matt/ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
phermeys
2025-09-14 13:10:34 -07:00
commit 6f4fcb90e2
25 changed files with 869 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
behemoth-containers.yaml Normal file
View File

@ -0,0 +1,49 @@
---
- name: Rebuild Behemoth Containers
hosts: all
become: yes
tasks:
- name: Get Build File Listing
shell: "ls -lR /opt/containers/*/build.sh | cut -b 41- | cut -d '/' -f 1-4"
register: behemoth_container_output
- name: Get Name Listing
shell: "ls -lR /opt/containers/*/build.sh | cut -b 41- | cut -d '/' -f 4"
register: folder_name_output
- name: Combine folder names and paths into a list of dictionaries
set_fact:
behemoth_containers: "{{ behemoth_containers | default([]) + [{'folder_name': item[0], 'folder_path': item[1]}] }}"
loop: "{{ folder_name_output.stdout_lines | zip(behemoth_container_output.stdout_lines) }}"
loop_control:
label: "{{ item[0] }}"
- name: Build images
docker_image:
name: "{{ item.folder_name }}"
source: build
build:
path: "{{ item.folder_path }}"
state: present
tag: latest
loop: "{{ behemoth_containers }}"
register: build_output
ignore_errors: true
- name: Output Debug
debug:
msg:
- "Container name: {{item.item.folder_name}}"
- "Build Environment: {{item.item.folder_path}}"
- "Container Size: {{ (item.image.Size / 1048576 | float) | round(2) }} MB"
- "{{ 'Image updated' if item.changed else 'No Change Made' }}"
- "{{ 'Warning: Failure Detected' if item.failed else 'No Failure Detected' }}"
loop: "{{ build_output.results }}"
loop_control:
label: "{{ item.item.folder_name }}"
...

19
cd-to-iso.yaml Normal file
View File

@ -0,0 +1,19 @@
---
- name: CD to ISO
hosts: all
become: yes
# Required Jenkins Vars
# host_ip - string
# new_hostname - string
# rename_host - bool
# config_matt - bool
# kde_full - bool
#
roles:
- { role: cd_to_iso, tags: ['cd_to_iso'], }
...

25
cifs-mount.yaml Normal file
View File

@ -0,0 +1,25 @@
---
- name: CIFS Mount
hosts: all
become: yes
###############################################
# Permanently Mount a CIFS Share
###############################################
roles:
- { role: cifs_mount, tags: ['cifs_mount'] }
# tasks:
#
# - name: Gather Facts and set variable
# include_tasks: /var/jenkins_home/ansible/roles/cosmos_init/tasks/gather_facts.yaml
#
# - name: Base Samba Config
# include_tasks: /var/jenkins_home/ansible/roles/cosmos_init/tasks/configure_smb.yaml
# when: not samba_present | bool
#
# - name: Map CIFS Share
# include_tasks: /var/jenkins_home/ansible/tasks/cifs_mount.yaml
...

34
cosmos-base.yaml Normal file
View File

@ -0,0 +1,34 @@
---
- name: Cosmos Base Pipeline
hosts: all
become: yes
# Required Jenkins Vars
# host_ip - string
# new_hostname - string
# rename_host - bool
# config_matt - bool
# kde_full - bool
#
roles:
- role: cosmos_init
- role: docker_workstation
- role: nvidia_drivers
when: install_nvidia | bool
- role: ldap_client
when: install_LDAP | bool
- role: matt_profile
when: config_matt | bool and home_endpoint | bool
- role: kde_plasma
- role: install_apps
...

18
cosmos-console.yaml Normal file
View File

@ -0,0 +1,18 @@
---
- name: Cosmos Console Pipeline
hosts: all
become: yes
# Required Jenkins Vars
# host_ip - string
# new_hostname - string
# regex_search("Kodi")
roles:
- { role: cosmos_init, vars: {"terse_packages": "true"} }
- { role: nvidia_drivers, when: install_nvidia | bool }
- { role: console }
...

17
cosmos-nvidia.yaml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Cosmos Nvidia Pipeline
hosts: all
become: yes
vars:
terse_packages: true
roles:
- { role: cosmos_init, vars: {"gather_only": "true" } }
- { role: nvidia_drivers, tags: ['nvidia_drivers'] }
...

22
cosmos-public.yaml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Cosmos Public Pipeline
hosts: all
become: yes
roles:
- role: cosmos_init
- role: nvidia_drivers
when: install_nvidia | bool
- role: pihole
- role: kde_plasma
- role: install_apps
- role: public_account
...

61
cosmos-server.yaml Normal file
View File

@ -0,0 +1,61 @@
---
- name: Cosmos Server Pipeline
hosts: all
become: yes
vars:
iso_only: true
servers:
# make sure this lines up with the Jenkinsfile
- name: Octoprint
role: octoprint
- name: Kodi
role: kodi
- name: Timelapse
role: timelapse
- name: Build ISO
role: pxe_server
- name: Jenkins VPN
role: jenkins_vpn
- name: Puck VPN
role: puck_vpn
- name: Net Bridge
role: net_bridge
- name: Carputer
role: carputer
- name: VCR Capture
role: video_capture
roles:
- role: cosmos_init
when: not refresh_special | bool
- role: docker_workstation
when: install_docker | bool and not refresh_special | bool
- role: nvidia_drivers
when: install_nvidia | bool and not refresh_special | bool
- role: ldap_client
when: install_LDAP | bool and not refresh_special | bool
tasks:
- name: display special_server
debug:
msg: "{{ special_server }}"
- name: Run the appropriate role based on server type
include_role:
name: "{{ servers_item.role }}"
when: special_server | regex_search("{{ servers_item.name }}")
loop: "{{ servers }}"
loop_control:
loop_var: servers_item
# - { role: octoprint, when: special_server | regex_search("Octoprint") }
# - { role: kodi, when: special_server | regex_search("Kodi") }
# - { role: timelapse, when: special_server | regex_search("Timelapse") }
...

17
jenkins_vpn.yaml Normal file
View File

@ -0,0 +1,17 @@
---
# note - this needs to be run on the jenkins vpn ip
- name: Matt-Cloud Jenkins VPN Client
hosts: all
become: yes
vars:
terse_packages: true
roles:
# - { role: cosmos_init, tags: ['cosmos_init'], vars: {"terse_packages": "true"}, when: not refresh_only | bool }
- { role: jenkins_vpn, tags: ['jenkins_vpn'] }
...

23
lldp-scan.yaml Normal file
View File

@ -0,0 +1,23 @@
---
- name: GOEM to LLDP Scan Pipeline
hosts: all
become: yes
# Required Jenkins Vars
# host_ip - string
# new_hostname - string
vars:
terse_packages: false
roles:
- role: cosmos_init
when: not refresh_only | bool
- role: lldp_scan
...

12
matt-capture.yaml Normal file
View File

@ -0,0 +1,12 @@
---
- name: Matt Profile Capture
hosts: all
become: yes
roles:
- { role: cosmos_init, vars: {"gather_only": "true" } }
- matt_capture
...

