chore: add base role

2025-09-10 21:43:11 +10:00
parent 12444311a4
commit 4a88726fba
12 changed files with 284 additions and 422 deletions
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@ -0,0 +1,26 @@
+---
+install_packages: # Add addition packages here
+  - rsyslog
+  - htop
+  - vim-nox
+  - git
+  - zsh
+  - curl
+  - wget
+  - apt-transport-https
+  - ca-certificates
+  - gnupg2
+  - python3
+  - python3-pip
+  - nfs-common
+  - cron
+  - jq
+  - sudo
+  - logwatch
+  - sendemail
+  - libio-socket-ssl-perl
+  - libnet-ssleay-perl
+  - iptables-persistent
+  - rclone
+  - parted
+  - open-iscsi
--- a/roles/base/tasks/bookworm_to_trixie.yml
+++ b/roles/base/tasks/bookworm_to_trixie.yml
@ -0,0 +1,26 @@
+---
+- name: Replace sources.list entries for Trixie
+  lineinfile:
+    path: /etc/apt/sources.list
+    regexp: "^deb "
+    line: "deb https://deb.debian.org/debian trixie main"
+  become: yes
+
+- name: Update cache for Trixie
+  apt:
+    update_cache: yes
+    force_apt_get: yes
+
+- name: Dist-upgrade to Trixie
+  apt:
+    upgrade: dist
+    force_apt_get: yes
+  register: trixie_upgrade
+
+- name: Reboot after Trixie upgrade
+  reboot:
+    reboot_timeout: 600
+    test_command: whoami
+  when:
+    - ansible_virtualization_type != "lxc"
+    - trixie_upgrade.changed
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -0,0 +1,17 @@
+---
+# Gather initial facts
+- name: Gather facts
+  ansible.builtin.setup:
+
+# Update system and install packages
+- import_tasks: system_update.yml
+
+# Upgrade Bookworm -> Trixie if applicable
+- import_tasks: bookworm_to_trixie.yml
+  when: ansible_distribution_release == "bookworm"
+
+# Move to Trixie sources.list.d layout
+- import_tasks: sources_list.yml
+
+# Remove EXTERNALLY-MANAGED files
+- import_tasks: python_cleanup.yml
--- a/roles/base/tasks/python_cleanup.yml
+++ b/roles/base/tasks/python_cleanup.yml
@ -0,0 +1,17 @@
+---
+- name: Find all EXTERNALLY-MANAGED files under /usr/lib/python*
+  find:
+    paths: /usr/lib
+    patterns: "EXTERNALLY-MANAGED"
+    file_type: file
+    recurse: yes
+  register: externally_managed_files
+  become: yes
+
+- name: Delete EXTERNALLY-MANAGED files
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ externally_managed_files.files }}"
+  when: externally_managed_files.matched > 0
+  become: yes
--- a/roles/base/tasks/sources_list.yml
+++ b/roles/base/tasks/sources_list.yml
@ -0,0 +1,42 @@
+---
+- name: Remove old sources.list and sources.list.d
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /etc/apt/sources.list
+    - /etc/apt/sources.list.d
+  become: yes
+
+- name: Ensure sources.list.d directory exists
+  file:
+    path: /etc/apt/sources.list.d
+    state: directory
+    mode: 0755
+  become: yes
+
+- name: Create Trixie sources.list.d
+  copy:
+    dest: /etc/apt/sources.list.d/debian.sources
+    content: |
+      Types: deb deb-src
+      URIs: https://deb.debian.org/debian
+      Suites: trixie trixie-updates trixie-backports
+      Components: main
+      Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+      Types: deb deb-src
+      URIs: https://deb.debian.org/debian-security
+      Suites: trixie-security
+      Components: main
+      Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+    owner: root
+    group: root
+    mode: 0644
+  become: yes
+
+- name: Update APT cache after sources.list.d
+  apt:
+    update_cache: yes
+    force_apt_get: yes
+  become: yes
--- a/roles/base/tasks/system_update.yml
+++ b/roles/base/tasks/system_update.yml
@ -0,0 +1,48 @@
+---
+- name: Ensure debian-archive-keyring is installed
+  apt:
+    name: debian-archive-keyring
+    state: present
+    update_cache: yes
+  become: yes
+
+- name: Update APT cache
+  apt:
+    update_cache: yes
+    force_apt_get: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+
+- name: Upgrade all packages to latest
+  apt:
+    name: "*"
+    state: latest
+    force_apt_get: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+  register: upgrade_result
+
+- name: Dist-upgrade packages
+  apt:
+    upgrade: dist
+    force_apt_get: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+  register: dist_upgrade_result
+
+- name: Install required packages
+  apt:
+    name: "{{ install_packages }}"
+    state: present
+  become: yes
+  when: ansible_distribution in ['Debian', 'Ubuntu']
+  register: install_result
+
+- name: Reboot if required after updates
+  reboot:
+    reboot_timeout: 600
+    test_command: whoami
+  when:
+    - upgrade_result.changed or dist_upgrade_result.changed or install_result.changed
+    - ansible_virtualization_type != "lxc"
+  become: yes
+
+- name: Gather facts after reboot
+  setup:
--- a/roles/docker/vars/main.yml
+++ b/roles/docker/vars/main.yml
@ -1,51 +1,21 @@
-$ANSIBLE_VAULT;1.1;AES256
-32396236613762346266373632613335306233666563346466653731653034613637656335636463
-3864336133316534333262373835643732303963353538320a343235363461613837383962303762
-62373739653137326664306563646632663661323339626636333461303132366133393266313833
-6137313537666138320a376334396531643233626265643538613133313866623236383338353035
-62623166316366393837313166646539376362383363353862303439303230376163366335353237
-66626130373762333536396265663262376335323162633961656139313435333765363163633161
-65393532663339363738623232316135326338656330303764633530663661626163343533643430
-63646337363636386337373435373939363434646161616638326665316636383362346232303763
-39656636643261383137306339633433613534313362636537393433656230613333333463396437
-32623630636464313665656562393766376330633038366534623634656535303237666332363638
-36373566303432653664383230626436663362323336336233396363353430353535336464376137
-33393762363330633963656161383535306365383062616466626266373637396338643930333931
-66373739303232393233303131663031333639346236633030346337313938383739386561386263
-36643831323930666665376237656163393532333438346332653562306532636530386365636331
-38643637613261373030323963656266613661656663643330383333336336383433393633383335
-65326130646536323861346437336362333630613034366639656536353430326366316530396436
-34636235336433666261386163316330363337393963643761646261633932666134316331386463
-63643463343162313162323537623764303564343438636133643162646530643435306262653838
-30376539303130303536316136383761333836646231316563633564643635376230313333653739
-38663032343736626461303835656662323064666139323935323534346362383636636237333937
-34616663666364323734643530343936383030326539623065356561633563653764386134633562
-37616463633931336233623335336331313463656132653331303530616332306332613936623130
-63616264333531303762663665323636663466313933393064623534653561343561633632636565
-39633435313963393034366336316665323339333962343666666533646632343666393332323635
-65653062643332663362343666643433336562353639656366623961306132313734613838336237
-36653962353839636662363335373238393433613037623364356637336562303765313466313166
-34326365393433646166653461333138386166663537343566633565316163323866333932366432
-34666532346164316232663964666132653232393264633066333734333238636135376263643937
-66353665353564353938343934363337396165616462336439363338343065306533653334636566
-35356231346431646237636662633030313135633663336163383965656136393238636334396137
-65613833666662353339616434623735386638656331643831383134626163386636313633323333
-34383862373634373732613333656437323436383962306163633833343430303336383433366336
-63313138383237373330623536383438306330373164336637646165313562343935656566653531
-30356365333863383165633634343230653735343164393030313339653563376435313832396266
-65623237393066666163363530356163313861323366373233383531386533623965306237623137
-33363239396634306466663535323736373333643266336164336230303836643939343335626339
-35373166616136633666323034313364613334303462616564383861343738653964663332616536
-32353135633331336239353834666237313939386334383261663532333139636363353436363864
-33396336623566346532613738353332643965623335653162323534613330663964353833333937
-30373761393834323964633039393339376538353261396331316336323333383064356363633264
-62613432313436353163383837363935373164366236343936313366623936336439613364336639
-63336536333732326236323761323033613965333763366237316431303363346263373131663338
-65376535386239353362326630396232623533626266376233326330316466383564313935663134
-65363839323134663537356663346437616662366463393036353736353664356538656163353562
-65323162663934653462353136353065333666353564313066613466663734623066623439613964
-36353035653163306661393335636430623233633962303033656539363265663135666663643164
-37613334653964366433646366613861336335373137393065373739363863626334316631323332
-66623465373730373231316265653330383061326231373931636132663233643735343564313636
-36313330336461616134663336306566646639383435396236383162366266366662383635333832
-3266363963363362343563653131373339666163663536653032
+---
+# vars file for docker
+docker_edition: "ce"
+docker_packages:
+  - "docker-{{ docker_edition }}"
+  - "docker-{{ docker_edition }}-cli"
+  - "docker-{{ docker_edition }}-rootless-extras"
+  - "containerd.io"
+  - "docker-ce"
+  - "docker-compose-plugin"
+# Docker repo URL.
+docker_url: https://download.docker.com/linux
+docker_apt_repository: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{docker_url}}/{{ ansible_distribution | lower}} {{ansible_distribution_release}} stable"
+docker_apt_ignore_key_error: true
+docker_apt_gpg_key: "{{ docker_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
+docker_apt_filename: "docker"
+# A list of users who will be added to the docker group.
+docker_users: [administrator] # CHANGE_ME!!! - Add addition users.
+# Docker daemon options as a dict
+docker_daemon_options: {}
--- a/roles/traefik/vars/main.yml
+++ b/roles/traefik/vars/main.yml
@ -1,14 +1,5 @@
-$ANSIBLE_VAULT;1.1;AES256
-61386364396339353533653064303734346336653531366139333738353461613037396365663265
-3731366362343630646162353636316565356563323135350a636335653931376137666139653739
-36306631376639336561643064386430633636343362646233623263356635636134303931356364
-6466383864366236320a376134623032383566643166626231323432373562373864333864653032
-63316630303362616337383833623733316131323764626532366338333566643834326236383232
-31646330363965386233383739336238336538666165383166393834643134663937393535333361
-34373236386339366436643733393030313331303537636233383864623435386166366537386633
-37653030313066393136616661356564373932643033663735656238313132396664623438343833
-65356539386435656433393933653939313635376639366163353336373661396230336533626238
-39643438313763343635393165376263666633363963623962643263323531616466656532646432
-62383430346666343465613436346637333336663562316165303864376464363566343165633665
-66353134313866393439323564353834346436326132643439383134623864333765616162353436
-6338
+---
+CF_API_EMAIL: support@comprofix.com
+CF_DNS_API_TOKEN: "YD_v2mcnXbJPGL1K-X-AGtoRu4uZs6um1b21DrOk"
+traefik_api_user: "admin"
+traefik_api_password: "wNvo7W4mG6nJ"