diff --git a/bitlair.yaml b/bitlair.yaml
index a2923fc..9a7b765 100644
--- a/bitlair.yaml
+++ b/bitlair.yaml
@@ -1,63 +1,62 @@
-
---
- hosts: all
gather_facts: true
roles:
- - { role: "common", tags: [ "common" ] }
- - { role: "nft", tags: [ "nft" ] }
+ - { role: "common", tags: ["common"] }
+ - { role: "nft", tags: ["nft"] }
- hosts: bank
roles:
- - { role: "bank", tags: [ "bank" ] }
+ - { role: "bank", tags: ["bank"] }
- hosts: raspi
roles:
- - { role: "raspi", tags: [ "raspi" ] }
- - { role: "bank-terminal", tags: [ "bank-terminal" ] }
+ - { role: "raspi", tags: ["raspi"] }
+ - { role: "bank-terminal", tags: ["bank-terminal"] }
- hosts: fotos
roles:
- - { role: "photos", tags: [ "photos" ] }
+ - { role: "photos", tags: ["photos"] }
- hosts: git-ci
roles:
- - { role: "git-ci", tags: [ "git-ci" ] }
+ - { role: "git-ci", tags: ["git-ci"] }
- hosts: git
roles:
- - { role: "acme", tags: [ "acme" ] }
- - { role: "nginx", tags: [ "nginx" ] }
- - { role: "git-server", tags: [ "git-server" ] }
+ - { role: "acme", tags: ["acme"] }
+ - { role: "nginx", tags: ["nginx"] }
+ - { role: "git-server", tags: ["git-server"] }
- hosts: monitoring
roles:
- - { role: "acme", tags: [ "acme" ] }
- - { role: "nginx", tags: [ "nginx" ] }
- - { role: "monitoring", tags: [ "monitoring" ] }
+ - { role: "acme", tags: ["acme"] }
+ - { role: "nginx", tags: ["nginx"] }
+ - { role: "monitoring", tags: ["monitoring"] }
- hosts: mqtt
roles:
- - { role: "mqtt", tags: [ "mqtt" ] }
+ - { role: "mqtt", tags: ["mqtt"] }
- hosts: music
roles:
- - { role: "acme", tags: [ "acme" ] }
- - { role: "go", tags: [ "go" ] }
- - { role: "music", tags: [ "music" ] }
+ - { role: "acme", tags: ["acme"] }
+ - { role: "go", tags: ["go"] }
+ - { role: "music", tags: ["music"] }
- hosts: pad
roles:
- - { role: "acme", tags: [ "acme" ] }
- - { role: "nginx", tags: [ "nginx" ] }
- - { role: "etherpad", tags: [ "etherpad" ] }
+ - { role: "acme", tags: ["acme"] }
+ - { role: "nginx", tags: ["nginx"] }
+ - { role: "etherpad", tags: ["etherpad"] }
- hosts: services
roles:
- - { role: "services", tags: [ "services" ] }
+ - { role: "services", tags: ["services"] }
- hosts: wiki
roles:
- - { role: "acme", tags: [ "acme" ] }
- - { role: "nginx", tags: [ "nginx" ] }
- - { role: "www", tags: [ "www" ] }
+ - { role: "acme", tags: ["acme"] }
+ - { role: "nginx", tags: ["nginx"] }
+ - { role: "www", tags: ["www"] }
diff --git a/group_vars/monitoring.yaml b/group_vars/monitoring.yaml
index 248d854..260e159 100644
--- a/group_vars/monitoring.yaml
+++ b/group_vars/monitoring.yaml
@@ -1,7 +1,7 @@
monitoring_domain: dashboard.bitlair.nl
monitoring_bootstrap_cert: no
acme_san_domains:
- - ["{{ monitoring_domain }}", monitoring.bitlair.nl]
+ - ["{{ monitoring_domain }}"]
group_nft_input:
- "# Allow web-traffic from world"
@@ -21,6 +21,7 @@ prometheus_scrape_configs:
- "lights.bitlair.nl:9100"
- "music.bitlair.nl:9100"
- "service.bitlair.nl:9100"
+ - "user.bitlair.nl:9100"
- job_name: "mqtt"
static_configs:
- targets: [ "localhost:9883" ]
@@ -34,6 +35,7 @@ prometheus_scrape_configs:
- https://bitlair.nl
- https://git.bitlair.nl
- https://pad.bitlair.nl
+ - https://user.bitlair.nl
# Legacy
- https://wiki.bitlair.nl
- https://portal.bitlair.nl
diff --git a/roles/acme/tasks/main.yaml b/roles/acme/tasks/main.yaml
index 0be3133..01bf029 100644
--- a/roles/acme/tasks/main.yaml
+++ b/roles/acme/tasks/main.yaml
@@ -40,7 +40,7 @@
- name: Symlink SAN domains
ansible.builtin.include_tasks:
file: san_domains_loop.yaml
- loop: "{{ acme_san_domains|default([]) }}"
+ loop: "{{ acme_san_domains | default([]) }}"
loop_control:
loop_var: domains
diff --git a/roles/common/handlers/main.yaml b/roles/common/handlers/main.yaml
index 15ce290..3f6d5b8 100644
--- a/roles/common/handlers/main.yaml
+++ b/roles/common/handlers/main.yaml
@@ -1,30 +1,27 @@
---
-- name: update grub
+- name: Update grub
ansible.builtin.command:
cmd: update-grub
-- name: reboot
- ansible.builtin.reboot:
-
-- name: apt update
+- name: Apt update
ansible.builtin.apt:
update_cache: true
-- name: daemon reload
+- name: Daemon reload
ansible.builtin.systemd:
daemon_reload: true
-- name: reload sshd
+- name: Reload sshd
ansible.builtin.systemd:
name: ssh
state: reloaded
-- name: reload nginx
+- name: Reload nginx
ansible.builtin.systemd:
name: nginx
state: reloaded
-- name: persist iptables
+- name: Persist iptables
ansible.builtin.shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}"
with_items:
- { c: iptables, ip: v4 }
diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml
index 3ff5041..f986713 100644
--- a/roles/common/tasks/debian-upgrade.yaml
+++ b/roles/common/tasks/debian-upgrade.yaml
@@ -21,9 +21,6 @@
ansible.builtin.apt:
upgrade: full
-- name: Reboot
- ansible.builtin.reboot:
-
- name: autoremove
ansible.builtin.apt:
autoremove: yes
diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml
index a02e163..865de63 100644
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@@ -76,6 +76,7 @@
- vim
- unattended-upgrades
- apt-listchanges
+ - sudo-ldap
- name: Configure FZF for Bash
ansible.builtin.lineinfile:
