diff options
Diffstat (limited to 'roles')
54 files changed, 204 insertions, 232 deletions
diff --git a/roles/acme/tasks/main.yml b/roles/acme/tasks/main.yml index 5834cb5..0f55977 100644 --- a/roles/acme/tasks/main.yml +++ b/roles/acme/tasks/main.yml @@ -1,5 +1,5 @@ - name: generate acme-client configuration - template: + ansible.builtin.template: src: acme-client.conf.j2 dest: "{{ acme_configuration_file }}" owner: 0 @@ -7,13 +7,13 @@ mode: 0644 - name: retrieve enabled domains # noqa: no-changed-when - shell: | + ansible.builtin.shell: | set -o pipefail grep "^domain" /etc/acme-client.conf | cut -d " " -f 2 register: subdomains - name: generate acme certificates # noqa: no-changed-when - command: acme-client -v {{ item }} + ansible.builtin.command: acme-client -v {{ item }} loop: "{{ subdomains.stdout_lines }}" register: result failed_when: @@ -21,11 +21,11 @@ - "'certificate valid' not in result.stderr" - name: display registered certificates - debug: + ansible.builtin.debug: var: result - name: enable automatic acme certificates update - cron: + ansible.builtin.cron: name: "automatic acme certificates update for subdomain : {{ item }}" minute: 0 hour: 6,18 diff --git a/roles/cgit/tasks/dependencies.yml b/roles/cgit/tasks/dependencies.yml index c0439e8..9c3623a 100644 --- a/roles/cgit/tasks/dependencies.yml +++ b/roles/cgit/tasks/dependencies.yml @@ -1,11 +1,11 @@ - name: retrieve dependencies for lowdown # noqa: no-changed-when - shell: | + ansible.builtin.shell: | set -o pipefail ldd /usr/local/bin/lowdown | tr -s " " | grep "0 1 0" | cut -d " " -f 7 register: result - name: create dependencies directories in chroot - file: + ansible.builtin.file: path: "{{ cgit_chroot_dir }}{{ item | dirname }}" owner: 0 group: 0 @@ -14,7 +14,7 @@ loop: "{{ result.stdout_lines }}" - name: copy dependencies for lowdown - copy: + ansible.builtin.copy: src: "{{ item }}" dest: "{{ cgit_chroot_dir }}/{{ item }}" mode: preserve @@ -22,7 +22,7 @@ loop: "{{ result.stdout_lines }}" - name: copy utilities in httpd chroot - copy: + ansible.builtin.copy: src: "{{ item }}" dest: "{{ cgit_chroot_dir }}/bin" mode: preserve diff --git a/roles/cgit/tasks/main.yml b/roles/cgit/tasks/main.yml index 4559708..245b34f 100644 --- a/roles/cgit/tasks/main.yml +++ b/roles/cgit/tasks/main.yml @@ -1,12 +1,12 @@ - name: install cgit packages - package: + ansible.builtin.package: name: - cgit - lowdown state: present - name: create cgit cache directory - file: + ansible.builtin.file: path: "{{ cgit_chroot_dir }}/cache/cgit" owner: www group: www @@ -14,25 +14,25 @@ state: directory - name: generate cgit configuration files - template: + ansible.builtin.template: src: "{{ item.template }}" dest: "{{ item.file }}" owner: 0 group: 0 mode: 0644 loop: - - template: cgitrc.j2 + - ansible.builtin.template: cgitrc.j2 file: "{{ cgit_chroot_dir }}/conf/cgitrc" - - template: footer.html.j2 + - ansible.builtin.template: footer.html.j2 file: "{{ cgit_chroot_dir }}/conf/footer.html" - - template: httpd.conf.j2 + - ansible.builtin.template: httpd.conf.j2 file: /etc/httpd.d/cgit.conf - name: include dependencies for lowdown - include_tasks: dependencies.yml + ansible.builtin.include_tasks: dependencies.yml - name: copy about-filter generator - copy: + ansible.builtin.copy: src: about-filter.sh dest: "{{ cgit_chroot_dir }}/bin/about-filter.sh" owner: 0 @@ -40,13 +40,13 @@ mode: 0755 - name: start and enable slowcgi service - service: + ansible.builtin.service: name: slowcgi state: restarted enabled: true - name: httpd password information - debug: + ansible.builtin.debug: msg: | Please provide a password using htpasswd, in "{{ cgit_chroot_dir }}/htpasswd/cgit" diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml index 851287e..193844f 100644 --- a/roles/git/tasks/main.yml +++ b/roles/git/tasks/main.yml @@ -1,15 +1,15 @@ - name: install git package - package: + ansible.builtin.package: name: git state: present - name: create git group - group: + ansible.builtin.group: name: "{{ git_group }}" state: present - name: create git user - user: + ansible.builtin.user: name: "{{ git_user }}" group: "{{ git_group }}" shell: "{{ git_shell }}" @@ -17,7 +17,7 @@ create_home: false - name: create git directories - file: + ansible.builtin.file: path: "{{ item }}" owner: "{{ git_user }}" group: "{{ git_group }}" @@ -28,7 +28,7 @@ - "{{ git_dir }}/git-shell-commands" - name: generate git-shell no-login prompt - template: + ansible.builtin.template: src: no-interactive-login.j2 dest: "{{ git_dir }}/git-shell-commands/no-interactive-login" owner: "{{ git_user }}" @@ -37,7 +37,7 @@ when: not git_allow_ssh_login - name: generate gitconfig - template: + ansible.builtin.template: src: gitconfig.j2 dest: "{{ git_dir }}/.gitconfig" owner: "{{ git_user }}" @@ -45,6 +45,6 @@ mode: 0644 - name: include ssh key synchronization - include_role: + ansible.builtin.include_role: name: sshd tasks_from: synchronize_keys.yml diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index 7c1a19c..ac27e40 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -1,10 +1,10 @@ - name: install grafana - package: + ansible.builtin.package: name: grafana state: present - name: create grafana directory - file: + ansible.builtin.file: path: "{{ grafana_dir }}/{{ item }}" owner: "{{ grafana_user }}" group: "{{ grafana_group }}" @@ -17,7 +17,7 @@ - plugins - name: generate grafana configuration - template: + ansible.builtin.template: src: grafana.ini.j2 dest: "{{ grafana_configuration_file }}" owner: 0 @@ -25,7 +25,7 @@ mode: 0644 - name: generate grafana data sources - template: + ansible.builtin.template: src: datasources-default.yml.j2 dest: /etc/grafana/provisioning/datasources/default.yml owner: "{{ grafana_user }}" @@ -33,7 +33,7 @@ mode: 0640 - name: start and enable grafana service - service: + ansible.builtin.service: name: grafana state: restarted enabled: true diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index a272afa..348ea52 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -1,11 +1,11 @@ - name: retrieve all configuration files - find: + ansible.builtin.find: path: "{{ httpd_configuration_dir }}" patterns: "*.conf" register: configuration_files - name: generate httpd configuration - template: + ansible.builtin.template: src: httpd.conf.j2 dest: "{{ httpd_configuration_file }}" owner: 0 @@ -13,7 +13,7 @@ mode: 0644 - name: enable and restart httpd - service: + ansible.builtin.service: name: httpd state: restarted enabled: true diff --git a/roles/httpd_pre/tasks/main.yml b/roles/httpd_pre/tasks/main.yml index 0209a84..46475d2 100644 --- a/roles/httpd_pre/tasks/main.yml +++ b/roles/httpd_pre/tasks/main.yml @@ -1,5 +1,5 @@ - name: create httpd directory - file: + ansible.builtin.file: path: /etc/httpd.d state: directory owner: 0 @@ -7,7 +7,7 @@ mode: 0644 - name: create htpasswd directory - file: + ansible.builtin.file: path: /var/www/htpasswd state: directory owner: "www" @@ -15,7 +15,7 @@ mode: 0700 - name: mount nfs in chroot - include_role: + ansible.builtin.include_role: name: nfsclient vars: nfsclient_dir: "{{ httpd_chroot }}/data" diff --git a/roles/httpd_site_healthcheck/tasks/main.yml b/roles/httpd_site_healthcheck/tasks/main.yml index 10cd3c8..4834e2d 100644 --- a/roles/httpd_site_healthcheck/tasks/main.yml +++ b/roles/httpd_site_healthcheck/tasks/main.yml @@ -1,5 +1,5 @@ - name: create httpd healthcheck directory - file: + ansible.builtin.file: path: "{{ httpd_chroot }}/htdocs/healthcheck" owner: "{{ httpd_user }}" group: "{{ httpd_group }}" @@ -7,7 +7,7 @@ state: directory - name: generate generate httpd healthcheck html index - template: + ansible.builtin.template: src: index.html.j2 dest: "{{ httpd_chroot }}/htdocs/healthcheck/index.html" owner: "{{ httpd_user }}" @@ -15,7 +15,7 @@ mode: 0440 - name: generate httpd healthcheck configuration - template: + ansible.builtin.template: src: httpd.conf.j2 dest: "{{ httpd_configuration_dir }}/healthcheck.conf" owner: 0 diff --git a/roles/loki/tasks/main.yml b/roles/loki/tasks/main.yml index 4584da1..7315f18 100644 --- a/roles/loki/tasks/main.yml +++ b/roles/loki/tasks/main.yml @@ -1,10 +1,10 @@ - name: install loki - package: + ansible.builtin.package: name: loki state: present - name: generate loki configuration - template: &config_gen + ansible.builtin.template: &config_gen src: loki.yml.j2 dest: "{{ loki_configuration_file }}" owner: 0 @@ -12,13 +12,13 @@ mode: 0644 - name: generate promtail configuration - template: + ansible.builtin.template: <<: *config_gen src: promtail.yml.j2 dest: "{{ loki_promtail_configuration_file }}" - name: add loki user to wheel group - user: + ansible.builtin.user: name: "{{ loki_user }}" groups: - 0 @@ -26,7 +26,7 @@ append: true - name: enable and restart loki daemons - service: + ansible.builtin.service: name: "{{ item }}" state: restarted enabled: true diff --git a/roles/miniflux/tasks/main.yml b/roles/miniflux/tasks/main.yml index 3964835..39cf807 100644 --- a/roles/miniflux/tasks/main.yml +++ b/roles/miniflux/tasks/main.yml @@ -1,47 +1,47 @@ - name: install miniflux - package: + ansible.builtin.package: name: miniflux state: present - name: include postgres user - include_role: + ansible.builtin.include_role: name: postgres tasks_from: create_user vars: postgres_db_user: "{{ miniflux_db_user }}" - name: include postgres db - include_role: + ansible.builtin.include_role: name: postgres tasks_from: create_db vars: postgres_db_user: "{{ miniflux_db_user }}" - postgres_db_name: "{{ miniflux_db_name}}{{ item }}" + postgres_db_name: "{{ miniflux_db_name }}{{ item }}" loop: - "" - 2 -- name: enable hstore extension for postgres - command: psql -U postgres miniflux -c "create extension hstore" +- name: enable hstore extension for postgres # noqa: no-changed-when + ansible.builtin.command: > + psql -U postgres miniflux -c "create extension hstore" register: result failed_when: result.rc != 0 and "already exists" not in result.stderr - name: generate configuration - template: + ansible.builtin.template: src: miniflux.conf.j2 dest: /etc/miniflux.conf owner: "{{ miniflux_user }}" - owner: "{{ miniflux_group }}" mode: 0640 -- name: run postgres migrations - shell: | +- name: run postgres migrations # noqa: no-changed-when + ansible.builtin.shell: | psql -U postgres -c "ALTER USER miniflux WITH SUPERUSER" miniflux -c /etc/miniflux.conf -migrate psql -U postgres -c "ALTER USER miniflux WITH NOSUPERUSER" - name: restart and enable miniflux - service: + ansible.builtin.service: name: miniflux state: restarted enabled: true diff --git a/roles/nfsclient/handlers/main.yml b/roles/nfsclient/handlers/main.yml index e6bc07e..ec156ea 100644 --- a/roles/nfsclient/handlers/main.yml +++ b/roles/nfsclient/handlers/main.yml @@ -1,3 +1,3 @@ - name: reload fstab # noqa: command-instead-of-module ignore-errors - command: mount -a + ansible.builtin.command: mount -a ignore_errors: true diff --git a/roles/nfsclient/tasks/main.yml b/roles/nfsclient/tasks/main.yml index 0c1f75e..205a7fa 100644 --- a/roles/nfsclient/tasks/main.yml +++ b/roles/nfsclient/tasks/main.yml @@ -1,14 +1,14 @@ - name: translate server string to server dict - set_fact: + ansible.builtin.set_fact: nfsclient_server_ip: "{{ hostvars[nfsclient_server].__ip.external }}" when: not nfsclient_server_ip -- name: include distribution specific prerequisites - include_tasks: "os_{{ ansible_distribution | lower }}.yml" +- name: include distribution specific prerequisites # noqa: ignore-errors + ansible.builtin.include_tasks: "os_{{ ansible_distribution | lower }}.yml" ignore_errors: true - name: create directory on client - file: + ansible.builtin.file: path: "{{ nfsclient_dir }}" owner: 0 group: 0 @@ -16,14 +16,14 @@ state: directory - name: cleanup fstab with previous nfs setup - lineinfile: + ansible.builtin.lineinfile: path: "{{ nfsclient_fstab_path }}" regexp: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:/.* {{ nfsclient_dir }} nfs state: absent register: result - name: complete fstab with nfs - lineinfile: + ansible.builtin.lineinfile: path: "{{ nfsclient_fstab_path }}" line: "{{ nfsclient_server_ip }}:{{ nfsclient_server_dir }}/{{ inventory_hostname }} {{ nfsclient_dir }} nfs rw,nodev,nosuid 0 0" notify: reload fstab diff --git a/roles/nfsclient/tasks/os_alpine.yml b/roles/nfsclient/tasks/os_alpine.yml index 62d8f70..73aebe8 100644 --- a/roles/nfsclient/tasks/os_alpine.yml +++ b/roles/nfsclient/tasks/os_alpine.yml @@ -1,10 +1,10 @@ - name: install nfs-utils - package: + ansible.builtin.package: name: nfs-utils state: present - name: restart and enable nfsmount - service: + ansible.builtin.service: name: nfsmount state: restarted enabled: true diff --git a/roles/nfsd/tasks/main.yml b/roles/nfsd/tasks/main.yml index a8cabcf..ca562d8 100644 --- a/roles/nfsd/tasks/main.yml +++ b/roles/nfsd/tasks/main.yml @@ -1,5 +1,5 @@ - name: create nfsd data directory - file: + ansible.builtin.file: path: "{{ nfsd_dir }}" owner: 0 group: 0 @@ -7,7 +7,7 @@ state: directory - name: create hosts directories - file: + ansible.builtin.file: path: "{{ nfsd_dir }}/{{ item }}" owner: 0 group: 0 @@ -16,7 +16,7 @@ loop: "{{ nfsd_shared_dirs }}" - name: generate nfsd configuration - template: + ansible.builtin.template: src: exports.j2 dest: /etc/exports owner: 0 @@ -25,19 +25,19 @@ register: result - name: enable and restart portmap - service: &enable_and_restart + ansible.builtin.service: &enable_and_restart name: portmap state: restarted enabled: true - name: enable and reload/restart mountd - service: + ansible.builtin.service: <<: *enable_and_restart name: mountd state: reloaded - name: enable and restart nfsd - service: + ansible.builtin.service: <<: *enable_and_restart name: nfsd state: restarted diff --git a/roles/nfsd/tasks/os_freebsd.yml b/roles/nfsd/tasks/os_freebsd.yml index 2a8a8cd..d1601c8 100644 --- a/roles/nfsd/tasks/os_freebsd.yml +++ b/roles/nfsd/tasks/os_freebsd.yml @@ -1,5 +1,5 @@ - name: edit daemons flags - lineinfile: + ansible.builtin.lineinfile: path: /etc/rc.conf regexp: "^{{ item[0] }}=" line: "{{ item[0] }}=\"{{ item[1] }}\"" @@ -9,7 +9,7 @@ - ["mountd_flags", "-r"] - name: enable and restart rpcbind - service: + ansible.builtin.service: name: rpcbind state: restarted enabled: true diff --git a/roles/pf/handlers/main.yml b/roles/pf/handlers/main.yml index 5d75a1a..8e49812 100644 --- a/roles/pf/handlers/main.yml +++ b/roles/pf/handlers/main.yml @@ -1,12 +1,12 @@ - name: lint pf configuration - command: "pfctl -nf {{ pf_configuration_file }}" + ansible.builtin.command: "pfctl -nf {{ pf_configuration_file }}" - name: enable pf - command: pfctl -e + ansible.builtin.command: pfctl -e register: result failed_when: - result.rc != 0 - "'already enabled' not in result.stderr" - name: restart pf - command: pfctl -f "{{ pf_configuration_file }}" + ansible.builtin.command: pfctl -f "{{ pf_configuration_file }}" diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml index e5b8af8..eb6f078 100644 --- a/roles/pf/tasks/main.yml +++ b/roles/pf/tasks/main.yml @@ -1,5 +1,5 @@ - name: generate pf configuration - template: + ansible.builtin.template: src: pf.conf.j2 dest: "{{ pf_configuration_file }}" owner: 0 @@ -11,7 +11,7 @@ - restart pf - name: test ssh connection on new pf rule - wait_for: + ansible.builtin.wait_for: port: "{{ ansible_port }}" delay: 2 state: started diff --git a/roles/postgres/tasks/create_db.yml b/roles/postgres/tasks/create_db.yml index 7a4fe6e..5f8db70 100644 --- a/roles/postgres/tasks/create_db.yml +++ b/roles/postgres/tasks/create_db.yml @@ -1,4 +1,4 @@ - name: create database # noqa: no-changed-when - command: createdb -U postgres -O "{{ postgres_db_user }}" "{{ postgres_db_name }}" + ansible.builtin.command: createdb -U postgres -O "{{ postgres_db_user }}" "{{ postgres_db_name }}" register: result failed_when: result.rc != 0 and "already exists" not in result.stderr diff --git a/roles/postgres/tasks/create_user.yml b/roles/postgres/tasks/create_user.yml index 4716939..483e507 100644 --- a/roles/postgres/tasks/create_user.yml +++ b/roles/postgres/tasks/create_user.yml @@ -1,4 +1,4 @@ - name: create database user # noqa: no-changed-when - command: createuser -U postgres "{{ postgres_db_user }}" + ansible.builtin.command: createuser -U postgres "{{ postgres_db_user }}" register: result failed_when: result.rc != 0 and "already exists" not in result.stderr diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml index a203574..8046d40 100644 --- a/roles/postgres/tasks/main.yml +++ b/roles/postgres/tasks/main.yml @@ -1,12 +1,12 @@ - name: install postgres - package: + ansible.builtin.package: name: - postgresql-server - postgresql-contrib state: present - name: create postgres directories - file: + ansible.builtin.file: path: "{{ postgres_dir }}/{{ item }}" owner: "{{ postgres_user }}" group: "{{ postgres_group }}" @@ -17,13 +17,13 @@ - "data" - name: delete default data dir if exists - file: + ansible.builtin.file: path: "{{ postgres_default_dir }}" state: absent when: postgres_dir != "/var/postgresql" - name: link postgres directory to default one - file: + ansible.builtin.file: src: "{{ postgres_dir }}" dest: "{{ postgres_default_dir }}" owner: "{{ postgres_user }}" @@ -34,7 +34,7 @@ when: postgres_dir != "/var/postgresql" - name: init postgres database # noqa: no-changed-when - shell: + ansible.builtin.shell: cmd: | su "{{ postgres_user }}" \ -c 'initdb -D "{{ postgres_dir }}/data/" -U "{{ postgres_db_user }}" --encoding=UTF-8 --locale=en_US.UTF-8' @@ -45,7 +45,7 @@ - "'exists but is not empty' not in result.stderr" - name: enable and restart postgres service - service: + ansible.builtin.service: name: postgresql state: restarted enabled: true diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 5d5c1f3..900157f 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -1,12 +1,12 @@ - name: install prometheus - package: + ansible.builtin.package: name: - prometheus - node_exporter state: present - name: generate prometheus configuration - template: + ansible.builtin.template: src: prometheus.conf.j2 dest: "{{ prometheus_configuration_file }}" owner: 0 @@ -14,7 +14,7 @@ mode: 0644 - name: enable and restart prometheus services - service: + ansible.builtin.service: name: "{{ item }}" state: restarted enabled: true diff --git a/roles/rc/tasks/main.yml b/roles/rc/tasks/main.yml index c691aae..f45e373 100644 --- a/roles/rc/tasks/main.yml +++ b/roles/rc/tasks/main.yml @@ -1,14 +1,14 @@ - name: check required variables - fail: + ansible.builtin.fail: when: > rc_name is none or rc_user is none - name: include rc task per-system - include_vars: "os_{{ ansible_distribution | lower }}.yml" + ansible.builtin.include_vars: "os_{{ ansible_distribution | lower }}.yml" - name: generate rc script for desired service - template: + ansible.builtin.template: src: "os_{{ ansible_distribution | lower }}.j2" dest: "{{ rc_dir }}/{{ rc_name }}" owner: 0 diff --git a/roles/relayd/handlers/main.yml b/roles/relayd/handlers/main.yml index 82be0a8..5bc6b49 100644 --- a/roles/relayd/handlers/main.yml +++ b/roles/relayd/handlers/main.yml @@ -1,2 +1,2 @@ - name: lint relayd configuration - command: "relayd -nf {{ relayd_configuration_file }}" + ansible.builtin.command: "relayd -nf {{ relayd_configuration_file }}" diff --git a/roles/relayd/tasks/main.yml b/roles/relayd/tasks/main.yml index 3af5756..0396789 100644 --- a/roles/relayd/tasks/main.yml +++ b/roles/relayd/tasks/main.yml @@ -1,5 +1,5 @@ - name: generate relayd configuration - template: + ansible.builtin.template: src: relayd.conf.j2 dest: "{{ relayd_configuration_file }}" owner: 0 @@ -8,7 +8,7 @@ notify: lint relayd configuration - name: enable and restart relayd - service: + ansible.builtin.service: name: relayd state: restarted enabled: true diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index f1af386..d9d14ff 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -1,5 +1,5 @@ - name: generate sshd configuration - template: + ansible.builtin.template: src: sshd_config.j2 dest: /etc/ssh/sshd_config owner: 0 @@ -7,16 +7,16 @@ mode: 0644 - name: include key synchronization tasks - include_tasks: synchronize_keys.yml + ansible.builtin.include_tasks: synchronize_keys.yml - name: enable and restart sshd - service: + ansible.builtin.service: name: sshd state: restarted enabled: true - name: check ssh connection - wait_for: + ansible.builtin.wait_for: port: "{{ ansible_port }}" delay: 1 state: started diff --git a/roles/sshd/tasks/synchronize_keys.yml b/roles/sshd/tasks/synchronize_keys.yml index 722fdfa..16c437c 100644 --- a/roles/sshd/tasks/synchronize_keys.yml +++ b/roles/sshd/tasks/synchronize_keys.yml @@ -1,5 +1,5 @@ - name: get ssh keys for all users - find: + ansible.builtin.find: paths: files/keys file_type: link recurse: true @@ -8,7 +8,7 @@ register: result - name: synchronize ssh keys - authorized_key: + ansible.posix.authorized_key: user: "{{ item.path | dirname | basename }}" state: present key: "{{ lookup('file', item.path) }}" diff --git a/roles/vmm/.travis.yml b/roles/vmm/.travis.yml deleted file mode 100644 index 36bbf62..0000000 --- a/roles/vmm/.travis.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -language: python -python: "2.7" - -# Use the new container infrastructure -sudo: false - -# Install ansible -addons: - apt: - packages: - - python-pip - -install: - # Install ansible - - pip install ansible - - # Check ansible version - - ansible --version - - # Create ansible.cfg with correct roles_path - - printf '[defaults]\nroles_path=../' >ansible.cfg - -script: - # Basic role syntax check - - ansible-playbook tests/test.yml -i tests/inventory --syntax-check - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file diff --git a/roles/vmm/handlers/main.yml b/roles/vmm/handlers/main.yml index e1ce00c..a867c66 100644 --- a/roles/vmm/handlers/main.yml +++ b/roles/vmm/handlers/main.yml @@ -1,2 +1,2 @@ - name: lint vmm configuration - command: "vmd -nf {{ vmm_configuration_file }}" + ansible.builtin.command: "vmd -nf {{ vmm_configuration_file }}" diff --git a/roles/vmm/tasks/autoinstall_configuration.yml b/roles/vmm/tasks/autoinstall_configuration.yml index 1f8cf07..4eccb93 100644 --- a/roles/vmm/tasks/autoinstall_configuration.yml +++ b/roles/vmm/tasks/autoinstall_configuration.yml @@ -1,8 +1,8 @@ - name: include httpd role variables - include_vars: "{{ inventory_dir }}/roles/httpd/defaults/main.yml" + ansible.builtin.include_vars: "{{ inventory_dir }}/roles/httpd/defaults/main.yml" - name: create autoinstall directory - file: + ansible.builtin.file: path: "{{ vmm_autoinstall_dir }}" owner: www group: www @@ -10,7 +10,7 @@ state: directory - name: generate autoinstall configurations - template: &generation_steps + ansible.builtin.template: &generation_steps src: autoinstall.conf.j2 dest: "{{ vmm_autoinstall_dir }}/{{ item.lladdr }}-install.conf" owner: www @@ -20,14 +20,14 @@ loop: "{{ vmm_vms }}" - name: generate autoupgrade configurations - template: + ansible.builtin.template: <<: *generation_steps dest: "{{ vmm_autoinstall_dir }}/{{ item.lladdr }}-upgrade.conf" when: item.image == "openbsd" loop: "{{ vmm_vms }}" - name: generate disklabel configurations - template: + ansible.builtin.template: <<: *generation_steps src: disklabel.j2 dest: "{{ vmm_autoinstall_dir }}/{{ item.lladdr }}-disklabel.conf" @@ -35,7 +35,7 @@ loop: "{{ vmm_vms }}" - name: generate httpd configuration - template: + ansible.builtin.template: <<: *generation_steps src: httpd.conf.j2 dest: "{{ httpd_configuration_dir }}/autoinstall.conf" @@ -43,7 +43,7 @@ group: 0 - name: link openbsd vm kernel to host kernel - file: + ansible.builtin.file: src: /bsd.sp dest: "{{ vmm_image_openbsd_kernel_prefix }}.{{ item.name }}" owner: 0 diff --git a/roles/vmm/tasks/disk.yml b/roles/vmm/tasks/disk.yml index 95427c6..01fdc48 100644 --- a/roles/vmm/tasks/disk.yml +++ b/roles/vmm/tasks/disk.yml @@ -1,5 +1,5 @@ - name: create disks - command: + ansible.builtin.command: cmd: vmctl create -s "{{ item.size }}" "{{ item.name }}.{{ vmm_disk_format }}" chdir: "{{ vmm_disk_dir }}" loop: "{{ vmm_vms }}" @@ -10,13 +10,13 @@ - "'File exists' not in result.stderr" - name: retrieve existing disks - find: + ansible.builtin.find: path: "{{ vmm_disk_dir }}" patterns: "*.{{ vmm_disk_format }}" register: result - name: append disks informations to vms facts - set_fact: + ansible.builtin.set_fact: vmm_vms_tmp: > {{ vmm_vms_tmp | default([]) + [ item | combine({ "disk": result.files @@ -25,5 +25,5 @@ loop: "{{ vmm_vms }}" - name: save variables - set_fact: + ansible.builtin.set_fact: vmm_vms: "{{ vmm_vms_tmp }}" diff --git a/roles/vmm/tasks/facts.yml b/roles/vmm/tasks/facts.yml index 8362afb..c3ae20c 100644 --- a/roles/vmm/tasks/facts.yml +++ b/roles/vmm/tasks/facts.yml @@ -1,5 +1,5 @@ - name: generate lladdr variable for virtual machines - set_fact: + ansible.builtin.set_fact: vmm_vms_tmp: > {{ vmm_vms_tmp | default([]) + [ item | combine({ "lladdr": item.name @@ -11,5 +11,5 @@ loop: "{{ vmm_vms }}" - name: save variables - set_fact: + ansible.builtin.set_fact: vmm_vms: "{{ vmm_vms_tmp }}" diff --git a/roles/vmm/tasks/iso.yml b/roles/vmm/tasks/iso.yml index 0811ac1..320e7ca 100644 --- a/roles/vmm/tasks/iso.yml +++ b/roles/vmm/tasks/iso.yml @@ -1,7 +1,8 @@ - name: download latest iso files - get_url: + ansible.builtin.get_url: url: "{{ item.url }}" dest: "{{ vmm_iso_dir }}/{{ item.name }}-latest.iso" checksum: "{{ item.checksum }}" + mode: 0644 tags: task_iso loop: "{{ vmm_iso }}" diff --git a/roles/vmm/tasks/main.yml b/roles/vmm/tasks/main.yml index bb0d501..7e1359e 100644 --- a/roles/vmm/tasks/main.yml +++ b/roles/vmm/tasks/main.yml @@ -1,5 +1,5 @@ - name: create vmm directories - file: + ansible.builtin.file: path: "{{ item }}" owner: 0 group: 0 @@ -11,26 +11,26 @@ - "{{ vmm_disk_dir }}" - name: include facts generation - include_tasks: facts.yml + ansible.builtin.include_tasks: facts.yml - name: include autoinstall generation - include_tasks: autoinstall_configuration.yml + ansible.builtin.include_tasks: autoinstall_configuration.yml tags: task_autoinstall_configuration - name: include iso management - include_tasks: iso.yml + ansible.builtin.include_tasks: iso.yml tags: task_iso - name: include disk management - include_tasks: disk.yml + ansible.builtin.include_tasks: disk.yml tags: task_disk - name: include network management - include_tasks: network.yml + ansible.builtin.include_tasks: network.yml tags: task_network - name: generate vmm configuration - template: + ansible.builtin.template: src: vm.conf.j2 dest: "{{ vmm_configuration_file }}" owner: 0 @@ -40,7 +40,7 @@ - lint vmm configuration - name: restart and enable vmd - service: + ansible.builtin.service: name: vmd state: restarted enabled: true diff --git a/roles/vmm/tasks/network.yml b/roles/vmm/tasks/network.yml index 9886e59..82f3597 100644 --- a/roles/vmm/tasks/network.yml +++ b/roles/vmm/tasks/network.yml @@ -1,11 +1,11 @@ - name: start ip forwarding - command: sysctl net.inet.ip{{ item }}.forwarding=1 + ansible.builtin.command: sysctl net.inet.ip{{ item }}.forwarding=1 loop: "{{ vmm_network_forwarded_ips }}" register: result changed_when: item ~ "->" ~ item not in result.stdout_lines - name: enable ip forwarding - lineinfile: + ansible.builtin.lineinfile: path: /etc/sysctl.conf regexp: "^net.inet.ip{{ item }}.forwarding=" line: "net.inet.ip{{ item }}.forwarding=1" @@ -16,7 +16,7 @@ loop: "{{ vmm_network_forwarded_ips }}" - name: create network switch - lineinfile: + ansible.builtin.lineinfile: path: "/etc/hostname.{{ vmm_network_switch.interface }}" regexp: &network_line "add {{ ansible_default_ipv4.interface }}" line: *network_line @@ -26,4 +26,4 @@ create: true - name: start network switch # noqa: no-changed-when - command: "sh /etc/netstart {{ vmm_network_switch.interface }}" + ansible.builtin.command: "sh /etc/netstart {{ vmm_network_switch.interface }}" diff --git a/roles/wireguard/tasks/configuration.yml b/roles/wireguard/tasks/configuration.yml index efb8008..6925e2a 100644 --- a/roles/wireguard/tasks/configuration.yml +++ b/roles/wireguard/tasks/configuration.yml @@ -1,5 +1,5 @@ - name: generate wireguard configuration - template: + ansible.builtin.template: src: wireguard.conf.j2 dest: "{{ wireguard_local_dir }}/{{ item }}.conf" mode: 0600 @@ -10,7 +10,7 @@ loop: "{{ groups.all }}" - name: copy wireguard configuration - copy: + ansible.builtin.copy: src: "{{ wireguard_local_dir }}/{{ wireguard_local_configuration }}" dest: "{{ wireguard_dir }}/{{ wireguard_domain_controller }}.conf" owner: 0 diff --git a/roles/wireguard/tasks/keys.yml b/roles/wireguard/tasks/keys.yml index 7a89010..128d943 100644 --- a/roles/wireguard/tasks/keys.yml +++ b/roles/wireguard/tasks/keys.yml @@ -1,5 +1,5 @@ - name: generate hosts keys - shell: | + ansible.builtin.shell: | set -o pipefail ls "{{ wireguard_local_dir }}/{{ item }}.keys" && exit 0 umask 077 diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index d1ff496..d780186 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -1,5 +1,5 @@ - name: create local wireguard directory - file: + ansible.builtin.file: path: "{{ wireguard_local_dir }}" state: directory mode: 0700 @@ -7,7 +7,7 @@ delegate_to: localhost - name: create wireguard directory - file: + ansible.builtin.file: path: "{{ wireguard_dir }}" owner: 0 group: 0 @@ -15,22 +15,22 @@ state: directory - name: include key generation - include_tasks: keys.yml + ansible.builtin.include_tasks: keys.yml - name: include configuration generation - include_tasks: configuration.yml + ansible.builtin.include_tasks: configuration.yml - name: install wireguard on remote host - package: + ansible.builtin.package: name: wireguard-tools state: present - name: include service configuration for hosts - include_tasks: service.yml + ansible.builtin.include_tasks: service.yml when: inventory_hostname == wireguard_domain_controller - name: include service configuration for server - include_tasks: "{{ task }}" + ansible.builtin.include_tasks: "{{ task }}" when: inventory_hostname != wireguard_domain_controller loop_control: loop_var: task diff --git a/roles/wireguard/tasks/service.yml b/roles/wireguard/tasks/service.yml index 37f3cec..c9e7f60 100644 --- a/roles/wireguard/tasks/service.yml +++ b/roles/wireguard/tasks/service.yml @@ -1,16 +1,15 @@ - name: enable wireguard interface for OpenBSD - lineinfile: + ansible.builtin.lineinfile: path: /etc/rc.local regexp: "^/usr/local/bin/wg-quick up {{ wireguard_domain_controller }}$" line: "/usr/local/bin/wg-quick up {{ wireguard_domain_controller }}" owner: 0 - owner: 0 create: true mode: 0644 when: ansible_distribution == "OpenBSD" - name: restart wireguard interface - raw: | + ansible.builtin.raw: | wg-quick down {{ wireguard_domain_controller }} sleep {{ 10 | random(start=1) }} wg-quick up {{ wireguard_domain_controller }} @@ -18,5 +17,5 @@ register: result - name: show wireguard output - debug: + ansible.builtin.debug: var: result diff --git a/roles/workstation/tasks/cronie.yml b/roles/workstation/tasks/cronie.yml index 1ac0042..faa1095 100644 --- a/roles/workstation/tasks/cronie.yml +++ b/roles/workstation/tasks/cronie.yml @@ -1,10 +1,10 @@ - name: install cronie - package: + ansible.builtin.package: name: cronie state: present - name: enable and restart cronie - service: + ansible.builtin.service: name: cronie state: restarted enabled: true diff --git a/roles/workstation/tasks/doas.yml b/roles/workstation/tasks/doas.yml index bc72d7f..e47fa35 100644 --- a/roles/workstation/tasks/doas.yml +++ b/roles/workstation/tasks/doas.yml @@ -1,5 +1,5 @@ - name: generate doas configuration - lineinfile: + ansible.builtin.lineinfile: path: /etc/doas.conf regexp: "^permit persist keepenv {{ workstation_user }} as root" line: "permit persist keepenv {{ workstation_user }} as root" @@ -9,7 +9,7 @@ group: 0 - name: allow reboot/shutdown/hibernate with doas - lineinfile: + ansible.builtin.lineinfile: path: /etc/doas.conf regexp: "^permit nopass {{ workstation_user }} as root cmd {{ item }}" line: "permit nopass {{ workstation_user }} as root cmd {{ item }}" @@ -21,12 +21,12 @@ - zzz - name: check sudo binary path # noqa no-changed-when - command: command -v sudo + ansible.builtin.command: command -v sudo register: result failed_when: false - name: uninstall sudo binary - package: + ansible.builtin.package: name: sudo state: absent when: result.rc == 0 diff --git a/roles/workstation/tasks/dockerd.yml b/roles/workstation/tasks/dockerd.yml index df85dd5..c0dfd33 100644 --- a/roles/workstation/tasks/dockerd.yml +++ b/roles/workstation/tasks/dockerd.yml @@ -1,18 +1,18 @@ - name: install docker - package: + ansible.builtin.package: name: - - docker - - docker-compose + - docker + - docker-compose state: present - name: append current user to docker group - user: + ansible.builtin.user: name: "{{ workstation_user }}" groups: "{{ workstation_docker_group }}" append: true - name: create docker directory - file: + ansible.builtin.file: path: /etc/docker state: directory owner: 0 @@ -20,7 +20,7 @@ mode: 0755 - name: configure default network for docker containers - template: + ansible.builtin.template: src: docker-daemon.json.j2 dest: /etc/docker/daemon.json owner: 0 diff --git a/roles/workstation/tasks/hosts.yml b/roles/workstation/tasks/hosts.yml index bcc67c6..7cc261a 100644 --- a/roles/workstation/tasks/hosts.yml +++ b/roles/workstation/tasks/hosts.yml @@ -1,5 +1,5 @@ - name: retrieve hosts file - get_url: + ansible.builtin.get_url: url: "{{ workstation_hosts_url }}" dest: "{{ workstation_hosts_file }}" mode: '0644' diff --git a/roles/workstation/tasks/libvirt.yml b/roles/workstation/tasks/libvirt.yml index ef9e85b..554f800 100644 --- a/roles/workstation/tasks/libvirt.yml +++ b/roles/workstation/tasks/libvirt.yml @@ -1,9 +1,9 @@ - name: install iptables-nft - shell: yes | pacman --noprogressbar --needed --sync iptables-nft + ansible.builtin.shell: yes | pacman --noprogressbar --needed --sync iptables-nft when: ansible_distribution == "Archlinux" - name: install libvirt - package: + ansible.builtin.package: name: - cdrtools - dnsmasq @@ -12,7 +12,7 @@ state: present - name: append current user to virt groups - user: + ansible.builtin.user: name: "{{ workstation_user }}" groups: "{{ item }}" append: true diff --git a/roles/workstation/tasks/main.yml b/roles/workstation/tasks/main.yml index ea772d6..1c4c463 100644 --- a/roles/workstation/tasks/main.yml +++ b/roles/workstation/tasks/main.yml @@ -1,23 +1,23 @@ - name: include specific distribution variables - include_vars: "os_{{ ansible_distribution | lower }}.yml" + ansible.builtin.include_vars: "os_{{ ansible_distribution | lower }}.yml" - name: include packages - include_tasks: pkgs.yml + ansible.builtin.include_tasks: pkgs.yml - name: include operating system setup - include_tasks: "os_{{ ansible_distribution | lower }}.yml" + ansible.builtin.include_tasks: "os_{{ ansible_distribution | lower }}.yml" - name: include shell setup - include_tasks: shell.yml + ansible.builtin.include_tasks: shell.yml - name: include doas setup - include_tasks: doas.yml + ansible.builtin.include_tasks: doas.yml - name: include smartcard setup - include_tasks: smartcard.yml + ansible.builtin.include_tasks: smartcard.yml - name: include ssh setup - include_tasks: + ansible.builtin.include_tasks: file: ssh.yml args: apply: @@ -25,5 +25,5 @@ become_user: "{{ workstation_user }}" - name: include hosts setup - include_tasks: + ansible.builtin.include_tasks: file: hosts.yml diff --git a/roles/workstation/tasks/os_archlinux.yml b/roles/workstation/tasks/os_archlinux.yml index 488004c..f45433a 100644 --- a/roles/workstation/tasks/os_archlinux.yml +++ b/roles/workstation/tasks/os_archlinux.yml @@ -1,31 +1,31 @@ - name: include battery optimization - include_tasks: tlp.yml + ansible.builtin.include_tasks: tlp.yml when: ansible_form_factor in ["Laptop", "Notebook"] - name: include cronie setup - include_tasks: cronie.yml + ansible.builtin.include_tasks: cronie.yml - name: include virtualization setup - include_tasks: libvirt.yml + ansible.builtin.include_tasks: libvirt.yml - name: include dockerd setup - include_tasks: dockerd.yml + ansible.builtin.include_tasks: dockerd.yml - name: include pipewire - include_tasks: pipewire.yml + ansible.builtin.include_tasks: pipewire.yml - name: retrieve installed packages - package_facts: + ansible.builtin.package_facts: register: package_facts - name: include yay - include_tasks: yay.yml + ansible.builtin.include_tasks: yay.yml when: - "'yay' not in package_facts.ansible_facts.packages" - "'yay-bin' not in package_facts.ansible_facts.packages" - name: append current user to system groups - user: + ansible.builtin.user: name: "{{ workstation_user }}" groups: "{{ item }}" append: true diff --git a/roles/workstation/tasks/os_openbsd.yml b/roles/workstation/tasks/os_openbsd.yml index d007263..21f3bb1 100644 --- a/roles/workstation/tasks/os_openbsd.yml +++ b/roles/workstation/tasks/os_openbsd.yml @@ -1,5 +1,5 @@ - name: ensure wsconsctl config file exists - file: + ansible.builtin.file: path: /etc/wsconsctl.conf state: touch owner: 0 @@ -7,7 +7,7 @@ mode: 0644 - name: append configuration to wsconsctl - lineinfile: + ansible.builtin.lineinfile: path: /etc/wsconsctl.conf regexp: "^{{ item[0] }}" line: "{{ item[0] }}={{ item[1] }}" @@ -23,7 +23,7 @@ - [mouse.tp.tapping, 1] - name: ensure Xorg subdirectory for configuration exists - file: + ansible.builtin.file: path: /etc/X11/xorg.conf.d owner: 0 group: 0 @@ -31,7 +31,7 @@ state: directory - name: generate system wide configurations - template: + ansible.builtin.template: src: "{{ item[0] }}" dest: "{{ item[1] }}" mode: preserve @@ -42,13 +42,13 @@ - [apm-resume, /etc/apm/resume] - name: ensure sysctl configuration file exists - file: + ansible.builtin.file: path: /etc/sysctl.conf owner: root mode: 0644 - name: ensure sysctl memory optimizations - blockinfile: + ansible.builtin.blockinfile: path: /etc/sysctl.conf block: | kern.shminfo.shmall=3145728 @@ -60,7 +60,7 @@ marker: "# memory {mark} - managed by Ansible" - name: ensure sysctl process optimizations - blockinfile: + ansible.builtin.blockinfile: path: /etc/sysctl.conf block: | kern.maxfiles=102400 diff --git a/roles/workstation/tasks/pipewire.yml b/roles/workstation/tasks/pipewire.yml index 8cc3f5e..1fc83a9 100644 --- a/roles/workstation/tasks/pipewire.yml +++ b/roles/workstation/tasks/pipewire.yml @@ -1,14 +1,14 @@ - name: install pipewire - package: + ansible.builtin.package: name: - - pipewire - - pipewire-alsa - - pipewire-pulse - - mda.lv2 + - pipewire + - pipewire-alsa + - pipewire-pulse + - mda.lv2 state: present - name: enable and start pipewire - systemd: + ansible.builtin.systemd: name: "{{ item }}" scope: user enabled: true diff --git a/roles/workstation/tasks/pkgs.yml b/roles/workstation/tasks/pkgs.yml index abc583e..674ccc4 100644 --- a/roles/workstation/tasks/pkgs.yml +++ b/roles/workstation/tasks/pkgs.yml @@ -1,5 +1,5 @@ - name: install distribution packages - package: + ansible.builtin.package: name: "{{ item }}" state: present loop: diff --git a/roles/workstation/tasks/shell.yml b/roles/workstation/tasks/shell.yml index 42b134c..dc11ca4 100644 --- a/roles/workstation/tasks/shell.yml +++ b/roles/workstation/tasks/shell.yml @@ -1,8 +1,8 @@ - name: retrieve zsh path # noqa no-changed-when command-instead-of-shell - shell: command -v zsh + ansible.builtin.shell: command -v zsh register: zsh_path - name: ensure zsh is used for workstation user - user: + ansible.builtin.user: name: "{{ workstation_user }}" shell: "{{ zsh_path.stdout_lines[0] }}" diff --git a/roles/workstation/tasks/smartcard.yml b/roles/workstation/tasks/smartcard.yml index ed79c92..926770a 100644 --- a/roles/workstation/tasks/smartcard.yml +++ b/roles/workstation/tasks/smartcard.yml @@ -1,5 +1,5 @@ - name: start and enable pcscd service - service: + ansible.builtin.service: name: pcscd state: started enabled: true diff --git a/roles/workstation/tasks/ssh.yml b/roles/workstation/tasks/ssh.yml index 318198e..d09c7f8 100644 --- a/roles/workstation/tasks/ssh.yml +++ b/roles/workstation/tasks/ssh.yml @@ -1,5 +1,5 @@ - name: create ssh directory - file: + ansible.builtin.file: path: "/home/{{ workstation_user }}/{{ item }}" owner: "{{ workstation_user }}" group: "{{ workstation_user }}" @@ -10,7 +10,7 @@ - .ssh/config.d - name: generate ssh configuration - template: + ansible.builtin.template: src: ssh.config.j2 dest: "/home/{{ workstation_user }}/.ssh/config.d/dns.config" owner: "{{ workstation_user }}" diff --git a/roles/workstation/tasks/tlp.yml b/roles/workstation/tasks/tlp.yml index 788f523..4782741 100644 --- a/roles/workstation/tasks/tlp.yml +++ b/roles/workstation/tasks/tlp.yml @@ -1,10 +1,10 @@ - name: install tlp - package: + ansible.builtin.package: name: tlp state: present - name: enable and start tlp - service: + ansible.builtin.service: name: tlp state: started enabled: true diff --git a/roles/workstation/tasks/yay.yml b/roles/workstation/tasks/yay.yml index cafbc9c..8581bfd 100644 --- a/roles/workstation/tasks/yay.yml +++ b/roles/workstation/tasks/yay.yml @@ -1,5 +1,5 @@ - name: clone yay repository - git: + ansible.builtin.git: repo: "{{ workstation_yay_repo }}" dest: "{{ workstation_yay_dir }}" version: origin/master @@ -7,13 +7,14 @@ become_user: "{{ workstation_user }}" - name: make yay package # noqa: no-changed-when - command: + # possible ambiguous replacement: command : ansible.builtin.command | community.ciscosmb.command | community.routeros.command + ansible.builtin.command: cmd: makepkg -fs chdir: "{{ workstation_yay_dir }}" become: true become_user: "{{ workstation_user }}" - name: install yay package # noqa: no-changed-when - shell: + ansible.builtin.shell: cmd: pacman --noconfirm -U *.zst chdir: "{{ workstation_yay_dir }}" diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml index a1ccf3d..62ec909 100644 --- a/roles/znc/tasks/main.yml +++ b/roles/znc/tasks/main.yml @@ -1,22 +1,22 @@ - name: install znc - package: + ansible.builtin.package: name: znc state: present - name: create znc group - group: + ansible.builtin.group: name: "{{ znc_group }}" state: present - name: create znc user - user: + ansible.builtin.user: name: "{{ znc_user }}" group: "{{ znc_group }}" system: true create_home: true - name: generate and enable znc service - include_role: + ansible.builtin.include_role: name: rc vars: rc_cmd: /usr/local/bin/znc @@ -24,7 +24,7 @@ rc_name: znc - name: enable and start znc - service: + ansible.builtin.service: name: znc state: restarted enabled: true |