mirror of
https://codeberg.org/hyperreal/ansible-homelab
synced 2024-11-25 11:23:42 +01:00
Remove LXC stuff; Add new setup.yml and inventory.yml
This commit is contained in:
parent
486608c005
commit
c9f6a41d60
85
README.md
85
README.md
@ -1,85 +0,0 @@
|
||||
# ansible-homelab
|
||||
|
||||
I use(d) these roles to automate the setup of my LXC homelab. They are highly tailored to my use-case and would require substantial review and editing for anyone else to use them.
|
||||
|
||||
## Example
|
||||
|
||||
``` bash
|
||||
lxc init images:debian/12/cloud debian-archive --storage lxd-pool
|
||||
```
|
||||
|
||||
Configure the instance for cloud-init:
|
||||
|
||||
``` bash
|
||||
lxc config set debian-archive cloud-init.user-data - <<- EOF
|
||||
#cloud-config
|
||||
users:
|
||||
- name: debian
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
|
||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
||||
shell: /bin/bash
|
||||
lock_passwd: true
|
||||
apt:
|
||||
sources_list: |
|
||||
deb http://deb.debian.org/debian $RELEASE main
|
||||
deb http://deb.debian.org/debian $RELEASE-updates main
|
||||
deb http://deb.debian.org/debian-security/ $RELEASE-security main
|
||||
deb http://deb.debian.org/debian $RELEASE-backports
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- curl
|
||||
- debian-keyring
|
||||
- debsig-verify
|
||||
- git
|
||||
- nodejs
|
||||
- npm
|
||||
- notmuch
|
||||
- offlineimap3
|
||||
- pass
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- ripgrep
|
||||
- ssh
|
||||
- wget
|
||||
- xauth
|
||||
- youtube-dl
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.41:514"
|
||||
filename: 99-forward.conf
|
||||
remotes:
|
||||
moonshadow: 10.0.0.41
|
||||
timezone: America/Chicago
|
||||
EOF
|
||||
```
|
||||
|
||||
Start the instance, then check the cloud-init status:
|
||||
|
||||
``` bash
|
||||
lxc start debian-archive
|
||||
lxc exec debian-archive -- cloud-init status --wait
|
||||
```
|
||||
|
||||
SSH into the new instance to accept the host key:
|
||||
|
||||
``` bash
|
||||
ssh debian@10.227.115.42
|
||||
```
|
||||
|
||||
Once that's done, you should be able to SSH directly to the debian user, and Ansible will be ready to run.
|
||||
|
||||
Add the instance's IP address to hosts.ini:
|
||||
|
||||
``` yaml
|
||||
[homelab]
|
||||
10.227.115.42
|
||||
```
|
||||
|
||||
Run the setup.yml playbook for all roles, or choose specific roles with --tags:
|
||||
|
||||
``` bash
|
||||
ansible-playbook -i hosts.ini setup.yml -u debian -b
|
||||
ansible-playbook -i hosts.ini setup.yml --tags debian-archive -u debian -b
|
||||
```
|
@ -1,40 +0,0 @@
|
||||
#cloud-config
|
||||
users:
|
||||
- name: debian
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
|
||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
||||
shell: /bin/bash
|
||||
lock_passwd: true
|
||||
apt:
|
||||
sources_list: |
|
||||
deb http://deb.debian.org/debian $RELEASE main
|
||||
deb http://deb.debian.org/debian $RELEASE-updates main
|
||||
deb http://deb.debian.org/debian-security/ $RELEASE-security main
|
||||
deb http://deb.debian.org/debian $RELEASE-backports
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- curl
|
||||
- debian-keyring
|
||||
- debsig-verify
|
||||
- git
|
||||
- nodejs
|
||||
- npm
|
||||
- notmuch
|
||||
- offlineimap3
|
||||
- pass
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- ripgrep
|
||||
- ssh
|
||||
- wget
|
||||
- xauth
|
||||
- youtube-dl
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.27:514"
|
||||
filename: 99-forward.conf
|
||||
remotes:
|
||||
logs: 10.0.0.27
|
||||
timezone: America/Chicago
|
@ -1,41 +0,0 @@
|
||||
#cloud-config
|
||||
apt:
|
||||
sources_list: |
|
||||
deb http://deb.debian.org/debian $RELEASE main
|
||||
deb http://deb.debian.org/debian $RELEASE-updates main
|
||||
deb http://deb.debian.org/debian-security/ $RELEASE-security main
|
||||
deb http://deb.debian.org/debian $RELEASE-backports main
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- acl
|
||||
- apt-transport-https
|
||||
- apt-utils
|
||||
- build-essential
|
||||
- certbot
|
||||
- curl
|
||||
- debian-keyring
|
||||
- debian-archive-keyring
|
||||
- git
|
||||
- golang
|
||||
- man-db
|
||||
- manpages
|
||||
- ssh
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- rsync
|
||||
- wget
|
||||
users:
|
||||
- name: debian
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@si.local
|
||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
||||
shell: /bin/bash
|
||||
lock_passwd: true
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.27:514"
|
||||
filename: 99-forward.conf
|
||||
remotes:
|
||||
logs: 10.0.0.27
|
||||
timezone: America/Chicago
|
@ -1,54 +0,0 @@
|
||||
#cloud-config
|
||||
yum_repos:
|
||||
tailscale-stable:
|
||||
name: Tailscale stable
|
||||
baseurl: https://pkgs.tailscale.com/stable/fedora/x86_64
|
||||
enabled: true
|
||||
type: rpm
|
||||
repo_gpgcheck: true
|
||||
gpgcheck: false
|
||||
gpgkey: https://pkgs.tailscale.com/stable/fedora/repo.gpg
|
||||
caddy:
|
||||
name: Copr repo for caddy owned by @caddy
|
||||
baseurl: https://download.copr.fedorainfracloud.org/results/@caddy/caddy/fedora-38-x86_64/
|
||||
type: rpm-md
|
||||
skip_if_unavailable: true
|
||||
gpgcheck: true
|
||||
gpgkey: https://download.copr.fedorainfracloud.org/results/@caddy/caddy/pubkey.gpg
|
||||
repo_gpgcheck: 0
|
||||
enabled: true
|
||||
enabled_metadata: 1
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- '@c-development'
|
||||
- '@development-tools'
|
||||
- curl
|
||||
- dnf-automatic
|
||||
- git
|
||||
- golang
|
||||
- python3-devel
|
||||
- python3-pip
|
||||
- rsync
|
||||
- openssh
|
||||
- wget
|
||||
- caddy
|
||||
- vim
|
||||
- tailscale
|
||||
users:
|
||||
- name: fedora
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@nexus.local
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPnZBvorp/NDi5MNmrBqeSTnY3sNiZVNPF91dORH94Y jas@evergloam
|
||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
||||
shell: /bin/bash
|
||||
lock_passwd: true
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.27:514"
|
||||
filename: 99-forward.conf
|
||||
remotes:
|
||||
logs: 10.0.0.27
|
||||
timezone: America/Chicago
|
||||
runcmd:
|
||||
- printf "fastestmirror=True\ndeltarpm=True\nmax_parallel_downloads=10\n" | tee -a /etc/dnf/dnf.conf
|
@ -1,63 +0,0 @@
|
||||
#cloud-config
|
||||
yum_repos:
|
||||
tailscale-stable:
|
||||
name: Tailscale stable
|
||||
baseurl: https://pkgs.tailscale.com/stable/fedora/x86_64
|
||||
enabled: true
|
||||
type: rpm
|
||||
repo_gpgcheck: true
|
||||
gpgcheck: false
|
||||
gpgkey: https://pkgs.tailscale.com/stable/fedora/repo.gpg
|
||||
charm:
|
||||
name: Charm
|
||||
baseurl: https://repo.charm.sh/yum/
|
||||
enabled: true
|
||||
gpgcheck: true
|
||||
gpgkey: https://repo.charm.sh/yum/gpg.key
|
||||
caddy:
|
||||
name: Copr repo for caddy owned by @caddy
|
||||
baseurl: https://download.copr.fedorainfracloud.org/results/@caddy/caddy/fedora-38-x86_64/
|
||||
type: rpm-md
|
||||
skip_if_unavailable: true
|
||||
gpgcheck: true
|
||||
gpgkey: https://download.copr.fedorainfracloud.org/results/@caddy/caddy/pubkey.gpg
|
||||
repo_gpgcheck: 0
|
||||
enabled: true
|
||||
enabled_metadata: 1
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
packages:
|
||||
- '@c-development'
|
||||
- '@development-tools'
|
||||
- certbot
|
||||
- curl
|
||||
- dnf-automatic
|
||||
- git
|
||||
- golang
|
||||
- python3-devel
|
||||
- python3-pip
|
||||
- rsync
|
||||
- openssh
|
||||
- wget
|
||||
- caddy
|
||||
- soft-serve
|
||||
- vim
|
||||
- tailscale
|
||||
users:
|
||||
- name: fedora
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOmibToJQ8JZpSFLH3482oxvpD56QAfu4ndoofbew5t jas@nexus.local
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItZX/e12RMbdTov8HYLTLTiY0U08X8z73LXdlRMNkTZ jas@moonshadow
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPnZBvorp/NDi5MNmrBqeSTnY3sNiZVNPF91dORH94Y jas@evergloam
|
||||
sudo: 'ALL=(ALL) NOPASSWD: ALL'
|
||||
shell: /bin/bash
|
||||
lock_passwd: true
|
||||
rsyslog:
|
||||
configs:
|
||||
- content: "*.* @10.0.0.27:514"
|
||||
filename: 99-forward.conf
|
||||
remotes:
|
||||
logs: 10.0.0.27
|
||||
timezone: America/Chicago
|
||||
runcmd:
|
||||
- printf "fastestmirror=True\ndeltarpm=True\nmax_parallel_downloads=10\n" | tee -a /etc/dnf/dnf.conf
|
@ -1,5 +0,0 @@
|
||||
[homelab]
|
||||
debian-archive
|
||||
debian-serv
|
||||
fedora-transmission
|
||||
ubuntu-mastodon
|
15
inventory.yml
Normal file
15
inventory.yml
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
homelab:
|
||||
hosts:
|
||||
pi0:
|
||||
ansible_user: dietpi
|
||||
ansible_host: 10.0.0.10
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
pi1:
|
||||
ansible_user: dietpi
|
||||
ansible_host: 10.0.0.11
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
pi2:
|
||||
ansible_user: dietpi
|
||||
ansible_host: 10.0.0.12
|
||||
ansible_python_interpreter: /usr/bin/python3
|
@ -1,25 +0,0 @@
|
||||
[general]
|
||||
accounts = protonmail
|
||||
metadata = /home/debian/.offlineimap-metadata
|
||||
|
||||
[Account protonmail]
|
||||
localrepository = protonmail-local
|
||||
remoterepository = protonmail-remote
|
||||
autorefresh = 1
|
||||
postsynchook = notmuch new
|
||||
|
||||
[Repository protonmail-local]
|
||||
type = Maildir
|
||||
localfolders = /home/debian/mail
|
||||
sync_deletes = no
|
||||
|
||||
[Repository protonmail-remote]
|
||||
type = IMAP
|
||||
remoteuser = hyperreal64@pm.me
|
||||
remotepass =
|
||||
remotehost = 127.0.0.1
|
||||
remoteport = 1143
|
||||
ssl = no
|
||||
starttls = no
|
||||
expunge = yes
|
||||
readonly = True
|
@ -1,37 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# This script must be run as the same user running offlineimap, which is
|
||||
# preferably a non-privileged user.
|
||||
#
|
||||
# This script should be daemonized (forked to bg) or used as the value of
|
||||
# the ExecStart= directive in a systemd service file.
|
||||
set -exo pipefail
|
||||
|
||||
# If "init" is supplied as arg $1, initialize the bridge.
|
||||
if [[ "$1" == "init" ]]; then
|
||||
|
||||
# Initialize pass
|
||||
gpg --generate-key --batch <<EOF
|
||||
%no-protection
|
||||
%echo Generating a basic OpenPGP key
|
||||
Key-Type: RSA
|
||||
Key-Length: 2048
|
||||
Name-Real: pass-key
|
||||
Expire-Date: 0
|
||||
%commit
|
||||
%echo done
|
||||
EOF
|
||||
pass init pass-key
|
||||
|
||||
# Kill other instance of protonmail-bridge as only one can be running at a
|
||||
# time.
|
||||
pkill protonmail-bridge || true
|
||||
|
||||
# Login
|
||||
protonmail-bridge --cli "$@"
|
||||
else
|
||||
# Start protonmail-bridge in a fake tty, so it does not quit because of EOF.
|
||||
rm -f /tmp/faketty
|
||||
mkfifo /tmp/faketty
|
||||
cat /tmp/faketty | protonmail-bridge --cli "$@"
|
||||
fi
|
@ -1,161 +0,0 @@
|
||||
---
|
||||
# tasks file for debian-mail
|
||||
|
||||
- name: Install vimrc
|
||||
ansible.builtin.import_role:
|
||||
name: vimrc
|
||||
vars:
|
||||
user: "debian"
|
||||
|
||||
- name: Fetch bridge_pubkey.gpg
|
||||
ansible.builtin.get_url:
|
||||
url: https://proton.me/download/bridge/bridge_pubkey.gpg
|
||||
dest: /tmp/bridge_pubkey.gpg
|
||||
|
||||
- name: Sign bridge_pubkey.gpg
|
||||
ansible.builtin.shell:
|
||||
cmd: rm -f debsig.gpg && gpg --dearmor --output debsig.gpg bridge_pubkey.gpg
|
||||
chdir: /tmp
|
||||
|
||||
- name: Create keyring directory
|
||||
ansible.builtin.file:
|
||||
path: /usr/share/debsig/keyrings/E2C75D68E6234B07
|
||||
state: directory
|
||||
recurse: true
|
||||
|
||||
- name: Move debsig.gpg to keyring directory
|
||||
ansible.builtin.copy:
|
||||
src: /tmp/debsig.gpg
|
||||
dest: /usr/share/debsig/keyrings/E2C75D68E6234B07
|
||||
remote_src: true
|
||||
|
||||
- name: Create policy directory
|
||||
ansible.builtin.file:
|
||||
path: /etc/debsig/policies/E2C75D68E6234B07
|
||||
state: directory
|
||||
recurse: true
|
||||
|
||||
- name: Fetch and install the policy file
|
||||
ansible.builtin.get_url:
|
||||
url: https://proton.me/download/bridge/bridge.pol
|
||||
dest: /etc/debsig/policies/E2C75D68E6234B07//bridge.pol
|
||||
|
||||
- name: Fetch protonmail-bridge DEB package
|
||||
ansible.builtin.get_url:
|
||||
url: https://proton.me/download/bridge/protonmail-bridge_3.2.0-1_amd64.deb
|
||||
dest: /tmp/protonmail-bridge_3.2.0-1_amd64.deb
|
||||
|
||||
- name: Verify the signature on the protonmail-bridge package file
|
||||
ansible.builtin.shell:
|
||||
cmd: debsig-verify protonmail-bridge_3.2.0-1_amd64.deb
|
||||
chdir: /tmp
|
||||
register: debsig_output
|
||||
failed_when: '"Verified package" not in debsig_output.stdout or debsig_output.rc != 0'
|
||||
|
||||
- name: Install protonmail-bridge_3.2.0-1_amd64.deb
|
||||
ansible.builtin.apt:
|
||||
deb: /tmp/protonmail-bridge_3.2.0-1_amd64.deb
|
||||
|
||||
- name: Copy systemd unit files for offlineimap
|
||||
ansible.builtin.copy:
|
||||
src: /usr/share/doc/offlineimap3/examples/systemd/offlineimap-oneshot.service
|
||||
dest: /etc/systemd/system/offlineimap-oneshot.service
|
||||
remote_src: true
|
||||
|
||||
- name: Change running user and group to debian for offlineimap-oneshot.service
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/systemd/system/offlineimap-oneshot.service
|
||||
insertafter: "Type=oneshot"
|
||||
block: |
|
||||
User=debian
|
||||
Group=debian
|
||||
|
||||
- name: Create offlineimap-oneshot.timer
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/systemd/system/offlineimap-oneshot.timer
|
||||
create: true
|
||||
block: |
|
||||
[Unit]
|
||||
Description=Offlineimap Query Timer
|
||||
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
|
||||
- name: Create pm-bridge-tty.service
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/systemd/system/pm-bridge-tty.service
|
||||
create: true
|
||||
block: |
|
||||
[Unit]
|
||||
Description=faketty service for protonmail-bridge
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=debian
|
||||
Group=debian
|
||||
ExecStart=/usr/local/bin/pm-bridge-tty
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- name: Copy offlineimaprc for debian
|
||||
ansible.builtin.copy:
|
||||
src: files/offlineimaprc
|
||||
dest: /home/debian/.offlineimaprc
|
||||
owner: debian
|
||||
group: debian
|
||||
|
||||
- name: Copy protonmail-bridge faketty script
|
||||
ansible.builtin.copy:
|
||||
src: files/pm-bridge-tty
|
||||
dest: /usr/local/bin/pm-bridge-tty
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
|
||||
- name: Enable offlineimap systemd timer
|
||||
ansible.builtin.systemd:
|
||||
name: offlineimap-oneshot.timer
|
||||
enabled: true
|
||||
|
||||
- name: Create archivebox.service
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/systemd/system/archivebox.service
|
||||
create: true
|
||||
block: |
|
||||
[Unit]
|
||||
Description=Archivebox server
|
||||
After=network.target network-online.target
|
||||
Requires=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=debian
|
||||
Group=debian
|
||||
ExecStart=/usr/local/bin/archivebox server 0.0.0.0:8000
|
||||
WorkingDirectory=/home/debian/data
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
- name: Install Archivebox
|
||||
ansible.builtin.shell:
|
||||
cmd: sudo pip install archivebox --break-system-packages
|
||||
|
||||
- name: Message to Ansible user
|
||||
ansible.builtin.debug:
|
||||
msg:
|
||||
- "Run 'pm-bridge-tty init' to initialize the bridge."
|
||||
- "Login to Proton Mail with your user credentials."
|
||||
- "Wait for the sync to finish."
|
||||
- "Copy SMTP password and add it to /home/debian/.offlineimaprc"
|
||||
- "Run 'notmuch setup'"
|
||||
- "sudo systemctl enable --now pm-bridge-tty.service"
|
||||
- "sudo systemctl start offlineimap-oneshot.service"
|
||||
- "sudo systemctl enable offlineimap-oneshot.timer"
|
||||
- "mkdir /home/debian/data"
|
||||
- "cd /home/debian/data"
|
||||
- "archivebox init"
|
@ -1,7 +0,0 @@
|
||||
---
|
||||
# defaults file for debian-serv
|
||||
|
||||
caddy_pubkey_url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
|
||||
caddy_sources_url: https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt
|
||||
tailscale_pubkey_url: https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg
|
||||
tailscale_sources_url: https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list
|
@ -1,80 +0,0 @@
|
||||
---
|
||||
# tasks file for debian-serv
|
||||
|
||||
- name: Install vimrc
|
||||
ansible.builtin.import_role:
|
||||
name: vimrc
|
||||
vars:
|
||||
user: "debian"
|
||||
|
||||
- name: Fetch Caddy pubkey
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ caddy_pubkey_url }}"
|
||||
dest: /tmp/gpg.key
|
||||
|
||||
- name: Sign Caddy pubkey
|
||||
ansible.builtin.shell:
|
||||
cmd: gpg --dearmor -o caddy-stable-archive-keyring.gpg gpg.key && rm -f gpg.key
|
||||
chdir: /tmp
|
||||
|
||||
- name: Copy signed key to /usr/share/keyrings/caddy-stable-archive-keyring.gpg
|
||||
ansible.builtin.copy:
|
||||
src: /tmp/caddy-stable-archive-keyring.gpg
|
||||
dest: /usr/share/keyrings/caddy-stable-archive-keyring.gpg
|
||||
remote_src: true
|
||||
|
||||
- name: Fetch Caddy sources.list
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ caddy_sources_url }}"
|
||||
dest: /etc/apt/sources.list.d/caddy-stable.list
|
||||
|
||||
- name: Fetch Tailscale pubkey
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ tailscale_pubkey_url }}"
|
||||
dest: /usr/share/keyrings/tailscale-archive-keyring.gpg
|
||||
|
||||
- name: Fetch Tailscale sources.list
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ tailscale_sources_url }}"
|
||||
dest: /etc/apt/sources.list.d/tailscale.list
|
||||
|
||||
- name: Install Caddy and Tailscale
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- caddy
|
||||
- tailscale
|
||||
update_cache: true
|
||||
|
||||
- name: Fetch molly-brown repo
|
||||
ansible.builtin.git:
|
||||
repo: https://tildegit.org/solderpunk/molly-brown.git
|
||||
dest: /tmp/molly-brown
|
||||
|
||||
- name: Build molly-brown binary with Go
|
||||
ansible.builtin.shell:
|
||||
cmd: go build
|
||||
chdir: /tmp/molly-brown
|
||||
|
||||
- name: Copy molly-brown binary to /usr/local/bin
|
||||
ansible.builtin.copy:
|
||||
src: /tmp/molly-brown/molly-brown
|
||||
dest: /usr/local/bin/molly-brown
|
||||
remote_src: true
|
||||
|
||||
- name: Copy molly-brown.service for systemd
|
||||
ansible.builtin.copy:
|
||||
src: /tmp/molly-brown/contrib/init/molly-brown.service.example
|
||||
dest: /etc/systemd/system/molly-brown.service
|
||||
remote_src: true
|
||||
|
||||
- name: Set User directive in molly-brown.service
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/systemd/system/molly-brown.service
|
||||
search_string: "User=molly"
|
||||
line: "User={{ ansible_user }}"
|
||||
|
||||
- name: Set Group directive in molly-brown.service
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/systemd/system/molly-brown.service
|
||||
insertafter: '^User'
|
||||
line: "Group={{ ansible_user }}"
|
@ -1,17 +0,0 @@
|
||||
---
|
||||
# tasks file for update
|
||||
|
||||
- name: Update packages on all Debian/Ubuntu systems
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
when:
|
||||
- ansible_facts["os_family"] == "Debian"
|
||||
|
||||
- name: Update packages on Fedora systems
|
||||
ansible.builtin.dnf:
|
||||
name: "*"
|
||||
state: latest
|
||||
when:
|
||||
- ansible_facts["distribution"] == "Fedora"
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
# tasks file for vimrc
|
||||
|
||||
- name: Clone vimrc gist
|
||||
ansible.builtin.git:
|
||||
repo: https://gist.github.com/90c3b2fcc9d70cf06e9f3660e0d15a48.git
|
||||
dest: /tmp/vimrc
|
||||
|
||||
- name: Copy vimrc to /root/.vimrc
|
||||
ansible.builtin.copy:
|
||||
src: /tmp/vimrc/.vimrc
|
||||
dest: /root/.vimrc
|
||||
remote_src: true
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Copy vimrc to /home/{{ user }}/.vimrc
|
||||
ansible.builtin.copy:
|
||||
src: /tmp/vimrc/.vimrc
|
||||
dest: "/home/{{ user }}/.vimrc"
|
||||
remote_src: true
|
||||
owner: "{{ user }}"
|
||||
group: "{{ user }}"
|
170
setup.yml
170
setup.yml
@ -1,7 +1,165 @@
|
||||
- name: Setup homelab LXC containers
|
||||
---
|
||||
- name: Setup homelab basics for DietPi systems
|
||||
hosts: homelab
|
||||
roles:
|
||||
# Tag each role so that we can select individual roles to run with ansible-playbook --tags
|
||||
- {role: update, tags: ['update']}
|
||||
- {role: debian-archive, tags: ['debian-archive']}
|
||||
- {role: debian-serv, tags: ['debian-serv']}
|
||||
become: true
|
||||
tasks:
|
||||
- name: Update apt cache
|
||||
ansible.builtin.apt:
|
||||
cache_valid_time: 1200
|
||||
|
||||
- name: Update cache and all packages
|
||||
register: updatesys
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
update_cache: true
|
||||
|
||||
- name: Display the last line of the previous task to check the stats
|
||||
ansible.builtin.debug:
|
||||
msg: "{{updatesys.stdout_lines|last}}"
|
||||
|
||||
- name: Install basic packages
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
name:
|
||||
- apt-file
|
||||
- apt-listchanges
|
||||
- apt-utils
|
||||
- atop
|
||||
- autoconf
|
||||
- automake
|
||||
- build-essential
|
||||
- byobu
|
||||
- clamav
|
||||
- clamav-daemon
|
||||
- clamav-freshclam
|
||||
- cmake
|
||||
- curl
|
||||
- firewalld
|
||||
- git
|
||||
- glances
|
||||
- htop
|
||||
- httpie
|
||||
- ifplugd
|
||||
- iotop
|
||||
- less
|
||||
- libpam-systemd
|
||||
- lynis
|
||||
- man-db
|
||||
- manpages
|
||||
- nfs-common
|
||||
- nmon
|
||||
- pipx
|
||||
- python3-dev
|
||||
- python3-pip
|
||||
- rkhunter
|
||||
- rsync
|
||||
- unattended-upgrades
|
||||
- vim
|
||||
- wget
|
||||
- zsh
|
||||
state: present
|
||||
|
||||
- name: Unmask systemd-logind
|
||||
ansible.builtin.systemd_service:
|
||||
name: systemd-logind
|
||||
enabled: true
|
||||
masked: no
|
||||
|
||||
- name: Configure ifplugd for eth0 interface
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/default/ifplugd
|
||||
search_string: "INTERFACES="
|
||||
line: 'INTERFACES="eth0"'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Ensure ifplugd service is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: ifplugd
|
||||
enabled: true
|
||||
|
||||
- name: Ensure systemd-networkd is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: systemd-networkd
|
||||
enabled: true
|
||||
|
||||
- name: Ensure clamav-daemon is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: clamav-daemon
|
||||
enabled: true
|
||||
|
||||
- name: Ensure clamav-freshclam is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: clamav-freshclam
|
||||
enabled: true
|
||||
|
||||
- name: Ensure man-db.timer is enabled
|
||||
ansible.builtin.systemd_service:
|
||||
name: man-db.timer
|
||||
enabled: true
|
||||
|
||||
- name: Configure systemd-networkd for eth0 interface
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/systemd/network/eth0.network
|
||||
create: true
|
||||
block: |
|
||||
[Match]
|
||||
Name=eth0
|
||||
|
||||
[Network]
|
||||
DHCP=yes
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Configure unattended-upgrades mail user
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
search_string: "//Unattended-Upgrade::Mail"
|
||||
line: 'Unattended-Upgrade::Mail "dietpi";'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Configure unattended-upgrades automatic reboot
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
search_string: "//Unattended-Upgrade::Automatic-Reboot"
|
||||
line: 'Unattended-Upgrade::Automatic-Reboot "true";'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Disable apt downloading translations
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/apt/apt.conf.d/99translations
|
||||
create: true
|
||||
line: 'Acquire::Languages "none";'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
|
||||
- name: Set the shell to zsh for dietpi user
|
||||
ansible.builtin.user:
|
||||
name: dietpi
|
||||
shell: /usr/bin/zsh
|
||||
|
||||
- name: Check if reboot is required
|
||||
ansible.builtin.stat:
|
||||
path: /var/run/reboot-required
|
||||
register: reboot_required
|
||||
|
||||
- name: Set is_reboot_required fact
|
||||
ansible.builtin.set_fact:
|
||||
is_reboot_required: "{{ True if reboot_required.stat.exists else False }}"
|
||||
|
||||
- name: Reboot is needed
|
||||
ansible.builtin.reboot:
|
||||
reboot_timeout: 120
|
||||
when: is_reboot_required | bool
|
||||
|
||||
- name: Post-reboot confirmation
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ ansible_host }} is now back up and running"
|
||||
when: is_reboot_required | bool
|
||||
|
Loading…
Reference in New Issue
Block a user