annika/minilab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

first commit

Browse source
This commit is contained in:
Annika Merris 2025-04-30 11:51:18 +00:00
commit 5816898404
50 changed files with 1031 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
.devcontainer/devcontainer.json Normal file
View file

@ -0,0 +1,24 @@
{
"name": "ansible-dev-container-codespaces",
"image": "ghcr.io/ansible/community-ansible-dev-tools:latest",
"containerUser": "root",
"runArgs": [
"--security-opt",
"seccomp=unconfined",
"--security-opt",
"label=disable",
"--cap-add=SYS_ADMIN",
"--cap-add=SYS_RESOURCE",
"--device",
"/dev/fuse",
"--security-opt",
"apparmor=unconfined",
"--hostname=ansible-dev-container"
],
"updateRemoteUserUID": true,
"customizations": {
"vscode": {
"extensions": ["redhat.ansible", "redhat.vscode-redhat-account"]
}
}
}

24
.devcontainer/docker/devcontainer.json Normal file
View file

@ -0,0 +1,24 @@
{
"name": "ansible-dev-container-docker",
"image": "ghcr.io/ansible/community-ansible-dev-tools:latest",
"containerUser": "root",
"runArgs": [
"--security-opt",
"seccomp=unconfined",
"--security-opt",
"label=disable",
"--cap-add=SYS_ADMIN",
"--cap-add=SYS_RESOURCE",
"--device",
"/dev/fuse",
"--security-opt",
"apparmor=unconfined",
"--hostname=ansible-dev-container"
],
"updateRemoteUserUID": true,
"customizations": {
"vscode": {
"extensions": ["redhat.ansible", "redhat.vscode-redhat-account"]
}
}
}

28
.devcontainer/podman/devcontainer.json Normal file
View file

@ -0,0 +1,28 @@
{
"name": "ansible-dev-container-podman",
"image": "ghcr.io/ansible/community-ansible-dev-tools:latest",
"containerUser": "root",
"runArgs": [
"--cap-add=CAP_MKNOD",
"--cap-add=NET_ADMIN",
"--cap-add=SYS_ADMIN",
"--cap-add=SYS_RESOURCE",
"--device",
"/dev/fuse",
"--security-opt",
"seccomp=unconfined",
"--security-opt",
"label=disable",
"--security-opt",
"apparmor=unconfined",
"--security-opt",
"unmask=/sys/fs/cgroup",
"--userns=host",
"--hostname=ansible-dev-container"
],
"customizations": {
"vscode": {
"extensions": ["redhat.ansible", "redhat.vscode-redhat-account"]
}
}
}

3
.github/ansible-code-bot.yml vendored Normal file
View file

@ -0,0 +1,3 @@
---
schedule:
interval: "daily"

18
.github/workflows/tests.yml vendored Normal file
View file

@ -0,0 +1,18 @@
---
name: "CI"
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on: # yamllint disable-line rule:truthy
pull_request:
branches: [main]
workflow_dispatch:
# TO-DO: Below is an example cron scheduler. Uncomment and tweak it as per your requirement
# schedule:
# - cron: '0 0 * * *'
jobs:
ansible-lint:
uses: ansible/ansible-content-actions/.github/workflows/ansible_lint.yaml@main

180
.gitignore vendored Normal file
View file

@ -0,0 +1,180 @@
ansible_ed25519
vault-password.txt
.logs/*
*.retry
*.vault
collections/*
!collections/ansible_collections
!collections/requirements.yml
collections/ansible_collections/*
!collections/ansible_collections/adhdgirl
collections/ansible_collections/adhdgirl/*
!collections/ansible_collections/adhdgirl/minilab
# https://raw.githubusercontent.com/github/gitignore/main/Python.gitignore
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/
# MacOS
.DS_Store
# Ansible
.ansible/

3
.vscode/extensions.json vendored Normal file
View file

@ -0,0 +1,3 @@
{
"recommendations": ["redhat.ansible", "redhat.vscode-redhat-account"]
}

3
.vscode/settings.json vendored Normal file
View file

@ -0,0 +1,3 @@
{
"ansible.python.interpreterPath": "/home/annika/ansible/minilab/.venv/bin/python"
}

