diff --git a/.yamllint.yml b/.yamllint.yml new file mode 100644 index 0000000..3d66a14 --- /dev/null +++ b/.yamllint.yml @@ -0,0 +1,2 @@ +rules: + braces: disable diff --git a/Makefile b/Makefile index 8dab36c..e54fac2 100644 --- a/Makefile +++ b/Makefile @@ -75,4 +75,4 @@ lint-ci: ${SKIP_FILE} @printf "Running yamllint...\n" @yamllint ${YAML_FILES} @. ${SKIP_FILE}; printf "Running ansible-lint with SKIP_LIST: [%s]...\n" "$$ANSIBLE_LINT_SKIP_LIST" - @. ${SKIP_FILE}; ansible-lint -x $$ANSIBLE_LINT_SKIP_LIST ${YAML_FILES} + @. ${SKIP_FILE}; ansible-lint -x $$ANSIBLE_LINT_SKIP_LIST ansible/ diff --git a/ansible/deploy_home.yml b/ansible/deploy_home.yml index 2c52dc5..a61a681 100644 --- a/ansible/deploy_home.yml +++ b/ansible/deploy_home.yml @@ -1,19 +1,17 @@ --- - hosts: all vars_files: - - vars/vault.yml + - vars/vault.yml roles: - - role: common - - role: git - - role: ddns - - role: ssl - - role: pihole - - role: http - - role: drone - - role: hass - - role: nfs - tags: nfs - - role: motion - tags: motion - - role: partkeepr - tags: partkeepr + - role: common + - role: git + - role: ddns + - role: ssl + - role: pihole + - role: http + - role: drone + - role: hass + - role: motion + tags: motion + - role: partkeepr + tags: partkeepr diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml index fbb5630..542cef2 100644 --- a/ansible/roles/common/handlers/main.yml +++ b/ansible/roles/common/handlers/main.yml @@ -1,12 +1,12 @@ --- - name: restart_sshd become: true - service: + ansible.builtin.service: name: sshd state: restarted - name: restart_fail2ban become: true - service: + ansible.builtin.service: name: fail2ban state: restarted diff --git a/ansible/roles/common/tasks/deps.yml b/ansible/roles/common/tasks/deps.yml index db42852..ccbf5e3 100644 --- a/ansible/roles/common/tasks/deps.yml +++ b/ansible/roles/common/tasks/deps.yml @@ -1,7 +1,7 @@ --- - name: install common dependencies become: true - pacman: + community.general.pacman: name: "{{ deps }}" state: present tags: deps diff --git a/ansible/roles/common/tasks/security.yml b/ansible/roles/common/tasks/security.yml index f27aa4a..ef8b46f 100644 --- a/ansible/roles/common/tasks/security.yml +++ b/ansible/roles/common/tasks/security.yml @@ -1,20 +1,20 @@ --- - name: ensure sshd disallows passwords become: true - lineinfile: + ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regexp: "{{ item.re }}" line: "{{ item.li }}" loop: - - {re: '^[# ]*PasswordAuthentication ', li: 'PasswordAuthentication no'} - - {re: '^[# ]*PermitEmptyPasswords ', li: 'PermitEmptyPasswords no'} - - {re: '^[# ]*PermitRootLogin ', li: 'PermitRootLogin no'} + - { re: "^[# ]*PasswordAuthentication ", li: "PasswordAuthentication no" } + - { re: "^[# ]*PermitEmptyPasswords ", li: "PermitEmptyPasswords no" } + - { re: "^[# ]*PermitRootLogin ", li: "PermitRootLogin no" } notify: restart_sshd tags: security - name: setup fail2ban jails become: true - copy: + ansible.builtin.copy: src: files/fail2ban/jails/{{ item }} dest: /etc/fail2ban/jail.d/{{ item }} mode: 0644 @@ -24,9 +24,9 @@ - name: adjust fail2ban sshd filter become: true - lineinfile: + ansible.builtin.lineinfile: path: /etc/fail2ban/filter.d/sshd.conf - regexp: '^[#]*filter =' - line: 'filter = sshd[mode=extra]' + regexp: "^[#]*filter =" + line: "filter = sshd[mode=extra]" notify: restart_fail2ban tags: security diff --git a/ansible/roles/common/tasks/service.yml b/ansible/roles/common/tasks/service.yml index 198671d..9b0c059 100644 --- a/ansible/roles/common/tasks/service.yml +++ b/ansible/roles/common/tasks/service.yml @@ -1,7 +1,7 @@ --- - name: ensure desired services are started and enabled become: true - service: + ansible.builtin.service: name: "{{ item }}" state: started enabled: true diff --git a/ansible/roles/drone/tasks/drone.yml b/ansible/roles/drone/tasks/drone.yml index 9ba9794..4f005f2 100644 --- a/ansible/roles/drone/tasks/drone.yml +++ b/ansible/roles/drone/tasks/drone.yml @@ -1,7 +1,7 @@ --- - name: create drone-ci server container diff: false - docker_container: + community.general.docker_container: name: drone image: drone/drone:latest recreate: true @@ -11,7 +11,7 @@ env: DRONE_GITHUB_CLIENT_ID: "{{ drone_gh_client_id }}" DRONE_GITHUB_CLIENT_SECRET: "{{ drone_gh_client_sec }}" - DRONE_GIT_ALWAYS_AUTH: 'true' + DRONE_GIT_ALWAYS_AUTH: "true" DRONE_RPC_SECRET: "{{ drone_rpc_secret }}" DRONE_SERVER_HOST: "{{ ci_server_name }}" DRONE_SERVER_PROTO: "{{ drone_server_proto }}" @@ -24,7 +24,7 @@ - name: create drone-ci worker container diff: false - docker_container: + community.general.docker_container: name: drone-runner image: drone/drone-runner-docker:latest recreate: true diff --git a/ansible/roles/git/handlers/main.yml b/ansible/roles/git/handlers/main.yml index 83d9a77..d43327e 100644 --- a/ansible/roles/git/handlers/main.yml +++ b/ansible/roles/git/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: start-gitdaemon become: true - systemd: + ansible.builtin.systemd: name: git-daemon.service state: started enabled: true diff --git a/ansible/roles/git/tasks/systemd.yml b/ansible/roles/git/tasks/systemd.yml index 7c4e7c0..ed66d04 100644 --- a/ansible/roles/git/tasks/systemd.yml +++ b/ansible/roles/git/tasks/systemd.yml @@ -1,7 +1,7 @@ --- - name: create the git daemon systemd service become: true - template: + ansible.builtin.template: src: "templates/{{ item }}.j2" dest: "/etc/systemd/system/{{ item }}" mode: 0644 diff --git a/ansible/roles/git/tasks/user.yml b/ansible/roles/git/tasks/user.yml index 5aff36b..67d117e 100644 --- a/ansible/roles/git/tasks/user.yml +++ b/ansible/roles/git/tasks/user.yml @@ -1,7 +1,7 @@ --- - name: create git user become: true - user: + ansible.builtin.user: name: "{{ git_user }}" comment: Git user for SSH remotes shell: /usr/bin/git-shell @@ -12,7 +12,7 @@ - name: create git's .ssh directory become: true become_user: git - file: + ansible.builtin.file: path: "{{ git_home }}/.ssh" state: directory mode: 0700 @@ -20,7 +20,7 @@ - name: check git authorized_keys exists become: true - stat: + ansible.builtin.stat: path: "{{ git_home }}/.ssh/authorized_keys" register: git_authfile tags: git @@ -28,7 +28,7 @@ - name: touch git authorized_keys become: true become_user: git - file: + ansible.builtin.file: path: "{{ git_home }}/.ssh/authorized_keys" state: touch mode: 0600 diff --git a/ansible/roles/hass/files/configuration.yaml b/ansible/roles/hass/files/configuration.yaml index 2e68041..5df25e1 100644 Binary files a/ansible/roles/hass/files/configuration.yaml and b/ansible/roles/hass/files/configuration.yaml differ diff --git a/ansible/roles/hass/tasks/hass.yml b/ansible/roles/hass/tasks/hass.yml index 0f1d75a..aed527b 100644 --- a/ansible/roles/hass/tasks/hass.yml +++ b/ansible/roles/hass/tasks/hass.yml @@ -1,7 +1,7 @@ --- - name: create home-assistant host directory volumes become: true - file: + ansible.builtin.file: path: "{{ item }}" state: directory mode: 0640 @@ -13,7 +13,7 @@ - name: copy configuration and automations become: true - copy: + ansible.builtin.copy: src: "files/{{ item }}" dest: "/var/lib/private/hass/{{ item }}" mode: 0644 @@ -24,7 +24,7 @@ - name: create home-assistant server container diff: false - docker_container: + community.general.docker_container: name: hass image: ghcr.io/home-assistant/home-assistant:stable recreate: true diff --git a/ansible/roles/http/handlers/main.yml b/ansible/roles/http/handlers/main.yml index 4bfde1f..4b6a498 100644 --- a/ansible/roles/http/handlers/main.yml +++ b/ansible/roles/http/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart_nginx become: true - service: + ansible.builtin.service: name: nginx state: restarted diff --git a/ansible/roles/http/tasks/http.yml b/ansible/roles/http/tasks/http.yml index 5a3cda4..e71e4c9 100644 --- a/ansible/roles/http/tasks/http.yml +++ b/ansible/roles/http/tasks/http.yml @@ -1,7 +1,7 @@ --- - name: setup nginx base configuration become: true - copy: + ansible.builtin.copy: src: files/nginx/nginx.conf dest: /etc/nginx/nginx.conf mode: 0644 @@ -10,7 +10,7 @@ - name: setup nginx directories become: true - file: + ansible.builtin.file: path: "/etc/nginx/{{ item }}" state: directory mode: 0755 @@ -19,13 +19,14 @@ - sites-available tags: http -- name: ensure http/s directories exist +- name: ensure http and letsencrypt directories exist become: true - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: http group: http + mode: 0644 loop: - /srv/http - /srv/http/letsencrypt @@ -33,16 +34,17 @@ - name: chown http user home become: true - file: + ansible.builtin.file: path: /srv/http owner: http group: http + mode: 0644 recurse: true tags: http - name: template nginx http sites-available become: true - template: + ansible.builtin.template: src: "templates/nginx/sites/{{ item }}.j2" dest: "/etc/nginx/sites-available/{{ item }}" mode: 0644 @@ -58,14 +60,14 @@ - name: remove pihole from sites-enabled if there become: true - file: + ansible.builtin.file: path: "/etc/nginx/sites-enabled/pi.hole.conf" state: absent tags: http - name: enable desired nginx http sites become: true - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/{{ item }}" dest: "/etc/nginx/sites-enabled/{{ item }}" state: link @@ -81,5 +83,6 @@ - name: validate nginx configurations become: true - shell: nginx -t + ansible.builtin.command: nginx -t + changed_when: false tags: http diff --git a/ansible/roles/http/tasks/https.yml b/ansible/roles/http/tasks/https.yml index eaa02fa..35793a6 100644 --- a/ansible/roles/http/tasks/https.yml +++ b/ansible/roles/http/tasks/https.yml @@ -1,7 +1,7 @@ --- - name: template nginx https sites-available become: true - template: + ansible.builtin.template: src: "templates/nginx/sites/{{ item }}.j2" dest: "/etc/nginx/sites-available/{{ item }}" mode: 0644 @@ -13,7 +13,7 @@ - name: enable desired nginx https sites become: true - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/{{ item }}" dest: "/etc/nginx/sites-enabled/{{ item }}" state: link diff --git a/ansible/roles/http/tasks/modsec.yml b/ansible/roles/http/tasks/modsec.yml index 502abc5..a3ac830 100644 --- a/ansible/roles/http/tasks/modsec.yml +++ b/ansible/roles/http/tasks/modsec.yml @@ -1,7 +1,7 @@ --- - name: create nginx/conf directory become: true - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: root @@ -14,7 +14,7 @@ - name: create modsec_includes.conf become: true - copy: + ansible.builtin.copy: src: files/nginx/modsec_includes.conf dest: "{{ nginx_path }}/modsec_includes.conf" mode: 0644 @@ -23,7 +23,7 @@ - name: clone coreruleset and modsecurity become: true - git: + ansible.builtin.git: repo: "{{ item.src }}" dest: "{{ item.dest }}" update: true @@ -35,7 +35,7 @@ - name: setup modsec and coreruleset configs become: true - copy: + ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ item.dest }}" force: true @@ -47,7 +47,7 @@ - name: setup coreruleset rules become: true - copy: + ansible.builtin.copy: src: "{{ crs_rules_path }}/{{ item.name }}.conf" dest: "{{ modsec_rules_path }}/{{ item.name }}.conf" force: true @@ -60,7 +60,7 @@ - name: setup coreruleset data become: true - copy: + ansible.builtin.copy: src: "{{ crs_rules_path }}/{{ item }}.data" dest: "{{ modsec_rules_path }}/{{ item }}.data" force: true @@ -72,7 +72,7 @@ - name: whitelist local ip addresses become: true - lineinfile: + ansible.builtin.lineinfile: path: "{{ modsec_crs_before_rule_conf }}" regexp: "{{ modsec_whitelist_local_re }}" line: "{{ modsec_whitelist_local }}" @@ -82,9 +82,9 @@ - name: activate mod-security become: true - lineinfile: + ansible.builtin.lineinfile: path: /etc/nginx/modsecurity.conf - regexp: '^SecRuleEngine' - line: 'SecRuleEngine On' + regexp: "^SecRuleEngine" + line: "SecRuleEngine On" notify: restart_nginx tags: modsec diff --git a/ansible/roles/http/tasks/security.yml b/ansible/roles/http/tasks/security.yml index 5b98a6d..ae4542e 100644 --- a/ansible/roles/http/tasks/security.yml +++ b/ansible/roles/http/tasks/security.yml @@ -1,7 +1,7 @@ --- - name: touch nginx logs, enable jail become: true - file: + ansible.builtin.file: path: "/var/log/nginx/{{ item }}.log" state: touch mode: 0644 diff --git a/ansible/roles/motion/handlers/main.yml b/ansible/roles/motion/handlers/main.yml index 6c9fc00..5a31071 100644 --- a/ansible/roles/motion/handlers/main.yml +++ b/ansible/roles/motion/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart_motion