qdev/soupclown
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleaning up

Browse Source
This commit is contained in:
quinm0
2026-02-23 16:39:06 -05:00
commit affbfcd116
43 changed files with 1224 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ansible/roles/devtools/tasks/install-ctop.yaml
+87
View File
@@ -0,0 +1,87 @@
# ============================================================================
# CTOP Installation Task
# ============================================================================
#
# ## Overview
# This task sequence installs **ctop** (a top-like interface for container metrics)
# on the target system using the azlux repository.
#
# ## Prerequisites
# - Target system must be Debian/Ubuntu-based
# - Root or sudo privileges required
# - Internet connectivity to download packages and GPG keys
#
# ## Workflow
# 1. **Prerequisite Check**: Verifies if ctop is already installed via marker file
# 2. **Dependency Installation**: Installs required system packages
# - ca-certificates (SSL/TLS support)
# - curl (download utilities)
# - gnupg (GPG key management)
# - lsb-release (OS release detection)
# 3. **Repository Setup**:
# - Adds azlux GPG key for package verification
# - Validates GPG key integrity
# - Adds azlux apt repository with signed packages
# - Refreshes apt cache
# 4. **Package Installation**: Installs docker-ctop package
#
# ## Key Features
# - ✅ Idempotent: Skips execution if ctop is already installed
# - ✅ GPG Validation: Ensures repository authenticity
# - ✅ Error Handling: Fails playbook if GPG key or repo validation fails
# - ✅ Architecture-Aware: Uses ansible_architecture variable for multi-arch support
#
# ## Variables Used
# - `ansible_architecture`: Target system CPU architecture (auto-detected)
# - `ctop_installed_check`: Registration variable tracking installation status
# - `apt_key_finger_output`: GPG key validation results
# - `azlux_repo_check`: Repository addition verification results
#
# ## Failure Points
# - GPG key import fails or key not found in fingerprint output
# - Repository addition fails or cannot be verified
# - Package installation fails
#
# ## Notes
# - Uses `signed-by` parameter for secure apt repository configuration (modern approach)
# - Creates marker file at `/var/ctop_installed` to track installation state
# - `lsb_release -cs` dynamically determines Debian/Ubuntu codename
# - Ensure that the system is updated before running this playbook for best results
- name: Check if ctop is installed
stat:
path: /var/ctop_installed
register: ctop_installed_check
- name: Install prerequisites for ctop
apt:
name:
- ca-certificates
- curl
- gnupg
- lsb-release
state: present
update_cache: yes
when: not ctop_installed_check.stat.exists
- name: Add azlux GPG key for ctop
apt_key:
url: https://azlux.fr/repo.gpg.key
state: present
keyring: /usr/share/keyrings/azlux-archive-keyring.gpg
when: not ctop_installed_check.stat.exists
- name: Add azlux repository for ctop
shell: |
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/azlux-archive-keyring.gpg trusted=yes] http://packages.azlux.fr/debian stable main" | sudo tee /etc/apt/sources.list.d/azlux.list >/dev/null
when: not ctop_installed_check.stat.exists
- name: Update apt cache after adding azlux repository
command: apt-get update
when: not ctop_installed_check.stat.exists
- name: Install ctop
apt:
name: docker-ctop
state: present
when: not ctop_installed_check.stat.exists
src/ansible/roles/devtools/tasks/install-lazydocker.yaml
+21
View File
@@ -0,0 +1,21 @@
- name: Check if lazydocker is installed
stat:
path: /var/lazydocker_installed
register: lazydocker_installed_check
- name: Download install script for lazydocker
get_url:
url: https://raw.githubusercontent.com/jesseduffield/lazydocker/master/scripts/install_update_linux.sh
dest: /tmp/install_lazydocker.sh
mode: "0755"
when: not lazydocker_installed_check.stat.exists
- name: Run lazydocker installer script
command: /tmp/install_lazydocker.sh
when: not lazydocker_installed_check.stat.exists
- name: Create file indicating lazydocker is installed
file:
path: /var/lazydocker_installed
state: touch
when: not lazydocker_installed_check.stat.exists
src/ansible/roles/devtools/tasks/install-opentofu.yaml
+34
View File
@@ -0,0 +1,34 @@
# get the installer script
# curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh
- name: Check if opentofu is installed
stat:
path: /var/opentofu_installed
register: opentofu_installed_check
- name: Download installer script
get_url:
url: https://get.opentofu.org/install-opentofu.sh
dest: /tmp/install-opentofu.sh
mode: "0755"
when: not opentofu_installed_check.stat.exists
- name: Make installer script executable
command: chmod +x /tmp/install-opentofu.sh
when: not opentofu_installed_check.stat.exists
- name: Install opentofu
command: /tmp/install-opentofu.sh --install-method deb
when: not opentofu_installed_check.stat.exists
- name: Remove installer script
file:
path: /tmp/install-opentofu.sh
state: absent
when: not opentofu_installed_check.stat.exists
- name: Create file indicating opentofu is installed
file:
path: /var/opentofu_installed
state: touch
when: not opentofu_installed_check.stat.exists
src/ansible/roles/devtools/tasks/main.yaml
+8
View File
@@ -0,0 +1,8 @@
- name: Install opentofu
import_tasks: install-opentofu.yaml
- name: Install lazydocker
import_tasks: install-lazydocker.yaml
- name: Install ctop
import_tasks: install-ctop.yaml
src/ansible/roles/dietpi/tasks/main.yaml
+2
View File
@@ -0,0 +1,2 @@
- name: Install Reticulum Network Stack (RNS)
import_tasks: rns.yaml
src/ansible/roles/dietpi/tasks/rns.yaml
+138
View File
@@ -0,0 +1,138 @@
---
# - name: Install python3 packages
# pip:
# name: "{{ item }}"
# state: present
# executable: pip3
# with_items:
# - rns
# - lxmf
- name: Create systemd service for rns
copy:
dest: /etc/systemd/system/rns.service
content: |
[Unit]
Description=Reticulum Network Stack Daemon
After=multi-user.target
[Service]
Type=simple
Restart=always
RestartSec=3
User=root
ExecStart=rnsd --service
[Install]
WantedBy=multi-user.target
- name: Reload systemd
systemd:
daemon_reload: yes
- name: Ensure rns service is enabled and started
systemd:
name: rns.service
enabled: yes
state: started
- name: Stop service for config file update
systemd:
name: rns.service
state: stopped
- name: Ensure Reticulum config directory exists
file:
path: /root/.reticulum
state: directory
mode: "0755"
- name: Deploy rns configuration file (using block for friendly file updates)
copy:
dest: /root/.reticulum/config
content: |
[reticulum]
enable_transport = True
share_instance = Yes
instance_name = B407
discover_interfaces = Yes
panic_on_interface_error = No
# If you're connecting to a large external network, you
# can use one or more external blackhole list to block
# spammy and excessive announces onto your network. This
# funtionality is especially useful if you're hosting public
# entrypoints or gateways. The list source below provides a
# functional example, but better, more timely maintained
# lists probably exist in the community.
# blackhole_sources = 521c87a83afb8f29e4455e77930b973b
[logging]
# Valid log levels are 0 through 7:
# 0: Log only critical information
# 1: Log errors and lower log levels
# 2: Log warnings and lower log levels
# 3: Log notices and lower log levels
# 4: Log info and lower (this is the default)
# 5: Verbose logging
# 6: Debug logging
# 7: Extreme logging
loglevel = 4
# The interfaces section defines the physical and virtual
# interfaces Reticulum will use to communicate on. This
# section will contain examples for a variety of interface
# types. You can modify these or use them as a basis for
# your own config, or simply remove the unused ones.
[interfaces]
[[Default Interface]]
type = AutoInterface
enabled = Yes
[[RNode LoRa Interface]]
