--- - name: builder3 hosts: builder3.hamburg.freifunk.net tasks: - name: Common system setup block: - name: Update all packages - dist-upgrade register: system_update apt: update_cache: yes upgrade: dist - name: Reboot after system upgrade, when changed when: system_update.changed reboot: - name: Install debconf package: name: - debconf - debconf-utils state: present - name: Preseed some configuration with_items: - name: unattended-upgrades question: unattended-upgrades/enable_auto_updates value: "true" vtype: boolean debconf: name: "{{ item.name }}" question: "{{ item.question }}" value: "{{ item.value }}" vtype: "{{ item.vtype }}" - name: Install default packages package: name: - htop - mc - mosh - screen - smartmontools - unattended-upgrades state: present - name: Remove os-prober package: name: os-prober state: absent - name: Configure screen copy: dest: /etc/screenrc backup: yes owner: root group: root mode: "0644" content: | hardstatus alwayslastline hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %m-%d %{W}%c:%s %{g}]' defscrollback 99999 - name: Install ZFS block: - name: Prepare for ZFS installation blockinfile: backup: yes create: yes path: /etc/apt/sources.d/backports.list marker: "# {mark} backports archive" mode: "0644" owner: root group: root block: | deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main contrib non-free - name: Update apt cache apt: update_cache: yes - name: Install ZFS packages register: zfs_packages package: name: - linux-headers-amd64 - zfsutils-linux - zfs-dkms - zfs-zed - name: Ensure zfs modules are loaded on boot lineinfile: path: /etc/modules line: zfs regexp: zfs - name: Reboot after ZFS install when: zfs_packages.changed reboot: - name: zpool initialization block: - name: try to import zpool register: try_import_zpool failed_when: false changed_when: try_import_zpool.rc == 0 command: cmd: zpool import dpool - name: Check if zpool is imported register: zpool_import_status failed_when: false changed_when: false check_mode: false command: cmd: zpool list dpool - name: Create zpool if not imported when: (zpool_import_status.rc > 0) command: cmd: zpool create -o ashift=12 -o autotrim=on -O mountpoint=legacy -O dedup=on -O compression=on dpool mirror /dev/sda4 /dev/sdb4 - name: Create zfs datasets with_items: - dataset: dpool properties: org.debian:periodic-trim: enable - dataset: dpool/build properties: mountpoint: /build com.sun:auto-snapshot: false - dataset: dpool/firmware properties: mountpoint: /firmware com.sun:auto-snapshot: true com.sun:auto-snapshot:frequent: false com.sun:auto-snapshot:hourly: false com.sun:auto-snapshot:weekly: false com.sun:auto-snapshot:monthly: false - dataset: dpool/mirror properties: mountpoint: /mirror com.sun:auto-snapshot: true com.sun:auto-snapshot:frequent: false com.sun:auto-snapshot:hourly: false com.sun:auto-snapshot:weekly: false com.sun:auto-snapshot:monthly: false zfs: state: present name: "{{ item.dataset }}" extra_zfs_properties: "{{ item.properties }}" - name: Install software required to build gluon package: state: present name: - build-essential - ecdsautils - gawk - git - libncurses-dev - libssl-dev - libz-dev - python2 - python3 - qemu-utils - subversion - time - unzip - wget - name: Create build user user: name: gluon state: present password: "!" shell: /bin/bash - name: Set permissions on directories with_items: - /build - /firmware - /mirror file: path: "{{ item }}" owner: gluon mode: "0755" - name: Create symlinks in gluon home with_items: - /build - /firmware - /mirror file: path: "/home/gluon/{{ item | basename }}" src: "{{ item }}" state: link - name: Checkout scripts for the builder git: repo: https://github.com/freifunkhamburg/builder-scripts.git dest: /home/gluon/bin ssh_opts: -o StrictHostKeyChecking=accept-new - name: Fix permissions on git repo file: path: /home/gluon/bin owner: gluon group: gluon recurse: yes - name: Set main as default git branch name git_config: scope: system state: present name: init.defaultBranch value: main - name: Configure webserver for builder3 block: - name: Install nginx package: name: - nginx-light - libnginx-mod-http-fancyindex - certbot - python3-certbot-nginx state: present - name: Nginx default config template: dest: /etc/nginx/sites-available/default src: nginx.default backup: yes force: yes mode: "0400" owner: root group: root - name: Check for certbot certificates register: certbot_status stat: path: /etc/letsencrypt/live - name: Initialize certificates when: not certbot_status.stat.exists block: - name: Ensure nginx is stopped service: name: nginx state: stopped - name: Initialize certbot certificates standalone command: cmd: certbot -n --agree-tos --email certbot-test@danielfrank.net certonly --domains builder3.hamburg.freifunk.net --standalone - name: Setup cronjob for certbot cron: name: certbot auto renewal job: certbot renew --webroot --post-hook 'systemctl start nginx' --disable-renew-updates minute: "7" hour: "1" day: "*" month: "*" weekday: "*" - name: Ensure nginx is running service: name: nginx state: started - name: Automatically build a new gluon master cron: name: gluon-master-build user: gluon job: /home/gluon/bin/master-build.sh minute: "17" hour: "0" day: "*" month: "*" weekday: "1"