diff options
author | clarkzjw <[email protected]> | 2023-01-13 16:53:03 -0800 |
---|---|---|
committer | clarkzjw <[email protected]> | 2023-01-13 16:53:03 -0800 |
commit | a077d65e5f7f415cc17abeee2264e24957ef97cd (patch) | |
tree | d392e85446a7eb680a8178588f39517c84577825 /clarkzjw.cc | |
parent | 945aa9e6f634a078937fdf21d09f32e77f4c1a7b (diff) | |
download | homelab-a077d65e5f7f415cc17abeee2264e24957ef97cd.tar.gz |
change domain to clarkzjw.cc
Diffstat (limited to 'clarkzjw.cc')
18 files changed, 354 insertions, 0 deletions
diff --git a/clarkzjw.cc/config/atlas/ansible/README.md b/clarkzjw.cc/config/atlas/ansible/README.md new file mode 100644 index 0000000..55f8989 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/README.md | |||
@@ -0,0 +1,34 @@ | |||
1 | # Atlas | ||
2 | |||
3 | Hostname: atlas | ||
4 | Usage: HomeLab Main NAS | ||
5 | |||
6 | ## Step | ||
7 | |||
8 | ### Init | ||
9 | |||
10 | ```bash | ||
11 | ansible-playbook init.yaml -K -k | ||
12 | ``` | ||
13 | |||
14 | Login and exec `sudo tailscale up` and authorize Tailscale in the admin panel. | ||
15 | |||
16 | ### Setup | ||
17 | ```bash | ||
18 | ansible-playbook setup.yaml | ||
19 | ``` | ||
20 | |||
21 | ### Import zfs pool | ||
22 | ```bash | ||
23 | zpool status | ||
24 | zpool import pool1 | ||
25 | |||
26 | ... | ||
27 | zpool export pool1 | ||
28 | ``` | ||
29 | |||
30 | ### Setup Samba | ||
31 | ```bash | ||
32 | source admin-rc | ||
33 | ansible-playbook samba.yaml | ||
34 | ``` | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/ansible.cfg b/clarkzjw.cc/config/atlas/ansible/ansible.cfg new file mode 100644 index 0000000..e0f6c28 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/ansible.cfg | |||
@@ -0,0 +1,14 @@ | |||
1 | [defaults] | ||
2 | host_key_checking = False | ||
3 | transport = ssh | ||
4 | remote_user = clarkzjw | ||
5 | roles_path = roles | ||
6 | inventory = inventory | ||
7 | force_color = True | ||
8 | interpreter_python = auto_silent | ||
9 | |||
10 | [connection] | ||
11 | pipelining = True | ||
12 | |||
13 | [privilege_escalation] | ||
14 | become = True | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/init.yaml b/clarkzjw.cc/config/atlas/ansible/init.yaml new file mode 100644 index 0000000..3dfbc09 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/init.yaml | |||
@@ -0,0 +1,10 @@ | |||
1 | --- | ||
2 | - name: Init | ||
3 | hosts: atlas | ||
4 | remote_user: root | ||
5 | gather_facts: true | ||
6 | vars: | ||
7 | ansible_ssh_common_args: "-J pve" | ||
8 | |||
9 | roles: | ||
10 | - role: init | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml b/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml new file mode 100644 index 0000000..bee48c4 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml | |||
@@ -0,0 +1,3 @@ | |||
1 | all: | ||
2 | hosts: | ||
3 | atlas: | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/requirements.yaml b/clarkzjw.cc/config/atlas/ansible/requirements.yaml new file mode 100644 index 0000000..33f6117 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/requirements.yaml | |||
@@ -0,0 +1,6 @@ | |||
1 | --- | ||
2 | collections: | ||
3 | - name: community.general | ||
4 | version: 4.7.0 | ||
5 | - name: ansible.posix | ||
6 | version: 1.3.0 | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/role.yaml b/clarkzjw.cc/config/atlas/ansible/role.yaml new file mode 100644 index 0000000..ab3fca5 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/role.yaml | |||
@@ -0,0 +1,3 @@ | |||
1 | - hosts: "{{ target }}" | ||
2 | roles: | ||
3 | - role: "{{ role }}" | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml | |||
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml new file mode 100644 index 0000000..e53d3eb --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml | |||
@@ -0,0 +1,66 @@ | |||
1 | - name: Disable unattended-upgrades | ||
2 | systemd: | ||
3 | name: unattended-upgrades | ||
4 | state: stopped | ||
5 | enabled: false | ||
6 | |||
7 | - name: Install packages | ||
8 | apt: | ||
9 | name: | ||
10 | - apt-transport-https | ||
11 | - build-essential | ||
12 | - ca-certificates | ||
13 | - cifs-utils | ||
14 | - vnstat | ||
15 | - postfix | ||
16 | - lsb-release | ||
17 | - python3 | ||
18 | - python3-dev | ||
19 | - python3-pip | ||
20 | - unzip | ||
21 | - gnupg | ||
22 | - rsync | ||
23 | - sudo | ||
24 | - htop | ||
25 | - curl | ||
26 | - tree | ||
27 | - zip | ||
28 | - vim | ||
29 | - zsh | ||
30 | - git | ||
31 | update_cache: true | ||
32 | |||
33 | - name: Enable bullseye-backport | ||
34 | apt_repository: | ||
35 | repo: deb https://deb.debian.org/debian {{ ansible_distribution_release | lower }}-backports main contrib non-free | ||
36 | state: present | ||
37 | |||
38 | # Check https://wiki.debian.org/ZFS for additional information | ||
39 | - name: Install ZFS | ||
40 | apt: | ||
41 | name: | ||
42 | - linux-headers-amd64 | ||
43 | - linux-headers-{{ ansible_kernel }} | ||
44 | - zfsutils-linux | ||
45 | - zfs-dkms | ||
46 | update_cache: true | ||
47 | fail_on_autoremove: yes | ||
48 | default_release: "{{ ansible_distribution_release | lower }}-backports" | ||
49 | |||
50 | - name: Load zfs kernel module | ||
51 | modprobe: | ||
52 | name: zfs | ||
53 | state: present | ||
54 | |||
55 | - name: Clean unneeded packages | ||
56 | apt: | ||
57 | autoremove: true | ||
58 | purge: true | ||
59 | |||
60 | - name: Remove useless packages from the cache | ||
61 | apt: | ||
62 | autoclean: yes | ||
63 | |||
64 | - name: Run the equivalent of "apt-get clean" as a separate step | ||
65 | apt: | ||
66 | clean: yes | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml new file mode 100644 index 0000000..29cf529 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml | |||
@@ -0,0 +1,56 @@ | |||
1 | - name: Make sure we have a 'wheel' group | ||
2 | group: | ||
3 | name: wheel | ||
4 | state: present | ||
5 | |||
6 | - name: Allow 'wheel' group to have passwordless sudo | ||
7 | lineinfile: | ||
8 | dest: /etc/sudoers | ||
9 | state: present | ||
10 | regexp: '^%wheel' | ||
11 | line: '%wheel ALL=(ALL) NOPASSWD: ALL' | ||
12 | validate: visudo -cf %s | ||
13 | |||
14 | - name: Add sudoers users to wheel group | ||
15 | user: | ||
16 | name: clarkzjw | ||
17 | groups: wheel | ||
18 | append: yes | ||
19 | |||
20 | - name: Set authorized keys taken from url | ||
21 | authorized_key: | ||
22 | user: clarkzjw | ||
23 | state: present | ||
24 | key: https://github.com/clarkzjw.keys | ||
25 | |||
26 | - name: Add Tailscale GPG apt Key | ||
27 | apt_key: | ||
28 | url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg | ||
29 | keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg | ||
30 | state: present | ||
31 | |||
32 | - name: Add Tailscale Repository | ||
33 | get_url: | ||
34 | url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list | ||
35 | dest: /etc/apt/sources.list.d/tailscale.list | ||
36 | |||
37 | - name: Install Tailscale | ||
38 | apt: | ||
39 | name: | ||
40 | - tailscale | ||
41 | update_cache: true | ||
42 | |||
43 | - name: Disable Root Login | ||
44 | lineinfile: | ||
45 | dest: /etc/ssh/sshd_config | ||
46 | regexp: '^PermitRootLogin yes' | ||
47 | line: "PermitRootLogin no" | ||
48 | state: present | ||
49 | backup: yes | ||
50 | |||
51 | - name: Restart SSHD | ||
52 | systemd: | ||
53 | name: ssh | ||
54 | enabled: true | ||
55 | state: restarted | ||
56 | daemon_reload: true | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml new file mode 100644 index 0000000..88c23b1 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml | |||
@@ -0,0 +1,3 @@ | |||
1 | samba_users: | ||
2 | - username: clarkzjw | ||
3 | password: "{{ lookup('env', 'SAMBA_PASSWORD') }}" \ No newline at end of file | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml new file mode 100644 index 0000000..80950dc --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml | |||
@@ -0,0 +1,53 @@ | |||
1 | - name: Install Samba | ||
2 | apt: | ||
3 | name: | ||
4 | - samba | ||
5 | - smbclient | ||
6 | - cifs-utils | ||
7 | update_cache: true | ||
8 | |||
9 | - name: Disable Samba NetBIOS server nmbd | ||
10 | systemd: | ||
11 | name: nmbd | ||
12 | state: stopped | ||
13 | enabled: false | ||
14 | |||
15 | - name: render samba config file | ||
16 | template: | ||
17 | src: smb.conf.j2 | ||
18 | dest: "/etc/samba/smb.conf" | ||
19 | mode: 0644 | ||
20 | |||
21 | # https://stackoverflow.com/questions/44762488/non-interactive-samba-user-creation-via-ansible | ||
22 | - name: shell - create samba users | ||
23 | shell: > | ||
24 | set -e -o pipefail | ||
25 | && (pdbedit --user={{ item.username }} 2>&1 > /dev/null) | ||
26 | || (echo '{{ item.password }}'; echo '{{ item.password }}') | ||
27 | | smbpasswd -s -a {{ item.username }} | ||
28 | args: | ||
29 | executable: /bin/bash | ||
30 | register: samba_create_users | ||
31 | changed_when: "'Added user' in samba_create_users.stdout" | ||
32 | loop: "{{ samba_users }}" | ||
33 | no_log: true | ||
34 | |||
35 | - name: shell - set samba passwords correctly | ||
36 | shell: > | ||
37 | set -e -o pipefail | ||
38 | && (smbclient -U {{ item.username }}%{{ item.password }} -L 127.0.0.1 2>&1 > /dev/null) | ||
39 | || (echo '{{ item.password }}'; echo '{{ item.password }}') | ||
40 | | smbpasswd {{ item.username }} | ||
41 | args: | ||
42 | executable: /bin/bash | ||
43 | register: samba_verify_users | ||
44 | changed_when: "'New SMB password' in samba_verify_users.stdout" | ||
45 | loop: "{{ samba_users }}" | ||
46 | no_log: true | ||
47 | |||
48 | - name: Restart SMB service | ||
49 | systemd: | ||
50 | name: smbd | ||
51 | state: restarted | ||
52 | enabled: true | ||
53 | daemon_reload: true | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 new file mode 100644 index 0000000..06e2567 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 | |||
@@ -0,0 +1,33 @@ | |||
1 | [global] | ||
2 | workgroup = WORKGROUP | ||
3 | interfaces = 192.168.1.0/24 tailscale0 | ||
4 | bind interfaces only = yes | ||
5 | log file = /var/log/samba/log.%m | ||
6 | max log size = 1000 | ||
7 | logging = file | ||
8 | panic action = /usr/share/samba/panic-action %d | ||
9 | server role = standalone server | ||
10 | obey pam restrictions = yes | ||
11 | unix password sync = yes | ||
12 | passwd program = /usr/bin/passwd %u | ||
13 | passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . | ||
14 | pam password change = yes | ||
15 | map to guest = bad user | ||
16 | |||
17 | [homes] | ||
18 | comment = Home Directories | ||
19 | browseable = no | ||
20 | read only = yes | ||
21 | create mask = 0700 | ||
22 | directory mask = 0700 | ||
23 | valid users = %S | ||
24 | |||
25 | [pool1] | ||
26 | comment = NAS Share | ||
27 | path = /pool1/clarkzjw | ||
28 | writable = yes | ||
29 | guest ok = no | ||
30 | valid users = @clarkzjw | ||
31 | force create mode = 770 | ||
32 | force directory mode = 770 | ||
33 | inherit permissions = yes | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/samba.yaml b/clarkzjw.cc/config/atlas/ansible/samba.yaml new file mode 100644 index 0000000..f363afc --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/samba.yaml | |||
@@ -0,0 +1,7 @@ | |||
1 | - name: Setup Samba | ||
2 | hosts: atlas | ||
3 | remote_user: clarkzjw | ||
4 | gather_facts: true | ||
5 | |||
6 | roles: | ||
7 | - role: samba | ||
diff --git a/clarkzjw.cc/config/atlas/ansible/setup.yaml b/clarkzjw.cc/config/atlas/ansible/setup.yaml new file mode 100644 index 0000000..0dbbd4a --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/setup.yaml | |||
@@ -0,0 +1,7 @@ | |||
1 | - name: Install ZFS and setup Debian | ||
2 | hosts: atlas | ||
3 | remote_user: clarkzjw | ||
4 | gather_facts: true | ||
5 | |||
6 | roles: | ||
7 | - role: debian_init | ||
diff --git a/clarkzjw.cc/infra/.terraform.lock.hcl b/clarkzjw.cc/infra/.terraform.lock.hcl new file mode 100644 index 0000000..5a1955d --- /dev/null +++ b/clarkzjw.cc/infra/.terraform.lock.hcl | |||
@@ -0,0 +1,24 @@ | |||
1 | # This file is maintained automatically by "terraform init". | ||
2 | # Manual edits may be lost in future updates. | ||
3 | |||
4 | provider "registry.terraform.io/cloudflare/cloudflare" { | ||
5 | version = "3.32.0" | ||
6 | constraints = "~> 3.29" | ||
7 | hashes = [ | ||
8 | "h1:m+MuihUEa0RARMGxpGKAOeCq99d94njRXJjKCAc6Xtk=", | ||
9 | "zh:0be6ee63a380c7cf8b0666dd296ab5cdb9ec0a18ae99cd11d732783debd783f4", | ||
10 | "zh:0dca442861a263aaadf5c95ce962b979b8380c9c6e472018cba345aa9b6484ef", | ||
11 | "zh:549b44da944698d07d58d678f528e14d81c76d8e16d0dcab3d47a2956b20c2dd", | ||
12 | "zh:604206dca9896baec3759c34d83477535eaba9c40843d299bf5dd302830883fd", | ||
13 | "zh:6bff7b21254f218eba7da0227694abe33de7750a59d8d54dd04c814a0b5fe3dc", | ||
14 | "zh:7364c2bbae08208384831ccad983963c9746a83ac02e8061b6cc78407b202605", | ||
15 | "zh:7fba3591440ef6485eac5ab5794f7f43b4e0195365b5451bac29bd2dbccdbe14", | ||
16 | "zh:844a6ede2b60df8507865b0b2c137c76412ec55e8601ca132c113bc5d4d5f594", | ||
17 | "zh:90947dd9bfe6a5ab0b77c6c36bbbf07d67c94d6d22cc4fbe3c7572accda7f9b4", | ||
18 | "zh:987fd764c9f2595eba98774fa07bb669ae97546e06289b10a5536f1c1c2cb618", | ||
19 | "zh:993c8b9e7ab31ac39cd586a07578113341bb5870bc2348875a4ad4f2234efe0e", | ||
20 | "zh:be77e1575e93485e8a507e995e5f6cefc9f14681dc26396813cbf079fda87c20", | ||
21 | "zh:c300598e693c177f8a6dd3ff42e9f95cbaf7789d77124ad48899b9f4f8400ec0", | ||
22 | "zh:f589e8754cb4dc6baf43c0f08004073bb2e8a703aa71680f9ac2efd49fdc7bdf", | ||
23 | ] | ||
24 | } | ||
diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf new file mode 100644 index 0000000..f269129 --- /dev/null +++ b/clarkzjw.cc/infra/cloudflare.tf | |||
@@ -0,0 +1,23 @@ | |||
1 | data "cloudflare_zones" "homelab_main_domain" { | ||
2 | filter { | ||
3 | name = var.homelab_main_domain | ||
4 | } | ||
5 | } | ||
6 | |||
7 | variable "homelab_www_domain" { | ||
8 | default = "clarkzjw.cc" | ||
9 | } | ||
10 | |||
11 | variable "homelab_www_ip" { | ||
12 | default = "8.8.8.8" | ||
13 | } | ||
14 | |||
15 | resource "cloudflare_record" "main" { | ||
16 | zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id | ||
17 | name = var.homelab_www_domain | ||
18 | value = var.homelab_www_ip | ||
19 | type = "A" | ||
20 | |||
21 | ttl = 1 | ||
22 | proxied = true | ||
23 | } | ||
diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf new file mode 100644 index 0000000..faa527e --- /dev/null +++ b/clarkzjw.cc/infra/variables.tf | |||
@@ -0,0 +1,4 @@ | |||
1 | variable "homelab_main_domain" { | ||
2 | description = "HomeLab Main Domain" | ||
3 | default = "clarkzjw.cc" | ||
4 | } | ||
diff --git a/clarkzjw.cc/infra/versions.tf b/clarkzjw.cc/infra/versions.tf new file mode 100644 index 0000000..1551173 --- /dev/null +++ b/clarkzjw.cc/infra/versions.tf | |||
@@ -0,0 +1,8 @@ | |||
1 | terraform { | ||
2 | required_providers { | ||
3 | cloudflare = { | ||
4 | source = "cloudflare/cloudflare" | ||
5 | version = "~> 3.29" | ||
6 | } | ||
7 | } | ||
8 | } | ||