hyperreal/ansible-homelab
1
0
Fork 0
mirror of https://codeberg.org/hyperreal/ansible-homelab synced 2024-11-25 11:23:42 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add debian-archive and update roles

Browse Source
This commit is contained in:
Jeffrey Serio 2023-06-10 16:52:27 -05:00
parent b301937c7d
commit 9f183c1984
12 changed files with 150 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
README.md
View File

@ -1,61 +0,0 @@
# ansible-homelab
I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
## Example
Initialize an instance:
``` shell
lxc init images:debian/12/cloud debian-mail --storage lxd-pool
```
Configure the instance with cloud-init:
```shell
lxc config set debian-mail cloud-init.user-data - <<- EOF
#cloud-config
users:
- name: debian
ssh_authorized_keys:
- ssh-ed25519 ...
sudo: 'ALL=(ALL) NOPASSWD: ALL'
lock_passwd: false
passwd: $6$rounds=4096$aVIiqgNjZRRxZXRa$rshJoBQ4gedhAmIT3kSvwxyw6AmD4ZYQFHrUMmgnH70F98yLrt7w3bO9bOy9tWHRK0X3TlC/dUnzDBla3Ti6H
packages:
- python3-dev
- ssh
EOF
```
The hashed password can be generated with the `mkpasswd` command, which, for some reason, is provided by the *whois* package on Ubuntu-based systems:
```shell
sudo apt install -y whois
mkpasswd --method=SHA-512 --rounds=4096
```
Copy and paste the result as the value of the passwd key in the cloud-config.
Start the instance, then check the cloud-init status:
```shell
lxc start debian-mail
lxc exec debian-mail -- cloud-init status --wait
```
Once that's done, you should be able to ssh directly to the debian user, and Ansible will be ready to run.
Add instance IP address to `hosts.ini`:
``` ini
[homelab]
10.227.115.42
```
Run the `setup.yml` playbook for all roles, or choose specific roles with `--tags`:
``` shell
ansible-playbook -i hosts.ini setup.yml -u debian -b
ansible-playbook -i hosts.ini setup.yml --tags debian-mail -u debian -b
```

86
README.org Normal file
View File

@ -0,0 +1,86 @@
* ansible-homelab
I use these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
** Example
Initialize an instance:
#+begin_src shell
lxc init images:debian/12/cloud debian-archive --storage lxd-pool
#+end_src
Configure the instance for cloud-init:
#+begin_src shell
lxc config set debian-archive cloud-init.user-data - <<- EOF
#cloud-config
users:
- name: debian
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
apt:
sources_list: |
deb http://deb.debian.org/debian $RELEASE main
deb http://deb.debian.org/debian $RELEASE-updates main
deb http://deb.debian.org/debian-security/ $RELEASE-security main
deb http://deb.debian.org/debian $RELEASE-backports
package_update: true
package_upgrade: true
packages:
- curl
- debian-keyring
- debsig-verify
- git
- nodejs
- npm
- notmuch
- offlineimap3
- pass
- python3-dev
- python3-pip
- ripgrep
- ssh
- wget
- xauth
- youtube-dl
rsyslog:
configs:
- content: "*.* @10.0.0.41:514"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
timezone: America/Chicago
EOF
#+end_src
Start the instance, then check the cloud-init status:
#+begin_src shell
lxc start debian-archive
lxc exec debian-archive -- cloud-init status --wait
#+end_src
SSH into the new instance to accept the host key:
#+begin_src shell
ssh debian@10.227.115.42
#+end_src
Once that's done, you should be able to SSH directly to the debian user, and Ansible will be ready to run.
Add the instance's IP address to hosts.ini:
#+begin_src yaml
[homelab]
10.227.115.42
#+end_src
Run the setup.yml playbook for all roles, or choose specific roles with --tags:
#+begin_src shell
ansible-playbook -i hosts.ini setup.yml -u debian -b
ansible-playbook -i hosts.ini setup.yml --tags debian-archive -u debian -b
#+end_src

8
cloud-init/debian-mail.yml → cloud-init/debian-archive.yml
View File

@ -15,14 +15,22 @@ apt:
package_update: true package_update: true
package_upgrade: true package_upgrade: true
packages: packages:
- curl
- debian-keyring - debian-keyring
- debsig-verify - debsig-verify
- git
- nodejs
- npm
- notmuch - notmuch
- offlineimap3 - offlineimap3
- pass - pass
- python3-dev - python3-dev
- python3-pip
- ripgrep
- ssh - ssh
- wget - wget
- xauth
- youtube-dl
rsyslog: rsyslog:
configs: configs:
- content: "*.* @10.0.0.41:514" - content: "*.* @10.0.0.41:514"

25
cloud-init/debian-borg.yml
View File

@ -1,25 +0,0 @@
#cloud-config
package_update: true
package_upgrade: true
packages:
- borgbackup
- borgmatic
- ssh
- rsync
- rsyslog
rsyslog:
configs:
- content: "*.* @10.0.0.41"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
runcmd:
- [ mkdir, -p, /borg ]
timezone: America/Chicago
users:
- name: root
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItZX/e12RMbdTov8HYLTLTiY0U08X8z73LXdlRMNkTZ jas@moonshadow
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXUMrnu1NPslYWRiWyvbYudwC32DW1Wb/btiuJ8yUPx root@moonshadow
lock_passwd: true

4
cloud-init/debian-serv.yml
View File

@ -8,7 +8,9 @@ apt:
package_update: true package_update: true
package_upgrade: true package_upgrade: true
packages: packages:
- acl
- apt-transport-https - apt-transport-https
- apt-utils
- build-essential - build-essential
- certbot - certbot
- curl - curl
@ -16,6 +18,8 @@ packages:
- debian-archive-keyring - debian-archive-keyring
- git - git
- golang - golang
- man-db
- manpages
- ssh - ssh
- python3-dev - python3-dev
- python3-pip - python3-pip

28
cloud-init/ubuntu-archivebox.yml
View File

@ -1,28 +0,0 @@
#cloud-config
package_update: true
package_upgrade: true
packages:
- curl
- git
- nodejs
- npm
- python3-dev
- python3-pip
- ripgrep
- wget
- xauth
- youtube-dl
users:
- name: archivebox
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
rsyslog:
configs:
- content: "*.* @10.0.0.41:514"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
timezone: America/Chicago

4
hosts.ini
View File

@ -1,3 +1,5 @@
[homelab] [homelab]
debian-mail debian-archive
debian-serv debian-serv
fedora-transmission
ubuntu-mastodon

0
roles/debian-mail/files/offlineimaprc → roles/debian-archive/files/offlineimaprc
View File

0
roles/debian-mail/files/pm-bridge-tty → roles/debian-archive/files/pm-bridge-tty
View File

33
roles/debian-mail/tasks/main.yml → roles/debian-archive/tasks/main.yml
View File

@ -121,6 +121,30 @@
name: offlineimap-oneshot.timer name: offlineimap-oneshot.timer
enabled: true enabled: true
- name: Create archivebox.service
ansible.builtin.blockinfile:
path: /etc/systemd/system/archivebox.service
create: true
block: |
[Unit]
Description=Archivebox server
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=simple
User=debian
Group=debian
ExecStart=/usr/local/bin/archivebox server 0.0.0.0:8000
WorkingDirectory=/home/debian/data
[Install]
WantedBy=multi-user.target
- name: Install Archivebox
ansible.builtin.shell:
cmd: sudo pip install archivebox --break-system-packages
- name: Message to Ansible user - name: Message to Ansible user
ansible.builtin.debug: ansible.builtin.debug:
msg: msg:
@ -129,6 +153,9 @@
- "Wait for the sync to finish." - "Wait for the sync to finish."
- "Copy SMTP password and add it to /home/debian/.offlineimaprc" - "Copy SMTP password and add it to /home/debian/.offlineimaprc"
- "Run 'notmuch setup'" - "Run 'notmuch setup'"
- "Run 'sudo systemctl enable --now pm-bridge-tty.service'" - "sudo systemctl enable --now pm-bridge-tty.service"
- "Run 'sudo systemctl start offlineimap-oneshot.service'" - "sudo systemctl start offlineimap-oneshot.service"
- "Run 'sudo systemctl enable offlineimap-oneshot.timer'" - "sudo systemctl enable offlineimap-oneshot.timer"
- "mkdir /home/debian/data"
- "cd /home/debian/data"
- "archivebox init"

17
roles/update/tasks/main.yml Normal file
View File

@ -0,0 +1,17 @@
---
# tasks file for update
- name: Update packages on all Debian/Ubuntu systems
ansible.builtin.apt:
upgrade: dist
update_cache: true
cache_valid_time: 3600
when:
- ansible_facts["os_family"] == "Debian"
- name: Update packages on Fedora systems
ansible.builtin.dnf:
name: "*"
state: latest
when:
- ansible_facts["distribution"] == "Fedora"

3
setup.yml
View File

@ -2,5 +2,6 @@
hosts: homelab hosts: homelab
roles: roles:
# Tag each role so that we can select individual roles to run with ansible-playbook --tags # Tag each role so that we can select individual roles to run with ansible-playbook --tags
- {role: debian-mail, tags: ['debian-mail']} - {role: update, tags: ['update']}
- {role: debian-archive, tags: ['debian-archive']}
- {role: debian-serv, tags: ['debian-serv']} - {role: debian-serv, tags: ['debian-serv']}