mirror of
https://codeberg.org/hyperreal/ansible-homelab
synced 2024-11-01 16:43:09 +01:00
Simplify. Emphasis on the 'simp'.
This commit is contained in:
parent
c9f6a41d60
commit
0554c227f5
84
README.org
84
README.org
@ -1,86 +1,2 @@
|
|||||||
* ansible-homelab
|
* ansible-homelab
|
||||||
|
|
||||||
I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
|
|
||||||
|
|
||||||
** Example
|
|
||||||
Initialize an instance:
|
|
||||||
|
|
||||||
#+begin_src shell
|
|
||||||
lxc init images:debian/12/cloud debian-archive --storage lxd-pool
|
|
||||||
#+end_src
|
|
||||||
|
|
||||||
Configure the instance for cloud-init:
|
|
||||||
|
|
||||||
#+begin_src shell
|
|
||||||
lxc config set debian-archive cloud-init.user-data - <<- EOF
|
|
||||||
#cloud-config
|
|
||||||
users:
|
|
||||||
- name: debian
|
|
||||||
ssh_authorized_keys:
|
|
||||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
|
|
||||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
|
||||||
shell: /bin/bash
|
|
||||||
lock_passwd: true
|
|
||||||
apt:
|
|
||||||
sources_list: |
|
|
||||||
deb http://deb.debian.org/debian $RELEASE main
|
|
||||||
deb http://deb.debian.org/debian $RELEASE-updates main
|
|
||||||
deb http://deb.debian.org/debian-security/ $RELEASE-security main
|
|
||||||
deb http://deb.debian.org/debian $RELEASE-backports
|
|
||||||
package_update: true
|
|
||||||
package_upgrade: true
|
|
||||||
packages:
|
|
||||||
- curl
|
|
||||||
- debian-keyring
|
|
||||||
- debsig-verify
|
|
||||||
- git
|
|
||||||
- nodejs
|
|
||||||
- npm
|
|
||||||
- notmuch
|
|
||||||
- offlineimap3
|
|
||||||
- pass
|
|
||||||
- python3-dev
|
|
||||||
- python3-pip
|
|
||||||
- ripgrep
|
|
||||||
- ssh
|
|
||||||
- wget
|
|
||||||
- xauth
|
|
||||||
- youtube-dl
|
|
||||||
rsyslog:
|
|
||||||
configs:
|
|
||||||
- content: "*.* @10.0.0.41:514"
|
|
||||||
filename: 99-forward.conf
|
|
||||||
remotes:
|
|
||||||
moonshadow: 10.0.0.41
|
|
||||||
timezone: America/Chicago
|
|
||||||
EOF
|
|
||||||
#+end_src
|
|
||||||
|
|
||||||
Start the instance, then check the cloud-init status:
|
|
||||||
|
|
||||||
#+begin_src shell
|
|
||||||
lxc start debian-archive
|
|
||||||
lxc exec debian-archive -- cloud-init status --wait
|
|
||||||
#+end_src
|
|
||||||
|
|
||||||
SSH into the new instance to accept the host key:
|
|
||||||
|
|
||||||
#+begin_src shell
|
|
||||||
ssh debian@10.227.115.42
|
|
||||||
#+end_src
|
|
||||||
|
|
||||||
Once that's done, you should be able to SSH directly to the debian user, and Ansible will be ready to run.
