From a27071c06ad8306dd2becd0aa361d2afe4423bf7 Mon Sep 17 00:00:00 2001 From: Jan Beilicke Date: Tue, 24 Mar 2020 01:04:18 +0100 Subject: [PATCH] Initial commit --- README.md | 27 ++++++++++++++ ansible.cfg | 21 +++++++++++ common.yml | 6 +++ docker.yml | 9 +++++ files/public_keys/.keep | 0 files/tmux.conf | 67 ++++++++++++++++++++++++++++++++++ group_vars/.keep | 0 group_vars/docker.yml | 10 +++++ inventory.ini.sample | 17 +++++++++ jitsi.yml | 7 ++++ nextcloud.yml | 7 ++++ playbooks/base-upgrade.yml | 22 +++++++++++ playbooks/bootstrap-python.yml | 21 +++++++++++ playbooks/nsupdate.yml | 39 ++++++++++++++++++++ requirements.yml | 15 ++++++++ site.yml | 7 ++++ 16 files changed, 275 insertions(+) create mode 100644 README.md create mode 100644 ansible.cfg create mode 100644 common.yml create mode 100644 docker.yml create mode 100644 files/public_keys/.keep create mode 100644 files/tmux.conf create mode 100644 group_vars/.keep create mode 100644 group_vars/docker.yml create mode 100644 inventory.ini.sample create mode 100644 jitsi.yml create mode 100644 nextcloud.yml create mode 100644 playbooks/base-upgrade.yml create mode 100644 playbooks/bootstrap-python.yml create mode 100644 playbooks/nsupdate.yml create mode 100644 requirements.yml create mode 100644 site.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..c745a4b --- /dev/null +++ b/README.md @@ -0,0 +1,27 @@ +# Self-host all the things! + +A repository containing a set of [Ansible](https://www.ansible.com/) roles and playbooks to provision self-hosted Open Source services to regain control of your data. + +## Services + +- Nextcloud Hub +- Jitsi Meet + +## Prerequisites + +- A server running Ubuntu or Debian and working SSH access +- Ansible on another computer that will send SSH commands to the target server to provision it + +## Quickstart: Vagrant + +By default, a `vagrant` user will be provisioned (if not already available) and used throughout the provisioning. + +**TODO: Provide Vagrantfile and further documentation!** + +## Quickstart: Regular server/VM + +- Clone this repo +- Install dependencies (roles): `ansible-galaxy install -r requirements.yml` +- Adapt the inventory and choose the services +- Configure each desired service by following the README of its role. +- Run the playbook `site.yml` or one of the service playbooks. diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..a5c6422 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,21 @@ +[defaults] +inventory = ./inventory.ini +roles_path = ./roles +forks = 20 +gathering = smart +fact_caching = jsonfile +fact_caching_connection = ./facts +fact_caching_timeout = 600 +log_path = ./ansible.log +nocows = 1 +#callback_whitelist = profile_tasks +private_key_file = ~/.ssh/keys.d/id_ansible + +[privilege_escalation] +become = false + +[ssh_connection] +ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ServerAliveInterval=60 +control_path = %(directory)s/%%h-%%r +pipelining = True +timeout = 10 diff --git a/common.yml b/common.yml new file mode 100644 index 0000000..302a80f --- /dev/null +++ b/common.yml @@ -0,0 +1,6 @@ +--- +# Common provisioning + +- hosts: all + roles: + - jotbe.common diff --git a/docker.yml b/docker.yml new file mode 100644 index 0000000..1d0c86d --- /dev/null +++ b/docker.yml @@ -0,0 +1,9 @@ +--- +# Basic Docker environment + +- hosts: docker + become: true + roles: + - geerlingguy.pip + - geerlingguy.docker + - jotbe.traefik-docker \ No newline at end of file diff --git a/files/public_keys/.keep b/files/public_keys/.keep new file mode 100644 index 0000000..e69de29 diff --git a/files/tmux.conf b/files/tmux.conf new file mode 100644 index 0000000..953cc21 --- /dev/null +++ b/files/tmux.conf @@ -0,0 +1,67 @@ +#new-session -n $HOST +unbind C-b + +set -g prefix C-y +bind-key y send-prefix # For nested tmux sessions + +set -g default-terminal "screen-256color" + +# BEGIN it +#set-option -g default-shell "/bin/fish" +# END it + +# BEGIN tp +#set-option -g default-shell "/usr/bin/fish" +# END tp + +set -g history-limit 10000 +set -g update-environment "DBUS_SESSION_BUS_ADDRESS DISPLAY SSH_AUTH_SOCK XAUTHORITY" + +set -g base-index 1 +set-window-option -g pane-base-index 1 +#set -g mouse-select-pane on +#set -g mouse on + +############################################################################ +## Status Bar +############################################################################# +#set-option -g status-utf8 on +#set-option -g status-justify right +#set-option -g status-bg black # colour213 # pink +#set-option -g status-fg cyan +#set-option -g status-interval 5 +#set-option -g status-left-length 30 +#set-option -g status-left '#[fg=magenta]» #[fg=blue,bold]#T#[default]' +#set-option -g status-right '#[fg=red,bold][[ #(git branch) branch ]] #[fg=cyan]»» #[fg=blue,bold]###S #[fg=magenta]%R %m-%d#(acpi | cut -d ',' -f 2)#[default]' +#set-option -g visual-activity on + +# Titles (window number, program name, active (or not) +set-option -g set-titles on +set-option -g set-titles-string '#H:#S.#I.#P #W #T' + +set -s escape-time 0 + +setw -g automatic-rename +setw -g aggressive-resize on +setw -g mode-keys vi + +#bind - set default-path $PWD \; split-window -v\; set default-path ~/ +#bind | set default-path $PWD \; split-window -h\; set default-path ~/ +unbind % +#unbind : +bind - split-window -v +bind | split-window -h + +bind-key C-y last-window +bind-key k kill-window +bind-key K kill-session + +bind-key c new-window -c "#{pane_current_path}" + +# force a reload of the config file +unbind r +bind r source-file ~/.tmux.conf \; display-message "Config reloaded." + +unbind ^A +bind ^A select-pane -t :.+ + diff --git a/group_vars/.keep b/group_vars/.keep new file mode 100644 index 0000000..e69de29 diff --git a/group_vars/docker.yml b/group_vars/docker.yml new file mode 100644 index 0000000..ab46aba --- /dev/null +++ b/group_vars/docker.yml @@ -0,0 +1,10 @@ +pip_install_packages: + - name: docker + - name: docker-compose +docker_edition: "ce" +docker_version: "19.03.5" +docker_package: "docker-{{ docker_edition }}" +docker_package_state: present +docker_compose_version: "1.25.0" +docker_users: + - deploy \ No newline at end of file diff --git a/inventory.ini.sample b/inventory.ini.sample new file mode 100644 index 0000000..d1a3820 --- /dev/null +++ b/inventory.ini.sample @@ -0,0 +1,17 @@ +# All hosts +vagrant ansible_user + +[docker] +vagrant + +[ubuntu] +vagrant + +[debian:children] +ubuntu + +[nextcloud] +vagrant + +[jitsi-docker] +vagrant diff --git a/jitsi.yml b/jitsi.yml new file mode 100644 index 0000000..59f3210 --- /dev/null +++ b/jitsi.yml @@ -0,0 +1,7 @@ +--- +# Jitsi Meet + +- hosts: jitsi-docker + become: true + roles: + - jotbe.jitsi-docker \ No newline at end of file diff --git a/nextcloud.yml b/nextcloud.yml new file mode 100644 index 0000000..466347f --- /dev/null +++ b/nextcloud.yml @@ -0,0 +1,7 @@ +--- +# Nextcloud Hub + +- hosts: nextcloud + become: true + roles: + - jotbe.nextcloud-docker \ No newline at end of file diff --git a/playbooks/base-upgrade.yml b/playbooks/base-upgrade.yml new file mode 100644 index 0000000..8afb128 --- /dev/null +++ b/playbooks/base-upgrade.yml @@ -0,0 +1,22 @@ +--- +- hosts: debian + become: true + tasks: + - name: Upgrade base system + apt: upgrade=yes update_cache=yes + notify: restart server + # - name: Waiting for server to become available + # wait_for: + # port: 22 + # host: "{{ (ansible_ssh_host|default(ansible_host))|default(inventory_hostname) }}" + # search_regex: OpenSSH + # delay: 10 + # timeout: 60 + # connection: local + # handlers: + # - name: restart server + # become: true + # become_user: root + # reboot: + + # See also: https://www.middlewareinventory.com/blog/ansible_wait_for_reboot_to_complete/ \ No newline at end of file diff --git a/playbooks/bootstrap-python.yml b/playbooks/bootstrap-python.yml new file mode 100644 index 0000000..4443ed7 --- /dev/null +++ b/playbooks/bootstrap-python.yml @@ -0,0 +1,21 @@ +--- +- hosts: + - ubuntu + - debian + gather_facts: false + become: true + pre_tasks: + - name: Print env + raw: env + - name: Generate locals + raw: | + export LC_ALL="de_DE.UTF-8"; + export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; + locale-gen de_DE.UTF-8 + changed_when: false + - name: Install Python + raw: | + export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; + test -e /usr/bin/python || (apt -y update && apt -y install python python-apt) + changed_when: false + - setup: # gather facts \ No newline at end of file diff --git a/playbooks/nsupdate.yml b/playbooks/nsupdate.yml new file mode 100644 index 0000000..c9f255e --- /dev/null +++ b/playbooks/nsupdate.yml @@ -0,0 +1,39 @@ +--- +- hosts: localhost + connection: local + tasks: + - name: Add subdomains as CNAMEs to hh01.jotbe.io + nsupdate: + key_name: "{{ nsupdate_key_name }}" + key_algorithm: "{{ nsupdate_key_algorithm }}" + key_secret: "{{ nsupdate_private_key }}" + server: "{{ nsupdate_dns_server_name }}" + zone: hh01.jotbe.io + record: "{{ item }}" + type: CNAME + ttl: 600 + value: hh01.jotbe.io. + with_items: + - cloud + - hl + - nextcloud + - gitea + - trilium + - drone + - name: Remove subdomain CNAMEs from hh01.jotbe.io + nsupdate: + key_name: "{{ nsupdate_key_name }}" + key_algorithm: "{{ nsupdate_key_algorithm }}" + key_secret: "{{ nsupdate_private_key }}" + server: "{{ nsupdate_dns_server_name }}" + zone: hh01.jotbe.io + record: "{{ item }}" + type: CNAME + ttl: 600 + value: hh01.jotbe.io. + state: absent + with_items: + - notes + - plex + - emby + - jellyfin diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..b378f06 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,15 @@ +- geerlingguy.pip +- geerlingguy.docker + +- name: jotbe.common + src: https://git.jotbe.io/jotbe/ansible-role-common.git + scm: git +- name: jotbe.traefik-docker + src: https://git.jotbe.io/jotbe/ansible-role-traefik-docker.git + scm: git +- name: jotbe.nextcloud-docker + src: https://git.jotbe.io/jotbe/ansible-role-nextcloud-docker.git + scm: git +- name: jotbe.jitsi-docker + src: https://git.jotbe.io/jotbe/ansible-role-jitsi-docker.git + scm: git diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..c97c193 --- /dev/null +++ b/site.yml @@ -0,0 +1,7 @@ +--- +# Deploy all the things + +- import_playbook: common.yml +- import_playbook: docker.yml +- import_playbook: nextcloud.yml +- import_playbook: jitsi.yml