diff --git a/.gitignore b/.gitignore index bb1b570..fd3f0ad 100644 --- a/.gitignore +++ b/.gitignore @@ -1,16 +1,17 @@ -# Ignore inventory file. This are Submodules -inventory/ - -# Ignore .secret files.... you know, there secret... -*.secret -.vault-* - -# Ignore Caching +# General Files +.vscode cache/ -# Ignore Testplaybook -playbooks/global/testserver.yml +# Ansible Files +ansible/inventory/ +*.secret +ansible/.vault-* +ansible/.ansible -# Ignore unneccessary Files -.vscode -.ansible \ No newline at end of file +# Packer Files +packer/credentials.pkr.hcl + +# OpenTofu Files +opentofu/.terraform/ +opentofu/.terraform.lock.hcl +opentofu/terraform.tfstate \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg index a8aaf6b..47a0ea0 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,5 @@ [defaults] -inventory = ./inventory/ +inventory = ./ansible/inventory/ host_key_checking = False retry_files_enabled = False private_key_file = ~/.ssh/ansible_key @@ -11,7 +11,7 @@ fact_caching_connection = ./cache fact_caching_timeout = 86400 # Rollen-Pfade -roles_path = ./roles/ +roles_path = ./ansible/roles/ # Vault-Einstellungen vault_password_file = ./vault.secret diff --git a/.ansible-lint b/ansible/.ansible-lint similarity index 100% rename from .ansible-lint rename to ansible/.ansible-lint diff --git a/README.md b/ansible/README.md similarity index 100% rename from README.md rename to ansible/README.md diff --git a/playbooks/heyer.systems/all.yml b/ansible/playbooks/heyer.systems/all.yml similarity index 100% rename from playbooks/heyer.systems/all.yml rename to ansible/playbooks/heyer.systems/all.yml diff --git a/playbooks/heyer.systems/build_debian-minimal-image.yml b/ansible/playbooks/heyer.systems/build_debian-minimal-image.yml similarity index 100% rename from playbooks/heyer.systems/build_debian-minimal-image.yml rename to ansible/playbooks/heyer.systems/build_debian-minimal-image.yml diff --git a/playbooks/heyer.systems/calibre.yml b/ansible/playbooks/heyer.systems/calibre.yml similarity index 100% rename from playbooks/heyer.systems/calibre.yml rename to ansible/playbooks/heyer.systems/calibre.yml diff --git a/playbooks/heyer.systems/docker1.yml b/ansible/playbooks/heyer.systems/docker1.yml similarity index 70% rename from playbooks/heyer.systems/docker1.yml rename to ansible/playbooks/heyer.systems/docker1.yml index f88570b..4e7f905 100644 --- a/playbooks/heyer.systems/docker1.yml +++ b/ansible/playbooks/heyer.systems/docker1.yml @@ -51,3 +51,23 @@ tags: - booklore - docker-container + + - role: deploy_container_grafana + tags: + - grafana + - docker-container + + - role: deploy_container_loki + tags: + - loki + - docker-container + - role: deploy_container_n8n + tags: + - n8n + - docker-container + - role: deploy_container_authelia + tags: + - authelia + - sso + - auth + - docker-container \ No newline at end of file diff --git a/playbooks/heyer.systems/minecraft.yml b/ansible/playbooks/heyer.systems/minecraft.yml similarity index 100% rename from playbooks/heyer.systems/minecraft.yml rename to ansible/playbooks/heyer.systems/minecraft.yml diff --git a/playbooks/heyer.systems/pihole.yml b/ansible/playbooks/heyer.systems/pihole.yml similarity index 100% rename from playbooks/heyer.systems/pihole.yml rename to ansible/playbooks/heyer.systems/pihole.yml diff --git a/playbooks/heyer.systems/pve1.yml b/ansible/playbooks/heyer.systems/pve1.yml similarity index 100% rename from playbooks/heyer.systems/pve1.yml rename to ansible/playbooks/heyer.systems/pve1.yml diff --git a/playbooks/heyer.systems/pve2.yml b/ansible/playbooks/heyer.systems/pve2.yml similarity index 100% rename from playbooks/heyer.systems/pve2.yml rename to ansible/playbooks/heyer.systems/pve2.yml diff --git a/playbooks/heyer.systems/pve3.yml b/ansible/playbooks/heyer.systems/pve3.yml similarity index 100% rename from playbooks/heyer.systems/pve3.yml rename to ansible/playbooks/heyer.systems/pve3.yml diff --git a/requirements.yml b/ansible/requirements.yml similarity index 100% rename from requirements.yml rename to ansible/requirements.yml diff --git a/roles/create_image_debian-minimal/.gitignore b/ansible/roles/create_image_debian-minimal/.gitignore similarity index 100% rename from roles/create_image_debian-minimal/.gitignore rename to ansible/roles/create_image_debian-minimal/.gitignore diff --git a/roles/create_image_debian-minimal/defaults/main.yml b/ansible/roles/create_image_debian-minimal/defaults/main.yml similarity index 100% rename from roles/create_image_debian-minimal/defaults/main.yml rename to ansible/roles/create_image_debian-minimal/defaults/main.yml diff --git a/roles/create_image_debian-minimal/handlers/main.yml b/ansible/roles/create_image_debian-minimal/handlers/main.yml similarity index 100% rename from roles/create_image_debian-minimal/handlers/main.yml rename to ansible/roles/create_image_debian-minimal/handlers/main.yml diff --git a/roles/create_image_debian-minimal/meta/main.yml b/ansible/roles/create_image_debian-minimal/meta/main.yml similarity index 100% rename from roles/create_image_debian-minimal/meta/main.yml rename to ansible/roles/create_image_debian-minimal/meta/main.yml diff --git a/roles/create_image_debian-minimal/tasks/main.yml b/ansible/roles/create_image_debian-minimal/tasks/main.yml similarity index 100% rename from roles/create_image_debian-minimal/tasks/main.yml rename to ansible/roles/create_image_debian-minimal/tasks/main.yml diff --git a/roles/create_image_debian-minimal/templates/debian_minimal.pkr.hcl.j2 b/ansible/roles/create_image_debian-minimal/templates/debian_minimal.pkr.hcl.j2 similarity index 100% rename from roles/create_image_debian-minimal/templates/debian_minimal.pkr.hcl.j2 rename to ansible/roles/create_image_debian-minimal/templates/debian_minimal.pkr.hcl.j2 diff --git a/roles/create_image_debian-minimal/templates/preseed.cfg.j2 b/ansible/roles/create_image_debian-minimal/templates/preseed.cfg.j2 similarity index 100% rename from roles/create_image_debian-minimal/templates/preseed.cfg.j2 rename to ansible/roles/create_image_debian-minimal/templates/preseed.cfg.j2 diff --git a/roles/create_image_debian-minimal/vars/main.yml b/ansible/roles/create_image_debian-minimal/vars/main.yml similarity index 100% rename from roles/create_image_debian-minimal/vars/main.yml rename to ansible/roles/create_image_debian-minimal/vars/main.yml diff --git a/ansible/roles/deploy_container_authelia/defaults/main.yml b/ansible/roles/deploy_container_authelia/defaults/main.yml new file mode 100644 index 0000000..2e4ec6b --- /dev/null +++ b/ansible/roles/deploy_container_authelia/defaults/main.yml @@ -0,0 +1,114 @@ +############ +# Authelia # +############ + +# --------------------- +# General Configuration +# --------------------- +container_authelia_version: latest # Authelia container image tag/version +container_authelia_domain: authelia.example.com # Fully Qualified Domain Name (FQDN) for Authelia +container_authelia_theme: "dark" # dark, light or grey theme + +# --------------------- +# Server Settings +# --------------------- +container_authelia_server_port: 9091 # Port on which Authelia will listen + +# --------------------- +# Logging +# --------------------- +container_authelia_log_level: debug # Log level: trace, debug, info, warn, error +container_authelia_log_file_path: /var/log/authelia/authelia.log # Path to log file +container_authelia_log_keep_stdout: true # Also log to STDOUT (recommended for containers) + +# --------------------- +# Identity Validation / Password Reset +# --------------------- +container_authelia_elevated_session_2fa: true # Require 2FA for elevated sessions +container_authelia_jwt_lifespan: "5 minutes" # Expiration time for password reset links +container_authelia_jwt_secret: "nyt4JDvuhU6SGp7H0vaEs0rfGETjI26fRQPJZzwdWPuXsmHdAun2hryiJDyDPRuC" # docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric + +# --------------------- +# TOTP (Two-Factor Authentication) +# --------------------- +container_authelia_totp_disable: false # Disable TOTP (false = enabled) +container_authelia_totp_issuer: example.com # Issuer name shown in authenticator apps +container_authelia_totp_period: 30 # Time interval in seconds +container_authelia_totp_skew: 1 # Allowed time drift (in periods) + +# --------------------- +# Password Policy (Zxcvbn) +# --------------------- +container_authelia_zxcvbn_enabled: true # Enable password strength validation +container_authelia_zxcvbn_min_score: 4 # Minimum strength score (0–4) + +# --------------------- +# Authentication Backend (File-based) +# --------------------- +container_authelia_auth_file_path: /config/users.yml # Path to user configuration file +container_authelia_auth_algorithm: argon2 # Password hashing algorithm +container_authelia_auth_argon2_variant: argon2id +container_authelia_auth_argon2_iterations: 3 +container_authelia_auth_argon2_memory: 65535 +container_authelia_auth_argon2_parallelism: 4 +container_authelia_auth_argon2_key_length: 32 +container_authelia_auth_argon2_salt_length: 16 + +# --------------------- +# Access Control +# --------------------- +container_authelia_access_default_policy: deny # Default access policy (deny/one_factor/two_factor) +container_authelia_access_rules: + - domain: "traefik.example.com" + policy: "one_factor" + - domain: "whoami-secure.example.com" + policy: "two_factor" + +# --------------------- +# Session Configuration +# --------------------- +container_authelia_session_name: authelia_session # Name of the session cookie +container_authelia_session_key: "zB3d7gTWVbhB5jFQVkjtxfhVZ4aEaFwKHWNa81jjqSL7JgV5HmqOAULDhlJA0muI" # docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric +container_authelia_session_cookies: + - domain: "example.com" + authelia_url: "https://auth.example.com" + +# --------------------- +# Security Regulation (Brute Force Protection) +# --------------------- +container_authelia_regulation_max_retries: 4 # Max failed login attempts before ban +container_authelia_regulation_find_time: 120 # Time window to count failed attempts (in seconds) +container_authelia_regulation_ban_time: 300 # Ban duration after reaching retry limit (in seconds) + +# --------------------- +# Storage +# --------------------- + +container_authelia_storage_encryption_key: "B4g3XlMfiBJPUXqrZmxfE1CccUASi1r2Cxpr8q9QbmQ3Rvx1RDJvZ1J3DTqkR2a5" # docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric +container_authelia_storage_path: /config/db.sqlite3 # Path to SQLite storage file + +# --------------------- +# Notifications +# --------------------- +container_authelia_notifier_disable_startup_check: false # Disable notifier startup check (recommended: false) +container_authelia_notifier_file: /config/notification.txt # File path used for file-based notifications + +# --------------------- +# User Configuration (for file-based backend) +# --------------------- +# !! SECURITY WARNING !!: +# Passwords must always be hashed (argon2, bcrypt, sha512, etc.). +# Never store plain-text passwords in production. +# Use this guide to generate secure hashes: +# https://www.authelia.com/reference/guides/passwords/#passwords + +container_authelia_users: + - username: authelia + displayname: 'Authelia User' + # docker run --rm -it authelia/authelia:latest authelia crypto hash generate argon2 + # !! Replace the password with a secure hashed password + password: '$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/' + email: 'authelia@authelia.com' + groups: + - 'admin' + - 'dev' diff --git a/roles/server_install_cronjobs/files/.gitkeep b/ansible/roles/deploy_container_authelia/files/.gitkeep similarity index 100% rename from roles/server_install_cronjobs/files/.gitkeep rename to ansible/roles/deploy_container_authelia/files/.gitkeep diff --git a/roles/deploy_container_booklore/handlers/main.yml b/ansible/roles/deploy_container_authelia/handlers/main.yml similarity index 100% rename from roles/deploy_container_booklore/handlers/main.yml rename to ansible/roles/deploy_container_authelia/handlers/main.yml diff --git a/roles/deploy_container_booklore/meta/main.yml b/ansible/roles/deploy_container_authelia/meta/main.yml similarity index 100% rename from roles/deploy_container_booklore/meta/main.yml rename to ansible/roles/deploy_container_authelia/meta/main.yml diff --git a/ansible/roles/deploy_container_authelia/tasks/main.yml b/ansible/roles/deploy_container_authelia/tasks/main.yml new file mode 100644 index 0000000..1d9f9e5 --- /dev/null +++ b/ansible/roles/deploy_container_authelia/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_base_dir }}/data/{{ item }}" + state: directory + mode: '0755' + loop: + - "secrets" + - "config" + - "logs" + become: false + +- name: Ensure authelia.log file exists + ansible.builtin.file: + path: "{{ container_base_dir }}/data/logs/authelia.log" + state: touch + mode: '0644' + become: false + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + - { src: 'users.yml.j2', dest: 'data/config/users.yml' } + - { src: 'configuration.yml.j2', dest: 'data/config/configuration.yml' } + become: false + +- name: Stop Container + community.docker.docker_compose_v2: + project_src: "{{ container_base_dir }}" + state: absent + docker_host: "unix:///run/user/1000/docker.sock" + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_base_dir }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/ansible/roles/deploy_container_authelia/templates/.env.j2 b/ansible/roles/deploy_container_authelia/templates/.env.j2 new file mode 100644 index 0000000..f3446ab --- /dev/null +++ b/ansible/roles/deploy_container_authelia/templates/.env.j2 @@ -0,0 +1,2 @@ +AUTHELIA_VERSION={{ container_authelia_version }} +AUTHELIA_DOMAIN={{ container_authelia_domain }} \ No newline at end of file diff --git a/ansible/roles/deploy_container_authelia/templates/configuration.yml.j2 b/ansible/roles/deploy_container_authelia/templates/configuration.yml.j2 new file mode 100644 index 0000000..a151962 --- /dev/null +++ b/ansible/roles/deploy_container_authelia/templates/configuration.yml.j2 @@ -0,0 +1,74 @@ +server: + address: 'tcp4://:{{ container_authelia_server_port | default(9091) }}' + +theme: {{ container_authelia_theme }} + +log: + level: {{ container_authelia_log_level | default('debug') }} + file_path: '{{ container_authelia_log_file_path | default("/var/log/authelia/authelia.log") }}' + keep_stdout: {{ container_authelia_log_keep_stdout | default(true) }} + +identity_validation: + elevated_session: + require_second_factor: {{ container_authelia_elevated_session_2fa | default(true) }} + reset_password: + jwt_lifespan: '{{ container_authelia_jwt_lifespan | default("5 minutes") }}' + jwt_secret: {{ container_authelia_jwt_secret }} + +totp: + disable: {{ container_authelia_totp_disable | default(false) }} + issuer: '{{ container_authelia_totp_issuer | default("example.com") }}' + period: {{ container_authelia_totp_period | default(30) }} + skew: {{ container_authelia_totp_skew | default(1) }} + +password_policy: + zxcvbn: + enabled: {{ container_authelia_zxcvbn_enabled | default(true) }} + min_score: {{ container_authelia_zxcvbn_min_score | default(4) }} + +authentication_backend: + file: + path: '{{ container_authelia_auth_file_path | default("/config/users.yml") }}' + password: + algorithm: '{{ container_authelia_auth_algorithm | default("argon2") }}' + argon2: + variant: '{{ container_authelia_auth_argon2_variant | default("argon2id") }}' + iterations: {{ container_authelia_auth_argon2_iterations | default(3) }} + memory: {{ container_authelia_auth_argon2_memory | default(65535) }} + parallelism: {{ container_authelia_auth_argon2_parallelism | default(4) }} + key_length: {{ container_authelia_auth_argon2_key_length | default(32) }} + salt_length: {{ container_authelia_auth_argon2_salt_length | default(16) }} + +access_control: + default_policy: '{{ container_authelia_access_default_policy | default("deny") }}' + rules: +{% for rule in container_authelia_access_rules %} + - domain: '{{ rule.domain }}' + policy: '{{ rule.policy }}' +{% endfor %} + +session: + name: '{{ container_authelia_session_name | default("authelia_session") }}' + secret: {{ container_authelia_session_key }} + + cookies: +{% for cookie in container_authelia_session_cookies %} + - domain: '{{ cookie.domain }}' + authelia_url: '{{ cookie.authelia_url }}' +{% endfor %} + +regulation: + max_retries: {{ container_authelia_regulation_max_retries | default(4) }} + find_time: {{ container_authelia_regulation_find_time | default(120) }} + ban_time: {{ container_authelia_regulation_ban_time | default(300) }} + +storage: + encryption_key: {{ container_authelia_storage_encryption_key }} + + local: + path: '{{ container_authelia_storage_path | default("/config/db.sqlite3") }}' + +notifier: + disable_startup_check: {{ container_authelia_notifier_disable_startup_check | default(false) }} + filesystem: + filename: '{{ container_authelia_notifier_file | default("/config/notification.txt") }}' diff --git a/ansible/roles/deploy_container_authelia/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_authelia/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..74a821a --- /dev/null +++ b/ansible/roles/deploy_container_authelia/templates/docker-compose.yml.j2 @@ -0,0 +1,34 @@ +--- +services: + authelia: + image: authelia/authelia:${AUTHELIA_VERSION} + container_name: authelia + volumes: + - './data/secrets:/secrets:ro' + - './data/config:/config' + - './data/logs/authelia.log:{{ container_authelia_log_file_path }}' + networks: + traefik: + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.authelia.entrypoints=http" + - "traefik.http.routers.authelia.rule=Host(`${AUTHELIA_DOMAIN:?error}`)" + - "traefik.http.middlewares.authelia-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.authelia.middlewares=authelia-https-redirect" + - "traefik.http.routers.authelia-secure.entrypoints=https" + - "traefik.http.routers.authelia-secure.rule=Host(`${AUTHELIA_DOMAIN:?error}`)" + - "traefik.http.routers.authelia-secure.tls=true" + - "traefik.http.routers.authelia-secure.service=authelia" + - "traefik.http.services.authelia.loadbalancer.server.port=9091" + # Authelia Middleware + - "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia:9091/api/authz/forward-auth" + - "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true" + - "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" + environment: + TZ: 'EUROPE/BERLIN' + X_AUTHELIA_CONFIG_FILTERS: 'template' + +networks: + traefik: + external: true \ No newline at end of file diff --git a/ansible/roles/deploy_container_authelia/templates/users.yml.j2 b/ansible/roles/deploy_container_authelia/templates/users.yml.j2 new file mode 100644 index 0000000..e30c185 --- /dev/null +++ b/ansible/roles/deploy_container_authelia/templates/users.yml.j2 @@ -0,0 +1,11 @@ +users: +{% for user in container_authelia_users %} + {{ user.username }}: + displayname: '{{ user.displayname }}' + password: '{{ user.password }}' + email: '{{ user.email }}' + groups: +{% for group in user.groups %} + - '{{ group }}' +{% endfor %} +{% endfor %} \ No newline at end of file diff --git a/ansible/roles/deploy_container_authelia/vars/main.yml b/ansible/roles/deploy_container_authelia/vars/main.yml new file mode 100644 index 0000000..750dfc7 --- /dev/null +++ b/ansible/roles/deploy_container_authelia/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/authelia \ No newline at end of file diff --git a/roles/deploy_container_booklore/defaults/main.yml b/ansible/roles/deploy_container_booklore/defaults/main.yml similarity index 82% rename from roles/deploy_container_booklore/defaults/main.yml rename to ansible/roles/deploy_container_booklore/defaults/main.yml index 7fa2ebe..7d018d1 100644 --- a/roles/deploy_container_booklore/defaults/main.yml +++ b/ansible/roles/deploy_container_booklore/defaults/main.yml @@ -1,6 +1,5 @@ container_booklore_version: latest container_booklore_domain: booklore.example.com -container_booklore_directory: /opt/docker/booklore container_booklore_db_root_password: super_duper_secret_root_password container_booklore_db_user: db_user container_booklore_db_password: super_secret_password \ No newline at end of file diff --git a/roles/deploy_container_booklore/vars/main.yml b/ansible/roles/deploy_container_booklore/handlers/main.yml similarity index 100% rename from roles/deploy_container_booklore/vars/main.yml rename to ansible/roles/deploy_container_booklore/handlers/main.yml diff --git a/roles/deploy_container_excalidraw/handlers/main.yml b/ansible/roles/deploy_container_booklore/meta/main.yml similarity index 100% rename from roles/deploy_container_excalidraw/handlers/main.yml rename to ansible/roles/deploy_container_booklore/meta/main.yml diff --git a/roles/deploy_container_booklore/tasks/main.yml b/ansible/roles/deploy_container_booklore/tasks/main.yml similarity index 75% rename from roles/deploy_container_booklore/tasks/main.yml rename to ansible/roles/deploy_container_booklore/tasks/main.yml index d013145..866a273 100644 --- a/roles/deploy_container_booklore/tasks/main.yml +++ b/ansible/roles/deploy_container_booklore/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Ensure data directories exist ansible.builtin.file: - path: "{{ container_booklore_directory }}/data/{{ item }}" + path: "{{ container_base_dir }}/data/{{ item }}" state: directory mode: '0755' loop: @@ -13,7 +13,7 @@ - name: Deploy Docker Compose and .env files ansible.builtin.template: src: "{{ item.src }}" - dest: "{{ container_booklore_directory }}/{{ item.dest }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" mode: '0644' loop: - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } @@ -22,7 +22,7 @@ - name: Start Container community.docker.docker_compose_v2: - project_src: "{{ container_booklore_directory }}" + project_src: "{{ container_base_dir }}" pull: always docker_host: "unix:///run/user/1000/docker.sock" become: false diff --git a/roles/deploy_container_booklore/templates/.env.j2 b/ansible/roles/deploy_container_booklore/templates/.env.j2 similarity index 100% rename from roles/deploy_container_booklore/templates/.env.j2 rename to ansible/roles/deploy_container_booklore/templates/.env.j2 diff --git a/roles/deploy_container_booklore/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_booklore/templates/docker-compose.yml.j2 similarity index 100% rename from roles/deploy_container_booklore/templates/docker-compose.yml.j2 rename to ansible/roles/deploy_container_booklore/templates/docker-compose.yml.j2 diff --git a/ansible/roles/deploy_container_booklore/vars/main.yml b/ansible/roles/deploy_container_booklore/vars/main.yml new file mode 100644 index 0000000..481a422 --- /dev/null +++ b/ansible/roles/deploy_container_booklore/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/booklore \ No newline at end of file diff --git a/roles/deploy_container_excalidraw/defaults/main.yml b/ansible/roles/deploy_container_excalidraw/defaults/main.yml similarity index 61% rename from roles/deploy_container_excalidraw/defaults/main.yml rename to ansible/roles/deploy_container_excalidraw/defaults/main.yml index 676cfd8..d082569 100644 --- a/roles/deploy_container_excalidraw/defaults/main.yml +++ b/ansible/roles/deploy_container_excalidraw/defaults/main.yml @@ -1,3 +1,2 @@ container_excalidraw_version: latest container_excalidraw_domain: excalidraw.example.com -container_excalidraw_directory: /opt/docker/excalidraw diff --git a/roles/deploy_container_excalidraw/meta/main.yml b/ansible/roles/deploy_container_excalidraw/handlers/main.yml similarity index 100% rename from roles/deploy_container_excalidraw/meta/main.yml rename to ansible/roles/deploy_container_excalidraw/handlers/main.yml diff --git a/roles/deploy_container_excalidraw/vars/main.yml b/ansible/roles/deploy_container_excalidraw/meta/main.yml similarity index 100% rename from roles/deploy_container_excalidraw/vars/main.yml rename to ansible/roles/deploy_container_excalidraw/meta/main.yml diff --git a/roles/deploy_container_excalidraw/tasks/main.yml b/ansible/roles/deploy_container_excalidraw/tasks/main.yml similarity index 74% rename from roles/deploy_container_excalidraw/tasks/main.yml rename to ansible/roles/deploy_container_excalidraw/tasks/main.yml index 1b1cbe9..3c7ee29 100644 --- a/roles/deploy_container_excalidraw/tasks/main.yml +++ b/ansible/roles/deploy_container_excalidraw/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Ensure data directories exist ansible.builtin.file: - path: "{{ container_excalidraw_directory }}/data/{{ item }}" + path: "{{ container_base_dir }}/data/{{ item }}" state: directory mode: '0755' loop: @@ -11,7 +11,7 @@ - name: Create neccessary Files ansible.builtin.file: - path: "{{ traefik_container_dir }}/data/{{ item }}" + path: "{{ container_base_dir }}/data/{{ item }}" state: touch mode: '0644' loop: @@ -22,7 +22,7 @@ - name: Deploy Docker Compose and .env files ansible.builtin.template: src: "{{ item.src }}" - dest: "{{ container_excalidraw_directory }}/{{ item.dest }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" mode: '0644' loop: - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } @@ -31,7 +31,7 @@ - name: Start Container community.docker.docker_compose_v2: - project_src: "{{ container_excalidraw_directory }}" + project_src: "{{ container_base_dir }}" pull: always docker_host: "unix:///run/user/1000/docker.sock" become: false diff --git a/roles/deploy_container_excalidraw/templates/.env.j2 b/ansible/roles/deploy_container_excalidraw/templates/.env.j2 similarity index 100% rename from roles/deploy_container_excalidraw/templates/.env.j2 rename to ansible/roles/deploy_container_excalidraw/templates/.env.j2 diff --git a/roles/deploy_container_excalidraw/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_excalidraw/templates/docker-compose.yml.j2 similarity index 100% rename from roles/deploy_container_excalidraw/templates/docker-compose.yml.j2 rename to ansible/roles/deploy_container_excalidraw/templates/docker-compose.yml.j2 diff --git a/ansible/roles/deploy_container_excalidraw/vars/main.yml b/ansible/roles/deploy_container_excalidraw/vars/main.yml new file mode 100644 index 0000000..b2b338b --- /dev/null +++ b/ansible/roles/deploy_container_excalidraw/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/excalidraw \ No newline at end of file diff --git a/ansible/roles/deploy_container_grafana/defaults/main.yml b/ansible/roles/deploy_container_grafana/defaults/main.yml new file mode 100644 index 0000000..b15432e --- /dev/null +++ b/ansible/roles/deploy_container_grafana/defaults/main.yml @@ -0,0 +1,3 @@ +--- +container_grafana_version: latest +container_grafana_domain: grafana.example.com \ No newline at end of file diff --git a/roles/server_install_cronjobs/templates/.gitkeep b/ansible/roles/deploy_container_grafana/files/.gitkeep similarity index 100% rename from roles/server_install_cronjobs/templates/.gitkeep rename to ansible/roles/deploy_container_grafana/files/.gitkeep diff --git a/roles/deploy_container_homepage/handlers/main.yml b/ansible/roles/deploy_container_grafana/handlers/main.yml similarity index 100% rename from roles/deploy_container_homepage/handlers/main.yml rename to ansible/roles/deploy_container_grafana/handlers/main.yml diff --git a/roles/deploy_container_homepage/meta/main.yml b/ansible/roles/deploy_container_grafana/meta/main.yml similarity index 100% rename from roles/deploy_container_homepage/meta/main.yml rename to ansible/roles/deploy_container_grafana/meta/main.yml diff --git a/roles/deploy_container_wishlist/tasks/main.yml b/ansible/roles/deploy_container_grafana/tasks/main.yml similarity index 75% rename from roles/deploy_container_wishlist/tasks/main.yml rename to ansible/roles/deploy_container_grafana/tasks/main.yml index c2836bb..67b1701 100644 --- a/roles/deploy_container_wishlist/tasks/main.yml +++ b/ansible/roles/deploy_container_grafana/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Ensure data directories exist ansible.builtin.file: - path: "{{ container_wishlist_directory }}/data" + path: "{{ container_base_dir }}/" state: directory mode: '0755' become: false @@ -9,7 +9,7 @@ - name: Deploy Docker Compose and .env files ansible.builtin.template: src: "{{ item.src }}" - dest: "{{ container_wishlist_directory }}/{{ item.dest }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" mode: '0644' loop: - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } @@ -18,7 +18,7 @@ - name: Start Container community.docker.docker_compose_v2: - project_src: "{{ container_wishlist_directory }}" + project_src: "{{ container_base_dir }}" pull: always docker_host: "unix:///run/user/1000/docker.sock" become: false diff --git a/ansible/roles/deploy_container_grafana/templates/.env.j2 b/ansible/roles/deploy_container_grafana/templates/.env.j2 new file mode 100644 index 0000000..090a73b --- /dev/null +++ b/ansible/roles/deploy_container_grafana/templates/.env.j2 @@ -0,0 +1,2 @@ +GRAFANA_VERSION={{ container_grafana_version }} +GRAFANA_DOMAIN={{ container_grafana_domain }} \ No newline at end of file diff --git a/ansible/roles/deploy_container_grafana/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_grafana/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..a3395eb --- /dev/null +++ b/ansible/roles/deploy_container_grafana/templates/docker-compose.yml.j2 @@ -0,0 +1,32 @@ +--- +services: + grafana: + image: grafana/grafana:${GRAFANA_VERSION} + container_name: grafana + restart: unless-stopped + networks: + traefik: + volumes: + - 'grafana_storage:/var/lib/grafana' + environment: + - GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}/ + - GF_PLUGINS_PREINSTALL=grafana-clock-panel + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.grafana.entrypoints=http" + - "traefik.http.routers.grafana.rule=Host(`${GRAFANA_DOMAIN}`)" + - "traefik.http.middlewares.grafana-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.grafana.middlewares=grafana-https-redirect" + - "traefik.http.routers.grafana-secure.entrypoints=https" + - "traefik.http.routers.grafana-secure.rule=Host(`${GRAFANA_DOMAIN}`)" + - "traefik.http.routers.grafana-secure.tls=true" + - "traefik.http.routers.grafana-secure.service=grafana" + - "traefik.http.services.grafana.loadbalancer.server.port=3000" + +volumes: + grafana_storage: {} + +networks: + traefik: + external: true \ No newline at end of file diff --git a/ansible/roles/deploy_container_grafana/vars/main.yml b/ansible/roles/deploy_container_grafana/vars/main.yml new file mode 100644 index 0000000..f1efe20 --- /dev/null +++ b/ansible/roles/deploy_container_grafana/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/grafana \ No newline at end of file diff --git a/roles/deploy_container_homepage/README.md b/ansible/roles/deploy_container_homepage/README.md similarity index 100% rename from roles/deploy_container_homepage/README.md rename to ansible/roles/deploy_container_homepage/README.md diff --git a/roles/deploy_container_homepage/defaults/main.yml b/ansible/roles/deploy_container_homepage/defaults/main.yml similarity index 95% rename from roles/deploy_container_homepage/defaults/main.yml rename to ansible/roles/deploy_container_homepage/defaults/main.yml index 0e0f29d..ca2f032 100644 --- a/roles/deploy_container_homepage/defaults/main.yml +++ b/ansible/roles/deploy_container_homepage/defaults/main.yml @@ -1,6 +1,5 @@ container_homepage_version: latest container_homepage_domain: dashboard.example.com -container_homepage_directory: /opt/docker/homepage container_homepage_config_files: - src: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/container_homepage_config_files/bookmarks.yaml" dest: "bookmarks.yaml" diff --git a/roles/deploy_container_homepage/files/bookmarks.yaml b/ansible/roles/deploy_container_homepage/files/bookmarks.yaml similarity index 100% rename from roles/deploy_container_homepage/files/bookmarks.yaml rename to ansible/roles/deploy_container_homepage/files/bookmarks.yaml diff --git a/roles/deploy_container_homepage/files/custom.css b/ansible/roles/deploy_container_homepage/files/custom.css similarity index 100% rename from roles/deploy_container_homepage/files/custom.css rename to ansible/roles/deploy_container_homepage/files/custom.css diff --git a/roles/deploy_container_homepage/files/custom.js b/ansible/roles/deploy_container_homepage/files/custom.js similarity index 100% rename from roles/deploy_container_homepage/files/custom.js rename to ansible/roles/deploy_container_homepage/files/custom.js diff --git a/roles/deploy_container_homepage/files/docker.yaml b/ansible/roles/deploy_container_homepage/files/docker.yaml similarity index 100% rename from roles/deploy_container_homepage/files/docker.yaml rename to ansible/roles/deploy_container_homepage/files/docker.yaml diff --git a/roles/deploy_container_homepage/files/kubernetes.yaml b/ansible/roles/deploy_container_homepage/files/kubernetes.yaml similarity index 100% rename from roles/deploy_container_homepage/files/kubernetes.yaml rename to ansible/roles/deploy_container_homepage/files/kubernetes.yaml diff --git a/roles/deploy_container_homepage/files/proxmox.yaml b/ansible/roles/deploy_container_homepage/files/proxmox.yaml similarity index 100% rename from roles/deploy_container_homepage/files/proxmox.yaml rename to ansible/roles/deploy_container_homepage/files/proxmox.yaml diff --git a/roles/deploy_container_homepage/files/services.yaml b/ansible/roles/deploy_container_homepage/files/services.yaml similarity index 100% rename from roles/deploy_container_homepage/files/services.yaml rename to ansible/roles/deploy_container_homepage/files/services.yaml diff --git a/roles/deploy_container_homepage/files/settings.yaml b/ansible/roles/deploy_container_homepage/files/settings.yaml similarity index 100% rename from roles/deploy_container_homepage/files/settings.yaml rename to ansible/roles/deploy_container_homepage/files/settings.yaml diff --git a/roles/deploy_container_homepage/files/widgets.yaml b/ansible/roles/deploy_container_homepage/files/widgets.yaml similarity index 100% rename from roles/deploy_container_homepage/files/widgets.yaml rename to ansible/roles/deploy_container_homepage/files/widgets.yaml diff --git a/roles/deploy_container_homepage/vars/main.yml b/ansible/roles/deploy_container_homepage/handlers/main.yml similarity index 100% rename from roles/deploy_container_homepage/vars/main.yml rename to ansible/roles/deploy_container_homepage/handlers/main.yml diff --git a/roles/deploy_container_koito/handlers/main.yml b/ansible/roles/deploy_container_homepage/meta/main.yml similarity index 100% rename from roles/deploy_container_koito/handlers/main.yml rename to ansible/roles/deploy_container_homepage/meta/main.yml diff --git a/roles/deploy_container_homepage/tasks/main.yml b/ansible/roles/deploy_container_homepage/tasks/main.yml similarity index 73% rename from roles/deploy_container_homepage/tasks/main.yml rename to ansible/roles/deploy_container_homepage/tasks/main.yml index 290c0ff..18a2b23 100644 --- a/roles/deploy_container_homepage/tasks/main.yml +++ b/ansible/roles/deploy_container_homepage/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Ensure data directories exist ansible.builtin.file: - path: "{{ container_homepage_directory }}/data/{{ item }}" + path: "{{ container_base_dir }}/data/{{ item }}" state: directory mode: '0755' loop: @@ -11,7 +11,7 @@ - name: Deploy Docker Compose and .env files ansible.builtin.template: src: "{{ item.src }}" - dest: "{{ container_homepage_directory }}/{{ item.dest }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" mode: '0644' loop: - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } @@ -21,14 +21,14 @@ - name: Deploy tenant-specific config files ansible.builtin.copy: src: "{{ item.src }}" - dest: "{{ container_homepage_directory }}/data/config/{{ item.dest }}" + dest: "{{ container_base_dir }}/data/config/{{ item.dest }}" mode: '0644' loop: "{{ container_homepage_config_files }}" become: false - name: Start Container community.docker.docker_compose_v2: - project_src: "{{ container_homepage_directory }}" + project_src: "{{ container_base_dir }}" pull: always docker_host: "unix:///run/user/1000/docker.sock" become: false diff --git a/roles/deploy_container_homepage/templates/.env.j2 b/ansible/roles/deploy_container_homepage/templates/.env.j2 similarity index 100% rename from roles/deploy_container_homepage/templates/.env.j2 rename to ansible/roles/deploy_container_homepage/templates/.env.j2 diff --git a/roles/deploy_container_homepage/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_homepage/templates/docker-compose.yml.j2 similarity index 100% rename from roles/deploy_container_homepage/templates/docker-compose.yml.j2 rename to ansible/roles/deploy_container_homepage/templates/docker-compose.yml.j2 diff --git a/ansible/roles/deploy_container_homepage/vars/main.yml b/ansible/roles/deploy_container_homepage/vars/main.yml new file mode 100644 index 0000000..57f4996 --- /dev/null +++ b/ansible/roles/deploy_container_homepage/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/homepage \ No newline at end of file diff --git a/roles/deploy_container_koito/defaults/main.yml b/ansible/roles/deploy_container_koito/defaults/main.yml similarity index 74% rename from roles/deploy_container_koito/defaults/main.yml rename to ansible/roles/deploy_container_koito/defaults/main.yml index 18796d0..0d1105c 100644 --- a/roles/deploy_container_koito/defaults/main.yml +++ b/ansible/roles/deploy_container_koito/defaults/main.yml @@ -1,4 +1,3 @@ container_koito_version: latest container_koito_domain: music.heyer.systems -container_koito_directory: /opt/docker/koito container_koito_db_password: "super_secret_db_password" diff --git a/roles/deploy_container_koito/meta/main.yml b/ansible/roles/deploy_container_koito/handlers/main.yml similarity index 100% rename from roles/deploy_container_koito/meta/main.yml rename to ansible/roles/deploy_container_koito/handlers/main.yml diff --git a/roles/deploy_container_koito/vars/main.yml b/ansible/roles/deploy_container_koito/meta/main.yml similarity index 100% rename from roles/deploy_container_koito/vars/main.yml rename to ansible/roles/deploy_container_koito/meta/main.yml diff --git a/roles/deploy_container_koito/tasks/main.yml b/ansible/roles/deploy_container_koito/tasks/main.yml similarity index 76% rename from roles/deploy_container_koito/tasks/main.yml rename to ansible/roles/deploy_container_koito/tasks/main.yml index 3e2c4aa..b1c57ec 100644 --- a/roles/deploy_container_koito/tasks/main.yml +++ b/ansible/roles/deploy_container_koito/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Ensure data directories exist ansible.builtin.file: - path: "{{ container_koito_directory }}/data/{{ item }}" + path: "{{ container_base_dir }}/data/{{ item }}" state: directory mode: '0755' loop: @@ -12,7 +12,7 @@ - name: Deploy Docker Compose and .env files ansible.builtin.template: src: "{{ item.src }}" - dest: "{{ container_koito_directory }}/{{ item.dest }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" mode: '0644' loop: - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } @@ -21,7 +21,7 @@ - name: Start Container community.docker.docker_compose_v2: - project_src: "{{ container_koito_directory }}" + project_src: "{{ container_base_dir }}" pull: always docker_host: "unix:///run/user/1000/docker.sock" become: false diff --git a/roles/deploy_container_koito/templates/.env.j2 b/ansible/roles/deploy_container_koito/templates/.env.j2 similarity index 100% rename from roles/deploy_container_koito/templates/.env.j2 rename to ansible/roles/deploy_container_koito/templates/.env.j2 diff --git a/roles/deploy_container_koito/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_koito/templates/docker-compose.yml.j2 similarity index 100% rename from roles/deploy_container_koito/templates/docker-compose.yml.j2 rename to ansible/roles/deploy_container_koito/templates/docker-compose.yml.j2 diff --git a/ansible/roles/deploy_container_koito/vars/main.yml b/ansible/roles/deploy_container_koito/vars/main.yml new file mode 100644 index 0000000..e3a02ee --- /dev/null +++ b/ansible/roles/deploy_container_koito/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/koito \ No newline at end of file diff --git a/roles/deploy_container_lldap/defaults/main.yml b/ansible/roles/deploy_container_lldap/defaults/main.yml similarity index 80% rename from roles/deploy_container_lldap/defaults/main.yml rename to ansible/roles/deploy_container_lldap/defaults/main.yml index 908664e..f22771f 100644 --- a/roles/deploy_container_lldap/defaults/main.yml +++ b/ansible/roles/deploy_container_lldap/defaults/main.yml @@ -10,6 +10,3 @@ container_lldap_domain: "ldap.example.com" # Fully qualified domain na # LDAP admin user password container_lldap_ldap_user_pass: "adminPas$word" # Admin password (can be replaced by secret file) - -# Base directory for container data (e.g., for volumes, secrets) -container_lldap_directory: "/opt/docker/lldap" # Base directory on the host for LLDAP data diff --git a/roles/deploy_container_lldap/handlers/main.yml b/ansible/roles/deploy_container_lldap/handlers/main.yml similarity index 100% rename from roles/deploy_container_lldap/handlers/main.yml rename to ansible/roles/deploy_container_lldap/handlers/main.yml diff --git a/roles/deploy_container_lldap/meta/main.yml b/ansible/roles/deploy_container_lldap/meta/main.yml similarity index 100% rename from roles/deploy_container_lldap/meta/main.yml rename to ansible/roles/deploy_container_lldap/meta/main.yml diff --git a/roles/deploy_container_lldap/tasks/main.yml b/ansible/roles/deploy_container_lldap/tasks/main.yml similarity index 78% rename from roles/deploy_container_lldap/tasks/main.yml rename to ansible/roles/deploy_container_lldap/tasks/main.yml index 57b47f3..392412f 100644 --- a/roles/deploy_container_lldap/tasks/main.yml +++ b/ansible/roles/deploy_container_lldap/tasks/main.yml @@ -1,6 +1,6 @@ - name: Ensure data directories exist ansible.builtin.file: - path: "{{ container_lldap_directory }}/{{ item }}" + path: "{{ container_base_dir }}/{{ item }}" state: directory mode: '0755' loop: @@ -10,12 +10,12 @@ - name: Check if jwt_secret file exists ansible.builtin.stat: - path: "{{ container_lldap_directory }}/secrets/jwt_secret" + path: "{{ container_base_dir }}/secrets/jwt_secret" register: jwt_secret_stat - name: Check if key_seed file exists ansible.builtin.stat: - path: "{{ container_lldap_directory }}/secrets/key_seed" + path: "{{ container_base_dir }}/secrets/key_seed" register: key_seed_stat - name: Generate JWT secret if not exists @@ -33,7 +33,7 @@ - name: Copy JWT secret to host if generated ansible.builtin.copy: content: "{{ jwt_secret }}" - dest: "{{ container_lldap_directory }}/secrets/jwt_secret" + dest: "{{ container_base_dir }}/secrets/jwt_secret" mode: '0644' when: jwt_secret is defined become: false @@ -41,7 +41,7 @@ - name: Copy Key Seed to host if generated ansible.builtin.copy: content: "{{ key_seed }}" - dest: "{{ container_lldap_directory }}/secrets/key_seed" + dest: "{{ container_base_dir }}/secrets/key_seed" mode: '0644' when: key_seed is defined become: false @@ -49,14 +49,14 @@ - name: Write LDAP admin user password to file if not exists ansible.builtin.copy: content: "{{ container_lldap_ldap_user_pass }}" - dest: "{{ container_lldap_directory }}/secrets/ldap_user_pass" + dest: "{{ container_base_dir }}/secrets/ldap_user_pass" mode: '0644' become: false - name: Deploy Docker Compose and .env files ansible.builtin.template: src: "{{ item.src }}" - dest: "{{ container_lldap_directory }}/{{ item.dest }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" mode: '0644' loop: - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } @@ -65,7 +65,7 @@ - name: Start Container community.docker.docker_compose_v2: - project_src: "{{ container_lldap_directory }}" + project_src: "{{ container_base_dir }}" pull: always docker_host: "unix:///run/user/1000/docker.sock" become: false diff --git a/roles/deploy_container_lldap/templates/.env.j2 b/ansible/roles/deploy_container_lldap/templates/.env.j2 similarity index 100% rename from roles/deploy_container_lldap/templates/.env.j2 rename to ansible/roles/deploy_container_lldap/templates/.env.j2 diff --git a/roles/deploy_container_lldap/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_lldap/templates/docker-compose.yml.j2 similarity index 100% rename from roles/deploy_container_lldap/templates/docker-compose.yml.j2 rename to ansible/roles/deploy_container_lldap/templates/docker-compose.yml.j2 diff --git a/ansible/roles/deploy_container_lldap/vars/main.yml b/ansible/roles/deploy_container_lldap/vars/main.yml new file mode 100644 index 0000000..b233887 --- /dev/null +++ b/ansible/roles/deploy_container_lldap/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/lldap \ No newline at end of file diff --git a/ansible/roles/deploy_container_loki/defaults/main.yml b/ansible/roles/deploy_container_loki/defaults/main.yml new file mode 100644 index 0000000..12d0e5a --- /dev/null +++ b/ansible/roles/deploy_container_loki/defaults/main.yml @@ -0,0 +1,3 @@ +--- +container_loki_version: latest +container_loki_domain: loki.example.com \ No newline at end of file diff --git a/roles/server_install_syslog/files/.gitkeep b/ansible/roles/deploy_container_loki/files/.gitkeep similarity index 100% rename from roles/server_install_syslog/files/.gitkeep rename to ansible/roles/deploy_container_loki/files/.gitkeep diff --git a/roles/deploy_container_lldap/vars/main.yml b/ansible/roles/deploy_container_loki/handlers/main.yml similarity index 100% rename from roles/deploy_container_lldap/vars/main.yml rename to ansible/roles/deploy_container_loki/handlers/main.yml diff --git a/roles/deploy_container_traefik/handlers/main.yml b/ansible/roles/deploy_container_loki/meta/main.yml similarity index 100% rename from roles/deploy_container_traefik/handlers/main.yml rename to ansible/roles/deploy_container_loki/meta/main.yml diff --git a/ansible/roles/deploy_container_loki/tasks/main.yml b/ansible/roles/deploy_container_loki/tasks/main.yml new file mode 100644 index 0000000..9114bab --- /dev/null +++ b/ansible/roles/deploy_container_loki/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_base_dir }}/{{ item.dir }}" + state: directory + mode: '0755' + become: false + loop: + - {dir: "data"} + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + - { src: 'local-config.yaml.j2', dest: 'data/local-config.yaml' } + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_base_dir }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/ansible/roles/deploy_container_loki/templates/.env.j2 b/ansible/roles/deploy_container_loki/templates/.env.j2 new file mode 100644 index 0000000..3325330 --- /dev/null +++ b/ansible/roles/deploy_container_loki/templates/.env.j2 @@ -0,0 +1,2 @@ +LOKI_VERSION={{ container_loki_version }} +LOKI_DOMAIN={{ container_loki_domain }} \ No newline at end of file diff --git a/ansible/roles/deploy_container_loki/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_loki/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..a57687b --- /dev/null +++ b/ansible/roles/deploy_container_loki/templates/docker-compose.yml.j2 @@ -0,0 +1,26 @@ +--- +services: + loki: + image: grafana/loki:${LOKI_VERSION} + container_name: loki + networks: + traefik: + volumes: + - ./data/local-config.yaml:/etc/loki/local-config.yaml + command: -config.file=/etc/loki/local-config.yaml + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.loki.entrypoints=http" + - "traefik.http.routers.loki.rule=Host(`${LOKI_DOMAIN}`)" + - "traefik.http.middlewares.loki-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.loki.middlewares=loki-https-redirect" + - "traefik.http.routers.loki-secure.entrypoints=https" + - "traefik.http.routers.loki-secure.rule=Host(`${LOKI_DOMAIN}`)" + - "traefik.http.routers.loki-secure.tls=true" + - "traefik.http.routers.loki-secure.service=loki" + - "traefik.http.services.loki.loadbalancer.server.port=3100" + +networks: + traefik: + external: true \ No newline at end of file diff --git a/ansible/roles/deploy_container_loki/templates/local-config.yaml.j2 b/ansible/roles/deploy_container_loki/templates/local-config.yaml.j2 new file mode 100644 index 0000000..148efb1 --- /dev/null +++ b/ansible/roles/deploy_container_loki/templates/local-config.yaml.j2 @@ -0,0 +1,32 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + +common: + instance_addr: 0.0.0.0 + path_prefix: /loki + storage: + filesystem: + chunks_directory: /loki/chunks + rules_directory: /loki/rules + replication_factor: 1 + ring: + kvstore: + store: inmemory + +schema_config: + configs: + - from: 2020-10-24 + store: tsdb + object_store: filesystem + schema: v13 + index: + prefix: index_ + period: 24h + +ruler: + alertmanager_url: http://localhost:9093 + +analytics: + reporting_enabled: false \ No newline at end of file diff --git a/ansible/roles/deploy_container_loki/vars/main.yml b/ansible/roles/deploy_container_loki/vars/main.yml new file mode 100644 index 0000000..32f12fd --- /dev/null +++ b/ansible/roles/deploy_container_loki/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/loki \ No newline at end of file diff --git a/ansible/roles/deploy_container_n8n/defaults/main.yml b/ansible/roles/deploy_container_n8n/defaults/main.yml new file mode 100644 index 0000000..8a0a3e5 --- /dev/null +++ b/ansible/roles/deploy_container_n8n/defaults/main.yml @@ -0,0 +1,11 @@ +####### +# N8N # +####### +container_n8n_version: "latest" +container_n8n_postgres_version: "16" +container_n8n_domain: "n8n.example.com" +container_n8n_postgres_user: "changeUser" +container_n8n_postgres_password: "changePassword" +container_n8n_postgres_db: "n8n" +container_n8n_postgres_non_root_user: "changeUser" +container_n8n_postgres_non_root_password: "changePassword" \ No newline at end of file diff --git a/ansible/roles/deploy_container_n8n/files/init-data.sh b/ansible/roles/deploy_container_n8n/files/init-data.sh new file mode 100644 index 0000000..7f2e382 --- /dev/null +++ b/ansible/roles/deploy_container_n8n/files/init-data.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -e; + + +if [ -n "${POSTGRES_NON_ROOT_USER:-}" ] && [ -n "${POSTGRES_NON_ROOT_PASSWORD:-}" ]; then + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}'; + GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER}; + GRANT CREATE ON SCHEMA public TO ${POSTGRES_NON_ROOT_USER}; + EOSQL +else + echo "SETUP INFO: No Environment variables given!" +fi \ No newline at end of file diff --git a/roles/deploy_container_traefik/meta/main.yml b/ansible/roles/deploy_container_n8n/handlers/main.yml similarity index 100% rename from roles/deploy_container_traefik/meta/main.yml rename to ansible/roles/deploy_container_n8n/handlers/main.yml diff --git a/roles/deploy_container_wishlist/handlers/main.yml b/ansible/roles/deploy_container_n8n/meta/main.yml similarity index 100% rename from roles/deploy_container_wishlist/handlers/main.yml rename to ansible/roles/deploy_container_n8n/meta/main.yml diff --git a/ansible/roles/deploy_container_n8n/tasks/main.yml b/ansible/roles/deploy_container_n8n/tasks/main.yml new file mode 100644 index 0000000..cfb90ce --- /dev/null +++ b/ansible/roles/deploy_container_n8n/tasks/main.yml @@ -0,0 +1,33 @@ +--- +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_base_dir }}/data" + state: directory + mode: '0755' + become: false + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + become: false + +- name: Copy postgres init-data file + ansible.builtin.copy: + src: "{{ item.src }}" + dest: "{{ container_base_dir }}/data/{{ item.dest }}" + mode: '0644' + loop: + - { src: "init-data.sh", dest: "init-data.sh"} + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_base_dir }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/ansible/roles/deploy_container_n8n/templates/.env.j2 b/ansible/roles/deploy_container_n8n/templates/.env.j2 new file mode 100644 index 0000000..b1e494d --- /dev/null +++ b/ansible/roles/deploy_container_n8n/templates/.env.j2 @@ -0,0 +1,15 @@ +# N8N Version (Standard: latest) +N8N_VERSION={{ container_n8n_version | default('latest') }} + +# N8N PostgreSQL Version +N8N_POSTGRES_VERSION={{ container_n8n_postgres_version | default('16') }} + +# N8N Domain +N8N_DOMAIN={{ container_n8n_domain }} + +# N8N Database Config +N8N_POSTGRES_USER={{ container_n8n_postgres_user }} +N8N_POSTGRES_PASSWORD={{ container_n8n_postgres_password }} +N8N_POSTGRES_DB={{ container_n8n_postgres_db }} +N8N_POSTGRES_NON_ROOT_USER={{ container_n8n_postgres_non_root_user }} +N8N_POSTGRES_NON_ROOT_PASSWORD={{ container_n8n_postgres_non_root_password }} diff --git a/ansible/roles/deploy_container_n8n/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_n8n/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..6a4483a --- /dev/null +++ b/ansible/roles/deploy_container_n8n/templates/docker-compose.yml.j2 @@ -0,0 +1,76 @@ +--- +services: + postgres: + image: postgres:${N8N_POSTGRES_VERSION} + container_name: n8n-db + networks: + - n8n + restart: always + environment: + - POSTGRES_USER=${N8N_POSTGRES_USER} + - POSTGRES_PASSWORD=${N8N_POSTGRES_PASSWORD} + - POSTGRES_DB=${N8N_POSTGRES_DB} + - POSTGRES_NON_ROOT_USER=${N8N_POSTGRES_NON_ROOT_USER} + - POSTGRES_NON_ROOT_PASSWORD=${N8N_POSTGRES_NON_ROOT_PASSWORD} + volumes: + - db:/var/lib/postgresql/data + - ./data/init-data.sh:/docker-entrypoint-initdb.d/init-data.sh + healthcheck: + test: ['CMD-SHELL', 'pg_isready -h localhost -U ${N8N_POSTGRES_USER} -d ${N8N_POSTGRES_DB}'] + interval: 5s + timeout: 5s + retries: 10 + + n8n: + image: docker.n8n.io/n8nio/n8n:${N8N_VERSION} + restart: always + container_name: n8n + networks: + - traefik + - n8n + environment: + - DB_TYPE=postgresdb + - DB_POSTGRESDB_HOST=postgres + - DB_POSTGRESDB_PORT=5432 + - DB_POSTGRESDB_DATABASE=${N8N_POSTGRES_DB} + - DB_POSTGRESDB_USER=${N8N_POSTGRES_NON_ROOT_USER} + - DB_POSTGRESDB_PASSWORD=${N8N_POSTGRES_NON_ROOT_PASSWORD} + - N8N_RUNNERS_ENABLED=true + - N8N_HOST=${N8N_DOMAIN:?error} + - N8N_PORT=5678 + - N8N_PROTOCOL=https + - NODE_ENV=production + - N8N_TRUST_PROXY=true + - WEBHOOK_URL=https://${N8N_DOMAIN:?error} + - GENERIC_TIMEZONE=Europe/Berlin + - TZ=Europe/Berlin + links: + - postgres + volumes: + - data:/home/node/.n8n + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - "traefik.http.routers.n8n.entrypoints=http" + - "traefik.http.routers.n8n.rule=Host(`${N8N_DOMAIN:?error}`)" + - "traefik.http.middlewares.n8n-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.n8n.middlewares=n8n-https-redirect" + - "traefik.http.routers.n8n-secure.entrypoints=https" + - "traefik.http.routers.n8n-secure.rule=Host(`${N8N_DOMAIN:?error}`)" + - "traefik.http.routers.n8n-secure.tls=true" + - "traefik.http.routers.n8n-secure.service=n8n" + - "traefik.http.services.n8n.loadbalancer.server.port=5678" + + depends_on: + postgres: + condition: service_healthy + +networks: + traefik: + external: true + n8n: + driver: bridge + +volumes: + data: + db: \ No newline at end of file diff --git a/ansible/roles/deploy_container_n8n/vars/main.yml b/ansible/roles/deploy_container_n8n/vars/main.yml new file mode 100644 index 0000000..31a1553 --- /dev/null +++ b/ansible/roles/deploy_container_n8n/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/n8n \ No newline at end of file diff --git a/roles/deploy_container_traefik/defaults/main.yml b/ansible/roles/deploy_container_traefik/defaults/main.yml similarity index 95% rename from roles/deploy_container_traefik/defaults/main.yml rename to ansible/roles/deploy_container_traefik/defaults/main.yml index 1eea22b..d11f345 100644 --- a/roles/deploy_container_traefik/defaults/main.yml +++ b/ansible/roles/deploy_container_traefik/defaults/main.yml @@ -8,6 +8,7 @@ container_traefik_san_domains: - "example.org" container_traefik_cloudflare_mail: "your-email@example.com" container_traefik_cloudflare_token: "your-cloudflare-token" +container_traefik_auth: 'basic' # basic or sso container_traefik_basicauth_user: "admin" container_traefik_basicauth_password: "yourpassword" diff --git a/roles/deploy_container_wishlist/meta/main.yml b/ansible/roles/deploy_container_traefik/handlers/main.yml similarity index 100% rename from roles/deploy_container_wishlist/meta/main.yml rename to ansible/roles/deploy_container_traefik/handlers/main.yml diff --git a/roles/deploy_container_wishlist/vars/main.yml b/ansible/roles/deploy_container_traefik/meta/main.yml similarity index 100% rename from roles/deploy_container_wishlist/vars/main.yml rename to ansible/roles/deploy_container_traefik/meta/main.yml diff --git a/roles/deploy_container_traefik/tasks/main.yml b/ansible/roles/deploy_container_traefik/tasks/main.yml similarity index 100% rename from roles/deploy_container_traefik/tasks/main.yml rename to ansible/roles/deploy_container_traefik/tasks/main.yml diff --git a/roles/deploy_container_traefik/templates/.env.j2 b/ansible/roles/deploy_container_traefik/templates/.env.j2 similarity index 100% rename from roles/deploy_container_traefik/templates/.env.j2 rename to ansible/roles/deploy_container_traefik/templates/.env.j2 diff --git a/roles/deploy_container_traefik/templates/default.yml.j2 b/ansible/roles/deploy_container_traefik/templates/default.yml.j2 similarity index 100% rename from roles/deploy_container_traefik/templates/default.yml.j2 rename to ansible/roles/deploy_container_traefik/templates/default.yml.j2 diff --git a/roles/deploy_container_traefik/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_traefik/templates/docker-compose.yml.j2 similarity index 89% rename from roles/deploy_container_traefik/templates/docker-compose.yml.j2 rename to ansible/roles/deploy_container_traefik/templates/docker-compose.yml.j2 index 90a5f2c..bd0bb2b 100644 --- a/roles/deploy_container_traefik/templates/docker-compose.yml.j2 +++ b/ansible/roles/deploy_container_traefik/templates/docker-compose.yml.j2 @@ -28,8 +28,6 @@ services: - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.middlewares.basic-auth.basicauth.users=${TRAEFIK_BASICAUTH_USER}:${TRAEFIK_BASICAUTH_PASSWORD}" - - "traefik.http.routers.traefik-secure.middlewares=basic-auth" - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN}`)" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare" @@ -38,6 +36,12 @@ services: - "traefik.http.routers.traefik-secure.tls.domains[{{ loop.index0 }}].sans=*.{{ domain }}" {% endfor %} - "traefik.http.routers.traefik-secure.service=api@internal" +{% if container_traefik_auth == 'sso' %} + - "traefik.http.routers.traefik-secure.middlewares=authelia@docker" +{% elif container_traefik_auth == 'basic' or container_traefik_auth is not defined %} + - "traefik.http.routers.traefik-secure.middlewares=basic-auth" + - "traefik.http.middlewares.basic-auth.basicauth.users=${TRAEFIK_BASICAUTH_USER}:${TRAEFIK_BASICAUTH_PASSWORD}" +{% endif %} networks: traefik: diff --git a/roles/deploy_container_traefik/templates/hosts.yml.j2 b/ansible/roles/deploy_container_traefik/templates/hosts.yml.j2 similarity index 100% rename from roles/deploy_container_traefik/templates/hosts.yml.j2 rename to ansible/roles/deploy_container_traefik/templates/hosts.yml.j2 diff --git a/roles/deploy_container_traefik/templates/traefik.yml.j2 b/ansible/roles/deploy_container_traefik/templates/traefik.yml.j2 similarity index 100% rename from roles/deploy_container_traefik/templates/traefik.yml.j2 rename to ansible/roles/deploy_container_traefik/templates/traefik.yml.j2 diff --git a/roles/deploy_container_traefik/vars/main.yml b/ansible/roles/deploy_container_traefik/vars/main.yml similarity index 100% rename from roles/deploy_container_traefik/vars/main.yml rename to ansible/roles/deploy_container_traefik/vars/main.yml diff --git a/roles/deploy_container_wishlist/defaults/main.yml b/ansible/roles/deploy_container_wishlist/defaults/main.yml similarity index 96% rename from roles/deploy_container_wishlist/defaults/main.yml rename to ansible/roles/deploy_container_wishlist/defaults/main.yml index c846422..75729f2 100644 --- a/roles/deploy_container_wishlist/defaults/main.yml +++ b/ansible/roles/deploy_container_wishlist/defaults/main.yml @@ -1,6 +1,5 @@ container_wishlist_url: "wishlist.example.com" container_wishlist_version: "latest" -container_wishlist_directory: "/opt/docker/wishlist" container_wishlist_db_prefix: "dbs/" container_wishlist_db_log_file: "/dev/null" diff --git a/roles/server_install_cronjobs/handlers/main.yml b/ansible/roles/deploy_container_wishlist/handlers/main.yml similarity index 100% rename from roles/server_install_cronjobs/handlers/main.yml rename to ansible/roles/deploy_container_wishlist/handlers/main.yml diff --git a/roles/server_install_cronjobs/meta/main.yml b/ansible/roles/deploy_container_wishlist/meta/main.yml similarity index 100% rename from roles/server_install_cronjobs/meta/main.yml rename to ansible/roles/deploy_container_wishlist/meta/main.yml diff --git a/ansible/roles/deploy_container_wishlist/tasks/main.yml b/ansible/roles/deploy_container_wishlist/tasks/main.yml new file mode 100644 index 0000000..f98ddc0 --- /dev/null +++ b/ansible/roles/deploy_container_wishlist/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Ensure data directories exist + ansible.builtin.file: + path: "{{ container_base_dir }}/data" + state: directory + mode: '0755' + become: false + +- name: Deploy Docker Compose and .env files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ container_base_dir }}/{{ item.dest }}" + mode: '0644' + loop: + - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' } + - { src: '.env.j2', dest: '.env' } + become: false + +- name: Start Container + community.docker.docker_compose_v2: + project_src: "{{ container_base_dir }}" + pull: always + docker_host: "unix:///run/user/1000/docker.sock" + become: false diff --git a/roles/deploy_container_wishlist/templates/.env.j2 b/ansible/roles/deploy_container_wishlist/templates/.env.j2 similarity index 100% rename from roles/deploy_container_wishlist/templates/.env.j2 rename to ansible/roles/deploy_container_wishlist/templates/.env.j2 diff --git a/roles/deploy_container_wishlist/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_wishlist/templates/docker-compose.yml.j2 similarity index 100% rename from roles/deploy_container_wishlist/templates/docker-compose.yml.j2 rename to ansible/roles/deploy_container_wishlist/templates/docker-compose.yml.j2 diff --git a/ansible/roles/deploy_container_wishlist/vars/main.yml b/ansible/roles/deploy_container_wishlist/vars/main.yml new file mode 100644 index 0000000..c045674 --- /dev/null +++ b/ansible/roles/deploy_container_wishlist/vars/main.yml @@ -0,0 +1 @@ +container_base_dir: /opt/docker/wishlist \ No newline at end of file diff --git a/roles/server_install_cronjobs/defaults/main.yml b/ansible/roles/server_install_cronjobs/defaults/main.yml similarity index 100% rename from roles/server_install_cronjobs/defaults/main.yml rename to ansible/roles/server_install_cronjobs/defaults/main.yml diff --git a/roles/server_install_syslog/templates/.gitkeep b/ansible/roles/server_install_cronjobs/files/.gitkeep similarity index 100% rename from roles/server_install_syslog/templates/.gitkeep rename to ansible/roles/server_install_cronjobs/files/.gitkeep diff --git a/roles/server_install_cronjobs/vars/main.yml b/ansible/roles/server_install_cronjobs/handlers/main.yml similarity index 100% rename from roles/server_install_cronjobs/vars/main.yml rename to ansible/roles/server_install_cronjobs/handlers/main.yml diff --git a/roles/server_install_fail2ban/meta/main.yml b/ansible/roles/server_install_cronjobs/meta/main.yml similarity index 100% rename from roles/server_install_fail2ban/meta/main.yml rename to ansible/roles/server_install_cronjobs/meta/main.yml diff --git a/roles/server_install_cronjobs/tasks/main.yml b/ansible/roles/server_install_cronjobs/tasks/main.yml similarity index 100% rename from roles/server_install_cronjobs/tasks/main.yml rename to ansible/roles/server_install_cronjobs/tasks/main.yml diff --git a/roles/template_role/files/.gitkeep b/ansible/roles/server_install_cronjobs/templates/.gitkeep similarity index 100% rename from roles/template_role/files/.gitkeep rename to ansible/roles/server_install_cronjobs/templates/.gitkeep diff --git a/roles/server_install_fail2ban/vars/main.yml b/ansible/roles/server_install_cronjobs/vars/main.yml similarity index 100% rename from roles/server_install_fail2ban/vars/main.yml rename to ansible/roles/server_install_cronjobs/vars/main.yml diff --git a/roles/server_install_fail2ban/defaults/main.yml b/ansible/roles/server_install_fail2ban/defaults/main.yml similarity index 100% rename from roles/server_install_fail2ban/defaults/main.yml rename to ansible/roles/server_install_fail2ban/defaults/main.yml diff --git a/roles/server_install_fail2ban/handlers/main.yml b/ansible/roles/server_install_fail2ban/handlers/main.yml similarity index 100% rename from roles/server_install_fail2ban/handlers/main.yml rename to ansible/roles/server_install_fail2ban/handlers/main.yml diff --git a/roles/server_install_ssh/meta/main.yml b/ansible/roles/server_install_fail2ban/meta/main.yml similarity index 100% rename from roles/server_install_ssh/meta/main.yml rename to ansible/roles/server_install_fail2ban/meta/main.yml diff --git a/roles/server_install_fail2ban/tasks/main.yml b/ansible/roles/server_install_fail2ban/tasks/main.yml similarity index 100% rename from roles/server_install_fail2ban/tasks/main.yml rename to ansible/roles/server_install_fail2ban/tasks/main.yml diff --git a/roles/server_install_fail2ban/templates/jail.local.j2 b/ansible/roles/server_install_fail2ban/templates/jail.local.j2 similarity index 100% rename from roles/server_install_fail2ban/templates/jail.local.j2 rename to ansible/roles/server_install_fail2ban/templates/jail.local.j2 diff --git a/roles/server_install_ssh/vars/main.yml b/ansible/roles/server_install_fail2ban/vars/main.yml similarity index 100% rename from roles/server_install_ssh/vars/main.yml rename to ansible/roles/server_install_fail2ban/vars/main.yml diff --git a/roles/server_install_ssh/defaults/main.yml b/ansible/roles/server_install_ssh/defaults/main.yml similarity index 100% rename from roles/server_install_ssh/defaults/main.yml rename to ansible/roles/server_install_ssh/defaults/main.yml diff --git a/roles/server_install_ssh/handlers/main.yml b/ansible/roles/server_install_ssh/handlers/main.yml similarity index 100% rename from roles/server_install_ssh/handlers/main.yml rename to ansible/roles/server_install_ssh/handlers/main.yml diff --git a/roles/server_install_syslog/defaults/main.yml b/ansible/roles/server_install_ssh/meta/main.yml similarity index 100% rename from roles/server_install_syslog/defaults/main.yml rename to ansible/roles/server_install_ssh/meta/main.yml diff --git a/roles/server_install_ssh/tasks/main.yml b/ansible/roles/server_install_ssh/tasks/main.yml similarity index 100% rename from roles/server_install_ssh/tasks/main.yml rename to ansible/roles/server_install_ssh/tasks/main.yml diff --git a/roles/server_install_ssh/templates/sshd_config.j2 b/ansible/roles/server_install_ssh/templates/sshd_config.j2 similarity index 100% rename from roles/server_install_ssh/templates/sshd_config.j2 rename to ansible/roles/server_install_ssh/templates/sshd_config.j2 diff --git a/roles/server_install_syslog/meta/main.yml b/ansible/roles/server_install_ssh/vars/main.yml similarity index 100% rename from roles/server_install_syslog/meta/main.yml rename to ansible/roles/server_install_ssh/vars/main.yml diff --git a/roles/server_install_syslog/vars/main.yml b/ansible/roles/server_install_syslog/defaults/main.yml similarity index 100% rename from roles/server_install_syslog/vars/main.yml rename to ansible/roles/server_install_syslog/defaults/main.yml diff --git a/roles/template_role/templates/.gitkeep b/ansible/roles/server_install_syslog/files/.gitkeep similarity index 100% rename from roles/template_role/templates/.gitkeep rename to ansible/roles/server_install_syslog/files/.gitkeep diff --git a/roles/server_install_syslog/handlers/main.yml b/ansible/roles/server_install_syslog/handlers/main.yml similarity index 100% rename from roles/server_install_syslog/handlers/main.yml rename to ansible/roles/server_install_syslog/handlers/main.yml diff --git a/roles/template_role/defaults/main.yml b/ansible/roles/server_install_syslog/meta/main.yml similarity index 100% rename from roles/template_role/defaults/main.yml rename to ansible/roles/server_install_syslog/meta/main.yml diff --git a/roles/server_install_syslog/tasks/main.yml b/ansible/roles/server_install_syslog/tasks/main.yml similarity index 100% rename from roles/server_install_syslog/tasks/main.yml rename to ansible/roles/server_install_syslog/tasks/main.yml diff --git a/roles/template_role/handlers/main.yml b/ansible/roles/server_install_syslog/templates/.gitkeep similarity index 100% rename from roles/template_role/handlers/main.yml rename to ansible/roles/server_install_syslog/templates/.gitkeep diff --git a/roles/template_role/meta/main.yml b/ansible/roles/server_install_syslog/vars/main.yml similarity index 100% rename from roles/template_role/meta/main.yml rename to ansible/roles/server_install_syslog/vars/main.yml diff --git a/roles/template_role/tasks/main.yml b/ansible/roles/template_role/defaults/main.yml similarity index 100% rename from roles/template_role/tasks/main.yml rename to ansible/roles/template_role/defaults/main.yml diff --git a/roles/template_role/vars/main.yml b/ansible/roles/template_role/files/.gitkeep similarity index 100% rename from roles/template_role/vars/main.yml rename to ansible/roles/template_role/files/.gitkeep diff --git a/ansible/roles/template_role/handlers/main.yml b/ansible/roles/template_role/handlers/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/template_role/meta/main.yml b/ansible/roles/template_role/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/template_role/tasks/main.yml b/ansible/roles/template_role/tasks/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/template_role/templates/.gitkeep b/ansible/roles/template_role/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/template_role/vars/main.yml b/ansible/roles/template_role/vars/main.yml new file mode 100644 index 0000000..e69de29