Home Explore Help
Register Sign In
iapt-platform
/
mint
mirror of https://github.com/iapt-platform/mint.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

:wrench: merge docker setting profiles

China Kassapa 7 months ago
parent
aed0c333f4
commit
5478156c43
25 changed files with 606 additions and 8 deletions
Split View Show Diff Stats
  1. 1 0
      magnolia/.gitignore
  2. 8 4
      magnolia/docker/Dockerfile
  3. 3 4
      magnolia/docker/README.md
  4. 7 0
      magnolia/ec2.yml
  5. 4 0
      magnolia/open-search.yml
  6. 9 0
      magnolia/ping.yml
  7. 7 0
      magnolia/reboot.yml
  8. 4 0
      magnolia/redis.yml
  9. 3 0
      magnolia/roles/docker/files/daemon.json
  10. 28 0
      magnolia/roles/docker/tasks/kubernetes.yml
  11. 72 0
      magnolia/roles/docker/tasks/main.yml
  12. 1 0
      magnolia/roles/docker/templates/docker.list.j2
  13. 48 0
      magnolia/roles/opensearch/tasks/main.yml
  14. 17 0
      magnolia/roles/opensearch/templates/server.service.j2
  15. 19 0
      magnolia/roles/os/tasks/init.yml
  16. 47 0
      magnolia/roles/os/tasks/main.yml
  17. 31 0
      magnolia/roles/os/tasks/sshd.yml
  18. 78 0
      magnolia/roles/os/tasks/ulimits.yml
  19. 8 0
      magnolia/roles/random-passwords/main.yml
  20. 50 0
      magnolia/roles/redis/tasks/main.yml
  21. 13 0
      magnolia/roles/redis/templates/redis.conf.j2
  22. 16 0
      magnolia/roles/redis/templates/server.service.j2
  23. 23 0
      magnolia/roles/ubuntu/tasks/clean.yml
  24. 31 0
      magnolia/roles/ubuntu/tasks/locales.yml
  25. 78 0
      magnolia/roles/ubuntu/tasks/main.yml

+ 1 - 0
magnolia/.gitignore
View File 

@@ -0,0 +1 @@
 
+/clients/

+ 8 - 4
magnolia/docker/Dockerfile
View File 

@@ -34,16 +34,18 @@ RUN python3.13 -m ensurepip --upgrade
 
 # RUN echo 'deploy ALL=(ALL:ALL) NOPASSWD: ALL' > /etc/sudoers.d/101-deploy
 
 # USER deploy
 
 
+RUN mkdir $HOME/local $HOME/tmp $HOME/downloads
 
+
 
 # https://github.com/sdkman/sdkman-cli
 
 # https://docs.gradle.org/current/userguide/compatibility.html
 
 ENV JDK_VERSION="21.0.2-open"
 
 RUN curl -s "https://get.sdkman.io" | bash
 
 RUN sed -i -e 's/sdkman_auto_answer=false/sdkman_auto_answer=true/g' $HOME/.sdkman/etc/config
 
-RUN . $HOME/.sdkman/bin/sdkman-init.sh \
 
+RUN bash -c ". $HOME/.sdkman/bin/sdkman-init.sh \
 
     && sdk install java ${JDK_VERSION} \
 
     && sdk install maven \
 
     && sdk install gradle \
 
-    && sdk install kotlin
 
+    && sdk install kotlin"
 
 
 # https://github.com/nvm-sh/nvm
 
 ENV NVM_VERSION="v0.40.3"
 
@@ -51,11 +53,13 @@ RUN git clone -b ${NVM_VERSION} https://github.com/nvm-sh/nvm.git $HOME/.nvm
 
 RUN echo 'export NVM_DIR="$HOME/.nvm"' >> $HOME/.bashrc 
 RUN echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"' >> $HOME/.bashrc 
 RUN echo '[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"' >> $HOME/.bashrc
 
-RUN . $HOME/.nvm/nvm.sh && nvm install --lts && npm install -g yarn
 
+RUN bash -c ". $HOME/.nvm/nvm.sh \
 
+    && nvm install --lts \
 
+    && npm install -g yarn"
 
 
 # https://getcomposer.org/doc/00-intro.md#installation-linux-unix-macos
 
 RUN wget -q -O $HOME/downloads/composer https://getcomposer.org/installer
 
-RUN cd $HOME/downloads/composer && php composer && mv composer.phar /usr/local/bin/composer
 
