From a077d65e5f7f415cc17abeee2264e24957ef97cd Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Fri, 13 Jan 2023 16:53:03 -0800 Subject: change domain to clarkzjw.cc --- clarkzjw.ca/config/atlas/ansible/README.md | 34 ----------- clarkzjw.ca/config/atlas/ansible/ansible.cfg | 14 ----- clarkzjw.ca/config/atlas/ansible/init.yaml | 10 ---- .../config/atlas/ansible/inventory/hosts.yaml | 3 - clarkzjw.ca/config/atlas/ansible/requirements.yaml | 6 -- clarkzjw.ca/config/atlas/ansible/role.yaml | 3 - .../ansible/roles/debian_init/defaults/main.yaml | 0 .../ansible/roles/debian_init/tasks/main.yaml | 66 ---------------------- .../atlas/ansible/roles/init/tasks/main.yaml | 56 ------------------ .../atlas/ansible/roles/samba/defaults/main.yaml | 3 - .../atlas/ansible/roles/samba/tasks/main.yaml | 53 ----------------- .../ansible/roles/samba/templates/smb.conf.j2 | 33 ----------- clarkzjw.ca/config/atlas/ansible/samba.yaml | 7 --- clarkzjw.ca/config/atlas/ansible/setup.yaml | 7 --- clarkzjw.ca/infra/.terraform.lock.hcl | 24 -------- clarkzjw.ca/infra/cloudflare.tf | 23 -------- clarkzjw.ca/infra/variables.tf | 4 -- clarkzjw.ca/infra/versions.tf | 8 --- clarkzjw.cc/config/atlas/ansible/README.md | 34 +++++++++++ clarkzjw.cc/config/atlas/ansible/ansible.cfg | 14 +++++ clarkzjw.cc/config/atlas/ansible/init.yaml | 10 ++++ .../config/atlas/ansible/inventory/hosts.yaml | 3 + clarkzjw.cc/config/atlas/ansible/requirements.yaml | 6 ++ clarkzjw.cc/config/atlas/ansible/role.yaml | 3 + .../ansible/roles/debian_init/defaults/main.yaml | 0 .../ansible/roles/debian_init/tasks/main.yaml | 66 ++++++++++++++++++++++ .../atlas/ansible/roles/init/tasks/main.yaml | 56 ++++++++++++++++++ .../atlas/ansible/roles/samba/defaults/main.yaml | 3 + .../atlas/ansible/roles/samba/tasks/main.yaml | 53 +++++++++++++++++ .../ansible/roles/samba/templates/smb.conf.j2 | 33 +++++++++++ clarkzjw.cc/config/atlas/ansible/samba.yaml | 7 +++ clarkzjw.cc/config/atlas/ansible/setup.yaml | 7 +++ clarkzjw.cc/infra/.terraform.lock.hcl | 24 ++++++++ clarkzjw.cc/infra/cloudflare.tf | 23 ++++++++ clarkzjw.cc/infra/variables.tf | 4 ++ clarkzjw.cc/infra/versions.tf | 8 +++ 36 files changed, 354 insertions(+), 354 deletions(-) delete mode 100644 clarkzjw.ca/config/atlas/ansible/README.md delete mode 100644 clarkzjw.ca/config/atlas/ansible/ansible.cfg delete mode 100644 clarkzjw.ca/config/atlas/ansible/init.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/inventory/hosts.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/requirements.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/role.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/roles/debian_init/defaults/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/roles/debian_init/tasks/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/roles/init/tasks/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/roles/samba/defaults/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/roles/samba/tasks/main.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/roles/samba/templates/smb.conf.j2 delete mode 100644 clarkzjw.ca/config/atlas/ansible/samba.yaml delete mode 100644 clarkzjw.ca/config/atlas/ansible/setup.yaml delete mode 100644 clarkzjw.ca/infra/.terraform.lock.hcl delete mode 100644 clarkzjw.ca/infra/cloudflare.tf delete mode 100644 clarkzjw.ca/infra/variables.tf delete mode 100644 clarkzjw.ca/infra/versions.tf create mode 100644 clarkzjw.cc/config/atlas/ansible/README.md create mode 100644 clarkzjw.cc/config/atlas/ansible/ansible.cfg create mode 100644 clarkzjw.cc/config/atlas/ansible/init.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/requirements.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/role.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 create mode 100644 clarkzjw.cc/config/atlas/ansible/samba.yaml create mode 100644 clarkzjw.cc/config/atlas/ansible/setup.yaml create mode 100644 clarkzjw.cc/infra/.terraform.lock.hcl create mode 100644 clarkzjw.cc/infra/cloudflare.tf create mode 100644 clarkzjw.cc/infra/variables.tf create mode 100644 clarkzjw.cc/infra/versions.tf diff --git a/clarkzjw.ca/config/atlas/ansible/README.md b/clarkzjw.ca/config/atlas/ansible/README.md deleted file mode 100644 index 55f8989..0000000 --- a/clarkzjw.ca/config/atlas/ansible/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# Atlas - -Hostname: atlas -Usage: HomeLab Main NAS - -## Step - -### Init - -```bash -ansible-playbook init.yaml -K -k -``` - -Login and exec `sudo tailscale up` and authorize Tailscale in the admin panel. - -### Setup -```bash -ansible-playbook setup.yaml -``` - -### Import zfs pool -```bash -zpool status -zpool import pool1 - -... -zpool export pool1 -``` - -### Setup Samba -```bash -source admin-rc -ansible-playbook samba.yaml -``` diff --git a/clarkzjw.ca/config/atlas/ansible/ansible.cfg b/clarkzjw.ca/config/atlas/ansible/ansible.cfg deleted file mode 100644 index e0f6c28..0000000 --- a/clarkzjw.ca/config/atlas/ansible/ansible.cfg +++ /dev/null @@ -1,14 +0,0 @@ -[defaults] -host_key_checking = False -transport = ssh -remote_user = clarkzjw -roles_path = roles -inventory = inventory -force_color = True -interpreter_python = auto_silent - -[connection] -pipelining = True - -[privilege_escalation] -become = True diff --git a/clarkzjw.ca/config/atlas/ansible/init.yaml b/clarkzjw.ca/config/atlas/ansible/init.yaml deleted file mode 100644 index 3dfbc09..0000000 --- a/clarkzjw.ca/config/atlas/ansible/init.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Init - hosts: atlas - remote_user: root - gather_facts: true - vars: - ansible_ssh_common_args: "-J pve" - - roles: - - role: init diff --git a/clarkzjw.ca/config/atlas/ansible/inventory/hosts.yaml b/clarkzjw.ca/config/atlas/ansible/inventory/hosts.yaml deleted file mode 100644 index bee48c4..0000000 --- a/clarkzjw.ca/config/atlas/ansible/inventory/hosts.yaml +++ /dev/null @@ -1,3 +0,0 @@ -all: - hosts: - atlas: diff --git a/clarkzjw.ca/config/atlas/ansible/requirements.yaml b/clarkzjw.ca/config/atlas/ansible/requirements.yaml deleted file mode 100644 index 33f6117..0000000 --- a/clarkzjw.ca/config/atlas/ansible/requirements.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -collections: - - name: community.general - version: 4.7.0 - - name: ansible.posix - version: 1.3.0 diff --git a/clarkzjw.ca/config/atlas/ansible/role.yaml b/clarkzjw.ca/config/atlas/ansible/role.yaml deleted file mode 100644 index ab3fca5..0000000 --- a/clarkzjw.ca/config/atlas/ansible/role.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- hosts: "{{ target }}" - roles: - - role: "{{ role }}" diff --git a/clarkzjw.ca/config/atlas/ansible/roles/debian_init/defaults/main.yaml b/clarkzjw.ca/config/atlas/ansible/roles/debian_init/defaults/main.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/clarkzjw.ca/config/atlas/ansible/roles/debian_init/tasks/main.yaml b/clarkzjw.ca/config/atlas/ansible/roles/debian_init/tasks/main.yaml deleted file mode 100644 index e53d3eb..0000000 --- a/clarkzjw.ca/config/atlas/ansible/roles/debian_init/tasks/main.yaml +++ /dev/null @@ -1,66 +0,0 @@ -- name: Disable unattended-upgrades - systemd: - name: unattended-upgrades - state: stopped - enabled: false - -- name: Install packages - apt: - name: - - apt-transport-https - - build-essential - - ca-certificates - - cifs-utils - - vnstat - - postfix - - lsb-release - - python3 - - python3-dev - - python3-pip - - unzip - - gnupg - - rsync - - sudo - - htop - - curl - - tree - - zip - - vim - - zsh - - git - update_cache: true - -- name: Enable bullseye-backport - apt_repository: - repo: deb https://deb.debian.org/debian {{ ansible_distribution_release | lower }}-backports main contrib non-free - state: present - -# Check https://wiki.debian.org/ZFS for additional information -- name: Install ZFS - apt: - name: - - linux-headers-amd64 - - linux-headers-{{ ansible_kernel }} - - zfsutils-linux - - zfs-dkms - update_cache: true - fail_on_autoremove: yes - default_release: "{{ ansible_distribution_release | lower }}-backports" - -- name: Load zfs kernel module - modprobe: - name: zfs - state: present - -- name: Clean unneeded packages - apt: - autoremove: true - purge: true - -- name: Remove useless packages from the cache - apt: - autoclean: yes - -- name: Run the equivalent of "apt-get clean" as a separate step - apt: - clean: yes diff --git a/clarkzjw.ca/config/atlas/ansible/roles/init/tasks/main.yaml b/clarkzjw.ca/config/atlas/ansible/roles/init/tasks/main.yaml deleted file mode 100644 index 29cf529..0000000 --- a/clarkzjw.ca/config/atlas/ansible/roles/init/tasks/main.yaml +++ /dev/null @@ -1,56 +0,0 @@ -- name: Make sure we have a 'wheel' group - group: - name: wheel - state: present - -- name: Allow 'wheel' group to have passwordless sudo - lineinfile: - dest: /etc/sudoers - state: present - regexp: '^%wheel' - line: '%wheel ALL=(ALL) NOPASSWD: ALL' - validate: visudo -cf %s - -- name: Add sudoers users to wheel group - user: - name: clarkzjw - groups: wheel - append: yes - -- name: Set authorized keys taken from url - authorized_key: - user: clarkzjw - state: present - key: https://github.com/clarkzjw.keys - -- name: Add Tailscale GPG apt Key - apt_key: - url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg - keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg - state: present - -- name: Add Tailscale Repository - get_url: - url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list - dest: /etc/apt/sources.list.d/tailscale.list - -- name: Install Tailscale - apt: - name: - - tailscale - update_cache: true - -- name: Disable Root Login - lineinfile: - dest: /etc/ssh/sshd_config - regexp: '^PermitRootLogin yes' - line: "PermitRootLogin no" - state: present - backup: yes - -- name: Restart SSHD - systemd: - name: ssh - enabled: true - state: restarted - daemon_reload: true diff --git a/clarkzjw.ca/config/atlas/ansible/roles/samba/defaults/main.yaml b/clarkzjw.ca/config/atlas/ansible/roles/samba/defaults/main.yaml deleted file mode 100644 index 88c23b1..0000000 --- a/clarkzjw.ca/config/atlas/ansible/roles/samba/defaults/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ -samba_users: -- username: clarkzjw - password: "{{ lookup('env', 'SAMBA_PASSWORD') }}" \ No newline at end of file diff --git a/clarkzjw.ca/config/atlas/ansible/roles/samba/tasks/main.yaml b/clarkzjw.ca/config/atlas/ansible/roles/samba/tasks/main.yaml deleted file mode 100644 index 80950dc..0000000 --- a/clarkzjw.ca/config/atlas/ansible/roles/samba/tasks/main.yaml +++ /dev/null @@ -1,53 +0,0 @@ -- name: Install Samba - apt: - name: - - samba - - smbclient - - cifs-utils - update_cache: true - -- name: Disable Samba NetBIOS server nmbd - systemd: - name: nmbd - state: stopped - enabled: false - -- name: render samba config file - template: - src: smb.conf.j2 - dest: "/etc/samba/smb.conf" - mode: 0644 - -# https://stackoverflow.com/questions/44762488/non-interactive-samba-user-creation-via-ansible -- name: shell - create samba users - shell: > - set -e -o pipefail - && (pdbedit --user={{ item.username }} 2>&1 > /dev/null) - || (echo '{{ item.password }}'; echo '{{ item.password }}') - | smbpasswd -s -a {{ item.username }} - args: - executable: /bin/bash - register: samba_create_users - changed_when: "'Added user' in samba_create_users.stdout" - loop: "{{ samba_users }}" - no_log: true - -- name: shell - set samba passwords correctly - shell: > - set -e -o pipefail - && (smbclient -U {{ item.username }}%{{ item.password }} -L 127.0.0.1 2>&1 > /dev/null) - || (echo '{{ item.password }}'; echo '{{ item.password }}') - | smbpasswd {{ item.username }} - args: - executable: /bin/bash - register: samba_verify_users - changed_when: "'New SMB password' in samba_verify_users.stdout" - loop: "{{ samba_users }}" - no_log: true - -- name: Restart SMB service - systemd: - name: smbd - state: restarted - enabled: true - daemon_reload: true diff --git a/clarkzjw.ca/config/atlas/ansible/roles/samba/templates/smb.conf.j2 b/clarkzjw.ca/config/atlas/ansible/roles/samba/templates/smb.conf.j2 deleted file mode 100644 index 06e2567..0000000 --- a/clarkzjw.ca/config/atlas/ansible/roles/samba/templates/smb.conf.j2 +++ /dev/null @@ -1,33 +0,0 @@ -[global] - workgroup = WORKGROUP - interfaces = 192.168.1.0/24 tailscale0 - bind interfaces only = yes - log file = /var/log/samba/log.%m - max log size = 1000 - logging = file - panic action = /usr/share/samba/panic-action %d - server role = standalone server - obey pam restrictions = yes - unix password sync = yes - passwd program = /usr/bin/passwd %u - passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . - pam password change = yes - map to guest = bad user - -[homes] - comment = Home Directories - browseable = no - read only = yes - create mask = 0700 - directory mask = 0700 - valid users = %S - -[pool1] - comment = NAS Share - path = /pool1/clarkzjw - writable = yes - guest ok = no - valid users = @clarkzjw - force create mode = 770 - force directory mode = 770 - inherit permissions = yes diff --git a/clarkzjw.ca/config/atlas/ansible/samba.yaml b/clarkzjw.ca/config/atlas/ansible/samba.yaml deleted file mode 100644 index f363afc..0000000 --- a/clarkzjw.ca/config/atlas/ansible/samba.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Setup Samba - hosts: atlas - remote_user: clarkzjw - gather_facts: true - - roles: - - role: samba diff --git a/clarkzjw.ca/config/atlas/ansible/setup.yaml b/clarkzjw.ca/config/atlas/ansible/setup.yaml deleted file mode 100644 index 0dbbd4a..0000000 --- a/clarkzjw.ca/config/atlas/ansible/setup.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Install ZFS and setup Debian - hosts: atlas - remote_user: clarkzjw - gather_facts: true - - roles: - - role: debian_init diff --git a/clarkzjw.ca/infra/.terraform.lock.hcl b/clarkzjw.ca/infra/.terraform.lock.hcl deleted file mode 100644 index 5a1955d..0000000 --- a/clarkzjw.ca/infra/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/cloudflare/cloudflare" { - version = "3.32.0" - constraints = "~> 3.29" - hashes = [ - "h1:m+MuihUEa0RARMGxpGKAOeCq99d94njRXJjKCAc6Xtk=", - "zh:0be6ee63a380c7cf8b0666dd296ab5cdb9ec0a18ae99cd11d732783debd783f4", - "zh:0dca442861a263aaadf5c95ce962b979b8380c9c6e472018cba345aa9b6484ef", - "zh:549b44da944698d07d58d678f528e14d81c76d8e16d0dcab3d47a2956b20c2dd", - "zh:604206dca9896baec3759c34d83477535eaba9c40843d299bf5dd302830883fd", - "zh:6bff7b21254f218eba7da0227694abe33de7750a59d8d54dd04c814a0b5fe3dc", - "zh:7364c2bbae08208384831ccad983963c9746a83ac02e8061b6cc78407b202605", - "zh:7fba3591440ef6485eac5ab5794f7f43b4e0195365b5451bac29bd2dbccdbe14", - "zh:844a6ede2b60df8507865b0b2c137c76412ec55e8601ca132c113bc5d4d5f594", - "zh:90947dd9bfe6a5ab0b77c6c36bbbf07d67c94d6d22cc4fbe3c7572accda7f9b4", - "zh:987fd764c9f2595eba98774fa07bb669ae97546e06289b10a5536f1c1c2cb618", - "zh:993c8b9e7ab31ac39cd586a07578113341bb5870bc2348875a4ad4f2234efe0e", - "zh:be77e1575e93485e8a507e995e5f6cefc9f14681dc26396813cbf079fda87c20", - "zh:c300598e693c177f8a6dd3ff42e9f95cbaf7789d77124ad48899b9f4f8400ec0", - "zh:f589e8754cb4dc6baf43c0f08004073bb2e8a703aa71680f9ac2efd49fdc7bdf", - ] -} diff --git a/clarkzjw.ca/infra/cloudflare.tf b/clarkzjw.ca/infra/cloudflare.tf deleted file mode 100644 index 68ab88f..0000000 --- a/clarkzjw.ca/infra/cloudflare.tf +++ /dev/null @@ -1,23 +0,0 @@ -data "cloudflare_zones" "homelab_main_domain" { - filter { - name = var.homelab_main_domain - } -} - -variable "homelab_www_domain" { - default = "clarkzjw.ca" -} - -variable "homelab_www_ip" { - default = "8.8.8.8" -} - -resource "cloudflare_record" "main" { - zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id - name = var.homelab_www_domain - value = var.homelab_www_ip - type = "A" - - ttl = 1 - proxied = true -} diff --git a/clarkzjw.ca/infra/variables.tf b/clarkzjw.ca/infra/variables.tf deleted file mode 100644 index 2847d76..0000000 --- a/clarkzjw.ca/infra/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "homelab_main_domain" { - description = "HomeLab Main Domain" - default = "clarkzjw.ca" -} diff --git a/clarkzjw.ca/infra/versions.tf b/clarkzjw.ca/infra/versions.tf deleted file mode 100644 index 1551173..0000000 --- a/clarkzjw.ca/infra/versions.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - cloudflare = { - source = "cloudflare/cloudflare" - version = "~> 3.29" - } - } -} diff --git a/clarkzjw.cc/config/atlas/ansible/README.md b/clarkzjw.cc/config/atlas/ansible/README.md new file mode 100644 index 0000000..55f8989 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/README.md @@ -0,0 +1,34 @@ +# Atlas + +Hostname: atlas +Usage: HomeLab Main NAS + +## Step + +### Init + +```bash +ansible-playbook init.yaml -K -k +``` + +Login and exec `sudo tailscale up` and authorize Tailscale in the admin panel. + +### Setup +```bash +ansible-playbook setup.yaml +``` + +### Import zfs pool +```bash +zpool status +zpool import pool1 + +... +zpool export pool1 +``` + +### Setup Samba +```bash +source admin-rc +ansible-playbook samba.yaml +``` diff --git a/clarkzjw.cc/config/atlas/ansible/ansible.cfg b/clarkzjw.cc/config/atlas/ansible/ansible.cfg new file mode 100644 index 0000000..e0f6c28 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/ansible.cfg @@ -0,0 +1,14 @@ +[defaults] +host_key_checking = False +transport = ssh +remote_user = clarkzjw +roles_path = roles +inventory = inventory +force_color = True +interpreter_python = auto_silent + +[connection] +pipelining = True + +[privilege_escalation] +become = True diff --git a/clarkzjw.cc/config/atlas/ansible/init.yaml b/clarkzjw.cc/config/atlas/ansible/init.yaml new file mode 100644 index 0000000..3dfbc09 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/init.yaml @@ -0,0 +1,10 @@ +--- +- name: Init + hosts: atlas + remote_user: root + gather_facts: true + vars: + ansible_ssh_common_args: "-J pve" + + roles: + - role: init diff --git a/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml b/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml new file mode 100644 index 0000000..bee48c4 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/inventory/hosts.yaml @@ -0,0 +1,3 @@ +all: + hosts: + atlas: diff --git a/clarkzjw.cc/config/atlas/ansible/requirements.yaml b/clarkzjw.cc/config/atlas/ansible/requirements.yaml new file mode 100644 index 0000000..33f6117 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/requirements.yaml @@ -0,0 +1,6 @@ +--- +collections: + - name: community.general + version: 4.7.0 + - name: ansible.posix + version: 1.3.0 diff --git a/clarkzjw.cc/config/atlas/ansible/role.yaml b/clarkzjw.cc/config/atlas/ansible/role.yaml new file mode 100644 index 0000000..ab3fca5 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/role.yaml @@ -0,0 +1,3 @@ +- hosts: "{{ target }}" + roles: + - role: "{{ role }}" diff --git a/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/defaults/main.yaml new file mode 100644 index 0000000..e69de29 diff --git a/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml new file mode 100644 index 0000000..e53d3eb --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/debian_init/tasks/main.yaml @@ -0,0 +1,66 @@ +- name: Disable unattended-upgrades + systemd: + name: unattended-upgrades + state: stopped + enabled: false + +- name: Install packages + apt: + name: + - apt-transport-https + - build-essential + - ca-certificates + - cifs-utils + - vnstat + - postfix + - lsb-release + - python3 + - python3-dev + - python3-pip + - unzip + - gnupg + - rsync + - sudo + - htop + - curl + - tree + - zip + - vim + - zsh + - git + update_cache: true + +- name: Enable bullseye-backport + apt_repository: + repo: deb https://deb.debian.org/debian {{ ansible_distribution_release | lower }}-backports main contrib non-free + state: present + +# Check https://wiki.debian.org/ZFS for additional information +- name: Install ZFS + apt: + name: + - linux-headers-amd64 + - linux-headers-{{ ansible_kernel }} + - zfsutils-linux + - zfs-dkms + update_cache: true + fail_on_autoremove: yes + default_release: "{{ ansible_distribution_release | lower }}-backports" + +- name: Load zfs kernel module + modprobe: + name: zfs + state: present + +- name: Clean unneeded packages + apt: + autoremove: true + purge: true + +- name: Remove useless packages from the cache + apt: + autoclean: yes + +- name: Run the equivalent of "apt-get clean" as a separate step + apt: + clean: yes diff --git a/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml new file mode 100644 index 0000000..29cf529 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/init/tasks/main.yaml @@ -0,0 +1,56 @@ +- name: Make sure we have a 'wheel' group + group: + name: wheel + state: present + +- name: Allow 'wheel' group to have passwordless sudo + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%wheel' + line: '%wheel ALL=(ALL) NOPASSWD: ALL' + validate: visudo -cf %s + +- name: Add sudoers users to wheel group + user: + name: clarkzjw + groups: wheel + append: yes + +- name: Set authorized keys taken from url + authorized_key: + user: clarkzjw + state: present + key: https://github.com/clarkzjw.keys + +- name: Add Tailscale GPG apt Key + apt_key: + url: https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg + keyring: /usr/share/keyrings/tailscale-archive-keyring.gpg + state: present + +- name: Add Tailscale Repository + get_url: + url: https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list + dest: /etc/apt/sources.list.d/tailscale.list + +- name: Install Tailscale + apt: + name: + - tailscale + update_cache: true + +- name: Disable Root Login + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitRootLogin yes' + line: "PermitRootLogin no" + state: present + backup: yes + +- name: Restart SSHD + systemd: + name: ssh + enabled: true + state: restarted + daemon_reload: true diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml new file mode 100644 index 0000000..88c23b1 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/defaults/main.yaml @@ -0,0 +1,3 @@ +samba_users: +- username: clarkzjw + password: "{{ lookup('env', 'SAMBA_PASSWORD') }}" \ No newline at end of file diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml new file mode 100644 index 0000000..80950dc --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/tasks/main.yaml @@ -0,0 +1,53 @@ +- name: Install Samba + apt: + name: + - samba + - smbclient + - cifs-utils + update_cache: true + +- name: Disable Samba NetBIOS server nmbd + systemd: + name: nmbd + state: stopped + enabled: false + +- name: render samba config file + template: + src: smb.conf.j2 + dest: "/etc/samba/smb.conf" + mode: 0644 + +# https://stackoverflow.com/questions/44762488/non-interactive-samba-user-creation-via-ansible +- name: shell - create samba users + shell: > + set -e -o pipefail + && (pdbedit --user={{ item.username }} 2>&1 > /dev/null) + || (echo '{{ item.password }}'; echo '{{ item.password }}') + | smbpasswd -s -a {{ item.username }} + args: + executable: /bin/bash + register: samba_create_users + changed_when: "'Added user' in samba_create_users.stdout" + loop: "{{ samba_users }}" + no_log: true + +- name: shell - set samba passwords correctly + shell: > + set -e -o pipefail + && (smbclient -U {{ item.username }}%{{ item.password }} -L 127.0.0.1 2>&1 > /dev/null) + || (echo '{{ item.password }}'; echo '{{ item.password }}') + | smbpasswd {{ item.username }} + args: + executable: /bin/bash + register: samba_verify_users + changed_when: "'New SMB password' in samba_verify_users.stdout" + loop: "{{ samba_users }}" + no_log: true + +- name: Restart SMB service + systemd: + name: smbd + state: restarted + enabled: true + daemon_reload: true diff --git a/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 new file mode 100644 index 0000000..06e2567 --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/roles/samba/templates/smb.conf.j2 @@ -0,0 +1,33 @@ +[global] + workgroup = WORKGROUP + interfaces = 192.168.1.0/24 tailscale0 + bind interfaces only = yes + log file = /var/log/samba/log.%m + max log size = 1000 + logging = file + panic action = /usr/share/samba/panic-action %d + server role = standalone server + obey pam restrictions = yes + unix password sync = yes + passwd program = /usr/bin/passwd %u + passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . + pam password change = yes + map to guest = bad user + +[homes] + comment = Home Directories + browseable = no + read only = yes + create mask = 0700 + directory mask = 0700 + valid users = %S + +[pool1] + comment = NAS Share + path = /pool1/clarkzjw + writable = yes + guest ok = no + valid users = @clarkzjw + force create mode = 770 + force directory mode = 770 + inherit permissions = yes diff --git a/clarkzjw.cc/config/atlas/ansible/samba.yaml b/clarkzjw.cc/config/atlas/ansible/samba.yaml new file mode 100644 index 0000000..f363afc --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/samba.yaml @@ -0,0 +1,7 @@ +- name: Setup Samba + hosts: atlas + remote_user: clarkzjw + gather_facts: true + + roles: + - role: samba diff --git a/clarkzjw.cc/config/atlas/ansible/setup.yaml b/clarkzjw.cc/config/atlas/ansible/setup.yaml new file mode 100644 index 0000000..0dbbd4a --- /dev/null +++ b/clarkzjw.cc/config/atlas/ansible/setup.yaml @@ -0,0 +1,7 @@ +- name: Install ZFS and setup Debian + hosts: atlas + remote_user: clarkzjw + gather_facts: true + + roles: + - role: debian_init diff --git a/clarkzjw.cc/infra/.terraform.lock.hcl b/clarkzjw.cc/infra/.terraform.lock.hcl new file mode 100644 index 0000000..5a1955d --- /dev/null +++ b/clarkzjw.cc/infra/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/cloudflare/cloudflare" { + version = "3.32.0" + constraints = "~> 3.29" + hashes = [ + "h1:m+MuihUEa0RARMGxpGKAOeCq99d94njRXJjKCAc6Xtk=", + "zh:0be6ee63a380c7cf8b0666dd296ab5cdb9ec0a18ae99cd11d732783debd783f4", + "zh:0dca442861a263aaadf5c95ce962b979b8380c9c6e472018cba345aa9b6484ef", + "zh:549b44da944698d07d58d678f528e14d81c76d8e16d0dcab3d47a2956b20c2dd", + "zh:604206dca9896baec3759c34d83477535eaba9c40843d299bf5dd302830883fd", + "zh:6bff7b21254f218eba7da0227694abe33de7750a59d8d54dd04c814a0b5fe3dc", + "zh:7364c2bbae08208384831ccad983963c9746a83ac02e8061b6cc78407b202605", + "zh:7fba3591440ef6485eac5ab5794f7f43b4e0195365b5451bac29bd2dbccdbe14", + "zh:844a6ede2b60df8507865b0b2c137c76412ec55e8601ca132c113bc5d4d5f594", + "zh:90947dd9bfe6a5ab0b77c6c36bbbf07d67c94d6d22cc4fbe3c7572accda7f9b4", + "zh:987fd764c9f2595eba98774fa07bb669ae97546e06289b10a5536f1c1c2cb618", + "zh:993c8b9e7ab31ac39cd586a07578113341bb5870bc2348875a4ad4f2234efe0e", + "zh:be77e1575e93485e8a507e995e5f6cefc9f14681dc26396813cbf079fda87c20", + "zh:c300598e693c177f8a6dd3ff42e9f95cbaf7789d77124ad48899b9f4f8400ec0", + "zh:f589e8754cb4dc6baf43c0f08004073bb2e8a703aa71680f9ac2efd49fdc7bdf", + ] +} diff --git a/clarkzjw.cc/infra/cloudflare.tf b/clarkzjw.cc/infra/cloudflare.tf new file mode 100644 index 0000000..f269129 --- /dev/null +++ b/clarkzjw.cc/infra/cloudflare.tf @@ -0,0 +1,23 @@ +data "cloudflare_zones" "homelab_main_domain" { + filter { + name = var.homelab_main_domain + } +} + +variable "homelab_www_domain" { + default = "clarkzjw.cc" +} + +variable "homelab_www_ip" { + default = "8.8.8.8" +} + +resource "cloudflare_record" "main" { + zone_id = data.cloudflare_zones.homelab_main_domain.zones[0].id + name = var.homelab_www_domain + value = var.homelab_www_ip + type = "A" + + ttl = 1 + proxied = true +} diff --git a/clarkzjw.cc/infra/variables.tf b/clarkzjw.cc/infra/variables.tf new file mode 100644 index 0000000..faa527e --- /dev/null +++ b/clarkzjw.cc/infra/variables.tf @@ -0,0 +1,4 @@ +variable "homelab_main_domain" { + description = "HomeLab Main Domain" + default = "clarkzjw.cc" +} diff --git a/clarkzjw.cc/infra/versions.tf b/clarkzjw.cc/infra/versions.tf new file mode 100644 index 0000000..1551173 --- /dev/null +++ b/clarkzjw.cc/infra/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 3.29" + } + } +} -- cgit v1.2.3