Initialize Project

2025-08-11 21:41:44 +04:00
commit a871ef846e
30 changed files with 2955 additions and 0 deletions
--- a/playbooks/roles/common/tasks/docker.yml
+++ b/playbooks/roles/common/tasks/docker.yml
@@ -0,0 +1,46 @@
+---
+- name: Add docker gpg key
+  ansible.builtin.apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    keyring: /etc/apt/trusted.gpg.d/docker.gpg
+  become: true
+
+- name: Add docker apt repository
+  ansible.builtin.apt_repository:
+    repo: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable'
+    filename: docker
+    update_cache: true
+  become: true
+
+- name: Install docker packages
+  ansible.builtin.apt:
+    name: '{{ docker_packages }}'
+    update_cache: true
+    state: present
+  become: true
+  notify:
+    - Start Docker
+    - Enable Docker
+
+- name: Add users in docker group to run as non-root
+  ansible.builtin.user:
+    name: '{{ item.key }}'
+    groups: docker
+    append: true
+    state: present
+  loop: '{{ access.admin | dict2items }}'
+  become: true
+
+- name: Add cronjob for deleting unused docker images
+  ansible.builtin.cron:
+    name: 'Docker prune images'
+    minute: '0'
+    hour: '0'
+    day: '*'
+    month: '*'
+    weekday: '*'
+    job: 'docker image prune -a'
+  become: true
+
+- name: Run handlers
+  ansible.builtin.meta: flush_handlers
--- a/playbooks/roles/common/tasks/main.yml
+++ b/playbooks/roles/common/tasks/main.yml
@@ -0,0 +1,47 @@
+---
+- name: Set timezone
+  community.general.timezone:
+    name: '{{ timezone }}'
+  when: timezone is defined
+  become: true
+
+- name: Configure swap
+  ansible.builtin.import_tasks: swap.yml
+  become: true
+  become_user: root
+
+- name: Update and upgrade packages
+  ansible.builtin.apt:
+    upgrade: true
+    update_cache: true
+  become: true
+
+- name: Add cronjob for upgrading packages
+  ansible.builtin.cron:
+    name: Upgrade packages
+    minute: '0'
+    hour: '0'
+    day: '*'
+    month: '*'
+    weekday: '*'
+    job: apt update && apt upgrade -y
+    user: root
+    state: present
+  become: true
+
+- name: Install Common packages # noqa package-latest
+  ansible.builtin.apt:
+    pkg: '{{ common_packages }}'
+    state: latest
+    update_cache: true
+  become: true
+
+- name: Docker Setup
+  ansible.builtin.import_tasks: docker.yml
+
+- name: Install yq
+  ansible.builtin.get_url:
+    url: https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+    dest: /usr/bin/yq
+    mode: a+x
+  become: true
--- a/playbooks/roles/common/tasks/swap.yml
+++ b/playbooks/roles/common/tasks/swap.yml
@@ -0,0 +1,64 @@
+---
+- name: Manage swap file entry in fstab
+  ansible.posix.mount:
+    name: swap
+    src: '{{ swap_file_path }}'
+    fstype: swap
+    opts: sw
+    state: '{{ swap_file_state }}'
+
+- name: Check if swap file exists
+  ansible.builtin.stat:
+    path: '{{ swap_file_path }}'
+    get_checksum: false
+  register: _swap_file_check
+  changed_when: false
+
+- name: Set variable for existing swap file size
+  ansible.builtin.set_fact:
+    swap_file_existing_size_mb: '{{ (_swap_file_check.stat.size / 1024 / 1024) | int }}'
+  when: _swap_file_check.stat.exists
+
+- name: Disable swap
+  ansible.builtin.command: swapoff -a
+  when: swap_file_state == 'absent' or (swap_file_state == 'present' and swap_file_existing_size_mb != swap_file_size_mb)
+  changed_when: true
+
+- name: Ensure swap file doesn't exist
+  ansible.builtin.file:
+    path: '{{ swap_file_path }}'
+    state: absent
+  when: swap_file_state == 'absent' or (swap_file_state == 'present' and swap_file_existing_size_mb != swap_file_size_mb)
+
+- name: Ensure swap file exists # noqa no-free-form
+  ansible.builtin.command: >
+    {{ swap_file_create_command }}
+    creates='{{ swap_file_path }}'
+  register: _swap_file_create
+  when: swap_file_state == "present"
+
+- name: Set permissions on swap file
+  ansible.builtin.file:
+    path: '{{ swap_file_path }}'
+    owner: root
+    group: root
+    mode: '0600'
+  when: swap_file_state == "present"
+
+- name: Make swap file if necessary
+  ansible.builtin.command: mkswap {{ swap_file_path }}
+  when: swap_file_state == "present" and _swap_file_create is changed
+  register: _mkswap_result
+  changed_when: true
+
+- name: Run swapon on the swap file
+  ansible.builtin.command: swapon {{ swap_file_path }}
+  when: swap_file_state == "present" and _mkswap_result is changed
+  changed_when: true
+
+- name: Set swappiness
+  ansible.posix.sysctl:
+    name: vm.swappiness
+    value: '{{ swap_swappiness }}'
+    state: present
+  when: swap_file_state == "present"