Split repo to qenya/ansible-playbooks
This commit is contained in:
parent
8f8e25d746
commit
57e00492a0
3 changed files with 0 additions and 82 deletions
6
.gitignore
vendored
6
.gitignore
vendored
|
|
@ -2,9 +2,3 @@
|
||||||
# Ignore build outputs from performing a nix-build or `nix build` command
|
# Ignore build outputs from performing a nix-build or `nix build` command
|
||||||
result
|
result
|
||||||
result-*
|
result-*
|
||||||
|
|
||||||
# ---> Ansible
|
|
||||||
*.retry
|
|
||||||
|
|
||||||
# https://github.com/ansible/ansible-lint/issues/4533
|
|
||||||
.ansible/
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +0,0 @@
|
||||||
ovh:
|
|
||||||
hosts:
|
|
||||||
siberys:
|
|
||||||
ansible_host: siberys.qenya.tel
|
|
||||||
vars:
|
|
||||||
ansible_user: fedora
|
|
||||||
|
|
@ -1,70 +0,0 @@
|
||||||
- name: Initial setup
|
|
||||||
hosts: ovh
|
|
||||||
tasks:
|
|
||||||
- name: Ensure hostname is correct
|
|
||||||
ansible.builtin.hostname:
|
|
||||||
name: '{{ inventory_hostname }}'
|
|
||||||
become: true
|
|
||||||
- name: Ensure password authentication for SSH is disabled
|
|
||||||
ansible.builtin.lineinfile:
|
|
||||||
dest: /etc/ssh/sshd_config
|
|
||||||
regexp: '^#?PasswordAuthentication'
|
|
||||||
line: "PasswordAuthentication no"
|
|
||||||
state: present
|
|
||||||
backup: true
|
|
||||||
become: true
|
|
||||||
notify:
|
|
||||||
- Restart SSH
|
|
||||||
- name: Update authorized SSH keys for Ansible user
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: '/home/{{ ansible_user }}/.ssh/authorized_keys'
|
|
||||||
# TODO: template this from a separate config file
|
|
||||||
content: |
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjBuuxo+w3yED0aPnsNb8S90p/GgBqFEG9K4ETZ5Wkq qenya@kilgharrah
|
|
||||||
mode: "0600"
|
|
||||||
|
|
||||||
handlers:
|
|
||||||
- name: Restart SSH
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: sshd
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
- name: Enable automatic upgrades
|
|
||||||
hosts: ovh
|
|
||||||
tasks:
|
|
||||||
- name: Install dnf-automatic
|
|
||||||
ansible.builtin.dnf:
|
|
||||||
name: dnf-automatic
|
|
||||||
state: present
|
|
||||||
become: true
|
|
||||||
- name: Configure dnf-automatic
|
|
||||||
ansible.builtin.copy:
|
|
||||||
dest: '/etc/dnf/automatic.conf'
|
|
||||||
content: |
|
|
||||||
[commands]
|
|
||||||
apply_updates=True
|
|
||||||
reboot=when-needed
|
|
||||||
mode: "0644"
|
|
||||||
become: true
|
|
||||||
- name: Enable a timer unit for dnf-automatic
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: 'dnf-automatic.timer'
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Set up Podman
|
|
||||||
hosts: ovh
|
|
||||||
tasks:
|
|
||||||
- name: Install Podman
|
|
||||||
ansible.builtin.dnf:
|
|
||||||
name: podman
|
|
||||||
state: present
|
|
||||||
become: true
|
|
||||||
- name: Enable a Podman socket to receive remote client commands
|
|
||||||
ansible.builtin.systemd_service:
|
|
||||||
name: 'podman.socket'
|
|
||||||
enabled: true
|
|
||||||
state: started
|
|
||||||
scope: user
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue