mharb
726fb502b4
Use ansible to bootstrap a remote workstation based on Alma Linux. Possibly compatible with fedora.
128 lines
3.0 KiB
YAML
128 lines
3.0 KiB
YAML
---
|
|
- name: Setup Swap, WireGuard, and VNC on CentOS
|
|
hosts: almalinux
|
|
become: true
|
|
tasks:
|
|
- name: Create a swap file
|
|
ansible.builtin.command: fallocate -l 4G /swapfile
|
|
args:
|
|
creates: /swapfile
|
|
|
|
- name: Set permissions on the swap file
|
|
ansible.builtin.file:
|
|
path: /swapfile
|
|
mode: "0600"
|
|
|
|
- name: Set up swap space
|
|
ansible.builtin.command: mkswap /swapfile
|
|
args:
|
|
creates: /swapfile
|
|
|
|
- name: Enable swap file
|
|
ansible.posix.mount:
|
|
name: none
|
|
src: /swapfile
|
|
fstype: swap
|
|
state: present
|
|
|
|
- name: Add swap file to fstab
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/fstab
|
|
line: /swapfile none swap defaults 0 0
|
|
state: present
|
|
|
|
- name: Update package cache
|
|
ansible.builtin.dnf:
|
|
update_cache: true
|
|
|
|
- name: Upgrade all packages
|
|
ansible.builtin.dnf:
|
|
name: "*"
|
|
state: latest
|
|
|
|
- name: Install WireGuard
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- wireguard-tools
|
|
state: present
|
|
|
|
- name: Load WireGuard module
|
|
community.general.modprobe:
|
|
name: wireguard
|
|
state: present
|
|
|
|
- name: Enable IP forwarding
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: 1
|
|
state: present
|
|
reload: true
|
|
|
|
- name: Create WireGuard keys
|
|
ansible.builtin.command: >
|
|
sh -c 'wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey'
|
|
args:
|
|
creates: /etc/wireguard/privatekey
|
|
|
|
- name: Install EPEL release
|
|
ansible.builtin.dnf:
|
|
name: epel-release
|
|
state: present
|
|
|
|
- name: Install XFCE desktop environment
|
|
ansible.builtin.dnf:
|
|
name: "@XFCE"
|
|
state: present
|
|
|
|
- name: Install TigerVNC server
|
|
ansible.builtin.dnf:
|
|
name: tigervnc-server
|
|
state: present
|
|
|
|
- name: Create vnc configuration directory
|
|
become: false
|
|
ansible.builtin.file:
|
|
path: ~/.vnc/
|
|
state: directory
|
|
recurse: true
|
|
|
|
- name: Create VNC startup file
|
|
become: false
|
|
ansible.builtin.copy:
|
|
dest: ~/.vnc/xstartup
|
|
content: |
|
|
#!/bin/sh
|
|
unset SESSION_MANAGER
|
|
unset DBUS_SESSION_BUS_ADDRESS
|
|
exec /etc/X11/xinit/xinitrc
|
|
mode: "0755"
|
|
|
|
- name: Enable TigerVNC service
|
|
ansible.builtin.systemd:
|
|
name: vncserver@:1.service
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Open WireGuard port (51820) in firewall
|
|
ansible.posix.firewalld:
|
|
service: wireguard
|
|
permanent: true
|
|
state: enabled
|
|
zone: public
|
|
|
|
- name: Open VNC port (5901) in firewall
|
|
ansible.posix.firewalld:
|
|
port: 5901/tcp
|
|
permanent: true
|
|
state: enabled
|
|
zone: public
|
|
|
|
- name: Reload firewalld to apply changes
|
|
ansible.builtin.service:
|
|
name: firewalld
|
|
state: restarted
|
|
|
|
- name: Reboot the system
|
|
ansible.builtin.reboot:
|
|
msg: Rebooting to apply changes
|