furion/ansible_bxlife
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial push

Browse Source
This commit is contained in:
suu
2025-03-12 13:55:27 +01:00
commit 9f90c494ea
88 changed files with 2343 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
README.MD Normal file
View File

@@ -0,0 +1,152 @@
# Belgium RP - Ansible Infrastructure
## Overview
Ce projet Ansible est conçu pour déployer et gérer l'infrastructure du serveur Belgium RP. Le dépôt contient plusieurs rôles, tâches et playbooks Ansible pour automatiser le processus de déploiement.
## Structure du Dépôt
- **inventories/**: Contient les fichiers d'inventaire Ansible.
- **host_vars/**: Variables spécifiques aux hôtes.
- `localhost.yml`: Variables spécifiques à localhost.
- `localhost/`: Répertoire contenant des variables supplémentaires spécifiques aux hôtes.
- **playbooks/**: Contient les playbooks Ansible pour déployer les applications.
- **docker/**: Playbooks pour déployer les conteneurs Docker.
- `deploy-docker-bitwarden.yml`: Playbook pour déployer [Bitwarden](https://github.com/bitwarden/server).
- **Bitwarden** : Gestionnaire de mots de passe open-source qui stocke et gère les informations de connexion de manière sécurisée.
- `deploy-docker-bookstack.yml`: Playbook pour déployer [Bookstack](https://github.com/BookStackApp/BookStack).
- **Bookstack** : Logiciel de gestion de documentation et de wiki pour créer et organiser des livres et des pages.
- `deploy-docker-cloudflare-ddns.yml`: Playbook pour déployer [Cloudflare DDNS](https://github.com/oznu/docker-cloudflare-ddns).
- **Cloudflare DDNS** : Service de DNS dynamique utilisant Cloudflare pour mettre à jour les enregistrements DNS automatiquement.
- `deploy-docker-duplicati.yml`: Playbook pour déployer [Duplicati](https://github.com/duplicati/duplicati).
- **Duplicati** : Solution de sauvegarde open-source pour stocker des sauvegardes chiffrées de manière sécurisée.
- `deploy-docker-easywall.yml`: Playbook pour déployer [Easywall](https://github.com/ThomasKaiser/EasyWall).
- **Easywall** : Pare-feu simplifié pour la gestion et la sécurisation du réseau.
- `deploy-docker-file_browser.yml`: Playbook pour déployer [File Browser](https://github.com/filebrowser/filebrowser).
- **File Browser** : Interface web pour gérer et partager des fichiers sur un serveur.
- `deploy-docker-firefly.yml`: Playbook pour déployer [Firefly III](https://github.com/firefly-iii/firefly-iii).
- **Firefly III** : Outil de gestion financière personnelle pour suivre les dépenses et gérer les budgets.
- `deploy-docker-fivem.yml`: Playbook pour déployer [FiveM](https://github.com/spritsail/fivem).
- **FiveM** : Plateforme de modification pour GTA V, permettant la création de serveurs multijoueurs personnalisés. Cette version Docker simplifie le déploiement et la gestion des serveurs FiveM.
- `deploy-docker-gitea.yml`: Playbook pour déployer [Gitea](https://github.com/go-gitea/gitea).
- **Gitea** : Service d'hébergement de dépôts Git léger et open-source.
- `deploy-docker-heimdall.yml`: Playbook pour déployer [Heimdall](https://github.com/linuxserver/Heimdall).
- **Heimdall** : Page d'accueil pour organiser et accéder facilement aux applications et services.
- `deploy-docker-homepage.yml`: Playbook pour déployer [Homepage](https://github.com/benphelps/homepage).
- **Homepage** : Interface web personnalisable pour accéder rapidement aux applications web et services.
- `deploy-docker-kanboard.yml`: Playbook pour déployer [Kanboard](https://github.com/kanboard/kanboard).
- **Kanboard** : Application de gestion de projets utilisant une approche Kanban pour organiser les tâches.
- `deploy-docker-nginx.yml`: Playbook pour déployer [Nginx Proxy Manager](https://github.com/NginxProxyManager/nginx-proxy-manager).
- **Nginx Proxy Manager** : Interface utilisateur pour gérer les proxys Nginx, avec une gestion simplifiée des certificats SSL.
- `deploy-docker-portainer.yml`: Playbook pour déployer [Portainer](https://github.com/portainer/portainer).
- **Portainer** : Interface de gestion pour déployer et superviser des environnements Docker.
- `deploy-docker-rainloop.yml`: Playbook pour déployer [Rainloop](https://github.com/RainLoop/rainloop-webmail).
- **Rainloop** : Client webmail rapide et moderne.
- `deploy-docker-uptimekuma.yml`: Playbook pour déployer [Uptime Kuma](https://github.com/louislam/uptime-kuma).
- **Uptime Kuma** : Outil de surveillance de sites web pour suivre le temps de disponibilité.
- `cloudflare.yml`: Playbook pour déployer [Cloudflare](https://github.com/cloudflare).
- **Cloudflare** : Réseau de diffusion de contenu et service de sécurité web.
- `codeserver.yml`: Playbook pour déployer [Code Server](https://github.com/coder/code-server).
- **Code Server** : Version de Visual Studio Code qui peut être exécutée dans un navigateur web.
- `deploy-homepage-config.yml`: Playbook pour déployer la configuration de la [Homepage](https://github.com/benphelps/homepage).
- **Homepage Configuration** : Configuration de l'interface web personnalisable pour accéder rapidement aux applications web et services.
- **roles/**: Contient les rôles Ansible pour le déploiement.
- **deploy-docker/**: Rôle pour déployer les conteneurs Docker.
- **tasks/**: Contient le fichier de tâches principal pour le déploiement.
- `main.yml`: Fichier de tâches principal pour exécuter les tâches de déploiement.
- **templates/**: Contient divers fichiers de configuration YAML pour différentes applications.
- `bitwarden.yml`: Configuration pour [Bitwarden](https://github.com/bitwarden/server).
- `bookstack.yml`: Configuration pour [Bookstack](https://github.com/BookStackApp/BookStack).
- `cloudflare-ddns.yml`: Configuration pour [Cloudflare DDNS](https://github.com/oznu/docker-cloudflare-ddns).
- `duplicati.yml`: Configuration pour [Duplicati](https://github.com/duplicati/duplicati).
- `easywall.yml`: Configuration pour [Easywall](https://github.com/ThomasKaiser/EasyWall).
- `filebrowser.yml`: Configuration pour [File Browser](https://github.com/filebrowser/filebrowser).
- `firefly.yml`: Configuration pour [Firefly III](https://github.com/firefly-iii/firefly-iii).
- `fivem.yml`: Configuration pour [FiveM](https://github.com/spritsail/fivem).
- `gitea.yml`: Configuration pour [Gitea](https://github.com/go-gitea/gitea).
- `heimdall.yml`: Configuration pour [Heimdall](https://github.com/linuxserver/Heimdall).
- `homepage.yml`: Configuration pour [Homepage](https://github.com/benphelps/homepage).
- `kanboard.yml`: Configuration pour [Kanboard](https://github.com/kanboard/kanboard).
- `nginx.yml`: Configuration pour [Nginx Proxy Manager](https://github.com/NginxProxyManager/nginx-proxy-manager).
- `portainer.yml`: Configuration pour [Portainer](https://github.com/portainer/portainer).
- `rainloop.yml`: Configuration pour [Rainloop](https://github.com/RainLoop/rainloop-webmail).
- `uptimekuma.yml`: Configuration pour [Uptime Kuma](https://github.com/louislam/uptime-kuma).
- **deploy-homepage-config/**: Rôle pour déployer la configuration de la [Homepage](https://github.com/benphelps/homepage).
- **pallxk.code_server/**: Rôle pour déployer l'environnement de [Code Server](https://github.com/coder/code-server).
- **defaults/**: Contient les variables par défaut pour le rôle.
- **handlers/**: Contient les handlers déclenchés par les tâches.
- **meta**: Contient les métadonnées sur le rôle.
- **tasks**: Contient les fichiers de tâches pour le rôle.
- **templates**: Contient les fichiers de template pour le rôle.
- **tests**: Contient les fichiers de test pour le rôle.
- **vars**: Contient les fichiers de variables pour le rôle.
## Prérequis
- Docker
- Ansible
## Installation
1. Clonez le dépôt :
```bash
git clone https://gitlab.com/votre-utilisateur/votre-depot.git
cd votre-depot
```
2. Exécutez le playbook Ansible :
```bash
ansible-playbook -i inventories/localhost.yml playbooks/docker/deploy-docker-bitwarden.yml
```
### Tutoriel de Déploiement de Playbook Ansible
1. **Configurer l'inventaire** :
- Assurez-vous que le fichier `inventories/localhost.yml` contient les informations nécessaires sur les hôtes.
- Exemple de contenu pour `localhost.yml` :
```yaml
all:
hosts:
localhost:
ansible_connection: local
```
2. **Configurer les variables d'hôte** :
- Modifiez le fichier `inventories/host_vars/localhost.yml` pour adapter les variables à votre environnement.
- Exemple de contenu pour `localhost.yml` :
```yaml
some_variable: some_value
```
3. **Lancer le Playbook** :
- Utilisez la commande suivante pour lancer le playbook souhaité :
```bash
ansible-playbook -i inventories/localhost.yml playbooks/docker/deploy-docker-fivem.yml
```
- Remplacez `deploy-docker-fivem.yml` par le playbook correspondant à l'application que vous souhaitez déployer.
### Détails du Répertoire
- **inventories/host_vars/localhost.yml**: Inventaire et variables spécifiques à localhost.
- **playbooks/docker/**: Contient les playbooks pour déployer divers conteneurs Docker.
- Chaque fichier YAML correspond à la configuration de déploiement pour une application spécifique.
- **roles/deploy-docker/tasks/main.yml**: Point d'entrée principal pour déployer les conteneurs Docker.
- **roles/deploy-docker/templates/**: Contient les configurations YAML pour chaque application.
- **roles/deploy-homepage-config/**: Gère le déploiement des configurations de la homepage.
- **roles/pallxk.code_server/**: Gère le déploiement de l'environnement du serveur de code.
## Configuration
- Modifiez les fichiers YAML dans `roles/deploy-docker/templates/` pour configurer les applications selon vos besoins.
- Mettez à jour le fichier d'inventaire avec les détails corrects du serveur.
## Contribuer
1. Forkez le dépôt.
2. Créez une nouvelle branche (`git checkout -b feature-branch`).
3. Apportez vos modifications.
4. Commitez vos modifications (`git commit -am 'Ajout d'une nouvelle fonctionnalité'`).
5. Poussez sur la branche (`git push origin feature-branch`).
6. Ouvrez une Merge Request.
## Licence
Ce projet est sous licence MIT - voir le fichier [LICENSE](LICENSE) pour plus de détails.
## Créateurs du Projet
- Big Geo: Ne supporte pas les humains donc Contact Via MichMich.
- MichMich (Discord: mitch_grey48)
## Remerciements
- Big Geo

490
ansible.cfg Normal file
View File

@@ -0,0 +1,490 @@
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
#hostfile = host_vars
inventory = /etc/ansible/inventories/
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit
# This only affects the gathering done by a play's gather_facts directive,
# by default gathering retrieves all facts subsets
# all - gather all subsets
# network - gather min and network facts
# hardware - gather hardware facts (longest facts to retrieve)
# virtual - gather min and virtual facts
# facter - import facts from facter
# ohai - import facts from ohai
# You can combine them using comma (ex: network,virtual)
# You can negate them using ! (ex: !hardware,!facter,!ohai)
# A minimal set of facts is always gathered.
#gather_subset = all
# some hardware related facts are collected
# with a maximum timeout of 10 seconds. This
# option lets you increase or decrease that
# timeout to something more suitable for the
# environment.
# gather_timeout = 10
# Ansible facts are available inside the ansible_facts.* dictionary
# namespace. This setting maintains the behaviour which was the default prior
# to 2.5, duplicating these variables into the main namespace, each with a
# prefix of 'ansible_'.
# This variable is set to True by default for backwards compatibility. It
# will be changed to a default of 'False' in a future release.
# ansible_facts.
# inject_facts_as_vars = True
# additional paths to search for roles in, colon separated
roles_path = /etc/ansible/roles
# uncomment this to disable SSH key host checking
host_key_checking = False
# change the default callback, you can only have one 'stdout' type enabled at a time.
#stdout_callback = skippy
## Ansible ships with some plugins that require whitelisting,
## this is done to avoid running all of a type by default.
## These setting lists those that you want enabled for your system.
## Custom plugins should not need this unless plugin author specifies it.
# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail
# Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these
# values to True will make includes behave more like they did in the
# 1.x versions.
#task_includes_static = False
#handler_includes_static = False
# Controls if a missing handler for a notification event is an error or a warning
#error_on_missing_handler = True
# change this for alternative sudo implementations
#sudo_exe = sudo
# What flags to pass to sudo
# WARNING: leaving out the defaults might create unexpected behaviours
#sudo_flags = -H -S -n
# SSH timeout
#timeout = 10
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log
# default module name for /usr/bin/ansible
#module_name = command
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace
# by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there
#private_role_vars = yes
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
private_key_file = ~/.ssh/kk.pub
# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
#vault_password_file = /etc/ansible/vault
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#ansible_managed = Ansible managed
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default, if a task in a playbook does not include a name: field then
# ansible-playbook will construct a header that includes the task's action but
# not the task's args. This is a security feature because ansible cannot know
# if the *module* considers an argument to be no_log at the time that the
# header is printed. If your environment doesn't have a problem securing
# stdout from ansible-playbook (or you have manually specified no_log in your
# playbook on all of the tasks where you have secret information) then you can
# safely set this to True to get more informative messages.
#display_args_to_stdout = False
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
#deprecation_warnings = True
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False
# set plugin path directories here, separate with colons
#action_plugins = /usr/share/ansible/plugins/action
#become_plugins = /usr/share/ansible/plugins/become
#cache_plugins = /usr/share/ansible/plugins/cache
#callback_plugins = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins = /usr/share/ansible/plugins/lookup
#inventory_plugins = /usr/share/ansible/plugins/inventory
#vars_plugins = /usr/share/ansible/plugins/vars
#filter_plugins = /usr/share/ansible/plugins/filter
#test_plugins = /usr/share/ansible/plugins/test
#terminal_plugins = /usr/share/ansible/plugins/terminal
#strategy_plugins = /usr/share/ansible/plugins/strategy
# by default, ansible will use the 'linear' strategy but you may want to try
# another one
#strategy = free
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below.
#cow_selection = default
#cow_selection = random
# when using the 'random' option for cowsay, stencils will be restricted to this list.
# it should be formatted as a comma-separated list with no spaces between names.
# NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them.
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
#fact_caching = memory
#This option tells Ansible where to cache facts. The value is plugin dependent.
#For the jsonfile plugin, it should be a path to a local directory.
#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#fact_caching_connection=/tmp
# retry files
# When a playbook fails a .retry file can be created that will be placed in ~/
# You can enable this feature by setting retry_files_enabled to True
# and you can change the location of the files by setting retry_files_save_path
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
# squash actions
# Ansible can optimise actions that call modules with list parameters
# when looping. Instead of calling the module once per with_ item, the
# module is called once with all items at once. Currently this only works
# under limited circumstances, and only with parameters named 'name'.
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
# prevents logging of task data, off by default
#no_log = False
# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False
# controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine. This option is False by default for security. Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x. See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False
# controls the compression level of variables sent to
# worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9.
#var_compression_level = 9
# controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory
# variable
#module_compression = 'ZIP_DEFLATED'
# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576
# This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI. If this is True then multiple arguments are merged together. If
# it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8.
#merge_multiple_cli_flags = True
# Controls showing custom stats at the end, off by default
#show_custom_stats = True
# Controls which files to ignore when using a directory as inventory with
# possibly multiple sources (both static and dynamic)
#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
# This family of modules use an alternative execution path optimized for network appliances
# only update this setting if you know how this works, otherwise it can break module execution
#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
# jinja2 templating language which will be run through the templating engine.
# ENABLING THIS COULD BE A SECURITY RISK
#allow_unsafe_lookups = False
# set default errors for all plays
#any_errors_fatal = False
[inventory]
# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
#enable_plugins = host_list, virtualbox, yaml, constructed
# ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns=
# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
#unparsed_is_failed=False
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices. This is a problem for some network devices
# that close the connection after a key failure. Uncomment this line to
# disable the Paramiko look for keys function
#look_for_keys = False
# When using persistent connections with Paramiko, the connection runs in a
# background process. If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key. This will cause connections
# running in background processes to fail. Uncomment this line to have
# Paramiko automatically add host keys.
#host_key_auto_add = True
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp
# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path =
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False
# Control the mechanism for transferring files (old)
# * smart = try sftp and then try scp [default]
# * True = use scp only
# * False = use sftp only
#scp_if_ssh = smart
# Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option
# * sftp = use sftp to transfer files
# * scp = use scp to transfer files
# * piped = use 'dd' over SSH to transfer files
# * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart
# if False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False
# The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default.
#usetty = True
# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
# For each retry attempt, there is an exponential backoff,
# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
#retries = 3
[persistent_connection]
# Configures the persistent connection timeout value in seconds. This value is
# how long the persistent connection will remain idle before it is destroyed.
# If the connection doesn't receive a request before the timeout value
# expires, the connection is shutdown. The default value is 30 seconds.
#connect_timeout = 30
# The command timeout value defines the amount of time to wait for a command
# or RPC call before timing out. The value for the command timeout must
# be less than the value of the persistent connection idle timeout (connect_timeout)
# The default value is 30 second.
#command_timeout = 30
[accelerate]
#accelerate_port = 5099
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p,vfat
# Set this to yes to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = yes
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan
[diff]
# Always print diff when running ( same as always running with -D/--diff )
# always = no
# Set how many context lines to show in diff
# context = 3

44
hosts Normal file
View File

@@ -0,0 +1,44 @@
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
#green.example.com
#blue.example.com
#192.168.100.1
#192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
#[webservers]
#alpha.example.org
#beta.example.org
#192.168.1.100
#192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
#www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
#[dbservers]
#
#db01.intranet.mydomain.net
#db02.intranet.mydomain.net
#10.25.1.56
#10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
#db-[99:101]-node.example.com

2
inventories/group_vars/all.yaml Normal file
View File

@@ -0,0 +1,2 @@
domaine_ext: bruxelleslife.com
s_tz: Europe/Paris

29
inventories/host_vars/localhost.yml Normal file
View File

@@ -0,0 +1,29 @@
m_user_name: root
m_cloudflare_add_cname:
- wiki
- password
- monitoring
- portainer
- backup
- dashboard
- fivem
- ansible
- file
- metrics
- database
- nginx
- boutique
- support
- reglement
- contact
- dossiers
- staff
- code
- tx
- panel
- budget
- mail
- planka
- git
#test

1
inventories/localhost Normal file
View File

@@ -0,0 +1 @@
localhost

42
playbooks/cloudflare.yml Normal file
View File

@@ -0,0 +1,42 @@
- name: Create record to {{domaine_ext}} and proxy through Cloudflare's network
hosts: localhost
connection: local
tasks:
- name: CNAME add
community.general.cloudflare_dns:
record: "{{ item }}"
zone: "{{domaine_ext}}"
type: CNAME
value: server.{{domaine_ext}}
proxied: no
account_email: 'dvsthibaut@gmail.com'
account_api_key: '75d6440ffb38a5ce7a99bf0e10ec720d1737a'
state: present
when: m_cloudflare_add_cname is defined
with_items:
- "{{ m_cloudflare_add_cname }}"
- name: Create TXT record with value to allow OVH
community.general.cloudflare_dns:
domain: "{{ domaine_ext }}"
record: "{{ domaine_ext }}"
type: TXT
value: v=spf1 +a +mx include:mx.ovh.com ~all
solo: true
account_email: 'dvsthibaut@gmail.com'
account_api_key: '75d6440ffb38a5ce7a99bf0e10ec720d1737a'
state: present
- name: CNAME Clean
community.general.cloudflare_dns:
record: "{{ item }}"
zone: "{{domaine_ext}}"
type: CNAME
value: server.{{domaine_ext}}
proxied: no
account_email: 'dvsthibaut@gmail.com'
account_api_key: '75d6440ffb38a5ce7a99bf0e10ec720d1737a'
state: absent
when: m_cloudflare_add_cname_clean is defined
with_items:
- "{{ m_cloudflare_add_cname_clean }}"

11
playbooks/codeserver.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- hosts: localhost
connection: local
gather_facts: yes
roles:
- name: pallxk.code_server
code_server_password: "BQ$fk#5i5aEcB$"
code_server_user: root
code_server_host: 0.0.0.0
code_server_port: 8443
code_server_work_dir: /etc/ansible

9
playbooks/deploy-homepage-config.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement de la configuration de "Homepage"
vars:
name_docker: homepage
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-homepage-config

9
playbooks/docker/deploy-docker-bacula.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Bacula"
vars:
name_docker: bacula
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-bitwarden.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Bitwarden"
vars:
name_docker: bitwarden
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-bookstack.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Bookstack"
vars:
name_docker: bookstack
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-cloudflare-ddns.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Cloudflare DDNS"
vars:
name_docker: cloudflare-ddns
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-codeserver.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Code Server"
vars:
name_docker: codeserver
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-discordbot.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Discordbot"
vars:
name_docker: discordbot
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-dolibarr.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Dolibarr
vars:
name_docker: dolibarr
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-duplicati.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Duplicati"
vars:
name_docker: duplicati
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-easywall.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Easywall"
vars:
name_docker: easywall
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-file_browser.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "File Browser"
vars:
name_docker: filebrowser
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-firefly.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Firefly"
vars:
name_docker: firefly
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-fivem.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "FiveM"
vars:
name_docker: fivem
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-gitea.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Gitea"
vars:
name_docker: gitea
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-heimdall.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Heimdall"
vars:
name_docker: heimdall
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-homepage.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "homepage"
vars:
name_docker: homepage
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-kanboard.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Kanboard"
vars:
name_docker: kanboard
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-nginx.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "NGINX"
vars:
name_docker: nginx
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-planka.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Planka"
vars:
name_docker: planka
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-portainer.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Portainer"
vars:
name_docker: portainer
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-postgressemaphore.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "postgressemaphore"
vars:
name_docker: postgressemaphore
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-rainloop.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Rainloop"
vars:
name_docker: rainloop
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-redm-die.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "RedM2"
vars:
name_docker: redm-die
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-redm.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "RedM"
vars:
name_docker: redm
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

9
playbooks/docker/deploy-docker-uptimekuma.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: Deploiement du container "Utpime Kuma"
vars:
name_docker: uptimekuma
hosts: localhost
connection: local
become: true
become_user: "{{ m_user_name }}"
roles:
- deploy-docker

19
roles/deploy-docker/tasks/main.yml Normal file
View File

@@ -0,0 +1,19 @@
---
- name: création du dossier "{{ name_docker }}"
file:
path: "/home/ubuntu/{{ name_docker }}"
state: directory
- name: Copie du template docker-compose - "{{ name_docker }}"
template:
src: "{{ name_docker }}.yml"
dest: "/home/ubuntu/{{ name_docker }}/docker-compose.yml"
become: yes
- name: Telechargement du container "VM" - "{{ name_docker }}"
shell: chdir=/home/ubuntu/{{ name_docker }} docker compose pull
# become: "{{ m_user_name }}"
- name: Deployement du container "VM" - "{{ name_docker }}"
shell: chdir=/home/ubuntu/{{ name_docker }} docker compose up -d
# become: "{{ m_user_name }}"

100
roles/deploy-docker/templates/bacula.yml Normal file
View File

@@ -0,0 +1,100 @@
version: '3.1'
services:
db:
image: eftechcombr/bacula:15.0.2-catalog
restart: unless-stopped
environment:
POSTGRES_PASSWORD: bacula
POSTGRES_USER: bacula
POSTGRES_DB: bacula
volumes:
- ./pgdata:/var/lib/postgresql/data:rw
ports:
- 5432:5432
#
bacula-dir:
image: eftechcombr/bacula:15.0.2-director
restart: unless-stopped
volumes:
- ./etc:/opt/bacula/etc:ro
depends_on:
- db
ports:
- 9101:9101
#
bacula-sd:
image: eftechcombr/bacula:15.0.2-storage
restart: unless-stopped
depends_on:
- bacula-dir
- db
volumes:
- ./etc:/opt/bacula/etc:ro
ports:
- 9103:9103
#
bacula-fd:
image: eftechcombr/bacula:15.0.2-client
restart: unless-stopped
depends_on:
- bacula-sd
- bacula-dir
- db
volumes:
- ./etc:/opt/bacula/etc:ro
ports:
- 9102:9102
baculum-api:
image: eftechcombr/baculum:15.0.2-api
restart: unless-stopped
depends_on:
- db
- bacula-dir
volumes:
- ./etc/bconsole.conf:/opt/bacula/etc/bconsole.conf:ro
- ./etc/baculum:/etc/baculum:rw
ports:
- 9096:9096
#
baculum-web:
image: eftechcombr/baculum:15.0.2-web
restart: unless-stopped
depends_on:
- baculum-api
volumes:
- ./etc/bconsole.conf:/opt/bacula/etc/bconsole.conf:ro
- ./etc/baculum:/etc/baculum:rw
ports:
- 9095:9095
#
#volumes:
# pgdata:
#
# gmail:
# image: eftechcombr/postfix:gmail
# restart: unless-stopped
# depends_on:
# - bacula-dir
# # ports:
# # - 30025:25
# environment:
# GMAIL_USER: xxxxxxxx
# GMAIL_PASS: xxxxxxxx
#
# smtp2tg:
# image: b3vis/docker-smtp2tg
# restart: unless-stopped
# volumes:
# - ./etc/smtp2tg.toml:/config/smtp2tg.toml:ro
# # ports:
# # - "31025:25"
# depends_on:
# - bacula-dir
#
#
#volumes:
# pgdata:

28
roles/deploy-docker/templates/bitwarden.yml Normal file
View File

@@ -0,0 +1,28 @@
---
version: '3.1'
services:
Bitwarden:
image: vaultwarden/server:latest
container_name: {{ name_docker }}
hostname: {{ name_docker }}
restart: always
environment:
- SIGNUPS_ALLOWED=true
- ADMIN_TOKEN=fhBMPCHo0TUNDB
- SHOW_PASSWORD_HINT=true
- DOMAIN=https://password.{{ domaine_ext }}
- SMTP_HOST=ssl0.ovh.net
- SMTP_FROM=contact@{{ domaine_ext }}
- SMTP_FROM_NAME=RedFrontier Password Manager (Bitwarden)
- SMTP_SECURITY=force_tls
# ("starttls", "force_tls", "off") Enable a secure connection. Default is "starttls" (Explicit - ports 587 or 25), "force_tls" (Implicit - port 465) or "off", no encryption (port 25)
- SMTP_PORT=465
# Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 (submissions) is used for encrypted submission (Implicit TLS).
- SMTP_USERNAME=contact@{{ domaine_ext }}
- SMTP_PASSWORD=Jemeqq3dw@louovh
- SMTP_TIMEOUT=15
ports:
- 9091:80
- 9092:3012
volumes:
- ./:/data

51
roles/deploy-docker/templates/bookstack.yml Normal file
View File

@@ -0,0 +1,51 @@
version: "3"
services:
bookstack:
image: linuxserver/bookstack:latest
container_name: {{ name_docker }}
hostname: {{ name_docker }}
volumes:
- ./config:/config
environment:
- APP_URL=https://wiki.{{domaine_ext}}
- PGID=1000
- PUID=1000
- DB_HOST=bookstack-db
- DB_DATABASE=bookstack
- DB_USERNAME=bxlife
- DB_PASSWORD=3aslZpYfZ0j8nEbz
- DISCORD_APP_ID=1294769940171067413
- DISCORD_APP_SECRET=UdI8nbpOzk9LuAV2qxn6sMVdOI_XptZ3
- APP_LANG=fr
- APP_THEME="custom"
# - MAIL_ENCRYPTION=
# - MAIL_FROM_NAME=
# - MAIL_FROM=
# - MAIL_PORT=
# - MAIL_PASSWORD=
# - MAIL_USERNAME=
# - MAIL_HOST=
- FILE_UPLOAD_SIZE_LIMIT=999
- APP_DEFAULT_DARK_MODE=true
- ALLOWED_IFRAME_SOURCES="*"
ports:
- 10003:443
- 10004:80
restart: always
depends_on:
- bookstack-db
bookstack-db:
image: mariadb:10.3
container_name: bookstack-db
environment:
- PUID=1000
- PGID=1000
- MYSQL_ROOT_PASSWORD=g6u3h9QWAGE9Q8
- TZ=Europe/Paris
- MYSQL_DATABASE=bookstack
- MYSQL_USER=bxlife
- MYSQL_PASSWORD=3aslZpYfZ0j8nEbz
volumes:
- ./mysql:/var/lib/mysql
restart: always

12
roles/deploy-docker/templates/cloudflare-ddns.yml Normal file
View File

@@ -0,0 +1,12 @@
version: '3'
services:
cloudflare-ddns-server:
container_name: CloudFlare-DDNS-SERVEUR
hostname: CloudFlare-DDNS-SERVER
image: oznu/cloudflare-ddns:latest
restart: always
environment:
- API_KEY=pI56QZrEywuFBB5mAAdz-d-4WCjP-_5-R0fYesjQ
- ZONE={{domaine_ext}}
- SUBDOMAIN=server
- PROXIED=false

20
roles/deploy-docker/templates/codeserver.yml Normal file
View File

@@ -0,0 +1,20 @@
version: "3.1"
services:
codeserver:
image: linuxserver/code-server:latest
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
- PASSWORD=caabda9758f649bb01572c7b
volumes:
- ./config:/config
ports:
- 4850:8443
restart: always
healthcheck:
test: curl -f http://localhost:8443/ || exit 1
interval: 60s
retries: 5
start_period: 20s
timeout: 10s

20
roles/deploy-docker/templates/dolibarr.yml Normal file
View File

@@ -0,0 +1,20 @@
version: "3"
services:
mariadb:
image: mariadb:latest
environment:
MYSQL_ROOT_PASSWORD: 5XgEvqxdAUTA6f
MYSQL_DATABASE: dolibarr
web:
image: tuxgasy/dolibarr
environment:
DOLI_DB_HOST: mariadb
DOLI_DB_USER: root
DOLI_DB_PASSWORD: 5XgEvqxdAUTA6f
DOLI_DB_NAME: dolibarr
DOLI_URL_ROOT: 'http://0.0.0.0'
PHP_INI_DATE_TIMEZONE: 'Europe/Paris'
ports:
- "80:80"
links:
- mariadb

20
roles/deploy-docker/templates/duplicati.yml Normal file
View File

@@ -0,0 +1,20 @@
version: "3.9"
services:
duplicati:
image: linuxserver/duplicati
container_name: duplicati
restart: always
ports:
- 8200:8200 # Interface web accessible sur http://localhost:8200
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
- SETTINGS_ENCRYPTION_KEY=nyfNRe229zQTGVVh # 🔐 Ajoute une clé de chiffrement
- DUPLICATI__WEB__AUTHENTICATION__USERNAME=bxlife
- DUPLICATI__WEB__AUTHENTICATION__PASSWORD=LhjlWfTa3ahuOg9J
volumes:
- /:/host_root:ro # Accès en lecture seule à tout l'hôte
- ./backups:/source # Dossier où sont stockés les backups locaux
- ./duplicati:/config # Configuration et base de données Duplicati

14
roles/deploy-docker/templates/filebrowser.yml Normal file
View File

@@ -0,0 +1,14 @@
version: "3"
services:
file_browser:
image: filebrowser/filebrowser:latest
container_name: {{ name_docker }}
hostname: {{ name_docker }}
environment:
- PUID=1000
- PGID=1000
volumes:
- /:/srv
ports:
- 8963:80
restart: always

36
roles/deploy-docker/templates/firefly.yml Normal file
View File

@@ -0,0 +1,36 @@
version: "3"
services:
firefly:
image: fireflyiii/core:latest
container_name: Firefly
volumes:
- ./app:/var/www/html/storage/upload
environment:
- APP_URL=https://budget.{{ domaine_ext }}
- TRUSTED_PROXIES=**
- APP_KEY=azertyuiopqsdfghjklmwxcvbn123456
- DB_HOST=firefly-db
- DB_PORT=3306
- DB_CONNECTION=mysql
- DB_DATABASE=firefly
- DB_USERNAME=bxlife
- DB_PASSWORD=YKo9iG2&CsSb3fKNTm%UosVeC
ports:
- 17555:8080
restart: always
depends_on:
- firefly-db
firefly-db:
image: mariadb:10.5.21
container_name: firefly_db
environment:
- PUID=1000
- PGID=1000
- MYSQL_ROOT_PASSWORD=YFEyHkb7tizo9h
- TZ=Europe/Paris
- MYSQL_DATABASE=firefly
- MYSQL_USER=bxlife
- MYSQL_PASSWORD=YKo9iG2&CsSb3fKNTm%UosVeC
volumes:
- ./config/mysql:/var/lib/mysql
restart: unless-stopped

50
roles/deploy-docker/templates/fivem.yml Normal file
View File

@@ -0,0 +1,50 @@
version: "3.9"
services:
fivem:
image: spritsail/fivem:13227
container_name: fivem
environment:
- NO_LICENSE_KEY=1
- NO_DEFAULT_CONFIG=1
- PUID=0
- PGID=0
volumes:
- ./config:/config
- ./txData:/txData
ports:
- '40120:40120'
- '30120:30120'
- '30120:30120/udp'
restart: always
depends_on:
- fivem-db
fivem-db:
image: mariadb:10.11.6
container_name: fivem_db
environment:
- PUID=0
- PGID=0
- MYSQL_ROOT_PASSWORD=tdDgrdv6cs2J0D
- TZ=Europe/Paris
- MYSQL_DATABASE=hardb
- MYSQL_USER=har-admin
- MYSQL_PASSWORD=Xu22DW2SUwfGFv
#- MYSQL_ALLOW_EMPTY_PASSWORD=yes
command:
--sql_mode=NO_ZERO_IN_DATE,NO_ZERO_DATE,NO_ENGINE_SUBSTITUTION
ports:
- 3306:3306
volumes:
- ./mysql:/var/lib/mysql
# - ./mysql/my.cnf:/etc/mysql/my.cnf
restart: always
phpmyadmin:
image: phpmyadmin
restart: always
ports:
- 8080:80
environment:
- PMA_ARBITRARY=1
- UPLOAD_LIMIT=100M
depends_on:
- fivem-db

62
roles/deploy-docker/templates/gitea.yml Normal file
View File

@@ -0,0 +1,62 @@
version: "3.9"
services:
db:
image: postgres
container_name: Gitea-DB
hostname: gitea-db
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "gitea", "-U", "osmf15Ox8vsF9jqW"]
timeout: 45s
interval: 10s
retries: 10
user: 0:0
volumes:
- ./db:/var/lib/postgresql/data:rw
environment:
- POSTGRES_DB=gitea
- POSTGRES_USER=osmf15Ox8vsF9jqW
- POSTGRES_PASSWORD=6PLjxG0mXGAfNrK4rUT7wrlzQJ9r4IOq
restart: on-failure:5
web:
image: gitea/gitea:latest
container_name: Gitea
hostname: gitea
security_opt:
- no-new-privileges:true
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:3000/ || exit 1
ports:
- 3052:3000
- '2222:22'
volumes:
- ./data:/data
- /etc/TZ:/etc/TZ:ro
- /etc/localtime:/etc/localtime:ro
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=gitea-db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=osmf15Ox8vsF9jqW
- GITEA__database__PASSWD=6PLjxG0mXGAfNrK4rUT7wrlzQJ9r4IOq
- ROOT_URL=https://git.{{domaine_ext}}
restart: on-failure:5
depends_on:
- db
runner:
image: gitea/act_runner:nightly
environment:
CONFIG_FILE: /config.yaml
GITEA_INSTANCE_URL: "https://git.{{domaine_ext}}"
GITEA_RUNNER_REGISTRATION_TOKEN: "2D0IxOHijNQVrMhKav8nGNpyJlF8qia51fy1Lwch"
GITEA_RUNNER_NAME: "runner_prod"
GITEA_RUNNER_LABELS: "runner_prod"
volumes:
- ./runner/config.yaml:/config.yaml
#- /home/ubuntu/redm/txData/RexshackRedMBuild_000214.base:/data/redm
- ./runner/data:/data
- /var/run/docker.sock:/var/run/docker.sock

16
roles/deploy-docker/templates/heimdall.yml Normal file
View File

@@ -0,0 +1,16 @@
version: "3"
services:
heimdall:
image: linuxserver/heimdall:latest
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
- APP_URL=https://panel.{{ domaine_ext }}
volumes:
- ./data:/config
ports:
- 9705:80
- 9706:443
restart: always

36
roles/deploy-docker/templates/nginx.yml Normal file
View File

@@ -0,0 +1,36 @@
version: '3'
services:
nginx:
image: 'jc21/nginx-proxy-manager:latest'
container_name: {{ name_docker }}
hostname: {{ name_docker }}
restart: always
ports:
- '80:80'
- '81:81'
- '443:443'
environment:
DB_MYSQL_HOST: "nginx-db"
DB_MYSQL_PORT: 3306
DB_MYSQL_USER: "bxlife"
DB_MYSQL_PASSWORD: "dKGLhPrlaYOWAOZ0"
DB_MYSQL_NAME: "nginx"
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
- nginx-db
nginx-db:
image: mariadb:latest
container_name: nginx-db
environment:
- PUID=1000
- PGID=1000
- MYSQL_ROOT_PASSWORD=xv4gv5k8qGXlrUUl
- TZ={{s_tz}}
- MYSQL_DATABASE=nginx
- MYSQL_USER=bxlife
- MYSQL_PASSWORD=dKGLhPrlaYOWAOZ0
volumes:
- ./config/mysql:/var/lib/mysql
restart: unless-stopped

94
roles/deploy-docker/templates/planka.yml Normal file
View File

@@ -0,0 +1,94 @@
version: '3'
services:
planka:
image: ghcr.io/plankanban/planka:latest
restart: on-failure
volumes:
- ./user-avatars:/app/public/user-avatars
- ./project-background-images:/app/public/project-background-images
- ./attachments:/app/private/attachments
ports:
- 20145:1337
environment:
- BASE_URL=https://planka.{{ domaine_ext }}
- DATABASE_URL=postgresql://postgres@postgres/planka
- SECRET_KEY=2ZNQf7B0072PS4
# - TRUST_PROXY=1
# - TOKEN_EXPIRES_IN=365 # In days
# related: https://github.com/knex/knex/issues/2354
# As knex does not pass query parameters from the connection string we
# have to use environment variables in order to pass the desired values, e.g.
# - PGSSLMODE=<value>
# Configure knex to accept SSL certificates
# - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false
- DEFAULT_ADMIN_EMAIL=info@bruxelleslife.com # Do not remove if you want to prevent this user from being edited/deleted
- DEFAULT_ADMIN_PASSWORD=FHOHozginO95jx
- DEFAULT_ADMIN_NAME=bxlife
- DEFAULT_ADMIN_USERNAME=bxlife
# - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
# - ALLOW_ALL_TO_CREATE_PROJECTS=true
# - OIDC_ISSUER=
# - OIDC_CLIENT_ID=
# - OIDC_CLIENT_SECRET=
# - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=
# - OIDC_USERINFO_SIGNED_RESPONSE_ALG=
# - OIDC_SCOPES=openid email profile
# - OIDC_RESPONSE_MODE=fragment
# - OIDC_USE_DEFAULT_RESPONSE_MODE=true
# - OIDC_ADMIN_ROLES=admin
# - OIDC_CLAIMS_SOURCE=userinfo
# - OIDC_EMAIL_ATTRIBUTE=email
# - OIDC_NAME_ATTRIBUTE=name
# - OIDC_USERNAME_ATTRIBUTE=preferred_username
# - OIDC_ROLES_ATTRIBUTE=groups
# - OIDC_IGNORE_USERNAME=true
# - OIDC_IGNORE_ROLES=true
# - OIDC_ENFORCED=true
# Email Notifications (https://nodemailer.com/smtp/)
- SMTP_HOST=mail.bruxelleslife.com
- SMTP_PORT=465
- SMTP_NAME=Bruxelles Life Mail
- SMTP_SECURE=true
- SMTP_USER=info@bruxelleslife.com
- SMTP_PASSWORD=vX6@kTScdN94MTJ
- SMTP_FROM="Bruxelles Life" <info@bruxelleslife.com>
- SMTP_TLS_REJECT_UNAUTHORIZED=false
# Optional fields: accessToken, events, excludedEvents
# - |
# WEBHOOKS=[{
# "url": "http://localhost:3001",
# "accessToken": "notaccesstoken",
# "events": ["cardCreate", "cardUpdate", "cardDelete"],
# "excludedEvents": ["notificationCreate", "notificationUpdate"]
# }]
# - SLACK_BOT_TOKEN=
# - SLACK_CHANNEL_ID=
# - GOOGLE_CHAT_WEBHOOK_URL=
depends_on:
postgres:
condition: service_healthy
postgres:
image: postgres:14-alpine
restart: on-failure
volumes:
- ./db-data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=planka
- POSTGRES_HOST_AUTH_METHOD=trust
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
interval: 10s
timeout: 5s
retries: 5

