This repository has been archived on 2023-12-26. You can view files and clone it, but cannot push or open issues or pull requests.
hypervisors/configure/atlas.yml

117 lines
2.6 KiB
YAML
Raw Normal View History

2023-03-14 20:49:24 +00:00
---
- name: Setup Atlas
hosts: atlas
handlers:
- name: restart postgres
systemd:
name: postgresql
state: restarted
- name: enable interfaces
command:
cmd: ifup -a
- name: restart sshd
systemd:
name: sshd
state: restarted
2023-03-14 20:49:24 +00:00
tasks:
- name: Update
apt:
autoremove: true
upgrade: yes
state: latest
update_cache: yes
cache_valid_time: 86400
- name: Install packages
apt:
pkg:
- qemu-kvm
- libvirt-daemon-system
- postgresql
- python3-psycopg2
- sudo
- bridge-utils
- name: Start libvirtd
systemd:
name: libvirtd
enabled: true
state: started
- name: Add root to libvirt group
user:
name: root
groups: libvirt
append: yes
- name: Disable apparmor
systemd:
name: apparmor
enabled: false
state: stopped
- name: Create terraform database
postgresql_db:
name: terraform_state
owner: terraform
become: true
become_user: postgres
- name: Create database user
postgresql_user:
name: terraform
become: true
become_user: postgres
- name: Grant database user access to database
postgresql_privs:
type: database
database: terraform_state
roles: terraform
grant_option: no
privs: all
become: true
become_user: postgres
notify: restart postgres
- name: Allow remote access to database for user
postgresql_pg_hba:
dest: /etc/postgresql/15/main/pg_hba.conf
contype: host
databases: all
method: trust
users: terraform
2023-04-06 20:01:42 +00:00
address: "10.42.0.0/24"
2023-03-14 20:49:24 +00:00
create: true
become: true
become_user: postgres
notify: restart postgres
- name: Open postgres port
ini_file:
path: /etc/postgresql/15/main/postgresql.conf
section: null
option: listen_addresses
value: "'*'"
notify: restart postgres
- name: Copy interfaces configuration
copy:
src: dmz.conf
dest: /etc/network/interfaces.d/dmz.conf
notify: enable interfaces
- name: Add backup user
user:
name: lewis
create_home: false
password: '!'
shell: /sbin/nologin
system: true
- name: Add backup user principals file
copy:
dest: "/etc/ssh/lewis_principals"
content: "backup"
- name: Install user CA
copy:
dest: "/etc/ssh/user_ca_key.pub"
content: "{{ user_ca }}"
- name: Copy ssh config for backup user
copy:
src: "sshd.conf"
dest: "/etc/ssh/sshd_config.d/custom.conf"
notify: restart sshd
2023-04-06 20:01:42 +00:00
roles:
- githubixx.ansible_role_wireguard