mirror of
https://codeberg.org/hyperreal/ansible-homelab
synced 2024-11-25 11:23:42 +01:00
Add debian-server.yml playbook
This commit is contained in:
parent
017364b496
commit
97f5caa7e0
119
debian-server.yml
Normal file
119
debian-server.yml
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
---
|
||||||
|
- name: Provision a Debian server on a remote VPS
|
||||||
|
hosts: remotes
|
||||||
|
become: true
|
||||||
|
tasks:
|
||||||
|
- name: Update cache and all packages
|
||||||
|
register: updatesys
|
||||||
|
ansible.builtin.apt:
|
||||||
|
upgrade: dist
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Display the last line of the previous task to check the stats
|
||||||
|
ansible.builtin.debug:
|
||||||
|
msg: "{{updatesys.stdout_lines|last}}"
|
||||||
|
|
||||||
|
- name: Install basic packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: true
|
||||||
|
name:
|
||||||
|
- apt-file
|
||||||
|
- apt-listchanges
|
||||||
|
- apt-utils
|
||||||
|
- curl
|
||||||
|
- fail2ban
|
||||||
|
- firewalld
|
||||||
|
- git
|
||||||
|
- htop
|
||||||
|
- less
|
||||||
|
- man-db
|
||||||
|
- manpages
|
||||||
|
- pipx
|
||||||
|
- python3-dev
|
||||||
|
- python3-pip
|
||||||
|
- rsync
|
||||||
|
- unattended-upgrades
|
||||||
|
- vim
|
||||||
|
- wget
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure man-db.timer is enabled
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: man-db.timer
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Disable apt downloading translations
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/apt/apt.conf.d/99translations
|
||||||
|
create: true
|
||||||
|
line: 'Acquire::Languages "none";'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Ensure /var/log/auth.log exists for fail2ban
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /var/log/auth.log
|
||||||
|
state: touch
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Ensure firewalld is enabled
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: firewalld
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Ensure the user 'jas' exists
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: jas
|
||||||
|
shell: /bin/bash
|
||||||
|
create_home: true
|
||||||
|
|
||||||
|
- name: Ensure ~/.ssh exists for the user 'jas'
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /home/jas/.ssh
|
||||||
|
state: directory
|
||||||
|
owner: jas
|
||||||
|
group: jas
|
||||||
|
mode: "0700"
|
||||||
|
|
||||||
|
- name: Ensure SSH authorized key exists for the user 'jas'
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: /root/.ssh/authorized_keys
|
||||||
|
remote_src: true
|
||||||
|
dest: /home/jas/.ssh/authorized_keys
|
||||||
|
owner: jas
|
||||||
|
group: jas
|
||||||
|
mode: "0600"
|
||||||
|
|
||||||
|
- name: Ensure sudo no password privileges for the user 'jas'
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/sudoers.d/jas
|
||||||
|
create: true
|
||||||
|
state: present
|
||||||
|
line: "jas ALL=(ALL) NOPASSWD: ALL"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0640"
|
||||||
|
validate: /usr/sbin/visudo -csf %s
|
||||||
|
|
||||||
|
- name: Check if reboot is required
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /var/run/reboot-required
|
||||||
|
register: reboot_required
|
||||||
|
|
||||||
|
- name: Set is_reboot_required fact
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
is_reboot_required: "{{ True if reboot_required.stat.exists else False }}"
|
||||||
|
|
||||||
|
- name: Reboot is needed
|
||||||
|
ansible.builtin.reboot:
|
||||||
|
reboot_timeout: 120
|
||||||
|
when: is_reboot_required | bool
|
||||||
|
|
||||||
|
- name: Post-reboot confirmation
|
||||||
|
ansible.builtin.debug:
|
||||||
|
msg: "{{ ansible_host }} is now back up and running"
|
||||||
|
when: is_reboot_required | bool
|
@ -13,3 +13,10 @@ homelab:
|
|||||||
ansible_user: jas
|
ansible_user: jas
|
||||||
ansible_host: 10.0.0.12
|
ansible_host: 10.0.0.12
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
|
||||||
|
remotes:
|
||||||
|
hosts:
|
||||||
|
bsky.hyperreal.coffee:
|
||||||
|
ansible_user: root
|
||||||
|
ansible_host: 172.234.24.234
|
||||||
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
Loading…
Reference in New Issue
Block a user