meow :3

2025-05-08 09:17:30 +08:00 · 2025-05-08 09:17:30 +08:00 · 75cacd3182
commit 75cacd3182
parent 667fc21c12
15 changed files with 125 additions and 148 deletions
--- a/flock.yml
+++ b/flock.yml
@ -0,0 +1,6 @@
 ---
 - name: Provision Guest
  ansible.builtin.import_playbook: ./plays/provision-guest.yml
 - name: Install Software
  ansible.builtin.import_playbook: ./plays/install-software.yml
--- a/hosts.yml
+++ b/hosts.yml
@ -1,45 +0,0 @@
 templates:
  hosts:
    template-vm:
    template-vm-docker:
    template-lxc:
 lxc:
  hosts:
    template-lxc:
      ansible_user: root
      ansible_ssh_user: root
    jellyfin:
      ansible_host: 10.0.1.105
    technitium:
      ansible_host: 10.0.1.111
    immich:
      ansible_host: 10.0.1.104
 vm:
  children:
    docker:
  hosts:
    template-vm:
    media-share:
      ansible_host: 10.0.1.101
 docker:
  hosts:
    template-vm-docker:
    fern-garden:
      ansible_host: 10.0.1.102
    ferngarden-net:
      ansible_host: 10.0.1.116
    minecraft:
      ansible_host: 10.0.1.107
 nfs-client:
  hosts:
    fern-garden:
    ferngarden-net:
    jellyfin:
 nfs-server:
  hosts:
    media-share:
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -0,0 +1,40 @@
 ---
 ungrouped:
  hosts:
    technitium.local:
    immich.local:
    monitoring.local:
    administration.local:
    fern-garden.local:
    ferngarden-net.local:
    minecraft.local:
 lxc:
  hosts:
    jellyfin.local:
    technitium.local:
    immich.local:
    monitoring.local:
    administration.local:
 vm:
  children:
    docker:
  hosts:
    #media-share.local:
 docker:
  hosts:
    fern-garden.local:
    ferngarden-net.local:
    minecraft.local:
 nfs-client:
  hosts:
    fern-garden.local:
    ferngarden-net.local:
    jellyfin.local:
 nfs-server:
  hosts:
    #media-share:
--- a/plays/files/quitcd.fish
+++ b/plays/files/quitcd.fish
--- a/plays/install-software.yml
+++ b/plays/install-software.yml
@ -0,0 +1,5 @@
 ---
 - hosts: jellyfin.local
  become: true
  roles:
    - tomhesse.jellyfin
--- a/plays/provision-guest.yml
+++ b/plays/provision-guest.yml
@ -0,0 +1,62 @@
 ---
 - hosts: all
  become: true
  vars:
    resolv_nameservers:
      - 10.0.1.1
  roles:
    - lifeofguenter.resolvconf
    - hifis.toolkit.unattended_upgrades
  tasks:
    - import_tasks: ./tasks/provisioning/debian.yml
 - hosts: vm
  become: true
  tasks:
    - import_tasks: ./tasks/provisioning/vm.yml
 - hosts: lxc
  become: true
  tasks:
    - import_tasks: ./tasks/provisioning/lxc.yml
 - hosts: docker
  become: true
  vars:
    docker_users:
      - fern
  roles:
    - geerlingguy.docker
 - hosts: nfs-server
  become: true
  tasks:
    - import_tasks: ./tasks/provisioning/mount-hdds.yml
 - hosts: nfs-server
  become: true
  vars:
    nfs_exports: [
      "/export/film 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
      "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
      "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)"
    ]
  roles:
    - geerlingguy.nfs
 - hosts: nfs-client
  become: true
  tasks:
    - import_tasks: ./tasks/provisioning/nfs-client.yml
 - hosts: all
  become: true
  vars:
    sshd_config_file: /etc/ssh/sshd_config
  tasks:
    - import_tasks: ./tasks/provisioning/post-install.yml
  handlers:
  - name: restart sshd
    service:
      name: sshd
      state: restarted
--- a/tasks/provisioning/distro/debian.yml
+++ b/tasks/provisioning/distro/debian.yml
@ -1,6 +1,6 @@
 - name: Set a hostname
  ansible.builtin.hostname:
-    name: '{{ inventory_hostname }}'
+    name: '{{ inventory_hostname.split(".")[0] | lower }}'
    use: debian
 - name: Set the timezone
@ -22,11 +22,6 @@
    repo: deb https://mirror.aarnet.edu.au/debian-security bookworm-security main contrib
    state: present
 - name: Update sources & upgrade
  apt:
    update_cache: true
    upgrade: dist
 - name: Install some standard packages
  apt:
    pkg:
@ -54,9 +49,3 @@
  user:
    name: fern
    shell: /usr/bin/fish
 - name: Set sudo rules
  community.general.sudoers:
    name: sudo
    commands: ALL
    user: fern
--- a/plays/tasks/provisioning/lxc.yml
+++ b/plays/tasks/provisioning/lxc.yml
@ -0,0 +1,11 @@
 - name: Add SSH Key
  ansible.posix.authorized_key:
    user: fern
    state: present
    key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519.pub') }}"
 - name: Set sudo rules
  community.general.sudoers:
    name: sudo
    commands: ALL
    user: fern
--- a/plays/tasks/provisioning/mount-hdds.yml
+++ b/plays/tasks/provisioning/mount-hdds.yml
@ -18,13 +18,3 @@
    path: /export/misc
    state: mounted
    fstype: ext4
 # - name: Set up NFS exports
 #   vars:
 #     nfs_exports: [
 #       "/export/film 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
 #       "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
 #       "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)"
 #     ]
 #   include_role:
 #     name: ansible-role-nfs
--- a/plays/tasks/provisioning/nfs-client.yml
+++ b/plays/tasks/provisioning/nfs-client.yml
--- a/plays/tasks/provisioning/post-install.yml
+++ b/plays/tasks/provisioning/post-install.yml
--- a/plays/tasks/provisioning/vm.yml
+++ b/plays/tasks/provisioning/vm.yml
--- a/provision-guest.yml
+++ b/provision-guest.yml
@ -1,45 +0,0 @@
 ---
 - hosts: all:!template-lxc
  become: true
 - name: Provision a Debian installation
  hosts: all
  tasks:
    - import_tasks: ./tasks/provisioning/distro/debian.yml
 - name: Provision a VM
  hosts: [ vm ]
  tasks:
    - import_tasks: ./tasks/provisioning/guest/vm.yml
 - name: Provision an LXC Container
  hosts: [ lxc ]
  tasks:
    - import_tasks: ./tasks/provisioning/guest/lxc.yml
 - name: Install Docker
  hosts: [ docker ]
  tasks:
    - import_tasks: ./tasks/provisioning/extras/docker.yml
 - name: Add NFS Mount
  hosts: [ nfs-client ]
  tasks:
    - import_tasks: ./tasks/provisioning/nfs/client.yml
 - name: Install an NFS Server
  hosts: [ nfs-server ]
  tasks:
    - import_tasks: ./tasks/provisioning/nfs/server.yml
 - name: Secure SSH
  hosts: all
  vars:
    sshd_config_file: /etc/ssh/sshd_config
  tasks:
    - import_tasks: ./tasks/provisioning/post-install/ssh.yml
  handlers:
  - name: restart sshd
    service:
      name: sshd
      state: restarted
--- a/tasks/provisioning/extras/docker.yml
+++ b/tasks/provisioning/extras/docker.yml
@ -1,31 +0,0 @@
 - name: Install prerequisite packages
  apt:
    pkg:
    - ca-certificates
    - gnupg
 - name: Add Docker GPG Key
  apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg
    state: present
 - name: Add Docker repo
  apt_repository:
    repo: deb https://download.docker.com/linux/ubuntu focal stable
    state: present
 - name: Install Docker
  apt:
    update_cache: true
    pkg:
    - docker-ce
    - docker-ce-cli
    - containerd.io
    - docker-buildx-plugin
    - docker-compose-plugin
 - name: Add '{{ ansible_user }}' to docker group
  user:
    name: fern
    groups: docker
    append: yes
--- a/tasks/provisioning/guest/lxc.yml
+++ b/tasks/provisioning/guest/lxc.yml
@ -1,5 +0,0 @@
 - name: Add YubiKey SSH Key
  ansible.posix.authorized_key:
    user: fern
    state: present
    key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519_sk.pub') }}"