From 6948b9baa843860bf51501617b2c918a2084ee46 Mon Sep 17 00:00:00 2001 From: eric o meehan Date: Mon, 8 Jul 2024 12:26:06 -0400 Subject: [PATCH] v0.0.7 --- inventories/attlocal.yml | 4 + kubernetes_namespaces.yml | 13 ++ kubernetes_test.yml | 57 +---- latitude-7230.yml | 3 + roles/ericomeehan.ericomeehan/README.md | 38 ++++ .../ericomeehan.ericomeehan/defaults/main.yml | 2 + roles/ericomeehan.ericomeehan/files/gitconfig | 5 + roles/ericomeehan.ericomeehan/files/init.lua | 12 ++ .../files/prompt_eric_setup | 119 +++++++++++ roles/ericomeehan.ericomeehan/files/tmux.conf | 6 + roles/ericomeehan.ericomeehan/files/zshrc | 43 ++++ .../ericomeehan.ericomeehan/handlers/main.yml | 2 + roles/ericomeehan.ericomeehan/meta/main.yml | 52 +++++ roles/ericomeehan.ericomeehan/tasks/main.yml | 27 +++ .../tasks/mobile-command.yml | 41 ++++ roles/ericomeehan.ericomeehan/tests/inventory | 2 + roles/ericomeehan.ericomeehan/tests/test.yml | 5 + roles/ericomeehan.ericomeehan/vars/main.yml | 2 + roles/ericomeehan.minecraft.eom.dev/README.md | 38 ++++ .../defaults/main.yml | 2 + .../files/server.properties | 59 ++++++ .../files/whitelist.json | 27 +++ .../handlers/main.yml | 2 + .../meta/main.yml | 52 +++++ .../tasks/main.yml | 106 ++++++++++ .../tests/inventory | 2 + .../tests/test.yml | 5 + .../vars/main.yml | 2 + .../defaults/main.yml | 1 + .../tasks/main.yml | 12 +- roles/ericomeehan.openldap.eom.dev/README.md | 38 ++++ .../defaults/main.yml | 2 + .../files/allowpwchange.ldif | 6 + .../files/base.ldif | 26 +++ .../files/service_accounts.ldif | 5 + .../handlers/main.yml | 2 + .../meta/main.yml | 52 +++++ .../tasks/main.yml | 196 ++++++++++++++++++ .../templates/config.ldif.j2 | 45 ++++ .../templates/eric.ldif.j2 | 23 ++ .../templates/reader.ldif.j2 | 12 ++ .../tests/inventory | 2 + .../tests/test.yml | 5 + .../vars/main.yml | 2 + site.yml | 57 +++-- vars/all.yml | 6 + vars/production.yml | 1 + 47 files changed, 1142 insertions(+), 79 deletions(-) create mode 100644 kubernetes_namespaces.yml create mode 100644 latitude-7230.yml create mode 100644 roles/ericomeehan.ericomeehan/README.md create mode 100644 roles/ericomeehan.ericomeehan/defaults/main.yml create mode 100644 roles/ericomeehan.ericomeehan/files/gitconfig create mode 100644 roles/ericomeehan.ericomeehan/files/init.lua create mode 100644 roles/ericomeehan.ericomeehan/files/prompt_eric_setup create mode 100644 roles/ericomeehan.ericomeehan/files/tmux.conf create mode 100644 roles/ericomeehan.ericomeehan/files/zshrc create mode 100644 roles/ericomeehan.ericomeehan/handlers/main.yml create mode 100644 roles/ericomeehan.ericomeehan/meta/main.yml create mode 100644 roles/ericomeehan.ericomeehan/tasks/main.yml create mode 100644 roles/ericomeehan.ericomeehan/tasks/mobile-command.yml create mode 100644 roles/ericomeehan.ericomeehan/tests/inventory create mode 100644 roles/ericomeehan.ericomeehan/tests/test.yml create mode 100644 roles/ericomeehan.ericomeehan/vars/main.yml create mode 100644 roles/ericomeehan.minecraft.eom.dev/README.md create mode 100644 roles/ericomeehan.minecraft.eom.dev/defaults/main.yml create mode 100644 roles/ericomeehan.minecraft.eom.dev/files/server.properties create mode 100644 roles/ericomeehan.minecraft.eom.dev/files/whitelist.json create mode 100644 roles/ericomeehan.minecraft.eom.dev/handlers/main.yml create mode 100644 roles/ericomeehan.minecraft.eom.dev/meta/main.yml create mode 100644 roles/ericomeehan.minecraft.eom.dev/tasks/main.yml create mode 100644 roles/ericomeehan.minecraft.eom.dev/tests/inventory create mode 100644 roles/ericomeehan.minecraft.eom.dev/tests/test.yml create mode 100644 roles/ericomeehan.minecraft.eom.dev/vars/main.yml create mode 100644 roles/ericomeehan.openldap.eom.dev/README.md create mode 100644 roles/ericomeehan.openldap.eom.dev/defaults/main.yml create mode 100644 roles/ericomeehan.openldap.eom.dev/files/allowpwchange.ldif create mode 100644 roles/ericomeehan.openldap.eom.dev/files/base.ldif create mode 100644 roles/ericomeehan.openldap.eom.dev/files/service_accounts.ldif create mode 100644 roles/ericomeehan.openldap.eom.dev/handlers/main.yml create mode 100644 roles/ericomeehan.openldap.eom.dev/meta/main.yml create mode 100644 roles/ericomeehan.openldap.eom.dev/tasks/main.yml create mode 100644 roles/ericomeehan.openldap.eom.dev/templates/config.ldif.j2 create mode 100644 roles/ericomeehan.openldap.eom.dev/templates/eric.ldif.j2 create mode 100644 roles/ericomeehan.openldap.eom.dev/templates/reader.ldif.j2 create mode 100644 roles/ericomeehan.openldap.eom.dev/tests/inventory create mode 100644 roles/ericomeehan.openldap.eom.dev/tests/test.yml create mode 100644 roles/ericomeehan.openldap.eom.dev/vars/main.yml create mode 100644 vars/all.yml create mode 100644 vars/production.yml diff --git a/inventories/attlocal.yml b/inventories/attlocal.yml index 60ddbe9..087f8f9 100644 --- a/inventories/attlocal.yml +++ b/inventories/attlocal.yml @@ -13,3 +13,7 @@ all: hosts: alpha-worker-0: ansible-host: 192.168.1.125 + workstations: + hosts: + mobile-command: + ansible-host: localhost diff --git a/kubernetes_namespaces.yml b/kubernetes_namespaces.yml new file mode 100644 index 0000000..42dd001 --- /dev/null +++ b/kubernetes_namespaces.yml @@ -0,0 +1,13 @@ +--- +- name: Deploy production and testing namespaces + hosts: alpha-control-plane + become: true + tasks: + - name: Delete default namespace + k8s: + state: absent + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: default diff --git a/kubernetes_test.yml b/kubernetes_test.yml index 8336261..66f86e8 100644 --- a/kubernetes_test.yml +++ b/kubernetes_test.yml @@ -1,57 +1,6 @@ --- -- name: Minecraft Deployment +- name: Deploy minecraft hosts: alpha-control-plane become: true - tasks: - - - name: Create a Deployment - kubernetes.core.k8s: - definition: - apiVersion: apps/v1 - kind: Deployment - metadata: - name: minecraft-deployment - namespace: default - spec: - replicas: 1 - selector: - matchLabels: - app: minecraft - template: - metadata: - labels: - app: minecraft - spec: - containers: - - name: minecraft-container - image: itzg/minecraft-server - ports: - - containerPort: 24454 - - containerPort: 25565 - env: - - name: EULA - value: "TRUE" - - name: TYPE - value: FABRIC - - name: MODS - value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://cdn.modrinth.com/data/9eGKb6K1/versions/COYWChTc/voicechat-fabric-1.21-2.5.18.jar" - - - name: Expose Deployment as a Service - kubernetes.core.k8s: - definition: - apiVersion: v1 - kind: Service - metadata: - name: minecraft-service - namespace: default - spec: - selector: - app: myapp - ports: - - port: 24454 - protocol: UDP - name: minecraft-port-24454 - - port: 25565 - protocol: TCP - name: minecraft-port-25565 - type: NodePort + roles: + - ericomeehan.gitlab.eom.dev diff --git a/latitude-7230.yml b/latitude-7230.yml new file mode 100644 index 0000000..d170afb --- /dev/null +++ b/latitude-7230.yml @@ -0,0 +1,3 @@ +git +neovim +tmux diff --git a/roles/ericomeehan.ericomeehan/README.md b/roles/ericomeehan.ericomeehan/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/ericomeehan.ericomeehan/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/ericomeehan.ericomeehan/defaults/main.yml b/roles/ericomeehan.ericomeehan/defaults/main.yml new file mode 100644 index 0000000..9368625 --- /dev/null +++ b/roles/ericomeehan.ericomeehan/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for ericomeehan.ericomeehan diff --git a/roles/ericomeehan.ericomeehan/files/gitconfig b/roles/ericomeehan.ericomeehan/files/gitconfig new file mode 100644 index 0000000..3e50819 --- /dev/null +++ b/roles/ericomeehan.ericomeehan/files/gitconfig @@ -0,0 +1,5 @@ +[user] + email = eric@eom.dev + name = eric o meehan +[init] + defaultBranch = main diff --git a/roles/ericomeehan.ericomeehan/files/init.lua b/roles/ericomeehan.ericomeehan/files/init.lua new file mode 100644 index 0000000..fa04223 --- /dev/null +++ b/roles/ericomeehan.ericomeehan/files/init.lua @@ -0,0 +1,12 @@ +vim.cmd([[ + set nowrap + set number + set scrolloff=5 + colorscheme elflord + ]]) + +vim.keymap.set('n', '', '', { silent = true }) +vim.keymap.set('n', '', '', { silent = true }) +vim.keymap.set('n', '', '', { silent = true }) +vim.keymap.set('n', '', '', { silent = true }) + diff --git a/roles/ericomeehan.ericomeehan/files/prompt_eric_setup b/roles/ericomeehan.ericomeehan/files/prompt_eric_setup new file mode 100644 index 0000000..941c3e6 --- /dev/null +++ b/roles/ericomeehan.ericomeehan/files/prompt_eric_setup @@ -0,0 +1,119 @@ +# eric prompt theme + +prompt_eric_help () { + cat <<'EOF' +This prompt is color-scheme-able. You can invoke it thus: + + prompt eric [ 8bit ] [ [ [] []] + +where the colors are for the hyphens, current directory, user@host, +and user input bits respectively. The default colors are cyan, green, +cyan, and white. This theme works best with a dark background. + +If you have either UTF-8 or the `nexus' or `vga' console fonts or similar, +you can specify the `8bit' option to use 8-bit replacements for the +7-bit characters. + +And you probably thought adam1 was overkill ... +EOF +} + +prompt_eric_setup () { + # Some can't be local + setopt localoptions nowarncreateglobal + local prompt_gfx_tlc prompt_gfx_mlc prompt_gfx_blc + + if [[ $1 == '8bit' ]]; then + shift + if [[ ${LC_ALL:-${LC_CTYPE:-$LANG}} = *UTF-8* ]]; then + prompt_gfx_tlc=$'\xe2\x94\x8c' + prompt_gfx_mlc=$'\xe2\x94\x9c' + prompt_gfx_blc=$'\xe2\x94\x94' + prompt_gfx_hyphen=$'\xe2\x94\x80' + else + prompt_gfx_tlc=$'\xda' + prompt_gfx_mlc=$'\xc3' + prompt_gfx_blc=$'\xc0' + prompt_gfx_hyphen=$'\xc4' + fi + else + prompt_gfx_tlc='.' + prompt_gfx_mlc='|' + prompt_gfx_blc='\`' + prompt_gfx_hyphen='-' + fi + + # Colour scheme + prompt_eric_color1=${1:-'white'} # hyphens + prompt_eric_color2=${2:-'cyan'} # current directory + prompt_eric_color3=${3:-'cyan'} # user@host + prompt_eric_color4=${4:-'white'} # user input + + local prompt_gfx_bbox + prompt_gfx_tbox="%B%F{$prompt_eric_color1}${prompt_gfx_tlc}%b%F{$prompt_eric_color1}${prompt_gfx_hyphen}" + prompt_gfx_bbox="%B%F{$prompt_eric_color1}${prompt_gfx_blc}${prompt_gfx_hyphen}%b%F{$prompt_eric_color1}" + + # This is a cute hack. Well I like it, anyway. + prompt_gfx_bbox_to_mbox=$'%{\e[A\r'"%}%B%F{$prompt_eric_color1}${prompt_gfx_mlc}%b%F{$prompt_eric_color1}${prompt_gfx_hyphen}%{"$'\e[B%}' + + prompt_l_paren="%B%F{black}(" + prompt_r_paren="%B%F{black})" + + prompt_user_host="%b%F{$prompt_eric_color3}%n%B%F{$prompt_eric_color3}@%b%F{$prompt_eric_color3}%m %{$fg[cyan]%}[%D{%f/%m/%y} %D{%L:%M:%S}]" + + prompt_line_1a="$prompt_gfx_tbox$prompt_l_paren%B%F{$prompt_eric_color2}%~$prompt_r_paren%b%F{$prompt_eric_color1}" + prompt_line_1b="$prompt_l_paren$prompt_user_host$prompt_r_paren%b%F{$prompt_eric_color1}${prompt_gfx_hyphen}" + + prompt_line_2="$prompt_gfx_bbox${prompt_gfx_hyphen}%B%F{white}" + + prompt_char="%(!.#.>)" + + prompt_opts=(cr subst percent) + + add-zsh-hook precmd prompt_eric_precmd +} + +prompt_eric_precmd() { + setopt localoptions extendedglob noxtrace nowarncreateglobal + local prompt_line_1 + + prompt_eric_choose_prompt + + PS1="$prompt_line_1$prompt_newline$prompt_line_2%B%F{white}$prompt_char %b%f%k" + PS2="$prompt_line_2$prompt_gfx_bbox_to_mbox%B%F{white}-> %b%f%k" + PS3="$prompt_line_2$prompt_gfx_bbox_to_mbox%B%F{white}-> %b%f%k" + zle_highlight[(r)default:*]="default:fg=$prompt_eric_color4,bold" +} + +prompt_eric_choose_prompt () { + local prompt_line_1a_width=${#${(S%%)prompt_line_1a//(\%([KF1]|)\{*\}|\%[Bbkf])}} + local prompt_line_1b_width=${#${(S%%)prompt_line_1b//(\%([KF1]|)\{*\}|\%[Bbkf])}} + + local prompt_padding_size=$(( COLUMNS + - prompt_line_1a_width + - prompt_line_1b_width )) + + # Try to fit in long path and user@host. + if (( prompt_padding_size > 0 )); then + local prompt_padding + eval "prompt_padding=\${(l:${prompt_padding_size}::${prompt_gfx_hyphen}:)_empty_zz}" + prompt_line_1="$prompt_line_1a$prompt_padding$prompt_line_1b" + return + fi + + prompt_padding_size=$(( COLUMNS - prompt_line_1a_width )) + + # Didn't fit; try to fit in just long path. + if (( prompt_padding_size > 0 )); then + local prompt_padding + eval "prompt_padding=\${(l:${prompt_padding_size}::${prompt_gfx_hyphen}:)_empty_zz}" + prompt_line_1="$prompt_line_1a$prompt_padding" + return + fi + + # Still didn't fit; truncate + local prompt_pwd_size=$(( COLUMNS - 5 )) + prompt_line_1="$prompt_gfx_tbox$prompt_l_paren%B%F{$prompt_eric_color2}%$prompt_pwd_size<...<%~%<<$prompt_r_paren%b%F{$prompt_eric_color1}$prompt_gfx_hyphen" +} + +prompt_eric_setup "$@" diff --git a/roles/ericomeehan.ericomeehan/files/tmux.conf b/roles/ericomeehan.ericomeehan/files/tmux.conf new file mode 100644 index 0000000..1250279 --- /dev/null +++ b/roles/ericomeehan.ericomeehan/files/tmux.conf @@ -0,0 +1,6 @@ +bind '"' split-window -c "#{pane_current_path}" +bind '%' split-window -h -c "#{pane_current_path}" + +set-option -g pane-active-border-style fg=black,bg=cyan + +set-option -g status-style fg=black,bg=cyan diff --git a/roles/ericomeehan.ericomeehan/files/zshrc b/roles/ericomeehan.ericomeehan/files/zshrc new file mode 100644 index 0000000..fab027c --- /dev/null +++ b/roles/ericomeehan.ericomeehan/files/zshrc @@ -0,0 +1,43 @@ +# Aliases +alias ls='ls --color=auto' +alias ll='ls -lah --color=auto' +alias grep='grep --color=auto' +export PS2='> ' + +# Keep 5000 lines of history within the shell and save it to ~/.zsh_history: +HISTSIZE=5000 +SAVEHIST=5000 +HISTFILE=~/.zsh_history +setopt histignorealldups sharehistory + +# Set the prompt +autoload -Uz promptinit +promptinit +prompt eric + +# Use modern completion system +autoload -Uz compinit +compinit + +# zplug - manage plugins +source /usr/share/zplug/init.zsh +zplug "plugins/git", from:oh-my-zsh +zplug "plugins/sudo", from:oh-my-zsh +zplug "plugins/command-not-found", from:oh-my-zsh +zplug "zsh-users/zsh-syntax-highlighting" +zplug "zsh-users/zsh-autosuggestions" +zplug "zsh-users/zsh-history-substring-search" +zplug "zsh-users/zsh-completions" + +# zplug - install/load new plugins when zsh is started or reloaded +if ! zplug check; then + printf "Install? [y/N]: " + if read -q; then + echo; zplug install + fi +fi +zplug load + +if [ -x "$(command -v tmux)" ] && [ -n "${DISPLAY}" ] && [ -z "${TMUX}" ]; then + exec tmux new-session -A -s ${USER} >/dev/null 2>&1 +fi diff --git a/roles/ericomeehan.ericomeehan/handlers/main.yml