diff --git a/playbook.yml b/playbook.yml index 5b36899..d5c7e7d 100644 --- a/playbook.yml +++ b/playbook.yml @@ -43,5 +43,9 @@ - mangareader - bookshelf - shelfarr + - minecraft - lidarr - - minecraft \ No newline at end of file + - soulseek + - soularr + - mariadb + - uptime-kuma \ No newline at end of file diff --git a/roles/mariadb/files/docker-secrets.yaml b/roles/mariadb/files/docker-secrets.yaml new file mode 100644 index 0000000..d0d046b --- /dev/null +++ b/roles/mariadb/files/docker-secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: mariadb +data: + .dockerconfigjson: >- + eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJ1c2VyIiwicGFzc3dvcmQiOiJwYXNzIiwiYXV0aCI6ImRmamlla2ZlcldFS1dFa29mY2RrbzM0MzUzZmQ9In19fQ== +type: kubernetes.io/dockerconfigjson diff --git a/roles/mariadb/files/mariadb-configmap.yaml b/roles/mariadb/files/mariadb-configmap.yaml new file mode 100644 index 0000000..f35f14b --- /dev/null +++ b/roles/mariadb/files/mariadb-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mariadb-config + namespace: mariadb +data: + my.cnf: | + [mysqld] + innodb_use_native_aio=0 + innodb_flush_method=fsync \ No newline at end of file diff --git a/roles/mariadb/files/mariadb-namespace.yaml b/roles/mariadb/files/mariadb-namespace.yaml new file mode 100644 index 0000000..ba7b930 --- /dev/null +++ b/roles/mariadb/files/mariadb-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mariadb diff --git a/roles/mariadb/files/mariadb-nfs-csi.yaml b/roles/mariadb/files/mariadb-nfs-csi.yaml new file mode 100644 index 0000000..354084c --- /dev/null +++ b/roles/mariadb/files/mariadb-nfs-csi.yaml @@ -0,0 +1,11 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: mariadb-nfs-csi + namespace: mariadb +provisioner: nfs.csi.k8s.io +parameters: + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/mariadb +allowVolumeExpansion: true +reclaimPolicy: Retain \ No newline at end of file diff --git a/roles/mariadb/files/mariadb-pvcs.yaml b/roles/mariadb/files/mariadb-pvcs.yaml new file mode 100644 index 0000000..199596a --- /dev/null +++ b/roles/mariadb/files/mariadb-pvcs.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: mariadb-pv-0 + namespace: mariadb +spec: + capacity: + storage: 50Gi + storageClassName: mariadb-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/mariadb +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mariadb-data-mariadb-statefulset-0 + namespace: mariadb +spec: + storageClassName: mariadb-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: mariadb-pv-0 + resources: + requests: + storage: 50Gi +--- + diff --git a/roles/mariadb/files/mariadb-secret.yaml b/roles/mariadb/files/mariadb-secret.yaml new file mode 100644 index 0000000..f7e26d7 --- /dev/null +++ b/roles/mariadb/files/mariadb-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mariadb-secret + namespace: mariadb +type: Opaque +data: + MARIADB_ROOT_PASSWORD: TUFSSUFEQl9ST09UX1BBU1NXT1JE + MARIADB_DATABASE: TUFSSUFEQl9EQVRBQkFTRQ== + MARIADB_USER: TUFSSUFEQl9VU0VS + MARIADB_PASSWORD: TUFSSUFEQl9QQVNTV09SRA== \ No newline at end of file diff --git a/roles/mariadb/files/mariadb-service.yaml b/roles/mariadb/files/mariadb-service.yaml new file mode 100644 index 0000000..4075623 --- /dev/null +++ b/roles/mariadb/files/mariadb-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: mariadb-service + namespace: mariadb +spec: + ports: + - port: 3306 + targetPort: 3306 + selector: + app: mariadb-statefulset + type: LoadBalancer + loadBalancerIP: 10.240.0.102 \ No newline at end of file diff --git a/roles/mariadb/files/mariadb-statefulset.yaml b/roles/mariadb/files/mariadb-statefulset.yaml new file mode 100644 index 0000000..0c84345 --- /dev/null +++ b/roles/mariadb/files/mariadb-statefulset.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mariadb-statefulset + namespace: mariadb +spec: + serviceName: "mariadb-statefulset" + replicas: 1 + selector: + matchLabels: + app: mariadb-statefulset + template: + metadata: + labels: + app: mariadb-statefulset + spec: + imagePullSecrets: + - name: regcred + containers: + - name: mariadb-statefulset + image: mariadb:11 + ports: + - containerPort: 3306 + envFrom: + - secretRef: + name: mariadb-secret + volumeMounts: + - mountPath: /var/lib/mysql + name: mariadb-data + - mountPath: /etc/mysql/conf.d/my.cnf + name: mariadb-config + subPath: my.cnf + volumes: + - name: mariadb-config + configMap: + name: mariadb-config + + volumeClaimTemplates: + - kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: mariadb-data + namespace: mariadb + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi + diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml new file mode 100644 index 0000000..2b15a9e --- /dev/null +++ b/roles/mariadb/tasks/main.yml @@ -0,0 +1,52 @@ +- name: Remover o diretório /tmp/mariadb/kubernetes-files + ansible.builtin.file: + path: /tmp/mariadb/kubernetes-files + state: absent + +- name: Criar diretório temporário no remoto + file: + path: /tmp/mariadb/kubernetes-files + state: directory + mode: '0755' + +- name: Copy file with owner and permissions + ansible.builtin.copy: + src: ../files + dest: /tmp/mariadb/kubernetes-files + owner: fenix + group: root + mode: '0644' + +- name: Listar conteúdo do diretório remoto + shell: ls -l /tmp/mariadb/kubernetes-files/files + register: resultado_ls + + +- name: Obter várias notas do Bitwarden + shell: | + echo "unlock" + BW_SESSION=$(bw unlock {{ bw_password }} --raw) + echo "get item" + bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} + loop: + - { id: "iac.ansible.dockersecrets", dest: "/tmp/mariadb/kubernetes-files/files/docker-secrets.yaml" } + - { id: "iac.ansible.mariadb.secret", dest: "/tmp/mariadb/kubernetes-files/files/mariadb-secret.yaml" } + args: + executable: /bin/bash + environment: + BW_PASSWORD: "{{ BW_PASSWORD }}" + + +- name: Mostrar resultado do ls + debug: + var: resultado_ls.stdout_lines + +- name: Aplicar o mariadb + become: yes + become_user: fenix + shell: | + kubectl apply -f /tmp/mariadb/kubernetes-files/files/mariadb-namespace.yaml + kubectl apply -f /tmp/mariadb/kubernetes-files/files/ + environment: + KUBECONFIG: /home/fenix/.kube/config + diff --git a/roles/mariadb/vars/main.yml b/roles/mariadb/vars/main.yml new file mode 100644 index 0000000..c8fe60b --- /dev/null +++ b/roles/mariadb/vars/main.yml @@ -0,0 +1,4 @@ +bw_password: "{{ lookup('env', 'BW_PASSWORD') }}" +VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}" +BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}" +BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}" \ No newline at end of file diff --git a/roles/soulseek/files/teste.txt b/roles/soulseek/files/teste.txt deleted file mode 100644 index 6b87330..0000000 Binary files a/roles/soulseek/files/teste.txt and /dev/null differ diff --git a/roles/soulseek/files/testeq.txt b/roles/soulseek/files/testeq.txt deleted file mode 100644 index d05d170..0000000 Binary files a/roles/soulseek/files/testeq.txt and /dev/null differ diff --git a/roles/uptime-kuma/files/docker-secrets.yaml b/roles/uptime-kuma/files/docker-secrets.yaml new file mode 100644 index 0000000..3911417 --- /dev/null +++ b/roles/uptime-kuma/files/docker-secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: regcred + namespace: monitoring +data: + .dockerconfigjson: >- + eyJhdXRocyI6eyJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOnsidXNlcm5hbWUiOiJ1c2VyIiwicGFzc3dvcmQiOiJwYXNzIiwiYXV0aCI6ImRmamlla2ZlcldFS1dFa29mY2RrbzM0MzUzZmQ9In19fQ== +type: kubernetes.io/dockerconfigjson diff --git a/roles/uptime-kuma/files/uptime-kuma-configmap-monitorsscript.yaml b/roles/uptime-kuma/files/uptime-kuma-configmap-monitorsscript.yaml new file mode 100644 index 0000000..b615e3c --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-configmap-monitorsscript.yaml @@ -0,0 +1,230 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: uptime-kuma-sync-script + namespace: monitoring +data: + sync.py: | + import subprocess + import sys + import time + import inspect + import types + + subprocess.run([sys.executable, "-m", "pip", "install", "uptime-kuma-api-v2", "--quiet"], check=True) + + subprocess.run([ + "bash", "-c", + "curl -LO https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl && " + "chmod +x kubectl && mv kubectl /usr/local/bin/kubectl" + ], check=True) + + from uptime_kuma_api import UptimeKumaApi, MonitorType + import os + + # ============================================================ + # CONFIGURAÇÃO + # ============================================================ + NOTIFICATION_IDS = [1] + FIXED_TAGS = ["k8s", "IAC"] + STATUS_PAGE_SLUG = "fenix" + STATUS_PAGE_TITLE = "Fenix IAC" + # ============================================================ + + UPTIME_KUMA_URL = os.environ["UPTIME_KUMA_URL"] + USERNAME = os.environ["USERNAME"] + PASSWORD = os.environ["PASSWORD"] + + print("==> A autenticar no Uptime Kuma...") + api = UptimeKumaApi(UPTIME_KUMA_URL) + api.login(USERNAME, PASSWORD) + print("==> Autenticado com sucesso") + + # ── Monkey-patch _build_status_page_data ───────────────────── + original_build = api._build_status_page_data.__func__ + + def patched_build(self, **kwargs): + result = original_build(self, **kwargs) + print(f" [DEBUG] type(result): {type(result)}") + print(f" [DEBUG] result: {result}") + slug, data, icon, public_group_list = result + data.pop("googleAnalyticsId", None) + return (slug, data, icon, public_group_list) + + api._build_status_page_data = types.MethodType(patched_build, api) + print("==> Patch aplicado ao _build_status_page_data") + + # ── Tags ───────────────────────────────────────────────────── + print("==> A sincronizar tags...") + existing_tags = {t["name"]: t["id"] for t in api.get_tags()} + + def ensure_tag(name, color="#0099ff"): + if name not in existing_tags: + print(f" [TAG] A criar tag '{name}'...") + result = api.add_tag(name=name, color=color) + existing_tags[name] = result["id"] + return existing_tags[name] + + ensure_tag("k8s", color="#326CE5") + ensure_tag("IAC", color="#7B42BC") + + # ── Monitores existentes ────────────────────────────────────── + print("==> A obter monitores existentes...") + existing_monitors = api.get_monitors() + existing_names = {m["name"] for m in existing_monitors} + print(f" {len(existing_names)} monitores existentes") + + # ── Garantir grupo fenix ────────────────────────────────────── + print("==> A verificar grupo 'fenix'...") + fenix_group_id = None + for m in existing_monitors: + if m["name"] == "fenix" and m["type"] == "group": + fenix_group_id = m["id"] + print(f" [OK] Grupo 'fenix' já existe (ID: {fenix_group_id})") + break + + if fenix_group_id is None: + print(" [CRIAR] A criar grupo 'fenix'...") + group = api.add_monitor(type=MonitorType.GROUP, name="fenix") + fenix_group_id = group["monitorID"] + print(f" [OK] Grupo 'fenix' criado (ID: {fenix_group_id})") + + # ── Services do cluster ─────────────────────────────────────── + print("==> A listar Services do cluster...") + result = subprocess.run( + [ + "kubectl", "get", "svc", "-A", "--no-headers", + "-o", "custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,PORT:.spec.ports[0].port,TYPE:.spec.type" + ], + capture_output=True, text=True + ) + + services = [] + for line in result.stdout.strip().split("\n"): + parts = line.split() + if len(parts) < 3: + continue + namespace, name, port = parts[0], parts[1], parts[2] + if name == "kubernetes" or port == "": + continue + services.append((namespace, name, port)) + + print(f" {len(services)} services encontrados") + + # ── Criar monitores ─────────────────────────────────────────── + created = 0 + skipped = 0 + + for namespace, name, port in services: + monitor_name = f"{namespace}/{name}" + hostname = f"{name}.{namespace}.svc.cluster.local" + + if monitor_name in existing_names: + print(f" [SKIP] {monitor_name}") + skipped += 1 + continue + + print(f" [CRIAR] {monitor_name} ({hostname}:{port})") + try: + ensure_tag(namespace, color="#10B981") + + monitor = api.add_monitor( + type=MonitorType.PORT, + name=monitor_name, + hostname=hostname, + port=int(port), + interval=60, + retryInterval=60, + maxretries=3, + parent=fenix_group_id, + notificationIDList={str(nid): True for nid in NOTIFICATION_IDS}, + ) + + monitor_id = monitor["monitorID"] + + api.add_monitor_tag(tag_id=existing_tags["k8s"], monitor_id=monitor_id) + api.add_monitor_tag(tag_id=existing_tags["IAC"], monitor_id=monitor_id) + api.add_monitor_tag(tag_id=existing_tags[namespace], monitor_id=monitor_id) + + print(f" [OK] {monitor_name} criado com tags e notificações") + created += 1 + + except Exception as e: + print(f" [ERRO] {monitor_name}: {e}") + + # ── Refrescar lista de monitores após criação ───────────────── + existing_monitors = api.get_monitors() + + # ── Status Page ─────────────────────────────────────────────── + print("==> A atualizar status page...") + + try: + existing_pages = api.get_status_pages() + page_exists = any(p["slug"] == STATUS_PAGE_SLUG for p in existing_pages) + + if not page_exists: + print(f" [CRIAR] A criar status page '{STATUS_PAGE_SLUG}'...") + api.add_status_page(STATUS_PAGE_SLUG, STATUS_PAGE_TITLE) + time.sleep(5) + print(f" [OK] Status page criada") + + current = api.get_status_page(STATUS_PAGE_SLUG) + + all_fenix_monitor_ids = [m["id"] for m in existing_monitors if m.get("parent") == fenix_group_id] + + existing_in_page = [] + for group in current.get("publicGroupList", []): + for mon in group.get("monitorList", []): + existing_in_page.append(mon["id"]) + + missing_ids = [mid for mid in all_fenix_monitor_ids if mid not in existing_in_page] + + print(f" [DEBUG] all_fenix_monitor_ids: {all_fenix_monitor_ids}") + print(f" [DEBUG] missing_ids: {missing_ids}") + + if not missing_ids: + print(f" [SKIP] Todos os monitores já estão na status page") + else: + public_group_list = current.get("publicGroupList", []) + + if public_group_list: + for mid in missing_ids: + public_group_list[0]["monitorList"].append({"id": mid}) + else: + public_group_list = [ + { + "name": "Fenix IAC K8s", + "weight": 1, + "monitorList": [{"id": mid} for mid in all_fenix_monitor_ids], + } + ] + + print(f" [DEBUG] publicGroupList: {public_group_list}") + + api.save_status_page( + slug=STATUS_PAGE_SLUG, + id=current["id"], + title=current.get("title", STATUS_PAGE_TITLE), + description=current.get("description"), + theme=current.get("theme", "auto"), + published=current.get("published", True), + showTags=current.get("showTags", True), + domainNameList=current.get("domainNameList", []), + customCSS=current.get("customCSS") or "", + footerText=current.get("footerText"), + showPoweredBy=current.get("showPoweredBy", True), + showCertificateExpiry=current.get("showCertificateExpiry", False), + icon=current.get("icon", "/icon.svg"), + publicGroupList=public_group_list, + ) + + print(f" [OK] Status page atualizada — {len(missing_ids)} monitores adicionados") + print(f" URL: {UPTIME_KUMA_URL}/status/{STATUS_PAGE_SLUG}") + + except Exception as e: + print(f" [ERRO] Status page: {e}") + import traceback + traceback.print_exc() + + print(f"==> Sync concluído — {created} criados, {skipped} ignorados") + api.disconnect() \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-cronjob-monitors.yaml b/roles/uptime-kuma/files/uptime-kuma-cronjob-monitors.yaml new file mode 100644 index 0000000..cfb7234 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-cronjob-monitors.yaml @@ -0,0 +1,41 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: uptime-kuma-sync + namespace: monitoring +spec: + schedule: "0 * * * *" # cada hora + jobTemplate: + spec: + template: + spec: + serviceAccountName: uptime-kuma-sync + restartPolicy: OnFailure + containers: + - name: sync + image: python:3.12-slim + command: ["bash", "-c", "apt-get update -q && apt-get install -y -q curl && curl -LO https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x kubectl && mv kubectl /usr/local/bin/ && python /scripts/sync.py"] + env: + - name: USERNAME + valueFrom: + secretKeyRef: + name: uptime-kuma-api-secret + key: USERNAME + - name: PASSWORD + valueFrom: + secretKeyRef: + name: uptime-kuma-api-secret + key: PASSWORD + - name: UPTIME_KUMA_URL + valueFrom: + secretKeyRef: + name: uptime-kuma-api-secret + key: UPTIME_KUMA_URL + volumeMounts: + - name: script + mountPath: /scripts + volumes: + - name: script + configMap: + name: uptime-kuma-sync-script + defaultMode: 0755 \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-deployment.yaml b/roles/uptime-kuma/files/uptime-kuma-deployment.yaml new file mode 100644 index 0000000..ee40830 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: uptime-kuma + namespace: monitoring +spec: + replicas: 1 + selector: + matchLabels: + app: uptime-kuma + strategy: + type: Recreate # necessário — SQLite não suporta múltiplas réplicas + template: + metadata: + labels: + app: uptime-kuma + spec: + imagePullSecrets: + - name: regcred + containers: + - name: uptime-kuma + image: louislam/uptime-kuma:2.2.1 + ports: + - containerPort: 3001 + name: http + env: + - name: UPTIME_KUMA_DB_TYPE + value: mariadb + - name: UPTIME_KUMA_DB_HOSTNAME + value: "mariadb-service.mariadb.svc.cluster.local" + - name: UPTIME_KUMA_DB_PORT + value: "3306" + envFrom: + - secretRef: + name: uptime-kuma-mariadb-secret + volumeMounts: + - name: data + mountPath: /app/data + volumes: + - name: data + persistentVolumeClaim: + claimName: uptime-kuma-data-pvc + + + + diff --git a/roles/uptime-kuma/files/uptime-kuma-monitors-secret.yaml b/roles/uptime-kuma/files/uptime-kuma-monitors-secret.yaml new file mode 100644 index 0000000..e6a17b3 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-monitors-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: uptime-kuma-api-secret + namespace: monitoring +type: Opaque +data: + USERNAME: VVNFUk5BTUU= + PASSWORD: UEFTU1dPUkQ= + UPTIME_KUMA_URL: VVBUSU1FX0tVTUFfVVJM diff --git a/roles/uptime-kuma/files/uptime-kuma-namespace.yaml b/roles/uptime-kuma/files/uptime-kuma-namespace.yaml new file mode 100644 index 0000000..d325236 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring diff --git a/roles/uptime-kuma/files/uptime-kuma-nfs-csi.yaml b/roles/uptime-kuma/files/uptime-kuma-nfs-csi.yaml new file mode 100644 index 0000000..4dc41ab --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-nfs-csi.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: uptime-kuma-nfs-csi + namespace: monitoring +provisioner: nfs.csi.k8s.io +parameters: + mountOptions: "nolock,soft,intr" + server: 192.168.1.22 + share: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/uptime-kuma/data +allowVolumeExpansion: true +reclaimPolicy: Retain diff --git a/roles/uptime-kuma/files/uptime-kuma-pvcs.yaml b/roles/uptime-kuma/files/uptime-kuma-pvcs.yaml new file mode 100644 index 0000000..de8031e --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-pvcs.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: uptime-kuma-data-pv + namespace: monitoring +spec: + capacity: + storage: 60Gi + storageClassName: uptime-kuma-nfs-csi + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + mountOptions: + - nolock + - nfsvers=3 + nfs: + server: 192.168.1.22 + path: /mnt/fenix-main-nas-pool-0/data/k8s-Volumes/k8s-cluster-iac-deployed/uptime-kuma/data +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: uptime-kuma-data-pvc + namespace: monitoring +spec: + storageClassName: uptime-kuma-nfs-csi + accessModes: + - ReadWriteOnce + volumeName: uptime-kuma-data-pv + resources: + requests: + storage: 60Gi \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-secret.yaml b/roles/uptime-kuma/files/uptime-kuma-secret.yaml new file mode 100644 index 0000000..5da44bc --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: uptime-kuma-mariadb-secret + namespace: monitoring +type: Opaque +data: + UPTIME_KUMA_DB_NAME: TUFSSUFEQl9EQVRBQkFTRQ== + UPTIME_KUMA_DB_USERNAME: TUFSSUFEQl9VU0VS + UPTIME_KUMA_DB_PASSWORD: TUFSSUFEQl9QQVNTV09SRA== \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-service.yaml b/roles/uptime-kuma/files/uptime-kuma-service.yaml new file mode 100644 index 0000000..0054415 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: uptime-kuma + namespace: monitoring +spec: + selector: + app: uptime-kuma + ports: + - port: 3001 + targetPort: http + name: http + type: ClusterIP \ No newline at end of file diff --git a/roles/uptime-kuma/files/uptime-kuma-serviceaccount-monitors.yaml b/roles/uptime-kuma/files/uptime-kuma-serviceaccount-monitors.yaml new file mode 100644 index 0000000..64b1d79 --- /dev/null +++ b/roles/uptime-kuma/files/uptime-kuma-serviceaccount-monitors.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: uptime-kuma-sync + namespace: monitoring +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: uptime-kuma-sync +rules: + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: uptime-kuma-sync +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: uptime-kuma-sync +subjects: + - kind: ServiceAccount + name: uptime-kuma-sync + namespace: monitoring \ No newline at end of file diff --git a/roles/uptime-kuma/tasks/main.yml b/roles/uptime-kuma/tasks/main.yml new file mode 100644 index 0000000..41cba67 --- /dev/null +++ b/roles/uptime-kuma/tasks/main.yml @@ -0,0 +1,53 @@ +- name: Remover o diretório /tmp/monitoring/uptime-kuma/kubernetes-files + ansible.builtin.file: + path: /tmp/monitoring/uptime-kuma/kubernetes-files + state: absent + +- name: Criar diretório temporário no remoto + file: + path: /tmp/monitoring/uptime-kuma/kubernetes-files + state: directory + mode: '0755' + +- name: Copy file with owner and permissions + ansible.builtin.copy: + src: ../files + dest: /tmp/monitoring/uptime-kuma/kubernetes-files + owner: fenix + group: root + mode: '0644' + + +- name: Listar conteúdo do diretório remoto + shell: ls -l /tmp/monitoring/uptime-kuma/kubernetes-files/files + register: resultado_ls + + +- name: Obter várias notas do Bitwarden + shell: | + echo "unlock" + BW_SESSION=$(bw unlock {{ bw_password }} --raw) + echo "get item" + bw get item "{{ item.id }}" --session $BW_SESSION | jq -r '.notes' > {{ item.dest }} + loop: + - { id: "iac.ansible.dockersecrets", dest: "/tmp/monitoring/uptime-kuma/files/docker-secrets.yaml" } + - { id: "iac.ansible.uptimekuma.mariadbsecret", dest: "/tmp/monitoring/uptime-kuma/files/uptime-kuma-secret.yaml" } + - { id: "iac.ansible.uptimekuma.monitorssecret", dest: "/tmp/monitoring/uptime-kuma/files/uptime-kuma-monitors-secret.yaml" } + args: + executable: /bin/bash + environment: + BW_PASSWORD: "{{ BW_PASSWORD }}" + +- name: Mostrar resultado do ls + debug: + var: resultado_ls.stdout_lines + + +- name: Aplicar o stolon + become: yes + become_user: fenix + shell: | + kubectl apply -f /tmp/monitoring/uptime-kuma/kubernetes-files/files/uptime-kuma-namespace.yaml + kubectl apply -f /tmp/monitoring/uptime-kuma/kubernetes-files/files/ + environment: + KUBECONFIG: /home/fenix/.kube/config \ No newline at end of file diff --git a/roles/uptime-kuma/vars/main.yml b/roles/uptime-kuma/vars/main.yml new file mode 100644 index 0000000..c8fe60b --- /dev/null +++ b/roles/uptime-kuma/vars/main.yml @@ -0,0 +1,4 @@ +bw_password: "{{ lookup('env', 'BW_PASSWORD') }}" +VAULTWARDEN_LINK: "{{ lookup('env', 'VAULTWARDEN_LINK') }}" +BW_CLIENTID: "{{ lookup('env', 'BW_CLIENTID') }}" +BW_CLIENTSECRET : "{{ lookup('env', 'BW_CLIENTSECRET') }}" \ No newline at end of file