yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity
home-server/roles/front/tasks/main.yml

172 lines
4.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 20182023 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
### UPSTREAM BEGIN ⇒ ###
- name: pull prerequisites from upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
vars:
msg: 'arch-install-scripts'
### ⇐ UPSTREAM BEGIN ###
- name: install arch-install-scripts
package:
name: arch-install-scripts
state: present
### UPSTREAM END ⇒ ###
- name: merge upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
vars:
msg: 'arch-install-scripts'
### ⇐ UPSTREAM END ###
- name: send a remote-exec script to the host
template:
src: templates/DMZ.{{env}}.j2
dest: "/usr/local/bin/{{DMZ}}"
mode: 0755
- name: create the DMZ container directory and needed paths
file:
path: "{{item}}"
state: directory
mode: 0755
with_items:
- "{{front_dir}}"
- name: install an Archlinux container
shell: >
pacstrap -c -d {{front_dir}}
$(
LANG=C pacman -Si base
| sed -nr 's/^Depends[^:]*: *//;t ok;b;: ok;s/ +/\n/g;p;q'
| grep -vxE
'bzip2|dhcpcd|gzip|licenses|linux|lvm2|mdadm|pciutils|reiserfsprogs|systemd-sysvcompat|texinfo|usbutils|xfsprogs'
)
busybox openssh python etckeeper
args:
creates: "{{front_dir}}/usr"
register: arch
- name: enable BusyBox…
command: |
arch-chroot {{front_dir}} /usr/bin/busybox --install
args:
creates: "{{front_dir}}/usr/bin/ash"
when:
- (env == 'prod')
- (arch.changed)
- name: … but not for some binaries
file:
path: "{{front_dir}}/usr/bin/{{item}}"
state: absent
when: (arch.changed)
with_items:
# base-devel needs patch, gawk (owns awk), which
- patch
- gawk
- awk
- which
# exim owns sendmail
- sendmail
# spamassassin needs gcc needs binutils owns ar + strings
- ar
- strings
# make needs guile needs texinfo needs gzip + less, own: less, gunzip, gzip, uncompress, zcat
- less
- gunzip
- gzip
- uncompress
- zcat
# util-linux owns setpriv, rfkill
- setpriv
- rfkill
# net-tools owns arp, ifconfig, iptunnel, nameif, netstat, route, slattach
- arp
- ifconfig
- iptunnel
- nameif
- netstat
- route
- slattach
# vim owns xxd
- xxd
# php-imagick needs imagemagick needs libtool needs tar
- tar
- name: copy some files from host to container
copy:
remote_src: true
src: "{{item}}"
dest: "{{front_dir}}{{item}}"
mode: 0644
with_items:
- /etc/pacman.conf
- /etc/resolv.conf
when:
- (arch.changed)
- name: create .ssh in the container
file:
path: "{{front_dir}}/root/.ssh"
state: directory
mode: 0700
- name: init the container
include_role:
name: init
vars_from: front_chroot.{{env}}.yaml
- name: init SSH in the container
include_role:
name: ssh
vars_from: front_chroot.{{env}}.yaml
- name: ensure systemd-nspawn@.service.d exists
file:
path: /etc/systemd/system/systemd-nspawn@.service.d
state: directory
mode: 0755
- name: override nspawn default settings for journald
copy:
src: files/nspawn_override.conf
dest: /etc/systemd/system/systemd-nspawn@.service.d/override.conf
mode: 0644
- name: enable machines.target
systemd:
daemon_reload: true
name: machines.target
state: started
enabled: true
- name: ensure /etc/systemd/nspawn exists
file:
path: /etc/systemd/nspawn
state: directory
mode: 0755
- name: create a unit file for the container
copy:
src: files/DMZ.nspawn
dest: "/etc/systemd/nspawn/{{DMZ}}.nspawn"
mode: 0644
- name: enable systemd-nspawn@{{DMZ}}.service
systemd:
daemon_reload: true
name: "systemd-nspawn@{{DMZ}}.service"
enabled: true
when: (env == 'prod')
### LOCAL COMMIT ⇒ ###
- name: commit local changes
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
vars:
msg: 'DMZ init+SSH'
### ⇐ LOCAL COMMIT ###
Reference in New Issue View Git Blame Copy Permalink