Initial

2023-07-10 10:41:17 +03:00
commit dbb46eb92a
360 changed files with 13521 additions and 0 deletions
--- a/roles/base/tasks/system_setup/clock.yml
+++ b/roles/base/tasks/system_setup/clock.yml
@@ -0,0 +1,27 @@
+- name: system setup | clock | install systemd-timesyncd (ubuntu)
+  tags: ntp,system setup
+  package:
+    name: systemd-timesyncd
+    state: latest
+  when: ansible_distribution in ["Pop!_OS", "Ubuntu"]
+
+# Currently systemd-timesyncd for debian is available only in buster-backports
+- name: system setup | clock | install systemd-timesyncd (debian)
+  tags: ntp,system setup
+  apt:
+    name: systemd-timesyncd
+    default_release: buster-backports
+    state: latest
+  when: ansible_distribution == "Debian"
+
+- name: system setup | clock | start and enable systemd-timesyncd
+  tags: ntp,system settiings
+  service:
+    name: systemd-timesyncd
+    state: started
+    enabled: true
+
+- name: system setup | clock | set time zone
+  tags: ntp,timezone,system setup
+  timezone:
+    name: "America/Detroit"
--- a/roles/base/tasks/system_setup/locale.yml
+++ b/roles/base/tasks/system_setup/locale.yml
@@ -0,0 +1,24 @@
+# - name: system setup | locale | add en_US
+#   tags: locale,system,setup
+#   locale_gen:
+#     name: en_US.UTF-8
+#     state: present
+
+# - name: system setup | locale | set locale to en_US
+#   tags: locale,system,setup
+#   locale_gen:
+#     name: en_US.UTF-8
+#     state: present
+#   register: locale
+
+# - name: system setup | locale | set en_US as default locale
+#   tags: locale,system,setup
+#   command: localectl set-locale LANG=en_US.UTF-8
+#   when: locale.changed
+
+# - name: system setup | locale | remove en_GB
+#   tags: locale,system,setup
+#   locale_gen:
+#     name: en_GB.UTF-8
+#     state: absent
+#   when: locale.changed
--- a/roles/base/tasks/system_setup/logging.yml
+++ b/roles/base/tasks/system_setup/logging.yml
@@ -0,0 +1,13 @@
+- name: system setup | logging | adjust retention period
+  tags: systemd,journal,journald,sysctl,system setup
+  lineinfile:
+    dest: "/etc/systemd/journald.conf"
+    regexp: "^#MaxFileSec="
+    line: "MaxFileSec=5day"
+  register: journald_config
+
+- name: system setup | logging | restart journald (config changed)
+  service:
+    name: systemd-journald
+    state: restarted
+  when: journald_config.changed
--- a/roles/base/tasks/system_setup/memory.yml
+++ b/roles/base/tasks/system_setup/memory.yml
@@ -0,0 +1,26 @@
+- name: system setup | memory | adjust current swappiness
+  tags: swappiness,sysctl,system,setup
+  lineinfile:
+    dest: "/etc/sysctl.conf"
+    create: yes
+    regexp: "swappiness ="
+    line: "vm.swappiness = 5"
+  register: swappiness
+
+- name: system setup | memory | apply swappiness
+  tags: swappiness,sysctl,system,setup
+  command: sysctl vm.swappiness={{ swappiness_value }}
+  when: swappiness.changed
+
+- name: system setup | memory | install earlyoom package
+  tags: earlyoom,packages,system,setup
+  package:
+    name: earlyoom
+    state: latest
+
+- name: system setup | memory | enable and start earlyoom
+  tags: earlyoom,packages,system,setup
+  service:
+    name: earlyoom
+    enabled: yes
+    state: started
--- a/roles/base/tasks/system_setup/microcode.yml
+++ b/roles/base/tasks/system_setup/microcode.yml
@@ -0,0 +1,17 @@
+- name: system setup | microcode | install package for amd
+  tags: amd,cpu,microcode,system setup
+  package:
+    name: "{{ amd_microcode_package }}"
+    state: latest
+  when:
+    - microcode_amd_install is defined
+    - microcode_amd_install == true
+
+- name: system setup | microcode | install package for intel
+  tags: cpu,intel,microcode,system setup
+  package:
+    name: "{{ intel_microcode_package }}"
+    state: latest
+  when:
+    - microcode_intel_install is defined
+    - microcode_intel_install == true
--- a/roles/base/tasks/system_setup/openssh.yml
+++ b/roles/base/tasks/system_setup/openssh.yml
@@ -0,0 +1,32 @@
+- name: system setup | openssh | install or update daemon package
+  tags: openssh,ssh,system,settings
+  package:
+    name: "{{ openssh_package }}"
+    state: latest
+  notify: restart_sshd
+
+- name: system setup | openssh | enable daemon
+  tags: openssh,ssh,system,settings
+  service:
+    name: "{{ openssh_service }}"
+    enabled: yes
+    state: started
+
+- name: system setup | openssh | generate sshd_config file from template
+  tags: openssh,ssh,system,settings
+  template:
+    src: sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart_sshd
+
+- name: system setup | openssh | copy issue.net
+  tags: openssh,ssh,system,settings
+  copy:
+    src: system_setup/openssh_issue.net
+    dest: /etc/issue.net
+    owner: root
+    group: root
+    mode: 0644
--- a/roles/base/tasks/system_setup/scripts.yml
+++ b/roles/base/tasks/system_setup/scripts.yml
@@ -0,0 +1,18 @@
+- name: system setup | scripts | copy image_prep.sh script
+  tags: scripts
+  copy:
+    src: system_setup/image_prep.sh
+    dest: /usr/local/bin/image_prep.sh
+    owner: root
+    group: root
+    mode: 0755
+
+- name: system setup | scripts | copy pi_cpu_temp.py script
+  tags: scripts
+  copy:
+    src: system_setup/pi_cpu_temp.py
+    dest: /usr/local/bin/cpu_temp
+    owner: root
+    group: root
+    mode: 0755
+  when: ansible_architecture == "aarch64"