+RUN cd $HOME/downloads && php composer && mv composer.phar /usr/local/bin/composer
 
 
 RUN echo "$(date -u +%4Y%m%d%H%M%S)" | tee /VERSION

+ 3 - 4
magnolia/docker/README.md
View File 

@@ -4,6 +4,9 @@
 
 
 ```bash
 
 sudo pacman -S buildkit docker-buildx
 
+
 
+docker image load -i xxx.tar
 
+docker image ls --tree
 
 ```
 
 
 ## Documents
 
@@ -14,7 +17,3 @@ sudo pacman -S buildkit docker-buildx
 
 | ----------------------------------------------------------- | --- |
 
 | [8](https://laravel.com/docs/10.x/releases#support-policy)  | 8.1 |
 
 | [12](https://laravel.com/docs/12.x/releases#support-policy) | 8.4 |
 
-
 
-### Commands
 
-
 
-- docker image ls --tree

+ 7 - 0
magnolia/ec2.yml
View File 

@@ -0,0 +1,7 @@
 
+- name: Testing ssh connections
 
+  hosts: all,!localhost
 
+  roles:
 
+    - os
 
+    - ubuntu
 
+    - docker
 
+    - random-passwords

+ 4 - 0
magnolia/open-search.yml
View File 

@@ -0,0 +1,4 @@
 
+- name: OpenSearch node
 
+  hosts: all
 
+  roles:
 
+    - open-search

+ 9 - 0
magnolia/ping.yml
View File 

@@ -0,0 +1,9 @@
 
+- name: Ping
 
+  hosts: all
 
+  tasks:
 
+    - name: Test ssh connection
 
+      ansible.builtin.ping:
 
+
 
+    - name: Show facts available on the system
 
+      ansible.builtin.debug:
 
+        var: ansible_facts

+ 7 - 0
magnolia/reboot.yml
View File 

@@ -0,0 +1,7 @@
 
+- name: Reboot
 
+  hosts: all,!localhost
 
+  tasks:
 
+    - name: Reboot system
 
+      become: true
 
+      ansible.builtin.reboot:
 
+        reboot_timeout: 120

+ 4 - 0
magnolia/redis.yml
View File 

@@ -0,0 +1,4 @@
 
+- name: Redis cluster node
 
+  hosts: all
 
+  roles:
 
+    - redis

+ 3 - 0
magnolia/roles/docker/files/daemon.json
View File 

@@ -0,0 +1,3 @@
 
+{
 
+  "data-root": "/srv/.docker"
 
+}

+ 28 - 0
magnolia/roles/docker/tasks/kubernetes.yml
View File 

@@ -0,0 +1,28 @@
 
+# https://minikube.sigs.k8s.io/docs/start/
 
+- name: Install minikube
 
+  become: true
 
+  ansible.builtin.get_url:
 
+    url: https://github.com/kubernetes/minikube/releases/latest/download/minikube-linux-amd64
 
+    dest: /usr/local/bin/minikube
 
+    mode: "0755"
 
+  when: ansible_architecture == "x86_64"
 
+
 
+- name: Install minikube
 
+  become: true
 
+  ansible.builtin.get_url:
 
+    url: https://github.com/kubernetes/minikube/releases/latest/download/minikube-linux-arm64
 
+    dest: /usr/local/bin/minikube
 
+    mode: "0755"
 
+  when: ansible_architecture == "aarch64"
 
+
 
+# https://minikube.sigs.k8s.io/docs/handbook/kubectl/
 
+- name: Install Kubectl
 
+  become: true
 
+  ansible.builtin.file:
 
+    src: /usr/local/bin/minikube
 
+    dest: /usr/local/bin/kubectl
 
+    state: link
 
+
 
+- name: Setup Kubectl
 
+  ansible.builtin.shell:
 
+    cmd: kubectl help

+ 72 - 0
magnolia/roles/docker/tasks/main.yml
View File 

@@ -0,0 +1,72 @@
 
+# https://docs.docker.com/engine/install/ubuntu/
 
+
 
+- name: Install dependency packages
 
+  become: true
 
+  ansible.builtin.apt:
 
+    pkg:
 
+      - ca-certificates
 
+      - curl
 
+
 
+- name: Create apt keys folder
 
+  become: true
 
+  ansible.builtin.file:
 
+    path: /etc/apt/keyrings
 
+    state: directory
 
+    mode: "0755"
 
+
 
+- name: Download docker asc
 
+  become: true
 
+  ansible.builtin.get_url:
 
+    url: https://download.docker.com/linux/ubuntu/gpg
 
+    dest: /etc/apt/keyrings/docker.asc
 
+    mode: "0644"
 
+
 
+- name: Upload docker.list
 
+  become: true
 
+  ansible.builtin.template:
 
+    src: docker.list.j2
 
+    dest: /etc/apt/sources.list.d/docker.list
 
+    mode: "0644"
 
+
 
+- name: Install docker packages
 
+  become: true
 
+  ansible.builtin.apt:
 
+    pkg:
 
+      - docker-ce
 
+      - docker-ce-cli
 
+      - containerd.io
 
+      - docker-buildx-plugin
 
+      - docker-compose-plugin
 
+
 
+- name: Add user to docker group
 
+  become: true
 
+  ansible.builtin.user:
 
+    name: "{{ ansible_user }}"
 
+    groups:
 
+      - docker
 
+    append: true
 
+
 
+- name: Change the default Docker storage location
 
+  become: true
 
+  ansible.builtin.copy:
 
+    src: daemon.json
 
+    dest: /etc/docker/daemon.json
 
+    mode: "0644"
 
+
 
+# https://kubernetes.io/docs/setup/production-environment/container-runtimes/#prerequisite-ipv4-forwarding-optional
 
+- name: Enable IPv4 packet forwarding
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/sysctl.d/101-k8s.conf
 
+    line: "net.ipv4.ip_forward = 1"
 
+    create: true
 
+    mode: "0644"
 
+
 
+- name: Swap off
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/sysctl.d/101-k8s.conf
 
+    line: "vm.swappiness = 0"
 
+
 
+- name: Setup kubernetes
 
+  ansible.builtin.import_tasks: kubernetes.yml

+ 1 - 0
magnolia/roles/docker/templates/docker.list.j2
View File 

@@ -0,0 +1 @@
 
+deb [signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} stable

+ 48 - 0
magnolia/roles/opensearch/tasks/main.yml
View File 

@@ -0,0 +1,48 @@
 
+- name: Unarchive open-search package
 
+  ansible.builtin.unarchive:
 
+    src: "https://artifacts.opensearch.org/releases/bundle/opensearch/{{ open_search_version }}/opensearch-{{ open_search_version }}-linux-{{ open_search_arch }}.tar.gz"
 
+    dest: /opt
 
+    remote_src: true
 
+    owner: www-data
 
+    group: www-data
 
+
 
+- name: Set listening
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /opt/opensearch-{{ open_search_version }}/config/opensearch.yml
 
+    line: "network.host: 0.0.0.0"
 
+    backup: true
 
+
 
+- name: Set single node
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /opt/opensearch-{{ open_search_version }}/config/opensearch.yml
 
+    line: "discovery.type: single-node"
 
+    backup: true
 
+
 
+- name: Disable security plugin
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /opt/opensearch-{{ open_search_version }}/config/opensearch.yml
 
+    line: "plugins.security.disabled: true"
 
+    backup: true
 
+
 
+- name: Upload OpenSearch systemd service
 
+  become: true
 
+  template:
 
+    src: server.service.j2
 
+    dest: "/usr/lib/systemd/system/open-search.service"
 
+    mode: "0644"
 
+
 
+- name: Force systemd to reread configs
 
+  become: true
 
+  systemd:
 
+    daemon_reload: true
 
+
 
+- name: Enable OpenSearch service
 
+  become: true
 
+  ansible.builtin.systemd:
 
+    name: "open-search"
 
+    enabled: true
 
+    masked: false
 
+    state: "restarted"

+ 17 - 0
magnolia/roles/opensearch/templates/server.service.j2
View File 

@@ -0,0 +1,17 @@
 
+[Unit]
 
+Description=OpenSearch is an open-source, enterprise-grade search and observability suite that brings order to unstructured data at scale
 
+After=network.target
 
+
 
+[Service]
 
+Type=notify
 
+WorkingDirectory=/opt/opensearch-{{ open_search_version }}
 
+ExecStart=/opt/opensearch-{{ open_search_version }}/bin/opensearch
 
+TimeoutStartSec=180
 
+TimeoutStopSec=120
 
+Restart=always
 
+User=www-data
 
+Group=www-data
 
+Environment="OPENSEARCH_JAVA_HOME=/opt/opensearch-{{ open_search_version }}"
 
+
 
+[Install]
 
+WantedBy=multi-user.target

+ 19 - 0
magnolia/roles/os/tasks/init.yml
View File 

@@ -0,0 +1,19 @@
 
+- name: Create downloads folder
 
+  ansible.builtin.file:
 
+    path: "{{ ansible_env.HOME }}/downloads/"
 
+    state: directory
 
+
 
+- name: Create backup folder
 
+  ansible.builtin.file:
 
+    path: "{{ ansible_env.HOME }}/backups/"
 
+    state: directory
 
+
 
+- name: Create local folder
 
+  ansible.builtin.file:
 
+    path: "{{ ansible_env.HOME }}/local/"
 
+    state: directory
 
+
 
+- name: Create tmp folder
 
+  ansible.builtin.file:
 
+    path: "{{ ansible_env.HOME }}/tmp/"
 
+    state: directory

+ 47 - 0
magnolia/roles/os/tasks/main.yml
View File 

@@ -0,0 +1,47 @@
 
+- include_tasks: init.yml
 
+- include_tasks: sshd.yml
 
+- include_tasks: ulimits.yml
 
+
 
+- name: Update system
 
+  become: true
 
+  ansible.builtin.apt:
 
+    update_cache: true
 
+    cache_valid_time: 3600
 
+  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Kylin'
 
+
 
+- name: Update all packages to their latest version
 
+  become: true
 
+  ansible.builtin.apt:
 
+    name: "*"
 
+    state: latest
 
+  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Kylin'
 
+
 
+- name: Install dependicy packages
 
+  become: true
 
+  ansible.builtin.apt:
 
+    pkg:
 
+      - pwgen
 
+      - zsh
 
+      - git
 
+      - tmux
 
+  when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Kylin'
 
+
 
+- name: Set timezone
 
+  become: true
 
+  ansible.builtin.shell: timedatectl set-timezone UTC
 
+
 
+- name: Setup journald storage
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/systemd/journald.conf
 
+    regexp: "^#Storage="
 
+    line: Storage=persistent
 
+
 
+# https://www.linode.com/docs/quick-answers/linux/how-to-use-journalctl/
 
+- name: Setup journald storage keep-free
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/systemd/journald.conf
 
+    state: present
 
+    regexp: "^#SystemKeepFree="
 
+    line: SystemKeepFree=6%

+ 31 - 0
magnolia/roles/os/tasks/sshd.yml
View File 

@@ -0,0 +1,31 @@
 
+- name: Disable dns for sshd
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/ssh/sshd_config
 
+    regexp: "^UseDNS "
 
+    line: UseDNS no
 
+    backup: true
 
+
 
+- name: Disable GSS api auth for sshd
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/ssh/sshd_config
 
+    regexp: "^GSSAPIAuthentication "
 
+    line: GSSAPIAuthentication no
 
+    backup: true
 
+
 
+- name: Disable root ssh login
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/ssh/sshd_config
 
+    regexp: "^PermitRootLogin no"
 
+    line: PermitRootLogin no
 
+    backup: true
 
+
 
+- name: Disable ssh login by password
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/ssh/sshd_config
 
+    regexp: "^PasswordAuthentication no"
 
+    line: PasswordAuthentication no
 
+    backup: true

+ 78 - 0
magnolia/roles/os/tasks/ulimits.yml
View File 

@@ -0,0 +1,78 @@
 
+- name: Setup nofile for system
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/systemd/system.conf
 
+    regexp: "^DefaultLimitNOFILE="
 
+    line: DefaultLimitNOFILE=2097152
 
+    backup: true
 
+
 
+- name: Setup nproc for system
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/systemd/system.conf
 
+    regexp: "^DefaultLimitNPROC"
 
+    line: DefaultLimitNPROC=524288
 
+    backup: true
 
+
 
+- name: Setup nofile for user
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/systemd/user.conf
 
+    regexp: "^DefaultLimitNOFILE="
 
+    line: DefaultLimitNOFILE=1048576
 
+    backup: true
 
+
 
+- name: Setup nproc for user
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/systemd/user.conf
 
+    regexp: "^DefaultLimitNPROC"
 
+    line: DefaultLimitNPROC=262144
 
+    backup: true
 
+
 
+- name: Set user level open file limits for root
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/security/limits.conf
 
+    line: root        soft nofile 10240
 
+    backup: true
 
+
 
+- name: Set user level open file limits for {{ ansible_user }}
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/security/limits.conf
 
+    line: "{{ ansible_user }}        soft nofile 10240"
 
+    backup: true
 
+
 
+# https://docs.oracle.com/en/database/oracle/oracle-database/12.2/ladbi/changing-kernel-parameter-values.html#GUID-FB0CC366-61C9-4AA2-9BE7-233EB6810A31
 
+- name: Setup file max
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: "/etc/sysctl.d/100-palm.conf"
 
+    state: present
 
+    line: "fs.file-max = 6815744"
 
+    create: true
 
+
 
+- name: Setup file max
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: "/etc/sysctl.d/100-palm.conf"
 
+    state: present
 
+    line: "fs.inotify.max_user_watches = 512000"
 
+    create: true
 
+
 
+- name: Setup vm max map count
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: "/etc/sysctl.d/100-palm.conf"
 
+    state: present
 
+    line: "vm.max_map_count = 262144"
 
+    create: true
 
+
 
+- name: Setup vm over commit memory
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: "/etc/sysctl.d/100-palm.conf"
 
+    state: present
 
+    line: "vm.overcommit_memory = 1"
 
+    create: true

+ 8 - 0
magnolia/roles/random-passwords/main.yml
View File 

@@ -0,0 +1,8 @@
 
+- name: Reset root password
 
+  become: true
 
+  shell: echo "root:$(pwgen 32 1)" | chpasswd
 
+
 
+- name: Reset {{ ansible_user }} password
 
+  become: true
 
+  shell: echo "{{ ansible_user }}:$(pwgen 32 1)" | chpasswd
 
+  when: ansible_user != 'root'

+ 50 - 0
magnolia/roles/redis/tasks/main.yml
View File 

@@ -0,0 +1,50 @@
 
+- name: Install dependency packages
 
+  become: true
 
+  apt:
 
+    pkg:
 
+      - redis
 
+
 
+- name: enable redis-server service
 
+  become: true
 
+  ansible.builtin.systemd:
 
+    name: redis-server
 
+    enabled: true
 
+    state: "restarted"
 
+
 
+- name: create /var/lib/redis
 
+  become: true
 
+  ansible.builtin.file:
 
+    path: "/var/lib/redis/node-{{ app_redis_port }}"
 
+    owner: redis
 
+    group: redis
 
+    mode: "0750"
 
+    state: directory
 
+
 
+- name: upload /etc/redis.conf
 
+  become: true
 
+  template:
 
+    src: redis.conf.j2
 
+    dest: "/etc/redis/node-{{ app_redis_port }}.conf"
 
+    owner: redis
 
+    group: redis
 
+    mode: "0640"
 
+
 
+- name: upload systemd redis-server.service
 
+  become: true
 
+  template:
 
+    src: server.service.j2
 
+    dest: "/usr/lib/systemd/system/redis-server-{{ app_redis_port }}.service"
 
+    mode: "0644"
 
+
 
+- name: Force systemd to reread configs
 
+  become: true
 
+  systemd:
 
+    daemon_reload: true
 
+
 
+- name: enable redis-cluster-node service
 
+  become: true
 
+  ansible.builtin.systemd:
 
+    name: "redis-server-{{ app_redis_port }}"
 
+    enabled: true
 
+    masked: false
 
+    state: "restarted"

+ 13 - 0
magnolia/roles/redis/templates/redis.conf.j2
View File 

@@ -0,0 +1,13 @@
 
+bind 0.0.0.0
 
+port {{ app_redis_port }}
 
+protected-mode no
 
+dir /var/lib/redis/node-{{ app_redis_port }}
 
+logfile /var/log/redis/node-{{ app_redis_port }}.log
 
+pidfile /run/node-{{ app_redis_port }}.pid
 
+
 
+cluster-enabled yes
 
+cluster-config-file /etc/redis/cluster-{{ app_redis_port }}.conf
 
+cluster-node-timeout 5000
 
+
 
+appendonly yes
 
+appendfsync everysec

+ 16 - 0
magnolia/roles/redis/templates/server.service.j2
View File 

@@ -0,0 +1,16 @@
 
+[Unit]
 
+Description=Advanced key-value store
 
+After=network.target
 
+
 
+[Service]
 
+Type=notify
 
+ExecStart=/usr/bin/redis-server /etc/redis/node-{{ app_redis_port }}.conf --supervised systemd --daemonize no
 
+PIDFile=/run/redis-node-{{ app_redis_port }}.pid
 
+TimeoutStartSec=180
 
+TimeoutStopSec=120
 
+Restart=always
 
+User=redis
 
+Group=redis
 
+
 
+[Install]
 
+WantedBy=multi-user.target

+ 23 - 0
magnolia/roles/ubuntu/tasks/clean.yml
View File 

@@ -0,0 +1,23 @@
 
+- name: Remove useless packages from the cache
 
+  become: true
 
+  ansible.builtin.apt:
 
+    autoclean: true
 
+
 
+- name: Cleans the local repository of retrieved package files that can no longer be downloaded.
 
+  become: true
 
+  ansible.builtin.apt:
 
+    clean: true
 
+
 
+- name: Remove dependencies that are no longer required
 
+  become: true
 
+  ansible.builtin.apt:
 
+    autoremove: true
 
+
 
+- name: Force systemd to reread configs
 
+  become: true
 
+  ansible.builtin.systemd:
 
+    daemon_reload: true
 
+
 
+- name: Release journald disk usage
 
+  become: true
 
+  ansible.builtin.shell: journalctl --vacuum-time=2d

+ 31 - 0
magnolia/roles/ubuntu/tasks/locales.yml
View File 

@@ -0,0 +1,31 @@
 
+- name: Enable en-US locale
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/locale.gen
 
+    state: present
 
+    line: en_US.UTF-8 UTF-8
 
+    backup: true
 
+
 
+- name: Enable zh-CN locale
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/locale.gen
 
+    state: present
 
+    line: zh_CN.UTF-8 UTF-8
 
+    backup: true
 
+
 
+- name: Enable zh-TW locale
 
+  become: true
 
+  ansible.builtin.lineinfile:
 
+    path: /etc/locale.gen
 
+    state: present
 
+    line: zh_TW.UTF-8 UTF-8
 
+    backup: true
 
+
 
+- name: Generate locales
 
+  become: true
 
+  ansible.builtin.shell: locale-gen
 
+
 
+- name: Use en_US as default locale
 
+  become: true
 
+  ansible.builtin.shell: update-locale LANG=en_US.UTF-8

+ 78 - 0
magnolia/roles/ubuntu/tasks/main.yml
View File 

@@ -0,0 +1,78 @@
 
+- name: Update apt cache
 
+  become: true
 
+  ansible.builtin.apt:
 
+    update_cache: true
 
+    # cache_valid_time: 3600
 
+
 
+- name: Install dependicy packages
 
+  become: true
 
+  ansible.builtin.apt:
 
+    pkg:
 
+      - apt-transport-https
 
+      - software-properties-common
 
+      - gnupg
 
+      - sshpass
 
+      - rsync
 
+      - at
 
+      - sysstat
 
+      - libtool
 
+      - ethtool
 
+      - nethogs
 
+      - dnsutils
 
+      - dnsmasq
 
+      - uuid-runtime
 
+      - lshw
 
+      - tcpdump
 
+      - lm-sensors
 
+      - dmidecode
 
+      - net-tools
 
+      - iputils-arping
 
+      - iputils-ping
 
+      - telnet
 
+      - vim
 
+      - git
 
+      - pwgen
 
+      - locales
 
+      - ntpdate
 
+      - tree
 
+      - wget
 
+      - curl
 
+      - zip
 
+      - unzip
 
+      - systemd-cron
 
+      - systemd-timesyncd
 
+      - systemd-journal-remote
 
+      - screen
 
+      - tmux
 
+      - certbot
 
+      - python3-certbot-nginx
 
+
 
+- name: Set default editor to vim
 
+  become: true
 
+  ansible.builtin.shell: update-alternatives --set editor /usr/bin/vim.basic
 
+
 
+- name: Set git rebase mode
 
+  become: true
 
+  ansible.builtin.shell: git config --global pull.rebase false
 
+
 
+- name: setup git to use http v1.1
 
+  ansible.builtin.shell: git config --global http.version HTTP/1.1
 
+
 
+# ---------------------------------------------------
 
+
 
+- name: Enable ssh service
 
+  become: true
 
+  ansible.builtin.systemd:
 
+    name: ssh
 
+    enabled: true
 
+    masked: false
 
+
 
+- name: Enable systemd-timesyncd service
 
+  become: true
 
+  ansible.builtin.systemd:
 
+    name: systemd-timesyncd
 
+    enabled: true
 
+    masked: false
 
+
 
+- name: Clean system
 
+  include_tasks: clean.yml