diff --git a/ansible/README.md b/ansible/README.md index f80edd1..68f449a 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -1,5 +1,8 @@ # Ansible MicroOS VM setup + 4. Run the custom_hardening playbook. This mostly sets SSH parameters to best practice values. ```shell ansible-playbook -i inventory.txt custom_hardening.yml diff --git a/ansible/common_programs.yml b/ansible/common_programs.yml new file mode 100644 index 0000000..dde4dd7 --- /dev/null +++ b/ansible/common_programs.yml @@ -0,0 +1,13 @@ +--- +- name: install commonly used programs + hosts: all + become: yes + tasks: + - name: install borgbackup, tmux with zypper and transactional-update + community.general.zypper: + name: "borgbackup tmux" + state: present + register: zypper_result + - name: reboot if borgbackup or tmux was installed + ansible.builtin.reboot: + when: zypper_result.changed diff --git a/ansible/main.yml b/ansible/main.yml new file mode 100644 index 0000000..ef87e66 --- /dev/null +++ b/ansible/main.yml @@ -0,0 +1,11 @@ +--- +- name: apply custom hardening for ssh + import_playbook: custom_hardening.yml +- name: install commonly used programs + import_playbook: common_programs.yml +- name: allow privileged ports for rootless containers + import_playbook: allow_privileged_ports_rootless.yml +- name: deploy services + import_playbook: deploy_services.yml +- name: deploy traefik configuration + import_playbook: deploy_traefik_config.yml \ No newline at end of file diff --git a/ignition/README.md b/ignition/README.md index 5784d3a..4342f89 100644 --- a/ignition/README.md +++ b/ignition/README.md @@ -3,7 +3,11 @@ 1. Configure ssh public key in ignition-config.yml 2. Run butane to generate the ignition file ```shell -podman run --interactive --rm quay.io/coreos/butane:release --pretty --strict < ignition-config.yml > disk/ignition/config.ign +podman run --interactive --rm \ + quay.io/coreos/butane:release \ + --pretty --strict \ + < ignition-config.yml \ + > disk/ignition/config.ign ``` 3. Create the disk image ```shell