quotes and inv

dev changes
2025-11-12 14:32:58 +01:00 · 2025-11-12 12:36:02 +01:00 · 2025-11-12 12:32:43 +01:00 · 2025-11-11 22:02:15 +01:00 · 2025-11-11 20:57:01 +01:00
32 changed files with 289 additions and 35 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@
-*.key
+**/*.key
 **/*.pub
 kubeconfig
 .vscode
--- a/TODO.md
+++ b/TODO.md
@ -0,0 +1,3 @@
 **Clean up**
 - write config files to server-configs
 - set server-configs as global var
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@ -3,13 +3,14 @@ python_interpreter=/usr/bin/python3
 interpreter_python = auto_silent
 ansible_ssh_private_key_file=../root.key
 inventory=inventory/
-remote_user=admin_dev
+remote_user=ansible
 #log_path = ./ansible.log
 #verbosity = 0
 display_ok_hosts = true
 stdout_callback = yaml
 bin_ansible_callbacks = true
 deprecation_warnings= false
 host_key_checking = False
 [privilege_escalation]
 Become        = true
--- a/ansible/base.yaml
+++ b/ansible/base.yaml
@ -1,10 +1,21 @@
 ### Playbook for adding sysupgrade, add user and ssh hardening
 - name: Base setup
-  hosts: dev
+  hosts: all
  vars:
-    ansible_user: root
+    #ansible_user: root
  roles:
-    - roles/sysupgrade
+    - name: Setup host
-    - roles/user_add
+      role: roles/init
-    - roles/ssh_hardening
+      tags: setup_host
    - name: Sysupgrade role
      role: roles/sysupgrade
      tags: sysupgrade
    - name: User_add role
      role: roles/user_add
      tags: user_add
    - name: Ssh_hardening role
      role: roles/ssh_hardening
      tags: ssh_hardening
  tags:
  - base
--- a/ansible/full-install.yaml
+++ b/ansible/full-install.yaml
@ -1,11 +1,11 @@
 ### Playbook for datatroniq-challenge
 - name: Full install
-  hosts: dev
+  hosts: all
  become: false
  gather_facts: false
  vars:
-    ansible_user: root
+    ansible_user: ansible
 - name: Import base setup
  import_playbook: base.yaml
@ -21,3 +21,10 @@
  import_playbook: k8s-deployments.yaml
  tags:
    - k8s-deployments
 - name: Cleanup
  hosts: all
  roles:
    - role: roles/cleanup
  tags:
    - cleanup
--- a/ansible/inventory/dev.yaml
+++ b/ansible/inventory/dev.yaml
@ -1,3 +0,0 @@
 dev:
  hosts:
    0.0.0.0:
--- a/ansible/inventory/inventory.yaml
+++ b/ansible/inventory/inventory.yaml
@ -0,0 +1,11 @@
 dev:
  hosts:
    10.3.0.101:
  vars:
    confdir: "/root/server-configs"
 live:
  hosts:
    10.3.0.102:
  vars:
    confdir: "/root/server-configs"
--- a/ansible/k3s.yaml
+++ b/ansible/k3s.yaml
@ -1,7 +1,9 @@
 ### Playbook for installing k3s
 - name: Install k3s
-  hosts: dev
+  hosts: all
  become: yes
  roles:
-    - roles/k3s
+    - name: K3s role
      role: roles/k3s
      tags: k3s
--- a/ansible/k8s-deployments.yaml
+++ b/ansible/k8s-deployments.yaml
@ -1,12 +1,20 @@
 ### Playbook for deploying kubernetes resources
 - name: Install k8s apps
-  hosts: dev
+  hosts: all
  become: yes
  roles:
-    - roles/k8s-nginx-ingress
+    - name: Ingress role
-    - roles/k8s-cert-manager
+      role: roles/k8s-nginx-ingress
-    - roles/k8s-kube-prom-stack
+      tags: ingress
-    - roles/k8s-wordpress
+    - name: Cert-manager role
      role: roles/k8s-cert-manager
      tags: cert-mangager
    - name: Kube-prom role
      role: roles/k8s-kube-prom-stack
      tags: prom-stack
    - name: Wordpress role
      role: roles/k8s-wordpress
      tags: wordpress
  tags:
    - k8s-deployments
--- a/ansible/roles/cleanup/README.md
+++ b/ansible/roles/cleanup/README.md
@ -0,0 +1,38 @@
 Role Name
 =========
 A brief description of the role goes here.
