mirror of
https://codeberg.org/hyperreal/ansible-homelab
synced 2024-11-01 16:43:09 +01:00
187 lines
4.8 KiB
YAML
187 lines
4.8 KiB
YAML
---
|
|
- name: Provision a Debian server on a virtual machine
|
|
hosts: vms
|
|
become: true
|
|
tasks:
|
|
- name: Configure APT sources
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/apt/sources.list
|
|
block: |
|
|
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
|
|
deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
|
|
deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Disable apt downloading translations
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/apt/apt.conf.d/99translations
|
|
create: true
|
|
line: 'Acquire::Languages "none";'
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Update cache and all packages
|
|
register: updatesys
|
|
ansible.builtin.apt:
|
|
upgrade: dist
|
|
update_cache: true
|
|
|
|
- name: Display the last line of the previous task to check the stats
|
|
ansible.builtin.debug:
|
|
msg: "{{updatesys.stdout_lines|last}}"
|
|
|
|
- name: Install basic packages
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
name:
|
|
- apt-file
|
|
- apt-listchanges
|
|
- apt-utils
|
|
- atop
|
|
- autoconf
|
|
- automake
|
|
- bat
|
|
- build-essential
|
|
- byobu
|
|
- cmake
|
|
- curl
|
|
- firewalld
|
|
- git
|
|
- htop
|
|
- jc
|
|
- jq
|
|
- less
|
|
- man-db
|
|
- manpages
|
|
- pipx
|
|
- python3-dev
|
|
- python3-pip
|
|
- rclone
|
|
- rsync
|
|
- sudo
|
|
- systemd-resolved
|
|
- unattended-upgrades
|
|
- vim
|
|
- wget
|
|
- zsh
|
|
state: present
|
|
|
|
- name: Ensure man-db.timer is enabled
|
|
ansible.builtin.systemd_service:
|
|
name: man-db.timer
|
|
enabled: true
|
|
|
|
- name: Copy 20auto-upgrades
|
|
ansible.builtin.copy:
|
|
src: etc/apt/apt.conf.d/20auto-upgrades
|
|
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Copy 50unattended-upgrades
|
|
ansible.builtin.copy:
|
|
src: etc/apt/apt.conf.d/50unattended-upgrades
|
|
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Ensure unattended-upgrades is enabled
|
|
ansible.builtin.systemd_service:
|
|
name: unattended-upgrades
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Ensure firewalld is enabled
|
|
ansible.builtin.systemd_service:
|
|
name: firewalld
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Ensure sudo no password privileges for the user 'jas'
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/sudoers.d/jas
|
|
create: true
|
|
state: present
|
|
line: "jas ALL=(ALL) NOPASSWD: ALL"
|
|
owner: root
|
|
group: root
|
|
mode: "0640"
|
|
validate: /usr/sbin/visudo -csf %s
|
|
|
|
- name: Ensure the shell is set to zsh for user
|
|
ansible.builtin.user:
|
|
name: jas
|
|
shell: /usr/bin/zsh
|
|
|
|
- name: Ensure ethernet interface is configured for systemd-networkd
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/systemd/network/ens3.network
|
|
create: true
|
|
state: present
|
|
block: |
|
|
[Match]
|
|
Name=ens3
|
|
|
|
[Network]
|
|
DHCP=yes
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Ensure systemd-networkd is enabled
|
|
ansible.builtin.systemd_service:
|
|
name: systemd-networkd
|
|
enabled: true
|
|
|
|
- name: Ensure systemd-resolved is enabled
|
|
ansible.builtin.systemd_service:
|
|
name: systemd-resolved
|
|
enabled: true
|
|
|
|
- name: Ensure default network.service is disabled
|
|
ansible.builtin.systemd_service:
|
|
name: networking
|
|
enabled: false
|
|
|
|
- name: Ensure glances systemd unit is in place for user
|
|
ansible.builtin.blockinfile:
|
|
path: /home/jas/.config/systemd/user/glances.service
|
|
create: true
|
|
state: present
|
|
block: |
|
|
[Unit]
|
|
Description=Glances
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStart=/home/jas/.local/bin/glances -s
|
|
Restart=always
|
|
RemainAfterExit=no
|
|
|
|
[Install]
|
|
WantedBy=default.target
|
|
owner: jas
|
|
group: jas
|
|
mode: "0644"
|
|
|
|
- name: Ensure empty .zshrc is in place for user
|
|
ansible.builtin.file:
|
|
path: /home/jas/.zshrc
|
|
state: touch
|
|
owner: jas
|
|
group: jas
|
|
mode: "0644"
|
|
|
|
- name: Reboot the system
|
|
ansible.builtin.reboot:
|
|
reboot_timeout: 120
|
|
|
|
- name: Post-reboot confirmation
|
|
ansible.builtin.debug:
|
|
msg: "{{ ansible_host }} is now back up and running"
|