Browse Source

* conditional logic for nginx www redirect

+ use lxc_host & ssh proxying for resolve connection to inner lxc host in proxmox
+ bash helper for launch playbooks
+ nginx html default template
* create databases moved into own custom variables
+ new using debops roles: yadm (dotfiles), sudo, root_account, system_users

#861m7vaer Шаблон операционной системы на Debian 10
master
dimti 2 years ago
parent
commit
cb1b727da9
  1. 3
      apache-site.yml
  2. 1
      debops/apache.yml
  3. 0
      debops/files/etc/nginx/includes.d/octobercms.conf
  4. 0
      debops/files/etc/nginx/includes.d/staticfiles.conf
  5. 0
      debops/files/etc/nginx/includes.d/www.conf
  6. 19
      debops/keyring.yml
  7. 11
      debops/mariadb-custom-db.yml
  8. 73
      debops/nginx.yml
  9. 20
      debops/root_account.yml
  10. 30
      debops/sudo.yml
  11. 27
      debops/system_users.yml
  12. 76
      debops/templates/var/www/lxc_host/index.html.j2
  13. 427
      debops/templates/var/www/lxc_host/normalize.css
  14. 39
      debops/yadm.yml
  15. 3
      hosts
  16. 12
      nginx-only.yml
  17. 14
      nginx-site.yml
  18. 9
      ping.yml
  19. 8
      roles/locales/tasks/main.yml
  20. 4
      roles/release-changed/tasks/main.yml
  21. 48
      run-playbook.sh
  22. 2
      vars/.gitignore
  23. 7
      vars/databases-example.yml
  24. 1
      vars/nginx-example.yml
  25. 4
      vars/sudo-example.yml
  26. 9
      vars/system_users-example.yml
  27. 8
      yadm.yml

3
apache-site.yml

@ -1,9 +1,12 @@
--- ---
- import_playbook: debops/tzdata.yml
- import_playbook: debops/pki.yml - import_playbook: debops/pki.yml
- import_playbook: debops/mariadb_server.yml - import_playbook: debops/mariadb_server.yml
- import_playbook: debops/mariadb-custom-db.yml - import_playbook: debops/mariadb-custom-db.yml
- import_playbook: debops/php-wp.yml - import_playbook: debops/php-wp.yml
- import_playbook: debops/apache.yml - import_playbook: debops/apache.yml
- import_playbook: debops/users.yml
- import_playbook: debops/sudo.yml
# Import all other group playbooks in this file... # Import all other group playbooks in this file...

1
debops/apache.yml

@ -49,6 +49,7 @@
# name: '{{ apache__default_vhost_name }}' # name: '{{ apache__default_vhost_name }}'
# filename: '000-default' # filename: '000-default'
# root: '/var/www/html' # root: '/var/www/html'
apache__vhost_allow_override: 'All'
pre_tasks: pre_tasks:

0
debops/files/nginx/includes.d/octobercms.conf → debops/files/etc/nginx/includes.d/octobercms.conf

0
debops/files/nginx/includes.d/staticfiles.conf → debops/files/etc/nginx/includes.d/staticfiles.conf

0
debops/files/nginx/includes.d/www.conf → debops/files/etc/nginx/includes.d/www.conf

19
debops/keyring.yml

@ -0,0 +1,19 @@
---
- name: Manage APT and GPG keyrings
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debian10' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
vars:
keyring__enabled: True
roles:
- role: keyring
tags: [ 'role::keyring', 'skip::keyring' ]

11
debops/mariadb-custom-db.yml

@ -10,17 +10,14 @@
| combine(inventory__group_environment | d({})) | combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}' | combine(inventory__host_environment | d({})) }}'
vars: vars:
mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}' mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}'
mariadb__upstream_version: '10.5' mariadb__upstream_version: '10.5'
mariadb__databases:
- name: 'intermetiz'
- name: 'intermetiz-products'
mariadb__users:
- name: 'intermetiz'
host: '%'
database: 'intermetiz%'
vars_files:
- ./../vars/databases.yml
-
roles: roles:
- role: secret - role: secret

