--- - hosts: alpha become: true vars_files: - "{{ inventory_dir }}/vars.yml" tags: - base tasks: - name: Upgrade base system to Trixie tags: - host - requires_reboot block: - name: Update base system packages ansible.builtin.apt: update_cache: true upgrade: true - name: Do full system upgrade ansible.builtin.apt: upgrade: full - name: Change package sources file to pull from Trixie ansible.builtin.copy: src: "{{ inventory_dir }}/includes/00-make-base-system/sources.list" dest: "{{ etc_apt }}/sources.list" backup: true - name: Clear and fill local apt cache with Trixie packages ansible.builtin.apt: clean: true update_cache: true - name: Update base system packages to Trixie versions ansible.builtin.apt: upgrade: true - name: Do full system upgrade for remaining Trixie versions ansible.builtin.apt: upgrade: full - name: Autoremove old packages ansible.builtin.apt: autoremove: true - name: Reboot the system ansible.builtin.reboot: - name: Install necessary software packages tags: - host - base ansible.builtin.package: name: neovim,python3-pip,python3-pexpect,python3-psycopg2 state: present - name: Generate UTF-8 locales tags: - host - base ansible.builtin.command: cmd: "locale-gen en_US.utf8" - name: Enable and configure the firewall tags: - host - firewall block: - name: Install firewalld ansible.builtin.package: name: nftables,firewalld state: present - name: Define a firewalld service for CouchDB ansible.builtin.copy: src: "{{ inventory_dir }}/includes/00-make-base-system/couchdb.xml" dest: "{{ etc_firewalld_services }}/couchdb.xml" - name: Reload firewalld ansible.builtin.command: cmd: "firewall-cmd --reload" - name: Add all of the necessary services to firewalld ansible.builtin.command: cmd: "firewall-cmd --permanent --add-service=http --add-service=https --add-service=redis --add-service=ssh --add-service=postgresql --add-service=couchdb" - name: Reload firewalld to apply service changes ansible.builtin.command: cmd: "firewall-cmd --reload" - name: Install and set up databases tags: - database block: - name: Install Valkey and PostgreSQL tags: - postgres ansible.builtin.package: update_cache: true name: valkey-server,postgresql state: present - name: Copy Postgres config file tags: - postgres ansible.builtin.copy: src: "{{ inventory_dir }}/includes/00-make-base-system/postgresql.conf" dest: "{{ etc_postgres }}/postgresql.conf" - name: Copy Postgres pg_hba file tags: - postgres ansible.builtin.copy: src: "{{ inventory_dir }}/includes/00-make-base-system/pg_hba.conf" dest: "{{ etc_postgres }}/pg_hba.conf" - name: Restart Postgres tags: - postgres ansible.builtin.systemd_service: name: postgresql.service state: restarted - name: Create DebtPirate database user account # no_log: true tags: - postgres ansible.builtin.expect: command: 'su -c "createuser -d -P debt_pirate" - postgres' creates: /root/.dp-user-created responses: "Enter": HRURqlUmtjIy - name: Create 'db user created' file tags: - postgres ansible.builtin.file: path: /root/.dp-user-created state: touch - name: Create DebtPirate database tags: - postgres ansible.builtin.command: cmd: 'su -c "createdb -T template0 -E UTF8 -l en_US.UTF-8 -O debt_pirate debt_pirate" - postgres' creates: /root/.dp-db-created - name: Create 'db created' file tags: - postgres ansible.builtin.file: path: /root/.dp-db-created state: touch - name: Copy Valkey conf file to destination tags: - valkey ansible.builtin.copy: src: "{{ inventory_dir }}/includes/00-make-base-system/valkey.conf" dest: "{{ etc_valkey }}/valkey.conf" backup: true - name: Copy Valkey acl file to destination tags: - valkey ansible.builtin.copy: src: "{{ inventory_dir }}/includes/00-make-base-system/users.acl" dest: "{{ etc_valkey }}/users.acl" - name: Restart Valkey tags: - valkey ansible.builtin.systemd_service: name: valkey.service state: restarted # - name: Install build dependencies for ValkeyJSON # tags: # - valkey # ansible.builtin.package: # name: build-essential,clang,cmake,git,libssl-dev,libsystemd-dev,zip,pkg-config,tcl # state: present # - name: Download ValkeyJSON module # tags: # - valkey # ansible.builtin.get_url: # url: https://github.com/valkey-io/valkeyJSON/archive/refs/heads/unstable.zip # dest: '{{ usr_src_valkey_json }}.zip' # - name: Unzip ValkeyJSON source # tags: # - valkey # ansible.builtin.unarchive: # remote_src: true # src: '{{ usr_src_valkey_json }}.zip' # dest: /usr/local/src # - name: Compile ValkeyJSON # tags: # - valkey # environment: # SERVER_VERSION: '{{ valkey_version }}' # ansible.builtin.command: # chdir: '{{ usr_src_valkey_json }}' # cmd: '{{ usr_src_valkey_json }}/build.sh' # - name: Restart Valkey # ansible.builtin.systemd_service: # name: valkey.service # state: restarted