first commit

.gitignore

@@ -0,0 +1,4 @@
+.DS_Store
+roles_galaxy
+collections_galaxy
+ansible_loc.log

ansible.cfg

@@ -0,0 +1,29 @@
+[defaults]
+inventory=inventory
+roles_path=./roles_galaxy:../roles
+collections_path=./collections_galaxy:./collections_galaxy/ansible_collections
+log_path=./ansible_loc.log
+timeout=30
+hash_behaviour = merge
+forks=8
+#mitogen for ansible2.10+
+#strategy_plugins = ~/mitogen/mitogen-0.3.21/ansible_mitogen/plugins/strategy/
+#strategy = mitogen_linear
+#display_skipped_hosts = False
+#display_ok_hosts = False
+
+
+[privilege_escalation]
+become=True
+become_method=sudo
+become_user=root
+become_ask_pass=False
+
+[ssh_connection]
+ssh_args=-F ./ssh.cfg -o ControlMaster=auto -o ControlPersist=30s
+control_path = /tmp/ansible-%%r@%%h:%%p-%%n
+scp_if_ssh=True
+
+[inventory]
+enable_plugins = ini
+ignore_unknown_plugins = True

group_vars/all/vars.yml

@@ -0,0 +1,7 @@
+base_users:
+  - name: "reaper"
+    groups: "sudo,docker"
+    group: "reaper"
+    ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMudcsD9pqea/4Gv6PkwtzoDck9MHRkYKEc8hfTvtBAc"
+    password: "$y$j9T$o1x4cPajXw.XUxo/UjlxD1$Wq4hI6kkuq4D5WR4jzGr12Easn0rO1E8TCNYcJGnZy6"
+    settings: ""

host_vars/cm3588.yml

@@ -0,0 +1,19 @@
+---
+network_interfaces:
+  eth0:
+    address: "192.168.8.2/24"
+    gateway: "192.168.8.1"
+
+specific_packages:
+  - zfsutils-linux
+
+omz_install_zsh: true
+omz_zsh_theme: "clean"
+
+base_users_sshd_listen_address: "192.168.8.2"
+
+ip_before_reboot: "192.168.8.242"
+
+restart_host: true
+
+networking_restart_allow: true

inventory

@@ -0,0 +1,2 @@
+[storage]
+cm3588

prepare.yml

@@ -0,0 +1,113 @@
+- name: install kernel headers
+  hosts: storage
+  vars:
+    ansible_ssh_user: pi
+    ansible_sudo_pass: pi
+    ansible_ssh_pass: pi
+    ansible_host: "{{ ip_before_reboot }}"
+  tasks:
+    - name: install package
+      ansible.builtin.apt:
+        deb: /opt/archives/linux-headers-6.1.141_6.1.141-16_arm64.deb
+
+- hosts: storage
+  vars:
+    ansible_ssh_user: pi
+    ansible_sudo_pass: pi
+    ansible_ssh_pass: pi
+    ansible_host: "{{ ip_before_reboot }}"
+  roles:
+    - role: dns
+      tags: dns
+    - role: network_interfaces
+      tags: network_interfaces, network
+    - role: base
+      tags: base
+    - role: chrony
+    - role: ansible-role-docker
+      tags: docker
+    - role: base_users
+      tags: users, auth
+
+- name: install oh-my-zsh and delete user pi
+  hosts: storage
+  tasks:
+    - name: "Run ansible-role-oh-my-zsh"
+      include_role:
+        name: "ansible-role-oh-my-zsh"
+      vars:
+        omz_user: "{{ item }}"
+      with_items: "{{ base_users }}"
+    - name: "Deactivate user pi"
+      ansible.builtin.user:
+        name: "pi"
+        shell: "/bin/false"
+        groups: "nogroup"
+
+# - name: deploy nftables Debian
+#   hosts: storage
+#   roles:
+#     - role: base_nftables
+#       tags: [ base_nftables, nft ]
+
+- name: override logrotate timer schedule
+  hosts: storage
+  tags: logrotate_timer
+  tasks:
+    - name: Create the directory if it does not exist
+      file:
+        path: /etc/systemd/system/logrotate.timer.d
+        state: directory
+        mode: '0755'
+        owner: root
+        group: root
+    - name: Copy logrotate.timer
+      copy:
+        dest: /etc/systemd/system/logrotate.timer.d/override.conf
+        content: |
+          [Timer]
+          OnCalendar=hourly
+          AccuracySec=1m
+        mode: '0755'
+        owner: root
+        group: root
+    - name: Restart logrotate.timer
+      systemd:
+        name: logrotate.timer
+        daemon_reload: true
+
+# - name: "Mount new /var/log and move logs"
+#   hosts: storage
+#   tags: [ mount, logs ]
+#   roles:
+#     - role: mount
+#       device: "{{ default.log_mount.device }}"
+#       fstype: "{{ default.log_mount.fstype }}"
+#       mountpoint: "{{ default.log_mount.mountpoint }}"
+#       when: has_var_log_mount
+#   tasks:
+#     - name: "Check if /var/log/journal exists"
+#       stat:
+#         path: /var/log/journal
+#       register: _var_log_stat
+#       when: has_var_log_mount
+
+#     - name: "Move logs to new directory"
+#       when:
+#        - has_var_log_mount
+#        - _var_log_stat.stat.isdir is not defined or not _var_log_stat.stat.isdir
+#       block:
+#         - name: "Mount original rootfs and move files"
+#           shell: "mkdir /tmp/mnt-rootfs && mount --bind / /tmp/mnt-rootfs && mv /tmp/mnt-rootfs/var/log/* /var/log/ && umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"
+#       rescue:
+#         - name: "Unmount rootfs"
+#           shell: "umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"
+
+# - name: install victoria exporters
+#   hosts: storage
+#   gather_facts: yes
+#   roles:
+#   - role: cadvisor
+#     tags:
+#       - monitoring
+#       - cadvisor

requirements.yml

@@ -0,0 +1,24 @@
+roles:
+# Prepare
+  - src: git+ssh://git@gitlab.com/nikitsim_roles/base_nftables.git
+    name: base_nftables
+  - src: git+ssh://git@gitlab.com/nikitsim_roles/base.git
+    name: base
+  - src: git+ssh://git@gitlab.com/nikitsim_roles/base_users.git
+    name: base_users
+  - src: https://github.com/ctorgalson/ansible-role-oh-my-zsh.git
+    name: ansible-role-oh-my-zsh
+  - src: git+ssh://git@gitlab.com/nikitsim_roles/dns.git
+    name: dns
+  - src: git+ssh://git@gitlab.com/nikitsim_roles/chrony.git
+    name: chrony
+  - src: git+ssh://git@gitlab.com/nikitsim_roles/mount.git
+    name: mount
+  - src: git+ssh://git@gitlab.com/nikitsim_roles/network_interfaces.git
+    name: network_interfaces
+  - src: https://github.com/geerlingguy/ansible-role-docker.git
+    name: ansible-role-docker
+
+collections:
+# Prepare
+  - name: community.general

ssh.cfg

@@ -0,0 +1,3 @@
+Host cm3588
+    User reaper
+    Hostname 192.168.8.2