mmckinnon/homelab
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

merge baserole
Some checks failed
Deploy / Prepare Build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Matthew McKinnon
2025-09-11 20:34:50 +10:00
parent ab805a4ef8 4a88726fba
commit dba6210fd7
8 changed files with 198 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
build-debian-promox-template.yml
View File

@ -3,12 +3,6 @@
become: yes become: yes
tasks: tasks:
- name: Write notify script
ansible.builtin.template:
src: scripts/notify.sh.j2
dest: /tmp/notify.sh
- name: Delete existing template - name: Delete existing template
community.general.proxmox_kvm: community.general.proxmox_kvm:
api_host: "{{ api_host }}" api_host: "{{ api_host }}"
@ -21,9 +15,9 @@
- name: Download cloud-init image - name: Download cloud-init image
register: image register: image
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2" url: "https://cloud.debian.org/images/cloud/trixie/latest/debian-13-generic-amd64.qcow2"
dest: /tmp dest: /tmp
mode: '0644' mode: "0644"
force: true force: true
- name: Install Tools - name: Install Tools
@ -39,8 +33,6 @@
- name: Install Tools to cloud-init image - name: Install Tools to cloud-init image
ansible.builtin.shell: | ansible.builtin.shell: |
virt-copy-in -a {{ image.dest }} /tmp/notify.sh /usr/local/bin
virt-customize -a {{ image.dest }} --run-command 'chmod +x /usr/local/bin/notify.sh'
virt-customize -a {{ image.dest }} --run-command 'sed -i "s|primary.*|primary: https://deb.debian.org/debian|g" /etc/cloud/cloud.cfg' virt-customize -a {{ image.dest }} --run-command 'sed -i "s|primary.*|primary: https://deb.debian.org/debian|g" /etc/cloud/cloud.cfg'
virt-customize -a {{ image.dest }} --run-command 'apt update' virt-customize -a {{ image.dest }} --run-command 'apt update'
virt-customize -a {{ image.dest }} --install qemu-guest-agent virt-customize -a {{ image.dest }} --install qemu-guest-agent
@ -57,22 +49,22 @@
name: "debian-12-generic-amd64" name: "debian-12-generic-amd64"
agent: "enabled=1" agent: "enabled=1"
bios: ovmf bios: ovmf
boot: 'order=scsi0' boot: "order=scsi0"
cores: 4 cores: 4
sockets: 1 sockets: 1
machine: q35 machine: q35
memory: 4096 memory: 4096
ostype: "l26" ostype: "l26"
vga: std vga: std
scsihw: 'virtio-scsi-single' scsihw: "virtio-scsi-single"
net: net:
net0: 'virtio,bridge=vmbr0,firewall=1,tag=10' net0: "virtio,bridge=vmbr0,firewall=1,tag=10"
ipconfig: ipconfig:
ipconfig0: 'ip=dhcp' ipconfig0: "ip=dhcp"
template: true template: true
timeout: 600 timeout: 600
vmid: 10000 vmid: 10000
- name: Import HDD to Template - name: Import HDD to Template
command: command:
cmd: "qm set 10000 --scsi0 {{ storage_target }}:0,iothread=1,discard=on,import-from=/tmp/debian-12-generic-amd64.qcow2,format=raw" cmd: "qm set 10000 --scsi0 {{ storage_target }}:0,iothread=1,discard=on,import-from=/tmp/debian-13-generic-amd64.qcow2,format=raw"

33
main.yml
View File

@ -1,17 +1,12 @@
--- ---
- hosts: all - hosts: all
name: Configure all servers name: Configure all servers
tasks:
- name: Gather facts if run with tags
ansible.builtin.setup:
when: (ansible_run_tags | length) > 0
tags: always
- hosts: jellyfin
become: yes become: yes
tasks: gather_facts: yes
- include_tasks: tasks/base.yml
tags: base_install roles:
- role: base
tags: base_install
- hosts: cloud - hosts: cloud
become: yes become: yes
@ -72,10 +67,12 @@
path: /mnt/nfs/data path: /mnt/nfs/data
src: truenas.comprofix.xyz:/mnt/datapool/data src: truenas.comprofix.xyz:/mnt/datapool/data
tags: nfs_install tags: nfs_install
- role: traefik - role: traefik
vars: vars:
traefik_host: traefik02.comprofix.xyz traefik_host: traefik02.comprofix.xyz
tags: traefik_install tags: traefik_install
tasks: tasks:
- name: Deploy comprofix.com website - name: Deploy comprofix.com website
import_tasks: tasks/comprofix.com.yml import_tasks: tasks/comprofix.com.yml
@ -97,10 +94,6 @@
import_tasks: tasks/homepage.yml import_tasks: tasks/homepage.yml
tags: homepage_install tags: homepage_install
# - name: Deploy osTicket
# import_tasks: tasks/osticket.yml
# tags: osticket_install
- name: Deploy speedtest-tracker - name: Deploy speedtest-tracker
import_tasks: tasks/speedtest.yml import_tasks: tasks/speedtest.yml
tags: speedtest_install tags: speedtest_install
@ -125,10 +118,6 @@
import_tasks: tasks/radarr.yml import_tasks: tasks/radarr.yml
tags: radarr_install tags: radarr_install
# - name: Deploy readarr
# import_tasks: tasks/readarr.yml
# tags: readarr_install
- name: Deploy sonarr - name: Deploy sonarr
import_tasks: tasks/sonarr.yml import_tasks: tasks/sonarr.yml
tags: sonarr_install tags: sonarr_install
@ -162,8 +151,11 @@
- hosts: omada - hosts: omada
become: yes become: yes
pre_tasks: pre_tasks:
- name: Update packages
import_tasks: tasks/base.yml - name: Run base role to update packages
import_role:
name: base
tags: base_install
- name: Create directories - name: Create directories
file: file:
@ -176,6 +168,7 @@
tags: docker_install tags: docker_install
- role: nfs - role: nfs
mounts: mounts:
- name: Data share - name: Data share
path: /data path: /data
src: truenas.comprofix.xyz:/mnt/datapool/docker src: truenas.comprofix.xyz:/mnt/datapool/docker

26
roles/base/defaults/main.yml Normal file
View File

@ -0,0 +1,26 @@
---
install_packages: # Add addition packages here
- rsyslog
- htop
- vim-nox
- git
- zsh
- curl
- wget
- apt-transport-https
- ca-certificates
- gnupg2
- python3
- python3-pip
- nfs-common
- cron
- jq
- sudo
- logwatch
- sendemail
- libio-socket-ssl-perl
- libnet-ssleay-perl
- iptables-persistent
- rclone
- parted
- open-iscsi

26
roles/base/tasks/bookworm_to_trixie.yml Normal file
View File

@ -0,0 +1,26 @@
---
- name: Replace sources.list entries for Trixie
lineinfile:
path: /etc/apt/sources.list
regexp: "^deb "
line: "deb https://deb.debian.org/debian trixie main"
become: yes
- name: Update cache for Trixie
apt:
update_cache: yes
force_apt_get: yes
- name: Dist-upgrade to Trixie
apt:
upgrade: dist
force_apt_get: yes
register: trixie_upgrade
- name: Reboot after Trixie upgrade
reboot:
reboot_timeout: 600
test_command: whoami
when:
- ansible_virtualization_type != "lxc"
- trixie_upgrade.changed

17
roles/base/tasks/main.yml Normal file
View File

@ -0,0 +1,17 @@
---
# Gather initial facts
- name: Gather facts
ansible.builtin.setup:
# Update system and install packages
- import_tasks: system_update.yml
# Upgrade Bookworm -> Trixie if applicable
- import_tasks: bookworm_to_trixie.yml
when: ansible_distribution_release == "bookworm"
# Move to Trixie sources.list.d layout
- import_tasks: sources_list.yml
# Remove EXTERNALLY-MANAGED files
- import_tasks: python_cleanup.yml

17
roles/base/tasks/python_cleanup.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Find all EXTERNALLY-MANAGED files under /usr/lib/python*
find:
paths: /usr/lib
patterns: "EXTERNALLY-MANAGED"
file_type: file
recurse: yes
register: externally_managed_files
become: yes
- name: Delete EXTERNALLY-MANAGED files
file:
path: "{{ item.path }}"
state: absent
loop: "{{ externally_managed_files.files }}"
when: externally_managed_files.matched > 0
become: yes

42
roles/base/tasks/sources_list.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Remove old sources.list and sources.list.d
file:
path: "{{ item }}"
state: absent
loop:
- /etc/apt/sources.list
- /etc/apt/sources.list.d
become: yes
- name: Ensure sources.list.d directory exists
file:
path: /etc/apt/sources.list.d
state: directory
mode: 0755
become: yes
- name: Create Trixie sources.list.d
copy:
dest: /etc/apt/sources.list.d/debian.sources
content: |
Types: deb deb-src
URIs: https://deb.debian.org/debian
Suites: trixie trixie-updates trixie-backports
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: https://deb.debian.org/debian-security
Suites: trixie-security
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
owner: root
group: root
mode: 0644
become: yes
- name: Update APT cache after sources.list.d
apt:
update_cache: yes
force_apt_get: yes
become: yes

48
roles/base/tasks/system_update.yml Normal file
View File

@ -0,0 +1,48 @@
---
- name: Ensure debian-archive-keyring is installed
apt:
name: debian-archive-keyring
state: present
update_cache: yes
become: yes
- name: Update APT cache
apt:
update_cache: yes
force_apt_get: yes
when: ansible_distribution in ['Debian', 'Ubuntu']
- name: Upgrade all packages to latest
apt:
name: "*"
state: latest
force_apt_get: yes
when: ansible_distribution in ['Debian', 'Ubuntu']
register: upgrade_result
- name: Dist-upgrade packages
apt:
upgrade: dist
force_apt_get: yes
when: ansible_distribution in ['Debian', 'Ubuntu']
register: dist_upgrade_result
- name: Install required packages
apt:
name: "{{ install_packages }}"
state: present
become: yes
when: ansible_distribution in ['Debian', 'Ubuntu']
register: install_result
- name: Reboot if required after updates
reboot:
reboot_timeout: 600
test_command: whoami
when:
- upgrade_result.changed or dist_upgrade_result.changed or install_result.changed
- ansible_virtualization_type != "lxc"
become: yes
- name: Gather facts after reboot
setup: