v0.5.20

galaxy.yml

@@ -2,7 +2,7 @@
 namespace: uumas
 name: general
 description: General roles
-version: 0.5.17
+version: 0.5.20
 readme: README.md
 authors:
   - uumas

roles/borgmatic/tasks/target.yaml

@@ -7,7 +7,7 @@
 
 - name: Add ssh key to authorized_keys
   ansible.posix.authorized_key:
-    user: "{{ hostvars[target.host].ansible_user_id }}"
+    user: "{{ hostvars[target.host].ansible_facts.user_id }}"
     key: >-
       {{
         _borgmatic_key.public_key + ' ' + _borgmatic_key.comment
@@ -22,7 +22,7 @@
 
 - name: Create backup directories
   ansible.builtin.file:
-    path: "{{ hostvars[target.host].ansible_user_dir }}/{{ item }}/{{ ansible_fqdn }}"
+    path: "{{ hostvars[target.host].ansible_facts.user_dir }}/{{ item }}/{{ ansible_facts.fqdn }}"
     state: directory
     mode: "0700"
   loop: "{{ target.directories }}"

roles/caddy/tasks/main.yaml

@@ -1,9 +1,27 @@
 ---
+- name: Set sysctl udp buffer sizes for caddy
+  ansible.posix.sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.value }}"
+    state: present
+    reload: true
+  with_dict:
+    net.core.rmem_max: "7500000"
+    net.core.wmem_max: "7500000"
+
 - name: Ensure legacy caddy apt repository not present
   ansible.builtin.file:
     path: /etc/apt/sources.list.d/caddy-stable.list
     state: absent
 
+- name: Ensure caddy apt repository not present
+  ansible.builtin.file:
+    path: /etc/apt/sources.list.d/caddy-stable.list
+    state: absent
+  when: >
+    (ansible_facts.distribution == 'Debian' and ansible_facts.distribution_major_version | int > 11) or
+    (ansible_facts.distribution == 'Ubuntu' and ansible_facts.distribution_major_version | int >= 24)
+
 - name: Add caddy apt repository
   ansible.builtin.deb822_repository:
     name: caddy-stable
@@ -13,8 +31,8 @@
     components:
       - main
   when: >
-    (ansible_distribution == 'Debian' and ansible_distribution_major_version | int == 11) or
-    (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int < 24)
+    (ansible_facts.distribution == 'Debian' and ansible_facts.distribution_major_version | int == 11) or
+    (ansible_facts.distribution == 'Ubuntu' and ansible_facts.distribution_major_version | int < 24)
 
 - name: Install caddy
   ansible.builtin.apt:

roles/locale/tasks/main.yaml

@@ -1,5 +1,5 @@
 ---
-- name: Include variables for os family {{ ansible_os_family }}
+- name: Include variables for os family {{ ansible_facts.os_family }}
   ansible.builtin.include_vars: "{{ ansible_facts.os_family }}.yaml"
 
 - name: Install locales package

roles/systemd/README.md

@@ -0,0 +1,9 @@
+Adds systemd-related notifiable handlers
+
+- Reload systemd daemon
+  - Reloads all systemd unit files
+- Apply systemd unit restarts
+  - Restarts multiple systemd units in a single transaction
+  - Units to be restarted are defined in the `systemd_restart_units` variable of type list
+  - The variable should be set using `ansible.builtin.set_fact`, with `# noqa: var-naming[no-role-prefix]`
+  - The list must not be overridden, but appended (`systemd_restart_units: "{{ systemd_restart_units + ['restartme.service'] }}"`

roles/systemd/defaults/main.yaml

@@ -0,0 +1,2 @@
+---
+systemd_restart_units: []

roles/systemd/handlers/main.yaml

@@ -0,0 +1,14 @@
+---
+- name: Reload systemd daemon
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+
+- name: Apply systemd unit restarts # noqa: command-instead-of-module
+  ansible.builtin.command:
+    cmd: systemctl restart {{ systemd_restart_units | join(' ') }}
+  changed_when: true
+
+- name: Reset systemd restart units
+  listen: Apply systemd unit restarts
+  ansible.builtin.set_fact:
+    systemd_restart_units: []

roles/systemd_socket/README.md

@@ -0,0 +1 @@
+Adds a systemd socket for a service

roles/systemd_socket/defaults/main.yaml

@@ -0,0 +1,2 @@
+---
+systemd_socket_requires: []

roles/systemd_socket/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: Restart socket {{ systemd_socket_name }}
+  ansible.builtin.set_fact:
+    systemd_restart_units: "{{ systemd_restart_units + [systemd_socket_name ~ '.socket'] }}" # noqa: var-naming[no-role-prefix]
+  changed_when: true
+  notify: Apply systemd unit restarts

roles/systemd_socket/meta/argument_specs.yaml

@@ -0,0 +1,16 @@
+---
+argument_specs:
+  main:
+    description:
+      - Adds a systemd socket for a service
+    options:
+      systemd_socket_name:
+        description: Name of the socket. The socket will be created at /run/<systemd_socket_name>.sock
+        type: str
+        required: true
+      systemd_socket_requires:
+        description: List of units this socket depends on.
+        type: list
+        required: false
+        default: []
+        elements: str

roles/systemd_socket/meta/main.yaml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: systemd

roles/systemd_socket/tasks/main.yaml

@@ -0,0 +1,9 @@
+---
+- name: Socket {{ systemd_socket_name }}
+  ansible.builtin.template:
+    src: socket.j2
+    dest: /etc/systemd/system/{{ systemd_socket_name }}.socket
+    mode: "0644"
+  notify:
+    - Reload systemd daemon
+    - Restart socket {{ systemd_socket_name }}

roles/systemd_socket/templates/socket.j2

@@ -0,0 +1,9 @@
+# {{ ansible_managed }}
+[Unit]
+Description={{ systemd_socket_name }} socket
+{% for item in systemd_socket_requires %}
+Requires={{ item }}
+{% endfor %}
+
+[Socket]
+ListenStream=/run/{{ systemd_socket_name }}.sock

roles/vhost/defaults/main.yaml

@@ -6,6 +6,7 @@ vhost_web_server: caddy
 
 vhost_locations: []
 vhost_headers: {}
+vhost_find_replace_headers: []
 vhost_delete_headers: []
 
 vhost_basicauth: false

roles/vhost/meta/argument_specs.yaml

@@ -46,6 +46,25 @@ argument_specs:
         type: dict
         required: false
         default: {}
+      vhost_find_replace_headers:
+        description: Response headers to find and replace
+        type: list
+        elements: dict
+        required: false
+        default: []
+        options:
+          header:
+            description: Header to modify
+            type: str
+            required: true
+          find:
+            description: Header content to find
+            type: str
+            required: true
+          replace:
+            description: Content to replace matching headers with
+            type: str
+            required: true
       vhost_delete_headers:
         description: List of reponse headers to delete
         type: list
@@ -242,6 +261,25 @@ argument_specs:
             type: dict
             required: false
             default: "{{ vhost_headers }}"
+          find_replace_headers:
+            description: Response headers to find and replace
+            type: list
+            elements: dict
+            required: false
+            default: "{{ vhost_find_replace_headers }}"
+            options:
+              header:
+                description: Header to modify
+                type: str
+                required: true
+              find:
+                description: Header content to find
+                type: str
+                required: true
+              replace:
+                description: Content to replace matching headers with
+                type: str
+                required: true
           delete_headers:
             description: List of response headers to delete
             type: list
@@ -414,6 +452,25 @@ argument_specs:
             type: dict
             required: false
             default: "{{ vhost_headers }}"
+          find_replace_headers:
+            description: Response headers to find and replace
+            type: list
+            elements: dict
+            required: false
+            default: "{{ vhost_find_replace_headers }}"
+            options:
+              header:
+                description: Header to modify
+                type: str
+                required: true
+              find:
+                description: Header content to find
+                type: str
+                required: true
+              replace:
+                description: Content to replace matching headers with
+                type: str
+                required: true
           delete_headers:
             description: List of response headers to delete
             type: list
@@ -610,6 +667,24 @@ argument_specs:
                 description: Dict of response headers and their values
                 type: dict
                 required: false
+              find_replace_headers:
+                description: Response headers to find and replace
+                type: list
+                elements: dict
+                required: false
+                options:
+                  header:
+                    description: Header to modify
+                    type: str
+                    required: true
+                  find:
+                    description: Header content to find
+                    type: str
+                    required: true
+                  replace:
+                    description: Content to replace matching headers with
+                    type: str
+                    required: true
               delete_headers:
                 description: List of response headers to delete
                 type: list

roles/vhost/templates/Caddyfile_block.j2

@@ -22,6 +22,12 @@
           {% for header in matcher.delete_headers %}
             header -{{ header }}
           {% endfor %}
+          {% for header in matcher.find_replace_headers %}
+            header {
+                {{ header.header }} `^{{ header.find }}$` `{{ header.replace }}`
+                defer
+            }
+          {% endfor %}
           {% for header in matcher.headers | dict2items %}
             header {{ header.key }} `{{ header.value }}`
           {% endfor %}

roles/vhost/vars/main.yaml

@@ -13,6 +13,7 @@ _vhost_matchers: >-
 _vhost_location_defaults:
   type: "{{ vhost_type }}"
   headers: "{{ vhost_headers }}"
+  find_replace_headers: "{{ vhost_find_replace_headers }}"
   delete_headers: "{{ vhost_delete_headers }}"
 
   basicauth: "{{ vhost_basicauth }}"