testing

2023-07-23 18:46:40 -04:00
24 changed files with 165 additions and 134 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 .playbook
-.vagrant*
+.vagrant
 .vscode
 /environments/
--- a/51
+++ b/51
@@ -1,41 +1,43 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
-require 'yaml'
+SSH_FORWARD=ENV["SSH_FORWARD"]
-settings_path = '.vagrant.yml'
+if !(SSH_FORWARD == "true")
-settings = {}
+  SSH_FORWARD = false
 if File.exist?(settings_path)
  settings = YAML.load_file(settings_path)
 end
 VAGRANT_BOX  = settings['VAGRANT_BOX']  || 'debian/bookworm64'
 VAGRANT_CPUS = settings['VAGRANT_CPUS'] || 2
 VAGRANT_MEM  = settings['VAGRANT_MEM']  || 2048
 SSH_FORWARD  = settings['SSH_FORWARD']  || false
 # Default to shell environment variable: PLAYBOOK (priority #1)
 PLAYBOOK=ENV["PLAYBOOK"]
-if !PLAYBOOK || PLAYBOOK.empty?
+if !PLAYBOOK
-  # PLAYBOOK setting in .vagrant.yml (priority #2)
+  if File.exist?('.playbook')
-  PLAYBOOK = settings['PLAYBOOK'] || 'default'
+    PLAYBOOK = IO.read('.playbook').split("\n")[0]
  end
  if !PLAYBOOK || PLAYBOOK.empty?
    PLAYBOOK = "\nERROR: Set env PLAYBOOK"
  end
 else
  File.write(".playbook", PLAYBOOK)
 end
 Vagrant.configure("2") do |config|
-  config.vm.box = VAGRANT_BOX
+  config.vm.box = "debian/bullseye64"
  config.vm.network "private_network", type: "dhcp"
  config.vm.synced_folder ".", "/vagrant", disabled: true
  config.vm.synced_folder "./scratch", "/vagrant/scratch"
  config.ssh.forward_agent = SSH_FORWARD
-  # Libvrit provider
+  # Machine Name
-  config.vm.provider :libvirt do |libvirt|
+  config.vm.define :moxie do |moxie| #
    libvirt.cpus   = VAGRANT_CPUS
    libvirt.memory = VAGRANT_MEM
  end
-  # Virtualbox provider
+  config.vm.provider :libvirt do |libvirt|
-  config.vm.provider :virtualbox do |vbox|
+    libvirt.cpus = 2
-    vbox.cpus   = VAGRANT_CPUS
+    libvirt.memory = 4096
-    vbox.memory = VAGRANT_MEM
+    libvirt.default_prefix = ""
  end
  config.vm.provider "virtualbox" do |vbox|
    vbox.memory = 4096
  end
  # Provision with Ansible
@@ -44,4 +46,5 @@ Vagrant.configure("2") do |config|
    ansible.compatibility_mode = "2.0"
    ansible.playbook = "dev/" + PLAYBOOK + ".yml"
  end
 end
--- a/playbooks/backup.yml
+++ b/playbooks/backup.yml
--- a/playbooks/bitwarden.yml
+++ b/playbooks/bitwarden.yml
--- a/dev/default.yml
+++ b/dev/default.yml
@@ -1,4 +0,0 @@
 - name: Install 'default' aka nothing
  hosts: all
  become: true
  tasks: []
--- a/dev/dockerbox.yml
+++ b/dev/dockerbox.yml
@@ -1,4 +1,4 @@
- name: Install Dockerbox Server
+- name: Install Docker Box Server
  hosts: all
  become: true
  vars_files:
--- a/dev/host_vars/bitwarden.yml
+++ b/dev/host_vars/bitwarden.yml
@@ -9,14 +9,14 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.local.krislamo.org
+traefik_domain: traefik.vm.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 #traefik_acme_email: realemail@example.com # Let's Encrypt settings
 #traefik_production: true
 # bitwarden
 # Get Installation ID & Key at https://bitwarden.com/host/
-bitwarden_domain: vault.local.krislamo.org
+bitwarden_domain: vault.vm.krislamo.org
 bitwarden_dbpass: password
 bitwarden_install_id: 4ea840a3-532e-4cb6-a472-abd900728b23
 bitwarden_install_key: 1yB3Z2gRI0KnnH90C6p
--- a/dev/host_vars/dockerbox.yml
+++ b/dev/host_vars/dockerbox.yml
@@ -9,36 +9,40 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.local.krislamo.org
+traefik_domain: traefik.vm.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 traefik_web_entry: 0.0.0.0:80
 traefik_websecure_entry: 0.0.0.0:443
 #traefik_acme_email: realemail@example.com # Let's Encrypt settings
 #traefik_production: true
-#traefik_http_only: true # if behind reverse-proxy
+traefik_http_only: true # if behind reverse-proxy
 # nextcloud
 nextcloud_version: stable
 nextcloud_admin: admin
 nextcloud_pass: password
-nextcloud_domain: cloud.local.krislamo.org
+nextcloud_domain: cloud.vm.krislamo.org
 nextcloud_dbversion: latest
 nextcloud_dbpass: password
 # gitea
 gitea_domain: git.vm.krislamo.org
 gitea_version: 1
 gitea_dbversion: latest
 gitea_dbpass: password
 # jenkins
 jenkins_version: lts
-jenkins_domain: jenkins.local.krislamo.org
+jenkins_domain: jenkins.vm.krislamo.org
 # prometheus (includes grafana)
 prom_version: latest
-prom_domain: prom.local.krislamo.org
+prom_domain: prom.vm.krislamo.org
 grafana_version: latest
-grafana_domain: grafana.local.krislamo.org
+grafana_domain: grafana.vm.krislamo.org
 prom_targets: "['10.0.2.15:9100']"
 # nginx
-nginx_domain: nginx.local.krislamo.org
+nginx_domain: nginx.vm.krislamo.org
 nginx_name: staticsite
 nginx_repo_url: https://git.krislamo.org/kris/example-website/
 nginx_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
--- a/dev/host_vars/mediaserver.yml
+++ b/dev/host_vars/mediaserver.yml
@@ -1,4 +1,4 @@
-base_domain: local.krislamo.org
+base_domain: vm.krislamo.org
 # base
 allow_reboot: false
--- a/dev/host_vars/nextcloud.yml
+++ b/dev/host_vars/nextcloud.yml
@@ -5,14 +5,14 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.local.krislamo.org
+traefik_domain: traefik.vm.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 # container settings
 nextcloud_version: stable
 nextcloud_admin: admin
 nextcloud_pass: password
-nextcloud_domain: cloud.local.krislamo.org
+nextcloud_domain: cloud.vm.krislamo.org
 # database settings
 nextcloud_dbversion: latest
--- a/dev/host_vars/nginx.yml
+++ b/dev/host_vars/nginx.yml
@@ -9,13 +9,13 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.local.krislamo.org
+traefik_domain: traefik.vm.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 #traefik_acme_email: realemail@example.com # Let's Encrypt settings
 #traefik_production: true
 # nginx
-nginx_domain: nginx.local.krislamo.org
+nginx_domain: nginx.vm.krislamo.org
 nginx_name: staticsite
 nginx_repo_url: https://git.krislamo.org/kris/example-website/
 nginx_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
--- a/dev/host_vars/proxy.yml
+++ b/dev/host_vars/proxy.yml
@@ -1,4 +1,4 @@
-base_domain: local.krislamo.org
+base_domain: vm.krislamo.org
 # base
 allow_reboot: false
--- a/dev/host_vars/wordpress.yml
+++ b/dev/host_vars/wordpress.yml
@@ -9,14 +9,14 @@ docker_users:
 # traefik
 traefik_version: latest
 traefik_dashboard: true
-traefik_domain: traefik.local.krislamo.org
+traefik_domain: traefik.vm.krislamo.org
 traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
 #traefik_acme_email: realemail@example.com # Let's Encrypt settings
 #traefik_production: true
 # container settings
 wordpress_version: latest
-wordpress_domain: wordpress.local.krislamo.org
+wordpress_domain: wordpress.vm.krislamo.org
 wordpress_multisite: true
 # database settings
--- a/playbooks/docker.yml
+++ b/playbooks/docker.yml
--- a/dockerbox.yml
+++ b/dockerbox.yml
@@ -0,0 +1,25 @@
 # Copyright (C) 2020  Kris Lamoureux
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, version 3 of the License.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 - name: Install Docker Box Server
  hosts: dockerhosts
  become: true
  roles:
    - base
    - docker
    - traefik
    - nextcloud
    - jenkins
    - prometheus
    - nginx
--- a/forward-ssh.sh
+++ b/forward-ssh.sh
@@ -1,74 +0,0 @@
 #!/bin/bash
 # Finds the SSH private key under ./.vagrant and connects to
 # the Vagrant box, port forwarding localhost ports: 8443, 80, 443
 # Clean environment
 unset PRIVATE_KEY
 unset HOST_IP
 unset MATCH_PATTERN
 unset PKILL_ANSWER
 # Function to create the SSH tunnel
 function ssh_connect {
  printf "[INFO]: Starting new vagrant SSH tunnel on PID "
  sudo ssh -fNT -i "$PRIVATE_KEY" \
    -L 8443:localhost:8443 \
    -L 80:localhost:80 \
    -L 443:localhost:443 \
    -o UserKnownHostsFile=/dev/null \
    -o StrictHostKeyChecking=no \
      vagrant@"$HOST_IP" 2>/dev/null
  sleep 2
  pgrep -f "$MATCH_PATTERN"
 }
 # Check for valid PRIVATE_KEY location
 PRIVATE_KEY="$(find .vagrant -name "private_key" 2>/dev/null)"
 if ! ssh-keygen -l -f "$PRIVATE_KEY" &>/dev/null; then
  echo "[ERROR]: The SSH key '$PRIVATE_KEY' is not valid. Is your virtual machine running?"
  exit 1
 fi
 echo "[CHECK]: Valid key at $PRIVATE_KEY"
 # Grab first IP or use whatever HOST_IP_FIELD is set to and check that the guest is up
 HOST_IP="$(vagrant ssh -c "hostname -I | cut -d' ' -f${HOST_IP_FIELD:-1}" 2>/dev/null)"
 HOST_IP="${HOST_IP::-1}" # trim
 if ! ping -c 1 "$HOST_IP" &>/dev/null; then
  echo "[ERROR]: Cannot ping the host IP '$HOST_IP'"
  exit 1
 fi
 echo "[CHECK]: Host at $HOST_IP is up"
 # Pattern for matching processes running
 MATCH_PATTERN="ssh -fNT -i ${PRIVATE_KEY}.*vagrant@"
 # Check amount of processes that match the pattern
 if [ "$(pgrep -afc "$MATCH_PATTERN")" -eq 0 ]; then
  ssh_connect
 else
  # Processes found, so prompt to kill remaining ones then start tunnel
  printf "\n[WARNING]: Found processes running:\n"
  pgrep -fa "$MATCH_PATTERN"
  printf '\n'
  read -rp "Would you like to kill these processes? [y/N] " PKILL_ANSWER
  echo
  case "$PKILL_ANSWER" in
    [yY])
      echo "[WARNING]: Killing old vagrant SSH tunnel(s): "
      pgrep -f "$MATCH_PATTERN" | tee >(xargs sudo kill -15)
      echo
      if [ "$(pgrep -afc "$MATCH_PATTERN")" -eq 0 ]; then
        ssh_connect
      else
        echo "[ERROR]: Unable to kill processes:"
        pgrep -f "$MATCH_PATTERN"
        exit 1
      fi
      ;;
    *)
      echo "[INFO]: Declined to kill existing processes"
      exit 0
      ;;
  esac
 fi
--- a/playbooks/hypervisor.yml
+++ b/playbooks/hypervisor.yml
--- a/playbooks/mediaserver.yml
+++ b/playbooks/mediaserver.yml
--- a/playbooks/minecraft.yml
+++ b/playbooks/minecraft.yml
--- a/playbooks/dockerbox.yml
+++ b/playbooks/dockerbox.yml
@@ -1,11 +0,0 @@
 - name: Install Dockerbox Server
  hosts: "{{ PLAYBOOK_HOST | default('none') }}"
  become: true
  roles:
    - base
    - docker
    - traefik
    - nextcloud
    - jenkins
    - prometheus
    - nginx
--- a/playbooks/proxy.yml
+++ b/playbooks/proxy.yml
--- a/run-proxy.sh
+++ b/run-proxy.sh
@@ -0,0 +1,46 @@
 #!/bin/bash
 # Find private key file
 PRIVATE_KEY="$(find .vagrant -name "private_key")"
 # Does the private_key file exist?
 if [ ! -f "$PRIVATE_KEY" ]; then
  echo "[ERROR] File not found at \"$PRIVATE_KEY\""
  exit 1
 fi
 # Is the private_key a valid SSH key?
 echo "Checking validity of private key at $(pwd)/$PRIVATE_KEY"
 if ! ssh-keygen -l -f "$PRIVATE_KEY"; then
  echo "[Error] The private key at \"$PRIVATE_KEY\" is invalid (CODE: $?)"
  exit 1
 fi
 # Find an IP on the VM for the SSH tunnel
 HOST_IP="$(vagrant ssh -c "hostname -I | cut -d' ' -f${HOSTNAME_FIELD:-1}" 2>/dev/null | sed 's/.$//')"
 # SSH command to match in processes table
 CMD="ssh -fNT -i $PRIVATE_KEY -L 8443:localhost:8443 -L 80:localhost:80 -L 443:localhost:443.*vagrant@$HOST_IP"
 # Not just after PIDs
 # shellcheck disable=SC2009
 PS_TUNNELS="$(ps aux | grep -e "$CMD" | grep -v grep)"
 PS_COUNTER="$(echo "$PS_TUNNELS" | wc -l)"
 if [ "$PS_COUNTER" -gt 0 ]; then
  echo "[ERROR] Tunnel(s) already seems to exist (counted $PS_COUNTER)"
  echo \""$PS_TUNNELS"\"
  exit 1
 fi
 # Create an SSH tunnel
 echo "Starting background SSH connection for localhost port forwarding"
 set -x
 ssh -fNT -i "$PRIVATE_KEY" \
  -L 8443:localhost:8443 \
  -L 80:localhost:80 \
  -L 443:localhost:443 \
  -o UserKnownHostsFile=/dev/null \
  -o StrictHostKeyChecking=no \
    vagrant@"${HOST_IP}" 2>/dev/null
--- a/playbooks/unifi.yml
+++ b/playbooks/unifi.yml
--- a/update-hosts.sh
+++ b/update-hosts.sh
@@ -0,0 +1,42 @@
 #!/bin/bash
 COMMENT="Project Moxie"
 DOMAIN="vm.krislamo.org"
 HOST[0]="traefik.${DOMAIN}"
 HOST[1]="cloud.${DOMAIN}"
 HOST[2]="git.${DOMAIN}"
 HOST[3]="jenkins.${DOMAIN}"
 HOST[4]="prom.${DOMAIN}"
 HOST[5]="grafana.${DOMAIN}"
 HOST[6]="nginx.${DOMAIN}"
 HOST[7]="vault.${DOMAIN}"
 HOST[8]="wordpress.${DOMAIN}"
 HOST[9]="site1.wordpress.${DOMAIN}"
 HOST[10]="site2.wordpress.${DOMAIN}"
 HOST[11]="unifi.${DOMAIN}"
 HOST[12]="jellyfin.${DOMAIN}"
 # Get Vagrantbox guest IP
 VAGRANT_OUTPUT=$(vagrant ssh -c "hostname -I | cut -d' ' -f2" 2>/dev/null)
 # Remove ^M from the end
 [ ${#VAGRANT_OUTPUT} -gt 1 ] && IP=${VAGRANT_OUTPUT::-1}
 echo "Purging project addresses from /etc/hosts"
 sudo sed -i "s/# $COMMENT//g" /etc/hosts
 for address in "${HOST[@]}"; do
  sudo sed -i "/$address/d" /etc/hosts
 done
 # Remove trailing newline
 sudo sed -i '${/^$/d}' /etc/hosts
 if [ -n "$IP" ]; then
  echo -e "Adding new addresses...\n"
  echo -e "# $COMMENT" | sudo tee -a /etc/hosts
  for address in "${HOST[@]}"; do
    echo -e "$IP\t$address" | sudo tee -a /etc/hosts
  done
 else
  echo "Cannot find address. Is the Vagrant box running?"
 fi