forked from zh99998/mycard-deploy
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathinit.yaml
executable file
·222 lines (211 loc) · 7.38 KB
/
init.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
---
- hosts: mycard
remote_user: root
tasks:
# ssh 密钥
- name: SSH 授权
authorized_key:
user: root
key: "{{ lookup('file', 'authorized_keys') }}"
- name: SSH 私钥
copy:
src: id_ecdsa
dest: /root/.ssh/id_ecdsa
mode: 0600
# 主机名
- name: 主机名
hostname:
name: "{{ inventory_hostname_short }}"
when: ansible_virtualization_type != 'docker'
- name: 主机 hosts
lineinfile:
dest: /etc/hosts
regexp: "^{{ ansible_default_ipv4.address }}"
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }} {{ inventory_hostname_short }}"
when: ansible_virtualization_type != 'docker'
# 系统源与软件包
- name: 系统源 (Debian)
copy:
content: |
deb http://deb.debian.org/debian stretch main
deb http://deb.debian.org/debian stretch-updates main
deb http://security.debian.org stretch/updates main
dest: /etc/apt/sources.list
when: ansible_distribution == 'Debian'
- name: 系统源 (Ubuntu)
copy:
content: |
deb http://cn.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted universe multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-security main restricted universe multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates main restricted universe multiverse
dest: /etc/apt/sources.list
when: ansible_distribution == 'Ubuntu'
- name: 系统源 更新缓存
apt:
name: apt-transport-https
update_cache: yes
- name: 系统源 更新
apt:
upgrade: dist
- name: 系统源 重启
shell: reboot
async: 0
poll: 0
register: reboot
args:
removes: /var/run/reboot-required
- name: 系统源 重启等待
local_action: wait_for host={{ ansible_ssh_host }} state=started
when: reboot.changed
- name: 重新读取主机信息
setup:
- name: TCP 优化 队列策略
sysctl:
name: net.core.default_qdisc
value: fq
sysctl_set: yes
- name: TCP 优化 拥塞策略
sysctl:
name: net.ipv4.tcp_congestion_control
value: bbr
sysctl_set: yes
# Docker
- name: Docker 源公钥
apt_key:
url: https://download.docker.com/linux/debian/gpg
- name: Docker 源
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable
filename: docker
- name: fish 源公钥 (Debian)
apt_key:
url: http://download.opensuse.org/repositories/shells:fish:release:2/Debian_{{ ansible_distribution_major_version }}.0/Release.key
id: D880C8E4
when: ansible_distribution == 'Debian'
- name: fish 源 (Debian)
apt_repository:
repo: deb http://download.opensuse.org/repositories/shells:/fish:/release:/2/Debian_{{ ansible_distribution_major_version }}.0/ /
filename: fish
when: ansible_distribution == 'Debian'
- name: fish 源 (Ubuntu)
apt_repository:
repo: ppa:fish-shell/release-2
when: ansible_distribution == 'Ubuntu'
- name: 安装软件包
apt:
name: docker-ce,python-pip,mosh,byobu,curl,wget,htop,iftop,iotop,vim,git,tcpdump,locales,nfs-common,fish
state: latest
autoremove: yes
# locale,装这个是因为 mosh 会尝试按客户机语言去请求,如果服务器不支持对应语言可能会失败
- name: 终端环境 字符编码
locale_gen:
name: zh_CN.UTF-8
# fish 和 byobu
- name: 终端环境 fish
user:
name: root
shell: /usr/bin/fish
- name: 终端环境 fish omf
shell: curl -L http://get.oh-my.fish | fish
environment:
NONINTERACTIVE: true
ASSUME_YES: true
args:
creates: /root/.local/share/omf
- name: 终端环境 fish robbyrussell
shell: omf install robbyrussell
args:
executable: /usr/bin/fish
creates: /root/.local/share/omf/themes/robbyrussell
- name: 终端环境 byobu status
lineinfile:
name: /usr/share/byobu/status/status
line: 'tmux_right="#network #disk_io #custom #entropy raid reboot_required updates_available #apport #services #mail #users uptime #ec2_cost #rcs_cost #fan_speed #cpu_temp #battery #wifi_quality #processes load_average cpu_count cpu_freq memory #swap disk #whoami hostname #ip_address #time_utc #date #time"'
regexp: ^tmux_right=
- name: 终端环境 byobu enable
shell: byobu-enable
args:
creates: /root/.hushlogin
- name: 终端环境 byobu ctrl-a
command: byobu-ctrl-a emacs
args:
creates: /root/.byobu/keybindings.tmux
- name: 终端环境 fish 自动填充
file:
name: /root/.config/fish/completions
state: directory
- name: 终端环境 fish 自动填充 docker
copy:
src: /usr/share/fish/vendor_completions.d/docker.fish
dest: /root/.config/fish/completions/docker.fish
remote_src: yes
# git 相关配置
- name: git user.email
git_config:
name: user.email
scope: global
value: [email protected]
- name: git user.name
git_config:
name: user.name
scope: global
value: zh99998
- name: git push.default
git_config:
name: push.default
scope: global
value: simple
- name: git ssh
known_hosts:
name: github.com
key: "{{ lookup('pipe', 'ssh-keyscan github.com') }}"
# docker-compose,删除这两个路径是因为阿里云初始配置中做了多余的事情导致python加载路径不对了
- name: docker-compose 清理 pip
file:
path: /root/.pip
state: absent
- name: docker-compose 清理 easy install
file:
path: /usr/local/lib/python2.7/dist-packages/easy-install.pth
state: absent
- name: docker-compose pip
pip:
name: pip
state: latest
- name: docker-compose
pip:
name: docker-compose
state: latest
# docker 服务配置
# - ini_file:
# dest: /etc/systemd/system/docker.service.d/http-proxy.conf
# section: Service
# option: Environment
# value: '"HTTP_PROXY={{ ansible_env.HTTP_PROXY }}"'
# no_extra_spaces: yes
# when: "'HTTP_PROXY' in ansible_env"
- name: docker 配置 创建目录
file:
name: /etc/docker
state: directory
- name: docker 配置
copy:
content: |
{
"live-restore": true
}
dest: /etc/docker/daemon.json
- name: docker 启动
systemd:
name: docker
enabled: yes
state: started
when: ansible_virtualization_type != 'docker'
# 挂载数据盘
# - name: 挂载 NAS
# mount:
# name: /data/nas
# src: 0f82c484e6-iee57.cn-hangzhou.nas.aliyuncs.com:/
# fstype: nfs
# state: mounted
# when: ansible_virtualization_type != 'docker'