Compare commits
No commits in common. "2d8903efebc9094e70684f3b6e1a5be86895e733" and "d48064a7e31658e2d41b3ba0717c0cc1927cd386" have entirely different histories.
2d8903efeb
...
d48064a7e3
44
README.md
44
README.md
|
@ -20,49 +20,15 @@ Therefore you can use the same playbook for multiple servers and activate the ne
|
|||
|
||||
### Borgbakup
|
||||
If you want to configure borgbackup backups, these variables need to be set:
|
||||
- `borgbackup_passphrase`: Passphrase of the borgbackup repo
|
||||
- `borgbackup_repo`: Repository path (e.g. `ssh://$user@$hostname/$path`)
|
||||
- `borgbackup_hostname`: Hostname to prefix the snapshots
|
||||
- `borgbackup_host`: Hostname used by the borgbackup script
|
||||
- `borgbackup_sub`: Sub-Account ID used by the borgbackup script
|
||||
|
||||
Optional configuration:
|
||||
- `borgbackup_ssh_id`: Path to the used ssh id (default: `/home/{{ ansible_user_id }}/.ssh/id_ed25519`)
|
||||
|
||||
Attention: You still need to setup the borgbackup repository manually.
|
||||
|
||||
### Caddy
|
||||
Mandatory variable:
|
||||
- `caddy_email`: Email address to use for getting let's encrypt certificates
|
||||
|
||||
### Cronmails
|
||||
Mandatory variable:
|
||||
- `cron_email`: Sender email address used by cron
|
||||
|
||||
### Docker
|
||||
Optional variable:
|
||||
- `dockercompose_use_pip`: boolean to use pip instead of manual download (default: false)
|
||||
|
||||
### DynDNS
|
||||
This task and it's configuration files might be quite specific for the [davd/docker-ddns](https://github.com/dprandzioch/docker-ddns) docker container.
|
||||
|
||||
Mandatory variables:
|
||||
- `ddns_server_domain`: Domain name of the DynDNS server
|
||||
- `ddns_passphrase`: Passphrase for updating dynDNS entries
|
||||
- `ddns_domain`: Domain where the host's entries are created as `$hostname.$ddns_domain`
|
||||
Attention: You still need to setup the borgbackup repository manually.
|
||||
|
||||
### Telegraf
|
||||
Mandatory variables:
|
||||
- `telegraf_server_url`: URL of the influxDB server, e.g. `https://example.com:8086`
|
||||
- `telegraf_server_user`: Username of the influxDB user
|
||||
- `telegraf_server_passwd`: Password of the influxDB user
|
||||
|
||||
Telegraf is configured with basic host telemetry by default. You can add more features, if you like:
|
||||
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected (uses file from `telegraf_docker_file`)
|
||||
- `telegraf_snmp`: Set to `true`, if SNMP telemetry should be collected (uses file from `telegraf_snmp_file`)
|
||||
- `telegraf_docker_file`: filename of the docker telegraf config part in `{{role_path}}/templates` (default `telegraf-docker.conf`).
|
||||
- `telegraf_snmp_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-SNMP.conf`).
|
||||
|
||||
Optional settings:
|
||||
- `telegraf_interval`: Data sampling interval (default `300s`)
|
||||
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected
|
||||
- `telegraf_snmp_fra80`: Set to `true`, if SNMP telemetry of the fra80 network should be collected
|
||||
|
||||
|
||||
Dependencies
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
---
|
||||
# defaults file for server
|
||||
|
||||
borgbackup_ssh_id: "/home/{{ ansible_user_id }}/.ssh/id_ed25519"
|
||||
|
||||
telegraf_interval: "300s"
|
||||
telegraf_docker_file: "telegraf-docker.conf"
|
||||
telegraf_snmp_file: "telegraf-SNMP.conf"
|
||||
telegraf_snmp_fra80_file: "telegraf-SNMP_fra80.conf"
|
||||
|
||||
dockercompose_use_pip: false
|
||||
|
|
|
@ -12,7 +12,7 @@ Group=www-data
|
|||
Environment=CADDYPATH=/etc/ssl/caddy
|
||||
|
||||
PIDFile=/run/caddy.pid
|
||||
ExecStart=/usr/local/bin/caddy -log stdout -agree -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -root=/var/tmp
|
||||
ExecStart=/usr/local/bin/caddy -log stdout -agree -email=code@jannikbeyerstedt.de -conf=/etc/caddy/Caddyfile -root=/var/tmp
|
||||
ExecReload=/bin/kill -USR1 $MAINPID
|
||||
|
||||
KillMode=mixed
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/sh
|
||||
passwd='{{ ddns_passphrase }}'
|
||||
passwd='dyndnshosts'
|
||||
hostname=$(hostname | tr '[:upper:]' '[:lower:]')
|
||||
|
||||
platform='unknown'
|
||||
|
@ -31,7 +31,7 @@ else
|
|||
fi
|
||||
|
||||
# API always returns 200, so check for response payload to begin with {"Success":true,
|
||||
url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
|
||||
url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
|
||||
statuscode=$(curl -s $url)
|
||||
case "$statuscode" in
|
||||
{\"Success\":true*) echo "IPv4 Success" ;;
|
||||
|
@ -43,7 +43,7 @@ if [ $ip6addr ]; then
|
|||
echo "Updating IPv6 DNS entry..."
