Merge branch 'master' of ssh://gitea.mewissen.site:22422/rene/ansible-pull

roles/base/tasks/software/packages_utilities.yml

@@ -17,6 +17,7 @@
       - ranger
       - sudo
       - rsync
+      - tldr
       - tmux
       - traceroute
       - vifm

roles/base/tasks/users/root.yml

@@ -20,7 +20,7 @@
     user: root
     state: present
     key: '{{ item }}'
-    key_options: 'from="192.168.1.240",command="~/validate-rsync.sh"'
+    key_options: 'from="192.168.1.240,192.168.1.133",command="~/validate-rsync.sh"'
   with_file:
     - public_keys/backup_ed25519.pub
 

roles/mailserver/tasks/configure_postfix.yml

@@ -18,8 +18,8 @@
     - {key: "maillog_file", value: "/var/log/postfix.log"}                                                                                                
     - {key: "message_size_limit", value: "0"}                                                                                                             
     - {key: "milter_default_action", value: "accept"}                                                                                                     
-    - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"}                                                                                     
-    - {key: "myhostname", value: "kashyyyk.universe.local"}                                                                                               
+    - {key: "mydestination", value: "'localhost, kashyyyk, coruscant, $myhostname'"}                                                                                     
+    - {key: "myhostname", value: "{{ hostname | default(ansible_hostname) }}"}                                                                                               
     - {key: "mynetworks", value: "'{{ mynetworks }}'"}                           
     - {key: "mynetworks_style", value: "subnet"}                                                                                                          
     - {key: "readme_directory", value: "no"}                                                                                                              
@@ -50,12 +50,12 @@
     - {key: "smtpd_sasl_type", value: "dovecot"}
     - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"}
     - {key: "smtpd_tls_auth_only", value: "yes"}
-    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/fullchain.pem"}
+    - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/fullchain.pem"}
     - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"}
     - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"}
     - {key: "smtpd_tls_eecdh_grade", value: "strong"}
     - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"}
-    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ nginx_proxy_manager_cert_id }}/privkey.pem"}
+    - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/{{ npm_cert }}/privkey.pem"}
     - {key: "smtpd_tls_loglevel", value: "1"}
     - {key: "smtpd_tls_mandatory_ciphers", value: "high"}
     - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"}

roles/server/tasks/main.yml

@@ -7,7 +7,7 @@
   ignore_errors: True
 
 - block:
-  - include_tasks: utilities/mta.yml
+  - include_tasks: utilities/mail_transfer_agent.yml
   - include_tasks: utilities/netdata.yml
     when: netdata is defined and netdata == true
   - include_tasks: utilities/snmpd.yml

roles/server/tasks/system_setup/cron.yml

@@ -4,7 +4,35 @@
     state: latest
   when: ansible_distribution == "Archlinux"
 
-- name: server | system_setup | cron
+- name: server | system_setup | cron (VM)
+  tags: cron
+  cron:
+    name: "{{ item.title }}"
+    user: root
+    hour: "{{ item.hour }}"
+    minute: "{{ item.minute }}"
+    job: "{{ item.job }}"
+    state: present
+  when:
+   - ansible_virtualization_role == "NA" or ansible_virtualization_role == "guest"
+   - ansible_virtualization_type == "kvm"
+  loop:
+    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }
+
+- name: server | system_setup | cron (non VM)
+  tags: cron
+  cron:
+    name: "{{ item.title }}"
+    user: root
+    hour: "{{ item.hour }}"
+    minute: "{{ item.minute }}"
+    job: "{{ item.job }}"
+    state: absent
+  when: ansible_virtualization_role != "guest" or ansible_virtualization_type != "kvm"
+  loop:
+    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }
+
+- name: server | system_setup | cron (generic)
   tags: cron
   cron:
     name: "{{ item.title }}"
@@ -13,5 +41,4 @@
     minute: "{{ item.minute }}"
     job: "{{ item.job }}"
   loop:
-    - { title: "Send me a list of upgradeable packages", job: "apt list --upgradable", hour: 0, minute: 0 }
-    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }
+    - { title: "Send me a list of upgradeable packages", job: "{{ check_update_cmd }}", hour: 0, minute: 0 }

roles/server/vars/Archlinux.yml

@@ -3,6 +3,7 @@ snmpd_package: net-snmp
 snmpd_user_file: "/var/net-snmp/snmpd.conf"
 wireguard_package: wireguard-tools
 openssh_server_package: openssh
+check_update_cmd: "/root/bin/cron_pacman"
 
 glusterfs_packages:
   - package: glusterfs

roles/server/vars/Debian.yml

@@ -3,6 +3,7 @@ snmpd_package: snmpd
 snmpd_user_file: "/var/lib/snmp/snmpd.conf"
 wireguard_package: wireguard
 openssh_server_package: openssh-server
+check_update_cmd: "apt list --upgradable"
 
 glusterfs_packages:
   - package: glusterfs-common