Add heartbeat

2024-11-15 15:04:54 +00:00
parent 53489b5764
commit 5d8e0effe1
14 changed files with 446 additions and 255 deletions
@@ -0,0 +1,6 @@
+---
+- name: Update all packages to their latest version
+  become: true
+  ansible.builtin.apt:
+    update_cache: yes
+    upgrade: full
@@ -0,0 +1,12 @@
+---
+- name: Install a list of packages
+  ansible.builtin.apt:
+    pkg:
+    - git
+    - ca-certificates
+    - curl
+    - gnupg
+    - apt-transport-https
+    - gcc
+    - g++
+    - make
@@ -0,0 +1,4 @@
+---
+- name: Configure repo and node 
+  shell: |
+    curl -sL https://deb.nodesource.com/setup_22.x | sudo -E bash - && sudo apt-get install -y nodejs
@@ -0,0 +1,62 @@
+- name: "Generate client certificate key"
+  become: yes
+  shell: source vars; ./build-key --batch 
+  args: 
+    chdir: "{{ ansible_env.HOME }}/openvpn-ca/"
+    executable: /bin/bash
+
+- name: "Create client certificate configs dir"
+  become: yes
+  file: 
+    owner: "{{ ansible_env.USER }}"
+    group: "{{ ansible_env.USER }}"
+    path: "{{ ansible_env.HOME }}/openvpn-ca/{{client_name}}"
+    state: directory
+    mode: 0700
+
+- name: "Copy client sample configs from remote host itself"
+  become: yes
+  copy:
+      remote_src: yes
+      src: /usr/share/doc/openvpn/examples/sample-config-files/client.conf
+      dest: "{{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn"
+
+- name: Set the server ip and port
+  lineinfile:
+    dest: "{{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn"
+    regexp: "^{{ item.regex | regex_escape() }}"
+    line: "{{ item.value }}"
+  with_items:
+    - { regex: 'remote lino.cooking 1194', value: 'remote {{ groups["openVPN"][0] }} 1194' }
+    - { regex: ';user nobody', value: 'user nobody' }
+    - { regex: ';group nogroup', value: 'group nogroup' }
+    - { regex: 'ca ca.crt', value: '#ca ca.crt' }
+    - { regex: 'cert client.crt', value: '#cert client.crt' }
+    - { regex: 'key client.key', value: '#key client.key' }
+    - { regex: 'tls-auth ta.key 1', value: '#tls-auth ta.key 1' }
+
+- name: "Create client ovpn file"
+  become: yes
+  shell: "{{ item }}"
+  with_items:
+    - echo -e '<ca>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+    - cat {{ ansible_env.HOME }}/openvpn-ca/keys/ca.crt >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+    - echo -e '</ca>\n<cert>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+    - cat {{ ansible_env.HOME }}/openvpn-ca/keys/{{client_name}}.crt >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+    - echo -e '</cert>\n<key>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+    - cat {{ ansible_env.HOME }}/openvpn-ca/keys/{{client_name}}.key >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+    - echo -e '</key>\n<tls-auth>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+    - cat {{ ansible_env.HOME }}/openvpn-ca/keys/ta.key >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+    - echo -e '</tls-auth>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+    - echo -e 'key-direction 1' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
+  args:
+    chdir: "{{ ansible_env.HOME }}/openvpn-ca/"
+    executable: /bin/bash
+
+- name: Fetch client configurations
+  fetch:
+    src: "{{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{ item|basename }}"
+    dest: "{{ destination_key }}/"
+    flat: yes
+  with_items:
+    - "{{client_name}}.ovpn"
@@ -0,0 +1,3 @@
+---
+client_name: "heartbeat-1"
+destination_key: "{{ playbook_dir }}"
@@ -0,0 +1,18 @@
+---
+- name: daemon reload
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: set directory permissions
+  ansible.builtin.file:
+    path: "{{ uptime_kuma_installation_directory }}"
+    state: directory
+    recurse: true
+    owner: "{{ uptime_kuma_user }}"
+    group: "{{ uptime_kuma_user }}"
+  notify: restart uptime-kuma
+
+- name: restart uptime-kuma
+  ansible.builtin.service:
+    name: uptime-kuma.service
+    state: restarted
@@ -0,0 +1,38 @@
+- name: Ensure the {{ uptime_kuma_user }} user exists
+  ansible.builtin.user:
+    name: "{{ uptime_kuma_user }}"
+    home: "{{ uptime_kuma_home }}"
+    shell: /usr/sbin/nologin
+    system: true
+    state: present
+
+- name: Configure repo and node 
+  shell: |
+    git config --global --add safe.directory {{ uptime_kuma_installation_directory }}
+
+- name: Clone the uptime-kuma repo
+  ansible.builtin.git:
+    repo: https://github.com/louislam/uptime-kuma.git
+    dest: "{{ uptime_kuma_installation_directory }}"
+    version: "{{ uptime_kuma_version }}"
+  register: uptime_git
+  notify: set directory permissions
+
+- name: Configure repo and node 
+  shell: |
+    cd {{ uptime_kuma_installation_directory }}
+    npm run setup
+
+- name: Copy the template file for the uptime-kuma service
+  ansible.builtin.template:
+    src: templates/uptime-kuma.service.j2
+    dest: /etc/systemd/system/uptime-kuma.service
+    mode: u=rw,g=r,o=r
+  notify:
+    - daemon reload
+    - restart uptime-kuma
+
+- name: Ensure the service is enabled
+  ansible.builtin.service:
+    name: uptime-kuma.service
+    enabled: true
@@ -0,0 +1,15 @@
+[Unit]
+Description=Uptime-Kuma - A free and open source uptime monitoring solution
+Documentation=https://github.com/louislam/uptime-kuma
+After=network.target
+
+[Service]
+Type=simple
+User={{ uptime_kuma_user }}
+Group={{ uptime_kuma_user }}
+WorkingDirectory={{ uptime_kuma_installation_directory }}
+ExecStart=/usr/bin/npm run start-server
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,6 @@
+---
+uptime_kuma_user: uptime
+uptime_kuma_version: 1.23.15
+
+uptime_kuma_home: /home/uptime
+uptime_kuma_installation_directory: "{{ uptime_kuma_home }}/uptime-kuma"