From 8b4579bb903d2db58d5112524bfa0068a41717e1 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 14:23:01 +0100 Subject: [PATCH 01/72] role mastodon added --- os_vars/debian.yml | 15 ++- os_vars/ubuntu.yml | 15 ++- roles/database/tasks/install_postgres.yml | 9 ++ roles/database/tasks/install_redis.yml | 9 ++ roles/database/tasks/main.yml | 14 +++ roles/mastodon/tasks/main.yml | 17 +++ .../tasks/system_setup/letsencrypt.yml | 31 ++++++ .../mastodon/tasks/system_setup/mastodon.yml | 100 ++++++++++++++++++ roles/mastodon/tasks/system_setup/nginx.yml | 18 ++++ .../mastodon/tasks/system_setup/packages.yml | 16 +++ .../tasks/system_setup/prepare_database.yml | 47 ++++++++ .../system_setup/prepare_packagemanager.yml | 22 ++++ roles/mastodon/tasks/system_setup/ruby.yml | 57 ++++++++++ roles/mastodon/tasks/system_setup/user.yml | 6 ++ roles/mastodon/templates/letsencrypt.conf.j2 | 8 ++ .../templates/mastodon-sidekiq.service.j2 | 16 +++ .../templates/mastodon-streaming.service.j2 | 16 +++ .../templates/mastodon-web.service.j2 | 17 +++ roles/mastodon/templates/mastodon.conf.j2 | 100 ++++++++++++++++++ roles/mastodon/vars/debian.yml | 33 ++++++ roles/mastodon/vars/main.yml | 20 ++++ 21 files changed, 584 insertions(+), 2 deletions(-) create mode 100644 roles/database/tasks/install_postgres.yml create mode 100644 roles/database/tasks/install_redis.yml create mode 100644 roles/database/tasks/main.yml create mode 100644 roles/mastodon/tasks/main.yml create mode 100644 roles/mastodon/tasks/system_setup/letsencrypt.yml create mode 100644 roles/mastodon/tasks/system_setup/mastodon.yml create mode 100644 roles/mastodon/tasks/system_setup/nginx.yml create mode 100644 roles/mastodon/tasks/system_setup/packages.yml create mode 100644 roles/mastodon/tasks/system_setup/prepare_database.yml create mode 100644 roles/mastodon/tasks/system_setup/prepare_packagemanager.yml create mode 100644 roles/mastodon/tasks/system_setup/ruby.yml create mode 100644 roles/mastodon/tasks/system_setup/user.yml create mode 100644 roles/mastodon/templates/letsencrypt.conf.j2 create mode 100644 roles/mastodon/templates/mastodon-sidekiq.service.j2 create mode 100644 roles/mastodon/templates/mastodon-streaming.service.j2 create mode 100644 roles/mastodon/templates/mastodon-web.service.j2 create mode 100644 roles/mastodon/templates/mastodon.conf.j2 create mode 100644 roles/mastodon/vars/debian.yml create mode 100644 roles/mastodon/vars/main.yml diff --git a/os_vars/debian.yml b/os_vars/debian.yml index 28ad247..fc36047 100644 --- a/os_vars/debian.yml +++ b/os_vars/debian.yml @@ -1 +1,14 @@ -snmp-user: Debian-snmp \ No newline at end of file +snmp-user: Debian-snmp + +redis: + packages: + - package: "redis-server" + - package: "redis-tools" + +postgres: + packages: + - package: "libpq-dev" + - package: "postgresql" + - package: "postgresql-contrib" + - package: "python3-psycopg2" + - package: "sudo" \ No newline at end of file diff --git a/os_vars/ubuntu.yml b/os_vars/ubuntu.yml index 28ad247..fc36047 100644 --- a/os_vars/ubuntu.yml +++ b/os_vars/ubuntu.yml @@ -1 +1,14 @@ -snmp-user: Debian-snmp \ No newline at end of file +snmp-user: Debian-snmp + +redis: + packages: + - package: "redis-server" + - package: "redis-tools" + +postgres: + packages: + - package: "libpq-dev" + - package: "postgresql" + - package: "postgresql-contrib" + - package: "python3-psycopg2" + - package: "sudo" \ No newline at end of file diff --git a/roles/database/tasks/install_postgres.yml b/roles/database/tasks/install_postgres.yml new file mode 100644 index 0000000..89caede --- /dev/null +++ b/roles/database/tasks/install_postgres.yml @@ -0,0 +1,9 @@ +- name: database | postgres | install postgres packages + package: + name: "{{ item.package }}" + update_cache: yes + cache_valid_time: 3600 + state: latest + install_recommends: no + become: yes + with_items: "{{ postgres.packages }}" \ No newline at end of file diff --git a/roles/database/tasks/install_redis.yml b/roles/database/tasks/install_redis.yml new file mode 100644 index 0000000..eba148a --- /dev/null +++ b/roles/database/tasks/install_redis.yml @@ -0,0 +1,9 @@ +- name: database | redis | install redis packages + package: + name: "{{ item.package }}" + update_cache: yes + cache_valid_time: 3600 + state: latest + install_recommends: no + become: yes + with_items: "{{ redis.packages }}" \ No newline at end of file diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml new file mode 100644 index 0000000..ceab30e --- /dev/null +++ b/roles/database/tasks/main.yml @@ -0,0 +1,14 @@ +# Load distro-specific variables +- include_vars: "{{ ansible_distribution }}.yml" + tags: always + +- block: + - debug: + msg: Debug + # install software + - import_tasks: install_mysql.yml + when: mysql == true + - import_tasks: install_postgres.yml + when: postgres == true + - import_tasks: install_redis.yml + when: redis == true \ No newline at end of file diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml new file mode 100644 index 0000000..4d071ad --- /dev/null +++ b/roles/mastodon/tasks/main.yml @@ -0,0 +1,17 @@ +--- +# Load distro specific variables +- include_vars: "{{ ansible_distribution }}.yml" + tags: always +- include_vars: "{{ ansible_fqdn }}.yml" + ignore_errors: True + +- include_tasks: system_setup/prepare_packagemanager.yml + +- include_role: name=database +- include_tasks: system_setup/prepare_database.yml +- include_role: name=webserver +- include_tasks: system_setup/nginx.yml +- include_tasks: system_setup/user.yml +- include_tasks: system_setup/ruby.yml +- include_tasks: system_setup/mastodon.yml +- include_tasks: system_setup/letsencrypt.yml \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/letsencrypt.yml b/roles/mastodon/tasks/system_setup/letsencrypt.yml new file mode 100644 index 0000000..6a3444b --- /dev/null +++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml @@ -0,0 +1,31 @@ +--- +- stat: path=/etc/letsencrypt/live/{{ mastodon_host }}/fullchain.pem + register: letsencrypt_cert + +- name: Copy letsencrypt nginx config + template: + src: ../files/nginx/letsencrypt.conf.j2 + dest: /etc/nginx/sites-available/mastodon.conf + when: not letsencrypt_cert.stat.exists + +- name: Symlink enabled site + file: + src: "/etc/nginx/sites-available/mastodon.conf" + dest: "/etc/nginx/sites-enabled/mastodon.conf" + state: link + when: not letsencrypt_cert.stat.exists + +- name: Reload nginx + command: "systemctl reload nginx" + +- name: Install letsencrypt cert + command: letsencrypt certonly -n --webroot -d {{ mastodon_host }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host }}" --agree-tos && systemctl reload nginx + when: not letsencrypt_cert.stat.exists + +- name: Letsencrypt Job + cron: + name: "letsencrypt renew" + minute: "15" + hour: "0" + job: "letsencrypt renew && service nginx reload" + diff --git a/roles/mastodon/tasks/system_setup/mastodon.yml b/roles/mastodon/tasks/system_setup/mastodon.yml new file mode 100644 index 0000000..2f25c4c --- /dev/null +++ b/roles/mastodon/tasks/system_setup/mastodon.yml @@ -0,0 +1,100 @@ +- name: Clone mastodon + git: + repo: "https://github.com/mastodon/mastodon.git" + dest: "{{ mastodon_home }}/{{mastodon_path}}" + clone: true + +# - name: Update to latest version +# shell: "git fetch; git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)" +# args: +# chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + +- name: Bundle install + shell: | + ~/.rbenv/shims/bundle config set --local deployment 'true' && \ + ~/.rbenv/shims/bundle config set --local without 'test' && \ + ~/.rbenv/shims/bundle config set --local with 'development' && \ + ~/.rbenv/shims/bundle install -j$(getconf _NPROCESSORS_ONLN) + args: + chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + +- name: Yarn install + command: yarn install --pure-lockfile + args: + chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + +- name: Install systemd sidekiq Service Files + template: + src: mastodon-sidekiq.service.j2 + dest: /etc/systemd/system/mastodon-sidekiq.service + become: true + become_user: root + +- name: Install systemd web Service Files + template: + src: mastodon-web.service.j2 + dest: /etc/systemd/system/mastodon-web.service + become: true + become_user: root + +- name: Install systemd streaming Service Files + template: + src: mastodon-streaming.service.j2 + dest: /etc/systemd/system/mastodon-streaming.service + become: true + become_user: root + +- name: Media cleanup cronjob + cron: + name: "media cleanup" + minute: "15" + hour: "1" + job: '/bin/bash -c ''export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; cd {{ mastodon_home }}/{{ mastodon_path }} && RAILS_ENV=production ./bin/tootctl media remove''' + +- stat: path={{ mastodon_home }}/{{ mastodon_path }}/.env.production + register: production_config + +- name: Migrate database + shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:migrate" + args: + chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + when: production_config.stat.exists + +- name: Precompile assets + shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile" + args: + chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + when: production_config.stat.exists + +- name: Enable mastodon-web + command: systemctl enable mastodon-web.service + become: true + become_user: root + +- name: Enable mastodon-streaming + command: systemctl enable mastodon-streaming.service + become: true + become_user: root + +- name: Enable mastodon-sidekiq + command: systemctl enable mastodon-sidekiq.service + become: true + become_user: root + +- name: Restart mastodon-web + command: systemctl restart mastodon-web.service + when: production_config.stat.exists + become: true + become_user: root + +- name: Restart mastodon-streaming + command: systemctl restart mastodon-streaming.service + when: production_config.stat.exists + become: true + become_user: root + +- name: Restart mastodon-sidekiq + command: systemctl restart mastodon-sidekiq.service + when: production_config.stat.exists + become: true + become_user: root \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/nginx.yml b/roles/mastodon/tasks/system_setup/nginx.yml new file mode 100644 index 0000000..7eff427 --- /dev/null +++ b/roles/mastodon/tasks/system_setup/nginx.yml @@ -0,0 +1,18 @@ +--- + +- name: mastodon | Copy nginx config + template: + src: ../files/nginx/mastodon.conf.j2 + dest: /etc/nginx/sites-available/mastodon.conf + when: + - mastodon_host is defined + notify: restart_nginx + +- name: mastodon | Symlink enabled site + file: + src: "/etc/nginx/sites-available/mastodon.conf" + dest: "/etc/nginx/sites-enabled/mastodon.conf" + state: link + when: + - mastodon_host is defined + notify: restart_nginx \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/packages.yml b/roles/mastodon/tasks/system_setup/packages.yml new file mode 100644 index 0000000..8927e74 --- /dev/null +++ b/roles/mastodon/tasks/system_setup/packages.yml @@ -0,0 +1,16 @@ +--- + +- name: mastodon | Install packages + package: + name: "{{ item.package }}" + update_cache: yes + cache_valid_time: 3600 + state: latest + install_recommends: no + with_items: "{{ packages }}" + +- name: mastodon | nodejs alternative + alternatives: + name: node + link: /usr/bin/node + path: /usr/bin/nodejs \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/prepare_database.yml b/roles/mastodon/tasks/system_setup/prepare_database.yml new file mode 100644 index 0000000..c4c15ae --- /dev/null +++ b/roles/mastodon/tasks/system_setup/prepare_database.yml @@ -0,0 +1,47 @@ +- name: mastodon | postgres | Create database {{ mastodon_db }} + postgresql_db: + name: mastodon | postgres | "{{ mastodon_db }}" + login_host: "{{ mastodon_db_login_host }}" + login_password: "{{ mastodon_db_login_password }}" + login_user: "{{ mastodon_db_login_user }}" + port: "{{ mastodon_db_port }}" + register: create_remote_db + when: + - mastodon_db_login_user is defined + - mastodon_db_login_host is defined + - mastodon_db_login_password is defined + - mastodon_db_port is defined + +- name: mastodon | postgres | Create database user {{ mastodon_db_user }} + postgresql_user: + db: "{{ mastodon_db }}" + name: mastodon | postgres | "{{ mastodon_db_user }}" + password: "{{ mastodon_db_password }}" + login_host: "{{ mastodon_db_login_host }}" + login_password: "{{ mastodon_db_login_password }}" + login_user: "{{ mastodon_db_login_user }}" + port: "{{ mastodon_db_port }}" + role_attr_flags: CREATEDB + register: create_remote_db_user + when: + - mastodon_db_login_user is defined + - mastodon_db_login_host is defined + - mastodon_db_login_password is defined + - mastodon_db_port is defined + +- name: mastodon | postgres | Create database {{ mastodon_db }} + postgresql_db: + name: mastodon | postgres | "{{ mastodon_db }}" + login_unix_socket: "{{ mastodon_db_login_unix_socket }}" + register: create_local_db + when: create_remote_db is skipped + +- name: mastodon | postgres | Create database user {{ mastodon_db_user }} + postgresql_user: + db: "{{ mastodon_db }}" + name: mastodon | postgres | "{{ mastodon_db_user }}" + password: "{{ mastodon_db_password }}" + encrypted: yes + login_unix_socket: "{{ mastodon_db_login_unix_socket }}" + role_attr_flags: CREATEDB + when: create_remote_db_user is skipped \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/prepare_packagemanager.yml b/roles/mastodon/tasks/system_setup/prepare_packagemanager.yml new file mode 100644 index 0000000..9259065 --- /dev/null +++ b/roles/mastodon/tasks/system_setup/prepare_packagemanager.yml @@ -0,0 +1,22 @@ +- name: mastodon | package manager | get nodejs prepare script + +- name: mastodon | package manager | add gpg keys + apt_key: + id: "{{ item.id }}" + url: "{{ item.url }}" + state: present + loop: + - { id: "72ECF46A56B4AD39C907BBB71646B01B86E50310", url: "https://dl.yarnpkg.com/debian/pubkey.gpg" } + - { id: "9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280", url: "https://deb.nodesource.com/gpgkey/nodesource.gpg.key" } + +- name: mastodon | package manager | add repos + apt_repository: + repo: "{{ item.repo }}" + state: present + mode: 0644 # not required. The octal mode for newly created files in sources.list.d + update_cache: no + validate_certs: yes # not required. If C(no), SSL certificates for the target repo will not be validated. This should only be used on personally controlled sites using self-signed certificates. + filename: "{{ item.filename }}" + loop: + - { repo: "deb https://dl.yarnpkg.com/debian/ stable main", filename: "yarn"} + - { repo: "deb https://deb.nodesource.com/node_{{ node_major_version }}.x {{ ansible_lsb.codename }} main", filename: "nodejs"} \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/ruby.yml b/roles/mastodon/tasks/system_setup/ruby.yml new file mode 100644 index 0000000..2ee869a --- /dev/null +++ b/roles/mastodon/tasks/system_setup/ruby.yml @@ -0,0 +1,57 @@ +--- +- name: mastodon | Clone rbenv + git: + repo: "https://github.com/rbenv/rbenv.git" + dest: "~/.rbenv" + clone: true + version: "{{ rbenv_version }}" + +- name: mastodon | Clone ruby-build + git: + repo: "https://github.com/rbenv/ruby-build.git" + dest: "~/.rbenv/plugins/ruby-build" + clone: true + version: "{{ ruby_build_version }}" + register: ruby_build + +- name: mastodon | Configure rbenv + command: ./configure + args: + chdir: "~/.rbenv/src" + register: rbenv_configure + +- name: mastodon | Build rbenv + command: make + args: + chdir: "~/.rbenv/src" + when: rbenv_configure is succeeded + +- name: mastodon | Update profile settings + copy: + dest: "~/.bashrc" + content: | + export PATH="~/.rbenv/bin:${PATH}" + eval "$(rbenv init -)" +- name: mastodon | Check if the Ruby version is already installed + shell: "~/.rbenv/bin/rbenv versions | grep -q {{ ruby_version }}" + register: ruby_installed + ignore_errors: yes + check_mode: no + +- name: mastodon | Install Ruby {{ ruby_version }} + shell: "~/.rbenv/bin/rbenv install {{ ruby_version }}" + args: + executable: /bin/bash + when: ruby_installed is failed + +- name: mastodon | Set the default Ruby version to {{ ruby_version }} + shell: "~/.rbenv/bin/rbenv global {{ ruby_version }}" + args: + executable: /bin/bash + register: default_ruby_version + +- name: mastodon | Install bundler + shell: 'export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; gem install bundler:{{ bundler_version }}' + args: + executable: /bin/bash + when: default_ruby_version is succeeded \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/user.yml b/roles/mastodon/tasks/system_setup/user.yml new file mode 100644 index 0000000..28d9676 --- /dev/null +++ b/roles/mastodon/tasks/system_setup/user.yml @@ -0,0 +1,6 @@ +- name: mastodon | create mastodon user + user: + name: "{{ mastodon_user }}" + createhome: true + shell: /bin/bash + home: "{{ mastodon_home }}" \ No newline at end of file diff --git a/roles/mastodon/templates/letsencrypt.conf.j2 b/roles/mastodon/templates/letsencrypt.conf.j2 new file mode 100644 index 0000000..d496a89 --- /dev/null +++ b/roles/mastodon/templates/letsencrypt.conf.j2 @@ -0,0 +1,8 @@ +# This starts a simple nginx for the letsencrypt acme challenge +server { + listen 80; + listen [::]:80; + server_name {{ mastodon_host }}; + root {{ mastodon_home }}/{{ mastodon_path }}/public; + location /.well-known/acme-challenge/ { allow all; } +} \ No newline at end of file diff --git a/roles/mastodon/templates/mastodon-sidekiq.service.j2 b/roles/mastodon/templates/mastodon-sidekiq.service.j2 new file mode 100644 index 0000000..466297e --- /dev/null +++ b/roles/mastodon/templates/mastodon-sidekiq.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=mastodon-sidekiq +After=network.target + +[Service] +Type=simple +User=mastodon +WorkingDirectory={{ mastodon_home }}/{{ mastodon_path }} +Environment="RAILS_ENV=production" +Environment="DB_POOL=5" +ExecStart={{ mastodon_home }}/.rbenv/shims/bundle exec sidekiq -c 5 -q default -q push -q mailers -q pull +TimeoutSec=15 +Restart=always + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/mastodon/templates/mastodon-streaming.service.j2 b/roles/mastodon/templates/mastodon-streaming.service.j2 new file mode 100644 index 0000000..cf2a8ff --- /dev/null +++ b/roles/mastodon/templates/mastodon-streaming.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=mastodon-streaming +After=network.target + +[Service] +Type=simple +User=mastodon +WorkingDirectory={{ mastodon_home }}/{{ mastodon_path }} +Environment="NODE_ENV=production" +Environment="PORT=4000" +ExecStart=/usr/bin/npm run start +TimeoutSec=15 +Restart=always + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/mastodon/templates/mastodon-web.service.j2 b/roles/mastodon/templates/mastodon-web.service.j2 new file mode 100644 index 0000000..747684f --- /dev/null +++ b/roles/mastodon/templates/mastodon-web.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=mastodon-web +After=network.target + +[Service] +Type=simple +User=mastodon +WorkingDirectory={{ mastodon_home }}/{{ mastodon_path }} +Environment="RAILS_ENV=production" +Environment="PORT=3000" +ExecStart={{ mastodon_home }}/.rbenv/shims/bundle exec puma -C config/puma.rb +ExecReload=/bin/kill -SIGUSR1 $MAINPID +TimeoutSec=15 +Restart=always + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/mastodon/templates/mastodon.conf.j2 b/roles/mastodon/templates/mastodon.conf.j2 new file mode 100644 index 0000000..5bb2931 --- /dev/null +++ b/roles/mastodon/templates/mastodon.conf.j2 @@ -0,0 +1,100 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen 80; + listen [::]:80; + server_name {{ mastodon_host }}; + + # Useful for Let's Encrypt + location /.well-known/acme-challenge/ { allow all; } + location / { return 301 https://$host$request_uri; } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ mastodon_host }}; + + ssl_protocols TLSv1.2; + ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + +{% if disable_letsencrypt != "true" %} + ssl_certificate /etc/letsencrypt/live/{{ mastodon_host }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_host }}/privkey.pem; +{% endif %} + + keepalive_timeout 70; + sendfile on; + client_max_body_size 8m; + + root {{ mastodon_home }}/{{ mastodon_path }}/public; + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + +{% if disable_hsts == "true" %} + add_header Strict-Transport-Security "max-age=31536000"; +{% endif %} + + location / { + try_files $uri @proxy; + } + + location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { + add_header Cache-Control "public, max-age=31536000, immutable"; + try_files $uri @proxy; + } + + location /sw.js { + add_header Cache-Control "public, max-age=0"; + try_files $uri @proxy; + } + + location @proxy { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; + proxy_pass_header Server; + + proxy_pass http://127.0.0.1:3000; + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + tcp_nodelay on; + } + + location /api/v1/streaming { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; + + proxy_pass http://127.0.0.1:4000; + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + tcp_nodelay on; + } + + error_page 500 501 502 503 504 /500.html; +} \ No newline at end of file diff --git a/roles/mastodon/vars/debian.yml b/roles/mastodon/vars/debian.yml new file mode 100644 index 0000000..da091ae --- /dev/null +++ b/roles/mastodon/vars/debian.yml @@ -0,0 +1,33 @@ +mastodon_db_login_unix_socket: '/var/run/postgresql' + +packages: + - package: "autoconf" + - package: "bison" + - package: "build-essential" + - package: "curl" + - package: "cron" + - package: "ffmpeg" + - package: "file" + - package: "g++" + - package: "gcc" + - package: "git" + - package: "imagemagick" + - package: "libffi-dev" + - package: "libgdbm-dev" + - package: "libicu-dev" + - package: "libidn11-dev" + - package: "libncurses5-dev" + - package: "libpq-dev" + - package: "libprotobuf-dev" + - package: "libreadline-dev" + - package: "libssl-dev" + - package: "libxml2-dev" + - package: "libxslt1-dev" + - package: "libyaml-dev" + - package: "nodejs" + - package: "pkg-config" + - package: "protobuf-compiler" + - package: "sudo" + - package: "systemd" + - package: "yarn" + - package: "zlib1g-dev" \ No newline at end of file diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml new file mode 100644 index 0000000..d6fdbc5 --- /dev/null +++ b/roles/mastodon/vars/main.yml @@ -0,0 +1,20 @@ +webserver: True +nginx: True +database: True +postgres: True +redis: True + +ruby_version: "2.7.4" +rbenv_version: "v1.1.2" +ruby_build_version: "v20210707" +bundler_version: "2.1.4" +node_major_version: "12" +os_family: "{{ ansible_os_family|lower }}" +mastodon_user: "mastodon" +mastodon_home: "/home/{{ mastodon_user }}" +mastodon_db_user: "{{ mastodon_user }}" +mastodon_path: "live" +mastodon_db: "{{ mastodon_user }}_development" +mastodon_db_port: 5432 +disable_hsts: "false" +disable_letsencrypt: "false" \ No newline at end of file From 0662d89915e4bd6b5973cfa6170e76695016d9dd Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 15:46:47 +0100 Subject: [PATCH 02/72] added host --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index e99202c..cad0a73 100644 --- a/hosts +++ b/hosts @@ -32,6 +32,7 @@ coruscant.universe.local mail.mewissen.site [mastodon] +mewitoot.de ubuntu-test [mobile] From e0d20643d7a41ecb00ab6e9b22a4646373f0269d Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 16:42:05 +0100 Subject: [PATCH 03/72] added a var --- host_vars/mewitoot.de.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/host_vars/mewitoot.de.yml b/host_vars/mewitoot.de.yml index 6e0837e..69f59fa 100644 --- a/host_vars/mewitoot.de.yml +++ b/host_vars/mewitoot.de.yml @@ -1,5 +1,6 @@ --- branch: master +hostname: mewitoot.de ansible_cron_minute: "40" ssh_port: 22 From 166789c90c88d944714aaf9df9f61f4dd39b3ca5 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 15:02:51 +0100 Subject: [PATCH 04/72] ignore errors on vars --- roles/base/tasks/main.yml | 1 + roles/server/tasks/main.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index c52d70a..5a683f9 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -1,6 +1,7 @@ # Load distro-specific variables - include_vars: "{{ ansible_distribution }}.yml" tags: always + ignore_errors: True - block: - debug: diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index 98fc940..c6faab6 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -2,7 +2,9 @@ # Load distro specific variables - include_vars: "{{ ansible_distribution }}.yml" tags: always + ignore_errors: True - include_vars: "{{ ansible_fqdn }}.yml" + ignore_errors: True - block: - include_tasks: system_setup/hosts.yml From 15e0bc8b1e0f5092b419480ed0f3fac5384c7a9e Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 15:25:26 +0100 Subject: [PATCH 05/72] need some python packages --- roles/base/tasks/software/packages_utilities.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/base/tasks/software/packages_utilities.yml b/roles/base/tasks/software/packages_utilities.yml index 9124200..a7f1001 100644 --- a/roles/base/tasks/software/packages_utilities.yml +++ b/roles/base/tasks/software/packages_utilities.yml @@ -19,7 +19,8 @@ - vifm - "{{ vim_package }}" - wget - - unattended-updates + - unattended-upgrades + - python3-netaddr - name: system setup | utilities | install utilities (arch) tags: packages,system,system setup From 6f728fb9ae8ae56fd11c430d666fe8f7923c841b Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 15:31:00 +0100 Subject: [PATCH 06/72] wireguard may fail --- roles/server/tasks/utilities/wireguard.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/server/tasks/utilities/wireguard.yml b/roles/server/tasks/utilities/wireguard.yml index 431ba7b..cf587ba 100644 --- a/roles/server/tasks/utilities/wireguard.yml +++ b/roles/server/tasks/utilities/wireguard.yml @@ -44,4 +44,5 @@ service: name: "wg-quick@VPN" enabled: true - when: wireguard.stdout == "" \ No newline at end of file + when: wireguard.stdout == "" + ignore_errors: True \ No newline at end of file From 7ee8738ab1187a6f3b959ff796713315fdd3cb5b Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 15:35:23 +0100 Subject: [PATCH 07/72] ignore errors on git fail --- roles/base/tasks/users/root.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/base/tasks/users/root.yml b/roles/base/tasks/users/root.yml index 64239a5..42dc33d 100644 --- a/roles/base/tasks/users/root.yml +++ b/roles/base/tasks/users/root.yml @@ -54,6 +54,7 @@ repo: 'ssh://git@gitlab.social.my-wan.de:22422/rene/root-bin.git' dest: "{{ root_home }}/bin" key_file: '/root/.ssh/gitlab_read_ed25519' + ignore_errors: True # - name: users | root | link dotfiles # become: yes From d228f966a411c54912a640ba59bce8ade846783f Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 17:36:23 +0100 Subject: [PATCH 08/72] enabled role mastodon --- local.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/local.yml b/local.yml index 7b02b55..19de3d4 100644 --- a/local.yml +++ b/local.yml @@ -72,6 +72,12 @@ # roles: # - fileserver +- hosts: mastodon + tags: server,mastodon + become: true + roles: + - mastodon + - hosts: nameserver tags: server,nameserver become: true From 3ff368fb297fca975c967143354396c28ee5a3aa Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 17:45:50 +0100 Subject: [PATCH 09/72] vars --- .../mastodon/vars/{debian.yml => Debian.yml} | 0 roles/mastodon/vars/Ubuntu.yml | 33 +++++++++++++++++++ 2 files changed, 33 insertions(+) rename roles/mastodon/vars/{debian.yml => Debian.yml} (100%) create mode 100644 roles/mastodon/vars/Ubuntu.yml diff --git a/roles/mastodon/vars/debian.yml b/roles/mastodon/vars/Debian.yml similarity index 100% rename from roles/mastodon/vars/debian.yml rename to roles/mastodon/vars/Debian.yml diff --git a/roles/mastodon/vars/Ubuntu.yml b/roles/mastodon/vars/Ubuntu.yml new file mode 100644 index 0000000..da091ae --- /dev/null +++ b/roles/mastodon/vars/Ubuntu.yml @@ -0,0 +1,33 @@ +mastodon_db_login_unix_socket: '/var/run/postgresql' + +packages: + - package: "autoconf" + - package: "bison" + - package: "build-essential" + - package: "curl" + - package: "cron" + - package: "ffmpeg" + - package: "file" + - package: "g++" + - package: "gcc" + - package: "git" + - package: "imagemagick" + - package: "libffi-dev" + - package: "libgdbm-dev" + - package: "libicu-dev" + - package: "libidn11-dev" + - package: "libncurses5-dev" + - package: "libpq-dev" + - package: "libprotobuf-dev" + - package: "libreadline-dev" + - package: "libssl-dev" + - package: "libxml2-dev" + - package: "libxslt1-dev" + - package: "libyaml-dev" + - package: "nodejs" + - package: "pkg-config" + - package: "protobuf-compiler" + - package: "sudo" + - package: "systemd" + - package: "yarn" + - package: "zlib1g-dev" \ No newline at end of file From 98b189a3bfab2c1070121c7f4ce177352d5af4b6 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 17:50:52 +0100 Subject: [PATCH 10/72] removed unneeded task --- roles/mastodon/tasks/system_setup/prepare_packagemanager.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/mastodon/tasks/system_setup/prepare_packagemanager.yml b/roles/mastodon/tasks/system_setup/prepare_packagemanager.yml index 9259065..ae018b4 100644 --- a/roles/mastodon/tasks/system_setup/prepare_packagemanager.yml +++ b/roles/mastodon/tasks/system_setup/prepare_packagemanager.yml @@ -1,5 +1,3 @@ -- name: mastodon | package manager | get nodejs prepare script - - name: mastodon | package manager | add gpg keys apt_key: id: "{{ item.id }}" From 2f5d6927d5abb1c70f16e23be33a385ac724bb68 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 18:02:09 +0100 Subject: [PATCH 11/72] no mysql for mastodon --- roles/mastodon/vars/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml index d6fdbc5..3fb39d4 100644 --- a/roles/mastodon/vars/main.yml +++ b/roles/mastodon/vars/main.yml @@ -2,6 +2,7 @@ webserver: True nginx: True database: True postgres: True +mysql: False redis: True ruby_version: "2.7.4" From 48a3ac262f9789bc2b472735649db21b69b449d1 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 18:45:52 +0100 Subject: [PATCH 12/72] added debugging --- roles/mastodon/tasks/main.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 4d071ad..83fc536 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -7,11 +7,14 @@ - include_tasks: system_setup/prepare_packagemanager.yml -- include_role: name=database -- include_tasks: system_setup/prepare_database.yml -- include_role: name=webserver -- include_tasks: system_setup/nginx.yml -- include_tasks: system_setup/user.yml -- include_tasks: system_setup/ruby.yml -- include_tasks: system_setup/mastodon.yml -- include_tasks: system_setup/letsencrypt.yml \ No newline at end of file +- block: + - debug: + msg: "mysql: {{ mysql }}" + - include_role: name=database + - include_tasks: system_setup/prepare_database.yml + - include_role: name=webserver + - include_tasks: system_setup/nginx.yml + - include_tasks: system_setup/user.yml + - include_tasks: system_setup/ruby.yml + - include_tasks: system_setup/mastodon.yml + - include_tasks: system_setup/letsencrypt.yml \ No newline at end of file From 1739888d27bde3170a7ed52ff6887dbdc80606f1 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 19:14:12 +0100 Subject: [PATCH 13/72] added debugging --- roles/database/tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index ceab30e..2976423 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -4,10 +4,12 @@ - block: - debug: - msg: Debug + msg: "mysql: {{ mysql }}" # install software - import_tasks: install_mysql.yml - when: mysql == true + when: + - mysql is defined + - mysql == true - import_tasks: install_postgres.yml when: postgres == true - import_tasks: install_redis.yml From cf42c917a4db73c2b33b4cd98efc5ca812baf64f Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 20:08:51 +0100 Subject: [PATCH 14/72] added file --- roles/database/tasks/install_mysql.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 roles/database/tasks/install_mysql.yml diff --git a/roles/database/tasks/install_mysql.yml b/roles/database/tasks/install_mysql.yml new file mode 100644 index 0000000..d972aaf --- /dev/null +++ b/roles/database/tasks/install_mysql.yml @@ -0,0 +1,2 @@ +- debug: + msg: "mysql: {{ mysql }}" \ No newline at end of file From cf2bc2097e3a251f6918c9b7b49b8513158f19e3 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 20:20:56 +0100 Subject: [PATCH 15/72] changed vars --- os_vars/debian.yml | 4 ++-- os_vars/ubuntu.yml | 4 ++-- roles/database/tasks/install_postgres.yml | 2 +- roles/database/tasks/install_redis.yml | 2 +- roles/database/tasks/main.yml | 3 ++- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/os_vars/debian.yml b/os_vars/debian.yml index fc36047..baad885 100644 --- a/os_vars/debian.yml +++ b/os_vars/debian.yml @@ -1,11 +1,11 @@ snmp-user: Debian-snmp -redis: +redis_pkgs: packages: - package: "redis-server" - package: "redis-tools" -postgres: +postgres_pkgs: packages: - package: "libpq-dev" - package: "postgresql" diff --git a/os_vars/ubuntu.yml b/os_vars/ubuntu.yml index fc36047..baad885 100644 --- a/os_vars/ubuntu.yml +++ b/os_vars/ubuntu.yml @@ -1,11 +1,11 @@ snmp-user: Debian-snmp -redis: +redis_pkgs: packages: - package: "redis-server" - package: "redis-tools" -postgres: +postgres_pkgs: packages: - package: "libpq-dev" - package: "postgresql" diff --git a/roles/database/tasks/install_postgres.yml b/roles/database/tasks/install_postgres.yml index 89caede..0d82df0 100644 --- a/roles/database/tasks/install_postgres.yml +++ b/roles/database/tasks/install_postgres.yml @@ -6,4 +6,4 @@ state: latest install_recommends: no become: yes - with_items: "{{ postgres.packages }}" \ No newline at end of file + with_items: "{{ postgres_pkgs.packages }}" \ No newline at end of file diff --git a/roles/database/tasks/install_redis.yml b/roles/database/tasks/install_redis.yml index eba148a..cd27d50 100644 --- a/roles/database/tasks/install_redis.yml +++ b/roles/database/tasks/install_redis.yml @@ -6,4 +6,4 @@ state: latest install_recommends: no become: yes - with_items: "{{ redis.packages }}" \ No newline at end of file + with_items: "{{ redis_pkgs.packages }}" \ No newline at end of file diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index 2976423..0b6d41c 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -1,6 +1,7 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution }}.yml" +- include_vars: "{{ ansible_distribution|lower }}.yml" tags: always + ignore_errors: True - block: - debug: From 09aad3b3e8008ae634af3d55e71fb481c0ae8dce Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 20:33:44 +0100 Subject: [PATCH 16/72] enable os_vars --- local.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/local.yml b/local.yml index 19de3d4..26f9857 100644 --- a/local.yml +++ b/local.yml @@ -3,6 +3,8 @@ handlers: - import_tasks: global_handlers/global_handlers.yml connection: local + vars: + - import_vars: "os_vars/{{ ansible_distribution | lower }}.yml" become: true pre_tasks: From 0f701ff01d0d5a6fb531e5606dc288c12921834c Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 20:38:16 +0100 Subject: [PATCH 17/72] enable os_vars --- local.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/local.yml b/local.yml index 26f9857..5f5fdc1 100644 --- a/local.yml +++ b/local.yml @@ -3,8 +3,8 @@ handlers: - import_tasks: global_handlers/global_handlers.yml connection: local - vars: - - import_vars: "os_vars/{{ ansible_distribution | lower }}.yml" + vars_files: + - "os_vars/{{ ansible_distribution | lower }}.yml" become: true pre_tasks: From a94ddcac19259790d35157ba89f035b3b657207a Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 20:41:10 +0100 Subject: [PATCH 18/72] vars --- roles/database/vars/debian.yml | 12 ++++++++++++ roles/database/vars/ubuntu.yml | 12 ++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 roles/database/vars/debian.yml create mode 100644 roles/database/vars/ubuntu.yml diff --git a/roles/database/vars/debian.yml b/roles/database/vars/debian.yml new file mode 100644 index 0000000..1f75b2f --- /dev/null +++ b/roles/database/vars/debian.yml @@ -0,0 +1,12 @@ +redis_pkgs: + packages: + - package: "redis-server" + - package: "redis-tools" + +postgres_pkgs: + packages: + - package: "libpq-dev" + - package: "postgresql" + - package: "postgresql-contrib" + - package: "python3-psycopg2" + - package: "sudo" \ No newline at end of file diff --git a/roles/database/vars/ubuntu.yml b/roles/database/vars/ubuntu.yml new file mode 100644 index 0000000..1f75b2f --- /dev/null +++ b/roles/database/vars/ubuntu.yml @@ -0,0 +1,12 @@ +redis_pkgs: + packages: + - package: "redis-server" + - package: "redis-tools" + +postgres_pkgs: + packages: + - package: "libpq-dev" + - package: "postgresql" + - package: "postgresql-contrib" + - package: "python3-psycopg2" + - package: "sudo" \ No newline at end of file From c106a6138b7c16f26582814affd5f94c2ded92e4 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 15 Mar 2022 15:40:40 +0100 Subject: [PATCH 19/72] wireguard only if primary ip is public --- roles/server/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index c6faab6..d64cece 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -16,6 +16,8 @@ when: - wireguard is defined - wireguard == true + - ansible_default_ipv4.address | ipaddr('public') + ignore_errors: True - include_tasks: system_setup/cron.yml - include_role: name: base From 22b95053ce9286325b238af28a47b07a0f731615 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 09:58:40 +0100 Subject: [PATCH 20/72] faulty replacement corrcted --- roles/mastodon/tasks/system_setup/prepare_database.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/mastodon/tasks/system_setup/prepare_database.yml b/roles/mastodon/tasks/system_setup/prepare_database.yml index c4c15ae..84b0901 100644 --- a/roles/mastodon/tasks/system_setup/prepare_database.yml +++ b/roles/mastodon/tasks/system_setup/prepare_database.yml @@ -1,6 +1,6 @@ - name: mastodon | postgres | Create database {{ mastodon_db }} postgresql_db: - name: mastodon | postgres | "{{ mastodon_db }}" + name: "{{ mastodon_db }}" login_host: "{{ mastodon_db_login_host }}" login_password: "{{ mastodon_db_login_password }}" login_user: "{{ mastodon_db_login_user }}" @@ -15,7 +15,7 @@ - name: mastodon | postgres | Create database user {{ mastodon_db_user }} postgresql_user: db: "{{ mastodon_db }}" - name: mastodon | postgres | "{{ mastodon_db_user }}" + name: "{{ mastodon_db_user }}" password: "{{ mastodon_db_password }}" login_host: "{{ mastodon_db_login_host }}" login_password: "{{ mastodon_db_login_password }}" @@ -31,7 +31,7 @@ - name: mastodon | postgres | Create database {{ mastodon_db }} postgresql_db: - name: mastodon | postgres | "{{ mastodon_db }}" + name: "{{ mastodon_db }}" login_unix_socket: "{{ mastodon_db_login_unix_socket }}" register: create_local_db when: create_remote_db is skipped @@ -39,7 +39,7 @@ - name: mastodon | postgres | Create database user {{ mastodon_db_user }} postgresql_user: db: "{{ mastodon_db }}" - name: mastodon | postgres | "{{ mastodon_db_user }}" + name: "{{ mastodon_db_user }}" password: "{{ mastodon_db_password }}" encrypted: yes login_unix_socket: "{{ mastodon_db_login_unix_socket }}" From 4048e2c997eb06a556b84c7b9bd39c25f49a6e2d Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 10:02:39 +0100 Subject: [PATCH 21/72] become postgres to setup db --- roles/mastodon/tasks/system_setup/prepare_database.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/mastodon/tasks/system_setup/prepare_database.yml b/roles/mastodon/tasks/system_setup/prepare_database.yml index 84b0901..c5bf567 100644 --- a/roles/mastodon/tasks/system_setup/prepare_database.yml +++ b/roles/mastodon/tasks/system_setup/prepare_database.yml @@ -34,6 +34,8 @@ name: "{{ mastodon_db }}" login_unix_socket: "{{ mastodon_db_login_unix_socket }}" register: create_local_db + become: true + become_user: postgres when: create_remote_db is skipped - name: mastodon | postgres | Create database user {{ mastodon_db_user }} @@ -44,4 +46,6 @@ encrypted: yes login_unix_socket: "{{ mastodon_db_login_unix_socket }}" role_attr_flags: CREATEDB + become: true + become_user: postgres when: create_remote_db_user is skipped \ No newline at end of file From 4ed0b881dad7b9e03feb816f5c31edea6eacb3ba Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 10:06:52 +0100 Subject: [PATCH 22/72] quotes --- roles/mastodon/tasks/system_setup/prepare_database.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mastodon/tasks/system_setup/prepare_database.yml b/roles/mastodon/tasks/system_setup/prepare_database.yml index c5bf567..0667b2b 100644 --- a/roles/mastodon/tasks/system_setup/prepare_database.yml +++ b/roles/mastodon/tasks/system_setup/prepare_database.yml @@ -35,7 +35,7 @@ login_unix_socket: "{{ mastodon_db_login_unix_socket }}" register: create_local_db become: true - become_user: postgres + become_user: "postgres" when: create_remote_db is skipped - name: mastodon | postgres | Create database user {{ mastodon_db_user }} @@ -47,5 +47,5 @@ login_unix_socket: "{{ mastodon_db_login_unix_socket }}" role_attr_flags: CREATEDB become: true - become_user: postgres + become_user: "postgres" when: create_remote_db_user is skipped \ No newline at end of file From ee16c0c56feb57a29c3f6ac7baba11cf5ed8db20 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 10:48:17 +0100 Subject: [PATCH 23/72] empty password if var not set --- roles/mastodon/tasks/system_setup/prepare_database.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mastodon/tasks/system_setup/prepare_database.yml b/roles/mastodon/tasks/system_setup/prepare_database.yml index 0667b2b..ee7e79f 100644 --- a/roles/mastodon/tasks/system_setup/prepare_database.yml +++ b/roles/mastodon/tasks/system_setup/prepare_database.yml @@ -42,7 +42,7 @@ postgresql_user: db: "{{ mastodon_db }}" name: "{{ mastodon_db_user }}" - password: "{{ mastodon_db_password }}" + password: "{{ mastodon_db_password | default('') }}" encrypted: yes login_unix_socket: "{{ mastodon_db_login_unix_socket }}" role_attr_flags: CREATEDB From 1168c5a0edf7ea78f0c4aec9e005b51d2b4feea3 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 11:00:21 +0100 Subject: [PATCH 24/72] included task to install needed packages --- roles/mastodon/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 83fc536..3b37433 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -13,6 +13,7 @@ - include_role: name=database - include_tasks: system_setup/prepare_database.yml - include_role: name=webserver + - include_tasks: system_setup/packages.yml - include_tasks: system_setup/nginx.yml - include_tasks: system_setup/user.yml - include_tasks: system_setup/ruby.yml From 37c69565e49fae71ce1b0243fa6900827b315f14 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 11:23:08 +0100 Subject: [PATCH 25/72] changed path and link --- roles/mastodon/tasks/system_setup/packages.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mastodon/tasks/system_setup/packages.yml b/roles/mastodon/tasks/system_setup/packages.yml index 8927e74..efccfa5 100644 --- a/roles/mastodon/tasks/system_setup/packages.yml +++ b/roles/mastodon/tasks/system_setup/packages.yml @@ -12,5 +12,5 @@ - name: mastodon | nodejs alternative alternatives: name: node - link: /usr/bin/node - path: /usr/bin/nodejs \ No newline at end of file + path: /usr/bin/node + link: /usr/bin/nodejs \ No newline at end of file From 962885e859331045ee696e0422f22a316eeab2b6 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 12:17:43 +0100 Subject: [PATCH 26/72] updated version numbers --- roles/mastodon/vars/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml index 3fb39d4..93f5a81 100644 --- a/roles/mastodon/vars/main.yml +++ b/roles/mastodon/vars/main.yml @@ -5,8 +5,8 @@ postgres: True mysql: False redis: True -ruby_version: "2.7.4" -rbenv_version: "v1.1.2" +ruby_version: "3.0.3" +rbenv_version: "v3.0.3" ruby_build_version: "v20210707" bundler_version: "2.1.4" node_major_version: "12" From da97367f12b2494e8b785ee86619a3e299d6d685 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 13:56:58 +0100 Subject: [PATCH 27/72] updated version numbers --- roles/mastodon/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml index 93f5a81..9e32375 100644 --- a/roles/mastodon/vars/main.yml +++ b/roles/mastodon/vars/main.yml @@ -6,7 +6,7 @@ mysql: False redis: True ruby_version: "3.0.3" -rbenv_version: "v3.0.3" +rbenv_version: "v2.7.2" ruby_build_version: "v20210707" bundler_version: "2.1.4" node_major_version: "12" From 8341a2d1e5289cbe07259c2b2f414bff8333e02a Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 15:28:45 +0100 Subject: [PATCH 28/72] updated version numbers --- roles/mastodon/vars/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mastodon/vars/main.yml b/roles/mastodon/vars/main.yml index 9e32375..e3c141e 100644 --- a/roles/mastodon/vars/main.yml +++ b/roles/mastodon/vars/main.yml @@ -6,8 +6,8 @@ mysql: False redis: True ruby_version: "3.0.3" -rbenv_version: "v2.7.2" -ruby_build_version: "v20210707" +rbenv_version: "v1.2.0" +ruby_build_version: "v20220218" bundler_version: "2.1.4" node_major_version: "12" os_family: "{{ ansible_os_family|lower }}" From 74c6b401631fe5f18737487f2040e0ac09c6d2d7 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 16:53:12 +0100 Subject: [PATCH 29/72] added an empty line for better readability --- roles/mastodon/tasks/system_setup/ruby.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/mastodon/tasks/system_setup/ruby.yml b/roles/mastodon/tasks/system_setup/ruby.yml index 2ee869a..1202a1f 100644 --- a/roles/mastodon/tasks/system_setup/ruby.yml +++ b/roles/mastodon/tasks/system_setup/ruby.yml @@ -32,6 +32,7 @@ content: | export PATH="~/.rbenv/bin:${PATH}" eval "$(rbenv init -)" + - name: mastodon | Check if the Ruby version is already installed shell: "~/.rbenv/bin/rbenv versions | grep -q {{ ruby_version }}" register: ruby_installed From 1dce266e8d38dceb1357d6008a3bed67e8efcd19 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 16 Mar 2022 16:53:45 +0100 Subject: [PATCH 30/72] copy nginx config nevertheles if cert is present --- roles/mastodon/tasks/system_setup/letsencrypt.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/roles/mastodon/tasks/system_setup/letsencrypt.yml b/roles/mastodon/tasks/system_setup/letsencrypt.yml index 6a3444b..9de2003 100644 --- a/roles/mastodon/tasks/system_setup/letsencrypt.yml +++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml @@ -1,25 +1,23 @@ --- -- stat: path=/etc/letsencrypt/live/{{ mastodon_host }}/fullchain.pem +- stat: path=/etc/letsencrypt/live/{{ mastodon_host | default({{ ansible_fqdn }}) }}/fullchain.pem register: letsencrypt_cert - name: Copy letsencrypt nginx config template: src: ../files/nginx/letsencrypt.conf.j2 dest: /etc/nginx/sites-available/mastodon.conf - when: not letsencrypt_cert.stat.exists - name: Symlink enabled site file: src: "/etc/nginx/sites-available/mastodon.conf" dest: "/etc/nginx/sites-enabled/mastodon.conf" state: link - when: not letsencrypt_cert.stat.exists - name: Reload nginx command: "systemctl reload nginx" - name: Install letsencrypt cert - command: letsencrypt certonly -n --webroot -d {{ mastodon_host }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host }}" --agree-tos && systemctl reload nginx + command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default({{ ansible_fqdn }}) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default({{ ansible_fqdn }}) }}" --agree-tos && systemctl reload nginx when: not letsencrypt_cert.stat.exists - name: Letsencrypt Job From 98c877a8ce1c3e8553222b3af0caada06e33df07 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 17 Mar 2022 09:48:29 +0100 Subject: [PATCH 31/72] quoting --- roles/mastodon/tasks/system_setup/letsencrypt.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/mastodon/tasks/system_setup/letsencrypt.yml b/roles/mastodon/tasks/system_setup/letsencrypt.yml index 9de2003..069e2a2 100644 --- a/roles/mastodon/tasks/system_setup/letsencrypt.yml +++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml @@ -1,5 +1,5 @@ --- -- stat: path=/etc/letsencrypt/live/{{ mastodon_host | default({{ ansible_fqdn }}) }}/fullchain.pem +- stat: path=/etc/letsencrypt/live/{{ mastodon_host | default('{{ ansible_fqdn }}') }}/fullchain.pem register: letsencrypt_cert - name: Copy letsencrypt nginx config @@ -17,7 +17,7 @@ command: "systemctl reload nginx" - name: Install letsencrypt cert - command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default({{ ansible_fqdn }}) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default({{ ansible_fqdn }}) }}" --agree-tos && systemctl reload nginx + command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default('{{ ansible_fqdn }}') }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default('{{ ansible_fqdn }}') }}" --agree-tos && systemctl reload nginx when: not letsencrypt_cert.stat.exists - name: Letsencrypt Job From 57f0333e8a73864d412bc4b119f0976210f2c413 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 17 Mar 2022 10:44:48 +0100 Subject: [PATCH 32/72] changed template source --- roles/mastodon/tasks/system_setup/letsencrypt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mastodon/tasks/system_setup/letsencrypt.yml b/roles/mastodon/tasks/system_setup/letsencrypt.yml index 069e2a2..67b6ae8 100644 --- a/roles/mastodon/tasks/system_setup/letsencrypt.yml +++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml @@ -4,7 +4,7 @@ - name: Copy letsencrypt nginx config template: - src: ../files/nginx/letsencrypt.conf.j2 + src: mastodon.conf.j2 dest: /etc/nginx/sites-available/mastodon.conf - name: Symlink enabled site From 24a9487730ab64663dbd8614db9cb8b082b60eeb Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 17 Mar 2022 19:01:51 +0100 Subject: [PATCH 33/72] set defaults --- roles/mastodon/templates/mastodon.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/mastodon/templates/mastodon.conf.j2 b/roles/mastodon/templates/mastodon.conf.j2 index 5bb2931..f813d81 100644 --- a/roles/mastodon/templates/mastodon.conf.j2 +++ b/roles/mastodon/templates/mastodon.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { listen 80; listen [::]:80; - server_name {{ mastodon_host }}; + server_name {{ mastodon_host | default('{{ ansible_fqdn }}') }}; # Useful for Let's Encrypt location /.well-known/acme-challenge/ { allow all; } @@ -24,8 +24,8 @@ server { ssl_session_cache shared:SSL:10m; {% if disable_letsencrypt != "true" %} - ssl_certificate /etc/letsencrypt/live/{{ mastodon_host }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_host }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ mastodon_host | default('{{ ansible_fqdn }}') }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_host | default('{{ ansible_fqdn }}') }}/privkey.pem; {% endif %} keepalive_timeout 70; From 3c993a93cab522bb085a36db52ad24dd315d0873 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 17 Mar 2022 20:41:14 +0100 Subject: [PATCH 34/72] switch for snmpd interfaces --- roles/server/tasks/utilities/snmpd.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index c92c184..8b84b71 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -39,12 +39,21 @@ line: "rouser {{snmp_user }} authpriv" insertafter: "# SECTION: custom settings" -- name: server | snmpd | enable service on all interfaces +- name: server | snmpd | enable service on wireguard interface lineinfile: path: "/etc/snmp/snmpd.conf" regexp: "^agentaddress.*$" state: present line: "agentaddress 127.0.0.1,{{ wg_local_ip | ipaddr('address') }},[::1]" + when: wg_local_ip is defined + +- name: server | snmpd | enable service on all interfaces + lineinfile: + path: "/etc/snmp/snmpd.conf" + regexp: "^agentaddress.*$" + state: present + line: "agentaddress udp:161,udp6:[::1]:161" + when: wg_local_ip is not defined - name: server | snmpd start service service: From 74276140569fd639448a5db4f76e5a36e3e295ce Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 16:54:46 +0100 Subject: [PATCH 35/72] execute tasks as user mastodon --- roles/mastodon/tasks/main.yml | 4 ++++ roles/mastodon/tasks/system_setup/ruby.yml | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 3b37433..9bf6b1d 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -17,5 +17,9 @@ - include_tasks: system_setup/nginx.yml - include_tasks: system_setup/user.yml - include_tasks: system_setup/ruby.yml + become: true + become_user: "{{ mastodon_user }}" - include_tasks: system_setup/mastodon.yml + become: true + become_user: "{{ mastodon_user }}" - include_tasks: system_setup/letsencrypt.yml \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/ruby.yml b/roles/mastodon/tasks/system_setup/ruby.yml index 1202a1f..15608ec 100644 --- a/roles/mastodon/tasks/system_setup/ruby.yml +++ b/roles/mastodon/tasks/system_setup/ruby.yml @@ -27,8 +27,8 @@ when: rbenv_configure is succeeded - name: mastodon | Update profile settings - copy: - dest: "~/.bashrc" + blockinfile: + dest: "~/.profile" content: | export PATH="~/.rbenv/bin:${PATH}" eval "$(rbenv init -)" From 1fafdad7a38cc34b6576c76ac21edfbffe642040 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 17:01:33 +0100 Subject: [PATCH 36/72] execute tasks as user mastodon --- roles/mastodon/tasks/main.yml | 4 - .../mastodon/tasks/system_setup/mastodon.yml | 118 ++++++++---------- roles/mastodon/tasks/system_setup/ruby.yml | 102 +++++++-------- 3 files changed, 105 insertions(+), 119 deletions(-) diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 9bf6b1d..3b37433 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -17,9 +17,5 @@ - include_tasks: system_setup/nginx.yml - include_tasks: system_setup/user.yml - include_tasks: system_setup/ruby.yml - become: true - become_user: "{{ mastodon_user }}" - include_tasks: system_setup/mastodon.yml - become: true - become_user: "{{ mastodon_user }}" - include_tasks: system_setup/letsencrypt.yml \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/mastodon.yml b/roles/mastodon/tasks/system_setup/mastodon.yml index 2f25c4c..aad3d2c 100644 --- a/roles/mastodon/tasks/system_setup/mastodon.yml +++ b/roles/mastodon/tasks/system_setup/mastodon.yml @@ -1,100 +1,86 @@ -- name: Clone mastodon - git: - repo: "https://github.com/mastodon/mastodon.git" - dest: "{{ mastodon_home }}/{{mastodon_path}}" - clone: true +- block: + become: true + become_user: "{{ mastodon_user }}" -# - name: Update to latest version -# shell: "git fetch; git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)" -# args: -# chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + - name: Clone mastodon + git: + repo: "https://github.com/mastodon/mastodon.git" + dest: "{{ mastodon_home }}/{{mastodon_path}}" + clone: true -- name: Bundle install - shell: | - ~/.rbenv/shims/bundle config set --local deployment 'true' && \ - ~/.rbenv/shims/bundle config set --local without 'test' && \ - ~/.rbenv/shims/bundle config set --local with 'development' && \ - ~/.rbenv/shims/bundle install -j$(getconf _NPROCESSORS_ONLN) - args: - chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + # - name: Update to latest version + # shell: "git fetch; git checkout $(git tag -l | grep -v 'rc[1-9]*$' | sort -V | tail -n 1)" + # args: + # chdir: "{{ mastodon_home }}/{{ mastodon_path }}" -- name: Yarn install - command: yarn install --pure-lockfile - args: - chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + - name: Bundle install + shell: | + ~/.rbenv/shims/bundle config set --local deployment 'true' && \ + ~/.rbenv/shims/bundle config set --local without 'test' && \ + ~/.rbenv/shims/bundle config set --local with 'development' && \ + ~/.rbenv/shims/bundle install -j$(getconf _NPROCESSORS_ONLN) + args: + chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + + - name: Yarn install + command: yarn install --pure-lockfile + args: + chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + + - name: Media cleanup cronjob + cron: + name: "media cleanup" + minute: "15" + hour: "1" + job: '/bin/bash -c ''export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; cd {{ mastodon_home }}/{{ mastodon_path }} && RAILS_ENV=production ./bin/tootctl media remove''' + + - stat: path={{ mastodon_home }}/{{ mastodon_path }}/.env.production + register: production_config + + - name: Migrate database + shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:migrate" + args: + chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + when: production_config.stat.exists + + - name: Precompile assets + shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile" + args: + chdir: "{{ mastodon_home }}/{{ mastodon_path }}" + when: production_config.stat.exists - name: Install systemd sidekiq Service Files template: src: mastodon-sidekiq.service.j2 dest: /etc/systemd/system/mastodon-sidekiq.service - become: true - become_user: root - + - name: Install systemd web Service Files template: src: mastodon-web.service.j2 dest: /etc/systemd/system/mastodon-web.service - become: true - become_user: root - + - name: Install systemd streaming Service Files template: src: mastodon-streaming.service.j2 dest: /etc/systemd/system/mastodon-streaming.service - become: true - become_user: root - -- name: Media cleanup cronjob - cron: - name: "media cleanup" - minute: "15" - hour: "1" - job: '/bin/bash -c ''export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; cd {{ mastodon_home }}/{{ mastodon_path }} && RAILS_ENV=production ./bin/tootctl media remove''' - -- stat: path={{ mastodon_home }}/{{ mastodon_path }}/.env.production - register: production_config - -- name: Migrate database - shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails db:migrate" - args: - chdir: "{{ mastodon_home }}/{{ mastodon_path }}" - when: production_config.stat.exists - -- name: Precompile assets - shell: "RAILS_ENV=production ~/.rbenv/shims/bundle exec rails assets:precompile" - args: - chdir: "{{ mastodon_home }}/{{ mastodon_path }}" - when: production_config.stat.exists - + - name: Enable mastodon-web command: systemctl enable mastodon-web.service - become: true - become_user: root - name: Enable mastodon-streaming command: systemctl enable mastodon-streaming.service - become: true - become_user: root - name: Enable mastodon-sidekiq command: systemctl enable mastodon-sidekiq.service - become: true - become_user: root - name: Restart mastodon-web command: systemctl restart mastodon-web.service when: production_config.stat.exists - become: true - become_user: root - name: Restart mastodon-streaming command: systemctl restart mastodon-streaming.service when: production_config.stat.exists - become: true - become_user: root - + - name: Restart mastodon-sidekiq command: systemctl restart mastodon-sidekiq.service - when: production_config.stat.exists - become: true - become_user: root \ No newline at end of file + when: production_config.stat.exists \ No newline at end of file diff --git a/roles/mastodon/tasks/system_setup/ruby.yml b/roles/mastodon/tasks/system_setup/ruby.yml index 15608ec..3faa10f 100644 --- a/roles/mastodon/tasks/system_setup/ruby.yml +++ b/roles/mastodon/tasks/system_setup/ruby.yml @@ -1,58 +1,62 @@ --- -- name: mastodon | Clone rbenv - git: - repo: "https://github.com/rbenv/rbenv.git" - dest: "~/.rbenv" - clone: true - version: "{{ rbenv_version }}" +- block: + become: true + become_user: "{{ mastodon_user }}" -- name: mastodon | Clone ruby-build - git: - repo: "https://github.com/rbenv/ruby-build.git" - dest: "~/.rbenv/plugins/ruby-build" - clone: true - version: "{{ ruby_build_version }}" - register: ruby_build + - name: mastodon | Clone rbenv + git: + repo: "https://github.com/rbenv/rbenv.git" + dest: "~/.rbenv" + clone: true + version: "{{ rbenv_version }}" -- name: mastodon | Configure rbenv - command: ./configure - args: - chdir: "~/.rbenv/src" - register: rbenv_configure + - name: mastodon | Clone ruby-build + git: + repo: "https://github.com/rbenv/ruby-build.git" + dest: "~/.rbenv/plugins/ruby-build" + clone: true + version: "{{ ruby_build_version }}" + register: ruby_build -- name: mastodon | Build rbenv - command: make - args: - chdir: "~/.rbenv/src" - when: rbenv_configure is succeeded + - name: mastodon | Configure rbenv + command: ./configure + args: + chdir: "~/.rbenv/src" + register: rbenv_configure -- name: mastodon | Update profile settings - blockinfile: - dest: "~/.profile" - content: | - export PATH="~/.rbenv/bin:${PATH}" - eval "$(rbenv init -)" + - name: mastodon | Build rbenv + command: make + args: + chdir: "~/.rbenv/src" + when: rbenv_configure is succeeded -- name: mastodon | Check if the Ruby version is already installed - shell: "~/.rbenv/bin/rbenv versions | grep -q {{ ruby_version }}" - register: ruby_installed - ignore_errors: yes - check_mode: no + - name: mastodon | Update profile settings + blockinfile: + dest: "~/.profile" + content: | + export PATH="~/.rbenv/bin:${PATH}" + eval "$(rbenv init -)" -- name: mastodon | Install Ruby {{ ruby_version }} - shell: "~/.rbenv/bin/rbenv install {{ ruby_version }}" - args: - executable: /bin/bash - when: ruby_installed is failed + - name: mastodon | Check if the Ruby version is already installed + shell: "~/.rbenv/bin/rbenv versions | grep -q {{ ruby_version }}" + register: ruby_installed + ignore_errors: yes + check_mode: no -- name: mastodon | Set the default Ruby version to {{ ruby_version }} - shell: "~/.rbenv/bin/rbenv global {{ ruby_version }}" - args: - executable: /bin/bash - register: default_ruby_version + - name: mastodon | Install Ruby {{ ruby_version }} + shell: "~/.rbenv/bin/rbenv install {{ ruby_version }}" + args: + executable: /bin/bash + when: ruby_installed is failed -- name: mastodon | Install bundler - shell: 'export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; gem install bundler:{{ bundler_version }}' - args: - executable: /bin/bash - when: default_ruby_version is succeeded \ No newline at end of file + - name: mastodon | Set the default Ruby version to {{ ruby_version }} + shell: "~/.rbenv/bin/rbenv global {{ ruby_version }}" + args: + executable: /bin/bash + register: default_ruby_version + + - name: mastodon | Install bundler + shell: 'export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; gem install bundler:{{ bundler_version }}' + args: + executable: /bin/bash + when: default_ruby_version is succeeded \ No newline at end of file From 0e43a09c96d8ffb613e46722bf399bbb70021c3c Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 17:11:38 +0100 Subject: [PATCH 37/72] reordered block statements --- roles/mastodon/tasks/system_setup/mastodon.yml | 6 +++--- roles/mastodon/tasks/system_setup/ruby.yml | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/mastodon/tasks/system_setup/mastodon.yml b/roles/mastodon/tasks/system_setup/mastodon.yml index aad3d2c..eb8835d 100644 --- a/roles/mastodon/tasks/system_setup/mastodon.yml +++ b/roles/mastodon/tasks/system_setup/mastodon.yml @@ -1,7 +1,4 @@ - block: - become: true - become_user: "{{ mastodon_user }}" - - name: Clone mastodon git: repo: "https://github.com/mastodon/mastodon.git" @@ -49,6 +46,9 @@ chdir: "{{ mastodon_home }}/{{ mastodon_path }}" when: production_config.stat.exists + become: true + become_user: "{{ mastodon_user }}" + - name: Install systemd sidekiq Service Files template: src: mastodon-sidekiq.service.j2 diff --git a/roles/mastodon/tasks/system_setup/ruby.yml b/roles/mastodon/tasks/system_setup/ruby.yml index 3faa10f..0ad29e7 100644 --- a/roles/mastodon/tasks/system_setup/ruby.yml +++ b/roles/mastodon/tasks/system_setup/ruby.yml @@ -1,8 +1,5 @@ --- - block: - become: true - become_user: "{{ mastodon_user }}" - - name: mastodon | Clone rbenv git: repo: "https://github.com/rbenv/rbenv.git" @@ -59,4 +56,7 @@ shell: 'export PATH="$HOME/.rbenv/bin:$PATH"; eval "$(rbenv init -)"; gem install bundler:{{ bundler_version }}' args: executable: /bin/bash - when: default_ruby_version is succeeded \ No newline at end of file + when: default_ruby_version is succeeded + + become: true + become_user: "{{ mastodon_user }}" \ No newline at end of file From 1c42aa9cfddb446a3440e5bb59e7a6f6f3255e66 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 17:48:51 +0100 Subject: [PATCH 38/72] copy despite the var --- roles/mastodon/tasks/system_setup/nginx.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/roles/mastodon/tasks/system_setup/nginx.yml b/roles/mastodon/tasks/system_setup/nginx.yml index 7eff427..9b8c309 100644 --- a/roles/mastodon/tasks/system_setup/nginx.yml +++ b/roles/mastodon/tasks/system_setup/nginx.yml @@ -2,10 +2,8 @@ - name: mastodon | Copy nginx config template: - src: ../files/nginx/mastodon.conf.j2 + src: mastodon.conf.j2 dest: /etc/nginx/sites-available/mastodon.conf - when: - - mastodon_host is defined notify: restart_nginx - name: mastodon | Symlink enabled site @@ -13,6 +11,4 @@ src: "/etc/nginx/sites-available/mastodon.conf" dest: "/etc/nginx/sites-enabled/mastodon.conf" state: link - when: - - mastodon_host is defined notify: restart_nginx \ No newline at end of file From 13ec4ea32c77079340e723cb98dda83dd36f6646 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 17:54:35 +0100 Subject: [PATCH 39/72] debug --- roles/mastodon/tasks/system_setup/nginx.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/mastodon/tasks/system_setup/nginx.yml b/roles/mastodon/tasks/system_setup/nginx.yml index 9b8c309..ca700d6 100644 --- a/roles/mastodon/tasks/system_setup/nginx.yml +++ b/roles/mastodon/tasks/system_setup/nginx.yml @@ -1,4 +1,6 @@ --- +- debug: + msg: "Hostname: {{ mastodon_host | default('{{ ansible_fqdn }}')" - name: mastodon | Copy nginx config template: From a99736ffd162c5bc1f65ee8e0faee3c33f5650d8 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 18:03:06 +0100 Subject: [PATCH 40/72] missing curly braces --- roles/mastodon/tasks/system_setup/nginx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mastodon/tasks/system_setup/nginx.yml b/roles/mastodon/tasks/system_setup/nginx.yml index ca700d6..9ceee71 100644 --- a/roles/mastodon/tasks/system_setup/nginx.yml +++ b/roles/mastodon/tasks/system_setup/nginx.yml @@ -1,6 +1,6 @@ --- - debug: - msg: "Hostname: {{ mastodon_host | default('{{ ansible_fqdn }}')" + msg: "Hostname: {{ mastodon_host | default('{{ ansible_fqdn }}') }}" - name: mastodon | Copy nginx config template: From 18f0ce341c594db5247bcd24407b6d79e6c474c1 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 18:30:39 +0100 Subject: [PATCH 41/72] debug --- roles/mastodon/tasks/system_setup/nginx.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mastodon/tasks/system_setup/nginx.yml b/roles/mastodon/tasks/system_setup/nginx.yml index 9ceee71..aa78741 100644 --- a/roles/mastodon/tasks/system_setup/nginx.yml +++ b/roles/mastodon/tasks/system_setup/nginx.yml @@ -1,6 +1,6 @@ --- - debug: - msg: "Hostname: {{ mastodon_host | default('{{ ansible_fqdn }}') }}" + msg: "Hostname: {{ mastodon_host | default({{ ansible_fqdn }}) }}" - name: mastodon | Copy nginx config template: From 50dd2691d5b5adf67dc595e0ef823b7ecb217185 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 18:53:30 +0100 Subject: [PATCH 42/72] correct use of default with variable --- roles/mastodon/tasks/system_setup/letsencrypt.yml | 4 ++-- roles/mastodon/tasks/system_setup/nginx.yml | 2 +- roles/mastodon/templates/mastodon.conf.j2 | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/mastodon/tasks/system_setup/letsencrypt.yml b/roles/mastodon/tasks/system_setup/letsencrypt.yml index 67b6ae8..a95574e 100644 --- a/roles/mastodon/tasks/system_setup/letsencrypt.yml +++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml @@ -1,5 +1,5 @@ --- -- stat: path=/etc/letsencrypt/live/{{ mastodon_host | default('{{ ansible_fqdn }}') }}/fullchain.pem +- stat: path=/etc/letsencrypt/live/{{ mastodon_host | default(ansible_fqdn) }}/fullchain.pem register: letsencrypt_cert - name: Copy letsencrypt nginx config @@ -17,7 +17,7 @@ command: "systemctl reload nginx" - name: Install letsencrypt cert - command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default('{{ ansible_fqdn }}') }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default('{{ ansible_fqdn }}') }}" --agree-tos && systemctl reload nginx + command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx when: not letsencrypt_cert.stat.exists - name: Letsencrypt Job diff --git a/roles/mastodon/tasks/system_setup/nginx.yml b/roles/mastodon/tasks/system_setup/nginx.yml index aa78741..f3d2a18 100644 --- a/roles/mastodon/tasks/system_setup/nginx.yml +++ b/roles/mastodon/tasks/system_setup/nginx.yml @@ -1,6 +1,6 @@ --- - debug: - msg: "Hostname: {{ mastodon_host | default({{ ansible_fqdn }}) }}" + msg: "Hostname: {{ mastodon_host | default(ansible_fqdn) }}" - name: mastodon | Copy nginx config template: diff --git a/roles/mastodon/templates/mastodon.conf.j2 b/roles/mastodon/templates/mastodon.conf.j2 index f813d81..a9c0bfd 100644 --- a/roles/mastodon/templates/mastodon.conf.j2 +++ b/roles/mastodon/templates/mastodon.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { listen 80; listen [::]:80; - server_name {{ mastodon_host | default('{{ ansible_fqdn }}') }}; + server_name {{ mastodon_host | default(ansible_fqdn') }}; # Useful for Let's Encrypt location /.well-known/acme-challenge/ { allow all; } @@ -24,8 +24,8 @@ server { ssl_session_cache shared:SSL:10m; {% if disable_letsencrypt != "true" %} - ssl_certificate /etc/letsencrypt/live/{{ mastodon_host | default('{{ ansible_fqdn }}') }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_host | default('{{ ansible_fqdn }}') }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ mastodon_host | default(ansible_fqdn) }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_host | default(ansible_fqdn) }}/privkey.pem; {% endif %} keepalive_timeout 70; From 4617d12c485aa00cc3ab53caa2a67985d1536775 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 19:04:40 +0100 Subject: [PATCH 43/72] overlooked a ' --- roles/mastodon/templates/mastodon.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mastodon/templates/mastodon.conf.j2 b/roles/mastodon/templates/mastodon.conf.j2 index a9c0bfd..19912c9 100644 --- a/roles/mastodon/templates/mastodon.conf.j2 +++ b/roles/mastodon/templates/mastodon.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { listen 80; listen [::]:80; - server_name {{ mastodon_host | default(ansible_fqdn') }}; + server_name {{ mastodon_host | default(ansible_fqdn) }}; # Useful for Let's Encrypt location /.well-known/acme-challenge/ { allow all; } From ae05c773ecf8d28e36d6e3fe13787befe40a79e7 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 18 Mar 2022 19:33:12 +0100 Subject: [PATCH 44/72] overlooked an appearance of {{ mastodon_host }} --- roles/mastodon/templates/mastodon.