mirror of
https://codeberg.org/hyperreal/ansible-homelab
synced 2024-11-25 11:23:42 +01:00
Add debian-vm-setup.yml; update inventory.yml
This commit is contained in:
parent
6261bba77b
commit
0659e51b09
186
debian-vm-setup.yml
Normal file
186
debian-vm-setup.yml
Normal file
@ -0,0 +1,186 @@
|
|||||||
|
---
|
||||||
|
- name: Provision a Debian server on a virtual machine
|
||||||
|
hosts: vms
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: Configure APT sources
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
path: /etc/apt/sources.list
|
||||||
|
block: |
|
||||||
|
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
|
||||||
|
deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
|
||||||
|
deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Disable apt downloading translations
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/apt/apt.conf.d/99translations
|
||||||
|
create: true
|
||||||
|
line: 'Acquire::Languages "none";'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Update cache and all packages
|
||||||
|
register: updatesys
|
||||||
|
ansible.builtin.apt:
|
||||||
|
upgrade: dist
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Display the last line of the previous task to check the stats
|
||||||
|
ansible.builtin.debug:
|
||||||
|
msg: "{{updatesys.stdout_lines|last}}"
|
||||||
|
|
||||||
|
- name: Install basic packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: true
|
||||||
|
name:
|
||||||
|
- apt-file
|
||||||
|
- apt-listchanges
|
||||||
|
- apt-utils
|
||||||
|
- atop
|
||||||
|
- autoconf
|
||||||
|
- automake
|
||||||
|
- bat
|
||||||
|
- build-essential
|
||||||
|
- byobu
|
||||||
|
- cmake
|
||||||
|
- curl
|
||||||
|
- firewalld
|
||||||
|
- git
|
||||||
|
- htop
|
||||||
|
- jc
|
||||||
|
- jq
|
||||||
|
- less
|
||||||
|
- man-db
|
||||||
|
- manpages
|
||||||
|
- pipx
|
||||||
|
- python3-dev
|
||||||
|
- python3-pip
|
||||||
|
- rclone
|
||||||
|
- rsync
|
||||||
|
- sudo
|
||||||
|
- systemd-resolved
|
||||||
|
- unattended-upgrades
|
||||||
|
- vim
|
||||||
|
- wget
|
||||||
|
- zsh
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure man-db.timer is enabled
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: man-db.timer
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Copy 20auto-upgrades
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: etc/apt/apt.conf.d/20auto-upgrades
|
||||||
|
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Copy 50unattended-upgrades
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Ensure unattended-upgrades is enabled
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: unattended-upgrades
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Ensure firewalld is enabled
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: firewalld
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Ensure sudo no password privileges for the user 'jas'
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/sudoers.d/jas
|
||||||
|
create: true
|
||||||
|
state: present
|
||||||
|
line: "jas ALL=(ALL) NOPASSWD: ALL"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0640"
|
||||||
|
validate: /usr/sbin/visudo -csf %s
|
||||||
|
|
||||||
|
- name: Ensure the shell is set to zsh for user
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: jas
|
||||||
|
shell: /usr/bin/zsh
|
||||||
|
|
||||||
|
- name: Ensure ethernet interface is configured for systemd-networkd
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
path: /etc/systemd/network/ens3.network
|
||||||
|
create: true
|
||||||
|
state: present
|
||||||
|
block: |
|
||||||
|
[Match]
|
||||||
|
Name=ens3
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
DHCP=yes
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Ensure systemd-networkd is enabled
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: systemd-networkd
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Ensure systemd-resolved is enabled
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: systemd-resolved
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Ensure default network.service is disabled
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: networking
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
- name: Ensure glances systemd unit is in place for user
|
||||||
|
ansible.builtin.blockinfile:
|
||||||
|
path: /home/jas/.config/systemd/user/glances.service
|
||||||
|
create: true
|
||||||
|
state: present
|
||||||
|
block: |
|
||||||
|
[Unit]
|
||||||
|
Description=Glances
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/home/jas/.local/bin/glances -s
|
||||||
|
Restart=always
|
||||||
|
RemainAfterExit=no
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
||||||
|
owner: jas
|
||||||
|
group: jas
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Ensure empty .zshrc is in place for user
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /home/jas/.zshrc
|
||||||
|
state: touch
|
||||||
|
owner: jas
|
||||||
|
group: jas
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Reboot the system
|
||||||
|
ansible.builtin.reboot:
|
||||||
|
reboot_timeout: 120
|
||||||
|
|
||||||
|
- name: Post-reboot confirmation
|
||||||
|
ansible.builtin.debug:
|
||||||
|
msg: "{{ ansible_host }} is now back up and running"
|
@ -28,3 +28,10 @@ vps:
|
|||||||
ansible_user: root
|
ansible_user: root
|
||||||
ansible_host: hyperreal.coffee
|
ansible_host: hyperreal.coffee
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
|
||||||
|
vms:
|
||||||
|
hosts:
|
||||||
|
hyperreal:
|
||||||
|
ansible_user: root
|
||||||
|
ansible_host: 10.0.0.26
|
||||||
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
Loading…
Reference in New Issue
Block a user