commit dc708aa3ddff5222cff8682a9925b64dadd6aa4d Author: Fern Garden Date: Wed May 7 22:12:32 2025 +0800 First commit diff --git a/files/quitcd.fish b/files/quitcd.fish new file mode 100644 index 0000000..5dc3c71 --- /dev/null +++ b/files/quitcd.fish @@ -0,0 +1,36 @@ +# Rename this file to match the name of the function +# e.g. ~/.config/fish/functions/n.fish +# or, add the lines to the 'config.fish' file. + +function n --wraps nnn --description 'support nnn quit and change directory' + # Block nesting of nnn in subshells + if test -n "$NNNLVL" -a "$NNNLVL" -ge 1 + echo "nnn is already running" + return + end + + # The behaviour is set to cd on quit (nnn checks if NNN_TMPFILE is set) + # If NNN_TMPFILE is set to a custom path, it must be exported for nnn to + # see. To cd on quit only on ^G, remove the "-x" from both lines below, + # without changing the paths. + if test -n "$XDG_CONFIG_HOME" + set -x NNN_TMPFILE "$XDG_CONFIG_HOME/nnn/.lastd" + else + set -x NNN_TMPFILE "$HOME/.config/nnn/.lastd" + end + + # Unmask ^Q (, ^V etc.) (if required, see `stty -a`) to Quit nnn + # stty start undef + # stty stop undef + # stty lwrap undef + # stty lnext undef + + # The command function allows one to alias this function to `nnn` without + # making an infinitely recursive alias + command nnn $argv + + if test -e $NNN_TMPFILE + source $NNN_TMPFILE + rm -- $NNN_TMPFILE + end +end diff --git a/hosts b/hosts new file mode 100644 index 0000000..81cc36c --- /dev/null +++ b/hosts @@ -0,0 +1,42 @@ +# Templates +lxc-template ansible_user=root ansible_ssh_user=root +vm-docker-template + +# Hosts +fern-garden ansible_host=10.0.1.102 +ferngarden-net ansible_host=10.0.1.116 +minecraft ansible_host=10.0.1.107 +immich ansible_host=10.0.1.104 +nfs-server ansible_host=10.0.1.101 +jellyfin ansible_host=10.0.1.105 +technitium ansible_host=10.0.1.111 + +[templates] +lxc-template +vm-docker-template + +[lxc] +lxc-template +immich +jellyfin +technitium + +[vm] +vm-docker-template +ferngarden-net +minecraft +nfs-server + +[docker] +vm-docker-template +ferngarden-net +immich +minecraft + +[nfs-client] +fern-garden +ferngarden-net +jellyfin + +[nfs-server] +nfs-server diff --git a/hosts.yml b/hosts.yml new file mode 100644 index 0000000..bc34de8 --- /dev/null +++ b/hosts.yml @@ -0,0 +1,45 @@ +templates: + hosts: + template-vm: + template-vm-docker: + template-lxc: + +lxc: + hosts: + template-lxc: + ansible_user: root + ansible_ssh_user: root + jellyfin: + ansible_host: 10.0.1.105 + technitium: + ansible_host: 10.0.1.111 + immich: + ansible_host: 10.0.1.104 + +vm: + children: + docker: + hosts: + template-vm: + media-share: + ansible_host: 10.0.1.101 + +docker: + hosts: + template-vm-docker: + fern-garden: + ansible_host: 10.0.1.102 + ferngarden-net: + ansible_host: 10.0.1.116 + minecraft: + ansible_host: 10.0.1.107 + +nfs-client: + hosts: + fern-garden: + ferngarden-net: + jellyfin: + +nfs-server: + hosts: + media-share: diff --git a/provision-guest.yml b/provision-guest.yml new file mode 100644 index 0000000..293e6e4 --- /dev/null +++ b/provision-guest.yml @@ -0,0 +1,45 @@ +--- +- hosts: all:!template-lxc + become: true + +- name: Provision a Debian installation + hosts: all + tasks: + - import_tasks: ./tasks/provisioning/distro/debian.yml + +- name: Provision a VM + hosts: [ vm ] + tasks: + - import_tasks: ./tasks/provisioning/guest/vm.yml + +- name: Provision an LXC Container + hosts: [ lxc ] + tasks: + - import_tasks: ./tasks/provisioning/guest/lxc.yml + +- name: Install Docker + hosts: [ docker ] + tasks: + - import_tasks: ./tasks/provisioning/extras/docker.yml + +- name: Add NFS Mount + hosts: [ nfs-client ] + tasks: + - import_tasks: ./tasks/provisioning/nfs/client.yml + +- name: Install an NFS Server + hosts: [ nfs-server ] + tasks: + - import_tasks: ./tasks/provisioning/nfs/server.yml + +- name: Secure SSH + hosts: all + vars: + sshd_config_file: /etc/ssh/sshd_config + tasks: + - import_tasks: ./tasks/provisioning/post-install/ssh.yml + handlers: + - name: restart sshd + service: + name: sshd + state: restarted diff --git a/tasks/provisioning/distro/debian.yml b/tasks/provisioning/distro/debian.yml new file mode 100644 index 0000000..830ad51 --- /dev/null +++ b/tasks/provisioning/distro/debian.yml @@ -0,0 +1,62 @@ +- name: Set a hostname + ansible.builtin.hostname: + name: '{{ inventory_hostname }}' + use: debian + +- name: Set the timezone + community.general.timezone: + name: Australia/Perth + +- name: Add AARNet bookworm repository + apt_repository: + repo: deb