From 5690a2a2ba7fd867fe17500cfe92a205cf338017 Mon Sep 17 00:00:00 2001 From: Fern Garden Date: Wed, 28 May 2025 17:08:15 +0800 Subject: [PATCH] first commit --- flock.yml | 84 +++++++++++++++++++ inventory/hosts.yml | 37 ++++++++ requirements.yml | 9 ++ .../install_standard_packages/tasks/main.yml | 18 ++++ roles/setup_base_system/handlers/main.yml | 4 + roles/setup_base_system/tasks/main.yml | 17 ++++ roles/setup_nfs_client/tasks/main.yml | 41 +++++++++ roles/setup_nfs_server/tasks/main.yml | 32 +++++++ roles/setup_sshd/handlers/main.yml | 4 + roles/setup_sshd/tasks/main.yml | 26 ++++++ roles/setup_user/tasks/main.yml | 13 +++ roles/setup_virtual_machine/handlers/main.yml | 4 + roles/setup_virtual_machine/tasks/main.yml | 5 ++ 13 files changed, 294 insertions(+) create mode 100644 flock.yml create mode 100644 inventory/hosts.yml create mode 100644 requirements.yml create mode 100644 roles/install_standard_packages/tasks/main.yml create mode 100644 roles/setup_base_system/handlers/main.yml create mode 100644 roles/setup_base_system/tasks/main.yml create mode 100644 roles/setup_nfs_client/tasks/main.yml create mode 100644 roles/setup_nfs_server/tasks/main.yml create mode 100644 roles/setup_sshd/handlers/main.yml create mode 100644 roles/setup_sshd/tasks/main.yml create mode 100644 roles/setup_user/tasks/main.yml create mode 100644 roles/setup_virtual_machine/handlers/main.yml create mode 100644 roles/setup_virtual_machine/tasks/main.yml diff --git a/flock.yml b/flock.yml new file mode 100644 index 0000000..42c96dc --- /dev/null +++ b/flock.yml @@ -0,0 +1,84 @@ +--- +- hosts: all + roles: + - role: setup_base_system + - role: lifeofguenter.resolvconf + vars: + resolv_nameservers: + - 10.0.1.111 + - role: hifis.toolkit.unattended_upgrades + become: true + - role: hussainweb.chezmoi + vars: + chezmoi_init_url: https://git.fern.garden/fern/dots + +- hosts: all + roles: + - role: install_standard_packages + +- hosts: all + roles: + - role: setup_user + +- hosts: virtual_machines + roles: + - role: setup_virtual_machine + +- hosts: docker + roles: + - role: geerlingguy.docker + become: yes + vars: + docker_users: + - fern + +- hosts: nfs_servers + roles: + - role: setup_nfs_server + - role: geerlingguy.nfs + vars: + nfs_exports: [ + "/export/film 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)", + "/export/tv 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)", + "/export/misc 10.0.1.0/24(rw,subtree_check,insecure,all_squash,anonuid=1000,anongid=1800)", + ] + +- hosts: nfs_clients + roles: + - role: setup_nfs_client + +- hosts: jellyfin.local + roles: + - role: tomhesse.jellyfin + tasks: + - name: Ensure Jellyfin user is a member of the media group + become: yes + tags: + - media_group + ansible.builtin.user: + name: jellyfin + groups: media + append: yes + +- hosts: weebill.local + tasks: + - name: Install Webone dependencies + ansible.builtin.apt: + deb: https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb + - name: Install Webone + ansible.builtin.apt: + update_cache: yes + deb: https://github.com/atauenis/webone/releases/download/v0.17.4/webone.0.17.4.linux-arm64.deb + +- hosts: stash.local + tasks: + - name: Add user to render group + become: yes + ansible.builtin.user: + name: fern + groups: render + append: yes + +- hosts: all + roles: + - role: setup_sshd diff --git a/inventory/hosts.yml b/inventory/hosts.yml new file mode 100644 index 0000000..db7e926 --- /dev/null +++ b/inventory/hosts.yml @@ -0,0 +1,37 @@ +--- +### ALL HOSTS ### + +ungrouped: + hosts: + docker.local: + immich.local: + minecraft.local: + ff-syncserver.local: + jellyfin.local: + media-share.local: + technitium.local: + weebill.local: + +### GROUPS ### + +virtual_machines: + hosts: + docker.local: + minecraft.local: + media-share.local: + +docker: + hosts: + docker.local: + immich.local: + minecraft.local: + weebill.local: + +nfs_clients: + hosts: + docker.local: + jellyfin.local: + +nfs_servers: + hosts: + media-share.local: diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..333cd9e --- /dev/null +++ b/requirements.yml @@ -0,0 +1,9 @@ +roles: + - name: lifeofguenter.resolvconf + - name: hussainweb.chezmoi + - name: geerlingguy.docker + - name: tomhesse.jellyfin + - name: geerlingguy.nfs + +collections: + - name: hifis.toolkit diff --git a/roles/install_standard_packages/tasks/main.yml b/roles/install_standard_packages/tasks/main.yml new file mode 100644 index 0000000..9a5f4a8 --- /dev/null +++ b/roles/install_standard_packages/tasks/main.yml @@ -0,0 +1,18 @@ +- name: Install some standard packages + become: true + apt: + update_cache: yes + pkg: + - avahi-daemon + - curl + - fish + - git + - libnss-mdns + - rsync + - sudo + - tmux + - trash-cli + - btop + - ncdu + - nnn + - neovim diff --git a/roles/setup_base_system/handlers/main.yml b/roles/setup_base_system/handlers/main.yml new file mode 100644 index 0000000..573554a --- /dev/null +++ b/roles/setup_base_system/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart avahi + service: + name: avahi-daemon + state: restarted diff --git a/roles/setup_base_system/tasks/main.yml b/roles/setup_base_system/tasks/main.yml new file mode 100644 index 0000000..33dd658 --- /dev/null +++ b/roles/setup_base_system/tasks/main.yml @@ -0,0 +1,17 @@ +- name: Set a hostname + become: true + ansible.builtin.hostname: + name: '{{ inventory_hostname.split(".")[0] | lower }}' + +- name: Set the timezone + become: true + community.general.timezone: + name: Australia/Perth + +- name: Ensure locales exist + become: true + community.general.locale_gen: + name: + - en_US.UTF-8 + - en_AU.UTF-8 + state: present diff --git a/roles/setup_nfs_client/tasks/main.yml b/roles/setup_nfs_client/tasks/main.yml new file mode 100644 index 0000000..96abf59 --- /dev/null +++ b/roles/setup_nfs_client/tasks/main.yml @@ -0,0 +1,41 @@ +- name: Ensure media group exists + become: true + tags: + - media_group + ansible.builtin.group: + name: media + state: present + gid: 1800 + +- name: Install nfs-common + become: true + apt: + pkg: + - nfs-common + +- name: Mount /media/tv + become: true + ansible.posix.mount: + src: 10.0.1.101:/export/tv + path: /media/tv + opts: default + state: mounted + fstype: nfs + +- name: Mount /media/film + become: true + ansible.posix.mount: + src: 10.0.1.101:/export/film + path: /media/film + opts: default + state: mounted + fstype: nfs + +- name: Mount /media/misc + become: true + ansible.posix.mount: + src: 10.0.1.101:/export/misc + path: /media/misc + opts: default + state: mounted + fstype: nfs diff --git a/roles/setup_nfs_server/tasks/main.yml b/roles/setup_nfs_server/tasks/main.yml new file mode 100644 index 0000000..12ac17d --- /dev/null +++ b/roles/setup_nfs_server/tasks/main.yml @@ -0,0 +1,32 @@ +- name: Ensure media group exists + become: true + tags: + - media_group + ansible.builtin.group: + name: media + state: present + gid: 1800 + +- name: Mount /export/tv + become: true + ansible.posix.mount: + src: UUID=fcee0188-8ca1-4fda-81b7-f5920c79ab48 + path: /export/tv + state: mounted + fstype: ext4 + +- name: Mount /export/film + become: true + ansible.posix.mount: + src: UUID=5d9dd538-79e4-4168-be91-e0b040155cb3 + path: /export/film + state: mounted + fstype: ext4 + +- name: Mount /export/misc + become: true + ansible.posix.mount: + src: UUID=5a43b7dc-3e28-459e-824a-ad45b5475361 + path: /export/misc + state: mounted + fstype: ext4 diff --git a/roles/setup_sshd/handlers/main.yml b/roles/setup_sshd/handlers/main.yml new file mode 100644 index 0000000..3fc23d6 --- /dev/null +++ b/roles/setup_sshd/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart SSHD + service: + name: sshd + state: restarted diff --git a/roles/setup_sshd/tasks/main.yml b/roles/setup_sshd/tasks/main.yml new file mode 100644 index 0000000..ac2b379 --- /dev/null +++ b/roles/setup_sshd/tasks/main.yml @@ -0,0 +1,26 @@ +- name: Add SSH Key - fern@muskduck + ansible.posix.authorized_key: + user: fern + state: present + key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519.pub') }}" + +- name: Add SSH Key - YubiKey + ansible.posix.authorized_key: + user: fern + state: present + key: "{{ lookup('file', '/home/fern/.ssh/id_ed25519_sk.pub') }}" + +- name: Add SSH Key - fairywren + ansible.posix.authorized_key: + user: fern + state: present + key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8W3zggrj6ml/VZWem9l21SWK3yffgw5RkdgF6fG6jo u0_a336@localhostsk-ssh-ed25519@openssh.com" + +- name: Disable root login + become: true + lineinfile: + path: /etc/ssh/sshd_config + regexp: "^PermitRootLogin" + line: "PermitRootLogin no" + backup: yes + notify: Restart SSHD diff --git a/roles/setup_user/tasks/main.yml b/roles/setup_user/tasks/main.yml new file mode 100644 index 0000000..397c783 --- /dev/null +++ b/roles/setup_user/tasks/main.yml @@ -0,0 +1,13 @@ +- name: Add 'fern' user + become: true + user: + name: fern + shell: /usr/bin/fish + uid: 1000 + +- name: Set sudo rules + become: true + community.general.sudoers: + name: sudo + commands: ALL + user: fern diff --git a/roles/setup_virtual_machine/handlers/main.yml b/roles/setup_virtual_machine/handlers/main.yml new file mode 100644 index 0000000..b0eeaa2 --- /dev/null +++ b/roles/setup_virtual_machine/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart qemu-guest-agent + service: + name: qemu-guest-agent + state: restarted diff --git a/roles/setup_virtual_machine/tasks/main.yml b/roles/setup_virtual_machine/tasks/main.yml new file mode 100644 index 0000000..4120963 --- /dev/null +++ b/roles/setup_virtual_machine/tasks/main.yml @@ -0,0 +1,5 @@ +- name: Install qemu-guest-agent package + become: true + apt: + pkg: + - qemu-guest-agent