fix linter errors (#584)
Reviewed-on: #584 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
parent
ccaaabc1be
commit
7a24089031
758 changed files with 7206 additions and 24226 deletions
|
@ -3,6 +3,8 @@ skip_list:
|
||||||
- yaml[line-length]
|
- yaml[line-length]
|
||||||
- name[casing]
|
- name[casing]
|
||||||
- yaml[comments]
|
- yaml[comments]
|
||||||
|
- name[play]
|
||||||
|
- var-naming[no-role-prefix]
|
||||||
quiet: true
|
quiet: true
|
||||||
exclude_paths:
|
exclude_paths:
|
||||||
- .cache/ # implicit unless exclude_paths is defined in config
|
- .cache/ # implicit unless exclude_paths is defined in config
|
||||||
|
@ -22,3 +24,5 @@ exclude_paths:
|
||||||
- roles/robertdebock.bootstrap
|
- roles/robertdebock.bootstrap
|
||||||
- roles/PyratLabs.k3s
|
- roles/PyratLabs.k3s
|
||||||
- .gitlab-ci.yml
|
- .gitlab-ci.yml
|
||||||
|
- friedhof/
|
||||||
|
- playbooks/on-off
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
# This file contains ignores rule violations for ansible-lint
|
|
||||||
playbooks/on-off/remove_old_ssh_key.yml name[play]
|
|
||||||
playbooks/on-off/remove_old_ssh_key.yml yaml[truthy]
|
|
16
.drone.yml
16
.drone.yml
|
@ -23,7 +23,7 @@ steps:
|
||||||
commands:
|
commands:
|
||||||
- ansible-lint --version
|
- ansible-lint --version
|
||||||
- echo $ANSIBLE_VAULT_PASSWORD > ./vault-pass.yml
|
- echo $ANSIBLE_VAULT_PASSWORD > ./vault-pass.yml
|
||||||
- ansible-lint
|
- ansible-lint --force-color --format pep8
|
||||||
when:
|
when:
|
||||||
event:
|
event:
|
||||||
exclude:
|
exclude:
|
||||||
|
@ -31,17 +31,3 @@ steps:
|
||||||
environment:
|
environment:
|
||||||
ANSIBLE_VAULT_PASSWORD:
|
ANSIBLE_VAULT_PASSWORD:
|
||||||
from_secret: vault-pass
|
from_secret: vault-pass
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
type: docker
|
|
||||||
name: yaml-lint
|
|
||||||
steps:
|
|
||||||
- name: yamllint
|
|
||||||
image: cytopia/yamllint:1
|
|
||||||
commands:
|
|
||||||
- /usr/bin/yamllint -f colored .
|
|
||||||
when:
|
|
||||||
event:
|
|
||||||
exclude:
|
|
||||||
- tag
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
ignore:
|
|
||||||
- ./roles/pandemonium1986.ansible-role-k9s
|
|
||||||
- ./roles/robertdebock.bootstrap
|
|
|
@ -1,4 +1 @@
|
||||||
# ansible_heimserver
|
# ansible_heimserver
|
||||||
|
|
||||||
## example-cli
|
|
||||||
`ansible-playbook playbooks/base/0_master.yml -i inventory --key-file id_rsa_ansible_user --vault-password-file vault-pass.yml --limit jenkins-test.grote.lan`
|
|
||||||
|
|
|
@ -15,11 +15,6 @@ defaults:
|
||||||
stylesheet:
|
stylesheet:
|
||||||
- 'assets/catppuccin-frappe.css'
|
- 'assets/catppuccin-frappe.css'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
links:
|
links:
|
||||||
- name: "Homepage"
|
- name: "Homepage"
|
||||||
icon: "fas fa-heartbeat"
|
icon: "fas fa-heartbeat"
|
||||||
|
|
|
@ -6,7 +6,7 @@ services:
|
||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- uploads:/usr/local/apache2/htdocs/
|
- uploads:/usr/local/apache2/htdocs/
|
||||||
- "${PWD}/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro"
|
- "/docker/httpd/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro"
|
||||||
ports:
|
ports:
|
||||||
- 3344:80
|
- 3344:80
|
||||||
labels:
|
labels:
|
||||||
|
|
6
friedhof/mgrote_acng/defaults/main.yml
Normal file
6
friedhof/mgrote_acng/defaults/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
acng_exthreshold: "60"
|
||||||
|
acng_server_port: "9999"
|
||||||
|
acng_security_conf_path: "/etc/apt-cacher-ng/security.conf"
|
||||||
|
acng_server_auth_user: acngadmin
|
||||||
|
acng_server_auth_pass: klauspeter
|
7
friedhof/mgrote_acng/handlers/main.yml
Normal file
7
friedhof/mgrote_acng/handlers/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: acng_starten_aktivieren
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: apt-cacher-ng
|
||||||
|
enabled: true
|
||||||
|
state: restarted
|
6
friedhof/mgrote_acng/mgrote.acng/defaults/main.yml
Normal file
6
friedhof/mgrote_acng/mgrote.acng/defaults/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
acng_exthreshold: "60"
|
||||||
|
acng_server_port: "9999"
|
||||||
|
acng_security_conf_path: "/etc/apt-cacher-ng/security.conf"
|
||||||
|
acng_server_auth_user: acngadmin
|
||||||
|
acng_server_auth_pass: klauspeter
|
7
friedhof/mgrote_acng/mgrote.acng/handlers/main.yml
Normal file
7
friedhof/mgrote_acng/mgrote.acng/handlers/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: acng_starten_aktivieren
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: apt-cacher-ng
|
||||||
|
enabled: true
|
||||||
|
state: restarted
|
42
friedhof/mgrote_acng/mgrote.acng/tasks/main.yml
Normal file
42
friedhof/mgrote_acng/mgrote.acng/tasks/main.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
- name: ensure directories exists
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- /etc/apt-cacher-ng
|
||||||
|
- /var/cache/apt-cacher-ng
|
||||||
|
|
||||||
|
- name: ensure directories have the right permissions
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: apt-cacher-ng
|
||||||
|
group: apt-cacher-ng
|
||||||
|
loop:
|
||||||
|
- /var/cache/apt-cacher-ng
|
||||||
|
|
||||||
|
- name: templating acng.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "acng.conf"
|
||||||
|
dest: "/etc/apt-cacher-ng/acng.conf"
|
||||||
|
mode: "0664"
|
||||||
|
notify: acng_starten_aktivieren
|
||||||
|
|
||||||
|
- name: install apt-cacher-ng packages
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: apt-cacher-ng
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: templating security.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "security.conf"
|
||||||
|
dest: "{{ acng_security_conf_path }}"
|
||||||
|
mode: "0640"
|
||||||
|
notify: acng_starten_aktivieren
|
||||||
|
no_log: true
|
35
friedhof/mgrote_acng/tasks/main.yml
Normal file
35
friedhof/mgrote_acng/tasks/main.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
- name: ensure directories exists
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: apt-cacher-ng
|
||||||
|
group: apt-cacher-ng
|
||||||
|
mode: "0644"
|
||||||
|
loop:
|
||||||
|
- /etc/apt-cacher-ng
|
||||||
|
- /var/cache/apt-cacher-ng
|
||||||
|
|
||||||
|
- name: templating acng.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "acng.conf"
|
||||||
|
dest: "/etc/apt-cacher-ng/acng.conf"
|
||||||
|
mode: "0644"
|
||||||
|
notify: acng_starten_aktivieren
|
||||||
|
|
||||||
|
- name: install apt-cacher-ng packages
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: apt-cacher-ng
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: templating security.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "security.conf"
|
||||||
|
dest: "{{ acng_security_conf_path }}"
|
||||||
|
mode: "0640"
|
||||||
|
notify: acng_starten_aktivieren
|
||||||
|
no_log: true
|
2
friedhof/mgrote_alacritty/defaults/main.yml
Normal file
2
friedhof/mgrote_alacritty/defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
alacritty_url: http://docker10.grote.lan:3344/alacritty-latest.tar.gz
|
8
friedhof/mgrote_alacritty/mgrote.alacritty/README.md
Normal file
8
friedhof/mgrote_alacritty/mgrote.alacritty/README.md
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
## mgrote.alacritty
|
||||||
|
### Beschreibung
|
||||||
|
Installiert alacritty.
