From 75cacd31824026d4b775e4857202943f00b92ce6 Mon Sep 17 00:00:00 2001 From: Fern Garden Date: Thu, 8 May 2025 09:17:30 +0800 Subject: [PATCH] meow :3 --- flock.yml | 6 ++ hosts.yml | 45 -------------- inventory/hosts.yml | 40 ++++++++++++ {files => plays/files}/quitcd.fish | 0 plays/install-software.yml | 5 ++ plays/provision-guest.yml | 62 +++++++++++++++++++ .../tasks/provisioning}/debian.yml | 13 +--- plays/tasks/provisioning/lxc.yml | 11 ++++ .../tasks/provisioning/mount-hdds.yml | 10 --- .../tasks/provisioning/nfs-client.yml | 0 .../tasks/provisioning/post-install.yml | 0 .../guest => plays/tasks/provisioning}/vm.yml | 0 provision-guest.yml | 45 -------------- tasks/provisioning/extras/docker.yml | 31 ---------- tasks/provisioning/guest/lxc.yml | 5 -- 15 files changed, 125 insertions(+), 148 deletions(-) create mode 100644 flock.yml delete mode 100644 hosts.yml create mode 100644 inventory/hosts.yml rename {files => plays/files}/quitcd.fish (100%) create mode 100644 plays/install-software.yml create mode 100644 plays/provision-guest.yml rename {tasks/provisioning/distro => plays/tasks/provisioning}/debian.yml (83%) create mode 100644 plays/tasks/provisioning/lxc.yml rename tasks/provisioning/nfs/server.yml => plays/tasks/provisioning/mount-hdds.yml (53%) rename tasks/provisioning/nfs/client.yml => plays/tasks/provisioning/nfs-client.yml (100%) rename tasks/provisioning/post-install/ssh.yml => plays/tasks/provisioning/post-install.yml (100%) rename {tasks/provisioning/guest => plays/tasks/provisioning}/vm.yml (100%) delete mode 100644 provision-guest.yml delete mode 100644 tasks/provisioning/extras/docker.yml delete mode 100644 tasks/provisioning/guest/lxc.yml diff --git a/flock.yml b/flock.yml new file mode 100644 index 0000000..75290ac --- /dev/null +++ b/flock.yml @@ -0,0 +1,6 @@ +--- +- name: Provision Guest + ansible.builtin.import_playbook: ./plays/provision-guest.yml + +- name: Install Software + ansible.builtin.import_playbook: ./plays/install-software.yml diff --git a/hosts.yml b/hosts.yml deleted file mode 100644 index bc34de8..0000000 --- a/hosts.yml +++ /dev/null @@ -1,45 +0,0 @@ -templates: - hosts: - template-vm: - template-vm-docker: - template-lxc: - -lxc: - hosts: - template-lxc: - ansible_user: root - ansible_ssh_user: root - jellyfin: - ansible_host: 10.0.1.105 - technitium: - ansible_host: 10.0.1.111 - immich: - ansible_host: 10.0.1.104 - -vm: - children: - docker: - hosts: - template-vm: - media-share: - ansible_host: 10.0.1.101 - -docker: - hosts: - template-vm-docker: - fern-garden: - ansible_host: 10.0.1.102 - ferngarden-net: - ansible_host: 10.0.1.116 - minecraft: - ansible_host: 10.0.1.107 - -nfs-client: - hosts: - fern-garden: - ferngarden-net: - jellyfin: - -nfs-server: - hosts: - media-share: diff --git a/inventory/hosts.yml b/inventory/hosts.yml new file mode 100644 index 0000000..a21e5ae --- /dev/null +++ b/inventory/hosts.yml @@ -0,0 +1,40 @@ +--- +ungrouped: + hosts: + technitium.local: + immich.local: + monitoring.local: + administration.local: + fern-garden.local: + ferngarden-net.local: + minecraft.local: + +lxc: + hosts: + jellyfin.local: + technitium.local: + immich.local: + monitoring.local: + administration.local: + +vm: + children: + docker: + hosts: + #media-share.local: + +docker: + hosts: + fern-garden.local: + ferngarden-net.local: + minecraft.local: + +nfs-client: + hosts: + fern-garden.local: + ferngarden-net.local: + jellyfin.local: + +nfs-server: + hosts: + #media-share: diff --git a/files/quitcd.fish b/plays/files/quitcd.fish similarity index 100% rename from files/quitcd.fish rename to plays/files/quitcd.fish diff --git a/plays/install-software.yml b/plays/install-software.yml new file mode 100644 index 0000000..3f94332 --- /dev/null +++ b/plays/install-software.yml @@ -0,0 +1,5 @@ +--- +- hosts: jellyfin.local + become: true + roles: + - tomhesse.jellyfin diff --git a/plays/provision-guest.yml b/plays/provision-guest.yml new file mode 100644 index 0000000..83ba59c --- /dev/null +++ b/plays/provision-guest.yml @@ -0,0 +1,62 @@ +--- +- hosts: all + become: true + vars: + resolv_nameservers: + - 10.0.1.1 + roles: + - lifeofguenter.resolvconf + - hifis.toolkit.unattended_upgrades + tasks: + - import_tasks: ./tasks/provisioning/debian.yml + +- hosts: vm + become: true + tasks: + - import_tasks: ./tasks/provisioning/vm.yml + +- hosts: lxc + become: true + tasks: + - import_tasks: ./tasks/provisioning/lxc.yml + +- hosts: docker + become: true + vars: + docker_users: + - fern + roles: + - geerlingguy.docker + +- hosts: nfs-server + become: true + tasks: + - import_tasks: ./tasks/provisioning/mount-hdds.yml + +- hosts: nfs-server + become: true + vars: + nfs_exports: [ + "/export/film 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)", + "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)", + "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)" + ] + roles: + - geerlingguy.nfs + +- hosts: nfs-client + become: true + tasks: + - import_tasks: ./tasks/provisioning/nfs-client.yml + +- hosts: all + become: true + vars: + sshd_config_file: /etc/ssh/sshd_config + tasks: + - import_tasks: ./tasks/provisioning/post-install.yml + handlers: + - name: restart sshd + service: + name: sshd + state: restarted diff --git a/tasks/provisioning/distro/debian.yml b/plays/tasks/provisioning/debian.yml similarity index 83% rename from tasks/provisioning/distro/debian.yml rename to plays/tasks/provisioning/debian.yml index 830ad51..c1ebb1e 100644 --- a/tasks/provisioning/distro/debian.yml +++ b/plays/tasks/provisioning/debian.yml @@ -1,6 +1,6 @@ - name: Set a hostname ansible.builtin.hostname: - name: '{{ inventory_hostname }}' + name: '{{ inventory_hostname.split(".")[0] | lower }}' use: debian - name: Set the timezone @@ -22,11 +22,6 @@ repo: deb https://mirror.aarnet.edu.au/debian-security bookworm-security main contrib state: present -- name: Update sources & upgrade - apt: - update_cache: true - upgrade: dist - - name: Install some standard packages apt: pkg: @@ -54,9 +49,3 @@ user: name: fern shell: /usr/bin/fish - -- name: Set sudo rules - community.general.sudoers: - name: sudo - commands: ALL - user: fern diff --git a/plays/tasks/provisioning/lxc.yml b/plays/tasks/provisioning/lxc.yml new file mode 100644 index 0000000..75cdbc1 --- /dev/null +++ b/plays/tasks/provisioning/lxc.yml @@ -0,0 +1,11 @@ +- name: Add SSH Key + ansible.posix.authorized_key: + user: fern + state: present + key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519.pub') }}" + +- name: Set sudo rules + community.general.sudoers: + name: sudo + commands: ALL + user: fern diff --git a/tasks/provisioning/nfs/server.yml b/plays/tasks/provisioning/mount-hdds.yml similarity index 53% rename from tasks/provisioning/nfs/server.yml rename to plays/tasks/provisioning/mount-hdds.yml index 6004ebb..2e5f7b0 100644 --- a/tasks/provisioning/nfs/server.yml +++ b/plays/tasks/provisioning/mount-hdds.yml @@ -18,13 +18,3 @@ path: /export/misc state: mounted fstype: ext4 - -# - name: Set up NFS exports -# vars: -# nfs_exports: [ -# "/export/film 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)", -# "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)", -# "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)" -# ] -# include_role: -# name: ansible-role-nfs diff --git a/tasks/provisioning/nfs/client.yml b/plays/tasks/provisioning/nfs-client.yml similarity index 100% rename from tasks/provisioning/nfs/client.yml rename to plays/tasks/provisioning/nfs-client.yml diff --git a/tasks/provisioning/post-install/ssh.yml b/plays/tasks/provisioning/post-install.yml similarity index 100% rename from tasks/provisioning/post-install/ssh.yml rename to plays/tasks/provisioning/post-install.yml diff --git a/tasks/provisioning/guest/vm.yml b/plays/tasks/provisioning/vm.yml similarity index 100% rename from tasks/provisioning/guest/vm.yml rename to plays/tasks/provisioning/vm.yml diff --git a/provision-guest.yml b/provision-guest.yml deleted file mode 100644 index 293e6e4..0000000 --- a/provision-guest.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -- hosts: all:!template-lxc - become: true - -- name: Provision a Debian installation - hosts: all - tasks: - - import_tasks: ./tasks/provisioning/distro/debian.yml - -- name: Provision a VM - hosts: [ vm ] - tasks: - - import_tasks: ./tasks/provisioning/guest/vm.yml - -- name: Provision an LXC Container - hosts: [ lxc ] - tasks: - - import_tasks: ./tasks/provisioning/guest/lxc.yml - -- name: Install Docker - hosts: [ docker ] - tasks: - - import_tasks: ./tasks/provisioning/extras/docker.yml - -- name: Add NFS Mount - hosts: [ nfs-client ] - tasks: - - import_tasks: ./tasks/provisioning/nfs/client.yml - -- name: Install an NFS Server - hosts: [ nfs-server ] - tasks: - - import_tasks: ./tasks/provisioning/nfs/server.yml - -- name: Secure SSH - hosts: all - vars: - sshd_config_file: /etc/ssh/sshd_config - tasks: - - import_tasks: ./tasks/provisioning/post-install/ssh.yml - handlers: - - name: restart sshd - service: - name: sshd - state: restarted diff --git a/tasks/provisioning/extras/docker.yml b/tasks/provisioning/extras/docker.yml deleted file mode 100644 index 4f82473..0000000 --- a/tasks/provisioning/extras/docker.yml +++ /dev/null @@ -1,31 +0,0 @@ -- name: Install prerequisite packages - apt: - pkg: - - ca-certificates - - gnupg - -- name: Add Docker GPG Key - apt_key: - url: https://download.docker.com/linux/ubuntu/gpg - state: present - -- name: Add Docker repo - apt_repository: - repo: deb https://download.docker.com/linux/ubuntu focal stable - state: present - -- name: Install Docker - apt: - update_cache: true - pkg: - - docker-ce - - docker-ce-cli - - containerd.io - - docker-buildx-plugin - - docker-compose-plugin - -- name: Add '{{ ansible_user }}' to docker group - user: - name: fern - groups: docker - append: yes diff --git a/tasks/provisioning/guest/lxc.yml b/tasks/provisioning/guest/lxc.yml deleted file mode 100644 index 108cc2c..0000000 --- a/tasks/provisioning/guest/lxc.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Add YubiKey SSH Key - ansible.posix.authorized_key: - user: fern - state: present - key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519_sk.pub') }}"