Compare commits
44 Commits
cef0693f84
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 3343c87601 | |||
| 2909ff0ff4 | |||
| 9735ef4501 | |||
| c588cf829d | |||
| 7aedcd922a | |||
| 37ab9c1270 | |||
| f119d19906 | |||
| 6abbc06015 | |||
| 3b6d81b70a | |||
| 85007c7959 | |||
| 079ee4857e | |||
| 26fddbc7b5 | |||
| 6606e15444 | |||
| 69106fba43 | |||
| 2582b2eb06 | |||
| 5b3c05db53 | |||
| 774ed428f9 | |||
| 7d030cebed | |||
| 19a1669950 | |||
| 1c0ddd82c6 | |||
| 03ff69a6fb | |||
| 4128a54865 | |||
| 5537eb6562 | |||
| ae8f90de0f | |||
| 17ee5061df | |||
| 434bf3cbf3 | |||
| ad4259ebaa | |||
| 8809fa7e68 | |||
| 616e644f95 | |||
| c530598cc4 | |||
| 30e0f8dc6c | |||
| 20ade83682 | |||
| e9fe5072cf | |||
| 10ffe013c0 | |||
| 0765da4478 | |||
| c7a226261f | |||
| 7706f2843c | |||
| e726a571dd | |||
| 52a68730e3 | |||
| 3f251ce158 | |||
| de05b7e312 | |||
| 7adcf81c0d | |||
| 42b63f613c | |||
| f8b76eef41 |
@ -1,3 +1,3 @@
|
|||||||
[defaults]
|
[defaults]
|
||||||
inventory=inventory
|
inventory=inventory.yml
|
||||||
callback_enabled = profile_tasks
|
callback_enabled = profile_tasks
|
||||||
|
|||||||
19
inventory
19
inventory
@ -1,19 +0,0 @@
|
|||||||
|
|
||||||
[rpi:children]
|
|
||||||
rpi_rpios
|
|
||||||
rpi_ubuntu
|
|
||||||
|
|
||||||
[rpi_ubuntu]
|
|
||||||
|
|
||||||
[rpi_ubuntu:vars]
|
|
||||||
ansible_user=ubuntu
|
|
||||||
|
|
||||||
[rpi_rpios]
|
|
||||||
octopi ansible_host=192.168.2.99
|
|
||||||
pihole ansible_host=192.168.2.20
|
|
||||||
naspi ansible_host=192.168.2.75
|
|
||||||
piprint ansible_host=192.168.2.95
|
|
||||||
|
|
||||||
[rpi_rpios:vars]
|
|
||||||
ansible_user=pi
|
|
||||||
ansible_python_interpreter=/usr/bin/python
|
|
||||||
39
inventory.yml
Normal file
39
inventory.yml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
all:
|
||||||
|
children:
|
||||||
|
singlehosts:
|
||||||
|
rpi:
|
||||||
|
|
||||||
|
# Hosts without special groups
|
||||||
|
singlehosts:
|
||||||
|
hosts:
|
||||||
|
# srv-print:
|
||||||
|
# ansible_host: 192.168.2.95
|
||||||
|
# ansible_user: ansible
|
||||||
|
|
||||||
|
# All RPI hosts
|
||||||
|
rpi:
|
||||||
|
hosts:
|
||||||
|
children:
|
||||||
|
rpi_ubuntu:
|
||||||
|
rpi_rpios:
|
||||||
|
|
||||||
|
# RPI hosts with RPIOS
|
||||||
|
rpi_rpios:
|
||||||
|
vars:
|
||||||
|
ansible_user: pi
|
||||||
|
hosts:
|
||||||
|
octopi:
|
||||||
|
ansible_host: 192.168.2.99
|
||||||
|
pihole:
|
||||||
|
ansible_host: 192.168.2.20
|
||||||
|
naspi:
|
||||||
|
ansible_host: 192.168.2.75
|
||||||
|
gfs-ca:
|
||||||
|
ansible_host: 192.168.2.72
|
||||||
|
ansible_user: ansible
|
||||||
|
|
||||||
|
# Hosts that have no proper user yet
|
||||||
|
staging:
|
||||||
|
hosts:
|
||||||
18
playbooks/ansible_user.yml
Normal file
18
playbooks/ansible_user.yml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
- hosts: staging
|
||||||
|
become: yes
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- name: user setup
|
||||||
|
block:
|
||||||
|
- name: create ansible user
|
||||||
|
ansible.builtin.user:
|
||||||
|
user: ansible
|
||||||
|
state: present
|
||||||
|
shell: /bin/bash
|
||||||
|
groups: sudo
|
||||||
|
|
||||||
|
- name: add ansible ssh-key
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: ansible
|
||||||
|
state: present
|
||||||
|
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcB6Y1KvYdK2T4Ewg5ATE7dp67O+0RtPLWvfaiHfJoSJlipcgPKWcbFhxyAlKwQXYqILF03cfoaHXjMtNjiZpCWtUqlZVklNlQNtqyjYghn45PX1m+nmU4bMuBQw+b+J4N8KM5XfL5BAWlpFBMsWjTFEherkKCZs5ABMx6r9MiHaIb9gwjzsQBF+oqkqXAOLXd4kaSSYPHJcxfcWtKCW2S083+lfj+iwc3zwzwNoLcMeiE9eKpTXvDldCXZ5pvd762llNn24Zsa/O1i+HOGm3EkeoeBSW08sj5nGSV8CmjzM1eQI8FZzcteaTkL916Ny+NwgsZ7NogDtpZCBwdwnNE+APG060Mq1ul1sX6KblCOAXUIDyhmJCV2XuJZNd74pzTs4jZKTXjwYmG4Tq0pATw6lKaHQSC2DlwWWkToaFd+ewQ2Mct43vfPFUIGWJHxciLEALb1ZTomOkmG5v2ZTfqp9cUtCkX90ZaYa3ADk5afjKf/2lKgr0ffL0BQjvnZ5M= ansible@Septentrion"
|
||||||
24
playbooks/patches.yml
Executable file
24
playbooks/patches.yml
Executable file
@ -0,0 +1,24 @@
|
|||||||
|
- hosts: all
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- name: Update Debian-based systems
|
||||||
|
block:
|
||||||
|
- name: Apt Update
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Apt Upgrade
|
||||||
|
apt:
|
||||||
|
upgrade: safe
|
||||||
|
|
||||||
|
- name: Check if reboot required
|
||||||
|
stat:
|
||||||
|
path: /var/run/reboot-required
|
||||||
|
register: reboot_required_file
|
||||||
|
|
||||||
|
- name: Reboot if required
|
||||||
|
reboot:
|
||||||
|
when: reboot_required_file.stat.exists == true
|
||||||
|
|
||||||
|
become: yes
|
||||||
|
when: ansible_facts['ansible_os_family'] == 'Debian'
|
||||||
@ -1,19 +0,0 @@
|
|||||||
- hosts: rpi
|
|
||||||
become: yes
|
|
||||||
tasks:
|
|
||||||
- name: Apt Update
|
|
||||||
apt:
|
|
||||||
update_cache: yes
|
|
||||||
|
|
||||||
- name: Apt Upgrade
|
|
||||||
apt:
|
|
||||||
upgrade: safe
|
|
||||||
|
|
||||||
- name: Check if reboot required
|
|
||||||
stat:
|
|
||||||
path: /var/run/reboot-required
|
|
||||||
register: reboot_required_file
|
|
||||||
|
|
||||||
- name: Reboot if required
|
|
||||||
reboot:
|
|
||||||
when: reboot_required_file.stat.exists == true
|
|
||||||
84
playbooks/srv-print.yml
Normal file
84
playbooks/srv-print.yml
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
- hosts: srv-print
|
||||||
|
become: yes
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- name: user setup
|
||||||
|
block:
|
||||||
|
- name: create admin user
|
||||||
|
ansible.builtin.user:
|
||||||
|
user: admin
|
||||||
|
state: present
|
||||||
|
shell: /bin/bash
|
||||||
|
groups: sudo
|
||||||
|
|
||||||
|
- name: add admin ssh-key
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: admin
|
||||||
|
state: present
|
||||||
|
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsLI18nShd47L6o4dL2sIbhJAlWdXXc7BBSqhslTBMVziY6OBazW2jxxU0eN+Wi3RYEuOUd3xt6f56m6NgB96MxvRbfhD06FCetrEzEX/k7yWRVlvyMOSX0RjTr2UWPqOpXmLvbpOvTX4m4+rhpXlXJ1FB/jiZGNYvQEXot8PFTkMBdP0rHsdXiHhJvJy8Y/jDoErrCrK+Yger9ziCeskr3t/KET1nD6e/g4lQwVr7YftMw9s/0RiSVU4VQnUHjMiyXMpg8SD54YkmaQ8TJ14dQ3LVvMjXNGhg3fmmmxQMWot64oLe5HvNJigmKDfYxUzQuX8Ba2zAcnvHkLp/RpVB krumel@YatagarasuDrive"
|
||||||
|
|
||||||
|
- name: install cups and some other required packages
|
||||||
|
apt:
|
||||||
|
pkg:
|
||||||
|
- cups
|
||||||
|
- printer-driver-splix
|
||||||
|
- nginx
|
||||||
|
- libnginx-mod-http-lua
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: cups setup
|
||||||
|
block:
|
||||||
|
- name: allow access to cups from network
|
||||||
|
replace:
|
||||||
|
path: /etc/cups/cupsd.conf
|
||||||
|
regexp: 'Listen localhost:631'
|
||||||
|
replace: 'Listen 0.0.0.0:631'
|
||||||
|
|
||||||
|
- name: configure cups for remote access
|
||||||
|
shell: cupsctl --remote-admin --remote-any --share-printers
|
||||||
|
|
||||||
|
- name: restart cups
|
||||||
|
service:
|
||||||
|
name: cups
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: configure nginx to scan images on request
|
||||||
|
block:
|
||||||
|
- name: copy config to sites-available
|
||||||
|
copy:
|
||||||
|
src: templates/scan_image.conf
|
||||||
|
dest: /etc/nginx/sites-available/
|
||||||
|
|
||||||
|
- name: link to sites-enabled
|
||||||
|
file:
|
||||||
|
src: /etc/nginx/sites-available/scan_image.conf
|
||||||
|
dest: /etc/nginx/sites-enabled/scan_image.conf
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: ensure no default site is sites-enabled
|
||||||
|
file:
|
||||||
|
path: /etc/nginx/sites-enabled/default
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: create scan directory and give www-data rights
|
||||||
|
file:
|
||||||
|
path: /srv/scans/
|
||||||
|
state: directory
|
||||||
|
owner: www-data
|
||||||
|
|
||||||
|
- name: add www-data to scanner
|
||||||
|
user:
|
||||||
|
name: www-data
|
||||||
|
groups: scanner
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
- name: copy htpasswd
|
||||||
|
copy:
|
||||||
|
src: templates/htpasswd_scan
|
||||||
|
dest: /etc/nginx/htpasswd/
|
||||||
|
|
||||||
|
- name: restart nginx
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
@ -1,9 +1,16 @@
|
|||||||
- hosts: rpi
|
- become: yes
|
||||||
become: yes
|
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
- name: add ansible@septentrion to authorized keys
|
- name: add ansible@septentrion to authorized keys for RaspberryPis
|
||||||
|
hosts: rpi
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: pi
|
user: pi
|
||||||
state: present
|
state: present
|
||||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcB6Y1KvYdK2T4Ewg5ATE7dp67O+0RtPLWvfaiHfJoSJlipcgPKWcbFhxyAlKwQXYqILF03cfoaHXjMtNjiZpCWtUqlZVklNlQNtqyjYghn45PX1m+nmU4bMuBQw+b+J4N8KM5XfL5BAWlpFBMsWjTFEherkKCZs5ABMx6r9MiHaIb9gwjzsQBF+oqkqXAOLXd4kaSSYPHJcxfcWtKCW2S083+lfj+iwc3zwzwNoLcMeiE9eKpTXvDldCXZ5pvd762llNn24Zsa/O1i+HOGm3EkeoeBSW08sj5nGSV8CmjzM1eQI8FZzcteaTkL916Ny+NwgsZ7NogDtpZCBwdwnNE+APG060Mq1ul1sX6KblCOAXUIDyhmJCV2XuJZNd74pzTs4jZKTXjwYmG4Tq0pATw6lKaHQSC2DlwWWkToaFd+ewQ2Mct43vfPFUIGWJHxciLEALb1ZTomOkmG5v2ZTfqp9cUtCkX90ZaYa3ADk5afjKf/2lKgr0ffL0BQjvnZ5M= ansible@Septentrion"
|
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcB6Y1KvYdK2T4Ewg5ATE7dp67O+0RtPLWvfaiHfJoSJlipcgPKWcbFhxyAlKwQXYqILF03cfoaHXjMtNjiZpCWtUqlZVklNlQNtqyjYghn45PX1m+nmU4bMuBQw+b+J4N8KM5XfL5BAWlpFBMsWjTFEherkKCZs5ABMx6r9MiHaIb9gwjzsQBF+oqkqXAOLXd4kaSSYPHJcxfcWtKCW2S083+lfj+iwc3zwzwNoLcMeiE9eKpTXvDldCXZ5pvd762llNn24Zsa/O1i+HOGm3EkeoeBSW08sj5nGSV8CmjzM1eQI8FZzcteaTkL916Ny+NwgsZ7NogDtpZCBwdwnNE+APG060Mq1ul1sX6KblCOAXUIDyhmJCV2XuJZNd74pzTs4jZKTXjwYmG4Tq0pATw6lKaHQSC2DlwWWkToaFd+ewQ2Mct43vfPFUIGWJHxciLEALb1ZTomOkmG5v2ZTfqp9cUtCkX90ZaYa3ADk5afjKf/2lKgr0ffL0BQjvnZ5M= ansible@Septentrion"
|
||||||
|
|
||||||
|
- name: add ansible@septentrion to authorized keys for single hosts
|
||||||
|
hosts: single-hosts
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: ansible
|
||||||
|
state: present
|
||||||
|
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcB6Y1KvYdK2T4Ewg5ATE7dp67O+0RtPLWvfaiHfJoSJlipcgPKWcbFhxyAlKwQXYqILF03cfoaHXjMtNjiZpCWtUqlZVklNlQNtqyjYghn45PX1m+nmU4bMuBQw+b+J4N8KM5XfL5BAWlpFBMsWjTFEherkKCZs5ABMx6r9MiHaIb9gwjzsQBF+oqkqXAOLXd4kaSSYPHJcxfcWtKCW2S083+lfj+iwc3zwzwNoLcMeiE9eKpTXvDldCXZ5pvd762llNn24Zsa/O1i+HOGm3EkeoeBSW08sj5nGSV8CmjzM1eQI8FZzcteaTkL916Ny+NwgsZ7NogDtpZCBwdwnNE+APG060Mq1ul1sX6KblCOAXUIDyhmJCV2XuJZNd74pzTs4jZKTXjwYmG4Tq0pATw6lKaHQSC2DlwWWkToaFd+ewQ2Mct43vfPFUIGWJHxciLEALb1ZTomOkmG5v2ZTfqp9cUtCkX90ZaYa3ADk5afjKf/2lKgr0ffL0BQjvnZ5M= ansible@Septentrion"
|
||||||
|
|||||||
1
playbooks/templates/htpasswd_scan
Normal file
1
playbooks/templates/htpasswd_scan
Normal file
@ -0,0 +1 @@
|
|||||||
|
scan:$2y$05$vibHqJBvSjz1YSdV2dV2Dut7p9bLiXAGQ/wcgSkmVQ7wlKeinWTLO
|
||||||
21
playbooks/templates/scan_image.conf
Normal file
21
playbooks/templates/scan_image.conf
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
auth_basic "";
|
||||||
|
auth_basic_user_file /etc/nginx/htpasswd/htpasswd_scan;
|
||||||
|
|
||||||
|
location /scan {
|
||||||
|
content_by_lua_block {
|
||||||
|
epoc = ngx.time();
|
||||||
|
os.execute("scanimage --format jpeg >/srv/scans/image"..epoc..".jpg");
|
||||||
|
ngx.redirect("/scans/image"..epoc..".jpg");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
location /scans {
|
||||||
|
autoindex on;
|
||||||
|
root /srv/;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user