This commit is contained in:
Hrankin, Aleksandr (contracted)
2026-02-19 11:34:13 +00:00
commit f243f440c3
191 changed files with 6183 additions and 0 deletions

View File

@@ -0,0 +1,12 @@
---
- name: install ceph
hosts:
- dev-kyiv01-vm-ceph-main-01
- dev-kyiv01-vm-ceph-main-02
- dev-kyiv01-vm-ceph-main-03
become: true
roles:
- role: ceph/00_install
# ansible-playbook playbooks/ceph/00_install.yml -i inventory.ini

View File

@@ -0,0 +1,10 @@
---
- name: bootstrap ceph
hosts:
- dev-kyiv01-vm-ceph-main-01
become: true
roles:
- role: ceph/01_bootstrap
# ansible-playbook playbooks/ceph/01_bootstrap.yml -i inventory.ini

View File

@@ -0,0 +1,12 @@
---
- name: share ceph pubkey
hosts:
- dev-kyiv01-vm-ceph-main-01
- dev-kyiv01-vm-ceph-main-02
- dev-kyiv01-vm-ceph-main-03
become: true
roles:
- role: ceph/02_share_pubkey
# ansible-playbook playbooks/ceph/02_share_pubkey.yml -i inventory.ini

View File

@@ -0,0 +1,10 @@
---
- name: setup ceph cluster
hosts:
- dev-kyiv01-vm-ceph-main-01
become: true
roles:
- role: ceph/03_setup_cluster
# ansible-playbook playbooks/ceph/03_setup_cluster.yml -i inventory.ini

View File

@@ -0,0 +1,19 @@
---
- name: setup powerdns
hosts:
- dev-kyiv01-vm-dns-main-01
become: true
roles:
- role: install_docker
- role: dns/push_powerdns_configs_to_node
vars:
dns_stack_root: /opt/dns-stack
- role: node/execute_command
vars:
chdir: "/opt/dns-stack"
command: "docker compose up -d"
# ansible-playbook playbooks/dns/install_powerdns.yml -i inventory.ini

View File

@@ -0,0 +1,17 @@
---
- name: setup systemd resolved config
hosts:
- dev-kyiv01-vm-dns-main-01
- dev-kyiv01-vm-ntp-main-01
- dev-kyiv01-vm-ceph-main-01
- dev-kyiv01-vm-ceph-main-02
- dev-kyiv01-vm-ceph-main-03
- dev-kyiv01-vm-k8s-master-01
- dev-kyiv01-vm-k8s-worker-01
become: true
roles:
- role: dns/setup_systemd_resolved_config
vars:
dns_ip: 192.168.0.100
# ansible-playbook playbooks/dns/setup_systemd_resolved_config.yml -i inventory.ini

View File

@@ -0,0 +1,9 @@
---
- name: install docker
hosts:
- ec2
become: true
roles:
- role: docker
# ansible-playbook playbooks/docker/install.yml -i inventory.ec2.ini

View File

@@ -0,0 +1,9 @@
---
- name: copy gitea configs to node
hosts:
- ec2
become: true
roles:
- role: gitea
# ansible-playbook playbooks/gitea/main.yml -i inventory.ec2.ini

View File

@@ -0,0 +1,20 @@
---
- name: harden node
hosts: ec2
become: true
roles:
- role: harden/fail2ban
- role: harden/unattended_upgrades
- role: harden/sshd_config
vars:
ssh_port: "{{ ssh_port }}"
- role: harden/nftables
vars:
ssh_port: "{{ ssh_port }}"
# ntp_port: "{{ ntp_port }}"
nftables_conf_name: "vm-nftables.conf.j2"
# ansible-playbook playbooks/harden/harden_node.yml -i inventory.ec2.ini -e "ssh_port=25105"

View File

@@ -0,0 +1,21 @@
---
- name: harden node
hosts:
- dev-kyiv01-psy-proxmox-main-01
become: true
roles:
- role: harden/fail2ban
- role: harden/unattended_upgrades
- role: harden/sshd_config
vars:
ssh_port: "25105"
- role: harden/nftables
vars:
nftables_conf_name: "proxmox-nftables.conf.j2"
ssh_port: "25105"
ntp_port: "123"
# ansible-playbook playbooks/harden/harden_proxmox.yml -i inventory.ini

View File

@@ -0,0 +1,12 @@
---
- name: install k8s master
hosts: dev-kyiv01-vm-k8s-master-01
become: true
roles:
- role: k8s/install/00_python
- role: k8s/install/01_helm
- role: k8s/install/02_common
- role: k8s/install/03_master
# ansible-playbook playbooks/k8s/install/k8s_master.yml -i inventory.ini

View File

@@ -0,0 +1,10 @@
- name: install k8s master
hosts: dev-kyiv01-vm-k8s-worker-01
become: true
roles:
- role: k8s/install/02_common
- role: k8s/install/04_worker
vars:
k8s_kubeadm_join_command: "kubeadm join 192.168.0.105:6443 --token 5n2fv0.w67ya3tqfz8ucsae --discovery-token-ca-cert-hash sha256:9e944ac89557d42bd335ef175d232b3d78fd4b2af5935db23d52e443de539aad"
# ansible-playbook playbooks/k8s/install/k8s_worker.yml -i inventory.ini

View File

@@ -0,0 +1,11 @@
---
- name: change hostname
hosts: test
become: true
gather_facts: false
roles:
- role: node/change_hostname
vars:
hostname: "dev-lviv01-vm-k8s-worker-01"
# ansible-playbook playbooks/node/change_hostname.yml -i inventory-local.ini

View File

@@ -0,0 +1,11 @@
---
- name: execute command
hosts: all
become: true
gather_facts: false
roles:
- role: node/execute_command
vars:
command: "{{ command }}"
# ansible-playbook playbooks/node/execute_command.yml -i inventory.ini

View File

@@ -0,0 +1,11 @@
---
- name: push dir
hosts: all
become: true
roles:
- role: node/push_dir
vars:
resource_dir: "{{ resource_dir }}"
target_dir: "{{ target_dir }}"
# ansible-playbook playbooks/node/push_dir.yml -i inventory.ini

View File

@@ -0,0 +1,10 @@
---
- name: remove file
hosts: all
become: true
roles:
- role: node/remove_file
vars:
file_path: "{{ file_path }}"
# ansible-playbook playbooks/node/remove_file.yml -i inventory.ini

View File

@@ -0,0 +1,10 @@
---
- name: remove user
hosts: all
become: true
roles:
- role: node/remove_user
vars:
user_name: "{{ remove_user }}"
# ansible-playbook playbooks/node/remove_user.yml -i inventory.ini

View File

@@ -0,0 +1,16 @@
---
- name: setup edge ntp node
hosts:
- dev-kyiv01-psy-proxmox-main-01
become: true
roles:
- role: ntp/chrony
vars:
chrony_upstream_sources:
- ntp.time.in.ua
- time.google.com
- time.cloudflare.com
chrony_allow_networks:
- 192.168.0.0/24
# ansible-playbook playbooks/ntp/chrony/setup_edge_ntp_node.yml -i inventory.ini

View File

@@ -0,0 +1,14 @@
---
- name: setup core ntp node
hosts:
- dev-kyiv01-vm-ntp-main-01
become: true
roles:
- role: ntp/chrony
vars:
chrony_upstream_sources:
- ntp-edge.infra.hran
chrony_allow_networks:
- 192.168.0.0/24
# ansible-playbook playbooks/ntp/chrony/setup_core_ntp_node.yml -i inventory.ini

View File

@@ -0,0 +1,19 @@
---
- name: setup core ntp node
hosts:
- dev-kyiv01-vm-dns-main-01
- dev-kyiv01-vm-ceph-main-01
- dev-kyiv01-vm-ceph-main-02
- dev-kyiv01-vm-ceph-main-03
- dev-kyiv01-vm-k8s-master-01
- dev-kyiv01-vm-k8s-worker-01
become: true
roles:
- role: ntp/chrony
vars:
chrony_upstream_sources:
- ntp-core.infra.hran
chrony_allow_networks:
- 192.168.0.0/24
# ansible-playbook playbooks/ntp/chrony/setup_client_ntp_node.yml -i inventory.ini

View File

@@ -0,0 +1,9 @@
---
- name: install packer
hosts:
- dev-kyiv01-lxc-packer-main-01
become: true
roles:
- role: packer/install
# ansible-playbook playbooks/packer/install.yml -i inventory.ini

View File

@@ -0,0 +1,11 @@
---
- name: run packer
hosts:
- dev-kyiv01-lxc-packer-main-01
become: true
roles:
- role: packer/run
vars:
packer_config_dir: "/opt/packer/proxmox/debian13"
# ansible-playbook playbooks/packer/run.yml -i inventory.ini

View File

@@ -0,0 +1,9 @@
---
- name: enable snippets
hosts:
- dev-kyiv01-psy-proxmox-main-01
become: true
roles:
- role: proxmox/enable_snippets
# ansible-playbook playbooks/proxmox/enable_snippets.yml -i inventory.ini

View File

@@ -0,0 +1,11 @@
---
- name: download lxc template
hosts:
- dev-kyiv01-psy-proxmox-main-01
become: true
roles:
- role: proxmox/lxc/download_template
vars:
lxc_template_name: "debian-12-standard_12.12-1_amd64.tar.zst"
# ansible-playbook playbooks/proxmox/lxc/download_template.yml -i inventory.ini

View File

@@ -0,0 +1,11 @@
---
- name: shutdown lxc container
hosts:
- dev-kyiv01-psy-proxmox-main-01
become: true
roles:
- role: proxmox/lxc/shutdown
vars:
lxc_id: 200
# ansible-playbook playbooks/proxmox/lxc/shutdown.yml -i inventory.ini

View File

@@ -0,0 +1,9 @@
---
- name: configure proxmox no-subscription repo
hosts:
- dev-kyiv01-psy-proxmox-main-01
become: true
roles:
- proxmox/setup_no_subscription_repository
# ansible-playbook playbooks/proxmox/setup_proxmox_no_subscription_repository.yml -i inventory.ini

View File

@@ -0,0 +1,12 @@
---
- name: download vm iso
hosts:
- dev-kyiv01-psy-proxmox-main-01
become: true
roles:
- role: proxmox/vm/download_iso
vars:
vm_iso_name: "debian-13.2.0-amd64-netinst.iso"
vm_iso_url: "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/{{ vm_iso_name }}"
# ansible-playbook playbooks/proxmox/vm/download_iso.yml -i inventory.ini