ansible-alpine-host/tasks/post_install.yml

---
- name: "Set a password for the root user."
  shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt /bin/sh -c 'echo root:{{ root }} | chpasswd -'"
- name: "Enable default services."
  shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt rc-update add {{ item.service }} {{ item.runlevel }}"
  args:
    creates: "/mnt/etc/runlevels/{{ item.runlevel }}/{{ item.service }}"
  loop:
  - runlevel: "sysinit"
    service: "devfs"
  - runlevel: "sysinit"
    service: "dmesg"
  - runlevel: "sysinit"
    service: "mdev"
  - runlevel: "sysinit"
    service: "hwdrivers"
  - runlevel: "sysinit"
    service: "modloop"
  - runlevel: "boot"
    service: "modules"
  - runlevel: "boot"
    service: "sysctl"
  - runlevel: "boot"
    service: "hostname"
  - runlevel: "boot"
    service: "bootmisc"
  - runlevel: "boot"
    service: "syslog-ng"
  - runlevel: "shutdown"
    service: "mount-ro"
  - runlevel: "shutdown"
    service: "killprocs"
  - runlevel: "shutdown"
    service: "savecache"
  - runlevel: "default"
    service: "networking"
  - runlevel: "default"
    service: "ipset"
  - runlevel: "default"
    service: "iptables"
  - runlevel: "default"
    service: "ip6tables"
  - runlevel: "default"
    service: "node-exporter"
  - runlevel: "default"
    service: "sshd"
  - runlevel: "boot"
    service: "hwclock"
  - runlevel: "boot"
    service: "swclock"
  - runlevel: "default"
    service: "ntpd"
- name: "Install configuration files."
  template:
    src: "templates{{ item }}.j2"
    dest: "/mnt{{ item }}"
    mode: "640"
  loop:
  - /etc/conf.d/iptables
  - /etc/conf.d/ip6tables
  - /etc/conf.d/tinc.networks
  - /etc/conf.d/node-exporter
  - /etc/iptables/rules6-save
  - /etc/iptables/rules-save
  - /etc/ipset.d/blocklist4
  - /etc/ipset.d/blocklist6
  - /etc/syslog-ng/syslog-ng.conf
  - /etc/sysctl.d/congestion.conf
- name: "And services."
  template:
    src: "templates{{ item }}.j2"
    dest: "/mnt{{ item }}"
    mode: "750"
  loop:
  - /etc/init.d/ntpd
  - /etc/init.d/tincd
- name: "Create NTP directories."
  file:
    state: "directory"
    path: "/mnt{{ item }}"
  loop:
  - "/var/NTP"
  - "/var/lib/ntp"
- name: "Reboot!"
  reboot:
Initial 2022-04-10 00:29:22 +00:00			`---`
			`- name: "Set a password for the root user."`
			`shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt /bin/sh -c 'echo root:{{ root }} \| chpasswd -'"`
			`- name: "Enable default services."`
			`shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt rc-update add {{ item.service }} {{ item.runlevel }}"`
			`args:`
			`creates: "/mnt/etc/runlevels/{{ item.runlevel }}/{{ item.service }}"`
			`loop:`
			`- runlevel: "sysinit"`
			`service: "devfs"`
			`- runlevel: "sysinit"`
			`service: "dmesg"`
			`- runlevel: "sysinit"`
			`service: "mdev"`
			`- runlevel: "sysinit"`
			`service: "hwdrivers"`
			`- runlevel: "sysinit"`
			`service: "modloop"`
			`- runlevel: "boot"`
			`service: "modules"`
			`- runlevel: "boot"`
			`service: "sysctl"`
			`- runlevel: "boot"`
			`service: "hostname"`
			`- runlevel: "boot"`
			`service: "bootmisc"`
			`- runlevel: "boot"`
send syslog to a central server 2022-06-19 05:56:50 +00:00			`service: "syslog-ng"`
Initial 2022-04-10 00:29:22 +00:00			`- runlevel: "shutdown"`
			`service: "mount-ro"`
			`- runlevel: "shutdown"`
			`service: "killprocs"`
			`- runlevel: "shutdown"`
			`service: "savecache"`
			`- runlevel: "default"`
			`service: "networking"`
enable ipset 2022-06-19 01:43:03 +00:00			`- runlevel: "default"`
			`service: "ipset"`
Initial 2022-04-10 00:29:22 +00:00			`- runlevel: "default"`
			`service: "iptables"`
			`- runlevel: "default"`
			`service: "ip6tables"`
			`- runlevel: "default"`
			`service: "node-exporter"`
			`- runlevel: "default"`
			`service: "sshd"`
			`- runlevel: "boot"`
			`service: "hwclock"`
			`- runlevel: "boot"`
			`service: "swclock"`
keep clock updated 2022-06-19 05:48:44 +00:00			`- runlevel: "default"`
			`service: "ntpd"`
general method for adding configuration files 2022-06-19 05:52:24 +00:00			`- name: "Install configuration files."`
Initial 2022-04-10 00:29:22 +00:00			`template:`
install configuration files correctly 2022-07-02 22:27:26 +00:00			`src: "templates{{ item }}.j2"`
			`dest: "/mnt{{ item }}"`
general method for adding configuration files 2022-06-19 05:52:24 +00:00			`mode: "640"`
Initial 2022-04-10 00:29:22 +00:00			`loop:`
don't modify the firewall 2022-06-19 05:52:54 +00:00			`- /etc/conf.d/iptables`
			`- /etc/conf.d/ip6tables`
interconnect servers through the ekumen 2022-06-19 05:59:17 +00:00			`- /etc/conf.d/tinc.networks`
configure node for exporting network data 2022-06-19 06:00:59 +00:00			`- /etc/conf.d/node-exporter`
general method for adding configuration files 2022-06-19 05:52:24 +00:00			`- /etc/iptables/rules6-save`
			`- /etc/iptables/rules-save`
			`- /etc/ipset.d/blocklist4`
			`- /etc/ipset.d/blocklist6`
send syslog to a central server 2022-06-19 05:56:50 +00:00			`- /etc/syslog-ng/syslog-ng.conf`
use bbr for tcp congestion control 2022-06-19 17:22:28 +00:00			`- /etc/sysctl.d/congestion.conf`
keep clock updated 2022-06-19 05:48:44 +00:00			`- name: "And services."`
			`template:`
install configuration files correctly 2022-07-02 22:27:26 +00:00			`src: "templates{{ item }}.j2"`
			`dest: "/mnt{{ item }}"`
keep clock updated 2022-06-19 05:48:44 +00:00			`mode: "750"`
			`loop:`
			`- /etc/init.d/ntpd`
make tincd log to syslog there's an undocumented SYSLOG env var on tincd's rc 2022-06-19 17:22:58 +00:00			`- /etc/init.d/tincd`
use bbr for tcp congestion control 2022-06-19 17:22:28 +00:00			`- name: "Create NTP directories."`
			`file:`
			`state: "directory"`
install configuration files correctly 2022-07-02 22:27:26 +00:00			`path: "/mnt{{ item }}"`
use bbr for tcp congestion control 2022-06-19 17:22:28 +00:00			`loop:`
			`- "/var/NTP"`
			`- "/var/lib/ntp"`
Initial 2022-04-10 00:29:22 +00:00			`- name: "Reboot!"`
			`reboot:`