Add initial Ansible configuration and package management setup
- Create .gitignore to exclude .vscode directory
- Add ansible.cfg for Ansible configuration
- Define inventory for new machine
- Create playbook.yml for orchestrating tasks
- Set up common role with default variables, handlers, and tasks
- Implement package management tasks for installing packages from various sources
- Include appimage and flatpak package lists
This commit is contained in:
William Valentin
138
ansible/README.md
Normal file
138
ansible/README.md
Normal file
@@ -0,0 +1,138 @@
|
||||
# Ansible Playbooks for Machine Setup
|
||||
|
||||
This repository contains Ansible playbooks and roles for setting up a new machine, including common configurations, package installations, and user management.
|
||||
|
||||
## Table of Contents
|
||||
|
||||
- [Requirements](#requirements)
|
||||
- [Inventory](#inventory)
|
||||
- [Playbooks](#playbooks)
|
||||
- [Roles](#roles)
|
||||
- [Common Role](#common-role)
|
||||
- [Packages Role](#packages-role)
|
||||
- [Usage Examples](#usage-examples)
|
||||
- [Sensitive Data](#sensitive-data)
|
||||
|
||||
## Requirements
|
||||
|
||||
To run these Ansible playbooks, you need:
|
||||
|
||||
* **Ansible:** Version 2.10 or higher is recommended.
|
||||
* **Python:** Python 3 on both the control machine and target hosts.
|
||||
* **SSH Access:** Password-less SSH access (or password-based with `--ask-pass`) to your target machines.
|
||||
|
||||
## Inventory
|
||||
|
||||
The `inventory` file defines the hosts and groups that Ansible will manage. A typical `inventory` file might look like this:
|
||||
|
||||
```ini
|
||||
[new_machine]
|
||||
192.168.153.117 ansible_user=your_ssh_user ansible_ssh_pass=your_ssh_password
|
||||
|
||||
[all:vars]
|
||||
ansible_python_interpreter=/usr/bin/python3
|
||||
```
|
||||
|
||||
**Note:** Replace `192.168.153.117` with your target machine's IP address or hostname, `your_ssh_user` with your SSH username, and `your_ssh_password` with the SSH password if not using SSH keys.
|
||||
|
||||
## Playbooks
|
||||
|
||||
### `playbook.yml`
|
||||
|
||||
This is the main playbook that orchestrates the setup of a new machine by applying the `common` and `packages` roles.
|
||||
|
||||
To run the playbook:
|
||||
|
||||
```bash
|
||||
ansible-playbook -i inventory playbook.yml --ask-become-pass
|
||||
```
|
||||
|
||||
To perform a dry-run (check what changes would be made without applying them):
|
||||
|
||||
```bash
|
||||
ansible-playbook -i inventory playbook.yml --check
|
||||
```
|
||||
|
||||
## Roles
|
||||
|
||||
### Common Role
|
||||
|
||||
The `common` role (`roles/common/`) sets up basic system configurations, including:
|
||||
|
||||
* Setting the hostname.
|
||||
* Configuring network interfaces (WiFi and Ethernet).
|
||||
* Managing user accounts (e.g., `will` and root password).
|
||||
* Configuring SSH daemon settings.
|
||||
|
||||
**Variables:**
|
||||
|
||||
Default variables for this role are defined in `roles/common/defaults/main.yml`. You can override these variables in your inventory, group_vars, or by passing them via the command line.
|
||||
|
||||
**Tags:**
|
||||
|
||||
Tasks in the `common` role are tagged for selective execution:
|
||||
|
||||
* `hostname`: For tasks related to hostname configuration.
|
||||
* `network`: For tasks related to network configuration (includes `wifi` and `ethernet`).
|
||||
* `wifi`: Specifically for WiFi configuration.
|
||||
* `ethernet`: Specifically for Ethernet configuration.
|
||||
* `users`: For tasks related to user and password management.
|
||||
* `sshd`: For tasks related to SSH daemon configuration.
|
||||
|
||||
Example: To only run network-related tasks:
|
||||
|
||||
```bash
|
||||
ansible-playbook -i inventory playbook.yml --tags "network" --ask-become-pass
|
||||
```
|
||||
|
||||
### Packages Role
|
||||
|
||||
The `packages` role (`roles/packages/`) handles the installation of various software packages:
|
||||
|
||||
* Ensuring `yay` (AUR helper for Arch Linux) is installed.
|
||||
* Installing packages from `pkglist.txt` (using `pacman`).
|
||||
* Installing AUR packages from `aur_pkglist.txt` (using `yay`).
|
||||
* Installing Flatpak packages from `flatpak_pkglist.txt`.
|
||||
* Downloading AppImages from `appimage_pkglist.txt`.
|
||||
|
||||
**Variables:**
|
||||
|
||||
Default variables for this role, primarily file paths for package lists, are defined in `roles/packages/defaults/main.yml`.
|
||||
|
||||
**Tags:**
|
||||
|
||||
Tasks in the `packages` role are tagged for selective execution:
|
||||
|
||||
* `yay`: For tasks related to `yay` installation.
|
||||
* `pacman`: For tasks installing packages via `pacman`.
|
||||
* `aur`: For tasks installing packages via `yay` (AUR).
|
||||
* `flatpak`: For tasks installing Flatpak packages.
|
||||
* `appimage`: For tasks downloading AppImages.
|
||||
|
||||
Example: To only install Flatpak packages:
|
||||
|
||||
```bash
|
||||
ansible-playbook -i inventory playbook.yml --tags "flatpak" --ask-become-pass
|
||||
```
|
||||
|
||||
## Sensitive Data
|
||||
|
||||
This project contains sensitive information such as passwords. It is highly recommended to use **Ansible Vault** to encrypt sensitive variables and files. For example, you can encrypt `roles/common/defaults/main.yml` or specific variables within it.
|
||||
|
||||
To encrypt a file:
|
||||
|
||||
```bash
|
||||
ansible-vault encrypt roles/common/defaults/main.yml
|
||||
```
|
||||
|
||||
To view or edit an encrypted file:
|
||||
|
||||
```bash
|
||||
ansible-vault edit roles/common/defaults/main.yml
|
||||
```
|
||||
|
||||
When running playbooks with encrypted files, you will need to provide the vault password:
|
||||
|
||||
```bash
|
||||
ansible-playbook -i inventory playbook.yml --ask-vault-pass --ask-become-pass
|
||||
```
|
||||
Reference in New Issue
Block a user