Compare commits

...

3 commits

21 changed files with 119 additions and 91 deletions

View file

@ -20,15 +20,49 @@ Therefore you can use the same playbook for multiple servers and activate the ne
### Borgbakup
If you want to configure borgbackup backups, these variables need to be set:
- `borgbackup_host`: Hostname used by the borgbackup script
- `borgbackup_sub`: Sub-Account ID used by the borgbackup script
- `borgbackup_passphrase`: Passphrase of the borgbackup repo
- `borgbackup_repo`: Repository path (e.g. `ssh://$user@$hostname/$path`)
- `borgbackup_hostname`: Hostname to prefix the snapshots
Optional configuration:
- `borgbackup_ssh_id`: Path to the used ssh id (default: `/home/{{ ansible_user_id }}/.ssh/id_ed25519`)
Attention: You still need to setup the borgbackup repository manually.
### Caddy
Mandatory variable:
- `caddy_email`: Email address to use for getting let's encrypt certificates
### Cronmails
Mandatory variable:
- `cron_email`: Sender email address used by cron
### Docker
Optional variable:
- `dockercompose_use_pip`: boolean to use pip instead of manual download (default: false)
### DynDNS
This task and it's configuration files might be quite specific for the [davd/docker-ddns](https://github.com/dprandzioch/docker-ddns) docker container.
Mandatory variables:
- `ddns_server_domain`: Domain name of the DynDNS server
- `ddns_passphrase`: Passphrase for updating dynDNS entries
- `ddns_domain`: Domain where the host's entries are created as `$hostname.$ddns_domain`
### Telegraf
Mandatory variables:
- `telegraf_server_url`: URL of the influxDB server, e.g. `https://example.com:8086`
- `telegraf_server_user`: Username of the influxDB user
- `telegraf_server_passwd`: Password of the influxDB user
Telegraf is configured with basic host telemetry by default. You can add more features, if you like:
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected
- `telegraf_snmp_fra80`: Set to `true`, if SNMP telemetry of the fra80 network should be collected
- `telegraf_docker`: Set to `true`, if docker telemetry should be collected (uses file from `telegraf_docker_file`)
- `telegraf_snmp`: Set to `true`, if SNMP telemetry should be collected (uses file from `telegraf_snmp_file`)
- `telegraf_docker_file`: filename of the docker telegraf config part in `{{role_path}}/templates` (default `telegraf-docker.conf`).
- `telegraf_snmp_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-SNMP.conf`).
Optional settings:
- `telegraf_interval`: Data sampling interval (default `300s`)
Dependencies

View file

@ -1,7 +1,10 @@
---
# defaults file for server
borgbackup_ssh_id: "/home/{{ ansible_user_id }}/.ssh/id_ed25519"
telegraf_interval: "300s"
telegraf_docker_file: "telegraf-docker.conf"
telegraf_snmp_fra80_file: "telegraf-SNMP_fra80.conf"
telegraf_snmp_file: "telegraf-SNMP.conf"
dockercompose_use_pip: false

View file

@ -1,6 +0,0 @@
#!/bin/bash
passwd='dyndnshosts'
hostname=$(hostname | tr '[:upper:]' '[:lower:]')
domain=jtbx.space
/usr/bin/curl -4 -s "http://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$passwd" > /dev/null

View file

@ -6,7 +6,6 @@
name: ssh
state: restarted
- name: Enable telegraf
service:
name: telegraf
@ -23,7 +22,6 @@
state: restarted
enabled: yes
- name: Enable caddy
service:
name: caddy

View file

@ -7,14 +7,16 @@ galaxy_info:
min_ansible_version: 2.4
platforms:
- name: Debian
versions:
- all
- name: Debian
versions:
- all
galaxy_tags: []
galaxy_tags:
[]
# List tags for your role here, one per line.
# Be sure to remove the '[]' above, if you add tags to this list.
dependencies: []
dependencies:
[]
# List your role dependencies here, one per line.
# Be sure to remove the '[]' above, if you add tags to this list.

View file

@ -1,8 +1,9 @@
---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version
# Variables (must be set!):
# - borgbackup_host
# - borgbackup_sub
# - borgbackup_passphrase
# - borgbackup_repo
# - borgbackup_hostname
# For Debian Stretch, use a newer package version from backports
@ -30,6 +31,7 @@
update_cache: yes
cache_valid_time: 3600
when:
- borgbackup_host is defined
- borgbackup_sub is defined
- borgbackup_passphrase is defined
- borgbackup_repo is defined
- borgbackup_hostname is defined
- ansible_distribution_release == 'stretch'

View file

@ -1,8 +1,9 @@
---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version
# Variables (must be set!):
# - borgbackup_host
# - borgbackup_sub
# - borgbackup_passhrase
# - borgbackup_repo
# - borgbackup_hostname
# For all other Debian versions, simply install borgbackup
@ -12,6 +13,7 @@
name: borgbackup
state: present
when:
- borgbackup_host is defined
- borgbackup_sub is defined
- borgbackup_passphrase is defined
- borgbackup_repo is defined
- borgbackup_hostname is defined
- ansible_distribution_release != 'stretch'

View file

@ -1,8 +1,9 @@
---
# Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob
# Variables (must be set!):
# - borgbackup_host
# - borgbackup_sub
# - borgbackup_passphrase
# - borgbackup_repo
# - borgbackup_hostname
- name: borgbackup - Install
include_tasks: "{{ item }}"
@ -11,7 +12,6 @@
- "borgbackup-{{ ansible_distribution }}.yml"
- "borgbackup-{{ ansible_os_family }}.yml"
# copy backup script and enable cronjob
- name: borgbackup - Copy Borgbackup script
become: yes
@ -22,8 +22,9 @@
group: "{{ ansible_user_id }}"
mode: 0775
when:
- borgbackup_host is defined
- borgbackup_sub is defined
- borgbackup_passphrase is defined
- borgbackup_repo is defined
- borgbackup_hostname is defined
- name: borgbackup - Run Borgbackup script at 1:00 daily
become: yes
cron:
@ -32,26 +33,24 @@
hour: "1"
job: "/usr/local/bin/borgbackup.sh"
when:
- borgbackup_host is defined
- borgbackup_sub is defined
- borgbackup_passphrase is defined
- borgbackup_repo is defined
- borgbackup_hostname is defined
# safeguard, if the host variables were removed
- name: borgbackup - Remove Borgbackup script if no borgbackup config
become: yes
file:
path: /usr/local/bin/borgbackup.sh
state: absent
when:
- borgbackup_host is not defined
- borgbackup_sub is not defined
- name: borgbackup - Remove Cronjob if no borgbackup config
become: yes
cron:
name: "Create Backup"
minute: "0"
hour: "1"
job: "/usr/local/bin/borgbackup.sh"
state: absent
when:
- borgbackup_host is not defined
- borgbackup_sub is not defined
- name: borgbackup - Uninstall
block:
- name: borgbackup - Remove Borgbackup script if no borgbackup config
become: yes
file:
path: /usr/local/bin/borgbackup.sh
state: absent
- name: borgbackup - Remove Cronjob if no borgbackup config
become: yes
cron:
name: "Create Backup"
minute: "0"
hour: "1"
job: "/usr/local/bin/borgbackup.sh"
state: absent
when: (borgbackup_passphrase is not defined) or (borgbackup_repo is not defined) or (borgbackup_hostname is not defined)

View file

@ -6,7 +6,6 @@
shell: lsb_release -is
register: lsb_id
- name: caddyserver - Stop caddy
become: yes
service:

View file

@ -30,14 +30,13 @@
mode: 0555
- name: caddyserver - Copy Caddy systemd service file
become: yes
copy:
src: "{{ role_path }}/files/caddy.service"
template:
src: "{{ role_path }}/templates/caddy.service"
dest: /etc/systemd/system/caddy.service
owner: root
group: root
mode: 0644
- name: caddyserver - Add standard user to www-data group
become: yes
user:

View file

@ -7,3 +7,4 @@
- name: caddyserver - Setup caddy server
include_tasks: "caddy-setup.yml"
when: caddy_email is defined

View file

@ -9,11 +9,13 @@
state: present
vars:
packages:
- exim4
- mailutils
- exim4
- mailutils
- name: cronmails - Create exim4 config folder
become: yes
file: path=/etc/exim4 state=directory
file:
path: /etc/exim4
state: directory
- name: cronmails - Copy exim4 config template
become: yes
copy:
@ -46,4 +48,4 @@
cron:
name: MAILTO
env: yes
value: "device-{{ ansible_hostname }}@jtbx.de"
value: "{{ cron_email }}"

View file

@ -10,7 +10,6 @@
- "docker-{{ ansible_distribution }}.yml"
- "docker-{{ ansible_os_family }}.yml"
# Other setup tasks
- name: docker - Add standard user to docker group
become: yes

View file

@ -7,18 +7,18 @@
name: curl
state: present
- name: dyndns - Copy hosts.jtbx.de dynDNS script
- name: dyndns - Copy dynDNS script
become: yes
copy:
src: "{{ role_path }}/files/ddns-hosts.sh"
template:
src: "{{ role_path }}/templates/ddns-hosts.sh"
dest: /usr/local/bin/ddns-hosts.sh
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}"
mode: 0775
- name: dyndns - Create cronjob for hosts.jtbx.de dynDNS script
- name: "dyndns - Create cronjob for {{ ddns_domain }} dynDNS script"
become: yes
cron:
name: "hosts.jtbx.de dynDNS"
name: "{{ ddns_domain }} dynDNS"
minute: "*/5"
hour: "*"
job: "/usr/local/bin/ddns-hosts.sh > /dev/null"