become: true - service: + ansible.builtin.service: name: motion state: restarted diff --git a/ansible/roles/motion/tasks/deps.yml b/ansible/roles/motion/tasks/deps.yml index af84294..dc6a57c 100644 --- a/ansible/roles/motion/tasks/deps.yml +++ b/ansible/roles/motion/tasks/deps.yml @@ -1,7 +1,7 @@ --- - name: install shinobi dependencies become: true - pacman: + community.general.pacman: name: "{{ deps }}" state: present tags: diff --git a/ansible/roles/motion/tasks/motion.yml b/ansible/roles/motion/tasks/motion.yml index 2ebd2cc..f8c7d8c 100644 --- a/ansible/roles/motion/tasks/motion.yml +++ b/ansible/roles/motion/tasks/motion.yml @@ -1,14 +1,14 @@ --- - name: create shinobi user become: true - user: + ansible.builtin.user: name: "{{ motion_user }}" shell: /bin/nologin tags: motion - name: mount shinob videos folder become: true - file: + ansible.builtin.file: path: /mnt/shinobi state: directory owner: "{{ motion_user }}" @@ -18,7 +18,7 @@ - name: mount smb via cifs become: true - mount: + ansible.posix.mount: path: /mnt/shinobi src: "//{{ motion_hostname }}/share/GardenCamera" fstype: cifs @@ -29,13 +29,13 @@ - name: create shinobi data volume become: true - docker_volume: + community.general.docker_volume: name: shinobi_data tags: motion - name: create shinobi server container diff: false - docker_container: + community.general.docker_container: name: shinobi image: migoller/shinobidocker:latest recreate: true diff --git a/ansible/roles/nfs/defaults/main.yml b/ansible/roles/nfs/defaults/main.yml deleted file mode 100644 index b3999e8..0000000 --- a/ansible/roles/nfs/defaults/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -deps: [ - nfs-utils, - samba -] - -nfs_root: /srv/nfs - -nfs_user: nfs -nfs_group: nfsshare diff --git a/ansible/roles/nfs/files/exports b/ansible/roles/nfs/files/exports deleted file mode 100644 index f38f8e8..0000000 --- a/ansible/roles/nfs/files/exports +++ /dev/null @@ -1 +0,0 @@ -/srv/nfs/ 192.168.1.0/24(rw,sync,all_squash,anonuid=2021,anongid=2021,insecure,no_subtree_check) diff --git a/ansible/roles/nfs/files/smb.conf b/ansible/roles/nfs/files/smb.conf deleted file mode 100644 index 4e924eb..0000000 --- a/ansible/roles/nfs/files/smb.conf +++ /dev/null @@ -1,223 +0,0 @@ -# This is the main Samba configuration file. You should read the -# smb.conf(5) manual page in order to understand the options listed -# here. Samba has a huge number of configurable options (perhaps too -# many!) most of which are not shown in this example -# -# For a step to step guide on installing, configuring and using samba, -# read the Samba-HOWTO-Collection. This may be obtained from: -# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf -# -# Many working examples of smb.conf files can be found in the -# Samba-Guide which is generated daily and can be downloaded from: -# http://www.samba.org/samba/docs/Samba-Guide.pdf -# -# Any line which starts with a ; (semi-colon) or a # (hash) -# is a comment and is ignored. In this example we will use a # -# for commentry and a ; for parts of the config file that you -# may wish to enable -# -# NOTE: Whenever you modify this file you should run the command "testparm" -# to check that you have not made any basic syntactic errors. -# -#======================= Global Settings ===================================== -[global] - -# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH - workgroup = WORKGROUP - -# server string is the equivalent of the NT Description field - server string = NFS Storage - -# Server role. Defines in which mode Samba will operate. Possible -# values are "standalone server", "member server", "classic primary -# domain controller", "classic backup domain controller", "active -# directory domain controller". -# -# Most people will want "standalone server" or "member server". -# Running as "active directory domain controller" will require first -# running "samba-tool domain provision" to wipe databases and create a -# new domain. - server role = standalone server - -# This option is important for security. It allows you to restrict -# connections to machines which are on your local network. The -# following example restricts access to two C class networks and -# the "loopback" interface. For more examples of the syntax see -# the smb.conf man page -; hosts allow = 192.168.1. 192.168.2. 127. - -# Uncomment this if you want a guest account, you must add this to /etc/passwd -# otherwise the user "nobody" is used - guest account = nfs - -# this tells Samba to use a separate log file for each machine -# that connects - log file = /var/log/samba/%m.log - -# Put a capping on the size of the log files (in Kb). - max log size = 50 - -# Specifies the Kerberos or Active Directory realm the host is part of -; realm = MY_REALM - -# Backend to store user information in. New installations should -# use either tdbsam or ldapsam. smbpasswd is available for backwards -# compatibility. tdbsam requires no further configuration. -; passdb backend = tdbsam - -# Using the following line enables you to customise your configuration -# on a per machine basis. The %m gets replaced with the netbios name -# of the machine that is connecting. -# Note: Consider carefully the location in the configuration file of -# this line. The included file is read at that point. -; include = /usr/local/samba/lib/smb.conf.%m - -# Configure Samba to use multiple interfaces -# If you have multiple network interfaces then you must list them -# here. See the man page for details. - interfaces = 192.168.1.0/24 - -# Where to store roving profiles (only for Win95 and WinNT) -# %L substitutes for this servers netbios name, %U is username -# You must uncomment the [Profiles] share below -; logon path = \\%L\Profiles\%U - -# Windows Internet Name Serving Support Section: -# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server -; wins support = yes - -# WINS Server - Tells the NMBD components of Samba to be a WINS Client -# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both -; wins server = w.x.y.z - -# WINS Proxy - Tells Samba to answer name resolution queries on -# behalf of a non WINS capable client, for this to work there must be -# at least one WINS Server on the network. The default is NO. -; wins proxy = yes - -# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names -# via DNS nslookups. The default is NO. - dns proxy = no - -# These scripts are used on a domain controller or stand-alone -# machine to add or delete corresponding unix accounts -; add user script = /usr/sbin/useradd %u -; add group script = /usr/sbin/groupadd %g -; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u -; delete user script = /usr/sbin/userdel %u -; delete user from group script = /usr/sbin/deluser %u %g -; delete group script = /usr/sbin/groupdel %g - - -#============================ Share Definitions ============================== -[homes] - comment = Home Directories - browseable = no - writable = no - -# Un-comment the following and create the netlogon directory for Domain Logons -; [netlogon] -; comment = Network Logon Service -; path = /usr/local/samba/lib/netlogon -; guest ok = yes -; writable = no -; share modes = no - - -# Un-comment the following to provide a specific roving profile share -# the default is to use the user's home directory -;[Profiles] -; path = /usr/local/samba/profiles -; browseable = no -; guest ok = yes - - -# NOTE: If you have a BSD-style print system there is no need to -# specifically define each individual printer -;[printers] -; comment = All Printers -; path = /usr/spool/samba -; browseable = no -;# Set public = yes to allow user 'guest account' to print -; guest ok = no -; writable = no -; printable = no - -# This one is useful for people to share files -;[tmp] -; comment = Temporary file space -; path = /tmp -; read only = no -; public = yes - -# A publicly accessible directory, but read only, except for people in -# the "staff" group -;[public] -; comment = NFS Store -; path = /srv/nfs -; public = yes -; writable = yes -; printable = no -; write list = @staff - -# Other examples. -# -# A private printer, usable only by fred. Spool data will be placed in fred's -# home directory. Note that fred must have write access to the spool directory, -# wherever it is. -;[fredsprn] -; comment = Fred's Printer -; valid users = fred -; path = /homes/fred -; printer = freds_printer -; public = no -; writable = no -; printable = yes - -# A private directory, usable only by fred. Note that fred requires write -# access to the directory. -;[fredsdir] -; comment = Fred's Service -; path = /usr/somewhere/private -; valid users = fred -; public = no -; writable = yes -; printable = no - -# a service which has a different directory for each machine that connects -# this allows you to tailor configurations to incoming machines. You could -# also use the %U option to tailor it by user name. -# The %m gets replaced with the machine name that is connecting. -;[pchome] -; comment = PC Directories -; path = /usr/pc/%m -; public = no -; writable = yes - -# A publicly accessible directory, read/write to all users. Note that all files -# created in the directory by users will be owned by the default user, so -# any user with access can delete any other user's files. Obviously this -# directory must be writable by the default user. Another user could of course -# be specified, in which case all files would be owned by that user instead. -[public] - path = /srv/nfs - public = yes - only guest = yes - writable = yes - printable = no - -# The following two entries demonstrate how to share a directory so that two -# users can place files there that will be owned by the specific users. In this -# setup, the directory should be writable by both users and should have the -# sticky bit set on it to prevent abuse. Obviously this could be extended to -# as many users as required. -;[myshare] -; comment = Mary's and Fred's stuff -; path = /usr/somewhere/shared -; valid users = mary fred -; public = no -; writable = yes -; printable = no -; create mask = 0765 - - diff --git a/ansible/roles/nfs/handlers/main.yml b/ansible/roles/nfs/handlers/main.yml deleted file mode 100644 index 7111cc6..0000000 --- a/ansible/roles/nfs/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: restart_nfs - become: true - service: - name: nfs-server.service - state: restarted - enabled: true - -- name: reload_exports - become: true - command: exportfs -arv diff --git a/ansible/roles/nfs/tasks/deps.yml b/ansible/roles/nfs/tasks/deps.yml deleted file mode 100644 index 623d9c4..0000000 --- a/ansible/roles/nfs/tasks/deps.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: install nfs dependencies - become: true - pacman: - name: "{{ deps }}" - state: present - tags: deps diff --git a/ansible/roles/nfs/tasks/main.yml b/ansible/roles/nfs/tasks/main.yml deleted file mode 100644 index 583ff75..0000000 --- a/ansible/roles/nfs/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- import_tasks: deps.yml -- import_tasks: user.yml -- import_tasks: nfs.yml -- import_tasks: samba.yml diff --git a/ansible/roles/nfs/tasks/nfs.yml b/ansible/roles/nfs/tasks/nfs.yml deleted file mode 100644 index 9924746..0000000 --- a/ansible/roles/nfs/tasks/nfs.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: create nfs folder/ensure ownership - become: true - file: - path: "{{ nfs_root }}" - state: directory - owner: "{{ nfs_user }}" - group: "{{ nfs_group }}" - mode: 0777 - recurse: true - -- name: enable and start nfs server - become: true - service: - name: nfs-server.service - state: started - enabled: true - -- name: enable and start nfs idmap service - become: true - service: - name: nfs-idmapd.service - state: started - enabled: true - -- name: create exports - become: true - copy: - src: files/exports - dest: /etc/exports - mode: 0644 - notify: reload_exports diff --git a/ansible/roles/nfs/tasks/samba.yml b/ansible/roles/nfs/tasks/samba.yml deleted file mode 100644 index 7724651..0000000 --- a/ansible/roles/nfs/tasks/samba.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: copy samba smb.conf - become: true - copy: - src: files/smb.conf - dest: /etc/samba/smb.conf - mode: 0644 - -- name: start and enable samba service - become: true - service: - name: smb.service - state: started - enabled: true - -- name: start and enabme samba name service - become: true - service: - name: nmb.service - state: started - enabled: true diff --git a/ansible/roles/nfs/tasks/user.yml b/ansible/roles/nfs/tasks/user.yml deleted file mode 100644 index 70c153f..0000000 --- a/ansible/roles/nfs/tasks/user.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: create nfs group - become: true - group: - name: "{{ nfs_group }}" - gid: 2021 - state: present - -- name: create nfs user - become: true - user: - name: "{{ nfs_user }}" - group: "{{ nfs_group }}" - uid: 2021 - create_home: false - home: "{{ nfs_root }}" - shell: /bin/sh diff --git a/ansible/roles/partkeepr/tasks/main.yml b/ansible/roles/partkeepr/tasks/main.yml index 6f335a7..359d2b1 100644 --- a/ansible/roles/partkeepr/tasks/main.yml +++ b/ansible/roles/partkeepr/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: create required partkeepr volumes - docker_volume: + community.general.docker_volume: name: "{{ item }}" with_items: - partkeepr-web-vol @@ -9,12 +9,12 @@ - partkeepr-db-vol - name: create partkeepr network - docker_network: + community.general.docker_network: name: "partkeepr" - name: create partkeepr-db container diff: false - docker_container: + community.general.docker_container: name: partkeepr-db image: mariadb:10.0 recreate: false @@ -24,7 +24,7 @@ networks: - name: "partkeepr" env: - MYSQL_RANDOM_ROOT_PASSWORD: 'yes' + MYSQL_RANDOM_ROOT_PASSWORD: "yes" MYSQL_DATABASE: partkeepr MYSQL_USER: partkeepr MYSQL_PASSWORD: partkeepr @@ -33,7 +33,7 @@ - name: create partkeepr container diff: false - docker_container: + community.general.docker_container: name: partkeepr image: mhubig/partkeepr:latest recreate: false @@ -49,7 +49,7 @@ - name: create partkeepr-cron container diff: false - docker_container: + community.general.docker_container: name: partkeepr-cron image: mhubig/partkeepr:latest entrypoint: [] @@ -65,7 +65,7 @@ - name: create partkeepr container diff: false - docker_container: + community.general.docker_container: name: partkeepr image: mhubig/partkeepr:latest recreate: false diff --git a/ansible/roles/pihole/tasks/deps.yml b/ansible/roles/pihole/tasks/deps.yml index 323b55c..173a697 100644 --- a/ansible/roles/pihole/tasks/deps.yml +++ b/ansible/roles/pihole/tasks/deps.yml @@ -1,11 +1,11 @@ --- - name: install pi-hole-server - command: yay -S --noconfirm pi-hole-server + ansible.builtin.command: yay -S --noconfirm pi-hole-server args: creates: /bin/pihole - name: install pi-hole-server dependencies become: true - pacman: + community.general.pacman: name: "{{ deps }}" state: present diff --git a/ansible/roles/pihole/tasks/php.yml b/ansible/roles/pihole/tasks/php.yml index bc854df..e0ba2ad 100644 --- a/ansible/roles/pihole/tasks/php.yml +++ b/ansible/roles/pihole/tasks/php.yml @@ -1,7 +1,7 @@ --- - name: replace pi.hole hostname become: true - replace: + ansible.builtin.replace: path: "{{ item }}" regexp: "pi\\.hole" replace: "pi.bdebyl.net" diff --git a/ansible/roles/ssl/tasks/certbot.yml b/ansible/roles/ssl/tasks/certbot.yml index 72b4391..ebda748 100644 --- a/ansible/roles/ssl/tasks/certbot.yml +++ b/ansible/roles/ssl/tasks/certbot.yml @@ -1,14 +1,14 @@ --- - name: stat dhparam become: true - stat: + ansible.builtin.stat: path: /etc/ssl/certs/dhparam.pem register: dhparam tags: ssl - name: generate openssl dhparam for nginx become: true - command: | + ansible.builtin.command: | openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 when: not dhparam.stat.exists args: @@ -17,7 +17,7 @@ - name: create ssl certificate for ci server become: true - command: | + ansible.builtin.command: | certbot certonly --webroot --webroot-path=/srv/http/letsencrypt \ -m {{ ssl_email }} --agree-tos \ -d {{ item }} diff --git a/ansible/roles/ssl/tasks/cron.yml b/ansible/roles/ssl/tasks/cron.yml index 8b7928a..ba45973 100644 --- a/ansible/roles/ssl/tasks/cron.yml +++ b/ansible/roles/ssl/tasks/cron.yml @@ -1,7 +1,7 @@ --- - name: renew certbot ssl certificates weekly become: true - cron: + ansible.builtin.cron: name: certbot_renew special_time: weekly job: >-