tf-oci-ans-selfhost-dev/ansible_playbooks/bootstrap_vnc.yml

---
- name: Setup Swap, WireGuard, and VNC on CentOS
  hosts: almalinux
  become: true
  tasks:
    - name: Create a swap file
      ansible.builtin.command: fallocate -l 4G /swapfile
      args:
        creates: /swapfile

    - name: Set permissions on the swap file
      ansible.builtin.file:
        path: /swapfile
        mode: "0600"

    - name: Set up swap space
      ansible.builtin.command: mkswap /swapfile
      args:
        creates: /swapfile

    - name: Enable swap file
      ansible.posix.mount:
        name: none
        src: /swapfile
        fstype: swap
        state: present

    - name: Add swap file to fstab
      ansible.builtin.lineinfile:
        path: /etc/fstab
        line: /swapfile none swap defaults 0 0
        state: present

    - name: Update package cache
      ansible.builtin.dnf:
        update_cache: true

    - name: Upgrade all packages
      ansible.builtin.dnf:
        name: "*"
        state: latest

    - name: Install WireGuard
      ansible.builtin.dnf:
        name:
          - wireguard-tools
        state: present

    - name: Load WireGuard module
      community.general.modprobe:
        name: wireguard
        state: present

    - name: Enable IP forwarding
      ansible.posix.sysctl:
        name: net.ipv4.ip_forward
        value: 1
        state: present
        reload: true

    - name: Create WireGuard keys
      ansible.builtin.command: >
        sh -c 'wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey'
      args:
        creates: /etc/wireguard/privatekey

    - name: Install EPEL release
      ansible.builtin.dnf:
        name: epel-release
        state: present

    - name: Install XFCE desktop environment
      ansible.builtin.dnf:
        name: "@XFCE"
        state: present

    - name: Install TigerVNC server
      ansible.builtin.dnf:
        name: tigervnc-server
        state: present

    - name: Create vnc configuration directory
      become: false
      ansible.builtin.file:
        path: ~/.vnc/
        state: directory
        recurse: true

    - name: Create VNC startup file
      become: false
      ansible.builtin.copy:
        dest: ~/.vnc/xstartup
        content: |
          #!/bin/sh
          unset SESSION_MANAGER
          unset DBUS_SESSION_BUS_ADDRESS
          exec /etc/X11/xinit/xinitrc
        mode: "0755"

    - name: Enable TigerVNC service
      ansible.builtin.systemd:
        name: vncserver@:1.service
        enabled: true
        state: started

    - name: Open WireGuard port (51820) in firewall
      ansible.posix.firewalld:
        service: wireguard
        permanent: true
        state: enabled
        zone: public

    - name: Open VNC port (5901) in firewall
      ansible.posix.firewalld:
        port: 5901/tcp
        permanent: true
        state: enabled
        zone: public

    - name: Reload firewalld to apply changes
      ansible.builtin.service:
        name: firewalld
        state: restarted

    - name: Reboot the system
      ansible.builtin.reboot:
        msg: Rebooting to apply changes
Record new playbook Use ansible to bootstrap a remote workstation based on Alma Linux. Possibly compatible with fedora. 2024-11-26 12:02:13 -05:00			`---`
			`- name: Setup Swap, WireGuard, and VNC on CentOS`
			`hosts: almalinux`
			`become: true`
			`tasks:`
			`- name: Create a swap file`
			`ansible.builtin.command: fallocate -l 4G /swapfile`
			`args:`
			`creates: /swapfile`

			`- name: Set permissions on the swap file`
			`ansible.builtin.file:`
			`path: /swapfile`
			`mode: "0600"`

			`- name: Set up swap space`
			`ansible.builtin.command: mkswap /swapfile`
			`args:`
			`creates: /swapfile`

			`- name: Enable swap file`
			`ansible.posix.mount:`
			`name: none`
			`src: /swapfile`
			`fstype: swap`
			`state: present`

			`- name: Add swap file to fstab`
			`ansible.builtin.lineinfile:`
			`path: /etc/fstab`
			`line: /swapfile none swap defaults 0 0`
			`state: present`

			`- name: Update package cache`
			`ansible.builtin.dnf:`
			`update_cache: true`

			`- name: Upgrade all packages`
			`ansible.builtin.dnf:`
			`name: "*"`
			`state: latest`

			`- name: Install WireGuard`
			`ansible.builtin.dnf:`
			`name:`
			`- wireguard-tools`
			`state: present`

			`- name: Load WireGuard module`
			`community.general.modprobe:`
			`name: wireguard`
			`state: present`

			`- name: Enable IP forwarding`
			`ansible.posix.sysctl:`
			`name: net.ipv4.ip_forward`
			`value: 1`
			`state: present`
			`reload: true`

			`- name: Create WireGuard keys`
			`ansible.builtin.command: >`
			`sh -c 'wg genkey \| tee /etc/wireguard/privatekey \| wg pubkey > /etc/wireguard/publickey'`
			`args:`
			`creates: /etc/wireguard/privatekey`

			`- name: Install EPEL release`
			`ansible.builtin.dnf:`
			`name: epel-release`
			`state: present`

			`- name: Install XFCE desktop environment`
			`ansible.builtin.dnf:`
			`name: "@XFCE"`
			`state: present`

			`- name: Install TigerVNC server`
			`ansible.builtin.dnf:`
			`name: tigervnc-server`
			`state: present`

			`- name: Create vnc configuration directory`
			`become: false`
			`ansible.builtin.file:`
			`path: ~/.vnc/`
			`state: directory`
			`recurse: true`

			`- name: Create VNC startup file`
			`become: false`
			`ansible.builtin.copy:`
			`dest: ~/.vnc/xstartup`
			`content: \|`
			`#!/bin/sh`
			`unset SESSION_MANAGER`
			`unset DBUS_SESSION_BUS_ADDRESS`
			`exec /etc/X11/xinit/xinitrc`
			`mode: "0755"`

			`- name: Enable TigerVNC service`
			`ansible.builtin.systemd:`
			`name: vncserver@:1.service`
			`enabled: true`
			`state: started`

			`- name: Open WireGuard port (51820) in firewall`
			`ansible.posix.firewalld:`
			`service: wireguard`
			`permanent: true`
			`state: enabled`
			`zone: public`

			`- name: Open VNC port (5901) in firewall`
			`ansible.posix.firewalld:`
			`port: 5901/tcp`
			`permanent: true`
			`state: enabled`
			`zone: public`

			`- name: Reload firewalld to apply changes`
			`ansible.builtin.service:`
			`name: firewalld`
			`state: restarted`

			`- name: Reboot the system`
			`ansible.builtin.reboot:`
			`msg: Rebooting to apply changes`