hyperreal/ansible-homelab
1
0
Fork 0
mirror of https://codeberg.org/hyperreal/ansible-homelab synced 2024-11-25 03:13:42 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove LXC stuff; Add new setup.yml and inventory.yml

Browse Source
This commit is contained in:
Jeffrey Serio 2024-06-18 23:28:08 -05:00
parent 486608c005
commit c9f6a41d60
15 changed files with 179 additions and 644 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
README.md
View File

@ -1,85 +0,0 @@
# ansible-homelab
I use(d) these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
## Example
``` bash
lxc init images:debian/12/cloud debian-archive --storage lxd-pool
```
Configure the instance for cloud-init:
``` bash
lxc config set debian-archive cloud-init.user-data - <<- EOF
#cloud-config
users:
- name: debian
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
apt:
sources_list: |
deb http://deb.debian.org/debian $RELEASE main
deb http://deb.debian.org/debian $RELEASE-updates main
deb http://deb.debian.org/debian-security/ $RELEASE-security main
deb http://deb.debian.org/debian $RELEASE-backports
package_update: true
package_upgrade: true
packages:
- curl
- debian-keyring
- debsig-verify
- git
- nodejs
- npm
- notmuch
- offlineimap3
- pass
- python3-dev
- python3-pip
- ripgrep
- ssh
- wget
- xauth
- youtube-dl
rsyslog:
configs:
- content: "*.* @10.0.0.41:514"
filename: 99-forward.conf
remotes:
moonshadow: 10.0.0.41
timezone: America/Chicago
EOF
```
Start the instance, then check the cloud-init status:
``` bash
lxc start debian-archive
lxc exec debian-archive -- cloud-init status --wait
```
SSH into the new instance to accept the host key:
``` bash
ssh debian@10.227.115.42
```
Once that's done, you should be able to SSH directly to the debian user, and Ansible will be ready to run.
Add the instance's IP address to hosts.ini:
``` yaml
[homelab]
10.227.115.42
```
Run the setup.yml playbook for all roles, or choose specific roles with --tags:
``` bash
ansible-playbook -i hosts.ini setup.yml -u debian -b
ansible-playbook -i hosts.ini setup.yml --tags debian-archive -u debian -b
```

40
cloud-init/debian-archive.yml
View File

@ -1,40 +0,0 @@
#cloud-config
users:
- name: debian
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
apt:
sources_list: |
deb http://deb.debian.org/debian $RELEASE main
deb http://deb.debian.org/debian $RELEASE-updates main
deb http://deb.debian.org/debian-security/ $RELEASE-security main
deb http://deb.debian.org/debian $RELEASE-backports
package_update: true
package_upgrade: true
packages:
- curl
- debian-keyring
- debsig-verify
- git
- nodejs
- npm
- notmuch
- offlineimap3
- pass
- python3-dev
- python3-pip
- ripgrep
- ssh
- wget
- xauth
- youtube-dl
rsyslog:
configs:
- content: "*.* @10.0.0.27:514"
filename: 99-forward.conf
remotes:
logs: 10.0.0.27
timezone: America/Chicago

41
cloud-init/debian-serv.yml
View File

@ -1,41 +0,0 @@
#cloud-config
apt:
sources_list: |
deb http://deb.debian.org/debian $RELEASE main
deb http://deb.debian.org/debian $RELEASE-updates main
deb http://deb.debian.org/debian-security/ $RELEASE-security main
deb http://deb.debian.org/debian $RELEASE-backports main
package_update: true
package_upgrade: true
packages:
- acl
- apt-transport-https
- apt-utils
- build-essential
- certbot
- curl
- debian-keyring
- debian-archive-keyring
- git
- golang
- man-db
- manpages
- ssh
- python3-dev
- python3-pip
- rsync
- wget
users:
- name: debian
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
rsyslog:
configs:
- content: "*.* @10.0.0.27:514"
filename: 99-forward.conf
remotes:
logs: 10.0.0.27
timezone: America/Chicago

54
cloud-init/fedora-mastodon.yml
View File

@ -1,54 +0,0 @@
#cloud-config
yum_repos:
tailscale-stable:
name: Tailscale stable
baseurl: https://pkgs.tailscale.com/stable/fedora/x86_64
enabled: true
type: rpm
repo_gpgcheck: true
gpgcheck: false
gpgkey: https://pkgs.tailscale.com/stable/fedora/repo.gpg
caddy:
name: Copr repo for caddy owned by @caddy
baseurl: https://download.copr.fedorainfracloud.org/results/@caddy/caddy/fedora-38-x86_64/
type: rpm-md
skip_if_unavailable: true
gpgcheck: true
gpgkey: https://download.copr.fedorainfracloud.org/results/@caddy/caddy/pubkey.gpg
repo_gpgcheck: 0
enabled: true
enabled_metadata: 1
package_update: true
package_upgrade: true
packages:
- '@c-development'
- '@development-tools'
- curl
- dnf-automatic
- git
- golang
- python3-devel
- python3-pip
- rsync
- openssh
- wget
- caddy
- vim
- tailscale
users:
- name: fedora
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@nexus.local
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPnZBvorp/NDi5MNmrBqeSTnY3sNiZVNPF91dORH94Y jas@evergloam
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
rsyslog:
configs:
- content: "*.* @10.0.0.27:514"
filename: 99-forward.conf
remotes:
logs: 10.0.0.27
timezone: America/Chicago
runcmd:
- printf "fastestmirror=True\ndeltarpm=True\nmax_parallel_downloads=10\n" | tee -a /etc/dnf/dnf.conf

63
cloud-init/fedora-serv.yml
View File

@ -1,63 +0,0 @@
#cloud-config
yum_repos:
tailscale-stable:
name: Tailscale stable
baseurl: https://pkgs.tailscale.com/stable/fedora/x86_64
enabled: true
type: rpm
repo_gpgcheck: true
gpgcheck: false
gpgkey: https://pkgs.tailscale.com/stable/fedora/repo.gpg
charm:
name: Charm
baseurl: https://repo.charm.sh/yum/
enabled: true
gpgcheck: true
gpgkey: https://repo.charm.sh/yum/gpg.key
caddy:
name: Copr repo for caddy owned by @caddy
baseurl: https://download.copr.fedorainfracloud.org/results/@caddy/caddy/fedora-38-x86_64/
type: rpm-md
skip_if_unavailable: true
gpgcheck: true
gpgkey: https://download.copr.fedorainfracloud.org/results/@caddy/caddy/pubkey.gpg
repo_gpgcheck: 0
enabled: true
enabled_metadata: 1
package_update: true
package_upgrade: true
packages:
- '@c-development'
- '@development-tools'
- certbot
- curl
- dnf-automatic
- git
- golang
- python3-devel
- python3-pip
- rsync
- openssh
- wget
- caddy
- soft-serve
- vim
- tailscale
users:
- name: fedora
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@nexus.local
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItZX/e12RMbdTov8HYLTLTiY0U08X8z73LXdlRMNkTZ jas@moonshadow
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPnZBvorp/NDi5MNmrBqeSTnY3sNiZVNPF91dORH94Y jas@evergloam
sudo: 'ALL=(ALL) NOPASSWD: ALL'
shell: /bin/bash
lock_passwd: true
rsyslog:
configs:
- content: "*.* @10.0.0.27:514"
filename: 99-forward.conf
remotes:
logs: 10.0.0.27
timezone: America/Chicago
runcmd:
- printf "fastestmirror=True\ndeltarpm=True\nmax_parallel_downloads=10\n" | tee -a /etc/dnf/dnf.conf

5
hosts.ini
View File

@ -1,5 +0,0 @@
[homelab]
debian-archive
debian-serv
fedora-transmission
ubuntu-mastodon

15
inventory.yml Normal file
View File

@ -0,0 +1,15 @@
---
homelab:
hosts:
pi0:
ansible_user: dietpi
ansible_host: 10.0.0.10
ansible_python_interpreter: /usr/bin/python3
pi1:
ansible_user: dietpi
ansible_host: 10.0.0.11
ansible_python_interpreter: /usr/bin/python3
pi2:
ansible_user: dietpi
ansible_host: 10.0.0.12
ansible_python_interpreter: /usr/bin/python3

25
roles/debian-archive/files/offlineimaprc
View File

@ -1,25 +0,0 @@
[general]
accounts = protonmail
metadata = /home/debian/.offlineimap-metadata
[Account protonmail]
localrepository = protonmail-local
remoterepository = protonmail-remote
autorefresh = 1
postsynchook = notmuch new
[Repository protonmail-local]
type = Maildir
localfolders = /home/debian/mail
sync_deletes = no
[Repository protonmail-remote]
type = IMAP
remoteuser = hyperreal64@pm.me
remotepass =
remotehost = 127.0.0.1
remoteport = 1143
ssl = no
starttls = no
expunge = yes
readonly = True

37
roles/debian-archive/files/pm-bridge-tty
View File

@ -1,37 +0,0 @@
#!/usr/bin/env bash
#
# This script must be run as the same user running offlineimap, which is
# preferably a non-privileged user.
#
# This script should be daemonized (forked to bg) or used as the value of
# the ExecStart= directive in a systemd service file.
set -exo pipefail
# If "init" is supplied as arg $1, initialize the bridge.
if [[ "$1" == "init" ]]; then
# Initialize pass
gpg --generate-key --batch <<EOF
%no-protection
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 2048
Name-Real: pass-key
Expire-Date: 0
%commit
%echo done
EOF
pass init pass-key
# Kill other instance of protonmail-bridge as only one can be running at a
# time.
pkill protonmail-bridge || true
# Login
protonmail-bridge --cli "$@"
else
# Start protonmail-bridge in a fake tty, so it does not quit because of EOF.
rm -f /tmp/faketty
mkfifo /tmp/faketty
cat /tmp/faketty | protonmail-bridge --cli "$@"
fi

161
roles/debian-archive/tasks/main.yml
View File

@ -1,161 +0,0 @@
---
# tasks file for debian-mail
- name: Install vimrc
ansible.builtin.import_role:
name: vimrc
vars:
user: "debian"
- name: Fetch bridge_pubkey.gpg
ansible.builtin.get_url:
url: https://proton.me/download/bridge/bridge_pubkey.gpg
dest: /tmp/bridge_pubkey.gpg
- name: Sign bridge_pubkey.gpg
ansible.builtin.shell:
cmd: rm -f debsig.gpg && gpg --dearmor --output debsig.gpg bridge_pubkey.gpg
chdir: /tmp
- name: Create keyring directory
ansible.builtin.file:
path: /usr/share/debsig/keyrings/E2C75D68E6234B07
state: directory
recurse: true
- name: Move debsig.gpg to keyring directory
ansible.builtin.copy:
src: /tmp/debsig.gpg
dest: /usr/share/debsig/keyrings/E2C75D68E6234B07
remote_src: true
- name: Create policy directory
ansible.builtin.file:
path: /etc/debsig/policies/E2C75D68E6234B07
state: directory
recurse: true
- name: Fetch and install the policy file
ansible.builtin.get_url:
url: https://proton.me/download/bridge/bridge.pol
dest: /etc/debsig/policies/E2C75D68E6234B07//bridge.pol
- name: Fetch protonmail-bridge DEB package
ansible.builtin.get_url:
url: https://proton.me/download/bridge/protonmail-bridge_3.2.0-1_amd64.deb
dest: /tmp/protonmail-bridge_3.2.0-1_amd64.deb
- name: Verify the signature on the protonmail-bridge package file
ansible.builtin.shell:
cmd: debsig-verify protonmail-bridge_3.2.0-1_amd64.deb
chdir: /tmp
register: debsig_output
failed_when: '"Verified package" not in debsig_output.stdout or debsig_output.rc != 0'
- name: Install protonmail-bridge_3.2.0-1_amd64.deb
ansible.builtin.apt:
deb: /tmp/protonmail-bridge_3.2.0-1_amd64.deb
- name: Copy systemd unit files for offlineimap
ansible.builtin.copy:
src: /usr/share/doc/offlineimap3/examples/systemd/offlineimap-oneshot.service
dest: /etc/systemd/system/offlineimap-oneshot.service
remote_src: true
- name: Change running user and group to debian for offlineimap-oneshot.service
ansible.builtin.blockinfile:
path: /etc/systemd/system/offlineimap-oneshot.service
insertafter: "Type=oneshot"
block: |
User=debian
Group=debian
- name: Create offlineimap-oneshot.timer
ansible.builtin.blockinfile:
path: /etc/systemd/system/offlineimap-oneshot.timer
create: true
block: |
[Unit]
Description=Offlineimap Query Timer
[Timer]
OnCalendar=daily
[Install]
WantedBy=default.target
- name: Create pm-bridge-tty.service
ansible.builtin.blockinfile:
path: /etc/systemd/system/pm-bridge-tty.service
create: true
block: |
[Unit]
Description=faketty service for protonmail-bridge
[Service]
Type=simple
User=debian
Group=debian
ExecStart=/usr/local/bin/pm-bridge-tty
[Install]
WantedBy=multi-user.target
- name: Copy offlineimaprc for debian
ansible.builtin.copy:
src: files/offlineimaprc
dest: /home/debian/.offlineimaprc
owner: debian
group: debian
- name: Copy protonmail-bridge faketty script
ansible.builtin.copy:
src: files/pm-bridge-tty
dest: /usr/local/bin/pm-bridge-tty
owner: root
group: root
mode: u=rwx,g=rx,o=rx
- name: Enable offlineimap systemd timer
ansible.builtin.systemd:
name: offlineimap-oneshot.timer
enabled: true
- name: Create archivebox.service
ansible.builtin.blockinfile:
path: /etc/systemd/system/archivebox.service
create: true
block: |
[Unit]
Description=Archivebox server
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=simple
User=debian
Group=debian
ExecStart=/usr/local/bin/archivebox server 0.0.0.0:8000
WorkingDirectory=/home/debian/data
[Install]
WantedBy=multi-user.target
- name: Install Archivebox
ansible.builtin.shell:
cmd: sudo pip install archivebox --break-system-packages
- name: Message to Ansible user
ansible.builtin.debug:
msg:
- "Run 'pm-bridge-tty init' to initialize the bridge."
- "Login to Proton Mail with your user credentials."
- "Wait for the sync to finish."
- "Copy SMTP password and add it to /home/debian/.offlineimaprc"
- "Run 'notmuch setup'"
- "sudo systemctl enable --now pm-bridge-tty.service"
- "sudo systemctl start offlineimap-oneshot.service"
- "sudo systemctl enable offlineimap-oneshot.timer"
- "mkdir /home/debian/data"
- "cd /home/debian/data"
- "archivebox init"

7
roles/debian-serv/defaults/main.yml
View File

@ -1,7 +0,0 @@
---
# defaults file for debian-serv
caddy_pubkey_url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
caddy_sources_url: https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt
tailscale_pubkey_url: https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg
tailscale_sources_url: https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list

80
roles/debian-serv/tasks/main.yml
View File

@ -1,80 +0,0 @@
---
# tasks file for debian-serv
- name: Install vimrc
ansible.builtin.import_role:
name: vimrc
vars:
user: "debian"
- name: Fetch Caddy pubkey
ansible.builtin.get_url:
url: "{{ caddy_pubkey_url }}"
dest: /tmp/gpg.key
- name: Sign Caddy pubkey
ansible.builtin.shell:
cmd: gpg --dearmor -o caddy-stable-archive-keyring.gpg gpg.key && rm -f gpg.key
chdir: /tmp
- name: Copy signed key to /usr/share/keyrings/caddy-stable-archive-keyring.gpg
ansible.builtin.copy:
src: /tmp/caddy-stable-archive-keyring.gpg
dest: /usr/share/keyrings/caddy-stable-archive-keyring.gpg
remote_src: true
- name: Fetch Caddy sources.list
ansible.builtin.get_url:
url: "{{ caddy_sources_url }}"
dest: /etc/apt/sources.list.d/caddy-stable.list
- name: Fetch Tailscale pubkey
ansible.builtin.get_url:
url: "{{ tailscale_pubkey_url }}"
dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
- name: Fetch Tailscale sources.list
ansible.builtin.get_url:
url: "{{ tailscale_sources_url }}"
dest: /etc/apt/sources.list.d/tailscale.list
- name: Install Caddy and Tailscale
ansible.builtin.apt:
pkg:
- caddy
- tailscale
update_cache: true
- name: Fetch molly-brown repo
ansible.builtin.git:
repo: https://tildegit.org/solderpunk/molly-brown.git
dest: /tmp/molly-brown
- name: Build molly-brown binary with Go
ansible.builtin.shell:
cmd: go build
chdir: /tmp/molly-brown
- name: Copy molly-brown binary to /usr/local/bin
ansible.builtin.copy:
src: /tmp/molly-brown/molly-brown
dest: /usr/local/bin/molly-brown
remote_src: true
- name: Copy molly-brown.service for systemd
ansible.builtin.copy:
src: /tmp/molly-brown/contrib/init/molly-brown.service.example
dest: /etc/systemd/system/molly-brown.service
remote_src: true
- name: Set User directive in molly-brown.service
ansible.builtin.lineinfile:
path: /etc/systemd/system/molly-brown.service
search_string: "User=molly"
line: "User={{ ansible_user }}"
- name: Set Group directive in molly-brown.service
ansible.builtin.lineinfile:
path: /etc/systemd/system/molly-brown.service
insertafter: '^User'
line: "Group={{ ansible_user }}"

17
roles/update/tasks/main.yml
View File

@ -1,17 +0,0 @@
---
# tasks file for update
- name: Update packages on all Debian/Ubuntu systems
ansible.builtin.apt:
upgrade: dist
update_cache: true
cache_valid_time: 3600
when:
- ansible_facts["os_family"] == "Debian"
- name: Update packages on Fedora systems
ansible.builtin.dnf:
name: "*"
state: latest
when:
- ansible_facts["distribution"] == "Fedora"

23
roles/vimrc/tasks/main.yml
View File

@ -1,23 +0,0 @@
---
# tasks file for vimrc
- name: Clone vimrc gist
ansible.builtin.git:
repo: https://gist.github.com/90c3b2fcc9d70cf06e9f3660e0d15a48.git
dest: /tmp/vimrc
- name: Copy vimrc to /root/.vimrc
ansible.builtin.copy:
src: /tmp/vimrc/.vimrc
dest: /root/.vimrc
remote_src: true
owner: root
group: root
- name: Copy vimrc to /home/{{ user }}/.vimrc
ansible.builtin.copy:
src: /tmp/vimrc/.vimrc
dest: "/home/{{ user }}/.vimrc"
remote_src: true
owner: "{{ user }}"
group: "{{ user }}"

170
setup.yml
View File

@ -1,7 +1,165 @@
- name: Setup homelab LXC containers
---
- name: Setup homelab basics for DietPi systems
hosts: homelab
roles:
# Tag each role so that we can select individual roles to run with ansible-playbook --tags
- {role: update, tags: ['update']}
- {role: debian-archive, tags: ['debian-archive']}
- {role: debian-serv, tags: ['debian-serv']}
become: true
tasks:
- name: Update apt cache
ansible.builtin.apt:
cache_valid_time: 1200
- name: Update cache and all packages
register: updatesys
ansible.builtin.apt:
upgrade: dist
update_cache: true
- name: Display the last line of the previous task to check the stats
ansible.builtin.debug:
msg: "{{updatesys.stdout_lines|last}}"
- name: Install basic packages
ansible.builtin.apt:
update_cache: true
name:
- apt-file
- apt-listchanges
- apt-utils
- atop
- autoconf
- automake
- build-essential
- byobu
- clamav
- clamav-daemon
- clamav-freshclam
- cmake
- curl
- firewalld
- git
- glances
- htop
- httpie
- ifplugd
- iotop
- less
- libpam-systemd
- lynis
- man-db
- manpages
- nfs-common
- nmon
- pipx
- python3-dev
- python3-pip
- rkhunter
- rsync
- unattended-upgrades
- vim
- wget
- zsh
state: present
- name: Unmask systemd-logind
ansible.builtin.systemd_service:
name: systemd-logind
enabled: true
masked: no
- name: Configure ifplugd for eth0 interface
ansible.builtin.lineinfile:
path: /etc/default/ifplugd
search_string: "INTERFACES="
line: 'INTERFACES="eth0"'
owner: root
group: root
mode: "0644"
- name: Ensure ifplugd service is enabled
ansible.builtin.systemd_service:
name: ifplugd
enabled: true
- name: Ensure systemd-networkd is enabled
ansible.builtin.systemd_service:
name: systemd-networkd
enabled: true
- name: Ensure clamav-daemon is enabled
ansible.builtin.systemd_service:
name: clamav-daemon
enabled: true
- name: Ensure clamav-freshclam is enabled
ansible.builtin.systemd_service:
name: clamav-freshclam
enabled: true
- name: Ensure man-db.timer is enabled
ansible.builtin.systemd_service:
name: man-db.timer
enabled: true
- name: Configure systemd-networkd for eth0 interface
ansible.builtin.blockinfile:
path: /etc/systemd/network/eth0.network
create: true
block: |
[Match]
Name=eth0
[Network]
DHCP=yes
owner: root
group: root
mode: "0644"
- name: Configure unattended-upgrades mail user
ansible.builtin.lineinfile:
path: /etc/apt/apt.conf.d/50unattended-upgrades
search_string: "//Unattended-Upgrade::Mail"
line: 'Unattended-Upgrade::Mail "dietpi";'
owner: root
group: root
mode: "0644"
- name: Configure unattended-upgrades automatic reboot
ansible.builtin.lineinfile:
path: /etc/apt/apt.conf.d/50unattended-upgrades
search_string: "//Unattended-Upgrade::Automatic-Reboot"
line: 'Unattended-Upgrade::Automatic-Reboot "true";'
owner: root
group: root
mode: "0644"
- name: Disable apt downloading translations
ansible.builtin.lineinfile:
path: /etc/apt/apt.conf.d/99translations
create: true
line: 'Acquire::Languages "none";'
owner: root
group: root
mode: "0644"
- name: Set the shell to zsh for dietpi user
ansible.builtin.user:
name: dietpi
shell: /usr/bin/zsh
- name: Check if reboot is required
ansible.builtin.stat:
path: /var/run/reboot-required
register: reboot_required
- name: Set is_reboot_required fact
ansible.builtin.set_fact:
is_reboot_required: "{{ True if reboot_required.stat.exists else False }}"
- name: Reboot is needed
ansible.builtin.reboot:
reboot_timeout: 120
when: is_reboot_required | bool
- name: Post-reboot confirmation
ansible.builtin.debug:
msg: "{{ ansible_host }} is now back up and running"
when: is_reboot_required | bool