complete refactor

README.md

@@ -31,7 +31,7 @@ Used to provision software, services and configuration to local machines and clo
   - plex, radarr, sonarr to ubuntu-server
 - /etc/hosts files
 - ssh keys
-- .ssh/config
+- .ssh/config mapping identities to hosts and jumpboxes where necessary
 
 - [home.jasonernst.com](home.jasonernst.com) pointed to ubuntu-server configured as an ssh jump box into the lan
 

ansible/.gitignore

@@ -0,0 +1 @@
+.vault_pass

ansible/README.md

@@ -3,12 +3,13 @@
 - Ansible (>=3.2)
   - via ppa:ansible/ansible because default ubuntu only has 2.8 or something
 
+- Install requirements: `ansible-galaxy install -r ansible/requirements.yml`
+
 - Install the gpg module on ansible machine:
   - `mkdir -p ~/.ansible/plugins/modules`
   - `wget -O ~/.ansible/plugins/modules/gpg.py https://raw.githubusercontent.com/brandonkal/ansible-gpg/master/gpg.py`
   - verify it is there with `ansible-doc -t module gpg`
   - todo: see if we can get this work with dependencies so we don't need to do this manually
-  - install requirements: `ansible-galaxy install -r ansible/requirements.yml`
 
 - Ensure the .vault_pass file exists (its on keybase):
   - https://www.digitalocean.com/community/tutorials/how-to-use-vault-to-protect-sensitive-ansible-data-on-ubuntu-16-04
@@ -23,6 +24,25 @@ ssh-import-id gh:compscidr
 You'll probably want to test it works (and accept the ssh key) - with:
 `ssh <target-host>`
 
+## Deploying to all machines
+`ansible-playbook -i inventory.yml playbook.yml --ask-become-pass --vault-password-file=.vault_pass`
+
+## Deploying to just www.jasonernst.com
+`ansible-playbook -i inventory.yml playbook.yml --ask-become-pass --vault-password-file=.vault_pass --limit www.jasonernst.com`
+
+# Checking for problems
+`ansible-playbook -i inventory.yml playbook.yml --check -vvvv`
+
+# Linting
+`ansible-lint inventory.yml playbook.yml`
+
+
+Note: deploying for the first time to a machine which only has root (ie: digital ocean)
+may require running with `-u root` and not `--ask-become-pass`
+
+###### old
+
+
 ## Inventories:
 Since we have separate inventories for different classes of hosts
 (production, staging, development), we need to pass the appropriate inventory

ansible/inventory.yml

@@ -0,0 +1,48 @@
+all:
+#  hosts:
+# this is where ungrouped hosts would go
+  children:
+    lan:
+      hosts:
+        ubuntu-server:
+          ansible_host: 10.0.0.218
+        ubuntu-desktop-beast:
+          ansible_host: 10.0.0.89
+        ubuntu-desktop:
+          ansible_host: 10.0.0.111
+        jason-ubuntu-laptop:
+          ansible_host: 10.0.0.17
+        ubuntu-work-laptop:
+          ansible_host: 10.0.0.103
+    development:
+      hosts:
+        ubuntu-server:
+        ubuntu-desktop-beast:
+        ubuntu-desktop:
+        jason-ubuntu-laptop:
+        ubuntu-work-laptop:
+    development_gui:
+      hosts:
+        ubuntu-desktop:
+        ubuntu-desktop-beast:
+        jason-ubuntu-laptop:
+        ubuntu-work-laptop:
+    amd:
+      hosts:
+        ubuntu-desktop:
+        ubuntu-server:
+    nvidia:
+      hosts:
+        ubuntu-desktop-beast:
+    home_jasonernst_com:
+      hosts:
+        ubuntu-server:
+    www_jasonernst_com:
+      hosts:
+        www.jasonernst.com:
+    lp_jasonernst_com:
+      hosts:
+        lp.jasonernst.com:
+    ombi_jasonernst_com:
+      hosts:
+        ombi.jasonernst.com:

ansible/playbook.yml

@@ -0,0 +1,78 @@
+---
+- name: Common Tasks for all Hosts
+  hosts: all
+  pre_tasks:
+    - name: update apt cache if needed
+      become: true
+      apt:
+        update_cache: true
+        cache_valid_time: 86400
+  roles:
+    - common/user
+    - common/ssh
+    - common/software
+
+- name: Tasks for LAN Hosts
+  hosts: lan
+  roles:
+    - common/lan
+
+- name: Tasks for WAN hosts
+  hosts: all, !lan
+  roles:
+    - common/wan
+
+- name: Non-GUI Development Software
+  hosts: development
+  roles:
+    - development/shell
+    - development/ops
+    - development/cpp
+    - development/android
+    - development/python3
+    - development/golang
+    - development/node
+    - development/ziglang
+
+- name: Development Software for GUIs
+  hosts: development-gui
+  roles:
+    - development-gui/ides
+    - development-gui/tools
+
+- name: Services for home.jasonernst.com
+  hosts: home_jasonernst_com
+  roles:
+    - home_jasonernst_com/plex
+    - home_jasonernst_com/transmission
+    - home_jasonernst_com/flaresolver
+    - home_jasonernst_com/jackett
+    - home_jasonernst_com/sonarr
+    - home_jasonernst_com/radarr
+
+- name: Services for www.jasonernst.com
+  hosts: www_jasonernst_com
+  roles:
+    - web_common/nginx
+    - web_common/letsencrypt
+    - www_jasonernst_com/goblog
+
+- name: Services for ombi.jasonernst.com
+  hosts: www_jasonernst_com
+  roles:
+    # enable these when ombi moves to its own server
+    #- web_common/nginx
+    #- web_common/letsencrypt
+    - ombi_jasonernst_com/ombi
+
+- name: AMD GPU related tasks
+  hosts: amd
+  roles:
+    - amd/lolminer
+    - amd/livepeer
+
+- name: Nvidia GPU related tasks
+  hosts: nvidia
+  roles:
+    - nvidia/lolminer
+    - nvidia/livepeer

ansible/roles/mining-amd/tasks/main.yml → ansible/roles/amd/livepeer/tasks/main.yml

@@ -1,20 +1,4 @@
-- name: lolMiner install
-  tags: mining
-  vars:
-    ansible_python_interpreter: "/usr/bin/env python3-docker"
-  docker_container:
-    name: lolminer
-    image: compscidr/lolminer-docker:amd-1.35
-    pull: true
-    restart_policy: unless-stopped
-    devices:
-      - "/dev/dri:/dev/dri"
-    ports:
-      - 4069:4069
-    env:
-      MACHINE: "{{inventory_hostname}}"
-
-- name: Deploy Livepeer Transcoder
+- name: Deploy Livepeer Transcoder without nvidia GPU
   tags: livepeer
   vars:
     ansible_python_interpreter: "/usr/bin/env python3-docker"

ansible/roles/amd/lolminer/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: Deploy lolminer for AMD GPU
+  tags: mining
+  vars:
+    ansible_python_interpreter: "/usr/bin/env python3-docker"
+  docker_container:
+    name: lolminer
+    image: compscidr/lolminer-docker:amd-1.35
+    pull: true
+    restart_policy: unless-stopped
+    devices:
+      - "/dev/dri:/dev/dri"
+    ports:
+      - 4069:4069
+    env:
+      MACHINE: "{{inventory_hostname}}"

ansible/roles/common/lan/tasks/main.yaml

@@ -0,0 +1,27 @@
+- name: Update the ssh/config with each of the lan node name entries
+  tags: ssh
+  blockinfile:
+    create: yes
+    path: "/home/jason/.ssh/config"
+    block: |
+      Host {{ item }}
+      Hostname {{ item }}
+      User jason
+      IdentityFile ~/.ssh/github_id_rsa
+    marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
+  with_inventory_hostnames:
+    - lan
+
+- name: Update the ssh/config with each of the wan node name entries
+  tags: ssh
+  blockinfile:
+    create: yes
+    path: "/home/jason/.ssh/config"
+    block: |
+      Host {{ item }}
+      Hostname {{ item }}
+      User jason
+      IdentityFile ~/.ssh/id_rsa
+    marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
+  with_inventory_hostnames:
+    - all, !lan