120 lines
3.4 KiB
YAML
120 lines
3.4 KiB
YAML
---
|
|
############################################################
|
|
# 1. Infrastruktur erstellen
|
|
############################################################
|
|
|
|
- name: Provision infrastructure in Hetzner Cloud
|
|
hosts: localhost
|
|
gather_facts: true
|
|
|
|
pre_tasks:
|
|
|
|
- name: Abort if confirmation flag not set
|
|
fail:
|
|
msg: "Provisioning aborted. Use -e confirm=y to continue."
|
|
when: confirm is not defined or confirm != "y"
|
|
|
|
vars:
|
|
base_name: ansible-demo
|
|
ssh_key_name: ansible-key
|
|
|
|
tasks:
|
|
|
|
- name: Set unique server name (timestamp based)
|
|
set_fact:
|
|
server_name: "{{ base_name }}-{{ ansible_date_time.epoch }}"
|
|
|
|
- name: Show calculated server name
|
|
debug:
|
|
var: server_name
|
|
|
|
- name: Create SSH key in Hetzner
|
|
hetzner.hcloud.hcloud_ssh_key:
|
|
api_token: "{{ hcloud_token }}"
|
|
name: "{{ ssh_key_name }}"
|
|
public_key: "{{ hcloud_ssh_public_key }}"
|
|
state: present
|
|
|
|
- name: Create Hetzner Cloud Server
|
|
hetzner.hcloud.hcloud_server:
|
|
api_token: "{{ hcloud_token }}"
|
|
name: "{{ server_name }}"
|
|
server_type: "{{ hcloud_server_type }}"
|
|
image: "{{ hcloud_image }}"
|
|
location: "{{ hcloud_location }}"
|
|
ssh_keys:
|
|
- "{{ ssh_key_name }}"
|
|
firewalls: "{{ hcloud_firewalls | default(omit) }}"
|
|
state: present
|
|
register: created_server
|
|
|
|
- name: Store server info in Supabase
|
|
ansible.builtin.uri:
|
|
url: "{{ supabase_url }}/rest/v1/servers"
|
|
method: POST
|
|
headers:
|
|
apikey: "{{ supabase_api_key }}"
|
|
Authorization: "Bearer {{ supabase_api_key }}"
|
|
Content-Type: "application/json"
|
|
Prefer: "resolution=merge-duplicates"
|
|
body_format: json
|
|
body:
|
|
server_id: "{{ created_server.hcloud_server.id }}"
|
|
name: "{{ created_server.hcloud_server.name }}"
|
|
ipv4: "{{ created_server.hcloud_server.ipv4_address }}"
|
|
server_type: "{{ created_server.hcloud_server.server_type }}"
|
|
location: "{{ created_server.hcloud_server.location }}"
|
|
status: "{{ created_server.hcloud_server.status }}"
|
|
status_code: [200, 201]
|
|
delegate_to: localhost
|
|
|
|
- name: Add new server to runtime inventory
|
|
add_host:
|
|
name: newserver
|
|
ansible_host: "{{ created_server.hcloud_server.ipv4_address }}"
|
|
ansible_user: root
|
|
ansible_ssh_private_key_file: "~/.ssh/id_ed25519"
|
|
|
|
- name: Wait for SSH to become reachable
|
|
wait_for:
|
|
host: "{{ created_server.hcloud_server.ipv4_address }}"
|
|
port: 22
|
|
delay: 5
|
|
timeout: 180
|
|
state: started
|
|
|
|
|
|
############################################################
|
|
# 2. Server konfigurieren
|
|
############################################################
|
|
|
|
- name: Configure new server
|
|
hosts: newserver
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
new_username: sysadmin46E9
|
|
|
|
tasks:
|
|
|
|
- name: Create sudo user
|
|
ansible.builtin.user:
|
|
name: "{{ new_username }}"
|
|
shell: /bin/bash
|
|
groups: sudo
|
|
append: yes
|
|
create_home: yes
|
|
|
|
- name: Add SSH key for user
|
|
ansible.posix.authorized_key:
|
|
user: "{{ new_username }}"
|
|
key: "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}"
|
|
|
|
- name: Allow passwordless sudo
|
|
ansible.builtin.copy:
|
|
dest: "/etc/sudoers.d/{{ new_username }}"
|
|
content: "{{ new_username }} ALL=(ALL) NOPASSWD:ALL"
|
|
mode: '0440'
|
|
|