mirror of
https://codeberg.org/hyperreal/ansible-homelab
synced 2024-11-01 08:33:07 +01:00
Add debian-vm-setup.yml; update inventory.yml
This commit is contained in:
Jeffrey Serio
parent
6261bba77b
commit
0659e51b09
186
debian-vm-setup.yml
Normal file
186
debian-vm-setup.yml
Normal file
@ -0,0 +1,186 @@
|
||||
---
|
||||
- name: Provision a Debian server on a virtual machine
|
||||
hosts: vms
|
||||
become: true
|
||||
tasks:
|
||||
- name: Configure APT sources
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/apt/sources.list
|
||||
block: |
|
||||
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
|
||||
deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
|
||||
deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Disable apt downloading translations
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/apt/apt.conf.d/99translations
|
||||
create: true
|
||||
line: 'Acquire::Languages "none";'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Update cache and all packages
|
||||
register: updatesys
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
update_cache: true
|
||||
|
||||
- name: Display the last line of the previous task to check the stats
|
||||
ansible.builtin.debug:
|
||||
msg: "{{updatesys.stdout_lines|last}}"
|
||||
|
||||
- name: Install basic packages
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
name:
|
||||
- apt-file
|
||||
- apt-listchanges
|
||||
- apt-utils
|
||||
- atop
|
||||
- autoconf
|
||||
- automake
|
||||
- bat
|
||||
- build-essential
|
||||
- byobu
|
||||
- cmake
|
||||
- curl
|
||||
- firewalld
|
||||
- git
|
||||
- htop
|
||||
- jc
|
||||
- jq
|
||||
- less
|
||||
- man-db
|
||||
- manpages
|
||||
- pipx
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- rclone
|
||||
- rsync
|
||||
- sudo
|
||||
- systemd-resolved
|
||||
- unattended-upgrades
|
||||
- vim
|
||||
- wget
|
||||
- zsh
|
||||
state: present
|
||||
|
||||
- name: Ensure man-db.timer is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: man-db.timer
|
||||
enabled: true
|
||||
|
||||
- name: Copy 20auto-upgrades
|
||||
ansible.builtin.copy:
|
||||
src: etc/apt/apt.conf.d/20auto-upgrades
|
||||
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Copy 50unattended-upgrades
|
||||
ansible.builtin.copy:
|
||||
src: etc/apt/apt.conf.d/50unattended-upgrades
|
||||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Ensure unattended-upgrades is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: unattended-upgrades
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Ensure firewalld is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: firewalld
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Ensure sudo no password privileges for the user 'jas'
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/sudoers.d/jas
|
||||
create: true
|
||||
state: present
|
||||
line: "jas ALL=(ALL) NOPASSWD: ALL"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0640"
|
||||
validate: /usr/sbin/visudo -csf %s
|
||||
|
||||
- name: Ensure the shell is set to zsh for user
|
||||
ansible.builtin.user:
|
||||
name: jas
|
||||
shell: /usr/bin/zsh
|
||||
|
||||
- name: Ensure ethernet interface is configured for systemd-networkd
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/systemd/network/ens3.network
|
||||
create: true
|
||||
state: present
|
||||
block: |
|
||||
[Match]
|
||||
Name=ens3
|
||||
|
||||
[Network]
|
||||
DHCP=yes
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Ensure systemd-networkd is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: systemd-networkd
|
||||
enabled: true
|
||||
|
||||
- name: Ensure systemd-resolved is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: systemd-resolved
|
||||
enabled: true
|
||||
|
||||
- name: Ensure default network.service is disabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: networking
|
||||
enabled: false
|
||||
|
||||
- name: Ensure glances systemd unit is in place for user
|
||||
ansible.builtin.blockinfile:
|
||||
path: /home/jas/.config/systemd/user/glances.service
|
||||
create: true
|
||||
state: present
|
||||
block: |
|
||||
[Unit]
|
||||
Description=Glances
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/home/jas/.local/bin/glances -s
|
||||
Restart=always
|
||||
RemainAfterExit=no
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
owner: jas
|
||||
group: jas
|
||||
mode: "0644"
|
||||
|
||||
- name: Ensure empty .zshrc is in place for user
|
||||
ansible.builtin.file:
|
||||
path: /home/jas/.zshrc
|
||||
state: touch
|
||||
owner: jas
|
||||
group: jas
|
||||
mode: "0644"
|
||||
|
||||
- name: Reboot the system
|
||||
ansible.builtin.reboot:
|
||||
reboot_timeout: 120
|
||||
|
||||
- name: Post-reboot confirmation
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ ansible_host }} is now back up and running"
|
||||
@ -28,3 +28,10 @@ vps:
|
||||
ansible_user: root
|
||||
ansible_host: hyperreal.coffee
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
|
||||
vms:
|
||||
hosts:
|
||||
hyperreal:
|
||||
ansible_user: root
|
||||
ansible_host: 10.0.0.26
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
|
||||
Loading…
Reference in New Issue
Block a user