Basic configuration with docker

Signed-off-by: Yohann D'ANELLO <yohann.danello@gmail.com>

.ansible-lint

@@ -0,0 +1,2 @@
+skip_list:
+  - '301'

.gitlab-ci.yml

@@ -0,0 +1,19 @@
+---
+image: python:3.9-alpine
+
+stages:
+  - lint
+
+yamllint:
+  stage: lint
+  script:
+    - pip install yamllint==1.25.0
+    - yamllint -c .yamllint.yml .
+
+ansible-lint:
+  stage: lint
+  script:
+    - apk add gcc libc-dev libffi-dev openssl-dev
+    - pip install ansible-lint==4.3.7
+    - ansible-lint *.yml
+...

.yamllint.yml

@@ -0,0 +1,8 @@
+---
+extends: default
+
+rules:
+  line-length:
+    max: 120
+    level: warning
+...

ansible.cfg

@@ -0,0 +1,41 @@
+# Ansible configuration
+
+[defaults]
+
+# Use true Python version
+interpreter_python = /usr/bin/python3
+
+# Do not create .retry files
+retry_files_enabled = False
+
+# Use inventory
+inventory = ./hosts
+
+# Custom header in templates
+ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
+
+# Do not use cows (with cowsay)
+nocows = 1
+
+# Do more parallelism
+forks = 15
+
+# Some SSH connection will take time
+timeout = 60
+
+[privilege_escalation]
+
+# Use sudo to get priviledge access
+become = True
+
+# Ask for password
+become_ask_pass = True
+
+[diff]
+
+# TO know what changed
+always = yes
+
+
+[ssh_connection]
+pipelining = True

base.yml

@@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+---
+# Put a common configuration on all servers
+- hosts: all
+  roles:
+    - baseconfig

hosts

@@ -0,0 +1,3 @@
+[perso]
+templier.adh.crans.org
+dt.adh.crans.org

roles/baseconfig/files/skel/dot_zshrc.local

@@ -0,0 +1,326 @@
+# Filename:      /etc/skel/.zshrc
+# Purpose:       config file for zsh (z shell)
+# Authors:       (c) grml-team (grml.org)
+# Bug-Reports:   see http://grml.org/bugs/
+# License:       This file is licensed under the GPL v2 or any later version.
+################################################################################
+# Nowadays, grml's zsh setup lives in only *one* zshrc file.
+# That is the global one: /etc/zsh/zshrc (from grml-etc-core).
+# It is best to leave *this* file untouched and do personal changes to
+# your zsh setup via ${HOME}/.zshrc.local which is loaded at the end of
+# the global zshrc.
+#
+# That way, we enable people on other operating systems to use our
+# setup, too, just by copying our global zshrc to their ${HOME}/.zshrc.
+# Adjustments would still go to the .zshrc.local file.
+################################################################################
+
+## Aurore host color and white user
+zstyle ':prompt:grml:left:items:host' pre '%B%F{red}'
+zstyle ':prompt:grml:left:items:host' post '%f%b'
+zstyle ':prompt:grml:left:items:user' pre '%B'
+zstyle ':prompt:grml:left:items:user' post '%b'
+
+## Settings for umask
+#if (( EUID == 0 )); then
+#    umask 002
+#else
+#    umask 022
+#fi
+
+## Now, we'll give a few examples of what you might want to use in your
+## .zshrc.local file (just copy'n'paste and uncomment it there):
+
+## Prompt theme extension ##
+
+# Virtualenv support
+
+#function virtual_env_prompt () {
+#    REPLY=${VIRTUAL_ENV+(${VIRTUAL_ENV:t}) }
+#}
+#grml_theme_add_token  virtual-env -f virtual_env_prompt '%F{magenta}' '%f'
+#zstyle ':prompt:grml:left:setup' items rc virtual-env change-root user at host path vcs percent
+
+## ZLE tweaks ##
+
+## use the vi navigation keys (hjkl) besides cursor keys in menu completion
+#bindkey -M menuselect 'h' vi-backward-char        # left
+#bindkey -M menuselect 'k' vi-up-line-or-history   # up
+#bindkey -M menuselect 'l' vi-forward-char         # right
+#bindkey -M menuselect 'j' vi-down-line-or-history # bottom
+
+## set command prediction from history, see 'man 1 zshcontrib'
+#is4 && zrcautoload predict-on && \
+#zle -N predict-on         && \
+#zle -N predict-off        && \
+#bindkey "^X^Z" predict-on && \
+#bindkey "^Z" predict-off
+
+## press ctrl-q to quote line:
+#mquote () {
+#      zle beginning-of-line
+#      zle forward-word
+#      # RBUFFER="'$RBUFFER'"
+#      RBUFFER=${(q)RBUFFER}
+#      zle end-of-line
+#}
+#zle -N mquote && bindkey '^q' mquote
+
+## define word separators (for stuff like backward-word, forward-word, backward-kill-word,..)
+#WORDCHARS='*?_-.[]~=/&;!#$%^(){}<>' # the default
+#WORDCHARS=.
+#WORDCHARS='*?_[]~=&;!#$%^(){}'
+#WORDCHARS='${WORDCHARS:s@/@}'
+
+# just type '...' to get '../..'
+#rationalise-dot() {
+#local MATCH
+#if [[ $LBUFFER =~ '(^|/| |	|'$'\n''|\||;|&)\.\.$' ]]; then
+#  LBUFFER+=/
+#  zle self-insert
+#  zle self-insert
+#else
+#  zle self-insert
+#fi
+#}
+#zle -N rationalise-dot
+#bindkey . rationalise-dot
+## without this, typing a . aborts incremental history search
+#bindkey -M isearch . self-insert
+
+#bindkey '\eq' push-line-or-edit
+
+## some popular options ##
+
+## add `|' to output redirections in the history
+#setopt histallowclobber
+
+## try to avoid the 'zsh: no matches found...'
+#setopt nonomatch
+
+## warning if file exists ('cat /dev/null > ~/.zshrc')
+#setopt NO_clobber
+
+## don't warn me about bg processes when exiting
+#setopt nocheckjobs
+
+## alert me if something failed
+#setopt printexitvalue
+
+## with spelling correction, assume dvorak kb
+#setopt dvorak
+
+## Allow comments even in interactive shells
+#setopt interactivecomments
+
+
+## compsys related snippets ##
+
+## changed completer settings
+#zstyle ':completion:*' completer _complete _correct _approximate
+#zstyle ':completion:*' expand prefix suffix
+
+## another different completer setting: expand shell aliases
+#zstyle ':completion:*' completer _expand_alias _complete _approximate
+
+## to have more convenient account completion, specify your logins:
+#my_accounts=(
+# {grml,grml1}@foo.invalid
+# grml-devel@bar.invalid
+#)
+#other_accounts=(
+# {fred,root}@foo.invalid
+# vera@bar.invalid
+#)
+#zstyle ':completion:*:my-accounts' users-hosts $my_accounts
+#zstyle ':completion:*:other-accounts' users-hosts $other_accounts
+
+## add grml.org to your list of hosts
+#hosts+=(grml.org)
+#zstyle ':completion:*:hosts' hosts $hosts
+
+## telnet on non-default ports? ...well:
+## specify specific port/service settings:
+#telnet_users_hosts_ports=(
+#  user1@host1:
+#  user2@host2:
+#  @mail-server:{smtp,pop3}
+#  @news-server:nntp
+#  @proxy-server:8000
+#)
+#zstyle ':completion:*:*:telnet:*' users-hosts-ports $telnet_users_hosts_ports
+
+## the default grml setup provides '..' as a completion. it does not provide
+## '.' though. If you want that too, use the following line:
+#zstyle ':completion:*' special-dirs true
+
+## aliases ##
+
+## translate
+#alias u='translate -i'
+
+## ignore ~/.ssh/known_hosts entries
+#alias insecssh='ssh -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null" -o "PreferredAuthentications=keyboard-interactive"'
+
+
+## global aliases (for those who like them) ##
+
+#alias -g '...'='../..'
+#alias -g '....'='../../..'
+#alias -g BG='& exit'
+#alias -g C='|wc -l'
+#alias -g G='|grep'
+#alias -g H='|head'
+#alias -g Hl=' --help |& less -r'
+#alias -g K='|keep'
+#alias -g L='|less'
+#alias -g LL='|& less -r'
+#alias -g M='|most'
+#alias -g N='&>/dev/null'
+#alias -g R='| tr A-z N-za-m'
+#alias -g SL='| sort | less'
+#alias -g S='| sort'
+#alias -g T='|tail'
+#alias -g V='| vim -'
+
+## instead of global aliase it might be better to use grmls $abk assoc array, whose contents are expanded after pressing ,.
+#$abk[SnL]="| sort -n | less"
+
+## get top 10 shell commands:
+#alias top10='print -l ${(o)history%% *} | uniq -c | sort -nr | head -n 10'
+
+## Execute \kbd{./configure}
+#alias CO="./configure"
+
+## Execute \kbd{./configure --help}
+#alias CH="./configure --help"
+
+## miscellaneous code ##
+
+## Use a default width of 80 for manpages for more convenient reading
+#export MANWIDTH=${MANWIDTH:-80}
+
+## Set a search path for the cd builtin
+#cdpath=(.. ~)
+
+## variation of our manzsh() function; pick you poison:
+#manzsh()  { /usr/bin/man zshall |  most +/"$1" ; }
+
+## Switching shell safely and efficiently? http://www.zsh.org/mla/workers/2001/msg02410.html
+#bash() {
+#    NO_SWITCH="yes" command bash "$@"
+#}
+#restart () {
+#    exec $SHELL $SHELL_ARGS "$@"
+#}
+
+## Handy functions for use with the (e::) globbing qualifier (like nt)
+#contains() { grep -q "$*" $REPLY }
+#sameas() { diff -q "$*" $REPLY &>/dev/null }
+#ot () { [[ $REPLY -ot ${~1} ]] }
+
+## get_ic() - queries imap servers for capabilities; real simple. no imaps
+#ic_get() {
+#    emulate -L zsh
+#    local port
+#    if [[ ! -z $1 ]] ; then
+#        port=${2:-143}
+#        print "querying imap server on $1:${port}...\n";
+#        print "a1 capability\na2 logout\n" | nc $1 ${port}
+#    else
+#        print "usage:\n  $0 <imap-server> [port]"
+#    fi
+#}
+
+## List all occurrences of programm in current PATH
+#plap() {
+#    emulate -L zsh
+#    if [[ $# = 0 ]] ; then
+#        echo "Usage:    $0 program"
+#        echo "Example:  $0 zsh"
+#        echo "Lists all occurrences of program in the current PATH."
+#    else
+#        ls -l ${^path}/*$1*(*N)
+#    fi
+#}
+
+## Find out which libs define a symbol
+#lcheck() {
+#    if [[ -n "$1" ]] ; then
+#        nm -go /usr/lib/lib*.a 2>/dev/null | grep ":[[:xdigit:]]\{8\} . .*$1"
+#    else
+#        echo "Usage: lcheck <function>" >&2
+#    fi
+#}
+
+## Download a file and display it locally
+#uopen() {
+#    emulate -L zsh
+#    if ! [[ -n "$1" ]] ; then
+#        print "Usage: uopen \$URL/\$file">&2
+#        return 1
+#    else
+#        FILE=$1
+#        MIME=$(curl --head $FILE | \
+#               grep Content-Type | \
+#               cut -d ' ' -f 2 | \
+#               cut -d\; -f 1)
+#        MIME=${MIME%$'\r'}
+#        curl $FILE | see ${MIME}:-
+#    fi
+#}
+
+## Memory overview
+#memusage() {
+#    ps aux | awk '{if (NR > 1) print $5;
+#                   if (NR > 2) print "+"}
+#                   END { print "p" }' | dc
+#}
+
+## print hex value of a number
+#hex() {
+#    emulate -L zsh
+#    if [[ -n "$1" ]]; then
+#        printf "%x\n" $1
+#    else
+#        print 'Usage: hex <number-to-convert>'
+#        return 1
+#    fi
+#}
+
+## log out? set timeout in seconds...
+## ...and do not log out in some specific terminals:
+#if [[ "${TERM}" == ([Exa]term*|rxvt|dtterm|screen*) ]] ; then
+#    unset TMOUT
+#else
+#    TMOUT=1800
+#fi
+
+## associate types and extensions (be aware with perl scripts and anwanted behaviour!)
+#check_com zsh-mime-setup || { autoload zsh-mime-setup && zsh-mime-setup }
+#alias -s pl='perl -S'
+
+## ctrl-s will no longer freeze the terminal.
+#stty erase "^?"
+
+## you want to automatically use a bigger font on big terminals?
+#if [[ "$TERM" == "xterm" ]] && [[ "$LINES" -ge 50 ]] && [[ "$COLUMNS" -ge 100 ]] && [[ -z "$SSH_CONNECTION" ]] ; then
+#    large
+#fi
+
+## Some quick Perl-hacks aka /useful/ oneliner
+#bew() { perl -le 'print unpack "B*","'$1'"' }
+#web() { perl -le 'print pack "B*","'$1'"' }
+#hew() { perl -le 'print unpack "H*","'$1'"' }
+#weh() { perl -le 'print pack "H*","'$1'"' }
+#pversion()    { perl -M$1 -le "print $1->VERSION" } # i. e."pversion LWP -> 5.79"
+#getlinks ()   { perl -ne 'while ( m/"((www|ftp|http):\/\/.*?)"/gc ) { print $1, "\n"; }' $* }
+#gethrefs ()   { perl -ne 'while ( m/href="([^"]*)"/gc ) { print $1, "\n"; }' $* }
+#getanames ()  { perl -ne 'while ( m/a name="([^"]*)"/gc ) { print $1, "\n"; }' $* }
+#getforms ()   { perl -ne 'while ( m:(\</?(input|form|select|option).*?\>):gic ) { print $1, "\n"; }' $* }
+#getstrings () { perl -ne 'while ( m/"(.*?)"/gc ) { print $1, "\n"; }' $*}
+#showINC ()    { perl -e 'for (@INC) { printf "%d %s\n", $i++, $_ }' }
+#vimpm ()      { vim `perldoc -l $1 | sed -e 's/pod$/pm/'` }
+#vimhelp ()    { vim -c "help $1" -c on -c "au! VimEnter *" }
+
+## END OF FILE #################################################################

