diff --git a/admin/ansible.cfg b/admin/ansible.cfg new file mode 100644 index 0000000..34662e9 --- /dev/null +++ b/admin/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +inventory = ./hosts diff --git a/admin/hosts b/admin/hosts new file mode 100644 index 0000000..6529708 --- /dev/null +++ b/admin/hosts @@ -0,0 +1,2 @@ +[dev] +saffron.internal diff --git a/admin/includes/00-configure-host-system/sources.list b/admin/includes/00-configure-host-system/sources.list new file mode 100644 index 0000000..ebdbc91 --- /dev/null +++ b/admin/includes/00-configure-host-system/sources.list @@ -0,0 +1,16 @@ +deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware +# deb-src http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware + +deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware +# deb-src http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware + +# trixie-updates, to get updates before a point release is made; +# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports +deb http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware +# deb-src http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware + +# This system was installed using small removable media +# (e.g. netinst, live or single CD). The matching "deb cdrom" +# entries were disabled at the end of the installation process. +# For information about how to configure apt package sources, +# see the sources.list(5) manual. diff --git a/admin/playbooks/00-configure-host-system.yml b/admin/playbooks/00-configure-host-system.yml new file mode 100644 index 0000000..81b191d --- /dev/null +++ b/admin/playbooks/00-configure-host-system.yml @@ -0,0 +1,71 @@ +--- +- hosts: dev + become: true + vars_files: + - "{{ inventory_dir }}/vars.yml" + tags: + - host + tasks: + - name: Upgrade base system to Debian Trixie + tags: + - apt + - requires_reboot + block: + - name: Update and upgrade base system packages + ansible.builtin.apt: + update_cache: true + upgrade: full + autoclean: true + - name: Change package sources file to pull from Trixie + ansible.builtin.copy: + src: "{{ inventory_dir }}/includes/00-configure-host-system/sources.list" + dest: "{{ etc_apt }}/sources.list" + backup: true + - name: Update base system to Trixie + ansible.builtin.apt: + clean: true + update_cache: true + upgrade: dist + - name: Reboot the system after dist upgrade + ansible.builtin.reboot: + - name: Autoremove old packages + ansible.builtin.apt: + autoremove: true + - name: Configure host system + tags: + - requires_reboot + block: + - name: Change hostname + ansible.builtin.command: + argv: + - hostnamectl + - set-hostname + - "{{ hostname }}" + - name: Generate UTF-8 locales + ansible.builtin.command: + argv: + - locale-gen + - en_US.utf8 + - name: Reboot the host system after configuration + ansible.builtin.reboot: + - name: Enable and configure the firewall + block: + - name: Install nftables and firewalld + ansible.builtin.package: + name: nftables,firewalld + state: present + - name: Add all necessary services to firewalld + ansible.builtin.command: + argv: + - firewall-cmd + - --permanent + - --add-service=ssh + - --add-service=http + - --add-service=https + - --add-service=redis + - --add-service=postgresql + - name: Reload firewalld to apply service changes + ansible.builtin.command: + argv: + - firewall-cmd + - --reload diff --git a/admin/vars.yml b/admin/vars.yml new file mode 100644 index 0000000..ba1413e --- /dev/null +++ b/admin/vars.yml @@ -0,0 +1,3 @@ +--- +etc_apt: "/etc/apt" +hostname: saffron