Finish up roles

This commit is contained in:
Sam A. 2022-12-22 23:34:09 +01:00
parent ccb92cabe6
commit 60bcff7061
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
10 changed files with 121 additions and 57 deletions

View file

@ -61,6 +61,7 @@ enable_list:
warn_list:
- skip_this_tag
- experimental # experimental is included in the implicit list
- no-changed-when
# - role-name
# - yaml[document-start] # you can also use sub-rule matches

View file

@ -1,30 +1,40 @@
$ANSIBLE_VAULT;1.1;AES256
66653666613865393239313165343731323338616237653731343964373065386138666161653164
3031306366373335323239396631633034363332306434380a613331613239663035313235383137
62356463323933303336383363363962643963623934663363636364363034323465326562616463
3236396135396566300a396162623864346162383338343132353331623664643065303634616664
65623037636561313237376233623137616537346535333536396662343164633737313938313637
64313366303264336464653231333562363835383036663864323764636565646137353265363566
63333332373562663866393139643465346164316464373132636166363562643564343935383737
61653332326162316532656262666233393132386238653032353435306464343138326236386330
36316263383863393866616562306365643132633939373836353236666432373662386632323234
64326132616433643132633035306266623235316137396362306132636437646430323663653233
62393165333537383232643132353431373338633261323739616565306634306263346163353938
30393766323339616238613361313834636534623265346237383730386163346562666234303832
35613236626465393031663833336238323832646261333731393365373539393231366134613866
36376135396335333437383864613634383635663834393138376635613633333062343338643965
65343335643435303765666530346431313632353434343735383065346132653035316239353566
32616536626138653939306137636136396330613964393833616536636464326538396634323037
63366364393061353638633663343263666132336330306136663662366132343265653361356161
39666138616331323336313438343763666331363238396364353664383533393632646665326337
37613034633939356134366639663239653031323037623364633838303734336532626536356365
66613061653833646231666564316632346166313461636333393965386162626232626465376437
63396464346137666537626333643564316461316536323236643132346462353133653739363330
33376137633336616663373633303964323661353636373631633465663566383834373932306330
38626465353265306431386563343638363064623164393563376365353534343036356331393435
64613331366234343261343463366330316566313431653632653339386631363966663634656434
64666161313264386165373231666665303435373138633536616535373132353966636662666561
35343966373330323231346637363563343063373639326134636364626462663061343231363631
31303937373261623362323833613837336631346137633831356165313864383364613431646333
61316636396236633164336563306534626162326263643230303839373761633739366165396331
33326332393935313262663631386631353936626161623238343335383764343131
33343537323631306437363833656262343362616463373262346436363462373561373565323035
3838366637626533363434363539633261346332343939340a393433623033653933336461336337
61306630343036326139663164646137333235323235306138653030663832353137376339373539
3965303431346538300a306331363135346262346138343430613337373632343538336664383932
34333163646339613238646161343239383931343566373337313938323963356338663031333731
61346636656337346166663132383263666332363162323132303939623566353937633939313166
38313465363738336336316538356266333138373039356337326133306265616232323466363037
36643637396262666432356233313964636663623636376637336232633462656537313638376663
62366162396365343530343335643762656661313762333532656532333334396230626631623561
32363734376261346264643636323636623935633737306262623630373832363763306364653662
37323930323432383330313331393930396339393530316133666330386531313731656534633436
62633737393635626561346364656531333531636633633837353634376439653438616433376464
65613334623439356637323837383863373034363634373531383862323362323237643431636263
36306563353238373330643337313833376263663938376663323462626563633035616637663432
62613862303832633238316436353534306137356663373737313931643132333962646536623837
34616666396238633432306364633434346334376331633137613235383938643735323536373531
30393033613662393266306666343337373862613034303538353138653562616662653062316538
32626233613838313331336634613963636230396131313333376330353061363532623664373331
62303733383237383666633733643164613065323131616239316537666138393130656332396335
33333761313261373730333733646135313230346161636536353065366365303436366235323463
31343334303738333362626665363965306531373862363930656666636434323064656339383462
64393332623663363762313364333131303539363264656632646564306262323534366531356561
39303062363530623733343437343836636233353163643733363739316461373431623264643333
61313465363635653333626230643932363563663066366163636565356431666563343866613862
65643862636331646434393032363163336565613732373338616237366131626566316534623435
66343964303335626461323132653734653136363762656166336532633964323636653838626531
30386130393032623965336336393930653239393263633466666135363439653839663038656264
65336463636331313365623433383237383730393262656262376465376236613732353663306535
31653230363263626135393338313864643561346438643633623331333931386337376431303566
65353736353339653937303164383765653635336632666439313366626133376430626435623232
64393936363266303934313033303562303562323165316334653162343139636663316534333331
30323139326265626566393365316434323863333037646235646235363761326336626561376463
61396439363932643936623764396538346361373635653737633534656665613137656132303033
31306230326264353133313665346261653033626163323461346330353134323836666139326633
62326139653762326262393630303932383461353761386434643230633134643163303463613961
39333531373539366461356166623466626635323564393337396136616363663763313030393863
31633938323332646366326662393339653137636535343062306233633330656266396162666465
63623735393864346137333864326165656133653836353836396432396436346265343138666339
626635323031343133366135303261356136

View file

@ -4,8 +4,11 @@
gather_facts: false
become: true
vars:
hdd_mount_point: /opt/storage
ssd_mount_point: /opt/pi-ssd
hdd_name: storage
hdd_mount_point: "/opt/{{ hdd_name }}"
ssd_name: pi-ssd
ssd_mount_point: "/opt/{{ ssd_name }}"
timezone: Europe/Copenhagen
@ -13,6 +16,10 @@
- name: Run OS configuration role
import_role:
name: os_config
tags:
- os
- name: Run Docker role
import_role:
name: docker
tags:
- docker

View file

@ -36,18 +36,14 @@
- docker
- docker-compose
- name: Start but disable Docker daemon
service:
name: "{{ unit }}"
enabled: false
state: started
loop:
- docker.socket
- docker.service
loop_control:
loop_var: unit
- name: Copy Docker daemon config file
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
mode: u=rw,g=r,o=r
- name: Set up Docker services
import_tasks: services.yml
tags:
- boot
- services

View file

@ -1,5 +1,14 @@
# vim: ft=yaml.ansible
---
- name: Start but disable Docker daemon
service:
name: "{{ item }}"
enabled: false
state: started
loop:
- docker.socket
- docker.service
- name: Create base directory for Docker volumes
file:
name: "{{ base_volume }}"

View file

@ -0,0 +1,46 @@
# vim: ft=yaml.ansible
---
- name: (Create and) open LUKS containers
luks_device:
uuid: "{{ item.disk.uuid }}"
passphrase: "{{ item.disk.luks_pw }}"
name: "{{ item.name }}"
type: luks2
state: opened
loop:
- disk: "{{ secrets.hdd }}"
name: "{{ hdd_name }}"
- disk: "{{ secrets.ssd }}"
name: "{{ ssd_name }}"
- name: Create filesystems if they do not exist
filesystem:
dev: "/dev/mapper/{{ item }}"
fstype: ext4
state: present
loop:
- "{{ hdd_name }}"
- "{{ ssd_name }}"
- name: Mount filesystems
mount:
src: "/dev/disk/by-uuid/{{ item.uuid }}"
path: "{{ item.path }}"
fstype: ext4
state: ephemeral
loop:
- uuid: "{{ secrets.hdd.uuid }}"
path: "{{ hdd_mount_point }}"
- uuid: "{{ secrets.ssd.uuid }}"
path: "{{ ssd_mount_point }}"
- name: Create swapfile
community.general.filesize:
path: "{{ ssd_mount_point }}/swapfile"
size: 8G
mode: 0600
- name: Mount swapfile
shell: |
mkswap {{ ssd_mount_point }}/swapfile
swapon {{ ssd_mount_point }}/swapfile

View file

@ -1,3 +0,0 @@
# vim: ft=yaml.ansible
---

View file

@ -1,16 +1,14 @@
---
- name: Configure system packages
import_tasks:
- pkgs.yml
import_tasks: pkgs.yml
- name: Configure firewall
import_tasks:
- ufw.yml
- name: Configure disk encryption
import_tasks:
- luks.yml
import_tasks: ufw.yml
- name: Configure SSH
import_tasks:
- ssh.yml
import_tasks: ssh.yml
- name: Configure disks
import_tasks: disks.yml
tags:
- boot

View file

@ -1,7 +1,7 @@
# vim: ft=yaml.ansible
---
- name: Allow necessary ports in UFW
community.general.ufw:
ufw:
rule: allow
port: "{{ item.port }}"
proto: "{{ item.proto | default('tcp') }}"
@ -15,6 +15,6 @@
proto: udp
- name: Enable UFW
community.general.ufw:
ufw:
state: enabled
policy: deny