2024-12-12 02:32:36 +03:00
|
|
|
- name: Deployment playbook
|
2024-12-12 01:53:03 +03:00
|
|
|
hosts: all
|
|
|
|
become: true
|
|
|
|
vars:
|
|
|
|
ansible_python_interpreter: /usr/bin/python3.11
|
|
|
|
|
|
|
|
tasks:
|
|
|
|
- name: Append command to .bash_history
|
|
|
|
blockinfile:
|
|
|
|
path: "~/.bash_history"
|
|
|
|
create: yes
|
|
|
|
block: |
|
|
|
|
#1724983098
|
2024-12-12 02:32:36 +03:00
|
|
|
cd /root/node/ ; docker compose logs --since 3h -f
|
2024-12-12 01:53:03 +03:00
|
|
|
marker: ""
|
|
|
|
|
|
|
|
- name: Set locale to C.UTF-8
|
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: localectl set-locale LANG=C.UTF-8
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
- name: Create APT configuration file to assume yes
|
|
|
|
ansible.builtin.copy:
|
|
|
|
dest: /etc/apt/apt.conf.d/90forceyes
|
|
|
|
content: |
|
|
|
|
APT::Get::Assume-Yes "true";
|
|
|
|
mode: '0644'
|
|
|
|
|
|
|
|
- name: Update /etc/bash.bashrc
|
|
|
|
ansible.builtin.blockinfile:
|
|
|
|
path: /etc/bash.bashrc
|
|
|
|
block: |
|
|
|
|
export HISTTIMEFORMAT='%F, %T '
|
|
|
|
export HISTSIZE=10000
|
|
|
|
export HISTFILESIZE=10000
|
|
|
|
shopt -s histappend
|
|
|
|
export PROMPT_COMMAND='history -a'
|
|
|
|
export HISTCONTROL=ignoredups
|
|
|
|
export LANG=C.UTF-8
|
|
|
|
export LC_ALL=C.UTF-8
|
|
|
|
alias ls='ls --color=auto'
|
|
|
|
shopt -s cmdhist
|
|
|
|
|
|
|
|
- name: Ensure ~/.inputrc exists
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /root/.inputrc
|
|
|
|
state: touch
|
|
|
|
mode: '0644'
|
|
|
|
|
|
|
|
- name: Update ~/.inputrc
|
|
|
|
ansible.builtin.blockinfile:
|
|
|
|
path: ~/.inputrc
|
|
|
|
block: |
|
|
|
|
"\e[A": history-search-backward
|
|
|
|
"\e[B": history-search-forward
|
|
|
|
|
|
|
|
- name: Ensure ~/.nanorc exists
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /root/.nanorc
|
|
|
|
state: touch
|
|
|
|
mode: '0644'
|
|
|
|
|
|
|
|
- name: Update ~/.nanorc
|
|
|
|
ansible.builtin.blockinfile:
|
|
|
|
path: ~/.nanorc
|
|
|
|
block: |
|
|
|
|
set nohelp
|
|
|
|
set tabsize 4
|
|
|
|
set tabstospaces
|
|
|
|
set autoindent
|
|
|
|
set positionlog
|
|
|
|
set backup
|
|
|
|
set backupdir /tmp/
|
|
|
|
set locking
|
|
|
|
include /usr/share/nano/*.nanorc
|
|
|
|
|
|
|
|
- name: Set hostname
|
|
|
|
ansible.builtin.shell: |
|
|
|
|
hostnamectl set-hostname {{ serverid }}
|
|
|
|
echo "127.0.1.1 {{ serverid }}" >> /etc/hosts
|
|
|
|
changed_when: false
|
|
|
|
|
2024-12-12 19:23:21 +03:00
|
|
|
#- name: Update and upgrade apt
|
|
|
|
# ansible.builtin.apt:
|
|
|
|
# update_cache: true
|
|
|
|
# #upgrade: dist
|
|
|
|
# #force_apt_get: true
|
|
|
|
# #autoremove: true
|
|
|
|
# register: apt_update_result
|
|
|
|
# retries: 5
|
|
|
|
# delay: 50
|
|
|
|
# until: apt_update_result is succeeded
|
|
|
|
# async: "{{ 60 * 20 }}"
|
|
|
|
# poll: 30
|
|
|
|
|
|
|
|
#- name: Install packages
|
|
|
|
# ansible.builtin.apt:
|
|
|
|
# name:
|
|
|
|
# - ca-certificates
|
|
|
|
# - zlib1g-dev
|
|
|
|
# - libncurses5-dev
|
|
|
|
# - libgdbm-dev
|
|
|
|
# - libnss3-dev
|
|
|
|
# - curl
|
|
|
|
# - jq
|
|
|
|
# - git
|
|
|
|
# - zip
|
|
|
|
# - wget
|
|
|
|
# - make
|
|
|
|
# - python3
|
|
|
|
# - python3-pip
|
|
|
|
# - iftop
|
|
|
|
# state: present
|
|
|
|
# update_cache: true
|
|
|
|
# async: "{{ 60 * 20 }}"
|
|
|
|
# poll: 30
|
2024-12-12 03:35:36 +03:00
|
|
|
|
|
|
|
- name: Clone repository
|
|
|
|
ansible.builtin.git:
|
|
|
|
repo: https://gitea.vvzvlad.xyz/vvzvlad/nexus
|
|
|
|
dest: "{{ ansible_env.HOME }}/node"
|
|
|
|
version: "{{ git_version }}"
|
|
|
|
force: true
|
|
|
|
async: "{{ 60 * 15 }}"
|
|
|
|
poll: 30
|
|
|
|
|
2024-12-12 19:23:21 +03:00
|
|
|
#- name: Install grist-api and colorama (attempt 1)
|
|
|
|
# ansible.builtin.command: pip3 install grist-api colorama --break-system-packages
|
|
|
|
# args:
|
|
|
|
# chdir: "{{ ansible_env.HOME }}/node"
|
|
|
|
# changed_when: false
|
|
|
|
|
|
|
|
#- name: Install Docker
|
|
|
|
# ansible.builtin.shell: curl -fsSL https://get.docker.com | bash
|
|
|
|
# changed_when: false
|
|
|
|
# async: "{{ 60 * 5 }}"
|
|
|
|
# poll: 30
|
|
|
|
|
|
|
|
#- name: Update Docker daemon journald logging
|
|
|
|
# ansible.builtin.copy:
|
|
|
|
# dest: /etc/docker/daemon.json
|
|
|
|
# content: |
|
|
|
|
# { "log-driver": "journald" }
|
|
|
|
# mode: '0644'
|
2024-12-12 01:53:03 +03:00
|
|
|
|
2024-12-12 19:23:21 +03:00
|
|
|
- name: Docker login
|
|
|
|
ansible.builtin.shell: docker login -u "{{ docker_username }}" -p "{{ docker_password }}"
|
|
|
|
register: docker_login_result
|
2024-12-12 01:53:03 +03:00
|
|
|
changed_when: false
|
2024-12-12 19:23:21 +03:00
|
|
|
failed_when: "'Login Succeeded' not in docker_login_result.stdout"
|
2024-12-12 01:53:03 +03:00
|
|
|
|
2024-12-12 19:23:21 +03:00
|
|
|
#- name: Restart Docker
|
|
|
|
# ansible.builtin.service:
|
|
|
|
# name: docker
|
|
|
|
# state: restarted
|
2024-12-12 01:53:03 +03:00
|
|
|
|
2024-12-12 19:23:21 +03:00
|
|
|
#- name: Update journald log SystemMaxUse=2G configuration
|
|
|
|
# ansible.builtin.lineinfile:
|
|
|
|
# path: /etc/systemd/journald.conf
|
|
|
|
# line: 'SystemMaxUse=2G'
|
|
|
|
# insertafter: EOF
|
|
|
|
# create: true
|
|
|
|
# mode: '0644'
|
2024-12-12 01:53:03 +03:00
|
|
|
|
2024-12-12 19:23:21 +03:00
|
|
|
#- name: Restart journald
|
|
|
|
# ansible.builtin.service:
|
|
|
|
# name: systemd-journald
|
|
|
|
# state: restarted
|
2024-12-12 01:53:03 +03:00
|
|
|
|
|
|
|
- name: Make update.sh executable
|
|
|
|
ansible.builtin.shell: |
|
|
|
|
chmod +x ./update.sh
|
|
|
|
args:
|
|
|
|
chdir: "{{ ansible_env.HOME }}/node"
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
- name: Update environment variables
|
|
|
|
ansible.builtin.shell: |
|
2024-12-12 02:32:36 +03:00
|
|
|
./update.sh ID "{{ id }}"
|
2024-12-12 01:53:03 +03:00
|
|
|
./update.sh GRIST_SERVER "{{ grist_server }}"
|
|
|
|
./update.sh GRIST_DOC_ID "{{ grist_doc_id }}"
|
|
|
|
./update.sh GRIST_API_KEY "{{ grist_api_key }}"
|
|
|
|
args:
|
|
|
|
chdir: "{{ ansible_env.HOME }}/node"
|
|
|
|
changed_when: false
|
|
|
|
|
2024-12-12 02:32:36 +03:00
|
|
|
- name: Build dockers images
|
|
|
|
ansible.builtin.command: docker build -t nexus-image .
|
2024-12-12 01:53:03 +03:00
|
|
|
args:
|
|
|
|
chdir: "{{ ansible_env.HOME }}/node"
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
- name: Check external IP before
|
|
|
|
ansible.builtin.command: curl https://ifconfig.me
|
|
|
|
register: ip_before
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
- name: Validate IP address
|
|
|
|
ansible.builtin.assert:
|
|
|
|
that:
|
|
|
|
- ip_before.stdout | ansible.utils.ipaddr
|
|
|
|
fail_msg: "The returned value is not a valid IP address."
|
|
|
|
success_msg: "The returned value is a valid IP address."
|
|
|
|
|
2024-12-12 19:23:21 +03:00
|
|
|
#- name: Download tun2socks
|
|
|
|
# ansible.builtin.get_url:
|
|
|
|
# url: https://github.com/xjasonlyu/tun2socks/releases/download/v2.5.2/tun2socks-linux-amd64.zip
|
|
|
|
# dest: /tmp/tun2socks-linux-amd64.zip
|
|
|
|
# mode: '0644'
|
|
|
|
# async: "{{ 60 * 5 }}"
|
|
|
|
# poll: 30
|
|
|
|
|
|
|
|
#- name: Unzip tun2socks
|
|
|
|
# ansible.builtin.unarchive:
|
|
|
|
# src: /tmp/tun2socks-linux-amd64.zip
|
|
|
|
# dest: /usr/local/sbin/
|
|
|
|
# remote_src: true
|
|
|
|
# mode: '0755'
|
2024-12-12 01:53:03 +03:00
|
|
|
|
|
|
|
- name: Create proxy file
|
|
|
|
ansible.builtin.copy:
|
|
|
|
content: "{{ proxy }}"
|
|
|
|
dest: /root/proxy
|
|
|
|
mode: '0644'
|
|
|
|
|
|
|
|
- name: Create tun2socks systemd service
|
|
|
|
ansible.builtin.copy:
|
|
|
|
dest: /etc/systemd/system/tun2socks.service
|
|
|
|
content: |
|
|
|
|
[Unit]
|
|
|
|
Description=Tun2Socks gateway
|
|
|
|
After=network.target
|
|
|
|
Wants=network.target
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
User=root
|
|
|
|
Type=simple
|
|
|
|
RemainAfterExit=true
|
|
|
|
ExecStartPre=/bin/sh -c 'ip route add $(cat /root/proxy | grep -oP "(?<=@)[0-9.]+(?=:)" )/32 via $(ip route | grep -oP "(?<=default via )[0-9.]+")'
|
|
|
|
ExecStart=/bin/sh -c '/usr/local/sbin/tun2socks-linux-amd64 --device tun0 --proxy $(cat /root/proxy)'
|
|
|
|
ExecStopPost=/bin/sh -c 'ip route del $(cat /root/proxy | grep -oP "(?<=@)[0-9.]+(?=:)" )/32 via $(ip route | grep -oP "(?<=default via )[0-9.]+")'
|
|
|
|
Restart=always
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|
|
|
|
mode: '0644'
|
|
|
|
|
|
|
|
- name: Create network configuration for tun0
|
|
|
|
ansible.builtin.copy:
|
|
|
|
dest: /etc/systemd/network/10-proxy.network
|
|
|
|
content: |
|
|
|
|
[Match]
|
|
|
|
Name=tun0
|
|
|
|
|
|
|
|
[Network]
|
|
|
|
Address=10.20.30.1/24
|
|
|
|
|
|
|
|
[Route]
|
|
|
|
Gateway=0.0.0.0
|
|
|
|
mode: '0644'
|
|
|
|
|
|
|
|
- name: Enable and start tun2socks service
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
name: tun2socks
|
|
|
|
enabled: true
|
|
|
|
state: started
|
|
|
|
|
|
|
|
- name: Reload network configuration
|
|
|
|
ansible.builtin.command: networkctl reload
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
- name: Restart tun2socks service
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
name: tun2socks
|
|
|
|
state: restarted
|
|
|
|
|
|
|
|
- name: Check external IP after
|
|
|
|
ansible.builtin.command: curl https://ifconfig.me
|
|
|
|
register: ip_after
|
|
|
|
changed_when: false
|
|
|
|
|
|
|
|
- name: Validate IP address
|
|
|
|
ansible.builtin.assert:
|
|
|
|
that:
|
|
|
|
- ip_after.stdout | ansible.utils.ipaddr
|
|
|
|
fail_msg: "The returned value is not a valid IP address."
|
|
|
|
success_msg: "The returned value is a valid IP address."
|
|
|
|
|
|
|
|
- name: Show IPs
|
|
|
|
ansible.builtin.debug:
|
|
|
|
msg: "External IP before: {{ ip_before.stdout }}, External IP after: {{ ip_after.stdout }}"
|
|
|
|
|
|
|
|
- name: Compare external IPs
|
|
|
|
ansible.builtin.fail:
|
|
|
|
msg: "External IP before and after should not be the same"
|
|
|
|
when: ip_before.stdout == ip_after.stdout
|
|
|
|
|
|
|
|
- name: Up docker compose stack
|
|
|
|
ansible.builtin.command: docker compose up -d
|
|
|
|
args:
|
|
|
|
chdir: "{{ ansible_env.HOME }}/node"
|
|
|
|
environment:
|
|
|
|
COMPOSE_INTERACTIVE_NO_CLI: 'true'
|
|
|
|
changed_when: false
|
|
|
|
async: "{{ 60 * 80 }}"
|
|
|
|
poll: "{{ 60 }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: Copy checker service file
|
|
|
|
ansible.builtin.copy:
|
2024-12-12 02:32:36 +03:00
|
|
|
dest: /etc/systemd/system/node-checker.service
|
2024-12-12 01:53:03 +03:00
|
|
|
content: |
|
|
|
|
[Unit]
|
2024-12-12 02:32:36 +03:00
|
|
|
Description=Node Checker Service
|
2024-12-12 01:53:03 +03:00
|
|
|
After=network.target
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
Type=simple
|
|
|
|
User=root
|
|
|
|
WorkingDirectory={{ ansible_env.HOME }}/node
|
|
|
|
ExecStart=/usr/bin/bash {{ ansible_env.HOME }}/node/update-and-run-checker.sh
|
|
|
|
Restart=always
|
|
|
|
RestartSec=1800
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|
|
|
|
mode: '0644'
|
|
|
|
|
|
|
|
- name: Reload systemd
|
|
|
|
ansible.builtin.systemd:
|
|
|
|
daemon_reload: yes
|
|
|
|
|
2024-12-12 02:32:36 +03:00
|
|
|
- name: Enable and start node-checker service
|
2024-12-12 01:53:03 +03:00
|
|
|
ansible.builtin.systemd:
|
2024-12-12 02:32:36 +03:00
|
|
|
name: node-checker
|
2024-12-12 01:53:03 +03:00
|
|
|
enabled: yes
|
|
|
|
state: started
|
|
|
|
|
|
|
|
- name: Remove docker login credentials
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /root/.docker/config.json
|
|
|
|
state: absent
|