From 1a38bc39ca92299c73ce5529c1732c587c4e5ca4 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 22:09:30 +0200
Subject: [PATCH 01/14] reordered roles

---
 local.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/local.yml b/local.yml
index 5f5fdc1..84b2b7d 100644
--- a/local.yml
+++ b/local.yml
@@ -44,6 +44,12 @@
   roles:
     - server
 
+- hosts: nameserver
+  tags: server,nameserver
+  become: true
+  roles:
+    - nameserver
+
 - hosts: webserver
   tags: server,webserver
   become: true
@@ -80,12 +86,6 @@
   roles:
     - mastodon
 
-- hosts: nameserver
-  tags: server,nameserver
-  become: true
-  roles:
-    - nameserver
-
 # - hosts: printspooler
 #   tags: server,printspooler
 #   become: true

From df65769d4819a68df08875c7b501e136d15ce3a4 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 22:22:43 +0200
Subject: [PATCH 02/14] remoted rescue

---
 roles/nameserver/tasks/main.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml
index eebc12d..2360fdc 100644
--- a/roles/nameserver/tasks/main.yml
+++ b/roles/nameserver/tasks/main.yml
@@ -6,15 +6,11 @@
   - block:
     - include_tasks: install_bind.yml
     - include_tasks: configure_bind_snmpd.yml
-    rescue:
-      - set_fact: task_failed=true
     when: bind == true
 
   - block:
     - include_tasks: install_unbound.yml
     - include_tasks: configure_unbound_snmpd.yml
-    rescue:
-      - set_fact: task_failed=true
     when: unbound == true
 
   - name: nameserver | unbound | disable systemd-resolved

From 33d8614d47501fbf6a2f7b33153f8485ac384dbf Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 22:34:06 +0200
Subject: [PATCH 03/14] removed a package

---
 roles/base/tasks/software/packages_zsh.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/base/tasks/software/packages_zsh.yml b/roles/base/tasks/software/packages_zsh.yml
index 94ad062..105820d 100644
--- a/roles/base/tasks/software/packages_zsh.yml
+++ b/roles/base/tasks/software/packages_zsh.yml
@@ -10,4 +10,4 @@
 #      - zsh-lovers
       - zsh-syntax-highlighting
 #      - zsh-theme-powerlevel10k
-      - zshdb
+#      - zshdb

From f85af1cec4a7013f7c9e16cda1790bb692f90108 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 22:50:19 +0200
Subject: [PATCH 04/14] changed path for stats file

---
 roles/nameserver/tasks/configure_bind_snmpd.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml
index 3c3a89f..c00c6b6 100644
--- a/roles/nameserver/tasks/configure_bind_snmpd.yml
+++ b/roles/nameserver/tasks/configure_bind_snmpd.yml
@@ -21,14 +21,14 @@
 
 - name: nameserver | snmpd | create statistics file
   file:
-    path: /etc/bind/named.stats
+    path: /var/cache/bind/stats
     state: touch
     owner: "bind"
     group: "bind"
 
 - name: nameserver | snmpd | configure named for statistics
   lineinfile:
-    path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
+    path: "{{ named_conf_options }}"
     state: present
     line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;'
     insertafter: "options {"

From a732c80f5230b4af8dac1f294dfdc9addbfc11fd Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 23:08:17 +0200
Subject: [PATCH 05/14] reordered roles

---
 roles/nameserver/tasks/main.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml
index 2360fdc..3cbaea1 100644
--- a/roles/nameserver/tasks/main.yml
+++ b/roles/nameserver/tasks/main.yml
@@ -3,11 +3,6 @@
   tags: always
 
 - block:
-  - block:
-    - include_tasks: install_bind.yml
-    - include_tasks: configure_bind_snmpd.yml
-    when: bind == true
-
   - block:
     - include_tasks: install_unbound.yml
     - include_tasks: configure_unbound_snmpd.yml
@@ -17,5 +12,10 @@
     include_tasks: disable-systemd-resolved.yml
     when: bind == true or unbound == true
 
+  - block:
+    - include_tasks: install_bind.yml
+    - include_tasks: configure_bind_snmpd.yml
+    when: bind == true
+
   rescue:
     - set_fact: task_failed=true
\ No newline at end of file

From 185955857cc338a2e235e11c5e8789598285f071 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 23:17:34 +0200
Subject: [PATCH 06/14] set mastodon_host

---
 host_vars/mewitoot.de.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/host_vars/mewitoot.de.yml b/host_vars/mewitoot.de.yml
index 06fbfa6..c687cc6 100644
--- a/host_vars/mewitoot.de.yml
+++ b/host_vars/mewitoot.de.yml
@@ -26,4 +26,5 @@ wireguard: true
 wg_local_ip: 192.168.3.11/24
 
 # Application
-migration: true
\ No newline at end of file
+migration: true
+mastodon_host: "{{ hostname }}"
\ No newline at end of file

From f3585baa77892eecdacf9c67d1f1cbb724a2c688 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 23:22:00 +0200
Subject: [PATCH 07/14] corrected verify command

---
 roles/nameserver/tasks/install_unbound.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml
index aa5ab6a..e70786c 100644
--- a/roles/nameserver/tasks/install_unbound.yml
+++ b/roles/nameserver/tasks/install_unbound.yml
@@ -10,5 +10,5 @@
     mode: "0644"
     owner: "root"
     group: "root"
-    verify: "unbound-checkconf /etc/unbound/unbound.conf.d/network.conf"
+    verify: "unbound-checkconf %s"
   notify: restart_unbound
\ No newline at end of file

From b991b1516d825fa1b728e37f5298270bc40794c2 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 23:32:08 +0200
Subject: [PATCH 08/14] removed wrong path

---
 roles/base/tasks/users/all.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/base/tasks/users/all.yml b/roles/base/tasks/users/all.yml
index e6b5694..a84b750 100644
--- a/roles/base/tasks/users/all.yml
+++ b/roles/base/tasks/users/all.yml
@@ -73,7 +73,7 @@
     state: link
     force: True
     src: "{{ getent_passwd[user][4] }}/dotfiles/{{ item.src }}"
-    path: "{{ getent_passwd[user][4] }}/{{ item.dest }}/.ssh/"
+    path: "{{ getent_passwd[user][4] }}/{{ item.dest }}"
     follow: False
   with_items:
     - { src: 'vim/vimrc', dest: '.vimrc' }

From 608c3c0a2f14a806d86f580143acd9e99a1356c5 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 23:37:20 +0200
Subject: [PATCH 09/14] use correct option

---
 roles/nameserver/tasks/install_unbound.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml
index e70786c..68f6e7e 100644
--- a/roles/nameserver/tasks/install_unbound.yml
+++ b/roles/nameserver/tasks/install_unbound.yml
@@ -10,5 +10,5 @@
     mode: "0644"
     owner: "root"
     group: "root"
-    verify: "unbound-checkconf %s"
+    validate: "unbound-checkconf %s"
   notify: restart_unbound
\ No newline at end of file

From e8db12958e4becc01c689714ce58c1a2f02c38f9 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 23:49:50 +0200
Subject: [PATCH 10/14] removed release restriction

---
 roles/base/tasks/system_setup/clock.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/roles/base/tasks/system_setup/clock.yml b/roles/base/tasks/system_setup/clock.yml
index a4b8a8e..0b780a3 100644
--- a/roles/base/tasks/system_setup/clock.yml
+++ b/roles/base/tasks/system_setup/clock.yml
@@ -5,12 +5,10 @@
     state: latest
   when: ansible_distribution in ["Pop!_OS", "Ubuntu"]
 
-# Currently systemd-timesyncd for debian is available only in buster-backports
 - name: system setup | clock | install systemd-timesyncd (debian)
   tags: ntp, system setup
   apt:
     name: systemd-timesyncd
-    default_release: buster-packports
     state: latest
   when: ansible_distribution == "Debian"
 

From 087e0a5b1e7c0ce21322c6684e3d3687886d4164 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 23:50:03 +0200
Subject: [PATCH 11/14] start unbound after installation

---
 roles/nameserver/tasks/install_unbound.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml
index 68f6e7e..be1afd6 100644
--- a/roles/nameserver/tasks/install_unbound.yml
+++ b/roles/nameserver/tasks/install_unbound.yml
@@ -11,4 +11,9 @@
     owner: "root"
     group: "root"
     validate: "unbound-checkconf %s"
-  notify: restart_unbound
\ No newline at end of file
+
+- name: nameserver | unbound | enable service
+  service:
+    name: "unbound"
+    state: started
+    enabled: True
\ No newline at end of file

From 8eecab369b3a107a888131f891b5c8e1d265dd84 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Thu, 21 Apr 2022 23:54:17 +0200
Subject: [PATCH 12/14] quoting

---
 roles/nameserver/tasks/configure_bind_snmpd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml
index c00c6b6..18c3e3d 100644
--- a/roles/nameserver/tasks/configure_bind_snmpd.yml
+++ b/roles/nameserver/tasks/configure_bind_snmpd.yml
@@ -32,7 +32,7 @@
     state: present
     line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;'
     insertafter: "options {"
-    validate: /usr/sbin/named-checkconf %s
+    validate: "/usr/sbin/named-checkconf %s"
   notify: restart_named
 
 - name: nameserver | snmpd | configure extend

From 78a019d28857515961266bb243fc516abafdc413 Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Fri, 22 Apr 2022 00:08:21 +0200
Subject: [PATCH 13/14] replaced acme by certbot

---
 roles/webserver/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml
index feb909d..5f20c30 100644
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@@ -10,7 +10,7 @@
     when: apache == true
   - import_tasks: install_nginx.yml
     when: nginx == true
-  - name: webserver | acme | install acme
+  - name: webserver | certbot | install certbot
     package:
-      name: acme
+      name: certbot
       state: latest
\ No newline at end of file

From 1d26422bcc6c57ae7cae25f7deadee30e2fe2aba Mon Sep 17 00:00:00 2001
From: Rene <rene@tantooine.myfirewall.org>
Date: Fri, 22 Apr 2022 00:10:41 +0200
Subject: [PATCH 14/14] switched to certbot

---
 roles/mastodon/tasks/system_setup/letsencrypt.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/mastodon/tasks/system_setup/letsencrypt.yml b/roles/mastodon/tasks/system_setup/letsencrypt.yml
index 2c495b3..c98536f 100644
--- a/roles/mastodon/tasks/system_setup/letsencrypt.yml
+++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml
@@ -19,7 +19,7 @@
     - migration is not defined or migration == False
 
 - name: Install letsencrypt cert
-  command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx
+  command: certbot certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx
   when: 
     - not letsencrypt_cert.stat.exists
     - migration == False or migration is not defined
@@ -29,5 +29,5 @@
     name: "letsencrypt renew"
     minute: "15"
     hour: "0"
-    job: "letsencrypt renew && service nginx reload"
+    job: "certbot renew && service nginx reload"