Justus Grunow
f4e8aefb63
All checks were successful
Ansible Deploy / Homelab-Deploy (ansible/buildHomelab.yaml) (push) Successful in 2m0s
underscores
129 lines
3.1 KiB
YAML
129 lines
3.1 KiB
YAML
---
|
|
- name: Setup pi
|
|
hosts: basementpi
|
|
remote_user: root
|
|
vars:
|
|
|
|
tasks:
|
|
- name: Disable cloud-init network config
|
|
ansible.builtin.command: 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'
|
|
|
|
- name: Delete existing netplan
|
|
ansible.builtin.command: rm -f /etc/netplan/*
|
|
|
|
- name: Copy netplan
|
|
ansible.builtin.template:
|
|
src: assets/{{ inventory_hostname }}/01-netcfg.yaml.j2
|
|
dest: /etc/netplan
|
|
backup: true
|
|
|
|
- name: Copy unbound config
|
|
ansible.builtin.template:
|
|
src: assets/{{ inventory_hostname }}/unbound.conf.j2
|
|
dest: ./unbound/
|
|
backup: true
|
|
|
|
- name: Apply Netplan
|
|
ansible.builtin.command: netplan apply
|
|
|
|
|
|
- name: Disable Ubunut stub DNS resolver
|
|
ansible.builtin.shell: sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
|
|
- name: symlink /etc/resolv to /run/systemd/resolve/resolv.conf
|
|
ansible.builtin.shell: sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'
|
|
|
|
- name: Restart resolved
|
|
ansible.builtin.shell: systemctl restart systemd-resolved
|
|
|
|
- name: Install restic
|
|
ignore_errors: true
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
name:
|
|
- restic
|
|
|
|
|
|
- name: Copy ddclient config
|
|
ansible.builtin.template:
|
|
src: assets/{{ inventory_hostname }}/ddclient.conf.j2
|
|
dest: /root/docker/ddclient/ddclient.conf
|
|
backup: true
|
|
|
|
- name: Setup bastion
|
|
hosts: bastion
|
|
vars:
|
|
tags:
|
|
- bastion
|
|
roles:
|
|
- bastion
|
|
|
|
- name: Immich env
|
|
hosts:
|
|
- docker-int
|
|
tags:
|
|
- docker
|
|
- docker_hosts
|
|
tasks:
|
|
- name: "Immich env"
|
|
ansible.builtin.template:
|
|
src: assets/{{ inventory_hostname }}/.env-immich.j2
|
|
dest: /root/docker/.env-immich
|
|
backup: true
|
|
|
|
- name: Configure Docker hosts
|
|
hosts:
|
|
- docker
|
|
vars:
|
|
tags:
|
|
- docker
|
|
- docker_hosts
|
|
tasks:
|
|
- name: Copy Docker Compose file
|
|
ansible.builtin.template:
|
|
src: assets/{{ inventory_hostname }}/compose.yml.j2
|
|
dest: /root/docker/compose.yml
|
|
backup: true
|
|
- name: Pull images
|
|
ansible.builtin.shell: docker compose pull
|
|
args:
|
|
chdir: /root/docker
|
|
- name: Run Docker
|
|
ansible.builtin.shell: docker compose up -d --remove-orphans
|
|
args:
|
|
chdir: /root/docker
|
|
- name: Prune images
|
|
ansible.builtin.shell: docker image prune -f
|
|
|
|
- name: Homeserver wireguard
|
|
hosts:
|
|
- docker-ext
|
|
tags:
|
|
- bastion
|
|
tasks:
|
|
- name: "Homeserver Wireguard config"
|
|
ansible.builtin.template:
|
|
src: assets/{{ inventory_hostname }}/wg0.conf.j2
|
|
dest: /etc/wireguard/wg0.conf
|
|
backup: true
|
|
|
|
|
|
- name: Setup Wireguard wireguard
|
|
hosts: wireguard
|
|
vars:
|
|
tags:
|
|
- wireguard
|
|
roles:
|
|
- bastion
|
|
|
|
- name: Traefik config
|
|
hosts:
|
|
- docker-ext
|
|
tags:
|
|
- traefik
|
|
tasks:
|
|
- name: "Traefik rules"
|
|
ansible.builtin.template:
|
|
src: assets/{{ inventory_hostname }}/rules.yaml.j2
|
|
dest: /root/docker/traefik/rules.yaml
|
|
backup: true
|