Compare commits
10 Commits
0ad05fedf2
...
68d787e9ac
| Author | SHA1 | Date | |
|---|---|---|---|
68d787e9ac
|
|||
| 700396cc31 | |||
| 20fd717e0b | |||
| 26d7236f0b | |||
| 36a73b5adc | |||
| adfa86ac26 | |||
| 93fe54ddbc | |||
| b365ca5a02 | |||
| a86eac38f0 | |||
| be57907d55 |
18
.gitea/workflows/lint.yml
Normal file
18
.gitea/workflows/lint.yml
Normal file
@ -0,0 +1,18 @@
|
||||
name: "Lint"
|
||||
on: push
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
name: "Lint"
|
||||
runs-on: python-bookworm
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4
|
||||
- name: Activate venv & install dependencies
|
||||
run: |
|
||||
python3 -m venv venv
|
||||
. venv/bin/activate
|
||||
echo PATH=$PATH >> $GITHUB_ENV
|
||||
pip install ansible ansible-lint
|
||||
- name: Lint
|
||||
run: ansible-lint --show-relpath .
|
||||
@ -1,8 +0,0 @@
|
||||
stages:
|
||||
- "linting"
|
||||
|
||||
ansible-lint:
|
||||
stage: linting
|
||||
image: registry.gitlab.com/pipeline-components/ansible-lint:latest
|
||||
script:
|
||||
- ansible-lint --show-relpath .
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
- name: "Update/upgrade debian and install docker and misc tools."
|
||||
- name: "Update/upgrade debian and install misc tools."
|
||||
hosts: basic
|
||||
roles:
|
||||
- system
|
||||
|
||||
@ -1,4 +1,16 @@
|
||||
---
|
||||
- name: Ensure systemd-resolved doesn't interfere
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/systemd/resolved.conf
|
||||
regexp: '^DNSStubListener='
|
||||
insertafter: '^[Resolve]'
|
||||
line: DNSStubListener=no
|
||||
|
||||
- name: Restart systemd-resolved service
|
||||
ansible.builtin.service:
|
||||
name: systemd-resolved
|
||||
state: restarted
|
||||
|
||||
- name: Install dnsmasq
|
||||
ansible.builtin.apt:
|
||||
name: dnsmasq
|
||||
|
||||
8
roles/ip_forward/tasks/main.yaml
Normal file
8
roles/ip_forward/tasks/main.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: Enable IPv4 forwarding
|
||||
ansible.posix.sysctl:
|
||||
name: net.ipv4.ip_forward
|
||||
value: '1'
|
||||
sysctl_set: true
|
||||
state: present
|
||||
reload: true
|
||||
12
roles/network_tools/main.yaml
Normal file
12
roles/network_tools/main.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: Install tcpdump
|
||||
ansible.builtin.apt:
|
||||
name: tcpdump
|
||||
state: latest
|
||||
update_cache: true
|
||||
|
||||
- name: Install jnettop
|
||||
ansible.builtin.apt:
|
||||
name: jnettop
|
||||
state: latest
|
||||
update_cache: true
|
||||
22
roles/nftables/tasks/main.yaml
Normal file
22
roles/nftables/tasks/main.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
- name: Install nftables
|
||||
ansible.builtin.apt:
|
||||
name: nftables
|
||||
state: latest
|
||||
update_cache: true
|
||||
|
||||
- name: Install ulogd (for nftables logging)
|
||||
ansible.builtin.apt:
|
||||
name: ulogd2
|
||||
state: latest
|
||||
update_cache: true
|
||||
|
||||
- name: Enable nftables service
|
||||
ansible.builtin.service:
|
||||
name: nftables
|
||||
enabled: true
|
||||
|
||||
- name: Start nftables service
|
||||
ansible.builtin.service:
|
||||
name: nftables
|
||||
state: started
|
||||
@ -16,9 +16,3 @@
|
||||
name: net-tools
|
||||
state: latest
|
||||
update_cache: true
|
||||
|
||||
- name: Install jnettop
|
||||
ansible.builtin.apt:
|
||||
name: jnettop
|
||||
state: latest
|
||||
update_cache: true
|
||||
|
||||
49
roles/telegraf/tasks/main.yaml
Normal file
49
roles/telegraf/tasks/main.yaml
Normal file
@ -0,0 +1,49 @@
|
||||
---
|
||||
- name: Install required system packages
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- gnupg
|
||||
- curl
|
||||
state: latest
|
||||
update_cache: true
|
||||
|
||||
- name: Add Influxdata GPG apt key
|
||||
ansible.builtin.apt_key:
|
||||
url: "https://repos.influxdata.com/influxdata-archive.key"
|
||||
state: present
|
||||
|
||||
- name: Add Influxdata repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: deb https://repos.influxdata.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
|
||||
state: present
|
||||
filename: "telegraf"
|
||||
|
||||
- name: Install telegraf package
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- telegraf
|
||||
state: latest
|
||||
update_cache: true
|
||||
|
||||
- name: Gather the package facts
|
||||
ansible.builtin.package_facts:
|
||||
manager: auto
|
||||
|
||||
- name: Add telegraf to docker group
|
||||
ansible.builtin.user:
|
||||
name: telegraf
|
||||
groups: docker
|
||||
append: true
|
||||
when: "'docker-ce' in ansible_facts.packages"
|
||||
|
||||
- name: Enable telegraf service
|
||||
ansible.builtin.service:
|
||||
name: telegraf
|
||||
enabled: true
|
||||
|
||||
- name: Stop telegraf service (configure it before starting)
|
||||
ansible.builtin.service:
|
||||
name: telegraf
|
||||
state: stopped
|
||||
@ -1,10 +1,12 @@
|
||||
---
|
||||
- name: "Update/upgrade debian and install docker and misc tools."
|
||||
- name: "Update/upgrade debian and install router softwares and misc tools."
|
||||
hosts: router
|
||||
roles:
|
||||
- system
|
||||
- softwares
|
||||
- network_tools
|
||||
- bpytop
|
||||
- ip_forward
|
||||
- dnsmasq
|
||||
- nftables
|
||||
- clean
|
||||
|
||||
5
telegraf.yaml
Normal file
5
telegraf.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: "Install telegraf on debian."
|
||||
hosts: telegraf
|
||||
roles:
|
||||
- telegraf
|
||||
5
update.yaml
Normal file
5
update.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: "Update and upgrade Debian."
|
||||
hosts: update
|
||||
roles:
|
||||
- system
|
||||
@ -6,4 +6,5 @@
|
||||
- softwares
|
||||
- bpytop
|
||||
- wireguard
|
||||
- ip_forward
|
||||
- clean
|
||||
|
||||
Loading…
Reference in New Issue
Block a user