168 lines
3.9 KiB
YAML
168 lines
3.9 KiB
YAML
---
|
|
# The home-server project produces a multi-purpose setup using Ansible.
|
|
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
|
|
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
|
|
|
### UPSTREAM BEGIN ⇒ ###
|
|
- name: pull prerequisites from upstream
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=upstream.yml
|
|
vars:
|
|
msg: 'arch-install-scripts'
|
|
### ⇐ UPSTREAM BEGIN ###
|
|
|
|
- name: install arch-install-scripts
|
|
package:
|
|
name: arch-install-scripts
|
|
state: present
|
|
|
|
### UPSTREAM END ⇒ ###
|
|
- name: merge upstream
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
|
|
vars:
|
|
msg: 'arch-install-scripts'
|
|
### ⇐ UPSTREAM END ###
|
|
|
|
- name: send a remote-exec script to the host
|
|
template:
|
|
src: templates/DMZ.j2
|
|
dest: "/usr/local/bin/{{DMZ}}"
|
|
mode: 0755
|
|
|
|
- name: create the DMZ container directory and needed paths
|
|
file:
|
|
path: "{{item}}"
|
|
state: directory
|
|
mode: 0755
|
|
with_items:
|
|
- "{{front_dir}}"
|
|
|
|
- name: install an Archlinux container
|
|
shell: >
|
|
pacstrap -c -d {{front_dir}}
|
|
$(
|
|
pacman -Qg base
|
|
| grep -vE
|
|
' (bzip2|dhcpcd|gzip|licenses|linux|lvm2|mdadm|pciutils|reiserfsprogs|systemd-sysvcompat|texinfo|usbutils|xfsprogs)$'
|
|
| cut -d' ' -f2
|
|
)
|
|
busybox openssh python etckeeper
|
|
args:
|
|
creates: "{{front_dir}}/usr"
|
|
register: arch
|
|
|
|
- name: enable BusyBox…
|
|
command: |
|
|
arch-chroot {{front_dir}} /usr/bin/busybox --install
|
|
args:
|
|
creates: "{{front_dir}}/usr/bin/ash"
|
|
|
|
- name: … but not for some binaries
|
|
file:
|
|
path: "{{front_dir}}/usr/bin/{{item}}"
|
|
state: absent
|
|
when: (arch.changed)
|
|
with_items:
|
|
# base-devel needs patch, gawk (owns awk), which
|
|
- patch
|
|
- gawk
|
|
- awk
|
|
- which
|
|
# exim owns sendmail
|
|
- sendmail
|
|
# spamassassin needs gcc needs binutils owns ar + strings
|
|
- ar
|
|
- strings
|
|
# make needs guile needs texinfo needs gzip + less, own: less, gunzip, gzip, uncompress, zcat
|
|
- less
|
|
- gunzip
|
|
- gzip
|
|
- uncompress
|
|
- zcat
|
|
# util-linux owns setpriv, rfkill
|
|
- setpriv
|
|
- rfkill
|
|
# net-tools owns arp, ifconfig, iptunnel, nameif, netstat, route, slattach
|
|
- arp
|
|
- ifconfig
|
|
- iptunnel
|
|
- nameif
|
|
- netstat
|
|
- route
|
|
- slattach
|
|
# vim owns xxd
|
|
- xxd
|
|
# php-imagick needs imagemagick needs libtool needs tar
|
|
- tar
|
|
|
|
- name: copy some files from host to container
|
|
copy:
|
|
remote_src: true
|
|
src: "{{item}}"
|
|
dest: "{{front_dir}}{{item}}"
|
|
mode: 0644
|
|
with_items:
|
|
- /etc/pacman.conf
|
|
- /etc/resolv.conf
|
|
when:
|
|
- (arch.changed)
|
|
|
|
- name: create .ssh in the container
|
|
file:
|
|
path: "{{front_dir}}/root/.ssh"
|
|
state: directory
|
|
mode: 0700
|
|
|
|
- name: init the container
|
|
include_role:
|
|
name: init
|
|
vars_from: front_chroot.yml
|
|
|
|
- name: init SSH in the container
|
|
include_role:
|
|
name: ssh
|
|
vars_from: front_chroot.yml
|
|
|
|
- name: ensure systemd-nspawn@.service.d exists
|
|
file:
|
|
path: /etc/systemd/system/systemd-nspawn@.service.d
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: override nspawn default settings for journald
|
|
copy:
|
|
src: files/nspawn_override.conf
|
|
dest: /etc/systemd/system/systemd-nspawn@.service.d/override.conf
|
|
mode: 0644
|
|
|
|
- name: enable machines.target
|
|
systemd:
|
|
daemon_reload: true
|
|
name: machines.target
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: ensure /etc/systemd/nspawn exists
|
|
file:
|
|
path: /etc/systemd/nspawn
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: create a unit file for the container
|
|
copy:
|
|
src: files/DMZ.nspawn
|
|
dest: "/etc/systemd/nspawn/{{DMZ}}.nspawn"
|
|
mode: 0644
|
|
|
|
- name: enable systemd-nspawn@{{DMZ}}.service
|
|
systemd:
|
|
daemon_reload: true
|
|
name: "systemd-nspawn@{{DMZ}}.service"
|
|
enabled: true
|
|
|
|
### LOCAL COMMIT ⇒ ###
|
|
- name: commit local changes
|
|
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
|
|
vars:
|
|
msg: 'DMZ init+SSH'
|
|
### ⇐ LOCAL COMMIT ###
|