- hosts: localhost vars: dns_root: "timesigned.com" node_primary: "raspberry.node.timesigned.com" digitalocean_droplet_token: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/digitalocean-droplet-token') }}" cloudflare_email: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/cloudflare-email') }}" cloudflare_dns_token: "{{ lookup('community.general.passwordstore', 'work/dtu/python-support/cloudflare-dns-token') }}" droplet_service_image: "debian-12-x64" ## curl -X GET --silent "https://api.digitalocean.com/v2/images?per_page=999" -H "Authorization: Bearer $(pass work/dtu/python-support/digitalocean-droplet-token)" | jq | less droplet_service_size: "s-1vcpu-1gb" droplet_service_region: "fra1" ## curl -X GET --silent "https://api.digitalocean.com/v2/sizes?per_page=999" -H "Authorization: Bearer $(pass work/dtu/python-support/digitalocean-droplet-token)" | jq | less droplet_storage_image: "debian-12-x64" droplet_storage_size: "s-1vcpu-1gb" droplet_storage_region: "fra1" tasks: #################### # - Prepare SSH Information #################### - name: "Get SSH Public Key" shell: "ssh-add -L" register: "ssh_key_pub_cmdout" - name: "Add SSH Public Key to DigitalOcean account" digital_ocean_sshkey: name: "key" oauth_token: "{{ digitalocean_droplet_token }}" ssh_pub_key: "{{ ssh_key_pub_cmdout.stdout }}" state: "present" register: "sshkey_result" #################### # - Create Digitalocean Nodes #################### - name: "Create Storage Droplet" digital_ocean_droplet: name: "{{ item }}" oauth_token: "{{ digitalocean_droplet_token }}" ssh_keys: ["{{ sshkey_result.data.ssh_key.id }}"] image: "{{ droplet_storage_image }}" size: "{{ droplet_storage_size }}" region: "{{ droplet_storage_region }}" wait_timeout: 600 unique_name: "yes" state: present with_inventory_hostnames: - storage register: droplet_storage_result - name: "Create Service Droplet" digital_ocean_droplet: name: "{{ item }}" oauth_token: "{{ digitalocean_droplet_token }}" ssh_keys: ["{{ sshkey_result.data.ssh_key.id }}"] image: "{{ droplet_service_image }}" size: "{{ droplet_service_size }}" region: "{{ droplet_service_region }}" wait_timeout: 600 unique_name: "yes" state: present with_inventory_hostnames: - service register: droplet_service_result #################### # - Set DNS A Records => Hosts #################### - name: "Set Storage DNS A => *.node.{{ dns_root }}" cloudflare_dns: api_token: "{{ cloudflare_dns_token }}" zone: "{{ dns_root }}" type: "A" record: "{{ item.data.droplet.name }}" value: "{{ item.data.ip_address }}" with_items: "{{ droplet_storage_result.results }}" - name: "Set Service DNS A => *.node.{{ dns_root }}" cloudflare_dns: api_token: "{{ cloudflare_dns_token }}" zone: "{{ dns_root }}" type: "A" record: "{{ item.data.droplet.name }}" value: "{{ item.data.ip_address }}" with_items: "{{ droplet_service_result.results }}" #################### # - Set DNS CNAME Record => @ #################### - name: "Set DNS CNAME => Primary Node" cloudflare_dns: api_token: "{{ cloudflare_dns_token }}" zone: "{{ dns_root }}" type: "CNAME" record: "@" value: "{{ node_primary }}" ## Cloudflare allows CNAME on @ via CNAME-flattening #################### # - Set DNS CNAME Records => Stacks #################### - name: "Set DNS CNAME => Stack: auth" cloudflare_dns: api_token: "{{ cloudflare_dns_token }}" zone: "{{ dns_root }}" type: "CNAME" record: "auth" value: "@" - name: "Set DNS CNAME => Stack: site-support" cloudflare_dns: api_token: "{{ cloudflare_dns_token }}" zone: "{{ dns_root }}" type: "CNAME" record: "pysupport" value: "@"