Initial Commit

ansible/.gitignore

@@ -0,0 +1,2 @@
+roles/
+.env

ansible/ansible.cfg

@@ -0,0 +1,21 @@
+[defaults]
+inventory = inventory/hosts.ini
+deprecation_warnings = False
+host_key_checking = False
+interpreter_python = auto_silent
+pipelining = True
+display_args_to_stdout = True
+remote_user = root
+forks = 10
+roles_path = ./roles:~/.ansible/roles:/usr/share/ansible/roles
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root
+become_ask_pass = False
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s
+
+

ansible/ghshr.yml

@@ -0,0 +1,24 @@
+---
+- name: Prepare all servers
+  hosts: all
+  become: true
+  
+  pre_tasks:      
+    - name: Setup base system
+      import_tasks: tasks/base.yml
+      tags: base_setup
+  
+  tasks:
+    - name: Create ghshr folders
+      file:
+        path: "/opt/actions-runner"
+        state: directory
+    
+    - name: Download ans extract the GitHub Actions Runner
+      ansible.builtin.unarchive:
+        src: https://github.com/actions/runner/releases/download/v2.328.0/actions-runner-linux-x64-2.328.0.tar.gz
+        dest: /opt/actions-runner
+        remote_src: yes
+
+
+      

ansible/group_vars/all.yml

@@ -0,0 +1,14 @@
+---
+install_packages:
+  - apt-transport-https
+  - ca-certificates
+  - curl
+  - gnupg
+  - lsb-release
+  - vim
+  - git
+  - htop
+  - jq
+  - mc
+  - net-tools
+  - unattended-upgrades

ansible/inventory/hosts.ini

@@ -0,0 +1,3 @@
+[ghshr]
+ghshr.comprofix.xyz
+

ansible/main.yml

@@ -0,0 +1,3 @@
+---
+- import_playbook: ghshr.yml
+

ansible/tasks/base.yml

@@ -0,0 +1,53 @@
+---
+- name: Ensure debian-archive-keyring is installed
+  apt:
+    name: debian-archive-keyring
+    state: present
+    update_cache: yes
+  become: yes
+
+- name: Update APT cache
+  apt:
+    update_cache: yes
+    force_apt_get: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+
+- name: Upgrade all installed packages to latest
+  apt:
+    name: "*"
+    state: latest
+    force_apt_get: yes
+  become: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+
+- name: Dist-upgrade packages (handle removals and replacements)
+  apt:
+    upgrade: dist
+    force_apt_get: yes
+  become: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+
+- name: Install required packages
+  apt:
+    name: "{{ install_packages }}"
+    state: present
+  become: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+  register: apt_result
+
+- name: Find all EXTERNALLY-MANAGED files under /usr/lib/python*
+  find:
+    paths: /usr/lib
+    patterns: "EXTERNALLY-MANAGED"
+    file_type: file
+    recurse: yes
+  register: externally_managed_files
+  become: yes
+
+- name: Delete EXTERNALLY-MANAGED files
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ externally_managed_files.files }}"
+  when: externally_managed_files.matched > 0
+  become: yes

ansible/tasks/pull_image.yml

@@ -0,0 +1,17 @@
+---
+# Reusable snippet for pulling Docker images
+
+- name: Set {{ image_name }} image reference
+  set_fact:
+    "{{ image_var }}_image_ref": "{{ image_ref }}"
+
+- name: Ensure {{ image_name }} image is pulled
+  community.docker.docker_image:
+    name: "{{ image_ref }}"
+    source: pull
+  register: pulled_image
+
+- name: Save image result under dynamic key
+  set_fact:
+    container_images: >-
+      {{ container_images | default({}) | combine({ image_var: pulled_image }) }}