diff options
Diffstat (limited to 'os/config/roles/common/tasks')
-rw-r--r-- | os/config/roles/common/tasks/docker.yml | 75 | ||||
-rw-r--r-- | os/config/roles/common/tasks/hashicorp.yml | 24 | ||||
-rw-r--r-- | os/config/roles/common/tasks/main.yml | 78 |
3 files changed, 155 insertions, 22 deletions
diff --git a/os/config/roles/common/tasks/docker.yml b/os/config/roles/common/tasks/docker.yml new file mode 100644 index 0000000..a688f4b --- /dev/null +++ b/os/config/roles/common/tasks/docker.yml @@ -0,0 +1,75 @@ +# From the official Docker installation guide for Debian: +# https://docs.docker.com/engine/install/debian/ + +# Uninstall old Docker versions +# $ sudo apt-get remove docker docker-engine docker.io containerd runc +- name: "Remove old Docker versions" + ansible.builtin.apt: + state: absent + name: + - docker + - docker-engine + - docker.io + - containerd + - runc + +# Install dependencies +# > apt-transport-https ca-certificates curl gnupg lsb-release +- name: "Install Docker dependencies" + ansible.builtin.apt: + state: present + name: + - apt-transport-https + - ca-certificates + # - curl # Already installed in main.yml + - gnupg + - lsb-release + +# Dowload Docker's official GPG key +# $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg +- name: "Add Docker's official GPG key to apt" + ansible.builtin.apt_key: + id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 + url: https://download.docker.com/linux/debian/gpg + # Key destination path + keyring: /usr/share/keyrings/docker-archive-keyring.gpg + state: present + + +# Add Docker's repository to apt +# $ echo \ +# "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ +# $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +- name: "Add Docker's repository to APT sources list" + ansible.builtin.apt_repository: + repo: "deb [arch={{ architecture_map[ansible_architecture] }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" + state: present + vars: + architecture_map: + "x86_64": "amd64" + "aarch64": "arm64" + "aarch": "arm64" + "armhf": "armhf" + "armv7l": "armhf" + +# Install Docker engine +# $ sudo apt-get update +# $ sudo apt-get install docker-ce docker-ce-cli containerd.io +- name: "Install Docker engine" + ansible.builtin.apt: + state: present + update_cache: yes + name: + - docker-ce + - docker-ce-cli + - containerd.io + +# Install docker-compose +# $ sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose +- name: "Install Docker Compose" + ansible.builtin.get_url: + url: "https://github.com/docker/compose/releases/download/{{ compose_version }}/docker-compose-{{ ansible_system }}-{{ ansible_architecture }}" + dest: /usr/local/bin/docker-compose + mode: "0755" + vars: + compose_version: 1.28.5
\ No newline at end of file diff --git a/os/config/roles/common/tasks/hashicorp.yml b/os/config/roles/common/tasks/hashicorp.yml new file mode 100644 index 0000000..9cf647b --- /dev/null +++ b/os/config/roles/common/tasks/hashicorp.yml @@ -0,0 +1,24 @@ +- name: "Add Hashicorps's official GPG key to apt" + ansible.builtin.apt_key: + url: https://apt.releases.hashicorp.com/gpg + state: present + +- name: "Add Hashicorp's repository to APT sources list" + ansible.builtin.apt_repository: + repo: "deb [arch={{ architecture_map[ansible_architecture] }}] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main" + state: present + vars: + architecture_map: + "x86_64": "amd64" + "aarch64": "arm64" + "aarch": "arm64" + "armhf": "armhf" + "armv7l": "armhf" + +- name: "Install Nomad & Consul" + ansible.builtin.apt: + state: present + update_cache: yes + name: + - nomad + - consul
\ No newline at end of file diff --git a/os/config/roles/common/tasks/main.yml b/os/config/roles/common/tasks/main.yml index 3898c8f..37cad52 100644 --- a/os/config/roles/common/tasks/main.yml +++ b/os/config/roles/common/tasks/main.yml @@ -15,39 +15,73 @@ - name: "Install base tools" apt: name: - - vim - - htop - - screen - - iptables - - iptables-persistent - - nftables - - iproute2 + # Essentials - curl - - iputils-ping - - dnsutils + - less + - sudo + - tar + - unzip + # User tooling + - screen + - vim + # Monitoring - bmon + - htop - iftop - iotop - - docker.io - - unzip - - tar - - tcpdump - - less - - parted - - btrfs-tools - - libnss-resolve - - net-tools + - iputils-ping + - pciutils - strace - - sudo + - tcpdump + # Networking + - dnsutils # now called bind9-dnsutils - ethtool - - pciutils + - iproute2 # advanced net-tools + - iptables # legacy firewall (still used by diplonat) + - iptables-persistent + - net-tools # basic network tools + - nftables # iptables' successor (will replace it eventually) + # Optional / Dispensable + #- docker.io # Adrien n'approuve pas (il faut utiliser le repo Docker) + - parted + #- btrfs-tools + #- libnss-resolve # provides DNS/LLMNR utilities via systemd-resolved state: present +# Install Docker if need be + +- name: Check if Docker is installed + command: 'which docker' + args: + warn: no + register: docker_exists + changed_when: docker_exists.rc != 0 + ignore_errors: true + +- name: "Install Docker" + include_tasks: docker.yml + when: docker_exists.rc != 0 + +# Install Nomad & Consul if need be + +- name: Check if Nomad is installed + command: 'which nomad' + args: + warn: no + register: nomad_exists + changed_when: nomad_exists.rc != 0 + ignore_errors: true + +- name: "Install Nomad & Consul" + include_tasks: hashicorp.yml + when: nomad_exists.rc != 0 + + + - name: "Passwordless sudo" lineinfile: path: /etc/sudoers state: present regexp: '^%sudo' line: '%sudo ALL=(ALL) NOPASSWD: ALL' - validate: 'visudo -cf %s' - + validate: 'visudo -cf %s'
\ No newline at end of file |