2020-10-28 22:15:23 +01:00
|
|
|
- hosts: all
|
|
|
|
become: yes
|
|
|
|
tags: [never, init]
|
|
|
|
vars_files:
|
|
|
|
- "vars/vault.yml"
|
|
|
|
|
|
|
|
collections:
|
|
|
|
- ansible.builtin.apt
|
2021-02-13 15:39:14 +01:00
|
|
|
- ansible.builtin.apt_key
|
2020-10-28 22:15:23 +01:00
|
|
|
- ansible.builtin.git
|
|
|
|
- ansible.builtin.group
|
|
|
|
- ansible.builtin.hostname
|
2021-02-13 15:39:14 +01:00
|
|
|
- ansible.builtin.lineinfile
|
|
|
|
- ansible.builtin.pip
|
2020-10-28 22:15:23 +01:00
|
|
|
- ansible.builtin.reboot
|
|
|
|
- ansible.builtin.user
|
|
|
|
- ansible.posix.authorized_key
|
2021-02-13 15:39:14 +01:00
|
|
|
- ansible.posix.mount
|
|
|
|
- ansible.builtin.command
|
|
|
|
- ansible.builtin.apt_repository
|
|
|
|
- ansible.builtin.dpkg_selections
|
2020-10-28 22:15:23 +01:00
|
|
|
|
|
|
|
pre_tasks:
|
2021-08-16 23:50:14 +02:00
|
|
|
- include_tasks: tasks/users.yml
|
|
|
|
with_items: "{{ users }}"
|
|
|
|
loop_control:
|
|
|
|
loop_var: user
|
2020-10-28 22:15:23 +01:00
|
|
|
|
|
|
|
- name: Change hostname
|
|
|
|
when: "set_hostname is defined"
|
|
|
|
register: new_hostname
|
|
|
|
ansible.builtin.hostname:
|
|
|
|
name: "{{ set_hostname }}"
|
|
|
|
|
|
|
|
- name: Change hostname in hosts
|
|
|
|
when: new_hostname.changed
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /etc/hosts
|
|
|
|
regexp: '^127\.0\.0\.1 localhost'
|
|
|
|
line: "127.0.0.1 localhost {{ set_hostname }}"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
- name: Reboot the server
|
|
|
|
ansible.builtin.reboot:
|
|
|
|
msg: "Reboot initiated by Ansible due to hostname change"
|
|
|
|
connect_timeout: 5
|
|
|
|
reboot_timeout: 300
|
|
|
|
pre_reboot_delay: 2
|
|
|
|
post_reboot_delay: 30
|
|
|
|
test_command: uptime
|
|
|
|
when: new_hostname.changed
|
|
|
|
|
|
|
|
roles:
|
|
|
|
- role: geerlingguy.ntp
|
|
|
|
- role: geerlingguy.security
|
|
|
|
|
|
|
|
tasks:
|
|
|
|
- name: Install packages
|
|
|
|
ansible.builtin.apt:
|
|
|
|
name: "{{ item.name | default(omit) }}"
|
|
|
|
state: latest
|
|
|
|
default_release: "{{ item.default_release | default(omit) }}"
|
|
|
|
with_items:
|
|
|
|
- "{{package_list}}"
|
|
|
|
|
2021-02-13 15:39:14 +01:00
|
|
|
- hosts: docker
|
|
|
|
become: yes
|
2021-08-16 23:52:40 +02:00
|
|
|
tags: [docker]
|
2021-02-13 15:39:14 +01:00
|
|
|
vars_files:
|
|
|
|
- "vars/vault.yml"
|
|
|
|
post_tasks:
|
|
|
|
- name: Install pip packages
|
|
|
|
ansible.builtin.pip:
|
|
|
|
name:
|
|
|
|
- docker
|
2021-08-16 23:52:40 +02:00
|
|
|
|
|
|
|
- name: Get DEB architecture
|
|
|
|
shell: dpkg --print-architecture
|
|
|
|
register: deb_architecture
|
|
|
|
|
|
|
|
- name: Create plugin directory if not present
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: "/home/{{ item.username }}/.docker/cli-plugins/"
|
|
|
|
state: directory
|
|
|
|
owner: "{{ item.username }}"
|
|
|
|
group: "{{ item.groupname }}"
|
|
|
|
mode: "0775"
|
|
|
|
loop: "{{ docker_users_obj }}"
|
|
|
|
|
|
|
|
- name: Install compose plugin
|
|
|
|
ansible.builtin.get_url:
|
|
|
|
url: "https://github.com/docker/compose-cli/releases/download/v2.0.0-rc.1/docker-compose-linux-{{ deb_architecture.stdout }}"
|
|
|
|
dest: "/home/{{ item.username }}/.docker/cli-plugins/docker-compose"
|
|
|
|
mode: "0755"
|
|
|
|
owner: "{{ item.username }}"
|
|
|
|
group: "{{ item.groupname }}"
|
|
|
|
loop: "{{ docker_users_obj }}"
|
|
|
|
|
2021-02-13 15:39:14 +01:00
|
|
|
roles:
|
|
|
|
- role: geerlingguy.docker
|
|
|
|
|
|
|
|
- hosts: kube
|
|
|
|
become: yes
|
|
|
|
tags: [never, init, kube]
|
|
|
|
vars_files:
|
|
|
|
- "vars/vault.yml"
|
|
|
|
tasks:
|
|
|
|
- name: Disable SWAP
|
|
|
|
# ansible.builtin.comman
|
|
|
|
command: swapoff -a
|
|
|
|
|
|
|
|
- name: Remove swapfile from /etc/fstab
|
|
|
|
ansible.posix.mount:
|
|
|
|
name: "{{ item }}"
|
|
|
|
fstype: swap
|
|
|
|
state: absent
|
|
|
|
with_items:
|
|
|
|
- swap
|
|
|
|
|
|
|
|
- name: Add Apt signing key Google
|
|
|
|
ansible.builtin.apt_key:
|
|
|
|
url: "{{ item }}"
|
|
|
|
state: present
|
|
|
|
loop:
|
|
|
|
- https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
|
|
|
|
|
|
- name: Add repo for kubernetes
|
|
|
|
ansible.builtin.apt_repository:
|
|
|
|
filename: kubernetes
|
|
|
|
repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
|
|
|
|
mode: "0666"
|
|
|
|
update_cache: yes
|
|
|
|
|
|
|
|
- name: Install packages
|
|
|
|
ansible.builtin.apt:
|
|
|
|
name: "{{ item }}={{ kube_ver }}"
|
|
|
|
state: present
|
|
|
|
with_items:
|
|
|
|
- kubelet
|
|
|
|
- kubeadm
|
|
|
|
- kubectl
|
|
|
|
|
|
|
|
- name: Hold kubernetes version
|
|
|
|
become: yes
|
|
|
|
ansible.builtin.dpkg_selections:
|
|
|
|
name: "{{ item }}"
|
|
|
|
selection: "hold"
|
|
|
|
with_items:
|
|
|
|
- kubelet
|
|
|
|
- kubeadm
|
|
|
|
- kubectl
|
|
|
|
|
2020-10-28 22:15:23 +01:00
|
|
|
- hosts: piholes
|
|
|
|
vars_files:
|
|
|
|
- "vars/vault.yml"
|
2021-08-17 00:05:31 +02:00
|
|
|
tags: [update, pihole]
|
2020-10-28 22:15:23 +01:00
|
|
|
roles:
|
2021-08-17 00:05:31 +02:00
|
|
|
- role: pihole_updatelist
|
2020-10-28 22:15:23 +01:00
|
|
|
- role: pi_dnsmasq
|
2021-08-17 00:05:31 +02:00
|
|
|
- role: pihole
|
2020-10-28 22:15:23 +01:00
|
|
|
|
|
|
|
- hosts: all
|
|
|
|
become: yes
|
|
|
|
tags: [update]
|
|
|
|
vars_files:
|
|
|
|
- "vars/vault.yml"
|
|
|
|
|
|
|
|
tasks:
|
|
|
|
# https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
|
|
|
|
- name: Update packages
|
|
|
|
ansible.builtin.apt:
|
2021-02-13 15:39:14 +01:00
|
|
|
update_cache: true
|
|
|
|
force_apt_get: true
|
2020-10-28 22:15:23 +01:00
|
|
|
cache_valid_time: 3600
|
2021-02-13 15:39:14 +01:00
|
|
|
upgrade: true
|
2020-10-28 22:15:23 +01:00
|
|
|
|
|
|
|
- name: Remove ubuntu motd spam
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: "/etc/update-motd.d/{{ item }}"
|
|
|
|
state: absent
|
|
|
|
loop:
|
|
|
|
- 10-help-text
|
|
|
|
- 50-landscape-sysinfo
|
|
|
|
- 50-motd-news
|
|
|
|
- 80-livepatch
|
|
|
|
- 95-hwe-eol
|
|
|
|
when: ansible_distribution == 'Ubuntu'
|
|
|
|
|
2021-02-13 15:39:14 +01:00
|
|
|
- name: Update PiHole
|
|
|
|
when: inventory_hostname in groups['piholes']
|
|
|
|
become: true
|
|
|
|
ansible.builtin.command:
|
|
|
|
argv:
|
|
|
|
- pihole
|
|
|
|
- -up
|
|
|
|
|
2020-10-28 22:15:23 +01:00
|
|
|
- name: Check if a reboot is needed for Debian and Ubuntu boxes
|
|
|
|
register: reboot_required_file
|
|
|
|
stat: path=/var/run/reboot-required get_md5=no
|
|
|
|
|
|
|
|
- name: Reboot the server
|
|
|
|
ansible.builtin.reboot:
|
|
|
|
msg: "Reboot initiated by Ansible due to kernel updates"
|
|
|
|
connect_timeout: 5
|
|
|
|
reboot_timeout: 300
|
|
|
|
pre_reboot_delay: 0
|
|
|
|
post_reboot_delay: 30
|
|
|
|
test_command: uptime
|
|
|
|
when: reboot_required_file.stat.exists
|