diff --git a/README.md b/README.md index 6a7ef3a..182dbe2 100644 --- a/README.md +++ b/README.md @@ -18,13 +18,8 @@ Using [code-server docker container](#code-server) for Development / Maintenance - [Table of Contents](#table-of-contents) - [Services](#services) + - [myInfra stack](#myinfra-stack) - [SSH](#ssh) - - [Docker](#docker) - - [Volumes](#volumes) - - [Portainer](#portainer) - - [Promtail](#promtail) - - [Telegraf](#telegraf) - - [Setup \& Update](#setup--update) - [nginx](#nginx) - [code-server](#code-server) - [Home Assistant](#home-assistant) @@ -33,49 +28,25 @@ Using [code-server docker container](#code-server) for Development / Maintenance - [Wyoming](#wyoming) - [Zigbee2mqtt](#zigbee2mqtt) - [Docker devices](#docker-devices) -- [Host](#host) +- [System](#system) - [proxmox - lxc container](#proxmox---lxc-container) - - [OS](#os) + - [Operation System](#operation-system) - [Packages and Requirements](#packages-and-requirements) - - [Users \& Groups](#users--groups) + - [Ansible](#ansible) + - [Roles](#roles) + - [myInfra.dev.homesrv01](#myinfradevhomesrv01) - [fstab](#fstab) - - [Update](#update) ## Services +### myInfra stack + +docker, Portainer, promtail and telegraf [maintained on repo](/marcio.fernandes&myInfra). + ### SSH -Deployed and maintained by ansible role [myInfra.dev.homesrv1](./ansible/roles/myInfra.dev.homesrv01/README.md). +Deployed and maintained by ansible role [myInfra.dev.homesrv1](#ansible). -### Docker - -### Volumes - -```bash -# requires mount /mnt/media@sshfs:nas.lan -# required by LMS service -docker volume create --driver local --opt type=none --opt device=/mnt/media@sshfs:nas.lan/music --opt o=bind music - - -# required by code-server service -# required by Promtail service -# required by Telegraf service -docker volume create --driver local --opt type=none --opt device=/ --opt o=bind hostfs -``` - -### Portainer - -maintained by ansible myInfra.docker.portainer role - -### Promtail - -maintained by ansible myInfra.docker.promtail role - -### Telegraf - -#### Setup & Update - -maintained by ansible myInfra.docker.telegraf role ### nginx @@ -106,7 +77,7 @@ services: - code-server_config:/config - code-server_root:/root - has_config:/config/workspace/has/volumes/config - - hostfs:/mnt/hostfs + - /:/mnt/hostfs #- ./../nginx/volumes/nginx_conf:/config/workspace/host/repos/homesrv01.dev.lan/services/nginx/volumes/nginx_conf #- mosquitto_config:/config/workspace/host/repos/homesrv01.dev.lan/services/mosquitto/volumes/config #- mosquitto_data:/config/workspace/host/repos/homesrv01.dev.lan/services/mosquitto/volumes/data @@ -127,8 +98,6 @@ volumes: has_config: name: has_app_config external: true - hostfs: - external: true #mosquitto_config: # external: true #mosquitto_data: @@ -214,7 +183,7 @@ Links - [Home assistant integration](/marcio.fernandes/homeassistant#Zigbee2mqtt) - [Continuos Deploy - git action](./.gitea/workflows/services.zigbee2mqtt.yml) -## Host +## System Currently hosted on a proxmox ubuntu container. @@ -276,7 +245,7 @@ ls -l /dev/ttyUSB0 #lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file ``` -### OS +### Operation System ```bash # lsb_release -a @@ -292,35 +261,38 @@ Codename: noble ### Packages and Requirements ```bash -apt update -y && apt upgrade -y -apt install curl -y -apt install git -y curl -fsSL https://get.docker.com -o get-docker.sh && sh ./get-docker.sh docker run hello-world && docker info -apt install sshfs apt install ansible + ``` -### Users & Groups +### Ansible + +#### Roles + +##### myInfra.dev.homesrv01 + +- ssh server +- admin user +- daily auto update script +- git package +- curl package ```bash -# add user admin to docker group, so sudo is not required when executing docker commands -usermod -aG docker admin +#execute local +sudo ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 ansible/site.yml +``` + +``` bash +# check auto update scripts logs +journalctl -r -t auto-update ``` ### fstab ```bash # /etc/fstab - # used by docker volume music sshfs#media@nas.lan:/home/media /mnt/media@sshfs:nas.lan fuse defaults,_netdev,allow_other,follow_symlinks 0 0 ``` - -### Update - -```bash -./scripts/auto-update.sh -ln -s $PWD/scripts/auto-update.sh /etc/cron.daily/auto-update -journalctl -r -t auto-update -``` diff --git a/ansible/core.yml b/ansible/core.yml new file mode 100644 index 0000000..44c5a49 --- /dev/null +++ b/ansible/core.yml @@ -0,0 +1,5 @@ +- name: homesrv01 core playbook + hosts: all + roles: + - myInfra.dev.homesrv01.core + - myInfra.ssh diff --git a/ansible/roles/myInfra.dev.homesrv01.core/.gitignore b/ansible/roles/myInfra.dev.homesrv01.core/.gitignore new file mode 100644 index 0000000..820b04e --- /dev/null +++ b/ansible/roles/myInfra.dev.homesrv01.core/.gitignore @@ -0,0 +1,27 @@ +# Ansible Tower ignore list + +# Ansible runtime and backups +*.original +*.tmp +*.bkp +*.retry +*.*~ + +# Tower runtime roles +roles/** +!roles/myInfra.dev.homesrv01 +!roles/requirements.yml + +# Try tyo avoid any plain-text passwords +*pwd* +*pass* +*password* +*.txt + +# Exclude all binaries +*.bin +*.jar +*.tar +*.zip +*.gzip +*.tgz \ No newline at end of file diff --git a/ansible/roles/myInfra.dev.homesrv01.core/README.md b/ansible/roles/myInfra.dev.homesrv01.core/README.md new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/myInfra.dev.homesrv01.core/meta/main.yml b/ansible/roles/myInfra.dev.homesrv01.core/meta/main.yml new file mode 100644 index 0000000..46d26b7 --- /dev/null +++ b/ansible/roles/myInfra.dev.homesrv01.core/meta/main.yml @@ -0,0 +1,60 @@ + + + +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +# dependencies: +# - role: myInfra.ssh +# - role: myInfra.docker.portainer +# - role: myInfra.docker.promtail +# - role: myInfra.docker.telegraf +# - role: myInfra.dev.homesrv01.core + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/ansible/roles/myInfra.dev.homesrv01.core/tasks/main.yml b/ansible/roles/myInfra.dev.homesrv01.core/tasks/main.yml new file mode 100644 index 0000000..71a0e55 --- /dev/null +++ b/ansible/roles/myInfra.dev.homesrv01.core/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- name: admin user - setup + become: true + ansible.builtin.user: + name: admin + shell: /bin/bash + groups: sudo,docker + append: yes + +- name: Install/Update Packages + become: true + ansible.builtin.package: + name: + - git + - curl + state: latest + + + diff --git a/ansible/roles/myInfra.dev.homesrv01/handlers/main.yml b/ansible/roles/myInfra.dev.homesrv01/handlers/main.yml deleted file mode 100644 index e7734db..0000000 --- a/ansible/roles/myInfra.dev.homesrv01/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- import_tasks: services.ssh.yml - - - - diff --git a/ansible/roles/myInfra.dev.homesrv01/meta/main.yml b/ansible/roles/myInfra.dev.homesrv01/meta/main.yml index 435be41..54a5e2e 100644 --- a/ansible/roles/myInfra.dev.homesrv01/meta/main.yml +++ b/ansible/roles/myInfra.dev.homesrv01/meta/main.yml @@ -50,8 +50,8 @@ galaxy_info: # NOTE: A tag is limited to a single word comprised of alphanumeric characters. # Maximum 20 tags per role. -# dependencies: -# - role: myInfra.journald +# dependencies: +# - role: myInfra.dev.homesrv01.core # - role: myInfra.docker.portainer # - role: myInfra.docker.promtail # - role: myInfra.docker.telegraf diff --git a/ansible/roles/myInfra.dev.homesrv01/tasks/main.yml b/ansible/roles/myInfra.dev.homesrv01/tasks/main.yml index e7734db..ab4d0d9 100644 --- a/ansible/roles/myInfra.dev.homesrv01/tasks/main.yml +++ b/ansible/roles/myInfra.dev.homesrv01/tasks/main.yml @@ -1,6 +1,12 @@ --- -- import_tasks: services.ssh.yml - +- name: docker - music volume + community.docker.docker_volume: + name: music + driver: local + driver_options: + type: none + device: /mnt/media@sshfs:nas.lan/music + o: bind diff --git a/ansible/roles/myInfra.ssh/.gitignore b/ansible/roles/myInfra.ssh/.gitignore new file mode 100644 index 0000000..820b04e --- /dev/null +++ b/ansible/roles/myInfra.ssh/.gitignore @@ -0,0 +1,27 @@ +# Ansible Tower ignore list + +# Ansible runtime and backups +*.original +*.tmp +*.bkp +*.retry +*.*~ + +# Tower runtime roles +roles/** +!roles/myInfra.dev.homesrv01 +!roles/requirements.yml + +# Try tyo avoid any plain-text passwords +*pwd* +*pass* +*password* +*.txt + +# Exclude all binaries +*.bin +*.jar +*.tar +*.zip +*.gzip +*.tgz \ No newline at end of file diff --git a/ansible/roles/myInfra.ssh/README.md b/ansible/roles/myInfra.ssh/README.md new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml b/ansible/roles/myInfra.ssh/handlers/main.yml similarity index 84% rename from ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml rename to ansible/roles/myInfra.ssh/handlers/main.yml index a83f8aa..aad8942 100644 --- a/ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml +++ b/ansible/roles/myInfra.ssh/handlers/main.yml @@ -5,4 +5,7 @@ daemon_reload: true name: ssh enabled: true - state: restarted \ No newline at end of file + state: restarted + + + diff --git a/ansible/roles/myInfra.ssh/meta/main.yml b/ansible/roles/myInfra.ssh/meta/main.yml new file mode 100644 index 0000000..435be41 --- /dev/null +++ b/ansible/roles/myInfra.ssh/meta/main.yml @@ -0,0 +1,60 @@ + + + +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +# dependencies: +# - role: myInfra.journald +# - role: myInfra.docker.portainer +# - role: myInfra.docker.promtail +# - role: myInfra.docker.telegraf +# - role: myInfra.dev.homesrv01.core + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml b/ansible/roles/myInfra.ssh/tasks/main.yml similarity index 88% rename from ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml rename to ansible/roles/myInfra.ssh/tasks/main.yml index 7dc2c2a..abfa391 100644 --- a/ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml +++ b/ansible/roles/myInfra.ssh/tasks/main.yml @@ -1,12 +1,11 @@ --- -- name: SSH - Install/Update Latest +- name: Install/Update openssh-server become: true ansible.builtin.package: name: - openssh-server state: latest - notify: - - SSH - Restart Service + - name: SSH - Setup & Config copy: @@ -23,4 +22,9 @@ PasswordAuthentication no notify: - - SSH - Restart Service \ No newline at end of file + - SSH - Restart Service + + + + + diff --git a/ansible/run-site.local.sh b/ansible/run-site.local.sh deleted file mode 100755 index f4ba82c..0000000 --- a/ansible/run-site.local.sh +++ /dev/null @@ -1,2 +0,0 @@ -#/bin/bash -ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 site.yml \ No newline at end of file diff --git a/ansible/site.yml b/ansible/site.yml index 0638fa6..4d48066 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -1,4 +1,8 @@ - name: homesrv01 playbook hosts: all roles: + - myInfra.dev.homesrv01.core + - myInfra.ssh - myInfra.dev.homesrv01 + + diff --git a/scripts/auto-update.sh b/scripts/auto-update.sh deleted file mode 100755 index f521cb7..0000000 --- a/scripts/auto-update.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -scriptPath="$(dirname "$(readlink -f "$0")")" -doWork(){ - apt update -y - apt upgrade -y -# $scriptPath/../services/nginx/docker-run.sh -# docker image prune -f -} -doWork 2>&1 | logger -s -t "auto-update" -exit 0 -