sascha/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

inital

Browse source
This commit is contained in:
Sascha 2026-03-03 21:45:41 +01:00
commit b6dafc7a73
9 changed files with 391 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
.gitignore vendored Normal file
View file

@ -0,0 +1,18 @@
# Vault Password File
.vault-password
vault-password
*.vault-pass
# Sensible Dateien
*.key
*.pem
*.pfx
# Ansible temporäre Dateien
*.retry
.ansible/
# Editor
.vscode/
*.swp
*~

7
ansible.cfg Normal file
View file

@ -0,0 +1,7 @@
[defaults]
host_key_checking = false
inventory=pfannkuchen.ini
ansible_python_interpreter=/usr/bin/python3
interpreter_python = auto_silent
[ssh_connection]
ssh_args = -o PasswordAuthentication=yes

141
base-debian.yml Normal file
View file

@ -0,0 +1,141 @@
---
- name: Basis-Konfiguration für Debian VMs
hosts: all
become: yes
vars:
# Pfad auf dem Ansible-LXC (Quelle)
source_folder: "/ansible/komodo/"
# Pfad auf der Ziel-VM (Ziel)
dest_folder: "/app-config/komodo/"
tasks:
- name: SSH Key für Benutzer sascha hinterlegen
ansible.posix.authorized_key:
user: chris
state: present
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
- name: Standard Debian Trixie Repositories setzen
copy:
dest: /etc/apt/sources.list
content: |
deb http://ftp.gwdg.de/debian/ trixie main non-free-firmware non-free contrib
deb-src http://ftp.gwdg.de/debian/ trixie main non-free-firmware non-free contrib
deb http://security.debian.org/debian-security trixie-security main non-free-firmware non-free contrib
deb-src http://security.debian.org/debian-security trixie-security main non-free-firmware non-free contrib
deb http://ftp.gwdg.de/debian/ trixie-updates main non-free-firmware non-free contrib
deb-src http://ftp.gwdg.de/debian/ trixie-updates main non-free-firmware non-free contrib
owner: root
group: root
mode: '0644'
register: repo_status
- name: Apt Cache aktualisieren (falls Repos geändert wurden)
apt:
update_cache: yes
when: repo_status.changed
- name: Installiere benötigte Basis-Pakete
apt:
name:
- curl
- gnupg
- ca-certificates
- sudo
- wget
- vim
- mc
state: present
update_cache: yes
- name: Locales-Paket sicherstellen
apt:
name: locales
state: present
- name: en_US.UTF-8 Locale generieren
locale_gen:
name: en_US.UTF-8
state: present
- name: Systemweite Sprache auf en_US.UTF-8 setzen
debconf:
name: locales
question: locales/default_environment_locale
value: en_US.UTF-8
vtype: select
- name: Locale-Datei manuell schreiben (Sicherheitsnetz)
copy:
dest: /etc/default/locale
content: |
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8
- name: Verzeichnis für Keyrings erstellen
file:
path: /etc/apt/keyrings
state: directory
mode: '0755'
- name: Docker GPG Key herunterladen (Modern)
get_url:
url: https://download.docker.com/linux/debian/gpg
dest: /etc/apt/keyrings/docker.asc
mode: '0644'
- name: Docker Repository Datei erstellen
copy:
dest: /etc/apt/sources.list.d/docker.list
content: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable"
mode: '0644'
register: docker_repo
- name: Paketliste aktualisieren
apt:
update_cache: yes
when: docker_repo.changed
- name: Docker Engine installieren
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-compose-plugin
state: present
- name: Zielverzeichnis auf der VM erstellen
file:
path: "{{ dest_folder }}"
state: directory
mode: '0755'
# 2. Sudoers anpassen (Ohne Passwort-Abfrage für die Gruppe sudo)
- name: Gruppe sudo passwortloses sudo erlauben
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
validate: '/usr/sbin/visudo -cf %s'
# 3. Sascha in Gruppen stecken
- name: Benutzer sascha zu sudo und docker Gruppen hinzufügen
user:
name: sascha
groups: sudo,docker
append: yes
- name: Unnötige Pakete entfernen
apt:
autoremove: yes
- name: QEMU Guest Agent installieren und starten
apt:
name: qemu-guest-agent
state: present
- name: Agent Dienst aktivieren
service:
name: qemu-guest-agent
state: started
enabled: yes

14
hawser.yml Normal file
View file

@ -0,0 +1,14 @@
---
- name: Hawser
hosts: all
become: yes
tasks:
- name: Hawser installieren (offizielles Install-Script)
ansible.builtin.shell:
cmd: curl -fsSL https://raw.githubusercontent.com/Finsys/hawser/main/scripts/install.sh | bash
- name: Hawser aktivieren und starten
ansible.builtin.systemd:
name: hawser
enabled: true
state: started
daemon_reload: true

88
nvidia.yml Normal file
View file

@ -0,0 +1,88 @@
---
- name: NVIDIA + Docker Setup fuer Debian Trixie
hosts: all
become: true
vars:
docker_daemon_config:
default-runtime: nvidia
runtimes:
nvidia:
path: nvidia-container-runtime
runtimeArgs: []
tasks:
# --- Repos ----------------------------------------------------------------
- name: NVIDIA Container Toolkit GPG Key hinzufuegen
ansible.builtin.shell: |
curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey \
| gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg
args:
creates: /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg
- name: NVIDIA Container Toolkit Repo hinzufuegen
ansible.builtin.shell: |
curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list \
| sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' \
| tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
args:
creates: /etc/apt/sources.list.d/nvidia-container-toolkit.list
- name: apt update
ansible.builtin.apt:
update_cache: true
# --- Pakete ---------------------------------------------------------------
- name: Kernel Headers und DKMS installieren
ansible.builtin.apt:
name:
- linux-headers-{{ ansible_kernel }}
- dkms
state: present
- name: NVIDIA Treiber installieren
ansible.builtin.apt:
name:
- "nvidia-driver"
state: present
- name: NVIDIA Container Toolkit installieren
ansible.builtin.apt:
name:
- nvidia-container-toolkit
- nvidia-docker2
state: present
- name: NFS und CIFS Pakete installieren
ansible.builtin.apt:
name:
- nfs-common
- cifs-utils
state: present
# --- Docker konfigurieren -------------------------------------------------
- name: /etc/docker Verzeichnis sicherstellen
ansible.builtin.file:
path: /etc/docker
state: directory
mode: "0755"
- name: Docker daemon.json konfigurieren (NVIDIA als default runtime)
ansible.builtin.copy:
content: "{{ docker_daemon_config | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: "0644"
notify: Docker neustarten
- name: nvidia-ctk runtime fuer Docker konfigurieren
ansible.builtin.command: nvidia-ctk runtime configure --runtime=docker
changed_when: false
handlers:
- name: Docker neustarten
ansible.builtin.service:
name: docker
state: restarted

45
pfannkuchen.ini Normal file
View file

@ -0,0 +1,45 @@
[proxmox]
node1 ansible_host=10.10.1.1
node2 ansible_host=10.5.85.200
node4 ansible_host=10.5.85.100
node5 ansible_host=10.5.85.101
[proxmox:vars]
ansible_user=root
[media]
emby_sascha ansible_host=10.5.1.103 ansible_user=sascha
emby_chris ansible_host=10.5.1.106 ansible_user=chris
jellyfin ansible_host=10.5.1.112 ansible_user=sascha ansible_become_method=su ansible_become_password=GT500r8
immich ansible_host=10.4.1.107 ansible_user=sascha ansible_become_method=su ansible_become_password=GT500r8
emby_chris_new ansible_host=10.5.1.117 ansible_user=chris ansible_become_method=su ansible_become_password=Pimmelparty123 ansible_password=Pimmelparty123
[arr]
tdarr ansible_host=10.2.1.104 ansible_user=sascha ansible_become_method=su ansible_become_password=GT500r8
arrapps ansible_host=10.2.1.100 ansible_user=sascha ansible_become_method=su ansible_become_password=GT500r8
sabnzbd ansible_host=10.2.1.119 ansible_user=sascha ansible_become_method=su ansible_become_password=GT500r8
[docker]
dockhand ansible_host=10.4.1.116 ansible_user=sascha ansible_become_method=su ansible_become_password=GT500r8 ansible_password=GT500r8
[auto]
n8n ansible_host=10.4.1.113 ansible_user=sascha ansible_become_method=su ansible_become_password=GT500r8 ansible_password=GT500r8
ansible ansible_host=localhost ansible_user=root
[communication]
matrix ansible_host=10.4.1.110 ansible_user=sascha ansible_become_method=su ansible_become_password=GT500r8 ansible_password=GT500r8
[hetzner]
emby ansible_host=emby ansible_user=root
proxy ansible_host=proxy ansible_user=root
[all:children]
media
arr
media
docker
auto
hetzner
#proxmox

27
sysctl-proxmox.yaml Normal file
View file

@ -0,0 +1,27 @@
---
- name: Sysctl Tuning fuer Proxmox Hosts
hosts: proxmox
become: true
tasks:
- name: Sysctl Parameter setzen
ansible.posix.sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"
sysctl_file: /etc/sysctl.d/99-proxmox-tuning.conf
reload: true
state: present
loop:
# KVM / Virtualisierung
- { key: vm.overcommit_memory, value: "1" }
- { key: vm.swappiness, value: "1" }
# Viele VMs = viele File Handles
- { key: fs.file-max, value: "9999999" }
- { key: fs.inotify.max_user_watches, value: "524288" }
- { key: fs.inotify.max_user_instances, value: "512" }
# Routing zwischen VMs / Bridges
- { key: net.ipv4.ip_forward, value: "1" }
# WireGuard MTU-Anpassung
# TODO: entfernen sobald WireGuard abgeschaltet wird
- { key: net.ipv4.tcp_mtu_probing, value: "1" }

41
sysctl.yaml Normal file
View file

@ -0,0 +1,41 @@
---
- name: Sysctl Tuning fuer Emby
hosts: all
become: true
tasks:
- name: BBR Kernel Modul laden
ansible.builtin.modprobe:
name: tcp_bbr
state: present
- name: BBR Modul beim Boot laden
ansible.builtin.copy:
content: "tcp_bbr\n"
dest: /etc/modules-load.d/bbr.conf
mode: "0644"
- name: Sysctl Parameter setzen
ansible.posix.sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"
sysctl_file: /etc/sysctl.d/99-net-tuning.conf
reload: true
state: present
loop:
- { key: net.core.rmem_default, value: "262144" }
- { key: net.core.wmem_default, value: "262144" }
- { key: net.core.rmem_max, value: "67108864" }
- { key: net.core.wmem_max, value: "67108864" }
- { key: net.ipv4.tcp_rmem, value: "4096 87380 67108864" }
- { key: net.ipv4.tcp_wmem, value: "4096 65536 67108864" }
- { key: net.ipv4.tcp_window_scaling, value: "1" }
- { key: net.ipv4.tcp_congestion_control, value: "bbr" }
- { key: net.ipv4.tcp_slow_start_after_idle, value: "0" }
- { key: net.ipv4.tcp_fastopen, value: "3" }
- { key: net.core.netdev_max_backlog, value: "16384" }
# RAM ist reichlich vorhanden, Transcoding auf tmpfs
- { key: vm.swappiness, value: "1" }
- { key: vm.dirty_ratio, value: "15" }
- { key: vm.dirty_background_ratio, value: "5" }

10
update.yml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Alle VMs aktualisieren
hosts: all
become: yes
tasks:
- name: Update apt cache and upgrade packages
apt:
update_cache: yes
upgrade: dist
autoremove: yes