Did tweaks for a new host, added a publickey for my ipad added an update play, made a couple of scripts, because I am too forgetful to remember the full command. Other stuff too, but I kinda forget all of it.

collections/ansible_collections/adhdgirl/minilab/roles/common/files/users/annika/ipad.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICzoAgo72d79TekVgwi8ipSRQ+Ol1frmSC46cesmGiOT annika@ipad.local.cobb.lgbt

collections/ansible_collections/adhdgirl/minilab/roles/common/tasks/users.yaml

@@ -8,9 +8,6 @@
     name: "{{ user_name }}"
   check_mode: true
   register: user_exists
-# - name: Debug user_exists
-#   ansible.builtin.debug:
-#     msg: "user_exists: {{ user_exists }}"
 - name: Ensure group exists
   tags: groups,users
   ansible.builtin.group:

collections/ansible_collections/adhdgirl/minilab/roles/postgresql/handlers/main.yaml

@@ -0,0 +1,5 @@
+---
+- name: Restart Postgres
+  ansible.builtin.service:
+    name: postgresql
+    state: restarted

collections/ansible_collections/adhdgirl/minilab/roles/postgresql/tasks/main.yaml

@@ -0,0 +1,76 @@
+---
+- name: Load distro-specific variables
+  ansible.builtin.include_vars: '{{ item }}'
+  tags: always
+  with_first_found:
+    - files:
+        - "{{ ansible_distribution }}.yaml"
+      skip: true
+
+- name: Configure Postgress
+  block:
+    - name: Ensure dependencies are installed
+      tags: alpine,postgres,software
+      community.general.apk:
+        name: "{{ item }}"
+        state: present
+      loop:
+        - postgresql16
+        - postgresql16-contrib
+        - postgresqu16-openrc
+      when: ansible_distribution == 'Alpine'
+    - name: Ensure Postgres is started and scheduled to autostart at boot
+      tags: alpine,postgres,software
+      ansible.builtin.service:
+        name: postgresql
+        state: started
+        enabled: true
+      when: ansible_distribution == 'Alpine'
+    - name: Ensure an administrative user is available
+      tags: postgres,software
+      community.general.postgresql_user:
+        name: "{{ postgresql_root_user }}"
+        password: "{{ postgresql_root_password }}"
+    - name: Ensure administrative user has proper permissions
+      community.general.postgresql_membership:
+        group: pg_read_all_data
+        target_role: {{ postgresql_root_user }}
+        state: present
+    - name: Allow hosts on internal network to access the database
+      community.general.postgresql_set:
+        name: listen_address
+        value: '10.69.0.0/16'
+      notify: Restart Postgres
+    - name: Allow hosts on internal network to access the database
+      community.general.postgresql_pg_hba:
+        dest: /etc/postgresql16/pg_hba.conf
+        contype: host
+        databases: all
+        users: all
+        source: 10.69.0.0/16
+        method: md5
+        comment: Allow local network devices to access the database
+      notify: Restart Postgres
+    - name: Ensure databases exist
+      community.general.postgresql_db:
+        name: "{{ item.dbname }}"
+      loop: "{{ postgresql_databases }}"
+    - name: Ensure users exist
+      community.general.postgresql_user:
+        name: "{{ item.owner }}"
+        password: "{{ item.pass }}"
+        state: present
+      loop: "{{ postgresql_databases }}"
+    - name: Ensure users have permissions on their databases
+      community.general.postgresql_privs:
+        login_db: "{{ item.dbname }}"
+        state: present
+        privs: ALL
+        type: database
+        obj: "{{ item.dbname }}"
+        role: "{{ item.owner }}"
+
+  rescue:
+    - name: Set that this task failed
+      ansible.builtin.set_fact:
+        task_failed: true

collections/ansible_collections/adhdgirl/minilab/roles/postgresql/vars/main.yaml

@@ -0,0 +1,33 @@
+---
+postgresql_root_user: root
+postgresql_root_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  37336232396462636138336531396132623361353165646531316335626264353637346361326435
+  3961633935393537613562663831363062626633356238610a633034653361656135636261363834
+  39343939343464626230653637313863333630333934653032376638653732393366323361623538
+  6662313435393830380a663633666163363765376632383965313631313137313065376233636536
+  66363962623532383239613335373764666433313637633761356163636238626166383964336538
+  6233323062333134393930353264616537396430363262626462
+postgresql_databases:
+  - dbname: 'testDB'
+    owner: 'annika'
+    pass: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      37336232396462636138336531396132623361353165646531316335626264353637346361326435
+      3961633935393537613562663831363062626633356238610a633034653361656135636261363834
+      39343939343464626230653637313863333630333934653032376638653732393366323361623538
+      6662313435393830380a663633666163363765376632383965313631313137313065376233636536
+      66363962623532383239613335373764666433313637633761356163636238626166383964336538
+      6233323062333134393930353264616537396430363262626462
+  - dbname: 'wikijs'
+    owner: 'wikijs'
+    pass: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      37666465396562613630663764393630623037653664333731376466373661363538353435626439
+      3034663166383836303136333933386164656632383363320a626130333262376337316132626339
+      65656465643563353637346565626562356537366138646232326236333362343533376630333336
+      6536663433623435390a633235313632383136393534633663646633386630363132366331663732
+      34373962666339333534363932303933663236386232363236636232323465636162363631363236
+      3432346330333864303033616430383461616235613461366361
+
+# code: language=ansible

doit

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+clear
+echo "" > ansible.log
+/workspace/dev/ansible/minilab/.venv/bin/ansible-playbook --vault-password-file vault-password.txt minilab.yaml $@

inventory/host_vars/ida.yaml

@@ -0,0 +1,2 @@
+---
+server_name: ida

inventory/hosts.yaml

@@ -13,18 +13,21 @@ all:
       ansible_host: 10.69.10.53
     reir:
       ansible_host: 10.69.10.54
-    trady:
+    trady:  
-      ansible_host: 10.69.11.5
+      ansible_host: 10.69.11.11
     stephanie:
       ansible_host: 10.69.11.51
     nemetona:
       ansible_host: 10.69.11.52
+    ida:
+      ansible_host: 10.69.11.53
   children:
     alpine:
       hosts:
         adguard:
         stephanie:
         nemetona:
+        ida:
     debian:
       hosts:
         maxim:

update

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+clear
+echo "" > ansible.log
+/workspace/dev/ansible/minilab/.venv/bin/ansible-playbook update.yaml $@

update.yaml

@@ -0,0 +1,72 @@
+---
+- name: Update and reboot all hosts
+  hosts: all, !stephanie
+  gather_facts: true
+  become: true
+
+  tasks:
+    - name: Perform a dist-upgrade.
+      ansible.builtin.apt:
+        upgrade: dist
+        update_cache: true
+      when: ansible_distribution in debian_derivatives
+    # This is equivalent to: apk update && apk upgrade
+    - name: Update cache and upgrade packages
+      community.general.apk:
+        upgrade: true
+        update_cache: true
+      when: ansible_distribution == "Alpine"
+
+    - name: Check if a reboot is required.
+      ansible.builtin.stat:
+        path: /var/run/reboot-required
+        get_checksum: true
+      register: reboot_required_file
+    # Set a variable for the currently *installed* linux-lts package version.
+    # Importantly, the shell command reformats the package version string using
+    # awk and sed into a string that we can match against what will be reported
+    # by `uname -r`.
+    #
+    # I am no awk or sed expert and perhaps my abomination is overly verbose, but
+    # it works and I can understand it. Longer awk/sed programs tend to confuse me.
+    - name: Register installed linux-lts kernel version
+      register: installed_kernel_version
+      ansible.builtin.shell: |
+        set -o pipefail
+        apk list linux-lts --installed | awk '{ print $1 }' | sed 's/linux-lts-//' | sed 's/-r/\n/g' | awk '{printf("%s-",$0)}' | awk '{printf("%slts", $0)}'
+      changed_when: installed_kernel_version != ""
+      when: ansible_distribution == "Alpine"
+    # Set a variable for the currently *running* linux-lts kernel version. We use
+    # sed to strip off the arch.
+    - name: Register running linux-lts kernel version
+      register: running_kernel_version
+      ansible.builtin.shell: |
+        set -o pipefail
+        uname -r | sed 's/-ARCH//'
+      changed_when: running_kernel_version != ""
+      when: ansible_distribution == "Alpine"
+    # This is debugging output to tell us when the installed kernel version doesn't
+    # match the running kernel version. The real magic happens in the following task.
+    - name: Check installed_kernel_version != running_kernel_version = ???
+      ansible.builtin.debug:
+        msg: "{{ installed_kernel_version.stdout }} !=
+          {{ running_kernel_version.stdout }} =
+          {{ installed_kernel_version.stdout != running_kernel_version.stdout }}"
+      when: ansible_distribution == "Alpine"
+    # Now compare installed_kernel_version with running_kernel_version. When they
+    # don't match, this means that we need to reboot. This is not a very sophisticated
+    # heuristic, but it works.
+    - name: Reboot if the running kernel version is not the installed kernel version
+      ansible.builtin.reboot:
+        reboot_timeout: 30 # These are very simple Alpine servers. They should boot extremely fast.
+      when: (ansible_distribution == "Alpine") and (installed_kernel_version.stdout != running_kernel_version.stdout)
+
+
+    - name: Reboot the server (if required).
+      ansible.builtin.reboot:
+      when: reboot_required_file.stat.exists
+
+    - name: Remove dependencies that are no longer required.
+      ansible.builtin.apt:
+        autoremove: true
+      when: ansible_distribution in debian_derivatives