Homelab-Ansible/ansible/buildHomelab.yaml

---
- name: Setup pi
  hosts: basementpi
  remote_user: root
  vars:

  tasks:
    - name: Disable cloud-init network config
      ansible.builtin.command: 'echo "network: {config: disabled}" > /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'

    - name: Delete existing netplan
      ansible.builtin.command: rm -f /etc/netplan/*
     
    - name: Copy netplan
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/01-netcfg.yaml.j2
        dest: /etc/netplan
        backup: true

    - name: Copy unbound config
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/unbound.conf.j2
        dest: ./unbound/
        backup: true

    - name: Apply Netplan
      ansible.builtin.command: netplan apply


    - name: Disable Ubunut stub DNS resolver
      ansible.builtin.shell: sed -r -i.orig 's/#?DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf
    - name: symlink /etc/resolv to /run/systemd/resolve/resolv.conf
      ansible.builtin.shell: sudo sh -c 'rm /etc/resolv.conf && ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf'

    - name: Restart resolved
      ansible.builtin.shell: systemctl restart systemd-resolved

    - name: Install restic
      ansible.builtin.apt:
        update_cache: true
        name:
          - restic


    - name: Copy ddclient config
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/ddclient.conf.j2
        dest: /root/docker/ddclient/ddclient.conf
        backup: true
      tags: docker


- name: Setup bastion
  hosts: bastion
  vars:
  tags:
    - bastion
  tasks:
    - name: Enable IP forwarding
      ansible.builtin.lineinfile:
        path: /etc/sysctl.conf
        regexp: '^#?.*net\.ipv4\.ip_forward='
        line: 'net.ipv4.ip_forward=1'
    - name: Install Wireguard
      ansible.builtin.package:
        name: wireguard
        state: present
    - name: Shutdown Wireguard (remove iptables rules)
      ansible.builtin.shell: wg-quick down wg0
      ignore_errors: true
    - name: Copy Wireguard config
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/wg0.conf.j2
        dest: /etc/wireguard/wg0.conf
        backup: true
    - name: Enable Wireguard int
      ansible.builtin.shell: wg-quick up wg0

      #- name: Setup Docker hosts
      #  hosts: 
      #    - docker-ext
      #    - docker-int
      #    - basementpi
      #  vars:
      #  tags:
      #    - docker
      #    - docker_hosts
      #  when: "'setup' in ansible_run_tags"
      #  tasks:
      #    - name: Docker Prereqs
      #      ansible.builtin.apt:
      #        update_cache: true
      #        name:
      #          - ca-certificates
      #          - curl
      #          - gnupg
      #          - lsb-release
      #    - name: Create keyring directory
      #      ansible.builtin.file:
      #        path: /etc/apt/keyrings
      #        state: directory
      #    - name: Create Docker directory
      #      ansible.builtin.file:
      #        path: /root/docker
      #        state: directory
      #    - name: Download Docker GPG keys
      #      ansible.builtin.shell: curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --batch --yes
      #    - name: Add Docker repo
      #      ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
      #    - name: Install Docker
      #      ansible.builtin.apt:
      #        update_cache: true
      #        name:
      #          - docker-ce
      #          - docker-ce-cli
      #          - containerd.io
      #          - docker-compose-plugin

- name: Configure Docker hosts
  hosts: 
    - docker-ext
    - docker-int
    - basementpi
  vars:
  tags:
    - docker
    - docker_hosts
  tasks:
    - name: Copy Docker Compose file
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/compose.yml.j2
        dest: /root/docker/compose.yml
        backup: true
    - name: Run Docker
      ansible.builtin.shell: docker compose up -d --remove-orphans
      args:
        chdir: /root/docker
      tags: wireguard,docker

- name: Local server Wireguard
  hosts: 
    - docker-ext
  tasks:
    - name: "docker-ext Wireguard"
      ansible.builtin.template:
        src: assets/{{ inventory_hostname }}/wg0.conf.j2
        dest: /etc/wireguard/wg0.conf
        backup: true