roles/baseconfig/files/update-motd.d/00-logo

@@ -0,0 +1,39 @@
+#!/bin/sh
+# {{ ansible_managed }}
+
+# Pretty uptime
+upSeconds="$(/usr/bin/cut -d. -f1 /proc/uptime)"
+mins=$((${upSeconds}/60%60))
+hours=$((${upSeconds}/3600%24))
+days=$((${upSeconds}/86400))
+UPTIME=`printf "%d jours, %02dh%02dm" "$days" "$hours" "$mins"`
+
+# RAM
+RAM=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2 }'`
+DISK=`df -h | awk '$NF=="/"{printf "%d/%dGB (%s)\n", $3,$2,$5}'`
+
+# Text font
+bold=$(tput bold)
+normal=$(tput sgr0)
+
+# Logo
+cat << EOF
+
+                                            ${bold}Uptime${normal} : ${UPTIME}
+                                            ${bold}Mémoire${normal} : ${RAM}
+                                            ${bold}Disque racine${normal} : ${DISK}
+                                         
+                                         
+                                         
+                                         
+                                         
+                                         
+                                         
+                                         
+                                         
+                                         
+                                         
+                                         
+                   ${bold}Aurore${normal}                
+
+EOF

roles/baseconfig/files/update-motd.d/10-uname

@@ -0,0 +1,3 @@
+#!/bin/sh
+# {{ ansible_managed }}
+uname -snrvm

roles/baseconfig/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+# Reconfigure locales when conf changes
+- name: Reconfigure locales
+  command: dpkg-reconfigure locales -f noninteractive

roles/baseconfig/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+- name: Install basic tools
+  apt:
+    name:
+      - apt  # better than apt-get
+      - aptitude  # nice to have for Ansible
+      - bash-completion  # because bash
+      - curl # better than wget
+      - git  # code versioning
+      - htop  # better than top
+      - less  # i like cats
+      - sudo # i am god
+      - tmux # better than screen
+      - tree  # create a graphical tree of files
+      - vim  # better than nano
+      - molly-guard  # prevent reboot
+      - ntp  # network time sync
+      - emacs-nox  # for maman
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+# Pimp my server
+- name: Customize motd
+  copy:
+    src: "update-motd.d/{{ item }}"
+    dest: "/etc/update-motd.d/{{ item }}"
+    mode: 0755
+  loop:
+    - 00-logo
+    - 10-uname
+
+- name: Remove Debian warranty motd
+  file:
+    path: /etc/motd
+    state: absent
+
+# Patriotisme
+- name: Ensure French UTF-8 locale exists
+  locale_gen:
+    name: fr_FR.UTF-8
+    state: present
+
+# Fix LC_CTYPE="C"
+- name: Select default locale
+  debconf:
+    name: locales
+    question: locales/default_environment_locale
+    value: fr_FR.UTF-8
+    vtype: select
+  notify: Reconfigure locales

roles/docker/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+- name: Install docker
+  apt:
+    update_cache: true
+    name:
+      - docker
+      - docker.io
+      - docker-compose
+    state: present
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Indicate role in motd
+  template:
+    src: update-motd.d/05-service.j2
+    dest: /etc/update-motd.d/05-docker
+    mode: 0755

roles/docker/templates/update-motd.d/05-service.j2

@@ -0,0 +1,3 @@
+#!/bin/sh
+# {{ ansible_managed }}
+echo "> Les recettes Docker-compose se trouvent dans /var/local/ansible-docker"