From 28a3b2dab6ac2c80bdc45c77d0a26e408960128f Mon Sep 17 00:00:00 2001 From: Rene Date: Thu, 24 Feb 2022 21:38:47 +0100 Subject: [PATCH 01/13] added a new host --- hosts | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts b/hosts index 398fb7f..147d969 100644 --- a/hosts +++ b/hosts @@ -27,6 +27,7 @@ coruscant.universe.local [jitsimeet] #ubuntu-test jitsi_fqdn=mewimeet.de +jitsi-meet-eu jitsi_fqdn=mewimeet.de [mailserver] coruscant.universe.local From 34243a0c4275342b8f2e19e90d2cf3948279d0c5 Mon Sep 17 00:00:00 2001 From: Rene Date: Thu, 24 Feb 2022 21:58:46 +0100 Subject: [PATCH 02/13] try to include vars file --- roles/base/tasks/system_setup/openssh.yml | 2 +- roles/jitsimeet/vars/Ubuntu.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/base/tasks/system_setup/openssh.yml b/roles/base/tasks/system_setup/openssh.yml index de394e4..5241d8a 100644 --- a/roles/base/tasks/system_setup/openssh.yml +++ b/roles/base/tasks/system_setup/openssh.yml @@ -12,7 +12,7 @@ enabled: yes state: started -- name: system setup | openssh | generate sshd_config file from template +- name: system setup | openssh | copy sshd custom config tags: openssh,ssh,system,settings copy: src: system_setup/sshd_custom.conf diff --git a/roles/jitsimeet/vars/Ubuntu.yml b/roles/jitsimeet/vars/Ubuntu.yml index 8df184b..73af1cf 100644 --- a/roles/jitsimeet/vars/Ubuntu.yml +++ b/roles/jitsimeet/vars/Ubuntu.yml @@ -1 +1,2 @@ +- include_vars: main.yml jitsimeet_package: jitsi-meet \ No newline at end of file From cdb783ab7de62a428d013ff5507260eee3ed5500 Mon Sep 17 00:00:00 2001 From: Rene Date: Thu, 24 Feb 2022 22:19:21 +0100 Subject: [PATCH 03/13] some inventory changes --- hosts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hosts b/hosts index 147d969..74d6c7e 100644 --- a/hosts +++ b/hosts @@ -11,7 +11,6 @@ webserver [database] coruscant.universe.local -mewimeet.de mewitoot.de [development] @@ -27,7 +26,7 @@ coruscant.universe.local [jitsimeet] #ubuntu-test jitsi_fqdn=mewimeet.de -jitsi-meet-eu jitsi_fqdn=mewimeet.de +mewimeet jitsi_fqdn=mewimeet.de [mailserver] coruscant.universe.local @@ -59,7 +58,6 @@ tuxedo-book-xp1511.universe.local [webserver] coruscant.universe.local -mewimeet.de mewitoot.de [workstation:children] From 03af41c9e2e3bc6f2409a12f790b9b936090058c Mon Sep 17 00:00:00 2001 From: Rene Date: Thu, 24 Feb 2022 22:22:44 +0100 Subject: [PATCH 04/13] locking root is not a good idea in the beginning --- roles/base/tasks/users/root.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/base/tasks/users/root.yml b/roles/base/tasks/users/root.yml index 64f4862..afa0938 100644 --- a/roles/base/tasks/users/root.yml +++ b/roles/base/tasks/users/root.yml @@ -1,7 +1,7 @@ -- name: users | root | ensure account is locked - user: - name: root - password_lock: yes +# - name: users | root | ensure account is locked +# user: +# name: root +# password_lock: yes # - name: users | root | install public ssh keys # authorized_key: From cd38915212f9ee5808802f0623fc89569c1b8491 Mon Sep 17 00:00:00 2001 From: Rene Date: Thu, 24 Feb 2022 22:26:35 +0100 Subject: [PATCH 05/13] manipulate hosts only on request --- roles/base/tasks/system_setup/hosts.yml | 3 ++- roles/base/vars/main.yml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/base/tasks/system_setup/hosts.yml b/roles/base/tasks/system_setup/hosts.yml index b24b0d3..c57231d 100644 --- a/roles/base/tasks/system_setup/hosts.yml +++ b/roles/base/tasks/system_setup/hosts.yml @@ -6,4 +6,5 @@ owner: 'root' group: 'root' loop: - - { ip: '192.168.1.240', fqdn: 'gitlab.social.my-wan.de'} \ No newline at end of file + - { ip: '192.168.1.240', fqdn: 'gitlab.social.my-wan.de'} + when: set_hosts is defined and set_hosts == true \ No newline at end of file diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml index dcb9406..2d5e799 100644 --- a/roles/base/vars/main.yml +++ b/roles/base/vars/main.yml @@ -1,3 +1,4 @@ rene_password: swappiness_value: 5 +set_hosts: false root_home: "{{ lookup('env','HOME') }}" \ No newline at end of file From 28ee3218b48b942882cc08b02165b7b445a9ef48 Mon Sep 17 00:00:00 2001 From: Rene Date: Thu, 24 Feb 2022 23:59:07 +0100 Subject: [PATCH 06/13] removed include_vars --- roles/jitsimeet/vars/Ubuntu.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/jitsimeet/vars/Ubuntu.yml b/roles/jitsimeet/vars/Ubuntu.yml index 73af1cf..8df184b 100644 --- a/roles/jitsimeet/vars/Ubuntu.yml +++ b/roles/jitsimeet/vars/Ubuntu.yml @@ -1,2 +1 @@ -- include_vars: main.yml jitsimeet_package: jitsi-meet \ No newline at end of file From a10b637f0ea96449178ed3af596964bb4578ed0f Mon Sep 17 00:00:00 2001 From: Rene Date: Fri, 25 Feb 2022 00:49:15 +0100 Subject: [PATCH 07/13] allowedUsers does not allow comma separation --- roles/base/files/system_setup/sshd_custom.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/base/files/system_setup/sshd_custom.conf b/roles/base/files/system_setup/sshd_custom.conf index 3915ee6..7872136 100644 --- a/roles/base/files/system_setup/sshd_custom.conf +++ b/roles/base/files/system_setup/sshd_custom.conf @@ -15,7 +15,7 @@ PrintLastLog no AllowUsers rene Match Address 192.168.1.240 - AllowUsers root,rene + AllowUsers root rene Match User root PasswordAuthentication no From a1068dad056bc8b47ae5609b40e49620189b2268 Mon Sep 17 00:00:00 2001 From: Rene Date: Fri, 25 Feb 2022 00:52:59 +0100 Subject: [PATCH 08/13] add user rene to group sudo --- roles/base/tasks/users/rene.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/base/tasks/users/rene.yml b/roles/base/tasks/users/rene.yml index 1bfb307..2a5bab9 100644 --- a/roles/base/tasks/users/rene.yml +++ b/roles/base/tasks/users/rene.yml @@ -2,6 +2,8 @@ user: name: rene shell: "/usr/bin/zsh" + groups: "sudo" + append: True # - name: users | rene | install public ssh keys # authorized_key: From aefba529db75b13d169f3f376983c0340351948a Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 25 Feb 2022 09:56:04 +0100 Subject: [PATCH 09/13] introduced preinstalled variable --- host_vars/mewimeet.de.yml | 1 + roles/jitsimeet/tasks/install_jitsimeet.yml | 28 +++++++++++---------- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/host_vars/mewimeet.de.yml b/host_vars/mewimeet.de.yml index 1ef7ed7..188f976 100644 --- a/host_vars/mewimeet.de.yml +++ b/host_vars/mewimeet.de.yml @@ -11,6 +11,7 @@ microcode_amd_install: false microcode_intel_install: false proxmox_instance: false raspberry_pi: false +preinstalled: true # server unattended_upgrades: true diff --git a/roles/jitsimeet/tasks/install_jitsimeet.yml b/roles/jitsimeet/tasks/install_jitsimeet.yml index bdca4bb..744bbf2 100644 --- a/roles/jitsimeet/tasks/install_jitsimeet.yml +++ b/roles/jitsimeet/tasks/install_jitsimeet.yml @@ -16,20 +16,22 @@ # - jitsi-meet-web-config # - jitsi-videobridge2 -- name: jitsimeet | set debconf vars - shell: - cmd: "{{ playbook_dir }}/roles/jitsimeet/files/set_debconf.sh {{ jitsi_fqdn }}" +- block + - name: jitsimeet | set debconf vars + shell: + cmd: "{{ playbook_dir }}/roles/jitsimeet/files/set_debconf.sh {{ jitsi_fqdn }}" -- name: jitsimeet | install packages - package: - name: - - prosody - - jicofo - - jitsi-meet-web - - jitsi-meet-prosody - - jitsi-meet-web-config - - jitsi-videobridge2 - notify: restart_nginx + - name: jitsimeet | install packages + package: + name: + - prosody + - jicofo + - jitsi-meet-web + - jitsi-meet-prosody + - jitsi-meet-web-config + - jitsi-videobridge2 + notify: restart_nginx + when: preinstalled == false or preinstalled is not defined - name: jitsimeet | copy custom settings copy: From 98f7cf03392a35904947db227651fb46fc87416f Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 25 Feb 2022 10:38:41 +0100 Subject: [PATCH 10/13] make use of preinstalled variable --- roles/jitsimeet/tasks/prepare_system.yml | 42 +++++++++++++----------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/roles/jitsimeet/tasks/prepare_system.yml b/roles/jitsimeet/tasks/prepare_system.yml index 53036b8..6b17a97 100644 --- a/roles/jitsimeet/tasks/prepare_system.yml +++ b/roles/jitsimeet/tasks/prepare_system.yml @@ -6,27 +6,29 @@ DefaultLimitNPROC=65000 DefaultTasksMax=65000 -- name: jitsimeet | reload systemd - systemd: - daemon_reload: true +- block + - name: jitsimeet | reload systemd + systemd: + daemon_reload: true -- name: jitsimeet | import GPG key - apt_key: - url: "https://download.jitsi.org/jitsi-key.gpg.key" - state: present # not required. choices: absent;present. Ensures that the key is present (added) or absent (revoked). + - name: jitsimeet | import GPG key + apt_key: + url: "https://download.jitsi.org/jitsi-key.gpg.key" + state: present # not required. choices: absent;present. Ensures that the key is present (added) or absent (revoked). -- name: jitsimeet | add repository - lineinfile: - path: "/etc/apt/sources.list.d/jitsi-stable.list" - line: "deb https://download.jitsi.org stable/" - create: True - backup: True - notify: apt_update + - name: jitsimeet | add repository + lineinfile: + path: "/etc/apt/sources.list.d/jitsi-stable.list" + line: "deb https://download.jitsi.org stable/" + create: True + backup: True + notify: apt_update -- name: jitsimeet | flush handlers - meta: flush_handlers + - name: jitsimeet | flush handlers + meta: flush_handlers -- name: jitsimeet | add debconf-utils package - package: - name: debconf-utils - state: latest \ No newline at end of file + - name: jitsimeet | add debconf-utils package + package: + name: debconf-utils + state: latest + when: preinstalled == false or preinstalled is not defined \ No newline at end of file From 5d162d9f32ccd5f573513ed902385e3839dd684b Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 25 Feb 2022 10:51:34 +0100 Subject: [PATCH 11/13] corrected typos, set vars --- host_vars/debian-test.universe.local.yml | 1 + host_vars/mewimeet.de.yml | 1 + host_vars/ubuntu-test.universe.local.yml | 3 ++- roles/base/tasks/system_setup/hosts.yml | 4 +++- roles/jitsimeet/tasks/install_jitsimeet.yml | 3 +-- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/host_vars/debian-test.universe.local.yml b/host_vars/debian-test.universe.local.yml index 5d29e2b..cbc486c 100644 --- a/host_vars/debian-test.universe.local.yml +++ b/host_vars/debian-test.universe.local.yml @@ -1,2 +1,3 @@ --- netdata: true +set_hosts: true diff --git a/host_vars/mewimeet.de.yml b/host_vars/mewimeet.de.yml index 188f976..bbcddd8 100644 --- a/host_vars/mewimeet.de.yml +++ b/host_vars/mewimeet.de.yml @@ -14,6 +14,7 @@ raspberry_pi: false preinstalled: true # server +set_hosts: false unattended_upgrades: true web_server: true netdata: true diff --git a/host_vars/ubuntu-test.universe.local.yml b/host_vars/ubuntu-test.universe.local.yml index f267560..fd66c59 100644 --- a/host_vars/ubuntu-test.universe.local.yml +++ b/host_vars/ubuntu-test.universe.local.yml @@ -2,4 +2,5 @@ copy_ssh_priv_keys: true netdata: true webserver: true -nginx: true \ No newline at end of file +nginx: true +set_hosts: true \ No newline at end of file diff --git a/roles/base/tasks/system_setup/hosts.yml b/roles/base/tasks/system_setup/hosts.yml index c57231d..b1ae9e3 100644 --- a/roles/base/tasks/system_setup/hosts.yml +++ b/roles/base/tasks/system_setup/hosts.yml @@ -7,4 +7,6 @@ group: 'root' loop: - { ip: '192.168.1.240', fqdn: 'gitlab.social.my-wan.de'} - when: set_hosts is defined and set_hosts == true \ No newline at end of file + when: + - set_hosts is defined + - set_hosts == true \ No newline at end of file diff --git a/roles/jitsimeet/tasks/install_jitsimeet.yml b/roles/jitsimeet/tasks/install_jitsimeet.yml index 744bbf2..6fe1d7e 100644 --- a/roles/jitsimeet/tasks/install_jitsimeet.yml +++ b/roles/jitsimeet/tasks/install_jitsimeet.yml @@ -16,11 +16,10 @@ # - jitsi-meet-web-config # - jitsi-videobridge2 -- block +- block: - name: jitsimeet | set debconf vars shell: cmd: "{{ playbook_dir }}/roles/jitsimeet/files/set_debconf.sh {{ jitsi_fqdn }}" - - name: jitsimeet | install packages package: name: From 16cb75a48e95b260a282457a4529d0f38817b1ee Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 25 Feb 2022 10:54:08 +0100 Subject: [PATCH 12/13] corrected hostname --- hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts b/hosts index 74d6c7e..f31ec70 100644 --- a/hosts +++ b/hosts @@ -26,7 +26,7 @@ coruscant.universe.local [jitsimeet] #ubuntu-test jitsi_fqdn=mewimeet.de -mewimeet jitsi_fqdn=mewimeet.de +mewimeet.de jitsi_fqdn=mewimeet.de [mailserver] coruscant.universe.local From 03e72aad7b30a1b40b5e221302f5b56fa25bf1a3 Mon Sep 17 00:00:00 2001 From: rene Date: Fri, 25 Feb 2022 10:58:40 +0100 Subject: [PATCH 13/13] corrected block statement --- roles/jitsimeet/tasks/prepare_system.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/jitsimeet/tasks/prepare_system.yml b/roles/jitsimeet/tasks/prepare_system.yml index 6b17a97..0b96251 100644 --- a/roles/jitsimeet/tasks/prepare_system.yml +++ b/roles/jitsimeet/tasks/prepare_system.yml @@ -6,7 +6,7 @@ DefaultLimitNPROC=65000 DefaultTasksMax=65000 -- block +- block: - name: jitsimeet | reload systemd systemd: daemon_reload: true