Simplify. Emphasis on the 'simp'.

This commit is contained in:
Jeffrey Serio 2024-06-24 23:24:27 -05:00
parent c9f6a41d60
commit 0554c227f5
3 changed files with 8 additions and 132 deletions

View File

@ -1,86 +1,2 @@
* ansible-homelab * ansible-homelab
I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
** Example
Initialize an instance:
#+begin_src shell
lxc init images:debian/12/cloud debian-archive --storage lxd-pool
#+end_src
Configure the instance for cloud-init:
#+begin_src shell
lxc config set debian-archive cloud-init.user-data - <<- EOF
#cloud-config
users:
- name: debian
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
apt:
sources_list: |
deb http://deb.debian.org/debian $RELEASE main
deb http://deb.debian.org/debian $RELEASE-updates main
deb http://deb.debian.org/debian-security/ $RELEASE-security main
deb http://deb.debian.org/debian $RELEASE-backports
package_update: true
package_upgrade: true
packages:
- curl
- debian-keyring
- debsig-verify
- git
- nodejs
- npm
- notmuch
- offlineimap3
- pass
- python3-dev
- python3-pip
- ripgrep
- ssh
- wget
- xauth
- youtube-dl
rsyslog:
configs:
- content: "*.* @10.0.0.41:514"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
timezone: America/Chicago
EOF
#+end_src
Start the instance, then check the cloud-init status:
#+begin_src shell
lxc start debian-archive
lxc exec debian-archive -- cloud-init status --wait
#+end_src
SSH into the new instance to accept the host key:
#+begin_src shell
ssh debian@10.227.115.42
#+end_src
Once that's done, you should be able to SSH directly to the debian user, and Ansible will be ready to run.
Add the instance's IP address to hosts.ini:
#+begin_src yaml
[homelab]
10.227.115.42
#+end_src
Run the setup.yml playbook for all roles, or choose specific roles with --tags:
#+begin_src shell
ansible-playbook -i hosts.ini setup.yml -u debian -b
ansible-playbook -i hosts.ini setup.yml --tags debian-archive -u debian -b
#+end_src

View File

@ -2,14 +2,14 @@
homelab: homelab:
hosts: hosts:
pi0: pi0:
ansible_user: dietpi ansible_user: jas
ansible_host: 10.0.0.10 ansible_host: 10.0.0.10
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
pi1: pi1:
ansible_user: dietpi ansible_user: jas
ansible_host: 10.0.0.11 ansible_host: 10.0.0.11
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
pi2: pi2:
ansible_user: dietpi ansible_user: jas
ansible_host: 10.0.0.12 ansible_host: 10.0.0.12
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3

View File

@ -27,19 +27,16 @@
- atop - atop
- autoconf - autoconf
- automake - automake
- borgbackup
- borgmatic
- build-essential - build-essential
- byobu - byobu
- clamav
- clamav-daemon
- clamav-freshclam
- cmake - cmake
- curl - curl
- firewalld - firewalld
- git - git
- glances
- htop - htop
- httpie - httpie
- ifplugd
- iotop - iotop
- less - less
- libpam-systemd - libpam-systemd
@ -52,6 +49,7 @@
- python3-dev - python3-dev
- python3-pip - python3-pip
- rkhunter - rkhunter
- rclone
- rsync - rsync
- unattended-upgrades - unattended-upgrades
- vim - vim
@ -65,59 +63,21 @@
enabled: true enabled: true
masked: no masked: no
- name: Configure ifplugd for eth0 interface
ansible.builtin.lineinfile:
path: /etc/default/ifplugd
search_string: "INTERFACES="
line: 'INTERFACES="eth0"'
owner: root
group: root
mode: "0644"
- name: Ensure ifplugd service is enabled
ansible.builtin.systemd_service:
name: ifplugd
enabled: true
- name: Ensure systemd-networkd is enabled - name: Ensure systemd-networkd is enabled
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: systemd-networkd name: systemd-networkd
enabled: true enabled: true
- name: Ensure clamav-daemon is enabled
ansible.builtin.systemd_service:
name: clamav-daemon
enabled: true
- name: Ensure clamav-freshclam is enabled
ansible.builtin.systemd_service:
name: clamav-freshclam
enabled: true
- name: Ensure man-db.timer is enabled - name: Ensure man-db.timer is enabled
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: man-db.timer name: man-db.timer
enabled: true enabled: true
- name: Configure systemd-networkd for eth0 interface
ansible.builtin.blockinfile:
path: /etc/systemd/network/eth0.network
create: true
block: |
[Match]
Name=eth0
[Network]
DHCP=yes
owner: root
group: root
mode: "0644"
- name: Configure unattended-upgrades mail user - name: Configure unattended-upgrades mail user
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/apt/apt.conf.d/50unattended-upgrades path: /etc/apt/apt.conf.d/50unattended-upgrades
search_string: "//Unattended-Upgrade::Mail" search_string: "//Unattended-Upgrade::Mail"
line: 'Unattended-Upgrade::Mail "dietpi";' line: 'Unattended-Upgrade::Mail "jas";'
owner: root owner: root
group: root group: root
mode: "0644" mode: "0644"
@ -142,7 +102,7 @@
- name: Set the shell to zsh for dietpi user - name: Set the shell to zsh for dietpi user
ansible.builtin.user: ansible.builtin.user:
name: dietpi name: jas
shell: /usr/bin/zsh shell: /usr/bin/zsh
- name: Check if reboot is required - name: Check if reboot is required