ansible roles

README.md

@@ -18,13 +18,8 @@ Using [code-server docker container](#code-server) for Development / Maintenance
 
 - [Table of Contents](#table-of-contents)
 - [Services](#services)
+  - [myInfra stack](#myinfra-stack)
   - [SSH](#ssh)
-  - [Docker](#docker)
-  - [Volumes](#volumes)
-  - [Portainer](#portainer)
-  - [Promtail](#promtail)
-  - [Telegraf](#telegraf)
-    - [Setup \& Update](#setup--update)
   - [nginx](#nginx)
   - [code-server](#code-server)
   - [Home Assistant](#home-assistant)
@@ -33,49 +28,25 @@ Using [code-server docker container](#code-server) for Development / Maintenance
   - [Wyoming](#wyoming)
   - [Zigbee2mqtt](#zigbee2mqtt)
     - [Docker devices](#docker-devices)
-- [Host](#host)
+- [System](#system)
   - [proxmox - lxc container](#proxmox---lxc-container)
-  - [OS](#os)
+  - [Operation System](#operation-system)
   - [Packages and Requirements](#packages-and-requirements)
-  - [Users \& Groups](#users--groups)
+  - [Ansible](#ansible)
+    - [Roles](#roles)
+      - [myInfra.dev.homesrv01](#myinfradevhomesrv01)
   - [fstab](#fstab)
-  - [Update](#update)
 
 ## Services
 
+### myInfra stack
+
+docker, Portainer, promtail and telegraf [maintained on repo](/marcio.fernandes&myInfra).
+
 ### SSH
 
-Deployed and maintained by ansible role [myInfra.dev.homesrv1](./ansible/roles/myInfra.dev.homesrv01/README.md).
+Deployed and maintained by ansible role [myInfra.dev.homesrv1](#ansible).
 
-### Docker
-
-### Volumes
-
-```bash
-# requires mount /mnt/media@sshfs:nas.lan
-# required by LMS service
-docker volume create --driver local --opt type=none --opt device=/mnt/media@sshfs:nas.lan/music  --opt o=bind music
-
-
-# required by code-server service
-# required by Promtail service
-# required by Telegraf service
-docker volume create --driver local --opt type=none --opt device=/  --opt o=bind hostfs
-```
-
-### Portainer
-
-maintained by ansible myInfra.docker.portainer role
-
-### Promtail
-
-maintained by ansible myInfra.docker.promtail role
-
-### Telegraf
-
-#### Setup & Update
-
-maintained by ansible myInfra.docker.telegraf role
 
 ### nginx
 
@@ -106,7 +77,7 @@ services:
       - code-server_config:/config
       - code-server_root:/root
       - has_config:/config/workspace/has/volumes/config
-      - hostfs:/mnt/hostfs
+      - /:/mnt/hostfs
       #- ./../nginx/volumes/nginx_conf:/config/workspace/host/repos/homesrv01.dev.lan/services/nginx/volumes/nginx_conf
       #- mosquitto_config:/config/workspace/host/repos/homesrv01.dev.lan/services/mosquitto/volumes/config
       #- mosquitto_data:/config/workspace/host/repos/homesrv01.dev.lan/services/mosquitto/volumes/data
@@ -127,8 +98,6 @@ volumes:
   has_config:
     name: has_app_config
     external: true
-  hostfs:
-    external: true
   #mosquitto_config:
   #  external: true
   #mosquitto_data:
@@ -214,7 +183,7 @@ Links
 - [Home assistant integration](/marcio.fernandes/homeassistant#Zigbee2mqtt)
 - [Continuos Deploy - git action](./.gitea/workflows/services.zigbee2mqtt.yml)
 
-## Host
+## System
 
 Currently hosted on a proxmox ubuntu container.
 
@@ -276,7 +245,7 @@ ls -l /dev/ttyUSB0
 #lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file
 ```
 
-### OS
+### Operation System
 
 ```bash
 # lsb_release -a
@@ -292,35 +261,38 @@ Codename:       noble
 ### Packages and Requirements
 
 ```bash
-apt update -y && apt upgrade -y
-apt install curl -y
-apt install git -y
 curl -fsSL https://get.docker.com -o get-docker.sh && sh ./get-docker.sh 
 docker run hello-world && docker info
-apt install sshfs
 apt install ansible
+
 ```
 
-### Users & Groups
+### Ansible
+
+#### Roles
+
+##### myInfra.dev.homesrv01
+
+- ssh server
+- admin user
+- daily auto update script
+- git package
+- curl package
 
 ```bash
-# add user admin to docker group, so sudo is not required when executing docker commands
-usermod -aG docker admin
+#execute local
+sudo ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 ansible/site.yml
+```
+
+``` bash
+# check auto update scripts logs
+journalctl -r -t auto-update
 ```
 
 ### fstab
 
 ```bash
 # /etc/fstab
-
 # used by docker volume music
 sshfs#media@nas.lan:/home/media /mnt/media@sshfs:nas.lan fuse defaults,_netdev,allow_other,follow_symlinks 0 0
 ```
-
-### Update
-
-```bash
-./scripts/auto-update.sh
-ln -s $PWD/scripts/auto-update.sh /etc/cron.daily/auto-update
-journalctl -r -t auto-update
-```

ansible/core.yml

@@ -0,0 +1,5 @@
+- name: homesrv01 core playbook
+  hosts: all
+  roles:
+    - myInfra.dev.homesrv01.core
+    - myInfra.ssh

ansible/roles/myInfra.dev.homesrv01.core/.gitignore

@@ -0,0 +1,27 @@
+# Ansible Tower ignore list
+
+# Ansible runtime and backups
+*.original
+*.tmp
+*.bkp
+*.retry
+*.*~
+
+# Tower runtime roles 
+roles/**
+!roles/myInfra.dev.homesrv01
+!roles/requirements.yml
+
+# Try tyo avoid any plain-text passwords 
+*pwd*
+*pass*
+*password*
+*.txt
+
+# Exclude all binaries
+*.bin
+*.jar
+*.tar
+*.zip
+*.gzip
+*.tgz

ansible/roles/myInfra.dev.homesrv01.core/meta/main.yml

@@ -0,0 +1,60 @@
+
+
+
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+# dependencies:
+#    - role: myInfra.ssh
+#  - role: myInfra.docker.portainer
+#  - role: myInfra.docker.promtail
+#  - role: myInfra.docker.telegraf
+#  - role: myInfra.dev.homesrv01.core
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

ansible/roles/myInfra.dev.homesrv01.core/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+
+- name: admin user - setup
+  become: true
+  ansible.builtin.user:
+    name: admin
+    shell: /bin/bash
+    groups: sudo,docker
+    append: yes
+
+- name: Install/Update Packages
+  become: true
+  ansible.builtin.package:
+    name:
+      - git
+      - curl
+    state: latest
+
+
+

ansible/roles/myInfra.dev.homesrv01/handlers/main.yml

@@ -1,6 +0,0 @@
----
-- import_tasks: services.ssh.yml
-
-
-
-

ansible/roles/myInfra.dev.homesrv01/meta/main.yml

@@ -50,8 +50,8 @@ galaxy_info:
     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
     #       Maximum 20 tags per role.
 
-# dependencies:
-#  - role: myInfra.journald
+#  dependencies:
+#   - role: myInfra.dev.homesrv01.core
 #  - role: myInfra.docker.portainer
 #  - role: myInfra.docker.promtail
 #  - role: myInfra.docker.telegraf

ansible/roles/myInfra.dev.homesrv01/tasks/main.yml

@@ -1,6 +1,12 @@
 ---
-- import_tasks: services.ssh.yml
-
+- name: docker - music volume
+  community.docker.docker_volume:
+    name: music
+    driver: local
+    driver_options:
+      type: none
+      device: /mnt/media@sshfs:nas.lan/music
+      o: bind
 
 
 

ansible/roles/myInfra.ssh/.gitignore

@@ -0,0 +1,27 @@
+# Ansible Tower ignore list
+
+# Ansible runtime and backups
+*.original
+*.tmp
+*.bkp
+*.retry
+*.*~
+
+# Tower runtime roles 
+roles/**
+!roles/myInfra.dev.homesrv01
+!roles/requirements.yml
+
+# Try tyo avoid any plain-text passwords 
+*pwd*
+*pass*
+*password*
+*.txt
+
+# Exclude all binaries
+*.bin
+*.jar
+*.tar
+*.zip
+*.gzip
+*.tgz

ansible/roles/myInfra.ssh/handlers/main.yml

@@ -5,4 +5,7 @@
     daemon_reload: true
     name: ssh
     enabled: true
-    state: restarted
+    state: restarted
+
+
+

ansible/roles/myInfra.ssh/meta/main.yml

@@ -0,0 +1,60 @@
+
+
+
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+# dependencies:
+#  - role: myInfra.journald
+#  - role: myInfra.docker.portainer
+#  - role: myInfra.docker.promtail
+#  - role: myInfra.docker.telegraf
+#  - role: myInfra.dev.homesrv01.core
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

ansible/roles/myInfra.ssh/tasks/main.yml

@@ -1,12 +1,11 @@
 ---
-- name: SSH - Install/Update Latest
+- name: Install/Update openssh-server
   become: true
   ansible.builtin.package:
     name:
       - openssh-server
     state: latest
-  notify:
-    - SSH - Restart Service
+
 
 - name: SSH - Setup & Config
   copy:
@@ -23,4 +22,9 @@
       PasswordAuthentication no
   
   notify:
-    - SSH - Restart Service
+    - SSH - Restart Service
+
+
+
+
+

ansible/run-site.local.sh

@@ -1,2 +0,0 @@
-#/bin/bash
-ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 site.yml

ansible/site.yml

@@ -1,4 +1,8 @@
 - name: homesrv01 playbook
   hosts: all
   roles:
+    - myInfra.dev.homesrv01.core
+    - myInfra.ssh
     - myInfra.dev.homesrv01
+
+  

scripts/auto-update.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-scriptPath="$(dirname "$(readlink -f "$0")")"
-doWork(){
-    apt update -y 
-    apt upgrade -y
-#    $scriptPath/../services/nginx/docker-run.sh
-#    docker image prune -f
-}
-doWork 2>&1 | logger -s -t "auto-update"
-exit 0
-