server_automation

1---
2# ============================================================================
3# System Configuration Playbook - Dynamic Host Targeting
4# ============================================================================
5#
6# This playbook configures system settings, installs Docker, and applies 
7# security hardening on target servers with dynamic host targeting via variables.
8# Perfect for setting up secure, Docker-ready servers in your homelab.
9#
10# Usage:
11#   ansible-playbook system.yml -e target_host=connectivity
12#   ansible-playbook system.yml -e target_host=homeassistant
13#   ansible-playbook system.yml -e target_host=all
14#
15# ============================================================================
16
17- name: "System Configuration - Dynamic Host Targeting"
18  hosts: "{{ target_host | default('localhost') }}"
19  become: true
20  gather_facts: true
21  
22  # Load configuration from group_vars and host_vars
23  # Override with command line variables as needed
24
25  pre_tasks:
26    - name: Validate target_host variable is provided
27      fail:
28        msg: |
29          ERROR: target_host variable is required
30          
31          Usage examples:
32            ansible-playbook system.yml -e target_host=192.168.34.64
33            ansible-playbook system.yml -e target_host=connectivity
34            ansible-playbook system.yml -e target_host=homeassistant
35            ansible-playbook system.yml -e target_host=all
36          
37          Available hosts in inventory:
38          {{ groups['all'] | join(', ') }}
39      when: target_host is not defined
40      tags: always
41
42    - name: Display deployment information
43      debug:
44        msg: |
45          ============================================================================
46          System Configuration Starting
47          ============================================================================
48          Target Host: {{ inventory_hostname }}
49          Target IP: {{ ansible_default_ipv4.address | default('Unknown') }}
50          OS: {{ ansible_distribution | default('Unknown') }} {{ ansible_distribution_version | default('') }}
51          Architecture: {{ ansible_architecture | default('Unknown') }}
52          Server Type: {{ server_type | default('Unknown') }}
53          Environment: {{ environment | default('homelab') }}
54          ============================================================================
55      tags: always
56
57    - name: Update apt cache
58      apt:
59        update_cache: yes
60        cache_valid_time: 3600
61      when: ansible_os_family == "Debian"
62
63  # ============================================================================
64  # ROLE EXECUTION
65  # ============================================================================
66  
67  roles:
68    # System configuration (hostname, packages, sudo, etc.)
69    - role: system
70      tags: [system, base, configuration]
71    
72    # Docker installation via geerlingguy.docker
73    - role: geerlingguy.docker
74      tags: [docker, containers]
75    
76    # Security hardening via geerlingguy.security
77    - role: geerlingguy.security  
78      tags: [security, hardening]
79
80  # ============================================================================
81  # POST-INSTALLATION VALIDATION
82  # ============================================================================
83
84  post_tasks:
85    - name: System validation
86      block:
87        - name: Check hostname
88          command: "hostname"
89          register: hostname_check
90          changed_when: false
91
92        - name: Check Docker installation
93          command: "docker --version"
94          register: docker_check
95          failed_when: false
96          changed_when: false
97          when: docker_users is defined
98
99        - name: Check Docker service status
100          systemd:
101            name: docker
102          register: docker_service
103          when: docker_users is defined
104
105        - name: Check SSH configuration
106          command: "sshd -t"
107          register: ssh_config_check
108          changed_when: false
109
110
111      tags: [validation, system]
112
113    - name: Display configuration summary
114      debug:
115        msg: |
116          ============================================================================
117          System Configuration Complete!
118          ============================================================================
119          
120          🖥️  System Information:
121             Hostname: {{ hostname_check.stdout | default('Unknown') }}
122             Target Host: {{ inventory_hostname }}
123             IP Address: {{ ansible_default_ipv4.address | default('Unknown') }}
124             OS: {{ ansible_distribution | default('Unknown') }} {{ ansible_distribution_version | default('') }}
125             Architecture: {{ ansible_architecture | default('Unknown') }}
126             Server Type: {{ server_type | default('Unknown') }}
127          
128          🐳 Docker Configuration:
129             Docker Version: {{ docker_check.stdout | default('Not installed') }}
130             Docker Service: {{ 'Running' if docker_service.status.ActiveState == 'active' else 'Not running' }}
131             Compose Installed: {{ 'Yes' if docker_install_compose else 'No' }}
132          
133          🔐 Security Configuration:
134             SSH Port: {{ security_ssh_port | default(22) }}
135             Password Auth: {{ security_ssh_password_authentication | default('yes') }}
136             Root Login: {{ security_ssh_permit_root_login | default('yes') }}
137             SSH Config: {{ '✓ Valid' if ssh_config_check.rc == 0 else '✗ Invalid' }}
138             Auto Updates: {{ 'Enabled' if security_autoupdate_enabled else 'Disabled' }}
139          
140          👥 User Configuration:
141             Primary User: {{ user_name | default('deploy') }}
142             Sudo Access: {{ 'Passwordless' if security_sudoers_passwordless is defined else 'Standard' }}
143          
144          📋 System Configuration:
145             Timezone: {{ system_timezone | default('UTC') }}
146             Auto Upgrades: {{ 'Enabled' if system_auto_upgrades else 'Disabled' }}
147             Extra Packages: {{ system_extra_packages | join(', ') if system_extra_packages else 'None' }}
148          
149          🔧 Validation Results:
150             Hostname Set: {{ '✓ Success' if hostname_check.rc == 0 else '✗ Failed' }}
151             Docker Installed: {{ '✓ Success' if docker_check.rc == 0 else '✗ Failed' }}
152             Docker Running: {{ '✓ Running' if docker_service.status.ActiveState == 'active' else '✗ Not running' }}
153             SSH Config Valid: {{ '✓ Valid' if ssh_config_check.rc == 0 else '✗ Invalid' }}
154          
155          💡 Usage Examples:
156             Docker Commands: docker ps (as {{ user_name | default('deploy') }} or yannick)
157             SSH Access: ssh {{ user_name | default('deploy') }}@{{ ansible_default_ipv4.address | default(inventory_hostname) }}
158             System Status: systemctl status docker
159             Security Check: sudo sshd -t
160          
161          📚 Next Steps:
162             1. Test SSH access with new security settings
163             2. Verify Docker functionality: docker run hello-world
164             3. Deploy services using docker-compose
165             4. Configure additional users if needed
166             5. Set up monitoring and backups
167          
168          ⚠️  Important Notes:
169             - Reboot may be required for some security changes
170             - Docker daemon configured with log rotation
171             - SSH hardening applied - test access before disconnecting
172             - Auto-updates configured for security patches
173          
174          ============================================================================
175      tags: always