Novos/ansible-playbooks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

initial commit

Browse source
This commit is contained in:
LinuxSquare 2024-06-27 19:43:34 +02:00
commit dd15132a6c
22 changed files with 440 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.vscode/settings.json vendored Normal file
View file

@ -0,0 +1,3 @@
{
"ansible.python.interpreterPath": "/bin/python"
}

1
apps/init.ansible.yml Normal file
View file

@ -0,0 +1 @@
- import_playbook:

32
directories.ansible.yml Normal file
View file

@ -0,0 +1,32 @@
- hosts: localhost
vars_files:
- map.yml
tasks:
- name: Create base directory
file:
path: "{{ dir }}"
recurse: yes
owner: root
group: root
state: directory
- name: Create bin directory
file:
path: "{{ bin_dir }}"
recurse: yes
owner: root
group: root
state: directory
- name: Create etc directory
file:
path: "{{ etc_dir }}"
recurse: yes
owner: root
group: root
state: directory
- name: Create apps directory
file:
path: "{{ app_dir }}"
recurse: yes
owner: root
group: root
state: directory

1
haproxy/init.ansible.yml Normal file
View file

@ -0,0 +1 @@
- import_playbook:

4
map.yml Normal file
View file

@ -0,0 +1,4 @@
dir: /usr/local/noveria
bin_dir: /usr/local/noveria/bin
etc_dir: /usr/local/noveria/etc
app_dir: /usr/local/noveria/apps

1
mysql/init.ansible.yml Normal file
View file

@ -0,0 +1 @@
- import_playbook:

1
network/init.ansible.yml Normal file
View file

@ -0,0 +1 @@
- import_playbook:

1
openssh/init.ansible.yml Normal file
View file

@ -0,0 +1 @@
- import_playbook:

1
podman/init.ansible.yml Normal file
View file

@ -0,0 +1 @@
- import_playbook:

0
system/ansible.ansible.yml Normal file
View file

67
system/base.ansible.yml Normal file
View file

@ -0,0 +1,67 @@
- hosts: localhost
vars_files:
- ../map.yml
tasks:
- name: Install base packages
package:
state: present
name:
- linux-lts
- linux-firmware-none
- openjdk17-jre-headless
- jq
- vim
- git
- findmnt
- util-linux
- sudo
- curl
- rsync
- screen
- name: Systemupdate script
template:
src: files/base_systemupdate
dest: "{{ app_dir }}/systemupdate"
owner: root
group: root
mode: '0755'
- name: Systemupdate bin-link
file:
src: "{{ app_dir }}/systemupdate"
dest: "{{ bin_dir }}/systemupdate"
owner: root
group: root
state: link
- name: Enable modules Service
service:
state: started
name: modules
enabled: true
- name: Tun permission service
file:
path: "/etc/init.d/tun-perm"
src: files/base_tun-perm.initd
owner: root
group: root
mode: '0755'
state: file
- name: Enable tun-perm service
service:
state: started
name: tun-perm
enabled: true
- name: Enable sysctl service
service:
state: started
name: sysctl
enabled: true
- name: Enable syslog service
service:
state: started
name: syslog
enabled: true
- name: Enable sysfs service
service:
state: started
name: sysfs
enabled: true

