diff --git a/dkhost.xai-corp.net.yml b/dkhost.xai-corp.net.yml index d9fa0eb..bad5cf7 100644 --- a/dkhost.xai-corp.net.yml +++ b/dkhost.xai-corp.net.yml @@ -2,7 +2,7 @@ # playbook for home02 -- hosts: dkhost02 +- hosts: dkhost01 remote_user: ansible gather_facts: yes become: true @@ -48,7 +48,7 @@ roles: # - _install_updates - - Datadog.datadog +# - Datadog.datadog - dockerhost - geerlingguy.nginx - certbot diff --git a/dockerfiles/sslproxy/host.conf b/dockerfiles/sslproxy/host.conf index eff8b3a..add970c 100644 --- a/dockerfiles/sslproxy/host.conf +++ b/dockerfiles/sslproxy/host.conf @@ -30,6 +30,22 @@ server { } +# tripbuilder.xai-corp.net +server { + listen 443 ssl; + server_name tripbuilder.xai-corp.net docker.dev; + ssl_certificate /etc/letsencrypt/live/tripbuilder.xai-corp.net/cert.pem; + ssl_certificate_key /etc/letsencrypt/live/tripbuilder.xai-corp.net/privkey.pem; + + #Strict-Transport-Security: max-age=15768000 + add_header Strict-Transport-Security "max-age=600; includeSubDomains" always; + + location / { + proxy_pass http://192.168.2.43:8080; + } + +} + # jenkins.xai-corp.net server { listen 443 ssl; diff --git a/manged_updates.yml b/managed_setup.yml similarity index 52% rename from manged_updates.yml rename to managed_setup.yml index 2d58f83..e8a4b76 100644 --- a/manged_updates.yml +++ b/managed_setup.yml @@ -1,9 +1,11 @@ # playbook for all managed hosts +# ansible-playbook managed_setup.yml -v --ask-become -u richard --ask-pass + - hosts: managed # remote_user: ansible - gather_facts: no + gather_facts: yes become: true vars: @@ -12,23 +14,41 @@ state: present shell: /bin/bash createhome: yes + generate_ssh_key: yes password: "$6$7z7PfYwduXom0o73$DEiy3K15URNNjmKkOQIwx8/mFKArUNYkFn8D/4q6t/eP9hf1X9jnG4YuSjI7q1Dnp1HwukZUxZY7cF2JK5DO/." ssh_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024 + - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024" uid: "1001" groups: - sudo + - name: "richard" + state: present + shell: /bin/bash + createhome: yes + generate_ssh_key: yes + password: "$6$yNKLUxX0$lxy/jaJI7cKCq5j.KondUalu9r96gUeRR//5qciZ/RX9z9PGSpbU9j7OsxaOzqV5uLeQ9ouIe8quo/2YqKE46/" + ssh_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024 + uid: "1000" + groups: + - sudo - users_groups: + - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb + # prepare python for ansible pre_tasks: - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) - setup: # aka gather_facts + - name: Creates .ssh directory + file: path=~/.ssh state=directory mode=600 + + - debug: var=ansible_os_family roles: - - _install_updates - novuso.users - - Datadog.datadog + - user-richard +# - Datadog.datadog #does not support armhf architecture. should switch to fluentd or logstash tasks: - name: add ansible to sudoers diff --git a/managed_updates.yml b/managed_updates.yml new file mode 100644 index 0000000..ac30d85 --- /dev/null +++ b/managed_updates.yml @@ -0,0 +1,17 @@ +# playbook for all managed hosts + +# ansible-playbook managed_updates.yml -v --ask-become -u richard --ask-pass + + +- hosts: managed + remote_user: ansible + gather_facts: yes + become: True + + vars: + + roles: + - _install_updates + - user-richard + + tasks: diff --git a/ns.xai-corp.net.yml b/ns.xai-corp.net.yml index e54178e..2510c01 100644 --- a/ns.xai-corp.net.yml +++ b/ns.xai-corp.net.yml @@ -8,31 +8,32 @@ become: true vars: - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb - datadog_checks: - system: - init_config: [] - instances: [] - disk: - init_config: - instances: - - use_mount: yes - excluded_filesystems: - - sysfs - - cgroup - - tracefs - - debugfs - - proc - - securityfs - excluded_mountpoint_re: /[media/richard|run/user].* +# datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb +# datadog_checks: +# system: +# init_config: [] +# instances: [] +# disk: +# init_config: +# instances: +# - use_mount: yes +# excluded_filesystems: +# - sysfs +# - cgroup +# - tracefs +# - debugfs +# - proc +# - securityfs +# excluded_mountpoint_re: /[media/richard|run/user].* roles: - - _install_updates - - Datadog.datadog +# - _install_updates +# - Datadog.datadog - ns.xai-corp.net + - dynamic-ip # - td-agent-bit post_tasks: -# - name: check service is up -# service: name={{ bind.service }} state=started + - name: check service is up + service: name={{ bind.service }} state=started diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index 97c1e69..0551bea 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -28,6 +28,7 @@ - dkui.xai-corp.net - jenkins.xai-corp.net - logs.xai-corp.net + - tripbuilder.xai-corp.net - name: cron job for renewing certs cron: diff --git a/roles/ns.xai-corp.net/tasks/main.yml b/roles/ns.xai-corp.net/tasks/main.yml index f48c394..01798e1 100644 --- a/roles/ns.xai-corp.net/tasks/main.yml +++ b/roles/ns.xai-corp.net/tasks/main.yml @@ -21,11 +21,19 @@ - restart bind - name: copy zone files to /etc/bind/ - template: src={{ item }}.j2 dest=/etc/bind/db.{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0644 + template: + src: "{{ item }}.j2" + dest: /etc/bind/db.{{ item }} + owner: "{{ bind.user }}" + group: "{{ bind.group }}" + mode: 0644 with_items: "{{ bind.zonefiles }}" notify: - restart bind +- name: test zone files + command: named-checkzone xai-corp.net /etc/bind/db.xai-corp.net.internal + - name: copy named.confs to /etc/bind/ template: src={{ item }}.j2 dest=/etc/bind/{{ item }} owner={{ bind.user }} group={{ bind.group }} mode=0640 with_items: diff --git a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 index 9d632e1..132d28b 100644 --- a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 +++ b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 @@ -10,7 +10,7 @@ xai-corp.net. IN NS ns.xai-corp.net. xai-corp.net. IN MX 0 mail.xai-corp.net. xai-corp.net. IN TXT "v=spf1 ip4:192.168.2.11/32 mx ptr mx:mail.xai-corp.net ~all" ns IN A 192.168.2.22 -mail IN A 192.168.2.11 +mail IN A 192.168.2.12 gateway IN A 192.168.2.1 wireless IN A 192.168.2.3 @@ -21,15 +21,20 @@ tv IN A 192.168.2.16 xaicorp1 IN A 192.168.2.103 garden IN A 192.168.2.20 +home IN A 192.168.2.11 + +cubox-i IN A 192.168.2.12 + +home02 IN A 192.168.2.22 + +dkhost01 IN A 192.168.2.41 fs IN A 192.168.2.41 git IN A 192.168.2.41 jenkins IN A 192.168.2.41 -home IN A 192.168.2.11 -home02 IN A 192.168.2.22 -dkhost01 IN A 192.168.2.41 dkregistry IN A 192.168.2.41 dkui IN A 192.168.2.41 sql IN A 192.168.2.41 +tripbuilder IN A 192.168.2.41 logs IN A 192.168.2.42