diff --git a/.yamllint.yml b/.yamllint.yml index f359ecb1..6c3f3d79 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -3,4 +3,7 @@ extends: default rules: line-length: disable + braces: + min-spaces-inside: 0 + max-spaces-inside: 1 ... diff --git a/group_vars/adh_server.yml b/group_vars/adh_server.yml index db16eb11..39fa222b 100644 --- a/group_vars/adh_server.yml +++ b/group_vars/adh_server.yml @@ -2,7 +2,7 @@ glob_adh: apache: listen_local: - - "127.0.0.1:80" + - 127.0.0.1:80 - "[::1]:80" listen_network: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipwrap }}" club_vhosts: diff --git a/group_vars/all/ansible-header.yml b/group_vars/all/ansible-header.yml index 3a7faebd..fc053700 100644 --- a/group_vars/all/ansible-header.yml +++ b/group_vars/all/ansible-header.yml @@ -1,18 +1,19 @@ --- # Custom header -dirty: "{% if template_fullpath is defined %}{{ lookup('pipe', 'git diff --quiet -- ' + template_fullpath | quote + ' || echo dirty') }}{% else %}{{ lookup('pipe', 'git diff --quiet || echo dirty') }}{% endif %}" +dirty: "{% if template_fullpath is defined %}{{ lookup('pipe', 'git diff --quiet -- ' + template_fullpath | quote + ' || echo dirty') }}{% else %}{{ lookup('pipe',\ + \ 'git diff --quiet || echo dirty') }}{% endif %}" ansible_header: | - +++++++++++++++++++++++++++++++++++++++++++++++++++ + +++++++++++++++++++++++++++++++++++++++++++++++++++ - Ansible managed, don't modify the file locally. - See https://gitlab.crans.org/nounous/ansible. - {% if template_fullpath is defined %}{% set _, rpath = template_fullpath.split('roles/', 1) %}Commit: {% if dirty %}({{dirty}}) {% endif %}{{ lookup('pipe', 'git log -n 1 --pretty=format:%H -- ' + template_fullpath | quote) }} - {% if dirty %}Run by: {{ ansible_env.SUDO_USER }} - {% else %}Author: {{ lookup('pipe', 'git log -n 1 --pretty=format:%an -- ' + template_fullpath | quote) }} - {% endif %}Template: roles/{{ rpath }} - {% else %} - Run by: {{ ansible_env.SUDO_USER }} - Latest commit: {% if dirty %}({{dirty}}) {% endif %}{{ lookup('pipe', 'git rev-parse HEAD') }} - {% endif %} + Ansible managed, don't modify the file locally. + See https://gitlab.crans.org/nounous/ansible. + {% if template_fullpath is defined %}{% set _, rpath = template_fullpath.split('roles/', 1) %}Commit: {% if dirty %}({{ dirty }}) {% endif %}{{ lookup('pipe', 'git log -n 1 --pretty=format:%H -- ' + template_fullpath | quote) }} + {% if dirty %}Run by: {{ ansible_env.SUDO_USER }} + {% else %}Author: {{ lookup('pipe', 'git log -n 1 --pretty=format:%an -- ' + template_fullpath | quote) }} + {% endif %}Template: roles/{{ rpath }} + {% else %} + Run by: {{ ansible_env.SUDO_USER }} + Latest commit: {% if dirty %}({{ dirty }}) {% endif %}{{ lookup('pipe', 'git rev-parse HEAD') }} + {% endif %} - +++++++++++++++++++++++++++++++++++++++++++++++++++ + +++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/group_vars/all/borg.yml b/group_vars/all/borg.yml index abf2aa78..25ca7f5f 100644 --- a/group_vars/all/borg.yml +++ b/group_vars/all/borg.yml @@ -11,8 +11,8 @@ glob_borg: remote: - borg@backup-ft.adm.crans.org:/backup/borg-server/{{ ansible_hostname }} retention: - - ["daily", 4] - - ["monthly", 6] + - [daily, 4] + - [monthly, 6] consistency_check: - disabled extra_init: diff --git a/group_vars/all/home_nounou.yml b/group_vars/all/home_nounou.yml index f6c691bf..c2d02bee 100644 --- a/group_vars/all/home_nounou.yml +++ b/group_vars/all/home_nounou.yml @@ -7,4 +7,4 @@ glob_home_nounou: name: home_nounou owner: root group: _user - mode: '0750' + mode: "0750" diff --git a/group_vars/all/ldap.yml b/group_vars/all/ldap.yml index 781301c8..0078e863 100644 --- a/group_vars/all/ldap.yml +++ b/group_vars/all/ldap.yml @@ -1,10 +1,10 @@ --- glob_ldap: - uri: 'ldap://re2o-ldap.adm.crans.org/' - users_base: 'cn=Utilisateurs,dc=crans,dc=org' + uri: ldap://re2o-ldap.adm.crans.org/ + users_base: cn=Utilisateurs,dc=crans,dc=org servers: - 172.16.10.1 - 172.16.10.11 - 172.16.10.12 - 172.16.10.13 - base: 'dc=crans,dc=org' + base: dc=crans,dc=org diff --git a/group_vars/all/network_interfaces.yml b/group_vars/all/network_interfaces.yml index 7ccc265f..c26480e0 100644 --- a/group_vars/all/network_interfaces.yml +++ b/group_vars/all/network_interfaces.yml @@ -14,10 +14,11 @@ glob_network_interfaces: - name: san id: 4 extra: - - "mtu 9000" + - mtu 9000 - name: adm id: 10 - dns: "{{ query('ldap', 'ip', 'routeur-sam', 'adm') | ansible.utils.ipv4 | first }} {{ query('ldap', 'ip', 'routeur-daniel', 'adm') | ansible.utils.ipv4 | first }}" + dns: "{{ query('ldap', 'ip', 'routeur-sam', 'adm') | ansible.utils.ipv4 | first }} {{ query('ldap', 'ip', 'routeur-daniel', 'adm') | ansible.utils.ipv4 | first\ + \ }}" - name: adh id: 12 gateway: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ansible.utils.ipv4 | first }}" diff --git a/group_vars/all/root.yml b/group_vars/all/root.yml index 9b923fc2..f664cf1f 100644 --- a/group_vars/all/root.yml +++ b/group_vars/all/root.yml @@ -1,3 +1,3 @@ --- glob_root: - passwd_hash: '{{ vault.root.passwd_hash }}' + passwd_hash: "{{ vault.root.passwd_hash }}" diff --git a/group_vars/all/ssh_known_hosts.yml b/group_vars/all/ssh_known_hosts.yml index 3e29c6cc..4e3ebd0f 100644 --- a/group_vars/all/ssh_known_hosts.yml +++ b/group_vars/all/ssh_known_hosts.yml @@ -12,4 +12,4 @@ glob_service_ssh_known_hosts: frequency: "*/10 * * * *" config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" + server: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }} diff --git a/group_vars/arpproxy.yml b/group_vars/arpproxy.yml index f5db4b2a..b2b03091 100644 --- a/group_vars/arpproxy.yml +++ b/group_vars/arpproxy.yml @@ -8,6 +8,6 @@ glob_service_proxy: generated: false cron: frequency: "* * * * *" - options: "--alter" + options: --alter proto_id: 201 main_interface: ens18 diff --git a/group_vars/aurore/home_nounou.yml b/group_vars/aurore/home_nounou.yml index 676e1a1a..059e030a 100644 --- a/group_vars/aurore/home_nounou.yml +++ b/group_vars/aurore/home_nounou.yml @@ -7,4 +7,4 @@ loc_home_nounou: name: home_nounou owner: root group: _user - mode: '0750' + mode: "0750" diff --git a/group_vars/aurore/ssh_known_hosts.yml b/group_vars/aurore/ssh_known_hosts.yml index 3279c0d3..5e54b795 100644 --- a/group_vars/aurore/ssh_known_hosts.yml +++ b/group_vars/aurore/ssh_known_hosts.yml @@ -2,4 +2,4 @@ loc_service_ssh_known_hosts: config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}" + server: ldaps://{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }} diff --git a/group_vars/belenios.yml b/group_vars/belenios.yml index 05300f74..76f4e827 100644 --- a/group_vars/belenios.yml +++ b/group_vars/belenios.yml @@ -12,4 +12,4 @@ logos: where: /usr/share/belenios-server/logo.png owner: root group: root - mode: '0644' + mode: "0644" diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml index 5c414fbe..0601a623 100644 --- a/group_vars/certbot.yml +++ b/group_vars/certbot.yml @@ -13,7 +13,7 @@ glob_service_certbot: remote: https://gitlab.adm.crans.org/nounous/certbot version: main config: - "crans.org": + crans.org: zone: _acme-challenge.crans.org server: 172.16.10.147 port: 53 diff --git a/group_vars/constellation.yml b/group_vars/constellation.yml index 1a2fbd90..94b23332 100644 --- a/group_vars/constellation.yml +++ b/group_vars/constellation.yml @@ -4,41 +4,41 @@ glob_constellation: admins: - ('Root', 'root@crans.org') allowed_hosts: - - 'constellation.crans.org' - - 'intranet.crans.org' + - constellation.crans.org + - intranet.crans.org email: ssl: false host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}" port: 25 - user: '' - password: '' - from: "root@crans.org" - from_full: "Crans " + user: "" + password: "" + from: root@crans.org + from_full: Crans database: host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" port: 5432 - user: 'constellation' + user: constellation password: "{{ vault.constellation.django_db_password }}" - name: 'constellation' + name: constellation front: true crontab: true applications: - - 'access' - - 'billing' - - 'dnsmanager' - - 'firewall' - - 'layers' - - 'management' - - 'member' - - 'topography' - - 'unix' + - access + - billing + - dnsmanager + - firewall + - layers + - management + - member + - topography + - unix stripe: - private_key: '{{ vault.constellation.stripe.live.private_key }}' - public_key: '{{ vault.constellation.stripe.live.public_key }}' + private_key: "{{ vault.constellation.stripe.live.private_key }}" + public_key: "{{ vault.constellation.stripe.live.public_key }}" note: - url: 'https://note.crans.org/' - client_id: '{{ vault.constellation.note.client_id }}' - client_secret: '{{ vault.constellation.note.client_secret }}' + url: https://note.crans.org/ + client_id: "{{ vault.constellation.note.client_id }}" + client_secret: "{{ vault.constellation.note.client_secret }}" debug: false owner: root group: _nounou diff --git a/group_vars/constellation_front.yml b/group_vars/constellation_front.yml index f0be3b70..58535bd1 100644 --- a/group_vars/constellation_front.yml +++ b/group_vars/constellation_front.yml @@ -6,25 +6,25 @@ loc_nginx: - ssl: false default: true server_name: - - "constellation.crans.org" - - "intranet.crans.org" + - constellation.crans.org + - intranet.crans.org locations: - - filter: "/static" + - filter: /static params: - - "alias {% if constellation.version == 'main' %}/var/lib/constellation/static/{% else %}/var/local/constellation/static/{% endif %}" + - alias {% if constellation.version == 'main' %}/var/lib/constellation/static/{% else %}/var/local/constellation/static/{% endif %} - - filter: "/media" + - filter: /media params: - - "alias {% if constellation.version == 'main' %}/var/lib/constellation/media/{% else %}/var/local/constellation/media/{% endif %}" + - alias {% if constellation.version == 'main' %}/var/lib/constellation/media/{% else %}/var/local/constellation/media/{% endif %} - - filter: "/doc" + - filter: /doc params: - - "alias /var/www/constellation-doc/" + - alias /var/www/constellation-doc/ - - filter: "/" + - filter: / params: - - "uwsgi_pass constellation" - - "include /etc/nginx/uwsgi_params" + - uwsgi_pass constellation + - include /etc/nginx/uwsgi_params upstreams: - - name: 'constellation' - server: 'unix:///var/run/uwsgi/app/constellation/constellation.sock' + - name: constellation + server: unix:///var/run/uwsgi/app/constellation/constellation.sock diff --git a/group_vars/dhcp.yml b/group_vars/dhcp.yml index bffecd92..b3b6f829 100644 --- a/group_vars/dhcp.yml +++ b/group_vars/dhcp.yml @@ -1,9 +1,8 @@ --- glob_dhcp: global_options: - - {key: "interface-mtu", value: "1500"} + - { key: interface-mtu, value: "1500" } global_parameters: [] - glob_service_dhcp: name: dhcp install_dir: /var/local/services/dhcp diff --git a/group_vars/django_cas.yml b/group_vars/django_cas.yml index b28a9040..280f3dd4 100644 --- a/group_vars/django_cas.yml +++ b/group_vars/django_cas.yml @@ -1,23 +1,23 @@ --- glob_django_cas: - repo: 'http://gitlab.adm.crans.org/nounous/django-cas.git' - path: '/var/local/django-cas' + repo: http://gitlab.adm.crans.org/nounous/django-cas.git + path: /var/local/django-cas ldap: - dn: 'cn=Utilisateurs,dc=crans,dc=org' + dn: cn=Utilisateurs,dc=crans,dc=org password: "{{ vault.cas.ldap.password }}" - user: 'cn=cas,ou=service-users,dc=crans,dc=org' + user: cn=cas,ou=service-users,dc=crans,dc=org server: 172.16.10.157 db: host: tealc.adm.crans.org password: "{{ vault.cas.database.password }}" secret_key: "{{ vault.cas.secret_key }}" mail: - address: 'root@crans.org' + address: root@crans.org host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}" port: 25 loc_nginx: - service_name: "cas" + service_name: cas ssl: [] servers: - server_name: @@ -29,16 +29,16 @@ loc_nginx: - auth.adm.crans.org default: true locations: - - filter: "/cas" + - filter: /cas params: - - "rewrite ^/cas$ / redirect" - - "rewrite ^/cas/(.*)$ /$1 redirect" + - rewrite ^/cas$ / redirect + - rewrite ^/cas/(.*)$ /$1 redirect - - filter: "/static" + - filter: /static params: - - "alias /var/local/django-cas/cas/local_static" + - alias /var/local/django-cas/cas/local_static - - filter: "/" + - filter: / params: - - "uwsgi_pass unix:///var/run/uwsgi/app/cas/socket" - - "include uwsgi_params" + - uwsgi_pass unix:///var/run/uwsgi/app/cas/socket + - include uwsgi_params diff --git a/group_vars/dns_authoritative.yml b/group_vars/dns_authoritative.yml index 42248b65..5e791288 100644 --- a/group_vars/dns_authoritative.yml +++ b/group_vars/dns_authoritative.yml @@ -1,24 +1,24 @@ --- glob_bind: default: - format: 'bak.%s' + format: bak.%s zones: - '_acme-challenge.crans.org': - '_acme-challenge.adm.crans.org': - 'adh.crans.org': {} - 'adm.crans.org': {} - 'cachan-adm.crans.org': {} - 'crans.eu': {} - 'crans.fr': {} - 'crans.org': {} - 'lists.crans.org': {} - 'san.crans.org': {} - 'renater.crans.org': {} - 'ens.crans.org': {} - 'lp.crans.org': {} - 'admissibles.crans.org': {} - '76.230.185.in-addr.arpa': {} - '77.230.185.in-addr.arpa': {} - '78.230.185.in-addr.arpa': {} - '79.230.185.in-addr.arpa': {} - '0.0.7.0.c.0.a.2.ip6.arpa': {} + _acme-challenge.crans.org: + _acme-challenge.adm.crans.org: + adh.crans.org: {} + adm.crans.org: {} + cachan-adm.crans.org: {} + crans.eu: {} + crans.fr: {} + crans.org: {} + lists.crans.org: {} + san.crans.org: {} + renater.crans.org: {} + ens.crans.org: {} + lp.crans.org: {} + admissibles.crans.org: {} + 76.230.185.in-addr.arpa: {} + 77.230.185.in-addr.arpa: {} + 78.230.185.in-addr.arpa: {} + 79.230.185.in-addr.arpa: {} + 0.0.7.0.c.0.a.2.ip6.arpa: {} diff --git a/group_vars/dovecot.yml b/group_vars/dovecot.yml index 28cd3418..c64d2855 100644 --- a/group_vars/dovecot.yml +++ b/group_vars/dovecot.yml @@ -1,9 +1,9 @@ --- glob_dovecot: ldap: - uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'adm') | ansible.utils.ipv4 | first }}/" - dn: 'cn=dovecot,ou=service-users,dc=crans,dc=org' + uri: ldap://{{ query('ldap', 'ip', 're2o-ldap', 'adm') | ansible.utils.ipv4 | first }}/ + dn: cn=dovecot,ou=service-users,dc=crans,dc=org pass: "{{ vault.dovecot_dnpass }}" - users_base: 'cn=Utilisateurs,dc=crans,dc=org' - home_path: '/home_adh' + users_base: cn=Utilisateurs,dc=crans,dc=org + home_path: /home_adh inet_listener: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipwrap | join(', ') }}" diff --git a/group_vars/dropbear.yml b/group_vars/dropbear.yml index d6a882c8..d5ab033b 100644 --- a/group_vars/dropbear.yml +++ b/group_vars/dropbear.yml @@ -1,6 +1,6 @@ --- glob_dropbear: - initramfs_ip: "::::{{ ansible_hostname }}:ens2f0:dhcp" - options: "-I 180 -j -k -p 80 -s" + initramfs_ip: ::::{{ ansible_hostname }}:ens2f0:dhcp + options: -I 180 -j -k -p 80 -s authorized_keys: - "{{ vault.surface.pubkey }}" diff --git a/group_vars/etherpad.yml b/group_vars/etherpad.yml index 2415094c..46c59369 100644 --- a/group_vars/etherpad.yml +++ b/group_vars/etherpad.yml @@ -11,7 +11,7 @@ glob_etherpad: user: crans host: pgsql.adm.crans.org name: etherpad - default_pad_text: "Etherpad du Crans.