use more variables instead of hard-coding (fixes #3)
This commit is contained in:
parent
d48064a7e3
commit
04686de59c
38
README.md
38
README.md
|
@ -20,15 +20,45 @@ Therefore you can use the same playbook for multiple servers and activate the ne
|
||||||
|
|
||||||
### Borgbakup
|
### Borgbakup
|
||||||
If you want to configure borgbackup backups, these variables need to be set:
|
If you want to configure borgbackup backups, these variables need to be set:
|
||||||
- `borgbackup_host`: Hostname used by the borgbackup script
|
- `borgbackup_passphrase`: Passphrase of the borgbackup repo
|
||||||
- `borgbackup_sub`: Sub-Account ID used by the borgbackup script
|
- `borgbackup_repo`: Repository path (e.g. `ssh://$user@$hostname/$path`)
|
||||||
|
- `borgbackup_hostname`: Hostname to prefix the snapshots
|
||||||
|
|
||||||
|
Optional configuration:
|
||||||
|
- `borgbackup_ssh_id`: Path to the used ssh id (default: `/home/{{ ansible_user_id }}/.ssh/id_ed25519`)
|
||||||
|
|
||||||
Attention: You still need to setup the borgbackup repository manually.
|
Attention: You still need to setup the borgbackup repository manually.
|
||||||
|
|
||||||
|
### Caddy
|
||||||
|
Mandatory variable:
|
||||||
|
- `caddy_email`: Email address to use for getting let's encrypt certificates
|
||||||
|
|
||||||
|
### Cronmails
|
||||||
|
Mandatory variable:
|
||||||
|
- `cron_email`: Sender email address used by cron
|
||||||
|
|
||||||
|
### DynDNS
|
||||||
|
This task and it's configuration files might be quite specific for the [davd/docker-ddns](https://github.com/dprandzioch/docker-ddns) docker container.
|
||||||
|
|
||||||
|
Mandatory variables:
|
||||||
|
- `ddns_server_domain`: Domain name of the DynDNS server
|
||||||
|
- `ddns_passphrase`: Passphrase for updating dynDNS entries
|
||||||
|
- `ddns_domain`: Domain where the host's entries are created as `$hostname.$ddns_domain`
|
||||||
|
|
||||||
### Telegraf
|
### Telegraf
|
||||||
|
Mandatory variables:
|
||||||
|
- `telegraf_server_url`: URL of the influxDB server, e.g. `https://example.com:8086`
|
||||||
|
- `telegraf_server_user`: Username of the influxDB user
|
||||||
|
- `telegraf_server_passwd`: Password of the influxDB user
|
||||||
|
|
||||||
Telegraf is configured with basic host telemetry by default. You can add more features, if you like:
|
Telegraf is configured with basic host telemetry by default. You can add more features, if you like:
|
||||||
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected
|
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected (uses file from `telegraf_docker_file`)
|
||||||
- `telegraf_snmp_fra80`: Set to `true`, if SNMP telemetry of the fra80 network should be collected
|
- `telegraf_snmp`: Set to `true`, if SNMP telemetry should be collected (uses file from `telegraf_snmp_file`)
|
||||||
|
- `telegraf_docker_file`: filename of the docker telegraf config part in `{{role_path}}/templates` (default `telegraf-docker.conf`).
|
||||||
|
- `telegraf_snmp_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-SNMP.conf`).
|
||||||
|
|
||||||
|
Optional settings:
|
||||||
|
- `telegraf_interval`: Data sampling interval (default `300s`)
|
||||||
|
|
||||||
|
|
||||||
Dependencies
|
Dependencies
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
---
|
---
|
||||||
# defaults file for server
|
# defaults file for server
|
||||||
|
|
||||||
|
borgbackup_ssh_id: "/home/{{ ansible_user_id }}/.ssh/id_ed25519"
|
||||||
|
|
||||||
|
telegraf_interval: "300s"
|
||||||
telegraf_docker_file: "telegraf-docker.conf"
|
telegraf_docker_file: "telegraf-docker.conf"
|
||||||
telegraf_snmp_fra80_file: "telegraf-SNMP_fra80.conf"
|
telegraf_snmp_file: "telegraf-SNMP.conf"
|
||||||
|
|
||||||
dockercompose_use_pip: false
|
dockercompose_use_pip: false
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
passwd='dyndnshosts'
|
|
||||||
hostname=$(hostname | tr '[:upper:]' '[:lower:]')
|
|
||||||
domain=jtbx.space
|
|
||||||
|
|
||||||
/usr/bin/curl -4 -s "http://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$passwd" > /dev/null
|
|
|
@ -1,8 +1,9 @@
|
||||||
---
|
---
|
||||||
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version
|
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version
|
||||||
# Variables (must be set!):
|
# Variables (must be set!):
|
||||||
# - borgbackup_host
|
# - borgbackup_passphrase
|
||||||
# - borgbackup_sub
|
# - borgbackup_repo
|
||||||
|
# - borgbackup_hostname
|
||||||
|
|
||||||
# For Debian Stretch, use a newer package version from backports
|
# For Debian Stretch, use a newer package version from backports
|
||||||
|
|
||||||
|
@ -30,6 +31,7 @@
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
cache_valid_time: 3600
|
cache_valid_time: 3600
|
||||||
when:
|
when:
|
||||||
- borgbackup_host is defined
|
- borgbackup_passphrase is defined
|
||||||
- borgbackup_sub is defined
|
- borgbackup_repo is defined
|
||||||
|
- borgbackup_hostname is defined
|
||||||
- ansible_distribution_release == 'stretch'
|
- ansible_distribution_release == 'stretch'
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
---
|
---
|
||||||
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version
|
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version
|
||||||
# Variables (must be set!):
|
# Variables (must be set!):
|
||||||
# - borgbackup_host
|
# - borgbackup_passhrase
|
||||||
# - borgbackup_sub
|
# - borgbackup_repo
|
||||||
|
# - borgbackup_hostname
|
||||||
|
|
||||||
# For all other Debian versions, simply install borgbackup
|
# For all other Debian versions, simply install borgbackup
|
||||||
|
|
||||||
|
@ -12,6 +13,7 @@
|
||||||
name: borgbackup
|
name: borgbackup
|
||||||
state: present
|
state: present
|
||||||
when:
|
when:
|
||||||
- borgbackup_host is defined
|
- borgbackup_passphrase is defined
|
||||||
- borgbackup_sub is defined
|
- borgbackup_repo is defined
|
||||||
|
- borgbackup_hostname is defined
|
||||||
- ansible_distribution_release != 'stretch'
|
- ansible_distribution_release != 'stretch'
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
---
|
---
|
||||||
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob
|
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob
|
||||||
# Variables (must be set!):
|
# Variables (must be set!):
|
||||||
# - borgbackup_host
|
# - borgbackup_passphrase
|
||||||
# - borgbackup_sub
|
# - borgbackup_repo
|
||||||
|
# - borgbackup_hostname
|
||||||
|
|
||||||
- name: borgbackup - Install
|
- name: borgbackup - Install
|
||||||
include_tasks: "{{ item }}"
|
include_tasks: "{{ item }}"
|
||||||
|
@ -22,8 +23,9 @@
|
||||||
group: "{{ ansible_user_id }}"
|
group: "{{ ansible_user_id }}"
|
||||||
mode: 0775
|
mode: 0775
|
||||||
when:
|
when:
|
||||||
- borgbackup_host is defined
|
- borgbackup_passphrase is defined
|
||||||
- borgbackup_sub is defined
|
- borgbackup_repo is defined
|
||||||
|
- borgbackup_hostname is defined
|
||||||
- name: borgbackup - Run Borgbackup script at 1:00 daily
|
- name: borgbackup - Run Borgbackup script at 1:00 daily
|
||||||
become: yes
|
become: yes
|
||||||
cron:
|
cron:
|
||||||
|
@ -32,18 +34,18 @@
|
||||||
hour: "1"
|
hour: "1"
|
||||||
job: "/usr/local/bin/borgbackup.sh"
|
job: "/usr/local/bin/borgbackup.sh"
|
||||||
when:
|
when:
|
||||||
- borgbackup_host is defined
|
- borgbackup_passphrase is defined
|
||||||
- borgbackup_sub is defined
|
- borgbackup_repo is defined
|
||||||
|
- borgbackup_hostname is defined
|
||||||
|
|
||||||
# safeguard, if the host variables were removed
|
# safeguard, if the host variables were removed
|
||||||
|
- name: borgbackup - Uninstall
|
||||||
|
block:
|
||||||
- name: borgbackup - Remove Borgbackup script if no borgbackup config
|
- name: borgbackup - Remove Borgbackup script if no borgbackup config
|
||||||
become: yes
|
become: yes
|
||||||
file:
|
file:
|
||||||
path: /usr/local/bin/borgbackup.sh
|
path: /usr/local/bin/borgbackup.sh
|
||||||
state: absent
|
state: absent
|
||||||
when:
|
|
||||||
- borgbackup_host is not defined
|
|
||||||
- borgbackup_sub is not defined
|
|
||||||
- name: borgbackup - Remove Cronjob if no borgbackup config
|
- name: borgbackup - Remove Cronjob if no borgbackup config
|
||||||
become: yes
|
become: yes
|
||||||
cron:
|
cron:
|
||||||
|
@ -52,6 +54,4 @@
|
||||||
hour: "1"
|
hour: "1"
|
||||||
job: "/usr/local/bin/borgbackup.sh"
|
job: "/usr/local/bin/borgbackup.sh"
|
||||||
state: absent
|
state: absent
|
||||||
when:
|
when: (borgbackup_passphrase is not defined) or (borgbackup_repo is not defined) or (borgbackup_hostname is not defined)
|
||||||
- borgbackup_host is not defined
|
|
||||||
- borgbackup_sub is not defined
|
|
||||||
|
|
|
@ -30,8 +30,8 @@
|
||||||
mode: 0555
|
mode: 0555
|
||||||
- name: caddyserver - Copy Caddy systemd service file
|
- name: caddyserver - Copy Caddy systemd service file
|
||||||
become: yes
|
become: yes
|
||||||
copy:
|
template:
|
||||||
src: "{{ role_path }}/files/caddy.service"
|
src: "{{ role_path }}/templates/caddy.service"
|
||||||
dest: /etc/systemd/system/caddy.service
|
dest: /etc/systemd/system/caddy.service
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
|
@ -7,3 +7,4 @@
|
||||||
|
|
||||||
- name: caddyserver - Setup caddy server
|
- name: caddyserver - Setup caddy server
|
||||||
include_tasks: "caddy-setup.yml"
|
include_tasks: "caddy-setup.yml"
|
||||||
|
when: caddy_email is defined
|
||||||
|
|
|
@ -46,4 +46,4 @@
|
||||||
cron:
|
cron:
|
||||||
name: MAILTO
|
name: MAILTO
|
||||||
env: yes
|
env: yes
|
||||||
value: "device-{{ ansible_hostname }}@jtbx.de"
|
value: "{{ cron_email }}"
|
||||||
|
|
|
@ -7,18 +7,18 @@
|
||||||
name: curl
|
name: curl
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: dyndns - Copy hosts.jtbx.de dynDNS script
|
- name: dyndns - Copy dynDNS script
|
||||||
become: yes
|
become: yes
|
||||||
copy:
|
template:
|
||||||
src: "{{ role_path }}/files/ddns-hosts.sh"
|
src: "{{ role_path }}/templates/ddns-hosts.sh"
|
||||||
dest: /usr/local/bin/ddns-hosts.sh
|
dest: /usr/local/bin/ddns-hosts.sh
|
||||||
owner: "{{ ansible_user_id }}"
|
owner: "{{ ansible_user_id }}"
|
||||||
group: "{{ ansible_user_id }}"
|
group: "{{ ansible_user_id }}"
|
||||||
mode: 0775
|
mode: 0775
|
||||||
- name: dyndns - Create cronjob for hosts.jtbx.de dynDNS script
|
- name: "dyndns - Create cronjob for {{ ddns_domain }} dynDNS script"
|
||||||
become: yes
|
become: yes
|
||||||
cron:
|
cron:
|
||||||
name: "hosts.jtbx.de dynDNS"
|
name: "{{ ddns_domain }} dynDNS"
|
||||||
minute: "*/5"
|
minute: "*/5"
|
||||||
hour: "*"
|
hour: "*"
|
||||||
job: "/usr/local/bin/ddns-hosts.sh > /dev/null"
|
job: "/usr/local/bin/ddns-hosts.sh > /dev/null"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
# Server/Telegraf: Install and Setup Telegraf Monitoring
|
# Server/Telegraf: Install and Setup Telegraf Monitoring
|
||||||
# Variables:
|
# Variables:
|
||||||
# - telegraf_snmp_fra80: boolean, enable SNMP monitoring for the fra80 network
|
# - telegraf_snmp: boolean, enable SNMP monitoring for the fra80 network
|
||||||
# - telegraf_docker: boolean, enable docker monitoring
|
# - telegraf_docker: boolean, enable docker monitoring
|
||||||
|
|
||||||
- name: telegraf - Install apt-transport-https
|
- name: telegraf - Install apt-transport-https
|
||||||
|
|
|
@ -4,10 +4,9 @@
|
||||||
# pass -v --stats to show more information
|
# pass -v --stats to show more information
|
||||||
# pass --list --filter AME to show all fiels Added Modified or with Error
|
# pass --list --filter AME to show all fiels Added Modified or with Error
|
||||||
|
|
||||||
#export BORG_RSH='ssh -i /home/jannik/.ssh/id_rsa'
|
export BORG_RSH='ssh -i {{ borgbackup_ssh_id }}'
|
||||||
export BORG_RSH='ssh -i /home/jannik/.ssh/id_ed25519'
|
export BORG_PASSPHRASE='{{ borgbackup_passphrase }}'
|
||||||
export BORG_PASSPHRASE='borgbackup.{{ borgbackup_host }}@hetznerbx'
|
export BORG_REPO='{{ borgbackup_repo }}'
|
||||||
export BORG_REPO='ssh://u182062-sub{{ borgbackup_sub }}@u182062.your-storagebox.de:23/./borg'
|
|
||||||
|
|
||||||
# some helpers and error handling:
|
# some helpers and error handling:
|
||||||
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
|
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
|
||||||
|
@ -33,7 +32,7 @@ borg create \
|
||||||
--exclude '/var/lib/lxcfs' \
|
--exclude '/var/lib/lxcfs' \
|
||||||
--exclude '/var/log/*' \
|
--exclude '/var/log/*' \
|
||||||
\
|
\
|
||||||
$BORG_REPO::'{{ borgbackup_host }}-{now:%Y%m%d_%H%M}' \
|
$BORG_REPO::'{{ borgbackup_hostname }}-{now:%Y%m%d_%H%M}' \
|
||||||
/etc \
|
/etc \
|
||||||
/var \
|
/var \
|
||||||
/root \
|
/root \
|
||||||
|
@ -44,7 +43,7 @@ backup_exit=$?
|
||||||
|
|
||||||
# Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total)
|
# Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total)
|
||||||
borg prune \
|
borg prune \
|
||||||
--prefix '{{ borgbackup_host }}-' \
|
--prefix '{{ borgbackup_hostname }}-' \
|
||||||
--keep-daily 7 \
|
--keep-daily 7 \
|
||||||
--keep-weekly 3 \
|
--keep-weekly 3 \
|
||||||
--keep-monthly 2
|
--keep-monthly 2
|
||||||
|
|
|
@ -12,7 +12,7 @@ Group=www-data
|
||||||
Environment=CADDYPATH=/etc/ssl/caddy
|
Environment=CADDYPATH=/etc/ssl/caddy
|
||||||
|
|
||||||
PIDFile=/run/caddy.pid
|
PIDFile=/run/caddy.pid
|
||||||
ExecStart=/usr/local/bin/caddy -log stdout -agree -email=code@jannikbeyerstedt.de -conf=/etc/caddy/Caddyfile -root=/var/tmp
|
ExecStart=/usr/local/bin/caddy -log stdout -agree -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -root=/var/tmp
|
||||||
ExecReload=/bin/kill -USR1 $MAINPID
|
ExecReload=/bin/kill -USR1 $MAINPID
|
||||||
|
|
||||||
KillMode=mixed
|
KillMode=mixed
|
|
@ -1,5 +1,5 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
passwd='dyndnshosts'
|
passwd='{{ ddns_passphrase }}'
|
||||||
hostname=$(hostname | tr '[:upper:]' '[:lower:]')
|
hostname=$(hostname | tr '[:upper:]' '[:lower:]')
|
||||||
|
|
||||||
platform='unknown'
|
platform='unknown'
|
||||||
|
@ -31,7 +31,7 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# API always returns 200, so check for response payload to begin with {"Success":true,
|
# API always returns 200, so check for response payload to begin with {"Success":true,
|
||||||
url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
|
url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
|
||||||
statuscode=$(curl -s $url)
|
statuscode=$(curl -s $url)
|
||||||
case "$statuscode" in
|
case "$statuscode" in
|
||||||
{\"Success\":true*) echo "IPv4 Success" ;;
|
{\"Success\":true*) echo "IPv4 Success" ;;
|
||||||
|
@ -43,7 +43,7 @@ if [ $ip6addr ]; then
|
||||||
echo "Updating IPv6 DNS entry..."
|
echo "Updating IPv6 DNS entry..."
|
||||||
|
|
||||||
# API always returns 200, so check for response payload to begin with {"Success":true,
|
# API always returns 200, so check for response payload to begin with {"Success":true,
|
||||||
url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
|
url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
|
||||||
statuscode=$(curl -s $url)
|
statuscode=$(curl -s $url)
|
||||||
case "$statuscode" in
|
case "$statuscode" in
|
||||||
{\"Success\":true*) echo "IPv6 Success" ;;
|
{\"Success\":true*) echo "IPv6 Success" ;;
|
|
@ -1,9 +1,9 @@
|
||||||
[agent]
|
[agent]
|
||||||
interval = "300s"
|
interval = "{{ telegraf_interval }}"
|
||||||
hostname = ""
|
hostname = ""
|
||||||
|
|
||||||
[[outputs.influxdb]]
|
[[outputs.influxdb]]
|
||||||
urls = ["https://influx.jtbx.de:65086"]
|
urls = ["{{ telegraf_server_url }}"]
|
||||||
database = "servers"
|
database = "servers"
|
||||||
skip_database_creation = true
|
skip_database_creation = true
|
||||||
|
|
||||||
|
@ -12,8 +12,8 @@
|
||||||
|
|
||||||
## Write timeout (for the InfluxDB client), formatted as a string.
|
## Write timeout (for the InfluxDB client), formatted as a string.
|
||||||
timeout = "5s"
|
timeout = "5s"
|
||||||
username = "servers"
|
username = "{{ telegraf_server_user }}"
|
||||||
password = "Servers-w.influx@home"
|
password = "{{ telegraf_server_passwd }}"
|
||||||
|
|
||||||
|
|
||||||
# Read metrics about cpu usage
|
# Read metrics about cpu usage
|
||||||
|
@ -65,8 +65,8 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
{% if telegraf_snmp_fra80|default(false)|bool %}
|
{% if telegraf_snmp|default(false)|bool %}
|
||||||
{% include telegraf_snmp_fra80_file %}
|
{% include telegraf_snmp_file %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue