luigi/homelab
1
0
Fork 0
mirror of https://github.com/luigieai/homelab.git synced 2025-06-07 07:56:37 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: ansible Vault provisioning

Browse source
This commit is contained in:
Luigi Oliveira 2023-08-05 22:36:37 -03:00
parent ac28383173
commit ce1957407c
4 changed files with 62 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ansible/README.md
View file

@ -38,4 +38,11 @@ ansible-galaxy install geerlingguy.docker
### Portainer ### Portainer
The role will install Docker + Portainer, we recommend using the role in **root** user as recommended in [portainer documentation](https://docs.portainer.io/start/install-ce/server/docker/linux#introduction). The role will install Docker + Portainer, we recommend using the role in **root** user as recommended in [portainer documentation](https://docs.portainer.io/start/install-ce/server/docker/linux#introduction).
After running the playbook, access your portainer instance using *yourhostname.tld:9443* After running the playbook, access your portainer instance using *yourhostname.tld:9443*
### NOMAD
TODO!
Dependencies:
```shell
ansible-galaxy install robertdebock.vault
```

4
ansible/nomadserver.yml
View file

@ -1,4 +1,5 @@
- hosts: nomad - hosts: nomad
become: yes
tasks: tasks:
#NOMAD USER ADDED IN DOCKER GROUP BECAUSE OF VARIABLE AT INVENTORY!!!!! #NOMAD USER ADDED IN DOCKER GROUP BECAUSE OF VARIABLE AT INVENTORY!!!!!
- name: install docker - name: install docker
@ -7,3 +8,6 @@
- name: install nomad - name: install nomad
ansible.builtin.import_role: ansible.builtin.import_role:
name: nomad name: nomad
- name: install nomad
ansible.builtin.import_role:
name: vault # I NEED TO MANUALLY CREATE THIS ROLE BTW

22
ansible/roles/vault/tasks/main.yml Normal file
View file

@ -0,0 +1,22 @@
---
- name: Install Vault
include_role:
name: robertdebock.vault
vars:
vault_installation_method: binary
ignore_errors: true
- name: Import vault configuration
ansible.builtin.template:
dest: /etc/vault.d/vault.hcl
group: vault
mode: "0444"
owner: vault
src: vault.hcl.j2
- name: Daemon reload
ansible.builtin.systemd:
daemon_reload: true
- name: Restart vault
ansible.builtin.service:
name: vault
state: restarted

28
ansible/roles/vault/templates/vault.hcl.j2 Normal file
View file

@ -0,0 +1,28 @@
# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
ui = true
#mlock = true
disable_mlock = true
storage "file" {
path = "/opt/vault/data"
}
#storage "consul" {
# address = "127.0.0.1:8500"
# path = "vault"
#}
# HTTP listener
#listener "tcp" {
# address = "127.0.0.1:8200"
# tls_disable = 1
#}
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "/opt/vault/tls/tls.crt"
tls_key_file = "/opt/vault/tls/tls.key"
}