diff --git a/inventory.yaml b/inventory.yaml new file mode 100644 index 0000000..24d2c75 --- /dev/null +++ b/inventory.yaml @@ -0,0 +1,22 @@ +proxmox: + hosts: + kunde-a: + ansible_host: 172.17.1.110 + kunde-b: + ansible_host: + +vorlagen: + hosts: + linux-vorlage: + ansible_host: 10.1.1.1 + windows-vorlage: + ansible_host: 10.1.1.2 + +mail-server: + hosts: + smtp-mail01: + ansible_host: 172.17.1.4 + smtp-mail02: + ansible_host: 172.18.1.4 + smtp-mail03: + ansible_host: 172.18.1.4 \ No newline at end of file diff --git a/playbook/add_ssh_key.yaml b/playbook/add_ssh_key.yaml new file mode 100644 index 0000000..1b42fb8 --- /dev/null +++ b/playbook/add_ssh_key.yaml @@ -0,0 +1,18 @@ +- name: ADD SSH-Key to Node + gather_facts: false + hosts: all + tasks: + - name: Create .ssh + file: + path: "/root/.ssh" + state: directory + + - name: create authorized_keys + file: + path: "/root/.ssh/authorized_keys" + state: touch + + - name: add publickey + lineinfile: + path: "/root/.ssh/authorized_keys" + line: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNdRNrH1dPWDce2Y70rij7B5Ef/a3jv3q2D/9M/uNEBicWJmXCZOYlT5iwP/A1hatx6wYZTXcmMffHwuwvTV7pcfIxCyzI4LrdyKVPlmcvx5APut5cbOGMK/qIUwTCYGKstCaVgtna/DWmeYxjDTUO2TalzImGlLMPDEasSc4yAzfvC/EHBo/JFRK5g0beXGeU6OYcJAGQViba9iD4I2M07DD1KY05k4KiOgMJP+n+hXTs5E7VWwfeKWhhtUJUD8dNoPtUW8xdFz3thqstX7WSHq/GTigFa0BuK61TrUQVfN6rbGVsoQMM/N/EtwD48yIxZUHft36Wkgw+PJcKELSfb/ggqCjEXuUoid3AX4dtlLtARoiURJPe5a0PUjuH0JBbVduKjQ/MVIQswJr0rPTbMtZxUxAIbHYhzhmxBlBTPDS7RdZkXh+Hq0dky4KECAs0kaYqoEnt4oX1vHtdBxW1JrBKFJN/djsPpkhzVHCoco576Gs4pI0046qjwy0y7QE= root@STI-AWX01" \ No newline at end of file diff --git a/playbook/add_ssh_windows.yaml b/playbook/add_ssh_windows.yaml new file mode 100644 index 0000000..9502c1e --- /dev/null +++ b/playbook/add_ssh_windows.yaml @@ -0,0 +1,11 @@ +- name: ADD SSH-Key to Node + gather_facts: false + hosts: all + tasks: + - name: Create .ssh + ansible.windows.win_file: + path: ".ssh" + state: directory + + roles: + - role: add-sshkey \ No newline at end of file diff --git a/playbook/install_docker.yaml b/playbook/install_docker.yaml new file mode 100644 index 0000000..0786398 --- /dev/null +++ b/playbook/install_docker.yaml @@ -0,0 +1,34 @@ +- name: Install Docker-Compose.io + gather_facts: false + hosts: test-host + tasks: + - name: Install Git Sudo Curl + apt: + name: "{{ item }}" + state: present + update_cache: yes + with_items: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + register: install_stdot + + - name: Install Debug + debug: + var: install_stdot + + - name: Install docker-compose + ansible.builtin.shell: curl -sSL https://get.docker.com/ | CHANNEL=stable sh + register: docker_compose_log + + - name: Debug Install docker-compose + debug: + var: docker_compose_log + + - name: Check Service is Enable + service: + name: docker + enabled: yes + state: restarted + \ No newline at end of file diff --git a/playbook/install_jenkins.yaml b/playbook/install_jenkins.yaml new file mode 100644 index 0000000..44537b7 --- /dev/null +++ b/playbook/install_jenkins.yaml @@ -0,0 +1,6 @@ +- name: Install Jenkins on Host + hosts: jenkins + gather_facts: false + roles: + - docker + - jenkins \ No newline at end of file diff --git a/playbook/install_kunde_proxmox.yaml b/playbook/install_kunde_proxmox.yaml new file mode 100644 index 0000000..811b9d1 --- /dev/null +++ b/playbook/install_kunde_proxmox.yaml @@ -0,0 +1,157 @@ +- name: Install Example VM's on Proxmox Host + hosts: proxmox + vars_files: + - kunden/{{ kunde }}/defaults.yaml + tasks: + # - name: ADD Vorlage Repo to Host {{ inventory_hostname }} + # ansible.builtin.command: "pvesm add pbs Vorlage --server backup.stines.de --datastore Vorlagen --username stinesvorlagen@pbs --password qZcUqGE2LuZGx9kLyZmJ2LacMg4tvjcMjSNfr6CKXhjGN84Zs4VbYNJ6NCPzzsAE" + # ignore_errors: true + + # ## -------------------------------------------------------------------------------------------------- ## Install Router + - name: Install Router on {{ inventory_hostname }} + ansible.builtin.command: "qmrestore Vorlagen:backup/vm/900/2024-01-19T10:58:20Z 100 --storage=local" + ignore_errors: true + + ## Change VM Name from Router + - name: Change VM Name from Router + ansible.builtin.command: + cmd: "sed -i 's/Router-Vorlage/ROU01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/100.conf" + ignore_errors: true + ## ---------------------------------------------------------------------------------------------------## + + # ## --------------------------------------------------------------------------------------------------- ## Install Linux-Daten-Server + # - name: Install Linux-Daten-Server on {{ inventory_hostname }} + # ansible.builtin.command: "qmrestore Vorlagen:backup/vm/901/2024-01-09T14:37:12Z 101 --storage=local" + # ignore_errors: true + + # ## Change VM Name from Daten-Server + # - name: Change VM Name from Daten-Server + # ansible.builtin.command: + # cmd: "sed -i 's/Linux-Vorlage/DATA01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/101.conf" + # ignore_errors: true + # ## ---------------------------------------------------------------------------------------------------## + + # ## --------------------------------------------------------------------------------------------------- ## Install Linux-Mail-Server + # - name: Install Linux-Mail-Server on {{ inventory_hostname }} + # ansible.builtin.command: "qmrestore Vorlagen:backup/vm/901/2024-01-09T14:37:12Z 102 --storage=local" + # ignore_errors: true + + # ## Change VM Name from Mail-Server + # - name: Change VM Name from Mail-Server + # ansible.builtin.command: + # cmd: "sed -i 's/Linux-Vorlage/SMTP01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/102.conf" + # ignore_errors: true + # ## ---------------------------------------------------------------------------------------------------## + + # ## --------------------------------------------------------------------------------------------------- ## Install RDS-Server + # - name: Install RDS-Server on {{ inventory_hostname }} + # ansible.builtin.command: "qmrestore Vorlagen:backup/vm/902/2024-01-09T14:37:12Z 103 --storage=local" + # ignore_errors: true + + # ## Change VM Name from RDS-Server + # - name: Change VM Name from RDS-Server + # ansible.builtin.command: + # cmd: "sed -i 's/Windows-Vorlage/RDS01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/103.conf" + # ignore_errors: true + # ## ---------------------------------------------------------------------------------------------------## + + # ## --------------------------------------------------------------------------------------------------- ## Install AD-Server + # - name: Install AD-Server on {{ inventory_hostname }} + # ansible.builtin.command: "qmrestore Vorlagen:backup/vm/902/2024-01-19T13:24:03Z 104 --storage=local " + # ignore_errors: true + + # ## Change VM Name from AD-Server + # - name: Change VM Name from AD-Server + # ansible.builtin.command: + # cmd: "sed -i 's/Windows-Vorlage/AD01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/104.conf" + # ignore_errors: true + # ## ---------------------------------------------------------------------------------------------------## + + # ## --------------------------------------------------------------------------------------------------- ## Install EX-Server + # - name: Install EX-Server on {{ inventory_hostname }} + # ansible.builtin.command: "qmrestore Vorlagen:backup/vm/902/2024-01-09T14:37:12Z 105 --storage=local" + # ignore_errors: true + + # ## Change VM Name from EX-Server + # - name: Change VM Name from EX-Server + # ansible.builtin.command: + # cmd: "sed -i 's/Windows-Vorlage/EX01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/105.conf" + # ignore_errors: true + # ## ---------------------------------------------------------------------------------------------------## + + # ## --------------------------------------------------------------------------------------------------- ## Install APP-Server + # - name: Install APP-Server on {{ inventory_hostname }} + # ansible.builtin.command: "qmrestore Vorlagen:backup/vm/902/2024-01-09T14:37:12Z 106 --storage=local" + # ignore_errors: true + + # ## Change VM Name from APP-Server + # - name: Change VM Name from APP-Server + # ansible.builtin.command: + # cmd: "sed -i 's/Windows-Vorlage/APP01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/106.conf" + # ignore_errors: true + # ## ---------------------------------------------------------------------------------------------------## + + # ## --------------------------------------------------------------------------------------------------- ## Install Nextcloud-Server + # - name: Install Nextcloud-Server on {{ inventory_hostname }} + # ansible.builtin.command: "qmrestore Vorlagen:backup/vm/901/2024-01-09T14:37:12Z 107 --storage=local" + # ignore_errors: true + + # ## Change VM Name from Nextcloud-Server + # - name: Change VM Name from Nextcloud-Server + # ansible.builtin.command: + # cmd: "sed -i 's/Linux-Vorlage/NEXT01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/107.conf" + # ignore_errors: true + # ## ---------------------------------------------------------------------------------------------------## + + # ## --------------------------------------------------------------------------------------------------- ## Install Fetchmail-Server + # - name: Install Fetchmail-Server on {{ inventory_hostname }} + # ansible.builtin.command: "qmrestore Vorlagen:backup/vm/901/2024-01-09T14:37:12Z 108 --storage=local" + # ignore_errors: true + + # ## Change VM Name from Fetchmail-Server + # - name: Change VM Name from Fetchmail-Server + # ansible.builtin.command: + # cmd: "sed -i 's/Linux-Vorlage/FETCH01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/108.conf" + # ignore_errors: true + # ## ---------------------------------------------------------------------------------------------------## + + # ## ----------------------------------------Role Install------------------------------------------------## + + roles: + # - role: firewall-proxmox + # - role: vmbr-proxmox + - role: vmstart-proxmox + vars: + vmid: 100 + - role: wait + vars: + vmid: 100 + +- name: Install Router + hosts: router + gather_facts: false + vars_files: + - kunden/{{ kunde }}/defaults.yaml + roles: + - router + +# - name: Start Active-Directory-Server +# hosts: proxmox +# roles: +# - role: vmstart-proxmox +# vars: +# vmid: 104 +# - role: wait +# vars: +# vmid: 104 + +# - name: Install Active-Directory-Server +# hosts: ad-controller +# gather_facts: false +# vars_files: +# - kunden/{{ kunde }}/defaults.yaml +# roles: +# # - windows_default +# - ad-controller +# # ignore_errors: true + diff --git a/playbook/install_proxmox.yaml b/playbook/install_proxmox.yaml new file mode 100644 index 0000000..162e515 --- /dev/null +++ b/playbook/install_proxmox.yaml @@ -0,0 +1,61 @@ +- name: Install Proxmox + hosts: proxmox + tasks: + + - name: Install Default Packages + ansible.builtin.apt: + name: "{{ item }}" + state: present + update_cache: yes + with_items: + - apt-transport-https + - ca-certificates + - curl + - wget + - git + - software-properties-common + + - name: Set Hostname + ansible.builtin.hostname: + name: "{{ inventory_hostname }}" + use: systemd + + - name: Set /etc/hosts + ansible.builtin.shell: "echo '{{ ansible_ssh_host }} {{ inventory_hostname }}' >> /etc/hosts" + register: set_log + + - name: Add REPO Key + ansible.builtin.command: "wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg" + + - name: Add Repository + ansible.builtin.apt_repository: + repo: deb [arch=amd64] http://download.proxmox.com/debian/pve bookworm pve-no-subscription + state: present + + - name: Upgrade Default Packages + ansible.builtin.apt: + update_cache: yes + upgrade: yes + register: upgrade_log + + - name: Install Proxmox Kernel + ansible.builtin.apt: + pkg: + - pve-kernel-6.2 + + - name: Reboot Host {{ inventory_hostname }} + ansible.builtin.reboot: + reboot_timeout: 180 + + - name: Install Proxmox Packages + ansible.builtin.apt: + pkg: + - proxmox-ve + - postfix + - open-iscsi + register: install_pve + + - name: Set Firewall Role + + +# - name: Set Firewall Role \ No newline at end of file diff --git a/playbook/kunden/123456/defaults.yaml b/playbook/kunden/123456/defaults.yaml new file mode 100644 index 0000000..b0b87b8 --- /dev/null +++ b/playbook/kunden/123456/defaults.yaml @@ -0,0 +1,14 @@ +## Kundendaten +kundenname: "Test123123" +kundendomain: "Test.de" +kundennummer: "13211323" +kundenkürzel: "TST" + +## Windows - Systeme +exchange: 1 +rds: 1 +appserver: 1 + +## Cloud Systeme +nextcloud: 1 + diff --git a/playbook/kunden/test-server/defaults.yaml b/playbook/kunden/test-server/defaults.yaml new file mode 100644 index 0000000..e8b83b0 --- /dev/null +++ b/playbook/kunden/test-server/defaults.yaml @@ -0,0 +1,21 @@ +## Kundendaten +kundenname: "Test123123" +kundendomain: "Test.de" +kundennummer: "13211323" +kundenkürzel: "TST" +kunde_public_ip: 1.1.1.1 +kundennetz: 192.168.1.0 + +## Windows - Systeme +exchange: 1 +rds: 1 +appserver: 1 + +## Cloud Systeme +nextcloud: 1 + +## Network Config +publicip: 94.130.17.156 +privatip: 172.20.1 +privatnetworkgw: 172.200.1.1 + diff --git a/playbook/kunden/test-server/files/aduser.csv b/playbook/kunden/test-server/files/aduser.csv new file mode 100644 index 0000000..e69de29 diff --git a/playbook/kunden/test-server/files/import_ad_user.ps1 b/playbook/kunden/test-server/files/import_ad_user.ps1 new file mode 100644 index 0000000..46b619c --- /dev/null +++ b/playbook/kunden/test-server/files/import_ad_user.ps1 @@ -0,0 +1,114 @@ + +<# + .SYNOPSIS + Import-ADUsers.ps1 + + .DESCRIPTION + Import Active Directory users from CSV file. + + .LINK + alitajran.com/import-ad-users-from-csv-powershell + + .NOTES + Written by: ALI TAJRAN + Website: alitajran.com + LinkedIn: linkedin.com/in/alitajran + + .CHANGELOG + V1.00, 04/24/2023 - Initial version + V1.10, 10/14/2023 - Improvement catch block +#> + +# Define the CSV file location and import the data +$Csvfile = "C:\deplyoment\adusers.csv" +$Users = Import-Csv $Csvfile + +# Import the Active Directory module +Import-Module ActiveDirectory + +# Loop through each user +foreach ($User in $Users) { + $GivenName = $User.'First name' + $Surname = $User.'Last name' + $DisplayName = $User.'Display name' + $SamAccountName = $User.'User logon name' + $UserPrincipalName = $User.'User principal name' + $StreetAddress = $User.'Street' + $City = $User.'City' + $State = $User.'State/province' + $PostalCode = $User.'Zip/Postal Code' + $Country = $User.'Country/region' + $JobTitle = $User.'Job Title' + $Department = $User.'Department' + $Company = $User.'Company' + $ManagerDisplayName = $User.'Manager' + $Manager = if ($ManagerDisplayName) { + Get-ADUser -Filter "DisplayName -eq '$ManagerDisplayName'" -Properties DisplayName | + Select-Object -ExpandProperty DistinguishedName + } + $OU = $User.'OU' + $Description = $User.'Description' + $Office = $User.'Office' + $TelephoneNumber = $User.'Telephone number' + $Email = $User.'E-mail' + $Mobile = $User.'Mobile' + $Notes = $User.'Notes' + $AccountStatus = $User.'Account status' + + # Check if the user already exists in AD + $UserExists = Get-ADUser -Filter "SamAccountName -eq '$SamAccountName'" -ErrorAction SilentlyContinue + + if ($UserExists) { + Write-Warning "User '$SamAccountName' already exists in Active Directory." + continue + } + + # Create new user parameters + $NewUserParams = @{ + Name = "$GivenName $Surname" + GivenName = $GivenName + Surname = $Surname + DisplayName = $DisplayName + SamAccountName = $SamAccountName + UserPrincipalName = $UserPrincipalName + StreetAddress = $StreetAddress + City = $City + State = $State + PostalCode = $PostalCode + Country = $Country + Title = $JobTitle + Department = $Department + Company = $Company + Manager = $Manager + Path = $OU + Description = $Description + Office = $Office + OfficePhone = $TelephoneNumber + EmailAddress = $Email + MobilePhone = $Mobile + AccountPassword = (ConvertTo-SecureString "P@ssw0rd1234" -AsPlainText -Force) + Enabled = if ($AccountStatus -eq "Enabled") { $true } else { $false } + ChangePasswordAtLogon = $true # Set the "User must change password at next logon" flag + } + + # Add the info attribute to OtherAttributes only if Notes field contains a value + if (![string]::IsNullOrEmpty($Notes)) { + $NewUserParams.OtherAttributes = @{info = $Notes } + } + + try { + # Create the new AD user + New-ADUser @NewUserParams + Write-Host "User $SamAccountName created successfully." -ForegroundColor Cyan + } + catch { + # Failed to create the new AD user + $ErrorMessage = $_.Exception.Message + if ($ErrorMessage -match "The password does not meet the length, complexity, or history requirement") { + Write-Warning "User $SamAccountName created but account is disabled. $_" + } + else { + Write-Warning "Failed to create user $SamAccountName. $_" + } + } +} \ No newline at end of file diff --git a/playbook/kunden/test-server/inventory.yaml b/playbook/kunden/test-server/inventory.yaml new file mode 100644 index 0000000..121ee73 --- /dev/null +++ b/playbook/kunden/test-server/inventory.yaml @@ -0,0 +1,46 @@ +proxmox: + hosts: + PROX01: + ansible_host: 94.130.17.156 + +router: + hosts: + ROU01: + ansible_host: 110.1.1.1 + ansible_user: admin + vars: + ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o ProxyCommand="ssh -p 22 -W %h:%p -q root@94.130.17.156"' + +vorlage: + hosts: + windows_vorlage: + ansible_host: 110.1.1.50 + # ansible_host: localhost + ansible_user: ansible-admin + # ansible_password: adm.3dfx12 + ansible_port: 22 + ansible_shell_type: cmd + vars: + ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o ProxyCommand="ssh -p 22 -W %h:22 -q root@94.130.17.156"' + +windows: + hosts: + AD01: + ansible_host: 110.1.1.51 + ansible_user: ansible-admin + ansible_password: adm.3dfx12 + ansible_shell_type: cmd + RDS01: + ansible_host: 110.1.1.52 + ansible_user: ansible-admin + ansible_password: adm.3dfx12 + ansible_shell_type: cmd + ansible_connection: ssh + EX01: + ansible_host: 110.1.1.53 + ansible_user: ansible-admin + APP01: + ansible_host: 110.1.1.54 + ansible_user: ansible-admin + vars: + ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o ProxyCommand="ssh -p 22 -W %h:%p -q root@94.130.17.156"' \ No newline at end of file diff --git a/playbook/kunden/tnp-gruppe/defaults.yaml b/playbook/kunden/tnp-gruppe/defaults.yaml new file mode 100644 index 0000000..9b5bbee --- /dev/null +++ b/playbook/kunden/tnp-gruppe/defaults.yaml @@ -0,0 +1,19 @@ +## Kundendaten +kundenname: "Test123123" +kundendomain: "Test.de" +kundennummer: "13211323" +kundenkürzel: "TST" + +## Windows - Systeme +exchange: 1 +rds: 1 +appserver: 1 + +## Cloud Systeme +nextcloud: 1 + +## Network Config +public-ip: "1.2.1.1" +privat-ip: 172.18.1.0 +privat-network-gw: 172.18.1.1 + diff --git a/playbook/kunden/tnp-gruppe/inventory.yaml b/playbook/kunden/tnp-gruppe/inventory.yaml new file mode 100644 index 0000000..a8f4ee9 --- /dev/null +++ b/playbook/kunden/tnp-gruppe/inventory.yaml @@ -0,0 +1,40 @@ +proxmox: + hosts: + tnp-prox01: + ansible_host: 138.201.135.182 + tnp-prox02: + ansible_host: 176.9.65.23 + +linuxserver: + hosts: + tnp-vpn01: + ansible_host: 172.18.1.2 + tnp-data01: + ansible_host: 172.18.1.8 + ansible_port: 222 + tnp-fetch01: + ansible_host: 172.18.1.11 +docker: + hosts: + tnp-mail01: + ansible_host: 172.18.1.4 + tnp-bit01: + ansible_host: 172.18.1.10 + tnp-cloud01: + ansible_host: 172.18.1.12 + +linux: + children: + docker: + linuxserver: + +windowsserver: + hosts: + tnp-rds01: + ansible_host: 172.18.1.3 + tnp-ad01: + ansible_host: 172.18.1.6 + tnp-ex01: + ansible_host: 172.18.1.7 + tnp-app01: + ansible_host: 172.18.1.9 diff --git a/playbook/linux/apt_upgrade.yaml b/playbook/linux/apt_upgrade.yaml new file mode 100644 index 0000000..ae56c3f --- /dev/null +++ b/playbook/linux/apt_upgrade.yaml @@ -0,0 +1,23 @@ +- name: APT Upgrade + hosts: all + gather_facts: false + tasks: + - name: APT Upgrade + ansible.builtin.apt: + update_cache: true + upgrade: dist + register: apt_output + + - name: APT Stdout + debug: + var: apt_output + + - name: Restart SSHD + ansible.builtin.service: + name: sshd + state: restarted + register: sshd_stdout + + - name: SSHD Restart + debug: + var: sshd_stdout \ No newline at end of file diff --git a/playbook/ping-test.yaml b/playbook/ping-test.yaml new file mode 100644 index 0000000..3a99265 --- /dev/null +++ b/playbook/ping-test.yaml @@ -0,0 +1,25 @@ + + +- name: Ping to Host "{{ inventory_hostname }}" + hosts: all + gather_facts: false + tasks: + + - name: Ping Test an "{{ inventory_hostname }}" + ansible.windows.win_ping: + register: ping_test + + - name: Debug + ansible.builtin.debug: + var: ping_test + + + - name: Run basic PowerShell script + ansible.windows.win_powershell: + script: | + ls + register: hello + + - name: Debug hello + ansible.builtin.debug: + var: hello \ No newline at end of file diff --git a/playbook/roles/add-sshkey/files/authorized_keys b/playbook/roles/add-sshkey/files/authorized_keys new file mode 100644 index 0000000..9fe7915 --- /dev/null +++ b/playbook/roles/add-sshkey/files/authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNdRNrH1dPWDce2Y70rij7B5Ef/a3jv3q2D/9M/uNEBicWJmXCZOYlT5iwP/A1hatx6wYZTXcmMffHwuwvTV7pcfIxCyzI4LrdyKVPlmcvx5APut5cbOGMK/qIUwTCYGKstCaVgtna/DWmeYxjDTUO2TalzImGlLMPDEasSc4yAzfvC/EHBo/JFRK5g0beXGeU6OYcJAGQViba9iD4I2M07DD1KY05k4KiOgMJP+n+hXTs5E7VWwfeKWhhtUJUD8dNoPtUW8xdFz3thqstX7WSHq/GTigFa0BuK61TrUQVfN6rbGVsoQMM/N/EtwD48yIxZUHft36Wkgw+PJcKELSfb/ggqCjEXuUoid3AX4dtlLtARoiURJPe5a0PUjuH0JBbVduKjQ/MVIQswJr0rPTbMtZxUxAIbHYhzhmxBlBTPDS7RdZkXh+Hq0dky4KECAs0kaYqoEnt4oX1vHtdBxW1JrBKFJN/djsPpkhzVHCoco576Gs4pI0046qjwy0y7QE= root@STI-AWX01 \ No newline at end of file diff --git a/playbook/roles/add-sshkey/tasks/main.yaml b/playbook/roles/add-sshkey/tasks/main.yaml new file mode 100644 index 0000000..ba2fe64 --- /dev/null +++ b/playbook/roles/add-sshkey/tasks/main.yaml @@ -0,0 +1,4 @@ +- name: Copy a ssh-key to Windows Server file + ansible.windows.win_copy: + src: authorized_keys + dest: C:\Users\ansible-admin\.ssh\ \ No newline at end of file diff --git a/playbook/roles/ansible_ip/tasks/main.yaml b/playbook/roles/ansible_ip/tasks/main.yaml new file mode 100644 index 0000000..226d74f --- /dev/null +++ b/playbook/roles/ansible_ip/tasks/main.yaml @@ -0,0 +1,15 @@ +--- +- name: ADD static Ansible-IP Address {{ ansible_host }} + win_shell: "Get-NetIpAddress -InterfaceAlias 'Ethernet 2' | New-NetIpAddress -IpAddress {{ ansible_host }} -PrefixLength 24 -DefaultGateway 110.1.1.250" + async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout + poll: 0 + +- name: Set IP Adress to {{ ip }} + win_shell: "Set-NetIpAddress -InterfaceAlias 'Ethernet 2' -IpAddress {{ ip }} -PrefixLength 24" + async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout + poll: 0 + +- name: Remove IPAdress 110.1.1.50 + win_shell: "Remove-NetIPAddress -IpAddress 110.1.1.50 -Confirm:$false" + async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout + poll: 0 \ No newline at end of file diff --git a/playbook/roles/docker/tasks/main.yaml b/playbook/roles/docker/tasks/main.yaml new file mode 100644 index 0000000..bf873ed --- /dev/null +++ b/playbook/roles/docker/tasks/main.yaml @@ -0,0 +1,28 @@ +- ansible.builtin.stat: + path: /usr/local/bin/docker-compose + register: stat_result + +- ansible.builtin.debug: + var: stat_result + +- ansible.builtin.apt: + name: "{{ item }}" + state: present + update_cache: yes + with_items: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + when: stat_result.stat.exists == False + +- ansible.builtin.shell: + cmd: curl -sSL https://get.docker.com/ | CHANNEL=stable sh + when: stat_result.stat.exists == False + +- ansible.builtin.service: + name: docker + enabled: yes + state: restarted + when: stat_result.stat.exists == False + \ No newline at end of file diff --git a/playbook/roles/firewall-proxmox/tasks/main.yaml b/playbook/roles/firewall-proxmox/tasks/main.yaml new file mode 100644 index 0000000..46500c2 --- /dev/null +++ b/playbook/roles/firewall-proxmox/tasks/main.yaml @@ -0,0 +1,18 @@ +- name: Ping to Host "{{ inventory_hostname }}" + ansible.builtin.ping: + +- name: ADD Firewall Role Ports 22,8006 for Primary Interface + ansible.builtin.shell: + iptables -t nat -A PREROUTING -i $(ip route get 8.8.8.8 | sed -n 's/.* dev \([^\ ]*\) .*/\1/p') -p tcp -m multiport ! --dport 22,8006 -j DNAT --to 10.0.0.2 + +- name: ADD Firewall Role Ports UDP for Primary Interface + ansible.builtin.shell: + iptables -t nat -A PREROUTING -i $(ip route get 8.8.8.8 | sed -n 's/.* dev \([^\ ]*\) .*/\1/p') -p udp -j DNAT --to 10.0.0.2 + +- name: ADD Firewall Role Privat Network + ansible.builtin.shell: + iptables -t nat -A POSTROUTING -s '10.0.0.0/30' -o $(ip route get 8.8.8.8 | sed -n 's/.* dev \([^\ ]*\) .*/\1/p') -j MASQUERADE + +- name: ADD IPv4 Forwarding + ansible.builtin.shell: + echo 1 > /proc/sys/net/ipv4/ip_forward \ No newline at end of file diff --git a/playbook/roles/jenkins/tasks/main.yaml b/playbook/roles/jenkins/tasks/main.yaml new file mode 100644 index 0000000..04b1acc --- /dev/null +++ b/playbook/roles/jenkins/tasks/main.yaml @@ -0,0 +1,9 @@ +- name: Install Jenkins Docker + community.docker.docker_container: + name: jenkins + image: jenkins/jenkins:latest + volumes: + - ./data + ports: + - 8080:8080 + state: started \ No newline at end of file diff --git a/playbook/roles/openssh-server-service/tasks/main.yaml b/playbook/roles/openssh-server-service/tasks/main.yaml new file mode 100644 index 0000000..9b127d8 --- /dev/null +++ b/playbook/roles/openssh-server-service/tasks/main.yaml @@ -0,0 +1,5 @@ +- name: Enable OpenSSH Server Service + ansible.windows.win_service: + name: sshd + start_mode: auto + state: started \ No newline at end of file diff --git a/playbook/roles/router/tasks/main.yaml b/playbook/roles/router/tasks/main.yaml new file mode 100644 index 0000000..8eb4495 --- /dev/null +++ b/playbook/roles/router/tasks/main.yaml @@ -0,0 +1,130 @@ +# - name: Install Pfsense-Sudo Package +# ansible.builtin.shell: +# cmd: pkg install -y pfsense-pkg-sudo + +- name: Set Hostname to "{{ kundenkürzel }}-ROU01" + pfsensible.core.pfsense_setup: + hostname: "{{ kundenkürzel }}-ROU01" + domain: "{{ kundendomain }}" + +- name: Set timezone and language + pfsensible.core.pfsense_setup: + timezone: Europe/Berlin + language: de_DE + +- name: Enable Interface vtnet1 (Privat-Network) + pfsensible.core.pfsense_interface: + descr: LAN + interface: vtnet1 + ipv4_address: "{{ privatip }}.1" + ipv4_prefixlen: 24 + ipv4_type: static + enable: true + +- name: "Add NAT port 25 forward traffic rule" + pfsensible.core.pfsense_nat_port_forward: + descr: 'Port 25' + interface: wan + source: any + destination: any:25 + target: "{{ privatip }}.2:25" + associated_rule: associated + state: present + +- name: "Add NAT port 80 forward traffic rule" + pfsensible.core.pfsense_nat_port_forward: + descr: 'Port 80' + interface: wan + source: any + destination: any:80 + target: "{{ privatip }}.3:80" + associated_rule: associated + state: present + +- name: "Add NAT port 443 forward traffic rule" + pfsensible.core.pfsense_nat_port_forward: + descr: 'Port 443' + interface: wan + source: any + destination: any:443 + target: "{{ privatip }}.3:443" + associated_rule: associated + state: present + +- name: "Add NAT port 465 forward traffic rule" + pfsensible.core.pfsense_nat_port_forward: + descr: 'Port 465' + interface: wan + source: any + destination: any:465 + target: "{{ privatip }}.2:465" + associated_rule: associated + state: present + +- name: "Add NAT port 993 forward traffic rule" + pfsensible.core.pfsense_nat_port_forward: + descr: 'Port 993' + interface: wan + source: any + destination: any:993 + target: "{{ privatip }}.2:993" + associated_rule: associated + state: present + +- name: "Add NAT port 587 forward traffic rule" + pfsensible.core.pfsense_nat_port_forward: + descr: 'Port 587' + interface: wan + source: any + destination: any:587 + target: "{{ privatip }}.2:587" + associated_rule: associated + state: present + +- name: "Add NAT port 4500 forward traffic rule" + pfsensible.core.pfsense_nat_port_forward: + descr: 'Port 4500' + interface: wan + source: any + destination: any:4500 + target: "{{ privatip }}.1:4500" + associated_rule: associated + state: present + protocol: udp + +- name: "Add NAT port 500 forward traffic rule" + pfsensible.core.pfsense_nat_port_forward: + descr: 'Port 500' + interface: wan + source: any + destination: any:500 + target: "{{ privatip }}.1:500" + associated_rule: associated + state: present + protocol: udp + +- name: Add IPSEC "{{ kundenkürzel }} - Tunnel" + pfsensible.core.pfsense_ipsec: + state: present + descr: "{{ kundenkürzel }} - Tunnel" + interface: wan + remote_gateway: "{{ kunde_public_ip }}" + iketype: ikev1 + mode: main + authentication_method: pre_shared_key + preshared_key: "{{ lookup('community.general.random_string', base64=True, length=32) }}" + +- name: Add Phases 1 to IPSEC "{{ kundenkürzel }} - Tunnel" + pfsensible.core.pfsense_ipsec_p2: + p1_descr: "{{ kundenkürzel }} - Tunnel" + descr: "{{ kundenkürzel }} - Phase 2" + state: present + apply: False + mode: tunnel + local: "{{ privatip }}.1/24" + remote: "{{ kundennetz }}/24" + aes: True + aes256gcm: true + aes_len: auto + aes256gcm_len: auto + sha256: True \ No newline at end of file diff --git a/playbook/roles/upgrades/tasks/main.yaml b/playbook/roles/upgrades/tasks/main.yaml new file mode 100644 index 0000000..303d327 --- /dev/null +++ b/playbook/roles/upgrades/tasks/main.yaml @@ -0,0 +1,9 @@ +- name: Linux Updates + ansible.builtin.apt: + update_cache: true + upgrade: yes + register: upgrade + +- name: Debug Install + ansible.builtin.debug: + var: upgrade \ No newline at end of file diff --git a/playbook/roles/vmbr-proxmox/tasks/main.yaml b/playbook/roles/vmbr-proxmox/tasks/main.yaml new file mode 100644 index 0000000..85031f4 --- /dev/null +++ b/playbook/roles/vmbr-proxmox/tasks/main.yaml @@ -0,0 +1,15 @@ +- name: Create vmbr1 + ansible.builtin.shell: + cmd: echo "auto vmbr1\niface vmbr1 inet static\n\taddress 10.0.0.1/30\n\tbridge-ports none\n\tbridge-stp off\n\tbridge-fd 0" | sudo tee -a /etc/network/interfaces + +- name: Create vmbr2 + ansible.builtin.shell: + cmd: echo "auto vmbr2\niface vmbr2 inet static\n\taddress "{{ privatip }}.250/24"\n\tbridge-ports none\n\tbridge-stp off\n\tbridge-fd 0" | sudo tee -a /etc/network/interfaces + +- name: Create vmbr100 + ansible.builtin.shell: + cmd: echo "auto vmbr100\niface vmbr100 inet static\n\taddress 110.1.1.250/24\n\tbridge-ports none\n\tbridge-stp off\n\tbridge-fd 0" | sudo tee -a /etc/network/interfaces + +- name: Restart Networking Service + ansible.builtin.shell: + cmd: service networking restart diff --git a/playbook/roles/vmstart-proxmox/tasks/main.yaml b/playbook/roles/vmstart-proxmox/tasks/main.yaml new file mode 100644 index 0000000..d2c6fca --- /dev/null +++ b/playbook/roles/vmstart-proxmox/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- name: Start VM "{{ inventory_hostname }}" + ansible.builtin.shell: + cmd: qm start "{{ vmid }}" \ No newline at end of file diff --git a/playbook/roles/wait/tasks/main.yaml b/playbook/roles/wait/tasks/main.yaml new file mode 100644 index 0000000..311d0b9 --- /dev/null +++ b/playbook/roles/wait/tasks/main.yaml @@ -0,0 +1,4 @@ +- name: WAIT for VM "{{ vmid }}" + ansible.builtin.wait_for_connection: + delay: 10 + timeout: "{{ timeout_set }}" \ No newline at end of file diff --git a/playbook/roles/windows_adcontroller_install/files/GPO.zip b/playbook/roles/windows_adcontroller_install/files/GPO.zip new file mode 100644 index 0000000..62a48af Binary files /dev/null and b/playbook/roles/windows_adcontroller_install/files/GPO.zip differ diff --git a/playbook/roles/windows_adcontroller_install/files/all.zip b/playbook/roles/windows_adcontroller_install/files/all.zip new file mode 100644 index 0000000..f3f380f Binary files /dev/null and b/playbook/roles/windows_adcontroller_install/files/all.zip differ diff --git a/playbook/roles/windows_adcontroller_install/files/checkliste.txt b/playbook/roles/windows_adcontroller_install/files/checkliste.txt new file mode 100644 index 0000000..da386dc --- /dev/null +++ b/playbook/roles/windows_adcontroller_install/files/checkliste.txt @@ -0,0 +1,5 @@ +Das ist Checklist für nach der Grundinstallation +- User kontollieren ob alle angelegt sind +- Azure-Client Einrichten (siehe HOWTo Cloud) +- Lizneznmanager Einrichten (siehe HOWTo Cloud) +- \ No newline at end of file diff --git a/playbook/roles/windows_adcontroller_install/tasks/main.yaml b/playbook/roles/windows_adcontroller_install/tasks/main.yaml new file mode 100644 index 0000000..34efdc9 --- /dev/null +++ b/playbook/roles/windows_adcontroller_install/tasks/main.yaml @@ -0,0 +1,221 @@ +- name: Check AD-Controller Service exists + ansible.builtin.win_service: + name: NTLD + register: file_check_ntld + ignore_unreachable: yes + +- name: Install Active-Directory-Service + ansible.builtin.win_shell: + Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools -IncludeAllSubFeature + when: file_check_ntld.exists == False + +- name: Reboot ad-controller + ansible.builtin.win_shell: + shutdown -t 0 -r + when: file_check_ntld.exists == False + +- name: Wait for Server Reboot + ansible.builtin.wait_for_connection: + delay: 10 + timeout: 60 + when: file_check_ntld.exists == False + +- name: Disable Local-Administrator-User + ansible.builtin.win_user: + name: Administrator + account_disabled: true + when: file_check_ntld.exists == False + +- name: Install-ADDSForest + ansible.builtin.win_shell: | + $password = ConvertTo-SecureString -String "adm.3dfx12" -AsPlainText -Force + Install-ADDSForest -DomainName {{ kundendomain }} -InstallDNS:$true -SafeModeAdministratorPassword $password -DomainMode WinThreshold -ForestMode WinThreshold -Force + when: file_check_ntld.exists == False + +- name: Wait for Server Reboot + ansible.builtin.wait_for_connection: + delay: 10 + # timeout: 300 + when: file_check_ntld.exists == False + +- name: Disable AD-Administrator-User + ansible.builtin.win_shell: + Disable-ADAccount -Identity "Administrator" + when: file_check_ntld.exists == False + +- name: ADD Reverse DNS Zone + ansible.builtin.win_shell: + Add-DnsServerPrimaryZone -NetworkID "{{privatip}}/24" -ReplicationScope "Domain"eml.kommerziale@tnp-gruppe.deeml.kommerziale@tnp-gruppe.de + +- name: ADD DNS Roles + ansible.builtin.win_shell: | + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-ROU01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.1" -CreatePtr:$true + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-SMTP01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.2" -CreatePtr:$true + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-HAPROX01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.3" -CreatePtr:$true + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-NEXT01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.4" -CreatePtr:$true + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-DATA01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.5" -CreatePtr:$true + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-CMS01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.6" -CreatePtr:$true + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-AD01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.8" -CreatePtr:$true + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-RDS01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.7" -CreatePtr:$true + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-EX01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.9" -CreatePtr:$true + Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-APP01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.10" -CreatePtr:$true + +- name: Create OU System-Accounts + ansible.builtin.win_shell: + New-ADOrganizationalUnit -Name "System-Accounts" -Path "DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" + +- name: Create OU System-Accounts + ansible.builtin.win_shell: + New-ADOrganizationalUnit -Name "System-Gruppen" -Path "DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" + +- name: Create OU Kunden-Gruppen + ansible.builtin.win_shell: + New-ADOrganizationalUnit -Name "{{ kundenkürzel }}-Gruppen" -Path "DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" + +- name: Create OU Kunden-Gruppen + ansible.builtin.win_shell: + New-ADOrganizationalUnit -Name "{{ kundenkürzel }}-Benutzer" -Path "DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" + +- name: Create Stines Admin + ansible.builtin.win_shell: | + $adminpw = ConvertTo-SecureString -String "adm.3dfx12" -AsPlainText -Force + New-ADUser -Name "Stines Admin" -GivenName "Stines" -Surname "Admin" -SamAccountName "stinessu" -UserPrincipalName "stinessu@{{kundendomain}}" -Path "OU=System-Accounts,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Enabled $true -AccountPassword $adminpw -ChangePasswordAtLogon:$false -PasswordNeverExpires:$true + Add-ADGroupMember -Identity Domänen-Admins -Members stinessu + $group = get-adgroup "Domänen-Admins" -properties @("primaryGroupToken") + get-aduser "stinessu" | set-aduser -replace @{primaryGroupID=$group.primaryGroupToken} + +- name: Create LDAP-Gruppe + ansible.builtin.win_shell: | + New-ADGroup -Name "LDAP-Admins" -SamAccountName LDAPAdmins -GroupCategory Security -GroupScope Global -DisplayName "LDAP-Admins" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "LDAP Admins für LDAP Verbindungen" + +- name: Create Mail-Gruppe + ansible.builtin.win_shell: | + New-ADGroup -Name "Mail-User" -SamAccountName MailUser -GroupCategory Security -GroupScope Global -DisplayName "Mail-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "E-Mail Mitglieder" + +- name: Create Exchange-Gruppe + ansible.builtin.win_shell: | + New-ADGroup -Name "EX-User" -SamAccountName EXUser -GroupCategory Security -GroupScope Global -DisplayName "EX-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "Exchange Mitglieder" + +- name: Create Bitwarden-Gruppe + ansible.builtin.win_shell: | + New-ADGroup -Name "Bitwarden-User" -SamAccountName BitwardenUser -GroupCategory Security -GroupScope Global -DisplayName "Bitwarden-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "Bitwarden Mitglieder" + +- name: Create Nextcloud-Gruppe + ansible.builtin.win_shell: | + New-ADGroup -Name "Nextcloud-User" -SamAccountName NextcloudUser -GroupCategory Security -GroupScope Global -DisplayName "Nextcloud-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "Nextcloud Mitglieder" + +- name: Create RDS-Gruppe + ansible.builtin.win_shell: | + New-ADGroup -Name "RDS-User" -SamAccountName RDSUser -GroupCategory Security -GroupScope Global -DisplayName "RDS-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "RDS Mitglieder" + +- name: Create VPN-Gruppe + ansible.builtin.win_shell: | + New-ADGroup -Name "VPN-User" -SamAccountName VPNUser -GroupCategory Security -GroupScope Global -DisplayName "VPN-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "VPN Mitglieder" + +- name: Create Daten-Gruppe + ansible.builtin.win_shell: | + New-ADGroup -Name "Daten-User" -SamAccountName DatenUser -GroupCategory Security -GroupScope Global -DisplayName "Daten-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "Daten Mitglieder" + +- name: Create LDAP-Admin + ansible.builtin.win_shell: | + $adminpw = ConvertTo-SecureString -String "zzLGuggugSG7bwMQruv#3bPLwp4DfQ8Hq9Ldq$D6MPy2m" -AsPlainText -Force + New-ADUser -Name "LDAP Admin" -GivenName "LDAP" -Surname "Admin" -SamAccountName "ldap-admin" -UserPrincipalName "ldap@{{kundendomain}}" -Path "OU=System-Accounts,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Enabled $true -AccountPassword $adminpw -ChangePasswordAtLogon:$false -PasswordNeverExpires:$true + Add-ADGroupMember -Identity LDAPAdmins -Members ldap-admin + $group = get-adgroup "LDAPAdmins" -properties @("primaryGroupToken") + get-aduser "ldap-admin" | set-aduser -replace @{primaryGroupID=$group.primaryGroupToken} + +- name: Create Folder deployment + ansible.builtin.win_file: + path: C:\deployment\ + state: directory + +- name: Create Share Folder deployment + ansible.windows.win_share: + name: deployment + description: deployment + path: C:\deployment + list: false + full: Domänen-Admins + read: RDSUser,Domänen-Benutzer + +- name: Create AD-Controller Shortcuts on Stines-Admin Desktop + community.windows.win_shortcut: + src: '%SystemRoot%\system32\dsa.msc' + dest: C:\Users\Public\Desktop\AD-Controller.lnk + icon: '%SystemRoot%\system32\dsadmin.dll,0' + +- name: Create DNS Shortcuts on Stines-Admin Desktop + community.windows.win_shortcut: + src: '%SystemRoot%\system32\dnsmgmt.msc' + dest: C:\Users\Public\Desktop\DNS.lnk + icon: '%SystemRoot%\system32\dnsmgr.dll' + +- name: Create GPO Shortcuts on Stines-Admin Desktop + community.windows.win_shortcut: + src: '%SystemRoot%\system32\gpmc.msc' + dest: C:\Users\Public\Desktop\GPO.lnk + icon: '%SystemRoot%\system32\gpoadmin.dll' + +- name: Copy aduser CSV File + ansible.builtin.copy: + src: /root/ansible/playbook/kunden/{{ kunde }}/files/aduser.csv + dest: C:\deployment\aduser.csv + +- name: Install Azure-Client + ansible.builtin.win_shell: | + wget https://download.microsoft.com/download/B/0/0/B00291D0-5A83-4DE7-86F5-980BC00DE05A/AzureADConnect.msi -outfile C:\deployment\AzureADConnect.msi +# C:\deployment\AzureADConnect.msi /quiet + +- name: Create GPO Folder PolicyDefinitions + ansible.builtin.win_file: + path: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions + state: directory + +- name: Create GPO Folder PolicyDefinitions\de + ansible.builtin.win_file: + path: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\de + state: directory + +- name: Create GPO Folder PolicyDefinitions\de-DE + ansible.builtin.win_file: + path: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\de-DE + state: directory + +- name: Import ADMX Files + ansible.builtin.copy: + src: all.zip + dest: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\all.zip + +- name: Export ADMX Files + ansible.builtin.win_shell: | + Expand-Archive C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\all.zip -DestinationPath C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\ + +- name: Copy GPO Settings + ansible.builtin.copy: + src: GPO.zip + dest: C:\deployment\GPO.zip + +- name: Export GPO Files + ansible.builtin.win_shell: | + Expand-Archive C:\deployment\GPO.zip -DestinationPath C:\deployment\GPO + +- name: Import GPO Settings + ansible.builtin.win_shell: | + Import-GPO -BackupGpoName "RDS-Clients" -TargetName "RDS-Clients" -path C:\deployment\GPO\RDS-Clients\ -CreateIfNeeded:$true + Import-GPO -BackupGpoName "Exchange-Clients" -TargetName "Exchange-Clients" -path C:\deployment\GPO\Exchange-Clients\ -CreateIfNeeded:$true + Import-GPO -BackupGpoName "Google-Chrome" -TargetName "Google-Chrome" -path C:\deployment\GPO\Google-Chrome\ -CreateIfNeeded:$true + +- name: Install Druck-Server-Service + ansible.builtin.win_shell: + Install-WindowsFeature -Name Print-Server + +# - name: Copy CSV Import Script +# ansible.builtin.copy: +# src: /root/ansible/playbook/kunden/{{ kunde }}/files/import_ad_user.ps1 +# dest: C:\deployment\import_ad_user.ps1 + +# - name: Import ADUser by CSV File +# ansible.builtin.win_shell: | +# cd C:\deployment +# ./import_ad_user.ps1 + \ No newline at end of file diff --git a/playbook/roles/windows_choco_install_defaults/tasks/main.yaml b/playbook/roles/windows_choco_install_defaults/tasks/main.yaml new file mode 100644 index 0000000..977f861 --- /dev/null +++ b/playbook/roles/windows_choco_install_defaults/tasks/main.yaml @@ -0,0 +1,37 @@ +--- +- name: Check Chocolaty Install + ansible.builtin.win_stat: + path: C:\ProgramData\chocolatey\choco.exe + register: file_check + +- name: Install .NetFramwork 4.8 + ansible.builtin.win_shell: | + wget https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/8494001c276a4b96804cde7829c04d7f/ndp48-x86-x64-allos-enu.exe -outfile C:\Windows\temp\ndp48-x86-x64-allos-enu.exe + cd C:\Windows\temp\ + ./ndp48-x86-x64-allos-enu.exe /q + +- name: WAIT for VM "{{ vmid }}" + ansible.builtin.wait_for_connection: + delay: 10 + timeout: "{{ timeout_set }}" + when: file_check.stat.exists == False + +- name: Install Chocolaty + ansible.builtin.win_shell: + "Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))" + when: file_check.stat.exists == False + +- name: Install Google Chrome + ansible.builtin.win_chocolatey: + name: googlechrome + state: present + +- name: Install 7zip + ansible.builtin.win_chocolatey: + name: 7zip + state: present + +- name: Install Javaruntime + ansible.builtin.win_chocolatey: + name: javaruntime + state: present diff --git a/playbook/roles/windows_hostname/tasks/main.yaml b/playbook/roles/windows_hostname/tasks/main.yaml new file mode 100644 index 0000000..0972653 --- /dev/null +++ b/playbook/roles/windows_hostname/tasks/main.yaml @@ -0,0 +1,2 @@ +- name: Change Hostname to {{hostname}} + win_shell: "Rename-Computer -NewName {{hostname}} -Force -Restart" \ No newline at end of file diff --git a/playbook/roles/windows_ip_set/tasks/main.yaml b/playbook/roles/windows_ip_set/tasks/main.yaml new file mode 100644 index 0000000..bc4f3a1 --- /dev/null +++ b/playbook/roles/windows_ip_set/tasks/main.yaml @@ -0,0 +1,19 @@ +- name: Set up static IP address {{privatip}}.8 + win_shell: "Get-NetIpAddress -InterfaceAlias 'Ethernet' | New-NetIpAddress -IpAddress {{privatip}}.8 -PrefixLength 24 -DefaultGateway {{privatip}}.1" + async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout + poll: 0 + when: inventory_hostname == "AD01" + +- name: Set up static IP address {{privatip}}.7 + win_shell: "Get-NetIpAddress -InterfaceAlias 'Ethernet' | New-NetIpAddress -IpAddress {{privatip}}.7 -PrefixLength 24 -DefaultGateway {{privatip}}.1" + async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout + poll: 0 + when: inventory_hostname == "RDS01" + +- name: Set DNS Server + win_shell: "Set-DnsClientServerAddress -InterfaceAlias 'Ethernet' -ServerAddresses ('{{privatip}}.8','1.1.1.1')" + async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout + poll: 0 + +- name: Set {{privatip}} to Privat + win_shell: "Set-NetConnectionProfile -InterfaceAlias 'Ethernet' -NetworkCategory Private" \ No newline at end of file diff --git a/playbook/roles/windows_rds_install/tasks/main.yaml b/playbook/roles/windows_rds_install/tasks/main.yaml new file mode 100644 index 0000000..9f95bfe --- /dev/null +++ b/playbook/roles/windows_rds_install/tasks/main.yaml @@ -0,0 +1,6 @@ +--- +- name: Add PC to Customer Domain + ansible.builtin.win_shell: | + $SecurePassword = ConvertTo-SecureString -String "adm.3dfx12" -AsPlainText -Force + $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList stinessu, $SecurePassword + Add-Computer -DomainName "{{ kundendomain }}" -Credential $Credential -Restart diff --git a/playbook/roles/windows_scheduled_tasks/tasks/main.yaml b/playbook/roles/windows_scheduled_tasks/tasks/main.yaml new file mode 100644 index 0000000..43a136c --- /dev/null +++ b/playbook/roles/windows_scheduled_tasks/tasks/main.yaml @@ -0,0 +1,53 @@ +- name: Reboot Scheduled Tasks + community.windows.win_scheduled_task: + name: Reboot + description: open command prompt + actions: + - path: shutdown.exe + arguments: /r + triggers: + - type: daily + start_boundary: '2024-01-01T23:30:00' + username: SYSTEM + state: present + enabled: yes + +- name: Choco Update Scheduled Tasks + community.windows.win_scheduled_task: + name: Choco Update + description: open command prompt + actions: + - path: C:\ProgramData\chocolatey\choco.exe + arguments: upgrade all --yes --confirm + triggers: + - type: daily + start_boundary: '2024-01-01T22:30:00' + username: SYSTEM + state: present + enabled: yes + +- name: Install NuGet + ansible.builtin.win_shell: + Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force + +- name: Register a PowerShell repository + ansible.builtin.win_shell: + Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted + +- name: Add Windows Update Module + ansible.builtin.win_shell: + Install-Module -Name PSWindowsUpdate + +- name: Windows Update Scheduled Tasks + community.windows.win_scheduled_task: + name: Windows Update + description: open command prompt + actions: + - path: powershell.exe + arguments: -command "Get-WindowsUpdate -AcceptAll -Install" + triggers: + - type: daily + start_boundary: '2024-01-01T22:30:00' + username: SYSTEM + state: present + enabled: yes \ No newline at end of file diff --git a/playbook/run_ad-controller.yaml b/playbook/run_ad-controller.yaml new file mode 100644 index 0000000..1554216 --- /dev/null +++ b/playbook/run_ad-controller.yaml @@ -0,0 +1,35 @@ +--- +- name: Install Setup Defaults + hosts: AD01 + gather_facts: false + vars_files: + - kunden/{{ kunde }}/defaults.yaml + roles: + - role: openssh-server-service + - role: ansible_ip + vars: + ip: "{{ ansible_host }}" + - role: windows_ip_set + vars: + hostip : "{{ ansible_host }}" + - role: windows_hostname + vars: + hostname: "{{ kundenkürzel}}-{{ inventory_hostname }}" + - role: wait + vars: + timeout_set: 60 + vmid: "{{ kundenkürzel}}-{{ inventory_hostname }}" + ignore_errors: true + +- name: Install ad-controller + hosts: AD01 + gather_facts: false + vars_files: + - kunden/{{ kunde }}/defaults.yaml + roles: + - role: windows_choco_install_defaults + vars: + timeout_set: 60 + - role: windows_scheduled_tasks + - role: windows_adcontroller_install + ignore_errors: true \ No newline at end of file diff --git a/playbook/run_rds-server.yaml b/playbook/run_rds-server.yaml new file mode 100644 index 0000000..776395d --- /dev/null +++ b/playbook/run_rds-server.yaml @@ -0,0 +1,35 @@ +--- +- name: Install Setup Defaults + hosts: RDS01 + gather_facts: false + vars_files: + - kunden/{{ kunde }}/defaults.yaml + roles: + - role: openssh-server-service + - role: ansible_ip + vars: + ip: "{{ ansible_host }}" + - role: windows_ip_set + vars: + hostip : "{{ ansible_host }}" + - role: windows_hostname + vars: + hostname: "{{ kundenkürzel}}-{{ inventory_hostname }}" + - role: wait + vars: + timeout_set: 60 + vmid: "{{ kundenkürzel}}-{{ inventory_hostname }}" + ignore_errors: true + +- name: Install RDS-Server + hosts: RDS01 + gather_facts: false + vars_files: + - kunden/{{ kunde }}/defaults.yaml + roles: + - role: windows_choco_install_defaults + vars: + timeout_set: 60 + - role: windows_scheduled_tasks + - role: windows_rds_install + ignore_errors: true \ No newline at end of file diff --git a/playbook/service_test.yaml b/playbook/service_test.yaml new file mode 100644 index 0000000..767ddf9 --- /dev/null +++ b/playbook/service_test.yaml @@ -0,0 +1,14 @@ +--- +- name: Check if a service is installed + hosts: AD01 + gather_facts: false + tasks: + - name: Wait 300 seconds, but only start checking after 60 seconds + ansible.builtin.wait_for_connection: + delay: 10 + timeout: 300 + register: service_info + + - name: Debug + ansible.builtin.debug: + var: service_info \ No newline at end of file diff --git a/playbook/test-firewall-role.yaml b/playbook/test-firewall-role.yaml new file mode 100644 index 0000000..fcdbdab --- /dev/null +++ b/playbook/test-firewall-role.yaml @@ -0,0 +1,9 @@ +- name: Test Role + gather_facts: false + hosts: proxmox + vars_files: + - kunden/{{ kunde }}/defaults.yaml + roles: + - role: vmbr-proxmox + vars: + privat_ip: "{{ privatip }}" diff --git a/playbook/test_router.yaml b/playbook/test_router.yaml new file mode 100644 index 0000000..07913f9 --- /dev/null +++ b/playbook/test_router.yaml @@ -0,0 +1,9 @@ +- name: Test Role + gather_facts: false + hosts: router + vars_files: + - kunden/{{ kunde }}/defaults.yaml + roles: + - role: ROU01 + vars: + privat_ip: "{{ privatip }}" \ No newline at end of file diff --git a/playbook/test_vars.yaml b/playbook/test_vars.yaml new file mode 100644 index 0000000..0d7c995 --- /dev/null +++ b/playbook/test_vars.yaml @@ -0,0 +1,20 @@ +--- + - name: TEst + hosts: all + gather_facts: false + # vars_files: + # - kunden/{{ kunde }}/defaults.yaml + tasks: + - name: Debug + ansible.builtin.debug: + msg: "{{ inventory_hostname }}" + + - name: Test vars + connection: "{{ inventory_hostname }}" + ansible.builtin.shell: + cmd: echo {{ inventory_hostname }}.{{ ansible_host }} + register: test + + - name: Debug test + ansible.builtin.debug: + var: test \ No newline at end of file diff --git a/stines-intern.yaml b/stines-intern.yaml new file mode 100644 index 0000000..885beae --- /dev/null +++ b/stines-intern.yaml @@ -0,0 +1,16 @@ +proxmox: + hosts: + proxmox-ve: + ansible_host: 172.17.1.250 + proxmox-backup: + ansible_host: backup.stines.de + proxmox-test: + ansible_host: 94.130.17.156 + +devops: + hosts: + jenkins: + ansible_host: 172.17.1.117 + jenkins-agent: + ansible_host: 172.17.1.118 +