From f9c257d49d3e88c30df1edac5497a24f3d848b58 Mon Sep 17 00:00:00 2001 From: "Z. Charles Dziura" Date: Wed, 26 Mar 2025 20:58:49 -0400 Subject: [PATCH] Fix the base system setup playbook --- admin/playbooks/00-make-base-system.yml | 342 ++++++++++++------------ 1 file changed, 176 insertions(+), 166 deletions(-) diff --git a/admin/playbooks/00-make-base-system.yml b/admin/playbooks/00-make-base-system.yml index 44790a1..32981ee 100644 --- a/admin/playbooks/00-make-base-system.yml +++ b/admin/playbooks/00-make-base-system.yml @@ -2,200 +2,210 @@ - hosts: alpha become: true vars_files: - - '{{ inventory_dir }}/vars.yml' + - "{{ inventory_dir }}/vars.yml" tags: - - base + - base tasks: - - name: Upgrade base system to Trixie - tags: - - requires_reboot - block: - - name: Update base system packages - ansible.builtin.apt: - update_cache: true - upgrade: true + - name: Upgrade base system to Trixie + tags: + - host + - requires_reboot + block: + - name: Update base system packages + ansible.builtin.apt: + update_cache: true + upgrade: true - - name: Do full system upgrade - ansible.builtin.apt: - upgrade: full + - name: Do full system upgrade + ansible.builtin.apt: + upgrade: full - - name: Change package sources file to pull from Trixie - ansible.builtin.copy: - src: '{{ inventory_dir }}/includes/00-make-base-system/sources.list' - dest: '{{ etc_apt }}/sources.list' - backup: true + - name: Change package sources file to pull from Trixie + ansible.builtin.copy: + src: "{{ inventory_dir }}/includes/00-make-base-system/sources.list" + dest: "{{ etc_apt }}/sources.list" + backup: true - - name: Clear and fill local apt cache with Trixie packages - ansible.builtin.apt: - clean: true - update_cache: true + - name: Clear and fill local apt cache with Trixie packages + ansible.builtin.apt: + clean: true + update_cache: true - - name: Update base system packages to Trixie versions - ansible.builtin.apt: - upgrade: true + - name: Update base system packages to Trixie versions + ansible.builtin.apt: + upgrade: true - - name: Do full system upgrade for remaining Trixie versions - ansible.builtin.apt: - upgrade: full + - name: Do full system upgrade for remaining Trixie versions + ansible.builtin.apt: + upgrade: full - - name: Autoremove old packages - ansible.builtin.apt: - autoremove: true + - name: Autoremove old packages + ansible.builtin.apt: + autoremove: true - - name: Reboot the system - ansible.builtin.reboot: + - name: Reboot the system + ansible.builtin.reboot: - - name: Install necessary software packages - tags: - - base - ansible.builtin.package: - name: neovim,python3-pip,python3-pexpect,python3-psycopg2 - state: present - - - name: Enable and configure the firewall - tags: - - firewall - block: - - name: Install firewalld - ansible.builtin.package: - name: nftables,firewalld + - name: Install necessary software packages + tags: + - host + - base + ansible.builtin.package: + name: neovim,python3-pip,python3-pexpect,python3-psycopg2 state: present - - name: Define a firewalld service for CouchDB - ansible.builtin.copy: - src: '{{ inventory_dir }}/includes/00-make-base-system/couchdb.xml' - dest: '{{ etc_firewalld_services }}/couchdb.xml' + - name: Generate UTF-8 locales + tags: + - host + - base + ansible.builtin.command: + cmd: "locale-gen en_US.utf8" - - name: Reload firewalld - ansible.builtin.command: - cmd: 'firewall-cmd --reload' + - name: Enable and configure the firewall + tags: + - host + - firewall + block: + - name: Install firewalld + ansible.builtin.package: + name: nftables,firewalld + state: present - - name: Add all of the necessary services to firewalld - ansible.builtin.command: - cmd: 'firewall-cmd --permanent --add-service=http --add-service=https --add-service=redis --add-service=ssh --add-service=postgresql --add-service=couchdb' + - name: Define a firewalld service for CouchDB + ansible.builtin.copy: + src: "{{ inventory_dir }}/includes/00-make-base-system/couchdb.xml" + dest: "{{ etc_firewalld_services }}/couchdb.xml" - - name: Reload firewalld to apply service changes - ansible.builtin.command: - cmd: 'firewall-cmd --reload' + - name: Reload firewalld + ansible.builtin.command: + cmd: "firewall-cmd --reload" - - name: Install and set up databases - tags: - - database - block: - - name: Install Valkey and PostgreSQL - tags: - - postgres - ansible.builtin.package: - update_cache: true - name: valkey-server,postgresql - state: present + - name: Add all of the necessary services to firewalld + ansible.builtin.command: + cmd: "firewall-cmd --permanent --add-service=http --add-service=https --add-service=redis --add-service=ssh --add-service=postgresql --add-service=couchdb" - - name: Copy Postgres config file - tags: - - postgres - ansible.builtin.copy: - src: '{{ inventory_dir }}/includes/00-make-base-system/postgresql.conf' - dest: '{{ etc_postgres }}/postgresql.conf' + - name: Reload firewalld to apply service changes + ansible.builtin.command: + cmd: "firewall-cmd --reload" - - name: Copy Postgres pg_hba file - tags: - - postgres - ansible.builtin.copy: - src: '{{ inventory_dir }}/includes/00-make-base-system/pg_hba.conf' - dest: '{{ etc_postgres }}/pg_hba.conf' + - name: Install and set up