Add debian-archive and update roles

This commit is contained in:
Jeffrey Serio 2023-06-10 16:52:27 -05:00
parent b301937c7d
commit 9f183c1984
12 changed files with 150 additions and 119 deletions

View File

@ -1,61 +0,0 @@
# ansible-homelab
I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
## Example
Initialize an instance:
``` shell
lxc init images:debian/12/cloud debian-mail --storage lxd-pool
```
Configure the instance with cloud-init:
```shell
lxc config set debian-mail cloud-init.user-data - <<- EOF
#cloud-config
users:
- name: debian
ssh_authorized_keys:
- ssh-ed25519 ...
sudo: 'ALL=(ALL) NOPASSWD: ALL'
lock_passwd: false
passwd: $6$rounds=4096$aVIiqgNjZRRxZXRa$rshJoBQ4gedhAmIT3kSvwxyw6AmD4ZYQFHrUMmgnH70F98yLrt7w3bO9bOy9tWHRK0X3TlC/dUnzDBla3Ti6H
packages:
- python3-dev
- ssh
EOF
```
The hashed password can be generated with the `mkpasswd` command, which, for some reason, is provided by the *whois* package on Ubuntu-based systems:
```shell
sudo apt install -y whois
mkpasswd --method=SHA-512 --rounds=4096
```
Copy and paste the result as the value of the passwd key in the cloud-config.
Start the instance, then check the cloud-init status:
```shell
lxc start debian-mail
lxc exec debian-mail -- cloud-init status --wait
```
Once that's done, you should be able to ssh directly to the debian user, and Ansible will be ready to run.
Add instance IP address to `hosts.ini`:
``` ini
[homelab]
10.227.115.42
```
Run the `setup.yml` playbook for all roles, or choose specific roles with `--tags`:
``` shell
ansible-playbook -i hosts.ini setup.yml -u debian -b
ansible-playbook -i hosts.ini setup.yml --tags debian-mail -u debian -b
```

86
README.org Normal file
View File

@ -0,0 +1,86 @@
* ansible-homelab
I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
** Example
Initialize an instance:
#+begin_src shell
lxc init images:debian/12/cloud debian-archive --storage lxd-pool
#+end_src
Configure the instance for cloud-init:
#+begin_src shell
lxc config set debian-archive cloud-init.user-data - <<- EOF
#cloud-config
users:
- name: debian
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
apt:
sources_list: |
deb http://deb.debian.org/debian $RELEASE main
deb http://deb.debian.org/debian $RELEASE-updates main
deb http://deb.debian.org/debian-security/ $RELEASE-security main
deb http://deb.debian.org/debian $RELEASE-backports
package_update: true
package_upgrade: true
packages:
- curl
- debian-keyring
- debsig-verify
- git
- nodejs
- npm
- notmuch
- offlineimap3
- pass
- python3-dev
- python3-pip
- ripgrep
- ssh
- wget
- xauth
- youtube-dl
rsyslog:
configs:
- content: "*.* @10.0.0.41:514"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
timezone: America/Chicago
EOF
#+end_src
Start the instance, then check the cloud-init status:
#+begin_src shell
lxc start debian-archive
lxc exec debian-archive -- cloud-init status --wait
#+end_src
SSH into the new instance to accept the host key:
#+begin_src shell
ssh debian@10.227.115.42
#+end_src
Once that's done, you should be able to SSH directly to the debian user, and Ansible will be ready to run.
Add the instance's IP address to hosts.ini:
#+begin_src yaml
[homelab]
10.227.115.42
#+end_src
Run the setup.yml playbook for all roles, or choose specific roles with --tags:
#+begin_src shell
ansible-playbook -i hosts.ini setup.yml -u debian -b
ansible-playbook -i hosts.ini setup.yml --tags debian-archive -u debian -b
#+end_src

View File

@ -15,14 +15,22 @@ apt:
package_update: true package_update: true
package_upgrade: true package_upgrade: true
packages: packages:
- curl
- debian-keyring - debian-keyring
- debsig-verify - debsig-verify
- git
- nodejs
- npm
- notmuch - notmuch
- offlineimap3 - offlineimap3
- pass - pass
- python3-dev - python3-dev
- python3-pip
- ripgrep
- ssh - ssh
- wget - wget
- xauth
- youtube-dl
rsyslog: rsyslog:
configs: configs:
- content: "*.* @10.0.0.41:514" - content: "*.* @10.0.0.41:514"

View File

@ -1,25 +0,0 @@
#cloud-config
package_update: true
package_upgrade: true
packages:
- borgbackup
- borgmatic
- ssh
- rsync
- rsyslog
rsyslog:
configs:
- content: "*.* @10.0.0.41"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
runcmd:
- [ mkdir, -p, /borg ]
timezone: America/Chicago
users:
- name: root
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItZX/e12RMbdTov8HYLTLTiY0U08X8z73LXdlRMNkTZ jas@moonshadow
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXUMrnu1NPslYWRiWyvbYudwC32DW1Wb/btiuJ8yUPx root@moonshadow
lock_passwd: true

View File

@ -8,7 +8,9 @@ apt:
package_update: true package_update: true
package_upgrade: true package_upgrade: true
packages: packages:
- acl
- apt-transport-https - apt-transport-https
- apt-utils
- build-essential - build-essential
- certbot - certbot
- curl - curl
@ -16,6 +18,8 @@ packages:
- debian-archive-keyring - debian-archive-keyring
- git - git
- golang - golang
- man-db
- manpages
- ssh - ssh
- python3-dev - python3-dev
- python3-pip - python3-pip

View File

@ -1,28 +0,0 @@
#cloud-config
package_update: true
package_upgrade: true
packages:
- curl
- git
- nodejs
- npm
- python3-dev
- python3-pip
- ripgrep
- wget
- xauth
- youtube-dl
users:
- name: archivebox
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
rsyslog:
configs:
- content: "*.* @10.0.0.41:514"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
timezone: America/Chicago

View File

@ -1,3 +1,5 @@
[homelab] [homelab]
debian-mail debian-archive
debian-serv debian-serv
fedora-transmission
ubuntu-mastodon

View File

@ -121,6 +121,30 @@
name: offlineimap-oneshot.timer name: offlineimap-oneshot.timer
enabled: true enabled: true
- name: Create archivebox.service
ansible.builtin.blockinfile:
path: /etc/systemd/system/archivebox.service
create: true
block: |
[Unit]
Description=Archivebox server
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=simple
User=debian
Group=debian
ExecStart=/usr/local/bin/archivebox server 0.0.0.0:8000
WorkingDirectory=/home/debian/data
[Install]
WantedBy=multi-user.target
- name: Install Archivebox
ansible.builtin.shell:
cmd: sudo pip install archivebox --break-system-packages
- name: Message to Ansible user - name: Message to Ansible user
ansible.builtin.debug: ansible.builtin.debug:
msg: msg:
@ -129,6 +153,9 @@
- "Wait for the sync to finish." - "Wait for the sync to finish."
- "Copy SMTP password and add it to /home/debian/.offlineimaprc" - "Copy SMTP password and add it to /home/debian/.offlineimaprc"
- "Run 'notmuch setup'" - "Run 'notmuch setup'"
- "Run 'sudo systemctl enable --now pm-bridge-tty.service'" - "sudo systemctl enable --now pm-bridge-tty.service"
- "Run 'sudo systemctl start offlineimap-oneshot.service'" - "sudo systemctl start offlineimap-oneshot.service"
- "Run 'sudo systemctl enable offlineimap-oneshot.timer'" - "sudo systemctl enable offlineimap-oneshot.timer"
- "mkdir /home/debian/data"
- "cd /home/debian/data"
- "archivebox init"

View File

@ -0,0 +1,17 @@
---
# tasks file for update
- name: Update packages on all Debian/Ubuntu systems
ansible.builtin.apt:
upgrade: dist
update_cache: true
cache_valid_time: 3600
when:
- ansible_facts["os_family"] == "Debian"
- name: Update packages on Fedora systems
ansible.builtin.dnf:
name: "*"
state: latest
when:
- ansible_facts["distribution"] == "Fedora"

View File

@ -2,5 +2,6 @@
hosts: homelab hosts: homelab
roles: roles:
# Tag each role so that we can select individual roles to run with ansible-playbook --tags # Tag each role so that we can select individual roles to run with ansible-playbook --tags
- {role: debian-mail, tags: ['debian-mail']} - {role: update, tags: ['update']}
- {role: debian-archive, tags: ['debian-archive']}
- {role: debian-serv, tags: ['debian-serv']} - {role: debian-serv, tags: ['debian-serv']}