add basic ansible playbook for alpine setup

add forgejo files
2024-11-28 16:52:27 -03:00 · 2024-11-28 11:40:03 -03:00
9 changed files with 291 additions and 0 deletions
--- a/.forgejo/issue_template/01-feature.yml
+++ b/.forgejo/issue_template/01-feature.yml
@ -0,0 +1,59 @@
 name: Feature request
 about: Request a new feature to be added
 title: '[Feature]: '
 ref: 'development'
 assignees: 
    - aleidk
 labels:
  - Priority/Low
  - Severity/Low
  - Status/Pending
  - Type/Feature
 body:
  - type: markdown
    attributes:
      value: |
        We appreciate your feedback on how to improve this project. Please be sure to include as much details and any resources if possible!
  - type: dropdown
    attributes:
      multiple: false
      label: Type of Feature
      default: 0
      options:
        - "✨ New Feature"
        - "📝 Documentation"
        - "🎨 Style and UI"
        - "🔨 Code Refactor"
        - "⚡ Performance Improvements"
        - "✅ New Test"
    validations:
      required: true
  - type: textarea
    id: description
    attributes:
      label: Description
      description: Give us a brief description of the feature or enhancement you would like.
      placeholder: As <who> <when> <where>, I want <what> because <why>
    validations:
      required: true
  - type: textarea
    id: completion-criteria
    attributes:
      label: Completion criteria
      description: Tell us what this feature needs to do to be considered completed using verificable items.
      placeholder: |
        - [ ] Read the configuration file using the yaml format
        - [ ] Fetch data from an the json-placehoder API
        - [ ] Save the data in the database
    validations:
      required: true
  - type: textarea
    id: additional-information
    attributes:
      label: Additional Information
      description: |
        Please leave any additional information on the feature request that could be helpful! like proposed solutions, examples, links, screenshots, etc.
--- a/.forgejo/issue_template/02-bug-report.yml
+++ b/.forgejo/issue_template/02-bug-report.yml
@ -0,0 +1,93 @@
 name: Bug report
 about: Something isn't working as expected
 title: '[Bug]: '
 ref: 'development'
 assignees: 
    - aleidk
 labels:
  - Priority/Low
  - Severity/Low
  - Status/Pending
  - Type/Bug
 body:
  - type: markdown
    attributes:
      value: |
        We appreciate your feedback on how to improve this project. Please be sure to include as much details and any resources if possible!
  - type: checkboxes
    id: terms
    attributes:
      label: Before submitting, I checked...
      options:
        - label: The [issue tracker](../) in case this has been reported before
          required: true
        - label: The severity of the bug
          required: true
    validations:
      required: true
  - type: textarea
    id: expected
    attributes:
      label: "Expected behavior:"
      description: A clear and concise description of what you expected to happen. Include screenshots and/or logs if relevant.
      placeholder: As <who> <when> <where>, I want <what> because <why>
    validations:
      required: true
  - type: textarea
    id: current
    attributes:
      label: "Current behavior:"
      description: A clear and concise description of what actually happened. Include screenshots and/or logs if relevant.
      placeholder: As <who> <when> <where>, I want <what> because <why>
    validations:
      required: true
  - type: textarea
    id: reproduce
    attributes:
      label: "Steps to reproduce:"
      description: Anambiguous set of steps to reproduce this bug. Include code snippets if relevant.
      placeholder: |
        1. Use x argument / navigate to
        2. Fill this information
        3. Go to...
        4. See error
    validations:
      required: true
  - type: dropdown
    attributes:
      multiple: false
      label: Is this a regresion?
      description: Did this behaviour used to work in the previous version?
      default: 0
      options:
        - "I don't know"
        - "This is a new feature"
        - "Yes"
        - "No"
    validations:
      required: true
  - type: textarea
    id: environment
    attributes:
      label: "Your environment:"
      description: Tell us details about the environment you experienced the bug in. A minimal/isolated enviroment to reproduce would be apreciated.
      placeholder: |
        - Version used:
        - Browser Name and version:
        - Operating System and version (desktop or mobile):
        - Link to your project:
    validations:
      required: false
  - type: textarea
    id: additional-information
    attributes:
      label: "Additional Information:"
      description: |
        Please leave any additional information on the bug that could be helpful! like proposed solutions, examples, links, screenshots, etc.
--- a/.gitignore
+++ b/.gitignore
@ -204,3 +204,4 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 .decrypt-pass.txt
--- a/.justfile
+++ b/.justfile
@ -0,0 +1,18 @@
 export ANSIBLE_VAULT_PASSWORD_FILE := "./.decrypt-pass.txt"
 inventory := "./hosts/inventory.ini"
 play +ARGS:
  ansible-playbook -i {{ inventory }} {{ ARGS }}
 ansible +ARGS:
  ansible -i {{ inventory }} {{ ARGS }}
 list-host:
  ansible-inventory -i {{ inventory }} --list
 encrypt +ARGS:
  ansible-valut encrypt {{ ARGS }}
 decrypt +ARGS:
  ansible-vault edit {{ ARGS }}
--- a/files/alpine/motd.j2
+++ b/files/alpine/motd.j2
@ -0,0 +1,15 @@
                      This system is managed by Ansible.
              _    _       _              _     _
             / \  | |_ __ (_)_ __   ___  | |   (_)_ __  _   ___  __
            / _ \ | | '_ \| | '_ \ / _ \ | |   | | '_ \| | | \ \/ /
           / ___ \| | |_) | | | | |  __/ | |___| | | | | |_| |>  <
          /_/   \_\_| .__/|_|_| |_|\___| |_____|_|_| |_|\__,_/_/\_\
                    |_|
          OS          : {{ ansible_distribution }} {{ ansible_distribution_version }}
          Hostname    : {{ ansible_hostname }}
          IP address  : {{ ansible_eth0.ipv4.address }}
          System type : {{ ansible_system }}
          Kernel      : {{ ansible_kernel }}
--- a/files/alpine/repositories.j2
+++ b/files/alpine/repositories.j2
@ -0,0 +1,4 @@
 https://dl-cdn.alpinelinux.org/alpine/{{ alpine_version }}/main
 https://dl-cdn.alpinelinux.org/alpine/{{ alpine_version }}/community
 http://elmirror.cl/alpine/{{ alpine_version }}/main
 http://elmirror.cl/alpine/{{ alpine_version }}/community
--- a/hosts/inventory.ini
+++ b/hosts/inventory.ini
@ -0,0 +1,2 @@
 [homelab]
 10.0.10.50
--- a/playbooks/setup/alpine.yaml
+++ b/playbooks/setup/alpine.yaml
@ -0,0 +1,90 @@
 - name: Setup an alpine machine
  hosts: homelab
  user: root
  vars:
    # alpine_version: v3.19
    alpine_version: latest-stable
    robo:
      authorized_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPiEGbVaaSJq/9hGaou3gd6m4Jzyj4AIgCL5wGTxVz1"
      allowed_commands:
        - "docker ps"
  vars_files:
    ../../variables/secrets.yaml
  tasks:
    - name: Change login message
      template:
        src: ../../files/alpine/motd.j2
        dest: /etc/motd
        owner: root
        group: root
        mode: 0644
        backup: yes
    - name: Update repositories
      template:
        src: ../../files/alpine/repositories.j2
        dest: /etc/apk/repositories
        owner: root
        group: root
        mode: 0644
        backup: yes
    - name: Update all packages
      command: /sbin/apk upgrade -U -a
    - name: Be sure python is installed
      command: /sbin/apk add python3
      args:
        creates: /usr/bin/python3
    - name: Disable password authentication for SSH
      become: true
      notify: Restart sshd
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^#?PasswordAuthentication'
        line: 'PasswordAuthentication no'
        state: present
    - name: Allow users of the weel group to use doas command
      become: true
      ansible.builtin.lineinfile:
        path: /etc/doas.conf
        regexp: '^#\s*permit persist :wheel'
        line: 'permit persist :wheel'
        state: present
    - name: Create a user group named docker
      ansible.builtin.group:
        name: docker
    - name: Setup users
      ansible.builtin.user:
        state: present
        name: aleidk
        password: "{{ users.aleidk.password | password_hash('sha512') }}"
        groups:
          - wheel
          - docker
    - name: Create a user for executing remote commands
      ansible.builtin.user:
        name: robo
        system: true
        create_home: true
        groups: nogroup
        state: present
    - name: Add SSH public key for robo user
      ansible.posix.authorized_key:
        user: robo
        state: present
        key: "{{ robo.authorized_key }}"
        key_options: "command=\"{{ robo.allowed_commands | join('; ') }}\""
  handlers:
    - name: Restart sshd
      ansible.builtin.service:
        name: sshd
        state: restarted
--- a/variables/secrets.yaml
+++ b/variables/secrets.yaml
@ -0,0 +1,9 @@
 $ANSIBLE_VAULT;1.1;AES256
 62343433336464323761613330643861353862393130383631306536366639323233663233623735
 3131393037626664333235623764353939613835313030330a346133636334323132623536663830
 65386432383562343738333137386564653963396537653435613566326463356131316437393537
 3239353134323261340a306234393263383331396430396666376337343161313232396566343933
 39356161346439663764663763346666653933316537306336383339626136326639343564613231
 34343730326166356433336266643532393037653363356334383630646335313162366237343234
 34353933383365636662343364303366633662316430646536323861356163383039346234663239
 62376366373864373336
Author	SHA1	Message	Date
aleidk	8313fadc0c	add basic ansible playbook for alpine setup	2024-11-28 16:52:27 -03:00
aleidk	8caf2e826e	add forgejo files	2024-11-28 11:40:03 -03:00