diff --git a/bank.yaml b/bank.yaml index 43c92b7..dd84606 100644 --- a/bank.yaml +++ b/bank.yaml @@ -3,6 +3,7 @@ - hosts: bank roles: - common + - common-bitlair - bank vars: bank_revbank_git: https://github.com/bitlair/revbank.git diff --git a/bar.yaml b/bar.yaml index 5752cc3..32e4465 100644 --- a/bar.yaml +++ b/bar.yaml @@ -5,5 +5,5 @@ raspi_rotate_display: "2" roles: - raspi - - common + - common-bitlair - bank-terminal diff --git a/common.yaml b/common.yaml index 3fe0c41..fc949b9 100644 --- a/common.yaml +++ b/common.yaml @@ -3,3 +3,4 @@ - hosts: debian roles: - common + - common-bitlair diff --git a/fotos.yaml b/fotos.yaml index f0edd7b..99f871c 100644 --- a/fotos.yaml +++ b/fotos.yaml @@ -3,4 +3,5 @@ - hosts: fotos roles: - common + - common-bitlair - photos diff --git a/git-ci.yaml b/git-ci.yaml index fa9f7b7..07982f4 100644 --- a/git-ci.yaml +++ b/git-ci.yaml @@ -3,4 +3,5 @@ - hosts: git-ci roles: - common + - common-bitlair - git-ci diff --git a/git.yaml b/git.yaml index 2161a4c..2a5ae7e 100644 --- a/git.yaml +++ b/git.yaml @@ -3,5 +3,6 @@ - hosts: git roles: - common + - common-bitlair - acme - git-server diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 9d1acdc..c7e8965 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -1,5 +1,3 @@ ---- - is_vm: true ansible_user: root @@ -33,7 +31,3 @@ root_access: mqtt_internal_host: mqtt.bitlair.nl mqtt_public_host: bitlair.nl - -debian_repourl: "http://deb.debian.org/debian/" -debian_securityurl: "http://security.debian.org/debian-security" - diff --git a/inventory b/inventory index 7e430e1..692594a 100644 --- a/inventory +++ b/inventory @@ -6,49 +6,15 @@ bank-pi.bitlair.nl [kvm] kvm4.bitlair.nl -[bank] +[debian] bank.bitlair.nl - -[fotos] blockchain.bitlair.nl - -[git] git.bitlair.nl - -[git-ci] git-ci.bitlair.nl - -[pad] pad.bitlair.nl - -[lights] lights.bitlair.nl - -[mqtt] mqtt.bitlair.nl - -[monitoring] dashboard.bitlair.nl - -[music] music.bitlair.nl - -[services] service.bitlair.nl - -[wiki] wiki.bitlair.nl - -[debian:children] -bank -fotos -git -git-ci -pad -lights -mqtt -monitoring -music -services -wiki - diff --git a/monitoring.yaml b/monitoring.yaml index 9ad8623..e8c3e78 100644 --- a/monitoring.yaml +++ b/monitoring.yaml @@ -3,5 +3,6 @@ - hosts: monitoring roles: - common + - common-bitlair - acme - monitoring diff --git a/mqtt-internal.yaml b/mqtt-internal.yaml index 1e941f8..84297ef 100644 --- a/mqtt-internal.yaml +++ b/mqtt-internal.yaml @@ -3,4 +3,5 @@ - hosts: mqtt_internal roles: - common + - common-bitlair - mqtt-internal diff --git a/music.yaml b/music.yaml index d12226c..1c2431d 100644 --- a/music.yaml +++ b/music.yaml @@ -3,6 +3,7 @@ - hosts: music roles: - common + - common-bitlair - acme - go - music diff --git a/pad.yaml b/pad.yaml index 90d227e..d9f6f3e 100644 --- a/pad.yaml +++ b/pad.yaml @@ -6,5 +6,6 @@ - [ pad.bitlair.nl ] roles: - common + - common-bitlair - acme - etherpad diff --git a/roles/common-bitlair/tasks/main.yaml b/roles/common-bitlair/tasks/main.yaml new file mode 100644 index 0000000..78845a3 --- /dev/null +++ b/roles/common-bitlair/tasks/main.yaml @@ -0,0 +1,8 @@ +--- +- name: Update authorized_keys + ansible.builtin.template: + src: authorized_keys.j2 + dest: /root/.ssh/authorized_keys + mode: 0600 + when: root_access is defined and root_access + tags: authorized_keys diff --git a/roles/common/templates/authorized_keys.j2 b/roles/common-bitlair/templates/authorized_keys.j2 similarity index 100% rename from roles/common/templates/authorized_keys.j2 rename to roles/common-bitlair/templates/authorized_keys.j2 diff --git a/roles/common/tasks/apt-minimal.yaml b/roles/common/tasks/apt-minimal.yaml index 5fbbaa0..c8e01d8 100644 --- a/roles/common/tasks/apt-minimal.yaml +++ b/roles/common/tasks/apt-minimal.yaml @@ -1,5 +1,4 @@ --- - - name: Configure auto-upgrades ansible.builtin.template: src: apt-minimal diff --git a/roles/common/tasks/debian-backports.yaml b/roles/common/tasks/debian-backports.yaml new file mode 100644 index 0000000..87f178d --- /dev/null +++ b/roles/common/tasks/debian-backports.yaml @@ -0,0 +1,11 @@ +--- +- name: Install backports source list + ansible.builtin.template: + src: backports-source.list + dest: /etc/apt/sources.list.d/backports.list + owner: root + group: root + mode: 0644 + notify: apt update + +- ansible.builtin.meta: flush_handlers diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml index 3ff5041..abc0ae9 100644 --- a/roles/common/tasks/debian-upgrade.yaml +++ b/roles/common/tasks/debian-upgrade.yaml @@ -1,5 +1,4 @@ --- - - name: Install source list ansible.builtin.template: src: stable-sources.list diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml index b66b565..2fcb2b4 100644 --- a/roles/common/tasks/main.yaml +++ b/roles/common/tasks/main.yaml @@ -6,38 +6,20 @@ when: ansible_facts['distribution_release'] != "bookworm" tags: [ debian-upgrade, never ] -- name: Apt config and sources.list - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode | default('0644') }}" - owner: "{{ item.owner | default('root') }}" - group: "{{ item.group | default('root') }}" - with_items: - - { src: "apt.conf.j2", dest: "/etc/apt/apt.conf" } - - { src: "sources.list.j2", dest: "/etc/apt/sources.list" } - when: - - ansible_os_family == "Debian" - tags: - - sourceslist +- name: Import debian-backports.yaml + ansible.builtin.import_tasks: + file: debian-backports.yaml -- name: Import unattended-updates + tags: debian_backports + +- tags: unattended_updates ansible.builtin.import_tasks: file: unattended-updates.yaml - tags: unattended_updates - tags: apt-minimal ansible.builtin.import_tasks: file: apt-minimal.yaml -- name: Update authorized_keys - ansible.builtin.template: - src: authorized_keys.j2 - dest: /root/.ssh/authorized_keys - mode: 0600 - when: root_access is defined and root_access - tags: authorized_keys - - tags: network ansible.builtin.import_tasks: file: network.yaml diff --git a/roles/common/tasks/node-exporter.yaml b/roles/common/tasks/node-exporter.yaml index 675e33c..c496429 100644 --- a/roles/common/tasks/node-exporter.yaml +++ b/roles/common/tasks/node-exporter.yaml @@ -1,5 +1,4 @@ --- - - name: Install node-exporter ansible.builtin.apt: name: prometheus-node-exporter diff --git a/roles/common/templates/apt.conf.j2 b/roles/common/templates/apt.conf.j2 deleted file mode 100644 index 714bac0..0000000 --- a/roles/common/templates/apt.conf.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# {{ ansible_managed }} - -{% if proxy_host is defined and proxy_host != "" %} -Acquire::http::Proxy "http://{{ proxy_host }}:{{ proxy_port }}/"; -{% endif %} - -# Don't download translation-files -Acquire::Languages "none"; diff --git a/roles/common/templates/backports-source.list b/roles/common/templates/backports-source.list new file mode 100644 index 0000000..dd30928 --- /dev/null +++ b/roles/common/templates/backports-source.list @@ -0,0 +1,4 @@ +# Managed by Ansible + +deb http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main +deb-src http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main diff --git a/roles/common/templates/sources.list.j2 b/roles/common/templates/sources.list.j2 deleted file mode 100644 index 9aac632..0000000 --- a/roles/common/templates/sources.list.j2 +++ /dev/null @@ -1,24 +0,0 @@ -# {{ ansible_managed }} - -{% if debian_source_repos|default(false) %} -{% set SRC = "" %} -{% else %} -{% set SRC = "# " %} -{% endif %} -{% set components = "main contrib non-free-firmware" %} - -deb {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }} -{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }} -# -# Updates -deb {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }} -{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }} -# -# Backports -deb {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }} -{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }} -# -# Security patches -deb {{ debian_securityurl }} {{ ansible_distribution_release }}-security {{ components }} -{{ SRC }}deb-src {{ debian_securityurl }} {{ ansible_distribution_release }}-security main contrib non- free - diff --git a/roles/common/templates/stable-sources.list b/roles/common/templates/stable-sources.list new file mode 100644 index 0000000..95c2f9a --- /dev/null +++ b/roles/common/templates/stable-sources.list @@ -0,0 +1,8 @@ +deb http://deb.debian.org/debian bookworm main non-free-firmware +deb-src http://deb.debian.org/debian bookworm main non-free-firmware + +deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware +deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware + +deb http://deb.debian.org/debian bookworm-updates main non-free-firmware +deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware diff --git a/services.yaml b/services.yaml index 2a1bd65..af77daf 100644 --- a/services.yaml +++ b/services.yaml @@ -3,4 +3,5 @@ - hosts: services roles: - common + - common-bitlair - services diff --git a/www.yaml b/www.yaml index 6a66f2d..f912d15 100644 --- a/www.yaml +++ b/www.yaml @@ -3,5 +3,6 @@ - hosts: wiki roles: - common + - common-bitlair - acme - www