Infra/ansible/run.yml

- hosts: all
  become: yes
  tags: [never, init]
  vars_files:
    - "vars/vault.yml"

  collections:
    - ansible.builtin.apt
    - ansible.builtin.apt_key
    - ansible.builtin.git
    - ansible.builtin.group
    - ansible.builtin.hostname
    - ansible.builtin.lineinfile
    - ansible.builtin.pip
    - ansible.builtin.reboot
    - ansible.builtin.user
    - ansible.posix.authorized_key
    - ansible.posix.mount
    - ansible.builtin.command
    - ansible.builtin.apt_repository
    - ansible.builtin.dpkg_selections

  pre_tasks:
    - name: Ensure groups exists
      register: group_exist
      ansible.builtin.group:
        name: "{{ item.groupname }}"
        gid: "{{ item.gid | default(None) }}"
        state: present
      loop: "{{ users }}"

    - name: Add users
      ansible.builtin.user:
        name: "{{ item.username }}"
        uid: "{{ item.uid | default(None) }}"
        group: "{{ item.groupname | default(item.username) }}"
        shell: /bin/bash
        move_home: "{{ item.home | default(None) }}"
        password: "{{ item.password | default(None) }}"
      loop: "{{ users }}"

    - name: Add a ssh key
      ansible.posix.authorized_key:
        user: "{{ users.0.username }}"
        key: "https://github.com/{{ users.0.github }}.keys"

    - name: Change hostname
      when: "set_hostname is defined"
      register: new_hostname
      ansible.builtin.hostname:
        name: "{{ set_hostname }}"

    - name: Change hostname in hosts
      when: new_hostname.changed
      ansible.builtin.lineinfile:
        path: /etc/hosts
        regexp: '^127\.0\.0\.1 localhost'
        line: "127.0.0.1 localhost {{ set_hostname }}"
        owner: root
        group: root
        mode: "0644"

    - name: Reboot the server
      ansible.builtin.reboot:
        msg: "Reboot initiated by Ansible due to hostname change"
        connect_timeout: 5
        reboot_timeout: 300
        pre_reboot_delay: 2
        post_reboot_delay: 30
        test_command: uptime
      when: new_hostname.changed

  roles:
    - role: geerlingguy.ntp
    - role: geerlingguy.security

  tasks:
    - name: Install packages
      ansible.builtin.apt:
        name: "{{ item.name | default(omit) }}"
        state: latest
        default_release: "{{ item.default_release | default(omit) }}"
      with_items:
        - "{{package_list}}"

- hosts: docker
  become: yes
  tags: [never, init, docker]
  vars_files:
    - "vars/vault.yml"
  post_tasks:
    - name: Install pip packages
      ansible.builtin.pip:
        name:
          - docker
          - docker-compose
  roles:
    - role: geerlingguy.docker

- hosts: kube
  become: yes
  tags: [never, init, kube]
  vars_files:
    - "vars/vault.yml"
  tasks:
    - name: Disable SWAP
      # ansible.builtin.comman
      command: swapoff -a

    - name: Remove swapfile from /etc/fstab
      ansible.posix.mount:
        name: "{{ item }}"
        fstype: swap
        state: absent
      with_items:
        - swap

    - name: Add Apt signing key Google
      ansible.builtin.apt_key:
        url: "{{ item }}"
        state: present
      loop:
        - https://packages.cloud.google.com/apt/doc/apt-key.gpg

    - name: Add repo for kubernetes
      ansible.builtin.apt_repository:
        filename: kubernetes
        repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"
        mode: "0666"
        update_cache: yes

    - name: Install packages
      ansible.builtin.apt:
        name: "{{ item }}={{ kube_ver }}"
        state: present
      with_items:
        - kubelet
        - kubeadm
        - kubectl

    - name: Hold kubernetes version
      become: yes
      ansible.builtin.dpkg_selections:
        name: "{{ item }}"
        selection: "hold"
      with_items:
        - kubelet
        - kubeadm
        - kubectl

- hosts: piholes
  vars_files:
    - "vars/vault.yml"
  pre_tasks:
    - name: Checkout pihole
      tags: [never, init, pihole]
      become: yes
      ansible.builtin.git:
        repo: "https://github.com/pi-hole/pi-hole.git"
        clone: yes
        dest: "/etc/.pihole"
        depth: 1
        umask: "022"

    - name: Checkout pihole_updatelist
      tags: [never, init, pihole]
      ansible.builtin.git:
        repo: "https://github.com/jacklul/pihole-updatelists.git"
        clone: yes
        dest: "/home/{{ users.0.username }}/pihole_updatelist"
        depth: 1

    - name: Get dependencies
      become: yes
      tags: [never, init, pihole]
      ansible.builtin.apt:
        name:
          [
            "cron",
            "curl",
            "dhcpcd5",
            "dns-root-data",
            "dns-root-data",
            "dnsutils",
            "git",
            "idn2",
            "idn2",
            "iputils-ping",
            "libcap2-bin",
            "libcap2",
            "lighttpd",
            "lsof",
            "netcat",
            "php-cgi",
            "php-cli",
            "php-curl",
            "php-intl",
            "php-sqlite3",
            "php-sqlite3",
            "php-xml",
            "psmisc",
            "sqlite3",
            "sudo",
            "unzip",
            "unzip",
            "wget",
            "whiptail",
          ]
        state: latest

  roles:
    - role: pi_updatelist
      tags: [update]
    - role: pi_dnsmasq
      tags: [update]

- hosts: all
  become: yes
  tags: [update]
  vars_files:
    - "vars/vault.yml"

  tasks:
    # https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
    - name: Update packages
      ansible.builtin.apt:
        update_cache: true
        force_apt_get: true
        cache_valid_time: 3600
        upgrade: true

    - name: Remove ubuntu motd spam
      ansible.builtin.file:
        path: "/etc/update-motd.d/{{ item }}"
        state: absent
      loop:
        - 10-help-text
        - 50-landscape-sysinfo
        - 50-motd-news
        - 80-livepatch
        - 95-hwe-eol
      when: ansible_distribution == 'Ubuntu'

    - name: Update PiHole
      when: inventory_hostname in groups['piholes']
      become: true
      ansible.builtin.command:
        argv:
          - pihole
          - -up

    - name: Check if a reboot is needed for Debian and Ubuntu boxes
      register: reboot_required_file
      stat: path=/var/run/reboot-required get_md5=no

    - name: Reboot the server
      ansible.builtin.reboot:
        msg: "Reboot initiated by Ansible due to kernel updates"
        connect_timeout: 5
        reboot_timeout: 300
        pre_reboot_delay: 0
        post_reboot_delay: 30
        test_command: uptime
      when: reboot_required_file.stat.exists
Initial commit 2020-10-28 22:15:23 +01:00			`- hosts: all`
			`become: yes`
			`tags: [never, init]`
			`vars_files:`
			`- "vars/vault.yml"`

			`collections:`
			`- ansible.builtin.apt`
Updates 2021-02-13 15:39:14 +01:00			`- ansible.builtin.apt_key`
Initial commit 2020-10-28 22:15:23 +01:00			`- ansible.builtin.git`
			`- ansible.builtin.group`
			`- ansible.builtin.hostname`
Updates 2021-02-13 15:39:14 +01:00			`- ansible.builtin.lineinfile`
			`- ansible.builtin.pip`
Initial commit 2020-10-28 22:15:23 +01:00			`- ansible.builtin.reboot`
			`- ansible.builtin.user`
			`- ansible.posix.authorized_key`
Updates 2021-02-13 15:39:14 +01:00			`- ansible.posix.mount`
			`- ansible.builtin.command`
			`- ansible.builtin.apt_repository`
			`- ansible.builtin.dpkg_selections`
Initial commit 2020-10-28 22:15:23 +01:00
			`pre_tasks:`
			`- name: Ensure groups exists`
			`register: group_exist`
			`ansible.builtin.group:`
			`name: "{{ item.groupname }}"`
			`gid: "{{ item.gid \| default(None) }}"`
			`state: present`
			`loop: "{{ users }}"`

			`- name: Add users`
			`ansible.builtin.user:`
			`name: "{{ item.username }}"`
			`uid: "{{ item.uid \| default(None) }}"`
			`group: "{{ item.groupname \| default(item.username) }}"`
			`shell: /bin/bash`
			`move_home: "{{ item.home \| default(None) }}"`
			`password: "{{ item.password \| default(None) }}"`
			`loop: "{{ users }}"`

			`- name: Add a ssh key`
			`ansible.posix.authorized_key:`
			`user: "{{ users.0.username }}"`
			`key: "https://github.com/{{ users.0.github }}.keys"`

			`- name: Change hostname`
			`when: "set_hostname is defined"`
			`register: new_hostname`
			`ansible.builtin.hostname:`
			`name: "{{ set_hostname }}"`

			`- name: Change hostname in hosts`
			`when: new_hostname.changed`
			`ansible.builtin.lineinfile:`
			`path: /etc/hosts`
			`regexp: '^127\.0\.0\.1 localhost'`
			`line: "127.0.0.1 localhost {{ set_hostname }}"`
			`owner: root`
			`group: root`
			`mode: "0644"`

			`- name: Reboot the server`
			`ansible.builtin.reboot:`
			`msg: "Reboot initiated by Ansible due to hostname change"`
			`connect_timeout: 5`
			`reboot_timeout: 300`
			`pre_reboot_delay: 2`
			`post_reboot_delay: 30`
			`test_command: uptime`
			`when: new_hostname.changed`

			`roles:`
			`- role: geerlingguy.ntp`
			`- role: geerlingguy.security`

			`tasks:`
			`- name: Install packages`
			`ansible.builtin.apt:`
			`name: "{{ item.name \| default(omit) }}"`
			`state: latest`
			`default_release: "{{ item.default_release \| default(omit) }}"`
			`with_items:`
			`- "{{package_list}}"`

Updates 2021-02-13 15:39:14 +01:00			`- hosts: docker`
			`become: yes`
			`tags: [never, init, docker]`
			`vars_files:`
			`- "vars/vault.yml"`
			`post_tasks:`
			`- name: Install pip packages`
			`ansible.builtin.pip:`
			`name:`
			`- docker`
			`- docker-compose`
			`roles:`
			`- role: geerlingguy.docker`

			`- hosts: kube`
			`become: yes`
			`tags: [never, init, kube]`
			`vars_files:`
			`- "vars/vault.yml"`
			`tasks:`
			`- name: Disable SWAP`
			`# ansible.builtin.comman`
			`command: swapoff -a`

			`- name: Remove swapfile from /etc/fstab`
			`ansible.posix.mount:`
			`name: "{{ item }}"`
			`fstype: swap`
			`state: absent`
			`with_items:`
			`- swap`

			`- name: Add Apt signing key Google`
			`ansible.builtin.apt_key:`
			`url: "{{ item }}"`
			`state: present`
			`loop:`
			`- https://packages.cloud.google.com/apt/doc/apt-key.gpg`

			`- name: Add repo for kubernetes`
			`ansible.builtin.apt_repository:`
			`filename: kubernetes`
			`repo: "deb https://apt.kubernetes.io/ kubernetes-xenial main"`
			`mode: "0666"`
			`update_cache: yes`

			`- name: Install packages`
			`ansible.builtin.apt:`
			`name: "{{ item }}={{ kube_ver }}"`
			`state: present`
			`with_items:`
			`- kubelet`
			`- kubeadm`
			`- kubectl`

			`- name: Hold kubernetes version`
			`become: yes`
			`ansible.builtin.dpkg_selections:`
			`name: "{{ item }}"`
			`selection: "hold"`
			`with_items:`
			`- kubelet`
			`- kubeadm`
			`- kubectl`

Initial commit 2020-10-28 22:15:23 +01:00			`- hosts: piholes`
			`vars_files:`
			`- "vars/vault.yml"`
			`pre_tasks:`
			`- name: Checkout pihole`
			`tags: [never, init, pihole]`
Updates 2021-02-13 15:39:14 +01:00			`become: yes`
Initial commit 2020-10-28 22:15:23 +01:00			`ansible.builtin.git:`
			`repo: "https://github.com/pi-hole/pi-hole.git"`
			`clone: yes`
Updates 2021-02-13 15:39:14 +01:00			`dest: "/etc/.pihole"`
Initial commit 2020-10-28 22:15:23 +01:00			`depth: 1`
Updates 2021-02-13 15:39:14 +01:00			`umask: "022"`
Initial commit 2020-10-28 22:15:23 +01:00
			`- name: Checkout pihole_updatelist`
			`tags: [never, init, pihole]`
			`ansible.builtin.git:`
			`repo: "https://github.com/jacklul/pihole-updatelists.git"`
			`clone: yes`
			`dest: "/home/{{ users.0.username }}/pihole_updatelist"`
			`depth: 1`

			`- name: Get dependencies`
			`become: yes`
			`tags: [never, init, pihole]`
			`ansible.builtin.apt:`
			`name:`
			`[`
Updates 2021-02-13 15:39:14 +01:00			`"cron",`
			`"curl",`
			`"dhcpcd5",`
			`"dns-root-data",`
Initial commit 2020-10-28 22:15:23 +01:00			`"dns-root-data",`
Updates 2021-02-13 15:39:14 +01:00			`"dnsutils",`
			`"git",`
Initial commit 2020-10-28 22:15:23 +01:00			`"idn2",`
Updates 2021-02-13 15:39:14 +01:00			`"idn2",`
			`"iputils-ping",`
			`"libcap2-bin",`
			`"libcap2",`
Initial commit 2020-10-28 22:15:23 +01:00			`"lighttpd",`
Updates 2021-02-13 15:39:14 +01:00			`"lsof",`
			`"netcat",`
Initial commit 2020-10-28 22:15:23 +01:00			`"php-cgi",`
			`"php-cli",`
			`"php-curl",`
			`"php-intl",`
			`"php-sqlite3",`
Updates 2021-02-13 15:39:14 +01:00			`"php-sqlite3",`
Initial commit 2020-10-28 22:15:23 +01:00			`"php-xml",`
Updates 2021-02-13 15:39:14 +01:00			`"psmisc",`
Initial commit 2020-10-28 22:15:23 +01:00			`"sqlite3",`
Updates 2021-02-13 15:39:14 +01:00			`"sudo",`
Initial commit 2020-10-28 22:15:23 +01:00			`"unzip",`
Updates 2021-02-13 15:39:14 +01:00			`"unzip",`
			`"wget",`
			`"whiptail",`
Initial commit 2020-10-28 22:15:23 +01:00			`]`
			`state: latest`

			`roles:`
			`- role: pi_updatelist`
			`tags: [update]`
			`- role: pi_dnsmasq`
Updates 2021-02-13 15:39:14 +01:00			`tags: [update]`
Initial commit 2020-10-28 22:15:23 +01:00
			`- hosts: all`
			`become: yes`
			`tags: [update]`
			`vars_files:`
			`- "vars/vault.yml"`

			`tasks:`
			`# https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/`
			`- name: Update packages`
			`ansible.builtin.apt:`
Updates 2021-02-13 15:39:14 +01:00			`update_cache: true`
			`force_apt_get: true`
Initial commit 2020-10-28 22:15:23 +01:00			`cache_valid_time: 3600`
Updates 2021-02-13 15:39:14 +01:00			`upgrade: true`
Initial commit 2020-10-28 22:15:23 +01:00
			`- name: Remove ubuntu motd spam`
			`ansible.builtin.file:`
			`path: "/etc/update-motd.d/{{ item }}"`
			`state: absent`
			`loop:`
			`- 10-help-text`
			`- 50-landscape-sysinfo`
			`- 50-motd-news`
			`- 80-livepatch`
			`- 95-hwe-eol`
			`when: ansible_distribution == 'Ubuntu'`

Updates 2021-02-13 15:39:14 +01:00			`- name: Update PiHole`
			`when: inventory_hostname in groups['piholes']`
			`become: true`
			`ansible.builtin.command:`
			`argv:`
			`- pihole`
			`- -up`

Initial commit 2020-10-28 22:15:23 +01:00			`- name: Check if a reboot is needed for Debian and Ubuntu boxes`
			`register: reboot_required_file`
			`stat: path=/var/run/reboot-required get_md5=no`

			`- name: Reboot the server`
			`ansible.builtin.reboot:`
			`msg: "Reboot initiated by Ansible due to kernel updates"`
			`connect_timeout: 5`
			`reboot_timeout: 300`
			`pre_reboot_delay: 0`
			`post_reboot_delay: 30`
			`test_command: uptime`
			`when: reboot_required_file.stat.exists`