14
roles/deploy-docker/templates/portainer.yml Normal file
View File

@@ -0,0 +1,14 @@
version: '3'
services:
portainer:
image: 'portainer/portainer-ce:latest'
container_name: {{ name_docker }}
hostname: {{ name_docker }}
restart: always
network_mode: bridge
ports:
- '8000:8000'
- '9000:9000'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./:/data

16
roles/deploy-docker/templates/postgressemaphore.yml Normal file
View File

@@ -0,0 +1,16 @@
version: "3.9"
name: postgressemaphore
services:
db:
image: postgres
container_name: postgressemaphore_db
hostname: postgressemaphore_db
restart: always
volumes:
- ./db:/var/lib/postgresql/data
environment:
POSTGRES_DB: semaphore
POSTGRES_USER: semaphore
POSTGRES_PASSWORD: TANee5sqeFsgSQf7
ports:
- '5433:5432'

10
roles/deploy-docker/templates/rainloop.yml Normal file
View File

@@ -0,0 +1,10 @@
version: '3'
services:
rainloop:
image: wernerfred/docker-rainloop:latest
container_name: rainloop
restart: always
ports:
- 8088:80
volumes:
- ./:/rainloop/data

12
roles/deploy-docker/templates/uptimekuma.yml Normal file
View File

@@ -0,0 +1,12 @@
version: '3.3'
services:
uptime-kuma:
image: louislam/uptime-kuma:latest
container_name: {{ name_docker }}
hostname: {{ name_docker }}
volumes:
- ./uptimekuma:/app/data
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 10028:3001
restart: always

3
roles/deploy-homepage-config/defaults/main.yml Normal file
View File

@@ -0,0 +1,3 @@
domaine_ext: belgiumrp.net
nginx_user: brp-01@outlook.com
nginx_pass: Q^mbDpZD2h9GKf

BIN
roles/deploy-homepage-config/files/backgrounds/background-datacenter.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
roles/deploy-homepage-config/files/backgrounds/background-space.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 MiB

BIN
roles/deploy-homepage-config/files/icons/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

64
roles/deploy-homepage-config/tasks/main.yml Normal file
View File

@@ -0,0 +1,64 @@
---
- name: Copie du template "Settings"
template:
src: "settings.yaml"
dest: "/home/ubuntu/{{ name_docker }}/settings.yaml"
become: yes
- name: Copie du template "Bookmarks"
template:
src: "bookmarks.yaml"
dest: "/home/ubuntu/{{ name_docker }}/bookmarks.yaml"
become: yes
- name: Copie du template "Services"
template:
src: "services.yaml"
dest: "/home/ubuntu/{{ name_docker }}/services.yaml"
become: yes
- name: Copie du template "Widgets"
template:
src: "widgets.yaml"
dest: "/home/ubuntu/{{ name_docker }}/widgets.yaml"
become: yes
- name: Copie du template "Custom.css"
template:
src: "custom.css"
dest: "/home/ubuntu/{{ name_docker }}/custom.css"
become: yes
- name: Copie du template "Custom.js"
template:
src: "custom.js"
dest: "/home/ubuntu/{{ name_docker }}/custom.js"
become: yes
- name: Copie du template "Docker"
template:
src: "docker.yaml"
dest: "/home/ubuntu/{{ name_docker }}/docker.yaml"
become: yes
- name: Copie du template "Kubernetes"
template:
src: "kubernetes.yaml"
dest: "/home/ubuntu/{{ name_docker }}/kubernetes.yaml"
become: yes
- name: "Copie des backgrounds"
copy:
src: "{{ item }}"
dest: "/home/ubuntu/{{ name_docker }}/images/"
with_fileglob:
- "/etc/ansible/roles/homepage-config/files/backgrounds/*"
become: yes
- name: "Copie des icons"
copy:
src: "{{ item }}"
dest: "/home/ubuntu/{{ name_docker }}/icons/"
with_fileglob:
- "/etc/ansible/roles/homepage-config/files/icons/*"
become: yes

10
roles/deploy-homepage-config/templates/bookmarks.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/latest/configs/bookmarks
- Bookmarks:
- Simple Icon:
- abbr: SI
icon: si-simpleicons
href: https://simpleicons.org/

0
roles/deploy-homepage-config/templates/custom.css Normal file
View File

0
roles/deploy-homepage-config/templates/custom.js Normal file
View File

10
roles/deploy-homepage-config/templates/docker.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/latest/configs/docker/
# my-docker:
# host: 127.0.0.1
# port: 2375
# my-docker:
# socket: /var/run/docker.sock

2
roles/deploy-homepage-config/templates/kubernetes.yaml Normal file
View File

@@ -0,0 +1,2 @@
---
# sample kubernetes config

57
roles/deploy-homepage-config/templates/services.yaml Normal file
View File

@@ -0,0 +1,57 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/latest/configs/services
- Reseau:
- Nginx Proxy Manager:
href: https://nginx.{{ domaine_ext }}
icon: si-nginxproxymanager-#F15833
description: Reverse Proxy
widget:
type: npm
url: https://nginx.{{ domaine_ext }}
username: {{ nginx_user }}
password: "{{ nginx_pass }}"
- Uptime Kuma:
href: https://monitoring.{{ domaine_ext }}
icon: si-uptimekuma-#5CDD8B
description: Monitoring Network
widget:
type: uptimekuma
url: https://monitoring.{{ domaine_ext }}
slug: belgiumrp
- Home Lab:
- Portainer:
href: https://portainer.{{ domaine_ext }}
icon: si-portainer-#13BEF9
description: Gestionnaire de container
widget:
type: portainer
url: https://portainer.{{ domaine_ext }}
env: 1
key: ptr_yiqjc2hL2H2G7gXU5WxQbAHvCo4UkqVJsOyfutvQXS4=
- Infra:
- Ansible Code Server:
href: https://ansible.{{ domaine_ext }}
icon: si-visualstudiocode-#007ACC
description: Visual Studio Code (WEB) - Ansible
- Bitwarden:
href: https://bitwarden.{{ domaine_ext }}
icon: si-bitwarden-#175DDC
description: Password Manager
- Bookstack:
href: https://wiki.{{ domaine_ext }}
icon: si-bookstack-#0288D1
description: Wiki Belgium RP
# - Grafana:
# href: https://grafana.{{ domaine_ext }}
# icon: si-grafana-#F46800
# description: Monitoring

58
roles/deploy-homepage-config/templates/settings.yaml Normal file
View File

@@ -0,0 +1,58 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/latest/configs/settings
title: "Belgium RP Staff Dashboard"
headerStyle: boxed
language: fr
startUrl: https://dashboard.belgiumrp.net
hideErrors: true
target: _self # Possible options include _blank, _self, and _top
statusStyle: 'dot'
hideVersion: true
providers:
openweathermap: openweathermapapikey
weatherapi: weatherapiapikey
background:
image: /images/background-datacenter.jpg
blur: md # sm, "", md, xl... see https://tailwindcss.com/docs/backdrop-blur
saturate: 50 # 0, 50, 100... see https://tailwindcss.com/docs/backdrop-saturate
brightness: 50 # 0, 50, 75... see https://tailwindcss.com/docs/backdrop-brightness
opacity: 50 # 0-100
quicklaunch:
searchDescriptions: true
hideInternetSearch: false
showSearchSuggestions: true
hideVisitURL: false
layout:
Reseau:
useEqualHeights: true
disableCollapse: true
style: row
columns: 4
Home Lab:
useEqualHeights: true
disableCollapse: true
style: row
columns: 4
Infra:
useEqualHeights: true
disableCollapse: true
style: row
columns: 6
Bookmarks:
useEqualHeights: true
disableCollapse: true
style: row
columns: 5
theme: dark # or light
color: slate # Supported colors: slate, gray, zinc, neutral, stone, amber, yellow, lime, green, emerald, teal, cyan, sky, blue, indigo, violet, purple, fuchsia, pink, rose, red, white

23
roles/deploy-homepage-config/templates/widgets.yaml Normal file
View File

@@ -0,0 +1,23 @@
---
# For configuration options and examples, please see:
# https://gethomepage.dev/latest/configs/service-widgets
- logo:
icon: si-awselasticloadbalancing
- resources:
cpu: true
memory: true
- search:
provider: google # google, duckduckgo, bing, baidu, brave or custom
focus: true # Optional, will set focus to the search bar on page load
showSearchSuggestions: true # Optional, will show search suggestions. Defaults to false
target: _blank # One of _self, _blank, _parent or _top
- datetime:
locale: fr
text_size: xl
format:
timeStyle: short
dateStyle: short

7
roles/pallxk.code_server/.gitignore vendored Normal file
View File

@@ -0,0 +1,7 @@
# Created by https://www.gitignore.io/api/ansible
# Edit at https://www.gitignore.io/?templates=ansible
### Ansible ###
*.retry
# End of https://www.gitignore.io/api/ansible

12
roles/pallxk.code_server/.travis.yml Normal file
View File

@@ -0,0 +1,12 @@
dist: bionic
addons:
apt:
packages:
- ansible-lint
script:
- ansible-lint **/*.yml
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

20
roles/pallxk.code_server/LICENSE Normal file
View File

@@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2020 test.cab <git@test.cab>
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

15
roles/pallxk.code_server/defaults/main.yml Normal file
View File

@@ -0,0 +1,15 @@
---
#code_server_ver: ""
code_server_install_prefix: /usr/local
code_server_data_dir: "{{ ansible_user_dir }}/.local/share/code-server"
#code_server_work_dir: "{{ ansible_user_dir }}"
code_server_auth: password
#code_server_password: ""
code_server_user: "{{ ansible_user_id }}"
code_server_host: 0.0.0.0
code_server_port: 8080
code_server_env: {}
#code_server_tls_cert: ""
code_server_tls_cert_remote: no
#code_server_tls_key: ""
code_server_tls_key_remote: no

11
roles/pallxk.code_server/handlers/main.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: Restart code-server
become: yes
systemd:
daemon-reload: yes
name: code-server
state: restarted
# We mark the service as Type=notify to auto restart it routinely,
# but it's actually Type=simple, so "no_block: yes" here to avoid stuck.
no_block: yes
when: code_server_configure_service

2
roles/pallxk.code_server/meta/.galaxy_install_info Normal file
View File

@@ -0,0 +1,2 @@
install_date: Thu Mar 16 20:50:57 2023
version: v4.0.0

59
roles/pallxk.code_server/meta/main.yml Normal file
View File

@@ -0,0 +1,59 @@
galaxy_info:
role_name: code_server
author: pallxk
description: Install and configure the latest or specified version of code-server (v4, v3, v2 & v1).
company: test.cab
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: MIT
min_ansible_version: 2.8
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: ArchLinux
versions:
- all
- name: Debian
versions:
- buster
- name: EL
versions:
- 7
- name: Fedora
versions:
- 31
- name: SLES
versions:
- 15
- name: Ubuntu
versions:
- bionic
galaxy_tags:
- development
- code
- codeserver
- vscode
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

50
roles/pallxk.code_server/tasks/check-code-server.yml Normal file
View File

@@ -0,0 +1,50 @@
- name: Check code-server binary exists
stat:
path: "{{ code_server_bin_dir }}/code-server"
follow: yes
register: code_server_exists
# This check is compatible with code-server v1, v2 and v3
#
# v3.6.0:
# 3.6.0 a4a03c14922ccaec2a9ff8d1b7b2af8522a4214d
#
# v3.5.0:
# [2020-09-01T06:20:36.864Z] info Using config file ~/.config/code-server/config.yaml
# 3.5.0 de41646fc402b968ca6d555fdf2da7de9554d28a
#
# v3.4.1:
# info Using config file ~/.config/code-server/config.yaml
# 3.4.1 48f7c2724827e526eeaa6c2c151c520f48a61259
#
# v3.0.2:
# 3.0.2 e480f6527e11344a7c69b7cd024bce9379cea7f0
#
# v3:
# 3.0.0
#
# v2:
# info 2.1698-vsc1.41.1
# info f51e045cd5483561afc07694f39307fb673b6d1d
# info x64
#
# v1:
# 1.1156-vsc1.33.1
- name: Check installed code-server version
shell: 'set -o pipefail; code-server --version | grep -P -o "(?<=^|info )\d+(\.\d+)+(-[^ ]+)?"'
args:
executable: /bin/bash
register: code_server_version
when: code_server_exists.stat.exists
changed_when: no
- name: Check latest code-server version
uri:
url: https://api.github.com/repos/cdr/code-server/releases
register: code_server_releases
when: code_server_ver is undefined
- name: Set code-server latest version
set_fact:
code_server_ver: "{{ code_server_releases.json[0].tag_name }}"
when: code_server_ver is undefined

19
roles/pallxk.code_server/tasks/configure-code-server.yml Normal file
View File

@@ -0,0 +1,19 @@
- name: Create code-server data dir
file:
path: "{{ code_server_data_dir }}"
state: directory
- name: Copy code-server env file
template:
src: env
dest: "{{ code_server_data_dir }}"
mode: 0600
notify: Restart code-server
when: code_server_password is defined or
code_server_env|length > 0
- block:
- import_tasks: copy-certs.yml
rescue:
- import_tasks: copy-certs.yml
become: yes

21
roles/pallxk.code_server/tasks/copy-certs.yml Normal file
View File

@@ -0,0 +1,21 @@
- name: Copy TLS certificate
copy:
remote_src: "{{ code_server_tls_cert_remote }}"
src: "{{ code_server_tls_cert }}"
dest: "{{ code_server_data_dir }}/tls.cert"
owner: "{{ code_server_user }}"
group: "{{ ansible_user_gid|string }}"
mode: 0440
notify: Restart code-server
when: code_server_tls_cert is defined
- name: Copy TLS key
copy:
remote_src: "{{ code_server_tls_key_remote }}"
src: "{{ code_server_tls_key }}"
dest: "{{ code_server_data_dir }}/tls.key"
owner: "{{ code_server_user }}"
group: "{{ ansible_user_gid|string }}"
mode: 0440
notify: Restart code-server
when: code_server_tls_key is defined

18
roles/pallxk.code_server/tasks/deprecate.yml Normal file
View File

@@ -0,0 +1,18 @@
- name: Check usage of deprecated variables
debug:
msg: "'{{ item }}' is deprecated, please use 'code_server_{{ item }}'"
when: "{{ item }} is defined"
with_items:
- tls_cert
- tls_key
- tls_cert_remote
- tls_key_remote
- name: Set corresponding code_server_ variables
set_fact: code_server_{{ item }}={{ lookup('vars', item) }}
when: "{{ item }} is defined"
with_items:
- tls_cert
- tls_key
- tls_cert_remote
- tls_key_remote

12
roles/pallxk.code_server/tasks/install-code-server-legacy.yml Normal file
View File

@@ -0,0 +1,12 @@
- name: Download code-server legacy
become: yes
unarchive:
remote_src: yes
src: "{{ code_server_tar_url }}"
dest: "{{ code_server_bin_dir }}"
extra_opts:
- --strip-components=1
- --wildcards
- "*/code-server"
notify: Restart code-server
when: code_server_download_needed

13
roles/pallxk.code_server/tasks/install-code-server-service.yml Normal file
View File

@@ -0,0 +1,13 @@
- name: Copy code-server systemd unit file
become: yes
template:
src: code-server.service
dest: "{{ code_server_service_dir }}"
notify: Restart code-server
- name: Copy code-server systemd override file
become: yes
template:
src: code-server.service.d/restart.conf
dest: "{{ code_server_service_dir }}/code-server.service.d/"
notify: Restart code-server

34
roles/pallxk.code_server/tasks/install-code-server.yml Normal file
View File

@@ -0,0 +1,34 @@
- name: Clean up {{ code_server_dir }}
become: yes
file:
state: absent
path: "{{ code_server_dir }}"
when: code_server_download_needed
- name: Create {{ code_server_dir }}
become: yes
file:
state: directory
path: "{{ code_server_dir }}"
- name: Download code-server
become: yes
unarchive:
remote_src: yes
src: "{{ code_server_tar_url }}"
dest: "{{ code_server_dir }}"
extra_opts:
- --strip-components=1
notify: Restart code-server
when: code_server_download_needed
- name: Add {{ code_server_bin_dir }}/code-server
become: yes
file:
state: link
src: "{{ code_server_dir }}{{ '/bin' if code_server_cleaned_ver is version('3.3.0', '>=') else '' }}/code-server"
dest: "{{ code_server_bin_dir }}/code-server"
# force is required if upgrade from v1 or v2,
# in which case dest exists and is a file.
force: yes
notify: Restart code-server

64
roles/pallxk.code_server/tasks/main.yml Normal file
View File

@@ -0,0 +1,64 @@
---
- name: Check usage of deprecated role variables
include_tasks: deprecate.yml
when: >
tls_cert is defined
or tls_key is defined
or tls_cert_remote is defined
or tls_key_remote is defined
# Always gather facts as we use ansible_user_id and ansible_user_dir
- name: Gather Facts
setup:
gather_subset: '!all'
- name: Check systemd version
shell: "set -o pipefail; systemctl --version | head -1 | cut -d' ' -f2"
args:
executable: /bin/bash
register: systemctl_version
changed_when: no
- name: Create {{ code_server_service_dir }}
become: yes
file:
state: directory
path: "{{ code_server_service_dir }}"
- name: Check code-server
include_tasks: check-code-server.yml
- import_tasks: install-code-server-legacy.yml
when: code_server_major|int < 3
- import_tasks: install-code-server.yml
when: code_server_major|int >= 3
- import_tasks: install-code-server-service.yml
- name: Configure code-server
include_tasks: configure-code-server.yml
- name: Configure service
set_fact:
code_server_configure_service: yes
tags:
- service
- meta: flush_handlers
- name: Enable code-server service
become: yes
systemd:
name: code-server
enabled: yes
tags:
- service
- name: Report
include_tasks: report.yml
- name: Sanity Test
include_tasks: tests.yml
tags:
- tests

10
roles/pallxk.code_server/tasks/report.yml Normal file
View File

@@ -0,0 +1,10 @@
- name: List installed files
debug:
msg:
- "{{ code_server_dir }}"
- "{{ code_server_bin_dir }}/code-server"
- "{{ code_server_service_dir }}/code-server.service"
- "{{ code_server_service_dir }}/code-server.service.d/restart.conf"
- "{% if code_server_password is defined %}{{ code_server_data_dir }}/env{% endif %}"
- "{% if code_server_tls_cert is defined %}{{ code_server_data_dir }}/tls.cert{% endif %}"
- "{% if code_server_tls_key is defined %}{{ code_server_data_dir }}/tls.key{% endif %}"

13
roles/pallxk.code_server/tasks/tests.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- name: Test connectivity locally
wait_for:
port: "{{ code_server_port }}"
timeout: 15
- name: Test connectivity remotely
wait_for:
host: "{{ inventory_hostname }}"
port: "{{ code_server_port }}"
timeout: 15
delegate_to: localhost
ignore_errors: yes

21
roles/pallxk.code_server/templates/code-server.service Normal file
View File

@@ -0,0 +1,21 @@
[Unit]
Description=Run VS Code on a remote server.
Documentation=https://github.com/cdr/code-server
After=network.target network-online.target
[Service]
Type=simple
User={{ code_server_user }}
{% if code_server_password is defined %}
EnvironmentFile={{ code_server_data_dir_abs }}/env
{% endif %}
ExecStart={{ code_server_bin_dir }}/code-server
{%- if code_server_major != '1' %} --auth {{ code_server_auth }}{% endif %}
{%- if code_server_tls_cert is defined %} --cert {{ code_server_data_dir_abs }}/tls.cert{% endif %}
{%- if code_server_tls_key is defined %} --cert-key {{ code_server_data_dir_abs }}/tls.key{% endif %}
{%- if code_server_work_dir is defined %} {{ code_server_work_dir }}{% endif %}
--host {{ code_server_host }} --port {{ code_server_port }}
WorkingDirectory=~
[Install]
WantedBy=multi-user.target

11
roles/pallxk.code_server/templates/code-server.service.d/restart.conf Normal file
View File

@@ -0,0 +1,11 @@
# Restart every week to fix memory leak
# https://stackoverflow.com/questions/31055194/how-can-i-configure-a-systemd-service-to-restart-periodically
[Service]
Restart=always
{% if (systemctl_version.stdout|int) < 229 %}
Type=notify
# 1 week
TimeoutStartSec=604800
{% else %}
RuntimeMaxSec=604800
{% endif %}

6
roles/pallxk.code_server/templates/env Normal file
View File

@@ -0,0 +1,6 @@
{% if code_server_password is defined %}
PASSWORD={{ code_server_password | quote }}
{% endif %}
{% for env in code_server_env %}
{{ env }}={{ code_server_env[env] | quote }}
{% endfor %}

6
roles/pallxk.code_server/tests/defaults-test.yml Normal file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env ansible-playbook
---
- hosts: localhost
gather_facts: no
roles:
- name: ../..

19
roles/pallxk.code_server/tests/test.yml Normal file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env ansible-playbook
---
- hosts: localhost
gather_facts: no
roles:
- name: ../..
#code_server_ver: ""
#code_server_data_dir: "{{ ansible_user_dir }}/.local/share/code-server"
#code_server_work_dir: "{{ ansible_user_dir }}"
#code_server_auth: password # password or none
#code_server_password: "" # Leave empty to use auto-generated password
#code_server_user: "{{ ansible_user_id }}"
#code_server_host: 0.0.0.0
#code_server_port: 8080
#code_server_env: {}
#code_server_tls_cert: /etc/letsencrypt/live/example.com/fullchain.pem
#code_server_tls_cert_remote: no
#code_server_tls_key: /etc/letsencrypt/live/example.com/privkey.pem
#code_server_tls_key_remote: no

47
roles/pallxk.code_server/vars/main.yml Normal file
View File

@@ -0,0 +1,47 @@
---
# The directory to install the executable for code-server
code_server_bin_dir: "{{ code_server_install_prefix }}/bin"
# code-server before v3 is a single file binary, code-server since v3 is a directory of files.
# code_server_dir is only used for v3+
code_server_dir: "{{ '/opt/code-server' if code_server_major|int >= 3 else '' }}"
# The directory to install code-server systemd service file
code_server_service_dir: "{{ code_server_install_prefix }}/lib/systemd/system"
# URL prefix for downloading code-server
code_server_url_prefix: https://github.com/cdr/code-server/releases/download
# code_server_ver without v prefix
code_server_cleaned_ver: "{{ code_server_ver | regex_replace('^v', '') }}"
# code_server_short_ver removes vscode version
# 2.1692-vsc1.39.2 -> 2.1692
# 3.0.0 -> 3.0.0
code_server_short_ver: "{{ code_server_cleaned_ver | regex_replace('-.+', '') }}"
# Whether we need to download code-server for fresh install or upgrade.
# Note that code-server release tag has a 'v' prefix since v3.3.0,
# while `code-server --version` never outputs the 'v' prefix.
code_server_download_needed: >-
{{ not code_server_exists.stat.exists
or code_server_version.stdout != code_server_cleaned_ver }}
# The subdirectory under URL prefix containing code-server artifacts
code_server_download_dir: "{{ 'v' if code_server_cleaned_ver is version('3.3.0', '>=') else '' }}{{ code_server_short_ver if code_server_short_ver is version('2.1698', '>=') else code_server_cleaned_ver }}"
# The major version of code-server in string
code_server_major: "{{ code_server_cleaned_ver.split('.')[0] }}"
# The architecture of code-server as used in download URL
code_server_arch: "{% if code_server_cleaned_ver is version('3.3.0', '>=') %}amd64{% elif code_server_major != '1' %}x86_64{% else %}x64{% endif %}"
# The build-up final .tar.gz url for code-server
code_server_tar_url: "{{ code_server_url_prefix }}/{{ code_server_download_dir }}/code-server{{ '-' if code_server_major|int >= 3 else '' }}{{ code_server_cleaned_ver }}-linux-{{ code_server_arch }}.tar.gz"
# The data directory of code-server
code_server_data_dir_abs: "{{ code_server_data_dir | expanduser }}"
# Whether to configure service.
# This will be set to yes in tasks unless `--skip-tags service` specified.
code_server_configure_service: no