playbook ansible WIP

roles/pxeserver/tasks/common.yml

@@ -0,0 +1,83 @@
+---
+- name: Set up multiple authorized keys
+  authorized_key:
+    user: root
+    state: present
+    key: "{{ ssh_key }}"
+
+- name: Set hostname
+  template:
+    src: etc_hostname
+    dest: /etc/hostname
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+
+- name: Set hostname (hosts file)
+  template:
+    src: etc_hosts
+    dest: /etc/hosts
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: reboot
+
+- name: Updating package cache
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+  become: true
+  ignore_errors: true
+
+- name: Installing common packages
+  apt:
+    name:
+      [
+        "htop",
+        "screen",
+        "ntpdate",
+        "unattended-upgrades",
+        "dnsmasq",
+        "nginx",
+        "iptables",
+        "ipxe",
+        "syslinux-common",
+        "unzip",
+        "nfs-kernel-server",
+        "iptables-persistent"
+      ]
+    state: latest
+  become: true
+  ignore_errors: true
+
+- name: Upgrade all packages to the latest version
+  apt:
+    name: "*"
+    state: latest
+  become: true
+  ignore_errors: true
+
+- name: Configure NTP
+  ini_file:
+    path: /etc/systemd/timesyncd.conf
+    section: Time
+    option: NTP
+    value: pool.ntp.org
+  become: true
+
+- name: sets the timezone
+  timezone:
+    name: "Europe/Rome"
+  become: true
+
+- name: Create storage directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: "0755"
+  with_items:
+    - /srv/pxe/iso
+    - /srv/pxe/mount
+    - /srv/tftp

roles/pxeserver/tasks/dns.yml

@@ -0,0 +1,30 @@
+---
+- name: DNSMASQ dhcp
+  template:
+    src: dnsmasq/dhcp
+    dest: /etc/dnsmasq.d/dhcp
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: dnsmasq_restart
+
+- name: DNSMASQ tftp
+  template:
+    src: dnsmasq/tftp
+    dest: /etc/dnsmasq.d/tftp
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: dnsmasq_restart
+
+- name: DNSMASQ dns
+  template:
+    src: dnsmasq/dns
+    dest: /etc/dnsmasq.d/dns
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: dnsmasq_restart

roles/pxeserver/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+
+- include: common.yml  
+- include: nginx.yml  
+- include: dns.yml
+- include: nfs.yml

roles/pxeserver/tasks/nfs.yml

@@ -0,0 +1,31 @@
+---
+
+- name: NFS rpcmountd options
+  lineinfile:
+    path: /etc/default/nfs-kernel-server
+    regexp: '^RPCMOUNTDOPTS='
+    line: 'RPCMOUNTDOPTS="--manage-gids --port 4047"'
+  become: true
+  notify: nfs_restart
+
+- name: NFS services ports
+  lineinfile:
+    path: /etc/services
+    line: "{{ item }}"
+  with_items:
+    - mountd 4047/tcp
+    - mountd 4047/udp
+    - lockd 4048/tcp
+    - lockd 4048/udp
+  become: true
+  notify: nfs_restart
+
+- name: NFS exports
+  template:
+    src: nfs_exports
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: nfs_reload_exports

roles/pxeserver/tasks/nginx.yml

@@ -0,0 +1,23 @@
+---
+- name: NGINX site config
+  template:
+    src: nginx.conf
+    dest: /etc/nginx/sites-available/pxe
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: nginx_restart
+
+- name: NGINX remove default config
+  ansible.builtin.file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+  notify: nginx_restart
+
+- name: NGINX enable site
+  ansible.builtin.file:
+    src: /etc/nginx/sites-available/pxe
+    dest: /etc/nginx/sites-enabled/pxe
+    state: link
+  notify: nginx_restart