sebastian.serfling
/
Ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Upload Ansible Files

main
sebastian.serfling 2024-05-08 13:03:34 +02:00
parent 56902d524e
commit 9b520fbcfb
44 changed files with 1334 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
inventory.yaml Normal file
View File

@ -0,0 +1,22 @@
proxmox:
hosts:
kunde-a:
ansible_host: 172.17.1.110
kunde-b:
ansible_host:
vorlagen:
hosts:
linux-vorlage:
ansible_host: 10.1.1.1
windows-vorlage:
ansible_host: 10.1.1.2
mail-server:
hosts:
smtp-mail01:
ansible_host: 172.17.1.4
smtp-mail02:
ansible_host: 172.18.1.4
smtp-mail03:
ansible_host: 172.18.1.4

18
playbook/add_ssh_key.yaml Normal file
View File

@ -0,0 +1,18 @@
- name: ADD SSH-Key to Node
gather_facts: false
hosts: all
tasks:
- name: Create .ssh
file:
path: "/root/.ssh"
state: directory
- name: create authorized_keys
file:
path: "/root/.ssh/authorized_keys"
state: touch
- name: add publickey
lineinfile:
path: "/root/.ssh/authorized_keys"
line: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNdRNrH1dPWDce2Y70rij7B5Ef/a3jv3q2D/9M/uNEBicWJmXCZOYlT5iwP/A1hatx6wYZTXcmMffHwuwvTV7pcfIxCyzI4LrdyKVPlmcvx5APut5cbOGMK/qIUwTCYGKstCaVgtna/DWmeYxjDTUO2TalzImGlLMPDEasSc4yAzfvC/EHBo/JFRK5g0beXGeU6OYcJAGQViba9iD4I2M07DD1KY05k4KiOgMJP+n+hXTs5E7VWwfeKWhhtUJUD8dNoPtUW8xdFz3thqstX7WSHq/GTigFa0BuK61TrUQVfN6rbGVsoQMM/N/EtwD48yIxZUHft36Wkgw+PJcKELSfb/ggqCjEXuUoid3AX4dtlLtARoiURJPe5a0PUjuH0JBbVduKjQ/MVIQswJr0rPTbMtZxUxAIbHYhzhmxBlBTPDS7RdZkXh+Hq0dky4KECAs0kaYqoEnt4oX1vHtdBxW1JrBKFJN/djsPpkhzVHCoco576Gs4pI0046qjwy0y7QE= root@STI-AWX01"

11
playbook/add_ssh_windows.yaml Normal file
View File

@ -0,0 +1,11 @@
- name: ADD SSH-Key to Node
gather_facts: false
hosts: all
tasks:
- name: Create .ssh
ansible.windows.win_file:
path: ".ssh"
state: directory
roles:
- role: add-sshkey

34
playbook/install_docker.yaml Normal file
View File

@ -0,0 +1,34 @@
- name: Install Docker-Compose.io
gather_facts: false
hosts: test-host
tasks:
- name: Install Git Sudo Curl
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
register: install_stdot
- name: Install Debug
debug:
var: install_stdot
- name: Install docker-compose
ansible.builtin.shell: curl -sSL https://get.docker.com/ | CHANNEL=stable sh
register: docker_compose_log
- name: Debug Install docker-compose
debug:
var: docker_compose_log
- name: Check Service is Enable
service:
name: docker
enabled: yes
state: restarted

6
playbook/install_jenkins.yaml Normal file
View File

@ -0,0 +1,6 @@
- name: Install Jenkins on Host
hosts: jenkins
gather_facts: false
roles:
- docker
- jenkins

157
playbook/install_kunde_proxmox.yaml Normal file
View File

@ -0,0 +1,157 @@
- name: Install Example VM's on Proxmox Host
hosts: proxmox
vars_files:
- kunden/{{ kunde }}/defaults.yaml
tasks:
# - name: ADD Vorlage Repo to Host {{ inventory_hostname }}
# ansible.builtin.command: "pvesm add pbs Vorlage --server backup.stines.de --datastore Vorlagen --username stinesvorlagen@pbs --password qZcUqGE2LuZGx9kLyZmJ2LacMg4tvjcMjSNfr6CKXhjGN84Zs4VbYNJ6NCPzzsAE"
# ignore_errors: true
# ## -------------------------------------------------------------------------------------------------- ## Install Router
- name: Install Router on {{ inventory_hostname }}
ansible.builtin.command: "qmrestore Vorlagen:backup/vm/900/2024-01-19T10:58:20Z 100 --storage=local"
ignore_errors: true
## Change VM Name from Router
- name: Change VM Name from Router
ansible.builtin.command:
cmd: "sed -i 's/Router-Vorlage/ROU01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/100.conf"
ignore_errors: true
## ---------------------------------------------------------------------------------------------------##
# ## --------------------------------------------------------------------------------------------------- ## Install Linux-Daten-Server
# - name: Install Linux-Daten-Server on {{ inventory_hostname }}
# ansible.builtin.command: "qmrestore Vorlagen:backup/vm/901/2024-01-09T14:37:12Z 101 --storage=local"
# ignore_errors: true
# ## Change VM Name from Daten-Server
# - name: Change VM Name from Daten-Server
# ansible.builtin.command:
# cmd: "sed -i 's/Linux-Vorlage/DATA01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/101.conf"
# ignore_errors: true
# ## ---------------------------------------------------------------------------------------------------##
# ## --------------------------------------------------------------------------------------------------- ## Install Linux-Mail-Server
# - name: Install Linux-Mail-Server on {{ inventory_hostname }}
# ansible.builtin.command: "qmrestore Vorlagen:backup/vm/901/2024-01-09T14:37:12Z 102 --storage=local"
# ignore_errors: true
# ## Change VM Name from Mail-Server
# - name: Change VM Name from Mail-Server
# ansible.builtin.command:
# cmd: "sed -i 's/Linux-Vorlage/SMTP01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/102.conf"
# ignore_errors: true
# ## ---------------------------------------------------------------------------------------------------##
# ## --------------------------------------------------------------------------------------------------- ## Install RDS-Server
# - name: Install RDS-Server on {{ inventory_hostname }}
# ansible.builtin.command: "qmrestore Vorlagen:backup/vm/902/2024-01-09T14:37:12Z 103 --storage=local"
# ignore_errors: true
# ## Change VM Name from RDS-Server
# - name: Change VM Name from RDS-Server
# ansible.builtin.command:
# cmd: "sed -i 's/Windows-Vorlage/RDS01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/103.conf"
# ignore_errors: true
# ## ---------------------------------------------------------------------------------------------------##
# ## --------------------------------------------------------------------------------------------------- ## Install AD-Server
# - name: Install AD-Server on {{ inventory_hostname }}
# ansible.builtin.command: "qmrestore Vorlagen:backup/vm/902/2024-01-19T13:24:03Z 104 --storage=local "
# ignore_errors: true
# ## Change VM Name from AD-Server
# - name: Change VM Name from AD-Server
# ansible.builtin.command:
# cmd: "sed -i 's/Windows-Vorlage/AD01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/104.conf"
# ignore_errors: true
# ## ---------------------------------------------------------------------------------------------------##
# ## --------------------------------------------------------------------------------------------------- ## Install EX-Server
# - name: Install EX-Server on {{ inventory_hostname }}
# ansible.builtin.command: "qmrestore Vorlagen:backup/vm/902/2024-01-09T14:37:12Z 105 --storage=local"
# ignore_errors: true
# ## Change VM Name from EX-Server
# - name: Change VM Name from EX-Server
# ansible.builtin.command:
# cmd: "sed -i 's/Windows-Vorlage/EX01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/105.conf"
# ignore_errors: true
# ## ---------------------------------------------------------------------------------------------------##
# ## --------------------------------------------------------------------------------------------------- ## Install APP-Server
# - name: Install APP-Server on {{ inventory_hostname }}
# ansible.builtin.command: "qmrestore Vorlagen:backup/vm/902/2024-01-09T14:37:12Z 106 --storage=local"
# ignore_errors: true
# ## Change VM Name from APP-Server
# - name: Change VM Name from APP-Server
# ansible.builtin.command:
# cmd: "sed -i 's/Windows-Vorlage/APP01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/106.conf"
# ignore_errors: true
# ## ---------------------------------------------------------------------------------------------------##
# ## --------------------------------------------------------------------------------------------------- ## Install Nextcloud-Server
# - name: Install Nextcloud-Server on {{ inventory_hostname }}
# ansible.builtin.command: "qmrestore Vorlagen:backup/vm/901/2024-01-09T14:37:12Z 107 --storage=local"
# ignore_errors: true
# ## Change VM Name from Nextcloud-Server
# - name: Change VM Name from Nextcloud-Server
# ansible.builtin.command:
# cmd: "sed -i 's/Linux-Vorlage/NEXT01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/107.conf"
# ignore_errors: true
# ## ---------------------------------------------------------------------------------------------------##
# ## --------------------------------------------------------------------------------------------------- ## Install Fetchmail-Server
# - name: Install Fetchmail-Server on {{ inventory_hostname }}
# ansible.builtin.command: "qmrestore Vorlagen:backup/vm/901/2024-01-09T14:37:12Z 108 --storage=local"
# ignore_errors: true
# ## Change VM Name from Fetchmail-Server
# - name: Change VM Name from Fetchmail-Server
# ansible.builtin.command:
# cmd: "sed -i 's/Linux-Vorlage/FETCH01/g' /etc/pve/nodes/{{ inventory_hostname }}/qemu-server/108.conf"
# ignore_errors: true
# ## ---------------------------------------------------------------------------------------------------##
# ## ----------------------------------------Role Install------------------------------------------------##
roles:
# - role: firewall-proxmox
# - role: vmbr-proxmox
- role: vmstart-proxmox
vars:
vmid: 100
- role: wait
vars:
vmid: 100
- name: Install Router
hosts: router
gather_facts: false
vars_files:
- kunden/{{ kunde }}/defaults.yaml
roles:
- router
# - name: Start Active-Directory-Server
# hosts: proxmox
# roles:
# - role: vmstart-proxmox
# vars:
# vmid: 104
# - role: wait
# vars:
# vmid: 104
# - name: Install Active-Directory-Server
# hosts: ad-controller
# gather_facts: false
# vars_files:
# - kunden/{{ kunde }}/defaults.yaml
# roles:
# # - windows_default
# - ad-controller
# # ignore_errors: true

61
playbook/install_proxmox.yaml Normal file
View File

@ -0,0 +1,61 @@
- name: Install Proxmox
hosts: proxmox
tasks:
- name: Install Default Packages
ansible.builtin.apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- apt-transport-https
- ca-certificates
- curl
- wget
- git
- software-properties-common
- name: Set Hostname
ansible.builtin.hostname:
name: "{{ inventory_hostname }}"
use: systemd
- name: Set /etc/hosts
ansible.builtin.shell: "echo '{{ ansible_ssh_host }} {{ inventory_hostname }}' >> /etc/hosts"
register: set_log
- name: Add REPO Key
ansible.builtin.command: "wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg"
- name: Add Repository
ansible.builtin.apt_repository:
repo: deb [arch=amd64] http://download.proxmox.com/debian/pve bookworm pve-no-subscription
state: present
- name: Upgrade Default Packages
ansible.builtin.apt:
update_cache: yes
upgrade: yes
register: upgrade_log
- name: Install Proxmox Kernel
ansible.builtin.apt:
pkg:
- pve-kernel-6.2
- name: Reboot Host {{ inventory_hostname }}
ansible.builtin.reboot:
reboot_timeout: 180
- name: Install Proxmox Packages
ansible.builtin.apt:
pkg:
- proxmox-ve
- postfix
- open-iscsi
register: install_pve
- name: Set Firewall Role
# - name: Set Firewall Role

14
playbook/kunden/123456/defaults.yaml Normal file
View File

@ -0,0 +1,14 @@
## Kundendaten
kundenname: "Test123123"
kundendomain: "Test.de"
kundennummer: "13211323"
kundenkürzel: "TST"
## Windows - Systeme
exchange: 1
rds: 1
appserver: 1
## Cloud Systeme
nextcloud: 1

21
playbook/kunden/test-server/defaults.yaml Normal file
View File

@ -0,0 +1,21 @@
## Kundendaten
kundenname: "Test123123"
kundendomain: "Test.de"
kundennummer: "13211323"
kundenkürzel: "TST"
kunde_public_ip: 1.1.1.1
kundennetz: 192.168.1.0
## Windows - Systeme
exchange: 1
rds: 1
appserver: 1
## Cloud Systeme
nextcloud: 1
## Network Config
publicip: 94.130.17.156
privatip: 172.20.1
privatnetworkgw: 172.200.1.1

0
playbook/kunden/test-server/files/aduser.csv Normal file
View File

114
playbook/kunden/test-server/files/import_ad_user.ps1 Normal file
View File

@ -0,0 +1,114 @@
<#
.SYNOPSIS
Import-ADUsers.ps1
.DESCRIPTION
Import Active Directory users from CSV file.
.LINK
alitajran.com/import-ad-users-from-csv-powershell
.NOTES
Written by: ALI TAJRAN
Website: alitajran.com
LinkedIn: linkedin.com/in/alitajran
.CHANGELOG
V1.00, 04/24/2023 - Initial version
V1.10, 10/14/2023 - Improvement catch block
#>
# Define the CSV file location and import the data
$Csvfile = "C:\deplyoment\adusers.csv"
$Users = Import-Csv $Csvfile
# Import the Active Directory module
Import-Module ActiveDirectory
# Loop through each user
foreach ($User in $Users) {
$GivenName = $User.'First name'
$Surname = $User.'Last name'
$DisplayName = $User.'Display name'
$SamAccountName = $User.'User logon name'
$UserPrincipalName = $User.'User principal name'
$StreetAddress = $User.'Street'
$City = $User.'City'
$State = $User.'State/province'
$PostalCode = $User.'Zip/Postal Code'
$Country = $User.'Country/region'
$JobTitle = $User.'Job Title'
$Department = $User.'Department'
$Company = $User.'Company'
$ManagerDisplayName = $User.'Manager'
$Manager = if ($ManagerDisplayName) {
Get-ADUser -Filter "DisplayName -eq '$ManagerDisplayName'" -Properties DisplayName |
Select-Object -ExpandProperty DistinguishedName
}
$OU = $User.'OU'
$Description = $User.'Description'
$Office = $User.'Office'
$TelephoneNumber = $User.'Telephone number'
$Email = $User.'E-mail'
$Mobile = $User.'Mobile'
$Notes = $User.'Notes'
$AccountStatus = $User.'Account status'
# Check if the user already exists in AD
$UserExists = Get-ADUser -Filter "SamAccountName -eq '$SamAccountName'" -ErrorAction SilentlyContinue
if ($UserExists) {
Write-Warning "User '$SamAccountName' already exists in Active Directory."
continue
}
# Create new user parameters
$NewUserParams = @{
Name = "$GivenName $Surname"
GivenName = $GivenName
Surname = $Surname
DisplayName = $DisplayName
SamAccountName = $SamAccountName
UserPrincipalName = $UserPrincipalName
StreetAddress = $StreetAddress
City = $City
State = $State
PostalCode = $PostalCode
Country = $Country
Title = $JobTitle
Department = $Department
Company = $Company
Manager = $Manager
Path = $OU
Description = $Description
Office = $Office
OfficePhone = $TelephoneNumber
EmailAddress = $Email
MobilePhone = $Mobile
AccountPassword = (ConvertTo-SecureString "P@ssw0rd1234" -AsPlainText -Force)
Enabled = if ($AccountStatus -eq "Enabled") { $true } else { $false }
ChangePasswordAtLogon = $true # Set the "User must change password at next logon" flag
}
# Add the info attribute to OtherAttributes only if Notes field contains a value
if (![string]::IsNullOrEmpty($Notes)) {
$NewUserParams.OtherAttributes = @{info = $Notes }
}
try {
# Create the new AD user
New-ADUser @NewUserParams
Write-Host "User $SamAccountName created successfully." -ForegroundColor Cyan
}
catch {
# Failed to create the new AD user
$ErrorMessage = $_.Exception.Message
if ($ErrorMessage -match "The password does not meet the length, complexity, or history requirement") {
Write-Warning "User $SamAccountName created but account is disabled. $_"
}
else {
Write-Warning "Failed to create user $SamAccountName. $_"
}
}
}

46
playbook/kunden/test-server/inventory.yaml Normal file
View File

@ -0,0 +1,46 @@
proxmox:
hosts:
PROX01:
ansible_host: 94.130.17.156
router:
hosts:
ROU01:
ansible_host: 110.1.1.1
ansible_user: admin
vars:
ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o ProxyCommand="ssh -p 22 -W %h:%p -q root@94.130.17.156"'
vorlage:
hosts:
windows_vorlage:
ansible_host: 110.1.1.50
# ansible_host: localhost
ansible_user: ansible-admin
# ansible_password: adm.3dfx12
ansible_port: 22
ansible_shell_type: cmd
vars:
ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o ProxyCommand="ssh -p 22 -W %h:22 -q root@94.130.17.156"'
windows:
hosts:
AD01:
ansible_host: 110.1.1.51
ansible_user: ansible-admin
ansible_password: adm.3dfx12
ansible_shell_type: cmd
RDS01:
ansible_host: 110.1.1.52
ansible_user: ansible-admin
ansible_password: adm.3dfx12
ansible_shell_type: cmd
ansible_connection: ssh
EX01:
ansible_host: 110.1.1.53
ansible_user: ansible-admin
APP01:
ansible_host: 110.1.1.54
ansible_user: ansible-admin
vars:
ansible_ssh_common_args: '-o StrictHostKeyChecking=no -o ProxyCommand="ssh -p 22 -W %h:%p -q root@94.130.17.156"'

19
playbook/kunden/tnp-gruppe/defaults.yaml Normal file
View File

@ -0,0 +1,19 @@
## Kundendaten
kundenname: "Test123123"
kundendomain: "Test.de"
kundennummer: "13211323"
kundenkürzel: "TST"
## Windows - Systeme
exchange: 1
rds: 1
appserver: 1
## Cloud Systeme
nextcloud: 1
## Network Config
public-ip: "1.2.1.1"
privat-ip: 172.18.1.0
privat-network-gw: 172.18.1.1

40
playbook/kunden/tnp-gruppe/inventory.yaml Normal file
View File

@ -0,0 +1,40 @@
proxmox:
hosts:
tnp-prox01:
ansible_host: 138.201.135.182
tnp-prox02:
ansible_host: 176.9.65.23
linuxserver:
hosts:
tnp-vpn01:
ansible_host: 172.18.1.2
tnp-data01:
ansible_host: 172.18.1.8
ansible_port: 222
tnp-fetch01:
ansible_host: 172.18.1.11
docker:
hosts:
tnp-mail01:
ansible_host: 172.18.1.4
tnp-bit01:
ansible_host: 172.18.1.10
tnp-cloud01:
ansible_host: 172.18.1.12
linux:
children:
docker:
linuxserver:
windowsserver:
hosts:
tnp-rds01:
ansible_host: 172.18.1.3
tnp-ad01:
ansible_host: 172.18.1.6
tnp-ex01:
ansible_host: 172.18.1.7
tnp-app01:
ansible_host: 172.18.1.9

23
playbook/linux/apt_upgrade.yaml Normal file
View File

@ -0,0 +1,23 @@
- name: APT Upgrade
hosts: all
gather_facts: false
tasks:
- name: APT Upgrade
ansible.builtin.apt:
update_cache: true
upgrade: dist
register: apt_output
- name: APT Stdout
debug:
var: apt_output
- name: Restart SSHD
ansible.builtin.service:
name: sshd
state: restarted
register: sshd_stdout
- name: SSHD Restart
debug:
var: sshd_stdout

25
playbook/ping-test.yaml Normal file
View File

@ -0,0 +1,25 @@
- name: Ping to Host "{{ inventory_hostname }}"
hosts: all
gather_facts: false
tasks:
- name: Ping Test an "{{ inventory_hostname }}"
ansible.windows.win_ping:
register: ping_test
- name: Debug
ansible.builtin.debug:
var: ping_test
- name: Run basic PowerShell script
ansible.windows.win_powershell:
script: |
ls
register: hello
- name: Debug hello
ansible.builtin.debug:
var: hello

1
playbook/roles/add-sshkey/files/authorized_keys Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNdRNrH1dPWDce2Y70rij7B5Ef/a3jv3q2D/9M/uNEBicWJmXCZOYlT5iwP/A1hatx6wYZTXcmMffHwuwvTV7pcfIxCyzI4LrdyKVPlmcvx5APut5cbOGMK/qIUwTCYGKstCaVgtna/DWmeYxjDTUO2TalzImGlLMPDEasSc4yAzfvC/EHBo/JFRK5g0beXGeU6OYcJAGQViba9iD4I2M07DD1KY05k4KiOgMJP+n+hXTs5E7VWwfeKWhhtUJUD8dNoPtUW8xdFz3thqstX7WSHq/GTigFa0BuK61TrUQVfN6rbGVsoQMM/N/EtwD48yIxZUHft36Wkgw+PJcKELSfb/ggqCjEXuUoid3AX4dtlLtARoiURJPe5a0PUjuH0JBbVduKjQ/MVIQswJr0rPTbMtZxUxAIbHYhzhmxBlBTPDS7RdZkXh+Hq0dky4KECAs0kaYqoEnt4oX1vHtdBxW1JrBKFJN/djsPpkhzVHCoco576Gs4pI0046qjwy0y7QE= root@STI-AWX01

4
playbook/roles/add-sshkey/tasks/main.yaml Normal file
View File

@ -0,0 +1,4 @@
- name: Copy a ssh-key to Windows Server file
ansible.windows.win_copy:
src: authorized_keys
dest: C:\Users\ansible-admin\.ssh\

15
playbook/roles/ansible_ip/tasks/main.yaml Normal file
View File

@ -0,0 +1,15 @@
---
- name: ADD static Ansible-IP Address {{ ansible_host }}
win_shell: "Get-NetIpAddress -InterfaceAlias 'Ethernet 2' | New-NetIpAddress -IpAddress {{ ansible_host }} -PrefixLength 24 -DefaultGateway 110.1.1.250"
async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
poll: 0
- name: Set IP Adress to {{ ip }}
win_shell: "Set-NetIpAddress -InterfaceAlias 'Ethernet 2' -IpAddress {{ ip }} -PrefixLength 24"
async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
poll: 0
- name: Remove IPAdress 110.1.1.50
win_shell: "Remove-NetIPAddress -IpAddress 110.1.1.50 -Confirm:$false"
async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
poll: 0

28
playbook/roles/docker/tasks/main.yaml Normal file
View File

@ -0,0 +1,28 @@
- ansible.builtin.stat:
path: /usr/local/bin/docker-compose
register: stat_result
- ansible.builtin.debug:
var: stat_result
- ansible.builtin.apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- apt-transport-https
- ca-certificates
- curl
- software-properties-common
when: stat_result.stat.exists == False
- ansible.builtin.shell:
cmd: curl -sSL https://get.docker.com/ | CHANNEL=stable sh
when: stat_result.stat.exists == False
- ansible.builtin.service:
name: docker
enabled: yes
state: restarted
when: stat_result.stat.exists == False

18
playbook/roles/firewall-proxmox/tasks/main.yaml Normal file
View File

@ -0,0 +1,18 @@
- name: Ping to Host "{{ inventory_hostname }}"
ansible.builtin.ping:
- name: ADD Firewall Role Ports 22,8006 for Primary Interface
ansible.builtin.shell:
iptables -t nat -A PREROUTING -i $(ip route get 8.8.8.8 | sed -n 's/.* dev \([^\ ]*\) .*/\1/p') -p tcp -m multiport ! --dport 22,8006 -j DNAT --to 10.0.0.2
- name: ADD Firewall Role Ports UDP for Primary Interface
ansible.builtin.shell:
iptables -t nat -A PREROUTING -i $(ip route get 8.8.8.8 | sed -n 's/.* dev \([^\ ]*\) .*/\1/p') -p udp -j DNAT --to 10.0.0.2
- name: ADD Firewall Role Privat Network
ansible.builtin.shell:
iptables -t nat -A POSTROUTING -s '10.0.0.0/30' -o $(ip route get 8.8.8.8 | sed -n 's/.* dev \([^\ ]*\) .*/\1/p') -j MASQUERADE
- name: ADD IPv4 Forwarding
ansible.builtin.shell:
echo 1 > /proc/sys/net/ipv4/ip_forward

9
playbook/roles/jenkins/tasks/main.yaml Normal file
View File

@ -0,0 +1,9 @@
- name: Install Jenkins Docker
community.docker.docker_container:
name: jenkins
image: jenkins/jenkins:latest
volumes:
- ./data
ports:
- 8080:8080
state: started

5
playbook/roles/openssh-server-service/tasks/main.yaml Normal file
View File

@ -0,0 +1,5 @@
- name: Enable OpenSSH Server Service
ansible.windows.win_service:
name: sshd
start_mode: auto
state: started

130
playbook/roles/router/tasks/main.yaml Normal file
View File

@ -0,0 +1,130 @@
# - name: Install Pfsense-Sudo Package
# ansible.builtin.shell:
# cmd: pkg install -y pfsense-pkg-sudo
- name: Set Hostname to "{{ kundenkürzel }}-ROU01"
pfsensible.core.pfsense_setup:
hostname: "{{ kundenkürzel }}-ROU01"
domain: "{{ kundendomain }}"
- name: Set timezone and language
pfsensible.core.pfsense_setup:
timezone: Europe/Berlin
language: de_DE
- name: Enable Interface vtnet1 (Privat-Network)
pfsensible.core.pfsense_interface:
descr: LAN
interface: vtnet1
ipv4_address: "{{ privatip }}.1"
ipv4_prefixlen: 24
ipv4_type: static
enable: true
- name: "Add NAT port 25 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 25'
interface: wan
source: any
destination: any:25
target: "{{ privatip }}.2:25"
associated_rule: associated
state: present
- name: "Add NAT port 80 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 80'
interface: wan
source: any
destination: any:80
target: "{{ privatip }}.3:80"
associated_rule: associated
state: present
- name: "Add NAT port 443 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 443'
interface: wan
source: any
destination: any:443
target: "{{ privatip }}.3:443"
associated_rule: associated
state: present
- name: "Add NAT port 465 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 465'
interface: wan
source: any
destination: any:465
target: "{{ privatip }}.2:465"
associated_rule: associated
state: present
- name: "Add NAT port 993 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 993'
interface: wan
source: any
destination: any:993
target: "{{ privatip }}.2:993"
associated_rule: associated
state: present
- name: "Add NAT port 587 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 587'
interface: wan
source: any
destination: any:587
target: "{{ privatip }}.2:587"
associated_rule: associated
state: present
- name: "Add NAT port 4500 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 4500'
interface: wan
source: any
destination: any:4500
target: "{{ privatip }}.1:4500"
associated_rule: associated
state: present
protocol: udp
- name: "Add NAT port 500 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 500'
interface: wan
source: any
destination: any:500
target: "{{ privatip }}.1:500"
associated_rule: associated
state: present
protocol: udp
- name: Add IPSEC "{{ kundenkürzel }} - Tunnel"
pfsensible.core.pfsense_ipsec:
state: present
descr: "{{ kundenkürzel }} - Tunnel"
interface: wan
remote_gateway: "{{ kunde_public_ip }}"
iketype: ikev1
mode: main
authentication_method: pre_shared_key
preshared_key: "{{ lookup('community.general.random_string', base64=True, length=32) }}"
- name: Add Phases 1 to IPSEC "{{ kundenkürzel }} - Tunnel"
pfsensible.core.pfsense_ipsec_p2:
p1_descr: "{{ kundenkürzel }} - Tunnel"
descr: "{{ kundenkürzel }} - Phase 2"
state: present
apply: False
mode: tunnel
local: "{{ privatip }}.1/24"
remote: "{{ kundennetz }}/24"
aes: True
aes256gcm: true
aes_len: auto
aes256gcm_len: auto
sha256: True

9
playbook/roles/upgrades/tasks/main.yaml Normal file
View File

@ -0,0 +1,9 @@
- name: Linux Updates
ansible.builtin.apt:
update_cache: true
upgrade: yes
register: upgrade
- name: Debug Install
ansible.builtin.debug:
var: upgrade

15
playbook/roles/vmbr-proxmox/tasks/main.yaml Normal file
View File

@ -0,0 +1,15 @@
- name: Create vmbr1
ansible.builtin.shell:
cmd: echo "auto vmbr1\niface vmbr1 inet static\n\taddress 10.0.0.1/30\n\tbridge-ports none\n\tbridge-stp off\n\tbridge-fd 0" | sudo tee -a /etc/network/interfaces
- name: Create vmbr2
ansible.builtin.shell:
cmd: echo "auto vmbr2\niface vmbr2 inet static\n\taddress "{{ privatip }}.250/24"\n\tbridge-ports none\n\tbridge-stp off\n\tbridge-fd 0" | sudo tee -a /etc/network/interfaces
- name: Create vmbr100
ansible.builtin.shell:
cmd: echo "auto vmbr100\niface vmbr100 inet static\n\taddress 110.1.1.250/24\n\tbridge-ports none\n\tbridge-stp off\n\tbridge-fd 0" | sudo tee -a /etc/network/interfaces
- name: Restart Networking Service
ansible.builtin.shell:
cmd: service networking restart

4
playbook/roles/vmstart-proxmox/tasks/main.yaml Normal file
View File

@ -0,0 +1,4 @@
---
- name: Start VM "{{ inventory_hostname }}"
ansible.builtin.shell:
cmd: qm start "{{ vmid }}"

4
playbook/roles/wait/tasks/main.yaml Normal file
View File

@ -0,0 +1,4 @@
- name: WAIT for VM "{{ vmid }}"
ansible.builtin.wait_for_connection:
delay: 10
timeout: "{{ timeout_set }}"

BIN
playbook/roles/windows_adcontroller_install/files/GPO.zip Normal file
View File

Binary file not shown.

BIN
playbook/roles/windows_adcontroller_install/files/all.zip Normal file
View File

Binary file not shown.

5
playbook/roles/windows_adcontroller_install/files/checkliste.txt Normal file
View File

@ -0,0 +1,5 @@
Das ist Checklist für nach der Grundinstallation
- User kontollieren ob alle angelegt sind
- Azure-Client Einrichten (siehe HOWTo Cloud)
- Lizneznmanager Einrichten (siehe HOWTo Cloud)
-

221
playbook/roles/windows_adcontroller_install/tasks/main.yaml Normal file
View File

@ -0,0 +1,221 @@
- name: Check AD-Controller Service exists
ansible.builtin.win_service:
name: NTLD
register: file_check_ntld
ignore_unreachable: yes
- name: Install Active-Directory-Service
ansible.builtin.win_shell:
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools -IncludeAllSubFeature
when: file_check_ntld.exists == False
- name: Reboot ad-controller
ansible.builtin.win_shell:
shutdown -t 0 -r
when: file_check_ntld.exists == False
- name: Wait for Server Reboot
ansible.builtin.wait_for_connection:
delay: 10
timeout: 60
when: file_check_ntld.exists == False
- name: Disable Local-Administrator-User
ansible.builtin.win_user:
name: Administrator
account_disabled: true
when: file_check_ntld.exists == False
- name: Install-ADDSForest
ansible.builtin.win_shell: |
$password = ConvertTo-SecureString -String "adm.3dfx12" -AsPlainText -Force
Install-ADDSForest -DomainName {{ kundendomain }} -InstallDNS:$true -SafeModeAdministratorPassword $password -DomainMode WinThreshold -ForestMode WinThreshold -Force
when: file_check_ntld.exists == False
- name: Wait for Server Reboot
ansible.builtin.wait_for_connection:
delay: 10
# timeout: 300
when: file_check_ntld.exists == False
- name: Disable AD-Administrator-User
ansible.builtin.win_shell:
Disable-ADAccount -Identity "Administrator"
when: file_check_ntld.exists == False
- name: ADD Reverse DNS Zone
ansible.builtin.win_shell:
Add-DnsServerPrimaryZone -NetworkID "{{privatip}}/24" -ReplicationScope "Domain"eml.kommerziale@tnp-gruppe.deeml.kommerziale@tnp-gruppe.de
- name: ADD DNS Roles
ansible.builtin.win_shell: |
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-ROU01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.1" -CreatePtr:$true
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-SMTP01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.2" -CreatePtr:$true
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-HAPROX01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.3" -CreatePtr:$true
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-NEXT01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.4" -CreatePtr:$true
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-DATA01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.5" -CreatePtr:$true
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-CMS01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.6" -CreatePtr:$true
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-AD01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.8" -CreatePtr:$true
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-RDS01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.7" -CreatePtr:$true
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-EX01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.9" -CreatePtr:$true
Add-DnsServerResourceRecordA -Name "{{ kundenkürzel }}-APP01" -ZoneName "{{ kundendomain }}" -AllowUpdateAny -IPv4Address "{{privatip}}.10" -CreatePtr:$true
- name: Create OU System-Accounts
ansible.builtin.win_shell:
New-ADOrganizationalUnit -Name "System-Accounts" -Path "DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}"
- name: Create OU System-Accounts
ansible.builtin.win_shell:
New-ADOrganizationalUnit -Name "System-Gruppen" -Path "DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}"
- name: Create OU Kunden-Gruppen
ansible.builtin.win_shell:
New-ADOrganizationalUnit -Name "{{ kundenkürzel }}-Gruppen" -Path "DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}"
- name: Create OU Kunden-Gruppen
ansible.builtin.win_shell:
New-ADOrganizationalUnit -Name "{{ kundenkürzel }}-Benutzer" -Path "DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}"
- name: Create Stines Admin
ansible.builtin.win_shell: |
$adminpw = ConvertTo-SecureString -String "adm.3dfx12" -AsPlainText -Force
New-ADUser -Name "Stines Admin" -GivenName "Stines" -Surname "Admin" -SamAccountName "stinessu" -UserPrincipalName "stinessu@{{kundendomain}}" -Path "OU=System-Accounts,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Enabled $true -AccountPassword $adminpw -ChangePasswordAtLogon:$false -PasswordNeverExpires:$true
Add-ADGroupMember -Identity Domänen-Admins -Members stinessu
$group = get-adgroup "Domänen-Admins" -properties @("primaryGroupToken")
get-aduser "stinessu" | set-aduser -replace @{primaryGroupID=$group.primaryGroupToken}
- name: Create LDAP-Gruppe
ansible.builtin.win_shell: |
New-ADGroup -Name "LDAP-Admins" -SamAccountName LDAPAdmins -GroupCategory Security -GroupScope Global -DisplayName "LDAP-Admins" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "LDAP Admins für LDAP Verbindungen"
- name: Create Mail-Gruppe
ansible.builtin.win_shell: |
New-ADGroup -Name "Mail-User" -SamAccountName MailUser -GroupCategory Security -GroupScope Global -DisplayName "Mail-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "E-Mail Mitglieder"
- name: Create Exchange-Gruppe
ansible.builtin.win_shell: |
New-ADGroup -Name "EX-User" -SamAccountName EXUser -GroupCategory Security -GroupScope Global -DisplayName "EX-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "Exchange Mitglieder"
- name: Create Bitwarden-Gruppe
ansible.builtin.win_shell: |
New-ADGroup -Name "Bitwarden-User" -SamAccountName BitwardenUser -GroupCategory Security -GroupScope Global -DisplayName "Bitwarden-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "Bitwarden Mitglieder"
- name: Create Nextcloud-Gruppe
ansible.builtin.win_shell: |
New-ADGroup -Name "Nextcloud-User" -SamAccountName NextcloudUser -GroupCategory Security -GroupScope Global -DisplayName "Nextcloud-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "Nextcloud Mitglieder"
- name: Create RDS-Gruppe
ansible.builtin.win_shell: |
New-ADGroup -Name "RDS-User" -SamAccountName RDSUser -GroupCategory Security -GroupScope Global -DisplayName "RDS-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "RDS Mitglieder"
- name: Create VPN-Gruppe
ansible.builtin.win_shell: |
New-ADGroup -Name "VPN-User" -SamAccountName VPNUser -GroupCategory Security -GroupScope Global -DisplayName "VPN-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "VPN Mitglieder"
- name: Create Daten-Gruppe
ansible.builtin.win_shell: |
New-ADGroup -Name "Daten-User" -SamAccountName DatenUser -GroupCategory Security -GroupScope Global -DisplayName "Daten-User" -Path "OU=System-Gruppen,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Description "Daten Mitglieder"
- name: Create LDAP-Admin
ansible.builtin.win_shell: |
$adminpw = ConvertTo-SecureString -String "zzLGuggugSG7bwMQruv#3bPLwp4DfQ8Hq9Ldq$D6MPy2m" -AsPlainText -Force
New-ADUser -Name "LDAP Admin" -GivenName "LDAP" -Surname "Admin" -SamAccountName "ldap-admin" -UserPrincipalName "ldap@{{kundendomain}}" -Path "OU=System-Accounts,DC={{ kundendomain.split(".")[0]}},DC={{ kundendomain.split(".")[1]}}" -Enabled $true -AccountPassword $adminpw -ChangePasswordAtLogon:$false -PasswordNeverExpires:$true
Add-ADGroupMember -Identity LDAPAdmins -Members ldap-admin
$group = get-adgroup "LDAPAdmins" -properties @("primaryGroupToken")
get-aduser "ldap-admin" | set-aduser -replace @{primaryGroupID=$group.primaryGroupToken}
- name: Create Folder deployment
ansible.builtin.win_file:
path: C:\deployment\
state: directory
- name: Create Share Folder deployment
ansible.windows.win_share:
name: deployment
description: deployment
path: C:\deployment
list: false
full: Domänen-Admins
read: RDSUser,Domänen-Benutzer
- name: Create AD-Controller Shortcuts on Stines-Admin Desktop
community.windows.win_shortcut:
src: '%SystemRoot%\system32\dsa.msc'
dest: C:\Users\Public\Desktop\AD-Controller.lnk
icon: '%SystemRoot%\system32\dsadmin.dll,0'
- name: Create DNS Shortcuts on Stines-Admin Desktop
community.windows.win_shortcut:
src: '%SystemRoot%\system32\dnsmgmt.msc'
dest: C:\Users\Public\Desktop\DNS.lnk
icon: '%SystemRoot%\system32\dnsmgr.dll'
- name: Create GPO Shortcuts on Stines-Admin Desktop
community.windows.win_shortcut:
src: '%SystemRoot%\system32\gpmc.msc'
dest: C:\Users\Public\Desktop\GPO.lnk
icon: '%SystemRoot%\system32\gpoadmin.dll'
- name: Copy aduser CSV File
ansible.builtin.copy:
src: /root/ansible/playbook/kunden/{{ kunde }}/files/aduser.csv
dest: C:\deployment\aduser.csv
- name: Install Azure-Client
ansible.builtin.win_shell: |
wget https://download.microsoft.com/download/B/0/0/B00291D0-5A83-4DE7-86F5-980BC00DE05A/AzureADConnect.msi -outfile C:\deployment\AzureADConnect.msi
# C:\deployment\AzureADConnect.msi /quiet
- name: Create GPO Folder PolicyDefinitions
ansible.builtin.win_file:
path: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions
state: directory
- name: Create GPO Folder PolicyDefinitions\de
ansible.builtin.win_file:
path: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\de
state: directory
- name: Create GPO Folder PolicyDefinitions\de-DE
ansible.builtin.win_file:
path: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\de-DE
state: directory
- name: Import ADMX Files
ansible.builtin.copy:
src: all.zip
dest: C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\all.zip
- name: Export ADMX Files
ansible.builtin.win_shell: |
Expand-Archive C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\all.zip -DestinationPath C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\
- name: Copy GPO Settings
ansible.builtin.copy:
src: GPO.zip
dest: C:\deployment\GPO.zip
- name: Export GPO Files
ansible.builtin.win_shell: |
Expand-Archive C:\deployment\GPO.zip -DestinationPath C:\deployment\GPO
- name: Import GPO Settings
ansible.builtin.win_shell: |
Import-GPO -BackupGpoName "RDS-Clients" -TargetName "RDS-Clients" -path C:\deployment\GPO\RDS-Clients\ -CreateIfNeeded:$true
Import-GPO -BackupGpoName "Exchange-Clients" -TargetName "Exchange-Clients" -path C:\deployment\GPO\Exchange-Clients\ -CreateIfNeeded:$true
Import-GPO -BackupGpoName "Google-Chrome" -TargetName "Google-Chrome" -path C:\deployment\GPO\Google-Chrome\ -CreateIfNeeded:$true
- name: Install Druck-Server-Service
ansible.builtin.win_shell:
Install-WindowsFeature -Name Print-Server
# - name: Copy CSV Import Script
# ansible.builtin.copy:
# src: /root/ansible/playbook/kunden/{{ kunde }}/files/import_ad_user.ps1
# dest: C:\deployment\import_ad_user.ps1
# - name: Import ADUser by CSV File
# ansible.builtin.win_shell: |
# cd C:\deployment
# ./import_ad_user.ps1

37
playbook/roles/windows_choco_install_defaults/tasks/main.yaml Normal file
View File

@ -0,0 +1,37 @@
---
- name: Check Chocolaty Install
ansible.builtin.win_stat:
path: C:\ProgramData\chocolatey\choco.exe
register: file_check
- name: Install .NetFramwork 4.8
ansible.builtin.win_shell: |
wget https://download.visualstudio.microsoft.com/download/pr/2d6bb6b2-226a-4baa-bdec-798822606ff1/8494001c276a4b96804cde7829c04d7f/ndp48-x86-x64-allos-enu.exe -outfile C:\Windows\temp\ndp48-x86-x64-allos-enu.exe
cd C:\Windows\temp\
./ndp48-x86-x64-allos-enu.exe /q
- name: WAIT for VM "{{ vmid }}"
ansible.builtin.wait_for_connection:
delay: 10
timeout: "{{ timeout_set }}"
when: file_check.stat.exists == False
- name: Install Chocolaty
ansible.builtin.win_shell:
"Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))"
when: file_check.stat.exists == False
- name: Install Google Chrome
ansible.builtin.win_chocolatey:
name: googlechrome
state: present
- name: Install 7zip
ansible.builtin.win_chocolatey:
name: 7zip
state: present
- name: Install Javaruntime
ansible.builtin.win_chocolatey:
name: javaruntime
state: present

2
playbook/roles/windows_hostname/tasks/main.yaml Normal file
View File

@ -0,0 +1,2 @@
- name: Change Hostname to {{hostname}}
win_shell: "Rename-Computer -NewName {{hostname}} -Force -Restart"

19
playbook/roles/windows_ip_set/tasks/main.yaml Normal file
View File

@ -0,0 +1,19 @@
- name: Set up static IP address {{privatip}}.8
win_shell: "Get-NetIpAddress -InterfaceAlias 'Ethernet' | New-NetIpAddress -IpAddress {{privatip}}.8 -PrefixLength 24 -DefaultGateway {{privatip}}.1"
async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
poll: 0
when: inventory_hostname == "AD01"
- name: Set up static IP address {{privatip}}.7
win_shell: "Get-NetIpAddress -InterfaceAlias 'Ethernet' | New-NetIpAddress -IpAddress {{privatip}}.7 -PrefixLength 24 -DefaultGateway {{privatip}}.1"
async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
poll: 0
when: inventory_hostname == "RDS01"
- name: Set DNS Server
win_shell: "Set-DnsClientServerAddress -InterfaceAlias 'Ethernet' -ServerAddresses ('{{privatip}}.8','1.1.1.1')"
async: 100 # Using "fire-and-forget" asynchronous execution for this task, otherwise it will always fail and timeout
poll: 0
- name: Set {{privatip}} to Privat
win_shell: "Set-NetConnectionProfile -InterfaceAlias 'Ethernet' -NetworkCategory Private"

6
playbook/roles/windows_rds_install/tasks/main.yaml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Add PC to Customer Domain
ansible.builtin.win_shell: |
$SecurePassword = ConvertTo-SecureString -String "adm.3dfx12" -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList stinessu, $SecurePassword
Add-Computer -DomainName "{{ kundendomain }}" -Credential $Credential -Restart

53
playbook/roles/windows_scheduled_tasks/tasks/main.yaml Normal file
View File

@ -0,0 +1,53 @@
- name: Reboot Scheduled Tasks
community.windows.win_scheduled_task:
name: Reboot
description: open command prompt
actions:
- path: shutdown.exe
arguments: /r
triggers:
- type: daily
start_boundary: '2024-01-01T23:30:00'
username: SYSTEM
state: present
enabled: yes
- name: Choco Update Scheduled Tasks
community.windows.win_scheduled_task:
name: Choco Update
description: open command prompt
actions:
- path: C:\ProgramData\chocolatey\choco.exe
arguments: upgrade all --yes --confirm
triggers:
- type: daily
start_boundary: '2024-01-01T22:30:00'
username: SYSTEM
state: present
enabled: yes
- name: Install NuGet
ansible.builtin.win_shell:
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
- name: Register a PowerShell repository
ansible.builtin.win_shell:
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted
- name: Add Windows Update Module
ansible.builtin.win_shell:
Install-Module -Name PSWindowsUpdate
- name: Windows Update Scheduled Tasks
community.windows.win_scheduled_task:
name: Windows Update
description: open command prompt
actions:
- path: powershell.exe
arguments: -command "Get-WindowsUpdate -AcceptAll -Install"
triggers:
- type: daily
start_boundary: '2024-01-01T22:30:00'
username: SYSTEM
state: present
enabled: yes

35
playbook/run_ad-controller.yaml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Install Setup Defaults
hosts: AD01
gather_facts: false
vars_files:
- kunden/{{ kunde }}/defaults.yaml
roles:
- role: openssh-server-service
- role: ansible_ip
vars:
ip: "{{ ansible_host }}"
- role: windows_ip_set
vars:
hostip : "{{ ansible_host }}"
- role: windows_hostname
vars:
hostname: "{{ kundenkürzel}}-{{ inventory_hostname }}"
- role: wait
vars:
timeout_set: 60
vmid: "{{ kundenkürzel}}-{{ inventory_hostname }}"
ignore_errors: true
- name: Install ad-controller
hosts: AD01
gather_facts: false
vars_files:
- kunden/{{ kunde }}/defaults.yaml
roles:
- role: windows_choco_install_defaults
vars:
timeout_set: 60
- role: windows_scheduled_tasks
- role: windows_adcontroller_install
ignore_errors: true

35
playbook/run_rds-server.yaml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Install Setup Defaults
hosts: RDS01
gather_facts: false
vars_files:
- kunden/{{ kunde }}/defaults.yaml
roles:
- role: openssh-server-service
- role: ansible_ip
vars:
ip: "{{ ansible_host }}"
- role: windows_ip_set
vars:
hostip : "{{ ansible_host }}"
- role: windows_hostname
vars:
hostname: "{{ kundenkürzel}}-{{ inventory_hostname }}"
- role: wait
vars:
timeout_set: 60
vmid: "{{ kundenkürzel}}-{{ inventory_hostname }}"
ignore_errors: true
- name: Install RDS-Server
hosts: RDS01
gather_facts: false
vars_files:
- kunden/{{ kunde }}/defaults.yaml
roles:
- role: windows_choco_install_defaults
vars:
timeout_set: 60
- role: windows_scheduled_tasks
- role: windows_rds_install
ignore_errors: true

14
playbook/service_test.yaml Normal file
View File

@ -0,0 +1,14 @@
---
- name: Check if a service is installed
hosts: AD01
gather_facts: false
tasks:
- name: Wait 300 seconds, but only start checking after 60 seconds
ansible.builtin.wait_for_connection:
delay: 10
timeout: 300
register: service_info
- name: Debug
ansible.builtin.debug:
var: service_info

9
playbook/test-firewall-role.yaml Normal file
View File

@ -0,0 +1,9 @@
- name: Test Role
gather_facts: false
hosts: proxmox
vars_files:
- kunden/{{ kunde }}/defaults.yaml
roles:
- role: vmbr-proxmox
vars:
privat_ip: "{{ privatip }}"

9
playbook/test_router.yaml Normal file
View File

@ -0,0 +1,9 @@
- name: Test Role
gather_facts: false
hosts: router
vars_files:
- kunden/{{ kunde }}/defaults.yaml
roles:
- role: ROU01
vars:
privat_ip: "{{ privatip }}"

20
playbook/test_vars.yaml Normal file
View File

@ -0,0 +1,20 @@
---
- name: TEst
hosts: all
gather_facts: false
# vars_files:
# - kunden/{{ kunde }}/defaults.yaml
tasks:
- name: Debug
ansible.builtin.debug:
msg: "{{ inventory_hostname }}"
- name: Test vars
connection: "{{ inventory_hostname }}"
ansible.builtin.shell:
cmd: echo {{ inventory_hostname }}.{{ ansible_host }}
register: test
- name: Debug test
ansible.builtin.debug:
var: test

16
stines-intern.yaml Normal file
View File

@ -0,0 +1,16 @@
proxmox:
hosts:
proxmox-ve:
ansible_host: 172.17.1.250
proxmox-backup:
ansible_host: backup.stines.de
proxmox-test:
ansible_host: 94.130.17.156
devops:
hosts:
jenkins:
ansible_host: 172.17.1.117
jenkins-agent:
ansible_host: 172.17.1.118