split tasks per distribution, add msmtp

2022-01-06 13:48:02 +01:00 · 2022-01-06 13:48:02 +01:00 · 042be1c6ea
commit 042be1c6ea
parent 57e5333dc5
10 changed files with 155 additions and 48 deletions
--- a/files/alpine/syslog.conf
+++ b/files/alpine/syslog.conf
--- a/files/alpine/update.sh
+++ b/files/alpine/update.sh
--- a/tasks/alpine.yml
+++ b/tasks/alpine.yml
@ -0,0 +1,60 @@
+---
+- name: install basics
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- /sbin/apk add -U python3 dropbear openssh-client-default wget"
+
+- name: setup ssh
+  include: ssh.yml
+
+- name: enable dropbear
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- rc-update add dropbear" 
+
+- name: enable dropbear
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- rc-service dropbear restart"
+
+- name: install software
+  apk: name={{ alpine_software }} state=present update_cache=yes
+
+- name: deploy syslog config
+  copy:
+    src: alpine/syslog.conf
+    dest: /etc/conf.d/syslog
+    mode: 0644
+  notify:
+    - restart container
+
+- name: deploy update script
+  copy:
+    src: alpine/update.sh
+    dest: /etc/periodic/daily/update
+    mode: 0755
+    owner: root
+    group: root
+
+- name: deploy mail aliases
+  template:
+    src: aliases.j2
+    dest: /etc/aliases
+    mode: 0644
+    owner: root
+    group: root
+
+- name: deploy msmtprc
+  template:
+    src: msmtprc.j2
+    dest: /etc/msmtprc
+    mode: 0644
+    owner: root
+    group: root
+
+- name: symlink sendmail
+  file:
+    src: /usr/bin/msmtp
+    dest: /usr/sbin/sendmail
+    force: yes
+    state: link
--- a/tasks/archlinux.yml
+++ b/tasks/archlinux.yml
@ -0,0 +1,21 @@
+---
+- name: install basics
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- /usr/sbin/pacman -Syu --noconfirm python3 dropbear dropbear-scp wget"
+
+- name: setup ssh
+  include: ssh.yml
+
+- name: enable dropbear
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- systemctl enable dropbear" 
+
+- name: enable dropbear
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- systemctl restart dropbear"
+
+- name: install software
+  pacman: name={{ archlinux_software }} state=present update_cache=yes
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -18,7 +18,7 @@
      mode: pull
      server: https://images.linuxcontainers.org
      protocol: simplestreams #lxd # if you get a 404, try setting protocol: simplestreams
-      alias: alpine/3.14/amd64
+      alias: "{{ container_image }}"
    devices: '{ "eth0": {"nictype":"bridged", "parent":"lxd","type":"nic","ipv4.address":"{{ ansible_host }}"} }'                                   # default to {}
    profiles: ["lxd"]
    wait_for_ipv4_addresses: true
@ -26,55 +26,20 @@
  delegate_to: localhost
  connection: local

- name: install basics
-  connection: local
-  delegate_to: localhost 
-  raw: "lxc exec {{ inventory_hostname }} -- /sbin/apk add -U python3 dropbear openssh-client-default wget"
+- name: setup alpine 
+  include: alpine.yml
+  when: '"alpine" in container_image'

- name: setup /root/.ssh
-  connection: local
-  delegate_to: localhost
-  raw: "lxc exec {{ inventory_hostname }} -- mkdir -p /root/.ssh"
+- name: setup archlinux
+  include: archlinux.yml
+  when: '"archlinux" in container_image'

- name: get authorized_keys
-  connection: local
-  delegate_to: localhost
-  raw: "lxc exec {{ inventory_hostname }} -- wget https://git.br0tkasten.de/br0tkasten/configs/raw/branch/master/dotfiles/authorized_keys -O /root/.ssh/authorized_keys" 
-
- name: fix permissions
-  connection: local
-  delegate_to: localhost
-  raw: "lxc exec {{ inventory_hostname }} -- chmod 0600 /root/.ssh/authorized_keys"
-
- name: enable dropbear
-  connection: local
-  delegate_to: localhost 
-  raw: "lxc exec {{ inventory_hostname }} -- rc-update add dropbear" 
-
- name: enable dropbear
-  connection: local
-  delegate_to: localhost 
-  raw: "lxc exec {{ inventory_hostname }} -- rc-service dropbear restart"
-
- name: install software
-  package: name={{ install_software }} state=present update_cache=yes
+- name: setup rockylinux
+  include: rockylinux.yml
+  when: '"rockylinux" in container_image'

 - name: deploy motd
  copy:
    src: motd
    dest: /etc/motd
    mode: 0644
-
- name: deploy syslog config
-  copy:
-    src: syslog.conf
-    dest: /etc/conf.d/syslog
-    mode: 0644
-  notify:
-    - restart container
-
- name: deploy update script
-  copy:
-    src: update.sh
-    dest: /etc/periodic/daily/update
-    mode: 0755
--- a/tasks/rockylinux.yml
+++ b/tasks/rockylinux.yml
@ -0,0 +1,21 @@
+---
+- name: install basics
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- yum install -y python3 wget openssh-server"
+
+- name: setup ssh
+  include: ssh.yml
+
+- name: enable dropbear
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- systemctl enable sshd" 
+
+- name: enable dropbear
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- systemctl restart sshd"
+
+- name: install software
+  package: name={{ rockylinux_software }} state=present update_cache=yes
--- a/tasks/ssh.yml
+++ b/tasks/ssh.yml
@ -0,0 +1,15 @@
+---
+- name: mkdir ~/.ssh
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- mkdir -p /root/.ssh" 
+
+- name: get authorized_keys
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- wget -O /root/.ssh/authorized_keys https://git.br0tkasten.de/br0tkasten/configs/raw/branch/master/dotfiles/authorized_keys" 
+
+- name: fix file permissions
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- chmod 0600 /root/.ssh/authorized_keys"
--- a/templates/aliases.j2
+++ b/templates/aliases.j2
@ -0,0 +1,2 @@
+root: {{ mailto }}
+default: {{ mailto }}
--- a/templates/msmtprc.j2
+++ b/templates/msmtprc.j2
@ -0,0 +1,11 @@
+defaults
+syslog on
+set_from_header on
+aliases /etc/aliases
+
+account {{ inventory_hostname_short }}
+host {{ mailrelay }}
+from {{ inventory_hostname_short }}@br0tkasten.de
+port {{ mailport }}
+
+account default : {{ inventory_hostname_short }}
--- a/vars/main.yml
+++ b/vars/main.yml
@ -1,9 +1,21 @@
 ---
-install_software:
+alpine_software:
  - git
  - bash
  - dropbear
  - python3
-    #  - openssh-server # enable when needed for scp
  - openssh-client-default
-  - openssh-client-common 
+  - openssh-client-common
+  - msmtp
+  - mailx
+
+archlinux_software:
+  - git
+  - bash
+  - dropbear
+
+rockylinux_software:
+  - git
+  - bash
+  - openssh-server
+  - python3