/
/
/
This repo is destined for my server automations and setup.
1---
2# ============================================================================
3# System Configuration Playbook - Dynamic Host Targeting
4# ============================================================================
5#
6# This playbook configures system settings, installs Docker, and applies
7# security hardening on target servers with dynamic host targeting via variables.
8# Perfect for setting up secure, Docker-ready servers in your homelab.
9#
10# Usage:
11# ansible-playbook system.yml -e target_host=connectivity
12# ansible-playbook system.yml -e target_host=homeassistant
13# ansible-playbook system.yml -e target_host=all
14#
15# ============================================================================
16
17- name: "System Configuration - Dynamic Host Targeting"
18 hosts: "{{ target_host | default('localhost') }}"
19 become: true
20 gather_facts: true
21
22 # Load configuration from group_vars and host_vars
23 # Override with command line variables as needed
24
25 pre_tasks:
26 - name: Validate target_host variable is provided
27 fail:
28 msg: |
29 ERROR: target_host variable is required
30
31 Usage examples:
32 ansible-playbook system.yml -e target_host=192.168.34.64
33 ansible-playbook system.yml -e target_host=connectivity
34 ansible-playbook system.yml -e target_host=homeassistant
35 ansible-playbook system.yml -e target_host=all
36
37 Available hosts in inventory:
38 {{ groups['all'] | join(', ') }}
39 when: target_host is not defined
40 tags: always
41
42 - name: Display deployment information
43 debug:
44 msg: |
45 ============================================================================
46 System Configuration Starting
47 ============================================================================
48 Target Host: {{ inventory_hostname }}
49 Target IP: {{ ansible_default_ipv4.address | default('Unknown') }}
50 OS: {{ ansible_distribution | default('Unknown') }} {{ ansible_distribution_version | default('') }}
51 Architecture: {{ ansible_architecture | default('Unknown') }}
52 Server Type: {{ server_type | default('Unknown') }}
53 Environment: {{ environment | default('homelab') }}
54 ============================================================================
55 tags: always
56
57 - name: Update apt cache
58 apt:
59 update_cache: yes
60 cache_valid_time: 3600
61 when: ansible_os_family == "Debian"
62
63 # ============================================================================
64 # ROLE EXECUTION
65 # ============================================================================
66
67 roles:
68 # System configuration (hostname, packages, sudo, etc.)
69 - role: system
70 tags: [system, base, configuration]
71
72 # Docker installation via geerlingguy.docker
73 - role: geerlingguy.docker
74 tags: [docker, containers]
75 when: docker_users is defined
76
77 # Security hardening via geerlingguy.security
78 - role: geerlingguy.security
79 tags: [security, hardening]
80
81 # ============================================================================
82 # POST-INSTALLATION VALIDATION
83 # ============================================================================
84
85 post_tasks:
86 - name: System validation
87 block:
88 - name: Check hostname
89 command: "hostname"
90 register: hostname_check
91 changed_when: false
92
93 - name: Check Docker installation
94 command: "docker --version"
95 register: docker_check
96 failed_when: false
97 changed_when: false
98 when: docker_users is defined
99
100 - name: Check Docker service status
101 systemd:
102 name: docker
103 register: docker_service
104 when: docker_users is defined
105
106 - name: Check SSH configuration
107 command: "sshd -t"
108 register: ssh_config_check
109 changed_when: false
110
111 - name: Check user in docker group
112 command: "groups {{ user_name | default('deploy') }}"
113 register: user_groups_check
114 changed_when: false
115 when: docker_users is defined
116
117 tags: [validation, system]
118
119 - name: Display configuration summary
120 debug:
121 msg: |
122 ============================================================================
123 System Configuration Complete!
124 ============================================================================
125
126 ð¥ï¸ System Information:
127 Hostname: {{ hostname_check.stdout | default('Unknown') }}
128 Target Host: {{ inventory_hostname }}
129 IP Address: {{ ansible_default_ipv4.address | default('Unknown') }}
130 OS: {{ ansible_distribution | default('Unknown') }} {{ ansible_distribution_version | default('') }}
131 Architecture: {{ ansible_architecture | default('Unknown') }}
132 Server Type: {{ server_type | default('Unknown') }}
133
134 ð³ Docker Configuration:
135 Docker Version: {{ docker_check.stdout | default('Not installed') }}
136 Docker Service: {{ 'Running' if docker_service.status.ActiveState == 'active' else 'Not running' if docker_users is defined else 'Not configured' }}
137 Docker Users: {{ docker_users | join(', ') if docker_users is defined else 'None configured' }}
138 Compose Installed: {{ 'Yes' if docker_install_compose else 'No' }}
139
140 ð Security Configuration:
141 SSH Port: {{ security_ssh_port | default(22) }}
142 Password Auth: {{ security_ssh_password_authentication | default('yes') }}
143 Root Login: {{ security_ssh_permit_root_login | default('yes') }}
144 SSH Config: {{ 'â Valid' if ssh_config_check.rc == 0 else 'â Invalid' }}
145 Auto Updates: {{ 'Enabled' if security_autoupdate_enabled else 'Disabled' }}
146
147 ð¥ User Configuration:
148 Primary User: {{ user_name | default('deploy') }}
149 User Groups: {{ user_groups_check.stdout | default('Unknown') if docker_users is defined else 'Not checked' }}
150 Sudo Access: {{ 'Passwordless' if security_sudoers_passwordless is defined else 'Standard' }}
151
152 ð System Configuration:
153 Timezone: {{ system_timezone | default('UTC') }}
154 Auto Upgrades: {{ 'Enabled' if system_auto_upgrades else 'Disabled' }}
155 Extra Packages: {{ system_extra_packages | join(', ') if system_extra_packages else 'None' }}
156
157 ð§ Validation Results:
158 Hostname Set: {{ 'â Success' if hostname_check.rc == 0 else 'â Failed' }}
159 Docker Installed: {{ 'â Success' if docker_check.rc == 0 else 'â¹ Not configured' if docker_users is defined else 'â¹ Skipped' }}
160 Docker Running: {{ 'â Running' if docker_service.status.ActiveState == 'active' else 'â Not running' if docker_users is defined else 'â¹ Skipped' }}
161 SSH Config Valid: {{ 'â Valid' if ssh_config_check.rc == 0 else 'â Invalid' }}
162 User Groups: {{ 'â Configured' if user_groups_check.rc == 0 else 'â Failed' if docker_users is defined else 'â¹ Skipped' }}
163
164 ð¡ Usage Examples:
165 Docker Commands: docker ps (as {{ user_name | default('deploy') }} or yannick)
166 SSH Access: ssh {{ user_name | default('deploy') }}@{{ ansible_default_ipv4.address | default(inventory_hostname) }}
167 System Status: systemctl status docker
168 Security Check: sudo sshd -t
169
170 ð Next Steps:
171 1. Test SSH access with new security settings
172 2. Verify Docker functionality: docker run hello-world
173 3. Deploy services using docker-compose
174 4. Configure additional users if needed
175 5. Set up monitoring and backups
176
177 â ï¸ Important Notes:
178 - Reboot may be required for some security changes
179 - Docker daemon configured with log rotation
180 - SSH hardening applied - test access before disconnecting
181 - Auto-updates configured for security patches
182
183 ============================================================================
184 tags: always