Reorganise

roles/debian/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart avahi
+  service:
+    name: avahi-daemon
+    state: restarted

roles/debian/tasks/main.yml

@@ -0,0 +1,39 @@
+- name: Set a hostname
+  become: true
+  ansible.builtin.hostname:
+    name: '{{ inventory_hostname.split(".")[0] | lower }}'
+    use: debian
+
+- name: Set the timezone
+  become: true
+  community.general.timezone:
+    name: Australia/Perth
+
+- name: Install some standard packages
+  become: true
+  apt:
+    update_cache: yes
+    pkg:
+    - avahi-daemon
+    - curl
+    - fish
+    - git
+    - libnss-mdns
+    - nnn
+    - rsync
+    - sudo
+    - tmux
+    - trash-cli
+
+- name: Add 'fern' user
+  become: true
+  user:
+    name: fern
+    shell: /usr/bin/fish
+
+- name: Set sudo rules
+  become: true
+  community.general.sudoers:
+    name: sudo
+    commands: ALL
+    user: fern

roles/nfs-client/tasks/main.yml

@@ -0,0 +1,32 @@
+- name: Install nfs-common
+  become: true
+  apt:
+    pkg:
+    - nfs-common
+
+- name: Mount /media/tv
+  become: true
+  ansible.posix.mount:
+    src: 10.0.1.101:/export/tv
+    path: /media/tv
+    opts: default
+    state: mounted
+    fstype: nfs
+
+- name: Mount /media/film
+  become: true
+  ansible.posix.mount:
+    src: 10.0.1.101:/export/film
+    path: /media/film
+    opts: default
+    state: mounted
+    fstype: nfs
+
+- name: Mount /media/misc
+  become: true
+  ansible.posix.mount:
+    src: 10.0.1.101:/export/misc
+    path: /media/misc
+    opts: default
+    state: mounted
+    fstype: nfs

roles/nfs-server/tasks/main.yml

@@ -0,0 +1,23 @@
+- name: Mount /export/tv
+  become: true
+  ansible.posix.mount:
+    src: UUID=fcee0188-8ca1-4fda-81b7-f5920c79ab48
+    path: /export/tv
+    state: mounted
+    fstype: ext4
+
+- name: Mount /export/film
+  become: true
+  ansible.posix.mount:
+    src: UUID=5d9dd538-79e4-4168-be91-e0b040155cb3
+    path: /export/film
+    state: mounted
+    fstype: ext4
+
+- name: Mount /export/misc
+  become: true
+  ansible.posix.mount:
+    src: UUID=5a43b7dc-3e28-459e-824a-ad45b5475361
+    path: /export/misc
+    state: mounted
+    fstype: ext4

roles/sshd/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart SSHD
+  service:
+    name: sshd
+    state: restarted

roles/sshd/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Add SSH Key - fern@muskduck
+  ansible.posix.authorized_key:
+    user: fern
+    state: present
+    key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519.pub') }}"
+
+- name: Add SSH Key - YubiKey
+  ansible.posix.authorized_key:
+    user: fern
+    state: present
+    key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519_sk.pub') }}"
+
+- name: Add SSH Key - fairywren
+  ansible.posix.authorized_key:
+    user: fern
+    state: present
+    key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8W3zggrj6ml/VZWem9l21SWK3yffgw5RkdgF6fG6jo u0_a336@localhostsk-ssh-ed25519@openssh.com"
+
+- name: Disable root login
+  become: true
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^PermitRootLogin"
+    line: "PermitRootLogin no"
+    backup: yes
+  notify: restart sshd

roles/vm/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart qemu-guest-agent
+  service:
+    name: qemu-guest-agent
+    state: restarted

roles/vm/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: Install qemu-guest-agent package
+  become: true
+  apt:
+    pkg:
+    - qemu-guest-agent