81 lines
2.2 KiB
YAML
81 lines
2.2 KiB
YAML
---
|
|
- name: configure dnsmasq hosts
|
|
lineinfile:
|
|
dest: /etc/dnsmasq.d/hosts.conf
|
|
regexp: "^{{ ansible_host }}"
|
|
line: "{{ ansible_host }}\t{{ inventory_hostname }}.lxc.br0tkasten.de"
|
|
notify:
|
|
- reload dnsmasq
|
|
delegate_to: localhost
|
|
connection: local
|
|
|
|
- name: create container
|
|
lxd_container:
|
|
name: "{{ inventory_hostname }}"
|
|
state: started
|
|
source:
|
|
type: image
|
|
mode: pull
|
|
server: https://images.linuxcontainers.org
|
|
protocol: simplestreams #lxd # if you get a 404, try setting protocol: simplestreams
|
|
alias: alpine/3.14/amd64
|
|
devices: '{ "eth0": {"nictype":"bridged", "parent":"lxd","type":"nic","ipv4.address":"{{ ansible_host }}"} }' # default to {}
|
|
profiles: ["lxd"]
|
|
wait_for_ipv4_addresses: true
|
|
timeout: 120
|
|
delegate_to: localhost
|
|
connection: local
|
|
|
|
- name: install basics
|
|
connection: local
|
|
delegate_to: localhost
|
|
raw: "lxc exec {{ inventory_hostname }} -- /sbin/apk add -U python3 dropbear openssh-client-default wget"
|
|
|
|
- name: setup /root/.ssh
|
|
connection: local
|
|
delegate_to: localhost
|
|
raw: "lxc exec {{ inventory_hostname }} -- mkdir -p /root/.ssh"
|
|
|
|
- name: get authorized_keys
|
|
connection: local
|
|
delegate_to: localhost
|
|
raw: "lxc exec {{ inventory_hostname }} -- wget https://git.br0tkasten.de/br0tkasten/configs/raw/branch/master/dotfiles/authorized_keys -O /root/.ssh/authorized_keys"
|
|
|
|
- name: fix permissions
|
|
connection: local
|
|
delegate_to: localhost
|
|
raw: "lxc exec {{ inventory_hostname }} -- chmod 0600 /root/.ssh/authorized_keys"
|
|
|
|
- name: enable dropbear
|
|
connection: local
|
|
delegate_to: localhost
|
|
raw: "lxc exec {{ inventory_hostname }} -- rc-update add dropbear"
|
|
|
|
- name: enable dropbear
|
|
connection: local
|
|
delegate_to: localhost
|
|
raw: "lxc exec {{ inventory_hostname }} -- rc-service dropbear restart"
|
|
|
|
- name: install software
|
|
package: name={{ install_software }} state=present update_cache=yes
|
|
|
|
- name: deploy motd
|
|
copy:
|
|
src: motd
|
|
dest: /etc/motd
|
|
mode: 0644
|
|
|
|
- name: deploy syslog config
|
|
copy:
|
|
src: syslog.conf
|
|
dest: /etc/conf.d/syslog
|
|
mode: 0644
|
|
notify:
|
|
- restart container
|
|
|
|
- name: deploy update script
|
|
copy:
|
|
src: update.sh
|
|
dest: /etc/periodic/daily/update
|
|
mode: 0755
|