diff --git a/ansible/borg-server-install.yml b/ansible/borg-server-install.yml new file mode 100644 index 0000000..a084842 --- /dev/null +++ b/ansible/borg-server-install.yml @@ -0,0 +1,71 @@ +- hosts: backup + vars: + user: backup + group: backup + home: /home/backup + pool: "{{ home }}/repos" + auth_users: + - host: node00.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/node00.grinminer.net.pub') }}" + - host: node01.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/node01.grinminer.net.pub') }}" + - host: node02.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/ha-testnet.grinminer.net.pub') }}" + - host: node03.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/ha-testnet.grinminer.net.pub') }}" + - host: core00.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/core00.grinminer.net.pub') }}" + - host: core01.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/core01.grinminer.net.pub') }}" + - host: freenode00.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/freenode00.grinminer.net.pub') }}" + - host: freenode01.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/freenode01.grinminer.net.pub') }}" + - host: freenode02.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/freenode02.grinminer.net.pub') }}" + - host: freenode03.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/freenode03.grinminer.net.pub') }}" + - host: freenode04.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/freenode04.grinminer.net.pub') }}" + - host: freenode05.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/freenode05.grinminer.net.pub') }}" + - host: ha-mainnet.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/ha-testnet.grinminer.net.pub') }}" + - host: ha-testnet.grinminer.net + key: "{{ lookup('file', '/etc/ssh/ha-testnet.grinminer.net.pub') }}" + - host: ha-node.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/ha-node.grinminer.net.pub') }}" + - host: ha-testnode.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/ha-testnode.grinminer.net.pub') }}" + - host: ha-mine.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/ha-mine.grinminer.net.pub') }}" + - host: dns.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/dns.grinminer.net.pub') }}" + - host: dns1.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/dns1.grinminer.net.pub') }}" + - host: www.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/www.grinminer.net.pub') }}" + - host: proxy.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/proxy.grinminer.net.pub') }}" + - host: stats.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/stats.grinminer.net.pub') }}" + - host: zabbix.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/zabbix.grinminer.net.pub') }}" + - host: matrix.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/matrix.grinminer.net.pub') }}" + - host: ansible.grinminer.net + key: "{{ lookup('file', '/etc/ssh/keys/ansible.grinminer.net.pub') }}" + tasks: + - package: name=borg state=present + - group: name="{{ group }}" state=present + - user: name="{{ user }}" shell=/bin/bash home="{{ home }}" createhome=yes group="{{ group }}" groups= state=present + - file: path="{{ home }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory + - file: path="{{ home }}/.ssh" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory + - file: path="{{ pool }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory + - authorized_key: user="{{ user }}" + key="{{ item.key }}" + key_options='command="cd {{ pool }}/{{ item.host }};borg serve --restrict-to-path {{ pool }}/{{ item.host }}",restrict' + with_items: "{{ auth_users }}" + - file: path="{{ home }}/.ssh/authorized_keys" owner="{{ user }}" group="{{ group }}" mode=0600 state=file + - file: path="{{ pool }}/{{ item.host }}" owner="{{ user }}" group="{{ group }}" mode=0700 state=directory + with_items: "{{ auth_users }}" \ No newline at end of file diff --git a/ansible/compilers-rust.yml b/ansible/compilers-rust.yml new file mode 100644 index 0000000..a4dd5b9 --- /dev/null +++ b/ansible/compilers-rust.yml @@ -0,0 +1,31 @@ +- hosts: test + remote_user: root + tasks: + + - name: Create user + ansible.builtin.user: + name: grin + password: + + - name: Install shit to compile Rust programs + ansible.builtin.apt: + pkg: + - libssl-dev + - build-essential + - pkg-config + - git + state: latest + update_cache: yes + + - name: Download rust installer + get_url: + url: https://sh.rustup.rs + dest: /tmp/sh.rustup.rs + mode: '0755' + force: 'yes' + + - name: Install rust/cargo + shell: /tmp/sh.rustup.rs -y + become: yes + become_user: grin + diff --git a/ansible/dns-fix.yml b/ansible/dns-fix.yml new file mode 100644 index 0000000..8921728 --- /dev/null +++ b/ansible/dns-fix.yml @@ -0,0 +1,8 @@ +- hosts: www + remote_user: root + tasks: + + - name: Overwrite /etc/hosts with grinminer.net DNS servers + ansible.builtin.shell: + cmd: echo -e "domain grinminer.net\nsearch grinminer.net\nnameserver 10.0.0.2\nnameserver 10.0.0.3\nnameserver 1.1.1.1" > /etc/hosts + \ No newline at end of file diff --git a/ansible/grin-mwixnet-install.yml b/ansible/grin-mwixnet-install.yml new file mode 100644 index 0000000..6f7e744 --- /dev/null +++ b/ansible/grin-mwixnet-install.yml @@ -0,0 +1,63 @@ +- hosts: test + remote_user: root + tasks: + + - name: Create user grin + ansible.builtin.user: + name: grin + password: + + - name: Download grin + get_url: + url: https://github.com/mimblewimble/grin/releases/download/v5.3.3_rebuild/grin-v5.3.3_rebuild-linux-x86_64.tar.gz + dest: /tmp/grin.tar.gz + mode: '0775' + force: 'yes' + + - name: Extract grin + ansible.builtin.shell: + chdir: /home/grin/ + cmd: tar xf /tmp/grin.tar.gz + + - name: Download grin-wallet + get_url: + url: https://github.com/mimblewimble/grin-wallet/releases/download/v5.4.0-alpha.1/grin-wallet-v5.4.0-alpha.1-linux-x86_64.tar.gz + dest: /tmp/grin-wallet.tar.gz + mode: '0775' + force: 'yes' + + - name: Extract grin-wallet + ansible.builtin.shell: + chdir: /home/grin/ + cmd: tar xf /tmp/grin-wallet.tar.gz + + - name: Download rust installer + get_url: + url: https://sh.rustup.rs + dest: /tmp/sh.rustup.rs + mode: '0755' + force: 'yes' + tags: + - rust + + - name: Install rust/cargo + shell: /tmp/sh.rustup.rs -y + tags: + - rust + + - name: Install mwixnet dependencies + ansible.builtin.apt: + pkg: + - libssl-dev + - build-essential + - pkg-config + - git + state: latest + update_cache: yes + + - name: Download and install mwixnet + ansible.builtin.shell: + cmd: su grin + cmd: git clone https://github.com/mimblewimble/mwixnet + chdir: /home/grin/mwixnet + cmd: cargo build --release diff --git a/ansible/grin-node-install.yml b/ansible/grin-node-install.yml new file mode 100644 index 0000000..81c91f0 --- /dev/null +++ b/ansible/grin-node-install.yml @@ -0,0 +1,33 @@ +- hosts: test + remote_user: root + tasks: + + - name: Create user grin + ansible.builtin.user: + name: grin + group: grin + password: + + - name: Download grin + get_url: + url: https://github.com/mimblewimble/grin/releases/download/v5.3.3_rebuild/grin-v5.3.3_rebuild-linux-x86_64.tar.gz + dest: /tmp/grin.tar.gz + mode: '0775' + force: 'yes' + + - name: Extract grin + ansible.builtin.shell: + chdir: /home/grin/ + cmd: tar xf /tmp/grin.tar.gz + + - name: Download grin-wallet + get_url: + url: https://github.com/mimblewimble/grin-wallet/releases/download/v5.4.0-alpha.1/grin-wallet-v5.4.0-alpha.1-linux-x86_64.tar.gz + dest: /tmp/grin-wallet.tar.gz + mode: '0775' + force: 'yes' + + - name: Extract grin-wallet + ansible.builtin.shell: + chdir: /home/grin/ + cmd: tar xf /tmp/grin-wallet.tar.gz \ No newline at end of file diff --git a/ansible/install-grin-mwixnet-template.yml b/ansible/install-grin-mwixnet-template.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/nfs-proxmox-install.yml b/ansible/nfs-proxmox-install.yml new file mode 100644 index 0000000..ab03929 --- /dev/null +++ b/ansible/nfs-proxmox-install.yml @@ -0,0 +1,38 @@ +--- +- hosts: test + remote_user: root + tasks: + + - name: Install NFS server + ansible.builtin.apt: + pkg: + - nfs-kernel-server + - nfs-common + state: latest + update_cache: yes + + - name: Create NFS mount + ansible.builtin.file: + path: /mnt/{{ inventory_hostname_short }} + state: directory + mode: '0777' + group: root + + - name: Chown NFS mount + ansible.builtin.shell: + cmd: chown root /mnt/{{ inventory_hostname_short }} + + - name: Edit /etc/exports + ansible.builtin.lineinfile: + path: /etc/exports + line: /mnt/{{ inventory_hostname_short }} 10.0.0.0/24(rw,sync,no_subtree_check) + + - name: Exportfs + ansible.builtin.shell: + cmd: exportfs -a + + - name: Enable NFS server + ansible.builtin.service: + name: nfs-kernel-server + enabled: true + state: started \ No newline at end of file diff --git a/ansible/update.yml b/ansible/update.yml new file mode 100644 index 0000000..4450417 --- /dev/null +++ b/ansible/update.yml @@ -0,0 +1,23 @@ +--- +- hosts: all + remote_user: root + tasks: + - name: Update apt repo and cache on all Debian/Ubuntu boxes + apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 + + - name: Upgrade all packages on servers + apt: upgrade=dist force_apt_get=yes + + - name: Check if a reboot is needed on all servers + register: reboot_required_file + stat: path=/var/run/reboot-required + + - name: Reboot the box if kernel updated + reboot: + msg: "Reboot initiated by Ansible for kernel updates" + connect_timeout: 5 + reboot_timeout: 300 + pre_reboot_delay: 0 + post_reboot_delay: 30 + test_command: uptime + when: reboot_required_file.stat.exists diff --git a/ansible/vaultwarden-server-install.yml b/ansible/vaultwarden-server-install.yml new file mode 100644 index 0000000..26f39b9 --- /dev/null +++ b/ansible/vaultwarden-server-install.yml @@ -0,0 +1,38 @@ +- hosts: vaultwarden + remote_user: root + tasks: + + - name: Create user vaultwarden + ansible.builtin.user: + name: vaultwarden + password: $6$rKRPJwebeYGVL1tm$iDBNbMkfGaTJ1odReOEA.lD7jVndeBN2AQNo9AHxCRcx6HFKQg8MQT.P3bmfEbrnhdDBDlB1WRpH/sTyjSgrX/ + + + - name: Download vaultwarden-server + get_url: + url: https://github.com/dionysius/vaultwarden-deb/releases/download/debian%2F1.32.6-0/vaultwarden_1.32.6-0.bookworm_amd64.deb + dest: /tmp/ + mode: '0775' + force: 'yes' + + - name: Download vaultwarden-vault + get_url: + url: https://github.com/dionysius/vaultwarden-web-vault-deb/releases/download/debian%2F2024.6.2-0/vaultwarden-web-vault_2024.6.2-0.bookworm_all.deb + dest: /tmp/ + mode: '0775' + force: 'yes' + + - name: Install dependencies + ansible.builtin.apt: + name: mariadb-server + name: libpq5 + state: latest + + - name: Install web-vault + ansible.builtin.shell: + cmd: dpkg -i /tmp/vaultwarden-web-vault_2024.6.2-0.bookworm_all.deb + + - name: install server + ansible.builtin.shell: + cmd: dpkg -i /tmp/vaultwarden_1.32.6-0.bookworm_amd64.deb + diff --git a/ansible/www-server-replication.yml b/ansible/www-server-replication.yml new file mode 100644 index 0000000..1e04a37 --- /dev/null +++ b/ansible/www-server-replication.yml @@ -0,0 +1,11 @@ +- hosts: www + remote_user: root + tasks: + + - name: Replicate /var/www/html/ to all webservers + ansible.builtin.shell: + cmd: scp /var/www/html/* https://www1.grinminer.net:/var/www/html/ + cmd: scp /var/www/html/* https://www2.grinminer.net:/var/www/html/ + cmd: scp /var/www/html/* https://www3.grinminer.net:/var/www/html/ + cmd: scp /var/www/html/* https://www4.grinminer.net:/var/www/html/ + cmd: scp /var/www/html/* https://www5.grinminer.net:/var/www/html/ \ No newline at end of file diff --git a/ansible/zabbix-agent-install.yml b/ansible/zabbix-agent-install.yml new file mode 100644 index 0000000..18f224a --- /dev/null +++ b/ansible/zabbix-agent-install.yml @@ -0,0 +1,60 @@ +- hosts: all + remote_user: root + tasks: + + - name: Create user zabbix + ansible.builtin.user: + name: zabbix + password: + + - name: Download zabbix repository + get_url: + url: https://repo.zabbix.com/zabbix/7.2/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.2+debian12_all.deb + dest: /tmp/ + mode: '0775' + force: 'yes' + + - name: Unpack and update repository + ansible.builtin.shell: + cmd: dpkg -i /tmp/zabbix-release_latest_7.2+debian12_all.deb + + - name: Install zabbix-agent + ansible.builtin.apt: + name: zabbix-agent + name: ufw + state: latest + update_cache: yes + + - name: Enable zabbix-agent.service + ansible.builtin.shell: + cmd: systemctl enable zabbix-agent + + - name: DNS config overwrite + ansible.builtin.shell: + cmd: echo "domain grinminer.net \nsearch grinminer.net \nnameserver 10.0.0.2 \nnameserver 10.0.0.3 \nnameserver 1.1.1.1" > /etc/resolv.conf + + - name: zabbix-agent config1 + ansible.builtin.replace: + path: /etc/zabbix/zabbix_agentd.conf + backup: true + regexp: 127.0.0.1 + replace: 10.0.0.5 + + - name: zabbix-agent config2 + ansible.builtin.replace: + path: /etc/zabbix/zabbix_agentd.conf + backup: true + regexp: '#Hostname' + replace: 'Hostname' + + - name: zabbix-agent config3 + ansible.builtin.replace: + path: /etc/zabbix/zabbix_agentd.conf + backup: true + regexp: 'Hostname=' + replace: 'Hostname=zabbix.grinminer.net' + + - name: restart zabbix-agent and open fw + ansible.builtin.shell: + cmd: systemctl restart zabbix-agent + cmd: ufw allow 10050 \ No newline at end of file