update

Playbooks/servers/install-core.yml

@@ -0,0 +1,11 @@
+- hosts: "{{ hosts }}"
+
+  become: yes
+  tasks:
+
+  - name: install core packages
+    apt:
+      name:
+        - prometheus-node-exporter
+        - nfs-common
+      update_cache: yes

Playbooks/servers/install-docker.yml

@@ -0,0 +1,29 @@
+- hosts:
+  - srv-prod-1.home.clcreative.de
+  - srv-prod-2.home.clcreative.de
+
+  become: yes
+  tasks:
+
+    # Breaks existing Docker Servers!
+    # Change Tasks for separate group!
+    
+    # Install Docker
+    # - name: install prerequisites
+    #   apt:
+    #     name:
+    #       - docker.io
+    #     update_cache: yes
+ 
+    # - name: add user permissions
+    #   shell: "usermod -aG docker {{ ansible_env.SUDO_USER }}"
+ 
+    # - name: Reset ssh connection for changes to take effect
+    #   meta: "reset_connection"
+
+    # Install Docker Compose
+    - name: install docker-compose
+      apt:
+        name: 
+          - docker-compose
+        update_cache: yes

Playbooks/servers/install-sshauth.yml

@@ -0,0 +1,23 @@
+- hosts: all
+
+  become: yes
+  tasks:
+
+  # Deploy SSH Key
+  # --
+  - name: install public keys
+    ansible.posix.authorized_key:
+      user: "{{ lookup('env','USER') }}"
+      state: present
+      key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"  
+  
+
+  # Set all sudoers to no password
+  # --
+  - name: change sudoers file
+    lineinfile:
+      path: /etc/sudoers
+      state: present
+      regexp: '^%sudo'
+      line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+      validate: /usr/sbin/visudo -cf %s

Playbooks/servers/install-vm-core.yml

@@ -0,0 +1,19 @@
+- hosts: "{{ hosts }}"
+
+  become: yes
+  tasks:
+
+  - name: install core packages
+    apt:
+      name:
+        - prometheus-node-exporter
+        - nfs-common
+        - qemu-guest-agent
+        - unzip
+      update_cache: yes
+
+  - name: start guest qemu-guest-agent
+    service:
+      name: qemu-guest-agent
+      state: started
+      enabled: yes

Playbooks/servers/update-aptpackages.yml

@@ -0,0 +1,29 @@
+- hosts: "{{ hosts }}"
+
+  become: yes
+  tasks:
+    # Upgrade packages
+    - name: upgrade apt packages
+      become: true
+      apt:
+        upgrade: yes
+        update_cache: yes
+
+    # Check if reboot is required
+    - name: check if system reboot is required
+      become: true
+      stat:
+        path: /var/run/reboot-required
+      register: reboot_required
+
+    # Send Discord message when reboot is required
+    - name: Send Discord message
+      uri:
+        url: "{{ discord_webhook_url }}"
+        method: POST
+        body_format: json
+        body: '{"content": "Reboot required on {{ inventory_hostname }}"}'
+        headers:
+          Content-Type: application/json
+        status_code: 204
+      when: reboot_required.stat.exists

Playbooks/servers/update-diskspace.yml

@@ -0,0 +1,23 @@
+- hosts: "{{ hosts }}"
+
+  tasks:
+
+    - name: Get disk usage
+      command: df -h
+      register: disk_usage
+
+    - name: Check disk space available
+      shell: df -h / | awk 'NR==2 {print $5}'
+      register: disk_usage
+
+    # Send Discord message when disk space is over 80%
+    - name: Send Discord message
+      uri:
+        url: "{{ discord_webhook_url }}"
+        method: POST
+        body_format: json
+        body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
+        headers:
+          Content-Type: application/json
+        status_code: 204
+      when: disk_usage.stdout[:-1]|int > 80

Playbooks/servers/update-dockercleanup.yml

@@ -0,0 +1,13 @@
+- hosts: "{{ hosts }}"
+
+  tasks:
+
+    - name: Prune non-dangling, and dangling images
+      community.docker.docker_prune:
+        containers: false
+        images: true
+        images_filters:
+          dangling: false
+        networks: false
+        volumes: false
+        builder_cache: false

ansiblesemaphore-prod-1/docker-compose.yaml

@@ -0,0 +1,42 @@
+---
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true
+services:
+  semaphore:
+    container_name: ansiblesemaphore-prod-1
+    image: semaphoreui/semaphore:v2.9.64
+    restart: unless-stopped
+    ports:
+      - 3000:3000
+    environment:
+      - SEMAPHORE_DB_USER=ansiblesemaphore-prod-1-user
+      - SEMAPHORE_DB_PASS=${SEMAPHORE_DB_PASS:?error}
+      - SEMAPHORE_DB_HOST=db-prod-1.home.clcreative.de
+      - SEMAPHORE_DB_PORT=3306
+      - SEMAPHORE_DB_DIALECT=mysql
+      - SEMAPHORE_DB=ansiblesemaphore_prod_1_db 
+      - SEMAPHORE_PLAYBOOK_PATH=/tmp/semaphore/
+      - SEMAPHORE_ADMIN_PASSWORD=${SEMAPHORE_ADMIN_PASSWORD-}
+      - SEMAPHORE_ADMIN_NAME=admin
+      - SEMAPHORE_ADMIN_EMAIL=admin@localhost
+      - SEMAPHORE_ADMIN=${SEMAPHORE_ADMIN:-admin}
+      - SEMAPHORE_ACCESS_KEY_ENCRYPTION=${SEMAPHORE_ACCESS_KEY_ENCRYPTION:?error}
+      - ANSIBLE_HOST_KEY_CHECKING=false
+    volumes:
+      - ./inventory/:/inventory:ro
+      - ./authorized-keys/:/authorized-keys:ro
+      - ./config/:/etc/semaphore:rw
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.ansiblesemaphore-prod-1-http.entrypoints: "web"
+      traefik.http.routers.ansiblesemaphore-prod-1-http.rule: "Host(`ansiblesemaphore-prod-1.srv-prod-1.home.clcreative.de`)"
+      traefik.http.routers.ansiblesemaphore-prod-1-https.entrypoints: "websecure"
+      traefik.http.routers.ansiblesemaphore-prod-1-https.rule: "Host(`ansiblesemaphore-prod-1.srv-prod-1.home.clcreative.de`)"
+      traefik.http.routers.ansiblesemaphore-prod-1-https.tls: "true"
+      traefik.http.routers.ansiblesemaphore-prod-1-https.tls.certresolver: "cloudflare"
+    networks:
+      - frontend
+      - backend

inventory/clcreative

@@ -0,0 +1,30 @@
+[srv-prod]
+srv-prod-1.home.clcreative.de
+srv-prod-2.home.clcreative.de
+srv-prod-3.home.clcreative.de
+srv-prod-4.home.clcreative.de
+srv-prod-5.home.clcreative.de
+srv-prod-6.home.clcreative.de
+srv-prod-7.home.clcreative.de
+
+[srv-demo]
+srv-demo-1.home.clcreative.de
+srv-demo-2.home.clcreative.de
+srv-demo-3.home.clcreative.de
+srv-demo-4.home.clcreative.de
+srv-demo-5.home.clcreative.de
+
+[vm-prod]
+srv-prod-1.home.clcreative.de
+srv-prod-2.home.clcreative.de
+srv-prod-3.home.clcreative.de
+srv-prod-4.home.clcreative.de
+srv-prod-5.home.clcreative.de
+srv-prod-6.home.clcreative.de
+
+[vm-demo]
+srv-demo-1.home.clcreative.de
+srv-demo-2.home.clcreative.de
+srv-demo-3.home.clcreative.de
+srv-demo-4.home.clcreative.de
+srv-demo-5.home.clcreative.de