aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-03-02 22:48:26 -0800
committerclarkzjw <[email protected]>2023-03-02 22:48:26 -0800
commit0a044f572564412df4d33a6899c6c6f007c004f6 (patch)
treebb13f4d12d1320f0434eff7740fd6ac000cfbedb /hetzner
parentf4fc1682ad379799b0610c1477e1fead06880993 (diff)
downloadhomelab-0a044f572564412df4d33a6899c6c6f007c004f6.tar.gz
add ansible playbooks for system initialization
Diffstat (limited to 'hetzner')
-rw-r--r--hetzner/init.yaml53
-rw-r--r--hetzner/inventory/hosts.yaml1
-rw-r--r--hetzner/mastodon.yml31
-rw-r--r--hetzner/nginx.yaml25
-rw-r--r--hetzner/requirements.yaml6
-rw-r--r--hetzner/user.yaml59
6 files changed, 175 insertions, 0 deletions
diff --git a/hetzner/init.yaml b/hetzner/init.yaml
new file mode 100644
index 0000000..a4a3db1
--- /dev/null
+++ b/hetzner/init.yaml
@@ -0,0 +1,53 @@
1---
2 - name: System initialization
3 hosts: localhost
4 become: true
5 tasks:
6 - name: Make sure we have a 'wheel' group
7 group:
8 name: wheel
9 state: present
10
11 - name: Allow 'wheel' group to have passwordless sudo
12 lineinfile:
13 dest: /etc/sudoers
14 state: present
15 regexp: '^%wheel'
16 line: '%wheel ALL=(ALL) NOPASSWD: ALL'
17 validate: visudo -cf %s
18
19 - name: Add sudoers users to wheel group
20 user:
21 name: clarkzjw
22 groups: wheel
23 append: yes
24 shell: /bin/bash
25
26 - name: Set authorized keys taken from url
27 authorized_key:
28 user: clarkzjw
29 state: present
30 key: https://github.com/clarkzjw.keys
31
32 - name: Disable Root Login
33 lineinfile:
34 dest: /etc/ssh/sshd_config
35 regexp: '^PermitRootLogin'
36 line: "PermitRootLogin no"
37 state: present
38 backup: yes
39
40 - name: Disable Password Login
41 lineinfile:
42 dest: /etc/ssh/sshd_config
43 regexp: '^PasswordAuthentication'
44 line: "PasswordAuthentication no"
45 state: present
46 backup: yes
47
48 - name: Restart SSHD
49 systemd:
50 name: ssh
51 enabled: true
52 state: restarted
53 daemon_reload: true
diff --git a/hetzner/inventory/hosts.yaml b/hetzner/inventory/hosts.yaml
new file mode 100644
index 0000000..2302eda
--- /dev/null
+++ b/hetzner/inventory/hosts.yaml
@@ -0,0 +1 @@
localhost ansible_connection=local
diff --git a/hetzner/mastodon.yml b/hetzner/mastodon.yml
new file mode 100644
index 0000000..354390c
--- /dev/null
+++ b/hetzner/mastodon.yml
@@ -0,0 +1,31 @@
1---
2 - name: Install Mastodon dependencies
3 hosts: localhost
4 tasks:
5 - name: Install required packages
6 apt:
7 name:
8 - imagemagick
9 - ffmpeg
10 - libpq-dev
11 - libxml2-dev
12 - libxslt1-dev
13 - file
14 - libprotobuf-dev
15 - protobuf-compiler
16 - pkg-config
17 - autoconf
18 - bison
19 - libssl-dev
20 - libyaml-dev
21 - libreadline6-dev
22 - zlib1g-dev
23 - libncurses5-dev
24 - libffi-dev
25 - libgdbm-dev
26 - redis-server
27 - redis-tools
28 - libidn11-dev
29 - libicu-dev
30 - libjemalloc-dev
31 update_cache: true
diff --git a/hetzner/nginx.yaml b/hetzner/nginx.yaml
new file mode 100644
index 0000000..006d4e3
--- /dev/null
+++ b/hetzner/nginx.yaml
@@ -0,0 +1,25 @@
1---
2- name: Install Nginx
3 hosts: localhost
4 tasks:
5 - name: Install NGINX
6 ansible.builtin.include_role:
7 name: nginxinc.nginx
8 vars:
9 nginx_modules:
10 - geoip
11 - perl
12 nginx_service_modify: true
13 nginx_service_timeout: 95
14 nginx_logrotate_conf_enable: true
15 nginx_logrotate_conf:
16 paths:
17 - /var/log/nginx/*.log
18 options:
19 - daily
20 - missingok
21 - rotate 14
22 - compress
23 - delaycompress
24 - notifempty
25 - sharedscripts
diff --git a/hetzner/requirements.yaml b/hetzner/requirements.yaml
new file mode 100644
index 0000000..9a039b1
--- /dev/null
+++ b/hetzner/requirements.yaml
@@ -0,0 +1,6 @@
1- name: gantsign.oh-my-zsh
2 type: galaxy
3 version: 2.6.0
4- name: nginxinc.nginx
5 type: galaxy
6 version: 0.24.0
diff --git a/hetzner/user.yaml b/hetzner/user.yaml
new file mode 100644
index 0000000..bf21687
--- /dev/null
+++ b/hetzner/user.yaml
@@ -0,0 +1,59 @@
1---
2 - name: System initialization
3 hosts: localhost
4 become: true
5 roles:
6 - role: gantsign.oh-my-zsh
7 users:
8 - username: clarkzjw
9 oh_my_zsh:
10 theme: robbyrussell
11 plugins:
12 - git
13 update_mode: reminder
14 update_frequency: 28
15 tasks:
16 - name: Install required packages
17 apt:
18 name:
19 - debian-archive-keyring
20 - apt-transport-https
21 - build-essential
22 - ca-certificates
23 - lsb-release
24 - cifs-utils
25 - vnstat
26 - python3-dev
27 - python3-pip
28 - python3
29 - iperf3
30 - gnupg2
31 - unzip
32 - rsync
33 - wget
34 - sudo
35 - htop
36 - curl
37 - tree
38 - zip
39 - vim
40 - zsh
41 - git
42 update_cache: true
43
44 - name: Postgresql
45 apt:
46 name:
47 - postgresql
48 - postgresql-client
49 - postgresql-contrib
50 update_cache: true
51
52 - name: Clean unneeded packages
53 apt:
54 autoremove: true
55 purge: true
56
57 - name: Clean unneeded packages
58 apt:
59 autoclean: true
Powered by cgit v1.2.3 (git 2.41.0)