b/roles/ericomeehan.ericomeehan/handlers/main.yml new file mode 100644 index 0000000..677d5f4 --- /dev/null +++ b/roles/ericomeehan.ericomeehan/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for ericomeehan.ericomeehan diff --git a/roles/ericomeehan.ericomeehan/meta/main.yml b/roles/ericomeehan.ericomeehan/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/ericomeehan.ericomeehan/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/ericomeehan.ericomeehan/tasks/main.yml b/roles/ericomeehan.ericomeehan/tasks/main.yml new file mode 100644 index 0000000..5c262ac --- /dev/null +++ b/roles/ericomeehan.ericomeehan/tasks/main.yml @@ -0,0 +1,27 @@ +--- +# tasks file for ericomeehan.ericomeehan +- name: Install user environment packages + apt: + name: + - zplug + - zsh + state: present + +- name: Set default shell to zsh + user: + name: eric + shell: /bin/zsh + +- name: Copy zsh configuration + copy: + src: files/zsrhc + dest: /home/eric/.zsrhc + +- name: Install custom zsh prompt + copy: + src: files/prompt_eric_setup + dest: /usr/share/zsh/functions/Prompts/prompt_eric_setup + +- name: Setup mobile command + include_tasks: mobile-command.yml + when: ansible_host == mobil_command diff --git a/roles/ericomeehan.ericomeehan/tasks/mobile-command.yml b/roles/ericomeehan.ericomeehan/tasks/mobile-command.yml new file mode 100644 index 0000000..b54d423 --- /dev/null +++ b/roles/ericomeehan.ericomeehan/tasks/mobile-command.yml @@ -0,0 +1,41 @@ +--- +# tasks file for mobile-command.yml +- name: Install additional user packages + apt: + name: + - git + - gimp + - gpsd + - neovim + - openscad + - passwordsafe + - tmux + state: present + +- name: Append tmux text to zshrc + become: true + lineinfile: + path: "{{ ansible_user_dir }}/.zshrc" + line: "if [ -x \"$(command -v tmux)\" ] && [ -n \"\${DISPLAY}\" ] && [ -z \"\${TMUX}\" ]; then\n exec tmux new-session -A -s {{ ansible_user }} >/dev/null 2>&1\nfi" + create: true + +- name: Copy tmux configuration + copy: + src: files/tmux.conf + dest: /home/eric/.tmux.conf + +- name: Copy git configuration + copy: + src: files/gitconfig + dest: /home/eric/.gitconfig + +- name: Create local configuration directory + file: + path: /home/eric/.config/nvim + state: directory + +- name: Copy neovim configuration + copy: + src: files/init.lua + dest: /home/eric/.config/nvim/init.lua + diff --git a/roles/ericomeehan.ericomeehan/tests/inventory b/roles/ericomeehan.ericomeehan/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/ericomeehan.ericomeehan/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/ericomeehan.ericomeehan/tests/test.yml b/roles/ericomeehan.ericomeehan/tests/test.yml new file mode 100644 index 0000000..e42bc80 --- /dev/null +++ b/roles/ericomeehan.ericomeehan/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ericomeehan.ericomeehan diff --git a/roles/ericomeehan.ericomeehan/vars/main.yml b/roles/ericomeehan.ericomeehan/vars/main.yml new file mode 100644 index 0000000..6a2236c --- /dev/null +++ b/roles/ericomeehan.ericomeehan/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ericomeehan.ericomeehan diff --git a/roles/ericomeehan.minecraft.eom.dev/README.md b/roles/ericomeehan.minecraft.eom.dev/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/ericomeehan.minecraft.eom.dev/defaults/main.yml b/roles/ericomeehan.minecraft.eom.dev/defaults/main.yml new file mode 100644 index 0000000..abd0745 --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for ericomeehan.minecraft.eom.dev diff --git a/roles/ericomeehan.minecraft.eom.dev/files/server.properties b/roles/ericomeehan.minecraft.eom.dev/files/server.properties new file mode 100644 index 0000000..8a904f8 --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/files/server.properties @@ -0,0 +1,59 @@ +#Minecraft server properties +#Mon May 27 13:39:37 UTC 2024 +allow-flight=false +allow-nether=true +broadcast-console-to-ops=true +broadcast-rcon-to-ops=true +difficulty=hard +enable-command-block=true +enable-jmx-monitoring=false +enable-query=false +enable-rcon=false +enable-status=true +enforce-secure-profile=true +enforce-whitelist=true +entity-broadcast-range-percentage=100 +force-gamemode=false +function-permission-level=2 +gamemode=survival +generate-structures=true +generator-settings={} +hardcore=false +hide-online-players=false +initial-disabled-packs= +initial-enabled-packs=vanilla +level-name=Gondwana +level-seed=-5079912890610012924 +level-type=minecraft\:large_biomes +log-ips=true +max-chained-neighbor-updates=1000000 +max-players=20 +max-tick-time=60000 +max-world-size=29999984 +motd=A Minecraft server by eom.dev +network-compression-threshold=256 +online-mode=true +op-permission-level=4 +player-idle-timeout=0 +prevent-proxy-connections=false +pvp=true +query.port=25565 +rate-limit=0 +rcon.password= +rcon.port=25575 +require-resource-pack=false +resource-pack= +resource-pack-prompt= +resource-pack-sha1= +server-ip= +server-port=25565 +simulation-distance=10 +spawn-animals=true +spawn-monsters=true +spawn-npcs=true +spawn-protection=16 +sync-chunk-writes=true +text-filtering-config= +use-native-transport=true +view-distance=10 +white-list=true diff --git a/roles/ericomeehan.minecraft.eom.dev/files/whitelist.json b/roles/ericomeehan.minecraft.eom.dev/files/whitelist.json new file mode 100644 index 0000000..a395217 --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/files/whitelist.json @@ -0,0 +1,27 @@ +[ + { + "uuid": "94e6d0fc-bd44-4f50-ae67-cb9a7b3a4050", + "name": "TopHatRick" + }, + { + "uuid": "8f2a59e5-84ef-46a2-8eec-7988171e6e1f", + "name": "PVitamin" + }, + { + "uuid": "a7b53bb0-ed66-4129-9c41-d8b51d383978", + "name": "BloodRavenGhola" + }, + { + "uuid": "01188fed-cb2a-4fb7-b9a3-c43132bb8a30", + "name": "ThisNurseKills" + }, + { + "uuid": "29ace271-a0b8-44be-aa73-61826da768aa", + "name": "ActuallyItsLars" + }, + { + "uuid": "adac3ea5-bdd8-44d5-bc26-bf0e5f7790bf", + "name": "thegreatyamwar" + } +] + diff --git a/roles/ericomeehan.minecraft.eom.dev/handlers/main.yml b/roles/ericomeehan.minecraft.eom.dev/handlers/main.yml new file mode 100644 index 0000000..019ca4f --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for ericomeehan.minecraft.eom.dev diff --git a/roles/ericomeehan.minecraft.eom.dev/meta/main.yml b/roles/ericomeehan.minecraft.eom.dev/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/ericomeehan.minecraft.eom.dev/tasks/main.yml b/roles/ericomeehan.minecraft.eom.dev/tasks/main.yml new file mode 100644 index 0000000..c75f710 --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/tasks/main.yml @@ -0,0 +1,106 @@ +--- +# tasks file for ericomeehan.minecraft.eom.dev +- name: Create persistent volume for minecraft + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolume + metadata: + name: minecraft-pv + spec: + capacity: + storage: 16Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: standard + hostPath: + path: /mnt/data/minecraft-pv + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - alpha-worker-0 + +- name: Create persistent volume claim for minecraft volume + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: minecraft-pv-claim + namespace: {{ namespace }} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 16Gi + storageClassName: standard + volumeName: minecraft-pv + +- name: Create a Deployment + k8s: + definition: + apiVersion: apps/v1 + kind: Deployment + metadata: + name: minecraft-deployment + namespace: {{ namespace }} + spec: + replicas: 1 + selector: + matchLabels: + app: minecraft + template: + metadata: + labels: + app: minecraft + spec: + containers: + - name: openminecraft + image: itzg/minecraft-server + volumeMounts: + - name: minecraft-pv + mountPath: /data + ports: + - containerPort: 25565 + - containerPort: 24454 + env: + - name: EULA + value: "TRUE" + - name: TYPE + value: "FABRIC" + - name: MODS + value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://www.curseforge.com/api/v1/mods/306612/files/5510851/download,https://www.curseforge.com/api/v1/mods/416089/files/5500955/download" + volumes: + - name: minecraft-pv + persistentVolumeClaim: + claimName: minecraft-pv-claim + +- name: Expose Deployment as a Service + k8s: + definition: + apiVersion: v1 + kind: Service + metadata: + name: minecraft-service + namespace: {{ namespace }} + spec: + selector: + app: minecraft + ports: + - port: 24454 + protocol: TCP + name: minecraft-port-24454 + nodePort: {{ nodePorts[minecraft-port-24454] }} + - port: 25565 + protocol: TCP + name: minecraft-port-25565 + nodePort: {{ nodePorts[minecraft-port-25565] }} + type: NodePort diff --git a/roles/ericomeehan.minecraft.eom.dev/tests/inventory b/roles/ericomeehan.minecraft.eom.dev/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/ericomeehan.minecraft.eom.dev/tests/test.yml b/roles/ericomeehan.minecraft.eom.dev/tests/test.yml new file mode 100644 index 0000000..30cc88a --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ericomeehan.minecraft.eom.dev diff --git a/roles/ericomeehan.minecraft.eom.dev/vars/main.yml b/roles/ericomeehan.minecraft.eom.dev/vars/main.yml new file mode 100644 index 0000000..27e60e7 --- /dev/null +++ b/roles/ericomeehan.minecraft.eom.dev/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ericomeehan.minecraft.eom.dev diff --git a/roles/ericomeehan.nvidia_driver_debian/defaults/main.yml b/roles/ericomeehan.nvidia_driver_debian/defaults/main.yml index d2c3147..87ce59b 100644 --- a/roles/ericomeehan.nvidia_driver_debian/defaults/main.yml +++ b/roles/ericomeehan.nvidia_driver_debian/defaults/main.yml @@ -1,2 +1,3 @@ --- # defaults file for ericomeehan.nvidia_driver_debian +nvidia_driver_skip_reboot: false diff --git a/roles/ericomeehan.nvidia_driver_debian/tasks/main.yml b/roles/ericomeehan.nvidia_driver_debian/tasks/main.yml index 6844dd5..3979ece 100644 --- a/roles/ericomeehan.nvidia_driver_debian/tasks/main.yml +++ b/roles/ericomeehan.nvidia_driver_debian/tasks/main.yml @@ -10,7 +10,6 @@ become: yes apt: update_cache: yes - when: nvidia == true - name: Install Linux headers apt: @@ -25,11 +24,8 @@ - firmware-misc-nonfree - nvidia-cuda-dev - nvidia-cuda-toolkit + register: install_driver -- name: Rebooting the system - ansible.builtin.reboot: - -- name: Wait for SSH connection - ansible.builtin.wait_for_connection: - timeout: 300 - +- name: Reboot after driver install + reboot: + when: install_driver.changed and not nvidia_driver_skip_reboot diff --git a/roles/ericomeehan.openldap.eom.dev/README.md b/roles/ericomeehan.openldap.eom.dev/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/ericomeehan.openldap.eom.dev/defaults/main.yml b/roles/ericomeehan.openldap.eom.dev/defaults/main.yml new file mode 100644 index 0000000..21add69 --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for ericomeehan.openldap.eom.dev diff --git a/roles/ericomeehan.openldap.eom.dev/files/allowpwchange.ldif b/roles/ericomeehan.openldap.eom.dev/files/allowpwchange.ldif new file mode 100644 index 0000000..be98c91 --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/files/allowpwchange.ldif @@ -0,0 +1,6 @@ +dn: olcDatabase={1}mdb,cn=config +changetype: modify +replace: olcAccess +olcAccess: {0}to attrs=cn,givenName,sn,userPassword,shadowLastChange,mail,loginShell,photo by self write by anonymous auth by dn.base="cn=Manager,dc=eom,dc=dev" write by * none +olcAccess: {1}to * by self read by dn.base="cn=Manager,dc=eom,dc=dev" write by * read +olcAccess: {2}to * by dn.base="uid=reader,ou=service accounts,dc=eom,dc=dev" read diff --git a/roles/ericomeehan.openldap.eom.dev/files/base.ldif b/roles/ericomeehan.openldap.eom.dev/files/base.ldif new file mode 100644 index 0000000..f7afc3b --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/files/base.ldif @@ -0,0 +1,26 @@ +# eom.dev +dn: dc=eom,dc=dev +dc: eom +o: eom.dev +objectClass: dcObject +objectClass: organization + +# administrator, eom.dev +dn: cn=administrator,dc=eom,dc=dev +cn: administrator +description: LDAP administrator +objectClass: organizationalRole +objectClass: top +roleOccupant: dc=eom,dc=dev + +# people, eom.dev +dn: ou=people,dc=eom,dc=dev +ou: people +objectClass: top +objectClass: organizationalUnit + +# groups, eom.dev +dn: ou=group,dc=eom,dc=dev +ou: group +objectClass: top +objectClass: organizationalUnit diff --git a/roles/ericomeehan.openldap.eom.dev/files/service_accounts.ldif b/roles/ericomeehan.openldap.eom.dev/files/service_accounts.ldif new file mode 100644 index 0000000..44104be --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/files/service_accounts.ldif @@ -0,0 +1,5 @@ +# Service Accounts, eom.dev +dn: ou=service account,dc=eom,dc=dev +ou: service account +objectClass: top +objectClass: organizationalUnit diff --git a/roles/ericomeehan.openldap.eom.dev/handlers/main.yml b/roles/ericomeehan.openldap.eom.dev/handlers/main.yml new file mode 100644 index 0000000..6d77bfd --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for ericomeehan.openldap.eom.dev diff --git a/roles/ericomeehan.openldap.eom.dev/meta/main.yml b/roles/ericomeehan.openldap.eom.dev/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/ericomeehan.openldap.eom.dev/tasks/main.yml b/roles/ericomeehan.openldap.eom.dev/tasks/main.yml new file mode 100644 index 0000000..74a5bc4 --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/tasks/main.yml @@ -0,0 +1,196 @@ +--- +# tasks file for ericomeehan.openldap.eom.dev +- name: Deploy openldap network services + hosts: alpha-control-plane + become: true + tasks: + + - name: Create persistent volume for openldap database files + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolume + metadata: + name: openldap-db-pv + spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: standard + hostPath: + path: /mnt/data/openldap-db-pv + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - alpha-worker-0 + + - name: Create persistent volume for openldap configurations + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolume + metadata: + name: openldap-conf-pv + spec: + capacity: + storage: 1Gi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: standard + hostPath: + path: /mnt/data/openldap-conf-pv + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - alpha-worker-0 + + - name: Create persistent volume claim for openldap database volume + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: openldap-db-pv-claim + namespace: {{ namespace }} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: standard + volumeName: openldap-db-pv + + - name: Create persistent volume claim for openldap configuration volume + k8s: + state: present + definition: + apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: openldap-conf-pv-claim + namespace: {{ namespace }} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: standard + volumeName: openldap-conf-pv + + # TODO: get ldap database from previous network + - name: Copy ldap database to persistent volume + copy: + src: files/slapd + dest: /data/openldap-db-pv/slapd + + - name: Copy base.ldif to persistent volume + copy: + src: files/base.ldif + dest: /data/openldap-conf-pv/base.ldif + + - name: Copy allowpwchagne.ldif to persistent volume + copy: + src: files/allowpwchagne.ldif + dest: /data/openldap-conf-pv/allowpwchagne.ldif + + - name: Copy service_accounts.ldif to persistent volume + copy: + src: files/service_accounts.ldif + dest: /data/openldap-conf-pv/service_accounts.ldif + + - name: Copy config.ldif template to the persistent volumes + template: + src: files/config.ldiff.j2 + dest: /data/openldap-conf-pv/config.ldiff + + - name: Copy eric.ldif template to the persistent volumes + template: + src: files/eric.ldiff.j2 + dest: /data/openldap-conf-pv/eric.ldiff + + - name: Copy reader.ldif template to the persistent volumes + template: + src: files/reader.ldiff.j2 + dest: /data/openldap-conf-pv/reader.ldiff + + - name: Create a deployment + k8s: + definition: + apiVersion: apps/v1 + kind: Deployment + metadata: + name: openldap-deployment + namespace: {{ namespace }} + spec: + replicas: 1 + selector: + matchLabels: + app: openldap + template: + metadata: + labels: + app: openldap + spec: + containers: + - name: openopenldap + image: osixia/openldap:1.5.0 + volumeMounts: + - name: openldap-db-pv + mountPath: /var/lib/openldap + - name: openldap-conf-pv + mountPath: /etc/openldap/slapd.d + ports: + - containerPort: 389 + - containerPort: 636 + env: + - name: LDAP_ORGANIZATION + value: "EOM" + - name: LDAP_DOMAIN + value: "eom.dev" + - name: LDAP_ADMIN_PASSWORD + value: "{{ slappasswd }}" + volumes: + - name: openldap-db-pv + persistentVolumeClaim: + claimName: openldap-db-pv-claim + - name: openldap-conf-pv + persistentVolumeClaim: + claimName: openldap-conf-claim + + - name: Expose deployment as a service + k8s: + definition: + apiVersion: v1 + kind: Service + metadata: + name: openldap-service + namespace: {{ namespace }} + spec: + selector: + app: openldap + ports: + - port: 389 + protocol: TCP + name: openldap-port-389 + nodePort: {{ nodePorts[openldap-port-389] }} + - port: 636 + protocol: TCP + name: openldap-port-636 + nodePort: {{ nodePorts[openldap-port-636] }} + type: NodePort diff --git a/roles/ericomeehan.openldap.eom.dev/templates/config.ldif.j2 b/roles/ericomeehan.openldap.eom.dev/templates/config.ldif.j2 new file mode 100644 index 0000000..4a6f4ba --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/templates/config.ldif.j2 @@ -0,0 +1,45 @@ +# The root config entry +dn: cn=config +objectClass: olcGlobal +cn: config +olcArgsFile: /run/openldap/slapd.args +olcPidFile: /run/openldap/slapd.pid + +# Schemas +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +# TODO: Include further schemas as necessary +include: file:///etc/openldap/schema/core.ldif + +# The config database +dn: olcDatabase=config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: config +olcRootDN: cn=administrator,dc=eom,dc=dev + +# The database for our entries +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDatabase: mdb +olcSuffix: dc=eom,dc=dev +olcRootDN: cn=administrator,dc=eom,dc=dev +olcRootPW: {{ slappasswd }} +olcDbDirectory: /var/lib/openldap/openldap-data +# TODO: Create further indexes +olcDbIndex: objectClass eq +olcDbIndex: uid pres,eq +olcDbIndex: mail pres,sub,eq +olcDbIndex: cn,sn pres,sub,eq +olcDbIndex: dc eq + +# Additional schemas +# RFC1274: Cosine and Internet X.500 schema +include: file:///etc/openldap/schema/cosine.ldif +# RFC2307: An Approach for Using LDAP as a Network Information Service +# Check RFC2307bis for nested groups and an auxiliary posixGroup objectClass (way easier) +include: file:///etc/openldap/schema/nis.ldif +# RFC2798: Internet Organizational Person +include: file:///etc/openldap/schema/inetorgperson.ldif diff --git a/roles/ericomeehan.openldap.eom.dev/templates/eric.ldif.j2 b/roles/ericomeehan.openldap.eom.dev/templates/eric.ldif.j2 new file mode 100644 index 0000000..4e74e4d --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/templates/eric.ldif.j2 @@ -0,0 +1,23 @@ +dn: uid=eric,ou=people,dc=eom,dc=dev +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +uid: eric +cn: Eric Meehan +sn: Meehan +givenName: Eric +title: CEO +telephoneNumber: +1 919 771 5140 +mobile: +1 919 771 5140 +mail: eric@eom.dev +postalAddress: 2101 Lakeside Lofts Circle$Unit 2429$Cary N.C., 27513 +userPassword: {{ eric_password }} +labeledURI: https://www.eom.dev/ +loginShell: /bin/zsh +uidNumber: 1000 +gidNumber: 1000 +homeDirectory: /home/eric/ +description: Owner and architect of eom.dev diff --git a/roles/ericomeehan.openldap.eom.dev/templates/reader.ldif.j2 b/roles/ericomeehan.openldap.eom.dev/templates/reader.ldif.j2 new file mode 100644 index 0000000..6893227 --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/templates/reader.ldif.j2 @@ -0,0 +1,12 @@ +dn: uid=reader,ou=service account,dc=eom,dc=dev +objectClass: top +objectClass: organizationalPerson +objectClass: posixAccount +objectClass: shadowAccount +uid: reader +userPassword: {{ reader_password }} +loginShell: /bin/bash +uidNumber: 1500 +gidNumber: 1500 +homeDirectory: /home/reader/ +description: Service account for reading the ldap tree diff --git a/roles/ericomeehan.openldap.eom.dev/tests/inventory b/roles/ericomeehan.openldap.eom.dev/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/ericomeehan.openldap.eom.dev/tests/test.yml b/roles/ericomeehan.openldap.eom.dev/tests/test.yml new file mode 100644 index 0000000..f3611ec --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ericomeehan.openldap.eom.dev diff --git a/roles/ericomeehan.openldap.eom.dev/vars/main.yml b/roles/ericomeehan.openldap.eom.dev/vars/main.yml new file mode 100644 index 0000000..0041634 --- /dev/null +++ b/roles/ericomeehan.openldap.eom.dev/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ericomeehan.openldap.eom.dev diff --git a/site.yml b/site.yml index 0fd0332..3bcb82e 100644 --- a/site.yml +++ b/site.yml @@ -3,40 +3,38 @@ - name: Initialize systems hosts: all become: true - tasks: + pre_tasks: - name: Install debconf-utils apt: name: debconf-utils state: present - - name: Check if /root/preseed.txt exists stat: path: /root/preseed.txt register: preseed_file - - name: Create preseed file command: echo "#_preseed_V1" > /root/preseed.txt when: not preseed_file.stat.exists - - - name: Append installer's debconf database to the file + - name: Append installer's debconf database to the preseed file command: debconf-get-selections --installer >> /root/preseed.txt when: not preseed_file.stat.exists - - - name: Append debconf database to the file + - name: Append debconf database to the preseed file command: debconf-get-selections >> /root/preseed.txt when: not preseed_file.stat.exists - - name: Copy nftables configuration template template: src: "nftables.conf.j2" dest: /etc/nftables.conf - - name: Enable nftables service: name: nftables state: started enabled: true + roles: + - role: ericomeehan.ericomeehan +# TODO: prepare raid array during os installation +# TODO: install helm on control plane - name: Prepare cluster environments hosts: clusters become: true @@ -46,32 +44,57 @@ path: /etc/sysctl.conf line: 'net.ipv4.ip_forward = 1' state: present - - name: Update sysctl configuration to enable IPv6 packet forwarding lineinfile: path: /etc/sysctl.conf line: 'net.ipv6.conf.all.forwarding = 1' state: present - - name: Reload sysctl configuration command: sysctl --system - - name: Enable br_netfilter kernel module command: modprobe br_netfilter - - name: Add the module to a configuration file for persistence lineinfile: path: /etc/modules-load.d/modules.conf line: "br_netfilter" - - name: Install kubernetes library apt: name: python3-kubernetes state: present - roles: - role: geerlingguy.containerd - role: geerlingguy.kubernetes - role: ericomeehan.nvidia_driver_debian - when: - - nvidia == true + when: nvidia == true + tasks: + - name: Create production namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: production + when: kubernetes_role == control_plane + - name: Create testing namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: testing + when: kubernetes_role == control_plane + +- name: Deploy core network services + hosts: alpha-control-plane + become: true + roles: + - role: ericomeehan.openldap.eom.dev + - role: ericomeehan.openvpn-server.eom.dev + - role: ericomeehan.mariadb.eom.dev + - role: ericomeehan.influxdb.eom.dev + - role: ericomeehan.telegraf.eom.dev + - role: ericomeehan.grafana.eom.dev + - role: ericomeehan.mediawiki.eom.dev + - role: ericomeehan.gitlab.eom.dev diff --git a/vars/all.yml b/vars/all.yml new file mode 100644 index 0000000..d133d00 --- /dev/null +++ b/vars/all.yml @@ -0,0 +1,6 @@ +nodePorts: + #range: 30000-32767 + openldap-port-389: 30389 + openldap-port-636: 30636 + minecraft-port-24454: 32454 + minecraft-port-25565: 32565 diff --git a/vars/production.yml b/vars/production.yml new file mode 100644 index 0000000..600bcc0 --- /dev/null +++ b/vars/production.yml @@ -0,0 +1 @@ +namespace: production