init.yaml

---
- hosts: mycard
  remote_user: root
  tasks:
  
    # ssh 密钥
    - name: SSH 授权
      authorized_key:
        user: root
        key: "{{ lookup('file', 'authorized_keys') }}"
    - name: SSH 私钥
      copy:
        src: ~/.ssh/id_rsa
        dest: /root/.ssh/id_rsa
        mode: 0600

    # 主机名
    - name: 主机名
      hostname:
        name: "{{ inventory_hostname_short }}"
    - name: 主机 hosts
      lineinfile:
        dest: /etc/hosts
        regexp: "^{{ ansible_default_ipv4.address }}"
        line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }} {{ inventory_hostname_short }}"

    # 系统源与软件包
    - name: clean 阿里云
      shell: |
        curl -L http://update.aegis.aliyun.com/download/uninstall.sh | bash
        systemctl stop aliyun.service
        systemctl disable aliyun.service
        rm -rf /usr/local/aegis /etc/init.d/agentwatch /etc/systemd/system/aliyun.service /usr/sbin/aliyun-service /usr/sbin/aliyun-service.backup /usr/sbin/aliyun_installer
        systemctl daemon-reload
      args:
        removes: /usr/local/aegis
    - name: clean 阿里云 2
      shell: |
        /usr/local/cloudmonitor/CmsGoAgent.linux-amd64 stop
        /usr/local/cloudmonitor/CmsGoAgent.linux-amd64 uninstall
        rm -rf /usr/local/cloudmonitor
      args:
        removes: /usr/local/cloudmonitor
    - name: clean qemu
      apt:
        name: qemu-guest-agent
        state: absent
        autoremove: yes
        purge: yes
    - name: 系统源 (Debian)
      copy:
        content: |
          deb http://deb.debian.org/debian buster main
          deb http://deb.debian.org/debian buster-updates main
          deb http://security.debian.org/debian-security buster/updates main
        dest: /etc/apt/sources.list
      when: ansible_distribution == 'Debian'
    - name: 系统源 (Ubuntu)    
      copy:
        content: |
          deb http://archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted universe multiverse
          deb http://archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-security main restricted universe multiverse
          deb http://archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates main restricted universe multiverse
        dest: /etc/apt/sources.list
      when: ansible_distribution == 'Ubuntu'
    - name: 系统源 更新
      apt:
        upgrade: dist
        update_cache: yes
    - name: open-vm-tools
      apt:
        name: open-vm-tools
        state: latest
      when: ansible_os_family == "Debian" and ansible_virtualization_type == "VMware"
    - name: 系统源 重启
      shell: reboot
      async: 0
      poll: 0
      register: reboot
      args:
        removes: /var/run/reboot-required
    - name: 系统源 重启等待
      local_action: wait_for host={{ ansible_ssh_host }} state=started
      when: reboot.changed
    - name: 重新读取主机信息
      setup:
      when: reboot.changed
    - name: TCP 优化 队列策略
      sysctl:
        name: net.core.default_qdisc
        value: fq
        sysctl_set: yes
    - name: TCP 优化 拥塞策略
      sysctl:
        name: net.ipv4.tcp_congestion_control
        value: bbr
        sysctl_set: yes
    - name: limit
      pam_limits:
        domain: 'root'
        limit_type: '-'
        limit_item: nofile
        value: 1048576

    # Docker
    - name: Docker 源公钥
      apt_key:
        url: https://download.docker.com/linux/debian/gpg
    - name: Docker 源
      apt_repository:
        repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} stable
        filename: docker
    - name: 安装软件包
      apt:
        name: docker-ce,python-backports-shutil-get-terminal-size,python-backports.ssl-match-hostname,python-pip,mosh,byobu,curl,wget,htop,iftop,iotop,vim,git,subversion,tcpdump,locales,nfs-common,dnsutils,fish,haveged,mtr,rsync
        state: latest
        autoremove: yes

    # locale，装这个是因为 mosh 会尝试按客户机语言去请求，如果服务器不支持对应语言可能会失败
    - name: 终端环境 字符编码
      locale_gen:
        name: en_US.UTF-8
    - name: 终端环境 字符编码
      locale_gen:
        name: zh_CN.UTF-8

    # fish 和 byobu
    - name: 终端环境 fish
      user:
        name: root
        shell: /usr/bin/fish
    - name: 终端环境 fish omf
      shell: curl -L http://get.oh-my.fish | fish
      environment:
        NONINTERACTIVE: true
        ASSUME_YES: true
      args:
        creates: /root/.local/share/omf
    - name: 终端环境 fish robbyrussell
      shell: omf install robbyrussell
      args:
        executable: /usr/bin/fish
        creates: /root/.local/share/omf/themes/robbyrussell
    - name: 终端环境 fish 自动填充
      file:
        name: /root/.config/fish/completions
        state: directory
    - name: 终端环境 fish 自动填充 docker
      copy:
        src: /usr/share/fish/vendor_completions.d/docker.fish
        dest: /root/.config/fish/completions/docker.fish
        remote_src: yes
    # - name: 终端环境 zsh
    #   user:
    #     name: root
    #     shell: /usr/bin/zsh
    # - name: 终端环境 zshrc
    #   copy:
    #     content: |
    #       # Set up the prompt

    #       autoload -Uz promptinit
    #       promptinit
    #       prompt redhat

    #       setopt histignorealldups sharehistory

    #       # Use emacs keybindings even if our EDITOR is set to vi
    #       bindkey -e

    #       # Keep 1000 lines of history within the shell and save it to ~/.zsh_history:
    #       HISTSIZE=1000
    #       SAVEHIST=1000
    #       HISTFILE=~/.zsh_history

    #       # Use modern completion system
    #       autoload -Uz compinit
    #       compinit

    #       zstyle ':completion:*' auto-description 'specify: %d'
    #       zstyle ':completion:*' completer _expand _complete _correct _approximate
    #       zstyle ':completion:*' format 'Completing %d'
    #       zstyle ':completion:*' group-name ''
    #       zstyle ':completion:*' menu select=2
    #       eval "$(dircolors -b)"
    #       zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
    #       zstyle ':completion:*' list-colors ''
    #       zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
    #       zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
    #       zstyle ':completion:*' menu select=long
    #       zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
    #       zstyle ':completion:*' use-compctl false
    #       zstyle ':completion:*' verbose true

    #       zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
    #       zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'

    #       source /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh
    #       source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
    #     dest: /root/.zshrc
    - name: 终端环境 byobu status
      lineinfile:
        name: /usr/share/byobu/status/status
        line: 'tmux_right="#network #disk_io #custom #entropy raid reboot_required updates_available #apport #services #mail #users uptime #ec2_cost #rcs_cost #fan_speed #cpu_temp #battery #wifi_quality #processes load_average cpu_count cpu_freq memory #swap disk #whoami hostname #ip_address #time_utc #date #time"'
        regexp: ^tmux_right=
    - name: 终端环境 byobu enable
      shell: byobu-enable
      args:
        creates: /root/.hushlogin
    - name: 终端环境 byobu ctrl-a
      command: byobu-ctrl-a emacs
      args:
        creates: /root/.byobu/keybindings.tmux
    # vim
    - name: vim-editorconfig
      git:
        repo: https://github.com/editorconfig/editorconfig-vim.git
        dest: /root/.vim/pack/editorconfig/start/editorconfig
        depth: 1
    - name: vim-xterm-bracketed-paste-directory
      file: 
        path: /root/.vim/pack/xterm-bracketed-paste/start/xterm-bracketed-paste/plugin
        state: directory
    - name: vim-xterm-bracketed-paste
      copy:
        content: |
          " bracketed paste mode support for tmux
          if &term =~ '^screen\|^tmux' && exists('&t_BE')
            let &t_BE = "\033[?2004h"
            let &t_BD = "\033[?2004l"
            " t_PS and t_PE are key code options and they are special
            exec "set t_PS=" . "\033[200~"
            exec "set t_PE=" . "\033[201~"
          endif
        dest: /root/.vim/pack/xterm-bracketed-paste/start/xterm-bracketed-paste/plugin/xterm-bracketed-paste.vim
    - name: vim-modeline-directory
      file: 
        path: /root/.vim/pack/modeline/start/modeline/plugin
        state: directory
    - name: vim-modeline
      copy:
        content: set modeline
        dest: /root/.vim/pack/modeline/start/modeline/plugin/modeline.vim
    - name: vim-nginx
      subversion:
        repo: https://github.com/nginx/nginx/trunk/contrib/vim
        dest: /root/.vim/pack/nginx/start/nginx
    # git 相关配置
    - name: git user.email
      git_config:
        name: user.email
        scope: global
        value: zh99998@gmail.com
    - name: git user.name
      git_config:
        name: user.name
        scope: global
        value: zh99998
    - name: git push.default
      git_config:
        name: push.default
        scope: global
        value: simple
    - name: git ssh
      known_hosts:
        name: github.com
        key: "{{ lookup('pipe', 'ssh-keyscan github.com') }}"

    # docker-compose，删除这两个路径是因为阿里云初始配置中做了多余的事情导致python加载路径不对了
    - name: docker-compose 清理 pip
      file:
        path: /root/.pip
        state: absent
    - name: docker-compose 清理 easy install
      file:
        path: /usr/local/lib/python2.7/dist-packages/easy-install.pth
        state: absent
    - name: docker-compose pip
      pip:
        name: pip
        state: latest
    - name: docker-compose    
      pip:
        name: docker-compose
        state: latest

    # docker 服务配置
    - name: docker 配置 创建目录
      file:
        name: /etc/docker
        state: directory
    - name: docker 配置
      copy:
        content: |
          {
            "live-restore": true
          }
        dest: /etc/docker/daemon.json
    - name: docker 启动
      systemd:
        name: docker
        enabled: yes
        state: started
      when: ansible_virtualization_type != 'docker'