diff --git a/README.md b/README.md index a9ca345..6503514 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Debian 13 Ansible workstation installation -Collection of ansible roles to provision a debian 13 workstation +Collection of ansible roles to provision a debian 13 workstation locally ## Configuration diff --git a/ansible.cfg b/ansible.cfg index f6f6fdc..3e953c6 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,4 +1,5 @@ [defaults] +vault_password_file = .ansible_vault_pass inventory = inventory.ini roles_path = roles host_key_checking = False diff --git a/files/sources.list b/files/sources.list new file mode 100644 index 0000000..5d35a15 --- /dev/null +++ b/files/sources.list @@ -0,0 +1,14 @@ +deb https://deb.debian.org/debian/ trixie contrib main non-free non-free-firmware +# deb-src https://deb.debian.org/debian/ trixie contrib main non-free non-free-firmware + +deb https://deb.debian.org/debian/ trixie-updates contrib main non-free non-free-firmware +# deb-src https://deb.debian.org/debian/ trixie-updates contrib main non-free non-free-firmware + +deb https://deb.debian.org/debian/ trixie-proposed-updates contrib main non-free non-free-firmware +# deb-src https://deb.debian.org/debian/ trixie-proposed-updates contrib main non-free non-free-firmware + +deb https://deb.debian.org/debian/ trixie-backports contrib main non-free non-free-firmware +# deb-src https://deb.debian.org/debian/ trixie-backports contrib main non-free non-free-firmware + +deb https://security.debian.org/debian-security/ trixie-security contrib main non-free non-free-firmware +# deb-src https://security.debian.org/debian-security/ trixie-security contrib main non-free non-free-firmware diff --git a/group_vars/all.yml b/group_vars/all.yml index 1e14861..909069d 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,3 +1,45 @@ --- +ansible_become: true +# ansible_become_pass: "{{ vault_ansible_become_pass }}" + timezone: Europe/Paris ansible_user: "{{ lookup('env', 'USER') }}" + +common: + apt_update_cache: true + apt_upgrade: true + +devtools: + tabby_version: "1.0.215" + tabby_deb_url: "https://github.com/Eugeny/tabby/releases/download/v{{ tabby_version }}/tabby-{{ tabby_version }}-linux-x64.deb" + go_version: "1.22.1" + go_arch: "amd64" + go_tarball: "go{{ go_version }}.linux-{{ go_arch }}.tar.gz" + go_url: "https://go.dev/dl/{{ go_tarball }}" + go_install_dir: /usr/local + +element: + element_version: "1.11.73" + element_deb_url: "https://packages.element.io/debian/pool/main/e/element-desktop/element-desktop_{{ element_version }}_amd64.deb" + +ollama: + ollama_install_script: https://ollama.com/install.sh + ollama_service_name: ollama + ollama_user: ollama + ollama_bin: /usr/local/bin/ollama + ollama_models: + - llama3.2:3b + +opentofu: + opentofu_repo: https://packages.opentofu.org/opentofu/tofu/any/ any main + opentofu_key_url: https://packages.opentofu.org/opentofu/tofu/gpgkey + +wine: + winehq_repo_url: https://dl.winehq.org/wine-builds/debian/dists/trixie/winehq-trixie.sources + winehq_key_url: https://dl.winehq.org/wine-builds/winehq.key + winehq_keyring: /etc/apt/keyrings/winehq-archive.key + winehq_packages: + - winehq-stable + +kubectl: + kubectl_version: "1.35" \ No newline at end of file diff --git a/inventory.ini b/inventory.ini index a08f52a..260a661 100644 --- a/inventory.ini +++ b/inventory.ini @@ -3,4 +3,4 @@ # localhost ansible_connection=local # Exexcute on distant server -123.45.67.89 ansible_user=my_user ansible_port=2222 +192.168.0.244 ansible_user=greg ansible_port=22 diff --git a/playbooks/install.yml b/playbooks/install.yml index 79521c1..5b8becd 100644 --- a/playbooks/install.yml +++ b/playbooks/install.yml @@ -1,7 +1,7 @@ --- - name: Installation Debian 13 complète hosts: all - become: true + become: yes roles: - common @@ -10,5 +10,8 @@ - docker - podman - opentofu + - ollama - element - - wine \ No newline at end of file + - wine + - steam + - kubectl \ No newline at end of file diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 1f74240..7cd9777 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -3,6 +3,7 @@ ansible.builtin.apt: update_cache: true cache_valid_time: 3600 + tags: common - name: Déployer /etc/apt/sources.list ansible.builtin.copy: @@ -13,17 +14,19 @@ mode: '0644' backup: yes notify: apt update + tags: common - name: Mettre à jour le cache APT ansible.builtin.apt: update_cache: yes when: apt_update_cache + tags: common - name: Mettre à jour tous les paquets ansible.builtin.apt: upgrade: dist when: apt_upgrade - + tags: common - name: Paquets de base ansible.builtin.apt: @@ -42,3 +45,4 @@ - wireguard - python3-venv state: present + tags: common diff --git a/roles/devtools/tasks/main.yml b/roles/devtools/tasks/main.yml index d2f66fd..a0f7e09 100644 --- a/roles/devtools/tasks/main.yml +++ b/roles/devtools/tasks/main.yml @@ -9,9 +9,9 @@ - linuxlogo - lolcat - vagrant - - links2 - kew state: present + tags: devtools # VScodium - name: Ajouter la clé GPG VSCodium @@ -19,19 +19,22 @@ url: https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg dest: /usr/share/keyrings/vscodium.gpg mode: '0644' + tags: devtools - name: Ajouter le dépôt VSCodium ansible.builtin.apt_repository: repo: "deb [signed-by=/usr/share/keyrings/vscodium.gpg] https://download.vscodium.com/debs vscodium main" filename: vscodium state: present + tags: devtools - name: Installer VSCodium ansible.builtin.apt: name: codium update_cache: true state: present - tags: vscodium + tags: devtools + # Tabby.sh - name: Télécharger Tabby @@ -39,19 +42,19 @@ url: "{{ tabby_deb_url }}" dest: /tmp/tabby.deb mode: '0644' - tags: tabby + tags: devtools - name: Installer Tabby ansible.builtin.apt: deb: /tmp/tabby.deb state: present - tags: tabby + tags: devtools - name: Vérifier si Go est déjà installé ansible.builtin.stat: path: "{{ go_install_dir }}/go/bin/go" register: go_installed - tags: go + tags: devtools # Go - name: Télécharger Go {{ go_version }} @@ -60,14 +63,14 @@ dest: "/tmp/{{ go_tarball }}" mode: '0644' when: not go_installed.stat.exists - tags: go + tags: devtools - name: Supprimer ancienne installation Go ansible.builtin.file: path: "{{ go_install_dir }}/go" state: absent when: not go_installed.stat.exists - tags: go + tags: devtools - name: Installer Go {{ go_version }} ansible.builtin.unarchive: @@ -75,7 +78,7 @@ dest: "{{ go_install_dir }}" remote_src: true when: not go_installed.stat.exists - tags: go + tags: devtools - name: Ajouter Go au PATH global ansible.builtin.copy: @@ -83,4 +86,4 @@ mode: '0755' content: | export PATH=$PATH:/usr/local/go/bin - tags: go + tags: devtools diff --git a/roles/kubectl/defaults/main.yml b/roles/kubectl/defaults/main.yml new file mode 100644 index 0000000..2591242 --- /dev/null +++ b/roles/kubectl/defaults/main.yml @@ -0,0 +1,2 @@ +kubectl_version: "1.35" +kubectl_install_path: /usr/bin diff --git a/roles/kubectl/tasks/main.yml b/roles/kubectl/tasks/main.yml new file mode 100644 index 0000000..43ce92c --- /dev/null +++ b/roles/kubectl/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Install dependencies + apt: + name: + - ca-certificates + - curl + - gnupg + state: present + update_cache: yes + tags: kubectl + +- name: Create keyring directory + file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + tags: kubectl + +- name: Download Kubernetes GPG key + get_url: + url: https://pkgs.k8s.io/core:/stable:/v{{ kubectl_version }}/deb/Release.key + dest: /etc/apt/keyrings/kubernetes-apt-keyring.gpg + mode: "0644" + tags: kubectl + +- name: Add Kubernetes repository + apt_repository: + repo: > + deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] + https://pkgs.k8s.io/core:/stable:/v{{ kubectl_version }}/deb/ / + state: present + filename: kubernetes + tags: kubectl + +- name: Install kubectl + apt: + name: kubectl + state: present + update_cache: yes + tags: kubectl \ No newline at end of file diff --git a/roles/ollama/defaults/main.yml b/roles/ollama/defaults/main.yml index e934841..a054341 100644 --- a/roles/ollama/defaults/main.yml +++ b/roles/ollama/defaults/main.yml @@ -1,4 +1,5 @@ --- ollama_install_script: https://ollama.com/install.sh +ollama_models: [] ollama_service_name: ollama -ollama_bin: /usr/local/bin/ollama \ No newline at end of file +ollama_bin: /usr/local/bin/ollama diff --git a/roles/ollama/tasks/install.yml b/roles/ollama/tasks/install.yml new file mode 100644 index 0000000..8daeeac --- /dev/null +++ b/roles/ollama/tasks/install.yml @@ -0,0 +1,41 @@ +--- +- name: Vérifier que le système est Linux + assert: + that: + - ansible_facts.system == "Linux" + fail_msg: "Ollama est uniquement supporté sur Linux" + tags: ollama + +- name: Vérifier si Ollama est déjà installé + ansible.builtin.stat: + path: "{{ ollama_bin }}" + register: ollama_bin_stat + tags: ollama + +- name: Installer curl (prérequis) + ansible.builtin.apt: + name: curl + state: present + update_cache: yes + tags: ollama + +- name: Télécharger le script d’installation Ollama + ansible.builtin.get_url: + url: "{{ ollama_install_script }}" + dest: /tmp/ollama_install.sh + mode: '0755' + when: not ollama_bin_stat.stat.exists + tags: ollama + +- name: Installer Ollama + ansible.builtin.command: /tmp/ollama_install.sh + when: not ollama_bin_stat.stat.exists + notify: Restart Ollama + tags: ollama + +- name: Activer et démarrer le service Ollama + ansible.builtin.systemd: + name: "{{ ollama_service_name }}" + enabled: yes + state: started + tags: ollama diff --git a/roles/ollama/tasks/main.yml b/roles/ollama/tasks/main.yml index 0cec734..7a9c6a9 100644 --- a/roles/ollama/tasks/main.yml +++ b/roles/ollama/tasks/main.yml @@ -1,35 +1,6 @@ --- -- name: Vérifier que le système est Linux - ansible.builtin.assert: - that: - - ansible_facts['kernel'] == "Linux" - fail_msg: "Ollama est uniquement supporté sur Linux" +- import_tasks: install.yml + tags: ollama -- name: Vérifier si Ollama est déjà installé - ansible.builtin.stat: - path: "{{ ollama_bin }}" - register: ollama_bin_stat - -- name: Installer curl (prérequis) - ansible.builtin.apt: - name: curl - state: present - update_cache: yes - -- name: Télécharger le script d’installation Ollama - ansible.builtin.get_url: - url: "{{ ollama_install_script }}" - dest: /tmp/ollama_install.sh - mode: '0755' - when: not ollama_bin_stat.stat.exists - -- name: Installer Ollama - ansible.builtin.command: /tmp/ollama_install.sh - when: not ollama_bin_stat.stat.exists - notify: Restart Ollama - -- name: Activer et démarrer le service Ollama - ansible.builtin.systemd: - name: "{{ ollama_service_name }}" - enabled: yes - state: started +- import_tasks: models.yml + tags: ollama diff --git a/roles/ollama/tasks/models.yml b/roles/ollama/tasks/models.yml new file mode 100644 index 0000000..5f2888e --- /dev/null +++ b/roles/ollama/tasks/models.yml @@ -0,0 +1,6 @@ +- name: Pull ollama models + become: true + command: > + {{ ollama_bin }} pull {{ item.name }} + loop: "{{ ollama_models }}" + tags: ollama \ No newline at end of file diff --git a/roles/steam/tasks/main.yml b/roles/steam/tasks/main.yml index c360a3c..31ffe03 100644 --- a/roles/steam/tasks/main.yml +++ b/roles/steam/tasks/main.yml @@ -4,23 +4,21 @@ that: - ansible_facts['distribution'] == "Debian" fail_msg: "Ce rôle est prévu uniquement pour Debian" + tags: steam - name: Ajouter l’architecture i386 ansible.builtin.command: dpkg --add-architecture i386 register: add_i386 changed_when: add_i386.rc == 0 - -- name: Activer contrib et non-free - ansible.builtin.apt_repository: - repo: "deb http://deb.debian.org/debian {{ ansible_facts['distribution_release'] }} main contrib non-free non-free-firmware" - state: present - filename: debian-contrib-nonfree + tags: steam - name: Mettre à jour le cache APT ansible.builtin.apt: update_cache: yes + tags: steam - name: Installer Steam ansible.builtin.apt: name: steam state: present + tags: steam \ No newline at end of file diff --git a/roles/wine/tasks/main.yml b/roles/wine/tasks/main.yml index 1bec898..c06ad14 100644 --- a/roles/wine/tasks/main.yml +++ b/roles/wine/tasks/main.yml @@ -4,23 +4,27 @@ that: - ansible_facts['distribution'] == "Debian" fail_msg: "Ce rôle est prévu uniquement pour Debian" + tags: wine - name: Ajouter l’architecture i386 ansible.builtin.command: dpkg --add-architecture i386 register: add_i386 changed_when: add_i386.rc == 0 + tags: wine - name: Créer le dossier keyrings ansible.builtin.file: path: /etc/apt/keyrings state: directory mode: '0755' + tags: wine - name: Télécharger et installer la clé WineHQ ansible.builtin.get_url: url: "{{ winehq_key_url }}" dest: /tmp/winehq.key mode: '0644' + tags: wine - name: Convertir la clé en keyring GPG ansible.builtin.command: > @@ -29,19 +33,23 @@ /tmp/winehq.key args: creates: "{{ winehq_keyring }}" + tags: wine - name: Ajouter le dépôt WineHQ ansible.builtin.get_url: url: "{{ winehq_repo_url }}" dest: /etc/apt/sources.list.d/winehq-trixie.sources mode: '0644' + tags: wine - name: Mettre à jour le cache APT ansible.builtin.apt: update_cache: yes + tags: wine - name: Installer WineHQ Stable (avec recommandations) ansible.builtin.apt: name: "{{ winehq_packages }}" state: present install_recommends: yes + tags: wine