aboutsummaryrefslogtreecommitdiff
path: root/os/config/roles/common/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'os/config/roles/common/tasks')
-rw-r--r--os/config/roles/common/tasks/docker.yml75
-rw-r--r--os/config/roles/common/tasks/hashicorp.yml24
-rw-r--r--os/config/roles/common/tasks/main.yml78
3 files changed, 155 insertions, 22 deletions
diff --git a/os/config/roles/common/tasks/docker.yml b/os/config/roles/common/tasks/docker.yml
new file mode 100644
index 0000000..a688f4b
--- /dev/null
+++ b/os/config/roles/common/tasks/docker.yml
@@ -0,0 +1,75 @@
+# From the official Docker installation guide for Debian:
+# https://docs.docker.com/engine/install/debian/
+
+# Uninstall old Docker versions
+# $ sudo apt-get remove docker docker-engine docker.io containerd runc
+- name: "Remove old Docker versions"
+ ansible.builtin.apt:
+ state: absent
+ name:
+ - docker
+ - docker-engine
+ - docker.io
+ - containerd
+ - runc
+
+# Install dependencies
+# > apt-transport-https ca-certificates curl gnupg lsb-release
+- name: "Install Docker dependencies"
+ ansible.builtin.apt:
+ state: present
+ name:
+ - apt-transport-https
+ - ca-certificates
+ # - curl # Already installed in main.yml
+ - gnupg
+ - lsb-release
+
+# Dowload Docker's official GPG key
+# $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+- name: "Add Docker's official GPG key to apt"
+ ansible.builtin.apt_key:
+ id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+ url: https://download.docker.com/linux/debian/gpg
+ # Key destination path
+ keyring: /usr/share/keyrings/docker-archive-keyring.gpg
+ state: present
+
+
+# Add Docker's repository to apt
+# $ echo \
+# "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
+# $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+- name: "Add Docker's repository to APT sources list"
+ ansible.builtin.apt_repository:
+ repo: "deb [arch={{ architecture_map[ansible_architecture] }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+ state: present
+ vars:
+ architecture_map:
+ "x86_64": "amd64"
+ "aarch64": "arm64"
+ "aarch": "arm64"
+ "armhf": "armhf"
+ "armv7l": "armhf"
+
+# Install Docker engine
+# $ sudo apt-get update
+# $ sudo apt-get install docker-ce docker-ce-cli containerd.io
+- name: "Install Docker engine"
+ ansible.builtin.apt:
+ state: present
+ update_cache: yes
+ name:
+ - docker-ce
+ - docker-ce-cli
+ - containerd.io
+
+# Install docker-compose
+# $ sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+- name: "Install Docker Compose"
+ ansible.builtin.get_url:
+ url: "https://github.com/docker/compose/releases/download/{{ compose_version }}/docker-compose-{{ ansible_system }}-{{ ansible_architecture }}"
+ dest: /usr/local/bin/docker-compose
+ mode: "0755"
+ vars:
+ compose_version: 1.28.5 \ No newline at end of file
diff --git a/os/config/roles/common/tasks/hashicorp.yml b/os/config/roles/common/tasks/hashicorp.yml
new file mode 100644
index 0000000..9cf647b
--- /dev/null
+++ b/os/config/roles/common/tasks/hashicorp.yml
@@ -0,0 +1,24 @@
+- name: "Add Hashicorps's official GPG key to apt"
+ ansible.builtin.apt_key:
+ url: https://apt.releases.hashicorp.com/gpg
+ state: present
+
+- name: "Add Hashicorp's repository to APT sources list"
+ ansible.builtin.apt_repository:
+ repo: "deb [arch={{ architecture_map[ansible_architecture] }}] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main"
+ state: present
+ vars:
+ architecture_map:
+ "x86_64": "amd64"
+ "aarch64": "arm64"
+ "aarch": "arm64"
+ "armhf": "armhf"
+ "armv7l": "armhf"
+
+- name: "Install Nomad & Consul"
+ ansible.builtin.apt:
+ state: present
+ update_cache: yes
+ name:
+ - nomad
+ - consul \ No newline at end of file
diff --git a/os/config/roles/common/tasks/main.yml b/os/config/roles/common/tasks/main.yml
index 3898c8f..37cad52 100644
--- a/os/config/roles/common/tasks/main.yml
+++ b/os/config/roles/common/tasks/main.yml
@@ -15,39 +15,73 @@
- name: "Install base tools"
apt:
name:
- - vim
- - htop
- - screen
- - iptables
- - iptables-persistent
- - nftables
- - iproute2
+ # Essentials
- curl
- - iputils-ping
- - dnsutils
+ - less
+ - sudo
+ - tar
+ - unzip
+ # User tooling
+ - screen
+ - vim
+ # Monitoring
- bmon
+ - htop
- iftop
- iotop
- - docker.io
- - unzip
- - tar
- - tcpdump
- - less
- - parted
- - btrfs-tools
- - libnss-resolve
- - net-tools
+ - iputils-ping
+ - pciutils
- strace
- - sudo
+ - tcpdump
+ # Networking
+ - dnsutils # now called bind9-dnsutils
- ethtool
- - pciutils
+ - iproute2 # advanced net-tools
+ - iptables # legacy firewall (still used by diplonat)
+ - iptables-persistent
+ - net-tools # basic network tools
+ - nftables # iptables' successor (will replace it eventually)
+ # Optional / Dispensable
+ #- docker.io # Adrien n'approuve pas (il faut utiliser le repo Docker)
+ - parted
+ #- btrfs-tools
+ #- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved
state: present
+# Install Docker if need be
+
+- name: Check if Docker is installed
+ command: 'which docker'
+ args:
+ warn: no
+ register: docker_exists
+ changed_when: docker_exists.rc != 0
+ ignore_errors: true
+
+- name: "Install Docker"
+ include_tasks: docker.yml
+ when: docker_exists.rc != 0
+
+# Install Nomad & Consul if need be
+
+- name: Check if Nomad is installed
+ command: 'which nomad'
+ args:
+ warn: no
+ register: nomad_exists
+ changed_when: nomad_exists.rc != 0
+ ignore_errors: true
+
+- name: "Install Nomad & Consul"
+ include_tasks: hashicorp.yml
+ when: nomad_exists.rc != 0
+
+
+
- name: "Passwordless sudo"
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
- validate: 'visudo -cf %s'
-
+ validate: 'visudo -cf %s' \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 16:46:29 +0000