Roxedus/Infra
1
0
Fork 0
Code Issues 1 Pull Requests 6 Projects Releases Wiki Activity
fb00381598
Infra/ansible/run.yml

166 lines
4.3 KiB
YAML
Raw Normal View History

Initial commit
2020-10-28 22:15:23 +01:00
- hosts: all
become: yes
tags: [never, init]
vars_files:
- "vars/vault.yml"
collections:
- ansible.builtin.apt
- ansible.builtin.git
- ansible.builtin.group
- ansible.builtin.hostname
- ansible.builtin.reboot
- ansible.builtin.user
- ansible.posix.authorized_key
- ansible.builtin.lineinfile
- ansible.builtin.git
pre_tasks:
- name: Ensure groups exists
register: group_exist
ansible.builtin.group:
name: "{{ item.groupname }}"
gid: "{{ item.gid | default(None) }}"
state: present
loop: "{{ users }}"
- name: Add users
ansible.builtin.user:
name: "{{ item.username }}"
uid: "{{ item.uid | default(None) }}"
group: "{{ item.groupname | default(item.username) }}"
shell: /bin/bash
move_home: "{{ item.home | default(None) }}"
password: "{{ item.password | default(None) }}"
loop: "{{ users }}"
- name: Add a ssh key
ansible.posix.authorized_key:
user: "{{ users.0.username }}"
key: "https://github.com/{{ users.0.github }}.keys"
- name: Change hostname
when: "set_hostname is defined"
register: new_hostname
ansible.builtin.hostname:
name: "{{ set_hostname }}"
- name: Change hostname in hosts
when: new_hostname.changed
ansible.builtin.lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1 localhost'
line: "127.0.0.1 localhost {{ set_hostname }}"
owner: root
group: root
mode: "0644"
- name: Reboot the server
ansible.builtin.reboot:
msg: "Reboot initiated by Ansible due to hostname change"
connect_timeout: 5
reboot_timeout: 300
pre_reboot_delay: 2
post_reboot_delay: 30
test_command: uptime
when: new_hostname.changed
roles:
- role: geerlingguy.ntp
- role: geerlingguy.security
tasks:
- name: Install packages
ansible.builtin.apt:
name: "{{ item.name | default(omit) }}"
state: latest
default_release: "{{ item.default_release | default(omit) }}"
with_items:
- "{{package_list}}"
- hosts: piholes
vars_files:
- "vars/vault.yml"
pre_tasks:
- name: Checkout pihole
tags: [never, init, pihole]
ansible.builtin.git:
repo: "https://github.com/pi-hole/pi-hole.git"
clone: yes
dest: "/home/{{ users.0.username }}/pihole"
depth: 1
- name: Checkout pihole_updatelist
tags: [never, init, pihole]
ansible.builtin.git:
repo: "https://github.com/jacklul/pihole-updatelists.git"
clone: yes
dest: "/home/{{ users.0.username }}/pihole_updatelist"
depth: 1
- name: Get dependencies
become: yes
tags: [never, init, pihole]
ansible.builtin.apt:
name:
[
"dns-root-data",
"idn2",
"lighttpd",
"php-cgi",
"php-cli",
"php-curl",
"php-intl",
"php-sqlite3",
"php-xml",
"sqlite3",
"unzip",
]
state: latest
roles:
- role: pi_updatelist
tags: [update]
- role: pi_dnsmasq
- hosts: all
become: yes
tags: [update]
vars_files:
- "vars/vault.yml"
tasks:
# https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
- name: Update packages
ansible.builtin.apt:
update_cache: yes
force_apt_get: yes
cache_valid_time: 3600
upgrade: yes
- name: Remove ubuntu motd spam
ansible.builtin.file:
path: "/etc/update-motd.d/{{ item }}"
state: absent
loop:
- 10-help-text
- 50-landscape-sysinfo
- 50-motd-news
- 80-livepatch
- 95-hwe-eol
when: ansible_distribution == 'Ubuntu'
- name: Check if a reboot is needed for Debian and Ubuntu boxes
register: reboot_required_file
stat: path=/var/run/reboot-required get_md5=no
- name: Reboot the server
ansible.builtin.reboot:
msg: "Reboot initiated by Ansible due to kernel updates"
connect_timeout: 5
reboot_timeout: 300
pre_reboot_delay: 0
post_reboot_delay: 30
test_command: uptime
when: reboot_required_file.stat.exists
Reference in New Issue Copy Permalink