DevOps/software-infrastructure
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity

v0.0.7

Browse Source
This commit is contained in:
Eric Meehan 2024-07-08 12:26:06 -04:00
parent b78e8e4242
commit 6948b9baa8
47 changed files with 1142 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
inventories/attlocal.yml
View File

@ -13,3 +13,7 @@ all:
hosts: hosts:
alpha-worker-0: alpha-worker-0:
ansible-host: 192.168.1.125 ansible-host: 192.168.1.125
workstations:
hosts:
mobile-command:
ansible-host: localhost

13
kubernetes_namespaces.yml Normal file
View File

@ -0,0 +1,13 @@
---
- name: Deploy production and testing namespaces
hosts: alpha-control-plane
become: true
tasks:
- name: Delete default namespace
k8s:
state: absent
definition:
apiVersion: v1
kind: Namespace
metadata:
name: default

57
kubernetes_test.yml
View File

@ -1,57 +1,6 @@
--- ---
- name: Minecraft Deployment - name: Deploy minecraft
hosts: alpha-control-plane hosts: alpha-control-plane
become: true become: true
tasks: roles:
- ericomeehan.gitlab.eom.dev
- name: Create a Deployment
kubernetes.core.k8s:
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: minecraft-deployment
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: minecraft
template:
metadata:
labels:
app: minecraft
spec:
containers:
- name: minecraft-container
image: itzg/minecraft-server
ports:
- containerPort: 24454
- containerPort: 25565
env:
- name: EULA
value: "TRUE"
- name: TYPE
value: FABRIC
- name: MODS
value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://cdn.modrinth.com/data/9eGKb6K1/versions/COYWChTc/voicechat-fabric-1.21-2.5.18.jar"
- name: Expose Deployment as a Service
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: minecraft-service
namespace: default
spec:
selector:
app: myapp
ports:
- port: 24454
protocol: UDP
name: minecraft-port-24454
- port: 25565
protocol: TCP
name: minecraft-port-25565
type: NodePort

3
latitude-7230.yml Normal file
View File

@ -0,0 +1,3 @@
git
neovim
tmux

38
roles/ericomeehan.ericomeehan/README.md Normal file
View File

@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/ericomeehan.ericomeehan/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# defaults file for ericomeehan.ericomeehan

5
roles/ericomeehan.ericomeehan/files/gitconfig Normal file
View File

@ -0,0 +1,5 @@
[user]
email = eric@eom.dev
name = eric o meehan
[init]
defaultBranch = main

12
roles/ericomeehan.ericomeehan/files/init.lua Normal file
View File

@ -0,0 +1,12 @@
vim.cmd([[
set nowrap
set number
set scrolloff=5
colorscheme elflord
]])
vim.keymap.set('n', '<C-Up>', '<C-w><up>', { silent = true })
vim.keymap.set('n', '<C-Down>', '<C-w><down>', { silent = true })
vim.keymap.set('n', '<C-Left>', '<C-w><left>', { silent = true })
vim.keymap.set('n', '<C-Right>', '<C-w><right>', { silent = true })

