mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

rollen "ausgeschrieben"

Browse source
This commit is contained in:
Michael Grote 2021-02-13 14:20:18 +01:00
parent 0129577394
commit 952565d8e7
206 changed files with 7850 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
roles/geerlingguy.ansible

@ -1 +0,0 @@
Subproject commit adf22d8c735670a8323f118de6bc37ba6b67f86e

2
roles/geerlingguy.ansible/.ansible-lint Normal file
View file

@ -0,0 +1,2 @@
skip_list:
- '106'

4
roles/geerlingguy.ansible/.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

56
roles/geerlingguy.ansible/.github/stale.yml vendored Normal file
View file

@ -0,0 +1,56 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

79
roles/geerlingguy.ansible/.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,79 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "30 5 * * 0"
defaults:
run:
working-directory: 'geerlingguy.ansible'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.ansible'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint ansible-lint
- name: Lint code.
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
include:
- distro: centos8
playbook: converge.yml
- distro: fedora32
playbook: converge.yml
# See: https://github.com/geerlingguy/ansible-role-ansible/issues/18
# - distro: ubuntu2004
# playbook: converge.yml
- distro: ubuntu1804
playbook: converge.yml
- distro: debian10
playbook: converge.yml
- distro: centos8
playbook: pip.yml
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.ansible'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}
MOLECULE_PLAYBOOK: ${{ matrix.playbook }}

38
roles/geerlingguy.ansible/.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,38 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.ansible'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.ansible'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-base
- name: Trigger a new import on Galaxy.
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

3
roles/geerlingguy.ansible/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

10
roles/geerlingguy.ansible/.yamllint Normal file
View file

@ -0,0 +1,10 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/stale.yml

20
roles/geerlingguy.ansible/LICENSE Normal file
View file

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

51
roles/geerlingguy.ansible/README.md Normal file
View file

@ -0,0 +1,51 @@
# Ansible Role: Ansible
[![CI](https://github.com/geerlingguy/ansible-role-ansible/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-ansible/actions?query=workflow%3ACI)
An Ansible Role that installs Ansible on Linux servers.
## Requirements
If using on a RedHat/CentOS-based host, make sure you've added the EPEL repository (it can easily be installed by including the `geerlingguy.repo-epel` role on Ansible Galaxy).
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
ansible_install_method: package
Whether to install Ansible via the system `package` manager (`apt`, `yum`, `dnf`, etc.), or via `pip`. If set to `pip`, you need to make sure Pip is installed prior to running this role. You can use the `geerlingguy.pip` module to install Pip easily.
ansible_install_version_pip: ''
If `ansible_install_method` is set to `pip`, the specific Ansible version to be installed via Pip. If not set, the latest version of Ansible will be installed.
## Dependencies
None.
## Example Playbook
Install from the system package manager:
- hosts: servers
roles:
- role: geerlingguy.ansible
Install from pip:
- hosts: servers
vars:
ansible_install_method: pip
ansible_install_version_pip: "2.7.0"
roles:
- role: geerlingguy.pip
- role: geerlingguy.ansible
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

8
roles/geerlingguy.ansible/defaults/main.yml Normal file
View file

@ -0,0 +1,8 @@
---
ansible_default_release: ""
# Valid options include: 'package' or 'pip'.
ansible_install_method: package
# Used only if ansible_install_method is 'pip'. If empty, defaults to latest.
ansible_install_version_pip: ''

29
roles/geerlingguy.ansible/meta/main.yml Normal file
View file

@ -0,0 +1,29 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Ansible for RedHat/CentOS/Debian/Ubuntu.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- all
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- system
- packaging
- development
- cloud
- ansible
- automation

12
roles/geerlingguy.ansible/molecule/default/converge.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=300
when: ansible_os_family == 'Debian'
roles:
- role: geerlingguy.ansible

17
roles/geerlingguy.ansible/molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,17 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

12
roles/geerlingguy.ansible/molecule/default/pip.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Converge
hosts: all
become: true
vars:
ansible_install_method: pip
ansible_install_version_pip: "2.6.2"
roles:
- role: geerlingguy.pip
- role: geerlingguy.ansible

2
roles/geerlingguy.ansible/molecule/default/requirements.yml Normal file
View file

@ -0,0 +1,2 @@
---
- role: geerlingguy.pip

34
roles/geerlingguy.ansible/tasks/main.yml Normal file
View file

@ -0,0 +1,34 @@
---
- name: Set the package state based on how Ansible is installed.
set_fact:
ansible_package_state: "{{ 'present' if ansible_install_method == 'package' else 'absent' }}"
# Setup/install tasks.
- name: Set up Ansible on RedHat.
include_tasks: setup-RedHat.yml
when:
- ansible_os_family == 'RedHat'
- ansible_distribution != 'Fedora'
- ansible_install_method == 'package'
- name: Set up Ansible on Fedora.
include_tasks: setup-Fedora.yml
when:
- ansible_distribution == 'Fedora'
- ansible_install_method == 'package'
- name: Set up Ansible on Ubuntu.
include_tasks: setup-Ubuntu.yml
when:
- ansible_distribution == 'Ubuntu'
- ansible_install_method == 'package'
- name: Set up Ansible on Debian.
include_tasks: setup-Debian.yml
when:
- ansible_distribution == 'Debian'
- ansible_install_method == 'package'
- name: Set up Ansible using Pip.
include_tasks: setup-pip.yml
when: ansible_install_method == 'pip'

21
roles/geerlingguy.ansible/tasks/setup-Debian.yml Normal file
View file

@ -0,0 +1,21 @@
---
- name: Enable Backports repository.
apt_repository:
repo: >-
deb http://ftp.debian.org/debian
{{ ansible_distribution_release }}-backports main'
state: present
filename: "{{ ansible_distribution_release }}_backports"
update_cache: true
when: ansible_distribution_version | int < 9
- name: Set the default_release option for older Debian versions.
set_fact:
ansible_default_release: "{{ ansible_distribution_release }}-backports"
when: ansible_distribution_version | int < 9
- name: Install Ansible.
apt:
name: ansible
state: "{{ ansible_package_state }}"
default_release: "{{ ansible_default_release }}"

5
roles/geerlingguy.ansible/tasks/setup-Fedora.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: Install Ansible.
package:
name: ansible
state: "{{ ansible_package_state }}"

6
roles/geerlingguy.ansible/tasks/setup-RedHat.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Install Ansible.
package:
name: ansible
state: "{{ ansible_package_state }}"
enablerepo: epel

15
roles/geerlingguy.ansible/tasks/setup-Ubuntu.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Ensure dirmngr is installed (gnupg dependency).
apt:
name: dirmngr
state: present
- name: Add ansible repository.
apt_repository:
repo: 'ppa:ansible/ansible'
update_cache: true
- name: Install Ansible.
apt:
name: ansible
state: "{{ ansible_package_state }}"

5
roles/geerlingguy.ansible/tasks/setup-pip.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: Install Ansible via Pip.
pip:
name: ansible
version: "{{ ansible_install_version_pip | default(omit) }}"

1
roles/geerlingguy.docker

@ -1 +0,0 @@
Subproject commit c254e08049d9792c2b532d8df0e44d4700be2aa7

3
roles/geerlingguy.docker/.ansible-lint Normal file
View file

@ -0,0 +1,3 @@
skip_list:
- '306'
- '106'

4
roles/geerlingguy.docker/.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

56
roles/geerlingguy.docker/.github/stale.yml vendored Normal file
View file

@ -0,0 +1,56 @@
# Configuration for probot-stale - https://github.com/probot/stale
---
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

72
roles/geerlingguy.docker/.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,72 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 7 * * 0"
defaults:
run:
working-directory: 'geerlingguy.docker'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint ansible-lint
- name: Lint code.
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- centos8
- centos7
- ubuntu2004
- ubuntu1804
- debian10
- debian9
- fedora33
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

38
roles/geerlingguy.docker/.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,38 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.docker'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-base
- name: Trigger a new import on Galaxy.
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

3
roles/geerlingguy.docker/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

11
roles/geerlingguy.docker/.yamllint Normal file
View file

@ -0,0 +1,11 @@
---
extends: default
rules:
line-length:
max: 200
level: warning
ignore: |
.github/stale.yml
.travis.yml

20
roles/geerlingguy.docker/LICENSE Normal file
View file

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

97
roles/geerlingguy.docker/README.md Normal file
View file

@ -0,0 +1,97 @@
# Ansible Role: Docker
[![CI](https://github.com/geerlingguy/ansible-role-docker/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-docker/actions?query=workflow%3ACI)
An Ansible Role that installs [Docker](https://www.docker.com) on Linux.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_package: "docker-{{ docker_edition }}"
docker_package_state: present
The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: Red Hat/CentOS: `docker-{{ docker_edition }}-<VERSION>`; Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>`.
You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted
Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set these to `stopped` and set the enabled variable to `no`.
docker_install_compose: true
docker_compose_version: "1.26.0"
docker_compose_path: /usr/local/bin/docker-compose
Docker Compose installation options.
docker_apt_release_channel: stable
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_ignore_key_error: True
docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
Usually in combination with changing `docker_apt_repository` as well.
docker_yum_repo_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
Usually in combination with changing `docker_yum_repository` as well.
docker_users:
- user1
- user2
A list of system users to be added to the `docker` group (so they can use Docker on the server).
## Use with Ansible (and `docker` Python library)
Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role:
```yaml
- hosts: all
vars:
pip_install_packages:
- name: docker
roles:
- geerlingguy.pip
- geerlingguy.docker
```
## Dependencies
None.
## Example Playbook
```yaml
- hosts: all
roles:
- geerlingguy.docker
```
## License
MIT / BSD
## Author Information
This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

31
roles/geerlingguy.docker/defaults/main.yml Normal file
View file

@ -0,0 +1,31 @@
---
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_package: "docker-{{ docker_edition }}"
docker_package_state: present
# Service options.
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted
# Docker Compose options.
docker_install_compose: true
docker_compose_version: "1.26.0"
docker_compose_path: /usr/local/bin/docker-compose
# Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed.
docker_apt_release_channel: stable
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_ignore_key_error: true
docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
# Used only for RedHat/CentOS/Fedora.
docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
# A list of users who will be added to the docker group.
docker_users: []

3
roles/geerlingguy.docker/handlers/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
- name: restart docker
service: "name=docker state={{ docker_restart_handler_state }}"

35
roles/geerlingguy.docker/meta/main.yml Normal file
View file

@ -0,0 +1,35 @@
---
dependencies: []
galaxy_info:
role_name: docker
author: geerlingguy
description: Docker for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 7
- 8
- name: Fedora
versions:
- all
- name: Debian
versions:
- stretch
- buster
- name: Ubuntu
versions:
- xenial
- bionic
- focal
galaxy_tags:
- web
- system
- containers
- docker
- orchestration
- compose
- server

24
roles/geerlingguy.docker/molecule/default/converge.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
- name: Wait for systemd to complete initialization. # noqa 303
command: systemctl is-system-running
register: systemctl_status
until: >
'running' in systemctl_status.stdout or
'degraded' in systemctl_status.stdout
retries: 30
delay: 5
when: ansible_service_mgr == 'systemd'
changed_when: false
failed_when: systemctl_status.rc > 1
roles:
- role: geerlingguy.docker

17
roles/geerlingguy.docker/molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,17 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

20
roles/geerlingguy.docker/tasks/docker-compose.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: Check current docker-compose version.
command: docker-compose --version
register: docker_compose_current_version
changed_when: false
failed_when: false
- name: Delete existing docker-compose version if it's different.
file:
path: "{{ docker_compose_path }}"
state: absent
when: >
docker_compose_current_version.stdout is defined
and docker_compose_version not in docker_compose_current_version.stdout
- name: Install Docker Compose (if configured).
get_url:
url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64
dest: "{{ docker_compose_path }}"
mode: 0755

7
roles/geerlingguy.docker/tasks/docker-users.yml Normal file
View file

@ -0,0 +1,7 @@
---
- name: Ensure docker users are added to the docker group.
user:
name: "{{ item }}"
groups: docker
append: true
with_items: "{{ docker_users }}"

27
roles/geerlingguy.docker/tasks/main.yml Normal file
View file

@ -0,0 +1,27 @@
---
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
- name: Install Docker.
package:
name: "{{ docker_package }}"
state: "{{ docker_package_state }}"
notify: restart docker
- name: Ensure Docker is started and enabled at boot.
service:
name: docker
state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}"
- name: Ensure handlers are notified now to avoid firewall conflicts.
meta: flush_handlers
- include_tasks: docker-compose.yml
when: docker_install_compose | bool
- include_tasks: docker-users.yml
when: docker_users | length > 0

40
roles/geerlingguy.docker/tasks/setup-Debian.yml Normal file
View file

@ -0,0 +1,40 @@
---
- name: Ensure old versions of Docker are not installed.
package:
name:
- docker
- docker-engine
state: absent
- name: Ensure dependencies are installed.
apt:
name:
- apt-transport-https
- ca-certificates
- gnupg2
state: present
- name: Add Docker apt key.
apt_key:
url: "{{ docker_apt_gpg_key }}"
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present
register: add_repository_key
ignore_errors: "{{ docker_apt_ignore_key_error }}"
- name: Ensure curl is present (on older systems without SNI).
package: name=curl state=present
when: add_repository_key is failed
- name: Add Docker apt key (alternative for older systems without SNI).
shell: >
curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add -
args:
warn: false
when: add_repository_key is failed
- name: Add Docker repository.
apt_repository:
repo: "{{ docker_apt_repository }}"
state: present
update_cache: true

50
roles/geerlingguy.docker/tasks/setup-RedHat.yml Normal file
View file

@ -0,0 +1,50 @@
---
- name: Ensure old versions of Docker are not installed.
package:
name:
- docker
- docker-common
- docker-engine
state: absent
- name: Add Docker GPG key.
rpm_key:
key: "{{ docker_yum_gpg_key }}"
state: present
- name: Add Docker repository.
get_url:
url: "{{ docker_yum_repo_url }}"
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
owner: root
group: root
mode: 0644
- name: Configure Docker Nightly repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-nightly'
option: enabled
value: '{{ docker_yum_repo_enable_nightly }}'
mode: 0644
- name: Configure Docker Test repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-test'
option: enabled
value: '{{ docker_yum_repo_enable_test }}'
mode: 0644
- name: Configure containerd on RHEL 8.
block:
- name: Ensure container-selinux is installed.
package:
name: container-selinux
state: present
- name: Ensure containerd.io is installed.
package:
name: containerd.io
state: present
when: ansible_distribution_major_version | int == 8

1
roles/geerlingguy.dotfiles

@ -1 +0,0 @@
Subproject commit 27b50c17dc1f10e6b05c192dfa84a0785f6cc7d6

2
roles/geerlingguy.dotfiles/.ansible-lint Normal file
View file

@ -0,0 +1,2 @@
skip_list:
- '106'

4
roles/geerlingguy.dotfiles/.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

56
roles/geerlingguy.dotfiles/.github/stale.yml vendored Normal file
View file

@ -0,0 +1,56 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

67
roles/geerlingguy.dotfiles/.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,67 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 5 * * 1"
defaults:
run:
working-directory: 'geerlingguy.dotfiles'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.dotfiles'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint ansible-lint
- name: Lint code.
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- centos7
- ubuntu1804
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.dotfiles'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

38
roles/geerlingguy.dotfiles/.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,38 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.dotfiles'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.dotfiles'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-base
- name: Trigger a new import on Galaxy.
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

3
roles/geerlingguy.dotfiles/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

11
roles/geerlingguy.dotfiles/.yamllint Normal file
View file

@ -0,0 +1,11 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/stale.yml
.travis.yml

20
roles/geerlingguy.dotfiles/LICENSE Normal file
View file

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

56
roles/geerlingguy.dotfiles/README.md Normal file
View file

@ -0,0 +1,56 @@
# Ansible Role: Dotfiles
[![CI](https://github.com/geerlingguy/ansible-role-dotfiles/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-dotfiles/actions?query=workflow%3ACI)
Installs a set of dotfiles from a given Git repository. By default, it will install my (geerlingguy's) [dotfiles](https://github.com/geerlingguy/dotfiles), but you can use any set of dotfiles you'd like, as long as they follow a conventional format.
## Requirements
Requires `git` on the managed machine (you can easily install it with `geerlingguy.git` if required).
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
dotfiles_repo: "https://github.com/geerlingguy/dotfiles.git"
dotfiles_repo_version: master
The git repository and branch/tag/commit hash to use for retrieving dotfiles. Dotfiles should generally be laid out within the root directory of the repository.
dotfiles_repo_accept_hostkey: false
Add the hostkey for the repo url if not already added. If ssh_opts contains "-o StrictHostKeyChecking=no", this parameter is ignored.
dotfiles_repo_local_destination: "~/Documents/dotfiles"
The local path where the `dotfiles_repo` will be cloned.
dotfiles_home: "~"
The home directory where dotfiles will be linked. Generally, the default should work, but in some circumstances, or when running the role as sudo on behalf of another user, you may want to specify the full path.
dotfiles_files:
- .zshrc
- .gitignore
- .inputrc
- .vimrc
Which files from the dotfiles repository should be linked to the `dotfiles_home`.
## Dependencies
None
## Example Playbook
- hosts: localhost
roles:
- { role: geerlingguy.dotfiles }
## License
MIT / BSD
## Author Information
This role was created in 2015 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

12
roles/geerlingguy.dotfiles/defaults/main.yml Normal file
View file

@ -0,0 +1,12 @@
---
dotfiles_repo: "https://github.com/geerlingguy/dotfiles.git"
dotfiles_repo_version: master
dotfiles_repo_accept_hostkey: false
dotfiles_repo_local_destination: "~/Documents/dotfiles"
dotfiles_home: "~"
dotfiles_files:
- .zshrc
- .gitignore
- .inputrc
- .vimrc

28
roles/geerlingguy.dotfiles/meta/main.yml Normal file
View file

@ -0,0 +1,28 @@
---
dependencies: []
galaxy_info:
role_name: dotfiles
author: geerlingguy
description: Dotfile installation for UNIX/Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.2
platforms:
- name: GenericUNIX
versions:
- all
- any
- name: GenericBSD
versions:
- all
- any
- name: GenericLinux
versions:
- all
- any
galaxy_tags:
- development
- system
- dotfiles
- configuration

13
roles/geerlingguy.dotfiles/molecule/default/converge.yml Normal file
View file

@ -0,0 +1,13 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
roles:
- role: geerlingguy.git
- role: geerlingguy.dotfiles

17
roles/geerlingguy.dotfiles/molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,17 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

2
roles/geerlingguy.dotfiles/molecule/default/requirements.yml Normal file
View file

@ -0,0 +1,2 @@
---
- src: geerlingguy.git

32
roles/geerlingguy.dotfiles/tasks/main.yml Normal file
View file

@ -0,0 +1,32 @@
---
- name: Ensure dotfiles repository is cloned locally.
git:
repo: "{{ dotfiles_repo }}"
dest: "{{ dotfiles_repo_local_destination }}"
version: "{{ dotfiles_repo_version }}"
accept_hostkey: "{{ dotfiles_repo_accept_hostkey }}"
# become: false
- name: Ensure all configured dotfiles are links.
command: "ls -F {{ dotfiles_home }}/{{ item }}"
register: existing_dotfile_info
failed_when: false
check_mode: false
changed_when: false
with_items: "{{ dotfiles_files }}"
- name: Remove existing dotfiles file if a replacement is being linked.
file:
path: "{{ dotfiles_home }}/{{ dotfiles_files[item.0] }}"
state: absent
when: "'@' not in item.1.stdout"
with_indexed_items: "{{ existing_dotfile_info.results }}"
- name: Link dotfiles into home folder.
file:
src: "{{ dotfiles_repo_local_destination }}/{{ item }}"
dest: "{{ dotfiles_home }}/{{ item }}"
state: link
mode: 0644
# become: false
with_items: "{{ dotfiles_files }}"

1
roles/geerlingguy.gitlab

@ -1 +0,0 @@
Subproject commit 191ac78010c4640587c74eb8b659985644bca00e

3
roles/geerlingguy.gitlab/.ansible-lint Normal file
View file

@ -0,0 +1,3 @@
skip_list:
- '106'
- '403'

4
roles/geerlingguy.gitlab/.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

56
roles/geerlingguy.gitlab/.github/stale.yml vendored Normal file
View file

@ -0,0 +1,56 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

76
roles/geerlingguy.gitlab/.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,76 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 7 * * 1"
defaults:
run:
working-directory: 'geerlingguy.gitlab'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.gitlab'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint ansible-lint
- name: Lint code.
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
include:
- distro: centos7
playbook: converge.yml
- distro: ubuntu1804
playbook: converge.yml
- distro: debian9
playbook: converge.yml
- distro: centos7
playbook: version.yml
- distro: ubuntu1804
playbook: version.yml
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.gitlab'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}
MOLECULE_PLAYBOOK: ${{ matrix.playbook }}

38
roles/geerlingguy.gitlab/.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,38 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.gitlab'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.gitlab'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-base
- name: Trigger a new import on Galaxy.
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

3
roles/geerlingguy.gitlab/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

10
roles/geerlingguy.gitlab/.yamllint Normal file
View file

@ -0,0 +1,10 @@
---
extends: default
rules:
line-length:
max: 180
level: warning
ignore: |
.github/stale.yml

20
roles/geerlingguy.gitlab/LICENSE Normal file
View file

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

179
roles/geerlingguy.gitlab/README.md Normal file
View file

@ -0,0 +1,179 @@
# Ansible Role: GitLab
[![CI](https://github.com/geerlingguy/ansible-role-gitlab/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-gitlab/actions?query=workflow%3ACI)
Installs GitLab, a Ruby-based front-end to Git, on any RedHat/CentOS or Debian/Ubuntu linux system.
GitLab's default administrator account details are below; be sure to login immediately after installation and change these credentials!
root
5iveL!fe
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
gitlab_domain: gitlab
gitlab_external_url: "https://{{ gitlab_domain }}/"
The domain and URL at which the GitLab instance will be accessible. This is set as the `external_url` configuration setting in `gitlab.rb`, and if you want to run GitLab on a different port (besides 80/443), you can specify the port here (e.g. `https://gitlab:8443/` for port 8443).
gitlab_git_data_dir: "/var/opt/gitlab/git-data"
The `gitlab_git_data_dir` is the location where all the Git repositories will be stored. You can use a shared drive or any path on the system.
gitlab_backup_path: "/var/opt/gitlab/backups"
The `gitlab_backup_path` is the location where Gitlab backups will be stored.
gitlab_edition: "gitlab-ce"
The edition of GitLab to install. Usually either `gitlab-ce` (Community Edition) or `gitlab-ee` (Enterprise Edition).
gitlab_version: ''
If you'd like to install a specific version, set the version here (e.g. `11.4.0-ce.0` for Debian/Ubuntu, or `11.4.0-ce.0.el7` for RedHat/CentOS).
gitlab_config_template: "gitlab.rb.j2"
The `gitlab.rb.j2` template packaged with this role is meant to be very generic and serve a variety of use cases. However, many people would like to have a much more customized version, and so you can override this role's default template with your own, adding any additional customizations you need. To do this:
- Create a `templates` directory at the same level as your playbook.
- Create a `templates\mygitlab.rb.j2` file (just choose a different name from the default template).
- Set the variable like: `gitlab_config_template: mygitlab.rb.j2` (with the name of your custom template).
### SSL Configuration.
gitlab_redirect_http_to_https: "true"
gitlab_ssl_certificate: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
gitlab_ssl_certificate_key: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"
GitLab SSL configuration; tells GitLab to redirect normal http requests to https, and the path to the certificate and key (the default values will work for automatic self-signed certificate creation, if set to `true` in the variable below).
# SSL Self-signed Certificate Configuration.
gitlab_create_self_signed_cert: "true"
gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN={{ gitlab_domain }}"
Whether to create a self-signed certificate for serving GitLab over a secure connection. Set `gitlab_self_signed_cert_subj` according to your locality and organization.
# LDAP Configuration.
gitlab_ldap_enabled: "false"
gitlab_ldap_host: "example.com"
gitlab_ldap_port: "389"
gitlab_ldap_uid: "sAMAccountName"
gitlab_ldap_method: "plain"
gitlab_ldap_bind_dn: "CN=Username,CN=Users,DC=example,DC=com"
gitlab_ldap_password: "password"
gitlab_ldap_base: "DC=example,DC=com"
GitLab LDAP configuration; if `gitlab_ldap_enabled` is `true`, the rest of the configuration will tell GitLab how to connect to an LDAP server for centralized authentication.
gitlab_dependencies:
- openssh-server
- postfix
- curl
- openssl
- tzdata
Dependencies required by GitLab for certain functionality, like timezone support or email. You may change this list in your own playbook if, for example, you would like to install `exim` instead of `postfix`.
gitlab_time_zone: "UTC"
Gitlab timezone.
gitlab_backup_keep_time: "604800"
How long to keep local backups (useful if you don't want backups to fill up your drive!).
gitlab_download_validate_certs: true
Controls whether to validate certificates when downloading the GitLab installation repository install script.
# Email configuration.
gitlab_email_enabled: "false"
gitlab_email_from: "gitlab@example.com"
gitlab_email_display_name: "Gitlab"
gitlab_email_reply_to: "gitlab@example.com"
Gitlab system mail configuration. Disabled by default; set `gitlab_email_enabled` to `true` to enable, and make sure you enter valid from/reply-to values.
# SMTP Configuration
gitlab_smtp_enable: "false"
gitlab_smtp_address: "smtp.server"
gitlab_smtp_port: "465"
gitlab_smtp_user_name: "smtp user"
gitlab_smtp_password: "smtp password"
gitlab_smtp_domain: "example.com"
gitlab_smtp_authentication: "login"
gitlab_smtp_enable_starttls_auto: "true"
gitlab_smtp_tls: "false"
gitlab_smtp_openssl_verify_mode: "none"
gitlab_smtp_ca_path: "/etc/ssl/certs"
gitlab_smtp_ca_file: "/etc/ssl/certs/ca-certificates.crt"
Gitlab SMTP configuration; of `gitlab_smtp_enable` is `true`, the rest of the configuration will tell GitLab how to send mails using an smtp server.
gitlab_nginx_listen_port: 8080
If you are running GitLab behind a reverse proxy, you may want to override the listen port to something else.
gitlab_nginx_listen_https: "false"
If you are running GitLab behind a reverse proxy, you may wish to terminate SSL at another proxy server or load balancer
gitlab_nginx_ssl_verify_client: ""
gitlab_nginx_ssl_client_certificate: ""
If you want to enable [2-way SSL Client Authentication](https://docs.gitlab.com/omnibus/settings/nginx.html#enable-2-way-ssl-client-authentication), set `gitlab_nginx_ssl_verify_client` and add a path to the client certificate in `gitlab_nginx_ssl_client_certificate`.
gitlab_default_theme: 2
GitLab includes a number of themes, and you can set the default for all users with this variable. See [the included GitLab themes to choose a default](https://github.com/gitlabhq/gitlabhq/blob/master/config/gitlab.yml.example#L79-L85).
gitlab_extra_settings:
- gitlab_rails:
- key: "trusted_proxies"
value: "['foo', 'bar']"
- key: "env"
type: "plain"
value: |
{
"http_proxy" => "https://my_http_proxy.company.com:3128",
"https_proxy" => "https://my_http_proxy.company.com:3128",
"no_proxy" => "localhost, 127.0.0.1, company.com"
}
- unicorn:
- key: "worker_processes"
value: 5
- key: "pidfile"
value: "/opt/gitlab/var/unicorn/unicorn.pid"
Gitlab have many other settings ([see official documentation](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template)), and you can add them with this special variable `gitlab_extra_settings` with the concerned setting and the `key` and `value` keywords.
## Dependencies
None.
## Example Playbook
- hosts: servers
vars_files:
- vars/main.yml
roles:
- { role: geerlingguy.gitlab }
*Inside `vars/main.yml`*:
gitlab_external_url: "https://gitlab.example.com/"
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

75
roles/geerlingguy.gitlab/defaults/main.yml Normal file
View file

@ -0,0 +1,75 @@
---
# General config.
gitlab_domain: gitlab
gitlab_external_url: "https://{{ gitlab_domain }}/"
gitlab_git_data_dir: "/var/opt/gitlab/git-data"
gitlab_edition: "gitlab-ce"
gitlab_version: ''
gitlab_backup_path: "/var/opt/gitlab/backups"
gitlab_config_template: "gitlab.rb.j2"
# SSL Configuration.
gitlab_redirect_http_to_https: "true"
gitlab_ssl_certificate: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
gitlab_ssl_certificate_key: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"
# SSL Self-signed Certificate Configuration.
gitlab_create_self_signed_cert: "true"
gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN={{ gitlab_domain }}"
# LDAP Configuration.
gitlab_ldap_enabled: "false"
gitlab_ldap_host: "example.com"
gitlab_ldap_port: "389"
gitlab_ldap_uid: "sAMAccountName"
gitlab_ldap_method: "plain"
gitlab_ldap_bind_dn: "CN=Username,CN=Users,DC=example,DC=com"
gitlab_ldap_password: "password"
gitlab_ldap_base: "DC=example,DC=com"
# SMTP Configuration
gitlab_smtp_enable: "false"
gitlab_smtp_address: "smtp.server"
gitlab_smtp_port: "465"
gitlab_smtp_user_name: "smtp user"
gitlab_smtp_password: "smtp password"
gitlab_smtp_domain: "example.com"
gitlab_smtp_authentication: "login"
gitlab_smtp_enable_starttls_auto: "true"
gitlab_smtp_tls: "false"
gitlab_smtp_openssl_verify_mode: "none"
gitlab_smtp_ca_path: "/etc/ssl/certs"
gitlab_smtp_ca_file: "/etc/ssl/certs/ca-certificates.crt"
# 2-way SSL Client Authentication support.
gitlab_nginx_ssl_verify_client: ""
gitlab_nginx_ssl_client_certificate: ""
# Probably best to leave this as the default, unless doing testing.
gitlab_restart_handler_failed_when: 'gitlab_restart.rc != 0'
# Dependencies.
gitlab_dependencies:
- openssh-server
- postfix
- curl
- openssl
- tzdata
# Optional settings.
gitlab_time_zone: "UTC"
gitlab_backup_keep_time: "604800"
gitlab_download_validate_certs: true
gitlab_default_theme: '2'
# Email configuration.
gitlab_email_enabled: "false"
gitlab_email_from: "gitlab@example.com"
gitlab_email_display_name: "Gitlab"
gitlab_email_reply_to: "gitlab@example.com"
# Registry configuration.
gitlab_registry_enable: "false"
gitlab_registry_external_url: "https://gitlab.example.com:4567"
gitlab_registry_nginx_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt"
gitlab_registry_nginx_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key"

5
roles/geerlingguy.gitlab/handlers/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: restart gitlab
command: gitlab-ctl reconfigure
register: gitlab_restart
failed_when: gitlab_restart_handler_failed_when | bool

29
roles/geerlingguy.gitlab/meta/main.yml Normal file
View file

@ -0,0 +1,29 @@
---
dependencies: []
galaxy_info:
role_name: gitlab
author: geerlingguy
description: GitLab Git web interface
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.0
platforms:
- name: EL
versions:
- 7
- 8
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- development
- web
- gitlab
- git
- repository
- ci
- integration

21
roles/geerlingguy.gitlab/molecule/default/converge.yml Normal file
View file

@ -0,0 +1,21 @@
---
- name: Converge
hosts: all
become: true
vars:
gitlab_restart_handler_failed_when: false
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Remove the .dockerenv file so GitLab Omnibus doesn't get confused.
file:
path: /.dockerenv
state: absent
roles:
- role: geerlingguy.gitlab

17
roles/geerlingguy.gitlab/molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,17 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

31
roles/geerlingguy.gitlab/molecule/default/version.yml Normal file
View file

@ -0,0 +1,31 @@
---
- name: Converge
hosts: all
become: true
vars:
gitlab_restart_handler_failed_when: false
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Remove the .dockerenv file so GitLab Omnibus doesn't get confused.
file:
path: /.dockerenv
state: absent
- name: Set the test GitLab version number for Debian.
set_fact:
gitlab_version: '11.4.0-ce.0'
when: ansible_os_family == 'Debian'
- name: Set the test GitLab version number for RedHat.
set_fact:
gitlab_version: '11.4.0-ce.0.el7'
when: ansible_os_family == 'RedHat'
roles:
- role: geerlingguy.gitlab

81
roles/geerlingguy.gitlab/tasks/main.yml Normal file
View file

@ -0,0 +1,81 @@
---
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Check if GitLab configuration file already exists.
stat: path=/etc/gitlab/gitlab.rb
register: gitlab_config_file
- name: Check if GitLab is already installed.
stat: path=/usr/bin/gitlab-ctl
register: gitlab_file
# Install GitLab and its dependencies.
- name: Install GitLab dependencies.
package:
name: "{{ gitlab_dependencies }}"
state: present
- name: Install GitLab dependencies (Debian).
apt:
name: gnupg2
state: present
when: ansible_os_family == 'Debian'
- name: Download GitLab repository installation script.
get_url:
url: "{{ gitlab_repository_installation_script_url }}"
dest: /tmp/gitlab_install_repository.sh
validate_certs: "{{ gitlab_download_validate_certs }}"
when: not gitlab_file.stat.exists
- name: Install GitLab repository.
command: bash /tmp/gitlab_install_repository.sh
register: output
when: not gitlab_file.stat.exists
- name: Define the Gitlab package name.
set_fact:
gitlab_package_name: "{{ gitlab_edition }}{{ gitlab_package_version_separator }}{{ gitlab_version }}"
when: gitlab_version | default(false)
- name: Install GitLab
package:
name: "{{ gitlab_package_name | default(gitlab_edition) }}"
state: present
async: 300
poll: 5
when: not gitlab_file.stat.exists
# Start and configure GitLab. Sometimes the first run fails, but after that,
# restarts fix problems, so ignore failures on this run.
- name: Reconfigure GitLab (first run).
command: >
gitlab-ctl reconfigure
creates=/var/opt/gitlab/bootstrapped
failed_when: false
- name: Create GitLab SSL configuration folder.
file:
path: /etc/gitlab/ssl
state: directory
owner: root
group: root
mode: 0700
when: gitlab_create_self_signed_cert
- name: Create self-signed certificate.
command: >
openssl req -new -nodes -x509 -subj "{{ gitlab_self_signed_cert_subj }}"
-days 3650 -keyout {{ gitlab_ssl_certificate_key }} -out {{ gitlab_ssl_certificate }} -extensions v3_ca
creates={{ gitlab_ssl_certificate }}
when: gitlab_create_self_signed_cert
- name: Copy GitLab configuration file.
template:
src: "{{ gitlab_config_template }}"
dest: /etc/gitlab/gitlab.rb
owner: root
group: root
mode: 0600
notify: restart gitlab

108
roles/geerlingguy.gitlab/templates/gitlab.rb.j2 Normal file
View file

@ -0,0 +1,108 @@
# The URL through which GitLab will be accessed.
external_url "{{ gitlab_external_url }}"
# gitlab.yml configuration
gitlab_rails['time_zone'] = "{{ gitlab_time_zone }}"
gitlab_rails['backup_keep_time'] = {{ gitlab_backup_keep_time }}
gitlab_rails['gitlab_email_enabled'] = {{ gitlab_email_enabled }}
{% if gitlab_email_enabled == "true" %}
gitlab_rails['gitlab_email_from'] = "{{ gitlab_email_from }}"
gitlab_rails['gitlab_email_display_name'] = "{{ gitlab_email_display_name }}"
gitlab_rails['gitlab_email_reply_to'] = "{{ gitlab_email_reply_to }}"
{% endif %}
# Default Theme
gitlab_rails['gitlab_default_theme'] = "{{ gitlab_default_theme }}"
# Whether to redirect http to https.
nginx['redirect_http_to_https'] = {{ gitlab_redirect_http_to_https }}
nginx['ssl_certificate'] = "{{ gitlab_ssl_certificate }}"
nginx['ssl_certificate_key'] = "{{ gitlab_ssl_certificate_key }}"
# The directory where Git repositories will be stored.
git_data_dirs({"default" => {"path" => "{{ gitlab_git_data_dir }}"} })
# The directory where Gitlab backups will be stored
gitlab_rails['backup_path'] = "{{ gitlab_backup_path }}"
# These settings are documented in more detail at
# https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example#L118
gitlab_rails['ldap_enabled'] = {{ gitlab_ldap_enabled }}
{% if gitlab_ldap_enabled == "true" %}
gitlab_rails['ldap_host'] = '{{ gitlab_ldap_host }}'
gitlab_rails['ldap_port'] = {{ gitlab_ldap_port }}
gitlab_rails['ldap_uid'] = '{{ gitlab_ldap_uid }}'
gitlab_rails['ldap_method'] = '{{ gitlab_ldap_method}}' # 'ssl' or 'plain'
gitlab_rails['ldap_bind_dn'] = '{{ gitlab_ldap_bind_dn }}'
gitlab_rails['ldap_password'] = '{{ gitlab_ldap_password }}'
gitlab_rails['ldap_allow_username_or_email_login'] = true
gitlab_rails['ldap_base'] = '{{ gitlab_ldap_base }}'
{% endif %}
# GitLab Nginx
## See https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md
{% if gitlab_nginx_listen_port is defined %}
nginx['listen_port'] = "{{ gitlab_nginx_listen_port }}"
{% endif %}
{% if gitlab_nginx_listen_https is defined %}
nginx['listen_https'] = {{ gitlab_nginx_listen_https }}
{% endif %}
# Use smtp instead of sendmail/postfix
# More details and example configuration at
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/smtp.md
gitlab_rails['smtp_enable'] = {{ gitlab_smtp_enable }}
{% if gitlab_smtp_enable == "true" %}
gitlab_rails['smtp_address'] = '{{ gitlab_smtp_address }}'
gitlab_rails['smtp_port'] = {{ gitlab_smtp_port }}
{% if gitlab_smtp_user_name %}
gitlab_rails['smtp_user_name'] = '{{ gitlab_smtp_user_name }}'
{% endif %}
{% if gitlab_smtp_password %}
gitlab_rails['smtp_password'] = '{{ gitlab_smtp_password }}'
{% endif %}
gitlab_rails['smtp_domain'] = '{{ gitlab_smtp_domain }}'
{% if gitlab_smtp_authentication %}
gitlab_rails['smtp_authentication'] = '{{ gitlab_smtp_authentication }}'
{% endif %}
gitlab_rails['smtp_enable_starttls_auto'] = {{ gitlab_smtp_enable_starttls_auto }}
gitlab_rails['smtp_tls'] = {{ gitlab_smtp_tls }}
gitlab_rails['smtp_openssl_verify_mode'] = '{{ gitlab_smtp_openssl_verify_mode }}'
gitlab_rails['smtp_ca_path'] = '{{ gitlab_smtp_ca_path }}'
gitlab_rails['smtp_ca_file'] = '{{ gitlab_smtp_ca_file }}'
{% endif %}
# 2-way SSL Client Authentication.
{% if gitlab_nginx_ssl_verify_client %}
nginx['ssl_verify_client'] = "{{ gitlab_nginx_ssl_verify_client }}"
{% endif %}
{% if gitlab_nginx_ssl_client_certificate %}
nginx['ssl_client_certificate'] = "{{ gitlab_nginx_ssl_client_certificate }}"
{% endif %}
# GitLab registry.
registry['enable'] = {{ gitlab_registry_enable }}
{% if gitlab_registry_enable == "true" %}
registry_external_url "{{ gitlab_registry_external_url }}"
registry_nginx['ssl_certificate'] = "{{ gitlab_registry_nginx_ssl_certificate }}"
registry_nginx['ssl_certificate_key'] = "{{ gitlab_registry_nginx_ssl_certificate_key }}"
{% endif %}
{% if gitlab_extra_settings is defined %}
# Extra configuration
{% for extra in gitlab_extra_settings %}
{% for setting in extra %}
{% for kv in extra[setting] %}
{% if (kv.type is defined and kv.type == 'plain') or (kv.value is not string) %}
{{ setting }}['{{ kv.key }}'] = {{ kv.value }}
{% else %}
{{ setting }}['{{ kv.key }}'] = '{{ kv.value }}'
{% endif %}
{% endfor %}
{% endfor %}
{% endfor %}
{% endif %}
# To change other settings, see:
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#changing-gitlab-yml-settings

3
roles/geerlingguy.gitlab/vars/Debian.yml Normal file
View file

@ -0,0 +1,3 @@
---
gitlab_package_version_separator: '='
gitlab_repository_installation_script_url: "https://packages.gitlab.com/install/repositories/gitlab/{{ gitlab_edition }}/script.deb.sh"

3
roles/geerlingguy.gitlab/vars/RedHat.yml Normal file
View file

@ -0,0 +1,3 @@
---
gitlab_package_version_separator: '-'
gitlab_repository_installation_script_url: "https://packages.gitlab.com/install/repositories/gitlab/{{ gitlab_edition }}/script.rpm.sh"

1
roles/geerlingguy.pip

@ -1 +0,0 @@
Subproject commit fd6d58a5719a836e89ef64cf22176e37ca312e9c

2
roles/geerlingguy.pip/.ansible-lint Normal file
View file

@ -0,0 +1,2 @@
skip_list:
- '106'

4
roles/geerlingguy.pip/.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

56
roles/geerlingguy.pip/.github/stale.yml vendored Normal file
View file

@ -0,0 +1,56 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

71
roles/geerlingguy.pip/.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,71 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 4 * * 5"
defaults:
run:
working-directory: 'geerlingguy.pip'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.pip'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint ansible-lint
- name: Lint code.
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- centos8
- centos7
- fedora32
- ubuntu2004
- ubuntu1804
- debian10
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.pip'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

38
roles/geerlingguy.pip/.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,38 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.pip'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.pip'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-base
- name: Trigger a new import on Galaxy.
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

3
roles/geerlingguy.pip/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
*.retry
*/__pycache__
*.pyc

10
roles/geerlingguy.pip/.yamllint Normal file
View file

@ -0,0 +1,10 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/stale.yml

20
roles/geerlingguy.pip/LICENSE Normal file
View file

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

76
roles/geerlingguy.pip/README.md Normal file
View file

@ -0,0 +1,76 @@
# Ansible Role: Pip (for Python)
[![CI](https://github.com/geerlingguy/ansible-role-pip/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-pip/actions?query=workflow%3ACI)
An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux.
## Requirements
On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
pip_package: python3-pip
The name of the packge to install to get `pip` on the system. For older systems that don't have Python 3 available, you can set this to `python-pip`.
pip_executable: pip3
The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`.
pip_install_packages: []
A list of packages to install with pip. Examples below:
pip_install_packages:
# Specify names and versions.
- name: docker
version: "1.2.3"
- name: awscli
version: "1.11.91"
# Or specify bare packages to get the latest release.
- docker
- awscli
# Or uninstall a package.
- name: docker
state: absent
# Or update a package ot the latest version.
- name: docker
state: latest
# Or force a reinstall.
- name: docker
state: forcereinstall
# Or install a package in a particular virtualenv.
- name: docker
virtualenv: /my_app/venv
## Dependencies
None.
## Example Playbook
- hosts: all
vars:
pip_install_packages:
- name: docker
- name: awscli
roles:
- geerlingguy.pip
## License
MIT / BSD
## Author Information
This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

6
roles/geerlingguy.pip/defaults/main.yml Normal file
View file

@ -0,0 +1,6 @@
---
# For Python 3, use python3-pip.
pip_package: python3-pip
pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}"
pip_install_packages: []

31
roles/geerlingguy.pip/meta/main.yml Normal file
View file

@ -0,0 +1,31 @@
---
dependencies: []
galaxy_info:
role_name: pip
author: geerlingguy
description: Pip (Python package manager) for Linux.
issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues
company: "Midwestern Mac, LLC"
license: "MIT"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- all
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- system
- server
- packaging
- python
- pip
- tools

28
roles/geerlingguy.pip/molecule/default/converge.yml Normal file
View file

@ -0,0 +1,28 @@
---
- name: Converge
hosts: all
become: true
vars:
pip_install_packages:
# Test installing a specific version of a package.
- name: ipaddress
version: "1.0.18"
# Test installing a package by name.
- colorama
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
- name: Set package name for older OSes.
set_fact:
pip_package: python-pip
when: >
(ansible_os_family == 'RedHat') and (ansible_distribution_major_version | int < 8)
or (ansible_distribution == 'Debian') and (ansible_distribution_major_version | int < 10)
or (ansible_distribution == 'Ubuntu') and (ansible_distribution_major_version | int < 18)
roles:
- role: geerlingguy.pip

17
roles/geerlingguy.pip/molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,17 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

14
roles/geerlingguy.pip/tasks/main.yml Normal file
View file

@ -0,0 +1,14 @@
---
- name: Ensure Pip is installed.
package:
name: "{{ pip_package }}"
state: present
- name: Ensure pip_install_packages are installed.
pip:
name: "{{ item.name | default(item) }}"
version: "{{ item.version | default(omit) }}"
virtualenv: "{{ item.virtualenv | default(omit) }}"
state: "{{ item.state | default(omit) }}"
executable: "{{ pip_executable }}"
with_items: "{{ pip_install_packages }}"

1
roles/oefenweb.ufw

@ -1 +0,0 @@
Subproject commit 14548ed99b9135b7c886aaf6d1289c4a6c8d1a62

2
roles/oefenweb.ufw/.ansible-lint Normal file
View file

@ -0,0 +1,2 @@
skip_list:
- '405'

30
roles/oefenweb.ufw/.gitignore vendored Normal file
View file

@ -0,0 +1,30 @@
# OS generated files #
######################
.DS_Store
.DS_Store?
._*
.Spotlight-V100
.Trashes
Icon?
ehthumbs.db
Thumbs.db
# IDE files #
#################
/.settings
/.buildpath
/.project
/nbproject
*.komodoproject
*.kpf
/.idea
# Vagrant files #
.virtualbox/
.vagrant/
vagrant_ansible_inventory_*
ansible.cfg
# Other files #
###############
!empty

89
roles/oefenweb.ufw/.travis.yml Normal file
View file

@ -0,0 +1,89 @@
---
sudo: required
dist: xenial
language: python
python:
- "2.7"
- "3.5"
env:
- ANSIBLE_VERSION=latest
- ANSIBLE_VERSION=2.10.2
- ANSIBLE_VERSION=2.10.1
- ANSIBLE_VERSION=2.10.0
- ANSIBLE_VERSION=2.9.14
- ANSIBLE_VERSION=2.9.13
- ANSIBLE_VERSION=2.9.12
- ANSIBLE_VERSION=2.9.11
- ANSIBLE_VERSION=2.9.10
- ANSIBLE_VERSION=2.9.9
- ANSIBLE_VERSION=2.9.8
- ANSIBLE_VERSION=2.9.7
- ANSIBLE_VERSION=2.9.6
- ANSIBLE_VERSION=2.9.5
- ANSIBLE_VERSION=2.9.4
- ANSIBLE_VERSION=2.9.3
- ANSIBLE_VERSION=2.9.2
- ANSIBLE_VERSION=2.9.1
- ANSIBLE_VERSION=2.9.0
- ANSIBLE_VERSION=2.8.16
- ANSIBLE_VERSION=2.8.15
- ANSIBLE_VERSION=2.8.14
- ANSIBLE_VERSION=2.8.13
- ANSIBLE_VERSION=2.8.12
- ANSIBLE_VERSION=2.8.11
- ANSIBLE_VERSION=2.8.10
- ANSIBLE_VERSION=2.8.9
- ANSIBLE_VERSION=2.8.8
- ANSIBLE_VERSION=2.8.7
- ANSIBLE_VERSION=2.8.6
- ANSIBLE_VERSION=2.8.5
- ANSIBLE_VERSION=2.8.4
- ANSIBLE_VERSION=2.8.3
- ANSIBLE_VERSION=2.8.2
- ANSIBLE_VERSION=2.8.1
- ANSIBLE_VERSION=2.8.0
branches:
only:
- master
matrix:
allow_failures:
# https://github.com/ansible/ansible/issues/56674
- env: ANSIBLE_VERSION=2.8.0
before_install:
- sudo apt-get update -qq
# Remove ufw
- sudo apt-get remove --purge --yes ufw
install:
# Install Ansible.
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible-lint; fi
script:
# Check the role/playbook's syntax.
- ansible-playbook -i tests/inventory tests/test.yml --syntax-check
# Run the role/playbook with ansible-playbook.
- ansible-playbook -i tests/inventory tests/test.yml -vvvv
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/test.yml
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
- if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml; fi
notifications:
email: false
webhooks: https://galaxy.ansible.com/api/v1/notifications/
slack:
rooms:
secure: "If2mqrqZs5q6yZ9bs9qq+pmgCEMCTv1Nk3vQjax9N+xFoIvnRi1v0drEekibKgns8eg0Mg/Tya7xxXokqFhs3wVY64r43v86HFLS2MVDTaMYAxK3kRd4x8R5INIAN1U7Dtsk8RQbIngzGJPZwOfmOtY1qQ5p3RLMM+6zEBQOO7U="

19
roles/oefenweb.ufw/LICENSE.txt Normal file
View file

@ -0,0 +1,19 @@
Copyright (c) Oefenweb.nl <https://github.com/Oefenweb>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

93
roles/oefenweb.ufw/README.md Normal file
View file

@ -0,0 +1,93 @@
## ufw
[![Build Status](https://travis-ci.org/Oefenweb/ansible-ufw.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-ufw)
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ufw-blue.svg)](https://galaxy.ansible.com/Oefenweb/ufw)
Set up ufw in Debian-like systems.
#### Requirements
None
#### Variables
* `ufw_default_incoming_policy` [default: `deny`]: Default (incoming) policy
* `ufw_default_outgoing_policy` [default: `allow`]: Default (outgoing) policy
* `ufw_logging` [default: `off`]: Log level
* `ufw_rules` [default: see `defaults/main.yml`]: Rules to apply
* `ufw_etc_default_ipv6` [default: `true`]: Set to yes to apply rules to support IPv6
* `ufw_etc_default_default_input_policy` [default: `DROP`]: Set the default input policy to `ACCEPT`, `DROP`, or `REJECT`. Please note that if you change this you will most likely want to adjust your rules
* `ufw_etc_default_default_output_policy` [default: `ACCEPT`]: Set the default output policy to `ACCEPT`, `DROP`, or `REJECT`. Please note that if you change this you will most likely want to adjust your rules
* `ufw_etc_default_default_forward_policy` [default: `DROP`]: Set the default forward policy to `ACCEPT`, `DROP` or `REJECT`. Please note that if you change this you will most likely want to adjust your rules
* `ufw_etc_default_default_application_policy` [default: `SKIP`]: Set the default application policy to `ACCEPT`, `DROP`, `REJECT` or `SKIP`. Please note that setting this to `ACCEPT` may be a security risk
* `ufw_etc_default_manage_builtins` [default: `false`]: By default, ufw only touches its own chains. Set this to 'yes' to have ufw manage the built-in chains too. Warning: setting this to 'yes' will break non-ufw managed firewall rules
* `ufw_etc_default_ipt_sysctl` [default: `/etc/ufw/sysctl.conf`]: IPT backend, only enable if using iptables backend
* `ufw_etc_default_ipt_modules` [default: `[nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_netbios_ns]`]: Extra connection tracking modules to load. Complete list can be found in `net/netfilter/Kconfig` of your kernel source
## Dependencies
None
#### Example
```yaml
---
- hosts: all
roles:
- ufw
```
##### Allow ssh
```yaml
- hosts: all
roles:
- ufw
vars:
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'allow incoming connection on standard ssh port'
```
##### Allow all traffic on eth1
```yaml
- hosts: all
roles:
- ufw
vars:
ufw_rules:
- rule: allow
interface: eth1
to_port: ''
comment: 'allow all traffic on interface eth1'
```
##### Allow snmp traffic from 1.2.3.4 on eth0
```yaml
- hosts: all
roles:
- ufw
vars:
ufw_rules:
- rule: allow
interface: eth0
from_ip: 1.2.3.4
to_port: 161
protocol: udp
```
#### License
MIT
#### Author Information
Mischa ter Smitten (based on work of weareinteractive)
#### Feedback, bug-reports, requests, ...
Are [welcome](https://github.com/Oefenweb/ansible-ufw/issues)!

77
roles/oefenweb.ufw/Vagrantfile vendored Normal file
View file

@ -0,0 +1,77 @@
# -*- mode: ruby -*-
# vi: set ft=ruby ts=2 sw=2 tw=0 et :
role = File.basename(File.expand_path(File.dirname(__FILE__)))
boxes = [
{
:name => "ubuntu-1204",
:box => "bento/ubuntu-12.04",
:ip => '10.0.0.11',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1404",
:box => "bento/ubuntu-14.04",
:ip => '10.0.0.12',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1604",
:box => "bento/ubuntu-16.04",
:ip => '10.0.0.13',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1804",
:box => "bento/ubuntu-18.04",
:ip => '10.0.0.14',
:cpu => "50",
:ram => "384"
},
{
:name => "debian-7",
:box => "bento/debian-7",
:ip => '10.0.0.15',
:cpu => "50",
:ram => "256"
},
{
:name => "debian-8",
:box => "bento/debian-8",
:ip => '10.0.0.16',
:cpu => "50",
:ram => "256"
},
{
:name => "debian-9",
:box => "bento/debian-9",
:ip => '10.0.0.17',
:cpu => "50",
:ram => "256"
},
]
Vagrant.configure("2") do |config|
boxes.each do |box|
config.vm.define box[:name] do |vms|
vms.vm.box = box[:box]
vms.vm.hostname = "ansible-#{role}-#{box[:name]}"
vms.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]]
v.customize ["modifyvm", :id, "--memory", box[:ram]]
end
vms.vm.network :private_network, ip: box[:ip]
vms.vm.provision :ansible do |ansible|
ansible.playbook = "tests/vagrant.yml"
ansible.verbose = "vv"
end
end
end
end

Some files were not shown because too many files have changed in this diff Show more