Add heartbeat

2024-11-15 15:04:54 +00:00
parent 53489b5764
commit 5d8e0effe1
14 changed files with 446 additions and 255 deletions
@@ -388,3 +388,13 @@ ghostfolio_jwt: !vault |
  39653234323065663539333661383230363339306566363836636239363036656231616130313930
  38393132626531386631633536333633653866626364376134613862623338653664336563653031
  643433306266643631353535336639343231
 heartbeat_user_pwd: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  36383161343965643131303065346532653336643864633266383164623464326538623466383030
  3565366234666263316233313765633236386637313538350a316536363561313633613630383538
  64313439323963313231663135353166326666366432393766343266313832373133633836643165
  3435656236623236640a313633653662616437626236313865343266656261386265343339653637
  33663438636431313163666234323738316131323263643966613136386537303634303537333036
  35623363313731343734613036383731306439663661326465363335633433356533333837303038
  636262643139396462643966383465376263
@@ -0,0 +1,5 @@
 ---
 ansible_user: Prenatal4216
 ansible_host: 10.0.0.203
 ansible_ssh_pass: "{{ heartbeat_user_pwd }}"
@@ -33,3 +33,6 @@ impa
 epona-pihole
 revali-pihole
 urbosa-pihole
 [heartbeat_hosts]
 heartbeat-1
@@ -1,16 +1,16 @@
 ---
-# - hosts: localhost
+- hosts: localhost
-#   become: yes
+  become: yes
-#   roles:
+  roles:
-#     - role: ghostfolio/provision/delete
+    - role: ghostfolio/provision/delete
-#       vars:
+      vars:
-#         vmid: 640
+        vmid: 640
-#     - role: ghostfolio/provision/create
+    - role: ghostfolio/provision/create
-#       vars:
+      vars:
-#         vmid: 640
+        vmid: 640
-#     - role: ghostfolio/provision/start
+    - role: ghostfolio/provision/start
-#       vars:
+      vars:
-#         vmid: 640
+        vmid: 640
 - hosts: purah
  become: yes
@@ -0,0 +1,9 @@
 ---
 - hosts: heartbeat_hosts
  become: yes
  roles: 
    # - role: heartbeat/provision/00-update-os
    # - role: heartbeat/provision/01-install-dependencies
    # - role: heartbeat/setup/node
    #- role: heartbeat/setup/openvpn-client
    - role: heartbeat/setup/uptime-kuma
@@ -0,0 +1,6 @@
 ---
 - name: Update all packages to their latest version
  become: true
  ansible.builtin.apt:
    update_cache: yes
    upgrade: full
@@ -0,0 +1,12 @@
 ---
 - name: Install a list of packages
  ansible.builtin.apt:
    pkg:
    - git
    - ca-certificates
    - curl
    - gnupg
    - apt-transport-https
    - gcc
    - g++
    - make
@@ -0,0 +1,4 @@
 ---
 - name: Configure repo and node 
  shell: |
    curl -sL https://deb.nodesource.com/setup_22.x | sudo -E bash - && sudo apt-get install -y nodejs
@@ -0,0 +1,62 @@
 - name: "Generate client certificate key"
  become: yes
  shell: source vars; ./build-key --batch 
  args: 
    chdir: "{{ ansible_env.HOME }}/openvpn-ca/"
    executable: /bin/bash
 - name: "Create client certificate configs dir"
  become: yes
  file: 
    owner: "{{ ansible_env.USER }}"
    group: "{{ ansible_env.USER }}"
    path: "{{ ansible_env.HOME }}/openvpn-ca/{{client_name}}"
    state: directory
    mode: 0700
 - name: "Copy client sample configs from remote host itself"
  become: yes
  copy:
      remote_src: yes
      src: /usr/share/doc/openvpn/examples/sample-config-files/client.conf
      dest: "{{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn"
 - name: Set the server ip and port
  lineinfile:
    dest: "{{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn"
    regexp: "^{{ item.regex | regex_escape() }}"
    line: "{{ item.value }}"
  with_items:
    - { regex: 'remote lino.cooking 1194', value: 'remote {{ groups["openVPN"][0] }} 1194' }
    - { regex: ';user nobody', value: 'user nobody' }
    - { regex: ';group nogroup', value: 'group nogroup' }
    - { regex: 'ca ca.crt', value: '#ca ca.crt' }