119
roles/ericomeehan.ericomeehan/files/prompt_eric_setup Normal file
View File

@ -0,0 +1,119 @@
# eric prompt theme
prompt_eric_help () {
cat <<'EOF'
This prompt is color-scheme-able. You can invoke it thus:
prompt eric [ 8bit ] [<color1> [<color2> [<color3>] [<color4>]]
where the colors are for the hyphens, current directory, user@host,
and user input bits respectively. The default colors are cyan, green,
cyan, and white. This theme works best with a dark background.
If you have either UTF-8 or the `nexus' or `vga' console fonts or similar,
you can specify the `8bit' option to use 8-bit replacements for the
7-bit characters.
And you probably thought adam1 was overkill ...
EOF
}
prompt_eric_setup () {
# Some can't be local
setopt localoptions nowarncreateglobal
local prompt_gfx_tlc prompt_gfx_mlc prompt_gfx_blc
if [[ $1 == '8bit' ]]; then
shift
if [[ ${LC_ALL:-${LC_CTYPE:-$LANG}} = *UTF-8* ]]; then
prompt_gfx_tlc=$'\xe2\x94\x8c'
prompt_gfx_mlc=$'\xe2\x94\x9c'
prompt_gfx_blc=$'\xe2\x94\x94'
prompt_gfx_hyphen=$'\xe2\x94\x80'
else
prompt_gfx_tlc=$'\xda'
prompt_gfx_mlc=$'\xc3'
prompt_gfx_blc=$'\xc0'
prompt_gfx_hyphen=$'\xc4'
fi
else
prompt_gfx_tlc='.'
prompt_gfx_mlc='|'
prompt_gfx_blc='\`'
prompt_gfx_hyphen='-'
fi
# Colour scheme
prompt_eric_color1=${1:-'white'} # hyphens
prompt_eric_color2=${2:-'cyan'} # current directory
prompt_eric_color3=${3:-'cyan'} # user@host
prompt_eric_color4=${4:-'white'} # user input
local prompt_gfx_bbox
prompt_gfx_tbox="%B%F{$prompt_eric_color1}${prompt_gfx_tlc}%b%F{$prompt_eric_color1}${prompt_gfx_hyphen}"
prompt_gfx_bbox="%B%F{$prompt_eric_color1}${prompt_gfx_blc}${prompt_gfx_hyphen}%b%F{$prompt_eric_color1}"
# This is a cute hack. Well I like it, anyway.
prompt_gfx_bbox_to_mbox=$'%{\e[A\r'"%}%B%F{$prompt_eric_color1}${prompt_gfx_mlc}%b%F{$prompt_eric_color1}${prompt_gfx_hyphen}%{"$'\e[B%}'
prompt_l_paren="%B%F{black}("
prompt_r_paren="%B%F{black})"
prompt_user_host="%b%F{$prompt_eric_color3}%n%B%F{$prompt_eric_color3}@%b%F{$prompt_eric_color3}%m %{$fg[cyan]%}[%D{%f/%m/%y} %D{%L:%M:%S}]"
prompt_line_1a="$prompt_gfx_tbox$prompt_l_paren%B%F{$prompt_eric_color2}%~$prompt_r_paren%b%F{$prompt_eric_color1}"
prompt_line_1b="$prompt_l_paren$prompt_user_host$prompt_r_paren%b%F{$prompt_eric_color1}${prompt_gfx_hyphen}"
prompt_line_2="$prompt_gfx_bbox${prompt_gfx_hyphen}%B%F{white}"
prompt_char="%(!.#.>)"
prompt_opts=(cr subst percent)
add-zsh-hook precmd prompt_eric_precmd
}
prompt_eric_precmd() {
setopt localoptions extendedglob noxtrace nowarncreateglobal
local prompt_line_1
prompt_eric_choose_prompt
PS1="$prompt_line_1$prompt_newline$prompt_line_2%B%F{white}$prompt_char %b%f%k"
PS2="$prompt_line_2$prompt_gfx_bbox_to_mbox%B%F{white}-> %b%f%k"
PS3="$prompt_line_2$prompt_gfx_bbox_to_mbox%B%F{white}-> %b%f%k"
zle_highlight[(r)default:*]="default:fg=$prompt_eric_color4,bold"
}
prompt_eric_choose_prompt () {
local prompt_line_1a_width=${#${(S%%)prompt_line_1a//(\%([KF1]|)\{*\}|\%[Bbkf])}}
local prompt_line_1b_width=${#${(S%%)prompt_line_1b//(\%([KF1]|)\{*\}|\%[Bbkf])}}
local prompt_padding_size=$(( COLUMNS
- prompt_line_1a_width
- prompt_line_1b_width ))
# Try to fit in long path and user@host.
if (( prompt_padding_size > 0 )); then
local prompt_padding
eval "prompt_padding=\${(l:${prompt_padding_size}::${prompt_gfx_hyphen}:)_empty_zz}"
prompt_line_1="$prompt_line_1a$prompt_padding$prompt_line_1b"
return
fi
prompt_padding_size=$(( COLUMNS - prompt_line_1a_width ))
# Didn't fit; try to fit in just long path.
if (( prompt_padding_size > 0 )); then
local prompt_padding
eval "prompt_padding=\${(l:${prompt_padding_size}::${prompt_gfx_hyphen}:)_empty_zz}"
prompt_line_1="$prompt_line_1a$prompt_padding"
return
fi
# Still didn't fit; truncate
local prompt_pwd_size=$(( COLUMNS - 5 ))
prompt_line_1="$prompt_gfx_tbox$prompt_l_paren%B%F{$prompt_eric_color2}%$prompt_pwd_size<...<%~%<<$prompt_r_paren%b%F{$prompt_eric_color1}$prompt_gfx_hyphen"
}
prompt_eric_setup "$@"

6
roles/ericomeehan.ericomeehan/files/tmux.conf Normal file
View File

@ -0,0 +1,6 @@
bind '"' split-window -c "#{pane_current_path}"
bind '%' split-window -h -c "#{pane_current_path}"
set-option -g pane-active-border-style fg=black,bg=cyan
set-option -g status-style fg=black,bg=cyan

43
roles/ericomeehan.ericomeehan/files/zshrc Normal file
View File

@ -0,0 +1,43 @@
# Aliases
alias ls='ls --color=auto'
alias ll='ls -lah --color=auto'
alias grep='grep --color=auto'
export PS2='> '
# Keep 5000 lines of history within the shell and save it to ~/.zsh_history:
HISTSIZE=5000
SAVEHIST=5000
HISTFILE=~/.zsh_history
setopt histignorealldups sharehistory
# Set the prompt
autoload -Uz promptinit
promptinit
prompt eric
# Use modern completion system
autoload -Uz compinit
compinit
# zplug - manage plugins
source /usr/share/zplug/init.zsh
zplug "plugins/git", from:oh-my-zsh
zplug "plugins/sudo", from:oh-my-zsh
zplug "plugins/command-not-found", from:oh-my-zsh
zplug "zsh-users/zsh-syntax-highlighting"
zplug "zsh-users/zsh-autosuggestions"
zplug "zsh-users/zsh-history-substring-search"
zplug "zsh-users/zsh-completions"
# zplug - install/load new plugins when zsh is started or reloaded
if ! zplug check; then
printf "Install? [y/N]: "
if read -q; then
echo; zplug install
fi
fi
zplug load
if [ -x "$(command -v tmux)" ] && [ -n "${DISPLAY}" ] && [ -z "${TMUX}" ]; then
exec tmux new-session -A -s ${USER} >/dev/null 2>&1
fi

2
roles/ericomeehan.ericomeehan/handlers/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# handlers file for ericomeehan.ericomeehan

52
roles/ericomeehan.ericomeehan/meta/main.yml Normal file
View File

@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

27
roles/ericomeehan.ericomeehan/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
# tasks file for ericomeehan.ericomeehan
- name: Install user environment packages
apt:
name:
- zplug
- zsh
state: present
- name: Set default shell to zsh
user:
name: eric
shell: /bin/zsh
- name: Copy zsh configuration
copy:
src: files/zsrhc
dest: /home/eric/.zsrhc
- name: Install custom zsh prompt
copy:
src: files/prompt_eric_setup
dest: /usr/share/zsh/functions/Prompts/prompt_eric_setup
- name: Setup mobile command
include_tasks: mobile-command.yml
when: ansible_host == mobil_command

41
roles/ericomeehan.ericomeehan/tasks/mobile-command.yml Normal file
View File

@ -0,0 +1,41 @@
---
# tasks file for mobile-command.yml
- name: Install additional user packages
apt:
name:
- git
- gimp
- gpsd
- neovim
- openscad
- passwordsafe
- tmux
state: present
- name: Append tmux text to zshrc
become: true
lineinfile:
path: "{{ ansible_user_dir }}/.zshrc"
line: "if [ -x \"$(command -v tmux)\" ] && [ -n \"\${DISPLAY}\" ] && [ -z \"\${TMUX}\" ]; then\n exec tmux new-session -A -s {{ ansible_user }} >/dev/null 2>&1\nfi"
create: true
- name: Copy tmux configuration
copy:
src: files/tmux.conf
dest: /home/eric/.tmux.conf
- name: Copy git configuration
copy:
src: files/gitconfig
dest: /home/eric/.gitconfig
- name: Create local configuration directory
file:
path: /home/eric/.config/nvim
state: directory
- name: Copy neovim configuration
copy:
src: files/init.lua
dest: /home/eric/.config/nvim/init.lua

2
roles/ericomeehan.ericomeehan/tests/inventory Normal file
View File

@ -0,0 +1,2 @@
localhost

5
roles/ericomeehan.ericomeehan/tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- ericomeehan.ericomeehan

2
roles/ericomeehan.ericomeehan/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for ericomeehan.ericomeehan

38
roles/ericomeehan.minecraft.eom.dev/README.md Normal file
View File

@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/ericomeehan.minecraft.eom.dev/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# defaults file for ericomeehan.minecraft.eom.dev

59
roles/ericomeehan.minecraft.eom.dev/files/server.properties Normal file
View File

@ -0,0 +1,59 @@
#Minecraft server properties
#Mon May 27 13:39:37 UTC 2024
allow-flight=false
allow-nether=true
broadcast-console-to-ops=true
broadcast-rcon-to-ops=true
difficulty=hard
enable-command-block=true
enable-jmx-monitoring=false
enable-query=false
enable-rcon=false
enable-status=true
enforce-secure-profile=true
enforce-whitelist=true
entity-broadcast-range-percentage=100
force-gamemode=false
function-permission-level=2
gamemode=survival
generate-structures=true
generator-settings={}
hardcore=false
hide-online-players=false
initial-disabled-packs=
initial-enabled-packs=vanilla
level-name=Gondwana
level-seed=-5079912890610012924
level-type=minecraft\:large_biomes
log-ips=true
max-chained-neighbor-updates=1000000
max-players=20
max-tick-time=60000
max-world-size=29999984
motd=A Minecraft server by eom.dev
network-compression-threshold=256
online-mode=true
op-permission-level=4
player-idle-timeout=0
prevent-proxy-connections=false
pvp=true
query.port=25565
rate-limit=0
rcon.password=
rcon.port=25575
require-resource-pack=false
resource-pack=
resource-pack-prompt=
resource-pack-sha1=
server-ip=
server-port=25565
simulation-distance=10
spawn-animals=true
spawn-monsters=true
spawn-npcs=true
spawn-protection=16
sync-chunk-writes=true
text-filtering-config=
use-native-transport=true
view-distance=10
white-list=true

27
roles/ericomeehan.minecraft.eom.dev/files/whitelist.json Normal file
View File

@ -0,0 +1,27 @@
[
{
"uuid": "94e6d0fc-bd44-4f50-ae67-cb9a7b3a4050",
"name": "TopHatRick"
},
{
"uuid": "8f2a59e5-84ef-46a2-8eec-7988171e6e1f",
"name": "PVitamin"
},
{
"uuid": "a7b53bb0-ed66-4129-9c41-d8b51d383978",
"name": "BloodRavenGhola"
},
{
"uuid": "01188fed-cb2a-4fb7-b9a3-c43132bb8a30",
"name": "ThisNurseKills"
},
{
"uuid": "29ace271-a0b8-44be-aa73-61826da768aa",
"name": "ActuallyItsLars"
},
{
"uuid": "adac3ea5-bdd8-44d5-bc26-bf0e5f7790bf",
"name": "thegreatyamwar"
}
]

2
roles/ericomeehan.minecraft.eom.dev/handlers/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# handlers file for ericomeehan.minecraft.eom.dev

52
roles/ericomeehan.minecraft.eom.dev/meta/main.yml Normal file
View File

@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

106
roles/ericomeehan.minecraft.eom.dev/tasks/main.yml Normal file
View File

@ -0,0 +1,106 @@
---
# tasks file for ericomeehan.minecraft.eom.dev
- name: Create persistent volume for minecraft
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: minecraft-pv
spec:
capacity:
storage: 16Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: /mnt/data/minecraft-pv
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- alpha-worker-0
- name: Create persistent volume claim for minecraft volume
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minecraft-pv-claim
namespace: {{ namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 16Gi
storageClassName: standard
volumeName: minecraft-pv
- name: Create a Deployment
k8s:
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: minecraft-deployment
namespace: {{ namespace }}
spec:
replicas: 1
selector:
matchLabels:
app: minecraft
template:
metadata:
labels:
app: minecraft
spec:
containers:
- name: openminecraft
image: itzg/minecraft-server
volumeMounts:
- name: minecraft-pv
mountPath: /data
ports:
- containerPort: 25565
- containerPort: 24454
env:
- name: EULA
value: "TRUE"
- name: TYPE
value: "FABRIC"
- name: MODS
value: "https://download.geysermc.org/v2/projects/geyser/versions/latest/builds/latest/downloads/fabric,https://cdn.modrinth.com/data/bWrNNfkb/versions/D4KXqjtC/Floodgate-Fabric-2.2.3-SNAPSHOT%2Bbuild.28.jar,https://www.curseforge.com/api/v1/mods/306612/files/5510851/download,https://www.curseforge.com/api/v1/mods/416089/files/5500955/download"
volumes:
- name: minecraft-pv
persistentVolumeClaim:
claimName: minecraft-pv-claim
- name: Expose Deployment as a Service
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: minecraft-service
namespace: {{ namespace }}
spec:
selector:
app: minecraft
ports:
- port: 24454
protocol: TCP
name: minecraft-port-24454
nodePort: {{ nodePorts[minecraft-port-24454] }}
- port: 25565
protocol: TCP
name: minecraft-port-25565
nodePort: {{ nodePorts[minecraft-port-25565] }}
type: NodePort

2
roles/ericomeehan.minecraft.eom.dev/tests/inventory Normal file
View File

@ -0,0 +1,2 @@
localhost

5
roles/ericomeehan.minecraft.eom.dev/tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- ericomeehan.minecraft.eom.dev

2
roles/ericomeehan.minecraft.eom.dev/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for ericomeehan.minecraft.eom.dev

1
roles/ericomeehan.nvidia_driver_debian/defaults/main.yml
View File

@ -1,2 +1,3 @@
--- ---
# defaults file for ericomeehan.nvidia_driver_debian # defaults file for ericomeehan.nvidia_driver_debian
nvidia_driver_skip_reboot: false

12
roles/ericomeehan.nvidia_driver_debian/tasks/main.yml
View File

@ -10,7 +10,6 @@
become: yes become: yes
apt: apt:
update_cache: yes update_cache: yes
when: nvidia == true
- name: Install Linux headers - name: Install Linux headers
apt: apt:
@ -25,11 +24,8 @@
- firmware-misc-nonfree - firmware-misc-nonfree
- nvidia-cuda-dev - nvidia-cuda-dev
- nvidia-cuda-toolkit - nvidia-cuda-toolkit
register: install_driver
- name: Rebooting the system - name: Reboot after driver install
ansible.builtin.reboot: reboot:
when: install_driver.changed and not nvidia_driver_skip_reboot
- name: Wait for SSH connection
ansible.builtin.wait_for_connection:
timeout: 300

38
roles/ericomeehan.openldap.eom.dev/README.md Normal file
View File

@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

2
roles/ericomeehan.openldap.eom.dev/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# defaults file for ericomeehan.openldap.eom.dev

6
roles/ericomeehan.openldap.eom.dev/files/allowpwchange.ldif Normal file
View File

@ -0,0 +1,6 @@
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=cn,givenName,sn,userPassword,shadowLastChange,mail,loginShell,photo by self write by anonymous auth by dn.base="cn=Manager,dc=eom,dc=dev" write by * none
olcAccess: {1}to * by self read by dn.base="cn=Manager,dc=eom,dc=dev" write by * read
olcAccess: {2}to * by dn.base="uid=reader,ou=service accounts,dc=eom,dc=dev" read

26
roles/ericomeehan.openldap.eom.dev/files/base.ldif Normal file
View File

@ -0,0 +1,26 @@
# eom.dev
dn: dc=eom,dc=dev
dc: eom
o: eom.dev
objectClass: dcObject
objectClass: organization
# administrator, eom.dev
dn: cn=administrator,dc=eom,dc=dev
cn: administrator
description: LDAP administrator
objectClass: organizationalRole
objectClass: top
roleOccupant: dc=eom,dc=dev
# people, eom.dev
dn: ou=people,dc=eom,dc=dev
ou: people
objectClass: top
objectClass: organizationalUnit
# groups, eom.dev
dn: ou=group,dc=eom,dc=dev
ou: group
objectClass: top
objectClass: organizationalUnit

5
roles/ericomeehan.openldap.eom.dev/files/service_accounts.ldif Normal file
View File

@ -0,0 +1,5 @@
# Service Accounts, eom.dev
dn: ou=service account,dc=eom,dc=dev
ou: service account
objectClass: top
objectClass: organizationalUnit

2
roles/ericomeehan.openldap.eom.dev/handlers/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# handlers file for ericomeehan.openldap.eom.dev

52
roles/ericomeehan.openldap.eom.dev/meta/main.yml Normal file
View File

@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

196
roles/ericomeehan.openldap.eom.dev/tasks/main.yml Normal file
View File

@ -0,0 +1,196 @@
---
# tasks file for ericomeehan.openldap.eom.dev
- name: Deploy openldap network services
hosts: alpha-control-plane
become: true
tasks:
- name: Create persistent volume for openldap database files
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: openldap-db-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: /mnt/data/openldap-db-pv
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- alpha-worker-0
- name: Create persistent volume for openldap configurations
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolume
metadata:
name: openldap-conf-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: standard
hostPath:
path: /mnt/data/openldap-conf-pv
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- alpha-worker-0
- name: Create persistent volume claim for openldap database volume
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: openldap-db-pv-claim
namespace: {{ namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: standard
volumeName: openldap-db-pv
- name: Create persistent volume claim for openldap configuration volume
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: openldap-conf-pv-claim
namespace: {{ namespace }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: standard
volumeName: openldap-conf-pv
# TODO: get ldap database from previous network
- name: Copy ldap database to persistent volume
copy:
src: files/slapd
dest: /data/openldap-db-pv/slapd
- name: Copy base.ldif to persistent volume
copy:
src: files/base.ldif
dest: /data/openldap-conf-pv/base.ldif
- name: Copy allowpwchagne.ldif to persistent volume
copy:
src: files/allowpwchagne.ldif
dest: /data/openldap-conf-pv/allowpwchagne.ldif
- name: Copy service_accounts.ldif to persistent volume
copy:
src: files/service_accounts.ldif
dest: /data/openldap-conf-pv/service_accounts.ldif
- name: Copy config.ldif template to the persistent volumes
template:
src: files/config.ldiff.j2
dest: /data/openldap-conf-pv/config.ldiff
- name: Copy eric.ldif template to the persistent volumes
template:
src: files/eric.ldiff.j2
dest: /data/openldap-conf-pv/eric.ldiff
- name: Copy reader.ldif template to the persistent volumes
template:
src: files/reader.ldiff.j2
dest: /data/openldap-conf-pv/reader.ldiff
- name: Create a deployment
k8s:
definition:
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap-deployment
namespace: {{ namespace }}
spec:
replicas: 1
selector:
matchLabels:
app: openldap
template:
metadata:
labels:
app: openldap
spec:
containers:
- name: openopenldap
image: osixia/openldap:1.5.0
volumeMounts:
- name: openldap-db-pv
mountPath: /var/lib/openldap
- name: openldap-conf-pv
mountPath: /etc/openldap/slapd.d
ports:
- containerPort: 389
- containerPort: 636
env:
- name: LDAP_ORGANIZATION
value: "EOM"
- name: LDAP_DOMAIN
value: "eom.dev"
- name: LDAP_ADMIN_PASSWORD
value: "{{ slappasswd }}"
volumes:
- name: openldap-db-pv
persistentVolumeClaim:
claimName: openldap-db-pv-claim
- name: openldap-conf-pv
persistentVolumeClaim:
claimName: openldap-conf-claim
- name: Expose deployment as a service
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: openldap-service
namespace: {{ namespace }}
spec:
selector:
app: openldap
ports:
- port: 389
protocol: TCP
name: openldap-port-389
nodePort: {{ nodePorts[openldap-port-389] }}
- port: 636
protocol: TCP
name: openldap-port-636
nodePort: {{ nodePorts[openldap-port-636] }}
type: NodePort

45
roles/ericomeehan.openldap.eom.dev/templates/config.ldif.j2 Normal file
View File

@ -0,0 +1,45 @@
# The root config entry
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /run/openldap/slapd.args
olcPidFile: /run/openldap/slapd.pid
# Schemas
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
# TODO: Include further schemas as necessary
include: file:///etc/openldap/schema/core.ldif
# The config database
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootDN: cn=administrator,dc=eom,dc=dev
# The database for our entries
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcSuffix: dc=eom,dc=dev
olcRootDN: cn=administrator,dc=eom,dc=dev
olcRootPW: {{ slappasswd }}
olcDbDirectory: /var/lib/openldap/openldap-data
# TODO: Create further indexes
olcDbIndex: objectClass eq
olcDbIndex: uid pres,eq
olcDbIndex: mail pres,sub,eq
olcDbIndex: cn,sn pres,sub,eq
olcDbIndex: dc eq
# Additional schemas
# RFC1274: Cosine and Internet X.500 schema
include: file:///etc/openldap/schema/cosine.ldif
# RFC2307: An Approach for Using LDAP as a Network Information Service
# Check RFC2307bis for nested groups and an auxiliary posixGroup objectClass (way easier)
include: file:///etc/openldap/schema/nis.ldif
# RFC2798: Internet Organizational Person
include: file:///etc/openldap/schema/inetorgperson.ldif

23
roles/ericomeehan.openldap.eom.dev/templates/eric.ldif.j2 Normal file
View File

@ -0,0 +1,23 @@
dn: uid=eric,ou=people,dc=eom,dc=dev
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: eric
cn: Eric Meehan
sn: Meehan
givenName: Eric
title: CEO
telephoneNumber: +1 919 771 5140
mobile: +1 919 771 5140
mail: eric@eom.dev
postalAddress: 2101 Lakeside Lofts Circle$Unit 2429$Cary N.C., 27513
userPassword: {{ eric_password }}
labeledURI: https://www.eom.dev/
loginShell: /bin/zsh
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/eric/
description: Owner and architect of eom.dev

12
roles/ericomeehan.openldap.eom.dev/templates/reader.ldif.j2 Normal file
View File

@ -0,0 +1,12 @@
dn: uid=reader,ou=service account,dc=eom,dc=dev
objectClass: top
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: reader
userPassword: {{ reader_password }}
loginShell: /bin/bash
uidNumber: 1500
gidNumber: 1500
homeDirectory: /home/reader/
description: Service account for reading the ldap tree

2
roles/ericomeehan.openldap.eom.dev/tests/inventory Normal file
View File

@ -0,0 +1,2 @@
localhost

5
roles/ericomeehan.openldap.eom.dev/tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- ericomeehan.openldap.eom.dev

2
roles/ericomeehan.openldap.eom.dev/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for ericomeehan.openldap.eom.dev

57
site.yml
View File

@ -3,40 +3,38 @@
- name: Initialize systems - name: Initialize systems
hosts: all hosts: all
become: true become: true
tasks: pre_tasks:
- name: Install debconf-utils - name: Install debconf-utils
apt: apt:
name: debconf-utils name: debconf-utils
state: present state: present
- name: Check if /root/preseed.txt exists - name: Check if /root/preseed.txt exists
stat: stat:
path: /root/preseed.txt path: /root/preseed.txt
register: preseed_file register: preseed_file
- name: Create preseed file - name: Create preseed file
command: echo "#_preseed_V1" > /root/preseed.txt command: echo "#_preseed_V1" > /root/preseed.txt
when: not preseed_file.stat.exists when: not preseed_file.stat.exists
- name: Append installer's debconf database to the preseed file
- name: Append installer's debconf database to the file
command: debconf-get-selections --installer >> /root/preseed.txt command: debconf-get-selections --installer >> /root/preseed.txt
when: not preseed_file.stat.exists when: not preseed_file.stat.exists
- name: Append debconf database to the preseed file
- name: Append debconf database to the file
command: debconf-get-selections >> /root/preseed.txt command: debconf-get-selections >> /root/preseed.txt
when: not preseed_file.stat.exists when: not preseed_file.stat.exists
- name: Copy nftables configuration template - name: Copy nftables configuration template
template: template:
src: "nftables.conf.j2" src: "nftables.conf.j2"
dest: /etc/nftables.conf dest: /etc/nftables.conf
- name: Enable nftables - name: Enable nftables
service: service:
name: nftables name: nftables
state: started state: started
enabled: true enabled: true
roles:
- role: ericomeehan.ericomeehan
# TODO: prepare raid array during os installation
# TODO: install helm on control plane
- name: Prepare cluster environments - name: Prepare cluster environments
hosts: clusters hosts: clusters
become: true become: true
@ -46,32 +44,57 @@
path: /etc/sysctl.conf path: /etc/sysctl.conf
line: 'net.ipv4.ip_forward = 1' line: 'net.ipv4.ip_forward = 1'
state: present state: present
- name: Update sysctl configuration to enable IPv6 packet forwarding - name: Update sysctl configuration to enable IPv6 packet forwarding
lineinfile: lineinfile:
path: /etc/sysctl.conf path: /etc/sysctl.conf
line: 'net.ipv6.conf.all.forwarding = 1' line: 'net.ipv6.conf.all.forwarding = 1'
state: present state: present
- name: Reload sysctl configuration - name: Reload sysctl configuration
command: sysctl --system command: sysctl --system
- name: Enable br_netfilter kernel module - name: Enable br_netfilter kernel module
command: modprobe br_netfilter command: modprobe br_netfilter
- name: Add the module to a configuration file for persistence - name: Add the module to a configuration file for persistence
lineinfile: lineinfile:
path: /etc/modules-load.d/modules.conf path: /etc/modules-load.d/modules.conf
line: "br_netfilter" line: "br_netfilter"
- name: Install kubernetes library - name: Install kubernetes library
apt: apt:
name: python3-kubernetes name: python3-kubernetes
state: present state: present
roles: roles:
- role: geerlingguy.containerd - role: geerlingguy.containerd
- role: geerlingguy.kubernetes - role: geerlingguy.kubernetes
- role: ericomeehan.nvidia_driver_debian - role: ericomeehan.nvidia_driver_debian
when: when: nvidia == true
- nvidia == true tasks:
- name: Create production namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: production
when: kubernetes_role == control_plane
- name: Create testing namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: testing
when: kubernetes_role == control_plane
- name: Deploy core network services
hosts: alpha-control-plane
become: true
roles:
- role: ericomeehan.openldap.eom.dev
- role: ericomeehan.openvpn-server.eom.dev
- role: ericomeehan.mariadb.eom.dev
- role: ericomeehan.influxdb.eom.dev
- role: ericomeehan.telegraf.eom.dev
- role: ericomeehan.grafana.eom.dev
- role: ericomeehan.mediawiki.eom.dev
- role: ericomeehan.gitlab.eom.dev

6
vars/all.yml Normal file
View File

@ -0,0 +1,6 @@
nodePorts:
#range: 30000-32767
openldap-port-389: 30389
openldap-port-636: 30636
minecraft-port-24454: 32454
minecraft-port-25565: 32565

1
vars/production.yml Normal file
View File

@ -0,0 +1 @@
namespace: production