diff --git a/galaxy.yml b/galaxy.yml index b060cf1..2bf5d34 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -2,9 +2,12 @@ namespace: uumas name: general +description: General roles version: 0.5.10 readme: README.md authors: - uumas license_file: 'LICENSE' repository: 'https://git.uumas.fi/uumas/ansible-general' +tags: + - linux diff --git a/meta/runtime.yml b/meta/runtime.yml index 93977f9..63340fb 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,4 +1,3 @@ --- requires_ansible: ">=2.10" - diff --git a/roles/apt_repository/tasks/main.yml b/roles/apt_repository/tasks/main.yml index eb84cc7..047b78d 100644 --- a/roles/apt_repository/tasks/main.yml +++ b/roles/apt_repository/tasks/main.yml @@ -23,9 +23,10 @@ state: directory mode: "0755" -- name: Remove legacy {{ repo_name }} repo +- name: Remove legacy repo {{ repo_name }} ansible.builtin.apt_repository: - repo: "deb {{ '[' + repo_options | join(' ') + '] ' if repo_options | length > 0 else '' }}{{ repo_url }} {{ repo_suite }} {{ repo_components | join(' ') }}" + repo: > + deb {{ '[' + repo_options | join(' ') + '] ' if repo_options | length > 0 else '' }}{{ repo_url }} {{ repo_suite }} {{ repo_components | join(' ') }} filename: "{{ repo_name }}" state: absent diff --git a/roles/caddy/handlers/main.yml b/roles/caddy/handlers/main.yml index 10b1181..c558b16 100644 --- a/roles/caddy/handlers/main.yml +++ b/roles/caddy/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: reload caddy - systemd: +- name: Reload caddy + ansible.builtin.systemd: name: caddy state: reloaded diff --git a/roles/caddy/tasks/main.yml b/roles/caddy/tasks/main.yml index 01926f3..cb8b85e 100644 --- a/roles/caddy/tasks/main.yml +++ b/roles/caddy/tasks/main.yml @@ -12,11 +12,11 @@ - main - name: Install caddy - apt: + ansible.builtin.apt: name: caddy - name: Remove default settings from caddyfile - blockinfile: + ansible.builtin.blockinfile: path: /etc/caddy/Caddyfile marker: "{mark}" marker_begin: ':80 {' @@ -26,7 +26,7 @@ backup: true - name: Put caddy general config in place - blockinfile: + ansible.builtin.blockinfile: path: /etc/caddy/Caddyfile marker: "# {mark} ANSIBLE MANAGED BLOCK general" block: | @@ -35,4 +35,4 @@ } validate: 'caddy validate --config %s --adapter caddyfile' backup: true - notify: reload caddy + notify: Reload caddy diff --git a/roles/locale/defaults/main.yml b/roles/locale/defaults/main.yml index dc03799..0a36146 100644 --- a/roles/locale/defaults/main.yml +++ b/roles/locale/defaults/main.yml @@ -3,7 +3,7 @@ gen_locales: - en_US.UTF-8 - en_GB.UTF-8 - + lang: en_US.UTF-8 lc_messages: "{{ lang }}" language: "en_US:en" diff --git a/roles/locale/tasks/main.yml b/roles/locale/tasks/main.yml index 9d71900..73af3f9 100644 --- a/roles/locale/tasks/main.yml +++ b/roles/locale/tasks/main.yml @@ -1,20 +1,20 @@ --- -- name: Include variables for {{ ansible_os_family }} family - include_vars: "{{ ansible_os_family }}.yml" +- name: Include variables for os family {{ ansible_os_family }} + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" - name: Install locales package - package: + ansible.builtin.package: name: "{{ locale_package }}" when: locale_package is defined - name: Generate locales - locale_gen: + community.general.locale_gen: name: "{{ item }}" loop: "{{ gen_locales }}" - name: Put default locale config in place - template: + ansible.builtin.template: src: locale.j2 dest: "{{ locale_config }}" - mode: 0644 + mode: '0644' diff --git a/roles/packages/tasks/apt.yml b/roles/packages/tasks/apt.yml index 196e662..26bc284 100644 --- a/roles/packages/tasks/apt.yml +++ b/roles/packages/tasks/apt.yml @@ -1,20 +1,21 @@ --- - name: Ensure packages defined in install_packages are installed - apt: + ansible.builtin.apt: name: "{{ install_packages }}" state: present update_cache: true -- block: +- name: Ensure packages defined in backports_packages are installed + when: backports_packages is defined + block: - name: Enable backports - apt_repository: + ansible.builtin.apt_repository: repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main" filename: backports - name: Install backports packages - apt: + ansible.builtin.apt: name: "{{ backports_packages }}" state: present default_release: "{{ ansible_distribution_release }}-backports" - when: backports_packages is defined diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml index 63cbfbb..5f8171d 100644 --- a/roles/packages/tasks/main.yml +++ b/roles/packages/tasks/main.yml @@ -1,15 +1,15 @@ --- - name: Include tasks for apt as package manager - include_tasks: apt.yml + ansible.builtin.include_tasks: apt.yml when: ansible_pkg_mgr == 'apt' - name: Include tasks for other package manager - include_tasks: other.yml + ansible.builtin.include_tasks: other.yml when: ansible_pkg_mgr != 'apt' - name: Ensure packages defined in delete_packages not installed - package: + ansible.builtin.package: name: "{{ delete_packages }}" state: absent when: delete_packages is defined diff --git a/roles/packages/tasks/other.yml b/roles/packages/tasks/other.yml index 14c691a..1dbc32f 100644 --- a/roles/packages/tasks/other.yml +++ b/roles/packages/tasks/other.yml @@ -1,6 +1,6 @@ --- - name: Ensure packages defined in install_packages are installed - package: + ansible.builtin.package: name: "{{ install_packages }}" state: present diff --git a/roles/prometheus_node_exporter/handlers/main.yml b/roles/prometheus_node_exporter/handlers/main.yml index 58bf584..77c9fee 100644 --- a/roles/prometheus_node_exporter/handlers/main.yml +++ b/roles/prometheus_node_exporter/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: restart prometheus-node-exporter - systemd: +- name: Restart prometheus-node-exporter + ansible.builtin.systemd: name: prometheus-node-exporter state: restarted diff --git a/roles/prometheus_node_exporter/tasks/main.yml b/roles/prometheus_node_exporter/tasks/main.yml index ad56f8b..bd9f183 100644 --- a/roles/prometheus_node_exporter/tasks/main.yml +++ b/roles/prometheus_node_exporter/tasks/main.yml @@ -1,12 +1,12 @@ --- - name: Install prometheus node exporter - apt: + ansible.builtin.apt: name: prometheus-node-exporter - name: Set prometheus options in /etc/default/prometheus-node-exporter - template: + ansible.builtin.template: src: templates/prometheus-node-exporter.j2 dest: /etc/default/prometheus-node-exporter - mode: 0644 - notify: restart prometheus-node-exporter + mode: '0644' + notify: Restart prometheus-node-exporter diff --git a/roles/reverse_proxy/tasks/main.yml b/roles/reverse_proxy/tasks/main.yml index a70080b..12b3c9f 100644 --- a/roles/reverse_proxy/tasks/main.yml +++ b/roles/reverse_proxy/tasks/main.yml @@ -1,29 +1,30 @@ --- - name: Deprecation warning - debug: + ansible.builtin.debug: msg: "uumas.general.reverse_proxy is deprecated. You should switch to uumas.general.vhost with vhost_type: reverse_proxy" -- block: +- name: Legacy proxy_target handling + when: proxy_target is defined and proxy_target_port is not defined + block: - name: Split legacy proxy_target to protocol and target - set_fact: + ansible.builtin.set_fact: proxy_target_split_protocol: "{{ proxy_target.split('://') }}" - name: Split target further to host and port - set_fact: + ansible.builtin.set_fact: proxy_target_split_host: "{{ (proxy_target_split_protocol | last).split(':') }}" - name: Set host and port variables - set_fact: + ansible.builtin.set_fact: proxy_target_host: "{{ proxy_target_split_host[0] }}" proxy_target_port: "{{ proxy_target_split_host[1] }}" - name: Set proxy_target_protocol based on proxy_target - set_fact: + ansible.builtin.set_fact: proxy_target_protocol: "{{ proxy_target_split_protocol[0] }}" when: proxy_target_split_protocol | length == 2 - when: proxy_target is defined and proxy_target_port is not defined -- name: configure vhost for reverse proxy - include_role: +- name: Configure vhost for reverse proxy + ansible.builtin.include_role: name: vhost vars: vhost_type: reverse_proxy diff --git a/roles/ssh/handlers/main.yml b/roles/ssh/handlers/main.yml index 1e3ceda..5dc04f0 100644 --- a/roles/ssh/handlers/main.yml +++ b/roles/ssh/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: restart ssh - systemd: +- name: Restart ssh + ansible.builtin.systemd: name: ssh state: restarted diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml index de8c5af..bc4fb90 100644 --- a/roles/ssh/tasks/main.yml +++ b/roles/ssh/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: Ensure sshd config options set correctly - lineinfile: + ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regexp: "^#?{{ item.key }} .*$" line: "{{ item.key }} {{ item.value }}" state: present validate: '/usr/sbin/sshd -t -f %s' - notify: restart ssh + notify: Restart ssh with_dict: PermitRootLogin: 'prohibit-password' PasswordAuthentication: "{{ 'yes' if sshd_password_auth else 'no' }}" diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index 06b166d..57d8de7 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Ensure sudo is installed - package: + ansible.builtin.package: name: sudo - name: Fail if removing the current user - fail: + ansible.builtin.fail: msg: Refusing to delete the user used to run this play when: - item.name == ansible_user_id @@ -15,7 +15,7 @@ become: false - name: Ensure users in correct state - user: + ansible.builtin.user: name: "{{ item.name }}" password: "{{ item.password }}" shell: "{{ item.shell | default('/bin/bash') }}" @@ -25,14 +25,14 @@ loop: "{{ users }}" - name: Set ssh authorized keys for users - authorized_key: + ansible.posix.authorized_key: user: "{{ item.name }}" key: "{{ item.ssh_pubkey }}" when: item.state | default('present') == 'present' loop: "{{ users }}" - name: Disable login as root with ssh key - file: + ansible.builtin.file: path: /root/.ssh/authorized_keys state: absent when: ansible_user | default('') != 'root' diff --git a/roles/vhost/tasks/caddy.yml b/roles/vhost/tasks/caddy.yml index a0a28d3..adc7d27 100644 --- a/roles/vhost/tasks/caddy.yml +++ b/roles/vhost/tasks/caddy.yml @@ -1,7 +1,7 @@ --- - name: Add caddy vhost config - blockinfile: + ansible.builtin.blockinfile: path: /etc/caddy/Caddyfile marker: "# {mark} ANSIBLE MANAGED BLOCK {{ vhost_id }}" block: | diff --git a/roles/vhost/tasks/main.yml b/roles/vhost/tasks/main.yml index 775cb52..d0c6417 100644 --- a/roles/vhost/tasks/main.yml +++ b/roles/vhost/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Fail if redirect_target is a relative path and redirect_preserve_path is true - fail: + ansible.builtin.fail: msg: redirect_target must be an absolute url or absolute path if redirect_preserve_path is true when: - redirect_preserve_path @@ -9,17 +9,17 @@ - not redirect_target.startswith('/') - name: Fail if redirect_tartget ends with / and redirect_preserve_path is true - fail: + ansible.builtin.fail: msg: redirect_target must not end with / if redirect_preserve_path is true when: - redirect_preserve_path - redirect_target.endswith('/') - name: Reset vhost_locations_all - set_fact: + ansible.builtin.set_fact: vhost_locations_all: [] - name: Set vhost_locations_all reverse proxies - set_fact: + ansible.builtin.set_fact: vhost_locations_all: > {{ vhost_locations_all + [{ 'path': item.path, @@ -43,5 +43,5 @@ loop: "{{ vhost_locations + [{'path': ''}] }}" - name: "Setup {{ vhost_id + ' vhost on ' + web_server }}" - include_tasks: "{{ web_server }}.yml" + ansible.builtin.include_tasks: "{{ web_server }}.yml" when: web_server != 'none'