Initialize Project

playbooks/roles/common/defaults/main.yml

@@ -0,0 +1,49 @@
+---
+common_packages: # noqa var-naming[no-role-prefix]
+  - ca-certificates
+  - apt-transport-https
+  - software-properties-common
+  - build-essential
+  - gnupg
+  - gnupg-agent
+  - mysql-client
+  - acl
+  - rsync
+  - zip
+  - unzip
+  - curl
+  - git
+  - lsof
+  - iputils-ping
+  - dnsutils
+  - iproute2
+  - python3
+  - python3-pip
+  - python3.11-venv
+  - jq
+
+docker_packages: # noqa var-naming[no-role-prefix]
+  - docker-ce
+  - docker-ce-cli
+  - containerd.io
+  - docker-compose-plugin
+
+zsh_packages: # noqa var-naming[no-role-prefix]
+  - zsh
+  - ruby
+  - ruby-dev
+  - libz-dev
+  - libiconv-hook1
+  - libiconv-hook-dev
+  - zlib1g-dev
+  - fzf
+
+zsh_extensions: # noqa var-naming[no-role-prefix]
+  - repo: https://github.com/zsh-users/zsh-syntax-highlighting.git
+    dest: ~/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting
+  - repo: https://github.com/junegunn/fzf.git
+    dest: ~/.fzf
+  - repo: https://github.com/zsh-users/zsh-autosuggestions.git
+    dest: ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions
+  - repo: https://github.com/romkatv/powerlevel10k.git
+    dest: ~/.oh-my-zsh/custom/themes/powerlevel10k

