From 52adb6b2404ddc21916692f806914520d1f2aff4 Mon Sep 17 00:00:00 2001 From: Jakob Meier Date: Sat, 22 Jul 2023 20:47:16 +0200 Subject: [PATCH] Initial commit, pulling the base system setup from my VPS infra setup --- .gitignore | 4 +++ .gitmodules | 3 ++ LICENSE | 21 +++++++++++++ README.org | 66 +++++++++++++++++++++++++++++++++++++++++ ansible.cfg | 8 +++++ group_vars/all/vars.yml | 11 +++++++ roles/infra | 1 + run.yml | 14 +++++++++ 8 files changed, 128 insertions(+) create mode 100644 .gitignore create mode 100644 .gitmodules create mode 100644 LICENSE create mode 100644 README.org create mode 100644 ansible.cfg create mode 100644 group_vars/all/vars.yml create mode 160000 roles/infra create mode 100644 run.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4702287 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +hosts.yml +group_vars/all/secret.yaml +output/ +!output/README.org diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..7810631 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "roles/infra"] + path = roles/infra + url = https://codeberg.org/comcloudway/infra diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b735160 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 Jakob Meier + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.org b/README.org new file mode 100644 index 0000000..f69dc66 --- /dev/null +++ b/README.org @@ -0,0 +1,66 @@ +* anaNAS +Ansible Playbook to provision an Alpine Linux bases NAS. + +Keep in mind, that this playbook is intended to be used with a home NAS, +that is not necessarily exposed to the internet. + +[[https://de.wikipedia.org/wiki/Ananas][Ananas]] is the German name for pineapple, +and as you might have noticed, contains the letters ~NAS~. + +* Requirements +- ~ansible~ (~ansible-core~ is not enough, as I'm using ~community~ packages) +- ~ssh~ + +* Running +As you might have noticed, from the ~.gitignore~, +this repo does not contain the ~secret.yml~ nor the ~hosts.yml~, +that is because they are meant to stay secret and you have to write your own. + +For more information on the ~hosts.yml~ file, +see the [[https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html][How to build your inventory]] ansible wiki. + +To setup the secret store, run the following command: +(and add the ~password:~ variable in there) +#+begin_src bash +ansible-vault create group_vars/all/secret.yaml +#+end_src + +After creating the password store, +you can run the playbook +#+begin_src bash +ansible-playbook run.yml -K --ask-vault-pass +#+end_src + +To edit the password store at a later date, +run the following command: +#+begin_src bash +ansible-vault edit group_vars/all/secret.yml +#+end_src + +Additionally you have to install ~python3~ on the host machine. + +To avoid having to type your ssh password, +you probably want to copy your ssh key to the machine as well: +#+begin_src bash + ssh-copy-id root@ +#+end_src + +*** Example hosts.yml +#+begin_src yaml +--- +homenas: + hosts: + ananas: + ansible_host: + ansible_user: {{ user }} + ansible_connection: ssh + ansible_ssh_private_key_file: /home//.ssh/id_rsa + ansible_python_interpreter: /usr/bin/python + ansible_become_method: doas +#+end_src + +* Additional resources +- [[https://www.youtube.com/watch?v=Z7p9-m4cimg][Ansible IaC Deep Dive (Wolfang's Channel)]] +- [[https://www.redhat.com/sysadmin/ansible-templates-configuration][Ansible template guide]] +- [[https://docs.ansible.com/ansible/latest/collections/community/docker/docker_container_module.html#ansible-collections-community-docker-docker-container-module][Ansible community docker container module]] +- [[https://codeberg.org/comcloudway/infra][My VPS infrastructure]] diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..732687a --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,8 @@ +[defaults] +inventory = hosts.yml +# disable cowsay - yes it looks beatiful, but is bloats the output +nocows = True + +[ssh_connections] +# significantly speed up ssh +pipelining = true diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml new file mode 100644 index 0000000..fe47c9e --- /dev/null +++ b/group_vars/all/vars.yml @@ -0,0 +1,11 @@ +--- +username: user +base_packages: + - pfetch + - neovim + - exa + - htop + - doas +shell: /bin/ash +docker_subid: "100000:65536" +container_dir: "/home/{{ username }}" diff --git a/roles/infra b/roles/infra new file mode 160000 index 0000000..bcd8089 --- /dev/null +++ b/roles/infra @@ -0,0 +1 @@ +Subproject commit bcd8089add031e07e977926488797bbc899647e0 diff --git a/run.yml b/run.yml new file mode 100644 index 0000000..478724f --- /dev/null +++ b/run.yml @@ -0,0 +1,14 @@ +--- +############################################ +# SETUP BASE SYSTEM +# taken from my infra repo +# has to run as root (and overwrite the user setting from the hosts.yml) +############################################ +- name: Setup base system + hosts: all + remote_user: root + vars: + ansible_ssh_user: root + roles: + - role: infra/roles/system + tags: system -- 2.38.5