br0tkasten/ansible-role-incus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

split tasks per distribution, add msmtp

Browse Source
This commit is contained in:
br0tkasten
2022-01-06 13:48:02 +01:00
parent 57e5333dc5
commit 042be1c6ea
10 changed files with 155 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
files/syslog.conf → files/alpine/syslog.conf
View File

0
files/update.sh → files/alpine/update.sh
View File

60
tasks/alpine.yml Normal file
View File

@ -0,0 +1,60 @@
---
- name: install basics
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- /sbin/apk add -U python3 dropbear openssh-client-default wget"
- name: setup ssh
include: ssh.yml
- name: enable dropbear
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- rc-update add dropbear"
- name: enable dropbear
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- rc-service dropbear restart"
- name: install software
apk: name={{ alpine_software }} state=present update_cache=yes
- name: deploy syslog config
copy:
src: alpine/syslog.conf
dest: /etc/conf.d/syslog
mode: 0644
notify:
- restart container
- name: deploy update script
copy:
src: alpine/update.sh
dest: /etc/periodic/daily/update
mode: 0755
owner: root
group: root
- name: deploy mail aliases
template:
src: aliases.j2
dest: /etc/aliases
mode: 0644
owner: root
group: root
- name: deploy msmtprc
template:
src: msmtprc.j2
dest: /etc/msmtprc
mode: 0644
owner: root
group: root
- name: symlink sendmail
file:
src: /usr/bin/msmtp
dest: /usr/sbin/sendmail
force: yes
state: link

21
tasks/archlinux.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: install basics
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- /usr/sbin/pacman -Syu --noconfirm python3 dropbear dropbear-scp wget"
- name: setup ssh
include: ssh.yml
- name: enable dropbear
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- systemctl enable dropbear"
- name: enable dropbear
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- systemctl restart dropbear"
- name: install software
pacman: name={{ archlinux_software }} state=present update_cache=yes

55
tasks/main.yml
View File

@ -18,7 +18,7 @@
mode: pull
server: https://images.linuxcontainers.org
protocol: simplestreams #lxd # if you get a 404, try setting protocol: simplestreams
alias: alpine/3.14/amd64
alias: "{{ container_image }}"
devices: '{ "eth0": {"nictype":"bridged", "parent":"lxd","type":"nic","ipv4.address":"{{ ansible_host }}"} }' # default to {}
profiles: ["lxd"]
wait_for_ipv4_addresses: true
@ -26,55 +26,20 @@
delegate_to: localhost
connection: local
- name: install basics
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- /sbin/apk add -U python3 dropbear openssh-client-default wget"
- name: setup alpine
include: alpine.yml
when: '"alpine" in container_image'
- name: setup /root/.ssh
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- mkdir -p /root/.ssh"
- name: setup archlinux
include: archlinux.yml
when: '"archlinux" in container_image'
- name: get authorized_keys
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- wget https://git.br0tkasten.de/br0tkasten/configs/raw/branch/master/dotfiles/authorized_keys -O /root/.ssh/authorized_keys"
- name: fix permissions
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- chmod 0600 /root/.ssh/authorized_keys"
- name: enable dropbear
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- rc-update add dropbear"
- name: enable dropbear
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- rc-service dropbear restart"
- name: install software
package: name={{ install_software }} state=present update_cache=yes
- name: setup rockylinux
include: rockylinux.yml
when: '"rockylinux" in container_image'
- name: deploy motd
copy:
src: motd
dest: /etc/motd
mode: 0644
- name: deploy syslog config
copy:
src: syslog.conf
dest: /etc/conf.d/syslog
mode: 0644
notify:
- restart container
- name: deploy update script
copy:
src: update.sh
dest: /etc/periodic/daily/update
mode: 0755

21
tasks/rockylinux.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: install basics
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- yum install -y python3 wget openssh-server"
- name: setup ssh
include: ssh.yml
- name: enable dropbear
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- systemctl enable sshd"
- name: enable dropbear
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- systemctl restart sshd"
- name: install software
package: name={{ rockylinux_software }} state=present update_cache=yes

15
tasks/ssh.yml Normal file
View File

@ -0,0 +1,15 @@
---
- name: mkdir ~/.ssh
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- mkdir -p /root/.ssh"
- name: get authorized_keys
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- wget -O /root/.ssh/authorized_keys https://git.br0tkasten.de/br0tkasten/configs/raw/branch/master/dotfiles/authorized_keys"
- name: fix file permissions
connection: local
delegate_to: localhost
raw: "lxc exec {{ inventory_hostname }} -- chmod 0600 /root/.ssh/authorized_keys"

2
templates/aliases.j2 Normal file
View File

@ -0,0 +1,2 @@
root: {{ mailto }}
default: {{ mailto }}

11
templates/msmtprc.j2 Normal file
View File

@ -0,0 +1,11 @@
defaults
syslog on
set_from_header on
aliases /etc/aliases
account {{ inventory_hostname_short }}
host {{ mailrelay }}
from {{ inventory_hostname_short }}@br0tkasten.de
port {{ mailport }}
account default : {{ inventory_hostname_short }}

18
vars/main.yml
View File

@ -1,9 +1,21 @@
---
install_software:
alpine_software:
- git
- bash
- dropbear
- python3
# - openssh-server # enable when needed for scp
- openssh-client-default
- openssh-client-common
- openssh-client-common
- msmtp
- mailx
archlinux_software:
- git
- bash
- dropbear
rockylinux_software:
- git
- bash
- openssh-server
- python3