commit b16534c0450bec6dacc92775b63f696d90907435 Author: br0tkasten Date: Sun Nov 14 16:55:15 2021 +0100 initial import diff --git a/files/motd b/files/motd new file mode 100644 index 0000000..e69de29 diff --git a/files/syslog.conf b/files/syslog.conf new file mode 100644 index 0000000..a040f03 --- /dev/null +++ b/files/syslog.conf @@ -0,0 +1 @@ +SYSLOGD_OPTS="-R 10.3.0.1" diff --git a/files/update.sh b/files/update.sh new file mode 100644 index 0000000..c649227 --- /dev/null +++ b/files/update.sh @@ -0,0 +1,11 @@ +#!/bin/ash + +APK=$(which apk) +UPDATE=$($APK -qU upgrade) + +if [ "x$UPDATE" != "x" ]; +then + echo -e "$HOSTNAME updated packages:\n" + echo -e "$UPDATE\n" + reboot +fi diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..e8263ba --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,13 @@ +--- +- name: reload dnsmasq + systemd: name=dnsmasq state=reloaded + delegate_to: localhost + connection: local + +- name: restart container + lxd_container: + name: "{{ inventory_hostname }}" + state: restarted + delegate_to: localhost + connection: local + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..ba37207 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,80 @@ +--- +- name: configure dnsmasq hosts + lineinfile: + dest: /etc/dnsmasq.d/hosts.conf + regexp: "^{{ ansible_host }}" + line: "{{ ansible_host }}\t{{ inventory_hostname }}.lxc.br0tkasten.de" + notify: + - reload dnsmasq + delegate_to: localhost + connection: local + +- name: create container + lxd_container: + name: "{{ inventory_hostname }}" + state: started + source: + type: image + mode: pull + server: https://images.linuxcontainers.org + protocol: simplestreams #lxd # if you get a 404, try setting protocol: simplestreams + alias: alpine/3.14/amd64 + devices: '{ "eth0": {"nictype":"bridged", "parent":"lxd","type":"nic","ipv4.address":"{{ ansible_host }}"} }' # default to {} + profiles: ["lxd"] + wait_for_ipv4_addresses: true + timeout: 120 + delegate_to: localhost + connection: local + +- name: install basics + connection: local + delegate_to: localhost + raw: "lxc exec {{ inventory_hostname }} -- /sbin/apk add -U python3 dropbear dropbear-scp wget" + +- name: setup /root/.ssh + connection: local + delegate_to: localhost + raw: "lxc exec {{ inventory_hostname }} -- mkdir -p /root/.ssh" + +- name: get authorized_keys + connection: local + delegate_to: localhost + raw: "lxc exec {{ inventory_hostname }} -- wget https://git.br0tkasten.de/br0tkasten/configs/raw/branch/master/dotfiles/authorized_keys -O /root/.ssh/authorized_keys" + +- name: fix permissions + connection: local + delegate_to: localhost + raw: "lxc exec {{ inventory_hostname }} -- chmod 0600 /root/.ssh/authorized_keys" + +- name: enable dropbear + connection: local + delegate_to: localhost + raw: "lxc exec {{ inventory_hostname }} -- rc-update add dropbear" + +- name: enable dropbear + connection: local + delegate_to: localhost + raw: "lxc exec {{ inventory_hostname }} -- rc-service dropbear restart" + +- name: install software + package: name={{ install_software }} state=present update_cache=yes + +- name: deploy motd + copy: + src: motd + dest: /etc/motd + mode: 0644 + +- name: deploy syslog config + copy: + src: syslog.conf + dest: /etc/conf.d/syslog + mode: 0644 + notify: + - restart container + +- name: deploy update script + copy: + src: update.sh + dest: /etc/periodic/daily/update + mode: 0755 diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..702ae77 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,7 @@ +--- +install_software: + - git + - bash + - dropbear + - python3 + - openssh-server