From f7f04e7a41f26ddfec4afed0821adcc35daa39ab Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 20:47:52 +0200 Subject: [PATCH 01/14] Automated changes from linter ;P --- roles/acme/handlers/main.yaml | 6 ++- roles/acme/tasks/main.yaml | 25 +++++----- roles/acme/tasks/remove_conflicting.yaml | 4 +- roles/acme/tasks/san_domains_loop.yaml | 4 +- roles/bank-terminal/handlers/main.yaml | 6 ++- roles/bank-terminal/tasks/main.yaml | 21 +++++---- roles/bank/handlers/main.yaml | 3 +- roles/bank/tasks/inflatinator.yaml | 4 +- roles/bank/tasks/login.yaml | 17 +++---- roles/bank/tasks/main.yaml | 9 ++-- roles/bank/tasks/revbank.yaml | 14 +++--- roles/common-bitlair/tasks/main.yaml | 2 +- roles/common/handlers/main.yaml | 15 +++--- roles/common/tasks/apt-minimal.yaml | 2 +- roles/common/tasks/debian-backports.yaml | 4 +- roles/common/tasks/debian-upgrade.yaml | 12 ++--- roles/common/tasks/main.yaml | 47 +++++++++++-------- roles/common/tasks/network.yaml | 10 ++-- roles/common/tasks/node-exporter.yaml | 4 +- roles/common/tasks/unattended-updates.yaml | 6 +-- roles/common/tasks/vm.yaml | 6 +-- roles/etherpad/handlers/main.yaml | 5 +- roles/etherpad/tasks/main.yaml | 39 ++++++++------- roles/etherpad/tasks/requirements.yml | 3 ++ roles/git-ci/handlers/main.yaml | 5 +- roles/git-ci/tasks/main.yaml | 16 +++---- roles/git-server/handlers/main.yaml | 5 +- roles/git-server/tasks/main.yaml | 29 ++++++------ roles/go/tasks/main.yaml | 6 +-- roles/monitoring/handlers/main.yaml | 9 ++-- roles/monitoring/tasks/blackbox.yaml | 2 +- roles/monitoring/tasks/grafana.yaml | 12 ++--- roles/monitoring/tasks/main.yaml | 23 +++++---- roles/monitoring/tasks/mqtt_exporter.yaml | 12 ++--- roles/monitoring/tasks/prometheus.yaml | 6 +-- roles/mqtt-internal/handlers/main.yaml | 5 +- roles/mqtt-internal/tasks/main.yaml | 6 +-- roles/music/handlers/main.yaml | 16 ++++--- roles/music/tasks/librespot.yaml | 8 ++-- roles/music/tasks/main.yaml | 17 ++++--- roles/music/tasks/mpd.yaml | 14 +++--- roles/music/tasks/soundboard.yaml | 16 ++++--- roles/music/tasks/trollibox.yaml | 14 +++--- roles/photos/handlers/main.yaml | 4 +- roles/photos/tasks/bambulab-fetch.yaml | 10 ++-- roles/photos/tasks/main.yaml | 9 ++-- roles/photos/tasks/photo-gallery.yaml | 10 ++-- roles/photos/tasks/photos2mqtt.yaml | 11 +++-- roles/raspi/handlers/main.yaml | 3 +- roles/raspi/tasks/main.yaml | 16 ++++--- roles/services/handlers/main.yaml | 21 +++++---- roles/services/tasks/discord_bot.yaml | 14 +++--- roles/services/tasks/ircbot.yaml | 22 ++++----- roles/services/tasks/main.yaml | 5 +- roles/services/tasks/mastodon_spacestate.yaml | 10 ++-- roles/services/tasks/power_mqtt.yaml | 10 ++-- roles/services/tasks/siahsd.yaml | 10 ++-- roles/services/tasks/spacestated.yaml | 13 ++--- roles/services/tasks/wifi_mqtt.yaml | 2 +- roles/www/handlers/main.yaml | 7 +-- roles/www/tasks/calendar.yaml | 8 ++-- roles/www/tasks/main.yaml | 12 +++-- roles/www/tasks/mediawiki.yaml | 9 ++-- roles/www/tasks/mqtt.yaml | 15 +++--- roles/www/tasks/spaceapi.yaml | 6 +-- 65 files changed, 392 insertions(+), 324 deletions(-) create mode 100644 roles/etherpad/tasks/requirements.yml diff --git a/roles/acme/handlers/main.yaml b/roles/acme/handlers/main.yaml index d2fbc06..508fc1a 100644 --- a/roles/acme/handlers/main.yaml +++ b/roles/acme/handlers/main.yaml @@ -1,5 +1,7 @@ - name: update_contact_info - command: dehydrated --account + ansible.builtin.command: + cmd: dehydrated --account - name: query_certificates - command: dehydrated --cron + ansible.builtin.command: + cmd: dehydrated --cron diff --git a/roles/acme/tasks/main.yaml b/roles/acme/tasks/main.yaml index ceac392..653f49c 100644 --- a/roles/acme/tasks/main.yaml +++ b/roles/acme/tasks/main.yaml @@ -1,22 +1,23 @@ --- -- import_tasks: remove_conflicting.yaml +- ansible.builtin.import_tasks: + file: remove_conflicting.yaml tags: [ never, acme_remove_conflicting ] - name: Install Dehydrated tags: [ acme, acme_install ] block: - name: Install dependencies - apt: + ansible.builtin.apt: name: ssl-cert state: present - name: Install Dehydrated - apt: + ansible.builtin.apt: name: dehydrated state: present - name: Install config file - template: + ansible.builtin.template: src: config.sh dest: /etc/dehydrated/conf.d/ansible.sh owner: root @@ -25,7 +26,7 @@ notify: update_contact_info - name: Install deploy hook - template: + ansible.builtin.template: src: deploy.sh dest: /etc/dehydrated/conf.d/deploy.sh owner: root @@ -33,7 +34,7 @@ mode: 0755 - name: Install cronjob - template: + ansible.builtin.template: src: cron dest: /etc/cron.d/dehydrated owner: root @@ -41,7 +42,7 @@ mode: 0644 - name: Create Nginx snippet snippets dir - file: + ansible.builtin.file: state: directory path: /etc/nginx/snippets owner: root @@ -49,7 +50,7 @@ mode: 0755 - name: Install Nginx snippet - template: + ansible.builtin.template: src: nginx-snippet.conf dest: /etc/nginx/snippets/acme.conf owner: root @@ -57,14 +58,15 @@ mode: 0644 - name: Register account - command: dehydrated --register --accept-terms + ansible.builtin.command: + cmd: dehydrated --register --accept-terms args: creates: /var/lib/dehydrated/accounts - tags: [ acme, acme_certs ] block: - name: Configure certificates - template: + ansible.builtin.template: src: domains.txt dest: /etc/dehydrated/domains.txt owner: root @@ -73,7 +75,8 @@ notify: query_certificates - name: Symlink SAN domains - include_tasks: san_domains_loop.yaml + ansible.builtin.include_tasks: + file: san_domains_loop.yaml loop: "{{ acme_san_domains|default([]) }}" loop_control: loop_var: domains diff --git a/roles/acme/tasks/remove_conflicting.yaml b/roles/acme/tasks/remove_conflicting.yaml index c55b045..9c88555 100644 --- a/roles/acme/tasks/remove_conflicting.yaml +++ b/roles/acme/tasks/remove_conflicting.yaml @@ -1,12 +1,12 @@ --- - name: Remove certbot from apt - apt: + ansible.builtin.apt: name: [ letsencrypt, certbot ] state: absent autoremove: yes - name: Remove variable directories - file: + ansible.builtin.file: state: absent path: "{{ item }}" with_items: diff --git a/roles/acme/tasks/san_domains_loop.yaml b/roles/acme/tasks/san_domains_loop.yaml index 4102cf4..b878042 100644 --- a/roles/acme/tasks/san_domains_loop.yaml +++ b/roles/acme/tasks/san_domains_loop.yaml @@ -1,9 +1,9 @@ --- -- stat: +- ansible.builtin.stat: path: "/var/lib/dehydrated/certs/{{ domains[0] }}" register: cert_stat -- file: +- ansible.builtin.file: state: link path: "/var/lib/dehydrated/certs/{{ item }}" src: "/var/lib/dehydrated/certs/{{ domains[0] }}" diff --git a/roles/bank-terminal/handlers/main.yaml b/roles/bank-terminal/handlers/main.yaml index 6c8d778..c599b2c 100644 --- a/roles/bank-terminal/handlers/main.yaml +++ b/roles/bank-terminal/handlers/main.yaml @@ -1,5 +1,7 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml - name: console_setup - command: dpkg-reconfigure console-setup --frontend noninteractive + ansible.builtin.command: + cmd: dpkg-reconfigure console-setup --frontend noninteractive diff --git a/roles/bank-terminal/tasks/main.yaml b/roles/bank-terminal/tasks/main.yaml index baf0e7f..7a01ccb 100644 --- a/roles/bank-terminal/tasks/main.yaml +++ b/roles/bank-terminal/tasks/main.yaml @@ -3,7 +3,7 @@ tags: bank_terminal_client block: - name: Add user - user: + ansible.builtin.user: name: bank-terminal home: /home/{{ bank_terminal_user }} shell: /home/{{ bank_terminal_user }}/login @@ -11,14 +11,15 @@ ssh_key_type: ed25519 - name: Locate agetty - command: which agetty + ansible.builtin.command: + cmd: which agetty register: agetty_location_cmd - name: Set agetty var - set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}" + ansible.builtin.set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}" - name: Install login script - template: + ansible.builtin.template: src: login dest: /home/{{ bank_terminal_user }}/login owner: bank-terminal @@ -26,7 +27,7 @@ mode: 0755 - name: Autologin User - template: + ansible.builtin.template: src: tty_autologin.conf dest: /etc/systemd/system/getty@tty1.service.d/override.conf owner: root @@ -35,13 +36,13 @@ notify: daemon_reload - name: Clear MOTD - copy: + ansible.builtin.copy: content: "" dest: /etc/motd # Set console font so the Revbank QR codes are rendered correctly. - name: Console setup - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/console-setup line: '{{ item.k }}="{{ item.v }}"' regexp: "^#?{{ item.k }}" @@ -54,17 +55,17 @@ notify: console_setup - name: Console Setup Management Note - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/console-setup line: '# Managed by Ansible' insertafter: "CONFIGURATION FILE" - name: Read pubkey - command: /bin/cat /home/{{ bank_terminal_user }}/.ssh/id_ed25519.pub + ansible.builtin.command: /bin/cat /home/{{ bank_terminal_user }}/.ssh/id_ed25519.pub changed_when: no register: pubkey - - debug: + - ansible.builtin.debug: msg: - Please ensure that the pubkey below is is authorized on the bank server. - "{{ pubkey.stdout_lines | join }}" diff --git a/roles/bank/handlers/main.yaml b/roles/bank/handlers/main.yaml index 68a75c2..e7a11ce 100644 --- a/roles/bank/handlers/main.yaml +++ b/roles/bank/handlers/main.yaml @@ -1,2 +1,3 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml diff --git a/roles/bank/tasks/inflatinator.yaml b/roles/bank/tasks/inflatinator.yaml index bbff21a..dc687a3 100644 --- a/roles/bank/tasks/inflatinator.yaml +++ b/roles/bank/tasks/inflatinator.yaml @@ -1,11 +1,11 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: [ links, python3-pyquery ] state: present - name: Clone revbank-inflatinator source - git: + ansible.builtin.git: repo: https://github.com/bitlair/revbank-inflatinator.git version: main dest: /opt/revbank-inflatinator diff --git a/roles/bank/tasks/login.yaml b/roles/bank/tasks/login.yaml index f7cda49..cd0f9ba 100644 --- a/roles/bank/tasks/login.yaml +++ b/roles/bank/tasks/login.yaml @@ -1,6 +1,6 @@ --- - name: Add user - user: + ansible.builtin.user: name: bank password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank" home: /home/{{ bank_user }} @@ -8,7 +8,7 @@ update_password: always - name: Allow password auth for bank user - blockinfile: + ansible.builtin.blockinfile: path: /etc/ssh/sshd_config insertafter: EOF block: |- @@ -17,12 +17,12 @@ notify: reload sshd - name: Clear motd - copy: + ansible.builtin.copy: content: "" dest: /etc/motd - name: Remove autologin - file: + ansible.builtin.file: path: /etc/systemd/system/getty@tty1.service.d/override.conf state: absent notify: daemon reload @@ -31,19 +31,20 @@ - when: bank_local_tty block: - name: Locate agetty - command: command -v agetty + ansible.builtin.command: + cmd: command -v agetty register: agetty_location_cmd - - set_fact: + - ansible.builtin.set_fact: agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}" - name: Create getty dir - file: + ansible.builtin.file: path: /etc/systemd/system/getty@tty1.service.d state: directory - name: Autologin User - template: + ansible.builtin.template: src: tty_autologin.conf dest: /etc/systemd/system/getty@tty1.service.d/override.conf owner: root diff --git a/roles/bank/tasks/main.yaml b/roles/bank/tasks/main.yaml index c1953b8..7ad90f6 100644 --- a/roles/bank/tasks/main.yaml +++ b/roles/bank/tasks/main.yaml @@ -1,9 +1,12 @@ --- - tags: [ bank, bank_login ] - import_tasks: login.yaml + ansible.builtin.import_tasks: + file: login.yaml - tags: [ bank, bank_revbank ] - import_tasks: revbank.yaml + ansible.builtin.import_tasks: + file: revbank.yaml - tags: [ bank, bank_inflatinator ] - import_tasks: inflatinator.yaml + ansible.builtin.import_tasks: + file: inflatinator.yaml diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index f592504..ec283d1 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -1,18 +1,18 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ] state: present - name: Clone revbank source - git: + ansible.builtin.git: repo: "{{ bank_revbank_git }}" version: master dest: /home/{{ bank_user }}/revbank.git accept_hostkey: yes - name: Create data files - command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }} + ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }} args: creates: /home/{{ bank_user }}/{{ item }} with_items: @@ -21,7 +21,7 @@ - revbank.products - name: Ensure data file permissions - file: + ansible.builtin.file: path: /home/{{ bank_user }}/{{ item }} state: touch owner: "{{ bank_user }}" @@ -33,7 +33,7 @@ - revbank.products - name: Link plugins - file: + ansible.builtin.file: state: link path: /home/{{ bank_user }}/{{ item }} src: /home/{{ bank_user }}/revbank.git/{{ item }} @@ -42,11 +42,11 @@ - revbank.plugins - name: Create git data dir - file: + ansible.builtin.file: path: /home/{{ bank_user }}/data.git state: directory - name: Install git cronjob - template: + ansible.builtin.template: src: git.cron dest: /etc/cron.d/revbank-git diff --git a/roles/common-bitlair/tasks/main.yaml b/roles/common-bitlair/tasks/main.yaml index 57f98a8..c28063b 100644 --- a/roles/common-bitlair/tasks/main.yaml +++ b/roles/common-bitlair/tasks/main.yaml @@ -1,7 +1,7 @@ --- - name: Update authorized_keys tags: authorized_keys - template: + ansible.builtin.template: src: authorized_keys.j2 dest: /root/.ssh/authorized_keys mode: 0600 diff --git a/roles/common/handlers/main.yaml b/roles/common/handlers/main.yaml index 48b73af..b71cef9 100644 --- a/roles/common/handlers/main.yaml +++ b/roles/common/handlers/main.yaml @@ -1,30 +1,31 @@ --- - name: update grub - command: update-grub + ansible.builtin.command: + cmd: update-grub - name: reboot - reboot: + ansible.builtin.reboot: - name: apt update - apt: + ansible.builtin.apt: update_cache: true - name: daemon reload - systemd: + ansible.builtin.systemd: daemon_reload: true - name: reload sshd - systemd: + ansible.builtin.systemd: name: ssh state: reloaded - name: reload nginx - systemd: + ansible.builtin.systemd: name: nginx state: reloaded - name: persist iptables - shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}" + ansible.builtin.shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}" with_items: - { c: iptables, ip: v4 } - { c: ip6tables, ip: v6 } diff --git a/roles/common/tasks/apt-minimal.yaml b/roles/common/tasks/apt-minimal.yaml index bc74ff6..c8e01d8 100644 --- a/roles/common/tasks/apt-minimal.yaml +++ b/roles/common/tasks/apt-minimal.yaml @@ -1,6 +1,6 @@ --- - name: Configure auto-upgrades - template: + ansible.builtin.template: src: apt-minimal dest: /etc/apt/apt.conf.d/20minimal owner: root diff --git a/roles/common/tasks/debian-backports.yaml b/roles/common/tasks/debian-backports.yaml index fc6be9b..87f178d 100644 --- a/roles/common/tasks/debian-backports.yaml +++ b/roles/common/tasks/debian-backports.yaml @@ -1,6 +1,6 @@ --- - name: Install backports source list - template: + ansible.builtin.template: src: backports-source.list dest: /etc/apt/sources.list.d/backports.list owner: root @@ -8,4 +8,4 @@ mode: 0644 notify: apt update -- meta: flush_handlers +- ansible.builtin.meta: flush_handlers diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml index 241c60a..abc0ae9 100644 --- a/roles/common/tasks/debian-upgrade.yaml +++ b/roles/common/tasks/debian-upgrade.yaml @@ -1,6 +1,6 @@ --- - name: Install source list - template: + ansible.builtin.template: src: stable-sources.list dest: /etc/apt/sources.list owner: root @@ -8,21 +8,21 @@ mode: 0644 - name: Remove backports - file: + ansible.builtin.file: path: /etc/apt/sources.list.d/backports.list state: absent - name: update - apt: + ansible.builtin.apt: update_cache: yes - name: full-upgrade - apt: + ansible.builtin.apt: upgrade: full - name: Reboot - reboot: + ansible.builtin.reboot: - name: autoremove - apt: + ansible.builtin.apt: autoremove: yes diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 64f80c3..0f19df2 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -1,35 +1,42 @@ --- - tags: [ debian-upgrade, never ] - import_tasks: debian-upgrade.yaml + ansible.builtin.import_tasks: + file: debian-upgrade.yaml when: ansible_facts['distribution_release'] != "bookworm" - tags: debian_backports - import_tasks: debian-backports.yaml + ansible.builtin.import_tasks: + file: debian-backports.yaml - tags: unattended_updates - import_tasks: unattended-updates.yaml + ansible.builtin.import_tasks: + file: unattended-updates.yaml - tags: apt-minimal - import_tasks: apt-minimal.yaml + ansible.builtin.import_tasks: + file: apt-minimal.yaml - tags: network - import_tasks: network.yaml + ansible.builtin.import_tasks: + file: network.yaml - tags: node-exporter - import_tasks: node-exporter.yaml + ansible.builtin.import_tasks: + file: node-exporter.yaml - tags: vm - import_tasks: node-exporter.yaml + ansible.builtin.import_tasks: + file: node-exporter.yaml when: is_vm - name: Remove Vim - apt: + ansible.builtin.apt: name: vim state: absent autoremove: true - name: Install utilities - apt: + ansible.builtin.apt: name: - curl - fzf @@ -46,38 +53,38 @@ - neovim - name: Remove netcat-traditional - apt: + ansible.builtin.apt: name: netcat-traditional - name: Configure FZF for Bash - lineinfile: + ansible.builtin.lineinfile: path: /etc/bash.bashrc insertafter: EOF regexp: "^source /usr/share/doc/fzf/examples/key-bindings.bash" line: "source /usr/share/doc/fzf/examples/key-bindings.bash # Managed by Ansible" - name: Configure FZF for Bash (Bookworm) - lineinfile: + ansible.builtin.lineinfile: path: /etc/bash.bashrc insertafter: EOF regexp: "^source /usr/share/doc/fzf/examples/completion.bash" state: absent - name: Shorten Grub timeout - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/grub regexp: '^GRUB_TIMEOUT=' line: "GRUB_TIMEOUT=1 # Managed by Ansible" notify: update grub - name: Configure cron email - lineinfile: + ansible.builtin.lineinfile: path: /etc/crontab insertafter: '^PATH' line: 'MAILTO={{ notify_email }}' - name: Configure SSH - lineinfile: + ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regexp: "{{ item.regexp }}" line: "{{ item.line }}" @@ -91,7 +98,7 @@ notify: reload sshd - name: Allow SSH - iptables: + ansible.builtin.iptables: chain: INPUT protocol: tcp destination_port: "{{ ssh_port }}" @@ -104,7 +111,7 @@ notify: persist iptables - name: Allow ICMP - iptables: + ansible.builtin.iptables: chain: INPUT protocol: "{{ item.proto }}" jump: ACCEPT @@ -115,7 +122,7 @@ notify: persist iptables - name: Allow related and established connections - iptables: + ansible.builtin.iptables: chain: INPUT ctstate: ESTABLISHED,RELATED jump: ACCEPT @@ -126,7 +133,7 @@ notify: persist iptables - name: Allow local connections - iptables: + ansible.builtin.iptables: chain: INPUT source: "{{ item.cidr }}" jump: ACCEPT @@ -135,7 +142,7 @@ notify: persist iptables - name: Deny inbound connections - iptables: + ansible.builtin.iptables: chain: INPUT policy: DROP ip_version: "{{ item }}" diff --git a/roles/common/tasks/network.yaml b/roles/common/tasks/network.yaml index 47053a9..9d5e471 100644 --- a/roles/common/tasks/network.yaml +++ b/roles/common/tasks/network.yaml @@ -1,12 +1,12 @@ --- - name: Install bridge-utils - apt: + ansible.builtin.apt: name: bridge-utils state: present when: network_br - name: Configure sysctl.conf - lineinfile: + ansible.builtin.lineinfile: path: /etc/sysctl.conf regexp: "^#?{{ item.k }}" line: "{{ item.k }}={{ item.v }} # Managed by Ansible" @@ -17,7 +17,7 @@ when: network_br - name: Make network interfaces really predictable - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/grub regexp: ^GRUB_CMDLINE_LINUX line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible' @@ -27,7 +27,7 @@ when: network_br or network_dhcp or network_static - name: Configure network interfaces - template: + ansible.builtin.template: src: network-interfaces dest: /etc/network/interfaces owner: root @@ -36,4 +36,4 @@ notify: reboot when: network_br or network_dhcp or network_static -- meta: flush_handlers +- ansible.builtin.meta: flush_handlers diff --git a/roles/common/tasks/node-exporter.yaml b/roles/common/tasks/node-exporter.yaml index fa899d1..c496429 100644 --- a/roles/common/tasks/node-exporter.yaml +++ b/roles/common/tasks/node-exporter.yaml @@ -1,12 +1,12 @@ --- - name: Install node-exporter - apt: + ansible.builtin.apt: name: prometheus-node-exporter state: present when: node_exporter - name: Remove node-exporter - apt: + ansible.builtin.apt: name: prometheus-node-exporter state: absent autoremove: yes diff --git a/roles/common/tasks/unattended-updates.yaml b/roles/common/tasks/unattended-updates.yaml index ea09772..43a7f96 100644 --- a/roles/common/tasks/unattended-updates.yaml +++ b/roles/common/tasks/unattended-updates.yaml @@ -1,13 +1,13 @@ --- - name: Install unattended-upgrades - apt: + ansible.builtin.apt: name: - unattended-upgrades - apt-listchanges state: present - name: Configure auto-upgrades - template: + ansible.builtin.template: src: auto-upgrades dest: /etc/apt/apt.conf.d/20auto-upgrades owner: root @@ -15,7 +15,7 @@ mode: 0644 - name: Configure unattended-upgrades - template: + ansible.builtin.template: src: unattended-upgrades dest: /etc/apt/apt.conf.d/50unattended-upgrades owner: root diff --git a/roles/common/tasks/vm.yaml b/roles/common/tasks/vm.yaml index fa34a4e..1834bd9 100644 --- a/roles/common/tasks/vm.yaml +++ b/roles/common/tasks/vm.yaml @@ -1,10 +1,10 @@ --- - name: Install guest agent - apt: + ansible.builtin.apt: name: qemu-guest-agent - name: Serial Console - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/grub regexp: ^GRUB_CMDLINE_LINUX_DEFAULT line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"' @@ -12,4 +12,4 @@ - update grub - reboot -- meta: flush_handlers +- ansible.builtin.meta: flush_handlers diff --git a/roles/etherpad/handlers/main.yaml b/roles/etherpad/handlers/main.yaml index 39fb4d8..82924a6 100644 --- a/roles/etherpad/handlers/main.yaml +++ b/roles/etherpad/handlers/main.yaml @@ -1,8 +1,9 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml - name: restart etherpad - systemd: + ansible.builtin.systemd: name: etherpad state: restarted daemon_reload: true diff --git a/roles/etherpad/tasks/main.yaml b/roles/etherpad/tasks/main.yaml index a0bef42..2afe1f6 100644 --- a/roles/etherpad/tasks/main.yaml +++ b/roles/etherpad/tasks/main.yaml @@ -1,20 +1,23 @@ --- - tags: etherpad block: - - import_tasks: ../../../snippets/common-nginx.yaml + - ansible.builtin.import_tasks: + file: ../../../snippets/common-nginx.yaml - name: Install dependencies - apt: + ansible.builtin.apt: name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ] - name: Import nodesource signing key - shell: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg + ansible.builtin.shell: + cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor + -o /usr/share/keyrings/nodesource.gpg args: creates: /usr/share/keyrings/nodesource.gpg notify: apt update - name: Install nodesource source list - template: + ansible.builtin.template: src: nodesource.list dest: /etc/apt/sources.list.d/nodesource.list owner: root @@ -23,7 +26,7 @@ notify: apt update - name: Install nodejs apt preference - template: + ansible.builtin.template: src: nodejs-apt-pref dest: /etc/apt/preferences.d/nodejs owner: root @@ -31,10 +34,10 @@ mode: 0644 notify: apt update - - meta: flush_handlers + - ansible.builtin.meta: flush_handlers - name: Install nodejs - apt: + ansible.builtin.apt: name: nodejs - name: Add database user @@ -42,7 +45,7 @@ become_method: su become_user: postgres no_log: yes - postgresql_user: + community.postgresql.postgresql_user: name: etherpad password: "{{ etherpad_db_password }}" @@ -50,17 +53,17 @@ become: true become_method: su become_user: postgres - postgresql_db: + community.postgresql.postgresql_db: name: "{{ etherpad_db_name }}" owner: "{{ etherpad_db_user }}" - name: Add etherpad user - user: + ansible.builtin.user: name: etherpad home: /var/lib/etherpad - name: Create log file - file: + ansible.builtin.file: path: /var/log/etherpad.log state: touch owner: etherpad @@ -68,7 +71,7 @@ mode: 0644 - name: Create source directory - file: + ansible.builtin.file: path: /opt/etherpad state: directory owner: etherpad @@ -79,7 +82,7 @@ become: yes become_method: su become_user: etherpad - git: + ansible.builtin.git: repo: https://github.com/ether/etherpad-lite.git version: master dest: /opt/etherpad @@ -87,7 +90,7 @@ notify: restart etherpad - name: Install etherpad config - template: + ansible.builtin.template: src: settings.json dest: /opt/etherpad/settings.json owner: root @@ -96,7 +99,7 @@ notify: restart etherpad - name: Install etherpad service - template: + ansible.builtin.template: src: etherpad.service dest: /etc/systemd/system/etherpad.service owner: root @@ -105,14 +108,14 @@ notify: restart etherpad - name: Start etherpad - systemd: + ansible.builtin.systemd: daemon_reload: true name: etherpad state: started enabled: yes - name: Install nginx config - template: + ansible.builtin.template: src: nginx-site.conf dest: /etc/nginx/sites-enabled/etherpad owner: root @@ -121,7 +124,7 @@ notify: reload nginx - name: Allow HTTP and HTTPS - iptables: + ansible.builtin.iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" diff --git a/roles/etherpad/tasks/requirements.yml b/roles/etherpad/tasks/requirements.yml new file mode 100644 index 0000000..060cde3 --- /dev/null +++ b/roles/etherpad/tasks/requirements.yml @@ -0,0 +1,3 @@ +collections: + - name: community.postgresql + version: 2.3.2 diff --git a/roles/git-ci/handlers/main.yaml b/roles/git-ci/handlers/main.yaml index 99756ad..361ba38 100644 --- a/roles/git-ci/handlers/main.yaml +++ b/roles/git-ci/handlers/main.yaml @@ -1,7 +1,8 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml - name: restart forgejo-runner - systemd: + ansible.builtin.systemd: name: forgejo-runner state: restarted diff --git a/roles/git-ci/tasks/main.yaml b/roles/git-ci/tasks/main.yaml index 87bc533..a01a11a 100644 --- a/roles/git-ci/tasks/main.yaml +++ b/roles/git-ci/tasks/main.yaml @@ -2,18 +2,18 @@ - tags: forgejo_runner block: - name: Install dependencies - apt: + ansible.builtin.apt: name: docker.io - name: Download forgejo-runner - get_url: + ansible.builtin.get_url: url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64" dest: /usr/local/bin/forgejo-runner mode: 0755 notify: restart forgejo-runner - name: Create runner dir - file: + ansible.builtin.file: state: directory path: "{{ runner_wd }}" owner: root @@ -21,13 +21,13 @@ mode: 0755 - name: Register runner - command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" + ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" args: chdir: "{{ runner_wd }}" creates: "{{ runner_wd }}/.runner" - name: Install service file - template: + ansible.builtin.template: src: forgejo-runner.service dest: /etc/systemd/system/forgejo-runner.service owner: root @@ -36,15 +36,15 @@ notify: restart forgejo-runner - name: Enable service - systemd: + ansible.builtin.systemd: name: forgejo-runner enabled: yes daemon_reload: true - name: Start service - systemd: + ansible.builtin.systemd: name: forgejo-runner state: started daemon_reload: true - - meta: flush_handlers + - ansible.builtin.meta: flush_handlers diff --git a/roles/git-server/handlers/main.yaml b/roles/git-server/handlers/main.yaml index 563eeaa..98d3f24 100644 --- a/roles/git-server/handlers/main.yaml +++ b/roles/git-server/handlers/main.yaml @@ -1,7 +1,8 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml - name: reload forgejo - systemd: + ansible.builtin.systemd: name: forgejo state: reloaded diff --git a/roles/git-server/tasks/main.yaml b/roles/git-server/tasks/main.yaml index 91ee37d..4a5bb3c 100644 --- a/roles/git-server/tasks/main.yaml +++ b/roles/git-server/tasks/main.yaml @@ -1,15 +1,16 @@ --- -- import_tasks: ../../../snippets/common-nginx.yaml +- ansible.builtin.import_tasks: + file: ../../../snippets/common-nginx.yaml - name: Install dependencies - apt: + ansible.builtin.apt: name: - git - xq state: present - name: Install nginx site - template: + ansible.builtin.template: src: nginx-site.conf dest: /etc/nginx/sites-available/forgejo owner: root @@ -18,21 +19,21 @@ notify: reload nginx - name: Enable nginx site - file: + ansible.builtin.file: src: /etc/nginx/sites-available/forgejo dest: /etc/nginx/sites-enabled/forgejo state: link notify: reload nginx - name: Create user - user: + ansible.builtin.user: name: "{{ git_server_user }}" home: "{{ git_server_working_dir }}" shell: /bin/bash comment: Git server - name: Create logging dir - file: + ansible.builtin.file: state: directory path: /var/log/forgejo owner: "{{ git_server_user }}" @@ -43,7 +44,7 @@ # TODO: Install initial config - name: Install service file - template: + ansible.builtin.template: src: forgejo.service dest: /etc/systemd/system/forgejo.service owner: root @@ -52,7 +53,7 @@ notify: reload forgejo - name: Install update script - template: + ansible.builtin.template: src: update.sh dest: "{{ git_server_working_dir }}/update.sh" owner: "{{ git_server_user }}" @@ -60,30 +61,30 @@ mode: 0755 - name: Perform initial update - command: "{{ git_server_working_dir }}/update.sh" + ansible.builtin.command: "{{ git_server_working_dir }}/update.sh" args: creates: "{{ git_server_working_dir }}/forgejo" notify: reload forgejo - name: Enable service - systemd: + ansible.builtin.systemd: name: forgejo enabled: yes daemon_reload: true - name: Start service - systemd: + ansible.builtin.systemd: name: forgejo state: started daemon_reload: true - name: Install cronjob - template: + ansible.builtin.template: src: cronjob dest: /etc/cron.d/forgejo - name: Allow Git SSH, HTTP and HTTPS - iptables: + ansible.builtin.iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" @@ -100,5 +101,5 @@ - { ip: ipv6, port: 443 } notify: persist iptables -- debug: +- ansible.builtin.debug: msg: If Forgejo has not been setup yet, please do so manually. diff --git a/roles/go/tasks/main.yaml b/roles/go/tasks/main.yaml index 90348f2..b787d21 100644 --- a/roles/go/tasks/main.yaml +++ b/roles/go/tasks/main.yaml @@ -3,18 +3,18 @@ tags: go,go_install block: - name: Remove Debian Go package - apt: + ansible.builtin.apt: name: golang autoremove: yes state: absent - name: Install dependencies - apt: + ansible.builtin.apt: name: curl state: present - name: Fetch Go latest version - shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//" + ansible.builtin.shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//" changed_when: false register: go_latest_version_shell diff --git a/roles/monitoring/handlers/main.yaml b/roles/monitoring/handlers/main.yaml index ee9948d..678e2cc 100644 --- a/roles/monitoring/handlers/main.yaml +++ b/roles/monitoring/handlers/main.yaml @@ -1,17 +1,18 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml - name: restart mqtt_exporter - systemd: + ansible.builtin.systemd: name: mqtt_exporter state: restarted - name: restart prometheus - systemd: + ansible.builtin.systemd: name: prometheus state: restarted - name: restart grafana - systemd: + ansible.builtin.systemd: name: grafana-server state: restarted diff --git a/roles/monitoring/tasks/blackbox.yaml b/roles/monitoring/tasks/blackbox.yaml index 2385022..ca1fbe0 100644 --- a/roles/monitoring/tasks/blackbox.yaml +++ b/roles/monitoring/tasks/blackbox.yaml @@ -1,4 +1,4 @@ --- - name: Install blackbox exporter - apt: + ansible.builtin.apt: name: prometheus-blackbox-exporter diff --git a/roles/monitoring/tasks/grafana.yaml b/roles/monitoring/tasks/grafana.yaml index b730f17..3e09b8f 100644 --- a/roles/monitoring/tasks/grafana.yaml +++ b/roles/monitoring/tasks/grafana.yaml @@ -1,24 +1,24 @@ --- - name: Add key - get_url: + ansible.builtin.get_url: url: https://apt.grafana.com/gpg.key dest: /etc/apt/keyrings/grafana.asc notify: apt update - name: Grafana source - copy: + ansible.builtin.copy: dest: /etc/apt/sources.list.d/grafana.list content: "deb [signed-by=/etc/apt/keyrings/grafana.asc] https://apt.grafana.com stable main" notify: apt update -- meta: flush_handlers +- ansible.builtin.meta: flush_handlers - name: Install Grafana - apt: + ansible.builtin.apt: name: grafana - name: Configure grafana - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root @@ -30,7 +30,7 @@ - { src: grafana-ldap.toml, dest: /etc/grafana/ldap.toml } - name: Configure grafana data source - template: + ansible.builtin.template: src: grafana-data-source.yml dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml" owner: root diff --git a/roles/monitoring/tasks/main.yaml b/roles/monitoring/tasks/main.yaml index e03ad9c..a13313c 100644 --- a/roles/monitoring/tasks/main.yaml +++ b/roles/monitoring/tasks/main.yaml @@ -2,10 +2,11 @@ - name: monitoring tags: monitoring block: - - import_tasks: ../../../snippets/common-nginx.yaml + - ansible.builtin.import_tasks: + file: ../../../snippets/common-nginx.yaml - name: Install nginx site - template: + ansible.builtin.template: src: nginx-site.conf dest: /etc/nginx/sites-available/monitoring owner: root @@ -14,20 +15,20 @@ notify: reload nginx - name: Enable nginx site - file: + ansible.builtin.file: src: /etc/nginx/sites-available/monitoring dest: /etc/nginx/sites-enabled/monitoring state: link notify: reload nginx - name: Start nginx - systemd: + ansible.builtin.systemd: name: nginx state: started enabled: yes - name: Allow HTTP/HTTPS - iptables: + ansible.builtin.iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" @@ -42,16 +43,20 @@ - name: mqtt_exporter tags: mqtt_exporter - import_tasks: mqtt_exporter.yaml + ansible.builtin.import_tasks: + file: mqtt_exporter.yaml - name: blackbox tags: blackbox - import_tasks: blackbox.yaml + ansible.builtin.import_tasks: + file: blackbox.yaml - name: prometheus tags: prometheus - import_tasks: prometheus.yaml + ansible.builtin.import_tasks: + file: prometheus.yaml - name: grafana tags: grafana - import_tasks: grafana.yaml + ansible.builtin.import_tasks: + file: grafana.yaml diff --git a/roles/monitoring/tasks/mqtt_exporter.yaml b/roles/monitoring/tasks/mqtt_exporter.yaml index 2fee482..4fda9d9 100644 --- a/roles/monitoring/tasks/mqtt_exporter.yaml +++ b/roles/monitoring/tasks/mqtt_exporter.yaml @@ -1,6 +1,6 @@ --- - name: Clone source - git: + ansible.builtin.git: repo: https://github.com/polyfloyd/mqtt-exporter.git version: main dest: /opt/mqtt_exporter @@ -8,7 +8,7 @@ notify: restart mqtt_exporter - name: Install apt dependencies - apt: + ansible.builtin.apt: name: - python3-paho-mqtt - python3-prometheus-client @@ -16,7 +16,7 @@ state: present - name: Install service - template: + ansible.builtin.template: src: mqtt_exporter.service dest: /etc/systemd/system/mqtt_exporter.service owner: root @@ -27,7 +27,7 @@ - restart mqtt_exporter - name: Install config file - template: + ansible.builtin.template: src: mqtt_exporter_config.yaml dest: /etc/mqtt_exporter.yaml owner: root @@ -37,10 +37,10 @@ - daemon reload - restart mqtt_exporter -- meta: flush_handlers +- ansible.builtin.meta: flush_handlers - name: Start service - systemd: + ansible.builtin.systemd: name: mqtt_exporter state: started enabled: true diff --git a/roles/monitoring/tasks/prometheus.yaml b/roles/monitoring/tasks/prometheus.yaml index f6c5865..30522b5 100644 --- a/roles/monitoring/tasks/prometheus.yaml +++ b/roles/monitoring/tasks/prometheus.yaml @@ -1,10 +1,10 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: prometheus - name: Configure Prometheus - template: + ansible.builtin.template: src: prometheus.yml dest: "{{ prometheus_config_dir }}/prometheus.yml" owner: root @@ -13,7 +13,7 @@ notify: restart prometheus - name: Configure Prometheus args - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/prometheus line: >- ARGS=" diff --git a/roles/mqtt-internal/handlers/main.yaml b/roles/mqtt-internal/handlers/main.yaml index ca73bed..595258d 100644 --- a/roles/mqtt-internal/handlers/main.yaml +++ b/roles/mqtt-internal/handlers/main.yaml @@ -1,7 +1,8 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml - name: restart mosquitto - systemd: + ansible.builtin.systemd: name: mosquitto state: restarted diff --git a/roles/mqtt-internal/tasks/main.yaml b/roles/mqtt-internal/tasks/main.yaml index 4aec7bb..e468d01 100644 --- a/roles/mqtt-internal/tasks/main.yaml +++ b/roles/mqtt-internal/tasks/main.yaml @@ -3,13 +3,13 @@ tags: mqtt_internal block: - name: Install dependencies - apt: + ansible.builtin.apt: name: - mosquitto - avahi-daemon - name: Configure Mosquitto - template: + ansible.builtin.template: src: "{{ item }}" dest: "/etc/mosquitto/conf.d/{{ item }}" owner: root @@ -21,7 +21,7 @@ - public-bridge.conf - name: Start mosquitto - systemd: + ansible.builtin.systemd: name: mosquitto state: started enabled: yes diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 4dea39a..5ef0e4f 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -1,37 +1,39 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml - name: restart trollibox - systemd: + ansible.builtin.systemd: name: trollibox state: restarted daemon_reload: true - name: rebuild librespot - command: /root/.cargo/bin/cargo build --release --features jackaudio-backend + ansible.builtin.command: + cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend args: chdir: /opt/librespot - name: restart librespot - systemd: + ansible.builtin.systemd: name: librespot state: restarted daemon_reload: true - name: restart soundboard - systemd: + ansible.builtin.systemd: name: soundboard state: restarted daemon_reload: true - name: restart mpd-volume-to-mqtt - systemd: + ansible.builtin.systemd: name: mpd-volume-to-mqtt state: restarted daemon_reload: true - name: restart skipbutton - systemd: + ansible.builtin.systemd: name: skipbutton state: restarted daemon_reload: true diff --git a/roles/music/tasks/librespot.yaml b/roles/music/tasks/librespot.yaml index 22ceac3..9bf3154 100644 --- a/roles/music/tasks/librespot.yaml +++ b/roles/music/tasks/librespot.yaml @@ -1,11 +1,11 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: libjack-jackd2-dev state: present - name: Clone librespot source - git: + ansible.builtin.git: repo: https://github.com/librespot-org/librespot.git version: dev dest: /opt/librespot @@ -15,7 +15,7 @@ - restart librespot - name: Install service file - template: + ansible.builtin.template: src: librespot.service dest: /etc/systemd/system/librespot.service owner: root @@ -24,7 +24,7 @@ notify: restart librespot - name: Enable Librespot - systemd: + ansible.builtin.systemd: name: librespot state: started enabled: true diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index 7d8e4c0..e91f146 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -1,22 +1,27 @@ --- - tags: music_mpd - import_tasks: mpd.yaml + ansible.builtin.import_tasks: + file: mpd.yaml - tags: music_trollibox - import_tasks: trollibox.yaml + ansible.builtin.import_tasks: + file: trollibox.yaml - tags: music_librespot - import_tasks: librespot.yaml + ansible.builtin.import_tasks: + file: librespot.yaml - tags: music_soundboard - import_tasks: soundboard.yaml + ansible.builtin.import_tasks: + file: soundboard.yaml - tags: music block: - - import_tasks: ../../../snippets/common-nginx.yaml + - ansible.builtin.import_tasks: + file: ../../../snippets/common-nginx.yaml - name: Install nginx config - template: + ansible.builtin.template: src: nginx-site.conf dest: /etc/nginx/sites-enabled/trollibox owner: root diff --git a/roles/music/tasks/mpd.yaml b/roles/music/tasks/mpd.yaml index 5ea6a27..d372d12 100644 --- a/roles/music/tasks/mpd.yaml +++ b/roles/music/tasks/mpd.yaml @@ -1,6 +1,6 @@ --- - name: Install MPD - apt: + ansible.builtin.apt: name: - jackd - mpd @@ -9,7 +9,7 @@ state: present - name: Install mpd-volume-to-mqtt script - template: + ansible.builtin.template: src: mpd-volume-to-mqtt.sh dest: /opt/mpd-volume-to-mqtt.sh owner: root @@ -18,7 +18,7 @@ notify: restart mpd-volume-to-mqtt - name: Install mpd-volume-to-mqtt service - template: + ansible.builtin.template: src: mpd-volume-to-mqtt.service dest: /etc/systemd/system/mpd-volume-to-mqtt.service owner: root @@ -27,14 +27,14 @@ notify: restart mpd-volume-to-mqtt - name: Enable mpd-volume-to-mqtt - systemd: + ansible.builtin.systemd: name: mpd-volume-to-mqtt state: started enabled: true daemon_reload: true - name: Clone skipbutton source - git: + ansible.builtin.git: repo: https://github.com/bitlair/skipbutton.git version: master dest: /opt/skipbutton @@ -42,7 +42,7 @@ notify: restart skipbutton - name: Install skipbutton service - template: + ansible.builtin.template: src: skipbutton.service dest: /etc/systemd/system/skipbutton.service owner: root @@ -51,7 +51,7 @@ notify: restart skipbutton - name: Enable skipbutton - systemd: + ansible.builtin.systemd: name: skipbutton state: started enabled: true diff --git a/roles/music/tasks/soundboard.yaml b/roles/music/tasks/soundboard.yaml index a7d1f6b..6068976 100644 --- a/roles/music/tasks/soundboard.yaml +++ b/roles/music/tasks/soundboard.yaml @@ -1,11 +1,11 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: virtualenv state: present - name: Clone soundboard source - git: + ansible.builtin.git: repo: https://github.com/polyfloyd/mqtt-soundboard.git version: main dest: /opt/soundboard @@ -13,17 +13,19 @@ notify: restart soundboard - name: Create virtualenv - command: virtualenv /opt/soundboard/.venv + ansible.builtin.command: + cmd: virtualenv /opt/soundboard/.venv args: creates: /opt/soundboard/.venv - name: Install Python dependencies - shell: . .venv/bin/activate && pip install -r requirements.txt + ansible.builtin.shell: + cmd: . .venv/bin/activate && pip install -r requirements.txt args: chdir: /opt/soundboard - name: Install soundboard config file - template: + ansible.builtin.template: src: soundboard.yaml dest: /etc/soundboard.yaml owner: root @@ -32,7 +34,7 @@ notify: restart soundboard - name: Install soundboard service file - template: + ansible.builtin.template: src: soundboard.service dest: /etc/systemd/system/soundboard.service owner: root @@ -41,7 +43,7 @@ notify: restart soundboard - name: Enable soundboard - systemd: + ansible.builtin.systemd: name: soundboard state: started enabled: true diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml index 4ac9455..29c544a 100644 --- a/roles/music/tasks/trollibox.yaml +++ b/roles/music/tasks/trollibox.yaml @@ -1,6 +1,6 @@ --- - name: Install Trollibox config - template: + ansible.builtin.template: src: trollibox.yaml dest: /etc/trollibox.yaml owner: root @@ -9,16 +9,18 @@ notify: restart trollibox - name: Get latest Trollibox version from Github API - get_url: + ansible.builtin.get_url: url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest" dest: "/tmp/_ansible_trollibox_latest_release.json" - name: Get download url - shell: cat "/tmp/_ansible_trollibox_latest_release.json" | jq '.assets[] | select(.name | contains("linux-amd64")) | .browser_download_url' -r + ansible.builtin.shell: + cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name + | contains("linux-amd64")) | .browser_download_url -r register: "trollibox_download_url" - name: Download Trollibox - unarchive: + ansible.builtin.unarchive: src: "{{ trollibox_download_url.stdout }}" remote_src: yes dest: /usr/local/bin @@ -27,7 +29,7 @@ notify: restart trollibox - name: Install service file - template: + ansible.builtin.template: src: trollibox.service dest: /etc/systemd/system/trollibox.service owner: root @@ -36,7 +38,7 @@ notify: restart trollibox - name: Enable Trollibox - systemd: + ansible.builtin.systemd: name: trollibox state: started enabled: true diff --git a/roles/photos/handlers/main.yaml b/roles/photos/handlers/main.yaml index 0d76217..68efaa9 100644 --- a/roles/photos/handlers/main.yaml +++ b/roles/photos/handlers/main.yaml @@ -1,12 +1,12 @@ --- - name: restart photo-gallery - systemd: + ansible.builtin.systemd: name: photo-gallery state: restarted daemon_reload: true - name: restart photos2mqtt - systemd: + ansible.builtin.systemd: name: photos2mqtt state: restarted daemon_reload: true diff --git a/roles/photos/tasks/bambulab-fetch.yaml b/roles/photos/tasks/bambulab-fetch.yaml index 436c39e..ef2d351 100644 --- a/roles/photos/tasks/bambulab-fetch.yaml +++ b/roles/photos/tasks/bambulab-fetch.yaml @@ -1,10 +1,10 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: curl - name: Install fetch script - template: + ansible.builtin.template: src: bambulab-fetch.sh dest: /opt/bambulab-fetch.sh owner: root @@ -12,7 +12,7 @@ mode: 0755 - name: Install service - template: + ansible.builtin.template: src: bambulab-fetch.service dest: /etc/systemd/system/bambulab-fetch.service owner: root @@ -21,7 +21,7 @@ notify: daemon reload - name: Install timer - template: + ansible.builtin.template: src: bambulab-fetch.timer dest: /etc/systemd/system/bambulab-fetch.timer owner: root @@ -30,7 +30,7 @@ notify: daemon reload - name: Enable timer - systemd: + ansible.builtin.systemd: name: bambulab-fetch state: started enabled: yes diff --git a/roles/photos/tasks/main.yaml b/roles/photos/tasks/main.yaml index 64ac2da..f98b174 100644 --- a/roles/photos/tasks/main.yaml +++ b/roles/photos/tasks/main.yaml @@ -1,9 +1,12 @@ --- - tags: photos-gallery - import_tasks: photo-gallery.yaml + ansible.builtin.import_tasks: + file: photo-gallery.yaml - tags: photos-mqtt - import_tasks: photos2mqtt.yaml + ansible.builtin.import_tasks: + file: photos2mqtt.yaml - tags: bambulab-fetch - import_tasks: bambulab-fetch.yaml + ansible.builtin.import_tasks: + file: bambulab-fetch.yaml diff --git a/roles/photos/tasks/photo-gallery.yaml b/roles/photos/tasks/photo-gallery.yaml index bfad09c..6551040 100644 --- a/roles/photos/tasks/photo-gallery.yaml +++ b/roles/photos/tasks/photo-gallery.yaml @@ -1,10 +1,10 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: [ nodejs, npm, imagemagick, graphicsmagick, ffmpeg ] - name: Clone source - git: + ansible.builtin.git: repo: https://github.com/bitlair/photo-gallery.git version: master dest: /opt/photo-gallery @@ -12,7 +12,7 @@ notify: restart photo-gallery - name: Install photo-gallery config file - template: + ansible.builtin.template: src: photo-gallery-config.json dest: /opt/photo-gallery/config.json owner: root @@ -21,7 +21,7 @@ notify: restart photo-gallery - name: Install photo-gallery service file - template: + ansible.builtin.template: src: photo-gallery.service dest: /etc/systemd/system/photo-gallery.service owner: root @@ -30,7 +30,7 @@ notify: restart photo-gallery - name: Start photo-gallery - systemd: + ansible.builtin.systemd: name: photo-gallery state: started enabled: yes diff --git a/roles/photos/tasks/photos2mqtt.yaml b/roles/photos/tasks/photos2mqtt.yaml index 9b9b453..9f14cff 100644 --- a/roles/photos/tasks/photos2mqtt.yaml +++ b/roles/photos/tasks/photos2mqtt.yaml @@ -1,15 +1,16 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: - make - liblinux-inotify2-perl - name: Install mqtt-simple - command: cpan Net::MQTT::Simple + ansible.builtin.command: + cmd: cpan Net::MQTT::Simple - name: Install photos2mqtt - template: + ansible.builtin.template: src: photos2mqtt.pl dest: /opt/photos2mqtt.pl owner: root @@ -18,7 +19,7 @@ notify: restart photos2mqtt - name: Install photos2mqtt service file - template: + ansible.builtin.template: src: photos2mqtt.service dest: /etc/systemd/system/photos2mqtt.service owner: root @@ -27,7 +28,7 @@ notify: restart photos2mqtt - name: Start photos2mqtt - systemd: + ansible.builtin.systemd: name: photos2mqtt state: started enabled: yes diff --git a/roles/raspi/handlers/main.yaml b/roles/raspi/handlers/main.yaml index 68a75c2..e7a11ce 100644 --- a/roles/raspi/handlers/main.yaml +++ b/roles/raspi/handlers/main.yaml @@ -1,2 +1,3 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml diff --git a/roles/raspi/tasks/main.yaml b/roles/raspi/tasks/main.yaml index 221f1ab..a787e5c 100644 --- a/roles/raspi/tasks/main.yaml +++ b/roles/raspi/tasks/main.yaml @@ -1,24 +1,25 @@ --- - name: Check whether user pi exists - command: "grep ^pi: /etc/passwd" + ansible.builtin.command: + cmd: 'grep ^pi: /etc/passwd' changed_when: no failed_when: pi_user_check.rc != 0 and pi_user_check.rc != 1 register: pi_user_check - name: Disable default user - user: + ansible.builtin.user: name: pi password: ! when: pi_user_check.stdout_lines|length > 0 - name: Enable sshd - systemd: + ansible.builtin.systemd: name: sshd enabled: yes state: started - name: Rotate display - lineinfile: + ansible.builtin.lineinfile: path: /boot/config.txt line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible" regexp: "^#?display_rotate" @@ -28,18 +29,19 @@ - name: Disable swap block: - name: Stop swap service - systemd: + ansible.builtin.systemd: name: dphys-swapfile state: stopped enabled: no - name: Remove swap file - command: dphys-swapfile uninstall + ansible.builtin.command: + cmd: dphys-swapfile uninstall args: removes: /var/swap - name: Enable IPv6 SLAAC - lineinfile: + ansible.builtin.lineinfile: path: /etc/dhcpcd.conf line: "slaac hwaddr # Managed by Ansible" regexp: "^#?slaac" diff --git a/roles/services/handlers/main.yaml b/roles/services/handlers/main.yaml index c51b7bf..125fc4d 100644 --- a/roles/services/handlers/main.yaml +++ b/roles/services/handlers/main.yaml @@ -1,56 +1,57 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml - name: restart irc-bot - systemd: + ansible.builtin.systemd: name: irc-bot state: restarted daemon_reload: true - name: restart irc-photos - systemd: + ansible.builtin.systemd: name: irc-photos state: restarted daemon_reload: true - name: restart irc-doorduino - systemd: + ansible.builtin.systemd: name: irc-doorduino state: restarted daemon_reload: true - name: restart discord-bot - systemd: + ansible.builtin.systemd: name: discord-bot state: restarted daemon_reload: true - name: restart siahsd - systemd: + ansible.builtin.systemd: name: siahsd state: restarted daemon_reload: true - name: restart spacestated - systemd: + ansible.builtin.systemd: name: spacestated state: restarted daemon_reload: true - name: restart mastodon-spacestate - systemd: + ansible.builtin.systemd: name: mastodon-spacestate state: restarted daemon_reload: true - name: restart wifi-mqtt - systemd: + ansible.builtin.systemd: name: wifi-mqtt state: restarted daemon_reload: true - name: restart power-mqtt - systemd: + ansible.builtin.systemd: name: power-mqtt state: restarted daemon_reload: true diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index de74de0..16c20d6 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -1,23 +1,25 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: - python3-paho-mqtt - python3-tz - virtualenv - name: Create virtualenv - command: virtualenv /opt/miflora_exporter/.venv + ansible.builtin.command: + cmd: virtualenv /opt/miflora_exporter/.venv args: creates: /var/lib/discord-bot/.venv - name: Install Python dependencies - shell: . .venv/bin/activate && pip install -r requirements.txt + ansible.builtin.shell: + cmd: . .venv/bin/activate && pip install -r requirements.txt args: chdir: /var/lib/discord-bot - name: Clone source - git: + ansible.builtin.git: repo: https://github.com/bitlair/discord-bot.git version: main dest: /var/lib/discord-bot @@ -25,7 +27,7 @@ notify: restart discord-bot - name: Install service file - template: + ansible.builtin.template: src: discord-bot.service dest: /etc/systemd/system/discord-bot.service owner: root @@ -34,7 +36,7 @@ notify: restart discord-bot - name: Start discord-bot - systemd: + ansible.builtin.systemd: name: discord-bot state: started enabled: yes diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml index d71c9d9..6d9462a 100644 --- a/roles/services/tasks/ircbot.yaml +++ b/roles/services/tasks/ircbot.yaml @@ -1,6 +1,6 @@ --- - name: Clone source - git: + ansible.builtin.git: repo: https://github.com/bitlair/irc-bot.git version: master dest: /var/lib/irc-bot @@ -8,13 +8,13 @@ notify: restart irc-bot - name: Link irc-say - file: + ansible.builtin.file: state: link src: /var/lib/irc-bot/irc-say dest: /usr/local/bin/irc-say - name: Install service file - template: + ansible.builtin.template: src: generic.service dest: /etc/systemd/system/irc-bot.service owner: root @@ -26,19 +26,19 @@ notify: restart irc-bot - name: Start irc-bot - systemd: + ansible.builtin.systemd: name: irc-bot state: started enabled: yes daemon_reload: true - name: Create helpers dir - file: + ansible.builtin.file: path: /var/lib/irc-helpers state: directory - name: Install photos notification - template: + ansible.builtin.template: src: irc-photos.sh dest: /var/lib/irc-helpers/photos.sh owner: root @@ -47,7 +47,7 @@ notify: restart irc-photos - name: Install photos notification service - template: + ansible.builtin.template: src: generic.service dest: /etc/systemd/system/irc-photos.service owner: root @@ -60,14 +60,14 @@ notify: restart irc-photos - name: Start irc-photos - systemd: + ansible.builtin.systemd: name: irc-photos state: started enabled: yes daemon_reload: true - name: Install doorduino notification - template: + ansible.builtin.template: src: irc-doorduino.sh dest: /var/lib/irc-helpers/doorduino.sh owner: root @@ -76,7 +76,7 @@ notify: restart irc-doorduino - name: Install doorduino notification service - template: + ansible.builtin.template: src: generic.service dest: /etc/systemd/system/irc-doorduino.service owner: root @@ -89,7 +89,7 @@ notify: restart irc-doorduino - name: Start irc-doorduino - systemd: + ansible.builtin.systemd: name: irc-doorduino state: started enabled: yes diff --git a/roles/services/tasks/main.yaml b/roles/services/tasks/main.yaml index 3cc006d..5f17300 100644 --- a/roles/services/tasks/main.yaml +++ b/roles/services/tasks/main.yaml @@ -1,9 +1,10 @@ --- - tags: services_ircbot - import_tasks: ircbot.yaml + ansible.builtin.import_tasks: + file: ircbot.yaml - tags: services_discord_bot - import_tasks: discord_bot.yaml + ansible.builtin.import_tasks: discord_bot.yaml - tags: services_siahsd import_tasks: siahsd.yaml diff --git a/roles/services/tasks/mastodon_spacestate.yaml b/roles/services/tasks/mastodon_spacestate.yaml index b9883dd..47886de 100644 --- a/roles/services/tasks/mastodon_spacestate.yaml +++ b/roles/services/tasks/mastodon_spacestate.yaml @@ -1,12 +1,12 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: - python3-mastodon - python3-paho-mqtt - name: Clone source - git: + ansible.builtin.git: repo: https://github.com/bitlair/mastodon-spacestate.git version: main dest: /var/lib/mastodon-spacestate @@ -14,7 +14,7 @@ notify: restart mastodon-spacestate - name: Install config - template: + ansible.builtin.template: src: mastodon-spacestate-config.py dest: /var/lib/mastodon-spacestate/config.py owner: root @@ -23,7 +23,7 @@ notify: restart mastodon-spacestate - name: Install service file - template: + ansible.builtin.template: src: mastodon-spacestate.service dest: /etc/systemd/system/mastodon-spacestate.service owner: root @@ -32,7 +32,7 @@ notify: restart mastodon-spacestate - name: Start mastodon-spacestate - systemd: + ansible.builtin.systemd: name: mastodon-spacestate state: started enabled: yes diff --git a/roles/services/tasks/power_mqtt.yaml b/roles/services/tasks/power_mqtt.yaml index a3adc3c..3cc3e0f 100644 --- a/roles/services/tasks/power_mqtt.yaml +++ b/roles/services/tasks/power_mqtt.yaml @@ -1,10 +1,10 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: [python3-paho-mqtt, python3-requests] - name: Install power-mqtt - template: + ansible.builtin.template: src: power-mqtt.py dest: /var/lib/power-mqtt.py owner: root @@ -13,12 +13,12 @@ notify: restart power-mqtt - name: Remove old service - file: + ansible.builtin.file: path: /etc/systemd/system/power-mqtt.service state: absent - name: Install power-mqtt service - template: + ansible.builtin.template: src: generic.service dest: /etc/systemd/system/power-mqtt@.service owner: root @@ -30,7 +30,7 @@ notify: restart power-mqtt@ - name: Enable power-mqtt - systemd: + ansible.builtin.systemd: name: "power-mqtt@{{ item.net }}/{{ item.ip }}" state: started enabled: yes diff --git a/roles/services/tasks/siahsd.yaml b/roles/services/tasks/siahsd.yaml index 136c216..2d924c8 100644 --- a/roles/services/tasks/siahsd.yaml +++ b/roles/services/tasks/siahsd.yaml @@ -2,7 +2,7 @@ # TODO: Install and build - name: Create directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: siahsd @@ -12,7 +12,7 @@ - /var/lib/siahsd - name: Install config file - template: + ansible.builtin.template: src: siahsd.conf dest: /etc/siahsd.conf owner: root @@ -21,7 +21,7 @@ notify: restart siahsd - name: Install service file - template: + ansible.builtin.template: src: siahsd.service dest: /etc/systemd/system/siahsd.service owner: root @@ -30,14 +30,14 @@ notify: restart siahsd - name: Start siahsd - systemd: + ansible.builtin.systemd: name: siahsd state: started enabled: yes daemon_reload: true - name: Allow siahsd traffic - iptables: + ansible.builtin.iptables: chain: INPUT protocol: udp destination_port: "4000" diff --git a/roles/services/tasks/spacestated.yaml b/roles/services/tasks/spacestated.yaml index ca948f9..7c00bfd 100644 --- a/roles/services/tasks/spacestated.yaml +++ b/roles/services/tasks/spacestated.yaml @@ -1,24 +1,25 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: - php-cli - php-snmp - make - name: Install mqtt-simple - command: cpan Net::MQTT::Simple + ansible.builtin.command: + cmd: cpan Net::MQTT::Simple - name: Add user - user: + ansible.builtin.user: name: spacestated home: /var/lib/spacestated generate_ssh_key: yes ssh_key_type: ed25519 - name: Clone source - git: + ansible.builtin.git: repo: https://github.com/bitlair/spacestated.git version: main dest: /var/lib/spacestated/spacestated @@ -26,7 +27,7 @@ notify: restart spacestated - name: Install service file - template: + ansible.builtin.template: src: spacestated.service dest: /etc/systemd/system/spacestated.service owner: root @@ -35,7 +36,7 @@ notify: restart spacestated - name: Start spacestated - systemd: + ansible.builtin.systemd: name: spacestated state: started enabled: yes diff --git a/roles/services/tasks/wifi_mqtt.yaml b/roles/services/tasks/wifi_mqtt.yaml index f1f7b26..4c76f05 100644 --- a/roles/services/tasks/wifi_mqtt.yaml +++ b/roles/services/tasks/wifi_mqtt.yaml @@ -1,6 +1,6 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: - php-cli - php-snmp diff --git a/roles/www/handlers/main.yaml b/roles/www/handlers/main.yaml index 7e58ba4..d5296b9 100644 --- a/roles/www/handlers/main.yaml +++ b/roles/www/handlers/main.yaml @@ -1,13 +1,14 @@ --- -- import_tasks: ../../common/handlers/main.yaml +- ansible.builtin.import_tasks: + file: ../../common/handlers/main.yaml - name: restart spaceapi - systemd: + ansible.builtin.systemd: name: spaceapi state: restarted daemon_reload: true - name: restart mqtt2web - systemd: + ansible.builtin.systemd: name: mqtt2web state: restarted diff --git a/roles/www/tasks/calendar.yaml b/roles/www/tasks/calendar.yaml index ea1a1f2..f6513a8 100644 --- a/roles/www/tasks/calendar.yaml +++ b/roles/www/tasks/calendar.yaml @@ -1,22 +1,22 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: [ python3-requests, python3-icalendar ] - name: Clone source - git: + ansible.builtin.git: repo: https://github.com/bitlair/calendar-parser.git version: main dest: /usr/local/src/bitlair-calendar accept_hostkey: yes - name: Create user - user: + ansible.builtin.user: name: bitlair-calendar home: /var/lib/bitlair-calendar - name: Install cronjob - template: + ansible.builtin.template: src: calendar.cron dest: /etc/cron.d/bitlair-calendar owner: root diff --git a/roles/www/tasks/main.yaml b/roles/www/tasks/main.yaml index f15f9e5..114218a 100644 --- a/roles/www/tasks/main.yaml +++ b/roles/www/tasks/main.yaml @@ -1,12 +1,16 @@ --- - tags: www_calendar - import_tasks: calendar.yaml + ansible.builtin.import_tasks: + file: calendar.yaml - tags: www_mediawiki - import_tasks: mediawiki.yaml + ansible.builtin.import_tasks: + file: mediawiki.yaml - tags: www_mqtt - import_tasks: mqtt.yaml + ansible.builtin.import_tasks: + file: mqtt.yaml - tags: www_spaceapi - import_tasks: spaceapi.yaml + ansible.builtin.import_tasks: + file: spaceapi.yaml diff --git a/roles/www/tasks/mediawiki.yaml b/roles/www/tasks/mediawiki.yaml index b6b542f..52dfccf 100644 --- a/roles/www/tasks/mediawiki.yaml +++ b/roles/www/tasks/mediawiki.yaml @@ -1,13 +1,14 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: php-fpm state: present -- import_tasks: ../../../snippets/common-nginx.yaml +- ansible.builtin.import_tasks: + file: ../../../snippets/common-nginx.yaml - name: Install security.txt - template: + ansible.builtin.template: src: security.txt dest: /opt/security.txt owner: root @@ -15,7 +16,7 @@ mode: 0644 - name: Allow HTTP/HTTPS - iptables: + ansible.builtin.iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" diff --git a/roles/www/tasks/mqtt.yaml b/roles/www/tasks/mqtt.yaml index 3f8b4ab..88fa7f9 100644 --- a/roles/www/tasks/mqtt.yaml +++ b/roles/www/tasks/mqtt.yaml @@ -1,13 +1,13 @@ --- - name: Install dependencies - apt: + ansible.builtin.apt: name: - libjson-xs-perl - liblinux-epoll-perl - mosquitto - name: Allow MQTT - iptables: + ansible.builtin.iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" @@ -21,10 +21,11 @@ notify: persist iptables - name: Install mqtt-simple - command: cpan Net::MQTT::Simple + ansible.builtin.command: + cmd: cpan Net::MQTT::Simple - name: Clone mqtt2web source - git: + ansible.builtin.git: repo: https://github.com/bitlair/mqtt2web.git version: master dest: /opt/mqtt2web @@ -32,7 +33,7 @@ notify: restart mqtt2web - name: Install mqtt2web service file - template: + ansible.builtin.template: src: mqtt2web.service dest: /etc/systemd/system/mqtt2web.service owner: root @@ -42,10 +43,10 @@ - daemon reload - restart mqtt2web -- meta: flush_handlers +- ansible.builtin.meta: flush_handlers - name: Enable mqtt2web - systemd: + ansible.builtin.systemd: name: mqtt2web state: started enabled: true diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml index c08ff73..a819839 100644 --- a/roles/www/tasks/spaceapi.yaml +++ b/roles/www/tasks/spaceapi.yaml @@ -1,6 +1,6 @@ --- - name: Clone spaceapi source - git: + ansible.builtin.git: repo: https://github.com/bitlair/spaceapi.git version: main dest: /opt/spaceapi @@ -8,7 +8,7 @@ notify: restart spaceapi - name: Install spaceapi service file - template: + ansible.builtin.template: src: spaceapi.service dest: /etc/systemd/system/spaceapi.service owner: root @@ -17,7 +17,7 @@ notify: restart spaceapi - name: Enable spaceapi - systemd: + ansible.builtin.systemd: name: spaceapi state: started enabled: true From ca3a42d2c6996d7f02e8ff3c87d214d5546961e0 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 21:05:18 +0200 Subject: [PATCH 02/14] hosts in ini format --- hosts.yaml | 63 +++++++++++++++++------------------------------------- 1 file changed, 20 insertions(+), 43 deletions(-) diff --git a/hosts.yaml b/hosts.yaml index b812d09..692594a 100644 --- a/hosts.yaml +++ b/hosts.yaml @@ -1,43 +1,20 @@ -all: - children: - raspi: - hosts: - bank-pi.bitlair.nl: - kvm: - hosts: - kvm4.bitlair.nl: - debian: - children: - bank: - hosts: - bank.bitlair.nl: - fotos: - hosts: - blockchain.bitlair.nl: - git: - hosts: - git.bitlair.nl: - git-ci: - hosts: - git-ci.bitlair.nl: - pad: - hosts: - pad.bitlair.nl: - lights: - hosts: - lights.bitlair.nl: - mqtt_internal: - hosts: - mqtt.bitlair.nl: - monitoring: - hosts: - dashboard.bitlair.nl: - music: - hosts: - music.bitlair.nl: - services: - hosts: - service.bitlair.nl: - wiki: - hosts: - wiki.bitlair.nl: +# Inventory + +[raspi] +bank-pi.bitlair.nl + +[kvm] +kvm4.bitlair.nl + +[debian] +bank.bitlair.nl +blockchain.bitlair.nl +git.bitlair.nl +git-ci.bitlair.nl +pad.bitlair.nl +lights.bitlair.nl +mqtt.bitlair.nl +dashboard.bitlair.nl +music.bitlair.nl +service.bitlair.nl +wiki.bitlair.nl From b210abc77e76b5773e73c411fb50cbd8f86a0858 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 21:12:19 +0200 Subject: [PATCH 03/14] More rework --- bank.yaml | 1 + bar.yaml | 1 + common.yaml | 1 + fotos.yaml | 1 + git-ci.yaml | 1 + git.yaml | 1 + hosts.yaml => inventory | 0 monitoring.yaml | 1 + mqtt-internal.yaml | 1 + music.yaml | 1 + pad.yaml | 1 + roles/common-bitlair/tasks/main.yaml | 2 +- roles/common/tasks/main.yaml | 8 ++++++-- services.yaml | 1 + www.yaml | 1 + 15 files changed, 19 insertions(+), 3 deletions(-) rename hosts.yaml => inventory (100%) diff --git a/bank.yaml b/bank.yaml index e3f5930..dd84606 100644 --- a/bank.yaml +++ b/bank.yaml @@ -1,4 +1,5 @@ --- + - hosts: bank roles: - common diff --git a/bar.yaml b/bar.yaml index 4ef9f78..32e4465 100644 --- a/bar.yaml +++ b/bar.yaml @@ -1,4 +1,5 @@ --- + - hosts: bank-pi.bitlair.nl vars: raspi_rotate_display: "2" diff --git a/common.yaml b/common.yaml index 755110a..fc949b9 100644 --- a/common.yaml +++ b/common.yaml @@ -1,4 +1,5 @@ --- + - hosts: debian roles: - common diff --git a/fotos.yaml b/fotos.yaml index d61fd5f..99f871c 100644 --- a/fotos.yaml +++ b/fotos.yaml @@ -1,4 +1,5 @@ --- + - hosts: fotos roles: - common diff --git a/git-ci.yaml b/git-ci.yaml index e2e557d..07982f4 100644 --- a/git-ci.yaml +++ b/git-ci.yaml @@ -1,4 +1,5 @@ --- + - hosts: git-ci roles: - common diff --git a/git.yaml b/git.yaml index 050090d..2a5ae7e 100644 --- a/git.yaml +++ b/git.yaml @@ -1,4 +1,5 @@ --- + - hosts: git roles: - common diff --git a/hosts.yaml b/inventory similarity index 100% rename from hosts.yaml rename to inventory diff --git a/monitoring.yaml b/monitoring.yaml index c439507..e8c3e78 100644 --- a/monitoring.yaml +++ b/monitoring.yaml @@ -1,4 +1,5 @@ --- + - hosts: monitoring roles: - common diff --git a/mqtt-internal.yaml b/mqtt-internal.yaml index 93a00a5..84297ef 100644 --- a/mqtt-internal.yaml +++ b/mqtt-internal.yaml @@ -1,4 +1,5 @@ --- + - hosts: mqtt_internal roles: - common diff --git a/music.yaml b/music.yaml index 2f77110..1c2431d 100644 --- a/music.yaml +++ b/music.yaml @@ -1,4 +1,5 @@ --- + - hosts: music roles: - common diff --git a/pad.yaml b/pad.yaml index 2325204..d9f6f3e 100644 --- a/pad.yaml +++ b/pad.yaml @@ -1,4 +1,5 @@ --- + - hosts: pad vars: acme_san_domains: diff --git a/roles/common-bitlair/tasks/main.yaml b/roles/common-bitlair/tasks/main.yaml index c28063b..78845a3 100644 --- a/roles/common-bitlair/tasks/main.yaml +++ b/roles/common-bitlair/tasks/main.yaml @@ -1,8 +1,8 @@ --- - name: Update authorized_keys - tags: authorized_keys ansible.builtin.template: src: authorized_keys.j2 dest: /root/.ssh/authorized_keys mode: 0600 when: root_access is defined and root_access + tags: authorized_keys diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 0f19df2..2fcb2b4 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -1,13 +1,17 @@ --- -- tags: [ debian-upgrade, never ] + +- name: Import debian-upgrade.yaml if not bookworm ansible.builtin.import_tasks: file: debian-upgrade.yaml when: ansible_facts['distribution_release'] != "bookworm" + tags: [ debian-upgrade, never ] -- tags: debian_backports +- name: Import debian-backports.yaml ansible.builtin.import_tasks: file: debian-backports.yaml + tags: debian_backports + - tags: unattended_updates ansible.builtin.import_tasks: file: unattended-updates.yaml diff --git a/services.yaml b/services.yaml index 5bbd959..af77daf 100644 --- a/services.yaml +++ b/services.yaml @@ -1,4 +1,5 @@ --- + - hosts: services roles: - common diff --git a/www.yaml b/www.yaml index 4ee6399..f912d15 100644 --- a/www.yaml +++ b/www.yaml @@ -1,4 +1,5 @@ --- + - hosts: wiki roles: - common From 7d59c108d61029753a787aa18a71418971973ee3 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 21:42:39 +0200 Subject: [PATCH 04/14] merge common-bitlair into common --- bank.yaml | 1 - bar.yaml | 2 +- common.yaml | 1 - fotos.yaml | 1 - git-ci.yaml | 1 - git.yaml | 1 - group_vars/all.yaml | 6 ++++ inventory | 36 ++++++++++++++++++- monitoring.yaml | 1 - mqtt-internal.yaml | 1 - music.yaml | 1 - pad.yaml | 1 - roles/common/tasks/apt-minimal.yaml | 1 + .../tasks/common-bitlair.yaml} | 0 roles/common/tasks/debian-backports.yaml | 11 ------ roles/common/tasks/debian-upgrade.yaml | 1 + roles/common/tasks/main.yaml | 22 ++++++++---- roles/common/tasks/node-exporter.yaml | 1 + roles/common/templates/apt.conf.j2 | 8 +++++ .../templates/authorized_keys.j2 | 0 roles/common/templates/backports-source.list | 4 --- roles/common/templates/sources.list.j2 | 24 +++++++++++++ roles/common/templates/stable-sources.list | 8 ----- services.yaml | 1 - www.yaml | 1 - 25 files changed, 93 insertions(+), 42 deletions(-) rename roles/{common-bitlair/tasks/main.yaml => common/tasks/common-bitlair.yaml} (100%) delete mode 100644 roles/common/tasks/debian-backports.yaml create mode 100644 roles/common/templates/apt.conf.j2 rename roles/{common-bitlair => common}/templates/authorized_keys.j2 (100%) delete mode 100644 roles/common/templates/backports-source.list create mode 100644 roles/common/templates/sources.list.j2 delete mode 100644 roles/common/templates/stable-sources.list diff --git a/bank.yaml b/bank.yaml index dd84606..43c92b7 100644 --- a/bank.yaml +++ b/bank.yaml @@ -3,7 +3,6 @@ - hosts: bank roles: - common - - common-bitlair - bank vars: bank_revbank_git: https://github.com/bitlair/revbank.git diff --git a/bar.yaml b/bar.yaml index 32e4465..5752cc3 100644 --- a/bar.yaml +++ b/bar.yaml @@ -5,5 +5,5 @@ raspi_rotate_display: "2" roles: - raspi - - common-bitlair + - common - bank-terminal diff --git a/common.yaml b/common.yaml index fc949b9..3fe0c41 100644 --- a/common.yaml +++ b/common.yaml @@ -3,4 +3,3 @@ - hosts: debian roles: - common - - common-bitlair diff --git a/fotos.yaml b/fotos.yaml index 99f871c..f0edd7b 100644 --- a/fotos.yaml +++ b/fotos.yaml @@ -3,5 +3,4 @@ - hosts: fotos roles: - common - - common-bitlair - photos diff --git a/git-ci.yaml b/git-ci.yaml index 07982f4..fa9f7b7 100644 --- a/git-ci.yaml +++ b/git-ci.yaml @@ -3,5 +3,4 @@ - hosts: git-ci roles: - common - - common-bitlair - git-ci diff --git a/git.yaml b/git.yaml index 2a5ae7e..2161a4c 100644 --- a/git.yaml +++ b/git.yaml @@ -3,6 +3,5 @@ - hosts: git roles: - common - - common-bitlair - acme - git-server diff --git a/group_vars/all.yaml b/group_vars/all.yaml index c7e8965..9d1acdc 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -1,3 +1,5 @@ +--- + is_vm: true ansible_user: root @@ -31,3 +33,7 @@ root_access: mqtt_internal_host: mqtt.bitlair.nl mqtt_public_host: bitlair.nl + +debian_repourl: "http://deb.debian.org/debian/" +debian_securityurl: "http://security.debian.org/debian-security" + diff --git a/inventory b/inventory index 692594a..7e430e1 100644 --- a/inventory +++ b/inventory @@ -6,15 +6,49 @@ bank-pi.bitlair.nl [kvm] kvm4.bitlair.nl -[debian] +[bank] bank.bitlair.nl + +[fotos] blockchain.bitlair.nl + +[git] git.bitlair.nl + +[git-ci] git-ci.bitlair.nl + +[pad] pad.bitlair.nl + +[lights] lights.bitlair.nl + +[mqtt] mqtt.bitlair.nl + +[monitoring] dashboard.bitlair.nl + +[music] music.bitlair.nl + +[services] service.bitlair.nl + +[wiki] wiki.bitlair.nl + +[debian:children] +bank +fotos +git +git-ci +pad +lights +mqtt +monitoring +music +services +wiki + diff --git a/monitoring.yaml b/monitoring.yaml index e8c3e78..9ad8623 100644 --- a/monitoring.yaml +++ b/monitoring.yaml @@ -3,6 +3,5 @@ - hosts: monitoring roles: - common - - common-bitlair - acme - monitoring diff --git a/mqtt-internal.yaml b/mqtt-internal.yaml index 84297ef..1e941f8 100644 --- a/mqtt-internal.yaml +++ b/mqtt-internal.yaml @@ -3,5 +3,4 @@ - hosts: mqtt_internal roles: - common - - common-bitlair - mqtt-internal diff --git a/music.yaml b/music.yaml index 1c2431d..d12226c 100644 --- a/music.yaml +++ b/music.yaml @@ -3,7 +3,6 @@ - hosts: music roles: - common - - common-bitlair - acme - go - music diff --git a/pad.yaml b/pad.yaml index d9f6f3e..90d227e 100644 --- a/pad.yaml +++ b/pad.yaml @@ -6,6 +6,5 @@ - [ pad.bitlair.nl ] roles: - common - - common-bitlair - acme - etherpad diff --git a/roles/common/tasks/apt-minimal.yaml b/roles/common/tasks/apt-minimal.yaml index c8e01d8..5fbbaa0 100644 --- a/roles/common/tasks/apt-minimal.yaml +++ b/roles/common/tasks/apt-minimal.yaml @@ -1,4 +1,5 @@ --- + - name: Configure auto-upgrades ansible.builtin.template: src: apt-minimal diff --git a/roles/common-bitlair/tasks/main.yaml b/roles/common/tasks/common-bitlair.yaml similarity index 100% rename from roles/common-bitlair/tasks/main.yaml rename to roles/common/tasks/common-bitlair.yaml diff --git a/roles/common/tasks/debian-backports.yaml b/roles/common/tasks/debian-backports.yaml deleted file mode 100644 index 87f178d..0000000 --- a/roles/common/tasks/debian-backports.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Install backports source list - ansible.builtin.template: - src: backports-source.list - dest: /etc/apt/sources.list.d/backports.list - owner: root - group: root - mode: 0644 - notify: apt update - -- ansible.builtin.meta: flush_handlers diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml index abc0ae9..3ff5041 100644 --- a/roles/common/tasks/debian-upgrade.yaml +++ b/roles/common/tasks/debian-upgrade.yaml @@ -1,4 +1,5 @@ --- + - name: Install source list ansible.builtin.template: src: stable-sources.list diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 2fcb2b4..6f07f31 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -6,15 +6,25 @@ when: ansible_facts['distribution_release'] != "bookworm" tags: [ debian-upgrade, never ] -- name: Import debian-backports.yaml - ansible.builtin.import_tasks: - file: debian-backports.yaml +- name: Apt config and sources.list + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode | default('0644') }}" + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + with_items: + - { src: "apt.conf.j2", dest: "/etc/apt/apt.conf" } + - { src: "sources.list.j2", dest: "/etc/apt/sources.list" } + when: + - ansible_os_family == "Debian" + tags: + - sourceslist - tags: debian_backports - -- tags: unattended_updates +- name: Import unattended-updates ansible.builtin.import_tasks: file: unattended-updates.yaml + tags: unattended_updates - tags: apt-minimal ansible.builtin.import_tasks: diff --git a/roles/common/tasks/node-exporter.yaml b/roles/common/tasks/node-exporter.yaml index c496429..675e33c 100644 --- a/roles/common/tasks/node-exporter.yaml +++ b/roles/common/tasks/node-exporter.yaml @@ -1,4 +1,5 @@ --- + - name: Install node-exporter ansible.builtin.apt: name: prometheus-node-exporter diff --git a/roles/common/templates/apt.conf.j2 b/roles/common/templates/apt.conf.j2 new file mode 100644 index 0000000..714bac0 --- /dev/null +++ b/roles/common/templates/apt.conf.j2 @@ -0,0 +1,8 @@ +# {{ ansible_managed }} + +{% if proxy_host is defined and proxy_host != "" %} +Acquire::http::Proxy "http://{{ proxy_host }}:{{ proxy_port }}/"; +{% endif %} + +# Don't download translation-files +Acquire::Languages "none"; diff --git a/roles/common-bitlair/templates/authorized_keys.j2 b/roles/common/templates/authorized_keys.j2 similarity index 100% rename from roles/common-bitlair/templates/authorized_keys.j2 rename to roles/common/templates/authorized_keys.j2 diff --git a/roles/common/templates/backports-source.list b/roles/common/templates/backports-source.list deleted file mode 100644 index dd30928..0000000 --- a/roles/common/templates/backports-source.list +++ /dev/null @@ -1,4 +0,0 @@ -# Managed by Ansible - -deb http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main -deb-src http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main diff --git a/roles/common/templates/sources.list.j2 b/roles/common/templates/sources.list.j2 new file mode 100644 index 0000000..9aac632 --- /dev/null +++ b/roles/common/templates/sources.list.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} + +{% if debian_source_repos|default(false) %} +{% set SRC = "" %} +{% else %} +{% set SRC = "# " %} +{% endif %} +{% set components = "main contrib non-free-firmware" %} + +deb {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }} +{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }} +# +# Updates +deb {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }} +{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }} +# +# Backports +deb {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }} +{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }} +# +# Security patches +deb {{ debian_securityurl }} {{ ansible_distribution_release }}-security {{ components }} +{{ SRC }}deb-src {{ debian_securityurl }} {{ ansible_distribution_release }}-security main contrib non- free + diff --git a/roles/common/templates/stable-sources.list b/roles/common/templates/stable-sources.list deleted file mode 100644 index 95c2f9a..0000000 --- a/roles/common/templates/stable-sources.list +++ /dev/null @@ -1,8 +0,0 @@ -deb http://deb.debian.org/debian bookworm main non-free-firmware -deb-src http://deb.debian.org/debian bookworm main non-free-firmware - -deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware -deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware - -deb http://deb.debian.org/debian bookworm-updates main non-free-firmware -deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware diff --git a/services.yaml b/services.yaml index af77daf..2a1bd65 100644 --- a/services.yaml +++ b/services.yaml @@ -3,5 +3,4 @@ - hosts: services roles: - common - - common-bitlair - services diff --git a/www.yaml b/www.yaml index f912d15..6a66f2d 100644 --- a/www.yaml +++ b/www.yaml @@ -3,6 +3,5 @@ - hosts: wiki roles: - common - - common-bitlair - acme - www From 4fe85270a665665cdb7f0be8af1a1d10bf633afb Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 21:43:46 +0200 Subject: [PATCH 05/14] move common-bitlair tasks into main --- roles/common/tasks/common-bitlair.yaml | 8 -------- roles/common/tasks/main.yaml | 8 ++++++++ 2 files changed, 8 insertions(+), 8 deletions(-) delete mode 100644 roles/common/tasks/common-bitlair.yaml diff --git a/roles/common/tasks/common-bitlair.yaml b/roles/common/tasks/common-bitlair.yaml deleted file mode 100644 index 78845a3..0000000 --- a/roles/common/tasks/common-bitlair.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Update authorized_keys - ansible.builtin.template: - src: authorized_keys.j2 - dest: /root/.ssh/authorized_keys - mode: 0600 - when: root_access is defined and root_access - tags: authorized_keys diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 6f07f31..b66b565 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -30,6 +30,14 @@ ansible.builtin.import_tasks: file: apt-minimal.yaml +- name: Update authorized_keys + ansible.builtin.template: + src: authorized_keys.j2 + dest: /root/.ssh/authorized_keys + mode: 0600 + when: root_access is defined and root_access + tags: authorized_keys + - tags: network ansible.builtin.import_tasks: file: network.yaml From ddda8e13b0fa08609f2d4e55790c3e83df49e082 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 21:45:45 +0200 Subject: [PATCH 06/14] Single task for node-exporter --- roles/common/tasks/node-exporter.yaml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/roles/common/tasks/node-exporter.yaml b/roles/common/tasks/node-exporter.yaml index 675e33c..4bd84ea 100644 --- a/roles/common/tasks/node-exporter.yaml +++ b/roles/common/tasks/node-exporter.yaml @@ -1,14 +1,7 @@ --- -- name: Install node-exporter +- name: Install or remove prometheus node-exporter ansible.builtin.apt: name: prometheus-node-exporter - state: present - when: node_exporter - -- name: Remove node-exporter - ansible.builtin.apt: - name: prometheus-node-exporter - state: absent + state: "{% if node_exporter|bool %}present{% else %}absent{% endif %} autoremove: yes - when: not node_exporter From 7d268140db55874872b9fdc4fe86e2f548c37a43 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 22:01:56 +0200 Subject: [PATCH 07/14] Integrate apt-minimal into apt.conf template --- roles/common/tasks/apt-minimal.yaml | 9 --------- roles/common/templates/apt-minimal | 4 ---- roles/common/templates/apt.conf.j2 | 3 +++ 3 files changed, 3 insertions(+), 13 deletions(-) delete mode 100644 roles/common/tasks/apt-minimal.yaml delete mode 100644 roles/common/templates/apt-minimal diff --git a/roles/common/tasks/apt-minimal.yaml b/roles/common/tasks/apt-minimal.yaml deleted file mode 100644 index 5fbbaa0..0000000 --- a/roles/common/tasks/apt-minimal.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: Configure auto-upgrades - ansible.builtin.template: - src: apt-minimal - dest: /etc/apt/apt.conf.d/20minimal - owner: root - group: root - mode: 0644 diff --git a/roles/common/templates/apt-minimal b/roles/common/templates/apt-minimal deleted file mode 100644 index 452a6e6..0000000 --- a/roles/common/templates/apt-minimal +++ /dev/null @@ -1,4 +0,0 @@ -# Managed by Ansible - -APT::Install-Recommends "0"; -APT::Install-Suggests "0"; diff --git a/roles/common/templates/apt.conf.j2 b/roles/common/templates/apt.conf.j2 index 714bac0..7581cc8 100644 --- a/roles/common/templates/apt.conf.j2 +++ b/roles/common/templates/apt.conf.j2 @@ -6,3 +6,6 @@ Acquire::http::Proxy "http://{{ proxy_host }}:{{ proxy_port }}/"; # Don't download translation-files Acquire::Languages "none"; + +APT::Install-Recommends "0"; +APT::Install-Suggests "0"; From 905affc83b9ba6d84f575b6c1b09c2b72fc0800c Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 22:02:32 +0200 Subject: [PATCH 08/14] Nodeexporter single task version --- roles/common/tasks/node-exporter.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/common/tasks/node-exporter.yaml b/roles/common/tasks/node-exporter.yaml index 4bd84ea..448bae1 100644 --- a/roles/common/tasks/node-exporter.yaml +++ b/roles/common/tasks/node-exporter.yaml @@ -3,5 +3,5 @@ - name: Install or remove prometheus node-exporter ansible.builtin.apt: name: prometheus-node-exporter - state: "{% if node_exporter|bool %}present{% else %}absent{% endif %} + state: "{% if node_exporter %}present{% else %}absent{% endif %}" autoremove: yes From cd85772a940c15505e412868a91f512b11b19ab1 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 22:03:11 +0200 Subject: [PATCH 09/14] Also install vim, install ack, etckeeper --- roles/common/defaults/main.yaml | 5 ++++- roles/common/tasks/main.yaml | 19 +++++++------------ 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/roles/common/defaults/main.yaml b/roles/common/defaults/main.yaml index 000579f..dfa8a76 100644 --- a/roles/common/defaults/main.yaml +++ b/roles/common/defaults/main.yaml @@ -14,4 +14,7 @@ network_br: off network_dhcp: off network_static: off -node_exporter: yes +node_exporter: true + +debian_packages_unwanted: + - netcat-traditional diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index b66b565..d1397d4 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -26,10 +26,6 @@ file: unattended-updates.yaml tags: unattended_updates -- tags: apt-minimal - ansible.builtin.import_tasks: - file: apt-minimal.yaml - - name: Update authorized_keys ansible.builtin.template: src: authorized_keys.j2 @@ -51,17 +47,19 @@ file: node-exporter.yaml when: is_vm -- name: Remove Vim +- name: Remove debian-packages we don't want ansible.builtin.apt: - name: vim state: absent autoremove: true + pkg: {{ debian_packages_unwanted|default([]) }} -- name: Install utilities +- name: Install standard packages ansible.builtin.apt: - name: + pkg: - curl - fzf + - ack + - etckeeper - git - htop - iptables @@ -73,10 +71,7 @@ - rsync - tree - neovim - -- name: Remove netcat-traditional - ansible.builtin.apt: - name: netcat-traditional + - vim - name: Configure FZF for Bash ansible.builtin.lineinfile: From 0507d01bc66c06209f7d72b6db376ff32466a402 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 22:07:10 +0200 Subject: [PATCH 10/14] Integrate unattended upgrades + auto-upgrades into apt-templates / main tasks --- roles/common/tasks/main.yaml | 9 ++++---- roles/common/tasks/unattended-updates.yaml | 23 ------------------- .../{auto-upgrades => apt-auto-upgrades.j2} | 0 ...ed-upgrades => apt-unattended-upgrades.j2} | 0 4 files changed, 4 insertions(+), 28 deletions(-) delete mode 100644 roles/common/tasks/unattended-updates.yaml rename roles/common/templates/{auto-upgrades => apt-auto-upgrades.j2} (100%) rename roles/common/templates/{unattended-upgrades => apt-unattended-upgrades.j2} (100%) diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index d1397d4..92defe1 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -16,16 +16,13 @@ with_items: - { src: "apt.conf.j2", dest: "/etc/apt/apt.conf" } - { src: "sources.list.j2", dest: "/etc/apt/sources.list" } + - { src: "apt-auto-upgrades.j2", dest: "/etc/apt/apt.conf.d/20auto-upgrades" } + - { src: "apt-unattended-upgrades.j2", dest: "/etc/apt/apt.conf.d/50unattended-upgrades" } when: - ansible_os_family == "Debian" tags: - sourceslist -- name: Import unattended-updates - ansible.builtin.import_tasks: - file: unattended-updates.yaml - tags: unattended_updates - - name: Update authorized_keys ansible.builtin.template: src: authorized_keys.j2 @@ -72,6 +69,8 @@ - tree - neovim - vim + - unattended-upgrades + - apt-listchanges - name: Configure FZF for Bash ansible.builtin.lineinfile: diff --git a/roles/common/tasks/unattended-updates.yaml b/roles/common/tasks/unattended-updates.yaml deleted file mode 100644 index 43a7f96..0000000 --- a/roles/common/tasks/unattended-updates.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install unattended-upgrades - ansible.builtin.apt: - name: - - unattended-upgrades - - apt-listchanges - state: present - -- name: Configure auto-upgrades - ansible.builtin.template: - src: auto-upgrades - dest: /etc/apt/apt.conf.d/20auto-upgrades - owner: root - group: root - mode: 0644 - -- name: Configure unattended-upgrades - ansible.builtin.template: - src: unattended-upgrades - dest: /etc/apt/apt.conf.d/50unattended-upgrades - owner: root - group: root - mode: 0644 diff --git a/roles/common/templates/auto-upgrades b/roles/common/templates/apt-auto-upgrades.j2 similarity index 100% rename from roles/common/templates/auto-upgrades rename to roles/common/templates/apt-auto-upgrades.j2 diff --git a/roles/common/templates/unattended-upgrades b/roles/common/templates/apt-unattended-upgrades.j2 similarity index 100% rename from roles/common/templates/unattended-upgrades rename to roles/common/templates/apt-unattended-upgrades.j2 From 705d2fcd23e7bbe709c5028886132d562cbd1c82 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 22:16:15 +0200 Subject: [PATCH 11/14] Remove is_vm, include vm.yaml --- common.yaml | 1 + group_vars/all.yaml | 2 -- group_vars/music.yaml | 2 -- roles/common/defaults/main.yaml | 1 - roles/common/tasks/main.yaml | 14 ++++++++------ roles/common/tasks/vm.yaml | 7 +++++-- 6 files changed, 14 insertions(+), 13 deletions(-) diff --git a/common.yaml b/common.yaml index 3fe0c41..3e0cb27 100644 --- a/common.yaml +++ b/common.yaml @@ -1,5 +1,6 @@ --- - hosts: debian + gather_facts: true roles: - common diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 9d1acdc..bdafa45 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -1,7 +1,5 @@ --- -is_vm: true - ansible_user: root ansible_python_interpreter: auto_silent notify_email: bestuur@bitlair.nl diff --git a/group_vars/music.yaml b/group_vars/music.yaml index ae98bff..ee9235b 100644 --- a/group_vars/music.yaml +++ b/group_vars/music.yaml @@ -5,8 +5,6 @@ root_access: - foobar - polyfloyd -is_vm: false - music_domain: music.bitlair.nl acme_san_domains: - [ music.bitlair.nl ] diff --git a/roles/common/defaults/main.yaml b/roles/common/defaults/main.yaml index dfa8a76..5512d86 100644 --- a/roles/common/defaults/main.yaml +++ b/roles/common/defaults/main.yaml @@ -1,5 +1,4 @@ ssh_port: "22" -is_vm: false unattended_upgrades_auto_reboot_time: "04:00" unattended_upgrades_extra_origin_patterns: [] trusted_ranges: diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 92defe1..99c99ed 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -31,24 +31,26 @@ when: root_access is defined and root_access tags: authorized_keys -- tags: network +- name: Import network tasks ansible.builtin.import_tasks: file: network.yaml + tags: network -- tags: node-exporter +- name: Import node-exporter ansible.builtin.import_tasks: file: node-exporter.yaml + tags: node-exporter -- tags: vm +- name: Import vm tasks ansible.builtin.import_tasks: - file: node-exporter.yaml - when: is_vm + file: vm.yaml + tags: vm - name: Remove debian-packages we don't want ansible.builtin.apt: state: absent autoremove: true - pkg: {{ debian_packages_unwanted|default([]) }} + pkg: "{{ debian_packages_unwanted|default([]) }}" - name: Install standard packages ansible.builtin.apt: diff --git a/roles/common/tasks/vm.yaml b/roles/common/tasks/vm.yaml index 1834bd9..505c03f 100644 --- a/roles/common/tasks/vm.yaml +++ b/roles/common/tasks/vm.yaml @@ -2,6 +2,9 @@ - name: Install guest agent ansible.builtin.apt: name: qemu-guest-agent + when: ansible_virtualization_role|default(false) == 'guest' + tags: + - questagent - name: Serial Console ansible.builtin.lineinfile: @@ -11,5 +14,5 @@ notify: - update grub - reboot - -- ansible.builtin.meta: flush_handlers + tags: + - questagent From f6fe4ed11adb96ef7a02f685cbca1a327434e621 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 22:18:03 +0200 Subject: [PATCH 12/14] Correct tags --- roles/common/tasks/main.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index 99c99ed..b0b39cf 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -44,7 +44,9 @@ - name: Import vm tasks ansible.builtin.import_tasks: file: vm.yaml - tags: vm + tags: + - vm + - guestagent - name: Remove debian-packages we don't want ansible.builtin.apt: From bb9198a959d5663f4e4e47177495fc2bf41a6200 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 22:28:53 +0200 Subject: [PATCH 13/14] Make site.yaml / bitlair.yaml with everything --- bitlair.yaml | 7 +++++++ site.yaml | 1 + 2 files changed, 8 insertions(+) create mode 100644 bitlair.yaml create mode 120000 site.yaml diff --git a/bitlair.yaml b/bitlair.yaml new file mode 100644 index 0000000..effaca9 --- /dev/null +++ b/bitlair.yaml @@ -0,0 +1,7 @@ + +--- + +- hosts: all + gather_facts: true + roles: + - common diff --git a/site.yaml b/site.yaml new file mode 120000 index 0000000..43fe4bb --- /dev/null +++ b/site.yaml @@ -0,0 +1 @@ +bitlair.yaml \ No newline at end of file From 7e493a7ac3b532a7c7f429dc59372678573a0f03 Mon Sep 17 00:00:00 2001 From: Mark Janssen -- Sig-I/O Automatisering Date: Thu, 11 Jul 2024 22:30:28 +0200 Subject: [PATCH 14/14] Fix syntax --- bitlair.yaml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/bitlair.yaml b/bitlair.yaml index effaca9..ec019e7 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -4,4 +4,55 @@ - hosts: all gather_facts: true roles: - - common + - { role: "common", tags: [ "common" ] } + +- hosts: bank + roles: + - { role: "bank", tags: [ "bank" ] } + +- hosts: raspi + roles: + - { role: "raspi", tags: [ "raspi" ] } + - { role: "bank-terminal", tags: [ "bank-terminal" ] } + +- hosts: fotos + roles: + - { role: "photos", tags: [ "photos" ] } + +- hosts: git-ci + roles: + - { role: "git-ci", tags: [ "git-ci" ] } + +- hosts: git + roles: + - { role: "acme", tags: [ "acme" ] } + - { role: "git-server", tags: [ "git-server" ] } + +- hosts: monitoring + roles: + - { role: "acme", tags: [ "acme" ] } + - { role: "monitoring", tags: [ "monitoring" ] } + +- hosts: mqtt + roles: + - { role: "mqtt-internal", tags: [ "mqtt-internal" ] } + +- hosts: music + roles: + - { role: "acme", tags: [ "acme" ] } + - { role: "go", tags: [ "go" ] } + - { role: "music", tags: [ "music" ] } + +- hosts: pad + roles: + - { role: "acme", tags: [ "acme" ] } + - { role: "etherpad", tags: [ "etherpad" ] } + +- hosts: services + roles: + - { role: "services", tags: [ "services" ] } + +- hosts: wiki + roles: + - { role: "acme", tags: [ "acme" ] } + - { role: "www", tags: [ "www" ] }