ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Compare commits

base: ryanc:1e3cc26560026dbb7b91633f629e13769cd9212e
Branches Tags
ryanc:master
..
compare: ryanc:277a1bc5695b97e48190179480fbee297fedd22f
Branches Tags
ryanc:master

No commits in common. "1e3cc26560026dbb7b91633f629e13769cd9212e" and "277a1bc5695b97e48190179480fbee297fedd22f" have entirely different histories.
1e3cc26560 ... 277a1bc569

24 changed files with 87 additions and 198 deletions
Show Stats Expand all files Collapse all files

2
roles/certbot/vars/Debian.yaml
View File

@ -1,2 +1,2 @@
--- ---
certbot_challenge_webroot_path: /var/www/html certbot_challenge_webroot_path: /var/www/.acme-challenge

2
roles/craftbukkit/defaults/main.yaml
View File

@ -2,7 +2,7 @@
craftbukkit_java_package_name: openjdk-8-jre-headless craftbukkit_java_package_name: openjdk-8-jre-headless
craftbukkit_java_package_state: present craftbukkit_java_package_state: present
craftbukkit_version: 1.16.1 craftbukkit_version: 1.15.2
craftbukkit_jar: "craftbukkit-{{ craftbukkit_version }}.jar" craftbukkit_jar: "craftbukkit-{{ craftbukkit_version }}.jar"
craftbukkit_service_name: craftbukkit.service craftbukkit_service_name: craftbukkit.service

4
roles/gitea/defaults/main.yaml
View File

@ -3,8 +3,10 @@ gitea_service_name: gitea.service
gitea_service_state: started gitea_service_state: started
gitea_service_enabled: yes gitea_service_enabled: yes
gitea_version: 1.12.2 gitea_arch: amd64
gitea_version: 1.11.5
gitea_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" gitea_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
gitea_checksum: sha256:d8d43c13e71596c79b541e85e29defe065b4f70ac5155e6d0212bcfc669e1b9c
gitea_bin_path: /usr/local/bin gitea_bin_path: /usr/local/bin
gitea_var_path: /var/lib/gitea gitea_var_path: /var/lib/gitea
gitea_log_path: /var/log/gitea gitea_log_path: /var/log/gitea

18
roles/gitea/tasks/main.yaml
View File

@ -1,14 +1,12 @@
--- ---
- name: gather architecture specific variables #- name: OS specific variables
include_vars: "{{ lookup('first_found', possible_files) }}" # include_vars: "{{ item }}"
vars: # with_first_found:
possible_files: # - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
files: # - "{{ ansible_distribution }}.yml"
- "{{ ansible_userspace_architecture }}.yaml" # - "{{ ansible_os_family }}.yml"
- "default.yaml" # - "default.yml"
paths: #
- vars
- name: "download gitea {{ gitea_version }}" - name: "download gitea {{ gitea_version }}"
get_url: get_url:
url: "{{ gitea_url }}" url: "{{ gitea_url }}"

2
roles/gitea/templates/nginx.conf.j2
View File

@ -6,7 +6,7 @@ server {
server_name {{ gitea_domain }}; server_name {{ gitea_domain }};
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
root /var/www/html; root /var/www/.acme-challenge;
try_files $uri =404; try_files $uri =404;
} }

3
roles/gitea/vars/x86_64.yaml
View File

@ -1,3 +0,0 @@
---
gitea_arch: amd64
gitea_checksum: sha256:3faa3e97a621c3b9ecba7917fd870c07c3c6c88c8cc7c29ecbf2c7b9802d91b0

2
roles/grafana/templates/nginx.conf.j2
View File

@ -6,7 +6,7 @@ server {
server_name {{ grafana_domain }}; server_name {{ grafana_domain }};
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
root /var/www/html; root /var/www/.acme-challenge;
try_files $uri =404; try_files $uri =404;
} }

1
roles/influxdb/defaults/main.yaml
View File

@ -18,4 +18,3 @@ influxdb_config:
query-log-enabled: no query-log-enabled: no
http: http:
log-enabled: no log-enabled: no
flux-enabled: yes

7
roles/minecraft/defaults/main.yaml
View File

@ -11,11 +11,12 @@ minecraft_port: 25565
minecraft_user: minecraft minecraft_user: minecraft
minecraft_group: minecraft minecraft_group: minecraft
minecraft_jar_url: https://launcher.mojang.com/v1/objects/c5f6fb23c3876461d46ec380421e42b289789530/server.jar minecraft_jar_url: https://launcher.mojang.com/v1/objects/bb2b6b1aefcd70dfd1892149ac3a215f6c636b07/server.jar
minecraft_jar_checksum: sha256:2902ed3ff84e4f810a2c0620c6b6df9c3ef8488b272c61274d5eac2433876f39 minecraft_jar_checksum: sha256:80cf86dc2004ec6a2dc0183d1c75a9af3ba0669f7c332e4247afb1d76fb67e8a
minecraft_opt_path: /opt/minecraft minecraft_opt_path: /opt/minecraft
minecraft_var_path: /var/opt/minecraft minecraft_var_path: "{{ minecraft_opt_path }}/var"
minecraft_backup_path: "{{ minecraft_opt_path }}/backup"
minecraft_syslog_facility: local5 minecraft_syslog_facility: local5

6
roles/minecraft/handlers/main.yaml
View File

@ -14,3 +14,9 @@
service: service:
name: rsyslog name: rsyslog
state: restarted state: restarted
- name: restart minecraft instances
service:
name: "minecraft@{{ item.name }}.service"
state: restarted
loop: "{{ minecraft_worlds | default([]) }}"

42
roles/minecraft/tasks/main.yaml
View File

@ -37,11 +37,12 @@
- name: create minecraft var directory - name: create minecraft var directory
file: file:
path: "{{ minecraft_var_path }}" path: "{{ minecraft_var_path }}/{{ item.name }}"
state: directory state: directory
owner: "{{ minecraft_user }}" owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}" group: "{{ minecraft_group }}"
mode: "0755" mode: "0755"
loop: "{{ minecraft_worlds }}"
- name: download minecraft server - name: download minecraft server
get_url: get_url:
@ -51,29 +52,31 @@
group: "{{ minecraft_group }}" group: "{{ minecraft_group }}"
mode: "0644" mode: "0644"
checksum: "{{ minecraft_jar_checksum }}" checksum: "{{ minecraft_jar_checksum }}"
notify: restart minecraft notify: restart minecraft instances
- name: agree to the eula - name: agree to the eula
copy: copy:
content: "eula=true" content: "eula=true"
dest: "{{ minecraft_var_path }}/eula.txt" dest: "{{ minecraft_var_path }}/{{ item.name }}/eula.txt"
owner: "{{ minecraft_user }}" owner: "{{ minecraft_user }}"
group: "{{ minecraft_group }}" group: "{{ minecraft_group }}"
mode: "0644" mode: "0644"
loop: "{{ minecraft_worlds }}"
- name: configure minecraft - name: configure minecraft
template: template:
src: server.properties.j2 src: server.properties.j2
dest: "{{ minecraft_var_path }}/server.properties" dest: "{{ minecraft_var_path }}/{{ item.name }}/server.properties"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart minecraft notify: restart minecraft instances
loop: "{{ minecraft_worlds }}"
- name: configure systemd unit - name: configure systemd unit
template: template:
src: minecraft.service.j2 src: minecraft.service.j2
dest: /etc/systemd/system/minecraft.service dest: /etc/systemd/system/minecraft@.service
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
@ -82,9 +85,30 @@
- name: manage minecraft service - name: manage minecraft service
service: service:
name: minecraft.service name: "minecraft@{{ item.name }}"
state: "{{ minecraft_service_state }}" state: "{{ item.state | default(minecraft_service_state) }}"
enabled: "{{ minecraft_service_enabled }}" enabled: "{{ item.enabled | default(minecraft_service_enabled) }}"
loop: "{{ minecraft_worlds }}"
#- name: configure ops
# copy:
# content: "{{ (minecraft_ops | default([])) | to_nice_json }}"
# dest: "{{ minecraft_var_path }}/ops.json"
# owner: "{{ minecraft_user }}"
# group: "{{ minecraft_group }}"
# mode: "0644"
# force: no
# notify: restart minecraft instances
#
#- name: configure whitelist
# copy:
# content: "{{ (minecraft_whitelist | default([])) | to_nice_json }}"
# dest: "{{ minecraft_var_path }}/whitelist.json"
# owner: "{{ minecraft_user }}"
# group: "{{ minecraft_group }}"
# mode: "0644"
# force: no
# notify: restart minecraft instances
- name: install discord notifier - name: install discord notifier
copy: copy:

4
roles/minecraft/templates/minecraft.service.j2
View File

@ -1,7 +1,7 @@
# {{ ansible_managed }} # {{ ansible_managed }}
[Unit] [Unit]
Description=Minecraft server Description=Minecraft server %i
After=network.target After=network.target
[Service] [Service]
@ -10,7 +10,7 @@ SuccessExitStatus=143
Type=simple Type=simple
User={{ minecraft_user }} User={{ minecraft_user }}
Group={{ minecraft_group }} Group={{ minecraft_group }}
WorkingDirectory={{ minecraft_var_path }} WorkingDirectory={{ minecraft_var_path }}/%i
Restart=on-failure Restart=on-failure
SyslogIdentifier=minecraft SyslogIdentifier=minecraft
SyslogFacility={{ minecraft_syslog_facility }} SyslogFacility={{ minecraft_syslog_facility }}

7
roles/nginx/templates/default.j2
View File

@ -11,4 +11,11 @@ server {
location / { location / {
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
{% if nginx_acme_challenge_enabled %}
location /.well-known/acme-challenge/ {
alias {{ nginx_acme_challenge_path }};
try_files $uri $uri/ =404;
}
{% endif %}
} }

21
roles/restic/files/hooks/minecraft.sh
View File

@ -3,7 +3,7 @@
set -e set -e
SERVICE=minecraft.service SERVICE=minecraft.service
VAR_DIR=/var/opt/minecraft VAR_DIR=/opt/minecraft/var
WAIT=30 WAIT=30
VERBOSE=${VERBOSE:-4} VERBOSE=${VERBOSE:-4}
@ -34,6 +34,7 @@ stop_server() {
return 0 return 0
fi fi
printf "stopping %s\n" "$instance"
systemctl -q stop "$unit" systemctl -q stop "$unit"
while systemctl -q is-active "$unit"; do while systemctl -q is-active "$unit"; do
@ -62,6 +63,7 @@ start_server() {
return 0 return 0
fi fi
printf "starting %s\n" "$instance"
systemctl -q start "$unit" systemctl -q start "$unit"
while ! systemctl -q is-active "$unit"; do while ! systemctl -q is-active "$unit"; do
@ -76,6 +78,7 @@ start_server() {
return 0 return 0
} }
open_files() { open_files() {
local dir=${1-$VAR_DIR} local dir=${1-$VAR_DIR}
local attempts="${2:-$WAIT}" local attempts="${2:-$WAIT}"
@ -92,22 +95,28 @@ open_files() {
return 0 return 0
} }
main() { main() {
if [ "$1" == "pre" ]; then if [ "$1" == "pre" ]; then
if ! stop_server $SERVICE; then for path in "$VAR_DIR"/*; do
error_exit "Failed to stop $SERVICE" instance="minecraft@$(basename "$path").service"
if ! stop_server "$instance"; then
error_exit "Failed to stop $instance"
fi fi
done
printf "checking for open files\n" printf "checking for open files\n"
if ! open_files $VAR_DIR; then if ! open_files $VAR_DIR; then
error_exit "Open files exist in $VAR_DIR" error_exit "Open files exist in $VAR_DIR"
fi fi
elif [ "$1" == "post" ]; then elif [ "$1" == "post" ]; then
if ! start_server $SERVICE; then for path in "$VAR_DIR"/*; do
error_exit "Failed to start $SERVICE" instance="minecraft@$(basename "$path").service"
if ! start_server "$instance"; then
error_exit "Failed to start $instance"
fi fi
done
fi fi
} }

2
roles/restic/files/restic-job.sh
View File

@ -76,12 +76,12 @@ if [ -f "$LOCK" ]; then
if ! [[ $cmdline =~ $(basename "$0") ]]; then if ! [[ $cmdline =~ $(basename "$0") ]]; then
printf "removing orphaned lock, pid %d belongs to another process\n" "$pid" printf "removing orphaned lock, pid %d belongs to another process\n" "$pid"
rm -f "$LOCK" rm -f "$LOCK"
fi
else else
KEEP_LOCK=1 KEEP_LOCK=1
error_exit "another job is running, pid=${pid}" error_exit "another job is running, pid=${pid}"
fi fi
fi fi
fi
fi fi
echo $$ > "$LOCK" echo $$ > "$LOCK"

29
roles/restic/files/restic-tidy.sh
View File

@ -8,16 +8,6 @@ error_exit() {
} }
RESTIC_ETC_PATH=${RESTIC_ETC_PATH:-/etc/restic} RESTIC_ETC_PATH=${RESTIC_ETC_PATH:-/etc/restic}
LOCK_PATH=/run/restic
LOCK="${LOCK_PATH}/tidy.lock"
KEEP_LOCK=
function finish {
if [ -z $KEEP_LOCK ]; then
rm -f "$LOCK"
fi
}
trap finish EXIT
# shellcheck source=/dev/null # shellcheck source=/dev/null
source "${RESTIC_ETC_PATH}/env.sh" source "${RESTIC_ETC_PATH}/env.sh"
@ -53,25 +43,6 @@ KEEP_WEEKLY=${KEEP_WEEKLY:-5}
KEEP_MONTHLY=${KEEP_MONTHLY:-12} KEEP_MONTHLY=${KEEP_MONTHLY:-12}
KEEP_YEARLY=${KEEP_YEARLY:-10} KEEP_YEARLY=${KEEP_YEARLY:-10}
if [ -f "$LOCK" ]; then
pid=$(cat "$LOCK")
if ! kill -0 "$pid" 2> /dev/null; then
printf "removing orphaned lock, pid %d does not exist\n" "$pid"
rm -f "$LOCK"
else
if [[ -f "/proc/${pid}/cmdline" ]]; then
cmdline=$(tr "\0" " " <"/proc/${pid}/cmdline")
if ! [[ $cmdline =~ $(basename "$0") ]]; then
printf "removing orphaned lock, pid %d belongs to another process\n" "$pid"
rm -f "$LOCK"
else
KEEP_LOCK=1
error_exit "another job is running, pid=${pid}"
fi
fi
fi
fi
printf "started, keep hourly:%d daily:%d weekly:%d monthly:%d year:%d\n" \ printf "started, keep hourly:%d daily:%d weekly:%d monthly:%d year:%d\n" \
"$KEEP_HOURLY" \ "$KEEP_HOURLY" \
"$KEEP_DAILY" \ "$KEEP_DAILY" \

21
roles/teleport/defaults/main.yaml
View File

@ -1,21 +0,0 @@
---
teleport_service_name: teleport
teleport_service_state: started
teleport_service_enabled: yes
teleport_systemd_unit_path: /etc/systemd/system/teleport.service
teleport_version: 4.3.5
teleport_baseurl: https://get.gravitational.com
teleport_roles:
- auth
- proxy
- node
teleport_config_path: /etc/teleport.yaml
teleport_config_owner: root
teleport_config_group: root
teleport_config_mode: 0400
teleport_config: {}

14
roles/teleport/handlers/main.yaml
View File

@ -1,14 +0,0 @@
---
- name: autossh daemon-reload
systemd:
daemon_reload: yes
- name: reload teleport
service:
name: "{{ teleport_service_name }}"
state: reloaded
- name: restart teleport
service:
name: "{{ teleport_service_name }}"
state: restarted

4
roles/teleport/tasks/Debian.yaml
View File

@ -1,4 +0,0 @@
---
- name: install package
apt:
deb: "{{ teleport_package_url }}"

63
roles/teleport/tasks/main.yaml
View File

@ -1,63 +0,0 @@
---
- name: gather architecture specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_userspace_architecture }}.yaml"
- "default.yaml"
paths:
- vars
- name: gather os specific variables
include_vars: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- vars
- name: include os specific tasks
include_tasks: "{{ lookup('first_found', possible_files) }}"
vars:
possible_files:
files:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
paths:
- tasks
- name: configure teleport
copy:
dest: "{{ teleport_config_path }}"
owner: "{{ teleport_config_owner }}"
group: "{{ teleport_config_group }}"
mode: "{{ teleport_config_mode }}"
content: "{{ teleport_config | to_yaml }}"
notify:
- reload teleport
no_log: true
- name: systemd unit
template:
src: teleport.service.j2
dest: "{{ teleport_systemd_unit_path }}"
owner: root
group: root
mode: 0644
notify:
- restart teleport
- autossh daemon-reload
when: ansible_service_mgr == 'systemd'
- name: manage service
service:
name: "{{ teleport_service_name }}"
state: "{{ teleport_service_state }}"
enabled: "{{ teleport_service_enabled }}"

15
roles/teleport/templates/teleport.service.j2
View File

@ -1,15 +0,0 @@
# {{ ansible_managed }}
[Unit]
Description=Teleport SSH Service
After=network.target
[Service]
Type=simple
Restart=on-failure
ExecStart=/usr/local/bin/teleport start --roles {{ teleport_roles | join(',') }} --config=/etc/teleport.yaml --pid-file=/run/teleport.pid
ExecReload=/bin/kill -HUP $MAINPID
PIDFile=/run/teleport.pid
[Install]
WantedBy=multi-user.target

2
roles/teleport/vars/Debian.yaml
View File

@ -1,2 +0,0 @@
---
teleport_package_url: "{{ teleport_baseurl }}/teleport_{{ teleport_version }}_{{ teleport_arch }}.deb"

3
roles/teleport/vars/x86_64.yaml
View File

@ -1,3 +0,0 @@
---
teleport_arch: amd64
teleport_checksum: 0b472d847b9c492f74757c6e806af5bad85c79d4dfa12cea1fc3c9ec1e5dc4ac

3
roles/util/defaults/main.yaml
View File

@ -61,6 +61,3 @@ util_packages:
- python3-pip - python3-pip
- python-requests - python-requests
- python3-requests - python3-requests
fun:
- cmatrix
- cowsay