    - { regex: 'cert client.crt', value: '#cert client.crt' }
    - { regex: 'key client.key', value: '#key client.key' }
    - { regex: 'tls-auth ta.key 1', value: '#tls-auth ta.key 1' }
 - name: "Create client ovpn file"
  become: yes
  shell: "{{ item }}"
  with_items:
    - echo -e '<ca>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
    - cat {{ ansible_env.HOME }}/openvpn-ca/keys/ca.crt >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
    - echo -e '</ca>\n<cert>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
    - cat {{ ansible_env.HOME }}/openvpn-ca/keys/{{client_name}}.crt >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
    - echo -e '</cert>\n<key>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
    - cat {{ ansible_env.HOME }}/openvpn-ca/keys/{{client_name}}.key >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
    - echo -e '</key>\n<tls-auth>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
    - cat {{ ansible_env.HOME }}/openvpn-ca/keys/ta.key >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
    - echo -e '</tls-auth>' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
    - echo -e 'key-direction 1' >> {{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{client_name}}.ovpn
  args:
    chdir: "{{ ansible_env.HOME }}/openvpn-ca/"
    executable: /bin/bash
 - name: Fetch client configurations
  fetch:
    src: "{{ ansible_env.HOME }}/openvpn-ca/{{client_name}}/{{ item|basename }}"
    dest: "{{ destination_key }}/"
    flat: yes
  with_items:
    - "{{client_name}}.ovpn"
@@ -0,0 +1,3 @@
 ---
 client_name: "heartbeat-1"
 destination_key: "{{ playbook_dir }}"
@@ -0,0 +1,18 @@
 ---
 - name: daemon reload
  ansible.builtin.systemd:
    daemon_reload: true
 - name: set directory permissions
  ansible.builtin.file:
    path: "{{ uptime_kuma_installation_directory }}"
    state: directory
    recurse: true
    owner: "{{ uptime_kuma_user }}"
    group: "{{ uptime_kuma_user }}"
  notify: restart uptime-kuma
 - name: restart uptime-kuma
  ansible.builtin.service:
    name: uptime-kuma.service
    state: restarted
@@ -0,0 +1,38 @@
 - name: Ensure the {{ uptime_kuma_user }} user exists
  ansible.builtin.user:
    name: "{{ uptime_kuma_user }}"
    home: "{{ uptime_kuma_home }}"
    shell: /usr/sbin/nologin
    system: true
    state: present
 - name: Configure repo and node 
  shell: |
    git config --global --add safe.directory {{ uptime_kuma_installation_directory }}
 - name: Clone the uptime-kuma repo
  ansible.builtin.git:
    repo: https://github.com/louislam/uptime-kuma.git
    dest: "{{ uptime_kuma_installation_directory }}"
    version: "{{ uptime_kuma_version }}"
  register: uptime_git
  notify: set directory permissions
 - name: Configure repo and node 
  shell: |
    cd {{ uptime_kuma_installation_directory }}
    npm run setup
 - name: Copy the template file for the uptime-kuma service
  ansible.builtin.template:
    src: templates/uptime-kuma.service.j2
    dest: /etc/systemd/system/uptime-kuma.service
    mode: u=rw,g=r,o=r
  notify:
    - daemon reload
    - restart uptime-kuma
 - name: Ensure the service is enabled
  ansible.builtin.service:
    name: uptime-kuma.service
    enabled: true
@@ -0,0 +1,15 @@
 [Unit]
 Description=Uptime-Kuma - A free and open source uptime monitoring solution
 Documentation=https://github.com/louislam/uptime-kuma
 After=network.target
 [Service]
 Type=simple
 User={{ uptime_kuma_user }}
 Group={{ uptime_kuma_user }}
 WorkingDirectory={{ uptime_kuma_installation_directory }}
 ExecStart=/usr/bin/npm run start-server
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target
@@ -0,0 +1,6 @@
 ---
 uptime_kuma_user: uptime
 uptime_kuma_version: 1.23.15
 uptime_kuma_home: /home/uptime
 uptime_kuma_installation_directory: "{{ uptime_kuma_home }}/uptime-kuma"