- hosts: all become: "{{ do_become }}" tags: [always] vars_files: - "vars/vault.yml" tasks: - name: Get dpkg arch when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ansible.builtin.shell: dpkg --print-architecture register: _apt_arch - hosts: all:!unifi become: "{{ do_become }}" tags: [never, init] vars_files: - "vars/vault.yml" collections: - ansible.builtin.apt - ansible.builtin.apt_key - ansible.builtin.apt_repository - ansible.builtin.command - ansible.builtin.copy - ansible.builtin.dpkg_selections - ansible.builtin.file - ansible.builtin.get_url - ansible.builtin.git - ansible.builtin.group - ansible.builtin.hostname - ansible.builtin.lineinfile - ansible.builtin.pip - ansible.builtin.reboot - ansible.builtin.stat - ansible.builtin.template - ansible.builtin.user - ansible.posix.authorized_key - ansible.posix.mount pre_tasks: - include_tasks: tasks/users.yml with_items: "{{ users }}" loop_control: loop_var: user - name: Change hostname when: "set_hostname is defined" register: new_hostname ansible.builtin.hostname: name: "{{ set_hostname }}" - name: Change hostname in hosts when: new_hostname.changed ansible.builtin.lineinfile: path: /etc/hosts regexp: '^127\.0\.0\.1 localhost' line: "127.0.0.1 localhost {{ set_hostname }}" owner: root group: root mode: "0644" - name: Reboot the server ansible.builtin.reboot: msg: "Reboot initiated by Ansible due to hostname change" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 2 post_reboot_delay: 30 test_command: uptime when: new_hostname.changed - include_tasks: tasks/remove_prox_ee_apt.yml when: inventory_hostname in groups['prox'] - name: Update apt cache when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ansible.builtin.apt: update_cache: true cache_valid_time: 1 roles: - role: geerlingguy.ntp - role: geerlingguy.security when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' tasks: - name: Install packages when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ansible.builtin.apt: name: "{{ item.name | default(omit) }}" state: latest default_release: "{{ item.default_release | default(omit) }}" with_items: - "{{package_list}}" - name: Install pip packages ansible.builtin.pip: name: - github3.py - hosts: docker become: true tags: [docker] vars_files: - "vars/vault.yml" post_tasks: - name: Install pip packages ansible.builtin.pip: name: - docker - name: Create plugin directory if not present ansible.builtin.file: path: "/home/{{ item.username }}/.docker/cli-plugins/" state: directory owner: "{{ item.username }}" group: "{{ item.groupname }}" mode: "0775" loop: "{{ docker_users_obj }}" - name: Get latest release of a public repository community.general.github_release: user: docker repo: compose action: latest_release register: comp_cli - name: Install compose plugin ansible.builtin.get_url: url: "https://github.com/docker/compose/releases/download/{{comp_cli.tag}}/docker-compose-linux-{{ ansible_architecture }}" dest: "/home/{{ users.0.username }}/.docker/cli-plugins/docker-compose" mode: "0755" owner: "{{ users.0.username }}" group: "{{ users.0.groupname }}" roles: - role: geerlingguy.docker when: ansible_distribution == 'Ubuntu' - hosts: kube tags: [never, init, kube] vars_files: - "vars/vault.yml" tasks: - name: Include Cri-O role include_role: name: alvistack.cri_o apply: become: true - name: Include Runc role include_role: name: alvistack.runc apply: become: true - name: Include Crun role include_role: name: alvistack.crun apply: become: true - name: Include containers_common role include_role: name: alvistack.containers_common apply: become: true - name: Include conmon role include_role: name: alvistack.conmon apply: become: true - name: Include Kubernetes role include_role: name: kubernetes - name: Include ZFS role when: inventory_hostname in groups['zfs'] include_role: name: zfs - name: Include NFS role when: inventory_hostname in groups['nfs'] include_role: name: geerlingguy.nfs apply: become: true - hosts: prox vars_files: - "vars/vault.yml" tags: [update, prox] pre_tasks: - name: Install sudo ansible.builtin.apt: name: sudo state: latest roles: - role: ironicbadger_ansible-role-proxmox-nag-removal - role: proxmox - hosts: piholes vars_files: - "vars/vault.yml" tags: [update, pihole] roles: - role: pihole_updatelist - role: pi_dnsmasq - role: pihole tasks: - name: Install packages become: true ansible.builtin.apt: name: libraspberrypi-bin - name: Place PoE fan file become: true ansible.builtin.copy: content: | # Ansible managed dtoverlay=rpi-poe dtparam=poe_fan_temp0=57000 dtparam=poe_fan_temp1=60000 dtparam=poe_fan_temp2=63000 dtparam=poe_fan_temp3=66000 dtoverlay=vc4-fkms-v3d dest: /boot/firmware/usercfg.txt - hosts: piholes vars_files: - "vars/vault.yml" tags: - pihole - update roles: - role: pihole_updatelist - role: pi_dnsmasq - role: pihole # - hosts: usg # vars_files: # - "vars/vault.yml" # - "vars/wireguard.yml" # tags: [network, ubnt] # roles: # - role: usg # - hosts: cloud_key # vars_files: # - "vars/vault.yml" # - "vars/wireguard.yml" # tags: [network, ubnt] # roles: # - role: cloud_key - hosts: all:!unifi become: "{{ do_become }}" tags: [update] vars_files: - "vars/vault.yml" tasks: # https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/ - name: Update packages when: ansible_distribution == 'Ubuntu' ansible.builtin.apt: update_cache: "True" force_apt_get: "True" cache_valid_time: 3600 upgrade: "True" - name: Remove ubuntu motd spam ansible.builtin.file: path: "/etc/update-motd.d/{{ item }}" state: absent loop: - 10-help-text - 50-landscape-sysinfo - 50-motd-news - 80-livepatch - 90-updates-available - 91-release-upgrade - 95-hwe-eol when: ansible_distribution == 'Ubuntu' - name: Check if pi-hole is installed when: inventory_hostname in groups['piholes'] ansible.builtin.stat: path: "/usr/local/bin/pihole" register: pihole_exec - name: Update PiHole when: inventory_hostname in groups['piholes'] and pihole_exec.stat.exists become: true ansible.builtin.command: argv: - pihole - -up - name: Install and update OMP include_tasks: tasks/omp.yml - include_tasks: tasks/remove_prox_ee_apt.yml when: inventory_hostname in groups['prox'] - name: Check if a reboot is needed for Debian and Ubuntu boxes register: reboot_required_file when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' ansible.builtin.stat: path: /var/run/reboot-required get_md5: no - name: Reboot the server throttle: 1 when: reboot_required_file.stat.exists and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian') ansible.builtin.reboot: msg: "Reboot initiated by Ansible due to kernel updates" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: uptime