ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Refactor dev-playbook.yml to use role tags for improved task organization. Update README.md to include prerequisites and examples for selective execution with tags. Enhance applications role to check for existing installations and manage Brave browser setup. Modify base role to streamline UFW handling and add mailutils. Update docker role to include checks for existing installations and improve repository management. Add reboot check in maintenance tasks to ensure system changes are applied correctly.

Browse Source
This commit is contained in:
ilia 2025-08-28 14:06:22 -04:00
parent 8b403e3aa5
commit e3d93ca4c8
10 changed files with 188 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
README.md
View File

@ -28,6 +28,12 @@ This Ansible playbook automates the setup of development environments across mul
## 🚀 Usage ## 🚀 Usage
### Prerequisites
```bash
# Install required collections
ansible-galaxy collection install -r collections/requirements.yml
```
### Basic Setup ### Basic Setup
```bash ```bash
# Run on all development machines # Run on all development machines
@ -40,6 +46,21 @@ ansible-playbook dev-playbook.yml --limit devVM
ansible-playbook dev-playbook.yml --limit bottom ansible-playbook dev-playbook.yml --limit bottom
``` ```
### Selective Execution with Tags
```bash
# Security-related roles only
ansible-playbook dev-playbook.yml --tags security
# Development tools only
ansible-playbook dev-playbook.yml --tags development,docker
# Applications only
ansible-playbook dev-playbook.yml --tags apps
# Skip maintenance
ansible-playbook dev-playbook.yml --skip-tags maintenance
```
### Skip Reboots ### Skip Reboots
Add `skip_reboot=true` to host variables: Add `skip_reboot=true` to host variables:
```ini ```ini

6
collections/requirements.yml Normal file
View File

@ -0,0 +1,6 @@
---
collections:
- name: community.general
version: ">=6.0.0"
- name: ansible.posix
version: ">=1.4.0"

19
dev-playbook.yml
View File

@ -2,21 +2,20 @@
become: true become: true
roles: roles:
- maintenance - { role: maintenance, tags: ['maintenance'] }
- base - { role: base, tags: ['base', 'security'] }
- development - { role: user, tags: ['user'] }
- shell - { role: ssh, tags: ['ssh', 'security'] }
- docker - { role: shell, tags: ['shell'] }
- ssh - { role: development, tags: ['development', 'dev'] }
- user - { role: docker, tags: ['docker'] }
- applications - { role: applications, tags: ['applications', 'apps'] }
- snap - { role: snap, tags: ['snap', 'apps'] }
pre_tasks: pre_tasks:
- name: Update apt cache - name: Update apt cache
apt: apt:
update_cache: yes update_cache: yes
run_once: true
tasks: tasks:
# Additional tasks can be added here if needed # Additional tasks can be added here if needed

53
roles/applications/tasks/main.yml
View File

@ -1,4 +1,14 @@
--- ---
- name: Check if desktop applications are installed
apt:
list: "{{ item }}"
register: app_check
loop:
- redshift
- libreoffice
- evince
changed_when: false
- name: Install desktop applications - name: Install desktop applications
apt: apt:
name: name:
@ -6,20 +16,63 @@
- libreoffice - libreoffice
- evince - evince
state: present state: present
when:
- app_check.results[0].installed is not defined or
- app_check.results[1].installed is not defined or
- app_check.results[2].installed is not defined
- name: Check if Brave is already installed
command: brave-browser --version
register: brave_check
ignore_errors: true
changed_when: false
- name: Check if Brave package is installed via apt
apt:
list: brave-browser
register: brave_apt_check
changed_when: false
- name: Remove old Brave repository files
file:
path: "{{ item }}"
state: absent
loop:
- /etc/apt/sources.list.d/brave-browser.list
- /etc/apt/sources.list.d/brave-browser-release.sources
when: brave_check.rc != 0 or brave_apt_check.results[0].installed is not defined
- name: Download Brave APT key - name: Download Brave APT key
get_url: get_url:
url: https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg url: https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
dest: /usr/share/keyrings/brave-browser-archive-keyring.gpg dest: /usr/share/keyrings/brave-browser-archive-keyring.gpg
mode: '0644' mode: '0644'
when: brave_check.rc != 0 or brave_apt_check.results[0].installed is not defined
- name: Add Brave repo (all Debian family) - name: Add Brave repo (all Debian family)
apt_repository: apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" repo: "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"
filename: brave-browser filename: brave-browser
state: present state: present
when: brave_check.rc != 0 or brave_apt_check.results[0].installed is not defined
- name: Update apt cache after Brave repo add
apt:
update_cache: yes
when: brave_check.rc != 0 or brave_apt_check.results[0].installed is not defined
- name: Install Brave browser - name: Install Brave browser
apt: apt:
name: brave-browser name: brave-browser
state: present state: present
when: brave_check.rc != 0 or brave_apt_check.results[0].installed is not defined
- name: Display application status
debug:
msg:
- "Redshift installed: {{ 'Yes' if app_check.results[0].installed is defined else 'No' }}"
- "LibreOffice installed: {{ 'Yes' if app_check.results[1].installed is defined else 'No' }}"
- "Evince installed: {{ 'Yes' if app_check.results[2].installed is defined else 'No' }}"
- "Brave already installed: {{ brave_check.stdout if brave_check.rc == 0 else 'Not found' }}"
- "Brave package installed: {{ 'Yes' if brave_apt_check.results[0].installed is defined else 'No' }}"
- "Actions taken: {{ 'None - All apps already present' if app_check.results[0].installed is defined and app_check.results[1].installed is defined and app_check.results[2].installed is defined and brave_check.rc == 0 and brave_apt_check.results[0].installed is defined else 'Some applications installed/updated' }}"

3
roles/base/handlers/main.yml
View File

@ -7,5 +7,4 @@
state: restarted state: restarted
- name: reload ufw - name: reload ufw
ufw: command: ufw reload
state: reloaded

6
roles/base/tasks/main.yml
View File

@ -16,6 +16,7 @@
- net-tools - net-tools
- ufw - ufw
- fail2ban - fail2ban
- mailutils
state: present state: present
- name: Install monitoring tools - name: Install monitoring tools
@ -33,10 +34,7 @@
mode: '0644' mode: '0644'
notify: restart fail2ban notify: restart fail2ban
- name: Enable UFW # UFW enablement moved to ssh role to avoid lockout
ufw:
state: enabled
policy: deny
- name: Set timezone - name: Set timezone
timezone: timezone:

84
roles/docker/tasks/main.yml
View File

@ -1,4 +1,24 @@
--- ---
- name: Debug distribution information
debug:
msg:
- "Distribution: {{ ansible_facts['distribution'] }}"
- "Distribution Release: {{ ansible_facts['distribution_release'] }}"
- "Distribution Version: {{ ansible_facts['distribution_version'] }}"
- "OS Family: {{ ansible_facts['os_family'] }}"
- name: Check if Docker is already installed
command: docker --version
register: docker_check
ignore_errors: true
changed_when: false
- name: Check if Docker packages are installed via apt
apt:
list: docker-ce
register: docker_apt_check
changed_when: false
- name: Install Docker requirements - name: Install Docker requirements
apt: apt:
name: name:
@ -10,15 +30,57 @@
state: present state: present
update_cache: yes update_cache: yes
- name: Add Docker's official GPG key - name: Remove old Docker repository files
apt_key: file:
url: https://download.docker.com/linux/ubuntu/gpg path: "{{ item }}"
state: present state: absent
loop:
- /etc/apt/sources.list.d/docker.list
- /etc/apt/sources.list.d/docker-ce.list
when: docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Add Docker repository - name: Create keyrings directory
file:
path: /etc/apt/keyrings
state: directory
mode: '0755'
when: docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Download Docker's official GPG key
get_url:
url: https://download.docker.com/linux/ubuntu/gpg
dest: /etc/apt/keyrings/docker.gpg
mode: '0644'
when: docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Add Docker repository for Ubuntu
apt_repository: apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present state: present
when:
- ansible_facts['distribution'] == "Ubuntu"
- docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Add Docker repository for Debian
apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
state: present
when:
- ansible_facts['distribution'] == "Debian"
- docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Add Docker repository for Linux Mint
apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
state: present
when:
- ansible_facts['distribution'] == "Linux Mint"
- docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Update apt cache after Docker repo add
apt:
update_cache: yes
when: docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Install Docker CE - name: Install Docker CE
apt: apt:
@ -30,16 +92,26 @@
- docker-compose-plugin - docker-compose-plugin
state: present state: present
update_cache: yes update_cache: yes
when: docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Start and enable Docker service - name: Start and enable Docker service
systemd: systemd:
name: docker name: docker
state: started state: started
enabled: yes enabled: yes
when: docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Add user to docker group - name: Add user to docker group
user: user:
name: "{{ ansible_user }}" name: "{{ ansible_user }}"
groups: docker groups: docker
append: yes append: yes
when: docker_check.rc != 0 or docker_apt_check.results[0].installed is not defined
- name: Display Docker status
debug:
msg:
- "Docker already installed: {{ docker_check.stdout if docker_check.rc == 0 else 'Not found' }}"
- "Docker CE package installed: {{ 'Yes' if docker_apt_check.results[0].installed is defined else 'No' }}"
- "Actions taken: {{ 'None - Docker already present' if docker_check.rc == 0 and docker_apt_check.results[0].installed is defined else 'Docker installation/configuration performed' }}"

10
roles/maintenance/tasks/main.yml
View File

@ -15,9 +15,15 @@
apt: apt:
autoclean: yes autoclean: yes
- name: Reboot if tasks changed things - name: Check if reboot is required
stat:
path: /var/run/reboot-required
register: reboot_required
- name: Reboot if required
reboot: reboot:
msg: "Reboot triggered by Ansible after system changes." msg: "Reboot triggered by Ansible after system changes."
when: when:
- ansible_facts['pkg_mgr'] == "apt" - ansible_facts['pkg_mgr'] == "apt"
- skip_reboot is not defined or skip_reboot != "true" - reboot_required.stat.exists
- skip_reboot | default(false) | bool == false

5
roles/ssh/handlers/main.yml
View File

@ -1,2 +1,5 @@
--- ---
# handlers file for ssh - name: restart ssh
systemd:
name: ssh
state: restarted

5
roles/ssh/tasks/main.yml
View File

@ -9,3 +9,8 @@
rule: allow rule: allow
name: OpenSSH name: OpenSSH
- name: Enable UFW with deny default policy
ufw:
state: enabled
policy: deny