merge remote.yml into main.yml
Paul Wako
parent
d98050129a
commit
ab63b5a8ba
|
|
@ -18,7 +18,7 @@ Assumes:
|
|||
- joe/pew users have been created
|
||||
|
||||
- Laptop/etc:
|
||||
- Manually configure tor
|
||||
- Manually configure ssh and tor
|
||||
|
||||
- TODO:
|
||||
- fix for network-online.target debian 10 bug
|
||||
|
|
|
|||
|
|
@ -10,8 +10,8 @@ cabinet hostname=cabinet.seaturtle.pw interface=enp9s0
|
|||
[nfs]
|
||||
bigdummy hostname=bigdummy.seaturtle.pw interface=enp2s0
|
||||
|
||||
[remote]
|
||||
joe@madone.seaturtle.pw interface=enp1s0
|
||||
[irc]
|
||||
joe@madone.seaturtle.pw hostname=madone.seaturtle.pw interface=enp1s0
|
||||
|
||||
[proxy]
|
||||
polyvalent hostname=polyvalent.seaturtle.pw interface=eth0
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# All hosts are debian 10
|
||||
# All hosts are debian 10 or testing
|
||||
---
|
||||
# Common
|
||||
- hosts: daily,compute,nfs,proxy
|
||||
- hosts: daily,compute,nfs,proxy,irc
|
||||
become: yes
|
||||
handlers:
|
||||
- import_tasks: handlers.yml
|
||||
|
|
@ -22,6 +22,7 @@
|
|||
- htop
|
||||
- iperf3
|
||||
- mosh
|
||||
- netcat-openbsd
|
||||
- nfs-common
|
||||
- nmap
|
||||
- oidentd
|
||||
|
|
@ -277,3 +278,44 @@
|
|||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart haproxy
|
||||
|
||||
# IRC config
|
||||
- hosts: irc
|
||||
become: yes
|
||||
handlers:
|
||||
- import_tasks: handlers.yml
|
||||
tasks:
|
||||
- name: Add Docker GPG key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
|
||||
- name: Add Docker APT repository
|
||||
apt_repository:
|
||||
repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
|
||||
|
||||
- name: Install Docker CE
|
||||
apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
force_apt_get: yes
|
||||
update_cache: yes
|
||||
|
||||
- name: Add joe to docker group
|
||||
user:
|
||||
name: joe
|
||||
groups: docker
|
||||
append: yes
|
||||
|
||||
- name: Install weechat systemd service
|
||||
copy:
|
||||
src: files/weechat.service
|
||||
dest: /etc/systemd/system/weechat.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Enable weechat service
|
||||
|
||||
- debug:
|
||||
msg: Clone docker repo to start services
|
||||
|
|
|
|||
|
|
@ -1,127 +0,0 @@
|
|||
# All hosts are debian 10
|
||||
---
|
||||
# remote
|
||||
- hosts: remote
|
||||
become: yes
|
||||
handlers:
|
||||
- import_tasks: handlers.yml
|
||||
tasks:
|
||||
# Core
|
||||
- name: Install common packages
|
||||
apt:
|
||||
name:
|
||||
- apt-listchanges
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- chrony
|
||||
- curl
|
||||
- git
|
||||
- gnupg2
|
||||
- htop
|
||||
- iperf3
|
||||
- mosh
|
||||
- nmap
|
||||
- oidentd
|
||||
- rsync
|
||||
- software-properties-common
|
||||
- speedtest-cli
|
||||
- tmux
|
||||
- unattended-upgrades
|
||||
- vim
|
||||
- weechat
|
||||
- zsh
|
||||
force_apt_get: yes
|
||||
update_cache: yes
|
||||
|
||||
- name: Disable MOTDs
|
||||
command: chmod -x /etc/update-motd.d/10-uname
|
||||
args:
|
||||
warn: no
|
||||
|
||||
- name: Set MOTD
|
||||
copy:
|
||||
src: files/motd
|
||||
dest: /etc/motd
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
# TODO Change defaults
|
||||
- name: Configure unattended-upgrades
|
||||
copy:
|
||||
src: files/50unattended-upgrades
|
||||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Enable unattended-upgrades
|
||||
copy:
|
||||
src: files/20auto-upgrades
|
||||
dest: /etc/apt/apt.conf.d/20auto-upgrades
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Disable power and reset buttons
|
||||
copy:
|
||||
src: files/logind.conf
|
||||
dest: /etc/systemd/logind.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart systemd-logind service
|
||||
|
||||
# Core networking
|
||||
- name: Configure sshd_config to listen on 2222/22 and disable password auth
|
||||
copy:
|
||||
src: files/sshd_config
|
||||
dest: /etc/ssh/sshd_config
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart sshd service
|
||||
|
||||
## Changes will take effect during next reboot
|
||||
## (determined by unattended-upgrades)
|
||||
- name: Configure sysctl with IPv6 privacy extensions
|
||||
template:
|
||||
src: templates/local.conf.j2
|
||||
dest: /etc/sysctl.d/local.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Add Docker GPG key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/debian/gpg
|
||||
|
||||
- name: Add Docker APT repository
|
||||
apt_repository:
|
||||
repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
|
||||
|
||||
- name: Install Docker CE
|
||||
apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
force_apt_get: yes
|
||||
update_cache: yes
|
||||
|
||||
- name: Add joe to docker group
|
||||
user:
|
||||
name: joe
|
||||
groups: docker
|
||||
append: yes
|
||||
|
||||
- name: Install weechat systemd service
|
||||
copy:
|
||||
src: files/weechat.service
|
||||
dest: /etc/systemd/system/weechat.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Enable weechat service
|
||||
|
||||
# Clone docker repo to start services
|
||||
Loading…
Reference in New Issue