change domain to clarkzjw.cc

author: clarkzjw <[email protected]> 2023-01-13 16:53:03 -0800
committer: clarkzjw <[email protected]> 2023-01-13 16:53:03 -0800
commit: a077d65e5f7f415cc17abeee2264e24957ef97cd (patch)
tree: d392e85446a7eb680a8178588f39517c84577825 /clarkzjw.cc
parent: 945aa9e6f634a078937fdf21d09f32e77f4c1a7b (diff)
download: homelab-a077d65e5f7f415cc17abeee2264e24957ef97cd.tar.gz
18 files changed, 354 insertions, 0 deletions
diff --git a/clarkzjw.cc/config/atlas/ansible/README.md b/clarkzjw.cc/config/atlas/ansible/README.md
new file mode 100644
index 0000000..55f8989
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/README.md
@@ -0,0 +1,34 @@
+# Atlas
+Hostname: atlas
+Usage: HomeLab Main NAS
+## Step
+### Init
+```bash
+ansible-playbook init.yaml -K -k
+```
+Login and exec `sudo tailscale up` and authorize Tailscale in the admin panel.
+### Setup
+```bash
+ansible-playbook setup.yaml
+```
+### Import zfs pool
+```bash
+zpool status
+zpool import pool1
+...
+zpool export pool1
+```
+### Setup Samba
+```bash
+source admin-rc
+ansible-playbook samba.yaml
+```
diff --git a/clarkzjw.cc/config/atlas/ansible/ansible.cfg b/clarkzjw.cc/config/atlas/ansible/ansible.cfg
new file mode 100644
index 0000000..e0f6c28
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/ansible.cfg
@@ -0,0 +1,14 @@
+[defaults]
+host_key_checking = False
+transport = ssh
+remote_user = clarkzjw
+roles_path = roles
+inventory = inventory
+force_color = True
+interpreter_python = auto_silent
+[connection]
+pipelining = True
+[privilege_escalation]
+become = True
diff --git a/clarkzjw.cc/config/atlas/ansible/init.yaml b/clarkzjw.cc/config/atlas/ansible/init.yaml
new file mode 100644
index 0000000..3dfbc09
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/init.yaml
@@ -0,0 +1,10 @@
+---
+- name: Init
+  hosts: atlas
+  remote_user: root
+  gather_facts: true
+  vars:
+    ansible_ssh_common_args: "-J pve"
+  roles:
+    - role: init
diff --git a/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml b/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml
new file mode 100644
index 0000000..bee48c4
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml
@@ -0,0 +1,3 @@
+all:
+  hosts:
+    atlas:
diff --git a/clarkzjw.cc/config/atlas/ansible/requirements.yaml b/clarkzjw.cc/config/atlas/ansible/requirements.yaml
new file mode 100644
index 0000000..33f6117
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/requirements.yaml
@@ -0,0 +1,6 @@
+---
+collections:
+  - name: community.general
+    version: 4.7.0
+  - name: ansible.posix
+    version: 1.3.0
diff --git a/clarkzjw.cc/config/atlas/ansible/role.yaml b/clarkzjw.cc/config/atlas/ansible/role.yaml
new file mode 100644
index 0000000..ab3fca5
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/role.yaml
@@ -0,0 +1,3 @@
+- hosts: "{{ target }}"
+  roles:
+    - role: "{{ role }}"
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml
new file mode 100644
index 0000000..e53d3eb
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml
@@ -0,0 +1,66 @@
+- name: Disable unattended-upgrades
+  systemd:
+    name: unattended-upgrades
+    state: stopped
+    enabled: false
+- name: Install packages
+  apt:
+    name:
+      - apt-transport-https
+      - build-essential
+      - ca-certificates
+      - cifs-utils
+      - vnstat
+      - postfix
+      - lsb-release
+      - python3
+      - python3-dev
+      - python3-pip
+      - unzip
+      - gnupg
+      - rsync
+      - sudo
+      - htop
+      - curl
+      - tree
+      - zip
+      - vim
+      - zsh
+      - git
+    update_cache: true
+- name: Enable bullseye-backport
+  apt_repository:
+    repo: deb https://deb.debian.org/debian {{ ansible_distribution_release | lower }}-backports main contrib non-free
+    state: present
+# Check https://wiki.debian.org/ZFS for additional information
+- name: Install ZFS
+  apt:
+    name:
+      - linux-headers-amd64
+      - linux-headers-{{ ansible_kernel }}
+      - zfsutils-linux
+      - zfs-dkms
+    update_cache: true
+    fail_on_autoremove: yes
+    default_release: "{{ ansible_distribution_release | lower }}-backports"
+- name: Load zfs kernel module
+  modprobe:
+    name: zfs
+    state: present
+- name: Clean unneeded packages
+  apt:
+    autoremove: true
+    purge: true
+- name: Remove useless packages from the cache
+  apt:
+    autoclean: yes
+- name: Run the equivalent of "apt-get clean" as a separate step
+  apt:
+    clean: yes
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml
new file mode 100644
index 0000000..29cf529
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml
@@ -0,0 +1,56 @@
+- name: Make sure we have a 'wheel' group
+  group:
+    name: wheel
+    state: present
+- name: Allow 'wheel' group to have passwordless sudo
+  lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: '^%wheel'
+    line: '%wheel ALL=(ALL) NOPASSWD: ALL'
+    validate: visudo -cf %s
+- name: Add sudoers users to wheel group
+  user:
+    name: clarkzjw
+    groups: wheel
+    append: yes
+- name: Set authorized keys taken from url
+  authorized_key:
+    user: clarkzjw
+    state: present
+    key: https://github.com/clarkzjw.keys
+- name: Add Tailscale GPG apt Key
+  apt_key:
+    url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
+    keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg
+    state: present
+- name: Add Tailscale Repository
+  get_url:
+    url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list
+    dest: /etc/apt/sources.list.d/tailscale.list
+- name: Install Tailscale
+  apt:
+    name:
+      - tailscale
+    update_cache: true
+- name: Disable Root Login
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: '^PermitRootLogin yes'
+    line: "PermitRootLogin no"
+    state: present
+    backup: yes
+- name: Restart SSHD
+  systemd:
+    name: ssh
+    enabled: true
+    state: restarted
+    daemon_reload: true
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml
new file mode 100644
index 0000000..88c23b1
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml
@@ -0,0 +1,3 @@
+samba_users:
+- username: clarkzjw
+  password: "{{ lookup('env', 'SAMBA_PASSWORD') }}"
+\ No newline at end of file
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml
new file mode 100644
index 0000000..80950dc
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml
@@ -0,0 +1,53 @@
+- name: Install Samba
+  apt:
+    name:
+      - samba
+      - smbclient
+      - cifs-utils
+    update_cache: true
+- name: Disable Samba NetBIOS server nmbd
+  systemd:
+    name: nmbd
+    state: stopped
+    enabled: false
+- name: render samba config file
+  template:
+    src: smb.conf.j2
+    dest: "/etc/samba/smb.conf"
+    mode: 0644
+# https://stackoverflow.com/questions/44762488/non-interactive-samba-user-creation-via-ansible
+- name: shell - create samba users
+  shell: >
+    set -e -o pipefail
+    && (pdbedit --user={{ item.username }} 2>&1 > /dev/null)
+    || (echo '{{ item.password }}'; echo '{{ item.password }}')
+    | smbpasswd -s -a {{ item.username }}
+  args:
+    executable: /bin/bash
+  register: samba_create_users
+  changed_when: "'Added user' in samba_create_users.stdout"
+  loop: "{{ samba_users }}"
+  no_log: true
+- name: shell - set samba passwords correctly
+  shell: >
+    set -e -o pipefail
+    && (smbclient -U {{ item.username }}%{{ item.password }} -L 127.0.0.1 2>&1 > /dev/null)
+    || (echo '{{ item.password }}'; echo '{{ item.password }}')
+    | smbpasswd {{ item.username }}
+  args:
+    executable: /bin/bash
+  register: samba_verify_users
+  changed_when: "'New SMB password' in samba_verify_users.stdout"
+  loop: "{{ samba_users }}"
+  no_log: true
+- name: Restart SMB service
+  systemd:
+    name: smbd
+    state: restarted
+    enabled: true
+    daemon_reload: true
diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2
new file mode 100644
index 0000000..06e2567
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2
@@ -0,0 +1,33 @@
+[global]
+    workgroup = WORKGROUP
+    interfaces = 192.168.1.0/24 tailscale0
+    bind interfaces only = yes
+    log file = /var/log/samba/log.%m
+    max log size = 1000
+    logging = file
+    panic action = /usr/share/samba/panic-action %d
+    server role = standalone server
+    obey pam restrictions = yes
+    unix password sync = yes
+    passwd program = /usr/bin/passwd %u
+    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
+    pam password change = yes
+    map to guest = bad user
+[homes]
+   comment = Home Directories
+   browseable = no
+   read only = yes
+   create mask = 0700
+   directory mask = 0700
+   valid users = %S
+[pool1]
+    comment = NAS Share
+    path = /pool1/clarkzjw
+    writable = yes
+    guest ok = no
+    valid users = @clarkzjw
+    force create mode = 770
+    force directory mode = 770
+    inherit permissions = yes
diff --git a/clarkzjw.cc/config/atlas/ansible/samba.yaml b/clarkzjw.cc/config/atlas/ansible/samba.yaml
new file mode 100644
index 0000000..f363afc
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/samba.yaml
@@ -0,0 +1,7 @@
+- name: Setup Samba
+  hosts: atlas
+  remote_user: clarkzjw
+  gather_facts: true
+  roles:
+    - role: samba
diff --git a/clarkzjw.cc/config/atlas/ansible/setup.yaml b/clarkzjw.cc/config/atlas/ansible/setup.yaml
new file mode 100644
index 0000000..0dbbd4a
--- /dev/null
+++ b/clarkzjw.cc/config/atlas/ansible/setup.yaml
@@ -0,0 +1,7 @@
+- name: Install ZFS and setup Debian
+  hosts: atlas
+  remote_user: clarkzjw
+  gather_facts: true
+  roles:
+    - role: debian_init
diff --git a/clarkzjw.cc/infra/.terraform.lock.hcl b/clarkzjw.cc/infra/.terraform.lock.hcl
new file mode 100644
index 0000000..5a1955d
--- /dev/null
+++ b/clarkzjw.cc/infra/.terraform.lock.hcl
@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+provider "registry.terraform.io/cloudflare/cloudflare" {
+  version     = "3.32.0"
+  constraints = "~> 3.29"
+  hashes = [
+    "h1:m+MuihUEa0RARMGxpGKAOeCq99d94njRXJjKCAc6Xtk=",
+    "zh:0be6ee63a380c7cf8b0666dd296ab5cdb9ec0a18ae99cd11d732783debd783f4",
+    "zh:0dca442861a263aaadf5c95ce962b979b8380c9c6e472018cba345aa9b6484ef",
+    "zh:549b44da944698d07d58d678f528e14d81c76d8e16d0dcab3d47a2956b20c2dd",
+    "zh:604206dca9896baec3759c34d83477535eaba9c40843d299bf5dd302830883fd",
+    "zh:6bff7b21254f218eba7da0227694abe33de7750a59d8d54dd04c814a0b5fe3dc",
+    "zh:7364c2bbae08208384831ccad983963c9746a83ac02e8061b6cc78407b202605",
+    "zh:7fba3591440ef6485eac5ab5794f7f43b4e0195365b5451bac29bd2dbccdbe14",
+    "zh:844a6ede2b60df8507865b0b2c137c76412ec55e8601ca132c113bc5d4d5f594",
+    "zh:90947dd9bfe6a5ab0b77c6c36bbbf07d67c94d6d22cc4fbe3c7572accda7f9b4",
+    "zh:987fd764c9f2595eba98774fa07bb669ae97546e06289b10a5536f1c1c2cb618",
+    "zh:993c8b9e7ab31ac39cd586a07578113341bb5870bc2348875a4ad4f2234efe0e",
+    "zh:be77e1575e93485e8a507e995e5f6cefc9f14681dc26396813cbf079fda87c20",
+    "zh:c300598e693c177f8a6dd3ff42e9f95cbaf7789d77124ad48899b9f4f8400ec0",
+    "zh:f589e8754cb4dc6baf43c0f08004073bb2e8a703aa71680f9ac2efd49fdc7bdf",
+  ]
+}
diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf
new file mode 100644
index 0000000..f269129
--- /dev/null
+++ b/clarkzjw.cc/infra/cloudflare.tf
@@ -0,0 +1,23 @@
+data "cloudflare_zones" "homelab_main_domain" {
+  filter {
+    name = var.homelab_main_domain
+  }
+}
+variable "homelab_www_domain" {
+  default = "clarkzjw.cc"
+}
+variable "homelab_www_ip" {
+  default = "8.8.8.8"
+}
+resource "cloudflare_record" "main" {
+  zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
+  name    = var.homelab_www_domain
+  value   = var.homelab_www_ip
+  type    = "A"
+  ttl     = 1
+  proxied = true
+}
diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf
new file mode 100644
index 0000000..faa527e
--- /dev/null
+++ b/clarkzjw.cc/infra/variables.tf
@@ -0,0 +1,4 @@
+variable "homelab_main_domain" {
+  description = "HomeLab Main Domain"
+  default     = "clarkzjw.cc"
+}
diff --git a/clarkzjw.cc/infra/versions.tf b/clarkzjw.cc/infra/versions.tf
new file mode 100644
index 0000000..1551173
--- /dev/null
+++ b/clarkzjw.cc/infra/versions.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 3.29"
+    }
+  }
+}
author	clarkzjw <[email protected]>	2023-01-13 16:53:03 -0800
committer	clarkzjw <[email protected]>	2023-01-13 16:53:03 -0800
commit	a077d65e5f7f415cc17abeee2264e24957ef97cd (patch)
tree	d392e85446a7eb680a8178588f39517c84577825 /clarkzjw.cc
parent	945aa9e6f634a078937fdf21d09f32e77f4c1a7b (diff)
download	homelab-a077d65e5f7f415cc17abeee2264e24957ef97cd.tar.gz

diff --git a/clarkzjw.cc/config/atlas/ansible/README.md b/clarkzjw.cc/config/atlas/ansible/README.md new file mode 100644 index 0000000..55f8989 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/README.md
@@ -0,0 +1,34 @@
	1	# Atlas
	2
	3	Hostname: atlas
	4	Usage: HomeLab Main NAS
	5
	6	## Step
	7
	8	### Init
	9
	10	```bash
	11	ansible-playbook init.yaml -K -k
	12	```
	13
	14	Login and exec `sudo tailscale up` and authorize Tailscale in the admin panel.
	15
	16	### Setup
	17	```bash
	18	ansible-playbook setup.yaml
	19	```
	20
	21	### Import zfs pool
	22	```bash
	23	zpool status
	24	zpool import pool1
	25
	26	...
	27	zpool export pool1
	28	```
	29
	30	### Setup Samba
	31	```bash
	32	source admin-rc
	33	ansible-playbook samba.yaml
	34	```


diff --git a/clarkzjw.cc/config/atlas/ansible/ansible.cfg b/clarkzjw.cc/config/atlas/ansible/ansible.cfg new file mode 100644 index 0000000..e0f6c28 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/ansible.cfg
@@ -0,0 +1,14 @@
	1	[defaults]
	2	host_key_checking = False
	3	transport = ssh
	4	remote_user = clarkzjw
	5	roles_path = roles
	6	inventory = inventory
	7	force_color = True
	8	interpreter_python = auto_silent
	9
	10	[connection]
	11	pipelining = True
	12
	13	[privilege_escalation]
	14	become = True


diff --git a/clarkzjw.cc/config/atlas/ansible/init.yaml b/clarkzjw.cc/config/atlas/ansible/init.yaml new file mode 100644 index 0000000..3dfbc09 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/init.yaml
@@ -0,0 +1,10 @@
	1	---
	2	- name: Init
	3	hosts: atlas
	4	remote_user: root
	5	gather_facts: true
	6	vars:
	7	ansible_ssh_common_args: "-J pve"
	8
	9	roles:
	10	- role: init


diff --git a/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml b/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml new file mode 100644 index 0000000..bee48c4 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml
@@ -0,0 +1,3 @@
	1	all:
	2	hosts:
	3	atlas:


diff --git a/clarkzjw.cc/config/atlas/ansible/requirements.yaml b/clarkzjw.cc/config/atlas/ansible/requirements.yaml new file mode 100644 index 0000000..33f6117 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/requirements.yaml
@@ -0,0 +1,6 @@
	1	---
	2	collections:
	3	- name: community.general
	4	version: 4.7.0
	5	- name: ansible.posix
	6	version: 1.3.0


diff --git a/clarkzjw.cc/config/atlas/ansible/role.yaml b/clarkzjw.cc/config/atlas/ansible/role.yaml new file mode 100644 index 0000000..ab3fca5 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/role.yaml
@@ -0,0 +1,3 @@
	1	- hosts: "{{ target }}"
	2	roles:
	3	- role: "{{ role }}"


diff --git a/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml


diff --git a/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml new file mode 100644 index 0000000..e53d3eb --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml
@@ -0,0 +1,66 @@
	1	- name: Disable unattended-upgrades
	2	systemd:
	3	name: unattended-upgrades
	4	state: stopped
	5	enabled: false
	6
	7	- name: Install packages
	8	apt:
	9	name:
	10	- apt-transport-https
	11	- build-essential
	12	- ca-certificates
	13	- cifs-utils
	14	- vnstat
	15	- postfix
	16	- lsb-release
	17	- python3
	18	- python3-dev
	19	- python3-pip
	20	- unzip
	21	- gnupg
	22	- rsync
	23	- sudo
	24	- htop
	25	- curl
	26	- tree
	27	- zip
	28	- vim
	29	- zsh
	30	- git
	31	update_cache: true
	32
	33	- name: Enable bullseye-backport
	34	apt_repository:
	35	repo: deb https://deb.debian.org/debian {{ ansible_distribution_release \| lower }}-backports main contrib non-free
	36	state: present
	37
	38	# Check https://wiki.debian.org/ZFS for additional information
	39	- name: Install ZFS
	40	apt:
	41	name:
	42	- linux-headers-amd64
	43	- linux-headers-{{ ansible_kernel }}
	44	- zfsutils-linux
	45	- zfs-dkms
	46	update_cache: true
	47	fail_on_autoremove: yes
	48	default_release: "{{ ansible_distribution_release \| lower }}-backports"
	49
	50	- name: Load zfs kernel module
	51	modprobe:
	52	name: zfs
	53	state: present
	54
	55	- name: Clean unneeded packages
	56	apt:
	57	autoremove: true
	58	purge: true
	59
	60	- name: Remove useless packages from the cache
	61	apt:
	62	autoclean: yes
	63
	64	- name: Run the equivalent of "apt-get clean" as a separate step
	65	apt:
	66	clean: yes


diff --git a/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml new file mode 100644 index 0000000..29cf529 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml
@@ -0,0 +1,56 @@
	1	- name: Make sure we have a 'wheel' group
	2	group:
	3	name: wheel
	4	state: present
	5
	6	- name: Allow 'wheel' group to have passwordless sudo
	7	lineinfile:
	8	dest: /etc/sudoers
	9	state: present
	10	regexp: '^%wheel'
	11	line: '%wheel ALL=(ALL) NOPASSWD: ALL'
	12	validate: visudo -cf %s
	13
	14	- name: Add sudoers users to wheel group
	15	user:
	16	name: clarkzjw
	17	groups: wheel
	18	append: yes
	19
	20	- name: Set authorized keys taken from url
	21	authorized_key:
	22	user: clarkzjw
	23	state: present
	24	key: https://github.com/clarkzjw.keys
	25
	26	- name: Add Tailscale GPG apt Key
	27	apt_key:
	28	url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg
	29	keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg
	30	state: present
	31
	32	- name: Add Tailscale Repository
	33	get_url:
	34	url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list
	35	dest: /etc/apt/sources.list.d/tailscale.list
	36
	37	- name: Install Tailscale
	38	apt:
	39	name:
	40	- tailscale
	41	update_cache: true
	42
	43	- name: Disable Root Login
	44	lineinfile:
	45	dest: /etc/ssh/sshd_config
	46	regexp: '^PermitRootLogin yes'
	47	line: "PermitRootLogin no"
	48	state: present
	49	backup: yes
	50
	51	- name: Restart SSHD
	52	systemd:
	53	name: ssh
	54	enabled: true
	55	state: restarted
	56	daemon_reload: true


diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml new file mode 100644 index 0000000..88c23b1 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml
@@ -0,0 +1,3 @@
	1	samba_users:
	2	- username: clarkzjw
	3	password: "{{ lookup('env', 'SAMBA_PASSWORD') }}" \ No newline at end of file


diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml new file mode 100644 index 0000000..80950dc --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml
@@ -0,0 +1,53 @@
	1	- name: Install Samba
	2	apt:
	3	name:
	4	- samba
	5	- smbclient
	6	- cifs-utils
	7	update_cache: true
	8
	9	- name: Disable Samba NetBIOS server nmbd
	10	systemd:
	11	name: nmbd
	12	state: stopped
	13	enabled: false
	14
	15	- name: render samba config file
	16	template:
	17	src: smb.conf.j2
	18	dest: "/etc/samba/smb.conf"
	19	mode: 0644
	20
	21	# https://stackoverflow.com/questions/44762488/non-interactive-samba-user-creation-via-ansible
	22	- name: shell - create samba users
	23	shell: >
	24	set -e -o pipefail
	25	&& (pdbedit --user={{ item.username }} 2>&1 > /dev/null)
	26	\|\| (echo '{{ item.password }}'; echo '{{ item.password }}')
	27	\| smbpasswd -s -a {{ item.username }}
	28	args:
	29	executable: /bin/bash
	30	register: samba_create_users
	31	changed_when: "'Added user' in samba_create_users.stdout"
	32	loop: "{{ samba_users }}"
	33	no_log: true
	34
	35	- name: shell - set samba passwords correctly
	36	shell: >
	37	set -e -o pipefail
	38	&& (smbclient -U {{ item.username }}%{{ item.password }} -L 127.0.0.1 2>&1 > /dev/null)
	39	\|\| (echo '{{ item.password }}'; echo '{{ item.password }}')
	40	\| smbpasswd {{ item.username }}
	41	args:
	42	executable: /bin/bash
	43	register: samba_verify_users
	44	changed_when: "'New SMB password' in samba_verify_users.stdout"
	45	loop: "{{ samba_users }}"
	46	no_log: true
	47
	48	- name: Restart SMB service
	49	systemd:
	50	name: smbd
	51	state: restarted
	52	enabled: true
	53	daemon_reload: true


diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 new file mode 100644 index 0000000..06e2567 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2
@@ -0,0 +1,33 @@
	1	[global]
	2	workgroup = WORKGROUP
	3	interfaces = 192.168.1.0/24 tailscale0
	4	bind interfaces only = yes
	5	log file = /var/log/samba/log.%m
	6	max log size = 1000
	7	logging = file
	8	panic action = /usr/share/samba/panic-action %d
	9	server role = standalone server
	10	obey pam restrictions = yes
	11	unix password sync = yes
	12	passwd program = /usr/bin/passwd %u
	13	passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
	14	pam password change = yes
	15	map to guest = bad user
	16
	17	[homes]
	18	comment = Home Directories
	19	browseable = no
	20	read only = yes
	21	create mask = 0700
	22	directory mask = 0700
	23	valid users = %S
	24
	25	[pool1]
	26	comment = NAS Share
	27	path = /pool1/clarkzjw
	28	writable = yes
	29	guest ok = no
	30	valid users = @clarkzjw
	31	force create mode = 770
	32	force directory mode = 770
	33	inherit permissions = yes


diff --git a/clarkzjw.cc/config/atlas/ansible/samba.yaml b/clarkzjw.cc/config/atlas/ansible/samba.yaml new file mode 100644 index 0000000..f363afc --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/samba.yaml
@@ -0,0 +1,7 @@
	1	- name: Setup Samba
	2	hosts: atlas
	3	remote_user: clarkzjw
	4	gather_facts: true
	5
	6	roles:
	7	- role: samba


diff --git a/clarkzjw.cc/config/atlas/ansible/setup.yaml b/clarkzjw.cc/config/atlas/ansible/setup.yaml new file mode 100644 index 0000000..0dbbd4a --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/setup.yaml
@@ -0,0 +1,7 @@
	1	- name: Install ZFS and setup Debian
	2	hosts: atlas
	3	remote_user: clarkzjw
	4	gather_facts: true
	5
	6	roles:
	7	- role: debian_init


diff --git a/clarkzjw.cc/infra/.terraform.lock.hcl b/clarkzjw.cc/infra/.terraform.lock.hcl new file mode 100644 index 0000000..5a1955d --- /dev/null +++ b/clarkzjw.cc/infra/.terraform.lock.hcl
@@ -0,0 +1,24 @@
	1	# This file is maintained automatically by "terraform init".
	2	# Manual edits may be lost in future updates.
	3
	4	provider "registry.terraform.io/cloudflare/cloudflare" {
	5	version = "3.32.0"
	6	constraints = "~> 3.29"
	7	hashes = [
	8	"h1:m+MuihUEa0RARMGxpGKAOeCq99d94njRXJjKCAc6Xtk=",
	9	"zh:0be6ee63a380c7cf8b0666dd296ab5cdb9ec0a18ae99cd11d732783debd783f4",
	10	"zh:0dca442861a263aaadf5c95ce962b979b8380c9c6e472018cba345aa9b6484ef",
	11	"zh:549b44da944698d07d58d678f528e14d81c76d8e16d0dcab3d47a2956b20c2dd",
	12	"zh:604206dca9896baec3759c34d83477535eaba9c40843d299bf5dd302830883fd",
	13	"zh:6bff7b21254f218eba7da0227694abe33de7750a59d8d54dd04c814a0b5fe3dc",
	14	"zh:7364c2bbae08208384831ccad983963c9746a83ac02e8061b6cc78407b202605",
	15	"zh:7fba3591440ef6485eac5ab5794f7f43b4e0195365b5451bac29bd2dbccdbe14",
	16	"zh:844a6ede2b60df8507865b0b2c137c76412ec55e8601ca132c113bc5d4d5f594",
	17	"zh:90947dd9bfe6a5ab0b77c6c36bbbf07d67c94d6d22cc4fbe3c7572accda7f9b4",
	18	"zh:987fd764c9f2595eba98774fa07bb669ae97546e06289b10a5536f1c1c2cb618",
	19	"zh:993c8b9e7ab31ac39cd586a07578113341bb5870bc2348875a4ad4f2234efe0e",
	20	"zh:be77e1575e93485e8a507e995e5f6cefc9f14681dc26396813cbf079fda87c20",
	21	"zh:c300598e693c177f8a6dd3ff42e9f95cbaf7789d77124ad48899b9f4f8400ec0",
	22	"zh:f589e8754cb4dc6baf43c0f08004073bb2e8a703aa71680f9ac2efd49fdc7bdf",
	23	]
	24	}


diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf new file mode 100644 index 0000000..f269129 --- /dev/null +++ b/clarkzjw.cc/infra/cloudflare.tf
@@ -0,0 +1,23 @@
	1	data "cloudflare_zones" "homelab_main_domain" {
	2	filter {
	3	name = var.homelab_main_domain
	4	}
	5	}
	6
	7	variable "homelab_www_domain" {
	8	default = "clarkzjw.cc"
	9	}
	10
	11	variable "homelab_www_ip" {
	12	default = "8.8.8.8"
	13	}
	14
	15	resource "cloudflare_record" "main" {
	16	zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id
	17	name = var.homelab_www_domain
	18	value = var.homelab_www_ip
	19	type = "A"
	20
	21	ttl = 1
	22	proxied = true
	23	}


diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf new file mode 100644 index 0000000..faa527e --- /dev/null +++ b/clarkzjw.cc/infra/variables.tf
@@ -0,0 +1,4 @@
	1	variable "homelab_main_domain" {
	2	description = "HomeLab Main Domain"
	3	default = "clarkzjw.cc"
	4	}


diff --git a/clarkzjw.cc/infra/versions.tf b/clarkzjw.cc/infra/versions.tf new file mode 100644 index 0000000..1551173 --- /dev/null +++ b/clarkzjw.cc/infra/versions.tf
@@ -0,0 +1,8 @@
	1	terraform {
	2	required_providers {
	3	cloudflare = {
	4	source = "cloudflare/cloudflare"
	5	version = "~> 3.29"
	6	}
	7	}
	8	}