BlackDragon/ansible
1
0
Fork 0
forked from bitlair/ansible
Code Pull requests Activity

Automated changes from linter ;P

Browse source
This commit is contained in:
Mark Janssen 2024-07-11 20:47:52 +02:00
parent 44b73a216f
commit f7f04e7a41
Signed by: foobar
GPG key ID: D8674D8FC4F69BD2
65 changed files with 392 additions and 324 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/acme/handlers/main.yaml
View file

@ -1,5 +1,7 @@
- name: update_contact_info
command: dehydrated --account
ansible.builtin.command:
cmd: dehydrated --account
- name: query_certificates
command: dehydrated --cron
ansible.builtin.command:
cmd: dehydrated --cron

25
roles/acme/tasks/main.yaml
View file

@ -1,22 +1,23 @@
---
- import_tasks: remove_conflicting.yaml
- ansible.builtin.import_tasks:
file: remove_conflicting.yaml
tags: [ never, acme_remove_conflicting ]
- name: Install Dehydrated
tags: [ acme, acme_install ]
block:
- name: Install dependencies
apt:
ansible.builtin.apt:
name: ssl-cert
state: present
- name: Install Dehydrated
apt:
ansible.builtin.apt:
name: dehydrated
state: present
- name: Install config file
template:
ansible.builtin.template:
src: config.sh
dest: /etc/dehydrated/conf.d/ansible.sh
owner: root
@ -25,7 +26,7 @@
notify: update_contact_info
- name: Install deploy hook
template:
ansible.builtin.template:
src: deploy.sh
dest: /etc/dehydrated/conf.d/deploy.sh
owner: root
@ -33,7 +34,7 @@
mode: 0755
- name: Install cronjob
template:
ansible.builtin.template:
src: cron
dest: /etc/cron.d/dehydrated
owner: root
@ -41,7 +42,7 @@
mode: 0644
- name: Create Nginx snippet snippets dir
file:
ansible.builtin.file:
state: directory
path: /etc/nginx/snippets
owner: root
@ -49,7 +50,7 @@
mode: 0755
- name: Install Nginx snippet
template:
ansible.builtin.template:
src: nginx-snippet.conf
dest: /etc/nginx/snippets/acme.conf
owner: root
@ -57,14 +58,15 @@
mode: 0644
- name: Register account
command: dehydrated --register --accept-terms
ansible.builtin.command:
cmd: dehydrated --register --accept-terms
args:
creates: /var/lib/dehydrated/accounts
- tags: [ acme, acme_certs ]
block:
- name: Configure certificates
template:
ansible.builtin.template:
src: domains.txt
dest: /etc/dehydrated/domains.txt
owner: root
@ -73,7 +75,8 @@
notify: query_certificates
- name: Symlink SAN domains
include_tasks: san_domains_loop.yaml
ansible.builtin.include_tasks:
file: san_domains_loop.yaml
loop: "{{ acme_san_domains|default([]) }}"
loop_control:
loop_var: domains

4
roles/acme/tasks/remove_conflicting.yaml
View file

@ -1,12 +1,12 @@
---
- name: Remove certbot from apt
apt:
ansible.builtin.apt:
name: [ letsencrypt, certbot ]
state: absent
autoremove: yes
- name: Remove variable directories
file:
ansible.builtin.file:
state: absent
path: "{{ item }}"
with_items:

4
roles/acme/tasks/san_domains_loop.yaml
View file

@ -1,9 +1,9 @@
---
- stat:
- ansible.builtin.stat:
path: "/var/lib/dehydrated/certs/{{ domains[0] }}"
register: cert_stat
- file:
- ansible.builtin.file:
state: link
path: "/var/lib/dehydrated/certs/{{ item }}"
src: "/var/lib/dehydrated/certs/{{ domains[0] }}"

6
roles/bank-terminal/handlers/main.yaml
View file

@ -1,5 +1,7 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: console_setup
command: dpkg-reconfigure console-setup --frontend noninteractive
ansible.builtin.command:
cmd: dpkg-reconfigure console-setup --frontend noninteractive

21
roles/bank-terminal/tasks/main.yaml
View file

@ -3,7 +3,7 @@
tags: bank_terminal_client
block:
- name: Add user
user:
ansible.builtin.user:
name: bank-terminal
home: /home/{{ bank_terminal_user }}
shell: /home/{{ bank_terminal_user }}/login
@ -11,14 +11,15 @@
ssh_key_type: ed25519
- name: Locate agetty
command: which agetty
ansible.builtin.command:
cmd: which agetty
register: agetty_location_cmd
- name: Set agetty var
set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}"
ansible.builtin.set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}"
- name: Install login script
template:
ansible.builtin.template:
src: login
dest: /home/{{ bank_terminal_user }}/login
owner: bank-terminal
@ -26,7 +27,7 @@
mode: 0755
- name: Autologin User
template:
ansible.builtin.template:
src: tty_autologin.conf
dest: /etc/systemd/system/getty@tty1.service.d/override.conf
owner: root
@ -35,13 +36,13 @@
notify: daemon_reload
- name: Clear MOTD
copy:
ansible.builtin.copy:
content: ""
dest: /etc/motd
# Set console font so the Revbank QR codes are rendered correctly.
- name: Console setup
lineinfile:
ansible.builtin.lineinfile:
path: /etc/default/console-setup
line: '{{ item.k }}="{{ item.v }}"'
regexp: "^#?{{ item.k }}"
@ -54,17 +55,17 @@
notify: console_setup
- name: Console Setup Management Note
lineinfile:
ansible.builtin.lineinfile:
path: /etc/default/console-setup
line: '# Managed by Ansible'
insertafter: "CONFIGURATION FILE"
- name: Read pubkey
command: /bin/cat /home/{{ bank_terminal_user }}/.ssh/id_ed25519.pub
ansible.builtin.command: /bin/cat /home/{{ bank_terminal_user }}/.ssh/id_ed25519.pub
changed_when: no
register: pubkey
- debug:
- ansible.builtin.debug:
msg:
- Please ensure that the pubkey below is is authorized on the bank server.
- "{{ pubkey.stdout_lines | join }}"

3
roles/bank/handlers/main.yaml
View file

@ -1,2 +1,3 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml

4
roles/bank/tasks/inflatinator.yaml
View file

@ -1,11 +1,11 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: [ links, python3-pyquery ]
state: present
- name: Clone revbank-inflatinator source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/revbank-inflatinator.git
version: main
dest: /opt/revbank-inflatinator

17
roles/bank/tasks/login.yaml
View file

@ -1,6 +1,6 @@
---
- name: Add user
user:
ansible.builtin.user:
name: bank
password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank"
home: /home/{{ bank_user }}
@ -8,7 +8,7 @@
update_password: always
- name: Allow password auth for bank user
blockinfile:
ansible.builtin.blockinfile:
path: /etc/ssh/sshd_config
insertafter: EOF
block: |-
@ -17,12 +17,12 @@
notify: reload sshd
- name: Clear motd
copy:
ansible.builtin.copy:
content: ""
dest: /etc/motd
- name: Remove autologin
file:
ansible.builtin.file:
path: /etc/systemd/system/getty@tty1.service.d/override.conf
state: absent
notify: daemon reload
@ -31,19 +31,20 @@
- when: bank_local_tty
block:
- name: Locate agetty
command: command -v agetty
ansible.builtin.command:
cmd: command -v agetty
register: agetty_location_cmd
- set_fact:
- ansible.builtin.set_fact:
agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}"
- name: Create getty dir
file:
ansible.builtin.file:
path: /etc/systemd/system/getty@tty1.service.d
state: directory
- name: Autologin User
template:
ansible.builtin.template:
src: tty_autologin.conf
dest: /etc/systemd/system/getty@tty1.service.d/override.conf
owner: root

9
roles/bank/tasks/main.yaml
View file

@ -1,9 +1,12 @@
---
- tags: [ bank, bank_login ]
import_tasks: login.yaml
ansible.builtin.import_tasks:
file: login.yaml
- tags: [ bank, bank_revbank ]
import_tasks: revbank.yaml
ansible.builtin.import_tasks:
file: revbank.yaml
- tags: [ bank, bank_inflatinator ]
import_tasks: inflatinator.yaml
ansible.builtin.import_tasks:
file: inflatinator.yaml

14
roles/bank/tasks/revbank.yaml
View file

@ -1,18 +1,18 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ]
state: present
- name: Clone revbank source
git:
ansible.builtin.git:
repo: "{{ bank_revbank_git }}"
version: master
dest: /home/{{ bank_user }}/revbank.git
accept_hostkey: yes
- name: Create data files
command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }}
ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }}
args:
creates: /home/{{ bank_user }}/{{ item }}
with_items:
@ -21,7 +21,7 @@
- revbank.products
- name: Ensure data file permissions
file:
ansible.builtin.file:
path: /home/{{ bank_user }}/{{ item }}
state: touch
owner: "{{ bank_user }}"
@ -33,7 +33,7 @@
- revbank.products
- name: Link plugins
file:
ansible.builtin.file:
state: link
path: /home/{{ bank_user }}/{{ item }}
src: /home/{{ bank_user }}/revbank.git/{{ item }}
@ -42,11 +42,11 @@
- revbank.plugins
- name: Create git data dir
file:
ansible.builtin.file:
path: /home/{{ bank_user }}/data.git
state: directory
- name: Install git cronjob
template:
ansible.builtin.template:
src: git.cron
dest: /etc/cron.d/revbank-git

2
roles/common-bitlair/tasks/main.yaml
View file

@ -1,7 +1,7 @@
---
- name: Update authorized_keys
tags: authorized_keys
template:
ansible.builtin.template:
src: authorized_keys.j2
dest: /root/.ssh/authorized_keys
mode: 0600

15
roles/common/handlers/main.yaml
View file

@ -1,30 +1,31 @@
---
- name: update grub
command: update-grub
ansible.builtin.command:
cmd: update-grub
- name: reboot
reboot:
ansible.builtin.reboot:
- name: apt update
apt:
ansible.builtin.apt:
update_cache: true
- name: daemon reload
systemd:
ansible.builtin.systemd:
daemon_reload: true
- name: reload sshd
systemd:
ansible.builtin.systemd:
name: ssh
state: reloaded
- name: reload nginx
systemd:
ansible.builtin.systemd:
name: nginx
state: reloaded
- name: persist iptables
shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}"
ansible.builtin.shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}"
with_items:
- { c: iptables, ip: v4 }
- { c: ip6tables, ip: v6 }

2
roles/common/tasks/apt-minimal.yaml
View file

@ -1,6 +1,6 @@
---
- name: Configure auto-upgrades
template:
ansible.builtin.template:
src: apt-minimal
dest: /etc/apt/apt.conf.d/20minimal
owner: root

4
roles/common/tasks/debian-backports.yaml
View file

@ -1,6 +1,6 @@
---
- name: Install backports source list
template:
ansible.builtin.template:
src: backports-source.list
dest: /etc/apt/sources.list.d/backports.list
owner: root
@ -8,4 +8,4 @@
mode: 0644
notify: apt update
- meta: flush_handlers
- ansible.builtin.meta: flush_handlers

12
roles/common/tasks/debian-upgrade.yaml
View file

@ -1,6 +1,6 @@
---
- name: Install source list
template:
ansible.builtin.template:
src: stable-sources.list
dest: /etc/apt/sources.list
owner: root
@ -8,21 +8,21 @@
mode: 0644
- name: Remove backports
file:
ansible.builtin.file:
path: /etc/apt/sources.list.d/backports.list
state: absent
- name: update
apt:
ansible.builtin.apt:
update_cache: yes
- name: full-upgrade
apt:
ansible.builtin.apt:
upgrade: full
- name: Reboot
reboot:
ansible.builtin.reboot:
- name: autoremove
apt:
ansible.builtin.apt:
autoremove: yes

47
roles/common/tasks/main.yaml
View file

@ -1,35 +1,42 @@
---
- tags: [ debian-upgrade, never ]
import_tasks: debian-upgrade.yaml
ansible.builtin.import_tasks:
file: debian-upgrade.yaml
when: ansible_facts['distribution_release'] != "bookworm"
- tags: debian_backports
import_tasks: debian-backports.yaml
ansible.builtin.import_tasks:
file: debian-backports.yaml
- tags: unattended_updates
import_tasks: unattended-updates.yaml
ansible.builtin.import_tasks:
file: unattended-updates.yaml
- tags: apt-minimal
import_tasks: apt-minimal.yaml
ansible.builtin.import_tasks:
file: apt-minimal.yaml
- tags: network
import_tasks: network.yaml
ansible.builtin.import_tasks:
file: network.yaml
- tags: node-exporter
import_tasks: node-exporter.yaml
ansible.builtin.import_tasks:
file: node-exporter.yaml
- tags: vm
import_tasks: node-exporter.yaml
ansible.builtin.import_tasks:
file: node-exporter.yaml
when: is_vm
- name: Remove Vim
apt:
ansible.builtin.apt:
name: vim
state: absent
autoremove: true
- name: Install utilities
apt:
ansible.builtin.apt:
name:
- curl
- fzf
@ -46,38 +53,38 @@
- neovim
- name: Remove netcat-traditional
apt:
ansible.builtin.apt:
name: netcat-traditional
- name: Configure FZF for Bash
lineinfile:
ansible.builtin.lineinfile:
path: /etc/bash.bashrc
insertafter: EOF
regexp: "^source /usr/share/doc/fzf/examples/key-bindings.bash"
line: "source /usr/share/doc/fzf/examples/key-bindings.bash # Managed by Ansible"
- name: Configure FZF for Bash (Bookworm)
lineinfile:
ansible.builtin.lineinfile:
path: /etc/bash.bashrc
insertafter: EOF
regexp: "^source /usr/share/doc/fzf/examples/completion.bash"
state: absent
- name: Shorten Grub timeout
lineinfile:
ansible.builtin.lineinfile:
path: /etc/default/grub
regexp: '^GRUB_TIMEOUT='
line: "GRUB_TIMEOUT=1 # Managed by Ansible"
notify: update grub
- name: Configure cron email
lineinfile:
ansible.builtin.lineinfile:
path: /etc/crontab
insertafter: '^PATH'
line: 'MAILTO={{ notify_email }}'
- name: Configure SSH
lineinfile:
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
@ -91,7 +98,7 @@
notify: reload sshd
- name: Allow SSH
iptables:
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ ssh_port }}"
@ -104,7 +111,7 @@
notify: persist iptables
- name: Allow ICMP
iptables:
ansible.builtin.iptables:
chain: INPUT
protocol: "{{ item.proto }}"
jump: ACCEPT
@ -115,7 +122,7 @@
notify: persist iptables
- name: Allow related and established connections
iptables:
ansible.builtin.iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
@ -126,7 +133,7 @@
notify: persist iptables
- name: Allow local connections
iptables:
ansible.builtin.iptables:
chain: INPUT
source: "{{ item.cidr }}"
jump: ACCEPT
@ -135,7 +142,7 @@
notify: persist iptables
- name: Deny inbound connections
iptables:
ansible.builtin.iptables:
chain: INPUT
policy: DROP
ip_version: "{{ item }}"

10
roles/common/tasks/network.yaml
View file

@ -1,12 +1,12 @@
---
- name: Install bridge-utils
apt:
ansible.builtin.apt:
name: bridge-utils
state: present
when: network_br
- name: Configure sysctl.conf
lineinfile:
ansible.builtin.lineinfile:
path: /etc/sysctl.conf
regexp: "^#?{{ item.k }}"
line: "{{ item.k }}={{ item.v }} # Managed by Ansible"
@ -17,7 +17,7 @@
when: network_br
- name: Make network interfaces really predictable
lineinfile:
ansible.builtin.lineinfile:
path: /etc/default/grub
regexp: ^GRUB_CMDLINE_LINUX
line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible'
@ -27,7 +27,7 @@
when: network_br or network_dhcp or network_static
- name: Configure network interfaces
template:
ansible.builtin.template:
src: network-interfaces
dest: /etc/network/interfaces
owner: root
@ -36,4 +36,4 @@
notify: reboot
when: network_br or network_dhcp or network_static
- meta: flush_handlers
- ansible.builtin.meta: flush_handlers

4
roles/common/tasks/node-exporter.yaml
View file

@ -1,12 +1,12 @@
---
- name: Install node-exporter
apt:
ansible.builtin.apt:
name: prometheus-node-exporter
state: present
when: node_exporter
- name: Remove node-exporter
apt:
ansible.builtin.apt:
name: prometheus-node-exporter
state: absent
autoremove: yes

6
roles/common/tasks/unattended-updates.yaml
View file

@ -1,13 +1,13 @@
---
- name: Install unattended-upgrades
apt:
ansible.builtin.apt:
name:
- unattended-upgrades
- apt-listchanges
state: present
- name: Configure auto-upgrades
template:
ansible.builtin.template:
src: auto-upgrades
dest: /etc/apt/apt.conf.d/20auto-upgrades
owner: root
@ -15,7 +15,7 @@
mode: 0644
- name: Configure unattended-upgrades
template:
ansible.builtin.template:
src: unattended-upgrades
dest: /etc/apt/apt.conf.d/50unattended-upgrades
owner: root

6
roles/common/tasks/vm.yaml
View file

@ -1,10 +1,10 @@
---
- name: Install guest agent
apt:
ansible.builtin.apt:
name: qemu-guest-agent
- name: Serial Console
lineinfile:
ansible.builtin.lineinfile:
path: /etc/default/grub
regexp: ^GRUB_CMDLINE_LINUX_DEFAULT
line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"'
@ -12,4 +12,4 @@
- update grub
- reboot
- meta: flush_handlers
- ansible.builtin.meta: flush_handlers

5
roles/etherpad/handlers/main.yaml
View file

@ -1,8 +1,9 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart etherpad
systemd:
ansible.builtin.systemd:
name: etherpad
state: restarted
daemon_reload: true

39
roles/etherpad/tasks/main.yaml
View file

@ -1,20 +1,23 @@
---
- tags: etherpad
block:
- import_tasks: ../../../snippets/common-nginx.yaml
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install dependencies
apt:
ansible.builtin.apt:
name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ]
- name: Import nodesource signing key
shell: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg
ansible.builtin.shell:
cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
-o /usr/share/keyrings/nodesource.gpg
args:
creates: /usr/share/keyrings/nodesource.gpg
notify: apt update
- name: Install nodesource source list
template:
ansible.builtin.template:
src: nodesource.list
dest: /etc/apt/sources.list.d/nodesource.list
owner: root
@ -23,7 +26,7 @@
notify: apt update
- name: Install nodejs apt preference
template:
ansible.builtin.template:
src: nodejs-apt-pref
dest: /etc/apt/preferences.d/nodejs
owner: root
@ -31,10 +34,10 @@
mode: 0644
notify: apt update
- meta: flush_handlers
- ansible.builtin.meta: flush_handlers
- name: Install nodejs
apt:
ansible.builtin.apt:
name: nodejs
- name: Add database user
@ -42,7 +45,7 @@
become_method: su
become_user: postgres
no_log: yes
postgresql_user:
community.postgresql.postgresql_user:
name: etherpad
password: "{{ etherpad_db_password }}"
@ -50,17 +53,17 @@
become: true
become_method: su
become_user: postgres
postgresql_db:
community.postgresql.postgresql_db:
name: "{{ etherpad_db_name }}"
owner: "{{ etherpad_db_user }}"
- name: Add etherpad user
user:
ansible.builtin.user:
name: etherpad
home: /var/lib/etherpad
- name: Create log file
file:
ansible.builtin.file:
path: /var/log/etherpad.log
state: touch
owner: etherpad
@ -68,7 +71,7 @@
mode: 0644
- name: Create source directory
file:
ansible.builtin.file:
path: /opt/etherpad
state: directory
owner: etherpad
@ -79,7 +82,7 @@
become: yes
become_method: su
become_user: etherpad
git:
ansible.builtin.git:
repo: https://github.com/ether/etherpad-lite.git
version: master
dest: /opt/etherpad
@ -87,7 +90,7 @@
notify: restart etherpad
- name: Install etherpad config
template:
ansible.builtin.template:
src: settings.json
dest: /opt/etherpad/settings.json
owner: root
@ -96,7 +99,7 @@
notify: restart etherpad
- name: Install etherpad service
template:
ansible.builtin.template:
src: etherpad.service
dest: /etc/systemd/system/etherpad.service
owner: root
@ -105,14 +108,14 @@
notify: restart etherpad
- name: Start etherpad
systemd:
ansible.builtin.systemd:
daemon_reload: true
name: etherpad
state: started
enabled: yes
- name: Install nginx config
template:
ansible.builtin.template:
src: nginx-site.conf
dest: /etc/nginx/sites-enabled/etherpad
owner: root
@ -121,7 +124,7 @@
notify: reload nginx
- name: Allow HTTP and HTTPS
iptables:
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"

3
roles/etherpad/tasks/requirements.yml Normal file
View file

@ -0,0 +1,3 @@
collections:
- name: community.postgresql
version: 2.3.2

5
roles/git-ci/handlers/main.yaml
View file

@ -1,7 +1,8 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart forgejo-runner
systemd:
ansible.builtin.systemd:
name: forgejo-runner
state: restarted

16
roles/git-ci/tasks/main.yaml
View file

@ -2,18 +2,18 @@
- tags: forgejo_runner
block:
- name: Install dependencies
apt:
ansible.builtin.apt:
name: docker.io
- name: Download forgejo-runner
get_url:
ansible.builtin.get_url:
url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
dest: /usr/local/bin/forgejo-runner
mode: 0755
notify: restart forgejo-runner
- name: Create runner dir
file:
ansible.builtin.file:
state: directory
path: "{{ runner_wd }}"
owner: root
@ -21,13 +21,13 @@
mode: 0755
- name: Register runner
command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
args:
chdir: "{{ runner_wd }}"
creates: "{{ runner_wd }}/.runner"
- name: Install service file
template:
ansible.builtin.template:
src: forgejo-runner.service
dest: /etc/systemd/system/forgejo-runner.service
owner: root
@ -36,15 +36,15 @@
notify: restart forgejo-runner
- name: Enable service
systemd:
ansible.builtin.systemd:
name: forgejo-runner
enabled: yes
daemon_reload: true
- name: Start service
systemd:
ansible.builtin.systemd:
name: forgejo-runner
state: started
daemon_reload: true
- meta: flush_handlers
- ansible.builtin.meta: flush_handlers

5
roles/git-server/handlers/main.yaml
View file

@ -1,7 +1,8 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: reload forgejo
systemd:
ansible.builtin.systemd:
name: forgejo
state: reloaded

29
roles/git-server/tasks/main.yaml
View file

@ -1,15 +1,16 @@
---
- import_tasks: ../../../snippets/common-nginx.yaml
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install dependencies
apt:
ansible.builtin.apt:
name:
- git
- xq
state: present
- name: Install nginx site
template:
ansible.builtin.template:
src: nginx-site.conf
dest: /etc/nginx/sites-available/forgejo
owner: root
@ -18,21 +19,21 @@
notify: reload nginx
- name: Enable nginx site
file:
ansible.builtin.file:
src: /etc/nginx/sites-available/forgejo
dest: /etc/nginx/sites-enabled/forgejo
state: link
notify: reload nginx
- name: Create user
user:
ansible.builtin.user:
name: "{{ git_server_user }}"
home: "{{ git_server_working_dir }}"
shell: /bin/bash
comment: Git server
- name: Create logging dir
file:
ansible.builtin.file:
state: directory
path: /var/log/forgejo
owner: "{{ git_server_user }}"
@ -43,7 +44,7 @@
# TODO: Install initial config
- name: Install service file
template:
ansible.builtin.template:
src: forgejo.service
dest: /etc/systemd/system/forgejo.service
owner: root
@ -52,7 +53,7 @@
notify: reload forgejo
- name: Install update script
template:
ansible.builtin.template:
src: update.sh
dest: "{{ git_server_working_dir }}/update.sh"
owner: "{{ git_server_user }}"
@ -60,30 +61,30 @@
mode: 0755
- name: Perform initial update
command: "{{ git_server_working_dir }}/update.sh"
ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"
args:
creates: "{{ git_server_working_dir }}/forgejo"
notify: reload forgejo
- name: Enable service
systemd:
ansible.builtin.systemd:
name: forgejo
enabled: yes
daemon_reload: true
- name: Start service
systemd:
ansible.builtin.systemd:
name: forgejo
state: started
daemon_reload: true
- name: Install cronjob
template:
ansible.builtin.template:
src: cronjob
dest: /etc/cron.d/forgejo
- name: Allow Git SSH, HTTP and HTTPS
iptables:
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
@ -100,5 +101,5 @@
- { ip: ipv6, port: 443 }
notify: persist iptables
- debug:
- ansible.builtin.debug:
msg: If Forgejo has not been setup yet, please do so manually.

6
roles/go/tasks/main.yaml
View file

@ -3,18 +3,18 @@
tags: go,go_install
block:
- name: Remove Debian Go package
apt:
ansible.builtin.apt:
name: golang
autoremove: yes
state: absent
- name: Install dependencies
apt:
ansible.builtin.apt:
name: curl
state: present
- name: Fetch Go latest version
shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//"
ansible.builtin.shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//"
changed_when: false
register: go_latest_version_shell

9
roles/monitoring/handlers/main.yaml
View file

@ -1,17 +1,18 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart mqtt_exporter
systemd:
ansible.builtin.systemd:
name: mqtt_exporter
state: restarted
- name: restart prometheus
systemd:
ansible.builtin.systemd:
name: prometheus
state: restarted
- name: restart grafana
systemd:
ansible.builtin.systemd:
name: grafana-server
state: restarted

2
roles/monitoring/tasks/blackbox.yaml
View file

@ -1,4 +1,4 @@
---
- name: Install blackbox exporter
apt:
ansible.builtin.apt:
name: prometheus-blackbox-exporter

12
roles/monitoring/tasks/grafana.yaml
View file

@ -1,24 +1,24 @@
---
- name: Add key
get_url:
ansible.builtin.get_url:
url: https://apt.grafana.com/gpg.key
dest: /etc/apt/keyrings/grafana.asc
notify: apt update
- name: Grafana source
copy:
ansible.builtin.copy:
dest: /etc/apt/sources.list.d/grafana.list
content: "deb [signed-by=/etc/apt/keyrings/grafana.asc] https://apt.grafana.com stable main"
notify: apt update
- meta: flush_handlers
- ansible.builtin.meta: flush_handlers
- name: Install Grafana
apt:
ansible.builtin.apt:
name: grafana
- name: Configure grafana
template:
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
@ -30,7 +30,7 @@
- { src: grafana-ldap.toml, dest: /etc/grafana/ldap.toml }
- name: Configure grafana data source
template:
ansible.builtin.template:
src: grafana-data-source.yml
dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml"
owner: root

23
roles/monitoring/tasks/main.yaml
View file

@ -2,10 +2,11 @@
- name: monitoring
tags: monitoring
block:
- import_tasks: ../../../snippets/common-nginx.yaml
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install nginx site
template:
ansible.builtin.template:
src: nginx-site.conf
dest: /etc/nginx/sites-available/monitoring
owner: root
@ -14,20 +15,20 @@
notify: reload nginx
- name: Enable nginx site
file:
ansible.builtin.file:
src: /etc/nginx/sites-available/monitoring
dest: /etc/nginx/sites-enabled/monitoring
state: link
notify: reload nginx
- name: Start nginx
systemd:
ansible.builtin.systemd:
name: nginx
state: started
enabled: yes
- name: Allow HTTP/HTTPS
iptables:
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
@ -42,16 +43,20 @@
- name: mqtt_exporter
tags: mqtt_exporter
import_tasks: mqtt_exporter.yaml
ansible.builtin.import_tasks:
file: mqtt_exporter.yaml
- name: blackbox
tags: blackbox
import_tasks: blackbox.yaml
ansible.builtin.import_tasks:
file: blackbox.yaml
- name: prometheus
tags: prometheus
import_tasks: prometheus.yaml
ansible.builtin.import_tasks:
file: prometheus.yaml
- name: grafana
tags: grafana
import_tasks: grafana.yaml
ansible.builtin.import_tasks:
file: grafana.yaml

12
roles/monitoring/tasks/mqtt_exporter.yaml
View file

@ -1,6 +1,6 @@
---
- name: Clone source
git:
ansible.builtin.git:
repo: https://github.com/polyfloyd/mqtt-exporter.git
version: main
dest: /opt/mqtt_exporter
@ -8,7 +8,7 @@
notify: restart mqtt_exporter
- name: Install apt dependencies
apt:
ansible.builtin.apt:
name:
- python3-paho-mqtt
- python3-prometheus-client
@ -16,7 +16,7 @@
state: present
- name: Install service
template:
ansible.builtin.template:
src: mqtt_exporter.service
dest: /etc/systemd/system/mqtt_exporter.service
owner: root
@ -27,7 +27,7 @@
- restart mqtt_exporter
- name: Install config file
template:
ansible.builtin.template:
src: mqtt_exporter_config.yaml
dest: /etc/mqtt_exporter.yaml
owner: root
@ -37,10 +37,10 @@
- daemon reload
- restart mqtt_exporter
- meta: flush_handlers
- ansible.builtin.meta: flush_handlers
- name: Start service
systemd:
ansible.builtin.systemd:
name: mqtt_exporter
state: started
enabled: true

6
roles/monitoring/tasks/prometheus.yaml
View file

@ -1,10 +1,10 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: prometheus
- name: Configure Prometheus
template:
ansible.builtin.template:
src: prometheus.yml
dest: "{{ prometheus_config_dir }}/prometheus.yml"
owner: root
@ -13,7 +13,7 @@
notify: restart prometheus
- name: Configure Prometheus args
lineinfile:
ansible.builtin.lineinfile:
path: /etc/default/prometheus
line: >-
ARGS="

5
roles/mqtt-internal/handlers/main.yaml
View file

@ -1,7 +1,8 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart mosquitto
systemd:
ansible.builtin.systemd:
name: mosquitto
state: restarted

6
roles/mqtt-internal/tasks/main.yaml
View file

@ -3,13 +3,13 @@
tags: mqtt_internal
block:
- name: Install dependencies
apt:
ansible.builtin.apt:
name:
- mosquitto
- avahi-daemon
- name: Configure Mosquitto
template:
ansible.builtin.template:
src: "{{ item }}"
dest: "/etc/mosquitto/conf.d/{{ item }}"
owner: root
@ -21,7 +21,7 @@
- public-bridge.conf
- name: Start mosquitto
systemd:
ansible.builtin.systemd:
name: mosquitto
state: started
enabled: yes

16
roles/music/handlers/main.yaml
View file

@ -1,37 +1,39 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart trollibox
systemd:
ansible.builtin.systemd:
name: trollibox
state: restarted
daemon_reload: true
- name: rebuild librespot
command: /root/.cargo/bin/cargo build --release --features jackaudio-backend
ansible.builtin.command:
cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend
args:
chdir: /opt/librespot
- name: restart librespot
systemd:
ansible.builtin.systemd:
name: librespot
state: restarted
daemon_reload: true
- name: restart soundboard
systemd:
ansible.builtin.systemd:
name: soundboard
state: restarted
daemon_reload: true
- name: restart mpd-volume-to-mqtt
systemd:
ansible.builtin.systemd:
name: mpd-volume-to-mqtt
state: restarted
daemon_reload: true
- name: restart skipbutton
systemd:
ansible.builtin.systemd:
name: skipbutton
state: restarted
daemon_reload: true

8
roles/music/tasks/librespot.yaml
View file

@ -1,11 +1,11 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: libjack-jackd2-dev
state: present
- name: Clone librespot source
git:
ansible.builtin.git:
repo: https://github.com/librespot-org/librespot.git
version: dev
dest: /opt/librespot
@ -15,7 +15,7 @@
- restart librespot
- name: Install service file
template:
ansible.builtin.template:
src: librespot.service
dest: /etc/systemd/system/librespot.service
owner: root
@ -24,7 +24,7 @@
notify: restart librespot
- name: Enable Librespot
systemd:
ansible.builtin.systemd:
name: librespot
state: started
enabled: true

17
roles/music/tasks/main.yaml
View file

@ -1,22 +1,27 @@
---
- tags: music_mpd
import_tasks: mpd.yaml
ansible.builtin.import_tasks:
file: mpd.yaml
- tags: music_trollibox
import_tasks: trollibox.yaml
ansible.builtin.import_tasks:
file: trollibox.yaml
- tags: music_librespot
import_tasks: librespot.yaml
ansible.builtin.import_tasks:
file: librespot.yaml
- tags: music_soundboard
import_tasks: soundboard.yaml
ansible.builtin.import_tasks:
file: soundboard.yaml
- tags: music
block:
- import_tasks: ../../../snippets/common-nginx.yaml
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install nginx config
template:
ansible.builtin.template:
src: nginx-site.conf
dest: /etc/nginx/sites-enabled/trollibox
owner: root

14
roles/music/tasks/mpd.yaml
View file

@ -1,6 +1,6 @@
---
- name: Install MPD
apt:
ansible.builtin.apt:
name:
- jackd
- mpd
@ -9,7 +9,7 @@
state: present
- name: Install mpd-volume-to-mqtt script
template:
ansible.builtin.template:
src: mpd-volume-to-mqtt.sh
dest: /opt/mpd-volume-to-mqtt.sh
owner: root
@ -18,7 +18,7 @@
notify: restart mpd-volume-to-mqtt
- name: Install mpd-volume-to-mqtt service
template:
ansible.builtin.template:
src: mpd-volume-to-mqtt.service
dest: /etc/systemd/system/mpd-volume-to-mqtt.service
owner: root
@ -27,14 +27,14 @@
notify: restart mpd-volume-to-mqtt
- name: Enable mpd-volume-to-mqtt
systemd:
ansible.builtin.systemd:
name: mpd-volume-to-mqtt
state: started
enabled: true
daemon_reload: true
- name: Clone skipbutton source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/skipbutton.git
version: master
dest: /opt/skipbutton
@ -42,7 +42,7 @@
notify: restart skipbutton
- name: Install skipbutton service
template:
ansible.builtin.template:
src: skipbutton.service
dest: /etc/systemd/system/skipbutton.service
owner: root
@ -51,7 +51,7 @@
notify: restart skipbutton
- name: Enable skipbutton
systemd:
ansible.builtin.systemd:
name: skipbutton
state: started
enabled: true

16
roles/music/tasks/soundboard.yaml
View file

@ -1,11 +1,11 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: virtualenv
state: present
- name: Clone soundboard source
git:
ansible.builtin.git:
repo: https://github.com/polyfloyd/mqtt-soundboard.git
version: main
dest: /opt/soundboard
@ -13,17 +13,19 @@
notify: restart soundboard
- name: Create virtualenv
command: virtualenv /opt/soundboard/.venv
ansible.builtin.command:
cmd: virtualenv /opt/soundboard/.venv
args:
creates: /opt/soundboard/.venv
- name: Install Python dependencies
shell: . .venv/bin/activate && pip install -r requirements.txt
ansible.builtin.shell:
cmd: . .venv/bin/activate && pip install -r requirements.txt
args:
chdir: /opt/soundboard
- name: Install soundboard config file
template:
ansible.builtin.template:
src: soundboard.yaml
dest: /etc/soundboard.yaml
owner: root
@ -32,7 +34,7 @@
notify: restart soundboard
- name: Install soundboard service file
template:
ansible.builtin.template:
src: soundboard.service
dest: /etc/systemd/system/soundboard.service
owner: root
@ -41,7 +43,7 @@
notify: restart soundboard
- name: Enable soundboard
systemd:
ansible.builtin.systemd:
name: soundboard
state: started
enabled: true

14
roles/music/tasks/trollibox.yaml
View file

@ -1,6 +1,6 @@
---
- name: Install Trollibox config
template:
ansible.builtin.template:
src: trollibox.yaml
dest: /etc/trollibox.yaml
owner: root
@ -9,16 +9,18 @@
notify: restart trollibox
- name: Get latest Trollibox version from Github API
get_url:
ansible.builtin.get_url:
url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest"
dest: "/tmp/_ansible_trollibox_latest_release.json"
- name: Get download url
shell: cat "/tmp/_ansible_trollibox_latest_release.json" | jq '.assets[] | select(.name | contains("linux-amd64")) | .browser_download_url' -r
ansible.builtin.shell:
cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name
| contains("linux-amd64")) | .browser_download_url -r
register: "trollibox_download_url"
- name: Download Trollibox
unarchive:
ansible.builtin.unarchive:
src: "{{ trollibox_download_url.stdout }}"
remote_src: yes
dest: /usr/local/bin
@ -27,7 +29,7 @@
notify: restart trollibox
- name: Install service file
template:
ansible.builtin.template:
src: trollibox.service
dest: /etc/systemd/system/trollibox.service
owner: root
@ -36,7 +38,7 @@
notify: restart trollibox
- name: Enable Trollibox
systemd:
ansible.builtin.systemd:
name: trollibox
state: started
enabled: true

4
roles/photos/handlers/main.yaml
View file

@ -1,12 +1,12 @@
---
- name: restart photo-gallery
systemd:
ansible.builtin.systemd:
name: photo-gallery
state: restarted
daemon_reload: true
- name: restart photos2mqtt
systemd:
ansible.builtin.systemd:
name: photos2mqtt
state: restarted
daemon_reload: true

10
roles/photos/tasks/bambulab-fetch.yaml
View file

@ -1,10 +1,10 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: curl
- name: Install fetch script
template:
ansible.builtin.template:
src: bambulab-fetch.sh
dest: /opt/bambulab-fetch.sh
owner: root
@ -12,7 +12,7 @@
mode: 0755
- name: Install service
template:
ansible.builtin.template:
src: bambulab-fetch.service
dest: /etc/systemd/system/bambulab-fetch.service
owner: root
@ -21,7 +21,7 @@
notify: daemon reload
- name: Install timer
template:
ansible.builtin.template:
src: bambulab-fetch.timer
dest: /etc/systemd/system/bambulab-fetch.timer
owner: root
@ -30,7 +30,7 @@
notify: daemon reload
- name: Enable timer
systemd:
ansible.builtin.systemd:
name: bambulab-fetch
state: started
enabled: yes

9
roles/photos/tasks/main.yaml
View file

@ -1,9 +1,12 @@
---
- tags: photos-gallery
import_tasks: photo-gallery.yaml
ansible.builtin.import_tasks:
file: photo-gallery.yaml
- tags: photos-mqtt
import_tasks: photos2mqtt.yaml
ansible.builtin.import_tasks:
file: photos2mqtt.yaml
- tags: bambulab-fetch
import_tasks: bambulab-fetch.yaml
ansible.builtin.import_tasks:
file: bambulab-fetch.yaml

10
roles/photos/tasks/photo-gallery.yaml
View file

@ -1,10 +1,10 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: [ nodejs, npm, imagemagick, graphicsmagick, ffmpeg ]
- name: Clone source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/photo-gallery.git
version: master
dest: /opt/photo-gallery
@ -12,7 +12,7 @@
notify: restart photo-gallery
- name: Install photo-gallery config file
template:
ansible.builtin.template:
src: photo-gallery-config.json
dest: /opt/photo-gallery/config.json
owner: root
@ -21,7 +21,7 @@
notify: restart photo-gallery
- name: Install photo-gallery service file
template:
ansible.builtin.template:
src: photo-gallery.service
dest: /etc/systemd/system/photo-gallery.service
owner: root
@ -30,7 +30,7 @@
notify: restart photo-gallery
- name: Start photo-gallery
systemd:
ansible.builtin.systemd:
name: photo-gallery
state: started
enabled: yes

11
roles/photos/tasks/photos2mqtt.yaml
View file

@ -1,15 +1,16 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name:
- make
- liblinux-inotify2-perl
- name: Install mqtt-simple
command: cpan Net::MQTT::Simple
ansible.builtin.command:
cmd: cpan Net::MQTT::Simple
- name: Install photos2mqtt
template:
ansible.builtin.template:
src: photos2mqtt.pl
dest: /opt/photos2mqtt.pl
owner: root
@ -18,7 +19,7 @@
notify: restart photos2mqtt
- name: Install photos2mqtt service file
template:
ansible.builtin.template:
src: photos2mqtt.service
dest: /etc/systemd/system/photos2mqtt.service
owner: root
@ -27,7 +28,7 @@
notify: restart photos2mqtt
- name: Start photos2mqtt
systemd:
ansible.builtin.systemd:
name: photos2mqtt
state: started
enabled: yes

3
roles/raspi/handlers/main.yaml
View file

@ -1,2 +1,3 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml

16
roles/raspi/tasks/main.yaml
View file

@ -1,24 +1,25 @@
---
- name: Check whether user pi exists
command: "grep ^pi: /etc/passwd"
ansible.builtin.command:
cmd: 'grep ^pi: /etc/passwd'
changed_when: no
failed_when: pi_user_check.rc != 0 and pi_user_check.rc != 1
register: pi_user_check
- name: Disable default user
user:
ansible.builtin.user:
name: pi
password: !
when: pi_user_check.stdout_lines|length > 0
- name: Enable sshd
systemd:
ansible.builtin.systemd:
name: sshd
enabled: yes
state: started
- name: Rotate display
lineinfile:
ansible.builtin.lineinfile:
path: /boot/config.txt
line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible"
regexp: "^#?display_rotate"
@ -28,18 +29,19 @@
- name: Disable swap
block:
- name: Stop swap service
systemd:
ansible.builtin.systemd:
name: dphys-swapfile
state: stopped
enabled: no
- name: Remove swap file
command: dphys-swapfile uninstall
ansible.builtin.command:
cmd: dphys-swapfile uninstall
args:
removes: /var/swap
- name: Enable IPv6 SLAAC
lineinfile:
ansible.builtin.lineinfile:
path: /etc/dhcpcd.conf
line: "slaac hwaddr # Managed by Ansible"
regexp: "^#?slaac"

21
roles/services/handlers/main.yaml
View file

@ -1,56 +1,57 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart irc-bot
systemd:
ansible.builtin.systemd:
name: irc-bot
state: restarted
daemon_reload: true
- name: restart irc-photos
systemd:
ansible.builtin.systemd:
name: irc-photos
state: restarted
daemon_reload: true
- name: restart irc-doorduino
systemd:
ansible.builtin.systemd:
name: irc-doorduino
state: restarted
daemon_reload: true
- name: restart discord-bot
systemd:
ansible.builtin.systemd:
name: discord-bot
state: restarted
daemon_reload: true
- name: restart siahsd
systemd:
ansible.builtin.systemd:
name: siahsd
state: restarted
daemon_reload: true
- name: restart spacestated
systemd:
ansible.builtin.systemd:
name: spacestated
state: restarted
daemon_reload: true
- name: restart mastodon-spacestate
systemd:
ansible.builtin.systemd:
name: mastodon-spacestate
state: restarted
daemon_reload: true
- name: restart wifi-mqtt
systemd:
ansible.builtin.systemd:
name: wifi-mqtt
state: restarted
daemon_reload: true
- name: restart power-mqtt
systemd:
ansible.builtin.systemd:
name: power-mqtt
state: restarted
daemon_reload: true

14
roles/services/tasks/discord_bot.yaml
View file

@ -1,23 +1,25 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name:
- python3-paho-mqtt
- python3-tz
- virtualenv
- name: Create virtualenv
command: virtualenv /opt/miflora_exporter/.venv
ansible.builtin.command:
cmd: virtualenv /opt/miflora_exporter/.venv
args:
creates: /var/lib/discord-bot/.venv
- name: Install Python dependencies
shell: . .venv/bin/activate && pip install -r requirements.txt
ansible.builtin.shell:
cmd: . .venv/bin/activate && pip install -r requirements.txt
args:
chdir: /var/lib/discord-bot
- name: Clone source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/discord-bot.git
version: main
dest: /var/lib/discord-bot
@ -25,7 +27,7 @@
notify: restart discord-bot
- name: Install service file
template:
ansible.builtin.template:
src: discord-bot.service
dest: /etc/systemd/system/discord-bot.service
owner: root
@ -34,7 +36,7 @@
notify: restart discord-bot
- name: Start discord-bot
systemd:
ansible.builtin.systemd:
name: discord-bot
state: started
enabled: yes

22
roles/services/tasks/ircbot.yaml
View file

@ -1,6 +1,6 @@
---
- name: Clone source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/irc-bot.git
version: master
dest: /var/lib/irc-bot
@ -8,13 +8,13 @@
notify: restart irc-bot
- name: Link irc-say
file:
ansible.builtin.file:
state: link
src: /var/lib/irc-bot/irc-say
dest: /usr/local/bin/irc-say
- name: Install service file
template:
ansible.builtin.template:
src: generic.service
dest: /etc/systemd/system/irc-bot.service
owner: root
@ -26,19 +26,19 @@
notify: restart irc-bot
- name: Start irc-bot
systemd:
ansible.builtin.systemd:
name: irc-bot
state: started
enabled: yes
daemon_reload: true
- name: Create helpers dir
file:
ansible.builtin.file:
path: /var/lib/irc-helpers
state: directory
- name: Install photos notification
template:
ansible.builtin.template:
src: irc-photos.sh
dest: /var/lib/irc-helpers/photos.sh
owner: root
@ -47,7 +47,7 @@
notify: restart irc-photos
- name: Install photos notification service
template:
ansible.builtin.template:
src: generic.service
dest: /etc/systemd/system/irc-photos.service
owner: root
@ -60,14 +60,14 @@
notify: restart irc-photos
- name: Start irc-photos
systemd:
ansible.builtin.systemd:
name: irc-photos
state: started
enabled: yes
daemon_reload: true
- name: Install doorduino notification
template:
ansible.builtin.template:
src: irc-doorduino.sh
dest: /var/lib/irc-helpers/doorduino.sh
owner: root
@ -76,7 +76,7 @@
notify: restart irc-doorduino
- name: Install doorduino notification service
template:
ansible.builtin.template:
src: generic.service
dest: /etc/systemd/system/irc-doorduino.service
owner: root
@ -89,7 +89,7 @@
notify: restart irc-doorduino
- name: Start irc-doorduino
systemd:
ansible.builtin.systemd:
name: irc-doorduino
state: started
enabled: yes

5
roles/services/tasks/main.yaml
View file

@ -1,9 +1,10 @@
---
- tags: services_ircbot
import_tasks: ircbot.yaml
ansible.builtin.import_tasks:
file: ircbot.yaml
- tags: services_discord_bot
import_tasks: discord_bot.yaml
ansible.builtin.import_tasks: discord_bot.yaml
- tags: services_siahsd
import_tasks: siahsd.yaml

10
roles/services/tasks/mastodon_spacestate.yaml
View file

@ -1,12 +1,12 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name:
- python3-mastodon
- python3-paho-mqtt
- name: Clone source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/mastodon-spacestate.git
version: main
dest: /var/lib/mastodon-spacestate
@ -14,7 +14,7 @@
notify: restart mastodon-spacestate
- name: Install config
template:
ansible.builtin.template:
src: mastodon-spacestate-config.py
dest: /var/lib/mastodon-spacestate/config.py
owner: root
@ -23,7 +23,7 @@
notify: restart mastodon-spacestate
- name: Install service file
template:
ansible.builtin.template:
src: mastodon-spacestate.service
dest: /etc/systemd/system/mastodon-spacestate.service
owner: root
@ -32,7 +32,7 @@
notify: restart mastodon-spacestate
- name: Start mastodon-spacestate
systemd:
ansible.builtin.systemd:
name: mastodon-spacestate
state: started
enabled: yes

10
roles/services/tasks/power_mqtt.yaml
View file

@ -1,10 +1,10 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: [python3-paho-mqtt, python3-requests]
- name: Install power-mqtt
template:
ansible.builtin.template:
src: power-mqtt.py
dest: /var/lib/power-mqtt.py
owner: root
@ -13,12 +13,12 @@
notify: restart power-mqtt
- name: Remove old service
file:
ansible.builtin.file:
path: /etc/systemd/system/power-mqtt.service
state: absent
- name: Install power-mqtt service
template:
ansible.builtin.template:
src: generic.service
dest: /etc/systemd/system/power-mqtt@.service
owner: root
@ -30,7 +30,7 @@
notify: restart power-mqtt@
- name: Enable power-mqtt
systemd:
ansible.builtin.systemd:
name: "power-mqtt@{{ item.net }}/{{ item.ip }}"
state: started
enabled: yes

10
roles/services/tasks/siahsd.yaml
View file

@ -2,7 +2,7 @@
# TODO: Install and build
- name: Create directories
file:
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: siahsd
@ -12,7 +12,7 @@
- /var/lib/siahsd
- name: Install config file
template:
ansible.builtin.template:
src: siahsd.conf
dest: /etc/siahsd.conf
owner: root
@ -21,7 +21,7 @@
notify: restart siahsd
- name: Install service file
template:
ansible.builtin.template:
src: siahsd.service
dest: /etc/systemd/system/siahsd.service
owner: root
@ -30,14 +30,14 @@
notify: restart siahsd
- name: Start siahsd
systemd:
ansible.builtin.systemd:
name: siahsd
state: started
enabled: yes
daemon_reload: true
- name: Allow siahsd traffic
iptables:
ansible.builtin.iptables:
chain: INPUT
protocol: udp
destination_port: "4000"

13
roles/services/tasks/spacestated.yaml
View file

@ -1,24 +1,25 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name:
- php-cli
- php-snmp
- make
- name: Install mqtt-simple
command: cpan Net::MQTT::Simple
ansible.builtin.command:
cmd: cpan Net::MQTT::Simple
- name: Add user
user:
ansible.builtin.user:
name: spacestated
home: /var/lib/spacestated
generate_ssh_key: yes
ssh_key_type: ed25519
- name: Clone source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/spacestated.git
version: main
dest: /var/lib/spacestated/spacestated
@ -26,7 +27,7 @@
notify: restart spacestated
- name: Install service file
template:
ansible.builtin.template:
src: spacestated.service
dest: /etc/systemd/system/spacestated.service
owner: root
@ -35,7 +36,7 @@
notify: restart spacestated
- name: Start spacestated
systemd:
ansible.builtin.systemd:
name: spacestated
state: started
enabled: yes

2
roles/services/tasks/wifi_mqtt.yaml
View file

@ -1,6 +1,6 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name:
- php-cli
- php-snmp

7
roles/www/handlers/main.yaml
View file

@ -1,13 +1,14 @@
---
- import_tasks: ../../common/handlers/main.yaml
- ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart spaceapi
systemd:
ansible.builtin.systemd:
name: spaceapi
state: restarted
daemon_reload: true
- name: restart mqtt2web
systemd:
ansible.builtin.systemd:
name: mqtt2web
state: restarted

8
roles/www/tasks/calendar.yaml
View file

@ -1,22 +1,22 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: [ python3-requests, python3-icalendar ]
- name: Clone source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/calendar-parser.git
version: main
dest: /usr/local/src/bitlair-calendar
accept_hostkey: yes
- name: Create user
user:
ansible.builtin.user:
name: bitlair-calendar
home: /var/lib/bitlair-calendar
- name: Install cronjob
template:
ansible.builtin.template:
src: calendar.cron
dest: /etc/cron.d/bitlair-calendar
owner: root

12
roles/www/tasks/main.yaml
View file

@ -1,12 +1,16 @@
---
- tags: www_calendar
import_tasks: calendar.yaml
ansible.builtin.import_tasks:
file: calendar.yaml
- tags: www_mediawiki
import_tasks: mediawiki.yaml
ansible.builtin.import_tasks:
file: mediawiki.yaml
- tags: www_mqtt
import_tasks: mqtt.yaml
ansible.builtin.import_tasks:
file: mqtt.yaml
- tags: www_spaceapi
import_tasks: spaceapi.yaml
ansible.builtin.import_tasks:
file: spaceapi.yaml

9
roles/www/tasks/mediawiki.yaml
View file

@ -1,13 +1,14 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name: php-fpm
state: present
- import_tasks: ../../../snippets/common-nginx.yaml
- ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install security.txt
template:
ansible.builtin.template:
src: security.txt
dest: /opt/security.txt
owner: root
@ -15,7 +16,7 @@
mode: 0644
- name: Allow HTTP/HTTPS
iptables:
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"

15
roles/www/tasks/mqtt.yaml
View file

@ -1,13 +1,13 @@
---
- name: Install dependencies
apt:
ansible.builtin.apt:
name:
- libjson-xs-perl
- liblinux-epoll-perl
- mosquitto
- name: Allow MQTT
iptables:
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ item.port }}"
@ -21,10 +21,11 @@
notify: persist iptables
- name: Install mqtt-simple
command: cpan Net::MQTT::Simple
ansible.builtin.command:
cmd: cpan Net::MQTT::Simple
- name: Clone mqtt2web source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/mqtt2web.git
version: master
dest: /opt/mqtt2web
@ -32,7 +33,7 @@
notify: restart mqtt2web
- name: Install mqtt2web service file
template:
ansible.builtin.template:
src: mqtt2web.service
dest: /etc/systemd/system/mqtt2web.service
owner: root
@ -42,10 +43,10 @@
- daemon reload
- restart mqtt2web
- meta: flush_handlers
- ansible.builtin.meta: flush_handlers
- name: Enable mqtt2web
systemd:
ansible.builtin.systemd:
name: mqtt2web
state: started
enabled: true

6
roles/www/tasks/spaceapi.yaml
View file

@ -1,6 +1,6 @@
---
- name: Clone spaceapi source
git:
ansible.builtin.git:
repo: https://github.com/bitlair/spaceapi.git
version: main
dest: /opt/spaceapi
@ -8,7 +8,7 @@
notify: restart spaceapi
- name: Install spaceapi service file
template:
ansible.builtin.template:
src: spaceapi.service
dest: /etc/systemd/system/spaceapi.service
owner: root
@ -17,7 +17,7 @@
notify: restart spaceapi
- name: Enable spaceapi
systemd:
ansible.builtin.systemd:
name: spaceapi
state: started
enabled: true