166 lines
4.3 KiB
YAML
166 lines
4.3 KiB
YAML
|
- hosts: all
|
||
|
become: yes
|
||
|
tags: [never, init]
|
||
|
vars_files:
|
||
|
- "vars/vault.yml"
|
||
|
|
||
|
collections:
|
||
|
- ansible.builtin.apt
|
||
|
- ansible.builtin.git
|
||
|
- ansible.builtin.group
|
||
|
- ansible.builtin.hostname
|
||
|
- ansible.builtin.reboot
|
||
|
- ansible.builtin.user
|
||
|
- ansible.posix.authorized_key
|
||
|
- ansible.builtin.lineinfile
|
||
|
- ansible.builtin.git
|
||
|
|
||
|
pre_tasks:
|
||
|
- name: Ensure groups exists
|
||
|
register: group_exist
|
||
|
ansible.builtin.group:
|
||
|
name: "{{ item.groupname }}"
|
||
|
gid: "{{ item.gid | default(None) }}"
|
||
|
state: present
|
||
|
loop: "{{ users }}"
|
||
|
|
||
|
- name: Add users
|
||
|
ansible.builtin.user:
|
||
|
name: "{{ item.username }}"
|
||
|
uid: "{{ item.uid | default(None) }}"
|
||
|
group: "{{ item.groupname | default(item.username) }}"
|
||
|
shell: /bin/bash
|
||
|
move_home: "{{ item.home | default(None) }}"
|
||
|
password: "{{ item.password | default(None) }}"
|
||
|
loop: "{{ users }}"
|
||
|
|
||
|
- name: Add a ssh key
|
||
|
ansible.posix.authorized_key:
|
||
|
user: "{{ users.0.username }}"
|
||
|
key: "https://github.com/{{ users.0.github }}.keys"
|
||
|
|
||
|
- name: Change hostname
|
||
|
when: "set_hostname is defined"
|
||
|
register: new_hostname
|
||
|
ansible.builtin.hostname:
|
||
|
name: "{{ set_hostname }}"
|
||
|
|
||
|
- name: Change hostname in hosts
|
||
|
when: new_hostname.changed
|
||
|
ansible.builtin.lineinfile:
|
||
|
path: /etc/hosts
|
||
|
regexp: '^127\.0\.0\.1 localhost'
|
||
|
line: "127.0.0.1 localhost {{ set_hostname }}"
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: "0644"
|
||
|
|
||
|
- name: Reboot the server
|
||
|
ansible.builtin.reboot:
|
||
|
msg: "Reboot initiated by Ansible due to hostname change"
|
||
|
connect_timeout: 5
|
||
|
reboot_timeout: 300
|
||
|
pre_reboot_delay: 2
|
||
|
post_reboot_delay: 30
|
||
|
test_command: uptime
|
||
|
when: new_hostname.changed
|
||
|
|
||
|
roles:
|
||
|
- role: geerlingguy.ntp
|
||
|
- role: geerlingguy.security
|
||
|
|
||
|
tasks:
|
||
|
- name: Install packages
|
||
|
ansible.builtin.apt:
|
||
|
name: "{{ item.name | default(omit) }}"
|
||
|
state: latest
|
||
|
default_release: "{{ item.default_release | default(omit) }}"
|
||
|
with_items:
|
||
|
- "{{package_list}}"
|
||
|
|
||
|
- hosts: piholes
|
||
|
vars_files:
|
||
|
- "vars/vault.yml"
|
||
|
pre_tasks:
|
||
|
- name: Checkout pihole
|
||
|
tags: [never, init, pihole]
|
||
|
ansible.builtin.git:
|
||
|
repo: "https://github.com/pi-hole/pi-hole.git"
|
||
|
clone: yes
|
||
|
dest: "/home/{{ users.0.username }}/pihole"
|
||
|
depth: 1
|
||
|
|
||
|
- name: Checkout pihole_updatelist
|
||
|
tags: [never, init, pihole]
|
||
|
ansible.builtin.git:
|
||
|
repo: "https://github.com/jacklul/pihole-updatelists.git"
|
||
|
clone: yes
|
||
|
dest: "/home/{{ users.0.username }}/pihole_updatelist"
|
||
|
depth: 1
|
||
|
|
||
|
- name: Get dependencies
|
||
|
become: yes
|
||
|
tags: [never, init, pihole]
|
||
|
ansible.builtin.apt:
|
||
|
name:
|
||
|
[
|
||
|
"dns-root-data",
|
||
|
"idn2",
|
||
|
"lighttpd",
|
||
|
"php-cgi",
|
||
|
"php-cli",
|
||
|
"php-curl",
|
||
|
"php-intl",
|
||
|
"php-sqlite3",
|
||
|
"php-xml",
|
||
|
"sqlite3",
|
||
|
"unzip",
|
||
|
]
|
||
|
state: latest
|
||
|
|
||
|
roles:
|
||
|
- role: pi_updatelist
|
||
|
tags: [update]
|
||
|
- role: pi_dnsmasq
|
||
|
|
||
|
- hosts: all
|
||
|
become: yes
|
||
|
tags: [update]
|
||
|
vars_files:
|
||
|
- "vars/vault.yml"
|
||
|
|
||
|
tasks:
|
||
|
# https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
|
||
|
- name: Update packages
|
||
|
ansible.builtin.apt:
|
||
|
update_cache: yes
|
||
|
force_apt_get: yes
|
||
|
cache_valid_time: 3600
|
||
|
upgrade: yes
|
||
|
|
||
|
- name: Remove ubuntu motd spam
|
||
|
ansible.builtin.file:
|
||
|
path: "/etc/update-motd.d/{{ item }}"
|
||
|
state: absent
|
||
|
loop:
|
||
|
- 10-help-text
|
||
|
- 50-landscape-sysinfo
|
||
|
- 50-motd-news
|
||
|
- 80-livepatch
|
||
|
- 95-hwe-eol
|
||
|
when: ansible_distribution == 'Ubuntu'
|
||
|
|
||
|
- name: Check if a reboot is needed for Debian and Ubuntu boxes
|
||
|
register: reboot_required_file
|
||
|
stat: path=/var/run/reboot-required get_md5=no
|
||
|
|
||
|
- name: Reboot the server
|
||
|
ansible.builtin.reboot:
|
||
|
msg: "Reboot initiated by Ansible due to kernel updates"
|
||
|
connect_timeout: 5
|
||
|
reboot_timeout: 300
|
||
|
pre_reboot_delay: 0
|
||
|
post_reboot_delay: 30
|
||
|
test_command: uptime
|
||
|
when: reboot_required_file.stat.exists
|