Add files via upload

2024-04-04 13:53:58 +02:00 · 2024-04-04 13:53:58 +02:00 · fca4dce088
commit fca4dce088
parent f27c3d735e
4 changed files with 155 additions and 3 deletions
--- a/backup_docker_volumes.yaml
+++ b/backup_docker_volumes.yaml
@ -0,0 +1,38 @@
+---
+- name: backup docker volume
+  hosts: all
+  become: true
+  gather_facts: true
+
+  tasks:
+
+    - name: make backup folder
+      ansible.builtin.file:
+        path: "/docker_backup/"
+        owner: "ansibleuser"
+        group: "ansibleuser"
+        mode: '0700'
+        state: "directory"
+
+    - name: delete old file
+      ansible.builtin.file:
+        path: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz"
+        state: "absent"
+
+    - name: create archive
+      community.general.archive:
+        dest: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz"
+        path: "/var/lib/docker/volumes"
+        owner: "ansibleuser"
+
+    - name: create sudo permision 
+      lineinfile:
+        path: "/etc/sudoers.d/root"
+        create: true
+        state: present
+        line: "root ALL=(ansibleuser) NOPASSWD: ALL"
+
+    - name: scp file into safety
+      ansible.builtin.shell: 'scp -o "StrictHostKeyChecking accept-new" /docker_backup/docker_volume_{{ ansible_hostname }}.tgz ansibleuser@10.10.0.2:/home/backup_ansible/'
+      become: false
+
--- a/install_ldap_389ds.yaml
+++ b/install_ldap_389ds.yaml
@ -4,8 +4,12 @@
  become: true

  tasks:
+    - name: remove other files
+      include_tasks: yaml_sub/install_docker.yaml
+
    - name: remove other files
      include_tasks: yaml_sub/myrepo_clean.yaml
+
    - name: update file myrepo.repo
      import_tasks: yaml_sub/myrepo_data.yaml

@ -20,13 +24,49 @@

    - name: install 389
      dnf:
-        name: "389-ds-base,cockpit-389-ds"
+        name: "389-ds-base"
        state: latest
        update_cache: true
        skip_broken: true
        nobest: false
        allowerasing: true

+    - name: Create volume lam_etc
+      community.docker.docker_volume:
+        name: lam_etc
+        state: present
+
+    - name: Create lam container
+      community.docker.docker_container:
+        name: semaphore
+        image: ldapaccountmanager/lam
+        state: started
+        recreate: yes
+        restart_policy: always
+        published_ports:
+          - "80:80/tcp"
+        volumes:
+          - lam_etc:/var/lib/ldap-account-manager/config
+        env:
+	  LAM_SKIP_PRECONFIGURE: false
+	  LDAP_DOMAIN: ldap.neuro.uni-bremen.de
+	  LDAP_BASE_DN: dc=ldap,dc=neuro,dc=uni-bremen,dc=de
+	  LDAP_USERS_DN: ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
+	  LDAP_GROUPS_DN: ou=groups,dc=my-domain,dc=com
+	  LDAP_SERVER: ldap://10.10.0.4:389
+# xxxxxx
+	  LDAP_USER: cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
+# xxxxxx
+	  LAM_PASSWORD: lam
+	  LAM_CONFIGURATION_DATABASE: files
+	  LAM_DISABLE_TLS_CHECK: false
+	  LDAP_ORGANISATION: "Neuro-Physik ITP"
+# xxxxxx
+	  LDAP_ADMIN_PASSWORD: adminpw
+# xxxxxx
+	  LDAP_READONLY_USER_PASSWORD: readonlypw
+
+
    - name: set instance.inf
      blockinfile:
        path: /root/instance.inf
@ -42,6 +82,7 @@
          
          [slapd]
          instance_name = localhost
+# xxxxxx
          root_password = SOMEPASSWORD
          port = 389
          secure_port = 636
--- a/install_pi_hole.yaml
+++ b/install_pi_hole.yaml
@ -0,0 +1,74 @@
+---
+- name: install pi hole
+  hosts: all
+  become: true
+
+  vars:
+    web_pass: "{{ pass }}"
+    
+  tasks:
+
+    - name: Make sure systemd-resolved is disabled
+      ansible.builtin.systemd_service:
+        state: stopped
+        enabled: false
+        masked: true
+        name: systemd-resolved
+      ignore_errors: true
+
+    - name: install docker 
+      ansible.builtin.include_tasks: yaml_sub/install_docker.yaml
+
+    - name: Create volume pi_hole_etc
+      community.docker.docker_volume:
+        name: pi_hole_etc
+        state: present
+
+    - name: Create volume pi_hole_dnsmasq
+      community.docker.docker_volume:
+        name: pi_hole_dnsmasq
+        state: present
+
+    - name: Create pi-hole container
+      community.docker.docker_container:
+        name: pihole
+        image: pihole/pihole
+        state: started
+        recreate: yes
+        restart_policy: always
+        published_ports:
+          - "53:53/tcp"
+          - "53:53/udp"
+          - "67:67/udp"
+          - "80:80/tcp"
+        volumes:
+          - 'pi_hole_etc:/etc/pihole'
+          - 'pi_hole_dnsmasq:/etc/dnsmasq.d'
+        env:
+          TZ: Europe/Berlin
+          PIHOLE_DNS_: "134.102.20.20;8.8.8.8;8.8.4.4"
+          DHCP_ACTIVE: "true"
+          DHCP_START: "10.10.220.1"
+          DHCP_END: "10.10.224.254"
+          DHCP_ROUTER: "10.0.0.250"
+          DHCP_LEASETIME: "24"
+          PIHOLE_DOMAIN: "neuro.uni-bremen.de"
+          DHCP_IPv6: "false"
+          IPv6: "false"
+          FTLCONF_LOCAL_IPV4: "10.10.0.5"
+          WEBPASSWORD: "{{ web_pass }}"
+        capabilities:
+          - NET_ADMIN
+
+    - name: Disable query logging
+      debug:
+        msg: "Settings -> System -> Disable query logging"
+
+    - name: Permit all logins
+      debug:
+        msg: "Settings -> DNS -> Interface settings -> Permit all origins + save"
+
+    - name: Deactivate blocking
+      debug:
+        msg: "Deactive blocking"
+
--- a/install_semaphore.yaml
+++ b/install_semaphore.yaml
@ -18,7 +18,7 @@
        name: semaphore_lib
        state: present

-    - name: Create portainer container
+    - name: Create semaphore container
      community.docker.docker_container:
        name: semaphore
        image: semaphoreui/semaphore
@ -28,7 +28,6 @@
        published_ports:
          - "3000:3000/tcp"
        volumes:
-#          - /var/run/docker.sock:/var/run/docker.sock
          - semaphore_etc:/etc/semaphore
          - semaphore_lib:/var/lib/semaphore
        env: