add basic ansible playbook for alpine setup

.forgejo/issue_template/01-feature.yml

@@ -0,0 +1,59 @@
+name: Feature request
+about: Request a new feature to be added
+title: '[Feature]: '
+ref: 'development'
+assignees: 
+    - aleidk
+labels:
+  - Priority/Low
+  - Severity/Low
+  - Status/Pending
+  - Type/Feature
+body:
+  - type: markdown
+    attributes:
+      value: |
+        We appreciate your feedback on how to improve this project. Please be sure to include as much details and any resources if possible!
+
+  - type: dropdown
+    attributes:
+      multiple: false
+      label: Type of Feature
+      default: 0
+      options:
+        - "✨ New Feature"
+        - "📝 Documentation"
+        - "🎨 Style and UI"
+        - "🔨 Code Refactor"
+        - "⚡ Performance Improvements"
+        - "✅ New Test"
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Give us a brief description of the feature or enhancement you would like.
+      placeholder: As <who> <when> <where>, I want <what> because <why>
+    validations:
+      required: true
+
+  - type: textarea
+    id: completion-criteria
+    attributes:
+      label: Completion criteria
+      description: Tell us what this feature needs to do to be considered completed using verificable items.
+      placeholder: |
+        - [ ] Read the configuration file using the yaml format
+        - [ ] Fetch data from an the json-placehoder API
+        - [ ] Save the data in the database
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-information
+    attributes:
+      label: Additional Information
+      description: |
+        Please leave any additional information on the feature request that could be helpful! like proposed solutions, examples, links, screenshots, etc.

.forgejo/issue_template/02-bug-report.yml

@@ -0,0 +1,93 @@
+name: Bug report
+about: Something isn't working as expected
+title: '[Bug]: '
+ref: 'development'
+assignees: 
+    - aleidk
+labels:
+  - Priority/Low
+  - Severity/Low
+  - Status/Pending
+  - Type/Bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        We appreciate your feedback on how to improve this project. Please be sure to include as much details and any resources if possible!
+
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: Before submitting, I checked...
+      options:
+        - label: The [issue tracker](../) in case this has been reported before
+          required: true
+        - label: The severity of the bug
+          required: true
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: "Expected behavior:"
+      description: A clear and concise description of what you expected to happen. Include screenshots and/or logs if relevant.
+      placeholder: As <who> <when> <where>, I want <what> because <why>
+    validations:
+      required: true
+
+  - type: textarea
+    id: current
+    attributes:
+      label: "Current behavior:"
+      description: A clear and concise description of what actually happened. Include screenshots and/or logs if relevant.
+      placeholder: As <who> <when> <where>, I want <what> because <why>
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: "Steps to reproduce:"
+      description: Anambiguous set of steps to reproduce this bug. Include code snippets if relevant.
+      placeholder: |
+        1. Use x argument / navigate to
+        2. Fill this information
+        3. Go to...
+        4. See error
+    validations:
+      required: true
+
+  - type: dropdown
+    attributes:
+      multiple: false
+      label: Is this a regresion?
+      description: Did this behaviour used to work in the previous version?
+      default: 0
+      options:
+        - "I don't know"
+        - "This is a new feature"
+        - "Yes"
+        - "No"
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: "Your environment:"
+      description: Tell us details about the environment you experienced the bug in. A minimal/isolated enviroment to reproduce would be apreciated.
+      placeholder: |
+        - Version used:
+        - Browser Name and version:
+        - Operating System and version (desktop or mobile):
+        - Link to your project:
+    validations:
+      required: false
+
+  - type: textarea
+    id: additional-information
+    attributes:
+      label: "Additional Information:"
+      description: |
+        Please leave any additional information on the bug that could be helpful! like proposed solutions, examples, links, screenshots, etc.

.gitignore

@@ -204,3 +204,4 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 
+.decrypt-pass.txt

.justfile

@@ -0,0 +1,18 @@
+export ANSIBLE_VAULT_PASSWORD_FILE := "./.decrypt-pass.txt"
+
+inventory := "./hosts/inventory.ini"
+
+play +ARGS:
+  ansible-playbook -i {{ inventory }} {{ ARGS }}
+
+ansible +ARGS:
+  ansible -i {{ inventory }} {{ ARGS }}
+
+list-host:
+  ansible-inventory -i {{ inventory }} --list
+
+encrypt +ARGS:
+  ansible-valut encrypt {{ ARGS }}
+
+decrypt +ARGS:
+  ansible-vault edit {{ ARGS }}

files/alpine/motd.j2

@@ -0,0 +1,15 @@
+
+                      This system is managed by Ansible.
+              _    _       _              _     _
+             / \  | |_ __ (_)_ __   ___  | |   (_)_ __  _   ___  __
+            / _ \ | | '_ \| | '_ \ / _ \ | |   | | '_ \| | | \ \/ /
+           / ___ \| | |_) | | | | |  __/ | |___| | | | | |_| |>  <
+          /_/   \_\_| .__/|_|_| |_|\___| |_____|_|_| |_|\__,_/_/\_\
+                    |_|
+
+          OS          : {{ ansible_distribution }} {{ ansible_distribution_version }}
+          Hostname    : {{ ansible_hostname }}
+          IP address  : {{ ansible_eth0.ipv4.address }}
+          System type : {{ ansible_system }}
+          Kernel      : {{ ansible_kernel }}
+

files/alpine/repositories.j2

@@ -0,0 +1,4 @@
+https://dl-cdn.alpinelinux.org/alpine/{{ alpine_version }}/main
+https://dl-cdn.alpinelinux.org/alpine/{{ alpine_version }}/community
+http://elmirror.cl/alpine/{{ alpine_version }}/main
+http://elmirror.cl/alpine/{{ alpine_version }}/community

hosts/inventory.ini

@@ -0,0 +1,2 @@
+[homelab]
+10.0.10.50

playbooks/setup/alpine.yaml

@@ -0,0 +1,90 @@
+- name: Setup an alpine machine
+  hosts: homelab
+  user: root
+  vars:
+    # alpine_version: v3.19
+    alpine_version: latest-stable
+    robo:
+      authorized_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPiEGbVaaSJq/9hGaou3gd6m4Jzyj4AIgCL5wGTxVz1"
+      allowed_commands:
+        - "docker ps"
+  vars_files:
+    ../../variables/secrets.yaml
+  tasks:
+    - name: Change login message
+      template:
+        src: ../../files/alpine/motd.j2
+        dest: /etc/motd
+        owner: root
+        group: root
+        mode: 0644
+        backup: yes
+
+    - name: Update repositories
+      template:
+        src: ../../files/alpine/repositories.j2
+        dest: /etc/apk/repositories
+        owner: root
+        group: root
+        mode: 0644
+        backup: yes
+
+    - name: Update all packages
+      command: /sbin/apk upgrade -U -a
+
+    - name: Be sure python is installed
+      command: /sbin/apk add python3
+      args:
+        creates: /usr/bin/python3
+
+    - name: Disable password authentication for SSH
+      become: true
+      notify: Restart sshd
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?PasswordAuthentication'
+        line: 'PasswordAuthentication no'
+        state: present
+
+    - name: Allow users of the weel group to use doas command
+      become: true
+      ansible.builtin.lineinfile:
+        path: /etc/doas.conf
+        regexp: '^#\s*permit persist :wheel'
+        line: 'permit persist :wheel'
+        state: present
+
+    - name: Create a user group named docker
+      ansible.builtin.group:
+        name: docker
+
+    - name: Setup users
+      ansible.builtin.user:
+        state: present
+        name: aleidk
+        password: "{{ users.aleidk.password | password_hash('sha512') }}"
+        groups:
+          - wheel
+          - docker
+
+    - name: Create a user for executing remote commands
+      ansible.builtin.user:
+        name: robo
+        system: true
+        create_home: true
+        groups: nogroup
+        state: present
+
+    - name: Add SSH public key for robo user
+      ansible.posix.authorized_key:
+        user: robo
+        state: present
+        key: "{{ robo.authorized_key }}"
+        key_options: "command=\"{{ robo.allowed_commands | join('; ') }}\""
+
+
+  handlers:
+    - name: Restart sshd
+      ansible.builtin.service:
+        name: sshd
+        state: restarted

variables/secrets.yaml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+62343433336464323761613330643861353862393130383631306536366639323233663233623735
+3131393037626664333235623764353939613835313030330a346133636334323132623536663830
+65386432383562343738333137386564653963396537653435613566326463356131316437393537
+3239353134323261340a306234393263383331396430396666376337343161313232396566343933
+39356161346439663764663763346666653933316537306336383339626136326639343564613231
+34343730326166356433336266643532393037653363356334383630646335313162366237343234
+34353933383365636662343364303366633662316430646536323861356163383039346234663239
+62376366373864373336