diff options
-rw-r--r-- | hetzner/init.yaml | 53 | ||||
-rw-r--r-- | hetzner/inventory/hosts.yaml | 1 | ||||
-rw-r--r-- | hetzner/mastodon.yml | 31 | ||||
-rw-r--r-- | hetzner/nginx.yaml | 25 | ||||
-rw-r--r-- | hetzner/requirements.yaml | 6 | ||||
-rw-r--r-- | hetzner/user.yaml | 59 |
6 files changed, 175 insertions, 0 deletions
diff --git a/hetzner/init.yaml b/hetzner/init.yaml new file mode 100644 index 0000000..a4a3db1 --- /dev/null +++ b/hetzner/init.yaml | |||
@@ -0,0 +1,53 @@ | |||
1 | --- | ||
2 | - name: System initialization | ||
3 | hosts: localhost | ||
4 | become: true | ||
5 | tasks: | ||
6 | - name: Make sure we have a 'wheel' group | ||
7 | group: | ||
8 | name: wheel | ||
9 | state: present | ||
10 | |||
11 | - name: Allow 'wheel' group to have passwordless sudo | ||
12 | lineinfile: | ||
13 | dest: /etc/sudoers | ||
14 | state: present | ||
15 | regexp: '^%wheel' | ||
16 | line: '%wheel ALL=(ALL) NOPASSWD: ALL' | ||
17 | validate: visudo -cf %s | ||
18 | |||
19 | - name: Add sudoers users to wheel group | ||
20 | user: | ||
21 | name: clarkzjw | ||
22 | groups: wheel | ||
23 | append: yes | ||
24 | shell: /bin/bash | ||
25 | |||
26 | - name: Set authorized keys taken from url | ||
27 | authorized_key: | ||
28 | user: clarkzjw | ||
29 | state: present | ||
30 | key: https://github.com/clarkzjw.keys | ||
31 | |||
32 | - name: Disable Root Login | ||
33 | lineinfile: | ||
34 | dest: /etc/ssh/sshd_config | ||
35 | regexp: '^PermitRootLogin' | ||
36 | line: "PermitRootLogin no" | ||
37 | state: present | ||
38 | backup: yes | ||
39 | |||
40 | - name: Disable Password Login | ||
41 | lineinfile: | ||
42 | dest: /etc/ssh/sshd_config | ||
43 | regexp: '^PasswordAuthentication' | ||
44 | line: "PasswordAuthentication no" | ||
45 | state: present | ||
46 | backup: yes | ||
47 | |||
48 | - name: Restart SSHD | ||
49 | systemd: | ||
50 | name: ssh | ||
51 | enabled: true | ||
52 | state: restarted | ||
53 | daemon_reload: true | ||
diff --git a/hetzner/inventory/hosts.yaml b/hetzner/inventory/hosts.yaml new file mode 100644 index 0000000..2302eda --- /dev/null +++ b/hetzner/inventory/hosts.yaml | |||
@@ -0,0 +1 @@ | |||
localhost ansible_connection=local | |||
diff --git a/hetzner/mastodon.yml b/hetzner/mastodon.yml new file mode 100644 index 0000000..354390c --- /dev/null +++ b/hetzner/mastodon.yml | |||
@@ -0,0 +1,31 @@ | |||
1 | --- | ||
2 | - name: Install Mastodon dependencies | ||
3 | hosts: localhost | ||
4 | tasks: | ||
5 | - name: Install required packages | ||
6 | apt: | ||
7 | name: | ||
8 | - imagemagick | ||
9 | - ffmpeg | ||
10 | - libpq-dev | ||
11 | - libxml2-dev | ||
12 | - libxslt1-dev | ||
13 | - file | ||
14 | - libprotobuf-dev | ||
15 | - protobuf-compiler | ||
16 | - pkg-config | ||
17 | - autoconf | ||
18 | - bison | ||
19 | - libssl-dev | ||
20 | - libyaml-dev | ||
21 | - libreadline6-dev | ||
22 | - zlib1g-dev | ||
23 | - libncurses5-dev | ||
24 | - libffi-dev | ||
25 | - libgdbm-dev | ||
26 | - redis-server | ||
27 | - redis-tools | ||
28 | - libidn11-dev | ||
29 | - libicu-dev | ||
30 | - libjemalloc-dev | ||
31 | update_cache: true | ||
diff --git a/hetzner/nginx.yaml b/hetzner/nginx.yaml new file mode 100644 index 0000000..006d4e3 --- /dev/null +++ b/hetzner/nginx.yaml | |||
@@ -0,0 +1,25 @@ | |||
1 | --- | ||
2 | - name: Install Nginx | ||
3 | hosts: localhost | ||
4 | tasks: | ||
5 | - name: Install NGINX | ||
6 | ansible.builtin.include_role: | ||
7 | name: nginxinc.nginx | ||
8 | vars: | ||
9 | nginx_modules: | ||
10 | - geoip | ||
11 | - perl | ||
12 | nginx_service_modify: true | ||
13 | nginx_service_timeout: 95 | ||
14 | nginx_logrotate_conf_enable: true | ||
15 | nginx_logrotate_conf: | ||
16 | paths: | ||
17 | - /var/log/nginx/*.log | ||
18 | options: | ||
19 | - daily | ||
20 | - missingok | ||
21 | - rotate 14 | ||
22 | - compress | ||
23 | - delaycompress | ||
24 | - notifempty | ||
25 | - sharedscripts | ||
diff --git a/hetzner/requirements.yaml b/hetzner/requirements.yaml new file mode 100644 index 0000000..9a039b1 --- /dev/null +++ b/hetzner/requirements.yaml | |||
@@ -0,0 +1,6 @@ | |||
1 | - name: gantsign.oh-my-zsh | ||
2 | type: galaxy | ||
3 | version: 2.6.0 | ||
4 | - name: nginxinc.nginx | ||
5 | type: galaxy | ||
6 | version: 0.24.0 | ||
diff --git a/hetzner/user.yaml b/hetzner/user.yaml new file mode 100644 index 0000000..bf21687 --- /dev/null +++ b/hetzner/user.yaml | |||
@@ -0,0 +1,59 @@ | |||
1 | --- | ||
2 | - name: System initialization | ||
3 | hosts: localhost | ||
4 | become: true | ||
5 | roles: | ||
6 | - role: gantsign.oh-my-zsh | ||
7 | users: | ||
8 | - username: clarkzjw | ||
9 | oh_my_zsh: | ||
10 | theme: robbyrussell | ||
11 | plugins: | ||
12 | - git | ||
13 | update_mode: reminder | ||
14 | update_frequency: 28 | ||
15 | tasks: | ||
16 | - name: Install required packages | ||
17 | apt: | ||
18 | name: | ||
19 | - debian-archive-keyring | ||
20 | - apt-transport-https | ||
21 | - build-essential | ||
22 | - ca-certificates | ||
23 | - lsb-release | ||
24 | - cifs-utils | ||
25 | - vnstat | ||
26 | - python3-dev | ||
27 | - python3-pip | ||
28 | - python3 | ||
29 | - iperf3 | ||
30 | - gnupg2 | ||
31 | - unzip | ||
32 | - rsync | ||
33 | - wget | ||
34 | - sudo | ||
35 | - htop | ||
36 | - curl | ||
37 | - tree | ||
38 | - zip | ||
39 | - vim | ||
40 | - zsh | ||
41 | - git | ||
42 | update_cache: true | ||
43 | |||
44 | - name: Postgresql | ||
45 | apt: | ||
46 | name: | ||
47 | - postgresql | ||
48 | - postgresql-client | ||
49 | - postgresql-contrib | ||
50 | update_cache: true | ||
51 | |||
52 | - name: Clean unneeded packages | ||
53 | apt: | ||
54 | autoremove: true | ||
55 | purge: true | ||
56 | |||
57 | - name: Clean unneeded packages | ||
58 | apt: | ||
59 | autoclean: true | ||