- hosts: monitoring # vars: become: true gather_facts: true pre_tasks: - name: Set hostname ansible.builtin.hostname: name: "{{ inventory_hostname }}" - name: Check for Netbird Installation ansible.builtin.shell: cmd: netbird version ignore_errors: true register: netbird_installed - name: Install Netbird first to have private network block: - name: Add key Netbird become: true ansible.builtin.shell: curl -sSL https://pkgs.netbird.io/debian/public.key | sudo gpg --dearmor --output /usr/share/keyrings/netbird-archive-keyring.gpg - name: mode file for netbird key ansible.builtin.file: path: /usr/share/keyrings/netbird-archive-keyring.gpg state: file mode: 0644 - name: somerepo | apt source ansible.builtin.apt_repository: repo: "deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main" state: present - name: Install netbird ansible.builtin.apt: name: "netbird" state: present update_cache: true - name: Start Netbird become: true ansible.builtin.shell: netbird up --setup-key="{{ netbird_setup_key }}" when: netbird_installed.rc != 0 # curl -sSL https://pkgs.netbird.io/debian/public.key | sudo gpg --dearmor --output /usr/share/keyrings/netbird-archive-keyring.gpg # chmod 0644 /usr/share/keyrings/netbird-archive-keyring.gpg # # echo 'deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main' | sudo tee /etc/apt/sources.list.d/netbird.list - name: Create node_exporter cert dir file: path: "{{ item }}" state: directory owner: root group: root loop: - /etc/node_exporter - name: Generate an OpenSSL private key with the default values (4096 bits, RSA) community.crypto.openssl_privatekey: path: /etc/node_exporter/tls.key mode: 0644 # /etc/node_exporter# chmod 644 tls.key - name: Generate an OpenSSL Certificate Signing Request community.crypto.openssl_csr: path: /etc/node_exporter/tls.csr privatekey_path: /etc/node_exporter/tls.key common_name: "{{ inventory_hostname }}.netbird.cloud" - name: Generate a Self Signed OpenSSL certificate community.crypto.x509_certificate: path: /etc/node_exporter/tls.cert privatekey_path: /etc/node_exporter/tls.key csr_path: /etc/node_exporter/tls.csr provider: selfsigned # export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES ---> ERROR! A worker was found in a dead state # chmod go+r /usr/share/keyrings/netbird-archive-keyring.gpg for error: #||-----> GPG error: https://pkgs.netbird.io/debian stable InRelease: The following signatures couldn't be verified because the public key is not available # roles: # - robertdebock.update # - devsec.hardening.os_hardening # - devsec.hardening.ssh_hardening # - maxlareo.rkhunter # - maxlareo.chkrootkit # - robertdebock.auditd # - geerlingguy.firewall # - grog.management-user # - GROG.user # - GROG.authorized-key # - GROG.sudo # - ansible_unattended_upgrades # - buluma.lynis tasks: - name: Retrieve private IP address netbird ansible.builtin.gather_facts: - name: Set host_interfaces list ansible.builtin.set_fact: host_interfaces: "{{ host_interfaces + [item]}}" vars: host_interfaces: [] when: ansible_facts[item].ipv4.address is defined loop: "{{ ansible_facts.interfaces }}" - name: Set host_private_address ansible.builtin.set_fact: host_private_address: "{{ ansible_facts[item].ipv4.address }}" vars: host_private_address: "" when: ansible_facts[item].ipv4.address | ansible.utils.ipaddr('100.96.0.0/16') loop: "{{ host_interfaces }}" # - name: Debug fingerprint for ALL hosts # debug: # msg: "{{ group_names }}" # when: group_names is search("monitoring") - ansible.builtin.import_role: name: prometheus.prometheus.node_exporter - ansible.builtin.import_role: name: prometheus.prometheus.prometheus when: group_names is search("monitoring") - ansible.builtin.import_role: name: ansible-role-labocbz-install-grafana when: group_names is search("monitoring")