diff --git a/host_vars/mewitoot.de.yml b/host_vars/mewitoot.de.yml index 06fbfa6..c687cc6 100644 --- a/host_vars/mewitoot.de.yml +++ b/host_vars/mewitoot.de.yml @@ -26,4 +26,5 @@ wireguard: true wg_local_ip: 192.168.3.11/24 # Application -migration: true \ No newline at end of file +migration: true +mastodon_host: "{{ hostname }}" \ No newline at end of file diff --git a/local.yml b/local.yml index 5f5fdc1..84b2b7d 100644 --- a/local.yml +++ b/local.yml @@ -44,6 +44,12 @@ roles: - server +- hosts: nameserver + tags: server,nameserver + become: true + roles: + - nameserver + - hosts: webserver tags: server,webserver become: true @@ -80,12 +86,6 @@ roles: - mastodon -- hosts: nameserver - tags: server,nameserver - become: true - roles: - - nameserver - # - hosts: printspooler # tags: server,printspooler # become: true diff --git a/roles/base/tasks/software/packages_zsh.yml b/roles/base/tasks/software/packages_zsh.yml index 94ad062..105820d 100644 --- a/roles/base/tasks/software/packages_zsh.yml +++ b/roles/base/tasks/software/packages_zsh.yml @@ -10,4 +10,4 @@ # - zsh-lovers - zsh-syntax-highlighting # - zsh-theme-powerlevel10k - - zshdb +# - zshdb diff --git a/roles/base/tasks/system_setup/clock.yml b/roles/base/tasks/system_setup/clock.yml index a4b8a8e..0b780a3 100644 --- a/roles/base/tasks/system_setup/clock.yml +++ b/roles/base/tasks/system_setup/clock.yml @@ -5,12 +5,10 @@ state: latest when: ansible_distribution in ["Pop!_OS", "Ubuntu"] -# Currently systemd-timesyncd for debian is available only in buster-backports - name: system setup | clock | install systemd-timesyncd (debian) tags: ntp, system setup apt: name: systemd-timesyncd - default_release: buster-packports state: latest when: ansible_distribution == "Debian" diff --git a/roles/base/tasks/users/all.yml b/roles/base/tasks/users/all.yml index e6b5694..a84b750 100644 --- a/roles/base/tasks/users/all.yml +++ b/roles/base/tasks/users/all.yml @@ -73,7 +73,7 @@ state: link force: True src: "{{ getent_passwd[user][4] }}/dotfiles/{{ item.src }}" - path: "{{ getent_passwd[user][4] }}/{{ item.dest }}/.ssh/" + path: "{{ getent_passwd[user][4] }}/{{ item.dest }}" follow: False with_items: - { src: 'vim/vimrc', dest: '.vimrc' } diff --git a/roles/mastodon/tasks/system_setup/letsencrypt.yml b/roles/mastodon/tasks/system_setup/letsencrypt.yml index 2c495b3..c98536f 100644 --- a/roles/mastodon/tasks/system_setup/letsencrypt.yml +++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml @@ -19,7 +19,7 @@ - migration is not defined or migration == False - name: Install letsencrypt cert - command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx + command: certbot certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx when: - not letsencrypt_cert.stat.exists - migration == False or migration is not defined @@ -29,5 +29,5 @@ name: "letsencrypt renew" minute: "15" hour: "0" - job: "letsencrypt renew && service nginx reload" + job: "certbot renew && service nginx reload" diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml index 3c3a89f..18c3e3d 100644 --- a/roles/nameserver/tasks/configure_bind_snmpd.yml +++ b/roles/nameserver/tasks/configure_bind_snmpd.yml @@ -21,18 +21,18 @@ - name: nameserver | snmpd | create statistics file file: - path: /etc/bind/named.stats + path: /var/cache/bind/stats state: touch owner: "bind" group: "bind" - name: nameserver | snmpd | configure named for statistics lineinfile: - path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). + path: "{{ named_conf_options }}" state: present line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;' insertafter: "options {" - validate: /usr/sbin/named-checkconf %s + validate: "/usr/sbin/named-checkconf %s" notify: restart_named - name: nameserver | snmpd | configure extend diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml index aa5ab6a..be1afd6 100644 --- a/roles/nameserver/tasks/install_unbound.yml +++ b/roles/nameserver/tasks/install_unbound.yml @@ -10,5 +10,10 @@ mode: "0644" owner: "root" group: "root" - verify: "unbound-checkconf /etc/unbound/unbound.conf.d/network.conf" - notify: restart_unbound \ No newline at end of file + validate: "unbound-checkconf %s" + +- name: nameserver | unbound | enable service + service: + name: "unbound" + state: started + enabled: True \ No newline at end of file diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index eebc12d..3cbaea1 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -3,23 +3,19 @@ tags: always - block: - - block: - - include_tasks: install_bind.yml - - include_tasks: configure_bind_snmpd.yml - rescue: - - set_fact: task_failed=true - when: bind == true - - block: - include_tasks: install_unbound.yml - include_tasks: configure_unbound_snmpd.yml - rescue: - - set_fact: task_failed=true when: unbound == true - name: nameserver | unbound | disable systemd-resolved include_tasks: disable-systemd-resolved.yml when: bind == true or unbound == true + - block: + - include_tasks: install_bind.yml + - include_tasks: configure_bind_snmpd.yml + when: bind == true + rescue: - set_fact: task_failed=true \ No newline at end of file diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml index feb909d..5f20c30 100644 --- a/roles/webserver/tasks/main.yml +++ b/roles/webserver/tasks/main.yml @@ -10,7 +10,7 @@ when: apache == true - import_tasks: install_nginx.yml when: nginx == true - - name: webserver | acme | install acme + - name: webserver | certbot | install certbot package: - name: acme + name: certbot state: latest \ No newline at end of file