Sutty/ansible-alpine-host
5
0
Fork 0
Code Issues 3 Pull requests Projects Releases Wiki Activity

Compare commits

base: Sutty:b7da716e6441f4b71b45a938ebf40196d16aa414
Branches Tags
Sutty:antifascista
...
compare: Sutty:eb662f27d94f18c2288c7220c3aafdbb2e1263bf
Branches Tags
Sutty:antifascista

3 commits
b7da716e64 ... eb662f27d9

Author SHA1 Message Date
f
eb662f27d9 Use quotes 2022-07-02 21:40:01 -03:00
f
b32e1c2e79 Update the system 2022-07-02 21:22:51 -03:00
f
7c66739691 Move configuration to a reusable file 2022-07-02 21:21:57 -03:00
5 changed files with 120 additions and 91 deletions
Show stats Expand all files Collapse all files

29
alpines.yml
View file

@ -3,31 +3,10 @@
remote_user: "root" remote_user: "root"
strategy: "free" strategy: "free"
vars: vars:
alpine_version: 3.16 alpine_version: "3.16"
apk_version: 2.12.9-r3 apk_version: "2.12.9-r3"
log_server: "EKU:MEN:IP:ADD::RESS" vars_files:
packages: - "config.yml"
- alpine-base
- linux-virt
- syslinux
- cryptsetup
- btrfs-progs
- openssh-server
- docker
- docker-py
- syslog-ng
- syslog-ng-openrc
- ipset
- ipset-openrc
- iptables
- ip6tables
- iptables-openrc
- tinc
- prometheus-node-exporter
- prometheus-node-exporter-openrc
- htop
- rsync
- ntpsec
tasks: tasks:
- include_tasks: "tasks/partition.yml" - include_tasks: "tasks/partition.yml"
- include_tasks: "tasks/encrypt.yml" - include_tasks: "tasks/encrypt.yml"

83
config.yml Normal file
View file

@ -0,0 +1,83 @@
---
log_server: "syslog-ng.urras.sutty.nl"
packages:
- "alpine-base"
- "linux-virt"
- "syslinux"
- "cryptsetup"
- "btrfs-progs"
- "openssh-server"
- "docker"
- "docker-py"
- "syslog-ng"
- "syslog-ng-openrc"
- "ipset"
- "ipset-openrc"
- "iptables"
- "ip6tables"
- "iptables-openrc"
- "tinc"
- "prometheus-node-exporter"
- "prometheus-node-exporter-openrc"
- "htop"
- "rsync"
- "ntpsec"
templates:
- "/etc/conf.d/iptables"
- "/etc/conf.d/ip6tables"
- "/etc/conf.d/tinc.networks"
- "/etc/conf.d/node-exporter"
- "/etc/iptables/rules6-save"
- "/etc/iptables/rules-save"
- "/etc/ipset.d/blocklist4"
- "/etc/ipset.d/blocklist6"
- "/etc/syslog-ng/syslog-ng.conf"
- "/etc/sysctl.d/congestion.conf"
services:
- runlevel: "sysinit"
service: "devfs"
- runlevel: "sysinit"
service: "dmesg"
- runlevel: "sysinit"
service: "mdev"
- runlevel: "sysinit"
service: "hwdrivers"
- runlevel: "sysinit"
service: "modloop"
- runlevel: "boot"
service: "modules"
- runlevel: "boot"
service: "sysctl"
- runlevel: "boot"
service: "hostname"
- runlevel: "boot"
service: "bootmisc"
- runlevel: "boot"
service: "syslog-ng"
- runlevel: "shutdown"
service: "mount-ro"
- runlevel: "shutdown"
service: "killprocs"
- runlevel: "shutdown"
service: "savecache"
- runlevel: "default"
service: "networking"
- runlevel: "default"
service: "ipset"
- runlevel: "default"
service: "iptables"
- runlevel: "default"
service: "ip6tables"
- runlevel: "default"
service: "node-exporter"
- runlevel: "default"
service: "sshd"
- runlevel: "boot"
service: "hwclock"
- runlevel: "boot"
service: "swclock"
- runlevel: "default"
service: "ntpd"
custom_services:
- "/etc/init.d/ntpd"
- "/etc/init.d/tincd"

5
dockers.yml
View file

@ -2,7 +2,10 @@
- hosts: "dockers" - hosts: "dockers"
remote_user: "root" remote_user: "root"
strategy: "free" strategy: "free"
vars_files:
- "config.yml"
tasks: tasks:
- include_tasks: "tasks/update.yml"
- include_tasks: "tasks/ekumen.yml"
- include_tasks: "tasks/encrypt.yml" - include_tasks: "tasks/encrypt.yml"
- include_tasks: "tasks/docker.yml" - include_tasks: "tasks/docker.yml"
- include_tasks: "tasks/ekumen.yml"

74
tasks/post_install.yml
View file

@ -1,79 +1,16 @@
--- ---
- name: "Set a password for the root user."
shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt /bin/sh -c 'echo root:{{ root }} | chpasswd -'"
- name: "Enable default services."
shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt rc-update add {{ item.service }} {{ item.runlevel }}"
args:
creates: "/mnt/etc/runlevels/{{ item.runlevel }}/{{ item.service }}"
loop:
- runlevel: "sysinit"
service: "devfs"
- runlevel: "sysinit"
service: "dmesg"
- runlevel: "sysinit"
service: "mdev"
- runlevel: "sysinit"
service: "hwdrivers"
- runlevel: "sysinit"
service: "modloop"
- runlevel: "boot"
service: "modules"
- runlevel: "boot"
service: "sysctl"
- runlevel: "boot"
service: "hostname"
- runlevel: "boot"
service: "bootmisc"
- runlevel: "boot"
service: "syslog-ng"
- runlevel: "shutdown"
service: "mount-ro"
- runlevel: "shutdown"
service: "killprocs"
- runlevel: "shutdown"
service: "savecache"
- runlevel: "default"
service: "networking"
- runlevel: "default"
service: "ipset"
- runlevel: "default"
service: "iptables"
- runlevel: "default"
service: "ip6tables"
- runlevel: "default"
service: "node-exporter"
- runlevel: "default"
service: "sshd"
- runlevel: "boot"
service: "hwclock"
- runlevel: "boot"
service: "swclock"
- runlevel: "default"
service: "ntpd"
- name: "Install configuration files." - name: "Install configuration files."
template: template:
src: "templates{{ item }}.j2" src: "templates{{ item }}.j2"
dest: "/mnt{{ item }}" dest: "/mnt{{ item }}"
mode: "640" mode: "640"
loop: loop: "{{ templates }}"
- /etc/conf.d/iptables
- /etc/conf.d/ip6tables
- /etc/conf.d/tinc.networks
- /etc/conf.d/node-exporter
- /etc/iptables/rules6-save
- /etc/iptables/rules-save
- /etc/ipset.d/blocklist4
- /etc/ipset.d/blocklist6
- /etc/syslog-ng/syslog-ng.conf
- /etc/sysctl.d/congestion.conf
- name: "And services." - name: "And services."
template: template:
src: "templates{{ item }}.j2" src: "templates{{ item }}.j2"
dest: "/mnt{{ item }}" dest: "/mnt{{ item }}"
mode: "750" mode: "750"
loop: loop: "{{ custom_services }}"
- /etc/init.d/ntpd
- /etc/init.d/tincd
- name: "Create NTP directories." - name: "Create NTP directories."
file: file:
state: "directory" state: "directory"
@ -81,5 +18,12 @@
loop: loop:
- "/var/NTP" - "/var/NTP"
- "/var/lib/ntp" - "/var/lib/ntp"
- name: "Set a password for the root user."
shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt /bin/sh -c 'echo root:{{ root }} | chpasswd -'"
- name: "Enable default services."
shell: "PATH=/usr/bin:/usr/sbin:/bin:/sbin chroot /mnt rc-update add {{ item.service }} {{ item.runlevel }}"
args:
creates: "/mnt/etc/runlevels/{{ item.runlevel }}/{{ item.service }}"
loop: "{{ services }}"
- name: "Reboot!" - name: "Reboot!"
reboot: reboot:

20
tasks/update.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: "Upgrade system."
shell: "mount -o remount,rw /boot && apk update && apk upgrade && mount -o remount,ro /boot"
- name: "Upgrade configuration files if needed."
template:
src: "templates{{ item }}.j2"
dest: "{{ item }}"
mode: "640"
loop: "{{ templates }}"
- name: "And services."
template:
src: "templates{{ item }}.j2"
dest: "{{ item }}"
mode: "750"
loop: "{{ custom_services }}"
- name: "Enable services."
shell: "rc-update add {{ item.service }} {{ item.runlevel }}"
args:
creates: "/etc/runlevels/{{ item.runlevel }}/{{ item.service }}"
loop: "{{ services }}"