From abc64144a8b94ad8efa95b139140aefb8458e18e Mon Sep 17 00:00:00 2001 From: Mark Janssen Date: Wed, 31 Jul 2024 20:33:54 +0200 Subject: [PATCH 1/2] Linter + Dashboard fixes --- bitlair.yaml | 49 ++++++----- group_vars/monitoring.yaml | 4 +- roles/acme/tasks/main.yaml | 2 +- roles/common/handlers/main.yaml | 15 ++-- roles/common/tasks/debian-upgrade.yaml | 3 - roles/common/tasks/main.yaml | 62 +------------- roles/common/tasks/network.yaml | 5 +- roles/common/tasks/vm.yaml | 3 +- roles/common/templates/authorized_keys.j2 | 2 +- roles/common/templates/sources.list.j2 | 6 +- roles/etherpad/tasks/main.yaml | 32 ++----- roles/etherpad/tasks/requirements.yml | 2 + roles/git-ci/tasks/main.yaml | 84 +++++++++---------- roles/git-server/tasks/main.yaml | 35 ++------ roles/go/tasks/main.yaml | 15 ++-- roles/monitoring/tasks/main.yaml | 21 +---- roles/monitoring/templates/grafana.ini | 3 + roles/mqtt/tasks/main.yaml | 2 +- roles/music/handlers/main.yaml | 12 +-- roles/music/tasks/librespot.yaml | 6 +- roles/music/tasks/main.yaml | 36 ++++---- roles/music/tasks/mpd.yaml | 9 +- roles/music/tasks/soundboard.yaml | 6 +- roles/music/tasks/trollibox.yaml | 12 +-- roles/nft/templates/nftables.conf.j2 | 8 +- roles/nginx/defaults/main.yaml | 2 - roles/nginx/templates/site.conf.j2 | 4 +- roles/photos/tasks/bambulab-fetch.yaml | 2 +- roles/photos/tasks/photo-gallery.yaml | 2 +- roles/photos/tasks/photos2mqtt.yaml | 2 +- roles/raspi/tasks/main.yaml | 4 +- roles/services/tasks/discord_bot.yaml | 5 +- roles/services/tasks/ircbot.yaml | 6 +- roles/services/tasks/main.yaml | 47 ++++++++--- roles/services/tasks/mastodon_spacestate.yaml | 8 +- roles/services/tasks/power_mqtt.yaml | 6 +- roles/services/tasks/siahsd.yaml | 22 ++--- roles/services/tasks/spacestated.yaml | 6 +- roles/services/tasks/wifi_mqtt.yaml | 14 ++-- roles/www/handlers/main.yaml | 7 +- roles/www/tasks/main.yaml | 17 +++- roles/www/tasks/mediawiki.yaml | 17 +--- roles/www/tasks/mqtt.yaml | 31 ++----- roles/www/tasks/spaceapi.yaml | 8 +- 44 files changed, 265 insertions(+), 379 deletions(-) diff --git a/bitlair.yaml b/bitlair.yaml index a2923fc..9a7b765 100644 --- a/bitlair.yaml +++ b/bitlair.yaml @@ -1,63 +1,62 @@ - --- - hosts: all gather_facts: true roles: - - { role: "common", tags: [ "common" ] } - - { role: "nft", tags: [ "nft" ] } + - { role: "common", tags: ["common"] } + - { role: "nft", tags: ["nft"] } - hosts: bank roles: - - { role: "bank", tags: [ "bank" ] } + - { role: "bank", tags: ["bank"] } - hosts: raspi roles: - - { role: "raspi", tags: [ "raspi" ] } - - { role: "bank-terminal", tags: [ "bank-terminal" ] } + - { role: "raspi", tags: ["raspi"] } + - { role: "bank-terminal", tags: ["bank-terminal"] } - hosts: fotos roles: - - { role: "photos", tags: [ "photos" ] } + - { role: "photos", tags: ["photos"] } - hosts: git-ci roles: - - { role: "git-ci", tags: [ "git-ci" ] } + - { role: "git-ci", tags: ["git-ci"] } - hosts: git roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "nginx", tags: [ "nginx" ] } - - { role: "git-server", tags: [ "git-server" ] } + - { role: "acme", tags: ["acme"] } + - { role: "nginx", tags: ["nginx"] } + - { role: "git-server", tags: ["git-server"] } - hosts: monitoring roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "nginx", tags: [ "nginx" ] } - - { role: "monitoring", tags: [ "monitoring" ] } + - { role: "acme", tags: ["acme"] } + - { role: "nginx", tags: ["nginx"] } + - { role: "monitoring", tags: ["monitoring"] } - hosts: mqtt roles: - - { role: "mqtt", tags: [ "mqtt" ] } + - { role: "mqtt", tags: ["mqtt"] } - hosts: music roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "go", tags: [ "go" ] } - - { role: "music", tags: [ "music" ] } + - { role: "acme", tags: ["acme"] } + - { role: "go", tags: ["go"] } + - { role: "music", tags: ["music"] } - hosts: pad roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "nginx", tags: [ "nginx" ] } - - { role: "etherpad", tags: [ "etherpad" ] } + - { role: "acme", tags: ["acme"] } + - { role: "nginx", tags: ["nginx"] } + - { role: "etherpad", tags: ["etherpad"] } - hosts: services roles: - - { role: "services", tags: [ "services" ] } + - { role: "services", tags: ["services"] } - hosts: wiki roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "nginx", tags: [ "nginx" ] } - - { role: "www", tags: [ "www" ] } + - { role: "acme", tags: ["acme"] } + - { role: "nginx", tags: ["nginx"] } + - { role: "www", tags: ["www"] } diff --git a/group_vars/monitoring.yaml b/group_vars/monitoring.yaml index 248d854..260e159 100644 --- a/group_vars/monitoring.yaml +++ b/group_vars/monitoring.yaml @@ -1,7 +1,7 @@ monitoring_domain: dashboard.bitlair.nl monitoring_bootstrap_cert: no acme_san_domains: - - ["{{ monitoring_domain }}", monitoring.bitlair.nl] + - ["{{ monitoring_domain }}"] group_nft_input: - "# Allow web-traffic from world" @@ -21,6 +21,7 @@ prometheus_scrape_configs: - "lights.bitlair.nl:9100" - "music.bitlair.nl:9100" - "service.bitlair.nl:9100" + - "user.bitlair.nl:9100" - job_name: "mqtt" static_configs: - targets: [ "localhost:9883" ] @@ -34,6 +35,7 @@ prometheus_scrape_configs: - https://bitlair.nl - https://git.bitlair.nl - https://pad.bitlair.nl + - https://user.bitlair.nl # Legacy - https://wiki.bitlair.nl - https://portal.bitlair.nl diff --git a/roles/acme/tasks/main.yaml b/roles/acme/tasks/main.yaml index 0be3133..01bf029 100644 --- a/roles/acme/tasks/main.yaml +++ b/roles/acme/tasks/main.yaml @@ -40,7 +40,7 @@ - name: Symlink SAN domains ansible.builtin.include_tasks: file: san_domains_loop.yaml - loop: "{{ acme_san_domains|default([]) }}" + loop: "{{ acme_san_domains | default([]) }}" loop_control: loop_var: domains diff --git a/roles/common/handlers/main.yaml b/roles/common/handlers/main.yaml index 15ce290..3f6d5b8 100644 --- a/roles/common/handlers/main.yaml +++ b/roles/common/handlers/main.yaml @@ -1,30 +1,27 @@ --- -- name: update grub +- name: Update grub ansible.builtin.command: cmd: update-grub -- name: reboot - ansible.builtin.reboot: - -- name: apt update +- name: Apt update ansible.builtin.apt: update_cache: true -- name: daemon reload +- name: Daemon reload ansible.builtin.systemd: daemon_reload: true -- name: reload sshd +- name: Reload sshd ansible.builtin.systemd: name: ssh state: reloaded -- name: reload nginx +- name: Reload nginx ansible.builtin.systemd: name: nginx state: reloaded -- name: persist iptables +- name: Persist iptables ansible.builtin.shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}" with_items: - { c: iptables, ip: v4 } diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml index 3ff5041..f986713 100644 --- a/roles/common/tasks/debian-upgrade.yaml +++ b/roles/common/tasks/debian-upgrade.yaml @@ -21,9 +21,6 @@ ansible.builtin.apt: upgrade: full -- name: Reboot - ansible.builtin.reboot: - - name: autoremove ansible.builtin.apt: autoremove: yes diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index a02e163..fc597aa 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -96,7 +96,7 @@ path: /etc/default/grub regexp: '^GRUB_TIMEOUT=' line: "GRUB_TIMEOUT=1 # Managed by Ansible" - notify: update grub + notify: Update grub - name: Configure cron email ansible.builtin.lineinfile: @@ -118,63 +118,5 @@ - regexp: '^#?DebianBanner' line: 'DebianBanner no' when: manage_sshd_config | default(true) - notify: reload sshd + notify: Reload sshd -- name: Allow SSH - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ ssh_port }}" - ctstate: NEW - jump: ACCEPT - ip_version: "{{ item }}" - with_items: - - ipv4 - - ipv6 - notify: persist iptables - when: not nft | bool - -- name: Allow ICMP - ansible.builtin.iptables: - chain: INPUT - protocol: "{{ item.proto }}" - jump: ACCEPT - ip_version: "{{ item.ip }}" - with_items: - - { ip: ipv4, proto: icmp } - - { ip: ipv6, proto: ipv6-icmp } - notify: persist iptables - when: not nft | bool - -- name: Allow related and established connections - ansible.builtin.iptables: - chain: INPUT - ctstate: ESTABLISHED,RELATED - jump: ACCEPT - ip_version: "{{ item }}" - with_items: - - ipv4 - - ipv6 - notify: persist iptables - when: not nft | bool - -- name: Allow local connections - ansible.builtin.iptables: - chain: INPUT - source: "{{ item.cidr }}" - jump: ACCEPT - ip_version: "{{ item.v }}" - with_items: "{{ trusted_ranges }}" - notify: persist iptables - when: not nft | bool - -- name: Deny inbound connections - ansible.builtin.iptables: - chain: INPUT - policy: DROP - ip_version: "{{ item }}" - with_items: - - ipv4 - - ipv6 - notify: persist iptables - when: not nft | bool diff --git a/roles/common/tasks/network.yaml b/roles/common/tasks/network.yaml index 9d5e471..7e2a75b 100644 --- a/roles/common/tasks/network.yaml +++ b/roles/common/tasks/network.yaml @@ -13,7 +13,6 @@ with_items: - { k: net.ipv4.ip_forward, v: "1" } - { k: net.ipv6.conf.all.forwarding, v: "1" } - notify: reboot when: network_br - name: Make network interfaces really predictable @@ -22,8 +21,7 @@ regexp: ^GRUB_CMDLINE_LINUX line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible' notify: - - update grub - - reboot + - Update grub when: network_br or network_dhcp or network_static - name: Configure network interfaces @@ -33,7 +31,6 @@ owner: root group: root mode: 0644 - notify: reboot when: network_br or network_dhcp or network_static - ansible.builtin.meta: flush_handlers diff --git a/roles/common/tasks/vm.yaml b/roles/common/tasks/vm.yaml index 505c03f..e1921ec 100644 --- a/roles/common/tasks/vm.yaml +++ b/roles/common/tasks/vm.yaml @@ -12,7 +12,6 @@ regexp: ^GRUB_CMDLINE_LINUX_DEFAULT line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"' notify: - - update grub - - reboot + - Update grub tags: - questagent diff --git a/roles/common/templates/authorized_keys.j2 b/roles/common/templates/authorized_keys.j2 index 182dc36..9df7ff6 100644 --- a/roles/common/templates/authorized_keys.j2 +++ b/roles/common/templates/authorized_keys.j2 @@ -2,5 +2,5 @@ {% for name in root_access %} # {{ name }} -{{ lookup('file', 'authorized_keys/'+name+'.keys') }} +{{ lookup('file', 'authorized_keys/' + name + '.keys') }} {% endfor %} diff --git a/roles/common/templates/sources.list.j2 b/roles/common/templates/sources.list.j2 index 9aac632..3945e1d 100644 --- a/roles/common/templates/sources.list.j2 +++ b/roles/common/templates/sources.list.j2 @@ -1,9 +1,9 @@ # {{ ansible_managed }} -{% if debian_source_repos|default(false) %} -{% set SRC = "" %} +{% if debian_source_repos | default(false) %} +{% set SRC = "" %} {% else %} -{% set SRC = "# " %} +{% set SRC = "# " %} {% endif %} {% set components = "main contrib non-free-firmware" %} diff --git a/roles/etherpad/tasks/main.yaml b/roles/etherpad/tasks/main.yaml index 2adf731..0f4beb5 100644 --- a/roles/etherpad/tasks/main.yaml +++ b/roles/etherpad/tasks/main.yaml @@ -15,7 +15,7 @@ -o /usr/share/keyrings/nodesource.gpg args: creates: /usr/share/keyrings/nodesource.gpg - notify: apt update + notify: Apt update - name: Install nodesource source list ansible.builtin.template: @@ -24,7 +24,7 @@ owner: root group: root mode: 0644 - notify: apt update + notify: Apt update - name: Install nodejs apt preference ansible.builtin.template: @@ -33,7 +33,7 @@ owner: root group: root mode: 0644 - notify: apt update + notify: Apt update - ansible.builtin.meta: flush_handlers @@ -88,7 +88,7 @@ version: master dest: /opt/etherpad accept_hostkey: yes - notify: restart etherpad + notify: Restart etherpad - name: Install etherpad config ansible.builtin.template: @@ -97,7 +97,7 @@ owner: root group: root mode: 0644 - notify: restart etherpad + notify: Restart etherpad - name: Install etherpad service ansible.builtin.template: @@ -106,14 +106,14 @@ owner: root group: root mode: 0644 - notify: restart etherpad + notify: Restart etherpad - name: Start etherpad ansible.builtin.systemd: daemon_reload: true name: etherpad state: started - enabled: yes + enabled: true - name: Install nginx config ansible.builtin.template: @@ -122,21 +122,5 @@ owner: root group: root mode: 0644 - notify: reload nginx + notify: Reload nginx -- name: Allow HTTP and HTTPS - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ item.port }}" - ctstate: NEW - jump: ACCEPT - ip_version: "{{ item.ip }}" - action: insert - with_items: - - { ip: ipv4, port: 80 } - - { ip: ipv4, port: 443 } - - { ip: ipv6, port: 80 } - - { ip: ipv6, port: 443 } - notify: persist iptables - when: not nft | bool diff --git a/roles/etherpad/tasks/requirements.yml b/roles/etherpad/tasks/requirements.yml index 060cde3..0b8dbb8 100644 --- a/roles/etherpad/tasks/requirements.yml +++ b/roles/etherpad/tasks/requirements.yml @@ -1,3 +1,5 @@ +--- + collections: - name: community.postgresql version: 2.3.2 diff --git a/roles/git-ci/tasks/main.yaml b/roles/git-ci/tasks/main.yaml index a01a11a..d677a61 100644 --- a/roles/git-ci/tasks/main.yaml +++ b/roles/git-ci/tasks/main.yaml @@ -1,50 +1,50 @@ --- -- tags: forgejo_runner - block: - - name: Install dependencies - ansible.builtin.apt: - name: docker.io - - name: Download forgejo-runner - ansible.builtin.get_url: - url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64" - dest: /usr/local/bin/forgejo-runner - mode: 0755 - notify: restart forgejo-runner +- name: Install dependencies + ansible.builtin.apt: + name: docker.io - - name: Create runner dir - ansible.builtin.file: - state: directory - path: "{{ runner_wd }}" - owner: root - group: root - mode: 0755 +- name: Download forgejo-runner + ansible.builtin.get_url: + url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64" + dest: /usr/local/bin/forgejo-runner + mode: 0755 + notify: restart forgejo-runner - - name: Register runner - ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" - args: - chdir: "{{ runner_wd }}" - creates: "{{ runner_wd }}/.runner" +- name: Create runner dir + ansible.builtin.file: + state: directory + path: "{{ runner_wd }}" + owner: root + group: root + mode: 0755 - - name: Install service file - ansible.builtin.template: - src: forgejo-runner.service - dest: /etc/systemd/system/forgejo-runner.service - owner: root - group: root - mode: 0644 - notify: restart forgejo-runner +- name: Register runner + ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" + args: + chdir: "{{ runner_wd }}" + creates: "{{ runner_wd }}/.runner" - - name: Enable service - ansible.builtin.systemd: - name: forgejo-runner - enabled: yes - daemon_reload: true +- name: Install service file + ansible.builtin.template: + src: forgejo-runner.service + dest: /etc/systemd/system/forgejo-runner.service + owner: root + group: root + mode: 0644 + notify: restart forgejo-runner - - name: Start service - ansible.builtin.systemd: - name: forgejo-runner - state: started - daemon_reload: true +- name: Enable service + ansible.builtin.systemd: + name: forgejo-runner + enabled: true + daemon_reload: true - - ansible.builtin.meta: flush_handlers +- name: Start service + ansible.builtin.systemd: + name: forgejo-runner + state: started + daemon_reload: true + +- name: Flush handlers + ansible.builtin.meta: flush_handlers diff --git a/roles/git-server/tasks/main.yaml b/roles/git-server/tasks/main.yaml index 112033e..5104ef5 100644 --- a/roles/git-server/tasks/main.yaml +++ b/roles/git-server/tasks/main.yaml @@ -14,14 +14,14 @@ owner: root group: root mode: 0644 - notify: reload nginx + notify: Reload nginx - name: Enable nginx site ansible.builtin.file: src: /etc/nginx/sites-available/forgejo dest: /etc/nginx/sites-enabled/forgejo state: link - notify: reload nginx + notify: Reload nginx - name: Create user ansible.builtin.user: @@ -38,7 +38,6 @@ group: "{{ git_server_user }}" mode: 0755 - # TODO: Install initial config - name: Install service file @@ -48,7 +47,7 @@ owner: root group: root mode: 0644 - notify: reload forgejo + notify: Reload forgejo - name: Install update script ansible.builtin.template: @@ -62,12 +61,12 @@ ansible.builtin.command: "{{ git_server_working_dir }}/update.sh" args: creates: "{{ git_server_working_dir }}/forgejo" - notify: reload forgejo + notify: Reload forgejo - name: Enable service ansible.builtin.systemd: name: forgejo - enabled: yes + enabled: true daemon_reload: true - name: Start service @@ -81,24 +80,6 @@ src: cronjob dest: /etc/cron.d/forgejo -- name: Allow Git SSH, HTTP and HTTPS - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ item.port }}" - ctstate: NEW - jump: ACCEPT - ip_version: "{{ item.ip }}" - action: insert - with_items: - - { ip: ipv4, port: 80 } - - { ip: ipv4, port: 22 } - - { ip: ipv4, port: 443 } - - { ip: ipv6, port: 80 } - - { ip: ipv6, port: 22 } - - { ip: ipv6, port: 443 } - notify: persist iptables - when: not nft | bool - -- ansible.builtin.debug: - msg: If Forgejo has not been setup yet, please do so manually. +- name: Debug + ansible.builtin.debug: + msg: "If Forgejo has not been setup yet, please do so manually." diff --git a/roles/go/tasks/main.yaml b/roles/go/tasks/main.yaml index b787d21..ab16901 100644 --- a/roles/go/tasks/main.yaml +++ b/roles/go/tasks/main.yaml @@ -19,11 +19,11 @@ register: go_latest_version_shell - name: Format Go latest version variable - set_fact: + ansible.builtin.set_fact: go_latest_version: "{{ go_latest_version_shell.stdout }}" - name: Detect installed Go version - shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none" + ansible.builtin.shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none" register: go_installed_version_shell changed_when: false @@ -31,19 +31,20 @@ set_fact: go_installed_version: "{{ go_installed_version_shell.stdout }}" - - debug: + - name: Debug + ansible.builtin.debug: msg: - "Latest Go version: {{ go_latest_version}}" - "Installed Go version: {{ go_installed_version }}" - name: Remove installed go - file: + ansible.builtin.file: state: absent path: /usr/local/go when: go_installed_version != go_latest_version - name: Install Go - unarchive: + ansible.builtin.unarchive: src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz dest: /usr/local remote_src: yes @@ -52,7 +53,7 @@ when: go_installed_version != go_latest_version - name: Configure Go environment - template: + ansible.builtin.template: src: go.profile dest: /etc/profile.d/go.sh owner: root @@ -60,7 +61,7 @@ mode: 0644 - name: Link go binary - file: + ansible.builtin.file: state: link src: /usr/local/go/bin/go dest: /usr/local/bin/go diff --git a/roles/monitoring/tasks/main.yaml b/roles/monitoring/tasks/main.yaml index f43992a..2017d5b 100644 --- a/roles/monitoring/tasks/main.yaml +++ b/roles/monitoring/tasks/main.yaml @@ -7,35 +7,20 @@ owner: root group: root mode: 0644 - notify: reload nginx + notify: Reload nginx - name: Enable nginx site ansible.builtin.file: src: /etc/nginx/sites-available/monitoring dest: /etc/nginx/sites-enabled/monitoring state: link - notify: reload nginx + notify: Reload nginx - name: Start nginx ansible.builtin.systemd: name: nginx state: started - enabled: yes - -- name: Allow HTTP/HTTPS - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ item.port }}" - ctstate: NEW - jump: ACCEPT - ip_version: "{{ item.ip }}" - action: insert - with_items: - - { ip: ipv6, port: 80 } - - { ip: ipv6, port: 443 } - notify: persist iptables - when: not nft | bool + enabled: true - name: mqtt_exporter tags: mqtt_exporter diff --git a/roles/monitoring/templates/grafana.ini b/roles/monitoring/templates/grafana.ini index be8c995..a954c62 100644 --- a/roles/monitoring/templates/grafana.ini +++ b/roles/monitoring/templates/grafana.ini @@ -69,6 +69,9 @@ level = info [grafana_com] url = https://grafana.com +[auth] +oauth_allow_insecure_email_lookup=true + [auth.anonymous] enabled = true org_name = Bitlair diff --git a/roles/mqtt/tasks/main.yaml b/roles/mqtt/tasks/main.yaml index 89f9064..498f49c 100644 --- a/roles/mqtt/tasks/main.yaml +++ b/roles/mqtt/tasks/main.yaml @@ -29,4 +29,4 @@ ansible.builtin.systemd: name: mosquitto state: started - enabled: yes + enabled: true diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 5ef0e4f..2d77dbb 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -2,37 +2,37 @@ - ansible.builtin.import_tasks: file: ../../common/handlers/main.yaml -- name: restart trollibox +- name: Restart trollibox ansible.builtin.systemd: name: trollibox state: restarted daemon_reload: true -- name: rebuild librespot +- name: Rebuild librespot ansible.builtin.command: cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend args: chdir: /opt/librespot -- name: restart librespot +- name: Restart librespot ansible.builtin.systemd: name: librespot state: restarted daemon_reload: true -- name: restart soundboard +- name: Restart soundboard ansible.builtin.systemd: name: soundboard state: restarted daemon_reload: true -- name: restart mpd-volume-to-mqtt +- name: Restart mpd-volume-to-mqtt ansible.builtin.systemd: name: mpd-volume-to-mqtt state: restarted daemon_reload: true -- name: restart skipbutton +- name: Restart skipbutton ansible.builtin.systemd: name: skipbutton state: restarted diff --git a/roles/music/tasks/librespot.yaml b/roles/music/tasks/librespot.yaml index 9bf3154..2a8d19b 100644 --- a/roles/music/tasks/librespot.yaml +++ b/roles/music/tasks/librespot.yaml @@ -11,8 +11,8 @@ dest: /opt/librespot accept_hostkey: yes notify: - - rebuild librespot - - restart librespot + - Rebuild librespot + - Restart librespot - name: Install service file ansible.builtin.template: @@ -21,7 +21,7 @@ owner: root group: root mode: 0644 - notify: restart librespot + notify: Restart librespot - name: Enable Librespot ansible.builtin.systemd: diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index cad6eb9..e8a751c 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -1,28 +1,34 @@ --- -- tags: music_mpd + +- name: Import mpd ansible.builtin.import_tasks: file: mpd.yaml + tags: + - music_mpd -- tags: music_trollibox +- name: Import trollibox ansible.builtin.import_tasks: file: trollibox.yaml + tags: + - music_trollibox -- tags: music_librespot +- name: Librespot ansible.builtin.import_tasks: file: librespot.yaml + tags: + - music_librespot -- tags: music_soundboard +- name: Soundboard ansible.builtin.import_tasks: file: soundboard.yaml + tags: + - music_soundboard -- tags: music - block: - - - name: Install nginx config - ansible.builtin.template: - src: nginx-site.conf - dest: /etc/nginx/sites-enabled/trollibox - owner: root - group: root - mode: 0644 - notify: reload nginx +- name: Install nginx config + ansible.builtin.template: + src: nginx-site.conf + dest: /etc/nginx/sites-enabled/trollibox + owner: root + group: root + mode: 0644 + notify: Reload nginx diff --git a/roles/music/tasks/mpd.yaml b/roles/music/tasks/mpd.yaml index d372d12..eb88133 100644 --- a/roles/music/tasks/mpd.yaml +++ b/roles/music/tasks/mpd.yaml @@ -1,4 +1,5 @@ --- + - name: Install MPD ansible.builtin.apt: name: @@ -15,7 +16,7 @@ owner: root group: root mode: 0644 - notify: restart mpd-volume-to-mqtt + notify: Restart mpd-volume-to-mqtt - name: Install mpd-volume-to-mqtt service ansible.builtin.template: @@ -24,7 +25,7 @@ owner: root group: root mode: 0644 - notify: restart mpd-volume-to-mqtt + notify: Restart mpd-volume-to-mqtt - name: Enable mpd-volume-to-mqtt ansible.builtin.systemd: @@ -39,7 +40,7 @@ version: master dest: /opt/skipbutton accept_hostkey: yes - notify: restart skipbutton + notify: Restart skipbutton - name: Install skipbutton service ansible.builtin.template: @@ -48,7 +49,7 @@ owner: root group: root mode: 0644 - notify: restart skipbutton + notify: Restart skipbutton - name: Enable skipbutton ansible.builtin.systemd: diff --git a/roles/music/tasks/soundboard.yaml b/roles/music/tasks/soundboard.yaml index 6068976..a0ea558 100644 --- a/roles/music/tasks/soundboard.yaml +++ b/roles/music/tasks/soundboard.yaml @@ -10,7 +10,7 @@ version: main dest: /opt/soundboard accept_hostkey: yes - notify: restart soundboard + notify: Restart soundboard - name: Create virtualenv ansible.builtin.command: @@ -31,7 +31,7 @@ owner: root group: root mode: 0644 - notify: restart soundboard + notify: Restart soundboard - name: Install soundboard service file ansible.builtin.template: @@ -40,7 +40,7 @@ owner: root group: root mode: 0644 - notify: restart soundboard + notify: Restart soundboard - name: Enable soundboard ansible.builtin.systemd: diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml index 29c544a..0b20b4a 100644 --- a/roles/music/tasks/trollibox.yaml +++ b/roles/music/tasks/trollibox.yaml @@ -5,8 +5,8 @@ dest: /etc/trollibox.yaml owner: root group: root - mode: 0644 - notify: restart trollibox + mode: "0644" + notify: Restart trollibox - name: Get latest Trollibox version from Github API ansible.builtin.get_url: @@ -25,8 +25,8 @@ remote_src: yes dest: /usr/local/bin include: [ trollibox ] - mode: 0755 - notify: restart trollibox + mode: "0755" + notify: Restart trollibox - name: Install service file ansible.builtin.template: @@ -34,8 +34,8 @@ dest: /etc/systemd/system/trollibox.service owner: root group: root - mode: 0644 - notify: restart trollibox + mode: "0644" + notify: Restart trollibox - name: Enable Trollibox ansible.builtin.systemd: diff --git a/roles/nft/templates/nftables.conf.j2 b/roles/nft/templates/nftables.conf.j2 index ce52b65..583639b 100644 --- a/roles/nft/templates/nftables.conf.j2 +++ b/roles/nft/templates/nftables.conf.j2 @@ -73,15 +73,15 @@ set trusted6 { } accept # Open ssh only for trusted machines - ip saddr @trusted4 tcp dport { {{ trusted_ports|join(', ') }} } accept - ip6 saddr @trusted6 tcp dport { {{ trusted_ports|join(', ') }} } accept + ip saddr @trusted4 tcp dport { {{ trusted_ports | join(', ') }} } accept + ip6 saddr @trusted6 tcp dport { {{ trusted_ports | join(', ') }} } accept # Rules based on group-vars {% for custom in nft_group_rules %} {% if custom.comment is defined %} - # {{ custom.comment|default('') }} + # {{ custom.comment | default('') }} {% endif %} - {{ custom.version|default('ip') }} saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }} + {{ custom.version | default('ip') }} saddr { {{ custom.from | join(', ') }} } {{ custom.proto | default('tcp') }} dport { {{ custom.port }} } {{ custom.policy | default('accept') }} {% endfor %} diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml index b6fd46e..55f38e5 100644 --- a/roles/nginx/defaults/main.yaml +++ b/roles/nginx/defaults/main.yaml @@ -4,7 +4,6 @@ nginx_package: "nginx-light" nginx_user: "www-data" nginx_modules_dir: "/etc/nginx/modules-enabled" - nginx_tls_version: "TLSv1.2 TLSv1.3" nginx_tls_cipherlist: "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:!SHA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" nginx_tls_curve: "prime256v1:secp384r1" @@ -14,4 +13,3 @@ nginx_ssl_stapling: "on" nginx_ssl_stapling_verify: "on" nginx_wk_acme: "/var/lib/dehydrated/acme-challenges" nginx_client_max_body_size: "32m" - diff --git a/roles/nginx/templates/site.conf.j2 b/roles/nginx/templates/site.conf.j2 index 6a4dfb7..d48f46f 100644 --- a/roles/nginx/templates/site.conf.j2 +++ b/roles/nginx/templates/site.conf.j2 @@ -4,7 +4,7 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name {{ site.server_name|default(inventory_hostname) }}{% if site.server_alias is defined %} {{ site.server_alias }}{% endif %}; + server_name {{ site.server_name | default(inventory_hostname) }}{% if site.server_alias is defined %} {{ site.server_alias }}{% endif %}; include /etc/nginx/tls_params; ssl_certificate /var/lib/dehydrated/certs/{{ site.server_name }}/fullchain.pem; @@ -28,7 +28,7 @@ server { # Include snippets {% for file in site.snippets | default([]) %} -{% include "snippets/" ~ file %} +{% include "snippets/" ~ file %} {% endfor %} # Per site configuration diff --git a/roles/photos/tasks/bambulab-fetch.yaml b/roles/photos/tasks/bambulab-fetch.yaml index ef2d351..b050af9 100644 --- a/roles/photos/tasks/bambulab-fetch.yaml +++ b/roles/photos/tasks/bambulab-fetch.yaml @@ -33,5 +33,5 @@ ansible.builtin.systemd: name: bambulab-fetch state: started - enabled: yes + enabled: true daemon_reload: true diff --git a/roles/photos/tasks/photo-gallery.yaml b/roles/photos/tasks/photo-gallery.yaml index 6551040..5a6cfff 100644 --- a/roles/photos/tasks/photo-gallery.yaml +++ b/roles/photos/tasks/photo-gallery.yaml @@ -33,5 +33,5 @@ ansible.builtin.systemd: name: photo-gallery state: started - enabled: yes + enabled: true daemon_reload: true diff --git a/roles/photos/tasks/photos2mqtt.yaml b/roles/photos/tasks/photos2mqtt.yaml index 9f14cff..755a4ec 100644 --- a/roles/photos/tasks/photos2mqtt.yaml +++ b/roles/photos/tasks/photos2mqtt.yaml @@ -31,5 +31,5 @@ ansible.builtin.systemd: name: photos2mqtt state: started - enabled: yes + enabled: true daemon_reload: true diff --git a/roles/raspi/tasks/main.yaml b/roles/raspi/tasks/main.yaml index a787e5c..1420e09 100644 --- a/roles/raspi/tasks/main.yaml +++ b/roles/raspi/tasks/main.yaml @@ -15,7 +15,7 @@ - name: Enable sshd ansible.builtin.systemd: name: sshd - enabled: yes + enabled: true state: started - name: Rotate display @@ -24,7 +24,6 @@ line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible" regexp: "^#?display_rotate" when: raspi_rotate_display is defined - notify: reboot - name: Disable swap block: @@ -45,4 +44,3 @@ path: /etc/dhcpcd.conf line: "slaac hwaddr # Managed by Ansible" regexp: "^#?slaac" - notify: reboot diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 16c20d6..186b8f8 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -1,4 +1,5 @@ --- + - name: Install dependencies ansible.builtin.apt: name: @@ -32,12 +33,12 @@ dest: /etc/systemd/system/discord-bot.service owner: root group: root - mode: 0644 + mode: "0644" notify: restart discord-bot - name: Start discord-bot ansible.builtin.systemd: name: discord-bot state: started - enabled: yes + enabled: true daemon_reload: true diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml index 6d9462a..e1e4649 100644 --- a/roles/services/tasks/ircbot.yaml +++ b/roles/services/tasks/ircbot.yaml @@ -29,7 +29,7 @@ ansible.builtin.systemd: name: irc-bot state: started - enabled: yes + enabled: true daemon_reload: true - name: Create helpers dir @@ -63,7 +63,7 @@ ansible.builtin.systemd: name: irc-photos state: started - enabled: yes + enabled: true daemon_reload: true - name: Install doorduino notification @@ -92,5 +92,5 @@ ansible.builtin.systemd: name: irc-doorduino state: started - enabled: yes + enabled: true daemon_reload: true diff --git a/roles/services/tasks/main.yaml b/roles/services/tasks/main.yaml index 5f17300..e082c5f 100644 --- a/roles/services/tasks/main.yaml +++ b/roles/services/tasks/main.yaml @@ -1,22 +1,43 @@ --- -- tags: services_ircbot + +- name: Import ircbot ansible.builtin.import_tasks: file: ircbot.yaml + tags: + - services_ircbot -- tags: services_discord_bot - ansible.builtin.import_tasks: discord_bot.yaml +- name: Import services_discord_bot + ansible.builtin.import_tasks: + file: discord_bot.yaml + tags: + - services_discord_bot -- tags: services_siahsd - import_tasks: siahsd.yaml +- name: Import siahsd + ansible.builtin.import_tasks: + file: siahsd.yaml + tags: + - services_siahsd -- tags: services_spacestated - import_tasks: spacestated.yaml +- name: Import spacestated + ansible.builtin.import_tasks: + file: spacestated.yaml + tags: + - services_spacestated -- tags: services_mastodon_spacestate - import_tasks: mastodon_spacestate.yaml +- name: Import mastodon_spacestate.yaml + ansible.builtin.import_tasks: + file: mastodon_spacestate.yaml + tags: + - services_mastodon_spacestate -- tags: services_wifi_mqtt - import_tasks: wifi_mqtt.yaml +- name: import wifi_mqtt + ansible.builtin.import_tasks: + file: wifi_mqtt.yaml + tags: + - services_wifi_mqtt -- tags: services_power_mqtt - import_tasks: power_mqtt.yaml +- name: Import power_mqt + ansible.builtin.import_tasks: + file: power_mqtt.yaml + tags: + - services_power_mqtt diff --git a/roles/services/tasks/mastodon_spacestate.yaml b/roles/services/tasks/mastodon_spacestate.yaml index 47886de..97786f9 100644 --- a/roles/services/tasks/mastodon_spacestate.yaml +++ b/roles/services/tasks/mastodon_spacestate.yaml @@ -11,7 +11,7 @@ version: main dest: /var/lib/mastodon-spacestate accept_hostkey: yes - notify: restart mastodon-spacestate + notify: Restart mastodon-spacestate - name: Install config ansible.builtin.template: @@ -20,7 +20,7 @@ owner: root group: root mode: 0655 - notify: restart mastodon-spacestate + notify: Restart mastodon-spacestate - name: Install service file ansible.builtin.template: @@ -29,11 +29,11 @@ owner: root group: root mode: 0644 - notify: restart mastodon-spacestate + notify: Restart mastodon-spacestate - name: Start mastodon-spacestate ansible.builtin.systemd: name: mastodon-spacestate state: started - enabled: yes + enabled: true daemon_reload: true diff --git a/roles/services/tasks/power_mqtt.yaml b/roles/services/tasks/power_mqtt.yaml index 3cc3e0f..406a274 100644 --- a/roles/services/tasks/power_mqtt.yaml +++ b/roles/services/tasks/power_mqtt.yaml @@ -10,7 +10,7 @@ owner: root group: root mode: 0755 - notify: restart power-mqtt + notify: Restart power-mqtt - name: Remove old service ansible.builtin.file: @@ -27,13 +27,13 @@ vars: description: "SMD630 to MQTT Probe" exec: "/var/lib/power-mqtt.py %i" - notify: restart power-mqtt@ + notify: Restart power-mqtt@ - name: Enable power-mqtt ansible.builtin.systemd: name: "power-mqtt@{{ item.net }}/{{ item.ip }}" state: started - enabled: yes + enabled: true daemon_reload: true with_items: - net: space diff --git a/roles/services/tasks/siahsd.yaml b/roles/services/tasks/siahsd.yaml index ba88c8c..c7c3b0b 100644 --- a/roles/services/tasks/siahsd.yaml +++ b/roles/services/tasks/siahsd.yaml @@ -7,6 +7,7 @@ state: directory owner: siahsd group: nogroup + mode: "0750" with_items: - /var/log/siahsd - /var/lib/siahsd @@ -17,8 +18,8 @@ dest: /etc/siahsd.conf owner: root group: root - mode: 0644 - notify: restart siahsd + mode: "0644" + notify: Restart siahsd - name: Install service file ansible.builtin.template: @@ -26,24 +27,13 @@ dest: /etc/systemd/system/siahsd.service owner: root group: root - mode: 0644 - notify: restart siahsd + mode: "0644" + notify: Restart siahsd - name: Start siahsd ansible.builtin.systemd: name: siahsd state: started - enabled: yes + enabled: true daemon_reload: true -- name: Allow siahsd traffic - ansible.builtin.iptables: - chain: INPUT - protocol: udp - destination_port: "4000" - jump: ACCEPT - ip_version: "{{ item }}" - action: insert - with_items: [ ipv4, ipv6 ] - notify: persist iptables - when: not nft | bool diff --git a/roles/services/tasks/spacestated.yaml b/roles/services/tasks/spacestated.yaml index 7c00bfd..54382f8 100644 --- a/roles/services/tasks/spacestated.yaml +++ b/roles/services/tasks/spacestated.yaml @@ -24,7 +24,7 @@ version: main dest: /var/lib/spacestated/spacestated accept_hostkey: yes - notify: restart spacestated + notify: Restart spacestated - name: Install service file ansible.builtin.template: @@ -33,11 +33,11 @@ owner: root group: root mode: 0644 - notify: restart spacestated + notify: Restart spacestated - name: Start spacestated ansible.builtin.systemd: name: spacestated state: started - enabled: yes + enabled: true daemon_reload: true diff --git a/roles/services/tasks/wifi_mqtt.yaml b/roles/services/tasks/wifi_mqtt.yaml index 4c76f05..688aeea 100644 --- a/roles/services/tasks/wifi_mqtt.yaml +++ b/roles/services/tasks/wifi_mqtt.yaml @@ -7,25 +7,25 @@ - make - name: Clone source - git: + ansible.builtin.git: repo: https://github.com/bitlair/wifi-mqtt.git version: main dest: /var/lib/wifi-mqtt accept_hostkey: yes - notify: restart wifi-mqtt + notify: Restart wifi-mqtt - name: Install service file - template: + ansible.builtin.template: src: wifi-mqtt.service dest: /etc/systemd/system/wifi-mqtt.service owner: root group: root - mode: 0644 - notify: restart wifi-mqtt + mode: "0644" + notify: Restart wifi-mqtt - name: Start wifi-mqtt - systemd: + ansible.builtin.systemd: name: wifi-mqtt state: started - enabled: yes + enabled: true daemon_reload: true diff --git a/roles/www/handlers/main.yaml b/roles/www/handlers/main.yaml index d5296b9..dcafe97 100644 --- a/roles/www/handlers/main.yaml +++ b/roles/www/handlers/main.yaml @@ -1,14 +1,15 @@ --- -- ansible.builtin.import_tasks: +- name: Import handlers + ansible.builtin.import_tasks: file: ../../common/handlers/main.yaml -- name: restart spaceapi +- name: Restart spaceapi ansible.builtin.systemd: name: spaceapi state: restarted daemon_reload: true -- name: restart mqtt2web +- name: Restart mqtt2web ansible.builtin.systemd: name: mqtt2web state: restarted diff --git a/roles/www/tasks/main.yaml b/roles/www/tasks/main.yaml index 114218a..382706a 100644 --- a/roles/www/tasks/main.yaml +++ b/roles/www/tasks/main.yaml @@ -1,16 +1,25 @@ --- -- tags: www_calendar + +- name: Import calendar ansible.builtin.import_tasks: file: calendar.yaml + tags: + - www_calendar -- tags: www_mediawiki +- name: Import mediawiki ansible.builtin.import_tasks: file: mediawiki.yaml + tags: + - www_mediawiki -- tags: www_mqtt +- name: Import mqtt ansible.builtin.import_tasks: file: mqtt.yaml + tags: + - www_mqtt -- tags: www_spaceapi +- name: Import spaceapi ansible.builtin.import_tasks: file: spaceapi.yaml + tags: + - www_spaceapi diff --git a/roles/www/tasks/mediawiki.yaml b/roles/www/tasks/mediawiki.yaml index 5113131..2eb69f4 100644 --- a/roles/www/tasks/mediawiki.yaml +++ b/roles/www/tasks/mediawiki.yaml @@ -1,4 +1,5 @@ --- + - name: Install dependencies ansible.builtin.apt: name: php-fpm @@ -12,19 +13,3 @@ group: root mode: 0644 -- name: Allow HTTP/HTTPS - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ item.port }}" - ctstate: NEW - jump: ACCEPT - ip_version: "{{ item.ip }}" - action: insert - with_items: - - { ip: ipv4, port: 80 } - - { ip: ipv4, port: 443 } - - { ip: ipv6, port: 80 } - - { ip: ipv6, port: 443 } - notify: persist iptables - when: not nft | bool diff --git a/roles/www/tasks/mqtt.yaml b/roles/www/tasks/mqtt.yaml index 94dc0bf..f96fadd 100644 --- a/roles/www/tasks/mqtt.yaml +++ b/roles/www/tasks/mqtt.yaml @@ -1,4 +1,5 @@ --- + - name: Install dependencies ansible.builtin.apt: name: @@ -6,32 +7,17 @@ - liblinux-epoll-perl - mosquitto -- name: Allow MQTT - ansible.builtin.iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ item.port }}" - ctstate: NEW - jump: ACCEPT - ip_version: "{{ item.ip }}" - action: insert - with_items: - - { ip: ipv4, port: 1883 } - - { ip: ipv6, port: 1883 } - notify: persist iptables - when: not nft | bool - - name: Install mqtt-simple - ansible.builtin.command: - cmd: cpan Net::MQTT::Simple + community.general.cpanm: + name: Net::MQTT::Simple - name: Clone mqtt2web source ansible.builtin.git: repo: https://github.com/bitlair/mqtt2web.git version: master dest: /opt/mqtt2web - accept_hostkey: yes - notify: restart mqtt2web + accept_hostkey: true + notify: Restart mqtt2web - name: Install mqtt2web service file ansible.builtin.template: @@ -41,10 +27,11 @@ group: root mode: 0644 notify: - - daemon reload - - restart mqtt2web + - Daemon reload + - Restart mqtt2web -- ansible.builtin.meta: flush_handlers +- name: Flush handlers + ansible.builtin.meta: flush_handlers - name: Enable mqtt2web ansible.builtin.systemd: diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml index a819839..7c8a494 100644 --- a/roles/www/tasks/spaceapi.yaml +++ b/roles/www/tasks/spaceapi.yaml @@ -4,8 +4,8 @@ repo: https://github.com/bitlair/spaceapi.git version: main dest: /opt/spaceapi - accept_hostkey: yes - notify: restart spaceapi + accept_hostkey: true + notify: Restart spaceapi - name: Install spaceapi service file ansible.builtin.template: @@ -13,8 +13,8 @@ dest: /etc/systemd/system/spaceapi.service owner: root group: root - mode: 0644 - notify: restart spaceapi + mode: "0644" + notify: Restart spaceapi - name: Enable spaceapi ansible.builtin.systemd: From 67087c4f489154b82748269a19107b4f86082ddd Mon Sep 17 00:00:00 2001 From: Mark Janssen Date: Wed, 31 Jul 2024 21:18:50 +0200 Subject: [PATCH 2/2] Ignore