server_automation

This repo is destined for my server automations and setup.

7.9 KB•YML

generic_setup.yml

7.9 KB • 185 lines • yaml

1---
2# ============================================================================
3# Generic Server Setup Playbook - Combines System and User Configuration
4# ============================================================================
5#
6# This playbook combines system configuration and user management into a single
7# workflow. It installs Docker, applies security hardening, and creates users
8# with proper group memberships in the correct order.
9#
10# Usage:
11#   ansible-playbook generic_setup.yml -e target_host=hifi-node-kitchen
12#   ansible-playbook generic_setup.yml -e target_host=hifi-node-dining
13#   ansible-playbook generic_setup.yml -e target_host=all
14#
15# ============================================================================
16
17- name: "Generic Server Setup - Combined System & User Configuration"
18  hosts: "{{ target_host | default('localhost') }}"
19  become: true
20  gather_facts: true
21  
22  # Load configuration from group_vars and host_vars
23  # Override with command line variables as needed
24
25  pre_tasks:
26    - name: Validate target_host variable is provided
27      fail:
28        msg: |
29          ERROR: target_host variable is required
30          
31          Usage examples:
32            ansible-playbook generic_setup.yml -e target_host=192.168.34.64
33            ansible-playbook generic_setup.yml -e target_host=hifi-node-kitchen
34            ansible-playbook generic_setup.yml -e target_host=hifi-node-dining
35            ansible-playbook generic_setup.yml -e target_host=all
36          
37          Available hosts in inventory:
38          {{ groups['all'] | join(', ') }}
39      when: target_host is not defined
40      tags: always
41
42    - name: Display deployment information
43      debug:
44        msg: |
45          ============================================================================
46          Generic Server Setup Starting
47          ============================================================================
48          Target Host: {{ inventory_hostname }}
49          Target IP: {{ ansible_default_ipv4.address | default('Unknown') }}
50          OS: {{ ansible_distribution | default('Unknown') }} {{ ansible_distribution_version | default('') }}
51          Architecture: {{ ansible_architecture | default('Unknown') }}
52          Server Type: {{ server_type | default('Unknown') }}
53          Environment: {{ environment | default('homelab') }}
54          ============================================================================
55      tags: always
56
57    - name: Update apt cache
58      apt:
59        update_cache: yes
60        cache_valid_time: 3600
61      when: ansible_os_family == "Debian"
62
63  # ============================================================================
64  # SYSTEM CONFIGURATION PHASE
65  # ============================================================================
66  
67  roles:
68    # System configuration (hostname, packages, sudo, etc.)
69    - role: system
70      tags: [system, base, configuration]
71    
72    # Docker installation via geerlingguy.docker
73    - role: geerlingguy.docker
74      tags: [docker, containers]
75    
76    # Security hardening via geerlingguy.security
77    - role: geerlingguy.security  
78      tags: [security, hardening]
79
80  # ============================================================================
81  # USER CONFIGURATION PHASE
82  # ============================================================================
83
84  tasks:
85    - name: Configure user with proper group memberships
86      include_role:
87        name: user
88      vars:
89        my_user_username: yannick
90        my_user_groups: "{{ user_groups | default(['docker', 'sudo']) }}"
91        my_user_ssh_public_key: "{{ user_ssh_keys[0] | default('') if user_ssh_keys is defined and user_ssh_keys|length > 0 else '' }}"
92      tags: [user, setup, configuration]
93
94  # ============================================================================
95  # POST-INSTALLATION VALIDATION
96  # ============================================================================
97
98  post_tasks:
99    - name: System validation
100      block:
101        - name: Check hostname
102          command: "hostname"
103          register: hostname_check
104          changed_when: false
105
106        - name: Check Docker installation
107          command: "docker --version"
108          register: docker_check
109          failed_when: false
110          changed_when: false
111
112        - name: Check Docker service status
113          systemd:
114            name: docker
115          register: docker_service
116
117        - name: Check SSH configuration
118          command: "sshd -t"
119          register: ssh_config_check
120          changed_when: false
121
122        - name: Check user in docker group
123          command: "groups yannick"
124          register: user_groups_check
125          changed_when: false
126
127      tags: [validation, system]
128
129    - name: Display configuration summary
130      debug:
131        msg: |
132          ============================================================================
133          Generic Server Setup Complete!
134          ============================================================================
135          
136          ð¥ï¸  System Information:
137             Hostname: {{ hostname_check.stdout | default('Unknown') }}
138             Target Host: {{ inventory_hostname }}
139             IP Address: {{ ansible_default_ipv4.address | default('Unknown') }}
140             OS: {{ ansible_distribution | default('Unknown') }} {{ ansible_distribution_version | default('') }}
141             Architecture: {{ ansible_architecture | default('Unknown') }}
142             Server Type: {{ server_type | default('Unknown') }}
143          
144          ð³ Docker Configuration:
145             Docker Version: {{ docker_check.stdout | default('Not installed') }}
146             Docker Service: {{ 'Running' if docker_service.status.ActiveState == 'active' else 'Not running' }}
147             Docker Users: yannick
148             Compose Installed: {{ 'Yes' if docker_install_compose else 'No' }}
149          
150          ð Security Configuration:
151             SSH Port: {{ security_ssh_port | default(22) }}
152             Password Auth: {{ security_ssh_password_authentication | default('yes') }}
153             Root Login: {{ security_ssh_permit_root_login | default('yes') }}
154             SSH Config: {{ 'â Valid' if ssh_config_check.rc == 0 else 'â Invalid' }}
155             Auto Updates: {{ 'Enabled' if security_autoupdate_enabled else 'Disabled' }}
156          
157          ð¥ User Configuration:
158             Primary User: yannick
159             User Groups: {{ user_groups_check.stdout | default('Unknown') }}
160             Sudo Access: {{ 'Passwordless' if security_sudoers_passwordless is defined else 'Standard' }}
161          
162          ð System Configuration:
163             Timezone: {{ system_timezone | default('UTC') }}
164             Auto Upgrades: {{ 'Enabled' if system_auto_upgrades else 'Disabled' }}
165             Extra Packages: {{ system_extra_packages | join(', ') if system_extra_packages else 'None' }}
166          
167          ð§ Validation Results:
168             Hostname Set: {{ 'â Success' if hostname_check.rc == 0 else 'â Failed' }}
169             Docker Installed: {{ 'â Success' if docker_check.rc == 0 else 'â Failed' }}
170             Docker Running: {{ 'â Running' if docker_service.status.ActiveState == 'active' else 'â Not running' }}
171             SSH Config Valid: {{ 'â Valid' if ssh_config_check.rc == 0 else 'â Invalid' }}
172             User Groups: {{ 'â Configured' if user_groups_check.rc == 0 else 'â Failed' }}
173          
174          ð¡ Usage Examples:
175             SSH Login: ssh yannick@{{ ansible_default_ipv4.address | default(inventory_hostname) }}
176             Docker Commands: docker ps
177             System Status: systemctl status docker
178          
179          ð Next Steps:
180             1. Test SSH access with your private key
181             2. Verify Docker functionality: docker run hello-world
182             3. Deploy additional services as needed
183          
184          ============================================================================
185      tags: always

1--- 2# ============================================================================ 3# Generic Server Setup Playbook - Combines System and User Configuration 4# ============================================================================ 5# 6# This playbook combines system configuration and user management into a single 7# workflow. It installs Docker, applies security hardening, and creates users 8# with proper group memberships in the correct order. 9# 10# Usage: 11# ansible-playbook generic_setup.yml -e target_host=hifi-node-kitchen 12# ansible-playbook generic_setup.yml -e target_host=hifi-node-dining 13# ansible-playbook generic_setup.yml -e target_host=all 14# 15# ============================================================================ 16 17- name: "Generic Server Setup - Combined System & User Configuration" 18 hosts: "{{ target_host | default('localhost') }}" 19 become: true 20 gather_facts: true 21 22 # Load configuration from group_vars and host_vars 23 # Override with command line variables as needed 24 25 pre_tasks: 26 - name: Validate target_host variable is provided 27 fail: 28 msg: | 29 ERROR: target_host variable is required 30 31 Usage examples: 32 ansible-playbook generic_setup.yml -e target_host=192.168.34.64 33 ansible-playbook generic_setup.yml -e target_host=hifi-node-kitchen 34 ansible-playbook generic_setup.yml -e target_host=hifi-node-dining 35 ansible-playbook generic_setup.yml -e target_host=all 36 37 Available hosts in inventory: 38 {{ groups['all'] | join(', ') }} 39 when: target_host is not defined 40 tags: always 41 42 - name: Display deployment information 43 debug: 44 msg: | 45 ============================================================================ 46 Generic Server Setup Starting 47 ============================================================================ 48 Target Host: {{ inventory_hostname }} 49 Target IP: {{ ansible_default_ipv4.address | default('Unknown') }} 50 OS: {{ ansible_distribution | default('Unknown') }} {{ ansible_distribution_version | default('') }} 51 Architecture: {{ ansible_architecture | default('Unknown') }} 52 Server Type: {{ server_type | default('Unknown') }} 53 Environment: {{ environment | default('homelab') }} 54 ============================================================================ 55 tags: always 56 57 - name: Update apt cache 58 apt: 59 update_cache: yes 60 cache_valid_time: 3600 61 when: ansible_os_family == "Debian" 62 63 # ============================================================================ 64 # SYSTEM CONFIGURATION PHASE 65 # ============================================================================ 66 67 roles: 68 # System configuration (hostname, packages, sudo, etc.) 69 - role: system 70 tags: [system, base, configuration] 71 72 # Docker installation via geerlingguy.docker 73 - role: geerlingguy.docker 74 tags: [docker, containers] 75 76 # Security hardening via geerlingguy.security 77 - role: geerlingguy.security 78 tags: [security, hardening] 79 80 # ============================================================================ 81 # USER CONFIGURATION PHASE 82 # ============================================================================ 83 84 tasks: 85 - name: Configure user with proper group memberships 86 include_role: 87 name: user 88 vars: 89 my_user_username: yannick 90 my_user_groups: "{{ user_groups | default(['docker', 'sudo']) }}" 91 my_user_ssh_public_key: "{{ user_ssh_keys[0] | default('') if user_ssh_keys is defined and user_ssh_keys|length > 0 else '' }}" 92 tags: [user, setup, configuration] 93 94 # ============================================================================ 95 # POST-INSTALLATION VALIDATION 96 # ============================================================================ 97 98 post_tasks: 99 - name: System validation 100 block: 101 - name: Check hostname 102 command: "hostname" 103 register: hostname_check 104 changed_when: false 105 106 - name: Check Docker installation 107 command: "docker --version" 108 register: docker_check 109 failed_when: false 110 changed_when: false 111 112 - name: Check Docker service status 113 systemd: 114 name: docker 115 register: docker_service 116 117 - name: Check SSH configuration 118 command: "sshd -t" 119 register: ssh_config_check 120 changed_when: false 121 122 - name: Check user in docker group 123 command: "groups yannick" 124 register: user_groups_check 125 changed_when: false 126 127 tags: [validation, system] 128 129 - name: Display configuration summary 130 debug: 131 msg: | 132 ============================================================================ 133 Generic Server Setup Complete! 134 ============================================================================ 135 136 ð¥ï¸ System Information: 137 Hostname: {{ hostname_check.stdout | default('Unknown') }} 138 Target Host: {{ inventory_hostname }} 139 IP Address: {{ ansible_default_ipv4.address | default('Unknown') }} 140 OS: {{ ansible_distribution | default('Unknown') }} {{ ansible_distribution_version | default('') }} 141 Architecture: {{ ansible_architecture | default('Unknown') }} 142 Server Type: {{ server_type | default('Unknown') }} 143 144 ð³ Docker Configuration: 145 Docker Version: {{ docker_check.stdout | default('Not installed') }} 146 Docker Service: {{ 'Running' if docker_service.status.ActiveState == 'active' else 'Not running' }} 147 Docker Users: yannick 148 Compose Installed: {{ 'Yes' if docker_install_compose else 'No' }} 149 150 ð Security Configuration: 151 SSH Port: {{ security_ssh_port | default(22) }} 152 Password Auth: {{ security_ssh_password_authentication | default('yes') }} 153 Root Login: {{ security_ssh_permit_root_login | default('yes') }} 154 SSH Config: {{ 'â Valid' if ssh_config_check.rc == 0 else 'â Invalid' }} 155 Auto Updates: {{ 'Enabled' if security_autoupdate_enabled else 'Disabled' }} 156 157 ð¥ User Configuration: 158 Primary User: yannick 159 User Groups: {{ user_groups_check.stdout | default('Unknown') }} 160 Sudo Access: {{ 'Passwordless' if security_sudoers_passwordless is defined else 'Standard' }} 161 162 ð System Configuration: 163 Timezone: {{ system_timezone | default('UTC') }} 164 Auto Upgrades: {{ 'Enabled' if system_auto_upgrades else 'Disabled' }} 165 Extra Packages: {{ system_extra_packages | join(', ') if system_extra_packages else 'None' }} 166 167 ð§ Validation Results: 168 Hostname Set: {{ 'â Success' if hostname_check.rc == 0 else 'â Failed' }} 169 Docker Installed: {{ 'â Success' if docker_check.rc == 0 else 'â Failed' }} 170 Docker Running: {{ 'â Running' if docker_service.status.ActiveState == 'active' else 'â Not running' }} 171 SSH Config Valid: {{ 'â Valid' if ssh_config_check.rc == 0 else 'â Invalid' }} 172 User Groups: {{ 'â Configured' if user_groups_check.rc == 0 else 'â Failed' }} 173 174 ð¡ Usage Examples: 175 SSH Login: ssh yannick@{{ ansible_default_ipv4.address | default(inventory_hostname) }} 176 Docker Commands: docker ps 177 System Status: systemctl status docker 178 179 ð Next Steps: 180 1. Test SSH access with your private key 181 2. Verify Docker functionality: docker run hello-world 182 3. Deploy additional services as needed 183 184 ============================================================================ 185 tags: always