Merge branch 'infra_olimp' into 'main'

Update 12 files See merge request root/Olimp!2
2025-10-10 10:57:18 +00:00 · 2025-10-10 10:57:18 +00:00 · e8de0d9d47
commit e8de0d9d47
parent ec095c82f4 32ba056b5e
12 changed files with 309 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -9,7 +9,34 @@ Infra/
 ├── vault.yml           # Секреты (зашифровано)
 └── README.md           # Документация

-text
+Infra/
+├── inventories/
+│   └── hosts.yml
+├── group_vars/
+│   ├── all.yml
+│   └── gateway.yml
+├── roles/
+│   ├── proxmox_lxc/
+│   │   └── tasks/
+│   │       └── main.yml
+│   ├── base_setup/
+│   │   ├── tasks/
+│   │   │   ├── main.yml
+│   │   │   └── ssh.yml
+│   │   └── handlers/
+│   │       └── main.yml
+│   ├── docker/
+│   │   └── tasks/
+│   │       └── main.yml
+│   ├── heimdall/
+│   │   └── tasks/
+│   │       └── main.yml
+│   └── npm/
+│       └── tasks/
+│           └── main.yml
+├── olimp-deploy.yml
+├── vault.yml
+└── README.md

 ## Использование

@ -29,6 +56,7 @@ ansible-playbook -i inventories/hosts.yml olimp-deploy.yml --tags docker
 ansible-playbook -i inventories/hosts.yml olimp-deploy.yml --tags heimdall

 Роли
+
 proxmox_lxc - Создание LXC контейнеров в Proxmox

 base_setup - Базовая настройка ОС
--- a/inventories/group_vars/all.yml
+++ b/inventories/group_vars/all.yml
@ -0,0 +1,24 @@
+---
+# Общие настройки для всех хостов
+timezone: Asia/Yekaterinburg
+system_locale: ru_RU.UTF-8
+
+# Настройки пользователей
+admin_user: root
+
+# Список пакетов для установки на всех хостах
+base_packages:
+  - curl
+  - wget
+  - gnupg
+  - ca-certificates
+  - software-properties-common
+  - tree
+  - htop
+  - nano
+  - git
+  - apt-transport-https
+  - net-tools
+  - dnsutils
+  - iputils-ping
+  - traceroute
--- a/inventories/group_vars/gateway.yml
+++ b/inventories/group_vars/gateway.yml
@ -0,0 +1,19 @@
+---
+# Настройки Heimdall
+heimdall:
+  port: "45131:80"
+  image: lscr.io/linuxserver/heimdall:latest
+  config_dir: "/opt/heimdall"
+  user_id: "1000"
+  group_id: "1000"
+  timezone: "Asia/Yekaterinburg"
+
+# Настройки NPM (Nginx Proxy Manager)
+npm:
+  image: jc21/nginx-proxy-manager:latest
+  data_dir: "/opt/npm/data"
+  letsencrypt_dir: "/opt/npm/letsencrypt"
+  ports:
+    - "80:80"
+    - "443:443" 
+    - "81:81"
--- a/inventories/hosts.yml
+++ b/inventories/hosts.yml
@ -0,0 +1,20 @@
+all:
+  children:
+    proxmox:
+      hosts:
+        proxmox:
+          ansible_host: 192.168.1.200
+          ansible_user: root
+    
+    gateway:
+      hosts:
+        gateway:
+          ansible_host: 192.168.1.221
+          ansible_user: root
+    
+    # Остальные хосты добавим позже
+    # database:
+    #   hosts:
+    #     database:
+    #       ansible_host: 192.168.1.222
+    #       ansible_user: root
--- a/olimp-deploy.yml
+++ b/olimp-deploy.yml
@ -0,0 +1,35 @@
+---
+- name: Create Gateway LXC container in Proxmox
+  hosts: proxmox
+  gather_facts: false
+  vars_files:
+    - vault.yml
+  roles:
+    - role: proxmox_lxc
+      tags: deploy_lxc
+
+- name: Base setup for gateway
+  hosts: gateway
+  vars_files:
+    - vault.yml
+  roles:
+    - role: base_setup
+      tags: base_setup
+
+- name: Install Docker on gateway
+  hosts: gateway
+  roles:
+    - role: docker
+      tags: deploy_docker
+
+- name: Deploy Heimdall service
+  hosts: gateway
+  roles:
+    - role: heimdall
+      tags: deploy_heimdall
+      
+- name:  Deploy NPM service
+  hosts: gateway
+  roles:
+    - role: npm
+      tags: deploy_npm
--- a/roles/base_setup/handlers/main.yml
+++ b/roles/base_setup/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: restart ssh
+  service:
+    name: ssh
+    state: restarted
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@ -0,0 +1,26 @@
+---
+- name: Update apt package cache
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Install base packages
+  apt:
+    name: "{{ base_packages }}"
+    state: present
+
+- name: Set timezone
+  timezone:
+    name: "{{ timezone }}"
+
+- name: Set system locale
+  locale_gen:
+    name: "{{ system_locale }}"
+    state: present
+
+- name: Ensure hostname is set correctly
+  hostname:
+    name: "{{ inventory_hostname }}"
+
+- name: Include SSH configuration
+  include_tasks: ssh.yml
--- a/roles/base_setup/tasks/ssh.yml
+++ b/roles/base_setup/tasks/ssh.yml
@ -0,0 +1,21 @@
+---
+- name: Disable SSH password authentication
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?PasswordAuthentication'
+    line: 'PasswordAuthentication no'
+    state: present
+  notify: restart ssh
+
+- name: Ensure SSH directory exists
+  file:
+    path: /root/.ssh
+    state: directory
+    mode: '0700'
+
+- name: Add SSH public keys for root access
+  authorized_key:
+    user: root
+    key: "{{ item }}"
+    state: present
+  loop: "{{ ssh_public_keys }}"
--- a/roles/heimdall/tasks/main.yml
+++ b/roles/heimdall/tasks/main.yml
@ -0,0 +1,21 @@
+---
+- name: Create directory for Heimdall
+  file:
+    path: "{{ heimdall.config_dir }}"
+    state: directory
+    mode: '0755'
+
+- name: Run Heimdall container
+  docker_container:
+    name: heimdall
+    image: "{{ heimdall.image }}"
+    state: started
+    restart_policy: unless-stopped
+    ports:
+      - "{{ heimdall.port }}"
+    volumes:
+      - "{{ heimdall.config_dir }}:/config"
+    env:
+      PUID: "{{ heimdall.user_id }}"
+      PGID: "{{ heimdall.group_id }}"
+      TZ: "{{ heimdall.timezone }}"
--- a/roles/npm/tasks/main.yml
+++ b/roles/npm/tasks/main.yml
@ -0,0 +1,20 @@
+---
+- name: Create directories for NPM
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "{{ npm.data_dir }}"
+    - "{{ npm.letsencrypt_dir }}"
+
+- name: Run NPM container
+  docker_container:
+    name: npm
+    image: "{{ npm.image }}"
+    state: started
+    restart_policy: unless-stopped
+    ports: "{{ npm.ports }}"
+    volumes:
+      - "{{ npm.data_dir }}:/data"
+      - "{{ npm.letsencrypt_dir }}:/etc/letsencrypt"
--- a/roles/proxmox_lxc/tasks/main.yml
+++ b/roles/proxmox_lxc/tasks/main.yml
@ -0,0 +1,20 @@
+---
+- name: Create Gateway LXC container
+  community.general.proxmox_lxc:
+    node: "{{ proxmox_node }}"
+    vmid: 221
+    hostname: gateway
+    storage: "vmsystem"
+    cores: 1
+    memory: 2048
+    swap: 512
+    rootfs: "vmsystem:5"
+    template: "ubuntu-24.04-standard_24.04-2_amd64.tar.zst"
+    password: "{{ proxmox_root_password }}"
+    net:
+      name: eth0
+      bridge: vmbr0
+      ip: 192.168.1.221/24
+      gw: 192.168.1.1
+    unprivileged: true
+    state: present
--- a/vault.yml
+++ b/vault.yml
@ -0,0 +1,69 @@
+$ANSIBLE_VAULT;1.1;AES256
+34323261373938353539616136396439663631363231666261613930626435353765353861633863
+6135303266383232623464613635393332656134623233360a316666636330653966393436393631
+31323530396261333466626433306538623830306162363565663932653735313061353161663833
+3730376164643663380a656536313630646363316162373036633965333663376338313965356664
+66303130323261616262633234343534373163663966346365616162616461623231626561383163
+39313636323139356234613438366161396164616165313735666461346466666231656137666537
+37633837633166393666663464643739303736633138343761373766306563376133346561326131
+33353563643637613436313039316132653036663462323563303238323964386662363631373231
+64663964663463303664353630353465653534633732346137336566303939613161326139383466
+32363837373361346565333164623166633361306530333137313162666237653865653538633831
+32613466353736343930653831386133343031383636356265633138353335373437373332666338
+61633233646439656432666532653764366662366463313634303961323364343763663163303766
+30303664623236393230376139623934663363353730306637616566316664646162663136633562
+64653237306239396533616432313035636530303265623631653233313434376266616565663030
+62623736373436336264616236333334393631386364316237366339386466656263653330383934
+30646631363563373733336431636437386464376631353336643832616430613539666634306234
+31613362393837643864613034373735303831373233363636613562353434393765393030393863
+64343136323337313963623763356136623034626335643565373931383962376232343939656639
+34303635333864366634336662653563663234303831353938373630333036636438333461333262
+61616534383865376232303734393431663333353033613932666438623131616532636335646331
+63316338623465373431356661613564333632663931313332336636626261656464313864393062
+34373631303933376532333062616533383765303535636535333937306236373931663061333266
+32616566613737383633356637653435646562636366353739363230653936306331346661643836
+63336630363866326138666531353364663731356131313434613261363539643633366566643961
+61313761333532353966356661363966336166343737633034363962613034383935613865656266
+36646262373432353762303834616664343132326138356464373438666138663163613738376564
+65633530376461306333366437656366356236616631306231346537636130633630396431333138
+32376430653439653733306432346264633861373130633636653830626431386439393765383835
+32333264626139623738336330326161343132386335306534653033653639353836663866653630
+34303161363334623636336333623565663765623131336662323861303261323939363936646363
+34383230623133303164373236316639656239393466623339613331323735353164396663366639
+62303131353633383838343735623163323731396463316434356436316661306336306462323731
+37393439623233663936616363333966326339386231353265616564323936323763653639636665
+31666439656633643531363733313539643965303439633362653965623761666366303339656161
+66626639326237336261656434333863393064336466356662386534623261633739646634383734
+64643762623361636431343337616636393132366565303965653634613062376661373665316261
+33613730363963633436653439303639656263303336336261393532323736616438666362386331
+37343762656133633761653835363831613964346330343831373534623561336338643637363330
+62666132376635666539626361323834636332303866376561653531643731323739393466653735
+31346135366139616663653235363562626164623466393430353237383462376633326535306664
+39346131633632373363616162373037363266333265346232363666353234336635393733303734
+39666566643935623766353265623863626637663666343732303462306136376165373031303666
+32316665383335393763393062653366613336643638323337646433666432323533366261386464
+34323432386636623835646231323238613166383563623265326633636638306161356261393030
+31633064363637366561343364616262303237376361373565373061666637333066653933663935
+36663031656162663132623566393166613465333434613030623162643561663739626333366432
+38373536623361613466343363643531613239323038633531643561663235313836636635656631
+31353966373166386161623134373363663335323239643565366436646462323938646133363561
+61386566346638616264353866393261663165346562636331363534336532366532363062343366
+30396239383632323430616463393338623438396464316639373133346138323766306130396130
+63376563666666386234623937626136373665383162386263313935366362326632343636353831
+38643739363838653464633339316631623732353562666539353632363165366165396238393436
+39666265663337613433353035643334336234313534663535346166366335653436373263363137
+32663666323032396461346330666630353239313639336263363063643139383236343736316439
+35333431643664336630623732396663383634356333646134393931313466396466393330373762
+37316663323138656130626166323362643961323131306335366438616431353861333462346138
+65333038346434363130373761393164663134613432363232343535663434306165376262386130
+63613365313433333431663566643434373330663232376362323238323337343936313263323730
+36633436393062656136636565303063643738366131666166363630303734626337643463643836
+65333337373033363235333238653638336534653538393861613531643230343836323663303365
+30643364376363316139653336323462333364336233646234313838343531646233366636616362
+62613437363437363338303764613963373064626464653136353437366534343639356433643739
+37326130323530343839376163316234636236343636383963616537623932643236333136623739
+30383134636665343036306231306537643166323734623936666537663039333336346639366633
+37353061613665303433326438386663303061346235306361643030366262643763656432623339
+38613838393931376630313665643662633230313130643530636161633364313563316364313639
+65313463306664333464383566343431366433373830366139356233643537393133613639383338
+31333330626461383261343863666364653436303433616331383131646139636331396263346230