57
README.md Normal file
View file

@ -0,0 +1,57 @@
# Adhdgirl Minilab Ansible Project
## To Get Machines Added
1. Generate a set of ssh-keys for the ansible user. Copy both to the files directory. (Expects id_rsa and id_rsa.pub)
2. Either make sure that the container has your SSH public key for auth, or allows password auth for the user you wish to use.<br>**_NOTE_** Whichever user you are using must be able to run root commands, either using sudo, or by being root.
* For authenticating using SSH keys, execute<br>`ansible-playbook --ask-vault-pass -e 'ansible_user=<user>' --ask-become-pass -e 'ansible_private_key_file=<path_th_ssh_private_key>' minilab.yml`
* For authenticating without using SSH keys, execute<br>`ansible-playbook --ask-vault-pass -e 'ansible_user=<user>' --ask-pass --ask-become-pass minilab.yml`
3. After the first run. the following will work
* `ansible-playbook --ask-vault-pass minilab.yml`
## Included content/ Directory Structure
The directory structure follows best practices recommended by the Ansible
community. Feel free to customize this template according to your specific
project requirements.
```
ansible-project/
|── .devcontainer/
| └── docker/
| └── devcontainer.json
| └── podman/
| └── devcontainer.json
| └── devcontainer.json
|── .github/
| └── workflows/
| └── tests.yml
| └── ansible-code-bot.yml
|── .vscode/
| └── extensions.json
|── collections/
| └── requirements.yml
| └── ansible_collections/
| └── project_org/
| └── project_repo/
| └── README.md
| └── roles/sample_role/
| └── README.md
| └── tasks/main.yml
|── inventory/
| └── groups_vars/
| └── host_vars/
| └── hosts.yml
|── ansible-navigator.yml
|── ansible.cfg
|── devfile.yaml
|── linux_playbook.yml
|── network_playbook.yml
|── README.md
|── site.yml
```
## Compatible with Ansible-lint
Tested with ansible-lint >=24.2.0 releases and the current development version
of ansible-core.

10
ansible-navigator.yaml Normal file
View file

@ -0,0 +1,10 @@
---
ansible-navigator:
logging:
level: debug
append: false
file: $PWD/.logs/ansible-navigator.log
playbook-artifact:
enable: true
save-as: "$PWD/.logs/{playbook_name}-artifact-{time_stamp}.json"

25
ansible.cfg Normal file
View file

@ -0,0 +1,25 @@
[defaults]
# Specify the inventory file
inventory = inventory/hosts.yaml
# Define the directory for host and group variables
host_vars_inventory = inventory/host_vars
group_vars_inventory = inventory/group_vars
# Set the logging verbosity level
# verbosity = 2
log_path = ./ansible.log
# Set the default user for SSH connections
remote_user = ansible
# Define the default become method
become_method = sudo
[persistent_connection]
# Controls how long the persistent connection will remain idle before it is destroyed
connect_timeout=30
# Controls the amount of time to wait for response from remote device before timing out persistent connection
command_timeout=30

80
collections/ansible_collections/adhdgirl/minilab/README.md Normal file
View file

@ -0,0 +1,80 @@
# Adhdgirl Minilab Collection
This repository contains the `adhdgirl.minilab` Ansible Collection.
## Tested with Ansible
Tested with ansible-core >=2.14 releases and the current development version of
ansible-core.
## External requirements
Some modules and plugins require external libraries. Please check the
requirements for each plugin or module you use in the documentation to find out
which requirements are needed.
## Included content
Please check the included content on the
[Ansible Galaxy page for this collection](https://galaxy.ansible.com/adhdgirl/minilab).
## Using this collection
```
ansible-galaxy collection install adhdgirl.minilab
```
You can also include it in a `requirements.yml` file and install it via
`ansible-galaxy collection install -r requirements.yml` using the format:
```yaml
collections:
- name: adhdgirl.minilab
```
To upgrade the collection to the latest available version, run the following
command:
```bash
ansible-galaxy collection install adhdgirl.minilab --upgrade
```
You can also install a specific version of the collection, for example, if you
need to downgrade when something is broken in the latest version (please report
an issue in this repository). Use the following syntax where `X.Y.Z` can be any
[available version](https://galaxy.ansible.com/adhdgirl/minilab):
```bash
ansible-galaxy collection install adhdgirl.minilab:==X.Y.Z
```
See
[Ansible Using Collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html)
for more details.
## Release notes
See the
[changelog](https://github.com/ansible-collections/adhdgirl.minilab/tree/main/CHANGELOG.rst).
## Roadmap
<!-- Optional. Include the roadmap for this collection, and the proposed release/versioning strategy so users can anticipate the upgrade/update cycle. -->
## More information
<!-- List out where the user can find additional information, such as working group meeting times, slack/Matrix channels, or documentation for the product this collection automates. At a minimum, link to: -->
- [Ansible collection development forum](https://forum.ansible.com/c/project/collection-development/27)
- [Ansible User guide](https://docs.ansible.com/ansible/devel/user_guide/index.html)
- [Ansible Developer guide](https://docs.ansible.com/ansible/devel/dev_guide/index.html)
- [Ansible Collections Checklist](https://docs.ansible.com/ansible/devel/community/collection_contributors/collection_requirements.html)
- [Ansible Community code of conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html)
- [The Bullhorn (the Ansible Contributor newsletter)](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn)
- [News for Maintainers](https://forum.ansible.com/tag/news-for-maintainers)
## Licensing
GNU General Public License v3.0 or later.
See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text.

10
collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/files/docker-compose.yaml Normal file
View file

@ -0,0 +1,10 @@
---
services:
adguard:
image: adguard/adguardhome:v0.107.59
container_name: adguardhome
volumes:
- /opt/adguard/workdir:/opt/adguardhome/work
- /opt/adguard/confdir:/opt/adguardhome/conf
network_mode: "host"
restart: unless-stopped

40
collections/ansible_collections/adhdgirl/minilab/roles/adguardhome/tasks/main.yaml Normal file
View file

@ -0,0 +1,40 @@
---
- name: Load distro-specific variables
ansible.builtin.include_vars: '{{ item }}'
tags: always
with_first_found:
- files:
- "{{ ansible_distribution }}.yaml"
skip: true
- name: Ensure AdGuard Home is running on this device
block:
- name: Ensure presense of folders for AdGuard Home
tags: packages,docker,adguard
ansible.builtin.file:
path: "/opt/adguard/{{ item }}"
state: directory
recurse: true
owner: root
group: root
loop:
- "workdir"
- "confdir"
- name: Ensure compose file is available on the server
tags: docker,adguard,settings
ansible.builtin.copy:
src: docker-compose.yaml
dest: /opt/adguard/docker-compose.yaml
owner: root
group: root
mode: u=rw,g=r,o=r
- name: Ensure docker containers are pulled and running
tags: docker,adguard
community.docker.docker_compose_v2:
project_src: /opt/adguard
pull: always
rescue:
- name: Set that this task failed
ansible.builtin.set_fact:
task_failed: true

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/ansible_ed25519.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUrVjr7OOouXuax/peH72TgWiVaE1hacB65lXRUQdmP annika@ansible

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/doas.conf Normal file
View file

@ -0,0 +1 @@
permit nopass ansible

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/ansible/sudoers Normal file
View file

@ -0,0 +1 @@
ansible ALL=(ALL) NOPASSWD: ALL

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/doas.conf Normal file
View file

@ -0,0 +1 @@
permit persist annika

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/id_ed25519.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1XzepIOOXlSAjVTVKXlCYiPD4gtlt4/1ky9UWaB/2f annika@ansible

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/sudoers Normal file
View file

@ -0,0 +1 @@
annika ALL=(ALL) ALL

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/wallace.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJ3/ZWJHbXEu5+nPvaNfPQraxy2ThXQlNB/u99nr8ci annika@wallace.local.merr.is

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/doas.conf Normal file
View file

@ -0,0 +1 @@
permit persist moosetheory

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/id_ed25519.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1XzepIOOXlSAjVTVKXlCYiPD4gtlt4/1ky9UWaB/2f annika@ansible

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/sudoers Normal file
View file

@ -0,0 +1 @@
moosetheory ALL=(ALL) ALL

1
collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/moosetheory/wallace.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJ3/ZWJHbXEu5+nPvaNfPQraxy2ThXQlNB/u99nr8ci annika@wallace.local.merr.is

36
collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/software.yaml Normal file
View file

@ -0,0 +1,36 @@
---
- name: Make sure aptitude is available
tags: packages,system,settings,debian
ansible.builtin.apt:
name: aptitude
state: present
when: ansible_distribution in debian_derivatives
- name: Make sure sudo and ssh are available
tags: packages,system,settings
ansible.builtin.package:
name:
- "{{ common_elevate_package }}"
- "{{ common_ssh_package }}"
state: present
- name: Make sure python3 is available (Alpine)
tags: packages,system,settings
ansible.builtin.package:
name:
- python3
state: present
when: ansible_distribution == 'Alpine'
- name: Ensure ssh is starting at boot (Alpine)
tags: packages,system,settings
ansible.builtin.service:
name: sshd
state: started
enabled: true
when: ansible_distribution == 'Alpine'
- name: Ensure ssh is starting at boot (Debian)
tags: package,system,settings
ansible.builtin.systemd_service:
name: ssh
state: started
enabled: true
when: ansible_distribution in debian_derivatives
# code: language=ansible

31
collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/ansible/user.yaml Normal file
View file

@ -0,0 +1,31 @@
---
- name: Make sure ansible user exists
tags: users,system,ansible
ansible.builtin.user:
name: ansible
password: "*"
- name: Add sudoers file
tags: moosetheory,settings,sudo,system,users
ansible.builtin.copy:
src: ansible/sudoers
dest: /etc/sudoers.d/ansible
owner: root
group: root
mode: u=r,g=r,o-rwx
when: ansible_distribution in debian_derivatives
- name: Add doas file
tags: ansible,settings,doas,system,users
ansible.builtin.copy:
src: ansible/doas.conf
dest: /etc/doas.d/ansible.conf
owner: root
group: root
mode: u=r,g=r,o-rwx
when: ansible_distribution == "Alpine"
- name: Set authorized key for ansible user
tags: users,system,ansible
ansible.posix.authorized_key:
user: ansible
state: present
key: "{{ lookup('file', './files/ansible/ansible_ed25519.pub') }}"
# code: language=ansible

36
collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/main.yaml Normal file
View file

@ -0,0 +1,36 @@
---
- name: Load distro-specific variables
ansible.builtin.include_vars: '{{ item }}'
tags: always
with_first_found:
- files:
- "{{ ansible_distribution }}.yaml"
skip: true
- name: Set up common functionality
block:
# Make sure ansible related stuff exists
- name: Ensure presense of software needed by later tasks
ansible.builtin.import_tasks: ansible/software.yaml
- name: Ensure user exists for future runs of Ansible
ansible.builtin.import_tasks: ansible/user.yaml
# Create users
- name: Create users
ansible.builtin.include_tasks: users.yaml
loop:
- annika
- moosetheory
loop_control:
loop_var: user_name
# Install software not specific to Ansible
# - name: Ensure software wanted on all hosts is installed
# ansible.builtin.import_tasks: general/software.yaml
rescue:
- name: Set that this task failed
ansible.builtin.set_fact:
task_failed: true
# code: language=ansible

57
collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml Normal file
View file

@ -0,0 +1,57 @@
---
- name: Load user-specific variables
tags: groups,users
ansible.builtin.include_vars:
file: "users/{{ user_name }}.yaml"
- name: Ensure group exists
tags: groups,users
ansible.builtin.group:
name: "{{ user_name }}"
state: present
- name: Ensure user exists
tags: users
ansible.builtin.user:
name: "{{ user_name }}"
group: "{{ user_name }}"
groups: "adm,{{ common_sudo_group }}"
state: present
password: "{{ common_user_password | string | password_hash('sha512') }}"
- name: Adjust shell for Debian hosts
tags: settings,users,debian
ansible.builtin.user:
name: "{{ user_name }}"
shell: /bin/bash
when: ansible_distribution in debian_derivatives
- name: Adjust shell for Ansible hosts
tags: settings,users,alpine
ansible.builtin.user:
name: "{{ user_name }}"
shell: /bin/ash
when: ansible_distribution == "Alpine"
- name: Ensure user sudoers file is in place for Debian hosts
tags: settings,users,debian
ansible.builtin.copy:
src: "users/{{ user_name }}/sudoers"
dest: "/etc/sudoers.d/{{ user_name }}"
owner: root
group: root
mode: u=r,g=r,o-rwx
when: ansible_distribution in debian_derivatives
- name: Ensure user doas config is in place for Alpine hosts
tags: settings,users,alpine
ansible.builtin.copy:
src: "users/{{ user_name }}/doas.conf"
dest: "/etc/doas.d/{{ user_name }}.conf"
owner: root
group: root
mode: u=r,g=r,o-rwx
when: ansible_distribution == "Alpine"
- name: Ensure public keys are available for this user
tags: settings,users,ssh
ansible.posix.authorized_key:
user: "{{ user_name }}"
state: present
key: "{{ lookup('file', item) }}"
with_fileglob:
- "users/{{ user_name }}/*.pub"
# code: language=ansible

