From e211fcb102c1a65f8679d63366c04f5b93429777 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 13 Sep 2022 16:23:05 +0200 Subject: [PATCH 01/42] new ip for gitlab host --- roles/base/tasks/system_setup/hosts.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/base/tasks/system_setup/hosts.yml b/roles/base/tasks/system_setup/hosts.yml index 0b808f6..7bbf1ac 100644 --- a/roles/base/tasks/system_setup/hosts.yml +++ b/roles/base/tasks/system_setup/hosts.yml @@ -6,7 +6,8 @@ owner: 'root' group: 'root' loop: - - { ip: '192.168.1.240', fqdn: 'gitlab.social.my-wan.de coruscant.universe.local'} + - { ip: '192.168.1.240', fqdn: 'coruscant.universe.local'} + - { ip: '192.168.1.238', fqdn: 'gitlab.social.my-wan.de'} when: - set_hosts is defined - set_hosts == true \ No newline at end of file From 1b5cb144bd06c5c698770bbf1c0c68928e806827 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 13 Sep 2022 16:31:23 +0200 Subject: [PATCH 02/42] typo --- roles/base/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 51d37c9..9f88602 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -11,7 +11,7 @@ - include_tasks: system_setup/hosts.yml - import_tasks: system_setup/clock.yml - import_tasks: system_setup/locale.yml - - include_tasks: system-setup/wireguard.yml + - include_tasks: system_setup/wireguard.yml when: - wireguard is defined - wireguard == true From e948b683ba7bfca62aa6ffd22db0400ffbdb32a7 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 21 Sep 2022 11:00:09 +0200 Subject: [PATCH 03/42] do not execute script if binary is already there --- roles/docker/tasks/install_docker.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/docker/tasks/install_docker.yml b/roles/docker/tasks/install_docker.yml index c60f20b..ce2a809 100644 --- a/roles/docker/tasks/install_docker.yml +++ b/roles/docker/tasks/install_docker.yml @@ -8,6 +8,7 @@ - name: docker | install docker | execute convenience script shell: cmd: "/tmp/get-docker.sh" + creates: /usr/bin/docker - name: docker | install docker | cleanup file: From 706d1c8d43176eaccc76918ab98854ed339a2fa4 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 21 Sep 2022 12:37:40 +0200 Subject: [PATCH 04/42] add php to webservers --- roles/webserver/tasks/install_php.yml | 6 ++++++ roles/webserver/tasks/main.yml | 1 + 2 files changed, 7 insertions(+) create mode 100644 roles/webserver/tasks/install_php.yml diff --git a/roles/webserver/tasks/install_php.yml b/roles/webserver/tasks/install_php.yml new file mode 100644 index 0000000..d7fe13c --- /dev/null +++ b/roles/webserver/tasks/install_php.yml @@ -0,0 +1,6 @@ +- name: webserver | apache | installing php + package: + name: + - php + - php-mysqli + state: latest diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml index 73c33a5..239d87e 100644 --- a/roles/webserver/tasks/main.yml +++ b/roles/webserver/tasks/main.yml @@ -14,6 +14,7 @@ when: - nginx is defined - nginx == true + - import_tasks: install_php.yml - name: webserver | certbot | install certbot package: name: certbot From cae1b9829e9e3fe335af263e0f63ff31c2f95c7d Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 23 Sep 2022 17:53:13 +0200 Subject: [PATCH 05/42] prepare roles for icinga --- hosts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hosts b/hosts index 19fc1f2..46efb38 100644 --- a/hosts +++ b/hosts @@ -17,6 +17,7 @@ database dhcpserver docker fileserver +icinga jitsimeet mailserver mastodon @@ -49,6 +50,15 @@ glustertest01 glustertest02 glustertest03 +[icinga-master] +icinga + +[icinga-satellite] + +[icinga:children] +icinga-master +icinga-satellite + [jitsimeet] mewimeet.de jitsi_fqdn=mewimeet.de From df6e24acbd149f9023a66cf6d0a5e353a56812f7 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 14:01:17 +0200 Subject: [PATCH 06/42] new systems --- hosts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts b/hosts index 46efb38..2db8e4a 100644 --- a/hosts +++ b/hosts @@ -28,6 +28,9 @@ webserver [database] coruscant.universe.local +mariadb01 +mariadb02 +mariadb03 [development] endor.universe.local From d06ca8be950eeda6086ab41c2fa9138af8b09d1f Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 20:14:10 +0200 Subject: [PATCH 07/42] added domain --- hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts b/hosts index 2db8e4a..7e226f2 100644 --- a/hosts +++ b/hosts @@ -28,7 +28,7 @@ webserver [database] coruscant.universe.local -mariadb01 +mariadb01.universe.local mariadb02 mariadb03 From 2ed9ad8da867c838c1f523bd6239a9dfe34e41d0 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 20:17:51 +0200 Subject: [PATCH 08/42] empty group not allowed? --- hosts | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/hosts b/hosts index 7e226f2..da53cd9 100644 --- a/hosts +++ b/hosts @@ -28,7 +28,7 @@ webserver [database] coruscant.universe.local -mariadb01.universe.local +mariadb01 mariadb02 mariadb03 @@ -56,11 +56,8 @@ glustertest03 [icinga-master] icinga -[icinga-satellite] - [icinga:children] icinga-master -icinga-satellite [jitsimeet] mewimeet.de jitsi_fqdn=mewimeet.de From e3d323c3c2b77a5963a4e6f624bfc346656a5a83 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 20:22:35 +0200 Subject: [PATCH 09/42] group and host named should not be the same --- hosts | 38 +++++++++++++++++++------------------- local.yml | 20 ++++++++++---------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/hosts b/hosts index da53cd9..f5f1d4d 100644 --- a/hosts +++ b/hosts @@ -4,29 +4,29 @@ VM-debian11-template [cluster:children] glustertest -[server] +[servers] pve netbox Samba-AD-DC librenms grafana -[server:children] +[servers:children] cluster -database -dhcpserver +databases +dhcpservers docker -fileserver +fileservers icinga jitsimeet -mailserver +mailservers mastodon -nameserver -printspooler -proxyserver -webserver +nameservers +printspoolers +proxyservers +webservers -[database] +[databases] coruscant.universe.local mariadb01 mariadb02 @@ -37,7 +37,7 @@ endor.universe.local endorvm.universe.local tuxedo-book-xp1511.universe.local -[dhcpserver] +[dhcpservers] coruscant.universe.local dhcp-kea @@ -45,7 +45,7 @@ dhcp-kea docker01 docker02 -[fileserver] +[fileservers] coruscant.universe.local [glustertest] @@ -62,7 +62,7 @@ icinga-master [jitsimeet] mewimeet.de jitsi_fqdn=mewimeet.de -[mailserver] +[mailservers] coruscant.universe.local mail.mewissen.site @@ -73,7 +73,7 @@ ubuntu-test [mobile] tuxedo-book-xp1511.universe.local -[nameserver] +[nameservers] coruscant.universe.local mewimeet.de mewitoot.de @@ -86,10 +86,10 @@ endor.universe.local endorvm.universe.local tuxedo-book-xp1511.universe.local -[printspooler] +[printspoolers] coruscant.universe.local -[proxyserver] +[proxyservers] coruscant.universe.local [video_editing] @@ -97,12 +97,12 @@ endor.universe.local endorvm.universe.local tuxedo-book-xp1511.universe.local -[webserver] +[webservers] coruscant.universe.local nextcloud webserver -[workstation:children] +[workstations:children] development mobile photo_editing diff --git a/local.yml b/local.yml index 83ab497..9aea609 100644 --- a/local.yml +++ b/local.yml @@ -42,37 +42,37 @@ tags: server become: true roles: - - server + - servers - hosts: nameserver tags: server,nameserver become: true roles: - - nameserver + - nameservers - hosts: webserver tags: server,webserver become: true roles: - - webserver + - webservers # - hosts: mailserver # tags: server,mailserver # become: true # roles: -# - mailserver +# - mailservers -# - hosts: database -# tags: server,database -# become: true -# roles: -# - database +- hosts: database + tags: server,database + become: true + roles: + - databases # - hosts: dhcpserver # tags: server,dhcpserver # become: true # roles: -# - dhcpserver +# - dhcpservers - hosts: docker tags: server,docker From 3d5d54378c3c6e57b62c5c4e0fbe4f3b7dc5975e Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 20:26:16 +0200 Subject: [PATCH 10/42] mariadb --- host_vars/mariadb01 | 22 ++++++++++++++++++++++ host_vars/mariadb02 | 1 + host_vars/mariadb03 | 1 + 3 files changed, 24 insertions(+) create mode 100644 host_vars/mariadb01 create mode 120000 host_vars/mariadb02 create mode 120000 host_vars/mariadb03 diff --git a/host_vars/mariadb01 b/host_vars/mariadb01 new file mode 100644 index 0000000..b396f0a --- /dev/null +++ b/host_vars/mariadb01 @@ -0,0 +1,22 @@ +--- +branch: master + +ansible_cron_minute: "*/5" + +ssh_port: 22 +ssh_users: "root rene" + +# platform-specific +microcode_amd_install: false +microcode_intel_install: true + +# purpose selection +database: true +mysql: true +postgresql: false + +# application selection +vifm: true + +# shell selection +zsh: true diff --git a/host_vars/mariadb02 b/host_vars/mariadb02 new file mode 120000 index 0000000..de15b25 --- /dev/null +++ b/host_vars/mariadb02 @@ -0,0 +1 @@ +mariadb01 \ No newline at end of file diff --git a/host_vars/mariadb03 b/host_vars/mariadb03 new file mode 120000 index 0000000..de15b25 --- /dev/null +++ b/host_vars/mariadb03 @@ -0,0 +1 @@ +mariadb01 \ No newline at end of file From 87272c7865a2886953d20ca4568942bac20fb865 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 20:28:29 +0200 Subject: [PATCH 11/42] haproxy --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index f5f1d4d..a374b5c 100644 --- a/hosts +++ b/hosts @@ -10,6 +10,7 @@ netbox Samba-AD-DC librenms grafana +haproxy [servers:children] cluster From 3dfb5355fd27bbfbc82df54d1da0fb5e876c2985 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 20:32:05 +0200 Subject: [PATCH 12/42] illegal characters in groupname --- hosts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hosts b/hosts index a374b5c..320b3bc 100644 --- a/hosts +++ b/hosts @@ -54,11 +54,14 @@ glustertest01 glustertest02 glustertest03 -[icinga-master] +[icingamaster] icinga +[icingasatellite] + [icinga:children] -icinga-master +icingamaster +icingasatellite [jitsimeet] mewimeet.de jitsi_fqdn=mewimeet.de From c6ec5ee669efe1640ffbb60a17e42f86b7131b7d Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 20:33:37 +0200 Subject: [PATCH 13/42] renamed roles --- roles/{database => databases}/tasks/configure_snmpd.yml | 0 roles/{database => databases}/tasks/install_check_postgres.yml | 0 roles/{database => databases}/tasks/install_mysql.yml | 0 roles/{database => databases}/tasks/install_postgres.yml | 0 roles/{database => databases}/tasks/install_redis.yml | 0 roles/{database => databases}/tasks/main.yml | 0 roles/{database => databases}/vars/debian.yml | 0 roles/{database => databases}/vars/ubuntu.yml | 0 roles/{nameserver => nameservers}/files/snmpd_bind.conf | 0 roles/{nameserver => nameservers}/handlers/main.yml | 0 roles/{nameserver => nameservers}/tasks/configure_bind_snmpd.yml | 0 .../{nameserver => nameservers}/tasks/configure_unbound_snmpd.yml | 0 .../tasks/disable-systemd-resolved.yml | 0 roles/{nameserver => nameservers}/tasks/install_bind.yml | 0 roles/{nameserver => nameservers}/tasks/install_unbound.yml | 0 roles/{nameserver => nameservers}/tasks/main.yml | 0 .../{nameserver => nameservers}/templates/unbound_network.conf.j2 | 0 roles/{nameserver => nameservers}/vars/Archlinux.yml | 0 roles/{nameserver => nameservers}/vars/Debian.yml | 0 roles/{nameserver => nameservers}/vars/Ubuntu.yml | 0 roles/{proxyserver => proxyservers}/tasks/main.yaml | 0 roles/{proxyserver => proxyservers}/tasks/squid.yml | 0 roles/{proxyserver => proxyservers}/tasks/tinyproxy.yaml | 0 roles/{server => servers}/files/distro | 0 roles/{server => servers}/files/sudoers | 0 roles/{server => servers}/handlers/main.yml | 0 roles/{server => servers}/tasks/main.yml | 0 roles/{server => servers}/tasks/system_setup/cron.yml | 0 roles/{server => servers}/tasks/system_setup/mail.yml | 0 roles/{server => servers}/tasks/system_setup/swap.yml | 0 roles/{server => servers}/tasks/system_setup/sysctl.yml | 0 roles/{server => servers}/tasks/utilities/glusterfs.yml | 0 roles/{server => servers}/tasks/utilities/mta.yml | 0 roles/{server => servers}/tasks/utilities/netdata.yml | 0 roles/{server => servers}/tasks/utilities/snmpd.yml | 0 roles/{server => servers}/templates/client_VPN.conf.j2 | 0 roles/{server => servers}/templates/main.yml | 0 roles/{server => servers}/vars/Archlinux.yml | 0 roles/{server => servers}/vars/Debian.yml | 0 roles/{server => servers}/vars/Ubuntu.yml | 0 roles/{server => servers}/vars/main.yml | 0 roles/{server => servers}/vars/mewimeet.com.yml | 0 roles/{server => servers}/vars/mewimeet.de.yml | 0 roles/{server => servers}/vars/snmp_users.yml | 0 roles/{webserver => webservers}/files/nginx_localhost | 0 roles/{webserver => webservers}/handlers/main.yml | 0 roles/{webserver => webservers}/tasks/apps/apps.yml | 0 .../{webserver => webservers}/tasks/apps/nextcloud/nextcloud.yml | 0 roles/{webserver => webservers}/tasks/apps/nextcloud/prereq.yml | 0 roles/{webserver => webservers}/tasks/configure_nginx_snmpd.yml | 0 roles/{webserver => webservers}/tasks/install_apache.yml | 0 roles/{webserver => webservers}/tasks/install_nginx.yml | 0 roles/{webserver => webservers}/tasks/install_php.yml | 0 roles/{webserver => webservers}/tasks/main.yml | 0 roles/{webserver => webservers}/templates/nextcloud/config.php.j2 | 0 roles/{webserver => webservers}/vars/Debian.yml | 0 roles/{webserver => webservers}/vars/Ubuntu.yml | 0 roles/{webserver => webservers}/vars/nextcloud.yml | 0 58 files changed, 0 insertions(+), 0 deletions(-) rename roles/{database => databases}/tasks/configure_snmpd.yml (100%) rename roles/{database => databases}/tasks/install_check_postgres.yml (100%) rename roles/{database => databases}/tasks/install_mysql.yml (100%) rename roles/{database => databases}/tasks/install_postgres.yml (100%) rename roles/{database => databases}/tasks/install_redis.yml (100%) rename roles/{database => databases}/tasks/main.yml (100%) rename roles/{database => databases}/vars/debian.yml (100%) rename roles/{database => databases}/vars/ubuntu.yml (100%) rename roles/{nameserver => nameservers}/files/snmpd_bind.conf (100%) rename roles/{nameserver => nameservers}/handlers/main.yml (100%) rename roles/{nameserver => nameservers}/tasks/configure_bind_snmpd.yml (100%) rename roles/{nameserver => nameservers}/tasks/configure_unbound_snmpd.yml (100%) rename roles/{nameserver => nameservers}/tasks/disable-systemd-resolved.yml (100%) rename roles/{nameserver => nameservers}/tasks/install_bind.yml (100%) rename roles/{nameserver => nameservers}/tasks/install_unbound.yml (100%) rename roles/{nameserver => nameservers}/tasks/main.yml (100%) rename roles/{nameserver => nameservers}/templates/unbound_network.conf.j2 (100%) rename roles/{nameserver => nameservers}/vars/Archlinux.yml (100%) rename roles/{nameserver => nameservers}/vars/Debian.yml (100%) rename roles/{nameserver => nameservers}/vars/Ubuntu.yml (100%) rename roles/{proxyserver => proxyservers}/tasks/main.yaml (100%) rename roles/{proxyserver => proxyservers}/tasks/squid.yml (100%) rename roles/{proxyserver => proxyservers}/tasks/tinyproxy.yaml (100%) rename roles/{server => servers}/files/distro (100%) rename roles/{server => servers}/files/sudoers (100%) rename roles/{server => servers}/handlers/main.yml (100%) rename roles/{server => servers}/tasks/main.yml (100%) rename roles/{server => servers}/tasks/system_setup/cron.yml (100%) rename roles/{server => servers}/tasks/system_setup/mail.yml (100%) rename roles/{server => servers}/tasks/system_setup/swap.yml (100%) rename roles/{server => servers}/tasks/system_setup/sysctl.yml (100%) rename roles/{server => servers}/tasks/utilities/glusterfs.yml (100%) rename roles/{server => servers}/tasks/utilities/mta.yml (100%) rename roles/{server => servers}/tasks/utilities/netdata.yml (100%) rename roles/{server => servers}/tasks/utilities/snmpd.yml (100%) rename roles/{server => servers}/templates/client_VPN.conf.j2 (100%) rename roles/{server => servers}/templates/main.yml (100%) rename roles/{server => servers}/vars/Archlinux.yml (100%) rename roles/{server => servers}/vars/Debian.yml (100%) rename roles/{server => servers}/vars/Ubuntu.yml (100%) rename roles/{server => servers}/vars/main.yml (100%) rename roles/{server => servers}/vars/mewimeet.com.yml (100%) rename roles/{server => servers}/vars/mewimeet.de.yml (100%) rename roles/{server => servers}/vars/snmp_users.yml (100%) rename roles/{webserver => webservers}/files/nginx_localhost (100%) rename roles/{webserver => webservers}/handlers/main.yml (100%) rename roles/{webserver => webservers}/tasks/apps/apps.yml (100%) rename roles/{webserver => webservers}/tasks/apps/nextcloud/nextcloud.yml (100%) rename roles/{webserver => webservers}/tasks/apps/nextcloud/prereq.yml (100%) rename roles/{webserver => webservers}/tasks/configure_nginx_snmpd.yml (100%) rename roles/{webserver => webservers}/tasks/install_apache.yml (100%) rename roles/{webserver => webservers}/tasks/install_nginx.yml (100%) rename roles/{webserver => webservers}/tasks/install_php.yml (100%) rename roles/{webserver => webservers}/tasks/main.yml (100%) rename roles/{webserver => webservers}/templates/nextcloud/config.php.j2 (100%) rename roles/{webserver => webservers}/vars/Debian.yml (100%) rename roles/{webserver => webservers}/vars/Ubuntu.yml (100%) rename roles/{webserver => webservers}/vars/nextcloud.yml (100%) diff --git a/roles/database/tasks/configure_snmpd.yml b/roles/databases/tasks/configure_snmpd.yml similarity index 100% rename from roles/database/tasks/configure_snmpd.yml rename to roles/databases/tasks/configure_snmpd.yml diff --git a/roles/database/tasks/install_check_postgres.yml b/roles/databases/tasks/install_check_postgres.yml similarity index 100% rename from roles/database/tasks/install_check_postgres.yml rename to roles/databases/tasks/install_check_postgres.yml diff --git a/roles/database/tasks/install_mysql.yml b/roles/databases/tasks/install_mysql.yml similarity index 100% rename from roles/database/tasks/install_mysql.yml rename to roles/databases/tasks/install_mysql.yml diff --git a/roles/database/tasks/install_postgres.yml b/roles/databases/tasks/install_postgres.yml similarity index 100% rename from roles/database/tasks/install_postgres.yml rename to roles/databases/tasks/install_postgres.yml diff --git a/roles/database/tasks/install_redis.yml b/roles/databases/tasks/install_redis.yml similarity index 100% rename from roles/database/tasks/install_redis.yml rename to roles/databases/tasks/install_redis.yml diff --git a/roles/database/tasks/main.yml b/roles/databases/tasks/main.yml similarity index 100% rename from roles/database/tasks/main.yml rename to roles/databases/tasks/main.yml diff --git a/roles/database/vars/debian.yml b/roles/databases/vars/debian.yml similarity index 100% rename from roles/database/vars/debian.yml rename to roles/databases/vars/debian.yml diff --git a/roles/database/vars/ubuntu.yml b/roles/databases/vars/ubuntu.yml similarity index 100% rename from roles/database/vars/ubuntu.yml rename to roles/databases/vars/ubuntu.yml diff --git a/roles/nameserver/files/snmpd_bind.conf b/roles/nameservers/files/snmpd_bind.conf similarity index 100% rename from roles/nameserver/files/snmpd_bind.conf rename to roles/nameservers/files/snmpd_bind.conf diff --git a/roles/nameserver/handlers/main.yml b/roles/nameservers/handlers/main.yml similarity index 100% rename from roles/nameserver/handlers/main.yml rename to roles/nameservers/handlers/main.yml diff --git a/roles/nameserver/tasks/configure_bind_snmpd.yml b/roles/nameservers/tasks/configure_bind_snmpd.yml similarity index 100% rename from roles/nameserver/tasks/configure_bind_snmpd.yml rename to roles/nameservers/tasks/configure_bind_snmpd.yml diff --git a/roles/nameserver/tasks/configure_unbound_snmpd.yml b/roles/nameservers/tasks/configure_unbound_snmpd.yml similarity index 100% rename from roles/nameserver/tasks/configure_unbound_snmpd.yml rename to roles/nameservers/tasks/configure_unbound_snmpd.yml diff --git a/roles/nameserver/tasks/disable-systemd-resolved.yml b/roles/nameservers/tasks/disable-systemd-resolved.yml similarity index 100% rename from roles/nameserver/tasks/disable-systemd-resolved.yml rename to roles/nameservers/tasks/disable-systemd-resolved.yml diff --git a/roles/nameserver/tasks/install_bind.yml b/roles/nameservers/tasks/install_bind.yml similarity index 100% rename from roles/nameserver/tasks/install_bind.yml rename to roles/nameservers/tasks/install_bind.yml diff --git a/roles/nameserver/tasks/install_unbound.yml b/roles/nameservers/tasks/install_unbound.yml similarity index 100% rename from roles/nameserver/tasks/install_unbound.yml rename to roles/nameservers/tasks/install_unbound.yml diff --git a/roles/nameserver/tasks/main.yml b/roles/nameservers/tasks/main.yml similarity index 100% rename from roles/nameserver/tasks/main.yml rename to roles/nameservers/tasks/main.yml diff --git a/roles/nameserver/templates/unbound_network.conf.j2 b/roles/nameservers/templates/unbound_network.conf.j2 similarity index 100% rename from roles/nameserver/templates/unbound_network.conf.j2 rename to roles/nameservers/templates/unbound_network.conf.j2 diff --git a/roles/nameserver/vars/Archlinux.yml b/roles/nameservers/vars/Archlinux.yml similarity index 100% rename from roles/nameserver/vars/Archlinux.yml rename to roles/nameservers/vars/Archlinux.yml diff --git a/roles/nameserver/vars/Debian.yml b/roles/nameservers/vars/Debian.yml similarity index 100% rename from roles/nameserver/vars/Debian.yml rename to roles/nameservers/vars/Debian.yml diff --git a/roles/nameserver/vars/Ubuntu.yml b/roles/nameservers/vars/Ubuntu.yml similarity index 100% rename from roles/nameserver/vars/Ubuntu.yml rename to roles/nameservers/vars/Ubuntu.yml diff --git a/roles/proxyserver/tasks/main.yaml b/roles/proxyservers/tasks/main.yaml similarity index 100% rename from roles/proxyserver/tasks/main.yaml rename to roles/proxyservers/tasks/main.yaml diff --git a/roles/proxyserver/tasks/squid.yml b/roles/proxyservers/tasks/squid.yml similarity index 100% rename from roles/proxyserver/tasks/squid.yml rename to roles/proxyservers/tasks/squid.yml diff --git a/roles/proxyserver/tasks/tinyproxy.yaml b/roles/proxyservers/tasks/tinyproxy.yaml similarity index 100% rename from roles/proxyserver/tasks/tinyproxy.yaml rename to roles/proxyservers/tasks/tinyproxy.yaml diff --git a/roles/server/files/distro b/roles/servers/files/distro similarity index 100% rename from roles/server/files/distro rename to roles/servers/files/distro diff --git a/roles/server/files/sudoers b/roles/servers/files/sudoers similarity index 100% rename from roles/server/files/sudoers rename to roles/servers/files/sudoers diff --git a/roles/server/handlers/main.yml b/roles/servers/handlers/main.yml similarity index 100% rename from roles/server/handlers/main.yml rename to roles/servers/handlers/main.yml diff --git a/roles/server/tasks/main.yml b/roles/servers/tasks/main.yml similarity index 100% rename from roles/server/tasks/main.yml rename to roles/servers/tasks/main.yml diff --git a/roles/server/tasks/system_setup/cron.yml b/roles/servers/tasks/system_setup/cron.yml similarity index 100% rename from roles/server/tasks/system_setup/cron.yml rename to roles/servers/tasks/system_setup/cron.yml diff --git a/roles/server/tasks/system_setup/mail.yml b/roles/servers/tasks/system_setup/mail.yml similarity index 100% rename from roles/server/tasks/system_setup/mail.yml rename to roles/servers/tasks/system_setup/mail.yml diff --git a/roles/server/tasks/system_setup/swap.yml b/roles/servers/tasks/system_setup/swap.yml similarity index 100% rename from roles/server/tasks/system_setup/swap.yml rename to roles/servers/tasks/system_setup/swap.yml diff --git a/roles/server/tasks/system_setup/sysctl.yml b/roles/servers/tasks/system_setup/sysctl.yml similarity index 100% rename from roles/server/tasks/system_setup/sysctl.yml rename to roles/servers/tasks/system_setup/sysctl.yml diff --git a/roles/server/tasks/utilities/glusterfs.yml b/roles/servers/tasks/utilities/glusterfs.yml similarity index 100% rename from roles/server/tasks/utilities/glusterfs.yml rename to roles/servers/tasks/utilities/glusterfs.yml diff --git a/roles/server/tasks/utilities/mta.yml b/roles/servers/tasks/utilities/mta.yml similarity index 100% rename from roles/server/tasks/utilities/mta.yml rename to roles/servers/tasks/utilities/mta.yml diff --git a/roles/server/tasks/utilities/netdata.yml b/roles/servers/tasks/utilities/netdata.yml similarity index 100% rename from roles/server/tasks/utilities/netdata.yml rename to roles/servers/tasks/utilities/netdata.yml diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/servers/tasks/utilities/snmpd.yml similarity index 100% rename from roles/server/tasks/utilities/snmpd.yml rename to roles/servers/tasks/utilities/snmpd.yml diff --git a/roles/server/templates/client_VPN.conf.j2 b/roles/servers/templates/client_VPN.conf.j2 similarity index 100% rename from roles/server/templates/client_VPN.conf.j2 rename to roles/servers/templates/client_VPN.conf.j2 diff --git a/roles/server/templates/main.yml b/roles/servers/templates/main.yml similarity index 100% rename from roles/server/templates/main.yml rename to roles/servers/templates/main.yml diff --git a/roles/server/vars/Archlinux.yml b/roles/servers/vars/Archlinux.yml similarity index 100% rename from roles/server/vars/Archlinux.yml rename to roles/servers/vars/Archlinux.yml diff --git a/roles/server/vars/Debian.yml b/roles/servers/vars/Debian.yml similarity index 100% rename from roles/server/vars/Debian.yml rename to roles/servers/vars/Debian.yml diff --git a/roles/server/vars/Ubuntu.yml b/roles/servers/vars/Ubuntu.yml similarity index 100% rename from roles/server/vars/Ubuntu.yml rename to roles/servers/vars/Ubuntu.yml diff --git a/roles/server/vars/main.yml b/roles/servers/vars/main.yml similarity index 100% rename from roles/server/vars/main.yml rename to roles/servers/vars/main.yml diff --git a/roles/server/vars/mewimeet.com.yml b/roles/servers/vars/mewimeet.com.yml similarity index 100% rename from roles/server/vars/mewimeet.com.yml rename to roles/servers/vars/mewimeet.com.yml diff --git a/roles/server/vars/mewimeet.de.yml b/roles/servers/vars/mewimeet.de.yml similarity index 100% rename from roles/server/vars/mewimeet.de.yml rename to roles/servers/vars/mewimeet.de.yml diff --git a/roles/server/vars/snmp_users.yml b/roles/servers/vars/snmp_users.yml similarity index 100% rename from roles/server/vars/snmp_users.yml rename to roles/servers/vars/snmp_users.yml diff --git a/roles/webserver/files/nginx_localhost b/roles/webservers/files/nginx_localhost similarity index 100% rename from roles/webserver/files/nginx_localhost rename to roles/webservers/files/nginx_localhost diff --git a/roles/webserver/handlers/main.yml b/roles/webservers/handlers/main.yml similarity index 100% rename from roles/webserver/handlers/main.yml rename to roles/webservers/handlers/main.yml diff --git a/roles/webserver/tasks/apps/apps.yml b/roles/webservers/tasks/apps/apps.yml similarity index 100% rename from roles/webserver/tasks/apps/apps.yml rename to roles/webservers/tasks/apps/apps.yml diff --git a/roles/webserver/tasks/apps/nextcloud/nextcloud.yml b/roles/webservers/tasks/apps/nextcloud/nextcloud.yml similarity index 100% rename from roles/webserver/tasks/apps/nextcloud/nextcloud.yml rename to roles/webservers/tasks/apps/nextcloud/nextcloud.yml diff --git a/roles/webserver/tasks/apps/nextcloud/prereq.yml b/roles/webservers/tasks/apps/nextcloud/prereq.yml similarity index 100% rename from roles/webserver/tasks/apps/nextcloud/prereq.yml rename to roles/webservers/tasks/apps/nextcloud/prereq.yml diff --git a/roles/webserver/tasks/configure_nginx_snmpd.yml b/roles/webservers/tasks/configure_nginx_snmpd.yml similarity index 100% rename from roles/webserver/tasks/configure_nginx_snmpd.yml rename to roles/webservers/tasks/configure_nginx_snmpd.yml diff --git a/roles/webserver/tasks/install_apache.yml b/roles/webservers/tasks/install_apache.yml similarity index 100% rename from roles/webserver/tasks/install_apache.yml rename to roles/webservers/tasks/install_apache.yml diff --git a/roles/webserver/tasks/install_nginx.yml b/roles/webservers/tasks/install_nginx.yml similarity index 100% rename from roles/webserver/tasks/install_nginx.yml rename to roles/webservers/tasks/install_nginx.yml diff --git a/roles/webserver/tasks/install_php.yml b/roles/webservers/tasks/install_php.yml similarity index 100% rename from roles/webserver/tasks/install_php.yml rename to roles/webservers/tasks/install_php.yml diff --git a/roles/webserver/tasks/main.yml b/roles/webservers/tasks/main.yml similarity index 100% rename from roles/webserver/tasks/main.yml rename to roles/webservers/tasks/main.yml diff --git a/roles/webserver/templates/nextcloud/config.php.j2 b/roles/webservers/templates/nextcloud/config.php.j2 similarity index 100% rename from roles/webserver/templates/nextcloud/config.php.j2 rename to roles/webservers/templates/nextcloud/config.php.j2 diff --git a/roles/webserver/vars/Debian.yml b/roles/webservers/vars/Debian.yml similarity index 100% rename from roles/webserver/vars/Debian.yml rename to roles/webservers/vars/Debian.yml diff --git a/roles/webserver/vars/Ubuntu.yml b/roles/webservers/vars/Ubuntu.yml similarity index 100% rename from roles/webserver/vars/Ubuntu.yml rename to roles/webservers/vars/Ubuntu.yml diff --git a/roles/webserver/vars/nextcloud.yml b/roles/webservers/vars/nextcloud.yml similarity index 100% rename from roles/webserver/vars/nextcloud.yml rename to roles/webservers/vars/nextcloud.yml From 0e20f83a67cfcc1864ece3311da3f4780ebf3b96 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 20:36:58 +0200 Subject: [PATCH 14/42] renamed roles --- local.yml | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/local.yml b/local.yml index 9aea609..adb494a 100644 --- a/local.yml +++ b/local.yml @@ -38,77 +38,77 @@ # roles: # - workstation -- hosts: server - tags: server +- hosts: servers + tags: servers become: true roles: - servers -- hosts: nameserver - tags: server,nameserver +- hosts: nameservers + tags: servers,nameservers become: true roles: - nameservers -- hosts: webserver - tags: server,webserver +- hosts: webservers + tags: servers,webservers become: true roles: - webservers -# - hosts: mailserver -# tags: server,mailserver +# - hosts: mailservers +# tags: servers,mailservers # become: true # roles: # - mailservers -- hosts: database - tags: server,database +- hosts: databases + tags: servers,databases become: true roles: - databases -# - hosts: dhcpserver -# tags: server,dhcpserver +# - hosts: dhcpservers +# tags: servers,dhcpservers # become: true # roles: # - dhcpservers - hosts: docker - tags: server,docker + tags: servers,docker become: true roles: - docker -# - hosts: fileserver -# tags: server,fileserver +# - hosts: fileservers +# tags: servers,fileservers # become: true # roles: # - fileserver - hosts: mastodon - tags: server,mastodon + tags: servers,mastodon become: true roles: - mastodon -# - hosts: printspooler -# tags: server,printspooler +# - hosts: printspoolers +# tags: servers,printspoolers # become: true # roles: # - printspooler - hosts: jitsimeet - tags: server,jitsimeet,webserver + tags: servers,jitsimeet,webservers become: true roles: - jitsimeet -# - hosts: proxyserver -# tags: server,proxyserver +# - hosts: proxyservers +# tags: servers,proxyservers # become: true # roles: -# - proxyserver +# - proxyservers # end of roles; cleanup and reporting - hosts: all From dd00b2840a6873a85b4274274137a33abc8a0a24 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 20:55:50 +0200 Subject: [PATCH 15/42] back to singular --- hosts | 46 +++++++-------- local.yml | 56 +++++++++---------- .../tasks/configure_snmpd.yml | 0 .../tasks/install_check_postgres.yml | 0 .../tasks/install_mysql.yml | 0 .../tasks/install_postgres.yml | 0 .../tasks/install_redis.yml | 0 roles/{databases => database}/tasks/main.yml | 0 roles/{databases => database}/vars/debian.yml | 0 roles/{databases => database}/vars/ubuntu.yml | 0 .../files/snmpd_bind.conf | 0 .../handlers/main.yml | 0 .../tasks/configure_bind_snmpd.yml | 0 .../tasks/configure_unbound_snmpd.yml | 0 .../tasks/disable-systemd-resolved.yml | 0 .../tasks/install_bind.yml | 0 .../tasks/install_unbound.yml | 0 .../tasks/main.yml | 0 .../templates/unbound_network.conf.j2 | 0 .../vars/Archlinux.yml | 0 .../vars/Debian.yml | 0 .../vars/Ubuntu.yml | 0 .../tasks/main.yaml | 0 .../tasks/squid.yml | 0 .../tasks/tinyproxy.yaml | 0 roles/{servers => server}/files/distro | 0 roles/{servers => server}/files/sudoers | 0 roles/{servers => server}/handlers/main.yml | 0 roles/{servers => server}/tasks/main.yml | 0 .../tasks/system_setup/cron.yml | 0 .../tasks/system_setup/mail.yml | 0 .../tasks/system_setup/swap.yml | 0 .../tasks/system_setup/sysctl.yml | 0 .../tasks/utilities/glusterfs.yml | 0 .../tasks/utilities/mta.yml | 0 .../tasks/utilities/netdata.yml | 0 .../tasks/utilities/snmpd.yml | 0 .../templates/client_VPN.conf.j2 | 0 roles/{servers => server}/templates/main.yml | 0 roles/{servers => server}/vars/Archlinux.yml | 0 roles/{servers => server}/vars/Debian.yml | 0 roles/{servers => server}/vars/Ubuntu.yml | 0 roles/{servers => server}/vars/main.yml | 0 .../{servers => server}/vars/mewimeet.com.yml | 0 .../{servers => server}/vars/mewimeet.de.yml | 0 roles/{servers => server}/vars/snmp_users.yml | 0 .../files/nginx_localhost | 0 .../handlers/main.yml | 0 .../tasks/apps/apps.yml | 0 .../tasks/apps/nextcloud/nextcloud.yml | 0 .../tasks/apps/nextcloud/prereq.yml | 0 .../tasks/configure_nginx_snmpd.yml | 0 .../tasks/install_apache.yml | 0 .../tasks/install_nginx.yml | 0 .../tasks/install_php.yml | 0 .../{webservers => webserver}/tasks/main.yml | 0 .../templates/nextcloud/config.php.j2 | 0 .../{webservers => webserver}/vars/Debian.yml | 0 .../{webservers => webserver}/vars/Ubuntu.yml | 0 .../vars/nextcloud.yml | 0 60 files changed, 51 insertions(+), 51 deletions(-) rename roles/{databases => database}/tasks/configure_snmpd.yml (100%) rename roles/{databases => database}/tasks/install_check_postgres.yml (100%) rename roles/{databases => database}/tasks/install_mysql.yml (100%) rename roles/{databases => database}/tasks/install_postgres.yml (100%) rename roles/{databases => database}/tasks/install_redis.yml (100%) rename roles/{databases => database}/tasks/main.yml (100%) rename roles/{databases => database}/vars/debian.yml (100%) rename roles/{databases => database}/vars/ubuntu.yml (100%) rename roles/{nameservers => nameserver}/files/snmpd_bind.conf (100%) rename roles/{nameservers => nameserver}/handlers/main.yml (100%) rename roles/{nameservers => nameserver}/tasks/configure_bind_snmpd.yml (100%) rename roles/{nameservers => nameserver}/tasks/configure_unbound_snmpd.yml (100%) rename roles/{nameservers => nameserver}/tasks/disable-systemd-resolved.yml (100%) rename roles/{nameservers => nameserver}/tasks/install_bind.yml (100%) rename roles/{nameservers => nameserver}/tasks/install_unbound.yml (100%) rename roles/{nameservers => nameserver}/tasks/main.yml (100%) rename roles/{nameservers => nameserver}/templates/unbound_network.conf.j2 (100%) rename roles/{nameservers => nameserver}/vars/Archlinux.yml (100%) rename roles/{nameservers => nameserver}/vars/Debian.yml (100%) rename roles/{nameservers => nameserver}/vars/Ubuntu.yml (100%) rename roles/{proxyservers => proxyserver}/tasks/main.yaml (100%) rename roles/{proxyservers => proxyserver}/tasks/squid.yml (100%) rename roles/{proxyservers => proxyserver}/tasks/tinyproxy.yaml (100%) rename roles/{servers => server}/files/distro (100%) rename roles/{servers => server}/files/sudoers (100%) rename roles/{servers => server}/handlers/main.yml (100%) rename roles/{servers => server}/tasks/main.yml (100%) rename roles/{servers => server}/tasks/system_setup/cron.yml (100%) rename roles/{servers => server}/tasks/system_setup/mail.yml (100%) rename roles/{servers => server}/tasks/system_setup/swap.yml (100%) rename roles/{servers => server}/tasks/system_setup/sysctl.yml (100%) rename roles/{servers => server}/tasks/utilities/glusterfs.yml (100%) rename roles/{servers => server}/tasks/utilities/mta.yml (100%) rename roles/{servers => server}/tasks/utilities/netdata.yml (100%) rename roles/{servers => server}/tasks/utilities/snmpd.yml (100%) rename roles/{servers => server}/templates/client_VPN.conf.j2 (100%) rename roles/{servers => server}/templates/main.yml (100%) rename roles/{servers => server}/vars/Archlinux.yml (100%) rename roles/{servers => server}/vars/Debian.yml (100%) rename roles/{servers => server}/vars/Ubuntu.yml (100%) rename roles/{servers => server}/vars/main.yml (100%) rename roles/{servers => server}/vars/mewimeet.com.yml (100%) rename roles/{servers => server}/vars/mewimeet.de.yml (100%) rename roles/{servers => server}/vars/snmp_users.yml (100%) rename roles/{webservers => webserver}/files/nginx_localhost (100%) rename roles/{webservers => webserver}/handlers/main.yml (100%) rename roles/{webservers => webserver}/tasks/apps/apps.yml (100%) rename roles/{webservers => webserver}/tasks/apps/nextcloud/nextcloud.yml (100%) rename roles/{webservers => webserver}/tasks/apps/nextcloud/prereq.yml (100%) rename roles/{webservers => webserver}/tasks/configure_nginx_snmpd.yml (100%) rename roles/{webservers => webserver}/tasks/install_apache.yml (100%) rename roles/{webservers => webserver}/tasks/install_nginx.yml (100%) rename roles/{webservers => webserver}/tasks/install_php.yml (100%) rename roles/{webservers => webserver}/tasks/main.yml (100%) rename roles/{webservers => webserver}/templates/nextcloud/config.php.j2 (100%) rename roles/{webservers => webserver}/vars/Debian.yml (100%) rename roles/{webservers => webserver}/vars/Ubuntu.yml (100%) rename roles/{webservers => webserver}/vars/nextcloud.yml (100%) diff --git a/hosts b/hosts index 320b3bc..722757c 100644 --- a/hosts +++ b/hosts @@ -4,7 +4,7 @@ VM-debian11-template [cluster:children] glustertest -[servers] +[server] pve netbox Samba-AD-DC @@ -12,22 +12,22 @@ librenms grafana haproxy -[servers:children] +[server:children] cluster -databases -dhcpservers +database +dhcpserver docker -fileservers +fileserver icinga jitsimeet -mailservers +mailserver mastodon -nameservers -printspoolers -proxyservers -webservers +nameserver +printspooler +proxyserver +webserver -[databases] +[database] coruscant.universe.local mariadb01 mariadb02 @@ -38,7 +38,7 @@ endor.universe.local endorvm.universe.local tuxedo-book-xp1511.universe.local -[dhcpservers] +[dhcpserver] coruscant.universe.local dhcp-kea @@ -46,7 +46,7 @@ dhcp-kea docker01 docker02 -[fileservers] +[fileserver] coruscant.universe.local [glustertest] @@ -54,19 +54,19 @@ glustertest01 glustertest02 glustertest03 -[icingamaster] +[icinga_master] icinga -[icingasatellite] +[icinga_satellite] [icinga:children] -icingamaster -icingasatellite +icinga_master +icinga_satellite [jitsimeet] mewimeet.de jitsi_fqdn=mewimeet.de -[mailservers] +[mailserver] coruscant.universe.local mail.mewissen.site @@ -77,7 +77,7 @@ ubuntu-test [mobile] tuxedo-book-xp1511.universe.local -[nameservers] +[nameserver] coruscant.universe.local mewimeet.de mewitoot.de @@ -90,10 +90,10 @@ endor.universe.local endorvm.universe.local tuxedo-book-xp1511.universe.local -[printspoolers] +[printspooler] coruscant.universe.local -[proxyservers] +[proxyserver] coruscant.universe.local [video_editing] @@ -101,12 +101,12 @@ endor.universe.local endorvm.universe.local tuxedo-book-xp1511.universe.local -[webservers] +[webserver] coruscant.universe.local nextcloud webserver -[workstations:children] +[workstation:children] development mobile photo_editing diff --git a/local.yml b/local.yml index adb494a..24df2dc 100644 --- a/local.yml +++ b/local.yml @@ -38,77 +38,77 @@ # roles: # - workstation -- hosts: servers - tags: servers +- hosts: server + tags: server become: true roles: - - servers + - server -- hosts: nameservers - tags: servers,nameservers +- hosts: nameserver + tags: server,nameserver become: true roles: - - nameservers + - nameserver -- hosts: webservers - tags: servers,webservers +- hosts: webserver + tags: server,webserver become: true roles: - - webservers + - webserver -# - hosts: mailservers -# tags: servers,mailservers +# - hosts: mailserver +# tags: server,mailserver # become: true # roles: -# - mailservers +# - mailserver -- hosts: databases - tags: servers,databases +- hosts: database + tags: server,database become: true roles: - - databases + - database -# - hosts: dhcpservers -# tags: servers,dhcpservers +# - hosts: dhcpserver +# tags: server,dhcpserver # become: true # roles: -# - dhcpservers +# - dhcpserver - hosts: docker - tags: servers,docker + tags: server,docker become: true roles: - docker -# - hosts: fileservers -# tags: servers,fileservers +# - hosts: fileserver +# tags: server,fileserver # become: true # roles: # - fileserver - hosts: mastodon - tags: servers,mastodon + tags: server,mastodon become: true roles: - mastodon -# - hosts: printspoolers -# tags: servers,printspoolers +# - hosts: printspooler +# tags: server,printspooler # become: true # roles: # - printspooler - hosts: jitsimeet - tags: servers,jitsimeet,webservers + tags: server,jitsimeet,webserver become: true roles: - jitsimeet -# - hosts: proxyservers -# tags: servers,proxyservers +# - hosts: proxyserver +# tags: server,proxyserver # become: true # roles: -# - proxyservers +# - proxyserver # end of roles; cleanup and reporting - hosts: all diff --git a/roles/databases/tasks/configure_snmpd.yml b/roles/database/tasks/configure_snmpd.yml similarity index 100% rename from roles/databases/tasks/configure_snmpd.yml rename to roles/database/tasks/configure_snmpd.yml diff --git a/roles/databases/tasks/install_check_postgres.yml b/roles/database/tasks/install_check_postgres.yml similarity index 100% rename from roles/databases/tasks/install_check_postgres.yml rename to roles/database/tasks/install_check_postgres.yml diff --git a/roles/databases/tasks/install_mysql.yml b/roles/database/tasks/install_mysql.yml similarity index 100% rename from roles/databases/tasks/install_mysql.yml rename to roles/database/tasks/install_mysql.yml diff --git a/roles/databases/tasks/install_postgres.yml b/roles/database/tasks/install_postgres.yml similarity index 100% rename from roles/databases/tasks/install_postgres.yml rename to roles/database/tasks/install_postgres.yml diff --git a/roles/databases/tasks/install_redis.yml b/roles/database/tasks/install_redis.yml similarity index 100% rename from roles/databases/tasks/install_redis.yml rename to roles/database/tasks/install_redis.yml diff --git a/roles/databases/tasks/main.yml b/roles/database/tasks/main.yml similarity index 100% rename from roles/databases/tasks/main.yml rename to roles/database/tasks/main.yml diff --git a/roles/databases/vars/debian.yml b/roles/database/vars/debian.yml similarity index 100% rename from roles/databases/vars/debian.yml rename to roles/database/vars/debian.yml diff --git a/roles/databases/vars/ubuntu.yml b/roles/database/vars/ubuntu.yml similarity index 100% rename from roles/databases/vars/ubuntu.yml rename to roles/database/vars/ubuntu.yml diff --git a/roles/nameservers/files/snmpd_bind.conf b/roles/nameserver/files/snmpd_bind.conf similarity index 100% rename from roles/nameservers/files/snmpd_bind.conf rename to roles/nameserver/files/snmpd_bind.conf diff --git a/roles/nameservers/handlers/main.yml b/roles/nameserver/handlers/main.yml similarity index 100% rename from roles/nameservers/handlers/main.yml rename to roles/nameserver/handlers/main.yml diff --git a/roles/nameservers/tasks/configure_bind_snmpd.yml b/roles/nameserver/tasks/configure_bind_snmpd.yml similarity index 100% rename from roles/nameservers/tasks/configure_bind_snmpd.yml rename to roles/nameserver/tasks/configure_bind_snmpd.yml diff --git a/roles/nameservers/tasks/configure_unbound_snmpd.yml b/roles/nameserver/tasks/configure_unbound_snmpd.yml similarity index 100% rename from roles/nameservers/tasks/configure_unbound_snmpd.yml rename to roles/nameserver/tasks/configure_unbound_snmpd.yml diff --git a/roles/nameservers/tasks/disable-systemd-resolved.yml b/roles/nameserver/tasks/disable-systemd-resolved.yml similarity index 100% rename from roles/nameservers/tasks/disable-systemd-resolved.yml rename to roles/nameserver/tasks/disable-systemd-resolved.yml diff --git a/roles/nameservers/tasks/install_bind.yml b/roles/nameserver/tasks/install_bind.yml similarity index 100% rename from roles/nameservers/tasks/install_bind.yml rename to roles/nameserver/tasks/install_bind.yml diff --git a/roles/nameservers/tasks/install_unbound.yml b/roles/nameserver/tasks/install_unbound.yml similarity index 100% rename from roles/nameservers/tasks/install_unbound.yml rename to roles/nameserver/tasks/install_unbound.yml diff --git a/roles/nameservers/tasks/main.yml b/roles/nameserver/tasks/main.yml similarity index 100% rename from roles/nameservers/tasks/main.yml rename to roles/nameserver/tasks/main.yml diff --git a/roles/nameservers/templates/unbound_network.conf.j2 b/roles/nameserver/templates/unbound_network.conf.j2 similarity index 100% rename from roles/nameservers/templates/unbound_network.conf.j2 rename to roles/nameserver/templates/unbound_network.conf.j2 diff --git a/roles/nameservers/vars/Archlinux.yml b/roles/nameserver/vars/Archlinux.yml similarity index 100% rename from roles/nameservers/vars/Archlinux.yml rename to roles/nameserver/vars/Archlinux.yml diff --git a/roles/nameservers/vars/Debian.yml b/roles/nameserver/vars/Debian.yml similarity index 100% rename from roles/nameservers/vars/Debian.yml rename to roles/nameserver/vars/Debian.yml diff --git a/roles/nameservers/vars/Ubuntu.yml b/roles/nameserver/vars/Ubuntu.yml similarity index 100% rename from roles/nameservers/vars/Ubuntu.yml rename to roles/nameserver/vars/Ubuntu.yml diff --git a/roles/proxyservers/tasks/main.yaml b/roles/proxyserver/tasks/main.yaml similarity index 100% rename from roles/proxyservers/tasks/main.yaml rename to roles/proxyserver/tasks/main.yaml diff --git a/roles/proxyservers/tasks/squid.yml b/roles/proxyserver/tasks/squid.yml similarity index 100% rename from roles/proxyservers/tasks/squid.yml rename to roles/proxyserver/tasks/squid.yml diff --git a/roles/proxyservers/tasks/tinyproxy.yaml b/roles/proxyserver/tasks/tinyproxy.yaml similarity index 100% rename from roles/proxyservers/tasks/tinyproxy.yaml rename to roles/proxyserver/tasks/tinyproxy.yaml diff --git a/roles/servers/files/distro b/roles/server/files/distro similarity index 100% rename from roles/servers/files/distro rename to roles/server/files/distro diff --git a/roles/servers/files/sudoers b/roles/server/files/sudoers similarity index 100% rename from roles/servers/files/sudoers rename to roles/server/files/sudoers diff --git a/roles/servers/handlers/main.yml b/roles/server/handlers/main.yml similarity index 100% rename from roles/servers/handlers/main.yml rename to roles/server/handlers/main.yml diff --git a/roles/servers/tasks/main.yml b/roles/server/tasks/main.yml similarity index 100% rename from roles/servers/tasks/main.yml rename to roles/server/tasks/main.yml diff --git a/roles/servers/tasks/system_setup/cron.yml b/roles/server/tasks/system_setup/cron.yml similarity index 100% rename from roles/servers/tasks/system_setup/cron.yml rename to roles/server/tasks/system_setup/cron.yml diff --git a/roles/servers/tasks/system_setup/mail.yml b/roles/server/tasks/system_setup/mail.yml similarity index 100% rename from roles/servers/tasks/system_setup/mail.yml rename to roles/server/tasks/system_setup/mail.yml diff --git a/roles/servers/tasks/system_setup/swap.yml b/roles/server/tasks/system_setup/swap.yml similarity index 100% rename from roles/servers/tasks/system_setup/swap.yml rename to roles/server/tasks/system_setup/swap.yml diff --git a/roles/servers/tasks/system_setup/sysctl.yml b/roles/server/tasks/system_setup/sysctl.yml similarity index 100% rename from roles/servers/tasks/system_setup/sysctl.yml rename to roles/server/tasks/system_setup/sysctl.yml diff --git a/roles/servers/tasks/utilities/glusterfs.yml b/roles/server/tasks/utilities/glusterfs.yml similarity index 100% rename from roles/servers/tasks/utilities/glusterfs.yml rename to roles/server/tasks/utilities/glusterfs.yml diff --git a/roles/servers/tasks/utilities/mta.yml b/roles/server/tasks/utilities/mta.yml similarity index 100% rename from roles/servers/tasks/utilities/mta.yml rename to roles/server/tasks/utilities/mta.yml diff --git a/roles/servers/tasks/utilities/netdata.yml b/roles/server/tasks/utilities/netdata.yml similarity index 100% rename from roles/servers/tasks/utilities/netdata.yml rename to roles/server/tasks/utilities/netdata.yml diff --git a/roles/servers/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml similarity index 100% rename from roles/servers/tasks/utilities/snmpd.yml rename to roles/server/tasks/utilities/snmpd.yml diff --git a/roles/servers/templates/client_VPN.conf.j2 b/roles/server/templates/client_VPN.conf.j2 similarity index 100% rename from roles/servers/templates/client_VPN.conf.j2 rename to roles/server/templates/client_VPN.conf.j2 diff --git a/roles/servers/templates/main.yml b/roles/server/templates/main.yml similarity index 100% rename from roles/servers/templates/main.yml rename to roles/server/templates/main.yml diff --git a/roles/servers/vars/Archlinux.yml b/roles/server/vars/Archlinux.yml similarity index 100% rename from roles/servers/vars/Archlinux.yml rename to roles/server/vars/Archlinux.yml diff --git a/roles/servers/vars/Debian.yml b/roles/server/vars/Debian.yml similarity index 100% rename from roles/servers/vars/Debian.yml rename to roles/server/vars/Debian.yml diff --git a/roles/servers/vars/Ubuntu.yml b/roles/server/vars/Ubuntu.yml similarity index 100% rename from roles/servers/vars/Ubuntu.yml rename to roles/server/vars/Ubuntu.yml diff --git a/roles/servers/vars/main.yml b/roles/server/vars/main.yml similarity index 100% rename from roles/servers/vars/main.yml rename to roles/server/vars/main.yml diff --git a/roles/servers/vars/mewimeet.com.yml b/roles/server/vars/mewimeet.com.yml similarity index 100% rename from roles/servers/vars/mewimeet.com.yml rename to roles/server/vars/mewimeet.com.yml diff --git a/roles/servers/vars/mewimeet.de.yml b/roles/server/vars/mewimeet.de.yml similarity index 100% rename from roles/servers/vars/mewimeet.de.yml rename to roles/server/vars/mewimeet.de.yml diff --git a/roles/servers/vars/snmp_users.yml b/roles/server/vars/snmp_users.yml similarity index 100% rename from roles/servers/vars/snmp_users.yml rename to roles/server/vars/snmp_users.yml diff --git a/roles/webservers/files/nginx_localhost b/roles/webserver/files/nginx_localhost similarity index 100% rename from roles/webservers/files/nginx_localhost rename to roles/webserver/files/nginx_localhost diff --git a/roles/webservers/handlers/main.yml b/roles/webserver/handlers/main.yml similarity index 100% rename from roles/webservers/handlers/main.yml rename to roles/webserver/handlers/main.yml diff --git a/roles/webservers/tasks/apps/apps.yml b/roles/webserver/tasks/apps/apps.yml similarity index 100% rename from roles/webservers/tasks/apps/apps.yml rename to roles/webserver/tasks/apps/apps.yml diff --git a/roles/webservers/tasks/apps/nextcloud/nextcloud.yml b/roles/webserver/tasks/apps/nextcloud/nextcloud.yml similarity index 100% rename from roles/webservers/tasks/apps/nextcloud/nextcloud.yml rename to roles/webserver/tasks/apps/nextcloud/nextcloud.yml diff --git a/roles/webservers/tasks/apps/nextcloud/prereq.yml b/roles/webserver/tasks/apps/nextcloud/prereq.yml similarity index 100% rename from roles/webservers/tasks/apps/nextcloud/prereq.yml rename to roles/webserver/tasks/apps/nextcloud/prereq.yml diff --git a/roles/webservers/tasks/configure_nginx_snmpd.yml b/roles/webserver/tasks/configure_nginx_snmpd.yml similarity index 100% rename from roles/webservers/tasks/configure_nginx_snmpd.yml rename to roles/webserver/tasks/configure_nginx_snmpd.yml diff --git a/roles/webservers/tasks/install_apache.yml b/roles/webserver/tasks/install_apache.yml similarity index 100% rename from roles/webservers/tasks/install_apache.yml rename to roles/webserver/tasks/install_apache.yml diff --git a/roles/webservers/tasks/install_nginx.yml b/roles/webserver/tasks/install_nginx.yml similarity index 100% rename from roles/webservers/tasks/install_nginx.yml rename to roles/webserver/tasks/install_nginx.yml diff --git a/roles/webservers/tasks/install_php.yml b/roles/webserver/tasks/install_php.yml similarity index 100% rename from roles/webservers/tasks/install_php.yml rename to roles/webserver/tasks/install_php.yml diff --git a/roles/webservers/tasks/main.yml b/roles/webserver/tasks/main.yml similarity index 100% rename from roles/webservers/tasks/main.yml rename to roles/webserver/tasks/main.yml diff --git a/roles/webservers/templates/nextcloud/config.php.j2 b/roles/webserver/templates/nextcloud/config.php.j2 similarity index 100% rename from roles/webservers/templates/nextcloud/config.php.j2 rename to roles/webserver/templates/nextcloud/config.php.j2 diff --git a/roles/webservers/vars/Debian.yml b/roles/webserver/vars/Debian.yml similarity index 100% rename from roles/webservers/vars/Debian.yml rename to roles/webserver/vars/Debian.yml diff --git a/roles/webservers/vars/Ubuntu.yml b/roles/webserver/vars/Ubuntu.yml similarity index 100% rename from roles/webservers/vars/Ubuntu.yml rename to roles/webserver/vars/Ubuntu.yml diff --git a/roles/webservers/vars/nextcloud.yml b/roles/webserver/vars/nextcloud.yml similarity index 100% rename from roles/webservers/vars/nextcloud.yml rename to roles/webserver/vars/nextcloud.yml From 0c529c44e14f5c5c0d30f7e94c3a4fc866b74250 Mon Sep 17 00:00:00 2001 From: rene Date: Sat, 24 Sep 2022 18:57:47 +0000 Subject: [PATCH 16/42] revert df6e24acbd149f9023a66cf6d0a5e353a56812f7 revert new systems --- hosts | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts b/hosts index 722757c..3192b36 100644 --- a/hosts +++ b/hosts @@ -29,9 +29,6 @@ webserver [database] coruscant.universe.local -mariadb01 -mariadb02 -mariadb03 [development] endor.universe.local From 383f6f13493d27690270d94459966c16724fe906 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 21:02:21 +0200 Subject: [PATCH 17/42] added hosts --- hosts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts b/hosts index 3192b36..722757c 100644 --- a/hosts +++ b/hosts @@ -29,6 +29,9 @@ webserver [database] coruscant.universe.local +mariadb01 +mariadb02 +mariadb03 [development] endor.universe.local From 001e840903b6d0d7962cb200645761fea41220bb Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 21:08:48 +0200 Subject: [PATCH 18/42] changed var name --- host_vars/coruscant.universe.local.yml | 2 +- host_vars/mariadb01 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/host_vars/coruscant.universe.local.yml b/host_vars/coruscant.universe.local.yml index 0891e02..53f06db 100644 --- a/host_vars/coruscant.universe.local.yml +++ b/host_vars/coruscant.universe.local.yml @@ -13,7 +13,7 @@ microcode_intel_install: true # purpose selection database: true mysql: true -postgresql: false +postgres: false dhcpserver: true fileserver: true mailserver: true diff --git a/host_vars/mariadb01 b/host_vars/mariadb01 index b396f0a..29745c3 100644 --- a/host_vars/mariadb01 +++ b/host_vars/mariadb01 @@ -13,7 +13,7 @@ microcode_intel_install: true # purpose selection database: true mysql: true -postgresql: false +postgres: false # application selection vifm: true From fa3f5a872b15aa9fbeb7f5791703123551d43026 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sat, 24 Sep 2022 21:22:04 +0200 Subject: [PATCH 19/42] set variables --- host_vars/mariadb01 | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/host_vars/mariadb01 b/host_vars/mariadb01 index 29745c3..9d8109d 100644 --- a/host_vars/mariadb01 +++ b/host_vars/mariadb01 @@ -14,9 +14,29 @@ microcode_intel_install: true database: true mysql: true postgres: false +redis: false +dhcpserver: false +fileserver: false +mailserver: false +nameserver: false +printspooler: false +proxyserver: false +squid: false +tinyproxy: false +webserver: false +apache: false +nginx: false # application selection -vifm: true +borgbackup: false +broot: false +docker: false +pacaur: false +paru: false +ranger: false +syncthing: false +vifm: false +yay: false # shell selection -zsh: true +zsh: true \ No newline at end of file From c4b28dd28bd48e4e9b25657789e6a84893d06d04 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Sun, 25 Sep 2022 16:48:13 +0200 Subject: [PATCH 20/42] new host --- hosts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts b/hosts index 722757c..0221e68 100644 --- a/hosts +++ b/hosts @@ -10,7 +10,8 @@ netbox Samba-AD-DC librenms grafana -haproxy +haproxy01 +haproxy02 [server:children] cluster From e1fe21e28b4960062353ca1f5cf05e81178152f4 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 28 Sep 2022 16:09:57 +0200 Subject: [PATCH 21/42] new host --- host_vars/mailcow.yml | 17 +++++++++++++++++ hosts | 2 ++ 2 files changed, 19 insertions(+) create mode 100644 host_vars/mailcow.yml diff --git a/host_vars/mailcow.yml b/host_vars/mailcow.yml new file mode 100644 index 0000000..566860f --- /dev/null +++ b/host_vars/mailcow.yml @@ -0,0 +1,17 @@ +--- +branch: master + +#ansible_cron_minute: "40" +#ssh_port: 22 +#ssh_users: "user1 user2" +copy_ssh_priv_keys: false + +# platform-specific +linode_instance: false +microcode_amd_install: false +microcode_intel_install: false +proxmox_instance: false +raspberry_pi: false + +# server +unattended_upgrades: true diff --git a/hosts b/hosts index 0221e68..4ead043 100644 --- a/hosts +++ b/hosts @@ -49,6 +49,7 @@ docker02 [fileserver] coruscant.universe.local +samba-ad-dc [glustertest] glustertest01 @@ -70,6 +71,7 @@ mewimeet.de jitsi_fqdn=mewimeet.de [mailserver] coruscant.universe.local mail.mewissen.site +mailcow [mastodon] mewitoot.de From 1bc28c3e24ae35210d30b86365e524a50043a1d6 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 7 Oct 2022 10:02:21 +0200 Subject: [PATCH 22/42] new database --- roles/webserver/vars/nextcloud.yml | 49 +++++++++++++++--------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/roles/webserver/vars/nextcloud.yml b/roles/webserver/vars/nextcloud.yml index 922e1a5..40dd664 100644 --- a/roles/webserver/vars/nextcloud.yml +++ b/roles/webserver/vars/nextcloud.yml @@ -1,26 +1,25 @@ $ANSIBLE_VAULT;1.1;AES256 -37353535366162623439373564306434376564326462326139323131333664663937313634313665 -6564393039653231663433646630646462306266666435310a303632646636356139656561323933 -63376565643266313563393135363033383234323031626465346335393762306139613261663664 -3339393161666262340a373562646538336137323833303139343331356266373064353361646533 -34363566646433333534313866323839623466306132613734356263393763666638373364633931 -66303035663035306131633639376236393966346566616334616536313134623933316338373133 -33626232303838633132613732653331626531336366383166313833353062656331376637336161 -32666439303238333365323538636636346134383337383433303863623965316430643730303230 -62363737633763363035346531643332343935363432326630323735356131376636343830366434 -35386661383833376663333031373764613739626165626132653632346430633166393436313731 -39646538346438666134633539666436643961353639393761326132366239363231316631613663 -63313733363435353965626465623935383062656635396534373538323931616135373865336632 -33333931353637663838333039613063353562346134663037396138323733323261663036363634 -63383966326138346539653932383632356465393962383265626336643538396466323934633634 -64663865633063613433306332306234303635346634303937643935373035353337373637626262 -66666535653965333161386665613034613835646438326161643766653232303430333636646633 -38363335313136393533616366323533663939643230626238616632353130666537336661633432 -39333430663563633866636436363937363634303462373065303363373231346236303931636230 -64643464306663313231326665373264323030343831366532643438666463646236643939316631 -34383335326438633364356338353334353061333565376631356263663465623866656635383030 -34303932393666316562653435343166393436376135613466663366393033333938376230383139 -35373434653866313233363037666431316630316166656638616634636339383834653265333034 -64303138336166663732633134343164373135386135666164373462633530636231303139653863 -30386239663861666565366361633565336333313065373130623063363235653963373564313434 -3430 +63353763353333663663346630323363623938333965663430333035326461363330306131653434 +3964343335373832383665396164646261356236643966360a393330386366646337326164373630 +32656237343062323836643234396435313636623735663166663766636166393830313336343065 +3333643038333839360a306635306434373731336137646232306438656338643233616237623435 +32396531366666623232313237643833613334333633646434656331363733373632316331393461 +33643430376564326463353337616437613338303839613632653738333563373730323731623638 +31656135623966336231353035613732343864303566386233663430666233636162323838656366 +36393534313665303766326638373133323964386438656639383030363265393032353761646239 +30336366363839326661313839666130356135353134396462646562653561383862623465313437 +31303034396662353261663865626565663961393930643763393761346634386639633362313066 +66663734613331616632653338666563333734656166333234326639646562623636653434396136 +63386434373364633764663162396164643032633133373835383238613732356537323764366463 +39643232656662353238376235643537643935366534646363616533633636303831333831353466 +66376433353164663130636466303630376434333161353839353863666136386566363334306235 +37383938633335663465656539646630613061666231626137393766326237613036303434663064 +30616637393863353533303832663032613666353833633933613032303336353139623537363936 +30366163666466326334373036393435643436343630366364353133396131336535653435356364 +61613330316332383332323732353539396465326538306532353734383033663234623464313934 +64386662346364663134613434613036363935636263616264386336663639346135316561623861 +61643732393936306332363637373330633735633535356563373037326530343332396263613037 +66643136613136643637316266383239643434376461326663666330653338366164656437316431 +62393933303466663139653666323737663137656533613439666132663266363238396330663932 +37363131343935383665336364323166316439396566313231613530333465613062306439626666 +31346165336332313637 From 795c217fb6d6c9f7cbe511ec76a53381a89b50b0 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Fri, 7 Oct 2022 10:02:43 +0200 Subject: [PATCH 23/42] removed restart command in favour of renewal-hook --- roles/mastodon/tasks/system_setup/letsencrypt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mastodon/tasks/system_setup/letsencrypt.yml b/roles/mastodon/tasks/system_setup/letsencrypt.yml index c98536f..933124f 100644 --- a/roles/mastodon/tasks/system_setup/letsencrypt.yml +++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml @@ -29,5 +29,5 @@ name: "letsencrypt renew" minute: "15" hour: "0" - job: "certbot renew && service nginx reload" + job: "certbot renew" From 1b96ff38ecee9e62679b8ef0548ab1199dd58409 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 09:32:11 +0200 Subject: [PATCH 24/42] added new host --- host_vars/mail.universe.local.yml | 8 +++ hosts | 1 + roles/mailserver/tasks/configure_postfix.yml | 75 ++++++++++++++++++++ roles/mailserver/tasks/install_dovecot.yml | 6 ++ roles/mailserver/tasks/install_fetchmail.yml | 4 ++ roles/mailserver/tasks/install_postfix.yml | 9 +++ roles/mailserver/tasks/main.yml | 22 ++++++ 7 files changed, 125 insertions(+) create mode 100644 host_vars/mail.universe.local.yml create mode 100644 roles/mailserver/tasks/configure_postfix.yml create mode 100644 roles/mailserver/tasks/install_dovecot.yml create mode 100644 roles/mailserver/tasks/install_fetchmail.yml create mode 100644 roles/mailserver/tasks/install_postfix.yml create mode 100644 roles/mailserver/tasks/main.yml diff --git a/host_vars/mail.universe.local.yml b/host_vars/mail.universe.local.yml new file mode 100644 index 0000000..c3c6b0d --- /dev/null +++ b/host_vars/mail.universe.local.yml @@ -0,0 +1,8 @@ +postfix: true +postgrey: true +dovecot: true +pigeonhole: true +fetchmail: true +mpop: true + +mynetworks: "192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24" \ No newline at end of file diff --git a/hosts b/hosts index 4ead043..2dae1f5 100644 --- a/hosts +++ b/hosts @@ -72,6 +72,7 @@ mewimeet.de jitsi_fqdn=mewimeet.de coruscant.universe.local mail.mewissen.site mailcow +mail.universe.local [mastodon] mewitoot.de diff --git a/roles/mailserver/tasks/configure_postfix.yml b/roles/mailserver/tasks/configure_postfix.yml new file mode 100644 index 0000000..c8ae7cd --- /dev/null +++ b/roles/mailserver/tasks/configure_postfix.yml @@ -0,0 +1,75 @@ +- name: mailserver | postfix | configuration + command: + cmd: "postconf {{item.key}}={{item.value}}" + loop: + - {key: "address_verify_map", value: "btree:/usr/lib/postfix/bin/verify"} + - {key: "alias_database", value: "hash:/etc/mail/aliases"} + - {key: "alias_maps", value: "hash:/etc/mail/aliases"} + - {key: "biff", value: "no"} + - {key: "broken_sasl_auth_clients", value: "yes"} + - {key: "compatibility_level", value: "2"} + - {key: "debugger_command", value: "PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5"} + - {key: "default_destination_concurrency_limit", value: "2"} + - {key: "dovecot_destination_recipient_limit", value: "1"} + - {key: "header_checks", value: "regexp:/etc/postfix/header_checks"} + - {key: "inet_protocols", value: "ipv4, ipv6"} + - {key: "mailbox_size_limit", value: "0"} + - {key: "mailbox_transport", value: "dovecot"} + - {key: "maillog_file", value: "/var/log/postfix.log"} + - {key: "message_size_limit", value: "0"} + - {key: "milter_default_action", value: "accept"} + - {key: "mydestination", value: "localhost, kashyyyk, coruscant"} + - {key: "myhostname", value: "kashyyyk.universe.local"} + - {key: "mynetworks", value: "{{ mynetworks }}"} + - {key: "mynetworks_style", value: "subnet"} + - {key: "readme_directory", value: "no"} + - {key: "recipient_canonical_maps", value: "hash:/etc/postfix/recipient-canonical"} + - {key: "recipient_delimiter", value: "+"} + - {key: "sender_canonical_maps", value: "hash:/etc/postfix/sender-canonical"} + - {key: "sender_dependent_relayhost_maps", value: "hash:/etc/postfix/sender_dependent_relayhost_map"} + - {key: "smtp_sasl_auth_enable", value: "yes"} + - {key: "smtp_sasl_mechanism_filter", value: "!gssapi, !external, static:all"} + - {key: "smtp_sasl_password_maps", value: "hash:/etc/postfix/saslpass"} + - {key: "smtp_sasl_security_options", value: "noanonymous"} + - {key: "smtp_sender_dependent_authentication", value: "yes"} + - {key: "smtp_tls_CApath", value: "/etc/ssl/certs"} + - {key: "smtp_tls_loglevel", value: "1"} + - {key: "smtp_tls_policy_maps", value: "hash:/etc/postfix/smtp_tls_policy"} + - {key: "smtp_tls_security_level", value: "may"} + - {key: "smtp_tls_session_cache_database", value: "btree:/var/lib/postfix/smtp_scache"} + - {key: "smtpd_data_restrictions", value: "reject_unauth_pipelining"} + - {key: "smtpd_etrn_restrictions", value: "permit_mynetworks, reject"} + - {key: "smtpd_helo_required", value: "yes"} + - {key: "smtpd_helo_restrictions", value: "permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname"} + - {key: "smtpd_recipient_restrictions", value: "permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_non_fqdn_recipient, check_sender_access hash:/etc/postfix/sender_restrictions, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination,"} + - {key: "smtpd_relay_restrictions", value: "permit_sasl_authenticated"} + - {key: "smtpd_sasl_auth_enable", value: "yes"} + - {key: "smtpd_sasl_path", value: "/var/run/dovecot/auth-client"} + - {key: "smtpd_sasl_security_options", value: "noanonymous,noplaintext"} + - {key: "smtpd_sasl_tls_security_options", value: "noanonymous"} + - {key: "smtpd_sasl_type", value: "dovecot"} + - {key: "smtpd_sender_restrictions", value: "hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access"} + - {key: "smtpd_tls_auth_only", value: "yes"} + - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"} + - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"} + - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"} + - {key: "smtpd_tls_eecdh_grade", value: "strong"} + - {key: "smtpd_tls_exclude_ciphers", value: "aNULL,MD5,RC4,DES,IDEA,SEED,3DES"} + - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"} + - {key: "smtpd_tls_loglevel", value: "1"} + - {key: "smtpd_tls_mandatory_ciphers", value: "high"} + - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "aNULL,MD5,RC4,IDEA,SEED,3DES"} + - {key: "smtpd_tls_security_level", value: "may"} + - {key: "smtpd_tls_session_cache_database", value: "btree:${data_directory}/smtpd_scache"} + - {key: "tls_high_cipherlist", value: "EECDH+RSA+AES256+SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!IDEA"} + - {key: "tls_preempt_cipherlist", value: "yes"} + - {key: "tls_ssl_options", value: "NO_COMPRESSION"} + - {key: "transport_maps", value: "hash:/etc/postfix/transport"} + - {key: "virtual_alias_maps", value: "hash:/etc/postfix/virtual"} + - {key: "virtual_gid_maps", value: "static:vmail"} + - {key: "virtual_mailbox_base", value: "/home/vmail"} + - {key: "virtual_mailbox_domains", value: "$myhostname, $mydomain, imap.$mydomain, tantooine.homelinux.net, gallery-mewi1503.myphotos.cc, tantooine.myfirewall.org, tatooine.noip.me, mastodon.spdns.org, hubzilla.social.my-wan.de, friendica.social.my-wan.de, peertube.social.my-wan.de, pixelfed.social.my-wan.de"} + - {key: "virtual_mailbox_maps", value: "hash:/etc/postfix/vmailbox"} + - {key: "virtual_transport", value: "lmtp:unix:private/dovecot-lmtp"} + - {key: "virtual_uid_maps", value: "static:vmail"} + \ No newline at end of file diff --git a/roles/mailserver/tasks/install_dovecot.yml b/roles/mailserver/tasks/install_dovecot.yml new file mode 100644 index 0000000..c66a99f --- /dev/null +++ b/roles/mailserver/tasks/install_dovecot.yml @@ -0,0 +1,6 @@ +- name: mailserver | dovecot | install packages + package: + name: + - dovecot + - pigeonhole + state: present \ No newline at end of file diff --git a/roles/mailserver/tasks/install_fetchmail.yml b/roles/mailserver/tasks/install_fetchmail.yml new file mode 100644 index 0000000..55c4e6f --- /dev/null +++ b/roles/mailserver/tasks/install_fetchmail.yml @@ -0,0 +1,4 @@ +- name: mailserver | fetchmail | install packages + package: + name: fetchmail + state: present \ No newline at end of file diff --git a/roles/mailserver/tasks/install_postfix.yml b/roles/mailserver/tasks/install_postfix.yml new file mode 100644 index 0000000..a2d9988 --- /dev/null +++ b/roles/mailserver/tasks/install_postfix.yml @@ -0,0 +1,9 @@ +- name: mailserver | postfix | install packages + package: + name: + - postfix + - postfix-ldap + - postfix-mysql + - postfix-sqlite + - postgrey + state: present \ No newline at end of file diff --git a/roles/mailserver/tasks/main.yml b/roles/mailserver/tasks/main.yml new file mode 100644 index 0000000..73d85eb --- /dev/null +++ b/roles/mailserver/tasks/main.yml @@ -0,0 +1,22 @@ +# Load distro-specific variables +- include_vars: "{{ ansible_distribution }}.yml" + tags: always + +- block: + - block: + - include_tasks: install_postfix.yml + - include_tasks: configure_postfix.yml + when: postfix == true + + - block: + - include_tasks: install_dovecot.yml + - include_tasks: configure_dovecot.yml + when: dovecot == true + + - block: + - include_tasks: install_fetchmail.yml + - include_tasks: configure_fetchmail.yml + when: fetchmail == true + + rescue: + - set_fact: task_failed=true \ No newline at end of file From 57090b2870aa9314486b674686409b0ae5e0fdf2 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 11:27:36 +0200 Subject: [PATCH 25/42] added role 'mailserver' --- local.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/local.yml b/local.yml index 24df2dc..811735f 100644 --- a/local.yml +++ b/local.yml @@ -56,11 +56,11 @@ roles: - webserver -# - hosts: mailserver -# tags: server,mailserver -# become: true -# roles: -# - mailserver +- hosts: mailserver + tags: server,mailserver + become: true + roles: + - mailserver - hosts: database tags: server,database From 07dc31ecf0c880dee375d3425435cd78e029a1ab Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 11:38:22 +0200 Subject: [PATCH 26/42] changed git url --- group_vars/all | 4 +++- roles/base/tasks/system_setup/hosts.yml | 2 +- roles/base/tasks/users/all.yml | 4 ++-- roles/base/tasks/users/rene.yml | 2 +- roles/base/tasks/users/root.yml | 2 +- roles/base/templates/provision.sh.j2 | 2 +- 6 files changed, 9 insertions(+), 7 deletions(-) diff --git a/group_vars/all b/group_vars/all index 44bcfe4..8a1896b 100644 --- a/group_vars/all +++ b/group_vars/all @@ -1,2 +1,4 @@ snmpd_conf: /etc/snmp/snmpd.conf -sudo: /usr/bin/sudo \ No newline at end of file +sudo: /usr/bin/sudo + +gitserver: gitea.mewissen.site \ No newline at end of file diff --git a/roles/base/tasks/system_setup/hosts.yml b/roles/base/tasks/system_setup/hosts.yml index 7bbf1ac..eaca382 100644 --- a/roles/base/tasks/system_setup/hosts.yml +++ b/roles/base/tasks/system_setup/hosts.yml @@ -7,7 +7,7 @@ group: 'root' loop: - { ip: '192.168.1.240', fqdn: 'coruscant.universe.local'} - - { ip: '192.168.1.238', fqdn: 'gitlab.social.my-wan.de'} + - { ip: '192.168.1.238', fqdn: 'gitea.mewissen.site'} when: - set_hosts is defined - set_hosts == true \ No newline at end of file diff --git a/roles/base/tasks/users/all.yml b/roles/base/tasks/users/all.yml index f705366..67984db 100644 --- a/roles/base/tasks/users/all.yml +++ b/roles/base/tasks/users/all.yml @@ -44,7 +44,7 @@ path: "{{ getent_passwd[user][4] }}/.ssh/config" state: present block: | - Host gitlab.social.my-wan.de + Host gitea.mewissen.site IdentityFile ~/.ssh/gitlab_read_ed25519 IdentitiesOnly Yes create: True @@ -64,7 +64,7 @@ force: yes with_items: - { repo: 'https://github.com/romkatv/powerlevel10k.git', dir: 'powerlevel10k' } - - { repo: 'ssh://git@gitlab.social.my-wan.de:22422/rene/dotfiles.git', dir: 'dotfiles' } + - { repo: 'ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git', dir: 'dotfiles' } ignore_errors: yes - name: users | {{ user }} | link dotfiles diff --git a/roles/base/tasks/users/rene.yml b/roles/base/tasks/users/rene.yml index 200629e..add2d93 100644 --- a/roles/base/tasks/users/rene.yml +++ b/roles/base/tasks/users/rene.yml @@ -51,7 +51,7 @@ # dest: '/home/rene/{{ item.dir }}' # key_file: '/home/rene/.ssh/gitlab_read_ed25519' # with_items: -# - {repo: 'ssh://git@gitlab.social.my-wan.de:22422/rene/dotfiles.git', dir: 'dotfiles'} +# - {repo: 'ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git', dir: 'dotfiles'} # - {repo: 'https://github.com/romkatv/powerlevel10k.git', dir: 'powerlevel10k'} # - name: users | rene | link dotfiles diff --git a/roles/base/tasks/users/root.yml b/roles/base/tasks/users/root.yml index acebb3c..eba7330 100644 --- a/roles/base/tasks/users/root.yml +++ b/roles/base/tasks/users/root.yml @@ -64,7 +64,7 @@ - name: users | root | clone root_bins git: - repo: 'ssh://git@gitlab.social.my-wan.de:22422/rene/root-bin.git' + repo: 'ssh://git@gitea.mewissen.site:22422/rene/root-bin.git' dest: "{{ root_home }}/bin" key_file: '/root/.ssh/gitlab_read_ed25519' ignore_errors: True diff --git a/roles/base/templates/provision.sh.j2 b/roles/base/templates/provision.sh.j2 index b804fdc..6bfaa25 100644 --- a/roles/base/templates/provision.sh.j2 +++ b/roles/base/templates/provision.sh.j2 @@ -5,7 +5,7 @@ ANSIBLEUSER="ansible" BRANCH="{{ branch | default('master') }}" LOGFILE="/var/log/ansible.log" -REPO="https://gitlab.social.my-wan.de/rene/ansible-pull.git" +REPO="https://gitea.mewissen.site/rene/ansible-pull.git" VAULT_KEY="" PRECMD="sudo systemd-inhibit --who='ansible-pull' --why='provisioning'" From 0a9b6fc32d89261157efb3f1d763be0531619335 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 11:58:38 +0200 Subject: [PATCH 27/42] install and start sshd if not already done --- roles/server/tasks/system_setup/sshd.yml | 10 ++++++++++ roles/server/vars/Archlinux.yml | 1 + roles/server/vars/Debian.yml | 1 + 3 files changed, 12 insertions(+) create mode 100644 roles/server/tasks/system_setup/sshd.yml diff --git a/roles/server/tasks/system_setup/sshd.yml b/roles/server/tasks/system_setup/sshd.yml new file mode 100644 index 0000000..6d702cf --- /dev/null +++ b/roles/server/tasks/system_setup/sshd.yml @@ -0,0 +1,10 @@ +- name: server | sshd | install + package: + name: "{{ openssh_server_package }}" + state: latest + +- name: server | sshd | start + service: + name: sshd + state: started + enabled: True \ No newline at end of file diff --git a/roles/server/vars/Archlinux.yml b/roles/server/vars/Archlinux.yml index 9b6ba48..b43f913 100644 --- a/roles/server/vars/Archlinux.yml +++ b/roles/server/vars/Archlinux.yml @@ -2,6 +2,7 @@ mta_package: msmtp-mta snmpd_package: net-snmp snmpd_user_file: "/var/net-snmp/snmpd.conf" wireguard_package: wireguard-tools +openssh_server_package: openssh glusterfs_packages: - package: glusterfs \ No newline at end of file diff --git a/roles/server/vars/Debian.yml b/roles/server/vars/Debian.yml index 07ea0a6..3b6cb19 100644 --- a/roles/server/vars/Debian.yml +++ b/roles/server/vars/Debian.yml @@ -2,6 +2,7 @@ mta_package: ssmtp snmpd_package: snmpd snmpd_user_file: "/var/lib/snmp/snmpd.conf" wireguard_package: wireguard +openssh_server_package: openssh-server glusterfs_packages: - package: glusterfs-common From e7757d13033027c1677691b3bbb7e42c6b2b6073 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 12:02:29 +0200 Subject: [PATCH 28/42] added vars file --- roles/mailserver/vars/Archlinux.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 roles/mailserver/vars/Archlinux.yml diff --git a/roles/mailserver/vars/Archlinux.yml b/roles/mailserver/vars/Archlinux.yml new file mode 100644 index 0000000..e69de29 From 557845f750273416f3042c8c24dee062f33db361 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 12:05:39 +0200 Subject: [PATCH 29/42] task only for debian --- roles/base/tasks/system_setup/locale.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/base/tasks/system_setup/locale.yml b/roles/base/tasks/system_setup/locale.yml index 81d3c67..570eb18 100644 --- a/roles/base/tasks/system_setup/locale.yml +++ b/roles/base/tasks/system_setup/locale.yml @@ -4,6 +4,7 @@ name: - locales-all state: latest + when: ansible_distribution == 'Debian' - name: system setup | locale | add de_DE tags: locale,system,setup From d25c5530a6467fa4d4ed72717cab8c65a75fc02d Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 16:43:38 +0200 Subject: [PATCH 30/42] packages according to distri --- roles/base/tasks/software/packages_utilities.yml | 4 ++-- roles/base/vars/Archlinux.yml | 1 + roles/base/vars/Debian.yml | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/base/tasks/software/packages_utilities.yml b/roles/base/tasks/software/packages_utilities.yml index 1b25903..ac7704b 100644 --- a/roles/base/tasks/software/packages_utilities.yml +++ b/roles/base/tasks/software/packages_utilities.yml @@ -13,7 +13,7 @@ - neofetch - net-tools - "{{ nfs_client_package }}" - - python3-netaddr + - "{{ python_netaddr_package }}" - ranger - rsync - tmux @@ -22,7 +22,6 @@ - "{{ vim_package }}" - vim-python-jedi - wget - - unattended-upgrades - name: system setup | utilities | install cloud-init and gemu guest agent tags: packages,system,system setup @@ -64,4 +63,5 @@ - htop - exa - dnsutils + - unattended-upgrades when: ansible_distribution == "Debian" \ No newline at end of file diff --git a/roles/base/vars/Archlinux.yml b/roles/base/vars/Archlinux.yml index 5576989..a174488 100644 --- a/roles/base/vars/Archlinux.yml +++ b/roles/base/vars/Archlinux.yml @@ -13,6 +13,7 @@ python_pip_package: python-pip python_psutil_package: python-psutil python_pyflakes_package: python-pyflakes python_virtualenv_package: python-virtualenv +python_netaddr_package: python-netaddr rename_package: perl-rename ruby_rake_package: ruby-rake sftp_path: /usr/lib/ssh/sftp-server diff --git a/roles/base/vars/Debian.yml b/roles/base/vars/Debian.yml index 38c7297..90c2f1d 100644 --- a/roles/base/vars/Debian.yml +++ b/roles/base/vars/Debian.yml @@ -13,6 +13,7 @@ python_pip_package: python3-pip python_psutil_package: python-psutil python_pyflakes_package: python3-pyflakes python_virtualenv_package: python3-virtualenv +python_netaddr_package: python3-netaddr rename_package: rename ruby_rake_package: rake sftp_path: /usr/lib/openssh/sftp-server From fc85d25eaf85c8b1981016e5d750908139a20c55 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 16:50:23 +0200 Subject: [PATCH 31/42] added quoting --- roles/mailserver/tasks/configure_postfix.yml | 24 ++++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/mailserver/tasks/configure_postfix.yml b/roles/mailserver/tasks/configure_postfix.yml index c8ae7cd..a2418da 100644 --- a/roles/mailserver/tasks/configure_postfix.yml +++ b/roles/mailserver/tasks/configure_postfix.yml @@ -8,17 +8,17 @@ - {key: "biff", value: "no"} - {key: "broken_sasl_auth_clients", value: "yes"} - {key: "compatibility_level", value: "2"} - - {key: "debugger_command", value: "PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5"} + - {key: "debugger_command", value: "'PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5'"} - {key: "default_destination_concurrency_limit", value: "2"} - {key: "dovecot_destination_recipient_limit", value: "1"} - {key: "header_checks", value: "regexp:/etc/postfix/header_checks"} - - {key: "inet_protocols", value: "ipv4, ipv6"} + - {key: "inet_protocols", value: "'ipv4, ipv6'"} - {key: "mailbox_size_limit", value: "0"} - {key: "mailbox_transport", value: "dovecot"} - {key: "maillog_file", value: "/var/log/postfix.log"} - {key: "message_size_limit", value: "0"} - {key: "milter_default_action", value: "accept"} - - {key: "mydestination", value: "localhost, kashyyyk, coruscant"} + - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"} - {key: "myhostname", value: "kashyyyk.universe.local"} - {key: "mynetworks", value: "{{ mynetworks }}"} - {key: "mynetworks_style", value: "subnet"} @@ -28,7 +28,7 @@ - {key: "sender_canonical_maps", value: "hash:/etc/postfix/sender-canonical"} - {key: "sender_dependent_relayhost_maps", value: "hash:/etc/postfix/sender_dependent_relayhost_map"} - {key: "smtp_sasl_auth_enable", value: "yes"} - - {key: "smtp_sasl_mechanism_filter", value: "!gssapi, !external, static:all"} + - {key: "smtp_sasl_mechanism_filter", value: "'!gssapi, !external, static:all'"} - {key: "smtp_sasl_password_maps", value: "hash:/etc/postfix/saslpass"} - {key: "smtp_sasl_security_options", value: "noanonymous"} - {key: "smtp_sender_dependent_authentication", value: "yes"} @@ -38,37 +38,37 @@ - {key: "smtp_tls_security_level", value: "may"} - {key: "smtp_tls_session_cache_database", value: "btree:/var/lib/postfix/smtp_scache"} - {key: "smtpd_data_restrictions", value: "reject_unauth_pipelining"} - - {key: "smtpd_etrn_restrictions", value: "permit_mynetworks, reject"} + - {key: "smtpd_etrn_restrictions", value: "'permit_mynetworks, reject'"} - {key: "smtpd_helo_required", value: "yes"} - - {key: "smtpd_helo_restrictions", value: "permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname"} - - {key: "smtpd_recipient_restrictions", value: "permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_non_fqdn_recipient, check_sender_access hash:/etc/postfix/sender_restrictions, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination,"} + - {key: "smtpd_helo_restrictions", value: "'permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname'"} + - {key: "smtpd_recipient_restrictions", value: "'permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/client_access, reject_non_fqdn_recipient, check_sender_access hash:/etc/postfix/sender_restrictions, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination,'"} - {key: "smtpd_relay_restrictions", value: "permit_sasl_authenticated"} - {key: "smtpd_sasl_auth_enable", value: "yes"} - {key: "smtpd_sasl_path", value: "/var/run/dovecot/auth-client"} - {key: "smtpd_sasl_security_options", value: "noanonymous,noplaintext"} - {key: "smtpd_sasl_tls_security_options", value: "noanonymous"} - {key: "smtpd_sasl_type", value: "dovecot"} - - {key: "smtpd_sender_restrictions", value: "hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access"} + - {key: "smtpd_sender_restrictions", value: "'hash:/etc/postfix/access, permit_mynetworks, reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access'"} - {key: "smtpd_tls_auth_only", value: "yes"} - {key: "smtpd_tls_cert_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/fullchain.pem"} - {key: "smtpd_tls_dh1024_param_file", value: "${config_directory}/dh2048.pem"} - {key: "smtpd_tls_dh512_param_file", value: "${config_directory}/dh512.pem"} - {key: "smtpd_tls_eecdh_grade", value: "strong"} - - {key: "smtpd_tls_exclude_ciphers", value: "aNULL,MD5,RC4,DES,IDEA,SEED,3DES"} + - {key: "smtpd_tls_exclude_ciphers", value: "'aNULL,MD5,RC4,DES,IDEA,SEED,3DES'"} - {key: "smtpd_tls_key_file", value: "/etc/letsencrypt/live/tantooine.myfirewall.org/privkey.pem"} - {key: "smtpd_tls_loglevel", value: "1"} - {key: "smtpd_tls_mandatory_ciphers", value: "high"} - - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "aNULL,MD5,RC4,IDEA,SEED,3DES"} + - {key: "smtpd_tls_mandatory_exclude_ciphers", value: "'aNULL,MD5,RC4,IDEA,SEED,3DES'"} - {key: "smtpd_tls_security_level", value: "may"} - {key: "smtpd_tls_session_cache_database", value: "btree:${data_directory}/smtpd_scache"} - - {key: "tls_high_cipherlist", value: "EECDH+RSA+AES256+SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!IDEA"} + - {key: "tls_high_cipherlist", value: "'EECDH+RSA+AES256+SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!IDEA'"} - {key: "tls_preempt_cipherlist", value: "yes"} - {key: "tls_ssl_options", value: "NO_COMPRESSION"} - {key: "transport_maps", value: "hash:/etc/postfix/transport"} - {key: "virtual_alias_maps", value: "hash:/etc/postfix/virtual"} - {key: "virtual_gid_maps", value: "static:vmail"} - {key: "virtual_mailbox_base", value: "/home/vmail"} - - {key: "virtual_mailbox_domains", value: "$myhostname, $mydomain, imap.$mydomain, tantooine.homelinux.net, gallery-mewi1503.myphotos.cc, tantooine.myfirewall.org, tatooine.noip.me, mastodon.spdns.org, hubzilla.social.my-wan.de, friendica.social.my-wan.de, peertube.social.my-wan.de, pixelfed.social.my-wan.de"} + - {key: "virtual_mailbox_domains", value: "'$myhostname, $mydomain, imap.$mydomain, tantooine.homelinux.net, gallery-mewi1503.myphotos.cc, tantooine.myfirewall.org, tatooine.noip.me, mastodon.spdns.org, hubzilla.social.my-wan.de, friendica.social.my-wan.de, peertube.social.my-wan.de, pixelfed.social.my-wan.de'"} - {key: "virtual_mailbox_maps", value: "hash:/etc/postfix/vmailbox"} - {key: "virtual_transport", value: "lmtp:unix:private/dovecot-lmtp"} - {key: "virtual_uid_maps", value: "static:vmail"} From 1138585c902b20a31c87ca71aa5e1e22d18e47a1 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 16:57:17 +0200 Subject: [PATCH 32/42] packages according to distri --- roles/base/tasks/software/packages_utilities.yml | 2 +- roles/base/vars/Archlinux.yml | 1 + roles/base/vars/Debian.yml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/base/tasks/software/packages_utilities.yml b/roles/base/tasks/software/packages_utilities.yml index ac7704b..5a65783 100644 --- a/roles/base/tasks/software/packages_utilities.yml +++ b/roles/base/tasks/software/packages_utilities.yml @@ -20,7 +20,7 @@ - traceroute - vifm - "{{ vim_package }}" - - vim-python-jedi + - "{{ vim_python_jedi_package }}" - wget - name: system setup | utilities | install cloud-init and gemu guest agent diff --git a/roles/base/vars/Archlinux.yml b/roles/base/vars/Archlinux.yml index a174488..9c61d1e 100644 --- a/roles/base/vars/Archlinux.yml +++ b/roles/base/vars/Archlinux.yml @@ -14,6 +14,7 @@ python_psutil_package: python-psutil python_pyflakes_package: python-pyflakes python_virtualenv_package: python-virtualenv python_netaddr_package: python-netaddr +vim_python_jedi_package: vim-jedi rename_package: perl-rename ruby_rake_package: ruby-rake sftp_path: /usr/lib/ssh/sftp-server diff --git a/roles/base/vars/Debian.yml b/roles/base/vars/Debian.yml index 90c2f1d..b0ce6b8 100644 --- a/roles/base/vars/Debian.yml +++ b/roles/base/vars/Debian.yml @@ -14,6 +14,7 @@ python_psutil_package: python-psutil python_pyflakes_package: python3-pyflakes python_virtualenv_package: python3-virtualenv python_netaddr_package: python3-netaddr +vim_python_jedi_package: vim-python-jedi rename_package: rename ruby_rake_package: rake sftp_path: /usr/lib/openssh/sftp-server From 034b444e4a7a481c6be6c343b0efef42cf62e623 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 17:03:01 +0200 Subject: [PATCH 33/42] packages according to distri --- host_vars/mail.universe.local.yml | 2 +- roles/base/vars/Archlinux.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/host_vars/mail.universe.local.yml b/host_vars/mail.universe.local.yml index c3c6b0d..6ba3a0f 100644 --- a/host_vars/mail.universe.local.yml +++ b/host_vars/mail.universe.local.yml @@ -5,4 +5,4 @@ pigeonhole: true fetchmail: true mpop: true -mynetworks: "192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24" \ No newline at end of file +mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24' \ No newline at end of file diff --git a/roles/base/vars/Archlinux.yml b/roles/base/vars/Archlinux.yml index 9c61d1e..0cff4f2 100644 --- a/roles/base/vars/Archlinux.yml +++ b/roles/base/vars/Archlinux.yml @@ -19,4 +19,4 @@ rename_package: perl-rename ruby_rake_package: ruby-rake sftp_path: /usr/lib/ssh/sftp-server sudo_group: wheel -vim_package: gvim +vim_package: vim From b4f1694cc582f54675188fed7d2c69547839de21 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 17:17:30 +0200 Subject: [PATCH 34/42] duplicated keys for git --- roles/base/files/users/known_hosts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/base/files/users/known_hosts b/roles/base/files/users/known_hosts index fabf5aa..f55f7b7 100644 --- a/roles/base/files/users/known_hosts +++ b/roles/base/files/users/known_hosts @@ -3,6 +3,7 @@ |1|+ebqSRFuT6ZpVb032ycgNFK9aYk=|GG8wNwMN/MonLjYeRqZNVzr4/l8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMj+ZCAgXVg4OhxpQHLDFanvm7/QP9qRA1zGIAy+1jK7/OTAu3pb6/C1wXufZMn4V1YEbzkeAh8RJeJXmprhdn4= |1|Nxpoqfn5XUKOUkUPrDsac1U2jx8=|bePErvLRXOGc2nM7s8bphY4QL3E= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMj+ZCAgXVg4OhxpQHLDFanvm7/QP9qRA1zGIAy+1jK7/OTAu3pb6/C1wXufZMn4V1YEbzkeAh8RJeJXmprhdn4= gitlab.social.my-wan.de,192.168.1.240 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= +gitea.mewissen.site,192.168.1.240 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDNCQnHHKtHukjysSlErXQOlBPP1oalb9+wWaS6O+k+RMtnx9iZE02fgVUHuwYI3S7P8UNP12tQxFlXuuFqCQ0w= diskstation,192.168.1.234 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBbDuuwpYg92O+O3ZVYyctZ5szXfE7GRUW4rDZjlEYTf2q8ieE2vezHo/sl2wZW1jCSevER2jYYbhvpoQVyiweI= 192.168.1.250 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMUVrBrOlUQamGWS9qO9mOTbzSW3L1VGhrgpBp6pNf/ekAmWRrxJ0bdEKjHI+YlDt7nNjffjsVlLUwtPtQI0nTI= vuduo2,172.16.0.5 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRLsnDtDLuNBN8X8rmCNdrrIYCWfK7DrI/bPQAbSroCuwdHRLztd5doWJyVy6XjuJ2cVaal5xR11hit5qz0TQHhhXJbkViivRSDUuFKVZQajGmUjxMdE0vChqIn3ObIhtkf5ESTvxnroETMUQXzPe30EzO8tGlbV6cGrv80rhp9l1eWUt1pOzYe6pNEPVZiavJYD/rNWd/1xTqx8TCC3yeaWKFINAvo+C5wshKv31r7k9KXlliLMdbvBwkalbk8CK+AwJQsAapklVfQ4u/H0xpXUYlQU4c4kmjq2PTM8i6pLBtCRtfY2GUEu4OvjcHUl/WK1uICVWDPr7O7HLbtvVR @@ -18,6 +19,7 @@ tuxedo-book-xp1511,192.168.1.220 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHA [91.39.133.154]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAcQ5x6vbWfPZ3BjPqGl0AH+CebvI8kuPwPxXkmL47gnQEgd8oPcSbMBSIvjfzMGXREBRU81p+5g9JokETKP4Fo= raspberrypi,172.16.0.100 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFsPOLPHU1pAapm6ljdg178ZqnANuSkdAa7PE22DksNQ9VVrvxY5h054pyaviDb2XxsHwYbAL0fP+4I2Slq4wGc= [gitlab.social.my-wan.de]:22422 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMDiTJj4mw6nPZTk3W/Y7h6qHhYH/CCX90rR7wd7CbwFeddW6vgK9lqk64bqOdfD7Fgh1qvZXMSYEiDLYkx4iMw= +[gitea.mewissen.site]:22422 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMDiTJj4mw6nPZTk3W/Y7h6qHhYH/CCX90rR7wd7CbwFeddW6vgK9lqk64bqOdfD7Fgh1qvZXMSYEiDLYkx4iMw= debian-test,192.168.1.216 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHFoAceudj8VLkAAkBUS0A9g2yJRyVaTSqeLWo09aXFEwxf1L73qIoLJZhg15kKBB6bu/EKjyDHvO8mczbr92a8= 139.162.139.175 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7RsWnr4soqIp+XxKn7NEGBePzNrwn4+7Bi4Mv75wVmh2u97itRxRz13CTp7ru80rTQcdce8Cx0i2K9A/aTwOQOvE6it6Typ1RfdXyf7POC3i2yoZTyLdtPcYUDUvS4EHnv1LS2v7ccOlOYTBjz6vzPkMQDRp9TW8LeaUNiqH3+IRKyQZ0omjAVqzqxr812IfEVo/vrqH2tFF9oNV921dJH01vbBBN1XYevCk6c6eJt5F/fZvr+yN98oxf5AyzCkJXvH+y/rnUdEfw7EruDsLMy2GRm8idWz+fNR4tlxYFMAEI+lMt/RJ0o3whJfB1rc+wS1c/BMjOAk+l7vBpksqmOehEF22jc3rrpdLnFRYj+hkFZInwz5ZoWQyGSG/tTLpXDpIwQZrIH4RF2KPxBlC7VJ5ljBrv9P7wHaXbxsdYGnxfNNCPuEQfYOariVlTAVHfoQYRLXFyXHMgDybvyS/xH5bi92WnDsLB22GIs5O6ARAf3s7Vscj1fSkXYmdfrQk= 139.162.139.175 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+/wgiRWZnX4IjJmBOYEhSRkJ1DHsbwKUVx6eNNuIZy From cca42e33259892ed8e0088787fa53bc9121b499b Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 17:20:18 +0200 Subject: [PATCH 35/42] replaced command by shell --- roles/mailserver/tasks/configure_postfix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mailserver/tasks/configure_postfix.yml b/roles/mailserver/tasks/configure_postfix.yml index a2418da..6e23eac 100644 --- a/roles/mailserver/tasks/configure_postfix.yml +++ b/roles/mailserver/tasks/configure_postfix.yml @@ -1,5 +1,5 @@ - name: mailserver | postfix | configuration - command: + shell: cmd: "postconf {{item.key}}={{item.value}}" loop: - {key: "address_verify_map", value: "btree:/usr/lib/postfix/bin/verify"} From 235c4653fdf3dacf17053fb8e16a6abadfd40157 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 17:31:14 +0200 Subject: [PATCH 36/42] different sudo groups --- roles/base/tasks/users/rene.yml | 2 +- roles/base/vars/Archlinux.yml | 2 ++ roles/base/vars/Debian.yml | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/base/tasks/users/rene.yml b/roles/base/tasks/users/rene.yml index add2d93..1734e94 100644 --- a/roles/base/tasks/users/rene.yml +++ b/roles/base/tasks/users/rene.yml @@ -4,7 +4,7 @@ user: name: rene shell: "/usr/bin/zsh" - groups: "sudo" + groups: "{{ sudo_group }}" append: True password: "{{ rene_pass | password_hash('sha256') }}" diff --git a/roles/base/vars/Archlinux.yml b/roles/base/vars/Archlinux.yml index 0cff4f2..978689f 100644 --- a/roles/base/vars/Archlinux.yml +++ b/roles/base/vars/Archlinux.yml @@ -20,3 +20,5 @@ ruby_rake_package: ruby-rake sftp_path: /usr/lib/ssh/sftp-server sudo_group: wheel vim_package: vim + +sudo_group: wheel \ No newline at end of file diff --git a/roles/base/vars/Debian.yml b/roles/base/vars/Debian.yml index b0ce6b8..38685e5 100644 --- a/roles/base/vars/Debian.yml +++ b/roles/base/vars/Debian.yml @@ -21,3 +21,4 @@ sftp_path: /usr/lib/openssh/sftp-server sudo_group: sudo vim_package: vim +sudo_group: sudo \ No newline at end of file From 1fd7dac3741e03954ad53ad42891fc8d18f7a82b Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 17:36:38 +0200 Subject: [PATCH 37/42] add sudo where not installed --- roles/base/tasks/software/packages_utilities.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/base/tasks/software/packages_utilities.yml b/roles/base/tasks/software/packages_utilities.yml index 5a65783..acca0df 100644 --- a/roles/base/tasks/software/packages_utilities.yml +++ b/roles/base/tasks/software/packages_utilities.yml @@ -15,6 +15,7 @@ - "{{ nfs_client_package }}" - "{{ python_netaddr_package }}" - ranger + - sudo - rsync - tmux - traceroute From d282fe416bbf72cc0d3986400d9f7c30b1010c67 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 17:54:02 +0200 Subject: [PATCH 38/42] + support for sshd_config.d where not used --- roles/base/tasks/system_setup/openssh.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/base/tasks/system_setup/openssh.yml b/roles/base/tasks/system_setup/openssh.yml index 5241d8a..47d2477 100644 --- a/roles/base/tasks/system_setup/openssh.yml +++ b/roles/base/tasks/system_setup/openssh.yml @@ -12,6 +12,18 @@ enabled: yes state: started +- name: system setup | openssh | create config dir + file: + path: "/etc/ssh/sshd_config.d" + state: directory + +- name: system setup | openssh | include sshd config dir in configuration + lineinfile: + path: "/etc/ssh/sshd_config" + line: "Include /etc/ssh/sshd_config.d/*.conf" + state: present + insertbefore: "^Port.*$" + - name: system setup | openssh | copy sshd custom config tags: openssh,ssh,system,settings copy: From 08490e0402845ab01bdd6c50188c61b3c2046bd7 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 18:17:00 +0200 Subject: [PATCH 39/42] sudoers --- roles/base/files/users/sudoers_wheel | 1 + roles/base/tasks/system_setup/openssh.yml | 3 ++- roles/base/tasks/users/all.yml | 10 +++++++++- 3 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 roles/base/files/users/sudoers_wheel diff --git a/roles/base/files/users/sudoers_wheel b/roles/base/files/users/sudoers_wheel new file mode 100644 index 0000000..188cf57 --- /dev/null +++ b/roles/base/files/users/sudoers_wheel @@ -0,0 +1 @@ +%wheel ALL=(ALL) ALL \ No newline at end of file diff --git a/roles/base/tasks/system_setup/openssh.yml b/roles/base/tasks/system_setup/openssh.yml index 47d2477..e4d0e38 100644 --- a/roles/base/tasks/system_setup/openssh.yml +++ b/roles/base/tasks/system_setup/openssh.yml @@ -22,7 +22,8 @@ path: "/etc/ssh/sshd_config" line: "Include /etc/ssh/sshd_config.d/*.conf" state: present - insertbefore: "^Port.*$" + insertbefore: "^#?Port.*$" + notify: restart_sshd - name: system setup | openssh | copy sshd custom config tags: openssh,ssh,system,settings diff --git a/roles/base/tasks/users/all.yml b/roles/base/tasks/users/all.yml index 67984db..54c3f37 100644 --- a/roles/base/tasks/users/all.yml +++ b/roles/base/tasks/users/all.yml @@ -87,4 +87,12 @@ become: yes become_user: '{{ user }}' shell: "POWERLINE=n BASHIT=y ZSHCUSTOM=n {{ getent_passwd[user][4] }}/dotfiles/install.sh" - ignore_errors: yes \ No newline at end of file + ignore_errors: yes + +- name: users | all | add sudoers file + copy: + src: users/sudoers_wheel + dest: /etc/sudoers.d/wheel + owner: root + group: root + mode: 0440 \ No newline at end of file From b0b3c5a7db0eec1b90c27c9e7d3ad88c842762f3 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 18:21:06 +0200 Subject: [PATCH 40/42] sudoers --- roles/base/tasks/users/all.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/base/tasks/users/all.yml b/roles/base/tasks/users/all.yml index 54c3f37..077c73c 100644 --- a/roles/base/tasks/users/all.yml +++ b/roles/base/tasks/users/all.yml @@ -95,4 +95,5 @@ dest: /etc/sudoers.d/wheel owner: root group: root - mode: 0440 \ No newline at end of file + mode: 0440 + when: sudo_group == "wheel" \ No newline at end of file From 675261da1b625c5e47dbc48d08911538b4e45236 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 18:27:57 +0200 Subject: [PATCH 41/42] quoting --- roles/mailserver/tasks/configure_postfix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mailserver/tasks/configure_postfix.yml b/roles/mailserver/tasks/configure_postfix.yml index 6e23eac..04d3e82 100644 --- a/roles/mailserver/tasks/configure_postfix.yml +++ b/roles/mailserver/tasks/configure_postfix.yml @@ -20,7 +20,7 @@ - {key: "milter_default_action", value: "accept"} - {key: "mydestination", value: "'localhost, kashyyyk, coruscant'"} - {key: "myhostname", value: "kashyyyk.universe.local"} - - {key: "mynetworks", value: "{{ mynetworks }}"} + - {key: "mynetworks", value: "'{{ mynetworks }}'"} - {key: "mynetworks_style", value: "subnet"} - {key: "readme_directory", value: "no"} - {key: "recipient_canonical_maps", value: "hash:/etc/postfix/recipient-canonical"} From 7deb01af8365fb31d1ae1c4dd041f82ac1c49244 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Thu, 27 Oct 2022 18:42:08 +0200 Subject: [PATCH 42/42] .bash_profile --- roles/base/tasks/users/all.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/base/tasks/users/all.yml b/roles/base/tasks/users/all.yml index 077c73c..bd98d38 100644 --- a/roles/base/tasks/users/all.yml +++ b/roles/base/tasks/users/all.yml @@ -83,6 +83,16 @@ - { src: 'tmux/tmux.conf', dest: '.tmux.conf' } ignore_errors: yes +- name: users | {{ user }} | create bash_profile + lineinfile: + path: "{{ getent_passwd[user][4] }}/.bash_profile" + state: present + line: "[ -f ~/.bashrc ] && . ~/.bashrc" + create: True + mode: "0644" + owner: "{{ user }}" + group: "{{ user }}" + - name: users | {{ user }} | call dotfile install script become: yes become_user: '{{ user }}'