Add cloud-init configs

cloud-init/debian-borg.yml

@@ -0,0 +1,25 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+packages:
+  - borgbackup
+  - borgmatic
+  - ssh
+  - rsync
+  - rsyslog
+rsyslog:
+  configs:
+    - content: "*.* @10.0.0.41"
+      filename: 99-forward.conf
+  remotes:
+    moonshadow: 10.0.0.41
+runcmd:
+  - [ mkdir, -p, /borg ]
+timezone: America/Chicago
+users:
+  - name: root
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItZX/e12RMbdTov8HYLTLTiY0U08X8z73LXdlRMNkTZ jas@moonshadow
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXUMrnu1NPslYWRiWyvbYudwC32DW1Wb/btiuJ8yUPx root@moonshadow
+    lock_passwd: true

cloud-init/debian-mail.yml

@@ -30,4 +30,8 @@ rsyslog:
   remotes:
     moonshadow: 10.0.0.41
 timezone: America/Chicago
-      
+runcmd:
+  - [ git, clone, https://gist.github.com/90c3b2fcc9d70cf06e9f3660e0d15a48.git, /tmp/vimrc ]
+  - [ cp, /tmp/vimrc/.vimrc, /root/.vimrc ]
+  - [ cp, /tmp/vimrc/.vimrc, /home/debian/.vimrc ]
+  - [ chown, debian:debian, /home/debian/.vimrc ]

cloud-init/debian-serv.yml

@@ -0,0 +1,37 @@
+#cloud-config
+apt:
+  sources_list: |
+    deb http://deb.debian.org/debian $RELEASE main
+    deb http://deb.debian.org/debian $RELEASE-updates main
+    deb http://deb.debian.org/debian-security/ $RELEASE-security main
+    deb http://deb.debian.org/debian $RELEASE-backports main
+package_update: true
+package_upgrade: true
+packages:
+  - apt-transport-https
+  - build-essential
+  - certbot
+  - curl
+  - debian-keyring
+  - debian-archive-keyring
+  - git
+  - golang
+  - ssh
+  - python3-dev
+  - python3-pip
+  - rsync
+  - wget
+users:
+  - name: debian
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
+    sudo: 'ALL=(ALL) NOPASSWD: ALL'
+    shell: /bin/bash
+    lock_passwd: true
+rsyslog:
+  configs:
+    - content: "*.* @10.0.0.41:514"
+      filename: 99-forward.conf
+  remotes:
+    moonshadow: 10.0.0.41
+timezone: America/Chicago

cloud-init/fedora-transmission.yml

@@ -0,0 +1,15 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+packages:
+  - curl
+  - less
+  - rsyslog
+  - transmission-daemon
+rsyslog:
+  configs:
+    - content: "*.* @10.0.0.41:514"
+      filename: 99-forward.conf
+  remotes:
+    moonshadow: 10.0.0.41
+timezone: America/Chicago

cloud-init/ubuntu-archivebox.yml

@@ -0,0 +1,33 @@
+#cloud-config
+package_update: true
+package_upgrade: true
+packages:
+  - curl
+  - git
+  - nodejs
+  - npm
+  - python3-dev
+  - python3-pip
+  - ripgrep
+  - wget
+  - xauth
+  - youtube-dl
+users:
+  - name: archivebox
+    ssh_authorized_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
+    sudo: 'ALL=(ALL) NOPASSWD: ALL'
+    shell: /bin/bash
+    lock_passwd: true
+rsyslog:
+  configs:
+    - content: "*.* @10.0.0.41:514"
+      filename: 99-forward.conf
+  remotes:
+    moonshadow: 10.0.0.41
+timezone: America/Chicago
+runcmd:
+  - [ git, clone, https://gist.github.com/90c3b2fcc9d70cf06e9f3660e0d15a48.git, /tmp/vimrc ]
+  - [ cp, /tmp/vimrc/.vimrc, /root/.vimrc ]
+  - [ cp, /tmp/vimrc/.vimrc, /home/archivebox/.vimrc ]
+  - [ chown, archivebox:archivebox, /home/archivebox/.vimrc ]

hosts.ini

@@ -1,2 +1,3 @@
 [homelab]
 debian-mail
+debian-serv

roles/debian-serv/defaults/main.yml

@@ -0,0 +1,8 @@
+---
+# defaults file for debian-serv
+
+vimrc_gist_url: https://gist.github.com/90c3b2fcc9d70cf06e9f3660e0d15a48.git
+caddy_pubkey_url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
+caddy_sources_url: https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt
+tailscale_pubkey_url: https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg
+tailscale_sources_url: https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list

roles/debian-serv/tasks/main.yml

@@ -0,0 +1,61 @@
+---
+# tasks file for debian-serv
+
+- name: Clone vimrc gist
+  ansible.builtin.git:
+    repo: "{{ vimrc_gist_url }}"
+    dest: /tmp/vimrc
+
+- name: Copy vimrc to /root/.vimrc
+  ansible.builtin.copy:
+    src: /tmp/vimrc/.vimrc
+    dest: /root/.vimrc
+    remote_src: true
+    owner: root
+    group: root
+
+- name: Copy vimrc to /home/debian/.vimrc
+  ansible.builtin.copy:
+    src: /tmp/vimrc/.vimrc
+    dest: /home/debian/.vimrc
+    remote_src: true
+    owner: debian
+    group: debian
+
+- name: Fetch Caddy pubkey
+  ansible.builtin.get_url:
+    url: "{{ caddy_pubkey_url }}"
+    dest: /tmp/gpg.key
+
+- name: Sign Caddy pubkey
+  ansible.builtin.shell:
+    cmd: gpg --dearmor -o caddy-stable-archive-keyring.gpg gpg.key && rm -f gpg.key
+    chdir: /tmp
+
+- name: Copy signed key to /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+  ansible.builtin.copy:
+    src: /tmp/caddy-stable-archive-keyring.gpg
+    dest: /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+    remote_src: true
+
+- name: Fetch Caddy sources.list
+  ansible.builtin.get_url:
+    url: "{{ caddy_sources_url }}"
+    dest: /etc/apt/sources.list.d/caddy-stable.list
+
+- name: Fetch Tailscale pubkey
+  ansible.builtin.get_url:
+    url: "{{ tailscale_pubkey_url }}"
+    dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
+
+- name: Fetch Tailscale sources.list
+  ansible.builtin.get_url:
+    url: "{{ tailscale_sources_url }}"
+    dest: /etc/apt/sources.list.d/tailscale.list
+
+- name: Install Caddy and Tailscale
+  ansible.builtin.apt:
+    pkg:
+      - caddy
+      - tailscale
+    update_cache: true

setup.yml

@@ -3,3 +3,4 @@
   roles:
     # Tag each role so that we can select individual roles to run with ansible-playbook --tags
     - {role: debian-mail, tags: ['debian-mail']}
+    - {role: debian-serv, tags: ['debian-serv']}