mirror of
https://codeberg.org/hyperreal/ansible-homelab
synced 2024-11-01 08:33:07 +01:00
Add debian-archive and update roles
This commit is contained in:
parent
b301937c7d
commit
9f183c1984
61
README.md
61
README.md
@ -1,61 +0,0 @@
|
||||
# ansible-homelab
|
||||
|
||||
I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
|
||||
|
||||
## Example
|
||||
|
||||
Initialize an instance:
|
||||
|
||||
``` shell
|
||||
lxc init images:debian/12/cloud debian-mail --storage lxd-pool
|
||||
```
|
||||
|
||||
Configure the instance with cloud-init:
|
||||
|
||||
```shell
|
||||
lxc config set debian-mail cloud-init.user-data - <<- EOF
|
||||
#cloud-config
|
||||
users:
|
||||
- name: debian
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 ...
|
||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
||||
lock_passwd: false
|
||||
passwd: $6$rounds=4096$aVIiqgNjZRRxZXRa$rshJoBQ4gedhAmIT3kSvwxyw6AmD4ZYQFHrUMmgnH70F98yLrt7w3bO9bOy9tWHRK0X3TlC/dUnzDBla3Ti6H
|
||||
packages:
|
||||
- python3-dev
|
||||
- ssh
|
||||
EOF
|
||||
```
|
||||
|
||||
The hashed password can be generated with the `mkpasswd` command, which, for some reason, is provided by the *whois* package on Ubuntu-based systems:
|
||||
|
||||
```shell
|
||||
sudo apt install -y whois
|
||||
mkpasswd --method=SHA-512 --rounds=4096
|
||||
```
|
||||
|
||||
Copy and paste the result as the value of the passwd key in the cloud-config.
|
||||
|
||||
Start the instance, then check the cloud-init status:
|
||||
|
||||
```shell
|
||||
lxc start debian-mail
|
||||
lxc exec debian-mail -- cloud-init status --wait
|
||||
```
|
||||
|
||||
Once that's done, you should be able to ssh directly to the debian user, and Ansible will be ready to run.
|
||||
|
||||
Add instance IP address to `hosts.ini`:
|
||||
|
||||
``` ini
|
||||
[homelab]
|
||||
10.227.115.42
|
||||
```
|
||||
|
||||
Run the `setup.yml` playbook for all roles, or choose specific roles with `--tags`:
|
||||
|
||||
``` shell
|
||||
ansible-playbook -i hosts.ini setup.yml -u debian -b
|
||||
ansible-playbook -i hosts.ini setup.yml --tags debian-mail -u debian -b
|
||||
```
|
86
README.org
Normal file
86
README.org
Normal file
@ -0,0 +1,86 @@
|
||||
* ansible-homelab
|
||||
|
||||
I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
|
||||
|
||||
** Example
|
||||
Initialize an instance:
|
||||
|
||||
#+begin_src shell
|
||||
lxc init images:debian/12/cloud debian-archive --storage lxd-pool
|
||||
#+end_src
|
||||
|
||||
Configure the instance for cloud-init:
|
||||
|
||||
#+begin_src shell
|
||||
lxc config set debian-archive cloud-init.user-data - <<- EOF
|
||||
#cloud-config
|
||||
users:
|
||||
- name: debian
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
|
||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
||||
shell: /bin/bash
|
||||
lock_passwd: true
|
||||
apt:
|
||||
sources_list: |
|
||||
deb http://deb.debian.org/debian $RELEASE main
|
||||
deb http://deb.debian.org/debian $RELEASE-updates main
|
||||
deb http://deb.debian.org/debian-security/ $RELEASE-security main
|
||||
deb http://deb.debian.org/debian $RELEASE-backports
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- curl
|
||||
- debian-keyring
|
||||
- debsig-verify
|
||||
- git
|
||||
- nodejs
|
||||
- npm
|
||||
- notmuch
|
||||
- offlineimap3
|
||||
- pass
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- ripgrep
|
||||
- ssh
|
||||
- wget
|
||||
- xauth
|
||||
- youtube-dl
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.41:514"
|
||||
filename: 99-forward.conf
|
||||
remotes:
|
||||
moonshadow: 10.0.0.41
|
||||
timezone: America/Chicago
|
||||
EOF
|
||||
#+end_src
|
||||
|
||||
Start the instance, then check the cloud-init status:
|
||||
|
||||
#+begin_src shell
|
||||
lxc start debian-archive
|
||||
lxc exec debian-archive -- cloud-init status --wait
|
||||
#+end_src
|
||||
|
||||
SSH into the new instance to accept the host key:
|
||||
|
||||
#+begin_src shell
|
||||
ssh debian@10.227.115.42
|
||||
#+end_src
|
||||
|
||||
Once that's done, you should be able to SSH directly to the debian user, and Ansible will be ready to run.
|
||||
|
||||
Add the instance's IP address to hosts.ini:
|
||||
|
||||
#+begin_src yaml
|
||||
[homelab]
|
||||
10.227.115.42
|
||||
#+end_src
|
||||
|
||||
Run the setup.yml playbook for all roles, or choose specific roles with --tags:
|
||||
|
||||
#+begin_src shell
|
||||
ansible-playbook -i hosts.ini setup.yml -u debian -b
|
||||
ansible-playbook -i hosts.ini setup.yml --tags debian-archive -u debian -b
|
||||
#+end_src
|
@ -15,14 +15,22 @@ apt:
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- curl
|
||||
- debian-keyring
|
||||
- debsig-verify
|
||||
- git
|
||||
- nodejs
|
||||
- npm
|
||||
- notmuch
|
||||
- offlineimap3
|
||||
- pass
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- ripgrep
|
||||
- ssh
|
||||
- wget
|
||||
- xauth
|
||||
- youtube-dl
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.41:514"
|
@ -1,25 +0,0 @@
|
||||
#cloud-config
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- borgbackup
|
||||
- borgmatic
|
||||
- ssh
|
||||
- rsync
|
||||
- rsyslog
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.41"
|
||||
filename: 99-forward.conf
|
||||
remotes:
|
||||
moonshadow: 10.0.0.41
|
||||
runcmd:
|
||||
- [ mkdir, -p, /borg ]
|
||||
timezone: America/Chicago
|
||||
users:
|
||||
- name: root
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItZX/e12RMbdTov8HYLTLTiY0U08X8z73LXdlRMNkTZ jas@moonshadow
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXUMrnu1NPslYWRiWyvbYudwC32DW1Wb/btiuJ8yUPx root@moonshadow
|
||||
lock_passwd: true
|
@ -8,7 +8,9 @@ apt:
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- acl
|
||||
- apt-transport-https
|
||||
- apt-utils
|
||||
- build-essential
|
||||
- certbot
|
||||
- curl
|
||||
@ -16,6 +18,8 @@ packages:
|
||||
- debian-archive-keyring
|
||||
- git
|
||||
- golang
|
||||
- man-db
|
||||
- manpages
|
||||
- ssh
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
|
@ -1,28 +0,0 @@
|
||||
#cloud-config
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- curl
|
||||
- git
|
||||
- nodejs
|
||||
- npm
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- ripgrep
|
||||
- wget
|
||||
- xauth
|
||||
- youtube-dl
|
||||
users:
|
||||
- name: archivebox
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
|
||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
||||
shell: /bin/bash
|
||||
lock_passwd: true
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.41:514"
|
||||
filename: 99-forward.conf
|
||||
remotes:
|
||||
moonshadow: 10.0.0.41
|
||||
timezone: America/Chicago
|
@ -1,3 +1,5 @@
|
||||
[homelab]
|
||||
debian-mail
|
||||
debian-archive
|
||||
debian-serv
|
||||
fedora-transmission
|
||||
ubuntu-mastodon
|
||||
|
@ -121,6 +121,30 @@
|
||||
name: offlineimap-oneshot.timer
|
||||
enabled: true
|
||||
|
||||
- name: Create archivebox.service
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/systemd/system/archivebox.service
|
||||
create: true
|
||||
block: |
|
||||
[Unit]
|
||||
Description=Archivebox server
|
||||
After=network.target network-online.target
|
||||
Requires=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=debian
|
||||
Group=debian
|
||||
ExecStart=/usr/local/bin/archivebox server 0.0.0.0:8000
|
||||
WorkingDirectory=/home/debian/data
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- name: Install Archivebox
|
||||
ansible.builtin.shell:
|
||||
cmd: sudo pip install archivebox --break-system-packages
|
||||
|
||||
- name: Message to Ansible user
|
||||
ansible.builtin.debug:
|
||||
msg:
|
||||
@ -129,6 +153,9 @@
|
||||
- "Wait for the sync to finish."
|
||||
- "Copy SMTP password and add it to /home/debian/.offlineimaprc"
|
||||
- "Run 'notmuch setup'"
|
||||
- "Run 'sudo systemctl enable --now pm-bridge-tty.service'"
|
||||
- "Run 'sudo systemctl start offlineimap-oneshot.service'"
|
||||
- "Run 'sudo systemctl enable offlineimap-oneshot.timer'"
|
||||
- "sudo systemctl enable --now pm-bridge-tty.service"
|
||||
- "sudo systemctl start offlineimap-oneshot.service"
|
||||
- "sudo systemctl enable offlineimap-oneshot.timer"
|
||||
- "mkdir /home/debian/data"
|
||||
- "cd /home/debian/data"
|
||||
- "archivebox init"
|
17
roles/update/tasks/main.yml
Normal file
17
roles/update/tasks/main.yml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
# tasks file for update
|
||||
|
||||
- name: Update packages on all Debian/Ubuntu systems
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
when:
|
||||
- ansible_facts["os_family"] == "Debian"
|
||||
|
||||
- name: Update packages on Fedora systems
|
||||
ansible.builtin.dnf:
|
||||
name: "*"
|
||||
state: latest
|
||||
when:
|
||||
- ansible_facts["distribution"] == "Fedora"
|
@ -2,5 +2,6 @@
|
||||
hosts: homelab
|
||||
roles:
|
||||
# Tag each role so that we can select individual roles to run with ansible-playbook --tags
|
||||
- {role: debian-mail, tags: ['debian-mail']}
|
||||
- {role: update, tags: ['update']}
|
||||
- {role: debian-archive, tags: ['debian-archive']}
|
||||
- {role: debian-serv, tags: ['debian-serv']}
|
||||
|
Loading…
Reference in New Issue
Block a user