From bad6fb7b57a092904a6147cce3a37cc96be3751b Mon Sep 17 00:00:00 2001
From: Opnxng <opnxng@tuta.io>
Date: Sat, 25 Nov 2023 08:10:49 +0800
Subject: [PATCH] Modified ssh role

---
 .gitignore                                    |  2 -
 roles/grub-opnxng/tasks/main.yaml             | 14 +++++
 roles/grub-opnxng/templates/grub.j2           | 10 +++
 .../set-vm-overcommit-memory/tasks/main.yaml  |  5 ++
 roles/ssh/tasks/main.yaml                     |  3 +-
 set-up.yaml                                   | 61 ++++++++++---------
 vars/secrets.example.yaml                     | 11 ++--
 7 files changed, 67 insertions(+), 39 deletions(-)
 mode change 100644 => 100755 .gitignore
 create mode 100644 roles/grub-opnxng/tasks/main.yaml
 create mode 100644 roles/grub-opnxng/templates/grub.j2
 create mode 100644 roles/set-vm-overcommit-memory/tasks/main.yaml

diff --git a/.gitignore b/.gitignore
old mode 100644
new mode 100755
index 9b88bb0..ded84e4
--- a/.gitignore
+++ b/.gitignore
@@ -3,5 +3,3 @@ production
 .hidden
 .vscode
 *.swp
-set-up-control-node.yaml
-roles/ufw-control-node
diff --git a/roles/grub-opnxng/tasks/main.yaml b/roles/grub-opnxng/tasks/main.yaml
new file mode 100644
index 0000000..e2d6441
--- /dev/null
+++ b/roles/grub-opnxng/tasks/main.yaml
@@ -0,0 +1,14 @@
+- name: Set up Grub
+  template:
+    src: "grub.j2"
+    dest: "/etc/default/grub"
+    owner: 0
+    group: 0
+    mode: 0644
+  when: inventory_hostname in groups["oracle"]
+
+- name: System | GRUB | Update GRUB
+  become: true
+  ansible.builtin.command:
+    cmd: update-grub2
+  when: inventory_hostname in groups["oracle"]
diff --git a/roles/grub-opnxng/templates/grub.j2 b/roles/grub-opnxng/templates/grub.j2
new file mode 100644
index 0000000..b129a9b
--- /dev/null
+++ b/roles/grub-opnxng/templates/grub.j2
@@ -0,0 +1,10 @@
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+#   info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="quiet splash fsck.mode=force fsck.repair=yes"
+GRUB_CMDLINE_LINUX=""
diff --git a/roles/set-vm-overcommit-memory/tasks/main.yaml b/roles/set-vm-overcommit-memory/tasks/main.yaml
new file mode 100644
index 0000000..96a0407
--- /dev/null
+++ b/roles/set-vm-overcommit-memory/tasks/main.yaml
@@ -0,0 +1,5 @@
+- name: Add vm.overcommit_memory to sysctl.conf
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'vm.overcommit_memory=1'
+    insertafter: EOF  # Add the line at the end of the file
diff --git a/roles/ssh/tasks/main.yaml b/roles/ssh/tasks/main.yaml
index a138435..06ac7d8 100644
--- a/roles/ssh/tasks/main.yaml
+++ b/roles/ssh/tasks/main.yaml
@@ -11,6 +11,7 @@
 - name: Restart SSH service
   systemd:
     name: sshd
+    enabled: true
     state: restarted
 
 # ----------------------------------------------------------------------------------------------------------------
@@ -32,4 +33,4 @@
     group: "1000"
 
 # stat -c "%a %n" .ssh/*
-# ls -al .ssh
\ No newline at end of file
+# ls -al .ssh
diff --git a/set-up.yaml b/set-up.yaml
index a99081a..ee964c6 100644
--- a/set-up.yaml
+++ b/set-up.yaml
@@ -9,41 +9,44 @@
 # ----------------------------------------------------------------------------------------------------
 
   pre_tasks:
-    - name: Install packages
-      apt:
-        name:
-          - iputils-ping
-          - cron
-          - fzf
-          - git
-          - curl
-          - zip
-          - unzip
-          - trash-cli
-        state: latest
-        install_recommends: false
-        update_cache: true
-        autoclean: true
-        autoremove: true
+#    - name: Install packages
+#      apt:
+#        name:
+#          - iputils-ping
+#          - cron
+#          - fzf
+#          - git
+#          - curl
+#          - zip
+#          - unzip
+#          - trash-cli
+#        state: latest
+#        install_recommends: false
+#        update_cache: true
+#        autoclean: true
+#        autoremove: true
 
     - name: Touch .hushlogin
       file:
         path: "/home/{{ user }}/.hushlogin"
         state: touch
+
 # ----------------------------------------------------------------------------------------------------
 
   roles:
-    - neovim
-    - disable-root
-    - timezone
-    - chrony
-    - hostname
-    - systemd-resolved
-    - sources-list
-    - ssh
-    - ufw-opnxng
-    - fail2ban
-    - unattended-upgrades
-    - nfs-opnxng
-    - docker
+    - grub-opnxng
+#    - neovim
+#    - disable-root
+#    - timezone
+#    - chrony
+#    - hostname
+#    - systemd-resolved
+#    - sources-list
+#    - ssh
+#    - ufw-opnxng
+#    - fail2ban
+#    - unattended-upgrades
+#    - nfs-opnxng
+#    - docker
+#    - set-vm-overcommit-memory
     #- docker-buildx
diff --git a/vars/secrets.example.yaml b/vars/secrets.example.yaml
index 65f5ca8..fdb0059 100644
--- a/vars/secrets.example.yaml
+++ b/vars/secrets.example.yaml
@@ -1,9 +1,6 @@
-user:
-ssh_port:
-docker_dir:
-
-oracle_ipv4_cidr_block:
-
 wireguard_mesh_subnet:
 wireguard_mesh_control_host:
-wireguard_port:
\ No newline at end of file
+oracle_ipv4_cidr_block:
+user:
+ssh_port:
+wireguard_port: