Add debian-archive and update roles

README.md

@@ -1,61 +0,0 @@
-# ansible-homelab
-
-I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
-
-## Example
-
-Initialize an instance:
-
-``` shell
-lxc init images:debian/12/cloud debian-mail --storage lxd-pool
-```
-
-Configure the instance with cloud-init:
-
-```shell
-lxc config set debian-mail cloud-init.user-data - <<- EOF
-#cloud-config
-users:
-  - name: debian
-    ssh_authorized_keys:
-      - ssh-ed25519 ...
-    sudo: 'ALL=(ALL) NOPASSWD: ALL'
-    lock_passwd: false
-    passwd: $6$rounds=4096$aVIiqgNjZRRxZXRa$rshJoBQ4gedhAmIT3kSvwxyw6AmD4ZYQFHrUMmgnH70F98yLrt7w3bO9bOy9tWHRK0X3TlC/dUnzDBla3Ti6H
-packages:
-  - python3-dev
-  - ssh
-EOF
-```
-
-The hashed password can be generated with the `mkpasswd` command, which, for some reason, is provided by the *whois* package on Ubuntu-based systems:
-
-```shell
-sudo apt install -y whois
-mkpasswd --method=SHA-512 --rounds=4096
-```
-
-Copy and paste the result as the value of the passwd key in the cloud-config.
-
-Start the instance, then check the cloud-init status:
-
-```shell
-lxc start debian-mail 
-lxc exec debian-mail -- cloud-init status --wait
-```
-
-Once that's done, you should be able to ssh directly to the debian user, and Ansible will be ready to run.
-
-Add instance IP address to `hosts.ini`:
-
-``` ini
-[homelab]
-10.227.115.42
-```
-
-Run the `setup.yml` playbook for all roles, or choose specific roles with `--tags`:
-
-``` shell
-ansible-playbook -i hosts.ini setup.yml -u debian -b
-ansible-playbook -i hosts.ini setup.yml --tags debian-mail -u debian -b
-```

README.org

@@ -0,0 +1,86 @@
+* ansible-homelab
+
+I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
+
+** Example
+Initialize an instance:
+
+#+begin_src shell
+lxc init images:debian/12/cloud debian-archive --storage lxd-pool
+#+end_src
+
+Configure the instance for cloud-init:
+
+#+begin_src shell
+lxc config set debian-archive cloud-init.user-data - <<- EOF
+#cloud-config
+users:
+  - name: debian
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
+    sudo: 'ALL=(ALL) NOPASSWD: ALL'
+    shell: /bin/bash
+    lock_passwd: true
+apt:
+  sources_list: |
+    deb http://deb.debian.org/debian $RELEASE main
+    deb http://deb.debian.org/debian $RELEASE-updates main
+    deb http://deb.debian.org/debian-security/ $RELEASE-security main
+    deb http://deb.debian.org/debian $RELEASE-backports
+package_update: true
+package_upgrade: true
+packages:
+  - curl
+  - debian-keyring
+  - debsig-verify
+  - git
+  - nodejs
+  - npm
+  - notmuch
+  - offlineimap3
+  - pass
+  - python3-dev
+  - python3-pip
+  - ripgrep
+  - ssh
+  - wget
+  - xauth
+  - youtube-dl
+rsyslog:
+  configs:
+    - content: "*.* @10.0.0.41:514"
+      filename: 99-forward.conf
+  remotes:
+    moonshadow: 10.0.0.41
+timezone: America/Chicago
+EOF
+#+end_src
+
+Start the instance, then check the cloud-init status:
+
+#+begin_src shell
+lxc start debian-archive
+lxc exec debian-archive -- cloud-init status --wait
+#+end_src
+
+SSH into the new instance to accept the host key:
+
+#+begin_src shell
+ssh debian@10.227.115.42
+#+end_src
+
+Once that's done, you should be able to SSH directly to the debian user, and Ansible will be ready to run.
+
+Add the instance's IP address to hosts.ini:
+
+#+begin_src yaml
+[homelab]
+10.227.115.42
+#+end_src
+
+Run the setup.yml playbook for all roles, or choose specific roles with --tags:
+
+#+begin_src shell
+ansible-playbook -i hosts.ini setup.yml -u debian -b
+ansible-playbook -i hosts.ini setup.yml --tags debian-archive -u debian -b
+#+end_src

cloud-init/debian-archive.yml

@@ -15,14 +15,22 @@ apt:
 package_update: true
 package_upgrade: true
 packages:
+  - curl
   - debian-keyring
   - debsig-verify
+  - git
+  - nodejs
+  - npm
   - notmuch
   - offlineimap3
   - pass
   - python3-dev
+  - python3-pip
+  - ripgrep
   - ssh
   - wget
+  - xauth
+  - youtube-dl
 rsyslog:
   configs:
     - content: "*.* @10.0.0.41:514"

cloud-init/debian-borg.yml

@@ -1,25 +0,0 @@
-#cloud-config
-package_update: true
-package_upgrade: true
-packages:
-  - borgbackup
-  - borgmatic
-  - ssh
-  - rsync
-  - rsyslog
-rsyslog:
-  configs:
-    - content: "*.* @10.0.0.41"
-      filename: 99-forward.conf
-  remotes:
-    moonshadow: 10.0.0.41
-runcmd:
-  - [ mkdir, -p, /borg ]
-timezone: America/Chicago
-users:
-  - name: root
-    ssh_authorized_keys:
-      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
-      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItZX/e12RMbdTov8HYLTLTiY0U08X8z73LXdlRMNkTZ jas@moonshadow
-      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXUMrnu1NPslYWRiWyvbYudwC32DW1Wb/btiuJ8yUPx root@moonshadow
-    lock_passwd: true

cloud-init/debian-serv.yml

@@ -8,7 +8,9 @@ apt:
 package_update: true
 package_upgrade: true
 packages:
+  - acl
   - apt-transport-https
+  - apt-utils
   - build-essential
   - certbot
   - curl
@@ -16,6 +18,8 @@ packages:
   - debian-archive-keyring
   - git
   - golang
+  - man-db
+  - manpages
   - ssh
   - python3-dev
   - python3-pip

cloud-init/ubuntu-archivebox.yml

@@ -1,28 +0,0 @@
-#cloud-config
-package_update: true
-package_upgrade: true
-packages:
-  - curl
-  - git
-  - nodejs
-  - npm
-  - python3-dev
-  - python3-pip
-  - ripgrep
-  - wget
-  - xauth
-  - youtube-dl
-users:
-  - name: archivebox
-    ssh_authorized_keys:
-      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
-    sudo: 'ALL=(ALL) NOPASSWD: ALL'
-    shell: /bin/bash
-    lock_passwd: true
-rsyslog:
-  configs:
-    - content: "*.* @10.0.0.41:514"
-      filename: 99-forward.conf
-  remotes:
-    moonshadow: 10.0.0.41
-timezone: America/Chicago

hosts.ini

@@ -1,3 +1,5 @@
 [homelab]
-debian-mail
+debian-archive
 debian-serv
+fedora-transmission
+ubuntu-mastodon

roles/debian-archive/tasks/main.yml

@@ -121,6 +121,30 @@
     name: offlineimap-oneshot.timer
     enabled: true
 
+- name: Create archivebox.service
+  ansible.builtin.blockinfile:
+    path: /etc/systemd/system/archivebox.service
+    create: true
+    block: |
+      [Unit]
+      Description=Archivebox server
+      After=network.target network-online.target
+      Requires=network-online.target
+
+      [Service]
+      Type=simple
+      User=debian
+      Group=debian
+      ExecStart=/usr/local/bin/archivebox server 0.0.0.0:8000
+      WorkingDirectory=/home/debian/data
+
+      [Install]
+      WantedBy=multi-user.target
+
+- name: Install Archivebox
+  ansible.builtin.shell:
+    cmd: sudo pip install archivebox --break-system-packages
+
 - name: Message to Ansible user
   ansible.builtin.debug:
     msg:
@@ -129,6 +153,9 @@
       - "Wait for the sync to finish."
       - "Copy SMTP password and add it to /home/debian/.offlineimaprc"
       - "Run 'notmuch setup'"
-      - "Run 'sudo systemctl enable --now pm-bridge-tty.service'"
-      - "Run 'sudo systemctl start offlineimap-oneshot.service'"
-      - "Run 'sudo systemctl enable offlineimap-oneshot.timer'"
+      - "sudo systemctl enable --now pm-bridge-tty.service"
+      - "sudo systemctl start offlineimap-oneshot.service"
+      - "sudo systemctl enable offlineimap-oneshot.timer"
+      - "mkdir /home/debian/data"
+      - "cd /home/debian/data"
+      - "archivebox init"

roles/update/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+# tasks file for update
+
+- name: Update packages on all Debian/Ubuntu systems
+  ansible.builtin.apt:
+    upgrade: dist
+    update_cache: true
+    cache_valid_time: 3600
+  when:
+    - ansible_facts["os_family"] == "Debian"
+
+- name: Update packages on Fedora systems
+  ansible.builtin.dnf:
+    name: "*"
+    state: latest
+  when:
+    - ansible_facts["distribution"] == "Fedora"

setup.yml

@@ -2,5 +2,6 @@
   hosts: homelab
   roles:
     # Tag each role so that we can select individual roles to run with ansible-playbook --tags
-    - {role: debian-mail, tags: ['debian-mail']}
+    - {role: update, tags: ['update']}
+    - {role: debian-archive, tags: ['debian-archive']}
     - {role: debian-serv, tags: ['debian-serv']}