Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • infrastruktur/ansible-warpzone
  • specki/ansible-warpzone
2 results
Show changes
Commits on Source (48)
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 1506 additions and 172 deletions
group_vars/prod
View file @ a568db47
......@@ -136,4 +136,5 @@ oauth_global:
oidc_global:
provider_url: https://uffd.warpzone.ms
logout_url: https://uffd.warpzone.ms/logout
\ No newline at end of file
logout_url: https://uffd.warpzone.ms/logout
ldap_base_dn: "dc=warpzone,dc=ms"
group_vars/test
View file @ a568db47
......@@ -47,10 +47,11 @@ oauth_global:
oidc_global:
provider_url: https://uffd.test-warpzone.de
logout_url: https://uffd.test-warpzone.de/logout
ldap_base_dn: "dc=test-warpzone,dc=de"
# Matrix Settings
matrix:
domain: matrix.warpzone.ms
public_url: https://matrix.warpzone.ms
identity_server: https://matrix.warpzone.ms
notifications_room_id: "!QxrpmOPYwofaPFqKMY:matrix.warpzone.ms"
\ No newline at end of file
domain: matrix.test-warpzone.de
public_url: https://matrix.test-warpzone.de
identity_server: https://matrix.test-warpzone.de
notifications_room_id: "!QxrpmOPYwofaPFqKMY:matrix.test-warpzone.de"
host_vars/ogg
View file @ a568db47
......@@ -31,8 +31,15 @@ webserver_ssl: false
# Liste der gehosteten Domänen
webserver_domains:
- "esphome.warpzone"
- "unifi.warpzone"
- "warpsrvint.warpzone"
- "esphome.warpzone.lan"
- "fridgeserver.warpzone.lan"
- "grafana.warpzone.lan"
- "services.warpzone.lan"
- "ha.warpzone.lan"
- "omada.warpzone.lan"
- "tasmoadmin.warpzone.lan"
- "zigbee2mqtt.warpzone.lan"
administratorenteam:
- "void"
......
host_vars/pihole 0 → 100644
View file @ a568db47
# Host spezifische Variablen
motd_lines:
- "pihole - Interner pihole DNS @ warpzone"
- "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
- "IPv6-IP @ eth0: {{ ext_ip6 }}"
debian_sources:
- "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
- "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
- "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
- "deb https://download.docker.com/linux/debian bookworm stable"
debian_keys_id:
debian_keys_url:
- "https://download.docker.com/linux/debian/gpg"
# Primäre IP Adressen des Hosts
#ext_ip4: <keine>
ext_ip6: 2a02:1799:7:1337::2
int_ip4: 10.0.0.2
# Art des Hosts: physical, vm, lxc
host_type: "lxc"
# SSL deaktivieren
webserver_ssl: false
# Liste der gehosteten Domänen
webserver_domains:
- "pihole.warpzone.lan"
administratorenteam:
- "void"
- "sandhome"
- "3d"
- "jabertwo"
# Monitoring aktivieren
alert:
load:
warn: 15
crit: 30
containers:
- { name: "dockerstats-app-1" }
- { name: "pihole-app-1" }
disks:
- { mountpoint: "/", warn: "1 GB", crit: "512 MB" }
\ No newline at end of file
host_vars/test-warpzone-de
View file @ a568db47
......@@ -58,6 +58,7 @@ administratorenteam:
- "void"
- "sandhome"
- "jabertwo"
- "supervirus"
# Docker konfigurationen
docker:
......
host_vars/webserver
View file @ a568db47
......@@ -39,6 +39,7 @@ webserver_domains:
- "ldap.warpzone.ms"
- "keycloak.warpzone.ms"
- "md.warpzone.ms"
- "privatebin.warpzone.ms"
# - "turn.warpzone.ms"
- "wiki.warpzone.ms"
- "www.warpzone.ms"
......@@ -82,9 +83,6 @@ alert:
- { name: "icinga-app-1" }
- { name: "icinga-db-1" }
- { name: "icinga-graphite-1" }
- { name: "keycloak-app-1" }
- { name: "keycloak-db-1" }
- { name: "keycloak-sync-group-active-1" }
- { name: "ldap-openldap-1" }
- { name: "ldap-phpldapadmin-1" }
- { name: "mail-admin-1" }
......@@ -109,6 +107,7 @@ alert:
- { name: "matterbridge-wz-1" }
- { name: "matterbridge-web-1" }
- { name: "matterbridge-restarter-1" }
- { name: "privatebin-app-1" }
- { name: "traefik-app-1" }
- { name: "uffd-app-1" }
- { name: "uffd-db-1" }
......
hosts.yml
View file @ a568db47
......@@ -37,6 +37,10 @@ prod:
carrot:
ansible_ssh_host: 192.168.0.202
ansible_user: root
pihole:
ansible_ssh_host: 10.0.0.2
ansible_user: root
# Öffentlicher Webserver Warpzone
# VM auf Tiffany
......
intern/docker_homeassistant/templates/config/configuration.yaml
View file @ a568db47
......@@ -132,6 +132,50 @@ sensor:
- 'date_time'
automation ansible:
# Autodiscovery für Licht Hackcenter
# Das Licht Hackcenter besteht eigentlich aus zwei geräten, einem DALI-Controller und einem Tasmota-Schalter.
# - Der Tasmota Schalter, schaltet generell den Strom ein und aus.
# - Der Dali Controller ist für die Regelung der Helligkeit verantwortlich. (Wertebereich 0 - 255)
# Die Automatisierung erstellt eine Autodiscovery-Konfiguration für HomeAssistant,
# die beide Geräte als ein Licht darstellt.
# Die Autodiscovery Message wird automatisch beim Start von HomeAssistant gesendet.
- alias: ANSIBLE_autodiscovery_light_hackcenter
description: "MQTT Autodiscovery für Licht Hackcenter"
mode: single
triggers:
- trigger: homeassistant
event: start
action:
- service: mqtt.publish
data:
topic: "homeassistant/light/licht_hackcenter_01/config"
retain: true
qos: 0
payload: >
{
"name": "Licht Hackcenter",
"unique_id": "licht_hackcenter_01",
"object_id": "licht_hackcenter",
"state_topic": "stat/tasmota_B1233C/POWER",
"command_topic": "cmnd/tasmota_B1233C/Power1",
"brightness_state_topic": "light/dali_out",
"brightness_command_topic": "light/dali_in",
"qos": 0,
"payload_on": "ON",
"payload_off": "OFF",
"optimistic": false,
"device": {
"identifiers": ["licht_hackcenter_01"],
"name": "Licht Hackcenter",
"manufacturer": "warpzone",
"model": "DALI"
}
}
# Abluft dauerhaft an
- alias: ANSIBLE_Abluft_dauer_an
description: Verhindert Ausschalten der Abluft und setzt festen Wert bei schließen der Zone
......@@ -176,93 +220,6 @@ automation ansible:
target:
device_id: 96844a416179e61fff99195b6a16522e
# Licht im Hackcenter dimmen
- alias: ANSIBLE_dali_licht_hackcenter_helligkeit-anpassen
description: Ruft den Helper aus um per MQTT das Licht zu dimmen
trigger:
- platform: state
entity_id:
- input_number.dali_licht_hackcenter
for:
hours: 0
minutes: 0
seconds: 0
action:
- service: mqtt.publish
data:
topic: light/dali
payload_template: "{{ '{{' }} states('input_number.dali_licht_hackcenter') | int {{ '}}' }}"
mode: restart
- alias: ANSIBLE_Dimmer_Hackcenter_down
description: ""
mode: single
triggers:
- domain: mqtt
device_id: 868d603a22c4f1f6d5cc6d050f962e1a
type: action
subtype: rotate_left
trigger: device
- domain: mqtt
device_id: a35a891d445fc54d0aab7c5e2fce40a1
type: action
subtype: rotate_left
trigger: device
conditions: []
actions:
- repeat:
count: 25
sequence:
- target:
entity_id: input_number.dali_licht_hackcenter
data: {}
action: input_number.decrement
- alias: ANSIBLE_Dimmer_Hackcenter_up
description: ""
mode: single
triggers:
- domain: mqtt
device_id: 868d603a22c4f1f6d5cc6d050f962e1a
type: action
subtype: rotate_right
trigger: device
- domain: mqtt
device_id: a35a891d445fc54d0aab7c5e2fce40a1
type: action
subtype: rotate_right
trigger: device
conditions: []
actions:
- repeat:
count: 25
sequence:
- target:
entity_id: input_number.dali_licht_hackcenter
data: {}
action: input_number.increment
- alias: ANSIBLE_Dimmer_Hackcenter_toggle
description: ""
mode: single
triggers:
- domain: mqtt
device_id: 868d603a22c4f1f6d5cc6d050f962e1a
type: action
subtype: single
trigger: device
- domain: mqtt
device_id: a35a891d445fc54d0aab7c5e2fce40a1
type: action
subtype: single
trigger: device
conditions: []
actions:
- type: toggle
device_id: f65f71ef46e86492b79d75223670013a
entity_id: c522db6731a33bd27763830ddd2740e2
domain: switch
- alias: ANSIBLE_Zonenshutdown
mode: single
triggers:
......@@ -333,7 +290,7 @@ automation ansible:
data:
skip_condition: true
target:
entity_id: automation.ansible_hackcenter_licht_nach_shutdown
entity_id: automation.ANSIBLE_hackcenter_licht_nach_shutdown
- alias: ANSIBLE_Zonenboot
mode: single
......@@ -821,6 +778,46 @@ automation ansible:
area_id: schnackcenter
mode: single
- alias: ANSIBLE_ZONE_NoAutoOn_aus
description: ""
triggers: []
conditions: []
actions:
- action: light.turn_off
metadata: {}
data: {}
target:
area_id: NoAutoOn
- action: switch.turn_off
metadata: {}
data: {}
target:
area_id: NoAutoOn
mode: single
- alias: ANSIBLE_hackcenter_licht_nach_shutdown
description: ""
mode: single
triggers: []
conditions: []
actions:
- action: light.turn_on
metadata: {}
data:
brightness_pct: 50
target:
device_id: c4f8f83fb287ba7b1d66b674a1564c75
- delay:
hours: 0
minutes: 3
seconds: 0
milliseconds: 0
- action: light.turn_off
metadata: {}
data: {}
target:
device_id: c4f8f83fb287ba7b1d66b674a1564c75
- alias: ANSIBLE_ZONE_backcenter_an
description: ""
triggers: []
......@@ -972,37 +969,4 @@ automation ansible:
data: {}
target:
area_id: schnackcenter
mode: single
- alias: ANSIBLE_Hackcenter_licht_nach_shutdown
description: ""
mode: restart
triggers: []
conditions: []
actions:
- metadata: {}
data:
value: 255
target:
entity_id: input_number.dali_licht_hackcenter
action: input_number.set_value
- delay:
hours: 0
minutes: 1
seconds: 0
milliseconds: 0
- metadata: {}
data:
value: 150
target:
entity_id: input_number.dali_licht_hackcenter
action: input_number.set_value
- delay:
hours: 0
minutes: 0
seconds: 10
milliseconds: 0
- type: turn_off
device_id: f65f71ef46e86492b79d75223670013a
entity_id: c522db6731a33bd27763830ddd2740e2
domain: switch
\ No newline at end of file
mode: single
\ No newline at end of file
intern/docker_omada/templates/docker-compose.yml
View file @ a568db47
......@@ -5,15 +5,18 @@ services:
image: mbentley/omada-controller:latest
restart: always
ports:
- {{ omada_port_http }}:8088
- {{ omada_port_https }}:8043
- {{ omada_portal_https }}:8843
- "{{ omada_port_http }}:{{ omada_port_http }}"
- "{{ omada_port_https }}:{{ omada_port_https }}"
- "{{ omada_portal_https }}:{{ omada_portal_https }}"
- 27001:27001/udp
- 27002:27002
- 29810:29810/udp
- 29811:29811
- 29812:29812
- 29813:29813
- 29814:29814
- 29815:29815
- 29816:29816
sysctls:
- net.ipv4.ip_unprivileged_port_start=0
volumes:
......@@ -34,6 +37,8 @@ services:
PORT_DISCOVERY: 29810
PORT_MANAGER_V1: 29811
PORT_MANAGER_V2: 29814
PORT_TRANSFER_V2: 29815
PORT_RTTY: 29816
PORT_UPGRADE_V1: 29813
SHOW_SERVER_LOGS: "true"
SHOW_MONGODB_LOGS: "false"
......
intern/docker_pihole/templates/docker-compose.yml 0 → 100644
View file @ a568db47
services:
app:
image: pihole/pihole:latest
restart: always
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- "{{ basedir }}/etc:/etc/pihole"
- "{{ basedir }}/dnsmasq:/etc/dnsmasq.d"
- "/dev/null:/var/log/pihole.log"
- "/dev/null:/var/log/pihole-FTL.log"
hostname: pihole
environment:
TZ: 'Europe/Berlin'
TAIL_FTL_LOG: 0
FTLCONF_LOCAL_IPV4: '{{ int_ip4 }}'
WEBPASSWORD: '{{ admin_password }}'
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.services.{{ servicename }}.loadBalancer.server.port=80
networks:
- default
- web
networks:
web:
external: true
\ No newline at end of file
keyfiles/supervirus.pub 0 → 100644
View file @ a568db47
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6+Ex8TM4gP+Nph5Cy5zK6z2mceI9i7vsh0ec4oTfDC htk@ridcully
\ No newline at end of file
pihole/docker_pihole/tasks/main.yml 0 → 100644
View file @ a568db47
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: "{{ basedir }}/secrets/admin_password", type: create, length: 24 }
- name: "create folder struct for {{ servicename }}"
file:
path: "{{ item }}"
state: "directory"
with_items:
- "{{ basedir }}"
- "{{ basedir }}/secrets"
- "{{ basedir }}/etc"
- name: "create config files for {{ servicename }}"
template:
src: "{{ item }}"
dest: "{{ basedir }}/{{ item }}"
with_items:
- docker-compose.yml
- etc/pihole.toml
register: config
- name: "stop {{ servicename}} docker"
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: absent
when: config.changed
- name: "start {{ servicename}} docker"
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
state: present
\ No newline at end of file
pihole/docker_pihole/templates/docker-compose.yml 0 → 100644
View file @ a568db47
services:
app:
image: pihole/pihole:2025.02.6
restart: always
network_mode: host
volumes:
- '{{ basedir }}/etc:/etc/pihole'
hostname: pihole
environment:
TZ: 'Europe/Berlin'
WEBPASSWORD: '{{ admin_password }}'
cap_add:
- NET_ADMIN
- SYS_NICE
- SYS_TIME
- NET_BIND_SERVICE
- NET_RAW
pihole/docker_pihole/templates/etc/pihole.toml 0 → 100644
View file @ a568db47
This diff is collapsed.
site.yml
View file @ a568db47
......@@ -27,28 +27,28 @@
domain: "test-warpzone.de",
domain_default: "www.test-warpzone.de",
}
- {
role: testserver/docker_mail, tags: [ test_mail, docker_services ],
servicename: mail,
basedir: "/srv/{{ servicename }}",
domain: "test-warpzone.de",
mailserver: "mailserver.test-warpzone.de",
listserver: "listserver.test-warpzone.de"
}
# - {
# role: testserver/docker_mail, tags: [ test_mail, docker_services ],
# servicename: mail,
# basedir: "/srv/{{ servicename }}",
# domain: "test-warpzone.de",
# mailserver: "mailserver.test-warpzone.de",
# listserver: "listserver.test-warpzone.de"
# }
- {
role: testserver/docker_uffd, tags: [ test_uffd, docker_services ],
servicename: uffd,
basedir: "/srv/{{ servicename }}",
domain: "uffd.test-warpzone.de",
}
- {
role: testserver/docker_icinga, tags: [ test_icinga, docker_services ],
servicename: icinga,
basedir: "/srv/{{ servicename }}",
domain: "icinga.test-warpzone.de",
api_port: 5665,
mysql_port: 33306
}
# - {
# role: testserver/docker_icinga, tags: [ test_icinga, docker_services ],
# servicename: icinga,
# basedir: "/srv/{{ servicename }}",
# domain: "icinga.test-warpzone.de",
# api_port: 5665,
# mysql_port: 33306
# }
- {
role: testserver/docker_gitlab, tags: [ test_gitlab, docker_services ],
servicename: "gitlab",
......@@ -76,6 +76,12 @@
basedir: "/srv/{{ servicename }}",
domain: "md.test-warpzone.de"
}
- {
role: testserver/docker_matrix, tags: [ test_matrix, docker_services ],
servicename: "matrix",
basedir: "/srv/{{ servicename }}",
domain: "matrix.test-warpzone.de"
}
- {
role: testserver/docker_nextcloud, tags: [ test_nextcloud, docker_services ],
servicename: "nextcloud",
......@@ -244,6 +250,24 @@
domain: "zigbee2mqtt.warpzone.lan"
}
- hosts: pihole
remote_user: root
roles:
- { role: common/cronapt, tags: cronapt }
- { role: common/docker, tags: docker }
- { role: common/prometheus-node, tags: prometheus-node }
- {
role: common/docker_dockerstats, tags: [ dockerstats, docker_services ],
servicename: dockerstats,
basedir: /srv/dockerstats,
metrics_port: 9487
}
- {
role: pihole/docker_pihole, tags: pihole,
servicename: pihole,
basedir: /srv/pihole,
domain: "pihole.warpzone.lan"
}
- hosts: webserver
remote_user: root
......@@ -356,6 +380,12 @@
basedir: /srv/wordpress,
domain: "www.warpzone.ms"
}
- {
role: webserver/docker_privatebin, tags: [ privatebin, docker_services ],
servicename: privatebin,
basedir: /srv/privatebin,
domain: "privatebin.warpzone.ms"
}
# - {
# role: webserver/docker_workadventure, tags: [ workadventure, docker_services ],
# servicename: "workadventure",
......
testserver/docker_dokuwiki/tasks/main.yml
View file @ a568db47
......@@ -3,6 +3,8 @@
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: "{{ basedir }}/secrets/oauth_secret", length: 64}
- { path: "{{ basedir }}/dokuwiki_api_secret", length: 32 }
- { path: "{{ basedir }}/ldap_bind_pw", length: 32 }
- name: create folder struct for dokuwiki
file:
......@@ -12,6 +14,11 @@
- "{{ basedir }}"
- "{{ basedir }}/data"
- "{{ basedir }}/pdftemplate"
- "{{ basedir }}/data/lib"
- "{{ basedir }}/data/lib/plugins"
- "{{ basedir }}/data/lib/plugins/oauth"
- "{{ basedir }}/data/lib/plugins/oauthgeneric"
- "{{ basedir }}/uffd-ldapd"
- name: Docker Compose Konfig-Datei erstellen
template:
......@@ -20,9 +27,37 @@
with_items:
- docker-compose.yml
- Dockerfile
- authuffd_vars.php
- uffd-ldapd/Dockerfile
register: config
#- name: oauth plugin clonen
# ansible.builtin.git:
# repo: https://github.com/cosmocode/dokuwiki-plugin-oauth.git
# dest: "{{ basedir }}/data/lib/plugins/oauth"
# force: true
#- name: config für oauth kopieren
# ansible.builtin.template:
# src: oauth_vars.php
# dest: "{{ basedir }}/data/lib/plugins/oauth/conf/default.php"
#- name: oauthgeneric plugin clonen
# ansible.builtin.git:
# repo: https://github.com/cosmocode/dokuwiki-plugin-oauthgeneric.git
# dest: "{{ basedir }}/data/lib/plugins/oauthgeneric"
# force: true
#- name: config für oauthgeneric kopieren
# ansible.builtin.template:
# src: oauthgeneric_vars.php
# dest: "{{ basedir }}/data/lib/plugins/oauthgeneric/conf/default.php"
#- name: oauth provider aktivieren
# ansible.builtin.lineinfile:
# path: "{{ basedir }}/data/conf/local.php"
# regexp: "^$conf['authtype'] = "
# line: "$conf['authtype'] = 'oauth';"
- name: "stop {{ servicename}} docker"
community.docker.docker_compose_v2:
project_src: "{{ basedir }}"
......
testserver/docker_dokuwiki/templates/Dockerfile
View file @ a568db47
......@@ -25,16 +25,6 @@ RUN apt-get update && apt-get install -y wget unzip git \
&& tar -xvzf dokuwiki-stable.tgz -C /var/www/html --strip-components=1 \
&& rm dokuwiki-stable.tgz
# Plugin-Verzeichnis erstellen und das Authentifizierungs-Plugin hinzufügen
RUN mkdir -p /var/www/html/lib/plugins/authuffd \
&& git clone https://git.cccv.de/uffd/dokuwiki-plugin-authuffd.git /var/www/html/lib/plugins/authuffd
# Konfigurationsdatei für das Plugin anpassen
COPY authuffd_vars.php /var/www/html/lib/plugins/authuffd/conf/default.php
# DokuWiki Konfiguration anpassen
RUN echo "\$conf['authtype'] = 'authuffd';" >> /var/www/html/conf/local.php
# Setzen der richtigen Berechtigungen
RUN chown -R www-data:www-data /var/www/html
......
testserver/docker_dokuwiki/templates/authuffd_vars.php deleted 100644 → 0
View file @ 86f7e433
<?php
$conf['name'] = 'uffd';
$conf['baseurl'] = '{{ oidc_global.provider_url }}';
$conf['oauth2_client_id'] = '{{ servicename }}';
$conf['oauth2_client_secret'] = '{{ oauth_secret }}';
$conf['oauth2_redirect_uri'] = '{{ domain }}/dokuwiki/doku.php?id=authredirect';
#$conf['api_username'] = '';
#$conf['api_password'] = '';
testserver/docker_dokuwiki/templates/docker-compose.yml
View file @ a568db47
......@@ -17,7 +17,20 @@ services:
networks:
- default
- web
ldap:
build: uffd-ldapd/
restart: always
environment:
SERVER_API_URL: "{{ oidc_global.provider_url }}"
SERVER_API_USER: "dokuwikildap"
SERVER_API_SECRET: "{{ dokuwiki_api_secret }}"
SERVER_BASE_DN: "{{ oidc_global.ldap_base_dn }}"
SERVER_BIND_PASSWORD: "{{ ldap_bind_pw}}"
networks:
- default
networks:
web:
external: true
testserver/docker_dokuwiki/templates/oauth_vars.php 0 → 100644
View file @ a568db47
<?php
/**
* Default settings for the oauth plugin
*
* @author Andreas Gohr <andi@splitbrain.org>
*/
$conf['info'] = '';
$conf['custom-redirectURI'] = '';
$conf['mailRestriction'] = '';
$conf['singleService'] = '';
$conf['register-on-auth'] = 1;
$conf['overwrite-groups'] = 0;
\ No newline at end of file