Update 12 files

- /inventories/hosts.yml - /inventories/group_vars/all.yml - /inventories/group_vars/gateway.yml - /roles/proxmox_lxc/tasks/main.yml - /roles/base_setup/tasks/ssh.yml - /roles/base_setup/tasks/main.yml - /roles/base_setup/handlers/main.yml - /roles/npm/tasks/main.yml - /roles/heimdall/tasks/main.yml - /README.md - /olimp-deploy.yml - /vault.yml
2025-10-10 10:56:09 +00:00 · 2025-10-10 10:56:09 +00:00 · 32ba056b5e
commit 32ba056b5e
parent 28427bc5a2
12 changed files with 309 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -9,7 +9,34 @@ Infra/
 ├── vault.yml           # Секреты (зашифровано)
 └── README.md           # Документация
-text
+Infra/
 ├── inventories/
 │   └── hosts.yml
 ├── group_vars/
 │   ├── all.yml
 │   └── gateway.yml
 ├── roles/
 │   ├── proxmox_lxc/
 │   │   └── tasks/
 │   │       └── main.yml
 │   ├── base_setup/
 │   │   ├── tasks/
 │   │   │   ├── main.yml
 │   │   │   └── ssh.yml
 │   │   └── handlers/
 │   │       └── main.yml
 │   ├── docker/
 │   │   └── tasks/
 │   │       └── main.yml
 │   ├── heimdall/
 │   │   └── tasks/
 │   │       └── main.yml
 │   └── npm/
 │       └── tasks/
 │           └── main.yml
 ├── olimp-deploy.yml
 ├── vault.yml
 └── README.md
 ## Использование
@ -29,6 +56,7 @@ ansible-playbook -i inventories/hosts.yml olimp-deploy.yml --tags docker
 ansible-playbook -i inventories/hosts.yml olimp-deploy.yml --tags heimdall
 Роли
 proxmox_lxc - Создание LXC контейнеров в Proxmox
 base_setup - Базовая настройка ОС
--- a/inventories/group_vars/all.yml
+++ b/inventories/group_vars/all.yml
@ -0,0 +1,24 @@
 ---
 # Общие настройки для всех хостов
 timezone: Asia/Yekaterinburg
 system_locale: ru_RU.UTF-8
 # Настройки пользователей
 admin_user: root
 # Список пакетов для установки на всех хостах
 base_packages:
  - curl
  - wget
  - gnupg
  - ca-certificates
  - software-properties-common
  - tree
  - htop
  - nano
  - git
  - apt-transport-https
  - net-tools
  - dnsutils
  - iputils-ping
  - traceroute
--- a/inventories/group_vars/gateway.yml
+++ b/inventories/group_vars/gateway.yml
@ -0,0 +1,19 @@
 ---
 # Настройки Heimdall
 heimdall:
  port: "45131:80"
  image: lscr.io/linuxserver/heimdall:latest
  config_dir: "/opt/heimdall"
  user_id: "1000"
  group_id: "1000"
  timezone: "Asia/Yekaterinburg"
 # Настройки NPM (Nginx Proxy Manager)
 npm:
  image: jc21/nginx-proxy-manager:latest
  data_dir: "/opt/npm/data"
  letsencrypt_dir: "/opt/npm/letsencrypt"
  ports:
    - "80:80"
    - "443:443" 
    - "81:81"
--- a/inventories/hosts.yml
+++ b/inventories/hosts.yml
@ -0,0 +1,20 @@
 all:
  children:
    proxmox:
      hosts:
        proxmox:
          ansible_host: 192.168.1.200
          ansible_user: root
    gateway:
      hosts:
        gateway:
          ansible_host: 192.168.1.221
          ansible_user: root
    # Остальные хосты добавим позже
    # database:
    #   hosts:
    #     database:
    #       ansible_host: 192.168.1.222
    #       ansible_user: root
--- a/olimp-deploy.yml
+++ b/olimp-deploy.yml
@ -0,0 +1,35 @@
 ---
 - name: Create Gateway LXC container in Proxmox
  hosts: proxmox
  gather_facts: false
  vars_files:
    - vault.yml
  roles:
    - role: proxmox_lxc
      tags: deploy_lxc
 - name: Base setup for gateway
  hosts: gateway
  vars_files:
    - vault.yml
  roles:
    - role: base_setup
      tags: base_setup
 - name: Install Docker on gateway
  hosts: gateway
  roles:
    - role: docker
      tags: deploy_docker
 - name: Deploy Heimdall service
  hosts: gateway
  roles:
    - role: heimdall
      tags: deploy_heimdall
 - name:  Deploy NPM service
  hosts: gateway
  roles:
    - role: npm
      tags: deploy_npm
--- a/roles/base_setup/handlers/main.yml
+++ b/roles/base_setup/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: restart ssh
  service:
    name: ssh
    state: restarted
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@ -0,0 +1,26 @@
 ---
 - name: Update apt package cache
  apt:
    update_cache: yes
    cache_valid_time: 3600
 - name: Install base packages
  apt:
    name: "{{ base_packages }}"
    state: present
 - name: Set timezone
  timezone:
    name: "{{ timezone }}"
 - name: Set system locale
  locale_gen:
    name: "{{ system_locale }}"
    state: present
 - name: Ensure hostname is set correctly
  hostname:
    name: "{{ inventory_hostname }}"
 - name: Include SSH configuration
  include_tasks: ssh.yml
--- a/roles/base_setup/tasks/ssh.yml
+++ b/roles/base_setup/tasks/ssh.yml
@ -0,0 +1,21 @@
 ---
 - name: Disable SSH password authentication
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PasswordAuthentication'
    line: 'PasswordAuthentication no'
    state: present
  notify: restart ssh
 - name: Ensure SSH directory exists
  file:
    path: /root/.ssh
    state: directory
    mode: '0700'
 - name: Add SSH public keys for root access
  authorized_key:
    user: root
    key: "{{ item }}"
    state: present
  loop: "{{ ssh_public_keys }}"
--- a/roles/heimdall/tasks/main.yml
+++ b/roles/heimdall/tasks/main.yml
@ -0,0 +1,21 @@
 ---
 - name: Create directory for Heimdall
  file:
    path: "{{ heimdall.config_dir }}"
    state: directory
    mode: '0755'
 - name: Run Heimdall container
  docker_container:
    name: heimdall
    image: "{{ heimdall.image }}"
    state: started
    restart_policy: unless-stopped
    ports:
      - "{{ heimdall.port }}"
    volumes:
      - "{{ heimdall.config_dir }}:/config"
    env:
      PUID: "{{ heimdall.user_id }}"
      PGID: "{{ heimdall.group_id }}"
      TZ: "{{ heimdall.timezone }}"
--- a/roles/npm/tasks/main.yml
+++ b/roles/npm/tasks/main.yml
@ -0,0 +1,20 @@
 ---
 - name: Create directories for NPM
  file:
    path: "{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - "{{ npm.data_dir }}"
    - "{{ npm.letsencrypt_dir }}"
 - name: Run NPM container
  docker_container:
    name: npm
    image: "{{ npm.image }}"
    state: started
    restart_policy: unless-stopped
    ports: "{{ npm.ports }}"
    volumes:
      - "{{ npm.data_dir }}:/data"
      - "{{ npm.letsencrypt_dir }}:/etc/letsencrypt"
--- a/roles/proxmox_lxc/tasks/main.yml
+++ b/roles/proxmox_lxc/tasks/main.yml
@ -0,0 +1,20 @@
 ---
 - name: Create Gateway LXC container
  community.general.proxmox_lxc:
    node: "{{ proxmox_node }}"
    vmid: 221
    hostname: gateway
    storage: "vmsystem"
    cores: 1
    memory: 2048
    swap: 512
    rootfs: "vmsystem:5"
    template: "ubuntu-24.04-standard_24.04-2_amd64.tar.zst"
    password: "{{ proxmox_root_password }}"
    net:
      name: eth0
      bridge: vmbr0
      ip: 192.168.1.221/24
      gw: 192.168.1.1
    unprivileged: true
    state: present
--- a/vault.yml
+++ b/vault.yml
@ -0,0 +1,69 @@
 $ANSIBLE_VAULT;1.1;AES256
 34323261373938353539616136396439663631363231666261613930626435353765353861633863
 6135303266383232623464613635393332656134623233360a316666636330653966393436393631
 31323530396261333466626433306538623830306162363565663932653735313061353161663833
 3730376164643663380a656536313630646363316162373036633965333663376338313965356664
 66303130323261616262633234343534373163663966346365616162616461623231626561383163
 39313636323139356234613438366161396164616165313735666461346466666231656137666537
 37633837633166393666663464643739303736633138343761373766306563376133346561326131
 33353563643637613436313039316132653036663462323563303238323964386662363631373231
 64663964663463303664353630353465653534633732346137336566303939613161326139383466
 32363837373361346565333164623166633361306530333137313162666237653865653538633831
 32613466353736343930653831386133343031383636356265633138353335373437373332666338
 61633233646439656432666532653764366662366463313634303961323364343763663163303766
 30303664623236393230376139623934663363353730306637616566316664646162663136633562
 64653237306239396533616432313035636530303265623631653233313434376266616565663030
 62623736373436336264616236333334393631386364316237366339386466656263653330383934
 30646631363563373733336431636437386464376631353336643832616430613539666634306234
 31613362393837643864613034373735303831373233363636613562353434393765393030393863
 64343136323337313963623763356136623034626335643565373931383962376232343939656639
 34303635333864366634336662653563663234303831353938373630333036636438333461333262
 61616534383865376232303734393431663333353033613932666438623131616532636335646331
 63316338623465373431356661613564333632663931313332336636626261656464313864393062
 34373631303933376532333062616533383765303535636535333937306236373931663061333266
 32616566613737383633356637653435646562636366353739363230653936306331346661643836
 63336630363866326138666531353364663731356131313434613261363539643633366566643961
 61313761333532353966356661363966336166343737633034363962613034383935613865656266
 36646262373432353762303834616664343132326138356464373438666138663163613738376564
 65633530376461306333366437656366356236616631306231346537636130633630396431333138
 32376430653439653733306432346264633861373130633636653830626431386439393765383835
 32333264626139623738336330326161343132386335306534653033653639353836663866653630
 34303161363334623636336333623565663765623131336662323861303261323939363936646363
 34383230623133303164373236316639656239393466623339613331323735353164396663366639
 62303131353633383838343735623163323731396463316434356436316661306336306462323731
 37393439623233663936616363333966326339386231353265616564323936323763653639636665
 31666439656633643531363733313539643965303439633362653965623761666366303339656161
 66626639326237336261656434333863393064336466356662386534623261633739646634383734
 64643762623361636431343337616636393132366565303965653634613062376661373665316261
 33613730363963633436653439303639656263303336336261393532323736616438666362386331
 37343762656133633761653835363831613964346330343831373534623561336338643637363330
 62666132376635666539626361323834636332303866376561653531643731323739393466653735
 31346135366139616663653235363562626164623466393430353237383462376633326535306664
 39346131633632373363616162373037363266333265346232363666353234336635393733303734
 39666566643935623766353265623863626637663666343732303462306136376165373031303666
 32316665383335393763393062653366613336643638323337646433666432323533366261386464
 34323432386636623835646231323238613166383563623265326633636638306161356261393030
 31633064363637366561343364616262303237376361373565373061666637333066653933663935
 36663031656162663132623566393166613465333434613030623162643561663739626333366432
 38373536623361613466343363643531613239323038633531643561663235313836636635656631
 31353966373166386161623134373363663335323239643565366436646462323938646133363561
 61386566346638616264353866393261663165346562636331363534336532366532363062343366
 30396239383632323430616463393338623438396464316639373133346138323766306130396130
 63376563666666386234623937626136373665383162386263313935366362326632343636353831
 38643739363838653464633339316631623732353562666539353632363165366165396238393436
 39666265663337613433353035643334336234313534663535346166366335653436373263363137
 32663666323032396461346330666630353239313639336263363063643139383236343736316439
 35333431643664336630623732396663383634356333646134393931313466396466393330373762
 37316663323138656130626166323362643961323131306335366438616431353861333462346138
 65333038346434363130373761393164663134613432363232343535663434306165376262386130
 63613365313433333431663566643434373330663232376362323238323337343936313263323730
 36633436393062656136636565303063643738366131666166363630303734626337643463643836
 65333337373033363235333238653638336534653538393861613531643230343836323663303365
 30643364376363316139653336323462333364336233646234313838343531646233366636616362
 62613437363437363338303764613963373064626464653136353437366534343639356433643739
 37326130323530343839376163316234636236343636383963616537623932643236333136623739
 30383134636665343036306231306537643166323734623936666537663039333336346639366633
 37353061613665303433326438386663303061346235306361643030366262643763656432623339
 38613838393931376630313665643662633230313130643530636161633364313563316364313639
 65313463306664333464383566343431366433373830366139356233643537393133613639383338
 31333330626461383261343863666364653436303433616331383131646139636331396263346230