Fix the base system setup playbook

2025-03-26 20:58:49 -04:00 · 2025-03-26 20:58:49 -04:00 · f9c257d49d
commit f9c257d49d
parent 582e7015a9
1 changed files with 176 additions and 166 deletions
--- a/admin/playbooks/00-make-base-system.yml
+++ b/admin/playbooks/00-make-base-system.yml
@ -2,200 +2,210 @@
 - hosts: alpha
  become: true
  vars_files:
-    - '{{ inventory_dir }}/vars.yml'
+      - "{{ inventory_dir }}/vars.yml"
  tags:
-    - base
+      - base
  tasks:
-    - name: Upgrade base system to Trixie
+      - name: Upgrade base system to Trixie
-      tags:
+        tags:
-        - requires_reboot
+            - host
-      block:
+            - requires_reboot
-        - name: Update base system packages
+        block:
-          ansible.builtin.apt:
+            - name: Update base system packages
-            update_cache: true
+              ansible.builtin.apt:
-            upgrade: true
+                  update_cache: true
                  upgrade: true
-        - name: Do full system upgrade
+            - name: Do full system upgrade
-          ansible.builtin.apt:
+              ansible.builtin.apt:
-            upgrade: full
+                  upgrade: full
-        - name: Change package sources file to pull from Trixie
+            - name: Change package sources file to pull from Trixie
-          ansible.builtin.copy:
+              ansible.builtin.copy:
-            src: '{{ inventory_dir }}/includes/00-make-base-system/sources.list'
+                  src: "{{ inventory_dir }}/includes/00-make-base-system/sources.list"
-            dest: '{{ etc_apt }}/sources.list'
+                  dest: "{{ etc_apt }}/sources.list"
-            backup: true
+                  backup: true
-        - name: Clear and fill local apt cache with Trixie packages
+            - name: Clear and fill local apt cache with Trixie packages
-          ansible.builtin.apt:
+              ansible.builtin.apt:
-            clean: true
+                  clean: true
-            update_cache: true
+                  update_cache: true
-        - name: Update base system packages to Trixie versions
+            - name: Update base system packages to Trixie versions
-          ansible.builtin.apt:
+              ansible.builtin.apt:
-            upgrade: true
+                  upgrade: true
-        - name: Do full system upgrade for remaining Trixie versions
+            - name: Do full system upgrade for remaining Trixie versions
-          ansible.builtin.apt:
+              ansible.builtin.apt:
-            upgrade: full
+                  upgrade: full
-        - name: Autoremove old packages
+            - name: Autoremove old packages
-          ansible.builtin.apt:
+              ansible.builtin.apt:
-            autoremove: true
+                  autoremove: true
-        - name: Reboot the system
+            - name: Reboot the system
-          ansible.builtin.reboot:
+              ansible.builtin.reboot:
-    - name: Install necessary software packages
+      - name: Install necessary software packages
-      tags:
+        tags:
-        - base
+            - host
-      ansible.builtin.package:
+            - base
-        name: neovim,python3-pip,python3-pexpect,python3-psycopg2
+        ansible.builtin.package:
-        state: present
+            name: neovim,python3-pip,python3-pexpect,python3-psycopg2
    - name: Enable and configure the firewall
      tags:
        - firewall
      block:
        - name: Install firewalld
          ansible.builtin.package:
            name: nftables,firewalld
            state: present
-        - name: Define a firewalld service for CouchDB
+      - name: Generate UTF-8 locales
-          ansible.builtin.copy:
+        tags:
-            src: '{{ inventory_dir }}/includes/00-make-base-system/couchdb.xml'
+            - host
-            dest: '{{ etc_firewalld_services }}/couchdb.xml'
+            - base
        ansible.builtin.command:
            cmd: "locale-gen en_US.utf8"
-        - name: Reload firewalld
+      - name: Enable and configure the firewall
-          ansible.builtin.command:
+        tags:
-            cmd: 'firewall-cmd --reload'
+            - host
            - firewall
        block:
            - name: Install firewalld
              ansible.builtin.package:
                  name: nftables,firewalld
                  state: present
-        - name: Add all of the necessary services to firewalld
+            - name: Define a firewalld service for CouchDB
-          ansible.builtin.command:
+              ansible.builtin.copy:
-            cmd: 'firewall-cmd --permanent --add-service=http --add-service=https --add-service=redis --add-service=ssh --add-service=postgresql --add-service=couchdb'
+                  src: "{{ inventory_dir }}/includes/00-make-base-system/couchdb.xml"
                  dest: "{{ etc_firewalld_services }}/couchdb.xml"
-        - name: Reload firewalld to apply service changes
+            - name: Reload firewalld
-          ansible.builtin.command:
+              ansible.builtin.command:
-            cmd: 'firewall-cmd --reload'
+                  cmd: "firewall-cmd --reload"
-    - name: Install and set up databases
+            - name: Add all of the necessary services to firewalld
-      tags:
+              ansible.builtin.command:
-        - database
+                  cmd: "firewall-cmd --permanent --add-service=http --add-service=https --add-service=redis --add-service=ssh --add-service=postgresql --add-service=couchdb"
      block:
        - name: Install Valkey and PostgreSQL
          tags:
            - postgres
          ansible.builtin.package:
            update_cache: true
            name: valkey-server,postgresql
            state: present
-        - name: Copy Postgres config file
+            - name: Reload firewalld to apply service changes
-          tags:
+              ansible.builtin.command:
-            - postgres
+                  cmd: "firewall-cmd --reload"
          ansible.builtin.copy:
            src: '{{ inventory_dir }}/includes/00-make-base-system/postgresql.conf'
            dest: '{{ etc_postgres }}/postgresql.conf'
-        - name: Copy Postgres pg_hba file
+      - name: Install and set up databases
-          tags:
+        tags:
-            - postgres
+            - database
-          ansible.builtin.copy:
+        block:
-            src: '{{ inventory_dir }}/includes/00-make-base-system/pg_hba.conf'
+            - name: Install Valkey and PostgreSQL
-            dest: '{{ etc_postgres }}/pg_hba.conf'
+              tags:
                  - postgres
              ansible.builtin.package:
                  update_cache: true
                  name: valkey-server,postgresql
                  state: present
-        - name: Restart Postgres
+            - name: Copy Postgres config file
-          tags:
+              tags:
-            - postgres
+                  - postgres
-          ansible.builtin.systemd_service:
+              ansible.builtin.copy:
-            name: postgresql.service
+                  src: "{{ inventory_dir }}/includes/00-make-base-system/postgresql.conf"
-            state: restarted
+                  dest: "{{ etc_postgres }}/postgresql.conf"
-        - name: Create DebtPirate database user account
+            - name: Copy Postgres pg_hba file
-          # no_log: true
+              tags:
-          tags:
+                  - postgres
-            - postgres
+              ansible.builtin.copy:
-          ansible.builtin.expect:
+                  src: "{{ inventory_dir }}/includes/00-make-base-system/pg_hba.conf"
-            command: 'su -c "createuser -d -P debt_pirate" - postgres'
+                  dest: "{{ etc_postgres }}/pg_hba.conf"
            creates: /root/.dp-user-created
            responses:
              'Enter': HRURqlUmtjIy
-        - name: Create 'db user created' file
+            - name: Restart Postgres
-          tags:
+              tags:
-            - postgres
+                  - postgres
-          ansible.builtin.file:
+              ansible.builtin.systemd_service:
-            path: /root/.dp-user-created
+                  name: postgresql.service
-            state: touch
+                  state: restarted
-        - name: Create DebtPirate database
+            - name: Create DebtPirate database user account
-          tags:
+              # no_log: true
-            - postgres
+              tags:
-          ansible.builtin.command:
+                  - postgres
-            cmd: 'su -c "createdb -E UTF8 -l en_US.UTF-8 -O debt_pirate debt_pirate" - postgres'
+              ansible.builtin.expect:
-            creates: /root/.dp-db-created
+                  command: 'su -c "createuser -d -P debt_pirate" - postgres'
                  creates: /root/.dp-user-created
                  responses:
                      "Enter": HRURqlUmtjIy
-        - name: Create 'db created' file
+            - name: Create 'db user created' file
-          tags:
+              tags:
-            - postgres
+                  - postgres
-          ansible.builtin.file:
+              ansible.builtin.file:
-            path: /root/.dp-db-created
+                  path: /root/.dp-user-created
-            state: touch
+                  state: touch
-        - name: Copy Valkey conf file to destination
+            - name: Create DebtPirate database
-          tags:
+              tags:
-            - valkey
+                  - postgres
-          ansible.builtin.copy:
+              ansible.builtin.command:
-            src: '{{ inventory_dir }}/includes/00-make-base-system/valkey.conf'
+                  cmd: 'su -c "createdb -T template0 -E UTF8 -l en_US.UTF-8 -O debt_pirate debt_pirate" - postgres'
-            dest: '{{ etc_valkey }}/valkey.conf'
+                  creates: /root/.dp-db-created
            backup: true
-        - name: Copy Valkey acl file to destination
+            - name: Create 'db created' file
-          tags:
+              tags:
-            - valkey
+                  - postgres
-          ansible.builtin.copy:
+              ansible.builtin.file:
-            src: '{{ inventory_dir }}/includes/00-make-base-system/users.acl'
+                  path: /root/.dp-db-created
-            dest: '{{ etc_valkey }}/users.acl'
+                  state: touch
-        - name: Restart Valkey
+            - name: Copy Valkey conf file to destination
-          tags:
+              tags:
-            - valkey
+                  - valkey
-          ansible.builtin.systemd_service:
+              ansible.builtin.copy:
-            name: valkey.service
+                  src: "{{ inventory_dir }}/includes/00-make-base-system/valkey.conf"
-            state: restarted
+                  dest: "{{ etc_valkey }}/valkey.conf"
                  backup: true
-        # - name: Install build dependencies for ValkeyJSON
+            - name: Copy Valkey acl file to destination
-        #   tags:
+              tags:
-        #     - valkey
+                  - valkey
-        #   ansible.builtin.package:
+              ansible.builtin.copy:
-        #     name: build-essential,clang,cmake,git,libssl-dev,libsystemd-dev,zip,pkg-config,tcl
+                  src: "{{ inventory_dir }}/includes/00-make-base-system/users.acl"
-        #     state: present
+                  dest: "{{ etc_valkey }}/users.acl"
-        # - name: Download ValkeyJSON module
+            - name: Restart Valkey
-        #   tags:
+              tags:
-        #     - valkey
+                  - valkey
-        #   ansible.builtin.get_url:
+              ansible.builtin.systemd_service:
-        #     url: https://github.com/valkey-io/valkeyJSON/archive/refs/heads/unstable.zip
+                  name: valkey.service
-        #     dest: '{{ usr_src_valkey_json }}.zip'
+                  state: restarted
-        # - name: Unzip ValkeyJSON source
+            # - name: Install build dependencies for ValkeyJSON
-        #   tags:
+            #   tags:
-        #     - valkey
+            #     - valkey
-        #   ansible.builtin.unarchive:
+            #   ansible.builtin.package:
-        #     remote_src: true
+            #     name: build-essential,clang,cmake,git,libssl-dev,libsystemd-dev,zip,pkg-config,tcl
-        #     src: '{{ usr_src_valkey_json }}.zip'
+            #     state: present
        #     dest: /usr/local/src
-        # - name: Compile ValkeyJSON
+            # - name: Download ValkeyJSON module
-        #   tags:
+            #   tags:
-        #     - valkey
+            #     - valkey
-        #   environment:
+            #   ansible.builtin.get_url:
-        #     SERVER_VERSION: '{{ valkey_version }}'
+            #     url: https://github.com/valkey-io/valkeyJSON/archive/refs/heads/unstable.zip
-        #   ansible.builtin.command:
+            #     dest: '{{ usr_src_valkey_json }}.zip'
        #     chdir: '{{ usr_src_valkey_json }}'
        #     cmd: '{{ usr_src_valkey_json }}/build.sh'
-        # - name: Restart Valkey
+            # - name: Unzip ValkeyJSON source
-        #   ansible.builtin.systemd_service:
+            #   tags:
-        #     name: valkey.service
+            #     - valkey
-        #     state: restarted
+            #   ansible.builtin.unarchive:
            #     remote_src: true
            #     src: '{{ usr_src_valkey_json }}.zip'
            #     dest: /usr/local/src
            # - name: Compile ValkeyJSON
            #   tags:
            #     - valkey
            #   environment:
            #     SERVER_VERSION: '{{ valkey_version }}'
            #   ansible.builtin.command:
            #     chdir: '{{ usr_src_valkey_json }}'
            #     cmd: '{{ usr_src_valkey_json }}/build.sh'
            # - name: Restart Valkey
            #   ansible.builtin.systemd_service:
            #     name: valkey.service
            #     state: restarted