added playbooks

2025-10-06 22:02:48 +00:00 · 2024-12-28 15:31:42 -08:00
parent 64c5fa955d
commit 211e15ea7b
11 changed files with 376 additions and 0 deletions
--- a/ansible/borg-server-install.yml
+++ b/ansible/borg-server-install.yml
@@ -0,0 +1,71 @@
+- hosts: backup
+  vars:
+    user: backup
+    group: backup
+    home: /home/backup
+    pool: "{{ home }}/repos"
+    auth_users:
+      - host: node00.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/node00.grinminer.net.pub') }}"
+      - host: node01.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/node01.grinminer.net.pub') }}"
+      - host: node02.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/ha-testnet.grinminer.net.pub') }}"
+      - host: node03.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/ha-testnet.grinminer.net.pub') }}"
+      - host: core00.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/core00.grinminer.net.pub') }}"
+      - host: core01.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/core01.grinminer.net.pub') }}"
+      - host: freenode00.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/freenode00.grinminer.net.pub') }}"
+      - host: freenode01.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/freenode01.grinminer.net.pub') }}"
+      - host: freenode02.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/freenode02.grinminer.net.pub') }}"
+      - host: freenode03.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/freenode03.grinminer.net.pub') }}"
+      - host: freenode04.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/freenode04.grinminer.net.pub') }}"
+      - host: freenode05.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/freenode05.grinminer.net.pub') }}"  
+      - host: ha-mainnet.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/ha-testnet.grinminer.net.pub') }}"  
+      - host: ha-testnet.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/ha-testnet.grinminer.net.pub') }}"
+      - host: ha-node.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/ha-node.grinminer.net.pub') }}"
+      - host: ha-testnode.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/ha-testnode.grinminer.net.pub') }}"
+      - host: ha-mine.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/ha-mine.grinminer.net.pub') }}"
+      - host: dns.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/dns.grinminer.net.pub') }}"
+      - host: dns1.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/dns1.grinminer.net.pub') }}"
+      - host: www.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/www.grinminer.net.pub') }}"
+      - host: proxy.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/proxy.grinminer.net.pub') }}"
+      - host: stats.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/stats.grinminer.net.pub') }}"
+      - host: zabbix.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/zabbix.grinminer.net.pub') }}"
+      - host: matrix.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/matrix.grinminer.net.pub') }}"
+      - host: ansible.grinminer.net
+        key: "{{ lookup('file', '/etc/ssh/keys/ansible.grinminer.net.pub') }}"
+  tasks:
+  - package: name=borg state=present
+  - group: name="{{ group }}" state=present
+  - user: name="{{ user }}" shell=/bin/bash home="{{ home }}" createhome=yes group="{{ group }}" groups= state=present
+  - file: path="{{ home }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory
+  - file: path="{{ home }}/.ssh" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory
+  - file: path="{{ pool }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory
+  - authorized_key: user="{{ user }}"
+                    key="{{ item.key }}"
+                    key_options='command="cd {{ pool }}/{{ item.host }};borg serve --restrict-to-path {{ pool }}/{{ item.host }}",restrict'
+    with_items: "{{ auth_users }}"
+  - file: path="{{ home }}/.ssh/authorized_keys" owner="{{ user }}" group="{{ group }}" mode=0600 state=file
+  - file: path="{{ pool }}/{{ item.host }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory
+    with_items: "{{ auth_users }}"
--- a/ansible/compilers-rust.yml
+++ b/ansible/compilers-rust.yml
@@ -0,0 +1,31 @@
+- hosts: test
+  remote_user: root
+  tasks:
+
+  - name: Create user 
+    ansible.builtin.user:
+      name: grin
+      password: <SHA-512 HASH>
+
+  - name: Install shit to compile Rust programs
+    ansible.builtin.apt:
+      pkg:
+      - libssl-dev
+      - build-essential
+      - pkg-config
+      - git
+      state: latest
+      update_cache: yes
+
+  - name: Download rust installer
+    get_url:
+      url: https://sh.rustup.rs
+      dest: /tmp/sh.rustup.rs
+      mode: '0755'
+      force: 'yes'
+
+  - name: Install rust/cargo
+    shell: /tmp/sh.rustup.rs -y 
+    become: yes
+    become_user: grin
+
--- a/ansible/dns-fix.yml
+++ b/ansible/dns-fix.yml
@@ -0,0 +1,8 @@
+- hosts: www
+  remote_user: root
+  tasks:
+
+  - name: Overwrite /etc/hosts with grinminer.net DNS servers
+    ansible.builtin.shell:
+      cmd: echo -e "domain grinminer.net\nsearch grinminer.net\nnameserver 10.0.0.2\nnameserver 10.0.0.3\nnameserver 1.1.1.1" > /etc/hosts
+      
--- a/ansible/grin-mwixnet-install.yml
+++ b/ansible/grin-mwixnet-install.yml
@@ -0,0 +1,63 @@
+- hosts: test
+  remote_user: root
+  tasks:
+
+  - name: Create user grin
+    ansible.builtin.user:
+      name: grin
+      password: <SHA-512 HASH>
+
+  - name: Download grin
+    get_url:
+      url: https://github.com/mimblewimble/grin/releases/download/v5.3.3_rebuild/grin-v5.3.3_rebuild-linux-x86_64.tar.gz
+      dest: /tmp/grin.tar.gz
+      mode: '0775'
+      force: 'yes'
+
+  - name: Extract grin
+    ansible.builtin.shell:
+      chdir: /home/grin/
+      cmd: tar xf /tmp/grin.tar.gz
+
+  - name: Download grin-wallet
+    get_url:
+      url: https://github.com/mimblewimble/grin-wallet/releases/download/v5.4.0-alpha.1/grin-wallet-v5.4.0-alpha.1-linux-x86_64.tar.gz
+      dest: /tmp/grin-wallet.tar.gz
+      mode: '0775'
+      force: 'yes'
+
+  - name: Extract grin-wallet
+    ansible.builtin.shell:
+      chdir: /home/grin/
+      cmd: tar xf /tmp/grin-wallet.tar.gz
+
+  - name: Download rust installer
+    get_url:
+      url: https://sh.rustup.rs
+      dest: /tmp/sh.rustup.rs
+      mode: '0755'
+      force: 'yes'
+    tags:
+      - rust
+
+  - name: Install rust/cargo
+    shell: /tmp/sh.rustup.rs -y
+    tags:
+      - rust
+
+  - name: Install mwixnet dependencies
+    ansible.builtin.apt:
+      pkg:
+      - libssl-dev
+      - build-essential
+      - pkg-config
+      - git
+      state: latest
+      update_cache: yes
+
+  - name: Download and install mwixnet
+    ansible.builtin.shell:
+      cmd: su grin
+      cmd: git clone https://github.com/mimblewimble/mwixnet
+      chdir: /home/grin/mwixnet
+      cmd: cargo build --release
--- a/ansible/grin-node-install.yml
+++ b/ansible/grin-node-install.yml
@@ -0,0 +1,33 @@
+- hosts: test
+  remote_user: root
+  tasks:
+
+  - name: Create user grin
+    ansible.builtin.user:
+      name: grin
+      group: grin
+      password: <SHA-512 HASH>
+
+  - name: Download grin
+    get_url:
+      url: https://github.com/mimblewimble/grin/releases/download/v5.3.3_rebuild/grin-v5.3.3_rebuild-linux-x86_64.tar.gz
+      dest: /tmp/grin.tar.gz
+      mode: '0775'
+      force: 'yes'
+
+  - name: Extract grin
+    ansible.builtin.shell:
+      chdir: /home/grin/
+      cmd: tar xf /tmp/grin.tar.gz
+
+  - name: Download grin-wallet
+    get_url:
+      url: https://github.com/mimblewimble/grin-wallet/releases/download/v5.4.0-alpha.1/grin-wallet-v5.4.0-alpha.1-linux-x86_64.tar.gz
+      dest: /tmp/grin-wallet.tar.gz
+      mode: '0775'
+      force: 'yes'
+
+  - name: Extract grin-wallet
+    ansible.builtin.shell:
+      chdir: /home/grin/
+      cmd: tar xf /tmp/grin-wallet.tar.gz
--- a/ansible/install-grin-mwixnet-template.yml
+++ b/ansible/install-grin-mwixnet-template.yml
--- a/ansible/nfs-proxmox-install.yml
+++ b/ansible/nfs-proxmox-install.yml
@@ -0,0 +1,38 @@
+---
+- hosts: test
+  remote_user: root
+  tasks:
+
+  - name: Install NFS server
+    ansible.builtin.apt:
+      pkg:
+      - nfs-kernel-server
+      - nfs-common
+      state: latest
+      update_cache: yes
+
+  - name: Create NFS mount
+    ansible.builtin.file:
+      path: /mnt/{{ inventory_hostname_short }}
+      state: directory
+      mode: '0777'
+      group: root
+
+  - name: Chown NFS mount
+    ansible.builtin.shell:
+      cmd: chown root /mnt/{{ inventory_hostname_short }}    
+
+  - name: Edit /etc/exports
+    ansible.builtin.lineinfile:
+      path: /etc/exports
+      line: /mnt/{{ inventory_hostname_short }} 10.0.0.0/24(rw,sync,no_subtree_check)
+          
+  - name: Exportfs
+    ansible.builtin.shell:
+      cmd: exportfs -a
+
+  - name: Enable NFS server
+    ansible.builtin.service:
+      name: nfs-kernel-server
+      enabled: true
+      state: started
--- a/ansible/update.yml
+++ b/ansible/update.yml
@@ -0,0 +1,23 @@
+---
+- hosts: all
+  remote_user: root
+  tasks:
+    - name: Update apt repo and cache on all Debian/Ubuntu boxes
+      apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+
+    - name: Upgrade all packages on servers
+      apt: upgrade=dist force_apt_get=yes
+
+    - name: Check if a reboot is needed on all servers
+      register: reboot_required_file
+      stat: path=/var/run/reboot-required
+
+    - name: Reboot the box if kernel updated
+      reboot:
+        msg: "Reboot initiated by Ansible for kernel updates"
+        connect_timeout: 5
+        reboot_timeout: 300
+        pre_reboot_delay: 0
+        post_reboot_delay: 30
+        test_command: uptime
+      when: reboot_required_file.stat.exists
--- a/ansible/vaultwarden-server-install.yml
+++ b/ansible/vaultwarden-server-install.yml
@@ -0,0 +1,38 @@
+- hosts: vaultwarden
+  remote_user: root
+  tasks:
+
+  - name: Create user vaultwarden
+    ansible.builtin.user:
+      name: vaultwarden
+      password: $6$rKRPJwebeYGVL1tm$iDBNbMkfGaTJ1odReOEA.lD7jVndeBN2AQNo9AHxCRcx6HFKQg8MQT.P3bmfEbrnhdDBDlB1WRpH/sTyjSgrX/
+
+
+  - name: Download vaultwarden-server
+    get_url:
+      url: https://github.com/dionysius/vaultwarden-deb/releases/download/debian%2F1.32.6-0/vaultwarden_1.32.6-0.bookworm_amd64.deb
+      dest: /tmp/
+      mode: '0775'
+      force: 'yes'
+
+  - name: Download vaultwarden-vault
+    get_url:
+      url: https://github.com/dionysius/vaultwarden-web-vault-deb/releases/download/debian%2F2024.6.2-0/vaultwarden-web-vault_2024.6.2-0.bookworm_all.deb
+      dest: /tmp/
+      mode: '0775'
+      force: 'yes'
+
+  - name: Install dependencies
+    ansible.builtin.apt:
+      name: mariadb-server
+      name: libpq5
+      state: latest
+
+  - name: Install web-vault
+    ansible.builtin.shell:
+      cmd: dpkg -i /tmp/vaultwarden-web-vault_2024.6.2-0.bookworm_all.deb
+
+  - name: install server
+    ansible.builtin.shell:
+      cmd: dpkg -i /tmp/vaultwarden_1.32.6-0.bookworm_amd64.deb
+
--- a/ansible/www-server-replication.yml
+++ b/ansible/www-server-replication.yml
@@ -0,0 +1,11 @@
+- hosts: www
+  remote_user: root
+  tasks:
+
+  - name: Replicate /var/www/html/ to all webservers
+    ansible.builtin.shell:
+      cmd: scp /var/www/html/* https://www1.grinminer.net:/var/www/html/
+      cmd: scp /var/www/html/* https://www2.grinminer.net:/var/www/html/
+      cmd: scp /var/www/html/* https://www3.grinminer.net:/var/www/html/
+      cmd: scp /var/www/html/* https://www4.grinminer.net:/var/www/html/
+      cmd: scp /var/www/html/* https://www5.grinminer.net:/var/www/html/
--- a/ansible/zabbix-agent-install.yml
+++ b/ansible/zabbix-agent-install.yml
@@ -0,0 +1,60 @@
+- hosts: all
+  remote_user: root
+  tasks:
+
+  - name: Create user zabbix
+    ansible.builtin.user:
+      name: zabbix
+      password: <SHA-512 HASH>
+
+  - name: Download zabbix repository
+    get_url:
+      url: https://repo.zabbix.com/zabbix/7.2/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.2+debian12_all.deb
+      dest: /tmp/
+      mode: '0775'
+      force: 'yes'
+
+  - name: Unpack and update repository
+    ansible.builtin.shell:
+      cmd: dpkg -i /tmp/zabbix-release_latest_7.2+debian12_all.deb
+
+  - name: Install zabbix-agent
+    ansible.builtin.apt:
+      name: zabbix-agent
+      name: ufw
+      state: latest
+      update_cache: yes
+
+  - name: Enable zabbix-agent.service
+    ansible.builtin.shell:
+      cmd: systemctl enable zabbix-agent
+
+  - name: DNS config overwrite
+    ansible.builtin.shell:
+      cmd: echo "domain grinminer.net \nsearch grinminer.net \nnameserver 10.0.0.2 \nnameserver 10.0.0.3 \nnameserver 1.1.1.1" > /etc/resolv.conf
+
+  - name: zabbix-agent config1
+    ansible.builtin.replace:
+      path: /etc/zabbix/zabbix_agentd.conf
+      backup: true
+      regexp: 127.0.0.1
+      replace: 10.0.0.5
+
+  - name: zabbix-agent config2
+    ansible.builtin.replace:
+      path: /etc/zabbix/zabbix_agentd.conf
+      backup: true
+      regexp: '#Hostname'
+      replace: 'Hostname'
+
+  - name: zabbix-agent config3
+    ansible.builtin.replace:
+      path: /etc/zabbix/zabbix_agentd.conf
+      backup: true
+      regexp: 'Hostname='
+      replace: 'Hostname=zabbix.grinminer.net'     
+
+  - name: restart zabbix-agent and open fw
+    ansible.builtin.shell:  
+      cmd: systemctl restart zabbix-agent
+      cmd: ufw allow 10050