Compare commits
2 commits
024a70ba3c
...
1f3c67019e
Author | SHA1 | Date | |
---|---|---|---|
1f3c67019e | |||
bc6f8fdc9e |
22 changed files with 37 additions and 36 deletions
|
@ -39,4 +39,4 @@
|
||||||
dest: "{{ acng_security_conf_path }}"
|
dest: "{{ acng_security_conf_path }}"
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
notify: acng_starten_aktivieren
|
notify: acng_starten_aktivieren
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
|
@ -32,4 +32,4 @@
|
||||||
dest: "{{ acng_security_conf_path }}"
|
dest: "{{ acng_security_conf_path }}"
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
notify: acng_starten_aktivieren
|
notify: acng_starten_aktivieren
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
when:
|
when:
|
||||||
- item.state == "present"
|
- item.state == "present"
|
||||||
- docker_compose_projects is defined
|
- docker_compose_projects is defined
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: loop docker tasks - down
|
- name: loop docker tasks - down
|
||||||
ansible.builtin.include_tasks: dockercompose-down.yml
|
ansible.builtin.include_tasks: dockercompose-down.yml
|
||||||
|
@ -13,4 +13,4 @@
|
||||||
when:
|
when:
|
||||||
- item.state == "absent"
|
- item.state == "absent"
|
||||||
- docker_compose_projects is defined
|
- docker_compose_projects is defined
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
owner: "{{ minio_user }}"
|
owner: "{{ minio_user }}"
|
||||||
group: "{{ minio_user }}"
|
group: "{{ minio_user }}"
|
||||||
notify: (re)start service
|
notify: (re)start service
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: template systemd-unit
|
- name: template systemd-unit
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
owner: "{{ minio_user }}"
|
owner: "{{ minio_user }}"
|
||||||
group: "{{ minio_user }}"
|
group: "{{ minio_user }}"
|
||||||
notify: (re)start service
|
notify: (re)start service
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: template systemd-unit
|
- name: template systemd-unit
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
group: root
|
group: root
|
||||||
mode: '0400'
|
mode: '0400'
|
||||||
when: key.rc not in [ 0 ]
|
when: key.rc not in [ 0 ]
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: apply private key # noqa no-changed-when
|
- name: apply private key # noqa no-changed-when
|
||||||
ansible.builtin.command: kubectl apply -f /root/private.key
|
ansible.builtin.command: kubectl apply -f /root/private.key
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
owner: "{{ sanoid_user }}"
|
owner: "{{ sanoid_user }}"
|
||||||
group: "{{ sanoid_user_group }}"
|
group: "{{ sanoid_user_group }}"
|
||||||
mode: "0400"
|
mode: "0400"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
when:
|
when:
|
||||||
- sanoid_syncoid_destination_host
|
- sanoid_syncoid_destination_host
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
### wird in vielen Rollen verwendet
|
### wird in vielen Rollen verwendet
|
||||||
|
no_debug: true # when set to true "no_log" is also set to true
|
||||||
ansible_facts_parallel: true
|
ansible_facts_parallel: true
|
||||||
ssh_public_key_mg: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKL8opSQ0rWVw9uCfbuiqmXq188OP4xh66MBTO3zV5jo heimserver_mg_v3
|
ssh_public_key_mg: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKL8opSQ0rWVw9uCfbuiqmXq188OP4xh66MBTO3zV5jo heimserver_mg_v3
|
||||||
my_mail: michael.grote@posteo.de
|
my_mail: michael.grote@posteo.de
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
notify:
|
notify:
|
||||||
- systemctl daemon-reload
|
- systemctl daemon-reload
|
||||||
|
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') }}"
|
dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') }}"
|
||||||
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -not -name *.j2 ').split('\n') }}"
|
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -not -name *.j2 ').split('\n') }}"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: ensure templated files exists
|
- name: ensure templated files exists
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
@ -36,7 +36,7 @@
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') | replace('.j2', '') }}"
|
dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') | replace('.j2', '') }}"
|
||||||
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}"
|
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
register: copy_template
|
register: copy_template
|
||||||
|
|
||||||
- name: Ensure needed networks exists
|
- name: Ensure needed networks exists
|
||||||
|
|
|
@ -12,4 +12,4 @@
|
||||||
#pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/
|
#pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ smb_users }}"
|
- "{{ smb_users }}"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
|
@ -14,5 +14,5 @@
|
||||||
remove: "{{ item.remove_dir | default('false') }}"
|
remove: "{{ item.remove_dir | default('false') }}"
|
||||||
create_home: false
|
create_home: false
|
||||||
loop: "{{ smb_users }}"
|
loop: "{{ smb_users }}"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
notify: set samba passwords
|
notify: set samba passwords
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
# den jeweiligen group/host-Vars!
|
# den jeweiligen group/host-Vars!
|
||||||
|
|
||||||
- name: Check if Admin-User exists
|
- name: Check if Admin-User exists
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
become_user: gitea
|
become_user: gitea
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.command: |
|
ansible.builtin.command: |
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
|
- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
become_user: gitea
|
become_user: gitea
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.command: |
|
ansible.builtin.command: |
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# und
|
# und
|
||||||
# den jeweiligen group/host-Vars!
|
# den jeweiligen group/host-Vars!
|
||||||
- name: Ensure LDAP config is set up
|
- name: Ensure LDAP config is set up
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
become_user: gitea
|
become_user: gitea
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.command: |
|
ansible.builtin.command: |
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet
|
changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet
|
||||||
|
|
||||||
- name: Modify LDAP config
|
- name: Modify LDAP config
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
become_user: gitea
|
become_user: gitea
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.command: |
|
ansible.builtin.command: |
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
url: "{{ minio_url }}"
|
url: "{{ minio_url }}"
|
||||||
state: "{{ item.state | default('present') }}"
|
state: "{{ item.state | default('present') }}"
|
||||||
loop: "{{ minio_users }}"
|
loop: "{{ minio_users }}"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
# Bug: delegate_to: localhost
|
# Bug: delegate_to: localhost
|
||||||
# in ansible-devspace wird das Python Paket "minio" nicht gefunden
|
# in ansible-devspace wird das Python Paket "minio" nicht gefunden
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0777"
|
mode: "0777"
|
||||||
loop: "{{ cifs_mounts }}"
|
loop: "{{ cifs_mounts }}"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
when: cifs_mounts is defined
|
when: cifs_mounts is defined
|
||||||
|
|
||||||
- name: create credential-file
|
- name: create credential-file
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
group: root
|
group: root
|
||||||
mode: '0400'
|
mode: '0400'
|
||||||
loop: "{{ cifs_mounts }}"
|
loop: "{{ cifs_mounts }}"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
when: cifs_mounts is defined
|
when: cifs_mounts is defined
|
||||||
|
|
||||||
- name: mount cifs volumes
|
- name: mount cifs volumes
|
||||||
|
@ -40,5 +40,5 @@
|
||||||
dump: "0"
|
dump: "0"
|
||||||
passno: "0"
|
passno: "0"
|
||||||
loop: "{{ cifs_mounts }}"
|
loop: "{{ cifs_mounts }}"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
when: cifs_mounts is defined
|
when: cifs_mounts is defined
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
force_basic_auth: true
|
force_basic_auth: true
|
||||||
loop: "{{ munin_node_plugins }}"
|
loop: "{{ munin_node_plugins }}"
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
check_mode: false # damit werden auch im check-mode die Plugins heruntergeladen, sonst schlägt der nächste Task fehl
|
check_mode: false # damit werden auch im check-mode die Plugins heruntergeladen, sonst schlägt der nächste Task fehl
|
||||||
|
|
||||||
- name: Enable additional plugins
|
- name: Enable additional plugins
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
state: link
|
state: link
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
loop: "{{ munin_node_plugins }}"
|
loop: "{{ munin_node_plugins }}"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: Template additional plugin-config
|
- name: Template additional plugin-config
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
loop: "{{ munin_node_plugins }}"
|
loop: "{{ munin_node_plugins }}"
|
||||||
when: item.config is defined
|
when: item.config is defined
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: Ensure munin-node is running
|
- name: Ensure munin-node is running
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
ansible.builtin.command: "pvesm add pbs {{ item.name }} --server {{ item.server }} --datastore {{ item.datastore }} --username {{ item.username }} --password {{ item.password }} --fingerprint {{ item.fingerprint }}"
|
ansible.builtin.command: "pvesm add pbs {{ item.name }} --server {{ item.server }} --datastore {{ item.datastore }} --username {{ item.username }} --password {{ item.password }} --fingerprint {{ item.fingerprint }}"
|
||||||
loop: "{{ pve_pbs_datastore }}"
|
loop: "{{ pve_pbs_datastore }}"
|
||||||
when: "item.name not in storages.stdout"
|
when: "item.name not in storages.stdout"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: ensure datastore is configured
|
- name: ensure datastore is configured
|
||||||
become: true
|
become: true
|
||||||
|
@ -20,4 +20,4 @@
|
||||||
loop: "{{ pve_pbs_datastore }}"
|
loop: "{{ pve_pbs_datastore }}"
|
||||||
when: "item.name in storages.stdout"
|
when: "item.name in storages.stdout"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
ansible.builtin.command: "proxmox-backup-manager user create {{ item.name }}@{{ item.realm }}"
|
ansible.builtin.command: "proxmox-backup-manager user create {{ item.name }}@{{ item.realm }}"
|
||||||
loop: "{{ pbs_users }}"
|
loop: "{{ pbs_users }}"
|
||||||
when: "item.name not in users.stdout"
|
when: "item.name not in users.stdout"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: check again which users exist
|
- name: check again which users exist
|
||||||
become: true
|
become: true
|
||||||
|
@ -24,4 +24,4 @@
|
||||||
loop: "{{ pbs_users }}"
|
loop: "{{ pbs_users }}"
|
||||||
when: "item.name in users.stdout"
|
when: "item.name in users.stdout"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
owner: "{{ restic_user }}"
|
owner: "{{ restic_user }}"
|
||||||
group: "{{ restic_group }}"
|
group: "{{ restic_group }}"
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: templates excludes
|
- name: templates excludes
|
||||||
become: true
|
become: true
|
||||||
|
@ -49,7 +49,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: template restic.mount
|
- name: template restic.mount
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
owner: "{{ rsync_mirror_user }}"
|
owner: "{{ rsync_mirror_user }}"
|
||||||
group: "{{ rsync_mirror_user_group }}"
|
group: "{{ rsync_mirror_user_group }}"
|
||||||
mode: "0400"
|
mode: "0400"
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: Ensure rsync_mirror-Script is templated
|
- name: Ensure rsync_mirror-Script is templated
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
loop: "{{ users }}"
|
loop: "{{ users }}"
|
||||||
when: item.groups is defined
|
when: item.groups is defined
|
||||||
become: false
|
become: false
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: Ensure groups exist
|
- name: Ensure groups exist
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
state: present
|
state: present
|
||||||
loop: '{{ groups_as_list }}'
|
loop: '{{ groups_as_list }}'
|
||||||
when: groups_as_list is defined
|
when: groups_as_list is defined
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: Ensure users exist
|
- name: Ensure users exist
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
|
@ -26,7 +26,7 @@
|
||||||
createhome: "{{ item.createhome | default('yes') }}"
|
createhome: "{{ item.createhome | default('yes') }}"
|
||||||
state: "{{ item.state | default('present') }}"
|
state: "{{ item.state | default('present') }}"
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
- name: Ensure user ssh-keys exist
|
- name: Ensure user ssh-keys exist
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
state: "{{ item.state | default('present') }}"
|
state: "{{ item.state | default('present') }}"
|
||||||
when: item.public_ssh_key is defined
|
when: item.public_ssh_key is defined
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
||||||
# teilweiser revert von https://git.mgrote.net/mg/homeserver/commit/506fa8da8d8c4ca74d0d78d044468b991d0d560a
|
# teilweiser revert von https://git.mgrote.net/mg/homeserver/commit/506fa8da8d8c4ca74d0d78d044468b991d0d560a
|
||||||
# das modul erstellt die sudoers falsch:
|
# das modul erstellt die sudoers falsch:
|
||||||
|
@ -58,4 +58,4 @@
|
||||||
mode: "0440"
|
mode: "0440"
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
||||||
no_log: true
|
no_log: "{{ no_debug | default('true') }}"
|
||||||
|
|
Loading…
Reference in a new issue