errors on git task --- roles/common/tasks/main.yaml | 1 + roles/etherpad/handlers/main.yaml | 2 +- roles/services/handlers/main.yaml | 18 +++++++++--------- roles/services/tasks/discord_bot.yaml | 5 +++-- roles/services/tasks/ircbot.yaml | 13 +++++++------ roles/services/tasks/mastodon_spacestate.yaml | 1 + roles/services/tasks/spacestated.yaml | 1 + roles/services/tasks/wifi_mqtt.yaml | 1 + 8 files changed, 24 insertions(+), 18 deletions(-) diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index fc597aa..865de63 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -76,6 +76,7 @@ - vim - unattended-upgrades - apt-listchanges + - sudo-ldap - name: Configure FZF for Bash ansible.builtin.lineinfile: diff --git a/roles/etherpad/handlers/main.yaml b/roles/etherpad/handlers/main.yaml index 82924a6..7aea6eb 100644 --- a/roles/etherpad/handlers/main.yaml +++ b/roles/etherpad/handlers/main.yaml @@ -2,7 +2,7 @@ - ansible.builtin.import_tasks: file: ../../common/handlers/main.yaml -- name: restart etherpad +- name: Restart etherpad ansible.builtin.systemd: name: etherpad state: restarted diff --git a/roles/services/handlers/main.yaml b/roles/services/handlers/main.yaml index 125fc4d..fb69a73 100644 --- a/roles/services/handlers/main.yaml +++ b/roles/services/handlers/main.yaml @@ -2,55 +2,55 @@ - ansible.builtin.import_tasks: file: ../../common/handlers/main.yaml -- name: restart irc-bot +- name: Restart irc-bot ansible.builtin.systemd: name: irc-bot state: restarted daemon_reload: true -- name: restart irc-photos +- name: Restart irc-photos ansible.builtin.systemd: name: irc-photos state: restarted daemon_reload: true -- name: restart irc-doorduino +- name: Restart irc-doorduino ansible.builtin.systemd: name: irc-doorduino state: restarted daemon_reload: true -- name: restart discord-bot +- name: Restart discord-bot ansible.builtin.systemd: name: discord-bot state: restarted daemon_reload: true -- name: restart siahsd +- name: Restart siahsd ansible.builtin.systemd: name: siahsd state: restarted daemon_reload: true -- name: restart spacestated +- name: Restart spacestated ansible.builtin.systemd: name: spacestated state: restarted daemon_reload: true -- name: restart mastodon-spacestate +- name: Restart mastodon-spacestate ansible.builtin.systemd: name: mastodon-spacestate state: restarted daemon_reload: true -- name: restart wifi-mqtt +- name: Restart wifi-mqtt ansible.builtin.systemd: name: wifi-mqtt state: restarted daemon_reload: true -- name: restart power-mqtt +- name: Restart power-mqtt ansible.builtin.systemd: name: power-mqtt state: restarted diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 186b8f8..1889db4 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -25,7 +25,8 @@ version: main dest: /var/lib/discord-bot accept_hostkey: yes - notify: restart discord-bot + notify: Restart discord-bot + ignore_errors: true - name: Install service file ansible.builtin.template: @@ -34,7 +35,7 @@ owner: root group: root mode: "0644" - notify: restart discord-bot + notify: Restart discord-bot - name: Start discord-bot ansible.builtin.systemd: diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml index e1e4649..e635302 100644 --- a/roles/services/tasks/ircbot.yaml +++ b/roles/services/tasks/ircbot.yaml @@ -5,7 +5,8 @@ version: master dest: /var/lib/irc-bot accept_hostkey: yes - notify: restart irc-bot + ignore_errors: true + notify: Restart irc-bot - name: Link irc-say ansible.builtin.file: @@ -23,7 +24,7 @@ vars: description: Bitlair IRC bot exec: /bin/bash /var/lib/irc-bot/irc-bot - notify: restart irc-bot + notify: Restart irc-bot - name: Start irc-bot ansible.builtin.systemd: @@ -44,7 +45,7 @@ owner: root group: root mode: 0755 - notify: restart irc-photos + notify: Restart irc-photos - name: Install photos notification service ansible.builtin.template: @@ -57,7 +58,7 @@ description: Bitlair IRC photos notification requires: irc-bot.service exec: /bin/bash /var/lib/irc-helpers/photos.sh - notify: restart irc-photos + notify: Restart irc-photos - name: Start irc-photos ansible.builtin.systemd: @@ -73,7 +74,7 @@ owner: root group: root mode: 0755 - notify: restart irc-doorduino + notify: Restart irc-doorduino - name: Install doorduino notification service ansible.builtin.template: @@ -86,7 +87,7 @@ description: Bitlair IRC doorduino notification requires: irc-bot.service exec: /bin/bash /var/lib/irc-helpers/doorduino.sh - notify: restart irc-doorduino + notify: Restart irc-doorduino - name: Start irc-doorduino ansible.builtin.systemd: diff --git a/roles/services/tasks/mastodon_spacestate.yaml b/roles/services/tasks/mastodon_spacestate.yaml index 97786f9..53f979e 100644 --- a/roles/services/tasks/mastodon_spacestate.yaml +++ b/roles/services/tasks/mastodon_spacestate.yaml @@ -12,6 +12,7 @@ dest: /var/lib/mastodon-spacestate accept_hostkey: yes notify: Restart mastodon-spacestate + ignore_errors: true - name: Install config ansible.builtin.template: diff --git a/roles/services/tasks/spacestated.yaml b/roles/services/tasks/spacestated.yaml index 54382f8..3cff5bb 100644 --- a/roles/services/tasks/spacestated.yaml +++ b/roles/services/tasks/spacestated.yaml @@ -25,6 +25,7 @@ dest: /var/lib/spacestated/spacestated accept_hostkey: yes notify: Restart spacestated + ignore_errors: true - name: Install service file ansible.builtin.template: diff --git a/roles/services/tasks/wifi_mqtt.yaml b/roles/services/tasks/wifi_mqtt.yaml index 688aeea..8bb8353 100644 --- a/roles/services/tasks/wifi_mqtt.yaml +++ b/roles/services/tasks/wifi_mqtt.yaml @@ -13,6 +13,7 @@ dest: /var/lib/wifi-mqtt accept_hostkey: yes notify: Restart wifi-mqtt + ignore_errors: true - name: Install service file ansible.builtin.template: