BlackDragon/ansible
1
0
Fork 0
forked from bitlair/ansible
Code Pull requests Activity

Linter + Dashboard fixes

Browse source
This commit is contained in:
Mark Janssen 2024-07-31 20:33:54 +02:00
parent e1bf3e1765
commit abc64144a8
Signed by: foobar
GPG key ID: D8674D8FC4F69BD2
44 changed files with 265 additions and 379 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
bitlair.yaml
View file

@ -1,63 +1,62 @@
--- ---
- hosts: all - hosts: all
gather_facts: true gather_facts: true
roles: roles:
- { role: "common", tags: [ "common" ] } - { role: "common", tags: ["common"] }
- { role: "nft", tags: [ "nft" ] } - { role: "nft", tags: ["nft"] }
- hosts: bank - hosts: bank
roles: roles:
- { role: "bank", tags: [ "bank" ] } - { role: "bank", tags: ["bank"] }
- hosts: raspi - hosts: raspi
roles: roles:
- { role: "raspi", tags: [ "raspi" ] } - { role: "raspi", tags: ["raspi"] }
- { role: "bank-terminal", tags: [ "bank-terminal" ] } - { role: "bank-terminal", tags: ["bank-terminal"] }
- hosts: fotos - hosts: fotos
roles: roles:
- { role: "photos", tags: [ "photos" ] } - { role: "photos", tags: ["photos"] }
- hosts: git-ci - hosts: git-ci
roles: roles:
- { role: "git-ci", tags: [ "git-ci" ] } - { role: "git-ci", tags: ["git-ci"] }
- hosts: git - hosts: git
roles: roles:
- { role: "acme", tags: [ "acme" ] } - { role: "acme", tags: ["acme"] }
- { role: "nginx", tags: [ "nginx" ] } - { role: "nginx", tags: ["nginx"] }
- { role: "git-server", tags: [ "git-server" ] } - { role: "git-server", tags: ["git-server"] }
- hosts: monitoring - hosts: monitoring
roles: roles:
- { role: "acme", tags: [ "acme" ] } - { role: "acme", tags: ["acme"] }
- { role: "nginx", tags: [ "nginx" ] } - { role: "nginx", tags: ["nginx"] }
- { role: "monitoring", tags: [ "monitoring" ] } - { role: "monitoring", tags: ["monitoring"] }
- hosts: mqtt - hosts: mqtt
roles: roles:
- { role: "mqtt", tags: [ "mqtt" ] } - { role: "mqtt", tags: ["mqtt"] }
- hosts: music - hosts: music
roles: roles:
- { role: "acme", tags: [ "acme" ] } - { role: "acme", tags: ["acme"] }
- { role: "go", tags: [ "go" ] } - { role: "go", tags: ["go"] }
- { role: "music", tags: [ "music" ] } - { role: "music", tags: ["music"] }
- hosts: pad - hosts: pad
roles: roles:
- { role: "acme", tags: [ "acme" ] } - { role: "acme", tags: ["acme"] }
- { role: "nginx", tags: [ "nginx" ] } - { role: "nginx", tags: ["nginx"] }
- { role: "etherpad", tags: [ "etherpad" ] } - { role: "etherpad", tags: ["etherpad"] }
- hosts: services - hosts: services
roles: roles:
- { role: "services", tags: [ "services" ] } - { role: "services", tags: ["services"] }
- hosts: wiki - hosts: wiki
roles: roles:
- { role: "acme", tags: [ "acme" ] } - { role: "acme", tags: ["acme"] }
- { role: "nginx", tags: [ "nginx" ] } - { role: "nginx", tags: ["nginx"] }
- { role: "www", tags: [ "www" ] } - { role: "www", tags: ["www"] }

4
group_vars/monitoring.yaml
View file

@ -1,7 +1,7 @@
monitoring_domain: dashboard.bitlair.nl monitoring_domain: dashboard.bitlair.nl
monitoring_bootstrap_cert: no monitoring_bootstrap_cert: no
acme_san_domains: acme_san_domains:
- ["{{ monitoring_domain }}", monitoring.bitlair.nl] - ["{{ monitoring_domain }}"]
group_nft_input: group_nft_input:
- "# Allow web-traffic from world" - "# Allow web-traffic from world"
@ -21,6 +21,7 @@ prometheus_scrape_configs:
- "lights.bitlair.nl:9100" - "lights.bitlair.nl:9100"
- "music.bitlair.nl:9100" - "music.bitlair.nl:9100"
- "service.bitlair.nl:9100" - "service.bitlair.nl:9100"
- "user.bitlair.nl:9100"
- job_name: "mqtt" - job_name: "mqtt"
static_configs: static_configs:
- targets: [ "localhost:9883" ] - targets: [ "localhost:9883" ]
@ -34,6 +35,7 @@ prometheus_scrape_configs:
- https://bitlair.nl - https://bitlair.nl
- https://git.bitlair.nl - https://git.bitlair.nl
- https://pad.bitlair.nl - https://pad.bitlair.nl
- https://user.bitlair.nl
# Legacy # Legacy
- https://wiki.bitlair.nl - https://wiki.bitlair.nl
- https://portal.bitlair.nl - https://portal.bitlair.nl

2
roles/acme/tasks/main.yaml
View file

@ -40,7 +40,7 @@
- name: Symlink SAN domains - name: Symlink SAN domains
ansible.builtin.include_tasks: ansible.builtin.include_tasks:
file: san_domains_loop.yaml file: san_domains_loop.yaml
loop: "{{ acme_san_domains|default([]) }}" loop: "{{ acme_san_domains | default([]) }}"
loop_control: loop_control:
loop_var: domains loop_var: domains

15
roles/common/handlers/main.yaml
View file

@ -1,30 +1,27 @@
--- ---
- name: update grub - name: Update grub
ansible.builtin.command: ansible.builtin.command:
cmd: update-grub cmd: update-grub
- name: reboot - name: Apt update
ansible.builtin.reboot:
- name: apt update
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true update_cache: true
- name: daemon reload - name: Daemon reload
ansible.builtin.systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
- name: reload sshd - name: Reload sshd
ansible.builtin.systemd: ansible.builtin.systemd:
name: ssh name: ssh
state: reloaded state: reloaded
- name: reload nginx - name: Reload nginx
ansible.builtin.systemd: ansible.builtin.systemd:
name: nginx name: nginx
state: reloaded state: reloaded
- name: persist iptables - name: Persist iptables
ansible.builtin.shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}" ansible.builtin.shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}"
with_items: with_items:
- { c: iptables, ip: v4 } - { c: iptables, ip: v4 }

3
roles/common/tasks/debian-upgrade.yaml
View file

@ -21,9 +21,6 @@
ansible.builtin.apt: ansible.builtin.apt:
upgrade: full upgrade: full
- name: Reboot
ansible.builtin.reboot:
- name: autoremove - name: autoremove
ansible.builtin.apt: ansible.builtin.apt:
autoremove: yes autoremove: yes

62
roles/common/tasks/main.yaml
View file

@ -96,7 +96,7 @@
path: /etc/default/grub path: /etc/default/grub
regexp: '^GRUB_TIMEOUT=' regexp: '^GRUB_TIMEOUT='
line: "GRUB_TIMEOUT=1 # Managed by Ansible" line: "GRUB_TIMEOUT=1 # Managed by Ansible"
notify: update grub notify: Update grub
- name: Configure cron email - name: Configure cron email
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
@ -118,63 +118,5 @@
- regexp: '^#?DebianBanner' - regexp: '^#?DebianBanner'
line: 'DebianBanner no' line: 'DebianBanner no'
when: manage_sshd_config | default(true) when: manage_sshd_config | default(true)
notify: reload sshd notify: Reload sshd
- name: Allow SSH
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ ssh_port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item }}"
with_items:
- ipv4
- ipv6
notify: persist iptables
when: not nft | bool
- name: Allow ICMP
ansible.builtin.iptables:
chain: INPUT
protocol: "{{ item.proto }}"
jump: ACCEPT
ip_version: "{{ item.ip }}"
with_items:
- { ip: ipv4, proto: icmp }
- { ip: ipv6, proto: ipv6-icmp }
notify: persist iptables
when: not nft | bool
- name: Allow related and established connections
ansible.builtin.iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
ip_version: "{{ item }}"
with_items:
- ipv4
- ipv6
notify: persist iptables
when: not nft | bool
- name: Allow local connections
ansible.builtin.iptables:
chain: INPUT
source: "{{ item.cidr }}"
jump: ACCEPT
ip_version: "{{ item.v }}"
with_items: "{{ trusted_ranges }}"
notify: persist iptables
when: not nft | bool
- name: Deny inbound connections
ansible.builtin.iptables:
chain: INPUT
policy: DROP
ip_version: "{{ item }}"
with_items:
- ipv4
- ipv6
notify: persist iptables
when: not nft | bool

5
roles/common/tasks/network.yaml
View file

@ -13,7 +13,6 @@
with_items: with_items:
- { k: net.ipv4.ip_forward, v: "1" } - { k: net.ipv4.ip_forward, v: "1" }
- { k: net.ipv6.conf.all.forwarding, v: "1" } - { k: net.ipv6.conf.all.forwarding, v: "1" }
notify: reboot
when: network_br when: network_br
- name: Make network interfaces really predictable - name: Make network interfaces really predictable
@ -22,8 +21,7 @@
regexp: ^GRUB_CMDLINE_LINUX regexp: ^GRUB_CMDLINE_LINUX
line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible' line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible'
notify: notify:
- update grub - Update grub
- reboot
when: network_br or network_dhcp or network_static when: network_br or network_dhcp or network_static
- name: Configure network interfaces - name: Configure network interfaces
@ -33,7 +31,6 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: reboot
when: network_br or network_dhcp or network_static when: network_br or network_dhcp or network_static
- ansible.builtin.meta: flush_handlers - ansible.builtin.meta: flush_handlers

3
roles/common/tasks/vm.yaml
View file

@ -12,7 +12,6 @@
regexp: ^GRUB_CMDLINE_LINUX_DEFAULT regexp: ^GRUB_CMDLINE_LINUX_DEFAULT
line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"' line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"'
notify: notify:
- update grub - Update grub
- reboot
tags: tags:
- questagent - questagent

2
roles/common/templates/authorized_keys.j2
View file

@ -2,5 +2,5 @@
{% for name in root_access %} {% for name in root_access %}
# {{ name }} # {{ name }}
{{ lookup('file', 'authorized_keys/'+name+'.keys') }} {{ lookup('file', 'authorized_keys/' + name + '.keys') }}
{% endfor %} {% endfor %}

6
roles/common/templates/sources.list.j2
View file

@ -1,9 +1,9 @@
# {{ ansible_managed }} # {{ ansible_managed }}
{% if debian_source_repos|default(false) %} {% if debian_source_repos | default(false) %}
{% set SRC = "" %} {% set SRC = "" %}
{% else %} {% else %}
{% set SRC = "# " %} {% set SRC = "# " %}
{% endif %} {% endif %}
{% set components = "main contrib non-free-firmware" %} {% set components = "main contrib non-free-firmware" %}