|
||||||
|
|
||||||
|
|
||||||
|
### getestet auf
|
||||||
|
- [x] Ubuntu (>=18.04)
|
||||||
|
- [x] Linux Mint
|
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
alacritty_url: http://docker10.grote.lan:3344/alacritty-latest.tar.gz
|
11
friedhof/mgrote_alacritty/mgrote.alacritty/tasks/main.yml
Normal file
11
friedhof/mgrote_alacritty/mgrote.alacritty/tasks/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: download binary
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: "{{ alacritty_url }}"
|
||||||
|
dest: /usr/local/bin
|
||||||
|
remote_src: true
|
||||||
|
|
||||||
|
- name: set permissions
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /usr/local/bin/alacritty
|
||||||
|
mode: '0755'
|
11
friedhof/mgrote_alacritty/tasks/main.yml
Normal file
11
friedhof/mgrote_alacritty/tasks/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: download binary
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: "{{ alacritty_url }}"
|
||||||
|
dest: /usr/local/bin
|
||||||
|
remote_src: true
|
||||||
|
|
||||||
|
- name: set permissions
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /usr/local/bin/alacritty
|
||||||
|
mode: '0755'
|
40
friedhof/mgrote_apcupsd/defaults/main.yml
Normal file
40
friedhof/mgrote_apcupsd/defaults/main.yml
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
---
|
||||||
|
## Values: http://www.apcupsd.org/manual/manual.html
|
||||||
|
|
||||||
|
## Master
|
||||||
|
# Wenn "true" ist dieser Host master.
|
||||||
|
apcupsd_nis_master: true
|
||||||
|
|
||||||
|
# Interface auf dem der "Master" erreichbar ist.
|
||||||
|
apcupsd_nis_master_listen_ip: 0.0.0.0
|
||||||
|
|
||||||
|
# Post auf dem der "Master" erreichbar ist.
|
||||||
|
apcupsd_nis_master_listen_port: 3551
|
||||||
|
|
||||||
|
# Name der USV
|
||||||
|
apcupsd_ups_name: APC-BX950U-GR
|
||||||
|
|
||||||
|
## Slave
|
||||||
|
# Zeitspanne zwischen dem pollen
|
||||||
|
apcupsd_slave_polltime: 10 #in Sekunden
|
||||||
|
|
||||||
|
|
||||||
|
## Master & Slave
|
||||||
|
# FQDN oder IP des "master"
|
||||||
|
apcupsd_nis_master_hostname: pve2.grote.lan
|
||||||
|
|
||||||
|
# Zeitspanne in Sekunden, ab der der Systemdienst einen Stromausfall annimmt. Nuetzlich, um sehr kurze Ausfaelle ignorieren zu koennen.
|
||||||
|
apcupsd_master_onbatterydelay: 10
|
||||||
|
apcupsd_slave_onbatterydelay: 10
|
||||||
|
|
||||||
|
# Durch die USV gemeldete Restkapazitaet in Prozent, ab der der Rechner heruntergefahren wird.
|
||||||
|
apcupsd_master_batterylevel_for_shutdown: 50
|
||||||
|
apcupsd_slave_batterylevel_for_shutdown: 60
|
||||||
|
|
||||||
|
# apcupsd will shutdown the system during a power failure when the remaining runtime on batteries as internally calculated by the UPS falls below the specified minutes. Jeweils Master und Slave.
|
||||||
|
apcupsd_master_minutes_for_shutdown: 10
|
||||||
|
apcupsd_slave_minutes_for_shutdown: 11
|
||||||
|
|
||||||
|
# Specifies when apcupsd should create the NOLOGON file to prevent users from logging on to the system. Jeweils Master und Slave.
|
||||||
|
apcupsd_master_nologon_when_active: always
|
||||||
|
apcupsd_slave_nologon_when_active: always
|
12
friedhof/mgrote_apcupsd/handlers/main.yml
Normal file
12
friedhof/mgrote_apcupsd/handlers/main.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: restart_apcupsd #wird aufgerufen wenn apcupsd.conf_kopieren nach aenderungen den status "changed hat"
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: apcupsd
|
||||||
|
state: restarted
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: apc_access_mail
|
||||||
|
ansible.builtin.shell:
|
||||||
|
cmd: set -o pipefail && /usr/sbin/apcaccess | mail -s "{{ ansible_hostname }}" {{ empfaenger_mail }}
|
||||||
|
executable: /bin/bash
|
14
friedhof/mgrote_apcupsd/meta/main.yml
Normal file
14
friedhof/mgrote_apcupsd/meta/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: mgrote_postfix
|
||||||
|
galaxy_info:
|
||||||
|
author: mgrote
|
||||||
|
description: installs apcupsd
|
||||||
|
min_ansible_version: 2.0
|
||||||
|
license: GPLv3
|
||||||
|
platforms:
|
||||||
|
- name: Proxmox
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
galaxy_tags:
|
||||||
|
- system
|
20
friedhof/mgrote_apcupsd/mgrote.apcupsd/README.md
Normal file
20
friedhof/mgrote_apcupsd/mgrote.apcupsd/README.md
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
## mgrote.apcupsd
|
||||||
|
|
||||||
|
### Beschreibung
|
||||||
|
* Installiert apcupsd.
|
||||||
|
* Auf einem PC als "Master", hier ist die USV per USB angeschlossen.
|
||||||
|
* Auf allen anderen PCs als "Slave", diese OCs pollen alle <n> Sekunden den Master.
|
||||||
|
* Benoetigt mgrote.postfix.
|
||||||
|
* Getestet mit: APC-BX950U-GR
|
||||||
|
|
||||||
|
### Links
|
||||||
|
* http://www.apcupsd.org/manual/#checking-your-configuration-file
|
||||||
|
* https://linux.die.net/man/5/apcupsd.conf
|
||||||
|
|
||||||
|
|
||||||
|
### getestet auf
|
||||||
|
- [x] ProxMox 6.1
|
||||||
|
- [x] ProxMox 7
|
||||||
|
|
||||||
|
### Variablen + Defaults
|
||||||
|
- siehe [defaults/main.yml](./defaults/main.yml)
|
40
friedhof/mgrote_apcupsd/mgrote.apcupsd/defaults/main.yml
Normal file
40
friedhof/mgrote_apcupsd/mgrote.apcupsd/defaults/main.yml
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
---
|
||||||
|
## Values: http://www.apcupsd.org/manual/manual.html
|
||||||
|
|
||||||
|
## Master
|
||||||
|
# Wenn "true" ist dieser Host master.
|
||||||
|
apcupsd_nis_master: true
|
||||||
|
|
||||||
|
# Interface auf dem der "Master" erreichbar ist.
|
||||||
|
apcupsd_nis_master_listen_ip: 0.0.0.0
|
||||||
|
|
||||||
|
# Post auf dem der "Master" erreichbar ist.
|
||||||
|
apcupsd_nis_master_listen_port: 3551
|
||||||
|
|
||||||
|
# Name der USV
|
||||||
|
apcupsd_ups_name: APC-BX950U-GR
|
||||||
|
|
||||||
|
## Slave
|
||||||
|
# Zeitspanne zwischen dem pollen
|
||||||
|
apcupsd_slave_polltime: 10 #in Sekunden
|
||||||
|
|
||||||
|
|
||||||
|
## Master & Slave
|
||||||
|
# FQDN oder IP des "master"
|
||||||
|
apcupsd_nis_master_hostname: pve2.grote.lan
|
||||||
|
|
||||||
|
# Zeitspanne in Sekunden, ab der der Systemdienst einen Stromausfall annimmt. Nuetzlich, um sehr kurze Ausfaelle ignorieren zu koennen.
