Add cloud-init configs

This commit is contained in:
Jeffrey Serio 2023-06-04 09:17:58 -05:00
parent 787c160256
commit af258ddef6
9 changed files with 186 additions and 1 deletions

View File

@ -0,0 +1,25 @@
#cloud-config
package_update: true
package_upgrade: true
packages:
- borgbackup
- borgmatic
- ssh
- rsync
- rsyslog
rsyslog:
configs:
- content: "*.* @10.0.0.41"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
runcmd:
- [ mkdir, -p, /borg ]
timezone: America/Chicago
users:
- name: root
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItZX/e12RMbdTov8HYLTLTiY0U08X8z73LXdlRMNkTZ jas@moonshadow
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXUMrnu1NPslYWRiWyvbYudwC32DW1Wb/btiuJ8yUPx root@moonshadow
lock_passwd: true

View File

@ -30,4 +30,8 @@ rsyslog:
remotes: remotes:
moonshadow: 10.0.0.41 moonshadow: 10.0.0.41
timezone: America/Chicago timezone: America/Chicago
runcmd:
- [ git, clone, https://gist.github.com/90c3b2fcc9d70cf06e9f3660e0d15a48.git, /tmp/vimrc ]
- [ cp, /tmp/vimrc/.vimrc, /root/.vimrc ]
- [ cp, /tmp/vimrc/.vimrc, /home/debian/.vimrc ]
- [ chown, debian:debian, /home/debian/.vimrc ]

View File

@ -0,0 +1,37 @@
#cloud-config
apt:
sources_list: |
deb http://deb.debian.org/debian $RELEASE main
deb http://deb.debian.org/debian $RELEASE-updates main
deb http://deb.debian.org/debian-security/ $RELEASE-security main
deb http://deb.debian.org/debian $RELEASE-backports main
package_update: true
package_upgrade: true
packages:
- apt-transport-https
- build-essential
- certbot
- curl
- debian-keyring
- debian-archive-keyring
- git
- golang
- ssh
- python3-dev
- python3-pip
- rsync
- wget
users:
- name: debian
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
rsyslog:
configs:
- content: "*.* @10.0.0.41:514"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
timezone: America/Chicago

View File

@ -0,0 +1,15 @@
#cloud-config
package_update: true
package_upgrade: true
packages:
- curl
- less
- rsyslog
- transmission-daemon
rsyslog:
configs:
- content: "*.* @10.0.0.41:514"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
timezone: America/Chicago

View File

@ -0,0 +1,33 @@
#cloud-config
package_update: true
package_upgrade: true
packages:
- curl
- git
- nodejs
- npm
- python3-dev
- python3-pip
- ripgrep
- wget
- xauth
- youtube-dl
users:
- name: archivebox
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
rsyslog:
configs:
- content: "*.* @10.0.0.41:514"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
timezone: America/Chicago
runcmd:
- [ git, clone, https://gist.github.com/90c3b2fcc9d70cf06e9f3660e0d15a48.git, /tmp/vimrc ]
- [ cp, /tmp/vimrc/.vimrc, /root/.vimrc ]
- [ cp, /tmp/vimrc/.vimrc, /home/archivebox/.vimrc ]
- [ chown, archivebox:archivebox, /home/archivebox/.vimrc ]

View File

@ -1,2 +1,3 @@
[homelab] [homelab]
debian-mail debian-mail
debian-serv

View File

@ -0,0 +1,8 @@
---
# defaults file for debian-serv
vimrc_gist_url: https://gist.github.com/90c3b2fcc9d70cf06e9f3660e0d15a48.git
caddy_pubkey_url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
caddy_sources_url: https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt
tailscale_pubkey_url: https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg
tailscale_sources_url: https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list

View File

@ -0,0 +1,61 @@
---
# tasks file for debian-serv
- name: Clone vimrc gist
ansible.builtin.git:
repo: "{{ vimrc_gist_url }}"
dest: /tmp/vimrc
- name: Copy vimrc to /root/.vimrc
ansible.builtin.copy:
src: /tmp/vimrc/.vimrc
dest: /root/.vimrc
remote_src: true
owner: root
group: root
- name: Copy vimrc to /home/debian/.vimrc
ansible.builtin.copy:
src: /tmp/vimrc/.vimrc
dest: /home/debian/.vimrc
remote_src: true
owner: debian
group: debian
- name: Fetch Caddy pubkey
ansible.builtin.get_url:
url: "{{ caddy_pubkey_url }}"
dest: /tmp/gpg.key
- name: Sign Caddy pubkey
ansible.builtin.shell:
cmd: gpg --dearmor -o caddy-stable-archive-keyring.gpg gpg.key && rm -f gpg.key
chdir: /tmp
- name: Copy signed key to /usr/share/keyrings/caddy-stable-archive-keyring.gpg
ansible.builtin.copy:
src: /tmp/caddy-stable-archive-keyring.gpg
dest: /usr/share/keyrings/caddy-stable-archive-keyring.gpg
remote_src: true
- name: Fetch Caddy sources.list
ansible.builtin.get_url:
url: "{{ caddy_sources_url }}"
dest: /etc/apt/sources.list.d/caddy-stable.list
- name: Fetch Tailscale pubkey
ansible.builtin.get_url:
url: "{{ tailscale_pubkey_url }}"
dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
- name: Fetch Tailscale sources.list
ansible.builtin.get_url:
url: "{{ tailscale_sources_url }}"
dest: /etc/apt/sources.list.d/tailscale.list
- name: Install Caddy and Tailscale
ansible.builtin.apt:
pkg:
- caddy
- tailscale
update_cache: true

View File

@ -3,3 +3,4 @@
roles: roles:
# Tag each role so that we can select individual roles to run with ansible-playbook --tags # Tag each role so that we can select individual roles to run with ansible-playbook --tags
- {role: debian-mail, tags: ['debian-mail']} - {role: debian-mail, tags: ['debian-mail']}
- {role: debian-serv, tags: ['debian-serv']}