32
roles/etherpad/tasks/main.yaml
View file

@ -15,7 +15,7 @@
-o /usr/share/keyrings/nodesource.gpg -o /usr/share/keyrings/nodesource.gpg
args: args:
creates: /usr/share/keyrings/nodesource.gpg creates: /usr/share/keyrings/nodesource.gpg
notify: apt update notify: Apt update
- name: Install nodesource source list - name: Install nodesource source list
ansible.builtin.template: ansible.builtin.template:
@ -24,7 +24,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: apt update notify: Apt update
- name: Install nodejs apt preference - name: Install nodejs apt preference
ansible.builtin.template: ansible.builtin.template:
@ -33,7 +33,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: apt update notify: Apt update
- ansible.builtin.meta: flush_handlers - ansible.builtin.meta: flush_handlers
@ -88,7 +88,7 @@
version: master version: master
dest: /opt/etherpad dest: /opt/etherpad
accept_hostkey: yes accept_hostkey: yes
notify: restart etherpad notify: Restart etherpad
- name: Install etherpad config - name: Install etherpad config
ansible.builtin.template: ansible.builtin.template:
@ -97,7 +97,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart etherpad notify: Restart etherpad
- name: Install etherpad service - name: Install etherpad service
ansible.builtin.template: ansible.builtin.template:
@ -106,14 +106,14 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart etherpad notify: Restart etherpad
- name: Start etherpad - name: Start etherpad
ansible.builtin.systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
name: etherpad name: etherpad
state: started state: started
enabled: yes enabled: true
- name: Install nginx config - name: Install nginx config
ansible.builtin.template: ansible.builtin.template:
@ -122,21 +122,5 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: reload nginx notify: Reload nginx
- name: Allow HTTP and HTTPS
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv4, port: 80 }
- { ip: ipv4, port: 443 }
- { ip: ipv6, port: 80 }
- { ip: ipv6, port: 443 }
notify: persist iptables
when: not nft | bool

2
roles/etherpad/tasks/requirements.yml
View file

@ -1,3 +1,5 @@
---
collections: collections:
- name: community.postgresql - name: community.postgresql
version: 2.3.2 version: 2.3.2

84
roles/git-ci/tasks/main.yaml
View file

@ -1,50 +1,50 @@
--- ---
- tags: forgejo_runner
block:
- name: Install dependencies
ansible.builtin.apt:
name: docker.io
- name: Download forgejo-runner - name: Install dependencies
ansible.builtin.get_url: ansible.builtin.apt:
url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64" name: docker.io
dest: /usr/local/bin/forgejo-runner
mode: 0755
notify: restart forgejo-runner
- name: Create runner dir - name: Download forgejo-runner
ansible.builtin.file: ansible.builtin.get_url:
state: directory url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
path: "{{ runner_wd }}" dest: /usr/local/bin/forgejo-runner
owner: root mode: 0755
group: root notify: restart forgejo-runner
mode: 0755
- name: Register runner - name: Create runner dir
ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" ansible.builtin.file:
args: state: directory
chdir: "{{ runner_wd }}" path: "{{ runner_wd }}"
creates: "{{ runner_wd }}/.runner" owner: root
group: root
mode: 0755
- name: Install service file - name: Register runner
ansible.builtin.template: ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
src: forgejo-runner.service args:
dest: /etc/systemd/system/forgejo-runner.service chdir: "{{ runner_wd }}"
owner: root creates: "{{ runner_wd }}/.runner"
group: root
mode: 0644
notify: restart forgejo-runner
- name: Enable service - name: Install service file
ansible.builtin.systemd: ansible.builtin.template:
name: forgejo-runner src: forgejo-runner.service
enabled: yes dest: /etc/systemd/system/forgejo-runner.service
daemon_reload: true owner: root
group: root
mode: 0644
notify: restart forgejo-runner
- name: Start service - name: Enable service
ansible.builtin.systemd: ansible.builtin.systemd:
name: forgejo-runner name: forgejo-runner
state: started enabled: true
daemon_reload: true daemon_reload: true
- ansible.builtin.meta: flush_handlers - name: Start service
ansible.builtin.systemd:
name: forgejo-runner
state: started
daemon_reload: true
- name: Flush handlers
ansible.builtin.meta: flush_handlers

35
roles/git-server/tasks/main.yaml
View file

@ -14,14 +14,14 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: reload nginx notify: Reload nginx
- name: Enable nginx site - name: Enable nginx site
ansible.builtin.file: ansible.builtin.file:
src: /etc/nginx/sites-available/forgejo src: /etc/nginx/sites-available/forgejo
dest: /etc/nginx/sites-enabled/forgejo dest: /etc/nginx/sites-enabled/forgejo
state: link state: link
notify: reload nginx notify: Reload nginx
- name: Create user - name: Create user
ansible.builtin.user: ansible.builtin.user:
@ -38,7 +38,6 @@
group: "{{ git_server_user }}" group: "{{ git_server_user }}"
mode: 0755 mode: 0755
# TODO: Install initial config # TODO: Install initial config
- name: Install service file - name: Install service file
@ -48,7 +47,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: reload forgejo notify: Reload forgejo
- name: Install update script - name: Install update script
ansible.builtin.template: ansible.builtin.template:
@ -62,12 +61,12 @@
ansible.builtin.command: "{{ git_server_working_dir }}/update.sh" ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"
args: args:
creates: "{{ git_server_working_dir }}/forgejo" creates: "{{ git_server_working_dir }}/forgejo"
notify: reload forgejo notify: Reload forgejo
- name: Enable service - name: Enable service
ansible.builtin.systemd: ansible.builtin.systemd:
name: forgejo name: forgejo
enabled: yes enabled: true
daemon_reload: true daemon_reload: true
- name: Start service - name: Start service
@ -81,24 +80,6 @@
src: cronjob src: cronjob
dest: /etc/cron.d/forgejo dest: /etc/cron.d/forgejo
- name: Allow Git SSH, HTTP and HTTPS - name: Debug
ansible.builtin.iptables: ansible.builtin.debug:
chain: INPUT msg: "If Forgejo has not been setup yet, please do so manually."
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv4, port: 80 }
- { ip: ipv4, port: 22 }
- { ip: ipv4, port: 443 }
- { ip: ipv6, port: 80 }
- { ip: ipv6, port: 22 }
- { ip: ipv6, port: 443 }
notify: persist iptables
when: not nft | bool
- ansible.builtin.debug:
msg: If Forgejo has not been setup yet, please do so manually.

15
roles/go/tasks/main.yaml
View file

@ -19,11 +19,11 @@
register: go_latest_version_shell register: go_latest_version_shell
- name: Format Go latest version variable - name: Format Go latest version variable
set_fact: ansible.builtin.set_fact:
go_latest_version: "{{ go_latest_version_shell.stdout }}" go_latest_version: "{{ go_latest_version_shell.stdout }}"
- name: Detect installed Go version - name: Detect installed Go version
shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none" ansible.builtin.shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none"
register: go_installed_version_shell register: go_installed_version_shell
changed_when: false changed_when: false
@ -31,19 +31,20 @@
set_fact: set_fact:
go_installed_version: "{{ go_installed_version_shell.stdout }}" go_installed_version: "{{ go_installed_version_shell.stdout }}"
- debug: - name: Debug
ansible.builtin.debug:
msg: msg:
- "Latest Go version: {{ go_latest_version}}" - "Latest Go version: {{ go_latest_version}}"
- "Installed Go version: {{ go_installed_version }}" - "Installed Go version: {{ go_installed_version }}"
- name: Remove installed go - name: Remove installed go
file: ansible.builtin.file:
state: absent state: absent
path: /usr/local/go path: /usr/local/go
when: go_installed_version != go_latest_version when: go_installed_version != go_latest_version
- name: Install Go - name: Install Go
unarchive: ansible.builtin.unarchive:
src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz
dest: /usr/local dest: /usr/local
remote_src: yes remote_src: yes
@ -52,7 +53,7 @@
when: go_installed_version != go_latest_version when: go_installed_version != go_latest_version
- name: Configure Go environment - name: Configure Go environment
template: ansible.builtin.template:
src: go.profile src: go.profile
dest: /etc/profile.d/go.sh dest: /etc/profile.d/go.sh
owner: root owner: root
@ -60,7 +61,7 @@
mode: 0644 mode: 0644
- name: Link go binary - name: Link go binary
file: ansible.builtin.file:
state: link state: link
src: /usr/local/go/bin/go src: /usr/local/go/bin/go
dest: /usr/local/bin/go dest: /usr/local/bin/go

21
roles/monitoring/tasks/main.yaml
View file

@ -7,35 +7,20 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: reload nginx notify: Reload nginx
- name: Enable nginx site - name: Enable nginx site
ansible.builtin.file: ansible.builtin.file:
src: /etc/nginx/sites-available/monitoring src: /etc/nginx/sites-available/monitoring
dest: /etc/nginx/sites-enabled/monitoring dest: /etc/nginx/sites-enabled/monitoring
state: link state: link
notify: reload nginx notify: Reload nginx
- name: Start nginx - name: Start nginx
ansible.builtin.systemd: ansible.builtin.systemd:
name: nginx name: nginx
state: started state: started
enabled: yes enabled: true
- name: Allow HTTP/HTTPS
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv6, port: 80 }
- { ip: ipv6, port: 443 }
notify: persist iptables
when: not nft | bool
- name: mqtt_exporter - name: mqtt_exporter
tags: mqtt_exporter tags: mqtt_exporter

3
roles/monitoring/templates/grafana.ini
View file

@ -69,6 +69,9 @@ level = info
[grafana_com] [grafana_com]
url = https://grafana.com url = https://grafana.com
[auth]
oauth_allow_insecure_email_lookup=true
[auth.anonymous] [auth.anonymous]
enabled = true enabled = true
org_name = Bitlair org_name = Bitlair

2
roles/mqtt/tasks/main.yaml
View file

@ -29,4 +29,4 @@
ansible.builtin.systemd: ansible.builtin.systemd:
name: mosquitto name: mosquitto
state: started state: started
enabled: yes enabled: true

12
roles/music/handlers/main.yaml
View file

@ -2,37 +2,37 @@
- ansible.builtin.import_tasks: - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml file: ../../common/handlers/main.yaml
- name: restart trollibox - name: Restart trollibox
ansible.builtin.systemd: ansible.builtin.systemd:
name: trollibox name: trollibox
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: rebuild librespot - name: Rebuild librespot
ansible.builtin.command: ansible.builtin.command:
cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend
args: args:
chdir: /opt/librespot chdir: /opt/librespot
- name: restart librespot - name: Restart librespot
ansible.builtin.systemd: ansible.builtin.systemd:
name: librespot name: librespot
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart soundboard - name: Restart soundboard
ansible.builtin.systemd: ansible.builtin.systemd:
name: soundboard name: soundboard
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart mpd-volume-to-mqtt - name: Restart mpd-volume-to-mqtt
ansible.builtin.systemd: ansible.builtin.systemd:
name: mpd-volume-to-mqtt name: mpd-volume-to-mqtt
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart skipbutton - name: Restart skipbutton
ansible.builtin.systemd: ansible.builtin.systemd:
name: skipbutton name: skipbutton
state: restarted state: restarted

6
roles/music/tasks/librespot.yaml
View file

@ -11,8 +11,8 @@
dest: /opt/librespot dest: /opt/librespot
accept_hostkey: yes accept_hostkey: yes
notify: notify:
- rebuild librespot - Rebuild librespot
- restart librespot - Restart librespot
- name: Install service file - name: Install service file
ansible.builtin.template: ansible.builtin.template:
@ -21,7 +21,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart librespot notify: Restart librespot
- name: Enable Librespot - name: Enable Librespot
ansible.builtin.systemd: ansible.builtin.systemd:

36
roles/music/tasks/main.yaml
View file

@ -1,28 +1,34 @@
--- ---
- tags: music_mpd
- name: Import mpd
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: mpd.yaml file: mpd.yaml
tags:
- music_mpd
- tags: music_trollibox - name: Import trollibox
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: trollibox.yaml file: trollibox.yaml
tags:
- music_trollibox
- tags: music_librespot - name: Librespot
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: librespot.yaml file: librespot.yaml
tags:
- music_librespot
- tags: music_soundboard - name: Soundboard
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: soundboard.yaml file: soundboard.yaml
tags:
- music_soundboard
- tags: music - name: Install nginx config
block: ansible.builtin.template:
src: nginx-site.conf
- name: Install nginx config dest: /etc/nginx/sites-enabled/trollibox
ansible.builtin.template: owner: root
src: nginx-site.conf group: root
dest: /etc/nginx/sites-enabled/trollibox mode: 0644
owner: root notify: Reload nginx
group: root
mode: 0644
notify: reload nginx

9
roles/music/tasks/mpd.yaml
View file

@ -1,4 +1,5 @@
--- ---
- name: Install MPD - name: Install MPD
ansible.builtin.apt: ansible.builtin.apt:
name: name:
@ -15,7 +16,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart mpd-volume-to-mqtt notify: Restart mpd-volume-to-mqtt
- name: Install mpd-volume-to-mqtt service - name: Install mpd-volume-to-mqtt service
ansible.builtin.template: ansible.builtin.template:
@ -24,7 +25,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart mpd-volume-to-mqtt notify: Restart mpd-volume-to-mqtt
- name: Enable mpd-volume-to-mqtt - name: Enable mpd-volume-to-mqtt
ansible.builtin.systemd: ansible.builtin.systemd:
@ -39,7 +40,7 @@
version: master version: master
dest: /opt/skipbutton dest: /opt/skipbutton
accept_hostkey: yes accept_hostkey: yes
notify: restart skipbutton notify: Restart skipbutton
- name: Install skipbutton service - name: Install skipbutton service
ansible.builtin.template: ansible.builtin.template:
@ -48,7 +49,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart skipbutton notify: Restart skipbutton
- name: Enable skipbutton - name: Enable skipbutton
ansible.builtin.systemd: ansible.builtin.systemd:

6
roles/music/tasks/soundboard.yaml
View file

@ -10,7 +10,7 @@
version: main version: main
dest: /opt/soundboard dest: /opt/soundboard
accept_hostkey: yes accept_hostkey: yes
notify: restart soundboard notify: Restart soundboard
- name: Create virtualenv - name: Create virtualenv
ansible.builtin.command: ansible.builtin.command:
@ -31,7 +31,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart soundboard notify: Restart soundboard
- name: Install soundboard service file - name: Install soundboard service file
ansible.builtin.template: ansible.builtin.template:
@ -40,7 +40,7 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart soundboard notify: Restart soundboard
- name: Enable soundboard - name: Enable soundboard
ansible.builtin.systemd: ansible.builtin.systemd:

12
roles/music/tasks/trollibox.yaml
View file

@ -5,8 +5,8 @@
dest: /etc/trollibox.yaml dest: /etc/trollibox.yaml
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
notify: restart trollibox notify: Restart trollibox
- name: Get latest Trollibox version from Github API - name: Get latest Trollibox version from Github API
ansible.builtin.get_url: ansible.builtin.get_url:
@ -25,8 +25,8 @@
remote_src: yes remote_src: yes
dest: /usr/local/bin dest: /usr/local/bin
include: [ trollibox ] include: [ trollibox ]
mode: 0755 mode: "0755"
notify: restart trollibox notify: Restart trollibox
- name: Install service file - name: Install service file
ansible.builtin.template: ansible.builtin.template:
@ -34,8 +34,8 @@
dest: /etc/systemd/system/trollibox.service dest: /etc/systemd/system/trollibox.service
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
notify: restart trollibox notify: Restart trollibox
- name: Enable Trollibox - name: Enable Trollibox
ansible.builtin.systemd: ansible.builtin.systemd:

8
roles/nft/templates/nftables.conf.j2
View file

@ -73,15 +73,15 @@ set trusted6 {
} accept } accept
# Open ssh only for trusted machines # Open ssh only for trusted machines
ip saddr @trusted4 tcp dport { {{ trusted_ports|join(', ') }} } accept ip saddr @trusted4 tcp dport { {{ trusted_ports | join(', ') }} } accept
ip6 saddr @trusted6 tcp dport { {{ trusted_ports|join(', ') }} } accept ip6 saddr @trusted6 tcp dport { {{ trusted_ports | join(', ') }} } accept
# Rules based on group-vars # Rules based on group-vars
{% for custom in nft_group_rules %} {% for custom in nft_group_rules %}
{% if custom.comment is defined %} {% if custom.comment is defined %}
# {{ custom.comment|default('') }} # {{ custom.comment | default('') }}
{% endif %} {% endif %}
{{ custom.version|default('ip') }} saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }} {{ custom.version | default('ip') }} saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }}
{% endfor %} {% endfor %}

2
roles/nginx/defaults/main.yaml
View file

@ -4,7 +4,6 @@ nginx_package: "nginx-light"
nginx_user: "www-data" nginx_user: "www-data"
nginx_modules_dir: "/etc/nginx/modules-enabled" nginx_modules_dir: "/etc/nginx/modules-enabled"
nginx_tls_version: "TLSv1.2 TLSv1.3" nginx_tls_version: "TLSv1.2 TLSv1.3"
nginx_tls_cipherlist: "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:!SHA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" nginx_tls_cipherlist: "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:!SHA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
nginx_tls_curve: "prime256v1:secp384r1" nginx_tls_curve: "prime256v1:secp384r1"
@ -14,4 +13,3 @@ nginx_ssl_stapling: "on"
nginx_ssl_stapling_verify: "on" nginx_ssl_stapling_verify: "on"
nginx_wk_acme: "/var/lib/dehydrated/acme-challenges" nginx_wk_acme: "/var/lib/dehydrated/acme-challenges"
nginx_client_max_body_size: "32m" nginx_client_max_body_size: "32m"

4
roles/nginx/templates/site.conf.j2
View file

@ -4,7 +4,7 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name {{ site.server_name|default(inventory_hostname) }}{% if site.server_alias is defined %} {{ site.server_alias }}{% endif %}; server_name {{ site.server_name | default(inventory_hostname) }}{% if site.server_alias is defined %} {{ site.server_alias }}{% endif %};
include /etc/nginx/tls_params; include /etc/nginx/tls_params;
ssl_certificate /var/lib/dehydrated/certs/{{ site.server_name }}/fullchain.pem; ssl_certificate /var/lib/dehydrated/certs/{{ site.server_name }}/fullchain.pem;
@ -28,7 +28,7 @@ server {
# Include snippets # Include snippets
{% for file in site.snippets | default([]) %} {% for file in site.snippets | default([]) %}
{% include "snippets/" ~ file %} {% include "snippets/" ~ file %}
{% endfor %} {% endfor %}
# Per site configuration # Per site configuration

2
roles/photos/tasks/bambulab-fetch.yaml
View file

@ -33,5 +33,5 @@
ansible.builtin.systemd: ansible.builtin.systemd:
name: bambulab-fetch name: bambulab-fetch
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true

2
roles/photos/tasks/photo-gallery.yaml
View file

@ -33,5 +33,5 @@
ansible.builtin.systemd: ansible.builtin.systemd:
name: photo-gallery name: photo-gallery
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true

2
roles/photos/tasks/photos2mqtt.yaml
View file

@ -31,5 +31,5 @@
ansible.builtin.systemd: ansible.builtin.systemd:
name: photos2mqtt name: photos2mqtt
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true

4
roles/raspi/tasks/main.yaml
View file

@ -15,7 +15,7 @@
- name: Enable sshd - name: Enable sshd
ansible.builtin.systemd: ansible.builtin.systemd:
name: sshd name: sshd
enabled: yes enabled: true
state: started state: started
- name: Rotate display - name: Rotate display
@ -24,7 +24,6 @@
line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible" line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible"
regexp: "^#?display_rotate" regexp: "^#?display_rotate"
when: raspi_rotate_display is defined when: raspi_rotate_display is defined
notify: reboot
- name: Disable swap - name: Disable swap
block: block:
@ -45,4 +44,3 @@
path: /etc/dhcpcd.conf path: /etc/dhcpcd.conf
line: "slaac hwaddr # Managed by Ansible" line: "slaac hwaddr # Managed by Ansible"
regexp: "^#?slaac" regexp: "^#?slaac"
notify: reboot

5
roles/services/tasks/discord_bot.yaml
View file

@ -1,4 +1,5 @@
--- ---
- name: Install dependencies - name: Install dependencies
ansible.builtin.apt: ansible.builtin.apt:
name: name:
@ -32,12 +33,12 @@
dest: /etc/systemd/system/discord-bot.service dest: /etc/systemd/system/discord-bot.service
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
notify: restart discord-bot notify: restart discord-bot
- name: Start discord-bot - name: Start discord-bot
ansible.builtin.systemd: ansible.builtin.systemd:
name: discord-bot name: discord-bot
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true

6
roles/services/tasks/ircbot.yaml
View file

@ -29,7 +29,7 @@
ansible.builtin.systemd: ansible.builtin.systemd:
name: irc-bot name: irc-bot
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true
- name: Create helpers dir - name: Create helpers dir
@ -63,7 +63,7 @@
ansible.builtin.systemd: ansible.builtin.systemd:
name: irc-photos name: irc-photos
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true
- name: Install doorduino notification - name: Install doorduino notification
@ -92,5 +92,5 @@
ansible.builtin.systemd: ansible.builtin.systemd:
name: irc-doorduino name: irc-doorduino
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true

47
roles/services/tasks/main.yaml
View file

@ -1,22 +1,43 @@
--- ---
- tags: services_ircbot
- name: Import ircbot
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: ircbot.yaml file: ircbot.yaml
tags:
- services_ircbot
- tags: services_discord_bot - name: Import services_discord_bot
ansible.builtin.import_tasks: discord_bot.yaml ansible.builtin.import_tasks:
file: discord_bot.yaml
tags:
- services_discord_bot
- tags: services_siahsd - name: Import siahsd
import_tasks: siahsd.yaml ansible.builtin.import_tasks:
file: siahsd.yaml
tags:
- services_siahsd
- tags: services_spacestated - name: Import spacestated
import_tasks: spacestated.yaml ansible.builtin.import_tasks:
file: spacestated.yaml
tags:
- services_spacestated
- tags: services_mastodon_spacestate - name: Import mastodon_spacestate.yaml
import_tasks: mastodon_spacestate.yaml ansible.builtin.import_tasks:
file: mastodon_spacestate.yaml
tags:
- services_mastodon_spacestate
- tags: services_wifi_mqtt - name: import wifi_mqtt
import_tasks: wifi_mqtt.yaml ansible.builtin.import_tasks:
file: wifi_mqtt.yaml
tags:
- services_wifi_mqtt
- tags: services_power_mqtt - name: Import power_mqt
import_tasks: power_mqtt.yaml ansible.builtin.import_tasks:
file: power_mqtt.yaml
tags:
- services_power_mqtt

8
roles/services/tasks/mastodon_spacestate.yaml
View file

@ -11,7 +11,7 @@
version: main version: main
dest: /var/lib/mastodon-spacestate dest: /var/lib/mastodon-spacestate
accept_hostkey: yes accept_hostkey: yes
notify: restart mastodon-spacestate notify: Restart mastodon-spacestate
- name: Install config - name: Install config
ansible.builtin.template: ansible.builtin.template:
@ -20,7 +20,7 @@
owner: root owner: root
group: root group: root
mode: 0655 mode: 0655
notify: restart mastodon-spacestate notify: Restart mastodon-spacestate
- name: Install service file - name: Install service file
ansible.builtin.template: ansible.builtin.template:
@ -29,11 +29,11 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart mastodon-spacestate notify: Restart mastodon-spacestate
- name: Start mastodon-spacestate - name: Start mastodon-spacestate
ansible.builtin.systemd: ansible.builtin.systemd:
name: mastodon-spacestate name: mastodon-spacestate
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true

6
roles/services/tasks/power_mqtt.yaml
View file

@ -10,7 +10,7 @@
owner: root owner: root
group: root group: root
mode: 0755 mode: 0755
notify: restart power-mqtt notify: Restart power-mqtt
- name: Remove old service - name: Remove old service
ansible.builtin.file: ansible.builtin.file:
@ -27,13 +27,13 @@
vars: vars:
description: "SMD630 to MQTT Probe" description: "SMD630 to MQTT Probe"
exec: "/var/lib/power-mqtt.py %i" exec: "/var/lib/power-mqtt.py %i"
notify: restart power-mqtt@ notify: Restart power-mqtt@
- name: Enable power-mqtt - name: Enable power-mqtt
ansible.builtin.systemd: ansible.builtin.systemd:
name: "power-mqtt@{{ item.net }}/{{ item.ip }}" name: "power-mqtt@{{ item.net }}/{{ item.ip }}"
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true
with_items: with_items:
- net: space - net: space

22
roles/services/tasks/siahsd.yaml
View file

@ -7,6 +7,7 @@
state: directory state: directory
owner: siahsd owner: siahsd
group: nogroup group: nogroup
mode: "0750"
with_items: with_items:
- /var/log/siahsd - /var/log/siahsd
- /var/lib/siahsd - /var/lib/siahsd
@ -17,8 +18,8 @@
dest: /etc/siahsd.conf dest: /etc/siahsd.conf
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
notify: restart siahsd notify: Restart siahsd
- name: Install service file - name: Install service file
ansible.builtin.template: ansible.builtin.template:
@ -26,24 +27,13 @@
dest: /etc/systemd/system/siahsd.service dest: /etc/systemd/system/siahsd.service
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
notify: restart siahsd notify: Restart siahsd
- name: Start siahsd - name: Start siahsd
ansible.builtin.systemd: ansible.builtin.systemd:
name: siahsd name: siahsd
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true
- name: Allow siahsd traffic
ansible.builtin.iptables:
chain: INPUT
protocol: udp
destination_port: "4000"
jump: ACCEPT
ip_version: "{{ item }}"
action: insert
with_items: [ ipv4, ipv6 ]
notify: persist iptables
when: not nft | bool

6
roles/services/tasks/spacestated.yaml
View file

@ -24,7 +24,7 @@
version: main version: main
dest: /var/lib/spacestated/spacestated dest: /var/lib/spacestated/spacestated
accept_hostkey: yes accept_hostkey: yes
notify: restart spacestated notify: Restart spacestated
- name: Install service file - name: Install service file
ansible.builtin.template: ansible.builtin.template:
@ -33,11 +33,11 @@
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: restart spacestated notify: Restart spacestated
- name: Start spacestated - name: Start spacestated
ansible.builtin.systemd: ansible.builtin.systemd:
name: spacestated name: spacestated
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true

14
roles/services/tasks/wifi_mqtt.yaml
View file

@ -7,25 +7,25 @@
- make - make
- name: Clone source - name: Clone source
git: ansible.builtin.git:
repo: https://github.com/bitlair/wifi-mqtt.git repo: https://github.com/bitlair/wifi-mqtt.git
version: main version: main
dest: /var/lib/wifi-mqtt dest: /var/lib/wifi-mqtt
accept_hostkey: yes accept_hostkey: yes
notify: restart wifi-mqtt notify: Restart wifi-mqtt
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: wifi-mqtt.service src: wifi-mqtt.service
dest: /etc/systemd/system/wifi-mqtt.service dest: /etc/systemd/system/wifi-mqtt.service
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
notify: restart wifi-mqtt notify: Restart wifi-mqtt
- name: Start wifi-mqtt - name: Start wifi-mqtt
systemd: ansible.builtin.systemd:
name: wifi-mqtt name: wifi-mqtt
state: started state: started
enabled: yes enabled: true
daemon_reload: true daemon_reload: true

7
roles/www/handlers/main.yaml
View file

@ -1,14 +1,15 @@
--- ---
- ansible.builtin.import_tasks: - name: Import handlers
ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml file: ../../common/handlers/main.yaml
- name: restart spaceapi - name: Restart spaceapi
ansible.builtin.systemd: ansible.builtin.systemd:
name: spaceapi name: spaceapi
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart mqtt2web - name: Restart mqtt2web
ansible.builtin.systemd: ansible.builtin.systemd:
name: mqtt2web name: mqtt2web
state: restarted state: restarted

17
roles/www/tasks/main.yaml
View file

@ -1,16 +1,25 @@
--- ---
- tags: www_calendar
- name: Import calendar
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: calendar.yaml file: calendar.yaml
tags:
- www_calendar
- tags: www_mediawiki - name: Import mediawiki
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: mediawiki.yaml file: mediawiki.yaml
tags:
- www_mediawiki
- tags: www_mqtt - name: Import mqtt
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: mqtt.yaml file: mqtt.yaml
tags:
- www_mqtt
- tags: www_spaceapi - name: Import spaceapi
ansible.builtin.import_tasks: ansible.builtin.import_tasks:
file: spaceapi.yaml file: spaceapi.yaml
tags:
- www_spaceapi

17
roles/www/tasks/mediawiki.yaml
View file

@ -1,4 +1,5 @@
--- ---
- name: Install dependencies - name: Install dependencies
ansible.builtin.apt: ansible.builtin.apt:
name: php-fpm name: php-fpm
@ -12,19 +13,3 @@
group: root group: root
mode: 0644 mode: 0644
- name: Allow HTTP/HTTPS
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv4, port: 80 }
- { ip: ipv4, port: 443 }
- { ip: ipv6, port: 80 }
- { ip: ipv6, port: 443 }
notify: persist iptables
when: not nft | bool

31
roles/www/tasks/mqtt.yaml
View file

@ -1,4 +1,5 @@
--- ---
- name: Install dependencies - name: Install dependencies
ansible.builtin.apt: ansible.builtin.apt:
name: name:
@ -6,32 +7,17 @@
- liblinux-epoll-perl - liblinux-epoll-perl
- mosquitto - mosquitto
- name: Allow MQTT
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
ctstate: NEW
jump: ACCEPT
ip_version: "{{ item.ip }}"
action: insert
with_items:
- { ip: ipv4, port: 1883 }
- { ip: ipv6, port: 1883 }
notify: persist iptables
when: not nft | bool
- name: Install mqtt-simple - name: Install mqtt-simple
ansible.builtin.command: community.general.cpanm:
cmd: cpan Net::MQTT::Simple name: Net::MQTT::Simple
- name: Clone mqtt2web source - name: Clone mqtt2web source
ansible.builtin.git: ansible.builtin.git:
repo: https://github.com/bitlair/mqtt2web.git repo: https://github.com/bitlair/mqtt2web.git
version: master version: master
dest: /opt/mqtt2web dest: /opt/mqtt2web
accept_hostkey: yes accept_hostkey: true
notify: restart mqtt2web notify: Restart mqtt2web
- name: Install mqtt2web service file - name: Install mqtt2web service file
ansible.builtin.template: ansible.builtin.template:
@ -41,10 +27,11 @@
group: root group: root
mode: 0644 mode: 0644
notify: notify:
- daemon reload - Daemon reload
- restart mqtt2web - Restart mqtt2web
- ansible.builtin.meta: flush_handlers - name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Enable mqtt2web - name: Enable mqtt2web
ansible.builtin.systemd: ansible.builtin.systemd:

8
roles/www/tasks/spaceapi.yaml
View file

@ -4,8 +4,8 @@
repo: https://github.com/bitlair/spaceapi.git repo: https://github.com/bitlair/spaceapi.git
version: main version: main
dest: /opt/spaceapi dest: /opt/spaceapi
accept_hostkey: yes accept_hostkey: true
notify: restart spaceapi notify: Restart spaceapi
- name: Install spaceapi service file - name: Install spaceapi service file
ansible.builtin.template: ansible.builtin.template:
@ -13,8 +13,8 @@
dest: /etc/systemd/system/spaceapi.service dest: /etc/systemd/system/spaceapi.service
owner: root owner: root
group: root group: root
mode: 0644 mode: "0644"
notify: restart spaceapi notify: Restart spaceapi
- name: Enable spaceapi - name: Enable spaceapi
ansible.builtin.systemd: ansible.builtin.systemd: