paul/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Fix ansible-lint failures
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul Brinkmeier 2022-09-15 13:48:59 +02:00
parent 9121b5edc0
commit ef9d3d0beb
7 changed files with 63 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/group_vars/misc/vars.yaml
View File

@ -1,3 +1,3 @@
---
ansible_user: andi
ansible_python_interpreter: /usr/bin/python3
ansible_python_interpreter: /usr/bin/python3

26
ansible/playbooks/misc-docker.yaml
View File

@ -1,12 +1,13 @@
---
- hosts: misc
- name: Update Docker configuration on shamash
hosts: misc
tasks:
- name: Add users for running containers
become: yes
become: true
ansible.builtin.user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
create_home: no
create_home: false
state: present
loop:
- name: jupyter
@ -17,13 +18,13 @@
state: present
# All services that are behind Caddy need to be in this network
- name: Create Caddy network
become: yes
become: true
docker_network:
name: caddy-network
state: present
- name: Upload docker configuration
become: yes
copy:
become: true
ansible.builtin.copy:
src: ../../docker
dest: /etc/pbri
# Files should inaccessible to non-root users.
@ -31,19 +32,19 @@
# Directories should be listable
directory_mode: u=rwx,g=rx,o=rx
- name: Create directory for docker volumes
become: yes
file:
become: true
ansible.builtin.file:
path: /var/lib/pbri/docker
state: directory
# Hide contents from non-root users
mode: u=rwx,g=,o=
- name: Set up docker stuff
become: yes
become: true
docker_compose:
project_src: "/etc/pbri/docker/{{ item.name }}"
state: "{{ item.state }}"
build: yes
debug: yes
build: true
debug: true
loop:
- name: caddy
state: present
@ -54,11 +55,10 @@
- name: codi
state: present
- name: Add Notebooks folder
become: yes
become: true
ansible.builtin.file:
path: /home/jupyter/Notebooks
owner: jupyter
group: jupyter
state: directory
mode: 0755

36
ansible/playbooks/misc-setup.yaml
View File

@ -1,39 +1,41 @@
---
- hosts: misc
- name: Basic setup for shamash (packages, Docker, Nix, sshd)
hosts: misc
tasks:
- name: Install basic packages
become: yes
apt:
become: true
ansible.builtin.apt:
name:
- vim
- git
- htop
- tmux
update_cache: yes
update_cache: true
tags:
- apt
- include_role:
- name: Install and set up Docker and docker-compose
ansible.builtin.include_role:
name: docker
- include_role:
- name: Install and set up Nix
ansible.builtin.include_role:
name: install_nix
- name: Install pip prerequisites
become: yes
apt:
become: true
ansible.builtin.apt:
name:
- python3-pip
- python3-setuptools
- python3-virtualenv
- name: Install global python docker package
become: yes
pip:
become: true
ansible.builtin.pip:
name:
- docker
- docker-compose
- requests
- name: Configure sshd
register: sshdconfig
become: yes
copy:
become: true
ansible.builtin.copy:
dest: /etc/ssh/sshd_config.d/00_pbri.conf
mode: u=rw,g=r,o=r
# Included by /etc/ssh/sshd_config before other configuration
@ -44,9 +46,11 @@
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
validate: /usr/sbin/sshd -T -f %s
notify:
- Restart sshd
handlers:
- name: Restart sshd
when: sshdconfig.changed
become: yes
service:
ansible.builtin.service:
name: sshd
state: restarted

6
ansible/playbooks/misc-sites.yaml
View File

@ -1,7 +1,9 @@
---
- hosts: misc
- name: Check out static sites hosted on shamash
hosts: misc
tasks:
- include_role:
- name: Check out static sites
ansible.builtin.include_role:
name: checkout_static_sites
vars:
checkout_static_sites:

4
ansible/roles/checkout_static_sites/tasks/main.yaml
View File

@ -1,6 +1,6 @@
---
- name: Create static site directories
become: yes
become: true
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
@ -9,7 +9,7 @@
group: "{{ item.owner }}"
loop: "{{ checkout_static_sites.checkouts }}"
- name: Check out static site repositories
become: yes
become: true
become_user: "{{ item.owner }}"
ansible.builtin.git:
dest: "{{ item.path }}"

41
ansible/roles/docker/tasks/main.yaml
View File

@ -1,38 +1,41 @@
---
- name: Install Docker installation prerequisites
become: yes
apt:
update_cache: yes
state: latest
become: true
ansible.builtin.apt:
update_cache: true
# Don't upgrade, only make sure that the packages are present
# state: latest
name:
- ca-certificates
- curl
- gnupg
- lsb-release
- name: Add Docker GPG key
become: yes
shell: "curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg"
- name: Add Docker GPG key # noqa command-instead-of-module risky-shell-pipe
become: true
ansible.builtin.shell: "curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg"
args:
creates: /usr/share/keyrings/docker-archive-keyring.gpg
- name: Retrieve dpkg architecture
shell: dpkg --print-architecture
- name: Retrieve dpkg architecture # noqa command-instead-of-shell
ansible.builtin.shell: dpkg --print-architecture
register: dpkg_architecture
changed_when: False
changed_when: false
- name: Add Docker apt repository
become: yes
template:
become: true
ansible.builtin.template:
src: docker.list.j2
dest: /etc/apt/sources.list.d/docker.list
mode: 0644
- name: Install Docker
become: yes
apt:
update_cache: yes
state: latest
become: true
ansible.builtin.apt:
update_cache: true
# Don't upgrade, only make sure that the packages are present
# state: latest
name:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-ce
- docker-ce-cli
- containerd.io

2
ansible/roles/install_nix/tasks/main.yaml
View File

@ -1,7 +1,7 @@
---
# Obvious race condition here that we are just going to ignore
- name: Copy Nix installation script
become: yes
become: true
ansible.builtin.copy:
src: install-nix
dest: /etc/pbri/install-nix