init

ansible/playbooks/ceph/00_install.yml

@@ -0,0 +1,12 @@
+---
+- name: install ceph
+  hosts:
+    - dev-kyiv01-vm-ceph-main-01
+    - dev-kyiv01-vm-ceph-main-02
+    - dev-kyiv01-vm-ceph-main-03
+  become: true
+
+  roles:
+    - role: ceph/00_install
+
+  # ansible-playbook playbooks/ceph/00_install.yml -i inventory.ini

ansible/playbooks/ceph/01_bootstrap.yml

@@ -0,0 +1,10 @@
+---
+- name: bootstrap ceph
+  hosts:
+    - dev-kyiv01-vm-ceph-main-01
+  become: true
+
+  roles:
+    - role: ceph/01_bootstrap
+
+  # ansible-playbook playbooks/ceph/01_bootstrap.yml -i inventory.ini

ansible/playbooks/ceph/02_share_pubkey.yml

@@ -0,0 +1,12 @@
+---
+- name: share ceph pubkey
+  hosts:
+    - dev-kyiv01-vm-ceph-main-01
+    - dev-kyiv01-vm-ceph-main-02
+    - dev-kyiv01-vm-ceph-main-03
+  become: true
+
+  roles:
+    - role: ceph/02_share_pubkey
+
+  # ansible-playbook playbooks/ceph/02_share_pubkey.yml -i inventory.ini

ansible/playbooks/ceph/03_setup_cluster.yml

@@ -0,0 +1,10 @@
+---
+- name: setup ceph cluster
+  hosts:
+    - dev-kyiv01-vm-ceph-main-01
+  become: true
+
+  roles:
+    - role: ceph/03_setup_cluster
+
+  # ansible-playbook playbooks/ceph/03_setup_cluster.yml -i inventory.ini

ansible/playbooks/dns/install_powerdns.yml

@@ -0,0 +1,19 @@
+---
+- name: setup powerdns
+  hosts:
+    - dev-kyiv01-vm-dns-main-01
+  become: true
+
+  roles:
+    - role: install_docker
+
+    - role: dns/push_powerdns_configs_to_node
+      vars:
+        dns_stack_root: /opt/dns-stack
+
+    - role: node/execute_command
+      vars:
+        chdir: "/opt/dns-stack"
+        command: "docker compose up -d"
+
+  # ansible-playbook playbooks/dns/install_powerdns.yml -i inventory.ini

ansible/playbooks/dns/setup_systemd_resolved_config.yml

@@ -0,0 +1,17 @@
+---
+- name: setup systemd resolved config
+  hosts:
+    - dev-kyiv01-vm-dns-main-01
+    - dev-kyiv01-vm-ntp-main-01
+    - dev-kyiv01-vm-ceph-main-01
+    - dev-kyiv01-vm-ceph-main-02
+    - dev-kyiv01-vm-ceph-main-03
+    - dev-kyiv01-vm-k8s-master-01
+    - dev-kyiv01-vm-k8s-worker-01
+  become: true
+  roles:
+    - role: dns/setup_systemd_resolved_config
+      vars:
+        dns_ip: 192.168.0.100
+
+  # ansible-playbook playbooks/dns/setup_systemd_resolved_config.yml -i inventory.ini

ansible/playbooks/docker/install.yml

@@ -0,0 +1,9 @@
+---
+- name: install docker
+  hosts:
+    - ec2
+  become: true
+  roles:
+    - role: docker
+
+  # ansible-playbook playbooks/docker/install.yml -i inventory.ec2.ini

ansible/playbooks/gitea/main.yml

@@ -0,0 +1,9 @@
+---
+- name: copy gitea configs to node
+  hosts:
+    - ec2
+  become: true
+  roles:
+    - role: gitea
+
+  # ansible-playbook playbooks/gitea/main.yml -i inventory.ec2.ini

ansible/playbooks/harden/harden_node.yml

@@ -0,0 +1,20 @@
+---
+- name: harden node
+  hosts: ec2
+  become: true
+  roles:
+    - role: harden/fail2ban
+
+    - role: harden/unattended_upgrades
+
+    - role: harden/sshd_config
+      vars:
+        ssh_port: "{{ ssh_port }}"
+
+    - role: harden/nftables
+      vars:
+        ssh_port: "{{ ssh_port }}"
+        # ntp_port: "{{ ntp_port }}"
+        nftables_conf_name: "vm-nftables.conf.j2"
+
+  # ansible-playbook playbooks/harden/harden_node.yml -i inventory.ec2.ini -e "ssh_port=25105"

