meow :3

2025-05-08 09:17:30 +08:00 · 2025-05-08 09:17:30 +08:00 · 75cacd3182
commit 75cacd3182
parent 667fc21c12
15 changed files with 125 additions and 148 deletions
--- a/flock.yml
+++ b/flock.yml
@ -0,0 +1,6 @@
+---
+- name: Provision Guest
+  ansible.builtin.import_playbook: ./plays/provision-guest.yml
+
+- name: Install Software
+  ansible.builtin.import_playbook: ./plays/install-software.yml
--- a/hosts.yml
+++ b/hosts.yml
@ -1,45 +0,0 @@
-templates:
-  hosts:
-    template-vm:
-    template-vm-docker:
-    template-lxc:
-
-lxc:
-  hosts:
-    template-lxc:
-      ansible_user: root
-      ansible_ssh_user: root
-    jellyfin:
-      ansible_host: 10.0.1.105
-    technitium:
-      ansible_host: 10.0.1.111
-    immich:
-      ansible_host: 10.0.1.104
-
-vm:
-  children:
-    docker:
-  hosts:
-    template-vm:
-    media-share:
-      ansible_host: 10.0.1.101
-
-docker:
-  hosts:
-    template-vm-docker:
-    fern-garden:
-      ansible_host: 10.0.1.102
-    ferngarden-net:
-      ansible_host: 10.0.1.116
-    minecraft:
-      ansible_host: 10.0.1.107
-
-nfs-client:
-  hosts:
-    fern-garden:
-    ferngarden-net:
-    jellyfin:
-
-nfs-server:
-  hosts:
-    media-share:
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -0,0 +1,40 @@
+---
+ungrouped:
+  hosts:
+    technitium.local:
+    immich.local:
+    monitoring.local:
+    administration.local:
+    fern-garden.local:
+    ferngarden-net.local:
+    minecraft.local:
+
+lxc:
+  hosts:
+    jellyfin.local:
+    technitium.local:
+    immich.local:
+    monitoring.local:
+    administration.local:
+
+vm:
+  children:
+    docker:
+  hosts:
+    #media-share.local:
+
+docker:
+  hosts:
+    fern-garden.local:
+    ferngarden-net.local:
+    minecraft.local:
+
+nfs-client:
+  hosts:
+    fern-garden.local:
+    ferngarden-net.local:
+    jellyfin.local:
+
+nfs-server:
+  hosts:
+    #media-share:
--- a/plays/files/quitcd.fish
+++ b/plays/files/quitcd.fish
--- a/plays/install-software.yml
+++ b/plays/install-software.yml
@ -0,0 +1,5 @@
+---
+- hosts: jellyfin.local
+  become: true
+  roles:
+    - tomhesse.jellyfin
--- a/plays/provision-guest.yml
+++ b/plays/provision-guest.yml
@ -0,0 +1,62 @@
+---
+- hosts: all
+  become: true
+  vars:
+    resolv_nameservers:
+      - 10.0.1.1
+  roles:
+    - lifeofguenter.resolvconf
+    - hifis.toolkit.unattended_upgrades
+  tasks:
+    - import_tasks: ./tasks/provisioning/debian.yml
+
+- hosts: vm
+  become: true
+  tasks:
+    - import_tasks: ./tasks/provisioning/vm.yml
+
+- hosts: lxc
+  become: true
+  tasks:
+    - import_tasks: ./tasks/provisioning/lxc.yml
+
+- hosts: docker
+  become: true
+  vars:
+    docker_users:
+      - fern
+  roles:
+    - geerlingguy.docker
+
+- hosts: nfs-server
+  become: true
+  tasks:
+    - import_tasks: ./tasks/provisioning/mount-hdds.yml
+
+- hosts: nfs-server
+  become: true
+  vars:
+    nfs_exports: [
+      "/export/film 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
+      "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
+      "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)"
+    ]
+  roles:
+    - geerlingguy.nfs
+
+- hosts: nfs-client
+  become: true
+  tasks:
+    - import_tasks: ./tasks/provisioning/nfs-client.yml
+
+- hosts: all
+  become: true
+  vars:
+    sshd_config_file: /etc/ssh/sshd_config
+  tasks:
+    - import_tasks: ./tasks/provisioning/post-install.yml
+  handlers:
+  - name: restart sshd
+    service:
+      name: sshd
+      state: restarted
--- a/tasks/provisioning/distro/debian.yml
+++ b/tasks/provisioning/distro/debian.yml
@ -1,6 +1,6 @@
 - name: Set a hostname
  ansible.builtin.hostname:
-    name: '{{ inventory_hostname }}'
+    name: '{{ inventory_hostname.split(".")[0] | lower }}'
    use: debian

 - name: Set the timezone
@ -22,11 +22,6 @@
    repo: deb https://mirror.aarnet.edu.au/debian-security bookworm-security main contrib
    state: present

- name: Update sources & upgrade
-  apt:
-    update_cache: true
-    upgrade: dist
-
 - name: Install some standard packages
  apt:
    pkg:
@ -54,9 +49,3 @@
  user:
    name: fern
    shell: /usr/bin/fish
-
- name: Set sudo rules
-  community.general.sudoers:
-    name: sudo
-    commands: ALL
-    user: fern
--- a/plays/tasks/provisioning/lxc.yml
+++ b/plays/tasks/provisioning/lxc.yml
@ -0,0 +1,11 @@
+- name: Add SSH Key
+  ansible.posix.authorized_key:
+    user: fern
+    state: present
+    key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519.pub') }}"
+
+- name: Set sudo rules
+  community.general.sudoers:
+    name: sudo
+    commands: ALL
+    user: fern
--- a/plays/tasks/provisioning/mount-hdds.yml
+++ b/plays/tasks/provisioning/mount-hdds.yml
@ -18,13 +18,3 @@
    path: /export/misc
    state: mounted
    fstype: ext4
-
-# - name: Set up NFS exports
-#   vars:
-#     nfs_exports: [
-#       "/export/film 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
-#       "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
-#       "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)"
-#     ]
-#   include_role:
-#     name: ansible-role-nfs
--- a/plays/tasks/provisioning/nfs-client.yml
+++ b/plays/tasks/provisioning/nfs-client.yml
--- a/plays/tasks/provisioning/post-install.yml
+++ b/plays/tasks/provisioning/post-install.yml
--- a/plays/tasks/provisioning/vm.yml
+++ b/plays/tasks/provisioning/vm.yml
--- a/provision-guest.yml
+++ b/provision-guest.yml
@ -1,45 +0,0 @@
---
- hosts: all:!template-lxc
-  become: true
-
- name: Provision a Debian installation
-  hosts: all
-  tasks:
-    - import_tasks: ./tasks/provisioning/distro/debian.yml
-
- name: Provision a VM
-  hosts: [ vm ]
-  tasks:
-    - import_tasks: ./tasks/provisioning/guest/vm.yml
-
- name: Provision an LXC Container
-  hosts: [ lxc ]
-  tasks:
-    - import_tasks: ./tasks/provisioning/guest/lxc.yml
-
- name: Install Docker
-  hosts: [ docker ]
-  tasks:
-    - import_tasks: ./tasks/provisioning/extras/docker.yml
-
- name: Add NFS Mount
-  hosts: [ nfs-client ]
-  tasks:
-    - import_tasks: ./tasks/provisioning/nfs/client.yml
-
- name: Install an NFS Server
-  hosts: [ nfs-server ]
-  tasks:
-    - import_tasks: ./tasks/provisioning/nfs/server.yml
-
- name: Secure SSH
-  hosts: all
-  vars:
-    sshd_config_file: /etc/ssh/sshd_config
-  tasks:
-    - import_tasks: ./tasks/provisioning/post-install/ssh.yml
-  handlers:
-  - name: restart sshd
-    service:
-      name: sshd
-      state: restarted
--- a/tasks/provisioning/extras/docker.yml
+++ b/tasks/provisioning/extras/docker.yml
@ -1,31 +0,0 @@
- name: Install prerequisite packages
-  apt:
-    pkg:
-    - ca-certificates
-    - gnupg
-
- name: Add Docker GPG Key
-  apt_key:
-    url: https://download.docker.com/linux/ubuntu/gpg
-    state: present
-
- name: Add Docker repo
-  apt_repository:
-    repo: deb https://download.docker.com/linux/ubuntu focal stable
-    state: present
-
- name: Install Docker
-  apt:
-    update_cache: true
-    pkg:
-    - docker-ce
-    - docker-ce-cli
-    - containerd.io
-    - docker-buildx-plugin
-    - docker-compose-plugin
-
- name: Add '{{ ansible_user }}' to docker group
-  user:
-    name: fern
-    groups: docker
-    append: yes
--- a/tasks/provisioning/guest/lxc.yml
+++ b/tasks/provisioning/guest/lxc.yml
@ -1,5 +0,0 @@
- name: Add YubiKey SSH Key
-  ansible.posix.authorized_key:
-    user: fern
-    state: present
-    key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519_sk.pub') }}"