use more variables instead of hard-coding (fixes #3)

This commit is contained in:
Jannik Beyerstedt 2019-11-12 21:06:04 +01:00
parent d48064a7e3
commit 04686de59c
15 changed files with 101 additions and 70 deletions

View file

@ -20,15 +20,45 @@ Therefore you can use the same playbook for multiple servers and activate the ne
### Borgbakup ### Borgbakup
If you want to configure borgbackup backups, these variables need to be set: If you want to configure borgbackup backups, these variables need to be set:
- `borgbackup_host`: Hostname used by the borgbackup script - `borgbackup_passphrase`: Passphrase of the borgbackup repo
- `borgbackup_sub`: Sub-Account ID used by the borgbackup script - `borgbackup_repo`: Repository path (e.g. `ssh://$user@$hostname/$path`)
- `borgbackup_hostname`: Hostname to prefix the snapshots
Optional configuration:
- `borgbackup_ssh_id`: Path to the used ssh id (default: `/home/{{ ansible_user_id }}/.ssh/id_ed25519`)
Attention: You still need to setup the borgbackup repository manually. Attention: You still need to setup the borgbackup repository manually.
### Caddy
Mandatory variable:
- `caddy_email`: Email address to use for getting let's encrypt certificates
### Cronmails
Mandatory variable:
- `cron_email`: Sender email address used by cron
### DynDNS
This task and it's configuration files might be quite specific for the [davd/docker-ddns](https://github.com/dprandzioch/docker-ddns) docker container.
Mandatory variables:
- `ddns_server_domain`: Domain name of the DynDNS server
- `ddns_passphrase`: Passphrase for updating dynDNS entries
- `ddns_domain`: Domain where the host's entries are created as `$hostname.$ddns_domain`
### Telegraf ### Telegraf
Mandatory variables:
- `telegraf_server_url`: URL of the influxDB server, e.g. `https://example.com:8086`
- `telegraf_server_user`: Username of the influxDB user
- `telegraf_server_passwd`: Password of the influxDB user
Telegraf is configured with basic host telemetry by default. You can add more features, if you like: Telegraf is configured with basic host telemetry by default. You can add more features, if you like:
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected - `telegraf_docker`: Set to `true`, if docker telemetry should be collected (uses file from `telegraf_docker_file`)
- `telegraf_snmp_fra80`: Set to `true`, if SNMP telemetry of the fra80 network should be collected - `telegraf_snmp`: Set to `true`, if SNMP telemetry should be collected (uses file from `telegraf_snmp_file`)
- `telegraf_docker_file`: filename of the docker telegraf config part in `{{role_path}}/templates` (default `telegraf-docker.conf`).
- `telegraf_snmp_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-SNMP.conf`).
Optional settings:
- `telegraf_interval`: Data sampling interval (default `300s`)
Dependencies Dependencies

View file

@ -1,7 +1,10 @@
--- ---
# defaults file for server # defaults file for server
borgbackup_ssh_id: "/home/{{ ansible_user_id }}/.ssh/id_ed25519"
telegraf_interval: "300s"
telegraf_docker_file: "telegraf-docker.conf" telegraf_docker_file: "telegraf-docker.conf"
telegraf_snmp_fra80_file: "telegraf-SNMP_fra80.conf" telegraf_snmp_file: "telegraf-SNMP.conf"
dockercompose_use_pip: false dockercompose_use_pip: false

View file

@ -1,6 +0,0 @@
#!/bin/bash
passwd='dyndnshosts'
hostname=$(hostname | tr '[:upper:]' '[:lower:]')
domain=jtbx.space
/usr/bin/curl -4 -s "http://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$passwd" > /dev/null

View file

@ -1,8 +1,9 @@
--- ---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version # Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version
# Variables (must be set!): # Variables (must be set!):
# - borgbackup_host # - borgbackup_passphrase
# - borgbackup_sub # - borgbackup_repo
# - borgbackup_hostname
# For Debian Stretch, use a newer package version from backports # For Debian Stretch, use a newer package version from backports
@ -30,6 +31,7 @@
update_cache: yes update_cache: yes
cache_valid_time: 3600 cache_valid_time: 3600
when: when:
- borgbackup_host is defined - borgbackup_passphrase is defined
- borgbackup_sub is defined - borgbackup_repo is defined
- borgbackup_hostname is defined
- ansible_distribution_release == 'stretch' - ansible_distribution_release == 'stretch'

View file

@ -1,8 +1,9 @@
--- ---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version # Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version
# Variables (must be set!): # Variables (must be set!):
# - borgbackup_host # - borgbackup_passhrase
# - borgbackup_sub # - borgbackup_repo
# - borgbackup_hostname
# For all other Debian versions, simply install borgbackup # For all other Debian versions, simply install borgbackup
@ -12,6 +13,7 @@
name: borgbackup name: borgbackup
state: present state: present
when: when:
- borgbackup_host is defined - borgbackup_passphrase is defined
- borgbackup_sub is defined - borgbackup_repo is defined
- borgbackup_hostname is defined
- ansible_distribution_release != 'stretch' - ansible_distribution_release != 'stretch'

View file

@ -1,8 +1,9 @@
--- ---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob # Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob
# Variables (must be set!): # Variables (must be set!):
# - borgbackup_host # - borgbackup_passphrase
# - borgbackup_sub # - borgbackup_repo
# - borgbackup_hostname
- name: borgbackup - Install - name: borgbackup - Install
include_tasks: "{{ item }}" include_tasks: "{{ item }}"
@ -22,8 +23,9 @@
group: "{{ ansible_user_id }}" group: "{{ ansible_user_id }}"
mode: 0775 mode: 0775
when: when:
- borgbackup_host is defined - borgbackup_passphrase is defined
- borgbackup_sub is defined - borgbackup_repo is defined
- borgbackup_hostname is defined
- name: borgbackup - Run Borgbackup script at 1:00 daily - name: borgbackup - Run Borgbackup script at 1:00 daily
become: yes become: yes
cron: cron:
@ -32,19 +34,19 @@
hour: "1" hour: "1"
job: "/usr/local/bin/borgbackup.sh" job: "/usr/local/bin/borgbackup.sh"
when: when:
- borgbackup_host is defined - borgbackup_passphrase is defined
- borgbackup_sub is defined - borgbackup_repo is defined
- borgbackup_hostname is defined
# safeguard, if the host variables were removed # safeguard, if the host variables were removed
- name: borgbackup - Remove Borgbackup script if no borgbackup config - name: borgbackup - Uninstall
block:
- name: borgbackup - Remove Borgbackup script if no borgbackup config
become: yes become: yes
file: file:
path: /usr/local/bin/borgbackup.sh path: /usr/local/bin/borgbackup.sh
state: absent state: absent
when: - name: borgbackup - Remove Cronjob if no borgbackup config
- borgbackup_host is not defined
- borgbackup_sub is not defined
- name: borgbackup - Remove Cronjob if no borgbackup config
become: yes become: yes
cron: cron:
name: "Create Backup" name: "Create Backup"
@ -52,6 +54,4 @@
hour: "1" hour: "1"
job: "/usr/local/bin/borgbackup.sh" job: "/usr/local/bin/borgbackup.sh"
state: absent state: absent
when: when: (borgbackup_passphrase is not defined) or (borgbackup_repo is not defined) or (borgbackup_hostname is not defined)
- borgbackup_host is not defined
- borgbackup_sub is not defined

View file

@ -30,8 +30,8 @@
mode: 0555 mode: 0555
- name: caddyserver - Copy Caddy systemd service file - name: caddyserver - Copy Caddy systemd service file
become: yes become: yes
copy: template:
src: "{{ role_path }}/files/caddy.service" src: "{{ role_path }}/templates/caddy.service"
dest: /etc/systemd/system/caddy.service dest: /etc/systemd/system/caddy.service
owner: root owner: root
group: root group: root

View file

@ -7,3 +7,4 @@
- name: caddyserver - Setup caddy server - name: caddyserver - Setup caddy server
include_tasks: "caddy-setup.yml" include_tasks: "caddy-setup.yml"
when: caddy_email is defined

View file

@ -46,4 +46,4 @@
cron: cron:
name: MAILTO name: MAILTO
env: yes env: yes
value: "device-{{ ansible_hostname }}@jtbx.de" value: "{{ cron_email }}"

View file

@ -7,18 +7,18 @@
name: curl name: curl
state: present state: present
- name: dyndns - Copy hosts.jtbx.de dynDNS script - name: dyndns - Copy dynDNS script
become: yes become: yes
copy: template:
src: "{{ role_path }}/files/ddns-hosts.sh" src: "{{ role_path }}/templates/ddns-hosts.sh"
dest: /usr/local/bin/ddns-hosts.sh dest: /usr/local/bin/ddns-hosts.sh
owner: "{{ ansible_user_id }}" owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}" group: "{{ ansible_user_id }}"
mode: 0775 mode: 0775
- name: dyndns - Create cronjob for hosts.jtbx.de dynDNS script - name: "dyndns - Create cronjob for {{ ddns_domain }} dynDNS script"
become: yes become: yes
cron: cron:
name: "hosts.jtbx.de dynDNS" name: "{{ ddns_domain }} dynDNS"
minute: "*/5" minute: "*/5"
hour: "*" hour: "*"
job: "/usr/local/bin/ddns-hosts.sh > /dev/null" job: "/usr/local/bin/ddns-hosts.sh > /dev/null"

View file

@ -1,7 +1,7 @@
--- ---
# Server/Telegraf: Install and Setup Telegraf Monitoring # Server/Telegraf: Install and Setup Telegraf Monitoring
# Variables: # Variables:
# - telegraf_snmp_fra80: boolean, enable SNMP monitoring for the fra80 network # - telegraf_snmp: boolean, enable SNMP monitoring for the fra80 network
# - telegraf_docker: boolean, enable docker monitoring # - telegraf_docker: boolean, enable docker monitoring
- name: telegraf - Install apt-transport-https - name: telegraf - Install apt-transport-https

View file

@ -4,10 +4,9 @@
# pass -v --stats to show more information # pass -v --stats to show more information
# pass --list --filter AME to show all fiels Added Modified or with Error # pass --list --filter AME to show all fiels Added Modified or with Error
#export BORG_RSH='ssh -i /home/jannik/.ssh/id_rsa' export BORG_RSH='ssh -i {{ borgbackup_ssh_id }}'
export BORG_RSH='ssh -i /home/jannik/.ssh/id_ed25519' export BORG_PASSPHRASE='{{ borgbackup_passphrase }}'
export BORG_PASSPHRASE='borgbackup.{{ borgbackup_host }}@hetznerbx' export BORG_REPO='{{ borgbackup_repo }}'
export BORG_REPO='ssh://u182062-sub{{ borgbackup_sub }}@u182062.your-storagebox.de:23/./borg'
# some helpers and error handling: # some helpers and error handling:
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; } info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
@ -33,7 +32,7 @@ borg create \
--exclude '/var/lib/lxcfs' \ --exclude '/var/lib/lxcfs' \
--exclude '/var/log/*' \ --exclude '/var/log/*' \
\ \
$BORG_REPO::'{{ borgbackup_host }}-{now:%Y%m%d_%H%M}' \ $BORG_REPO::'{{ borgbackup_hostname }}-{now:%Y%m%d_%H%M}' \
/etc \ /etc \
/var \ /var \
/root \ /root \
@ -44,7 +43,7 @@ backup_exit=$?
# Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total) # Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total)
borg prune \ borg prune \
--prefix '{{ borgbackup_host }}-' \ --prefix '{{ borgbackup_hostname }}-' \
--keep-daily 7 \ --keep-daily 7 \
--keep-weekly 3 \ --keep-weekly 3 \
--keep-monthly 2 --keep-monthly 2

View file

@ -12,7 +12,7 @@ Group=www-data
Environment=CADDYPATH=/etc/ssl/caddy Environment=CADDYPATH=/etc/ssl/caddy
PIDFile=/run/caddy.pid PIDFile=/run/caddy.pid
ExecStart=/usr/local/bin/caddy -log stdout -agree -email=code@jannikbeyerstedt.de -conf=/etc/caddy/Caddyfile -root=/var/tmp ExecStart=/usr/local/bin/caddy -log stdout -agree -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
KillMode=mixed KillMode=mixed

View file

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
passwd='dyndnshosts' passwd='{{ ddns_passphrase }}'
hostname=$(hostname | tr '[:upper:]' '[:lower:]') hostname=$(hostname | tr '[:upper:]' '[:lower:]')
platform='unknown' platform='unknown'
@ -31,7 +31,7 @@ else
fi fi
# API always returns 200, so check for response payload to begin with {"Success":true, # API always returns 200, so check for response payload to begin with {"Success":true,
url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip4addr" url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
statuscode=$(curl -s $url) statuscode=$(curl -s $url)
case "$statuscode" in case "$statuscode" in
{\"Success\":true*) echo "IPv4 Success" ;; {\"Success\":true*) echo "IPv4 Success" ;;
@ -43,7 +43,7 @@ if [ $ip6addr ]; then
echo "Updating IPv6 DNS entry..." echo "Updating IPv6 DNS entry..."
# API always returns 200, so check for response payload to begin with {"Success":true, # API always returns 200, so check for response payload to begin with {"Success":true,
url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip6addr" url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
statuscode=$(curl -s $url) statuscode=$(curl -s $url)
case "$statuscode" in case "$statuscode" in
{\"Success\":true*) echo "IPv6 Success" ;; {\"Success\":true*) echo "IPv6 Success" ;;

View file

@ -1,9 +1,9 @@
[agent] [agent]
interval = "300s" interval = "{{ telegraf_interval }}"
hostname = "" hostname = ""
[[outputs.influxdb]] [[outputs.influxdb]]
urls = ["https://influx.jtbx.de:65086"] urls = ["{{ telegraf_server_url }}"]
database = "servers" database = "servers"
skip_database_creation = true skip_database_creation = true
@ -12,8 +12,8 @@
## Write timeout (for the InfluxDB client), formatted as a string. ## Write timeout (for the InfluxDB client), formatted as a string.
timeout = "5s" timeout = "5s"
username = "servers" username = "{{ telegraf_server_user }}"
password = "Servers-w.influx@home" password = "{{ telegraf_server_passwd }}"
# Read metrics about cpu usage # Read metrics about cpu usage
@ -65,8 +65,8 @@
{% endif %} {% endif %}
{% if telegraf_snmp_fra80|default(false)|bool %} {% if telegraf_snmp|default(false)|bool %}
{% include telegraf_snmp_fra80_file %} {% include telegraf_snmp_file %}
{% endif %} {% endif %}