move init out

.gitignore

@@ -61,3 +61,5 @@ typings/
 .next
 
 *.retry
+
+/roles/init

init.yml

 ---
 - hosts: init
   remote_user: root
-  tasks:
-    - name: authorized_key
-      authorized_key:
-        user: "{{ ansible_user_id }}"
-        key: "{{ lookup('file', '../authorized_keys') }}"
-      # when: "ansible_os_family == 'Debian' or ansible_distribution_major_version|int != 8"
-    - name: sudoers
-      become: true
-      lineinfile:
-        path: /etc/sudoers
-        insertafter: 'EOF'
-        line: '{{ ansible_user_id }} ALL=(ALL:ALL) NOPASSWD: ALL'
-        validate: /usr/sbin/visudo -cf %s
-      when: "ansible_user_id != 'root'"
-    - name: timezone
-      become: true
-      timezone:
-        name: Asia/Shanghai
-    - name: disable password access
-      become: true
-      lineinfile:
-        path: /etc/ssh/sshd_config
-        regexp: '^#?PasswordAuthentication (true|yes).*$'
-        line: 'PasswordAuthentication no'
-        backrefs: true
-      when: "(ansible_user_id == 'root' or ansible_user_id == 'nanahira' or ansible_user_id == 'mycard' or ansible_user_id == 'zh99998') and not allow_password is defined" # Only self-managed servers
-      notify: restart_sshd
-    - name: sshd config
-      become: true
-      lineinfile:
-        path: /etc/ssh/sshd_config
-        regexp: '^#?GSSAPIAuthentication (true|yes).*$'
-        line: 'GSSAPIAuthentication no'
-        backrefs: true
-      notify: restart_sshd
-    - name: sshd config
-      become: true
-      lineinfile:
-        path: /etc/ssh/sshd_config
-        regexp: '^#?UseDNS (true|yes).*$'
-        line: 'UseDNS no'
-        backrefs: true
-      notify: restart_sshd
-    - name: swappiness
-      become: true
-      sysctl:
-        name: vm.swappiness
-        value: 1
-        sysctl_set: true
-    - name: net.ipv4.ip_forward
-      become: true
-      sysctl:
-        name: net.ipv4.ip_forward
-        value: 1
-        sysctl_set: true
-    - name: fs.inotify.max_user_watches
-      become: true
-      sysctl:
-        name: fs.inotify.max_user_watches
-        value: 524288
-        sysctl_set: true
-    - name: net.ipv4.conf.all.rp_filter
-      become: true
-      sysctl:
-        name: net.ipv4.conf.all.rp_filter
-        value: 0
-        sysctl_set: true
-    - name: net.ipv4.conf.default.rp_filter
-      become: true
-      sysctl:
-        name: net.ipv4.conf.default.rp_filter
-        value: 0
-        sysctl_set: true
-    - name: TCP BBR
-      become: true
-      sysctl:
-        name: net.core.default_qdisc
-        value: fq
-        sysctl_set: true
-      when: "ansible_os_family == 'Debian' or ansible_distribution_major_version|int > 7"
-    - name: TCP BBR
-      become: true
-      sysctl:
-        name: net.ipv4.tcp_congestion_control
-        value: bbr
-        sysctl_set: true
-      when: "ansible_os_family == 'Debian' or ansible_distribution_major_version|int > 7"
-    - name: limit
-      become: true
-      pam_limits:
-        domain: '{{ ansible_user_id }}'
-        limit_type: '-'
-        limit_item: nofile
-        value: 1048576
-    - name: apt upgrade
-      become: true
-      apt:
-        update_cache: true
-        upgrade: dist
-      when: "ansible_os_family == 'Debian'"
-    - name: yum update
-      become: true
-      yum:
-        name: '*'
-        update_cache: true
-        state: latest
-      when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 7"
-    - name: dnf update
-      become: true
-      dnf:
-        name: '*'
-        #update_cache: true
-        state: latest
-      when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 8"
-    - name: fixup iptables with qemu
-      become: true
-      iptables:
-        chain: FORWARD
-        flush: true
-      when: 'hypervisor is defined'
-    - name: apt
-      become: true
-      apt:
-        update_cache: true
-        state: latest
-        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,build-essential,p7zip-full,xclip,astyle,python-setuptools,python-dev,tcpdump,rsync,htop,locales,mtr,dnsutils,net-tools,traceroute,tar,unzip,iperf,nmap,mosh
-      when: "ansible_os_family == 'Debian'"
-    - name: Ubuntu packages
-      become: true
-      apt:
-        update_cache: true
-        state: latest
-        name: ctags
-      when: "ansible_distribution == 'Ubuntu'"
-    - name: Debian packages
-      become: true
-      apt:
-        update_cache: true
-        state: latest
-        name: universal-ctags
-      when: "ansible_distribution == 'Debian'"
-    - name: apt autoremove
-      become: true
-      apt:
-        autoremove: true
-      when: "ansible_os_family == 'Debian'"
-    - name: epel 7
-      become: true
-      yum:
-        state: latest
-        name: epel-release
-      when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 7"
-    - name: yum
-      become: true
-      yum:
-        state: latest
-        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,ctags,xclip,traceroute,tar,unzip,iperf,nmap,libselinux-python,mosh # astyle
-      when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 7"
-    - name: epel 8
-      become: true
-      dnf:
-        state: latest
-        name: epel-release
-      when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 8"
-    - name: dnf
-      become: true
-      dnf:
-        state: latest
-        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,ctags,astyle,traceroute,tar,unzip,nmap,python3-libselinux,mosh # xclip
-      when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 8"
-    - name: dnf autoremove
-      become: true
-      dnf:
-        autoremove: true
-      when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 8"
-    - name: disable selinux
-      become: true
-      selinux:
-        state: disabled
-      when: "ansible_os_family == 'RedHat'"
-    - name: disable selinux
-      lineinfile:
-        path: /etc/selinux/config
-        regexp: '^SELINUX='
-        line: 'SELINUX=disabled'
-        backrefs: true
-      when: "ansible_os_family == 'RedHat'"
-    - name: vim
-      unarchive:
-        src: https://minio.mycard.moe:9000/nanahira/nanahira-vim.tar.gz
-        dest: '~'
-        creates: '~/.vim'
-        remote_src: true
-    - name: ctags link
-      become: true
-      file:
-        src: /usr/bin/ctags
-        path: /usr/local/bin/ctags
-        state: link
-    - name: git user.email
-      git_config:
-        name: user.email
-        scope: global
-        value: 78877@qq.com
-    - name: git user.name
-      git_config:
-        name: user.name
-        scope: global
-        value: purerosefallen
-    - name: git push.default
-      git_config:
-        name: push.default
-        scope: global
-        value: simple
-    - name: git ssh
-      known_hosts:
-        name: github.com
-        key: "{{ lookup('pipe', 'ssh-keyscan github.com') }}"
-  handlers:
-    - name: restart_sshd
-      become: true
-      systemd:
-        name: sshd
-        state: restarted
+  roles:
+    - init

koishipro2ios.yml

@@ -10,8 +10,4 @@
       synchronize:
         src: /home/nanahira/ygo/koishipro2/koishipro2ios/
         dest: '{{ deploy_path }}'
-        delete: no
-        recursive: true
-        verify_host: no
-        checksum: true
-        archive: no
+        archive: yes

template.yml

@@ -117,7 +117,7 @@
       apt:
         update_cache: true
         state: latest
-        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,build-essential,p7zip-full,tcpdump,rsync,htop,locales,mtr,dnsutils,net-tools,traceroute,tar,unzip,iperf,nmap,dnsutils,open-vm-tools
+        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,build-essential,p7zip-full,tcpdump,rsync,htop,locales,mtr,dnsutils,net-tools,traceroute,tar,unzip,iperf,iperf3,nmap,dnsutils,open-vm-tools
       when: "ansible_os_family == 'Debian'"
     - name: apt autoremove
       become: true
@@ -134,7 +134,7 @@
       become: true
       yum:
         state: latest
-        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,traceroute,tar,unzip,iperf,nmap,libselinux-python,open-vm-tools
+        name: curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,traceroute,tar,unzip,iperf,iperf3,nmap,libselinux-python,open-vm-tools
       when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version|int == 7"
     - name: epel 8
       become: true