Refactor files, move iptables role, update boostrap.sh

ansible/bootstrap.sh

 #!/usr/bin/env bash
 
+# This script creates a Python env, enters it and installs
+# ansible and requirements from the requirements.galaxy.yaml
+
 [[ ! -d .venv ]] && python3 -m venv .venv
 source .venv/bin/activate
 
 pip3 install ansible ansible-lint
 
-ansible-galaxy install --force -r requirements.galaxy.yaml
+ansible-galaxy install "$1" -r requirements.galaxy.yaml
 
 # to stay in our comfy virtualenv
 exec "${SHELL:bash}"

ansible/harbor/base.yaml → ansible/main/base.yaml

@@ -4,10 +4,8 @@
   roles:
     - role: kszk-k8s.base
       tags: ["base"]
-    - role: kszk-k8s.iptables
-      tags: ["iptables"]
+    - role: kszk.iptables
   vars_files:
-    - "../vars/base.yaml"
     - "vars/harbor.yaml"
     - "vars/secret.yaml"
   tasks: 

ansible/harbor/tasks/harbor.yaml → ansible/main/tasks/harbor.yaml

@@ -22,7 +22,7 @@
     src: home/user/harbor/harbor.yml.j2
     dest: /home/{{ user }}/harbor/harbor.yml
 
-- name: Setup harbor
+- name: Setup harbor (You might need to restart the docker service manually!)
   become: yes
   shell: "/home/{{ user }}/harbor/install.sh"
 

ansible/harbor/templates/home/user/harbor/harbor.yml.j2 → ansible/main/templates/home/user/harbor/harbor.yml.j2

@@ -197,10 +197,6 @@ proxy:
     - core
     - jobservice
     - trivy
-# metric:
-#   enabled: false
-#   port: 9090
-#   path: /metrics
 
 # Trace related config
 # only can enable one trace provider(jaeger or otel) at the same time,

ansible/harbor/vars/harbor.yaml → ansible/main/vars/harbor.yaml

+# KSZK Base role
+motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/cluster-setup
+
 hostname: harbor
 motd_text: "Harbor"
 
 user: harbor
-harbor_hostname: harbor.sch.bme.hu
-
-acme_email: laszlo.rafael@kszk.bme.hu
-sites: 
-  - name: harbor.sch.bme.hu
-    proxy_to: http://localhost:8080
-
 users:
   - name: rlacko
     sudo: yes
@@ -18,6 +14,14 @@ users:
     sudo: yes
     passwordless_sudo: yes
 
+ssh:
+  port: 10022
+  permitRootLogin: "no"
+  pubkeyAuthentication: "yes"
+  passwordAuthentication: "no"
+  allow:
+    users: "rlacko"
+
 netplan:
   network:
     version: 2
@@ -30,3 +34,17 @@ netplan:
         set-name: wan0
         dhcp4: true
 
+# IPTables base role
+
+## Use own iptables files
+iptables_rules_v4_file: etc/iptables/rules.v4.j2
+iptables_rules_v6_file: etc/iptables/rules.v6.j2
+
+# Playbook vars
+
+harbor_hostname: harbor.sch.bme.hu
+acme_email: laszlo.rafael@kszk.bme.hu
+sites: 
+  - name: harbor.sch.bme.hu
+    proxy_to: http://localhost:8080
+

ansible/requirements.galaxy.yaml

@@ -9,7 +9,7 @@ roles:
     scm: git
     version: master
     name: kszk-k8s.base
-  - src: git@git.sch.bme.hu:kszk/sysadmin/kubernetes/iptables-role.git
+  - src: git@git.sch.bme.hu:kszk/ansible/roles/iptables.git
     scm: git
     version: master
-    name: kszk-k8s.iptables
+    name: kszk.iptables

ansible/vars/base.yaml

-motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/cluster-setup
-motd_text: Harbor
-
-users:
-  - name: rlacko
-    sudo: yes
-    passwordless_sudo: yes
-    ssh_key: https://git.sch.bme.hu/rlacko.keys
-ssh:
-  port: 10022
-  permitRootLogin: "no"
-  pubkeyAuthentication: "yes"
-  passwordAuthentication: "no"
-  allow:
-    users: "rlacko"