--- # The home-server project produces a multi-purpose setup using Ansible. # Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license. # Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing. ### UPSTREAM BEGIN ⇒ ### - name: pull prerequisites from upstream include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml vars: msg: 'arch-install-scripts' ### ⇐ UPSTREAM BEGIN ### - name: install arch-install-scripts package: name: arch-install-scripts state: present ### UPSTREAM END ⇒ ### - name: merge upstream include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml vars: msg: 'arch-install-scripts' ### ⇐ UPSTREAM END ### - name: send a remote-exec script to the host template: src: templates/DMZ.j2 dest: "/usr/local/bin/{{DMZ}}" mode: 0755 - name: create the DMZ container directory and needed paths file: path: "{{item}}" state: directory mode: 0755 with_items: - "{{front_dir}}" - name: install an Archlinux container shell: > pacstrap -c -d {{front_dir}} $( pacman -Qg base | grep -vE ' (bzip2|dhcpcd|gzip|licenses|linux|lvm2|mdadm|pciutils|reiserfsprogs|systemd-sysvcompat|texinfo|usbutils|xfsprogs)$' | cut -d' ' -f2 ) busybox openssh python etckeeper args: creates: "{{front_dir}}/usr" register: arch - name: enable BusyBox… command: | arch-chroot {{front_dir}} /usr/bin/busybox --install args: creates: "{{front_dir}}/usr/bin/ash" - name: … but not for some binaries file: path: "{{front_dir}}/usr/bin/{{item}}" state: absent when: (arch.changed) with_items: # base-devel needs patch, gawk (owns awk), which - patch - gawk - awk - which # exim owns sendmail - sendmail # spamassassin needs gcc needs binutils owns ar + strings - ar - strings # make needs guile needs texinfo needs gzip + less, own: less, gunzip, gzip, uncompress, zcat - less - gunzip - gzip - uncompress - zcat # util-linux owns setpriv, rfkill - setpriv - rfkill # net-tools owns arp, ifconfig, iptunnel, nameif, netstat, route, slattach - arp - ifconfig - iptunnel - nameif - netstat - route - slattach # vim owns xxd - xxd # php-imagick needs imagemagick needs libtool needs tar - tar - name: copy some files from host to container copy: remote_src: true src: "{{item}}" dest: "{{front_dir}}{{item}}" mode: 0644 with_items: - /etc/pacman.conf - /etc/resolv.conf when: - (arch.changed) - name: create .ssh in the container file: path: "{{front_dir}}/root/.ssh" state: directory mode: 0700 - name: init the container include_role: name: init vars_from: front_chroot.yml - name: init SSH in the container include_role: name: ssh vars_from: front_chroot.yml - name: ensure systemd-nspawn@.service.d exists file: path: /etc/systemd/system/systemd-nspawn@.service.d state: directory mode: 0755 - name: override nspawn default settings for journald copy: src: files/nspawn_override.conf dest: /etc/systemd/system/systemd-nspawn@.service.d/override.conf mode: 0644 - name: enable machines.target systemd: daemon_reload: true name: machines.target state: started enabled: true - name: ensure /etc/systemd/nspawn exists file: path: /etc/systemd/nspawn state: directory mode: 0755 - name: create a unit file for the container copy: src: files/DMZ.nspawn dest: "/etc/systemd/nspawn/{{DMZ}}.nspawn" mode: 0644 - name: enable systemd-nspawn@{{DMZ}}.service systemd: daemon_reload: true name: "systemd-nspawn@{{DMZ}}.service" enabled: true ### LOCAL COMMIT ⇒ ### - name: commit local changes include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml vars: msg: 'DMZ init+SSH' ### ⇐ LOCAL COMMIT ###