@@ -96,7 +97,7 @@
path: /etc/default/grub
regexp: '^GRUB_TIMEOUT='
line: "GRUB_TIMEOUT=1 # Managed by Ansible"
- notify: update grub
+ notify: Update grub
- name: Configure cron email
ansible.builtin.lineinfile:
@@ -118,63 +119,5 @@
- regexp: '^#?DebianBanner'
line: 'DebianBanner no'
when: manage_sshd_config | default(true)
- notify: reload sshd
+ notify: Reload sshd
-- name: Allow SSH
- ansible.builtin.iptables:
- chain: INPUT
- protocol: tcp
- destination_port: "{{ ssh_port }}"
- ctstate: NEW
- jump: ACCEPT
- ip_version: "{{ item }}"
- with_items:
- - ipv4
- - ipv6
- notify: persist iptables
- when: not nft | bool
-
-- name: Allow ICMP
- ansible.builtin.iptables:
- chain: INPUT
- protocol: "{{ item.proto }}"
- jump: ACCEPT
- ip_version: "{{ item.ip }}"
- with_items:
- - { ip: ipv4, proto: icmp }
- - { ip: ipv6, proto: ipv6-icmp }
- notify: persist iptables
- when: not nft | bool
-
-- name: Allow related and established connections
- ansible.builtin.iptables:
- chain: INPUT
- ctstate: ESTABLISHED,RELATED
- jump: ACCEPT
- ip_version: "{{ item }}"
- with_items:
- - ipv4
- - ipv6
- notify: persist iptables
- when: not nft | bool
-
-- name: Allow local connections
- ansible.builtin.iptables:
- chain: INPUT
- source: "{{ item.cidr }}"
- jump: ACCEPT
- ip_version: "{{ item.v }}"
- with_items: "{{ trusted_ranges }}"
- notify: persist iptables
- when: not nft | bool
-
-- name: Deny inbound connections
- ansible.builtin.iptables:
- chain: INPUT
- policy: DROP
- ip_version: "{{ item }}"
- with_items:
- - ipv4
- - ipv6
- notify: persist iptables
- when: not nft | bool
diff --git a/roles/common/tasks/network.yaml b/roles/common/tasks/network.yaml
index 9d5e471..7e2a75b 100644
--- a/roles/common/tasks/network.yaml
+++ b/roles/common/tasks/network.yaml
@@ -13,7 +13,6 @@
with_items:
- { k: net.ipv4.ip_forward, v: "1" }
- { k: net.ipv6.conf.all.forwarding, v: "1" }
- notify: reboot
when: network_br
- name: Make network interfaces really predictable
@@ -22,8 +21,7 @@
regexp: ^GRUB_CMDLINE_LINUX
line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible'
notify:
- - update grub
- - reboot
+ - Update grub
when: network_br or network_dhcp or network_static
- name: Configure network interfaces
@@ -33,7 +31,6 @@
owner: root
group: root
mode: 0644
- notify: reboot
when: network_br or network_dhcp or network_static
- ansible.builtin.meta: flush_handlers
diff --git a/roles/common/tasks/vm.yaml b/roles/common/tasks/vm.yaml
index 505c03f..e1921ec 100644
--- a/roles/common/tasks/vm.yaml
+++ b/roles/common/tasks/vm.yaml
@@ -12,7 +12,6 @@
regexp: ^GRUB_CMDLINE_LINUX_DEFAULT
line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"'
notify:
- - update grub
- - reboot
+ - Update grub
tags:
- questagent
diff --git a/roles/common/templates/authorized_keys.j2 b/roles/common/templates/authorized_keys.j2
index 182dc36..9df7ff6 100644
--- a/roles/common/templates/authorized_keys.j2
+++ b/roles/common/templates/authorized_keys.j2
@@ -2,5 +2,5 @@
{% for name in root_access %}
# {{ name }}
-{{ lookup('file', 'authorized_keys/'+name+'.keys') }}
+{{ lookup('file', 'authorized_keys/' + name + '.keys') }}
{% endfor %}
diff --git a/roles/common/templates/sources.list.j2 b/roles/common/templates/sources.list.j2
index 9aac632..3945e1d 100644
--- a/roles/common/templates/sources.list.j2
+++ b/roles/common/templates/sources.list.j2
@@ -1,9 +1,9 @@
# {{ ansible_managed }}
-{% if debian_source_repos|default(false) %}
-{% set SRC = "" %}
+{% if debian_source_repos | default(false) %}
+{% set SRC = "" %}
{% else %}
-{% set SRC = "# " %}
+{% set SRC = "# " %}
{% endif %}
{% set components = "main contrib non-free-firmware" %}
diff --git a/roles/etherpad/handlers/main.yaml b/roles/etherpad/handlers/main.yaml
index 82924a6..7aea6eb 100644
--- a/roles/etherpad/handlers/main.yaml
+++ b/roles/etherpad/handlers/main.yaml
@@ -2,7 +2,7 @@
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
-- name: restart etherpad
+- name: Restart etherpad
ansible.builtin.systemd:
name: etherpad
state: restarted
diff --git a/roles/etherpad/tasks/main.yaml b/roles/etherpad/tasks/main.yaml
index 2adf731..0f4beb5 100644
--- a/roles/etherpad/tasks/main.yaml
+++ b/roles/etherpad/tasks/main.yaml
@@ -15,7 +15,7 @@
-o /usr/share/keyrings/nodesource.gpg
args:
creates: /usr/share/keyrings/nodesource.gpg
- notify: apt update
+ notify: Apt update
- name: Install nodesource source list
ansible.builtin.template:
@@ -24,7 +24,7 @@
owner: root
group: root
mode: 0644
- notify: apt update
+ notify: Apt update
- name: Install nodejs apt preference
ansible.builtin.template:
@@ -33,7 +33,7 @@
owner: root
group: root
mode: 0644
- notify: apt update
+ notify: Apt update
- ansible.builtin.meta: flush_handlers
@@ -88,7 +88,7 @@
version: master
dest: /opt/etherpad
accept_hostkey: yes
- notify: restart etherpad
+ notify: Restart etherpad
- name: Install etherpad config
ansible.builtin.template:
@@ -97,7 +97,7 @@
owner: root
group: root
mode: 0644
- notify: restart etherpad
+ notify: Restart etherpad
- name: Install etherpad service
ansible.builtin.template:
@@ -106,14 +106,14 @@
owner: root
group: root
mode: 0644
- notify: restart etherpad
+ notify: Restart etherpad
- name: Start etherpad
ansible.builtin.systemd:
daemon_reload: true
name: etherpad
state: started
- enabled: yes
+ enabled: true
- name: Install nginx config
ansible.builtin.template:
@@ -122,21 +122,5 @@
owner: root
group: root
mode: 0644
- notify: reload nginx
+ notify: Reload nginx
-- name: Allow HTTP and HTTPS
- ansible.builtin.iptables:
- chain: INPUT
- protocol: tcp
- destination_port: "{{ item.port }}"
- ctstate: NEW
- jump: ACCEPT
- ip_version: "{{ item.ip }}"
- action: insert
- with_items:
- - { ip: ipv4, port: 80 }
- - { ip: ipv4, port: 443 }
- - { ip: ipv6, port: 80 }
- - { ip: ipv6, port: 443 }
- notify: persist iptables
- when: not nft | bool
diff --git a/roles/etherpad/tasks/requirements.yml b/roles/etherpad/tasks/requirements.yml
index 060cde3..0b8dbb8 100644
--- a/roles/etherpad/tasks/requirements.yml
+++ b/roles/etherpad/tasks/requirements.yml
@@ -1,3 +1,5 @@
+---
+
collections:
- name: community.postgresql
version: 2.3.2
diff --git a/roles/git-ci/tasks/main.yaml b/roles/git-ci/tasks/main.yaml
index a01a11a..d677a61 100644
--- a/roles/git-ci/tasks/main.yaml
+++ b/roles/git-ci/tasks/main.yaml
@@ -1,50 +1,50 @@
---
-- tags: forgejo_runner
- block:
- - name: Install dependencies
- ansible.builtin.apt:
- name: docker.io
- - name: Download forgejo-runner
- ansible.builtin.get_url:
- url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
- dest: /usr/local/bin/forgejo-runner
- mode: 0755
- notify: restart forgejo-runner
+- name: Install dependencies
+ ansible.builtin.apt:
+ name: docker.io
- - name: Create runner dir
- ansible.builtin.file:
- state: directory
- path: "{{ runner_wd }}"
- owner: root
- group: root
- mode: 0755
+- name: Download forgejo-runner
+ ansible.builtin.get_url:
+ url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
+ dest: /usr/local/bin/forgejo-runner
+ mode: 0755
+ notify: restart forgejo-runner
- - name: Register runner
- ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
- args:
- chdir: "{{ runner_wd }}"
- creates: "{{ runner_wd }}/.runner"
+- name: Create runner dir
+ ansible.builtin.file:
+ state: directory
+ path: "{{ runner_wd }}"
+ owner: root
+ group: root
+ mode: 0755
- - name: Install service file
- ansible.builtin.template:
- src: forgejo-runner.service
- dest: /etc/systemd/system/forgejo-runner.service
- owner: root
- group: root
- mode: 0644
- notify: restart forgejo-runner
+- name: Register runner
+ ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
+ args:
+ chdir: "{{ runner_wd }}"
+ creates: "{{ runner_wd }}/.runner"
- - name: Enable service
- ansible.builtin.systemd:
- name: forgejo-runner
- enabled: yes
- daemon_reload: true
+- name: Install service file
+ ansible.builtin.template:
+ src: forgejo-runner.service
+ dest: /etc/systemd/system/forgejo-runner.service
+ owner: root
+ group: root
+ mode: 0644
+ notify: restart forgejo-runner
- - name: Start service
- ansible.builtin.systemd:
- name: forgejo-runner
- state: started
- daemon_reload: true
+- name: Enable service
+ ansible.builtin.systemd:
+ name: forgejo-runner
+ enabled: true
+ daemon_reload: true
- - ansible.builtin.meta: flush_handlers
+- name: Start service
+ ansible.builtin.systemd:
+ name: forgejo-runner
+ state: started
+ daemon_reload: true
+
+- name: Flush handlers
+ ansible.builtin.meta: flush_handlers
diff --git a/roles/git-server/tasks/main.yaml b/roles/git-server/tasks/main.yaml
index 112033e..5104ef5 100644
--- a/roles/git-server/tasks/main.yaml
+++ b/roles/git-server/tasks/main.yaml
@@ -14,14 +14,14 @@
owner: root
group: root
mode: 0644
- notify: reload nginx
+ notify: Reload nginx
- name: Enable nginx site
ansible.builtin.file:
src: /etc/nginx/sites-available/forgejo
dest: /etc/nginx/sites-enabled/forgejo
state: link
- notify: reload nginx
+ notify: Reload nginx
- name: Create user
ansible.builtin.user:
@@ -38,7 +38,6 @@
group: "{{ git_server_user }}"
mode: 0755
-
# TODO: Install initial config
- name: Install service file
@@ -48,7 +47,7 @@
owner: root
group: root
mode: 0644
- notify: reload forgejo
+ notify: Reload forgejo
- name: Install update script
ansible.builtin.template:
@@ -62,12 +61,12 @@
ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"
args:
creates: "{{ git_server_working_dir }}/forgejo"
- notify: reload forgejo
+ notify: Reload forgejo
- name: Enable service
ansible.builtin.systemd:
name: forgejo
- enabled: yes
+ enabled: true
daemon_reload: true
- name: Start service
@@ -81,24 +80,6 @@
src: cronjob
dest: /etc/cron.d/forgejo
-- name: Allow Git SSH, HTTP and HTTPS
- ansible.builtin.iptables:
- chain: INPUT
- protocol: tcp
- destination_port: "{{ item.port }}"
- ctstate: NEW
- jump: ACCEPT
- ip_version: "{{ item.ip }}"
- action: insert
- with_items:
- - { ip: ipv4, port: 80 }
- - { ip: ipv4, port: 22 }
- - { ip: ipv4, port: 443 }
- - { ip: ipv6, port: 80 }
- - { ip: ipv6, port: 22 }
- - { ip: ipv6, port: 443 }
- notify: persist iptables
- when: not nft | bool
-
-- ansible.builtin.debug:
- msg: If Forgejo has not been setup yet, please do so manually.
+- name: Debug
+ ansible.builtin.debug:
+ msg: "If Forgejo has not been setup yet, please do so manually."
diff --git a/roles/go/tasks/main.yaml b/roles/go/tasks/main.yaml
index b787d21..ab16901 100644
--- a/roles/go/tasks/main.yaml
+++ b/roles/go/tasks/main.yaml
@@ -19,11 +19,11 @@
register: go_latest_version_shell
- name: Format Go latest version variable
- set_fact:
+ ansible.builtin.set_fact:
go_latest_version: "{{ go_latest_version_shell.stdout }}"
- name: Detect installed Go version
- shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none"
+ ansible.builtin.shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none"
register: go_installed_version_shell
changed_when: false
@@ -31,19 +31,20 @@
set_fact:
go_installed_version: "{{ go_installed_version_shell.stdout }}"
- - debug:
+ - name: Debug
+ ansible.builtin.debug:
msg:
- "Latest Go version: {{ go_latest_version}}"
- "Installed Go version: {{ go_installed_version }}"
- name: Remove installed go
- file:
+ ansible.builtin.file:
state: absent
path: /usr/local/go
when: go_installed_version != go_latest_version
- name: Install Go
- unarchive:
+ ansible.builtin.unarchive:
src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz
dest: /usr/local
remote_src: yes
@@ -52,7 +53,7 @@
when: go_installed_version != go_latest_version
- name: Configure Go environment
- template:
+ ansible.builtin.template:
src: go.profile
dest: /etc/profile.d/go.sh
owner: root
@@ -60,7 +61,7 @@
mode: 0644
- name: Link go binary
- file:
+ ansible.builtin.file:
state: link
src: /usr/local/go/bin/go
dest: /usr/local/bin/go
diff --git a/roles/monitoring/tasks/main.yaml b/roles/monitoring/tasks/main.yaml
index f43992a..2017d5b 100644
--- a/roles/monitoring/tasks/main.yaml
+++ b/roles/monitoring/tasks/main.yaml
@@ -7,35 +7,20 @@
owner: root
group: root
mode: 0644
- notify: reload nginx
+ notify: Reload nginx
- name: Enable nginx site
ansible.builtin.file:
src: /etc/nginx/sites-available/monitoring
dest: /etc/nginx/sites-enabled/monitoring
state: link
- notify: reload nginx
+ notify: Reload nginx
- name: Start nginx
ansible.builtin.systemd:
name: nginx
state: started
- enabled: yes
-
-- name: Allow HTTP/HTTPS
- ansible.builtin.iptables:
- chain: INPUT
- protocol: tcp
- destination_port: "{{ item.port }}"
- ctstate: NEW
- jump: ACCEPT
- ip_version: "{{ item.ip }}"
- action: insert
- with_items:
- - { ip: ipv6, port: 80 }
- - { ip: ipv6, port: 443 }
- notify: persist iptables
- when: not nft | bool
+ enabled: true
- name: mqtt_exporter
tags: mqtt_exporter
diff --git a/roles/monitoring/templates/grafana.ini b/roles/monitoring/templates/grafana.ini
index be8c995..a954c62 100644
--- a/roles/monitoring/templates/grafana.ini
+++ b/roles/monitoring/templates/grafana.ini
@@ -69,6 +69,9 @@ level = info
[grafana_com]
url = https://grafana.com
+[auth]
+oauth_allow_insecure_email_lookup=true
+
[auth.anonymous]
enabled = true
org_name = Bitlair
diff --git a/roles/mqtt/tasks/main.yaml b/roles/mqtt/tasks/main.yaml
index 89f9064..498f49c 100644
--- a/roles/mqtt/tasks/main.yaml
+++ b/roles/mqtt/tasks/main.yaml
@@ -29,4 +29,4 @@
ansible.builtin.systemd:
name: mosquitto
state: started
- enabled: yes
+ enabled: true
diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml
index 5ef0e4f..2d77dbb 100644
--- a/roles/music/handlers/main.yaml
+++ b/roles/music/handlers/main.yaml
@@ -2,37 +2,37 @@
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
-- name: restart trollibox
+- name: Restart trollibox
ansible.builtin.systemd:
name: trollibox
state: restarted
daemon_reload: true
-- name: rebuild librespot
+- name: Rebuild librespot
ansible.builtin.command:
cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend
args:
chdir: /opt/librespot
-- name: restart librespot
+- name: Restart librespot
ansible.builtin.systemd:
name: librespot
state: restarted
daemon_reload: true
-- name: restart soundboard
+- name: Restart soundboard
ansible.builtin.systemd:
name: soundboard
state: restarted
daemon_reload: true
-- name: restart mpd-volume-to-mqtt
+- name: Restart mpd-volume-to-mqtt
ansible.builtin.systemd:
name: mpd-volume-to-mqtt
state: restarted
daemon_reload: true
-- name: restart skipbutton
+- name: Restart skipbutton
ansible.builtin.systemd:
name: skipbutton
state: restarted
diff --git a/roles/music/tasks/librespot.yaml b/roles/music/tasks/librespot.yaml
index 9bf3154..2a8d19b 100644
--- a/roles/music/tasks/librespot.yaml
+++ b/roles/music/tasks/librespot.yaml
@@ -11,8 +11,8 @@
dest: /opt/librespot
accept_hostkey: yes
notify:
- - rebuild librespot
- - restart librespot
+ - Rebuild librespot
+ - Restart librespot
- name: Install service file
ansible.builtin.template:
@@ -21,7 +21,7 @@
owner: root
group: root
mode: 0644
- notify: restart librespot
+ notify: Restart librespot
- name: Enable Librespot
ansible.builtin.systemd:
diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml
index cad6eb9..e8a751c 100644
--- a/roles/music/tasks/main.yaml
+++ b/roles/music/tasks/main.yaml
@@ -1,28 +1,34 @@
---
-- tags: music_mpd
+
+- name: Import mpd
ansible.builtin.import_tasks:
file: mpd.yaml
+ tags:
+ - music_mpd
-- tags: music_trollibox
+- name: Import trollibox
ansible.builtin.import_tasks:
file: trollibox.yaml
+ tags:
+ - music_trollibox
-- tags: music_librespot
+- name: Librespot
ansible.builtin.import_tasks:
file: librespot.yaml
+ tags:
+ - music_librespot
-- tags: music_soundboard
+- name: Soundboard
ansible.builtin.import_tasks:
file: soundboard.yaml
+ tags:
+ - music_soundboard
-- tags: music
- block:
-
- - name: Install nginx config
- ansible.builtin.template:
- src: nginx-site.conf
- dest: /etc/nginx/sites-enabled/trollibox
- owner: root
- group: root
- mode: 0644
- notify: reload nginx
+- name: Install nginx config
+ ansible.builtin.template:
+ src: nginx-site.conf
+ dest: /etc/nginx/sites-enabled/trollibox
+ owner: root
+ group: root
+ mode: 0644
+ notify: Reload nginx
diff --git a/roles/music/tasks/mpd.yaml b/roles/music/tasks/mpd.yaml
index d372d12..eb88133 100644
--- a/roles/music/tasks/mpd.yaml
+++ b/roles/music/tasks/mpd.yaml
@@ -1,4 +1,5 @@
---
+
- name: Install MPD
ansible.builtin.apt:
name:
@@ -15,7 +16,7 @@
owner: root
group: root
mode: 0644
- notify: restart mpd-volume-to-mqtt
+ notify: Restart mpd-volume-to-mqtt
- name: Install mpd-volume-to-mqtt service
ansible.builtin.template:
@@ -24,7 +25,7 @@
owner: root
group: root
mode: 0644
- notify: restart mpd-volume-to-mqtt
+ notify: Restart mpd-volume-to-mqtt
- name: Enable mpd-volume-to-mqtt
ansible.builtin.systemd:
@@ -39,7 +40,7 @@
version: master
dest: /opt/skipbutton
accept_hostkey: yes
- notify: restart skipbutton
+ notify: Restart skipbutton
- name: Install skipbutton service
ansible.builtin.template:
@@ -48,7 +49,7 @@
owner: root
group: root
mode: 0644
- notify: restart skipbutton
+ notify: Restart skipbutton
- name: Enable skipbutton
ansible.builtin.systemd:
diff --git a/roles/music/tasks/soundboard.yaml b/roles/music/tasks/soundboard.yaml
index 6068976..a0ea558 100644
--- a/roles/music/tasks/soundboard.yaml
+++ b/roles/music/tasks/soundboard.yaml
@@ -10,7 +10,7 @@
version: main
dest: /opt/soundboard
accept_hostkey: yes
- notify: restart soundboard
+ notify: Restart soundboard
- name: Create virtualenv
ansible.builtin.command:
@@ -31,7 +31,7 @@
owner: root
group: root
mode: 0644
- notify: restart soundboard
+ notify: Restart soundboard
- name: Install soundboard service file
ansible.builtin.template:
@@ -40,7 +40,7 @@
owner: root
group: root
mode: 0644
- notify: restart soundboard
+ notify: Restart soundboard
- name: Enable soundboard
ansible.builtin.systemd:
diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml
index 29c544a..0b20b4a 100644
--- a/roles/music/tasks/trollibox.yaml
+++ b/roles/music/tasks/trollibox.yaml
@@ -5,8 +5,8 @@
dest: /etc/trollibox.yaml
owner: root
group: root
- mode: 0644
- notify: restart trollibox
+ mode: "0644"
+ notify: Restart trollibox
- name: Get latest Trollibox version from Github API
ansible.builtin.get_url:
@@ -25,8 +25,8 @@
remote_src: yes
dest: /usr/local/bin
include: [ trollibox ]
- mode: 0755
- notify: restart trollibox
+ mode: "0755"
+ notify: Restart trollibox
- name: Install service file
ansible.builtin.template:
@@ -34,8 +34,8 @@
dest: /etc/systemd/system/trollibox.service
owner: root
group: root
- mode: 0644
- notify: restart trollibox
+ mode: "0644"
+ notify: Restart trollibox
- name: Enable Trollibox
ansible.builtin.systemd:
diff --git a/roles/nft/templates/nftables.conf.j2 b/roles/nft/templates/nftables.conf.j2
index ce52b65..583639b 100644
--- a/roles/nft/templates/nftables.conf.j2
+++ b/roles/nft/templates/nftables.conf.j2
@@ -73,15 +73,15 @@ set trusted6 {
} accept
# Open ssh only for trusted machines
- ip saddr @trusted4 tcp dport { {{ trusted_ports|join(', ') }} } accept
- ip6 saddr @trusted6 tcp dport { {{ trusted_ports|join(', ') }} } accept
+ ip saddr @trusted4 tcp dport { {{ trusted_ports | join(', ') }} } accept
+ ip6 saddr @trusted6 tcp dport { {{ trusted_ports | join(', ') }} } accept
# Rules based on group-vars
{% for custom in nft_group_rules %}
{% if custom.comment is defined %}
- # {{ custom.comment|default('') }}
+ # {{ custom.comment | default('') }}
{% endif %}
- {{ custom.version|default('ip') }} saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }}
+ {{ custom.version | default('ip') }} saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }}
{% endfor %}
diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml
index b6fd46e..55f38e5 100644
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@@ -4,7 +4,6 @@ nginx_package: "nginx-light"
nginx_user: "www-data"
nginx_modules_dir: "/etc/nginx/modules-enabled"
-
nginx_tls_version: "TLSv1.2 TLSv1.3"
nginx_tls_cipherlist: "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:!SHA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
nginx_tls_curve: "prime256v1:secp384r1"
@@ -14,4 +13,3 @@ nginx_ssl_stapling: "on"
nginx_ssl_stapling_verify: "on"
nginx_wk_acme: "/var/lib/dehydrated/acme-challenges"
nginx_client_max_body_size: "32m"
-
diff --git a/roles/nginx/templates/site.conf.j2 b/roles/nginx/templates/site.conf.j2
index 6a4dfb7..d48f46f 100644
--- a/roles/nginx/templates/site.conf.j2
+++ b/roles/nginx/templates/site.conf.j2
@@ -4,7 +4,7 @@ server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
- server_name {{ site.server_name|default(inventory_hostname) }}{% if site.server_alias is defined %} {{ site.server_alias }}{% endif %};
+ server_name {{ site.server_name | default(inventory_hostname) }}{% if site.server_alias is defined %} {{ site.server_alias }}{% endif %};
include /etc/nginx/tls_params;
ssl_certificate /var/lib/dehydrated/certs/{{ site.server_name }}/fullchain.pem;
@@ -28,7 +28,7 @@ server {
# Include snippets
{% for file in site.snippets | default([]) %}
-{% include "snippets/" ~ file %}
+{% include "snippets/" ~ file %}
{% endfor %}
# Per site configuration
diff --git a/roles/photos/tasks/bambulab-fetch.yaml b/roles/photos/tasks/bambulab-fetch.yaml
index ef2d351..b050af9 100644
--- a/roles/photos/tasks/bambulab-fetch.yaml
+++ b/roles/photos/tasks/bambulab-fetch.yaml
@@ -33,5 +33,5 @@
ansible.builtin.systemd:
name: bambulab-fetch
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
diff --git a/roles/photos/tasks/photo-gallery.yaml b/roles/photos/tasks/photo-gallery.yaml
index 6551040..5a6cfff 100644
--- a/roles/photos/tasks/photo-gallery.yaml
+++ b/roles/photos/tasks/photo-gallery.yaml
@@ -33,5 +33,5 @@
ansible.builtin.systemd:
name: photo-gallery
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
diff --git a/roles/photos/tasks/photos2mqtt.yaml b/roles/photos/tasks/photos2mqtt.yaml
index 9f14cff..755a4ec 100644
--- a/roles/photos/tasks/photos2mqtt.yaml
+++ b/roles/photos/tasks/photos2mqtt.yaml
@@ -31,5 +31,5 @@
ansible.builtin.systemd:
name: photos2mqtt
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
diff --git a/roles/raspi/tasks/main.yaml b/roles/raspi/tasks/main.yaml
index a787e5c..1420e09 100644
--- a/roles/raspi/tasks/main.yaml
+++ b/roles/raspi/tasks/main.yaml
@@ -15,7 +15,7 @@
- name: Enable sshd
ansible.builtin.systemd:
name: sshd
- enabled: yes
+ enabled: true
state: started
- name: Rotate display
@@ -24,7 +24,6 @@
line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible"
regexp: "^#?display_rotate"
when: raspi_rotate_display is defined
- notify: reboot
- name: Disable swap
block:
@@ -45,4 +44,3 @@
path: /etc/dhcpcd.conf
line: "slaac hwaddr # Managed by Ansible"
regexp: "^#?slaac"
- notify: reboot
diff --git a/roles/services/handlers/main.yaml b/roles/services/handlers/main.yaml
index 125fc4d..fb69a73 100644
--- a/roles/services/handlers/main.yaml
+++ b/roles/services/handlers/main.yaml
@@ -2,55 +2,55 @@
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
-- name: restart irc-bot
+- name: Restart irc-bot
ansible.builtin.systemd:
name: irc-bot
state: restarted
daemon_reload: true
-- name: restart irc-photos
+- name: Restart irc-photos
ansible.builtin.systemd:
name: irc-photos
state: restarted
daemon_reload: true
-- name: restart irc-doorduino
+- name: Restart irc-doorduino
ansible.builtin.systemd:
name: irc-doorduino
state: restarted
daemon_reload: true
-- name: restart discord-bot
+- name: Restart discord-bot
ansible.builtin.systemd:
name: discord-bot
state: restarted
daemon_reload: true
-- name: restart siahsd
+- name: Restart siahsd
ansible.builtin.systemd:
name: siahsd
state: restarted
daemon_reload: true
-- name: restart spacestated
+- name: Restart spacestated
ansible.builtin.systemd:
name: spacestated
state: restarted
daemon_reload: true
-- name: restart mastodon-spacestate
+- name: Restart mastodon-spacestate
ansible.builtin.systemd:
name: mastodon-spacestate
state: restarted
daemon_reload: true
-- name: restart wifi-mqtt
+- name: Restart wifi-mqtt
ansible.builtin.systemd:
name: wifi-mqtt
state: restarted
daemon_reload: true
-- name: restart power-mqtt
+- name: Restart power-mqtt
ansible.builtin.systemd:
name: power-mqtt
state: restarted
diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml
index 16c20d6..1889db4 100644
--- a/roles/services/tasks/discord_bot.yaml
+++ b/roles/services/tasks/discord_bot.yaml
@@ -1,4 +1,5 @@
---
+
- name: Install dependencies
ansible.builtin.apt:
name:
@@ -24,7 +25,8 @@
version: main
dest: /var/lib/discord-bot
accept_hostkey: yes
- notify: restart discord-bot
+ notify: Restart discord-bot
+ ignore_errors: true
- name: Install service file
ansible.builtin.template:
@@ -32,12 +34,12 @@
dest: /etc/systemd/system/discord-bot.service
owner: root
group: root
- mode: 0644
- notify: restart discord-bot
+ mode: "0644"
+ notify: Restart discord-bot
- name: Start discord-bot
ansible.builtin.systemd:
name: discord-bot
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml
index 6d9462a..e635302 100644
--- a/roles/services/tasks/ircbot.yaml
+++ b/roles/services/tasks/ircbot.yaml
@@ -5,7 +5,8 @@
version: master
dest: /var/lib/irc-bot
accept_hostkey: yes
- notify: restart irc-bot
+ ignore_errors: true
+ notify: Restart irc-bot
- name: Link irc-say
ansible.builtin.file:
@@ -23,13 +24,13 @@
vars:
description: Bitlair IRC bot
exec: /bin/bash /var/lib/irc-bot/irc-bot
- notify: restart irc-bot
+ notify: Restart irc-bot
- name: Start irc-bot
ansible.builtin.systemd:
name: irc-bot
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
- name: Create helpers dir
@@ -44,7 +45,7 @@
owner: root
group: root
mode: 0755
- notify: restart irc-photos
+ notify: Restart irc-photos
- name: Install photos notification service
ansible.builtin.template:
@@ -57,13 +58,13 @@
description: Bitlair IRC photos notification
requires: irc-bot.service
exec: /bin/bash /var/lib/irc-helpers/photos.sh
- notify: restart irc-photos
+ notify: Restart irc-photos
- name: Start irc-photos
ansible.builtin.systemd:
name: irc-photos
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
- name: Install doorduino notification
@@ -73,7 +74,7 @@
owner: root
group: root
mode: 0755
- notify: restart irc-doorduino
+ notify: Restart irc-doorduino
- name: Install doorduino notification service
ansible.builtin.template:
@@ -86,11 +87,11 @@
description: Bitlair IRC doorduino notification
requires: irc-bot.service
exec: /bin/bash /var/lib/irc-helpers/doorduino.sh
- notify: restart irc-doorduino
+ notify: Restart irc-doorduino
- name: Start irc-doorduino
ansible.builtin.systemd:
name: irc-doorduino
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
diff --git a/roles/services/tasks/main.yaml b/roles/services/tasks/main.yaml
index 5f17300..e082c5f 100644
--- a/roles/services/tasks/main.yaml
+++ b/roles/services/tasks/main.yaml
@@ -1,22 +1,43 @@
---
-- tags: services_ircbot
+
+- name: Import ircbot
ansible.builtin.import_tasks:
file: ircbot.yaml
+ tags:
+ - services_ircbot
-- tags: services_discord_bot
- ansible.builtin.import_tasks: discord_bot.yaml
+- name: Import services_discord_bot
+ ansible.builtin.import_tasks:
+ file: discord_bot.yaml
+ tags:
+ - services_discord_bot
-- tags: services_siahsd
- import_tasks: siahsd.yaml
+- name: Import siahsd
+ ansible.builtin.import_tasks:
+ file: siahsd.yaml
+ tags:
+ - services_siahsd
-- tags: services_spacestated
- import_tasks: spacestated.yaml
+- name: Import spacestated
+ ansible.builtin.import_tasks:
+ file: spacestated.yaml
+ tags:
+ - services_spacestated
-- tags: services_mastodon_spacestate
- import_tasks: mastodon_spacestate.yaml
+- name: Import mastodon_spacestate.yaml
+ ansible.builtin.import_tasks:
+ file: mastodon_spacestate.yaml
+ tags:
+ - services_mastodon_spacestate
-- tags: services_wifi_mqtt
- import_tasks: wifi_mqtt.yaml
+- name: import wifi_mqtt
+ ansible.builtin.import_tasks:
+ file: wifi_mqtt.yaml
+ tags:
+ - services_wifi_mqtt
-- tags: services_power_mqtt
- import_tasks: power_mqtt.yaml
+- name: Import power_mqt
+ ansible.builtin.import_tasks:
+ file: power_mqtt.yaml
+ tags:
+ - services_power_mqtt
diff --git a/roles/services/tasks/mastodon_spacestate.yaml b/roles/services/tasks/mastodon_spacestate.yaml
index 47886de..53f979e 100644
--- a/roles/services/tasks/mastodon_spacestate.yaml
+++ b/roles/services/tasks/mastodon_spacestate.yaml
@@ -11,7 +11,8 @@
version: main
dest: /var/lib/mastodon-spacestate
accept_hostkey: yes
- notify: restart mastodon-spacestate
+ notify: Restart mastodon-spacestate
+ ignore_errors: true
- name: Install config
ansible.builtin.template:
@@ -20,7 +21,7 @@
owner: root
group: root
mode: 0655
- notify: restart mastodon-spacestate
+ notify: Restart mastodon-spacestate
- name: Install service file
ansible.builtin.template:
@@ -29,11 +30,11 @@
owner: root
group: root
mode: 0644
- notify: restart mastodon-spacestate
+ notify: Restart mastodon-spacestate
- name: Start mastodon-spacestate
ansible.builtin.systemd:
name: mastodon-spacestate
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
diff --git a/roles/services/tasks/power_mqtt.yaml b/roles/services/tasks/power_mqtt.yaml
index 3cc3e0f..406a274 100644
--- a/roles/services/tasks/power_mqtt.yaml
+++ b/roles/services/tasks/power_mqtt.yaml
@@ -10,7 +10,7 @@
owner: root
group: root
mode: 0755
- notify: restart power-mqtt
+ notify: Restart power-mqtt
- name: Remove old service
ansible.builtin.file:
@@ -27,13 +27,13 @@
vars:
description: "SMD630 to MQTT Probe"
exec: "/var/lib/power-mqtt.py %i"
- notify: restart power-mqtt@
+ notify: Restart power-mqtt@
- name: Enable power-mqtt
ansible.builtin.systemd:
name: "power-mqtt@{{ item.net }}/{{ item.ip }}"
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
with_items:
- net: space
diff --git a/roles/services/tasks/siahsd.yaml b/roles/services/tasks/siahsd.yaml
index ba88c8c..c7c3b0b 100644
--- a/roles/services/tasks/siahsd.yaml
+++ b/roles/services/tasks/siahsd.yaml
@@ -7,6 +7,7 @@
state: directory
owner: siahsd
group: nogroup
+ mode: "0750"
with_items:
- /var/log/siahsd
- /var/lib/siahsd
@@ -17,8 +18,8 @@
dest: /etc/siahsd.conf
owner: root
group: root
- mode: 0644
- notify: restart siahsd
+ mode: "0644"
+ notify: Restart siahsd
- name: Install service file
ansible.builtin.template:
@@ -26,24 +27,13 @@
dest: /etc/systemd/system/siahsd.service
owner: root
group: root
- mode: 0644
- notify: restart siahsd
+ mode: "0644"
+ notify: Restart siahsd
- name: Start siahsd
ansible.builtin.systemd:
name: siahsd
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
-- name: Allow siahsd traffic
- ansible.builtin.iptables:
- chain: INPUT
- protocol: udp
- destination_port: "4000"
- jump: ACCEPT
- ip_version: "{{ item }}"
- action: insert
- with_items: [ ipv4, ipv6 ]
- notify: persist iptables
- when: not nft | bool
diff --git a/roles/services/tasks/spacestated.yaml b/roles/services/tasks/spacestated.yaml
index 7c00bfd..3cff5bb 100644
--- a/roles/services/tasks/spacestated.yaml
+++ b/roles/services/tasks/spacestated.yaml
@@ -24,7 +24,8 @@
version: main
dest: /var/lib/spacestated/spacestated
accept_hostkey: yes
- notify: restart spacestated
+ notify: Restart spacestated
+ ignore_errors: true
- name: Install service file
ansible.builtin.template:
@@ -33,11 +34,11 @@
owner: root
group: root
mode: 0644
- notify: restart spacestated
+ notify: Restart spacestated
- name: Start spacestated
ansible.builtin.systemd:
name: spacestated
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
diff --git a/roles/services/tasks/wifi_mqtt.yaml b/roles/services/tasks/wifi_mqtt.yaml
index 4c76f05..8bb8353 100644
--- a/roles/services/tasks/wifi_mqtt.yaml
+++ b/roles/services/tasks/wifi_mqtt.yaml
@@ -7,25 +7,26 @@
- make
- name: Clone source
- git:
+ ansible.builtin.git:
repo: https://github.com/bitlair/wifi-mqtt.git
version: main
dest: /var/lib/wifi-mqtt
accept_hostkey: yes
- notify: restart wifi-mqtt
+ notify: Restart wifi-mqtt
+ ignore_errors: true
- name: Install service file
- template:
+ ansible.builtin.template:
src: wifi-mqtt.service
dest: /etc/systemd/system/wifi-mqtt.service
owner: root
group: root
- mode: 0644
- notify: restart wifi-mqtt
+ mode: "0644"
+ notify: Restart wifi-mqtt
- name: Start wifi-mqtt
- systemd:
+ ansible.builtin.systemd:
name: wifi-mqtt
state: started
- enabled: yes
+ enabled: true
daemon_reload: true
diff --git a/roles/www/handlers/main.yaml b/roles/www/handlers/main.yaml
index d5296b9..dcafe97 100644
--- a/roles/www/handlers/main.yaml
+++ b/roles/www/handlers/main.yaml
@@ -1,14 +1,15 @@
---
-- ansible.builtin.import_tasks:
+- name: Import handlers
+ ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
-- name: restart spaceapi
+- name: Restart spaceapi
ansible.builtin.systemd:
name: spaceapi
state: restarted
daemon_reload: true
-- name: restart mqtt2web
+- name: Restart mqtt2web
ansible.builtin.systemd:
name: mqtt2web
state: restarted
diff --git a/roles/www/tasks/main.yaml b/roles/www/tasks/main.yaml
index 114218a..382706a 100644
--- a/roles/www/tasks/main.yaml
+++ b/roles/www/tasks/main.yaml
@@ -1,16 +1,25 @@
---
-- tags: www_calendar
+
+- name: Import calendar
ansible.builtin.import_tasks:
file: calendar.yaml
+ tags:
+ - www_calendar
-- tags: www_mediawiki
+- name: Import mediawiki
ansible.builtin.import_tasks:
file: mediawiki.yaml
+ tags:
+ - www_mediawiki
-- tags: www_mqtt
+- name: Import mqtt
ansible.builtin.import_tasks:
file: mqtt.yaml
+ tags:
+ - www_mqtt
-- tags: www_spaceapi
+- name: Import spaceapi
ansible.builtin.import_tasks:
file: spaceapi.yaml
+ tags:
+ - www_spaceapi
diff --git a/roles/www/tasks/mediawiki.yaml b/roles/www/tasks/mediawiki.yaml
index 5113131..2eb69f4 100644
--- a/roles/www/tasks/mediawiki.yaml
+++ b/roles/www/tasks/mediawiki.yaml
@@ -1,4 +1,5 @@
---
+
- name: Install dependencies
ansible.builtin.apt:
name: php-fpm
@@ -12,19 +13,3 @@
group: root
mode: 0644
-- name: Allow HTTP/HTTPS
- ansible.builtin.iptables:
- chain: INPUT
- protocol: tcp
- destination_port: "{{ item.port }}"
- ctstate: NEW
- jump: ACCEPT
- ip_version: "{{ item.ip }}"
- action: insert
- with_items:
- - { ip: ipv4, port: 80 }
- - { ip: ipv4, port: 443 }
- - { ip: ipv6, port: 80 }
- - { ip: ipv6, port: 443 }
- notify: persist iptables
- when: not nft | bool
diff --git a/roles/www/tasks/mqtt.yaml b/roles/www/tasks/mqtt.yaml
index 94dc0bf..f96fadd 100644
--- a/roles/www/tasks/mqtt.yaml
+++ b/roles/www/tasks/mqtt.yaml
@@ -1,4 +1,5 @@
---
+
- name: Install dependencies
ansible.builtin.apt:
name:
@@ -6,32 +7,17 @@
- liblinux-epoll-perl
- mosquitto
-- name: Allow MQTT
- ansible.builtin.iptables:
- chain: INPUT
- protocol: tcp
- destination_port: "{{ item.port }}"
- ctstate: NEW
- jump: ACCEPT
- ip_version: "{{ item.ip }}"
- action: insert
- with_items:
- - { ip: ipv4, port: 1883 }
- - { ip: ipv6, port: 1883 }
- notify: persist iptables
- when: not nft | bool
-
- name: Install mqtt-simple
- ansible.builtin.command:
- cmd: cpan Net::MQTT::Simple
+ community.general.cpanm:
+ name: Net::MQTT::Simple
- name: Clone mqtt2web source
ansible.builtin.git:
repo: https://github.com/bitlair/mqtt2web.git
version: master
dest: /opt/mqtt2web
- accept_hostkey: yes
- notify: restart mqtt2web
+ accept_hostkey: true
+ notify: Restart mqtt2web
- name: Install mqtt2web service file
ansible.builtin.template:
@@ -41,10 +27,11 @@
group: root
mode: 0644
notify:
- - daemon reload
- - restart mqtt2web
+ - Daemon reload
+ - Restart mqtt2web
-- ansible.builtin.meta: flush_handlers
+- name: Flush handlers
+ ansible.builtin.meta: flush_handlers
- name: Enable mqtt2web
ansible.builtin.systemd:
diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml
index a819839..7c8a494 100644
--- a/roles/www/tasks/spaceapi.yaml
+++ b/roles/www/tasks/spaceapi.yaml
@@ -4,8 +4,8 @@
repo: https://github.com/bitlair/spaceapi.git
version: main
dest: /opt/spaceapi
- accept_hostkey: yes
- notify: restart spaceapi
+ accept_hostkey: true
+ notify: Restart spaceapi
- name: Install spaceapi service file
ansible.builtin.template:
@@ -13,8 +13,8 @@
dest: /etc/systemd/system/spaceapi.service
owner: root
group: root
- mode: 0644
- notify: restart spaceapi
+ mode: "0644"
+ notify: Restart spaceapi
- name: Enable spaceapi
ansible.builtin.systemd: