il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.0.0 Release IaaS

Browse Source
This commit is contained in:
Il Lee
2026-03-15 04:41:02 +09:00
commit a7365da431
292 changed files with 36059 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
ansible/playbooks/app/site.yaml Normal file
View File

@@ -0,0 +1,185 @@
---
- name: Load secret values
hosts: "console"
gather_facts: false
become: false
tasks:
- name: Load secret from secrets.yaml
ansible.builtin.include_role:
name: "console"
tasks_from: "node/load_secret_vars"
apply:
tags: ["always"]
tags: ["always"]
- name: Site app
hosts: "app"
gather_facts: false
become: false
pre_tasks:
- name: Set become password
ansible.builtin.set_fact:
ansible_become_pass: "{{ hostvars['console']['sudo']['password']['app'] }}"
tags: ["always"]
tasks:
- name: Set timezone to Asia/Seoul
community.general.timezone:
name: Asia/Seoul
become: true
tags: ["init", "timezone"]
- name: Deploy root_ca certificate
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_root_ca"
apply:
tags: ["init", "root_crt"]
tags: ["init", "root_crt"]
- name: Deploy hosts file
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_hosts"
apply:
tags: ["init", "hosts"]
tags: ["init", "hosts"]
- name: Create default directory
ansible.builtin.include_role:
name: "common"
tasks_from: "node/create_default_dir"
apply:
tags: ["init", "default_dir"]
tags: ["init", "default_dir"]
- name: Set ssh host
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_ssh_host"
apply:
tags: ["init", "ssh_host"]
tags: ["init", "ssh_host"]
- name: Set networkd
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_networkd"
apply:
tags: ["init", "networkd"]
tags: ["init", "networkd"]
- name: Set resolved
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_resolved"
apply:
tags: ["init", "resolved"]
tags: ["init", "resolved"]
- name: Update and upgrade apt
ansible.builtin.apt:
upgrade: "dist"
update_cache: true
cache_valid_time: 3600
become: true
tags: ["init", "site", "upgrade-packages"]
- name: Install common packages
ansible.builtin.apt:
name:
- "acl"
- "curl"
- "jq"
- "netcat-openbsd"
- "dbus-user-session"
state: "present"
become: true
tags: ["init", "install-packages"]
- name: Set raid
ansible.builtin.include_role:
name: "app"
tasks_from: "node/set_raid"
apply:
tags: ["init", "raid"]
tags: ["init", "raid"]
- name: Set linger
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_linger"
apply:
tags: ["init", "linger"]
tags: ["init", "linger"]
- name: Set podman
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_podman"
apply:
tags: ["init", "podman"]
tags: ["init", "podman"]
- name: Set nftables
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_nftables"
apply:
tags: ["init", "nftables"]
tags: ["init", "nftables"]
- name: Set crowdsec
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_crowdsec"
apply:
tags: ["site", "crowdsec"]
tags: ["site", "crowdsec"]
- name: Set alloy
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_alloy"
apply:
tags: ["init", "update", "alloy"]
tags: ["init", "update", "alloy"]
- name: Set kopia
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_kopia"
apply:
tags: ["site", "kopia"]
tags: ["site", "kopia"]
- name: Flush handlers right now
ansible.builtin.meta: "flush_handlers"
# Only update iGPU firmware
- name: Install iGPU Firmware
ansible.builtin.apt:
name:
- "firmware-intel-graphics"
- "intel-media-va-driver-non-free"
update_cache: true
state: "present"
become: true
notify:
- "notification_update_initramfs"
- "notification_reboot_app"
tags: ["init"]
handlers:
- name: Update initramfs
ansible.builtin.command:
update-initramfs -u
become: true
changed_when: false
listen: "notification_update_initramfs"
ignore_errors: true # noqa: ignore-errors
- name: Reboot app vm
ansible.builtin.reboot:
reboot_timeout: 300
become: true
listen: "notification_reboot_app"
ignore_errors: true # noqa: ignore-errors

154
ansible/playbooks/auth/site.yaml Normal file
View File

@@ -0,0 +1,154 @@
---
- name: Load secret values
hosts: "console"
gather_facts: false
become: false
tasks:
- name: Load secret from secrets.yaml
ansible.builtin.include_role:
name: "console"
tasks_from: "node/load_secret_vars"
apply:
tags: ["always"]
tags: ["always"]
- name: Site auth
hosts: "auth"
gather_facts: false
become: false
pre_tasks:
- name: Set become password
ansible.builtin.set_fact:
ansible_become_pass: "{{ hostvars['console']['sudo']['password']['auth'] }}"
tags: ["always"]
tasks:
- name: Set timezone to Asia/Seoul
community.general.timezone:
name: Asia/Seoul
become: true
tags: ["init", "timezone"]
- name: Deploy root_ca certificate
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_root_ca"
apply:
tags: ["init", "root_crt"]
tags: ["init", "root_crt"]
- name: Deploy hosts file
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_hosts"
apply:
tags: ["init", "hosts"]
tags: ["init", "hosts"]
- name: Create default directory
ansible.builtin.include_role:
name: "common"
tasks_from: "node/create_default_dir"
apply:
tags: ["init", "default_dir"]
tags: ["init", "default_dir"]
- name: Set ssh host
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_ssh_host"
apply:
tags: ["init", "ssh_host"]
tags: ["init", "ssh_host"]
- name: Set networkd
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_networkd"
apply:
tags: ["init", "networkd"]
tags: ["init", "networkd"]
- name: Set resolved
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_resolved"
apply:
tags: ["init", "resolved"]
tags: ["init", "resolved"]
- name: Update and upgrade apt
ansible.builtin.apt:
upgrade: "dist"
update_cache: true
cache_valid_time: 3600
become: true
tags: ["init", "site", "upgrade-packages"]
- name: Install common packages
ansible.builtin.apt:
name:
- "acl"
- "curl"
- "jq"
- "netcat-openbsd"
- "dbus-user-session"
state: "present"
become: true
tags: ["init", "site", "install-packages"]
- name: Set linger
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_linger"
apply:
tags: ["init", "linger"]
tags: ["init", "linger"]
- name: Set podman
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_podman"
apply:
tags: ["init", "podman"]
tags: ["init", "podman"]
- name: Set nftables
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_nftables"
apply:
tags: ["init", "nftables"]
tags: ["init", "nftables"]
- name: Set crowdsec
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_crowdsec"
apply:
tags: ["site", "crowdsec"]
tags: ["site", "crowdsec"]
- name: Set caddy
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_caddy"
apply:
tags: ["site", "caddy"]
tags: ["site", "caddy"]
- name: Set authelia
ansible.builtin.include_role:
name: "auth"
tasks_from: "services/set_authelia"
apply:
tags: ["site", "authelia"]
tags: ["site", "authelia"]
- name: Set alloy
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_alloy"
apply:
tags: ["site", "alloy"]
tags: ["site", "alloy"]

132
ansible/playbooks/console/site.yaml Normal file
View File

@@ -0,0 +1,132 @@
---
- name: Load secret values
hosts: "console"
gather_facts: false
become: false
tasks:
- name: Load secret from secrets.yaml
ansible.builtin.include_role:
name: "console"
tasks_from: "node/load_secret_vars"
apply:
tags: ["always"]
tags: ["always"]
- name: Site console
hosts: "console"
gather_facts: false
become: false
pre_tasks:
- name: Set become password
ansible.builtin.set_fact:
ansible_become_pass: "{{ hostvars['console']['sudo']['password']['console'] }}"
tags: ["always"]
tasks:
# init
- name: Set timezone to Asia/Seoul
community.general.timezone:
name: Asia/Seoul
become: true
tags: ["init", "timezone"]
- name: Deploy root_ca certificate
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_root_ca"
apply:
tags: ["init", "root_crt"]
tags: ["init", "root_crt"]
- name: Deploy hosts file
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_hosts"
apply:
tags: ["init", "hosts"]
tags: ["init", "hosts"]
- name: Create default directory
ansible.builtin.include_role:
name: "common"
tasks_from: "node/create_default_dir"
apply:
tags: ["init", "default_dir"]
tags: ["init", "default_dir"]
- name: Update and upgrade apt
ansible.builtin.apt:
upgrade: "dist"
update_cache: true
cache_valid_time: 3600
become: true
tags: ["init", "site", "upgrade-packages"]
- name: Set ssh client
ansible.builtin.include_role:
name: "console"
tasks_from: "node/set_ssh_client"
apply:
tags: ["init", "ssh_client"]
tags: ["init", "ssh_client"]
- name: Check file permissions
ansible.builtin.file:
path: "{{ node['workspace_path'] }}/{{ item }}"
state: "directory"
owner: "{{ ansible_user }}"
group: "svadmins"
mode: "u=rwX,g=,o="
recurse: true
loop:
- "homelab/ansible"
- "homelab/config"
- "homelab/docs"
- "university"
tags: ["init", "site", "file_permission"]
# kopia snashot is mounted on homelab/data/volumes.
# NEVER CHANGE permission and owners
- name: Download vm cloud-init
ansible.builtin.get_url:
url: "https://cdimage.debian.org/images/cloud/trixie/latest/debian-13-generic-amd64.qcow2"
dest: "{{ node['data_path'] }}/images/debian-13-generic-amd64.qcow2"
owner: "console"
group: "svadmins"
mode: "0600"
tags: ["init", "site", "cloud-init-image"]
- name: Install packages
ansible.builtin.apt:
name:
- "git"
- "gnupg"
- "acl"
- "curl"
- "jq"
- "cloud-image-utils"
- "logrotate"
- "nftables"
- "build-essential"
- "g++"
- "gcc"
- "fuse3"
state: "present"
become: true
tags: ["init", "site", "install-packages"]
- name: Install CLI tools
ansible.builtin.include_role:
name: "console"
tasks_from: "services/set_cli_tools"
apply:
tags: ["init", "site", "tools"]
tags: ["init", "site", "tools"]
- name: Install chromium with font
ansible.builtin.include_role:
name: "console"
tasks_from: "services/set_chromium"
apply:
tags: ["init", "site", "chromium"]
tags: ["init", "site", "chromium"]

190
ansible/playbooks/fw/site.yaml Normal file
View File

@@ -0,0 +1,190 @@
---
- name: Load secret values
hosts: "console"
gather_facts: false
become: false
tasks:
- name: Load secret from secrets.yaml
ansible.builtin.include_role:
name: "console"
tasks_from: "node/load_secret_vars"
apply:
tags: ["always"]
tags: ["always"]
- name: Site fw
hosts: "fw"
gather_facts: false
become: false
pre_tasks:
- name: Set become password
ansible.builtin.set_fact:
ansible_become_pass: "{{ hostvars['console']['sudo']['password']['fw'] }}"
tags: ["always"]
tasks:
- name: Set timezone to Asia/Seoul
community.general.timezone:
name: Asia/Seoul
become: true
tags: ["init", "timezone"]
- name: Deploy root_ca certificate
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_root_ca"
apply:
tags: ["init", "root_crt"]
tags: ["init", "root_crt"]
- name: Deploy hosts file
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_hosts"
apply:
tags: ["init", "hosts"]
tags: ["init", "hosts"]
- name: Create default directory
ansible.builtin.include_role:
name: "common"
tasks_from: "node/create_default_dir"
apply:
tags: ["init", "default_dir"]
tags: ["init", "default_dir"]
- name: Set ssh host
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_ssh_host"
apply:
tags: ["init", "ssh_host"]
tags: ["init", "ssh_host"]
- name: Set networkd
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_networkd"
apply:
tags: ["init", "networkd"]
tags: ["init", "networkd"]
- name: Set wireguard
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_wireguard"
apply:
tags: ["init", "wireguard"]
tags: ["init", "wireguard"]
- name: Set resolved
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_resolved"
apply:
tags: ["init", "resolved"]
tags: ["init", "resolved"]
- name: Update and upgrade apt
ansible.builtin.apt:
upgrade: "dist"
update_cache: true
cache_valid_time: 3600
become: true
tags: ["init", "site", "upgrade-packages"]
- name: Install common packages
ansible.builtin.apt:
name:
- "acl"
- "curl"
- "jq"
- "wireguard-tools"
- "dnsutils"
- "conntrack"
- "logrotate"
- "netcat-openbsd"
- "dbus-user-session"
state: "present"
become: true
tags: ["init", "site", "install-packages"]
- name: Set linger
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_linger"
apply:
tags: ["init", "linger"]
tags: ["init", "linger"]
- name: Set chrony
ansible.builtin.include_role:
name: "fw"
tasks_from: "services/set_chrony"
apply:
tags: ["init", "chrony"]
tags: ["init", "chrony"]
- name: Set ddns
ansible.builtin.include_role:
name: "fw"
tasks_from: "services/set_ddns"
apply:
tags: ["init", "ddns"]
tags: ["init", "ddns"]
- name: Set nftables
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_nftables"
apply:
tags: ["init", "site", "nftables"]
tags: ["init", "site", "nftables"]
- name: Set suricata
ansible.builtin.include_role:
name: "fw"
tasks_from: "services/set_suricata"
apply:
tags: ["site", "suricata"]
tags: ["site", "suricata"]
- name: Set crowdsec
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_crowdsec"
apply:
tags: ["site", "crowdsec"]
tags: ["site", "crowdsec"]
- name: Set bind
ansible.builtin.include_role:
name: "fw"
tasks_from: "services/set_bind"
apply:
tags: ["init", "update", "bind"]
tags: ["init", "update", "bind"]
- name: Set blocky
ansible.builtin.include_role:
name: "fw"
tasks_from: "services/set_blocky"
apply:
tags: ["site", "blocky"]
tags: ["site", "blocky"]
- name: Set kea
ansible.builtin.include_role:
name: "fw"
tasks_from: "services/set_kea"
apply:
tags: ["site", "kea"]
tags: ["site", "kea"]
- name: Set alloy
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_alloy"
apply:
tags: ["site", "alloy"]
tags: ["site", "alloy"]

210
ansible/playbooks/infra/site.yaml Normal file
View File

@@ -0,0 +1,210 @@
---
- name: Load secret values
hosts: "console"
gather_facts: false
become: false
tasks:
- name: Load secret from secrets.yaml
ansible.builtin.include_role:
name: "console"
tasks_from: "node/load_secret_vars"
apply:
tags: ["always"]
tags: ["always"]
- name: Site infra
hosts: infra
gather_facts: false
become: false
pre_tasks:
- name: Set become password
ansible.builtin.set_fact:
ansible_become_pass: "{{ hostvars['console']['sudo']['password']['infra'] }}"
tags: ["always"]
tasks:
- name: Set timezone to Asia/Seoul
community.general.timezone:
name: Asia/Seoul
become: true
tags: ["init", "timezone"]
- name: Deploy root_ca certificate
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_root_ca"
apply:
tags: ["init", "root_crt"]
tags: ["init", "root_crt"]
- name: Deploy hosts file
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_hosts"
apply:
tags: ["init", "hosts"]
tags: ["init", "hosts"]
- name: Create default directory
ansible.builtin.include_role:
name: "common"
tasks_from: "node/create_default_dir"
apply:
tags: ["init", "default_dir"]
tags: ["init", "default_dir"]
- name: Set ssh host
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_ssh_host"
apply:
tags: ["init", "ssh_host"]
tags: ["init", "ssh_host"]
- name: Set networkd
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_networkd"
apply:
tags: ["init", "networkd"]
tags: ["init", "networkd"]
- name: Set resolved
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_resolved"
apply:
tags: ["init", "resolved"]
tags: ["init", "resolved"]
- name: Update and upgrade apt
ansible.builtin.apt:
upgrade: "dist"
update_cache: true
cache_valid_time: 3600
become: true
tags: ["init", "site", "upgrade-packages"]
- name: Install common packages
ansible.builtin.apt:
name:
- "acl"
- "curl"
- "jq"
- "netcat-openbsd"
- "dbus-user-session"
state: "present"
become: true
tags: ["init", "site", "install-packages"]
- name: Set linger
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_linger"
apply:
tags: ["init", "linger"]
tags: ["init", "linger"]
- name: Set podman
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_podman"
apply:
tags: ["init", "podman"]
tags: ["init", "podman"]
- name: Set nftables
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_nftables"
apply:
tags: ["init", "nftables"]
tags: ["init", "nftables"]
- name: Set crowdsec
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_crowdsec"
apply:
tags: ["site", "crowdsec"]
tags: ["site", "crowdsec"]
- name: Set ca
ansible.builtin.include_role:
name: "infra"
tasks_from: "services/set_ca_server"
apply:
tags: ["site", "ca"]
tags: ["site", "ca"]
- name: Set postgresql
ansible.builtin.include_role:
name: "infra"
tasks_from: "services/set_postgresql"
apply:
tags: ["site", "postgresql"]
tags: ["site", "postgresql"]
- name: Set caddy
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_caddy"
apply:
tags: ["site", "caddy"]
tags: ["site", "caddy"]
- name: Set ldap
ansible.builtin.include_role:
name: "infra"
tasks_from: "services/set_ldap"
apply:
tags: ["site", "ldap"]
tags: ["site", "ldap"]
- name: Set x509 exporter
ansible.builtin.include_role:
name: "infra"
tasks_from: "services/set_x509-exporter"
apply:
tags: ["site", "x509-exporter"]
tags: ["site", "x509-exporter"]
- name: Set prometheus
ansible.builtin.include_role:
name: "infra"
tasks_from: "services/set_prometheus"
apply:
tags: ["site", "prometheus"]
tags: ["site", "prometheus"]
- name: Set loki
ansible.builtin.include_role:
name: "infra"
tasks_from: "services/set_loki"
apply:
tags: ["site", "loki"]
tags: ["site", "loki"]
- name: Set alloy
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_alloy"
apply:
tags: ["site", "alloy"]
tags: ["site", "alloy"]
- name: Set grafana
ansible.builtin.include_role:
name: "infra"
tasks_from: "services/set_grafana"
apply:
tags: ["site", "grafana"]
tags: ["site", "grafana"]
- name: Set kopia
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_kopia"
apply:
tags: ["site", "kopia"]
tags: ["site", "kopia"]

61
ansible/playbooks/vmm/create_vm.yaml Normal file
View File

@@ -0,0 +1,61 @@
---
- name: Load secret values
hosts: "console"
gather_facts: false
become: false
tasks:
- name: Load secret from secrets.yaml
ansible.builtin.include_role:
name: "console"
tasks_from: "node/load_secret_vars"
apply:
tags: ["always"]
tags: ["always"]
- name: Create vm
hosts: vmm_init
gather_facts: false
become: false
vars:
valid_vm_names:
- "fw"
- "infra"
- "auth"
- "app"
tasks:
- name: Set vm name depends on tags
ansible.builtin.set_fact:
target_vm: "{{ ansible_run_tags[0] }}"
when: (ansible_run_tags | length) == 1
- name: Check VM name
ansible.builtin.fail:
msg: "invalid vm name. vm name should be included in \"{{ valid_vm_names | join(', ') }}\""
when: (target_vm | default("none")) not in valid_vm_names
- name: Set become password
ansible.builtin.set_fact:
ansible_become_pass: "{{ hostvars['console']['sudo']['password']['vmm'] }}"
- name: Create seed file
ansible.builtin.include_role:
name: "vmm"
tasks_from: "vm/create_seed"
apply:
delegate_to: "console"
tags: ["always"]
- name: Deploy vm init files
ansible.builtin.include_role:
name: "vmm"
tasks_from: "vm/deploy_vm_init"
apply:
tags: ["always"]
- name: Register vm
ansible.builtin.include_role:
name: "vmm"
tasks_from: "vm/register_vm"
apply:
tags: ["always"]
tags: ["always"]

165
ansible/playbooks/vmm/site.yaml Normal file
View File

@@ -0,0 +1,165 @@
---
- name: Set host and load secret values
hosts: "console"
gather_facts: false
become: false
tasks:
- name: Set host as vmm
ansible.builtin.set_fact:
vmm_host: "vmm"
when: "'init' is not in ansible_run_tags"
tags: ["always"]
- name: Load secret from secrets.yaml
ansible.builtin.include_role:
name: "console"
tasks_from: "node/load_secret_vars"
apply:
tags: ["always"]
tags: ["always"]
- name: Site vmm
hosts: "{{ hostvars['console']['vmm_host'] | default('vmm_init') }}"
gather_facts: false
become: false
pre_tasks:
- name: Set become password
ansible.builtin.set_fact:
ansible_become_pass: "{{ hostvars['console']['sudo']['password']['vmm'] }}"
tags: ["always"]
tasks:
# init
- name: Set timezone to Asia/Seoul
community.general.timezone:
name: Asia/Seoul
become: true
tags: ["init", "timezone"]
- name: Deploy root_ca certificate
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_root_ca"
apply:
tags: ["init", "root_crt"]
tags: ["init", "root_crt"]
- name: Deploy hosts file
ansible.builtin.include_role:
name: "common"
tasks_from: "node/deploy_hosts"
apply:
tags: ["init", "hosts"]
tags: ["init", "hosts"]
- name: Create default directory
ansible.builtin.include_role:
name: "common"
tasks_from: "node/create_default_dir"
apply:
tags: ["init", "default_dir"]
tags: ["init", "default_dir"]
- name: Set ssh host
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_ssh_host"
apply:
tags: ["init", "ssh_host"]
tags: ["init", "ssh_host"]
- name: Set networkd
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_networkd"
apply:
tags: ["init", "networkd"]
tags: ["init", "networkd"]
- name: Set resolved
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_resolved"
apply:
tags: ["init", "resolved"]
tags: ["init", "resolved"]
- name: Set timesyncd
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_timesyncd"
apply:
tags: ["init", "timesyncd"]
tags: ["init", "timesyncd"]
- name: Set linger # vmm has dbus-user-session in it
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_linger"
apply:
tags: ["init", "linger"]
tags: ["init", "linger"]
- name: Set libvirt
ansible.builtin.include_role:
name: "vmm"
tasks_from: "node/set_libvirt"
apply:
tags: ["init", "libvirt"]
tags: ["init", "libvirt"]
- name: Set nftables
ansible.builtin.include_role:
name: "common"
tasks_from: "node/set_nftables"
apply:
tags: ["init", "site", "nftables"]
tags: ["init", "site", "nftables"]
- name: Update and upgrade apt # init roles has no internet (airgap statement)
ansible.builtin.apt:
update_cache: true
upgrade: "dist"
cache_valid_time: 3600
when: inventory_hostname != "vmm_init"
become: true
tags: ["site", "upgrade-packages"]
- name: Set crowdsec
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_crowdsec"
apply:
tags: ["site", "crowdsec"]
when: inventory_hostname != "vmm_init"
tags: ["site", "crowdsec"]
- name: Set alloy
ansible.builtin.include_role:
name: "common"
tasks_from: "services/set_alloy"
apply:
tags: ["site", "alloy"]
when: inventory_hostname != "vmm_init"
tags: ["site", "alloy"]
- name: Install packages # they are already installed in prerequisite step
ansible.builtin.apt:
name:
- acl
- curl
- jq
- crowdsec
- systemd-resolved
- qemu-system-x86
- ksmtuned
- libvirt-daemon-system
- virt-top
- python3
- python3-apt
- python3-libvirt
- python3-lxml
state: "present"
become: true
when: "'init' is not in ansible_run_tags"
tags: ["never", "install-packages"]