101
mattgpt-capture.yaml Normal file
View File

@ -0,0 +1,101 @@
---
- name: Mattgpt Container Capture
hosts: all
become: yes
vars:
remote_mount_folder: "/opt/cosmos/mattgpt_temp"
remote_smb_path: "//172.20.25.10/terra/mattgpt"
local_archive_path: "/opt/cosmos/archives"
mattgpt_docker_path: "/opt/docker/40-mattgpt"
###############################################
# Playbook to capture mattgpt docker data
###############################################
tasks:
###############################################
# Mount remote archive folder
###############################################
- name: MattGPT Capture - Remote Archive Path Check
file:
path: "{{ remote_mount_folder }}"
state: directory
owner: root
group: root
mode: '0755'
- name: MattGPT Capture - Local Archive Folder Check
file:
path: "{{ local_archive_path }}"
state: directory
owner: root
group: root
mode: '0755'
- name: MattGPT Capture - Mount network share
mount:
path: "{{ remote_mount_folder }}"
src: "{{ remote_smb_path }}"
fstype: cifs
opts: "username=behemoth,password={{ saturn_behemoth }}"
state: mounted
###############################################
# Archive mattgpt folder
###############################################
- name: MattGPT Capture - Stop Container
shell: "docker stop mattgpt"
- name: MattGPT Capture - Create Archive Tarball
shell: "tar --use-compress-program=pigz -cf {{ local_archive_path }}/mattgpt.tar.gz -C {{ mattgpt_docker_path }} ."
- name: MattGPT Capture - Get Relavent Sizes
shell: |
du -sh {{ mattgpt_docker_path }} | cut -d '/' -f 1,4 | awk '{print $2 ": " $1}'
ls -lah {{ local_archive_path }} | grep tar | awk '{print $9 ": " $5}'
register: archive_size_output
- name: MattGPT Capture - Show Archive Sizes
debug:
msg: "{{ archive_size_output.stdout_lines }}"
- name: MattGPT Capture - Start Container
shell: "docker start mattgpt"
###############################################
# Copy archive to network and remove local copy
###############################################
- name: MattGPT Capture - Copy archives
shell: "cp {{ local_archive_path }}/mattgpt.tar.gz {{ remote_mount_folder }}/mattgpt.tar.gz"
- name: MattGPT Capture - Delete local files
shell: "rm {{ local_archive_path }}/mattgpt.tar.gz"
###############################################
# Unmount network share
###############################################
- name: MattGPT Capture - Unmount network share
mount:
path: "{{ remote_mount_folder }}/"
state: absent
- name: MattGPT Capture - Make sure mountpoint is gone from fstab
lineinfile:
path: /etc/fstab
regexp: "{{ remote_mount_folder }}"
state: absent
- name: MattGPT Capture - Manually Unmount Share
shell: "umount {{ remote_mount_folder }}"
...

17
pi-init.yaml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Ansible Test
hosts: all
become: yes
# this is meant just as a tiny playbook to run after the public key is injected with jenkins
tasks:
# Check System Architecture
- name: Check CPU Arch
shell: "dpkg --print-architecture"
register: cpu_architecture_output
- name: Display cpu_architecture_output variable
debug:
msg: "{{ cpu_architecture_output.stdout_lines[0] }}"
...

14
pi-top.yaml Normal file
View File

@ -0,0 +1,14 @@
---
- name: Pi-Top Pipeline
hosts: all
become: yes
roles:
- role: pi-top
# I discovered that the user projects only work when lightdm is running
# I don't know what voodoo causes this behavior, but it isn't worth bypassing
# if that is even possible, might require hardware changes depending on how this
# OLED hooks up to the Pi
...

134
public-capture.yaml Normal file
View File

@ -0,0 +1,134 @@
---
- name: Public Profile Capture
hosts: all
become: yes
###############################################
# Playbook to capture public profile
###############################################
tasks:
###############################################
# Check System Architecture
###############################################
- name: Install Apps - Check CPU Arch
shell: "dpkg --print-architecture"
register: cpu_architecture_output
- name: Set cpu_architecture variable
set_fact:
cpu_architecture: "{{ cpu_architecture_output.stdout_lines[0] }}"
- name: Display Architecture
debug:
msg: "CPU Architecture: {{ cpu_architecture }}"
###############################################
# Determine Public User Account Name
###############################################
- name: Get User Account Folders
shell: 'cat /opt/cosmos/local-user'
register: user_file_contents
- name: Set User Variable
set_fact:
public_user: "{{ user_file_contents.stdout }}"
- name: Display Result
debug:
msg: "Public user account: {{ public_user }}"
###############################################
# Mount remote profile archive folder
###############################################
- name: Public Capture - Remote Profile Folder Check
file:
path: "/opt/cosmos/profile"
state: directory
owner: root
group: root
mode: '0755'
- name: Public Capture - Local Archive Folder Check
file:
path: "/opt/cosmos/archives"
state: directory
owner: root
group: root
mode: '0755'
- name: Public Capture - Mount network share
mount:
path: "/opt/cosmos/profile"
src: "//172.25.1.10/behemoth/ansible-files/profile"
fstype: cifs
opts: "username=behemoth,password={{ saturn_behemoth }}"
state: mounted
###############################################
# Archive user folder
###############################################
- name: Public Capture - Generate Archive Exclusion List
copy:
dest: /opt/cosmos/archives/user-exclude.txt
content: |
.cache
.local/share/user-places.xbel
.local/share/user-places.xbel.bak
.local/share/user-places.xbel.tbcache
.local/share/RecentDocuments
.config/google-chrome
.config/chromium
.config/session
.bash_history
- name: Public Capture - Create Profile Tarball
shell: "tar --use-compress-program=pigz --exclude-from=/opt/cosmos/archives/user-exclude.txt -cf /opt/cosmos/archives/user.tar.gz -C /home/{{ public_user }} ."
###############################################
# Copy archive to network and remove local copy
###############################################
- name: Public Capture - Get Archive Sizes
shell: "ls -lah /opt/cosmos/archives | grep tar | awk '{print $9 \": \" $5}'"
register: archive_size_output
- name: Public Capture - Show Archive Sizes
debug:
msg: "{{ archive_size_output.stdout_lines }}"
- name: Public Capture - Copy archives
shell: "cp /opt/cosmos/archives/user.tar.gz /opt/cosmos/profile/user_{{ cpu_architecture }}.tar.gz"
- name: Public Capture - Delete local files
shell: |
rm /opt/cosmos/archives/user.tar.gz
rm /opt/cosmos/archives/user-exclude.txt
###############################################
# Unmount network share
###############################################
- name: Public Capture - Unmount network share
mount:
path: "/opt/cosmos/profile/"
state: absent
- name: Public Capture - Make sure mountpoint is gone from fstab
lineinfile:
path: /etc/fstab
regexp: '\/opt\/cosmos\/profile'
state: absent
- name: Public Capture - Manually Unmount Share
shell: umount /opt/cosmos/profile
...

20
puck_routing.yaml Normal file
View File

@ -0,0 +1,20 @@
---
# Configures eth1, DHCP, and routing
- name: Matt-Cloud VPN Client Puck Post-VPN COnfig
hosts: all
become: yes
vars:
terse_packages: true
init_light: true
vpn_init: false
tasks:
roles:
- role: puck_vpn
...

26
puck_vpn.yaml Normal file
View File

@ -0,0 +1,26 @@
---
# Configures eth1, DHCP, and routing
- name: Matt-Cloud VPN Client Puck Pre-VPN Config
hosts: all
become: yes
vars:
terse_packages: true
init_light: true
vpn_init: true
update_grub_timeout: false
public_deploy: true
rename_host: true
add_domain: false
tasks:
roles:
- role: cosmos_init
- role: puck_vpn
...

20
pxe-server.yaml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Cosmos PXE Server Pipeline
hosts: all
become: yes
# Required Jenkins Vars
# host_ip - string
# new_hostname - string
# rename_host - bool
# config_matt - bool
# kde_full - bool
#
vars:
terse_packages: true
roles:
- { role: cosmos_init, tags: ['cosmos_init'], vars: {"terse_packages": "true"}, when: not refresh_only | bool }
- { role: pxe_server, tags: ['pxe_server'] }
...

13
rename-endpoint.yaml Normal file
View File

@ -0,0 +1,13 @@
---
- name: Cosmos Rename Endpoint
hosts: all
become: yes
tasks:
- name: Rename Endpoint
include_tasks: /var/jenkins_home/ansible/roles/cosmos_init/tasks/set_hostname.yaml
...

19
rip-cd.yaml Normal file
View File

@ -0,0 +1,19 @@
---
- name: Rip Audio CD
hosts: all
become: yes
# Required Jenkins Vars
# host_ip - string
# new_hostname - string
# rename_host - bool
# config_matt - bool
# kde_full - bool
#
roles:
- role: rip_cd
...

42
test.yaml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Ansible Test
hosts: all
become: yes
vars:
#vpn_endpoint: "172.30.2.1"
#gather_only: true
#cpu_architecture: "amd64"
#AUTH_API_KEY: hellothere
#fprint_sensor: duybluey
#ultimaker_cura_url: "https://ultimaker.com/software/ultimaker-cura/"
#rename_host: false
#reset_user: true
#config_smb: false
#terse_packages: false
#install_packages: false
#build_iso: false
ding_api: true
refresh_special: true
# roles:
# - video_capture
# tasks:
#
# - name: prereqs - get debian version info
# shell: 'cat /etc/os-release | grep VERSION_ID | cut -d\" -f2'
# register: os_version_id_output
# - debug:
# msg: |
# {{ os_version_id_output }}
# /var/jenkins_home/ansible-files/lldp_scan/cosmos-deb{{ os_version_id_output.stdout_lines[0] }}.tar.gz
# - name: Rename Endpoint
# include_tasks: /var/jenkins_home/ansible/roles/install_apps/tasks/ultimaker.yaml
...

123
trixie_upgrade.yaml Normal file
View File

@ -0,0 +1,123 @@
---
# lifted from here
# https://gist.github.com/yorickdowne/3cecc7b424ce241b173510e36754af47
- name: Trixie Upgrade Pipeline
hosts: all
become: yes
tasks:
- name: Get distribution version
setup:
filter: ansible_distribution*
- name: Skip if not Debian 12
meta: end_host
when: ansible_distribution != 'Debian' or ansible_distribution_major_version != '12'
- name: apt clean
apt:
clean: yes
- name: Get filesystem facts
setup:
filter: ansible_mounts
- name: Fail if free space on / is below 5 GiB
ansible.builtin.assert:
that:
- item.size_available > (5 * 1024 * 1024 * 1024)
fail_msg: "Free disk space on {{ item.mount }} is below 5 GiB"
loop: "{{ ansible_mounts }}"
when: item.mount == "/"
- name: All apt packages up to date
apt:
upgrade: dist
update_cache: yes
- name: apt autoremove
apt:
autoremove: yes
- name: apt clean
apt:
clean: yes
- name: Check if reboot required
ansible.builtin.stat:
path: /run/reboot-required
get_checksum: no
register: reboot_required_file
- name: Reboot if required
ansible.builtin.reboot:
msg: "Reboot initiated by Ansible"
connect_timeout: 5
reboot_timeout: 600
pre_reboot_delay: 0
post_reboot_delay: 60
test_command: whoami
when: reboot_required_file.stat.exists
- name: Switch OS from bookworm to trixie
ansible.builtin.replace:
path: /etc/apt/sources.list
regexp: 'bookworm'
replace: 'trixie'
- name: Find all 3rd-party repos
ansible.builtin.find:
paths: /etc/apt/sources.list.d
patterns: '*'
recurse: no
register: third_party_repos
- name: Switch 3rd-party repos from bookworm to trixie
ansible.builtin.replace:
path: "{{ item.path }}"
regexp: 'bookworm'
replace: 'trixie'
loop: "{{ third_party_repos.files }}"
loop_control:
label: "{{ item.path }}"
- name: Use apt to move to trixie
apt:
upgrade: dist
update_cache: yes
- name: Get distribution version
setup:
filter: ansible_distribution*
- name: Fail if not Debian 13
assert:
that:
- ansible_distribution_major_version == '13'
fail_msg: "Upgrade to Debian 13 failed"
- name: apt autoremove
apt:
autoremove: yes
- name: apt clean
apt:
clean: yes
- name: Reboot on trixie
ansible.builtin.reboot:
msg: "Reboot initiated by Ansible"
connect_timeout: 5
reboot_timeout: 600
pre_reboot_delay: 0
post_reboot_delay: 60
test_command: whoami
- name: Modernize apt sources
ansible.builtin.command:
cmd: apt -y modernize-sources
...

8
update-endpoint.yaml Normal file
View File

@ -0,0 +1,8 @@
---
- name: Cosmos Workstation Update
hosts: all
become: yes
roles:
- role: update_endpoint
...

28
vm_party.yaml Normal file
View File

@ -0,0 +1,28 @@
---
# Configures server for VM party
- name: Make a VM Party box
hosts: all
become: yes
vars:
# configure cosmos init for this playbook
terse_packages: true
vpn_init: true
update_grub_timeout: true
public_deploy: true
rename_host: true
configure_smb: true
no_vpn: true
add_domain: false
no_vpn: true
# bridge interface name
bridge_name: "vmpbr0"
roles:
- { role: cosmos_init, when: not run_stage_two | bool and not (update_party | bool) and not (service_only | bool)}
- { role: net_bridge, when: not (run_stage_two | bool) and not (update_party | bool) and not (service_only | bool)}
- { role: vm_party, when: run_stage_two | bool or update_party | bool or service_only | bool}
...

7
wrt/nordvpn.yaml Normal file
View File

@ -0,0 +1,7 @@
---
...