Finish up roles

This commit is contained in:
Sam A. 2022-12-22 23:34:09 +01:00
parent ccb92cabe6
commit 60bcff7061
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
10 changed files with 121 additions and 57 deletions

View file

@ -61,6 +61,7 @@ enable_list:
warn_list: warn_list:
- skip_this_tag - skip_this_tag
- experimental # experimental is included in the implicit list - experimental # experimental is included in the implicit list
- no-changed-when
# - role-name # - role-name
# - yaml[document-start] # you can also use sub-rule matches # - yaml[document-start] # you can also use sub-rule matches

View file

@ -1,30 +1,40 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
66653666613865393239313165343731323338616237653731343964373065386138666161653164 33343537323631306437363833656262343362616463373262346436363462373561373565323035
3031306366373335323239396631633034363332306434380a613331613239663035313235383137 3838366637626533363434363539633261346332343939340a393433623033653933336461336337
62356463323933303336383363363962643963623934663363636364363034323465326562616463 61306630343036326139663164646137333235323235306138653030663832353137376339373539
3236396135396566300a396162623864346162383338343132353331623664643065303634616664 3965303431346538300a306331363135346262346138343430613337373632343538336664383932
65623037636561313237376233623137616537346535333536396662343164633737313938313637 34333163646339613238646161343239383931343566373337313938323963356338663031333731
64313366303264336464653231333562363835383036663864323764636565646137353265363566 61346636656337346166663132383263666332363162323132303939623566353937633939313166
63333332373562663866393139643465346164316464373132636166363562643564343935383737 38313465363738336336316538356266333138373039356337326133306265616232323466363037
61653332326162316532656262666233393132386238653032353435306464343138326236386330 36643637396262666432356233313964636663623636376637336232633462656537313638376663
36316263383863393866616562306365643132633939373836353236666432373662386632323234 62366162396365343530343335643762656661313762333532656532333334396230626631623561
64326132616433643132633035306266623235316137396362306132636437646430323663653233 32363734376261346264643636323636623935633737306262623630373832363763306364653662
62393165333537383232643132353431373338633261323739616565306634306263346163353938 37323930323432383330313331393930396339393530316133666330386531313731656534633436
30393766323339616238613361313834636534623265346237383730386163346562666234303832 62633737393635626561346364656531333531636633633837353634376439653438616433376464
35613236626465393031663833336238323832646261333731393365373539393231366134613866 65613334623439356637323837383863373034363634373531383862323362323237643431636263
36376135396335333437383864613634383635663834393138376635613633333062343338643965 36306563353238373330643337313833376263663938376663323462626563633035616637663432
65343335643435303765666530346431313632353434343735383065346132653035316239353566 62613862303832633238316436353534306137356663373737313931643132333962646536623837
32616536626138653939306137636136396330613964393833616536636464326538396634323037 34616666396238633432306364633434346334376331633137613235383938643735323536373531
63366364393061353638633663343263666132336330306136663662366132343265653361356161 30393033613662393266306666343337373862613034303538353138653562616662653062316538
39666138616331323336313438343763666331363238396364353664383533393632646665326337 32626233613838313331336634613963636230396131313333376330353061363532623664373331
37613034633939356134366639663239653031323037623364633838303734336532626536356365 62303733383237383666633733643164613065323131616239316537666138393130656332396335
66613061653833646231666564316632346166313461636333393965386162626232626465376437 33333761313261373730333733646135313230346161636536353065366365303436366235323463
63396464346137666537626333643564316461316536323236643132346462353133653739363330 31343334303738333362626665363965306531373862363930656666636434323064656339383462
33376137633336616663373633303964323661353636373631633465663566383834373932306330 64393332623663363762313364333131303539363264656632646564306262323534366531356561
38626465353265306431386563343638363064623164393563376365353534343036356331393435 39303062363530623733343437343836636233353163643733363739316461373431623264643333
64613331366234343261343463366330316566313431653632653339386631363966663634656434 61313465363635653333626230643932363563663066366163636565356431666563343866613862
64666161313264386165373231666665303435373138633536616535373132353966636662666561 65643862636331646434393032363163336565613732373338616237366131626566316534623435
35343966373330323231346637363563343063373639326134636364626462663061343231363631 66343964303335626461323132653734653136363762656166336532633964323636653838626531
31303937373261623362323833613837336631346137633831356165313864383364613431646333 30386130393032623965336336393930653239393263633466666135363439653839663038656264
61316636396236633164336563306534626162326263643230303839373761633739366165396331 65336463636331313365623433383237383730393262656262376465376236613732353663306535
33326332393935313262663631386631353936626161623238343335383764343131 31653230363263626135393338313864643561346438643633623331333931386337376431303566
65353736353339653937303164383765653635336632666439313366626133376430626435623232
64393936363266303934313033303562303562323165316334653162343139636663316534333331
30323139326265626566393365316434323863333037646235646235363761326336626561376463
61396439363932643936623764396538346361373635653737633534656665613137656132303033
31306230326264353133313665346261653033626163323461346330353134323836666139326633
62326139653762326262393630303932383461353761386434643230633134643163303463613961
39333531373539366461356166623466626635323564393337396136616363663763313030393863
31633938323332646366326662393339653137636535343062306233633330656266396162666465
63623735393864346137333864326165656133653836353836396432396436346265343138666339
626635323031343133366135303261356136

View file

@ -4,8 +4,11 @@
gather_facts: false gather_facts: false
become: true become: true
vars: vars:
hdd_mount_point: /opt/storage hdd_name: storage
ssd_mount_point: /opt/pi-ssd hdd_mount_point: "/opt/{{ hdd_name }}"
ssd_name: pi-ssd
ssd_mount_point: "/opt/{{ ssd_name }}"
timezone: Europe/Copenhagen timezone: Europe/Copenhagen
@ -13,6 +16,10 @@
- name: Run OS configuration role - name: Run OS configuration role
import_role: import_role:
name: os_config name: os_config
tags:
- os
- name: Run Docker role - name: Run Docker role
import_role: import_role:
name: docker name: docker
tags:
- docker

View file

@ -36,18 +36,14 @@
- docker - docker
- docker-compose - docker-compose
- name: Start but disable Docker daemon - name: Copy Docker daemon config file
service: template:
name: "{{ unit }}" src: daemon.json.j2
enabled: false dest: /etc/docker/daemon.json
state: started mode: u=rw,g=r,o=r
loop:
- docker.socket
- docker.service
loop_control:
loop_var: unit
- name: Set up Docker services - name: Set up Docker services
import_tasks: services.yml import_tasks: services.yml
tags: tags:
- boot
- services - services

View file

@ -1,5 +1,14 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Start but disable Docker daemon
service:
name: "{{ item }}"
enabled: false
state: started
loop:
- docker.socket
- docker.service
- name: Create base directory for Docker volumes - name: Create base directory for Docker volumes
file: file:
name: "{{ base_volume }}" name: "{{ base_volume }}"

View file

@ -0,0 +1,46 @@
# vim: ft=yaml.ansible
---
- name: (Create and) open LUKS containers
luks_device:
uuid: "{{ item.disk.uuid }}"
passphrase: "{{ item.disk.luks_pw }}"
name: "{{ item.name }}"
type: luks2
state: opened
loop:
- disk: "{{ secrets.hdd }}"
name: "{{ hdd_name }}"
- disk: "{{ secrets.ssd }}"
name: "{{ ssd_name }}"
- name: Create filesystems if they do not exist
filesystem:
dev: "/dev/mapper/{{ item }}"
fstype: ext4
state: present
loop:
- "{{ hdd_name }}"
- "{{ ssd_name }}"
- name: Mount filesystems
mount:
src: "/dev/disk/by-uuid/{{ item.uuid }}"
path: "{{ item.path }}"
fstype: ext4
state: ephemeral
loop:
- uuid: "{{ secrets.hdd.uuid }}"
path: "{{ hdd_mount_point }}"
- uuid: "{{ secrets.ssd.uuid }}"
path: "{{ ssd_mount_point }}"
- name: Create swapfile
community.general.filesize:
path: "{{ ssd_mount_point }}/swapfile"
size: 8G
mode: 0600
- name: Mount swapfile
shell: |
mkswap {{ ssd_mount_point }}/swapfile
swapon {{ ssd_mount_point }}/swapfile

View file

@ -1,3 +0,0 @@
# vim: ft=yaml.ansible
---

View file

@ -1,16 +1,14 @@
--- ---
- name: Configure system packages - name: Configure system packages
import_tasks: import_tasks: pkgs.yml
- pkgs.yml
- name: Configure firewall - name: Configure firewall
import_tasks: import_tasks: ufw.yml
- ufw.yml
- name: Configure disk encryption
import_tasks:
- luks.yml
- name: Configure SSH - name: Configure SSH
import_tasks: import_tasks: ssh.yml
- ssh.yml
- name: Configure disks
import_tasks: disks.yml
tags:
- boot

View file

@ -1,7 +1,7 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Upgrade system packages - name: Upgrade system packages
apt: apt:
update_cache: true update_cache: true
upgrade: full upgrade: full

View file

@ -1,7 +1,7 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Allow necessary ports in UFW - name: Allow necessary ports in UFW
community.general.ufw: ufw:
rule: allow rule: allow
port: "{{ item.port }}" port: "{{ item.port }}"
proto: "{{ item.proto | default('tcp') }}" proto: "{{ item.proto | default('tcp') }}"
@ -15,6 +15,6 @@
proto: udp proto: udp
- name: Enable UFW - name: Enable UFW
community.general.ufw: ufw:
state: enabled state: enabled
policy: deny policy: deny