me/env-ansible
me/env-ansible
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Music Studio, Migrate from GitHub to Personal Gitea #1

Merged
me merged 21 commits from dev into main 2025-01-02 13:03:51 -07:00
Conversation 0 Commits 21 Files Changed 16 +13 -362
12 changed files with 13 additions and 362 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 5b67610fca - Show all commits

2
README.md
View File

@ -45,7 +45,7 @@ Workstation: Currently failing at `[Workstation | Linux | Flatpak Distro | Packa
### NixOS ### NixOS
99%, still need to get Telegraf going and refactor local.yml but everything else 99%, still need to get Telegraf going and refactor local.yml but everything else
is working well. It is automatically implementing github.com/Hyperling/NixOS. is working well. It is automatically implementing git.hyperling.com/me/env-nixos.
## Currently Supported Unix Systems ## Currently Supported Unix Systems
### FreeBSD 12, 13 ### FreeBSD 12, 13

12
facts/general/system.yml
View File

@ -8,17 +8,7 @@
st_install_dir: /usr/local/src/st st_install_dir: /usr/local/src/st
global_bin: /usr/local/bin global_bin: /usr/local/bin
x_desktops: /usr/share/xsessions x_desktops: /usr/share/xsessions
repo_github: https://github.com/Hyperling/ansible.git git_repo: https://git.hyperling.com/me/env-ansible.git
#repo_local: https://git.hyperling.com/ansible.git
# Local server not working yet, go back to Github even though they throttle me.
repo_local: https://github.com/Hyperling/ansible.git
- name: General | Facts | System | Dev
set_fact:
#repo_local: https://git.hyperling.com/ansible-dev.git
# Local server not working yet, go back to Github even though they throttle me.
repo_local: https://github.com/Hyperling/ansible.git
when: branch == "dev"
- name: General | Facts | System | Linux - name: General | Facts | System | Linux

4
files/scripts/nixos.sh
View File

@ -15,7 +15,7 @@ nixos_working_exe=activate.sh
function usage { function usage {
echo -e "\nUsage: $PROG -b BRANCH" >&2 echo -e "\nUsage: $PROG -b BRANCH" >&2
cat <<- EOF cat <<- EOF
Run a setup script for NixOS based on the https://github.com/Hyperling/NixOS project. Run a setup script for NixOS based on the https://git.hyperling.com/me/env-nixos project.
Parameters: Parameters:
-b BRANCH: The branch which should be installed, likely 'main' or 'dev'. -b BRANCH: The branch which should be installed, likely 'main' or 'dev'.
@ -48,7 +48,7 @@ fi
cleanup cleanup
# Install the Hyperling NixOS configurations. # Install the Hyperling NixOS configurations.
git clone https://github.com/Hyperling/NixOS --branch $branch $nixos_working_dir git clone https://git.hyperling.com/me/env-nixos --branch $branch $nixos_working_dir
chmod 755 $nixos_working_dir/$nixos_working_exe chmod 755 $nixos_working_dir/$nixos_working_exe
$nixos_working_dir/$nixos_working_exe $nixos_working_dir/$nixos_working_exe

6
local.yml
View File

@ -229,12 +229,6 @@
- include_tasks: tasks/server/software/hugo.yml - include_tasks: tasks/server/software/hugo.yml
when: hugo == true when: hugo == true
- include_tasks: tasks/server/software/gitlab.yml
when: gitlab and ansible_pkg_mgr in ("apt", "dnf") and ansible_distribution not in ("Fedora")
- include_tasks: tasks/server/software/git.yml
when: git and ansible_pkg_mgr in ("apt")
when: server == true when: server == true

2
setup.sh
View File

@ -6,7 +6,7 @@
DIR="$(dirname -- "${BASH_SOURCE[0]}")" DIR="$(dirname -- "${BASH_SOURCE[0]}")"
PROG="$(basename -- "${BASH_SOURCE[0]}")" PROG="$(basename -- "${BASH_SOURCE[0]}")"
LOCAL=$DIR/local.yml LOCAL=$DIR/local.yml
URL="https://github.com/Hyperling/ansible" URL="https://git.hyperling.com/me/env-ansible"
BRANCH="main" BRANCH="main"
## Functions ## ## Functions ##

36
tasks/general/acct_mgmt/provision_config.yml
View File

@ -279,28 +279,6 @@
; ;
; hugo : Set to true to install HUGO static website generator. ; hugo : Set to true to install HUGO static website generator.
; ;
; gitlab : ee - Installs Enterprise Edition Free Tier. Basically CE with an easier upgrade path for Paid Features.
; ce - Installs Community Edition. Excludes paid features if you'll never use them. Supposedly difficult to move to EE.
; Example: ce
;
; gitlab_url : The URL prefix for the server. Using 'http://mygitlabserver' would result in "http://mygitlabserver.((domain))".
; Regardless of whether you choose http or https, the Certbot config will be skipped since the maintainer uses a reverse proxy.
; Example: https://gitlab
;
; git : Set to true for this server to be configured as an HTTP git server.
;
; git_name : Name(s) of project(s) that the Git server should host.
; Example: ansible#ansible-dev
;
; git_branch : Branch(es) of project(s) corresponding with git_name.
; Example: main#dev
;
; git_url : URL(s) of project(s) corresponding with git_name.
; Example: https://github.com/Hyperling/ansible#https://github.com/Hyperling/ansible
;
; git_sep : Separator for git variables above.
; Example: #
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[global] [global]
marker: '; {mark} MANAGED BY ANSIBLE | Server Config' marker: '; {mark} MANAGED BY ANSIBLE | Server Config'
@ -318,13 +296,6 @@
influxdb2: "{{ lookup('ini', 'influxdb2 file={{srv_file}} default=false') }}" influxdb2: "{{ lookup('ini', 'influxdb2 file={{srv_file}} default=false') }}"
certbot: "{{ lookup('ini', 'certbot file={{srv_file}} default=false') }}" certbot: "{{ lookup('ini', 'certbot file={{srv_file}} default=false') }}"
hugo: "{{ lookup('ini', 'hugo file={{srv_file}} default=false') }}" hugo: "{{ lookup('ini', 'hugo file={{srv_file}} default=false') }}"
gitlab: "{{ lookup('ini', 'gitlab file={{srv_file}} default=false') }}"
gitlab_url: "{{ lookup('ini', 'gitlab_url file={{srv_file}} default=false') }}"
git: "{{ lookup('ini', 'git file={{srv_file}} default=false') }}"
git_name: "{{ lookup('ini', 'git_name file={{srv_file}} default=false') }}"
git_branch: "{{ lookup('ini', 'git_branch file={{srv_file}} default=false') }}"
git_url: "{{ lookup('ini', 'git_url file={{srv_file}} default=false') }}"
git_sep: "{{ lookup('ini', 'git_sep file={{srv_file}} default=false') }}"
- name: General | Account Management | Provisioning Configuration | Server | List - name: General | Account Management | Provisioning Configuration | Server | List
set_fact: set_fact:
@ -338,13 +309,6 @@
- { 'influxdb2': "{{ influxdb2 }}" } - { 'influxdb2': "{{ influxdb2 }}" }
- { 'certbot': "{{ certbot }}" } - { 'certbot': "{{ certbot }}" }
- { 'hugo': "{{ hugo }}" } - { 'hugo': "{{ hugo }}" }
- { 'gitlab': "{{ gitlab }}" }
- { 'gitlab_url': "{{ gitlab_url }}" }
- { 'git': "{{ git }}" }
- { 'git_name': "{{ git_name }}" }
- { 'git_branch': "{{ git_branch }}" }
- { 'git_url': "{{ git_url }}" }
- { 'git_sep': "{{ git_sep }}" }
## Exit if not turned on yet ## ## Exit if not turned on yet ##

2
tasks/general/cron/ansible.yml
View File

@ -6,7 +6,7 @@
user: ansible user: ansible
name: "Ansible Sync" name: "Ansible Sync"
minute: "*/30" minute: "*/30"
job: "sudo {{ ansible_pull_exec.stdout }} -o -U {{ repo_local }} --checkout {{ branch }}" job: "sudo {{ ansible_pull_exec.stdout }} -o -U {{ git_repo }} --checkout {{ branch }}"
state: present state: present
disabled: "{{ 'yes' if no_telem else 'no' }}" disabled: "{{ 'yes' if no_telem else 'no' }}"

4
tasks/general/scripts/root.yml
View File

@ -6,7 +6,7 @@
path: "{{ user_root.home }}/bin/scm.sh" path: "{{ user_root.home }}/bin/scm.sh"
block: | block: |
# 20210211 - Make life easier! # 20210211 - Make life easier!
git clone {{ repo_github }} ansible-pull git clone {{ git_repo }} ansible-pull
ansible-pull/setup.sh ansible-pull/setup.sh
mv ansible-pull ~/TRASH/ mv ansible-pull ~/TRASH/
marker: '{mark}' marker: '{mark}'
@ -37,7 +37,7 @@
## Main ## ## Main ##
time {{ ansible_pull_exec.stdout }} -U {{ repo_github }} --checkout $branch time {{ ansible_pull_exec.stdout }} -U {{ git_repo }} --checkout $branch
marker: '{mark}' marker: '{mark}'
marker_begin: "#!{{ bash_exec.stdout }}" marker_begin: "#!{{ bash_exec.stdout }}"

4
tasks/general/scripts/user.yml
View File

@ -6,7 +6,7 @@
path: "{{ user_user.home }}/bin/scm.sh" path: "{{ user_user.home }}/bin/scm.sh"
block: | block: |
# 20210211 - Make life easier! # 20210211 - Make life easier!
git clone {{ repo_github }} ansible-pull git clone {{ git_repo }} ansible-pull
ansible-pull/setup.sh ansible-pull/setup.sh
mv ansible-pull ~/TRASH/ mv ansible-pull ~/TRASH/
marker: '{mark}' marker: '{mark}'
@ -37,7 +37,7 @@
## Main ## ## Main ##
time sudo {{ ansible_pull_exec.stdout }} -U {{ repo_github }} --checkout $branch time sudo {{ ansible_pull_exec.stdout }} -U {{ git_repo }} --checkout $branch
marker: '{mark}' marker: '{mark}'
marker_begin: "#!{{ bash_exec.stdout }}" marker_begin: "#!{{ bash_exec.stdout }}"

4
tasks/general/software/nixos.yml
View File

@ -1,5 +1,5 @@
--- ---
# Update the Nix configuration at github.com/Hyperling/NixOS. # Update the Nix configuration at git.hyperling.com/me/env-nixos.
# This is also done in setup.sh if ansible is not found. # This is also done in setup.sh if ansible is not found.
- name: General | Software | NixOS | Facts - name: General | Software | NixOS | Facts
@ -19,7 +19,7 @@
blockinfile: blockinfile:
path: /etc/nixos/ansible.nix path: /etc/nixos/ansible.nix
block: | block: |
# This file was created by https://github.com/Hyperling/Ansible # This file was created by https://git.hyperling.com/me/env-ansible
# Please do not alter it by hand. Use the proper ini files instead. # Please do not alter it by hand. Use the proper ini files instead.
{ config, pkgs, nix, ... }: { config, pkgs, nix, ... }:

191
tasks/server/software/git.yml
View File

@ -1,191 +0,0 @@
---
# Webserver to replace calling GitHub for projects.
# https://www.howtoforge.com/how-to-install-http-git-server-with-nginx-on-debian-11/
#TODO: Use gitweb instead??? I knew there was an easier way than apache/nginx/python stuff...
# https://git-scm.com/docs/gitweb
# Gitweb is nice but doesn;t seem like it allowes cloning.
# Need to figure out how to get git:// to work, fix SSL locally, or somehow use http local and https when external..
## Variables ##
- name: Server | Software | HTTPS Git Server | Check Config Variables
debug:
var: "{{ item }}"
loop:
- git_name
- git_branch
- git_url
- git_sep
- name: Server | Software | HTTPS Git Server | Split Config Variables To Array
set_fact:
git_names: "{{ git_name.split(git_sep) }}"
git_branches: "{{ git_branch.split(git_sep) }}"
git_urls: "{{ git_url.split(git_sep) }}"
git_projects: []
- name: Server | Software | HTTPS Git Server | Check Arrays
debug:
var: "{{ item }}"
loop:
- git_names
- git_branches
- git_urls
- name: Server | Software | HTTPS Git Server | Build Dictionary
set_fact:
git_projects: "{{ git_projects + [{ 'name': git_names[item], 'branch': git_branches[item], 'url': git_urls[item] }] }}"
loop: "{{ range(0, git_names|length) | list }}"
- name: Server | Software | HTTPS Git Server | Display Dictionary
debug:
var: git_projects
- name: Server | Software | HTTPS Git Server | Variables 1
set_fact:
git_web_root: /var/www/html/git
git_config_file: /etc/nginx/conf.d/git.conf
git_nginx_user: www-data
git_ssl_dir: /usr/local/etc/ssl/private
git_ssl_cert_name: cert.pem
git_ssl_key_name: key.pem
- name: Server | Software | HTTPS Git Server | Variables 2
set_fact:
git_cron_commands: "git pull --rebase && cd {{ git_web_root }}/ && chown -R {{ git_nginx_user }} . && chmod -R 775 ."
git_ssl_cert: "{{ git_ssl_dir }}/{{ git_ssl_cert_name }}"
git_ssl_key: "{{ git_ssl_dir }}/{{ git_ssl_key_name }}"
## Pre-reqs ##
- name: Server | Software | HTTPS Git Server | Install
package:
name:
- nginx
- git
- fcgiwrap
- apache2-utils
- unzip
state: present
when: ansible_pkg_mgr == "apt"
- name: Server | Software | HTTPS Git Server | SSL Certificate
shell: "{{ item }}"
loop:
- mkdir -p {{ git_ssl_dir }}
- openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout {{ git_ssl_key }} -out {{ git_ssl_cert }} -subj "/C=XX/ST=STATELESS/L=HOMELAB/O={{ domain }}/OU=Git Server/CN={{ domain }}"
## Repositories ##
- name: Server | Software | HTTPS Git Server | Delete
file:
path: "{{ git_web_root }}"
state: absent
- name: Server | Software | HTTPS Git Server | Download
git:
repo: "{{ item.url }}"
dest: "{{ git_web_root }}/{{ item.name }}.git"
version: "{{ item.branch }}"
clone: yes
force: yes
ignore_errors: yes
loop: "{{ git_projects }}"
- name: Server | Software | HTTPS Git Server | Permissions
file:
path: "{{ git_web_root }}/{{ item.name }}.git"
state: directory
mode: '755'
owner: "{{ git_nginx_user }}"
group: "{{ git_nginx_user }}"
recurse: yes
loop: "{{ git_projects }}"
## NGINX ##
- name: Server | Software | HTTPS Git Server | Index
blockinfile:
path: "{{ git_web_root }}/index.html"
block: |
{{ item.name }}.git is cloned from {{ item.url }} using branch {{ item.branch }}.
state: present
mode: '755'
owner: "{{ git_nginx_user }}"
group: "{{ git_nginx_user }}"
create: yes
backup: yes
marker: "<!-- {mark} {{ item.name }} -->"
loop: "{{ git_projects }}"
- name: Server | Software | HTTPS Git Server | Config
blockinfile:
path: "{{ git_config_file }}"
block: |
server {
listen 443;
server_name {{ ansible_hostname }}.{{ domain }};
ssl_certificate {{ git_ssl_cert }};
ssl_certificate_key {{ git_ssl_key }};
root {{ git_web_root }};
# Add index.php to the list if you are using PHP
index index.html;
#autoindex on;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ (/.*) {
client_max_body_size 0;
#auth_basic "Hyperling's Git Login";
#auth_basic_user_file "{{ git_web_root }}/htpasswd";
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT {{ git_web_root }};
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $1;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
}
state: present
mode: '755'
create: yes
backup: yes
marker: "# {mark} Managed By Ansible Git Server Playbook -->"
- name: Server | Software | HTTPS Git Server | Service
service:
name: nginx
pattern: nginx
enabled: yes
state: restarted
## Cron ##
- name: Server | Software | HTTPS Git Server | Cron | Hourly
cron:
name: "{{ item.name }} hourly"
special_time: hourly
job: "cd {{ git_web_root }}/{{ item.name }}.git && {{ git_cron_commands }}"
loop: "{{ git_projects }}"
- name: Server | Software | HTTPS Git Server | Cron | Reboot
cron:
name: "{{ item.name }} reboot"
special_time: reboot
job: "cd {{ git_web_root }}/{{ item.name }}.git && {{ git_cron_commands }}"
loop: "{{ git_projects }}"

106
tasks/server/software/gitlab.yml
View File

@ -1,106 +0,0 @@
---
# Install a Gitlab server for hosting software projects.
## Checks ##
- name: "Server | Software | GitLab | Checks | Host Variable [gitlab]={{ gitlab }}"
shell: echo "ERROR! Variable has an invalid value!" && exit 1
when: gitlab not in ("ee", "ce")
- name: "Server | Software | GitLab | Checks | Host Variable [gitlab_url]={{ gitlab_url }}"
set_fact:
gitlab_url: "https://gitlab"
when: gitlab_url is not defined or not gitlab
- name: Server | Software | GitLab | Checks | Play Variables
set_fact:
gitlab_bundle: "gitlab-{{ gitlab }}"
gitlab_config: /etc/gitlab/gitlab.rb
# Ensure other version is not installed.
- name: Server | Software | GitLab | Checks | Remove EE
package:
name: gitlab-ee
state: absent
when: gitlab == "ce"
- name: Server | Software | GitLab | Checks | Remove CE
package:
name: gitlab-ce
state: absent
when: gitlab == "ee"
## Install ##
# https://about.gitlab.com/install/?version=ce#ubuntu
# https://about.gitlab.com/install/?version=ce#centos-8 (Fedora)
- name: Server | Software | GitLab | Install | Check
shell: which gitlab-ctl
ignore_errors: yes
register: gitlab_installed
- name: Server | Software | GitLab | Install | Pre-Reqs
package:
update_cache: yes
name:
- curl
- openssh-server
- ca-certificates
- tzdata
- perl
- postfix
state: present
when: gitlab_installed.failed
- name: Server | Software | GitLab | Install | Add Repo (apt)
shell: curl https://packages.gitlab.com/install/repositories/gitlab/{{ gitlab_bundle }}/script.deb.sh | bash
when: gitlab_installed.failed and ansible_pkg_mgr == "apt"
- name: Server | Software | GitLab | Install | Add Repo (dnf)
shell: curl https://packages.gitlab.com/install/repositories/gitlab/{{ gitlab_bundle }}/script.rpm.sh | bash
when: gitlab_installed.failed and ansible_pkg_mgr == "dnf"
- name: Server | Software | GitLab | Install | Install
shell: EXTERNAL_URL="{{ gitlab_url | replace("https","http") }}.{{ domain }}" {{ ansible_pkg_mgr }} install -y {{ gitlab_bundle }}
when: gitlab_installed.failed
- name: Server | Software | GitLab | Install | Get Password
shell: cat /etc/gitlab/initial_root_password && cp /etc/gitlab/initial_root_password ~/
register: gitlab_passwd
when: gitlab_installed.failed
- name: Server | Software | GitLab | Install | Print Password
debug:
var: gitlab_passwd.stdout_lines
when: gitlab_installed.failed
## Configuration ##
# https://docs.gitlab.com/ee/install/next_steps.html
# Need to make server think it's https but not actually listen for it, otherwise reverse proxy doesn't work.
# https://www.itsfullofstars.de/2019/06/gitlab-behind-a-reverse-proxy/
- name: Server | Software | GitLab | Configure | Check External URL
lineinfile:
path: "{{ gitlab_config }}"
regexp: '^external_url '
line: "external_url '{{ gitlab_url }}.{{ domain }}' # Managed by Ansible"
state: present
create: yes
backup: yes
- name: Server | Software | GitLab | Configure | Turn Off Serving Local SSL
blockinfile:
path: "{{ gitlab_config }}"
block: |
nginx['listen_port'] = 80
nginx['listen_https'] = false
marker: "# {mark} MANAGED BY ANSIBLE - {{ gitlab_config }}"
state: present
create: yes
backup: yes
- name: Server | Software | GitLab | Configure | Reconfigure
shell: gitlab-ctl reconfigure