Merge branch 'master' of ssh://gitlab.social.my-wan.de:22422/rene/ansible-pull
This commit is contained in:
rene
@@ -26,4 +26,5 @@ wireguard: true
|
|||||||
wg_local_ip: 192.168.3.11/24
|
wg_local_ip: 192.168.3.11/24
|
||||||
|
|
||||||
# Application
|
# Application
|
||||||
migration: true
|
migration: true
|
||||||
|
mastodon_host: "{{ hostname }}"
|
||||||
12
local.yml
12
local.yml
@@ -44,6 +44,12 @@
|
|||||||
roles:
|
roles:
|
||||||
- server
|
- server
|
||||||
|
|
||||||
|
- hosts: nameserver
|
||||||
|
tags: server,nameserver
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- nameserver
|
||||||
|
|
||||||
- hosts: webserver
|
- hosts: webserver
|
||||||
tags: server,webserver
|
tags: server,webserver
|
||||||
become: true
|
become: true
|
||||||
@@ -80,12 +86,6 @@
|
|||||||
roles:
|
roles:
|
||||||
- mastodon
|
- mastodon
|
||||||
|
|
||||||
- hosts: nameserver
|
|
||||||
tags: server,nameserver
|
|
||||||
become: true
|
|
||||||
roles:
|
|
||||||
- nameserver
|
|
||||||
|
|
||||||
# - hosts: printspooler
|
# - hosts: printspooler
|
||||||
# tags: server,printspooler
|
# tags: server,printspooler
|
||||||
# become: true
|
# become: true
|
||||||
|
|||||||
@@ -10,4 +10,4 @@
|
|||||||
# - zsh-lovers
|
# - zsh-lovers
|
||||||
- zsh-syntax-highlighting
|
- zsh-syntax-highlighting
|
||||||
# - zsh-theme-powerlevel10k
|
# - zsh-theme-powerlevel10k
|
||||||
- zshdb
|
# - zshdb
|
||||||
|
|||||||
@@ -5,12 +5,10 @@
|
|||||||
state: latest
|
state: latest
|
||||||
when: ansible_distribution in ["Pop!_OS", "Ubuntu"]
|
when: ansible_distribution in ["Pop!_OS", "Ubuntu"]
|
||||||
|
|
||||||
# Currently systemd-timesyncd for debian is available only in buster-backports
|
|
||||||
- name: system setup | clock | install systemd-timesyncd (debian)
|
- name: system setup | clock | install systemd-timesyncd (debian)
|
||||||
tags: ntp, system setup
|
tags: ntp, system setup
|
||||||
apt:
|
apt:
|
||||||
name: systemd-timesyncd
|
name: systemd-timesyncd
|
||||||
default_release: buster-packports
|
|
||||||
state: latest
|
state: latest
|
||||||
when: ansible_distribution == "Debian"
|
when: ansible_distribution == "Debian"
|
||||||
|
|
||||||
|
|||||||
@@ -73,7 +73,7 @@
|
|||||||
state: link
|
state: link
|
||||||
force: True
|
force: True
|
||||||
src: "{{ getent_passwd[user][4] }}/dotfiles/{{ item.src }}"
|
src: "{{ getent_passwd[user][4] }}/dotfiles/{{ item.src }}"
|
||||||
path: "{{ getent_passwd[user][4] }}/{{ item.dest }}/.ssh/"
|
path: "{{ getent_passwd[user][4] }}/{{ item.dest }}"
|
||||||
follow: False
|
follow: False
|
||||||
with_items:
|
with_items:
|
||||||
- { src: 'vim/vimrc', dest: '.vimrc' }
|
- { src: 'vim/vimrc', dest: '.vimrc' }
|
||||||
|
|||||||
@@ -19,7 +19,7 @@
|
|||||||
- migration is not defined or migration == False
|
- migration is not defined or migration == False
|
||||||
|
|
||||||
- name: Install letsencrypt cert
|
- name: Install letsencrypt cert
|
||||||
command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx
|
command: certbot certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx
|
||||||
when:
|
when:
|
||||||
- not letsencrypt_cert.stat.exists
|
- not letsencrypt_cert.stat.exists
|
||||||
- migration == False or migration is not defined
|
- migration == False or migration is not defined
|
||||||
@@ -29,5 +29,5 @@
|
|||||||
name: "letsencrypt renew"
|
name: "letsencrypt renew"
|
||||||
minute: "15"
