Compare commits

..

No commits in common. "2d8903efebc9094e70684f3b6e1a5be86895e733" and "d48064a7e31658e2d41b3ba0717c0cc1927cd386" have entirely different histories.

21 changed files with 91 additions and 119 deletions

View file

@ -20,49 +20,15 @@ Therefore you can use the same playbook for multiple servers and activate the ne
### Borgbakup ### Borgbakup
If you want to configure borgbackup backups, these variables need to be set: If you want to configure borgbackup backups, these variables need to be set:
- `borgbackup_passphrase`: Passphrase of the borgbackup repo - `borgbackup_host`: Hostname used by the borgbackup script
- `borgbackup_repo`: Repository path (e.g. `ssh://$user@$hostname/$path`) - `borgbackup_sub`: Sub-Account ID used by the borgbackup script
- `borgbackup_hostname`: Hostname to prefix the snapshots
Optional configuration:
- `borgbackup_ssh_id`: Path to the used ssh id (default: `/home/{{ ansible_user_id }}/.ssh/id_ed25519`)
Attention: You still need to setup the borgbackup repository manually. Attention: You still need to setup the borgbackup repository manually.
### Caddy
Mandatory variable:
- `caddy_email`: Email address to use for getting let's encrypt certificates
### Cronmails
Mandatory variable:
- `cron_email`: Sender email address used by cron
### Docker
Optional variable:
- `dockercompose_use_pip`: boolean to use pip instead of manual download (default: false)
### DynDNS
This task and it's configuration files might be quite specific for the [davd/docker-ddns](https://github.com/dprandzioch/docker-ddns) docker container.
Mandatory variables:
- `ddns_server_domain`: Domain name of the DynDNS server
- `ddns_passphrase`: Passphrase for updating dynDNS entries
- `ddns_domain`: Domain where the host's entries are created as `$hostname.$ddns_domain`
### Telegraf ### Telegraf
Mandatory variables:
- `telegraf_server_url`: URL of the influxDB server, e.g. `https://example.com:8086`
- `telegraf_server_user`: Username of the influxDB user
- `telegraf_server_passwd`: Password of the influxDB user
Telegraf is configured with basic host telemetry by default. You can add more features, if you like: Telegraf is configured with basic host telemetry by default. You can add more features, if you like:
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected (uses file from `telegraf_docker_file`) - `telegraf_docker`: Set to `true`, if docker telemetry should be collected
- `telegraf_snmp`: Set to `true`, if SNMP telemetry should be collected (uses file from `telegraf_snmp_file`) - `telegraf_snmp_fra80`: Set to `true`, if SNMP telemetry of the fra80 network should be collected
- `telegraf_docker_file`: filename of the docker telegraf config part in `{{role_path}}/templates` (default `telegraf-docker.conf`).
- `telegraf_snmp_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-SNMP.conf`).
Optional settings:
- `telegraf_interval`: Data sampling interval (default `300s`)
Dependencies Dependencies

View file

@ -1,10 +1,7 @@
--- ---
# defaults file for server # defaults file for server
borgbackup_ssh_id: "/home/{{ ansible_user_id }}/.ssh/id_ed25519"
telegraf_interval: "300s"
telegraf_docker_file: "telegraf-docker.conf" telegraf_docker_file: "telegraf-docker.conf"
telegraf_snmp_file: "telegraf-SNMP.conf" telegraf_snmp_fra80_file: "telegraf-SNMP_fra80.conf"
dockercompose_use_pip: false dockercompose_use_pip: false

View file

@ -12,7 +12,7 @@ Group=www-data
Environment=CADDYPATH=/etc/ssl/caddy Environment=CADDYPATH=/etc/ssl/caddy
PIDFile=/run/caddy.pid PIDFile=/run/caddy.pid
ExecStart=/usr/local/bin/caddy -log stdout -agree -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -root=/var/tmp ExecStart=/usr/local/bin/caddy -log stdout -agree -email=code@jannikbeyerstedt.de -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID ExecReload=/bin/kill -USR1 $MAINPID
KillMode=mixed KillMode=mixed

View file

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
passwd='{{ ddns_passphrase }}' passwd='dyndnshosts'
hostname=$(hostname | tr '[:upper:]' '[:lower:]') hostname=$(hostname | tr '[:upper:]' '[:lower:]')
platform='unknown' platform='unknown'
@ -31,7 +31,7 @@ else
fi fi
# API always returns 200, so check for response payload to begin with {"Success":true, # API always returns 200, so check for response payload to begin with {"Success":true,
url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip4addr" url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
statuscode=$(curl -s $url) statuscode=$(curl -s $url)
case "$statuscode" in case "$statuscode" in
{\"Success\":true*) echo "IPv4 Success" ;; {\"Success\":true*) echo "IPv4 Success" ;;
@ -43,7 +43,7 @@ if [ $ip6addr ]; then
echo "Updating IPv6 DNS entry..." echo "Updating IPv6 DNS entry..."
# API always returns 200, so check for response payload to begin with {"Success":true, # API always returns 200, so check for response payload to begin with {"Success":true,
url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip6addr" url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
statuscode=$(curl -s $url) statuscode=$(curl -s $url)
case "$statuscode" in case "$statuscode" in
{\"Success\":true*) echo "IPv6 Success" ;; {\"Success\":true*) echo "IPv6 Success" ;;

6
files/ddns-namecheap.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/bash
passwd='dyndnshosts'
hostname=$(hostname | tr '[:upper:]' '[:lower:]')
domain=jtbx.space
/usr/bin/curl -4 -s "http://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$passwd" > /dev/null

View file

@ -6,6 +6,7 @@
name: ssh name: ssh
state: restarted state: restarted
- name: Enable telegraf - name: Enable telegraf
service: service:
name: telegraf name: telegraf
@ -22,6 +23,7 @@
state: restarted state: restarted
enabled: yes enabled: yes
- name: Enable caddy - name: Enable caddy
service: service:
name: caddy name: caddy

View file

@ -11,12 +11,10 @@ galaxy_info:
versions: versions:
- all - all
galaxy_tags: galaxy_tags: []
[]
# List tags for your role here, one per line. # List tags for your role here, one per line.
# Be sure to remove the '[]' above, if you add tags to this list. # Be sure to remove the '[]' above, if you add tags to this list.
dependencies: dependencies: []
[]
# List your role dependencies here, one per line. # List your role dependencies here, one per line.
# Be sure to remove the '[]' above, if you add tags to this list. # Be sure to remove the '[]' above, if you add tags to this list.

View file

@ -1,9 +1,8 @@
--- ---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version # Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version
# Variables (must be set!): # Variables (must be set!):
# - borgbackup_passphrase # - borgbackup_host
# - borgbackup_repo # - borgbackup_sub
# - borgbackup_hostname
# For Debian Stretch, use a newer package version from backports # For Debian Stretch, use a newer package version from backports
@ -31,7 +30,6 @@
update_cache: yes update_cache: yes
cache_valid_time: 3600 cache_valid_time: 3600
when: when:
- borgbackup_passphrase is defined - borgbackup_host is defined
- borgbackup_repo is defined - borgbackup_sub is defined
- borgbackup_hostname is defined
- ansible_distribution_release == 'stretch' - ansible_distribution_release == 'stretch'

View file

@ -1,9 +1,8 @@
--- ---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version # Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version
# Variables (must be set!): # Variables (must be set!):
# - borgbackup_passhrase # - borgbackup_host
# - borgbackup_repo # - borgbackup_sub
# - borgbackup_hostname
# For all other Debian versions, simply install borgbackup # For all other Debian versions, simply install borgbackup
@ -13,7 +12,6 @@
name: borgbackup name: borgbackup
state: present state: present
when: when:
- borgbackup_passphrase is defined - borgbackup_host is defined
- borgbackup_repo is defined - borgbackup_sub is defined
- borgbackup_hostname is defined
- ansible_distribution_release != 'stretch' - ansible_distribution_release != 'stretch'

View file

@ -1,9 +1,8 @@
--- ---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob # Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob
# Variables (must be set!): # Variables (must be set!):
# - borgbackup_passphrase # - borgbackup_host
# - borgbackup_repo # - borgbackup_sub
# - borgbackup_hostname
- name: borgbackup - Install - name: borgbackup - Install
include_tasks: "{{ item }}" include_tasks: "{{ item }}"
@ -12,6 +11,7 @@
- "borgbackup-{{ ansible_distribution }}.yml" - "borgbackup-{{ ansible_distribution }}.yml"
- "borgbackup-{{ ansible_os_family }}.yml" - "borgbackup-{{ ansible_os_family }}.yml"
# copy backup script and enable cronjob # copy backup script and enable cronjob
- name: borgbackup - Copy Borgbackup script - name: borgbackup - Copy Borgbackup script
become: yes become: yes
@ -22,9 +22,8 @@
group: "{{ ansible_user_id }}" group: "{{ ansible_user_id }}"
mode: 0775 mode: 0775
when: when:
- borgbackup_passphrase is defined - borgbackup_host is defined
- borgbackup_repo is defined - borgbackup_sub is defined
- borgbackup_hostname is defined
- name: borgbackup - Run Borgbackup script at 1:00 daily - name: borgbackup - Run Borgbackup script at 1:00 daily
become: yes become: yes
cron: cron:
@ -33,18 +32,18 @@
hour: "1" hour: "1"
job: "/usr/local/bin/borgbackup.sh" job: "/usr/local/bin/borgbackup.sh"
when: when:
- borgbackup_passphrase is defined - borgbackup_host is defined
- borgbackup_repo is defined - borgbackup_sub is defined
- borgbackup_hostname is defined
# safeguard, if the host variables were removed # safeguard, if the host variables were removed
- name: borgbackup - Uninstall
block:
- name: borgbackup - Remove Borgbackup script if no borgbackup config - name: borgbackup - Remove Borgbackup script if no borgbackup config
become: yes become: yes
file: file:
path: /usr/local/bin/borgbackup.sh path: /usr/local/bin/borgbackup.sh
state: absent state: absent
when:
- borgbackup_host is not defined
- borgbackup_sub is not defined
- name: borgbackup - Remove Cronjob if no borgbackup config - name: borgbackup - Remove Cronjob if no borgbackup config
become: yes become: yes
cron: cron:
@ -53,4 +52,6 @@
hour: "1" hour: "1"
job: "/usr/local/bin/borgbackup.sh" job: "/usr/local/bin/borgbackup.sh"
state: absent state: absent
when: (borgbackup_passphrase is not defined) or (borgbackup_repo is not defined) or (borgbackup_hostname is not defined) when:
- borgbackup_host is not defined
- borgbackup_sub is not defined

View file

@ -6,6 +6,7 @@
shell: lsb_release -is shell: lsb_release -is
register: lsb_id register: lsb_id
- name: caddyserver - Stop caddy - name: caddyserver - Stop caddy
become: yes become: yes
service: service:

View file

@ -30,13 +30,14 @@
mode: 0555 mode: 0555
- name: caddyserver - Copy Caddy systemd service file - name: caddyserver - Copy Caddy systemd service file
become: yes become: yes
template: copy:
src: "{{ role_path }}/templates/caddy.service" src: "{{ role_path }}/files/caddy.service"
dest: /etc/systemd/system/caddy.service dest: /etc/systemd/system/caddy.service
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
- name: caddyserver - Add standard user to www-data group - name: caddyserver - Add standard user to www-data group
become: yes become: yes
user: user:

View file

@ -7,4 +7,3 @@
- name: caddyserver - Setup caddy server - name: caddyserver - Setup caddy server
include_tasks: "caddy-setup.yml" include_tasks: "caddy-setup.yml"
when: caddy_email is defined

View file

@ -13,9 +13,7 @@
- mailutils - mailutils
- name: cronmails - Create exim4 config folder - name: cronmails - Create exim4 config folder
become: yes become: yes
file: file: path=/etc/exim4 state=directory
path: /etc/exim4
state: directory
- name: cronmails - Copy exim4 config template - name: cronmails - Copy exim4 config template
become: yes become: yes
copy: copy:
@ -48,4 +46,4 @@
cron: cron:
name: MAILTO name: MAILTO
env: yes env: yes
value: "{{ cron_email }}" value: "device-{{ ansible_hostname }}@jtbx.de"

View file

@ -10,6 +10,7 @@
- "docker-{{ ansible_distribution }}.yml" - "docker-{{ ansible_distribution }}.yml"
- "docker-{{ ansible_os_family }}.yml" - "docker-{{ ansible_os_family }}.yml"
# Other setup tasks # Other setup tasks
- name: docker - Add standard user to docker group - name: docker - Add standard user to docker group
become: yes become: yes

View file

@ -7,18 +7,18 @@
name: curl name: curl
state: present state: present
- name: dyndns - Copy dynDNS script - name: dyndns - Copy hosts.jtbx.de dynDNS script
become: yes become: yes
template: copy:
src: "{{ role_path }}/templates/ddns-hosts.sh" src: "{{ role_path }}/files/ddns-hosts.sh"
dest: /usr/local/bin/ddns-hosts.sh dest: /usr/local/bin/ddns-hosts.sh
owner: "{{ ansible_user_id }}" owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}" group: "{{ ansible_user_id }}"
mode: 0775 mode: 0775
- name: "dyndns - Create cronjob for {{ ddns_domain }} dynDNS script" - name: dyndns - Create cronjob for hosts.jtbx.de dynDNS script
become: yes become: yes
cron: cron:
name: "{{ ddns_domain }} dynDNS" name: "hosts.jtbx.de dynDNS"
minute: "*/5" minute: "*/5"
hour: "*" hour: "*"
job: "/usr/local/bin/ddns-hosts.sh > /dev/null" job: "/usr/local/bin/ddns-hosts.sh > /dev/null"

View file

@ -1,5 +1,8 @@
--- ---
# Server/Telegraf: Install and Setup Telegraf Monitoring # Server/Telegraf: Install and Setup Telegraf Monitoring
# Variables:
# - telegraf_snmp_fra80: boolean, enable SNMP monitoring for the fra80 network
# - telegraf_docker: boolean, enable docker monitoring
- name: telegraf - Install apt-transport-https - name: telegraf - Install apt-transport-https
become: yes become: yes
@ -14,7 +17,7 @@
- name: telegraf - Add Telegraf repo - name: telegraf - Add Telegraf repo
become: yes become: yes
apt_repository: apt_repository:
repo: "deb https://repos.influxdata.com/debian {{ ansible_distribution_release }} stable" repo: deb https://repos.influxdata.com/debian stretch stable
state: present state: present
- name: telegraf - Install telegraf - name: telegraf - Install telegraf
become: yes become: yes

View file

@ -4,9 +4,10 @@
# pass -v --stats to show more information # pass -v --stats to show more information
# pass --list --filter AME to show all fiels Added Modified or with Error # pass --list --filter AME to show all fiels Added Modified or with Error
export BORG_RSH='ssh -i {{ borgbackup_ssh_id }}' #export BORG_RSH='ssh -i /home/jannik/.ssh/id_rsa'
export BORG_PASSPHRASE='{{ borgbackup_passphrase }}' export BORG_RSH='ssh -i /home/jannik/.ssh/id_ed25519'
export BORG_REPO='{{ borgbackup_repo }}' export BORG_PASSPHRASE='borgbackup.{{ borgbackup_host }}@hetznerbx'
export BORG_REPO='ssh://u182062-sub{{ borgbackup_sub }}@u182062.your-storagebox.de:23/./borg'
# some helpers and error handling: # some helpers and error handling:
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; } info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
@ -32,7 +33,7 @@ borg create \
--exclude '/var/lib/lxcfs' \ --exclude '/var/lib/lxcfs' \
--exclude '/var/log/*' \ --exclude '/var/log/*' \
\ \
$BORG_REPO::'{{ borgbackup_hostname }}-{now:%Y%m%d_%H%M}' \ $BORG_REPO::'{{ borgbackup_host }}-{now:%Y%m%d_%H%M}' \
/etc \ /etc \
/var \ /var \
/root \ /root \
@ -43,7 +44,7 @@ backup_exit=$?
# Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total) # Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total)
borg prune \ borg prune \
--prefix '{{ borgbackup_hostname }}-' \ --prefix '{{ borgbackup_host }}-' \
--keep-daily 7 \ --keep-daily 7 \
--keep-weekly 3 \ --keep-weekly 3 \
--keep-monthly 2 --keep-monthly 2

View file

@ -1,9 +1,9 @@
[agent] [agent]
interval = "{{ telegraf_interval }}" interval = "300s"
hostname = "" hostname = ""
[[outputs.influxdb]] [[outputs.influxdb]]
urls = ["{{ telegraf_server_url }}"] urls = ["https://influx.jtbx.de:65086"]
database = "servers" database = "servers"
skip_database_creation = true skip_database_creation = true
@ -12,8 +12,8 @@
## Write timeout (for the InfluxDB client), formatted as a string. ## Write timeout (for the InfluxDB client), formatted as a string.
timeout = "5s" timeout = "5s"
username = "{{ telegraf_server_user }}" username = "servers"
password = "{{ telegraf_server_passwd }}" password = "Servers-w.influx@home"
# Read metrics about cpu usage # Read metrics about cpu usage
@ -65,8 +65,8 @@
{% endif %} {% endif %}
{% if telegraf_snmp|default(false)|bool %} {% if telegraf_snmp_fra80|default(false)|bool %}
{% include telegraf_snmp_file %} {% include telegraf_snmp_fra80_file %}
{% endif %} {% endif %}

2
vars/main.yml Normal file
View file

@ -0,0 +1,2 @@
---
# vars file for server