fasse Playbooks zusammen (#587)

Reviewed-on: #587
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2023-10-26 10:50:36 +02:00 committed by mg
parent b8f898a596
commit 69b954634f
18 changed files with 67 additions and 87 deletions

View file

@ -2,11 +2,17 @@
- hosts: all - hosts: all
gather_facts: false gather_facts: false
roles: roles:
- { role: robertdebock-ansible-role-bootstrap, tags: "bootstrap", become: true} - role: robertdebock-ansible-role-bootstrap
- { role: mgrote_users, tags: "user", become: true} tags: "bootstrap"
- { role: mgrote_apt_manage_sources, tags: "apt_sources" } become: true
- { role: mgrote_qemu_guest_agent } - role: mgrote_apt_manage_sources
- { role: mgrote_apt_update_packages, tags: "updates"} tags: "apt_sources"
- role: mgrote_qemu_guest_agent
- role: mgrote_apt_update_packages
tags: "updates"
- role: mgrote_users
tags: "user"
become: true
post_tasks: post_tasks:
- name: Change user password - name: Change user password
@ -26,5 +32,16 @@
ansible_password: hallowelt ansible_password: hallowelt
ansible_become_password: hallowelt ansible_become_password: hallowelt
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'" ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
### mgrote.user
users:
- username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: always
groups: ssh, sudo
state: present
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
allow_sudo: true
allow_passwordless_sudo: true
# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen. # Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.

View file

@ -1,17 +1,5 @@
--- ---
- ansible.builtin.import_playbook: base/apt_sources.yml
- ansible.builtin.import_playbook: base/packages.yml - ansible.builtin.import_playbook: base/packages.yml
- ansible.builtin.import_playbook: base/ntp_client.yml - ansible.builtin.import_playbook: base/system.yml
- ansible.builtin.import_playbook: base/restic.yml
- ansible.builtin.import_playbook: base/users.yml - ansible.builtin.import_playbook: base/users.yml
- ansible.builtin.import_playbook: base/dotfiles.yml
- ansible.builtin.import_playbook: base/vim.yml
- ansible.builtin.import_playbook: base/postfix.yml
- ansible.builtin.import_playbook: base/ufw.yml - ansible.builtin.import_playbook: base/ufw.yml
- ansible.builtin.import_playbook: base/ssh.yml
- ansible.builtin.import_playbook: base/f2b.yml
- ansible.builtin.import_playbook: base/remove_snapd.yml
- ansible.builtin.import_playbook: base/unattended_upgrades.yml
- ansible.builtin.import_playbook: base/update_packages.yml
- ansible.builtin.import_playbook: base/lvm.yml
- ansible.builtin.import_playbook: base/fwupd.yml

View file

@ -1,5 +0,0 @@
---
- hosts: all
roles:
- role: mgrote_apt_manage_sources
tags: "apt_sources"

View file

@ -1,4 +0,0 @@
---
- hosts: all
roles:
- { role: mgrote_dotfiles, become: true, tags: "dotfiles" }

View file

@ -1,4 +0,0 @@
---
- hosts: all
roles:
- { role: mgrote_fail2ban, tags: "f2b" }

View file

@ -1,7 +0,0 @@
---
- hosts: all
roles:
- role: mgrote_fwupd_settings
become: true
tags: fwupd
when: "ansible_facts['distribution'] == 'Ubuntu'"

View file

@ -1,8 +0,0 @@
---
- hosts: all
roles:
- { role: mrlesmithjr-ansible-manage-lvm,
tags: "lvm",
become: true,
when: manage_lvm == true and manage_lvm is defined }
# $manage_lvm gehört zu dieser Rolle, wird aber extra abgefragt um das PLaybook zu "aktivieren"

View file

@ -1,4 +0,0 @@
---
- hosts: all
roles:
- { role: mgrote_ntp_chrony_client, tags: "ntp"}

View file

@ -1,6 +1,18 @@
--- ---
- hosts: all - hosts: all
serial: 3
roles: roles:
- { role: mgrote_apt_manage_packages, tags: "install"} - role: mgrote_apt_manage_sources
- { role: mgrote_exa, tags: "exa"} tags: "apt_sources"
- role: mgrote_apt_manage_packages
tags: "install"
- role: mgrote_exa
tags: "exa"
- role: mgrote_remove_snapd
become: true
tags: "snapd"
- role: mgrote_apt_update_packages
tags: "updates"
- role: hifis-net-ansible-role-unattended-upgrades
become: true
tags: unattended
when: "ansible_facts['distribution'] == 'Ubuntu'"

View file

@ -1,4 +0,0 @@
---
- hosts: all
roles:
- { role: mgrote_postfix, tags: "postfix" }

View file

@ -1,4 +0,0 @@
---
- hosts: all
roles:
- { role: mgrote_remove_snapd, become: true, tags: "snapd" }

View file

@ -1,4 +0,0 @@
---
- hosts: all
roles:
- { role: mgrote_restic, tags: "restic" }

View file

@ -1,5 +0,0 @@
---
- hosts: all
roles:
- { role: mgrote_ssh,
tags: "ssh"}

22
playbooks/base/system.yml Normal file
View file

@ -0,0 +1,22 @@
---
- hosts: all
roles:
- role: mgrote_ntp_chrony_client
tags: "ntp"
- role: mgrote_postfix
tags: "postfix"
- role: mgrote_restic
tags: "restic"
- role: mgrote_fail2ban
tags: "f2b"
- role: mgrote_fwupd_settings
become: true
tags: fwupd
when: "ansible_facts['distribution'] == 'Ubuntu'"
- role: mrlesmithjr-ansible-manage-lvm
tags: "lvm"
become: true
when: manage_lvm == true and manage_lvm is defined
# $manage_lvm gehört zu dieser Rolle, wird aber extra abgefragt um das PLaybook zu "aktivieren"
- role: mgrote_ssh
tags: "ssh"

View file

@ -1,7 +0,0 @@
---
- hosts: all,!pve,!pbs
roles:
- { role: hifis-net-ansible-role-unattended-upgrades,
become: true,
tags: unattended,
when: "ansible_facts['distribution'] == 'Ubuntu'"}

View file

@ -1,5 +0,0 @@
---
- hosts: all
serial: 3
roles:
- { role: mgrote_apt_update_packages, tags: "updates"}

View file

@ -1,4 +1,10 @@
--- ---
- hosts: all - hosts: all
become: true
roles: roles:
- { role: mgrote_users, tags: "user", become: true } - role: mgrote_users
tags: "user"
- role: mgrote_dotfiles
tags: "dotfiles"
- role: mgrote_vim
tags: "vim"

View file

@ -1,4 +0,0 @@
---
- hosts: all
roles:
- { role: mgrote_vim, tags: "vim", become: true }