~comcloudway/ansible-ananas

52adb6b2404ddc21916692f806914520d1f2aff4 — Jakob Meier 1 year, 1 month ago 
Initial commit,
pulling the base system setup from my VPS infra setup
patch browse .tar.gz 
8 files changed, 128 insertions(+), 0 deletions(-)

A .gitignore
A .gitmodules
A LICENSE
A README.org
A ansible.cfg
A group_vars/all/vars.yml
A roles/infra
A run.yml

A  => .gitignore +4 -0
@@ 1,4 @@
hosts.yml
group_vars/all/secret.yaml
output/
!output/README.org


A  => .gitmodules +3 -0
@@ 1,3 @@
[submodule "roles/infra"]
	path = roles/infra
	url = https://codeberg.org/comcloudway/infra


A  => LICENSE +21 -0
@@ 1,21 @@
MIT License

Copyright (c) 2023 Jakob Meier <comcloudway@ccw.icu>

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.


A  => README.org +66 -0
@@ 1,66 @@
* anaNAS
Ansible Playbook to provision an Alpine Linux bases NAS.

Keep in mind, that this playbook is intended to be used with a home NAS,
that is not necessarily exposed to the internet.

[[https://de.wikipedia.org/wiki/Ananas][Ananas]] is the German name for pineapple,
and as you might have noticed, contains the letters ~NAS~.

* Requirements
- ~ansible~ (~ansible-core~ is not enough, as I'm using ~community~ packages)
- ~ssh~

* Running
As you might have noticed, from the ~.gitignore~,
this repo does not contain the ~secret.yml~ nor the ~hosts.yml~,
that is because they are meant to stay secret and you have to write your own.

For more information on the ~hosts.yml~ file,
see the [[https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html][How to build your inventory]] ansible wiki.

To setup the secret store, run the following command:
(and add the ~password:~ variable in there)
#+begin_src bash
ansible-vault create group_vars/all/secret.yaml
#+end_src

After creating the password store,
you can run the playbook
#+begin_src bash
ansible-playbook run.yml -K --ask-vault-pass
#+end_src

To edit the password store at a later date,
run the following command:
#+begin_src bash
ansible-vault edit group_vars/all/secret.yml
#+end_src

Additionally you have to install ~python3~ on the host machine.

To avoid having to type your ssh password,
you probably want to copy your ssh key to the machine as well:
#+begin_src bash
 ssh-copy-id root@<hostname>
#+end_src

*** Example hosts.yml
#+begin_src yaml
---
homenas:
  hosts:
    ananas:
      ansible_host: <ip>
      ansible_user: {{ user }}
      ansible_connection: ssh
      ansible_ssh_private_key_file: /home/<your-user>/.ssh/id_rsa
      ansible_python_interpreter: /usr/bin/python
      ansible_become_method: doas
#+end_src

* Additional resources
- [[https://www.youtube.com/watch?v=Z7p9-m4cimg][Ansible IaC Deep Dive (Wolfang's Channel)]]
- [[https://www.redhat.com/sysadmin/ansible-templates-configuration][Ansible template guide]]
- [[https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html#ansible-collections-community-docker-docker-container-module][Ansible community docker container module]]
- [[https://codeberg.org/comcloudway/infra][My VPS infrastructure]]


A  => ansible.cfg +8 -0
@@ 1,8 @@
[defaults]
inventory = hosts.yml
# disable cowsay - yes it looks beatiful, but is bloats the output
nocows = True

[ssh_connections]
# significantly speed up ssh
pipelining = true


A  => group_vars/all/vars.yml +11 -0
@@ 1,11 @@
---
username: user
base_packages:
  - pfetch
  - neovim
  - exa
  - htop
  - doas
shell: /bin/ash
docker_subid: "100000:65536"
container_dir: "/home/{{ username }}"


A  => roles/infra +1 -0
@@ 1,1 @@
Subproject commit bcd8089add031e07e977926488797bbc899647e0


A  => run.yml +14 -0
@@ 1,14 @@
---
############################################
# SETUP BASE SYSTEM
# taken from my infra repo
# has to run as root (and overwrite the user setting from the hosts.yml)
############################################
- name: Setup base system
  hosts: all
  remote_user: root
  vars:
    ansible_ssh_user: root
  roles:
    - role: infra/roles/system
      tags: system