diff --git a/backup_docker_volumes.yaml b/backup_docker_volumes.yaml new file mode 100644 index 0000000..ad30023 --- /dev/null +++ b/backup_docker_volumes.yaml @@ -0,0 +1,38 @@ +--- +- name: backup docker volume + hosts: all + become: true + gather_facts: true + + tasks: + + - name: make backup folder + ansible.builtin.file: + path: "/docker_backup/" + owner: "ansibleuser" + group: "ansibleuser" + mode: '0700' + state: "directory" + + - name: delete old file + ansible.builtin.file: + path: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz" + state: "absent" + + - name: create archive + community.general.archive: + dest: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz" + path: "/var/lib/docker/volumes" + owner: "ansibleuser" + + - name: create sudo permision + lineinfile: + path: "/etc/sudoers.d/root" + create: true + state: present + line: "root ALL=(ansibleuser) NOPASSWD: ALL" + + - name: scp file into safety + ansible.builtin.shell: 'scp -o "StrictHostKeyChecking accept-new" /docker_backup/docker_volume_{{ ansible_hostname }}.tgz ansibleuser@10.10.0.2:/home/backup_ansible/' + become: false + diff --git a/install_ldap_389ds.yaml b/install_ldap_389ds.yaml index fc07094..b79ee60 100644 --- a/install_ldap_389ds.yaml +++ b/install_ldap_389ds.yaml @@ -4,8 +4,12 @@ become: true tasks: + - name: remove other files + include_tasks: yaml_sub/install_docker.yaml + - name: remove other files include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo import_tasks: yaml_sub/myrepo_data.yaml @@ -20,13 +24,49 @@ - name: install 389 dnf: - name: "389-ds-base,cockpit-389-ds" + name: "389-ds-base" state: latest update_cache: true skip_broken: true nobest: false allowerasing: true + - name: Create volume lam_etc + community.docker.docker_volume: + name: lam_etc + state: present + + - name: Create lam container + community.docker.docker_container: + name: semaphore + image: ldapaccountmanager/lam + state: started + recreate: yes + restart_policy: always + published_ports: + - "80:80/tcp" + volumes: + - lam_etc:/var/lib/ldap-account-manager/config + env: + LAM_SKIP_PRECONFIGURE: false + LDAP_DOMAIN: ldap.neuro.uni-bremen.de + LDAP_BASE_DN: dc=ldap,dc=neuro,dc=uni-bremen,dc=de + LDAP_USERS_DN: ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de + LDAP_GROUPS_DN: ou=groups,dc=my-domain,dc=com + LDAP_SERVER: ldap://10.10.0.4:389 +# xxxxxx + LDAP_USER: cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de +# xxxxxx + LAM_PASSWORD: lam + LAM_CONFIGURATION_DATABASE: files + LAM_DISABLE_TLS_CHECK: false + LDAP_ORGANISATION: "Neuro-Physik ITP" +# xxxxxx + LDAP_ADMIN_PASSWORD: adminpw +# xxxxxx + LDAP_READONLY_USER_PASSWORD: readonlypw + + - name: set instance.inf blockinfile: path: /root/instance.inf @@ -42,6 +82,7 @@ [slapd] instance_name = localhost +# xxxxxx root_password = SOMEPASSWORD port = 389 secure_port = 636 diff --git a/install_pi_hole.yaml b/install_pi_hole.yaml new file mode 100644 index 0000000..8f42844 --- /dev/null +++ b/install_pi_hole.yaml @@ -0,0 +1,74 @@ +--- +- name: install pi hole + hosts: all + become: true + + vars: + web_pass: "{{ pass }}" + + tasks: + + - name: Make sure systemd-resolved is disabled + ansible.builtin.systemd_service: + state: stopped + enabled: false + masked: true + name: systemd-resolved + ignore_errors: true + + - name: install docker + ansible.builtin.include_tasks: yaml_sub/install_docker.yaml + + - name: Create volume pi_hole_etc + community.docker.docker_volume: + name: pi_hole_etc + state: present + + - name: Create volume pi_hole_dnsmasq + community.docker.docker_volume: + name: pi_hole_dnsmasq + state: present + + - name: Create pi-hole container + community.docker.docker_container: + name: pihole + image: pihole/pihole + state: started + recreate: yes + restart_policy: always + published_ports: + - "53:53/tcp" + - "53:53/udp" + - "67:67/udp" + - "80:80/tcp" + volumes: + - 'pi_hole_etc:/etc/pihole' + - 'pi_hole_dnsmasq:/etc/dnsmasq.d' + env: + TZ: Europe/Berlin + PIHOLE_DNS_: "134.102.20.20;8.8.8.8;8.8.4.4" + DHCP_ACTIVE: "true" + DHCP_START: "10.10.220.1" + DHCP_END: "10.10.224.254" + DHCP_ROUTER: "10.0.0.250" + DHCP_LEASETIME: "24" + PIHOLE_DOMAIN: "neuro.uni-bremen.de" + DHCP_IPv6: "false" + IPv6: "false" + FTLCONF_LOCAL_IPV4: "10.10.0.5" + WEBPASSWORD: "{{ web_pass }}" + capabilities: + - NET_ADMIN + + - name: Disable query logging + debug: + msg: "Settings -> System -> Disable query logging" + + - name: Permit all logins + debug: + msg: "Settings -> DNS -> Interface settings -> Permit all origins + save" + + - name: Deactivate blocking + debug: + msg: "Deactive blocking" + diff --git a/install_semaphore.yaml b/install_semaphore.yaml index 2ed5fce..2c69900 100644 --- a/install_semaphore.yaml +++ b/install_semaphore.yaml @@ -18,7 +18,7 @@ name: semaphore_lib state: present - - name: Create portainer container + - name: Create semaphore container community.docker.docker_container: name: semaphore image: semaphoreui/semaphore @@ -28,7 +28,6 @@ published_ports: - "3000:3000/tcp" volumes: -# - /var/run/docker.sock:/var/run/docker.sock - semaphore_etc:/etc/semaphore - semaphore_lib:/var/lib/semaphore env: