Initial

2026-02-09 20:12:53 +03:00
commit 0b058c35de
17 changed files with 208 additions and 0 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -0,0 +1,79 @@
 # ansible-project/ansible.cfg
 [defaults]
 # Основная директория с инвентарем
 inventory = ./inventory/hosts
 # Пути для поиска ролей (можно несколько через двоеточие)
 roles_path = ./roles
 # Файлы плейбуков по умолчанию
 hostfile = ./inventory/hosts
 library = ./library
 module_utils = ./module_utils
 filter_plugins = ./filter_plugins
 # Путь для поиска плейбуков
 playbook_dir = ./playbooks
 # Настройки для групповых и хостовых переменных
 retry_files_enabled = False
 hash_behaviour = merge
 deprecation_warnings = True
 system_warnings = True
 interpreter_python = auto_silent
 # Параметры соединения
 transport = smart
 gather_facts = true
 gather_subset = all
 fact_caching = memory
 fact_caching_timeout = 3600
 # Параметры по умолчанию для подключения
 ansible_connection = ssh
 ansible_user = ansible
 ansible_port = 22
 ansible_become = true
 ansible_become_method = sudo
 ansible_become_user = root
 ansible_python_interpreter = /usr/bin/python3
 # Контрольные суммы и проверки
 host_key_checking = False
 [inventory]
 # Включить динамический инвентарь
 enable_plugins = host_list, script, auto, yaml, ini, toml
 [privilege_escalation]
 become = true
 become_method = sudo
 become_user = root
 become_ask_pass = false
 [ssh_connection]
 # Настройки SSH
 #ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=~/.ssh/ansible-%r@%h:%p
 #pipelining = true
 #scp_if_ssh = smart
 #control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
 #timeout = 30
 #retries = 3
 [persistent_connection]
 connect_timeout = 30
 command_timeout = 30
 [galaxy]
 # Настройки Ansible Galaxy
 server = https://galaxy.ansible.com
 # Дополнительные настройки для разработки
 [defaults:development]
 # Для разработки - более строгие проверки
 force_color = 1
 callback_whitelist = profile_tasks, timer, mail
 retry_files_save_path = ./retry-files
 local_tmp = ~/.ansible/tmp
 remote_tmp = ~/.ansible/tmp
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
--- a/inventory/group_vars/vpnservers.yml
+++ b/inventory/group_vars/vpnservers.yml
--- a/inventory/host_vars/host1.yml
+++ b/inventory/host_vars/host1.yml
--- a/inventory/hosts
+++ b/inventory/hosts
@@ -0,0 +1,17 @@
 # ansible/inventory/hosts
 # Все хосты
 [all:vars]
 ansible_python_interpreter=/usr/bin/python3
 ansible_user=root
 ansible_port=22
 ansible_ssh_private_key_file=~/.ssh/id_rsa
 # VPN серверы
 [vpnservers]
 access.stanito.me ansible_user=root
 # Группы по ОС
 [ubuntu_servers:children]
 vpnservers
--- a/playbook_main.yml
+++ b/playbook_main.yml
--- a/playbook_vpn.yml
+++ b/playbook_vpn.yml
@@ -0,0 +1,6 @@
 [vpn]
 access.stanito.me
 [all:vars]
 ansible_user=admin
 ansible_ssh_private_key_file=~/.ssh/id_rsa
--- a/playbooks/base.yml
+++ b/playbooks/base.yml
@@ -0,0 +1,7 @@
 ---
 - name: Bootstrap Ubuntu servers
  hosts: all
  become: true
  roles:
    - base
--- a/readme_deploy.md
+++ b/readme_deploy.md
--- a/readme_structure.md
+++ b/readme_structure.md
@@ -0,0 +1,53 @@
 # Structure
 ```
 production                # inventory file for production servers
 staging                   # inventory file for staging environment
 group_vars/
   group1.yml             # here we assign variables to particular groups
   group2.yml
 host_vars/
   hostname1.yml          # here we assign variables to particular systems
   hostname2.yml
 library/                  # if any custom modules, put them here (optional)
 module_utils/             # if any custom module_utils to support modules, put them here (optional)
 filter_plugins/           # if any custom filter plugins, put them here (optional)
 site.yml                  # main playbook
 webservers.yml            # playbook for webserver tier
 dbservers.yml             # playbook for dbserver tier
 tasks/                    # task files included from playbooks
    webservers-extra.yml  # <-- avoids confusing playbook with task files
 ```
 # Roles
 ```
 roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files if warranted
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- variables associated with this role
        defaults/         #
            main.yml      #  <-- default lower priority variables for this role
        meta/             #
            main.yml      #  <-- role dependencies and optional Galaxy info
        library/          # roles can also include custom modules
        module_utils/     # roles can also include custom module_utils
        lookup_plugins/   # or other types of plugins, like lookup in this case
    webtier/              # same kind of structure as "common" was above, done for the webtier role
    monitoring/           # ""
    fooapp/               # ""
 ```
 # Deployment
--- a/requirements.yml
+++ b/requirements.yml
@@ -0,0 +1,15 @@
 ---
 roles:
  # Install a role from Ansible Galaxy.
  # note that ranges are not supported for roles
  - name: geerlingguy.certbot
    version: "5.4.1"
 collections:
  # Install a collection from Ansible Galaxy.
  - name: community.general
    version: ">=7.0.0"
    source: https://galaxy.ansible.com
  - name: ansible.posix
--- a/roles/base/files/id_rsa.pub
+++ b/roles/base/files/id_rsa.pub
@@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChdhIFLJ1nwmqkFJzgHKvPJXPdGRZ3tmN0IqAJyP61DSsQf4rJcw4fL9Z4UKGfIw4Mn4f8FFcAUCmD/2OZxSKjjQBYiq/+q3AS12PVUbDR3fE5IyZx3uDmAB3m9yJuIFGl3mqldefnnH98UA3+kwZgFoJXJwHgp6mTV+S5N0aJdX1gCwoVMz3imkUAkGQrK4eDp9T4YH94yVh8or3si+mQJe+5j5xjF7oFGWWVYIr7iNS6zrtgRQdFklAt8cFIx2Mxql6PuTNJo83zS1NUxijEEGC/aZMLhafsOWm8M63EvkXsGOYS2JN5ycKJaTTDiD22tyXP4a1Oe6SGzB7of2NJ9RUXYnq7IYNlMpLJ4D7tHyYJUEckRQy9yugYWSUFxPgLc6n1PxDUEk1hTVwm5xsha9kYYXtuAY4RI3uXkvYIMsuO92kwqnOwt6Yw285DrXQQYSLt2NGBYvGfVczrSM8TYwsCZ0wHOaNeZKieeOmNDeHcOX8smSsiYlF08NOJ6pk= stanito@MacM5
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -0,0 +1,8 @@
 ---
 - import_tasks: packages.yml
 - import_tasks: users.yml
 - import_tasks: sudo.yml
 - import_tasks: ssh.yml
--- a/roles/base/tasks/packages.yml
+++ b/roles/base/tasks/packages.yml
@@ -0,0 +1,10 @@
 ---
 - name: Install base packages
  ansible.builtin.apt:
    name:
      - vim
      - curl
      - git
      - htop
    state: present
    update_cache: true
--- a/roles/base/tasks/ssh.yml
+++ b/roles/base/tasks/ssh.yml
@@ -0,0 +1,5 @@
 ---
 - name: Add authorized key
  ansible.posix.authorized_key:
    user: stanito
    key: "{{ lookup('file', 'id_rsa.pub') }}"
--- a/roles/base/tasks/sudo.yml
+++ b/roles/base/tasks/sudo.yml
--- a/roles/base/tasks/users.yml
+++ b/roles/base/tasks/users.yml
@@ -0,0 +1,7 @@
 ---
 - name: Create user
  ansible.builtin.user:
    name: stanito
    groups: sudo
    shell: /bin/bash
    create_home: true
		`@@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQChdhIFLJ1nwmqkFJzgHKvPJXPdGRZ3tmN0IqAJyP61DSsQf4rJcw4fL9Z4UKGfIw4Mn4f8FFcAUCmD/2OZxSKjjQBYiq/+q3AS12PVUbDR3fE5IyZx3uDmAB3m9yJuIFGl3mqldefnnH98UA3+kwZgFoJXJwHgp6mTV+S5N0aJdX1gCwoVMz3imkUAkGQrK4eDp9T4YH94yVh8or3si+mQJe+5j5xjF7oFGWWVYIr7iNS6zrtgRQdFklAt8cFIx2Mxql6PuTNJo83zS1NUxijEEGC/aZMLhafsOWm8M63EvkXsGOYS2JN5ycKJaTTDiD22tyXP4a1Oe6SGzB7of2NJ9RUXYnq7IYNlMpLJ4D7tHyYJUEckRQy9yugYWSUFxPgLc6n1PxDUEk1hTVwm5xsha9kYYXtuAY4RI3uXkvYIMsuO92kwqnOwt6Yw285DrXQQYSLt2NGBYvGfVczrSM8TYwsCZ0wHOaNeZKieeOmNDeHcOX8smSsiYlF08NOJ6pk= stanito@MacM5