roles/common: Add firewall task for Alpine

roles/common/tasks/firewall_Alpine.yml

@@ -0,0 +1,15 @@
+---
+# TODO: configure awall (ipsets?)
+# TODO: configure fail2ban
+
+- block:
+  - name: Set Alpine firewall packages
+    set_fact:
+      alpine_firewall_packages:
+        - awall
+        - fail2ban
+
+  - name: Install Alpine firewall packages
+    apk: name={{ alpine_firewall_packages }} state=present
+
+# vim: set sw=2 ts=2:

roles/common/tasks/main.yml

@@ -17,6 +17,11 @@
   when: ansible_distribution == 'Ubuntu'
   tags: packages
 
+- name: Install common packages
+  include_tasks: packages_Alpine.yml
+  when: ansible_distribution == 'Alpine'
+  tags: packages
+
 - name: Configure firewall
   include_tasks: firewall_Debian.yml
   when: ansible_distribution == 'Debian'

roles/common/tasks/ntp.yml

@@ -1,6 +1,7 @@
 ---
 # Hosts running Ubuntu 16.04+ and Debian 9+ use systemd init system and should
 # use timedatectl as a network time client instead of the standalone ntp client.
+# Alpine can use chrony.
 
 - name: Set timezone
   when: timezone is defined and ansible_service_mgr == 'systemd'
@@ -15,4 +16,8 @@
   apt: name=ntp state=absent update_cache=yes
   when: ansible_service_mgr == 'systemd'
 
+- name: Install chronyd on Alpine
+  apt: name=chrony state=present
+  when: ansible_distribution == 'Alpine'
+
 # vim: set ts=2 sw=2:

roles/common/tasks/packages_Alpine.yml

@@ -0,0 +1,28 @@
+---
+# requires: ansible-galaxy collection install community.general
+# TODO: configure tarsnap
+
+- block:
+  - name: Upgrade base OS
+    apk: upgrade=yes update_cache=yes
+
+  - name: Set Alpine base packages
+    set_fact:
+      alpine_base_packages:
+      - git
+      - tmux
+      - htop
+      - strace
+      - mosh
+      - vim
+      - unzip
+      - zstd
+
+  - name: Install Alpine base packages
+    apk: name={{ alpine_base_packages }} state=present update_cache=yes
+
+  #- name: Install tarsnap
+  #  import_tasks: tarsnap.yml
+  tags: packages
+
+# vim: set sw=2 ts=2:

roles/common/tasks/tarsnap.yml

@@ -5,7 +5,7 @@
   when: ansible_architecture != 'armv7l'
 
 - name: Add GPG key for Tarsnap
-  apt_key: id=0xBF75EEAB040E447C url=https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc state=present
+  apt_key: id=0xFC72A10BF6B692AA url=https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc state=present
   register: add_tarsnap_apt_key
 
 - name: Update apt cache

roles/mariadb/tasks/main.yml

@@ -34,8 +34,10 @@
 - name: Update MariaDB root password for all root accounts
   mysql_user: name=root host={{ item }} password={{ mariadb_root_password }} login_unix_socket={{ mariadb_login_unix_socket }}
   loop:
+    - "{{ inventory_hostname }}"
     - 127.0.0.1
     - ::1
+    - localhost
   tags: mariadb
 
 - name: Create .my.conf file with root credentials

vars/Alpine.yml

@@ -0,0 +1,10 @@
+---
+
+# sshd service name is `ssh` on Debian/Ubuntu, but it's
+# `sshd` on CentOS and Alpine
+sshd_service_name: sshd
+
+# provisioning user vars
+provisioning_user: { name: 'provisioning', home: '/home/provisioning' }
+
+# vim: set ts=2 sw=2: