77 lines
1.9 KiB
YAML
77 lines
1.9 KiB
YAML
- name: Configure SSH and gvisor
|
|
hosts: proxmox_vms
|
|
tasks:
|
|
- name: Copy over SSHD config file
|
|
ansible.builtin.copy:
|
|
src: ./files/sshd_config
|
|
dest: /etc/ssh/sshd_config
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
|
|
- name: Restart SSHD
|
|
ansible.builtin.systemd_service:
|
|
name: sshd
|
|
state: reloaded
|
|
|
|
- name: Download gvisor
|
|
ansible.builtin.get_url:
|
|
url: https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc
|
|
dest: /usr/local/bin/runsc
|
|
force: yes
|
|
mode: a+x
|
|
|
|
- name: Copy over dnf5-automatic config
|
|
ansible.builtin.copy:
|
|
src: ./files/automatic.conf
|
|
dest: /etc/dnf/automatic.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Add dnf5-automatic overrides dir
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/system/dnf5-automatic.service.d
|
|
state: directory
|
|
mode: '0644'
|
|
|
|
- name: Add override.conf
|
|
ansible.builtin.copy:
|
|
src: ./files/override.conf
|
|
dest: /etc/systemd/system/dnf5-automatic.service.d/override.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Add gvisor update service
|
|
ansible.builtin.copy:
|
|
src: ./files/gvisor-update.service
|
|
dest: /etc/systemd/system/gvisor-update.service
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Enable dnf5 auto updates
|
|
ansible.builtin.systemd_service:
|
|
name: dnf5-automatic.timer
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Enable podman auto updates
|
|
ansible.builtin.systemd_service:
|
|
name: podman-auto-update.timer
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Add /srv dir
|
|
ansible.builtin.file:
|
|
path: /srv
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Add /secrets dir
|
|
ansible.builtin.file:
|
|
path: /secrets
|
|
state: directory
|
|
mode: '0755'
|
|
|