mirror of
https://codeberg.org/hyperreal/ansible-homelab
synced 2024-11-01 08:33:07 +01:00
Simplify. Emphasis on the 'simp'.
This commit is contained in:
parent
c9f6a41d60
commit
0554c227f5
84
README.org
84
README.org
@ -1,86 +1,2 @@
|
||||
* ansible-homelab
|
||||
|
||||
I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
|
||||
|
||||
** Example
|
||||
Initialize an instance:
|
||||
|
||||
#+begin_src shell
|
||||
lxc init images:debian/12/cloud debian-archive --storage lxd-pool
|
||||
#+end_src
|
||||
|
||||
Configure the instance for cloud-init:
|
||||
|
||||
#+begin_src shell
|
||||
lxc config set debian-archive cloud-init.user-data - <<- EOF
|
||||
#cloud-config
|
||||
users:
|
||||
- name: debian
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
|
||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
||||
shell: /bin/bash
|
||||
lock_passwd: true
|
||||
apt:
|
||||
sources_list: |
|
||||
deb http://deb.debian.org/debian $RELEASE main
|
||||
deb http://deb.debian.org/debian $RELEASE-updates main
|
||||
deb http://deb.debian.org/debian-security/ $RELEASE-security main
|
||||
deb http://deb.debian.org/debian $RELEASE-backports
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- curl
|
||||
- debian-keyring
|
||||
- debsig-verify
|
||||
- git
|
||||
- nodejs
|
||||
- npm
|
||||
- notmuch
|
||||
- offlineimap3
|
||||
- pass
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- ripgrep
|
||||
- ssh
|
||||
- wget
|
||||
- xauth
|
||||
- youtube-dl
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.41:514"
|
||||
filename: 99-forward.conf
|
||||
remotes:
|
||||
moonshadow: 10.0.0.41
|
||||
timezone: America/Chicago
|
||||
EOF
|
||||
#+end_src
|
||||
|
||||
Start the instance, then check the cloud-init status:
|
||||
|
||||
#+begin_src shell
|
||||
lxc start debian-archive
|
||||
lxc exec debian-archive -- cloud-init status --wait
|
||||
#+end_src
|
||||
|
||||
SSH into the new instance to accept the host key:
|
||||
|
||||
#+begin_src shell
|
||||
ssh debian@10.227.115.42
|
||||
#+end_src
|
||||
|
||||
Once that's done, you should be able to SSH directly to the debian user, and Ansible will be ready to run.
|
||||
|
||||
Add the instance's IP address to hosts.ini:
|
||||
|
||||
#+begin_src yaml
|
||||
[homelab]
|
||||
10.227.115.42
|
||||
#+end_src
|
||||
|
||||
Run the setup.yml playbook for all roles, or choose specific roles with --tags:
|
||||
|
||||
#+begin_src shell
|
||||
ansible-playbook -i hosts.ini setup.yml -u debian -b
|
||||
ansible-playbook -i hosts.ini setup.yml --tags debian-archive -u debian -b
|
||||
#+end_src
|
||||
|
@ -2,14 +2,14 @@
|
||||
homelab:
|
||||
hosts:
|
||||
pi0:
|
||||
ansible_user: dietpi
|
||||
ansible_user: jas
|
||||
ansible_host: 10.0.0.10
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
pi1:
|
||||
ansible_user: dietpi
|
||||
ansible_user: jas
|
||||
ansible_host: 10.0.0.11
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
pi2:
|
||||
ansible_user: dietpi
|
||||
ansible_user: jas
|
||||
ansible_host: 10.0.0.12
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
|
50
setup.yml
50
setup.yml
@ -27,19 +27,16 @@
|
||||
- atop
|
||||
- autoconf
|
||||
- automake
|
||||
- borgbackup
|
||||
- borgmatic
|
||||
- build-essential
|
||||
- byobu
|
||||
- clamav
|
||||
- clamav-daemon
|
||||
- clamav-freshclam
|
||||
- cmake
|
||||
- curl
|
||||
- firewalld
|
||||
- git
|
||||
- glances
|
||||
- htop
|
||||
- httpie
|
||||
- ifplugd
|
||||
- iotop
|
||||
- less
|
||||
- libpam-systemd
|
||||
@ -52,6 +49,7 @@
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- rkhunter
|
||||
- rclone
|
||||
- rsync
|
||||
- unattended-upgrades
|
||||
- vim
|
||||
@ -65,59 +63,21 @@
|
||||
enabled: true
|
||||
masked: no
|
||||
|
||||
- name: Configure ifplugd for eth0 interface
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/default/ifplugd
|
||||
search_string: "INTERFACES="
|
||||
line: 'INTERFACES="eth0"'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Ensure ifplugd service is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: ifplugd
|
||||
enabled: true
|
||||
|
||||
- name: Ensure systemd-networkd is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: systemd-networkd
|
||||
enabled: true
|
||||
|
||||
- name: Ensure clamav-daemon is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: clamav-daemon
|
||||
enabled: true
|
||||
|
||||
- name: Ensure clamav-freshclam is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: clamav-freshclam
|
||||
enabled: true
|
||||
|
||||
- name: Ensure man-db.timer is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: man-db.timer
|
||||
enabled: true
|
||||
|
||||
- name: Configure systemd-networkd for eth0 interface
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/systemd/network/eth0.network
|
||||
create: true
|
||||
block: |
|
||||
[Match]
|
||||
Name=eth0
|
||||
|
||||
[Network]
|
||||
DHCP=yes
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Configure unattended-upgrades mail user
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
search_string: "//Unattended-Upgrade::Mail"
|
||||
line: 'Unattended-Upgrade::Mail "dietpi";'
|
||||
line: 'Unattended-Upgrade::Mail "jas";'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
@ -142,7 +102,7 @@
|
||||
|
||||
- name: Set the shell to zsh for dietpi user
|
||||
ansible.builtin.user:
|
||||
name: dietpi
|
||||
name: jas
|
||||
shell: /usr/bin/zsh
|
||||
|
||||
- name: Check if reboot is required
|
||||
|
Loading…
Reference in New Issue
Block a user