gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

chore: cleanup

Browse Source
master
Sven Ketelsen 5 years ago
parent c63d557861
commit b741b5872a
6 changed files with 123 additions and 25 deletions
Show Stats Download Patch File Download Diff File

2
roles/_digitalocean/tasks/domain.yml
Unescape Escape View File

@ -16,7 +16,7 @@
- name: Parse DNS entry for {{ record_name }}.{{ domain }} - name: Parse DNS entry for {{ record_name }}.{{ domain }}
set_fact: set_fact:
domain_record: "{{ domain_records_response_json.domain_records | json_query(jmesquery) | first | default({'name': '-', 'ip': '-'}) }}" domain_record: "{{ domain_records_response_json.domain_records | json_query(jmesquery) | first | default({'name': '-', 'ip': '-'}) }}"
vars: vars:
jmesquery: '[*].{id: id, name: name, ip: data}' jmesquery: '[*].{id: id, name: name, ip: data}'

5
roles/common/tasks/main.yml
Unescape Escape View File

@ -180,8 +180,9 @@
- name: sshd configuration file update - name: sshd configuration file update
template: template:
src: 'configs/sshd/sshd_config.j2' src: 'configs/sshd/sshd_config.j2'
dest: '/etc/ssh/sshd_config' dest: '/etc/ssh/sshd_config.new'
backup: yes owner: 'root'
group: 'root'
mode: 0644 mode: 0644
notify: notify:
- restart ssh - restart ssh

72
roles/hcloud/tasks/main.yml
Unescape Escape View File

@ -2,6 +2,58 @@
### tags: ### tags:
- name: Get all Firewalls from Hetzner
uri:
url: "https://api.hetzner.cloud/v1/firewalls"
headers:
accept: application/json
authorization: Bearer {{ hetzner_authentication_token }}
return_content: yes
register: hetzner_firewalls_response
delegate_to: 127.0.0.1
- name: Save firewall entries as variable (fact)
set_fact:
hetzner_firewalls_response_json: "{{ hetzner_firewalls_response.json }}"
- name: Parse firewall entry for default
set_fact:
firewall_record: "{{ hetzner_firewalls_response_json.firewalls | json_query(jmesquery) | first | default({'name': '-', 'id': '-'}) }}"
vars:
jmesquery: '[*].{id: id, name: name}'
- name: Print firewall entry for default
debug:
msg: "{{ firewall_record }}"
- name: Save firewall entry default
uri:
method: POST
url: "https://api.hetzner.cloud/v1/firewalls"
body_format: json
body: "{{ lookup('template','firewall-default.json.j2') }}"
headers:
accept: application/json
authorization: Bearer {{ hetzner_authentication_token }}
return_content: yes
status_code: 201
when: firewall_record.id == '-'
delegate_to: 127.0.0.1
- name: Update firewall entry default
uri:
method: PUT
url: "https://api.hetzner.cloud/v1/firewalls/{{ firewall_record.id }}"
body_format: json
body: "{{ lookup('template','firewall-default.json.j2') }}"
headers:
accept: application/json
authorization: Bearer {{ hetzner_authentication_token }}
return_content: yes
status_code: 200
when: firewall_record.id != '-'
delegate_to: 127.0.0.1
- name: Create new server {{ inventory_hostname }} - name: Create new server {{ inventory_hostname }}
hetzner.hcloud.hcloud_server: hetzner.hcloud.hcloud_server:
api_token: "{{ hetzner_authentication_token }}" api_token: "{{ hetzner_authentication_token }}"
@ -9,28 +61,10 @@
server_type: "{{ hetzner_server_type }}" server_type: "{{ hetzner_server_type }}"
image: "{{ hetzner_server_image }}" image: "{{ hetzner_server_image }}"
ssh_keys: "{{ hetzner_ssh_keys }}" ssh_keys: "{{ hetzner_ssh_keys }}"
location: nbg1
state: present state: present
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
#- name: Create management network and server {{ inventory_hostname }}
# hetzner.hcloud.hcloud_server_network:
# api_token: "{{ hetzner_authentication_token }}"
# network: "management"
# server: "{{ inventory_hostname }}"
# state: present
# delegate_to: 127.0.0.1
#- hetzner.hcloud.hcloud_firewall:
# api_token: "{{ hetzner_authentication_token }}"
# name: "{{ inventory_hostname }}"
# rules:
# - direction: in
# protocol: icmp
# source_ips:
# - 212.121.131.106/0
# state: present
# delegate_to: 127.0.0.1
- name: Gather current server infos - name: Gather current server infos
hcloud_server_info: hcloud_server_info:
api_token: "{{ hetzner_authentication_token }}" api_token: "{{ hetzner_authentication_token }}"

64
roles/hcloud/templates/firewall-default.json.j2
Unescape Escape View File

@ -0,0 +1,64 @@
{
"name": "default",
"labels": {
},
"rules": [
{
"direction": "in",
"protocol": "icmp",
"port": null,
"source_ips": [
"0.0.0.0/0",
"::/0"
],
"destination_ips": [
]
},
{
"direction": "in",
"protocol": "tcp",
"port": "22",
"source_ips": [
"212.121.131.106/32",
"5.9.148.23/32"
],
"destination_ips": [
]
},
{
"direction": "in",
"protocol": "tcp",
"port": "80",
"source_ips": [
"0.0.0.0/0",
"::/0"
],
"destination_ips": [
]
},
{
"direction": "in",
"protocol": "tcp",
"port": "443",
"source_ips": [
"0.0.0.0/0",
"::/0"
],
"destination_ips": [
]
},
{
"direction": "in",
"protocol": "tcp",
"port": "9080-9085",
"source_ips": [
"212.121.131.106/32",
"5.9.148.23/32"
],
"destination_ips": [
]
}
],
"applied_to": [
]
}

1
roles/hetzner-state/tasks/main.yml
Unescape Escape View File

@ -5,6 +5,7 @@
- name: Ensure the server {{ inventory_hostname }} is {{ hetzner_state }} - name: Ensure the server {{ inventory_hostname }} is {{ hetzner_state }}
hcloud_server: hcloud_server:
api_token: "{{ hetzner_authentication_token }}" api_token: "{{ hetzner_authentication_token }}"
image: "{{ hetzner_server_image }}"
name: "{{ inventory_hostname }}" name: "{{ inventory_hostname }}"
state: "{{ hetzner_state }}" state: "{{ hetzner_state }}"
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1

4
stage-dev
Unescape Escape View File

@ -2,9 +2,7 @@
dev-elastic-stack-01 dev-elastic-stack-01
dev-elastic-stack-02 dev-elastic-stack-02
dev-elastic-stack-03 dev-elastic-stack-03
dev-prometheus-01 dev-docker-registry-01
[prometheus]
dev-prometheus-01 dev-prometheus-01
[stage_dev:children] [stage_dev:children]

Write Preview
Loading…
Cancel
Save