sonny/common-ansible
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Style changes

Browse source
This commit is contained in:
Sonny Bakker 2021-02-01 21:16:53 +01:00
parent 4296823b3f
commit 248b921cb4
9 changed files with 82 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

26
defaults/main.yml
View file

@ -1,3 +1,29 @@
poetry_url: 'https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py' poetry_url: 'https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py'
poetry_user: "{{ ansible_user | default(lookup('env', 'USER'), True) }}" poetry_user: "{{ ansible_user | default(lookup('env', 'USER'), True) }}"
poetry_dir: '{{ ansible_env.HOME }}/.poetry' poetry_dir: '{{ ansible_env.HOME }}/.poetry'
common_packages:
- acl
- man
- apt-transport-https
- ca-certificates
- software-properties-common
- policykit-1
- libpolkit-agent-1-0
- nftables
- openssh-client
- bash-completion
- git
- vim
- curl
- tree
- haveged
- rsync
ssl_packages:
- python3-openssl
- python3-crypto
- python3-cryptography
- python-openssl
- python-crypto
- python-cryptography

60
handlers/main.yml
View file

@ -1,79 +1,79 @@
- name: reload ssh - name: reload ssh
become: yes become: true
systemd: systemd:
name: ssh name: ssh
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true
- name: restart nftables - name: restart nftables
become: yes become: true
systemd: systemd:
name: nftables name: nftables
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true
- name: restart nginx - name: restart nginx
become: yes become: true
systemd: systemd:
name: nginx name: nginx
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true
- name: restart docker - name: restart docker
become: yes become: true
systemd: systemd:
name: docker name: docker
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true
- name: restart rabbitmq - name: restart rabbitmq
become: yes become: true
systemd: systemd:
name: rabbitmq-server name: rabbitmq-server
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true
- name: restart memcached - name: restart memcached
become: yes become: true
systemd: systemd:
name: memcached name: memcached
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true
- name: restart postfix - name: restart postfix
become: yes become: true
systemd: systemd:
name: postfix name: postfix
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true
- name: restart postgres - name: restart postgres
become: yes become: true
systemd: systemd:
name: postgresql@11-main name: postgresql@11-main
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true
- name: restart systemd-networkd - name: restart systemd-networkd
become: yes become: true
systemd: systemd:
name: systemd-networkd name: systemd-networkd
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true
- name: restart systemd-resolved - name: restart systemd-resolved
become: yes become: true
systemd: systemd:
name: systemd-resolved name: systemd-resolved
state: restarted state: restarted
enabled: yes enabled: true
daemon-reload: yes daemon-reload: true

12
handlers/user.yml
View file

@ -1,19 +1,19 @@
- name: start user tmux service - name: start user tmux service
become_user: '{{ default_user }}' become_user: '{{ default_user }}'
become: yes become: true
systemd: systemd:
daemon-reload: yes daemon-reload: true
name: tmux name: tmux
state: started state: started
enabled: yes enabled: true
scope: user scope: user
- name: restart user tmux service - name: restart user tmux service
become_user: '{{ default_user }}' become_user: '{{ default_user }}'
become: yes become: true
systemd: systemd:
daemon-reload: yes daemon-reload: true
name: tmux name: tmux
state: restarted state: restarted
enabled: yes enabled: true
scope: user scope: user

4
tasks/known_hosts.yml
View file

@ -9,14 +9,14 @@
- '{{ role_path }}/vars' - '{{ role_path }}/vars'
- name: install packages - name: install packages
become: yes become: true
package: package:
name: '{{ item }}' name: '{{ item }}'
state: present state: present
loop: '{{ known_hosts_packages }}' loop: '{{ known_hosts_packages }}'
- name: retrieve user $HOME - name: retrieve user $HOME
shell: 'echo $HOME' # noqa 301 shell: 'echo $HOME'
become_user: '{{ user }}' become_user: '{{ user }}'
register: home_stats register: home_stats

7
tasks/network.yml
View file

@ -1,9 +1,10 @@
- name: check old network configuration - name: check old network configuration
stat: path=/etc/network/interfaces stat:
path: '/etc/network/interfaces'
register: old_config register: old_config
- name: move old network configuration - name: move old network configuration
command: mv /etc/network/interfaces /etc/network/interfaces.save command: 'mv /etc/network/interfaces /etc/network/interfaces.save'
when: old_config.stat.exists when: old_config.stat.exists
- name: copy network configuration - name: copy network configuration
@ -22,6 +23,6 @@
owner: root owner: root
group: root group: root
state: link state: link
force: yes force: true
mode: '0644' mode: '0644'
notify: restart systemd-resolved notify: restart systemd-resolved

2
tasks/nginx.yml
View file

@ -1,5 +1,5 @@
- name: install nginx - name: install nginx
apt: package:
name: nginx name: nginx
state: present state: present

18
tasks/poetry.yml
View file

@ -1,9 +1,9 @@
- name: retrieve user $HOME # noqa 301 - name: retrieve user $HOME
shell: 'echo $HOME' shell: 'echo $HOME'
become_user: '{{ poetry_user }}' become_user: '{{ poetry_user }}'
register: home_stats register: home_stats
- name: retrieve user $PATH # noqa 301 - name: retrieve user $PATH
shell: 'echo $PATH' shell: 'echo $PATH'
become_user: '{{ poetry_user }}' become_user: '{{ poetry_user }}'
register: path_stats register: path_stats
@ -20,13 +20,13 @@
mode: '0755' mode: '0755'
path: '{{ poetry_user_home }}/.local/bin' path: '{{ poetry_user_home }}/.local/bin'
- name: set default python binary # noqa 208 - name: set default python binary
become: true become: true
file: file:
state: link state: link
src: '/usr/bin/python3' src: '/usr/bin/python3'
dest: '/usr/bin/python' dest: '/usr/bin/python'
when: ansible_distribution == "Ubuntu" when: ansible_distribution == 'Ubuntu'
- name: setup poetry for Ubuntu/Debian derived distro's - name: setup poetry for Ubuntu/Debian derived distro's
block: block:
@ -46,28 +46,28 @@
- name: install poetry - name: install poetry
become_user: '{{ poetry_user }}' become_user: '{{ poetry_user }}'
command: 'python /tmp/get-poetry.py --yes' # noqa 305 command: 'python /tmp/get-poetry.py --yes'
environment: environment:
POETRY_HOME: '{{ poetry_dir }}' POETRY_HOME: '{{ poetry_dir }}'
when: poetry_stats.stat.isdir is not defined when: poetry_stats.stat.isdir is not defined
- name: add poetry to user binaries # noqa 208 - name: add poetry to user binaries
become_user: '{{ poetry_user }}' become_user: '{{ poetry_user }}'
file: file:
state: link state: link
src: '{{ poetry_dir }}/bin/poetry' src: '{{ poetry_dir }}/bin/poetry'
dest: '{{ poetry_user_home }}/.local/bin/poetry' dest: '{{ poetry_user_home }}/.local/bin/poetry'
when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: setup poetry for Archlinux - name: setup poetry for Archlinux
become: true become: true
pacman: pacman:
name: poetry name: poetry
state: present state: present
when: ansible_facts['os_family'] == "Archlinux" when: ansible_facts['os_family'] == 'Archlinux'
- name: update poetry config - name: update poetry config
become_user: '{{ poetry_user }}' become_user: '{{ poetry_user }}'
command: 'poetry config virtualenvs.in-project true' # noqa 301 command: 'poetry config virtualenvs.in-project true'
environment: environment:
PATH: '{{ poetry_user_home }}/.local/bin:{{ poetry_user_path }}' PATH: '{{ poetry_user_home }}/.local/bin:{{ poetry_user_path }}'

20
tasks/setup.yml
View file

@ -18,23 +18,7 @@
- name: ensure basic tooling is installed - name: ensure basic tooling is installed
apt: apt:
name: name: '{{ common_packages }}'
- acl
- man
- apt-transport-https
- ca-certificates
- software-properties-common
- policykit-1
- libpolkit-agent-1-0
- nftables
- openssh-client
- bash-completion
- git
- vim
- curl
- tree
- haveged
- rsync
state: present state: present
- name: copy firewall template - name: copy firewall template
@ -48,4 +32,4 @@
# see https://wiki.debian.org/systemd#Orphaned_processes # see https://wiki.debian.org/systemd#Orphaned_processes
- name: enable loginctl user-linger - name: enable loginctl user-linger
command: 'loginctl enable-linger {{ default_user|quote }}' # noqa 301 command: 'loginctl enable-linger {{ default_user|quote }}'

10
tasks/ssl.yml
View file

@ -1,12 +1,6 @@
- name: install SSL packages - name: install SSL packages
apt: apt:
name: name: '{{ ssl_packages }}'
- python3-openssl
- python3-crypto
- python3-cryptography
- python-openssl
- python-crypto
- python-cryptography
state: present state: present
- name: create ssl directory - name: create ssl directory
@ -32,7 +26,7 @@
- name: generate a self signed OpenSSL certificate - name: generate a self signed OpenSSL certificate
become_user: '{{ app_user }}' become_user: '{{ app_user }}'
openssl_certificate: openssl_certificate:
force: yes force: true
path: '/etc/ssl/{{ app_name }}/{{ app_name }}.crt' path: '/etc/ssl/{{ app_name }}/{{ app_name }}.crt'
privatekey_path: '/etc/ssl/{{ app_name }}/local.pem' privatekey_path: '/etc/ssl/{{ app_name }}/local.pem'
csr_path: '/etc/ssl/{{ app_name }}/local.csr' csr_path: '/etc/ssl/{{ app_name }}/local.csr'