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mastodon/templates/mastodon.conf.j2 b/roles/mastodon/templates/mastodon.conf.j2 index 19912c9..234534b 100644 --- a/roles/mastodon/templates/mastodon.conf.j2 +++ b/roles/mastodon/templates/mastodon.conf.j2 @@ -16,7 +16,7 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name {{ mastodon_host }}; + server_name {{ mastodon_host | default(ansible_fqdn) }}; ssl_protocols TLSv1.2; ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; From 71f1be5e5fa64e1386678beb8728bce7825a5ca4 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 22 Mar 2022 16:44:10 +0100 Subject: [PATCH 45/72] snmpd --- roles/server/files/distro | 4 ++++ roles/server/tasks/utilities/snmpd.yml | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 roles/server/files/distro diff --git a/roles/server/files/distro b/roles/server/files/distro new file mode 100644 index 0000000..304aeb3 --- /dev/null +++ b/roles/server/files/distro @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +source /etc/os-release +echo "${PRETTY_NAME}" \ No newline at end of file diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index 8b84b71..b54fc3a 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -55,6 +55,24 @@ line: "agentaddress udp:161,udp6:[::1]:161" when: wg_local_ip is not defined +- name: server | snmpd | copy distro script + copy: + dest: "/etc/snmp/distro/" + src: "distro" + mode: "0755" + +- name: server | snmpd | configure extends + lineinfile: + path: "/etc/snmp/snmpd.conf" + state: present + line: "extend {{ item.service }} '{{ item.script }}'" + insertafter: "# SECTION: custom settings" + loop: + - { service: "distro", script: "sudo /etc/snmp/distro" } + - { service: "hardware", script: "/bin/cat /sys/devices/virtual/dmi/id/product_name" } + - { service: "manufacturer", script: "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor" } + - { service: "serial", script: "/bin/cat /sys/devices/virtual/dmi/id/product_serial" } + - name: server | snmpd start service service: name: "snmpd" From 4b8f39ae7fb3eb6b030d96978e307f88bfd356a5 Mon Sep 17 00:00:00 2001 From: rene Date: Tue, 22 Mar 2022 18:56:15 +0100 Subject: [PATCH 46/72] snmpd extends for postgres --- roles/database/tasks/configure_snmpd.yml | 45 +++++++++++++++++++ .../database/tasks/install_check_postgres.yml | 23 ++++++++++ 2 files changed, 68 insertions(+) create mode 100644 roles/database/tasks/configure_snmpd.yml create mode 100644 roles/database/tasks/install_check_postgres.yml diff --git a/roles/database/tasks/configure_snmpd.yml b/roles/database/tasks/configure_snmpd.yml new file mode 100644 index 0000000..f63ee55 --- /dev/null +++ b/roles/database/tasks/configure_snmpd.yml @@ -0,0 +1,45 @@ +- name: database | snmpd | get script + get_url: + url: "https://github.com/librenms/librenms-agent/raw/master/snmp/postgres" + dest: "/etc/snmp/postgres" + mode: "0755" + owner: "root" + group: "root" + when: postgres == true + +- include_tasks: install_check_postgres.yml + when: postgres == true + +- name: database | snmpd | get script + get_url: + url: "https://github.com/librenms/librenms-agent/raw/master/snmp/mysql" + dest: "/etc/snmp/mysql" + mode: "0755" + owner: "root" + group: "root" + when: mysql == true + +- name: database | snmpd | create configuration + template: + src: "mysql.cnf.j2" + dest: "/etc/snmp/mysql.cnf" + mode: "0644" + when: mysql == true + +- name: database | snmpd | configure extend + lineinfile: + path: "/etc/snmp/snmpd.conf" + state: present + line: "extend postgres /etc/snmp/postgres" + insertafter: "# SECTION: Extends" + notify: restart_snmpd + when: postgres == true + +- name: database | snmpd | configure extend + lineinfile: + path: "/etc/snmp/snmpd.conf" + state: present + line: "extend postgres /etc/snmp/postgres" + insertafter: "# SECTION: Extends" + notify: restart_snmpd + when: mysql == true \ No newline at end of file diff --git a/roles/database/tasks/install_check_postgres.yml b/roles/database/tasks/install_check_postgres.yml new file mode 100644 index 0000000..531da27 --- /dev/null +++ b/roles/database/tasks/install_check_postgres.yml @@ -0,0 +1,23 @@ +- name: database | snmpd | get script + git: + repo: "https://github.com/bucardo/check_postgres.git" + dest: "~/check_postgres" + +- name: database | snmpd | prepare script + command: + cmd: "perl Makefile.PL" + creates: "~/check_postgres/Makefile" + chdir: "~/check_postgres" + +- name: database | snmpd | build script + command: + cmd: "make" + chdir: "~/check_postgres" + creates: "~/check_postgres/pm_to_blib" + +- name: database | snmpd | install script + command: + cmd: "make install" + chdir: "~/check_postgres" + creates: "/usr/local/bin/check_postgres.pl" + become: true From ac7dd7ee87bc0ca42a6df94fc4c529982945d874 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 18:46:54 +0100 Subject: [PATCH 47/72] additional adjustments for postgres snmp extend --- roles/database/tasks/configure_snmpd.yml | 20 ++++++++++++++++++-- roles/server/files/sudoers | 1 + 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/roles/database/tasks/configure_snmpd.yml b/roles/database/tasks/configure_snmpd.yml index f63ee55..c76685d 100644 --- a/roles/database/tasks/configure_snmpd.yml +++ b/roles/database/tasks/configure_snmpd.yml @@ -6,6 +6,22 @@ owner: "root" group: "root" when: postgres == true + register: postgres_script + +- name: database | snmpd | modify script part 1 + lineinfile: + path: "/etc/snmp/postgres" + regexp: "^\$cpg -u $DBuser --action dbstats | awk -F ' ' '$" + state: present + line: "$cpg --action dbstats | awk -F ' ' '" + when: postgres_script.rc == 0 + +- name: database | snmpd | modify script part 2 + replace: + path: "/etc/snmp/postgres" + regexp: "\\:" + replace: ":" + when: postgres_script.rc == 0 - include_tasks: install_check_postgres.yml when: postgres == true @@ -30,7 +46,7 @@ lineinfile: path: "/etc/snmp/snmpd.conf" state: present - line: "extend postgres /etc/snmp/postgres" + line: "extend postgres /usr/bin/sudo -u postgres /etc/snmp/postgres" insertafter: "# SECTION: Extends" notify: restart_snmpd when: postgres == true @@ -39,7 +55,7 @@ lineinfile: path: "/etc/snmp/snmpd.conf" state: present - line: "extend postgres /etc/snmp/postgres" + line: "extend mysql /etc/snmp/mysql" insertafter: "# SECTION: Extends" notify: restart_snmpd when: mysql == true \ No newline at end of file diff --git a/roles/server/files/sudoers b/roles/server/files/sudoers index 0cee923..61e48ea 100644 --- a/roles/server/files/sudoers +++ b/roles/server/files/sudoers @@ -1 +1,2 @@ Debian-snmp ALL = NOPASSWD: /etc/snmp/bind, /etc/snmp/fail2ban, /etc/snmp/docker-stats.sh, /etc/snmp/mailcow-dockerized-postfix +Debian-snmp ALL = (postgres) NOPASSWD: /etc/snmp/postgres \ No newline at end of file From 110e026bae599da60261960a19a621e4e8a3e214 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 19:19:49 +0100 Subject: [PATCH 48/72] snmpd for bind --- ...nfigure_snmpd.yml => configure_bind_snmpd.yml} | 0 roles/nameserver/tasks/install_bind.yml | 2 +- roles/nameserver/tasks/main.yml | 15 +++++++++++++-- 3 files changed, 14 insertions(+), 3 deletions(-) rename roles/nameserver/tasks/{configure_snmpd.yml => configure_bind_snmpd.yml} (100%) diff --git a/roles/nameserver/tasks/configure_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml similarity index 100% rename from roles/nameserver/tasks/configure_snmpd.yml rename to roles/nameserver/tasks/configure_bind_snmpd.yml diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index bbf12d2..1ca7e9b 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -1,4 +1,4 @@ -- name: nameserver | install packages +- name: nameserver | bind | install packages package: name: "{{ bind_package }}" state: present \ No newline at end of file diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index bb124dd..927559e 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -9,9 +9,20 @@ # # import role # - import_role: # name: # required. The name of the role to be executed. + - block: + # install software + - include_tasks: install_bind.yml + - include_tasks: configure_bind_snmpd.yml + rescue: + - set_fact: task_failed=true + when: bind == true - # install software - - include_tasks: install_bind.yml + - block: + - include_tasks: install_unbound.yml + - include_tasks: configure_unbound.yml + rescue: + - set_fact: task_failed=true + when: unbound == true rescue: - set_fact: task_failed=true \ No newline at end of file From dda6706fe2fd4de45b5d536e402fdd8f666be90a Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 19:20:06 +0100 Subject: [PATCH 49/72] added unbound as nameserver software --- host_vars/mewimeet.de.yml | 2 ++ hosts | 1 + .../tasks/configure_unbound_snmpd.yml | 15 +++++++++++++++ roles/nameserver/tasks/install_unbound.yml | 12 ++++++++++++ .../templates/unbound_network.conf.j2 | 17 +++++++++++++++++ roles/nameserver/vars/Archlinux.yml | 1 + roles/nameserver/vars/Debian.yml | 1 + roles/nameserver/vars/Ubuntu.yml | 1 + 8 files changed, 50 insertions(+) create mode 100644 roles/nameserver/tasks/configure_unbound_snmpd.yml create mode 100644 roles/nameserver/tasks/install_unbound.yml create mode 100644 roles/nameserver/templates/unbound_network.conf.j2 diff --git a/host_vars/mewimeet.de.yml b/host_vars/mewimeet.de.yml index 5b673bb..9a23a8c 100644 --- a/host_vars/mewimeet.de.yml +++ b/host_vars/mewimeet.de.yml @@ -19,6 +19,8 @@ set_hosts: true unattended_upgrades: true web_server: true netdata: true +bind: true +unbound: true # VPN wireguard: true diff --git a/hosts b/hosts index cad0a73..09200e2 100644 --- a/hosts +++ b/hosts @@ -40,6 +40,7 @@ tuxedo-book-xp1511.universe.local [nameserver] coruscant.universe.local +mewimeet.de [photo_editing] endor.universe.local diff --git a/roles/nameserver/tasks/configure_unbound_snmpd.yml b/roles/nameserver/tasks/configure_unbound_snmpd.yml new file mode 100644 index 0000000..bde2052 --- /dev/null +++ b/roles/nameserver/tasks/configure_unbound_snmpd.yml @@ -0,0 +1,15 @@ +- name: nameserver | snmpd | get script + get_url: + url: "https://github.com/librenms/librenms-agent/raw/master/snmp/unbound" + dest: "/etc/snmp/unbound" + mode: "0755" + owner: "root" + group: "root" + +- name: nameserver | snmpd | configure extend + lineinfile: + path: "/etc/snmp/snmpd.conf" + state: present + line: "extend unbound /etc/snmp/unbound" + insertafter: "# SECTION: Extends" + notify: restart_snmpd \ No newline at end of file diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml new file mode 100644 index 0000000..cf80c65 --- /dev/null +++ b/roles/nameserver/tasks/install_unbound.yml @@ -0,0 +1,12 @@ +- name: nameserver | unbound | install packages + package: + name: "{{ unbound_package }}" + state: present + +- name: nameserver | unbound | copy config + template: + src: "unbound_network.conf.j2" + dest: "etc/unbound/unbound.conf.d/network.conf" + mode: "0644" + owner: "root" + group: "root" \ No newline at end of file diff --git a/roles/nameserver/templates/unbound_network.conf.j2 b/roles/nameserver/templates/unbound_network.conf.j2 new file mode 100644 index 0000000..0681c6b --- /dev/null +++ b/roles/nameserver/templates/unbound_network.conf.j2 @@ -0,0 +1,17 @@ +server: + ip-freebind: yes + interface: {{ wg_local_ip | ipaddr('address') }} + interface: 127.0.0.1 + interface: 127.0.0.53 + interface: ::1 + outgoing-interface: {{ ansible_default_ipv4.address }} + outgoing-interface: {{ ansible_default_ipv6.address }} + access-control: 192.168.1.0/24 allow + access-control: 192.168.3.0/24 allow + access-control: 172.16.0.0/24 allow + extended-statistics: yes + statistics-cumulative: yes + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 \ No newline at end of file diff --git a/roles/nameserver/vars/Archlinux.yml b/roles/nameserver/vars/Archlinux.yml index 81ec7ed..fdc6336 100644 --- a/roles/nameserver/vars/Archlinux.yml +++ b/roles/nameserver/vars/Archlinux.yml @@ -1,2 +1,3 @@ bind_package: bind +unbound_package: unbound perl_readbackwards: perl-file-readbackwards \ No newline at end of file diff --git a/roles/nameserver/vars/Debian.yml b/roles/nameserver/vars/Debian.yml index d6b249e..be7d2f2 100644 --- a/roles/nameserver/vars/Debian.yml +++ b/roles/nameserver/vars/Debian.yml @@ -1,2 +1,3 @@ bind_package: bind9 +unbound_package: unbound perl_readbackwards: libfile-readbackwards-perl \ No newline at end of file diff --git a/roles/nameserver/vars/Ubuntu.yml b/roles/nameserver/vars/Ubuntu.yml index d6b249e..be7d2f2 100644 --- a/roles/nameserver/vars/Ubuntu.yml +++ b/roles/nameserver/vars/Ubuntu.yml @@ -1,2 +1,3 @@ bind_package: bind9 +unbound_package: unbound perl_readbackwards: libfile-readbackwards-perl \ No newline at end of file From aa34d8e135365c4e554a9eaf84073fdf20654daa Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 19:23:11 +0100 Subject: [PATCH 50/72] added sudo command --- roles/nameserver/tasks/configure_unbound_snmpd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/configure_unbound_snmpd.yml b/roles/nameserver/tasks/configure_unbound_snmpd.yml index bde2052..d152264 100644 --- a/roles/nameserver/tasks/configure_unbound_snmpd.yml +++ b/roles/nameserver/tasks/configure_unbound_snmpd.yml @@ -10,6 +10,6 @@ lineinfile: path: "/etc/snmp/snmpd.conf" state: present - line: "extend unbound /etc/snmp/unbound" + line: "extend unbound /usr/bin/sudo /etc/snmp/unbound" insertafter: "# SECTION: Extends" notify: restart_snmpd \ No newline at end of file From 0789ea52bb3b1bce22ef5368ac57da35a5cbf8a8 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 19:27:59 +0100 Subject: [PATCH 51/72] corrected indentation for nesting --- roles/nameserver/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 927559e..7666243 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -15,14 +15,14 @@ - include_tasks: configure_bind_snmpd.yml rescue: - set_fact: task_failed=true - when: bind == true + when: bind == true - block: - include_tasks: install_unbound.yml - include_tasks: configure_unbound.yml rescue: - set_fact: task_failed=true - when: unbound == true + when: unbound == true rescue: - set_fact: task_failed=true \ No newline at end of file From 433f9f8a9c7cada58efe5d89569b880348007f57 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 19:33:39 +0100 Subject: [PATCH 52/72] needs an empty line at the end --- roles/server/files/sudoers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/server/files/sudoers b/roles/server/files/sudoers index 61e48ea..c666608 100644 --- a/roles/server/files/sudoers +++ b/roles/server/files/sudoers @@ -1,2 +1,2 @@ Debian-snmp ALL = NOPASSWD: /etc/snmp/bind, /etc/snmp/fail2ban, /etc/snmp/docker-stats.sh, /etc/snmp/mailcow-dockerized-postfix -Debian-snmp ALL = (postgres) NOPASSWD: /etc/snmp/postgres \ No newline at end of file +Debian-snmp ALL = (postgres) NOPASSWD: /etc/snmp/postgres From fc7edc1c469e6a0a891aa680e31649613dfeebe2 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 19:37:16 +0100 Subject: [PATCH 53/72] nested quoting --- roles/nameserver/tasks/configure_bind_snmpd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index 7c7587c..b62ef7a 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -30,7 +30,7 @@ lineinfile: path: "/etc/bind/named.conf.options" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). state: present - line: "statistics-file "/var/cache/bind/stats"; zone-statistics yes;" + line: 'statistics-file "/var/cache/bind/stats"; zone-statistics yes;' insertafter: "options {" validate: /usr/bin/named-checkconf %s notify: restart_named From 9b91483e9f59113cde1dd69410e0b12944216e1e Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 19:37:52 +0100 Subject: [PATCH 54/72] corrected path --- roles/nameserver/tasks/install_unbound.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml index cf80c65..2b405a5 100644 --- a/roles/nameserver/tasks/install_unbound.yml +++ b/roles/nameserver/tasks/install_unbound.yml @@ -6,7 +6,7 @@ - name: nameserver | unbound | copy config template: src: "unbound_network.conf.j2" - dest: "etc/unbound/unbound.conf.d/network.conf" + dest: "/etc/unbound/unbound.conf.d/network.conf" mode: "0644" owner: "root" group: "root" \ No newline at end of file From 738004280b4696f07f4a2c714c2430df18d09418 Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 19:41:27 +0100 Subject: [PATCH 55/72] corrected filenames and paths --- roles/nameserver/tasks/configure_bind_snmpd.yml | 2 +- roles/nameserver/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index b62ef7a..a795ef6 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -32,7 +32,7 @@ state: present line: 'statistics-file "/var/cache/bind/stats"; zone-statistics yes;' insertafter: "options {" - validate: /usr/bin/named-checkconf %s + validate: /usr/sbin/named-checkconf %s notify: restart_named - name: nameserver | snmpd | configure extend diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 7666243..83b8455 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -19,7 +19,7 @@ - block: - include_tasks: install_unbound.yml - - include_tasks: configure_unbound.yml + - include_tasks: configure_unbound_snmpd.yml rescue: - set_fact: task_failed=true when: unbound == true From 6b974c5633a040ee066353f79856a1f99c41ac5e Mon Sep 17 00:00:00 2001 From: rene Date: Wed, 23 Mar 2022 19:47:54 +0100 Subject: [PATCH 56/72] added handlers and corrected dest path --- roles/nameserver/handlers/main.yml | 5 +++++ roles/nameserver/tasks/install_unbound.yml | 3 ++- roles/server/tasks/utilities/snmpd.yml | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/nameserver/handlers/main.yml b/roles/nameserver/handlers/main.yml index 54ddee6..0c1fa07 100644 --- a/roles/nameserver/handlers/main.yml +++ b/roles/nameserver/handlers/main.yml @@ -6,4 +6,9 @@ - name: restart_snmpd service: name: "snmpd" + state: restarted + +- name: restart_unbound + service: + name: "unbound" state: restarted \ No newline at end of file diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml index 2b405a5..e6b8020 100644 --- a/roles/nameserver/tasks/install_unbound.yml +++ b/roles/nameserver/tasks/install_unbound.yml @@ -9,4 +9,5 @@ dest: "/etc/unbound/unbound.conf.d/network.conf" mode: "0644" owner: "root" - group: "root" \ No newline at end of file + group: "root" + notify: restart_unbound \ No newline at end of file diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index b54fc3a..8eba7af 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -57,7 +57,7 @@ - name: server | snmpd | copy distro script copy: - dest: "/etc/snmp/distro/" + dest: "/etc/snmp/distro" src: "distro" mode: "0755" From 45652aebe3d228459542467dee4966f9e7517fbc Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 11:50:54 +0100 Subject: [PATCH 57/72] deactivate systemd-resolved and replaced paths with global vars --- groups_vars/all | 1 + roles/database/tasks/configure_snmpd.yml | 4 ++-- .../nameserver/tasks/configure_bind_snmpd.yml | 6 ++--- .../tasks/configure_unbound_snmpd.yml | 2 +- .../tasks/disable-systemd-resolved.yml | 22 +++++++++++++++++++ roles/nameserver/tasks/install_unbound.yml | 1 + roles/nameserver/tasks/main.yml | 9 +++----- roles/nameserver/vars/Archlinux.yml | 7 +++++- roles/nameserver/vars/Debian.yml | 7 +++++- roles/nameserver/vars/Ubuntu.yml | 7 +++++- roles/server/tasks/utilities/snmpd.yml | 10 ++++----- .../webserver/tasks/configure_nginx_snmpd.yml | 2 +- 12 files changed, 57 insertions(+), 21 deletions(-) create mode 100644 groups_vars/all create mode 100644 roles/nameserver/tasks/disable-systemd-resolved.yml diff --git a/groups_vars/all b/groups_vars/all new file mode 100644 index 0000000..a47a9a4 --- /dev/null +++ b/groups_vars/all @@ -0,0 +1 @@ +snmpd_conf: /etc/snmp/snmpd.conf \ No newline at end of file diff --git a/roles/database/tasks/configure_snmpd.yml b/roles/database/tasks/configure_snmpd.yml index c76685d..a260fba 100644 --- a/roles/database/tasks/configure_snmpd.yml +++ b/roles/database/tasks/configure_snmpd.yml @@ -44,7 +44,7 @@ - name: database | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend postgres /usr/bin/sudo -u postgres /etc/snmp/postgres" insertafter: "# SECTION: Extends" @@ -53,7 +53,7 @@ - name: database | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend mysql /etc/snmp/mysql" insertafter: "# SECTION: Extends" diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index a795ef6..7598c79 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -28,16 +28,16 @@ - name: nameserver | snmpd | configure named for statistics lineinfile: - path: "/etc/bind/named.conf.options" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). + path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). state: present line: 'statistics-file "/var/cache/bind/stats"; zone-statistics yes;' - insertafter: "options {" + insertbefore: "};" validate: /usr/sbin/named-checkconf %s notify: restart_named - name: nameserver | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend bind /etc/snmp/bind" insertafter: "# SECTION: Extends" diff --git a/roles/nameserver/tasks/configure_unbound_snmpd.yml b/roles/nameserver/tasks/configure_unbound_snmpd.yml index d152264..cbb0dbc 100644 --- a/roles/nameserver/tasks/configure_unbound_snmpd.yml +++ b/roles/nameserver/tasks/configure_unbound_snmpd.yml @@ -8,7 +8,7 @@ - name: nameserver | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend unbound /usr/bin/sudo /etc/snmp/unbound" insertafter: "# SECTION: Extends" diff --git a/roles/nameserver/tasks/disable-systemd-resolved.yml b/roles/nameserver/tasks/disable-systemd-resolved.yml new file mode 100644 index 0000000..3d15fa8 --- /dev/null +++ b/roles/nameserver/tasks/disable-systemd-resolved.yml @@ -0,0 +1,22 @@ +- name: nameserver | systemd-resolved | edit config + lineinfile: + path: "/etc/systemd/resolved.conf" + regexp: "^.*DNSStubListener=.*$" + state: present + line: "DNSStubListener=no" + +- name: nameserver | systemd-resolved | stop and disable service + service: + name: "systemd-resolved" + state: stopped + enabled: false + +- name: nameserver | systemd-resolved | remove /etc/resolv.conf (symlink) + file: + path: "/etc/resolv.conf" + state: absent + +- name: nameserver | systemd-resolved | create new /etc/resolv.conf + copy: + dest: "/etc/resolv.conf" + content: nameserver 127.0.0.1 \ No newline at end of file diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml index e6b8020..aa5ab6a 100644 --- a/roles/nameserver/tasks/install_unbound.yml +++ b/roles/nameserver/tasks/install_unbound.yml @@ -10,4 +10,5 @@ mode: "0644" owner: "root" group: "root" + verify: "unbound-checkconf /etc/unbound/unbound.conf.d/network.conf" notify: restart_unbound \ No newline at end of file diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 83b8455..9788e09 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -3,14 +3,11 @@ tags: always - block: - - debug: - msg: Debug + - name: nameserver | unbound | disable systemd-resolved + include_tasks: disable-systemd-resolved.yml + when: bind == true or unbound == true - # # import role - # - import_role: - # name: # required. The name of the role to be executed. - block: - # install software - include_tasks: install_bind.yml - include_tasks: configure_bind_snmpd.yml rescue: diff --git a/roles/nameserver/vars/Archlinux.yml b/roles/nameserver/vars/Archlinux.yml index fdc6336..cf3109b 100644 --- a/roles/nameserver/vars/Archlinux.yml +++ b/roles/nameserver/vars/Archlinux.yml @@ -1,3 +1,8 @@ bind_package: bind unbound_package: unbound -perl_readbackwards: perl-file-readbackwards \ No newline at end of file +perl_readbackwards: perl-file-readbackwards + +# named / bind specific +named_conf_zones: /etc/named.conf +named_conf_options: /etc/named.conf +named_conf_local: /etc/named.conf \ No newline at end of file diff --git a/roles/nameserver/vars/Debian.yml b/roles/nameserver/vars/Debian.yml index be7d2f2..857da7d 100644 --- a/roles/nameserver/vars/Debian.yml +++ b/roles/nameserver/vars/Debian.yml @@ -1,3 +1,8 @@ bind_package: bind9 unbound_package: unbound -perl_readbackwards: libfile-readbackwards-perl \ No newline at end of file +perl_readbackwards: libfile-readbackwards-perl + +# named / bind specific +named_conf_zones: /etc/bind/named.conf.default-zones +named_conf_options: /etc/bind/named.conf.options +named_conf_local: /etc/bind/named.conf.local \ No newline at end of file diff --git a/roles/nameserver/vars/Ubuntu.yml b/roles/nameserver/vars/Ubuntu.yml index be7d2f2..857da7d 100644 --- a/roles/nameserver/vars/Ubuntu.yml +++ b/roles/nameserver/vars/Ubuntu.yml @@ -1,3 +1,8 @@ bind_package: bind9 unbound_package: unbound -perl_readbackwards: libfile-readbackwards-perl \ No newline at end of file +perl_readbackwards: libfile-readbackwards-perl + +# named / bind specific +named_conf_zones: /etc/bind/named.conf.default-zones +named_conf_options: /etc/bind/named.conf.options +named_conf_local: /etc/bind/named.conf.local \ No newline at end of file diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index 8eba7af..23c25f0 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -17,7 +17,7 @@ - name: server | snmpd | insert anchors to snmpd.conf blockinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" marker: "# {mark} ANSIBLE MANAGED BLOCK" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs. block: | ################################################################################ @@ -35,13 +35,13 @@ - name: server | snmpd | setup ACLs lineinfile: - path: "/etc/snmp/snmpd.conf" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). + path: "{{ snmpd_conf }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). line: "rouser {{snmp_user }} authpriv" insertafter: "# SECTION: custom settings" - name: server | snmpd | enable service on wireguard interface lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" regexp: "^agentaddress.*$" state: present line: "agentaddress 127.0.0.1,{{ wg_local_ip | ipaddr('address') }},[::1]" @@ -49,7 +49,7 @@ - name: server | snmpd | enable service on all interfaces lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" regexp: "^agentaddress.*$" state: present line: "agentaddress udp:161,udp6:[::1]:161" @@ -63,7 +63,7 @@ - name: server | snmpd | configure extends lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend {{ item.service }} '{{ item.script }}'" insertafter: "# SECTION: custom settings" diff --git a/roles/webserver/tasks/configure_nginx_snmpd.yml b/roles/webserver/tasks/configure_nginx_snmpd.yml index 139c6a3..7a15834 100644 --- a/roles/webserver/tasks/configure_nginx_snmpd.yml +++ b/roles/webserver/tasks/configure_nginx_snmpd.yml @@ -8,7 +8,7 @@ - name: webserver | snmpd | configure extend lineinfile: - path: "/etc/snmp/snmpd.conf" + path: "{{ snmpd_conf }}" state: present line: "extend nginx /etc/snmp/nginx" insertafter: "# SECTION: custom settings" From 745b50de2166503d73f9003da380c058f1ea9bcc Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 11:53:00 +0100 Subject: [PATCH 58/72] must be after the options line because '};' can belong to any section --- roles/nameserver/tasks/configure_bind_snmpd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index 7598c79..a03aea0 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -31,7 +31,7 @@ path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). state: present line: 'statistics-file "/var/cache/bind/stats"; zone-statistics yes;' - insertbefore: "};" + insertafter: "options {" validate: /usr/sbin/named-checkconf %s notify: restart_named From abe744ba9c9e59c8ac7092071fc459e67c74042a Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 13:45:18 +0100 Subject: [PATCH 59/72] config changes for bind --- roles/nameserver/tasks/install_bind.yml | 20 +++++++++++++++++++- roles/nameserver/vars/Archlinux.yml | 3 ++- roles/nameserver/vars/Debian.yml | 3 ++- roles/nameserver/vars/Ubuntu.yml | 3 ++- 4 files changed, 25 insertions(+), 4 deletions(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index 1ca7e9b..7824389 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -1,4 +1,22 @@ - name: nameserver | bind | install packages package: name: "{{ bind_package }}" - state: present \ No newline at end of file + state: present + +- name: nameserver | bind | basic configuration + replace: + path: "{{ named_conf_options }}" + regexp: + replace: "{{ item.option }}" + validate: "{{ named_checkconf }} {{ named_conf_options }}" + loop: + - { regexp: '^\s*listen-on {(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"} + - { regexp: '^\s*listen-on-v6 {(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} + + + lineinfile: + path: "{{ named_conf_options }}" + regexp: "{{ item.regexp }}" + state: present + line: "{{ item.option }}" + insertafter: "options {" \ No newline at end of file diff --git a/roles/nameserver/vars/Archlinux.yml b/roles/nameserver/vars/Archlinux.yml index cf3109b..144d56c 100644 --- a/roles/nameserver/vars/Archlinux.yml +++ b/roles/nameserver/vars/Archlinux.yml @@ -5,4 +5,5 @@ perl_readbackwards: perl-file-readbackwards # named / bind specific named_conf_zones: /etc/named.conf named_conf_options: /etc/named.conf -named_conf_local: /etc/named.conf \ No newline at end of file +named_conf_local: /etc/named.conf +named_checkconf: /usr/bin/named-checkconf \ No newline at end of file diff --git a/roles/nameserver/vars/Debian.yml b/roles/nameserver/vars/Debian.yml index 857da7d..39af645 100644 --- a/roles/nameserver/vars/Debian.yml +++ b/roles/nameserver/vars/Debian.yml @@ -5,4 +5,5 @@ perl_readbackwards: libfile-readbackwards-perl # named / bind specific named_conf_zones: /etc/bind/named.conf.default-zones named_conf_options: /etc/bind/named.conf.options -named_conf_local: /etc/bind/named.conf.local \ No newline at end of file +named_conf_local: /etc/bind/named.conf.local +named_checkconf: /usr/sbin/named-checkconf \ No newline at end of file diff --git a/roles/nameserver/vars/Ubuntu.yml b/roles/nameserver/vars/Ubuntu.yml index 857da7d..39af645 100644 --- a/roles/nameserver/vars/Ubuntu.yml +++ b/roles/nameserver/vars/Ubuntu.yml @@ -5,4 +5,5 @@ perl_readbackwards: libfile-readbackwards-perl # named / bind specific named_conf_zones: /etc/bind/named.conf.default-zones named_conf_options: /etc/bind/named.conf.options -named_conf_local: /etc/bind/named.conf.local \ No newline at end of file +named_conf_local: /etc/bind/named.conf.local +named_checkconf: /usr/sbin/named-checkconf \ No newline at end of file From 612c1ee399ced636b043edac69aa88637cca8dfd Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 13:51:42 +0100 Subject: [PATCH 60/72] typo --- {groups_vars => group_vars}/all | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {groups_vars => group_vars}/all (100%) diff --git a/groups_vars/all b/group_vars/all similarity index 100% rename from groups_vars/all rename to group_vars/all From aa9b2283ebd2a7340c58b3c8a11b0f04c19e5fa9 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 13:57:53 +0100 Subject: [PATCH 61/72] removed unneeded stuff --- roles/nameserver/tasks/disable-systemd-resolved.yml | 3 ++- roles/nameserver/tasks/install_bind.yml | 10 +--------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/roles/nameserver/tasks/disable-systemd-resolved.yml b/roles/nameserver/tasks/disable-systemd-resolved.yml index 3d15fa8..9813bee 100644 --- a/roles/nameserver/tasks/disable-systemd-resolved.yml +++ b/roles/nameserver/tasks/disable-systemd-resolved.yml @@ -19,4 +19,5 @@ - name: nameserver | systemd-resolved | create new /etc/resolv.conf copy: dest: "/etc/resolv.conf" - content: nameserver 127.0.0.1 \ No newline at end of file + content: | + nameserver 127.0.0.1 diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index 7824389..35f5ab5 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -11,12 +11,4 @@ validate: "{{ named_checkconf }} {{ named_conf_options }}" loop: - { regexp: '^\s*listen-on {(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"} - - { regexp: '^\s*listen-on-v6 {(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} - - - lineinfile: - path: "{{ named_conf_options }}" - regexp: "{{ item.regexp }}" - state: present - line: "{{ item.option }}" - insertafter: "options {" \ No newline at end of file + - { regexp: '^\s*listen-on-v6 {(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} \ No newline at end of file From f22802c6d649c65f4ac9474d2caaff79a6cf5257 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 14:24:32 +0100 Subject: [PATCH 62/72] added aditional confid change if first replace did not work, because regex not present --- roles/nameserver/tasks/install_bind.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index 35f5ab5..ef9e006 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -11,4 +11,14 @@ validate: "{{ named_checkconf }} {{ named_conf_options }}" loop: - { regexp: '^\s*listen-on {(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"} - - { regexp: '^\s*listen-on-v6 {(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} \ No newline at end of file + - { regexp: '^\s*listen-on-v6 {(?:\s\n]*(?:any;[\s\n]*};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} + - { regexp: '^\s*listen-on-v6 {(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} + +- name: nameserver | bind | basic configuration cont'd + lineinfile: + path: "{{ named_conf_options }}" + regexp: '^\s*listen-on {.*};' + state: present + line: "\listen-on { {{ ansible_default-ipv4.address }}; };" + insertafter: "options {" + validate: "{{ named_checkconf }} {{ named_conf_options }}" \ No newline at end of file From 17d8183ccaa1b7bc59829d861b31881026e2c225 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 14:29:17 +0100 Subject: [PATCH 63/72] typo again --- roles/nameserver/tasks/install_bind.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index ef9e006..f6d7eaf 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -19,6 +19,6 @@ path: "{{ named_conf_options }}" regexp: '^\s*listen-on {.*};' state: present - line: "\listen-on { {{ ansible_default-ipv4.address }}; };" + line: "\tlisten-on { {{ ansible_default-ipv4.address }}; };" insertafter: "options {" validate: "{{ named_checkconf }} {{ named_conf_options }}" \ No newline at end of file From 4216e309bb9fe6398f532d7de6ade68a552da213 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 14:35:11 +0100 Subject: [PATCH 64/72] literal curly braces must be escaped in regex --- roles/nameserver/tasks/install_bind.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index f6d7eaf..7bfdae1 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -10,14 +10,14 @@ replace: "{{ item.option }}" validate: "{{ named_checkconf }} {{ named_conf_options }}" loop: - - { regexp: '^\s*listen-on {(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"} - - { regexp: '^\s*listen-on-v6 {(?:\s\n]*(?:any;[\s\n]*};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} - - { regexp: '^\s*listen-on-v6 {(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} + - { regexp: '^\s*listen-on \{(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*\};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"} + - { regexp: '^\s*listen-on-v6 \{(?:\s\n]*(?:any;[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} + - { regexp: '^\s*listen-on-v6 \{(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} - name: nameserver | bind | basic configuration cont'd lineinfile: path: "{{ named_conf_options }}" - regexp: '^\s*listen-on {.*};' + regexp: '^\s*listen-on \{.*\};' state: present line: "\tlisten-on { {{ ansible_default-ipv4.address }}; };" insertafter: "options {" From 65a4f4f395d4be96415f9c1cc78e66662f287786 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 14:52:45 +0100 Subject: [PATCH 65/72] testing --- roles/nameserver/tasks/install_bind.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index 7bfdae1..501130a 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -10,15 +10,15 @@ replace: "{{ item.option }}" validate: "{{ named_checkconf }} {{ named_conf_options }}" loop: - - { regexp: '^\s*listen-on \{(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*\};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"} - - { regexp: '^\s*listen-on-v6 \{(?:\s\n]*(?:any;[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} - - { regexp: '^\s*listen-on-v6 \{(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} + - { regexp: '^\s*listen-on \{(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*\};', option: " listen-on { {{ ansible_default_ipv4.address }}; };"} + - { regexp: '^\s*listen-on-v6 \{(?:\s\n]*(?:any;[\s\n]*\};', option: " listen-on-v6 { {{ ansible_default_ipv6.address }}; };"} + - { regexp: '^\s*listen-on-v6 \{(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*\};', option: " listen-on-v6 { {{ ansible_default_ipv6.address }}; };"} - name: nameserver | bind | basic configuration cont'd lineinfile: path: "{{ named_conf_options }}" regexp: '^\s*listen-on \{.*\};' state: present - line: "\tlisten-on { {{ ansible_default-ipv4.address }}; };" + line: " listen-on { {{ ansible_default-ipv4.address }}; };" insertafter: "options {" validate: "{{ named_checkconf }} {{ named_conf_options }}" \ No newline at end of file From 8c66c7adb2555b8ca9935a926cabea4ec319bebd Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 14:58:19 +0100 Subject: [PATCH 66/72] forgot to set regexp in replace --- roles/nameserver/tasks/install_bind.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index 501130a..1cf5367 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -6,13 +6,13 @@ - name: nameserver | bind | basic configuration replace: path: "{{ named_conf_options }}" - regexp: + regexp: "{{ item.regexp }}" replace: "{{ item.option }}" validate: "{{ named_checkconf }} {{ named_conf_options }}" loop: - - { regexp: '^\s*listen-on \{(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*\};', option: " listen-on { {{ ansible_default_ipv4.address }}; };"} - - { regexp: '^\s*listen-on-v6 \{(?:\s\n]*(?:any;[\s\n]*\};', option: " listen-on-v6 { {{ ansible_default_ipv6.address }}; };"} - - { regexp: '^\s*listen-on-v6 \{(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*\};', option: " listen-on-v6 { {{ ansible_default_ipv6.address }}; };"} + - { regexp: '^\s*listen-on \{(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*\};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"} + - { regexp: '^\s*listen-on-v6 \{(?:\s\n]*(?:any;[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} + - { regexp: '^\s*listen-on-v6 \{(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} - name: nameserver | bind | basic configuration cont'd lineinfile: From b282243f480785fe3a30c045a80bdbbfc89e1785 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 15:08:24 +0100 Subject: [PATCH 67/72] corrected regex --- roles/nameserver/tasks/install_bind.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index 1cf5367..7365237 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -11,14 +11,14 @@ validate: "{{ named_checkconf }} {{ named_conf_options }}" loop: - { regexp: '^\s*listen-on \{(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*\};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"} - - { regexp: '^\s*listen-on-v6 \{(?:\s\n]*(?:any;[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} - - { regexp: '^\s*listen-on-v6 \{(?:[\s\n]*(?:[\da-f:]*;)*[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} + - { regexp: '^\s*listen-on-v6 \{[\s\n]*any;[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} + - { regexp: '^\s*listen-on-v6 \{(?:[\s\n]*[\da-z:]*;)[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} - name: nameserver | bind | basic configuration cont'd lineinfile: path: "{{ named_conf_options }}" regexp: '^\s*listen-on \{.*\};' state: present - line: " listen-on { {{ ansible_default-ipv4.address }}; };" + line: "\tlisten-on { {{ ansible_default-ipv4.address }}; };" insertafter: "options {" validate: "{{ named_checkconf }} {{ named_conf_options }}" \ No newline at end of file From a48722862e51395c5546cc2eb06c23d4b7384316 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 15:12:55 +0100 Subject: [PATCH 68/72] corrected use of validate --- roles/nameserver/tasks/install_bind.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index 7365237..6ef26d5 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -21,4 +21,4 @@ state: present line: "\tlisten-on { {{ ansible_default-ipv4.address }}; };" insertafter: "options {" - validate: "{{ named_checkconf }} {{ named_conf_options }}" \ No newline at end of file + validate: "{{ named_checkconf }} %s" \ No newline at end of file From ff51ad307b93796675d1c4d4735c573cf9b289b7 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 15:14:37 +0100 Subject: [PATCH 69/72] forgot one validate --- roles/nameserver/tasks/install_bind.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index 6ef26d5..5476440 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -8,7 +8,7 @@ path: "{{ named_conf_options }}" regexp: "{{ item.regexp }}" replace: "{{ item.option }}" - validate: "{{ named_checkconf }} {{ named_conf_options }}" + validate: "{{ named_checkconf }} %s" loop: - { regexp: '^\s*listen-on \{(?:[\s\n]*(?:\d{1,3}\.){3}\d{1,3};)*[\s\n]*\};', option: "\tlisten-on { {{ ansible_default_ipv4.address }}; };"} - { regexp: '^\s*listen-on-v6 \{[\s\n]*any;[\s\n]*\};', option: "\tlisten-on-v6 { {{ ansible_default_ipv6.address }}; };"} From 557e55585f26cc2e6c111806d7c751718f641bf4 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 15:19:30 +0100 Subject: [PATCH 70/72] another typo --- roles/nameserver/tasks/install_bind.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml index 5476440..7309d9f 100644 --- a/roles/nameserver/tasks/install_bind.yml +++ b/roles/nameserver/tasks/install_bind.yml @@ -19,6 +19,6 @@ path: "{{ named_conf_options }}" regexp: '^\s*listen-on \{.*\};' state: present - line: "\tlisten-on { {{ ansible_default-ipv4.address }}; };" + line: "\tlisten-on { {{ ansible_default_ipv4.address }}; };" insertafter: "options {" validate: "{{ named_checkconf }} %s" \ No newline at end of file From c6328681a1c2e9674052c6a4ef839775a2adccd5 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 15:30:50 +0100 Subject: [PATCH 71/72] restart named and linebreak --- roles/nameserver/tasks/configure_bind_snmpd.yml | 2 +- roles/nameserver/tasks/main.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index a03aea0..3c3a89f 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -30,7 +30,7 @@ lineinfile: path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). state: present - line: 'statistics-file "/var/cache/bind/stats"; zone-statistics yes;' + line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;' insertafter: "options {" validate: /usr/sbin/named-checkconf %s notify: restart_named diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index 9788e09..a3291a3 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -12,6 +12,7 @@ - include_tasks: configure_bind_snmpd.yml rescue: - set_fact: task_failed=true + notify: restart_named when: bind == true - block: From 55f0e32c84697b476f71e890994cc565ca171873 Mon Sep 17 00:00:00 2001 From: rene Date: Thu, 24 Mar 2022 15:34:19 +0100 Subject: [PATCH 72/72] disabled cron for ansible and added error handler --- roles/base/tasks/system_setup/cron.yml | 30 +++++++++++++------------- roles/mastodon/tasks/main.yml | 6 +++--- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/base/tasks/system_setup/cron.yml b/roles/base/tasks/system_setup/cron.yml index f91e9d7..82e15c5 100644 --- a/roles/base/tasks/system_setup/cron.yml +++ b/roles/base/tasks/system_setup/cron.yml @@ -13,22 +13,22 @@ enabled: true when: ansible_distribution == "Archlinux" -- name: system setup | cron | schedule automatic ansible provisioning - tags: cron - cron: - name: "ansible provision" - user: ansible - hour: "{{ ansible_cron_hour | default('*') }}" - minute: "{{ ansible_cron_minute | default('*/30') }}" - job: "/usr/local/bin/provision > /dev/null" +# - name: system setup | cron | schedule automatic ansible provisioning +# tags: cron +# cron: +# name: "ansible provision" +# user: ansible +# hour: "{{ ansible_cron_hour | default('*') }}" +# minute: "{{ ansible_cron_minute | default('*/30') }}" +# job: "/usr/local/bin/provision > /dev/null" -- name: system setup | cron | schedule ansible cleanup at boot - tags: cron - cron: - name: "ansible refresh at boot" - user: ansible - special_time: reboot - job: "/bin/rm -rf /home/ansible/.ansible" +# - name: system setup | cron | schedule ansible cleanup at boot +# tags: cron +# cron: +# name: "ansible refresh at boot" +# user: ansible +# special_time: reboot +# job: "/bin/rm -rf /home/ansible/.ansible" - name: system setup | cron | Send me a list of upgradeable packages daily tags: cron diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index 3b37433..a8564dd 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -8,8 +8,6 @@ - include_tasks: system_setup/prepare_packagemanager.yml - block: - - debug: - msg: "mysql: {{ mysql }}" - include_role: name=database - include_tasks: system_setup/prepare_database.yml - include_role: name=webserver @@ -18,4 +16,6 @@ - include_tasks: system_setup/user.yml - include_tasks: system_setup/ruby.yml - include_tasks: system_setup/mastodon.yml - - include_tasks: system_setup/letsencrypt.yml \ No newline at end of file + - include_tasks: system_setup/letsencrypt.yml + rescue: + - set_fact: task_failed=true \ No newline at end of file