ansible playbooks for retailor.io infrastructure

plays/base_server_setup.yml

@@ -0,0 +1,9 @@
+---
+- name: Basic setup, brute force protection, firewall and log shipping
+  hosts: all
+  roles:
+    - role: roles/base-packages         # - Basic server setup and configuration
+    - role: roles/fail2ban              # - SSH Brute force protection
+    - role: roles/firewall              # - Firewall, if firewall_enable is true
+    - role: roles/oh-my-zsh
+    - role: roles/motd

plays/elasticsearch.yml

@@ -0,0 +1,12 @@
+---
+- name: Install ELK stack using Docker
+  hosts: elasticsearch
+  vars:
+    elk_version: "8.17.0"
+  roles:
+    # TODO check for docker install before purging it. This nukes containers
+    # we might not want destroyed.
+    # Leave a file, or read the same input requirements into a apt check
+    # which skips purge if satisfied.
+    #   - role: roles/docker
+    - role: roles/elasticsearch

plays/firewall.yml

@@ -0,0 +1,5 @@
+---
+- name: Install all ufw service and enable ports
+  hosts: all
+  roles:
+    - role: roles/firewall

plays/metrics-filebeat.yml

@@ -0,0 +1,10 @@
+---
+- name: Install nginx filebeat log exporter
+  hosts: web
+  roles:
+    - role: roles/filebeat-nginx
+
+- name: Install laravel filebeat log exporter
+  hosts: web
+  roles:
+    - role: roles/filebeat-laravel

plays/metrics-node.yml

@@ -0,0 +1,17 @@
+---
+- name: Install prometheus exporters
+  hosts: all
+  vars:
+    node_exporter_version: "1.9.0"
+    nginx_exporter_version: "1.4.1"
+    cadvisor_version: "0.46.0"
+    fail2ban_exporter_version: "0.10.2"
+  roles:
+    - role: roles/node_exporter
+    - role: roles/fail2ban_exporter
+    - role: roles/redis_exporter
+      when: install_redis_exporter
+    - role: roles/cadvisor
+      when: install_cadvisor_exporter
+    - role: roles/nginx_prometheus_exporter
+      when: install_nginx_exporter

plays/ping.yml

@@ -0,0 +1,5 @@
+- hosts: all
+
+  tasks:
+    - name: Ping all hosts
+      ping:

plays/prome-grafana.yml

@@ -0,0 +1,10 @@
+---
+- name: Install prometheus & grafana using Docker
+  hosts: grafana
+  vars:
+    prometheus_version: "latest"
+    grafana_version: "latest"
+    cadvisor_version: "0.46.0"
+  roles:
+    # - role: roles/docker
+    - role: roles/prometheus-grafana

plays/tailscale.yml

@@ -0,0 +1,7 @@
+---
+- name: Install tailscale
+  hosts: all
+  roles:
+    - role: roles/tailscale
+      vars:
+        tailscale_authkey: "{{ lookup('env', 'TAILSCALE_KEY') }}"

plays/upgrade.yml

@@ -0,0 +1,23 @@
+---
+- hosts: all
+  gather_facts: yes
+
+  tasks:
+    - name: Perform a dist-upgrade.
+      ansible.builtin.apt:
+        upgrade: dist
+        update_cache: yes
+
+    - name: Check if a reboot is required.
+      ansible.builtin.stat:
+        path: /var/run/reboot-required
+        get_checksum: no
+      register: reboot_required_file
+
+    - name: Reboot the server (if required).
+      ansible.builtin.reboot:
+      when: reboot_required_file.stat.exists == true
+
+    - name: Remove dependencies that are no longer required.
+      ansible.builtin.apt:
+        autoremove: yes