Merge branch 'master' into rsync_mirror_logging
All checks were successful
ansible-lint / gitleaks (pull_request) Successful in 7s
ansible-lint / Ansible Lint (pull_request) Successful in 57s

This commit is contained in:
Michael Grote 2024-11-10 15:57:09 +01:00
commit 1f3c67019e
22 changed files with 37 additions and 36 deletions

View file

@ -39,4 +39,4 @@
dest: "{{ acng_security_conf_path }}"
mode: "0640"
notify: acng_starten_aktivieren
no_log: true
no_log: "{{ no_debug | default('true') }}"

View file

@ -32,4 +32,4 @@
dest: "{{ acng_security_conf_path }}"
mode: "0640"
notify: acng_starten_aktivieren
no_log: true
no_log: "{{ no_debug | default('true') }}"

View file

@ -5,7 +5,7 @@
when:
- item.state == "present"
- docker_compose_projects is defined
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: loop docker tasks - down
ansible.builtin.include_tasks: dockercompose-down.yml
@ -13,4 +13,4 @@
when:
- item.state == "absent"
- docker_compose_projects is defined
no_log: true
no_log: "{{ no_debug | default('true') }}"

View file

@ -38,7 +38,7 @@
owner: "{{ minio_user }}"
group: "{{ minio_user }}"
notify: (re)start service
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: template systemd-unit
become: true

View file

@ -38,7 +38,7 @@
owner: "{{ minio_user }}"
group: "{{ minio_user }}"
notify: (re)start service
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: template systemd-unit
become: true

View file

@ -13,7 +13,7 @@
group: root
mode: '0400'
when: key.rc not in [ 0 ]
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: apply private key # noqa no-changed-when
ansible.builtin.command: kubectl apply -f /root/private.key

View file

@ -7,7 +7,7 @@
owner: "{{ sanoid_user }}"
group: "{{ sanoid_user_group }}"
mode: "0400"
no_log: true
no_log: "{{ no_debug | default('true') }}"
when:
- sanoid_syncoid_destination_host

View file

@ -1,5 +1,6 @@
---
### wird in vielen Rollen verwendet
no_debug: true # when set to true "no_log" is also set to true
ansible_facts_parallel: true
ssh_public_key_mg: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKL8opSQ0rWVw9uCfbuiqmXq188OP4xh66MBTO3zV5jo heimserver_mg_v3
my_mail: michael.grote@posteo.de

View file

@ -6,7 +6,7 @@
owner: root
group: root
mode: "0644"
no_log: true
no_log: "{{ no_debug | default('true') }}"
notify:
- systemctl daemon-reload

View file

@ -26,7 +26,7 @@
src: "{{ item }}"
dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') }}"
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -not -name *.j2 ').split('\n') }}"
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: ensure templated files exists
ansible.builtin.template:
@ -36,7 +36,7 @@
src: "{{ item }}"
dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') | replace('.j2', '') }}"
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}"
no_log: true
no_log: "{{ no_debug | default('true') }}"
register: copy_template
- name: Ensure needed networks exists

View file

@ -12,4 +12,4 @@
#pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/
with_items:
- "{{ smb_users }}"
no_log: true
no_log: "{{ no_debug | default('true') }}"

View file

@ -14,5 +14,5 @@
remove: "{{ item.remove_dir | default('false') }}"
create_home: false
loop: "{{ smb_users }}"
no_log: true
no_log: "{{ no_debug | default('true') }}"
notify: set samba passwords

View file

@ -6,7 +6,7 @@
# den jeweiligen group/host-Vars!
- name: Check if Admin-User exists
no_log: true
no_log: "{{ no_debug | default('true') }}"
become_user: gitea
become: true
ansible.builtin.command: |
@ -16,7 +16,7 @@
changed_when: false
- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
no_log: true
no_log: "{{ no_debug | default('true') }}"
become_user: gitea
become: true
ansible.builtin.command: |

View file

@ -5,7 +5,7 @@
# und
# den jeweiligen group/host-Vars!
- name: Ensure LDAP config is set up
no_log: true
no_log: "{{ no_debug | default('true') }}"
become_user: gitea
become: true
ansible.builtin.command: |
@ -31,7 +31,7 @@
changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet
- name: Modify LDAP config
no_log: true
no_log: "{{ no_debug | default('true') }}"
become_user: gitea
become: true
ansible.builtin.command: |

View file

@ -30,7 +30,7 @@
url: "{{ minio_url }}"
state: "{{ item.state | default('present') }}"
loop: "{{ minio_users }}"
no_log: true
no_log: "{{ no_debug | default('true') }}"
# Bug: delegate_to: localhost
# in ansible-devspace wird das Python Paket "minio" nicht gefunden

View file

@ -13,7 +13,7 @@
state: directory
mode: "0777"
loop: "{{ cifs_mounts }}"
no_log: true
no_log: "{{ no_debug | default('true') }}"
when: cifs_mounts is defined
- name: create credential-file
@ -25,7 +25,7 @@
group: root
mode: '0400'
loop: "{{ cifs_mounts }}"
no_log: true
no_log: "{{ no_debug | default('true') }}"
when: cifs_mounts is defined
- name: mount cifs volumes
@ -40,5 +40,5 @@
dump: "0"
passno: "0"
loop: "{{ cifs_mounts }}"
no_log: true
no_log: "{{ no_debug | default('true') }}"
when: cifs_mounts is defined

View file

@ -9,7 +9,7 @@
force_basic_auth: true
loop: "{{ munin_node_plugins }}"
notify: restart munin-node
no_log: true
no_log: "{{ no_debug | default('true') }}"
check_mode: false # damit werden auch im check-mode die Plugins heruntergeladen, sonst schlägt der nächste Task fehl
- name: Enable additional plugins
@ -19,7 +19,7 @@
state: link
notify: restart munin-node
loop: "{{ munin_node_plugins }}"
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: Template additional plugin-config
ansible.builtin.copy:
@ -31,7 +31,7 @@
notify: restart munin-node
loop: "{{ munin_node_plugins }}"
when: item.config is defined
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: Ensure munin-node is running
ansible.builtin.service:

View file

@ -12,7 +12,7 @@
ansible.builtin.command: "pvesm add pbs {{ item.name }} --server {{ item.server }} --datastore {{ item.datastore }} --username {{ item.username }} --password {{ item.password }} --fingerprint {{ item.fingerprint }}"
loop: "{{ pve_pbs_datastore }}"
when: "item.name not in storages.stdout"
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: ensure datastore is configured
become: true
@ -20,4 +20,4 @@
loop: "{{ pve_pbs_datastore }}"
when: "item.name in storages.stdout"
changed_when: false
no_log: true
no_log: "{{ no_debug | default('true') }}"

View file

@ -10,7 +10,7 @@
ansible.builtin.command: "proxmox-backup-manager user create {{ item.name }}@{{ item.realm }}"
loop: "{{ pbs_users }}"
when: "item.name not in users.stdout"
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: check again which users exist
become: true
@ -24,4 +24,4 @@
loop: "{{ pbs_users }}"
when: "item.name in users.stdout"
changed_when: false
no_log: true
no_log: "{{ no_debug | default('true') }}"

View file

@ -29,7 +29,7 @@
owner: "{{ restic_user }}"
group: "{{ restic_group }}"
mode: "0600"
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: templates excludes
become: true
@ -49,7 +49,7 @@
owner: root
group: root
mode: "0600"
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: template restic.mount
become: true

View file

@ -20,7 +20,7 @@
owner: "{{ rsync_mirror_user }}"
group: "{{ rsync_mirror_user_group }}"
mode: "0400"
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: Ensure rsync_mirror-Script is templated
become: true

View file

@ -5,7 +5,7 @@
loop: "{{ users }}"
when: item.groups is defined
become: false
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: Ensure groups exist
ansible.builtin.group:
@ -13,7 +13,7 @@
state: present
loop: '{{ groups_as_list }}'
when: groups_as_list is defined
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: Ensure users exist
ansible.builtin.user:
@ -26,7 +26,7 @@
createhome: "{{ item.createhome | default('yes') }}"
state: "{{ item.state | default('present') }}"
loop: '{{ users }}'
no_log: true
no_log: "{{ no_debug | default('true') }}"
- name: Ensure user ssh-keys exist
ansible.posix.authorized_key:
@ -35,7 +35,7 @@
state: "{{ item.state | default('present') }}"
when: item.public_ssh_key is defined
loop: '{{ users }}'
no_log: true
no_log: "{{ no_debug | default('true') }}"
# teilweiser revert von https://git.mgrote.net/mg/homeserver/commit/506fa8da8d8c4ca74d0d78d044468b991d0d560a
# das modul erstellt die sudoers falsch:
@ -58,4 +58,4 @@
mode: "0440"
loop: '{{ users }}'
when: item.allow_sudo|default(false) and item.allow_sudo is defined
no_log: true
no_log: "{{ no_debug | default('true') }}"