uumas/ansible-general
1
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

Compare commits

base: uumas:3ac11815ca775f901f4ab3a6b576778ce4c04eae
Branches Tags
uumas:master
..
compare: uumas:4e9f127210ac87f39a327b8e8a5eb457129a427b
Branches Tags
uumas:master

6 Commits
3ac11815ca ... 4e9f127210

Author SHA1 Message Date
uumas
4e9f127210 formatting 2023-09-04 02:13:17 +03:00
uumas
699c667a45 v0.5.10 2023-09-04 01:41:46 +03:00
uumas
3abf4a49f3 apt_repository: add caddy repo as molecule test 2023-09-04 01:38:05 +03:00
uumas
fa7288bc7b caddy: use apt_repository role 2023-09-04 00:57:51 +03:00
uumas
01182d07e6 apt_repository: remove legacy repo format 2023-09-04 00:51:01 +03:00
uumas
4551e6ce46 apt_repository: fix filename 2023-09-04 00:50:40 +03:00
20 changed files with 105 additions and 74 deletions
Expand all files Collapse all files

5
galaxy.yml
View File

@@ -2,9 +2,12 @@
namespace: uumas namespace: uumas
name: general name: general
version: 0.5.9 description: General roles
version: 0.5.10
readme: README.md readme: README.md
authors: authors:
- uumas - uumas
license_file: 'LICENSE' license_file: 'LICENSE'
repository: 'https://git.uumas.fi/uumas/ansible-general' repository: 'https://git.uumas.fi/uumas/ansible-general'
tags:
- linux

1
meta/runtime.yml
View File

@@ -1,4 +1,3 @@
--- ---
requires_ansible: ">=2.10" requires_ansible: ">=2.10"

15
roles/apt_repository/molecule/default/converge.yml
View File

@@ -2,8 +2,8 @@
- name: Converge - name: Converge
hosts: all hosts: all
tasks: tasks:
- name: "Include apt_repository" - name: Add docker apt repository
ansible.builtin.import_role: ansible.builtin.include_role:
name: apt_repository name: apt_repository
vars: vars:
repo_name: docker repo_name: docker
@@ -12,3 +12,14 @@
repo_arch: "{{ apt_arch }}" repo_arch: "{{ apt_arch }}"
repo_components: repo_components:
- stable - stable
- name: Add caddy apt repository
ansible.builtin.include_role:
name: apt_repository
vars:
repo_name: caddy-stable
repo_url: https://dl.cloudsmith.io/public/caddy/stable/deb/debian
repo_key_url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
repo_suite: any-version
repo_components:
- main

16
roles/apt_repository/molecule/default/verify.yml
View File

@@ -7,6 +7,10 @@
ansible.builtin.slurp: ansible.builtin.slurp:
src: /etc/apt/sources.list.d/docker.list src: /etc/apt/sources.list.d/docker.list
register: docker_repo register: docker_repo
- name: Get content of caddy source file
ansible.builtin.slurp:
src: /etc/apt/sources.list.d/caddy-stable.list
register: caddy_repo
- name: Ensure docker repo file content is as expected - name: Ensure docker repo file content is as expected
ansible.builtin.assert: ansible.builtin.assert:
@@ -19,3 +23,15 @@
deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc]
https://download.docker.com/linux/{{ ansible_distribution | lower }} https://download.docker.com/linux/{{ ansible_distribution | lower }}
{{ ansible_distribution_release }} stable but it contained {{ docker_repo.content | b64decode }} instead {{ ansible_distribution_release }} stable but it contained {{ docker_repo.content | b64decode }} instead
- name: Ensure caddy repo file content is as expected
ansible.builtin.assert:
that: >
caddy_repo.content | b64decode == "deb [signed-by=/etc/apt/keyrings/caddy-stable.asc]
https://dl.cloudsmith.io/public/caddy/stable/deb/debian
any-version main\n"
msg: >
/etc/apt/sources.list.d/caddy-stable.list should contain
deb [signed-by=/etc/apt/keyrings/caddy-stable.asc]
https://dl.cloudsmith.io/public/caddy/stable/deb/debian
any-version main but it contained {{ docker_repo.content | b64decode }} instead

9
roles/apt_repository/tasks/main.yml
View File

@@ -23,6 +23,13 @@
state: directory state: directory
mode: "0755" mode: "0755"
- name: Remove legacy repo {{ repo_name }}
ansible.builtin.apt_repository:
repo: >
deb {{ '[' + repo_options | join(' ') + '] ' if repo_options | length > 0 else '' }}{{ repo_url }} {{ repo_suite }} {{ repo_components | join(' ') }}
filename: "{{ repo_name }}"
state: absent
- name: Get repo signing key - name: Get repo signing key
ansible.builtin.get_url: ansible.builtin.get_url:
url: "{{ repo_key_url }}" url: "{{ repo_key_url }}"
@@ -37,5 +44,5 @@
- name: Add repo {{ repo_name }} - name: Add repo {{ repo_name }}
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: "deb [{{ repo_options | join(' ') }}] {{ repo_url }} {{ repo_suite }} {{ repo_components | join(' ') }}" repo: "deb [{{ repo_options | join(' ') }}] {{ repo_url }} {{ repo_suite }} {{ repo_components | join(' ') }}"
filename: docker filename: "{{ repo_name }}"
mode: "0644" mode: "0644"

4
roles/caddy/handlers/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: reload caddy - name: Reload caddy
systemd: ansible.builtin.systemd:
name: caddy name: caddy
state: reloaded state: reloaded

35
roles/caddy/tasks/main.yml
View File

@@ -1,29 +1,22 @@
--- ---
- name: Install dependencies - name: Add caddy apt repository
apt: ansible.builtin.import_role:
name: name: apt_repository
- debian-keyring vars:
- debian-archive-keyring repo_name: caddy-stable
- apt-transport-https repo_url: https://dl.cloudsmith.io/public/caddy/stable/deb/debian
update_cache: true repo_key_url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
repo_suite: any-version
- name: Add caddy repo signing key repo_components:
apt_key: - main
id: '65760C51EDEA2017CEA2CA15155B6D79CA56EA34'
url: 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key'
- name: Add caddy repo
apt_repository:
repo: "deb https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
filename: 'caddy-stable'
mode: '644'
- name: Install caddy - name: Install caddy
apt: ansible.builtin.apt:
name: caddy name: caddy
- name: Remove default settings from caddyfile - name: Remove default settings from caddyfile
blockinfile: ansible.builtin.blockinfile:
path: /etc/caddy/Caddyfile path: /etc/caddy/Caddyfile
marker: "{mark}" marker: "{mark}"
marker_begin: ':80 {' marker_begin: ':80 {'
@@ -33,7 +26,7 @@
backup: true backup: true
- name: Put caddy general config in place - name: Put caddy general config in place
blockinfile: ansible.builtin.blockinfile:
path: /etc/caddy/Caddyfile path: /etc/caddy/Caddyfile
marker: "# {mark} ANSIBLE MANAGED BLOCK general" marker: "# {mark} ANSIBLE MANAGED BLOCK general"
block: | block: |
@@ -42,4 +35,4 @@
} }
validate: 'caddy validate --config %s --adapter caddyfile' validate: 'caddy validate --config %s --adapter caddyfile'
backup: true backup: true
notify: reload caddy notify: Reload caddy

12
roles/locale/tasks/main.yml
View File

@@ -1,20 +1,20 @@
--- ---
- name: Include variables for {{ ansible_os_family }} family - name: Include variables for os family {{ ansible_os_family }}
include_vars: "{{ ansible_os_family }}.yml" ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
- name: Install locales package - name: Install locales package
package: ansible.builtin.package:
name: "{{ locale_package }}" name: "{{ locale_package }}"
when: locale_package is defined when: locale_package is defined
- name: Generate locales - name: Generate locales
locale_gen: community.general.locale_gen:
name: "{{ item }}" name: "{{ item }}"
loop: "{{ gen_locales }}" loop: "{{ gen_locales }}"
- name: Put default locale config in place - name: Put default locale config in place
template: ansible.builtin.template:
src: locale.j2 src: locale.j2
dest: "{{ locale_config }}" dest: "{{ locale_config }}"
mode: 0644 mode: '0644'

11
roles/packages/tasks/apt.yml
View File

@@ -1,20 +1,21 @@
--- ---
- name: Ensure packages defined in install_packages are installed - name: Ensure packages defined in install_packages are installed
apt: ansible.builtin.apt:
name: "{{ install_packages }}" name: "{{ install_packages }}"
state: present state: present
update_cache: true update_cache: true
- block: - name: Ensure packages defined in backports_packages are installed
when: backports_packages is defined
block:
- name: Enable backports - name: Enable backports
apt_repository: ansible.builtin.apt_repository:
repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main" repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main"
filename: backports filename: backports
- name: Install backports packages - name: Install backports packages
apt: ansible.builtin.apt:
name: "{{ backports_packages }}" name: "{{ backports_packages }}"
state: present state: present
default_release: "{{ ansible_distribution_release }}-backports" default_release: "{{ ansible_distribution_release }}-backports"
when: backports_packages is defined

