diff --git a/bank.yaml b/bank.yaml index 43c92b7..e3f5930 100644 --- a/bank.yaml +++ b/bank.yaml @@ -1,8 +1,8 @@ --- - - hosts: bank roles: - common + - common-bitlair - bank vars: bank_revbank_git: https://github.com/bitlair/revbank.git diff --git a/bar.yaml b/bar.yaml index 5752cc3..4ef9f78 100644 --- a/bar.yaml +++ b/bar.yaml @@ -1,9 +1,8 @@ --- - - hosts: bank-pi.bitlair.nl vars: raspi_rotate_display: "2" roles: - raspi - - common + - common-bitlair - bank-terminal diff --git a/bitlair.yaml b/bitlair.yaml deleted file mode 100644 index ec019e7..0000000 --- a/bitlair.yaml +++ /dev/null @@ -1,58 +0,0 @@ - ---- - -- hosts: all - gather_facts: true - roles: - - { role: "common", tags: [ "common" ] } - -- hosts: bank - roles: - - { role: "bank", tags: [ "bank" ] } - -- hosts: raspi - roles: - - { role: "raspi", tags: [ "raspi" ] } - - { role: "bank-terminal", tags: [ "bank-terminal" ] } - -- hosts: fotos - roles: - - { role: "photos", tags: [ "photos" ] } - -- hosts: git-ci - roles: - - { role: "git-ci", tags: [ "git-ci" ] } - -- hosts: git - roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "git-server", tags: [ "git-server" ] } - -- hosts: monitoring - roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "monitoring", tags: [ "monitoring" ] } - -- hosts: mqtt - roles: - - { role: "mqtt-internal", tags: [ "mqtt-internal" ] } - -- hosts: music - roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "go", tags: [ "go" ] } - - { role: "music", tags: [ "music" ] } - -- hosts: pad - roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "etherpad", tags: [ "etherpad" ] } - -- hosts: services - roles: - - { role: "services", tags: [ "services" ] } - -- hosts: wiki - roles: - - { role: "acme", tags: [ "acme" ] } - - { role: "www", tags: [ "www" ] } diff --git a/common.yaml b/common.yaml index 3e0cb27..755110a 100644 --- a/common.yaml +++ b/common.yaml @@ -1,6 +1,5 @@ --- - - hosts: debian - gather_facts: true roles: - common + - common-bitlair diff --git a/fotos.yaml b/fotos.yaml index f0edd7b..d61fd5f 100644 --- a/fotos.yaml +++ b/fotos.yaml @@ -1,6 +1,6 @@ --- - - hosts: fotos roles: - common + - common-bitlair - photos diff --git a/git-ci.yaml b/git-ci.yaml index fa9f7b7..e2e557d 100644 --- a/git-ci.yaml +++ b/git-ci.yaml @@ -1,6 +1,6 @@ --- - - hosts: git-ci roles: - common + - common-bitlair - git-ci diff --git a/git.yaml b/git.yaml index 2161a4c..050090d 100644 --- a/git.yaml +++ b/git.yaml @@ -1,7 +1,7 @@ --- - - hosts: git roles: - common + - common-bitlair - acme - git-server diff --git a/group_vars/all.yaml b/group_vars/all.yaml index bdafa45..c7e8965 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -1,4 +1,4 @@ ---- +is_vm: true ansible_user: root ansible_python_interpreter: auto_silent @@ -31,7 +31,3 @@ root_access: mqtt_internal_host: mqtt.bitlair.nl mqtt_public_host: bitlair.nl - -debian_repourl: "http://deb.debian.org/debian/" -debian_securityurl: "http://security.debian.org/debian-security" - diff --git a/group_vars/music.yaml b/group_vars/music.yaml index ee9235b..ae98bff 100644 --- a/group_vars/music.yaml +++ b/group_vars/music.yaml @@ -5,6 +5,8 @@ root_access: - foobar - polyfloyd +is_vm: false + music_domain: music.bitlair.nl acme_san_domains: - [ music.bitlair.nl ] diff --git a/hosts.yaml b/hosts.yaml new file mode 100644 index 0000000..b812d09 --- /dev/null +++ b/hosts.yaml @@ -0,0 +1,43 @@ +all: + children: + raspi: + hosts: + bank-pi.bitlair.nl: + kvm: + hosts: + kvm4.bitlair.nl: + debian: + children: + bank: + hosts: + bank.bitlair.nl: + fotos: + hosts: + blockchain.bitlair.nl: + git: + hosts: + git.bitlair.nl: + git-ci: + hosts: + git-ci.bitlair.nl: + pad: + hosts: + pad.bitlair.nl: + lights: + hosts: + lights.bitlair.nl: + mqtt_internal: + hosts: + mqtt.bitlair.nl: + monitoring: + hosts: + dashboard.bitlair.nl: + music: + hosts: + music.bitlair.nl: + services: + hosts: + service.bitlair.nl: + wiki: + hosts: + wiki.bitlair.nl: diff --git a/inventory b/inventory deleted file mode 100644 index 7e430e1..0000000 --- a/inventory +++ /dev/null @@ -1,54 +0,0 @@ -# Inventory - -[raspi] -bank-pi.bitlair.nl - -[kvm] -kvm4.bitlair.nl - -[bank] -bank.bitlair.nl - -[fotos] -blockchain.bitlair.nl - -[git] -git.bitlair.nl - -[git-ci] -git-ci.bitlair.nl - -[pad] -pad.bitlair.nl - -[lights] -lights.bitlair.nl - -[mqtt] -mqtt.bitlair.nl - -[monitoring] -dashboard.bitlair.nl - -[music] -music.bitlair.nl - -[services] -service.bitlair.nl - -[wiki] -wiki.bitlair.nl - -[debian:children] -bank -fotos -git -git-ci -pad -lights -mqtt -monitoring -music -services -wiki - diff --git a/monitoring.yaml b/monitoring.yaml index 9ad8623..c439507 100644 --- a/monitoring.yaml +++ b/monitoring.yaml @@ -1,7 +1,7 @@ --- - - hosts: monitoring roles: - common + - common-bitlair - acme - monitoring diff --git a/mqtt-internal.yaml b/mqtt-internal.yaml index 1e941f8..93a00a5 100644 --- a/mqtt-internal.yaml +++ b/mqtt-internal.yaml @@ -1,6 +1,6 @@ --- - - hosts: mqtt_internal roles: - common + - common-bitlair - mqtt-internal diff --git a/music.yaml b/music.yaml index d12226c..2f77110 100644 --- a/music.yaml +++ b/music.yaml @@ -1,8 +1,8 @@ --- - - hosts: music roles: - common + - common-bitlair - acme - go - music diff --git a/pad.yaml b/pad.yaml index 90d227e..2325204 100644 --- a/pad.yaml +++ b/pad.yaml @@ -1,10 +1,10 @@ --- - - hosts: pad vars: acme_san_domains: - [ pad.bitlair.nl ] roles: - common + - common-bitlair - acme - etherpad diff --git a/roles/acme/handlers/main.yaml b/roles/acme/handlers/main.yaml index 508fc1a..d2fbc06 100644 --- a/roles/acme/handlers/main.yaml +++ b/roles/acme/handlers/main.yaml @@ -1,7 +1,5 @@ - name: update_contact_info - ansible.builtin.command: - cmd: dehydrated --account + command: dehydrated --account - name: query_certificates - ansible.builtin.command: - cmd: dehydrated --cron + command: dehydrated --cron diff --git a/roles/acme/tasks/main.yaml b/roles/acme/tasks/main.yaml index 653f49c..ceac392 100644 --- a/roles/acme/tasks/main.yaml +++ b/roles/acme/tasks/main.yaml @@ -1,23 +1,22 @@ --- -- ansible.builtin.import_tasks: - file: remove_conflicting.yaml +- import_tasks: remove_conflicting.yaml tags: [ never, acme_remove_conflicting ] - name: Install Dehydrated tags: [ acme, acme_install ] block: - name: Install dependencies - ansible.builtin.apt: + apt: name: ssl-cert state: present - name: Install Dehydrated - ansible.builtin.apt: + apt: name: dehydrated state: present - name: Install config file - ansible.builtin.template: + template: src: config.sh dest: /etc/dehydrated/conf.d/ansible.sh owner: root @@ -26,7 +25,7 @@ notify: update_contact_info - name: Install deploy hook - ansible.builtin.template: + template: src: deploy.sh dest: /etc/dehydrated/conf.d/deploy.sh owner: root @@ -34,7 +33,7 @@ mode: 0755 - name: Install cronjob - ansible.builtin.template: + template: src: cron dest: /etc/cron.d/dehydrated owner: root @@ -42,7 +41,7 @@ mode: 0644 - name: Create Nginx snippet snippets dir - ansible.builtin.file: + file: state: directory path: /etc/nginx/snippets owner: root @@ -50,7 +49,7 @@ mode: 0755 - name: Install Nginx snippet - ansible.builtin.template: + template: src: nginx-snippet.conf dest: /etc/nginx/snippets/acme.conf owner: root @@ -58,15 +57,14 @@ mode: 0644 - name: Register account - ansible.builtin.command: - cmd: dehydrated --register --accept-terms + command: dehydrated --register --accept-terms args: creates: /var/lib/dehydrated/accounts - tags: [ acme, acme_certs ] block: - name: Configure certificates - ansible.builtin.template: + template: src: domains.txt dest: /etc/dehydrated/domains.txt owner: root @@ -75,8 +73,7 @@ notify: query_certificates - name: Symlink SAN domains - ansible.builtin.include_tasks: - file: san_domains_loop.yaml + include_tasks: san_domains_loop.yaml loop: "{{ acme_san_domains|default([]) }}" loop_control: loop_var: domains diff --git a/roles/acme/tasks/remove_conflicting.yaml b/roles/acme/tasks/remove_conflicting.yaml index 9c88555..c55b045 100644 --- a/roles/acme/tasks/remove_conflicting.yaml +++ b/roles/acme/tasks/remove_conflicting.yaml @@ -1,12 +1,12 @@ --- - name: Remove certbot from apt - ansible.builtin.apt: + apt: name: [ letsencrypt, certbot ] state: absent autoremove: yes - name: Remove variable directories - ansible.builtin.file: + file: state: absent path: "{{ item }}" with_items: diff --git a/roles/acme/tasks/san_domains_loop.yaml b/roles/acme/tasks/san_domains_loop.yaml index b878042..4102cf4 100644 --- a/roles/acme/tasks/san_domains_loop.yaml +++ b/roles/acme/tasks/san_domains_loop.yaml @@ -1,9 +1,9 @@ --- -- ansible.builtin.stat: +- stat: path: "/var/lib/dehydrated/certs/{{ domains[0] }}" register: cert_stat -- ansible.builtin.file: +- file: state: link path: "/var/lib/dehydrated/certs/{{ item }}" src: "/var/lib/dehydrated/certs/{{ domains[0] }}" diff --git a/roles/bank-terminal/handlers/main.yaml b/roles/bank-terminal/handlers/main.yaml index c599b2c..6c8d778 100644 --- a/roles/bank-terminal/handlers/main.yaml +++ b/roles/bank-terminal/handlers/main.yaml @@ -1,7 +1,5 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml - name: console_setup - ansible.builtin.command: - cmd: dpkg-reconfigure console-setup --frontend noninteractive + command: dpkg-reconfigure console-setup --frontend noninteractive diff --git a/roles/bank-terminal/tasks/main.yaml b/roles/bank-terminal/tasks/main.yaml index 7a01ccb..baf0e7f 100644 --- a/roles/bank-terminal/tasks/main.yaml +++ b/roles/bank-terminal/tasks/main.yaml @@ -3,7 +3,7 @@ tags: bank_terminal_client block: - name: Add user - ansible.builtin.user: + user: name: bank-terminal home: /home/{{ bank_terminal_user }} shell: /home/{{ bank_terminal_user }}/login @@ -11,15 +11,14 @@ ssh_key_type: ed25519 - name: Locate agetty - ansible.builtin.command: - cmd: which agetty + command: which agetty register: agetty_location_cmd - name: Set agetty var - ansible.builtin.set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}" + set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}" - name: Install login script - ansible.builtin.template: + template: src: login dest: /home/{{ bank_terminal_user }}/login owner: bank-terminal @@ -27,7 +26,7 @@ mode: 0755 - name: Autologin User - ansible.builtin.template: + template: src: tty_autologin.conf dest: /etc/systemd/system/getty@tty1.service.d/override.conf owner: root @@ -36,13 +35,13 @@ notify: daemon_reload - name: Clear MOTD - ansible.builtin.copy: + copy: content: "" dest: /etc/motd # Set console font so the Revbank QR codes are rendered correctly. - name: Console setup - ansible.builtin.lineinfile: + lineinfile: path: /etc/default/console-setup line: '{{ item.k }}="{{ item.v }}"' regexp: "^#?{{ item.k }}" @@ -55,17 +54,17 @@ notify: console_setup - name: Console Setup Management Note - ansible.builtin.lineinfile: + lineinfile: path: /etc/default/console-setup line: '# Managed by Ansible' insertafter: "CONFIGURATION FILE" - name: Read pubkey - ansible.builtin.command: /bin/cat /home/{{ bank_terminal_user }}/.ssh/id_ed25519.pub + command: /bin/cat /home/{{ bank_terminal_user }}/.ssh/id_ed25519.pub changed_when: no register: pubkey - - ansible.builtin.debug: + - debug: msg: - Please ensure that the pubkey below is is authorized on the bank server. - "{{ pubkey.stdout_lines | join }}" diff --git a/roles/bank/handlers/main.yaml b/roles/bank/handlers/main.yaml index e7a11ce..68a75c2 100644 --- a/roles/bank/handlers/main.yaml +++ b/roles/bank/handlers/main.yaml @@ -1,3 +1,2 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml diff --git a/roles/bank/tasks/inflatinator.yaml b/roles/bank/tasks/inflatinator.yaml index dc687a3..bbff21a 100644 --- a/roles/bank/tasks/inflatinator.yaml +++ b/roles/bank/tasks/inflatinator.yaml @@ -1,11 +1,11 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: [ links, python3-pyquery ] state: present - name: Clone revbank-inflatinator source - ansible.builtin.git: + git: repo: https://github.com/bitlair/revbank-inflatinator.git version: main dest: /opt/revbank-inflatinator diff --git a/roles/bank/tasks/login.yaml b/roles/bank/tasks/login.yaml index cd0f9ba..f7cda49 100644 --- a/roles/bank/tasks/login.yaml +++ b/roles/bank/tasks/login.yaml @@ -1,6 +1,6 @@ --- - name: Add user - ansible.builtin.user: + user: name: bank password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank" home: /home/{{ bank_user }} @@ -8,7 +8,7 @@ update_password: always - name: Allow password auth for bank user - ansible.builtin.blockinfile: + blockinfile: path: /etc/ssh/sshd_config insertafter: EOF block: |- @@ -17,12 +17,12 @@ notify: reload sshd - name: Clear motd - ansible.builtin.copy: + copy: content: "" dest: /etc/motd - name: Remove autologin - ansible.builtin.file: + file: path: /etc/systemd/system/getty@tty1.service.d/override.conf state: absent notify: daemon reload @@ -31,20 +31,19 @@ - when: bank_local_tty block: - name: Locate agetty - ansible.builtin.command: - cmd: command -v agetty + command: command -v agetty register: agetty_location_cmd - - ansible.builtin.set_fact: + - set_fact: agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}" - name: Create getty dir - ansible.builtin.file: + file: path: /etc/systemd/system/getty@tty1.service.d state: directory - name: Autologin User - ansible.builtin.template: + template: src: tty_autologin.conf dest: /etc/systemd/system/getty@tty1.service.d/override.conf owner: root diff --git a/roles/bank/tasks/main.yaml b/roles/bank/tasks/main.yaml index 7ad90f6..c1953b8 100644 --- a/roles/bank/tasks/main.yaml +++ b/roles/bank/tasks/main.yaml @@ -1,12 +1,9 @@ --- - tags: [ bank, bank_login ] - ansible.builtin.import_tasks: - file: login.yaml + import_tasks: login.yaml - tags: [ bank, bank_revbank ] - ansible.builtin.import_tasks: - file: revbank.yaml + import_tasks: revbank.yaml - tags: [ bank, bank_inflatinator ] - ansible.builtin.import_tasks: - file: inflatinator.yaml + import_tasks: inflatinator.yaml diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml index ec283d1..f592504 100644 --- a/roles/bank/tasks/revbank.yaml +++ b/roles/bank/tasks/revbank.yaml @@ -1,18 +1,18 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ] state: present - name: Clone revbank source - ansible.builtin.git: + git: repo: "{{ bank_revbank_git }}" version: master dest: /home/{{ bank_user }}/revbank.git accept_hostkey: yes - name: Create data files - ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }} + command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }} args: creates: /home/{{ bank_user }}/{{ item }} with_items: @@ -21,7 +21,7 @@ - revbank.products - name: Ensure data file permissions - ansible.builtin.file: + file: path: /home/{{ bank_user }}/{{ item }} state: touch owner: "{{ bank_user }}" @@ -33,7 +33,7 @@ - revbank.products - name: Link plugins - ansible.builtin.file: + file: state: link path: /home/{{ bank_user }}/{{ item }} src: /home/{{ bank_user }}/revbank.git/{{ item }} @@ -42,11 +42,11 @@ - revbank.plugins - name: Create git data dir - ansible.builtin.file: + file: path: /home/{{ bank_user }}/data.git state: directory - name: Install git cronjob - ansible.builtin.template: + template: src: git.cron dest: /etc/cron.d/revbank-git diff --git a/roles/common-bitlair/tasks/main.yaml b/roles/common-bitlair/tasks/main.yaml new file mode 100644 index 0000000..57f98a8 --- /dev/null +++ b/roles/common-bitlair/tasks/main.yaml @@ -0,0 +1,8 @@ +--- +- name: Update authorized_keys + tags: authorized_keys + template: + src: authorized_keys.j2 + dest: /root/.ssh/authorized_keys + mode: 0600 + when: root_access is defined and root_access diff --git a/roles/common/templates/authorized_keys.j2 b/roles/common-bitlair/templates/authorized_keys.j2 similarity index 100% rename from roles/common/templates/authorized_keys.j2 rename to roles/common-bitlair/templates/authorized_keys.j2 diff --git a/roles/common/defaults/main.yaml b/roles/common/defaults/main.yaml index 5512d86..000579f 100644 --- a/roles/common/defaults/main.yaml +++ b/roles/common/defaults/main.yaml @@ -1,4 +1,5 @@ ssh_port: "22" +is_vm: false unattended_upgrades_auto_reboot_time: "04:00" unattended_upgrades_extra_origin_patterns: [] trusted_ranges: @@ -13,7 +14,4 @@ network_br: off network_dhcp: off network_static: off -node_exporter: true - -debian_packages_unwanted: - - netcat-traditional +node_exporter: yes diff --git a/roles/common/handlers/main.yaml b/roles/common/handlers/main.yaml index b71cef9..48b73af 100644 --- a/roles/common/handlers/main.yaml +++ b/roles/common/handlers/main.yaml @@ -1,31 +1,30 @@ --- - name: update grub - ansible.builtin.command: - cmd: update-grub + command: update-grub - name: reboot - ansible.builtin.reboot: + reboot: - name: apt update - ansible.builtin.apt: + apt: update_cache: true - name: daemon reload - ansible.builtin.systemd: + systemd: daemon_reload: true - name: reload sshd - ansible.builtin.systemd: + systemd: name: ssh state: reloaded - name: reload nginx - ansible.builtin.systemd: + systemd: name: nginx state: reloaded - name: persist iptables - ansible.builtin.shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}" + shell: "{{ item.c }}-save > /etc/iptables/rules.{{ item.ip }}" with_items: - { c: iptables, ip: v4 } - { c: ip6tables, ip: v6 } diff --git a/roles/common/tasks/apt-minimal.yaml b/roles/common/tasks/apt-minimal.yaml new file mode 100644 index 0000000..bc74ff6 --- /dev/null +++ b/roles/common/tasks/apt-minimal.yaml @@ -0,0 +1,8 @@ +--- +- name: Configure auto-upgrades + template: + src: apt-minimal + dest: /etc/apt/apt.conf.d/20minimal + owner: root + group: root + mode: 0644 diff --git a/roles/common/tasks/debian-backports.yaml b/roles/common/tasks/debian-backports.yaml new file mode 100644 index 0000000..fc6be9b --- /dev/null +++ b/roles/common/tasks/debian-backports.yaml @@ -0,0 +1,11 @@ +--- +- name: Install backports source list + template: + src: backports-source.list + dest: /etc/apt/sources.list.d/backports.list + owner: root + group: root + mode: 0644 + notify: apt update + +- meta: flush_handlers diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml index 3ff5041..241c60a 100644 --- a/roles/common/tasks/debian-upgrade.yaml +++ b/roles/common/tasks/debian-upgrade.yaml @@ -1,7 +1,6 @@ --- - - name: Install source list - ansible.builtin.template: + template: src: stable-sources.list dest: /etc/apt/sources.list owner: root @@ -9,21 +8,21 @@ mode: 0644 - name: Remove backports - ansible.builtin.file: + file: path: /etc/apt/sources.list.d/backports.list state: absent - name: update - ansible.builtin.apt: + apt: update_cache: yes - name: full-upgrade - ansible.builtin.apt: + apt: upgrade: full - name: Reboot - ansible.builtin.reboot: + reboot: - name: autoremove - ansible.builtin.apt: + apt: autoremove: yes diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index b0b39cf..64f80c3 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -1,66 +1,38 @@ --- - -- name: Import debian-upgrade.yaml if not bookworm - ansible.builtin.import_tasks: - file: debian-upgrade.yaml +- tags: [ debian-upgrade, never ] + import_tasks: debian-upgrade.yaml when: ansible_facts['distribution_release'] != "bookworm" - tags: [ debian-upgrade, never ] -- name: Apt config and sources.list - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode | default('0644') }}" - owner: "{{ item.owner | default('root') }}" - group: "{{ item.group | default('root') }}" - with_items: - - { src: "apt.conf.j2", dest: "/etc/apt/apt.conf" } - - { src: "sources.list.j2", dest: "/etc/apt/sources.list" } - - { src: "apt-auto-upgrades.j2", dest: "/etc/apt/apt.conf.d/20auto-upgrades" } - - { src: "apt-unattended-upgrades.j2", dest: "/etc/apt/apt.conf.d/50unattended-upgrades" } - when: - - ansible_os_family == "Debian" - tags: - - sourceslist +- tags: debian_backports + import_tasks: debian-backports.yaml -- name: Update authorized_keys - ansible.builtin.template: - src: authorized_keys.j2 - dest: /root/.ssh/authorized_keys - mode: 0600 - when: root_access is defined and root_access - tags: authorized_keys +- tags: unattended_updates + import_tasks: unattended-updates.yaml -- name: Import network tasks - ansible.builtin.import_tasks: - file: network.yaml - tags: network +- tags: apt-minimal + import_tasks: apt-minimal.yaml -- name: Import node-exporter - ansible.builtin.import_tasks: - file: node-exporter.yaml - tags: node-exporter +- tags: network + import_tasks: network.yaml -- name: Import vm tasks - ansible.builtin.import_tasks: - file: vm.yaml - tags: - - vm - - guestagent +- tags: node-exporter + import_tasks: node-exporter.yaml -- name: Remove debian-packages we don't want - ansible.builtin.apt: +- tags: vm + import_tasks: node-exporter.yaml + when: is_vm + +- name: Remove Vim + apt: + name: vim state: absent autoremove: true - pkg: "{{ debian_packages_unwanted|default([]) }}" -- name: Install standard packages - ansible.builtin.apt: - pkg: +- name: Install utilities + apt: + name: - curl - fzf - - ack - - etckeeper - git - htop - iptables @@ -72,39 +44,40 @@ - rsync - tree - neovim - - vim - - unattended-upgrades - - apt-listchanges + +- name: Remove netcat-traditional + apt: + name: netcat-traditional - name: Configure FZF for Bash - ansible.builtin.lineinfile: + lineinfile: path: /etc/bash.bashrc insertafter: EOF regexp: "^source /usr/share/doc/fzf/examples/key-bindings.bash" line: "source /usr/share/doc/fzf/examples/key-bindings.bash # Managed by Ansible" - name: Configure FZF for Bash (Bookworm) - ansible.builtin.lineinfile: + lineinfile: path: /etc/bash.bashrc insertafter: EOF regexp: "^source /usr/share/doc/fzf/examples/completion.bash" state: absent - name: Shorten Grub timeout - ansible.builtin.lineinfile: + lineinfile: path: /etc/default/grub regexp: '^GRUB_TIMEOUT=' line: "GRUB_TIMEOUT=1 # Managed by Ansible" notify: update grub - name: Configure cron email - ansible.builtin.lineinfile: + lineinfile: path: /etc/crontab insertafter: '^PATH' line: 'MAILTO={{ notify_email }}' - name: Configure SSH - ansible.builtin.lineinfile: + lineinfile: path: /etc/ssh/sshd_config regexp: "{{ item.regexp }}" line: "{{ item.line }}" @@ -118,7 +91,7 @@ notify: reload sshd - name: Allow SSH - ansible.builtin.iptables: + iptables: chain: INPUT protocol: tcp destination_port: "{{ ssh_port }}" @@ -131,7 +104,7 @@ notify: persist iptables - name: Allow ICMP - ansible.builtin.iptables: + iptables: chain: INPUT protocol: "{{ item.proto }}" jump: ACCEPT @@ -142,7 +115,7 @@ notify: persist iptables - name: Allow related and established connections - ansible.builtin.iptables: + iptables: chain: INPUT ctstate: ESTABLISHED,RELATED jump: ACCEPT @@ -153,7 +126,7 @@ notify: persist iptables - name: Allow local connections - ansible.builtin.iptables: + iptables: chain: INPUT source: "{{ item.cidr }}" jump: ACCEPT @@ -162,7 +135,7 @@ notify: persist iptables - name: Deny inbound connections - ansible.builtin.iptables: + iptables: chain: INPUT policy: DROP ip_version: "{{ item }}" diff --git a/roles/common/tasks/network.yaml b/roles/common/tasks/network.yaml index 9d5e471..47053a9 100644 --- a/roles/common/tasks/network.yaml +++ b/roles/common/tasks/network.yaml @@ -1,12 +1,12 @@ --- - name: Install bridge-utils - ansible.builtin.apt: + apt: name: bridge-utils state: present when: network_br - name: Configure sysctl.conf - ansible.builtin.lineinfile: + lineinfile: path: /etc/sysctl.conf regexp: "^#?{{ item.k }}" line: "{{ item.k }}={{ item.v }} # Managed by Ansible" @@ -17,7 +17,7 @@ when: network_br - name: Make network interfaces really predictable - ansible.builtin.lineinfile: + lineinfile: path: /etc/default/grub regexp: ^GRUB_CMDLINE_LINUX line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" # Managed by Ansible' @@ -27,7 +27,7 @@ when: network_br or network_dhcp or network_static - name: Configure network interfaces - ansible.builtin.template: + template: src: network-interfaces dest: /etc/network/interfaces owner: root @@ -36,4 +36,4 @@ notify: reboot when: network_br or network_dhcp or network_static -- ansible.builtin.meta: flush_handlers +- meta: flush_handlers diff --git a/roles/common/tasks/node-exporter.yaml b/roles/common/tasks/node-exporter.yaml index 448bae1..fa899d1 100644 --- a/roles/common/tasks/node-exporter.yaml +++ b/roles/common/tasks/node-exporter.yaml @@ -1,7 +1,13 @@ --- - -- name: Install or remove prometheus node-exporter - ansible.builtin.apt: +- name: Install node-exporter + apt: name: prometheus-node-exporter - state: "{% if node_exporter %}present{% else %}absent{% endif %}" + state: present + when: node_exporter + +- name: Remove node-exporter + apt: + name: prometheus-node-exporter + state: absent autoremove: yes + when: not node_exporter diff --git a/roles/common/tasks/unattended-updates.yaml b/roles/common/tasks/unattended-updates.yaml new file mode 100644 index 0000000..ea09772 --- /dev/null +++ b/roles/common/tasks/unattended-updates.yaml @@ -0,0 +1,23 @@ +--- +- name: Install unattended-upgrades + apt: + name: + - unattended-upgrades + - apt-listchanges + state: present + +- name: Configure auto-upgrades + template: + src: auto-upgrades + dest: /etc/apt/apt.conf.d/20auto-upgrades + owner: root + group: root + mode: 0644 + +- name: Configure unattended-upgrades + template: + src: unattended-upgrades + dest: /etc/apt/apt.conf.d/50unattended-upgrades + owner: root + group: root + mode: 0644 diff --git a/roles/common/tasks/vm.yaml b/roles/common/tasks/vm.yaml index 505c03f..fa34a4e 100644 --- a/roles/common/tasks/vm.yaml +++ b/roles/common/tasks/vm.yaml @@ -1,18 +1,15 @@ --- - name: Install guest agent - ansible.builtin.apt: + apt: name: qemu-guest-agent - when: ansible_virtualization_role|default(false) == 'guest' - tags: - - questagent - name: Serial Console - ansible.builtin.lineinfile: + lineinfile: path: /etc/default/grub regexp: ^GRUB_CMDLINE_LINUX_DEFAULT line: 'GRUB_CMDLINE_LINUX_DEFAULT="quiet console=ttyS0,115200n1 console=tty0"' notify: - update grub - reboot - tags: - - questagent + +- meta: flush_handlers diff --git a/roles/common/templates/apt-minimal b/roles/common/templates/apt-minimal new file mode 100644 index 0000000..452a6e6 --- /dev/null +++ b/roles/common/templates/apt-minimal @@ -0,0 +1,4 @@ +# Managed by Ansible + +APT::Install-Recommends "0"; +APT::Install-Suggests "0"; diff --git a/roles/common/templates/apt.conf.j2 b/roles/common/templates/apt.conf.j2 deleted file mode 100644 index 7581cc8..0000000 --- a/roles/common/templates/apt.conf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# {{ ansible_managed }} - -{% if proxy_host is defined and proxy_host != "" %} -Acquire::http::Proxy "http://{{ proxy_host }}:{{ proxy_port }}/"; -{% endif %} - -# Don't download translation-files -Acquire::Languages "none"; - -APT::Install-Recommends "0"; -APT::Install-Suggests "0"; diff --git a/roles/common/templates/apt-auto-upgrades.j2 b/roles/common/templates/auto-upgrades similarity index 100% rename from roles/common/templates/apt-auto-upgrades.j2 rename to roles/common/templates/auto-upgrades diff --git a/roles/common/templates/backports-source.list b/roles/common/templates/backports-source.list new file mode 100644 index 0000000..dd30928 --- /dev/null +++ b/roles/common/templates/backports-source.list @@ -0,0 +1,4 @@ +# Managed by Ansible + +deb http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main +deb-src http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main diff --git a/roles/common/templates/sources.list.j2 b/roles/common/templates/sources.list.j2 deleted file mode 100644 index 9aac632..0000000 --- a/roles/common/templates/sources.list.j2 +++ /dev/null @@ -1,24 +0,0 @@ -# {{ ansible_managed }} - -{% if debian_source_repos|default(false) %} -{% set SRC = "" %} -{% else %} -{% set SRC = "# " %} -{% endif %} -{% set components = "main contrib non-free-firmware" %} - -deb {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }} -{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }} -# -# Updates -deb {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }} -{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }} -# -# Backports -deb {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }} -{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }} -# -# Security patches -deb {{ debian_securityurl }} {{ ansible_distribution_release }}-security {{ components }} -{{ SRC }}deb-src {{ debian_securityurl }} {{ ansible_distribution_release }}-security main contrib non- free - diff --git a/roles/common/templates/stable-sources.list b/roles/common/templates/stable-sources.list new file mode 100644 index 0000000..95c2f9a --- /dev/null +++ b/roles/common/templates/stable-sources.list @@ -0,0 +1,8 @@ +deb http://deb.debian.org/debian bookworm main non-free-firmware +deb-src http://deb.debian.org/debian bookworm main non-free-firmware + +deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware +deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware + +deb http://deb.debian.org/debian bookworm-updates main non-free-firmware +deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware diff --git a/roles/common/templates/apt-unattended-upgrades.j2 b/roles/common/templates/unattended-upgrades similarity index 100% rename from roles/common/templates/apt-unattended-upgrades.j2 rename to roles/common/templates/unattended-upgrades diff --git a/roles/etherpad/handlers/main.yaml b/roles/etherpad/handlers/main.yaml index 82924a6..39fb4d8 100644 --- a/roles/etherpad/handlers/main.yaml +++ b/roles/etherpad/handlers/main.yaml @@ -1,9 +1,8 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml - name: restart etherpad - ansible.builtin.systemd: + systemd: name: etherpad state: restarted daemon_reload: true diff --git a/roles/etherpad/tasks/main.yaml b/roles/etherpad/tasks/main.yaml index 2afe1f6..a0bef42 100644 --- a/roles/etherpad/tasks/main.yaml +++ b/roles/etherpad/tasks/main.yaml @@ -1,23 +1,20 @@ --- - tags: etherpad block: - - ansible.builtin.import_tasks: - file: ../../../snippets/common-nginx.yaml + - import_tasks: ../../../snippets/common-nginx.yaml - name: Install dependencies - ansible.builtin.apt: + apt: name: [ gpg, postgresql, python3-psycopg2, apt-transport-https ] - name: Import nodesource signing key - ansible.builtin.shell: - cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor - -o /usr/share/keyrings/nodesource.gpg + shell: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg args: creates: /usr/share/keyrings/nodesource.gpg notify: apt update - name: Install nodesource source list - ansible.builtin.template: + template: src: nodesource.list dest: /etc/apt/sources.list.d/nodesource.list owner: root @@ -26,7 +23,7 @@ notify: apt update - name: Install nodejs apt preference - ansible.builtin.template: + template: src: nodejs-apt-pref dest: /etc/apt/preferences.d/nodejs owner: root @@ -34,10 +31,10 @@ mode: 0644 notify: apt update - - ansible.builtin.meta: flush_handlers + - meta: flush_handlers - name: Install nodejs - ansible.builtin.apt: + apt: name: nodejs - name: Add database user @@ -45,7 +42,7 @@ become_method: su become_user: postgres no_log: yes - community.postgresql.postgresql_user: + postgresql_user: name: etherpad password: "{{ etherpad_db_password }}" @@ -53,17 +50,17 @@ become: true become_method: su become_user: postgres - community.postgresql.postgresql_db: + postgresql_db: name: "{{ etherpad_db_name }}" owner: "{{ etherpad_db_user }}" - name: Add etherpad user - ansible.builtin.user: + user: name: etherpad home: /var/lib/etherpad - name: Create log file - ansible.builtin.file: + file: path: /var/log/etherpad.log state: touch owner: etherpad @@ -71,7 +68,7 @@ mode: 0644 - name: Create source directory - ansible.builtin.file: + file: path: /opt/etherpad state: directory owner: etherpad @@ -82,7 +79,7 @@ become: yes become_method: su become_user: etherpad - ansible.builtin.git: + git: repo: https://github.com/ether/etherpad-lite.git version: master dest: /opt/etherpad @@ -90,7 +87,7 @@ notify: restart etherpad - name: Install etherpad config - ansible.builtin.template: + template: src: settings.json dest: /opt/etherpad/settings.json owner: root @@ -99,7 +96,7 @@ notify: restart etherpad - name: Install etherpad service - ansible.builtin.template: + template: src: etherpad.service dest: /etc/systemd/system/etherpad.service owner: root @@ -108,14 +105,14 @@ notify: restart etherpad - name: Start etherpad - ansible.builtin.systemd: + systemd: daemon_reload: true name: etherpad state: started enabled: yes - name: Install nginx config - ansible.builtin.template: + template: src: nginx-site.conf dest: /etc/nginx/sites-enabled/etherpad owner: root @@ -124,7 +121,7 @@ notify: reload nginx - name: Allow HTTP and HTTPS - ansible.builtin.iptables: + iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" diff --git a/roles/etherpad/tasks/requirements.yml b/roles/etherpad/tasks/requirements.yml deleted file mode 100644 index 060cde3..0000000 --- a/roles/etherpad/tasks/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ -collections: - - name: community.postgresql - version: 2.3.2 diff --git a/roles/git-ci/handlers/main.yaml b/roles/git-ci/handlers/main.yaml index 361ba38..99756ad 100644 --- a/roles/git-ci/handlers/main.yaml +++ b/roles/git-ci/handlers/main.yaml @@ -1,8 +1,7 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml - name: restart forgejo-runner - ansible.builtin.systemd: + systemd: name: forgejo-runner state: restarted diff --git a/roles/git-ci/tasks/main.yaml b/roles/git-ci/tasks/main.yaml index a01a11a..87bc533 100644 --- a/roles/git-ci/tasks/main.yaml +++ b/roles/git-ci/tasks/main.yaml @@ -2,18 +2,18 @@ - tags: forgejo_runner block: - name: Install dependencies - ansible.builtin.apt: + apt: name: docker.io - name: Download forgejo-runner - ansible.builtin.get_url: + get_url: url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64" dest: /usr/local/bin/forgejo-runner mode: 0755 notify: restart forgejo-runner - name: Create runner dir - ansible.builtin.file: + file: state: directory path: "{{ runner_wd }}" owner: root @@ -21,13 +21,13 @@ mode: 0755 - name: Register runner - ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" + command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}" args: chdir: "{{ runner_wd }}" creates: "{{ runner_wd }}/.runner" - name: Install service file - ansible.builtin.template: + template: src: forgejo-runner.service dest: /etc/systemd/system/forgejo-runner.service owner: root @@ -36,15 +36,15 @@ notify: restart forgejo-runner - name: Enable service - ansible.builtin.systemd: + systemd: name: forgejo-runner enabled: yes daemon_reload: true - name: Start service - ansible.builtin.systemd: + systemd: name: forgejo-runner state: started daemon_reload: true - - ansible.builtin.meta: flush_handlers + - meta: flush_handlers diff --git a/roles/git-server/handlers/main.yaml b/roles/git-server/handlers/main.yaml index 98d3f24..563eeaa 100644 --- a/roles/git-server/handlers/main.yaml +++ b/roles/git-server/handlers/main.yaml @@ -1,8 +1,7 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml - name: reload forgejo - ansible.builtin.systemd: + systemd: name: forgejo state: reloaded diff --git a/roles/git-server/tasks/main.yaml b/roles/git-server/tasks/main.yaml index 4a5bb3c..91ee37d 100644 --- a/roles/git-server/tasks/main.yaml +++ b/roles/git-server/tasks/main.yaml @@ -1,16 +1,15 @@ --- -- ansible.builtin.import_tasks: - file: ../../../snippets/common-nginx.yaml +- import_tasks: ../../../snippets/common-nginx.yaml - name: Install dependencies - ansible.builtin.apt: + apt: name: - git - xq state: present - name: Install nginx site - ansible.builtin.template: + template: src: nginx-site.conf dest: /etc/nginx/sites-available/forgejo owner: root @@ -19,21 +18,21 @@ notify: reload nginx - name: Enable nginx site - ansible.builtin.file: + file: src: /etc/nginx/sites-available/forgejo dest: /etc/nginx/sites-enabled/forgejo state: link notify: reload nginx - name: Create user - ansible.builtin.user: + user: name: "{{ git_server_user }}" home: "{{ git_server_working_dir }}" shell: /bin/bash comment: Git server - name: Create logging dir - ansible.builtin.file: + file: state: directory path: /var/log/forgejo owner: "{{ git_server_user }}" @@ -44,7 +43,7 @@ # TODO: Install initial config - name: Install service file - ansible.builtin.template: + template: src: forgejo.service dest: /etc/systemd/system/forgejo.service owner: root @@ -53,7 +52,7 @@ notify: reload forgejo - name: Install update script - ansible.builtin.template: + template: src: update.sh dest: "{{ git_server_working_dir }}/update.sh" owner: "{{ git_server_user }}" @@ -61,30 +60,30 @@ mode: 0755 - name: Perform initial update - ansible.builtin.command: "{{ git_server_working_dir }}/update.sh" + command: "{{ git_server_working_dir }}/update.sh" args: creates: "{{ git_server_working_dir }}/forgejo" notify: reload forgejo - name: Enable service - ansible.builtin.systemd: + systemd: name: forgejo enabled: yes daemon_reload: true - name: Start service - ansible.builtin.systemd: + systemd: name: forgejo state: started daemon_reload: true - name: Install cronjob - ansible.builtin.template: + template: src: cronjob dest: /etc/cron.d/forgejo - name: Allow Git SSH, HTTP and HTTPS - ansible.builtin.iptables: + iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" @@ -101,5 +100,5 @@ - { ip: ipv6, port: 443 } notify: persist iptables -- ansible.builtin.debug: +- debug: msg: If Forgejo has not been setup yet, please do so manually. diff --git a/roles/go/tasks/main.yaml b/roles/go/tasks/main.yaml index b787d21..90348f2 100644 --- a/roles/go/tasks/main.yaml +++ b/roles/go/tasks/main.yaml @@ -3,18 +3,18 @@ tags: go,go_install block: - name: Remove Debian Go package - ansible.builtin.apt: + apt: name: golang autoremove: yes state: absent - name: Install dependencies - ansible.builtin.apt: + apt: name: curl state: present - name: Fetch Go latest version - ansible.builtin.shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//" + shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//" changed_when: false register: go_latest_version_shell diff --git a/roles/monitoring/handlers/main.yaml b/roles/monitoring/handlers/main.yaml index 678e2cc..ee9948d 100644 --- a/roles/monitoring/handlers/main.yaml +++ b/roles/monitoring/handlers/main.yaml @@ -1,18 +1,17 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml - name: restart mqtt_exporter - ansible.builtin.systemd: + systemd: name: mqtt_exporter state: restarted - name: restart prometheus - ansible.builtin.systemd: + systemd: name: prometheus state: restarted - name: restart grafana - ansible.builtin.systemd: + systemd: name: grafana-server state: restarted diff --git a/roles/monitoring/tasks/blackbox.yaml b/roles/monitoring/tasks/blackbox.yaml index ca1fbe0..2385022 100644 --- a/roles/monitoring/tasks/blackbox.yaml +++ b/roles/monitoring/tasks/blackbox.yaml @@ -1,4 +1,4 @@ --- - name: Install blackbox exporter - ansible.builtin.apt: + apt: name: prometheus-blackbox-exporter diff --git a/roles/monitoring/tasks/grafana.yaml b/roles/monitoring/tasks/grafana.yaml index 3e09b8f..b730f17 100644 --- a/roles/monitoring/tasks/grafana.yaml +++ b/roles/monitoring/tasks/grafana.yaml @@ -1,24 +1,24 @@ --- - name: Add key - ansible.builtin.get_url: + get_url: url: https://apt.grafana.com/gpg.key dest: /etc/apt/keyrings/grafana.asc notify: apt update - name: Grafana source - ansible.builtin.copy: + copy: dest: /etc/apt/sources.list.d/grafana.list content: "deb [signed-by=/etc/apt/keyrings/grafana.asc] https://apt.grafana.com stable main" notify: apt update -- ansible.builtin.meta: flush_handlers +- meta: flush_handlers - name: Install Grafana - ansible.builtin.apt: + apt: name: grafana - name: Configure grafana - ansible.builtin.template: + template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root @@ -30,7 +30,7 @@ - { src: grafana-ldap.toml, dest: /etc/grafana/ldap.toml } - name: Configure grafana data source - ansible.builtin.template: + template: src: grafana-data-source.yml dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml" owner: root diff --git a/roles/monitoring/tasks/main.yaml b/roles/monitoring/tasks/main.yaml index a13313c..e03ad9c 100644 --- a/roles/monitoring/tasks/main.yaml +++ b/roles/monitoring/tasks/main.yaml @@ -2,11 +2,10 @@ - name: monitoring tags: monitoring block: - - ansible.builtin.import_tasks: - file: ../../../snippets/common-nginx.yaml + - import_tasks: ../../../snippets/common-nginx.yaml - name: Install nginx site - ansible.builtin.template: + template: src: nginx-site.conf dest: /etc/nginx/sites-available/monitoring owner: root @@ -15,20 +14,20 @@ notify: reload nginx - name: Enable nginx site - ansible.builtin.file: + file: src: /etc/nginx/sites-available/monitoring dest: /etc/nginx/sites-enabled/monitoring state: link notify: reload nginx - name: Start nginx - ansible.builtin.systemd: + systemd: name: nginx state: started enabled: yes - name: Allow HTTP/HTTPS - ansible.builtin.iptables: + iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" @@ -43,20 +42,16 @@ - name: mqtt_exporter tags: mqtt_exporter - ansible.builtin.import_tasks: - file: mqtt_exporter.yaml + import_tasks: mqtt_exporter.yaml - name: blackbox tags: blackbox - ansible.builtin.import_tasks: - file: blackbox.yaml + import_tasks: blackbox.yaml - name: prometheus tags: prometheus - ansible.builtin.import_tasks: - file: prometheus.yaml + import_tasks: prometheus.yaml - name: grafana tags: grafana - ansible.builtin.import_tasks: - file: grafana.yaml + import_tasks: grafana.yaml diff --git a/roles/monitoring/tasks/mqtt_exporter.yaml b/roles/monitoring/tasks/mqtt_exporter.yaml index 4fda9d9..2fee482 100644 --- a/roles/monitoring/tasks/mqtt_exporter.yaml +++ b/roles/monitoring/tasks/mqtt_exporter.yaml @@ -1,6 +1,6 @@ --- - name: Clone source - ansible.builtin.git: + git: repo: https://github.com/polyfloyd/mqtt-exporter.git version: main dest: /opt/mqtt_exporter @@ -8,7 +8,7 @@ notify: restart mqtt_exporter - name: Install apt dependencies - ansible.builtin.apt: + apt: name: - python3-paho-mqtt - python3-prometheus-client @@ -16,7 +16,7 @@ state: present - name: Install service - ansible.builtin.template: + template: src: mqtt_exporter.service dest: /etc/systemd/system/mqtt_exporter.service owner: root @@ -27,7 +27,7 @@ - restart mqtt_exporter - name: Install config file - ansible.builtin.template: + template: src: mqtt_exporter_config.yaml dest: /etc/mqtt_exporter.yaml owner: root @@ -37,10 +37,10 @@ - daemon reload - restart mqtt_exporter -- ansible.builtin.meta: flush_handlers +- meta: flush_handlers - name: Start service - ansible.builtin.systemd: + systemd: name: mqtt_exporter state: started enabled: true diff --git a/roles/monitoring/tasks/prometheus.yaml b/roles/monitoring/tasks/prometheus.yaml index 30522b5..f6c5865 100644 --- a/roles/monitoring/tasks/prometheus.yaml +++ b/roles/monitoring/tasks/prometheus.yaml @@ -1,10 +1,10 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: prometheus - name: Configure Prometheus - ansible.builtin.template: + template: src: prometheus.yml dest: "{{ prometheus_config_dir }}/prometheus.yml" owner: root @@ -13,7 +13,7 @@ notify: restart prometheus - name: Configure Prometheus args - ansible.builtin.lineinfile: + lineinfile: path: /etc/default/prometheus line: >- ARGS=" diff --git a/roles/mqtt-internal/handlers/main.yaml b/roles/mqtt-internal/handlers/main.yaml index 595258d..ca73bed 100644 --- a/roles/mqtt-internal/handlers/main.yaml +++ b/roles/mqtt-internal/handlers/main.yaml @@ -1,8 +1,7 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml - name: restart mosquitto - ansible.builtin.systemd: + systemd: name: mosquitto state: restarted diff --git a/roles/mqtt-internal/tasks/main.yaml b/roles/mqtt-internal/tasks/main.yaml index e468d01..4aec7bb 100644 --- a/roles/mqtt-internal/tasks/main.yaml +++ b/roles/mqtt-internal/tasks/main.yaml @@ -3,13 +3,13 @@ tags: mqtt_internal block: - name: Install dependencies - ansible.builtin.apt: + apt: name: - mosquitto - avahi-daemon - name: Configure Mosquitto - ansible.builtin.template: + template: src: "{{ item }}" dest: "/etc/mosquitto/conf.d/{{ item }}" owner: root @@ -21,7 +21,7 @@ - public-bridge.conf - name: Start mosquitto - ansible.builtin.systemd: + systemd: name: mosquitto state: started enabled: yes diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml index 5ef0e4f..4dea39a 100644 --- a/roles/music/handlers/main.yaml +++ b/roles/music/handlers/main.yaml @@ -1,39 +1,37 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml - name: restart trollibox - ansible.builtin.systemd: + systemd: name: trollibox state: restarted daemon_reload: true - name: rebuild librespot - ansible.builtin.command: - cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend + command: /root/.cargo/bin/cargo build --release --features jackaudio-backend args: chdir: /opt/librespot - name: restart librespot - ansible.builtin.systemd: + systemd: name: librespot state: restarted daemon_reload: true - name: restart soundboard - ansible.builtin.systemd: + systemd: name: soundboard state: restarted daemon_reload: true - name: restart mpd-volume-to-mqtt - ansible.builtin.systemd: + systemd: name: mpd-volume-to-mqtt state: restarted daemon_reload: true - name: restart skipbutton - ansible.builtin.systemd: + systemd: name: skipbutton state: restarted daemon_reload: true diff --git a/roles/music/tasks/librespot.yaml b/roles/music/tasks/librespot.yaml index 9bf3154..22ceac3 100644 --- a/roles/music/tasks/librespot.yaml +++ b/roles/music/tasks/librespot.yaml @@ -1,11 +1,11 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: libjack-jackd2-dev state: present - name: Clone librespot source - ansible.builtin.git: + git: repo: https://github.com/librespot-org/librespot.git version: dev dest: /opt/librespot @@ -15,7 +15,7 @@ - restart librespot - name: Install service file - ansible.builtin.template: + template: src: librespot.service dest: /etc/systemd/system/librespot.service owner: root @@ -24,7 +24,7 @@ notify: restart librespot - name: Enable Librespot - ansible.builtin.systemd: + systemd: name: librespot state: started enabled: true diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml index e91f146..7d8e4c0 100644 --- a/roles/music/tasks/main.yaml +++ b/roles/music/tasks/main.yaml @@ -1,27 +1,22 @@ --- - tags: music_mpd - ansible.builtin.import_tasks: - file: mpd.yaml + import_tasks: mpd.yaml - tags: music_trollibox - ansible.builtin.import_tasks: - file: trollibox.yaml + import_tasks: trollibox.yaml - tags: music_librespot - ansible.builtin.import_tasks: - file: librespot.yaml + import_tasks: librespot.yaml - tags: music_soundboard - ansible.builtin.import_tasks: - file: soundboard.yaml + import_tasks: soundboard.yaml - tags: music block: - - ansible.builtin.import_tasks: - file: ../../../snippets/common-nginx.yaml + - import_tasks: ../../../snippets/common-nginx.yaml - name: Install nginx config - ansible.builtin.template: + template: src: nginx-site.conf dest: /etc/nginx/sites-enabled/trollibox owner: root diff --git a/roles/music/tasks/mpd.yaml b/roles/music/tasks/mpd.yaml index d372d12..5ea6a27 100644 --- a/roles/music/tasks/mpd.yaml +++ b/roles/music/tasks/mpd.yaml @@ -1,6 +1,6 @@ --- - name: Install MPD - ansible.builtin.apt: + apt: name: - jackd - mpd @@ -9,7 +9,7 @@ state: present - name: Install mpd-volume-to-mqtt script - ansible.builtin.template: + template: src: mpd-volume-to-mqtt.sh dest: /opt/mpd-volume-to-mqtt.sh owner: root @@ -18,7 +18,7 @@ notify: restart mpd-volume-to-mqtt - name: Install mpd-volume-to-mqtt service - ansible.builtin.template: + template: src: mpd-volume-to-mqtt.service dest: /etc/systemd/system/mpd-volume-to-mqtt.service owner: root @@ -27,14 +27,14 @@ notify: restart mpd-volume-to-mqtt - name: Enable mpd-volume-to-mqtt - ansible.builtin.systemd: + systemd: name: mpd-volume-to-mqtt state: started enabled: true daemon_reload: true - name: Clone skipbutton source - ansible.builtin.git: + git: repo: https://github.com/bitlair/skipbutton.git version: master dest: /opt/skipbutton @@ -42,7 +42,7 @@ notify: restart skipbutton - name: Install skipbutton service - ansible.builtin.template: + template: src: skipbutton.service dest: /etc/systemd/system/skipbutton.service owner: root @@ -51,7 +51,7 @@ notify: restart skipbutton - name: Enable skipbutton - ansible.builtin.systemd: + systemd: name: skipbutton state: started enabled: true diff --git a/roles/music/tasks/soundboard.yaml b/roles/music/tasks/soundboard.yaml index 6068976..a7d1f6b 100644 --- a/roles/music/tasks/soundboard.yaml +++ b/roles/music/tasks/soundboard.yaml @@ -1,11 +1,11 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: virtualenv state: present - name: Clone soundboard source - ansible.builtin.git: + git: repo: https://github.com/polyfloyd/mqtt-soundboard.git version: main dest: /opt/soundboard @@ -13,19 +13,17 @@ notify: restart soundboard - name: Create virtualenv - ansible.builtin.command: - cmd: virtualenv /opt/soundboard/.venv + command: virtualenv /opt/soundboard/.venv args: creates: /opt/soundboard/.venv - name: Install Python dependencies - ansible.builtin.shell: - cmd: . .venv/bin/activate && pip install -r requirements.txt + shell: . .venv/bin/activate && pip install -r requirements.txt args: chdir: /opt/soundboard - name: Install soundboard config file - ansible.builtin.template: + template: src: soundboard.yaml dest: /etc/soundboard.yaml owner: root @@ -34,7 +32,7 @@ notify: restart soundboard - name: Install soundboard service file - ansible.builtin.template: + template: src: soundboard.service dest: /etc/systemd/system/soundboard.service owner: root @@ -43,7 +41,7 @@ notify: restart soundboard - name: Enable soundboard - ansible.builtin.systemd: + systemd: name: soundboard state: started enabled: true diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml index 29c544a..4ac9455 100644 --- a/roles/music/tasks/trollibox.yaml +++ b/roles/music/tasks/trollibox.yaml @@ -1,6 +1,6 @@ --- - name: Install Trollibox config - ansible.builtin.template: + template: src: trollibox.yaml dest: /etc/trollibox.yaml owner: root @@ -9,18 +9,16 @@ notify: restart trollibox - name: Get latest Trollibox version from Github API - ansible.builtin.get_url: + get_url: url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest" dest: "/tmp/_ansible_trollibox_latest_release.json" - name: Get download url - ansible.builtin.shell: - cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name - | contains("linux-amd64")) | .browser_download_url -r + shell: cat "/tmp/_ansible_trollibox_latest_release.json" | jq '.assets[] | select(.name | contains("linux-amd64")) | .browser_download_url' -r register: "trollibox_download_url" - name: Download Trollibox - ansible.builtin.unarchive: + unarchive: src: "{{ trollibox_download_url.stdout }}" remote_src: yes dest: /usr/local/bin @@ -29,7 +27,7 @@ notify: restart trollibox - name: Install service file - ansible.builtin.template: + template: src: trollibox.service dest: /etc/systemd/system/trollibox.service owner: root @@ -38,7 +36,7 @@ notify: restart trollibox - name: Enable Trollibox - ansible.builtin.systemd: + systemd: name: trollibox state: started enabled: true diff --git a/roles/photos/handlers/main.yaml b/roles/photos/handlers/main.yaml index 68efaa9..0d76217 100644 --- a/roles/photos/handlers/main.yaml +++ b/roles/photos/handlers/main.yaml @@ -1,12 +1,12 @@ --- - name: restart photo-gallery - ansible.builtin.systemd: + systemd: name: photo-gallery state: restarted daemon_reload: true - name: restart photos2mqtt - ansible.builtin.systemd: + systemd: name: photos2mqtt state: restarted daemon_reload: true diff --git a/roles/photos/tasks/bambulab-fetch.yaml b/roles/photos/tasks/bambulab-fetch.yaml index ef2d351..436c39e 100644 --- a/roles/photos/tasks/bambulab-fetch.yaml +++ b/roles/photos/tasks/bambulab-fetch.yaml @@ -1,10 +1,10 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: curl - name: Install fetch script - ansible.builtin.template: + template: src: bambulab-fetch.sh dest: /opt/bambulab-fetch.sh owner: root @@ -12,7 +12,7 @@ mode: 0755 - name: Install service - ansible.builtin.template: + template: src: bambulab-fetch.service dest: /etc/systemd/system/bambulab-fetch.service owner: root @@ -21,7 +21,7 @@ notify: daemon reload - name: Install timer - ansible.builtin.template: + template: src: bambulab-fetch.timer dest: /etc/systemd/system/bambulab-fetch.timer owner: root @@ -30,7 +30,7 @@ notify: daemon reload - name: Enable timer - ansible.builtin.systemd: + systemd: name: bambulab-fetch state: started enabled: yes diff --git a/roles/photos/tasks/main.yaml b/roles/photos/tasks/main.yaml index f98b174..64ac2da 100644 --- a/roles/photos/tasks/main.yaml +++ b/roles/photos/tasks/main.yaml @@ -1,12 +1,9 @@ --- - tags: photos-gallery - ansible.builtin.import_tasks: - file: photo-gallery.yaml + import_tasks: photo-gallery.yaml - tags: photos-mqtt - ansible.builtin.import_tasks: - file: photos2mqtt.yaml + import_tasks: photos2mqtt.yaml - tags: bambulab-fetch - ansible.builtin.import_tasks: - file: bambulab-fetch.yaml + import_tasks: bambulab-fetch.yaml diff --git a/roles/photos/tasks/photo-gallery.yaml b/roles/photos/tasks/photo-gallery.yaml index 6551040..bfad09c 100644 --- a/roles/photos/tasks/photo-gallery.yaml +++ b/roles/photos/tasks/photo-gallery.yaml @@ -1,10 +1,10 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: [ nodejs, npm, imagemagick, graphicsmagick, ffmpeg ] - name: Clone source - ansible.builtin.git: + git: repo: https://github.com/bitlair/photo-gallery.git version: master dest: /opt/photo-gallery @@ -12,7 +12,7 @@ notify: restart photo-gallery - name: Install photo-gallery config file - ansible.builtin.template: + template: src: photo-gallery-config.json dest: /opt/photo-gallery/config.json owner: root @@ -21,7 +21,7 @@ notify: restart photo-gallery - name: Install photo-gallery service file - ansible.builtin.template: + template: src: photo-gallery.service dest: /etc/systemd/system/photo-gallery.service owner: root @@ -30,7 +30,7 @@ notify: restart photo-gallery - name: Start photo-gallery - ansible.builtin.systemd: + systemd: name: photo-gallery state: started enabled: yes diff --git a/roles/photos/tasks/photos2mqtt.yaml b/roles/photos/tasks/photos2mqtt.yaml index 9f14cff..9b9b453 100644 --- a/roles/photos/tasks/photos2mqtt.yaml +++ b/roles/photos/tasks/photos2mqtt.yaml @@ -1,16 +1,15 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: - make - liblinux-inotify2-perl - name: Install mqtt-simple - ansible.builtin.command: - cmd: cpan Net::MQTT::Simple + command: cpan Net::MQTT::Simple - name: Install photos2mqtt - ansible.builtin.template: + template: src: photos2mqtt.pl dest: /opt/photos2mqtt.pl owner: root @@ -19,7 +18,7 @@ notify: restart photos2mqtt - name: Install photos2mqtt service file - ansible.builtin.template: + template: src: photos2mqtt.service dest: /etc/systemd/system/photos2mqtt.service owner: root @@ -28,7 +27,7 @@ notify: restart photos2mqtt - name: Start photos2mqtt - ansible.builtin.systemd: + systemd: name: photos2mqtt state: started enabled: yes diff --git a/roles/raspi/handlers/main.yaml b/roles/raspi/handlers/main.yaml index e7a11ce..68a75c2 100644 --- a/roles/raspi/handlers/main.yaml +++ b/roles/raspi/handlers/main.yaml @@ -1,3 +1,2 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml diff --git a/roles/raspi/tasks/main.yaml b/roles/raspi/tasks/main.yaml index a787e5c..221f1ab 100644 --- a/roles/raspi/tasks/main.yaml +++ b/roles/raspi/tasks/main.yaml @@ -1,25 +1,24 @@ --- - name: Check whether user pi exists - ansible.builtin.command: - cmd: 'grep ^pi: /etc/passwd' + command: "grep ^pi: /etc/passwd" changed_when: no failed_when: pi_user_check.rc != 0 and pi_user_check.rc != 1 register: pi_user_check - name: Disable default user - ansible.builtin.user: + user: name: pi password: ! when: pi_user_check.stdout_lines|length > 0 - name: Enable sshd - ansible.builtin.systemd: + systemd: name: sshd enabled: yes state: started - name: Rotate display - ansible.builtin.lineinfile: + lineinfile: path: /boot/config.txt line: "display_rotate={{ raspi_rotate_display }} # Managed by Ansible" regexp: "^#?display_rotate" @@ -29,19 +28,18 @@ - name: Disable swap block: - name: Stop swap service - ansible.builtin.systemd: + systemd: name: dphys-swapfile state: stopped enabled: no - name: Remove swap file - ansible.builtin.command: - cmd: dphys-swapfile uninstall + command: dphys-swapfile uninstall args: removes: /var/swap - name: Enable IPv6 SLAAC - ansible.builtin.lineinfile: + lineinfile: path: /etc/dhcpcd.conf line: "slaac hwaddr # Managed by Ansible" regexp: "^#?slaac" diff --git a/roles/services/handlers/main.yaml b/roles/services/handlers/main.yaml index 125fc4d..c51b7bf 100644 --- a/roles/services/handlers/main.yaml +++ b/roles/services/handlers/main.yaml @@ -1,57 +1,56 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml - name: restart irc-bot - ansible.builtin.systemd: + systemd: name: irc-bot state: restarted daemon_reload: true - name: restart irc-photos - ansible.builtin.systemd: + systemd: name: irc-photos state: restarted daemon_reload: true - name: restart irc-doorduino - ansible.builtin.systemd: + systemd: name: irc-doorduino state: restarted daemon_reload: true - name: restart discord-bot - ansible.builtin.systemd: + systemd: name: discord-bot state: restarted daemon_reload: true - name: restart siahsd - ansible.builtin.systemd: + systemd: name: siahsd state: restarted daemon_reload: true - name: restart spacestated - ansible.builtin.systemd: + systemd: name: spacestated state: restarted daemon_reload: true - name: restart mastodon-spacestate - ansible.builtin.systemd: + systemd: name: mastodon-spacestate state: restarted daemon_reload: true - name: restart wifi-mqtt - ansible.builtin.systemd: + systemd: name: wifi-mqtt state: restarted daemon_reload: true - name: restart power-mqtt - ansible.builtin.systemd: + systemd: name: power-mqtt state: restarted daemon_reload: true diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml index 16c20d6..de74de0 100644 --- a/roles/services/tasks/discord_bot.yaml +++ b/roles/services/tasks/discord_bot.yaml @@ -1,25 +1,23 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: - python3-paho-mqtt - python3-tz - virtualenv - name: Create virtualenv - ansible.builtin.command: - cmd: virtualenv /opt/miflora_exporter/.venv + command: virtualenv /opt/miflora_exporter/.venv args: creates: /var/lib/discord-bot/.venv - name: Install Python dependencies - ansible.builtin.shell: - cmd: . .venv/bin/activate && pip install -r requirements.txt + shell: . .venv/bin/activate && pip install -r requirements.txt args: chdir: /var/lib/discord-bot - name: Clone source - ansible.builtin.git: + git: repo: https://github.com/bitlair/discord-bot.git version: main dest: /var/lib/discord-bot @@ -27,7 +25,7 @@ notify: restart discord-bot - name: Install service file - ansible.builtin.template: + template: src: discord-bot.service dest: /etc/systemd/system/discord-bot.service owner: root @@ -36,7 +34,7 @@ notify: restart discord-bot - name: Start discord-bot - ansible.builtin.systemd: + systemd: name: discord-bot state: started enabled: yes diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml index 6d9462a..d71c9d9 100644 --- a/roles/services/tasks/ircbot.yaml +++ b/roles/services/tasks/ircbot.yaml @@ -1,6 +1,6 @@ --- - name: Clone source - ansible.builtin.git: + git: repo: https://github.com/bitlair/irc-bot.git version: master dest: /var/lib/irc-bot @@ -8,13 +8,13 @@ notify: restart irc-bot - name: Link irc-say - ansible.builtin.file: + file: state: link src: /var/lib/irc-bot/irc-say dest: /usr/local/bin/irc-say - name: Install service file - ansible.builtin.template: + template: src: generic.service dest: /etc/systemd/system/irc-bot.service owner: root @@ -26,19 +26,19 @@ notify: restart irc-bot - name: Start irc-bot - ansible.builtin.systemd: + systemd: name: irc-bot state: started enabled: yes daemon_reload: true - name: Create helpers dir - ansible.builtin.file: + file: path: /var/lib/irc-helpers state: directory - name: Install photos notification - ansible.builtin.template: + template: src: irc-photos.sh dest: /var/lib/irc-helpers/photos.sh owner: root @@ -47,7 +47,7 @@ notify: restart irc-photos - name: Install photos notification service - ansible.builtin.template: + template: src: generic.service dest: /etc/systemd/system/irc-photos.service owner: root @@ -60,14 +60,14 @@ notify: restart irc-photos - name: Start irc-photos - ansible.builtin.systemd: + systemd: name: irc-photos state: started enabled: yes daemon_reload: true - name: Install doorduino notification - ansible.builtin.template: + template: src: irc-doorduino.sh dest: /var/lib/irc-helpers/doorduino.sh owner: root @@ -76,7 +76,7 @@ notify: restart irc-doorduino - name: Install doorduino notification service - ansible.builtin.template: + template: src: generic.service dest: /etc/systemd/system/irc-doorduino.service owner: root @@ -89,7 +89,7 @@ notify: restart irc-doorduino - name: Start irc-doorduino - ansible.builtin.systemd: + systemd: name: irc-doorduino state: started enabled: yes diff --git a/roles/services/tasks/main.yaml b/roles/services/tasks/main.yaml index 5f17300..3cc006d 100644 --- a/roles/services/tasks/main.yaml +++ b/roles/services/tasks/main.yaml @@ -1,10 +1,9 @@ --- - tags: services_ircbot - ansible.builtin.import_tasks: - file: ircbot.yaml + import_tasks: ircbot.yaml - tags: services_discord_bot - ansible.builtin.import_tasks: discord_bot.yaml + import_tasks: discord_bot.yaml - tags: services_siahsd import_tasks: siahsd.yaml diff --git a/roles/services/tasks/mastodon_spacestate.yaml b/roles/services/tasks/mastodon_spacestate.yaml index 47886de..b9883dd 100644 --- a/roles/services/tasks/mastodon_spacestate.yaml +++ b/roles/services/tasks/mastodon_spacestate.yaml @@ -1,12 +1,12 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: - python3-mastodon - python3-paho-mqtt - name: Clone source - ansible.builtin.git: + git: repo: https://github.com/bitlair/mastodon-spacestate.git version: main dest: /var/lib/mastodon-spacestate @@ -14,7 +14,7 @@ notify: restart mastodon-spacestate - name: Install config - ansible.builtin.template: + template: src: mastodon-spacestate-config.py dest: /var/lib/mastodon-spacestate/config.py owner: root @@ -23,7 +23,7 @@ notify: restart mastodon-spacestate - name: Install service file - ansible.builtin.template: + template: src: mastodon-spacestate.service dest: /etc/systemd/system/mastodon-spacestate.service owner: root @@ -32,7 +32,7 @@ notify: restart mastodon-spacestate - name: Start mastodon-spacestate - ansible.builtin.systemd: + systemd: name: mastodon-spacestate state: started enabled: yes diff --git a/roles/services/tasks/power_mqtt.yaml b/roles/services/tasks/power_mqtt.yaml index 3cc3e0f..a3adc3c 100644 --- a/roles/services/tasks/power_mqtt.yaml +++ b/roles/services/tasks/power_mqtt.yaml @@ -1,10 +1,10 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: [python3-paho-mqtt, python3-requests] - name: Install power-mqtt - ansible.builtin.template: + template: src: power-mqtt.py dest: /var/lib/power-mqtt.py owner: root @@ -13,12 +13,12 @@ notify: restart power-mqtt - name: Remove old service - ansible.builtin.file: + file: path: /etc/systemd/system/power-mqtt.service state: absent - name: Install power-mqtt service - ansible.builtin.template: + template: src: generic.service dest: /etc/systemd/system/power-mqtt@.service owner: root @@ -30,7 +30,7 @@ notify: restart power-mqtt@ - name: Enable power-mqtt - ansible.builtin.systemd: + systemd: name: "power-mqtt@{{ item.net }}/{{ item.ip }}" state: started enabled: yes diff --git a/roles/services/tasks/siahsd.yaml b/roles/services/tasks/siahsd.yaml index 2d924c8..136c216 100644 --- a/roles/services/tasks/siahsd.yaml +++ b/roles/services/tasks/siahsd.yaml @@ -2,7 +2,7 @@ # TODO: Install and build - name: Create directories - ansible.builtin.file: + file: path: "{{ item }}" state: directory owner: siahsd @@ -12,7 +12,7 @@ - /var/lib/siahsd - name: Install config file - ansible.builtin.template: + template: src: siahsd.conf dest: /etc/siahsd.conf owner: root @@ -21,7 +21,7 @@ notify: restart siahsd - name: Install service file - ansible.builtin.template: + template: src: siahsd.service dest: /etc/systemd/system/siahsd.service owner: root @@ -30,14 +30,14 @@ notify: restart siahsd - name: Start siahsd - ansible.builtin.systemd: + systemd: name: siahsd state: started enabled: yes daemon_reload: true - name: Allow siahsd traffic - ansible.builtin.iptables: + iptables: chain: INPUT protocol: udp destination_port: "4000" diff --git a/roles/services/tasks/spacestated.yaml b/roles/services/tasks/spacestated.yaml index 7c00bfd..ca948f9 100644 --- a/roles/services/tasks/spacestated.yaml +++ b/roles/services/tasks/spacestated.yaml @@ -1,25 +1,24 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: - php-cli - php-snmp - make - name: Install mqtt-simple - ansible.builtin.command: - cmd: cpan Net::MQTT::Simple + command: cpan Net::MQTT::Simple - name: Add user - ansible.builtin.user: + user: name: spacestated home: /var/lib/spacestated generate_ssh_key: yes ssh_key_type: ed25519 - name: Clone source - ansible.builtin.git: + git: repo: https://github.com/bitlair/spacestated.git version: main dest: /var/lib/spacestated/spacestated @@ -27,7 +26,7 @@ notify: restart spacestated - name: Install service file - ansible.builtin.template: + template: src: spacestated.service dest: /etc/systemd/system/spacestated.service owner: root @@ -36,7 +35,7 @@ notify: restart spacestated - name: Start spacestated - ansible.builtin.systemd: + systemd: name: spacestated state: started enabled: yes diff --git a/roles/services/tasks/wifi_mqtt.yaml b/roles/services/tasks/wifi_mqtt.yaml index 4c76f05..f1f7b26 100644 --- a/roles/services/tasks/wifi_mqtt.yaml +++ b/roles/services/tasks/wifi_mqtt.yaml @@ -1,6 +1,6 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: - php-cli - php-snmp diff --git a/roles/www/handlers/main.yaml b/roles/www/handlers/main.yaml index d5296b9..7e58ba4 100644 --- a/roles/www/handlers/main.yaml +++ b/roles/www/handlers/main.yaml @@ -1,14 +1,13 @@ --- -- ansible.builtin.import_tasks: - file: ../../common/handlers/main.yaml +- import_tasks: ../../common/handlers/main.yaml - name: restart spaceapi - ansible.builtin.systemd: + systemd: name: spaceapi state: restarted daemon_reload: true - name: restart mqtt2web - ansible.builtin.systemd: + systemd: name: mqtt2web state: restarted diff --git a/roles/www/tasks/calendar.yaml b/roles/www/tasks/calendar.yaml index f6513a8..ea1a1f2 100644 --- a/roles/www/tasks/calendar.yaml +++ b/roles/www/tasks/calendar.yaml @@ -1,22 +1,22 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: [ python3-requests, python3-icalendar ] - name: Clone source - ansible.builtin.git: + git: repo: https://github.com/bitlair/calendar-parser.git version: main dest: /usr/local/src/bitlair-calendar accept_hostkey: yes - name: Create user - ansible.builtin.user: + user: name: bitlair-calendar home: /var/lib/bitlair-calendar - name: Install cronjob - ansible.builtin.template: + template: src: calendar.cron dest: /etc/cron.d/bitlair-calendar owner: root diff --git a/roles/www/tasks/main.yaml b/roles/www/tasks/main.yaml index 114218a..f15f9e5 100644 --- a/roles/www/tasks/main.yaml +++ b/roles/www/tasks/main.yaml @@ -1,16 +1,12 @@ --- - tags: www_calendar - ansible.builtin.import_tasks: - file: calendar.yaml + import_tasks: calendar.yaml - tags: www_mediawiki - ansible.builtin.import_tasks: - file: mediawiki.yaml + import_tasks: mediawiki.yaml - tags: www_mqtt - ansible.builtin.import_tasks: - file: mqtt.yaml + import_tasks: mqtt.yaml - tags: www_spaceapi - ansible.builtin.import_tasks: - file: spaceapi.yaml + import_tasks: spaceapi.yaml diff --git a/roles/www/tasks/mediawiki.yaml b/roles/www/tasks/mediawiki.yaml index 52dfccf..b6b542f 100644 --- a/roles/www/tasks/mediawiki.yaml +++ b/roles/www/tasks/mediawiki.yaml @@ -1,14 +1,13 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: php-fpm state: present -- ansible.builtin.import_tasks: - file: ../../../snippets/common-nginx.yaml +- import_tasks: ../../../snippets/common-nginx.yaml - name: Install security.txt - ansible.builtin.template: + template: src: security.txt dest: /opt/security.txt owner: root @@ -16,7 +15,7 @@ mode: 0644 - name: Allow HTTP/HTTPS - ansible.builtin.iptables: + iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" diff --git a/roles/www/tasks/mqtt.yaml b/roles/www/tasks/mqtt.yaml index 88fa7f9..3f8b4ab 100644 --- a/roles/www/tasks/mqtt.yaml +++ b/roles/www/tasks/mqtt.yaml @@ -1,13 +1,13 @@ --- - name: Install dependencies - ansible.builtin.apt: + apt: name: - libjson-xs-perl - liblinux-epoll-perl - mosquitto - name: Allow MQTT - ansible.builtin.iptables: + iptables: chain: INPUT protocol: tcp destination_port: "{{ item.port }}" @@ -21,11 +21,10 @@ notify: persist iptables - name: Install mqtt-simple - ansible.builtin.command: - cmd: cpan Net::MQTT::Simple + command: cpan Net::MQTT::Simple - name: Clone mqtt2web source - ansible.builtin.git: + git: repo: https://github.com/bitlair/mqtt2web.git version: master dest: /opt/mqtt2web @@ -33,7 +32,7 @@ notify: restart mqtt2web - name: Install mqtt2web service file - ansible.builtin.template: + template: src: mqtt2web.service dest: /etc/systemd/system/mqtt2web.service owner: root @@ -43,10 +42,10 @@ - daemon reload - restart mqtt2web -- ansible.builtin.meta: flush_handlers +- meta: flush_handlers - name: Enable mqtt2web - ansible.builtin.systemd: + systemd: name: mqtt2web state: started enabled: true diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml index a819839..c08ff73 100644 --- a/roles/www/tasks/spaceapi.yaml +++ b/roles/www/tasks/spaceapi.yaml @@ -1,6 +1,6 @@ --- - name: Clone spaceapi source - ansible.builtin.git: + git: repo: https://github.com/bitlair/spaceapi.git version: main dest: /opt/spaceapi @@ -8,7 +8,7 @@ notify: restart spaceapi - name: Install spaceapi service file - ansible.builtin.template: + template: src: spaceapi.service dest: /etc/systemd/system/spaceapi.service owner: root @@ -17,7 +17,7 @@ notify: restart spaceapi - name: Enable spaceapi - ansible.builtin.systemd: + systemd: name: spaceapi state: started enabled: true diff --git a/services.yaml b/services.yaml index 2a1bd65..5bbd959 100644 --- a/services.yaml +++ b/services.yaml @@ -1,6 +1,6 @@ --- - - hosts: services roles: - common + - common-bitlair - services diff --git a/site.yaml b/site.yaml deleted file mode 120000 index 43fe4bb..0000000 --- a/site.yaml +++ /dev/null @@ -1 +0,0 @@ -bitlair.yaml \ No newline at end of file diff --git a/www.yaml b/www.yaml index 6a66f2d..4ee6399 100644 --- a/www.yaml +++ b/www.yaml @@ -1,7 +1,7 @@ --- - - hosts: wiki roles: - common + - common-bitlair - acme - www