begin using galaxy

ansible.cfg

@@ -1,5 +1,14 @@
 [defaults]
-inventory = hosts
+# hosts file path
+inventory = hosts 
+# number of hosts executed in parallel
+forks = 20 
+# show execution time
+callbacks_enabled = timer, profile_tasks, profile_roles 
+# reduce number of parallel ssh connections to one host
+pipelining = True 
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=40s
 # (boolean) By default Ansible will issue a warning when received from a task action (module or action plugin)
 # These warnings can be silenced by adjusting this setting to False.
 ;action_warnings=True

hosts

@@ -1,23 +1,26 @@
 [desktop]
 
 [headless]
-server[1:7]_oracle
+server[1:7]
+openmediavault
 
 [oracleServer]
-server[1:7]_oracle
+server[1:7]
 
 [home]
 
 [ubuntu]
-server[1:7]_oracle
+server[1:7]
 
 [arm64]
-server[2:6:2]_oracle
+server[2:6:2]
-server7_oracle
+server7
 
 [amd64]
-server[1:5:2]_oracle
+server[1:5:2]
+openmediavault
 
 [prod]
-server1_oracle
+server1
-server2_oracle
+server2
+openmediavault

install_dockerCompose.yml

@@ -8,6 +8,6 @@
       include_role:
         name: force_limitArg
 
-    - name: Reboot if required
+    - name: Install Docker Compose
       include_role:
         name: install_dockerCompose

local.yml

@@ -1,12 +0,0 @@
----
-- hosts: localhost
-  tags: 
-  become: 
-  pre_tasks:
-
-
-
-- hosts:
-  tags:
-  become:
-  roles:

package_upgrade.yml

@@ -1,10 +1,9 @@
 ---
-- name: update apt-cache and upgrade
+- name: Update apt-cache and upgrade
   hosts: oracleServer
   tasks:
-    - name: upgrade packages
+    - name: Upgrade packages
       become: true
-      package:
+      ansible.builtin.package:
-          update_cache: yes
+        update_cache: true
-          upgrade: 'yes'
+        upgrade: true
-

requirements.yml

@@ -0,0 +1,19 @@
+---
+roles:
+  - name: jan_matthis.git_dotfiles
+  - name: geerlingguy.dotfiles
+    version: "1.2.1"
+  - name: geerlingguy.docker
+    version: "6.1.0"
+  - name: geerlingguy.git
+    version: "3.1.0"
+  - name: geerlingguy.pip
+    version: "2.2.0"
+  - name: geerlingguy.nginx
+    version: "3.1.4"
+      
+collections:
+  - name: oracle.oci
+    version: "4.18.0"
+  - name: community.docker
+    version: "3.4.3"

roles/install_dockerCompose/tasks/main.yml

@@ -7,7 +7,7 @@
       - gnupg
       - lsb-release
     state: latest
-    update_cache: yes
+    update_cache: true
 
 - name: Add Docker GPG Key
   become: true
@@ -19,13 +19,13 @@
 - name: Add Docker Repository
   become: true
   apt_repository:
-    repo: "deb [arch={{ arch }}] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} stable"
+    repo: "deb [arch={{ arch }}] https://download.docker.com/linux/{{ansible_distribution|lower}} {{ansible_distribution_release}} {{release_branch_docker}}"
     state: present
 
 - name: Install Docker packages
   become: true
   apt: 
-    update_cache: yes
+    update_cache: true
     pkg:
       - docker-ce
       - docker-ce-cli
@@ -39,7 +39,7 @@
     name: "{{ ansible_user_id }}"
     groups: 
       - docker
-    append: yes
+    append: true
 
 - name: Create docker folder in home directory
   file:

roles/install_dotfiles/defaults/main.yml

@@ -0,0 +1,3 @@
+dotfiles_repo_source: "git@github.com:eneller/.dotfiles"
+dotfiles_repo_commit: "headless"
+dotfiles_repo_destination: ".dotfiles"

roles/install_dotfiles/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: Check for existing dotfiles repository
+  ansible.builtin.stat:
+    path: "{{ dotfiles_repo_destination }}HEAD"
+  register: dotfiles_repo_head
+  changed_when: false
+
+- name: Clone into /tmp
+  ansible.builtin.git:
+    dest: /tmp/dotfiles
+    repo: "{{ dotfiles_repo_source }}"
+    version: "{{ dotfiles_repo_commit }}"
+  when: not dotfiles_repo_head.stat.exists
+
+- name: Back up existing dotfiles
+  ansible.builtin.shell:
+    chdir: /tmp/dotfiles
+    cmd: |
+      git ls-files | while read -r line; do
+      mv $HOME/$line $HOME/$line.bak
+      done
+  # when: # TODO only if bare repo doesnt already exist
+  when: not dotfiles_repo_head.stat.exists
+- name: Initialize dotfiles repository in user home
+  ansible.builtin.git:
+    bare: true
+    update: true
+    dest: "{{ ansible_user_directory }}/{{ dotfiles_repo_destination }}"
+    repo: "{{ dotfiles_repo_source }}"
+    version: "{{ dotfiles_repo_commit }}"

ssh_updateKey.yml

@@ -1,13 +1,35 @@
 ---
 # https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html#examples
-- name: update apt-cache and upgrade
+- name: update ssh key and login permissions
+  strategy: free # dont wait for other hosts when executing
   hosts: oracleServer
   tasks:
-    - name: upgrade packages
+
+    - name: Add ssh key
       become: true
+      async: 120 # Maximum execution time
+      poll: 05 # polling interval in seconds
       ansible.posix.authorized_key:
         user: "{{ ansible_user_id }}"
         exclusive: true
         state: present
         key: "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}"
 
+    - name: sshd configuration file update
+      blockinfile:
+        path: /etc/ssh/sshd_config
+        insertbefore: BOF # Beginning of the file
+        marker: "# {mark} ANSIBLE MANAGED BLOCK BY LINUX-ADMIN"
+        block: |
+          PermitRootLogin no
+          PubkeyAuthentication yes
+          AuthorizedKeysFile .ssh/authorized_keys
+          PasswordAuthentication no
+        backup: true
+        validate: /usr/sbin/sshd -T -f %s
+
+    - name: Restart SSHD
+      service:
+        name: sshd
+        state: restarted
+