facts['default_ipv4']['address'] }}" + replace: "{{ ip }}" + when: ansible_facts['distribution'] == "Archlinux" + +- name: "Update Zabbix Agent configuration" + ansible.builtin.replace: + path: /etc/zabbix/zabbix_agentd.conf + regexp: "{{ lxc_template }}" + replace: "{{ hostname }}{{ domain }}" + +- name: "Update root password" + ansible.builtin.user: + name: root + password: "{{ root_passwd | password_hash('sha256') }}" + update_password: always + +- name: "Update server - Debian" + ansible.builtin.apt: + update_cache: true + upgrade: full + autoremove: true + when: ansible_facts['distribution'] == "Debian" + +- name: "Update server - Arch" + community.general.pacman: + update_cache: true + upgrade: true + when: ansible_facts['distribution'] == "Archlinux" + +- name: "Update server - Alpine" + community.general.apk: + update_cache: true + available: true + upgrade: true + when: ansible_facts['distribution'] == "Alpine" + +- name: "Delete /etc/machine-id" + ansible.builtin.file: + path: /etc/machine-id + state: absent + +- name: "Find SSH host keys" + ansible.builtin.find: + paths: /etc/ssh + patterns: "ssh_host_*" + register: ssh_host_keys + +- name: "Delete SSH host keys" + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ ssh_host_keys.files }}" + +- name: "Set autostart for LXC container: {{ hostname }}" + ansible.builtin.lineinfile: + path: "{{ lxc_data_dir }}/{{ hostname }}/config" + regexp: '^lxc.start.auto\s*=' + line: 'lxc.start.auto = 1' + become: true + become_user: "{{ lxc_user }}" + delegate_to: "{{ core_server }}" + when: autostart + +- name: "Restart LXC container: {{ hostname }}" + ansible.builtin.shell: + cmd: machinectl shell "{{ lxc_user }}"@ /bin/bash -lc "lxc-stop -n {{ hostname }} && lxc-start -n {{ hostname }}" + changed_when: true + delegate_to: "{{ core_server }}" + +- name: "End message" + ansible.builtin.debug: + msg: "Deployment of {{ hostname }}{{ domain }} ({{ ip }}) done" + delegate_to: localhost diff --git a/Ansible/playbooks/roles/dump_databases/tests/inventory b/Ansible/roles/deploy_lxc_template/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/dump_databases/tests/inventory rename to Ansible/roles/deploy_lxc_template/tests/inventory diff --git a/Ansible/playbooks/roles/configure_template/tests/test.yml b/Ansible/roles/deploy_lxc_template/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/configure_template/tests/test.yml rename to Ansible/roles/deploy_lxc_template/tests/test.yml diff --git a/Ansible/roles/deploy_lxc_template/vars/main.yml b/Ansible/roles/deploy_lxc_template/vars/main.yml new file mode 100644 index 00000000..0c006ea9 --- /dev/null +++ b/Ansible/roles/deploy_lxc_template/vars/main.yml @@ -0,0 +1,7 @@ +--- +# vars file for template + +domain: ".rc" +lxc_data_dir: "/data/lxc" +lxc_user: "service" +core_server: "{{ (lxc_template | regex_search('core0[12]')) ~ '.rc' }}" diff --git a/Ansible/playbooks/roles/dump_databases/.travis.yml b/Ansible/roles/dump_databases/.travis.yml similarity index 100% rename from Ansible/playbooks/roles/dump_databases/.travis.yml rename to Ansible/roles/dump_databases/.travis.yml diff --git a/Ansible/playbooks/roles/dump_databases/README.md b/Ansible/roles/dump_databases/README.md similarity index 100% rename from Ansible/playbooks/roles/dump_databases/README.md rename to Ansible/roles/dump_databases/README.md diff --git a/Ansible/playbooks/roles/dump_databases/defaults/main.yml b/Ansible/roles/dump_databases/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/dump_databases/defaults/main.yml rename to Ansible/roles/dump_databases/defaults/main.yml diff --git a/Ansible/playbooks/roles/dump_databases/handlers/main.yml b/Ansible/roles/dump_databases/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/dump_databases/handlers/main.yml rename to Ansible/roles/dump_databases/handlers/main.yml diff --git a/Ansible/playbooks/roles/proxmox_system_backup/meta/main.yml b/Ansible/roles/dump_databases/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/proxmox_system_backup/meta/main.yml rename to Ansible/roles/dump_databases/meta/main.yml diff --git a/Ansible/playbooks/roles/dump_databases/tasks/main.yml b/Ansible/roles/dump_databases/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/dump_databases/tasks/main.yml rename to Ansible/roles/dump_databases/tasks/main.yml diff --git a/Ansible/playbooks/roles/proxmox_system_backup/tests/inventory b/Ansible/roles/dump_databases/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/proxmox_system_backup/tests/inventory rename to Ansible/roles/dump_databases/tests/inventory diff --git a/Ansible/playbooks/roles/dump_databases/tests/test.yml b/Ansible/roles/dump_databases/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/dump_databases/tests/test.yml rename to Ansible/roles/dump_databases/tests/test.yml diff --git a/Ansible/playbooks/roles/dump_databases/vars/main.yml b/Ansible/roles/dump_databases/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/dump_databases/vars/main.yml rename to Ansible/roles/dump_databases/vars/main.yml diff --git a/Ansible/playbooks/roles/nvchecker/README.md b/Ansible/roles/nvchecker/README.md similarity index 100% rename from Ansible/playbooks/roles/nvchecker/README.md rename to Ansible/roles/nvchecker/README.md diff --git a/Ansible/playbooks/roles/nvchecker/defaults/main.yml b/Ansible/roles/nvchecker/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/nvchecker/defaults/main.yml rename to Ansible/roles/nvchecker/defaults/main.yml diff --git a/Ansible/playbooks/roles/nvchecker/files/nvchecker.toml b/Ansible/roles/nvchecker/files/nvchecker.toml similarity index 100% rename from Ansible/playbooks/roles/nvchecker/files/nvchecker.toml rename to Ansible/roles/nvchecker/files/nvchecker.toml diff --git a/Ansible/playbooks/roles/nvchecker/handlers/main.yml b/Ansible/roles/nvchecker/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/nvchecker/handlers/main.yml rename to Ansible/roles/nvchecker/handlers/main.yml diff --git a/Ansible/roles/nvchecker/meta/main.yml b/Ansible/roles/nvchecker/meta/main.yml new file mode 100644 index 00000000..6f91fd33 --- /dev/null +++ b/Ansible/roles/nvchecker/meta/main.yml @@ -0,0 +1,35 @@ +#SPDX-License-Identifier: MIT-0 +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/Ansible/playbooks/roles/nvchecker/tasks/main.yml b/Ansible/roles/nvchecker/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/nvchecker/tasks/main.yml rename to Ansible/roles/nvchecker/tasks/main.yml diff --git a/Ansible/playbooks/roles/nvchecker/templates/keyfile.toml.j2 b/Ansible/roles/nvchecker/templates/keyfile.toml.j2 similarity index 100% rename from Ansible/playbooks/roles/nvchecker/templates/keyfile.toml.j2 rename to Ansible/roles/nvchecker/templates/keyfile.toml.j2 diff --git a/Ansible/roles/nvchecker/tests/inventory b/Ansible/roles/nvchecker/tests/inventory new file mode 100644 index 00000000..03ca42fd --- /dev/null +++ b/Ansible/roles/nvchecker/tests/inventory @@ -0,0 +1,3 @@ +#SPDX-License-Identifier: MIT-0 +localhost + diff --git a/Ansible/playbooks/roles/nvchecker/tests/test.yml b/Ansible/roles/nvchecker/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/nvchecker/tests/test.yml rename to Ansible/roles/nvchecker/tests/test.yml diff --git a/Ansible/playbooks/roles/nvchecker/vars/main.yml b/Ansible/roles/nvchecker/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/nvchecker/vars/main.yml rename to Ansible/roles/nvchecker/vars/main.yml diff --git a/Ansible/playbooks/roles/nvchecker/vars/vault.yml b/Ansible/roles/nvchecker/vars/vault.yml similarity index 100% rename from Ansible/playbooks/roles/nvchecker/vars/vault.yml rename to Ansible/roles/nvchecker/vars/vault.yml diff --git a/Ansible/playbooks/roles/regenerate_ssl_certificate/README.md b/Ansible/roles/regenerate_ssl_certificate/README.md similarity index 100% rename from Ansible/playbooks/roles/regenerate_ssl_certificate/README.md rename to Ansible/roles/regenerate_ssl_certificate/README.md diff --git a/Ansible/playbooks/roles/regenerate_ssl_certificate/defaults/main.yml b/Ansible/roles/regenerate_ssl_certificate/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/regenerate_ssl_certificate/defaults/main.yml rename to Ansible/roles/regenerate_ssl_certificate/defaults/main.yml diff --git a/Ansible/playbooks/roles/regenerate_ssl_certificate/handlers/main.yml b/Ansible/roles/regenerate_ssl_certificate/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/regenerate_ssl_certificate/handlers/main.yml rename to Ansible/roles/regenerate_ssl_certificate/handlers/main.yml diff --git a/Ansible/playbooks/roles/regenerate_ssl_certificate/meta/main.yml b/Ansible/roles/regenerate_ssl_certificate/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/regenerate_ssl_certificate/meta/main.yml rename to Ansible/roles/regenerate_ssl_certificate/meta/main.yml diff --git a/Ansible/playbooks/roles/regenerate_ssl_certificate/tasks/main.yml b/Ansible/roles/regenerate_ssl_certificate/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/regenerate_ssl_certificate/tasks/main.yml rename to Ansible/roles/regenerate_ssl_certificate/tasks/main.yml diff --git a/Ansible/playbooks/roles/regenerate_ssl_certificate/tests/inventory b/Ansible/roles/regenerate_ssl_certificate/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/regenerate_ssl_certificate/tests/inventory rename to Ansible/roles/regenerate_ssl_certificate/tests/inventory diff --git a/Ansible/playbooks/roles/regenerate_ssl_certificate/tests/test.yml b/Ansible/roles/regenerate_ssl_certificate/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/regenerate_ssl_certificate/tests/test.yml rename to Ansible/roles/regenerate_ssl_certificate/tests/test.yml diff --git a/Ansible/playbooks/roles/regenerate_ssl_certificate/vars/main.yml b/Ansible/roles/regenerate_ssl_certificate/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/regenerate_ssl_certificate/vars/main.yml rename to Ansible/roles/regenerate_ssl_certificate/vars/main.yml diff --git a/Ansible/playbooks/roles/regenerate_ssl_certificate/vars/vault.yml b/Ansible/roles/regenerate_ssl_certificate/vars/vault.yml similarity index 100% rename from Ansible/playbooks/roles/regenerate_ssl_certificate/vars/vault.yml rename to Ansible/roles/regenerate_ssl_certificate/vars/vault.yml diff --git a/Ansible/playbooks/roles/remove_package/.travis.yml b/Ansible/roles/remove_package/.travis.yml similarity index 100% rename from Ansible/playbooks/roles/remove_package/.travis.yml rename to Ansible/roles/remove_package/.travis.yml diff --git a/Ansible/playbooks/roles/remove_package/README.md b/Ansible/roles/remove_package/README.md similarity index 100% rename from Ansible/playbooks/roles/remove_package/README.md rename to Ansible/roles/remove_package/README.md diff --git a/Ansible/playbooks/roles/remove_package/defaults/main.yml b/Ansible/roles/remove_package/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/remove_package/defaults/main.yml rename to Ansible/roles/remove_package/defaults/main.yml diff --git a/Ansible/playbooks/roles/remove_package/handlers/main.yml b/Ansible/roles/remove_package/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/remove_package/handlers/main.yml rename to Ansible/roles/remove_package/handlers/main.yml diff --git a/Ansible/playbooks/roles/remove_package/meta/main.yml b/Ansible/roles/remove_package/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/remove_package/meta/main.yml rename to Ansible/roles/remove_package/meta/main.yml diff --git a/Ansible/playbooks/roles/remove_package/tasks/main.yml b/Ansible/roles/remove_package/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/remove_package/tasks/main.yml rename to Ansible/roles/remove_package/tasks/main.yml diff --git a/Ansible/playbooks/roles/remove_package/tests/inventory b/Ansible/roles/remove_package/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/remove_package/tests/inventory rename to Ansible/roles/remove_package/tests/inventory diff --git a/Ansible/playbooks/roles/remove_package/tests/test.yml b/Ansible/roles/remove_package/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/remove_package/tests/test.yml rename to Ansible/roles/remove_package/tests/test.yml diff --git a/Ansible/playbooks/roles/remove_package/vars/main.yml b/Ansible/roles/remove_package/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/remove_package/vars/main.yml rename to Ansible/roles/remove_package/vars/main.yml diff --git a/Ansible/playbooks/roles/shell_command/README.md b/Ansible/roles/shell_command/README.md similarity index 100% rename from Ansible/playbooks/roles/shell_command/README.md rename to Ansible/roles/shell_command/README.md diff --git a/Ansible/playbooks/roles/shell_command/defaults/main.yml b/Ansible/roles/shell_command/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/shell_command/defaults/main.yml rename to Ansible/roles/shell_command/defaults/main.yml diff --git a/Ansible/playbooks/roles/shell_command/handlers/main.yml b/Ansible/roles/shell_command/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/shell_command/handlers/main.yml rename to Ansible/roles/shell_command/handlers/main.yml diff --git a/Ansible/playbooks/roles/shell_command/meta/main.yml b/Ansible/roles/shell_command/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/shell_command/meta/main.yml rename to Ansible/roles/shell_command/meta/main.yml diff --git a/Ansible/playbooks/roles/shell_command/tasks/main.yml b/Ansible/roles/shell_command/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/shell_command/tasks/main.yml rename to Ansible/roles/shell_command/tasks/main.yml diff --git a/Ansible/playbooks/roles/shell_command/tests/inventory b/Ansible/roles/shell_command/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/shell_command/tests/inventory rename to Ansible/roles/shell_command/tests/inventory diff --git a/Ansible/playbooks/roles/shell_command/tests/test.yml b/Ansible/roles/shell_command/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/shell_command/tests/test.yml rename to Ansible/roles/shell_command/tests/test.yml diff --git a/Ansible/playbooks/roles/shell_command/vars/main.yml b/Ansible/roles/shell_command/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/shell_command/vars/main.yml rename to Ansible/roles/shell_command/vars/main.yml diff --git a/Ansible/playbooks/roles/sync_crystal_repo/README.md b/Ansible/roles/sync_crystal_repo/README.md similarity index 100% rename from Ansible/playbooks/roles/sync_crystal_repo/README.md rename to Ansible/roles/sync_crystal_repo/README.md diff --git a/Ansible/playbooks/roles/sync_crystal_repo/defaults/main.yml b/Ansible/roles/sync_crystal_repo/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/sync_crystal_repo/defaults/main.yml rename to Ansible/roles/sync_crystal_repo/defaults/main.yml diff --git a/Ansible/playbooks/roles/sync_crystal_repo/handlers/main.yml b/Ansible/roles/sync_crystal_repo/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/sync_crystal_repo/handlers/main.yml rename to Ansible/roles/sync_crystal_repo/handlers/main.yml diff --git a/Ansible/playbooks/roles/sync_crystal_repo/meta/main.yml b/Ansible/roles/sync_crystal_repo/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/sync_crystal_repo/meta/main.yml rename to Ansible/roles/sync_crystal_repo/meta/main.yml diff --git a/Ansible/playbooks/roles/sync_crystal_repo/tasks/main.yml b/Ansible/roles/sync_crystal_repo/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/sync_crystal_repo/tasks/main.yml rename to Ansible/roles/sync_crystal_repo/tasks/main.yml diff --git a/Ansible/playbooks/roles/sync_crystal_repo/tests/inventory b/Ansible/roles/sync_crystal_repo/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/sync_crystal_repo/tests/inventory rename to Ansible/roles/sync_crystal_repo/tests/inventory diff --git a/Ansible/playbooks/roles/sync_crystal_repo/tests/test.yml b/Ansible/roles/sync_crystal_repo/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/sync_crystal_repo/tests/test.yml rename to Ansible/roles/sync_crystal_repo/tests/test.yml diff --git a/Ansible/playbooks/roles/sync_crystal_repo/vars/main.yml b/Ansible/roles/sync_crystal_repo/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/sync_crystal_repo/vars/main.yml rename to Ansible/roles/sync_crystal_repo/vars/main.yml diff --git a/Ansible/playbooks/roles/update_antiz_website/README.md b/Ansible/roles/update_antiz_website/README.md similarity index 100% rename from Ansible/playbooks/roles/update_antiz_website/README.md rename to Ansible/roles/update_antiz_website/README.md diff --git a/Ansible/playbooks/roles/update_antiz_website/defaults/main.yml b/Ansible/roles/update_antiz_website/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/update_antiz_website/defaults/main.yml rename to Ansible/roles/update_antiz_website/defaults/main.yml diff --git a/Ansible/playbooks/roles/update_antiz_website/handlers/main.yml b/Ansible/roles/update_antiz_website/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/update_antiz_website/handlers/main.yml rename to Ansible/roles/update_antiz_website/handlers/main.yml diff --git a/Ansible/playbooks/roles/update_antiz_website/meta/main.yml b/Ansible/roles/update_antiz_website/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/update_antiz_website/meta/main.yml rename to Ansible/roles/update_antiz_website/meta/main.yml diff --git a/Ansible/playbooks/roles/update_antiz_website/tasks/main.yml b/Ansible/roles/update_antiz_website/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/update_antiz_website/tasks/main.yml rename to Ansible/roles/update_antiz_website/tasks/main.yml diff --git a/Ansible/playbooks/roles/update_antiz_website/tests/inventory b/Ansible/roles/update_antiz_website/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/update_antiz_website/tests/inventory rename to Ansible/roles/update_antiz_website/tests/inventory diff --git a/Ansible/playbooks/roles/update_antiz_website/tests/test.yml b/Ansible/roles/update_antiz_website/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/update_antiz_website/tests/test.yml rename to Ansible/roles/update_antiz_website/tests/test.yml diff --git a/Ansible/playbooks/roles/update_antiz_website/vars/main.yml b/Ansible/roles/update_antiz_website/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/update_antiz_website/vars/main.yml rename to Ansible/roles/update_antiz_website/vars/main.yml diff --git a/Ansible/playbooks/roles/update_docker_container/.travis.yml b/Ansible/roles/update_docker_containers/.travis.yml similarity index 100% rename from Ansible/playbooks/roles/update_docker_container/.travis.yml rename to Ansible/roles/update_docker_containers/.travis.yml diff --git a/Ansible/playbooks/roles/update_docker_container/README.md b/Ansible/roles/update_docker_containers/README.md similarity index 95% rename from Ansible/playbooks/roles/update_docker_container/README.md rename to Ansible/roles/update_docker_containers/README.md index 5ddb000a..e16cf158 100644 --- a/Ansible/playbooks/roles/update_docker_container/README.md +++ b/Ansible/roles/update_docker_containers/README.md @@ -1,4 +1,4 @@ -# Update Docker Container +# Update Docker Containers Update all docker containers (via Arcane API). diff --git a/Ansible/roles/update_docker_containers/defaults/main.yml b/Ansible/roles/update_docker_containers/defaults/main.yml new file mode 100644 index 00000000..81a783f8 --- /dev/null +++ b/Ansible/roles/update_docker_containers/defaults/main.yml @@ -0,0 +1,3 @@ +--- +# defaults file for update_docker_containers +dangling: "true" diff --git a/Ansible/roles/update_docker_containers/handlers/main.yml b/Ansible/roles/update_docker_containers/handlers/main.yml new file mode 100644 index 00000000..cd194052 --- /dev/null +++ b/Ansible/roles/update_docker_containers/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for update_docker_containers diff --git a/Ansible/playbooks/roles/update_docker_container/meta/main.yml b/Ansible/roles/update_docker_containers/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/update_docker_container/meta/main.yml rename to Ansible/roles/update_docker_containers/meta/main.yml diff --git a/Ansible/playbooks/roles/update_docker_container/tasks/main.yml b/Ansible/roles/update_docker_containers/tasks/main.yml similarity index 95% rename from Ansible/playbooks/roles/update_docker_container/tasks/main.yml rename to Ansible/roles/update_docker_containers/tasks/main.yml index 1f80b375..53865506 100644 --- a/Ansible/playbooks/roles/update_docker_container/tasks/main.yml +++ b/Ansible/roles/update_docker_containers/tasks/main.yml @@ -1,5 +1,5 @@ --- -# tasks file for update_docker_container +# tasks file for update_docker_containers - name: "Load vaulted vars" ansible.builtin.include_vars: @@ -44,7 +44,7 @@ changed_when: true delegate_to: localhost -- name: "Update containers output" # noqa: command-instead-of-module +- name: "Update containers output" ansible.builtin.debug: msg: "{{ update_containers.stdout_lines }}" when: update_containers.stdout_lines | length > 0 diff --git a/Ansible/playbooks/roles/update_docker_container/tests/inventory b/Ansible/roles/update_docker_containers/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/update_docker_container/tests/inventory rename to Ansible/roles/update_docker_containers/tests/inventory diff --git a/Ansible/playbooks/roles/update_docker_container/tests/test.yml b/Ansible/roles/update_docker_containers/tests/test.yml similarity index 62% rename from Ansible/playbooks/roles/update_docker_container/tests/test.yml rename to Ansible/roles/update_docker_containers/tests/test.yml index 7fe46af3..3385bdbb 100644 --- a/Ansible/playbooks/roles/update_docker_container/tests/test.yml +++ b/Ansible/roles/update_docker_containers/tests/test.yml @@ -2,4 +2,4 @@ - hosts: localhost remote_user: root roles: - - update_docker_container + - update_docker_containers diff --git a/Ansible/roles/update_docker_containers/vars/main.yml b/Ansible/roles/update_docker_containers/vars/main.yml new file mode 100644 index 00000000..8cbbc893 --- /dev/null +++ b/Ansible/roles/update_docker_containers/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for update_docker_containers diff --git a/Ansible/playbooks/roles/update_docker_container/vars/vault.yml b/Ansible/roles/update_docker_containers/vars/vault.yml similarity index 100% rename from Ansible/playbooks/roles/update_docker_container/vars/vault.yml rename to Ansible/roles/update_docker_containers/vars/vault.yml diff --git a/Ansible/roles/update_podman_containers/README.md b/Ansible/roles/update_podman_containers/README.md new file mode 100644 index 00000000..9b26e4b3 --- /dev/null +++ b/Ansible/roles/update_podman_containers/README.md @@ -0,0 +1,9 @@ +# Update Podman Containers + +Update all podman containers (via `podman auto-update`). + +## Variables + +The following variable is set in `defaults/main.yml`: + +- dangling: `true` (controls whether to only remove dangling image or remove all unused images (not just dangling ones) after the update, expects a boolean `true` or `false` value). diff --git a/Ansible/roles/update_podman_containers/defaults/main.yml b/Ansible/roles/update_podman_containers/defaults/main.yml new file mode 100644 index 00000000..498ad8ec --- /dev/null +++ b/Ansible/roles/update_podman_containers/defaults/main.yml @@ -0,0 +1,4 @@ +#SPDX-License-Identifier: MIT-0 +--- +# defaults file for update_podman_containers +dangling: true diff --git a/Ansible/roles/update_podman_containers/handlers/main.yml b/Ansible/roles/update_podman_containers/handlers/main.yml new file mode 100644 index 00000000..f9b6c91b --- /dev/null +++ b/Ansible/roles/update_podman_containers/handlers/main.yml @@ -0,0 +1,3 @@ +#SPDX-License-Identifier: MIT-0 +--- +# handlers file for update_podman_containers diff --git a/Ansible/roles/update_podman_containers/meta/main.yml b/Ansible/roles/update_podman_containers/meta/main.yml new file mode 100644 index 00000000..6f91fd33 --- /dev/null +++ b/Ansible/roles/update_podman_containers/meta/main.yml @@ -0,0 +1,35 @@ +#SPDX-License-Identifier: MIT-0 +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.2 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/Ansible/roles/update_podman_containers/tasks/main.yml b/Ansible/roles/update_podman_containers/tasks/main.yml new file mode 100644 index 00000000..de834619 --- /dev/null +++ b/Ansible/roles/update_podman_containers/tasks/main.yml @@ -0,0 +1,44 @@ +#SPDX-License-Identifier: MIT-0 +--- +# tasks file for update_podman_containers + +- name: "Check for updates" + ansible.builtin.shell: + cmd: podman auto-update --dry-run --format "{% raw %}{{.Image}} {{.Updated}}{% endraw %}" + register: check_updates + changed_when: false + +- name: "Show check result" + ansible.builtin.debug: + msg: "{{ check_updates.stdout_lines }}" + when: check_updates.stdout_lines | length > 0 + +- name: "Update containers" + ansible.builtin.shell: + cmd: podman auto-update + register: update_containers + changed_when: true + +- name: "Update containers output" + ansible.builtin.debug: + msg: "{{ update_containers.stdout_lines }}" + when: update_containers.stdout_lines | length > 0 + +- name: "Prune dangling images" + ansible.builtin.shell: + cmd: podman image prune -f + register: prune_old_images + changed_when: true + when: dangling + +- name: "Prune all unused images" + ansible.builtin.shell: + cmd: podman image prune -af + register: prune_old_images + changed_when: true + when: not dangling + +- name: "Prune old images output" + ansible.builtin.debug: + msg: "{{ prune_old_images.stdout_lines }}" + when: prune_old_images.stdout_lines | length > 0 diff --git a/Ansible/roles/update_podman_containers/tests/inventory b/Ansible/roles/update_podman_containers/tests/inventory new file mode 100644 index 00000000..03ca42fd --- /dev/null +++ b/Ansible/roles/update_podman_containers/tests/inventory @@ -0,0 +1,3 @@ +#SPDX-License-Identifier: MIT-0 +localhost + diff --git a/Ansible/roles/update_podman_containers/tests/test.yml b/Ansible/roles/update_podman_containers/tests/test.yml new file mode 100644 index 00000000..85bfd0c8 --- /dev/null +++ b/Ansible/roles/update_podman_containers/tests/test.yml @@ -0,0 +1,6 @@ +#SPDX-License-Identifier: MIT-0 +--- +- hosts: localhost + remote_user: root + roles: + - update_podman_containers diff --git a/Ansible/roles/update_podman_containers/vars/main.yml b/Ansible/roles/update_podman_containers/vars/main.yml new file mode 100644 index 00000000..db5fe074 --- /dev/null +++ b/Ansible/roles/update_podman_containers/vars/main.yml @@ -0,0 +1,3 @@ +#SPDX-License-Identifier: MIT-0 +--- +# vars file for update_podman_containers diff --git a/Ansible/playbooks/roles/update_server/.travis.yml b/Ansible/roles/update_servers/.travis.yml similarity index 100% rename from Ansible/playbooks/roles/update_server/.travis.yml rename to Ansible/roles/update_servers/.travis.yml diff --git a/Ansible/roles/update_servers/README.md b/Ansible/roles/update_servers/README.md new file mode 100644 index 00000000..04b651c8 --- /dev/null +++ b/Ansible/roles/update_servers/README.md @@ -0,0 +1,12 @@ +# Update Servers + +Update my servers. +Also prints orphan packages and pacnew files for Arch Linux & orphan packages and apk-new files for Alpine Linux. + +Support for Debian, Arch Linux and Alpine Linux. + +## Variables + +The following variable is defined in `vars/main.yml`: + +- lxc_user: `service` (name of the user running the LXC containers, for post-update restart of the containers). diff --git a/Ansible/roles/update_servers/defaults/main.yml b/Ansible/roles/update_servers/defaults/main.yml new file mode 100644 index 00000000..255c8b6d --- /dev/null +++ b/Ansible/roles/update_servers/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for update_servers diff --git a/Ansible/roles/update_servers/handlers/main.yml b/Ansible/roles/update_servers/handlers/main.yml new file mode 100644 index 00000000..a8b0a423 --- /dev/null +++ b/Ansible/roles/update_servers/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for update_servers diff --git a/Ansible/playbooks/roles/update_server/meta/main.yml b/Ansible/roles/update_servers/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/update_server/meta/main.yml rename to Ansible/roles/update_servers/meta/main.yml diff --git a/Ansible/playbooks/roles/update_server/tasks/alpine.yml b/Ansible/roles/update_servers/tasks/alpine.yml similarity index 97% rename from Ansible/playbooks/roles/update_server/tasks/alpine.yml rename to Ansible/roles/update_servers/tasks/alpine.yml index 000023c8..22c35de3 100644 --- a/Ansible/playbooks/roles/update_server/tasks/alpine.yml +++ b/Ansible/roles/update_servers/tasks/alpine.yml @@ -14,7 +14,7 @@ msg: "{{ alpine_packages_update.stdout_lines }}" when: alpine_packages_update.stdout_lines | length > 0 -- name: "Update server" +- name: "Update servers" community.general.apk: available: true upgrade: true diff --git a/Ansible/playbooks/roles/update_server/tasks/arch.yml b/Ansible/roles/update_servers/tasks/arch.yml similarity index 97% rename from Ansible/playbooks/roles/update_server/tasks/arch.yml rename to Ansible/roles/update_servers/tasks/arch.yml index 6e4dd6c2..420047c7 100644 --- a/Ansible/playbooks/roles/update_server/tasks/arch.yml +++ b/Ansible/roles/update_servers/tasks/arch.yml @@ -15,7 +15,7 @@ msg: "{{ arch_packages_update.stdout_lines }}" when: arch_packages_update.stdout_lines | length > 0 -- name: "Update server" +- name: "Update servers" community.general.pacman: upgrade: true diff --git a/Ansible/playbooks/roles/update_server/tasks/debian.yml b/Ansible/roles/update_servers/tasks/debian.yml similarity index 94% rename from Ansible/playbooks/roles/update_server/tasks/debian.yml rename to Ansible/roles/update_servers/tasks/debian.yml index 7f810a81..7fb5cde3 100644 --- a/Ansible/playbooks/roles/update_server/tasks/debian.yml +++ b/Ansible/roles/update_servers/tasks/debian.yml @@ -14,7 +14,7 @@ msg: "{{ debian_packages_update.stdout_lines }}" when: debian_packages_update.stdout_lines | length > 0 -- name: "Update server" +- name: "Update servers" ansible.builtin.apt: upgrade: full autoremove: true diff --git a/Ansible/playbooks/roles/update_server/tasks/main.yml b/Ansible/roles/update_servers/tasks/main.yml similarity index 55% rename from Ansible/playbooks/roles/update_server/tasks/main.yml rename to Ansible/roles/update_servers/tasks/main.yml index abd74c25..923dcf0a 100644 --- a/Ansible/playbooks/roles/update_server/tasks/main.yml +++ b/Ansible/roles/update_servers/tasks/main.yml @@ -1,19 +1,17 @@ --- -# tasks file for update_server +# tasks file for update_servers -- name: "Update server - Debian" +- name: "Update servers - Debian" ansible.builtin.include_tasks: debian.yml when: ansible_facts['distribution'] == "Debian" -- name: "Update server - Arch" +- name: "Update servers - Arch" ansible.builtin.include_tasks: arch.yml when: ansible_facts['distribution'] == "Archlinux" -- name: "Update server - Alpine" +- name: "Update servers - Alpine" ansible.builtin.include_tasks: alpine.yml when: ansible_facts['distribution'] == "Alpine" -- name: Reboot - ansible.builtin.reboot: - test_command: whoami - when: ansible_connection != "local" +- name: "Reboot Servers" + ansible.builtin.include_tasks: reboot.yml diff --git a/Ansible/roles/update_servers/tasks/reboot.yml b/Ansible/roles/update_servers/tasks/reboot.yml new file mode 100644 index 00000000..e7177435 --- /dev/null +++ b/Ansible/roles/update_servers/tasks/reboot.yml @@ -0,0 +1,14 @@ +--- +- name: "Reboot Bare Metal and VM Servers" + ansible.builtin.reboot: + when: ansible_connection != "local" and ansible_facts['virtualization_type'] != "lxc" + +- name: "Restart LXC containers" + ansible.builtin.shell: + cmd: machinectl shell "{{ lxc_user }}"@ /bin/bash -lc "lxc-stop -n {{ inventory_hostname_short }} && lxc-start -n {{ inventory_hostname_short }}" + changed_when: true + when: ansible_connection != "local" and item.group in group_names" + delegate_to: "{{ item.delegate }}" + loop: + - { group: "lxc_core01", delegate: "core01.rc" } + - { group: "lxc_core02", delegate: "core02.rc" } diff --git a/Ansible/playbooks/roles/update_server/tests/inventory b/Ansible/roles/update_servers/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/update_server/tests/inventory rename to Ansible/roles/update_servers/tests/inventory diff --git a/Ansible/playbooks/roles/update_server/tests/test.yml b/Ansible/roles/update_servers/tests/test.yml similarity index 71% rename from Ansible/playbooks/roles/update_server/tests/test.yml rename to Ansible/roles/update_servers/tests/test.yml index 9d25f9d7..291cc123 100644 --- a/Ansible/playbooks/roles/update_server/tests/test.yml +++ b/Ansible/roles/update_servers/tests/test.yml @@ -2,4 +2,4 @@ - hosts: localhost remote_user: root roles: - - update_server + - update_servers diff --git a/Ansible/roles/update_servers/vars/main.yml b/Ansible/roles/update_servers/vars/main.yml new file mode 100644 index 00000000..c389ebed --- /dev/null +++ b/Ansible/roles/update_servers/vars/main.yml @@ -0,0 +1,4 @@ +--- +# vars file for update_servers + +lxc_user: "service" diff --git a/Ansible/playbooks/roles/vps_system_backup/README.md b/Ansible/roles/vps_system_backup/README.md similarity index 100% rename from Ansible/playbooks/roles/vps_system_backup/README.md rename to Ansible/roles/vps_system_backup/README.md diff --git a/Ansible/playbooks/roles/vps_system_backup/defaults/main.yml b/Ansible/roles/vps_system_backup/defaults/main.yml similarity index 100% rename from Ansible/playbooks/roles/vps_system_backup/defaults/main.yml rename to Ansible/roles/vps_system_backup/defaults/main.yml diff --git a/Ansible/playbooks/roles/vps_system_backup/handlers/main.yml b/Ansible/roles/vps_system_backup/handlers/main.yml similarity index 100% rename from Ansible/playbooks/roles/vps_system_backup/handlers/main.yml rename to Ansible/roles/vps_system_backup/handlers/main.yml diff --git a/Ansible/playbooks/roles/vps_system_backup/meta/main.yml b/Ansible/roles/vps_system_backup/meta/main.yml similarity index 100% rename from Ansible/playbooks/roles/vps_system_backup/meta/main.yml rename to Ansible/roles/vps_system_backup/meta/main.yml diff --git a/Ansible/playbooks/roles/vps_system_backup/tasks/main.yml b/Ansible/roles/vps_system_backup/tasks/main.yml similarity index 100% rename from Ansible/playbooks/roles/vps_system_backup/tasks/main.yml rename to Ansible/roles/vps_system_backup/tasks/main.yml diff --git a/Ansible/playbooks/roles/vps_system_backup/tests/inventory b/Ansible/roles/vps_system_backup/tests/inventory similarity index 100% rename from Ansible/playbooks/roles/vps_system_backup/tests/inventory rename to Ansible/roles/vps_system_backup/tests/inventory diff --git a/Ansible/playbooks/roles/vps_system_backup/tests/test.yml b/Ansible/roles/vps_system_backup/tests/test.yml similarity index 100% rename from Ansible/playbooks/roles/vps_system_backup/tests/test.yml rename to Ansible/roles/vps_system_backup/tests/test.yml diff --git a/Ansible/playbooks/roles/vps_system_backup/vars/main.yml b/Ansible/roles/vps_system_backup/vars/main.yml similarity index 100% rename from Ansible/playbooks/roles/vps_system_backup/vars/main.yml rename to Ansible/roles/vps_system_backup/vars/main.yml diff --git a/Servers/Arch.md b/Servers/Arch.md new file mode 100644 index 00000000..5ed6b68e --- /dev/null +++ b/Servers/Arch.md @@ -0,0 +1,8 @@ +# Arch Linux + + + +I am now running a lightweight Arch Linux installation on my physical servers. +My services are now either running in *rootless / unprivileged* Podman containers or *rootless / unprivileged* LXC containers on said Arch Linux installation. + +The Arch Linux installation itself is pretty much the same as my [Arch Linux VM Template installation](https://github.com/Antiz96/Linux-Server/blob/main/VMs/Arch-Linux_Server_Template.md). diff --git a/Servers/Proxmox.md b/Servers/Proxmox.md index 1b7f5ee1..38dbb17f 100644 --- a/Servers/Proxmox.md +++ b/Servers/Proxmox.md @@ -53,7 +53,7 @@ source ~/.bashrc ```bash sudo apt update && sudo apt full-upgrade && sudo apt autoremove -sudo apt install vim man bash-completion openssh-server dnsutils traceroute rsync zip unzip diffutils firewalld plocate htop curl openssl socat chrony wget logrotate fail2ban python3-passlib fastfetch acl +sudo apt install vim man bash-completion openssh-server dnsutils traceroute rsync diffutils firewalld plocate htop curl openssl socat chrony wget logrotate fail2ban python3-passlib fastfetch acl sudo systemctl enable --now ssh chrony firewalld logrotate.timer fstrim.timer sudo reboot ``` diff --git a/Servers/README.md b/Servers/README.md index 464dca5d..3418d47d 100644 --- a/Servers/README.md +++ b/Servers/README.md @@ -4,5 +4,6 @@ This is the installation / configuration procedure of OSes I install on my physi ## OS -- [Proxmox - Hypervisor I use for my VMs (Debian based)](https://github.com/Antiz96/Linux-Server/blob/main/Servers/Proxmox.md) -- [Alpine - OS I use on my Raspberry Pi server](https://github.com/Antiz96/Linux-Server/blob/main/Servers/Alpine.md) +- [Proxmox - Hypervisor I used to run on my physical servers](https://github.com/Antiz96/Linux-Server/blob/main/Servers/Proxmox.md) +- [Arch Linux - OS I run on my physical servers](https://github.com/Antiz96/Linux-Server/blob/main/Servers/Arch.md) +- [Alpine Linux - OS I run on my Raspberry Pi servers](https://github.com/Antiz96/Linux-Server/blob/main/Servers/Alpine.md) diff --git a/Services/Docker.md b/Services/Docker.md index 9da7e4c0..c7ba5500 100644 --- a/Services/Docker.md +++ b/Services/Docker.md @@ -57,3 +57,22 @@ sudo apt update && sudo apt install docker-ce docker-ce-cli containerd.io ```bash sudo systemctl enable --now docker ``` + +## Tips and tricks + +### Change docker datadir path + +Defaults in `/var/lib/docker`. + +```bash +sudo mkdir -p /etc/docker +sudoedit /etc/docker/daemon.json +``` + +```text +{ + "data-root": "/path/to/datadir" +} +``` + +Then restart the `docker` service. diff --git a/Services/FileBrowser.md b/Services/FileBrowser.md index 6e19228b..f3655d41 100644 --- a/Services/FileBrowser.md +++ b/Services/FileBrowser.md @@ -1,73 +1,63 @@ # FileBrowser - +~~~~ -## Install Docker on my Server (if not done already) +I recently switched to the FileBrowser Quantum fork, which bring a few extra features and a polished UI (among other things). - + -## Installing FileBrowser on Docker +## Install Podman on my Server (if not done already) - + -### Create the FileBrowser directory, database & configuration file (with the right permission) +## Installing FileBrowser on Docker / Podman + + + +### Create the data, cache, config diretories & configuration file ```bash -sudo mkdir -p /data/FileBrowser/data && sudo chown antiz: /data/FileBrowser/data && chmod 700 /data/FileBrowser/data -sudo touch /data/FileBrowser/{filebrowser.db,settings.json} && sudo chown antiz: /data/FileBrowser/{filebrowser.db,settings.json} && chmod 600 /data/FileBrowser/{filebrowser.db,settings.json} -vim /data/FileBrowser/settings.json # https://github.com/filebrowser/filebrowser/blob/master/settings.json +mkdir -p /data/podman/volumes/filebrowser/{data,cache,config} && chmod 700 /data/podman/volumes/filebrowser/{data,cache,config} +touch /data/podman/volumes/filebrowser/config/config.yaml && chmod 600 /data/podman/volumes/filebrowser/config/config.yaml +vim /data/podman/volumes/filebrowser/config/config.yaml ``` ```text -{ - "port": 80, - "baseURL": "", - "address": "", - "log": "stdout", - "database": "/database/filebrowser.db", - "root": "/srv" -} +server: + port: 8080 # Port for the server to listen on (inside the container) + cacheDir: /home/filebrowser/cache # Path to cache dir (inside the container) + sources: + - path: /home/filebrowser/data # Path to data dir (inside the container) + config: + defaultEnabled: true + +auth: + adminUsername: Antiz # Name of the default admin password + adminPassword: "changeit" # Password for the above admin user + methods: + password: + enabled: true # Enable password authentication + minLength: 8 # Num of minimum password lenght + signup: false # Enable / Disable signup for users ``` ### Pull and run the container ```bash -sudo docker run -v /data/FileBrowser/data:/srv -v /data/FileBrowser:/database -v /data/FileBrowser:/config -u $(id -u):$(id -g) -p 8080:80 --name filebrowser -d --restart="unless-stopped" filebrowser/filebrowser +podman run -v /data/podman/volumes/filebrowser/config/config.yaml:/home/filebrowser/config.yaml -v /data/podman/volumes/filebrowser/data:/home/filebrowser/data -v /data/podman/volumes/filebrowser/cache:/home/filebrowser/cache -p 8080:8080 --name filebrowser -d --label io.containers.autoupdate=registry --restart="unless-stopped" docker.io/gtstef/filebrowser ``` ### Access -You can now access and configure it on this URL (admin:admin): +You can now access and configure it on this URL: `http://[HOSTNAME]:8080/` -## Configuration - -Global Settings --> Dark Mode -User Management --> Change default username and password - ## Update/Upgrade and reinstall procedure -Since we use Docker, the update and upgrade procedure is actually the same as it does not rely directly on our server. -Also, if you did a mapping between a volume stored on a local disk (like I did), all you need to do to reinstall your FileBrowser server is to re-download Docker (if you reinstalled your OS completely) and do the following steps. - -### Pull the docker image - -(... to check if there's an available update) - -```bash -sudo docker pull filebrowser/filebrowser -``` - -### Apply the update - -```bash -sudo docker stop filebrowser -sudo docker rm filebrowser -sudo docker run -v /data/FileBrowser/data:/srv -v /data/FileBrowser:/database -v /data/FileBrowser:/config -u $(id -u):$(id -g) -p 8080:80 --name filebrowser -d --restart="unless-stopped" filebrowser/filebrowser -``` +I'm relying on `podman auto-update`. -You can then optionally clean old dangling docker images (to clean up locally stored Docker images and regain some disk space): +Optionally clean old dangling images: ```bash -sudo docker image prune +podman image prune ``` diff --git a/Services/LXC.md b/Services/LXC.md new file mode 100644 index 00000000..7ca8c8c6 --- /dev/null +++ b/Services/LXC.md @@ -0,0 +1,359 @@ +# LXC + + + +## Install LXC on Arch + +```bash +sudo pacman -S lxc lxcfs +``` + +## Install LXC on Alpine + +```bash +sudo apk add lxc lxcfs lxc-download lxc-user-nic +sudo rc-update add cgroups +sudo rc-service cgroups start +``` + +## Install LXC on Debian + +```bash +sudo apt install lxc lxcfs lxc-templates +``` + +## Setup rootless / unprivileged mode + +To be able to use rootless / unprivileged LXC containers with your current unprivileged user, do the following: + +```bash +mkdir -p ~/.config/lxc +cp /etc/lxc/default.conf ~/.config/lxc/default.conf +echo "lxc.idmap = u 0 100000 65536" >> ~/.config/lxc/default.conf +echo "lxc.idmap = g 0 100000 65536" >> ~/.config/lxc/default.conf +``` + +The following should already be done on Arch Linux and Debian, but is needed on Alpine: + +```bash +echo "$(whoami):100000:65536" | sudo tee -a /etc/subuid +echo "$(whoami):100000:65536" | sudo tee -a /etc/subgid +``` + +Note that containers started in rootless / unprivileged mode are only accessible / manageable by the user that created them. + +## Create a network bridge + +Create a network bridge on the host network interface for the containers to get their own bridged network interface. +Containers will automatically get an IP from DHCP at first boot, but can be configured to get their own static IP (either from the LXC config, or from the installed network manager inside the container). + +### Alpine / Debian + +```bash +sudoedit /etc/network/interfaces +``` + +```text +# Assuming eth0 with address, netmask and gateway already set +auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet manual # Set it to manual and move parameters to the bridge interface + +auto lxcbr0 # I advise to call it like that as its the name lxc is looking for by default +iface lxcbr0 inet static + address 192.168.96.100 # Those were moved from the initial eth0 config above + netmask 255.255.255.0 # This was moved from the initial eth0 config above + gateway 192.168.96.254 # This was moved from the initial eth0 config above + bridge-ports eth0 + bridge-stp off + bridge-fd 0 +``` + +```bash +sudoedit /etc/lxc/lxc-usernet +``` + +```text +# Replace by your user +# Replace 20 by the number of network interfaces that the given user should be allowed to attach to the given bridge + veth lxcbr0 20 +``` + +```bash +sudo reboot +``` + +### Arch Linux + +#### With systemd-networkd + +```bash +sudoedit /etc/systemd/network/lxcbr0.netdev # Create the bridge interface +``` + +```text +[NetDev] +Name=lxcbr0 +Kind=bridge +``` + +```bash +sudoedit /etc/systemd/network/lxcbr0.network # Create the network config for the bridge interface +``` + +```text +[Match] +Name=lxcbr0 + +[Network] +Address=192.168.96.100/24 +Gateway=192.168.96.254 +DNS=192.168.96.1 +IPv6AcceptRA=no +``` + +```bash +sudoedit /etc/systemd/network/eth0.network # Link physical nic to the bridge interface +``` + +```text +[Match] +Name=eth0 + +[Network] +Bridge=lxcbr0 +``` + +```bash +sudoedit /etc/lxc/lxc-usernet +``` + +```text +# Replace by your user +# Replace 20 by the number of network interfaces that the given user should be allowed to attach to the given bridge + veth lxcbr0 20 +``` + +```bash +sudo reboot +``` + +#### With NetworkManager + +```bash +sudo nmcli connection add type bridge ifname lxcbr0 con-name lxcbr0 # Create bridge interface +sudo nmcli connection modify lxcbr0 ipv4.method manual ipv4.addresses 192.168.96.100/24 ipv4.gateway 192.168.96.254 ipv4.dns 192.168.96.1 ipv6.method disabled # Move network conf to bridge interface +sudo nmcli connection modify Wired\ connection\ 1 connection.master lxcbr0 connection.slave-type bridge # Attach physical NIC to the bridge +``` + +```bash +sudoedit /etc/lxc/lxc-usernet +``` + +```text +# Replace by your user +# Replace 20 by the number of network interfaces that the given user should be allowed to attach to the given bridge + veth lxcbr0 20 +``` + +```bash +sudo reboot +``` + +## Usage + +### Create a container + +```bash +lxc-create -n -t download +``` + +And then select the distribution, release & architecture. + +Alternatively, select parameters directly as arguments: + +```bash +lxc-create -n -t download -- --dist archlinux --release current --arch amd64 +``` + +### List containers + +```bash +lxc-ls -f +``` + +### Get info about a container + +```bash +lxc-info +``` + +### Start / Stop a container + +```bash +lxc-start -n +lxc-stop -n +``` + +### Log into a container + +Attach current session to the container (necessary at first boot to create root password): + +```bash +lxc-attach -n +``` + +Spawn a console into the container: + +```bash +lxc-console -n +``` + +To exit a container session, press `ctrl-a` then `q`. + +### Delete a container + +```bash +lxc-destroy +``` + +### Snapshot / Clone / Backup + +- Snapshot + +```bash +lxc-snapshot -n # Take a snapshot of a container +lxc-snapshot -n -c file.txt # Take a snapshot of a container with comments from the content of file.txt +lxc-snapshot -n -L # List snapshots of a container +lxc-snapshot -n -L -C # List snapshots of a container including comments +lxc-snapshot -n -r snap0 # Restore the "snap0" snapshot on a container +lxc-snapshot -n -r snap0 -N # Restore the "snap0" snapshot to a separate new container +lxc-snapshot -n -d snap0 # Delete the "snap0" snapshot of a container +``` + +- Clone + +Note that, if running AppArmor, you might need to pass `lxc-copy` under complain mode for it to work properly and avoid permissions errors (`sudo aa-complain lxc-copy`). + +```bash +lxc-copy -n -N # Clone a container into a new one +``` + +- Backup + +One can just rsync the container directory with proper options: + +```bash +sudo rsync -a --numeric-ids \ + --exclude=/rootfs/proc/* \ + --exclude=/rootfs/sys/* \ + --exclude=/rootfs/dev/* \ + /lxc/datadir/mycontainer/ \ + /backup/lxc/mycontainer/ +``` + +To restore, either stop or destroy the container, then: + +```bash +sudo rsync -a --numeric-ids /backup/lxc/mycontainer/ /lxc/datadir/mycontainer/ +``` + +## Tips and tricks + +### Change lxc datadir + +Defaults in `.local/share/lxc` (or `/var/lib/lxc` if rootfull). + +```bash +vim ~/.config/lxc/lxc.conf # or /etc/lxc/lxc.conf if rootfull +``` + +```text +lxc.lxcpath = /path/to/datadir # Should be writeable by user +``` + +### Unprivileged containers and AppArmor + +It seems that AppArmor doesn't play really nice with unprivileged LXC containers and is very restrictive for them, eventually preventing expected actions within unprivileged containers by default, such as starting systemd services and other things (Debian even have [a dedicated page for related issues](https://wiki.debian.org/LXC/SystemdMountsAndAppArmor)). + +Despite experimenting and trying potential workarounds I've found here and there, I wasn't able to configure AppArmor to play nicely with unprivileged LXC containers (including allowing mounting, nesting, etc...). Debian considers that not loading the AppArmor profile within the container is an acceptable approach for unprivileged LXC containers (see [here](https://wiki.debian.org/LXC/SystemdMountsAndAppArmor#Permissive_AppArmor_profile)), which can be done by adding the following to the containers configuration: + +```text +lxc.apparmor.profile = unconfined +``` + +### Limit containers resources + +In containers' config: + +```text +lxc.cgroup2.cpuset.cpus = 0-1 # Limit access to host's core 0 and 1 +lxc.cgroup2.cpu.max = 200000 100000 # Limit CPU quota to the equivalent of two cores (400000 100000 for 4 cores) +lxc.cgroup2.memory.max = 2G # Limit RAM quote to 2G +lxc.cgroup2.memory.swap.max = 0 # Restrict usage of host's swap +``` + +For what it's worth, I'm personally only setting `lxc.cgroup2.cpu.max` and `lxc.cgroup2.memory.max`. + +Note that (as opposed to a VM) this is just quota limit, not a definition of the "visible" resources within the container. So things like `htop`, `fastfetch` or `free` will still report the full number of CPU and RAM of the host, regardless of the above settings. To get the accurate number of CPU and RAM allowed in a container, run `nproc` and `cat /sys/fs/cgroup/memory.max` instead. + +### Autostart containers at boot + +Add the following line to the containers' config you want to autostart at boot: + +```text +lxc.start.auto = 1 +``` + +Then start / enable the required service (rootfull): + +```bash +sudo systemctl enable --now lxc-auto.service +``` + +For unprivileged containers running as non-root user, create and enable the following user service instead: + +```bash +mkdir -p ~/.config/systemd/user +vim ~/.config/systemd/user/lxc-autostart.service +``` + +```text +[Unit] +Description="lxc-autostart for lxc user" + +[Service] +Type=oneshot +ExecStart=/usr/bin/lxc-autostart +ExecStop=/usr/bin/lxc-autostart -s +RemainAfterExit=1 + +[Install] +WantedBy=default.target +``` + +```bash +systemctl --user daemon-reload +systemctl --user enable --now lxc-autostart.service +loginctl enable-linger $USER +``` + +### Run unprivileged systemd-based distribution containers with Alpine / OpenRC + +**NOTE:** The following trick allows to run unprivileged systemd-based distribution containers that still accept cgroups v1 (basically distributions that still run systemd < v258). +As far as I can tell, there's no way yet to run unprivileged system-based distribution containers that require cgroups v2 with OpenRC (basically distributions that run systemd >= v258). + +```bash +sudo mkdir -p /sys/fs/cgroup/systemd +sudo mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd +sudo chown 100000:100000 -R /sys/fs/cgroup/systemd/ +``` + +You can put the above in an OpenRC init script or in your fstab to apply permanently. +See the following links for more details: + +- +- +- diff --git a/Services/Podman.md b/Services/Podman.md new file mode 100644 index 00000000..edb484ef --- /dev/null +++ b/Services/Podman.md @@ -0,0 +1,102 @@ +# Podman + + + +## Install Podman on Arch + +```bash +sudo pacman -S podman +loginctl enable-linger $USER +``` + +## Install Podman on Alpine + +```bash +sudo apk add podman +``` + +## Install Podman on Debian + +```bash +sudo apt install podman +loginctl enable-linger $USER +``` + +## Setup rootless / unprivileged mode on Alpine + +The prerequisites to use rootless podman with an unprivileged user should already be done by default on Arch Linux and Debian. +To be able to use rootless podman with your current unprivileged user in Alpine, do the following: + +```bash +sudo rc-update add cgroups +sudo rc-service cgroups start +sudo modprobe tun +echo "tun" | sudo tee -a /etc/modules +echo "$(whoami):100000:65536" | sudo tee -a /etc/subuid +echo "$(whoami):100000:65536" | sudo tee -a /etc/subgid +``` + +Note that containers started in rootless mode are only accessible / manageable by the user that created them. + +## Usage + +Generally speaking, just replace `docker` by `podman` in commands with your current user (no need for `sudo` or root privileges). + +`podman` also have some extra capabilities / features, such as specific labels, `auto-update`, systemd units supports for containers (see [the related chapter](#containers-running-as-systemd-services-and-podman-auto-update)), etc... +`podman` can also expose an API via a socket (like `Docker`) if needed (not enabled by default). + +**Important notes:** + +- Contrary to Docker, Podman does not automatically open ports exposed to containers on the firewall. You need to open exposed ports yourself. +- Contrary to Docker, Podman (rootless) doesn't expose the host's DNS configuration to containers but instead applies internal and / or default resolvers (see `podman exec -it cat /etc/resolv.conf`). You can apply your own DNS if needed via the `--dns` paramter in `podman run` (e.g. `podman run -d --dns 192.168.1.1 [...]`). + +Refer to the documentation. + +## Tips and tricks + +### Change (rootless) podman datadir + +Defaults in `~/.local/share/containers/storage`. + +```bash +mkdir -p ~/.config/containers +vim ~/.config/containers/storage.conf +``` + +```text +[storage] +driver="overlay" # Adapt if needed +rootless_storage_path="/path/to/datadir" # Should be writeable by the user +``` + +### Containers running as systemd services and podman auto-update + +To enable the auto-update support for a container, add `--label io.containers.autoupdate=registry` to its `podman run` command. + +Once the container is running, generate a quadlet / systemd service file for it via `podlet` (`sudo pacman -S podlet`) and start it: + +```bash +mkdir -p ~/.config/containers/systemd +podlet generate container > ~/.config/containers/systemd/.container +echo -e "\n[Install]\nWantedBy=default.target" >> ~/.config/containers/systemd/.container # Required for the container to auto start at boot +systemctl --user daemon-reload +systemctl --user start .service +``` + +You can now verify if a new image is available for every containers with the `io.containers.autoudpate` label and started via systemd: + +```bash +podman auto-update --dry-run +``` + +You can also format the output to only show specific columns (useful for scripting): + +```bash +podman auto-update --dry-run --format "{{.Image}} {{.Updated}}" +``` + +You can apply update via: + +```bash +podman auto-update +``` diff --git a/Services/README.md b/Services/README.md index 05366d20..452da2d7 100644 --- a/Services/README.md +++ b/Services/README.md @@ -6,7 +6,9 @@ This is a (non-exhaustive) list of installation and configuration procedures of - [Ansible - Automation platform](https://github.com/Antiz96/Linux-Server/blob/main/Services/Ansible.md) - [Jenkins - Orchestration and continuous integration server](https://github.com/Antiz96/Linux-Server/blob/main/Services/Jenkins.md) -- [Docker - Container manager](https://github.com/Antiz96/Linux-Server/blob/main/Services/Docker.md) +- [Docker - Application Container manager](https://github.com/Antiz96/Linux-Server/blob/main/Services/Docker.md) +- [Podman - (Rootless) Application Container manager](https://github.com/Antiz96/Linux-Server/blob/main/Services/Podman.md) +- [LXC - System Container manager](https://github.com/Antiz96/Linux-Server/blob/main/Services/LXC.md) - [Nginx - Reverse Proxy](https://github.com/Antiz96/Linux-Server/blob/main/Services/Nginx.md) - [Kea - DHCP Server](https://github.com/Antiz96/Linux-Server/blob/main/Services/Kea.md) - [Gitea - Git Server](https://github.com/Antiz96/Linux-Server/blob/main/Services/Gitea.md) diff --git a/Services/Wireguard.md b/Services/Wireguard.md index 92163190..5c8860cb 100644 --- a/Services/Wireguard.md +++ b/Services/Wireguard.md @@ -73,7 +73,17 @@ sudo docker run -d \ linuxserver/wireguard ``` -Personally, I put the the SERVERURL and PEERS parameters inside env files so I don't have to type them in plain text in the docker run command which is a bit more secure. Also it makes them more flexible and easy to change by modifying the file instead of modifying the docker run command directly. Obviously, those files are only viewable and editable by the root account for security reasons. +**Note:** If running with podman rootless container, you need the additional parameters: + +```text +[...] +--cap-add="NET_RAW" \ +[...] +--sysctl="net.ipv4.conf.all.forwarding=1" \ +--sysctl="net.ipv4.ip_forward=1" \ +``` + +Personally, I put the the SERVERURL, PEERS and PEERDNS parameters inside env files so I don't have to type them in plain text in the docker run command which is a bit more secure. Also it makes them more flexible and easy to change by modifying the file instead of modifying the docker run command directly. Obviously, those files are only viewable and editable by the root account for security reasons. ```bash sudo mkdir /opt/wireguard/env @@ -91,32 +101,42 @@ sudo vim /opt/wireguard/env/peers > peer1,peer2,peer3,etc... +```bash +sudo vim /opt/wireguard/env/peerdns +``` + +> your_dns_server + ```bash sudo chmod 600 /opt/wireguard/env/* && sudo chmod 750 /opt/wireguard/env ``` -This is my personal docker run command for wireguard: +This is my personal podman run command for wireguard: ```bash -sudo docker run -d \ +podman run -d \ --name=wireguard \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ +--cap-add=NET_RAW \ -e PUID=$(id -u) \ -e PGID=$(id -g) \ -e TZ=Europe/Paris \ --e SERVERURL=$(sudo cat /opt/wireguard/env/server_url) \ +-e SERVERURL=$(cat /opt/podman/volumes/wireguard/env/server_url) \ -e SERVERPORT=51820 \ --e PEERS=$(sudo cat /opt/wireguard/env/peers) \ --e PEERDNS=192.168.96.1 \ +-e PEERS=$(cat /opt/podman/volumes/wireguard/env/peers) \ +-e PEERDNS=$(cat /opt/podman/volumes/wireguard/env/peerdns) \ -e INTERNAL_SUBNET=10.10.10.0 \ -e ALLOWEDIPS=0.0.0.0/0 \ -p 51820:51820/udp \ --v /opt/wireguard/config:/config \ +-v /opt/podman/volumes/wireguard/config:/config \ -v /lib/modules:/lib/modules \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ +--sysctl="net.ipv4.conf.all.forwarding=1" \ +--sysctl="net.ipv4.ip_forward=1" \ +--label io.containers.autoupdate=registry \ --restart unless-stopped \ -linuxserver/wireguard +docker.io/linuxserver/wireguard ``` ## Connect your clients to the VPN diff --git a/Services/Zabbix.md b/Services/Zabbix.md index c7d3a0eb..281cf865 100644 --- a/Services/Zabbix.md +++ b/Services/Zabbix.md @@ -111,6 +111,38 @@ Change the "PHP_TZ" env variable's value according to your location/environment. sudo docker run --name zabbix-web -p 8080:8080 -e DB_SERVER_HOST=$(sudo cat /opt/zabbix/env/db_host) -e POSTGRES_USER=$(sudo cat /opt/zabbix/env/db_user) -e POSTGRES_PASSWORD=$(sudo cat /opt/zabbix/env/db_password) -e POSTGRES_DB=$(sudo cat /opt/zabbix/env/db_name) -e ZBX_SERVER_HOST=$(hostname) -e PHP_TZ="Europe/Paris" --restart=unless-stopped -d zabbix/zabbix-web-nginx-pgsql:latest ``` +**Note:** When running with rootless podman + AppArmor, you might face an issue at the start of the container (see `podman logs `), preventing the Web server within the container to start properly: + +```text +ERROR: failed to open configuration file '/etc/php84/php-fpm.conf': Permission denied (13) +failed to load configuration file '/etc/php84/php-fpm.conf' +ERROR: FPM initialization failed 2026-02-15 19:52:57,836 WARN exited: php-fpm84 (exit status 78; not expected) 2026-02-15 19:52:57,836 WARN exited: php-fpm84 (exit status 78; not expected) +``` + +The actual cause of the issue doesn't seem known yet (see https://github.com/containers/podman/issues/24142) but, in the mean time, I applied [this workaround](https://github.com/containers/podman/issues/24142#issuecomment-2391888253): + +```bash +sudoedit /etc/apparmor.d/local/php-fpm +``` + +```text +# vim: ft=apparmor + +# for Zabbix server in podman container +/etc/php84/** r, +/usr/share/zabbix/** r, +/usr/share/php84/** r, +/etc/zabbix/** r, +/tmp/php-fpm.sock rw, +/tmp/php-fpm.pid rw, +``` + +```bash +sudo systemctl reload apparmor.service +``` + +Then restart the container. + ### Access You can now access Zabbix on this URL: diff --git a/VMs/Alpine-Linux_Server_Template.md b/VMs/Alpine-Linux_Server_Template.md index 30417552..f9317fef 100644 --- a/VMs/Alpine-Linux_Server_Template.md +++ b/VMs/Alpine-Linux_Server_Template.md @@ -154,7 +154,7 @@ aa-status # Check the list of profile and their status ### Install useful packages ```bash -apk add vim vimdiff man-db sudo bash bash-completion openssh openssh-server-pam socat bind-tools wget traceroute rsync zip unzip diffutils plocate htop curl logrotate fail2ban fstrim chrony firewalld shadow py3-passlib fastfetch acl +apk add vim vimdiff man-db sudo bash bash-completion openssh openssh-server-pam socat bind-tools wget traceroute rsync diffutils plocate htop curl logrotate fail2ban fstrim chrony firewalld shadow py3-passlib fastfetch acl ``` ### Configure various things @@ -272,6 +272,7 @@ firewall-cmd --add-port=10050/tcp --permanent firewall-cmd --reload echo "readproc:x:30:zabbix" >> /etc/group apk add zabbix-agent +chage -E -1 zabbix # Remove eventual auto expiration on the zabbix account to allow it to run sudo (for User Parameters that may require privilege elevation) vim /etc/zabbix/zabbix_agentd.conf ``` @@ -280,7 +281,7 @@ vim /etc/zabbix/zabbix_agentd.conf > [...] > ServerActive=hostname_of_zabbix_server > [...] -> Hostname=template.rc +> Hostname=template > [...] > TLSPSKIdentity=XXXX > [...] diff --git a/VMs/Arch-Linux_Server_Template.md b/VMs/Arch-Linux_Server_Template.md index 5d117d8b..3682c0fb 100644 --- a/VMs/Arch-Linux_Server_Template.md +++ b/VMs/Arch-Linux_Server_Template.md @@ -9,8 +9,9 @@ I basically follow my [Arch-Linux base installation guide](https://github.com/An - I use a different partition scheme for professional context (see [Partition scheme](https://github.com/Antiz96/Linux-Server/blob/main/VMs/Arch-Linux_Server_Template.md#partition-scheme)). - I use the `linux-lts` kernel (instead of the `linux` one). -- I use a different list of "useful packages to install", more suited for servers (see [Install useful packages](https://github.com/Antiz96/Linux-Server/blob/main/VMs/Arch-Linux_Server_Template.md#install-useful-packages)). -- I do not create a regular user for my personal use during the install. Indeed, this will be handled by an ansible playbook. I do create an "ansible" user for that purpose afterward instead (see [Create and configure the ansible user](https://github.com/Antiz96/Linux-Server/blob/main/VMs/Arch-Linux_Server_Template.md#create-and-configure-the-ansible-user)). +- I use `systemd-networkd` rather than `network-manager` (see [Setup Networking](#setup-networking). +- I use a different list of "useful packages to install", more suited for servers (see [Install useful packages](#install-useful-packages)). +- I do not create a regular user for my personal use during the install. Indeed, this will be handled by an ansible playbook. I do create an "ansible" user for that purpose afterward instead (see [Create and configure the ansible user](#create-and-configure-the-ansible-user)). **Remember to set a password for the root account during the installation process, otherwise you won't be able to log in to the server after reboot!** @@ -31,7 +32,27 @@ Replaces: > /var --> 1G > > /var/log --> 4G -### Optional - Install and enable AppArmor +## Setup Networking + +Replaces: + +```bash +systemctl enable systemd-networkd systemd-resolved +ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf +vim /etc/systemd/network/enp1s0.network # Adapt the name of the file according to your network card name +``` + +> #Adapt parameters as needed +> [Match] +> Name=enp1s0 +> +> [Network] +> Address=192.168.96.100/24 +> Gateway=192.168.96.254 +> DNS=192.168.96.1 +> IPv6AcceptRA=no + +## Optional - Install and enable AppArmor AppArmor is a kernel security module that restricts individual programs' capabilities. @@ -54,24 +75,24 @@ aa-enabled # Verify that AppArmor is running aa-status # Check the list of profile and their status ``` -### Install useful packages +## Install useful packages Replaces: ```bash -pacman -S man bash-completion openssh socat dnsutils wget traceroute rsync zip unzip diffutils plocate htop logrotate pacman-contrib fail2ban python-passlib fastfetch +pacman -S man bash-completion openssh socat dnsutils wget traceroute rsync diffutils plocate htop logrotate pacman-contrib fail2ban python-passlib fastfetch pacman -S --asdeps fakeroot # required for `checkupdates` ``` -### Configure various things +## Configure various things -#### Enable services/timers +### Enable services/timers ```bash systemctl enable --now sshd logrotate.timer ``` -#### Secure SSH connection +### Secure SSH connection ```bash vi /etc/ssh/sshd_config @@ -92,23 +113,24 @@ firewall-cmd --reload #Apply changes systemctl restart sshd #Restart the SSH daemon to apply changes ``` -#### Configure Fail2Ban +### Configure Fail2Ban Procedure: -#### Install qemu-guest-agent (for proxmox) +### Install qemu-guest-agent (for proxmox) ```bash pacman -S qemu-guest-agent systemctl enable --now qemu-guest-agent ``` -#### Install and configure Zabbix Agent +### Install and configure Zabbix Agent ```bash firewall-cmd --add-port=10050/tcp --permanent firewall-cmd --reload pacman -S zabbix-agent +chage -E -1 zabbix # Remove eventual auto expiration on the zabbix account to allow it to run sudo (for User Parameters that may require privilege elevation) vim /etc/zabbix/zabbix_agentd.conf ``` @@ -117,7 +139,7 @@ vim /etc/zabbix/zabbix_agentd.conf > [...] > ServerActive=hostname_of_zabbix_server > [...] -> Hostname=template.rc +> Hostname=template > [...] > TLSPSKIdentity=XXXX > [...] @@ -156,7 +178,7 @@ vim /etc/sudoers.d/zabbix systemctl enable --now zabbix-agent ``` -#### Configure the inactivity timeout +### Configure the inactivity timeout ```bash vim /etc/bash.bashrc #Set the inactivity timeout to 15 min @@ -168,7 +190,7 @@ vim /etc/bash.bashrc #Set the inactivity timeout to 15 min > readonly TMOUT > export TMOUT -### Create and configure the ansible user +## Create and configure the ansible user Replaces: @@ -187,12 +209,6 @@ vim /home/ansible/.ssh/authorized_keys #Insert the ansible master server's SSH p > Copy the ansible master server's SSH public key here (ansible@ansible-server) -### Setup static IP Address - -```bash -nmtui -``` - ## Reboot ```bash diff --git a/VMs/Debian_Server_Template.md b/VMs/Debian_Server_Template.md index b2633342..ef74c93b 100644 --- a/VMs/Debian_Server_Template.md +++ b/VMs/Debian_Server_Template.md @@ -31,7 +31,7 @@ I basically follow each installation steps normally with the following exception ### Install useful packages ```bash -apt update && apt install sudo vim man bash-completion openssh-server dnsutils traceroute rsync zip unzip diffutils firewalld plocate htop curl openssl socat chrony wget logrotate fail2ban python3-passlib fastfetch acl +apt update && apt install sudo vim man bash-completion openssh-server dnsutils traceroute rsync diffutils firewalld plocate htop curl openssl socat chrony wget logrotate fail2ban python3-passlib fastfetch acl ``` ### Configure various things @@ -88,6 +88,7 @@ systemctl enable --now qemu-guest-agent firewall-cmd --add-port=10050/tcp --permanent firewall-cmd --reload apt install zabbix-agent +chage -E -1 zabbix # Remove eventual auto expiration on the zabbix account to allow it to run sudo (for User Parameters that may require privilege elevation) vim /etc/zabbix/zabbix_agentd.conf ``` @@ -96,7 +97,7 @@ vim /etc/zabbix/zabbix_agentd.conf > [...] > ServerActive=hostname_of_zabbix_server > [...] -> Hostname=template.rc +> Hostname=template > [...] > TLSPSKIdentity=XXXX > [...] diff --git a/VMs/RHEL_Server_Template.md b/VMs/RHEL_Server_Template.md index ae024ee3..52e60117 100644 --- a/VMs/RHEL_Server_Template.md +++ b/VMs/RHEL_Server_Template.md @@ -31,7 +31,7 @@ I basically follow each installation steps normally with the following exception ### Install useful packages ```bash -dnf update && dnf install sudo vim man bash-completion openssh-server bind-utils traceroute rsync zip unzip diffutils firewalld plocate curl openssl socat chrony wget fail2ban epel-release && dnf install htop logrotate python3-passlib fastfetch acl +dnf update && dnf install sudo vim man bash-completion openssh-server bind-utils traceroute rsync diffutils firewalld plocate curl openssl socat chrony wget fail2ban epel-release && dnf install htop logrotate python3-passlib fastfetch acl ``` ### Configure various things @@ -106,6 +106,7 @@ systemctl enable --now qemu-guest-agent firewall-cmd --add-port=10050/tcp --permanent firewall-cmd --reload dnf install zabbix-agent +chage -E -1 zabbix # Remove eventual auto expiration on the zabbix account to allow it to run sudo (for User Parameters that may require privilege elevation) vim /etc/zabbix/zabbix_agentd.conf ``` @@ -114,7 +115,7 @@ vim /etc/zabbix/zabbix_agentd.conf > [...] > ServerActive=hostname_of_zabbix_server > [...] -> Hostname=template.rc +> Hostname=template > [...] > TLSPSKIdentity=XXXX > [...]