commit 9f90c494ea4543d735e91cc70cacf8c23543a235 Author: suu Date: Wed Mar 12 13:55:27 2025 +0100 initial push diff --git a/README.MD b/README.MD new file mode 100644 index 0000000..c4b3f60 --- /dev/null +++ b/README.MD @@ -0,0 +1,152 @@ +# Belgium RP - Ansible Infrastructure + +## Overview +Ce projet Ansible est conçu pour déployer et gérer l'infrastructure du serveur Belgium RP. Le dépôt contient plusieurs rôles, tâches et playbooks Ansible pour automatiser le processus de déploiement. + +## Structure du Dépôt +- **inventories/**: Contient les fichiers d'inventaire Ansible. + - **host_vars/**: Variables spécifiques aux hôtes. + - `localhost.yml`: Variables spécifiques à localhost. + - `localhost/`: Répertoire contenant des variables supplémentaires spécifiques aux hôtes. +- **playbooks/**: Contient les playbooks Ansible pour déployer les applications. + - **docker/**: Playbooks pour déployer les conteneurs Docker. + - `deploy-docker-bitwarden.yml`: Playbook pour déployer [Bitwarden](https://github.com/bitwarden/server). + - **Bitwarden** : Gestionnaire de mots de passe open-source qui stocke et gère les informations de connexion de manière sécurisée. + - `deploy-docker-bookstack.yml`: Playbook pour déployer [Bookstack](https://github.com/BookStackApp/BookStack). + - **Bookstack** : Logiciel de gestion de documentation et de wiki pour créer et organiser des livres et des pages. + - `deploy-docker-cloudflare-ddns.yml`: Playbook pour déployer [Cloudflare DDNS](https://github.com/oznu/docker-cloudflare-ddns). + - **Cloudflare DDNS** : Service de DNS dynamique utilisant Cloudflare pour mettre à jour les enregistrements DNS automatiquement. + - `deploy-docker-duplicati.yml`: Playbook pour déployer [Duplicati](https://github.com/duplicati/duplicati). + - **Duplicati** : Solution de sauvegarde open-source pour stocker des sauvegardes chiffrées de manière sécurisée. + - `deploy-docker-easywall.yml`: Playbook pour déployer [Easywall](https://github.com/ThomasKaiser/EasyWall). + - **Easywall** : Pare-feu simplifié pour la gestion et la sécurisation du réseau. + - `deploy-docker-file_browser.yml`: Playbook pour déployer [File Browser](https://github.com/filebrowser/filebrowser). + - **File Browser** : Interface web pour gérer et partager des fichiers sur un serveur. + - `deploy-docker-firefly.yml`: Playbook pour déployer [Firefly III](https://github.com/firefly-iii/firefly-iii). + - **Firefly III** : Outil de gestion financière personnelle pour suivre les dépenses et gérer les budgets. + - `deploy-docker-fivem.yml`: Playbook pour déployer [FiveM](https://github.com/spritsail/fivem). + - **FiveM** : Plateforme de modification pour GTA V, permettant la création de serveurs multijoueurs personnalisés. Cette version Docker simplifie le déploiement et la gestion des serveurs FiveM. + - `deploy-docker-gitea.yml`: Playbook pour déployer [Gitea](https://github.com/go-gitea/gitea). + - **Gitea** : Service d'hébergement de dépôts Git léger et open-source. + - `deploy-docker-heimdall.yml`: Playbook pour déployer [Heimdall](https://github.com/linuxserver/Heimdall). + - **Heimdall** : Page d'accueil pour organiser et accéder facilement aux applications et services. + - `deploy-docker-homepage.yml`: Playbook pour déployer [Homepage](https://github.com/benphelps/homepage). + - **Homepage** : Interface web personnalisable pour accéder rapidement aux applications web et services. + - `deploy-docker-kanboard.yml`: Playbook pour déployer [Kanboard](https://github.com/kanboard/kanboard). + - **Kanboard** : Application de gestion de projets utilisant une approche Kanban pour organiser les tâches. + - `deploy-docker-nginx.yml`: Playbook pour déployer [Nginx Proxy Manager](https://github.com/NginxProxyManager/nginx-proxy-manager). + - **Nginx Proxy Manager** : Interface utilisateur pour gérer les proxys Nginx, avec une gestion simplifiée des certificats SSL. + - `deploy-docker-portainer.yml`: Playbook pour déployer [Portainer](https://github.com/portainer/portainer). + - **Portainer** : Interface de gestion pour déployer et superviser des environnements Docker. + - `deploy-docker-rainloop.yml`: Playbook pour déployer [Rainloop](https://github.com/RainLoop/rainloop-webmail). + - **Rainloop** : Client webmail rapide et moderne. + - `deploy-docker-uptimekuma.yml`: Playbook pour déployer [Uptime Kuma](https://github.com/louislam/uptime-kuma). + - **Uptime Kuma** : Outil de surveillance de sites web pour suivre le temps de disponibilité. + - `cloudflare.yml`: Playbook pour déployer [Cloudflare](https://github.com/cloudflare). + - **Cloudflare** : Réseau de diffusion de contenu et service de sécurité web. + - `codeserver.yml`: Playbook pour déployer [Code Server](https://github.com/coder/code-server). + - **Code Server** : Version de Visual Studio Code qui peut être exécutée dans un navigateur web. + - `deploy-homepage-config.yml`: Playbook pour déployer la configuration de la [Homepage](https://github.com/benphelps/homepage). + - **Homepage Configuration** : Configuration de l'interface web personnalisable pour accéder rapidement aux applications web et services. +- **roles/**: Contient les rôles Ansible pour le déploiement. + - **deploy-docker/**: Rôle pour déployer les conteneurs Docker. + - **tasks/**: Contient le fichier de tâches principal pour le déploiement. + - `main.yml`: Fichier de tâches principal pour exécuter les tâches de déploiement. + - **templates/**: Contient divers fichiers de configuration YAML pour différentes applications. + - `bitwarden.yml`: Configuration pour [Bitwarden](https://github.com/bitwarden/server). + - `bookstack.yml`: Configuration pour [Bookstack](https://github.com/BookStackApp/BookStack). + - `cloudflare-ddns.yml`: Configuration pour [Cloudflare DDNS](https://github.com/oznu/docker-cloudflare-ddns). + - `duplicati.yml`: Configuration pour [Duplicati](https://github.com/duplicati/duplicati). + - `easywall.yml`: Configuration pour [Easywall](https://github.com/ThomasKaiser/EasyWall). + - `filebrowser.yml`: Configuration pour [File Browser](https://github.com/filebrowser/filebrowser). + - `firefly.yml`: Configuration pour [Firefly III](https://github.com/firefly-iii/firefly-iii). + - `fivem.yml`: Configuration pour [FiveM](https://github.com/spritsail/fivem). + - `gitea.yml`: Configuration pour [Gitea](https://github.com/go-gitea/gitea). + - `heimdall.yml`: Configuration pour [Heimdall](https://github.com/linuxserver/Heimdall). + - `homepage.yml`: Configuration pour [Homepage](https://github.com/benphelps/homepage). + - `kanboard.yml`: Configuration pour [Kanboard](https://github.com/kanboard/kanboard). + - `nginx.yml`: Configuration pour [Nginx Proxy Manager](https://github.com/NginxProxyManager/nginx-proxy-manager). + - `portainer.yml`: Configuration pour [Portainer](https://github.com/portainer/portainer). + - `rainloop.yml`: Configuration pour [Rainloop](https://github.com/RainLoop/rainloop-webmail). + - `uptimekuma.yml`: Configuration pour [Uptime Kuma](https://github.com/louislam/uptime-kuma). + - **deploy-homepage-config/**: Rôle pour déployer la configuration de la [Homepage](https://github.com/benphelps/homepage). + - **pallxk.code_server/**: Rôle pour déployer l'environnement de [Code Server](https://github.com/coder/code-server). + - **defaults/**: Contient les variables par défaut pour le rôle. + - **handlers/**: Contient les handlers déclenchés par les tâches. + - **meta**: Contient les métadonnées sur le rôle. + - **tasks**: Contient les fichiers de tâches pour le rôle. + - **templates**: Contient les fichiers de template pour le rôle. + - **tests**: Contient les fichiers de test pour le rôle. + - **vars**: Contient les fichiers de variables pour le rôle. + +## Prérequis +- Docker +- Ansible + +## Installation +1. Clonez le dépôt : + ```bash + git clone https://gitlab.com/votre-utilisateur/votre-depot.git + cd votre-depot + ``` + +2. Exécutez le playbook Ansible : + ```bash + ansible-playbook -i inventories/localhost.yml playbooks/docker/deploy-docker-bitwarden.yml + ``` + +### Tutoriel de Déploiement de Playbook Ansible +1. **Configurer l'inventaire** : + - Assurez-vous que le fichier `inventories/localhost.yml` contient les informations nécessaires sur les hôtes. + - Exemple de contenu pour `localhost.yml` : + ```yaml + all: + hosts: + localhost: + ansible_connection: local + ``` + +2. **Configurer les variables d'hôte** : + - Modifiez le fichier `inventories/host_vars/localhost.yml` pour adapter les variables à votre environnement. + - Exemple de contenu pour `localhost.yml` : + ```yaml + some_variable: some_value + ``` + +3. **Lancer le Playbook** : + - Utilisez la commande suivante pour lancer le playbook souhaité : + ```bash + ansible-playbook -i inventories/localhost.yml playbooks/docker/deploy-docker-fivem.yml + ``` + - Remplacez `deploy-docker-fivem.yml` par le playbook correspondant à l'application que vous souhaitez déployer. + +### Détails du Répertoire +- **inventories/host_vars/localhost.yml**: Inventaire et variables spécifiques à localhost. +- **playbooks/docker/**: Contient les playbooks pour déployer divers conteneurs Docker. + - Chaque fichier YAML correspond à la configuration de déploiement pour une application spécifique. +- **roles/deploy-docker/tasks/main.yml**: Point d'entrée principal pour déployer les conteneurs Docker. +- **roles/deploy-docker/templates/**: Contient les configurations YAML pour chaque application. +- **roles/deploy-homepage-config/**: Gère le déploiement des configurations de la homepage. +- **roles/pallxk.code_server/**: Gère le déploiement de l'environnement du serveur de code. + +## Configuration +- Modifiez les fichiers YAML dans `roles/deploy-docker/templates/` pour configurer les applications selon vos besoins. +- Mettez à jour le fichier d'inventaire avec les détails corrects du serveur. + +## Contribuer +1. Forkez le dépôt. +2. Créez une nouvelle branche (`git checkout -b feature-branch`). +3. Apportez vos modifications. +4. Commitez vos modifications (`git commit -am 'Ajout d'une nouvelle fonctionnalité'`). +5. Poussez sur la branche (`git push origin feature-branch`). +6. Ouvrez une Merge Request. + +## Licence +Ce projet est sous licence MIT - voir le fichier [LICENSE](LICENSE) pour plus de détails. + +## Créateurs du Projet +- Big Geo: Ne supporte pas les humains donc Contact Via MichMich. +- MichMich (Discord: mitch_grey48) + +## Remerciements +- Big Geo diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..6805425 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,490 @@ +# config file for ansible -- https://ansible.com/ +# =============================================== + +# nearly all parameters can be overridden in ansible-playbook +# or with command line flags. ansible will read ANSIBLE_CONFIG, +# ansible.cfg in the current working directory, .ansible.cfg in +# the home directory or /etc/ansible/ansible.cfg, whichever it +# finds first + +[defaults] + +# some basic default values... +#hostfile = host_vars +inventory = /etc/ansible/inventories/ +#library = /usr/share/my_modules/ +#module_utils = /usr/share/my_module_utils/ +#remote_tmp = ~/.ansible/tmp +#local_tmp = ~/.ansible/tmp +#plugin_filters_cfg = /etc/ansible/plugin_filters.yml +#forks = 5 +#poll_interval = 15 +#sudo_user = root +#ask_sudo_pass = True +#ask_pass = True +#transport = smart +#remote_port = 22 +#module_lang = C +#module_set_locale = False + +# plays will gather facts by default, which contain information about +# the remote system. +# +# smart - gather by default, but don't regather if already gathered +# implicit - gather by default, turn off with gather_facts: False +# explicit - do not gather by default, must say gather_facts: True +#gathering = implicit + +# This only affects the gathering done by a play's gather_facts directive, +# by default gathering retrieves all facts subsets +# all - gather all subsets +# network - gather min and network facts +# hardware - gather hardware facts (longest facts to retrieve) +# virtual - gather min and virtual facts +# facter - import facts from facter +# ohai - import facts from ohai +# You can combine them using comma (ex: network,virtual) +# You can negate them using ! (ex: !hardware,!facter,!ohai) +# A minimal set of facts is always gathered. +#gather_subset = all + +# some hardware related facts are collected +# with a maximum timeout of 10 seconds. This +# option lets you increase or decrease that +# timeout to something more suitable for the +# environment. +# gather_timeout = 10 + +# Ansible facts are available inside the ansible_facts.* dictionary +# namespace. This setting maintains the behaviour which was the default prior +# to 2.5, duplicating these variables into the main namespace, each with a +# prefix of 'ansible_'. +# This variable is set to True by default for backwards compatibility. It +# will be changed to a default of 'False' in a future release. +# ansible_facts. +# inject_facts_as_vars = True + +# additional paths to search for roles in, colon separated +roles_path = /etc/ansible/roles + +# uncomment this to disable SSH key host checking +host_key_checking = False + +# change the default callback, you can only have one 'stdout' type enabled at a time. +#stdout_callback = skippy + + +## Ansible ships with some plugins that require whitelisting, +## this is done to avoid running all of a type by default. +## These setting lists those that you want enabled for your system. +## Custom plugins should not need this unless plugin author specifies it. + +# enable callback plugins, they can output to stdout but cannot be 'stdout' type. +#callback_whitelist = timer, mail + +# Determine whether includes in tasks and handlers are "static" by +# default. As of 2.0, includes are dynamic by default. Setting these +# values to True will make includes behave more like they did in the +# 1.x versions. +#task_includes_static = False +#handler_includes_static = False + +# Controls if a missing handler for a notification event is an error or a warning +#error_on_missing_handler = True + +# change this for alternative sudo implementations +#sudo_exe = sudo + +# What flags to pass to sudo +# WARNING: leaving out the defaults might create unexpected behaviours +#sudo_flags = -H -S -n + +# SSH timeout +#timeout = 10 + +# default user to use for playbooks if user is not specified +# (/usr/bin/ansible will use current user as default) +#remote_user = root + +# logging is off by default unless this path is defined +# if so defined, consider logrotate +#log_path = /var/log/ansible.log + +# default module name for /usr/bin/ansible +#module_name = command + +# use this shell for commands executed under sudo +# you may need to change this to bin/bash in rare instances +# if sudo is constrained +#executable = /bin/sh + +# if inventory variables overlap, does the higher precedence one win +# or are hash values merged together? The default is 'replace' but +# this can also be set to 'merge'. +#hash_behaviour = replace + +# by default, variables from roles will be visible in the global variable +# scope. To prevent this, the following option can be enabled, and only +# tasks and handlers within the role will see the variables there +#private_role_vars = yes + +# list any Jinja2 extensions to enable here: +#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n + +# if set, always use this private key file for authentication, same as +# if passing --private-key to ansible or ansible-playbook +private_key_file = ~/.ssh/kk.pub + +# If set, configures the path to the Vault password file as an alternative to +# specifying --vault-password-file on the command line. +#vault_password_file = /etc/ansible/vault + +# format of string {{ ansible_managed }} available within Jinja2 +# templates indicates to users editing templates files will be replaced. +# replacing {file}, {host} and {uid} and strftime codes with proper values. +#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} +# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence +# in some situations so the default is a static string: +#ansible_managed = Ansible managed + +# by default, ansible-playbook will display "Skipping [host]" if it determines a task +# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" +# messages. NOTE: the task header will still be shown regardless of whether or not the +# task is skipped. +#display_skipped_hosts = True + +# by default, if a task in a playbook does not include a name: field then +# ansible-playbook will construct a header that includes the task's action but +# not the task's args. This is a security feature because ansible cannot know +# if the *module* considers an argument to be no_log at the time that the +# header is printed. If your environment doesn't have a problem securing +# stdout from ansible-playbook (or you have manually specified no_log in your +# playbook on all of the tasks where you have secret information) then you can +# safely set this to True to get more informative messages. +#display_args_to_stdout = False + +# by default (as of 1.3), Ansible will raise errors when attempting to dereference +# Jinja2 variables that are not set in templates or action lines. Uncomment this line +# to revert the behavior to pre-1.3. +#error_on_undefined_vars = False + +# by default (as of 1.6), Ansible may display warnings based on the configuration of the +# system running ansible itself. This may include warnings about 3rd party packages or +# other conditions that should be resolved if possible. +# to disable these warnings, set the following value to False: +#system_warnings = True + +# by default (as of 1.4), Ansible may display deprecation warnings for language +# features that should no longer be used and will be removed in future versions. +# to disable these warnings, set the following value to False: +#deprecation_warnings = True + +# (as of 1.8), Ansible can optionally warn when usage of the shell and +# command module appear to be simplified by using a default Ansible module +# instead. These warnings can be silenced by adjusting the following +# setting or adding warn=yes or warn=no to the end of the command line +# parameter string. This will for example suggest using the git module +# instead of shelling out to the git command. +# command_warnings = False + + +# set plugin path directories here, separate with colons +#action_plugins = /usr/share/ansible/plugins/action +#become_plugins = /usr/share/ansible/plugins/become +#cache_plugins = /usr/share/ansible/plugins/cache +#callback_plugins = /usr/share/ansible/plugins/callback +#connection_plugins = /usr/share/ansible/plugins/connection +#lookup_plugins = /usr/share/ansible/plugins/lookup +#inventory_plugins = /usr/share/ansible/plugins/inventory +#vars_plugins = /usr/share/ansible/plugins/vars +#filter_plugins = /usr/share/ansible/plugins/filter +#test_plugins = /usr/share/ansible/plugins/test +#terminal_plugins = /usr/share/ansible/plugins/terminal +#strategy_plugins = /usr/share/ansible/plugins/strategy + + +# by default, ansible will use the 'linear' strategy but you may want to try +# another one +#strategy = free + +# by default callbacks are not loaded for /bin/ansible, enable this if you +# want, for example, a notification or logging callback to also apply to +# /bin/ansible runs +#bin_ansible_callbacks = False + + +# don't like cows? that's unfortunate. +# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 +#nocows = 1 + +# set which cowsay stencil you'd like to use by default. When set to 'random', +# a random stencil will be selected for each task. The selection will be filtered +# against the `cow_whitelist` option below. +#cow_selection = default +#cow_selection = random + +# when using the 'random' option for cowsay, stencils will be restricted to this list. +# it should be formatted as a comma-separated list with no spaces between names. +# NOTE: line continuations here are for formatting purposes only, as the INI parser +# in python does not support them. +#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ +# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ +# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www + +# don't like colors either? +# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 +#nocolor = 1 + +# if set to a persistent type (not 'memory', for example 'redis') fact values +# from previous runs in Ansible will be stored. This may be useful when +# wanting to use, for example, IP information from one group of servers +# without having to talk to them in the same playbook run to get their +# current IP information. +#fact_caching = memory + +#This option tells Ansible where to cache facts. The value is plugin dependent. +#For the jsonfile plugin, it should be a path to a local directory. +#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0 + +#fact_caching_connection=/tmp + + + +# retry files +# When a playbook fails a .retry file can be created that will be placed in ~/ +# You can enable this feature by setting retry_files_enabled to True +# and you can change the location of the files by setting retry_files_save_path + +#retry_files_enabled = False +#retry_files_save_path = ~/.ansible-retry + +# squash actions +# Ansible can optimise actions that call modules with list parameters +# when looping. Instead of calling the module once per with_ item, the +# module is called once with all items at once. Currently this only works +# under limited circumstances, and only with parameters named 'name'. +#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper + +# prevents logging of task data, off by default +#no_log = False + +# prevents logging of tasks, but only on the targets, data is still logged on the master/controller +#no_target_syslog = False + +# controls whether Ansible will raise an error or warning if a task has no +# choice but to create world readable temporary files to execute a module on +# the remote machine. This option is False by default for security. Users may +# turn this on to have behaviour more like Ansible prior to 2.1.x. See +# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user +# for more secure ways to fix this than enabling this option. +#allow_world_readable_tmpfiles = False + +# controls the compression level of variables sent to +# worker processes. At the default of 0, no compression +# is used. This value must be an integer from 0 to 9. +#var_compression_level = 9 + +# controls what compression method is used for new-style ansible modules when +# they are sent to the remote system. The compression types depend on having +# support compiled into both the controller's python and the client's python. +# The names should match with the python Zipfile compression types: +# * ZIP_STORED (no compression. available everywhere) +# * ZIP_DEFLATED (uses zlib, the default) +# These values may be set per host via the ansible_module_compression inventory +# variable +#module_compression = 'ZIP_DEFLATED' + +# This controls the cutoff point (in bytes) on --diff for files +# set to 0 for unlimited (RAM may suffer!). +#max_diff_size = 1048576 + +# This controls how ansible handles multiple --tags and --skip-tags arguments +# on the CLI. If this is True then multiple arguments are merged together. If +# it is False, then the last specified argument is used and the others are ignored. +# This option will be removed in 2.8. +#merge_multiple_cli_flags = True + +# Controls showing custom stats at the end, off by default +#show_custom_stats = True + +# Controls which files to ignore when using a directory as inventory with +# possibly multiple sources (both static and dynamic) +#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo + +# This family of modules use an alternative execution path optimized for network appliances +# only update this setting if you know how this works, otherwise it can break module execution +#network_group_modules=eos, nxos, ios, iosxr, junos, vyos + +# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as +# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain +# jinja2 templating language which will be run through the templating engine. +# ENABLING THIS COULD BE A SECURITY RISK +#allow_unsafe_lookups = False + +# set default errors for all plays +#any_errors_fatal = False + +[inventory] +# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml' +#enable_plugins = host_list, virtualbox, yaml, constructed + +# ignore these extensions when parsing a directory as inventory source +#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry + +# ignore files matching these patterns when parsing a directory as inventory source +#ignore_patterns= + +# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise. +#unparsed_is_failed=False + +[privilege_escalation] +#become=True +#become_method=sudo +#become_user=root +#become_ask_pass=False + +[paramiko_connection] + +# uncomment this line to cause the paramiko connection plugin to not record new host +# keys encountered. Increases performance on new host additions. Setting works independently of the +# host key checking setting above. +#record_host_keys=False + +# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this +# line to disable this behaviour. +#pty=False + +# paramiko will default to looking for SSH keys initially when trying to +# authenticate to remote devices. This is a problem for some network devices +# that close the connection after a key failure. Uncomment this line to +# disable the Paramiko look for keys function +#look_for_keys = False + +# When using persistent connections with Paramiko, the connection runs in a +# background process. If the host doesn't already have a valid SSH key, by +# default Ansible will prompt to add the host key. This will cause connections +# running in background processes to fail. Uncomment this line to have +# Paramiko automatically add host keys. +#host_key_auto_add = True + +[ssh_connection] + +# ssh arguments to use +# Leaving off ControlPersist will result in poor performance, so use +# paramiko on older platforms rather than removing it, -C controls compression use +#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s + +# The base directory for the ControlPath sockets. +# This is the "%(directory)s" in the control_path option +# +# Example: +# control_path_dir = /tmp/.ansible/cp +#control_path_dir = ~/.ansible/cp + +# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, +# port and username (empty string in the config). The hash mitigates a common problem users +# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. +# In those cases, a "too long for Unix domain socket" ssh error would occur. +# +# Example: +# control_path = %(directory)s/%%h-%%r +#control_path = + +# Enabling pipelining reduces the number of SSH operations required to +# execute a module on the remote server. This can result in a significant +# performance improvement when enabled, however when using "sudo:" you must +# first disable 'requiretty' in /etc/sudoers +# +# By default, this option is disabled to preserve compatibility with +# sudoers configurations that have requiretty (the default on many distros). +# +#pipelining = False + +# Control the mechanism for transferring files (old) +# * smart = try sftp and then try scp [default] +# * True = use scp only +# * False = use sftp only +#scp_if_ssh = smart + +# Control the mechanism for transferring files (new) +# If set, this will override the scp_if_ssh option +# * sftp = use sftp to transfer files +# * scp = use scp to transfer files +# * piped = use 'dd' over SSH to transfer files +# * smart = try sftp, scp, and piped, in that order [default] +#transfer_method = smart + +# if False, sftp will not use batch mode to transfer files. This may cause some +# types of file transfer failures impossible to catch however, and should +# only be disabled if your sftp version has problems with batch mode +#sftp_batch_mode = False + +# The -tt argument is passed to ssh when pipelining is not enabled because sudo +# requires a tty by default. +#usetty = True + +# Number of times to retry an SSH connection to a host, in case of UNREACHABLE. +# For each retry attempt, there is an exponential backoff, +# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max). +#retries = 3 + +[persistent_connection] + +# Configures the persistent connection timeout value in seconds. This value is +# how long the persistent connection will remain idle before it is destroyed. +# If the connection doesn't receive a request before the timeout value +# expires, the connection is shutdown. The default value is 30 seconds. +#connect_timeout = 30 + +# The command timeout value defines the amount of time to wait for a command +# or RPC call before timing out. The value for the command timeout must +# be less than the value of the persistent connection idle timeout (connect_timeout) +# The default value is 30 second. +#command_timeout = 30 + +[accelerate] +#accelerate_port = 5099 +#accelerate_timeout = 30 +#accelerate_connect_timeout = 5.0 + +# The daemon timeout is measured in minutes. This time is measured +# from the last activity to the accelerate daemon. +#accelerate_daemon_timeout = 30 + +# If set to yes, accelerate_multi_key will allow multiple +# private keys to be uploaded to it, though each user must +# have access to the system via SSH to add a new key. The default +# is "no". +#accelerate_multi_key = yes + +[selinux] +# file systems that require special treatment when dealing with security context +# the default behaviour that copies the existing context or uses the user default +# needs to be changed to use the file system dependent context. +#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p,vfat + +# Set this to yes to allow libvirt_lxc connections to work without SELinux. +#libvirt_lxc_noseclabel = yes + +[colors] +#highlight = white +#verbose = blue +#warn = bright purple +#error = red +#debug = dark gray +#deprecate = purple +#skip = cyan +#unreachable = red +#ok = green +#changed = yellow +#diff_add = green +#diff_remove = red +#diff_lines = cyan + + +[diff] +# Always print diff when running ( same as always running with -D/--diff ) +# always = no + +# Set how many context lines to show in diff +# context = 3 diff --git a/hosts b/hosts new file mode 100644 index 0000000..681bbb8 --- /dev/null +++ b/hosts @@ -0,0 +1,44 @@ +# This is the default ansible 'hosts' file. +# +# It should live in /etc/ansible/hosts +# +# - Comments begin with the '#' character +# - Blank lines are ignored +# - Groups of hosts are delimited by [header] elements +# - You can enter hostnames or ip addresses +# - A hostname/ip can be a member of multiple groups + +# Ex 1: Ungrouped hosts, specify before any group headers. + +#green.example.com +#blue.example.com +#192.168.100.1 +#192.168.100.10 + +# Ex 2: A collection of hosts belonging to the 'webservers' group + +#[webservers] +#alpha.example.org +#beta.example.org +#192.168.1.100 +#192.168.1.110 + +# If you have multiple hosts following a pattern you can specify +# them like this: + +#www[001:006].example.com + +# Ex 3: A collection of database servers in the 'dbservers' group + +#[dbservers] +# +#db01.intranet.mydomain.net +#db02.intranet.mydomain.net +#10.25.1.56 +#10.25.1.57 + +# Here's another example of host ranges, this time there are no +# leading 0s: + +#db-[99:101]-node.example.com + diff --git a/inventories/group_vars/all.yaml b/inventories/group_vars/all.yaml new file mode 100644 index 0000000..1311c33 --- /dev/null +++ b/inventories/group_vars/all.yaml @@ -0,0 +1,2 @@ +domaine_ext: bruxelleslife.com +s_tz: Europe/Paris \ No newline at end of file diff --git a/inventories/host_vars/localhost.yml b/inventories/host_vars/localhost.yml new file mode 100644 index 0000000..0346c02 --- /dev/null +++ b/inventories/host_vars/localhost.yml @@ -0,0 +1,29 @@ +m_user_name: root +m_cloudflare_add_cname: + - wiki + - password + - monitoring + - portainer + - backup + - dashboard + - fivem + - ansible + - file + - metrics + - database + - nginx + - boutique + - support + - reglement + - contact + - dossiers + - staff + - code + - tx + - panel + - budget + - mail + - planka + - git + +#test \ No newline at end of file diff --git a/inventories/localhost b/inventories/localhost new file mode 100644 index 0000000..d18580b --- /dev/null +++ b/inventories/localhost @@ -0,0 +1 @@ +localhost \ No newline at end of file diff --git a/playbooks/cloudflare.yml b/playbooks/cloudflare.yml new file mode 100644 index 0000000..e3a9bd5 --- /dev/null +++ b/playbooks/cloudflare.yml @@ -0,0 +1,42 @@ + - name: Create record to {{domaine_ext}} and proxy through Cloudflare's network + hosts: localhost + connection: local + tasks: + - name: CNAME add + community.general.cloudflare_dns: + record: "{{ item }}" + zone: "{{domaine_ext}}" + type: CNAME + value: server.{{domaine_ext}} + proxied: no + account_email: 'dvsthibaut@gmail.com' + account_api_key: '75d6440ffb38a5ce7a99bf0e10ec720d1737a' + state: present + when: m_cloudflare_add_cname is defined + with_items: + - "{{ m_cloudflare_add_cname }}" + + - name: Create TXT record with value to allow OVH + community.general.cloudflare_dns: + domain: "{{ domaine_ext }}" + record: "{{ domaine_ext }}" + type: TXT + value: v=spf1 +a +mx include:mx.ovh.com ~all + solo: true + account_email: 'dvsthibaut@gmail.com' + account_api_key: '75d6440ffb38a5ce7a99bf0e10ec720d1737a' + state: present + + - name: CNAME Clean + community.general.cloudflare_dns: + record: "{{ item }}" + zone: "{{domaine_ext}}" + type: CNAME + value: server.{{domaine_ext}} + proxied: no + account_email: 'dvsthibaut@gmail.com' + account_api_key: '75d6440ffb38a5ce7a99bf0e10ec720d1737a' + state: absent + when: m_cloudflare_add_cname_clean is defined + with_items: + - "{{ m_cloudflare_add_cname_clean }}" \ No newline at end of file diff --git a/playbooks/codeserver.yml b/playbooks/codeserver.yml new file mode 100644 index 0000000..6de9120 --- /dev/null +++ b/playbooks/codeserver.yml @@ -0,0 +1,11 @@ +--- +- hosts: localhost + connection: local + gather_facts: yes + roles: + - name: pallxk.code_server + code_server_password: "BQ$fk#5i5aEcB$" + code_server_user: root + code_server_host: 0.0.0.0 + code_server_port: 8443 + code_server_work_dir: /etc/ansible \ No newline at end of file diff --git a/playbooks/deploy-homepage-config.yml b/playbooks/deploy-homepage-config.yml new file mode 100644 index 0000000..099802a --- /dev/null +++ b/playbooks/deploy-homepage-config.yml @@ -0,0 +1,9 @@ + - name: Deploiement de la configuration de "Homepage" + vars: + name_docker: homepage + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-homepage-config \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-bacula.yml b/playbooks/docker/deploy-docker-bacula.yml new file mode 100644 index 0000000..79f4139 --- /dev/null +++ b/playbooks/docker/deploy-docker-bacula.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Bacula" + vars: + name_docker: bacula + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-bitwarden.yml b/playbooks/docker/deploy-docker-bitwarden.yml new file mode 100644 index 0000000..a6f4744 --- /dev/null +++ b/playbooks/docker/deploy-docker-bitwarden.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Bitwarden" + vars: + name_docker: bitwarden + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-bookstack.yml b/playbooks/docker/deploy-docker-bookstack.yml new file mode 100644 index 0000000..2584398 --- /dev/null +++ b/playbooks/docker/deploy-docker-bookstack.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Bookstack" + vars: + name_docker: bookstack + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-cloudflare-ddns.yml b/playbooks/docker/deploy-docker-cloudflare-ddns.yml new file mode 100644 index 0000000..aa0a997 --- /dev/null +++ b/playbooks/docker/deploy-docker-cloudflare-ddns.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Cloudflare DDNS" + vars: + name_docker: cloudflare-ddns + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-codeserver.yml b/playbooks/docker/deploy-docker-codeserver.yml new file mode 100644 index 0000000..a72b184 --- /dev/null +++ b/playbooks/docker/deploy-docker-codeserver.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Code Server" + vars: + name_docker: codeserver + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-discordbot.yml b/playbooks/docker/deploy-docker-discordbot.yml new file mode 100644 index 0000000..4e262fd --- /dev/null +++ b/playbooks/docker/deploy-docker-discordbot.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Discordbot" + vars: + name_docker: discordbot + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-dolibarr.yml b/playbooks/docker/deploy-docker-dolibarr.yml new file mode 100644 index 0000000..34bae1b --- /dev/null +++ b/playbooks/docker/deploy-docker-dolibarr.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Dolibarr + vars: + name_docker: dolibarr + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-duplicati.yml b/playbooks/docker/deploy-docker-duplicati.yml new file mode 100644 index 0000000..a59cbeb --- /dev/null +++ b/playbooks/docker/deploy-docker-duplicati.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Duplicati" + vars: + name_docker: duplicati + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-easywall.yml b/playbooks/docker/deploy-docker-easywall.yml new file mode 100644 index 0000000..1a6acdb --- /dev/null +++ b/playbooks/docker/deploy-docker-easywall.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Easywall" + vars: + name_docker: easywall + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-file_browser.yml b/playbooks/docker/deploy-docker-file_browser.yml new file mode 100644 index 0000000..b8d0512 --- /dev/null +++ b/playbooks/docker/deploy-docker-file_browser.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "File Browser" + vars: + name_docker: filebrowser + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-firefly.yml b/playbooks/docker/deploy-docker-firefly.yml new file mode 100644 index 0000000..8e81066 --- /dev/null +++ b/playbooks/docker/deploy-docker-firefly.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Firefly" + vars: + name_docker: firefly + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-fivem.yml b/playbooks/docker/deploy-docker-fivem.yml new file mode 100644 index 0000000..9e69382 --- /dev/null +++ b/playbooks/docker/deploy-docker-fivem.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "FiveM" + vars: + name_docker: fivem + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-gitea.yml b/playbooks/docker/deploy-docker-gitea.yml new file mode 100644 index 0000000..9b4329a --- /dev/null +++ b/playbooks/docker/deploy-docker-gitea.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Gitea" + vars: + name_docker: gitea + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-heimdall.yml b/playbooks/docker/deploy-docker-heimdall.yml new file mode 100644 index 0000000..c61cb4e --- /dev/null +++ b/playbooks/docker/deploy-docker-heimdall.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Heimdall" + vars: + name_docker: heimdall + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-homepage.yml b/playbooks/docker/deploy-docker-homepage.yml new file mode 100644 index 0000000..d6b0377 --- /dev/null +++ b/playbooks/docker/deploy-docker-homepage.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "homepage" + vars: + name_docker: homepage + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-kanboard.yml b/playbooks/docker/deploy-docker-kanboard.yml new file mode 100644 index 0000000..6962364 --- /dev/null +++ b/playbooks/docker/deploy-docker-kanboard.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Kanboard" + vars: + name_docker: kanboard + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-nginx.yml b/playbooks/docker/deploy-docker-nginx.yml new file mode 100644 index 0000000..b39f23b --- /dev/null +++ b/playbooks/docker/deploy-docker-nginx.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "NGINX" + vars: + name_docker: nginx + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-planka.yml b/playbooks/docker/deploy-docker-planka.yml new file mode 100644 index 0000000..25bb4d0 --- /dev/null +++ b/playbooks/docker/deploy-docker-planka.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Planka" + vars: + name_docker: planka + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-portainer.yml b/playbooks/docker/deploy-docker-portainer.yml new file mode 100644 index 0000000..343f059 --- /dev/null +++ b/playbooks/docker/deploy-docker-portainer.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Portainer" + vars: + name_docker: portainer + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-postgressemaphore.yml b/playbooks/docker/deploy-docker-postgressemaphore.yml new file mode 100644 index 0000000..072b005 --- /dev/null +++ b/playbooks/docker/deploy-docker-postgressemaphore.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "postgressemaphore" + vars: + name_docker: postgressemaphore + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-rainloop.yml b/playbooks/docker/deploy-docker-rainloop.yml new file mode 100644 index 0000000..a81c5ab --- /dev/null +++ b/playbooks/docker/deploy-docker-rainloop.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Rainloop" + vars: + name_docker: rainloop + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-redm-die.yml b/playbooks/docker/deploy-docker-redm-die.yml new file mode 100644 index 0000000..8cd35bb --- /dev/null +++ b/playbooks/docker/deploy-docker-redm-die.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "RedM2" + vars: + name_docker: redm-die + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-redm.yml b/playbooks/docker/deploy-docker-redm.yml new file mode 100644 index 0000000..f3a5deb --- /dev/null +++ b/playbooks/docker/deploy-docker-redm.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "RedM" + vars: + name_docker: redm + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/playbooks/docker/deploy-docker-uptimekuma.yml b/playbooks/docker/deploy-docker-uptimekuma.yml new file mode 100644 index 0000000..75ef3c9 --- /dev/null +++ b/playbooks/docker/deploy-docker-uptimekuma.yml @@ -0,0 +1,9 @@ + - name: Deploiement du container "Utpime Kuma" + vars: + name_docker: uptimekuma + hosts: localhost + connection: local + become: true + become_user: "{{ m_user_name }}" + roles: + - deploy-docker \ No newline at end of file diff --git a/roles/deploy-docker/tasks/main.yml b/roles/deploy-docker/tasks/main.yml new file mode 100644 index 0000000..1552233 --- /dev/null +++ b/roles/deploy-docker/tasks/main.yml @@ -0,0 +1,19 @@ +--- + - name: création du dossier "{{ name_docker }}" + file: + path: "/home/ubuntu/{{ name_docker }}" + state: directory + + - name: Copie du template docker-compose - "{{ name_docker }}" + template: + src: "{{ name_docker }}.yml" + dest: "/home/ubuntu/{{ name_docker }}/docker-compose.yml" + become: yes + + - name: Telechargement du container "VM" - "{{ name_docker }}" + shell: chdir=/home/ubuntu/{{ name_docker }} docker compose pull +# become: "{{ m_user_name }}" + + - name: Deployement du container "VM" - "{{ name_docker }}" + shell: chdir=/home/ubuntu/{{ name_docker }} docker compose up -d +# become: "{{ m_user_name }}" \ No newline at end of file diff --git a/roles/deploy-docker/templates/bacula.yml b/roles/deploy-docker/templates/bacula.yml new file mode 100644 index 0000000..3fe61b6 --- /dev/null +++ b/roles/deploy-docker/templates/bacula.yml @@ -0,0 +1,100 @@ +version: '3.1' +services: + + db: + image: eftechcombr/bacula:15.0.2-catalog + restart: unless-stopped + environment: + POSTGRES_PASSWORD: bacula + POSTGRES_USER: bacula + POSTGRES_DB: bacula + volumes: + - ./pgdata:/var/lib/postgresql/data:rw + ports: + - 5432:5432 +# + bacula-dir: + image: eftechcombr/bacula:15.0.2-director + restart: unless-stopped + volumes: + - ./etc:/opt/bacula/etc:ro + depends_on: + - db + ports: + - 9101:9101 +# + bacula-sd: + image: eftechcombr/bacula:15.0.2-storage + restart: unless-stopped + depends_on: + - bacula-dir + - db + volumes: + - ./etc:/opt/bacula/etc:ro + ports: + - 9103:9103 +# + bacula-fd: + image: eftechcombr/bacula:15.0.2-client + restart: unless-stopped + depends_on: + - bacula-sd + - bacula-dir + - db + volumes: + - ./etc:/opt/bacula/etc:ro + ports: + - 9102:9102 + + baculum-api: + image: eftechcombr/baculum:15.0.2-api + restart: unless-stopped + depends_on: + - db + - bacula-dir + volumes: + - ./etc/bconsole.conf:/opt/bacula/etc/bconsole.conf:ro + - ./etc/baculum:/etc/baculum:rw + ports: + - 9096:9096 + +# + baculum-web: + image: eftechcombr/baculum:15.0.2-web + restart: unless-stopped + depends_on: + - baculum-api + volumes: + - ./etc/bconsole.conf:/opt/bacula/etc/bconsole.conf:ro + - ./etc/baculum:/etc/baculum:rw + ports: + - 9095:9095 + +# +#volumes: +# pgdata: +# +# gmail: +# image: eftechcombr/postfix:gmail +# restart: unless-stopped +# depends_on: +# - bacula-dir +# # ports: +# # - 30025:25 +# environment: +# GMAIL_USER: xxxxxxxx +# GMAIL_PASS: xxxxxxxx +# +# smtp2tg: +# image: b3vis/docker-smtp2tg +# restart: unless-stopped +# volumes: +# - ./etc/smtp2tg.toml:/config/smtp2tg.toml:ro +# # ports: +# # - "31025:25" +# depends_on: +# - bacula-dir +# +# +#volumes: +# pgdata: \ No newline at end of file diff --git a/roles/deploy-docker/templates/bitwarden.yml b/roles/deploy-docker/templates/bitwarden.yml new file mode 100644 index 0000000..21cc9f8 --- /dev/null +++ b/roles/deploy-docker/templates/bitwarden.yml @@ -0,0 +1,28 @@ +--- +version: '3.1' +services: + Bitwarden: + image: vaultwarden/server:latest + container_name: {{ name_docker }} + hostname: {{ name_docker }} + restart: always + environment: + - SIGNUPS_ALLOWED=true + - ADMIN_TOKEN=fhBMPCHo0TUNDB + - SHOW_PASSWORD_HINT=true + - DOMAIN=https://password.