ansible-lint
This commit is contained in:
parent
8a0bf70474
commit
3f9c37c08f
@ -1,40 +1,39 @@
|
||||
---
|
||||
- name: Install shit
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Std Repo stuff
|
||||
apt:
|
||||
update_cache: true
|
||||
name:
|
||||
- vim
|
||||
- curl
|
||||
- wget
|
||||
- sudo
|
||||
- net-tools
|
||||
- nmap
|
||||
- python3-pip
|
||||
- python3-passlib
|
||||
- vnstat
|
||||
- chrony
|
||||
- name: Enable VNStat service
|
||||
service:
|
||||
name: vnstat
|
||||
enabled: yes
|
||||
state: started
|
||||
- name: Enable Chrony (NTP) service
|
||||
service:
|
||||
name: chrony
|
||||
enabled: yes
|
||||
state: started
|
||||
- name: Std Repo stuff
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
name:
|
||||
- vim
|
||||
- curl
|
||||
- wget
|
||||
- sudo
|
||||
- net-tools
|
||||
- nmap
|
||||
- python3-pip
|
||||
- python3-passlib
|
||||
- vnstat
|
||||
- chrony
|
||||
- name: Enable VNStat service
|
||||
ansible.builtin.service:
|
||||
name: vnstat
|
||||
enabled: true
|
||||
state: started
|
||||
- name: Enable Chrony (NTP) service
|
||||
ansible.builtin.service:
|
||||
name: chrony
|
||||
enabled: true
|
||||
state: started
|
||||
- name: Sysctl
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: disable dmesg logging to console
|
||||
sysctl:
|
||||
- name: Disable dmesg logging to console
|
||||
ansible.posix.sysctl:
|
||||
name: kernel.printk
|
||||
value: '3 4 1 3'
|
||||
state: present
|
||||
sysctl_set: yes
|
||||
sysctl_set: true
|
||||
- name: Add users
|
||||
hosts: all
|
||||
vars:
|
||||
@ -45,58 +44,65 @@
|
||||
- midou
|
||||
- ansiblerunner
|
||||
password: d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db
|
||||
|
||||
tasks:
|
||||
- name: bashrc skel
|
||||
template:
|
||||
- name: Bashrc skel
|
||||
ansible.builtin.template:
|
||||
src: templates/bashrc.j2
|
||||
dest: /etc/skel/.bashrc
|
||||
- name: profile skel
|
||||
template:
|
||||
mode: preserve
|
||||
- name: Profile skel
|
||||
ansible.builtin.template:
|
||||
src: templates/profile.j2
|
||||
dest: /etc/skel/.profile
|
||||
- name: bash_aliases skel
|
||||
template:
|
||||
mode: preserve
|
||||
- name: Bash_aliases skel
|
||||
ansible.builtin.template:
|
||||
src: templates/bash_aliases.j2
|
||||
dest: /etc/skel/.bash_aliases
|
||||
- name: prompt skel
|
||||
template:
|
||||
mode: preserve
|
||||
- name: Prompt skel
|
||||
ansible.builtin.template:
|
||||
src: templates/prompt.j2
|
||||
dest: /etc/skel/.prompt
|
||||
- name: bashrc root
|
||||
template:
|
||||
mode: preserve
|
||||
- name: Bashrc root
|
||||
ansible.builtin.template:
|
||||
src: templates/bashrc.j2
|
||||
dest: /root/.bashrc
|
||||
- name: profile root
|
||||
template:
|
||||
mode: preserve
|
||||
- name: Profile root
|
||||
ansible.builtin.template:
|
||||
src: templates/profile.j2
|
||||
dest: /root/.profile
|
||||
- name: bash_aliases root
|
||||
template:
|
||||
mode: preserve
|
||||
- name: Bash_aliases root
|
||||
ansible.builtin.template:
|
||||
src: templates/bash_aliases.j2
|
||||
dest: /root/.bash_aliases
|
||||
- name: prompt root
|
||||
template:
|
||||
mode: preserve
|
||||
- name: Prompt root
|
||||
ansible.builtin.template:
|
||||
src: templates/prompt.j2
|
||||
dest: /root/.prompt
|
||||
mode: preserve
|
||||
- name: Add user
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
name: "{{ item }}"
|
||||
group: users
|
||||
groups: users,sudo
|
||||
password: "{{ password }}"
|
||||
shell: /bin/bash
|
||||
update_password: on_create # Add the same initial password for all users (can be overwritten by user)
|
||||
with_items:
|
||||
with_items:
|
||||
- "{{ users }}"
|
||||
- name: "Add authorized keys"
|
||||
authorized_key:
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item }}"
|
||||
key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
|
||||
key: "{{ lookup('file', 'files/' + item + '.pub') }}"
|
||||
with_items:
|
||||
- "{{ users }}"
|
||||
- name: "Allow admin users to sudo without a password"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
dest: "/etc/sudoers" # path: in version 2.3
|
||||
state: "present"
|
||||
regexp: "^%sudo"
|
||||
@ -111,25 +117,28 @@
|
||||
- midou
|
||||
tasks:
|
||||
- name: Add extra authorized_key for soleil
|
||||
authorized_key:
|
||||
user: "{{item}}"
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item }}"
|
||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCn7RsO05kXSKBBopwzAri/MfhRwA+iuB1X96jQl0rhYvGmYVZLi0CPyXzE2laL5tRiyXYsIgHTVCfsn+CF+ilFXBa+xLcJ9Yau/SjtnZASixljeZuy0o3aTdl/IqcOcLVCdDaatuzOXFTjZCE+r67FqxFcaw9lzWi7QjtE1j8ar5+qo278XWWltYogxccHXBXqDr2chz95Ye0lAEIWp0LOgkSYjVNNKaAc7Y6kwr7SlwKMdlfbY6WPOyRQX5l1rnpU6Cw4mRf+l06+drpkGFIll3dulm0CNIoXYVy3W5Hr+C0Z6FT0bqZP1NuG1bDWTlwbMD3jIfBqhTI3V7oL5EvHCh3KsHfE7bS97F7MoeNx1xZrj2zIbkakdsxvm5oXra2RXpLbQXEzZDntGYoPaJT70yvnBSpxNDtzhUzZKwlTZIGN3LU/9USfmVTphZAR7l/BmT+j64eUZevuy3ht6iQQigkmi6KwXySXlUuUq2pXwTA/Dq1er3NclwTwT+v1QJ8= user@CoreVM"
|
||||
with_items:
|
||||
- "{{users}}"
|
||||
- "{{ users }}"
|
||||
- name: Configure SSHD
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: sshd configuration file update
|
||||
template:
|
||||
- name: Sshd configuration file update
|
||||
ansible.builtin.template:
|
||||
src: templates/sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config
|
||||
backup: yes
|
||||
backup: true
|
||||
owner: 0
|
||||
group: 0
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
validate: '/usr/sbin/sshd -T -f %s'
|
||||
notify:
|
||||
- restart sshd
|
||||
handlers:
|
||||
- name: restart sshd
|
||||
service: name=sshd state=restarted
|
||||
- name: Restart sshd
|
||||
ansible.builtin.service:
|
||||
name: sshd
|
||||
enabled: true
|
||||
state: restarted
|
||||
|
@ -7,31 +7,31 @@ all:
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: yes # Run everything as root
|
||||
ansible_become: true # Run everything as root
|
||||
docker:
|
||||
ansible_host: docker.vpn.projectsegfau.lt
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: yes # Run everything as root
|
||||
ansible_become: true # Run everything as root
|
||||
lxc:
|
||||
ansible_host: lxc.vpn.projectsegfau.lt
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: yes # Run everything as root
|
||||
ansible_become: true # Run everything as root
|
||||
db:
|
||||
ansible_host: db.vpn.projectsegfau.lt
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: yes # Run everything as root
|
||||
ansible_become: true # Run everything as root
|
||||
backwards:
|
||||
ansible_host: backwards.vpn.projectsegfau.lt
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: yes # Run everything as root
|
||||
ansible_become: true # Run everything as root
|
||||
privfrontends:
|
||||
hosts:
|
||||
eu:
|
||||
@ -39,7 +39,7 @@ all:
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 222
|
||||
port: 222
|
||||
ansible_become: yes # Run everything as root
|
||||
ansible_become: true # Run everything as root
|
||||
caddy_extras_config: templates/1-extras.Caddyfile
|
||||
country: Luxembourg
|
||||
isp: BuyVM
|
||||
@ -50,7 +50,7 @@ all:
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: yes # Run everything as root
|
||||
ansible_become: true # Run everything as root
|
||||
caddy_extras_config: templates/2-extras.Caddyfile
|
||||
country: United States
|
||||
isp: Digital Ocean
|
||||
@ -61,7 +61,7 @@ all:
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: yes # Run everything as root
|
||||
ansible_become: true # Run everything as root
|
||||
caddy_extras_config: templates/3-extras.Caddyfile
|
||||
country: India
|
||||
isp: Bharti Airtel
|
||||
@ -74,4 +74,4 @@ all:
|
||||
ansible_user: ansiblerunner
|
||||
ansible_port: 22
|
||||
port: 22
|
||||
ansible_become: yes # Run everything as root
|
||||
ansible_become: true # Run everything as root
|
||||
|
@ -1,47 +1,52 @@
|
||||
---
|
||||
- name: Create directory for service
|
||||
file:
|
||||
path: /opt/docker/{{item}}
|
||||
ansible.builtin.file:
|
||||
path: /opt/docker/{{ item }}
|
||||
state: directory
|
||||
mode: "0755"
|
||||
tags: docker
|
||||
|
||||
- name: Copy docker-compose templates for the service
|
||||
template:
|
||||
src: ./compose/{{item}}/compose.yml.j2
|
||||
dest: /opt/docker/{{item}}/compose.yml
|
||||
backup: yes
|
||||
ansible.builtin.template:
|
||||
src: ./compose/{{ item }}/compose.yml.j2
|
||||
dest: /opt/docker/{{ item }}/compose.yml
|
||||
backup: true
|
||||
mode: preserve
|
||||
register: check_status
|
||||
tags: docker
|
||||
|
||||
- name: check if extras file exists for the service
|
||||
local_action: stat path=./compose/{{item}}/extras.conf.j2
|
||||
- name: Check if extras file exists for the service
|
||||
delegate_to: localhost
|
||||
ansible.builtin.stat:
|
||||
path: ./compose/{{ item }}/extras.conf.j2
|
||||
register: file
|
||||
tags: docker
|
||||
|
||||
- name: Copy extras file
|
||||
template:
|
||||
src: ./compose/{{item}}/extras.conf.j2
|
||||
dest: /opt/docker/{{item}}/extras.conf
|
||||
backup: yes
|
||||
ansible.builtin.template:
|
||||
src: ./compose/{{ item }}/extras.conf.j2
|
||||
dest: /opt/docker/{{ item }}/extras.conf
|
||||
backup: true
|
||||
mode: preserve
|
||||
when: file.stat.exists
|
||||
tags: docker
|
||||
|
||||
- name: "Update docker service image"
|
||||
command:
|
||||
ansible.builtin.command:
|
||||
chdir: "/opt/docker/{{ item }}"
|
||||
cmd: docker compose pull
|
||||
when: check_status.changed
|
||||
tags: docker
|
||||
|
||||
- name: "Stop docker service"
|
||||
command:
|
||||
ansible.builtin.command:
|
||||
chdir: "/opt/docker/{{ item }}"
|
||||
cmd: docker compose down
|
||||
when: check_status.changed
|
||||
tags: docker
|
||||
|
||||
- name: "Start docker service"
|
||||
command:
|
||||
ansible.builtin.command:
|
||||
chdir: "/opt/docker/{{ item }}"
|
||||
cmd: docker compose up -d --build --remove-orphans
|
||||
when: check_status.changed
|
||||
|
@ -13,20 +13,22 @@
|
||||
tasks:
|
||||
# This is run again so config still updates even if i dont run the role which isnt needed most of the time
|
||||
- name: Copy Caddyfile
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: ./templates/Caddyfile.j2
|
||||
dest: /etc/caddy/Caddyfile
|
||||
mode: preserve
|
||||
tags: caddy-non-update
|
||||
- name: Copy per-server caddy extras
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: "./templates/{{ inventory_hostname }}/"
|
||||
dest: /etc/caddy/
|
||||
directory_mode: true
|
||||
mode: preserve
|
||||
tags: caddy-non-update
|
||||
- name: Reload Caddy
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: caddy
|
||||
enabled: yes
|
||||
enabled: true
|
||||
state: reloaded
|
||||
tags: caddy-non-update
|
||||
- name: Setup docker compose for privacy frontends
|
||||
@ -34,11 +36,9 @@
|
||||
vars:
|
||||
docker_services:
|
||||
- anonymousoverflow
|
||||
#- beatbump
|
||||
- breezewiki
|
||||
- gothub
|
||||
- gothub-dev
|
||||
#- invidious
|
||||
- librarian
|
||||
- libreddit
|
||||
- nitter
|
||||
@ -48,20 +48,23 @@
|
||||
- simplytranslate
|
||||
- teddit
|
||||
- watchtower
|
||||
non_pizza_docker_services:
|
||||
#- piped
|
||||
- searxng
|
||||
tasks:
|
||||
#
|
||||
# community.docker does not support compose 2.0 right now.
|
||||
# https://github.com/ansible-collections/community.docker/issues/216
|
||||
#
|
||||
- name: Update docker compose files and restart those with changes
|
||||
include_tasks: docker-tasks.yaml
|
||||
ansible.builtin.include_tasks: docker-tasks.yaml
|
||||
with_items: "{{ docker_services }}"
|
||||
tags: docker
|
||||
- name: Setup docker compose for privacy frontends (non-pizza1)
|
||||
hosts: in,us
|
||||
vars:
|
||||
non_pizza_docker_services:
|
||||
- searxng
|
||||
tasks:
|
||||
# community.docker does not support compose 2.0 right now.
|
||||
# https://github.com/ansible-collections/community.docker/issues/216
|
||||
- name: Update docker compose files and restart those with changes (Privacy Frontends but without Pizza1)
|
||||
include_tasks: docker-tasks.yaml
|
||||
ansible.builtin.include_tasks: docker-tasks.yaml
|
||||
with_items: "{{ non_pizza_docker_services }}"
|
||||
tags: docker
|
||||
|
||||
@ -69,14 +72,14 @@
|
||||
hosts: privfrontends
|
||||
tasks:
|
||||
- name: Restart invidious every hour
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: "hourly invidious restart"
|
||||
special_time: hourly
|
||||
job: "docker restart invidious-invidious-1 && curl https://healthchecks.projectsegfau.lt/ping/{{invidious_hc_uuid}}"
|
||||
job: "docker restart invidious-invidious-1 && curl https://healthchecks.projectsegfau.lt/ping/{{ invidious_hc_uuid }}"
|
||||
tags: cron
|
||||
- name: Restart teddit every hour
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: "hourly teddit restart"
|
||||
special_time: hourly
|
||||
job: "docker restart teddit && curl https://healthchecks.projectsegfau.lt/ping/{{teddit_hc_uuid}}"
|
||||
job: "docker restart teddit && curl https://healthchecks.projectsegfau.lt/ping/{{ teddit_hc_uuid }}"
|
||||
tags: cron
|
||||
|
@ -1,5 +1,3 @@
|
||||
---
|
||||
|
||||
- src: git+https://github.com/caddy-ansible/caddy-ansible.git
|
||||
version: v3.2.0
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user