v0.0.1
This commit is contained in:
commit
0236cddce7
37
README.md
Normal file
37
README.md
Normal file
@ -0,0 +1,37 @@
|
||||
Debian
|
||||
=========
|
||||
|
||||
Initial configuration of a Debian node.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
None.
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
is_new_host: boolean value to toggle non-idempotent steps (creating preseeds and editing the motd)
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
None.
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
- hosts: servers
|
||||
roles:
|
||||
- { role: ericomeehan.debian, is_new_host: true }
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
BSD
|
||||
|
||||
Author Information
|
||||
------------------
|
||||
|
||||
Eric O'Neill Meehan
|
||||
https://www.eom.dev/
|
||||
3
defaults/main.yml
Normal file
3
defaults/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
# defaults file for ericomeehan.debian
|
||||
is_new_host: false
|
||||
2
handlers/main.yml
Normal file
2
handlers/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
# handlers file for ericomeehan.debian
|
||||
52
meta/main.yml
Normal file
52
meta/main.yml
Normal file
@ -0,0 +1,52 @@
|
||||
galaxy_info:
|
||||
author: your name
|
||||
description: your role description
|
||||
company: your company (optional)
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||
# - BSD-3-Clause (default)
|
||||
# - MIT
|
||||
# - GPL-2.0-or-later
|
||||
# - GPL-3.0-only
|
||||
# - Apache-2.0
|
||||
# - CC-BY-4.0
|
||||
license: license (GPL-2.0-or-later, MIT, etc)
|
||||
|
||||
min_ansible_version: 2.1
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
# platforms:
|
||||
# - name: Fedora
|
||||
# versions:
|
||||
# - all
|
||||
# - 25
|
||||
# - name: SomePlatform
|
||||
# versions:
|
||||
# - all
|
||||
# - 1.0
|
||||
# - 7
|
||||
# - 99.99
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above, if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||
# Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
||||
53
tasks/main.yml
Normal file
53
tasks/main.yml
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
# tasks file for ericomeehan.debian
|
||||
- name: Update apt
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
||||
- name: Install debconf-utils
|
||||
when: is_new_host == true
|
||||
apt:
|
||||
name: debconf-utils
|
||||
state: present
|
||||
|
||||
- name: Create preseed file
|
||||
when: is_new_host == true
|
||||
shell: echo "#_preseed_V1" > /root/preseed.txt
|
||||
|
||||
- name: Append installer's debconf database to the preseed file
|
||||
when: is_new_host == true
|
||||
shell: debconf-get-selections --installer >> /root/preseed.txt
|
||||
|
||||
- name: Append debconf database to the preseed file
|
||||
when: is_new_host == true
|
||||
shell: debconf-get-selections >> /root/preseed.txt
|
||||
|
||||
- name: Append text from files/motd to the beginning of remote motd file
|
||||
when: is_new_host == true
|
||||
blockinfile:
|
||||
path: /etc/motd
|
||||
marker: ""
|
||||
block: |
|
||||
{{ lookup('file', 'files/motd') }}
|
||||
|
||||
- name: Copy nftables configuration template
|
||||
template:
|
||||
src: "nftables.conf.j2"
|
||||
dest: /etc/nftables.conf
|
||||
|
||||
- name: Enable nftables
|
||||
service:
|
||||
name: nftables
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Install prometheus node exporter
|
||||
apt:
|
||||
name: prometheus-node-exporter
|
||||
state: present
|
||||
|
||||
- name: Enable prometheus node exporter
|
||||
service:
|
||||
name: prometheus-node-exporter
|
||||
state: started
|
||||
enabled: true
|
||||
18
templates/nftables.conf.j2
Executable file
18
templates/nftables.conf.j2
Executable file
@ -0,0 +1,18 @@
|
||||
#!/usr/sbin/nft -f
|
||||
|
||||
flush ruleset
|
||||
|
||||
table inet filter {
|
||||
chain input {
|
||||
type filter hook input priority filter;
|
||||
{% for port in open_ports %}
|
||||
iifname "{{ port.interface }}" {{ port.protocol }} dport {{ port.port }} accept;
|
||||
{% endfor %}
|
||||
}
|
||||
chain forward {
|
||||
type filter hook forward priority filter;
|
||||
}
|
||||
chain output {
|
||||
type filter hook output priority filter;
|
||||
}
|
||||
}
|
||||
2
tests/inventory
Normal file
2
tests/inventory
Normal file
@ -0,0 +1,2 @@
|
||||
localhost
|
||||
|
||||
5
tests/test.yml
Normal file
5
tests/test.yml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- ericomeehan.debian
|
||||
2
vars/main.yml
Normal file
2
vars/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
# vars file for ericomeehan.debian
|
||||
Loading…
Reference in New Issue
Block a user