{{ domaine_ext }} + - SMTP_HOST=ssl0.ovh.net + - SMTP_FROM=contact@{{ domaine_ext }} + - SMTP_FROM_NAME=RedFrontier Password Manager (Bitwarden) + - SMTP_SECURITY=force_tls + # ("starttls", "force_tls", "off") Enable a secure connection. Default is "starttls" (Explicit - ports 587 or 25), "force_tls" (Implicit - port 465) or "off", no encryption (port 25) + - SMTP_PORT=465 + # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 (submissions) is used for encrypted submission (Implicit TLS). + - SMTP_USERNAME=contact@{{ domaine_ext }} + - SMTP_PASSWORD=Jemeqq3dw@louovh + - SMTP_TIMEOUT=15 + ports: + - 9091:80 + - 9092:3012 + volumes: + - ./:/data \ No newline at end of file diff --git a/roles/deploy-docker/templates/bookstack.yml b/roles/deploy-docker/templates/bookstack.yml new file mode 100644 index 0000000..79217ce --- /dev/null +++ b/roles/deploy-docker/templates/bookstack.yml @@ -0,0 +1,51 @@ +version: "3" +services: + bookstack: + image: linuxserver/bookstack:latest + container_name: {{ name_docker }} + hostname: {{ name_docker }} + volumes: + - ./config:/config + environment: + - APP_URL=https://wiki.{{domaine_ext}} + - PGID=1000 + - PUID=1000 + - DB_HOST=bookstack-db + - DB_DATABASE=bookstack + - DB_USERNAME=bxlife + - DB_PASSWORD=3aslZpYfZ0j8nEbz + - DISCORD_APP_ID=1294769940171067413 + - DISCORD_APP_SECRET=UdI8nbpOzk9LuAV2qxn6sMVdOI_XptZ3 + - APP_LANG=fr + - APP_THEME="custom" + + # - MAIL_ENCRYPTION= + # - MAIL_FROM_NAME= + # - MAIL_FROM= + # - MAIL_PORT= + # - MAIL_PASSWORD= + # - MAIL_USERNAME= + # - MAIL_HOST= + - FILE_UPLOAD_SIZE_LIMIT=999 + - APP_DEFAULT_DARK_MODE=true + - ALLOWED_IFRAME_SOURCES="*" + ports: + - 10003:443 + - 10004:80 + restart: always + depends_on: + - bookstack-db + bookstack-db: + image: mariadb:10.3 + container_name: bookstack-db + environment: + - PUID=1000 + - PGID=1000 + - MYSQL_ROOT_PASSWORD=g6u3h9QWAGE9Q8 + - TZ=Europe/Paris + - MYSQL_DATABASE=bookstack + - MYSQL_USER=bxlife + - MYSQL_PASSWORD=3aslZpYfZ0j8nEbz + volumes: + - ./mysql:/var/lib/mysql + restart: always \ No newline at end of file diff --git a/roles/deploy-docker/templates/cloudflare-ddns.yml b/roles/deploy-docker/templates/cloudflare-ddns.yml new file mode 100644 index 0000000..327347a --- /dev/null +++ b/roles/deploy-docker/templates/cloudflare-ddns.yml @@ -0,0 +1,12 @@ +version: '3' +services: + cloudflare-ddns-server: + container_name: CloudFlare-DDNS-SERVEUR + hostname: CloudFlare-DDNS-SERVER + image: oznu/cloudflare-ddns:latest + restart: always + environment: + - API_KEY=pI56QZrEywuFBB5mAAdz-d-4WCjP-_5-R0fYesjQ + - ZONE={{domaine_ext}} + - SUBDOMAIN=server + - PROXIED=false \ No newline at end of file diff --git a/roles/deploy-docker/templates/codeserver.yml b/roles/deploy-docker/templates/codeserver.yml new file mode 100644 index 0000000..c3bb523 --- /dev/null +++ b/roles/deploy-docker/templates/codeserver.yml @@ -0,0 +1,20 @@ +version: "3.1" +services: + codeserver: + image: linuxserver/code-server:latest + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Paris + - PASSWORD=caabda9758f649bb01572c7b + volumes: + - ./config:/config + ports: + - 4850:8443 + restart: always + healthcheck: + test: curl -f http://localhost:8443/ || exit 1 + interval: 60s + retries: 5 + start_period: 20s + timeout: 10s \ No newline at end of file diff --git a/roles/deploy-docker/templates/dolibarr.yml b/roles/deploy-docker/templates/dolibarr.yml new file mode 100644 index 0000000..8eccbed --- /dev/null +++ b/roles/deploy-docker/templates/dolibarr.yml @@ -0,0 +1,20 @@ +version: "3" +services: + mariadb: + image: mariadb:latest + environment: + MYSQL_ROOT_PASSWORD: 5XgEvqxdAUTA6f + MYSQL_DATABASE: dolibarr + web: + image: tuxgasy/dolibarr + environment: + DOLI_DB_HOST: mariadb + DOLI_DB_USER: root + DOLI_DB_PASSWORD: 5XgEvqxdAUTA6f + DOLI_DB_NAME: dolibarr + DOLI_URL_ROOT: 'http://0.0.0.0' + PHP_INI_DATE_TIMEZONE: 'Europe/Paris' + ports: + - "80:80" + links: + - mariadb \ No newline at end of file diff --git a/roles/deploy-docker/templates/duplicati.yml b/roles/deploy-docker/templates/duplicati.yml new file mode 100644 index 0000000..37ba1e0 --- /dev/null +++ b/roles/deploy-docker/templates/duplicati.yml @@ -0,0 +1,20 @@ +version: "3.9" + +services: + duplicati: + image: linuxserver/duplicati + container_name: duplicati + restart: always + ports: + - 8200:8200 # Interface web accessible sur http://localhost:8200 + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Paris + - SETTINGS_ENCRYPTION_KEY=nyfNRe229zQTGVVh # 🔐 Ajoute une clé de chiffrement + - DUPLICATI__WEB__AUTHENTICATION__USERNAME=bxlife + - DUPLICATI__WEB__AUTHENTICATION__PASSWORD=LhjlWfTa3ahuOg9J + volumes: + - /:/host_root:ro # Accès en lecture seule à tout l'hôte + - ./backups:/source # Dossier où sont stockés les backups locaux + - ./duplicati:/config # Configuration et base de données Duplicati \ No newline at end of file diff --git a/roles/deploy-docker/templates/filebrowser.yml b/roles/deploy-docker/templates/filebrowser.yml new file mode 100644 index 0000000..541a46e --- /dev/null +++ b/roles/deploy-docker/templates/filebrowser.yml @@ -0,0 +1,14 @@ +version: "3" +services: + file_browser: + image: filebrowser/filebrowser:latest + container_name: {{ name_docker }} + hostname: {{ name_docker }} + environment: + - PUID=1000 + - PGID=1000 + volumes: + - /:/srv + ports: + - 8963:80 + restart: always \ No newline at end of file diff --git a/roles/deploy-docker/templates/firefly.yml b/roles/deploy-docker/templates/firefly.yml new file mode 100644 index 0000000..bb71d11 --- /dev/null +++ b/roles/deploy-docker/templates/firefly.yml @@ -0,0 +1,36 @@ +version: "3" +services: + firefly: + image: fireflyiii/core:latest + container_name: Firefly + volumes: + - ./app:/var/www/html/storage/upload + environment: + - APP_URL=https://budget.{{ domaine_ext }} + - TRUSTED_PROXIES=** + - APP_KEY=azertyuiopqsdfghjklmwxcvbn123456 + - DB_HOST=firefly-db + - DB_PORT=3306 + - DB_CONNECTION=mysql + - DB_DATABASE=firefly + - DB_USERNAME=bxlife + - DB_PASSWORD=YKo9iG2&CsSb3fKNTm%UosVeC + ports: + - 17555:8080 + restart: always + depends_on: + - firefly-db + firefly-db: + image: mariadb:10.5.21 + container_name: firefly_db + environment: + - PUID=1000 + - PGID=1000 + - MYSQL_ROOT_PASSWORD=YFEyHkb7tizo9h + - TZ=Europe/Paris + - MYSQL_DATABASE=firefly + - MYSQL_USER=bxlife + - MYSQL_PASSWORD=YKo9iG2&CsSb3fKNTm%UosVeC + volumes: + - ./config/mysql:/var/lib/mysql + restart: unless-stopped \ No newline at end of file diff --git a/roles/deploy-docker/templates/fivem.yml b/roles/deploy-docker/templates/fivem.yml new file mode 100644 index 0000000..303a3aa --- /dev/null +++ b/roles/deploy-docker/templates/fivem.yml @@ -0,0 +1,50 @@ +version: "3.9" +services: + fivem: + image: spritsail/fivem:13227 + container_name: fivem + environment: + - NO_LICENSE_KEY=1 + - NO_DEFAULT_CONFIG=1 + - PUID=0 + - PGID=0 + volumes: + - ./config:/config + - ./txData:/txData + ports: + - '40120:40120' + - '30120:30120' + - '30120:30120/udp' + restart: always + depends_on: + - fivem-db + fivem-db: + image: mariadb:10.11.6 + container_name: fivem_db + environment: + - PUID=0 + - PGID=0 + - MYSQL_ROOT_PASSWORD=tdDgrdv6cs2J0D + - TZ=Europe/Paris + - MYSQL_DATABASE=hardb + - MYSQL_USER=har-admin + - MYSQL_PASSWORD=Xu22DW2SUwfGFv + #- MYSQL_ALLOW_EMPTY_PASSWORD=yes + command: + --sql_mode=NO_ZERO_IN_DATE,NO_ZERO_DATE,NO_ENGINE_SUBSTITUTION + ports: + - 3306:3306 + volumes: + - ./mysql:/var/lib/mysql + # - ./mysql/my.cnf:/etc/mysql/my.cnf + restart: always + phpmyadmin: + image: phpmyadmin + restart: always + ports: + - 8080:80 + environment: + - PMA_ARBITRARY=1 + - UPLOAD_LIMIT=100M + depends_on: + - fivem-db \ No newline at end of file diff --git a/roles/deploy-docker/templates/gitea.yml b/roles/deploy-docker/templates/gitea.yml new file mode 100644 index 0000000..4f850e2 --- /dev/null +++ b/roles/deploy-docker/templates/gitea.yml @@ -0,0 +1,62 @@ +version: "3.9" +services: + db: + image: postgres + container_name: Gitea-DB + hostname: gitea-db + security_opt: + - no-new-privileges:true + healthcheck: + test: ["CMD", "pg_isready", "-q", "-d", "gitea", "-U", "osmf15Ox8vsF9jqW"] + timeout: 45s + interval: 10s + retries: 10 + user: 0:0 + volumes: + - ./db:/var/lib/postgresql/data:rw + environment: + - POSTGRES_DB=gitea + - POSTGRES_USER=osmf15Ox8vsF9jqW + - POSTGRES_PASSWORD=6PLjxG0mXGAfNrK4rUT7wrlzQJ9r4IOq + restart: on-failure:5 + + web: + image: gitea/gitea:latest + container_name: Gitea + hostname: gitea + security_opt: + - no-new-privileges:true + healthcheck: + test: wget --no-verbose --tries=1 --spider http://localhost:3000/ || exit 1 + ports: + - 3052:3000 + - '2222:22' + volumes: + - ./data:/data + - /etc/TZ:/etc/TZ:ro + - /etc/localtime:/etc/localtime:ro + environment: + - USER_UID=1000 + - USER_GID=1000 + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=gitea-db:5432 + - GITEA__database__NAME=gitea + - GITEA__database__USER=osmf15Ox8vsF9jqW + - GITEA__database__PASSWD=6PLjxG0mXGAfNrK4rUT7wrlzQJ9r4IOq + - ROOT_URL=https://git.{{domaine_ext}} + restart: on-failure:5 + depends_on: + - db + runner: + image: gitea/act_runner:nightly + environment: + CONFIG_FILE: /config.yaml + GITEA_INSTANCE_URL: "https://git.{{domaine_ext}}" + GITEA_RUNNER_REGISTRATION_TOKEN: "2D0IxOHijNQVrMhKav8nGNpyJlF8qia51fy1Lwch" + GITEA_RUNNER_NAME: "runner_prod" + GITEA_RUNNER_LABELS: "runner_prod" + volumes: + - ./runner/config.yaml:/config.yaml + #- /home/ubuntu/redm/txData/RexshackRedMBuild_000214.base:/data/redm + - ./runner/data:/data + - /var/run/docker.sock:/var/run/docker.sock \ No newline at end of file diff --git a/roles/deploy-docker/templates/heimdall.yml b/roles/deploy-docker/templates/heimdall.yml new file mode 100644 index 0000000..72dc471 --- /dev/null +++ b/roles/deploy-docker/templates/heimdall.yml @@ -0,0 +1,16 @@ +version: "3" +services: + heimdall: + image: linuxserver/heimdall:latest + container_name: heimdall + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Paris + - APP_URL=https://panel.{{ domaine_ext }} + volumes: + - ./data:/config + ports: + - 9705:80 + - 9706:443 + restart: always \ No newline at end of file diff --git a/roles/deploy-docker/templates/nginx.yml b/roles/deploy-docker/templates/nginx.yml new file mode 100644 index 0000000..9f06f1e --- /dev/null +++ b/roles/deploy-docker/templates/nginx.yml @@ -0,0 +1,36 @@ +version: '3' +services: + nginx: + image: 'jc21/nginx-proxy-manager:latest' + container_name: {{ name_docker }} + hostname: {{ name_docker }} + restart: always + ports: + - '80:80' + - '81:81' + - '443:443' + environment: + DB_MYSQL_HOST: "nginx-db" + DB_MYSQL_PORT: 3306 + DB_MYSQL_USER: "bxlife" + DB_MYSQL_PASSWORD: "dKGLhPrlaYOWAOZ0" + DB_MYSQL_NAME: "nginx" + volumes: + - ./data:/data + - ./letsencrypt:/etc/letsencrypt + depends_on: + - nginx-db + nginx-db: + image: mariadb:latest + container_name: nginx-db + environment: + - PUID=1000 + - PGID=1000 + - MYSQL_ROOT_PASSWORD=xv4gv5k8qGXlrUUl + - TZ={{s_tz}} + - MYSQL_DATABASE=nginx + - MYSQL_USER=bxlife + - MYSQL_PASSWORD=dKGLhPrlaYOWAOZ0 + volumes: + - ./config/mysql:/var/lib/mysql + restart: unless-stopped \ No newline at end of file diff --git a/roles/deploy-docker/templates/planka.yml b/roles/deploy-docker/templates/planka.yml new file mode 100644 index 0000000..0e91f3f --- /dev/null +++ b/roles/deploy-docker/templates/planka.yml @@ -0,0 +1,94 @@ +version: '3' + +services: + planka: + image: ghcr.io/plankanban/planka:latest + restart: on-failure + volumes: + - ./user-avatars:/app/public/user-avatars + - ./project-background-images:/app/public/project-background-images + - ./attachments:/app/private/attachments + ports: + - 20145:1337 + environment: + - BASE_URL=https://planka.{{ domaine_ext }} + - DATABASE_URL=postgresql://postgres@postgres/planka + - SECRET_KEY=2ZNQf7B0072PS4 + + # - TRUST_PROXY=1 + # - TOKEN_EXPIRES_IN=365 # In days + + # related: https://github.com/knex/knex/issues/2354 + # As knex does not pass query parameters from the connection string we + # have to use environment variables in order to pass the desired values, e.g. + # - PGSSLMODE= + + # Configure knex to accept SSL certificates + # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false + + - DEFAULT_ADMIN_EMAIL=info@bruxelleslife.com # Do not remove if you want to prevent this user from being edited/deleted + - DEFAULT_ADMIN_PASSWORD=FHOHozginO95jx + - DEFAULT_ADMIN_NAME=bxlife + - DEFAULT_ADMIN_USERNAME=bxlife + + # - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons. + + # - ALLOW_ALL_TO_CREATE_PROJECTS=true + + # - OIDC_ISSUER= + # - OIDC_CLIENT_ID= + # - OIDC_CLIENT_SECRET= + # - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG= + # - OIDC_USERINFO_SIGNED_RESPONSE_ALG= + # - OIDC_SCOPES=openid email profile + # - OIDC_RESPONSE_MODE=fragment + # - OIDC_USE_DEFAULT_RESPONSE_MODE=true + # - OIDC_ADMIN_ROLES=admin + # - OIDC_CLAIMS_SOURCE=userinfo + # - OIDC_EMAIL_ATTRIBUTE=email + # - OIDC_NAME_ATTRIBUTE=name + # - OIDC_USERNAME_ATTRIBUTE=preferred_username + # - OIDC_ROLES_ATTRIBUTE=groups + # - OIDC_IGNORE_USERNAME=true + # - OIDC_IGNORE_ROLES=true + # - OIDC_ENFORCED=true + + # Email Notifications (https://nodemailer.com/smtp/) + - SMTP_HOST=mail.bruxelleslife.com + - SMTP_PORT=465 + - SMTP_NAME=Bruxelles Life Mail + - SMTP_SECURE=true + - SMTP_USER=info@bruxelleslife.com + - SMTP_PASSWORD=vX6@kTScdN94MTJ + - SMTP_FROM="Bruxelles Life" + - SMTP_TLS_REJECT_UNAUTHORIZED=false + + # Optional fields: accessToken, events, excludedEvents + # - | + # WEBHOOKS=[{ + # "url": "http://localhost:3001", + # "accessToken": "notaccesstoken", + # "events": ["cardCreate", "cardUpdate", "cardDelete"], + # "excludedEvents": ["notificationCreate", "notificationUpdate"] + # }] + + # - SLACK_BOT_TOKEN= + # - SLACK_CHANNEL_ID= + # - GOOGLE_CHAT_WEBHOOK_URL= + depends_on: + postgres: + condition: service_healthy + + postgres: + image: postgres:14-alpine + restart: on-failure + volumes: + - ./db-data:/var/lib/postgresql/data + environment: + - POSTGRES_DB=planka + - POSTGRES_HOST_AUTH_METHOD=trust + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres -d planka"] + interval: 10s + timeout: 5s + retries: 5 diff --git a/roles/deploy-docker/templates/portainer.yml b/roles/deploy-docker/templates/portainer.yml new file mode 100644 index 0000000..b3e52fb --- /dev/null +++ b/roles/deploy-docker/templates/portainer.yml @@ -0,0 +1,14 @@ +version: '3' +services: + portainer: + image: 'portainer/portainer-ce:latest' + container_name: {{ name_docker }} + hostname: {{ name_docker }} + restart: always + network_mode: bridge + ports: + - '8000:8000' + - '9000:9000' + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./:/data \ No newline at end of file diff --git a/roles/deploy-docker/templates/postgressemaphore.yml b/roles/deploy-docker/templates/postgressemaphore.yml new file mode 100644 index 0000000..5b89b07 --- /dev/null +++ b/roles/deploy-docker/templates/postgressemaphore.yml @@ -0,0 +1,16 @@ +version: "3.9" +name: postgressemaphore +services: + db: + image: postgres + container_name: postgressemaphore_db + hostname: postgressemaphore_db + restart: always + volumes: + - ./db:/var/lib/postgresql/data + environment: + POSTGRES_DB: semaphore + POSTGRES_USER: semaphore + POSTGRES_PASSWORD: TANee5sqeFsgSQf7 + ports: + - '5433:5432' \ No newline at end of file diff --git a/roles/deploy-docker/templates/rainloop.yml b/roles/deploy-docker/templates/rainloop.yml new file mode 100644 index 0000000..c860580 --- /dev/null +++ b/roles/deploy-docker/templates/rainloop.yml @@ -0,0 +1,10 @@ +version: '3' +services: + rainloop: + image: wernerfred/docker-rainloop:latest + container_name: rainloop + restart: always + ports: + - 8088:80 + volumes: + - ./:/rainloop/data \ No newline at end of file diff --git a/roles/deploy-docker/templates/uptimekuma.yml b/roles/deploy-docker/templates/uptimekuma.yml new file mode 100644 index 0000000..39d9e02 --- /dev/null +++ b/roles/deploy-docker/templates/uptimekuma.yml @@ -0,0 +1,12 @@ +version: '3.3' +services: + uptime-kuma: + image: louislam/uptime-kuma:latest + container_name: {{ name_docker }} + hostname: {{ name_docker }} + volumes: + - ./uptimekuma:/app/data + - /var/run/docker.sock:/var/run/docker.sock + ports: + - 10028:3001 + restart: always \ No newline at end of file diff --git a/roles/deploy-homepage-config/defaults/main.yml b/roles/deploy-homepage-config/defaults/main.yml new file mode 100644 index 0000000..5ec7905 --- /dev/null +++ b/roles/deploy-homepage-config/defaults/main.yml @@ -0,0 +1,3 @@ +domaine_ext: belgiumrp.net +nginx_user: brp-01@outlook.com +nginx_pass: Q^mbDpZD2h9GKf \ No newline at end of file diff --git a/roles/deploy-homepage-config/files/backgrounds/background-datacenter.jpg b/roles/deploy-homepage-config/files/backgrounds/background-datacenter.jpg new file mode 100644 index 0000000..67ce1b2 Binary files /dev/null and b/roles/deploy-homepage-config/files/backgrounds/background-datacenter.jpg differ diff --git a/roles/deploy-homepage-config/files/backgrounds/background-space.jpg b/roles/deploy-homepage-config/files/backgrounds/background-space.jpg new file mode 100644 index 0000000..91ea62a Binary files /dev/null and b/roles/deploy-homepage-config/files/backgrounds/background-space.jpg differ diff --git a/roles/deploy-homepage-config/files/icons/logo.png b/roles/deploy-homepage-config/files/icons/logo.png new file mode 100644 index 0000000..3c91410 Binary files /dev/null and b/roles/deploy-homepage-config/files/icons/logo.png differ diff --git a/roles/deploy-homepage-config/tasks/main.yml b/roles/deploy-homepage-config/tasks/main.yml new file mode 100644 index 0000000..4f0619c --- /dev/null +++ b/roles/deploy-homepage-config/tasks/main.yml @@ -0,0 +1,64 @@ +--- + - name: Copie du template "Settings" + template: + src: "settings.yaml" + dest: "/home/ubuntu/{{ name_docker }}/settings.yaml" + become: yes + + - name: Copie du template "Bookmarks" + template: + src: "bookmarks.yaml" + dest: "/home/ubuntu/{{ name_docker }}/bookmarks.yaml" + become: yes + + - name: Copie du template "Services" + template: + src: "services.yaml" + dest: "/home/ubuntu/{{ name_docker }}/services.yaml" + become: yes + + - name: Copie du template "Widgets" + template: + src: "widgets.yaml" + dest: "/home/ubuntu/{{ name_docker }}/widgets.yaml" + become: yes + + - name: Copie du template "Custom.css" + template: + src: "custom.css" + dest: "/home/ubuntu/{{ name_docker }}/custom.css" + become: yes + + - name: Copie du template "Custom.js" + template: + src: "custom.js" + dest: "/home/ubuntu/{{ name_docker }}/custom.js" + become: yes + + - name: Copie du template "Docker" + template: + src: "docker.yaml" + dest: "/home/ubuntu/{{ name_docker }}/docker.yaml" + become: yes + + - name: Copie du template "Kubernetes" + template: + src: "kubernetes.yaml" + dest: "/home/ubuntu/{{ name_docker }}/kubernetes.yaml" + become: yes + + - name: "Copie des backgrounds" + copy: + src: "{{ item }}" + dest: "/home/ubuntu/{{ name_docker }}/images/" + with_fileglob: + - "/etc/ansible/roles/homepage-config/files/backgrounds/*" + become: yes + + - name: "Copie des icons" + copy: + src: "{{ item }}" + dest: "/home/ubuntu/{{ name_docker }}/icons/" + with_fileglob: + - "/etc/ansible/roles/homepage-config/files/icons/*" + become: yes \ No newline at end of file diff --git a/roles/deploy-homepage-config/templates/bookmarks.yaml b/roles/deploy-homepage-config/templates/bookmarks.yaml new file mode 100644 index 0000000..7db15af --- /dev/null +++ b/roles/deploy-homepage-config/templates/bookmarks.yaml @@ -0,0 +1,10 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/latest/configs/bookmarks + +- Bookmarks: + + - Simple Icon: + - abbr: SI + icon: si-simpleicons + href: https://simpleicons.org/ diff --git a/roles/deploy-homepage-config/templates/custom.css b/roles/deploy-homepage-config/templates/custom.css new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy-homepage-config/templates/custom.js b/roles/deploy-homepage-config/templates/custom.js new file mode 100644 index 0000000..e69de29 diff --git a/roles/deploy-homepage-config/templates/docker.yaml b/roles/deploy-homepage-config/templates/docker.yaml new file mode 100644 index 0000000..fe12559 --- /dev/null +++ b/roles/deploy-homepage-config/templates/docker.yaml @@ -0,0 +1,10 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/latest/configs/docker/ + +# my-docker: +# host: 127.0.0.1 +# port: 2375 + +# my-docker: +# socket: /var/run/docker.sock \ No newline at end of file diff --git a/roles/deploy-homepage-config/templates/kubernetes.yaml b/roles/deploy-homepage-config/templates/kubernetes.yaml new file mode 100644 index 0000000..4d2c40b --- /dev/null +++ b/roles/deploy-homepage-config/templates/kubernetes.yaml @@ -0,0 +1,2 @@ +--- +# sample kubernetes config \ No newline at end of file diff --git a/roles/deploy-homepage-config/templates/services.yaml b/roles/deploy-homepage-config/templates/services.yaml new file mode 100644 index 0000000..6dbccba --- /dev/null +++ b/roles/deploy-homepage-config/templates/services.yaml @@ -0,0 +1,57 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/latest/configs/services + +- Reseau: + - Nginx Proxy Manager: + href: https://nginx.{{ domaine_ext }} + icon: si-nginxproxymanager-#F15833 + description: Reverse Proxy + widget: + type: npm + url: https://nginx.{{ domaine_ext }} + username: {{ nginx_user }} + password: "{{ nginx_pass }}" + + + - Uptime Kuma: + href: https://monitoring.{{ domaine_ext }} + icon: si-uptimekuma-#5CDD8B + description: Monitoring Network + widget: + type: uptimekuma + url: https://monitoring.{{ domaine_ext }} + slug: belgiumrp + +- Home Lab: + - Portainer: + href: https://portainer.{{ domaine_ext }} + icon: si-portainer-#13BEF9 + description: Gestionnaire de container + widget: + type: portainer + url: https://portainer.{{ domaine_ext }} + env: 1 + key: ptr_yiqjc2hL2H2G7gXU5WxQbAHvCo4UkqVJsOyfutvQXS4= + + +- Infra: + - Ansible Code Server: + href: https://ansible.{{ domaine_ext }} + icon: si-visualstudiocode-#007ACC + description: Visual Studio Code (WEB) - Ansible + + - Bitwarden: + href: https://bitwarden.{{ domaine_ext }} + icon: si-bitwarden-#175DDC + description: Password Manager + + - Bookstack: + href: https://wiki.{{ domaine_ext }} + icon: si-bookstack-#0288D1 + description: Wiki Belgium RP + + # - Grafana: + # href: https://grafana.{{ domaine_ext }} + # icon: si-grafana-#F46800 + # description: Monitoring \ No newline at end of file diff --git a/roles/deploy-homepage-config/templates/settings.yaml b/roles/deploy-homepage-config/templates/settings.yaml new file mode 100644 index 0000000..f84c3ac --- /dev/null +++ b/roles/deploy-homepage-config/templates/settings.yaml @@ -0,0 +1,58 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/latest/configs/settings + +title: "Belgium RP Staff Dashboard" +headerStyle: boxed +language: fr +startUrl: https://dashboard.belgiumrp.net +hideErrors: true +target: _self # Possible options include _blank, _self, and _top +statusStyle: 'dot' +hideVersion: true + +providers: + openweathermap: openweathermapapikey + weatherapi: weatherapiapikey + +background: + image: /images/background-datacenter.jpg + blur: md # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur + saturate: 50 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate + brightness: 50 # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness + opacity: 50 # 0-100 + +quicklaunch: + searchDescriptions: true + hideInternetSearch: false + showSearchSuggestions: true + hideVisitURL: false + +layout: + Reseau: + useEqualHeights: true + disableCollapse: true + style: row + columns: 4 + + Home Lab: + useEqualHeights: true + disableCollapse: true + style: row + columns: 4 + + Infra: + useEqualHeights: true + disableCollapse: true + style: row + columns: 6 + + Bookmarks: + useEqualHeights: true + disableCollapse: true + style: row + columns: 5 + + +theme: dark # or light +color: slate # Supported colors: slate, gray, zinc, neutral, stone, amber, yellow, lime, green, emerald, teal, cyan, sky, blue, indigo, violet, purple, fuchsia, pink, rose, red, white \ No newline at end of file diff --git a/roles/deploy-homepage-config/templates/widgets.yaml b/roles/deploy-homepage-config/templates/widgets.yaml new file mode 100644 index 0000000..b43ee99 --- /dev/null +++ b/roles/deploy-homepage-config/templates/widgets.yaml @@ -0,0 +1,23 @@ +--- +# For configuration options and examples, please see: +# https://gethomepage.dev/latest/configs/service-widgets + +- logo: + icon: si-awselasticloadbalancing + +- resources: + cpu: true + memory: true + +- search: + provider: google # google, duckduckgo, bing, baidu, brave or custom + focus: true # Optional, will set focus to the search bar on page load + showSearchSuggestions: true # Optional, will show search suggestions. Defaults to false + target: _blank # One of _self, _blank, _parent or _top + +- datetime: + locale: fr + text_size: xl + format: + timeStyle: short + dateStyle: short \ No newline at end of file diff --git a/roles/pallxk.code_server/.gitignore b/roles/pallxk.code_server/.gitignore new file mode 100644 index 0000000..fc498c8 --- /dev/null +++ b/roles/pallxk.code_server/.gitignore @@ -0,0 +1,7 @@ +# Created by https://www.gitignore.io/api/ansible +# Edit at https://www.gitignore.io/?templates=ansible + +### Ansible ### +*.retry + +# End of https://www.gitignore.io/api/ansible diff --git a/roles/pallxk.code_server/.travis.yml b/roles/pallxk.code_server/.travis.yml new file mode 100644 index 0000000..69bb631 --- /dev/null +++ b/roles/pallxk.code_server/.travis.yml @@ -0,0 +1,12 @@ +dist: bionic + +addons: + apt: + packages: + - ansible-lint + +script: +- ansible-lint **/*.yml + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/pallxk.code_server/LICENSE b/roles/pallxk.code_server/LICENSE new file mode 100644 index 0000000..3db75f5 --- /dev/null +++ b/roles/pallxk.code_server/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2020 test.cab + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/pallxk.code_server/defaults/main.yml b/roles/pallxk.code_server/defaults/main.yml new file mode 100644 index 0000000..b11ee8b --- /dev/null +++ b/roles/pallxk.code_server/defaults/main.yml @@ -0,0 +1,15 @@ +--- +#code_server_ver: "" +code_server_install_prefix: /usr/local +code_server_data_dir: "{{ ansible_user_dir }}/.local/share/code-server" +#code_server_work_dir: "{{ ansible_user_dir }}" +code_server_auth: password +#code_server_password: "" +code_server_user: "{{ ansible_user_id }}" +code_server_host: 0.0.0.0 +code_server_port: 8080 +code_server_env: {} +#code_server_tls_cert: "" +code_server_tls_cert_remote: no +#code_server_tls_key: "" +code_server_tls_key_remote: no diff --git a/roles/pallxk.code_server/handlers/main.yml b/roles/pallxk.code_server/handlers/main.yml new file mode 100644 index 0000000..96462a2 --- /dev/null +++ b/roles/pallxk.code_server/handlers/main.yml @@ -0,0 +1,11 @@ +--- +- name: Restart code-server + become: yes + systemd: + daemon-reload: yes + name: code-server + state: restarted + # We mark the service as Type=notify to auto restart it routinely, + # but it's actually Type=simple, so "no_block: yes" here to avoid stuck. + no_block: yes + when: code_server_configure_service diff --git a/roles/pallxk.code_server/meta/.galaxy_install_info b/roles/pallxk.code_server/meta/.galaxy_install_info new file mode 100644 index 0000000..b76eced --- /dev/null +++ b/roles/pallxk.code_server/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: Thu Mar 16 20:50:57 2023 +version: v4.0.0 diff --git a/roles/pallxk.code_server/meta/main.yml b/roles/pallxk.code_server/meta/main.yml new file mode 100644 index 0000000..e6cd95f --- /dev/null +++ b/roles/pallxk.code_server/meta/main.yml @@ -0,0 +1,59 @@ +galaxy_info: + role_name: code_server + author: pallxk + description: Install and configure the latest or specified version of code-server (v4, v3, v2 & v1). + company: test.cab + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: MIT + + min_ansible_version: 2.8 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: ArchLinux + versions: + - all + - name: Debian + versions: + - buster + - name: EL + versions: + - 7 + - name: Fedora + versions: + - 31 + - name: SLES + versions: + - 15 + - name: Ubuntu + versions: + - bionic + + galaxy_tags: + - development + - code + - codeserver + - vscode + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/pallxk.code_server/tasks/check-code-server.yml b/roles/pallxk.code_server/tasks/check-code-server.yml new file mode 100644 index 0000000..cbe3d6b --- /dev/null +++ b/roles/pallxk.code_server/tasks/check-code-server.yml @@ -0,0 +1,50 @@ +- name: Check code-server binary exists + stat: + path: "{{ code_server_bin_dir }}/code-server" + follow: yes + register: code_server_exists + +# This check is compatible with code-server v1, v2 and v3 +# +# v3.6.0: +# 3.6.0 a4a03c14922ccaec2a9ff8d1b7b2af8522a4214d +# +# v3.5.0: +# [2020-09-01T06:20:36.864Z] info Using config file ~/.config/code-server/config.yaml +# 3.5.0 de41646fc402b968ca6d555fdf2da7de9554d28a +# +# v3.4.1: +# info Using config file ~/.config/code-server/config.yaml +# 3.4.1 48f7c2724827e526eeaa6c2c151c520f48a61259 +# +# v3.0.2: +# 3.0.2 e480f6527e11344a7c69b7cd024bce9379cea7f0 +# +# v3: +# 3.0.0 +# +# v2: +# info 2.1698-vsc1.41.1 +# info f51e045cd5483561afc07694f39307fb673b6d1d +# info x64 +# +# v1: +# 1.1156-vsc1.33.1 +- name: Check installed code-server version + shell: 'set -o pipefail; code-server --version | grep -P -o "(?<=^|info )\d+(\.\d+)+(-[^ ]+)?"' + args: + executable: /bin/bash + register: code_server_version + when: code_server_exists.stat.exists + changed_when: no + +- name: Check latest code-server version + uri: + url: https://api.github.com/repos/cdr/code-server/releases + register: code_server_releases + when: code_server_ver is undefined + +- name: Set code-server latest version + set_fact: + code_server_ver: "{{ code_server_releases.json[0].tag_name }}" + when: code_server_ver is undefined diff --git a/roles/pallxk.code_server/tasks/configure-code-server.yml b/roles/pallxk.code_server/tasks/configure-code-server.yml new file mode 100644 index 0000000..79dde03 --- /dev/null +++ b/roles/pallxk.code_server/tasks/configure-code-server.yml @@ -0,0 +1,19 @@ +- name: Create code-server data dir + file: + path: "{{ code_server_data_dir }}" + state: directory + +- name: Copy code-server env file + template: + src: env + dest: "{{ code_server_data_dir }}" + mode: 0600 + notify: Restart code-server + when: code_server_password is defined or + code_server_env|length > 0 + +- block: + - import_tasks: copy-certs.yml + rescue: + - import_tasks: copy-certs.yml + become: yes diff --git a/roles/pallxk.code_server/tasks/copy-certs.yml b/roles/pallxk.code_server/tasks/copy-certs.yml new file mode 100644 index 0000000..1d8b8b9 --- /dev/null +++ b/roles/pallxk.code_server/tasks/copy-certs.yml @@ -0,0 +1,21 @@ +- name: Copy TLS certificate + copy: + remote_src: "{{ code_server_tls_cert_remote }}" + src: "{{ code_server_tls_cert }}" + dest: "{{ code_server_data_dir }}/tls.cert" + owner: "{{ code_server_user }}" + group: "{{ ansible_user_gid|string }}" + mode: 0440 + notify: Restart code-server + when: code_server_tls_cert is defined + +- name: Copy TLS key + copy: + remote_src: "{{ code_server_tls_key_remote }}" + src: "{{ code_server_tls_key }}" + dest: "{{ code_server_data_dir }}/tls.key" + owner: "{{ code_server_user }}" + group: "{{ ansible_user_gid|string }}" + mode: 0440 + notify: Restart code-server + when: code_server_tls_key is defined diff --git a/roles/pallxk.code_server/tasks/deprecate.yml b/roles/pallxk.code_server/tasks/deprecate.yml new file mode 100644 index 0000000..98736e2 --- /dev/null +++ b/roles/pallxk.code_server/tasks/deprecate.yml @@ -0,0 +1,18 @@ +- name: Check usage of deprecated variables + debug: + msg: "'{{ item }}' is deprecated, please use 'code_server_{{ item }}'" + when: "{{ item }} is defined" + with_items: + - tls_cert + - tls_key + - tls_cert_remote + - tls_key_remote + +- name: Set corresponding code_server_ variables + set_fact: code_server_{{ item }}={{ lookup('vars', item) }} + when: "{{ item }} is defined" + with_items: + - tls_cert + - tls_key + - tls_cert_remote + - tls_key_remote diff --git a/roles/pallxk.code_server/tasks/install-code-server-legacy.yml b/roles/pallxk.code_server/tasks/install-code-server-legacy.yml new file mode 100644 index 0000000..ce01220 --- /dev/null +++ b/roles/pallxk.code_server/tasks/install-code-server-legacy.yml @@ -0,0 +1,12 @@ +- name: Download code-server legacy + become: yes + unarchive: + remote_src: yes + src: "{{ code_server_tar_url }}" + dest: "{{ code_server_bin_dir }}" + extra_opts: + - --strip-components=1 + - --wildcards + - "*/code-server" + notify: Restart code-server + when: code_server_download_needed diff --git a/roles/pallxk.code_server/tasks/install-code-server-service.yml b/roles/pallxk.code_server/tasks/install-code-server-service.yml new file mode 100644 index 0000000..40c632a --- /dev/null +++ b/roles/pallxk.code_server/tasks/install-code-server-service.yml @@ -0,0 +1,13 @@ +- name: Copy code-server systemd unit file + become: yes + template: + src: code-server.service + dest: "{{ code_server_service_dir }}" + notify: Restart code-server + +- name: Copy code-server systemd override file + become: yes + template: + src: code-server.service.d/restart.conf + dest: "{{ code_server_service_dir }}/code-server.service.d/" + notify: Restart code-server diff --git a/roles/pallxk.code_server/tasks/install-code-server.yml b/roles/pallxk.code_server/tasks/install-code-server.yml new file mode 100644 index 0000000..7fc93b3 --- /dev/null +++ b/roles/pallxk.code_server/tasks/install-code-server.yml @@ -0,0 +1,34 @@ +- name: Clean up {{ code_server_dir }} + become: yes + file: + state: absent + path: "{{ code_server_dir }}" + when: code_server_download_needed + +- name: Create {{ code_server_dir }} + become: yes + file: + state: directory + path: "{{ code_server_dir }}" + +- name: Download code-server + become: yes + unarchive: + remote_src: yes + src: "{{ code_server_tar_url }}" + dest: "{{ code_server_dir }}" + extra_opts: + - --strip-components=1 + notify: Restart code-server + when: code_server_download_needed + +- name: Add {{ code_server_bin_dir }}/code-server + become: yes + file: + state: link + src: "{{ code_server_dir }}{{ '/bin' if code_server_cleaned_ver is version('3.3.0', '>=') else '' }}/code-server" + dest: "{{ code_server_bin_dir }}/code-server" + # force is required if upgrade from v1 or v2, + # in which case dest exists and is a file. + force: yes + notify: Restart code-server diff --git a/roles/pallxk.code_server/tasks/main.yml b/roles/pallxk.code_server/tasks/main.yml new file mode 100644 index 0000000..69dd82f --- /dev/null +++ b/roles/pallxk.code_server/tasks/main.yml @@ -0,0 +1,64 @@ +--- +- name: Check usage of deprecated role variables + include_tasks: deprecate.yml + when: > + tls_cert is defined + or tls_key is defined + or tls_cert_remote is defined + or tls_key_remote is defined + +# Always gather facts as we use ansible_user_id and ansible_user_dir +- name: Gather Facts + setup: + gather_subset: '!all' + +- name: Check systemd version + shell: "set -o pipefail; systemctl --version | head -1 | cut -d' ' -f2" + args: + executable: /bin/bash + register: systemctl_version + changed_when: no + +- name: Create {{ code_server_service_dir }} + become: yes + file: + state: directory + path: "{{ code_server_service_dir }}" + +- name: Check code-server + include_tasks: check-code-server.yml + +- import_tasks: install-code-server-legacy.yml + when: code_server_major|int < 3 + +- import_tasks: install-code-server.yml + when: code_server_major|int >= 3 + +- import_tasks: install-code-server-service.yml + +- name: Configure code-server + include_tasks: configure-code-server.yml + +- name: Configure service + set_fact: + code_server_configure_service: yes + tags: + - service + +- meta: flush_handlers + +- name: Enable code-server service + become: yes + systemd: + name: code-server + enabled: yes + tags: + - service + +- name: Report + include_tasks: report.yml + +- name: Sanity Test + include_tasks: tests.yml + tags: + - tests diff --git a/roles/pallxk.code_server/tasks/report.yml b/roles/pallxk.code_server/tasks/report.yml new file mode 100644 index 0000000..ddc21f1 --- /dev/null +++ b/roles/pallxk.code_server/tasks/report.yml @@ -0,0 +1,10 @@ +- name: List installed files + debug: + msg: + - "{{ code_server_dir }}" + - "{{ code_server_bin_dir }}/code-server" + - "{{ code_server_service_dir }}/code-server.service" + - "{{ code_server_service_dir }}/code-server.service.d/restart.conf" + - "{% if code_server_password is defined %}{{ code_server_data_dir }}/env{% endif %}" + - "{% if code_server_tls_cert is defined %}{{ code_server_data_dir }}/tls.cert{% endif %}" + - "{% if code_server_tls_key is defined %}{{ code_server_data_dir }}/tls.key{% endif %}" diff --git a/roles/pallxk.code_server/tasks/tests.yml b/roles/pallxk.code_server/tasks/tests.yml new file mode 100644 index 0000000..7d956b2 --- /dev/null +++ b/roles/pallxk.code_server/tasks/tests.yml @@ -0,0 +1,13 @@ +--- +- name: Test connectivity locally + wait_for: + port: "{{ code_server_port }}" + timeout: 15 + +- name: Test connectivity remotely + wait_for: + host: "{{ inventory_hostname }}" + port: "{{ code_server_port }}" + timeout: 15 + delegate_to: localhost + ignore_errors: yes diff --git a/roles/pallxk.code_server/templates/code-server.service b/roles/pallxk.code_server/templates/code-server.service new file mode 100644 index 0000000..9daff22 --- /dev/null +++ b/roles/pallxk.code_server/templates/code-server.service @@ -0,0 +1,21 @@ +[Unit] +Description=Run VS Code on a remote server. +Documentation=https://github.com/cdr/code-server +After=network.target network-online.target + +[Service] +Type=simple +User={{ code_server_user }} +{% if code_server_password is defined %} +EnvironmentFile={{ code_server_data_dir_abs }}/env +{% endif %} +ExecStart={{ code_server_bin_dir }}/code-server + {%- if code_server_major != '1' %} --auth {{ code_server_auth }}{% endif %} + {%- if code_server_tls_cert is defined %} --cert {{ code_server_data_dir_abs }}/tls.cert{% endif %} + {%- if code_server_tls_key is defined %} --cert-key {{ code_server_data_dir_abs }}/tls.key{% endif %} + {%- if code_server_work_dir is defined %} {{ code_server_work_dir }}{% endif %} + --host {{ code_server_host }} --port {{ code_server_port }} +WorkingDirectory=~ + +[Install] +WantedBy=multi-user.target diff --git a/roles/pallxk.code_server/templates/code-server.service.d/restart.conf b/roles/pallxk.code_server/templates/code-server.service.d/restart.conf new file mode 100644 index 0000000..9fe0573 --- /dev/null +++ b/roles/pallxk.code_server/templates/code-server.service.d/restart.conf @@ -0,0 +1,11 @@ +# Restart every week to fix memory leak +# https://stackoverflow.com/questions/31055194/how-can-i-configure-a-systemd-service-to-restart-periodically +[Service] +Restart=always +{% if (systemctl_version.stdout|int) < 229 %} +Type=notify +# 1 week +TimeoutStartSec=604800 +{% else %} +RuntimeMaxSec=604800 +{% endif %} diff --git a/roles/pallxk.code_server/templates/env b/roles/pallxk.code_server/templates/env new file mode 100644 index 0000000..6c36903 --- /dev/null +++ b/roles/pallxk.code_server/templates/env @@ -0,0 +1,6 @@ +{% if code_server_password is defined %} +PASSWORD={{ code_server_password | quote }} +{% endif %} +{% for env in code_server_env %} +{{ env }}={{ code_server_env[env] | quote }} +{% endfor %} diff --git a/roles/pallxk.code_server/tests/defaults-test.yml b/roles/pallxk.code_server/tests/defaults-test.yml new file mode 100644 index 0000000..283a044 --- /dev/null +++ b/roles/pallxk.code_server/tests/defaults-test.yml @@ -0,0 +1,6 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: localhost + gather_facts: no + roles: + - name: ../.. diff --git a/roles/pallxk.code_server/tests/test.yml b/roles/pallxk.code_server/tests/test.yml new file mode 100644 index 0000000..b864283 --- /dev/null +++ b/roles/pallxk.code_server/tests/test.yml @@ -0,0 +1,19 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: localhost + gather_facts: no + roles: + - name: ../.. + #code_server_ver: "" + #code_server_data_dir: "{{ ansible_user_dir }}/.local/share/code-server" + #code_server_work_dir: "{{ ansible_user_dir }}" + #code_server_auth: password # password or none + #code_server_password: "" # Leave empty to use auto-generated password + #code_server_user: "{{ ansible_user_id }}" + #code_server_host: 0.0.0.0 + #code_server_port: 8080 + #code_server_env: {} + #code_server_tls_cert: /etc/letsencrypt/live/example.com/fullchain.pem + #code_server_tls_cert_remote: no + #code_server_tls_key: /etc/letsencrypt/live/example.com/privkey.pem + #code_server_tls_key_remote: no diff --git a/roles/pallxk.code_server/vars/main.yml b/roles/pallxk.code_server/vars/main.yml new file mode 100644 index 0000000..61f557a --- /dev/null +++ b/roles/pallxk.code_server/vars/main.yml @@ -0,0 +1,47 @@ +--- +# The directory to install the executable for code-server +code_server_bin_dir: "{{ code_server_install_prefix }}/bin" + +# code-server before v3 is a single file binary, code-server since v3 is a directory of files. +# code_server_dir is only used for v3+ +code_server_dir: "{{ '/opt/code-server' if code_server_major|int >= 3 else '' }}" + +# The directory to install code-server systemd service file +code_server_service_dir: "{{ code_server_install_prefix }}/lib/systemd/system" + +# URL prefix for downloading code-server +code_server_url_prefix: https://github.com/cdr/code-server/releases/download + +# code_server_ver without v prefix +code_server_cleaned_ver: "{{ code_server_ver | regex_replace('^v', '') }}" + +# code_server_short_ver removes vscode version +# 2.1692-vsc1.39.2 -> 2.1692 +# 3.0.0 -> 3.0.0 +code_server_short_ver: "{{ code_server_cleaned_ver | regex_replace('-.+', '') }}" + +# Whether we need to download code-server for fresh install or upgrade. +# Note that code-server release tag has a 'v' prefix since v3.3.0, +# while `code-server --version` never outputs the 'v' prefix. +code_server_download_needed: >- + {{ not code_server_exists.stat.exists + or code_server_version.stdout != code_server_cleaned_ver }} + +# The subdirectory under URL prefix containing code-server artifacts +code_server_download_dir: "{{ 'v' if code_server_cleaned_ver is version('3.3.0', '>=') else '' }}{{ code_server_short_ver if code_server_short_ver is version('2.1698', '>=') else code_server_cleaned_ver }}" + +# The major version of code-server in string +code_server_major: "{{ code_server_cleaned_ver.split('.')[0] }}" + +# The architecture of code-server as used in download URL +code_server_arch: "{% if code_server_cleaned_ver is version('3.3.0', '>=') %}amd64{% elif code_server_major != '1' %}x86_64{% else %}x64{% endif %}" + +# The build-up final .tar.gz url for code-server +code_server_tar_url: "{{ code_server_url_prefix }}/{{ code_server_download_dir }}/code-server{{ '-' if code_server_major|int >= 3 else '' }}{{ code_server_cleaned_ver }}-linux-{{ code_server_arch }}.tar.gz" + +# The data directory of code-server +code_server_data_dir_abs: "{{ code_server_data_dir | expanduser }}" + +# Whether to configure service. +# This will be set to yes in tasks unless `--skip-tags service` specified. +code_server_configure_service: no