databases + tags: + - database + block: + - name: Install Valkey and PostgreSQL + tags: + - postgres + ansible.builtin.package: + update_cache: true + name: valkey-server,postgresql + state: present - - name: Restart Postgres - tags: - - postgres - ansible.builtin.systemd_service: - name: postgresql.service - state: restarted + - name: Copy Postgres config file + tags: + - postgres + ansible.builtin.copy: + src: "{{ inventory_dir }}/includes/00-make-base-system/postgresql.conf" + dest: "{{ etc_postgres }}/postgresql.conf" - - name: Create DebtPirate database user account - # no_log: true - tags: - - postgres - ansible.builtin.expect: - command: 'su -c "createuser -d -P debt_pirate" - postgres' - creates: /root/.dp-user-created - responses: - 'Enter': HRURqlUmtjIy + - name: Copy Postgres pg_hba file + tags: + - postgres + ansible.builtin.copy: + src: "{{ inventory_dir }}/includes/00-make-base-system/pg_hba.conf" + dest: "{{ etc_postgres }}/pg_hba.conf" - - name: Create 'db user created' file - tags: - - postgres - ansible.builtin.file: - path: /root/.dp-user-created - state: touch + - name: Restart Postgres + tags: + - postgres + ansible.builtin.systemd_service: + name: postgresql.service + state: restarted - - name: Create DebtPirate database - tags: - - postgres - ansible.builtin.command: - cmd: 'su -c "createdb -E UTF8 -l en_US.UTF-8 -O debt_pirate debt_pirate" - postgres' - creates: /root/.dp-db-created + - name: Create DebtPirate database user account + # no_log: true + tags: + - postgres + ansible.builtin.expect: + command: 'su -c "createuser -d -P debt_pirate" - postgres' + creates: /root/.dp-user-created + responses: + "Enter": HRURqlUmtjIy - - name: Create 'db created' file - tags: - - postgres - ansible.builtin.file: - path: /root/.dp-db-created - state: touch + - name: Create 'db user created' file + tags: + - postgres + ansible.builtin.file: + path: /root/.dp-user-created + state: touch - - name: Copy Valkey conf file to destination - tags: - - valkey - ansible.builtin.copy: - src: '{{ inventory_dir }}/includes/00-make-base-system/valkey.conf' - dest: '{{ etc_valkey }}/valkey.conf' - backup: true + - name: Create DebtPirate database + tags: + - postgres + ansible.builtin.command: + cmd: 'su -c "createdb -T template0 -E UTF8 -l en_US.UTF-8 -O debt_pirate debt_pirate" - postgres' + creates: /root/.dp-db-created - - name: Copy Valkey acl file to destination - tags: - - valkey - ansible.builtin.copy: - src: '{{ inventory_dir }}/includes/00-make-base-system/users.acl' - dest: '{{ etc_valkey }}/users.acl' + - name: Create 'db created' file + tags: + - postgres + ansible.builtin.file: + path: /root/.dp-db-created + state: touch - - name: Restart Valkey - tags: - - valkey - ansible.builtin.systemd_service: - name: valkey.service - state: restarted + - name: Copy Valkey conf file to destination + tags: + - valkey + ansible.builtin.copy: + src: "{{ inventory_dir }}/includes/00-make-base-system/valkey.conf" + dest: "{{ etc_valkey }}/valkey.conf" + backup: true - # - name: Install build dependencies for ValkeyJSON - # tags: - # - valkey - # ansible.builtin.package: - # name: build-essential,clang,cmake,git,libssl-dev,libsystemd-dev,zip,pkg-config,tcl - # state: present + - name: Copy Valkey acl file to destination + tags: + - valkey + ansible.builtin.copy: + src: "{{ inventory_dir }}/includes/00-make-base-system/users.acl" + dest: "{{ etc_valkey }}/users.acl" - # - name: Download ValkeyJSON module - # tags: - # - valkey - # ansible.builtin.get_url: - # url: https://github.com/valkey-io/valkeyJSON/archive/refs/heads/unstable.zip - # dest: '{{ usr_src_valkey_json }}.zip' + - name: Restart Valkey + tags: + - valkey + ansible.builtin.systemd_service: + name: valkey.service + state: restarted - # - name: Unzip ValkeyJSON source - # tags: - # - valkey - # ansible.builtin.unarchive: - # remote_src: true - # src: '{{ usr_src_valkey_json }}.zip' - # dest: /usr/local/src + # - name: Install build dependencies for ValkeyJSON + # tags: + # - valkey + # ansible.builtin.package: + # name: build-essential,clang,cmake,git,libssl-dev,libsystemd-dev,zip,pkg-config,tcl + # state: present - # - name: Compile ValkeyJSON - # tags: - # - valkey - # environment: - # SERVER_VERSION: '{{ valkey_version }}' - # ansible.builtin.command: - # chdir: '{{ usr_src_valkey_json }}' - # cmd: '{{ usr_src_valkey_json }}/build.sh' + # - name: Download ValkeyJSON module + # tags: + # - valkey + # ansible.builtin.get_url: + # url: https://github.com/valkey-io/valkeyJSON/archive/refs/heads/unstable.zip + # dest: '{{ usr_src_valkey_json }}.zip' - # - name: Restart Valkey - # ansible.builtin.systemd_service: - # name: valkey.service - # state: restarted + # - name: Unzip ValkeyJSON source + # tags: + # - valkey + # ansible.builtin.unarchive: + # remote_src: true + # src: '{{ usr_src_valkey_json }}.zip' + # dest: /usr/local/src + + # - name: Compile ValkeyJSON + # tags: + # - valkey + # environment: + # SERVER_VERSION: '{{ valkey_version }}' + # ansible.builtin.command: + # chdir: '{{ usr_src_valkey_json }}' + # cmd: '{{ usr_src_valkey_json }}/build.sh' + + # - name: Restart Valkey + # ansible.builtin.systemd_service: + # name: valkey.service + # state: restarted