├── .gitignore ├── LICENSE ├── README.md ├── ansible.cfg ├── env ├── group_vars │ └── server.yml ├── host_vars │ ├── .lock │ └── home-dnsmasq.yml └── inventory.ini ├── play ├── info.yml ├── microservice-add-empty.yml ├── microservice-add.yml ├── microservice-backup.yml ├── microservice-delete.yml ├── server-install.yml ├── tasks │ ├── api-baddomains.yml │ ├── api-cron-info.yml │ ├── api-cron-update.yml │ ├── api-heartbeat-info.yml │ ├── api-heartbeat-update.yml │ ├── api-microservice-list.yml │ ├── api-user-create.yml │ ├── api-user-info.yml │ ├── api-user-update.yml │ └── noreboot.yml ├── templates │ └── network │ │ └── interfaces.j2 └── user.yml ├── requirements.yml ├── site.yml └── ssh └── config /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | ._DS* 3 | .DS_Store 4 | *.retry 5 | roles 6 | env/group_vars/all.yml 7 | tmp 8 | ssh/id_rsa* 9 | backup -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Mathieu garcia 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![Basic LAN](https://wiki.wiseflat.com/img/logo.png "Logo") 2 | 3 |

A toolbox for your IT

4 | 5 | Wiseflat is a combination of software programs to help you host your home automated systems and to protect you and your family from the internet 6 | 7 | ## About 8 | 9 | Wiseflat server is an entry point for your automated systems and your web applications. It allows you to deploy LXC containers in order to add features you need for your home. 10 | 11 | ``` 12 | pi@home-wiseflat:~ $ lxc list 13 | +----------------+---------+------------------------+------+------------+-----------+ 14 | | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | 15 | +----------------+---------+------------------------+------+------------+-----------+ 16 | | home-blog | RUNNING | 192.168.1.198 (eth0) | | PERSISTENT | 0 | 17 | +----------------+---------+------------------------+------+------------+-----------+ 18 | | home-cms | RUNNING | 192.168.1.115 (eth0) | | PERSISTENT | 0 | 19 | +----------------+---------+------------------------+------+------------+-----------+ 20 | | home-dnsmasq | RUNNING | 192.168.1.110 (eth0) | | PERSISTENT | 0 | 21 | +----------------+---------+------------------------+------+------------+-----------+ 22 | | home-domoticz | RUNNING | 192.168.1.200 (eth0) | | PERSISTENT | 0 | 23 | +----------------+---------+------------------------+------+------------+-----------+ 24 | | home-homebridge| RUNNING | 192.168.1.246 (eth0) | | PERSISTENT | 0 | 25 | +----------------+---------+------------------------+------+------------+-----------+ 26 | | home-jeedom | RUNNING | 192.168.1.138 (eth0) | | PERSISTENT | 0 | 27 | +----------------+---------+------------------------+------+------------+-----------+ 28 | | home-messenger | RUNNING | 192.168.1.104 (eth0) | | PERSISTENT | 0 | 29 | +----------------+---------+------------------------+------+------------+-----------+ 30 | | home-mqtt | RUNNING | 192.168.1.247 (eth0) | | PERSISTENT | 0 | 31 | +----------------+---------+------------------------+------+------------+-----------+ 32 | | home-nodered | RUNNING | 192.168.1.245 (eth0) | | PERSISTENT | 0 | 33 | +----------------+---------+------------------------+------+------------+-----------+ 34 | | home-xpl | RUNNING | 192.168.1.243 (eth0) | | PERSISTENT | 0 | 35 | +----------------+---------+------------------------+------+------------+-----------+ 36 | ``` 37 | 38 | 39 | To install a Wiseflat server, an Ansible project is available to limit technical issues and gain time. It's a project that allows everyone, experts or beginners to build their own Linux server with containerized applications. 40 | 41 | This Ansible project allows you to: 42 | 43 | - preconfigure your server with the basic software 44 | - configure LXD to start LXC containers 45 | - install microservices to meet your needs 46 | 47 | Here is a non-exhaustive list of microservices available to you: 48 | 49 | - Totaljs software suite (cms, wiki, blog, messenger) 50 | - home automation applications (jeedom, domoticz, homebridge, nodered) 51 | - communication gateways (mqtt, rabbitmq, xPL) 52 | - services to protect your privacy and security tools (dnsmasq, iptables rules) 53 | 54 | 55 | ## Basics 56 | 57 | ### Local area network 58 | 59 | A local network is generally composed of a wifi router allowing computers, tablets, smartphones to access the internet. 60 | 61 | The wifi router is normally provided by your ISP, it only contains few but essential options. Its role is limited to protecting you from the internet thanks to a firewall. It also has a DHCP role to provide IP addresses to the machines on your LAN and also the DNS role to ensure the domain name resolutions. 62 | 63 | ![Basic LAN](https://wiki.wiseflat.com/img/lan1-1.png "Basic LAN") 64 | 65 | ### Linux containers 66 | 67 | Since the apparition of Linux 2.6.24 kernel, LXC has provided support for containerization to provide OS-level virtualization and allows a single host to run multiple isolated Linux instances, known as Linux containers or LXC (LinuX Containers). 68 | 69 | In our case, the container is a very interesting approach since it allows us to multiply the number of linux servers on a single raspberry pi. 70 | 71 | If the CPU/RAM resources of a single raspberrypi are not enough for your needs, just add a new one. 72 | 73 | ![Basic LAN](https://wiki.wiseflat.com/img/lan2-1.png "Basic LAN") 74 | 75 | ### Ansible management 76 | 77 | Setting a server up manually can be difficult, especially if you have several machines to configure in the same way. Building a production-ready application can be hard if you are not an expert. If you need to do that more than once, it's a good training but it gets boring... 78 | 79 | A lot of people have looked into this issue and built solutions to automate deployment (puppet, chef, salt). My personal favorite is **Ansible**. 80 | 81 | Just write your specifications in your favorite code editor and let the magic happens ! 82 | 83 | Ansible will help you take a step back and think about what you need to do next. It will Help you focus on the essential. 84 | 85 | Once tasks are written in a Ansible playbook, your will be able to execute the same tasks to a thousand of machines if you need ! Ansible will connect to each of your servers using ssh to perform the job. 86 | 87 | Seriously, Ansible changed my life... 88 | 89 | ![Basic LAN](https://wiki.wiseflat.com/img/lan3-1.png "Basic LAN") 90 | 91 | ## Install 92 | 93 | ### Requirements 94 | 95 | You need to configure your Wiseflat Server on an ARM architecture like a raspberry pi. 96 | This is a requirement because our LXC microservices are built on arm architecture. 97 | 98 | Be sure the raspberrypi got an IP address on your lan from your dhcp server, the ssh server should be enabled and started. 99 | 100 | ### Conventions 101 | 102 | This git project contains a default ssh/config file. 103 | 104 | **All our servers and containers have a prefix named "home-".** 105 | 106 | If you change this, you will have to update your Ansible inventory env/inventory.ini 107 | 108 | Pi hostname is **home-wiseflat** 109 | 110 | ### Installing Ansible 111 | 112 | Latest Releases Via Apt (Ubuntu) 113 | 114 | ```sh 115 | $ sudo apt-get update 116 | $ sudo apt-get install software-properties-common 117 | $ sudo apt-add-repository ppa:Ansible/Ansible 118 | $ sudo apt-get update 119 | $ sudo apt-get install Ansible 120 | ``` 121 | 122 | Latest Releases on Centos 123 | 124 | ```sh 125 | $ sudo yum install epel-release 126 | $ sudo yum install Ansible 127 | ``` 128 | 129 | Latest Releases on Mac OSX 130 | 131 | ```sh 132 | $ brew install Ansible 133 | ``` 134 | 135 | ### Cloning wiseflat-project 136 | 137 | ```sh 138 | $ cd ~ 139 | $ git clone https://github.com/wiseflat/wiseflat-project.git 140 | $ cd wiseflat-project 141 | ``` 142 | 143 | ### SSH configuration 144 | 145 | Ansible is based on SSH. You need to allow Ansible to connect to your server without a password, so create ssh keys for this Ansible project 146 | 147 | ```sh 148 | $ ssh-keygen -f ssh/id_rsa -P "" 149 | ``` 150 | Then allow your local user to connect to this server. It will add your public key to ~/.ssh/authorized_keys 151 | 152 | ```sh 153 | $ ssh-copy-id -i ssh/id_rsa.pub pi@home-wiseflat 154 | ``` 155 | 156 | Now you should be able to connect to your server 157 | 158 | ```sh 159 | $ ssh -F ssh/config home-wiseflat 160 | ``` 161 | 162 | ### Let's play 163 | 164 | ```sh 165 | $ Ansible-playbook site.yml 166 | 167 | PLAY [server] ******************************************************************************************************** 168 | 169 | TASK [Gathering Facts] *********************************************************************************************** 170 | ok: [home-wiseflat] 171 | 172 | TASK [Set timezone] ************************************************************************************************** 173 | ok: [home-wiseflat] 174 | 175 | TASK [Update sources.list] ******************************************************************************************* 176 | ok: [home-wiseflat] 177 | 178 | TASK [Remove unused packages] **************************************************************************************** 179 | 180 | TASK [Install useful packages] *************************************************************************************** 181 | ok: [home-wiseflat] => (item=[u'htop', u'vim', u'tmux', u'unattended-upgrades', u'aptitude', u'git', u'snapd', u'ntp', u'jq']) 182 | 183 | TASK [Configure network interface] *********************************************************************************** 184 | ok: [home-wiseflat] 185 | 186 | TASK [Install lxd via snap] ****************************************************************************************** 187 | changed: [home-wiseflat] 188 | 189 | TASK [Wait few seconds for snapd] ************************************************************************************ 190 | ok: [home-wiseflat -> localhost] 191 | 192 | TASK [Append the group 'lxd' to the user pi] ************************************************************************* 193 | ok: [home-wiseflat] 194 | 195 | TASK [include_tasks] ************************************************************************************************* 196 | included: /home/me/wiseflat-project/play/tasks/noreboot.yml for home-wiseflat 197 | 198 | TASK [Check if a reboot is required] ********************************************************************************* 199 | ok: [home-wiseflat] 200 | 201 | TASK [Create noreboot file] ****************************************************************************************** 202 | skipping: [home-wiseflat] 203 | 204 | TASK [Reboot] ******************************************************************************************************** 205 | skipping: [home-wiseflat] 206 | 207 | TASK [sleep for 60 seconds] ****************************************************************************************** 208 | skipping: [home-wiseflat] 209 | 210 | TASK [Init LXD daemon] *********************************************************************************************** 211 | changed: [home-wiseflat] 212 | 213 | TASK [Add local daemon as a remote server] *************************************************************************** 214 | changed: [home-wiseflat] 215 | 216 | TASK [Update default lxd profile] ************************************************************************************ 217 | changed: [home-wiseflat] 218 | 219 | PLAY [User variables] ************************************************************************************************ 220 | 221 | TASK [Gathering Facts] *********************************************************************************************** 222 | ok: [localhost] 223 | 224 | TASK [pwd] *********************************************************************************************************** 225 | changed: [localhost] 226 | 227 | TASK [set_fact] ****************************************************************************************************** 228 | ok: [localhost] 229 | 230 | TASK [file] ********************************************************************************************************** 231 | changed: [localhost] 232 | 233 | TASK [pause] ********************************************************************************************************* 234 | skipping: [localhost] 235 | 236 | TASK [USER | update email to inventory] ****************************************************************************** 237 | skipping: [localhost] 238 | 239 | TASK [pause] ********************************************************************************************************* 240 | skipping: [localhost] 241 | 242 | TASK [USER | update firstname to inventory] ************************************************************************** 243 | skipping: [localhost] 244 | 245 | TASK [pause] ********************************************************************************************************* 246 | skipping: [localhost] 247 | 248 | TASK [USER | update lastname to inventory] *************************************************************************** 249 | skipping: [localhost] 250 | 251 | TASK [pause] ********************************************************************************************************* 252 | skipping: [localhost] 253 | 254 | TASK [USER | update label to inventory] ****************************************************************************** 255 | skipping: [localhost] 256 | 257 | TASK [pause] ********************************************************************************************************* 258 | skipping: [localhost] 259 | 260 | TASK [USER | update latitude to inventory] *************************************************************************** 261 | skipping: [localhost] 262 | 263 | TASK [pause] ********************************************************************************************************* 264 | skipping: [localhost] 265 | 266 | TASK [USER | update longitude to inventory] ************************************************************************** 267 | skipping: [localhost] 268 | 269 | TASK [USER | update heartbeat to inventory] ************************************************************************** 270 | skipping: [localhost] 271 | 272 | TASK [USER | update airquality_request to inventory] ***************************************************************** 273 | skipping: [localhost] 274 | 275 | TASK [USER | update suncalc_request to inventory] ******************************************************************** 276 | skipping: [localhost] 277 | 278 | TASK [USER | update weather_request to inventory] ******************************************************************** 279 | skipping: [localhost] 280 | 281 | TASK [USER | update cron to inventory] ******************************************************************************* 282 | skipping: [localhost] 283 | 284 | PLAY [server] ******************************************************************************************************** 285 | 286 | TASK [Gathering Facts] *********************************************************************************************** 287 | ok: [home-wiseflat] 288 | 289 | TASK [pwd] *********************************************************************************************************** 290 | changed: [home-wiseflat -> localhost] 291 | 292 | TASK [set_fact] ****************************************************************************************************** 293 | ok: [home-wiseflat] 294 | 295 | TASK [USER | get personnal token] ************************************************************************************ 296 | skipping: [home-wiseflat] 297 | 298 | TASK [debug] ********************************************************************************************************* 299 | skipping: [home-wiseflat] 300 | 301 | TASK [USER | update token to inventory] ****************************************************************************** 302 | skipping: [home-wiseflat] 303 | 304 | TASK [set_fact] ****************************************************************************************************** 305 | skipping: [home-wiseflat] 306 | 307 | PLAY [server] ******************************************************************************************************** 308 | 309 | TASK [Gathering Facts] *********************************************************************************************** 310 | ok: [home-wiseflat] 311 | 312 | TASK [uri] *********************************************************************************************************** 313 | ok: [home-wiseflat] 314 | 315 | TASK [debug] ********************************************************************************************************* 316 | ok: [home-wiseflat] => { 317 | "msg": { 318 | "message": "done", 319 | "status": "success" 320 | } 321 | } 322 | 323 | TASK [Wait until you receive your email registration or continue if your account is already activated] *************** 324 | [Wait until you receive your email registration or continue if your account is already activated] 325 | Press enter to continue: 326 | 327 | ok: [home-wiseflat] 328 | 329 | PLAY [server] ******************************************************************************************************** 330 | 331 | TASK [Gathering Facts] *********************************************************************************************** 332 | ok: [home-wiseflat] 333 | 334 | TASK [uri] *********************************************************************************************************** 335 | ok: [home-wiseflat] 336 | 337 | TASK [debug] ********************************************************************************************************* 338 | ok: [home-wiseflat] => { 339 | "msg": { 340 | "message": "done", 341 | "status": "success" 342 | } 343 | } 344 | 345 | PLAY [server] ******************************************************************************************************** 346 | 347 | TASK [Gathering Facts] *********************************************************************************************** 348 | ok: [home-wiseflat] 349 | 350 | TASK [uri] *********************************************************************************************************** 351 | ok: [home-wiseflat] 352 | 353 | TASK [debug] ********************************************************************************************************* 354 | ok: [home-wiseflat] => { 355 | "msg": { 356 | "message": "done", 357 | "status": "success", 358 | "value": { 359 | "counter": { 360 | "lastday": "0", 361 | "lasthour": "0", 362 | "lastminute": "25", 363 | "lastmonth": "0" 364 | }, 365 | "email": "john@wiseflat.com", 366 | "firstname": "John", 367 | "ip": "1.1.1.1", 368 | "label": "john-wiseflat-project-server1", 369 | "lastname": "Doe" 370 | } 371 | } 372 | } 373 | 374 | PLAY [server] ******************************************************************************************************** 375 | 376 | TASK [Gathering Facts] *********************************************************************************************** 377 | ok: [home-wiseflat] 378 | 379 | TASK [uri] *********************************************************************************************************** 380 | ok: [home-wiseflat] 381 | 382 | TASK [debug] ********************************************************************************************************* 383 | ok: [home-wiseflat] => { 384 | "msg": { 385 | "message": "done", 386 | "status": "success", 387 | "value": { 388 | "counter": { 389 | "lastday": "0", 390 | "lasthour": "0", 391 | "lastminute": "26", 392 | "lastmonth": "0" 393 | }, 394 | "email": "john@wiseflat.com", 395 | "firstname": "John", 396 | "ip": "1.1.1.1", 397 | "label": "john-wiseflat-project-server1", 398 | "lastname": "Doe" 399 | } 400 | } 401 | } 402 | 403 | PLAY [localhost] ***************************************************************************************************** 404 | 405 | TASK [Gathering Facts] *********************************************************************************************** 406 | ok: [localhost] 407 | 408 | TASK [uri] *********************************************************************************************************** 409 | ok: [localhost] 410 | 411 | TASK [debug] ********************************************************************************************************* 412 | ok: [localhost] => { 413 | "msg": { 414 | "message": "done", 415 | "status": "success", 416 | "value": [] 417 | } 418 | } 419 | 420 | PLAY [server] ******************************************************************************************************** 421 | 422 | TASK [Gathering Facts] *********************************************************************************************** 423 | ok: [home-wiseflat] 424 | 425 | TASK [uri] *********************************************************************************************************** 426 | ok: [home-wiseflat] 427 | 428 | TASK [debug] ********************************************************************************************************* 429 | ok: [home-wiseflat] => { 430 | "msg": { 431 | "message": "done", 432 | "status": "success", 433 | "value": { 434 | "message": "Your personnal heartbeat is disable", 435 | "status": 0, 436 | "timestamp": "Friday, April 20, 2018 12:03 AM" 437 | } 438 | } 439 | } 440 | 441 | PLAY [localhost] ***************************************************************************************************** 442 | 443 | TASK [Gathering Facts] *********************************************************************************************** 444 | ok: [localhost] 445 | 446 | TASK [uri] *********************************************************************************************************** 447 | ok: [localhost] 448 | 449 | TASK [debug] ********************************************************************************************************* 450 | ok: [localhost] => { 451 | "msg": { 452 | "message": "done", 453 | "status": "success", 454 | "value": [ 455 | { 456 | "description": "Your personnal totaljs wiki microservice", 457 | "label": "wiki" 458 | }, 459 | { 460 | "description": "Your personnal totaljs blog microservice", 461 | "label": "blog" 462 | }, 463 | { 464 | "description": "Your personnal totaljs cms microservice", 465 | "label": "cms" 466 | }, 467 | { 468 | "description": "Your personnal jeedom microservice", 469 | "label": "jeedom" 470 | }, 471 | { 472 | "description": "Your personnal totaljs messenger microservice", 473 | "label": "messenger" 474 | }, 475 | { 476 | "description": "Your personnal dnsmasq/etcd router", 477 | "label": "router" 478 | } 479 | ] 480 | } 481 | } 482 | microservice name please : cms 483 | 484 | PLAY [server] ******************************************************************************************************** 485 | 486 | TASK [Gathering Facts] *********************************************************************************************** 487 | ok: [home-wiseflat] 488 | 489 | TASK [Clean up] ****************************************************************************************************** 490 | ok: [home-wiseflat] 491 | 492 | TASK [Download microservice] ***************************************************************************************** 493 | changed: [home-wiseflat] 494 | 495 | TASK [Delete old lxc image if exists] ******************************************************************************** 496 | fatal: [home-wiseflat]: FAILED! => {"changed": true, "cmd": ["/snap/bin/lxc", "image", "delete", "cms"], "delta": "0:00:00.363338", "end": "2018-04-20 12:54:18.091785", "msg": "non-zero return code", "rc": 1, "start": "2018-04-20 12:54:17.728447", "stderr": "Error: not found", "stderr_lines": ["Error: not found"], "stdout": "", "stdout_lines": []} 497 | ...ignoring 498 | 499 | TASK [Import microservice to lxd image store] ************************************************************************ 500 | changed: [home-wiseflat] 501 | 502 | TASK [Clean up] ****************************************************************************************************** 503 | changed: [home-wiseflat] 504 | 505 | TASK [Create microservice] ******************************************************************************************* 506 | changed: [home-wiseflat] 507 | 508 | TASK [Start microservice] ******************************************************************************************** 509 | changed: [home-wiseflat] 510 | 511 | TASK [Sleep 20 seconds] ********************************************************************************************** 512 | ok: [home-wiseflat -> localhost] 513 | 514 | TASK [Copy your authorized_keys to home-cms] ************************************************************************* 515 | changed: [home-wiseflat] 516 | 517 | PLAY RECAP *********************************************************************************************************** 518 | home-wiseflat : ok=42 changed=12 unreachable=0 failed=0 519 | localhost : ok=13 changed=2 unreachable=0 failed=0 520 | 521 | ``` 522 | 523 | 524 | ## User account 525 | 526 | When installing the server, a token associated to your public IP is created automatically. This token is used to access [our online API](https://api.wiseflat.com). 527 | 528 | If you don't make a request on our API for a month, your token (and their associated data) will be deleted. 529 | 530 | ### Creating a user account 531 | 532 | You can have multiple tokens if you want: 533 | 534 | - One for your raspberry pi 535 | - One for your local area network, your home 536 | - One for each of your raspberry pi 537 | 538 | We will see later how to configure your Ansible project depending on your needs. 539 | 540 | To create a new one: 541 | 542 | - Delete variables from the env/group_vars/all.yml file 543 | - Run the following playbook: 544 | 545 | ```sh 546 | $ Ansible-playbook play/user.yml 547 | ``` 548 | 549 | ### Updating user account information 550 | 551 | If you've changed your user preferences by editing the env/group_vars/all.yml file, just run the same playbook 552 | 553 | ```sh 554 | $ Ansible-playbook play/user.yml 555 | ``` 556 | 557 | ### Getting user account information 558 | 559 | If you want to check your account information, run this playbook 560 | 561 | ```sh 562 | Ansible-playbook play/user.yml 563 | ``` 564 | or 565 | 566 | ```sh 567 | $ Ansible-playbook play/tasks/api-user-info.yml 568 | ``` 569 | 570 | ## Updating / upgrading 571 | 572 | To keep your servers in safe and secure conditions, they need to be updated. 573 | 574 | ### Raspberrypi updates 575 | 576 | Unattended upgrades are enabled during the installation process. 577 | 578 | To keep the wiseflat-project up to date, update your git local project. 579 | 580 | ```sh 581 | $ cd ~/wiseflat-project 582 | $ git pull 583 | ``` 584 | 585 | Just run the server-install.yml playbook another time. 586 | 587 | ```sh 588 | $ Ansible-playbook server-install.yml 589 | ``` 590 | 591 | 592 | ### Microservice updates 593 | 594 | Unattended upgrades are enabled in our pre-installed LXC images. 595 | 596 | Your apps and their data will not be updated. You need to follow the official documentation of the application installed on your Linux container. 597 | 598 | 599 | ## Microservices 600 | 601 | A microservice is a small application running into a Linux container. 602 | 603 | There are two ways to add a new microservice: 604 | 605 | - downloading it from our image repository 606 | - or by creating yourself a new LXC container 607 | 608 | To see a list of all the microservices available on our image repository, let's see what are the microservices available 609 | 610 | ```sh 611 | cd ~/wiseflat-project 612 | $ Ansible-playbook play/tasks/api-microservice-list.yml 613 | 614 | PLAY [localhost] ***************************************************************************************************** 615 | 616 | TASK [Gathering Facts] *********************************************************************************************** 617 | ok: [localhost] 618 | 619 | TASK [uri] *********************************************************************************************************** 620 | ok: [localhost] 621 | 622 | TASK [debug] ********************************************************************************************************* 623 | ok: [localhost] => { 624 | "msg": { 625 | "message": "done", 626 | "status": "success", 627 | "value": [ 628 | { 629 | "description": "Your personnal totaljs cms microservice", 630 | "label": "cms" 631 | }, 632 | { 633 | "description": "Your personnal jeedom microservice", 634 | "label": "jeedom" 635 | }, 636 | { 637 | "description": "Your personnal totaljs messenger microservice", 638 | "label": "messenger" 639 | }, 640 | { 641 | "description": "Your personnal totaljs wiki microservice", 642 | "label": "wiki" 643 | }, 644 | { 645 | "description": "Your personnal totaljs blog microservice", 646 | "label": "blog" 647 | } 648 | ] 649 | } 650 | } 651 | 652 | PLAY RECAP *********************************************************************************************************** 653 | localhost : ok=3 changed=0 unreachable=0 failed=0 654 | 655 | ``` 656 | 657 | ### Automatic deployment 658 | 659 | If you want to add a new microservice from our image repository 660 | 661 | ```sh 662 | cd ~/wiseflat-project 663 | $ Ansible-playbook play/microservice-add.yml 664 | 665 | PLAY [localhost] ***************************************************************************************************** 666 | 667 | TASK [Gathering Facts] *********************************************************************************************** 668 | ok: [localhost] 669 | 670 | TASK [uri] *********************************************************************************************************** 671 | ok: [localhost] 672 | 673 | TASK [debug] ********************************************************************************************************* 674 | ok: [localhost] => { 675 | "msg": { 676 | "message": "done", 677 | "status": "success", 678 | "value": [ 679 | { 680 | "description": "Your personnal jeedom microservice", 681 | "label": "jeedom" 682 | }, 683 | { 684 | "description": "Your personnal totaljs messenger microservice", 685 | "label": "messenger" 686 | }, 687 | { 688 | "description": "Your personnal totaljs wiki microservice", 689 | "label": "wiki" 690 | }, 691 | { 692 | "description": "Your personnal totaljs blog microservice", 693 | "label": "blog" 694 | }, 695 | { 696 | "description": "Your personnal totaljs cms microservice", 697 | "label": "cms" 698 | } 699 | ] 700 | } 701 | } 702 | microservice name please : blog 703 | 704 | PLAY [server] ******************************************************************************************************** 705 | 706 | TASK [Gathering Facts] *********************************************************************************************** 707 | ok: [home-wiseflat] 708 | 709 | TASK [clean up downloaded files] ************************************************************************************* 710 | ok: [home-wiseflat] 711 | 712 | TASK [download microservice] ***************************************************************************************** 713 | changed: [home-wiseflat] 714 | 715 | TASK [Delete old lxc image if exists] ******************************************************************************** 716 | changed: [home-wiseflat] 717 | 718 | TASK [import microservice to lxd image store] ************************************************************************ 719 | changed: [home-wiseflat] 720 | 721 | TASK [clean up downloaded files] ************************************************************************************* 722 | changed: [home-wiseflat] 723 | 724 | TASK [create microservice] ******************************************************************************************* 725 | changed: [home-wiseflat] 726 | 727 | TASK [start microservice] ******************************************************************************************** 728 | changed: [home-wiseflat] 729 | 730 | TASK [copy your authorized_keys to home-test] ******************************************************************************************** 731 | changed: [home-wiseflat] 732 | 733 | PLAY RECAP *********************************************************************************************************** 734 | home-wiseflat : ok=8 changed=6 unreachable=0 failed=0 735 | localhost : ok=3 changed=0 unreachable=0 failed=0 736 | 737 | ``` 738 | 739 | Once the lxc container is deployed, your personal SSH public key is pushed into the container. You can quickly check what's inside by logging in through ssh: 740 | 741 | ```sh 742 | $ ssh -F ssh/config home-blog 743 | ``` 744 | 745 | Open your browser and go to http://home-blog 746 | 747 | ### Manual deployment 748 | 749 | Logging into your raspberrypi 750 | 751 | ```sh 752 | $ ssh -F ssh/config home-wiseflat 753 | ``` 754 | 755 | Displaying the list of your Linux containers 756 | 757 | ```sh 758 | pi@home-wiseflat:~ $ lxc list 759 | +----------------+---------+------------------------+------+------------+-----------+ 760 | | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | 761 | +----------------+---------+------------------------+------+------------+-----------+ 762 | | home-cms | RUNNING | 192.168.1.192 (eth0) | | PERSISTENT | 0 | 763 | +----------------+---------+------------------------+------+------------+-----------+ 764 | | home-jeedom | RUNNING | 192.168.1.138 (eth0) | | PERSISTENT | 0 | 765 | +----------------+---------+------------------------+------+------------+-----------+ 766 | | home-messenger | RUNNING | 192.168.1.124 (eth0) | | PERSISTENT | 0 | 767 | +----------------+---------+------------------------+------+------------+-----------+ 768 | | home-wiki | RUNNING | 192.168.1.197 (eth0) | | PERSISTENT | 0 | 769 | +----------------+---------+------------------------+------+------------+-----------+ 770 | ``` 771 | 772 | Creating a container 773 | 774 | ```sh 775 | pi@home-wiseflat:~ $ lxc launch ubuntu:16.04 home-test 776 | Creating home-test 777 | Starting home-test 778 | 779 | pi@home-wiseflat:~ $ lxc list home-test 780 | +-----------+---------+------------------------+------+------------+-----------+ 781 | | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | 782 | +-----------+---------+------------------------+------+------------+-----------+ 783 | | home-test | RUNNING | 192.168.1.230 (eth0) | | PERSISTENT | 0 | 784 | +-----------+---------+------------------------+------+------------+-----------+ 785 | ``` 786 | 787 | [See the official lxc documentation](https://linuxcontainers.org/fr/lxd/getting-started-cli/##creating-and-using-your-first-container) 788 | 789 | Copying your ssh public key to this new container 790 | 791 | ```sh 792 | pi@home-wiseflat:~ $ lxc file push ~/.ssh/authorized_keys home-test/home/ubuntu/.ssh/authorized_keys 793 | ``` 794 | 795 | Going back to your Ansible project and trying to log in 796 | 797 | ```sh 798 | $ ssh -F ssh/config home-test 799 | ubuntu@home-test:~$ 800 | ``` 801 | 802 | ### Deleting a microservice 803 | 804 | A playbook is available to delete a microservice. 805 | 806 | ```sh 807 | cd ~/wiseflat-project 808 | $ Ansible-playbook play/microservice-delete.yml 809 | 810 | PLAY [server] ******************************************************************************************************** 811 | 812 | TASK [Gathering Facts] *********************************************************************************************** 813 | ok: [home-wiseflat] 814 | 815 | TASK [List of your microservices] ************************************************************************************ 816 | changed: [home-wiseflat] 817 | 818 | TASK [debug] ********************************************************************************************************* 819 | ok: [home-wiseflat] => { 820 | "msg": [ 821 | "+----------+---------+------------------------+------+------------+-----------+", 822 | "| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |", 823 | "+----------+---------+------------------------+------+------------+-----------+", 824 | "| home-cms | RUNNING | 192.168.1.192 (eth0) | | PERSISTENT | 0 |", 825 | "+----------+---------+------------------------+------+------------+-----------+" 826 | ] 827 | } 828 | microservice name please : home-cms 829 | 830 | PLAY [server] ******************************************************************************************************** 831 | 832 | TASK [Gathering Facts] *********************************************************************************************** 833 | ok: [home-wiseflat] 834 | 835 | TASK [Delete microservice] ******************************************************************************************* 836 | changed: [home-wiseflat] 837 | 838 | TASK [debug] ********************************************************************************************************* 839 | ok: [home-wiseflat] => { 840 | "msg": "Please remove this host from your inventory" 841 | } 842 | 843 | PLAY RECAP *********************************************************************************************************** 844 | home-wiseflat : ok=6 changed=2 unreachable=0 failed=0 845 | 846 | ``` 847 | 848 | ### Backing up a microservice 849 | 850 | Your Linux containers are easy to back up. A LXC image will be created and copied to your Ansible project 851 | 852 | ```sh 853 | $ cd ~/wiseflat-project 854 | $ Ansible-playbook play/microservice-backup.yml 855 | 856 | PLAY [server] ******************************************************************************************************** 857 | 858 | TASK [Gathering Facts] *********************************************************************************************** 859 | ok: [home-wiseflat] 860 | 861 | TASK [List of your microservices] ************************************************************************************ 862 | changed: [home-wiseflat] 863 | 864 | TASK [debug] ********************************************************************************************************* 865 | ok: [home-wiseflat] => { 866 | "msg": [ 867 | "+----------+---------+------------------------+------+------------+-----------+", 868 | "| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |", 869 | "+----------+---------+------------------------+------+------------+-----------+", 870 | "| home-cms | RUNNING | 192.168.1.192 (eth0) | | PERSISTENT | 0 |", 871 | "+----------+---------+------------------------+------+------------+-----------+" 872 | ] 873 | } 874 | microservice name please : home-cms 875 | 876 | PLAY [server] ******************************************************************************************************** 877 | 878 | TASK [Gathering Facts] *********************************************************************************************** 879 | ok: [home-wiseflat] 880 | 881 | TASK [pwd] *********************************************************************************************************** 882 | changed: [home-wiseflat -> localhost] 883 | 884 | TASK [set_fact] ****************************************************************************************************** 885 | ok: [home-wiseflat] 886 | 887 | TASK [Create backup directory] *************************************************************************************** 888 | ok: [home-wiseflat -> localhost] 889 | 890 | TASK [Stop microservice] ********************************************************************************************* 891 | changed: [home-wiseflat] 892 | 893 | TASK [Publish lxc container as an image] ***************************************************************************** 894 | changed: [home-wiseflat] 895 | 896 | TASK [Export lxc image] ********************************************************************************************** 897 | changed: [home-wiseflat] 898 | 899 | TASK [Delete lxc image] ********************************************************************************************** 900 | changed: [home-wiseflat] 901 | 902 | TASK [Start lxc container] ******************************************************************************************* 903 | changed: [home-wiseflat] 904 | 905 | TASK [fetch image] *************************************************************************************************** 906 | changed: [home-wiseflat] 907 | 908 | PLAY RECAP *********************************************************************************************************** 909 | home-wiseflat : ok=13 changed=8 unreachable=0 failed=0 910 | ``` 911 | 912 | Checking your backup directory 913 | 914 | ```sh 915 | $ ls -al backup 916 | total 499712 917 | drwxr-xr-x 3 me me 96 20 avr 11:59 . 918 | drwxr-xr-x 15 me me 480 20 avr 11:31 .. 919 | -rw-r--r-- 1 me me 254699066 20 avr 12:00 home-cms.tar.gz 920 | ``` 921 | 922 | 923 | 924 | ## Issues 925 | 926 | If you have any issues or questions, please report them on the wiseflat-project repository: 927 | 928 | 929 | 930 | 931 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | # config file for ansible -- http://ansible.com/ 2 | # ============================================== 3 | 4 | # nearly all parameters can be overridden in ansible-playbook 5 | # or with command line flags. ansible will read ANSIBLE_CONFIG, 6 | # ansible.cfg in the current working directory, .ansible.cfg in 7 | # the home directory or /etc/ansible/ansible.cfg, whichever it 8 | # finds first 9 | 10 | [defaults] 11 | 12 | # some basic default values... 13 | 14 | inventory = env/inventory.ini 15 | # library = library 16 | #library = /usr/share/my_modules/ 17 | #remote_tmp = ~/.ansible/tmp 18 | #local_tmp = ~/.ansible/tmp 19 | #forks = 5 20 | #poll_interval = 15 21 | #sudo_user = root 22 | #ask_sudo_pass = True 23 | #ask_pass = True 24 | #transport = smart 25 | #remote_port = 22 26 | #module_lang = C 27 | #module_set_locale = False 28 | force_color = 1 29 | 30 | # plays will gather facts by default, which contain information about 31 | # the remote system. 32 | # 33 | # smart - gather by default, but don't regather if already gathered 34 | # implicit - gather by default, turn off with gather_facts: False 35 | # explicit - do not gather by default, must say gather_facts: True 36 | #gathering = implicit 37 | 38 | # by default retrieve all facts subsets 39 | # all - gather all subsets 40 | # network - gather min and network facts 41 | # hardware - gather hardware facts (longest facts to retrieve) 42 | # virtual - gather min and virtual facts 43 | # facter - import facts from facter 44 | # ohai - import facts from ohai 45 | # You can combine them using comma (ex: network,virtual) 46 | # You can negate them using ! (ex: !hardware,!facter,!ohai) 47 | # A minimal set of facts is always gathered. 48 | #gather_subset = all 49 | 50 | # some hardware related facts are collected 51 | # with a maximum timeout of 10 seconds. This 52 | # option lets you increase or decrease that 53 | # timeout to something more suitable for the 54 | # environment. 55 | # gather_timeout = 10 56 | 57 | # additional paths to search for roles in, colon separated 58 | roles_path = roles 59 | 60 | # uncomment this to disable SSH key host checking 61 | host_key_checking = False 62 | 63 | # change the default callback 64 | #stdout_callback = skippy 65 | # enable additional callbacks 66 | #callback_whitelist = timer, mail 67 | 68 | # https://github.com/jlafon/ansible-profile 69 | # callback_whitelist = timer, profile_tasks 70 | 71 | # Determine whether includes in tasks and handlers are "static" by 72 | # default. As of 2.0, includes are dynamic by default. Setting these 73 | # values to True will make includes behave more like they did in the 74 | # 1.x versions. 75 | #task_includes_static = True 76 | #handler_includes_static = True 77 | 78 | # Controls if a missing handler for a notification event is an error or a warning 79 | #error_on_missing_handler = True 80 | 81 | # change this for alternative sudo implementations 82 | #sudo_exe = sudo 83 | 84 | # What flags to pass to sudo 85 | # WARNING: leaving out the defaults might create unexpected behaviours 86 | #sudo_flags = -H -S -n 87 | 88 | # SSH timeout 89 | #timeout = 10 90 | 91 | # default user to use for playbooks if user is not specified 92 | # (/usr/bin/ansible will use current user as default) 93 | #remote_user = root 94 | 95 | # logging is off by default unless this path is defined 96 | # if so defined, consider logrotate 97 | #log_path = /var/log/ansible.log 98 | 99 | # default module name for /usr/bin/ansible 100 | #module_name = command 101 | 102 | # use this shell for commands executed under sudo 103 | # you may need to change this to bin/bash in rare instances 104 | # if sudo is constrained 105 | #executable = /bin/sh 106 | 107 | # if inventory variables overlap, does the higher precedence one win 108 | # or are hash values merged together? The default is 'replace' but 109 | # this can also be set to 'merge'. 110 | #hash_behaviour = replace 111 | 112 | # by default, variables from roles will be visible in the global variable 113 | # scope. To prevent this, the following option can be enabled, and only 114 | # tasks and handlers within the role will see the variables there 115 | #private_role_vars = yes 116 | 117 | # list any Jinja2 extensions to enable here: 118 | #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n 119 | 120 | # if set, always use this private key file for authentication, same as 121 | # if passing --private-key to ansible or ansible-playbook 122 | #private_key_file = /path/to/file 123 | 124 | # If set, configures the path to the Vault password file as an alternative to 125 | # specifying --vault-password-file on the command line. 126 | # vault_password_file = .vault 127 | 128 | # format of string {{ ansible_managed }} available within Jinja2 129 | # templates indicates to users editing templates files will be replaced. 130 | # replacing {file}, {host} and {uid} and strftime codes with proper values. 131 | #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} 132 | # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence 133 | # in some situations so the default is a static string: 134 | #ansible_managed = Ansible managed 135 | 136 | # by default, ansible-playbook will display "Skipping [host]" if it determines a task 137 | # should not be run on a host. Set this to "False" if you don't want to see these "Skipping" 138 | # messages. NOTE: the task header will still be shown regardless of whether or not the 139 | # task is skipped. 140 | #display_skipped_hosts = True 141 | 142 | # by default, if a task in a playbook does not include a name: field then 143 | # ansible-playbook will construct a header that includes the task's action but 144 | # not the task's args. This is a security feature because ansible cannot know 145 | # if the *module* considers an argument to be no_log at the time that the 146 | # header is printed. If your environment doesn't have a problem securing 147 | # stdout from ansible-playbook (or you have manually specified no_log in your 148 | # playbook on all of the tasks where you have secret information) then you can 149 | # safely set this to True to get more informative messages. 150 | #display_args_to_stdout = False 151 | 152 | # by default (as of 1.3), Ansible will raise errors when attempting to dereference 153 | # Jinja2 variables that are not set in templates or action lines. Uncomment this line 154 | # to revert the behavior to pre-1.3. 155 | #error_on_undefined_vars = False 156 | 157 | # by default (as of 1.6), Ansible may display warnings based on the configuration of the 158 | # system running ansible itself. This may include warnings about 3rd party packages or 159 | # other conditions that should be resolved if possible. 160 | # to disable these warnings, set the following value to False: 161 | system_warnings = False 162 | 163 | # by default (as of 1.4), Ansible may display deprecation warnings for language 164 | # features that should no longer be used and will be removed in future versions. 165 | # to disable these warnings, set the following value to False: 166 | deprecation_warnings = False 167 | 168 | # (as of 1.8), Ansible can optionally warn when usage of the shell and 169 | # command module appear to be simplified by using a default Ansible module 170 | # instead. These warnings can be silenced by adjusting the following 171 | # setting or adding warn=yes or warn=no to the end of the command line 172 | # parameter string. This will for example suggest using the git module 173 | # instead of shelling out to the git command. 174 | command_warnings = False 175 | 176 | 177 | # set plugin path directories here, separate with colons 178 | #action_plugins = /usr/share/ansible/plugins/action 179 | #cache_plugins = /usr/share/ansible/plugins/cache 180 | #callback_plugins = /usr/share/ansible/plugins/callback 181 | #connection_plugins = /usr/share/ansible/plugins/connection 182 | connection_plugins = plugins/connection 183 | #lookup_plugins = /usr/share/ansible/plugins/lookup 184 | #inventory_plugins = /usr/share/ansible/plugins/inventory 185 | #vars_plugins = /usr/share/ansible/plugins/vars 186 | #filter_plugins = /usr/share/ansible/plugins/filter 187 | #test_plugins = /usr/share/ansible/plugins/test 188 | #strategy_plugins = /usr/share/ansible/plugins/strategy 189 | 190 | # by default callbacks are not loaded for /bin/ansible, enable this if you 191 | # want, for example, a notification or logging callback to also apply to 192 | # /bin/ansible runs 193 | #bin_ansible_callbacks = False 194 | 195 | 196 | # don't like cows? that's unfortunate. 197 | # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 198 | #nocows = 1 199 | 200 | # set which cowsay stencil you'd like to use by default. When set to 'random', 201 | # a random stencil will be selected for each task. The selection will be filtered 202 | # against the `cow_whitelist` option below. 203 | #cow_selection = default 204 | #cow_selection = random 205 | 206 | # when using the 'random' option for cowsay, stencils will be restricted to this list. 207 | # it should be formatted as a comma-separated list with no spaces between names. 208 | # NOTE: line continuations here are for formatting purposes only, as the INI parser 209 | # in python does not support them. 210 | #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ 211 | # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ 212 | # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www 213 | 214 | # don't like colors either? 215 | # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 216 | #nocolor = 1 217 | 218 | # if set to a persistent type (not 'memory', for example 'redis') fact values 219 | # from previous runs in Ansible will be stored. This may be useful when 220 | # wanting to use, for example, IP information from one group of servers 221 | # without having to talk to them in the same playbook run to get their 222 | # current IP information. 223 | #fact_caching = memory 224 | 225 | 226 | # retry files 227 | # When a playbook fails by default a .retry file will be created in ~/ 228 | # You can disable this feature by setting retry_files_enabled to False 229 | # and you can change the location of the files by setting retry_files_save_path 230 | 231 | #retry_files_enabled = False 232 | #retry_files_save_path = ~/.ansible-retry 233 | 234 | # squash actions 235 | # Ansible can optimise actions that call modules with list parameters 236 | # when looping. Instead of calling the module once per with_ item, the 237 | # module is called once with all items at once. Currently this only works 238 | # under limited circumstances, and only with parameters named 'name'. 239 | #squash_actions = apk,apt,dnf,homebrew,package,pacman,pkgng,yum,zypper 240 | 241 | # prevents logging of task data, off by default 242 | #no_log = False 243 | 244 | # prevents logging of tasks, but only on the targets, data is still logged on the master/controller 245 | #no_target_syslog = False 246 | 247 | # controls whether Ansible will raise an error or warning if a task has no 248 | # choice but to create world readable temporary files to execute a module on 249 | # the remote machine. This option is False by default for security. Users may 250 | # turn this on to have behaviour more like Ansible prior to 2.1.x. See 251 | # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user 252 | # for more secure ways to fix this than enabling this option. 253 | #allow_world_readable_tmpfiles = False 254 | 255 | # controls the compression level of variables sent to 256 | # worker processes. At the default of 0, no compression 257 | # is used. This value must be an integer from 0 to 9. 258 | #var_compression_level = 9 259 | 260 | # controls what compression method is used for new-style ansible modules when 261 | # they are sent to the remote system. The compression types depend on having 262 | # support compiled into both the controller's python and the client's python. 263 | # The names should match with the python Zipfile compression types: 264 | # * ZIP_STORED (no compression. available everywhere) 265 | # * ZIP_DEFLATED (uses zlib, the default) 266 | # These values may be set per host via the ansible_module_compression inventory 267 | # variable 268 | #module_compression = 'ZIP_DEFLATED' 269 | 270 | # This controls the cutoff point (in bytes) on --diff for files 271 | # set to 0 for unlimited (RAM may suffer!). 272 | #max_diff_size = 1048576 273 | 274 | [privilege_escalation] 275 | #become=True 276 | #become_method=sudo 277 | #become_user=root 278 | #become_ask_pass=False 279 | 280 | [paramiko_connection] 281 | 282 | # uncomment this line to cause the paramiko connection plugin to not record new host 283 | # keys encountered. Increases performance on new host additions. Setting works independently of the 284 | # host key checking setting above. 285 | #record_host_keys=False 286 | 287 | # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this 288 | # line to disable this behaviour. 289 | #pty=False 290 | 291 | [ssh_connection] 292 | 293 | # ssh arguments to use 294 | # Leaving off ControlPersist will result in poor performance, so use 295 | # paramiko on older platforms rather than removing it, -C controls compression use 296 | #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s 297 | ssh_args = -F ssh/config -C -o ControlMaster=auto -o ControlPersist=60s 298 | 299 | # The path to use for the ControlPath sockets. This defaults to 300 | # "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with 301 | # very long hostnames or very long path names (caused by long user names or 302 | # deeply nested home directories) this can exceed the character limit on 303 | # file socket names (108 characters for most platforms). In that case, you 304 | # may wish to shorten the string below. 305 | # 306 | # Example: 307 | # control_path = %(directory)s/%%h-%%r 308 | #control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r 309 | 310 | # Enabling pipelining reduces the number of SSH operations required to 311 | # execute a module on the remote server. This can result in a significant 312 | # performance improvement when enabled, however when using "sudo:" you must 313 | # first disable 'requiretty' in /etc/sudoers 314 | # 315 | # By default, this option is disabled to preserve compatibility with 316 | # sudoers configurations that have requiretty (the default on many distros). 317 | # 318 | pipelining = False 319 | # pipelining = True 320 | 321 | # Control the mechanism for transfering files 322 | # * smart = try sftp and then try scp [default] 323 | # * True = use scp only 324 | # * False = use sftp only 325 | # scp_if_ssh = smart 326 | scp_if_ssh = True 327 | 328 | # if False, sftp will not use batch mode to transfer files. This may cause some 329 | # types of file transfer failures impossible to catch however, and should 330 | # only be disabled if your sftp version has problems with batch mode 331 | #sftp_batch_mode = False 332 | 333 | [accelerate] 334 | #accelerate_port = 5099 335 | #accelerate_timeout = 30 336 | #accelerate_connect_timeout = 5.0 337 | 338 | # The daemon timeout is measured in minutes. This time is measured 339 | # from the last activity to the accelerate daemon. 340 | #accelerate_daemon_timeout = 30 341 | 342 | # If set to yes, accelerate_multi_key will allow multiple 343 | # private keys to be uploaded to it, though each user must 344 | # have access to the system via SSH to add a new key. The default 345 | # is "no". 346 | #accelerate_multi_key = yes 347 | 348 | [selinux] 349 | # file systems that require special treatment when dealing with security context 350 | # the default behaviour that copies the existing context or uses the user default 351 | # needs to be changed to use the file system dependent context. 352 | #special_context_filesystems=nfs,vboxsf,fuse,ramfs 353 | 354 | # Set this to yes to allow libvirt_lxc connections to work without SELinux. 355 | #libvirt_lxc_noseclabel = yes 356 | 357 | [colors] 358 | #highlight = white 359 | #verbose = blue 360 | #warn = bright purple 361 | #error = red 362 | #debug = dark gray 363 | #deprecate = purple 364 | #skip = cyan 365 | #unreachable = red 366 | #ok = green 367 | #changed = yellow 368 | #diff_add = green 369 | #diff_remove = red 370 | #diff_lines = cyan 371 | -------------------------------------------------------------------------------- /env/group_vars/server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | common_package_to_install: 4 | - htop 5 | - vim 6 | - tmux 7 | - unattended-upgrades 8 | - aptitude 9 | - git 10 | - snapd 11 | - ntp 12 | - jq 13 | 14 | common_package_to_remove: [] 15 | 16 | common_timezone: Europe/Paris 17 | 18 | lxd_daemon_network_adress: 127.0.0.1 19 | lxd_daemon_port: 8443 20 | lxd_storage_backend: dir 21 | lxd_storage_pool: default 22 | lxd_trust_password: wiseflat 23 | 24 | -------------------------------------------------------------------------------- /env/host_vars/.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wiseflat/wiseflat-project/7d068199a6100e131864c41bb80e8184a2c5be7c/env/host_vars/.lock -------------------------------------------------------------------------------- /env/host_vars/home-dnsmasq.yml: -------------------------------------------------------------------------------- 1 | api_baddomains_whitelist: 2 | - github.com -------------------------------------------------------------------------------- /env/inventory.ini: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | ansible_ssh_user=ubuntu 3 | 4 | ############################ 5 | ## HOSTS 6 | 7 | [server] 8 | home-wiseflat ansible_ssh_user=pi 9 | 10 | ############################ 11 | ## MICROSERVICES / SECURITY 12 | 13 | [dnsmasq] 14 | home-dnsmasq 15 | 16 | ############################ 17 | ## MICROSERVICES / DB 18 | 19 | # [mariadb] 20 | # home-mariadb 21 | 22 | # [etcd] 23 | # home-etcd 24 | 25 | # [memcache] 26 | # home-memcache 27 | 28 | ############################ 29 | ## MICROSERVICES / HOME AUTOMATED SYSTEMS 30 | 31 | # [homebridge] 32 | # home-homebridge 33 | 34 | # [domoticz] 35 | # home-domoticz 36 | 37 | # [jeedom] 38 | # home-jeedom 39 | 40 | ############################ 41 | ## MICROSERVICES / HUB 42 | 43 | # [xpl] 44 | # home-xpl 45 | 46 | # [mqtt] 47 | # home-mqtt 48 | 49 | # [rabbitmq] 50 | # home-rabbitmq 51 | 52 | ############################ 53 | ## MICROSERVICES / WEB 54 | 55 | # [messenger] 56 | # home-messenger 57 | 58 | # [wiki] 59 | # home-wiki 60 | 61 | # [cms] 62 | # home-cms 63 | 64 | # [blog] 65 | # home-blog 66 | 67 | # [owncloud] 68 | # home-owncloud 69 | 70 | # [tinyproxy] 71 | # home-tinyproxy 72 | 73 | # [searx] 74 | # home-searx 75 | 76 | # [nodered] 77 | # home-nodered 78 | 79 | # [standardnotes] 80 | # home-standardnotes 81 | 82 | # [wallabag] 83 | # home-wallabag 84 | 85 | -------------------------------------------------------------------------------- /play/info.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - import_playbook: tasks/api-user-info.yml 4 | - import_playbook: tasks/api-cron-info.yml 5 | - import_playbook: tasks/api-heartbeat-info.yml 6 | - import_playbook: tasks/api-microservice-list.yml 7 | -------------------------------------------------------------------------------- /play/microservice-add-empty.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wiseflat/wiseflat-project/7d068199a6100e131864c41bb80e8184a2c5be7c/play/microservice-add-empty.yml -------------------------------------------------------------------------------- /play/microservice-add.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - import_playbook: tasks/api-microservice-list.yml 4 | 5 | - hosts: server 6 | vars_prompt: 7 | - name: microservice 8 | prompt: "microservice name please " 9 | private: False 10 | when: microservice == undefined 11 | vars: 12 | body: 13 | token: "{{ wiseflat_user_token }}" 14 | label: "{{ microservice }}" 15 | tasks: 16 | 17 | - name: Clean up 18 | file: 19 | path: /tmp/{{ microservice }}.tar.gz 20 | state: absent 21 | 22 | - name: Download microservice 23 | command: curl -X POST -d "token={{ wiseflat_user_token }}" -d "label={{ microservice }}" https://api.wiseflat.com/microservice/download -o /tmp/{{ microservice }}.tar.gz 24 | 25 | - name: Delete old lxc image if exists 26 | command: /snap/bin/lxc image delete {{ microservice }} 2>&1 >/dev/null 27 | ignore_errors: True 28 | 29 | - name: Import microservice to lxd image store 30 | command: /snap/bin/lxc image import /tmp/{{ microservice }}.tar.gz --alias {{ microservice }} 31 | ignore_errors: True 32 | 33 | - name: Clean up 34 | file: 35 | path: /tmp/{{ microservice }}.tar.gz 36 | state: absent 37 | 38 | - name: Create microservice 39 | command: /snap/bin/lxc init {{ microservice }} home-{{ microservice }} 40 | # ignore_errors: True 41 | 42 | - name: Start microservice 43 | command: /snap/bin/lxc start home-{{ microservice }} 44 | # ignore_errors: True 45 | 46 | - name: Sleep 20 seconds 47 | wait_for: timeout=20 48 | delegate_to: localhost 49 | 50 | - name: Copy your authorized_keys to home-{{ microservice }} 51 | command: /snap/bin/lxc file push ~/.ssh/authorized_keys home-{{ microservice }}/home/ubuntu/.ssh/authorized_keys -------------------------------------------------------------------------------- /play/microservice-backup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: server 4 | tasks: 5 | 6 | - name: List of your microservices 7 | command: /snap/bin/lxc list 8 | register: result 9 | 10 | - debug: 11 | msg: "{{ result.stdout_lines }}" 12 | 13 | - hosts: server 14 | vars_prompt: 15 | - name: microservice 16 | prompt: "microservice name please " 17 | private: False 18 | when: microservice == undefined 19 | tasks: 20 | 21 | - name: pwd 22 | command: pwd 23 | register: path 24 | delegate_to: localhost 25 | 26 | - set_fact: dir={{ path.stdout_lines[0] }}/.. 27 | 28 | - name: Create backup directory 29 | file: 30 | path: "{{ dir }}/backup" 31 | state: directory 32 | delegate_to: localhost 33 | 34 | - name: Stop microservice 35 | command: /snap/bin/lxc stop {{ microservice }} 36 | ignore_errors: True 37 | 38 | - name: Publish lxc container as an image 39 | command: /snap/bin/lxc publish {{ microservice }} --alias {{ microservice }} 40 | 41 | - name: Export lxc image 42 | command: /snap/bin/lxc image export {{ microservice }} {{ microservice }} 43 | 44 | - name: Delete lxc image 45 | command: /snap/bin/lxc image delete {{ microservice }} 46 | ignore_errors: True 47 | 48 | - name: Start lxc container 49 | command: /snap/bin/lxc start {{ microservice }} 50 | 51 | - name: fetch image 52 | fetch: src=/home/{{ ansible_ssh_user }}/{{ microservice }}.tar.gz dest={{ dir }}/backup/ flat=yes 53 | 54 | 55 | -------------------------------------------------------------------------------- /play/microservice-delete.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: server 4 | tasks: 5 | 6 | - name: List of your microservices 7 | command: /snap/bin/lxc list 8 | register: result 9 | 10 | - debug: 11 | msg: "{{ result.stdout_lines }}" 12 | 13 | - hosts: server 14 | vars_prompt: 15 | - name: microservice 16 | prompt: "microservice name please " 17 | private: False 18 | when: microservice == undefined 19 | tasks: 20 | 21 | - name: Delete microservice 22 | command: /snap/bin/lxc delete -f {{ microservice }} 23 | # ignore_errors: True 24 | 25 | - debug: 26 | msg: Please remove this host from your inventory -------------------------------------------------------------------------------- /play/server-install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: server 4 | tasks: 5 | 6 | # common tasks 7 | 8 | - name: Set timezone 9 | become: true 10 | timezone: 11 | name: "{{ common_timezone }}" 12 | 13 | - name: Update sources.list 14 | become: true 15 | replace: 16 | path: /etc/apt/sources.list 17 | regexp: '#deb-src' 18 | replace: 'deb-src' 19 | 20 | - name: Remove unused packages 21 | become: true 22 | apt: 23 | name: "{{ item }}" 24 | state: absent 25 | with_items: "{{ common_package_to_remove }}" 26 | 27 | - name: Install useful packages 28 | become: true 29 | apt: 30 | name: "{{ item }}" 31 | state: present 32 | update_cache: true 33 | cache_valid_time: 3600 34 | with_items: "{{ common_package_to_install }}" 35 | 36 | # - name: Adjust APT update intervals 37 | # copy: src=apt_periodic dest=/etc/apt/apt.conf.d/10periodic 38 | 39 | # pc network 40 | 41 | - name: Configure network interface 42 | become: true 43 | template: 44 | src: network/interfaces.j2 45 | dest: /etc/network/interfaces 46 | owner: root 47 | group: root 48 | mode: 0644 49 | 50 | # lxd tasks 51 | 52 | - name: Install lxd via snap 53 | become: true 54 | command: snap install lxd 55 | # no_log: True 56 | 57 | - name: Wait few seconds for snapd 58 | wait_for: timeout=60 59 | delegate_to: localhost 60 | 61 | - name: Append the group 'lxd' to the user pi 62 | become: true 63 | user: 64 | name: pi 65 | groups: lxd 66 | append: yes 67 | 68 | # - name: disable libarmmem 69 | # become: true 70 | # lineinfile: 71 | # path: /etc/ld.so.preload 72 | # regexp: '^/usr/lib/arm-linux-gnueabihf/libarmmem.so' 73 | # line: '#/usr/lib/arm-linux-gnueabihf/libarmmem.so' 74 | 75 | - include_tasks: tasks/noreboot.yml 76 | 77 | - name: Init LXD daemon 78 | command: '/snap/bin/lxd init --auto --network-address {{ lxd_daemon_network_adress }} --network-port {{ lxd_daemon_port }} --trust-password {{ lxd_trust_password }}' 79 | 80 | - name: Add local daemon as a remote server 81 | command: /snap/bin/lxc remote add {{ ansible_hostname }} 127.0.0.1 --password={{ lxd_trust_password }} --accept-certificate=true 82 | ignore_errors: True 83 | 84 | - name: Update default lxd profile 85 | tags: lxd_profile 86 | lxd_profile: 87 | name: default 88 | state: present 89 | cert_file: "/home/{{ansible_ssh_user}}/snap/lxd/current/.config/lxc/client.crt" 90 | key_file: "/home/{{ansible_ssh_user}}/snap/lxd/current/.config/lxc/client.key" 91 | url: "https://127.0.0.1:8443" 92 | description: default profile 93 | devices: 94 | root: 95 | path: / 96 | pool: default 97 | type: disk 98 | eth0: 99 | nictype: macvlan 100 | parent: br0 101 | type: nic 102 | -------------------------------------------------------------------------------- /play/tasks/api-baddomains.yml: -------------------------------------------------------------------------------- 1 | - hosts: home-dnsmasq 2 | become: true 3 | tasks: 4 | 5 | - name: Baddomain - Get all domains 6 | get_url: 7 | url: https://api.wiseflat.com/baddomain/list 8 | dest: /etc/blacklist.dnsmasq 9 | mode: 0644 10 | 11 | - name: remove whitelist domains from blacklist.dnsmasq 12 | shell: sed -i '/{{ item }}/d' /etc/blacklist.dnsmasq 13 | with_items: "{{ api_baddomains_whitelist }}" 14 | 15 | - name: Reload dnsmasq service 16 | service: 17 | name: dnsmasq 18 | state: reloaded -------------------------------------------------------------------------------- /play/tasks/api-cron-info.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: localhost 4 | vars: 5 | body: 6 | token: "{{ wiseflat_user_token }}" 7 | 8 | tasks: 9 | 10 | - uri: 11 | url: "https://api.wiseflat.com/cron/info" 12 | validate_certs: False 13 | method: POST 14 | body: ' {{ body | to_json}}' 15 | body_format: json 16 | register: result 17 | 18 | - name: api-cron-info result 19 | debug: 20 | msg: "{{ result.json }}" -------------------------------------------------------------------------------- /play/tasks/api-cron-update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: localhost 4 | vars: 5 | body: 6 | token: "{{ wiseflat_user_token }}" 7 | cron: "{{ wiseflat_api_cron }}" 8 | tasks: 9 | 10 | - name: post personnal information 11 | uri: 12 | url: "https://api.wiseflat.com/cron/update" 13 | validate_certs: False 14 | method: POST 15 | body: ' {{ body | to_json}}' 16 | body_format: json 17 | register: result 18 | 19 | - name: api-cron-update result 20 | debug: 21 | msg: "{{ result.json }}" -------------------------------------------------------------------------------- /play/tasks/api-heartbeat-info.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: server 3 | vars: 4 | body: 5 | token: "{{ wiseflat_user_token }}" 6 | tasks: 7 | - uri: 8 | url: https://api.wiseflat.com/heartbeat/info 9 | validate_certs: False 10 | method: POST 11 | body: ' {{ body | to_json}}' 12 | body_format: json 13 | register: result 14 | 15 | - name: api-heartbeat-info result 16 | debug: 17 | msg: "{{ result.json }}" -------------------------------------------------------------------------------- /play/tasks/api-heartbeat-update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: server 3 | vars: 4 | body: 5 | token: "{{ wiseflat_user_token }}" 6 | status: "{{ wiseflat_heartbeat_status }}" 7 | tasks: 8 | - name: post personnal information 9 | uri: 10 | url: https://api.wiseflat.com/heartbeat/update 11 | validate_certs: False 12 | method: POST 13 | body: ' {{ body | to_json}}' 14 | body_format: json 15 | register: result 16 | 17 | - name: api-heartbeat-update result 18 | debug: 19 | msg: "{{ result.json }}" 20 | 21 | - name: "add or update heartbeat crontab" 22 | cron: 23 | name: "heartbeat cron" 24 | minute: "*" 25 | day: "*" 26 | hour: "*" 27 | state: present 28 | job: 'curl -s -X POST -d "token={{ wiseflat_user_token }}" -d "status=1" https://api.wiseflat.com/heartbeat/update 1>/dev/null 2>&1' 29 | when: wiseflat_heartbeat_status == '1' 30 | 31 | - name: "add or update heartbeat crontab" 32 | cron: 33 | name: "heartbeat cron" 34 | minute: "*" 35 | day: "*" 36 | hour: "*" 37 | state: absent 38 | job: 'curl -s -X POST -d "token={{ wiseflat_user_token }}" -d "status=1" https://api.wiseflat.com/heartbeat/update 1>/dev/null 2>&1' 39 | when: wiseflat_heartbeat_status == '0' -------------------------------------------------------------------------------- /play/tasks/api-microservice-list.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: localhost 4 | vars: 5 | body: 6 | token: "{{ wiseflat_user_token }}" 7 | 8 | tasks: 9 | 10 | - uri: 11 | url: "https://api.wiseflat.com/microservice/list" 12 | validate_certs: False 13 | method: POST 14 | body: ' {{ body | to_json}}' 15 | body_format: json 16 | register: result 17 | 18 | - name: api-microservice-list result 19 | debug: 20 | msg: "{{ result.json }}" -------------------------------------------------------------------------------- /play/tasks/api-user-create.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: server 4 | gather_facts: yes 5 | tasks: 6 | 7 | - name: pwd 8 | command: pwd 9 | register: path 10 | delegate_to: localhost 11 | 12 | - set_fact: dir={{ path.stdout_lines[0] }}/../.. 13 | 14 | # - debug: 15 | # msg: "{{ dir }}" 16 | 17 | - name: USER | get personnal token 18 | uri: 19 | url: "https://api.wiseflat.com/user/key" 20 | validate_certs: False 21 | method: GET 22 | return_content: yes 23 | status_code: 200 24 | body_format: json 25 | register: result 26 | when: wiseflat_user_token is undefined 27 | 28 | - name: api-user-create result 29 | debug: 30 | msg: "{{ result.json }}" 31 | when: wiseflat_user_token is undefined 32 | 33 | # - name: fail the play if the previous command did not succeed 34 | # fail: 35 | # msg: "the command failed" 36 | # # when: result.json.status == 'error' or wiseflat_user_token is undefined 37 | # when: wiseflat_user_token is undefined 38 | 39 | - name: USER | update token to inventory 40 | lineinfile: 41 | path: "{{ dir }}/env/group_vars/all.yml" 42 | regexp: '^wiseflat_user_token:' 43 | line: 'wiseflat_user_token: {{ result.json.value }}' 44 | delegate_to: localhost 45 | when: wiseflat_user_token is undefined 46 | 47 | - set_fact: wiseflat_user_token={{ result.json.value }} 48 | when: wiseflat_user_token is undefined 49 | 50 | - hosts: server 51 | vars: 52 | body: 53 | token: "{{ wiseflat_user_token }}" 54 | firstname: "{{ wiseflat_user_firstname }}" 55 | lastname: "{{ wiseflat_user_lastname }}" 56 | email: "{{ wiseflat_user_email }}" 57 | label: "{{ wiseflat_user_label }}" 58 | tasks: 59 | 60 | - uri: 61 | url: https://api.wiseflat.com/user/update 62 | validate_certs: False 63 | method: POST 64 | body: ' {{ body | to_json}}' 65 | body_format: json 66 | register: result 67 | 68 | - name: api-user-update result 69 | debug: 70 | msg: "{{ result.json }}" 71 | 72 | - name: Wait until you receive your email registration or continue if your account is already activated 73 | pause: 74 | -------------------------------------------------------------------------------- /play/tasks/api-user-info.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: server 4 | gather_facts: yes 5 | vars: 6 | body: 7 | token: "{{ wiseflat_user_token }}" 8 | 9 | tasks: 10 | 11 | - uri: 12 | url: https://api.wiseflat.com/user/info 13 | validate_certs: False 14 | method: POST 15 | body: ' {{ body | to_json}}' 16 | body_format: json 17 | register: result 18 | 19 | - name: api-user-info result 20 | debug: 21 | msg: "{{ result.json }}" -------------------------------------------------------------------------------- /play/tasks/api-user-update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - hosts: server 4 | gather_facts: yes 5 | vars: 6 | body: 7 | token: "{{ wiseflat_user_token }}" 8 | firstname: "{{ wiseflat_user_firstname }}" 9 | lastname: "{{ wiseflat_user_lastname }}" 10 | email: "{{ wiseflat_user_email }}" 11 | label: "{{ wiseflat_user_label }}" 12 | tasks: 13 | 14 | - uri: 15 | url: https://api.wiseflat.com/user/update 16 | validate_certs: False 17 | method: POST 18 | body: ' {{ body | to_json}}' 19 | body_format: json 20 | register: result 21 | 22 | - name: api-user-update result 23 | debug: 24 | - debug: 25 | msg: "{{ result.json }}" -------------------------------------------------------------------------------- /play/tasks/noreboot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - block: 4 | 5 | - name: Check if a reboot is required 6 | register: file 7 | stat: path=/home/{{ ansible_ssh_user }}/.noreboot get_md5=no 8 | 9 | - name: Create noreboot file 10 | file: 11 | path: /home/{{ ansible_ssh_user }}/.noreboot 12 | state: touch 13 | when: file.stat.exists is defined and file.stat.exists == false 14 | 15 | - name: Reboot 16 | shell: sleep 2 && shutdown -r now "Ansible reboot" 17 | become: true 18 | async: 1 19 | poll: 0 20 | ignore_errors: true 21 | when: file.stat.exists is defined and file.stat.exists == false 22 | 23 | - name: sleep for 60 seconds 24 | wait_for: timeout=60 25 | delegate_to: localhost 26 | when: file.stat.exists is defined and file.stat.exists == false 27 | 28 | # - name: Be sure your raspberry pi is available before continue 29 | # pause: 30 | # when: file.stat.exists is defined and file.stat.exists == false 31 | -------------------------------------------------------------------------------- /play/templates/network/interfaces.j2: -------------------------------------------------------------------------------- 1 | ## The loopback network interface 2 | auto lo 3 | iface lo inet loopback 4 | 5 | ## The primary network interface 6 | auto br0 7 | iface br0 inet dhcp 8 | # iface br0 inet static 9 | # address {{ ansible_default_ipv4.address }} 10 | # netmask {{ ansible_default_ipv4.netmask }} 11 | # network {{ ansible_default_ipv4.network }} 12 | # broadcast {{ ansible_default_ipv4.broadcast }} 13 | # gateway {{ ansible_default_ipv4.gateway }} 14 | 15 | bridge_ports eth0 16 | iface eth0 inet manual -------------------------------------------------------------------------------- /play/user.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: User variables 4 | hosts: localhost 5 | gather_facts: yes 6 | 7 | pre_tasks: 8 | 9 | - name: pwd 10 | command: pwd 11 | register: path 12 | 13 | - set_fact: dir={{ path.stdout_lines[0] }}/.. 14 | 15 | # - debug: 16 | # msg: "{{ dir }}" 17 | 18 | - file: 19 | path: "{{ dir }}/env/group_vars/all.yml" 20 | state: touch 21 | 22 | - pause: 23 | prompt: "Set your email address" 24 | when: wiseflat_user_email is undefined 25 | register: email 26 | 27 | - name: USER | update email to inventory 28 | lineinfile: 29 | path: "{{ dir }}/env/group_vars/all.yml" 30 | regexp: '^wiseflat_user_email:' 31 | line: 'wiseflat_user_email: {{ email.user_input }}' 32 | when: wiseflat_user_email is undefined 33 | 34 | - pause: 35 | prompt: "Set your firstname" 36 | when: wiseflat_user_firstname is undefined 37 | register: firstname 38 | 39 | - name: USER | update firstname to inventory 40 | lineinfile: 41 | path: "{{ dir }}/env/group_vars/all.yml" 42 | regexp: '^wiseflat_user_firstname:' 43 | line: 'wiseflat_user_firstname: {{ firstname.user_input }}' 44 | when: wiseflat_user_firstname is undefined 45 | 46 | - pause: 47 | prompt: "Set your lastname" 48 | when: wiseflat_user_lastname is undefined 49 | register: lastname 50 | 51 | - name: USER | update lastname to inventory 52 | lineinfile: 53 | path: "{{ dir }}/env/group_vars/all.yml" 54 | regexp: '^wiseflat_user_lastname:' 55 | line: 'wiseflat_user_lastname: {{ lastname.user_input }}' 56 | when: wiseflat_user_lastname is undefined 57 | 58 | - pause: 59 | prompt: "Set a label for this server" 60 | when: wiseflat_user_label is undefined 61 | register: label 62 | 63 | - name: USER | update label to inventory 64 | lineinfile: 65 | path: "{{ dir }}/env/group_vars/all.yml" 66 | regexp: '^wiseflat_user_label:' 67 | line: 'wiseflat_user_label: {{ label.user_input }}' 68 | when: wiseflat_user_label is undefined 69 | 70 | - pause: 71 | prompt: "Set your latitude" 72 | when: wiseflat_latitude is undefined 73 | register: latitude 74 | 75 | - name: USER | update latitude to inventory 76 | lineinfile: 77 | path: "{{ dir }}/env/group_vars/all.yml" 78 | regexp: '^wiseflat_latitude:' 79 | line: 'wiseflat_latitude: {{ latitude.user_input }}' 80 | when: wiseflat_latitude is undefined 81 | 82 | - pause: 83 | prompt: "Set your longitude" 84 | when: wiseflat_longitude is undefined 85 | register: longitude 86 | 87 | - name: USER | update longitude to inventory 88 | lineinfile: 89 | path: "{{ dir }}/env/group_vars/all.yml" 90 | regexp: '^wiseflat_longitude:' 91 | line: 'wiseflat_longitude: {{ longitude.user_input }}' 92 | when: wiseflat_longitude is undefined 93 | 94 | - name: USER | update heartbeat to inventory 95 | lineinfile: 96 | path: "{{ dir }}/env/group_vars/all.yml" 97 | regexp: '^wiseflat_heartbeat_status:' 98 | line: "wiseflat_heartbeat_status: '1'" 99 | when: wiseflat_heartbeat_status is undefined 100 | 101 | - name: USER | update airquality_request to inventory 102 | lineinfile: 103 | path: "{{ dir }}/env/group_vars/all.yml" 104 | regexp: '^wiseflat_airquality_request:' 105 | line: 'wiseflat_airquality_request: all' 106 | when: wiseflat_airquality_request is undefined 107 | 108 | - name: USER | update suncalc_request to inventory 109 | lineinfile: 110 | path: "{{ dir }}/env/group_vars/all.yml" 111 | regexp: '^wiseflat_suncalc_request:' 112 | line: 'wiseflat_suncalc_request: all' 113 | when: wiseflat_suncalc_request is undefined 114 | 115 | - name: USER | update weather_request to inventory 116 | lineinfile: 117 | path: "{{ dir }}/env/group_vars/all.yml" 118 | regexp: '^wiseflat_weather_request:' 119 | line: 'wiseflat_weather_request: all' 120 | when: wiseflat_weather_request is undefined 121 | 122 | - name: USER | update cron to inventory 123 | lineinfile: 124 | path: "{{ dir }}/env/group_vars/all.yml" 125 | regexp: '^wiseflat_cron:' 126 | line: 'wiseflat_cron: []' 127 | when: wiseflat_cron is undefined 128 | 129 | 130 | - import_playbook: tasks/api-user-create.yml 131 | - import_playbook: tasks/api-user-update.yml 132 | - import_playbook: tasks/api-user-info.yml -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | # No ansible roles are required by default -------------------------------------------------------------------------------- /site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - import_playbook: play/server-install.yml 4 | - import_playbook: play/user.yml 5 | - import_playbook: play/info.yml 6 | - import_playbook: play/microservice-add.yml -------------------------------------------------------------------------------- /ssh/config: -------------------------------------------------------------------------------- 1 | Host home-wiseflat 2 | User pi 3 | 4 | Host home-* !home-wiseflat 5 | User ubuntu 6 | 7 | Host * 8 | HostName %h 9 | ForwardAgent yes 10 | StrictHostKeyChecking no 11 | UserKnownHostsFile /dev/null 12 | IdentityFile ssh/id_rsa 13 | ServerAliveInterval 30 --------------------------------------------------------------------------------