cyclane/kovalhome
1
1
Fork 0
Code Issues 7 Pull Requests 1 Actions Packages Projects 3 Releases Activity

Compare commits

merge into: cyclane:main
Branches Tags
cyclane:main cyclane:cleanup-playbooks cyclane:initial-vm-provisioning
...
pull from: cyclane:cleanup-playbooks
Branches Tags
cyclane:main cyclane:cleanup-playbooks cyclane:initial-vm-provisioning

13 Commits

Author SHA1 Message Date
Gleb Koval
ef780275e7 Infisical no longer needs pinning
Some checks failed
Infrastructure / Check and run Ansbile playbooks (pull_request) Failing after 3m30s
Details
2024-03-29 16:24:22 +00:00
Gleb Koval
87df3eb334 Merge branch 'main' into cleanup-playbooks 2024-03-29 16:23:17 +00:00
Gleb Koval
202abc79e3 Use requirements.yml for galaxy
Some checks failed
Infrastructure / Check and run Ansbile playbooks (pull_request) Failing after 2m57s
Details
2024-01-30 17:50:13 +00:00
Gleb Koval
8ab4968371 Remove ansible-lint from requirements
Some checks failed
Infrastructure / Check and run Ansbile playbooks (pull_request) Failing after 3m6s
Details
2024-01-30 17:32:13 +00:00
Gleb Koval
5ac073fc11 use ansible-lint action
Some checks failed
Infrastructure / Check and run Ansbile playbooks (pull_request) Failing after 3m34s
Details
2024-01-30 17:31:29 +00:00
Gleb Koval
2834642cb7 Use strict linting
All checks were successful
Infrastructure / Check and run Ansbile playbooks (pull_request) Successful in 2m1s
Details
2024-01-30 13:01:28 +00:00
Gleb Koval
594c97f4dc Add ansible-lint dependancy
All checks were successful
Infrastructure / Check and run Ansbile playbooks (pull_request) Successful in 2m8s
Details
2024-01-30 12:46:27 +00:00
Gleb Koval
9689da7d11 Add ansible-lint to github actions
Some checks failed
Infrastructure / Check and run Ansbile playbooks (pull_request) Failing after 1m36s
Details
2024-01-30 12:42:41 +00:00
Gleb Koval
e1375aeb72 ansible-lint 2024-01-30 12:40:46 +00:00
Gleb Koval
2aa297e901 docker_compose_v2 ansible (instead of shell) 2024-01-30 12:37:37 +00:00
Gleb Koval
1a0114fa34 nextcloud aio: 
- remove immich decommision (it's fine(tm))
- use ansible to create container, instead of bash script
 2024-01-29 22:42:27 +00:00
Gleb Koval
e807abb376 Fix name of install docker playbooks 2024-01-29 22:41:33 +00:00
Gleb Koval
334276e654 proxmox playbooks 
- use handler for initial boot & wait
 2024-01-29 22:28:02 +00:00
24 changed files with 186 additions and 265 deletions
Expand all files Collapse all files

4
.ansible-lint Normal file
View File

@@ -0,0 +1,4 @@
strict: true
use_default_rules: true
skip_list:
- args[module]

9
.github/workflows/infra.yaml vendored
View File

@@ -29,13 +29,14 @@ jobs:
apt update apt update
apt install -y python3-pip apt install -y python3-pip
pip3 install -r requirements.txt pip3 install -r requirements.txt
ansible-galaxy collection install community.general infisical.vault ansible-galaxy collection install -r requirements.yml --force
- name: Run ansible-lint
uses: ansible/ansible-lint@v6
- name: Check playbooks - name: Check playbooks
run: | run: |
for file in $(find . -wholename "*/infra/*playbook.yaml" -type f); do ansible-playbook --inventory ./inventory --syntax-check infra/**/*playbook.yaml
ansible-playbook --inventory ./inventory --syntax-check "$file"
done
- name: Get changed playbooks - name: Get changed playbooks
id: files id: files

34
infra/cloud/0000_proxmox_playbook.yaml
View File

@@ -36,7 +36,7 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
clone: "{{ node }}-debian-12" clone: "{{ node }}-debian-12"
storage: nvme storage: nvme
register: create notify: Initial boot
- name: Wait for status - name: Wait for status
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: current state: current
@@ -65,21 +65,8 @@
ipconfig0: ip=dhcp,ip6=auto ipconfig0: ip=dhcp,ip6=auto
ipconfig1: ip=dhcp ipconfig1: ip=dhcp
# Initial boot - name: Force all notified handlers to run
# For some reason debian cloud images don't use ansible.builtin.meta: flush_handlers
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
when: create.changed is true
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90
# VM Configuration # VM Configuration
- name: Resize root disk - name: Resize root disk
@@ -108,3 +95,18 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: restarted state: restarted
timeout: 60 timeout: 60
handlers:
# Initial boot
# For some reason debian cloud images don't use
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90

2
infra/cloud/0002_docker_playbook.yaml
View File

@@ -1,4 +1,4 @@
- name: Install software - name: Install docker
hosts: cloud hosts: cloud
gather_facts: false gather_facts: false
tasks: tasks:

13
infra/cloud/0003_00_cleanup_script_deploy_playbook.yaml Normal file
View File

@@ -0,0 +1,13 @@
- name: Cleanup old ~/nextcloud directory
hosts: cloud
gather_facts: false
vars:
app: nextcloud
tasks:
- name: Wait for connection
ansible.builtin.wait_for_connection:
timeout: 300
- name: Delete nextcloud directory
ansible.builtin.file:
path: "$HOME/{{ app }}"
state: absent

36
infra/cloud/0003_nextcloud_playbook.yaml
View File

@@ -2,21 +2,29 @@
hosts: cloud hosts: cloud
gather_facts: false gather_facts: false
vars: vars:
app: nextcloud container: nextcloud-aio-mastercontainer
tasks: tasks:
- name: Wait for connection - name: Wait for connection
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 timeout: 300
- name: Get user - name: Deploy master container
ansible.builtin.user: community.docker.docker_container:
name: debian image: nextcloud/all-in-one:latest
register: user recreate: true
- name: Copy project state: started
ansible.builtin.copy: restart_policy: unless-stopped
src: "./{{ app }}" init: true
dest: "{{ user.home }}" name: "{{ container }}"
mode: "0744" published_ports:
- name: Re-deploy - 8080:8080
ansible.builtin.command: bash all-in-one.sh env:
args: NEXTCLOUD_UPLOAD_LIMIT: 16G
chdir: "{{ user.home }}/{{ app }}" NEXTCLOUD_MAX_TIME: "7200"
NEXTCLOUD_ADDITIONAL_APKS: imagemagick ffmpeg
APACHE_PORT: "11000"
APACHE_IP_BINDING: "0.0.0.0"
TZ: Europe/London
AIO_DISABLE_BACKUP_SECTION: "true"
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro

71
infra/cloud/0004_decommission_immich_playbook.yaml
View File

@@ -1,71 +0,0 @@
- name: Decommission Immich
hosts: cloud
gather_facts: false
vars:
app: immich
api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}"
api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}"
api_token_id: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_ID') }}"
api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_SECRET') }}"
vmname: "{{ inventory_hostname | regex_replace('^([^\\.]+)\\..+$', '\\1') }}"
node: pve
module_defaults:
community.general.proxmox_kvm:
api_user: "{{ api_user }}"
api_host: "{{ api_host }}"
api_token_id: "{{ api_token_id }}"
api_token_secret: "{{ api_token_secret }}"
name: "{{ vmname }}"
node: "{{ node }}"
community.general.proxmox_disk:
api_user: "{{ api_user }}"
api_host: "{{ api_host }}"
api_token_id: "{{ api_token_id }}"
api_token_secret: "{{ api_token_secret }}"
name: "{{ vmname }}"
tasks:
- name: Wait for connection
ansible.builtin.wait_for_connection:
timeout: 300
- name: Get user
ansible.builtin.user:
name: debian
register: user
- name: Docker compose down
ansible.builtin.command: docker compose down
args:
chdir: "{{ user.home }}/{{ app }}"
ignore_errors: true
- name: Remove docker volumes
ansible.builtin.command: docker compose down --volumes
args:
chdir: "{{ user.home }}/{{ app }}"
ignore_errors: true
- name: Remove config directory
ansible.builtin.file:
path: "{{ user.home }}/{{ app }}"
state: absent
- name: Destroy media disk
community.general.proxmox_disk:
disk: scsi2
state: absent
delegate_to: localhost
- name: Remove media mount
ansible.posix.mount:
src: /dev/disk/by-path/pci-0000:00:05.0-scsi-0:0:0:2-part1
path: /mnt/media
fstype: ext4
opts: rw,errors=remount-ro,x-systemd.growfs
state: absent
become: true
- name: Remove media directory
ansible.builtin.file:
path: /mnt/media
state: absent
become: true
- name: Restart VM
community.general.proxmox_kvm:
state: restarted
timeout: 60
delegate_to: localhost

21
infra/cloud/nextcloud/all-in-one.sh
View File

@@ -1,21 +0,0 @@
#!/bin/bash
docker stop nextcloud-aio-mastercontainer || true
docker rm nextcloud-aio-mastercontainer || true
docker run \
--init \
--sig-proxy=false \
--name nextcloud-aio-mastercontainer \
--restart unless-stopped \
--publish 8080:8080 \
--env NEXTCLOUD_UPLOAD_LIMIT=16G \
--env NEXTCLOUD_MAX_TIME=7200 \
--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick ffmpeg" \
--env APACHE_PORT=11000 \
--env APACHE_IP_BINDING=0.0.0.0 \
--env TZ=Europe/London \
--env AIO_DISABLE_BACKUP_SECTION=true \
--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
-d nextcloud/all-in-one:latest

34
infra/music/0000_proxmox_playbook.yaml
View File

@@ -36,7 +36,7 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
clone: "{{ node }}-debian-12" clone: "{{ node }}-debian-12"
storage: nvme storage: nvme
register: create notify: Initial boot
- name: Wait for status - name: Wait for status
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: current state: current
@@ -65,21 +65,8 @@
ipconfig0: ip=dhcp,ip6=auto ipconfig0: ip=dhcp,ip6=auto
ipconfig1: ip=dhcp ipconfig1: ip=dhcp
# Initial boot - name: Force all notified handlers to run
# For some reason debian cloud images don't use ansible.builtin.meta: flush_handlers
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
when: create.changed is true
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90
# VM Configuration # VM Configuration
- name: Resize root disk - name: Resize root disk
@@ -114,3 +101,18 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: restarted state: restarted
timeout: 60 timeout: 60
handlers:
# Initial boot
# For some reason debian cloud images don't use
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90

2
infra/music/0002_docker_playbook.yaml
View File

@@ -1,4 +1,4 @@
- name: Install software - name: Install docker
hosts: music hosts: music
gather_facts: false gather_facts: false
tasks: tasks:

29
infra/music/0003_music_playbook.yaml
View File

@@ -7,46 +7,39 @@
- name: Wait for connection - name: Wait for connection
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 timeout: 300
- name: Get user
ansible.builtin.user:
name: debian
register: user
- name: Docker compose down - name: Docker compose down
ansible.builtin.command: docker compose down community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}" state: absent
ignore_errors: true
- name: Copy project - name: Copy project
ansible.builtin.copy: ansible.builtin.copy:
src: "./{{ app }}" src: "./{{ app }}"
dest: "{{ user.home }}" dest: "$HOME"
mode: "0744" mode: "0744"
- name: Replace LastFM API key secret - name: Replace LastFM API key secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "LASTFM_APIKEY_VALUE" regexp: "LASTFM_APIKEY_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_APIKEY')['value'] }}"
- name: Replace LastFM secret - name: Replace LastFM secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "LASTFM_SECRET_VALUE" regexp: "LASTFM_SECRET_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='LASTFM_SECRET')['value'] }}"
- name: Replace Mongo Password secret - name: Replace Mongo Password secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "SPOTIFY_ID_VALUE" regexp: "SPOTIFY_ID_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_ID')['value'] }}"
- name: Replace SMTP Password secret - name: Replace SMTP Password secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "SPOTIFY_SECRET_VALUE" regexp: "SPOTIFY_SECRET_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/music', secret_name='SPOTIFY_SECRET')['value'] }}"
- name: Docker compose up -d - name: Docker compose up
ansible.builtin.command: docker compose up -d community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}"
- name: Update data permissions - name: Update data permissions
ansible.builtin.file: ansible.builtin.file:

34
infra/photos/0000_proxmox_playbook.yaml
View File

@@ -36,7 +36,7 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
clone: "{{ node }}-debian-12" clone: "{{ node }}-debian-12"
storage: nvme storage: nvme
register: create notify: Initial boot
- name: Wait for status - name: Wait for status
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: current state: current
@@ -65,21 +65,8 @@
ipconfig0: ip=dhcp,ip6=auto ipconfig0: ip=dhcp,ip6=auto
ipconfig1: ip=dhcp ipconfig1: ip=dhcp
# Initial boot - name: Force all notified handlers to run
# For some reason debian cloud images don't use ansible.builtin.meta: flush_handlers
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
when: create.changed is true
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90
# VM Configuration # VM Configuration
- name: Resize root disk - name: Resize root disk
@@ -114,3 +101,18 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: restarted state: restarted
timeout: 60 timeout: 60
handlers:
# Initial boot
# For some reason debian cloud images don't use
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90

2
infra/photos/0002_docker_playbook.yaml
View File

@@ -1,4 +1,4 @@
- name: Install software - name: Install docker
hosts: photos hosts: photos
gather_facts: false gather_facts: false
tasks: tasks:

22
infra/photos/0003_immich_playbook.yaml
View File

@@ -7,31 +7,25 @@
- name: Wait for connection - name: Wait for connection
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 timeout: 300
- name: Get user
ansible.builtin.user:
name: debian
register: user
- name: Docker compose down - name: Docker compose down
ansible.builtin.command: docker compose down community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}" state: absent
ignore_errors: true
- name: Copy project - name: Copy project
ansible.builtin.copy: ansible.builtin.copy:
src: "./{{ app }}" src: "./{{ app }}"
dest: "{{ user.home }}" dest: "$HOME"
mode: "0744" mode: "0744"
- name: Replace Typesense secret - name: Replace Typesense secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "TYPESENSE_API_KEY_VALUE" regexp: "TYPESENSE_API_KEY_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='TYPESENSE_API_KEY')['value'] }}"
- name: Replace DB secret - name: Replace DB secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "DB_PASSWORD_VALUE" regexp: "DB_PASSWORD_VALUE"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/photos', secret_name='DB_PASSWORD')['value'] }}"
- name: Docker compose up -d - name: Docker compose up -d
ansible.builtin.command: docker compose up -d community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}"

34
infra/samba/0000_proxmox_playbook.yaml
View File

@@ -36,7 +36,7 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
clone: "{{ node }}-debian-12" clone: "{{ node }}-debian-12"
storage: nvme storage: nvme
register: create notify: Initial boot
- name: Wait for status - name: Wait for status
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: current state: current
@@ -65,21 +65,8 @@
ipconfig0: ip=dhcp,ip6=auto ipconfig0: ip=dhcp,ip6=auto
ipconfig1: ip=dhcp ipconfig1: ip=dhcp
# Initial boot - name: Force all notified handlers to run
# For some reason debian cloud images don't use ansible.builtin.meta: flush_handlers
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
when: create.changed is true
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90
# VM Configuration # VM Configuration
- name: Resize root disk - name: Resize root disk
@@ -113,3 +100,18 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: restarted state: restarted
timeout: 60 timeout: 60
handlers:
# Initial boot
# For some reason debian cloud images don't use
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90

2
infra/samba/0002_docker_playbook.yaml
View File

@@ -1,4 +1,4 @@
- name: Install software - name: Install docker
hosts: samba hosts: samba
gather_facts: false gather_facts: false
tasks: tasks:

23
infra/samba/0003_samba_playbook.yaml
View File

@@ -7,32 +7,25 @@
- name: Wait for connection - name: Wait for connection
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 timeout: 300
- name: Get user
ansible.builtin.user:
name: debian
register: user
- name: Docker compose down - name: Docker compose down
ansible.builtin.command: docker compose down community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}" state: absent
ignore_errors: true
- name: Copy project - name: Copy project
ansible.builtin.copy: ansible.builtin.copy:
src: "./{{ app }}" src: "./{{ app }}"
dest: "{{ user.home }}" dest: "$HOME"
mode: "0744" mode: "0744"
- name: Replace KVK Password secret - name: Replace KVK Password secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/config.yml" path: "$HOME/{{ app }}/config.yml"
regexp: "KVK_PASSWORD" regexp: "KVK_PASSWORD"
replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/samba', secret_name='KVK_PASSWORD')['value'] }}" replace: "{{ lookup('infisical.vault.read_secrets', env_slug='prod', path='/samba', secret_name='KVK_PASSWORD')['value'] }}"
- name: Docker compose up -d - name: Docker compose up
ansible.builtin.command: docker compose up -d community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}"
- name: Update samba permissions - name: Update samba permissions
ansible.builtin.file: ansible.builtin.file:

8
infra/samba/samba/config.yml
View File

@@ -20,7 +20,7 @@ share:
path: /samba/kvkbackups path: /samba/kvkbackups
validusers: kvk validusers: kvk
writelist: kvk writelist: kvk
browsable: yes browsable: true
readonly: no readonly: false
guestok: no guestok: false
veto: no veto: false

34
infra/secrets/0000_proxmox_playbook.yaml
View File

@@ -36,7 +36,7 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
clone: "{{ node }}-debian-12" clone: "{{ node }}-debian-12"
storage: nvme storage: nvme
register: create notify: Initial boot
- name: Wait for status - name: Wait for status
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: current state: current
@@ -65,21 +65,8 @@
ipconfig0: ip=dhcp,ip6=auto ipconfig0: ip=dhcp,ip6=auto
ipconfig1: ip=dhcp ipconfig1: ip=dhcp
# Initial boot - name: Force all notified handlers to run
# For some reason debian cloud images don't use ansible.builtin.meta: flush_handlers
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
when: create.changed is true
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90
# VM Configuration # VM Configuration
- name: Resize root disk - name: Resize root disk
@@ -108,3 +95,18 @@
community.general.proxmox_kvm: community.general.proxmox_kvm:
state: restarted state: restarted
timeout: 60 timeout: 60
handlers:
# Initial boot
# For some reason debian cloud images don't use
# cloud-init for networking on first boot (cloud-init files
# are regenerated AFTER networking starts). But we need the
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
- name: Initial boot
block:
- name: Start
community.general.proxmox_kvm:
state: started
register: start
- name: Wait 1.5 min # Initial apt update, apt upgrade, cloud-init
ansible.builtin.wait_for:
timeout: 90

2
infra/secrets/0002_docker_playbook.yaml
View File

@@ -1,4 +1,4 @@
- name: Install software - name: Install docker
hosts: secrets hosts: secrets
gather_facts: false gather_facts: false
tasks: tasks:

25
infra/secrets/0003_infiscal_playbook.yaml
View File

@@ -7,38 +7,31 @@
- name: Wait for connection - name: Wait for connection
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 timeout: 300
- name: Get user
ansible.builtin.user:
name: debian
register: user
- name: Docker compose down - name: Docker compose down
ansible.builtin.command: docker compose down community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}" state: absent
ignore_errors: true
- name: Copy project - name: Copy project
ansible.builtin.copy: ansible.builtin.copy:
src: "./{{ app }}" src: "./{{ app }}"
dest: "{{ user.home }}" dest: "$HOME"
mode: "0744" mode: "0744"
- name: Replace Encryption Key secret - name: Replace Encryption Key secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "ENCRYPTION_KEY_VALUE" regexp: "ENCRYPTION_KEY_VALUE"
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_ENCRYPTION_KEY') }}"
- name: Replace Auth secret - name: Replace Auth secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "AUTH_SECRET_VALUE" regexp: "AUTH_SECRET_VALUE"
replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}" replace: "{{ lookup('ansible.builtin.env', 'INFISICAL_AUTH_SECRET') }}"
- name: Replace SMTP Password secret - name: Replace SMTP Password secret
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ user.home }}/{{ app }}/.env" path: "$HOME/{{ app }}/.env"
regexp: "SMTP_PASSWORD_VALUE" regexp: "SMTP_PASSWORD_VALUE"
replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}" replace: "{{ lookup('ansible.builtin.env', 'SMTP_PASSWORD') }}"
- name: Docker compose up -d - name: Docker compose up -d
ansible.builtin.command: docker compose up -d community.docker.docker_compose_v2:
args: project_src: "$HOME/{{ app }}"
chdir: "{{ user.home }}/{{ app }}"

2
requirements.txt
View File

@@ -1,4 +1,4 @@
ansible ansible
proxmoxer proxmoxer
requests requests
infisical==1.5.0 infisical

4
requirements.yml Normal file
View File

@@ -0,0 +1,4 @@
collections:
- name: community.general
- name: community.docker
- name: infisical.vault