From ef8d865b2d729162b840db5450e0cf6279cc879d Mon Sep 17 00:00:00 2001 From: Justus Grunow Date: Mon, 6 May 2024 21:06:42 -0400 Subject: [PATCH] Commit before going wild --- ansible/assets/ddclient.conf.j2 | 374 ++++++++++++++++++ ansible/assets/docker-compose.yml.j2 | 67 ++++ .../inventory/host_vars/basementpi.local/vars | 1 + ansible/setup-vm.yaml | 89 +++++ ansible/setup.yaml | 6 + 5 files changed, 537 insertions(+) create mode 100644 ansible/assets/ddclient.conf.j2 create mode 100644 ansible/setup-vm.yaml diff --git a/ansible/assets/ddclient.conf.j2 b/ansible/assets/ddclient.conf.j2 new file mode 100644 index 0000000..3d9654e --- /dev/null +++ b/ansible/assets/ddclient.conf.j2 @@ -0,0 +1,374 @@ +###################################################################### +## +## Define default global variables with lines like: +## var=value [, var=value]* +## These values will be used for each following host unless overridden +## with a local variable definition. +## +## Define local variables for one or more hosts with: +## var=value [, var=value]* host.and.domain[,host2.and.domain...] +## +## Lines can be continued on the following line by ending the line +## with a \ +## +## +## Warning: not all supported routers or dynamic DNS services +## are mentioned here. +## +###################################################################### +daemon=300 # check every 300 seconds +syslog=yes # log update msgs to syslog +mail=root # mail all msgs to root +mail-failure=root # mail failed update msgs to root +pid=@runstatedir@/ddclient.pid # record PID in file. +ssl=yes # use ssl-support. Works with + # ssl-library +# postscript=script # run script after updating. The + # new IP is added as argument. +# +#use=watchguard-soho, fw=192.168.111.1:80 # via Watchguard's SOHO FW +#use=netopia-r910, fw=192.168.111.1:80 # via Netopia R910 FW +#use=smc-barricade, fw=192.168.123.254:80 # via SMC's Barricade FW +#use=netgear-rt3xx, fw=192.168.0.1:80 # via Netgear's internet FW +#use=linksys, fw=192.168.1.1:80 # via Linksys's internet FW +#use=maxgate-ugate3x00, fw=192.168.0.1:80 # via MaxGate's UGATE-3x00 FW +#use=elsa-lancom-dsl10, fw=10.0.0.254:80 # via ELSA LanCom DSL/10 DSL Router +#use=elsa-lancom-dsl10-ch01, fw=10.0.0.254:80 # via ELSA LanCom DSL/10 DSL Router +#use=elsa-lancom-dsl10-ch02, fw=10.0.0.254:80 # via ELSA LanCom DSL/10 DSL Router +#use=alcatel-stp, fw=10.0.0.138:80 # via Alcatel Speed Touch Pro +#use=xsense-aero, fw=192.168.1.1:80 # via Xsense Aero Router +#use=allnet-1298, fw=192.168.1.1:80 # via AllNet 1298 DSL Router +#use=3com-oc-remote812, fw=192.168.0.254:80 # via 3com OfficeConnect Remote 812 +#use=e-tech, fw=192.168.1.1:80 # via E-tech Router +#use=cayman-3220h, fw=192.168.0.1:1080 # via Cayman 3220-H DSL Router +# +#fw-login=admin, fw-password=XXXXXX # FW login and password +# +## To obtain an IP address from FW status page (using fw-login, fw-password) +#use=fw, fw=192.168.1.254/status.htm, fw-skip='IP Address' # found after IP Address +# +## To obtain an IP address from Web status page (using the proxy if defined) +## by default, checkip.dyndns.org is used if you use the dyndns protocol. +## Using use=web is enough to get it working. +## WARNING: set deamon at least to 600 seconds if you use checkip or you could +## get banned from their service. +#use=web, web=checkip.dyndns.org/, web-skip='IP Address' # found after IP Address +# +#use=ip, ip=127.0.0.1 # via static IP's +#use=if, if=eth0 # via interfaces +#use=web # via web +# +#protocol=dyndns2 # default protocol +#proxy=fasthttp.sympatico.ca:80 # default proxy +#server=members.dyndns.org # default server +#server=members.dyndns.org:8245 # default server (bypassing proxies) + +#login=your-login # default login +#password=test # default password +#mx=mx.for.your.host # default MX +#backupmx=yes|no # host is primary MX? +#wildcard=yes|no # add wildcard CNAME? + +## +## dyndns.org dynamic addresses +## +## (supports variables: wildcard,mx,backupmx) +## +# server=members.dyndns.org, \ +# protocol=dyndns2 \ +# your-dynamic-host.dyndns.org + +## +## dyndns.org static addresses +## +## (supports variables: wildcard,mx,backupmx) +## +# static=yes, \ +# server=members.dyndns.org, \ +# protocol=dyndns2 \ +# your-static-host.dyndns.org + +## +## dyndns.org custom addresses +## +## (supports variables: wildcard,mx,backupmx) +## +# custom=yes, \ +# server=members.dyndns.org, \ +# protocol=dyndns2 \ +# your-domain.top-level,your-other-domain.top-level + +## +## ZoneEdit (zoneedit.com) +## +# server=dynamic.zoneedit.com, \ +# protocol=zoneedit1, \ +# login=your-zoneedit-login, \ +# password=your-zoneedit-password \ +# your.any.domain,your-2nd.any.dom + +## +## EasyDNS (easydns.com) +## +# server=members.easydns.com, \ +# protocol=easydns, \ +# login=your-easydns-login, \ +# password=your-easydns-password \ +# your.any.domain,your-2nd.any.domain + +## +## dslreports.com dynamic-host monitoring +## +# server=members.dslreports.com \ +# protocol=dslreports1, \ +# login=dslreports-login, \ +# password=dslreports-password \ +# dslreports-unique-id + +## +## OrgDNS.org account-configuration +## +# use=web, web=members.orgdns.org/nic/ip +# protocol=dyndns2 +# server=www.orgdns.org \ +# login=yourLoginName \ +# password=yourPassword \ +# yourSubdomain.orgdns.org + +## +## NameCheap (namecheap.com) +## +# protocol=namecheap, \ +# server=dynamicdns.park-your-domain.com, \ +# login=example.com, \ +# password=example.com-password \ +# subdomain.example.com + +## +## NearlyFreeSpeech.NET (nearlyfreespeech.net) +## +# protocol = nfsn, \ +# login=member-login, \ +# password=api-key, \ +# zone=example.com \ +# example.com,subdomain.example.com + +## +## Loopia (loopia.se) +## +# use=web, web=loopia +# protocol=dyndns2 +# server=dns.loopia.se +# script=/XDynDNSServer/XDynDNS.php +# login=my-loopia.se-login +# password=my-loopia.se-password +# my.domain.tld,other.domain.tld + +## +## NoIP (noip.com) +## +# protocol=noip, \ +# ssl=yes, \ +# server=dynupdate.no-ip.com, \ +# login=your-noip-login, \ +# password=your-noip-password, \ +# your-host.domain.com, your-2nd-host.domain.com + +## +## ChangeIP (changeip.com) +## +## single host update +# protocol=changeip, \ +# login=my-my-changeip.com-login, \ +# password=my-changeip.com-password \ +# myhost.changeip.org + +## +## CloudFlare (www.cloudflare.com) +## +#protocol=cloudflare, \ +#zone=domain.tld, \ +#ttl=1, \ +#login=your-login-email, \ # Only needed if you are using your global API key. If you are using an API token, set it to "token" (without double quotes). +#password=APIKey \ # This is either your global API key, or an API token. If you are using an API token, it must have the permissions "Zone - DNS - Edit" and "Zone - Zone - Read". The Zone resources must be "Include - All zones". +#domain.tld,my.domain.tld + +## +## Gandi (gandi.net) +## +## Single host update +# protocol=gandi, \ +# zone=example.com, \ +# password=my-gandi-api-key, \ +# ttl=3h \ +# myhost.example.com + +## +## Google Domains (www.google.com/domains) +## +# protocol=googledomains, +# login=my-auto-generated-username, +# password=my-auto-generated-password +# my.domain.tld, otherhost.domain.tld + +## +## Duckdns (http://www.duckdns.org/) +## +# +# protocol=duckdns, \ +# password=my-auto-generated-password \ +# hostwithoutduckdnsorg + +## +## Freemyip (http://freemyip.com/) +## +# +# protocol=freemyip, +# password=my-token +# myhost + +## +## MyOnlinePortal (http://myonlineportal.net) +## +# # ipv6=yes # optional +# use=web, web=myonlineportal.net/checkip +# # use=if, if=eth0 # alternative to use=web +# # if-skip=Scope:Link # alternative to use=web +# protocol=dyndns2 +# ssl=yes +# login=your-myonlineportal-username +# password=your-myonlineportal-password +# domain.myonlineportal.net + +## +## nsupdate.info IPV4(https://www.nsupdate.info) +## +#use=web, web=http://ipv4.nsupdate.info/myip +#protocol=dyndns2 +#server=ipv4.nsupdate.info +#login=domain.nsupdate.info +#password='123' +#domain.nsupdate.info + +## +## nsupdate.info IPV6 (https://www.nsupdate.info) +## ddclient releases <= 3.8.1 do not support IPv6 +## +#usev6=if, if=eth0 +#protocol=dyndns2 +#server=ipv6.nsupdate.info +#login=domain.nsupdate.info +#password='123' +#domain.nsupdate.info + +## +## Yandex.Mail for Domain (domain.yandex.com) +## +# protocol=yandex, \ +# login=domain.tld, \ +# password=yandex-pdd-token \ +# my.domain.tld,other.domain.tld \ + +## +## DNS Made Easy (https://dnsmadeeasy.com) +## +# protocol=dnsmadeeasy, +# login=your-account-email-address +# password=your-generated-password +# your-numeric-record-id-1,your-numeric-record-id-2,... + +## +## OVH DynHost (https://ovh.com) +## +# protocol=ovh, +# login=example.com-dynhostuser, +# password=your_password +# test.example.com + +## +## Porkbun (https://porkbun.com/) +## +protocol=porkbun +apikey={{ porkbun_api_key }} +secretapikey={{ porkbun_secret_api_key }} +*.home.coxgrunow.ca +#on-root-domain=yes example.com,sub.example.com +#host.example.com,host2.sub.example.com +#on-root-domain=yes example.com,sub.example.com + +## +## ClouDNS (https://www.cloudns.net) +## +# protocol=cloudns, \ +# dynurl=https://ipv4.cloudns.net/api/dynamicURL/?q=Njc1OTE2OjY3Njk0NDM6YTk2, \ +# myhost.example.com + +## +## dinahosting (https://dinahosting.com) +## +# protocol=dinahosting, \ +# login=myusername, \ +# password=mypassword \ +# myhost.mydomain.com + +## +## dnsexit (www.dnsexit.com) +## +#protocol=dnsexit, \ +#login=myusername, \ +#password=mypassword, \ +#subdomain-1.domain.com,subdomain-2.domain.com + +## +## dnsexit2 (API method www.dnsexit.com) +## +#protocol=dnsexit2 +#password=MyAPIKey +#subdomain-1.domain.com,subdomain-2.domain.com + +## +## domeneshop (www.domeneshop.no) +## +# protocol=domeneshop +# login= +# password= +# subdomain-1.domain.com,subdomain-2.domain.com + +## +## Njal.la (http://njal.la/) +## +# protocol=njalla, +# password=mypassword +# quietreply=no|yes +# my-domain.com + +## +## regfish.de (www.regfish.de/) +## +# protocol=regfishde, +# password=mypassword +# my-domain.com + +## +## Enom (www.enom.com) +## +# protocol=enom, +# login=domain.name, +# password=domain-password +# my-domain.com + +## +## DigitalOcean (www.digitalocean.com) +## +#protocol=digitalocean, \ +#zone=example.com, \ +#password=api-token \ +#example.com,sub.example.com + +## +## Infomaniak (www.infomaniak.com) +## +# protocol=infomaniak, +# login=ddns_username, +# password=ddns_password +# example.com diff --git a/ansible/assets/docker-compose.yml.j2 b/ansible/assets/docker-compose.yml.j2 index dcb8c2b..3c0afea 100644 --- a/ansible/assets/docker-compose.yml.j2 +++ b/ansible/assets/docker-compose.yml.j2 @@ -62,6 +62,27 @@ services: - 'yourDomain.lan:192.168.41.55' - '{{ pihole_hostname }} {{ pihole_hostname }}.{{ pihole_domain }}:{{ pi_ip }}' - 'citadel.tedupnorth.com:10.10.10.10' + - 'postgres postgres.injust.us:10.11.1.14' + - 'proxmox proxmox.injust.us:10.11.1.5' + - 'omv omv.injust.us:10.11.1.12' + - 'docker-int docker-int.injust.us:10.11.1.13' + - 'docker-ext docker-ext.injust.us:10.11.1.15' + - 'linkwarden linkwarden.injust.us:10.11.1.15' + - 'linkwarden.coxgrunow.ca:10.11.1.15' + - 'wiki.mycomputer.party:10.11.1.15' + - 'wiki.coxgrunow.ca:10.11.1.15' + - 'paperless.injust.us:10.11.1.13' + - 'wiki.injust.us:10.11.1.13' + - 'testweb.injust.us:10.11.1.13' + - 'stalwart.mycomputer.party:10.11.1.15' + - 'linkace.mycomputer.party:10.11.1.15' + - 'linkding.mycomputer.party:10.11.1.15' + - 'wallabag.mycomputer.party:10.11.1.15' + - 'test.mycomputer.party:10.11.1.15' + - 'matrix matrix.mycomputer.party:10.11.1.16' + - 'wiki wiki.injust.us:10.11.1.13' + + restart: always unbound: @@ -91,6 +112,32 @@ services: network_pihole: ipv4_address: 172.16.3.4 + porkbunddns2: + image: pavlinchen/porkbun-ddns + container_name: porkbun-ddns2 + restart: always + pull_policy: always + environment: + APIKey: {{ porkbun_api_key }} + SecretAPIKey: {{ porkbun_secret_api_key }} + Domain: {{ porkbun_domain2 }} + Schedule: "{{ porkbun_cron_sched }}" + TZ: {{ porkbun_tz }} + networks: + network_pihole: + ipv4_address: 172.16.3.7 + + ddclient: + image: lscr.io/linuxserver/ddclient:latest + container_name: ddclient + environment: + - PUID=1000 + - PGID=1000 + - TZ=Etc/UTC + volumes: + - ./ddclient/:/config + restart: unless-stopped + wireguard: depends_on: - pihole @@ -138,3 +185,23 @@ services: # VIRTUAL_PORT: 2368 # restart: always +# homeassistant: +# container_name: homeassistant +# image: "ghcr.io/home-assistant/home-assistant:stable" +# volumes: +# - ./homeassistant/config:/config +# - /etc/localtime:/etc/localtime:ro +# restart: unless-stopped +# privileged: true +# network_mode: host +# #environment: +# # - VIRTUAL_HOST=homeassistant.coxgrunow.ca +# # - VIRTUAL_PORT=8123 + yacy: + container_name: yacy + image: "docker.io/yacy/yacy_search_server:aarch64-latest" + volumes: + - ./yacy:/opt/yacy_search_server/DATA + ports: + - 8090:8090/tcp + - 8443:8443/tcp diff --git a/ansible/inventory/host_vars/basementpi.local/vars b/ansible/inventory/host_vars/basementpi.local/vars index 5689105..77e3436 100644 --- a/ansible/inventory/host_vars/basementpi.local/vars +++ b/ansible/inventory/host_vars/basementpi.local/vars @@ -14,5 +14,6 @@ pihole_domain: injust.us porkbun_api_key: pk1_6e6d69e80434b0aa61727637f5d7f71713f505a65004567bc8f5e34b8e516d4b porkbun_secret_api_key: "{{ vault_porkbun_secret_api_key }}" porkbun_domain: mycomputer.party justus +porkbun_domain2: coxgrunow.ca * porkbun_cron_sched: "*/5 * * * *" porkbun_tz: Canada/Eastern diff --git a/ansible/setup-vm.yaml b/ansible/setup-vm.yaml new file mode 100644 index 0000000..7ccc12b --- /dev/null +++ b/ansible/setup-vm.yaml @@ -0,0 +1,89 @@ +--- +- name: Setup + hosts: all + remote_user: root + vars: + + tasks: + - name: Disable cloud-init network config + ansible.builtin.command: 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg' + + - name: Delete existing netplan + ansible.builtin.command: rm -f /etc/netplan/* + + - name: Copy netplan + ansible.builtin.template: + src: assets/01-netcfg.yaml.j2 + dest: /etc/netplan + + - name: Copy unbound config + ansible.builtin.template: + src: assets/unbound.conf.j2 + dest: ./unbound/ + tags: vm + + - name: Apply Netplan + ansible.builtin.command: netplan apply + + - name: Docker Prereqs + ansible.builtin.apt: + update_cache: true + name: + - ca-certificates + - curl + - gnupg + - lsb-release + - name: Create keyring directory + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + - name: Create Docker directory + ansible.builtin.file: + path: /root/docker + state: directory + - name: Download Docker GPG keys + ansible.builtin.shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --batch --yes + - name: Add Docker repo + ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + + - name: Disable Ubunut stub DNS resolver + ansible.builtin.shell: sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf + - name: symlink /etc/resolv to /run/systemd/resolve/resolv.conf + ansible.builtin.shell: sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf' + + - name: Restart resolved + ansible.builtin.shell: systemctl restart systemd-resolved + + - name: Install restic + ansible.builtin.apt: + update_cache: true + name: + - restic + + - name: Install Docker + ansible.builtin.apt: + update_cache: true + name: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-compose-plugin + + - name: Copy Docker Compose file + ansible.builtin.template: + src: assets/docker-compose.yml.j2 + dest: /root/docker/docker-compose-wg.yml + tags: wireguard,docker,vm + + - name: Copy ddclient config + ansible.builtin.template: + src: assets/ddclient.conf.j2 + dest: /root/docker/ddclient/ddclient.conf + tags: docker,vm + + + - name: Run Docker + ansible.builtin.shell: docker compose up -d --remove-orphans + args: + chdir: /root/docker + tags: wireguard,docker diff --git a/ansible/setup.yaml b/ansible/setup.yaml index 30276cb..1477dd6 100644 --- a/ansible/setup.yaml +++ b/ansible/setup.yaml @@ -52,6 +52,12 @@ - name: Restart resolved ansible.builtin.shell: systemctl restart systemd-resolved + + - name: Install restic + ansible.builtin.apt: + update_cache: true + name: + - restic - name: Install Docker ansible.builtin.apt: