Added basic ansible playbook

.gitignore

@@ -1 +1,2 @@
+playbook.retry
 terraform.tfstate.backup

ansible/group_vars/all.yml

@@ -0,0 +1,47 @@
+root_sshkeys: |
+  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io
+
+root_castles:
+  - tboerger/homeshick-base
+  - tboerger/homeshick-vim
+  - tboerger/homeshick-linux
+
+users:
+  - name: tboerger
+    uid: 1000
+    shell: /bin/bash
+    castles:
+      - tboerger/homeshick-base
+      - tboerger/homeshick-vim
+      - tboerger/homeshick-linux
+    groups:
+      - sudo
+    sshkeys: |
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCc1nE4kCs9WXEEbotF+0Rivnr/9I0fc56QLZTqIr4Rsl3iZcvVDgYJmh6rPcl9xKBptNo/jK1EJF/bm2APf6wIU5Q7tNjeIw5IMJnBRBfPdQujXumb1LZMGnQvPT/gHdpVZvPkYlKkBocOJGPG99GZL0FlXXpc4eDYrgCMfCzRFG1SbQWcUdipbJJgELmbiOy7c5eHtb9i51x7g99pC91WnpInuN4pa0AFHwDQpBhS8RSLFEAfWNNs4T3SiYiUUq0lIHBoIoTM8fTTzhshXAlGWuwsZ9c9luEAw+n4QL8oD9a2ycWTJ3JCRK3CC/+J2MqCROSL4zpVA7+PFrloScMV tboerger@gitea.io
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1vlBRSgKE2LN6Tbp5pQ4qVVOXlqUnhI4fkEJLCGAGmsQGu5usxNvp9UJq0cGt6Sq1htoDmgIjEZwCE/np8/O7ZQPyHpwOWtUlS4WWiXKW0GYaeoYsuMabMLbuV1CpSZhb93zy7ZLIKUYpP7WHyZmivDaXnYkn2IOu3fvDtTQdXbwlCer96dIQjNE/KEH4/gUXetrLMYYg26gUnSDeHaxGrLQAfA9jNG1EbXiUkx8cFmZLEREHjwkBAHcwZDkqbLvZr+ExAKIVUcSzj1ep5sOrtSpbwxRtmDscviFPruJmsx/Jjl9fMhpZq8lIQb6aQ0qq09KGv1WP4YbLGRItvq9T tboerger@gitea.io
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjASyOuvhSdzOeJCC/9crxcuztTY/AeFV7v59wQrCwozS2hPBcy5UJ4li80ly79t2D/ppCsiGDQjxCpMUKq++canqCIRZ1d6/6ylQPZIQw0rCGRHXDIKlc99i3Fz94XD85ZtFdGe2TWq1T2EEgmCRM9dGWq+f5iloRxnoSrCTXpy8JshnO5kMyQovChKzLBKdHIxddBDlEHxvWI0UcvWNuA8J2nrrOfMdMVKdPa5xeveX2V5oW3YClku7b/W6jO1rdkZ0tyl1n+wbETGmWQC+V4HE5qxK0u+Zmyz/4J+82sKQC6uEWbC9dFRslq+84rd4LyCD2467ZmzzV6HcyWJhL tboerger@gitea.io
+  - name: lunny
+    uid: 1001
+    shell: /bin/bash
+    castles:
+      - tboerger/homeshick-base
+      - tboerger/homeshick-vim
+      - tboerger/homeshick-linux
+    groups:
+      - sudo
+    sshkeys: |
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io
+  - name: bkc
+    uid: 1002
+    shell: /bin/bash
+    castles:
+      - tboerger/homeshick-base
+      - tboerger/homeshick-vim
+      - tboerger/homeshick-linux
+    groups:
+      - sudo
+    sshkeys: |
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCc1nE4kCs9WXEEbotF+0Rivnr/9I0fc56QLZTqIr4Rsl3iZcvVDgYJmh6rPcl9xKBptNo/jK1EJF/bm2APf6wIU5Q7tNjeIw5IMJnBRBfPdQujXumb1LZMGnQvPT/gHdpVZvPkYlKkBocOJGPG99GZL0FlXXpc4eDYrgCMfCzRFG1SbQWcUdipbJJgELmbiOy7c5eHtb9i51x7g99pC91WnpInuN4pa0AFHwDQpBhS8RSLFEAfWNNs4T3SiYiUUq0lIHBoIoTM8fTTzhshXAlGWuwsZ9c9luEAw+n4QL8oD9a2ycWTJ3JCRK3CC/+J2MqCROSL4zpVA7+PFrloScMV tboerger@gitea.io
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1vlBRSgKE2LN6Tbp5pQ4qVVOXlqUnhI4fkEJLCGAGmsQGu5usxNvp9UJq0cGt6Sq1htoDmgIjEZwCE/np8/O7ZQPyHpwOWtUlS4WWiXKW0GYaeoYsuMabMLbuV1CpSZhb93zy7ZLIKUYpP7WHyZmivDaXnYkn2IOu3fvDtTQdXbwlCer96dIQjNE/KEH4/gUXetrLMYYg26gUnSDeHaxGrLQAfA9jNG1EbXiUkx8cFmZLEREHjwkBAHcwZDkqbLvZr+ExAKIVUcSzj1ep5sOrtSpbwxRtmDscviFPruJmsx/Jjl9fMhpZq8lIQb6aQ0qq09KGv1WP4YbLGRItvq9T tboerger@gitea.io
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjASyOuvhSdzOeJCC/9crxcuztTY/AeFV7v59wQrCwozS2hPBcy5UJ4li80ly79t2D/ppCsiGDQjxCpMUKq++canqCIRZ1d6/6ylQPZIQw0rCGRHXDIKlc99i3Fz94XD85ZtFdGe2TWq1T2EEgmCRM9dGWq+f5iloRxnoSrCTXpy8JshnO5kMyQovChKzLBKdHIxddBDlEHxvWI0UcvWNuA8J2nrrOfMdMVKdPa5xeveX2V5oW3YClku7b/W6jO1rdkZ0tyl1n+wbETGmWQC+V4HE5qxK0u+Zmyz/4J+82sKQC6uEWbC9dFRslq+84rd4LyCD2467ZmzzV6HcyWJhL tboerger@gitea.io
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNxqUBNvl59j7Xkw3I1rXkiz0LWNvOK2KFFgLB4C101xv6C/UGjCJPlAWYl5lrTokICqi8fmLkVzAuhhGaPs28Eo55lARl1uZoTSuuobKaZHc/SZzIqn2NgSYV9WNzskpo8IkN2K5DWCYr73x6tskJ5BT9hcXWaPRb8s7dEPnw7NduhMroqlNBFgCwIgkYrjjNNIEZt5G5q2aYFLmIRRZ1JimuAJBlmQJCw+W049tjjNUKY4f2Fm9zIbktPZvSgT2kRvMWxUc8KR1kyzMVaDgqFJKQFjEoZ3kKTfkf3FV2O6tIZHA9fnRYABQy+7HAjRRFcVEu7usu12BKZ0QHKhWT lunny@gitea.io

ansible/group_vars/server.yml

@@ -0,0 +1,4 @@
+users_available:
+  - tboerger
+  - lunny
+  - bkc

ansible/hosts.ini

@@ -0,0 +1,2 @@
+[server]
+laozi ansible_user=root ansible_host=laozi.gitea.io

ansible/playbook.yml

@@ -0,0 +1,6 @@
+- hosts: server
+  roles:
+    - base
+    - root
+    - users
+    - docker

ansible/roles/base/tasks/main.yml

@@ -0,0 +1,7 @@
+- name: vars
+  include_vars: ubuntu.yml
+  when: ansible_distribution == 'Ubuntu'
+
+- name: ubuntu
+  include: ubuntu.yml
+  when: ansible_distribution == 'Ubuntu'

ansible/roles/base/tasks/ubuntu.yml

@@ -0,0 +1,5 @@
+- name: install
+  with_items: '{{ base_packages }}'
+  package:
+    name: '{{ item }}'
+    state: present

ansible/roles/base/vars/ubuntu.yml

@@ -0,0 +1,3 @@
+base_packages:
+  - apt-transport-https
+  - software-properties-common

ansible/roles/docker/defaults/main.yml

@@ -0,0 +1,5 @@
+docker_packages:
+  - docker-engine
+
+docker_services:
+  - docker

ansible/roles/docker/handlers/main.yml

@@ -0,0 +1,6 @@
+- name: restart docker
+  with_items: '{{ docker_services }}'
+  systemd:
+    name: '{{ item }}'
+    state: restarted
+    daemon_reload: yes

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,41 @@
+- name: key
+  apt_key:
+    keyserver: hkp://p80.pool.sks-keyservers.net:80
+    id: 58118E89F3A912897C070ADBF76221572C52609D
+    state: present
+
+- name: repo
+  apt_repository:
+    repo: deb https://apt.dockerproject.org/repo ubuntu-xenial main
+    filename: docker.list
+    update_cache: yes
+    state: present
+
+- name: install
+  with_items: '{{ docker_packages }}'
+  package:
+    name: '{{ item }}'
+    state: present
+
+- name: service
+  notify:
+    - restart docker
+  template:
+    src: service.j2
+    dest: /etc/systemd/system/docker.service
+
+- name: default
+  notify:
+    - restart docker
+  template:
+    src: default.j2
+    dest: /etc/default/docker
+
+- name: start
+  with_items: '{{ docker_services }}'
+  systemd:
+    name: '{{ item }}'
+    state: started
+    daemon_reload: yes
+    masked: no
+    enabled: yes

ansible/roles/docker/templates/default.j2

@@ -0,0 +1 @@
+DOCKER_OPTS=""

ansible/roles/docker/templates/service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=Docker
+
+After=network.target
+After=docker.socket
+Requires=docker.socket
+
+[Service]
+EnvironmentFile=-/etc/default/docker
+
+Type=notify
+TimeoutStartSec=0
+Delegate=yes
+KillMode=process
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+TasksMax=infinity
+
+ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS
+ExecReload=/bin/kill -s HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/root/defaults/main.yml

@@ -0,0 +1,4 @@
+root_castles: []
+root_sshkeys:
+root_private_key:
+root_public_key:

ansible/roles/root/tasks/main.yml

@@ -0,0 +1,36 @@
+- name: install
+  with_items:
+    - git
+  package:
+    name: '{{ item }}'
+    state: present
+
+- name: homeshick
+  git:
+    repo: https://github.com/andsens/homeshick.git
+    dest: /root/.homesick/repos/homeshick
+
+- name: castles
+  with_items: '{{ root_castles }}'
+  when: root_castles|default(None) != None
+  git:
+    repo: https://github.com/{{ item }}.git
+    dest: /root/.homesick/repos/{{ item | basename }}
+
+- name: links
+  with_items: '{{ root_castles }}'
+  when: root_castles|default(None) != None
+  command: /root/.homesick/repos/homeshick/bin/homeshick -f -b -q link {{ item | basename }}
+
+- name: sshkeys
+  when: root_sshkeys|default(None) != None
+  authorized_key:
+    user: root
+    key: '{{ root_sshkeys }}'
+    path: /root/.ssh/instance_keys
+    exclusive: yes
+    state: present
+
+- name: fetchkeys
+  when: root_sshkeys|default(None) != None
+  command: scw-fetch-ssh-keys --upgrade

ansible/roles/users/defaults/main.yml

@@ -0,0 +1,2 @@
+users: []
+users_available: []

ansible/roles/users/tasks/main.yml

@@ -0,0 +1,62 @@
+- name: install
+  with_items:
+    - git
+  package:
+    name: '{{ item }}'
+    state: present
+
+- name: group
+  with_items: '{{ users }}'
+  when: item.name in users_available
+  group:
+    name: '{{ item.name }}'
+    gid: '{{ item.uid }}'
+    state: present
+
+- name: create
+  with_items: '{{ users }}'
+  when: item.name in users_available
+  user:
+    name: '{{ item.name }}'
+    uid: '{{ item.uid }}'
+    group: '{{ item.name }}'
+    shell: '{{ item.shell }}'
+    groups: '{{ item.groups | join(",") }}'
+    generate_ssh_key: yes
+    append: yes
+    createhome: yes
+    state: present
+
+- name: homeshick
+  with_items: '{{ users }}'
+  when: item.name in users_available
+  become: yes
+  become_user: '{{ item.name }}'
+  git:
+    repo: https://github.com/andsens/homeshick.git
+    dest: /home/{{ item.name }}/.homesick/repos/homeshick
+
+- name: castles
+  with_subelements: ['{{ users }}', castles]
+  when: item.0.name in users_available
+  become: yes
+  become_user: '{{ item.0.name }}'
+  git:
+    repo: https://github.com/{{ item.1 }}.git
+    dest: /home/{{ item.0.name }}/.homesick/repos/{{ item.1 | basename }}
+
+- name: links
+  with_subelements: ['{{ users }}', castles]
+  when: item.0.name in users_available
+  become: yes
+  become_user: '{{ item.0.name }}'
+  command: /home/{{ item.0.name }}/.homesick/repos/homeshick/bin/homeshick -f -b -q link {{ item.1 | basename }}
+
+- name: sshkeys
+  with_items: '{{ users }}'
+  when: item.name in users_available
+  authorized_key:
+    user: '{{ item.name }}'
+    key: '{{ item.sshkeys }}'
+    exclusive: yes
+    state: present