diff --git a/.idea/webServers.xml b/.idea/webServers.xml
index 98008e8..41b2672 100644
--- a/.idea/webServers.xml
+++ b/.idea/webServers.xml
@@ -16,6 +16,13 @@
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/dkhost.xai-corp.net.yml b/dkhost.xai-corp.net.yml
new file mode 100644
index 0000000..7ddb7dc
--- /dev/null
+++ b/dkhost.xai-corp.net.yml
@@ -0,0 +1,57 @@
+---
+# playbook for home02
+
+
+- hosts: dkhost01
+ remote_user: ansible
+ gather_facts: yes
+ become: true
+
+ vars:
+ datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
+ datadog_checks:
+ system:
+ init_config: []
+ instances: []
+ disk:
+ init_config:
+ instances:
+ - use_mount: yes
+ excluded_filesystems:
+ - sysfs
+ - cgroup
+ - tracefs
+ - debugfs
+ - proc
+ - securityfs
+ excluded_mountpoint_re: /[media/richard|run/user].*
+# docker:
+# init_config:
+# instances:
+# - url: "unix://var/run/docker.sock"
+# new_tag_names: true
+ dockerhost:
+ users:
+ - dd-agent
+ - richard
+ - ansible
+
+ nginx_remove_default_vhost: true
+ nginx_vhosts_filename: "xai-corp.conf"
+ nginx_vhosts:
+ - listen: "80 default_server"
+ server_name: "xai-corp.net"
+ root: "/var/www/xai-corp.net"
+ index: "index.html index.htm"
+ access_log: "/var/log/nginx/xaicorp.access.log"
+ error_log: "/var/log/nginx/xaicorp.error.log"
+
+ roles:
+# - _install_updates
+# - Datadog.datadog
+# - dockerhost
+# - geerlingguy.nginx
+# - certbot
+ - docker_registry
+
+ post_tasks:
diff --git a/home02.xai-corp.net.yml b/home02.xai-corp.net.yml
index 7cc2d10..64ee8eb 100644
--- a/home02.xai-corp.net.yml
+++ b/home02.xai-corp.net.yml
@@ -28,8 +28,8 @@
roles:
-# - Datadog.datadog
-# - ns.xai-corp.net
+ - Datadog.datadog
+ - ns.xai-corp.net
- td-agent-bit
post_tasks:
diff --git a/requirements.yml b/requirements.yml
index 1261722..abd0eb6 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -16,4 +16,7 @@
- src: bennojoy.ntp
path: roles/vendor/
+- src: geerlingguy.nginx
+ path: roles/vendor/
+
diff --git a/roles/_install_updates/tasks/main.yml b/roles/_install_updates/tasks/main.yml
new file mode 100644
index 0000000..172f233
--- /dev/null
+++ b/roles/_install_updates/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+# update packages to latest
+
+- name: run apt updates
+ apt:
+ upgrade: dist
+ update_cache: yes
+ cache_valid_time: 3600
+ when: ansible_os_family == "Debian"
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
new file mode 100644
index 0000000..304ac71
--- /dev/null
+++ b/roles/certbot/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+# main task for installing Let's Encrypt's certbot tool
+# https://certbot.eff.org/#ubuntuxenial-other
+
+- name: install certbot on ubuntu 16.04
+ apt:
+ state: latest
+ package: "{{ item }}"
+ update_cache: yes
+ cache_valid_time: 3600
+ with_items:
+ - "letsencrypt"
+ when: ansible_os_family == "Debian"
+
+
+- name: create first certificates
+ command: "letsencrypt certonly --webroot -w /var/www/xai-corp.net -d {{ item }}"
+ args:
+ creates: /etc/letsencrypt/live/{{ item }}/cert.pem
+ with_items:
+ - xai-corp.net
+ - www.xai-corp.net
+ - dkregistry.xai-corp.net
+ - sql.xai-corp.net
+
+- name: cron job for renewing certs
+ cron:
+ name: renew let's encrypt certificates
+ state: present
+ user: root
+ day: "*/2"
+ job: "letsencrypt renew "
diff --git a/roles/docker/tasks/install.yml b/roles/docker/tasks/install.yml
deleted file mode 100644
index b1ee45a..0000000
--- a/roles/docker/tasks/install.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
- # main tasks to install docker
-
-
-- name: install packages
- apt: state=present package={{ item }}
- with_items:
- - "wget"
-
-- name: run docker install script
- command: "wget -qO- https://get.docker.com/ | sh"
- args:
- creates: /usr/bin/docker
-
-- name: create docker group
- group: state=present name=docker gid=999 system=yes
-
-- name: add users to docker group
- user: name={{ item }} groups=docker append=yes
- with_items:
- - richard
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
deleted file mode 100644
index 9a3cfd2..0000000
--- a/roles/docker/tasks/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
- # main docker tasks
-
-- include: install.yml
\ No newline at end of file
diff --git a/roles/docker_registry/defaults/creds.yml b/roles/docker_registry/defaults/creds.yml
new file mode 100644
index 0000000..4d9e4f2
--- /dev/null
+++ b/roles/docker_registry/defaults/creds.yml
@@ -0,0 +1,6 @@
+---
+# private credentials used in docker_registry
+
+docker_registry.users:
+ - { "richard" : "richard" }
+ - { "testuser" : "testpassword" }
diff --git a/roles/docker_registry/files/docker-compose.yml b/roles/docker_registry/files/docker-compose.yml
new file mode 100644
index 0000000..87a3d91
--- /dev/null
+++ b/roles/docker_registry/files/docker-compose.yml
@@ -0,0 +1,19 @@
+registry:
+ restart: always
+ image: registry:2
+ ports:
+ - 5000:5000
+ environment:
+# REGISTRY_HTTP_TLS_CERTIFICATE: /certs/cert.pem
+# REGISTRY_HTTP_TLS_KEY: /certs/privkey.pem
+# REGISTRY_HTTP_LETSENCRYPT_CACHEFILE:
+ REGISTRY_HTTP_LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
+ REGISTRY_HTTP_HOST: https://192.168.2.41:5000
+# REGISTRY_HTTP_ADDR: 192.168.2.41:5000
+# REGISTRY_AUTH: htpasswd
+# REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
+# REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
+ volumes:
+ - /opt/dkregistry/data:/var/lib/registry
+ - /etc/letsencrypt/live/dkregistry.xai-corp.net:/certs
+ - /opt/dkregistry/auth:/auth
diff --git a/roles/docker_registry/tasks/main.yml b/roles/docker_registry/tasks/main.yml
new file mode 100644
index 0000000..b269673
--- /dev/null
+++ b/roles/docker_registry/tasks/main.yml
@@ -0,0 +1,37 @@
+---
+# Main task for creating a docker registry
+
+- name: clean up old config
+ command: "rm -rf /opt/dkrepository"
+
+# create folders for certs, data,
+- name: create data folders (/opt/dkregistry)
+ file:
+ path: "{{ item }}"
+ state: directory
+ owner: root
+ group: docker
+ mode: 0770
+ with_items:
+ - /opt/dkregistry/data
+ - /opt/dkregistry/auth
+
+# make auth files using docker container
+- name: create auth file
+ shell: echo '' > /opt/dkregistry/auth/htpasswd
+
+- name: add user to auth file
+ shell: "docker run --entrypoint htpasswd registry:2 -Bbn {{ item.name }} {{ item.pass }} >> /opt/dkregistry/auth/htpasswd"
+ with_items:
+ - { "name" : "richard", "pass" : "richard" }
+ - { "name" : "testuser", "pass" : "testpassword" }
+
+- name: copy composer file
+ copy:
+ src: docker-compose.yml
+ dest: /opt/dkregistry/docker-compose.yml
+
+- name: run docker up
+ shell: "docker-compose up -d"
+ args:
+ chdir: /opt/dkregistry
diff --git a/roles/dockerhost/defaults/main.yml b/roles/dockerhost/defaults/main.yml
new file mode 100644
index 0000000..52a2a54
--- /dev/null
+++ b/roles/dockerhost/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+# default vars
+
+dockerhost:
+ users:
+ - richard
+ - ansible
diff --git a/roles/dockerhost/files/daemon.json b/roles/dockerhost/files/daemon.json
new file mode 100644
index 0000000..61c8a7b
--- /dev/null
+++ b/roles/dockerhost/files/daemon.json
@@ -0,0 +1,10 @@
+{
+ "insecure-registries": [
+ "dkregistry.xai-corp.net:5000",
+ "192.168.2.41:5000"
+ ],
+ "dns": [
+ "192.168.2.22",
+ "8.8.8.8"
+ ]
+}
diff --git a/roles/dockerhost/tasks/install-xenial.yml b/roles/dockerhost/tasks/install-xenial.yml
new file mode 100644
index 0000000..3e9a588
--- /dev/null
+++ b/roles/dockerhost/tasks/install-xenial.yml
@@ -0,0 +1,59 @@
+---
+ # main tasks to install docker
+
+- name: install packages
+ apt:
+ state: installed
+ package: "{{ item }}"
+ update_cache: yes
+ cache_valid_time: 3600
+ with_items:
+ - "wget"
+ - "apt-transport-https"
+ - "ca-certificates"
+
+#- name: run docker install script
+# command: "wget -qO- https://get.docker.com/ | sh"
+# args:
+# creates: /usr/bin/docker
+
+#- stat:
+# path: /usr/bin/docker
+# register: docker
+#
+#- debug: var=docker
+
+#- name: download install script
+# get_url:
+# url: https://get.docker.com/
+# dest: /tmp/docker_install.sh
+# mode: 500
+# when: docker.stat.exists == false
+#
+#- name: run install script
+# script: /tmp/docker_install.sh
+# args:
+# creates: /usr/bin/docker
+# when: docker.stat.exists == false
+
+- name: create docker group
+ group: state=present name=docker gid=999 system=yes
+
+- name: add users to docker group
+ user: name={{ item }} groups=docker append=yes
+ with_items: "{{ dockerhost.users }}"
+
+
+- name: install via apt
+ apt:
+ update_cache: true
+ package: "{{ item }}"
+ with_items:
+ - docker-engine
+ - docker-compose
+
+
+- name: copy docker config file
+ copy:
+ src: daemon.json
+ dest: /etc/docker/daemon.json
diff --git a/roles/dockerhost/tasks/main.yml b/roles/dockerhost/tasks/main.yml
new file mode 100644
index 0000000..7e09f05
--- /dev/null
+++ b/roles/dockerhost/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+ # main docker tasks
+
+- include: "install-xenial.yml"
+ when: ansible_distribution_release == "xenial"
+ become: true
diff --git a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
index a5b0192..db93966 100644
--- a/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
+++ b/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
@@ -32,3 +32,6 @@ tv IN A 192.168.2.16
xaicorp1 IN A 192.168.2.103
garden IN A 192.168.2.20
+home02 IN A 192.168.2.22
+dkhost01 IN A 192.168.2.41
+dkregistry IN A 192.168.2.41
diff --git a/roles/php-fpm/handlers/main.yml b/roles/php5-fpm-phalcon/handlers/main.yml
similarity index 100%
rename from roles/php-fpm/handlers/main.yml
rename to roles/php5-fpm-phalcon/handlers/main.yml
diff --git a/roles/php-fpm/tasks/main.yml b/roles/php5-fpm-phalcon/tasks/main.yml
similarity index 100%
rename from roles/php-fpm/tasks/main.yml
rename to roles/php5-fpm-phalcon/tasks/main.yml
diff --git a/roles/php7-fpm/defaults/main.yml b/roles/php7-fpm/defaults/main.yml
new file mode 100644
index 0000000..9c39229
--- /dev/null
+++ b/roles/php7-fpm/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+# default vars
+
+php7-fpm:
+ packages:
+ - php-zip
diff --git a/roles/php7-fpm/tasks/devtools.yml b/roles/php7-fpm/tasks/devtools.yml
new file mode 100644
index 0000000..613e8ac
--- /dev/null
+++ b/roles/php7-fpm/tasks/devtools.yml
@@ -0,0 +1,4 @@
+---
+# install php dev tools
+
+
diff --git a/roles/php7-fpm/tasks/main.yml b/roles/php7-fpm/tasks/main.yml
new file mode 100644
index 0000000..0f896b3
--- /dev/null
+++ b/roles/php7-fpm/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+# install php-fpm on ubuntu16.04
+
+
+# install packages
+- name: Install php-fpm basics.
+ apt: pkg={{ item }} state=installed
+ with_items:
+ - libwww-perl
+ - php-fpm
+ - php-zip
+
+
+#- name: Ensure dependencies are installed.
+# apt: pkg={{ item }} state=installed
+# when: php7-fpm.packages
+# with_items: "{{ php7-fpm.packages }}"
diff --git a/roles/td-agent/files/td-leaf.conf b/roles/td-agent/files/td-leaf.conf
new file mode 100644
index 0000000..c992731
--- /dev/null
+++ b/roles/td-agent/files/td-leaf.conf
@@ -0,0 +1,40 @@
+
+ @type stdout
+
+
+ # sources
+
+ @type forward
+ port 24224
+
+
+
+ @type http
+ port 8888
+ bind 0.0.0.0
+ body_size_limit 32m
+ keepalive_timeout 10s
+ # tag is part of the URL, e.g.,
+ # curl -X POST -d 'json={"action":"login","user":2}' http://localhost:8888/tag.here
+
+
+
+ @type debug_agent
+ bind 127.0.0.1
+ port 24230
+
+
+#
+# @type tail
+# path /var/log/httpd-access.log #...or where you placed your Apache access log
+# pos_file /var/log/td-agent/httpd-access.log.pos # This is where you record file position
+# tag nginx.access #fluentd tag!
+# format nginx # Do you have a custom format? You can write your own regex.
+#
+
+
+ @type syslog
+ port 5140
+ bind 0.0.0.0
+ tag system.local
+
diff --git a/web01.xai-corp.net.yml b/web01.xai-corp.net.yml
new file mode 100644
index 0000000..c80c075
--- /dev/null
+++ b/web01.xai-corp.net.yml
@@ -0,0 +1,37 @@
+---
+# playbook for home02
+
+
+- hosts: web01
+ remote_user: ansible
+ gather_facts: yes
+ become: true
+
+ vars:
+ datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
+ datadog_checks:
+ system:
+ init_config: []
+ instances: []
+ disk:
+ init_config:
+ instances:
+ - use_mount: yes
+ excluded_filesystems:
+ - sysfs
+ - cgroup
+ - tracefs
+ - debugfs
+ - proc
+ - securityfs
+ excluded_mountpoint_re: /[media/richard|run/user].*
+
+
+ roles:
+ - Datadog.datadog
+ - td-agent-bit
+ - php7-fpm
+
+ post_tasks:
+# - name: check service is up
+# service: name={{ bind.service }} state=started