diff --git a/.gitignore b/.gitignore index 1561f1c..1454d14 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,6 @@ *tfstate.* terraform/.terraform.lock.hcl **/.terraform/ -.idea/ \ No newline at end of file +.idea/ +home.lab.local.crt +home.lab.local.key \ No newline at end of file diff --git a/ansible/hosts b/ansible/hosts index 5f4b491..db3037d 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -6,19 +6,27 @@ homelab: hosts: dlna: ansible_host: dlna.home.lab.local + torrent: + ansible_host: torrent.home.lab.local + microbin: + ansible_host: microbin.home.lab.local sandbox: ansible_host: 192.168.0.101 dns1: ansible_host: ns1.home.lab.local vars: ansible_user: ovodianov - ansible_ssh_private_key_file: ~/.ssh/home.lab.local debian: - hosts: - pve1: - ansible_host: pve.home.lab.local - pve2: - ansible_host: pve2.home.lab.local - vars: - ansible_user: root - ansible_ssh_private_key_file: ~/.ssh/home.lab.local + children: + proxmox: + hosts: + pve1: + ansible_host: pve.home.lab.local + pve2: + ansible_host: pve2.home.lab.local + pve3: + ansible_host: pve3.home.lab.local + vars: + ansible_user: root +vars: + ansible_ssh_private_key_file: ~/.ssh/home.lab.local diff --git a/ansible/install.yml b/ansible/install.yml index 121d1c9..085120a 100644 --- a/ansible/install.yml +++ b/ansible/install.yml @@ -1,4 +1,5 @@ --- +# ansible-playbook -i hosts install.yml - hosts: homelab become: true roles: diff --git a/ansible/nginx.yml b/ansible/nginx.yml new file mode 100644 index 0000000..5978dcc --- /dev/null +++ b/ansible/nginx.yml @@ -0,0 +1,7 @@ +--- +# if there is only password auth set on a server then run the following +# ansible-playbook -i hosts -l nginx.yml --diff +- hosts: homelab + become: true + roles: + - nginx \ No newline at end of file diff --git a/ansible/roles/nginx/handlers/main.yml b/ansible/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..a140665 --- /dev/null +++ b/ansible/roles/nginx/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart nginx + systemd_service: + state: restarted + daemon_reload: true + name: nginx diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..9db166b --- /dev/null +++ b/ansible/roles/nginx/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: delete default config + file: + path: /etc/nginx/sites-available/default + state: absent + +- name: copy certs + copy: + src: "{{ item }}" + dest: /root + mode: '0600' + loop: + - home.lab.local.crt + - home.lab.local.key + no_log: true + +- name: copy nginx config + template: + src: "{{ hostvars[inventory_hostname].group_names[2] }}" + dest: /etc/nginx/sites-available/ + +- name: make a link to nginx config in sites-enabled + file: + src: /etc/nginx/sites-available/{{ hostvars[inventory_hostname].group_names[2] }} + dest: /etc/nginx/sites-enabled/{{ hostvars[inventory_hostname].group_names[2] }} + state: link diff --git a/ansible/roles/nginx/templates/proxmox b/ansible/roles/nginx/templates/proxmox new file mode 100644 index 0000000..acaa887 --- /dev/null +++ b/ansible/roles/nginx/templates/proxmox @@ -0,0 +1,30 @@ +upstream proxmox { + server 127.0.0.1:8006; +} + +server { + listen 80 default_server; + listen [::]:80 default_server; + rewrite ^(.*) https://$host$1 permanent; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name _; + ssl_certificate /root/home.lab.local.crt; + ssl_certificate_key /root/home.lab.local.key; + proxy_redirect off; + location / { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass https://localhost:8006; + proxy_buffering off; + client_max_body_size 0; + proxy_connect_timeout 3600s; + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + send_timeout 3600s; + } +} diff --git a/ansible/roles/packages/tasks/main.yml b/ansible/roles/packages/tasks/main.yml index 7f9785d..d544516 100644 --- a/ansible/roles/packages/tasks/main.yml +++ b/ansible/roles/packages/tasks/main.yml @@ -1,5 +1,9 @@ --- - name: install packages apt: - name: qemu-guest-agent + name: "{{ item }}" state: present + loop: + - qemu-guest-agent + - vim + - nginx