A service to replicate and serve requests for site configurations based on site ID, public IP, and the on-site lead contact's OTP.
Revision | 0ea9895801fbe158d5707ba4e9909311da1cc6b4 (tree) |
---|---|
Zeit | 2021-10-14 22:41:22 |
Autor | S. Seago <sseago-dev@proj...> |
Commiter | S. Seago |
Prep for CoreDNS
@@ -0,0 +1,25 @@ | ||
1 | +- name: Update current packages | |
2 | + ansible.builtin.apt: | |
3 | + update_cache: yes | |
4 | + cache_valid_time: 1800 | |
5 | + name: "*" | |
6 | + state: latest | |
7 | + fail_on_autoremove: yes | |
8 | + | |
9 | +- name: Make sure the automation group exists | |
10 | + ansible.builtin.user: | |
11 | + name: {{ automation_user }} | |
12 | + state: presents | |
13 | + gid: 2520 | |
14 | + | |
15 | +- name: Make sure the automation user exists | |
16 | + ansible.builtin.user: | |
17 | + name: {{ automation_user }} | |
18 | + comment: Project Celadon Automation User | |
19 | + uid: 2520 | |
20 | + state: present | |
21 | + group: {{ automation_user }} | |
22 | + create_home: yes | |
23 | + shell: /bin/bash | |
24 | + generate_ssh_key: yes | |
25 | + |
@@ -0,0 +1,21 @@ | ||
1 | +--- | |
2 | +- name: Remove existing Resolve section | |
3 | + replace: | |
4 | + path: /etc/systemd/resolved.conf | |
5 | + regexp: '^\[Resolve\][^[]+' | |
6 | + replace: '' | |
7 | + backup: yes | |
8 | + | |
9 | +- name: Set external DNS on base system to 9.9.9.9 | |
10 | + community.general.ini_file: | |
11 | + path: /etc/systemd/resolved.conf | |
12 | + section: Resolve | |
13 | + option: DNS | |
14 | + value: 9.9.9.9 | |
15 | + | |
16 | +- name: Disable DNS Stub Listener | |
17 | + community.general.ini_file: | |
18 | + path: /etc/systemd/resolved.conf | |
19 | + section: Resolve | |
20 | + option: DNSStubListener | |
21 | + value: no | |
\ No newline at end of file |
@@ -0,0 +1,12 @@ | ||
1 | +--- | |
2 | +- hosts: manifest | |
3 | + become: true | |
4 | + tasks: | |
5 | + - name: Import common role | |
6 | + import: common | |
7 | + | |
8 | + - name: Import sudo role | |
9 | + import: sudo | |
10 | + | |
11 | + - name: Import dns role | |
12 | + import: dns | |
\ No newline at end of file |
@@ -0,0 +1,1 @@ | ||
1 | +celadon-admin ALL=(ALL) NOPASSWD:ALL | |
\ No newline at end of file |
@@ -0,0 +1,15 @@ | ||
1 | +- name: Copy SSH key for automation user | |
2 | + tags: always,users,"automation user" | |
3 | + authorized_key: | |
4 | + user: "{{ automation_user }}" | |
5 | + state: present | |
6 | + key: "{{ key_path }}" | |
7 | + register: copy_ssh_key | |
8 | + | |
9 | +- name: Enable sudo without password for automation user | |
10 | + tags: always,users,"automation user" | |
11 | + copy: | |
12 | + src: ansible_sudoer | |
13 | + dest: /etc/sudoers.d/"{{ automation_user }}" | |
14 | + owner: root | |
15 | + group: root | |
\ No newline at end of file |
@@ -0,0 +1,3 @@ | ||
1 | +automation_user: celadon-robot | |
2 | +automation_pass: {{ garbage }} | |
3 | +key_path: ~/.ssh/id_ed25519.pub | |
\ No newline at end of file |
@@ -1,28 +0,0 @@ | ||
1 | -version: '3' | |
2 | -services: | |
3 | - httpd: | |
4 | - image: httpd | |
5 | - ports: | |
6 | - - 80:80 | |
7 | - - 443:443 | |
8 | - environment: | |
9 | - - MONGO_INITDB_ROOT_USERNAME=admin | |
10 | - - MONGO_INITDB_ROOT_PASSWORD=password | |
11 | - volumes: | |
12 | - - /srv/apache/www:/var/www | |
13 | - - /srv/apache/etc:/etc/a | |
14 | - letsencrypt: | |
15 | - image: blacklabelops/letsencrypt | |
16 | - volumes: | |
17 | - - letsencrypt_certs:/etc/letsencrypt | |
18 | - - letsencrypt_challenges:/var/www/letsencrypt | |
19 | - environment: | |
20 | - - LETSENCRYPT_WEBROOT_MODE=true | |
21 | - - LETSENCRYPT_EMAIL=ingress@projectceladon.org | |
22 | - - LETSENCRYPT_DOMAIN1=projectceladon.org | |
23 | - mongodb: | |
24 | - image: mongo | |
25 | - ports: | |
26 | - - 27017:27017 | |
27 | - volumes: | |
28 | - - | |
\ No newline at end of file |
@@ -0,0 +1,34 @@ | ||
1 | +version: '3' | |
2 | +services: | |
3 | + dns: | |
4 | + image: coredns | |
5 | + ports: | |
6 | + - 53:53 | |
7 | + | |
8 | + | |
9 | + httpd: | |
10 | + image: httpd | |
11 | + ports: | |
12 | + - 80:80 | |
13 | + - 443:443 | |
14 | + environment: | |
15 | + - MONGO_INITDB_ROOT_USERNAME=admin | |
16 | + - MONGO_INITDB_ROOT_PASSWORD=password | |
17 | + volumes: | |
18 | + - /srv/apache/www:/var/www | |
19 | + - /srv/apache/etc:/etc/a | |
20 | + letsencrypt: | |
21 | + image: blacklabelops/letsencrypt | |
22 | + volumes: | |
23 | + - letsencrypt_certs:/etc/letsencrypt | |
24 | + - letsencrypt_challenges:/var/www/letsencrypt | |
25 | + environment: | |
26 | + - LETSENCRYPT_WEBROOT_MODE=true | |
27 | + - LETSENCRYPT_EMAIL=ingress@projectceladon.org | |
28 | + - LETSENCRYPT_DOMAIN1=projectceladon.org | |
29 | + mongodb: | |
30 | + image: mongo | |
31 | + ports: | |
32 | + - 27017:27017 | |
33 | + volumes: | |
34 | + - | |
\ No newline at end of file |
@@ -1,17 +0,0 @@ | ||
1 | -version: '3' | |
2 | -services: | |
3 | - mongodb: | |
4 | - image: mongo | |
5 | - ports: | |
6 | - - 27017:27017 | |
7 | - environment: | |
8 | - - MONGO_INITDB_ROOT_USERNAME=admin | |
9 | - - MONGO_INITDB_ROOT_PASSWORD=password | |
10 | - mongo-express: | |
11 | - image: mongo-express | |
12 | - ports: | |
13 | - - 8080:8081 | |
14 | - environment: | |
15 | - - ME_CONFIG_MONGODB_ADMINUSERNAME=admin | |
16 | - - ME_CONFIG_MONGODB_ADMINPASSWORD=password | |
17 | - - ME_CONFIG_MONGODB_SERVER=mongodb | |
\ No newline at end of file |