|
||||
|
||||
# API always returns 200, so check for response payload to begin with {"Success":true,
|
||||
url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
|
||||
url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
|
||||
statuscode=$(curl -s $url)
|
||||
case "$statuscode" in
|
||||
{\"Success\":true*) echo "IPv6 Success" ;;
|
6
files/ddns-namecheap.sh
Normal file
6
files/ddns-namecheap.sh
Normal file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
passwd='dyndnshosts'
|
||||
hostname=$(hostname | tr '[:upper:]' '[:lower:]')
|
||||
domain=jtbx.space
|
||||
|
||||
/usr/bin/curl -4 -s "http://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$passwd" > /dev/null
|
|
@ -6,6 +6,7 @@
|
|||
name: ssh
|
||||
state: restarted
|
||||
|
||||
|
||||
- name: Enable telegraf
|
||||
service:
|
||||
name: telegraf
|
||||
|
@ -22,6 +23,7 @@
|
|||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
|
||||
- name: Enable caddy
|
||||
service:
|
||||
name: caddy
|
||||
|
|
|
@ -7,16 +7,14 @@ galaxy_info:
|
|||
min_ansible_version: 2.4
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
|
||||
galaxy_tags:
|
||||
[]
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line.
|
||||
# Be sure to remove the '[]' above, if you add tags to this list.
|
||||
|
||||
dependencies:
|
||||
[]
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
# Be sure to remove the '[]' above, if you add tags to this list.
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version
|
||||
# Variables (must be set!):
|
||||
# - borgbackup_passphrase
|
||||
# - borgbackup_repo
|
||||
# - borgbackup_hostname
|
||||
# - borgbackup_host
|
||||
# - borgbackup_sub
|
||||
|
||||
# For Debian Stretch, use a newer package version from backports
|
||||
|
||||
|
@ -31,7 +30,6 @@
|
|||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
when:
|
||||
- borgbackup_passphrase is defined
|
||||
- borgbackup_repo is defined
|
||||
- borgbackup_hostname is defined
|
||||
- borgbackup_host is defined
|
||||
- borgbackup_sub is defined
|
||||
- ansible_distribution_release == 'stretch'
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version
|
||||
# Variables (must be set!):
|
||||
# - borgbackup_passhrase
|
||||
# - borgbackup_repo
|
||||
# - borgbackup_hostname
|
||||
# - borgbackup_host
|
||||
# - borgbackup_sub
|
||||
|
||||
# For all other Debian versions, simply install borgbackup
|
||||
|
||||
|
@ -13,7 +12,6 @@
|
|||
name: borgbackup
|
||||
state: present
|
||||
when:
|
||||
- borgbackup_passphrase is defined
|
||||
- borgbackup_repo is defined
|
||||
- borgbackup_hostname is defined
|
||||
- borgbackup_host is defined
|
||||
- borgbackup_sub is defined
|
||||
- ansible_distribution_release != 'stretch'
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
---
|
||||
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob
|
||||
# Variables (must be set!):
|
||||
# - borgbackup_passphrase
|
||||
# - borgbackup_repo
|
||||
# - borgbackup_hostname
|
||||
# - borgbackup_host
|
||||
# - borgbackup_sub
|
||||
|
||||
- name: borgbackup - Install
|
||||
include_tasks: "{{ item }}"
|
||||
|
@ -12,6 +11,7 @@
|
|||
- "borgbackup-{{ ansible_distribution }}.yml"
|
||||
- "borgbackup-{{ ansible_os_family }}.yml"
|
||||
|
||||
|
||||
# copy backup script and enable cronjob
|
||||
- name: borgbackup - Copy Borgbackup script
|
||||
become: yes
|
||||
|
@ -22,9 +22,8 @@
|
|||
group: "{{ ansible_user_id }}"
|
||||
mode: 0775
|
||||
when:
|
||||
- borgbackup_passphrase is defined
|
||||
- borgbackup_repo is defined
|
||||
- borgbackup_hostname is defined
|
||||
- borgbackup_host is defined
|
||||
- borgbackup_sub is defined
|
||||
- name: borgbackup - Run Borgbackup script at 1:00 daily
|
||||
become: yes
|
||||
cron:
|
||||
|
@ -33,24 +32,26 @@
|
|||
hour: "1"
|
||||
job: "/usr/local/bin/borgbackup.sh"
|
||||
when:
|
||||
- borgbackup_passphrase is defined
|
||||
- borgbackup_repo is defined
|
||||
- borgbackup_hostname is defined
|
||||
- borgbackup_host is defined
|
||||
- borgbackup_sub is defined
|
||||
|
||||
# safeguard, if the host variables were removed
|
||||
- name: borgbackup - Uninstall
|
||||
block:
|
||||
- name: borgbackup - Remove Borgbackup script if no borgbackup config
|
||||
become: yes
|
||||
file:
|
||||
path: /usr/local/bin/borgbackup.sh
|
||||
state: absent
|
||||
- name: borgbackup - Remove Cronjob if no borgbackup config
|
||||
become: yes
|
||||
cron:
|
||||
name: "Create Backup"
|
||||
minute: "0"
|
||||
hour: "1"
|
||||
job: "/usr/local/bin/borgbackup.sh"
|
||||
state: absent
|
||||
when: (borgbackup_passphrase is not defined) or (borgbackup_repo is not defined) or (borgbackup_hostname is not defined)
|
||||
- name: borgbackup - Remove Borgbackup script if no borgbackup config
|
||||
become: yes
|
||||
file:
|
||||
path: /usr/local/bin/borgbackup.sh
|
||||
state: absent
|
||||
when:
|
||||
- borgbackup_host is not defined
|
||||
- borgbackup_sub is not defined
|
||||
- name: borgbackup - Remove Cronjob if no borgbackup config
|
||||
become: yes
|
||||
cron:
|
||||
name: "Create Backup"
|
||||
minute: "0"
|
||||
hour: "1"
|
||||
job: "/usr/local/bin/borgbackup.sh"
|
||||
state: absent
|
||||
when:
|
||||
- borgbackup_host is not defined
|
||||
- borgbackup_sub is not defined
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
shell: lsb_release -is
|
||||
register: lsb_id
|
||||
|
||||
|
||||
- name: caddyserver - Stop caddy
|
||||
become: yes
|
||||
service:
|
||||
|
|
|
@ -30,13 +30,14 @@
|
|||
mode: 0555
|
||||
- name: caddyserver - Copy Caddy systemd service file
|
||||
become: yes
|
||||
template:
|
||||
src: "{{ role_path }}/templates/caddy.service"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/caddy.service"
|
||||
dest: /etc/systemd/system/caddy.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
|
||||
- name: caddyserver - Add standard user to www-data group
|
||||
become: yes
|
||||
user:
|
||||
|
|
|
@ -7,4 +7,3 @@
|
|||
|
||||
- name: caddyserver - Setup caddy server
|
||||
include_tasks: "caddy-setup.yml"
|
||||
when: caddy_email is defined
|
||||
|
|
|
@ -9,13 +9,11 @@
|
|||
state: present
|
||||
vars:
|
||||
packages:
|
||||
- exim4
|
||||
- mailutils
|
||||
- exim4
|
||||
- mailutils
|
||||
- name: cronmails - Create exim4 config folder
|
||||
become: yes
|
||||
file:
|
||||
path: /etc/exim4
|
||||
state: directory
|
||||
file: path=/etc/exim4 state=directory
|
||||
- name: cronmails - Copy exim4 config template
|
||||
become: yes
|
||||
copy:
|
||||
|
@ -48,4 +46,4 @@
|
|||
cron:
|
||||
name: MAILTO
|
||||
env: yes
|
||||
value: "{{ cron_email }}"
|
||||
value: "device-{{ ansible_hostname }}@jtbx.de"
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
- "docker-{{ ansible_distribution }}.yml"
|
||||
- "docker-{{ ansible_os_family }}.yml"
|
||||
|
||||
|
||||
# Other setup tasks
|
||||
- name: docker - Add standard user to docker group
|
||||
become: yes
|
||||
|
|
|
@ -7,18 +7,18 @@
|
|||
name: curl
|
||||
state: present
|
||||
|
||||
- name: dyndns - Copy dynDNS script
|
||||
- name: dyndns - Copy hosts.jtbx.de dynDNS script
|
||||
become: yes
|
||||
template:
|
||||
src: "{{ role_path }}/templates/ddns-hosts.sh"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/ddns-hosts.sh"
|
||||
dest: /usr/local/bin/ddns-hosts.sh
|
||||
owner: "{{ ansible_user_id }}"
|
||||
group: "{{ ansible_user_id }}"
|
||||
mode: 0775
|
||||
- name: "dyndns - Create cronjob for {{ ddns_domain }} dynDNS script"
|
||||
- name: dyndns - Create cronjob for hosts.jtbx.de dynDNS script
|
||||
become: yes
|
||||
cron:
|
||||
name: "{{ ddns_domain }} dynDNS"
|
||||
name: "hosts.jtbx.de dynDNS"
|
||||
minute: "*/5"
|
||||
hour: "*"
|
||||
job: "/usr/local/bin/ddns-hosts.sh > /dev/null"
|
||||
|
|
|
@ -9,4 +9,4 @@
|
|||
dest: "/etc/ssh/sshd_config"
|
||||
backup: yes
|
||||
notify:
|
||||
- Restart sshd
|
||||
- Restart sshd
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
---
|
||||
# Server/Telegraf: Install and Setup Telegraf Monitoring
|
||||
# Variables:
|
||||
# - telegraf_snmp_fra80: boolean, enable SNMP monitoring for the fra80 network
|
||||
# - telegraf_docker: boolean, enable docker monitoring
|
||||
|
||||
- name: telegraf - Install apt-transport-https
|
||||
become: yes
|
||||
|
@ -14,7 +17,7 @@
|
|||
- name: telegraf - Add Telegraf repo
|
||||
become: yes
|
||||
apt_repository:
|
||||
repo: "deb https://repos.influxdata.com/debian {{ ansible_distribution_release }} stable"
|
||||
repo: deb https://repos.influxdata.com/debian stretch stable
|
||||
state: present
|
||||
- name: telegraf - Install telegraf
|
||||
become: yes
|
||||
|
@ -30,4 +33,4 @@
|
|||
src: "{{ role_path }}/templates/telegraf.conf"
|
||||
dest: /etc/telegraf/telegraf.conf
|
||||
notify:
|
||||
- Enable and restart telegraf
|
||||
- Enable and restart telegraf
|
||||
|
|
|
@ -4,9 +4,10 @@
|
|||
# pass -v --stats to show more information
|
||||
# pass --list --filter AME to show all fiels Added Modified or with Error
|
||||
|
||||
export BORG_RSH='ssh -i {{ borgbackup_ssh_id }}'
|
||||
export BORG_PASSPHRASE='{{ borgbackup_passphrase }}'
|
||||
export BORG_REPO='{{ borgbackup_repo }}'
|
||||
#export BORG_RSH='ssh -i /home/jannik/.ssh/id_rsa'
|
||||
export BORG_RSH='ssh -i /home/jannik/.ssh/id_ed25519'
|
||||
export BORG_PASSPHRASE='borgbackup.{{ borgbackup_host }}@hetznerbx'
|
||||
export BORG_REPO='ssh://u182062-sub{{ borgbackup_sub }}@u182062.your-storagebox.de:23/./borg'
|
||||
|
||||
# some helpers and error handling:
|
||||
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
|
||||
|
@ -32,7 +33,7 @@ borg create \
|
|||
--exclude '/var/lib/lxcfs' \
|
||||
--exclude '/var/log/*' \
|
||||
\
|
||||
$BORG_REPO::'{{ borgbackup_hostname }}-{now:%Y%m%d_%H%M}' \
|
||||
$BORG_REPO::'{{ borgbackup_host }}-{now:%Y%m%d_%H%M}' \
|
||||
/etc \
|
||||
/var \
|
||||
/root \
|
||||
|
@ -43,7 +44,7 @@ backup_exit=$?
|
|||
|
||||
# Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total)
|
||||
borg prune \
|
||||
--prefix '{{ borgbackup_hostname }}-' \
|
||||
--prefix '{{ borgbackup_host }}-' \
|
||||
--keep-daily 7 \
|
||||
--keep-weekly 3 \
|
||||
--keep-monthly 2
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
[agent]
|
||||
interval = "{{ telegraf_interval }}"
|
||||
interval = "300s"
|
||||
hostname = ""
|
||||
|
||||
[[outputs.influxdb]]
|
||||
urls = ["{{ telegraf_server_url }}"]
|
||||
urls = ["https://influx.jtbx.de:65086"]
|
||||
database = "servers"
|
||||
skip_database_creation = true
|
||||
|
||||
|
@ -12,8 +12,8 @@
|
|||
|
||||
## Write timeout (for the InfluxDB client), formatted as a string.
|
||||
timeout = "5s"
|
||||
username = "{{ telegraf_server_user }}"
|
||||
password = "{{ telegraf_server_passwd }}"
|
||||
username = "servers"
|
||||
password = "Servers-w.influx@home"
|
||||
|
||||
|
||||
# Read metrics about cpu usage
|
||||
|
@ -65,8 +65,8 @@
|
|||
{% endif %}
|
||||
|
||||
|
||||
{% if telegraf_snmp|default(false)|bool %}
|
||||
{% include telegraf_snmp_file %}
|
||||
{% if telegraf_snmp_fra80|default(false)|bool %}
|
||||
{% include telegraf_snmp_fra80_file %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
|
|
2
vars/main.yml
Normal file
2
vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# vars file for server
|
Loading…
Reference in a new issue