From 8b099b4318bafaf9d98167df54067fd4bc550e2a Mon Sep 17 00:00:00 2001
From: Jakob Meier <comcloudway@ccw.icu>
Date: Sun, 11 Jun 2023 15:40:33 +0200
Subject: [PATCH] Added basic playbook

---
 .gitignore              |  1 +
 README.org              |  2 ++
 ansible.cfg             |  6 ++++++
 group_vars/all/vars.yml |  7 +++++++
 run.yml                 |  6 ++++++
 tasks/essential.yml     | 40 ++++++++++++++++++++++++++++++++++++++++
 6 files changed, 62 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.org
 create mode 100644 ansible.cfg
 create mode 100644 group_vars/all/vars.yml
 create mode 100644 run.yml
 create mode 100644 tasks/essential.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1ba9c4b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+hosts.yml
diff --git a/README.org b/README.org
new file mode 100644
index 0000000..deb7bdf
--- /dev/null
+++ b/README.org
@@ -0,0 +1,2 @@
+* ccw.icu infra
+Ansible Playbook I use to provision my Alpine Linux server
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..b1bd625
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,6 @@
+[defaults]
+inventory = hosts.yml
+
+[ssh_connections]
+# significantly speed up ssh
+pipelining = true
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
new file mode 100644
index 0000000..620236f
--- /dev/null
+++ b/group_vars/all/vars.yml
@@ -0,0 +1,7 @@
+username: user
+base_packages:
+  - pfetch
+  - neovim
+  - exa
+  - htop
+  - doas
diff --git a/run.yml b/run.yml
new file mode 100644
index 0000000..c4133f3
--- /dev/null
+++ b/run.yml
@@ -0,0 +1,6 @@
+---
+- hosts: all
+  become: yes
+
+  tasks:
+    - import_tasks: tasks/essential.yml
diff --git a/tasks/essential.yml b/tasks/essential.yml
new file mode 100644
index 0000000..d1d3586
--- /dev/null
+++ b/tasks/essential.yml
@@ -0,0 +1,40 @@
+- name: Disable SSH password auth
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^#PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
+  register: sshd_config
+
+- name: Restart sshd
+  service:
+    name: sshd
+    state: restarted
+  when: sshd_config.changed
+
+- name: Enable ssh on boot
+  service:
+    name: sshd
+    enabled: true
+    state: started
+
+- name: Use alpine edge branch/version
+  replace:
+    path: /etc/apk/repositories
+    regexp: "^http(s)?://dl-cdn.alpinelinux.org/alpine/([^/]+)"
+    replace: "https://dl-cdn.alpinelinux.org/alpine/edge"
+
+- name: Enable Testing repo
+  lineinfile:
+    path: /etc/apk/repositories
+    line: "https://dl-cdn.alpinelinux.org/alpine/edge/testing"
+    search_string: "https://dl-cdn.alpinelinux.org/alpine/edge/testing"
+
+- name: Update Packages
+  community.general.apk:
+    update_cache: true
+    upgrade: true
+
+- name: Install essential packages
+  community.general.apk:
+    name: "{{ base_packages }}"
+    state: latest
-- 
2.38.5