127 lines
3.1 KiB
YAML
Executable File
127 lines
3.1 KiB
YAML
Executable File
---
|
|
|
|
- name: set localtime (only needed for gitea and frigate)
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: /usr/share/zoneinfo/Europe/London
|
|
dest: /etc/localtime
|
|
state: link
|
|
|
|
- name: set timezone (only neede for gitea)
|
|
become: true
|
|
ansible.builtin.shell:
|
|
cmd: echo "Europe/London" | tee /etc/timezone && dpkg-reconfigure -f noninteractive tzdata
|
|
changed_when: false
|
|
|
|
|
|
- name: Update apt and install required programs
|
|
become: true
|
|
ansible.builtin.apt:
|
|
pkg:
|
|
- gpg
|
|
- ansible
|
|
- cron
|
|
- curl
|
|
- git
|
|
- tmux
|
|
- podman
|
|
- neovim
|
|
- nfs-common
|
|
- fzf
|
|
- rsync
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: create mount directories
|
|
become: true
|
|
block:
|
|
- name: create /mnt/share
|
|
ansible.builtin.file:
|
|
path: /mnt/share
|
|
state: directory
|
|
- name: create /mnt/media
|
|
ansible.builtin.file:
|
|
path: /mnt/media
|
|
state: directory
|
|
|
|
- name: mount shares
|
|
become: true
|
|
block:
|
|
- name: mount data
|
|
ansible.posix.mount:
|
|
path: /mnt/share
|
|
src: "{{ truenas_ip }}:/mnt/pool/data"
|
|
fstype: nfs4
|
|
opts: defaults,auto,rw
|
|
state: mounted
|
|
- name: mount media
|
|
ansible.posix.mount:
|
|
path: /mnt/media
|
|
src: "{{ truenas_ip }}:/mnt/pool/media"
|
|
fstype: nfs4
|
|
opts: defaults,auto,rw
|
|
state: mounted
|
|
|
|
- name: setup backup
|
|
become: true
|
|
ansible.builtin.cron:
|
|
minute: "0"
|
|
hour: "4"
|
|
name: "backup"
|
|
user: "root"
|
|
job: "/bin/bash '/mnt/share/services/scripts/backup.sh'"
|
|
cron_file: backup
|
|
|
|
- name: check for podman folder
|
|
ansible.builtin.file:
|
|
path: /home/admin/podman
|
|
state: directory
|
|
# - name: initialize podman-compose
|
|
# become: true
|
|
# ignore_errors: true
|
|
# ansible.posix.synchronize:
|
|
# src: /mnt/share/DUNNO
|
|
# dest: /home/admin
|
|
# checksum: true
|
|
|
|
- name: change podman to overlayfs (system might need to be reset after this)
|
|
block:
|
|
- name: create directory if doesn't exist
|
|
ansible.builtin.file:
|
|
state: directory
|
|
path: /home/admin/.config/containers/
|
|
- name: create file if doesn't exist
|
|
ansible.builtin.file:
|
|
state: touch
|
|
path: /home/admin/.config/containers/storage.conf
|
|
- name: storage
|
|
ansible.builtin.lineinfile:
|
|
path: /home/admin/.config/containers/storage.conf
|
|
search_string: [storage]
|
|
line: [storage]
|
|
- name: overlay
|
|
ansible.builtin.lineinfile:
|
|
path: /home/admin/.config/containers/storage.conf
|
|
search_string: driver
|
|
line: driver = 'overlay'
|
|
|
|
- name: allow rootless podman to access ports below 1000
|
|
become: true
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.ip_unprivileged_port_start
|
|
value: 80
|
|
sysctl_file: /etc/sysctl.d/99-ports.conf
|
|
|
|
# this might not be needed, haven't tested
|
|
- name: allow rootless podmad (wireguard) to access net src
|
|
become: true
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.conf.all.src_valid_mark
|
|
value: 1
|
|
sysctl_file: /etc/sysctl.d/99-ports.conf
|
|
|
|
|
|
- name: enable linger (so user services start without login required)
|
|
ansible.builtin.shell:
|
|
cmd: loginctl enable-linger
|