fasse Playbooks zusammen (#587)
Reviewed-on: #587 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
parent
b8f898a596
commit
69b954634f
18 changed files with 67 additions and 87 deletions
|
@ -2,11 +2,17 @@
|
||||||
- hosts: all
|
- hosts: all
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
roles:
|
roles:
|
||||||
- { role: robertdebock-ansible-role-bootstrap, tags: "bootstrap", become: true}
|
- role: robertdebock-ansible-role-bootstrap
|
||||||
- { role: mgrote_users, tags: "user", become: true}
|
tags: "bootstrap"
|
||||||
- { role: mgrote_apt_manage_sources, tags: "apt_sources" }
|
become: true
|
||||||
- { role: mgrote_qemu_guest_agent }
|
- role: mgrote_apt_manage_sources
|
||||||
- { role: mgrote_apt_update_packages, tags: "updates"}
|
tags: "apt_sources"
|
||||||
|
- role: mgrote_qemu_guest_agent
|
||||||
|
- role: mgrote_apt_update_packages
|
||||||
|
tags: "updates"
|
||||||
|
- role: mgrote_users
|
||||||
|
tags: "user"
|
||||||
|
become: true
|
||||||
|
|
||||||
post_tasks:
|
post_tasks:
|
||||||
- name: Change user password
|
- name: Change user password
|
||||||
|
@ -26,5 +32,16 @@
|
||||||
ansible_password: hallowelt
|
ansible_password: hallowelt
|
||||||
ansible_become_password: hallowelt
|
ansible_become_password: hallowelt
|
||||||
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
|
ansible_ssh_common_args: "'-o StrictHostKeyChecking=no'"
|
||||||
|
### mgrote.user
|
||||||
|
users:
|
||||||
|
- username: ansible-user
|
||||||
|
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||||
|
update_password: always
|
||||||
|
groups: ssh, sudo
|
||||||
|
state: present
|
||||||
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
|
allow_sudo: true
|
||||||
|
allow_passwordless_sudo: true
|
||||||
|
|
||||||
|
|
||||||
# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.
|
# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.
|
||||||
|
|
|
@ -1,17 +1,5 @@
|
||||||
---
|
---
|
||||||
- ansible.builtin.import_playbook: base/apt_sources.yml
|
|
||||||
- ansible.builtin.import_playbook: base/packages.yml
|
- ansible.builtin.import_playbook: base/packages.yml
|
||||||
- ansible.builtin.import_playbook: base/ntp_client.yml
|
- ansible.builtin.import_playbook: base/system.yml
|
||||||
- ansible.builtin.import_playbook: base/restic.yml
|
|
||||||
- ansible.builtin.import_playbook: base/users.yml
|
- ansible.builtin.import_playbook: base/users.yml
|
||||||
- ansible.builtin.import_playbook: base/dotfiles.yml
|
|
||||||
- ansible.builtin.import_playbook: base/vim.yml
|
|
||||||
- ansible.builtin.import_playbook: base/postfix.yml
|
|
||||||
- ansible.builtin.import_playbook: base/ufw.yml
|
- ansible.builtin.import_playbook: base/ufw.yml
|
||||||
- ansible.builtin.import_playbook: base/ssh.yml
|
|
||||||
- ansible.builtin.import_playbook: base/f2b.yml
|
|
||||||
- ansible.builtin.import_playbook: base/remove_snapd.yml
|
|
||||||
- ansible.builtin.import_playbook: base/unattended_upgrades.yml
|
|
||||||
- ansible.builtin.import_playbook: base/update_packages.yml
|
|
||||||
- ansible.builtin.import_playbook: base/lvm.yml
|
|
||||||
- ansible.builtin.import_playbook: base/fwupd.yml
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- role: mgrote_apt_manage_sources
|
|
||||||
tags: "apt_sources"
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- { role: mgrote_dotfiles, become: true, tags: "dotfiles" }
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- { role: mgrote_fail2ban, tags: "f2b" }
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- role: mgrote_fwupd_settings
|
|
||||||
become: true
|
|
||||||
tags: fwupd
|
|
||||||
when: "ansible_facts['distribution'] == 'Ubuntu'"
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- { role: mrlesmithjr-ansible-manage-lvm,
|
|
||||||
tags: "lvm",
|
|
||||||
become: true,
|
|
||||||
when: manage_lvm == true and manage_lvm is defined }
|
|
||||||
# $manage_lvm gehört zu dieser Rolle, wird aber extra abgefragt um das PLaybook zu "aktivieren"
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- { role: mgrote_ntp_chrony_client, tags: "ntp"}
|
|
|
@ -1,6 +1,18 @@
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
serial: 3
|
|
||||||
roles:
|
roles:
|
||||||
- { role: mgrote_apt_manage_packages, tags: "install"}
|
- role: mgrote_apt_manage_sources
|
||||||
- { role: mgrote_exa, tags: "exa"}
|
tags: "apt_sources"
|
||||||
|
- role: mgrote_apt_manage_packages
|
||||||
|
tags: "install"
|
||||||
|
- role: mgrote_exa
|
||||||
|
tags: "exa"
|
||||||
|
- role: mgrote_remove_snapd
|
||||||
|
become: true
|
||||||
|
tags: "snapd"
|
||||||
|
- role: mgrote_apt_update_packages
|
||||||
|
tags: "updates"
|
||||||
|
- role: hifis-net-ansible-role-unattended-upgrades
|
||||||
|
become: true
|
||||||
|
tags: unattended
|
||||||
|
when: "ansible_facts['distribution'] == 'Ubuntu'"
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- { role: mgrote_postfix, tags: "postfix" }
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- { role: mgrote_remove_snapd, become: true, tags: "snapd" }
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- { role: mgrote_restic, tags: "restic" }
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- { role: mgrote_ssh,
|
|
||||||
tags: "ssh"}
|
|
22
playbooks/base/system.yml
Normal file
22
playbooks/base/system.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- role: mgrote_ntp_chrony_client
|
||||||
|
tags: "ntp"
|
||||||
|
- role: mgrote_postfix
|
||||||
|
tags: "postfix"
|
||||||
|
- role: mgrote_restic
|
||||||
|
tags: "restic"
|
||||||
|
- role: mgrote_fail2ban
|
||||||
|
tags: "f2b"
|
||||||
|
- role: mgrote_fwupd_settings
|
||||||
|
become: true
|
||||||
|
tags: fwupd
|
||||||
|
when: "ansible_facts['distribution'] == 'Ubuntu'"
|
||||||
|
- role: mrlesmithjr-ansible-manage-lvm
|
||||||
|
tags: "lvm"
|
||||||
|
become: true
|
||||||
|
when: manage_lvm == true and manage_lvm is defined
|
||||||
|
# $manage_lvm gehört zu dieser Rolle, wird aber extra abgefragt um das PLaybook zu "aktivieren"
|
||||||
|
- role: mgrote_ssh
|
||||||
|
tags: "ssh"
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all,!pve,!pbs
|
|
||||||
roles:
|
|
||||||
- { role: hifis-net-ansible-role-unattended-upgrades,
|
|
||||||
become: true,
|
|
||||||
tags: unattended,
|
|
||||||
when: "ansible_facts['distribution'] == 'Ubuntu'"}
|
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
serial: 3
|
|
||||||
roles:
|
|
||||||
- { role: mgrote_apt_update_packages, tags: "updates"}
|
|
|
@ -1,4 +1,10 @@
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- { role: mgrote_users, tags: "user", become: true }
|
- role: mgrote_users
|
||||||
|
tags: "user"
|
||||||
|
- role: mgrote_dotfiles
|
||||||
|
tags: "dotfiles"
|
||||||
|
- role: mgrote_vim
|
||||||
|
tags: "vim"
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: all
|
|
||||||
roles:
|
|
||||||
- { role: mgrote_vim, tags: "vim", become: true }
|
|
Loading…
Reference in a new issue