No description
Find a file
2024-07-31 23:53:00 +02:00
debug fix singularity 2020-03-14 14:46:51 +01:00
keys second commit 2020-03-14 00:10:06 +01:00
repo added docker-host 2022-08-18 10:05:24 +02:00
roles added support for docker-compose on aarch64 2022-12-27 23:36:33 +01:00
common.yml disabled systemd_detect_virt due to issues 2024-07-31 23:53:00 +02:00
docker.yml fixed local execution 2021-10-03 01:56:44 +02:00
docker_host.yml added docker-host 2022-08-18 10:05:24 +02:00
hosts first commit 2020-03-13 20:05:35 +01:00
lldp.yml fixed local execution 2021-10-03 01:56:47 +02:00
README.md Update 'README.md' 2024-02-11 15:55:12 +01:00
singularity.yml fixed local execution 2021-10-03 01:56:50 +02:00
telegraf.yml fixed local execution 2021-10-03 01:56:54 +02:00
tincvpn.yml fixed local execution 2021-10-03 01:56:57 +02:00
to_add.txt second commit 2020-03-14 00:10:06 +01:00
tor.yml fixed local execution 2021-10-03 01:56:59 +02:00
transmission.yml fixed local execution 2021-10-03 01:57:02 +02:00
variables.yml updated docker-compose to fetch latest version without specifying which one 2022-08-14 11:37:19 +02:00

Table of contents

NOTA BENE

I've tested the playbooks on:

  • Debian 9
  • Debian 10
  • Debian 11 (everything)
  • Debian 12
  • Ubuntu 20.04
  • Ubuntu 22.04 (common,docker_host)
  • Centos 7 (almost everything)

I've started converting the roles to distinguish between OSes but it's incomplete.

I'ts being tested also on LXC containers and I've added a skip of sysctl tasks when in a container. You can check the case by using: systemd-detect-virt none: baremetal kvm: vm (on Proxmox) lxc: container (on Proxmox)

Prerequisites

install ansible: apt-get install -y ansible

add hosts lines to ansible: echo "[thismachine]" >> /etc/ansible/hosts echo "127.0.0.1" >> /etc/ansible/hosts

Setup

you have to change at least 2 variables:

  • users
  • hostname

which by default are set to "CHANGEME" anche the playbook is set to fail if these are set to CHANGEME

insert your user in: variables.yml in the list: users: goofy and their ssh keys in the folder keys in form of filename: goofy.key.pub and format: ssh-rsa [/CUT] user@host

insert your hostname in variables.yml in the variable: hostname:

Run defaults

ansible-playbook common.yml

or if you are running as non-root:

sudo ansible-playbook common.yml

this playbok will:

  • check if the variables are set
  • change the hostname to the one that has been set in the variables
  • set the timezone to the one in the variables (default: Europe/Rome)
  • update repositories
  • install base packages
  • retrieve the main network interface (the one that is associated with the default gateway)
  • iptables:
    • create the users defined in the variables with the keys
    • create basic ipv4 rules
    • create blocking ipv6 rules
    • apply said rules in iptables-persistent
  • fix bashrc how I like it
  • harden ssh

Run optionals

  • docker.yml
    • installs docker-ce and docker-compose (variable in variables.yml for latest of docker-compose)
  • lldp.yml
    • installs and enables LLDP
  • telegraf.yml
  • tincvpn.yml
  • transmission.yml
  • singularity.yml
    • installs go and builds and installs singularity
  • tor.yml
    • installs tor base from tor repo

Versions

Git push

git add --all
git commit -m "added things to readme"
git push -u origin master

or: git add --all && git commit -m "message" && git push -u origin master

TODO

  • fix the installation that is only for deb systems in common.yml
  • test on centos