You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
126 lines
3.7 KiB
126 lines
3.7 KiB
- name: Base setup for lotus-land-story
|
|
hosts: lotus-land-story
|
|
vars_files:
|
|
- vars.yml
|
|
tasks:
|
|
|
|
- name: Always mount the lotus-land-story volume
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/fstab
|
|
line: "{{ linode_volume }} /mnt/lotus-land-story ext4 defaults,noatime,nofail 0 2"
|
|
state: present
|
|
|
|
- name: Set hostname
|
|
ansible.builtin.hostname:
|
|
name: lotus-land-story
|
|
|
|
- name: Install ansible requirements
|
|
ansible.builtin.apt:
|
|
pkg:
|
|
- docker-compose
|
|
- libpq-dev
|
|
- python3-docker
|
|
- python3-psycopg2
|
|
state: present
|
|
|
|
- import_playbook: ../playbooks/tailscale.yml # noqa: name[play]
|
|
- import_playbook: docker.yml # noqa: name[play]
|
|
- import_playbook: postgres.yml # noqa: name[play]
|
|
- import_playbook: redis.yml # noqa: name[play]
|
|
|
|
- name: Listen on the docker interface
|
|
hosts: lotus-land-story
|
|
tasks:
|
|
|
|
- name: Set up postgres to listen on docker0 interface
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/postgresql/13/main/conf.d/listen.conf
|
|
regexp: '^#?listen_addresses='
|
|
line: "listen_addresses='localhost,{{ docker_ip.address }}'"
|
|
state: present
|
|
create: true
|
|
mode: "0644"
|
|
notify: Restart postgres
|
|
|
|
handlers:
|
|
- name: Import restarts
|
|
ansible.builtin.import_tasks: restarts.yml
|
|
|
|
- import_playbook: prometheus.yml # noqa: name[play]
|
|
|
|
# Maybe this should be in the prometheus playbook?
|
|
- name: Set up prometheus user in postgres
|
|
hosts: lotus-land-story
|
|
become: true
|
|
become_user: postgres
|
|
tasks:
|
|
|
|
- name: Get postgres roles
|
|
community.postgresql.postgresql_info:
|
|
filter: roles
|
|
register: postgres_info
|
|
|
|
- name: Add postgres permissions for postgres-exporter
|
|
community.postgresql.postgresql_query:
|
|
query: |
|
|
CREATE USER prometheus;
|
|
ALTER USER prometheus SET SEARCH_PATH TO prometheus,pg_catalog;
|
|
|
|
CREATE SCHEMA prometheus AUTHORIZATION prometheus;
|
|
|
|
CREATE FUNCTION prometheus.f_select_pg_stat_activity()
|
|
RETURNS setof pg_catalog.pg_stat_activity
|
|
LANGUAGE sql
|
|
SECURITY DEFINER
|
|
AS $$
|
|
SELECT * from pg_catalog.pg_stat_activity;
|
|
$$;
|
|
|
|
CREATE FUNCTION prometheus.f_select_pg_stat_replication()
|
|
RETURNS setof pg_catalog.pg_stat_replication
|
|
LANGUAGE sql
|
|
SECURITY DEFINER
|
|
AS $$
|
|
SELECT * from pg_catalog.pg_stat_replication;
|
|
$$;
|
|
|
|
CREATE VIEW prometheus.pg_stat_replication
|
|
AS
|
|
SELECT * FROM prometheus.f_select_pg_stat_replication();
|
|
|
|
CREATE VIEW prometheus.pg_stat_activity
|
|
AS
|
|
SELECT * FROM prometheus.f_select_pg_stat_activity();
|
|
|
|
GRANT SELECT ON prometheus.pg_stat_replication TO prometheus;
|
|
GRANT SELECT ON prometheus.pg_stat_activity TO prometheus;
|
|
when: "'prometheus' not in postgres_info.roles"
|
|
|
|
- import_playbook: golink.yml # noqa: name[play]
|
|
- import_playbook: grafana.yml # noqa: name[play]
|
|
- import_playbook: loki.yml # noqa: name[play]
|
|
- import_playbook: miniflux.yml # noqa: name[play]
|
|
|
|
- import_playbook: caddy.yml # noqa: name[play]
|
|
|
|
- name: Set up ufw
|
|
hosts: lotus-land-story
|
|
tasks:
|
|
|
|
- name: Get docker network for ufw
|
|
community.docker.docker_network:
|
|
name: lotus_land_story
|
|
register: docker_network
|
|
|
|
- name: Allow access from docker network
|
|
community.general.ufw:
|
|
rule: allow
|
|
from_ip: "{{ docker_network.network.IPAM.Config[0].Subnet }}"
|
|
notify: Reload ufw
|
|
|
|
handlers:
|
|
- name: Import restarts
|
|
ansible.builtin.import_tasks: restarts.yml
|
|
|
|
# vim: ft=yaml.ansible
|