trixie/edubox.yml

---
## This playbook deploys a series of minimal systemd-nspawn containers
## for educational use on a host, for example to learn ansible!
## All containers use an apt cache on the host system and forward port
## 22 (ssh), 80 (http) and 443 (https) to ports >= 10000, 10100 and 10200
## respectively.  A user 'ansi' in the 'sudo' group is prepared,
## either with empty password or an initial password to be set below.
##
## Modifications of the initial containers are kept in an overlay
## directory next to the container images in '/var/lib/machines/'.
## This allows to visit and compare the work of students on the host.
## To manage the containers after installation, run the playbook with
## one of the the following tags:
##
##    --tags=start    start all containers
##    --tags=stop     stop all containers
##    --tags=reset    reset all containers to the initial image
##    --tags=purge    purge all containers
##    --tags=setup    purge all containers and setup again
##

- name: apply configuration to the edubox
  hosts: all # eduboxes
  remote_user: ansible
  become: yes
  vars:
    contname: cont
    ## User name for the user in the container:
    contuser: ansi
    ## Password for the user 'ansible' in the container,
    ## leave empty to log in without password:
    contpwd: ""
    ## Adjust the number of containers here:
    containers: "{{ range(0, 9 + 1) | list }}"
    ## Additional packages to be installed in the container:
    cont_packages_extra:
      - bind9-dnsutils
      - file
      - locales
      - xz-utils
      - lsof
      - wget
      - bind9-host
      - libc-l10n
      - traceroute
      - bzip2
      - netcat-traditional
      - telnet

  pre_tasks:
    - name: install apt-cacher-ng
      apt:
        name: apt-cacher-ng
        state: latest

    - name: enable apt-cacher-ng
      lineinfile:
        path: /etc/apt/apt.conf.d/30proxy
        line: 'Acquire::http::Proxy "http://localhost:3142/";'
        create: yes

    - name: enable and start systemd-networkd on the host
      systemd:
        name: systemd-networkd
        state: started
        enabled: yes

  roles:
    - up2date-debian
    - educontainer
Provide playbook and role to deploy containers. The containers are deployed for educational purposes with user 'ansible' in the sudo group and an empty password. SSH login is available via ports 10000 upwards on the host. Port 80 is forwarded as well (ssh port + 100). The container's rootfs is read only with an overlay: After restart of the container, modifications are lost. 2021-11-10 17:01:56 +01:00			`---`
Add some documentation. 2021-11-12 16:46:41 +01:00			`## This playbook deploys a series of minimal systemd-nspawn containers`
			`## for educational use on a host, for example to learn ansible!`
			`## All containers use an apt cache on the host system and forward port`
			`## 22 (ssh), 80 (http) and 443 (https) to ports >= 10000, 10100 and 10200`
Split container package list. 2021-11-20 14:38:22 +01:00			`## respectively. A user 'ansi' in the 'sudo' group is prepared,`
Add some documentation. 2021-11-12 16:46:41 +01:00			`## either with empty password or an initial password to be set below.`
			`##`
			`## Modifications of the initial containers are kept in an overlay`
			`## directory next to the container images in '/var/lib/machines/'.`
			`## This allows to visit and compare the work of students on the host.`
			`## To manage the containers after installation, run the playbook with`
			`## one of the the following tags:`
			`##`
			`## --tags=start start all containers`
			`## --tags=stop stop all containers`
			`## --tags=reset reset all containers to the initial image`
			`## --tags=purge purge all containers`
Implement 'setup'-tag to re-setup the containers. 2021-11-20 17:00:19 +01:00			`## --tags=setup purge all containers and setup again`
Add some documentation. 2021-11-12 16:46:41 +01:00			`##`
Provide playbook and role to deploy containers. The containers are deployed for educational purposes with user 'ansible' in the sudo group and an empty password. SSH login is available via ports 10000 upwards on the host. Port 80 is forwarded as well (ssh port + 100). The container's rootfs is read only with an overlay: After restart of the container, modifications are lost. 2021-11-10 17:01:56 +01:00
			`- name: apply configuration to the edubox`
			`hosts: all # eduboxes`
			`remote_user: ansible`
			`become: yes`
			`vars:`
			`contname: cont`
Username variable. 2021-11-18 20:22:00 +01:00			`## User name for the user in the container:`
			`contuser: ansi`
Optional non-empty passwords for the container user. 2021-11-12 15:29:39 +01:00			`## Password for the user 'ansible' in the container,`
			`## leave empty to log in without password:`
			`contpwd: ""`
Add some documentation. 2021-11-12 16:46:41 +01:00			`## Adjust the number of containers here:`
Provide playbook and role to deploy containers. The containers are deployed for educational purposes with user 'ansible' in the sudo group and an empty password. SSH login is available via ports 10000 upwards on the host. Port 80 is forwarded as well (ssh port + 100). The container's rootfs is read only with an overlay: After restart of the container, modifications are lost. 2021-11-10 17:01:56 +01:00			`containers: "{{ range(0, 9 + 1) \| list }}"`
Split container package list. 2021-11-20 14:38:22 +01:00			`## Additional packages to be installed in the container:`
			`cont_packages_extra:`
			`- bind9-dnsutils`
			`- file`
			`- locales`
			`- xz-utils`
			`- lsof`
			`- wget`
			`- bind9-host`
			`- libc-l10n`
			`- traceroute`
			`- bzip2`
			`- netcat-traditional`
			`- telnet`
Provide playbook and role to deploy containers. The containers are deployed for educational purposes with user 'ansible' in the sudo group and an empty password. SSH login is available via ports 10000 upwards on the host. Port 80 is forwarded as well (ssh port + 100). The container's rootfs is read only with an overlay: After restart of the container, modifications are lost. 2021-11-10 17:01:56 +01:00
Prepare the host in pre_tasks. 2021-11-12 11:07:07 +01:00			`pre_tasks:`
Make sure stuff exists when needed. 2021-11-16 20:39:23 +01:00			`- name: install apt-cacher-ng`
			`apt:`
			`name: apt-cacher-ng`
			`state: latest`

Prepare the host in pre_tasks. 2021-11-12 11:07:07 +01:00			`- name: enable apt-cacher-ng`
			`lineinfile:`
			`path: /etc/apt/apt.conf.d/30proxy`
			`line: 'Acquire::http::Proxy "http://localhost:3142/";'`
			`create: yes`

			`- name: enable and start systemd-networkd on the host`
			`systemd:`
			`name: systemd-networkd`
			`state: started`
			`enabled: yes`

Provide playbook and role to deploy containers. The containers are deployed for educational purposes with user 'ansible' in the sudo group and an empty password. SSH login is available via ports 10000 upwards on the host. Port 80 is forwarded as well (ssh port + 100). The container's rootfs is read only with an overlay: After restart of the container, modifications are lost. 2021-11-10 17:01:56 +01:00			`roles:`
			`- up2date-debian`
			`- educontainer`