113 lines
3.0 KiB
YAML
113 lines
3.0 KiB
YAML
- name: install kernel headers
|
|
hosts: storage
|
|
vars:
|
|
ansible_ssh_user: pi
|
|
ansible_sudo_pass: pi
|
|
ansible_ssh_pass: pi
|
|
ansible_host: "{{ ip_before_reboot }}"
|
|
tasks:
|
|
- name: install package
|
|
ansible.builtin.apt:
|
|
deb: /opt/archives/linux-headers-6.1.141_6.1.141-16_arm64.deb
|
|
|
|
- hosts: storage
|
|
vars:
|
|
ansible_ssh_user: pi
|
|
ansible_sudo_pass: pi
|
|
ansible_ssh_pass: pi
|
|
ansible_host: "{{ ip_before_reboot }}"
|
|
roles:
|
|
- role: dns
|
|
tags: dns
|
|
- role: network_interfaces
|
|
tags: network_interfaces, network
|
|
- role: base
|
|
tags: base
|
|
- role: chrony
|
|
- role: ansible-role-docker
|
|
tags: docker
|
|
- role: base_users
|
|
tags: users, auth
|
|
|
|
- name: install oh-my-zsh and delete user pi
|
|
hosts: storage
|
|
tasks:
|
|
- name: "Run ansible-role-oh-my-zsh"
|
|
include_role:
|
|
name: "ansible-role-oh-my-zsh"
|
|
vars:
|
|
omz_user: "{{ item }}"
|
|
with_items: "{{ base_users }}"
|
|
- name: "Deactivate user pi"
|
|
ansible.builtin.user:
|
|
name: "pi"
|
|
shell: "/bin/false"
|
|
groups: "nogroup"
|
|
|
|
# - name: deploy nftables Debian
|
|
# hosts: storage
|
|
# roles:
|
|
# - role: base_nftables
|
|
# tags: [ base_nftables, nft ]
|
|
|
|
- name: override logrotate timer schedule
|
|
hosts: storage
|
|
tags: logrotate_timer
|
|
tasks:
|
|
- name: Create the directory if it does not exist
|
|
file:
|
|
path: /etc/systemd/system/logrotate.timer.d
|
|
state: directory
|
|
mode: '0755'
|
|
owner: root
|
|
group: root
|
|
- name: Copy logrotate.timer
|
|
copy:
|
|
dest: /etc/systemd/system/logrotate.timer.d/override.conf
|
|
content: |
|
|
[Timer]
|
|
OnCalendar=hourly
|
|
AccuracySec=1m
|
|
mode: '0755'
|
|
owner: root
|
|
group: root
|
|
- name: Restart logrotate.timer
|
|
systemd:
|
|
name: logrotate.timer
|
|
daemon_reload: true
|
|
|
|
# - name: "Mount new /var/log and move logs"
|
|
# hosts: storage
|
|
# tags: [ mount, logs ]
|
|
# roles:
|
|
# - role: mount
|
|
# device: "{{ default.log_mount.device }}"
|
|
# fstype: "{{ default.log_mount.fstype }}"
|
|
# mountpoint: "{{ default.log_mount.mountpoint }}"
|
|
# when: has_var_log_mount
|
|
# tasks:
|
|
# - name: "Check if /var/log/journal exists"
|
|
# stat:
|
|
# path: /var/log/journal
|
|
# register: _var_log_stat
|
|
# when: has_var_log_mount
|
|
|
|
# - name: "Move logs to new directory"
|
|
# when:
|
|
# - has_var_log_mount
|
|
# - _var_log_stat.stat.isdir is not defined or not _var_log_stat.stat.isdir
|
|
# block:
|
|
# - name: "Mount original rootfs and move files"
|
|
# shell: "mkdir /tmp/mnt-rootfs && mount --bind / /tmp/mnt-rootfs && mv /tmp/mnt-rootfs/var/log/* /var/log/ && umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"
|
|
# rescue:
|
|
# - name: "Unmount rootfs"
|
|
# shell: "umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"
|
|
|
|
# - name: install victoria exporters
|
|
# hosts: storage
|
|
# gather_facts: yes
|
|
# roles:
|
|
# - role: cadvisor
|
|
# tags:
|
|
# - monitoring
|
|
# - cadvisor |