ansible-playbooks
所属分类:DevOps
开发工具:Shell
文件大小:0KB
下载次数:0
上传日期:2023-07-11 17:01:49
上 传 者:
sh-1993
说明: 用于娱乐和娱乐的Playbooks,以及用于私有云的我家k8s设置。,
(Playbooks for fun and recreation, and my home k8s setup for private cloud.,)
文件列表:
.ansible-lint (141, 2023-12-08)
.yamllint (169, 2023-12-08)
Vagrantfile (1789, 2023-12-08)
ansible.cfg (20307, 2023-12-08)
artifacts/ (0, 2023-12-08)
artifacts/grafana-details.json (33749, 2023-12-08)
artifacts/grafana-overview.json (47175, 2023-12-08)
base.yml (1259, 2023-12-08)
deployments.yml (662, 2023-12-08)
desktop-chrome.yml (3207, 2023-12-08)
desktop-debian.yml (9167, 2023-12-08)
desktop-fedora.yml (8788, 2023-12-08)
desktop-ubuntu.yml (8426, 2023-12-08)
files/ (0, 2023-12-08)
files/base/ (0, 2023-12-08)
files/base/collabora/ (0, 2023-12-08)
files/base/collabora/deployment.yml (3670, 2023-12-08)
files/base/collabora/kustomization.yml (34, 2023-12-08)
files/base/cron-admin.yml (358, 2023-12-08)
files/base/diun/ (0, 2023-12-08)
files/base/diun/deployment.yml (2121, 2023-12-08)
files/base/diun/kustomization.yml (63, 2023-12-08)
files/base/diun/rbac.yml (508, 2023-12-08)
files/base/diun/secrets.yml (276, 2023-12-08)
files/base/gitlab-runner/ (0, 2023-12-08)
files/base/gitlab-runner/deployment.yml (944, 2023-12-08)
files/base/gitlab-runner/kustomization.yml (58, 2023-12-08)
files/base/gitlab-runner/ns.yml (59, 2023-12-08)
files/base/gitlab-runner/rbac.yml (641, 2023-12-08)
files/base/gitlab/ (0, 2023-12-08)
files/base/gitlab/cronjob.yml (1317, 2023-12-08)
files/base/gitlab/deployment.yml (4196, 2023-12-08)
files/base/gitlab/kustomization.yml (63, 2023-12-08)
files/base/gitlab/rbac.yml (616, 2023-12-08)
files/base/gotify/ (0, 2023-12-08)
files/base/gotify/deployment.yml (2622, 2023-12-08)
... ...
# playbooks
My playbooks for home use. The Kubernetes cluster can be tested with Vagrant running `vagrant up`. Traefik TLS configuration gives A+ on [SSL Labs](https://www.ssllabs.com/ssltest/).
These playbooks, except of the `desktop.yml` playbook, can be tested on Vagrant. All playbooks is designed to run individually or as a part of a whole. `homeserver` playbooks is tested on Ubuntu Focal.
## What is available
* `desktop-*.yml` --- my desktop configurations
* `pi-*.yml` --- raspberry pi plays
* `restic.yml` --- restic backup play
### Kubernetes deployments
* `deployments.yml` --- copy out deployment configuration files and apply them to running kubernetes
## Testing
Install [Vagrant](https://www.vagrantup.com/) and [VirtualBox](https://www.virtualbox.org/) for your distro. Start the environment.
```bash
vagrant up
```
Variables is configurable in `group_vars`. See `group_vars/k3s.yml` for available parameters and default for the Vagrant development configuration.
### Services
Public available services.
* [Gotify](https://gotify.192.168.56.11.nip.io), default username `admin` and password `password`
After installing playbooks, go into the Gotify and add an application. Take the applications token and update the `gotify_token`. Voila, you get a notification every time someone logs into `homeserver`.
* [Nextcloud](https://nextcloud.192.168.56.11.nip.io) with database backup cronjob - default username `admin` and password `password`
For Collabora office install the app `Nextcloud Office` and go to admin interface and find `Office`
* Use your own server, in `URL (and Port) of Collabora Online-server` add `https://collabora.192.168.56.11.nip.io/`.
* Check `Disable certificate verification`.
* Allow list for WOPI requests should contain `192.168.56.0/24`.
* Go to the admin interface for Collabora and accept the certificate.
* Now you can edit Office documents.
* [Vaultwarden](https://nextcloud.192.168.56.11.nip.io) with database backup cronjob
Configured with signup. Change in admin GUI.
Services restricted to source IP range. Defaults to `192.168.0.0/16`, `172.16.0.0/12` and `10.0.0.0/8`.
* [Collabora CODE Admin](https://collabora.192.168.56.11.nip.io/browser/dist/admin/admin.html), default username `admin` and password `password`
* [Grafana](https://grafana.192.168.56.11.nip.io)
* [Munin](https://munin.192.168.56.11.nip.io)
* [Prometheus](https://traefik.192.168.56.11.nip.io)
* [Smokeping](https://smokeping.192.168.56.11.nip.io)
* [Traefik](https://traefik.192.168.56.11.nip.io)
* [Vaultwarden Admin](https://traefik.192.168.56.11.nip.io/admin), Vaultwarden administration UI
Other services running.
* `pod-updater` cronjob running in each namespace, which updates deployments regularly to fetch newer version of container images
### Caveats
Your router will block nip.io name resolution if _DNS rebind protection_ is enabled.
###### vim: set spell spelllang=en:
近期下载者:
相关文件:
收藏者: