pew
/
scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add dynamic dns + update for k8s

master
Paul Walko 2020-12-13 15:55:46 -05:00
parent ab5ab8a299
commit eced0aac2d
3 changed files with 82 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/README.md
View File

@ -1,4 +1,4 @@
Usage: `ansible-playbook main.yml -i hosts.cfg --limit=cabinet` Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "api_key=GANDI_API_KEY" --limit=cabinet`
Assumes: Assumes:

61
ansible/main.yml
View File

@ -22,6 +22,7 @@
- oidentd - oidentd
- rsync - rsync
- smartmontools - smartmontools
- snapd
- speedtest-cli - speedtest-cli
- tmux - tmux
- unattended-upgrades - unattended-upgrades
@ -117,6 +118,22 @@
mode: '0644' mode: '0644'
notify: Restart and enable smartd notify: Restart and enable smartd
- name: Copy Dynamic DNS script
template:
src: templates/gandi-ddns.sh
dest: /usr/local/bin/gandi-ddns.sh
owner: root
group: root
mode: '0755'
- name: Add Dynamic DNS cronjob
cron:
name: "Update dynamic dns"
job: /usr/local/bin/gandi-ddns.sh
special_time: daily
user: root
### Router ### Router
##- hosts: router ##- hosts: router
## become: yes ## become: yes
@ -142,14 +159,11 @@
name: name:
- beets - beets
- nfs-common - nfs-common
- wireguard
force_apt_get: yes force_apt_get: yes
update_cache: yes update_cache: yes
- debug: - debug:
msg: msg: Manually do beets config https://wiki.archlinux.org/index.php/Beets
- Manually do wireguard config https://wiki.debian.org/Wireguard
- Manuall do beets config https://wiki.archlinux.org/index.php/Beets
# NFS core config # NFS core config
# ASSUMES /bigdata IS CONFIGURED (make sure dir is 755) # ASSUMES /bigdata IS CONFIGURED (make sure dir is 755)
@ -205,7 +219,7 @@
- hosts: compute - hosts: compute
become: yes become: yes
tasks: tasks:
- name: Install Docker + compute dependencies - name: Install compute dependencies
apt: apt:
name: name:
- apt-transport-https - apt-transport-https
@ -218,13 +232,12 @@
- name: Mount bigdummy /bigdata via NFS - name: Mount bigdummy /bigdata via NFS
mount: mount:
src: 10.200.0.202:/bigdata src: root@10.42.0.202:/bigdata
path: /bigdata path: /bigdata
fstype: nfs fstype: fuse.sshfs
opts: soft,nodev,nosuid opts: reconnect,allow_other,_netdev,nonempty,IdentityFile=/home/paul/.ssh/id_rsa_fast
state: mounted state: mounted
# Might require running manually mounting
- name: Mount vtluug /media via sshfs - name: Mount vtluug /media via sshfs
mount: mount:
src: pew-media@dirtycow.vtluug.org:/nfs/cistern/share/media src: pew-media@dirtycow.vtluug.org:/nfs/cistern/share/media
@ -233,28 +246,28 @@
opts: reconnect,allow_other,ro,_netdev,IdentityFile=/home/paul/.ssh/id_rsa_fast opts: reconnect,allow_other,ro,_netdev,IdentityFile=/home/paul/.ssh/id_rsa_fast
state: mounted state: mounted
- name: Add Docker GPG key - name: Add HAProxy GPG key
apt_key: apt_key:
url: https://download.docker.com/linux/debian/gpg url: https://haproxy.debian.net/bernat.debian.org.gpg
- name: Add Docker APT repository - name: Add HAProxy APT repository
apt_repository: apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable repo: deb http://haproxy.debian.net buster-backports-2.2 main
- name: Install Docker CE - name: Install HAProxy
apt: apt:
name: name: haproxy
- docker-ce state: present
- docker-ce-cli
- containerd.io
force_apt_get: yes force_apt_get: yes
update_cache: yes update_cache: yes
- name: Add paul to docker group
user: - name: Install microk8s
name: paul command: snap install microk8s --classic
groups: docker args:
append: yes creates: /snap/bin/microk8s
- debug: - debug:
msg: Clone docker repo to start services msg:
- Start/Configure haproxy manually
- Start microk8s manually

44
ansible/templates/gandi-ddns.sh Normal file
View File

@ -0,0 +1,44 @@
#!/bin/bash
APIKEY={{ api_key }}
NAME=$(hostname)
IPV4=$(curl -4s https://icanhazip.com/)
IPV6=$(ip -6 addr | grep mngtmpaddr | head -n 1 | awk '/inet6 / {gsub(/\/.*/,"",$2); print $2}')
if [[ $NAME == 'fogcutter' ]]; then
# apex (doesn't really matter which host this is run on)
curl \
--header "Authorization: Apikey $APIKEY" \
--header "Content-Type: application/json" \
--request PUT \
--data "{\"rrset_values\": [\"$IPV4\"]}" \
https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/@/A
curl \
--header "Authorization: Apikey $APIKEY" \
--header "Content-Type: application/json" \
--request PUT \
--data "{\"rrset_values\": [\"$IPV6\"]}" \
https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/@/AAAA
# fogcutter (for web apps)
curl \
--header "Authorization: Apikey $APIKEY" \
--header "Content-Type: application/json" \
--request PUT \
--data "{\"rrset_values\": [\"$IPV4\"]}" \
https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/$NAME/A
elif [[ $NAME == 'madone' ]]; then
curl \
--header "Authorization: Apikey $APIKEY" \
--header "Content-Type: application/json" \
--request PUT \
--data "{\"rrset_values\": [\"$IPV4\"]}" \
https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/$NAME/A
fi
curl \
--header "Authorization: Apikey $APIKEY" \
--header "Content-Type: application/json" \
--request PUT \
--data "{\"rrset_values\": [\"$IPV6\"]}" \
https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/$NAME/AAAA