type = RNodeInterface
enabled = yes
port = /dev/ttyACM0
# Set frequency to 915 MHz (US ISM Band)
frequency = 915000000
# Set LoRa bandwidth to 125 KHz
bandwidth = 125000
# Set TX power to 7 dBm (5 mW)
txpower = 7
# Select spreading factor 8. Valid
# range is 7 through 12, with 7
# being the fastest and 12 having
# the longest range.
spreadingfactor = 8
# Select coding rate 5. Valid range
# is 5 throough 8, with 5 being the
# fastest, and 8 the longest range.
codingrate = 5
# You can configure the RNode to send
# out identification on the channel with
# a set interval by configuring the
# following two parameters.
id_callsign = B407
id_interval = 600
# For certain homebrew RNode interfaces
# with low amounts of RAM, using packet
# flow control can be useful. By default
# it is disabled.
# flow_control = False
# It is possible to limit the airtime
# utilisation of an RNode by using the
# following two configuration options.
# The short-term limit is applied in a
# window of approximately 15 seconds,
# and the long-term limit is enforced
# over a rolling 60 minute window. Both
# options are specified in percent.
# airtime_limit_long = 1.5
# airtime_limit_short = 33
- name: Start rns service after config update
systemd:
name: rns.service
state: started
src/ansible/roles/pcpanel/tasks/main.yaml
+66
View File
@@ -0,0 +1,66 @@
# add block to /etc/udev/rules.d/70-pcpanel.rules
# SUBSYSTEM=="usb", ATTRS{idVendor}=="04D8", ATTRS{idProduct}=="eb52", TAG+="uaccess"
# SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a3c4", TAG+="uaccess"
# SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a3c5", TAG+="uaccess"
- name: Check if we've already set up pcpanel
stat:
path: /etc/udev/rules.d/70-pcpanel.rules
register: pcpanel_rules_file
- name: Check if we've installed the deb file before
stat:
path: /var/pcpanel_installed
register: pcpanel_deb_file
- name: Ensure pulseaudio is installed
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- pulseaudio
- pulseaudio-utils
when: not pcpanel_rules_file.stat.exists
- name: Create required directories for pcpanel
file:
path: /etc/udev/rules.d
state: directory
mode: "0755"
when: not pcpanel_rules_file.stat.exists
- name: Add udev rules for pcpanel
copy:
content: |
# SUBSYSTEM=="usb", ATTRS{idVendor}=="04D8", ATTRS{idProduct}=="eb52", TAG+="uaccess"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a3c4", TAG+="uaccess"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a3c5", TAG+="uaccess"
dest: /etc/udev/rules.d/70-pcpanel.rules
mode: "0644"
owner: root
group: root
when: not pcpanel_rules_file.stat.exists
- name: Reload udev rules
shell: udevadm control --reload-rules && udevadm trigger
when: not pcpanel_rules_file.stat.exists
- name: Download pcpanel deb file
get_url:
url: "https://github.com/nvdweem/PCPanel/releases/download/v1.7.1/pcpanel_1.7.1_amd64.deb"
dest: /tmp/pcpanel_1.7.1_amd64.deb
mode: "0644"
when: not pcpanel_deb_file.stat.exists
- name: Install pcpanel deb file
apt:
deb: /tmp/pcpanel_1.7.1_amd64.deb
when: not pcpanel_deb_file.stat.exists
- name: Create file to indicate pcpanel installed
file:
path: /var/pcpanel_installed
state: touch
mode: "0644"
when: not pcpanel_deb_file.stat.exists
src/ansible/roles/soupclown/defaults/main.yaml
+18
View File
@@ -0,0 +1,18 @@
soupclown_mod_group_name: soupclown_moderator
soupclown_users:
- name: dbowen
isMod: false
soupclown_drive_configs:
- name: d1
partuuid: ea8eb756-01
fs_type: ext4
- name: d2
partuuid: d9892c39-c6f2-4090-bccc-1b976f85c762
fs_type: ext4
- name: DATA
partuuid: 9f9dfead-c8bd-40bc-a012-7c3fa996e610
fs_type: ext4
src/ansible/roles/soupclown/tasks/create-users.yaml
+13
View File
@@ -0,0 +1,13 @@
- name: Create soupclown moderator group
group:
name: "{{ soupclown_mod_group_name }}"
state: present
- name: For each user in config, ensure user exists and if isMod true, add to moderator group
user:
name: "{{ item.name }}"
state: present
groups: "{{ [soupclown_mod_group_name] if item.isMod else [] }}"
password: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,digits') | password_hash('sha512') }}"
update_password: on_create
loop: "{{ soupclown_users }}"
src/ansible/roles/soupclown/tasks/docker-install.yaml
+47
View File
@@ -0,0 +1,47 @@
---
- name: Check if our custom file indicating Docker is installed exists
stat:
path: /var/docker_installed
register: docker_installed_check
- name: Uninstall old Docker versions if present
apt:
name:
- docker
- docker-engine
- docker.io
- containerd
- runc
state: absent
purge: yes
update_cache: yes
when: not docker_installed_check.stat.exists
- name: Install required packages for Docker
apt:
name:
- gpg
- ca-certificates
- curl
- gnupg
- lsb-release
state: present
update_cache: yes
when: not docker_installed_check.stat.exists
# curl -fsSL https://get.docker.com -o get-docker.sh
- name: Get temporary Docker installation script
get_url:
url: https://get.docker.com
dest: /tmp/get-docker.sh
mode: "0755"
when: not docker_installed_check.stat.exists
- name: Install Docker using the official installation script
command: sh /tmp/get-docker.sh
when: not docker_installed_check.stat.exists
- name: Create file indicating Docker is installed
file:
path: /var/docker_installed
state: touch
src/ansible/roles/soupclown/tasks/install-deps.yaml
+42
View File
@@ -0,0 +1,42 @@
# NOTE: Never use apt for rclone, use official script
- name: Remove defualt packages
apt:
name:
- firefox
- thunderbird
state: absent
- name: Install common packages
apt:
name:
- btop
- htop
- desktop-file-utils
- git
- gh
- ssh-import-id
- python3-venv
- python3-pip
- name: Install snap packages
snap:
name: "{{ item }}"
state: present
with_items:
- vivaldi
- signal-desktop
- name: Install python3 packages
pip:
name: "{{ item }}"
state: present
break_system_packages: yes
executable: pip3
with_items:
- pyyaml
- cryptography
- passlib
- name: Install Docker
import_tasks: docker-install.yaml
src/ansible/roles/soupclown/tasks/main.yaml
+9
View File
@@ -0,0 +1,9 @@
---
- name: Install all dependencies
import_tasks: install-deps.yaml
- name: Create users
import_tasks: create-users.yaml
- name: Install rclone (MEGA)
import_tasks: rclone-mega-install.yaml
src/ansible/roles/soupclown/tasks/rclone-mega-install.yaml
+71
View File
@@ -0,0 +1,71 @@
- name: Check if rclone is installed
stat:
path: /var/rclone_installed
register: rclone_installed_check
- name: Install rclone (mega)
command:
# This command is for sure not working but I ran it manually and it worked. So I blame ansible
cmd: "curl https://rclone.org/install.sh | sudo bash ; touch /var/rclone_installed"
creates: /var/rclone_installed
when: not rclone_installed_check.stat.exists
- name: Create required directories
file:
path: "{{ item }}"
state: directory
mode: "0770"
with_items:
- /root/.config/rclone
- /mnt/mega
- name: Create rclone config
copy:
content: |
[mega]
type = mega
user = tnuu9h362@mozmail.com
pass = {{ rclone_mega_key }}
[data]
type = crypt
remote = mega:enc
password = {{ rclone_encPass_one }}
password2 = {{ rclone_encPass_two }}
dest: /root/.config/rclone/rclone.conf
- name: Write service file for rclone mount
copy:
content: |
[Unit]
Description=Rclone mount service
After=local-fs.target network.target
[Service]
Type=simple
User=root
KillMode=control-group
ExecStart=rclone mount data:enc /mnt/mega -vv \
--vfs-cache-mode full \
--allow-other \
--umask 0 \
--dir-perms 0777 \
--file-perms 0777 \
--dir-cache-time 300h
ExecStop=umount /mnt/mega
Restart=on-failure
[Install]
WantedBy=default.target
dest: /etc/systemd/system/rclone.service
mode: "0644"
owner: root
group: root
- name: Systemctl daemon-reload
command: systemctl daemon-reload
- name: Enable and start rclone service
systemd:
name: rclone
state: started
enabled: yes