diff options
| author | Freya Murphy <freya@freyacat.org> | 2026-04-30 20:40:58 -0400 |
|---|---|---|
| committer | Freya Murphy <freya@freyacat.org> | 2026-04-30 20:40:58 -0400 |
| commit | 8dc2b003c64904dffa931efbdaa99a1334430a7d (patch) | |
| tree | 9de942343fa6d870837e58d7e2b686cfb70b55d8 /roles/common/tasks | |
| parent | initial (diff) | |
| download | ansible-8dc2b003c64904dffa931efbdaa99a1334430a7d.tar.gz ansible-8dc2b003c64904dffa931efbdaa99a1334430a7d.tar.bz2 ansible-8dc2b003c64904dffa931efbdaa99a1334430a7d.zip | |
refactor
Diffstat (limited to 'roles/common/tasks')
| -rw-r--r-- | roles/common/tasks/caddy.yml | 49 | ||||
| -rw-r--r-- | roles/common/tasks/certs.yml | 13 | ||||
| -rw-r--r-- | roles/common/tasks/main.yml | 11 | ||||
| -rw-r--r-- | roles/common/tasks/packages.yml | 12 | ||||
| -rw-r--r-- | roles/common/tasks/ssh.yml | 31 | ||||
| -rw-r--r-- | roles/common/tasks/tmux.yml | 20 | ||||
| -rw-r--r-- | roles/common/tasks/zsh.yml | 40 |
7 files changed, 176 insertions, 0 deletions
diff --git a/roles/common/tasks/caddy.yml b/roles/common/tasks/caddy.yml new file mode 100644 index 0000000..3d2541e --- /dev/null +++ b/roles/common/tasks/caddy.yml @@ -0,0 +1,49 @@ +- name: Install caddy + package: + name: caddy + state: present + +- name: Ensure caddy group exists + group: + name: caddy + system: yes + state: present + +- name: Ensure caddy user exists + user: + name: caddy + group: caddy + system: yes + create_home: no + shell: /usr/sbin/nologin + state: present + +- name: Create caddy configuration directory + file: + path: /etc/caddy + state: directory + owner: caddy + group: caddy + mode: '0755' + +- name: Configure caddy + copy: + src: Caddyfile + dest: /etc/caddy/Caddyfile + owner: caddy + group: caddy + mode: '0664' + +- name: Ensure Caddy log file exists + file: + path: /var/log/caddy.log + state: touch + owner: caddy + group: caddy + mode: '0664' + +- name: Enable caddy service + service: + name: caddy + enabled: true + state: started diff --git a/roles/common/tasks/certs.yml b/roles/common/tasks/certs.yml new file mode 100644 index 0000000..cce2e73 --- /dev/null +++ b/roles/common/tasks/certs.yml @@ -0,0 +1,13 @@ +- name: Install ca-certificates + package: + name: ca-certificates + state: present + +- name: Install FreyaNET Root CA Cert + copy: + src: freyanet.crt + dest: /usr/local/share/ca-certificates/freyanet.crt + owner: root + group: root + mode: '0664' + notify: Update CA Certificates diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..74088a6 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,11 @@ +# baseline +- import_tasks: packages.yml +- import_tasks: certs.yml + +# programs +- import_tasks: zsh.yml +- import_tasks: tmux.yml + +# services +- import_tasks: caddy.yml +- import_tasks: ssh.yml diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml new file mode 100644 index 0000000..60fd285 --- /dev/null +++ b/roles/common/tasks/packages.yml @@ -0,0 +1,12 @@ +- name: Install base packages + package: + name: "{{ base_packages }}" + state: present + +- name: Install keys packages + package: + name: + - "{{ man_pkg }}" + - "{{ man_pages_pkg }}" + - "{{ bind_pkg }}" + - "{{ passwd_pkg }}" diff --git a/roles/common/tasks/ssh.yml b/roles/common/tasks/ssh.yml new file mode 100644 index 0000000..36498fb --- /dev/null +++ b/roles/common/tasks/ssh.yml @@ -0,0 +1,31 @@ +- name: Install openssh + package: + name: "{{ openssh_pkg }}" + state: present + +- name: Configure sshd + copy: + src: sshd_config + dest: /etc/ssh/sshd_config.d/10-freya.conf + owner: root + group: root + mode: '0664' + +- name: Remove old sshd config + file: + path: /etc/shh/sshd_config.d/freya.yml + state: absent + +- name: Configure sshd authorized keys + template: + src: authorized_keys.j2 + dest: /etc/ssh/authorized_keys + owner: root + group: root + mode: '0644' + +- name: Enable sshd service + service: + name: "{{ openssh_service }}" + enabled: true + state: started diff --git a/roles/common/tasks/tmux.yml b/roles/common/tasks/tmux.yml new file mode 100644 index 0000000..7f8a653 --- /dev/null +++ b/roles/common/tasks/tmux.yml @@ -0,0 +1,20 @@ +- name: Install tmux + package: + name: tmux + state: present + +- name: Configure tmux + copy: + src: tmux/tmux.conf + dest: /etc/tmux.conf + owner: root + group: root + mode: '0664' + +- name: Configure tmux window script + copy: + src: tmux/tmux-window.sh + dest: /usr/local/bin/tmux-window.sh + owner: root + group: root + mode: '0755' diff --git a/roles/common/tasks/zsh.yml b/roles/common/tasks/zsh.yml new file mode 100644 index 0000000..aabcfac --- /dev/null +++ b/roles/common/tasks/zsh.yml @@ -0,0 +1,40 @@ +- name: Install zsh + package: + name: zsh + state: present + +- name: Ensure zshrc.d directory exists + file: + path: /etc/zsh/zshrc.d + state: directory + mode: '0755' + +- name: Enable zshrc.d loading + blockinfile: + path: /etc/zsh/zshrc + block: | + # Load modular zsh config + if [ -d /etc/zsh/zshrc.d ]; then + for file in /etc/zsh/zshrc.d/*.zsh; do + [ -r "$file" ] && source "$file" + done + fi + when: ansible_distribution == "Debian" + +- name: Configure zsh + copy: + src: zshrc + dest: /etc/zsh/zshrc.d/10-freya.zsh + owner: root + group: root + mode: '0664' + +- name: Remove old zsh config + file: + path: /etc/zsh/zshrc.d/freya.yml + state: absent + +- name: Ensure root user shell is zsh + user: + name: root + shell: /bin/zsh |