 Requirements
 ------------
 Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
 Role Variables
 --------------
 A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
 Dependencies
 ------------
 A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
 Example Playbook
 ----------------
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
    - hosts: servers
      roles:
         - { role: username.rolename, x: 42 }
 License
 -------
 BSD
 Author Information
 ------------------
 An optional section for the role authors to include contact information, or a website (HTML is not allowed).
--- a/ansible/roles/cleanup/defaults/main.yml
+++ b/ansible/roles/cleanup/defaults/main.yml
@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # defaults file for cleanup
--- a/ansible/roles/cleanup/handlers/main.yml
+++ b/ansible/roles/cleanup/handlers/main.yml
@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # handlers file for cleanup
--- a/ansible/roles/cleanup/meta/main.yml
+++ b/ansible/roles/cleanup/meta/main.yml
@ -0,0 +1,35 @@
 #SPDX-License-Identifier: MIT-0
 galaxy_info:
  author: your name
  description: your role description
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: license (GPL-2.0-or-later, MIT, etc)
  min_ansible_version: 2.2
  # If this a Container Enabled role, provide the minimum Ansible Container version.
  # min_ansible_container_version:
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/ansible/roles/cleanup/tasks/main.yml
+++ b/ansible/roles/cleanup/tasks/main.yml
@ -0,0 +1,8 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for cleanup
 #
 - name: Remove config directory
  ansible.builtin.file:
    path: "{{ confdir }}"
    state: absent
--- a/ansible/roles/cleanup/tests/inventory
+++ b/ansible/roles/cleanup/tests/inventory
@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 localhost
--- a/ansible/roles/cleanup/tests/test.yml
+++ b/ansible/roles/cleanup/tests/test.yml
@ -0,0 +1,6 @@
 #SPDX-License-Identifier: MIT-0
 ---
 - hosts: localhost
  remote_user: root
  roles:
    - cleanup
--- a/ansible/roles/cleanup/vars/main.yml
+++ b/ansible/roles/cleanup/vars/main.yml
@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # vars file for cleanup
--- a/ansible/roles/init/README.md
+++ b/ansible/roles/init/README.md
@ -0,0 +1,38 @@
 Role Name
 =========
 A brief description of the role goes here.
 Requirements
 ------------
 Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
 Role Variables
 --------------
 A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
 Dependencies
 ------------
 A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
 Example Playbook
 ----------------
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
    - hosts: servers
      roles:
         - { role: username.rolename, x: 42 }
 License
 -------
 BSD
 Author Information
 ------------------
 An optional section for the role authors to include contact information, or a website (HTML is not allowed).
--- a/ansible/roles/init/defaults/main.yml
+++ b/ansible/roles/init/defaults/main.yml
@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # defaults file for init
--- a/ansible/roles/init/handlers/main.yml
+++ b/ansible/roles/init/handlers/main.yml
@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # handlers file for init
--- a/ansible/roles/init/meta/main.yml
+++ b/ansible/roles/init/meta/main.yml
@ -0,0 +1,35 @@
 #SPDX-License-Identifier: MIT-0
 galaxy_info:
  author: your name
  description: your role description
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: license (GPL-2.0-or-later, MIT, etc)
  min_ansible_version: 2.2
  # If this a Container Enabled role, provide the minimum Ansible Container version.
  # min_ansible_container_version:
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/ansible/roles/init/tasks/main.yml
+++ b/ansible/roles/init/tasks/main.yml
@ -0,0 +1,13 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for init
 - name: Setup host
  block:
    - name: Create config dir
      ansible.builtin.file:
        path: "{{ confdir }}"
        state: directory
        mode: 0700
  tags:
    - setup_host
--- a/ansible/roles/init/tests/inventory
+++ b/ansible/roles/init/tests/inventory
@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 localhost
--- a/ansible/roles/init/tests/test.yml
+++ b/ansible/roles/init/tests/test.yml
@ -0,0 +1,6 @@
 #SPDX-License-Identifier: MIT-0
 ---
 - hosts: localhost
  remote_user: root
  roles:
    - init
--- a/ansible/roles/init/vars/main.yml
+++ b/ansible/roles/init/vars/main.yml
@ -0,0 +1,3 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # vars file for init
--- a/ansible/roles/k3s/tasks/main.yml
+++ b/ansible/roles/k3s/tasks/main.yml
@ -44,7 +44,7 @@
 #- name: Copy k3s.config to server
 #  ansible.builtin.copy:
 #    src: k3s.config
-#    dest: /root/config.yaml
+#    dest: "{{ confdir }}"/config.yaml
 - name: Install k3s (disabled traefik in favour of nginx for modSecurity support)
  shell: |
--- a/ansible/roles/k8s-cert-manager/tasks/main.yml
+++ b/ansible/roles/k8s-cert-manager/tasks/main.yml
@ -11,17 +11,17 @@
 - name: Copy value files
  ansible.builtin.copy:
    src: files/values.yaml
-    dest: ~/cert-manager-values.yaml
+    dest: "{{ confdir }}/cert-manager-values.yaml"
 - name: Copy clusterissuer-staging yaml
  ansible.builtin.copy:
    src: files/clusterissuer-staging.yaml
-    dest: ~/
+    dest: "{{ confdir }}/"
 - name: Copy clusterissuer-prod yaml
  ansible.builtin.copy:
    src: files/clusterissuer-prod.yaml
-    dest: ~/
+    dest: "{{ confdir }}/" 
 - name: Install cert-manager
  kubernetes.core.helm:
@ -36,17 +36,17 @@
    values:
      installCRDs: true
    values_files:
-      /root/cert-manager-values.yaml
+      "{{ confdir }}/cert-manager-values.yaml"
    state: present
 - name: Create staging clusterissuer for letsencrypt
  kubernetes.core.k8s:
    kubeconfig: /etc/rancher/k3s/k3s.yaml
    state: present
-    src: /root/clusterissuer-staging.yaml
+    src: "{{ confdir }}/clusterissuer-staging.yaml"
 - name: Create prod clusterissuer for letsencrypt
  kubernetes.core.k8s:
    kubeconfig: /etc/rancher/k3s/k3s.yaml
    state: present
-    src: /root/clusterissuer-prod.yaml
+    src: "{{ confdir }}/clusterissuer-prod.yaml"
--- a/ansible/roles/k8s-kube-prom-stack/tasks/main.yml
+++ b/ansible/roles/k8s-kube-prom-stack/tasks/main.yml
@ -11,12 +11,12 @@
 - name: Copy value files
  ansible.builtin.copy:
    src: files/values.yaml
-    dest: /root/prom-values.yaml
+    dest: "{{ confdir }}/prom-values.yaml"
 - name: Copy wordpress-dashboard
  ansible.builtin.copy:
    src: files/wordpress-dashboard.yaml
-    dest: /root/
+    dest: "{{ confdir }}/"
 - name: Install kube-prom-stack
  kubernetes.core.helm:
@ -29,11 +29,11 @@
    wait: yes
    timeout: 600s
    values_files:
-      /root/prom-values.yaml  # Path to your custom values file, if needed
+      "{{ confdir }}/prom-values.yaml"
    state: present
 - name: Add wordpress-dashboard to grafana
  kubernetes.core.k8s:
    kubeconfig: /etc/rancher/k3s/k3s.yaml
    state: present
-    src: /root/wordpress-dashboard.yaml
+    src: "{{ confdir }}/wordpress-dashboard.yaml"
--- a/ansible/roles/k8s-nginx-ingress/tasks/main.yml
+++ b/ansible/roles/k8s-nginx-ingress/tasks/main.yml
@ -11,7 +11,7 @@
 - name: Copy value files
  ansible.builtin.copy:
    src: files/values.yaml
-    dest: /root/ingress-values.yaml
+    dest: "{{ confdir }}/ingress-values.yaml"
 - name: Install ingress-nginx
  kubernetes.core.helm:
@ -24,6 +24,6 @@
    wait: yes
    timeout: 600s
    values_files:
-      /root/ingress-values.yaml
+      "{{ confdir }}/ingress-values.yaml"
    state: present
--- a/ansible/roles/k8s-wordpress/tasks/main.yml
+++ b/ansible/roles/k8s-wordpress/tasks/main.yml
@ -11,7 +11,7 @@
 - name: Copy value files
  ansible.builtin.copy:
    src: files/values.yaml
-    dest: ~/wordpress-values.yaml
+    dest: "{{ confdir }}/wordpress-values.yaml"
 - name: Install wordpress
  kubernetes.core.helm:
@ -24,6 +24,6 @@
    wait: yes
    timeout: 600s
    values_files:
-      /root/wordpress-values.yaml
+      "{{ confdir }}/wordpress-values.yaml"
    state: present
--- a/ansible/roles/ssh_hardening/handlers/main.yml
+++ b/ansible/roles/ssh_hardening/handlers/main.yml
@ -4,5 +4,5 @@
 - name: restart_sshd
  ansible.builtin.service:
-    name: sshd
+    name: ssh
    state: restarted
--- a/9
+++ b/9
@ -0,0 +1,9 @@
 users:
  - name: ansible 
    groups: sudo
    shell: /bin/bash
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDorAQu895vEuoODXCagfS6mN+oQveUepKUaAFD/dm5dyG1i4TPa88US/oKko210XWZeAaqtCzuUV/ceahRyrPrFn78TFUtmIjxP1ym8W+19lzZ6tqb9xDlgXvJm4nR074NyFjK8DwBJQPGPjDKhxH6P02KuWJgjfUOW/7vFdB0Pd+fzjvUcb+k17F3b3SReqcR4PpdzP8tWJRkCfMpKkaTwk+T+56ub9RO2VKPvRhagd7pUBWyUCnSmVlUaUfBNidgErRRdd39dKSz6Ua4Oqs3JYOze/7Ib+3GOemkQBwpUW3PPqXSrL40f3BvhkQZdOPAR0Cz2Nync/u2rAdkH0oABHlWq6axWXKatOJ1zyN2SZwTe2d0RqPaP3eeKZ96caJ0u7LNSeXKVOp27qop46xe+USI109JA8dgvg1zw0mBIbhBcSef0feMSwxy/Za6ke/29hYishlowJF3S2Wk0XoZIMeKQjLPq70yBj/Kuf483ikO5MroqsSeVeyqMDSBeVCtW357tkzAJmJu76DFVJFe+2r8F7XhRMxh7q4FZnfxtu4rSjy1p8rZW5RP3faCHddeV8EMq3Pj2lEt/n2lcIQ0uwgQY7zNOHVnEMmyMjWlGhVSOcik7q4a5PmMETv2NqAVqAKAxwDfYG8KlhopWWTr4iDYNc+Wzk10ke7k5I6MTw== ansible
 runcmd:
  - echo 'ansible ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansible
Author	SHA1	Message	Date
m0e	54cd4a4def	quotes and inv	2025-11-12 14:32:58 +01:00
m0e	24d491ec8f	dev changes	2025-11-12 12:36:02 +01:00
m0e	dd8dfad862	dev changes	2025-11-12 12:32:43 +01:00
m0e	b2fdd94e80	added local inv	2025-11-11 22:02:15 +01:00
m0e	ed68c72a7e	local branch	2025-11-11 20:57:01 +01:00
-dev:
-  hosts:
-.0.0.0:
		`@ -0,0 +1,3 @@`
							`#SPDX-License-Identifier: MIT-0`
							`localhost`