opnxng
/
vps-set-up-playbook
mirror of https://git.opnxng.com/opnxng/vps-set-up-playbook.git
1
0
Fork 0
Code

Added systemd-resolved + neovim role

This commit is contained in:
Opnxng 2023-11-14 00:06:09 +08:00
parent 6a136b9b98
commit c5cd8bf6cc
9 changed files with 221 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,4 +1,5 @@
vars/secrets.yaml
production
.hidden
.vscode
.vscode
*.swp

15
README.md
View File

@ -13,7 +13,9 @@ On a fresh Debian system, replace the default `debian` user:
sudo passwd root
# Configurate SSHD to temporarily allow root login with password
sudo nano /etc/ssh/sshd_config.d/sshd.conf
sudo nano /etc/ssh/sshd_config
sudo systemctl restart sshd
cp /home/debian/.ssh/authorized_keys /root/.ssh/authorized_keys
# Login as root, add new user and delete debian user
su root
@ -21,15 +23,14 @@ sudo groupmod -n [user] debian
sudo usermod -l [user] debian
sudo usermod -d /home/[user] -m [user]
sudo passwd [user]
sudo userdel debian
sudo rm -r /home/debian
cp /root/.ssh/authorized_keys /home/[user]/.ssh/authorized_keys
# Switched [user]
su [user]
# SSH to [user]
sudo rm /root/.ssh/authorized_keys
sudo passwd -dl root
# Configurate SSHD again to allow [user] login and to set a custom port
sudo nano /etc/ssh/sshd_config.d/sshd.conf
# Disable root in SSHD
sudo nano /etc/ssh/sshd_config
```
## Configurations

2
roles/docker/tasks/main.yaml
View File

@ -37,7 +37,7 @@
dest: "/etc/docker/daemon.json"
owner: 0
group: 0
mode: 0600
mode: 0644
- name: Restart docker
service:

110
roles/neovim/files/init.vim Normal file
View File

@ -0,0 +1,110 @@
" Basic configurations
set clipboard=unnamedplus
set nocompatible
syntax on
set encoding=utf-8
set number
set textwidth=100
set novisualbell
let mapleader =","
set guicursor=v-c-sm:block,n-i-ci-ve:ver25,r-cr-o:hor20
" Spell-check set to <leader>o, 'o' for 'orthography':
map <leader>o :setlocal spell! spelllang=en_us<CR>
" Splits open at the bottom and right, which is non-retarded, unlike vim defaults.
set splitbelow splitright
" Enable autocompletion:
set wildmode=longest,list,full
" Disables automatic commenting on newline:
autocmd FileType * setlocal formatoptions-=c formatoptions-=r formatoptions-=o
" Indentations
" set smartindent
" set smarttab
set softtabstop=2
set shiftwidth=2
set expandtab
filetype plugin indent on
" Search and Replace
set ignorecase
set smartcase
set nohlsearch
" set hlsearch
set incsearch
" Splits open at the bottom and right, which is non-retarded, unlike vim defaults.
set splitbelow splitright
nnoremap <C-j> :bprevious<CR>
nnoremap <C-k> :bnext<CR>
nnoremap <leader>b :Buffer<CR>
" Toggle line numbers
nmap <C-N><C-N> :set invnumber<CR>
" Other remaps
nnoremap F :Files<CR>
imap jj <Esc>
set backspace=indent,eol,start
nnoremap S :%s///g<Left><Left><Left>
noremap <Up> <Nop>
noremap <Down> <Nop>
noremap <Left> <Nop>
noremap <Right> <Nop>
" Edit .j2 as yaml files
au BufNewFile,BufReadPost *.yaml.j2 set filetype=yaml
" Remove trailing whitespace
autocmd BufWritePre * %s/\s\+$//e
" Whitespace as shown as dots
set list
set listchars=lead,trail,tab:»\ ,extends,precedes,nbsp
" Plugins
call plug#begin()
Plug 'junegunn/goyo.vim'
Plug 'junegunn/fzf', { 'do': { -> fzf#install() } }
Plug 'junegunn/fzf.vim'
Plug 'marklcrns/vim-smartq'
call plug#end()
" Smartq
let g:smartq_default_mappings = 0
nnoremap ZZ :w<CR>:SmartQ<CR>
nnoremap ZQ <Plug>(smartq_this)
" Goyo
autocmd vimenter * Goyo 100
function! s:goyo_enter()
set linebreak
set wrap
let b:quitting = 0
let b:quitting_bang = 0
autocmd QuitPre <buffer> let b:quitting = 1
cabbrev <buffer> q! let b:quitting_bang = 1 <bar> q!
endfunction
function! s:goyo_leave()
" Quit Vim if this is the only remaining buffer
if b:quitting && len(filter(range(1, bufnr('$')), 'buflisted(v:val)')) == 1
if b:quitting_bang
qa!
else
qa
endif
endif
endfunction
autocmd! User GoyoEnter call <SID>goyo_enter()
autocmd! User GoyoLeave call <SID>goyo_leave()
" Colours
highlight NonText ctermfg=DarkGrey
highlight SpecialKey ctermfg=DarkGrey
highlight StatusLine ctermbg=White ctermfg=DarkGrey
highlight LineNr ctermfg=DarkGrey

58
roles/neovim/tasks/main.yaml Normal file
View File

@ -0,0 +1,58 @@
- name: Purge Vim
apt:
name: vim
state: absent
- name: Install Neovim
apt:
name:
- neovim
state: latest
install_recommends: false
- name: Create .config folder
file:
path: "/home/{{ user }}/.config"
state: directory
owner: 1000
group: 1000
mode: "0755"
- name: Create nvim folder
file:
path: "/home/{{ user }}/.config/nvim"
state: directory
owner: 1000
group: 1000
mode: "0755"
become: yes
become_method: sudo
become_user: "{{ user }}"
- name: Copy init.vim
copy:
src: "init.vim"
dest: "/home/{{ user }}/.config/nvim/init.vim"
owner: 1000
group: 1000
mode: "0755"
become: yes
become_method: sudo
become_user: "{{ user }}"
- name: Download Vim Plug
command: >
sh -c 'curl -fLo "/home/{{ user }}/.local/share/nvim/site/autoload/plug.vim"
--create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim'
become: yes
become_method: sudo
become_user: "{{ user }}"
- name: Install Vim Plug
command: >
vim -u /home/{{ user }}/.config/nvim/init.vim +'PlugInstall --sync' +qa
args:
creates: "/home/{{ user }}/.config/nvim/plugged"
become: yes
become_method: sudo
become_user: "{{ user }}"

2
roles/sources-list/tasks/main.yaml
View File

@ -1,4 +1,4 @@
- name: Set up source list
- name: Copy source list
copy:
src: "sources.list"
dest: "/etc/apt/sources.list"

2
roles/systemd-resolved/files/oracle.conf Normal file
View File

@ -0,0 +1,2 @@
DNS=169.254.169.254
Domains=.

32
roles/systemd-resolved/tasks/main.yaml Normal file
View File

@ -0,0 +1,32 @@
- name: Install systemd-resolved
apt:
name:
- systemd-resolved
state: latest
install_recommends: false
when: inventory_hostname in groups["oracle"]
- name: Create resolved.conf.d directory
ansible.builtin.file:
path: /etc/systemd/resolved.conf.d
state: directory
owner: 0
group: 0
mode: '0755'
when: inventory_hostname in groups["oracle"]
- name: Set up /etc/systemd/resolved.conf.d/oracle.conf
copy:
src: "oracle.conf"
dest: "/etc/systemd/resolved.conf.d/oracle.conf"
owner: 0
group: 0
mode: "0644"
when: inventory_hostname in groups["oracle"]
- name: Restart systemd-resolved
service:
name: systemd-resolved
enabled: true
state: restarted
when: inventory_hostname in groups["oracle"]

8
set-up.yaml
View File

@ -12,9 +12,9 @@
- name: Install packages
apt:
name:
- neovim
- iputils-ping
- cron
- fzf
- git
- curl
- zip
@ -26,13 +26,19 @@
autoclean: true
autoremove: true
- name: Touch .hushlogin
file:
path: "/home/{{ user }}/.hushlogin"
state: touch
# ----------------------------------------------------------------------------------------------------
roles:
- neovim
- disable-root
- timezone
- chrony
- hostname
- systemd-resolved
- sources-list
- ssh
- ufw-opnxng