74
system/bootloader.ansible.yml Normal file
View file

@ -0,0 +1,74 @@
- hosts: localhost
vars_files:
- /map.yml
tasks:
- name: Install bootloader pkgs
package:
name:
- grub
- grub-efi
- mkinitfs
- mkinitfs-doc
- efibootmgr
state: present
- name: Get current timestamp
command: |
CURRENT_SUBVOLUME=$(LC_ALL=C btrfs sub show / | LC_ALL=C grep Name: | tr -d \'[:space:]\'); TIMESTAMP_FORMAT=\'[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}_[[:digit:]]{2}-[[:digit:]]{2}-[[:digit:]]{2}\'; echo "$CURRENT_SUBVOLUME" | grep -Eo "$TIMESTAMP_FORMAT"
register: CURRENT_SUBVOLUME_TIMESTAMP
run_once: true
- name: Get current timestamp human
command: |
CURRENT_SUBVOLUME_TIMESTAMP=\'{{ CURRENT_SUBVOLUME_TIMESTAMP.stdout }}\'; echo "${CURRENT_SUBVOLUME_TIMESTAMP:0:10} ${CURRENT_SUBVOLUME_TIMESTAMP:11:2}:${CURRENT_SUBVOLUME_TIMESTAMP:14:2}"
register: CURRENT_SUBVOLUME_TIMESTAMP_HUMAN
run_once: true
- name: Get current kernel version
command: |
uname -r
register: KERNEL_VERSION
run_once: true
- name: mkinitfs config
lineinfile:
path: "/etc/mkinitfs/mkinitfs.conf"
regexp: '^features.?=.?'
line: features="ata base btrfs keymap kms mmc nvme scsi usb virtio"
owner: root
group: root
mode: '0644'
- name: os-release file
template:
src: files/bootloader_os-release.j2
dest: "/etc/os-release"
owner: root
group: root
mode: '0644'
vars:
OS_VERSION: "2406"
OS_RELEASE_INFO: '"Timestamp: {{ CURRENT_SUBVOLUME_TIMESTAMP_HUMAN.stdout }} | Kernel: {{ KERNEL_VERSION.stdout }}"'
- name: Motd Directory
file:
name: /etc/motd.d
owner: root
group: root
mode: '0755'
state: directory
- name: Motd
template:
src: files/bootloader_00_noveria.motd.j2
dest: /etc/motd.d/00_noveria.motd
owner: root
group: root
mode: '0644'
vars:
OS_NAME: 'Novos 2406'
OS_RELEASE_INFO: 'Timestamp: {{ CURRENT_SUBVOLUME_TIMESTAMP_HUMAN.stdout }} | Kernel: {{ KERNEL_VERSION.stdout }}'
OS_ISSUE_URL: 'https://git.noveria.org/NoveriaOS/ISO/issues'
- name: Issue
template:
src: files/bootloader_issue.j2
dest: /etc/issue
owner: root
group: root
mode: '0644'
vars:
OS_NAME: 'Novos 2406'
OS_RELEASE_INFO: "{{ CURRENT_SUBVOLUME_TIMESTAMP_HUMAN.stdout }}"

0
system/disks.ansible.yml Normal file
View file

205
system/files/base_systemupdate Normal file
View file

@ -0,0 +1,205 @@
#!/usr/bin/env bash
#######################################################################################################################
##
## Script to full update the system
##
## 0. Pre checks
## 1. Generate new boot environment (BE)
## 2. Update and Salt highstate
## 3. Clean up
##
#######################################################################################################################
#######################################################################################################################
## Definitions
#######################################################################################################################
readonly TEMPDIR=$(mktemp -d /tmp/systemupdate.XXXXXX)
readonly LOCK_FILE="${TEMPDIR}/systemupdate.lock"
readonly TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S")
readonly BTRFS_ROOT="/btrfs"
readonly CURRENT_SUBVOLUME=$(LC_ALL=C btrfs sub show / | LC_ALL=C grep 'Name' | cut -d: -f2 | awk '{$1=$1};1')
readonly NEW_SUBVOLUME="@root_${TIMESTAMP}"
readonly MOUNTPOINT='/mnt'
readonly EFI_DISK=$(findmnt -T /efi -o SOURCE | tail -n 1)
readonly ROOT_DISK=$(findmnt / -o SOURCE | cut -d"[" -f1 | tail -n 1)
readonly BE_HISTORY_COUNT=5
#######################################################################################################################
## Errorhandling
#######################################################################################################################
#----------------------------------------------------------------------------------------------------------------------
# systemupdate failed
#----------------------------------------------------------------------------------------------------------------------
systemupdateFailed() {
echo ""
echo "┌──────────────────────────────────────────┐"
echo "│ FAILED => clean up │"
echo "└──────────────────────────────────────────┘"
subtaskTitle "Unmount BE if mounted"
unmountMountpoint
subtaskTitle "Remove BE"
removeBEFromTimestamp ${TIMESTAMP}
rm -f ${LOCK_FILE}
subtaskTitle "Finished with exit code 1"
exit 1
}
# catch ^C and other signals and clean up
trap "echo -e '\n=> Interrupted with CTRL+C' >&2; systemupdateFailed" SIGINT SIGHUP SIGTERM SIGABRT
#######################################################################################################################
## Helper Functions
#######################################################################################################################
#----------------------------------------------------------------------------------------------------------------------
# Subtask title output
#----------------------------------------------------------------------------------------------------------------------
subtaskTitle() {
echo -e "\n=> $1"
}
#----------------------------------------------------------------------------------------------------------------------
# Unmount ${MOUNTPOINT}
#----------------------------------------------------------------------------------------------------------------------
unmountMountpoint() {
# if mountpoint exists -> umount
[[ $(findmnt -M "${MOUNTPOINT}") ]] && umount -R "${MOUNTPOINT}"
}
#----------------------------------------------------------------------------------------------------------------------
# Recursive subvolume delete
#----------------------------------------------------------------------------------------------------------------------
btrfsSubDelRecursive() {
btrfs sub list -o "${BTRFS_ROOT}/${1}" | cut -d " " -f 9 | while read i; do
btrfsSubDelRecursive "$i"
done
btrfs sub del "${BTRFS_ROOT}/${1}"
}
#----------------------------------------------------------------------------------------------------------------------
# Remove BE from timestamp
#----------------------------------------------------------------------------------------------------------------------
removeBEFromTimestamp() {
# remove all subvolume with this timestamp
for f in $(btrfs sub list -o /btrfs | cut -d " " -f 9 | grep "@root"); do
if [[ "$f" =~ "$1" ]]; then
btrfsSubDelRecursive "$f"
fi
done
}
#######################################################################################################################
## Main
#######################################################################################################################
echo "┌──────────────────────────────────────────┐"
echo "│ 0. Pre checks │"
echo "└──────────────────────────────────────────┘"
subtaskTitle "Check if another systemupgrade is in progress"
if [ -f ${LOCK_FILE} ]; then
echo "[ERROR] Another systemupgrade is in progress (lockfile: ${LOCK_FILE}) => exit" >&2
exit 1
fi
subtaskTitle "Check if ${MOUNTPOINT} exists"
if [ ! -d ${MOUNTPOINT} ]; then
mkdir -p "${MOUNTPOINT}"
fi
subtaskTitle "Check if ${MOUNTPOINT} is already a mountpoint"
if [[ $(findmnt -M "${MOUNTPOINT}") ]]; then
echo "[ERROR] ${MOUNTPOINT} is already a mountpoint => exit" >&2
exit 1
fi
subtaskTitle "Checks finished and update can start"
# Create lock file
touch ${LOCK_FILE} || systemupdateFailed
echo ""
echo "┌──────────────────────────────────────────┐"
echo "│ 1. Generate new boot environment (BE) │"
echo "└──────────────────────────────────────────┘"
subtaskTitle "Create snapshot of current running system"
btrfs subvolume snapshot / ${BTRFS_ROOT}/${NEW_SUBVOLUME} || systemupdateFailed
subtaskTitle "Mount new BE to ${MOUNTPOINT}"
mount -o noatime,nodiratime,discard=async,space_cache=v2,subvol="${NEW_SUBVOLUME}" "${ROOT_DISK}" "${MOUNTPOINT}" || systemupdateFailed
mount -o noatime,nodiratime,discard=async,space_cache=v2,subvol=@home "${ROOT_DISK}" "${MOUNTPOINT}/home" || systemupdateFailed
mount -o noatime,nodiratime,discard=async,space_cache=v2,subvol=@podman "${ROOT_DISK}" "${MOUNTPOINT}/opt/podman" || systemupdateFailed
mount -o noatime,nodiratime,discard=async,space_cache=v2,subvol=@mysql "${ROOT_DISK}" "${MOUNTPOINT}/var/lib/mysql" || systemupdateFailed
mount -o noatime,nodiratime,discard=async,space_cache=v2,subvol=/ "${ROOT_DISK}" "${MOUNTPOINT}/btrfs" || systemupdateFailed
mount -o nodev,nosuid,noexec "${EFI_DISK}" "${MOUNTPOINT}/efi" || systemupdateFailed
mount -t proc /proc "${MOUNTPOINT}/proc/" || systemupdateFailed
mount -t sysfs /sys "${MOUNTPOINT}/sys/" || systemupdateFailed
mount -o bind /sys/firmware/efi/efivars "${MOUNTPOINT}/sys/firmware/efi/efivars/" || systemupdateFailed
mount -o bind /dev "${MOUNTPOINT}/dev/" || systemupdateFailed
mount -o bind /run "${MOUNTPOINT}/run/" || systemupdateFailed
subtaskTitle "New BE mounted"
echo ""
echo "┌──────────────────────────────────────────┐"
echo "│ 2. Update and Salt highstate │"
echo "└──────────────────────────────────────────┘"
subtaskTitle "Update Saltstack"
chroot "${MOUNTPOINT}" /bin/bash -c "git -C /srv/salt pull" || systemupdateFailed
subtaskTitle "Update bootloader configs"
chroot "${MOUNTPOINT}" /bin/bash -c "salt-call state.sls system.bootloader" >/dev/null || systemupdateFailed
subtaskTitle "Alpine repositories & keyring update"
chroot "${MOUNTPOINT}" /bin/bash -c "apk update" || systemupdateFailed
subtaskTitle "Alpine packages update"
chroot "${MOUNTPOINT}" /bin/bash -c "apk upgrade" || systemupdateFailed
subtaskTitle "Salt highstate"
chroot "${MOUNTPOINT}" /bin/bash -c "salt-call state.highstate" >/dev/null || systemupdateFailed
subtaskTitle "Generate new initial ramdisk"
latest_kernel="$(chroot "${MOUNTPOINT}" /bin/bash -c 'echo $(apk search linux-lts | head -n1 | cut -d- -f3- | sed "s|r||")-lts')"
chroot "${MOUNTPOINT}" /bin/bash -c "mkinitfs $latest_kernel" || systemupdateFailed
subtaskTitle "Update motd"
chroot "${MOUNTPOINT}" /bin/bash -c "/usr/local/noveria/bin/generate_motd" || systemupdateFailed
subtaskTitle "Update GRUB"
chroot "${MOUNTPOINT}" /bin/bash -c "grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=alpine" || systemupdateFailed
chroot "${MOUNTPOINT}" /bin/bash -c "/usr/local/noveria/bin/noveriablcgen --noconfirm" || systemupdateFailed
subtaskTitle "Update finished"
subtaskTitle "Unmount BE"
unmountMountpoint
echo ""
echo "┌──────────────────────────────────────────┐"
echo "│ 3. Clean Up │"
echo "└──────────────────────────────────────────┘"
subtaskTitle "Clean up finished"
# Remove lock file
rm -f ${LOCK_FILE}

13
system/files/base_tun-perm.initd Normal file
View file

@ -0,0 +1,13 @@
#!/sbin/openrc-run
supervisor=supervise-daemon
name="tun module permission setter"
description="setting the permission of /dev/net/tun to 666"
command=$(which chmod)
command_args="0666 /dev/net/tun"
command_user="root"
depend() {
need modules
}

17
system/files/bootloader_00_noveria.motd.j2 Normal file
View file

@ -0,0 +1,17 @@
╔═══════════════════════════════════════════════╗
║ Velkommen til ║
║ _ _ _ ║
║ | \ | | (_) ║
║ | \| | _____ _____ _ __ _ __ _ ║
║ | . ` |/ _ \ \ / / _ \ '__| |/ _` | ║
║ | |\ | (_) \ V / __/ | | | (_| | ║
║ |_| \_|\___/ \_/ \___|_| |_|\__,_| ║
║ ║
╚═══════════════════════════════════════════════╝
OS: {{ OS_NAME }}
Version: {{ OS_RELEASE_INFO }}
Report issues on: {{ OS_ISSUE_URL }}
═════════════════════════════════════════════════

2
system/files/bootloader_issue.j2 Normal file
View file

@ -0,0 +1,2 @@
Velkommen til {{ OS_NAME }}
Timestamp: {{ OS_RELEASE_INFO }} | Kernel: \r

8
system/files/bootloader_os-release.j2 Normal file
View file

@ -0,0 +1,8 @@
NAME="Novos"
ID=noveriaos
ID_LIKE=alpine
VERSION_ID="{{ OS_VERSION }}"
PRETTY_NAME="Novos {{ OS_VERSION }}"
RELEASE_INFO={{ OS_RELEASE_INFO }}
HOME_URL="https://noveria.org"
BUG_REPORT_URL="https://git.noveria.org/Novos/ISO/issues"

7
system/init.ansible.yml Normal file
View file

@ -0,0 +1,7 @@
- import_playbook: base.ansible.yml
- import_playbook: bootloader.ansible.yml
# - import_playbook: disks.ansible.yml
# - import_playbook: user.ansible.yml
# - import_playbook: shell.ansible.yml
# - import_playbook: ansible.ansible.yml

0
system/shell.ansible.yml Normal file
View file

0
system/user.ansible.yml Normal file
View file

2
top.ansible.yml Normal file
View file

@ -0,0 +1,2 @@
- import_playbook: directories.ansible.yml
- import_playbook: system/init.ansible.yml