View file

@ -9,4 +9,4 @@
dest: "/etc/ssh/sshd_config"
backup: yes
notify:
- Restart sshd
- Restart sshd

View file

@ -1,8 +1,5 @@
---
# Server/Telegraf: Install and Setup Telegraf Monitoring
# Variables:
# - telegraf_snmp_fra80: boolean, enable SNMP monitoring for the fra80 network
# - telegraf_docker: boolean, enable docker monitoring
- name: telegraf - Install apt-transport-https
become: yes
@ -17,7 +14,7 @@
- name: telegraf - Add Telegraf repo
become: yes
apt_repository:
repo: deb https://repos.influxdata.com/debian stretch stable
repo: "deb https://repos.influxdata.com/debian {{ ansible_distribution_release }} stable"
state: present
- name: telegraf - Install telegraf
become: yes
@ -33,4 +30,4 @@
src: "{{ role_path }}/templates/telegraf.conf"
dest: /etc/telegraf/telegraf.conf
notify:
- Enable and restart telegraf
- Enable and restart telegraf

View file

@ -4,10 +4,9 @@
# pass -v --stats to show more information
# pass --list --filter AME to show all fiels Added Modified or with Error
#export BORG_RSH='ssh -i /home/jannik/.ssh/id_rsa'
export BORG_RSH='ssh -i /home/jannik/.ssh/id_ed25519'
export BORG_PASSPHRASE='borgbackup.{{ borgbackup_host }}@hetznerbx'
export BORG_REPO='ssh://u182062-sub{{ borgbackup_sub }}@u182062.your-storagebox.de:23/./borg'
export BORG_RSH='ssh -i {{ borgbackup_ssh_id }}'
export BORG_PASSPHRASE='{{ borgbackup_passphrase }}'
export BORG_REPO='{{ borgbackup_repo }}'
# some helpers and error handling:
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
@ -33,7 +32,7 @@ borg create \
--exclude '/var/lib/lxcfs' \
--exclude '/var/log/*' \
\
$BORG_REPO::'{{ borgbackup_host }}-{now:%Y%m%d_%H%M}' \
$BORG_REPO::'{{ borgbackup_hostname }}-{now:%Y%m%d_%H%M}' \
/etc \
/var \
/root \
@ -44,7 +43,7 @@ backup_exit=$?
# Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total)
borg prune \
--prefix '{{ borgbackup_host }}-' \
--prefix '{{ borgbackup_hostname }}-' \
--keep-daily 7 \
--keep-weekly 3 \
--keep-monthly 2

View file

@ -12,7 +12,7 @@ Group=www-data
Environment=CADDYPATH=/etc/ssl/caddy
PIDFile=/run/caddy.pid
ExecStart=/usr/local/bin/caddy -log stdout -agree -email=code@jannikbeyerstedt.de -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecStart=/usr/local/bin/caddy -log stdout -agree -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
KillMode=mixed

View file

@ -1,5 +1,5 @@
#!/bin/sh
passwd='dyndnshosts'
passwd='{{ ddns_passphrase }}'
hostname=$(hostname | tr '[:upper:]' '[:lower:]')
platform='unknown'
@ -31,7 +31,7 @@ else
fi
# API always returns 200, so check for response payload to begin with {"Success":true,
url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
statuscode=$(curl -s $url)
case "$statuscode" in
{\"Success\":true*) echo "IPv4 Success" ;;
@ -43,7 +43,7 @@ if [ $ip6addr ]; then
echo "Updating IPv6 DNS entry..."
# API always returns 200, so check for response payload to begin with {"Success":true,
url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
statuscode=$(curl -s $url)
case "$statuscode" in
{\"Success\":true*) echo "IPv6 Success" ;;

View file

@ -1,9 +1,9 @@
[agent]
interval = "300s"
interval = "{{ telegraf_interval }}"
hostname = ""
[[outputs.influxdb]]
urls = ["https://influx.jtbx.de:65086"]
urls = ["{{ telegraf_server_url }}"]
database = "servers"
skip_database_creation = true
@ -12,8 +12,8 @@
## Write timeout (for the InfluxDB client), formatted as a string.
timeout = "5s"
username = "servers"
password = "Servers-w.influx@home"
username = "{{ telegraf_server_user }}"
password = "{{ telegraf_server_passwd }}"
# Read metrics about cpu usage
@ -65,8 +65,8 @@
{% endif %}
{% if telegraf_snmp_fra80|default(false)|bool %}
{% include telegraf_snmp_fra80_file %}
{% if telegraf_snmp|default(false)|bool %}
{% include telegraf_snmp_file %}
{% endif %}

View file

@ -1,2 +0,0 @@
---
# vars file for server