noah.knegt/ansible-automations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: noah.knegt:develop
Branches Tags
noah.knegt:master noah.knegt:develop
..
compare: noah.knegt:d0377f9528c4b8db049aca62b1c52a64efe4e01a
Branches Tags
noah.knegt:develop noah.knegt:master

2 Commits
develop ... d0377f9528

Author SHA1 Message Date
Noah Knegt
d0377f9528 ci: Add linting action
Some checks failed
Linting / yaml-lint (push) Failing after 7s
Details
continuous-integration/drone/push Build is passing
Details
Linting / ansible-lint (push) Failing after 9s
Details 
Signed-off-by: Noah Knegt <git@noahknegt.com>
 2023-11-16 11:17:56 +01:00
Noah Knegt
7e736fa8a4 feat: Update the yaml linting config 
Signed-off-by: Noah Knegt <git@noahknegt.com>
 2023-11-16 11:17:44 +01:00
64 changed files with 718 additions and 195 deletions
Expand all files Collapse all files

53
.drone.yml Normal file
View File

@@ -0,0 +1,53 @@
---
kind: pipeline
type: docker
name: ansible
steps:
- name: yaml lint
image: cytopia/yamllint:alpine
commands:
- yamllint -c .yamllint.yml .
- name: ansible lint
image: cytopia/ansible-lint:alpine
commands:
- ansible-lint .
- name: setup ssh key
image: cytopia/ansible:latest-infra
commands:
- mkdir -p /root/.ssh
- echo "$SSH_KEY" > /root/.ssh/id_ed25519
- chmod 600 /root/.ssh/id_ed25519
- ssh-keyscan -p 4422 vps.noahknegt.com > /root/.ssh/known_hosts
environment:
SSH_KEY:
from_secret: ssh_key
volumes:
- name: ssh_key
path: /root/.ssh
when:
event:
- push
branch:
- master
- name: ansible apply
image: cytopia/ansible:latest-infra
commands:
- eval `ssh-agent -s`
- ssh-add /root/.ssh/id_ed25519
- ansible-playbook -i inventory/hosts.yml site.yml
volumes:
- name: ssh_key
path: /root/.ssh
when:
event:
- push
branch:
- master
volumes:
- name: ssh_key
temp: {}

29
.gitea/workflows/lint.yml
View File

@@ -1,33 +1,26 @@
---
name: Linting
run-name: Linting ansible and yaml files
on:
push:
pull_request:
env:
SSH_KEY: "${{ secrets.SSH_KEY }}"
jobs:
yaml-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Install yaml-lint # As yamllint action is a composite it does not install yamllint itself
run: |
apt update
apt install -y --no-install-recommends yamllint
- name: Lint with yaml-lint
- name: Checkout code
uses: actions/checkout@v3
- name: Lint yaml
uses: ibiqlik/action-yamllint@v3
with:
config_file: .yamllint.yml
ansible-lint:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Lint with ansible lint
uses: ansible/ansible-lint@v24
- name: Checkout code
uses: actions/checkout@v3
- name: Lint ansible code
uses: ansible/ansible-lint@v6

3
.yamllint.yml
View File

@@ -4,6 +4,7 @@ extends: default
ignore: |
.yamllint.yml
.ansible-lint.yml
.gitea/workflows
rules:
truthy:
@@ -11,5 +12,3 @@ rules:
check-keys: false
level: error
line-length: disable
comments:
min-spaces-from-content: 1

12
inventory/hosts.yml
View File

@@ -24,10 +24,12 @@ pis:
ansible_host: 192.168.90.3
ansible_user: ansible
localhost:
equinox-servers:
hosts:
localhost-machine:
ansible_connection: local
apollo:
ansible_host: 23.97.157.206
ansible_port: 2004
ansible_user: ansible
all:
children:
@@ -37,4 +39,6 @@ all:
datacenter:
children:
vpses:
localhost:
equinox:
children:
equinox-servers:

2
roles/corepack/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for corepack

0
roles/corepack/files/temp Normal file
View File

2
roles/corepack/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for corepack

58
roles/corepack/tasks/main.yml Normal file
View File

@@ -0,0 +1,58 @@
---
- name: Check node version
shell: node --version
become: true
become_user: noahk
become_method: su
become_flags: '--login'
vars:
ansible_become_pass: "{{ noahk_password }}"
register: node_version
ignore_errors: true
- name: Set node version if empty
set_fact:
node_version: 0.0.0
when: node_version.stdout is ""
- name: Enable corepack
shell: corepack enable
become: true
become_user: noahk
become_method: su
become_flags: '--login'
vars:
ansible_become_pass: "{{ noahk_password }}"
when: node_version.stdout is version('16.0.0', '<')
- name: Verify corepack
shell: corepack --version
become: true
become_user: noahk
become_method: su
become_flags: '--login'
vars:
ansible_become_pass: "{{ noahk_password }}"
register: corepack_version
ignore_errors: true
- name: Enable pnpm latest version
shell: corepack prepare pnpm@latest --activate
become: true
become_user: noahk
become_method: su
become_flags: '--login'
vars:
ansible_become_pass: "{{ noahk_password }}"
when: node_version.stdout is version('16.0.0', '<')
- name: Test pnpm
shell: pnpm --version
become: true
become_user: noahk
become_method: su
become_flags: '--login'
vars:
ansible_become_pass: "{{ noahk_password }}"
register: pnpm_version
ignore_errors: true

0
roles/corepack/templates/temp.j2 Normal file
View File

2
roles/corepack/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/corepack/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- corepack

3
roles/corepack/vars/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
# vars file for nvm
noahk_password: 'Voorzitter17'

2
roles/docker/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for docker

0
roles/docker/files/temp Normal file
View File

2
roles/docker/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for docker

18
roles/docker/tasks/addusers.yml Normal file
View File

@@ -0,0 +1,18 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 31-03-2023
# @description : This will add selected users to the docker group.
# ===================================================================================================
---
- name: Add users to the docker group
become: true
user:
name: "{{ item }}"
groups: docker
append: true
with_items: "{{ docker_users }}"
when: docker_users is defined

24
roles/docker/tasks/buildx.yml Normal file
View File

@@ -0,0 +1,24 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 06-04-2023
# @description : This will make sure that docker buildx is installed.
# ===================================================================================================
---
- name: Check for docker-buildx
shell: docker buildx version
register: docker_buildx
ignore_errors: true
- name: Install docker-buildx
package:
name: docker-buildx
state: present
when: docker_buildx.stdout is not defined
- name: Alias docker-buildx
shell: docker buildx install
when: docker_buildx.stdout is not defined

29
roles/docker/tasks/check_version.yml Normal file
View File

@@ -0,0 +1,29 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 31-03-2023
# @description : This will check if docker is installed as the latest version.
# ===================================================================================================
---
- name: Check docker version
shell: docker --version
register: docker_version
ignore_errors: true
- name: Install jq
become: true
package:
name: jq
state: present
- name: Check if latest version is stable
shell: "curl -s https://api.github.com/repos/docker/cli/tags | jq -r '.[0].name' | grep -E -o '[0-9]+\\.[0-9]+\\.[0-9]+\\-?'"
register: docker_latest_version
- name: Compare versions
set_fact:
docker_update: true
when: docker_version.stdout is not defined

14
roles/docker/tasks/cleanup.yml Normal file
View File

@@ -0,0 +1,14 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 31-03-2023
# @description : This will cleanup the docker script from the machine.
# ===================================================================================================
---
- name: Cleanup docker script
file:
path: /tmp/get-docker.sh
state: absent

15
roles/docker/tasks/download.yml Normal file
View File

@@ -0,0 +1,15 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 31-03-2023
# @description : This will download the docker install script.
# ===================================================================================================
---
- name: Download the docker install script
get_url:
url: https://get.docker.com
dest: /tmp/get-docker.sh
mode: 0755

13
roles/docker/tasks/install.yml Normal file
View File

@@ -0,0 +1,13 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 31-03-2023
# @description : This will install the docker engine.
# ===================================================================================================
---
- name: Run the docker install script
shell: /tmp/get-docker.sh
when: docker_update is defined

25
roles/docker/tasks/main.yml Normal file
View File

@@ -0,0 +1,25 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 27-03-2023
# @description : This will make sure that docker is installed on the machine.
# ===================================================================================================
---
- include_tasks: check_version.yml
- include_tasks: download.yml
when: docker_update is defined
- include_tasks: install.yml
when: docker_update is defined
- include_tasks: addusers.yml
when: docker_update is defined
- include_tasks: cleanup.yml
when: docker_update is defined
- include_tasks: buildx.yml

0
roles/docker/templates/temp.j2 Normal file
View File

2
roles/docker/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/docker/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- docker

5
roles/docker/vars/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
# vars file for docker
docker_users:
- noahk
- root

2
roles/node/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for node

0
roles/node/files/temp Normal file
View File

2
roles/node/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for node

21
roles/node/tasks/main.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Check node version
shell: node --version
become: true
become_user: noahk
become_method: su
become_flags: '--login'
vars:
ansible_become_pass: "{{ noahk_password }}"
register: node_version
ignore_errors: true
- name: Install node
shell: nvm install --lts
become: true
become_user: noahk
become_method: su
become_flags: '--login'
vars:
ansible_become_pass: "{{ noahk_password }}"
when: node_version.stdout is ""

0
roles/node/templates/temp.j2 Normal file
View File

2
roles/node/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/node/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- node

3
roles/node/vars/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
# vars file for nvm
noahk_password: 'Voorzitter17'

2
roles/nvm/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# defaults file for nvm

0
roles/nvm/files/temp Normal file
View File

2
roles/nvm/handlers/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
# handlers file for nvm

20
roles/nvm/tasks/check_installed.yml Normal file
View File

@@ -0,0 +1,20 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 06-04-2023
# @description : This will check if nvm is installed as the latest version.
# ===================================================================================================
---
- name: Check nvm version
shell: nvm --version
become: true
become_user: noahk
become_method: su
become_flags: '--login'
vars:
ansible_become_pass: "{{ noahk_password }}"
register: nvm_version
ignore_errors: true

22
roles/nvm/tasks/cleanup.yml Normal file
View File

@@ -0,0 +1,22 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 06-04-2023
# @description : This will cleanup the system.
# ===================================================================================================
---
- name: Cleanup
file:
path: "{{ item }}"
state: absent
with_items:
- /tmp/nvm-install.sh
- /tmp/nvm-install.log
- /tmp/nvm-install.out
- /tmp/nvm-install.err
- /tmp/nvm-install.debug
- /tmp/nvm-install.info
- /tmp/nvm-install.warn

16
roles/nvm/tasks/download.yml Normal file
View File

@@ -0,0 +1,16 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 06-04-2023
# @description : This will download the nvm install script.
# ===================================================================================================
---
- name: Download nvm
get_url:
url: https://raw.githubusercontent.com/nvm-sh/nvm/{{ nvm_latest_version.stdout }}/install.sh
dest: /tmp/nvm-install.sh
mode: 0755
when: nvm_version.stdout != nvm_latest_version.stdout or nvm_version.stdout == ""

13
roles/nvm/tasks/get_version.yml Normal file
View File

@@ -0,0 +1,13 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 06-04-2023
# @description : This will get the latest version of nvm.
# ===================================================================================================
---
- name: Get the latest nvm version
shell: curl -s https://api.github.com/repos/nvm-sh/nvm/releases/latest | grep tag_name | cut -d '"' -f 4
register: nvm_latest_version

19
roles/nvm/tasks/install.yml Normal file
View File

@@ -0,0 +1,19 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 06-04-2023
# @description : This will install nvm as the latest version.
# ===================================================================================================
---
- name: Install nvm
shell: /tmp/nvm-install.sh
become: true
become_user: noahk
become_method: su
become_flags: '--login'
vars:
ansible_become_pass: "{{ noahk_password }}"
when: nvm_version.stdout != nvm_latest_version.stdout or nvm_version.stdout == ""

9
roles/nvm/tasks/main.yml Normal file
View File

@@ -0,0 +1,9 @@
---
- import_tasks: check_installed.yml
- import_tasks: get_version.yml
- import_tasks: download.yml
- import_tasks: install.yml
- import_tasks: cleanup.yml

0
roles/nvm/templates/temp.j2 Normal file
View File

2
roles/nvm/tests/inventory Normal file
View File

@@ -0,0 +1,2 @@
localhost

5
roles/nvm/tests/test.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- nvm

3
roles/nvm/vars/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
# vars file for nvm
noahk_password: 'Voorzitter17'

10
roles/setup/handlers/main.yml
View File

@@ -8,11 +8,11 @@
# ===================================================================================================
---
- name: Update apt
ansible.builtin.apt:
update-cache: true
- name: apt_update
apt:
update_cache: true
- name: Restart sshd
ansible.builtin.service:
- name: restart_sshd
service:
name: "{{ openssh_service }}"
state: restarted

17
roles/setup/tasks/config/noahk.yml
View File

@@ -1,17 +0,0 @@
---
- name: Setup dotfiles repo
when: inventory_hostname in groups['localhost']
ansible.builtin.git:
repo: https://git.noahknegt.com/noah.knegt/dotfiles.git # noqa: latest
depth: 1
dest: /home/noahk/dotfiles
accept_hostkey: true
- name: Use stow to set up config data
when: inventory_hostname in groups['localhost']
become: true
become_user: noahk
become_method: ansible.builtin.su
ansible.builtin.command: cd /home/noahk/dotfiles && stow -t ~ .
register: stow_output
changed_when: stow_output.rc != 0

32
roles/setup/tasks/main.yml
View File

@@ -9,36 +9,16 @@
# ===================================================================================================
---
- name: Include distribution variables
ansible.builtin.include_vars:
file: "{{ ansible_distribution }}.yml"
- include_vars: "{{ ansible_distribution }}.yml"
# Setup the ansible user
- name: Create ansible user
ansible.builtin.include_tasks:
file: users/ansible.yml
- name: Create usable user
ansible.builtin.include_tasks:
file: users/noahk.yml
- include_tasks: users/ansible.yml
- include_tasks: users/noahk.yml
# Setup the sshd
- name: Setup openssh
ansible.builtin.include_tasks:
file: system/openssh.yml
- include_tasks: system/openssh.yml
# Setup the repositories for Debian based systems
- name: Setup Debian based repositories
ansible.builtin.include_tasks:
file: software/repositories.yml
- include_tasks: software/repositories.yml
- name: Install and configure UFW
ansible.builtin.include_tasks:
file: software/ufw.yml
- name: Install stow
ansible.builtin.include_tasks:
file: software/stow.yml
- name: Configure the usable user
ansible.builtin.include_tasks:
file: config/noahk.yml
- include_tasks: software/acl.yml

15
roles/setup/tasks/software/acl.yml Normal file
View File

@@ -0,0 +1,15 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 01-06-2023
# @description :
# ===================================================================================================
---
- name: Install acl
package:
name:
- acl
state: latest

4
roles/setup/tasks/software/repositories.yml
View File

@@ -9,9 +9,9 @@
---
- name: Install aptitude and software-properties-common
ansible.builtin.package:
package:
name:
- aptitude
- software-properties-common
state: present
state: latest
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]

6
roles/setup/tasks/software/stow.yml
View File

@@ -1,6 +0,0 @@
---
- name: Install stow
when: inventory_hostname in groups['localhost']
ansible.builtin.package:
name: stow
state: present

47
roles/setup/tasks/software/ufw.yml
View File

@@ -1,47 +0,0 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 01-06-2023
# @description :
# ===================================================================================================
---
- name: Install UFW
ansible.builtin.package:
name: ufw
state: present
- name: UFW deny all incoming traffic
community.general.ufw:
default: deny
direction: incoming
- name: UFW allow all outbound traffic
community.general.ufw:
default: allow
direction: outgoing
- name: Allow all access from RFC1918 networks to this host
community.general.ufw:
direction: incoming
rule: allow
src: "{{ item }}"
loop:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- name: UFW allow default ssh port
community.general.ufw:
direction: incoming
rule: limit
port: ssh
- name: UFW allow custom ssh port
when: setup_openssh_port is defined
community.general.ufw:
direction: incoming
rule: allow
port: "{{ setup_openssh_port }}"

34
roles/setup/tasks/system/openssh.yml
View File

@@ -9,22 +9,20 @@
---
- name: Install or update openssh
ansible.builtin.package:
name: "{{ setup_openssh_package }}"
state: present
package:
name: "{{ openssh_package }}"
state: latest
notify:
- restart_sshd
- name: Enable ssh daemon
when: inventory_hostname in groups['datacenter']
ansible.builtin.service:
- name: enable ssh daemon
service:
name: "{{ openssh_service }}"
state: started
enabled: true
- name: Configure sshd
when: inventory_hostname in groups['datacenter']
ansible.builtin.template:
- name: configure sshd
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
@@ -33,24 +31,10 @@
notify:
- restart_sshd
- name: Copy sshd banner
ansible.builtin.copy:
- name: copy sshd banner
copy:
src: ssh_banner.net
dest: /etc/issue.net
owner: root
group: root
mode: 0644
- name: Copy ssh public key
ansible.builtin.authorized_key:
user: ansible
key: "{{ item }}"
with_file:
- ansible/ansible.pub
- name: Copy ssh public key
ansible.builtin.authorized_key:
user: noahk
key: "{{ item }}"
with_file:
- noahk/noahk.pub

41
roles/setup/tasks/system/zsh.yml
View File

@@ -1,30 +1,49 @@
---
- name: Install zsh
become: true
ansible.builting.package:
package:
name: zsh
state: present
- name: Install oh-my-zsh
become: true
become_user: noahk
ansible.builtin.command: sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
changed_when: true
shell: sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
- name: Install zsh-syntax-highlighting
become: true
ansible.builtin.package:
name: zsh-syntax-highlighting
state: present
become_user: noahk
git:
repo: https://github.com/zsh-users/zsh-syntax-highlighting.git
dest: /home/noahk/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting
update: true
- name: Install zsh-autosuggestions
become: true
ansible.builtin.package:
name: zsh-autosuggestions
state: present
become_user: noahk
git:
repo: https://github.com/zsh-users/zsh-autosuggestions.git
dest: /home/noahk/.oh-my-zsh/custom/plugins/zsh-autosuggestions
update: true
- name: Install starship
become: true
become_user: noahk
ansible.builtin.command: sh -c "$(curl -fsSL https://starship.rs/install.sh)"
changed_when: true
shell: sh -c "$(curl -fsSL https://starship.rs/install.sh)"
- name: Configure ZSH
become: true
become_user: noahk
template:
src: zshrc.j2
dest: /home/noahk/.zshrc
owner: noahk
group: noahk
mode: 0644
- name: Install nushell
become: true
package:
name: nushell
state: present

17
roles/setup/tasks/users/ansible.yml
View File

@@ -9,12 +9,12 @@
---
- name: Add ansible group
ansible.builtin.group:
group:
name: ansible
state: present
- name: Add new ansible user
ansible.builtin.user:
user:
name: ansible
group: ansible
groups: ansible,{{ sudo_group }}
@@ -23,7 +23,7 @@
shell: /bin/bash
- name: Add ansible user to sudoers
ansible.builtin.copy:
copy:
src: ansible/ansible_sudoers
dest: /etc/sudoers.d/ansible
owner: root
@@ -31,9 +31,18 @@
mode: 0440
- name: Create .ssh directory
ansible.builtin.file:
file:
path: /home/ansible/.ssh
state: directory
owner: ansible
group: ansible
mode: 0700
with_items:
- dir: /home/ansible/.ssh
- name: Copy ssh public key
authorized_key:
user: ansible
key: "{{ item }}"
with_file:
- ansible/ansible.pub

21
roles/setup/tasks/users/noahk.yml
View File

@@ -9,21 +9,21 @@
---
- name: Create the group
ansible.builtin.group:
group:
name: noahk
state: present
- name: Create the user
ansible.builtin.user:
user:
name: noahk
group: noahk
groups: noahk,{{ setup_sudo_group }}
password: "{{ setup_noahk_password }}"
groups: noahk,{{ sudo_group }}
password: "{{ noahk_password }}"
state: present
shell: /bin/bash
- name: Add user to sudoers
ansible.builtin.copy:
copy:
src: noahk/noahk_sudoers
dest: /etc/sudoers.d/noahk
owner: root
@@ -31,9 +31,18 @@
mode: 0440
- name: Create .ssh directory
ansible.builtin.file:
file:
path: /home/noahk/.ssh
state: directory
owner: noahk
group: noahk
mode: 0700
with_items:
- dir: /home/noahk/.ssh
- name: Copy ssh public key
authorized_key:
user: noahk
key: "{{ item }}"
with_file:
- noahk/noahk.pub

147
roles/setup/templates/zshrc.j2 Normal file
View File

@@ -0,0 +1,147 @@
# If you come from bash you might have to change your $PATH.
# export PATH=$HOME/bin:/usr/local/bin:$PATH
# Path to your oh-my-zsh installation.
ZSH=/usr/share/oh-my-zsh/
# Set name of the theme to load --- if set to "random", it will
# load a random theme each time oh-my-zsh is loaded, in which case,
# to know which specific one was loaded, run: echo $RANDOM_THEME
# See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
ZSH_THEME="amuse"
# Set list of themes to pick from when loading at random
# Setting this variable when ZSH_THEME=random will cause zsh to load
# a theme from this variable instead of looking in $ZSH/themes/
# If set to an empty array, this variable will have no effect.
# ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" )
# Uncomment the following line to use case-sensitive completion.
# CASE_SENSITIVE="true"
# Uncomment the following line to use hyphen-insensitive completion.
# Case-sensitive completion must be off. _ and - will be interchangeable.
# HYPHEN_INSENSITIVE="true"
# Uncomment the following line to disable bi-weekly auto-update checks.
DISABLE_AUTO_UPDATE="true"
# Uncomment the following line to automatically update without prompting.
# DISABLE_UPDATE_PROMPT="true"
# Uncomment the following line to change how often to auto-update (in days).
# export UPDATE_ZSH_DAYS=13
# Uncomment the following line if pasting URLs and other text is messed up.
# DISABLE_MAGIC_FUNCTIONS="true"
# Uncomment the following line to disable colors in ls.
# DISABLE_LS_COLORS="true"
# Uncomment the following line to disable auto-setting terminal title.
# DISABLE_AUTO_TITLE="true"
# Uncomment the following line to enable command auto-correction.
ENABLE_CORRECTION="true"
# Uncomment the following line to display red dots whilst waiting for completion.
# COMPLETION_WAITING_DOTS="true"
# Uncomment the following line if you want to disable marking untracked files
# under VCS as dirty. This makes repository status check for large repositories
# much, much faster.
# DISABLE_UNTRACKED_FILES_DIRTY="true"
# Uncomment the following line if you want to change the command execution time
# stamp shown in the history command output.
# You can set one of the optional three formats:
# "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
# or set a custom format using the strftime function format specifications,
# see 'man strftime' for details.
# HIST_STAMPS="mm/dd/yyyy"
# Would you like to use another custom folder than $ZSH/custom?
# ZSH_CUSTOM=/path/to/new-custom-folder
# Which plugins would you like to load?
# Standard plugins can be found in $ZSH/plugins/
# Custom plugins may be added to $ZSH_CUSTOM/plugins/
# Example format: plugins=(rails git textmate ruby lighthouse)
# Add wisely, as too many plugins slow down shell startup.
plugins=(
zsh-autosuggestions
zsh-syntax-highlighting
git
cp
docker
docker-compose
dotenv
extract
git-auto-fetch
gitignore
golang
helm
jsontools
kubectl
nvm
rust
rsync
sudo
systemd
themes
tmux
vscode
nmap
)
# User configuration
# Set the XDG_CONFIG_HOME in this file
XDG_CONFIG_HOME=${XDG_CONFIG_HOME:=${HOME}/.config}
# Source the env variables from the XDG_CONFIG_HOME
source $XDG_CONFIG_HOME/zsh/.zshenv
# export MANPATH="/usr/local/man:$MANPATH"
# You may need to manually set your language environment
# export LANG=en_US.UTF-8
# Preferred editor for local and remote sessions
# if [[ -n $SSH_CONNECTION ]]; then
# export EDITOR='vim'
# else
# export EDITOR='mvim'
# fi
# Compilation flags
# export ARCHFLAGS="-arch x86_64"
# Set personal aliases, overriding those provided by oh-my-zsh libs,
# plugins, and themes. Aliases can be placed here, though oh-my-zsh
# users are encouraged to define aliases within the ZSH_CUSTOM folder.
# For a full list of active aliases, run `alias`.
#
# Example aliases
# alias zshconfig="mate ~/.zshrc"
# alias ohmyzsh="mate ~/.oh-my-zsh"
# Custom aliases
alias zshrc="nvim ~/.zshrc && source ~/.zshrc"
source $XDG_CONFIG_HOME/zsh/.aliases
ZSH_CACHE_DIR=$HOME/.cache/oh-my-zsh
if [[ ! -d $ZSH_CACHE_DIR ]]; then
mkdir $ZSH_CACHE_DIR
fi
source $ZSH/oh-my-zsh.sh
# For sharship rs loading
eval "$(starship init zsh)"
# tabtab source for packages
# uninstall by removing these lines
[[ -f ~/.config/tabtab/zsh/__tabtab.zsh ]] && . ~/.config/tabtab/zsh/__tabtab.zsh || true

8
roles/setup/vars/Archlinux.yml
View File

@@ -8,7 +8,7 @@
# ===================================================================================================
---
setup_sudo_group: wheel
setup_openssh_service: sshd
setup_openssh_package: openssh
setup_sftp_path: /usr/lib/ssh/sftp-server
sudo_group: wheel
openssh_service: sshd
openssh_package: openssh
sftp_path: /usr/lib/ssh/sftp-server

8
roles/setup/vars/Debian.yml
View File

@@ -8,7 +8,7 @@
# ===================================================================================================
---
setup_sudo_group: sudo
setup_openssh_service: ssh
setup_openssh_package: openssh-server
setup_sftp_path: /usr/lib/openssh/sftp-server
sudo_group: sudo
openssh_service: ssh
openssh_package: openssh-server
sftp_path: /usr/lib/openssh/sftp-server

9
roles/setup/vars/Ubuntu.yml
View File

@@ -8,7 +8,8 @@
# ===================================================================================================
---
setup_sudo_group: sudo
setup_openssh_service: ssh
setup_openssh_package: openssh-server
setup_sftp_path: /usr/lib/openssh/sftp-server
sudo_group: sudo
openssh_service: ssh
openssh_package: openssh-server
sftp_path: /usr/lib/openssh/sftp-server
ssh_port: 4422

4
roles/setup/vars/main.yml
View File

@@ -8,5 +8,5 @@
# ===================================================================================================
---
setup_ansible_password: "$6$8eLzx6DNI/aamHAp$ZJK3kpbXDaMDUxuCFzRbbYL78aqdDnRRd1zbQPO2ED.pQQdcuAEnwBI2Vf3a36j7I5ED4STx6TLQnB8RiY3Vw/"
setup_noahk_password: "$6$8eLzx6DNI/aamHAp$ZJK3kpbXDaMDUxuCFzRbbYL78aqdDnRRd1zbQPO2ED.pQQdcuAEnwBI2Vf3a36j7I5ED4STx6TLQnB8RiY3Vw/"
ansible_password: '$6$8eLzx6DNI/aamHAp$ZJK3kpbXDaMDUxuCFzRbbYL78aqdDnRRd1zbQPO2ED.pQQdcuAEnwBI2Vf3a36j7I5ED4STx6TLQnB8RiY3Vw/'
noahk_password: '$6$8eLzx6DNI/aamHAp$ZJK3kpbXDaMDUxuCFzRbbYL78aqdDnRRd1zbQPO2ED.pQQdcuAEnwBI2Vf3a36j7I5ED4STx6TLQnB8RiY3Vw/'

22
site.yml
View File

@@ -8,27 +8,33 @@
# ===================================================================================================
---
- name: Setup
hosts: all
- hosts: datacenter
remote_user: root
roles:
- role: setup
when: setup is defined
- hosts: datacenter
remote_user: ansible
roles:
- role: docker
- role: nvm
- role: node
- role: corepack
# Clean up the system
- name: Cleanup
hosts: all
- hosts: datacenter
remote_user: ansible
become: true
tasks:
- name: Cleanup package cache (debian and ubuntu)
ansible.builtin.apt:
- name: cleanup package cache (debian and ubuntu)
apt:
autoclean: true
changed_when: false
when: ansible_os_family == "Debian"
- name: Autoremove packages (debian and ubuntu)
ansible.builtin.apt:
- name: autoremove packages (debian and ubuntu)
apt:
autoremove: true
purge: true
when: ansible_os_family == "Debian"