|
minute: "15"
|
||||||
hour: "0"
|
hour: "0"
|
||||||
job: "letsencrypt renew && service nginx reload"
|
job: "certbot renew && service nginx reload"
|
||||||
|
|
||||||
|
|||||||
@@ -21,18 +21,18 @@
|
|||||||
|
|
||||||
- name: nameserver | snmpd | create statistics file
|
- name: nameserver | snmpd | create statistics file
|
||||||
file:
|
file:
|
||||||
path: /etc/bind/named.stats
|
path: /var/cache/bind/stats
|
||||||
state: touch
|
state: touch
|
||||||
owner: "bind"
|
owner: "bind"
|
||||||
group: "bind"
|
group: "bind"
|
||||||
|
|
||||||
- name: nameserver | snmpd | configure named for statistics
|
- name: nameserver | snmpd | configure named for statistics
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
|
path: "{{ named_conf_options }}"
|
||||||
state: present
|
state: present
|
||||||
line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;'
|
line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;'
|
||||||
insertafter: "options {"
|
insertafter: "options {"
|
||||||
validate: /usr/sbin/named-checkconf %s
|
validate: "/usr/sbin/named-checkconf %s"
|
||||||
notify: restart_named
|
notify: restart_named
|
||||||
|
|
||||||
- name: nameserver | snmpd | configure extend
|
- name: nameserver | snmpd | configure extend
|
||||||
|
|||||||
@@ -10,5 +10,10 @@
|
|||||||
mode: "0644"
|
mode: "0644"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
verify: "unbound-checkconf /etc/unbound/unbound.conf.d/network.conf"
|
validate: "unbound-checkconf %s"
|
||||||
notify: restart_unbound
|
|
||||||
|
- name: nameserver | unbound | enable service
|
||||||
|
service:
|
||||||
|
name: "unbound"
|
||||||
|
state: started
|
||||||
|
enabled: True
|
||||||
@@ -3,23 +3,19 @@
|
|||||||
tags: always
|
tags: always
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- block:
|
|
||||||
- include_tasks: install_bind.yml
|
|
||||||
- include_tasks: configure_bind_snmpd.yml
|
|
||||||
rescue:
|
|
||||||
- set_fact: task_failed=true
|
|
||||||
when: bind == true
|
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- include_tasks: install_unbound.yml
|
- include_tasks: install_unbound.yml
|
||||||
- include_tasks: configure_unbound_snmpd.yml
|
- include_tasks: configure_unbound_snmpd.yml
|
||||||
rescue:
|
|
||||||
- set_fact: task_failed=true
|
|
||||||
when: unbound == true
|
when: unbound == true
|
||||||
|
|
||||||
- name: nameserver | unbound | disable systemd-resolved
|
- name: nameserver | unbound | disable systemd-resolved
|
||||||
include_tasks: disable-systemd-resolved.yml
|
include_tasks: disable-systemd-resolved.yml
|
||||||
when: bind == true or unbound == true
|
when: bind == true or unbound == true
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- include_tasks: install_bind.yml
|
||||||
|
- include_tasks: configure_bind_snmpd.yml
|
||||||
|
when: bind == true
|
||||||
|
|
||||||
rescue:
|
rescue:
|
||||||
- set_fact: task_failed=true
|
- set_fact: task_failed=true
|
||||||
@@ -10,7 +10,7 @@
|
|||||||
when: apache == true
|
when: apache == true
|
||||||
- import_tasks: install_nginx.yml
|
- import_tasks: install_nginx.yml
|
||||||
when: nginx == true
|
when: nginx == true
|
||||||
- name: webserver | acme | install acme
|
- name: webserver | certbot | install certbot
|
||||||
package:
|
package:
|
||||||
name: acme
|
name: certbot
|
||||||
state: latest
|
state: latest
|
||||||
Reference in New Issue
Block a user