ansible/playbooks/harden/harden_proxmox.yml

@@ -0,0 +1,21 @@
+---
+- name: harden node
+  hosts:
+    - dev-kyiv01-psy-proxmox-main-01
+  become: true
+  roles:
+    - role: harden/fail2ban
+
+    - role: harden/unattended_upgrades
+
+    - role: harden/sshd_config
+      vars:
+        ssh_port: "25105"
+
+    - role: harden/nftables
+      vars:
+        nftables_conf_name: "proxmox-nftables.conf.j2"
+        ssh_port: "25105"
+        ntp_port: "123"
+
+  # ansible-playbook playbooks/harden/harden_proxmox.yml -i inventory.ini

ansible/playbooks/k8s/install/k8s_master.yml

@@ -0,0 +1,12 @@
+---
+- name: install k8s master
+  hosts: dev-kyiv01-vm-k8s-master-01
+  become: true
+
+  roles:
+    - role: k8s/install/00_python
+    - role: k8s/install/01_helm
+    - role: k8s/install/02_common
+    - role: k8s/install/03_master
+
+  # ansible-playbook playbooks/k8s/install/k8s_master.yml -i inventory.ini

ansible/playbooks/k8s/install/k8s_worker.yml

@@ -0,0 +1,10 @@
+- name: install k8s master
+  hosts: dev-kyiv01-vm-k8s-worker-01
+  become: true
+  roles:
+    - role: k8s/install/02_common
+    - role: k8s/install/04_worker
+      vars:
+        k8s_kubeadm_join_command: "kubeadm join 192.168.0.105:6443 --token 5n2fv0.w67ya3tqfz8ucsae --discovery-token-ca-cert-hash sha256:9e944ac89557d42bd335ef175d232b3d78fd4b2af5935db23d52e443de539aad"
+
+    # ansible-playbook playbooks/k8s/install/k8s_worker.yml -i inventory.ini

ansible/playbooks/node/change_hostname.yml

@@ -0,0 +1,11 @@
+---
+- name: change hostname
+  hosts: test
+  become: true
+  gather_facts: false
+  roles:
+    - role: node/change_hostname
+      vars:
+        hostname: "dev-lviv01-vm-k8s-worker-01"
+
+  # ansible-playbook playbooks/node/change_hostname.yml -i inventory-local.ini

ansible/playbooks/node/execute_command.yml

@@ -0,0 +1,11 @@
+---
+- name: execute command
+  hosts: all
+  become: true
+  gather_facts: false
+  roles:
+    - role: node/execute_command
+      vars:
+        command: "{{ command }}"
+
+  # ansible-playbook playbooks/node/execute_command.yml -i inventory.ini

ansible/playbooks/node/push_dir.yml

@@ -0,0 +1,11 @@
+---
+- name: push dir
+  hosts: all
+  become: true
+  roles:
+    - role: node/push_dir
+      vars:
+        resource_dir: "{{ resource_dir }}"
+        target_dir: "{{ target_dir }}"
+
+  # ansible-playbook playbooks/node/push_dir.yml -i inventory.ini

ansible/playbooks/node/remove_file.yml

@@ -0,0 +1,10 @@
+---
+- name: remove file
+  hosts: all
+  become: true
+  roles:
+    - role: node/remove_file
+      vars:
+        file_path: "{{ file_path }}"
+
+  # ansible-playbook playbooks/node/remove_file.yml -i inventory.ini

ansible/playbooks/node/remove_user.yml

@@ -0,0 +1,10 @@
+---
+- name: remove user
+  hosts: all
+  become: true
+  roles:
+    - role: node/remove_user
+      vars:
+        user_name: "{{ remove_user }}"
+
+  # ansible-playbook playbooks/node/remove_user.yml -i inventory.ini

ansible/playbooks/ntp/chrony/00_setup_edge_ntp_node.yml

@@ -0,0 +1,16 @@
+---
+- name: setup edge ntp node
+  hosts:
+    - dev-kyiv01-psy-proxmox-main-01
+  become: true
+  roles:
+    - role: ntp/chrony
+      vars:
+        chrony_upstream_sources:
+          - ntp.time.in.ua
+          - time.google.com
+          - time.cloudflare.com
+        chrony_allow_networks:
+          - 192.168.0.0/24
+
+  # ansible-playbook playbooks/ntp/chrony/setup_edge_ntp_node.yml -i inventory.ini

ansible/playbooks/ntp/chrony/01_setup_core_ntp_node.yml

@@ -0,0 +1,14 @@
+---
+- name: setup core ntp node
+  hosts:
+    - dev-kyiv01-vm-ntp-main-01
+  become: true
+  roles:
+    - role: ntp/chrony
+      vars:
+        chrony_upstream_sources:
+          - ntp-edge.infra.hran
+        chrony_allow_networks:
+          - 192.168.0.0/24
+
+  # ansible-playbook playbooks/ntp/chrony/setup_core_ntp_node.yml -i inventory.ini

ansible/playbooks/ntp/chrony/02_setup_client_ntp_node.yml

@@ -0,0 +1,19 @@
+---
+- name: setup core ntp node
+  hosts:
+    - dev-kyiv01-vm-dns-main-01
+    - dev-kyiv01-vm-ceph-main-01
+    - dev-kyiv01-vm-ceph-main-02
+    - dev-kyiv01-vm-ceph-main-03
+    - dev-kyiv01-vm-k8s-master-01
+    - dev-kyiv01-vm-k8s-worker-01
+  become: true
+  roles:
+    - role: ntp/chrony
+      vars:
+        chrony_upstream_sources:
+          - ntp-core.infra.hran
+        chrony_allow_networks:
+          - 192.168.0.0/24
+
+  # ansible-playbook playbooks/ntp/chrony/setup_client_ntp_node.yml -i inventory.ini

ansible/playbooks/packer/install.yml

@@ -0,0 +1,9 @@
+---
+- name: install packer
+  hosts:
+    - dev-kyiv01-lxc-packer-main-01
+  become: true
+  roles:
+    - role: packer/install
+
+  # ansible-playbook playbooks/packer/install.yml -i inventory.ini

ansible/playbooks/packer/run.yml

@@ -0,0 +1,11 @@
+---
+- name: run packer
+  hosts:
+    - dev-kyiv01-lxc-packer-main-01
+  become: true
+  roles:
+    - role: packer/run
+      vars:
+        packer_config_dir: "/opt/packer/proxmox/debian13"
+
+  # ansible-playbook playbooks/packer/run.yml -i inventory.ini

ansible/playbooks/proxmox/enable_snippets.yml

@@ -0,0 +1,9 @@
+---
+- name: enable snippets
+  hosts:
+    - dev-kyiv01-psy-proxmox-main-01
+  become: true
+  roles:
+    - role: proxmox/enable_snippets
+
+  # ansible-playbook playbooks/proxmox/enable_snippets.yml -i inventory.ini

ansible/playbooks/proxmox/lxc/download_template.yml

@@ -0,0 +1,11 @@
+---
+- name: download lxc template
+  hosts:
+    - dev-kyiv01-psy-proxmox-main-01
+  become: true
+  roles:
+    - role: proxmox/lxc/download_template
+      vars:
+        lxc_template_name: "debian-12-standard_12.12-1_amd64.tar.zst"
+
+  # ansible-playbook playbooks/proxmox/lxc/download_template.yml -i inventory.ini

ansible/playbooks/proxmox/lxc/shutdown.yml

@@ -0,0 +1,11 @@
+---
+- name: shutdown lxc container
+  hosts:
+    - dev-kyiv01-psy-proxmox-main-01
+  become: true
+  roles:
+    - role: proxmox/lxc/shutdown
+      vars:
+        lxc_id: 200
+
+  # ansible-playbook playbooks/proxmox/lxc/shutdown.yml -i inventory.ini

ansible/playbooks/proxmox/setup_proxmox_no_subscription_repository.yml

@@ -0,0 +1,9 @@
+---
+- name: configure proxmox no-subscription repo
+  hosts:
+    - dev-kyiv01-psy-proxmox-main-01
+  become: true
+  roles:
+    - proxmox/setup_no_subscription_repository
+
+  # ansible-playbook playbooks/proxmox/setup_proxmox_no_subscription_repository.yml -i inventory.ini

ansible/playbooks/proxmox/vm/download_iso.yml

@@ -0,0 +1,12 @@
+---
+- name: download vm iso
+  hosts:
+    - dev-kyiv01-psy-proxmox-main-01
+  become: true
+  roles:
+    - role: proxmox/vm/download_iso
+      vars:
+        vm_iso_name: "debian-13.2.0-amd64-netinst.iso"
+        vm_iso_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/{{ vm_iso_name }}"
+
+  # ansible-playbook playbooks/proxmox/vm/download_iso.yml -i inventory.ini