davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add files via upload

Browse source
This commit is contained in:
David Rotermund 2024-04-04 13:53:58 +02:00 committed by GitHub
parent f27c3d735e
commit fca4dce088
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 155 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
backup_docker_volumes.yaml Normal file
View file

@ -0,0 +1,38 @@
---
- name: backup docker volume
hosts: all
become: true
gather_facts: true
tasks:
- name: make backup folder
ansible.builtin.file:
path: "/docker_backup/"
owner: "ansibleuser"
group: "ansibleuser"
mode: '0700'
state: "directory"
- name: delete old file
ansible.builtin.file:
path: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz"
state: "absent"
- name: create archive
community.general.archive:
dest: "/docker_backup/docker_volume_{{ ansible_hostname }}.tgz"
path: "/var/lib/docker/volumes"
owner: "ansibleuser"
- name: create sudo permision
lineinfile:
path: "/etc/sudoers.d/root"
create: true
state: present
line: "root ALL=(ansibleuser) NOPASSWD: ALL"
- name: scp file into safety
ansible.builtin.shell: 'scp -o "StrictHostKeyChecking accept-new" /docker_backup/docker_volume_{{ ansible_hostname }}.tgz ansibleuser@10.10.0.2:/home/backup_ansible/'
become: false

43
install_ldap_389ds.yaml
View file

@ -4,8 +4,12 @@
become: true become: true
tasks: tasks:
- name: remove other files
include_tasks: yaml_sub/install_docker.yaml
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
@ -20,13 +24,49 @@
- name: install 389 - name: install 389
dnf: dnf:
name: "389-ds-base,cockpit-389-ds" name: "389-ds-base"
state: latest state: latest
update_cache: true update_cache: true
skip_broken: true skip_broken: true
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: Create volume lam_etc
community.docker.docker_volume:
name: lam_etc
state: present
- name: Create lam container
community.docker.docker_container:
name: semaphore
image: ldapaccountmanager/lam
state: started
recreate: yes
restart_policy: always
published_ports:
- "80:80/tcp"
volumes:
- lam_etc:/var/lib/ldap-account-manager/config
env:
LAM_SKIP_PRECONFIGURE: false
LDAP_DOMAIN: ldap.neuro.uni-bremen.de
LDAP_BASE_DN: dc=ldap,dc=neuro,dc=uni-bremen,dc=de
LDAP_USERS_DN: ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
LDAP_GROUPS_DN: ou=groups,dc=my-domain,dc=com
LDAP_SERVER: ldap://10.10.0.4:389
# xxxxxx
LDAP_USER: cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
# xxxxxx
LAM_PASSWORD: lam
LAM_CONFIGURATION_DATABASE: files
LAM_DISABLE_TLS_CHECK: false
LDAP_ORGANISATION: "Neuro-Physik ITP"
# xxxxxx
LDAP_ADMIN_PASSWORD: adminpw
# xxxxxx
LDAP_READONLY_USER_PASSWORD: readonlypw
- name: set instance.inf - name: set instance.inf
blockinfile: blockinfile:
path: /root/instance.inf path: /root/instance.inf
@ -42,6 +82,7 @@
[slapd] [slapd]
instance_name = localhost instance_name = localhost
# xxxxxx
root_password = SOMEPASSWORD root_password = SOMEPASSWORD
port = 389 port = 389
secure_port = 636 secure_port = 636

74
install_pi_hole.yaml Normal file
View file

@ -0,0 +1,74 @@
---
- name: install pi hole
hosts: all
become: true
vars:
web_pass: "{{ pass }}"
tasks:
- name: Make sure systemd-resolved is disabled
ansible.builtin.systemd_service:
state: stopped
enabled: false
masked: true
name: systemd-resolved
ignore_errors: true
- name: install docker
ansible.builtin.include_tasks: yaml_sub/install_docker.yaml
- name: Create volume pi_hole_etc
community.docker.docker_volume:
name: pi_hole_etc
state: present
- name: Create volume pi_hole_dnsmasq
community.docker.docker_volume:
name: pi_hole_dnsmasq
state: present
- name: Create pi-hole container
community.docker.docker_container:
name: pihole
image: pihole/pihole
state: started
recreate: yes
restart_policy: always
published_ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp"
- "80:80/tcp"
volumes:
- 'pi_hole_etc:/etc/pihole'
- 'pi_hole_dnsmasq:/etc/dnsmasq.d'
env:
TZ: Europe/Berlin
PIHOLE_DNS_: "134.102.20.20;8.8.8.8;8.8.4.4"
DHCP_ACTIVE: "true"
DHCP_START: "10.10.220.1"
DHCP_END: "10.10.224.254"
DHCP_ROUTER: "10.0.0.250"
DHCP_LEASETIME: "24"
PIHOLE_DOMAIN: "neuro.uni-bremen.de"
DHCP_IPv6: "false"
IPv6: "false"
FTLCONF_LOCAL_IPV4: "10.10.0.5"
WEBPASSWORD: "{{ web_pass }}"
capabilities:
- NET_ADMIN
- name: Disable query logging
debug:
msg: "Settings -> System -> Disable query logging"
- name: Permit all logins
debug:
msg: "Settings -> DNS -> Interface settings -> Permit all origins + save"
- name: Deactivate blocking
debug:
msg: "Deactive blocking"

3
install_semaphore.yaml
View file

@ -18,7 +18,7 @@
name: semaphore_lib name: semaphore_lib
state: present state: present
- name: Create portainer container - name: Create semaphore container
community.docker.docker_container: community.docker.docker_container:
name: semaphore name: semaphore
image: semaphoreui/semaphore image: semaphoreui/semaphore
@ -28,7 +28,6 @@
published_ports: published_ports:
- "3000:3000/tcp" - "3000:3000/tcp"
volumes: volumes:
# - /var/run/docker.sock:/var/run/docker.sock
- semaphore_etc:/etc/semaphore - semaphore_etc:/etc/semaphore
- semaphore_lib:/var/lib/semaphore - semaphore_lib:/var/lib/semaphore
env: env: