fasse Playbooks zusammen (#587)

Reviewed-on: #587 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
2023-10-26 10:50:36 +02:00 · 2023-10-26 10:50:36 +02:00 · 69b954634f
parent b8f898a596
commit 69b954634f
18 changed files with 67 additions and 87 deletions
--- a/playbooks/1_bootstrap.yml
+++ b/playbooks/1_bootstrap.yml
@ -2,11 +2,17 @@
 - hosts: all
  gather_facts: false
  roles:
-    - { role: robertdebock-ansible-role-bootstrap, tags: "bootstrap", become: true}
-    - { role: mgrote_users, tags: "user", become: true}
-    - { role: mgrote_apt_manage_sources, tags: "apt_sources" }
-    - { role: mgrote_qemu_guest_agent }
-    - { role: mgrote_apt_update_packages, tags: "updates"}
+    - role: robertdebock-ansible-role-bootstrap
+      tags: "bootstrap"
+      become: true
+    - role: mgrote_apt_manage_sources
+      tags: "apt_sources"
+    - role: mgrote_qemu_guest_agent
+    - role: mgrote_apt_update_packages
+      tags: "updates"
+    - role: mgrote_users
+      tags: "user"
+      become: true

  post_tasks:
    - name: Change user password
@ -26,5 +32,16 @@
    ansible_password: hallowelt
    ansible_become_password: hallowelt
    ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
+    ### mgrote.user
+    users:
+      - username: ansible-user
+        password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
+        update_password: always
+        groups: ssh, sudo
+        state: present
+        public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
+        allow_sudo: true
+        allow_passwordless_sudo: true
+

 # Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.
--- a/playbooks/2_all.yml
+++ b/playbooks/2_all.yml
@ -1,17 +1,5 @@
 ---
- ansible.builtin.import_playbook: base/apt_sources.yml
 - ansible.builtin.import_playbook: base/packages.yml
- ansible.builtin.import_playbook: base/ntp_client.yml
- ansible.builtin.import_playbook: base/restic.yml
+- ansible.builtin.import_playbook: base/system.yml
 - ansible.builtin.import_playbook: base/users.yml
- ansible.builtin.import_playbook: base/dotfiles.yml
- ansible.builtin.import_playbook: base/vim.yml
- ansible.builtin.import_playbook: base/postfix.yml
 - ansible.builtin.import_playbook: base/ufw.yml
- ansible.builtin.import_playbook: base/ssh.yml
- ansible.builtin.import_playbook: base/f2b.yml
- ansible.builtin.import_playbook: base/remove_snapd.yml
- ansible.builtin.import_playbook: base/unattended_upgrades.yml
- ansible.builtin.import_playbook: base/update_packages.yml
- ansible.builtin.import_playbook: base/lvm.yml
- ansible.builtin.import_playbook: base/fwupd.yml
--- a/playbooks/base/apt_sources.yml
+++ b/playbooks/base/apt_sources.yml
@ -1,5 +0,0 @@
---
- hosts: all
-  roles:
-    - role: mgrote_apt_manage_sources
-      tags: "apt_sources"
--- a/playbooks/base/dotfiles.yml
+++ b/playbooks/base/dotfiles.yml
@ -1,4 +0,0 @@
---
- hosts: all
-  roles:
-    - { role: mgrote_dotfiles, become: true, tags: "dotfiles" }
--- a/playbooks/base/f2b.yml
+++ b/playbooks/base/f2b.yml
@ -1,4 +0,0 @@
---
- hosts: all
-  roles:
-    - { role: mgrote_fail2ban, tags: "f2b" }
--- a/playbooks/base/fwupd.yml
+++ b/playbooks/base/fwupd.yml
@ -1,7 +0,0 @@
---
- hosts: all
-  roles:
-    - role: mgrote_fwupd_settings
-      become: true
-      tags: fwupd
-      when: "ansible_facts['distribution'] == 'Ubuntu'"
--- a/playbooks/base/lvm.yml
+++ b/playbooks/base/lvm.yml
@ -1,8 +0,0 @@
---
- hosts: all
-  roles:
-    - { role: mrlesmithjr-ansible-manage-lvm,
-        tags: "lvm",
-        become: true,
-        when: manage_lvm == true and manage_lvm is defined }
-        # $manage_lvm gehört zu dieser Rolle, wird aber extra abgefragt um das PLaybook zu "aktivieren"
--- a/playbooks/base/ntp_client.yml
+++ b/playbooks/base/ntp_client.yml
@ -1,4 +0,0 @@
---
- hosts: all
-  roles:
-    - { role: mgrote_ntp_chrony_client, tags: "ntp"}
--- a/playbooks/base/packages.yml
+++ b/playbooks/base/packages.yml
@ -1,6 +1,18 @@
 ---
 - hosts: all
-  serial: 3
  roles:
-    - { role: mgrote_apt_manage_packages, tags: "install"}
-    - { role: mgrote_exa, tags: "exa"}
+    - role: mgrote_apt_manage_sources
+      tags: "apt_sources"
+    - role: mgrote_apt_manage_packages
+      tags: "install"
+    - role: mgrote_exa
+      tags: "exa"
+    - role: mgrote_remove_snapd
+      become: true
+      tags: "snapd"
+    - role: mgrote_apt_update_packages
+      tags: "updates"
+    - role: hifis-net-ansible-role-unattended-upgrades
+      become: true
+      tags: unattended
+      when: "ansible_facts['distribution'] == 'Ubuntu'"
--- a/playbooks/base/postfix.yml
+++ b/playbooks/base/postfix.yml
@ -1,4 +0,0 @@
---
- hosts: all
-  roles:
-    - { role: mgrote_postfix, tags: "postfix" }
--- a/playbooks/base/remove_snapd.yml
+++ b/playbooks/base/remove_snapd.yml
@ -1,4 +0,0 @@
---
- hosts: all
-  roles:
-    - { role: mgrote_remove_snapd, become: true, tags: "snapd" }
--- a/playbooks/base/restic.yml
+++ b/playbooks/base/restic.yml
@ -1,4 +0,0 @@
---
- hosts: all
-  roles:
-    - { role: mgrote_restic, tags: "restic" }
--- a/playbooks/base/ssh.yml
+++ b/playbooks/base/ssh.yml
@ -1,5 +0,0 @@
---
- hosts: all
-  roles:
-    - { role: mgrote_ssh,
-        tags: "ssh"}
--- a/playbooks/base/system.yml
+++ b/playbooks/base/system.yml
@ -0,0 +1,22 @@
+---
+- hosts: all
+  roles:
+    - role: mgrote_ntp_chrony_client
+      tags: "ntp"
+    - role: mgrote_postfix
+      tags: "postfix"
+    - role: mgrote_restic
+      tags: "restic"
+    - role: mgrote_fail2ban
+      tags: "f2b"
+    - role: mgrote_fwupd_settings
+      become: true
+      tags: fwupd
+      when: "ansible_facts['distribution'] == 'Ubuntu'"
+    - role: mrlesmithjr-ansible-manage-lvm
+      tags: "lvm"
+      become: true
+      when: manage_lvm == true and manage_lvm is defined
+      # $manage_lvm gehört zu dieser Rolle, wird aber extra abgefragt um das PLaybook zu "aktivieren"
+    - role: mgrote_ssh
+      tags: "ssh"
--- a/playbooks/base/unattended_upgrades.yml
+++ b/playbooks/base/unattended_upgrades.yml
@ -1,7 +0,0 @@
---
- hosts: all,!pve,!pbs
-  roles:
-    - { role: hifis-net-ansible-role-unattended-upgrades,
-        become: true,
-        tags: unattended,
-        when: "ansible_facts['distribution'] == 'Ubuntu'"}
--- a/playbooks/base/update_packages.yml
+++ b/playbooks/base/update_packages.yml
@ -1,5 +0,0 @@
---
- hosts: all
-  serial: 3
-  roles:
-    - { role: mgrote_apt_update_packages, tags: "updates"}
--- a/playbooks/base/users.yml
+++ b/playbooks/base/users.yml
@ -1,4 +1,10 @@
 ---
 - hosts: all
+  become: true
  roles:
-    - { role: mgrote_users, tags: "user", become: true }
+    - role: mgrote_users
+      tags: "user"
+    - role: mgrote_dotfiles
+      tags: "dotfiles"
+    - role: mgrote_vim
+      tags: "vim"
--- a/playbooks/base/vim.yml
+++ b/playbooks/base/vim.yml
@ -1,4 +0,0 @@
---
- hosts: all
-  roles:
-    - { role: mgrote_vim, tags: "vim", become: true }