Verified Commit 6085c220 authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

Merge branch 'master' of arch-git:/srv/git/infrastructure

parents 5f5c0d56 eb391730
......@@ -5,7 +5,7 @@ configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
ansible_python_interpreter: /usr/bin/python3
zabbix_agent_templates:
- Template OS Linux
......@@ -37,9 +37,3 @@ zabbix_agent_templates:
zabbix_agent_host_groups:
- Linux servers
- Zabbix servers
configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
---
hostname: "dragon"
network_interface: "eth2"
ipv4_address: "195.201.167.210"
ipv4_netmask: "/26"
ipv6_address: "2a01:4f8:13a:102a::2"
ipv6_netmask: "/128"
ipv4_gateway: "195.201.167.193"
ipv6_gateway: "fe80::1"
filesystem: btrfs
raid_level: raid0
system_disks:
- /dev/nvme0n1
- /dev/nvme1n1
archbuild_fs: 'btrfs'
zabbix_agent_templates:
- Template OS Linux
......@@ -6,9 +6,3 @@ network_interface: "eno2"
ipv4_address: "169.38.85.99"
ipv4_netmask: "/26"
ipv4_gateway: "169.38.85.65"
configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
......@@ -6,9 +6,3 @@ network_interface: "eno2"
ipv4_address: "161.202.225.107"
ipv4_netmask: "/26"
ipv4_gateway: "161.202.225.65"
configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
......@@ -18,9 +18,3 @@ zabbix_agent_templates:
- Template App Mailman
- Template App MySQL
- Template App Nginx
configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
......@@ -6,9 +6,3 @@ network_interface: "eno2"
ipv4_address: "169.57.35.94"
ipv4_netmask: "/26"
ipv4_gateway: "169.57.35.65"
configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
......@@ -21,8 +21,3 @@ zabbix_agent_templates:
- Template OS Linux
- Template App Borg Backup
- Template App Nginx
configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
......@@ -6,5 +6,3 @@ network_interface: "en*"
filesystem: btrfs
system_disks:
- /dev/sda
ansible_python_interpreter: /usr/bin/python3
......@@ -7,9 +7,3 @@ network_interface: "eno2"
ipv4_address: "161.202.204.205"
ipv4_netmask: "/26"
ipv4_gateway: "161.202.204.193"
configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
......@@ -20,9 +20,3 @@ zabbix_agent_templates:
- Template App Borg Backup
- Template App Syncrepo
- Template App PostgreSQL
configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
......@@ -14,9 +14,3 @@ system_disks:
zabbix_agent_templates:
- Template OS Linux
configure_firewall: true
# this is needed to make ansible find the firewalld python
# module when deploying firewalld tasks
ansible_python_interpreter: /usr/bin/python3.7
......@@ -4,6 +4,7 @@ vostok.archlinux.org
apollo.archlinux.org
soyuz.archlinux.org
luna.archlinux.org
dragon.archlinux.org
[pia]
ind.mirror.pkgbuild.com
......@@ -40,6 +41,7 @@ luna.archlinux.org
orion.archlinux.org
[buildservers]
dragon.archlinux.org
soyuz.archlinux.org
sgp.mirror.pkgbuild.com
......
---
- name: setup dragon
hosts: dragon.archlinux.org
remote_user: root
roles:
- { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] }
- { role: sshd, tags: ['sshd'] }
- { role: unbound }
- { role: root_ssh, tags: ['root_ssh'] }
- { role: archusers, tags: ['archusers'] }
- { role: sudo, tags: ['sudo', 'archusers'] }
- { role: archbuild, tags: ['archbuild'] }
......@@ -9,7 +9,7 @@
when: "'Hetzner Rescue' not in motd_contents.stdout"
- name: partition and format the disks (btrfs)
command: mkfs.btrfs -f -L rootfs -d raid1 /dev/sda /dev/sdb
command: mkfs.btrfs -f -L rootfs -d {{ raid_level|default(raid1) }} {{ system_disks|join(' ') }}
when: filesystem == "btrfs" and system_disks|length == 2
- name: partition and format the disks (btrfs)
......@@ -49,11 +49,11 @@
- name: download bootstrap image
get_url:
url: https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2019.02.01-x86_64.tar.gz
url: https://mirrors.kernel.org/archlinux/iso/2019.03.01/archlinux-bootstrap-2019.03.01-x86_64.tar.gz
dest: /tmp/
- name: extract boostrap image
command: tar xf archlinux-bootstrap-2019.02.01-x86_64.tar.gz
command: tar xf archlinux-bootstrap-2019.03.01-x86_64.tar.gz
args:
chdir: /tmp
creates: /tmp/root.x86_64
......@@ -82,8 +82,16 @@
- name: populate pacman keyring inside bootstrap chroot
command: chroot /tmp/root.x86_64 pacman-key --populate archlinux
- name: install ucode update for Intel
set_fact: ucode="intel-ucode"
when: "'GenuineIntel' in ansible_facts['processor']"
- name: install ucode update for AMD
set_fact: ucode="amd-ucode"
when: "'AuthenticAMD' in ansible_facts['processor']"
- name: install arch base from bootstrap chroot
command: chroot /tmp/root.x86_64 pacstrap /mnt base base-devel btrfs-progs grub openssh python creates=/tmp/root.x86_64/mnt/bin
command: chroot /tmp/root.x86_64 pacstrap /mnt base base-devel btrfs-progs grub openssh python {{ ucode }} creates=/tmp/root.x86_64/mnt/bin
- name: mount /proc to new chroot
command: mount --rbind /proc /mnt/proc creates=/mnt/proc/uptime
......@@ -148,7 +156,7 @@
line: 'hosts: files mymachines resolve myhostname'
- name: enable services inside chroot
command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved
command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved fstrim
- set_fact: pubkey_list="{{ lookup('file', "{{ playbook_dir }}/../../pubkeys/" + item) }}"
register: pubkeys
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment