uumas/ansible-general
1
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

Compare commits

base: uumas:273da948b551c732ba857b63e56410426a3fa31e
Branches Tags
uumas:master
..
compare: uumas:master
Branches Tags
uumas:master

9 Commits
273da948b5 ... master

Author SHA1 Message Date
uumas
d8bd645a80 Support ssh_pubkeys as list 2025-10-12 19:26:12 +03:00
uumas
6d2d305fd0 caddy: Use firewalld 2025-09-14 03:02:59 +03:00
uumas
90ade1e766 Add readmes 2025-09-14 03:02:48 +03:00
uumas
f2840d79a7 prometheus_node_exporter: Allow listening on all 2025-09-14 03:02:09 +03:00
uumas
217b79b225 Add firewalld role 2025-09-14 03:01:52 +03:00
uumas
37066850a0 compatcheck: support macosx 2025-09-14 02:58:39 +03:00
uumas
7617edfdde borgmatic_config: Initialize repos 2025-09-14 02:58:15 +03:00
uumas
e4c8a2343a borgmatic: ignore unreachable backup target 2025-09-14 02:57:45 +03:00
uumas
9b40f06804 Revert "prometheus_node_exporter: Make listening on localhost possible" 
This reverts commit 273da948b5.
 2025-07-27 19:42:24 +03:00
20 changed files with 63 additions and 6 deletions
Expand all files Collapse all files

2
roles/automatic_updates/README.md Normal file
View File

@@ -0,0 +1,2 @@
This role enables automatic package updates.
It currently supports Debian and Ubuntu.

1
roles/borgmatic/README.md Normal file
View File

@@ -0,0 +1 @@
Installs borgmatic

1
roles/borgmatic/tasks/target.yaml
View File

@@ -2,6 +2,7 @@
- name: Gather facts - name: Gather facts
ansible.builtin.setup: ansible.builtin.setup:
delegate_facts: true delegate_facts: true
ignore_unreachable: true
retries: 3 retries: 3
- name: Add ssh key to authorized_keys - name: Add ssh key to authorized_keys

1
roles/borgmatic_config/README.md Normal file
View File

@@ -0,0 +1 @@
Creates a bormatic configuration in /etc/borgmatic.d/ and creates the repos

6
roles/borgmatic_config/handlers/main.yaml
View File

@@ -1,4 +1,10 @@
--- ---
- name: Initialize borgmatic
ansible.builtin.command:
cmd: borgmatic init --encryption repokey
register: _borgmatic_init_out
changed_when: _borgmatic_init_out.stdout | length > 0
- name: Restart borgmatic timer {{ borgmatic_config_name }} - name: Restart borgmatic timer {{ borgmatic_config_name }}
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
name: "borgmatic@{{ borgmatic_config_name }}.timer" name: "borgmatic@{{ borgmatic_config_name }}.timer"

1
roles/borgmatic_config/tasks/main.yaml
View File

@@ -18,6 +18,7 @@
dest: /etc/borgmatic.d/{{ borgmatic_config_name }}.yaml dest: /etc/borgmatic.d/{{ borgmatic_config_name }}.yaml
mode: "0600" mode: "0600"
no_log: true no_log: true
notify: Initialize borgmatic
- name: Add systemd timer for borgmatic {{ borgmatic_config_name }} - name: Add systemd timer for borgmatic {{ borgmatic_config_name }}
ansible.builtin.template: ansible.builtin.template:

3
roles/caddy/meta/main.yaml
View File

@@ -4,6 +4,7 @@ dependencies:
vars: vars:
compatcheck_supported_distributions: compatcheck_supported_distributions:
- name: debian - name: debian
version_min: 11 version_min: 12
- name: ubuntu - name: ubuntu
version_min: 22 version_min: 22
- role: uumas.general.firewalld

11
roles/caddy/tasks/main.yaml
View File

@@ -41,3 +41,14 @@
validate: 'caddy validate --config %s --adapter caddyfile' validate: 'caddy validate --config %s --adapter caddyfile'
backup: true backup: true
notify: Reload caddy notify: Reload caddy
- name: Open ports for caddy
ansible.posix.firewalld:
service: "{{ item }}"
state: enabled
permanent: true
immediate: true
loop:
- http
- https
- http3

6
roles/compatcheck/meta/argument_specs.yaml
View File

@@ -22,6 +22,7 @@ argument_specs:
- ubuntu - ubuntu
- fedora - fedora
- archlinux - archlinux
- macosx
version_min: version_min:
description: Earliest supported major version. Allows any version if not specified. description: Earliest supported major version. Allows any version if not specified.
type: int type: int
@@ -31,7 +32,9 @@ argument_specs:
type: int type: int
required: false required: false
package_managers: package_managers:
description: List of supported package managers. Defaults to apt for debian and ubuntu, dnf for fedora, pacman for archlinux description: >-
List of supported package managers. Defaults to apt for debian and ubuntu,
dnf for fedora, pacman for archlinux, homebrew for macosx
type: list type: list
required: false required: false
elements: str elements: str
@@ -40,3 +43,4 @@ argument_specs:
- dnf - dnf
- pacman - pacman
- atomic_container - atomic_container
- homebrew

1
roles/compatcheck/vars/main.yaml
View File

@@ -5,4 +5,5 @@ _compatcheck_default_package_managers:
ubuntu: apt ubuntu: apt
fedora: dnf fedora: dnf
archlinux: pacman archlinux: pacman
macosx: homebrew
_compatcheck_default_package_manager: "{{ _compatcheck_default_package_managers[ansible_distribution | lower] }}" _compatcheck_default_package_manager: "{{ _compatcheck_default_package_managers[ansible_distribution | lower] }}"

1
roles/firewalld/README.md Normal file
View File

@@ -0,0 +1 @@
Installs firewalld

5
roles/firewalld/meta/argument_specs.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
argument_specs:
main:
description: Installs firewalld
options: {}

9
roles/firewalld/meta/main.yaml Normal file
View File

@@ -0,0 +1,9 @@
---
dependencies:
- role: uumas.general.compatcheck
vars:
compatcheck_supported_distributions:
- name: debian
version_min: 12
- name: ubuntu
version_min: 22

4
roles/firewalld/tasks/main.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
- name: Install firewalld
ansible.builtin.apt:
name: firewalld

2
roles/prometheus_node_exporter/defaults/main.yaml Normal file
View File

@@ -0,0 +1,2 @@
---
prometheus_node_exporter_local_network: ""

4
roles/prometheus_node_exporter/meta/argument_specs.yaml
View File

@@ -6,5 +6,7 @@ argument_specs:
prometheus_node_exporter_local_network: prometheus_node_exporter_local_network:
description: >- description: >-
The local ipv4 network block, listen address is taken from this block. The local ipv4 network block, listen address is taken from this block.
If empty, listens on 0.0.0.0
type: str type: str
required: true required: false
default: ""

3
roles/prometheus_node_exporter/meta/main.yaml Normal file
View File

@@ -0,0 +1,3 @@
---
dependencies:
- role: uumas.general.firewalld

3
roles/prometheus_node_exporter/tasks/main.yaml
View File

@@ -7,11 +7,12 @@
- name: debian - name: debian
version_min: 11 version_min: 11
- name: ubuntu - name: ubuntu
version_min: 24 version_min: 22
- name: Install prometheus node exporter - name: Install prometheus node exporter
ansible.builtin.apt: ansible.builtin.apt:
name: prometheus-node-exporter name: prometheus-node-exporter
install_recommends: false
- name: Set prometheus options in /etc/default/prometheus-node-exporter - name: Set prometheus options in /etc/default/prometheus-node-exporter
ansible.builtin.template: ansible.builtin.template:

2
roles/prometheus_node_exporter/templates/prometheus-node-exporter.j2
View File

@@ -1 +1 @@
ARGS="--web.listen-address {{ (ansible_locally_reachable_ips.ipv4 | ansible.utils.ipaddr(prometheus_node_exporter_local_network))[-1] }}:9100 --collector.logind --collector.systemd --collector.processes" ARGS="--web.listen-address {{ (ansible_all_ipv4_addresses | ansible.utils.ipaddr(prometheus_node_exporter_local_network))[0] if prometheus_node_exporter_local_network | length > 0 else '0.0.0.0' }}:9100 --collector.logind --collector.systemd --collector.processes"

3
roles/users/tasks/main.yaml
View File

@@ -26,7 +26,8 @@
- name: Set ssh authorized keys for users - name: Set ssh authorized keys for users
ansible.posix.authorized_key: ansible.posix.authorized_key:
user: "{{ item.name }}" user: "{{ item.name }}"
key: "{{ item.ssh_pubkey }}" key: "{{ item.ssh_pubkeys | default([item.ssh_pubkey]) | join('\n') }}"
exclusive: true
when: item.state | default('present') == 'present' when: item.state | default('present') == 'present'
loop: "{{ users }}" loop: "{{ users }}"