Merge branch 'master' of ssh://gitlab.social.my-wan.de:22422/rene/ansible-pull

2022-04-22 15:03:43 +02:00
parent 1c0f68ef36 1d26422bcc
commit 475ef34a7b
10 changed files with 29 additions and 29 deletions
--- a/host_vars/mewitoot.de.yml
+++ b/host_vars/mewitoot.de.yml
@@ -27,3 +27,4 @@ wg_local_ip: 192.168.3.11/24

 # Application
 migration: true
+mastodon_host: "{{ hostname }}"
--- a/local.yml
+++ b/local.yml
@@ -44,6 +44,12 @@
  roles:
    - server

+- hosts: nameserver
+  tags: server,nameserver
+  become: true
+  roles:
+    - nameserver
+
 - hosts: webserver
  tags: server,webserver
  become: true
@@ -80,12 +86,6 @@
  roles:
    - mastodon

- hosts: nameserver
-  tags: server,nameserver
-  become: true
-  roles:
-    - nameserver
-
 # - hosts: printspooler
 #   tags: server,printspooler
 #   become: true
--- a/roles/base/tasks/software/packages_zsh.yml
+++ b/roles/base/tasks/software/packages_zsh.yml
@@ -10,4 +10,4 @@
 #      - zsh-lovers
      - zsh-syntax-highlighting
 #      - zsh-theme-powerlevel10k
-      - zshdb
+#      - zshdb
--- a/roles/base/tasks/system_setup/clock.yml
+++ b/roles/base/tasks/system_setup/clock.yml
@@ -5,12 +5,10 @@
    state: latest
  when: ansible_distribution in ["Pop!_OS", "Ubuntu"]

-# Currently systemd-timesyncd for debian is available only in buster-backports
 - name: system setup | clock | install systemd-timesyncd (debian)
  tags: ntp, system setup
  apt:
    name: systemd-timesyncd
-    default_release: buster-packports
    state: latest
  when: ansible_distribution == "Debian"

--- a/roles/base/tasks/users/all.yml
+++ b/roles/base/tasks/users/all.yml
@@ -73,7 +73,7 @@
    state: link
    force: True
    src: "{{ getent_passwd[user][4] }}/dotfiles/{{ item.src }}"
-    path: "{{ getent_passwd[user][4] }}/{{ item.dest }}/.ssh/"
+    path: "{{ getent_passwd[user][4] }}/{{ item.dest }}"
    follow: False
  with_items:
    - { src: 'vim/vimrc', dest: '.vimrc' }
--- a/roles/mastodon/tasks/system_setup/letsencrypt.yml
+++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml
@@ -19,7 +19,7 @@
    - migration is not defined or migration == False

 - name: Install letsencrypt cert
-  command: letsencrypt certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx
+  command: certbot certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx
  when: 
    - not letsencrypt_cert.stat.exists
    - migration == False or migration is not defined
@@ -29,5 +29,5 @@
    name: "letsencrypt renew"
    minute: "15"
    hour: "0"
-    job: "letsencrypt renew && service nginx reload"
+    job: "certbot renew && service nginx reload"

--- a/roles/nameserver/tasks/configure_bind_snmpd.yml
+++ b/roles/nameserver/tasks/configure_bind_snmpd.yml
@@ -21,18 +21,18 @@

 - name: nameserver | snmpd | create statistics file
  file:
-    path: /etc/bind/named.stats
+    path: /var/cache/bind/stats
    state: touch
    owner: "bind"
    group: "bind"

 - name: nameserver | snmpd | configure named for statistics
  lineinfile:
-    path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
+    path: "{{ named_conf_options }}"
    state: present
    line: '\tstatistics-file "/var/cache/bind/stats";\n\tzone-statistics yes;'
    insertafter: "options {"
-    validate: /usr/sbin/named-checkconf %s
+    validate: "/usr/sbin/named-checkconf %s"
  notify: restart_named

 - name: nameserver | snmpd | configure extend
--- a/roles/nameserver/tasks/install_unbound.yml
+++ b/roles/nameserver/tasks/install_unbound.yml
@@ -10,5 +10,10 @@
    mode: "0644"
    owner: "root"
    group: "root"
-    verify: "unbound-checkconf /etc/unbound/unbound.conf.d/network.conf"
-  notify: restart_unbound
+    validate: "unbound-checkconf %s"
+
+- name: nameserver | unbound | enable service
+  service:
+    name: "unbound"
+    state: started
+    enabled: True
--- a/roles/nameserver/tasks/main.yml
+++ b/roles/nameserver/tasks/main.yml
@@ -3,23 +3,19 @@
  tags: always

 - block:
-  - block:
-    - include_tasks: install_bind.yml
-    - include_tasks: configure_bind_snmpd.yml
-    rescue:
-      - set_fact: task_failed=true
-    when: bind == true
-
  - block:
    - include_tasks: install_unbound.yml
    - include_tasks: configure_unbound_snmpd.yml
-    rescue:
-      - set_fact: task_failed=true
    when: unbound == true

  - name: nameserver | unbound | disable systemd-resolved
    include_tasks: disable-systemd-resolved.yml
    when: bind == true or unbound == true

+  - block:
+    - include_tasks: install_bind.yml
+    - include_tasks: configure_bind_snmpd.yml
+    when: bind == true
+
  rescue:
    - set_fact: task_failed=true
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@@ -10,7 +10,7 @@
    when: apache == true
  - import_tasks: install_nginx.yml
    when: nginx == true
-  - name: webserver | acme | install acme
+  - name: webserver | certbot | install certbot
    package:
-      name: acme
+      name: certbot
      state: latest