3.9 KiB
3.9 KiB
Ansible Shared Roles
Generic shared ansible roles for use in multiple ansible projects.
This is meant to be separate from your main ansible repo and symlinked into your roles folder
For example:
Main ansible is ~/Code/ansible Clone this repo into ~/Code/ansible-shared ln -s ~/Code/ansible-shared ~/Code/ansible/playbooks/roles/shared
Requirements
These shared roles are geared toward Debian 9 and 10 with a few compatible with Ubuntu.
File playbooks/group_vars/all has user directory like so...add all your users here
users:
# Root and toor
root:
id: 0
gid: 0
password: '{{ root_linux_password }}'
toor:
id: 1000
gid: 1000
password: '{{ toor_linux_password }}'
groups: '{{ superuser_groups }}'
File playbooks/group_vars/Debian.yml like so
# ------------------------------------------------------------------------------
# Debian specific variables
# ------------------------------------------------------------------------------
superuser: toor
supergroup: staff
sudogroup: sudo
superuser_groups: [sudo,users,staff,adm,cdrom,floppy,audio,dip,video,plugdev,netdev]
Make one for each of your OS types, a ManjroLinux.yml may look like so
# ------------------------------------------------------------------------------
# Manjaro specific variables
# ------------------------------------------------------------------------------
superuser: toor
supergroup: staff
sudogroup: wheel
superuser_groups: [wheel,users,staff,adm,sys,network,power,video,storage,lp,input,audio]
Your ansible.cfg should look about like so.
# Ansible configuration for defaults and path modifications
# mReschke 2020-04-02
[defaults]
remote_user = root
remote_tmp = /tmp/ansible-$USER
roles_path = ./roles
private_key_file = ~/.ssh/mreschke-root.key
vault_password_file = ~/.files/configs/ansible/vault.passwd
retry_files_enabled = False
display_skipped_hosts = False
force_color = 1
nocows = 1
Snippets
Quick helpers to remember common tasks
# Detect OS
when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "16.04"
when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
# Copy profiles to /etc/profile.d/
- include_tasks: ../../../functions/copy_etc-profile.d.yml
# Copy scripts to /usr/local/bin
- include_tasks: ../../../functions/copy_usr-local-bin.yml
# Copy globs
- name: Copying globs
copy:
src: "{{ item }}"
dest: /usr/local/bin/
owner: '{{ superuser }}'
group: '{{ supergroup }}'
mode: '0775'
with_fileglob:
- files/bin/*
# Copy nginx.conf
- name: Copying /etc/nginx/nginx.conf
copy:
src: nginx/nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
notify: restart nginx
# Template in a loop
- name: Templating ~/.getmail/config
template:
src: getmail
dest: '{{ "~" + item.username | expanduser }}/.getmail/config'
owner: '{{ item.username }}'
group: 'users'
mode: '0644'
with_items: "{{ getmail_users }}"
# Symlink in a loop
- name: Symlinking /store/apps/getmail to ~/Mail
file:
src: '/store/apps/getmail/{ item.email }'
dest: '{{ "~" + item.username | expanduser }}/Mail'
state: link
owner: '{{ item.username }}'
group: 'users'
with_items: "{{ getmail_users }}"
# Install common apps for all debian machines
- name: Installing Debian common applications
apt:
update_cache: yes
state: present
name:
- apt-transport-https
- openssh-server
# Creat directory /etc/nginx
- name: Create a directory if it does not exist
file:
path: /etc/nginx
state: directory
owner: '{{ superuser }}'
group: '{{ superuser }}'
mode: '0755'
# Set chown toor:toor -R /etc/nginx
- name: Applying ownership of /etc/nginx
file:
path: /etc/nginx
state: directory
recurse: yes
owner: '{{ superuser }}'
group: '{{ superuser }}'