diff --git a/ansible/README.md b/ansible/README.md index 95e2f76..41b1dcb 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -18,7 +18,7 @@ Assumes: - joe/pew users have been created - Laptop/etc: - - Manually configure tor + - Manually configure ssh and tor - TODO: - fix for network-online.target debian 10 bug diff --git a/ansible/hosts.cfg b/ansible/hosts.cfg index cead8eb..2c34fdc 100644 --- a/ansible/hosts.cfg +++ b/ansible/hosts.cfg @@ -10,8 +10,8 @@ cabinet hostname=cabinet.seaturtle.pw interface=enp9s0 [nfs] bigdummy hostname=bigdummy.seaturtle.pw interface=enp2s0 -[remote] -joe@madone.seaturtle.pw interface=enp1s0 +[irc] +joe@madone.seaturtle.pw hostname=madone.seaturtle.pw interface=enp1s0 [proxy] polyvalent hostname=polyvalent.seaturtle.pw interface=eth0 diff --git a/ansible/main.yml b/ansible/main.yml index 11a40f6..6e0c907 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -1,7 +1,7 @@ -# All hosts are debian 10 +# All hosts are debian 10 or testing --- # Common -- hosts: daily,compute,nfs,proxy +- hosts: daily,compute,nfs,proxy,irc become: yes handlers: - import_tasks: handlers.yml @@ -22,6 +22,7 @@ - htop - iperf3 - mosh + - netcat-openbsd - nfs-common - nmap - oidentd @@ -277,3 +278,44 @@ group: root mode: '0644' notify: Restart haproxy + +# IRC config +- hosts: irc + become: yes + handlers: + - import_tasks: handlers.yml + tasks: + - name: Add Docker GPG key + apt_key: + url: https://download.docker.com/linux/debian/gpg + + - name: Add Docker APT repository + apt_repository: + repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable + + - name: Install Docker CE + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io + force_apt_get: yes + update_cache: yes + + - name: Add joe to docker group + user: + name: joe + groups: docker + append: yes + + - name: Install weechat systemd service + copy: + src: files/weechat.service + dest: /etc/systemd/system/weechat.service + owner: root + group: root + mode: '0644' + notify: Enable weechat service + + - debug: + msg: Clone docker repo to start services diff --git a/ansible/remote.yml b/ansible/remote.yml deleted file mode 100644 index d8b27ec..0000000 --- a/ansible/remote.yml +++ /dev/null @@ -1,127 +0,0 @@ -# All hosts are debian 10 ---- -# remote -- hosts: remote - become: yes - handlers: - - import_tasks: handlers.yml - tasks: - # Core - - name: Install common packages - apt: - name: - - apt-listchanges - - apt-transport-https - - ca-certificates - - chrony - - curl - - git - - gnupg2 - - htop - - iperf3 - - mosh - - nmap - - oidentd - - rsync - - software-properties-common - - speedtest-cli - - tmux - - unattended-upgrades - - vim - - weechat - - zsh - force_apt_get: yes - update_cache: yes - - - name: Disable MOTDs - command: chmod -x /etc/update-motd.d/10-uname - args: - warn: no - - - name: Set MOTD - copy: - src: files/motd - dest: /etc/motd - owner: root - group: root - mode: '0644' - - # TODO Change defaults - - name: Configure unattended-upgrades - copy: - src: files/50unattended-upgrades - dest: /etc/apt/apt.conf.d/50unattended-upgrades - owner: root - group: root - mode: '0644' - - - name: Enable unattended-upgrades - copy: - src: files/20auto-upgrades - dest: /etc/apt/apt.conf.d/20auto-upgrades - owner: root - group: root - mode: '0644' - - - name: Disable power and reset buttons - copy: - src: files/logind.conf - dest: /etc/systemd/logind.conf - owner: root - group: root - mode: '0644' - notify: Restart systemd-logind service - - # Core networking - - name: Configure sshd_config to listen on 2222/22 and disable password auth - copy: - src: files/sshd_config - dest: /etc/ssh/sshd_config - owner: root - group: root - mode: '0644' - notify: Restart sshd service - - ## Changes will take effect during next reboot - ## (determined by unattended-upgrades) - - name: Configure sysctl with IPv6 privacy extensions - template: - src: templates/local.conf.j2 - dest: /etc/sysctl.d/local.conf - owner: root - group: root - mode: '0644' - - - name: Add Docker GPG key - apt_key: - url: https://download.docker.com/linux/debian/gpg - - - name: Add Docker APT repository - apt_repository: - repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable - - - name: Install Docker CE - apt: - name: - - docker-ce - - docker-ce-cli - - containerd.io - force_apt_get: yes - update_cache: yes - - - name: Add joe to docker group - user: - name: joe - groups: docker - append: yes - - - name: Install weechat systemd service - copy: - src: files/weechat.service - dest: /etc/systemd/system/weechat.service - owner: root - group: root - mode: '0644' - notify: Enable weechat service - - # Clone docker repo to start services