pew
/
scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
scripts/ansible/main.yml

270 lines
6.2 KiB
YAML
Raw Blame History

# All hosts are debian
---
# Common
- hosts: cabinet,fogcutter,lech
become: yes
handlers:
- import_tasks: handlers.yml
tasks:
# Core
- name: Set hostname
hostname:
name: "{{ hostname }}"
- name: Install common packages
apt:
name:
- apt-listchanges
- beets
- bsd-mailx
- chrony
- curl
- dma
- git
- htop
- iperf3
- mosh
- mutt
- netcat-openbsd
- nfs-common
- nmap
- oidentd
- rsync
- smartmontools
- snapd
- speedtest-cli
- sshfs
- tmux
- tor
- unattended-upgrades
- vim
force_apt_get: yes
update_cache: yes
- name: Install rclone
apt:
deb: https://downloads.rclone.org/rclone-current-linux-amd64.deb
force_apt_get: yes
- name: Disable MOTDs
file:
path: /etc/update-motd.d/10-uname
mode: '0644'
- name: Set MOTD
copy:
src: files/motd
dest: /etc/motd
owner: root
group: root
mode: '0644'
# No automatic reboots
- name: Configure unattended-upgrades
copy:
src: files/50unattended-upgrades
dest: /etc/apt/apt.conf.d/50unattended-upgrades
owner: root
group: root
mode: '0644'
- name: Enable auto-upgrades
copy:
src: files/20auto-upgrades
dest: /etc/apt/apt.conf.d/20auto-upgrades
owner: root
group: root
mode: '0644'
- name: Disable power and reset buttons
copy:
src: files/logind.conf
dest: /etc/systemd/logind.conf
owner: root
group: root
mode: '0644'
notify: Restart systemd-logind service
- name: Set chrony ntp servers
template:
src: templates/chrony.conf.j2
dest: /etc/chrony/chrony.conf
owner: root
group: root
mode: '0644'
notify: Restart chrony service
# Core networking
- name: Configure sshd_config to listen on 22/37121 and disable password auth
copy:
src: files/sshd_config
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: '0644'
notify: Restart sshd service
- name: Configure dma
copy:
src: files/dma.conf
dest: /etc/dma/dma.conf
owner: root
group: mail
mode: '0640'
- name: Configure dma auth
template:
src: templates/dma-auth.conf.j2
dest: /etc/dma/auth.conf
owner: root
group: mail
mode: '0640'
when: dma_auth is defined and dma_auth != ''
## Changes will take effect during next reboot, does not effect static IPs
- name: Configure sysctl with IPv6 privacy extensions
template:
src: templates/local.conf.j2
dest: /etc/sysctl.d/local.conf
owner: root
group: root
mode: '0644'
- name: Configure smartd
copy:
src: files/smartd.conf
dest: /etc/smartd.conf
owner: root
group: root
mode: '0644'
notify: Restart and enable smartd
- name: Install tor config
copy:
src: files/torrc
dest: /etc/tor/torrc
owner: root
group: root
mode: '0644'
notify: Restart and enable tor
- debug:
msg: Manually get tor hostname
# Common dynamic settings
#- hosts: fogcutter
# become: yes
# handlers:
# - import_tasks: handlers.yml
# tasks:
# - name: Copy Dynamic DNS script
# template:
# src: templates/gandi-ddns.sh.j2
# dest: /usr/local/bin/gandi-ddns.sh
# owner: root
# group: root
# mode: '0755'
# when: gandi_api_key is defined and gandi_api_key != ''
#
# - name: Add Dynamic DNS cronjob
# cron:
# name: "Update dynamic dns"
# job: /usr/local/bin/gandi-ddns.sh
# special_time: daily
# user: root
# when: gandi_api_key is defined
# Lech (main host) config
- hosts: lech
become: yes
handlers:
- import_tasks: handlers.yml
tasks:
- name: Install samba, zfs stuff
apt:
name:
- samba
- zfs-auto-snapshot
- zfs-zed
force_apt_get: yes
update_cache: yes
- name: Create samba dir
file:
path: /mammoth/tmp/pew-photos
state: directory
owner: paul
group: paul
notify: Restart smbd
- name: Configure samba
copy:
src: files/lech/smb.conf
dest: /etc/samba/smb.conf
owner: root
group: root
mode: '0644'
notify: Restart smbd
- name: Configure zfs-zed
copy:
src: files/zed.rc
dest: /etc/zfs/zed.d/zed.rc
owner: root
group: root
mode: '0644'
notify: Restart zfs-zed
- name: ZFS cronjob - Sunday
cron:
name: 'Weekly zfs pool status check'
minute: '0'
hour: '0'
day: '*'
month: '*'
weekday: '0'
job: '/usr/sbin/zpool status | mail -s "ZFS STATUS" paul@bigcavemaps.com'
user: paul
- name: Mount vtluug /media via sshfs
mount:
src: pew-media@dirtycow.vtluug.org:/nfs/cistern/share/media
path: /media-vtluug
fstype: fuse.sshfs
opts: allow_other,ro,_netdev,StrictHostKeyChecking=no,IdentityFile=/home/paul/.ssh/id_rsa_fast
state: mounted
- debug:
msg: Manually copy vtluug ssh key
- debug:
msg: Manually configure rclone remote drive
- name: Backup data cronjob - Monday
cron:
name: 'Backup data'
minute: '0'
hour: '0'
day: '*'
month: '*'
weekday: '1'
job: "/home/paul/scripts-private/{{ hostname_short }}/backup.sh"
user: paul
- name: Mastodon cronjobs - Sunday
cron:
name: "mastodon {{ item }} remove"
minute: '0'
hour: '0'
day: '*'
month: '*'
weekday: '0'
job: "/usr/bin/docker exec mastodon-web tootctl {{ item }} remove"
user: paul
loop:
- media
- preview_cards
- debug:
msg: Manually install nvidia drivers and container toolkit
Reference in New Issue View Git Blame Copy Permalink