From 0a044f572564412df4d33a6899c6c6f007c004f6 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Thu, 2 Mar 2023 22:48:26 -0800 Subject: add ansible playbooks for system initialization --- hetzner/init.yaml | 53 +++++++++++++++++++++++++++++++++++++++ hetzner/inventory/hosts.yaml | 1 + hetzner/mastodon.yml | 31 +++++++++++++++++++++++ hetzner/nginx.yaml | 25 +++++++++++++++++++ hetzner/requirements.yaml | 6 +++++ hetzner/user.yaml | 59 ++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 175 insertions(+) create mode 100644 hetzner/init.yaml create mode 100644 hetzner/inventory/hosts.yaml create mode 100644 hetzner/mastodon.yml create mode 100644 hetzner/nginx.yaml create mode 100644 hetzner/requirements.yaml create mode 100644 hetzner/user.yaml diff --git a/hetzner/init.yaml b/hetzner/init.yaml new file mode 100644 index 0000000..a4a3db1 --- /dev/null +++ b/hetzner/init.yaml @@ -0,0 +1,53 @@ +--- + - name: System initialization + hosts: localhost + become: true + tasks: + - name: Make sure we have a 'wheel' group + group: + name: wheel + state: present + + - name: Allow 'wheel' group to have passwordless sudo + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^%wheel' + line: '%wheel ALL=(ALL) NOPASSWD: ALL' + validate: visudo -cf %s + + - name: Add sudoers users to wheel group + user: + name: clarkzjw + groups: wheel + append: yes + shell: /bin/bash + + - name: Set authorized keys taken from url + authorized_key: + user: clarkzjw + state: present + key: https://github.com/clarkzjw.keys + + - name: Disable Root Login + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitRootLogin' + line: "PermitRootLogin no" + state: present + backup: yes + + - name: Disable Password Login + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PasswordAuthentication' + line: "PasswordAuthentication no" + state: present + backup: yes + + - name: Restart SSHD + systemd: + name: ssh + enabled: true + state: restarted + daemon_reload: true diff --git a/hetzner/inventory/hosts.yaml b/hetzner/inventory/hosts.yaml new file mode 100644 index 0000000..2302eda --- /dev/null +++ b/hetzner/inventory/hosts.yaml @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/hetzner/mastodon.yml b/hetzner/mastodon.yml new file mode 100644 index 0000000..354390c --- /dev/null +++ b/hetzner/mastodon.yml @@ -0,0 +1,31 @@ +--- + - name: Install Mastodon dependencies + hosts: localhost + tasks: + - name: Install required packages + apt: + name: + - imagemagick + - ffmpeg + - libpq-dev + - libxml2-dev + - libxslt1-dev + - file + - libprotobuf-dev + - protobuf-compiler + - pkg-config + - autoconf + - bison + - libssl-dev + - libyaml-dev + - libreadline6-dev + - zlib1g-dev + - libncurses5-dev + - libffi-dev + - libgdbm-dev + - redis-server + - redis-tools + - libidn11-dev + - libicu-dev + - libjemalloc-dev + update_cache: true diff --git a/hetzner/nginx.yaml b/hetzner/nginx.yaml new file mode 100644 index 0000000..006d4e3 --- /dev/null +++ b/hetzner/nginx.yaml @@ -0,0 +1,25 @@ +--- +- name: Install Nginx + hosts: localhost + tasks: + - name: Install NGINX + ansible.builtin.include_role: + name: nginxinc.nginx + vars: + nginx_modules: + - geoip + - perl + nginx_service_modify: true + nginx_service_timeout: 95 + nginx_logrotate_conf_enable: true + nginx_logrotate_conf: + paths: + - /var/log/nginx/*.log + options: + - daily + - missingok + - rotate 14 + - compress + - delaycompress + - notifempty + - sharedscripts diff --git a/hetzner/requirements.yaml b/hetzner/requirements.yaml new file mode 100644 index 0000000..9a039b1 --- /dev/null +++ b/hetzner/requirements.yaml @@ -0,0 +1,6 @@ +- name: gantsign.oh-my-zsh + type: galaxy + version: 2.6.0 +- name: nginxinc.nginx + type: galaxy + version: 0.24.0 diff --git a/hetzner/user.yaml b/hetzner/user.yaml new file mode 100644 index 0000000..bf21687 --- /dev/null +++ b/hetzner/user.yaml @@ -0,0 +1,59 @@ +--- + - name: System initialization + hosts: localhost + become: true + roles: + - role: gantsign.oh-my-zsh + users: + - username: clarkzjw + oh_my_zsh: + theme: robbyrussell + plugins: + - git + update_mode: reminder + update_frequency: 28 + tasks: + - name: Install required packages + apt: + name: + - debian-archive-keyring + - apt-transport-https + - build-essential + - ca-certificates + - lsb-release + - cifs-utils + - vnstat + - python3-dev + - python3-pip + - python3 + - iperf3 + - gnupg2 + - unzip + - rsync + - wget + - sudo + - htop + - curl + - tree + - zip + - vim + - zsh + - git + update_cache: true + + - name: Postgresql + apt: + name: + - postgresql + - postgresql-client + - postgresql-contrib + update_cache: true + + - name: Clean unneeded packages + apt: + autoremove: true + purge: true + + - name: Clean unneeded packages + apt: + autoclean: true -- cgit v1.2.3