urosg/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial import of work

Browse Source
This commit is contained in:
Uroš Golja
2026-01-09 16:21:24 +01:00
parent 3c7f76d522
commit 183ab154ba
12 changed files with 208 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
playbooks/common-machine-config/inventory.yml Normal file
View File

@@ -0,0 +1,25 @@
# This applies to all hosts
all:
children:
fik:
kiwi:
vars:
# Make ansible connect to the system it manages with the "ansible" system
# user
ansible_user: ansible
# This dict holds all the user accounts that are present on all of the
# linux virtual machines, and their associated SSH keys.
shell_users:
- username: urosg
comment: "Uroš Golja"
public_ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfcMY//DluCevXoNqiYnHmfk7Uj+rcENiCJV1s1h+VD urosg@fik"
- username: matejag
comment: "Mateja Golja"
- username: lukag
comment: "Luka Golja"
# This dict holds all the user accounts that have been revoked.
revoked_shell_users: []
# vim: set cc=80 nowrap:

24
playbooks/common-machine-config/playbook.yml Normal file
View File

@@ -0,0 +1,24 @@
# The ordering of plays in this file is important. First we do all the plays
# that do not depend on any other plays. Then, we do plays that have
# dependencies.
- name: Configure all hosts to have a common basic configuration
hosts: all
roles:
- system-users
- system-utilities
- vim
- name: Configure the fik workstation
hosts: fik
roles:
- cinnamon-desktop
- generic-desktop
- i3wm
- fail2ban
- name: Configure the kiwi workstation
hosts: kiwi
roles:
- generic-desktop
- mate-desktop
- nvidia-driver

1
roles/TODO/README.md Normal file
View File

@@ -0,0 +1 @@
Here be all the roles that I still need to develop, sorted by priorities.

8
roles/TODO/low-priority/fail2ban/main.yml Normal file
View File

@@ -0,0 +1,8 @@
- name: Install fail2ban
ansible.builtin.apt:
name:
- fail2ban
update_cache: true
become: true
# TODO: figure out if you need to configure anything here

8
roles/TODO/low-priority/games/main.yml Normal file
View File

@@ -0,0 +1,8 @@
- name: Install some games
ansible.builtin.apt:
name:
- dosbox
- jumpnbump
- opentyrian
update_cache: true
become: true

19
roles/TODO/low-priority/generic-desktop/main.yml Normal file
View File

@@ -0,0 +1,19 @@
- name: Install the usual desktop utilities
ansible.builtin.apt:
name:
- audacity
- firefox
- gimp
- libreoffice
- keepassxc
- task-slovenian
- task-slovenian-desktop
- thunderbird
- transmission
- yt-dlp
update_cache: true
become: true
# TODO: figure out if you need to configure anything here
#
# TODO: install the printing system via cups

6
roles/TODO/low-priority/radeon-driver/main.yml Normal file
View File

@@ -0,0 +1,6 @@
- name: Install utilities for the Radeon graphics chips
ansible.builtin.apt:
name:
- radeontop
update_cache: true
become: true

25
roles/TODO/medium-priority/i3wm/main.yml Normal file
View File

@@ -0,0 +1,25 @@
- name: Install various packages related to i3wm
ansible.builtin.apt:
name:
- adapta-gtk-theme
- albatros-gtk-theme
- blackbird-gtk-theme
- clearlooks-phenix-theme
- darkblood-gtk-theme
- darkcold-gtk-theme
- darkfire-gtk-theme
- darkmint-gtk-theme
- flameshot
- materia-gtk-theme
- mupdf
- mupdf-tools
- parcellite
- pasystray
- rofi
- sakura
update_cache: true
become: true
# TODO: figure out if you need to configure anything here
#
# TODO: install awesome fonts

37
roles/TODO/medium-priority/system-users/main.yml Normal file
View File

@@ -0,0 +1,37 @@
- name: Create a group of users that will be able to use sudo without typing in their passwords.
ansible.builtin.group:
name: sudo-nopassword
become: true
- name: Grant the group to run commands with root privileges.
community.general.sudoers:
name: sudo-nopassword
group: sudo-nopassword
commands: ALL
nopassword: true
become: true
- name: Create accounts for system users
ansible.builtin.user:
name: "{{ item.username }}"
comment: "{{ item.comment }}"
state: present
append: false
loop: "{{ shell_users }}"
become: true
- name: Add a public SSH key to all of the user accounts for the devops people.
ansible.posix.authorized_key:
user: "{{ item.username }}"
key: "{{ item.public_ssh_key }}"
loop: "{{ shell_users }}"
become: true
ignore_errors: "{{ ansible_check_mode }}"
- name: Remove all user accounts that have been revoked.
ansible.builtin.user:
name: "{{ item }}"
state: absent
loop: "{{ revoked_shell_users }}"
become: true

46
roles/TODO/medium-priority/system-utilities/main.yml Normal file
View File

@@ -0,0 +1,46 @@
- name: Install the etckeeer package separately from the rest of others
ansible.builtin.apt:
name:
- etckeeper
update_cache: true
become: true
- name: Run the cron job for etckeeper (to store configuration changes)
ansible.builtin.shell:
cmd: bash -x /etc/cron.daily/etckeeper
become: true
- name: Install various handy packages
ansible.builtin.apt:
name:
- gpm
- 7zip
- apt-show-versions
- apt-file
- apt-listbugs
- bash-completion
- debconf-utils
- jnettop
- jq
- lnav
- mailutils
- moreutils
- net-tools
- plocate
- powerline
- powerline-gitstatus
- pv
- socat
- sysstat
- dstat
- tig
- tree
- tshark
- unzip
- uuid
- iputils-ping
- iputils-tracepath
- nmap
- nmon
update_cache: true
become: true

8
ssh-keys/ansible@shkitch.net.priv Normal file
View File

@@ -0,0 +1,8 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDh+Tjgsh
t7JbFTBYYCT1TrAAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIP4sRes21puTVbUA
84ClbbelXu8mw0nH0/BuuwJdX+2UAAAAkDZEvZB+5NcOh3kcQb2AYY9NVnxV7Oi9nitwXN
1TW1lhjm2Bq+K6oSLr/F9Ql558tjLFnAos3YUEcxlC7pjpF+mLOhBIxqzbSs9lTke3iJny
bi2YO91J/TDNak+3arkIPLk+gmzEaL8uzpgth3CL48mNLo7V2sSVlCMCh5YfOA5l8+tW4I
De2n1mxzHhjtGdeQ==
-----END OPENSSH PRIVATE KEY-----

1
ssh-keys/ansible@shkitch.net.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4sRes21puTVbUA84ClbbelXu8mw0nH0/BuuwJdX+2U ansible@shkitch.net