arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add pi3 to inventory + fixes

Browse Source
This commit is contained in:
Gabriel Radureau
2024-12-15 22:13:03 +01:00
parent fa0df6f175
commit b185999478
7 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -22,6 +22,9 @@ flowchart
subgraph Home subgraph Home
subgraph pi1 subgraph pi1
runner[/gitea runners\] runner[/gitea runners\]
subgraph small HD
backup_data
end
end end
subgraph pi2 subgraph pi2
PG[(Postgres)] PG[(Postgres)]
@@ -33,6 +36,11 @@ flowchart
Gitea_data Gitea_data
end end
end end
subgraph pi3
subgraph ai
ollama
end
end
subgraph "master (macbook pro)" subgraph "master (macbook pro)"
ansible{{ansible control-node}} ansible{{ansible control-node}}
tofu{{opentofu control-node}} tofu{{opentofu control-node}}

3
ansible/arcodange/factory/galaxy.yml
View File

@@ -58,8 +58,7 @@ issues: http://example.com/issue/tracker
# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This # artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', # uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
# and '.git' are always filtered. Mutually exclusive with 'manifest' # and '.git' are always filtered. Mutually exclusive with 'manifest'
build_ignore: build_ignore: []
- playwright/
# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a # A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a
# list of MANIFEST.in style # list of MANIFEST.in style

7
ansible/arcodange/factory/inventory/hosts.yml
View File

@@ -6,6 +6,9 @@ raspberries:
pi2: pi2:
ansible_host: pi2.home ansible_host: pi2.home
ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
pi3:
ansible_host: pi3.home
ansible_ssh_extra_args: '-o StrictHostKeyChecking=no'
internetPi1: internetPi1:
ansible_host: arcodange.duckdns.org ansible_host: arcodange.duckdns.org
@@ -13,6 +16,9 @@ raspberries:
internetPi2: internetPi2:
ansible_host: arcodange.duckdns.org ansible_host: arcodange.duckdns.org
ansible_port: 52022 ansible_port: 52022
internetPi3:
ansible_host: arcodange.duckdns.org
ansible_port: 53022
vars: vars:
ansible_user: pi ansible_user: pi
@@ -24,6 +30,7 @@ local:
ansible_python_interpreter: /Users/gabrielradureau/.local/pipx/venvs/ansible-core/bin/python ansible_python_interpreter: /Users/gabrielradureau/.local/pipx/venvs/ansible-core/bin/python
pi1: pi1:
pi2: pi2:
pi3:
hard_disk: hard_disk:
hosts: hosts:

11
ansible/arcodange/factory/playbooks/01_system.yml
View File

@@ -75,8 +75,7 @@
ansible.builtin.import_playbook: k3s.orchestration.site ansible.builtin.import_playbook: k3s.orchestration.site
# ansible.builtin.import_playbook: k3s.orchestration.reset # ansible.builtin.import_playbook: k3s.orchestration.reset
vars: vars:
k3s_version: v1.30.3+k3s1 k3s_version: v1.31.3+k3s1
token: changeme!
extra_server_args: "--docker --disable traefik" extra_server_args: "--docker --disable traefik"
extra_agent_args: "--docker" extra_agent_args: "--docker"
api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}" api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
@@ -139,7 +138,7 @@
acme-challenge: acme-challenge:
rule: Host(`arcodange.duckdns.org`) && PathPrefix(`/.well-known/acme-challenge`) rule: Host(`arcodange.duckdns.org`) && PathPrefix(`/.well-known/acme-challenge`)
service: acme-http@internal service: acme-http@internal
tls: &tls_opts tls:
certResolver: letsencrypt certResolver: letsencrypt
domains: domains:
- main: "arcodange.duckdns.org" - main: "arcodange.duckdns.org"
@@ -154,7 +153,11 @@
middlewares: middlewares:
- localIp - localIp
tls: tls:
<<: *tls_opts certResolver: letsencrypt
domains:
- main: "arcodange.duckdns.org"
sans:
- "gitea.arcodange.duckdns.org"
entrypoints: entrypoints:
- websecure - websecure
middlewares: middlewares:

2
ansible/arcodange/factory/playbooks/03_cicd.yml
View File

@@ -175,7 +175,7 @@
gitea_token_delete: true gitea_token_delete: true
- name: Deploy Gitea Action - name: Deploy Argo CD
hosts: localhost hosts: localhost
roles: roles:
- arcodange.factory.gitea_token # generate gitea_api_token used to replace generated token with set name if required - arcodange.factory.gitea_token # generate gitea_api_token used to replace generated token with set name if required

1
ansible/arcodange/factory/playbooks/setup/roles/nfs_setup/tasks/mount.yml
View File

@@ -12,6 +12,7 @@
owner: pi owner: pi
group: docker group: docker
mode: '0774' mode: '0774'
ignore_errors: true
- name: Mount NFS share - name: Mount NFS share
mount: mount:

2
ansible/arcodange/factory/roles/traefik_certs/tasks/main.yml
View File

@@ -4,7 +4,7 @@
kubectl -n kube-system exec kubectl -n kube-system exec
$(kubectl -n kube-system get pod -l app.kubernetes.io/name=traefik $(kubectl -n kube-system get pod -l app.kubernetes.io/name=traefik
-o jsonpath="{.items[0]['.metadata.name']}") -- -o jsonpath="{.items[0]['.metadata.name']}") --
cat /data/acme.json | jq '(.letsencrypt.Certificates | map(select(.domain.main=="arcodange.duckdns.org")))[0]' cat /data/acme.json | jq '(.letsencrypt.Certificates | map(select(.domain.main=="*.arcodange.duckdns.org")))[0]'
| jq '.certificate' -r | base64 -d | openssl x509 | jq '.certificate' -r | base64 -d | openssl x509
register: traefik_certs_cmd register: traefik_certs_cmd
- set_fact: - set_fact: