2024-06-19 06:28:08 +02:00
|
|
|
---
|
|
|
|
|
- name: Setup homelab basics for DietPi systems
|
2023-06-01 19:02:20 +02:00
|
|
|
hosts: homelab
|
2024-06-19 06:28:08 +02:00
|
|
|
become: true
|
|
|
|
|
tasks:
|
|
|
|
|
- name: Update apt cache
|
|
|
|
|
ansible.builtin.apt:
|
|
|
|
|
cache_valid_time: 1200
|
|
|
|
|
|
|
|
|
|
- name: Update cache and all packages
|
|
|
|
|
register: updatesys
|
|
|
|
|
ansible.builtin.apt:
|
|
|
|
|
upgrade: dist
|
|
|
|
|
update_cache: true
|
|
|
|
|
|
|
|
|
|
- name: Display the last line of the previous task to check the stats
|
|
|
|
|
ansible.builtin.debug:
|
|
|
|
|
msg: "{{updatesys.stdout_lines|last}}"
|
|
|
|
|
|
|
|
|
|
- name: Install basic packages
|
|
|
|
|
ansible.builtin.apt:
|
|
|
|
|
update_cache: true
|
|
|
|
|
name:
|
|
|
|
|
- apt-file
|
|
|
|
|
- apt-listchanges
|
|
|
|
|
- apt-utils
|
|
|
|
|
- atop
|
|
|
|
|
- autoconf
|
|
|
|
|
- automake
|
2024-06-25 06:24:27 +02:00
|
|
|
- borgbackup
|
|
|
|
|
- borgmatic
|
2024-06-19 06:28:08 +02:00
|
|
|
- build-essential
|
|
|
|
|
- byobu
|
|
|
|
|
- cmake
|
|
|
|
|
- curl
|
|
|
|
|
- firewalld
|
|
|
|
|
- git
|
|
|
|
|
- htop
|
|
|
|
|
- httpie
|
|
|
|
|
- iotop
|
|
|
|
|
- less
|
|
|
|
|
- libpam-systemd
|
|
|
|
|
- lynis
|
|
|
|
|
- man-db
|
|
|
|
|
- manpages
|
|
|
|
|
- nfs-common
|
|
|
|
|
- nmon
|
|
|
|
|
- pipx
|
|
|
|
|
- python3-dev
|
|
|
|
|
- python3-pip
|
|
|
|
|
- rkhunter
|
2024-06-25 06:24:27 +02:00
|
|
|
- rclone
|
2024-06-19 06:28:08 +02:00
|
|
|
- rsync
|
|
|
|
|
- unattended-upgrades
|
|
|
|
|
- vim
|
|
|
|
|
- wget
|
|
|
|
|
- zsh
|
|
|
|
|
state: present
|
|
|
|
|
|
|
|
|
|
- name: Unmask systemd-logind
|
|
|
|
|
ansible.builtin.systemd_service:
|
|
|
|
|
name: systemd-logind
|
|
|
|
|
enabled: true
|
|
|
|
|
masked: no
|
|
|
|
|
|
|
|
|
|
- name: Ensure systemd-networkd is enabled
|
|
|
|
|
ansible.builtin.systemd_service:
|
|
|
|
|
name: systemd-networkd
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
- name: Ensure man-db.timer is enabled
|
|
|
|
|
ansible.builtin.systemd_service:
|
|
|
|
|
name: man-db.timer
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
- name: Configure unattended-upgrades mail user
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
|
|
|
search_string: "//Unattended-Upgrade::Mail"
|
2024-06-25 06:24:27 +02:00
|
|
|
line: 'Unattended-Upgrade::Mail "jas";'
|
2024-06-19 06:28:08 +02:00
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
|
|
- name: Configure unattended-upgrades automatic reboot
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
|
|
|
search_string: "//Unattended-Upgrade::Automatic-Reboot"
|
|
|
|
|
line: 'Unattended-Upgrade::Automatic-Reboot "true";'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
|
|
- name: Disable apt downloading translations
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
path: /etc/apt/apt.conf.d/99translations
|
|
|
|
|
create: true
|
|
|
|
|
line: 'Acquire::Languages "none";'
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
|
|
- name: Set the shell to zsh for dietpi user
|
|
|
|
|
ansible.builtin.user:
|
2024-06-25 06:24:27 +02:00
|
|
|
name: jas
|
2024-06-19 06:28:08 +02:00
|
|
|
shell: /usr/bin/zsh
|
|
|
|
|
|
|
|
|
|
- name: Check if reboot is required
|
|
|
|
|
ansible.builtin.stat:
|
|
|
|
|
path: /var/run/reboot-required
|
|
|
|
|
register: reboot_required
|
|
|
|
|
|
|
|
|
|
- name: Set is_reboot_required fact
|
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
|
is_reboot_required: "{{ True if reboot_required.stat.exists else False }}"
|
|
|
|
|
|
|
|
|
|
- name: Reboot is needed
|
|
|
|
|
ansible.builtin.reboot:
|
|
|
|
|
reboot_timeout: 120
|
|
|
|
|
when: is_reboot_required | bool
|
|
|
|
|
|
|
|
|
|
- name: Post-reboot confirmation
|
|
|
|
|
ansible.builtin.debug:
|
|
|
|
|
msg: "{{ ansible_host }} is now back up and running"
|
|
|
|
|
when: is_reboot_required | bool
|
