bitlair/ansible
6
0
Fork 1
Code Issues Pull requests Releases Activity

Automated changes from linter ;P

Browse source
This commit is contained in:
Mark Janssen 2024-07-11 20:47:52 +02:00
parent 44b73a216f
commit f7f04e7a41
Signed by: foobar
GPG key ID: D8674D8FC4F69BD2
65 changed files with 392 additions and 324 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/acme/handlers/main.yaml
View file

@ -1,5 +1,7 @@
- name: update_contact_info - name: update_contact_info
command: dehydrated --account ansible.builtin.command:
cmd: dehydrated --account
- name: query_certificates - name: query_certificates
command: dehydrated --cron ansible.builtin.command:
cmd: dehydrated --cron

25
roles/acme/tasks/main.yaml
View file

@ -1,22 +1,23 @@
--- ---
- import_tasks: remove_conflicting.yaml - ansible.builtin.import_tasks:
file: remove_conflicting.yaml
tags: [ never, acme_remove_conflicting ] tags: [ never, acme_remove_conflicting ]
- name: Install Dehydrated - name: Install Dehydrated
tags: [ acme, acme_install ] tags: [ acme, acme_install ]
block: block:
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: ssl-cert name: ssl-cert
state: present state: present
- name: Install Dehydrated - name: Install Dehydrated
apt: ansible.builtin.apt:
name: dehydrated name: dehydrated
state: present state: present
- name: Install config file - name: Install config file
template: ansible.builtin.template:
src: config.sh src: config.sh
dest: /etc/dehydrated/conf.d/ansible.sh dest: /etc/dehydrated/conf.d/ansible.sh
owner: root owner: root
@ -25,7 +26,7 @@
notify: update_contact_info notify: update_contact_info
- name: Install deploy hook - name: Install deploy hook
template: ansible.builtin.template:
src: deploy.sh src: deploy.sh
dest: /etc/dehydrated/conf.d/deploy.sh dest: /etc/dehydrated/conf.d/deploy.sh
owner: root owner: root
@ -33,7 +34,7 @@
mode: 0755 mode: 0755
- name: Install cronjob - name: Install cronjob
template: ansible.builtin.template:
src: cron src: cron
dest: /etc/cron.d/dehydrated dest: /etc/cron.d/dehydrated
owner: root owner: root
@ -41,7 +42,7 @@
mode: 0644 mode: 0644
- name: Create Nginx snippet snippets dir - name: Create Nginx snippet snippets dir
file: ansible.builtin.file:
state: directory state: directory
path: /etc/nginx/snippets path: /etc/nginx/snippets
owner: root owner: root
@ -49,7 +50,7 @@
mode: 0755 mode: 0755
- name: Install Nginx snippet - name: Install Nginx snippet
template: ansible.builtin.template:
src: nginx-snippet.conf src: nginx-snippet.conf
dest: /etc/nginx/snippets/acme.conf dest: /etc/nginx/snippets/acme.conf
owner: root owner: root
@ -57,14 +58,15 @@
mode: 0644 mode: 0644
- name: Register account - name: Register account
command: dehydrated --register --accept-terms ansible.builtin.command:
cmd: dehydrated --register --accept-terms
args: args:
creates: /var/lib/dehydrated/accounts creates: /var/lib/dehydrated/accounts
- tags: [ acme, acme_certs ] - tags: [ acme, acme_certs ]
block: block:
- name: Configure certificates - name: Configure certificates
template: ansible.builtin.template:
src: domains.txt src: domains.txt
dest: /etc/dehydrated/domains.txt dest: /etc/dehydrated/domains.txt
owner: root owner: root
@ -73,7 +75,8 @@
notify: query_certificates notify: query_certificates
- name: Symlink SAN domains - name: Symlink SAN domains
include_tasks: san_domains_loop.yaml ansible.builtin.include_tasks:
file: san_domains_loop.yaml
loop: "{{ acme_san_domains|default([]) }}" loop: "{{ acme_san_domains|default([]) }}"
loop_control: loop_control:
loop_var: domains loop_var: domains

4
roles/acme/tasks/remove_conflicting.yaml
View file

@ -1,12 +1,12 @@
--- ---
- name: Remove certbot from apt - name: Remove certbot from apt
apt: ansible.builtin.apt:
name: [ letsencrypt, certbot ] name: [ letsencrypt, certbot ]
state: absent state: absent
autoremove: yes autoremove: yes
- name: Remove variable directories - name: Remove variable directories
file: ansible.builtin.file:
state: absent state: absent
path: "{{ item }}" path: "{{ item }}"
with_items: with_items:

4
roles/acme/tasks/san_domains_loop.yaml
View file

@ -1,9 +1,9 @@
--- ---
- stat: - ansible.builtin.stat:
path: "/var/lib/dehydrated/certs/{{ domains[0] }}" path: "/var/lib/dehydrated/certs/{{ domains[0] }}"
register: cert_stat register: cert_stat
- file: - ansible.builtin.file:
state: link state: link
path: "/var/lib/dehydrated/certs/{{ item }}" path: "/var/lib/dehydrated/certs/{{ item }}"
src: "/var/lib/dehydrated/certs/{{ domains[0] }}" src: "/var/lib/dehydrated/certs/{{ domains[0] }}"

6
roles/bank-terminal/handlers/main.yaml
View file

@ -1,5 +1,7 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: console_setup - name: console_setup
command: dpkg-reconfigure console-setup --frontend noninteractive ansible.builtin.command:
cmd: dpkg-reconfigure console-setup --frontend noninteractive

21
roles/bank-terminal/tasks/main.yaml
View file

@ -3,7 +3,7 @@
tags: bank_terminal_client tags: bank_terminal_client
block: block:
- name: Add user - name: Add user
user: ansible.builtin.user:
name: bank-terminal name: bank-terminal
home: /home/{{ bank_terminal_user }} home: /home/{{ bank_terminal_user }}
shell: /home/{{ bank_terminal_user }}/login shell: /home/{{ bank_terminal_user }}/login
@ -11,14 +11,15 @@
ssh_key_type: ed25519 ssh_key_type: ed25519
- name: Locate agetty - name: Locate agetty
command: which agetty ansible.builtin.command:
cmd: which agetty
register: agetty_location_cmd register: agetty_location_cmd
- name: Set agetty var - name: Set agetty var
set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}" ansible.builtin.set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}"
- name: Install login script - name: Install login script
template: ansible.builtin.template:
src: login src: login
dest: /home/{{ bank_terminal_user }}/login dest: /home/{{ bank_terminal_user }}/login
owner: bank-terminal owner: bank-terminal
@ -26,7 +27,7 @@
mode: 0755 mode: 0755
- name: Autologin User - name: Autologin User
template: ansible.builtin.template:
src: tty_autologin.conf src: tty_autologin.conf
dest: /etc/systemd/system/getty@tty1.service.d/override.conf dest: /etc/systemd/system/getty@tty1.service.d/override.conf
owner: root owner: root
@ -35,13 +36,13 @@
notify: daemon_reload notify: daemon_reload
- name: Clear MOTD - name: Clear MOTD
copy: ansible.builtin.copy:
content: "" content: ""
dest: /etc/motd dest: /etc/motd
# Set console font so the Revbank QR codes are rendered correctly. # Set console font so the Revbank QR codes are rendered correctly.
- name: Console setup - name: Console setup
lineinfile: ansible.builtin.lineinfile:
path: /etc/default/console-setup path: /etc/default/console-setup
line: '{{ item.k }}="{{ item.v }}"' line: '{{ item.k }}="{{ item.v }}"'
regexp: "^#?{{ item.k }}" regexp: "^#?{{ item.k }}"
@ -54,17 +55,17 @@
notify: console_setup notify: console_setup
- name: Console Setup Management Note - name: Console Setup Management Note
lineinfile: ansible.builtin.lineinfile:
path: /etc/default/console-setup path: /etc/default/console-setup
line: '# Managed by Ansible' line: '# Managed by Ansible'
insertafter: "CONFIGURATION FILE" insertafter: "CONFIGURATION FILE"
- name: Read pubkey - name: Read pubkey
command: /bin/cat /home/{{ bank_terminal_user }}/.ssh/id_ed25519.pub ansible.builtin.command: /bin/cat /home/{{ bank_terminal_user }}/.ssh/id_ed25519.pub
changed_when: no changed_when: no
register: pubkey register: pubkey
- debug: - ansible.builtin.debug:
msg: msg:
- Please ensure that the pubkey below is is authorized on the bank server. - Please ensure that the pubkey below is is authorized on the bank server.
- "{{ pubkey.stdout_lines | join }}" - "{{ pubkey.stdout_lines | join }}"

3
roles/bank/handlers/main.yaml
View file

@ -1,2 +1,3 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml

4
roles/bank/tasks/inflatinator.yaml
View file

@ -1,11 +1,11 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: [ links, python3-pyquery ] name: [ links, python3-pyquery ]
state: present state: present
- name: Clone revbank-inflatinator source - name: Clone revbank-inflatinator source
git: ansible.builtin.git:
repo: https://github.com/bitlair/revbank-inflatinator.git repo: https://github.com/bitlair/revbank-inflatinator.git
version: main version: main
dest: /opt/revbank-inflatinator dest: /opt/revbank-inflatinator

17
roles/bank/tasks/login.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Add user - name: Add user
user: ansible.builtin.user:
name: bank name: bank
password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank" password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank"
home: /home/{{ bank_user }} home: /home/{{ bank_user }}
@ -8,7 +8,7 @@
update_password: always update_password: always
- name: Allow password auth for bank user - name: Allow password auth for bank user
blockinfile: ansible.builtin.blockinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
insertafter: EOF insertafter: EOF
block: |- block: |-
@ -17,12 +17,12 @@
notify: reload sshd notify: reload sshd
- name: Clear motd - name: Clear motd
copy: ansible.builtin.copy:
content: "" content: ""
dest: /etc/motd dest: /etc/motd
- name: Remove autologin - name: Remove autologin
file: ansible.builtin.file:
path: /etc/systemd/system/getty@tty1.service.d/override.conf path: /etc/systemd/system/getty@tty1.service.d/override.conf
state: absent state: absent
notify: daemon reload notify: daemon reload
@ -31,19 +31,20 @@
- when: bank_local_tty - when: bank_local_tty
block: block:
- name: Locate agetty - name: Locate agetty
command: command -v agetty ansible.builtin.command:
cmd: command -v agetty
register: agetty_location_cmd register: agetty_location_cmd
- set_fact: - ansible.builtin.set_fact:
agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}" agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}"
- name: Create getty dir - name: Create getty dir
file: ansible.builtin.file:
path: /etc/systemd/system/getty@tty1.service.d path: /etc/systemd/system/getty@tty1.service.d
state: directory state: directory
- name: Autologin User - name: Autologin User
template: ansible.builtin.template:
src: tty_autologin.conf src: tty_autologin.conf
dest: /etc/systemd/system/getty@tty1.service.d/override.conf dest: /etc/systemd/system/getty@tty1.service.d/override.conf
owner: root owner: root

9
roles/bank/tasks/main.yaml
View file

@ -1,9 +1,12 @@
--- ---
- tags: [ bank, bank_login ] - tags: [ bank, bank_login ]
import_tasks: login.yaml ansible.builtin.import_tasks:
file: login.yaml
- tags: [ bank, bank_revbank ] - tags: [ bank, bank_revbank ]
import_tasks: revbank.yaml ansible.builtin.import_tasks:
file: revbank.yaml
- tags: [ bank, bank_inflatinator ] - tags: [ bank, bank_inflatinator ]
import_tasks: inflatinator.yaml ansible.builtin.import_tasks:
file: inflatinator.yaml

14
roles/bank/tasks/revbank.yaml
View file

@ -1,18 +1,18 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ] name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ]
state: present state: present
- name: Clone revbank source - name: Clone revbank source
git: ansible.builtin.git:
repo: "{{ bank_revbank_git }}" repo: "{{ bank_revbank_git }}"
version: master version: master
dest: /home/{{ bank_user }}/revbank.git dest: /home/{{ bank_user }}/revbank.git
accept_hostkey: yes accept_hostkey: yes
- name: Create data files - name: Create data files
command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }} ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }}
args: args:
creates: /home/{{ bank_user }}/{{ item }} creates: /home/{{ bank_user }}/{{ item }}
with_items: with_items:
@ -21,7 +21,7 @@
- revbank.products - revbank.products
- name: Ensure data file permissions - name: Ensure data file permissions
file: ansible.builtin.file:
path: /home/{{ bank_user }}/{{ item }} path: /home/{{ bank_user }}/{{ item }}
state: touch state: touch
owner: "{{ bank_user }}" owner: "{{ bank_user }}"
@ -33,7 +33,7 @@
- revbank.products - revbank.products
- name: Link plugins - name: Link plugins
file: ansible.builtin.file:
state: link state: link
path: /home/{{ bank_user }}/{{ item }} path: /home/{{ bank_user }}/{{ item }}
src: /home/{{ bank_user }}/revbank.git/{{ item }} src: /home/{{ bank_user }}/revbank.git/{{ item }}
@ -42,11 +42,11 @@
- revbank.plugins - revbank.plugins
- name: Create git data dir - name: Create git data dir
file: ansible.builtin.file:
path: /home/{{ bank_user }}/data.git path: /home/{{ bank_user }}/data.git
state: directory state: directory
- name: Install git cronjob - name: Install git cronjob
template: ansible.builtin.template:
src: git.cron src: git.cron
dest: /etc/cron.d/revbank-git dest: /etc/cron.d/revbank-git

2
roles/common-bitlair/tasks/main.yaml
View file

@ -1,7 +1,7 @@
--- ---
- name: Update authorized_keys - name: Update authorized_keys
tags: authorized_keys tags: authorized_keys
template: ansible.builtin.template:
src: authorized_keys.j2 src: authorized_keys.j2
dest: /root/.ssh/authorized_keys dest: /root/.ssh/authorized_keys
mode: 0600 mode: 0600

15
roles/common/handlers/main.yaml
View file

@ -1,30 +1,31 @@
--- ---
- name: update grub - name: update grub
command: update-grub ansible.builtin.command:
cmd: update-grub
- name: reboot - name: reboot
reboot: ansible.builtin.reboot:
- name: apt update - name: apt update
apt: ansible.builtin.apt:
update_cache: true update_cache: true
- name: daemon reload - name: daemon reload
systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
- name: reload sshd - name: reload sshd
systemd: ansible.builtin.systemd:
name: ssh name: ssh
state: reloaded state: reloaded
- name: reload nginx - name: reload nginx
systemd: ansible.builtin.systemd:
name: nginx name: nginx
state: reloaded state: reloaded
- name: persist iptables - name: persist iptables
shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}" ansible.builtin.shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}"
with_items: with_items:
- { c: iptables, ip: v4 } - { c: iptables, ip: v4 }
- { c: ip6tables, ip: v6 } - { c: ip6tables, ip: v6 }

2
roles/common/tasks/apt-minimal.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Configure auto-upgrades - name: Configure auto-upgrades
template: ansible.builtin.template:
src: apt-minimal src: apt-minimal
dest: /etc/apt/apt.conf.d/20minimal dest: /etc/apt/apt.conf.d/20minimal
owner: root owner: root

4
roles/common/tasks/debian-backports.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Install backports source list - name: Install backports source list
template: ansible.builtin.template:
src: backports-source.list src: backports-source.list
dest: /etc/apt/sources.list.d/backports.list dest: /etc/apt/sources.list.d/backports.list
owner: root owner: root
@ -8,4 +8,4 @@
mode: 0644 mode: 0644
notify: apt update notify: apt update
- meta: flush_handlers - ansible.builtin.meta: flush_handlers

12
roles/common/tasks/debian-upgrade.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Install source list - name: Install source list
template: ansible.builtin.template:
src: stable-sources.list src: stable-sources.list
dest: /etc/apt/sources.list dest: /etc/apt/sources.list
owner: root owner: root
@ -8,21 +8,21 @@
mode: 0644 mode: 0644
- name: Remove backports - name: Remove backports
file: ansible.builtin.file:
path: /etc/apt/sources.list.d/backports.list path: /etc/apt/sources.list.d/backports.list
state: absent state: absent
- name: update - name: update
apt: ansible.builtin.apt:
update_cache: yes update_cache: yes
- name: full-upgrade - name: full-upgrade
apt: ansible.builtin.apt:
upgrade: full upgrade: full
- name: Reboot - name: Reboot
reboot: ansible.builtin.reboot:
- name: autoremove - name: autoremove
apt: ansible.builtin.apt:
autoremove: yes autoremove: yes

47
roles/common/tasks/main.yaml
View file

@ -1,35 +1,42 @@
--- ---
- tags: [ debian-upgrade, never ] - tags: [ debian-upgrade, never ]
import_tasks: debian-upgrade.yaml ansible.builtin.import_tasks:
file: debian-upgrade.yaml
when: ansible_facts['distribution_release'] != "bookworm" when: ansible_facts['distribution_release'] != "bookworm"
- tags: debian_backports - tags: debian_backports
import_tasks: debian-backports.yaml ansible.builtin.import_tasks:
file: debian-backports.yaml
- tags: unattended_updates - tags: unattended_updates
import_tasks: unattended-updates.yaml ansible.builtin.import_tasks:
file: unattended-updates.yaml
- tags: apt-minimal - tags: apt-minimal
import_tasks: apt-minimal.yaml ansible.builtin.import_tasks:
file: apt-minimal.yaml
- tags: network - tags: network
import_tasks: network.yaml ansible.builtin.import_tasks:
file: network.yaml
- tags: node-exporter - tags: node-exporter
import_tasks: node-exporter.yaml ansible.builtin.import_tasks:
file: node-exporter.yaml
- tags: vm - tags: vm
import_tasks: node-exporter.yaml ansible.builtin.import_tasks:
file: node-exporter.yaml
when: is_vm when: is_vm
- name: Remove Vim - name: Remove Vim
apt: ansible.builtin.apt:
name: vim name: vim
state: absent state: absent
autoremove: true autoremove: true
- name: Install utilities - name: Install utilities
apt: ansible.builtin.apt:
name: name:
- curl - curl
- fzf - fzf
@ -46,38 +53,38 @@
- neovim - neovim
- name: Remove netcat-traditional - name: Remove netcat-traditional
apt: ansible.builtin.apt:
name: netcat-traditional name: netcat-traditional
- name: Configure FZF for Bash - name: Configure FZF for Bash
lineinfile: ansible.builtin.lineinfile:
path: /etc/bash.bashrc path: /etc/bash.bashrc
insertafter: EOF insertafter: EOF
regexp: "^source /usr/share/doc/fzf/examples/key-bindings.bash" regexp: "^source /usr/share/doc/fzf/examples/key-bindings.bash"
line: "source /usr/share/doc/fzf/examples/key-bindings.bash # Managed by Ansible" line: "source /usr/share/doc/fzf/examples/key-bindings.bash # Managed by Ansible"
- name: Configure FZF for Bash (Bookworm) - name: Configure FZF for Bash (Bookworm)
lineinfile: ansible.builtin.lineinfile:
path: /etc/bash.bashrc path: /etc/bash.bashrc
insertafter: EOF insertafter: EOF
regexp: "^source /usr/share/doc/fzf/examples/completion.bash" regexp: "^source /usr/share/doc/fzf/examples/completion.bash"
state: absent state: absent
- name: Shorten Grub timeout - name: Shorten Grub timeout
lineinfile: ansible.builtin.lineinfile:
path: /etc/default/grub path: /etc/default/grub
regexp: '^GRUB_TIMEOUT=' regexp: '^GRUB_TIMEOUT='
line: "GRUB_TIMEOUT=1 # Managed by Ansible" line: "GRUB_TIMEOUT=1 # Managed by Ansible"
notify: update grub notify: update grub
- name: Configure cron email - name: Configure cron email
lineinfile: ansible.builtin.lineinfile:
path: /etc/crontab path: /etc/crontab
insertafter: '^PATH' insertafter: '^PATH'
line: 'MAILTO={{ notify_email }}' line: 'MAILTO={{ notify_email }}'
- name: Configure SSH - name: Configure SSH
lineinfile: ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: "{{ item.regexp }}" regexp: "{{ item.regexp }}"
line: "{{ item.line }}" line: "{{ item.line }}"
@ -91,7 +98,7 @@
notify: reload sshd notify: reload sshd
- name: Allow SSH - name: Allow SSH
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
protocol: tcp protocol: tcp
destination_port: "{{ ssh_port }}" destination_port: "{{ ssh_port }}"
@ -104,7 +111,7 @@
notify: persist iptables notify: persist iptables
- name: Allow ICMP - name: Allow ICMP
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
protocol: "{{ item.proto }}" protocol: "{{ item.proto }}"
jump: ACCEPT jump: ACCEPT
@ -115,7 +122,7 @@
notify: persist iptables notify: persist iptables
- name: Allow related and established connections - name: Allow related and established connections
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
ctstate: ESTABLISHED,RELATED ctstate: ESTABLISHED,RELATED
jump: ACCEPT jump: ACCEPT
@ -126,7 +133,7 @@
notify: persist iptables notify: persist iptables
- name: Allow local connections - name: Allow local connections
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
source: "{{ item.cidr }}" source: "{{ item.cidr }}"
jump: ACCEPT jump: ACCEPT
@ -135,7 +142,7 @@
notify: persist iptables notify: persist iptables
- name: Deny inbound connections - name: Deny inbound connections
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
policy: DROP policy: DROP
ip_version: "{{ item }}" ip_version: "{{ item }}"

10
roles/common/tasks/network.yaml
View file

@ -1,12 +1,12 @@
--- ---
- name: Install bridge-utils - name: Install bridge-utils
apt: ansible.builtin.apt:
name: bridge-utils name: bridge-utils
state: present state: present
when: network_br when: network_br
- name: Configure sysctl.conf - name: Configure sysctl.conf
lineinfile: ansible.builtin.lineinfile:
path: /etc/sysctl.conf path: /etc/sysctl.conf
regexp: "^#?{{ item.k }}" regexp: "^#?{{ item.k }}"
line: "{{ item.k }}={{ item.v }} # Managed by Ansible" line: "{{ item.k }}={{ item.v }} # Managed by Ansible"
@ -17,7 +17,7 @@
when: network_br when: network_br
- name: Make network interfaces really predictable - name: Make network interfaces really predictable
lineinfile: ansible.builtin.lineinfile:
path: /etc/default/grub path: /etc/default/grub
regexp: ^GRUB_CMDLINE_LINUX regexp: ^GRUB_CMDLINE_LINUX
line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible' line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible'
@ -27,7 +27,7 @@
when: network_br or network_dhcp or network_static when: network_br or network_dhcp or network_static
- name: Configure network interfaces - name: Configure network interfaces
template: ansible.builtin.template:
src: network-interfaces src: network-interfaces
dest: /etc/network/interfaces dest: /etc/network/interfaces
owner: root owner: root
@ -36,4 +36,4 @@
notify: reboot notify: reboot
when: network_br or network_dhcp or network_static when: network_br or network_dhcp or network_static
- meta: flush_handlers - ansible.builtin.meta: flush_handlers

4
roles/common/tasks/node-exporter.yaml
View file

@ -1,12 +1,12 @@
--- ---
- name: Install node-exporter - name: Install node-exporter
apt: ansible.builtin.apt:
name: prometheus-node-exporter name: prometheus-node-exporter
state: present state: present
when: node_exporter when: node_exporter
- name: Remove node-exporter - name: Remove node-exporter
apt: ansible.builtin.apt:
name: prometheus-node-exporter name: prometheus-node-exporter
state: absent state: absent
autoremove: yes autoremove: yes

6
roles/common/tasks/unattended-updates.yaml
View file

@ -1,13 +1,13 @@
--- ---
- name: Install unattended-upgrades - name: Install unattended-upgrades
apt: ansible.builtin.apt:
name: name:
- unattended-upgrades - unattended-upgrades
- apt-listchanges - apt-listchanges
state: present state: present
- name: Configure auto-upgrades - name: Configure auto-upgrades
template: ansible.builtin.template:
src: auto-upgrades src: auto-upgrades
dest: /etc/apt/apt.conf.d/20auto-upgrades dest: /etc/apt/apt.conf.d/20auto-upgrades
owner: root owner: root
@ -15,7 +15,7 @@
mode: 0644 mode: 0644
- name: Configure unattended-upgrades - name: Configure unattended-upgrades
template: ansible.builtin.template:
src: unattended-upgrades src: unattended-upgrades
dest: /etc/apt/apt.conf.d/50unattended-upgrades dest: /etc/apt/apt.conf.d/50unattended-upgrades
owner: root owner: root

6
roles/common/tasks/vm.yaml
View file

@ -1,10 +1,10 @@
--- ---
- name: Install guest agent - name: Install guest agent
apt: ansible.builtin.apt:
name: qemu-guest-agent name: qemu-guest-agent
- name: Serial Console - name: Serial Console
lineinfile: ansible.builtin.lineinfile:
path: /etc/default/grub path: /etc/default/grub
regexp: ^GRUB_CMDLINE_LINUX_DEFAULT regexp: ^GRUB_CMDLINE_LINUX_DEFAULT
line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"' line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"'
@ -12,4 +12,4 @@
- update grub - update grub
- reboot - reboot
- meta: flush_handlers - ansible.builtin.meta: flush_handlers

5
roles/etherpad/handlers/main.yaml
View file

@ -1,8 +1,9 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart etherpad - name: restart etherpad
systemd: ansible.builtin.systemd:
name: etherpad name: etherpad
state: restarted state: restarted
daemon_reload: true daemon_reload: true

39
roles/etherpad/tasks/main.yaml
View file

@ -1,20 +1,23 @@
--- ---
- tags: etherpad - tags: etherpad
block: block:
- import_tasks: ../../../snippets/common-nginx.yaml - ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ] name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ]
- name: Import nodesource signing key - name: Import nodesource signing key
shell: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg ansible.builtin.shell:
cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
-o /usr/share/keyrings/nodesource.gpg
args: args:
creates: /usr/share/keyrings/nodesource.gpg creates: /usr/share/keyrings/nodesource.gpg
notify: apt update notify: apt update
- name: Install nodesource source list - name: Install nodesource source list
template: ansible.builtin.template:
src: nodesource.list src: nodesource.list
dest: /etc/apt/sources.list.d/nodesource.list dest: /etc/apt/sources.list.d/nodesource.list
owner: root owner: root
@ -23,7 +26,7 @@
notify: apt update notify: apt update
- name: Install nodejs apt preference - name: Install nodejs apt preference
template: ansible.builtin.template:
src: nodejs-apt-pref src: nodejs-apt-pref
dest: /etc/apt/preferences.d/nodejs dest: /etc/apt/preferences.d/nodejs
owner: root owner: root
@ -31,10 +34,10 @@
mode: 0644 mode: 0644
notify: apt update notify: apt update
- meta: flush_handlers - ansible.builtin.meta: flush_handlers
- name: Install nodejs - name: Install nodejs
apt: ansible.builtin.apt:
name: nodejs name: nodejs
- name: Add database user - name: Add database user
@ -42,7 +45,7 @@
become_method: su become_method: su
become_user: postgres become_user: postgres
no_log: yes no_log: yes
postgresql_user: community.postgresql.postgresql_user:
name: etherpad name: etherpad
password: "{{ etherpad_db_password }}" password: "{{ etherpad_db_password }}"
@ -50,17 +53,17 @@
become: true become: true
become_method: su become_method: su
become_user: postgres become_user: postgres
postgresql_db: community.postgresql.postgresql_db:
name: "{{ etherpad_db_name }}" name: "{{ etherpad_db_name }}"
owner: "{{ etherpad_db_user }}" owner: "{{ etherpad_db_user }}"
- name: Add etherpad user - name: Add etherpad user
user: ansible.builtin.user:
name: etherpad name: etherpad
home: /var/lib/etherpad home: /var/lib/etherpad
- name: Create log file - name: Create log file
file: ansible.builtin.file:
path: /var/log/etherpad.log path: /var/log/etherpad.log
state: touch state: touch
owner: etherpad owner: etherpad
@ -68,7 +71,7 @@
mode: 0644 mode: 0644
- name: Create source directory - name: Create source directory
file: ansible.builtin.file:
path: /opt/etherpad path: /opt/etherpad
state: directory state: directory
owner: etherpad owner: etherpad
@ -79,7 +82,7 @@
become: yes become: yes
become_method: su become_method: su
become_user: etherpad become_user: etherpad
git: ansible.builtin.git:
repo: https://github.com/ether/etherpad-lite.git repo: https://github.com/ether/etherpad-lite.git
version: master version: master
dest: /opt/etherpad dest: /opt/etherpad
@ -87,7 +90,7 @@
notify: restart etherpad notify: restart etherpad
- name: Install etherpad config - name: Install etherpad config
template: ansible.builtin.template:
src: settings.json src: settings.json
dest: /opt/etherpad/settings.json dest: /opt/etherpad/settings.json
owner: root owner: root
@ -96,7 +99,7 @@
notify: restart etherpad notify: restart etherpad
- name: Install etherpad service - name: Install etherpad service
template: ansible.builtin.template:
src: etherpad.service src: etherpad.service
dest: /etc/systemd/system/etherpad.service dest: /etc/systemd/system/etherpad.service
owner: root owner: root
@ -105,14 +108,14 @@
notify: restart etherpad notify: restart etherpad
- name: Start etherpad - name: Start etherpad
systemd: ansible.builtin.systemd:
daemon_reload: true daemon_reload: true
name: etherpad name: etherpad
state: started state: started
enabled: yes enabled: yes
- name: Install nginx config - name: Install nginx config
template: ansible.builtin.template:
src: nginx-site.conf src: nginx-site.conf
dest: /etc/nginx/sites-enabled/etherpad dest: /etc/nginx/sites-enabled/etherpad
owner: root owner: root
@ -121,7 +124,7 @@
notify: reload nginx notify: reload nginx
- name: Allow HTTP and HTTPS - name: Allow HTTP and HTTPS
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
protocol: tcp protocol: tcp
destination_port: "{{ item.port }}" destination_port: "{{ item.port }}"

3
roles/etherpad/tasks/requirements.yml Normal file
View file

@ -0,0 +1,3 @@
collections:
- name: community.postgresql
version: 2.3.2

5
roles/git-ci/handlers/main.yaml
View file

@ -1,7 +1,8 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart forgejo-runner - name: restart forgejo-runner
systemd: ansible.builtin.systemd:
name: forgejo-runner name: forgejo-runner
state: restarted state: restarted

16
roles/git-ci/tasks/main.yaml
View file

@ -2,18 +2,18 @@
- tags: forgejo_runner - tags: forgejo_runner
block: block:
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: docker.io name: docker.io
- name: Download forgejo-runner - name: Download forgejo-runner
get_url: ansible.builtin.get_url:
url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64" url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
dest: /usr/local/bin/forgejo-runner dest: /usr/local/bin/forgejo-runner
mode: 0755 mode: 0755
notify: restart forgejo-runner notify: restart forgejo-runner
- name: Create runner dir - name: Create runner dir
file: ansible.builtin.file:
state: directory state: directory
path: "{{ runner_wd }}" path: "{{ runner_wd }}"
owner: root owner: root
@ -21,13 +21,13 @@
mode: 0755 mode: 0755
- name: Register runner - name: Register runner
command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
args: args:
chdir: "{{ runner_wd }}" chdir: "{{ runner_wd }}"
creates: "{{ runner_wd }}/.runner" creates: "{{ runner_wd }}/.runner"
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: forgejo-runner.service src: forgejo-runner.service
dest: /etc/systemd/system/forgejo-runner.service dest: /etc/systemd/system/forgejo-runner.service
owner: root owner: root
@ -36,15 +36,15 @@
notify: restart forgejo-runner notify: restart forgejo-runner
- name: Enable service - name: Enable service
systemd: ansible.builtin.systemd:
name: forgejo-runner name: forgejo-runner
enabled: yes enabled: yes
daemon_reload: true daemon_reload: true
- name: Start service - name: Start service
systemd: ansible.builtin.systemd:
name: forgejo-runner name: forgejo-runner
state: started state: started
daemon_reload: true daemon_reload: true
- meta: flush_handlers - ansible.builtin.meta: flush_handlers

5
roles/git-server/handlers/main.yaml
View file

@ -1,7 +1,8 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: reload forgejo - name: reload forgejo
systemd: ansible.builtin.systemd:
name: forgejo name: forgejo
state: reloaded state: reloaded

29
roles/git-server/tasks/main.yaml
View file

@ -1,15 +1,16 @@
--- ---
- import_tasks: ../../../snippets/common-nginx.yaml - ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: name:
- git - git
- xq - xq
state: present state: present
- name: Install nginx site - name: Install nginx site
template: ansible.builtin.template:
src: nginx-site.conf src: nginx-site.conf
dest: /etc/nginx/sites-available/forgejo dest: /etc/nginx/sites-available/forgejo
owner: root owner: root
@ -18,21 +19,21 @@
notify: reload nginx notify: reload nginx
- name: Enable nginx site - name: Enable nginx site
file: ansible.builtin.file:
src: /etc/nginx/sites-available/forgejo src: /etc/nginx/sites-available/forgejo
dest: /etc/nginx/sites-enabled/forgejo dest: /etc/nginx/sites-enabled/forgejo
state: link state: link
notify: reload nginx notify: reload nginx
- name: Create user - name: Create user
user: ansible.builtin.user:
name: "{{ git_server_user }}" name: "{{ git_server_user }}"
home: "{{ git_server_working_dir }}" home: "{{ git_server_working_dir }}"
shell: /bin/bash shell: /bin/bash
comment: Git server comment: Git server
- name: Create logging dir - name: Create logging dir
file: ansible.builtin.file:
state: directory state: directory
path: /var/log/forgejo path: /var/log/forgejo
owner: "{{ git_server_user }}" owner: "{{ git_server_user }}"
@ -43,7 +44,7 @@
# TODO: Install initial config # TODO: Install initial config
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: forgejo.service src: forgejo.service
dest: /etc/systemd/system/forgejo.service dest: /etc/systemd/system/forgejo.service
owner: root owner: root
@ -52,7 +53,7 @@
notify: reload forgejo notify: reload forgejo
- name: Install update script - name: Install update script
template: ansible.builtin.template:
src: update.sh src: update.sh
dest: "{{ git_server_working_dir }}/update.sh" dest: "{{ git_server_working_dir }}/update.sh"
owner: "{{ git_server_user }}" owner: "{{ git_server_user }}"
@ -60,30 +61,30 @@
mode: 0755 mode: 0755
- name: Perform initial update - name: Perform initial update
command: "{{ git_server_working_dir }}/update.sh" ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"
args: args:
creates: "{{ git_server_working_dir }}/forgejo" creates: "{{ git_server_working_dir }}/forgejo"
notify: reload forgejo notify: reload forgejo
- name: Enable service - name: Enable service
systemd: ansible.builtin.systemd:
name: forgejo name: forgejo
enabled: yes enabled: yes
daemon_reload: true daemon_reload: true
- name: Start service - name: Start service
systemd: ansible.builtin.systemd:
name: forgejo name: forgejo
state: started state: started
daemon_reload: true daemon_reload: true
- name: Install cronjob - name: Install cronjob
template: ansible.builtin.template:
src: cronjob src: cronjob
dest: /etc/cron.d/forgejo dest: /etc/cron.d/forgejo
- name: Allow Git SSH, HTTP and HTTPS - name: Allow Git SSH, HTTP and HTTPS
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
protocol: tcp protocol: tcp
destination_port: "{{ item.port }}" destination_port: "{{ item.port }}"
@ -100,5 +101,5 @@
- { ip: ipv6, port: 443 } - { ip: ipv6, port: 443 }
notify: persist iptables notify: persist iptables
- debug: - ansible.builtin.debug:
msg: If Forgejo has not been setup yet, please do so manually. msg: If Forgejo has not been setup yet, please do so manually.

6
roles/go/tasks/main.yaml
View file

@ -3,18 +3,18 @@
tags: go,go_install tags: go,go_install
block: block:
- name: Remove Debian Go package - name: Remove Debian Go package
apt: ansible.builtin.apt:
name: golang name: golang
autoremove: yes autoremove: yes
state: absent state: absent
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: curl name: curl
state: present state: present
- name: Fetch Go latest version - name: Fetch Go latest version
shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//" ansible.builtin.shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//"
changed_when: false changed_when: false
register: go_latest_version_shell register: go_latest_version_shell

9
roles/monitoring/handlers/main.yaml
View file

@ -1,17 +1,18 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart mqtt_exporter - name: restart mqtt_exporter
systemd: ansible.builtin.systemd:
name: mqtt_exporter name: mqtt_exporter
state: restarted state: restarted
- name: restart prometheus - name: restart prometheus
systemd: ansible.builtin.systemd:
name: prometheus name: prometheus
state: restarted state: restarted
- name: restart grafana - name: restart grafana
systemd: ansible.builtin.systemd:
name: grafana-server name: grafana-server
state: restarted state: restarted

2
roles/monitoring/tasks/blackbox.yaml
View file

@ -1,4 +1,4 @@
--- ---
- name: Install blackbox exporter - name: Install blackbox exporter
apt: ansible.builtin.apt:
name: prometheus-blackbox-exporter name: prometheus-blackbox-exporter

12
roles/monitoring/tasks/grafana.yaml
View file

@ -1,24 +1,24 @@
--- ---
- name: Add key - name: Add key
get_url: ansible.builtin.get_url:
url: https://apt.grafana.com/gpg.key url: https://apt.grafana.com/gpg.key
dest: /etc/apt/keyrings/grafana.asc dest: /etc/apt/keyrings/grafana.asc
notify: apt update notify: apt update
- name: Grafana source - name: Grafana source
copy: ansible.builtin.copy:
dest: /etc/apt/sources.list.d/grafana.list dest: /etc/apt/sources.list.d/grafana.list
content: "deb [signed-by=/etc/apt/keyrings/grafana.asc] https://apt.grafana.com stable main" content: "deb [signed-by=/etc/apt/keyrings/grafana.asc] https://apt.grafana.com stable main"
notify: apt update notify: apt update
- meta: flush_handlers - ansible.builtin.meta: flush_handlers
- name: Install Grafana - name: Install Grafana
apt: ansible.builtin.apt:
name: grafana name: grafana
- name: Configure grafana - name: Configure grafana
template: ansible.builtin.template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: root owner: root
@ -30,7 +30,7 @@
- { src: grafana-ldap.toml, dest: /etc/grafana/ldap.toml } - { src: grafana-ldap.toml, dest: /etc/grafana/ldap.toml }
- name: Configure grafana data source - name: Configure grafana data source
template: ansible.builtin.template:
src: grafana-data-source.yml src: grafana-data-source.yml
dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml" dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml"
owner: root owner: root

23
roles/monitoring/tasks/main.yaml
View file

@ -2,10 +2,11 @@
- name: monitoring - name: monitoring
tags: monitoring tags: monitoring
block: block:
- import_tasks: ../../../snippets/common-nginx.yaml - ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install nginx site - name: Install nginx site
template: ansible.builtin.template:
src: nginx-site.conf src: nginx-site.conf
dest: /etc/nginx/sites-available/monitoring dest: /etc/nginx/sites-available/monitoring
owner: root owner: root
@ -14,20 +15,20 @@
notify: reload nginx notify: reload nginx
- name: Enable nginx site - name: Enable nginx site
file: ansible.builtin.file:
src: /etc/nginx/sites-available/monitoring src: /etc/nginx/sites-available/monitoring
dest: /etc/nginx/sites-enabled/monitoring dest: /etc/nginx/sites-enabled/monitoring
state: link state: link
notify: reload nginx notify: reload nginx
- name: Start nginx - name: Start nginx
systemd: ansible.builtin.systemd:
name: nginx name: nginx
state: started state: started
enabled: yes enabled: yes
- name: Allow HTTP/HTTPS - name: Allow HTTP/HTTPS
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
protocol: tcp protocol: tcp
destination_port: "{{ item.port }}" destination_port: "{{ item.port }}"
@ -42,16 +43,20 @@
- name: mqtt_exporter - name: mqtt_exporter
tags: mqtt_exporter tags: mqtt_exporter
import_tasks: mqtt_exporter.yaml ansible.builtin.import_tasks:
file: mqtt_exporter.yaml
- name: blackbox - name: blackbox
tags: blackbox tags: blackbox
import_tasks: blackbox.yaml ansible.builtin.import_tasks:
file: blackbox.yaml
- name: prometheus - name: prometheus
tags: prometheus tags: prometheus
import_tasks: prometheus.yaml ansible.builtin.import_tasks:
file: prometheus.yaml
- name: grafana - name: grafana
tags: grafana tags: grafana
import_tasks: grafana.yaml ansible.builtin.import_tasks:
file: grafana.yaml

12
roles/monitoring/tasks/mqtt_exporter.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Clone source - name: Clone source
git: ansible.builtin.git:
repo: https://github.com/polyfloyd/mqtt-exporter.git repo: https://github.com/polyfloyd/mqtt-exporter.git
version: main version: main
dest: /opt/mqtt_exporter dest: /opt/mqtt_exporter
@ -8,7 +8,7 @@
notify: restart mqtt_exporter notify: restart mqtt_exporter
- name: Install apt dependencies - name: Install apt dependencies
apt: ansible.builtin.apt:
name: name:
- python3-paho-mqtt - python3-paho-mqtt
- python3-prometheus-client - python3-prometheus-client
@ -16,7 +16,7 @@
state: present state: present
- name: Install service - name: Install service
template: ansible.builtin.template:
src: mqtt_exporter.service src: mqtt_exporter.service
dest: /etc/systemd/system/mqtt_exporter.service dest: /etc/systemd/system/mqtt_exporter.service
owner: root owner: root
@ -27,7 +27,7 @@
- restart mqtt_exporter - restart mqtt_exporter
- name: Install config file - name: Install config file
template: ansible.builtin.template:
src: mqtt_exporter_config.yaml src: mqtt_exporter_config.yaml
dest: /etc/mqtt_exporter.yaml dest: /etc/mqtt_exporter.yaml
owner: root owner: root
@ -37,10 +37,10 @@
- daemon reload - daemon reload
- restart mqtt_exporter - restart mqtt_exporter
- meta: flush_handlers - ansible.builtin.meta: flush_handlers
- name: Start service - name: Start service
systemd: ansible.builtin.systemd:
name: mqtt_exporter name: mqtt_exporter
state: started state: started
enabled: true enabled: true

6
roles/monitoring/tasks/prometheus.yaml
View file

@ -1,10 +1,10 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: prometheus name: prometheus
- name: Configure Prometheus - name: Configure Prometheus
template: ansible.builtin.template:
src: prometheus.yml src: prometheus.yml
dest: "{{ prometheus_config_dir }}/prometheus.yml" dest: "{{ prometheus_config_dir }}/prometheus.yml"
owner: root owner: root
@ -13,7 +13,7 @@
notify: restart prometheus notify: restart prometheus
- name: Configure Prometheus args - name: Configure Prometheus args
lineinfile: ansible.builtin.lineinfile:
path: /etc/default/prometheus path: /etc/default/prometheus
line: >- line: >-
ARGS=" ARGS="

5
roles/mqtt-internal/handlers/main.yaml
View file

@ -1,7 +1,8 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart mosquitto - name: restart mosquitto
systemd: ansible.builtin.systemd:
name: mosquitto name: mosquitto
state: restarted state: restarted

6
roles/mqtt-internal/tasks/main.yaml
View file

@ -3,13 +3,13 @@
tags: mqtt_internal tags: mqtt_internal
block: block:
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: name:
- mosquitto - mosquitto
- avahi-daemon - avahi-daemon
- name: Configure Mosquitto - name: Configure Mosquitto
template: ansible.builtin.template:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/mosquitto/conf.d/{{ item }}" dest: "/etc/mosquitto/conf.d/{{ item }}"
owner: root owner: root
@ -21,7 +21,7 @@
- public-bridge.conf - public-bridge.conf
- name: Start mosquitto - name: Start mosquitto
systemd: ansible.builtin.systemd:
name: mosquitto name: mosquitto
state: started state: started
enabled: yes enabled: yes

16
roles/music/handlers/main.yaml
View file

@ -1,37 +1,39 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart trollibox - name: restart trollibox
systemd: ansible.builtin.systemd:
name: trollibox name: trollibox
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: rebuild librespot - name: rebuild librespot
command: /root/.cargo/bin/cargo build --release --features jackaudio-backend ansible.builtin.command:
cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend
args: args:
chdir: /opt/librespot chdir: /opt/librespot
- name: restart librespot - name: restart librespot
systemd: ansible.builtin.systemd:
name: librespot name: librespot
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart soundboard - name: restart soundboard
systemd: ansible.builtin.systemd:
name: soundboard name: soundboard
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart mpd-volume-to-mqtt - name: restart mpd-volume-to-mqtt
systemd: ansible.builtin.systemd:
name: mpd-volume-to-mqtt name: mpd-volume-to-mqtt
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart skipbutton - name: restart skipbutton
systemd: ansible.builtin.systemd:
name: skipbutton name: skipbutton
state: restarted state: restarted
daemon_reload: true daemon_reload: true

8
roles/music/tasks/librespot.yaml
View file

@ -1,11 +1,11 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: libjack-jackd2-dev name: libjack-jackd2-dev
state: present state: present
- name: Clone librespot source - name: Clone librespot source
git: ansible.builtin.git:
repo: https://github.com/librespot-org/librespot.git repo: https://github.com/librespot-org/librespot.git
version: dev version: dev
dest: /opt/librespot dest: /opt/librespot
@ -15,7 +15,7 @@
- restart librespot - restart librespot
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: librespot.service src: librespot.service
dest: /etc/systemd/system/librespot.service dest: /etc/systemd/system/librespot.service
owner: root owner: root
@ -24,7 +24,7 @@
notify: restart librespot notify: restart librespot
- name: Enable Librespot - name: Enable Librespot
systemd: ansible.builtin.systemd:
name: librespot name: librespot
state: started state: started
enabled: true enabled: true

17
roles/music/tasks/main.yaml
View file

@ -1,22 +1,27 @@
--- ---
- tags: music_mpd - tags: music_mpd
import_tasks: mpd.yaml ansible.builtin.import_tasks:
file: mpd.yaml
- tags: music_trollibox - tags: music_trollibox
import_tasks: trollibox.yaml ansible.builtin.import_tasks:
file: trollibox.yaml
- tags: music_librespot - tags: music_librespot
import_tasks: librespot.yaml ansible.builtin.import_tasks:
file: librespot.yaml
- tags: music_soundboard - tags: music_soundboard
import_tasks: soundboard.yaml ansible.builtin.import_tasks:
file: soundboard.yaml
- tags: music - tags: music
block: block:
- import_tasks: ../../../snippets/common-nginx.yaml - ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install nginx config - name: Install nginx config
template: ansible.builtin.template:
src: nginx-site.conf src: nginx-site.conf
dest: /etc/nginx/sites-enabled/trollibox dest: /etc/nginx/sites-enabled/trollibox
owner: root owner: root

14
roles/music/tasks/mpd.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Install MPD - name: Install MPD
apt: ansible.builtin.apt:
name: name:
- jackd - jackd
- mpd - mpd
@ -9,7 +9,7 @@
state: present state: present
- name: Install mpd-volume-to-mqtt script - name: Install mpd-volume-to-mqtt script
template: ansible.builtin.template:
src: mpd-volume-to-mqtt.sh src: mpd-volume-to-mqtt.sh
dest: /opt/mpd-volume-to-mqtt.sh dest: /opt/mpd-volume-to-mqtt.sh
owner: root owner: root
@ -18,7 +18,7 @@
notify: restart mpd-volume-to-mqtt notify: restart mpd-volume-to-mqtt
- name: Install mpd-volume-to-mqtt service - name: Install mpd-volume-to-mqtt service
template: ansible.builtin.template:
src: mpd-volume-to-mqtt.service src: mpd-volume-to-mqtt.service
dest: /etc/systemd/system/mpd-volume-to-mqtt.service dest: /etc/systemd/system/mpd-volume-to-mqtt.service
owner: root owner: root
@ -27,14 +27,14 @@
notify: restart mpd-volume-to-mqtt notify: restart mpd-volume-to-mqtt
- name: Enable mpd-volume-to-mqtt - name: Enable mpd-volume-to-mqtt
systemd: ansible.builtin.systemd:
name: mpd-volume-to-mqtt name: mpd-volume-to-mqtt
state: started state: started
enabled: true enabled: true
daemon_reload: true daemon_reload: true
- name: Clone skipbutton source - name: Clone skipbutton source
git: ansible.builtin.git:
repo: https://github.com/bitlair/skipbutton.git repo: https://github.com/bitlair/skipbutton.git
version: master version: master
dest: /opt/skipbutton dest: /opt/skipbutton
@ -42,7 +42,7 @@
notify: restart skipbutton notify: restart skipbutton
- name: Install skipbutton service - name: Install skipbutton service
template: ansible.builtin.template:
src: skipbutton.service src: skipbutton.service
dest: /etc/systemd/system/skipbutton.service dest: /etc/systemd/system/skipbutton.service
owner: root owner: root
@ -51,7 +51,7 @@
notify: restart skipbutton notify: restart skipbutton
- name: Enable skipbutton - name: Enable skipbutton
systemd: ansible.builtin.systemd:
name: skipbutton name: skipbutton
state: started state: started
enabled: true enabled: true

16
roles/music/tasks/soundboard.yaml
View file

@ -1,11 +1,11 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: virtualenv name: virtualenv
state: present state: present
- name: Clone soundboard source - name: Clone soundboard source
git: ansible.builtin.git:
repo: https://github.com/polyfloyd/mqtt-soundboard.git repo: https://github.com/polyfloyd/mqtt-soundboard.git
version: main version: main
dest: /opt/soundboard dest: /opt/soundboard
@ -13,17 +13,19 @@
notify: restart soundboard notify: restart soundboard
- name: Create virtualenv - name: Create virtualenv
command: virtualenv /opt/soundboard/.venv ansible.builtin.command:
cmd: virtualenv /opt/soundboard/.venv
args: args:
creates: /opt/soundboard/.venv creates: /opt/soundboard/.venv
- name: Install Python dependencies - name: Install Python dependencies
shell: . .venv/bin/activate && pip install -r requirements.txt ansible.builtin.shell:
cmd: . .venv/bin/activate && pip install -r requirements.txt
args: args:
chdir: /opt/soundboard chdir: /opt/soundboard
- name: Install soundboard config file - name: Install soundboard config file
template: ansible.builtin.template:
src: soundboard.yaml src: soundboard.yaml
dest: /etc/soundboard.yaml dest: /etc/soundboard.yaml
owner: root owner: root
@ -32,7 +34,7 @@
notify: restart soundboard notify: restart soundboard
- name: Install soundboard service file - name: Install soundboard service file
template: ansible.builtin.template:
src: soundboard.service src: soundboard.service
dest: /etc/systemd/system/soundboard.service dest: /etc/systemd/system/soundboard.service
owner: root owner: root
@ -41,7 +43,7 @@
notify: restart soundboard notify: restart soundboard
- name: Enable soundboard - name: Enable soundboard
systemd: ansible.builtin.systemd:
name: soundboard name: soundboard
state: started state: started
enabled: true enabled: true

14
roles/music/tasks/trollibox.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Install Trollibox config - name: Install Trollibox config
template: ansible.builtin.template:
src: trollibox.yaml src: trollibox.yaml
dest: /etc/trollibox.yaml dest: /etc/trollibox.yaml
owner: root owner: root
@ -9,16 +9,18 @@
notify: restart trollibox notify: restart trollibox
- name: Get latest Trollibox version from Github API - name: Get latest Trollibox version from Github API
get_url: ansible.builtin.get_url:
url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest" url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest"
dest: "/tmp/_ansible_trollibox_latest_release.json" dest: "/tmp/_ansible_trollibox_latest_release.json"
- name: Get download url - name: Get download url
shell: cat "/tmp/_ansible_trollibox_latest_release.json" | jq '.assets[] | select(.name | contains("linux-amd64")) | .browser_download_url' -r ansible.builtin.shell:
cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name
| contains("linux-amd64")) | .browser_download_url -r
register: "trollibox_download_url" register: "trollibox_download_url"
- name: Download Trollibox - name: Download Trollibox
unarchive: ansible.builtin.unarchive:
src: "{{ trollibox_download_url.stdout }}" src: "{{ trollibox_download_url.stdout }}"
remote_src: yes remote_src: yes
dest: /usr/local/bin dest: /usr/local/bin
@ -27,7 +29,7 @@
notify: restart trollibox notify: restart trollibox
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: trollibox.service src: trollibox.service
dest: /etc/systemd/system/trollibox.service dest: /etc/systemd/system/trollibox.service
owner: root owner: root
@ -36,7 +38,7 @@
notify: restart trollibox notify: restart trollibox
- name: Enable Trollibox - name: Enable Trollibox
systemd: ansible.builtin.systemd:
name: trollibox name: trollibox
state: started state: started
enabled: true enabled: true

4
roles/photos/handlers/main.yaml
View file

@ -1,12 +1,12 @@
--- ---
- name: restart photo-gallery - name: restart photo-gallery
systemd: ansible.builtin.systemd:
name: photo-gallery name: photo-gallery
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart photos2mqtt - name: restart photos2mqtt
systemd: ansible.builtin.systemd:
name: photos2mqtt name: photos2mqtt
state: restarted state: restarted
daemon_reload: true daemon_reload: true

10
roles/photos/tasks/bambulab-fetch.yaml
View file

@ -1,10 +1,10 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: curl name: curl
- name: Install fetch script - name: Install fetch script
template: ansible.builtin.template:
src: bambulab-fetch.sh src: bambulab-fetch.sh
dest: /opt/bambulab-fetch.sh dest: /opt/bambulab-fetch.sh
owner: root owner: root
@ -12,7 +12,7 @@
mode: 0755 mode: 0755
- name: Install service - name: Install service
template: ansible.builtin.template:
src: bambulab-fetch.service src: bambulab-fetch.service
dest: /etc/systemd/system/bambulab-fetch.service dest: /etc/systemd/system/bambulab-fetch.service
owner: root owner: root
@ -21,7 +21,7 @@
notify: daemon reload notify: daemon reload
- name: Install timer - name: Install timer
template: ansible.builtin.template:
src: bambulab-fetch.timer src: bambulab-fetch.timer
dest: /etc/systemd/system/bambulab-fetch.timer dest: /etc/systemd/system/bambulab-fetch.timer
owner: root owner: root
@ -30,7 +30,7 @@
notify: daemon reload notify: daemon reload
- name: Enable timer - name: Enable timer
systemd: ansible.builtin.systemd:
name: bambulab-fetch name: bambulab-fetch
state: started state: started
enabled: yes enabled: yes

9
roles/photos/tasks/main.yaml
View file

@ -1,9 +1,12 @@
--- ---
- tags: photos-gallery - tags: photos-gallery
import_tasks: photo-gallery.yaml ansible.builtin.import_tasks:
file: photo-gallery.yaml
- tags: photos-mqtt - tags: photos-mqtt
import_tasks: photos2mqtt.yaml ansible.builtin.import_tasks:
file: photos2mqtt.yaml
- tags: bambulab-fetch - tags: bambulab-fetch
import_tasks: bambulab-fetch.yaml ansible.builtin.import_tasks:
file: bambulab-fetch.yaml

10
roles/photos/tasks/photo-gallery.yaml
View file

@ -1,10 +1,10 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: [ nodejs, npm, imagemagick, graphicsmagick, ffmpeg ] name: [ nodejs, npm, imagemagick, graphicsmagick, ffmpeg ]
- name: Clone source - name: Clone source
git: ansible.builtin.git:
repo: https://github.com/bitlair/photo-gallery.git repo: https://github.com/bitlair/photo-gallery.git
version: master version: master
dest: /opt/photo-gallery dest: /opt/photo-gallery
@ -12,7 +12,7 @@
notify: restart photo-gallery notify: restart photo-gallery
- name: Install photo-gallery config file - name: Install photo-gallery config file
template: ansible.builtin.template:
src: photo-gallery-config.json src: photo-gallery-config.json
dest: /opt/photo-gallery/config.json dest: /opt/photo-gallery/config.json
owner: root owner: root
@ -21,7 +21,7 @@
notify: restart photo-gallery notify: restart photo-gallery
- name: Install photo-gallery service file - name: Install photo-gallery service file
template: ansible.builtin.template:
src: photo-gallery.service src: photo-gallery.service
dest: /etc/systemd/system/photo-gallery.service dest: /etc/systemd/system/photo-gallery.service
owner: root owner: root
@ -30,7 +30,7 @@
notify: restart photo-gallery notify: restart photo-gallery
- name: Start photo-gallery - name: Start photo-gallery
systemd: ansible.builtin.systemd:
name: photo-gallery name: photo-gallery
state: started state: started
enabled: yes enabled: yes

11
roles/photos/tasks/photos2mqtt.yaml
View file

@ -1,15 +1,16 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: name:
- make - make
- liblinux-inotify2-perl - liblinux-inotify2-perl
- name: Install mqtt-simple - name: Install mqtt-simple
command: cpan Net::MQTT::Simple ansible.builtin.command:
cmd: cpan Net::MQTT::Simple
- name: Install photos2mqtt - name: Install photos2mqtt
template: ansible.builtin.template:
src: photos2mqtt.pl src: photos2mqtt.pl
dest: /opt/photos2mqtt.pl dest: /opt/photos2mqtt.pl
owner: root owner: root
@ -18,7 +19,7 @@
notify: restart photos2mqtt notify: restart photos2mqtt
- name: Install photos2mqtt service file - name: Install photos2mqtt service file
template: ansible.builtin.template:
src: photos2mqtt.service src: photos2mqtt.service
dest: /etc/systemd/system/photos2mqtt.service dest: /etc/systemd/system/photos2mqtt.service
owner: root owner: root
@ -27,7 +28,7 @@
notify: restart photos2mqtt notify: restart photos2mqtt
- name: Start photos2mqtt - name: Start photos2mqtt
systemd: ansible.builtin.systemd:
name: photos2mqtt name: photos2mqtt
state: started state: started
enabled: yes enabled: yes

3
roles/raspi/handlers/main.yaml
View file

@ -1,2 +1,3 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml

16
roles/raspi/tasks/main.yaml
View file

@ -1,24 +1,25 @@
--- ---
- name: Check whether user pi exists - name: Check whether user pi exists
command: "grep ^pi: /etc/passwd" ansible.builtin.command:
cmd: 'grep ^pi: /etc/passwd'
changed_when: no changed_when: no
failed_when: pi_user_check.rc != 0 and pi_user_check.rc != 1 failed_when: pi_user_check.rc != 0 and pi_user_check.rc != 1
register: pi_user_check register: pi_user_check
- name: Disable default user - name: Disable default user
user: ansible.builtin.user:
name: pi name: pi
password: ! password: !
when: pi_user_check.stdout_lines|length > 0 when: pi_user_check.stdout_lines|length > 0
- name: Enable sshd - name: Enable sshd
systemd: ansible.builtin.systemd:
name: sshd name: sshd
enabled: yes enabled: yes
state: started state: started
- name: Rotate display - name: Rotate display
lineinfile: ansible.builtin.lineinfile:
path: /boot/config.txt path: /boot/config.txt
line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible" line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible"
regexp: "^#?display_rotate" regexp: "^#?display_rotate"
@ -28,18 +29,19 @@
- name: Disable swap - name: Disable swap
block: block:
- name: Stop swap service - name: Stop swap service
systemd: ansible.builtin.systemd:
name: dphys-swapfile name: dphys-swapfile
state: stopped state: stopped
enabled: no enabled: no
- name: Remove swap file - name: Remove swap file
command: dphys-swapfile uninstall ansible.builtin.command:
cmd: dphys-swapfile uninstall
args: args:
removes: /var/swap removes: /var/swap
- name: Enable IPv6 SLAAC - name: Enable IPv6 SLAAC
lineinfile: ansible.builtin.lineinfile:
path: /etc/dhcpcd.conf path: /etc/dhcpcd.conf
line: "slaac hwaddr # Managed by Ansible" line: "slaac hwaddr # Managed by Ansible"
regexp: "^#?slaac" regexp: "^#?slaac"

21
roles/services/handlers/main.yaml
View file

@ -1,56 +1,57 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart irc-bot - name: restart irc-bot
systemd: ansible.builtin.systemd:
name: irc-bot name: irc-bot
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart irc-photos - name: restart irc-photos
systemd: ansible.builtin.systemd:
name: irc-photos name: irc-photos
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart irc-doorduino - name: restart irc-doorduino
systemd: ansible.builtin.systemd:
name: irc-doorduino name: irc-doorduino
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart discord-bot - name: restart discord-bot
systemd: ansible.builtin.systemd:
name: discord-bot name: discord-bot
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart siahsd - name: restart siahsd
systemd: ansible.builtin.systemd:
name: siahsd name: siahsd
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart spacestated - name: restart spacestated
systemd: ansible.builtin.systemd:
name: spacestated name: spacestated
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart mastodon-spacestate - name: restart mastodon-spacestate
systemd: ansible.builtin.systemd:
name: mastodon-spacestate name: mastodon-spacestate
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart wifi-mqtt - name: restart wifi-mqtt
systemd: ansible.builtin.systemd:
name: wifi-mqtt name: wifi-mqtt
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart power-mqtt - name: restart power-mqtt
systemd: ansible.builtin.systemd:
name: power-mqtt name: power-mqtt
state: restarted state: restarted
daemon_reload: true daemon_reload: true

14
roles/services/tasks/discord_bot.yaml
View file

@ -1,23 +1,25 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: name:
- python3-paho-mqtt - python3-paho-mqtt
- python3-tz - python3-tz
- virtualenv - virtualenv
- name: Create virtualenv - name: Create virtualenv
command: virtualenv /opt/miflora_exporter/.venv ansible.builtin.command:
cmd: virtualenv /opt/miflora_exporter/.venv
args: args:
creates: /var/lib/discord-bot/.venv creates: /var/lib/discord-bot/.venv
- name: Install Python dependencies - name: Install Python dependencies
shell: . .venv/bin/activate && pip install -r requirements.txt ansible.builtin.shell:
cmd: . .venv/bin/activate && pip install -r requirements.txt
args: args:
chdir: /var/lib/discord-bot chdir: /var/lib/discord-bot
- name: Clone source - name: Clone source
git: ansible.builtin.git:
repo: https://github.com/bitlair/discord-bot.git repo: https://github.com/bitlair/discord-bot.git
version: main version: main
dest: /var/lib/discord-bot dest: /var/lib/discord-bot
@ -25,7 +27,7 @@
notify: restart discord-bot notify: restart discord-bot
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: discord-bot.service src: discord-bot.service
dest: /etc/systemd/system/discord-bot.service dest: /etc/systemd/system/discord-bot.service
owner: root owner: root
@ -34,7 +36,7 @@
notify: restart discord-bot notify: restart discord-bot
- name: Start discord-bot - name: Start discord-bot
systemd: ansible.builtin.systemd:
name: discord-bot name: discord-bot
state: started state: started
enabled: yes enabled: yes

22
roles/services/tasks/ircbot.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Clone source - name: Clone source
git: ansible.builtin.git:
repo: https://github.com/bitlair/irc-bot.git repo: https://github.com/bitlair/irc-bot.git
version: master version: master
dest: /var/lib/irc-bot dest: /var/lib/irc-bot
@ -8,13 +8,13 @@
notify: restart irc-bot notify: restart irc-bot
- name: Link irc-say - name: Link irc-say
file: ansible.builtin.file:
state: link state: link
src: /var/lib/irc-bot/irc-say src: /var/lib/irc-bot/irc-say
dest: /usr/local/bin/irc-say dest: /usr/local/bin/irc-say
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: generic.service src: generic.service
dest: /etc/systemd/system/irc-bot.service dest: /etc/systemd/system/irc-bot.service
owner: root owner: root
@ -26,19 +26,19 @@
notify: restart irc-bot notify: restart irc-bot
- name: Start irc-bot - name: Start irc-bot
systemd: ansible.builtin.systemd:
name: irc-bot name: irc-bot
state: started state: started
enabled: yes enabled: yes
daemon_reload: true daemon_reload: true
- name: Create helpers dir - name: Create helpers dir
file: ansible.builtin.file:
path: /var/lib/irc-helpers path: /var/lib/irc-helpers
state: directory state: directory
- name: Install photos notification - name: Install photos notification
template: ansible.builtin.template:
src: irc-photos.sh src: irc-photos.sh
dest: /var/lib/irc-helpers/photos.sh dest: /var/lib/irc-helpers/photos.sh
owner: root owner: root
@ -47,7 +47,7 @@
notify: restart irc-photos notify: restart irc-photos
- name: Install photos notification service - name: Install photos notification service
template: ansible.builtin.template:
src: generic.service src: generic.service
dest: /etc/systemd/system/irc-photos.service dest: /etc/systemd/system/irc-photos.service
owner: root owner: root
@ -60,14 +60,14 @@
notify: restart irc-photos notify: restart irc-photos
- name: Start irc-photos - name: Start irc-photos
systemd: ansible.builtin.systemd:
name: irc-photos name: irc-photos
state: started state: started
enabled: yes enabled: yes
daemon_reload: true daemon_reload: true
- name: Install doorduino notification - name: Install doorduino notification
template: ansible.builtin.template:
src: irc-doorduino.sh src: irc-doorduino.sh
dest: /var/lib/irc-helpers/doorduino.sh dest: /var/lib/irc-helpers/doorduino.sh
owner: root owner: root
@ -76,7 +76,7 @@
notify: restart irc-doorduino notify: restart irc-doorduino
- name: Install doorduino notification service - name: Install doorduino notification service
template: ansible.builtin.template:
src: generic.service src: generic.service
dest: /etc/systemd/system/irc-doorduino.service dest: /etc/systemd/system/irc-doorduino.service
owner: root owner: root
@ -89,7 +89,7 @@
notify: restart irc-doorduino notify: restart irc-doorduino
- name: Start irc-doorduino - name: Start irc-doorduino
systemd: ansible.builtin.systemd:
name: irc-doorduino name: irc-doorduino
state: started state: started
enabled: yes enabled: yes

5
roles/services/tasks/main.yaml
View file

@ -1,9 +1,10 @@
--- ---
- tags: services_ircbot - tags: services_ircbot
import_tasks: ircbot.yaml ansible.builtin.import_tasks:
file: ircbot.yaml
- tags: services_discord_bot - tags: services_discord_bot
import_tasks: discord_bot.yaml ansible.builtin.import_tasks: discord_bot.yaml
- tags: services_siahsd - tags: services_siahsd
import_tasks: siahsd.yaml import_tasks: siahsd.yaml

10
roles/services/tasks/mastodon_spacestate.yaml
View file

@ -1,12 +1,12 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: name:
- python3-mastodon - python3-mastodon
- python3-paho-mqtt - python3-paho-mqtt
- name: Clone source - name: Clone source
git: ansible.builtin.git:
repo: https://github.com/bitlair/mastodon-spacestate.git repo: https://github.com/bitlair/mastodon-spacestate.git
version: main version: main
dest: /var/lib/mastodon-spacestate dest: /var/lib/mastodon-spacestate
@ -14,7 +14,7 @@
notify: restart mastodon-spacestate notify: restart mastodon-spacestate
- name: Install config - name: Install config
template: ansible.builtin.template:
src: mastodon-spacestate-config.py src: mastodon-spacestate-config.py
dest: /var/lib/mastodon-spacestate/config.py dest: /var/lib/mastodon-spacestate/config.py
owner: root owner: root
@ -23,7 +23,7 @@
notify: restart mastodon-spacestate notify: restart mastodon-spacestate
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: mastodon-spacestate.service src: mastodon-spacestate.service
dest: /etc/systemd/system/mastodon-spacestate.service dest: /etc/systemd/system/mastodon-spacestate.service
owner: root owner: root
@ -32,7 +32,7 @@
notify: restart mastodon-spacestate notify: restart mastodon-spacestate
- name: Start mastodon-spacestate - name: Start mastodon-spacestate
systemd: ansible.builtin.systemd:
name: mastodon-spacestate name: mastodon-spacestate
state: started state: started
enabled: yes enabled: yes

10
roles/services/tasks/power_mqtt.yaml
View file

@ -1,10 +1,10 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: [python3-paho-mqtt, python3-requests] name: [python3-paho-mqtt, python3-requests]
- name: Install power-mqtt - name: Install power-mqtt
template: ansible.builtin.template:
src: power-mqtt.py src: power-mqtt.py
dest: /var/lib/power-mqtt.py dest: /var/lib/power-mqtt.py
owner: root owner: root
@ -13,12 +13,12 @@
notify: restart power-mqtt notify: restart power-mqtt
- name: Remove old service - name: Remove old service
file: ansible.builtin.file:
path: /etc/systemd/system/power-mqtt.service path: /etc/systemd/system/power-mqtt.service
state: absent state: absent
- name: Install power-mqtt service - name: Install power-mqtt service
template: ansible.builtin.template:
src: generic.service src: generic.service
dest: /etc/systemd/system/power-mqtt@.service dest: /etc/systemd/system/power-mqtt@.service
owner: root owner: root
@ -30,7 +30,7 @@
notify: restart power-mqtt@ notify: restart power-mqtt@
- name: Enable power-mqtt - name: Enable power-mqtt
systemd: ansible.builtin.systemd:
name: "power-mqtt@{{ item.net }}/{{ item.ip }}" name: "power-mqtt@{{ item.net }}/{{ item.ip }}"
state: started state: started
enabled: yes enabled: yes

10
roles/services/tasks/siahsd.yaml
View file

@ -2,7 +2,7 @@
# TODO: Install and build # TODO: Install and build
- name: Create directories - name: Create directories
file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
owner: siahsd owner: siahsd
@ -12,7 +12,7 @@
- /var/lib/siahsd - /var/lib/siahsd
- name: Install config file - name: Install config file
template: ansible.builtin.template:
src: siahsd.conf src: siahsd.conf
dest: /etc/siahsd.conf dest: /etc/siahsd.conf
owner: root owner: root
@ -21,7 +21,7 @@
notify: restart siahsd notify: restart siahsd
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: siahsd.service src: siahsd.service
dest: /etc/systemd/system/siahsd.service dest: /etc/systemd/system/siahsd.service
owner: root owner: root
@ -30,14 +30,14 @@
notify: restart siahsd notify: restart siahsd
- name: Start siahsd - name: Start siahsd
systemd: ansible.builtin.systemd:
name: siahsd name: siahsd
state: started state: started
enabled: yes enabled: yes
daemon_reload: true daemon_reload: true
- name: Allow siahsd traffic - name: Allow siahsd traffic
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
protocol: udp protocol: udp
destination_port: "4000" destination_port: "4000"

13
roles/services/tasks/spacestated.yaml
View file

@ -1,24 +1,25 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: name:
- php-cli - php-cli
- php-snmp - php-snmp
- make - make
- name: Install mqtt-simple - name: Install mqtt-simple
command: cpan Net::MQTT::Simple ansible.builtin.command:
cmd: cpan Net::MQTT::Simple
- name: Add user - name: Add user
user: ansible.builtin.user:
name: spacestated name: spacestated
home: /var/lib/spacestated home: /var/lib/spacestated
generate_ssh_key: yes generate_ssh_key: yes
ssh_key_type: ed25519 ssh_key_type: ed25519
- name: Clone source - name: Clone source
git: ansible.builtin.git:
repo: https://github.com/bitlair/spacestated.git repo: https://github.com/bitlair/spacestated.git
version: main version: main
dest: /var/lib/spacestated/spacestated dest: /var/lib/spacestated/spacestated
@ -26,7 +27,7 @@
notify: restart spacestated notify: restart spacestated
- name: Install service file - name: Install service file
template: ansible.builtin.template:
src: spacestated.service src: spacestated.service
dest: /etc/systemd/system/spacestated.service dest: /etc/systemd/system/spacestated.service
owner: root owner: root
@ -35,7 +36,7 @@
notify: restart spacestated notify: restart spacestated
- name: Start spacestated - name: Start spacestated
systemd: ansible.builtin.systemd:
name: spacestated name: spacestated
state: started state: started
enabled: yes enabled: yes

2
roles/services/tasks/wifi_mqtt.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: name:
- php-cli - php-cli
- php-snmp - php-snmp

7
roles/www/handlers/main.yaml
View file

@ -1,13 +1,14 @@
--- ---
- import_tasks: ../../common/handlers/main.yaml - ansible.builtin.import_tasks:
file: ../../common/handlers/main.yaml
- name: restart spaceapi - name: restart spaceapi
systemd: ansible.builtin.systemd:
name: spaceapi name: spaceapi
state: restarted state: restarted
daemon_reload: true daemon_reload: true
- name: restart mqtt2web - name: restart mqtt2web
systemd: ansible.builtin.systemd:
name: mqtt2web name: mqtt2web
state: restarted state: restarted

8
roles/www/tasks/calendar.yaml
View file

@ -1,22 +1,22 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: [ python3-requests, python3-icalendar ] name: [ python3-requests, python3-icalendar ]
- name: Clone source - name: Clone source
git: ansible.builtin.git:
repo: https://github.com/bitlair/calendar-parser.git repo: https://github.com/bitlair/calendar-parser.git
version: main version: main
dest: /usr/local/src/bitlair-calendar dest: /usr/local/src/bitlair-calendar
accept_hostkey: yes accept_hostkey: yes
- name: Create user - name: Create user
user: ansible.builtin.user:
name: bitlair-calendar name: bitlair-calendar
home: /var/lib/bitlair-calendar home: /var/lib/bitlair-calendar
- name: Install cronjob - name: Install cronjob
template: ansible.builtin.template:
src: calendar.cron src: calendar.cron
dest: /etc/cron.d/bitlair-calendar dest: /etc/cron.d/bitlair-calendar
owner: root owner: root

12
roles/www/tasks/main.yaml
View file

@ -1,12 +1,16 @@
--- ---
- tags: www_calendar - tags: www_calendar
import_tasks: calendar.yaml ansible.builtin.import_tasks:
file: calendar.yaml
- tags: www_mediawiki - tags: www_mediawiki
import_tasks: mediawiki.yaml ansible.builtin.import_tasks:
file: mediawiki.yaml
- tags: www_mqtt - tags: www_mqtt
import_tasks: mqtt.yaml ansible.builtin.import_tasks:
file: mqtt.yaml
- tags: www_spaceapi - tags: www_spaceapi
import_tasks: spaceapi.yaml ansible.builtin.import_tasks:
file: spaceapi.yaml

9
roles/www/tasks/mediawiki.yaml
View file

@ -1,13 +1,14 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: php-fpm name: php-fpm
state: present state: present
- import_tasks: ../../../snippets/common-nginx.yaml - ansible.builtin.import_tasks:
file: ../../../snippets/common-nginx.yaml
- name: Install security.txt - name: Install security.txt
template: ansible.builtin.template:
src: security.txt src: security.txt
dest: /opt/security.txt dest: /opt/security.txt
owner: root owner: root
@ -15,7 +16,7 @@
mode: 0644 mode: 0644
- name: Allow HTTP/HTTPS - name: Allow HTTP/HTTPS
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
protocol: tcp protocol: tcp
destination_port: "{{ item.port }}" destination_port: "{{ item.port }}"

15
roles/www/tasks/mqtt.yaml
View file

@ -1,13 +1,13 @@
--- ---
- name: Install dependencies - name: Install dependencies
apt: ansible.builtin.apt:
name: name:
- libjson-xs-perl - libjson-xs-perl
- liblinux-epoll-perl - liblinux-epoll-perl
- mosquitto - mosquitto
- name: Allow MQTT - name: Allow MQTT
iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT
protocol: tcp protocol: tcp
destination_port: "{{ item.port }}" destination_port: "{{ item.port }}"
@ -21,10 +21,11 @@
notify: persist iptables notify: persist iptables
- name: Install mqtt-simple - name: Install mqtt-simple
command: cpan Net::MQTT::Simple ansible.builtin.command:
cmd: cpan Net::MQTT::Simple
- name: Clone mqtt2web source - name: Clone mqtt2web source
git: ansible.builtin.git:
repo: https://github.com/bitlair/mqtt2web.git repo: https://github.com/bitlair/mqtt2web.git
version: master version: master
dest: /opt/mqtt2web dest: /opt/mqtt2web
@ -32,7 +33,7 @@
notify: restart mqtt2web notify: restart mqtt2web
- name: Install mqtt2web service file - name: Install mqtt2web service file
template: ansible.builtin.template:
src: mqtt2web.service src: mqtt2web.service
dest: /etc/systemd/system/mqtt2web.service dest: /etc/systemd/system/mqtt2web.service
owner: root owner: root
@ -42,10 +43,10 @@
- daemon reload - daemon reload
- restart mqtt2web - restart mqtt2web
- meta: flush_handlers - ansible.builtin.meta: flush_handlers
- name: Enable mqtt2web - name: Enable mqtt2web
systemd: ansible.builtin.systemd:
name: mqtt2web name: mqtt2web
state: started state: started
enabled: true enabled: true

6
roles/www/tasks/spaceapi.yaml
View file

@ -1,6 +1,6 @@
--- ---
- name: Clone spaceapi source - name: Clone spaceapi source
git: ansible.builtin.git:
repo: https://github.com/bitlair/spaceapi.git repo: https://github.com/bitlair/spaceapi.git
version: main version: main
dest: /opt/spaceapi dest: /opt/spaceapi
@ -8,7 +8,7 @@
notify: restart spaceapi notify: restart spaceapi
- name: Install spaceapi service file - name: Install spaceapi service file
template: ansible.builtin.template:
src: spaceapi.service src: spaceapi.service
dest: /etc/systemd/system/spaceapi.service dest: /etc/systemd/system/spaceapi.service
owner: root owner: root
@ -17,7 +17,7 @@
notify: restart spaceapi notify: restart spaceapi
- name: Enable spaceapi - name: Enable spaceapi
systemd: ansible.builtin.systemd:
name: spaceapi name: spaceapi
state: started state: started
enabled: true enabled: true