diff --git a/files/alpine/syslog.conf b/files/alpine/syslog.conf index a040f03..08f5c2a 100644 --- a/files/alpine/syslog.conf +++ b/files/alpine/syslog.conf @@ -1 +1 @@ -SYSLOGD_OPTS="-R 10.3.0.1" +SYSLOGD_OPTS="-R 10.5.0.1" diff --git a/files/authorized_keys b/files/authorized_keys deleted file mode 100644 index 7b31278..0000000 --- a/files/authorized_keys +++ /dev/null @@ -1,3 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJFz0EBsDgO37Z4PmQEs+X90bjfZdMohzCYmHxSq+zz root@br0tkasten -ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN6WpzsXF4yereWeARNGv5ykrVtDncFohWSY4zKT0jtVnCoV+IoTKu54zMD63dFpc2oD4GggKXYHjuDZBBxjbL8= root@br0tkasten.de -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC44S8IhA1bMu+EawK0kzXsYJUhy1Hl+QLBwVzTUg6EMyWMX0Wd8IAJXUoP+WPEjExAMiokhsqP02XZsJcNsSmbdq1H0mddrAe/m/JOz/Hru9njWHaAuEYYC+aAQ533opIsmhum2ecuLuYKOVl8DJDM3qSsSa6TGqXeCsKeNLUVqm5vbEgn5FJXkG+O4crfmMxjQXiaXC/STadeb9SKYkQwrroqW63+V7yrsh4GwW2QN7QmKxGrqmymlm/UN9LxIde1/OzcSkXP+Y1mNQKrRKDrwOVr+qK9mY736eW3gDg9ywPRPrY9ZJkepPo2azWKN2aaqR/cHhi77arVxxtjsmzMKXqBoMh57YygJ45tTvGC3jBzcP+ISueqFQasXQUZ+U+Kjp9IFxjgLD5zAzPEdSM9XYHRCV2953HuabIX8iyy1FdpsTDPH9WTtZFdAn+RSIwDEG50UL/1Q0ERV7nu6xsWi5YuNYs1/R5WBqox0DIYEWoM6bVjFZoaa4QD8ArVugfNeUo3/sD0LpMsq2NEEar2hWVAYxx1NzT4MhV3EXmFQjtx3SnlNDwJYHMG1pivNgK+KHVz0zuK+GZ/F+fz32D4dMDYB+BQ/UQZ0rUkLS+lqHvrZZIkbZuM8MpD/fxayRMUn8AiiKQpRKZkusWzXbGSjQFWo4j/kUDDjqFQqBXgHQ== root@br0tkasten.de \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml index e8263ba..ae06d1c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -4,10 +4,9 @@ delegate_to: localhost connection: local -- name: restart container - lxd_container: - name: "{{ inventory_hostname }}" - state: restarted +- name: restart container + command: + cmd: "/usr/bin/incus restart {{ inventory_hostname }}" delegate_to: localhost connection: local diff --git a/tasks/alpine.yml b/tasks/alpine.yml index 9dd86bc..213858b 100644 --- a/tasks/alpine.yml +++ b/tasks/alpine.yml @@ -1,21 +1,29 @@ --- -- name: install basics - connection: local - delegate_to: localhost - raw: "lxc exec {{ inventory_hostname }} -- /sbin/apk add -U python3 dropbear openssh-client-default openssh-sftp-server wget" - - name: setup ssh include: ssh.yml -- name: enable dropbear +- name: install basics connection: local delegate_to: localhost - raw: "lxc exec {{ inventory_hostname }} -- rc-update add dropbear" + command: + cmd: "/usr/bin/incus exec {{ inventory_hostname }} -- {{ item }}" + with_items: + - "/sbin/apk update" + - "/sbin/apk add -U python3 dropbear openssh-client-default openssh-sftp-server wget" + - "rc-update add dropbear" + - "rc-service dropbear restart" -- name: start dropbear - connection: local - delegate_to: localhost - raw: "lxc exec {{ inventory_hostname }} -- rc-service dropbear restart" + #- name: enable dropbear + # connection: local + # delegate_to: localhost + # command: + # cmd: "/usr/bin/incus exec {{ inventory_hostname }} -- rc-update add dropbear" + # + #- name: start dropbear + # connection: local + # delegate_to: localhost + # command: + # cmd: "/usr/bin/incus exec {{ inventory_hostname }} -- rc-service dropbear restart" - name: install software apk: name={{ alpine_software }} state=present update_cache=yes diff --git a/tasks/incus.yml b/tasks/incus.yml new file mode 100644 index 0000000..8281cb3 --- /dev/null +++ b/tasks/incus.yml @@ -0,0 +1,39 @@ +--- +- name: get container info + command: + cmd: "/usr/bin/incus config show {{ inventory_hostname }}" + register: container_info + ignore_errors: true + connection: local + delegate_to: localhost + +- name: create container + command: + cmd: "/usr/bin/incus create images:{{ container_image }} {{ inventory_hostname }}" + when: '"Instance not found" in container_info.stderr' + connection: local + delegate_to: localhost + +- name: configure ip + command: + cmd: "/usr/bin/incus config device add {{ inventory_hostname }} eth0 nic nictype=bridged parent=lxd ipv4.address={{ ansible_host }}" + when: '"Instance not found" in container_info.stderr' + connection: local + delegate_to: localhost + +- name: start container + command: + cmd: "/usr/bin/incus start {{ inventory_hostname }}" + when: '"Instance not found" in container_info.stderr' + connection: local + delegate_to: localhost + +- name: deploy motd + copy: + src: motd + dest: "/var/lib/incus/storage-pools/default/containers/{{ inventory_hostname }}/rootfs/etc/motd" + mode: 0644 + owner: root + group: root + connection: local + delegate_to: localhost diff --git a/tasks/main.yml b/tasks/main.yml index 7c52f48..5e80038 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,45 +1,15 @@ --- -- name: configure dnsmasq hosts - lineinfile: - dest: /etc/dnsmasq.d/hosts.conf - regexp: "^{{ ansible_host }}" - line: "{{ ansible_host }}\t{{ inventory_hostname }}.lxc.br0tkasten.de" - notify: - - reload dnsmasq - delegate_to: localhost - connection: local - -- name: create container - lxd_container: - name: "{{ inventory_hostname }}" - state: started - source: - type: image - mode: pull - server: https://images.linuxcontainers.org - protocol: simplestreams #lxd # if you get a 404, try setting protocol: simplestreams - alias: "{{ container_image }}" - devices: '{ "eth0": {"nictype":"bridged", "parent":"lxd","type":"nic","ipv4.address":"{{ ansible_host }}"} }' # default to {} - profiles: ["lxd"] - wait_for_ipv4_addresses: true - timeout: 120 - delegate_to: localhost - connection: local +- name: setup container + include_tasks: incus.yml - name: setup alpine - include: alpine.yml + include_tasks: alpine.yml when: '"alpine" in container_image' - name: setup archlinux - include: archlinux.yml + include_tasks: archlinux.yml when: '"archlinux" in container_image' - name: setup rockylinux - include: rockylinux.yml + include_tasks: rockylinux.yml when: '"rockylinux" in container_image' - -- name: deploy motd - copy: - src: motd - dest: /etc/motd - mode: 0644 diff --git a/tasks/ssh.yml b/tasks/ssh.yml index 6bba4da..3bc1c8a 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -2,19 +2,31 @@ - name: mkdir ~/.ssh connection: local delegate_to: localhost - raw: "lxc exec {{ inventory_hostname }} -- mkdir -p /root/.ssh" + command: + cmd: "/usr/bin/incus exec {{ inventory_hostname }} -- mkdir -p /root/.ssh" + +#- name: get authorized_keys +# connection: local +# delegate_to: localhost +# copy: +# src: authorized_keys +# dest: "/var/lib/incus/storage-pools/default/containers/{{ inventory_hostname }}/rootfs/root/.ssh/authorized_keys" +# owner: root +# group: root +# mode: 0600 - name: get authorized_keys connection: local delegate_to: localhost - copy: - src: authorized_keys - dest: "/var/lib/lxd/storage-pools/default/containers/{{ inventory_hostname }}/rootfs/root/.ssh/authorized_keys" + get_url: + url: https://git.br0tkasten.de/br0tkasten.keys + dest: "/var/lib/incus/storage-pools/default/containers/{{ inventory_hostname }}/rootfs/root/.ssh/authorized_keys" owner: root group: root mode: 0600 -- name: fix file permissions - connection: local - delegate_to: localhost - raw: "lxc exec {{ inventory_hostname }} -- chmod 0600 /root/.ssh/authorized_keys" +#- name: fix file permissions +# connection: local +# delegate_to: localhost +# command: +# cmd: "/usr/bin/incus exec {{ inventory_hostname }} -- chmod 0600 /root/.ssh/authorized_keys"