Use quotes

Update the system
Move configuration to a reusable file
2022-07-02 21:40:01 -03:00 · 2022-07-02 21:22:51 -03:00 · 2022-07-02 21:21:57 -03:00
5 changed files with 120 additions and 91 deletions
--- a/alpines.yml
+++ b/alpines.yml
@ -3,31 +3,10 @@
  remote_user: "root"
  strategy: "free"
  vars:
-    alpine_version: 3.16
-    apk_version: 2.12.9-r3
-    log_server: "EKU:MEN:IP:ADD::RESS"
-    packages:
-    - alpine-base
-    - linux-virt
-    - syslinux
-    - cryptsetup
-    - btrfs-progs
-    - openssh-server
-    - docker
-    - docker-py
-    - syslog-ng
-    - syslog-ng-openrc
-    - ipset
-    - ipset-openrc
-    - iptables
-    - ip6tables
-    - iptables-openrc
-    - tinc
-    - prometheus-node-exporter
-    - prometheus-node-exporter-openrc
-    - htop
-    - rsync
-    - ntpsec
+    alpine_version: "3.16"
+    apk_version: "2.12.9-r3"
+  vars_files:
+  - "config.yml"
  tasks:
  - include_tasks: "tasks/partition.yml"
  - include_tasks: "tasks/encrypt.yml"
--- a/config.yml
+++ b/config.yml
@ -0,0 +1,83 @@
+---
+log_server: "syslog-ng.urras.sutty.nl"
+packages:
+- "alpine-base"
+- "linux-virt"
+- "syslinux"
+- "cryptsetup"
+- "btrfs-progs"
+- "openssh-server"
+- "docker"
+- "docker-py"
+- "syslog-ng"
+- "syslog-ng-openrc"
+- "ipset"
+- "ipset-openrc"
+- "iptables"
+- "ip6tables"
+- "iptables-openrc"
+- "tinc"
+- "prometheus-node-exporter"
+- "prometheus-node-exporter-openrc"
+- "htop"
+- "rsync"
+- "ntpsec"
+templates:
+- "/etc/conf.d/iptables"
+- "/etc/conf.d/ip6tables"
+- "/etc/conf.d/tinc.networks"
+- "/etc/conf.d/node-exporter"
+- "/etc/iptables/rules6-save"
+- "/etc/iptables/rules-save"
+- "/etc/ipset.d/blocklist4"
+- "/etc/ipset.d/blocklist6"
+- "/etc/syslog-ng/syslog-ng.conf"
+- "/etc/sysctl.d/congestion.conf"
+services:
+- runlevel: "sysinit"
+  service: "devfs"
+- runlevel: "sysinit"
+  service: "dmesg"
+- runlevel: "sysinit"
+  service: "mdev"
+- runlevel: "sysinit"
+  service: "hwdrivers"
+- runlevel: "sysinit"
+  service: "modloop"
+- runlevel: "boot"
+  service: "modules"
+- runlevel: "boot"
+  service: "sysctl"
+- runlevel: "boot"
+  service: "hostname"
+- runlevel: "boot"
+  service: "bootmisc"
+- runlevel: "boot"
+  service: "syslog-ng"
+- runlevel: "shutdown"
+  service: "mount-ro"
+- runlevel: "shutdown"
+  service: "killprocs"
+- runlevel: "shutdown"
+  service: "savecache"
+- runlevel: "default"
+  service: "networking"
+- runlevel: "default"
+  service: "ipset"
+- runlevel: "default"
+  service: "iptables"
+- runlevel: "default"
+  service: "ip6tables"
+- runlevel: "default"
+  service: "node-exporter"
+- runlevel: "default"
+  service: "sshd"
+- runlevel: "boot"
+  service: "hwclock"
+- runlevel: "boot"
+  service: "swclock"
+- runlevel: "default"
+  service: "ntpd"
+custom_services:
+- "/etc/init.d/ntpd"
+- "/etc/init.d/tincd"
--- a/dockers.yml
+++ b/dockers.yml
@ -2,7 +2,10 @@
 - hosts: "dockers"
  remote_user: "root"
  strategy: "free"
+  vars_files:
+  - "config.yml"
  tasks:
+  - include_tasks: "tasks/update.yml"
+  - include_tasks: "tasks/ekumen.yml"
  - include_tasks: "tasks/encrypt.yml"
  - include_tasks: "tasks/docker.yml"
-  - include_tasks: "tasks/ekumen.yml"
--- a/tasks/post_install.yml
+++ b/tasks/post_install.yml
@ -1,79 +1,16 @@
 ---
- name: "Set a password for the root user."
-  shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt /bin/sh -c 'echo root:{{ root }} | chpasswd -'"
- name: "Enable default services."
-  shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt rc-update add {{ item.service }} {{ item.runlevel }}"
-  args:
-    creates: "/mnt/etc/runlevels/{{ item.runlevel }}/{{ item.service }}"
-  loop:
-  - runlevel: "sysinit"
-    service: "devfs"
-  - runlevel: "sysinit"
-    service: "dmesg"
-  - runlevel: "sysinit"
-    service: "mdev"
-  - runlevel: "sysinit"
-    service: "hwdrivers"
-  - runlevel: "sysinit"
-    service: "modloop"
-  - runlevel: "boot"
-    service: "modules"
-  - runlevel: "boot"
-    service: "sysctl"
-  - runlevel: "boot"
-    service: "hostname"
-  - runlevel: "boot"
-    service: "bootmisc"
-  - runlevel: "boot"
-    service: "syslog-ng"
-  - runlevel: "shutdown"
-    service: "mount-ro"
-  - runlevel: "shutdown"
-    service: "killprocs"
-  - runlevel: "shutdown"
-    service: "savecache"
-  - runlevel: "default"
-    service: "networking"
-  - runlevel: "default"
-    service: "ipset"
-  - runlevel: "default"
-    service: "iptables"
-  - runlevel: "default"
-    service: "ip6tables"
-  - runlevel: "default"
-    service: "node-exporter"
-  - runlevel: "default"
-    service: "sshd"
-  - runlevel: "boot"
-    service: "hwclock"
-  - runlevel: "boot"
-    service: "swclock"
-  - runlevel: "default"
-    service: "ntpd"
 - name: "Install configuration files."
  template:
    src: "templates{{ item }}.j2"
    dest: "/mnt{{ item }}"
    mode: "640"
-  loop:
-  - /etc/conf.d/iptables
-  - /etc/conf.d/ip6tables
-  - /etc/conf.d/tinc.networks
-  - /etc/conf.d/node-exporter
-  - /etc/iptables/rules6-save
-  - /etc/iptables/rules-save
-  - /etc/ipset.d/blocklist4
-  - /etc/ipset.d/blocklist6
-  - /etc/syslog-ng/syslog-ng.conf
-  - /etc/sysctl.d/congestion.conf
+  loop: "{{ templates }}"
 - name: "And services."
  template:
    src: "templates{{ item }}.j2"
    dest: "/mnt{{ item }}"
    mode: "750"
-  loop:
-  - /etc/init.d/ntpd
-  - /etc/init.d/tincd
+  loop: "{{ custom_services }}"
 - name: "Create NTP directories."
  file:
    state: "directory"
@ -81,5 +18,12 @@
  loop:
  - "/var/NTP"
  - "/var/lib/ntp"
+- name: "Set a password for the root user."
+  shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt /bin/sh -c 'echo root:{{ root }} | chpasswd -'"
+- name: "Enable default services."
+  shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt rc-update add {{ item.service }} {{ item.runlevel }}"
+  args:
+    creates: "/mnt/etc/runlevels/{{ item.runlevel }}/{{ item.service }}"
+  loop: "{{ services }}"
 - name: "Reboot!"
  reboot:
--- a/tasks/update.yml
+++ b/tasks/update.yml
@ -0,0 +1,20 @@
+---
+- name: "Upgrade system."
+  shell: "mount -o remount,rw /boot && apk update && apk upgrade && mount -o remount,ro /boot"
+- name: "Upgrade configuration files if needed."
+  template:
+    src: "templates{{ item }}.j2"
+    dest: "{{ item }}"
+    mode: "640"
+  loop: "{{ templates }}"
+- name: "And services."
+  template:
+    src: "templates{{ item }}.j2"
+    dest: "{{ item }}"
+    mode: "750"
+  loop: "{{ custom_services }}"
+- name: "Enable services."
+  shell: "rc-update add {{ item.service }} {{ item.runlevel }}"
+  args:
+    creates: "/etc/runlevels/{{ item.runlevel }}/{{ item.service }}"
+  loop: "{{ services }}"
Author	SHA1	Message	Date
f	eb662f27d9	Use quotes	2022-07-02 21:40:01 -03:00
f	b32e1c2e79	Update the system	2022-07-02 21:22:51 -03:00
f	7c66739691	Move configuration to a reusable file	2022-07-02 21:21:57 -03:00