|
|
||||||
|
|
||||||
Add the instance's IP address to hosts.ini:
|
|
||||||
|
|
||||||
#+begin_src yaml
|
|
||||||
[homelab]
|
|
||||||
10.227.115.42
|
|
||||||
#+end_src
|
|
||||||
|
|
||||||
Run the setup.yml playbook for all roles, or choose specific roles with --tags:
|
|
||||||
|
|
||||||
#+begin_src shell
|
|
||||||
ansible-playbook -i hosts.ini setup.yml -u debian -b
|
|
||||||
ansible-playbook -i hosts.ini setup.yml --tags debian-archive -u debian -b
|
|
||||||
#+end_src
|
|
||||||
|
@ -2,14 +2,14 @@
|
|||||||
homelab:
|
homelab:
|
||||||
hosts:
|
hosts:
|
||||||
pi0:
|
pi0:
|
||||||
ansible_user: dietpi
|
ansible_user: jas
|
||||||
ansible_host: 10.0.0.10
|
ansible_host: 10.0.0.10
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
pi1:
|
pi1:
|
||||||
ansible_user: dietpi
|
ansible_user: jas
|
||||||
ansible_host: 10.0.0.11
|
ansible_host: 10.0.0.11
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
pi2:
|
pi2:
|
||||||
ansible_user: dietpi
|
ansible_user: jas
|
||||||
ansible_host: 10.0.0.12
|
ansible_host: 10.0.0.12
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
50
setup.yml
50
setup.yml
@ -27,19 +27,16 @@
|
|||||||
- atop
|
- atop
|
||||||
- autoconf
|
- autoconf
|
||||||
- automake
|
- automake
|
||||||
|
- borgbackup
|
||||||
|
- borgmatic
|
||||||
- build-essential
|
- build-essential
|
||||||
- byobu
|
- byobu
|
||||||
- clamav
|
|
||||||
- clamav-daemon
|
|
||||||
- clamav-freshclam
|
|
||||||
- cmake
|
- cmake
|
||||||
- curl
|
- curl
|
||||||
- firewalld
|
- firewalld
|
||||||
- git
|
- git
|
||||||
- glances
|
|
||||||
- htop
|
- htop
|
||||||
- httpie
|
- httpie
|
||||||
- ifplugd
|
|
||||||
- iotop
|
- iotop
|
||||||
- less
|
- less
|
||||||
- libpam-systemd
|
- libpam-systemd
|
||||||
@ -52,6 +49,7 @@
|
|||||||
- python3-dev
|
- python3-dev
|
||||||
- python3-pip
|
- python3-pip
|
||||||
- rkhunter
|
- rkhunter
|
||||||
|
- rclone
|
||||||
- rsync
|
- rsync
|
||||||
- unattended-upgrades
|
- unattended-upgrades
|
||||||
- vim
|
- vim
|
||||||
@ -65,59 +63,21 @@
|
|||||||
enabled: true
|
enabled: true
|
||||||
masked: no
|
masked: no
|
||||||
|
|
||||||
- name: Configure ifplugd for eth0 interface
|
|
||||||
ansible.builtin.lineinfile:
|
|
||||||
path: /etc/default/ifplugd
|
|
||||||
search_string: "INTERFACES="
|
|
||||||
line: 'INTERFACES="eth0"'
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
|
|
||||||
- name: Ensure ifplugd service is enabled
|
|
||||||
ansible.builtin.systemd_service:
|
|
||||||
name: ifplugd
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
- name: Ensure systemd-networkd is enabled
|
- name: Ensure systemd-networkd is enabled
|
||||||
ansible.builtin.systemd_service:
|
ansible.builtin.systemd_service:
|
||||||
name: systemd-networkd
|
name: systemd-networkd
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Ensure clamav-daemon is enabled
|
|
||||||
ansible.builtin.systemd_service:
|
|
||||||
name: clamav-daemon
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
- name: Ensure clamav-freshclam is enabled
|
|
||||||
ansible.builtin.systemd_service:
|
|
||||||
name: clamav-freshclam
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
- name: Ensure man-db.timer is enabled
|
- name: Ensure man-db.timer is enabled
|
||||||
ansible.builtin.systemd_service:
|
ansible.builtin.systemd_service:
|
||||||
name: man-db.timer
|
name: man-db.timer
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Configure systemd-networkd for eth0 interface
|
|
||||||
ansible.builtin.blockinfile:
|
|
||||||
path: /etc/systemd/network/eth0.network
|
|
||||||
create: true
|
|
||||||
block: |
|
|
||||||
[Match]
|
|
||||||
Name=eth0
|
|
||||||
|
|
||||||
[Network]
|
|
||||||
DHCP=yes
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
|
|
||||||
- name: Configure unattended-upgrades mail user
|
- name: Configure unattended-upgrades mail user
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/apt/apt.conf.d/50unattended-upgrades
|
path: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
search_string: "//Unattended-Upgrade::Mail"
|
search_string: "//Unattended-Upgrade::Mail"
|
||||||
line: 'Unattended-Upgrade::Mail "dietpi";'
|
line: 'Unattended-Upgrade::Mail "jas";'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
@ -142,7 +102,7 @@
|
|||||||
|
|
||||||
- name: Set the shell to zsh for dietpi user
|
- name: Set the shell to zsh for dietpi user
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: dietpi
|
name: jas
|
||||||
shell: /usr/bin/zsh
|
shell: /usr/bin/zsh
|
||||||
|
|
||||||
- name: Check if reboot is required
|
- name: Check if reboot is required
|
||||||
|
Loading…
Reference in New Issue
Block a user