diff --git a/.prettierrc.yml b/.prettierrc.yml new file mode 100644 index 0000000..0cb31e6 --- /dev/null +++ b/.prettierrc.yml @@ -0,0 +1,5 @@ +singleQuote: true +printWidth: 90 +tabWidth: 2 +useTabs: false +bracketSpacing: true diff --git a/ansible.cfg b/ansible.cfg index da825e5..d3d000d 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,4 +1,5 @@ [defaults] +roles_path = ./roles ask_vault_pass = True [privilege_escalation] diff --git a/handlers.yml b/handlers.yml index 214addc..16f8612 100644 --- a/handlers.yml +++ b/handlers.yml @@ -12,19 +12,9 @@ state: restarted enabled: true -- name: restart nftables +- name: regenerate initramfs become: true - systemd: - name: nftables.service - state: restarted - enabled: true - -- name: restart ssh - become: true - systemd: - name: ssh.service - state: restarted - enabled: true + command: update-initramfs -u -k all - name: restart docker service become: true @@ -33,17 +23,6 @@ state: restarted enabled: true -- name: restart nginx - become: true - systemd: - name: nginx.service - state: restarted - enabled: true - -- name: regenerate initramfs - become: true - command: update-initramfs -u -k all - - name: restart certbot become: true systemd: @@ -54,4 +33,4 @@ - name: Compile wezterm terminfo file become: true when: wezterm_copy.changed - ansible.builtin.command: tic -x /home/sonny/.terminfo + ansible.builtin.command: 'tic -x {{ ansible_env.HOME }}/.terminfo' diff --git a/playbook.yml b/playbook.yml index f65dbe3..2d64e94 100644 --- a/playbook.yml +++ b/playbook.yml @@ -5,6 +5,8 @@ become: true ansible.builtin.apt: name: '{{ packages }}' + roles: + - common tasks: - name: Generic provisioning ansible.builtin.import_tasks: 'tasks/setup.yml' @@ -53,3 +55,13 @@ handlers: - name: Import handlers ansible.builtin.import_tasks: 'handlers.yml' + vars_files: + - 'vars/main.yml' + - 'vars/vpn.yml' + - 'vars/vpn_media.yml' + - 'vars/network.yml' + - 'vars/transmission.yml' + - 'vars/syncthing.yml' + - 'vars/mpd.yml' + - 'vars/radicale.yml' + - 'vars/jellyfin.yml' diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..ba54c45 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,4 @@ +- src: git+https://git.fudiggity.nl/ansible/common.git + name: common + version: master + scm: git diff --git a/tasks/network.yml b/tasks/network.yml index 28cc96d..b61f9c8 100644 --- a/tasks/network.yml +++ b/tasks/network.yml @@ -47,6 +47,6 @@ owner: root group: root mode: '0644' - notify: + notify: - restart nftables - restart docker service diff --git a/tasks/setup.yml b/tasks/setup.yml index 6408a0f..547af4a 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -14,23 +14,23 @@ owner: root group: root mode: '0644' - notify: restart ssh + notify: reload ssh - name: Copy wezterm terminfo file ansible.builtin.copy: src: 'files/wezterm.terminfo' - dest: /home/sonny/.terminfo + dest: '{{ ansible_env.HOME }}/.terminfo' mode: '0755' notify: Compile wezterm terminfo file - name: Disable user lingering become: true - ansible.builtin.command: loginctl disable-linger sonny + ansible.builtin.command: 'loginctl disable-linger sonny' - name: Copy unattended upgrades configuration become: true ansible.builtin.template: - src: templates/unattended-upgrades.j2 + src: 'templates/unattended-upgrades.j2' dest: '/etc/apt/apt.conf.d/10periodic' owner: root group: root diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml index 877b45d..f72646a 100644 --- a/tasks/syncthing.yml +++ b/tasks/syncthing.yml @@ -27,7 +27,7 @@ - name: Remove previous Syncthing configurations become: true ansible.builtin.file: - path: /home/sonny/.config/syncthing + path: '{{ ansible_env.HOME }}/.config/syncthing' state: absent - name: Copy docker compose configuration diff --git a/tasks/transmission.yml b/tasks/transmission.yml index 31385b4..c96f69f 100644 --- a/tasks/transmission.yml +++ b/tasks/transmission.yml @@ -39,13 +39,13 @@ path: '{{ item }}' state: absent loop: - - /etc/systemd/system/transmission-daemon.service.d - - /home/sonny/.config/transmission-daemon + - '/etc/systemd/system/transmission-daemon.service.d' + - '{{ ansible_env.HOME }}/.config/transmission-daemon' - name: Copy Dockerfile become: true ansible.builtin.copy: - src: files/transmission/Dockerfile + src: 'files/transmission/Dockerfile' dest: '{{ transmission_app_dir }}/Dockerfile' owner: sonny group: sonny @@ -54,7 +54,7 @@ - name: Copy docker compose configuration become: true ansible.builtin.template: - src: templates/transmission/docker-compose.j2 + src: 'templates/transmission/docker-compose.j2' dest: '{{ transmission_app_dir }}/docker-compose.yml' owner: sonny group: sonny @@ -78,7 +78,7 @@ - name: Copy NGINX configuration become: true ansible.builtin.template: - src: templates/transmission/nginx.j2 + src: 'templates/transmission/nginx.j2' dest: '{{ transmission_app_dir }}/nginx.conf.d/default.conf' owner: sonny group: sonny diff --git a/templates/nginx/vpn.j2 b/templates/nginx/vpn.j2 new file mode 100644 index 0000000..fbfab68 --- /dev/null +++ b/templates/nginx/vpn.j2 @@ -0,0 +1,28 @@ +# {{ ansible_managed }} + +server { + listen {{ vpn_listen_address }}:{{ https_port }} ssl; + ssl_certificate /etc/ssl/localcerts/nginx.pem; + ssl_certificate_key /etc/ssl/localcerts/nginx.key; + ssl_protocols TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + access_log /var/log/nginx/vpn.log; + error_log /var/log/nginx/vpn_error.log; + + location /radicale/ { + proxy_pass https://127.0.0.1:{{ radicale_app_port }}/; + + proxy_set_header X-Script-Name /radicale; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Remote-User $remote_user; + proxy_pass_header Authorization; + + auth_basic "Radicale - Password Required"; + auth_basic_user_file /etc/nginx/radicale/htpasswd; + + proxy_ssl_certificate /etc/ssl/localcerts/radicale/client_cert.pem; + proxy_ssl_certificate_key /etc/ssl/localcerts/radicale/client_key.pem; + proxy_ssl_trusted_certificate /etc/ssl/localcerts/radicale/server_cert.pem; + } +} diff --git a/host_vars/fudiggity/jellyfin.yml b/vars/jellyfin.yml similarity index 100% rename from host_vars/fudiggity/jellyfin.yml rename to vars/jellyfin.yml diff --git a/host_vars/fudiggity/main.yml b/vars/main.yml similarity index 100% rename from host_vars/fudiggity/main.yml rename to vars/main.yml diff --git a/host_vars/fudiggity/mpd.yml b/vars/mpd.yml similarity index 100% rename from host_vars/fudiggity/mpd.yml rename to vars/mpd.yml diff --git a/host_vars/fudiggity/network.yml b/vars/network.yml similarity index 100% rename from host_vars/fudiggity/network.yml rename to vars/network.yml diff --git a/host_vars/fudiggity/radicale.yml b/vars/radicale.yml similarity index 100% rename from host_vars/fudiggity/radicale.yml rename to vars/radicale.yml diff --git a/host_vars/fudiggity/syncthing.yml b/vars/syncthing.yml similarity index 88% rename from host_vars/fudiggity/syncthing.yml rename to vars/syncthing.yml index 4816b55..9a77ec7 100644 --- a/host_vars/fudiggity/syncthing.yml +++ b/vars/syncthing.yml @@ -25,8 +25,8 @@ syncthing_devices: syncthing_folders: - id: default label: Default - path: /var/syncthing/default - source_path: /home/sonny/files/sync/ + path: '/var/syncthing/default' + source_path: '{{ ansible_env.HOME }}/files/sync/' type: sendreceive devices: - *syncthing_desktop_id @@ -35,8 +35,8 @@ syncthing_folders: - id: pictures label: Pictures - path: /var/syncthing/pictures - source_path: /home/sonny/files/pictures/ + path: '/var/syncthing/pictures' + source_path: '{{ ansible_env.HOME }}/files/pictures/' type: sendreceive devices: - *syncthing_desktop_id diff --git a/host_vars/fudiggity/transmission.yml b/vars/transmission.yml similarity index 100% rename from host_vars/fudiggity/transmission.yml rename to vars/transmission.yml diff --git a/host_vars/fudiggity/vpn.yml b/vars/vpn.yml similarity index 100% rename from host_vars/fudiggity/vpn.yml rename to vars/vpn.yml diff --git a/host_vars/fudiggity/vpn_media.yml b/vars/vpn_media.yml similarity index 100% rename from host_vars/fudiggity/vpn_media.yml rename to vars/vpn_media.yml