pew
/
scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

finish madone ansible config

master
Paul Wako 2019-09-02 01:29:24 -04:00
parent f7e9795ef7
commit c18a93ef6b
7 changed files with 182 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ansible/README.md
View File

@ -1,13 +1,19 @@
Assumes:
- OS (Debian) has been installed and IPs have been configured in hosts.cfg
- ALl:
- OS (Debian) has been installed and IPs have been configured in hosts.cfg
- Host is already trusted via ssh and can be ssh'd into using keys
- Passwordless sudo is enabled for the user ansible uses
- Host is already trusted via ssh and can be ssh'd into using keys
- Wireguard hosts:
- Secure boot is disabled (wireguard is an unsigned module)
- Wireguard is configured on 10.200.0.0/24; See https://wiki.debian.org/Wireguard
- Passwordless sudo is enabled for the user ansible uses
- ZFS server:
- ZFS is configured with a volume at /bigdata for sharing
- Secure boot is disabled (wireguard is an unsigned module)
- Media server:
- Create /media-vtluug folder
- Wireguard is configured on 10.200.0.0/24; See https://wiki.debian.org/Wireguard
- ZFS is configured with a volume at /bigdata for sharing
- Remote:
- joe/pew users have been created

0
ansible/files/motd Normal file
View File

13
ansible/files/weechat.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Weechat IRC Client (in tmux)
After=network.target
[Service]
User=pew
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/tmux new-session -d -s irc /usr/bin/weechat
ExecStop=/usr/bin/tmux kill-session -t irc
[Install]
WantedBy=multi-user.target

15
ansible/handlers.yml
View File

@ -1,9 +1,4 @@
---
- name: Restart systemd-logind service
service:
name: systemd-logind
state: restarted
- name: Restart chrony service
service:
name: chrony
@ -14,5 +9,15 @@
name: sshd
state: restarted
- name: Restart systemd-logind service
service:
name: systemd-logind
state: restarted
- name: Enable weechat service
service:
name: weechat
enabled: yes
- name: Re-export exportfs
command: exportfs -arv

3
ansible/hosts.cfg
View File

@ -6,3 +6,6 @@ bigdummy interface=enp2s0
[compute]
fogcutter interface=eno1
[remote]
joe@madone.seaturtle.pw interface=enp1s0

26
ansible/main.yml
View File

@ -18,12 +18,27 @@
- iperf3
- mosh
- nmap
- oidentd
- speedtest-cli
- tmux
- unattended-upgrades
- vim
force_apt_get: yes
update_cache: yes
- name: Disable MOTDs
command: chmod -x /etc/update-motd.d/10-uname
args:
warn: false
- name: Set MOTD
copy:
src: files/motd
dest: /etc/motd
owner: root
group: root
mode: '0644'
# TODO Change defaults
- name: Configure unattended-upgrades
copy:
@ -135,12 +150,11 @@
- hosts: compute
become: yes
tasks:
- name: Install Docker + compute packages
- name: Install Docker + compute dependencies
apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg2
- software-properties-common
- sshfs
@ -155,12 +169,6 @@
opts: soft,nodev,nosuid
state: mounted
- name: Create /media-vtluug directory
file:
path: /media-vtluug
state: directory
mode: '0755'
# Might require running manually mounting
- name: Mount vtluug /media via sshfs
mount:
@ -193,4 +201,4 @@
groups: docker
append: yes
# Clone docker-manifests repo to start services
# Clone docker repo to start services

126
ansible/remote.yml Normal file
View File

@ -0,0 +1,126 @@
# All hosts are debian 10
---
# remote
- hosts: remote
become: yes
handlers:
- import_tasks: handlers.yml
tasks:
# Core
- name: Install common packages
apt:
name:
- apt-listchanges
- apt-transport-https
- ca-certificates
- chrony
- curl
- git
- gnupg2
- htop
- iperf3
- mosh
- nmap
- oidentd
- software-properties-common
- speedtest-cli
- tmux
- unattended-upgrades
- vim
- weechat
- zsh
force_apt_get: yes
update_cache: yes
- name: Disable MOTDs
command: chmod -x /etc/update-motd.d/10-uname
args:
warn: false
- name: Set MOTD
copy:
src: files/motd
dest: /etc/motd
owner: root
group: root
mode: '0644'
# TODO Change defaults
- name: Configure unattended-upgrades
copy:
src: files/50unattended-upgrades
dest: /etc/apt/apt.conf.d/50unattended-upgrades
owner: root
group: root
mode: '0644'
- name: Enable unattended-upgrades
copy:
src: files/20auto-upgrades
dest: /etc/apt/apt.conf.d/20auto-upgrades
owner: root
group: root
mode: '0644'
- name: Disable power and reset buttons
copy:
src: files/logind.conf
dest: /etc/systemd/logind.conf
owner: root
group: root
mode: '0644'
notify: Restart systemd-logind service
# Core networking
- name: Configure sshd_config to listen on 2222/22 and disable password auth
copy:
src: files/sshd_config
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: '0644'
notify: Restart sshd service
## Changes will take effect during next reboot
## (determined by unattended-upgrades)
- name: Configure sysctl with IPv6 privacy extensions
template:
src: templates/local.conf.j2
dest: /etc/sysctl.d/local.conf
owner: root
group: root
mode: '0644'
- name: Add Docker GPG key
apt_key:
url: https://download.docker.com/linux/debian/gpg
- name: Add Docker APT repository
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
- name: Install Docker CE
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
force_apt_get: yes
update_cache: yes
- name: Add joe to docker group
user:
name: joe
groups: docker
append: yes
- name: Install weechat systemd service
copy:
src: files/weechat.service
dest: /etc/systemd/system/weechat.service
owner: root
group: root
mode: '0644'
notify: Enable weechat service
# Clone docker repo to start services