73
debops/nginx.yml

@ -10,6 +10,10 @@
| combine(inventory__group_environment | d({})) | combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}' | combine(inventory__host_environment | d({})) }}'
vars_files:
- ./../vars/nginx.yml
vars: vars:
nginx_acme: False nginx_acme: False
nginx_http_extra_options: | nginx_http_extra_options: |
@ -20,18 +24,15 @@
nginx_ocsp: False nginx_ocsp: False
nginx_worker_processes: auto nginx_worker_processes: auto
nginx__servers: nginx__servers:
- name: vam-teplee
- name: '{{ lxc_host }}'
type: php type: php
root: /var/www/vam-teplee
root: '/var/www/{{ lxc_host }}'
public_dir_name: '' public_dir_name: ''
include_files_begin:
- includes.d/www.conf
- includes.d/octobercms.conf
- includes.d/staticfiles.conf
include_files_begin: '{{ nginx_includes_begin }}'
options: set $upstream unix:/run/php7.4-fpm-www-data.sock; options: set $upstream unix:/run/php7.4-fpm-www-data.sock;
@ -55,32 +56,54 @@
php_location_path_info: ~ ^(?<script_name>/index\.php)(?<path_info>/.*)? php_location_path_info: ~ ^(?<script_name>/index\.php)(?<path_info>/.*)?
pre_tasks: pre_tasks:
- name: Set filtered includes
set_fact:
nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}"
when: item != omit
loop:
- "{{ (nginx_www_redirect | default(False)) | ternary('includes.d/www.conf', omit) }}"
- includes.d/octobercms.conf
- includes.d/staticfiles.conf
- name: Copy OctoberCMS nginx conf includes and www redirect - name: Copy OctoberCMS nginx conf includes and www redirect
copy: copy:
src: "{{item}}"
src: etc/nginx/includes.d
dest: /etc/nginx/ dest: /etc/nginx/
mode: 0644 mode: 0644
loop:
- nginx/includes.d
post_tasks:
- name: Default index.html
template:
src: var/www/lxc_host/index.html.j2
dest: '/var/www/{{ lxc_host }}/index.html'
mode: 0644
owner: '{{ lxc_host }}'
- name: Copy normalized.css
template:
src: var/www/lxc_host/normalized.css
dest: '/var/www/{{ lxc_host }}/'
mode: 0644
owner: '{{ lxc_host }}'
roles: roles:
- role: keyring
tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
keyring__dependent_apt_keys:
- '{{ nginx__keyring__dependent_apt_keys }}'
- role: apt_preferences
tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
apt_preferences__dependent_list:
- '{{ nginx__apt_preferences__dependent_list }}'
- role: python
tags: [ 'role::python', 'skip::python' ]
python__dependent_packages3:
- '{{ nginx__python__dependent_packages3 }}'
python__dependent_packages2:
- '{{ nginx__python__dependent_packages2 }}'
# - role: keyring
# tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
# keyring__dependent_apt_keys:
# - '{{ nginx__keyring__dependent_apt_keys }}'
#
# - role: apt_preferences
# tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
# apt_preferences__dependent_list:
# - '{{ nginx__apt_preferences__dependent_list }}'
#
# - role: python
# tags: [ 'role::python', 'skip::python' ]
# python__dependent_packages3:
# - '{{ nginx__python__dependent_packages3 }}'
# python__dependent_packages2:
# - '{{ nginx__python__dependent_packages2 }}'
- role: nginx - role: nginx
tags: [ 'role::nginx', 'skip::nginx' ] tags: [ 'role::nginx', 'skip::nginx' ]

20
debops/root_account.yml

@ -0,0 +1,20 @@
---
- name: Manage root system account
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debian10' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
vars:
root_account__enabled: True
# root_account__dotfiles_enabled: True
# root_account__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git'
roles:
- role: root_account
tags: [ 'role::root_account', 'skip::root_account' ]

30
debops/sudo.yml

@ -0,0 +1,30 @@
---
- name: Configure sudo service
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debian10' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
vars_files:
- ./../vars/sudo.yml
roles:
# - role: python
# tags: [ 'role::python', 'skip::python', 'role::ldap' ]
# python__dependent_packages3:
# - '{{ ldap__python__dependent_packages3 }}'
# python__dependent_packages2:
# - '{{ ldap__python__dependent_packages2 }}'
#
# - role: ldap
# tags: [ 'role::ldap', 'skip::ldap' ]
# ldap__dependent_tasks:
# - '{{ sudo__ldap__dependent_tasks }}'
- role: sudo
tags: [ 'role::sudo', 'skip::sudo' ]

27
debops/system_users.yml

@ -0,0 +1,27 @@
---
- name: Manage local users and groups
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debian10' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
vars:
system_users__self: False
system_users__dotfiles_enabled: True
system_users__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git'
vars_files:
- ./../vars/system_users.yml
roles:
- role: libuser
tags: [ 'role::libuser', 'skip::libuser' ]
- role: system_users
tags: [ 'role::system_users', 'skip::system_users' ]

76
debops/templates/var/www/lxc_host/index.html.j2

@ -0,0 +1,76 @@
{# Copyright (C) 2014-2017 Maciej Delmanowski <drybjed@drybjed.net>
# Copyright (C) 2015-2017 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2014-2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
<!DOCTYPE html>
<html lang="en">
{% set nginx_tpl_domain = item.welcome_domain | d(item.name if (item.name is string) else item.name[0] | d(ansible_domain)) %}
{% if nginx_tpl_domain %}
{% set nginx_tpl_welcome_title = '<a href="' + item.welcome_url_scheme | d("https") + '://' + nginx_tpl_domain + '/">' + nginx_tpl_domain + '</a>' %}
{% else %}
{% set nginx_tpl_welcome_title = '<a href="http://companyname.website/">CompanyName.website</a>' %}
{% endif %}
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="referrer" content="no-referrer">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{{ nginx_tpl_domain | d("CompanyName.website") }}</title>
{% if item.welcome_css | d(True) | bool %}
<link rel="stylesheet" type="text/css" media="screen" href="normalize.css">
<style type="text/css" media="screen">
html {
font-size: 17px;
font-family: "Droid Sans Condensed", sans-serif;
}
@media (max-width: 900px) {
html { font-size: 15px; }
}
@media (max-width: 400px) {
html { font-size: 13px; }
}
#content {
margin: 0 auto;
width: 600px;
padding: 2rem;
text-align: center;
}
@media (max-width: 900px) {
#content {
width: 70%;
padding: 1.5rem;
}
}
h1 {
padding-bottom: 0.05em;
border-bottom: 2px solid #0092DF;
}
a {
text-decoration: none;
color: #0092DF;
}
</style>
{% endif %}
</head>
<body>
<div id="content">
<h2>{{ nginx_tpl_welcome_title }}</h2>
{% if nginx_tpl_domain %}
<p id="http-status"><strong>{{ item.welcome_status_choices | d([ '200 OK', "418 I'm a teapot" ]) | random }}</strong></p>
{% elif not nginx_tpl_domain %}
<p>If you're reading this, the web server was installed correctly.</p>
{% endif %}
</div>
</body>
</html>

427
debops/templates/var/www/lxc_host/normalize.css

@ -0,0 +1,427 @@
/*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */
/* Copyright (C) 2015 Nicolas Gallagher <nicolasgallagher@gmail.com> */
/* Copyright (C) 2015 Jonathan Neal <jonathantneal@hotmail.com> */
/* SPDX-License-Identifier: MIT */
/**
* 1. Set default font family to sans-serif.
* 2. Prevent iOS and IE text size adjust after device orientation change,
* without disabling user zoom.
*/
html {
font-family: sans-serif; /* 1 */
-ms-text-size-adjust: 100%; /* 2 */
-webkit-text-size-adjust: 100%; /* 2 */
}
/**
* Remove default margin.
*/
body {
margin: 0;
}
/* HTML5 display definitions
========================================================================== */
/**
* Correct `block` display not defined for any HTML5 element in IE 8/9.
* Correct `block` display not defined for `details` or `summary` in IE 10/11
* and Firefox.
* Correct `block` display not defined for `main` in IE 11.
*/
article,
aside,
details,
figcaption,
figure,
footer,
header,
hgroup,
main,
menu,
nav,
section,
summary {
display: block;
}
/**
* 1. Correct `inline-block` display not defined in IE 8/9.
* 2. Normalize vertical alignment of `progress` in Chrome, Firefox, and Opera.
*/
audio,
canvas,
progress,
video {
display: inline-block; /* 1 */
vertical-align: baseline; /* 2 */
}
/**
* Prevent modern browsers from displaying `audio` without controls.
* Remove excess height in iOS 5 devices.
*/
audio:not([controls]) {
display: none;
height: 0;
}
/**
* Address `[hidden]` styling not present in IE 8/9/10.
* Hide the `template` element in IE 8/9/10/11, Safari, and Firefox < 22.
*/
[hidden],
template {
display: none;
}
/* Links
========================================================================== */
/**
* Remove the gray background color from active links in IE 10.
*/
a {
background-color: transparent;
}
/**
* Improve readability of focused elements when they are also in an
* active/hover state.
*/
a:active,
a:hover {
outline: 0;
}
/* Text-level semantics
========================================================================== */
/**
* Address styling not present in IE 8/9/10/11, Safari, and Chrome.
*/
abbr[title] {
border-bottom: 1px dotted;
}
/**
* Address style set to `bolder` in Firefox 4+, Safari, and Chrome.
*/
b,
strong {
font-weight: bold;
}
/**
* Address styling not present in Safari and Chrome.
*/
dfn {
font-style: italic;
}
/**
* Address variable `h1` font-size and margin within `section` and `article`
* contexts in Firefox 4+, Safari, and Chrome.
*/
h1 {
font-size: 2em;
margin: 0.67em 0;
}
/**
* Address styling not present in IE 8/9.
*/
mark {
background: #ff0;
color: #000;
}
/**
* Address inconsistent and variable font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent `sub` and `sup` affecting `line-height` in all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sup {
top: -0.5em;
}
sub {
bottom: -0.25em;
}
/* Embedded content
========================================================================== */
/**
* Remove border when inside `a` element in IE 8/9/10.
*/
img {
border: 0;
}
/**
* Correct overflow not hidden in IE 9/10/11.
*/
svg:not(:root) {
overflow: hidden;
}
/* Grouping content
========================================================================== */
/**
* Address margin not present in IE 8/9 and Safari.
*/
figure {
margin: 1em 40px;
}
/**
* Address differences between Firefox and other browsers.
*/
hr {
box-sizing: content-box;
height: 0;
}
/**
* Contain overflow in all browsers.
*/
pre {
overflow: auto;
}
/**
* Address odd `em`-unit font size rendering in all browsers.
*/
code,
kbd,
pre,
samp {
font-family: monospace, monospace;
font-size: 1em;
}
/* Forms
========================================================================== */
/**
* Known limitation: by default, Chrome and Safari on OS X allow very limited
* styling of `select`, unless a `border` property is set.
*/
/**
* 1. Correct color not being inherited.
* Known issue: affects color of disabled elements.
* 2. Correct font properties not being inherited.
* 3. Address margins set differently in Firefox 4+, Safari, and Chrome.
*/
button,
input,
optgroup,
select,
textarea {
color: inherit; /* 1 */
font: inherit; /* 2 */
margin: 0; /* 3 */
}
/**
* Address `overflow` set to `hidden` in IE 8/9/10/11.
*/
button {
overflow: visible;
}
/**
* Address inconsistent `text-transform` inheritance for `button` and `select`.
* All other form control elements do not inherit `text-transform` values.
* Correct `button` style inheritance in Firefox, IE 8/9/10/11, and Opera.
* Correct `select` style inheritance in Firefox.
*/
button,
select {
text-transform: none;
}
/**
* 1. Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio`
* and `video` controls.
* 2. Correct inability to style clickable `input` types in iOS.
* 3. Improve usability and consistency of cursor style between image-type
* `input` and others.
*/
button,
html input[type="button"], /* 1 */
input[type="reset"],
input[type="submit"] {
-webkit-appearance: button; /* 2 */
cursor: pointer; /* 3 */
}
/**
* Re-set default cursor for disabled elements.
*/
button[disabled],
html input[disabled] {
cursor: default;
}
/**
* Remove inner padding and border in Firefox 4+.
*/
button::-moz-focus-inner,
input::-moz-focus-inner {
border: 0;
padding: 0;
}
/**
* Address Firefox 4+ setting `line-height` on `input` using `!important` in
* the UA stylesheet.
*/
input {
line-height: normal;
}
/**
* It's recommended that you don't attempt to style these elements.
* Firefox's implementation doesn't respect box-sizing, padding, or width.
*
* 1. Address box sizing set to `content-box` in IE 8/9/10.
* 2. Remove excess padding in IE 8/9/10.
*/
input[type="checkbox"],
input[type="radio"] {
box-sizing: border-box; /* 1 */
padding: 0; /* 2 */
}
/**
* Fix the cursor style for Chrome's increment/decrement buttons. For certain
* `font-size` values of the `input`, it causes the cursor style of the
* decrement button to change from `default` to `text`.
*/
input[type="number"]::-webkit-inner-spin-button,
input[type="number"]::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Address `appearance` set to `searchfield` in Safari and Chrome.
* 2. Address `box-sizing` set to `border-box` in Safari and Chrome.
*/
input[type="search"] {
-webkit-appearance: textfield; /* 1 */
box-sizing: content-box; /* 2 */
}
/**
* Remove inner padding and search cancel button in Safari and Chrome on OS X.
* Safari (but not Chrome) clips the cancel button when the search input has
* padding (and `textfield` appearance).
*/
input[type="search"]::-webkit-search-cancel-button,
input[type="search"]::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* Define consistent border, margin, and padding.
*/
fieldset {
border: 1px solid #c0c0c0;
margin: 0 2px;
padding: 0.35em 0.625em 0.75em;
}
/**
* 1. Correct `color` not being inherited in IE 8/9/10/11.
* 2. Remove padding so people aren't caught out if they zero out fieldsets.
*/
legend {
border: 0; /* 1 */
padding: 0; /* 2 */
}
/**
* Remove default vertical scrollbar in IE 8/9/10/11.
*/
textarea {
overflow: auto;
}
/**
* Don't inherit the `font-weight` (applied by a rule above).
* NOTE: the default cannot safely be changed in Chrome and Safari on OS X.
*/
optgroup {
font-weight: bold;
}
/* Tables
========================================================================== */
/**
* Remove most spacing between table cells.
*/
table {
border-collapse: collapse;
border-spacing: 0;
}
td,
th {
padding: 0;
}

39
debops/yadm.yml

@ -0,0 +1,39 @@
---
- name: Configure yadm, Yet Another Dotfiles Manager
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debian10' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
vars:
yadm__enabled: True
yadm__dotfiles_enabled: True
yadm__upstream_enabled: True
yadm__upstream_version: '2.5.0'
# That be used in yadm.fact.j2 - python script for resolving ansible.local.yadm.dotfile git repo
yadm__dotfiles_host: vcs.wpstudio.ru
yadm__dotfiles_owner: gitea
yadm__default_dotfiles:
- name: 'gitea'
git: 'https://vcs.wpstudio.ru/gitea/dotfiles.git'
roles:
- role: keyring
tags: [ 'role::keyring', 'skip::keyring', 'role::yadm' ]
keyring__dependent_gpg_keys:
- '{{ yadm__keyring__dependent_gpg_keys }}'
- role: apt_preferences
tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
apt_preferences__dependent_list:
- '{{ yadm__apt_preferences__dependent_list }}'
- role: yadm
tags: [ 'role::yadm', 'skip::yadm' ]

3
hosts

@ -10,7 +10,8 @@
# - A hostname/ip can be a member of multiple groups # - A hostname/ip can be a member of multiple groups
[lxc_templates] [lxc_templates]
debian10 ansible_host=debian10.dedic106-dhcp.dimti.ru ansible_user=root
#debian10 ansible_host=debian10.dedic106-dhcp.dimti.ru ansible_user=root
debian10 ansible_host='{{ lxc_host }}'
[anygroup] [anygroup]
server1 ansible_host=192.168.0.1 server1 ansible_host=192.168.0.1

12
nginx-only.yml

@ -0,0 +1,12 @@
---
- hosts: debian10
roles:
- release-changed
- locales
#- import_playbook: debops/tzdata.yml
#- import_playbook: debops/pki.yml
- import_playbook: debops/yadm.yml
- import_playbook: debops/root_account.yml
#- import_playbook: debops/sudo.yml
#- import_playbook: debops/system_users.yml
#- import_playbook: debops/nginx.yml

14
nginx-site.yml

@ -1,11 +1,13 @@
--- ---
- import_playbook: debops/tzdata.yml - import_playbook: debops/tzdata.yml
#- import_playbook: debops/pki.yml
#- import_playbook: debops/mariadb.yml
#- import_playbook: debops/php-prod.yml
#- import_playbook: debops/nginx.yml
#- import_playbook: debops/nodejs.yml
#- import_playbook: debops/redis.yml
- import_playbook: debops/pki.yml
- import_playbook: debops/mariadb.yml
- import_playbook: debops/php-prod.yml
- import_playbook: debops/nginx.yml
- import_playbook: debops/nodejs.yml
- import_playbook: debops/redis.yml
- import_playbook: debops/users.yml
- import_playbook: debops/sudo.yml
# Import all other group playbooks in this file... # Import all other group playbooks in this file...

9
ping.yml

@ -0,0 +1,9 @@
---
- hosts: debian10
tasks:
- name: whoami test
shell: whoami
# Associate further roles to servers in specific group in this file...
...

8
roles/locales/tasks/main.yml

@ -0,0 +1,8 @@
---
- name: Setup EN & RU UTF-8 locales
shell: |
apt install -y locales && \
sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
sed -i 's/# ru_RU.UTF-8 UTF-8/ru_RU.UTF-8 UTF-8/' /etc/locale.gen && \
locale-gen

4
roles/release-changed/tasks/main.yml

@ -0,0 +1,4 @@
---
- name: Allow release info changed
shell: apt --allow-releaseinfo-change update

48
run-playbook.sh

@ -0,0 +1,48 @@
#!/bin/bash
SERVER=$1
LXC_HOST=$2
PLAYBOOK=$3
usage() {
echo "Usage: run-playbook.sh server lxc_host playbook"
echo "server - main proxmox server IP address and lxc_host that the name of lxc container"
echo "lxc_host - name of lxc container"
echo "playbook - playbook file"
}
if [[ -z "$SERVER" ]]; then
echo "You must defined SERVER as first argument"
usage
exit 1
fi
if [[ -z "$LXC_HOST" ]]; then
echo "You must defined LXC_HOST as second argument"
usage
exit 1
fi
if [[ -z "$PLAYBOOK" ]]; then
echo "You must defined PLAYBOOK as third argument"
usage
exit 1
fi
if [[ ! -f "$PLAYBOOK" ]]; then
echo "Playbook file is not exists: $PLAYBOOK"
usage
exit 1
fi
COMMAND=$(cat <<EOF
ansible-playbook -e "lxc_host=$LXC_HOST" --ssh-common-args="-o ProxyCommand='ssh -W %h:%p root@$SERVER'" $PLAYBOOK
EOF
)
printf 'Launch ansible playbook:\n%s\n' "$COMMAND"
read -p "Are you sure? " -n 1 -r
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
/bin/bash -c "$COMMAND"
fi

2
vars/.gitignore

@ -0,0 +1,2 @@
*
!*-example.yml

7
vars/databases-example.yml

@ -0,0 +1,7 @@
mariadb__databases:
- name: '{{ lxc_host }}'
mariadb__users:
- name: '{{ lxc_host }}'
host: '%'
database: '{{ lxc_host }}%'

1
vars/nginx-example.yml

@ -0,0 +1 @@
nginx_www_redirect: False

4
vars/sudo-example.yml

@ -0,0 +1,4 @@
sudo__sudoers:
- name: '{{ lxc_host }}-nopasswd'
raw: |
{{ lxc_host }} ALL=(ALL) NOPASSWD: ALL

9
vars/system_users-example.yml

@ -0,0 +1,9 @@
system_users__groups:
- name: '{{ lxc_host }}'
user: False
system_users__accounts:
- name: '{{ lxc_host }}'
group: '{{ lxc_host }}'
admin: True
shell: '/bin/bash'

8
yadm.yml

@ -0,0 +1,8 @@
---
- import_playbook: debops/yadm.yml
- import_playbook: debops/users.yml
- import_playbook: debops/sudo.yml
# Import all other group playbooks in this file...
...
Loading…
Cancel
Save