diff --git a/README.md b/README.md index f360d83..6a7ef3a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,16 @@ The idea was to create a server with docker where it would be possible to isolat The server itself is on its own vlan (Vlan: homesrv) but requires communication with the Vlans: - IOT - + Using [code-server docker container](#code-server) for Development / Maintenance. + ## Table of Contents +- [Table of Contents](#table-of-contents) - [Services](#services) + - [SSH](#ssh) - [Docker](#docker) - [Volumes](#volumes) - [Portainer](#portainer) @@ -36,16 +39,19 @@ Using [code-server docker container](#code-server) for Development / Maintenance - [Packages and Requirements](#packages-and-requirements) - [Users \& Groups](#users--groups) - [fstab](#fstab) - - [ssh](#ssh) - [Update](#update) ## Services +### SSH + +Deployed and maintained by ansible role [myInfra.dev.homesrv1](./ansible/roles/myInfra.dev.homesrv01/README.md). + ### Docker ### Volumes -``` bash +```bash # requires mount /mnt/media@sshfs:nas.lan # required by LMS service docker volume create --driver local --opt type=none --opt device=/mnt/media@sshfs:nas.lan/music --opt o=bind music @@ -185,7 +191,7 @@ SONOFF Universal Zigbee 3.0 USB Dongle Plus attached on [proxmox host](#host). Patch security on [proxmox host](#host). (usb passthrough to [lxc container](#proxmox---lxc-container)) -``` yaml +```yaml #on proxmox hosting server chown 100000:100020 /dev/ttyUSB0 chown 100000:100020 /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 @@ -193,7 +199,7 @@ chown 100000:100020 /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plu #### Docker devices -``` yaml +```yaml .... devices: # Make sure this matched your adapter location @@ -311,17 +317,6 @@ usermod -aG docker admin sshfs#media@nas.lan:/home/media /mnt/media@sshfs:nas.lan fuse defaults,_netdev,allow_other,follow_symlinks 0 0 ``` -### ssh - -```bash -#/etc/ssh/sshd_config -PermitRootLogin no -``` - -```bash -systemctl restart ssh -``` - ### Update ```bash diff --git a/ansible/roles/myInfra.dev.homesrv01/.gitignore b/ansible/roles/myInfra.dev.homesrv01/.gitignore new file mode 100644 index 0000000..820b04e --- /dev/null +++ b/ansible/roles/myInfra.dev.homesrv01/.gitignore @@ -0,0 +1,27 @@ +# Ansible Tower ignore list + +# Ansible runtime and backups +*.original +*.tmp +*.bkp +*.retry +*.*~ + +# Tower runtime roles +roles/** +!roles/myInfra.dev.homesrv01 +!roles/requirements.yml + +# Try tyo avoid any plain-text passwords +*pwd* +*pass* +*password* +*.txt + +# Exclude all binaries +*.bin +*.jar +*.tar +*.zip +*.gzip +*.tgz \ No newline at end of file diff --git a/ansible/roles/myInfra.dev.homesrv01/handlers/main.yml b/ansible/roles/myInfra.dev.homesrv01/handlers/main.yml new file mode 100644 index 0000000..e7734db --- /dev/null +++ b/ansible/roles/myInfra.dev.homesrv01/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- import_tasks: services.ssh.yml + + + + diff --git a/ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml b/ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml new file mode 100644 index 0000000..a83f8aa --- /dev/null +++ b/ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml @@ -0,0 +1,8 @@ +--- +- name: SSH - Restart Service + become: true + ansible.builtin.service: + daemon_reload: true + name: ssh + enabled: true + state: restarted \ No newline at end of file diff --git a/ansible/roles/myInfra.dev.homesrv01/meta/main.yml b/ansible/roles/myInfra.dev.homesrv01/meta/main.yml index 485635e..435be41 100644 --- a/ansible/roles/myInfra.dev.homesrv01/meta/main.yml +++ b/ansible/roles/myInfra.dev.homesrv01/meta/main.yml @@ -50,10 +50,11 @@ galaxy_info: # NOTE: A tag is limited to a single word comprised of alphanumeric characters. # Maximum 20 tags per role. -dependencies: - - role: myInfra.journald - - role: myInfra.docker.portainer - - role: myInfra.docker.promtail - - role: myInfra.docker.telegraf +# dependencies: +# - role: myInfra.journald +# - role: myInfra.docker.portainer +# - role: myInfra.docker.promtail +# - role: myInfra.docker.telegraf +# - role: myInfra.dev.homesrv01.core # List your role dependencies here, one per line. Be sure to remove the '[]' above, # if you add dependencies to this list. diff --git a/ansible/roles/myInfra.dev.homesrv01/tasks/main.yml b/ansible/roles/myInfra.dev.homesrv01/tasks/main.yml new file mode 100644 index 0000000..e7734db --- /dev/null +++ b/ansible/roles/myInfra.dev.homesrv01/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- import_tasks: services.ssh.yml + + + + diff --git a/ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml b/ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml new file mode 100644 index 0000000..7dc2c2a --- /dev/null +++ b/ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml @@ -0,0 +1,26 @@ +--- +- name: SSH - Install/Update Latest + become: true + ansible.builtin.package: + name: + - openssh-server + state: latest + notify: + - SSH - Restart Service + +- name: SSH - Setup & Config + copy: + dest: /etc/ssh/sshd_config.d/10-myLimbo.conf + content: | + ################################################################### + + # maintained by myInfra.dev.homesrv01 ansible role + # https://git.limbosolutions.com/marcio.fernandes/homesrv01.dev.lan + + #################################################################### + + PermitRootLogin no + PasswordAuthentication no + + notify: + - SSH - Restart Service \ No newline at end of file diff --git a/ansible/run-site.local.sh b/ansible/run-site.local.sh new file mode 100755 index 0000000..f4ba82c --- /dev/null +++ b/ansible/run-site.local.sh @@ -0,0 +1,2 @@ +#/bin/bash +ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 site.yml \ No newline at end of file diff --git a/ansible/site.yml b/ansible/site.yml new file mode 100644 index 0000000..0638fa6 --- /dev/null +++ b/ansible/site.yml @@ -0,0 +1,4 @@ +- name: homesrv01 playbook + hosts: all + roles: + - myInfra.dev.homesrv01