fern/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

First commit

Browse source
This commit is contained in:
Fern Garden 2025-05-07 22:12:32 +08:00
commit dc708aa3dd
11 changed files with 340 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

36
files/quitcd.fish Normal file
View file

@ -0,0 +1,36 @@
# Rename this file to match the name of the function
# e.g. ~/.config/fish/functions/n.fish
# or, add the lines to the 'config.fish' file.
function n --wraps nnn --description 'support nnn quit and change directory'
# Block nesting of nnn in subshells
if test -n "$NNNLVL" -a "$NNNLVL" -ge 1
echo "nnn is already running"
return
end
# The behaviour is set to cd on quit (nnn checks if NNN_TMPFILE is set)
# If NNN_TMPFILE is set to a custom path, it must be exported for nnn to
# see. To cd on quit only on ^G, remove the "-x" from both lines below,
# without changing the paths.
if test -n "$XDG_CONFIG_HOME"
set -x NNN_TMPFILE "$XDG_CONFIG_HOME/nnn/.lastd"
else
set -x NNN_TMPFILE "$HOME/.config/nnn/.lastd"
end
# Unmask ^Q (, ^V etc.) (if required, see `stty -a`) to Quit nnn
# stty start undef
# stty stop undef
# stty lwrap undef
# stty lnext undef
# The command function allows one to alias this function to `nnn` without
# making an infinitely recursive alias
command nnn $argv
if test -e $NNN_TMPFILE
source $NNN_TMPFILE
rm -- $NNN_TMPFILE
end
end

42
hosts Normal file
View file

@ -0,0 +1,42 @@
# Templates
lxc-template ansible_user=root ansible_ssh_user=root
vm-docker-template
# Hosts
fern-garden ansible_host=10.0.1.102
ferngarden-net ansible_host=10.0.1.116
minecraft ansible_host=10.0.1.107
immich ansible_host=10.0.1.104
nfs-server ansible_host=10.0.1.101
jellyfin ansible_host=10.0.1.105
technitium ansible_host=10.0.1.111
[templates]
lxc-template
vm-docker-template
[lxc]
lxc-template
immich
jellyfin
technitium
[vm]
vm-docker-template
ferngarden-net
minecraft
nfs-server
[docker]
vm-docker-template
ferngarden-net
immich
minecraft
[nfs-client]
fern-garden
ferngarden-net
jellyfin
[nfs-server]
nfs-server

45
hosts.yml Normal file
View file

@ -0,0 +1,45 @@
templates:
hosts:
template-vm:
template-vm-docker:
template-lxc:
lxc:
hosts:
template-lxc:
ansible_user: root
ansible_ssh_user: root
jellyfin:
ansible_host: 10.0.1.105
technitium:
ansible_host: 10.0.1.111
immich:
ansible_host: 10.0.1.104
vm:
children:
docker:
hosts:
template-vm:
media-share:
ansible_host: 10.0.1.101
docker:
hosts:
template-vm-docker:
fern-garden:
ansible_host: 10.0.1.102
ferngarden-net:
ansible_host: 10.0.1.116
minecraft:
ansible_host: 10.0.1.107
nfs-client:
hosts:
fern-garden:
ferngarden-net:
jellyfin:
nfs-server:
hosts:
media-share:

45
provision-guest.yml Normal file
View file

@ -0,0 +1,45 @@
---
- hosts: all:!template-lxc
become: true
- name: Provision a Debian installation
hosts: all
tasks:
- import_tasks: ./tasks/provisioning/distro/debian.yml
- name: Provision a VM
hosts: [ vm ]
tasks:
- import_tasks: ./tasks/provisioning/guest/vm.yml
- name: Provision an LXC Container
hosts: [ lxc ]
tasks:
- import_tasks: ./tasks/provisioning/guest/lxc.yml
- name: Install Docker
hosts: [ docker ]
tasks:
- import_tasks: ./tasks/provisioning/extras/docker.yml
- name: Add NFS Mount
hosts: [ nfs-client ]
tasks:
- import_tasks: ./tasks/provisioning/nfs/client.yml
- name: Install an NFS Server
hosts: [ nfs-server ]
tasks:
- import_tasks: ./tasks/provisioning/nfs/server.yml
- name: Secure SSH
hosts: all
vars:
sshd_config_file: /etc/ssh/sshd_config
tasks:
- import_tasks: ./tasks/provisioning/post-install/ssh.yml
handlers:
- name: restart sshd
service:
name: sshd
state: restarted

62
tasks/provisioning/distro/debian.yml Normal file
View file

@ -0,0 +1,62 @@
- name: Set a hostname
ansible.builtin.hostname:
name: '{{ inventory_hostname }}'
use: debian
- name: Set the timezone
community.general.timezone:
name: Australia/Perth
- name: Add AARNet bookworm repository
apt_repository:
repo: deb https://mirror.aarnet.edu.au/debian bookworm main contrib
state: present
- name: Add AARNet bookworm-updates repository
apt_repository:
repo: deb https://mirror.aarnet.edu.au/debian bookworm-updates main contrib
state: present
- name: Add AARNet bookworm-security repository
apt_repository:
repo: deb https://mirror.aarnet.edu.au/debian-security bookworm-security main contrib
state: present
- name: Update sources & upgrade
apt:
update_cache: true
upgrade: dist
- name: Install some standard packages
apt:
pkg:
- avahi-daemon
- curl
- fish
- git
- libnss-mdns
- neovim
- nnn
- rsync
- sudo
- name: Add fish nnn quitcd function
ansible.builtin.copy:
src: ./quitcd.fish
dest: /etc/fish/functions/n.fish
- name: Make sure avahi-daemon is running
systemd_service:
state: started
name: avahi-daemon
- name: Add 'fern' user
user:
name: fern
shell: /usr/bin/fish
- name: Set sudo rules
community.general.sudoers:
name: sudo
commands: ALL
user: fern

31
tasks/provisioning/extras/docker.yml Normal file
View file

@ -0,0 +1,31 @@
- name: Install prerequisite packages
apt:
pkg:
- ca-certificates
- gnupg
- name: Add Docker GPG Key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Add Docker repo
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu focal stable
state: present
- name: Install Docker
apt:
update_cache: true
pkg:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin
- name: Add '{{ ansible_user }}' to docker group
user:
name: fern
groups: docker
append: yes

5
tasks/provisioning/guest/lxc.yml Normal file
View file

@ -0,0 +1,5 @@
- name: Add YubiKey SSH Key
ansible.posix.authorized_key:
user: fern
state: present
key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519_sk.pub') }}"

9
tasks/provisioning/guest/vm.yml Normal file
View file

@ -0,0 +1,9 @@
- name: Install package
apt:
pkg:
- qemu-guest-agent
- name: Make sure service is running
systemd_service:
state: started
name: qemu-guest-agent

28
tasks/provisioning/nfs/client.yml Normal file
View file

@ -0,0 +1,28 @@
- name: Install nfs-common
apt:
pkg:
- nfs-common
- name: Mount /media/tv
ansible.posix.mount:
src: 10.0.1.101:/export/tv
path: /media/tv
opts: default
state: mounted
fstype: nfs
- name: Mount /media/film
ansible.posix.mount:
src: 10.0.1.101:/export/film
path: /media/film
opts: default
state: mounted
fstype: nfs
- name: Mount /media/misc
ansible.posix.mount:
src: 10.0.1.101:/export/misc
path: /media/misc
opts: default
state: mounted
fstype: nfs

30
tasks/provisioning/nfs/server.yml Normal file
View file

@ -0,0 +1,30 @@
- name: Mount /export/tv
ansible.posix.mount:
src: UUID=fcee0188-8ca1-4fda-81b7-f5920c79ab48
path: /export/tv
state: mounted
fstype: ext4
- name: Mount /export/film
ansible.posix.mount:
src: UUID=5d9dd538-79e4-4168-be91-e0b040155cb3
path: /export/film
state: mounted
fstype: ext4
- name: Mount /export/misc
ansible.posix.mount:
src: UUID=5a43b7dc-3e28-459e-824a-ad45b5475361
path: /export/misc
state: mounted
fstype: ext4
# - name: Set up NFS exports
# vars:
# nfs_exports: [
# "/export/film 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
# "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)",
# "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,no_root_squash,anonuid=100,anongid=100)"
# ]
# include_role:
# name: ansible-role-nfs

7
tasks/provisioning/post-install/ssh.yml Normal file
View file

@ -0,0 +1,7 @@
- name: Disable root login
lineinfile:
path: "{{ sshd_config_file }}"
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
backup: yes
notify: restart sshd