Initial

ansible.cfg

@@ -0,0 +1,79 @@
+# ansible-project/ansible.cfg
+[defaults]
+# Основная директория с инвентарем
+inventory = ./inventory/hosts
+
+# Пути для поиска ролей (можно несколько через двоеточие)
+roles_path = ./roles
+
+# Файлы плейбуков по умолчанию
+hostfile = ./inventory/hosts
+library = ./library
+module_utils = ./module_utils
+filter_plugins = ./filter_plugins
+
+# Путь для поиска плейбуков
+playbook_dir = ./playbooks
+
+# Настройки для групповых и хостовых переменных
+retry_files_enabled = False
+hash_behaviour = merge
+deprecation_warnings = True
+system_warnings = True
+interpreter_python = auto_silent
+
+# Параметры соединения
+transport = smart
+gather_facts = true
+gather_subset = all
+fact_caching = memory
+fact_caching_timeout = 3600
+
+# Параметры по умолчанию для подключения
+ansible_connection = ssh
+ansible_user = ansible
+ansible_port = 22
+ansible_become = true
+ansible_become_method = sudo
+ansible_become_user = root
+ansible_python_interpreter = /usr/bin/python3
+
+# Контрольные суммы и проверки
+host_key_checking = False
+
+[inventory]
+# Включить динамический инвентарь
+enable_plugins = host_list, script, auto, yaml, ini, toml
+
+[privilege_escalation]
+become = true
+become_method = sudo
+become_user = root
+become_ask_pass = false
+
+[ssh_connection]
+# Настройки SSH
+#ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=~/.ssh/ansible-%r@%h:%p
+#pipelining = true
+#scp_if_ssh = smart
+#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
+#timeout = 30
+#retries = 3
+
+[persistent_connection]
+connect_timeout = 30
+command_timeout = 30
+
+[galaxy]
+# Настройки Ansible Galaxy
+server = https://galaxy.ansible.com
+
+
+# Дополнительные настройки для разработки
+[defaults:development]
+# Для разработки - более строгие проверки
+force_color = 1
+callback_whitelist = profile_tasks, timer, mail
+retry_files_save_path = ./retry-files
+local_tmp = ~/.ansible/tmp
+remote_tmp = ~/.ansible/tmp

inventory/hosts

@@ -0,0 +1,17 @@
+# ansible/inventory/hosts
+
+# Все хосты
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3
+ansible_user=root
+ansible_port=22
+ansible_ssh_private_key_file=~/.ssh/id_rsa
+
+# VPN серверы
+[vpnservers]
+access.stanito.me ansible_user=root
+
+# Группы по ОС
+[ubuntu_servers:children]
+vpnservers
+

playbook_vpn.yml

@@ -0,0 +1,6 @@
+[vpn]
+access.stanito.me
+
+[all:vars]
+ansible_user=admin
+ansible_ssh_private_key_file=~/.ssh/id_rsa

playbooks/base.yml

@@ -0,0 +1,7 @@
+---
+- name: Bootstrap Ubuntu servers
+  hosts: all
+  become: true
+
+  roles:
+    - base

readme_structure.md

@@ -0,0 +1,53 @@
+# Structure
+```
+production                # inventory file for production servers
+staging                   # inventory file for staging environment
+
+group_vars/
+   group1.yml             # here we assign variables to particular groups
+   group2.yml
+host_vars/
+   hostname1.yml          # here we assign variables to particular systems
+   hostname2.yml
+
+library/                  # if any custom modules, put them here (optional)
+module_utils/             # if any custom module_utils to support modules, put them here (optional)
+filter_plugins/           # if any custom filter plugins, put them here (optional)
+
+site.yml                  # main playbook
+webservers.yml            # playbook for webserver tier
+dbservers.yml             # playbook for dbserver tier
+tasks/                    # task files included from playbooks
+    webservers-extra.yml  # <-- avoids confusing playbook with task files
+```
+
+
+# Roles
+```
+roles/
+    common/               # this hierarchy represents a "role"
+        tasks/            #
+            main.yml      #  <-- tasks file can include smaller files if warranted
+        handlers/         #
+            main.yml      #  <-- handlers file
+        templates/        #  <-- files for use with the template resource
+            ntp.conf.j2   #  <------- templates end in .j2
+        files/            #
+            bar.txt       #  <-- files for use with the copy resource
+            foo.sh        #  <-- script files for use with the script resource
+        vars/             #
+            main.yml      #  <-- variables associated with this role
+        defaults/         #
+            main.yml      #  <-- default lower priority variables for this role
+        meta/             #
+            main.yml      #  <-- role dependencies and optional Galaxy info
+        library/          # roles can also include custom modules
+        module_utils/     # roles can also include custom module_utils
+        lookup_plugins/   # or other types of plugins, like lookup in this case
+
+    webtier/              # same kind of structure as "common" was above, done for the webtier role
+    monitoring/           # ""
+    fooapp/               # ""
+```
+
+# Deployment

requirements.yml

@@ -0,0 +1,15 @@
+---
+roles:
+  # Install a role from Ansible Galaxy.
+  # note that ranges are not supported for roles
+  - name: geerlingguy.certbot
+    version: "5.4.1"
+
+collections:
+  # Install a collection from Ansible Galaxy.
+  - name: community.general
+    version: ">=7.0.0"
+    source: https://galaxy.ansible.com
+  - name: ansible.posix
+
+

roles/base/files/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChdhIFLJ1nwmqkFJzgHKvPJXPdGRZ3tmN0IqAJyP61DSsQf4rJcw4fL9Z4UKGfIw4Mn4f8FFcAUCmD/2OZxSKjjQBYiq/+q3AS12PVUbDR3fE5IyZx3uDmAB3m9yJuIFGl3mqldefnnH98UA3+kwZgFoJXJwHgp6mTV+S5N0aJdX1gCwoVMz3imkUAkGQrK4eDp9T4YH94yVh8or3si+mQJe+5j5xjF7oFGWWVYIr7iNS6zrtgRQdFklAt8cFIx2Mxql6PuTNJo83zS1NUxijEEGC/aZMLhafsOWm8M63EvkXsGOYS2JN5ycKJaTTDiD22tyXP4a1Oe6SGzB7of2NJ9RUXYnq7IYNlMpLJ4D7tHyYJUEckRQy9yugYWSUFxPgLc6n1PxDUEk1hTVwm5xsha9kYYXtuAY4RI3uXkvYIMsuO92kwqnOwt6Yw285DrXQQYSLt2NGBYvGfVczrSM8TYwsCZ0wHOaNeZKieeOmNDeHcOX8smSsiYlF08NOJ6pk= stanito@MacM5

roles/base/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- import_tasks: packages.yml
+
+- import_tasks: users.yml
+
+- import_tasks: sudo.yml
+
+- import_tasks: ssh.yml

roles/base/tasks/packages.yml

@@ -0,0 +1,10 @@
+---
+- name: Install base packages
+  ansible.builtin.apt:
+    name:
+      - vim
+      - curl
+      - git
+      - htop
+    state: present
+    update_cache: true

roles/base/tasks/ssh.yml

@@ -0,0 +1,5 @@
+---
+- name: Add authorized key
+  ansible.posix.authorized_key:
+    user: stanito
+    key: "{{ lookup('file', 'id_rsa.pub') }}"

roles/base/tasks/users.yml

@@ -0,0 +1,7 @@
+---
+- name: Create user
+  ansible.builtin.user:
+    name: stanito
+    groups: sudo
+    shell: /bin/bash
+    create_home: true