ansible: create init for worker

ansible/README.md

@@ -1,3 +1,7 @@
 # Ansible
 
-## Running
+## Generate a password for a user
+
+```bash
+mkpasswd --method=sha-512
+```

ansible/common_vars.yaml

@@ -0,0 +1,25 @@
+---
+keys_repo_path: "{{ lookup('env', 'HOME') }}/keys"
+vm_user_smb_access_file: "{{ keys_repo_path }}/users/{{ vm_username }}/smb"
+ssh_access_keys: "{{ keys_repo_path }}/common/vm_access_authorized_keys"
+nas_ip: "192.168.100.50"
+
+rc_files_url: "https://git.tylencloud.com/tylen/rc-files"
+bashrc_file_url: "{{ rc_files_url }}/raw/branch/main/bashrc"
+vimrc_file_url: "{{ rc_files_url }}/raw/branch/main/vimrc"
+
+common_base_packages:
+  - apt-transport-https
+  - btop
+  - ca-certificates
+  - cifs-utils
+  - curl
+  - exa
+  - git
+  - python3-pip
+  - python3-setuptools
+  - software-properties-common
+  - tree
+  - virtualenv
+  - vim
+  - whois

ansible/hosts.ini

@@ -1,3 +1,2 @@
 [workers]
-jenkins-server ansible_host=192.168.100.30
+vm-gitea-100-11 ansible_host=192.168.100.11 ansible_user=tylen
-vm-mixed-100-98 ansible_host=192.168.100.98

ansible/init_worker_vm.yaml

@@ -1,43 +0,0 @@
----
-- name: Initialise worker VM
-  hosts: workers
-  become: yes
-
-  tasks:
-  - name: Install essentials
-    apt:
-      pkg:
-        - apt-transport-https
-        - ca-certificates
-        - curl
-        - software-properties-common
-        - python3-pip
-        - virtualenv
-        - python3-setuptools
-        - vim
-        - git
-        - btop
-      state: latest
-      update_cache: true
-
-  - name: Add Docker GPG apt Key
-    apt_key:
-      url: https://download.docker.com/linux/ubuntu/gpg
-      state: present
-
-  - name: Add Docker Repository
-    apt_repository:
-      repo: deb https://download.docker.com/linux/ubuntu focal stable
-      state: present
-
-  - name: Update apt and install docker-ce
-    apt:
-      name: docker-ce
-      state: latest
-      update_cache: true
-
-  - name: Start and enable Docker
-    service:
-      name: docker
-      state: started
-      enabled: yes

ansible/localhost/init.yaml

@@ -0,0 +1,28 @@
+- name: Initialise worker VM
+  hosts: localhost
+  become: yes
+  vars_files:
+    - local_vars.yaml
+    - ../common_vars.yaml
+
+  tasks:
+  - name: Install essentials
+    apt:
+      pkg:
+        - apt-transport-https
+        - ca-certificates
+        - curl
+        - software-properties-common
+        - python3-pip
+        - virtualenv
+        - python3-setuptools
+        - vim
+        - git
+        - btop
+        - whois
+        - cifs-utils
+        - tree
+        - exa
+      state: latest
+      update_cache: true
+    ignore_errors: yes

ansible/localhost/local_vars.yaml

@@ -0,0 +1 @@
+---

ansible/worker/init.yaml

@@ -0,0 +1,64 @@
+---
+- name: Initialise worker VM
+  hosts: workers
+  become: yes
+  vars_files:
+    - worker_vars.yaml
+    - ../common_vars.yaml
+
+  tasks:
+  - name: Install essentials
+    apt:
+      name: "{{ common_base_packages }}"
+      state: latest
+      update_cache: true
+    ignore_errors: yes
+
+  - name: Add Docker GPG apt Key
+    apt_key:
+      url: https://download.docker.com/linux/ubuntu/gpg
+      state: present
+
+  - name: Add Docker Repository
+    apt_repository:
+      repo: deb https://download.docker.com/linux/ubuntu focal stable
+      state: present
+
+  - name: Update apt and install docker-ce
+    apt:
+      name: docker-ce
+      state: latest
+      update_cache: true
+
+  - name: Start and enable Docker
+    service:
+      name: docker
+      state: started
+      enabled: yes
+
+  - name: Create a login user
+    user:
+      name: "{{ vm_username }}"
+      password: "$6$OhH/TOtjPdxJgC9i$1ytWcV0yBuv5b4Momkka57tErCc4UqvG0zqydyyGQm3OXSaWPHTLHxvPjeCdA9B8T0./eXawj62xZ7gVtzokG/"
+      groups:
+      - docker
+      - sudo
+      state: present
+      shell: /usr/bin/bash
+
+  - name: Copy authorized keys
+    authorized_key:
+      user: "{{ vm_username }}"
+      key: "{{ lookup('file', '{{ ssh_access_keys }}') }}"
+
+  - name: Download rc files
+    get_url:
+      url: "{{ item.url }}"
+      dest: "{{ item.dest }}"
+      mode: '0644'
+    loop:
+      - { url: '{{ bashrc_file_url }}', dest: '{{ bashrc_mount_path }}' }
+      - { url: '{{ vimrc_file_url }}', dest: '{{ vimrc_mount_path }}' }
+
+
+

ansible/worker/smb.yaml

@@ -0,0 +1,40 @@
+---
+- name: Set Up SMB access to /apps
+  hosts: workers
+  become: yes
+  vars_files:
+    - worker_vars.yaml
+    - ../common_vars.yaml
+
+  tasks:
+    - name: Create .cred directory
+      file:
+        path: "{{ cred_path }}"
+        state: directory
+        owner: "{{ vm_username }}"
+        group: "{{ vm_username }}"
+
+    - name: Create remote-apps directory
+      file:
+        path: "{{ mount_path }}"
+        state: directory
+        owner: "{{ vm_username }}"
+        group: "{{ vm_username }}"
+
+    - name: Copy file to .cred directory
+      copy:
+        content: "{{ lookup('file', '{{ vm_user_smb_access_file }}') }}"
+        dest: "{{ cred_path }}/smb"
+        mode: '0404'
+        owner: "{{ vm_username }}"
+        group: "{{ vm_username }}"
+
+    - name: Add ~/remote-apps entry to fstab
+      lineinfile:
+        dest: /etc/fstab
+        line: '//{{ nas_ip }}/apps {{ mount_path }} cifs credentials={{ cred_path }}/smb,uid=vm-user 0 0'
+        state: present
+
+    - name: Mount all disks
+      command: mount -a
+

ansible/worker/worker_vars.yaml

@@ -0,0 +1,7 @@
+---
+vm_username: vm-user
+vm_home: "/home/{{ vm_username }}"
+cred_path: "{{ vm_home }}/.cred"
+mount_path: "{{ vm_home }}/remote-apps"
+bashrc_mount_path: "{{ vm_home }}/.bashrc"
+vimrc_mount_path: "{{ vm_home }}/.vimrc"