172 lines
4.1 KiB
YAML
172 lines
4.1 KiB
YAML
---
|
||
# The home-server project produces a multi-purpose setup using Ansible.
|
||
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
|
||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||
|
||
### UPSTREAM BEGIN ⇒ ###
|
||
- name: pull prerequisites from upstream
|
||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
|
||
vars:
|
||
msg: 'arch-install-scripts'
|
||
### ⇐ UPSTREAM BEGIN ###
|
||
|
||
- name: install arch-install-scripts
|
||
package:
|
||
name: arch-install-scripts
|
||
state: present
|
||
|
||
### UPSTREAM END ⇒ ###
|
||
- name: merge upstream
|
||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
|
||
vars:
|
||
msg: 'arch-install-scripts'
|
||
### ⇐ UPSTREAM END ###
|
||
|
||
- name: send a remote-exec script to the host
|
||
template:
|
||
src: templates/DMZ.{{env}}.j2
|
||
dest: "/usr/local/bin/{{DMZ}}"
|
||
mode: 0755
|
||
|
||
- name: create the DMZ container directory and needed paths
|
||
file:
|
||
path: "{{item}}"
|
||
state: directory
|
||
mode: 0755
|
||
with_items:
|
||
- "{{front_dir}}"
|
||
|
||
- name: install an Archlinux container
|
||
shell: >
|
||
pacstrap -c -d {{front_dir}}
|
||
$(
|
||
LANG=C pacman -Si base
|
||
| sed -nr 's/^Depends[^:]*: *//;t ok;b;: ok;s/ +/\n/g;p;q'
|
||
| grep -vxE
|
||
'bzip2|dhcpcd|gzip|licenses|linux|lvm2|mdadm|pciutils|reiserfsprogs|systemd-sysvcompat|texinfo|usbutils|xfsprogs'
|
||
)
|
||
busybox openssh python etckeeper
|
||
args:
|
||
creates: "{{front_dir}}/usr"
|
||
register: arch
|
||
|
||
- name: enable BusyBox…
|
||
command: |
|
||
arch-chroot {{front_dir}} /usr/bin/busybox --install
|
||
args:
|
||
creates: "{{front_dir}}/usr/bin/ash"
|
||
when:
|
||
- (env == 'prod')
|
||
- (arch.changed)
|
||
|
||
- name: … but not for some binaries
|
||
file:
|
||
path: "{{front_dir}}/usr/bin/{{item}}"
|
||
state: absent
|
||
when: (arch.changed)
|
||
with_items:
|
||
# base-devel needs patch, gawk (owns awk), which
|
||
- patch
|
||
- gawk
|
||
- awk
|
||
- which
|
||
# exim owns sendmail
|
||
- sendmail
|
||
# spamassassin needs gcc needs binutils owns ar + strings
|
||
- ar
|
||
- strings
|
||
# make needs guile needs texinfo needs gzip + less, own: less, gunzip, gzip, uncompress, zcat
|
||
- less
|
||
- gunzip
|
||
- gzip
|
||
- uncompress
|
||
- zcat
|
||
# util-linux owns setpriv, rfkill
|
||
- setpriv
|
||
- rfkill
|
||
# net-tools owns arp, ifconfig, iptunnel, nameif, netstat, route, slattach
|
||
- arp
|
||
- ifconfig
|
||
- iptunnel
|
||
- nameif
|
||
- netstat
|
||
- route
|
||
- slattach
|
||
# vim owns xxd
|
||
- xxd
|
||
# php-imagick needs imagemagick needs libtool needs tar
|
||
- tar
|
||
|
||
- name: copy some files from host to container
|
||
copy:
|
||
remote_src: true
|
||
src: "{{item}}"
|
||
dest: "{{front_dir}}{{item}}"
|
||
mode: 0644
|
||
with_items:
|
||
- /etc/pacman.conf
|
||
- /etc/resolv.conf
|
||
when:
|
||
- (arch.changed)
|
||
|
||
- name: create .ssh in the container
|
||
file:
|
||
path: "{{front_dir}}/root/.ssh"
|
||
state: directory
|
||
mode: 0700
|
||
|
||
- name: init the container
|
||
include_role:
|
||
name: init
|
||
vars_from: front_chroot.{{env}}.yaml
|
||
|
||
- name: init SSH in the container
|
||
include_role:
|
||
name: ssh
|
||
vars_from: front_chroot.{{env}}.yaml
|
||
|
||
- name: ensure systemd-nspawn@.service.d exists
|
||
file:
|
||
path: /etc/systemd/system/systemd-nspawn@.service.d
|
||
state: directory
|
||
mode: 0755
|
||
|
||
- name: override nspawn default settings for journald
|
||
copy:
|
||
src: files/nspawn_override.conf
|
||
dest: /etc/systemd/system/systemd-nspawn@.service.d/override.conf
|
||
mode: 0644
|
||
|
||
- name: enable machines.target
|
||
systemd:
|
||
daemon_reload: true
|
||
name: machines.target
|
||
state: started
|
||
enabled: true
|
||
|
||
- name: ensure /etc/systemd/nspawn exists
|
||
file:
|
||
path: /etc/systemd/nspawn
|
||
state: directory
|
||
mode: 0755
|
||
|
||
- name: create a unit file for the container
|
||
copy:
|
||
src: files/DMZ.nspawn
|
||
dest: "/etc/systemd/nspawn/{{DMZ}}.nspawn"
|
||
mode: 0644
|
||
|
||
- name: enable systemd-nspawn@{{DMZ}}.service
|
||
systemd:
|
||
daemon_reload: true
|
||
name: "systemd-nspawn@{{DMZ}}.service"
|
||
enabled: true
|
||
when: (env == 'prod')
|
||
|
||
### LOCAL COMMIT ⇒ ###
|
||
- name: commit local changes
|
||
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
||
vars:
|
||
msg: 'DMZ init+SSH'
|
||
### ⇐ LOCAL COMMIT ###
|