|
||||||
|
apcupsd_master_onbatterydelay: 10
|
||||||
|
apcupsd_slave_onbatterydelay: 10
|
||||||
|
|
||||||
|
# Durch die USV gemeldete Restkapazitaet in Prozent, ab der der Rechner heruntergefahren wird.
|
||||||
|
apcupsd_master_batterylevel_for_shutdown: 50
|
||||||
|
apcupsd_slave_batterylevel_for_shutdown: 60
|
||||||
|
|
||||||
|
# apcupsd will shutdown the system during a power failure when the remaining runtime on batteries as internally calculated by the UPS falls below the specified minutes. Jeweils Master und Slave.
|
||||||
|
apcupsd_master_minutes_for_shutdown: 10
|
||||||
|
apcupsd_slave_minutes_for_shutdown: 11
|
||||||
|
|
||||||
|
# Specifies when apcupsd should create the NOLOGON file to prevent users from logging on to the system. Jeweils Master und Slave.
|
||||||
|
apcupsd_master_nologon_when_active: always
|
||||||
|
apcupsd_slave_nologon_when_active: always
|
10
friedhof/mgrote_apcupsd/mgrote.apcupsd/handlers/main.yml
Normal file
10
friedhof/mgrote_apcupsd/mgrote.apcupsd/handlers/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: restart_apcupsd #wird aufgerufen wenn apcupsd.conf_kopieren nach aenderungen den status "changed hat"
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: apcupsd
|
||||||
|
state: restarted
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: apc_access_mail
|
||||||
|
ansible.builtin.shell: /usr/sbin/apcaccess | mail -s "{{ ansible_hostname }}" {{ empfaenger_mail }}
|
14
friedhof/mgrote_apcupsd/mgrote.apcupsd/meta/main.yml
Normal file
14
friedhof/mgrote_apcupsd/mgrote.apcupsd/meta/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: mgrote_postfix
|
||||||
|
galaxy_info:
|
||||||
|
author: mgrote
|
||||||
|
description: installs apcupsd
|
||||||
|
min_ansible_version: 2.0
|
||||||
|
license: GPLv3
|
||||||
|
platforms:
|
||||||
|
- name: Proxmox
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
galaxy_tags:
|
||||||
|
- system
|
42
friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/main.yml
Normal file
42
friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/main.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
- name: install apcupsd packages
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- apcupsd
|
||||||
|
- apcupsd-cgi
|
||||||
|
- apcupsd-doc
|
||||||
|
state: present
|
||||||
|
become: true
|
||||||
|
notify: apc_access_mail
|
||||||
|
|
||||||
|
- name: create master config
|
||||||
|
ansible.builtin.include_tasks: master.yml
|
||||||
|
when:
|
||||||
|
- apcupsd_nis_master
|
||||||
|
- apcupsd_nis_master is defined
|
||||||
|
|
||||||
|
- name: create slave config
|
||||||
|
ansible.builtin.include_tasks: slave.yml
|
||||||
|
when:
|
||||||
|
- not apcupsd_nis_master
|
||||||
|
- apcupsd_nis_master is defined
|
||||||
|
|
||||||
|
- name: copy apcupsd file
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "apcupsd"
|
||||||
|
dest: "/etc/default/apcupsd"
|
||||||
|
|
||||||
|
- name: set mail recipient
|
||||||
|
become: true
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/apcupsd/apccontrol #wo
|
||||||
|
regexp: export SYSADMIN=root #suche nach
|
||||||
|
line: export SYSADMIN={{ empfaenger_mail }} #ersetze durch...
|
||||||
|
backrefs: true #verhindert das die zeile bei "nicht zutreffen" am ende der datei angefuegt wird: https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html#parameters
|
||||||
|
|
||||||
|
- name: copy test script
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "apccontrol.save"
|
||||||
|
dest: "/etc/apcupsd/apccontrol.save"
|
7
friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/master.yml
Normal file
7
friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/master.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: templating master_apcupsd.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "master_apcupsd.conf"
|
||||||
|
dest: "/etc/apcupsd/apcupsd.conf"
|
||||||
|
notify: restart_apcupsd #benachrichtigt handlers/main.yml-restart-apcupsd_restart um den dient neuzustarten, nur wenn hier status "changed" ausgeworfen wird"
|
7
friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/slave.yml
Normal file
7
friedhof/mgrote_apcupsd/mgrote.apcupsd/tasks/slave.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: templating slave_apcupsd.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "slave_apcupsd.conf"
|
||||||
|
dest: "/etc/apcupsd/apcupsd.conf"
|
||||||
|
notify: restart_apcupsd #benachrichtigt handlers/main.yml-restart-apcupsd_restart um den dient neuzustarten, nur wenn hier status "changed" ausgeworfen wird"
|
42
friedhof/mgrote_apcupsd/tasks/main.yml
Normal file
42
friedhof/mgrote_apcupsd/tasks/main.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
- name: install apcupsd packages
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- apcupsd
|
||||||
|
- apcupsd-cgi
|
||||||
|
- apcupsd-doc
|
||||||
|
state: present
|
||||||
|
become: true
|
||||||
|
notify: apc_access_mail
|
||||||
|
|
||||||
|
- name: create master config
|
||||||
|
ansible.builtin.include_tasks: master.yml
|
||||||
|
when:
|
||||||
|
- apcupsd_nis_master
|
||||||
|
- apcupsd_nis_master is defined
|
||||||
|
|
||||||
|
- name: create slave config
|
||||||
|
ansible.builtin.include_tasks: slave.yml
|
||||||
|
when:
|
||||||
|
- not apcupsd_nis_master
|
||||||
|
- apcupsd_nis_master is defined
|
||||||
|
|
||||||
|
- name: copy apcupsd file
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "apcupsd"
|
||||||
|
dest: "/etc/default/apcupsd"
|
||||||
|
|
||||||
|
- name: set mail recipient
|
||||||
|
become: true
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/apcupsd/apccontrol #wo
|
||||||
|
regexp: export SYSADMIN=root #suche nach
|
||||||
|
line: export SYSADMIN={{ empfaenger_mail }} #ersetze durch...
|
||||||
|
backrefs: true #verhindert das die zeile bei "nicht zutreffen" am ende der datei angefuegt wird: https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html#parameters
|
||||||
|
|
||||||
|
- name: copy test script
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "apccontrol.save"
|
||||||
|
dest: "/etc/apcupsd/apccontrol.save"
|
7
friedhof/mgrote_apcupsd/tasks/master.yml
Normal file
7
friedhof/mgrote_apcupsd/tasks/master.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: templating master_apcupsd.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "master_apcupsd.conf"
|
||||||
|
dest: "/etc/apcupsd/apcupsd.conf"
|
||||||
|
notify: restart_apcupsd #benachrichtigt handlers/main.yml-restart-apcupsd_restart um den dient neuzustarten, nur wenn hier status "changed" ausgeworfen wird"
|
7
friedhof/mgrote_apcupsd/tasks/slave.yml
Normal file
7
friedhof/mgrote_apcupsd/tasks/slave.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- name: templating slave_apcupsd.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "slave_apcupsd.conf"
|
||||||
|
dest: "/etc/apcupsd/apcupsd.conf"
|
||||||
|
notify: restart_apcupsd #benachrichtigt handlers/main.yml-restart-apcupsd_restart um den dient neuzustarten, nur wenn hier status "changed" ausgeworfen wird"
|
138
friedhof/mgrote_apcupsd/templates/apccontrol.save
Normal file
138
friedhof/mgrote_apcupsd/templates/apccontrol.save
Normal file
|
@ -0,0 +1,138 @@
|
||||||
|
{{ file_header | default () }}
|
||||||
|
#!@SCRIPTSHELL@
|
||||||
|
#
|
||||||
|
# Safe apccontrol for testing.
|
||||||
|
#
|
||||||
|
# This apccontrol can be used for testing without fear
|
||||||
|
# that it will bring your system down
|
||||||
|
# @configure_input@
|
||||||
|
#
|
||||||
|
prefix=@prefix@
|
||||||
|
exec_prefix=@exec_prefix@
|
||||||
|
APCUPSD=@sbindir@/apcupsd
|
||||||
|
SHUTDOWN=@SHUTDOWN@
|
||||||
|
SCRIPTDIR=@sysconfdir@
|
||||||
|
|
||||||
|
#
|
||||||
|
case "$1" in
|
||||||
|
killpower)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: ${APCUPSD} --killpower would have been.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
commfailure)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: Communications with UPS lost.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
commok)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: Communciations with UPS restored.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
powerout)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: Warning power loss detected.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
onbattery)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: Power failure. Running on UPS batteries.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
offbattery)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: Off battery. Mains returned.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
failing)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: UPS battery power exhausted. Doing shutdown.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
timeout)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: UPS battery runtime limit exceeded. Doing shutdown.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
loadlimit)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: UPS battery discharge limit reached. Doing shutdown.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
runlimit)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: UPS battery runtime percent reached. Doing shutdown.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
doreboot)
|
||||||
|
wall <EOF
|
||||||
|
apccontrol: ${SHUTDOWN} for reboot would have been called.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
doshutdown)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: ${SHUTDOWN} for halt would have been called.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
mainsback)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: Power has returned...
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
annoyme)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: Power problems please logoff.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
emergency)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: ${SHUTDOWN} for emergency halt would have been called.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
changeme)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: Emergency! UPS batteries have failed.
|
||||||
|
|
||||||
|
Change them NOW !
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
remotedown)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: ${SHUTDOWN} for remote halt would have been called.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
startselftest)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: start self test would have been called.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
endselftest)
|
||||||
|
wall <<EOF
|
||||||
|
apccontrol: end self test would have been called.
|
||||||
|
|
||||||
|
EOF
|
||||||
|
;;
|
||||||
|
*) echo "Usage: ${0##*/} command"
|
||||||
|
echo " warning: this script is intended to be launched by"
|
||||||
|
echo " apcupsd and should never be launched by users."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
1
friedhof/mgrote_apcupsd/templates/apcupsd
Normal file
1
friedhof/mgrote_apcupsd/templates/apcupsd
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ISCONFIGURED=yes
|
17
friedhof/mgrote_apcupsd/templates/master_apcupsd.conf
Normal file
17
friedhof/mgrote_apcupsd/templates/master_apcupsd.conf
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
## apcupsd.conf v1.1 ##
|
||||||
|
{{ file_header | default () }}
|
||||||
|
UPSCABLE usb
|
||||||
|
|
||||||
|
UPSTYPE usb
|
||||||
|
DEVICE
|
||||||
|
|
||||||
|
UPSNAME {{ apcupsd_ups_name }}
|
||||||
|
|
||||||
|
NETSERVER ON
|
||||||
|
NISIP {{ apcupsd_nis_master_listen_ip }}
|
||||||
|
NISPORT {{ apcupsd_nis_master_listen_port }}
|
||||||
|
|
||||||
|
ONBATTERYDELAY {{ apcupsd_master_onbatterydelay }}
|
||||||
|
BATTERYLEVEL {{ apcupsd_master_batterylevel_for_shutdown }}
|
||||||
|
MINUTES {{ apcupsd_master_minutes_for_shutdown }}
|
||||||
|
NOLOGON {{ apcupsd_master_nologon_when_active }}
|
16
friedhof/mgrote_apcupsd/templates/slave_apcupsd.conf
Normal file
16
friedhof/mgrote_apcupsd/templates/slave_apcupsd.conf
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
## apcupsd.conf v1.1 ##
|
||||||
|
{{ file_header | default () }}
|
||||||
|
|
||||||
|
UPSCABLE ether
|
||||||
|
UPSTYPE net
|
||||||
|
DEVICE {{ apcupsd_nis_master_hostname }}:{{ apcupsd_nis_master_listen_port }}
|
||||||
|
|
||||||
|
LOCKFILE /var/lock
|
||||||
|
UPSCLASS standalone
|
||||||
|
UPSMODE disable
|
||||||
|
POLLTIME {{ apcupsd_slave_polltime }}
|
||||||
|
|
||||||
|
ONBATTERYDELAY {{ apcupsd_slave_onbatterydelay }}
|
||||||
|
BATTERYLEVEL {{ apcupsd_slave_batterylevel_for_shutdown }}
|
||||||
|
MINUTES {{ apcupsd_slave_minutes_for_shutdown }}
|
||||||
|
NOLOGON {{ apcupsd_slave_nologon_when_active }}
|
41
friedhof/mgrote_dnsmasq_adblocker/defaults/main.yml
Normal file
41
friedhof/mgrote_dnsmasq_adblocker/defaults/main.yml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
# Welche DNS-Server soll dnsmasq anfragen?
|
||||||
|
dnsmasq_resolver:
|
||||||
|
- 9.9.9.9
|
||||||
|
- 1.1.1.1
|
||||||
|
# Soll dnsmasq alle Anfragen loggen?
|
||||||
|
dnsmasq_log_queries: false
|
||||||
|
# Wohin soll das Log geschrieben werden?
|
||||||
|
dnsmasq_logfile: /var/log/dnsmasq.log
|
||||||
|
# Welche BLocklisten sollen verwendet werden?
|
||||||
|
dnsmasq_blocklists:
|
||||||
|
- name: sysctl.org
|
||||||
|
state: present
|
||||||
|
url: http://sysctl.org/cameleon/hosts
|
||||||
|
- name: StevenBlack.1
|
||||||
|
state: present
|
||||||
|
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts
|
||||||
|
- name: StevenBlack.2
|
||||||
|
state: present
|
||||||
|
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts
|
||||||
|
- name: adaway.org
|
||||||
|
state: present
|
||||||
|
url: https://adaway.org/hosts.txt
|
||||||
|
- name: StevenBlack.3
|
||||||
|
state: present
|
||||||
|
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
|
||||||
|
- name: developerdan.1
|
||||||
|
state: present
|
||||||
|
url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
|
||||||
|
- name: developerdan.2
|
||||||
|
state: present
|
||||||
|
url: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt
|
||||||
|
# Wie groß soll der Cache sein?
|
||||||
|
dnsmasq_cache_size: 10000
|
||||||
|
# Auf welchem Port soll dnsmasq laufen?
|
||||||
|
dnsmasq_port: 53
|
||||||
|
# User und Gruppe für dnsmasq
|
||||||
|
dnsmasq_user_group: dnsmasq
|
||||||
|
dnsmasq_user: dnsmasq
|
||||||
|
# Which domain should never be forwarded tor the "dnsmasq_resolvers"
|
||||||
|
dnsmasq_never_forward_domain: local.lan
|
6
friedhof/mgrote_dnsmasq_adblocker/handlers/main.yml
Normal file
6
friedhof/mgrote_dnsmasq_adblocker/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: restart dnsmasq
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: dnsmasq
|
||||||
|
state: restarted
|
|
@ -0,0 +1,16 @@
|
||||||
|
## mgrote.dnsmasq-adblocker
|
||||||
|
|
||||||
|
### Beschreibung
|
||||||
|
Installiert ``dnsmasq`` als reinen DNS-Server mit Werbeblockerfunktion.
|
||||||
|
|
||||||
|
### getestet auf
|
||||||
|
- [X] Ubuntu (>=20.04)
|
||||||
|
|
||||||
|
|
||||||
|
### Variablen + Defaults
|
||||||
|
see [defaults](./defaults/main.yml)
|
||||||
|
|
||||||
|
### Abgekupfert bei
|
||||||
|
* https://alexellisuk.medium.com/lightweight-ad-blocking-with-dnsmasq-and-raspberry-pi-665dbb3242e3
|
||||||
|
* https://www.atemlire.io/how-to-easily-create-your-own-adblock-using-dnsmasq
|
||||||
|
* https://pi-hole.net
|
|
@ -0,0 +1,41 @@
|
||||||
|
---
|
||||||
|
# Welche DNS-Server soll dnsmasq anfragen?
|
||||||
|
dnsmasq_resolver:
|
||||||
|
- 9.9.9.9
|
||||||
|
- 1.1.1.1
|
||||||
|
# Soll dnsmasq alle Anfragen loggen?
|
||||||
|
dnsmasq_log_queries: false
|
||||||
|
# Wohin soll das Log geschrieben werden?
|
||||||
|
dnsmasq_logfile: /var/log/dnsmasq.log
|
||||||
|
# Welche BLocklisten sollen verwendet werden?
|
||||||
|
dnsmasq_blocklists:
|
||||||
|
- name: sysctl.org
|
||||||
|
state: present
|
||||||
|
url: http://sysctl.org/cameleon/hosts
|
||||||
|
- name: StevenBlack.1
|
||||||
|
state: present
|
||||||
|
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/KADhosts/hosts
|
||||||
|
- name: StevenBlack.2
|
||||||
|
state: present
|
||||||
|
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Spam/hosts
|
||||||
|
- name: adaway.org
|
||||||
|
state: present
|
||||||
|
url: https://adaway.org/hosts.txt
|
||||||
|
- name: StevenBlack.3
|
||||||
|
state: present
|
||||||
|
url: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
|
||||||
|
- name: developerdan.1
|
||||||
|
state: present
|
||||||
|
url: https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
|
||||||
|
- name: developerdan.2
|
||||||
|
state: present
|
||||||
|
url: https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt
|
||||||
|
# Wie groß soll der Cache sein?
|
||||||
|
dnsmasq_cache_size: 10000
|
||||||
|
# Auf welchem Port soll dnsmasq laufen?
|
||||||
|
dnsmasq_port: 53
|
||||||
|
# User und Gruppe für dnsmasq
|
||||||
|
dnsmasq_user_group: dnsmasq
|
||||||
|
dnsmasq_user: dnsmasq
|
||||||
|
# Which domain should never be forwarded tor the "dnsmasq_resolvers"
|
||||||
|
dnsmasq_never_forward_domain: local.lan
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: restart dnsmasq
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: dnsmasq
|
||||||
|
state: restarted
|
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
- name: download blocklist(s)
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: "{{ item.url }}"
|
||||||
|
dest: "/etc/dnsmasq.d/blocklists/{{ item.name }}"
|
||||||
|
owner: "{{ dnsmasq_user }}"
|
||||||
|
group: "{{ dnsmasq_user_group }}"
|
||||||
|
loop: "{{ dnsmasq_blocklists }}"
|
||||||
|
when: item.state == "present"
|
||||||
|
notify: restart dnsmasq
|
||||||
|
register: download
|
||||||
|
|
||||||
|
- name: remove blocklist(s)
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/etc/dnsmasq.d/blocklists/{{ item.name }}"
|
||||||
|
state: absent
|
||||||
|
loop: "{{ dnsmasq_blocklists }}"
|
||||||
|
when: item.state == "absent"
|
||||||
|
notify: restart dnsmasq
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: template /etc/dnsmasq.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: dnsmasq.conf.j2
|
||||||
|
dest: /etc/dnsmasq.conf
|
||||||
|
owner: "{{ dnsmasq_user }}"
|
||||||
|
group: "{{ dnsmasq_user_group }}"
|
||||||
|
notify: restart dnsmasq
|
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
- name: ensure packages are installed
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- dnsmasq
|
||||||
|
- wget
|
||||||
|
state: present
|
||||||
|
register: install
|
||||||
|
|
||||||
|
- name: stop dnsmasq (to prevent accidental DHCP-Server after installation)
|
||||||
|
become: true
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: dnsmasq
|
||||||
|
state: stopped
|
||||||
|
when: install.changed
|
||||||
|
|
||||||
|
- name: ensure group exists
|
||||||
|
become: true
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: "{{ dnsmasq_user_group }}"
|
||||||
|
state: present
|
||||||
|
when:
|
||||||
|
- dnsmasq_user_group is defined
|
||||||
|
|
||||||
|
- name: ensure user exists
|
||||||
|
become: true
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ dnsmasq_user }}"
|
||||||
|
group: "{{ dnsmasq_user_group }}"
|
||||||
|
ansible.builtin.shell: /usr/sbin/nologin
|
||||||
|
create_home: false
|
||||||
|
when:
|
||||||
|
- dnsmasq_user_group is defined
|
||||||
|
- dnsmasq_user is defined
|
||||||
|
|
||||||
|
- name: ensure needed directories exists
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ dnsmasq_user }}"
|
||||||
|
group: "{{ dnsmasq_user_group }}"
|
||||||
|
loop:
|
||||||
|
- /etc/dnsmasq.d
|
||||||
|
- /etc/dnsmasq.d/blocklists
|
||||||
|
|
||||||
|
- name: clear default directories
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
loop:
|
||||||
|
- /etc/dnsmasq.d/README
|
||||||
|
|
||||||
|
- name: template logrotate config
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: logrotate.j2
|
||||||
|
dest: /etc/logrotate.d/dnsmasq
|
||||||
|
owner: root
|
||||||
|
group: root
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: include install tasks
|
||||||
|
ansible.builtin.include_tasks: install.yml
|
||||||
|
|
||||||
|
- name: include configuration tasks
|
||||||
|
ansible.builtin.include_tasks: config.yml
|
||||||
|
|
||||||
|
- name: include systemd tasks
|
||||||
|
ansible.builtin.include_tasks: services.yml
|
||||||
|
|
||||||
|
- name: include blocklist tasks
|
||||||
|
ansible.builtin.include_tasks: blocklist.yml
|
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
- name: stop systemd-resolved service
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: systemd-resolved
|
||||||
|
state: stopped
|
||||||
|
|
||||||
|
- name: mask systemd-resolved service
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: systemd-resolved
|
||||||
|
masked: true
|
||||||
|
state: stopped
|
||||||
|
|
||||||
|
- name: template /etc/resolv.conf
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: resolv.conf.j2
|
||||||
|
dest: /etc/resolv.conf
|
||||||
|
backup: true
|
||||||
|
notify: restart dnsmasq
|
19
friedhof/mgrote_dnsmasq_adblocker/tasks/blocklist.yml
Normal file
19
friedhof/mgrote_dnsmasq_adblocker/tasks/blocklist.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
- name: download blocklist(s)
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: "{{ item.url }}"
|
||||||
|
dest: "/etc/dnsmasq.d/blocklists/{{ item.name }}"
|
||||||
|
owner: "{{ dnsmasq_user }}"
|
||||||
|
group: "{{ dnsmasq_user_group }}"
|
||||||
|
loop: "{{ dnsmasq_blocklists }}"
|
||||||
|
when: item.state == "present"
|
||||||
|
notify: restart dnsmasq
|
||||||
|
register: download
|
||||||
|
|
||||||
|
- name: remove blocklist(s)
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/etc/dnsmasq.d/blocklists/{{ item.name }}"
|
||||||
|
state: absent
|
||||||
|
loop: "{{ dnsmasq_blocklists }}"
|
||||||
|
when: item.state == "absent"
|
||||||
|
notify: restart dnsmasq
|
9
friedhof/mgrote_dnsmasq_adblocker/tasks/config.yml
Normal file
9
friedhof/mgrote_dnsmasq_adblocker/tasks/config.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: template /etc/dnsmasq.conf
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: dnsmasq.conf.j2
|
||||||
|
dest: /etc/dnsmasq.conf
|
||||||
|
owner: "{{ dnsmasq_user }}"
|
||||||
|
group: "{{ dnsmasq_user_group }}"
|
||||||
|
notify: restart dnsmasq
|
62
friedhof/mgrote_dnsmasq_adblocker/tasks/install.yml
Normal file
62
friedhof/mgrote_dnsmasq_adblocker/tasks/install.yml
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
- name: ensure packages are installed
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- dnsmasq
|
||||||
|
- wget
|
||||||
|
state: present
|
||||||
|
register: install
|
||||||
|
|
||||||
|
- name: stop dnsmasq (to prevent accidental DHCP-Server after installation)
|
||||||
|
become: true
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: dnsmasq
|
||||||
|
state: stopped
|
||||||
|
when: install.changed
|
||||||
|
|
||||||
|
- name: ensure group exists
|
||||||
|
become: true
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: "{{ dnsmasq_user_group }}"
|
||||||
|
state: present
|
||||||
|
when:
|
||||||
|
- dnsmasq_user_group is defined
|
||||||
|
|
||||||
|
- name: ensure user exists
|
||||||
|
become: true
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ dnsmasq_user }}"
|
||||||
|
group: "{{ dnsmasq_user_group }}"
|
||||||
|
ansible.builtin.shell: /usr/sbin/nologin
|
||||||
|
create_home: false
|
||||||
|
when:
|
||||||
|
- dnsmasq_user_group is defined
|
||||||
|
- dnsmasq_user is defined
|
||||||
|
|
||||||
|
- name: ensure needed directories exists
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ dnsmasq_user }}"
|
||||||
|
group: "{{ dnsmasq_user_group }}"
|
||||||
|
loop:
|
||||||
|
- /etc/dnsmasq.d
|
||||||
|
- /etc/dnsmasq.d/blocklists
|
||||||
|
|
||||||
|
- name: clear default directories
|
||||||
|
become: true
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
loop:
|
||||||
|
- /etc/dnsmasq.d/README
|
||||||
|
|
||||||
|
- name: template logrotate config
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: logrotate.j2
|
||||||
|
dest: /etc/logrotate.d/dnsmasq
|
||||||
|
owner: root
|
||||||
|
group: root
|
12
friedhof/mgrote_dnsmasq_adblocker/tasks/main.yml
Normal file
12
friedhof/mgrote_dnsmasq_adblocker/tasks/main.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: include install tasks
|
||||||
|
ansible.builtin.include_tasks: install.yml
|
||||||
|
|
||||||
|
- name: include configuration tasks
|
||||||
|
ansible.builtin.include_tasks: config.yml
|
||||||
|
|
||||||
|
- name: include systemd tasks
|
||||||
|
ansible.builtin.include_tasks: services.yml
|
||||||
|
|
||||||
|
- name: include blocklist tasks
|
||||||
|
ansible.builtin.include_tasks: blocklist.yml
|
18
friedhof/mgrote_dnsmasq_adblocker/tasks/services.yml
Normal file
18
friedhof/mgrote_dnsmasq_adblocker/tasks/services.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
- name: stop systemd-resolved service
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: systemd-resolved
|
||||||
|
state: stopped
|
||||||
|
|
||||||
|
- name: mask systemd-resolved service
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: systemd-resolved
|
||||||
|
masked: true
|
||||||
|
state: stopped
|
||||||
|
|
||||||
|
- name: template /etc/resolv.conf
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: resolv.conf.j2
|
||||||
|
dest: /etc/resolv.conf
|
||||||
|
backup: true
|
||||||
|
notify: restart dnsmasq
|
63
friedhof/mgrote_dnsmasq_adblocker/templates/dnsmasq.conf.j2
Normal file
63
friedhof/mgrote_dnsmasq_adblocker/templates/dnsmasq.conf.j2
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
{{ file_header | default () }}
|
||||||
|
# Listen on this specific port instead of the standard DNS port
|
||||||
|
# (53). Setting this to zero completely disables DNS function,
|
||||||
|
# leaving only DHCP and/or TFTP.
|
||||||
|
port={{ dnsmasq_port }}
|
||||||
|
|
||||||
|
# If you want dnsmasq to listen for DHCP and DNS requests only on
|
||||||
|
# specified interfaces (and the loopback) give the name of the
|
||||||
|
# interface (eg eth0) here.
|
||||||
|
# Repeat the line for more than one interface.
|
||||||
|
interface={{ ansible_default_ipv4.interface }}
|
||||||
|
|
||||||
|
# If you want dnsmasq to provide only DNS service on an interface,
|
||||||
|
# configure it as shown above, and then use the following line to
|
||||||
|
# disable DHCP and TFTP on it.
|
||||||
|
no-dhcp-interface={{ ansible_default_ipv4.interface }}
|
||||||
|
|
||||||
|
# Set the cachesize here.
|
||||||
|
cache-size={{ dnsmasq_cache_size }}
|
||||||
|
|
||||||
|
log-facility={{ dnsmasq_logfile }}
|
||||||
|
|
||||||
|
# Never forward plain names (without a dot or domain part)
|
||||||
|
domain-needed
|
||||||
|
|
||||||
|
# Never forward addresses in the non-routed address spaces.
|
||||||
|
bogus-priv
|
||||||
|
|
||||||
|
# If you don't want dnsmasq to read /etc/hosts, uncomment the
|
||||||
|
# following line.
|
||||||
|
no-hosts
|
||||||
|
|
||||||
|
# Add local-only domains here, queries in these domains are answered
|
||||||
|
# from /etc/hosts or DHCP only.
|
||||||
|
local=/{{ dnsmasq_never_forward_domain }}/
|
||||||
|
|
||||||
|
# RFC 6761: Caching DNS servers SHOULD recognize
|
||||||
|
# test, localhost, invalid
|
||||||
|
# names as special and SHOULD NOT attempt to look up NS records for them, or
|
||||||
|
# otherwise query authoritative DNS servers in an attempt to resolve these
|
||||||
|
# names.
|
||||||
|
server=/test/
|
||||||
|
server=/localhost/
|
||||||
|
server=/invalid/
|
||||||
|
|
||||||
|
# OpenWRT furthermore blocks bind, local, onion domains
|
||||||
|
# see https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob_plain;f=package/network/services/dnsmasq/files/rfc6761.conf;hb=HEAD
|
||||||
|
# and https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
|
||||||
|
server=/bind/
|
||||||
|
server=/onion/
|
||||||
|
|
||||||
|
# If you don't want dnsmasq to read /etc/hosts, uncomment the
|
||||||
|
# following line.
|
||||||
|
#no-hosts
|
||||||
|
# or if you want it to read another file, as well as /etc/hosts, use
|
||||||
|
# this.
|
||||||
|
addn-hosts=/etc/dnsmasq.d/blocklists
|
||||||
|
|
||||||
|
{% if dnsmasq_log_queries is sameas true %}
|
||||||
|
# For debugging purposes, log each DNS query as it passes through
|
||||||
|
# dnsmasq.
|
||||||
|
log-queries
|
||||||
|
{% endif %}
|
|
@ -1,12 +1,15 @@
|
||||||
{{ file_header | default () }}
|
{{ file_header | default () }}
|
||||||
/var/log/restic.log {
|
{{ dnsmasq_logfile }} {
|
||||||
su root root
|
su root root
|
||||||
create 0640 root root
|
create 0640 root root
|
||||||
rotate 4
|
rotate 4
|
||||||
weekly
|
daily
|
||||||
compress
|
compress
|
||||||
missingok
|
missingok
|
||||||
notifempty
|
notifempty
|
||||||
dateext
|
dateext
|
||||||
dateyesterday
|
dateyesterday
|
||||||
|
postrotate
|
||||||
|
systemctl restart dnsmasq
|
||||||
|
endscript
|
||||||
}
|
}
|
|
@ -0,0 +1,4 @@
|
||||||
|
{{ file_header | default () }}
|
||||||
|
{% for item in dnsmasq_resolver %}
|
||||||
|
nameserver {{ item }}
|
||||||
|
{% endfor %}
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- name: set dir - "{{ item.name }}"
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
project_dir: "{{ docker_compose_base_dir }}/{{ item.dir_name | default (item.name) }}"
|
||||||
|
when:
|
||||||
|
- docker_compose_base_dir is defined
|
||||||
|
- docker_compose_projects is defined
|
||||||
|
|
||||||
|
- name: check if dir exists
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "{{ project_dir }}"
|
||||||
|
register: dir
|
||||||
|
|
||||||
|
- name: stop container - "{{ item.name }}"
|
||||||
|
ansible.builtin.shell: docker-compose down
|
||||||
|
args:
|
||||||
|
chdir: "{{ project_dir }}"
|
||||||
|
when: dir.stat.exists
|
||||||
|
|
||||||
|
- name: remove repository - "{{ item.name }}"
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: absent
|
||||||
|
dest: "{{ project_dir }}"
|
||||||
|
when: dir.stat.exists
|
|
@ -0,0 +1,64 @@
|
||||||
|
---
|
||||||
|
- name: set username and passwort - "{{ item.name }}"
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
login: "{{ item.repository_user }}:{{ item.repository_user_password }}@"
|
||||||
|
when:
|
||||||
|
- item.repository_user is defined
|
||||||
|
- item.repository_user_password is defined
|
||||||
|
|
||||||
|
- name: set dir - "{{ item.name }}"
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
project_dir: "{{ docker_compose_base_dir }}/{{ item.dir_name | default (item.name) }}"
|
||||||
|
when:
|
||||||
|
- docker_compose_base_dir is defined
|
||||||
|
- docker_compose_projects is defined
|
||||||
|
|
||||||
|
- name: check if repo exists - "{{ item.name }}" (wenn der Task >30s dauert sind die Login-Daten falsch)
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "{{ project_dir }}"
|
||||||
|
register: repo_exists
|
||||||
|
|
||||||
|
- name: set safe directory
|
||||||
|
become: true
|
||||||
|
ansible.builtin.shell:
|
||||||
|
cmd: git config --global --add safe.directory "{{ project_dir }}"
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: stash changes - "{{ item.name }}"
|
||||||
|
ansible.builtin.shell: git stash
|
||||||
|
args:
|
||||||
|
chdir: "{{ project_dir }}"
|
||||||
|
changed_when: false
|
||||||
|
when: repo_exists.stat.exists
|
||||||
|
|
||||||
|
- name: clone repository - "{{ item.name }}"
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: "https://{{ login | default () }}{{ item.repository_url }}"
|
||||||
|
dest: "{{ project_dir }}"
|
||||||
|
version: "{{ item.git_branch | default ('master') }}"
|
||||||
|
register: repo
|
||||||
|
|
||||||
|
- name: set owner recursive for repo
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ project_dir }}"
|
||||||
|
owner: "{{ item.os_username }}"
|
||||||
|
group: "{{ item.os_username }}"
|
||||||
|
recurse: true
|
||||||
|
when: repo is changed
|
||||||
|
|
||||||
|
- name: create networks - "{{ item.name }}"
|
||||||
|
ansible.builtin.shell: "docker network create {{ item.network_name }}" # erstelle network
|
||||||
|
when: "item.network_name is defined" # wenn network_name definiert ist
|
||||||
|
register: network_result # speichere ergebnis in var
|
||||||
|
changed_when: "network_result.rc == 0" # markiere tasks als changed when exit-code == 0
|
||||||
|
ignore_errors: true # ignoriere fehler
|
||||||
|
|
||||||
|
- name: (re)start container - "{{ item.name }}"
|
||||||
|
ansible.builtin.shell: docker-compose down && docker-compose up -d
|
||||||
|
args:
|
||||||
|
chdir: "{{ project_dir }}"
|
||||||
|
when: repo.changed
|
||||||
|
|
||||||
|
- name: unset username and passwort - "{{ item.name }}"
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
login: ""
|
16
friedhof/mgrote_docker_compose_deploy/tasks/main.yml
Normal file
16
friedhof/mgrote_docker_compose_deploy/tasks/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
- name: loop docker tasks - up
|
||||||
|
ansible.builtin.include_tasks: dockercompose-up.yml
|
||||||
|
loop: "{{ docker_compose_projects }}"
|
||||||
|
when:
|
||||||
|
- item.state == "present"
|
||||||
|
- docker_compose_projects is defined
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
- name: loop docker tasks - down
|
||||||
|
ansible.builtin.include_tasks: dockercompose-down.yml
|
||||||
|
loop: "{{ docker_compose_projects }}"
|
||||||
|
when:
|
||||||
|
- item.state == "absent"
|
||||||
|
- docker_compose_projects is defined
|
||||||
|
no_log: true
|
15
friedhof/mgrote_i3/mgrote.i3/tasks/main.yml
Normal file
15
friedhof/mgrote_i3/mgrote.i3/tasks/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: install packages
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- i3
|
||||||
|
- i3lock
|
||||||
|
- arandr
|
||||||
|
- x11-xserver-utils # xrandr
|
||||||
|
- feh # wallpaper
|
||||||
|
- rofi
|
||||||
|
- xautolock #bildschirmsperre nach x min
|
||||||
|
- flameshot #screenshots
|
||||||
|
- dunst #notification daemon
|
||||||
|
state: present
|
4
friedhof/mgrote_i3/readme.md
Normal file
4
friedhof/mgrote_i3/readme.md
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
## mgrote.vim
|
||||||
|
|
||||||
|
### Beschreibung
|
||||||
|
installiert i3 + tools.
|
15
friedhof/mgrote_i3/tasks/main.yml
Normal file
15
friedhof/mgrote_i3/tasks/main.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: install packages
|
||||||
|
become: true
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- i3
|
||||||
|
- i3lock
|
||||||
|
- arandr
|
||||||
|
- x11-xserver-utils # xrandr
|
||||||
|
- feh # wallpaper
|
||||||
|
- rofi
|
||||||
|
- xautolock #bildschirmsperre nach x min
|
||||||
|
- flameshot #screenshots
|
||||||
|
- dunst #notification daemon
|
||||||
|
state: present
|
20
friedhof/mgrote_minio/defaults/main.yml
Normal file
20
friedhof/mgrote_minio/defaults/main.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
minio_download_url: https://dl.min.io/server/minio/release/linux-amd64/minio # downloadlink
|
||||||
|
|
||||||
|
minio_bin_path: /usr/local/bin # where to put the binary
|
||||||
|
minio_volumes_base_dir: /usr/local/share/minio/ # where to store the buckets
|
||||||
|
minio_config_dir: /etc/minio # where to store the config
|
||||||
|
|
||||||
|
minio_fqdn: minio-test.grote.lan
|
||||||
|
minio_port: 9000 # s3 port
|
||||||
|
minio_console_port: 34081 # mgmt-gui port
|
||||||
|
|
||||||
|
minio_root_user: minio # default web user
|
||||||
|
minio_root_password: miniostorage # defaut pass
|
||||||
|
|
||||||
|
minio_user: minio-user # linux user
|
||||||
|
minio_group: minio-user # linux group
|
||||||
|
|
||||||
|
minio_server_url: "" # see https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
|
||||||
|
|
||||||
|
minio_browser_redirect_url: "" # see https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
|
6
friedhof/mgrote_minio/handlers/main.yml
Normal file
6
friedhof/mgrote_minio/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: (re)start service
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: minio
|
||||||
|
state: restarted
|
12
friedhof/mgrote_minio/mgrote.minio/README.md
Normal file
12
friedhof/mgrote_minio/mgrote.minio/README.md
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
## mgrote.minio
|
||||||
|
|
||||||
|
### Beschreibung
|
||||||
|
Installiert einen Single-Minio-Server.
|
||||||
|
|
||||||
|
### getestet auf
|
||||||
|
- [X] Ubuntu (>=20.04)
|
||||||
|
- [ ] Debian
|
||||||
|
- [ ] ProxMox 6.1
|
||||||
|
|
||||||
|
### Variablen + Defaults
|
||||||
|
see [defaults](./defaults/main.yml)
|
20
friedhof/mgrote_minio/mgrote.minio/defaults/main.yml
Normal file
20
friedhof/mgrote_minio/mgrote.minio/defaults/main.yml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
minio_download_url: https://dl.min.io/server/minio/release/linux-amd64/minio # downloadlink
|
||||||
|
|
||||||
|
minio_bin_path: /usr/local/bin # where to put the binary
|
||||||
|
minio_volumes_base_dir: /usr/local/share/minio/ # where to store the buckets
|
||||||
|
minio_config_dir: /etc/minio # where to store the config
|
||||||
|
|
||||||
|
minio_fqdn: minio-test.grote.lan
|
||||||
|
minio_port: 9000 # s3 port
|
||||||
|
minio_console_port: 34081 # mgmt-gui port
|
||||||
|
|
||||||
|
minio_root_user: minio # default web user
|
||||||
|
minio_root_password: miniostorage # defaut pass
|
||||||
|
|
||||||
|
minio_user: minio-user # linux user
|
||||||
|
minio_group: minio-user # linux group
|
||||||
|
|
||||||
|
minio_server_url: "" # see https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
|
||||||
|
|
||||||
|
minio_browser_redirect_url: "" # see https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
|
6
friedhof/mgrote_minio/mgrote.minio/handlers/main.yml
Normal file
6
friedhof/mgrote_minio/mgrote.minio/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: (re)start service
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: minio
|
||||||
|
state: restarted
|
62
friedhof/mgrote_minio/mgrote.minio/tasks/main.yml
Normal file
62
friedhof/mgrote_minio/mgrote.minio/tasks/main.yml
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
- name: ensure group exists
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: "{{ minio_group }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: ensure user exists
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_group }}"
|
||||||
|
ansible.builtin.shell: /sbin/nologin
|
||||||
|
state: present
|
||||||
|
create_home: false
|
||||||
|
|
||||||
|
- name: ensure needed directories are present
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_user }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ minio_volumes_base_dir }}"
|
||||||
|
- "{{ minio_config_dir }}"
|
||||||
|
|
||||||
|
- name: download binary
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: "{{ minio_download_url }}"
|
||||||
|
dest: "{{ minio_bin_path }}/minio"
|
||||||
|
mode: "0744"
|
||||||
|
owner: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_user }}"
|
||||||
|
|
||||||
|
- name: template default config
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "default.j2"
|
||||||
|
dest: "/etc/default/minio"
|
||||||
|
owner: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_user }}"
|
||||||
|
notify: (re)start service
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
- name: template systemd-unit
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "minio.service.j2"
|
||||||
|
dest: "/etc/systemd/system/minio.service"
|
||||||
|
mode: a+x
|
||||||
|
owner: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_user }}"
|
||||||
|
notify: (re)start service
|
||||||
|
|
||||||
|
- name: systemd daemon reload
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
|
- name: enable systemd service
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: minio
|
||||||
|
enabled: true
|
62
friedhof/mgrote_minio/tasks/main.yml
Normal file
62
friedhof/mgrote_minio/tasks/main.yml
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
---
|
||||||
|
- name: ensure group exists
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: "{{ minio_group }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: ensure user exists
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_group }}"
|
||||||
|
ansible.builtin.shell: /sbin/nologin
|
||||||
|
state: present
|
||||||
|
create_home: false
|
||||||
|
|
||||||
|
- name: ensure needed directories are present
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_user }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ minio_volumes_base_dir }}"
|
||||||
|
- "{{ minio_config_dir }}"
|
||||||
|
|
||||||
|
- name: download binary
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: "{{ minio_download_url }}"
|
||||||
|
dest: "{{ minio_bin_path }}/minio"
|
||||||
|
mode: "0744"
|
||||||
|
owner: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_user }}"
|
||||||
|
|
||||||
|
- name: template default config
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "default.j2"
|
||||||
|
dest: "/etc/default/minio"
|
||||||
|
owner: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_user }}"
|
||||||
|
notify: (re)start service
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
- name: template systemd-unit
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "minio.service.j2"
|
||||||
|
dest: "/etc/systemd/system/minio.service"
|
||||||
|
mode: a+x
|
||||||
|
owner: "{{ minio_user }}"
|
||||||
|
group: "{{ minio_user }}"
|
||||||
|
notify: (re)start service
|
||||||
|
|
||||||
|
- name: systemd daemon reload
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
|
||||||
|
- name: enable systemd service
|
||||||
|
become: true
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: minio
|
||||||
|
enabled: true
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue