Add debian-vm-setup.yml; update inventory.yml

This commit is contained in:
Jeffrey Serio 2024-07-01 00:24:27 -05:00
parent 6261bba77b
commit 0659e51b09
2 changed files with 193 additions and 0 deletions

186
debian-vm-setup.yml Normal file
View File

@ -0,0 +1,186 @@
---
- name: Provision a Debian server on a virtual machine
hosts: vms
become: true
tasks:
- name: Configure APT sources
ansible.builtin.blockinfile:
path: /etc/apt/sources.list
block: |
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
owner: root
group: root
mode: "0644"
- name: Disable apt downloading translations
ansible.builtin.lineinfile:
path: /etc/apt/apt.conf.d/99translations
create: true
line: 'Acquire::Languages "none";'
owner: root
group: root
mode: "0644"
- name: Update cache and all packages
register: updatesys
ansible.builtin.apt:
upgrade: dist
update_cache: true
- name: Display the last line of the previous task to check the stats
ansible.builtin.debug:
msg: "{{updatesys.stdout_lines|last}}"
- name: Install basic packages
ansible.builtin.apt:
update_cache: true
name:
- apt-file
- apt-listchanges
- apt-utils
- atop
- autoconf
- automake
- bat
- build-essential
- byobu
- cmake
- curl
- firewalld
- git
- htop
- jc
- jq
- less
- man-db
- manpages
- pipx
- python3-dev
- python3-pip
- rclone
- rsync
- sudo
- systemd-resolved
- unattended-upgrades
- vim
- wget
- zsh
state: present
- name: Ensure man-db.timer is enabled
ansible.builtin.systemd_service:
name: man-db.timer
enabled: true
- name: Copy 20auto-upgrades
ansible.builtin.copy:
src: etc/apt/apt.conf.d/20auto-upgrades
dest: /etc/apt/apt.conf.d/20auto-upgrades
owner: root
group: root
mode: "0644"
- name: Copy 50unattended-upgrades
ansible.builtin.copy:
src: etc/apt/apt.conf.d/50unattended-upgrades
dest: /etc/apt/apt.conf.d/50unattended-upgrades
owner: root
group: root
mode: "0644"
- name: Ensure unattended-upgrades is enabled
ansible.builtin.systemd_service:
name: unattended-upgrades
enabled: true
state: started
- name: Ensure firewalld is enabled
ansible.builtin.systemd_service:
name: firewalld
enabled: true
state: started
- name: Ensure sudo no password privileges for the user 'jas'
ansible.builtin.lineinfile:
path: /etc/sudoers.d/jas
create: true
state: present
line: "jas ALL=(ALL) NOPASSWD: ALL"
owner: root
group: root
mode: "0640"
validate: /usr/sbin/visudo -csf %s
- name: Ensure the shell is set to zsh for user
ansible.builtin.user:
name: jas
shell: /usr/bin/zsh
- name: Ensure ethernet interface is configured for systemd-networkd
ansible.builtin.blockinfile:
path: /etc/systemd/network/ens3.network
create: true
state: present
block: |
[Match]
Name=ens3
[Network]
DHCP=yes
owner: root
group: root
mode: "0644"
- name: Ensure systemd-networkd is enabled
ansible.builtin.systemd_service:
name: systemd-networkd
enabled: true
- name: Ensure systemd-resolved is enabled
ansible.builtin.systemd_service:
name: systemd-resolved
enabled: true
- name: Ensure default network.service is disabled
ansible.builtin.systemd_service:
name: networking
enabled: false
- name: Ensure glances systemd unit is in place for user
ansible.builtin.blockinfile:
path: /home/jas/.config/systemd/user/glances.service
create: true
state: present
block: |
[Unit]
Description=Glances
After=network.target
[Service]
ExecStart=/home/jas/.local/bin/glances -s
Restart=always
RemainAfterExit=no
[Install]
WantedBy=default.target
owner: jas
group: jas
mode: "0644"
- name: Ensure empty .zshrc is in place for user
ansible.builtin.file:
path: /home/jas/.zshrc
state: touch
owner: jas
group: jas
mode: "0644"
- name: Reboot the system
ansible.builtin.reboot:
reboot_timeout: 120
- name: Post-reboot confirmation
ansible.builtin.debug:
msg: "{{ ansible_host }} is now back up and running"

View File

@ -28,3 +28,10 @@ vps:
ansible_user: root ansible_user: root
ansible_host: hyperreal.coffee ansible_host: hyperreal.coffee
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
vms:
hosts:
hyperreal:
ansible_user: root
ansible_host: 10.0.0.26
ansible_python_interpreter: /usr/bin/python3