6
roles/packages/tasks/main.yml
View File

@@ -1,15 +1,15 @@
--- ---
- name: Include tasks for apt as package manager - name: Include tasks for apt as package manager
include_tasks: apt.yml ansible.builtin.include_tasks: apt.yml
when: ansible_pkg_mgr == 'apt' when: ansible_pkg_mgr == 'apt'
- name: Include tasks for other package manager - name: Include tasks for other package manager
include_tasks: other.yml ansible.builtin.include_tasks: other.yml
when: ansible_pkg_mgr != 'apt' when: ansible_pkg_mgr != 'apt'
- name: Ensure packages defined in delete_packages not installed - name: Ensure packages defined in delete_packages not installed
package: ansible.builtin.package:
name: "{{ delete_packages }}" name: "{{ delete_packages }}"
state: absent state: absent
when: delete_packages is defined when: delete_packages is defined

2
roles/packages/tasks/other.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Ensure packages defined in install_packages are installed - name: Ensure packages defined in install_packages are installed
package: ansible.builtin.package:
name: "{{ install_packages }}" name: "{{ install_packages }}"
state: present state: present

4
roles/prometheus_node_exporter/handlers/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: restart prometheus-node-exporter - name: Restart prometheus-node-exporter
systemd: ansible.builtin.systemd:
name: prometheus-node-exporter name: prometheus-node-exporter
state: restarted state: restarted

8
roles/prometheus_node_exporter/tasks/main.yml
View File

@@ -1,12 +1,12 @@
--- ---
- name: Install prometheus node exporter - name: Install prometheus node exporter
apt: ansible.builtin.apt:
name: prometheus-node-exporter name: prometheus-node-exporter
- name: Set prometheus options in /etc/default/prometheus-node-exporter - name: Set prometheus options in /etc/default/prometheus-node-exporter
template: ansible.builtin.template:
src: templates/prometheus-node-exporter.j2 src: templates/prometheus-node-exporter.j2
dest: /etc/default/prometheus-node-exporter dest: /etc/default/prometheus-node-exporter
mode: 0644 mode: '0644'
notify: restart prometheus-node-exporter notify: Restart prometheus-node-exporter

19
roles/reverse_proxy/tasks/main.yml
View File

@@ -1,29 +1,30 @@
--- ---
- name: Deprecation warning - name: Deprecation warning
debug: ansible.builtin.debug:
msg: "uumas.general.reverse_proxy is deprecated. You should switch to uumas.general.vhost with vhost_type: reverse_proxy" msg: "uumas.general.reverse_proxy is deprecated. You should switch to uumas.general.vhost with vhost_type: reverse_proxy"
- block: - name: Legacy proxy_target handling
when: proxy_target is defined and proxy_target_port is not defined
block:
- name: Split legacy proxy_target to protocol and target - name: Split legacy proxy_target to protocol and target
set_fact: ansible.builtin.set_fact:
proxy_target_split_protocol: "{{ proxy_target.split('://') }}" proxy_target_split_protocol: "{{ proxy_target.split('://') }}"
- name: Split target further to host and port - name: Split target further to host and port
set_fact: ansible.builtin.set_fact:
proxy_target_split_host: "{{ (proxy_target_split_protocol | last).split(':') }}" proxy_target_split_host: "{{ (proxy_target_split_protocol | last).split(':') }}"
- name: Set host and port variables - name: Set host and port variables
set_fact: ansible.builtin.set_fact:
proxy_target_host: "{{ proxy_target_split_host[0] }}" proxy_target_host: "{{ proxy_target_split_host[0] }}"
proxy_target_port: "{{ proxy_target_split_host[1] }}" proxy_target_port: "{{ proxy_target_split_host[1] }}"
- name: Set proxy_target_protocol based on proxy_target - name: Set proxy_target_protocol based on proxy_target
set_fact: ansible.builtin.set_fact:
proxy_target_protocol: "{{ proxy_target_split_protocol[0] }}" proxy_target_protocol: "{{ proxy_target_split_protocol[0] }}"
when: proxy_target_split_protocol | length == 2 when: proxy_target_split_protocol | length == 2
when: proxy_target is defined and proxy_target_port is not defined
- name: configure vhost for reverse proxy - name: Configure vhost for reverse proxy
include_role: ansible.builtin.include_role:
name: vhost name: vhost
vars: vars:
vhost_type: reverse_proxy vhost_type: reverse_proxy

4
roles/ssh/handlers/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: restart ssh - name: Restart ssh
systemd: ansible.builtin.systemd:
name: ssh name: ssh
state: restarted state: restarted

4
roles/ssh/tasks/main.yml
View File

@@ -1,13 +1,13 @@
--- ---
- name: Ensure sshd config options set correctly - name: Ensure sshd config options set correctly
lineinfile: ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: "^#?{{ item.key }} .*$" regexp: "^#?{{ item.key }} .*$"
line: "{{ item.key }} {{ item.value }}" line: "{{ item.key }} {{ item.value }}"
state: present state: present
validate: '/usr/sbin/sshd -t -f %s' validate: '/usr/sbin/sshd -t -f %s'
notify: restart ssh notify: Restart ssh
with_dict: with_dict:
PermitRootLogin: 'prohibit-password' PermitRootLogin: 'prohibit-password'
PasswordAuthentication: "{{ 'yes' if sshd_password_auth else 'no' }}" PasswordAuthentication: "{{ 'yes' if sshd_password_auth else 'no' }}"

10
roles/users/tasks/main.yml
View File

@@ -1,11 +1,11 @@
--- ---
- name: Ensure sudo is installed - name: Ensure sudo is installed
package: ansible.builtin.package:
name: sudo name: sudo
- name: Fail if removing the current user - name: Fail if removing the current user
fail: ansible.builtin.fail:
msg: Refusing to delete the user used to run this play msg: Refusing to delete the user used to run this play
when: when:
- item.name == ansible_user_id - item.name == ansible_user_id
@@ -15,7 +15,7 @@
become: false become: false
- name: Ensure users in correct state - name: Ensure users in correct state
user: ansible.builtin.user:
name: "{{ item.name }}" name: "{{ item.name }}"
password: "{{ item.password }}" password: "{{ item.password }}"
shell: "{{ item.shell | default('/bin/bash') }}" shell: "{{ item.shell | default('/bin/bash') }}"
@@ -25,14 +25,14 @@
loop: "{{ users }}" loop: "{{ users }}"
- name: Set ssh authorized keys for users - name: Set ssh authorized keys for users
authorized_key: ansible.posix.authorized_key:
user: "{{ item.name }}" user: "{{ item.name }}"
key: "{{ item.ssh_pubkey }}" key: "{{ item.ssh_pubkey }}"
when: item.state | default('present') == 'present' when: item.state | default('present') == 'present'
loop: "{{ users }}" loop: "{{ users }}"
- name: Disable login as root with ssh key - name: Disable login as root with ssh key
file: ansible.builtin.file:
path: /root/.ssh/authorized_keys path: /root/.ssh/authorized_keys
state: absent state: absent
when: ansible_user | default('') != 'root' when: ansible_user | default('') != 'root'

2
roles/vhost/tasks/caddy.yml
View File

@@ -1,7 +1,7 @@
--- ---
- name: Add caddy vhost config - name: Add caddy vhost config
blockinfile: ansible.builtin.blockinfile:
path: /etc/caddy/Caddyfile path: /etc/caddy/Caddyfile
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ vhost_id }}" marker: "# {mark} ANSIBLE MANAGED BLOCK {{ vhost_id }}"
block: | block: |

10
roles/vhost/tasks/main.yml
View File

@@ -1,7 +1,7 @@
--- ---
- name: Fail if redirect_target is a relative path and redirect_preserve_path is true - name: Fail if redirect_target is a relative path and redirect_preserve_path is true
fail: ansible.builtin.fail:
msg: redirect_target must be an absolute url or absolute path if redirect_preserve_path is true msg: redirect_target must be an absolute url or absolute path if redirect_preserve_path is true
when: when:
- redirect_preserve_path - redirect_preserve_path
@@ -9,17 +9,17 @@
- not redirect_target.startswith('/') - not redirect_target.startswith('/')
- name: Fail if redirect_tartget ends with / and redirect_preserve_path is true - name: Fail if redirect_tartget ends with / and redirect_preserve_path is true
fail: ansible.builtin.fail:
msg: redirect_target must not end with / if redirect_preserve_path is true msg: redirect_target must not end with / if redirect_preserve_path is true
when: when:
- redirect_preserve_path - redirect_preserve_path
- redirect_target.endswith('/') - redirect_target.endswith('/')
- name: Reset vhost_locations_all - name: Reset vhost_locations_all
set_fact: ansible.builtin.set_fact:
vhost_locations_all: [] vhost_locations_all: []
- name: Set vhost_locations_all reverse proxies - name: Set vhost_locations_all reverse proxies
set_fact: ansible.builtin.set_fact:
vhost_locations_all: > vhost_locations_all: >
{{ vhost_locations_all + [{ {{ vhost_locations_all + [{
'path': item.path, 'path': item.path,
@@ -43,5 +43,5 @@
loop: "{{ vhost_locations + [{'path': ''}] }}" loop: "{{ vhost_locations + [{'path': ''}] }}"
- name: "Setup {{ vhost_id + ' vhost on ' + web_server }}" - name: "Setup {{ vhost_id + ' vhost on ' + web_server }}"
include_tasks: "{{ web_server }}.yml" ansible.builtin.include_tasks: "{{ web_server }}.yml"
when: web_server != 'none' when: web_server != 'none'