5
collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Alpine.yaml Normal file
View file

@ -0,0 +1,5 @@
---
common_sudo_group: wheel
common_ssh_package: openssh
common_elevate_package: doas
# code: language=ansible

5
collections/ansible_collections/adhdgirl/minilab/roles/common/vars/Debian.yaml Normal file
View file

@ -0,0 +1,5 @@
---
common_sudo_group: sudo
common_ssh_package: ssh
common_elevate_package: sudo
# code: language=ansible

18
collections/ansible_collections/adhdgirl/minilab/roles/common/vars/main.yaml Normal file
View file

@ -0,0 +1,18 @@
---
common_interactive_users:
- annika
- moosetheory
common_annika_passwd: !vault |
$ANSIBLE_VAULT;1.1;AES256
31376262376236616461656131623338386564396462663662363934663065333335373338366166
3133373464376565393339323461313837363463353636300a653738616137316261656665323835
30356563646237653533303832623433343831346234333965623532363565346633313437353865
3333366534323032390a643536643361356532666333306635653634373938613134353565643961
6665
common_moosetheory_passwd: !vault |
$ANSIBLE_VAULT;1.1;AES256
37633433626261666330346536356463303431396662333334643633393632383731343037353038
3462366461343964386535356239353034323638363937380a633238343839363433356338663632
66363663356162666437343863663837346430653665356636356565306263646137383438333233
3062313935383164650a626365363362326238386137336538323831373430653366383139326365
3961

9
collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/annika.yaml Normal file
View file

@ -0,0 +1,9 @@
---
common_user_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
39313537373231343839663162373238343837626266323631316234333034343536636664336433
3531626364383166383165613563373435623663366461360a613731663639633966353239303933
63353537626461383332656265653634656530326133646361643365366665353562396536373834
3866343531323237360a353737303766393338353436353864336538373166366637663566363166
6364
# code: language=ansible

9
collections/ansible_collections/adhdgirl/minilab/roles/common/vars/users/moosetheory.yaml Normal file
View file

@ -0,0 +1,9 @@
---
common_user_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
39313537373231343839663162373238343837626266323631316234333034343536636664336433
3531626364383166383165613563373435623663366461360a613731663639633966353239303933
63353537626461383332656265653634656530326133646361643365366665353562396536373834
3866343531323237360a353737303766393338353436353864336538373166366637663566363166
6364
# code: language=ansible

18
collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/alpine.yaml Normal file
View file

@ -0,0 +1,18 @@
---
- name: Ensure docker is installed
tags: alpine,docker,software
community.general.apk:
name: "{{ item }}"
state: present
loop:
- docker
- docker-compose
- py3-pip
- py3-docker-py
- name: Start Docker and add to autostart on Alpine
tags: alpine,docker,software
ansible.builtin.service:
name: docker
state: started
enabled: true
# code: language=ansible

102
collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/debian.yaml Normal file
View file

@ -0,0 +1,102 @@
---
- name: Ensure python dependencies are installed
ansible.builtin.apt:
name: "{{ item }}"
state: present
update_cache: true
loop:
- python3-debian
- python3-pip
- name: Ensure no unofficial Docker packages are installed on Debian hosts
ansible.builtin.apt:
name: "{{ item }}"
state: absent
update_cache: false
loop:
- docker.io
- docker-compose
- docker-doc
- podman-docker
- name: Ensure Docker repositories are available on Debian hosts
ansible.builtin.deb822_repository:
name: docker
types: deb
uris: https://download.docker.com/linux/debian
suites: "{{ ansible_distribution_release }}"
components:
- stable
signed_by: |-
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
=0YYh
-----END PGP PUBLIC KEY BLOCK-----
- name: Ensure Docker dependencies are available on Debian hosts
ansible.builtin.apt:
name: "{{ item }}"
state: present
update_cache: true
loop:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
# code: language=ansible

23
collections/ansible_collections/adhdgirl/minilab/roles/docker/tasks/main.yaml Normal file
View file

@ -0,0 +1,23 @@
---
- name: Fetch distro-specific variables
ansible.builtin.include_vars: '{{ item }}'
tags: always
with_first_found:
- files:
- "vars/{{ ansible_distribution }}.yaml"
skip: true
- name: Ensure dependencies for docker module are installed
block:
- name: Ensure debian hosts are properly configured
ansible.builtin.import_tasks: ./debian.yaml
when: ansible_distribution in debian_derivatives
- name: Ensure alpine hosts are properly configured
ansible.builtin.import_tasks: ./alpine.yaml
when: ansible_distribution == 'Alpine'
rescue:
- name: Set that this task failed
ansible.builtin.set_fact:
task_failed: true
# code: language=ansible

57
collections/ansible_collections/adhdgirl/minilab/roles/run/README.md Normal file
View file

@ -0,0 +1,57 @@
Adhdgirl.Minilab Run Role
========================
A brief description of the role is here.
Requirements
------------
Any prerequisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. host vars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
```yaml
- name: Execute tasks on servers
hosts: servers
roles:
- role: adhdgirl.minilab.run
run_x: 42
```
Another way to consume this role would be:
```yaml
- name: Initialize the run role from adhdgirl.minilab
hosts: servers
gather_facts: false
tasks:
- name: Trigger invocation of run role
ansible.builtin.include_role:
name: adhdgirl.minilab.run
vars:
run_x: 42
```
License
-------
# TO-DO: Update the license to the one you want to use (delete this line after setting the license)
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

12
collections/ansible_collections/adhdgirl/minilab/roles/run/tasks/main.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Debug print task-1
ansible.builtin.debug:
msg: "This is task-1"
- name: Debug print task-2
ansible.builtin.debug:
msg: "This is task-2"
- name: Debug print task-3
ansible.builtin.debug:
msg: "This is task-3"

7
collections/requirements.yml Normal file
View file

@ -0,0 +1,7 @@
---
collections:
- name: community.general
- name: ansible.posix
# - name: ansibleguy.nftables
# version: 1.0.3
- name: community.docker

10
inventory/group_vars/all.yaml Normal file
View file

@ -0,0 +1,10 @@
---
# ansible_user: ansible
# ansible_ssh_private_key_file: /home/annika/ansible/minilab/ansible_ed25519
debian_derivatives:
- "Debian"
- "Pop!_OS"
- "Ubuntu"
global_dns_servers:
- 10.69.11.4
# code: language=ansible

3
inventory/group_vars/alpine.yaml Normal file
View file

@ -0,0 +1,3 @@
---
ansible_python_interpreter: /usr/bin/python3
ansible_become_method: community.general.doas

2
inventory/host_vars/fifi.yaml Normal file
View file

@ -0,0 +1,2 @@
---
server_name: fifi

2
inventory/host_vars/knivi.yaml Normal file
View file

@ -0,0 +1,2 @@
---
server_name: knivi

2
inventory/host_vars/maxim.yaml Normal file
View file

@ -0,0 +1,2 @@
---
server_name: maxim

2
inventory/host_vars/pump.yaml Normal file
View file

@ -0,0 +1,2 @@
---
server_name: pump

2
inventory/host_vars/reir.yaml Normal file
View file

@ -0,0 +1,2 @@
---
server_name: reir

33
inventory/hosts.yaml Normal file
View file

@ -0,0 +1,33 @@
---
all:
hosts:
pump:
ansible_host: 10.69.11.4
maxim:
ansible_host: 10.69.10.50
docker1:
ansible_host: 10.69.10.51
fifi:
ansible_host: 10.69.10.52
knivi:
ansible_host: 10.69.10.53
reir:
ansible_host: 10.69.10.62
children:
alpine:
hosts:
pump:
debian:
hosts:
maxim:
docker1:
fifi:
knivi:
reir:
docker:
hosts:
pump:
docker1:
adguard_servers:
hosts:
pump:

31
minilab.yaml Normal file
View file

@ -0,0 +1,31 @@
---
# Pre-run tasks for all hosts
- name: Pre-run tasks for all hosts
hosts: all
tags: always
become: true
pre_tasks:
- name: Update package cache (Alpine)
tags: always
community.general.apk:
update_cache: true
when: ansible_distribution == "Alpine"
- name: Common tasks for all hosts
hosts: all
tags: common
become: true
roles:
- adhdgirl.minilab.common
- name: Ensure docker is installed and running
hosts: docker
tags: docker
become: true
roles:
- adhdgirl.minilab.docker
- name: Configure AdGuard home hosts
hosts: pump
tags: docker,adguard
become: true
roles:
- adhdgirl.minilab.adguardhome

3
vault.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
ansible-vault encrypt_string --vault-password-file vault-password.txt --stdin-name $1