diff --git a/ansible/halo.yml b/ansible/halo.yml new file mode 100644 index 0000000..27d81c6 --- /dev/null +++ b/ansible/halo.yml @@ -0,0 +1,16 @@ +--- + +- name: init droplet + hosts: halo + tasks: + - debug: msg="Deploying droplet config to cloud server" + roles: + - { name: droplets, tags: ['init']} + +- name: deploy the halo stack + hosts: halo + remote_user: "{{ remote_user }}" + tasks: + - debug: msg="Deploying halo stack to cloud server" + roles: + - { name: halo, tags: ['halo'] } diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index 39970a3..e373cf8 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -12,19 +12,10 @@ all: hosts: storage.home.jowj.net: cloudkey.home.jowj.net: - vpn: - hosts: - vpn.awful.club: dev: hosts: localhost: ansible_connection: local - onprem_clients: - hosts: - hydra-ling: - lurker-ling: - ling-bane: - little-lady: mediaserver: hosts: hatchery: @@ -33,3 +24,7 @@ all: hosts: larva.home.jowj.net: ansible_python_interpreter: /usr/bin/python3 + halo: + hosts: + halo.awful.club: + ansible_python_interpreter: python3 diff --git a/ansible/roles/halo/readme.org b/ansible/roles/halo/readme.org new file mode 100644 index 0000000..f877cdb --- /dev/null +++ b/ansible/roles/halo/readme.org @@ -0,0 +1,6 @@ +* halo +halo hosts my shared services for my tailnet. right now thats just +- smokeping +- oversearr + + diff --git a/ansible/roles/halo/tasks/main.yml b/ansible/roles/halo/tasks/main.yml new file mode 100644 index 0000000..00b8048 --- /dev/null +++ b/ansible/roles/halo/tasks/main.yml @@ -0,0 +1,73 @@ +--- +# deploy a halo host + +# boot strap server +- name: Install aptitude using apt + apt: name=aptitude state=latest update_cache=yes force_apt_get=yes + +- name: Install required system packages for docker install + apt: name={{ item }} state=latest update_cache=yes + loop: [ 'apt-transport-https', 'ca-certificates', 'software-properties-common'] + +- name: Add Docker GPG apt Key + apt_key: + url: https://download.docker.com/linux/debian/gpg + state: present + +- name: Add Docker Repository + apt_repository: + repo: deb https://download.docker.com/linux/ubuntu bionic stable + state: present + +- name: Add tailscale GPG apt Key + apt_key: + url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg + state: present + +- name: Add tailscsale Repository + apt_repository: + repo: deb https://pkgs.tailscale.com/stable/debian bullseye main + state: present + +- name: Update apt + apt: update_cache=yes + +- name: Install required system packages + apt: name={{ sys_packages }} state=latest + +- name: add 'josiah' to docker group + user: + name='josiah' + groups=docker + append=yes + +- name: install python packages + pip: + name: ["jsondiff", "docker"] + +# init new swarm, set up +- name: Init a new swarm with default parameters + docker_swarm: + state: present + advertise_addr: "100.108.51.49" + +- name: ensure the app folders exist + file: state=directory path={{ item }} owner=josiah group=josiah mode=0700 + loop: [ '/home/josiah/apps/smokeping/', '/home/josiah/apps/smokeping/config/', '/home/josiah/apps/letsencrypt/', '/home/josiah/apps/smokeping/config/', '/home/josiah/apps/smokeping/data' ] + +- name: copy over awful-All config files + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0777 + with_items: + - {src: 'halo-compose.yml', dest: '/home/josiah/apps/halo-compose.yml'} + - {src: 'traefik.yml', dest: '/home/josiah/apps/traefik.yml'} + - {src: 'Targets', dest: '/home/josiah/apps/smokeping/config/Targets'} + +- name: Deploy halo stack + docker_stack: + state: present + name: halo + compose: + - /home/josiah/apps/halo-compose.yml diff --git a/ansible/roles/halo/templates/Targets b/ansible/roles/halo/templates/Targets new file mode 100755 index 0000000..b36c787 --- /dev/null +++ b/ansible/roles/halo/templates/Targets @@ -0,0 +1,213 @@ +*** Targets *** + +probe = FPing + +menu = Top +title = work Latency Grapher +remark = Welcome to the SmokePing website of WORKS Company. \ + Here you will learn all about the latency of our network. + ++ HomeNet +menu = HomeNet +title = HomeNet + +++ hatchery +menu = hatchery +title = hatchery +host = hatchery.home.jowj.net + +++ hoyden +menu = hoyden +title = hoyden +host = 192.168.1.20 + +++ synology-as-1 +menu = syn-nas +title = syn-nas +host = storage.home.jowj.net + +++ sainthood +menu = sainthood +title = sainthood +host = sainthood.home.jowj.net + ++ Services +menu = Services +title = Services + +++ sonarr +menu = sonarr +title = sonarr +host = sonarr.services.jowj.net + +++ readarr +menu = readarr +title = readarr +host = readarr.services.jowj.net + +++ lidarr +menu = lidarr +title = lidarr +host = lidarr.services.jowj.net + +++ radarr +menu = radarr +title = radarr +host = radarr.services.jowj.net + +++ sabnzb +menu = sabnzbd +title = sabnzbd +host = sab.services.jowj.net + ++ AwfulNet +menu = AwfulNet +title = AwfulNet + +++ matrix +menu = matrix +title = matrix.awful.club +host = matrix.awful.club + +++ awful1 +menu = awful1 +title = awful1 +host = awful-1.awful.club + + ++ InternetSites + +menu = Internet Sites +title = Internet Sites + +++ GoogleSearch +menu = Google +title = google.com +host = google.com + +++ GoogleSearchIpv6 +menu = Google +probe = FPing6 +title = ipv6.google.com +host = ipv6.google.com + +++ linuxserverio +menu = linuxserver.io +title = linuxserver.io +host = linuxserver.io + ++ USA + +menu = North America +title = North American Connectivity + +++ MIT + +menu = MIT +title = Massachusetts Institute of Technology Webserver +host = web.mit.edu + +++ OSUOSL + +menu = Oregon State University Open Source Lab +title = Oregon State University Open Source Lab +host = osuosl.org + ++ DNS +menu = DNS +title = DNS + +++ GoogleDNS1 +menu = Google DNS 1 +title = Google DNS 8.8.8.8 +host = 8.8.8.8 + +++ GoogleDNS2 +menu = Google DNS 2 +title = Google DNS 8.8.4.4 +host = 8.8.4.4 + +++ OpenDNS1 +menu = OpenDNS1 +title = OpenDNS1 +host = 208.67.222.222 + +++ OpenDNS2 +menu = OpenDNS2 +title = OpenDNS2 +host = 208.67.220.220 + +++ CloudflareDNS1 +menu = Cloudflare DNS 1 +title = Cloudflare DNS 1.1.1.1 +host = 1.1.1.1 + +++ CloudflareDNS2 +menu = Cloudflare DNS 2 +title = Cloudflare DNS 1.0.0.1 +host = 1.0.0.1 + +++ L3-1 +menu = Level3 DNS 1 +title = Level3 DNS 4.2.2.1 +host = 4.2.2.1 + +++ L3-2 +menu = Level3 DNS 2 +title = Level3 DNS 4.2.2.2 +host = 4.2.2.2 + +++ Quad9 +menu = Quad9 +title = Quad9 DNS 9.9.9.9 +host = 9.9.9.9 + ++ DNSProbes +menu = DNS Probes +title = DNS Probes +probe = DNS + +++ GoogleDNS1 +menu = Google DNS 1 +title = Google DNS 8.8.8.8 +host = 8.8.8.8 + +++ GoogleDNS2 +menu = Google DNS 2 +title = Google DNS 8.8.4.4 +host = 8.8.4.4 + +++ OpenDNS1 +menu = OpenDNS1 +title = OpenDNS1 +host = 208.67.222.222 + +++ OpenDNS2 +menu = OpenDNS2 +title = OpenDNS2 +host = 208.67.220.220 + +++ CloudflareDNS1 +menu = Cloudflare DNS 1 +title = Cloudflare DNS 1.1.1.1 +host = 1.1.1.1 + +++ CloudflareDNS2 +menu = Cloudflare DNS 2 +title = Cloudflare DNS 1.0.0.1 +host = 1.0.0.1 + +++ L3-1 +menu = Level3 DNS 1 +title = Level3 DNS 4.2.2.1 +host = 4.2.2.1 + +++ L3-2 +menu = Level3 DNS 2 +title = Level3 DNS 4.2.2.2 +host = 4.2.2.2 + +++ Quad9 +menu = Quad9 +title = Quad9 DNS 9.9.9.9 +host = 9.9.9.9 diff --git a/ansible/roles/halo/templates/halo-compose.yml b/ansible/roles/halo/templates/halo-compose.yml new file mode 100644 index 0000000..ef4224c --- /dev/null +++ b/ansible/roles/halo/templates/halo-compose.yml @@ -0,0 +1,54 @@ +version: '3' + +networks: + gitea: + external: false + pubnet: + external: false + +volumes: + traefik_acme: + traefik_logs: + +services: + traefik: + image: "traefik:v2.2" + ports: + - "80:80" + - "443:443" + environment: + DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}" + networks: + pubnet: + volumes: + - "/home/josiah/apps/letsencrypt/:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "/home/josiah/apps/traefik.yml:/etc/traefik/traefik.yml" + - traefik_logs:/log + labels: + - "traefik.enable=true" + - "traefik.http.routers.edge.rule=hostregexp(`{host:.+}`)" + - "traefik.http.routers.edge.entrypoints=web" + - "traefik.http.routers.edge.middlewares=redirect-to-https" + - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" + + smokeping: + image: lscr.io/linuxserver/smokeping:latest + networks: + pubnet: + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/Chicago + volumes: + - /home/josiah/apps/smokeping/config/:/config + - /home/josiah/apps/smokeping/data:/data + restart: unless-stopped + labels: + # global rules + - "traefik.enable=true" + # the web ui + - "traefik.http.routers.freshrss.rule=Host(`monitor.awful.club`)" + - "traefik.http.routers.freshrss.entrypoints=websecure" + - "traefik.http.routers.freshrss.tls=true" + - "traefik.http.routers.freshrss.tls.certresolver=awful-letsencrypt" diff --git a/ansible/roles/halo/templates/traefik.yml b/ansible/roles/halo/templates/traefik.yml new file mode 100644 index 0000000..49c75aa --- /dev/null +++ b/ansible/roles/halo/templates/traefik.yml @@ -0,0 +1,37 @@ +# defaultEntryPoints must be at the top +# because it should not be in any table below +defaultEntryPoints: ["http", "https"] + +global: + checkNewVersion: true + sendAnonymousUsage: true +api: + dashboard: false + debug: true + insecure: false +entryPoints: + web: + address: ":80" + websecure: + address: ":443" + +providers: + docker: + watch: true + swarmMode: false + endpoint: "unix:///var/run/docker.sock" + exposedbydefault: false +certificatesResolvers: + awful-letsencrypt: + acme: + email: "admin@awful.club" + storage: "/letsencrypt/acme.json" + # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" + dnsChallenge: + provider: "digitalocean" +log: + filePath: "/log/traefik.log" + level: DEBUG +accessLog: + filePath: "/log/access.log" + bufferingSize: 100 diff --git a/ansible/roles/halo/vars/main.yml b/ansible/roles/halo/vars/main.yml new file mode 100644 index 0000000..55d0f08 --- /dev/null +++ b/ansible/roles/halo/vars/main.yml @@ -0,0 +1 @@ +sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip', 'docker', 'ca-certificates', 'curl', 'gnupg', 'lsb-release', 'docker-ce', 'docker-ce-cli', 'containerd.io', 'docker-compose-plugin', 'tailscale']