uumas/ansible-general
1
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

formatting

Browse Source
This commit is contained in:
uumas
2023-09-04 02:13:17 +03:00
parent 699c667a45
commit 4e9f127210
18 changed files with 60 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
galaxy.yml
View File

@@ -2,9 +2,12 @@
namespace: uumas namespace: uumas
name: general name: general
description: General roles
version: 0.5.10 version: 0.5.10
readme: README.md readme: README.md
authors: authors:
- uumas - uumas
license_file: 'LICENSE' license_file: 'LICENSE'
repository: 'https://git.uumas.fi/uumas/ansible-general' repository: 'https://git.uumas.fi/uumas/ansible-general'
tags:
- linux

1
meta/runtime.yml
View File

@@ -1,4 +1,3 @@
--- ---
requires_ansible: ">=2.10" requires_ansible: ">=2.10"

5
roles/apt_repository/tasks/main.yml
View File

@@ -23,9 +23,10 @@
state: directory state: directory
mode: "0755" mode: "0755"
- name: Remove legacy {{ repo_name }} repo - name: Remove legacy repo {{ repo_name }}
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: "deb {{ '[' + repo_options | join(' ') + '] ' if repo_options | length > 0 else '' }}{{ repo_url }} {{ repo_suite }} {{ repo_components | join(' ') }}" repo: >
deb {{ '[' + repo_options | join(' ') + '] ' if repo_options | length > 0 else '' }}{{ repo_url }} {{ repo_suite }} {{ repo_components | join(' ') }}
filename: "{{ repo_name }}" filename: "{{ repo_name }}"
state: absent state: absent

4
roles/caddy/handlers/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: reload caddy - name: Reload caddy
systemd: ansible.builtin.systemd:
name: caddy name: caddy
state: reloaded state: reloaded

8
roles/caddy/tasks/main.yml
View File

@@ -12,11 +12,11 @@
- main - main
- name: Install caddy - name: Install caddy
apt: ansible.builtin.apt:
name: caddy name: caddy
- name: Remove default settings from caddyfile - name: Remove default settings from caddyfile
blockinfile: ansible.builtin.blockinfile:
path: /etc/caddy/Caddyfile path: /etc/caddy/Caddyfile
marker: "{mark}" marker: "{mark}"
marker_begin: ':80 {' marker_begin: ':80 {'
@@ -26,7 +26,7 @@
backup: true backup: true
- name: Put caddy general config in place - name: Put caddy general config in place
blockinfile: ansible.builtin.blockinfile:
path: /etc/caddy/Caddyfile path: /etc/caddy/Caddyfile
marker: "# {mark} ANSIBLE MANAGED BLOCK general" marker: "# {mark} ANSIBLE MANAGED BLOCK general"
block: | block: |
@@ -35,4 +35,4 @@
} }
validate: 'caddy validate --config %s --adapter caddyfile' validate: 'caddy validate --config %s --adapter caddyfile'
backup: true backup: true
notify: reload caddy notify: Reload caddy

12
roles/locale/tasks/main.yml
View File

@@ -1,20 +1,20 @@
--- ---
- name: Include variables for {{ ansible_os_family }} family - name: Include variables for os family {{ ansible_os_family }}
include_vars: "{{ ansible_os_family }}.yml" ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
- name: Install locales package - name: Install locales package
package: ansible.builtin.package:
name: "{{ locale_package }}" name: "{{ locale_package }}"
when: locale_package is defined when: locale_package is defined
- name: Generate locales - name: Generate locales
locale_gen: community.general.locale_gen:
name: "{{ item }}" name: "{{ item }}"
loop: "{{ gen_locales }}" loop: "{{ gen_locales }}"
- name: Put default locale config in place - name: Put default locale config in place
template: ansible.builtin.template:
src: locale.j2 src: locale.j2
dest: "{{ locale_config }}" dest: "{{ locale_config }}"
mode: 0644 mode: '0644'

11
roles/packages/tasks/apt.yml
View File

@@ -1,20 +1,21 @@
--- ---
- name: Ensure packages defined in install_packages are installed - name: Ensure packages defined in install_packages are installed
apt: ansible.builtin.apt:
name: "{{ install_packages }}" name: "{{ install_packages }}"
state: present state: present
update_cache: true update_cache: true
- block: - name: Ensure packages defined in backports_packages are installed
when: backports_packages is defined
block:
- name: Enable backports - name: Enable backports
apt_repository: ansible.builtin.apt_repository:
repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main" repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main"
filename: backports filename: backports
- name: Install backports packages - name: Install backports packages
apt: ansible.builtin.apt:
name: "{{ backports_packages }}" name: "{{ backports_packages }}"
state: present state: present
default_release: "{{ ansible_distribution_release }}-backports" default_release: "{{ ansible_distribution_release }}-backports"
when: backports_packages is defined

6
roles/packages/tasks/main.yml
View File

@@ -1,15 +1,15 @@
--- ---
- name: Include tasks for apt as package manager - name: Include tasks for apt as package manager
include_tasks: apt.yml ansible.builtin.include_tasks: apt.yml
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'
- name: Include tasks for other package manager - name: Include tasks for other package manager
include_tasks: other.yml ansible.builtin.include_tasks: other.yml
when: ansible_pkg_mgr != 'apt' when: ansible_pkg_mgr != 'apt'
- name: Ensure packages defined in delete_packages not installed - name: Ensure packages defined in delete_packages not installed
package: ansible.builtin.package:
name: "{{ delete_packages }}" name: "{{ delete_packages }}"
state: absent state: absent
when: delete_packages is defined when: delete_packages is defined

2
roles/packages/tasks/other.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Ensure packages defined in install_packages are installed - name: Ensure packages defined in install_packages are installed
package: ansible.builtin.package:
name: "{{ install_packages }}" name: "{{ install_packages }}"
state: present state: present

4
roles/prometheus_node_exporter/handlers/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: restart prometheus-node-exporter - name: Restart prometheus-node-exporter
systemd: ansible.builtin.systemd:
name: prometheus-node-exporter name: prometheus-node-exporter
state: restarted state: restarted

8
roles/prometheus_node_exporter/tasks/main.yml
View File

@@ -1,12 +1,12 @@
--- ---
- name: Install prometheus node exporter - name: Install prometheus node exporter
apt: ansible.builtin.apt:
name: prometheus-node-exporter name: prometheus-node-exporter
- name: Set prometheus options in /etc/default/prometheus-node-exporter - name: Set prometheus options in /etc/default/prometheus-node-exporter
template: ansible.builtin.template:
src: templates/prometheus-node-exporter.j2 src: templates/prometheus-node-exporter.j2
dest: /etc/default/prometheus-node-exporter dest: /etc/default/prometheus-node-exporter
mode: 0644 mode: '0644'
notify: restart prometheus-node-exporter notify: Restart prometheus-node-exporter

19
roles/reverse_proxy/tasks/main.yml
View File

@@ -1,29 +1,30 @@
--- ---
- name: Deprecation warning - name: Deprecation warning
debug: ansible.builtin.debug:
msg: "uumas.general.reverse_proxy is deprecated. You should switch to uumas.general.vhost with vhost_type: reverse_proxy" msg: "uumas.general.reverse_proxy is deprecated. You should switch to uumas.general.vhost with vhost_type: reverse_proxy"
- block: - name: Legacy proxy_target handling
when: proxy_target is defined and proxy_target_port is not defined
block:
- name: Split legacy proxy_target to protocol and target - name: Split legacy proxy_target to protocol and target
set_fact: ansible.builtin.set_fact:
proxy_target_split_protocol: "{{ proxy_target.split('://') }}" proxy_target_split_protocol: "{{ proxy_target.split('://') }}"
- name: Split target further to host and port - name: Split target further to host and port
set_fact: ansible.builtin.set_fact:
proxy_target_split_host: "{{ (proxy_target_split_protocol | last).split(':') }}" proxy_target_split_host: "{{ (proxy_target_split_protocol | last).split(':') }}"
- name: Set host and port variables - name: Set host and port variables
set_fact: ansible.builtin.set_fact:
proxy_target_host: "{{ proxy_target_split_host[0] }}" proxy_target_host: "{{ proxy_target_split_host[0] }}"
proxy_target_port: "{{ proxy_target_split_host[1] }}" proxy_target_port: "{{ proxy_target_split_host[1] }}"
- name: Set proxy_target_protocol based on proxy_target - name: Set proxy_target_protocol based on proxy_target
set_fact: ansible.builtin.set_fact:
proxy_target_protocol: "{{ proxy_target_split_protocol[0] }}" proxy_target_protocol: "{{ proxy_target_split_protocol[0] }}"
when: proxy_target_split_protocol | length == 2 when: proxy_target_split_protocol | length == 2
when: proxy_target is defined and proxy_target_port is not defined
- name: configure vhost for reverse proxy - name: Configure vhost for reverse proxy
include_role: ansible.builtin.include_role:
name: vhost name: vhost
vars: vars:
vhost_type: reverse_proxy vhost_type: reverse_proxy

4
roles/ssh/handlers/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: restart ssh - name: Restart ssh
systemd: ansible.builtin.systemd:
name: ssh name: ssh
state: restarted state: restarted

4
roles/ssh/tasks/main.yml
View File

@@ -1,13 +1,13 @@
--- ---
- name: Ensure sshd config options set correctly - name: Ensure sshd config options set correctly
lineinfile: ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: "^#?{{ item.key }} .*$" regexp: "^#?{{ item.key }} .*$"
line: "{{ item.key }} {{ item.value }}" line: "{{ item.key }} {{ item.value }}"
state: present state: present
validate: '/usr/sbin/sshd -t -f %s' validate: '/usr/sbin/sshd -t -f %s'
notify: restart ssh notify: Restart ssh
with_dict: with_dict:
PermitRootLogin: 'prohibit-password' PermitRootLogin: 'prohibit-password'
PasswordAuthentication: "{{ 'yes' if sshd_password_auth else 'no' }}" PasswordAuthentication: "{{ 'yes' if sshd_password_auth else 'no' }}"

10
roles/users/tasks/main.yml
View File

@@ -1,11 +1,11 @@
--- ---
- name: Ensure sudo is installed - name: Ensure sudo is installed
package: ansible.builtin.package:
name: sudo name: sudo
- name: Fail if removing the current user - name: Fail if removing the current user
fail: ansible.builtin.fail:
msg: Refusing to delete the user used to run this play msg: Refusing to delete the user used to run this play
when: when:
- item.name == ansible_user_id - item.name == ansible_user_id
@@ -15,7 +15,7 @@
become: false become: false
- name: Ensure users in correct state - name: Ensure users in correct state
user: ansible.builtin.user:
name: "{{ item.name }}" name: "{{ item.name }}"
password: "{{ item.password }}" password: "{{ item.password }}"
shell: "{{ item.shell | default('/bin/bash') }}" shell: "{{ item.shell | default('/bin/bash') }}"
@@ -25,14 +25,14 @@
loop: "{{ users }}" loop: "{{ users }}"
- name: Set ssh authorized keys for users - name: Set ssh authorized keys for users
authorized_key: ansible.posix.authorized_key:
user: "{{ item.name }}" user: "{{ item.name }}"
key: "{{ item.ssh_pubkey }}" key: "{{ item.ssh_pubkey }}"
when: item.state | default('present') == 'present' when: item.state | default('present') == 'present'
loop: "{{ users }}" loop: "{{ users }}"
- name: Disable login as root with ssh key - name: Disable login as root with ssh key
file: ansible.builtin.file:
path: /root/.ssh/authorized_keys path: /root/.ssh/authorized_keys
state: absent state: absent
when: ansible_user | default('') != 'root' when: ansible_user | default('') != 'root'

2
roles/vhost/tasks/caddy.yml
View File

@@ -1,7 +1,7 @@
--- ---
- name: Add caddy vhost config - name: Add caddy vhost config
blockinfile: ansible.builtin.blockinfile:
path: /etc/caddy/Caddyfile path: /etc/caddy/Caddyfile
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ vhost_id }}" marker: "# {mark} ANSIBLE MANAGED BLOCK {{ vhost_id }}"
block: | block: |

10
roles/vhost/tasks/main.yml
View File

@@ -1,7 +1,7 @@
--- ---
- name: Fail if redirect_target is a relative path and redirect_preserve_path is true - name: Fail if redirect_target is a relative path and redirect_preserve_path is true
fail: ansible.builtin.fail:
msg: redirect_target must be an absolute url or absolute path if redirect_preserve_path is true msg: redirect_target must be an absolute url or absolute path if redirect_preserve_path is true
when: when:
- redirect_preserve_path - redirect_preserve_path
@@ -9,17 +9,17 @@
- not redirect_target.startswith('/') - not redirect_target.startswith('/')
- name: Fail if redirect_tartget ends with / and redirect_preserve_path is true - name: Fail if redirect_tartget ends with / and redirect_preserve_path is true
fail: ansible.builtin.fail:
msg: redirect_target must not end with / if redirect_preserve_path is true msg: redirect_target must not end with / if redirect_preserve_path is true
when: when:
- redirect_preserve_path - redirect_preserve_path
- redirect_target.endswith('/') - redirect_target.endswith('/')
- name: Reset vhost_locations_all - name: Reset vhost_locations_all
set_fact: ansible.builtin.set_fact:
vhost_locations_all: [] vhost_locations_all: []
- name: Set vhost_locations_all reverse proxies - name: Set vhost_locations_all reverse proxies
set_fact: ansible.builtin.set_fact:
vhost_locations_all: > vhost_locations_all: >
{{ vhost_locations_all + [{ {{ vhost_locations_all + [{
'path': item.path, 'path': item.path,
@@ -43,5 +43,5 @@
loop: "{{ vhost_locations + [{'path': ''}] }}" loop: "{{ vhost_locations + [{'path': ''}] }}"
- name: "Setup {{ vhost_id + ' vhost on ' + web_server }}" - name: "Setup {{ vhost_id + ' vhost on ' + web_server }}"
include_tasks: "{{ web_server }}.yml" ansible.builtin.include_tasks: "{{ web_server }}.yml"
when: web_server != 'none' when: web_server != 'none'