rene/ansible-pull
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

switched to new facts-syntax

Browse Source
This commit is contained in:
Rene Mewissen
2026-01-12 12:31:24 +01:00
parent 037b998219
commit 9fd07d57a4
41 changed files with 111 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
roles/base/tasks/ansible_setup.yml
View File

@@ -4,13 +4,13 @@
path: "/etc/apt/sources.list"
regexp: "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main"
state: absent
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
- debug:
var: ansible_distribution_release
var: ansible_facts['distribution']_release
- debug:
var: equivalents[ansible_distribution_release]['ubuntu']
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
var: equivalents[ansible_facts['distribution']_release]['ubuntu']
when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
- name: ansible setup | get key
@@ -18,13 +18,13 @@
get_url:
url: "https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&op=get&search=0x6125E2A8C77F2818FB7BD15B93C4A3FD7BB9C367" # required. HTTP, HTTPS, or FTP URL in the form (http|https|ftp)://[user[:pass]]@host.domain[:port]/path
dest: "/tmp/ansible-archive-keyring.asc" # Download to a temporary location
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
- name: ansible setup | dearmor GPG key and place in /usr/share/keyrings
ansible.builtin.command:
cmd: "gpg --dearmor -o /usr/share/keyrings/ansible-archive-keyring.gpg /tmp/ansible-archive-keyring.asc"
creates: "/usr/share/keyrings/ansible-archive-keyring.gpg"
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
# Hinweis: Der 'warn: false' Parameter wurde aufgrund eines Konflikts entfernt.
# Diese Aufgabe ist entscheidend für die moderne APT-Schlüsselverwaltung.
@@ -32,34 +32,34 @@
file:
path: /etc/apt/sources.list.d/ansible.list
state: absent
when: ansible_distribution == "Debian"
when: ansible_facts['distribution'] == "Debian"
- name: ansible setup | remove repository - Debian / Ubuntu
tags: ansible,ansible-setup
apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ equivalents[ansible_distribution_release]['ubuntu'] }} main"
repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ equivalents[ansible_facts['distribution']_release]['ubuntu'] }} main"
state: absent
update_cache: no
filename: ansible
when: ansible_distribution in ["Debian", "Ubuntu"]
when: ansible_facts['distribution'] in ["Debian", "Ubuntu"]
- name: ansible setup | update repository - Debian
tags: ansible,ansible-setup
apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ equivalents[ansible_distribution_release]['ubuntu'] }} main"
repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ equivalents[ansible_facts['distribution']_release]['ubuntu'] }} main"
state: present
update_cache: yes
filename: ansible
when: ansible_distribution == "Debian"
when: ansible_facts['distribution'] == "Debian"
- name: ansible setup | update repository - Ubuntu
tags: ansible,ansible-setup
apt_repository:
repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ ansible_distribution_release }} main"
repo: "deb [signed-by=/usr/share/keyrings/ansible-archive-keyring.gpg] http://ppa.launchpad.net/ansible/ansible/ubuntu {{ ansible_facts['distribution']_release }} main"
state: present
update_cache: yes
filename: ansible
when: ansible_distribution == "Ubuntu"
when: ansible_facts['distribution'] == "Ubuntu"
- name: ansible setup | ensure ansible is the latest version
tags: ansible,ansible-setup
@@ -79,7 +79,7 @@
# tags: ansible,ansible-setup,packages
# package:
# name: acl
# when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
# when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
# - name: ansible:setup | create ansible log file
# tags: ansible,ansible-setup

4
roles/base/tasks/main.yml
View File

@@ -1,5 +1,5 @@
# Load distro-specific variables
- include_vars: "{{ ansible_distribution | lower }}.yml"
- include_vars: "{{ ansible_facts['distribution'] | lower }}.yml"
tags: always
ignore_errors: True
@@ -41,7 +41,7 @@
- import_tasks: system_setup/disable_standby.yml
when: is_proxmox is defined and is_proxmox == true
- import_tasks: software/wazuh-agent.yml
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint", "Archlinux"]
when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint", "Archlinux"]
- import_tasks: system_setup/disable_standby.yml
when: is_proxmox is defined and is_proxmox == true
- import_tasks: system_setup/import_stepca.yml

2
roles/base/tasks/software/packages_cleanup.yml
View File

@@ -8,4 +8,4 @@
- exim4-base
- exim4-config
- nano
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]
when: ansible_facts['distribution'] in ["Debian", "Pop!_OS", "Ubuntu", "Linux Mint"]

6
roles/base/tasks/software/packages_utilities.yml
View File

@@ -59,7 +59,7 @@
- lsd
- pacman-contrib
- which
when: ansible_distribution == "Archlinux"
when: ansible_facts['distribution'] == "Archlinux"
ignore_errors: true
- name: system setup | utilities | install man-pages (arch)
@@ -71,7 +71,7 @@
- man-db
- man-pages
- "{{ python_passlib_package }}"
when: ansible_distribution == "Archlinux"
when: ansible_facts['distribution'] == "Archlinux"
ignore_errors: true
- name: system setup | utilities | install utilities (debian)
@@ -87,7 +87,7 @@
- dnsutils
- unattended-upgrades
- "{{ python_passlib_package }}"
when: ansible_distribution in [ "Debian", "Ubuntu" ]
when: ansible_facts['distribution'] in [ "Debian", "Ubuntu" ]
ignore_errors: true
- name: system setup | utilities | install AUR helper (arch)

4
roles/base/tasks/system_setup/clock.yml
View File

@@ -3,14 +3,14 @@
package:
name: systemd-timesyncd
state: latest
when: ansible_distribution in ["Pop!_OS", "Ubuntu", "Linux Mint"]
when: ansible_facts['distribution'] in ["Pop!_OS", "Ubuntu", "Linux Mint"]
- name: system setup | clock | install systemd-timesyncd (debian)
tags: ntp, system setup
apt:
name: systemd-timesyncd
state: latest
when: ansible_distribution == "Debian"
when: ansible_facts['distribution'] == "Debian"
- name: system setup | clock | start and enable systemd-timestampd
tags: ntp,system setup

10
roles/base/tasks/system_setup/cron.yml
View File

@@ -11,14 +11,14 @@
name: cronie
state: started
enabled: true
when: ansible_distribution == "Archlinux"
when: ansible_facts['distribution'] == "Archlinux"
- name: system setup | cron | add cronjob for ansible on reboot
become: true
become_user: root
cron:
name: "ansible provision"
user: "{{ ansible_user_id }}"
user: "{{ ansible_facts['user_id'] }}"
job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master > /var/log/ansible_pull.log || cat /var/log/ansible_pull.log'
state: present
special_time: reboot
@@ -28,7 +28,7 @@
become_user: root
cron:
name: "ansible provision"
user: "{{ ansible_user_id }}"
user: "{{ ansible_facts['user_id'] }}"
job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master > /var/log/ansible_pull.log || cat /var/log/ansible_pull.log'
state: present
minute: 0
@@ -105,7 +105,7 @@
hour: "0"
minute: "0"
job: "apt list --upgradeable"
when: ansible_distribution in ["Debian", "Ubuntu", "Linux Mint"]
when: ansible_facts['distribution'] in ["Debian", "Ubuntu", "Linux Mint"]
- name: system setup | cron | Send me a list of upgradeable packages daily (Archlinux)
tags: cron
@@ -115,4 +115,4 @@
hour: "0"
minute: "0"
job: "{{ root_home }} + '/bin/cron_pacman'"
when: ansible_distribution in ["Archlinux"]
when: ansible_facts['distribution'] in ["Archlinux"]

2
roles/base/tasks/system_setup/git.yml
View File

@@ -1,7 +1,7 @@
- name: base | system_setup | git config user.email
git_config:
name: user.email # not required. The name of the setting. If no value is supplied, the value will be read from the config if it has been set.
value: 'root@{{ ansible_fqdn }}'
value: 'root@{{ ansible_facts["fqdn"] }}'
scope: global
- name: base | system_setup | git config user.name

2
roles/base/tasks/system_setup/locale.yml
View File

@@ -4,7 +4,7 @@
name:
- locales-all
state: latest
when: ansible_distribution in [ "Debian", "Ubuntu", "Linux Mint" ]
when: ansible_facts['distribution'] in [ "Debian", "Ubuntu", "Linux Mint" ]
- name: system setup | locale | add de_DE
tags: locale,system,setup

8
roles/base/tasks/users/root.yml
View File

@@ -26,10 +26,10 @@
- name: users | root | install private ssh keys for backup
copy:
dest: "{{ ansible_user_dir }}/.ssh/"
dest: "{{ ansible_facts['user_dir'] }}/.ssh/"
src: "{{ item }}"
owner: "{{ ansible_user_id }}"
group: "{{ ansible_user_id }}"
owner: "{{ ansible_facts['user_id'] }}"
group: "{{ ansible_facts['user_id'] }}"
mode: '0600'
loop:
- "private_keys/backup_ed25519"
@@ -45,7 +45,7 @@
- name: users | root | copy ~/validate-rsync.sh
copy:
#dest: "{{ getent_passwd[user][4] }}/validate-rsync.sh"
dest: "{{ ansible_user_dir }}/validate-rsync.sh"
dest: "{{ ansible_facts['user_dir'] }}/validate-rsync.sh"
src: "system_setup/validate-rsync.sh"
mode: "0744"