GHP publish

playbooks/ghp/bootstrap.yaml

@@ -0,0 +1,27 @@
+- hosts: localhost
+  connection: local
+  pre_tasks:
+    - name: Check docker is working
+      shell: docker info
+      register: docker_info
+      changed_when: "docker_info.rc != 0"
+      failed_when: "docker_info.rc != 0"
+    - name: Check Helm installed
+      shell: helm version
+      register: helm_version
+      changed_when: "helm_version.rc != 0"
+      failed_when: "helm_version.rc != 0"
+    - name: Helm version
+      debug:
+        msg: "{{ helm_version.stdout }}"
+    - name: Check kubectl installed and have access to cluster
+      shell: kubectl get nodes
+      register: kubectl_cluster_nodes
+      changed_when: "kubectl_cluster_nodes.rc != 0"
+      failed_when: "kubectl_cluster_nodes.rc != 0"
+    - name: Kubectl nodes output
+      debug:
+        msg: "{{ kubectl_cluster_nodes.stdout.split('\n') }}"
+  roles:
+    - helm-repos
+    - pwgen

playbooks/ghp/cert-manager.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - cert-manager

playbooks/ghp/chartmuseum.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - chartmuseum

playbooks/ghp/core-infra.yaml

@@ -0,0 +1,75 @@
+---
+- hosts: k8s
+  connection: local
+  tasks:
+  - name: Deploy MetalLB
+    import_role: 
+      name: metallb
+    when: metallb_enabled | default(true)
+    tags: metallb
+  
+  - name: Deploy External Ingress Nginx
+    import_role: 
+      name: external-ingress-nginx
+    when: external_ingress_nginx_enabled | default(true)
+    tags: 
+      - external-ingress-nginx
+      - ingress-nginx
+
+  - name: Deploy Internal Ingress Nginx
+    import_role: 
+      name: internal-ingress-nginx
+    when: internal_ingress_nginx_enabled | default(true)
+    tags: 
+      - internal-ingress-nginx
+      - ingress-nginx
+
+  - name: Deploy Local Ingress Nginx
+    import_role: 
+      name: internal-ingress-nginx
+    when: local_ingress_nginx_enabled | default(true)
+    tags: 
+      - local-ingress-nginx
+      - ingress-nginx
+
+  - name: Deploy Internal DNS
+    import_role: 
+      name: internal-dns
+    when: internal_dns_enabled | default(true)
+    tags: 
+      - internal-dns
+      - dns
+  
+  - name: Deploy Local DNS
+    import_role: 
+      name: local-dns
+    when: local_dns_enabled | default(true)
+    tags: 
+      - local-dns
+      - dns
+
+  - name: Deploy Service DNS
+    import_role: 
+      name: service-dns
+    when: service_dns_enabled | default(true)
+    tags: 
+      - service-dns
+      - dns
+  
+  - name: Deploy Cert-manager
+    import_role: 
+      name: cert-manager
+    when: cert_manager_enabled | default(true)
+    tags: cert-manager
+  
+  - name: Deploy NFS-client-provisioner
+    import_role: 
+      name: nfs-client-provisioner
+    when: nfs_client_provisioner_enabled | default(true)
+    tags: nfs-client-provisioner
+  
+  - name: Deploy Metrics-server
+    import_role: 
+      name: metrics-server
+    when: metrics_server_enabled | default(true)
+    tags: metrics-server

playbooks/ghp/dns.yaml

@@ -0,0 +1,4 @@
+---
+- hosts: knot_dns
+  roles:
+    - knot

playbooks/ghp/dovecot.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - dovecot

playbooks/ghp/drone.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - drone

playbooks/ghp/external-ingress-nginx.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - external-ingress-nginx

playbooks/ghp/gitea.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - gitea

playbooks/ghp/internal-dns.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - internal-dns

playbooks/ghp/internal-ingress-nginx.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - internal-ingress-nginx

playbooks/ghp/local-dns.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - local-dns

playbooks/ghp/local-ingress-nginx.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - local-ingress-nginx

playbooks/ghp/mail.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - mail

playbooks/ghp/metallb.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - metallb

playbooks/ghp/metrics-server.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - metrics-server

playbooks/ghp/nextcloud.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - nextcloud

playbooks/ghp/nfs-client-provisioner.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - nfs-client-provisioner

playbooks/ghp/opendkim.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - opendkim

playbooks/ghp/opendmarc.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - opendmarc

playbooks/ghp/openldap.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - openldap

playbooks/ghp/playmaker.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - playmaker

playbooks/ghp/postfix.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - postfix

playbooks/ghp/postgres.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - postgres

playbooks/ghp/pypiserver.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - pypiserver

playbooks/ghp/registry.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - registry

playbooks/ghp/roundcube.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - roundcube

playbooks/ghp/rspamd.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - rspamd

playbooks/ghp/shared-infra.yaml

@@ -0,0 +1,27 @@
+---
+- hosts: k8s
+  connection: local
+  tasks:
+  - name: Deploy PostgreSQL
+    import_role: 
+      name: postgres
+    when: postgres_enabled | default(true)
+    tags: postgres
+
+  - name: Deploy OpenLDAP
+    import_role: 
+      name: openldap
+    when: openldap_enabled | default(true)
+    tags: openldap
+
+  - name: Deploy Docker registry
+    import_role: 
+      name: registry
+    when: registry_enabled | default(true)
+    tags: registry
+
+  - name: Deploy ChartMuseum
+    import_role: 
+      name: chartmuseum
+    when: chartmuseum_enabled | default(true)
+    tags: chartmuseum

playbooks/ghp/site.yaml

@@ -0,0 +1,12 @@
+---
+- name: Deploy Core Infrastructure
+  import_playbook: core-infra.yaml
+  tags: core-infra
+
+- name: Deploy Shared Infrastructure
+  import_playbook: shared-infra.yaml
+  tags: shared-infra
+
+- name: Deploy End User Applications
+  import_playbook: user-apps.yaml
+  tags: user-apps

playbooks/ghp/user-apps.yaml

@@ -0,0 +1,63 @@
+---
+- hosts: k8s
+  connection: local
+  tasks:
+  - name: Deploy Mail
+    import_role: 
+      name: mail
+    when: mail_enabled | default(true)
+    tags: mail
+
+  - name: Deploy Nextcloud
+    import_role: 
+      name: nextcloud
+    when: nextcloud_enabled | default(true)
+    tags: nextcloud
+
+  - name: Deploy Bitwarden
+    import_role: 
+      name: bitwarden
+    when: bitwarden_enabled | default(true)
+    tags: bitwarden
+
+  - name: Deploy Gitea
+    import_role: 
+      name: gitea
+    when: gitea_enabled | default(true)
+    tags: gitea
+
+  - name: Deploy Drone
+    import_role: 
+      name: drone
+    when: drone_enabled | default(true)
+    tags: drone
+
+  - name: Deploy WikiJS
+    import_role: 
+      name: wikijs
+    when: wikijs_enabled | default(true)
+    tags: wikijs
+
+  - name: Deploy Playmaker
+    import_role: 
+      name: playmaker
+    when: playmaker_enabled | default(false)
+    tags: playmaker
+
+  - name: Deploy Pypiserver
+    import_role: 
+      name: pypiserver
+    when: pypiserver_enabled | default(false)
+    tags: pypiserver
+
+  - name: Deploy PeerTube
+    import_role: 
+      name: peertube
+    when: peertube_enabled | default(false)
+    tags: peertube
+
+  - name: Deploy Adguard Home
+    import_role: 
+      name: adguard-home
+    when: adguard_enabled | default(false)
+    tags: adguard

playbooks/ghp/vps.yaml

@@ -0,0 +1,17 @@
+---
+- hosts: web_proxy
+  roles:
+    - nginx
+  tags: web-proxy
+
+- hosts: mail_proxy
+  roles:
+    - haproxy
+  tags: mail-proxy
+
+- hosts: ddclient
+  roles:
+    - docker
+    - role: ddclient
+      dockerize: true
+  tags: ddclient

playbooks/ghp/wikijs.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: k8s
+  connection: local
+  roles:
+    - wikijs