From 7c667396912387235ba76f528171aab2890dd54f Mon Sep 17 00:00:00 2001 From: f Date: Sat, 2 Jul 2022 21:21:57 -0300 Subject: [PATCH] Move configuration to a reusable file --- alpines.yml | 29 ++------------- config.yml | 83 ++++++++++++++++++++++++++++++++++++++++++ dockers.yml | 2 + tasks/post_install.yml | 74 +++++-------------------------------- 4 files changed, 98 insertions(+), 90 deletions(-) create mode 100644 config.yml diff --git a/alpines.yml b/alpines.yml index 4e864e9..bc65319 100644 --- a/alpines.yml +++ b/alpines.yml @@ -3,31 +3,10 @@ remote_user: "root" strategy: "free" vars: - alpine_version: 3.16 - apk_version: 2.12.9-r3 - log_server: "EKU:MEN:IP:ADD::RESS" - packages: - - alpine-base - - linux-virt - - syslinux - - cryptsetup - - btrfs-progs - - openssh-server - - docker - - docker-py - - syslog-ng - - syslog-ng-openrc - - ipset - - ipset-openrc - - iptables - - ip6tables - - iptables-openrc - - tinc - - prometheus-node-exporter - - prometheus-node-exporter-openrc - - htop - - rsync - - ntpsec + alpine_version: "3.16" + apk_version: "2.12.9-r3" + vars_files: + - "config.yml" tasks: - include_tasks: "tasks/partition.yml" - include_tasks: "tasks/encrypt.yml" diff --git a/config.yml b/config.yml new file mode 100644 index 0000000..b39f132 --- /dev/null +++ b/config.yml @@ -0,0 +1,83 @@ +--- +log_server: "syslog-ng.urras.sutty.nl" +packages: +- alpine-base +- linux-virt +- syslinux +- cryptsetup +- btrfs-progs +- openssh-server +- docker +- docker-py +- syslog-ng +- syslog-ng-openrc +- ipset +- ipset-openrc +- iptables +- ip6tables +- iptables-openrc +- tinc +- prometheus-node-exporter +- prometheus-node-exporter-openrc +- htop +- rsync +- ntpsec +templates: +- /etc/conf.d/iptables +- /etc/conf.d/ip6tables +- /etc/conf.d/tinc.networks +- /etc/conf.d/node-exporter +- /etc/iptables/rules6-save +- /etc/iptables/rules-save +- /etc/ipset.d/blocklist4 +- /etc/ipset.d/blocklist6 +- /etc/syslog-ng/syslog-ng.conf +- /etc/sysctl.d/congestion.conf +services: +- runlevel: "sysinit" + service: "devfs" +- runlevel: "sysinit" + service: "dmesg" +- runlevel: "sysinit" + service: "mdev" +- runlevel: "sysinit" + service: "hwdrivers" +- runlevel: "sysinit" + service: "modloop" +- runlevel: "boot" + service: "modules" +- runlevel: "boot" + service: "sysctl" +- runlevel: "boot" + service: "hostname" +- runlevel: "boot" + service: "bootmisc" +- runlevel: "boot" + service: "syslog-ng" +- runlevel: "shutdown" + service: "mount-ro" +- runlevel: "shutdown" + service: "killprocs" +- runlevel: "shutdown" + service: "savecache" +- runlevel: "default" + service: "networking" +- runlevel: "default" + service: "ipset" +- runlevel: "default" + service: "iptables" +- runlevel: "default" + service: "ip6tables" +- runlevel: "default" + service: "node-exporter" +- runlevel: "default" + service: "sshd" +- runlevel: "boot" + service: "hwclock" +- runlevel: "boot" + service: "swclock" +- runlevel: "default" + service: "ntpd" +custom_services: +- /etc/init.d/ntpd +- /etc/init.d/tincd diff --git a/dockers.yml b/dockers.yml index e9103e7..c16e6a6 100644 --- a/dockers.yml +++ b/dockers.yml @@ -2,6 +2,8 @@ - hosts: "dockers" remote_user: "root" strategy: "free" + vars_files: + - "config.yml" tasks: - include_tasks: "tasks/encrypt.yml" - include_tasks: "tasks/docker.yml" diff --git a/tasks/post_install.yml b/tasks/post_install.yml index f737ebb..00ab42e 100644 --- a/tasks/post_install.yml +++ b/tasks/post_install.yml @@ -1,79 +1,16 @@ --- -- name: "Set a password for the root user." - shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt /bin/sh -c 'echo root:{{ root }} | chpasswd -'" -- name: "Enable default services." - shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt rc-update add {{ item.service }} {{ item.runlevel }}" - args: - creates: "/mnt/etc/runlevels/{{ item.runlevel }}/{{ item.service }}" - loop: - - runlevel: "sysinit" - service: "devfs" - - runlevel: "sysinit" - service: "dmesg" - - runlevel: "sysinit" - service: "mdev" - - runlevel: "sysinit" - service: "hwdrivers" - - runlevel: "sysinit" - service: "modloop" - - runlevel: "boot" - service: "modules" - - runlevel: "boot" - service: "sysctl" - - runlevel: "boot" - service: "hostname" - - runlevel: "boot" - service: "bootmisc" - - runlevel: "boot" - service: "syslog-ng" - - runlevel: "shutdown" - service: "mount-ro" - - runlevel: "shutdown" - service: "killprocs" - - runlevel: "shutdown" - service: "savecache" - - runlevel: "default" - service: "networking" - - runlevel: "default" - service: "ipset" - - runlevel: "default" - service: "iptables" - - runlevel: "default" - service: "ip6tables" - - runlevel: "default" - service: "node-exporter" - - runlevel: "default" - service: "sshd" - - runlevel: "boot" - service: "hwclock" - - runlevel: "boot" - service: "swclock" - - runlevel: "default" - service: "ntpd" - name: "Install configuration files." template: src: "templates{{ item }}.j2" dest: "/mnt{{ item }}" mode: "640" - loop: - - /etc/conf.d/iptables - - /etc/conf.d/ip6tables - - /etc/conf.d/tinc.networks - - /etc/conf.d/node-exporter - - /etc/iptables/rules6-save - - /etc/iptables/rules-save - - /etc/ipset.d/blocklist4 - - /etc/ipset.d/blocklist6 - - /etc/syslog-ng/syslog-ng.conf - - /etc/sysctl.d/congestion.conf + loop: "{{ templates }}" - name: "And services." template: src: "templates{{ item }}.j2" dest: "/mnt{{ item }}" mode: "750" - loop: - - /etc/init.d/ntpd - - /etc/init.d/tincd + loop: "{{ custom_services }}" - name: "Create NTP directories." file: state: "directory" @@ -81,5 +18,12 @@ loop: - "/var/NTP" - "/var/lib/ntp" +- name: "Set a password for the root user." + shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt /bin/sh -c 'echo root:{{ root }} | chpasswd -'" +- name: "Enable default services." + shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt rc-update add {{ item.service }} {{ item.runlevel }}" + args: + creates: "/mnt/etc/runlevels/{{ item.runlevel }}/{{ item.service }}" + loop: "{{ services }}" - name: "Reboot!" reboot: