BlackDragon/ansible
1
0
Fork 0
forked from bitlair/ansible
Code Pull requests Activity

Merge pull request 'Linter + Dashboard fixes' (#3) from more-linter into main

Browse source 
Reviewed-on: bitlair/ansible#3
This commit is contained in:
Mark Janssen 2024-07-31 21:19:08 +02:00
commit 9ac932a92e
46 changed files with 289 additions and 397 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
bitlair.yaml
View file

@ -1,4 +1,3 @@
---
- hosts: all

4
group_vars/monitoring.yaml
View file

@ -1,7 +1,7 @@
monitoring_domain: dashboard.bitlair.nl
monitoring_bootstrap_cert: no
acme_san_domains:
- ["{{ monitoring_domain }}", monitoring.bitlair.nl]
- ["{{ monitoring_domain }}"]
group_nft_input:
- "# Allow web-traffic from world"
@ -21,6 +21,7 @@ prometheus_scrape_configs:
- "lights.bitlair.nl:9100"
- "music.bitlair.nl:9100"
- "service.bitlair.nl:9100"
- "user.bitlair.nl:9100"
- job_name: "mqtt"
static_configs:
- targets: [ "localhost:9883" ]
@ -34,6 +35,7 @@ prometheus_scrape_configs:
- https://bitlair.nl
- https://git.bitlair.nl
- https://pad.bitlair.nl
- https://user.bitlair.nl
# Legacy
- https://wiki.bitlair.nl
- https://portal.bitlair.nl

15
roles/common/handlers/main.yaml
View file

@ -1,30 +1,27 @@
---
- name: update grub
- name: Update grub
ansible.builtin.command:
cmd: update-grub
- name: reboot
ansible.builtin.reboot:
- name: apt update
- name: Apt update
ansible.builtin.apt:
update_cache: true
- name: daemon reload
- name: Daemon reload
ansible.builtin.systemd:
daemon_reload: true
- name: reload sshd
- name: Reload sshd
ansible.builtin.systemd:
name: ssh
state: reloaded
- name: reload nginx
- name: Reload nginx
ansible.builtin.systemd:
name: nginx
state: reloaded
- name: persist iptables
- name: Persist iptables
ansible.builtin.shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}"
with_items:
- { c: iptables, ip: v4 }

3
roles/common/tasks/debian-upgrade.yaml
View file

@ -21,9 +21,6 @@
ansible.builtin.apt:
upgrade: full
- name: Reboot
ansible.builtin.reboot:
- name: autoremove
ansible.builtin.apt:
autoremove: yes

63
roles/common/tasks/main.yaml
View file

@ -76,6 +76,7 @@
- vim
- unattended-upgrades
- apt-listchanges
- sudo-ldap
- name: Configure FZF for Bash
ansible.builtin.lineinfile:
@ -96,7 +97,7 @@
path: /etc/default/grub
regexp: '^GRUB_TIMEOUT='
line: "GRUB_TIMEOUT=1 # Managed by Ansible"
notify: update grub
notify: Update grub
- name: Configure cron email
ansible.builtin.lineinfile:
@ -118,63 +119,5 @@
- regexp: '^#?DebianBanner'
line: 'DebianBanner no'
when: manage_sshd_config | default(true)
notify: reload sshd
notify: Reload sshd
- name: Allow SSH
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ ssh_port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item }}"
with_items:
- ipv4
- ipv6
notify: persist iptables
when: not nft | bool
- name: Allow ICMP
ansible.builtin.iptables:
chain: INPUT
protocol: "{{ item.proto }}"
jump: ACCEPT
ip_version: "{{ item.ip }}"
with_items:
- { ip: ipv4, proto: icmp }
- { ip: ipv6, proto: ipv6-icmp }
notify: persist iptables
when: not nft | bool
- name: Allow related and established connections
ansible.builtin.iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
ip_version: "{{ item }}"
with_items:
- ipv4
- ipv6
notify: persist iptables
when: not nft | bool
- name: Allow local connections
ansible.builtin.iptables:
chain: INPUT
source: "{{ item.cidr }}"
jump: ACCEPT
ip_version: "{{ item.v }}"
with_items: "{{ trusted_ranges }}"
notify: persist iptables
when: not nft | bool
- name: Deny inbound connections
ansible.builtin.iptables:
chain: INPUT
policy: DROP
ip_version: "{{ item }}"
with_items:
- ipv4
- ipv6
notify: persist iptables
when: not nft | bool

5
roles/common/tasks/network.yaml
View file

@ -13,7 +13,6 @@
with_items:
- { k: net.ipv4.ip_forward, v: "1" }
- { k: net.ipv6.conf.all.forwarding, v: "1" }
notify: reboot
when: network_br
- name: Make network interfaces really predictable
@ -22,8 +21,7 @@
regexp: ^GRUB_CMDLINE_LINUX
line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible'
notify:
- update grub
- reboot
- Update grub
when: network_br or network_dhcp or network_static
- name: Configure network interfaces
@ -33,7 +31,6 @@
owner: root
group: root
mode: 0644
notify: reboot
when: network_br or network_dhcp or network_static
- ansible.builtin.meta: flush_handlers

3
roles/common/tasks/vm.yaml
View file

@ -12,7 +12,6 @@
regexp: ^GRUB_CMDLINE_LINUX_DEFAULT
line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"'
notify:
- update grub
- reboot
- Update grub
tags:
- questagent

2
roles/etherpad/handlers/main.yaml
View file

@ -2,7 +2,7 @@
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart etherpad
- name: Restart etherpad
ansible.builtin.systemd:
name: etherpad
state: restarted

32
roles/etherpad/tasks/main.yaml
View file

@ -15,7 +15,7 @@
-o /usr/share/keyrings/nodesource.gpg
args:
creates: /usr/share/keyrings/nodesource.gpg
notify: apt update
notify: Apt update
- name: Install nodesource source list
ansible.builtin.template:
@ -24,7 +24,7 @@
owner: root
group: root
mode: 0644
notify: apt update
notify: Apt update
- name: Install nodejs apt preference
ansible.builtin.template:
@ -33,7 +33,7 @@
owner: root
group: root
mode: 0644
notify: apt update
notify: Apt update
- ansible.builtin.meta: flush_handlers
@ -88,7 +88,7 @@
version: master
dest: /opt/etherpad
accept_hostkey: yes
notify: restart etherpad
notify: Restart etherpad
- name: Install etherpad config
ansible.builtin.template:
@ -97,7 +97,7 @@
owner: root
group: root
mode: 0644
notify: restart etherpad
notify: Restart etherpad
- name: Install etherpad service
ansible.builtin.template:
@ -106,14 +106,14 @@
owner: root
group: root
mode: 0644
notify: restart etherpad
notify: Restart etherpad
- name: Start etherpad
ansible.builtin.systemd:
daemon_reload: true
name: etherpad
state: started
enabled: yes
enabled: true
- name: Install nginx config
ansible.builtin.template:
@ -122,21 +122,5 @@
owner: root
group: root
mode: 0644
notify: reload nginx
notify: Reload nginx
- name: Allow HTTP and HTTPS
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv4, port: 80 }
- { ip: ipv4, port: 443 }
- { ip: ipv6, port: 80 }
- { ip: ipv6, port: 443 }
notify: persist iptables
when: not nft | bool

2
roles/etherpad/tasks/requirements.yml
View file

@ -1,3 +1,5 @@
---
collections:
- name: community.postgresql
version: 2.3.2

8
roles/git-ci/tasks/main.yaml
View file

@ -1,6 +1,5 @@
---
- tags: forgejo_runner
block:
- name: Install dependencies
ansible.builtin.apt:
name: docker.io
@ -38,7 +37,7 @@
- name: Enable service
ansible.builtin.systemd:
name: forgejo-runner
enabled: yes
enabled: true
daemon_reload: true
- name: Start service
@ -47,4 +46,5 @@
state: started
daemon_reload: true
- ansible.builtin.meta: flush_handlers
- name: Flush handlers
ansible.builtin.meta: flush_handlers

35
roles/git-server/tasks/main.yaml
View file

@ -14,14 +14,14 @@
owner: root
group: root
mode: 0644
notify: reload nginx
notify: Reload nginx
- name: Enable nginx site
ansible.builtin.file:
src: /etc/nginx/sites-available/forgejo
dest: /etc/nginx/sites-enabled/forgejo
state: link
notify: reload nginx
notify: Reload nginx
- name: Create user
ansible.builtin.user:
@ -38,7 +38,6 @@
group: "{{ git_server_user }}"
mode: 0755
# TODO: Install initial config
- name: Install service file
@ -48,7 +47,7 @@
owner: root
group: root
mode: 0644
notify: reload forgejo
notify: Reload forgejo
- name: Install update script
ansible.builtin.template:
@ -62,12 +61,12 @@
ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"
args:
creates: "{{ git_server_working_dir }}/forgejo"
notify: reload forgejo
notify: Reload forgejo
- name: Enable service
ansible.builtin.systemd:
name: forgejo
enabled: yes
enabled: true
daemon_reload: true
- name: Start service
@ -81,24 +80,6 @@
src: cronjob
dest: /etc/cron.d/forgejo
- name: Allow Git SSH, HTTP and HTTPS
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv4, port: 80 }
- { ip: ipv4, port: 22 }
- { ip: ipv4, port: 443 }
- { ip: ipv6, port: 80 }
- { ip: ipv6, port: 22 }
- { ip: ipv6, port: 443 }
notify: persist iptables
when: not nft | bool
- ansible.builtin.debug:
msg: If Forgejo has not been setup yet, please do so manually.
- name: Debug
ansible.builtin.debug:
msg: "If Forgejo has not been setup yet, please do so manually."

15
roles/go/tasks/main.yaml
View file

@ -19,11 +19,11 @@
register: go_latest_version_shell
- name: Format Go latest version variable
set_fact:
ansible.builtin.set_fact:
go_latest_version: "{{ go_latest_version_shell.stdout }}"
- name: Detect installed Go version
shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none"
ansible.builtin.shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none"
register: go_installed_version_shell
changed_when: false
@ -31,19 +31,20 @@
set_fact:
go_installed_version: "{{ go_installed_version_shell.stdout }}"
- debug:
- name: Debug
ansible.builtin.debug:
msg:
- "Latest Go version: {{ go_latest_version}}"
- "Installed Go version: {{ go_installed_version }}"
- name: Remove installed go
file:
ansible.builtin.file:
state: absent
path: /usr/local/go
when: go_installed_version != go_latest_version
- name: Install Go
unarchive:
ansible.builtin.unarchive:
src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz
dest: /usr/local
remote_src: yes
@ -52,7 +53,7 @@
when: go_installed_version != go_latest_version
- name: Configure Go environment
template:
ansible.builtin.template:
src: go.profile
dest: /etc/profile.d/go.sh
owner: root
@ -60,7 +61,7 @@
mode: 0644
- name: Link go binary
file:
ansible.builtin.file:
state: link
src: /usr/local/go/bin/go
dest: /usr/local/bin/go

21
roles/monitoring/tasks/main.yaml
View file

@ -7,35 +7,20 @@
owner: root
group: root
mode: 0644
notify: reload nginx
notify: Reload nginx
- name: Enable nginx site
ansible.builtin.file:
src: /etc/nginx/sites-available/monitoring
dest: /etc/nginx/sites-enabled/monitoring
state: link
notify: reload nginx
notify: Reload nginx
- name: Start nginx
ansible.builtin.systemd:
name: nginx
state: started
enabled: yes
- name: Allow HTTP/HTTPS
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv6, port: 80 }
- { ip: ipv6, port: 443 }
notify: persist iptables
when: not nft | bool
enabled: true
- name: mqtt_exporter
tags: mqtt_exporter

3
roles/monitoring/templates/grafana.ini
View file

@ -69,6 +69,9 @@ level = info
[grafana_com]
url = https://grafana.com
[auth]
oauth_allow_insecure_email_lookup=true
[auth.anonymous]
enabled = true
org_name = Bitlair

