Dan V
deb6c38d7b
- Add .gitignore: exclude compiled binaries, build artifacts, and Helm values files containing real secrets (authentik, prometheus) - Add all Kubernetes deployment manifests (deployment/) - Add services source code: ha-sync, device-inventory, games-console, paperclip, parts-inventory - Add Ansible orchestration: playbooks, roles, inventory, cloud-init - Add hardware specs, execution plans, scripts, HOMELAB.md - Add skills/homelab/SKILL.md + skills/install.sh to preserve Copilot skill - Remove previously-tracked inventory-cli binary from git index Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
50 lines
1.3 KiB
YAML
50 lines
1.3 KiB
YAML
---
|
|
- name: Baseline host configuration
|
|
hosts: all:!proxmox
|
|
become: true
|
|
gather_facts: true
|
|
|
|
tasks:
|
|
- name: Ensure common packages are installed (Debian/Ubuntu)
|
|
ansible.builtin.apt:
|
|
name: "{{ common_packages }}"
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Configure timezone
|
|
community.general.timezone:
|
|
name: "{{ timezone }}"
|
|
|
|
- name: Ensure unattended-upgrades is installed
|
|
ansible.builtin.apt:
|
|
name: unattended-upgrades
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Ensure fail2ban is installed
|
|
ansible.builtin.apt:
|
|
name: fail2ban
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Ensure UFW is installed
|
|
ansible.builtin.apt:
|
|
name: ufw
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Ensure UFW allows SSH
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "22"
|
|
proto: tcp
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Ensure UFW is enabled
|
|
community.general.ufw:
|
|
state: enabled
|
|
when: ansible_os_family == "Debian"
|