forked from bbaassssiiee/controller
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathprovision.yml
executable file
·159 lines (135 loc) · 3.56 KB
/
provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/usr/bin/env ansible-playbook
# export DB_PASS=aVeryStrongDatabasePassword
---
- name: Database Server
hosts: database
become: true
gather_facts: true
tags: [postgres, database]
pre_tasks:
- name: Lookup DB_PASS in environment variables
when: desired_state == 'present'
ansible.builtin.set_fact:
check_db_pass: "{{ lookup('env', 'DB_PASS') }}"
no_log: true
- name: Assert that DB_PASS is defined
when: desired_state == 'present'
ansible.builtin.assert:
that:
- check_db_pass | length > 8
msg: |
run this shell command before this playbook:
read -sp "Enter database password: " DB_PASS && export DB_PASS ; echo
roles:
- role: bbaassssiiee.postgres_ssl
- name: Semaphore in Systemd
hosts: semaphore
become: true
gather_facts: true
tags: [semaphore]
pre_tasks:
- name: Lookup SSH_PASS in environment variables
ansible.builtin.set_fact:
ssh_passphrase: "{{ lookup('env', 'SSH_PASS') }}"
no_log: true
- name: Assert that SSH_PASS is defined
ansible.builtin.assert:
that:
- ssh_passphrase | length > 8
msg: |
run this shell command before this playbook:
read -sp "Enter ssh key passphrase: " SSH_PASS && export SSH_PASS ; echo
roles:
- role: semaphore
- name: Forward Proxy
hosts: proxy
become: true
gather_facts: true
tags: [proxy]
tasks:
- name: Install Docker
when: use_docker | bool
ansible.builtin.include_role:
name: geerlingguy.docker
- name: Install Squid proxy
ansible.builtin.import_role:
name: bbaassssiiee.proxy
tags: [proxy]
- name: Tools
hosts: semaphore
become: true
gather_facts: true
tags: [tools]
vars:
docker_users:
- semaphore
tasks:
- name: Install Helm
when:
- use_helm is defined
- use_helm | bool
ansible.builtin.include_role:
name: andrewrothstein.kubernetes_helm
- name: Install Krew
when:
- use_krew is defined
- use_krew | bool
ansible.builtin.include_role:
name: andrewrothstein.krew
- name: Install kbcli
when:
- use_kbcli is defined
- use_kbcli | bool
ansible.builtin.include_role:
name: bbaassssiiee.kubeblocks
- name: Install k9
when:
- use_k9s is defined
- use_k9s | bool
ansible.builtin.include_role:
name: andrewrothstein.k9s
- name: Install OpenTofu
when:
- use_opentofu is defined
- use_opentofu | bool
ansible.builtin.include_role:
name: andrewrothstein.opentofu
- name: Install Powershell
when:
- use_powershell is defined
- use_powershell | bool
ansible.builtin.include_role:
name: andrewrothstein.powershell
- name: Install Terraform
when:
- use_terraform is defined
- use_terraform | bool
ansible.builtin.include_role:
name: andrewrothstein.terraform
- name: Configure Semaphore
hosts: semaphore
become: true
gather_facts: true
vars:
semaphore_api_url: "http://localhost:3000/api"
semaphore_username: semaphore
module_defaults:
ansible.builtin.uri:
use_proxy: false
headers:
Content-Type: "application/json"
body_format: json
validate_certs: false
timeout: 5
tasks:
roles:
- role: api
tags:
- api
- name: Reverse Proxy
hosts: web
become: true
gather_facts: true
roles:
- role: bbaassssiiee.nginx_ssl
tags: [nginx]