diff --git a/handlers.yml b/handlers.yml index 63cb21a..f397c3e 100644 --- a/handlers.yml +++ b/handlers.yml @@ -1,60 +1,60 @@ ---- -- name: Restart systemd-networkd +- name: restart systemd-networkd become: true - ansible.builtin.systemd: + systemd: name: systemd-networkd state: restarted enabled: true -- name: Restart systemd-resolved +- name: restart systemd-resolved become: true - ansible.builtin.systemd: + systemd: name: systemd-resolved state: restarted enabled: true -- name: Restart nftables +- name: restart nftables become: true - ansible.builtin.systemd: + systemd: name: nftables.service state: restarted enabled: true -- name: Restart ssh +- name: restart ssh become: true - ansible.builtin.systemd: + systemd: name: ssh.service state: restarted enabled: true -- name: Restart docker service +- name: restart docker service become: true - ansible.builtin.systemd: + systemd: name: docker.service state: restarted enabled: true -- name: Restart nginx +- name: restart nginx become: true - ansible.builtin.systemd: + systemd: name: nginx.service state: restarted enabled: true -- name: Enable transip-client timer +- name: enable transip-client timer become: true - ansible.builtin.systemd: + systemd: daemon-reload: true name: transip-client.timer state: restarted enabled: true -- name: Regenerate initramfs +- name: regenerate initramfs become: true - ansible.builtin.command: update-initramfs -u -k all -- name: Restart certbot + command: update-initramfs -u -k all + +- name: restart certbot become: true - ansible.builtin.systemd: + systemd: name: certbot state: restarted enabled: false diff --git a/host_vars/fudiggity/forgejo.yml b/host_vars/fudiggity/forgejo.yml index 07c2eb6..f133f38 100644 --- a/host_vars/fudiggity/forgejo.yml +++ b/host_vars/fudiggity/forgejo.yml @@ -1,20 +1,19 @@ ---- -forgejo_app_dir: "/srv/docker/forgejo" -forgejo_data_dir: "/var/lib/vm/forgejo/data" -forgejo_postgres_dir: "/var/lib/vm/forgejo/postgres" +forgejo_app_dir: '/srv/docker/forgejo' +forgejo_data_dir: '/var/lib/vm/forgejo/data' +forgejo_postgres_dir: '/var/lib/vm/forgejo/postgres' -forgejo_image_tag: "codeberg.org/forgejo/forgejo:11" +forgejo_image_tag: 'codeberg.org/forgejo/forgejo:11' forgejo_postgres_user: forgejo forgejo_postgres_name: forgejo # TODO: write to docker secret forgejo_postgres_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30303039313766373966373364346539306661376564613530656565313131623635666435333564 - 6463316365373564383964316635366337376237386134340a353839313761633865646638356165 - 31306666616235336132363232303639303065343436656233366264333236323435393963373062 - 3165326331633438620a323064663435396666316266396135633463653335323534616264383965 - 33383262373831656335363434333938363230373133646436653261346364353463333065303534 - 66383533646636313662376236373931383065386330663438623363336664353832343263323336 - 366531643930326636343466343732373036 + $ANSIBLE_VAULT;1.1;AES256 + 30303039313766373966373364346539306661376564613530656565313131623635666435333564 + 6463316365373564383964316635366337376237386134340a353839313761633865646638356165 + 31306666616235336132363232303639303065343436656233366264333236323435393963373062 + 3165326331633438620a323064663435396666316266396135633463653335323534616264383965 + 33383262373831656335363434333938363230373133646436653261346364353463333065303534 + 66383533646636313662376236373931383065386330663438623363336664353832343263323336 + 366531643930326636343466343732373036 diff --git a/host_vars/fudiggity/glitchtip.yml b/host_vars/fudiggity/glitchtip.yml index 05317e4..94bed93 100644 --- a/host_vars/fudiggity/glitchtip.yml +++ b/host_vars/fudiggity/glitchtip.yml @@ -1,15 +1,14 @@ ---- glitchtip_image_tag: glitchtip/glitchtip:v4.2 glitchtip_app_dir: /srv/docker/glitchtip glitchtip_secret_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 37363333306434636331626231663964626631616131326335333832323939363865353431633233 - 6263363535646132316130373536303466613436656636300a333231383137326634326230343661 - 63333933363038333865633930663562306163613164623731613866353861616435373865666330 - 6131663965663836300a636366386432666133343364353763333731376561646338383531613363 - 32383834646461383562303564663135633932616536646134393632626664376335373136383638 - 35323934653664666530343562363461396230333435336166343033643732663766383633343337 - 30303938633939623830363661633936323031373362353363346530363535613363393432666462 - 37643033336130393166 + $ANSIBLE_VAULT;1.1;AES256 + 37363333306434636331626231663964626631616131326335333832323939363865353431633233 + 6263363535646132316130373536303466613436656636300a333231383137326634326230343661 + 63333933363038333865633930663562306163613164623731613866353861616435373865666330 + 6131663965663836300a636366386432666133343364353763333731376561646338383531613363 + 32383834646461383562303564663135633932616536646134393632626664376335373136383638 + 35323934653664666530343562363461396230333435336166343033643732663766383633343337 + 30303938633939623830363661633936323031373362353363346530363535613363393432666462 + 37643033336130393166 diff --git a/host_vars/fudiggity/jellyfin.yml b/host_vars/fudiggity/jellyfin.yml index 443e040..b6d0306 100644 --- a/host_vars/fudiggity/jellyfin.yml +++ b/host_vars/fudiggity/jellyfin.yml @@ -1,4 +1,3 @@ ---- jellyfin_image_tag: jellyfin/jellyfin:10.10.7 jellyfin_app_dir: /srv/docker/jellyfin jellyfin_configuration_dir: /home/sonny/.config/jellyfin diff --git a/host_vars/fudiggity/main.yml b/host_vars/fudiggity/main.yml index c0a2d59..52eed7c 100644 --- a/host_vars/fudiggity/main.yml +++ b/host_vars/fudiggity/main.yml @@ -1,4 +1,3 @@ ---- packages: - nftables - syncthing @@ -13,12 +12,12 @@ packages: - certbot - unattended-upgrades -vpn_config_dir: "/etc/wireguard" +vpn_config_dir: '/etc/wireguard' -hostname: "fudiggity" +hostname: 'fudiggity' -xdg_config_dir: "/home/sonny/.config" -xdg_data_dir: "/home/sonny/.local/share" -xdg_state_dir: "/home/sonny/.local/state" +xdg_config_dir: '/home/sonny/.config' +xdg_data_dir: '/home/sonny/.local/share' +xdg_state_dir: '/home/sonny/.local/state' systemd_service_dir: /etc/systemd/system diff --git a/host_vars/fudiggity/mpd.yml b/host_vars/fudiggity/mpd.yml index 3c28019..c039bdd 100644 --- a/host_vars/fudiggity/mpd.yml +++ b/host_vars/fudiggity/mpd.yml @@ -1,7 +1,6 @@ ---- -mpd_app_dir: "/srv/docker/mpd" -mpd_music_dir: "/home/sonny/music" +mpd_app_dir: '/srv/docker/mpd' +mpd_music_dir: '/home/sonny/music' -mpd_config_dir: "{{ xdg_config_dir }}/mpd" -mpd_playlist_dir: "{{ xdg_data_dir }}/mpd/playlists" -mpd_state_dir: "{{ xdg_state_dir }}/mpd" +mpd_config_dir: '{{ xdg_config_dir }}/mpd' +mpd_playlist_dir: '{{ xdg_data_dir }}/mpd/playlists' +mpd_state_dir: '{{ xdg_state_dir }}/mpd' diff --git a/host_vars/fudiggity/network.yml b/host_vars/fudiggity/network.yml index 478832d..11d6725 100644 --- a/host_vars/fudiggity/network.yml +++ b/host_vars/fudiggity/network.yml @@ -1,4 +1,3 @@ ---- network_interface: link1 network_mac: 00:1b:21:3b:50:e2 @@ -14,22 +13,22 @@ ssh_port: 39901 vpn_listen_address: 10.0.0.1 vpn_prefix: 24 -vpn_subnet: "10.0.0.0/{{ vpn_prefix }}" +vpn_subnet: '10.0.0.0/{{ vpn_prefix }}' vpn_port: 51902 vpn_interface: wg0 -vpn_domain: "vpn.{{ domain_name }}" +vpn_domain: 'vpn.{{ domain_name }}' vpn_media_listen_address: 10.0.1.1 vpn_media_prefix: 24 -vpn_media_subnet: "10.0.1.0/{{ vpn_media_prefix }}" +vpn_media_subnet: '10.0.1.0/{{ vpn_media_prefix }}' vpn_media_port: 51903 vpn_media_interface: wg1 -vpn_media_domain: "media-vpn.{{ domain_name }}" +vpn_media_domain: 'media-vpn.{{ domain_name }}' -mpd_domain: "mpd.{{ domain_name }}" +mpd_domain: 'mpd.{{ domain_name }}' mpd_listen_address: 0.0.0.0 mpd_prefix: 24 -mpd_subnet: "172.128.238.0/{{ mpd_prefix }}" +mpd_subnet: '172.128.238.0/{{ mpd_prefix }}' mpd_port: 21000 mpd_http_stream_port: 8000 mpd_http_mobile_stream_port: 8001 @@ -52,31 +51,31 @@ glitchtip_ip: 127.0.0.1 glitchtip_app_port: 7200 glitchtip_domain: glitchtip.fudiggity.nl -syncthing_domain: "syncthing.{{ domain_name }}" +syncthing_domain: 'syncthing.{{ domain_name }}' syncthing_listen_address: 0.0.0.0 syncthing_prefix: 24 -syncthing_subnet: "172.32.238.0/{{ syncthing_prefix }}" +syncthing_subnet: '172.32.238.0/{{ syncthing_prefix }}' syncthing_gui_port: 8384 syncthing_protocol_port: 22000 syncthing_nginx_ip: 172.32.238.10 syncthing_app_ip: 172.32.238.11 -radicale_domain: "radicale.{{ domain_name }}" +radicale_domain: 'radicale.{{ domain_name }}' radicale_prefix: 24 -radicale_subnet: "172.64.238.0/{{ radicale_prefix }}" +radicale_subnet: '172.64.238.0/{{ radicale_prefix }}' radicale_nginx_ip: 172.64.238.10 radicale_app_port: 5232 radicale_app_ip: 172.64.238.11 -transmission_domain: "transmission.{{ domain_name }}" +transmission_domain: 'transmission.{{ domain_name }}' transmission_prefix: 24 -transmission_subnet: "172.16.238.0/{{ transmission_prefix }}" +transmission_subnet: '172.16.238.0/{{ transmission_prefix }}' transmission_web_port: 9091 transmission_peer_port: 51413 transmission_nginx_ip: 172.16.238.10 -jellyfin_domain: "jellyfin.{{ domain_name }}" +jellyfin_domain: 'jellyfin.{{ domain_name }}' jellyfin_prefix: 24 -jellyfin_subnet: "172.8.238.0/{{ jellyfin_prefix }}" +jellyfin_subnet: '172.8.238.0/{{ jellyfin_prefix }}' jellyfin_web_port: 8096 jellyfin_nginx_ip: 172.8.238.10 diff --git a/host_vars/fudiggity/newsreader.yml b/host_vars/fudiggity/newsreader.yml index 2d9a5fa..b395818 100644 --- a/host_vars/fudiggity/newsreader.yml +++ b/host_vars/fudiggity/newsreader.yml @@ -1,4 +1,3 @@ ---- newsreader_app_name: newsreader newsreader_app_repository: https://forgejo.fudiggity.nl/sonny/newsreader newsreader_app_ref: 0.5.3 @@ -9,32 +8,32 @@ newsreader_postgres_port: 5432 newsreader_postgres_db: newsreader newsreader_postgres_user: newsreader newsreader_postgres_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65613063373266623636626561646639393263313030386337633737636137363730353561356339 - 6433646638316465623338396637623732623563643561640a616639393639356533316431663665 - 30646637363364353062353338303331343234626138653037373661636234373238343264356265 - 6539643939376662650a613631636531383534666435383763613038393966633031353765323234 - 62613865373661333661373562366466333732663737643739663862376466646331386133326364 - 6638366665623036666634616131636634663933323136303334 + $ANSIBLE_VAULT;1.1;AES256 + 65613063373266623636626561646639393263313030386337633737636137363730353561356339 + 6433646638316465623338396637623732623563643561640a616639393639356533316431663665 + 30646637363364353062353338303331343234626138653037373661636234373238343264356265 + 6539643939376662650a613631636531383534666435383763613038393966633031353765323234 + 62613865373661333661373562366466333732663737643739663862376466646331386133326364 + 6638366665623036666634616131636634663933323136303334 newsreader_django_settings_module: newsreader.conf.production newsreader_django_secret_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65353236663439393937623930623830313365663766663966343661376662366131313838316536 - 3430633837666138633063333630373338366331653865320a646563663262656464636434323166 - 63616435356533643735343165363761336537616439303464353164633233626632666263636633 - 3237613866353131300a653366313635313365623539393438383434653134396137666533353063 - 63363335643135653535613231653434653566343964363431636264633963326239646633663031 - 38323266326165303064333666653630316634383864666232376165393362323261363833376334 - 323636376639353730366332323039633036 + $ANSIBLE_VAULT;1.1;AES256 + 65353236663439393937623930623830313365663766663966343661376662366131313838316536 + 3430633837666138633063333630373338366331653865320a646563663262656464636434323166 + 63616435356533643735343165363761336537616439303464353164633233626632666263636633 + 3237613866353131300a653366313635313365623539393438383434653134396137666533353063 + 63363335643135653535613231653434653566343964363431636264633963326239646633663031 + 38323266326165303064333666653630316634383864666232376165393362323261363833376334 + 323636376639353730366332323039633036 newsreader_sentry_dsn: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33323865313232393535336363613261663030656465323734323266303837393561633435613736 - 3135353435633337346363316262373431393738303033390a333230343037656266366539323366 - 31373761356431666332396665393564656662396339393531326232366333323861376133653664 - 3739646664623230630a366239623838393766666237643663626261636237393839646136303931 - 66396263623432636430643839336463343438383461646165666131633762646438663532313633 - 66343562376632316665356163633064336530346463636432396537363938363062333861656362 - 63333832663737396330366430336632376638393632656565376436653839363634373437376261 - 36313337616533633239 + $ANSIBLE_VAULT;1.1;AES256 + 33323865313232393535336363613261663030656465323734323266303837393561633435613736 + 3135353435633337346363316262373431393738303033390a333230343037656266366539323366 + 31373761356431666332396665393564656662396339393531326232366333323861376133653664 + 3739646664623230630a366239623838393766666237643663626261636237393839646136303931 + 66396263623432636430643839336463343438383461646165666131633762646438663532313633 + 66343562376632316665356163633064336530346463636432396537363938363062333861656362 + 63333832663737396330366430336632376638393632656565376436653839363634373437376261 + 36313337616533633239 diff --git a/host_vars/fudiggity/radicale.yml b/host_vars/fudiggity/radicale.yml index da6296f..ae0b24d 100644 --- a/host_vars/fudiggity/radicale.yml +++ b/host_vars/fudiggity/radicale.yml @@ -1,6 +1,5 @@ ---- -radicale_app_dir: "/srv/docker/radicale" -radicale_collection_dir: "{{ radicale_app_dir }}/collections" +radicale_app_dir: '/srv/docker/radicale' +radicale_collection_dir: '{{ radicale_app_dir }}/collections' radicale_version: 3.5.1 radicale_python_version: 3.13 diff --git a/host_vars/fudiggity/syncthing.yml b/host_vars/fudiggity/syncthing.yml index 8ca4cf8..4816b55 100644 --- a/host_vars/fudiggity/syncthing.yml +++ b/host_vars/fudiggity/syncthing.yml @@ -1,14 +1,13 @@ ---- -syncthing_app_dir: "/srv/docker/syncthing" +syncthing_app_dir: '/srv/docker/syncthing' syncthing_config_version: 37 syncthing_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31663863326431623139663861316432656264646533323934393033386263613162303266613265 - 3239613930623264383161363664636232663764616138360a643239393735393862376133313062 - 63643434636462306663303434393837353230623830323065626432346336363332363063313533 - 6334633838636664610a323762373839393331653130393136356136303535393662643736643735 - 30316565373866326337383137633639636566623263333061633830366634666537633765343533 - 3736383135393238663963353131663733363962343163363539 + $ANSIBLE_VAULT;1.1;AES256 + 31663863326431623139663861316432656264646533323934393033386263613162303266613265 + 3239613930623264383161363664636232663764616138360a643239393735393862376133313062 + 63643434636462306663303434393837353230623830323065626432346336363332363063313533 + 6334633838636664610a323762373839393331653130393136356136303535393662643736643735 + 30316565373866326337383137633639636566623263333061633830366634666537633765343533 + 3736383135393238663963353131663733363962343163363539 syncthing_devices: - name: Desktop diff --git a/host_vars/fudiggity/transip_client.yml b/host_vars/fudiggity/transip_client.yml index d4d524a..a6e69ef 100644 --- a/host_vars/fudiggity/transip_client.yml +++ b/host_vars/fudiggity/transip_client.yml @@ -1,4 +1,3 @@ ---- transip_client_repository: https://forgejo.fudiggity.nl/sonny/transip-client transip_client_app_ref: 0.7.0 diff --git a/host_vars/fudiggity/transmission.yml b/host_vars/fudiggity/transmission.yml index afa5ff7..d308c7d 100644 --- a/host_vars/fudiggity/transmission.yml +++ b/host_vars/fudiggity/transmission.yml @@ -1,6 +1,5 @@ ---- -transmission_app_dir: "/srv/docker/tranmission" -transmission_download_dir: "/home/sonny/downloads" -transmission_incomplete_dir: "/home/sonny/downloads/incomplete_downloads" +transmission_app_dir: '/srv/docker/tranmission' +transmission_download_dir: '/home/sonny/downloads' +transmission_incomplete_dir: '/home/sonny/downloads/incomplete_downloads' transmission_ratelimit_ratio: 2 diff --git a/host_vars/fudiggity/vpn.yml b/host_vars/fudiggity/vpn.yml index ab4a583..78ab740 100644 --- a/host_vars/fudiggity/vpn.yml +++ b/host_vars/fudiggity/vpn.yml @@ -1,32 +1,31 @@ ---- -vpn_server_public_key_path: "{{ vpn_config_dir }}/keys/public/server.pub" -vpn_server_public_key_source_path: "files/wireguard/default/server.pub" -vpn_server_key_path: "{{ vpn_config_dir }}/keys/private/server.key" +vpn_server_public_key_path: '{{ vpn_config_dir }}/keys/public/server.pub' +vpn_server_public_key_source_path: 'files/wireguard/default/server.pub' +vpn_server_key_path: '{{ vpn_config_dir }}/keys/private/server.key' copy_vpn_configurations: false vpn_peers: laptop: - ip: "10.0.0.2" - public_key: "EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw=" - preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-laptop.psk" - preshared_key_source_path: "files/wireguard/default/preshared-laptop.psk" + ip: '10.0.0.2' + public_key: 'EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw=' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-laptop.psk' + preshared_key_source_path: 'files/wireguard/default/preshared-laptop.psk' desktop: - ip: "10.0.0.3" - public_key: "izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4=" - preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-desktop.psk" - preshared_key_source_path: "files/wireguard/default/preshared-desktop.psk" + ip: '10.0.0.3' + public_key: 'izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4=' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-desktop.psk' + preshared_key_source_path: 'files/wireguard/default/preshared-desktop.psk' # has extra key to generate mobile configuration file mobile: - ip: "10.0.0.4" + ip: '10.0.0.4' allowed_ips: - - "{{ vpn_subnet }}" - - "{{ transmission_subnet }}" - - "{{ syncthing_subnet }}" - - "{{ radicale_subnet }}" - public_key: "4aBHRiglCOE7qEDLqeFgQ5PMMsKczpPoL4bx4jyAEDY=" - preshared_key_path: "{{ vpn_config_dir }}/keys/private/preshared-mobile.psk" - preshared_key_source_path: "files/wireguard/default/preshared-mobile.psk" - private_key_source_path: "files/wireguard/default/mobile.key" + - '{{ vpn_subnet }}' + - '{{ transmission_subnet }}' + - '{{ syncthing_subnet }}' + - '{{ radicale_subnet }}' + public_key: '4aBHRiglCOE7qEDLqeFgQ5PMMsKczpPoL4bx4jyAEDY=' + preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-mobile.psk' + preshared_key_source_path: 'files/wireguard/default/preshared-mobile.psk' + private_key_source_path: 'files/wireguard/default/mobile.key' diff --git a/host_vars/fudiggity/vpn_media.yml b/host_vars/fudiggity/vpn_media.yml index 7598b16..bc67f12 100644 --- a/host_vars/fudiggity/vpn_media.yml +++ b/host_vars/fudiggity/vpn_media.yml @@ -1,4 +1,3 @@ ---- vpn_media_server_public_key_path: "{{ vpn_config_dir }}/keys/public/media_server.pub" vpn_media_server_public_key_source_path: files/wireguard/media/server.pub vpn_media_server_key_path: "{{ vpn_config_dir }}/keys/private/media_server.key" diff --git a/host_vars/fudiggity/woodpecker_ci.yml b/host_vars/fudiggity/woodpecker_ci.yml index 3886c36..5b02358 100644 --- a/host_vars/fudiggity/woodpecker_ci.yml +++ b/host_vars/fudiggity/woodpecker_ci.yml @@ -1,43 +1,42 @@ ---- -woodpecker_domain: "woodpecker.fudiggity.nl" +woodpecker_domain: 'woodpecker.fudiggity.nl' -woodpecker_image_tag: "woodpeckerci/woodpecker-server:v2.8.0" -woodpecker_agent_tag: "woodpeckerci/woodpecker-agent:v2.8.0" +woodpecker_image_tag: 'woodpeckerci/woodpecker-server:v2.8.0' +woodpecker_agent_tag: 'woodpeckerci/woodpecker-agent:v2.8.0' woodpecker_postgres_user: woodpecker woodpecker_postgres_name: woodpecker -woodpecker_app_dir: "/srv/docker/woodpecker" +woodpecker_app_dir: '/srv/docker/woodpecker' woodpecker_forgejo_url: https://forgejo.fudiggity.nl woodpecker_forgejo_client: f467d6ee-6095-4c90-9d14-674d60b07183 woodpecker_forgejo_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31656532363665313866353961373862363031356437326234623030623235363039643663633662 - 6139656163646464613166653033663266313264646666620a336465306235336534633038333436 - 31306630323165646565333466383962626163303433393166326264633566623938366339326662 - 3261623736656631300a306161363061353463363361636433326431356532333761666637626163 - 35323065623661363638643062663066306134643035636561346663303138373634643466306161 - 36643037303932323032613432386230356139333963613038373531316536333461643166306261 - 613738363231323938653439373262663633 + $ANSIBLE_VAULT;1.1;AES256 + 31656532363665313866353961373862363031356437326234623030623235363039643663633662 + 6139656163646464613166653033663266313264646666620a336465306235336534633038333436 + 31306630323165646565333466383962626163303433393166326264633566623938366339326662 + 3261623736656631300a306161363061353463363361636433326431356532333761666637626163 + 35323065623661363638643062663066306134643035636561346663303138373634643466306161 + 36643037303932323032613432386230356139333963613038373531316536333461643166306261 + 613738363231323938653439373262663633 woodpecker_agent_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62306636643432613934633038643363373831346639383635356366333634376337303438386339 - 3264363234653362646364326263313465356261313738340a616133663630376166653364376363 - 34353165373663343236336330643365663830393836393264373032666536633733636161663661 - 3464333936613066630a636166343931306365646334373731383430646233316332313861663838 - 64663761303237613335613366343731326630386239633061633363666330663336623730303061 - 38376266636662363834663664643466643361363563396539316234623764363464303336663662 - 613362623365363563323934653562366138 + $ANSIBLE_VAULT;1.1;AES256 + 62306636643432613934633038643363373831346639383635356366333634376337303438386339 + 3264363234653362646364326263313465356261313738340a616133663630376166653364376363 + 34353165373663343236336330643365663830393836393264373032666536633733636161663661 + 3464333936613066630a636166343931306365646334373731383430646233316332313861663838 + 64663761303237613335613366343731326630386239633061633363666330663336623730303061 + 38376266636662363834663664643466643361363563396539316234623764363464303336663662 + 613362623365363563323934653562366138 woodpecker_postgres_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33363337656661326362396537336638383036386631643935323136636661363865633763303138 - 6566643036333166326230366531633062306362636236630a626235323439663231363164366166 - 34633166313431623236323039643164396130653664393062306334653761663264666636316436 - 3963646536663863350a633836376238333939313363613932353039353465306330623965633161 - 37376336353664386166303865373939616434613966393163623536616432623035653235623763 - 35623063333766636131653065313064383163383261383866626232343335326566316431623233 - 326434353932373335366636613863666635 + $ANSIBLE_VAULT;1.1;AES256 + 33363337656661326362396537336638383036386631643935323136636661363865633763303138 + 6566643036333166326230366531633062306362636236630a626235323439663231363164366166 + 34633166313431623236323039643164396130653664393062306334653761663264666636316436 + 3963646536663863350a633836376238333939313363613932353039353465306330623965633161 + 37376336353664386166303865373939616434613966393163623536616432623035653235623763 + 35623063333766636131653065313064383163383261383866626232343335326566316431623233 + 326434353932373335366636613863666635 diff --git a/inventory.yml b/inventory.yml index 9fb4b53..b41db92 100644 --- a/inventory.yml +++ b/inventory.yml @@ -1,4 +1,3 @@ ---- bookworm: hosts: fudiggity: diff --git a/playbook.yml b/playbook.yml index e52e3c0..caaad76 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,11 +1,10 @@ ---- - name: Provision debian server hosts: bookworm pre_tasks: - name: Install shared packages become: true ansible.builtin.apt: - name: "{{ packages }}" + name: '{{ packages }}' tasks: - name: Generic provisioning ansible.builtin.import_tasks: tasks/setup.yml @@ -72,4 +71,4 @@ tags: transip-client handlers: - name: Import handlers - ansible.builtin.import_tasks: "handlers.yml" + ansible.builtin.import_tasks: 'handlers.yml' diff --git a/tasks/docker.yml b/tasks/docker.yml index 2e854df..7d32d83 100644 --- a/tasks/docker.yml +++ b/tasks/docker.yml @@ -1,37 +1,35 @@ ---- -- name: "Prepare apt keyring" +- name: 'prepare apt keyring' become: true - ansible.builtin.command: install -m 0755 -d /etc/apt/keyrings + command: install -m 0755 -d /etc/apt/keyrings -- name: "Create docker directory" +- name: 'create docker directory' become: true - ansible.builtin.file: - path: "/etc/docker" + file: + path: '/etc/docker' state: directory owner: root -- name: "Copy docker files" +- name: 'copy docker files' become: true - ansible.builtin.copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + copy: + src: '{{ item.src }}' + dest: '{{ item.dest }}' owner: root loop: - - { src: "files/docker/apt.gpg", dest: "/etc/apt/keyrings/docker.gpg" } - - { src: "files/docker/config.json", dest: "/etc/docker/daemon.json" } + - { src: 'files/docker/apt.gpg', dest: '/etc/apt/keyrings/docker.gpg' } + - { src: 'files/docker/config.json', dest: '/etc/docker/daemon.json' } notify: restart docker service -- name: "Install docker apt source" +- name: 'install docker apt source' become: true - ansible.builtin.template: - src: "templates/docker.j2" - dest: "/etc/apt/sources.list.d/docker.sources" - mode: "0664" + template: + src: 'templates/docker.j2' + dest: '/etc/apt/sources.list.d/docker.list' owner: root -- name: "Install docker" +- name: 'install docker' become: true - ansible.builtin.apt: + apt: update_cache: true state: present name: diff --git a/tasks/forgejo.yml b/tasks/forgejo.yml index 4d3622f..22efb41 100644 --- a/tasks/forgejo.yml +++ b/tasks/forgejo.yml @@ -1,4 +1,3 @@ ---- - name: Create git user become: true ansible.builtin.user: @@ -10,54 +9,54 @@ - name: Create required directories become: true ansible.builtin.file: - path: "{{ item.path }}" - state: "{{ item.state }}" - mode: "{{ item.mode }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" + path: '{{ item.path }}' + state: '{{ item.state }}' + mode: '{{ item.mode }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' loop: - - path: "{{ forgejo_app_dir }}" + - path: '{{ forgejo_app_dir }}' owner: sonny group: sonny state: directory - mode: "0755" + mode: '0755' - - path: "{{ forgejo_data_dir }}" + - path: '{{ forgejo_data_dir }}' owner: sonny group: sonny state: directory - mode: "0755" + mode: '0755' - - path: "{{ forgejo_postgres_password }}" + - path: '{{ forgejo_postgres_password }}' owner: sonny group: sonny state: directory - mode: "0755" + mode: '0755' - name: Copy docker-compose file ansible.builtin.template: src: templates/forgejo/docker-compose.j2 - dest: "{{ forgejo_app_dir }}/docker-compose.yml" - mode: "0755" + dest: '{{ forgejo_app_dir }}/docker-compose.yml' + mode: '0755' - name: Stop current containers community.docker.docker_compose_v2: - project_src: "{{ forgejo_app_dir }}" + project_src: '{{ forgejo_app_dir }}' state: stopped - name: Pull missing image community.docker.docker_compose_v2: - project_src: "{{ forgejo_app_dir }}" + project_src: '{{ forgejo_app_dir }}' pull: missing state: stopped - name: Remove dangling containers community.docker.docker_compose_v2: - project_src: "{{ forgejo_app_dir }}" + project_src: '{{ forgejo_app_dir }}' remove_orphans: true state: stopped - name: Start container community.docker.docker_compose_v2: - project_src: "{{ forgejo_app_dir }}" + project_src: '{{ forgejo_app_dir }}' state: present diff --git a/tasks/glitchtip.yml b/tasks/glitchtip.yml index 4601298..bc317d6 100644 --- a/tasks/glitchtip.yml +++ b/tasks/glitchtip.yml @@ -1,43 +1,42 @@ ---- - name: Create required directories become: true ansible.builtin.file: - path: "{{ item.path }}" - state: "{{ item.state }}" - mode: "{{ item.mode }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" + path: '{{ item.path }}' + state: '{{ item.state }}' + mode: '{{ item.mode }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' loop: - - path: "{{ glitchtip_app_dir }}" + - path: '{{ glitchtip_app_dir }}' owner: sonny group: sonny state: directory - mode: "0755" + mode: '0755' - name: Copy docker-compose file ansible.builtin.template: src: templates/glitchtip/docker-compose.j2 - dest: "{{ glitchtip_app_dir }}/docker-compose.yml" - mode: "0750" + dest: '{{ glitchtip_app_dir }}/docker-compose.yml' + mode: '0750' - name: Stop current containers community.docker.docker_compose_v2: - project_src: "{{ glitchtip_app_dir }}" + project_src: '{{ glitchtip_app_dir }}' state: stopped - name: Pull missing image community.docker.docker_compose_v2: - project_src: "{{ glitchtip_app_dir }}" + project_src: '{{ glitchtip_app_dir }}' pull: missing state: stopped - name: Remove dangling containers community.docker.docker_compose_v2: - project_src: "{{ glitchtip_app_dir }}" + project_src: '{{ glitchtip_app_dir }}' remove_orphans: true state: stopped - name: Start container community.docker.docker_compose_v2: - project_src: "{{ glitchtip_app_dir }}" + project_src: '{{ glitchtip_app_dir }}' state: present diff --git a/tasks/jellyfin.yml b/tasks/jellyfin.yml index 0b57c54..d0657f1 100644 --- a/tasks/jellyfin.yml +++ b/tasks/jellyfin.yml @@ -1,30 +1,29 @@ ---- - name: Create directories become: true ansible.builtin.file: - path: "{{ item.path }}" + path: '{{ item.path }}' state: directory - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "0755" + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: '0755' loop: - - path: "{{ jellyfin_configuration_dir }}" + - path: '{{ jellyfin_configuration_dir }}' owner: sonny group: sonny - - path: "{{ jellyfin_media_dir }}" + - path: '{{ jellyfin_media_dir }}' owner: sonny group: sonny - - path: "{{ jellyfin_cache_dir }}" + - path: '{{ jellyfin_cache_dir }}' owner: sonny group: sonny - - path: "{{ jellyfin_app_dir }}" + - path: '{{ jellyfin_app_dir }}' owner: root group: root - - path: "{{ jellyfin_app_dir }}/nginx.conf.d" + - path: '{{ jellyfin_app_dir }}/nginx.conf.d' owner: sonny group: sonny @@ -32,38 +31,38 @@ become: true ansible.builtin.template: src: templates/jellyfin/docker-compose.j2 - dest: "{{ jellyfin_app_dir }}/docker-compose.yml" + dest: '{{ jellyfin_app_dir }}/docker-compose.yml' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Copy NGINX configuration become: true ansible.builtin.template: - src: "templates/jellyfin/nginx.j2" - dest: "{{ jellyfin_app_dir }}/nginx.conf.d/default.conf" + src: 'templates/jellyfin/nginx.j2' + dest: '{{ jellyfin_app_dir }}/nginx.conf.d/default.conf' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Stop jellyfin community.docker.docker_compose_v2: - project_src: "{{ jellyfin_app_dir }}" + project_src: '{{ jellyfin_app_dir }}' state: stopped - name: Pull {{ image_tag }} community.docker.docker_compose_v2: - project_src: "{{ jellyfin_app_dir }}" + project_src: '{{ jellyfin_app_dir }}' pull: missing state: stopped - name: Remove dangling containers community.docker.docker_compose_v2: - project_src: "{{ jellyfin_app_dir }}" + project_src: '{{ jellyfin_app_dir }}' remove_orphans: true state: stopped - name: Start jellyfin community.docker.docker_compose_v2: - project_src: "{{ jellyfin_app_dir }}" + project_src: '{{ jellyfin_app_dir }}' state: present diff --git a/tasks/mpd.yml b/tasks/mpd.yml index e8a3c1a..0fa42c8 100644 --- a/tasks/mpd.yml +++ b/tasks/mpd.yml @@ -1,4 +1,3 @@ ---- - name: Stop systemd mpd service become: true ansible.builtin.systemd: @@ -16,92 +15,92 @@ - name: Remove previous configurations become: true ansible.builtin.file: - path: "{{ item.path }}" + path: '{{ item.path }}' state: absent loop: - - path: "/etc/systemd/system/mpd.service.d" - - path: "/etc/systemd/system/mpd.socket.d" + - path: '/etc/systemd/system/mpd.service.d' + - path: '/etc/systemd/system/mpd.socket.d' - name: Create mpd directories become: true ansible.builtin.file: - path: "{{ item.path }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "0755" + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: '0755' state: directory loop: - - path: "{{ mpd_config_dir }}" + - path: '{{ mpd_config_dir }}' owner: sonny group: sonny - - path: "{{ mpd_playlist_dir }}" + - path: '{{ mpd_playlist_dir }}' owner: sonny group: sonny - - path: "{{ mpd_state_dir }}" + - path: '{{ mpd_state_dir }}' owner: sonny group: sonny - - path: "{{ mpd_app_dir }}" + - path: '{{ mpd_app_dir }}' owner: root group: root - name: Copy mpd templates become: true ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '{{ item.mode }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' loop: - src: templates/mpd/config.j2 - dest: "{{ mpd_config_dir }}/mpd.conf" - mode: "0640" + dest: '{{ mpd_config_dir }}/mpd.conf' + mode: '0640' owner: sonny group: sonny - src: templates/mpd/dockerfile.j2 - dest: "{{ mpd_app_dir }}/Dockerfile" - mode: "0755" + dest: '{{ mpd_app_dir }}/Dockerfile' + mode: '0755' owner: sonny group: sonny - src: templates/mpd/docker-compose.j2 - dest: "{{ mpd_app_dir }}/docker-compose.yml" - mode: "0755" + dest: '{{ mpd_app_dir }}/docker-compose.yml' + mode: '0755' owner: sonny group: sonny - name: Create mpd files ansible.builtin.file: - path: "{{ item }}" - mode: "0755" + path: '{{ item }}' + mode: '0755' state: touch loop: - - "{{ mpd_config_dir }}/db" - - "{{ mpd_config_dir }}/sticker.sql" - - "{{ mpd_state_dir }}/state" + - '{{ mpd_config_dir }}/db' + - '{{ mpd_config_dir }}/sticker.sql' + - '{{ mpd_state_dir }}/state' - name: Stop current containers community.docker.docker_compose_v2: - project_src: "{{ mpd_app_dir }}" + project_src: '{{ mpd_app_dir }}' state: stopped - name: Build image community.docker.docker_compose_v2: - project_src: "{{ mpd_app_dir }}" + project_src: '{{ mpd_app_dir }}' build: always state: stopped - name: Remove dangling containers community.docker.docker_compose_v2: - project_src: "{{ mpd_app_dir }}" + project_src: '{{ mpd_app_dir }}' remove_orphans: true state: stopped - name: Start container community.docker.docker_compose_v2: - project_src: "{{ mpd_app_dir }}" + project_src: '{{ mpd_app_dir }}' state: present diff --git a/tasks/network.yml b/tasks/network.yml index 0696f3c..28cc96d 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -1,18 +1,17 @@ ---- - name: Copy network configuration files become: true ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' owner: root group: systemd-network - mode: "0640" + mode: '0640' loop: - - src: "templates/network/link1.link.j2" - dest: "/etc/systemd/network/98-link1.link" + - src: 'templates/network/link1.link.j2' + dest: '/etc/systemd/network/98-link1.link' - - src: "templates/network/link1.network.j2" - dest: "/etc/systemd/network/98-link1.network" + - src: 'templates/network/link1.network.j2' + dest: '/etc/systemd/network/98-link1.network' notify: - restart systemd-networkd - regenerate initramfs # copies the files into the initramfs for when udev needs them @@ -20,34 +19,34 @@ - name: Set hostname become: true ansible.builtin.hostname: - name: "{{ hostname }}" + name: '{{ hostname }}' use: systemd - name: Copy hosts file become: true ansible.builtin.template: - src: "network/hosts.j2" - dest: "/etc/hosts" - mode: "0644" + src: 'network/hosts.j2' + dest: '/etc/hosts' + mode: '0644' owner: root - name: Copy resolved.conf configuration become: true ansible.builtin.template: - src: "network/resolved.j2" - dest: "/etc/systemd/resolved.conf" - mode: "0644" + src: 'network/resolved.j2' + dest: '/etc/systemd/resolved.conf' + mode: '0644' owner: root notify: restart systemd-resolved - name: Copy firewall template become: true ansible.builtin.template: - src: "templates/nftables.j2" - dest: "/etc/nftables.conf" + src: 'templates/nftables.j2' + dest: '/etc/nftables.conf' owner: root group: root - mode: "0644" + mode: '0644' notify: - restart nftables - restart docker service diff --git a/tasks/newsreader.yml b/tasks/newsreader.yml index 443dfc9..411999c 100644 --- a/tasks/newsreader.yml +++ b/tasks/newsreader.yml @@ -1,42 +1,41 @@ ---- - name: Create newsreader app directory become: true ansible.builtin.file: - path: "{{ newsreader_app_dir }}" + path: '{{ newsreader_app_dir }}' state: directory owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Clone project ansible.builtin.git: - repo: "{{ newsreader_app_repository }}" - dest: "{{ newsreader_app_dir }}" - version: "{{ newsreader_app_ref }}" + repo: '{{ newsreader_app_repository }}' + dest: '{{ newsreader_app_dir }}' + version: '{{ newsreader_app_ref }}' - name: Copy templates ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '{{ item.mode }}' loop: - src: templates/newsreader/env.j2 - dest: "{{ newsreader_app_dir }}/.production.env" - mode: "0750" + dest: '{{ newsreader_app_dir }}/.production.env' + mode: '0750' - src: templates/newsreader/docker-compose.j2 - dest: "{{ newsreader_app_dir }}/docker-compose.resources.yml" - mode: "0750" + dest: '{{ newsreader_app_dir }}/docker-compose.resources.yml' + mode: '0750' - name: Stop current containers community.docker.docker_compose_v2: - project_src: "{{ newsreader_app_dir }}" + project_src: '{{ newsreader_app_dir }}' env_files: - .production.env state: absent - name: Remove dangling containers community.docker.docker_compose_v2: - project_src: "{{ newsreader_app_dir }}" + project_src: '{{ newsreader_app_dir }}' remove_orphans: true state: absent @@ -54,6 +53,6 @@ - docker-compose.yml - docker-compose.production.yml - docker-compose.resources.yml - project_src: "{{ newsreader_app_dir }}" + project_src: '{{ newsreader_app_dir }}' build: always state: present diff --git a/tasks/nginx.yml b/tasks/nginx.yml index be63aba..ec78900 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -1,44 +1,44 @@ ---- - name: Copy nginx configuration files become: true ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' owner: root group: root - mode: "0644" + mode: '0644' loop: - - src: "templates/nginx/default.j2" - dest: "/etc/nginx/sites-available/default" - - src: "templates/nginx/forgejo.j2" - dest: "/etc/nginx/sites-available/forgejo" - - src: "templates/nginx/woodpecker.j2" - dest: "/etc/nginx/sites-available/woodpecker" - - src: "templates/nginx/glitchtip.j2" - dest: "/etc/nginx/sites-available/glitchtip" - - src: "templates/nginx/newsreader.j2" - dest: "/etc/nginx/sites-available/newsreader" + - src: 'templates/nginx/default.j2' + dest: '/etc/nginx/sites-available/default' + - src: 'templates/nginx/forgejo.j2' + dest: '/etc/nginx/sites-available/forgejo' + - src: 'templates/nginx/woodpecker.j2' + dest: '/etc/nginx/sites-available/woodpecker' + - src: 'templates/nginx/glitchtip.j2' + dest: '/etc/nginx/sites-available/glitchtip' + - src: 'templates/nginx/newsreader.j2' + dest: '/etc/nginx/sites-available/newsreader' notify: restart nginx - name: Create configuration links become: true ansible.builtin.file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' state: link loop: - - src: "/etc/nginx/sites-available/default" - dest: "/etc/nginx/sites-enabled/default" - - src: "/etc/nginx/sites-available/forgejo" - dest: "/etc/nginx/sites-enabled/forgejo" - - src: "/etc/nginx/sites-available/woodpecker" - dest: "/etc/nginx/sites-enabled/woodpecker" - - src: "/etc/nginx/sites-available/glitchtip" - dest: "/etc/nginx/sites-enabled/glitchtip" - - src: "/etc/nginx/sites-available/newsreader" - dest: "/etc/nginx/sites-enabled/newsreader" + - src: '/etc/nginx/sites-available/default' + dest: '/etc/nginx/sites-enabled/default' + - src: '/etc/nginx/sites-available/forgejo' + dest: '/etc/nginx/sites-enabled/forgejo' + - src: '/etc/nginx/sites-available/woodpecker' + dest: '/etc/nginx/sites-enabled/woodpecker' + - src: '/etc/nginx/sites-available/glitchtip' + dest: '/etc/nginx/sites-enabled/glitchtip' + - src: '/etc/nginx/sites-available/newsreader' + dest: '/etc/nginx/sites-enabled/newsreader' notify: restart nginx + # Run the folowing command to regenerate a certificate: # # sudo certbot certonly \ @@ -55,11 +55,11 @@ - name: Copy letsencrypt configuration become: true ansible.builtin.template: - src: "templates/letsencrypt/cli.j2" - dest: "/etc/letsencrypt/cli.ini" + src: 'templates/letsencrypt/cli.j2' + dest: '/etc/letsencrypt/cli.ini' owner: root group: root - mode: "0644" + mode: '0644' notify: restart certbot - name: Enable certbot periodic certificate renewal diff --git a/tasks/radicale.yml b/tasks/radicale.yml index a6aa23a..952b575 100644 --- a/tasks/radicale.yml +++ b/tasks/radicale.yml @@ -1,4 +1,3 @@ ---- - name: Stop previous radicale service become: true ansible.builtin.systemd: @@ -25,13 +24,13 @@ - name: Remove radicale virtualenv directory become: true ansible.builtin.file: - path: "/usr/local/lib/radicale" + path: '/usr/local/lib/radicale' state: absent - name: Remove Radicale files become: true ansible.builtin.file: - path: "{{ item }}" + path: '{{ item }}' state: absent loop: - /etc/nginx/radicale @@ -42,85 +41,85 @@ - name: Create Radicale directories become: true ansible.builtin.file: - path: "{{ item.path }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "0755" + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: '0755' state: directory loop: - - path: "{{ radicale_app_dir }}" + - path: '{{ radicale_app_dir }}' owner: root group: root - - path: "{{ radicale_collection_dir }}" + - path: '{{ radicale_collection_dir }}' owner: sonny group: sonny - - path: "{{ radicale_app_dir }}/nginx.conf.d" + - path: '{{ radicale_app_dir }}/nginx.conf.d' owner: sonny group: sonny - name: Copy Radicale docker file become: true ansible.builtin.template: - src: "templates/radicale/dockerfile.j2" - dest: "{{ radicale_app_dir }}/Dockerfile" + src: 'templates/radicale/dockerfile.j2' + dest: '{{ radicale_app_dir }}/Dockerfile' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Copy docker compose become: true ansible.builtin.template: - src: "templates/radicale/docker-compose.j2" - dest: "{{ radicale_app_dir }}/docker-compose.yml" + src: 'templates/radicale/docker-compose.j2' + dest: '{{ radicale_app_dir }}/docker-compose.yml' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Copy Radicale configuration become: true ansible.builtin.template: - src: "templates/radicale/conf.j2" - dest: "{{ radicale_app_dir }}/config" + src: 'templates/radicale/conf.j2' + dest: '{{ radicale_app_dir }}/config' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Copy Radicale user file become: true ansible.builtin.copy: - src: "files/radicale/radicale_users" - dest: "{{ radicale_app_dir }}/radicale_users" + src: 'files/radicale/radicale_users' + dest: '{{ radicale_app_dir }}/radicale_users' owner: sonny group: sonny - mode: "0750" + mode: '0750' - name: Copy NGINX configuration become: true ansible.builtin.template: - src: "templates/radicale/nginx.j2" - dest: "{{ radicale_app_dir }}/nginx.conf.d/default.conf" + src: 'templates/radicale/nginx.j2' + dest: '{{ radicale_app_dir }}/nginx.conf.d/default.conf' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Stop current containers community.docker.docker_compose_v2: - project_src: "{{ radicale_app_dir }}" + project_src: '{{ radicale_app_dir }}' state: stopped - name: Pull missing image community.docker.docker_compose_v2: - project_src: "{{ radicale_app_dir }}" + project_src: '{{ radicale_app_dir }}' build: always state: stopped - name: Remove dangling containers community.docker.docker_compose_v2: - project_src: "{{ radicale_app_dir }}" + project_src: '{{ radicale_app_dir }}' remove_orphans: true state: stopped - name: Start container community.docker.docker_compose_v2: - project_src: "{{ radicale_app_dir }}" + project_src: '{{ radicale_app_dir }}' state: present diff --git a/tasks/setup.yml b/tasks/setup.yml index 3ed15f3..6408a0f 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -1,27 +1,26 @@ ---- - name: Copy nsswitch file become: true ansible.builtin.template: - src: "nsswitch.j2" - dest: "/etc/nsswitch.conf" - mode: "0644" + src: 'nsswitch.j2' + dest: '/etc/nsswitch.conf' + mode: '0644' owner: root - name: Copy ssh template become: true ansible.builtin.template: - src: "templates/ssh.j2" - dest: "/etc/ssh/sshd_config" + src: 'templates/ssh.j2' + dest: '/etc/ssh/sshd_config' owner: root group: root - mode: "0644" + mode: '0644' notify: restart ssh - name: Copy wezterm terminfo file ansible.builtin.copy: - src: "files/wezterm.terminfo" + src: 'files/wezterm.terminfo' dest: /home/sonny/.terminfo - mode: "0755" + mode: '0755' notify: Compile wezterm terminfo file - name: Disable user lingering @@ -32,10 +31,10 @@ become: true ansible.builtin.template: src: templates/unattended-upgrades.j2 - dest: "/etc/apt/apt.conf.d/10periodic" + dest: '/etc/apt/apt.conf.d/10periodic' owner: root group: root - mode: "0755" + mode: '0755' - name: Enable unattended upgrades timer become: true diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml index e4649d3..877b45d 100644 --- a/tasks/syncthing.yml +++ b/tasks/syncthing.yml @@ -1,4 +1,3 @@ ---- - name: Disable system process become: true ansible.builtin.systemd: @@ -9,19 +8,19 @@ - name: Create Syncthing directories become: true ansible.builtin.file: - path: "{{ item.path }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "0755" + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: '0755' state: directory loop: - - path: "{{ syncthing_app_dir }}" + - path: '{{ syncthing_app_dir }}' owner: root group: root - - path: "{{ syncthing_app_dir }}/state" + - path: '{{ syncthing_app_dir }}/state' owner: sonny group: sonny - - path: "{{ syncthing_app_dir }}/nginx.conf.d" + - path: '{{ syncthing_app_dir }}/nginx.conf.d' owner: sonny group: sonny @@ -34,48 +33,48 @@ - name: Copy docker compose configuration become: true ansible.builtin.template: - src: "templates/syncthing/docker-compose.j2" - dest: "{{ syncthing_app_dir }}/docker-compose.yml" + src: 'templates/syncthing/docker-compose.j2' + dest: '{{ syncthing_app_dir }}/docker-compose.yml' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Copy Syncthing configuration become: true ansible.builtin.template: - src: "templates/syncthing/config.j2" - dest: "{{ syncthing_app_dir }}/state/config.xml" + src: 'templates/syncthing/config.j2' + dest: '{{ syncthing_app_dir }}/state/config.xml' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Copy NGINX configuration become: true ansible.builtin.template: - src: "templates/syncthing/nginx.j2" - dest: "{{ syncthing_app_dir }}/nginx.conf.d/default.conf" + src: 'templates/syncthing/nginx.j2' + dest: '{{ syncthing_app_dir }}/nginx.conf.d/default.conf' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Stop current containers community.docker.docker_compose_v2: - project_src: "{{ syncthing_app_dir }}" + project_src: '{{ syncthing_app_dir }}' state: stopped - name: Pull missing image community.docker.docker_compose_v2: - project_src: "{{ syncthing_app_dir }}" + project_src: '{{ syncthing_app_dir }}' pull: missing state: stopped - name: Remove dangling containers community.docker.docker_compose_v2: - project_src: "{{ syncthing_app_dir }}" + project_src: '{{ syncthing_app_dir }}' remove_orphans: true state: stopped - name: Start container community.docker.docker_compose_v2: - project_src: "{{ syncthing_app_dir }}" + project_src: '{{ syncthing_app_dir }}' state: present diff --git a/tasks/transip_client.yml b/tasks/transip_client.yml index 1e5512c..3738fca 100644 --- a/tasks/transip_client.yml +++ b/tasks/transip_client.yml @@ -1,33 +1,32 @@ ---- - name: Create application directory ansible.builtin.file: - path: "{{ transip_client_app_dir }}" + path: '{{ transip_client_app_dir }}' state: directory - mode: "0755" + mode: '0755' - name: Clone project ansible.builtin.git: - repo: "{{ transip_client_repository }}" - dest: "{{ transip_client_app_dir }}" - version: "{{ transip_client_app_ref }}" + repo: '{{ transip_client_repository }}' + dest: '{{ transip_client_app_dir }}' + version: '{{ transip_client_app_ref }}' - name: Copy environment variables file ansible.builtin.template: src: templates/transip_client/env.j2 - dest: "{{ transip_client_env_src_path }}" - mode: "0640" + dest: '{{ transip_client_env_src_path }}' + mode: '0640' - name: Copy private key file ansible.builtin.copy: src: files/transip_client/private_key.key - dest: "{{ transip_client_private_key_src_path }}" - mode: "0600" + dest: '{{ transip_client_private_key_src_path }}' + mode: '0600' - name: Build docker image community.docker.docker_image_build: - name: "{{ transip_client_image_name }}" - path: "{{ transip_client_app_dir }}" - dockerfile: "{{ transip_client_app_dir }}/Dockerfile" + name: '{{ transip_client_image_name }}' + path: '{{ transip_client_app_dir }}' + dockerfile: '{{ transip_client_app_dir }}/Dockerfile' rebuild: always args: UV_ARGS: "--extra sentry-enabled" @@ -35,21 +34,21 @@ - name: Copy start script ansible.builtin.template: src: templates/transip_client/start.j2 - dest: "{{ transip_client_start_script }}" - mode: "0750" + dest: '{{ transip_client_start_script }}' + mode: '0750' - name: Copy systemd templates become: true ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '{{ item.mode }}' loop: - src: templates/transip_client/timer.j2 - dest: "{{ systemd_service_dir }}/transip-client.timer" - mode: "0644" + dest: '{{ systemd_service_dir }}/transip-client.timer' + mode: '0644' - src: templates/transip_client/service.j2 - dest: "{{ systemd_service_dir }}/transip-client.service" - mode: "0640" + dest: '{{ systemd_service_dir }}/transip-client.service' + mode: '0640' notify: enable transip-client timer diff --git a/tasks/transmission.yml b/tasks/transmission.yml index dc21442..31385b4 100644 --- a/tasks/transmission.yml +++ b/tasks/transmission.yml @@ -1,4 +1,3 @@ ---- # Note: requires an up-to-date ansible version to make us of docker compose file ## TODO: use tracker blocklist # @@ -12,32 +11,32 @@ - name: Create Transmission directories become: true ansible.builtin.file: - path: "{{ item.path }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "0755" + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: '0755' state: directory loop: - - path: "{{ transmission_app_dir }}" + - path: '{{ transmission_app_dir }}' owner: root group: root - - path: "{{ transmission_app_dir }}/config" + - path: '{{ transmission_app_dir }}/config' owner: root group: root - - path: "{{ transmission_app_dir }}/nginx.conf.d" + - path: '{{ transmission_app_dir }}/nginx.conf.d' owner: sonny group: sonny - - path: "{{ transmission_download_dir }}" + - path: '{{ transmission_download_dir }}' owner: sonny group: sonny - - path: "{{ transmission_incomplete_dir }}" + - path: '{{ transmission_incomplete_dir }}' owner: sonny group: sonny - name: Remove previous transmission configurations become: true ansible.builtin.file: - path: "{{ item }}" + path: '{{ item }}' state: absent loop: - /etc/systemd/system/transmission-daemon.service.d @@ -47,47 +46,47 @@ become: true ansible.builtin.copy: src: files/transmission/Dockerfile - dest: "{{ transmission_app_dir }}/Dockerfile" + dest: '{{ transmission_app_dir }}/Dockerfile' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Copy docker compose configuration become: true ansible.builtin.template: src: templates/transmission/docker-compose.j2 - dest: "{{ transmission_app_dir }}/docker-compose.yml" + dest: '{{ transmission_app_dir }}/docker-compose.yml' owner: sonny group: sonny - mode: "0755" + mode: '0755' # Prevents Tranmission from overwiting configuration files - name: Stop docker compose containers community.docker.docker_compose_v2: - project_src: "{{ transmission_app_dir }}" + project_src: '{{ transmission_app_dir }}' state: stopped - name: Copy Transmission configuration become: true ansible.builtin.template: - src: "templates/transmission/config.j2" - dest: "{{ transmission_app_dir }}/config/settings.json" + src: 'templates/transmission/config.j2' + dest: '{{ transmission_app_dir }}/config/settings.json' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Copy NGINX configuration become: true ansible.builtin.template: src: templates/transmission/nginx.j2 - dest: "{{ transmission_app_dir }}/nginx.conf.d/default.conf" + dest: '{{ transmission_app_dir }}/nginx.conf.d/default.conf' owner: sonny group: sonny - mode: "0755" + mode: '0755' - name: Start container community.docker.docker_compose_v2: - project_src: "{{ transmission_app_dir }}" + project_src: '{{ transmission_app_dir }}' build: always remove_orphans: true state: restarted diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml index e49b709..c363f39 100644 --- a/tasks/wireguard.yml +++ b/tasks/wireguard.yml @@ -1,4 +1,3 @@ ---- - name: Copy Wireguard configuration files become: true ansible.builtin.template: diff --git a/tasks/wireguard_media.yml b/tasks/wireguard_media.yml index c7046d7..b906e76 100644 --- a/tasks/wireguard_media.yml +++ b/tasks/wireguard_media.yml @@ -1,12 +1,11 @@ ---- - name: Copy Wireguard media configuration files become: true ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' owner: root group: systemd-network - mode: "0640" + mode: '0640' loop: - src: templates/network/wireguard/media/wg1.netdev.j2 dest: /etc/systemd/network/wg1.netdev @@ -17,81 +16,81 @@ - name: Create Wireguard media directories become: true ansible.builtin.file: - path: "{{ item }}" + path: '{{ item }}' owner: root group: systemd-network - mode: "0750" + mode: '0750' state: directory recurse: true loop: - - "{{ vpn_config_dir }}" - - "{{ vpn_media_server_public_key_path | dirname }}" - - "{{ vpn_media_server_key_path | dirname }}" + - '{{ vpn_config_dir }}' + - '{{ vpn_media_server_public_key_path | dirname }}' + - '{{ vpn_media_server_key_path | dirname }}' - name: Copy Wireguard server media credentials become: true ansible.builtin.copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' owner: root group: systemd-network - mode: "0640" + mode: '0640' loop: - - src: "files/wireguard/media/server.pub" - dest: "{{ vpn_media_server_public_key_path }}" - - src: "files/wireguard/media/server.key" - dest: "{{ vpn_media_server_key_path }}" + - src: 'files/wireguard/media/server.pub' + dest: '{{ vpn_media_server_public_key_path }}' + - src: 'files/wireguard/media/server.key' + dest: '{{ vpn_media_server_key_path }}' - name: Copy Wireguard mobile media credentials become: true ansible.builtin.copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' owner: root group: systemd-network - mode: "0640" + mode: '0640' loop: - - src: "files/wireguard/media/mobile-1.pub" - dest: "{{ vpn_config_dir }}/keys/public/mobile_1.pub" + - src: 'files/wireguard/media/mobile-1.pub' + dest: '{{ vpn_config_dir }}/keys/public/mobile_1.pub' - - src: "files/wireguard/media/mobile-1.key" - dest: "{{ vpn_config_dir }}/keys/private/mobile_1.key" + - src: 'files/wireguard/media/mobile-1.key' + dest: '{{ vpn_config_dir }}/keys/private/mobile_1.key' - - src: "files/wireguard/media/mobile-2.pub" - dest: "{{ vpn_config_dir }}/keys/public/mobile_2.pub" + - src: 'files/wireguard/media/mobile-2.pub' + dest: '{{ vpn_config_dir }}/keys/public/mobile_2.pub' - - src: "files/wireguard/media/mobile-2.key" - dest: "{{ vpn_config_dir }}/keys/private/mobile_2.key" + - src: 'files/wireguard/media/mobile-2.key' + dest: '{{ vpn_config_dir }}/keys/private/mobile_2.key' - - src: "files/wireguard/media/tv-1.pub" - dest: "{{ vpn_config_dir }}/keys/public/tv-1.pub" + - src: 'files/wireguard/media/tv-1.pub' + dest: '{{ vpn_config_dir }}/keys/public/tv-1.pub' - - src: "files/wireguard/media/tv-1.key" - dest: "{{ vpn_config_dir }}/keys/private/tv-1.key" + - src: 'files/wireguard/media/tv-1.key' + dest: '{{ vpn_config_dir }}/keys/private/tv-1.key' - - src: "files/wireguard/media/tv-2.pub" - dest: "{{ vpn_config_dir }}/keys/public/tv-2.pub" + - src: 'files/wireguard/media/tv-2.pub' + dest: '{{ vpn_config_dir }}/keys/public/tv-2.pub' - - src: "files/wireguard/media/tv-2.key" - dest: "{{ vpn_config_dir }}/keys/private/tv-2.key" + - src: 'files/wireguard/media/tv-2.key' + dest: '{{ vpn_config_dir }}/keys/private/tv-2.key' - name: Copy wireguard media preshared keys become: true ansible.builtin.copy: - src: "{{ item.value.preshared_key_source_path }}" - dest: "{{ item.value.preshared_key_path }}" + src: '{{ item.value.preshared_key_source_path }}' + dest: '{{ item.value.preshared_key_path }}' owner: root group: systemd-network - mode: "0640" - with_dict: "{{ vpn_media_peers }}" + mode: '0640' + with_dict: '{{ vpn_media_peers }}' - name: Copy Wireguard external media configurations become: true ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "0600" - owner: "{{ ansible_user_id }}" + src: '{{ item.src }}' + dest: '{{ item.dest }}' + mode: '0600' + owner: '{{ ansible_user_id }}' loop: - src: templates/network/wireguard/media/mobile_1.wireguard.j2 dest: /tmp/mobile_1.conf diff --git a/tasks/woodpecker_ci.yml b/tasks/woodpecker_ci.yml index a589f66..6172b9f 100644 --- a/tasks/woodpecker_ci.yml +++ b/tasks/woodpecker_ci.yml @@ -1,43 +1,42 @@ ---- - name: Create required directories become: true ansible.builtin.file: - path: "{{ item.path }}" - state: "{{ item.state }}" - mode: "{{ item.mode }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" + path: '{{ item.path }}' + state: '{{ item.state }}' + mode: '{{ item.mode }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' loop: - - path: "{{ woodpecker_app_dir }}" + - path: '{{ woodpecker_app_dir }}' owner: sonny group: sonny state: directory - mode: "0755" + mode: '0755' - name: Copy docker-compose file ansible.builtin.template: - src: "templates/woodpecker_ci/docker-compose.j2" - dest: "{{ woodpecker_app_dir }}/docker-compose.yml" - mode: "0750" + src: 'templates/woodpecker_ci/docker-compose.j2' + dest: '{{ woodpecker_app_dir }}/docker-compose.yml' + mode: '0750' - name: Stop current containers community.docker.docker_compose_v2: - project_src: "{{ woodpecker_app_dir }}" + project_src: '{{ woodpecker_app_dir }}' state: stopped - name: Pull missing image community.docker.docker_compose_v2: - project_src: "{{ woodpecker_app_dir }}" + project_src: '{{ woodpecker_app_dir }}' pull: missing state: stopped - name: Remove dangling containers community.docker.docker_compose_v2: - project_src: "{{ woodpecker_app_dir }}" + project_src: '{{ woodpecker_app_dir }}' remove_orphans: true state: stopped - name: Start container community.docker.docker_compose_v2: - project_src: "{{ woodpecker_app_dir }}" + project_src: '{{ woodpecker_app_dir }}' state: present diff --git a/templates/docker.j2 b/templates/docker.j2 index f49d8a8..9047bb7 100644 --- a/templates/docker.j2 +++ b/templates/docker.j2 @@ -1,9 +1,3 @@ # {{ ansible_managed }} -Enabled: yes -Types: deb -URIs: https://download.docker.com/linux/debian -Suites: trixie -Components: stable -Architectures: amd64 -Signed-By: /etc/apt/keyrings/docker.gpg +deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable diff --git a/templates/nftables.j2 b/templates/nftables.j2 index 98f079c..100bd44 100644 --- a/templates/nftables.j2 +++ b/templates/nftables.j2 @@ -85,8 +85,4 @@ table ip filter { iifname {{ vpn_media_interface }} ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept } - - chain output { - type filter hook output priority filter; - } } diff --git a/templates/ssh.j2 b/templates/ssh.j2 index a7d1d46..d6446eb 100644 --- a/templates/ssh.j2 +++ b/templates/ssh.j2 @@ -1,6 +1,6 @@ # {{ ansible_managed }} # -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -28,14 +28,14 @@ HostKey /etc/ssh/ssh_host_ed25519_key # Logging #SyslogFacility AUTH -#LogLevel INFO +LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes -#MaxAuthTries 6 +MaxAuthTries 6 #MaxSessions 10 PubkeyAuthentication yes @@ -56,15 +56,13 @@ AuthorizedKeysFile .ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes -# To disable tunneled clear text passwords, change to "no" here! +# To disable tunneled clear text passwords, change to no here! PasswordAuthentication no #PermitEmptyPasswords no -# Change to "yes" to enable keyboard-interactive authentication. Depending on -# the system's configuration, this may involve passwords, challenge-response, -# one-time passwords or some combination of these and other methods. -# Beware issues with some PAM modules and threads. -KbdInteractiveAuthentication no +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no @@ -80,13 +78,13 @@ KbdInteractiveAuthentication no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and +# be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin prohibit-password". +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. +# and ChallengeResponseAuthentication to 'no'. UsePAM yes #AllowAgentForwarding yes @@ -114,7 +112,7 @@ PrintMotd no #Banner none # Allow client to pass locale environment variables -AcceptEnv LANG LC_* COLORTERM NO_COLOR +AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server