Compare commits

..

80 Commits

Author SHA1 Message Date
95ef8d2f66 Update cups 2024-08-10 02:07:49 +02:00
8354afb237 Update inventory 2024-08-10 01:50:38 +02:00
55c2bd4c8d Add cups-server 2024-08-10 01:50:31 +02:00
2745e352f9 Update authorized_keys 2024-08-10 01:41:53 +02:00
5c17fcbd2d Move network to separate ansible repository 2023-12-15 00:41:42 +01:00
3fa34c3993 Add Quest 3 2023-12-14 18:08:30 +01:00
09b833a39f Add wled devices 2023-12-08 21:40:28 +01:00
aae96be073 Add WLED and Twinkly 2023-11-29 14:43:22 +01:00
db6703d593 Add db-backup role 2023-11-20 03:35:20 +01:00
0b2e37c5fa Add Rack-PWR 2023-11-16 15:25:18 +01:00
b1a43444b1 Add Prusa mk3.9 2023-11-05 22:24:32 +01:00
ce48eec66c Add thor mac-mini 2023-09-27 23:51:54 +02:00
2f28e05210 Add bt-proxy-bathroom 2023-09-27 23:13:16 +02:00
03c06ce6ee Add molly-guard to ubuntu 2023-09-24 20:47:49 +02:00
c22906c943 Fix glusterfs 2023-09-24 20:45:45 +02:00
7db4b129d8 Add node-05 2023-09-24 19:14:02 +02:00
96735f7a3f Add pikvm 2023-09-24 00:03:25 +02:00
840f3629bc Update docker-cluster role for ubuntu 22.04 2023-09-24 00:02:59 +02:00
4f89c4f67e Update router interval 2023-07-22 22:47:20 +02:00
f4861fc0a6 Add telegraf to router 2023-07-21 09:21:57 +02:00
6065471faa Add node_explorer to laptop 2023-07-05 21:55:26 +02:00
1824d25c63 Fix main.yml 2023-07-02 23:03:14 +02:00
dda2fe89a2 Split download to arm64 and armv7 versions 2023-07-02 23:02:32 +02:00
3ae7fcf67e Fix check docker script to run only on manager nodes 2023-06-01 00:13:25 +02:00
26bf4a2096 Add git and make to ubuntu 2023-05-28 00:28:57 +02:00
39af684fb7 Update docker cluster
add glusterfs client
2023-05-28 00:25:10 +02:00
6a6a488abd Fix ubuntu task 2023-05-28 00:17:15 +02:00
4660131d3a Update network 2023-05-28 00:13:16 +02:00
d8b0857bb5 Fix motd task for armbian 2023-05-28 00:13:01 +02:00
9bbec96481 Update ubuntu task 2023-05-28 00:12:48 +02:00
32400cb845 Fix reverse dns lookup 2023-05-14 13:31:30 +02:00
d8c901424c Switch network to update to live system 2023-05-11 22:37:41 +02:00
c1480a8403 Add steamdeck second mac 2023-05-11 22:36:45 +02:00
3897553eb4 Update iot network 2023-05-11 22:23:34 +02:00
8b257378b8 Provide password for backup 2023-02-05 18:14:20 +01:00
b17c4b2709 Add duplicity 2023-02-05 16:34:01 +01:00
257b710ce3 Add uatu 2023-02-05 00:22:08 +01:00
19f52d682e Add octolapse to octoprint 2022-11-22 00:01:21 +01:00
c67d5aee47 Add video group to octoprint 2022-10-25 23:41:09 +02:00
7d3bd3a728 Update octoprint plugins 2022-10-25 23:40:57 +02:00
Przemek Grondek
79b3a32763 Add laptop ssh key 2022-10-18 13:31:18 +02:00
f84934fc9f Update hosts 2022-10-15 12:00:18 +02:00
07dff137bd Fix main yml tasks 2022-10-15 12:00:06 +02:00
4bbaf632be Add library for octoprint 2022-10-15 11:59:51 +02:00
ad74e4c750 add steamdeck 2022-10-12 23:14:35 +02:00
3f8b039d8a Add pepper vm 2022-10-06 00:21:51 +02:00
9e232de5a7 Fix Prometheus account comment 2022-08-25 23:16:09 +02:00
e8836162eb Remove snap 2022-08-25 23:15:00 +02:00
e7c3e1eed2 Update networks 2022-08-01 23:57:18 +02:00
6321f2a36e Fix heartbeat 2022-06-05 02:28:53 +02:00
5b76f14734 Add remote_server 2022-06-04 22:56:07 +02:00
fe000e168f Restore main file 2022-06-04 22:47:20 +02:00
802144ecb6 Add cleanup docker cron tasks 2022-05-03 02:08:24 +02:00
c884417347 Update octoprint plugins 2022-04-15 01:36:26 +02:00
802fb5fa72 Update docker task 2022-04-15 00:44:59 +02:00
1d5c60b126 Update network 2022-03-06 21:36:14 +01:00
907d20cf3a Update network 2021-12-05 03:03:55 +01:00
d84c0b939d Update network 2021-12-05 03:03:38 +01:00
1e73f8da8c Fix node_explorer install 2021-09-19 18:47:14 +02:00
cdcd75e20d Add node_explorer 2021-09-19 17:34:38 +02:00
b0074be80e Update network 2021-09-02 00:20:58 +02:00
662d16db2c Fix router script 2021-09-02 00:18:49 +02:00
2770d0990f Add touch ui to octoprint 2021-08-30 21:16:25 +02:00
pgrondek
eeb1f834c7 Fix i2c rtc 2021-07-01 19:59:40 +02:00
pgrondek
f6ec2e72ea Remove desktop role 2021-07-01 18:59:09 +02:00
pgrondek
a95fad071a Fix i2c-clock 2021-03-09 11:33:26 +01:00
pgrondek
8a2e3f0c93 Add ssh external 2021-02-25 18:52:15 +01:00
pgrondek
925289b675 Add ssh external 2021-02-24 02:53:29 +01:00
pgrondek
79497476c2 Update network 2021-02-23 19:37:52 +01:00
pgrondek
318c638df7 Update octoprint 2021-02-23 19:37:36 +01:00
607a9374db Add i2c clock 2021-01-25 21:50:02 +01:00
e6060ff9bc Update monitor script 2021-01-01 04:00:12 +01:00
205b780ace Fix watchdog 2020-12-03 23:54:55 +01:00
26d4a5019b Add watchdog for docker cluster 2020-12-03 22:06:20 +01:00
pgrondek
750dc27d46 Network 2020-11-29 01:12:15 +01:00
pgrondek
b8e7b41ad1 DNS/DHCP 2020-10-16 00:02:46 +02:00
pgrondek
756f50f416 Add Octoprint-WiFiStatus plugin 2020-10-12 18:43:11 +02:00
pgrondek
9925b775f5 Update octoprint plugin url 2020-10-02 23:39:47 +02:00
pgrondek
f06d6831e4 Update script for network restarts 2020-09-11 08:18:57 +02:00
pgrondek
83c561fc1d Add Procrastinator plugin for octoprint 2020-08-23 14:53:23 +02:00
69 changed files with 1214 additions and 146 deletions

View File

@ -1,17 +1,43 @@
---
all:
hosts:
prusa.lan:
iron-man.lan:
router.lan:
router:
ansible_host: 192.168.50.2
vars:
ip: 2
mac: 2c:b0:5d:4a:72:62
bender:
ansible_host: 192.168.50.3
home-assistant:
ansible_host: 192.168.60.100
uatu:
ansible_host: 192.168.50.106
dymo:
ansible_host: 192.168.50.109
node-cluster:
ansible_host: 192.168.50.151
remote_server:
ansible_host:
ansible_become_password:
ansible_user: ubuntu
children:
raspberry:
hosts:
dymo:
uatu:
lan:
hosts:
bender:
home-assistant:
prusa:
children:
docker_cluster:
hosts:
node-01.lan:
ansible_host: 192.168.50.101
node-02.lan:
ansible_host: 192.168.50.102
node-03.lan:
ansible_host: 192.168.50.103
node-x86.lan:
ansible_host: 192.168.50.186
node-cluster:
ubuntu:
hosts:
uatu:
debian:
hosts:
dymo:

View File

@ -1,4 +0,0 @@
---
- hosts: localhost
roles:
- desktop

View File

@ -1,22 +1,25 @@
---
- hosts: iron-man.lan
roles:
- ssh
- ubuntu
- hosts: prusa.lan
roles:
- ssh
- octoprint
- ubuntu
- hosts: docker_cluster
roles:
- node_explorer
- ssh
- docker-cluster
- ubuntu
- hosts: router.lan
- hosts: remote_server
roles:
- router
- docker
- hosts: uatu.lan
roles:
- db-backup
- ssh
- ubuntu
- docker
- duplicity
- node_explorer
- hosts: dymo
roles:
- ssh
- cups-server

View File

@ -0,0 +1,153 @@
#
# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
PageLogFormat
# Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation.
MaxLogSize 0
# Default error policy for printers
ErrorPolicy retry-job
# Allow remote access
Port 631
Listen /run/cups/cups.sock
# Show shared printers on the local network.
Browsing Yes
BrowseLocalProtocols dnssd
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Web interface setting...
WebInterface Yes
# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
IdleExitTimeout 60
# Restrict access to the server...
<Location />
# Allow remote access...
Order allow,deny
Allow all
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
# Restrict access to log files...
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>

View File

@ -0,0 +1,12 @@
- name: copy mysql backup
become: yes
copy:
src: "cupsd.conf"
dest: "/etc/cups/cupsd.conf"
owner: root
mode: '0600'
- name: restart cups
systemd:
name: cups
state: restarted

View File

@ -0,0 +1,15 @@
---
- become: yes
block:
- name: install needed packages
apt:
update_cache: yes
pkg:
- cups
- printer-driver-dymo
- name: add current user to lpadmin group
user:
name: "{{ ansible_user_id }}"
append: yes
groups: lpadmin

View File

@ -0,0 +1,4 @@
---
- import_tasks: install.yml
- import_tasks: config.yml

View File

@ -0,0 +1,23 @@
#!/usr/bin/env bash
set -x
HOST=192.168.50.100
USER=root
PASS=
DEST=/srv/backup/db/mysql
DATABASES=$(mysql -h $HOST -u $USER -p$PASS -s -N -e "SHOW DATABASES;")
DIR="${DEST}/$(date +"%F")"
mkdir -p "$DIR"
for db in $DATABASES; do
FILE="${DIR}/$db.sql.gz"
echo "backing up $db to $FILE"
[ "$db" != "information_schema" ] && [ "$db" != "mysql" ] && [ "$db" != "performance_schema" ] && [ "$db" != "sys" ] || continue
# Be sure to make one backup per day
[ -f $FILE ] && continue
mysqldump --single-transaction --routines --quick -h $HOST -u $USER -p$PASS -B "$db" | gzip > "$FILE"
done

View File

@ -0,0 +1,24 @@
#!/usr/bin/env bash
set -x
HOST=192.168.50.100
PORT=5432
USER=postgres
PASS=
DEST=/srv/backup/db/postgres
DATABASES=$(PGPASSWORD="$PASS" psql -h $HOST -p $PORT -U $USER -l -t | cut -d'|' -f1 | sed -e 's/ //g' -e '/^$/d')
DIR="${DEST}/$(date +"%F")"
mkdir -p "$DIR"
for db in $DATABASES; do
FILE="${DIR}/$db.sql.gz"
echo "backing up $db to $FILE"
[ "$db" != "postgres" ] && [ "$db" != "template0" ] && [ "$db" != "template1" ] || continue
# Be sure to make one backup per day
[ -f $FILE ] && continue
PGPASSWORD="$PASS" pg_dump --username=$USER --host=$HOST --port=$PORT "$db" | gzip > "$FILE"
done

View File

@ -0,0 +1,24 @@
#!/usr/bin/env bash
set -x
HOST=192.168.50.100
PORT=5433
USER=postgres
PASS=
DEST=/srv/backup/db/postgres
DATABASES=$(PGPASSWORD="$PASS" psql -h $HOST -p $PORT -U $USER -l -t | cut -d'|' -f1 | sed -e 's/ //g' -e '/^$/d')
DIR="${DEST}/$(date +"%F")"
mkdir -p "$DIR"
for db in $DATABASES; do
FILE="${DIR}/$db.sql.gz"
echo "backing up $db to $FILE"
[ "$db" != "postgres" ] && [ "$db" != "template0" ] && [ "$db" != "template1" ] || continue
# Be sure to make one backup per day
[ -f $FILE ] && continue
PGPASSWORD="$PASS" pg_dump --username=$USER --host=$HOST --port=$PORT "$db" | gzip > "$FILE"
done

View File

@ -0,0 +1,9 @@
---
- name: create db-backup account
become: yes
user:
name: "{{ account.name }}"
comment: "{{ account.comment }}"
system: yes
password_lock: yes
home: "{{ account.home }}"

View File

@ -0,0 +1,23 @@
- name: copy mysql backup
become: yes
copy:
src: "mysql-backup.sh"
dest: "{{ account.home }}/mysql-backup.sh"
owner: "{{ account.name }}"
mode: '0755'
- name: copy postgres backup
become: yes
copy:
src: "postgres-backup.sh"
dest: "{{ account.home }}/postgres-backup.sh"
owner: "{{ account.name }}"
mode: '0755'
- name: copy postgres backup
become: yes
copy:
src: "postgres-backup2.sh"
dest: "{{ account.home }}/postgres-backup2.sh"
owner: "{{ account.name }}"
mode: '0755'

View File

@ -0,0 +1,36 @@
---
- become: yes
block:
- name: install needed tools
apt:
update_cache: yes
pkg:
- postgresql-client-common
- mysql-client-8.0
- name: Add cron task for backup mysql
become: yes
ansible.builtin.cron:
user: "{{ account.name }}"
name: "Backup mysql"
minute: "0"
hour: "4"
job: "{{ account.home }}/mysql-backup.sh"
- name: Add cron task for backup postgres
become: yes
ansible.builtin.cron:
user: "{{ account.name }}"
name: "Backup postgres"
minute: "10"
hour: "4"
job: "{{ account.home }}/postgres-backup.sh"
- name: Add cron task for backup postgres2
become: yes
ansible.builtin.cron:
user: "{{ account.name }}"
name: "Backup postgres 2"
minute: "20"
hour: "4"
job: "{{ account.home }}/postgres-backup2.sh"

View File

@ -0,0 +1,6 @@
---
- import_tasks: account.yml
- import_tasks: copy-scripts.yml
- import_tasks: install.yml

View File

@ -0,0 +1,5 @@
---
account:
name: db-backup
comment: Database Backup account
home: /home/db-backup

Binary file not shown.

Before

Width:  |  Height:  |  Size: 178 B

View File

@ -1,7 +0,0 @@
[Desktop Entry]
Encoding=UTF-8
Name=Dwm
Comment=Dynamic window manager
Exec=dwm
Icon=dwm
Type=XSession

View File

@ -1,41 +0,0 @@
---
- name: install required packages
apt:
update_cache: yes
pkg:
- git
- make
- libx11-dev
- libxft-dev
- libxinerama-dev
- libxcb-res0-dev
- libx11-xcb-dev
- name: checkout
shell:
cmd: |
mkdir -p ~/src
cd ~/src
git clone {{ dwm-repo }}
- name: build dwm
make:
chdir: ~/src/dwm
- name: copy xsession
become: yes
copy:
src: usr/share/xsessions/dwm.desktop
dest: /usr/share/xsessions/dwm.desktop
- name: copy icon
become: yes
copy:
src: usr/share/icons/dwm.png
dest: /usr/share/icons/dwm.png
- name: install dwm
become: yes
make:
chdir: ~/src/dwm
target: install

View File

@ -1,4 +0,0 @@
---
- import_tasks: setup.yml
- import_tasks: dwm.yml

View File

@ -1,9 +0,0 @@
---
- block:
become: yes
- name: install git and make
apt:
update_cache: yes
pkg:
- git
- make

View File

@ -1,3 +0,0 @@
---
dwm-repo: https://github.com/pgrondek/dwm.git
st-repo: https://github.com/pgrondek/stterm.git

View File

@ -1 +1,2 @@
node-02 IPaddr::192.168.50.100/24/eth0:0
node-02 ssh-external::start

View File

@ -0,0 +1,28 @@
#!/usr/bin/env bash
SERVICE=sshd-external
case "$1" in
start)
systemctl start "${SERVICE}"
;;
stop)
systemctl stop "${SERVICE}"
;;
reload)
systemctl reload "${SERVICE}"
;;
force-reload)
systemctl force-reload "${SERVICE}"
;;
restart)
systemctl restart "${SERVICE}"
;;
status)
systemctl status "${SERVICE}"
;;
*)
echo "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|status}" || true
exit 1
;;
esac

View File

@ -0,0 +1,128 @@
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 8022
#AddressFamily any
ListenAddress 192.168.50.100
#ListenAddress ::
HostKey /etc/ssh/ssh_external_host_rsa_key
HostKey /etc/ssh/ssh_external_host_ecdsa_key
HostKey /etc/ssh/ssh_external_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
PidFile /var/run/sshd-external.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
HostCertificate /etc/ssh/ssh_external_host_dsa_key-cert.pub
HostCertificate /etc/ssh/ssh_external_host_ecdsa_key-cert.pub
HostCertificate /etc/ssh/ssh_external_host_rsa_key-cert.pub

View File

@ -0,0 +1,19 @@
[Unit]
Description=OpenBSD Secure Shell server
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
[Install]
WantedBy=multi-user.target
Alias=sshd-external.service

View File

@ -0,0 +1,7 @@
- name: install modules for docker networks
when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "22.04"
become: yes
apt:
update_cache: yes
pkg:
- linux-modules-extra-raspi

View File

@ -0,0 +1,17 @@
- name: Clean docker system
become: yes
ansible.builtin.cron:
user: root
name: "clean docker system"
minute: "0"
hour: "3"
job: "/usr/bin/docker system prune -f"
- name: Clean docker image cache
become: yes
ansible.builtin.cron:
user: root
name: "clean docker system"
minute: "0"
hour: "3"
job: "/usr/bin/docker image prune -a -f"

View File

@ -0,0 +1,14 @@
---
- name: Create hostfile
become: yes
template:
src: usr/local/sbin/check-docker.j2
dest: /usr/local/sbin/check-docker
mode: '0755'
- name: create cron
become: yes
cron:
name: "check docker"
minute: "*/15"
job: "/usr/local/sbin/check-docker"

View File

@ -0,0 +1,16 @@
---
- become: yes
block:
- name: install glusterfs-client
apt:
update_cache: yes
pkg:
- glusterfs-client
- name: add mount for glusterfs data
mount:
path: /srv
src: 192.168.50.100:/gv0
fstype: glusterfs
state: present
opts: defaults, p_netdev

View File

@ -35,3 +35,15 @@
name: "{{ansible_user_id}}"
groups: docker
append: yes
- name: start and enable docker
systemd:
name: docker
state: started
enabled: true
- name: add current user to docker group
user:
name: "{{ ansible_user_id }}"
append: yes
groups: docker

View File

@ -1,7 +1,20 @@
---
- name: install needed packages
become: yes
- become: yes
block:
- name: install needed packages
apt:
update_cache: yes
pkg:
- docker.io
- name: start and enable docker
systemd:
name: docker
state: started
enabled: true
- name: add current user to docker group
user:
name: "{{ ansible_user_id }}"
append: yes
groups: docker

View File

@ -5,9 +5,18 @@
- import_tasks: install-docker-io.yml
when: ansible_distribution == "Ubuntu" and ansible_distribution_version != "18.04"
- import_tasks: dependencies.yml
- import_tasks: nfs-client.yml
- import_tasks: gluster.yml
- import_tasks: hearthbeat.yml
- import_tasks: hostfile.yml
- import_tasks: docker-watcher.yml
- import_tasks: ssh-external.yml
- import_tasks: docker-cron.yml

View File

@ -0,0 +1,24 @@
---
- become: yes
block:
- name: copy config
copy:
owner: root
group: root
mode: 0600
directory_mode: yes
src: etc/ssh
dest: /etc
- name: copy ha.d resource ssh-external
copy:
owner: root
group: root
mode: 0755
src: etc/ha.d/resource.d/ssh-external
dest: /etc/ha.d/resource.d/ssh-external
- name: add systemd service
copy:
src: lib/systemd/system/sshd-external.service
dest: /lib/systemd/system/sshd-external.service

View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
docker node ls
if [ $? == 1 ]; then
echo "This is not a docker swarm node exiting"
exit 1
fi
docker node inspect {{ ansible_hostname }} --format "{{ '{{' }} .Status.State {{ '}}' }}" | grep -q 'ready'
if [ $? == 1 ]; then
echo "Docker is down restarting"
service docker restart
else
echo "Docker is ok"
fi

View File

@ -0,0 +1,17 @@
- name: Clean docker system
become: yes
ansible.builtin.cron:
user: root
name: "clean docker system"
minute: "0"
hour: "3"
job: "/usr/bin/docker system prune -f"
- name: Clean docker image cache
become: yes
ansible.builtin.cron:
user: root
name: "clean docker system"
minute: "0"
hour: "3"
job: "/usr/bin/docker image prune -a -f"

View File

@ -0,0 +1,49 @@
---
- become: yes
block:
- name: install needed packages
apt:
update_cache: yes
pkg:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
- name: add docker gpg key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: add docker repo
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
state: present
filename: docker
- name: install docker
apt:
update_cache: yes
pkg:
- docker-ce
- docker-ce-cli
- containerd.io
- name: add current user to docker group
user:
name: "{{ansible_user_id}}"
groups: docker
append: yes
- name: start and enable docker
systemd:
name: docker
state: started
enabled: true
- name: add current user to docker group
user:
name: "{{ ansible_user_id }}"
append: yes
groups: docker

View File

@ -0,0 +1,20 @@
---
- become: yes
block:
- name: install needed packages
apt:
update_cache: yes
pkg:
- docker.io
- name: start and enable docker
systemd:
name: docker
state: started
enabled: true
- name: add current user to docker group
user:
name: "{{ ansible_user_id }}"
append: yes
groups: docker

View File

@ -0,0 +1,8 @@
---
- import_tasks: install-docker-ce.yml
when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "18.04"
- import_tasks: install-docker-io.yml
when: ansible_distribution == "Ubuntu" and ansible_distribution_version != "18.04"
- import_tasks: docker-cron.yml

View File

@ -0,0 +1,24 @@
#!/usr/bin/env bash
source /home/duplicity/email-settings.sh
MAX_TIME="3M"
FULL_BACKUP_EVERY="1M"
SOURCE="/mnt/MAIN"
DESTINATION="onedrive://duplicity/nas"
LOG="/home/duplicity/backup.log"
rm $LOG
PASSPHRASE="$PASSPHRASE" duplicity remove-older-than $MAX_TIME $DESTINATION >> $LOG
PASSPHRASE="$PASSPHRASE" duplicity --full-if-older-than $FULL_BACKUP_EVERY $SOURCE $DESTINATION >> $LOG
sendemail \
-f "$EMAIL_SENDER" \
-t "$EMAIL_RECEIPIENT" \
-u "Duplicity backup log" \
-message-file=$LOG \
-s "$EMAIL_SERVER" \
-xu "$EMAIL_USER" \
-xp "$EMAIL_PASSWORD" \
-o "tls=$EMAIL_TLS"

View File

@ -0,0 +1,9 @@
---
- name: create duplicity account
become: yes
user:
name: duplicity
comment: Duplicity account
system: yes
password_lock: yes
home: /home/duplicity

View File

@ -0,0 +1,18 @@
---
- name: copy configuration
become: yes
copy:
src: backup.sh
dest: /home/duplicity/backup.sh
mode: '0750'
owner: duplicity
group: duplicity
- name: Create cron job for autobackup
become: yes
ansible.builtin.cron:
user: duplicity
name: "Backup"
minute: "0"
hour: "3"
job: "/home/duplicity/backup.sh"

View File

@ -0,0 +1,12 @@
---
- become: yes
block:
- name: install needed packages
apt:
update_cache: yes
pkg:
- duplicity
- python3-requests-oauthlib
- sendemail
- libio-socket-ssl-perl
- libnet-ssleay-perl

View File

@ -0,0 +1,6 @@
---
- import_tasks: account.yml
- import_tasks: install.yml
- import_tasks: cron.yml

View File

@ -0,0 +1 @@
rtc-ds1307

View File

@ -0,0 +1,22 @@
[Unit]
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
DefaultDependencies=no
Wants=dev-rtc_i2c.device
After=dev-rtc_i2c.device
Before=sysinit.target
Conflicts=shutdown.target
[Service]
Type=oneshot
CapabilityBoundingSet=CAP_SYS_TIME
PrivateTmp=yes
ProtectSystem=full
ProtectHome=yes
DeviceAllow=/dev/rtc rw
DevicePolicy=closed
ExecStart=/bin/sh -c "/usr/bin/echo ds1307 0x68 > /sys/class/i2c-adapter/i2c-1/new_device"
ExecStartPost=/usr/bin/logger --tag rtc-i2c 'System clock set from i2c hardware clock'
[Install]
WantedBy=sysinit.target

View File

@ -0,0 +1,6 @@
#/lib/udev/rules.d/50-udev-default.rules:SUBSYSTEM=="rtc", ATTR{hctosys}=="1", SYMLINK+="rtc"
#/lib/udev/rules.d/50-udev-default.rules:SUBSYSTEM=="rtc", KERNEL=="rtc0", SYMLINK+="rtc", OPTIONS+="link_priority=-100"
# I2C RTC, when added and not the source of the sys clock (kernel), is used ;
# separate name to ensure rtc-i2c.service will not be run on anything else
ACTION=="add", SUBSYSTEMS=="i2c", SUBSYSTEM=="rtc", KERNEL=="rtc0", ATTR{hctosys}=="0", SYMLINK+="rtc_i2c", TAG+="systemd"

View File

@ -0,0 +1,36 @@
---
- become: yes
block:
- name: install i2c-tools
become: yes
apt:
update_cache: yes
pkg:
- i2c-tools
- libraspberrypi-bin
- name: enable i2c-rtc dtoverlay
shell:
cmd: |
dtoverlay i2c-rtc
- name: enable automatic module load
copy:
src: etc/modules-load.d/rtc-ds1307.conf
dest: /etc/modules-load.d/rtc-ds1307.conf
- name: add systemd service
copy:
src: etc/systemd/system/rtc-i2c.service
dest: /etc/systemd/system/rtc-i2c.service
- name: disable systemd service
systemd:
daemon_reload: yes
name: rtc-i2c.service
enabled: no
- name: enable systemd service
systemd:
name: rtc-i2c.service
enabled: yes

View File

@ -0,0 +1,6 @@
---
- import_tasks: install.yml
- import_tasks: set-time.yml
- import_tasks: remove-fake-clock.yml

View File

@ -0,0 +1,8 @@
---
- name: uninstall fakehw
become: yes
apt:
update_cache: yes
state: absent
pkg:
- fake-hwclock

View File

@ -0,0 +1,22 @@
---
- name: Check if rtc is loaded
stat:
path: /dev/rtc
register: rtc_file
- become: yes
when: rtc_file.stat.exists == False
block:
- name: load hwclock
shell:
cmd: |
modprobe rtc-ds1307
echo ds1307 0x68 > /sys/class/i2c-adapter/i2c-1/new_device
- name: update time
shell:
cmd: |
hwclock -w
- name: read time
shell:
cmd: |
hwclock -r

View File

@ -0,0 +1,13 @@
[Unit]
Description=node_exporter
Wants=network-online.target
After=network-online.target
[Service]
User=prometheus
Group=prometheus
Type=simple
ExecStart=/usr/local/sbin/node_exporter
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,10 @@
---
- name: create prometheus account
become: yes
user:
name: prometheus
comment: Prometheus account
system: yes
password_lock: yes
home: /nonexistent
create_home: no

View File

@ -0,0 +1,49 @@
---
- name: Create temp dir
file:
path: /tmp/node_exporter
state: directory
- name: Download node-explorer
when: ansible_architecture == "aarch64"
unarchive:
src: https://github.com/prometheus/node_exporter/releases/download/v{{version}}/node_exporter-{{version}}.linux-arm64.tar.gz
dest: /tmp/node_exporter
remote_src: yes
mode: 0755
- name: Download node-explorer
when: ansible_architecture == "x86_64"
unarchive:
src: https://github.com/prometheus/node_exporter/releases/download/v{{version}}/node_exporter-{{version}}.linux-amd64.tar.gz
dest: /tmp/node_exporter
remote_src: yes
mode: 0755
- name: Download node-explorer
when: ansible_architecture == "armv7l"
unarchive:
src: https://github.com/prometheus/node_exporter/releases/download/v{{version}}/node_exporter-{{version}}.linux-armv7.tar.gz
dest: /tmp/node_exporter
remote_src: yes
mode: 0755
- name: get folder name
shell: ls /tmp/node_exporter
register: dir_name
- name: Move to /usr/local/sbin
become: yes
command: cp -ra /tmp/node_exporter/{{ dir_name.stdout }}/node_exporter /usr/local/sbin/node_exporter
- name: Remove temp directory
become: yes
file:
path: /tmp/node_exporter
state: absent
- name: change chmod
become: yes
file:
path: /usr/local/sbin/node_exporter
mode: '0755'

View File

@ -0,0 +1,6 @@
---
- import_tasks: account.yml
- import_tasks: install.yml
- import_tasks: service.yml

View File

@ -0,0 +1,13 @@
---
- become: yes
block:
- name: copy systemd service config
copy:
src: lib/systemd/system/node_explorer.service
dest: /lib/systemd/system/node_explorer.service
- name: enable systemd service
systemd:
name: node_explorer
enabled: yes
state: started

View File

@ -0,0 +1,2 @@
---
version: 1.2.2

View File

@ -6,7 +6,7 @@ After=network.target
User=octoprint
Group=octoprint
Restart=always
ExecStart=/home/octoprint/.local/bin/octoprint
ExecStart=/home/octoprint/bin/octoprint
Type=simple
[Install]

View File

@ -4,7 +4,7 @@
user:
name: octoprint
comment: Octoprint account
groups: tty,dialout
groups: tty,dialout,video
system: yes
password_lock: yes
home: /home/octoprint

View File

@ -5,57 +5,57 @@
apt:
update_cache: yes
pkg:
- python-pip
- python-dev
- python-setuptools
- python-virtualenv
- python-pillow
- python3-pip
- python3-all-dev
- python3-setuptools
- python3-virtualenv
- git
- libyaml-dev
- build-essential
- acl
- libjpeg8-dev
- libffi-dev
- name: install octoprint software
become: true
become_user: octoprint
shell:
chdir: /home/octoprint
cmd: |
virtualenv --system-site-packages .
source bin/activate
pip install pip --upgrade
pip install octoprint
pip3 install pip --upgrade
pip3 install octoprint
args:
executable: /bin/bash
- name: enable system wide packages
file:
path: /home/octoprint/lib/python2.7/no-global-site-packages.txt
state: absent
- name: Create symbolic link for PIL package
file:
src: /usr/lib/python2.7/dist-packages/PIL
dest: /home/octoprint/lib/python2.7/site-packages/PIL
state: link
- name: Create symbolic link for pillow package
file:
src: /usr/lib/python2.7/dist-packages/Pillow-5.1.0.egg-info
dest: /home/octoprint/lib/python2.7/site-packages/Pillow-5.1.0.egg-info
state: link
- name: install plugins
become_user: octoprint
pip:
virtualenv: /home/octoprint
name:
# Bed Visualizer
- https://github.com/jneilliii/OctoPrint-BedLevelVisualizer/archive/master.zip
- https://github.com/jneilliii/OctoPrint-PrusaSlicerThumbnails/archive/master.zip
- https://github.com/juniorRubyist/OctoPrint-OctoFlat/archive/master.zip
- https://github.com/kanocz/octopi_eta_override/archive/master.zip
- https://github.com/malnvenshorn/OctoPrint-FilamentManager/archive/master.zip
- https://github.com/OllisGit/OctoPrint-DeleteAfterPrint/releases/latest/download/master.zip
# - https://github.com/OllisGit/OctoPrint-PrintJobHistory/releases/latest/download/master.zip
# Cancel Objects
- https://github.com/paukstelis/OctoPrint-Cancelobject/archive/master.zip
- https://github.com/Renaud11232/OctoPrint-Resource-Monitor/archive/master.zip
- https://github.com/agrif/OctoPrint-InfluxDB/archive/master.zip
# Continuous Print
- https://github.com/smartin015/continuousprint/archive/refs/heads/master.zip
# DeleteAfterPrint Plugin
- https://github.com/OllisGit/OctoPrint-DeleteAfterPrint/releases/latest/download/master.zip
# Firmware Updater
- https://github.com/OctoPrint/OctoPrint-FirmwareUpdater/archive/refs/heads/master.zip
# HomeAssistant Discovery
- https://github.com/cmroche/OctoPrint-HomeAssistant/archive/master.zip
# MQTT
- https://github.com/OctoPrint/OctoPrint-MQTT/archive/master.zip
# OctoFlat Theme
- https://github.com/juniorRubyist/OctoPrint-OctoFlat/archive/master.zip
# Octolapse
- https://github.com/FormerLurker/Octolapse/archive/master.zip
# Prusa ETA override Plugin
- https://github.com/kanocz/octopi_eta_override/archive/master.zip
# Prusa MMU
- https://github.com/jukebox42/Octoprint-PrusaMMU/releases/latest/download/Octoprint-PrusaMmu.zip
# Slicer Thumbnails
- https://github.com/jneilliii/OctoPrint-PrusaSlicerThumbnails/archive/master.zip

View File

@ -0,0 +1,21 @@
[agent]
hostname = "router"
interval = "5s"
debug = false
quiet = false
logtarget = "stderr"
[[outputs.prometheus_client]]
listen = ":9273"
[[inputs.cpu]]
percpu = false
report_active = true
[[inputs.system]]
[[inputs.mem]]
[[inputs.net]]
[[inputs.exec]]
command = "sh /usr/lib/telegraf/edgeos.sh --interfaces"
data_format = "influx"
[[inputs.exec]]
command = "sh /usr/lib/telegraf/edgeos.sh --firmware"
data_format = "influx"
interval = "24h"

View File

@ -0,0 +1,31 @@
---
- name: Download telegraf
get_url:
url: https://github.com/x70b1/telegraf-edgeos/releases/download/v{{ telegraf.release }}/telegraf_{{ telegraf.release }}+{{ telegraf.flavour }}_{{ telegraf.arch }}.deb
dest: /tmp/telegraf.deb
- name: Install telegraf
shell:
cmd: dpkg -i /tmp/telegraf.deb
- name: create directory for configuration
file:
path: "/etc/telegraf"
state: directory
mode: 0755
- name: copy configuration
copy:
src: "telegraf.conf"
dest: "/etc/telegraf/telegraf.conf"
- name: start and enable telegraf
systemd:
name: docker
state: started
enabled: true
- name: Remove telegraf.deb file
file:
path: /tmp/telegraf.deb
state: absent

View File

@ -0,0 +1,3 @@
---
- import_tasks: install_telegraf.yml
become: yes

View File

@ -0,0 +1,5 @@
---
telegraf:
release: 1.26.2-1
flavour: prometheus
arch: mipsel

View File

@ -1,4 +1,4 @@
#!/usr/bin/env vbash
#!/usr/bin/env bash
WAN=eth0
HOSTS=(
@ -9,30 +9,38 @@ HOSTS=(
OUTLET_IP=192.168.60.14
PING_TIMEOUT=5
SOFT_WAIT_TIME=30
DHCP_WAIT_TIME=30
SOFT_WAIT_TIME=60
DHCP_WAIT_TIME=60
MODEM_RESET_WAIT_TIME=60
PING="/bin/ping -c 1 -W ${PING_TIMEOUT} -w ${PING_TIMEOUT}"
RESET_MODEM_SCRIPT="/config/scripts/tplink_smartplug.py"
DEBUG=true
DEBUG_FILE=/var/log/cron-monitor.log
DISABLE_SOFT_RESTART=false
if [ 'vyattacfg' != "$(id -ng)" ]; then
exec sg vyattacfg -c "$0 $@"
exit 0
fi
cw=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper
function debug() {
if [[ ${DEBUG} ]]; then
echo $@
echo $@ > ${DEBUG_FILE}
fi
}
function interfaceDown() {
interface=$1
ip link set dev ${interface} down
$cw ip link set dev ${interface} down
}
function interfaceUp() {
interface=$1
ip link set dev ${interface} down
$cw ip link set dev ${interface} up
}
function soft_restart() {
@ -41,10 +49,10 @@ function soft_restart() {
fi
debug "Releasing DHCP IP lease on ${WAN}"
release dhcp interface ${WAN}
$cw release dhcp interface ${WAN}
debug "Disabling ${WAN} interface"
interfaceDown ${WAN}
$cw interfaceDown ${WAN}
debug "Waiting ${SOFT_WAIT_TIME}"
sleep ${SOFT_WAIT_TIME}
@ -53,7 +61,7 @@ function soft_restart() {
interfaceUp ${WAN}
debug "Renewing DHCP IP lease on ${WAN}"
renew dhcp interface ${WAN}
$cw renew dhcp interface ${WAN}
debug "Waiting for ip lease from dhcp (${DHCP_WAIT_TIME}s)"
sleep ${DHCP_WAIT_TIME}
@ -61,7 +69,7 @@ function soft_restart() {
function hard_restart() {
debug "Releasing DHCP IP lease on ${WAN}"
release dhcp interface ${WAN}
$cw release dhcp interface ${WAN}
debug "Disabling ${WAN} interface"
interfaceDown ${WAN}
@ -82,7 +90,7 @@ function hard_restart() {
interfaceUp ${WAN}
debug "Renewing DHCP IP lease on ${WAN}"
renew dhcp interface ${WAN}
$cw renew dhcp interface ${WAN}
}
function ping() {

View File

@ -1 +1,3 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwTqV2idle6AQj179tAuAxZzodtTb2aMJKIEnL+tXfdsKsoc8kfQV3JMtq53hk6jRcH/9+FamCBqP/2s1xT4elKAZ7GWYBMi4HqGr8Qr7I1sK2m9dydrmW+iepmhGNDdKlYkEFc8aM9blbCTEN9RqqJiSomzDAIZQWiV2E/18MIxu3WYKJ561uzILkmB9o7UJbdAgOGbk6+GkBIwGCX5CwlX4Ro8wLv/i55/bg03N1lAbsCeDqaZX7ikiy2hnxAFH/EuY2g2WK4x9yUjhUe1MnCZy5SealSP76b9BHyJVYrxGVyAZOtlnewEXzbJXnyHGQg00hXeT8YtTlMSXaQVih pgrondek@farnsworth
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwTqV2idle6AQj179tAuAxZzodtTb2aMJKIEnL+tXfdsKsoc8kfQV3JMtq53hk6jRcH/9+FamCBqP/2s1xT4elKAZ7GWYBMi4HqGr8Qr7I1sK2m9dydrmW+iepmhGNDdKlYkEFc8aM9blbCTEN9RqqJiSomzDAIZQWiV2E/18MIxu3WYKJ561uzILkmB9o7UJbdAgOGbk6+GkBIwGCX5CwlX4Ro8wLv/i55/bg03N1lAbsCeDqaZX7ikiy2hnxAFH/EuY2g2WK4x9yUjhUe1MnCZy5SealSP76b9BHyJVYrxGVyAZOtlnewEXzbJXnyHGQg00hXeT8YtTlMSXaQVih pgrondek@hulk
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILjWAJ3h6cc+gM3MaAW+1tKCvbM3OkZLDJT+140sB6jH pgrondek@hawkeye

View File

@ -1,8 +1,15 @@
---
- become: yes
block:
- name: check if help in motd exists
stat:
path: /etc/update-motd.d/10-help-text
register: stat_result
- name: disable help in ubuntu
when: ansible_distribution == "Ubuntu"
when:
- ansible_distribution == "Ubuntu"
- stat_result.stat.exists
file:
path: /etc/update-motd.d/10-help-text
mode: '0644'

View File

@ -2,3 +2,7 @@
- import_tasks: cleanup.yml
- import_tasks: timezone.yml
- import_tasks: snap.yml
- import_tasks: packages.yml

View File

@ -0,0 +1,12 @@
---
- name: install needed tools
become: true
apt:
update_cache: yes
pkg:
- bash-completion
- vim
- aptitude
- git
- make
- molly-guard

View File

@ -0,0 +1,19 @@
---
- become: yes
block:
- name: Get the list of services
service_facts:
- name: stop snapd
systemd:
name: snapd
state: stopped
when: "'snapd.service' in services"
- name: uninstall snapd
apt:
update_cache: yes
state: absent
purge: yes
pkg:
- snapd