yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity
home-server/roles/front/tasks/main.yml

168 lines
3.9 KiB
YAML
Raw Blame History

---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
### UPSTREAM BEGIN ⇒ ###
- name: pull prerequisites from upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
vars:
msg: 'arch-install-scripts'
### ⇐ UPSTREAM BEGIN ###
- name: install arch-install-scripts
package:
name: arch-install-scripts
state: present
### UPSTREAM END ⇒ ###
- name: merge upstream
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
vars:
msg: 'arch-install-scripts'
### ⇐ UPSTREAM END ###
- name: send a remote-exec script to the host
template:
src: templates/DMZ.j2
dest: "/usr/local/bin/{{DMZ}}"
mode: 0755
- name: create the DMZ container directory and needed paths
file:
path: "{{item}}"
state: directory
mode: 0755
with_items:
- "{{front_dir}}"
- name: install an Archlinux container
shell: >
pacstrap -c -d {{front_dir}}
$(
pacman -Qg base
| grep -vE
' (bzip2|dhcpcd|gzip|licenses|linux|lvm2|mdadm|pciutils|reiserfsprogs|systemd-sysvcompat|texinfo|usbutils|xfsprogs)$'
| cut -d' ' -f2
)
busybox openssh python etckeeper
args:
creates: "{{front_dir}}/usr"
register: arch
- name: enable BusyBox…
command: |
arch-chroot {{front_dir}} /usr/bin/busybox --install
args:
creates: "{{front_dir}}/usr/bin/ash"
- name: … but not for some binaries
file:
path: "{{front_dir}}/usr/bin/{{item}}"
state: absent
when: (arch.changed)
with_items:
# base-devel needs patch, gawk (owns awk), which
- patch
- gawk
- awk
- which
# exim owns sendmail
- sendmail
# spamassassin needs gcc needs binutils owns ar + strings
- ar
- strings
# make needs guile needs texinfo needs gzip + less, own: less, gunzip, gzip, uncompress, zcat
- less
- gunzip
- gzip
- uncompress
- zcat
# util-linux owns setpriv, rfkill
- setpriv
- rfkill
# net-tools owns arp, ifconfig, iptunnel, nameif, netstat, route, slattach
- arp
- ifconfig
- iptunnel
- nameif
- netstat
- route
- slattach
# vim owns xxd
- xxd
# php-imagick needs imagemagick needs libtool needs tar
- tar
- name: copy some files from host to container
copy:
remote_src: true
src: "{{item}}"
dest: "{{front_dir}}{{item}}"
mode: 0644
with_items:
- /etc/pacman.conf
- /etc/resolv.conf
when:
- (arch.changed)
- name: create .ssh in the container
file:
path: "{{front_dir}}/root/.ssh"
state: directory
mode: 0700
- name: init the container
include_role:
name: init
vars_from: front_chroot.yml
- name: init SSH in the container
include_role:
name: ssh
vars_from: front_chroot.yml
- name: ensure systemd-nspawn@.service.d exists
file:
path: /etc/systemd/system/systemd-nspawn@.service.d
state: directory
mode: 0755
- name: override nspawn default settings for journald
copy:
src: files/nspawn_override.conf
dest: /etc/systemd/system/systemd-nspawn@.service.d/override.conf
mode: 0644
- name: enable machines.target
systemd:
daemon_reload: true
name: machines.target
state: started
enabled: true
- name: ensure /etc/systemd/nspawn exists
file:
path: /etc/systemd/nspawn
state: directory
mode: 0755
- name: create a unit file for the container
copy:
src: files/DMZ.nspawn
dest: "/etc/systemd/nspawn/{{DMZ}}.nspawn"
mode: 0644
- name: enable systemd-nspawn@{{DMZ}}.service
systemd:
daemon_reload: true
name: "systemd-nspawn@{{DMZ}}.service"
enabled: true
### LOCAL COMMIT ⇒ ###
- name: commit local changes
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
vars:
msg: 'DMZ init+SSH'
### ⇐ LOCAL COMMIT ###
Reference in New Issue View Git Blame Copy Permalink