diff --git a/local.yml b/local.yml index a283f1e..4ffaaea 100644 --- a/local.yml +++ b/local.yml @@ -12,31 +12,31 @@ pre_tasks: - name: pre-run | get status of marker file - stat: + ansible.builtin.stat: path: "{{ ansible_pull_marker_file }}" register: marker_file_stat tags: always - name: pre-run | check if last run was within cooldown period - meta: end_play + ansible.builtin.meta: end_play when: - marker_file_stat.stat.exists - (ansible_date_time.epoch | int) - (marker_file_stat.stat.mtime | int) < (ansible_reboot_cooldown_minutes | int * 60) tags: always - name: pre-run | set marker file path as a cached fact - set_fact: + ansible.builtin.set_fact: ansible_pull_marker_file: "{{ ansible_pull_marker_file }}" cacheable: true tags: always - name: pre-run | update apt repository (debian, ubuntu, etc.) # noqa no-changed-when - apt: update_cache=yes + ansible.builtin.apt: update_cache=yes #changed_when: false when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] ignore_errors: True - name: pre-run | update pacman repository (arch) - pacman: update_cache=yes + community.general.pacman: update_cache=yes #changed_when: false when: ansible_distribution == 'Archlinux' ignore_errors: True @@ -50,12 +50,12 @@ - hosts: all:!database pre_tasks: - name: pre-run | upgrade system (debian, ubuntu, etc.) - apt: upgrade=dist + ansible.builtin.apt: upgrade=dist #changed_when: false when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] ignore_errors: True - name: pre-run | upgrade system (arch) - pacman: upgrade=true + community.general.pacman: upgrade=true when: ansible_distribution == 'Archlinux' ignore_errors: True @@ -216,14 +216,14 @@ post_tasks: - name: cleanup package cache (debian and ubuntu) tags: always - apt: + ansible.builtin.apt: autoclean: yes changed_when: false when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] - name: autoremove orphan packages (debian and ubuntu) tags: always - apt: + ansible.builtin.apt: autoremove: yes purge: yes when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] @@ -231,7 +231,7 @@ - name: post-run | update marker file timestamp on successful run file: path: "{{ ansible_pull_marker_file }}" - state: touch + state: ansible.builtin.touch tags: always # - name: send completion alert # include_tasks: playbooks/send_completion_alert.yml diff --git a/roles/backup/tasks/system_setup/copy_backup_config.yml b/roles/backup/tasks/system_setup/copy_backup_config.yml index 465c8db..3c5d8a2 100644 --- a/roles/backup/tasks/system_setup/copy_backup_config.yml +++ b/roles/backup/tasks/system_setup/copy_backup_config.yml @@ -1,5 +1,5 @@ - name: backup | system setup | create backup config directory - file: + ansible.builtin.file: path: "{{ item }}" state: directory loop: @@ -8,24 +8,24 @@ - "/opt/backup/config" - name: backup | system setup | create a link to backup script - file: + ansible.builtin.file: path: "/opt/backup/bin/backup_remote.bash" state: link src: "{{ ansible_user_dir }}/bin/backup_remote.bash" - name: backup | system setup | copy backup config files - copy: + ansible.builtin.copy: dest: "/opt/backup/config/" src: "config/" - name: backup | system setup | copy backup config files 2 - template: + ansible.builtin.template: src: "backup_remote.j2" dest: "/opt/backup/config/backup_remote.conf" force: Yes - name: backup | system setup | add entries to ssh_config - blockinfile: + ansible.builtin.blockinfile: dest: "{{ ansible_user_dir }}/.ssh/config" block: "{{ lookup('template', 'ssh_config.j2') }}" marker: "## {mark} ANSIBLE MANAGED BLOCK FOR backup" diff --git a/roles/docker/tasks/install_docker.yml b/roles/docker/tasks/install_docker.yml index ef887d9..f82dee1 100644 --- a/roles/docker/tasks/install_docker.yml +++ b/roles/docker/tasks/install_docker.yml @@ -1,13 +1,13 @@ - block: - name: docker | install docker | get convenience script - get_url: + ansible.builtin.get_url: url: "https://get.docker.com" dest: "~/get-docker.sh" mode: "0777" # not required. The permissions the resulting file or directory should have. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)). As of Ansible 2.6, the mode may also be the special string C(preserve). When set to C(preserve) the file will be given the same permissions as the source file. use_proxy: No - name: docker | install docker | execute convenience script - shell: + ansible.builtin.shell: cmd: "/tmp/get-docker.sh" creates: /usr/bin/docker @@ -18,7 +18,7 @@ when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] - name: docker | install docker | docker-compose - package: + ansible.builtin.package: name: "{{ item }}" state: latest loop: @@ -26,7 +26,7 @@ - docker-compose - name: docker | install docker | enable service - service: + ansible.builtin.service: name: docker state: started enabled: true \ No newline at end of file diff --git a/roles/drone/tasks/create_app.yml b/roles/drone/tasks/create_app.yml index 1d7fe46..100d19b 100644 --- a/roles/drone/tasks/create_app.yml +++ b/roles/drone/tasks/create_app.yml @@ -1,20 +1,20 @@ - name: drone | create app | generate shared secret - command: openssl rand -hex 16 + ansible.builtin.command: openssl rand -hex 16 register: DRONE_RPC_SECRET - name: drone | create app | create docker dir - file: + ansible.builtin.file: path: "/opt/docker/drone" state: directory - name: drone | create app | create docker-compose.yml - template: + ansible.builtin.template: src: "docker-compose.yml.j2" dest: "/opt/docker/drone/docker-compose.yml" force: no validate: "docker-compose -f %s config" # not required. The validation command to run before copying into place. The path to the file to validate is passed in via '%s' which must be present as in the examples below. The command is passed securely so shell features like expansion and pipes will not work. - name: drone | create app | start docker container - command: + ansible.builtin.command: cmd: "docker-compose up -d" chdir: "/opt/docker/drone" \ No newline at end of file diff --git a/roles/podman/tasks/main.yml b/roles/podman/tasks/main.yml index 7aa9631..6b7a264 100644 --- a/roles/podman/tasks/main.yml +++ b/roles/podman/tasks/main.yml @@ -8,7 +8,7 @@ update_cache: yes - name: Create local mount point for Podman NFS data - ansible.builtin.file: + ansible.builtin.file: # noqa name[missing] path: "{{ podman_data_mount_point }}" state: directory mode: '0755' @@ -48,7 +48,7 @@ update_cache: yes - name: Create directory for Portainer compose file - ansible.builtin.file: + ansible.builtin.file: # noqa name[missing] path: "{{ podman_data_mount_point }}/compose/portainer" state: directory mode: '0755' diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index e712424..70d844f 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -1,12 +1,12 @@ -- include_vars: snmp_users.yml +- ansible.builtin.include_vars: snmp_users.yml - name: server | snmpd | install package - package: + ansible.builtin.package: name: "{{ snmpd_package }}" state: present - name: server | snmpd | install sudoers file - copy: + ansible.builtin.copy: dest: "/etc/sudoers.d/10-debian-snmp" src: "sudoers" owner: "root" @@ -16,14 +16,14 @@ when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] - name: server | snmpd | create /etc/snmp - file: + ansible.builtin.file: path: "/etc/snmp" state: directory owner: "root" group: "root" - name: server | snmpd | insert anchors to snmpd.conf - blockinfile: + ansible.builtin.blockinfile: path: "{{ snmpd_conf }}" create: true marker: "# {mark} ANSIBLE MANAGED BLOCK" @@ -32,24 +32,24 @@ # SECTION: custom settings - name: server | snmpd | stop service - service: + ansible.builtin.service: name: "snmpd" state: stopped - name: server | snmpd | setup monitoring user SNMPv3 - lineinfile: + ansible.builtin.lineinfile: path: "{{ snmpd_user_file }}" create: true line: "createuser {{ snmp_user }} {{ snmp_auth_proto }} {{ snmp_auth_pass }} {{ snmp_priv_proto }} {{ snmp_priv_pass }}" - name: server | snmpd | setup ACLs - lineinfile: + ansible.builtin.lineinfile: path: "{{ snmpd_conf }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). line: "rouser {{ snmp_user }} authpriv" insertafter: "# SECTION: custom settings" - name: server | snmpd | enable service on wireguard interface - lineinfile: + ansible.builtin.lineinfile: path: "{{ snmpd_conf }}" regexp: "^agentaddress.*$" state: present @@ -57,34 +57,34 @@ when: wg_local_ip is defined - name: server | snmpd | set sysLocation - lineinfile: + ansible.builtin.lineinfile: path: "{{ snmpd_conf }}" regexp: '^sysLocation.*$' state: present line: "sysLocation {{ snmp_location }}" - name: server | snmpd | set sysContact - lineinfile: + ansible.builtin.lineinfile: path: "{{ snmpd_conf }}" regexp: '^sysContact.*$' state: present line: "sysContact {{ snmp_contact }}" - name: server | snmpd | enable service on all interfaces - lineinfile: + ansible.builtin.lineinfile: path: "{{ snmpd_conf }}" regexp: "^agentaddress.*$" state: absent when: wg_local_ip is not defined - name: server | snmpd | copy distro script - copy: + ansible.builtin.copy: dest: "/etc/snmp/distro" src: "distro" mode: "0755" - name: server | snmpd | get os-updates script - get_url: + ansible.builtin.get_url: url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate" dest: "/etc/snmp/osupdate" mode: "0755" @@ -92,7 +92,7 @@ group: "root" - name: server | snmpd | configure extends - lineinfile: + ansible.builtin.lineinfile: path: "{{ snmpd_conf }}" state: present line: "extend {{ item.service }} '{{ item.script }}'" @@ -106,14 +106,14 @@ - block: - name: server | snmpd | get proxmox script - get_url: + ansible.builtin.get_url: url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/proxmox" dest: "/usr/local/bin/proxmox" mode: "0755" owner: "root" group: "root" - name: server | snmpd | configure proxmox extends - lineinfile: + ansible.builtin.lineinfile: path: "{{ snmpd_conf }}" state: present line: "extend proxmox {{ sudo }} /usr/local/bin/proxmox" @@ -123,7 +123,7 @@ - is_proxmox == true - name: server | snmpd start service - service: + ansible.builtin.service: name: "snmpd" state: started enabled: true \ No newline at end of file diff --git a/roles/server/tasks/utilities/telegraf.yml b/roles/server/tasks/utilities/telegraf.yml index 8e5f630..a0c74f6 100644 --- a/roles/server/tasks/utilities/telegraf.yml +++ b/roles/server/tasks/utilities/telegraf.yml @@ -4,29 +4,29 @@ # state: absent - name: server | telegraf | download key - uri: + ansible.builtin.uri: url: "https://repos.influxdata.com/influxdata-archive_compat.key" dest: "/tmp/influxdb.key" creates: "/tmp/influxdb.key" - name: server | telegraf | verify and import key - shell: + ansible.builtin.shell: cmd: "echo '393e8779c89ac8d958f81f942f9ad7fb82a25e133faddaf92e15b16e6ac9ce4c /tmp/influxdb.key' | sha256sum -c && cat /tmp/influxdb.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null" creates: "/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg" - name: server | telegraf | add repository - shell: + ansible.builtin.shell: cmd: "echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | sudo tee /etc/apt/sources.list.d/influxdata.list" creates: "/etc/apt/sources.list.d/influxdata.list" - name: server | telegraf | install telegraf - apt: + ansible.builtin.apt: name: "telegraf" state: latest update_cache: yes - name: server | telegraf | copy basic config - copy: + ansible.builtin.copy: dest: "/etc/telegraf/telegraf.d/{{ item | basename }}" src: "{{ item }}" with_fileglob: diff --git a/roles/webservers/tasks/apps/nextcloud/prereq.yml b/roles/webservers/tasks/apps/nextcloud/prereq.yml index 3930e9b..2f8e71a 100644 --- a/roles/webservers/tasks/apps/nextcloud/prereq.yml +++ b/roles/webservers/tasks/apps/nextcloud/prereq.yml @@ -1,5 +1,5 @@ - name: webservers | nextcloud | basic tools - package: + ansible.builtin.package: state: latest name: - ca-certificates @@ -10,19 +10,19 @@ when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] - name: webservers | nextcloud | prereq | get php repo key - uri: + ansible.builtin.uri: url: "https://packages.sury.org/php/apt.gpg" dest: "/etc/apt/trusted.gpg.d/php.gpg" - name: webservers | nextcloud | prereq | add php repo - lineinfile: + ansible.builtin.lineinfile: path: "/etc/apt/sources.list.d/php.list" state: present line: "deb https://packages.sury.org/php/ {{ ansible_distribution_release | lower }} main" create: True - name: webservers | nextcloud | prereq | install php - package: + ansible.builtin.package: state: latest name: "{{ item.package }}" update_cache: True