345 lines
7.5 KiB
YAML
345 lines
7.5 KiB
YAML
---
|
|
|
|
# should be installed on e.g. ber0 as well,
|
|
# so some sort of task to isntall packages on
|
|
# human used systems
|
|
- name: install packages
|
|
apt:
|
|
update_cache: yes
|
|
state: latest
|
|
name:
|
|
- autoconf # emacs-build
|
|
- emacs # from apt.sudo.is
|
|
- ffmpeg
|
|
- gnupg2
|
|
- gnutls-bin # emacs-build
|
|
- irssi
|
|
- kpcli
|
|
- libgnutls28-dev # emacs-build
|
|
- libncurses-dev # emacs-build
|
|
- libolm-dev
|
|
- pkg-config # emacs-build
|
|
- texinfo # emacs-build
|
|
- libffi-dev
|
|
- libssl-dev
|
|
- cmake # emacs vterm
|
|
- libtool # emacs vterm
|
|
- libtool-bin
|
|
- libsodium-dev # chia-plotter
|
|
- simple-cdd
|
|
- libcurl4-gnutls-dev
|
|
- weechat-matrix
|
|
- parallel
|
|
- restic
|
|
- zip
|
|
- httrack
|
|
- pwgen
|
|
- ubuntu-dev-tools # ubuntu-vm-builder
|
|
- libvirt-clients # virsh
|
|
- vainfo # intel va-api
|
|
- i965-va-driver # intel va-api
|
|
tags:
|
|
- packages
|
|
- packages-mainframe
|
|
- mainframe-packages
|
|
|
|
- name: install pip packages
|
|
pip:
|
|
name:
|
|
- ansible
|
|
- bdfr
|
|
#- feedgen
|
|
- podgen
|
|
- mutagen # for podgen
|
|
- feedparser
|
|
- internetarchive
|
|
- ldap3 # new_user.py
|
|
- loguru
|
|
- netaddr
|
|
- paramiko
|
|
- requests
|
|
- virtualenv
|
|
- waybackpy
|
|
- youtube-dl
|
|
- yt-dlp
|
|
state: latest
|
|
executable: pip3
|
|
tags:
|
|
- archive
|
|
- pip
|
|
- packages
|
|
- mainframe-packages
|
|
- mainframe-pip
|
|
|
|
- name: make local log dir for {{ myusername }}
|
|
file:
|
|
state: directory
|
|
path: "{{ userlist[myusername].home }}/.local/log/"
|
|
owner: "{{ myusername }}"
|
|
group: "{{ myusername }}"
|
|
mode: 0770
|
|
tags:
|
|
- archive
|
|
|
|
- name: template config files for scripts
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/usr/local/etc/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- scripts
|
|
- archive
|
|
- archive-scripts
|
|
- archives
|
|
- archives-config
|
|
- mainframe-scripts
|
|
- mainframe-etc
|
|
with_items:
|
|
- podcast.json
|
|
- archives.toml
|
|
- fsn-lb.json
|
|
- praw.ini
|
|
|
|
- name: template scripts
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/usr/local/bin/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
with_items:
|
|
- lb
|
|
- archive-podcast.py
|
|
- archive-wayback.py
|
|
- youtube-dl-mirrors.sh
|
|
- reddit-archives.sh
|
|
tags:
|
|
- scripts
|
|
- mainframe-scripts
|
|
- archive
|
|
- archive-scripts
|
|
|
|
- name: copy scripts
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: /usr/local/bin/{{ item }}
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
with_items:
|
|
- new_user.py
|
|
- save-old-host-from-rsnapshot.sh
|
|
tags:
|
|
- scripts
|
|
- mainframe-scripts
|
|
- mainframe-scripts
|
|
|
|
- name: cron file
|
|
template:
|
|
src: mainframe-cron.j2
|
|
dest: /etc/cron.d/mainframe
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
tags:
|
|
- cron
|
|
- mainframe-cron
|
|
- mainframe-scripts
|
|
- archive
|
|
- archive-scripts
|
|
- archives
|
|
|
|
- name: convergence dir on {{ git_cron.tools_url }}
|
|
file:
|
|
state: directory
|
|
path: "/var/www/{{ git_cron.tools_url }}/convergence"
|
|
owner: root
|
|
group: root
|
|
mode: 0775
|
|
|
|
- name: convergene scripts
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: root
|
|
group: root
|
|
mode: "{{ item.mode }}"
|
|
loop_control:
|
|
label: "{{ item.src }}"
|
|
with_items:
|
|
- src: git-cron.sh.j2
|
|
dest: /usr/local/sbin/git-cron.sh
|
|
mode: 770
|
|
- src: ansible-convergence.sh.j2
|
|
dest: /usr/local/sbin/ansible-convergence.sh
|
|
mode: 770
|
|
- src: tf-convergence.sh.j2
|
|
dest: /usr/local/sbin/tf-convergence.sh
|
|
mode: 770
|
|
|
|
- name: install certs
|
|
copy:
|
|
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
|
dest: "/usr/local/etc/certs/"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
loop_control:
|
|
label: "{{ item }}"
|
|
tags:
|
|
- letsencrypt-certs
|
|
- mainframe-nginx
|
|
- static-sites
|
|
notify: reload nginx
|
|
with_items:
|
|
- "{{ archives_url }}"
|
|
- "{{ archivebox_url }}"
|
|
- static.{{ domain }}
|
|
- "{{ xmr_url }}"
|
|
|
|
- name: template nginx vhost(s)
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: /etc/nginx/sites-enabled/{{ item }}
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_items:
|
|
- 01-archives.conf
|
|
- 02-tools.conf
|
|
- 01-static.conf
|
|
- 01-xmr.conf
|
|
tags:
|
|
- archives
|
|
- archivebox
|
|
- nginx
|
|
- mainframe-nginx
|
|
- static-sites
|
|
notify: reload nginx
|
|
|
|
- name: archives log dir and cache
|
|
file:
|
|
state: directory
|
|
path: /var/{{ item }}/archives
|
|
owner: "{{ systemuserlist.archives.username }}"
|
|
group: "{{ systemuserlist.archives.username }}"
|
|
mode: 0775
|
|
with_items:
|
|
- log
|
|
- cache
|
|
tags:
|
|
- archives
|
|
- archive
|
|
|
|
- name: start archives
|
|
docker_container:
|
|
name: archives
|
|
image: git.sudo.is/ben/archives:latest
|
|
auto_remove: false
|
|
detach: true
|
|
pull: true
|
|
restart_policy: "unless-stopped"
|
|
state: started
|
|
container_default_behavior: compatibility
|
|
networks_cli_compatible: false
|
|
user: "{{ systemuserlist.archives.uid }}:{{ systemuserlist.archives.gid }}"
|
|
networks:
|
|
- name: bridgewithdns
|
|
ipv4_address: "{{ bridgewithdns.archives }}"
|
|
mounts:
|
|
- type: bind
|
|
source: "{{ archives_path }}"
|
|
target: "{{ archives_path }}"
|
|
- type: bind
|
|
source: /var/log/archives
|
|
target: /var/log/archives
|
|
- type: bind
|
|
source: /var/cache/archives
|
|
target: /var/cache/archives
|
|
- type: bind
|
|
source: /usr/local/etc/archives.toml
|
|
target: /etc/archives.toml
|
|
read_only: true
|
|
# works around havint the wwwsudois package up to date
|
|
- type: bind
|
|
source: /var/www/shared
|
|
target: /var/www/shared
|
|
read_only: true
|
|
tags:
|
|
- archives
|
|
- archives-container
|
|
- docker-containers
|
|
|
|
- name: log dirs
|
|
file:
|
|
state: directory
|
|
path: /var/log/{{ item.name }}
|
|
owner: "{{ item.owner | default(1300) }}"
|
|
group: "{{ item.owner | default(1300) }}"
|
|
mode: 0775
|
|
loop_control:
|
|
label: "{{ item.name }}"
|
|
with_items:
|
|
- name: ricelandbot
|
|
tags:
|
|
- ricelandbot
|
|
|
|
- name: start archivebox
|
|
docker_container:
|
|
name: archivebox
|
|
image: archivebox/archivebox:master
|
|
auto_remove: false
|
|
detach: true
|
|
pull: true
|
|
restart_policy: "unless-stopped"
|
|
state: started
|
|
container_default_behavior: compatibility
|
|
networks_cli_compatible: false
|
|
env:
|
|
PUID: "{{ systemuserlist.archives.uid }}"
|
|
PGID: "{{ systemuserlist.archives.gid }}"
|
|
|
|
networks:
|
|
- name: bridgewithdns
|
|
ipv4_address: "{{ bridgewithdns.archivebox }}"
|
|
mounts:
|
|
- type: bind
|
|
source: "{{ archives_path }}/ben/archivebox"
|
|
target: /data
|
|
tags:
|
|
- archivebox
|
|
- archivebox-container
|
|
- docker-containers
|
|
|
|
- name: start/stop ricelandbot
|
|
docker_container:
|
|
state: stopped
|
|
name: ricelandbot
|
|
image: git.sudo.is/ops/ricelandbot:latest
|
|
auto_remove: false
|
|
detach: true
|
|
pull: true
|
|
restart_policy: "unless-stopped"
|
|
container_default_behavior: compatibility
|
|
networks_cli_compatible: false
|
|
user: "1300:1300"
|
|
networks:
|
|
- name: bridgewithdns
|
|
mounts:
|
|
- type: bind
|
|
source: /var/log/ricelandbot
|
|
target: /var/log/ricelandbot
|
|
# set XDG_CONFIG_HOME if this moves
|
|
- type: bind
|
|
source: /usr/local/etc/praw.ini
|
|
target: /ricelandbot/praw.ini
|
|
read_only: true
|
|
env:
|
|
LOGFILE: /var/log/ricelandbot/ricelandbot.log
|
|
tags:
|
|
- ricelandbot
|
|
- ricelandbot-container
|
|
- docker-containers
|