https://mirror.aarnet.edu.au/debian bookworm main contrib + state: present + +- name: Add AARNet bookworm-updates repository + apt_repository: + repo: deb https://mirror.aarnet.edu.au/debian bookworm-updates main contrib + state: present + +- name: Add AARNet bookworm-security repository + apt_repository: + repo: deb https://mirror.aarnet.edu.au/debian-security bookworm-security main contrib + state: present + +- name: Update sources & upgrade + apt: + update_cache: true + upgrade: dist + +- name: Install some standard packages + apt: + pkg: + - avahi-daemon + - curl + - fish + - git + - libnss-mdns + - neovim + - nnn + - rsync + - sudo + +- name: Add fish nnn quitcd function + ansible.builtin.copy: + src: ./quitcd.fish + dest: /etc/fish/functions/n.fish + +- name: Make sure avahi-daemon is running + systemd_service: + state: started + name: avahi-daemon + +- name: Add 'fern' user + user: + name: fern + shell: /usr/bin/fish + +- name: Set sudo rules + community.general.sudoers: + name: sudo + commands: ALL + user: fern diff --git a/tasks/provisioning/extras/docker.yml b/tasks/provisioning/extras/docker.yml new file mode 100644 index 0000000..4f82473 --- /dev/null +++ b/tasks/provisioning/extras/docker.yml @@ -0,0 +1,31 @@ +- name: Install prerequisite packages + apt: + pkg: + - ca-certificates + - gnupg + +- name: Add Docker GPG Key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + +- name: Add Docker repo + apt_repository: + repo: deb https://download.docker.com/linux/ubuntu focal stable + state: present + +- name: Install Docker + apt: + update_cache: true + pkg: + - docker-ce + - docker-ce-cli + - containerd.io + - docker-buildx-plugin + - docker-compose-plugin + +- name: Add '{{ ansible_user }}' to docker group + user: + name: fern + groups: docker + append: yes diff --git a/tasks/provisioning/guest/lxc.yml b/tasks/provisioning/guest/lxc.yml new file mode 100644 index 0000000..108cc2c --- /dev/null +++ b/tasks/provisioning/guest/lxc.yml @@ -0,0 +1,5 @@ +- name: Add YubiKey SSH Key + ansible.posix.authorized_key: + user: fern + state: present + key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519_sk.pub') }}" diff --git a/tasks/provisioning/guest/vm.yml b/tasks/provisioning/guest/vm.yml new file mode 100644 index 0000000..e57ed3a --- /dev/null +++ b/tasks/provisioning/guest/vm.yml @@ -0,0 +1,9 @@ +- name: Install package + apt: + pkg: + - qemu-guest-agent + +- name: Make sure service is running + systemd_service: + state: started + name: qemu-guest-agent diff --git a/tasks/provisioning/nfs/client.yml b/tasks/provisioning/nfs/client.yml new file mode 100644 index 0000000..1799330 --- /dev/null +++ b/tasks/provisioning/nfs/client.yml @@ -0,0 +1,28 @@ +- name: Install nfs-common + apt: + pkg: + - nfs-common + +- name: Mount /media/tv + ansible.posix.mount: + src: 10.0.1.101:/export/tv + path: /media/tv + opts: default + state: mounted + fstype: nfs + +- name: Mount /media/film + ansible.posix.mount: + src: 10.0.1.101:/export/film + path: /media/film + opts: default + state: mounted + fstype: nfs + +- name: Mount /media/misc + ansible.posix.mount: + src: 10.0.1.101:/export/misc + path: /media/misc + opts: default + state: mounted + fstype: nfs diff --git a/tasks/provisioning/nfs/server.yml b/tasks/provisioning/nfs/server.yml new file mode 100644 index 0000000..6004ebb --- /dev/null +++ b/tasks/provisioning/nfs/server.yml @@ -0,0 +1,30 @@ +- name: Mount /export/tv + ansible.posix.mount: + src: UUID=fcee0188-8ca1-4fda-81b7-f5920c79ab48 + path: /export/tv + state: mounted + fstype: ext4 + +- name: Mount /export/film + ansible.posix.mount: + src: UUID=5d9dd538-79e4-4168-be91-e0b040155cb3 + path: /export/film + state: mounted + fstype: ext4 + +- name: Mount /export/misc + ansible.posix.mount: + src: UUID=5a43b7dc-3e28-459e-824a-ad45b5475361 + path: /export/misc + state: mounted + fstype: ext4 + +# - name: Set up NFS exports +# vars: +# nfs_exports: [ +# "/export/film 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)", +# "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)", +# "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)" +# ] +# include_role: +# name: ansible-role-nfs diff --git a/tasks/provisioning/post-install/ssh.yml b/tasks/provisioning/post-install/ssh.yml new file mode 100644 index 0000000..494983b --- /dev/null +++ b/tasks/provisioning/post-install/ssh.yml @@ -0,0 +1,7 @@ +- name: Disable root login + lineinfile: + path: "{{ sshd_config_file }}" + regexp: "^PermitRootLogin" + line: "PermitRootLogin no" + backup: yes + notify: restart sshd