317 lines
8.0 KiB
YAML
317 lines
8.0 KiB
YAML
- hosts: all
|
|
become: "{{ do_become }}"
|
|
tags:
|
|
- always
|
|
vars_files:
|
|
- "vars/vault.yml"
|
|
tasks:
|
|
- name: Get dpkg arch
|
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
ansible.builtin.shell: dpkg --print-architecture
|
|
register: _apt_arch
|
|
changed_when: false
|
|
|
|
- hosts: all:!unifi
|
|
become: "{{ do_become }}"
|
|
tags: [never, init]
|
|
vars_files:
|
|
- "vars/vault.yml"
|
|
|
|
pre_tasks:
|
|
- include_tasks: tasks/users.yml
|
|
with_items: "{{ users }}"
|
|
loop_control:
|
|
loop_var: user
|
|
|
|
- name: Change hostname
|
|
when: "set_hostname is defined"
|
|
register: new_hostname
|
|
ansible.builtin.hostname:
|
|
name: "{{ set_hostname }}"
|
|
|
|
- name: Change hostname in hosts
|
|
when: new_hostname.changed
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/hosts
|
|
regexp: '^127\.0\.0\.1 localhost'
|
|
line: "127.0.0.1 localhost {{ set_hostname }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
|
|
- name: Reboot the server
|
|
ansible.builtin.reboot:
|
|
msg: "Reboot initiated by Ansible due to hostname change"
|
|
connect_timeout: 5
|
|
reboot_timeout: 300
|
|
pre_reboot_delay: 2
|
|
post_reboot_delay: 30
|
|
test_command: uptime
|
|
when: new_hostname.changed
|
|
|
|
- include_tasks: tasks/remove_prox_ee_apt.yml
|
|
when: inventory_hostname in groups['prox']
|
|
|
|
- name: Update apt cache
|
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
cache_valid_time: 1
|
|
|
|
roles:
|
|
- role: geerlingguy.ntp
|
|
- role: geerlingguy.security
|
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
tasks:
|
|
- name: Install packages
|
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
ansible.builtin.apt:
|
|
name: "{{package_list}}"
|
|
state: latest
|
|
|
|
- name: Install pip packages
|
|
ansible.builtin.pip:
|
|
name:
|
|
- github3.py
|
|
|
|
- hosts: docker
|
|
become: "{{ do_become }}"
|
|
tags:
|
|
- docker
|
|
vars_files:
|
|
- "vars/vault.yml"
|
|
post_tasks:
|
|
- name: Install pip packages
|
|
ansible.builtin.pip:
|
|
name:
|
|
- docker
|
|
|
|
- name: Create plugin directory if not present
|
|
ansible.builtin.file:
|
|
path: "/home/{{ item.username }}/.docker/cli-plugins/"
|
|
state: directory
|
|
owner: "{{ item.username }}"
|
|
group: "{{ item.groupname }}"
|
|
mode: "0775"
|
|
loop: "{{ docker_users_obj }}"
|
|
|
|
- name: Get latest release of a public repository
|
|
community.general.github_release:
|
|
user: docker
|
|
repo: compose
|
|
action: latest_release
|
|
register: comp_cli
|
|
|
|
- name: Install compose plugin
|
|
ansible.builtin.get_url:
|
|
url: "https://github.com/docker/compose/releases/download/{{comp_cli.tag}}/docker-compose-linux-{{ ansible_architecture }}"
|
|
dest: "/home/{{ users.0.username }}/.docker/cli-plugins/docker-compose"
|
|
mode: "0755"
|
|
owner: "{{ users.0.username }}"
|
|
group: "{{ users.0.groupname }}"
|
|
|
|
roles:
|
|
- role: geerlingguy.docker
|
|
when: ansible_distribution == 'Ubuntu'
|
|
|
|
- hosts: kube
|
|
tags:
|
|
- init
|
|
- kube
|
|
- never
|
|
vars_files:
|
|
- "vars/vault.yml"
|
|
tasks:
|
|
- name: Install runtime dependencies
|
|
become: "{{ do_become }}"
|
|
ansible.builtin.apt:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- fuse-overlayfs
|
|
- nfs-common
|
|
- open-iscsi
|
|
- name: Include Containerd role
|
|
include_role:
|
|
name: geerlingguy.containerd
|
|
apply:
|
|
become: "{{ do_become }}"
|
|
- name: Include Docker role
|
|
include_role:
|
|
name: geerlingguy.docker
|
|
apply:
|
|
become: "{{ do_become }}"
|
|
- name: Include Kubernetes role
|
|
include_role:
|
|
name: kubernetes
|
|
- name: Include ZFS role
|
|
when: inventory_hostname in groups['zfs']
|
|
include_role:
|
|
name: zfs
|
|
- name: Include NFS role
|
|
when: inventory_hostname in groups['nfs']
|
|
include_role:
|
|
name: geerlingguy.nfs
|
|
apply:
|
|
become: "{{ do_become }}"
|
|
|
|
- hosts: prox
|
|
vars_files:
|
|
- "vars/vault.yml"
|
|
tags:
|
|
- prox
|
|
- update
|
|
roles:
|
|
- role: ironicbadger_ansible-role-proxmox-nag-removal
|
|
- role: proxmox
|
|
|
|
- hosts: raspberries
|
|
vars_files:
|
|
- "vars/vault.yml"
|
|
tags:
|
|
- init
|
|
- raspberries
|
|
- update
|
|
tasks:
|
|
- name: Install packages
|
|
become: "{{ do_become }}"
|
|
ansible.builtin.apt:
|
|
name: "{{ item }}"
|
|
loop:
|
|
- libraspberrypi-bin
|
|
- linux-modules-extra-raspi
|
|
- vlan
|
|
|
|
- name: Add the 802.1q module
|
|
community.general.modprobe:
|
|
name: 8021q
|
|
state: present
|
|
|
|
- name: Place PoE fan file
|
|
become: "{{ do_become }}"
|
|
ansible.builtin.copy:
|
|
content: |
|
|
# Ansible managed
|
|
|
|
dtoverlay=rpi-poe
|
|
dtparam=poe_fan_temp0=57000
|
|
dtparam=poe_fan_temp1=60000
|
|
dtparam=poe_fan_temp2=63000
|
|
dtparam=poe_fan_temp3=66000
|
|
|
|
dtoverlay=vc4-fkms-v3d
|
|
dest: /boot/firmware/usercfg.txt
|
|
|
|
- hosts: piholes
|
|
vars_files:
|
|
- "vars/vault.yml"
|
|
tags:
|
|
- pihole
|
|
- update
|
|
roles:
|
|
- role: pihole_updatelist
|
|
- role: pi_dnsmasq
|
|
- role: pihole
|
|
|
|
# - hosts: usg
|
|
# vars_files:
|
|
# - "vars/vault.yml"
|
|
# - "vars/wireguard.yml"
|
|
# tags: [network, ubnt]
|
|
# roles:
|
|
# - role: usg
|
|
|
|
# - hosts: cloud_key
|
|
# vars_files:
|
|
# - "vars/vault.yml"
|
|
# - "vars/wireguard.yml"
|
|
# tags: [network, ubnt]
|
|
# roles:
|
|
# - role: cloud_key
|
|
|
|
- hosts: all:!unifi
|
|
become: "{{ do_become }}"
|
|
tags:
|
|
- init
|
|
- update
|
|
vars_files:
|
|
- "vars/vault.yml"
|
|
|
|
tasks:
|
|
# https://www.cyberciti.biz/faq/ansible-apt-update-all-packages-on-ubuntu-debian-linux/
|
|
- name: Update packages
|
|
when: ansible_distribution == 'Ubuntu'
|
|
ansible.builtin.apt:
|
|
update_cache: "True"
|
|
force_apt_get: "True"
|
|
cache_valid_time: 3600
|
|
upgrade: "True"
|
|
|
|
- name: Remove ubuntu motd spam
|
|
ansible.builtin.file:
|
|
path: "/etc/update-motd.d/{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- 10-help-text
|
|
- 10-uname
|
|
- 50-landscape-sysinfo
|
|
- 50-motd-news
|
|
- 80-livepatch
|
|
- 88-esm-announce
|
|
- 90-updates-available
|
|
- 91-contract-ua-esm-status
|
|
- 91-release-upgrade
|
|
- 92-unattended-upgrades
|
|
- 95-hwe-eol
|
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
|
|
- name: Place MoTD
|
|
become: "{{ do_become }}"
|
|
when: ansible_distribution == 'Ubuntu'
|
|
ansible.builtin.copy:
|
|
content: |
|
|
#!/bin/sh
|
|
# Ansible managed
|
|
|
|
neofetch
|
|
mode: 0755
|
|
dest: /etc/update-motd.d/01-neofetch
|
|
|
|
- name: Check if pi-hole is installed
|
|
when: inventory_hostname in groups['piholes']
|
|
ansible.builtin.stat:
|
|
path: "/usr/local/bin/pihole"
|
|
register: pihole_exec
|
|
|
|
- name: Update PiHole
|
|
when: inventory_hostname in groups['piholes'] and pihole_exec.stat.exists
|
|
become: "{{ do_become }}"
|
|
ansible.builtin.command:
|
|
argv:
|
|
- pihole
|
|
- -up
|
|
|
|
- name: Install and update chezmoi
|
|
include_tasks: tasks/omp.yml
|
|
|
|
- include_tasks: tasks/remove_prox_ee_apt.yml
|
|
when: inventory_hostname in groups['prox']
|
|
|
|
- name: Check if a reboot is needed for Debian and Ubuntu boxes
|
|
register: reboot_required_file
|
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
ansible.builtin.stat:
|
|
path: /var/run/reboot-required
|
|
get_md5: no
|
|
|
|
- name: Reboot the server
|
|
throttle: 1
|
|
when: reboot_required_file.stat.exists and (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian')
|
|
ansible.builtin.reboot:
|
|
msg: "Reboot initiated by Ansible due to kernel updates"
|
|
connect_timeout: 5
|
|
reboot_timeout: 300
|
|
pre_reboot_delay: 0
|
|
post_reboot_delay: 30
|
|
test_command: uptime
|