From 32ba056b5eac75f83958df1fd4f4ac1b611c21ae Mon Sep 17 00:00:00 2001 From: Administrator Date: Fri, 10 Oct 2025 10:56:09 +0000 Subject: [PATCH] Update 12 files - /inventories/hosts.yml - /inventories/group_vars/all.yml - /inventories/group_vars/gateway.yml - /roles/proxmox_lxc/tasks/main.yml - /roles/base_setup/tasks/ssh.yml - /roles/base_setup/tasks/main.yml - /roles/base_setup/handlers/main.yml - /roles/npm/tasks/main.yml - /roles/heimdall/tasks/main.yml - /README.md - /olimp-deploy.yml - /vault.yml --- README.md | 30 ++++++++++++- inventories/group_vars/all.yml | 24 +++++++++++ inventories/group_vars/gateway.yml | 19 ++++++++ inventories/hosts.yml | 20 +++++++++ olimp-deploy.yml | 35 +++++++++++++++ roles/base_setup/handlers/main.yml | 5 +++ roles/base_setup/tasks/main.yml | 26 +++++++++++ roles/base_setup/tasks/ssh.yml | 21 +++++++++ roles/heimdall/tasks/main.yml | 21 +++++++++ roles/npm/tasks/main.yml | 20 +++++++++ roles/proxmox_lxc/tasks/main.yml | 20 +++++++++ vault.yml | 69 ++++++++++++++++++++++++++++++ 12 files changed, 309 insertions(+), 1 deletion(-) create mode 100644 inventories/group_vars/all.yml create mode 100644 inventories/group_vars/gateway.yml create mode 100644 inventories/hosts.yml create mode 100644 roles/base_setup/handlers/main.yml create mode 100644 roles/base_setup/tasks/main.yml create mode 100644 roles/base_setup/tasks/ssh.yml create mode 100644 roles/heimdall/tasks/main.yml create mode 100644 roles/npm/tasks/main.yml create mode 100644 roles/proxmox_lxc/tasks/main.yml diff --git a/README.md b/README.md index fb345c1..bb32931 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,34 @@ Infra/ ├── vault.yml # Секреты (зашифровано) └── README.md # Документация -text +Infra/ +├── inventories/ +│ └── hosts.yml +├── group_vars/ +│ ├── all.yml +│ └── gateway.yml +├── roles/ +│ ├── proxmox_lxc/ +│ │ └── tasks/ +│ │ └── main.yml +│ ├── base_setup/ +│ │ ├── tasks/ +│ │ │ ├── main.yml +│ │ │ └── ssh.yml +│ │ └── handlers/ +│ │ └── main.yml +│ ├── docker/ +│ │ └── tasks/ +│ │ └── main.yml +│ ├── heimdall/ +│ │ └── tasks/ +│ │ └── main.yml +│ └── npm/ +│ └── tasks/ +│ └── main.yml +├── olimp-deploy.yml +├── vault.yml +└── README.md ## Использование @@ -29,6 +56,7 @@ ansible-playbook -i inventories/hosts.yml olimp-deploy.yml --tags docker ansible-playbook -i inventories/hosts.yml olimp-deploy.yml --tags heimdall Роли + proxmox_lxc - Создание LXC контейнеров в Proxmox base_setup - Базовая настройка ОС diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml new file mode 100644 index 0000000..63514d8 --- /dev/null +++ b/inventories/group_vars/all.yml @@ -0,0 +1,24 @@ +--- +# Общие настройки для всех хостов +timezone: Asia/Yekaterinburg +system_locale: ru_RU.UTF-8 + +# Настройки пользователей +admin_user: root + +# Список пакетов для установки на всех хостах +base_packages: + - curl + - wget + - gnupg + - ca-certificates + - software-properties-common + - tree + - htop + - nano + - git + - apt-transport-https + - net-tools + - dnsutils + - iputils-ping + - traceroute \ No newline at end of file diff --git a/inventories/group_vars/gateway.yml b/inventories/group_vars/gateway.yml new file mode 100644 index 0000000..c3e0bee --- /dev/null +++ b/inventories/group_vars/gateway.yml @@ -0,0 +1,19 @@ +--- +# Настройки Heimdall +heimdall: + port: "45131:80" + image: lscr.io/linuxserver/heimdall:latest + config_dir: "/opt/heimdall" + user_id: "1000" + group_id: "1000" + timezone: "Asia/Yekaterinburg" + +# Настройки NPM (Nginx Proxy Manager) +npm: + image: jc21/nginx-proxy-manager:latest + data_dir: "/opt/npm/data" + letsencrypt_dir: "/opt/npm/letsencrypt" + ports: + - "80:80" + - "443:443" + - "81:81" \ No newline at end of file diff --git a/inventories/hosts.yml b/inventories/hosts.yml new file mode 100644 index 0000000..7a9c449 --- /dev/null +++ b/inventories/hosts.yml @@ -0,0 +1,20 @@ +all: + children: + proxmox: + hosts: + proxmox: + ansible_host: 192.168.1.200 + ansible_user: root + + gateway: + hosts: + gateway: + ansible_host: 192.168.1.221 + ansible_user: root + + # Остальные хосты добавим позже + # database: + # hosts: + # database: + # ansible_host: 192.168.1.222 + # ansible_user: root \ No newline at end of file diff --git a/olimp-deploy.yml b/olimp-deploy.yml index e69de29..366ec32 100644 --- a/olimp-deploy.yml +++ b/olimp-deploy.yml @@ -0,0 +1,35 @@ +--- +- name: Create Gateway LXC container in Proxmox + hosts: proxmox + gather_facts: false + vars_files: + - vault.yml + roles: + - role: proxmox_lxc + tags: deploy_lxc + +- name: Base setup for gateway + hosts: gateway + vars_files: + - vault.yml + roles: + - role: base_setup + tags: base_setup + +- name: Install Docker on gateway + hosts: gateway + roles: + - role: docker + tags: deploy_docker + +- name: Deploy Heimdall service + hosts: gateway + roles: + - role: heimdall + tags: deploy_heimdall + +- name: Deploy NPM service + hosts: gateway + roles: + - role: npm + tags: deploy_npm \ No newline at end of file diff --git a/roles/base_setup/handlers/main.yml b/roles/base_setup/handlers/main.yml new file mode 100644 index 0000000..25a256f --- /dev/null +++ b/roles/base_setup/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart ssh + service: + name: ssh + state: restarted \ No newline at end of file diff --git a/roles/base_setup/tasks/main.yml b/roles/base_setup/tasks/main.yml new file mode 100644 index 0000000..6fc398b --- /dev/null +++ b/roles/base_setup/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Update apt package cache + apt: + update_cache: yes + cache_valid_time: 3600 + +- name: Install base packages + apt: + name: "{{ base_packages }}" + state: present + +- name: Set timezone + timezone: + name: "{{ timezone }}" + +- name: Set system locale + locale_gen: + name: "{{ system_locale }}" + state: present + +- name: Ensure hostname is set correctly + hostname: + name: "{{ inventory_hostname }}" + +- name: Include SSH configuration + include_tasks: ssh.yml \ No newline at end of file diff --git a/roles/base_setup/tasks/ssh.yml b/roles/base_setup/tasks/ssh.yml new file mode 100644 index 0000000..20527d7 --- /dev/null +++ b/roles/base_setup/tasks/ssh.yml @@ -0,0 +1,21 @@ +--- +- name: Disable SSH password authentication + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?PasswordAuthentication' + line: 'PasswordAuthentication no' + state: present + notify: restart ssh + +- name: Ensure SSH directory exists + file: + path: /root/.ssh + state: directory + mode: '0700' + +- name: Add SSH public keys for root access + authorized_key: + user: root + key: "{{ item }}" + state: present + loop: "{{ ssh_public_keys }}" \ No newline at end of file diff --git a/roles/heimdall/tasks/main.yml b/roles/heimdall/tasks/main.yml new file mode 100644 index 0000000..34531cc --- /dev/null +++ b/roles/heimdall/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Create directory for Heimdall + file: + path: "{{ heimdall.config_dir }}" + state: directory + mode: '0755' + +- name: Run Heimdall container + docker_container: + name: heimdall + image: "{{ heimdall.image }}" + state: started + restart_policy: unless-stopped + ports: + - "{{ heimdall.port }}" + volumes: + - "{{ heimdall.config_dir }}:/config" + env: + PUID: "{{ heimdall.user_id }}" + PGID: "{{ heimdall.group_id }}" + TZ: "{{ heimdall.timezone }}" \ No newline at end of file diff --git a/roles/npm/tasks/main.yml b/roles/npm/tasks/main.yml new file mode 100644 index 0000000..5b9bda5 --- /dev/null +++ b/roles/npm/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Create directories for NPM + file: + path: "{{ item }}" + state: directory + mode: '0755' + loop: + - "{{ npm.data_dir }}" + - "{{ npm.letsencrypt_dir }}" + +- name: Run NPM container + docker_container: + name: npm + image: "{{ npm.image }}" + state: started + restart_policy: unless-stopped + ports: "{{ npm.ports }}" + volumes: + - "{{ npm.data_dir }}:/data" + - "{{ npm.letsencrypt_dir }}:/etc/letsencrypt" \ No newline at end of file diff --git a/roles/proxmox_lxc/tasks/main.yml b/roles/proxmox_lxc/tasks/main.yml new file mode 100644 index 0000000..8944566 --- /dev/null +++ b/roles/proxmox_lxc/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Create Gateway LXC container + community.general.proxmox_lxc: + node: "{{ proxmox_node }}" + vmid: 221 + hostname: gateway + storage: "vmsystem" + cores: 1 + memory: 2048 + swap: 512 + rootfs: "vmsystem:5" + template: "ubuntu-24.04-standard_24.04-2_amd64.tar.zst" + password: "{{ proxmox_root_password }}" + net: + name: eth0 + bridge: vmbr0 + ip: 192.168.1.221/24 + gw: 192.168.1.1 + unprivileged: true + state: present \ No newline at end of file diff --git a/vault.yml b/vault.yml index e69de29..53b1d11 100644 --- a/vault.yml +++ b/vault.yml @@ -0,0 +1,69 @@ +$ANSIBLE_VAULT;1.1;AES256 +34323261373938353539616136396439663631363231666261613930626435353765353861633863 +6135303266383232623464613635393332656134623233360a316666636330653966393436393631 +31323530396261333466626433306538623830306162363565663932653735313061353161663833 +3730376164643663380a656536313630646363316162373036633965333663376338313965356664 +66303130323261616262633234343534373163663966346365616162616461623231626561383163 +39313636323139356234613438366161396164616165313735666461346466666231656137666537 +37633837633166393666663464643739303736633138343761373766306563376133346561326131 +33353563643637613436313039316132653036663462323563303238323964386662363631373231 +64663964663463303664353630353465653534633732346137336566303939613161326139383466 +32363837373361346565333164623166633361306530333137313162666237653865653538633831 +32613466353736343930653831386133343031383636356265633138353335373437373332666338 +61633233646439656432666532653764366662366463313634303961323364343763663163303766 +30303664623236393230376139623934663363353730306637616566316664646162663136633562 +64653237306239396533616432313035636530303265623631653233313434376266616565663030 +62623736373436336264616236333334393631386364316237366339386466656263653330383934 +30646631363563373733336431636437386464376631353336643832616430613539666634306234 +31613362393837643864613034373735303831373233363636613562353434393765393030393863 +64343136323337313963623763356136623034626335643565373931383962376232343939656639 +34303635333864366634336662653563663234303831353938373630333036636438333461333262 +61616534383865376232303734393431663333353033613932666438623131616532636335646331 +63316338623465373431356661613564333632663931313332336636626261656464313864393062 +34373631303933376532333062616533383765303535636535333937306236373931663061333266 +32616566613737383633356637653435646562636366353739363230653936306331346661643836 +63336630363866326138666531353364663731356131313434613261363539643633366566643961 +61313761333532353966356661363966336166343737633034363962613034383935613865656266 +36646262373432353762303834616664343132326138356464373438666138663163613738376564 +65633530376461306333366437656366356236616631306231346537636130633630396431333138 +32376430653439653733306432346264633861373130633636653830626431386439393765383835 +32333264626139623738336330326161343132386335306534653033653639353836663866653630 +34303161363334623636336333623565663765623131336662323861303261323939363936646363 +34383230623133303164373236316639656239393466623339613331323735353164396663366639 +62303131353633383838343735623163323731396463316434356436316661306336306462323731 +37393439623233663936616363333966326339386231353265616564323936323763653639636665 +31666439656633643531363733313539643965303439633362653965623761666366303339656161 +66626639326237336261656434333863393064336466356662386534623261633739646634383734 +64643762623361636431343337616636393132366565303965653634613062376661373665316261 +33613730363963633436653439303639656263303336336261393532323736616438666362386331 +37343762656133633761653835363831613964346330343831373534623561336338643637363330 +62666132376635666539626361323834636332303866376561653531643731323739393466653735 +31346135366139616663653235363562626164623466393430353237383462376633326535306664 +39346131633632373363616162373037363266333265346232363666353234336635393733303734 +39666566643935623766353265623863626637663666343732303462306136376165373031303666 +32316665383335393763393062653366613336643638323337646433666432323533366261386464 +34323432386636623835646231323238613166383563623265326633636638306161356261393030 +31633064363637366561343364616262303237376361373565373061666637333066653933663935 +36663031656162663132623566393166613465333434613030623162643561663739626333366432 +38373536623361613466343363643531613239323038633531643561663235313836636635656631 +31353966373166386161623134373363663335323239643565366436646462323938646133363561 +61386566346638616264353866393261663165346562636331363534336532366532363062343366 +30396239383632323430616463393338623438396464316639373133346138323766306130396130 +63376563666666386234623937626136373665383162386263313935366362326632343636353831 +38643739363838653464633339316631623732353562666539353632363165366165396238393436 +39666265663337613433353035643334336234313534663535346166366335653436373263363137 +32663666323032396461346330666630353239313639336263363063643139383236343736316439 +35333431643664336630623732396663383634356333646134393931313466396466393330373762 +37316663323138656130626166323362643961323131306335366438616431353861333462346138 +65333038346434363130373761393164663134613432363232343535663434306165376262386130 +63613365313433333431663566643434373330663232376362323238323337343936313263323730 +36633436393062656136636565303063643738366131666166363630303734626337643463643836 +65333337373033363235333238653638336534653538393861613531643230343836323663303365 +30643364376363316139653336323462333364336233646234313838343531646233366636616362 +62613437363437363338303764613963373064626464653136353437366534343639356433643739 +37326130323530343839376163316234636236343636383963616537623932643236333136623739 +30383134636665343036306231306537643166323734623936666537663039333336346639366633 +37353061613665303433326438386663303061346235306361643030366262643763656432623339 +38613838393931376630313665643662633230313130643530636161633364313563316364313639 +65313463306664333464383566343431366433373830366139356233643537393133613639383338 +31333330626461383261343863666364653436303433616331383131646139636331396263346230 \ No newline at end of file