Compare commits
10 Commits
0ad05fedf2
...
68d787e9ac
| Author | SHA1 | Date | |
|---|---|---|---|
68d787e9ac
|
|||
| 700396cc31 | |||
| 20fd717e0b | |||
| 26d7236f0b | |||
| 36a73b5adc | |||
| adfa86ac26 | |||
| 93fe54ddbc | |||
| b365ca5a02 | |||
| a86eac38f0 | |||
| be57907d55 |
18
.gitea/workflows/lint.yml
Normal file
18
.gitea/workflows/lint.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
name: "Lint"
|
||||||
|
on: push
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
name: "Lint"
|
||||||
|
runs-on: python-bookworm
|
||||||
|
steps:
|
||||||
|
- name: Check out repository code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- name: Activate venv & install dependencies
|
||||||
|
run: |
|
||||||
|
python3 -m venv venv
|
||||||
|
. venv/bin/activate
|
||||||
|
echo PATH=$PATH >> $GITHUB_ENV
|
||||||
|
pip install ansible ansible-lint
|
||||||
|
- name: Lint
|
||||||
|
run: ansible-lint --show-relpath .
|
||||||
@ -1,8 +0,0 @@
|
|||||||
stages:
|
|
||||||
- "linting"
|
|
||||||
|
|
||||||
ansible-lint:
|
|
||||||
stage: linting
|
|
||||||
image: registry.gitlab.com/pipeline-components/ansible-lint:latest
|
|
||||||
script:
|
|
||||||
- ansible-lint --show-relpath .
|
|
||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
- name: "Update/upgrade debian and install docker and misc tools."
|
- name: "Update/upgrade debian and install misc tools."
|
||||||
hosts: basic
|
hosts: basic
|
||||||
roles:
|
roles:
|
||||||
- system
|
- system
|
||||||
|
|||||||
@ -1,4 +1,16 @@
|
|||||||
---
|
---
|
||||||
|
- name: Ensure systemd-resolved doesn't interfere
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/systemd/resolved.conf
|
||||||
|
regexp: '^DNSStubListener='
|
||||||
|
insertafter: '^[Resolve]'
|
||||||
|
line: DNSStubListener=no
|
||||||
|
|
||||||
|
- name: Restart systemd-resolved service
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: systemd-resolved
|
||||||
|
state: restarted
|
||||||
|
|
||||||
- name: Install dnsmasq
|
- name: Install dnsmasq
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: dnsmasq
|
name: dnsmasq
|
||||||
|
|||||||
8
roles/ip_forward/tasks/main.yaml
Normal file
8
roles/ip_forward/tasks/main.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- name: Enable IPv4 forwarding
|
||||||
|
ansible.posix.sysctl:
|
||||||
|
name: net.ipv4.ip_forward
|
||||||
|
value: '1'
|
||||||
|
sysctl_set: true
|
||||||
|
state: present
|
||||||
|
reload: true
|
||||||
12
roles/network_tools/main.yaml
Normal file
12
roles/network_tools/main.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- name: Install tcpdump
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: tcpdump
|
||||||
|
state: latest
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Install jnettop
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: jnettop
|
||||||
|
state: latest
|
||||||
|
update_cache: true
|
||||||
22
roles/nftables/tasks/main.yaml
Normal file
22
roles/nftables/tasks/main.yaml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
---
|
||||||
|
- name: Install nftables
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: nftables
|
||||||
|
state: latest
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Install ulogd (for nftables logging)
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: ulogd2
|
||||||
|
state: latest
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Enable nftables service
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: nftables
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Start nftables service
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: nftables
|
||||||
|
state: started
|
||||||
@ -16,9 +16,3 @@
|
|||||||
name: net-tools
|
name: net-tools
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
- name: Install jnettop
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: jnettop
|
|
||||||
state: latest
|
|
||||||
update_cache: true
|
|
||||||
|
|||||||
49
roles/telegraf/tasks/main.yaml
Normal file
49
roles/telegraf/tasks/main.yaml
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
- name: Install required system packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
pkg:
|
||||||
|
- apt-transport-https
|
||||||
|
- ca-certificates
|
||||||
|
- gnupg
|
||||||
|
- curl
|
||||||
|
state: latest
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Add Influxdata GPG apt key
|
||||||
|
ansible.builtin.apt_key:
|
||||||
|
url: "https://repos.influxdata.com/influxdata-archive.key"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Add Influxdata repository
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: deb https://repos.influxdata.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
|
||||||
|
state: present
|
||||||
|
filename: "telegraf"
|
||||||
|
|
||||||
|
- name: Install telegraf package
|
||||||
|
ansible.builtin.apt:
|
||||||
|
pkg:
|
||||||
|
- telegraf
|
||||||
|
state: latest
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Gather the package facts
|
||||||
|
ansible.builtin.package_facts:
|
||||||
|
manager: auto
|
||||||
|
|
||||||
|
- name: Add telegraf to docker group
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: telegraf
|
||||||
|
groups: docker
|
||||||
|
append: true
|
||||||
|
when: "'docker-ce' in ansible_facts.packages"
|
||||||
|
|
||||||
|
- name: Enable telegraf service
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: telegraf
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Stop telegraf service (configure it before starting)
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: telegraf
|
||||||
|
state: stopped
|
||||||
@ -1,10 +1,12 @@
|
|||||||
---
|
---
|
||||||
- name: "Update/upgrade debian and install docker and misc tools."
|
- name: "Update/upgrade debian and install router softwares and misc tools."
|
||||||
hosts: router
|
hosts: router
|
||||||
roles:
|
roles:
|
||||||
- system
|
- system
|
||||||
- softwares
|
- softwares
|
||||||
|
- network_tools
|
||||||
- bpytop
|
- bpytop
|
||||||
|
- ip_forward
|
||||||
- dnsmasq
|
- dnsmasq
|
||||||
- nftables
|
- nftables
|
||||||
- clean
|
- clean
|
||||||
|
|||||||
5
telegraf.yaml
Normal file
5
telegraf.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- name: "Install telegraf on debian."
|
||||||
|
hosts: telegraf
|
||||||
|
roles:
|
||||||
|
- telegraf
|
||||||
5
update.yaml
Normal file
5
update.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- name: "Update and upgrade Debian."
|
||||||
|
hosts: update
|
||||||
|
roles:
|
||||||
|
- system
|
||||||
@ -6,4 +6,5 @@
|
|||||||
- softwares
|
- softwares
|
||||||
- bpytop
|
- bpytop
|
||||||
- wireguard
|
- wireguard
|
||||||
|
- ip_forward
|
||||||
- clean
|
- clean
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user