hypervisors/atlas.yml

---
- name: Setup Atlas
  hosts: atlas

  handlers:
  - name: restart postgres
    systemd:
      name: postgresql
      state: restarted
  - name: enable interfaces
    command:
      cmd: ifup -a

  tasks:
  - name: Update
    apt:
      autoremove: true
      upgrade: yes
      state: latest
      update_cache: yes
      cache_valid_time: 86400
  - name: Install packages
    apt:
      pkg:
        - qemu-kvm
        - libvirt-daemon-system
        - postgresql
        - python3-psycopg2
        - sudo
        - bridge-utils
  - name: Start libvirtd
    systemd:
      name: libvirtd
      enabled: true
      state: started
  - name: Add root to libvirt group
    user:
      name: root
      groups: libvirt
      append: yes
  - name: Disable apparmor
    systemd:
      name: apparmor
      enabled: false
      state: stopped
  - name: Create terraform database
    postgresql_db:
      name: terraform_state
      owner: terraform
    become: true
    become_user: postgres
  - name: Create database user
    postgresql_user:
      name: terraform
    become: true
    become_user: postgres
  - name: Grant database user access to database
    postgresql_privs:
      type: database
      database: terraform_state
      roles: terraform
      grant_option: no
      privs: all
    become: true
    become_user: postgres
    notify: restart postgres
  # - name: Test
  #   postgresql_privs:
  #     database: terraform_state
  #     type: table
  #     schema: public
  #     roles: terraform
  #     grant_option: no
  #     privs: all
  #     objs: all
  #   become: true
  #   become_user: postgres
  #   notify: restart postgres
  - name: Allow remote access to database for user
    postgresql_pg_hba:
      dest: /etc/postgresql/15/main/pg_hba.conf
      contype: host
      databases: all
      method: trust
      users: terraform
      address: 192.168.0.0/16
      create: true
    become: true
    become_user: postgres
    notify: restart postgres
  - name: Open postgres port
    ini_file:
      path: /etc/postgresql/15/main/postgresql.conf
      section: null
      option: listen_addresses
      value: "'*'"
    notify: restart postgres
  - name: Copy interfaces configuration
    copy:
      src: dmz.conf
      dest: /etc/network/interfaces.d/dmz.conf
    notify: enable interfaces
init 2023-03-14 20:49:24 +00:00			`---`
			`- name: Setup Atlas`
			`hosts: atlas`

			`handlers:`
			`- name: restart postgres`
			`systemd:`
			`name: postgresql`
			`state: restarted`
			`- name: enable interfaces`
			`command:`
			`cmd: ifup -a`

			`tasks:`
			`- name: Update`
			`apt:`
			`autoremove: true`
			`upgrade: yes`
			`state: latest`
			`update_cache: yes`
			`cache_valid_time: 86400`
			`- name: Install packages`
			`apt:`
			`pkg:`
			`- qemu-kvm`
			`- libvirt-daemon-system`
			`- postgresql`
			`- python3-psycopg2`
			`- sudo`
			`- bridge-utils`
			`- name: Start libvirtd`
			`systemd:`
			`name: libvirtd`
			`enabled: true`
			`state: started`
			`- name: Add root to libvirt group`
			`user:`
			`name: root`
			`groups: libvirt`
			`append: yes`
			`- name: Disable apparmor`
			`systemd:`
			`name: apparmor`
			`enabled: false`
			`state: stopped`
			`- name: Create terraform database`
			`postgresql_db:`
			`name: terraform_state`
			`owner: terraform`
			`become: true`
			`become_user: postgres`
			`- name: Create database user`
			`postgresql_user:`
			`name: terraform`
			`become: true`
			`become_user: postgres`
			`- name: Grant database user access to database`
			`postgresql_privs:`
			`type: database`
			`database: terraform_state`
			`roles: terraform`
			`grant_option: no`
			`privs: all`
			`become: true`
			`become_user: postgres`
			`notify: restart postgres`
			`# - name: Test`
			`# postgresql_privs:`
			`# database: terraform_state`
			`# type: table`
			`# schema: public`
			`# roles: terraform`
			`# grant_option: no`
			`# privs: all`
			`# objs: all`
			`# become: true`
			`# become_user: postgres`
			`# notify: restart postgres`
			`- name: Allow remote access to database for user`
			`postgresql_pg_hba:`
			`dest: /etc/postgresql/15/main/pg_hba.conf`
			`contype: host`
			`databases: all`
			`method: trust`
			`users: terraform`
			`address: 192.168.0.0/16`
			`create: true`
			`become: true`
			`become_user: postgres`
			`notify: restart postgres`
			`- name: Open postgres port`
			`ini_file:`
			`path: /etc/postgresql/15/main/postgresql.conf`
			`section: null`
			`option: listen_addresses`
			`value: "'*'"`
			`notify: restart postgres`
			`- name: Copy interfaces configuration`
			`copy:`
			`src: dmz.conf`
			`dest: /etc/network/interfaces.d/dmz.conf`
			`notify: enable interfaces`