From 00c2137695d582d4d38a76ed0b643aa82c3263d8 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 25 Nov 2020 15:47:56 +0100 Subject: [PATCH 1/8] Add skip_common_setup flag Optionally skips default common setup --- tasks/main.yml | 53 ++----------------------------------------------- tasks/setup.yml | 51 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 51 deletions(-) create mode 100644 tasks/setup.yml diff --git a/tasks/main.yml b/tasks/main.yml index 2811ac4..9079cfa 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,51 +1,2 @@ -- include_tasks: "sudoers.yml" - loop: - - { src: "sudoers.j2", dest: "/etc/sudoers.d/20-ansible-extra" } - -- name: copy ssh template - template: - src: "sshd_config.j2" - dest: "/etc/ssh/sshd_config" - owner: root - group: root - mode: "0644" - notify: reload ssh - -- name: viva la hollande - locale_gen: - name: nl_NL.UTF-8 - state: present - -- name: ensure basic tooling is installed - apt: - name: - - acl - - man - - apt-transport-https - - ca-certificates - - software-properties-common - - policykit-1 - - libpolkit-agent-1-0 - - nftables - - openssh-client - - bash-completion - - git - - vim - - curl - - tree - - haveged - - rsync - state: present - -- name: copy firewall template - template: - src: "nftables.j2" - dest: "/etc/nftables.conf" - owner: root - group: root - mode: "0600" - notify: restart nftables - -# see https://wiki.debian.org/systemd#Orphaned_processes -- name: enable loginctl user-linger - command: "loginctl enable-linger {{ default_user|quote }}" # noqa 301 +- include_tasks: "setup.yml" + when: skip_common_setup is not defined or not skip_common_setup diff --git a/tasks/setup.yml b/tasks/setup.yml new file mode 100644 index 0000000..2811ac4 --- /dev/null +++ b/tasks/setup.yml @@ -0,0 +1,51 @@ +- include_tasks: "sudoers.yml" + loop: + - { src: "sudoers.j2", dest: "/etc/sudoers.d/20-ansible-extra" } + +- name: copy ssh template + template: + src: "sshd_config.j2" + dest: "/etc/ssh/sshd_config" + owner: root + group: root + mode: "0644" + notify: reload ssh + +- name: viva la hollande + locale_gen: + name: nl_NL.UTF-8 + state: present + +- name: ensure basic tooling is installed + apt: + name: + - acl + - man + - apt-transport-https + - ca-certificates + - software-properties-common + - policykit-1 + - libpolkit-agent-1-0 + - nftables + - openssh-client + - bash-completion + - git + - vim + - curl + - tree + - haveged + - rsync + state: present + +- name: copy firewall template + template: + src: "nftables.j2" + dest: "/etc/nftables.conf" + owner: root + group: root + mode: "0600" + notify: restart nftables + +# see https://wiki.debian.org/systemd#Orphaned_processes +- name: enable loginctl user-linger + command: "loginctl enable-linger {{ default_user|quote }}" # noqa 301 From a54b847294e2c3e68e79b1ba7988dd2f62b28098 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Wed, 25 Nov 2020 21:59:24 +0100 Subject: [PATCH 2/8] Explicitly set become --- handlers/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/handlers/main.yml b/handlers/main.yml index 7eb7634..2ed56a7 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,4 +1,5 @@ - name: reload ssh + become: yes systemd: name: ssh state: restarted @@ -6,6 +7,7 @@ daemon-reload: yes - name: restart nftables + become: yes systemd: name: nftables state: restarted @@ -13,6 +15,7 @@ daemon-reload: yes - name: restart nginx + become: yes systemd: name: nginx state: restarted @@ -20,6 +23,7 @@ daemon-reload: yes - name: restart docker + become: yes systemd: name: docker state: restarted @@ -27,6 +31,7 @@ daemon-reload: yes - name: restart rabbitmq + become: yes systemd: name: rabbitmq-server state: restarted @@ -34,6 +39,7 @@ daemon-reload: yes - name: restart memcached + become: yes systemd: name: memcached state: restarted @@ -41,6 +47,7 @@ daemon-reload: yes - name: restart postfix + become: yes systemd: name: postfix state: restarted @@ -48,6 +55,7 @@ daemon-reload: yes - name: restart postgres + become: yes systemd: name: postgresql@11-main state: restarted @@ -55,6 +63,7 @@ daemon-reload: yes - name: restart systemd-networkd + become: yes systemd: name: systemd-networkd state: restarted @@ -62,6 +71,7 @@ daemon-reload: yes - name: restart systemd-resolved + become: yes systemd: name: systemd-resolved state: restarted From bc3310066a31de639cc0ed1c0ee5e1246e17ec47 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 30 Jan 2021 13:44:55 +0100 Subject: [PATCH 3/8] Remove skip_common_setup flag --- .ansible-lint | 5 --- .gitlab-ci.yml | 31 ++++++--------- .prettier.json | 9 ----- .prettierrc.yml | 5 +++ defaults/main.yml | 4 +- handlers/{main.yml => main/services.yml} | 2 - handlers/{ => main}/user.yml | 4 +- meta/main.yml | 6 +-- tasks/host.yml | 12 +++--- tasks/known_hosts.yml | 34 ++++++++-------- tasks/main.yml | 2 - tasks/network.yml | 12 +++--- tasks/nginx.yml | 8 ++-- tasks/poetry.yml | 50 ++++++++++++------------ tasks/setup.yml | 18 ++++----- tasks/ssl.yml | 24 ++++++------ tasks/sudoers.yml | 6 +-- 17 files changed, 106 insertions(+), 126 deletions(-) delete mode 100644 .ansible-lint delete mode 100644 .prettier.json create mode 100644 .prettierrc.yml rename handlers/{main.yml => main/services.yml} (98%) rename handlers/{ => main}/user.yml (80%) delete mode 100644 tasks/main.yml diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index e99d805..0000000 --- a/.ansible-lint +++ /dev/null @@ -1,5 +0,0 @@ -parseable: true -quiet: true -skip_list: - - '501' -use_default_rules: true diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a629be7..d9ade6f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,31 +3,24 @@ stages: - test cache: - key: "$CI_COMMIT_REF_SLUG" + key: $CI_COMMIT_REF_SLUG paths: - .cache/pip - node_modules/ lint: - stage: lint - image: python:3.7 - before_script: - - pip install ansible ansible-lint --quiet - script: - - ansible-lint playbook.yml - only: - refs: - - development - - merge_requests - -pretty-lint: stage: lint image: node:12 before_script: - - npm install + - npm install prettier --no-save script: - - npx prettier "**/*.yml" --check - only: - refs: - - development - - merge_requests + - npx prettier '**/*.yml' --check + +syntax-test: + stage: test + image: python:3.7 + before_script: + - pip install ansible --quiet + - ansible-galaxy install -r requirements.yml + script: + - ansible-playbook playbook.yml --syntax-check diff --git a/.prettier.json b/.prettier.json deleted file mode 100644 index 9c76f6b..0000000 --- a/.prettier.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "singleQuote": true, - "printWidth": 90, - "tabWidth": 2, - "useTabs": false, - "bracketSpacing": true, - "parser": "yaml" -} - diff --git a/.prettierrc.yml b/.prettierrc.yml new file mode 100644 index 0000000..0cb31e6 --- /dev/null +++ b/.prettierrc.yml @@ -0,0 +1,5 @@ +singleQuote: true +printWidth: 90 +tabWidth: 2 +useTabs: false +bracketSpacing: true diff --git a/defaults/main.yml b/defaults/main.yml index d2d3c30..3fab824 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,3 @@ -poetry_url: "https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py" +poetry_url: 'https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py' poetry_user: "{{ ansible_user | default(lookup('env', 'USER'), True) }}" -poetry_dir: "{{ ansible_env.HOME }}/.poetry" +poetry_dir: '{{ ansible_env.HOME }}/.poetry' diff --git a/handlers/main.yml b/handlers/main/services.yml similarity index 98% rename from handlers/main.yml rename to handlers/main/services.yml index 2ed56a7..ca368bd 100644 --- a/handlers/main.yml +++ b/handlers/main/services.yml @@ -77,5 +77,3 @@ state: restarted enabled: yes daemon-reload: yes - -- include: user.yml diff --git a/handlers/user.yml b/handlers/main/user.yml similarity index 80% rename from handlers/user.yml rename to handlers/main/user.yml index 8cf4b1a..006f3c1 100644 --- a/handlers/user.yml +++ b/handlers/main/user.yml @@ -1,5 +1,5 @@ - name: start user tmux service - become_user: "{{ default_user }}" + become_user: '{{ default_user }}' become: yes systemd: daemon-reload: yes @@ -9,7 +9,7 @@ scope: user - name: restart user tmux service - become_user: "{{ default_user }}" + become_user: '{{ default_user }}' become: yes systemd: daemon-reload: yes diff --git a/meta/main.yml b/meta/main.yml index 1e19aa6..59c1b4d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -2,10 +2,10 @@ dependencies: [] galaxy_info: author: sonny - description: "Common tasks" - license: "license GPLv3" + description: 'Common tasks' + license: 'license GPLv3' min_ansible_version: 2.7 - issue_tracker_url: "https://git.fudiggity.nl/ansible/common/-/issues" + issue_tracker_url: 'https://git.fudiggity.nl/ansible/common/-/issues' platforms: - name: Debian versions: diff --git a/tasks/host.yml b/tasks/host.yml index 818e7c2..e72e29d 100644 --- a/tasks/host.yml +++ b/tasks/host.yml @@ -1,15 +1,15 @@ - name: copy hostname template: - src: "hostname.j2" - dest: "/etc/hostname" + src: 'hostname.j2' + dest: '/etc/hostname' owner: root group: root - mode: "0644" + mode: '0644' - name: copy hosts template: - src: "hosts.j2" - dest: "/etc/hosts" + src: 'hosts.j2' + dest: '/etc/hosts' owner: root group: root - mode: "0644" + mode: '0644' diff --git a/tasks/known_hosts.yml b/tasks/known_hosts.yml index d8abe99..552da97 100644 --- a/tasks/known_hosts.yml +++ b/tasks/known_hosts.yml @@ -1,39 +1,39 @@ - name: load OS specific vars - include_vars: "{{ item }}" + include_vars: '{{ item }}' with_first_found: - files: - - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml" - - "{{ ansible_distribution|lower }}.yml" - - "{{ ansible_os_family|lower }}.yml" + - '{{ ansible_distribution|lower }}-{{ ansible_distribution_release|lower }}.yml' + - '{{ ansible_distribution|lower }}.yml' + - '{{ ansible_os_family|lower }}.yml' paths: - - "{{ role_path }}/vars" + - '{{ role_path }}/vars' - name: install packages become: yes package: - name: "{{ item }}" + name: '{{ item }}' state: present - loop: "{{ known_hosts_packages }}" + loop: '{{ known_hosts_packages }}' - name: retrieve user $HOME - shell: "echo $HOME" # noqa 301 - become_user: "{{ user }}" + shell: 'echo $HOME' # noqa 301 + become_user: '{{ user }}' register: home_stats - name: set user $HOME set_fact: - user_home: "{{ home_stats.stdout }}" + user_home: '{{ home_stats.stdout }}' - name: create local ssh directory - become_user: "{{ user }}" + become_user: '{{ user }}' file: - path: "{{ user_home }}/.ssh" + path: '{{ user_home }}/.ssh' state: directory - mode: "0755" + mode: '0755' - name: add items to known hosts - become_user: "{{ user }}" + become_user: '{{ user }}' known_hosts: - name: "{{ item.domain }}" - key: "{{ item.key }}" - loop: "{{ items }}" + name: '{{ item.domain }}' + key: '{{ item.key }}' + loop: '{{ items }}' diff --git a/tasks/main.yml b/tasks/main.yml deleted file mode 100644 index 9079cfa..0000000 --- a/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -- include_tasks: "setup.yml" - when: skip_common_setup is not defined or not skip_common_setup diff --git a/tasks/network.yml b/tasks/network.yml index f9ff775..687455d 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -8,20 +8,20 @@ - name: copy network configuration template: - src: "network.j2" - dest: "/etc/systemd/network/50-default.network" + src: 'network.j2' + dest: '/etc/systemd/network/50-default.network' owner: root group: root - mode: "0644" + mode: '0644' notify: restart systemd-networkd - name: copy dns configuration file: - src: "/run/systemd/resolve/resolv.conf" - dest: "/etc/resolv.conf" + src: '/run/systemd/resolve/resolv.conf' + dest: '/etc/resolv.conf' owner: root group: root state: link force: yes - mode: "0644" + mode: '0644' notify: restart systemd-resolved diff --git a/tasks/nginx.yml b/tasks/nginx.yml index 965ef2a..b862cd0 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -5,14 +5,14 @@ - name: copy nginx config template: - src: "nginx.conf.j2" - dest: "/etc/nginx/nginx.conf" + src: 'nginx.conf.j2' + dest: '/etc/nginx/nginx.conf' owner: root group: root - mode: "0644" + mode: '0644' - name: remove default site file: - path: "/etc/nginx/sites-enabled/default" + path: '/etc/nginx/sites-enabled/default' state: absent notify: restart nginx diff --git a/tasks/poetry.yml b/tasks/poetry.yml index 8649337..b931a0d 100644 --- a/tasks/poetry.yml +++ b/tasks/poetry.yml @@ -1,62 +1,62 @@ - name: retrieve user $HOME # noqa 301 - shell: "echo $HOME" - become_user: "{{ poetry_user }}" + shell: 'echo $HOME' + become_user: '{{ poetry_user }}' register: home_stats - name: retrieve user $PATH # noqa 301 - shell: "echo $PATH" - become_user: "{{ poetry_user }}" + shell: 'echo $PATH' + become_user: '{{ poetry_user }}' register: path_stats - name: set poetry user variables set_fact: - poetry_user_home: "{{ home_stats.stdout }}" - poetry_user_path: "{{ path_stats.stdout }}" + poetry_user_home: '{{ home_stats.stdout }}' + poetry_user_path: '{{ path_stats.stdout }}' - name: create user folder for binaries - become_user: "{{ poetry_user }}" + become_user: '{{ poetry_user }}' file: state: directory - mode: "0755" - path: "{{ poetry_user_home }}/.local/bin" + mode: '0755' + path: '{{ poetry_user_home }}/.local/bin' - name: set default python binary # noqa 208 become: true file: state: link - src: "/usr/bin/python3" - dest: "/usr/bin/python" + src: '/usr/bin/python3' + dest: '/usr/bin/python' when: ansible_distribution == "Ubuntu" - name: setup poetry for Ubuntu/Debian derived distro's block: - name: check poetry existence - become_user: "{{ poetry_user }}" + become_user: '{{ poetry_user }}' stat: - path: "{{ poetry_dir }}" + path: '{{ poetry_dir }}' register: poetry_stats - name: download poetry installer - become_user: "{{ poetry_user }}" + become_user: '{{ poetry_user }}' get_url: - url: "{{ poetry_url }}" + url: '{{ poetry_url }}' dest: /tmp/ - mode: "0750" + mode: '0750' when: poetry_stats.stat.isdir is not defined - name: install poetry - become_user: "{{ poetry_user }}" - command: "python /tmp/get-poetry.py --yes" # noqa 305 + become_user: '{{ poetry_user }}' + command: 'python /tmp/get-poetry.py --yes' # noqa 305 environment: - POETRY_HOME: "{{ poetry_dir }}" + POETRY_HOME: '{{ poetry_dir }}' when: poetry_stats.stat.isdir is not defined - name: add poetry to user binaries # noqa 208 - become_user: "{{ poetry_user }}" + become_user: '{{ poetry_user }}' file: state: link - src: "{{ poetry_dir }}/bin/poetry" - dest: "{{ poetry_user_home }}/.local/bin/poetry" + src: '{{ poetry_dir }}/bin/poetry' + dest: '{{ poetry_user_home }}/.local/bin/poetry' when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" - name: setup poetry for Archlinux @@ -67,7 +67,7 @@ when: ansible_facts['os_family'] == "Archlinux" - name: update poetry config - become_user: "{{ poetry_user }}" - command: "poetry config virtualenvs.in-project true" # noqa 301 + become_user: '{{ poetry_user }}' + command: 'poetry config virtualenvs.in-project true' # noqa 301 environment: - PATH: "{{ poetry_user_home }}/.local/bin:{{ poetry_user_path }}" + PATH: '{{ poetry_user_home }}/.local/bin:{{ poetry_user_path }}' diff --git a/tasks/setup.yml b/tasks/setup.yml index 2811ac4..b2c125c 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,14 +1,14 @@ -- include_tasks: "sudoers.yml" +- include_tasks: 'sudoers.yml' loop: - - { src: "sudoers.j2", dest: "/etc/sudoers.d/20-ansible-extra" } + - { src: 'sudoers.j2', dest: '/etc/sudoers.d/20-ansible-extra' } - name: copy ssh template template: - src: "sshd_config.j2" - dest: "/etc/ssh/sshd_config" + src: 'sshd_config.j2' + dest: '/etc/ssh/sshd_config' owner: root group: root - mode: "0644" + mode: '0644' notify: reload ssh - name: viva la hollande @@ -39,13 +39,13 @@ - name: copy firewall template template: - src: "nftables.j2" - dest: "/etc/nftables.conf" + src: 'nftables.j2' + dest: '/etc/nftables.conf' owner: root group: root - mode: "0600" + mode: '0600' notify: restart nftables # see https://wiki.debian.org/systemd#Orphaned_processes - name: enable loginctl user-linger - command: "loginctl enable-linger {{ default_user|quote }}" # noqa 301 + command: 'loginctl enable-linger {{ default_user|quote }}' # noqa 301 diff --git a/tasks/ssl.yml b/tasks/ssl.yml index a1cb905..058e501 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -11,29 +11,29 @@ - name: create ssl directory file: - path: "/etc/ssl/{{ app_name }}" + path: '/etc/ssl/{{ app_name }}' state: directory - owner: "{{ app_user }}" - group: "{{ app_user }}" + owner: '{{ app_user }}' + group: '{{ app_user }}' mode: 0750 - name: generate an OpenSSL private key with the default values (4096 bits, RSA) - become_user: "{{ app_user }}" + become_user: '{{ app_user }}' openssl_privatekey: - path: "/etc/ssl/{{ app_name }}/local.pem" + path: '/etc/ssl/{{ app_name }}/local.pem' - name: generate an OpenSSL certificate signing request - become_user: "{{ app_user }}" + become_user: '{{ app_user }}' openssl_csr: - path: "/etc/ssl/{{ app_name }}/local.csr" - privatekey_path: "/etc/ssl/{{ app_name }}/local.pem" + path: '/etc/ssl/{{ app_name }}/local.csr' + privatekey_path: '/etc/ssl/{{ app_name }}/local.pem' common_name: fudiggity.nl - name: generate a self signed OpenSSL certificate - become_user: "{{ app_user }}" + become_user: '{{ app_user }}' openssl_certificate: force: yes - path: "/etc/ssl/{{ app_name }}/{{ app_name }}.crt" - privatekey_path: "/etc/ssl/{{ app_name }}/local.pem" - csr_path: "/etc/ssl/{{ app_name }}/local.csr" + path: '/etc/ssl/{{ app_name }}/{{ app_name }}.crt' + privatekey_path: '/etc/ssl/{{ app_name }}/local.pem' + csr_path: '/etc/ssl/{{ app_name }}/local.csr' provider: selfsigned diff --git a/tasks/sudoers.yml b/tasks/sudoers.yml index c3c3bec..a4c8979 100644 --- a/tasks/sudoers.yml +++ b/tasks/sudoers.yml @@ -1,7 +1,7 @@ - name: copy extra sudoers file template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' owner: root group: root - mode: "0644" + mode: '0644' From edaa6699190c2c4f8b4e8e363d550551c31b61f3 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 30 Jan 2021 13:47:27 +0100 Subject: [PATCH 4/8] Remove test job --- .gitlab-ci.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d9ade6f..6dbc62c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,11 +1,9 @@ stages: - lint - - test cache: key: $CI_COMMIT_REF_SLUG paths: - - .cache/pip - node_modules/ lint: @@ -15,12 +13,3 @@ lint: - npm install prettier --no-save script: - npx prettier '**/*.yml' --check - -syntax-test: - stage: test - image: python:3.7 - before_script: - - pip install ansible --quiet - - ansible-galaxy install -r requirements.yml - script: - - ansible-playbook playbook.yml --syntax-check From 14418e5006dd337c7a7694405422b6f04eb7af5b Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 30 Jan 2021 13:59:24 +0100 Subject: [PATCH 5/8] Move handlers --- handlers/{main/services.yml => main.yml} | 0 handlers/{main => }/user.yml | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename handlers/{main/services.yml => main.yml} (100%) rename handlers/{main => }/user.yml (100%) diff --git a/handlers/main/services.yml b/handlers/main.yml similarity index 100% rename from handlers/main/services.yml rename to handlers/main.yml diff --git a/handlers/main/user.yml b/handlers/user.yml similarity index 100% rename from handlers/main/user.yml rename to handlers/user.yml From 278b44e2f5f89f34f3d4b64daac5ef97d0d0e9ad Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 30 Jan 2021 14:19:29 +0100 Subject: [PATCH 6/8] Add debug statement --- tasks/ssl.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 058e501..c1ac147 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -17,6 +17,10 @@ group: '{{ app_user }}' mode: 0750 +- name: Print current user + debug: + msg: 'Current user: {{ lookup("env", "USER") }}' + - name: generate an OpenSSL private key with the default values (4096 bits, RSA) become_user: '{{ app_user }}' openssl_privatekey: From 4296823b3f6dca155181c88b332ed6310aaa38e5 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 30 Jan 2021 16:41:11 +0100 Subject: [PATCH 7/8] Revert "Add debug statement" This reverts commit 278b44e2f5f89f34f3d4b64daac5ef97d0d0e9ad. --- tasks/ssl.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tasks/ssl.yml b/tasks/ssl.yml index c1ac147..058e501 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -17,10 +17,6 @@ group: '{{ app_user }}' mode: 0750 -- name: Print current user - debug: - msg: 'Current user: {{ lookup("env", "USER") }}' - - name: generate an OpenSSL private key with the default values (4096 bits, RSA) become_user: '{{ app_user }}' openssl_privatekey: From 248b921cb47c6793037c48b9742f8b46b67b9f48 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Mon, 1 Feb 2021 21:16:53 +0100 Subject: [PATCH 8/8] Style changes --- defaults/main.yml | 26 +++++++++++++++++++ handlers/main.yml | 60 +++++++++++++++++++++---------------------- handlers/user.yml | 12 ++++----- tasks/known_hosts.yml | 4 +-- tasks/network.yml | 7 ++--- tasks/nginx.yml | 2 +- tasks/poetry.yml | 18 ++++++------- tasks/setup.yml | 20 ++------------- tasks/ssl.yml | 10 ++------ 9 files changed, 82 insertions(+), 77 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 3fab824..9980a2a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,29 @@ poetry_url: 'https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py' poetry_user: "{{ ansible_user | default(lookup('env', 'USER'), True) }}" poetry_dir: '{{ ansible_env.HOME }}/.poetry' + +common_packages: + - acl + - man + - apt-transport-https + - ca-certificates + - software-properties-common + - policykit-1 + - libpolkit-agent-1-0 + - nftables + - openssh-client + - bash-completion + - git + - vim + - curl + - tree + - haveged + - rsync + +ssl_packages: + - python3-openssl + - python3-crypto + - python3-cryptography + - python-openssl + - python-crypto + - python-cryptography diff --git a/handlers/main.yml b/handlers/main.yml index ca368bd..07d7ed5 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,79 +1,79 @@ - name: reload ssh - become: yes + become: true systemd: name: ssh state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart nftables - become: yes + become: true systemd: name: nftables state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart nginx - become: yes + become: true systemd: name: nginx state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart docker - become: yes + become: true systemd: name: docker state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart rabbitmq - become: yes + become: true systemd: name: rabbitmq-server state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart memcached - become: yes + become: true systemd: name: memcached state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart postfix - become: yes + become: true systemd: name: postfix state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart postgres - become: yes + become: true systemd: name: postgresql@11-main state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart systemd-networkd - become: yes + become: true systemd: name: systemd-networkd state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true - name: restart systemd-resolved - become: yes + become: true systemd: name: systemd-resolved state: restarted - enabled: yes - daemon-reload: yes + enabled: true + daemon-reload: true diff --git a/handlers/user.yml b/handlers/user.yml index 006f3c1..b906433 100644 --- a/handlers/user.yml +++ b/handlers/user.yml @@ -1,19 +1,19 @@ - name: start user tmux service become_user: '{{ default_user }}' - become: yes + become: true systemd: - daemon-reload: yes + daemon-reload: true name: tmux state: started - enabled: yes + enabled: true scope: user - name: restart user tmux service become_user: '{{ default_user }}' - become: yes + become: true systemd: - daemon-reload: yes + daemon-reload: true name: tmux state: restarted - enabled: yes + enabled: true scope: user diff --git a/tasks/known_hosts.yml b/tasks/known_hosts.yml index 552da97..60f7e9c 100644 --- a/tasks/known_hosts.yml +++ b/tasks/known_hosts.yml @@ -9,14 +9,14 @@ - '{{ role_path }}/vars' - name: install packages - become: yes + become: true package: name: '{{ item }}' state: present loop: '{{ known_hosts_packages }}' - name: retrieve user $HOME - shell: 'echo $HOME' # noqa 301 + shell: 'echo $HOME' become_user: '{{ user }}' register: home_stats diff --git a/tasks/network.yml b/tasks/network.yml index 687455d..7adb693 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -1,9 +1,10 @@ - name: check old network configuration - stat: path=/etc/network/interfaces + stat: + path: '/etc/network/interfaces' register: old_config - name: move old network configuration - command: mv /etc/network/interfaces /etc/network/interfaces.save + command: 'mv /etc/network/interfaces /etc/network/interfaces.save' when: old_config.stat.exists - name: copy network configuration @@ -22,6 +23,6 @@ owner: root group: root state: link - force: yes + force: true mode: '0644' notify: restart systemd-resolved diff --git a/tasks/nginx.yml b/tasks/nginx.yml index b862cd0..9d73790 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -1,5 +1,5 @@ - name: install nginx - apt: + package: name: nginx state: present diff --git a/tasks/poetry.yml b/tasks/poetry.yml index b931a0d..62b6e18 100644 --- a/tasks/poetry.yml +++ b/tasks/poetry.yml @@ -1,9 +1,9 @@ -- name: retrieve user $HOME # noqa 301 +- name: retrieve user $HOME shell: 'echo $HOME' become_user: '{{ poetry_user }}' register: home_stats -- name: retrieve user $PATH # noqa 301 +- name: retrieve user $PATH shell: 'echo $PATH' become_user: '{{ poetry_user }}' register: path_stats @@ -20,13 +20,13 @@ mode: '0755' path: '{{ poetry_user_home }}/.local/bin' -- name: set default python binary # noqa 208 +- name: set default python binary become: true file: state: link src: '/usr/bin/python3' dest: '/usr/bin/python' - when: ansible_distribution == "Ubuntu" + when: ansible_distribution == 'Ubuntu' - name: setup poetry for Ubuntu/Debian derived distro's block: @@ -46,28 +46,28 @@ - name: install poetry become_user: '{{ poetry_user }}' - command: 'python /tmp/get-poetry.py --yes' # noqa 305 + command: 'python /tmp/get-poetry.py --yes' environment: POETRY_HOME: '{{ poetry_dir }}' when: poetry_stats.stat.isdir is not defined - - name: add poetry to user binaries # noqa 208 + - name: add poetry to user binaries become_user: '{{ poetry_user }}' file: state: link src: '{{ poetry_dir }}/bin/poetry' dest: '{{ poetry_user_home }}/.local/bin/poetry' - when: ansible_distribution == "Debian" or ansible_distribution == "Ubuntu" + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - name: setup poetry for Archlinux become: true pacman: name: poetry state: present - when: ansible_facts['os_family'] == "Archlinux" + when: ansible_facts['os_family'] == 'Archlinux' - name: update poetry config become_user: '{{ poetry_user }}' - command: 'poetry config virtualenvs.in-project true' # noqa 301 + command: 'poetry config virtualenvs.in-project true' environment: PATH: '{{ poetry_user_home }}/.local/bin:{{ poetry_user_path }}' diff --git a/tasks/setup.yml b/tasks/setup.yml index b2c125c..2d34535 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -18,23 +18,7 @@ - name: ensure basic tooling is installed apt: - name: - - acl - - man - - apt-transport-https - - ca-certificates - - software-properties-common - - policykit-1 - - libpolkit-agent-1-0 - - nftables - - openssh-client - - bash-completion - - git - - vim - - curl - - tree - - haveged - - rsync + name: '{{ common_packages }}' state: present - name: copy firewall template @@ -48,4 +32,4 @@ # see https://wiki.debian.org/systemd#Orphaned_processes - name: enable loginctl user-linger - command: 'loginctl enable-linger {{ default_user|quote }}' # noqa 301 + command: 'loginctl enable-linger {{ default_user|quote }}' diff --git a/tasks/ssl.yml b/tasks/ssl.yml index 058e501..8f71d76 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -1,12 +1,6 @@ - name: install SSL packages apt: - name: - - python3-openssl - - python3-crypto - - python3-cryptography - - python-openssl - - python-crypto - - python-cryptography + name: '{{ ssl_packages }}' state: present - name: create ssl directory @@ -32,7 +26,7 @@ - name: generate a self signed OpenSSL certificate become_user: '{{ app_user }}' openssl_certificate: - force: yes + force: true path: '/etc/ssl/{{ app_name }}/{{ app_name }}.crt' privatekey_path: '/etc/ssl/{{ app_name }}/local.pem' csr_path: '/etc/ssl/{{ app_name }}/local.csr'