Create ansible playbooks to set up host system

admin/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+inventory = ./hosts

admin/hosts

@@ -0,0 +1,2 @@
+[dev]
+saffron.internal

admin/includes/00-configure-host-system/sources.list

@@ -0,0 +1,16 @@
+deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
+# deb-src http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
+
+deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
+# deb-src http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
+
+# trixie-updates, to get updates before a point release is made;
+# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
+deb http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
+# deb-src http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
+
+# This system was installed using small removable media
+# (e.g. netinst, live or single CD). The matching "deb cdrom"
+# entries were disabled at the end of the installation process.
+# For information about how to configure apt package sources,
+# see the sources.list(5) manual.

admin/playbooks/00-configure-host-system.yml

@@ -0,0 +1,71 @@
+---
+- hosts: dev
+  become: true
+  vars_files:
+    - "{{ inventory_dir }}/vars.yml"
+  tags:
+    - host
+  tasks:
+    - name: Upgrade base system to Debian Trixie
+      tags:
+        - apt
+        - requires_reboot
+      block:
+        - name: Update and upgrade base system packages
+          ansible.builtin.apt:
+            update_cache: true
+            upgrade: full
+            autoclean: true
+        - name: Change package sources file to pull from Trixie
+          ansible.builtin.copy:
+            src: "{{ inventory_dir }}/includes/00-configure-host-system/sources.list"
+            dest: "{{ etc_apt }}/sources.list"
+            backup: true
+        - name: Update base system to Trixie
+          ansible.builtin.apt:
+            clean: true
+            update_cache: true
+            upgrade: dist
+        - name: Reboot the system after dist upgrade
+          ansible.builtin.reboot:
+        - name: Autoremove old packages
+          ansible.builtin.apt:
+            autoremove: true
+    - name: Configure host system
+      tags:
+        - requires_reboot
+      block:
+        - name: Change hostname
+          ansible.builtin.command:
+            argv:
+              - hostnamectl
+              - set-hostname
+              - "{{ hostname }}"
+        - name: Generate UTF-8 locales
+          ansible.builtin.command:
+            argv:
+              - locale-gen
+              - en_US.utf8
+        - name: Reboot the host system after configuration
+          ansible.builtin.reboot:
+    - name: Enable and configure the firewall
+      block:
+        - name: Install nftables and firewalld
+          ansible.builtin.package:
+            name: nftables,firewalld
+            state: present
+        - name: Add all necessary services to firewalld
+          ansible.builtin.command:
+            argv:
+              - firewall-cmd
+              - --permanent
+              - --add-service=ssh
+              - --add-service=http
+              - --add-service=https
+              - --add-service=redis
+              - --add-service=postgresql
+        - name: Reload firewalld to apply service changes
+          ansible.builtin.command:
+            argv:
+              - firewall-cmd
+              - --reload

admin/vars.yml

@@ -0,0 +1,3 @@
+---
+etc_apt: "/etc/apt"
+hostname: saffron