refactor: clean up directories and start standardized role names

2025-04-24 17:01:03 +02:00 · 2025-04-24 17:01:03 +02:00 · 2ae759025c
parent e2ef196a62
commit 2ae759025c
25 changed files with 160 additions and 0 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,3 +1,4 @@
 [defaults]
 vault_password_file = .ansible-password
 inventory = hosts.ini
+roles_path = roles
--- a/inventory/external.ini
+++ b/inventory/external.ini
@ -0,0 +1,14 @@
+; [nas]
+; 213.119.99.214 ansible_ssh_port=2223 static_ip=192.168.0.3
+
+[ruby]
+213.119.99.214 ansible_ssh_port=2222 static_ip=192.168.0.2
+
+[gitea]
+213.119.99.214 ansible_ssh_port=2222 static_ip=192.168.0.2
+
+[web]
+213.119.99.214 ansible_ssh_port=2223 static_ip=192.168.0.3
+
+; [actual]
+; 213.119.99.214 ansible_ssh_port=2223 static_ip=192.168.0.3
--- a/inventory/group_vars/all/vars.yml
+++ b/inventory/group_vars/all/vars.yml
--- a/inventory/group_vars/all/vault.yml
+++ b/inventory/group_vars/all/vault.yml
--- a/inventory/group_vars/nas/vars.yml
+++ b/inventory/group_vars/nas/vars.yml
--- a/inventory/group_vars/nas/vault.yml
+++ b/inventory/group_vars/nas/vault.yml
--- a/inventory/group_vars/ruby/vars.yml
+++ b/inventory/group_vars/ruby/vars.yml
--- a/inventory/group_vars/ruby/vault.yml
+++ b/inventory/group_vars/ruby/vault.yml
--- a/inventory/local.ini
+++ b/inventory/local.ini
--- a/inventory/template.ini
+++ b/inventory/template.ini
--- a/inventory/vagrant.ini
+++ b/inventory/vagrant.ini
@ -0,0 +1,2 @@
+[pearl]
+192.168.56.2 ansible_ssh_user=vagrant ansible_ssh_private_key_file='.vagrant/machines/pearl/virtualbox/private_key'
--- a/plays/first_run.yml
+++ b/plays/first_run.yml
--- a/plays/main.yml
+++ b/plays/main.yml
--- a/plays/nas.yml
+++ b/plays/nas.yml
--- a/plays/pearl.yml
+++ b/plays/pearl.yml
@ -0,0 +1,14 @@
+---
+- hosts: pearl
+  gather_facts: false
+  become: true
+  roles:
+    - 'any.common.python'
+  tags: base
+
+- hosts: pearl
+  become: true
+  roles:
+    # - 'any.common.enable-testing'
+    - 'any.common.debian-user'
+  tags: base
--- a/plays/ruby.yml
+++ b/plays/ruby.yml
--- a/plays/web.yml
+++ b/plays/web.yml
--- a/roles/any.common.debian-user/files/authorized_keys
+++ b/roles/any.common.debian-user/files/authorized_keys
@ -0,0 +1,5 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkDjXuZn+blanbJAhte8KttrpeCPeT5CGcZ5mlAZv724wTa4qebpwCnf4SK4aFuDQEuCusnia3+X7YWAyCDReNURznAWCtq+b8LGxyIm2hTBbLA1m8sj0xidR/djlUtOwDp9VpSNamUWyiPWJ+WNsPd9xLJ6BK3qRsoFiMN87sO12L7DHHDaMze628Oc+IxFd+VZnH0dPVgitis31f+lXCr8w5qSiEepDJ8Nde8M+Ev1RrPQbR5Q5C+wYxlbY0oPNlGqSrs5i1jJl0BVMI4DlibxatTfuteU5IwcDMQObJr3xJGKNTPswSdzpfJFrLfUBZvsDs94BXEHR2CtxZ4aLQPeLfosWe4zuGvX22p7TzSPx1LkuqIF85Tw1PvK3f7u3l9sozHORAoEA8sFHG+DolqldgjuUgCGpfF/QOY1jkGpbEhq57kKFH+VlFI2XePGQ6299R9RN/Y4S88v14ChLwoLSNWgxK+CgYgB4lbquAIKTKsRla3gkEeziz+qoHPQkD5RcajrWOfSKU4alORpgQerSFZ9zMoz9N2rfTVEzCsVUj0Jiwtd5O7pCX9PWBhz1Nl1ItrRPuFiTSKB05dqsQ1CDZAZMDPJNqotd6QRS5+cKzFLgvU6k/gk08/qV00VM+BxlXkh8PwAhaxNPjMxjzqHx0+xC38FtacuhJiOV91Q== roosensjef@gmail.com
+
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgHqW7mLuaW8XEFJrg031ES7v7y6Uk5QUp++axTd0wzvt5qfqTox9Hg1Xk5C9hdEfYzS5NCU+uoiInR0aHZ3Cl+yxqi3VqDfO20j6Irrt2SOBB86Gsyu9Brj62xtS0rY/e9rmyULJGUtJEz3UmFvn8fE5hUpGjDg7NByFs8f054pzifWw8F/wOvF5rKo9GqkWeXEUZ456FmowXCQLl5SypQliOsHJDs89NiTVvOxiKQXULBhj8o4c0MyCeFfPWqOutSSAetmbnegEjOTy7f/0IiqB+5713KOh1Bm1/u+3J2IVbRgeG1iTJdDVeIxBGmA1wMLvrBtBRIS0MaKa1Xabo3QTgYPHNGrf2w+GMnuoQ6/tdD6omPWGTHXqtHKEeIW1JrlDyhOo86oCl+l2aveMwhFFGW4nQmW7sfrowyLHdU3BpGl4m7pGa+5sTsHiOGEqEN/a7xikztXkuKacQ8E/y1C8gDXgaX8zFl6VOwR5EfMEMX390tz+R+ErDU81h47tSkwbY3KhunSKwPT8jSMldBttnCIexd+QuQgOlSwXkYVPPmXtPUkfp+4VzWSWeGKAa9k3HtVMIvKdVk9eXDVNnVdaAL+EkHyXOyFVVGa9gJ3ZOWhHMNi2/kHAwWMI9CwRxj7AVk30KGBhPN0wdS9Dt8/0Aa33hWuY2p9DxtNaiNw== roosensjef@gmail.com
+
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkcCTP0IE/ANIXJJIMWEg4f5riS8uv3KuypkzQC47XN roosensjef@gmail.com
--- a/roles/any.common.debian-user/tasks/main.yml
+++ b/roles/any.common.debian-user/tasks/main.yml
@ -0,0 +1,38 @@
+---
+- name: Install sudo.
+  apt:
+    name: sudo
+    state: present
+
+- name: Create data group.
+  group:
+    name: data
+    gid: 1002
+
+- name: Create debian user.
+  user:
+    name: debian
+    groups:
+      - sudo
+      - data
+    append: true
+    create_home: yes
+    shell: /bin/bash
+    password: "{{ debian_pass | password_hash('sha512') }}"
+    update_password: on_create
+
+- name: Create SSH directory.
+  file:
+    path: /home/debian/.ssh/
+    state: directory
+    owner: debian
+    group: debian
+    mode: '700'
+
+- name: Add authorized SSH keys.
+  copy:
+    src: authorized_keys
+    dest: /home/debian/.ssh/authorized_keys
+    owner: debian
+    group: debian
+    mode: '600'
--- a/roles/any.common.enable-testing/files/sources.list
+++ b/roles/any.common.enable-testing/files/sources.list
@ -0,0 +1,10 @@
+deb http://deb.debian.org/debian/ trixie main non-free-firmware
+deb-src http://deb.debian.org/debian/ trixie main non-free-firmware
+
+deb http://security.debian.org/debian-security trixie-security main non-free-firmware
+deb-src http://security.debian.org/debian-security trixie-security main non-free-firmware
+
+# trixie-updates, to get updates before a point release is made;
+# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
+deb http://deb.debian.org/debian/ trixie-updates main non-free-firmware
+deb-src http://deb.debian.org/debian/ trixie-updates main non-free-firmware
--- a/roles/any.common.enable-testing/tasks/main.yml
+++ b/roles/any.common.enable-testing/tasks/main.yml
@ -0,0 +1,17 @@
+---
+- ansible.builtin.copy:
+    src: 'sources.list'
+    dest: '/etc/apt/sources.list'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+
+- name: Upgrade all packages to the latest version in testing
+  ansible.builtin.apt:
+    upgrade: dist
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Clean up unused packages
+  ansible.builtin.apt:
+    autoremove: yes
--- a/roles/any.common.python/tasks/main.yml
+++ b/roles/any.common.python/tasks/main.yml
@ -0,0 +1,5 @@
+---
+- name: Update package database
+  raw: apt update
+- name: Install Python
+  raw: apt install --yes python3
--- a/roles/any.tools.caddy/files/Caddyfile
+++ b/roles/any.tools.caddy/files/Caddyfile
@ -0,0 +1,14 @@
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# Unless the file starts with a global options block, the first
+# uncommented line is always the address of your site.
+#
+# To use your own domain name (with automatic HTTPS), first make
+# sure your domain's A/AAAA DNS records are properly pointed to
+# this machine's public IP, then replace ":80" below with your
+# domain name.
+
+import *.Caddyfile
+
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/caddyfile
--- a/roles/any.tools.caddy/handlers/main.yml
+++ b/roles/any.tools.caddy/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: reload caddy
+  service:
+    name: caddy
+    state: reloaded
--- a/roles/any.tools.caddy/tasks/main.yml
+++ b/roles/any.tools.caddy/tasks/main.yml
@ -0,0 +1,35 @@
+---
+- name: Add Caddy GPG key
+  apt_key:
+    url: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key"
+    state: present
+
+- name: Add Caddy repositories
+  apt_repository:
+    repo: "{{ item }} https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
+    filename: 'caddy-stable'
+    state: present
+  with_items:
+    - deb
+    - deb-src
+
+- name: Install Caddy
+  apt:
+    name: caddy
+    state: present
+
+- name: Copy over Caddyfile
+  copy:
+    src: Caddyfile
+    dest: '/etc/caddy/Caddyfile'
+    owner: root
+    group: root
+    mode: '644'
+  notify: 'reload caddy'
+
+- name: Ensure Caddy service is running & enabled
+  service:
+    name: caddy
+    state: started
+    enabled: true
+