playbooks/roles/common/files/.zshrc

@@ -0,0 +1,133 @@
+# Enable Powerlevel10k instant prompt. Should stay close to the top of ~/.zshrc.
+# Initialization code that may require console input (password prompts, [y/n]
+# confirmations, etc.) must go above this block; everything else may go below.
+if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then
+  source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
+fi
+
+# If you come from bash you might have to change your $PATH.
+# export PATH=$HOME/bin:/usr/local/bin:$PATH
+
+# Path to your oh-my-zsh installation.
+export ZSH="$HOME/.oh-my-zsh"
+
+ZSH_THEME="powerlevel10k/powerlevel10k"
+POWERLEVEL10K_MODE="nerdfont-complete"
+
+# Set list of themes to pick from when loading at random
+# Setting this variable when ZSH_THEME=random will cause zsh to load
+# a theme from this variable instead of looking in $ZSH/themes/
+# If set to an empty array, this variable will have no effect.
+# ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" )
+
+# Uncomment the following line to use case-sensitive completion.
+# CASE_SENSITIVE="true"
+
+# Uncomment the following line to use hyphen-insensitive completion.
+# Case-sensitive completion must be off. _ and - will be interchangeable.
+# HYPHEN_INSENSITIVE="true"
+
+# Uncomment the following line to disable bi-weekly auto-update checks.
+# DISABLE_AUTO_UPDATE="true"
+
+# Uncomment the following line to automatically update without prompting.
+DISABLE_UPDATE_PROMPT="true"
+
+# Uncomment the following line to change how often to auto-update (in days).
+# export UPDATE_ZSH_DAYS=13
+
+# Uncomment the following line if pasting URLs and other text is messed up.
+# DISABLE_MAGIC_FUNCTIONS="true"
+
+# Uncomment the following line to disable colors in ls.
+# DISABLE_LS_COLORS="true"
+
+# Uncomment the following line to disable auto-setting terminal title.
+# DISABLE_AUTO_TITLE="true"
+
+# Uncomment the following line to enable command auto-correction.
+# ENABLE_CORRECTION="true"
+
+# Uncomment the following line to display red dots whilst waiting for completion.
+COMPLETION_WAITING_DOTS="true"
+
+# Uncomment the following line if you want to disable marking untracked files
+# under VCS as dirty. This makes repository status check for large repositories
+# much, much faster.
+# DISABLE_UNTRACKED_FILES_DIRTY="true"
+
+HIST_STAMPS="dd.mm.yyyy"
+
+# Would you like to use another custom folder than $ZSH/custom?
+# ZSH_CUSTOM=/path/to/new-custom-folder
+
+# Which plugins would you like to load?
+# Standard plugins can be found in $ZSH/plugins/
+# Custom plugins may be added to $ZSH_CUSTOM/plugins/
+# Example format: plugins=(rails git textmate ruby lighthouse)
+# Add wisely, as too many plugins slow down shell startup.
+# plugins=(git dnf zsh-syntax-highlighting zsh-autosuggestions fzf bgnotify)
+plugins=(git dnf zsh-syntax-highlighting zsh-autosuggestions fzf)
+
+source $ZSH/oh-my-zsh.sh
+
+# User configuration
+
+# export MANPATH="/usr/local/man:$MANPATH"
+
+# You may need to manually set your language environment
+# export LANG=en_US.UTF-8
+
+# Preferred editor for local and remote sessions
+# if [[ -n $SSH_CONNECTION ]]; then
+#   export EDITOR='vim'
+# else
+#   export EDITOR='mvim'
+# fi
+
+# Compilation flags
+# export ARCHFLAGS="-arch x86_64"
+
+# Set personal aliases, overriding those provided by oh-my-zsh libs,
+# plugins, and themes. Aliases can be placed here, though oh-my-zsh
+# users are encouraged to define aliases within the ZSH_CUSTOM folder.
+# For a full list of active aliases, run `alias`.
+#
+# Example aliases
+# alias zshconfig="mate ~/.zshrc"
+# alias ohmyzsh="mate ~/.oh-my-zsh"
+
+export DENO_INSTALL="$HOME/.deno"
+export PATH="$DENO_INSTALL/bin:$PATH"
+
+export CARGO_INSTALL="$HOME/.cargo"
+export PATH="$CARGO_INSTALL/bin:$PATH"
+
+export GEM_HOME="$(ruby -e 'puts Gem.user_dir')"
+export PATH="$PATH:$GEM_HOME/bin"
+
+# To customize prompt, run `p10k configure` or edit ~/.p10k.zsh.
+[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
+
+alias d="sudo docker"
+alias m="mysql -u root -p"
+alias vi="vim"
+alias y="yarn"
+alias yrw="yarn run watch"
+alias yrp="yarn run prod"
+alias gw="gulp watch"
+
+alias s="git status"
+alias pull="git pull"
+alias a="git add ."
+alias c="git commit -a -S -m"
+alias p="git push"
+alias ls="colorls --sd"
+
+export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
+
+# rm ~/.docker/config.json
+
+# eval "$(ssh-agent -s)"
+
+[ -f ~/.fzf.zsh ] && source ~/.fzf.zsh

playbooks/roles/common/handlers/main.yml

@@ -0,0 +1,41 @@
+---
+- name: Start Docker
+  ansible.builtin.service:
+    name: docker
+    state: started
+  become: true
+
+- name: Enable Docker
+  ansible.builtin.service:
+    name: docker
+    enabled: true
+  become: true
+
+- name: Start Nginx
+  ansible.builtin.service:
+    name: nginx
+    state: started
+  become: true
+
+- name: Enable Nginx
+  ansible.builtin.service:
+    name: nginx
+    enabled: true
+  become: true
+
+- name: Start Firewalld
+  ansible.builtin.service:
+    name: firewalld
+    state: started
+  become: true
+
+- name: Enable Firewalld
+  ansible.builtin.service:
+    name: firewalld
+    enabled: true
+  become: true
+
+- name: Reload Firewalld
+  ansible.builtin.command: firewall-cmd --reload
+  become: true
+  changed_when: true

playbooks/roles/common/tasks/docker.yml

@@ -0,0 +1,46 @@
+---
+- name: Add docker gpg key
+  ansible.builtin.apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    keyring: /etc/apt/trusted.gpg.d/docker.gpg
+  become: true
+
+- name: Add docker apt repository
+  ansible.builtin.apt_repository:
+    repo: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable'
+    filename: docker
+    update_cache: true
+  become: true
+
+- name: Install docker packages
+  ansible.builtin.apt:
+    name: '{{ docker_packages }}'
+    update_cache: true
+    state: present
+  become: true
+  notify:
+    - Start Docker
+    - Enable Docker
+
+- name: Add users in docker group to run as non-root
+  ansible.builtin.user:
+    name: '{{ item.key }}'
+    groups: docker
+    append: true
+    state: present
+  loop: '{{ access.admin | dict2items }}'
+  become: true
+
+- name: Add cronjob for deleting unused docker images
+  ansible.builtin.cron:
+    name: 'Docker prune images'
+    minute: '0'
+    hour: '0'
+    day: '*'
+    month: '*'
+    weekday: '*'
+    job: 'docker image prune -a'
+  become: true
+
+- name: Run handlers
+  ansible.builtin.meta: flush_handlers

playbooks/roles/common/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+- name: Set timezone
+  community.general.timezone:
+    name: '{{ timezone }}'
+  when: timezone is defined
+  become: true
+
+- name: Configure swap
+  ansible.builtin.import_tasks: swap.yml
+  become: true
+  become_user: root
+
+- name: Update and upgrade packages
+  ansible.builtin.apt:
+    upgrade: true
+    update_cache: true
+  become: true
+
+- name: Add cronjob for upgrading packages
+  ansible.builtin.cron:
+    name: Upgrade packages
+    minute: '0'
+    hour: '0'
+    day: '*'
+    month: '*'
+    weekday: '*'
+    job: apt update && apt upgrade -y
+    user: root
+    state: present
+  become: true
+
+- name: Install Common packages # noqa package-latest
+  ansible.builtin.apt:
+    pkg: '{{ common_packages }}'
+    state: latest
+    update_cache: true
+  become: true
+
+- name: Docker Setup
+  ansible.builtin.import_tasks: docker.yml
+
+- name: Install yq
+  ansible.builtin.get_url:
+    url: https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+    dest: /usr/bin/yq
+    mode: a+x
+  become: true

playbooks/roles/common/tasks/swap.yml

@@ -0,0 +1,64 @@
+---
+- name: Manage swap file entry in fstab
+  ansible.posix.mount:
+    name: swap
+    src: '{{ swap_file_path }}'
+    fstype: swap
+    opts: sw
+    state: '{{ swap_file_state }}'
+
+- name: Check if swap file exists
+  ansible.builtin.stat:
+    path: '{{ swap_file_path }}'
+    get_checksum: false
+  register: _swap_file_check
+  changed_when: false
+
+- name: Set variable for existing swap file size
+  ansible.builtin.set_fact:
+    swap_file_existing_size_mb: '{{ (_swap_file_check.stat.size / 1024 / 1024) | int }}'
+  when: _swap_file_check.stat.exists
+
+- name: Disable swap
+  ansible.builtin.command: swapoff -a
+  when: swap_file_state == 'absent' or (swap_file_state == 'present' and swap_file_existing_size_mb != swap_file_size_mb)
+  changed_when: true
+
+- name: Ensure swap file doesn't exist
+  ansible.builtin.file:
+    path: '{{ swap_file_path }}'
+    state: absent
+  when: swap_file_state == 'absent' or (swap_file_state == 'present' and swap_file_existing_size_mb != swap_file_size_mb)
+
+- name: Ensure swap file exists # noqa no-free-form
+  ansible.builtin.command: >
+    {{ swap_file_create_command }}
+    creates='{{ swap_file_path }}'
+  register: _swap_file_create
+  when: swap_file_state == "present"
+
+- name: Set permissions on swap file
+  ansible.builtin.file:
+    path: '{{ swap_file_path }}'
+    owner: root
+    group: root
+    mode: '0600'
+  when: swap_file_state == "present"
+
+- name: Make swap file if necessary
+  ansible.builtin.command: mkswap {{ swap_file_path }}
+  when: swap_file_state == "present" and _swap_file_create is changed
+  register: _mkswap_result
+  changed_when: true
+
+- name: Run swapon on the swap file
+  ansible.builtin.command: swapon {{ swap_file_path }}
+  when: swap_file_state == "present" and _mkswap_result is changed
+  changed_when: true
+
+- name: Set swappiness
+  ansible.posix.sysctl:
+    name: vm.swappiness
+    value: '{{ swap_swappiness }}'
+    state: present
+  when: swap_file_state == "present"