renamed roles

2022-09-24 20:33:37 +02:00
parent 3dfb5355fd
commit c6ec5ee669
58 changed files with 0 additions and 0 deletions
--- a/roles/server/files/distro
+++ b/roles/server/files/distro
@@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-
-source /etc/os-release
-echo "${PRETTY_NAME}"
--- a/roles/server/files/sudoers
+++ b/roles/server/files/sudoers
@@ -1,2 +0,0 @@
-Debian-snmp ALL = NOPASSWD: /etc/snmp/bind, /etc/snmp/fail2ban, /etc/snmp/docker-stats.sh, /etc/snmp/mailcow-dockerized-postfix, /etc/snmp/unbound, /etc/snmp/osupdate, /etc/snmp/distro
-Debian-snmp ALL = (postgres) NOPASSWD: /etc/snmp/postgres
--- a/roles/server/handlers/main.yml
+++ b/roles/server/handlers/main.yml
@@ -1,4 +0,0 @@
- name: restart_snmpd
-  service:
-    name: "snmpd"
-    state: restarted
--- a/roles/server/tasks/main.yml
+++ b/roles/server/tasks/main.yml
@@ -1,23 +0,0 @@
---
-# Load distro specific variables
- include_vars: "{{ ansible_distribution }}.yml"
-  tags: always
-  ignore_errors: True
- include_vars: "{{ ansible_fqdn }}.yml"
-  ignore_errors: True
-
- block:
-  - include_tasks: utilities/mta.yml
-  - include_tasks: utilities/netdata.yml
-    when: netdata is defined and netdata == true
-  - include_tasks: utilities/snmpd.yml
-  - include_tasks: utilities/glusterfs.yml
-    when:
-      - glusterfs is defined
-      - glusterfs == true
-  - include_tasks: system_setup/cron.yml
-  # - include_role:
-  #     name: base
-  #     tasks_from: users.yml
-
-# vim: ts=2 sw=2
--- a/roles/server/tasks/system_setup/cron.yml
+++ b/roles/server/tasks/system_setup/cron.yml
@@ -1,17 +0,0 @@
- name: server | system_setup | install cron (archlinux)
-  package:
-    name: "cronie"
-    state: latest
-  when: ansible_distribution == "Archlinux"
-
- name: server | system_setup | cron
-  tags: cron
-  cron:
-    name: "{{ item.title }}"
-    user: root
-    hour: "{{ item.hour }}"
-    minute: "{{ item.minute }}"
-    job: "{{ item.job }}"
-  loop:
-    - { title: "Send me a list of upgradeable packages", job: "apt list --upgradable", hour: 0, minute: 0 }
-    - { title: "Backup", job: "/root/bin/backup_vps.bash", hour: 1, minute: 0 }
--- a/roles/server/tasks/system_setup/mail.yml
+++ b/roles/server/tasks/system_setup/mail.yml
@@ -1,8 +0,0 @@
- name: server | system_setup | create mail aliases
-  lineinfile:
-    path: "/etc/alias"
-    state: present
-    line: "root rene@tantooine.myfirewall.org"
-
- name: server | system setup | generate aliases db
-  command: newaliases
--- a/roles/server/tasks/system_setup/swap.yml
+++ b/roles/server/tasks/system_setup/swap.yml
@@ -1,15 +0,0 @@
- block:
-  - name: server | system setup | create swapfile
-    command: "fallocate -l {{ ansible_facts['memtotal_mb'] / 4 | round }} /swapfile"
-  - name: server | system setup | format swapfile
-    filesystem:
-      fstype: swap
-      dev: "/swapfile" # required. Target path to device or image file.
-  - name: server | system setup | enable swap
-    command: "swapon /swapfile"
-  - name: server | system setup | edit fstab
-    lineinfile:
-      path: "/etc/fstab"
-      state: present
-      line: "/swapfile none swap sw 0 0"
-  when: ansible_facts['memory_mb']['swap']['total'] == '0'
--- a/roles/server/tasks/system_setup/sysctl.yml
+++ b/roles/server/tasks/system_setup/sysctl.yml
@@ -1,9 +0,0 @@
- name: server | system setup | sysctl
-  sysctl:
-    name: "{{ item.key }}"
-    value: "{{ item.value }}"
-    state: present
-    reload: yes
-  loop:
-    - { key: "vm.swappiness", value: "10"}
-    - { key: "vm.vfs_cache_pressure", value: "50"}
--- a/roles/server/tasks/utilities/glusterfs.yml
+++ b/roles/server/tasks/utilities/glusterfs.yml
@@ -1,10 +0,0 @@
- name: server | glusterfs | install glusterfs
-  package:
-    state: latest
-    name: "{{ item.package }}"
-  with_items: "{{ glusterfs_packages }}"
-
- name: server | glusterfs | enable and start glusterd
-  service:
-    name: glusterd
-    state: started
--- a/roles/server/tasks/utilities/mta.yml
+++ b/roles/server/tasks/utilities/mta.yml
@@ -1,17 +0,0 @@
- name: server | utilities | install {{ mta_package }}
-  package:
-    name: "{{ mta_package }}"
-    state: present
-  when: postfix is not defined or postfix == false
-
- name: server | utitilies | configure {{ mta_package }}
-  lineinfile:
-    path: "/etc/ssmtp/ssmtp.conf" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
-    regexp: "{{ item.regex }}"
-    state: present
-    line: "{{ item.line }}"
-  loop:
-    - { regex: "^root=.*$", line: "root=rene@tantooine.myfirewall.org"}
-    - { regex: "^mailhub=.*", line: "mailhub=coruscant.universe.local"}
-    - { regex: "^hostname=.*", line: "hostname={{ ansible_fqdn }}"}
-  when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]
--- a/roles/server/tasks/utilities/netdata.yml
+++ b/roles/server/tasks/utilities/netdata.yml
@@ -1,13 +0,0 @@
---
- name: Install netdata
-  package:
-    name: netdata
-    state: present
-
- name: Enable and start netdata service
-  service:
-    name: netdata
-    state: started
-    enabled: yes
-
-# vim: ts=2 sw=2
--- a/roles/server/tasks/utilities/snmpd.yml
+++ b/roles/server/tasks/utilities/snmpd.yml
@@ -1,115 +0,0 @@
- include_vars: snmp_users.yml
-
- name: server | snmpd | install package
-  package:
-    name: "{{ snmpd_package }}"
-    state: present
-
- name: server | snmpd | install sudoers file
-  copy:
-    dest: "/etc/sudoers.d/10-debian-snmp"
-    src: "sudoers"
-    owner: "root"
-    group: "root"
-    mode: "0660"
-    validate: "visudo -cf %s"
-  when: ansible_distribution in ["Debian", "Ubuntu"]
-
- name: server | snmpd | create /etc/snmp
-  file:
-    path: "/etc/snmp"
-    state: directory
-    owner: "root"
-    group: "root"
-
- name: server | snmpd | insert anchors to snmpd.conf
-  blockinfile:
-    path: "{{ snmpd_conf }}"
-    create: true
-    marker: "# {mark} ANSIBLE MANAGED BLOCK"
-    block: |
-      ################################################################################
-      # SECTION: custom settings
-
- name: server | snmpd | stop service
-  service:
-    name: "snmpd"
-    state: stopped
-
- name: server | snmpd | setup monitoring user SNMPv3
-  lineinfile:
-    path: "{{ snmpd_user_file }}"
-    create: true
-    line: "createuser {{ snmp_user }} {{ snmp_auth_proto }} {{ snmp_auth_pass }} {{ snmp_priv_proto }} {{ snmp_priv_pass }}"
-
- name: server | snmpd | setup ACLs
-  lineinfile:
-    path: "{{ snmpd_conf }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
-    line: "rouser {{ snmp_user }} authpriv"
-    insertafter: "# SECTION: custom settings"
-
- name: server | snmpd | enable service on wireguard interface
-  lineinfile:
-    path: "{{ snmpd_conf }}"
-    regexp: "^agentaddress.*$"
-    state: present
-    line: "agentaddress 127.0.0.1,{{ wg_local_ip | ipaddr('address') }},[::1]"
-  when: wg_local_ip is defined
-
- name: server | snmpd | enable service on all interfaces
-  lineinfile:
-    path: "{{ snmpd_conf }}"
-    regexp: "^agentaddress.*$"
-    state: present
-    line: "agentaddress udp:161,udp6:[::1]:161"
-  when: wg_local_ip is not defined
-
- name: server | snmpd | copy distro script
-  copy:
-    dest: "/etc/snmp/distro"
-    src: "distro"
-    mode: "0755"
-
- name: server | snmpd | get os-updates script
-  get_url:
-    url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate"
-    dest: "/etc/snmp/osupdate"
-    mode: "0755"
-    owner: "root"
-    group: "root"
-
- name: server | snmpd | configure extends
-  lineinfile:
-    path: "{{ snmpd_conf }}"
-    state: present
-    line: "extend {{ item.service }} '{{ item.script }}'"
-    insertafter: "# SECTION: custom settings"
-  loop:
-    - { service: "distro", script: "{{ sudo }} /etc/snmp/distro" }
-    - { service: "osupdate", script: "{{ sudo }} /etc/snmp/osupdate" }
-    - { service: "hardware", script: "/bin/cat /sys/devices/virtual/dmi/id/product_name" }
-    - { service: "manufacturer", script: "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor" }
-    - { service: "serial", script: "/bin/cat /sys/devices/virtual/dmi/id/product_serial" }
-
- block:
-  - name: server | snmpd | get proxmox script
-    get_url:
-      url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/agent-local/proxmox"
-      dest: "/usr/local/bin/proxmox"
-      mode: "0755"
-      owner: "root"
-      group: "root"
-  - name: server | snmpd | configure proxmox extends
-    lineinfile:
-      path: "{{ snmpd_conf }}"
-      state: present
-      line: "extend proxmox {{ sudo }} /usr/local/bin/proxmox"
-      insertafter: "# SECTION: custom settings"
-  when:
-    - is_proxmox is defined
-    - is_proxmox == true
-
- name: server | snmpd start service
-  service:
-    name: "snmpd"
-    state: started
--- a/roles/server/templates/client_VPN.conf.j2
+++ b/roles/server/templates/client_VPN.conf.j2
@@ -1,10 +0,0 @@
-[Interface]
-Address = {{ wg_local_ip }}
-ListenPort = 41475
-PostUp = wg set %i private-key /etc/wireguard/privatekey
-
-[Peer]
-PublicKey = {{ wg_server_pubkey }}
-Endpoint = {{ wg_endpoint }}
-AllowedIPs = 192.168.3.0/24, 192.168.1.0/24
-PersistentKeepalive = 25
--- a/roles/server/templates/main.yml
+++ b/roles/server/templates/main.yml
--- a/roles/server/vars/Archlinux.yml
+++ b/roles/server/vars/Archlinux.yml
@@ -1,7 +0,0 @@
-mta_package: msmtp-mta
-snmpd_package: net-snmp
-snmpd_user_file: "/var/net-snmp/snmpd.conf"
-wireguard_package: wireguard-tools
-
-glusterfs_packages:
-  - package: glusterfs
--- a/roles/server/vars/Debian.yml
+++ b/roles/server/vars/Debian.yml
@@ -1,9 +0,0 @@
-mta_package: ssmtp
-snmpd_package: snmpd
-snmpd_user_file: "/var/lib/snmp/snmpd.conf"
-wireguard_package: wireguard
-
-glusterfs_packages:
-  - package: glusterfs-common
-  - package: glusterfs-server
-  - package: glusterfs-client
--- a/roles/server/vars/Ubuntu.yml
+++ b/roles/server/vars/Ubuntu.yml
@@ -1 +0,0 @@
-Debian.yml
--- a/roles/server/vars/main.yml
+++ b/roles/server/vars/main.yml
@@ -1,3 +0,0 @@
-swappiness_value: 5
-wg_endpoint: tantooine.myfirewall.org:51820
-wg_server_pubkey: vhRa0WQnMdo97jAwS3a8wnb1C69oL5z1Ee5nmxoiX1w=
--- a/roles/server/vars/mewimeet.com.yml
+++ b/roles/server/vars/mewimeet.com.yml
@@ -1,11 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-65363966633438663266346230643831396530313038643036636532613338393961333030613738
-3837623039666439343464623437623161396663383839360a666333373063613165333463616339
-35616565313932313233373936313030393030333264373935626161646366643734366466636231
-3037636633336662330a376163363739393564386531653963666237343835396164343761396235
-31393830363837613835353637323631313063613033663965353035343232663663363434623137
-35643236353061333265383338393337383333386139623864373533613666336639356339353065
-32613032383034366636663433633064643033616264316665383339383662313336313830653037
-30643636616565333038626439353463343162346630346634333038376462303365316466666564
-30643336333035653832383637633036326536613130663830336338666333393836386435326535
-6335333836383936643036353861303764353530613266663736
--- a/roles/server/vars/mewimeet.de.yml
+++ b/roles/server/vars/mewimeet.de.yml
@@ -1,11 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-62616435356338323962643761613761633061376366643536343533373062643732376439353738
-6461363065616630323164653263636430626635323937660a326530623063643338643730656537
-37396630363861653333326362396336643136623866623064653765383261623763623339663363
-6435303032396137320a653630643537396462613061303733356163303563363935666661353362
-63313466383830373165663462393661353135356138653839623631616537343033343435353264
-33393636383365653963643239386530313135326365316233366165383831643833663962636561
-32633336356438376632353264376265643466343365313133376637396632616339323336373035
-39313138356438613637333361363839626132363337643835383332336666353862303262346534
-34373137343939633034373432653332353531396666393532316238333462306330373930383833
-3030383562626231656362383233656662303537316439313065
--- a/roles/server/vars/snmp_users.yml
+++ b/roles/server/vars/snmp_users.yml
@@ -1,11 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-31303532326531323738633661646339316639306435333333386438613035626134373835626234
-3633393864646561663630663038366239656539656639380a356134363664616334653037303436
-65306661353865633432323763633133353364393138656638626265386339336166366630663066
-3034326233623262320a336131613839343034373632656538636635613665326335633034656231
-39616662623064643233626661303063613432653062613561303337303163343866313932343732
-64386332373430656362646431366332333466396465306362623437623966663032303236613864
-31633338666635633132386264666339643639393838323730336333323933663061373965393237
-36656539326466353634633531333132313237306137636234383339633963326537323463386638
-66393231313331653838613734653134373965653563326562306534316266623766316433633366
-3965336266376365613235656337386463663766326530626265