2
roles/mqtt/tasks/main.yaml
View file

@ -29,4 +29,4 @@
ansible.builtin.systemd:
name: mosquitto
state: started
enabled: yes
enabled: true

12
roles/music/handlers/main.yaml
View file

@ -2,37 +2,37 @@
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart trollibox
- name: Restart trollibox
ansible.builtin.systemd:
name: trollibox
state: restarted
daemon_reload: true
- name: rebuild librespot
- name: Rebuild librespot
ansible.builtin.command:
cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend
args:
chdir: /opt/librespot
- name: restart librespot
- name: Restart librespot
ansible.builtin.systemd:
name: librespot
state: restarted
daemon_reload: true
- name: restart soundboard
- name: Restart soundboard
ansible.builtin.systemd:
name: soundboard
state: restarted
daemon_reload: true
- name: restart mpd-volume-to-mqtt
- name: Restart mpd-volume-to-mqtt
ansible.builtin.systemd:
name: mpd-volume-to-mqtt
state: restarted
daemon_reload: true
- name: restart skipbutton
- name: Restart skipbutton
ansible.builtin.systemd:
name: skipbutton
state: restarted

6
roles/music/tasks/librespot.yaml
View file

@ -11,8 +11,8 @@
dest: /opt/librespot
accept_hostkey: yes
notify:
- rebuild librespot
- restart librespot
- Rebuild librespot
- Restart librespot
- name: Install service file
ansible.builtin.template:
@ -21,7 +21,7 @@
owner: root
group: root
mode: 0644
notify: restart librespot
notify: Restart librespot
- name: Enable Librespot
ansible.builtin.systemd:

22
roles/music/tasks/main.yaml
View file

@ -1,22 +1,28 @@
---
- tags: music_mpd
- name: Import mpd
ansible.builtin.import_tasks:
file: mpd.yaml
tags:
- music_mpd
- tags: music_trollibox
- name: Import trollibox
ansible.builtin.import_tasks:
file: trollibox.yaml
tags:
- music_trollibox
- tags: music_librespot
- name: Librespot
ansible.builtin.import_tasks:
file: librespot.yaml
tags:
- music_librespot
- tags: music_soundboard
- name: Soundboard
ansible.builtin.import_tasks:
file: soundboard.yaml
- tags: music
block:
tags:
- music_soundboard
- name: Install nginx config
ansible.builtin.template:
@ -25,4 +31,4 @@
owner: root
group: root
mode: 0644
notify: reload nginx
notify: Reload nginx

9
roles/music/tasks/mpd.yaml
View file

@ -1,4 +1,5 @@
---
- name: Install MPD
ansible.builtin.apt:
name:
@ -15,7 +16,7 @@
owner: root
group: root
mode: 0644
notify: restart mpd-volume-to-mqtt
notify: Restart mpd-volume-to-mqtt
- name: Install mpd-volume-to-mqtt service
ansible.builtin.template:
@ -24,7 +25,7 @@
owner: root
group: root
mode: 0644
notify: restart mpd-volume-to-mqtt
notify: Restart mpd-volume-to-mqtt
- name: Enable mpd-volume-to-mqtt
ansible.builtin.systemd:
@ -39,7 +40,7 @@
version: master
dest: /opt/skipbutton
accept_hostkey: yes
notify: restart skipbutton
notify: Restart skipbutton
- name: Install skipbutton service
ansible.builtin.template:
@ -48,7 +49,7 @@
owner: root
group: root
mode: 0644
notify: restart skipbutton
notify: Restart skipbutton
- name: Enable skipbutton
ansible.builtin.systemd:

6
roles/music/tasks/soundboard.yaml
View file

@ -10,7 +10,7 @@
version: main
dest: /opt/soundboard
accept_hostkey: yes
notify: restart soundboard
notify: Restart soundboard
- name: Create virtualenv
ansible.builtin.command:
@ -31,7 +31,7 @@
owner: root
group: root
mode: 0644
notify: restart soundboard
notify: Restart soundboard
- name: Install soundboard service file
ansible.builtin.template:
@ -40,7 +40,7 @@
owner: root
group: root
mode: 0644
notify: restart soundboard
notify: Restart soundboard
- name: Enable soundboard
ansible.builtin.systemd:

12
roles/music/tasks/trollibox.yaml
View file

@ -5,8 +5,8 @@
dest: /etc/trollibox.yaml
owner: root
group: root
mode: 0644
notify: restart trollibox
mode: "0644"
notify: Restart trollibox
- name: Get latest Trollibox version from Github API
ansible.builtin.get_url:
@ -25,8 +25,8 @@
remote_src: yes
dest: /usr/local/bin
include: [ trollibox ]
mode: 0755
notify: restart trollibox
mode: "0755"
notify: Restart trollibox
- name: Install service file
ansible.builtin.template:
@ -34,8 +34,8 @@
dest: /etc/systemd/system/trollibox.service
owner: root
group: root
mode: 0644
notify: restart trollibox
mode: "0644"
notify: Restart trollibox
- name: Enable Trollibox
ansible.builtin.systemd:

2
roles/nginx/defaults/main.yaml
View file

@ -4,7 +4,6 @@ nginx_package: "nginx-light"
nginx_user: "www-data"
nginx_modules_dir: "/etc/nginx/modules-enabled"
nginx_tls_version: "TLSv1.2 TLSv1.3"
nginx_tls_cipherlist: "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:!SHA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
nginx_tls_curve: "prime256v1:secp384r1"
@ -14,4 +13,3 @@ nginx_ssl_stapling: "on"
nginx_ssl_stapling_verify: "on"
nginx_wk_acme: "/var/lib/dehydrated/acme-challenges"
nginx_client_max_body_size: "32m"

2
roles/photos/tasks/bambulab-fetch.yaml
View file

@ -33,5 +33,5 @@
ansible.builtin.systemd:
name: bambulab-fetch
state: started
enabled: yes
enabled: true
daemon_reload: true

2
roles/photos/tasks/photo-gallery.yaml
View file

@ -33,5 +33,5 @@
ansible.builtin.systemd:
name: photo-gallery
state: started
enabled: yes
enabled: true
daemon_reload: true

2
roles/photos/tasks/photos2mqtt.yaml
View file

@ -31,5 +31,5 @@
ansible.builtin.systemd:
name: photos2mqtt
state: started
enabled: yes
enabled: true
daemon_reload: true

4
roles/raspi/tasks/main.yaml
View file

@ -15,7 +15,7 @@
- name: Enable sshd
ansible.builtin.systemd:
name: sshd
enabled: yes
enabled: true
state: started
- name: Rotate display
@ -24,7 +24,6 @@
line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible"
regexp: "^#?display_rotate"
when: raspi_rotate_display is defined
notify: reboot
- name: Disable swap
block:
@ -45,4 +44,3 @@
path: /etc/dhcpcd.conf
line: "slaac hwaddr # Managed by Ansible"
regexp: "^#?slaac"
notify: reboot

18
roles/services/handlers/main.yaml
View file

@ -2,55 +2,55 @@
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart irc-bot
- name: Restart irc-bot
ansible.builtin.systemd:
name: irc-bot
state: restarted
daemon_reload: true
- name: restart irc-photos
- name: Restart irc-photos
ansible.builtin.systemd:
name: irc-photos
state: restarted
daemon_reload: true
- name: restart irc-doorduino
- name: Restart irc-doorduino
ansible.builtin.systemd:
name: irc-doorduino
state: restarted
daemon_reload: true
- name: restart discord-bot
- name: Restart discord-bot
ansible.builtin.systemd:
name: discord-bot
state: restarted
daemon_reload: true
- name: restart siahsd
- name: Restart siahsd
ansible.builtin.systemd:
name: siahsd
state: restarted
daemon_reload: true
- name: restart spacestated
- name: Restart spacestated
ansible.builtin.systemd:
name: spacestated
state: restarted
daemon_reload: true
- name: restart mastodon-spacestate
- name: Restart mastodon-spacestate
ansible.builtin.systemd:
name: mastodon-spacestate
state: restarted
daemon_reload: true
- name: restart wifi-mqtt
- name: Restart wifi-mqtt
ansible.builtin.systemd:
name: wifi-mqtt
state: restarted
daemon_reload: true
- name: restart power-mqtt
- name: Restart power-mqtt
ansible.builtin.systemd:
name: power-mqtt
state: restarted

10
roles/services/tasks/discord_bot.yaml
View file

@ -1,4 +1,5 @@
---
- name: Install dependencies
ansible.builtin.apt:
name:
@ -24,7 +25,8 @@
version: main
dest: /var/lib/discord-bot
accept_hostkey: yes
notify: restart discord-bot
notify: Restart discord-bot
ignore_errors: true
- name: Install service file
ansible.builtin.template:
@ -32,12 +34,12 @@
dest: /etc/systemd/system/discord-bot.service
owner: root
group: root
mode: 0644
notify: restart discord-bot
mode: "0644"
notify: Restart discord-bot
- name: Start discord-bot
ansible.builtin.systemd:
name: discord-bot
state: started
enabled: yes
enabled: true
daemon_reload: true

19
roles/services/tasks/ircbot.yaml
View file

@ -5,7 +5,8 @@
version: master
dest: /var/lib/irc-bot
accept_hostkey: yes
notify: restart irc-bot
ignore_errors: true
notify: Restart irc-bot
- name: Link irc-say
ansible.builtin.file:
@ -23,13 +24,13 @@
vars:
description: Bitlair IRC bot
exec: /bin/bash /var/lib/irc-bot/irc-bot
notify: restart irc-bot
notify: Restart irc-bot
- name: Start irc-bot
ansible.builtin.systemd:
name: irc-bot
state: started
enabled: yes
enabled: true
daemon_reload: true
- name: Create helpers dir
@ -44,7 +45,7 @@
owner: root
group: root
mode: 0755
notify: restart irc-photos
notify: Restart irc-photos
- name: Install photos notification service
ansible.builtin.template:
@ -57,13 +58,13 @@
description: Bitlair IRC photos notification
requires: irc-bot.service
exec: /bin/bash /var/lib/irc-helpers/photos.sh
notify: restart irc-photos
notify: Restart irc-photos
- name: Start irc-photos
ansible.builtin.systemd:
name: irc-photos
state: started
enabled: yes
enabled: true
daemon_reload: true
- name: Install doorduino notification
@ -73,7 +74,7 @@
owner: root
group: root
mode: 0755
notify: restart irc-doorduino
notify: Restart irc-doorduino
- name: Install doorduino notification service
ansible.builtin.template:
@ -86,11 +87,11 @@
description: Bitlair IRC doorduino notification
requires: irc-bot.service
exec: /bin/bash /var/lib/irc-helpers/doorduino.sh
notify: restart irc-doorduino
notify: Restart irc-doorduino
- name: Start irc-doorduino
ansible.builtin.systemd:
name: irc-doorduino
state: started
enabled: yes
enabled: true
daemon_reload: true

47
roles/services/tasks/main.yaml
View file

@ -1,22 +1,43 @@
---
- tags: services_ircbot
- name: Import ircbot
ansible.builtin.import_tasks:
file: ircbot.yaml
tags:
- services_ircbot
- tags: services_discord_bot
ansible.builtin.import_tasks: discord_bot.yaml
- name: Import services_discord_bot
ansible.builtin.import_tasks:
file: discord_bot.yaml
tags:
- services_discord_bot
- tags: services_siahsd
import_tasks: siahsd.yaml
- name: Import siahsd
ansible.builtin.import_tasks:
file: siahsd.yaml
tags:
- services_siahsd
- tags: services_spacestated
import_tasks: spacestated.yaml
- name: Import spacestated
ansible.builtin.import_tasks:
file: spacestated.yaml
tags:
- services_spacestated
- tags: services_mastodon_spacestate
import_tasks: mastodon_spacestate.yaml
- name: Import mastodon_spacestate.yaml
ansible.builtin.import_tasks:
file: mastodon_spacestate.yaml
tags:
- services_mastodon_spacestate
- tags: services_wifi_mqtt
import_tasks: wifi_mqtt.yaml
- name: import wifi_mqtt
ansible.builtin.import_tasks:
file: wifi_mqtt.yaml
tags:
- services_wifi_mqtt
- tags: services_power_mqtt
import_tasks: power_mqtt.yaml
- name: Import power_mqt
ansible.builtin.import_tasks:
file: power_mqtt.yaml
tags:
- services_power_mqtt

9
roles/services/tasks/mastodon_spacestate.yaml
View file

@ -11,7 +11,8 @@
version: main
dest: /var/lib/mastodon-spacestate
accept_hostkey: yes
notify: restart mastodon-spacestate
notify: Restart mastodon-spacestate
ignore_errors: true
- name: Install config
ansible.builtin.template:
@ -20,7 +21,7 @@
owner: root
group: root
mode: 0655
notify: restart mastodon-spacestate
notify: Restart mastodon-spacestate
- name: Install service file
ansible.builtin.template:
@ -29,11 +30,11 @@
owner: root
group: root
mode: 0644
notify: restart mastodon-spacestate
notify: Restart mastodon-spacestate
- name: Start mastodon-spacestate
ansible.builtin.systemd:
name: mastodon-spacestate
state: started
enabled: yes
enabled: true
daemon_reload: true

6
roles/services/tasks/power_mqtt.yaml
View file

@ -10,7 +10,7 @@
owner: root
group: root
mode: 0755
notify: restart power-mqtt
notify: Restart power-mqtt
- name: Remove old service
ansible.builtin.file:
@ -27,13 +27,13 @@
vars:
description: "SMD630 to MQTT Probe"
exec: "/var/lib/power-mqtt.py %i"
notify: restart power-mqtt@
notify: Restart power-mqtt@
- name: Enable power-mqtt
ansible.builtin.systemd:
name: "power-mqtt@{{ item.net }}/{{ item.ip }}"
state: started
enabled: yes
enabled: true
daemon_reload: true
with_items:
- net: space

22
roles/services/tasks/siahsd.yaml
View file

@ -7,6 +7,7 @@
state: directory
owner: siahsd
group: nogroup
mode: "0750"
with_items:
- /var/log/siahsd
- /var/lib/siahsd
@ -17,8 +18,8 @@
dest: /etc/siahsd.conf
owner: root
group: root
mode: 0644
notify: restart siahsd
mode: "0644"
notify: Restart siahsd
- name: Install service file
ansible.builtin.template:
@ -26,24 +27,13 @@
dest: /etc/systemd/system/siahsd.service
owner: root
group: root
mode: 0644
notify: restart siahsd
mode: "0644"
notify: Restart siahsd
- name: Start siahsd
ansible.builtin.systemd:
name: siahsd
state: started
enabled: yes
enabled: true
daemon_reload: true
- name: Allow siahsd traffic
ansible.builtin.iptables:
chain: INPUT
protocol: udp
destination_port: "4000"
jump: ACCEPT
ip_version: "{{ item }}"
action: insert
with_items: [ ipv4, ipv6 ]
notify: persist iptables
when: not nft | bool

7
roles/services/tasks/spacestated.yaml
View file

@ -24,7 +24,8 @@
version: main
dest: /var/lib/spacestated/spacestated
accept_hostkey: yes
notify: restart spacestated
notify: Restart spacestated
ignore_errors: true
- name: Install service file
ansible.builtin.template:
@ -33,11 +34,11 @@
owner: root
group: root
mode: 0644
notify: restart spacestated
notify: Restart spacestated
- name: Start spacestated
ansible.builtin.systemd:
name: spacestated
state: started
enabled: yes
enabled: true
daemon_reload: true

15
roles/services/tasks/wifi_mqtt.yaml
View file

@ -7,25 +7,26 @@
- make
- name: Clone source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/wifi-mqtt.git
version: main
dest: /var/lib/wifi-mqtt
accept_hostkey: yes
notify: restart wifi-mqtt
notify: Restart wifi-mqtt
ignore_errors: true
- name: Install service file
template:
ansible.builtin.template:
src: wifi-mqtt.service
dest: /etc/systemd/system/wifi-mqtt.service
owner: root
group: root
mode: 0644
notify: restart wifi-mqtt
mode: "0644"
notify: Restart wifi-mqtt
- name: Start wifi-mqtt
systemd:
ansible.builtin.systemd:
name: wifi-mqtt
state: started
enabled: yes
enabled: true
daemon_reload: true

7
roles/www/handlers/main.yaml
View file

@ -1,14 +1,15 @@
---
- ansible.builtin.import_tasks:
- name: Import handlers
ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart spaceapi
- name: Restart spaceapi
ansible.builtin.systemd:
name: spaceapi
state: restarted
daemon_reload: true
- name: restart mqtt2web
- name: Restart mqtt2web
ansible.builtin.systemd:
name: mqtt2web
state: restarted

17
roles/www/tasks/main.yaml
View file

@ -1,16 +1,25 @@
---
- tags: www_calendar
- name: Import calendar
ansible.builtin.import_tasks:
file: calendar.yaml
tags:
- www_calendar
- tags: www_mediawiki
- name: Import mediawiki
ansible.builtin.import_tasks:
file: mediawiki.yaml
tags:
- www_mediawiki
- tags: www_mqtt
- name: Import mqtt
ansible.builtin.import_tasks:
file: mqtt.yaml
tags:
- www_mqtt
- tags: www_spaceapi
- name: Import spaceapi
ansible.builtin.import_tasks:
file: spaceapi.yaml
tags:
- www_spaceapi

17
roles/www/tasks/mediawiki.yaml
View file

@ -1,4 +1,5 @@
---
- name: Install dependencies
ansible.builtin.apt:
name: php-fpm
@ -12,19 +13,3 @@
group: root
mode: 0644
- name: Allow HTTP/HTTPS
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv4, port: 80 }
- { ip: ipv4, port: 443 }
- { ip: ipv6, port: 80 }
- { ip: ipv6, port: 443 }
notify: persist iptables
when: not nft | bool

31
roles/www/tasks/mqtt.yaml
View file

@ -1,4 +1,5 @@
---
- name: Install dependencies
ansible.builtin.apt:
name:
@ -6,32 +7,17 @@
- liblinux-epoll-perl
- mosquitto
- name: Allow MQTT
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv4, port: 1883 }
- { ip: ipv6, port: 1883 }
notify: persist iptables
when: not nft | bool
- name: Install mqtt-simple
ansible.builtin.command:
cmd: cpan Net::MQTT::Simple
community.general.cpanm:
name: Net::MQTT::Simple
- name: Clone mqtt2web source
ansible.builtin.git:
repo: https://github.com/bitlair/mqtt2web.git
version: master
dest: /opt/mqtt2web
accept_hostkey: yes
notify: restart mqtt2web
accept_hostkey: true
notify: Restart mqtt2web
- name: Install mqtt2web service file
ansible.builtin.template:
@ -41,10 +27,11 @@
group: root
mode: 0644
notify:
- daemon reload
- restart mqtt2web
- Daemon reload
- Restart mqtt2web
- ansible.builtin.meta: flush_handlers
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Enable mqtt2web
ansible.builtin.systemd:

8
roles/www/tasks/spaceapi.yaml
View file

@ -4,8 +4,8 @@
repo: https://github.com/bitlair/spaceapi.git
version: main
dest: /opt/spaceapi
accept_hostkey: yes
notify: restart spaceapi
accept_hostkey: true
notify: Restart spaceapi
- name: Install spaceapi service file
ansible.builtin.template:
@ -13,8 +13,8 @@
dest: /etc/systemd/system/spaceapi.service
owner: root
group: root
mode: 0644
notify: restart spaceapi
mode: "0644"
notify: Restart spaceapi
- name: Enable spaceapi
ansible.builtin.systemd: