From 9fd07d57a4f6596532f5bc6f3e7159f08ca1670a Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Mon, 12 Jan 2026 12:31:24 +0100 Subject: [PATCH] switched to new facts-syntax --- local.yml | 16 +++++------ roles/backup/files/config/omada_excludes.txt | 1 + roles/backup/files/config/omada_includes.txt | 1 + roles/backup/tasks/main.yml | 2 +- .../tasks/software/packages_utilities.yml | 18 ++++++------ .../tasks/system_setup/copy_backup_config.yml | 6 ++-- roles/base/tasks/ansible_setup.yml | 28 +++++++++---------- roles/base/tasks/main.yml | 4 +-- .../base/tasks/software/packages_cleanup.yml | 2 +- .../tasks/software/packages_utilities.yml | 6 ++-- roles/base/tasks/system_setup/clock.yml | 4 +-- roles/base/tasks/system_setup/cron.yml | 10 +++---- roles/base/tasks/system_setup/git.yml | 2 +- roles/base/tasks/system_setup/locale.yml | 2 +- roles/base/tasks/users/root.yml | 8 +++--- roles/bastionhost/tasks/main.yml | 2 +- roles/database/tasks/main.yml | 2 +- roles/docker/tasks/install_docker.yml | 4 +-- roles/docker/tasks/main.yml | 4 +-- roles/domaincontroller/tasks/certs.yml | 4 +-- roles/domaincontroller/templates/smb.conf.j2 | 4 +-- roles/drone/tasks/main.yml | 2 +- roles/grafana/tasks/main.yml | 4 +-- roles/jitsimeet/tasks/main.yml | 2 +- roles/mailserver/tasks/main.yml | 2 +- roles/mastodon/tasks/main.yml | 4 +-- .../tasks/system_setup/letsencrypt.yml | 4 +-- roles/mastodon/tasks/system_setup/nginx.yml | 2 +- roles/mastodon/templates/mastodon.conf.j2 | 8 +++--- roles/nameserver/tasks/main.yml | 2 +- roles/proxyserver/tasks/main.yaml | 4 +-- roles/reverseproxy/tasks/caddy.yml | 4 +-- roles/reverseproxy/tasks/main.yml | 4 +-- roles/server/tasks/main.yml | 6 ++-- roles/server/tasks/system_setup/cron.yml | 2 +- .../tasks/utilities/mail_transfer_agent.yml | 4 +-- roles/server/tasks/utilities/snmpd.yml | 2 +- roles/server/tasks/utilities/telegraf.yml | 18 ++++++------ .../tasks/apps/nextcloud/prereq.yml | 4 +-- roles/webservers/tasks/main.yml | 2 +- update.yml | 10 +++---- 41 files changed, 111 insertions(+), 109 deletions(-) create mode 100644 roles/backup/files/config/omada_excludes.txt create mode 100644 roles/backup/files/config/omada_includes.txt diff --git a/local.yml b/local.yml index 2053f61..5093312 100644 --- a/local.yml +++ b/local.yml @@ -4,7 +4,7 @@ - ansible.builtin.import_tasks: global_handlers/global_handlers.yml connection: local vars_files: - - "{{ lookup('first_found', ['os_vars/' + (ansible_distribution | lower) + '.yml'], errors='ignore') }}" + - "{{ lookup('first_found', ['os_vars/' + (ansible_facts['distribution'] | lower) + '.yml'], errors='ignore') }}" become: true vars: ansible_reboot_cooldown_minutes: 15 # Cooldown in Minuten @@ -33,17 +33,17 @@ - name: pre-run | update apt repository (debian, ubuntu, etc.) # noqa no-changed-when ansible.builtin.apt: update_cache=yes #changed_when: false - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] ignore_errors: True - name: pre-run | update pacman repository (arch) community.general.pacman: update_cache=yes #changed_when: false - when: ansible_distribution == 'Archlinux' + when: ansible_facts['distribution'] == 'Archlinux' ignore_errors: True - name: pre-run |update portage repository (gentoo) portage: sync: yes - when: ansible_distribution == 'Gentoo' + when: ansible_facts['distribution'] == 'Gentoo' ignore_errors: True @@ -52,11 +52,11 @@ - name: pre-run | upgrade system (debian, ubuntu, etc.) ansible.builtin.apt: upgrade=dist #changed_when: false - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] ignore_errors: True - name: pre-run | upgrade system (arch) community.general.pacman: upgrade=true - when: ansible_distribution == 'Archlinux' + when: ansible_facts['distribution'] == 'Archlinux' ignore_errors: True # run roles @@ -227,14 +227,14 @@ ansible.builtin.apt: autoclean: yes changed_when: false - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] - name: autoremove orphan packages (debian and ubuntu) tags: always ansible.builtin.apt: autoremove: yes purge: yes - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] - name: post-run | update marker file timestamp on successful run file: diff --git a/roles/backup/files/config/omada_excludes.txt b/roles/backup/files/config/omada_excludes.txt new file mode 100644 index 0000000..158e7cc --- /dev/null +++ b/roles/backup/files/config/omada_excludes.txt @@ -0,0 +1 @@ +/opt/tplink/EAPController/data/autobackup/tmp \ No newline at end of file diff --git a/roles/backup/files/config/omada_includes.txt b/roles/backup/files/config/omada_includes.txt new file mode 100644 index 0000000..c60eaa5 --- /dev/null +++ b/roles/backup/files/config/omada_includes.txt @@ -0,0 +1 @@ +/opt/tplink/EAPController/data/autobackup/ \ No newline at end of file diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml index e7f3b76..c55b743 100644 --- a/roles/backup/tasks/main.yml +++ b/roles/backup/tasks/main.yml @@ -1,5 +1,5 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution }}.yml" +- include_vars: "{{ ansible_facts['distribution'] }}.yml" tags: always ignore_errors: True diff --git a/roles/backup/tasks/software/packages_utilities.yml b/roles/backup/tasks/software/packages_utilities.yml index e197341..df5091d 100644 --- a/roles/backup/tasks/software/packages_utilities.yml +++ b/roles/backup/tasks/software/packages_utilities.yml @@ -12,7 +12,7 @@ state: latest name: - mariadb-clients - when: ansible_distribution == "Archlinux" + when: ansible_facts['distribution'] == "Archlinux" - name: backup | utilities | install utilities (debian) tags: packages,system,system setup @@ -20,14 +20,14 @@ state: latest name: - mariadb-client - when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ] + when: ansible_facts['distribution'] in [ "Debian", "Ubuntu", "Linux Mint" ] - name: backup | tailscale | install tailscale (arch) tags: packages,system,system setup,tailscale package: name: tailscale state: latest - when: ansible_distribution == "Archlinux" + when: ansible_facts['distribution'] == "Archlinux" - name: backup | tailscale | install prerequisites (debian-based) tags: packages,system,system setup,tailscale @@ -36,23 +36,23 @@ - apt-transport-https - ca-certificates state: present - when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ] + when: ansible_facts['distribution'] in [ "Debian", "Ubuntu", "Linux Mint" ] - name: backup | tailscale | add tailscale apt key (debian-based) tags: packages,system,system setup,tailscale get_url: - url: "https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }}/{{ ansible_distribution_release }}.noarmor.gpg" + url: "https://pkgs.tailscale.com/stable/{{ ansible_facts['distribution'] | lower }}/{{ ansible_facts['distribution']_release }}.noarmor.gpg" dest: /usr/share/keyrings/tailscale-archive-keyring.gpg mode: '0644' - when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ] + when: ansible_facts['distribution'] in [ "Debian", "Ubuntu", "Linux Mint" ] - name: backup | tailscale | add tailscale repository (debian-based) tags: packages,system,system setup,tailscale apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main" + repo: "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution']_release }} main" state: present filename: tailscale - when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ] + when: ansible_facts['distribution'] in [ "Debian", "Ubuntu", "Linux Mint" ] notify: update apt cache - name: backup | tailscale | install tailscale (debian-based) @@ -60,4 +60,4 @@ apt: name: tailscale state: latest - when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ] \ No newline at end of file + when: ansible_facts['distribution'] in [ "Debian", "Ubuntu", "Linux Mint" ] \ No newline at end of file diff --git a/roles/backup/tasks/system_setup/copy_backup_config.yml b/roles/backup/tasks/system_setup/copy_backup_config.yml index 3c5d8a2..5587e28 100644 --- a/roles/backup/tasks/system_setup/copy_backup_config.yml +++ b/roles/backup/tasks/system_setup/copy_backup_config.yml @@ -11,7 +11,7 @@ ansible.builtin.file: path: "/opt/backup/bin/backup_remote.bash" state: link - src: "{{ ansible_user_dir }}/bin/backup_remote.bash" + src: "{{ ansible_facts['user_dir'] }}/bin/backup_remote.bash" - name: backup | system setup | copy backup config files ansible.builtin.copy: @@ -26,11 +26,11 @@ - name: backup | system setup | add entries to ssh_config ansible.builtin.blockinfile: - dest: "{{ ansible_user_dir }}/.ssh/config" + dest: "{{ ansible_facts['user_dir'] }}/.ssh/config" block: "{{ lookup('template', 'ssh_config.j2') }}" marker: "## {mark} ANSIBLE MANAGED BLOCK FOR backup" # template: # src: "ssh_config.j2" - # dest: "{{ ansible_user_id }}/.ssh/config" + # dest: "{{ ansible_facts['user_id'] }}/.ssh/config" # backup: true # mode: "0644" \ No newline at end of file diff --git a/roles/base/tasks/ansible_setup.yml b/roles/base/tasks/ansible_setup.yml index a83dfa2..375c9c8 100644 --- a/roles/base/tasks/ansible_setup.yml +++ b/roles/base/tasks/ansible_setup.yml @@ -4,13 +4,13 @@ path: "/etc/apt/sources.list" regexp: "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" state: absent - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] - debug: - var: ansible_distribution_release + var: ansible_facts['distribution']_release - debug: - var: equivalents[ansible_distribution_release]['ubuntu'] - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] + var: equivalents[ansible_facts['distribution']_release]['ubuntu'] + when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] - name: ansible setup | get key @@ -18,13 +18,13 @@ get_url: url: "https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=get&search=0x6125E2A8C77F2818FB7BD15B93C4A3FD7BB9C367" # required. HTTP, HTTPS, or FTP URL in the form (http|https|ftp)://[user[:pass]]@host.domain[:port]/path dest: "/tmp/ansible-archive-keyring.asc" # Download to a temporary location - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] - name: ansible setup | dearmor GPG key and place in /usr/share/keyrings ansible.builtin.command: cmd: "gpg --dearmor -o /usr/share/keyrings/ansible-archive-keyring.gpg /tmp/ansible-archive-keyring.asc" creates: "/usr/share/keyrings/ansible-archive-keyring.gpg" - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] # Hinweis: Der 'warn: false' Parameter wurde aufgrund eines Konflikts entfernt. # Diese Aufgabe ist entscheidend für die moderne APT-Schlüsselverwaltung. @@ -32,34 +32,34 @@ file: path: /etc/apt/sources.list.d/ansible.list state: absent - when: ansible_distribution == "Debian" + when: ansible_facts['distribution'] == "Debian" - name: ansible setup | remove repository - Debian / Ubuntu tags: ansible,ansible-setup apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ equivalents[ansible_distribution_release]['ubuntu'] }} main" + repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ equivalents[ansible_facts['distribution']_release]['ubuntu'] }} main" state: absent update_cache: no filename: ansible - when: ansible_distribution in ["Debian", "Ubuntu"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu"] - name: ansible setup | update repository - Debian tags: ansible,ansible-setup apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ equivalents[ansible_distribution_release]['ubuntu'] }} main" + repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ equivalents[ansible_facts['distribution']_release]['ubuntu'] }} main" state: present update_cache: yes filename: ansible - when: ansible_distribution == "Debian" + when: ansible_facts['distribution'] == "Debian" - name: ansible setup | update repository - Ubuntu tags: ansible,ansible-setup apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ ansible_distribution_release }} main" + repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ ansible_facts['distribution']_release }} main" state: present update_cache: yes filename: ansible - when: ansible_distribution == "Ubuntu" + when: ansible_facts['distribution'] == "Ubuntu" - name: ansible setup | ensure ansible is the latest version tags: ansible,ansible-setup @@ -79,7 +79,7 @@ # tags: ansible,ansible-setup,packages # package: # name: acl -# when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] +# when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] # - name: ansible:setup | create ansible log file # tags: ansible,ansible-setup diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index eed2e0c..9f6a490 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -1,5 +1,5 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always ignore_errors: True @@ -41,7 +41,7 @@ - import_tasks: system_setup/disable_standby.yml when: is_proxmox is defined and is_proxmox == true - import_tasks: software/wazuh-agent.yml - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint", "Archlinux"] + when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint", "Archlinux"] - import_tasks: system_setup/disable_standby.yml when: is_proxmox is defined and is_proxmox == true - import_tasks: system_setup/import_stepca.yml diff --git a/roles/base/tasks/software/packages_cleanup.yml b/roles/base/tasks/software/packages_cleanup.yml index b8ebb50..fd8148e 100644 --- a/roles/base/tasks/software/packages_cleanup.yml +++ b/roles/base/tasks/software/packages_cleanup.yml @@ -8,4 +8,4 @@ - exim4-base - exim4-config - nano - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] diff --git a/roles/base/tasks/software/packages_utilities.yml b/roles/base/tasks/software/packages_utilities.yml index c55643f..42c32d0 100644 --- a/roles/base/tasks/software/packages_utilities.yml +++ b/roles/base/tasks/software/packages_utilities.yml @@ -59,7 +59,7 @@ - lsd - pacman-contrib - which - when: ansible_distribution == "Archlinux" + when: ansible_facts['distribution'] == "Archlinux" ignore_errors: true - name: system setup | utilities | install man-pages (arch) @@ -71,7 +71,7 @@ - man-db - man-pages - "{{ python_passlib_package }}" - when: ansible_distribution == "Archlinux" + when: ansible_facts['distribution'] == "Archlinux" ignore_errors: true - name: system setup | utilities | install utilities (debian) @@ -87,7 +87,7 @@ - dnsutils - unattended-upgrades - "{{ python_passlib_package }}" - when: ansible_distribution in [ "Debian", "Ubuntu" ] + when: ansible_facts['distribution'] in [ "Debian", "Ubuntu" ] ignore_errors: true - name: system setup | utilities | install AUR helper (arch) diff --git a/roles/base/tasks/system_setup/clock.yml b/roles/base/tasks/system_setup/clock.yml index 09b04e9..1768814 100644 --- a/roles/base/tasks/system_setup/clock.yml +++ b/roles/base/tasks/system_setup/clock.yml @@ -3,14 +3,14 @@ package: name: systemd-timesyncd state: latest - when: ansible_distribution in ["Pop!_OS", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Pop!_OS", "Ubuntu", "Linux Mint"] - name: system setup | clock | install systemd-timesyncd (debian) tags: ntp, system setup apt: name: systemd-timesyncd state: latest - when: ansible_distribution == "Debian" + when: ansible_facts['distribution'] == "Debian" - name: system setup | clock | start and enable systemd-timestampd tags: ntp,system setup diff --git a/roles/base/tasks/system_setup/cron.yml b/roles/base/tasks/system_setup/cron.yml index 7706ac6..2c284e9 100644 --- a/roles/base/tasks/system_setup/cron.yml +++ b/roles/base/tasks/system_setup/cron.yml @@ -11,14 +11,14 @@ name: cronie state: started enabled: true - when: ansible_distribution == "Archlinux" + when: ansible_facts['distribution'] == "Archlinux" - name: system setup | cron | add cronjob for ansible on reboot become: true become_user: root cron: name: "ansible provision" - user: "{{ ansible_user_id }}" + user: "{{ ansible_facts['user_id'] }}" job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master > /var/log/ansible_pull.log || cat /var/log/ansible_pull.log' state: present special_time: reboot @@ -28,7 +28,7 @@ become_user: root cron: name: "ansible provision" - user: "{{ ansible_user_id }}" + user: "{{ ansible_facts['user_id'] }}" job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master > /var/log/ansible_pull.log || cat /var/log/ansible_pull.log' state: present minute: 0 @@ -105,7 +105,7 @@ hour: "0" minute: "0" job: "apt list --upgradeable" - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: system setup | cron | Send me a list of upgradeable packages daily (Archlinux) tags: cron @@ -115,4 +115,4 @@ hour: "0" minute: "0" job: "{{ root_home }} + '/bin/cron_pacman'" - when: ansible_distribution in ["Archlinux"] + when: ansible_facts['distribution'] in ["Archlinux"] diff --git a/roles/base/tasks/system_setup/git.yml b/roles/base/tasks/system_setup/git.yml index eb68da8..07870fd 100644 --- a/roles/base/tasks/system_setup/git.yml +++ b/roles/base/tasks/system_setup/git.yml @@ -1,7 +1,7 @@ - name: base | system_setup | git config user.email git_config: name: user.email # not required. The name of the setting. If no value is supplied, the value will be read from the config if it has been set. - value: 'root@{{ ansible_fqdn }}' + value: 'root@{{ ansible_facts["fqdn"] }}' scope: global - name: base | system_setup | git config user.name diff --git a/roles/base/tasks/system_setup/locale.yml b/roles/base/tasks/system_setup/locale.yml index 1616245..96f213f 100644 --- a/roles/base/tasks/system_setup/locale.yml +++ b/roles/base/tasks/system_setup/locale.yml @@ -4,7 +4,7 @@ name: - locales-all state: latest - when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ] + when: ansible_facts['distribution'] in [ "Debian", "Ubuntu", "Linux Mint" ] - name: system setup | locale | add de_DE tags: locale,system,setup diff --git a/roles/base/tasks/users/root.yml b/roles/base/tasks/users/root.yml index f02c99e..8e1c421 100644 --- a/roles/base/tasks/users/root.yml +++ b/roles/base/tasks/users/root.yml @@ -26,10 +26,10 @@ - name: users | root | install private ssh keys for backup copy: - dest: "{{ ansible_user_dir }}/.ssh/" + dest: "{{ ansible_facts['user_dir'] }}/.ssh/" src: "{{ item }}" - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_id }}" + owner: "{{ ansible_facts['user_id'] }}" + group: "{{ ansible_facts['user_id'] }}" mode: '0600' loop: - "private_keys/backup_ed25519" @@ -45,7 +45,7 @@ - name: users | root | copy ~/validate-rsync.sh copy: #dest: "{{ getent_passwd[user][4] }}/validate-rsync.sh" - dest: "{{ ansible_user_dir }}/validate-rsync.sh" + dest: "{{ ansible_facts['user_dir'] }}/validate-rsync.sh" src: "system_setup/validate-rsync.sh" mode: "0744" diff --git a/roles/bastionhost/tasks/main.yml b/roles/bastionhost/tasks/main.yml index ad4dc76..25a8b77 100644 --- a/roles/bastionhost/tasks/main.yml +++ b/roles/bastionhost/tasks/main.yml @@ -1,5 +1,5 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always ignore_errors: True diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index 3b3dd04..6281891 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -1,5 +1,5 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution|lower }}.yml" +- include_vars: "{{ ansible_facts['distribution']|lower }}.yml" tags: always ignore_errors: True diff --git a/roles/docker/tasks/install_docker.yml b/roles/docker/tasks/install_docker.yml index f82dee1..9113fd4 100644 --- a/roles/docker/tasks/install_docker.yml +++ b/roles/docker/tasks/install_docker.yml @@ -2,7 +2,7 @@ - name: docker | install docker | get convenience script ansible.builtin.get_url: url: "https://get.docker.com" - dest: "~/get-docker.sh" + dest: "/tmp/get-docker.sh" mode: "0777" # not required. The permissions the resulting file or directory should have. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of Ansible 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)). As of Ansible 2.6, the mode may also be the special string C(preserve). When set to C(preserve) the file will be given the same permissions as the source file. use_proxy: No @@ -15,7 +15,7 @@ # file: # path: "/tmp/get-docker.sh" # required. Path to the file being managed. # state: absent - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: docker | install docker | docker-compose ansible.builtin.package: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 0192b80..05c9604 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,9 +1,9 @@ --- # Load distro specific variables -- ansible.builtin.include_vars: "{{ ansible_distribution | lower }}.yml" +- ansible.builtin.include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always ignore_errors: True -- ansible.builtin.include_vars: "{{ ansible_fqdn | lower }}.yml" +- ansible.builtin.include_vars: "{{ ansible_facts['fqdn'] | lower }}.yml" ignore_errors: True - ansible.builtin.import_tasks: install_docker.yml diff --git a/roles/domaincontroller/tasks/certs.yml b/roles/domaincontroller/tasks/certs.yml index 634794c..45dbfdd 100644 --- a/roles/domaincontroller/tasks/certs.yml +++ b/roles/domaincontroller/tasks/certs.yml @@ -7,12 +7,12 @@ - name: domaincontroller | certs | obtain certificate from step-ca via certbot command: > certbot certonly --standalone -n - -d {{ ansible_fqdn }} + -d {{ ansible_facts['fqdn'] }} --server {{ samba_stepca_server_url }}/acme/acme/directory --agree-tos --email admin@{{ samba_realm | lower }} args: - creates: /etc/letsencrypt/live/{{ ansible_fqdn }}/fullchain.pem + creates: /etc/letsencrypt/live/{{ ansible_facts['fqdn'] }}/fullchain.pem notify: restart samba-ad-dc - name: domaincontroller | certs | create certbot.service override directory diff --git a/roles/domaincontroller/templates/smb.conf.j2 b/roles/domaincontroller/templates/smb.conf.j2 index 80a9964..a321f7f 100644 --- a/roles/domaincontroller/templates/smb.conf.j2 +++ b/roles/domaincontroller/templates/smb.conf.j2 @@ -6,8 +6,8 @@ workgroup = {{ samba_workgroup }} tls enabled = yes - tls keyfile = /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem - tls certfile = /etc/letsencrypt/live/{{ ansible_fqdn }}/fullchain.pem + tls keyfile = /etc/letsencrypt/live/{{ ansible_facts['fqdn'] }}/privkey.pem + tls certfile = /etc/letsencrypt/live/{{ ansible_facts['fqdn'] }}/fullchain.pem template homedir = /home/%U template shell = /bin/zsh diff --git a/roles/drone/tasks/main.yml b/roles/drone/tasks/main.yml index 374efb2..81a61cc 100644 --- a/roles/drone/tasks/main.yml +++ b/roles/drone/tasks/main.yml @@ -1,4 +1,4 @@ -- include_vars: "{{ ansible_fqdn | lower }}.yml" +- include_vars: "{{ ansible_facts['fqdn'] | lower }}.yml" ignore_errors: True - block: diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index 7f6fdb7..7de5f5b 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -1,9 +1,9 @@ --- # Load distro specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always ignore_errors: True -- include_vars: "{{ ansible_fqdn | lower }}.yml" +- include_vars: "{{ ansible_facts['fqdn'] | lower }}.yml" ignore_errors: True - block: diff --git a/roles/jitsimeet/tasks/main.yml b/roles/jitsimeet/tasks/main.yml index 00b6f27..0a07aff 100644 --- a/roles/jitsimeet/tasks/main.yml +++ b/roles/jitsimeet/tasks/main.yml @@ -1,5 +1,5 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always - block: diff --git a/roles/mailserver/tasks/main.yml b/roles/mailserver/tasks/main.yml index 813633e..fb1b487 100644 --- a/roles/mailserver/tasks/main.yml +++ b/roles/mailserver/tasks/main.yml @@ -1,5 +1,5 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always - block: diff --git a/roles/mastodon/tasks/main.yml b/roles/mastodon/tasks/main.yml index ce091e3..51ca78c 100644 --- a/roles/mastodon/tasks/main.yml +++ b/roles/mastodon/tasks/main.yml @@ -1,8 +1,8 @@ --- # Load distro specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always -- include_vars: "{{ ansible_fqdn | lower }}.yml" +- include_vars: "{{ ansible_facts['fqdn'] | lower }}.yml" ignore_errors: True diff --git a/roles/mastodon/tasks/system_setup/letsencrypt.yml b/roles/mastodon/tasks/system_setup/letsencrypt.yml index 933124f..208885b 100644 --- a/roles/mastodon/tasks/system_setup/letsencrypt.yml +++ b/roles/mastodon/tasks/system_setup/letsencrypt.yml @@ -1,5 +1,5 @@ --- -- stat: path=/etc/letsencrypt/live/{{ mastodon_host | default(ansible_fqdn) }}/fullchain.pem +- stat: path=/etc/letsencrypt/live/{{ mastodon_host | default(ansible_facts['fqdn']) }}/fullchain.pem register: letsencrypt_cert - name: Copy letsencrypt nginx config @@ -19,7 +19,7 @@ - migration is not defined or migration == False - name: Install letsencrypt cert - command: certbot certonly -n --webroot -d {{ mastodon_host | default(ansible_fqdn) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_fqdn) }}" --agree-tos && systemctl reload nginx + command: certbot certonly -n --webroot -d {{ mastodon_host | default(ansible_facts['fqdn']) }} -w {{ mastodon_home }}/{{ mastodon_path }}/public/ --email "webmaster@{{ mastodon_host | default(ansible_facts['fqdn']) }}" --agree-tos && systemctl reload nginx when: - not letsencrypt_cert.stat.exists - migration == False or migration is not defined diff --git a/roles/mastodon/tasks/system_setup/nginx.yml b/roles/mastodon/tasks/system_setup/nginx.yml index f3d2a18..7e77b59 100644 --- a/roles/mastodon/tasks/system_setup/nginx.yml +++ b/roles/mastodon/tasks/system_setup/nginx.yml @@ -1,6 +1,6 @@ --- - debug: - msg: "Hostname: {{ mastodon_host | default(ansible_fqdn) }}" + msg: "Hostname: {{ mastodon_host | default(ansible_facts['fqdn']) }}" - name: mastodon | Copy nginx config template: diff --git a/roles/mastodon/templates/mastodon.conf.j2 b/roles/mastodon/templates/mastodon.conf.j2 index 234534b..5ba2a56 100644 --- a/roles/mastodon/templates/mastodon.conf.j2 +++ b/roles/mastodon/templates/mastodon.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { listen 80; listen [::]:80; - server_name {{ mastodon_host | default(ansible_fqdn) }}; + server_name {{ mastodon_host | default(ansible_facts['fqdn']) }}; # Useful for Let's Encrypt location /.well-known/acme-challenge/ { allow all; } @@ -16,7 +16,7 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name {{ mastodon_host | default(ansible_fqdn) }}; + server_name {{ mastodon_host | default(ansible_facts['fqdn']) }}; ssl_protocols TLSv1.2; ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; @@ -24,8 +24,8 @@ server { ssl_session_cache shared:SSL:10m; {% if disable_letsencrypt != "true" %} - ssl_certificate /etc/letsencrypt/live/{{ mastodon_host | default(ansible_fqdn) }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_host | default(ansible_fqdn) }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ mastodon_host | default(ansible_facts['fqdn']) }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ mastodon_host | default(ansible_facts['fqdn']) }}/privkey.pem; {% endif %} keepalive_timeout 70; diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml index b6d863d..2ed7f6c 100644 --- a/roles/nameserver/tasks/main.yml +++ b/roles/nameserver/tasks/main.yml @@ -1,5 +1,5 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always - block: diff --git a/roles/proxyserver/tasks/main.yaml b/roles/proxyserver/tasks/main.yaml index 19232cb..5d5287f 100644 --- a/roles/proxyserver/tasks/main.yaml +++ b/roles/proxyserver/tasks/main.yaml @@ -1,9 +1,9 @@ --- # Load distro specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always ignore_errors: True -- include_vars: "{{ ansible_fqdn | lower }}.yml" +- include_vars: "{{ ansible_facts['fqdn'] | lower }}.yml" ignore_errors: True - include_tasks: squid.yaml diff --git a/roles/reverseproxy/tasks/caddy.yml b/roles/reverseproxy/tasks/caddy.yml index d0fd583..351fbe0 100644 --- a/roles/reverseproxy/tasks/caddy.yml +++ b/roles/reverseproxy/tasks/caddy.yml @@ -1,5 +1,5 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always ignore_errors: True @@ -9,7 +9,7 @@ # Perform remaining tasks: - ansible.builtin.import_tasks: caddy_install_debian.yml - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - ansible.builtin.import_tasks: caddy_config.yml - ansible.builtin.import_tasks: caddy_service.yml diff --git a/roles/reverseproxy/tasks/main.yml b/roles/reverseproxy/tasks/main.yml index f919e37..db86337 100644 --- a/roles/reverseproxy/tasks/main.yml +++ b/roles/reverseproxy/tasks/main.yml @@ -1,8 +1,8 @@ # Load distro specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always ignore_errors: True -- include_vars: "{{ ansible_fqdn | lower }}.yml" +- include_vars: "{{ ansible_facts['fqdn'] | lower }}.yml" ignore_errors: True - include_tasks: caddy.yml diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml index 15ea7ce..61cbca1 100644 --- a/roles/server/tasks/main.yml +++ b/roles/server/tasks/main.yml @@ -1,15 +1,15 @@ --- # Load distro specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always ignore_errors: True -- include_vars: "{{ ansible_fqdn | lower }}.yml" +- include_vars: "{{ ansible_facts['fqdn'] | lower }}.yml" ignore_errors: True - block: - include_tasks: utilities/mail_transfer_agent.yml - include_tasks: utilities/telegraf.yml - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - include_tasks: utilities/netdata.yml when: netdata is defined and netdata == true - include_tasks: utilities/snmpd.yml diff --git a/roles/server/tasks/system_setup/cron.yml b/roles/server/tasks/system_setup/cron.yml index 6963f35..a24efa6 100644 --- a/roles/server/tasks/system_setup/cron.yml +++ b/roles/server/tasks/system_setup/cron.yml @@ -2,7 +2,7 @@ package: name: "cronie" state: latest - when: ansible_distribution == "Archlinux" + when: ansible_facts['distribution'] == "Archlinux" - name: server | system_setup | cron (VM) tags: cron diff --git a/roles/server/tasks/utilities/mail_transfer_agent.yml b/roles/server/tasks/utilities/mail_transfer_agent.yml index cf7928e..50de38d 100644 --- a/roles/server/tasks/utilities/mail_transfer_agent.yml +++ b/roles/server/tasks/utilities/mail_transfer_agent.yml @@ -13,8 +13,8 @@ loop: - { regex: "^root=.*$", line: "root=rene@tantooine.myfirewall.org"} - { regex: "^mailhub=.*", line: "mailhub=mail.universe.local"} - - { regex: "^hostname=.*", line: "hostname={{ ansible_fqdn }}"} - when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] + - { regex: "^hostname=.*", line: "hostname={{ ansible_facts['fqdn'] }}"} + when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"] - name: server | utilities | remove postfix package: name: diff --git a/roles/server/tasks/utilities/snmpd.yml b/roles/server/tasks/utilities/snmpd.yml index 70d844f..e468b28 100644 --- a/roles/server/tasks/utilities/snmpd.yml +++ b/roles/server/tasks/utilities/snmpd.yml @@ -13,7 +13,7 @@ group: "root" mode: "0660" validate: "{{ commands.visudo }} -cf %s" - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: server | snmpd | create /etc/snmp ansible.builtin.file: diff --git a/roles/server/tasks/utilities/telegraf.yml b/roles/server/tasks/utilities/telegraf.yml index 0428f14..3b7e3bc 100644 --- a/roles/server/tasks/utilities/telegraf.yml +++ b/roles/server/tasks/utilities/telegraf.yml @@ -51,12 +51,12 @@ ansible.builtin.lineinfile: path: /etc/telegraf/telegraf.conf regexp: '^\s*#?\s*hostname\s*=' - line: ' hostname = "{{ ansible_fqdn }}"' + line: ' hostname = "{{ ansible_facts['fqdn'] }}"' owner: root group: root mode: '0644' notify: restart_telegraf - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: Configure telegraf agent interval tags: telegraf @@ -68,7 +68,7 @@ group: root mode: '0644' notify: restart_telegraf - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: Configure telegraf agent flush_interval tags: telegraf @@ -80,7 +80,7 @@ group: root mode: '0644' notify: restart_telegraf - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: Configure telegraf agent flush_jitter tags: telegraf @@ -92,7 +92,7 @@ group: root mode: '0644' notify: restart_telegraf - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: Configure telegraf agent collection_jitter tags: telegraf @@ -104,7 +104,7 @@ group: root mode: '0644' notify: restart_telegraf - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: Configure telegraf agent metric_batch_size tags: telegraf @@ -116,7 +116,7 @@ group: root mode: '0644' notify: restart_telegraf - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: Configure telegraf agent metric_buffer_limit tags: telegraf @@ -128,7 +128,7 @@ group: root mode: '0644' notify: restart_telegraf - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: Configure telegraf agent round_interval tags: telegraf @@ -140,7 +140,7 @@ group: root mode: '0644' notify: restart_telegraf - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: server | telegraf | create systemd override directory for telegraf ansible.builtin.file: diff --git a/roles/webservers/tasks/apps/nextcloud/prereq.yml b/roles/webservers/tasks/apps/nextcloud/prereq.yml index 2f8e71a..ac5d7a6 100644 --- a/roles/webservers/tasks/apps/nextcloud/prereq.yml +++ b/roles/webservers/tasks/apps/nextcloud/prereq.yml @@ -7,7 +7,7 @@ - software-properties-common - lsb-release - ca-certificates - when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"] + when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"] - name: webservers | nextcloud | prereq | get php repo key ansible.builtin.uri: @@ -18,7 +18,7 @@ ansible.builtin.lineinfile: path: "/etc/apt/sources.list.d/php.list" state: present - line: "deb https://packages.sury.org/php/ {{ ansible_distribution_release | lower }} main" + line: "deb https://packages.sury.org/php/ {{ ansible_facts['distribution']_release | lower }} main" create: True - name: webservers | nextcloud | prereq | install php diff --git a/roles/webservers/tasks/main.yml b/roles/webservers/tasks/main.yml index 2846026..da8d835 100644 --- a/roles/webservers/tasks/main.yml +++ b/roles/webservers/tasks/main.yml @@ -1,5 +1,5 @@ # Load distro-specific variables -- include_vars: "{{ ansible_distribution | lower }}.yml" +- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml" tags: always - block: diff --git a/update.yml b/update.yml index 4e19ffe..7764160 100644 --- a/update.yml +++ b/update.yml @@ -6,23 +6,23 @@ become_user: root command: cmd: "git remote set-url origin ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git" - chdir: "{{ ansible_user_dir }}/dotfiles" + chdir: "{{ ansible_facts['user_dir'] }}/dotfiles" - name: "git default settings" become: true become_user: root command: cmd: "git config pull.rebase false" - chdir: "{{ ansible_user_dir }}/dotfiles" + chdir: "{{ ansible_facts['user_dir'] }}/dotfiles" # - name: "git pull" # become: yes # command: # cmd: "git pull" - # chdir: "{{ ansible_user_dir }}/dotfiles" + # chdir: "{{ ansible_facts['user_dir'] }}/dotfiles" - name: "remove cronjob for ansible" become: false cron: name: "ansible provision" - user: "{{ ansible_user_id }}" + user: "{{ ansible_facts['user_id'] }}" job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master > /var/log/ansible_update.log || cat /var/log/ansible_update.log' state: present minute: 0 @@ -32,7 +32,7 @@ become_user: root cron: name: "ansible provision" - user: "{{ ansible_user_id }}" + user: "{{ ansible_facts['user_id'] }}" job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master > /var/log/ansible_update.log || cat /var/log/ansible_update.log' state: present minute: 0