New structure

playbooks/apt-update.yml

@@ -0,0 +1,25 @@
+- hosts: all
+  vars:
+    ansible_host_key_checking: false ##If you get an error about hosts not trusted
+  become_user: root
+  become: true
+  tasks:
+    - name: Update apt repo and cache on all Debian/Ubuntu boxes
+      apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+
+    - name: Upgrade all packages on servers
+      apt: upgrade=dist force_apt_get=yes
+
+    - name: Check if a reboot is needed on all servers
+      register: reboot_required_file
+      stat: path=/var/run/reboot-required get_md5=no
+
+    - name: Reboot the box if kernel updated
+      reboot:
+        msg: "Reboot initiated by Ansible for kernel updates"
+        connect_timeout: 5
+        reboot_timeout: 300
+        pre_reboot_delay: 0
+        post_reboot_delay: 30
+        test_command: uptime
+      when: reboot_required_file.stat.exists

playbooks/apt2-update.yml

@@ -0,0 +1,12 @@
+---
+  
+- hosts: all
+  vars:
+    ansible_host_key_checking: false ##If you get an error about hosts not trusted
+  become: true
+
+  tasks:
+    - name: Update all packages to their latest version
+      ansible.builtin.apt:
+        name: "*"
+        state: latest

playbooks/gitea.yml

@@ -0,0 +1,32 @@
+---
+- hosts: gitea
+  become: true
+  become_user: root
+  tasks:
+    - name: gitea.yml | Stop service gitea on debian, if running
+      ansible.builtin.systemd:
+        name: gitea
+        state: stopped
+
+    - name: gitea.yml | Download newest gitea binary
+      ansible.builtin.get_url:
+        url: "{{ var_gitea_url }}"
+        dest: /tmp/gitea
+        mode: '0511'
+
+    - name: gitea.yml | Copy file with owner and permissions
+      ansible.builtin.copy:
+        src: /tmp/gitea
+        dest: /usr/local/bin/gitea
+        mode: '0511'
+        remote_src: yes
+
+    - name: gitea.yml | Start service gitea on debian, if not running
+      ansible.builtin.systemd:
+        name: gitea
+        state: started
+
+    - name: gitea.yml | clean and remove /tmp directory
+      ansible.builtin.file:
+        path: /tmp/gitea
+        state: absent

playbooks/inital_setup_new_server.yml

@@ -0,0 +1,99 @@
+- hosts: new
+  vars:
+    ansible_host_key_checking: false ##If you get an error about hosts not trusted
+  become_user: root
+  become: yes
+  tasks:
+    - name: Update apt repo and cache on all Debian/Ubuntu boxes
+      apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+
+    - name: Upgrade all packages on servers
+      apt: upgrade=dist force_apt_get=yes
+
+    - name: Check if a reboot is needed on all servers
+      register: reboot_required_file
+      stat: path=/var/run/reboot-required get_md5=no
+
+    - name: Reboot the box if kernel updated
+      reboot:
+        msg: "Reboot initiated by Ansible for kernel updates"
+        connect_timeout: 5
+        reboot_timeout: 300
+        pre_reboot_delay: 0
+        post_reboot_delay: 30
+        test_command: uptime
+      when: reboot_required_file.stat.exists
+
+    - name: Add the user 'joachim' with a specific uid and a primary group of 'admin'
+      ansible.builtin.user:
+        name: joachim
+        shell: /bin/bash
+        comment: Joachim Hummel
+        createhome: yes
+        uid: 1000
+        group: sudo
+
+
+    - name: Add the user 'sysadmin' with a specific uid and a primary group of 'admin'
+      ansible.builtin.user:
+        name: sysadmin42
+        shell: /bin/bash
+        comment: Ansible Sysadmin42 
+        createhome: yes
+        uid: 1010
+        group: sudo
+
+    - name: Set authorized key for remote user joachim
+      ansible.posix.authorized_key:
+        user: joachim 
+        state: present
+        key: "{{ lookup('url', 'https://git.homeabc.de/jhummel/ansible-semaphore/raw/branch/master/keys/id_rsa.joachim', split_lines=False) }}" 
+
+    - name: Set authorized key for remote user sysadmin42
+      ansible.posix.authorized_key:
+        user: sysadmin42
+        state: present
+        key: "{{ lookup('url', 'https://git.homeabc.de/jhummel/ansible-semaphore/raw/branch/master/keys/id_rsa.semphore', split_lines=False) }}" 
+
+    - name: Disable password authentication for root
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        state: present
+        regexp: '^#?PermitRootLogin'
+        line: 'PermitRootLogin prohibit-password'
+
+    - name: Update apt and install required system packages
+      apt:
+        pkg:
+          - curl
+          - vim
+          - git
+          - ufw
+          - fail2ban
+          - apache2
+        state: latest
+        update_cache: true
+
+    - name: UFW - Allow SSH connections
+      community.general.ufw:
+        rule: allow
+        name: OpenSSH
+
+
+    - name: UFW - Allow HTTP connections
+      community.general.ufw:
+        rule: allow
+        port: 80
+        proto: tcp
+
+    - name: UFW - Allow HTTPS connections
+      community.general.ufw:
+        rule: allow
+        port: 443
+        proto: tcp
+
+    - name: UFW - Enable and deny by default
+      community.general.ufw:
+        state: enabled
+        default: deny
+

playbooks/install-docker.yml

@@ -0,0 +1,17 @@
+---
+- hosts: docker
+  become: true
+  become_user: root
+  tasks:
+    - name: install-docker.yml | Stop service gitea on debian, if running
+      ansible.builtin.systemd:
+        name: gitea
+        state: stopped
+
+    - name: gitea.yml | Download newest gitea binary
+      ansible.builtin.get_url:
+        url: "{{ var_gitea_url }}"
+        dest: /tmp/gitea
+        mode: '0511'
+
+

playbooks/jetson.yml

@@ -0,0 +1,8 @@
+---
+- name: Ansible Playbook for Jetson and Docker
+  hosts: jetson
+  become: true
+
+  roles:
+    - jetson
+