initial import

2021-11-14 16:55:15 +01:00 · 2021-11-14 16:55:15 +01:00 · b16534c045
commit b16534c045
6 changed files with 112 additions and 0 deletions
--- a/files/motd
+++ b/files/motd
--- a/files/syslog.conf
+++ b/files/syslog.conf
@ -0,0 +1 @@
+SYSLOGD_OPTS="-R 10.3.0.1"
--- a/files/update.sh
+++ b/files/update.sh
@ -0,0 +1,11 @@
+#!/bin/ash
+
+APK=$(which apk)
+UPDATE=$($APK -qU upgrade)
+
+if [ "x$UPDATE" != "x" ];
+then
+	echo -e "$HOSTNAME updated packages:\n"
+	echo -e "$UPDATE\n"
+	reboot
+fi
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,13 @@
+---
+- name: reload dnsmasq
+  systemd: name=dnsmasq state=reloaded
+  delegate_to: localhost
+  connection: local
+
+- name: restart container 
+  lxd_container:
+    name: "{{ inventory_hostname }}"
+    state: restarted
+  delegate_to: localhost
+  connection: local
+
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,80 @@
+---
+- name: configure dnsmasq hosts
+  lineinfile:
+    dest: /etc/dnsmasq.d/hosts.conf
+    regexp: "^{{ ansible_host }}"
+    line: "{{ ansible_host }}\t{{ inventory_hostname }}.lxc.br0tkasten.de"
+  notify:
+    - reload dnsmasq
+  delegate_to: localhost
+  connection: local
+
+- name: create container
+  lxd_container:
+    name: "{{ inventory_hostname }}"
+    state: started
+    source:
+      type: image
+      mode: pull
+      server: https://images.linuxcontainers.org
+      protocol: simplestreams #lxd # if you get a 404, try setting protocol: simplestreams
+      alias: alpine/3.14/amd64
+    devices: '{ "eth0": {"nictype":"bridged", "parent":"lxd","type":"nic","ipv4.address":"{{ ansible_host }}"} }'                                   # default to {}
+    profiles: ["lxd"]
+    wait_for_ipv4_addresses: true
+    timeout: 120
+  delegate_to: localhost
+  connection: local
+
+- name: install basics
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- /sbin/apk add -U python3 dropbear dropbear-scp wget"
+
+- name: setup /root/.ssh
+  connection: local
+  delegate_to: localhost
+  raw: "lxc exec {{ inventory_hostname }} -- mkdir -p /root/.ssh"
+
+- name: get authorized_keys
+  connection: local
+  delegate_to: localhost
+  raw: "lxc exec {{ inventory_hostname }} -- wget https://git.br0tkasten.de/br0tkasten/configs/raw/branch/master/dotfiles/authorized_keys -O /root/.ssh/authorized_keys" 
+
+- name: fix permissions
+  connection: local
+  delegate_to: localhost
+  raw: "lxc exec {{ inventory_hostname }} -- chmod 0600 /root/.ssh/authorized_keys"
+
+- name: enable dropbear
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- rc-update add dropbear" 
+
+- name: enable dropbear
+  connection: local
+  delegate_to: localhost 
+  raw: "lxc exec {{ inventory_hostname }} -- rc-service dropbear restart"
+
+- name: install software
+  package: name={{ install_software }} state=present update_cache=yes
+
+- name: deploy motd
+  copy:
+    src: motd
+    dest: /etc/motd
+    mode: 0644
+
+- name: deploy syslog config
+  copy:
+    src: syslog.conf
+    dest: /etc/conf.d/syslog
+    mode: 0644
+  notify:
+    - restart container
+
+- name: deploy update script
+  copy:
+    src: update.sh
+    dest: /etc/periodic/daily/update
+    mode: 0755
--- a/vars/main.yml
+++ b/vars/main.yml
@ -0,0 +1,7 @@
+---
+install_software:
+  - git
+  - bash
+  - dropbear
+  - python3
+  - openssh-server