\\n\\nCe pad est vide, à vous de le remplir.\\n\\nhttps:\/\/etherpad.org" + default_pad_text: Etherpad du Crans.\n\nCe pad est vide, à vous de le remplir.\n\nhttps://etherpad.org admin: user: admin password: "{{ vault.etherpad.admin.password }}" @@ -28,7 +28,7 @@ glob_etherpad: user: crans host: pgsql.adm.crans.org name: etherpad_tmp - default_pad_text: "Etherpad du Crans.\\n\\nCe pad est vide et expirera dans 1 an, à vous de le remplir.\\n\\nhttps:\/\/etherpad.org" + default_pad_text: Etherpad du Crans.\n\nCe pad est vide et expirera dans 1 an, à vous de le remplir.\n\nhttps://etherpad.org admin: user: admin password: "{{ vault.etherpad.admin.password }}" @@ -38,4 +38,4 @@ glob_etherpad: loop: true loop_delay: 86400 # one day, in seconds delete_at_start: true - deleted_text: "Etherpad du Crans.\\n\\nCe pad est vide et expirera dans 1 an, à vous de le remplir.\\n\\nhttps:\/\/etherpad.org" + deleted_text: Etherpad du Crans.\n\nCe pad est vide et expirera dans 1 an, à vous de le remplir.\n\nhttps://etherpad.org diff --git a/group_vars/framadate.yml b/group_vars/framadate.yml index 9f04f861..971f5558 100644 --- a/group_vars/framadate.yml +++ b/group_vars/framadate.yml @@ -5,7 +5,7 @@ glob_framadate: smtp_server: smtp.adm.crans.org hostname: framadate.crans.org repo: https://framagit.org/framasoft/framadate/framadate.git - version: "1.1.16" + version: 1.1.16 admin_username: framadate admin_password: "{{ vault.framadate.admin_password }}" db_password: "{{ vault.framadate.db_password }}" diff --git a/group_vars/galene.yml b/group_vars/galene.yml index fffd2a0a..12603e2d 100644 --- a/group_vars/galene.yml +++ b/group_vars/galene.yml @@ -5,26 +5,26 @@ service_nginx: - ssl: crans.org default: true server_name: - - "galene.crans.org" + - galene.crans.org locations: - - filter: "/" + - filter: / params: - - "include /etc/nginx/snippets/options-proxypass.conf" - - "proxy_pass http://localhost:8443" + - include /etc/nginx/snippets/options-proxypass.conf + - proxy_pass http://localhost:8443 - - filter: "~ ^/(\\w+)/$" + - filter: ~ ^/(\w+)/$ params: - - "return 302 https://$host/group/$1" + - return 302 https://$host/group/$1 - ssl: crans.org server_name: - - "neree.crans.org" + - neree.crans.org locations: - - filter: "/" + - filter: / params: - - "include /etc/nginx/snippets/options-proxypass.conf" - - "proxy_pass http://localhost:8443" + - include /etc/nginx/snippets/options-proxypass.conf + - proxy_pass http://localhost:8443 - - filter: "~ ^/(\\w+)/$" + - filter: ~ ^/(\w+)/$ params: - - "return 302 https://$host/group/$1" + - return 302 https://$host/group/$1 diff --git a/group_vars/gitlab.yml b/group_vars/gitlab.yml index be3d1fe0..f3125922 100644 --- a/group_vars/gitlab.yml +++ b/group_vars/gitlab.yml @@ -1,21 +1,21 @@ --- glob_gitlab: - url: 'https://gitlab.crans.org' - time_zone: 'Europe/Paris' - email: 'gitlab@crans.org' - email_display_name: 'Crans GitLab' + url: https://gitlab.crans.org + time_zone: Europe/Paris + email: gitlab@crans.org + email_display_name: Crans GitLab ldap: - label: 'Crans' + label: Crans host: "{{ query('ldap', 'ip', 're2o-ldap', 'adm') | first }}" port: 389 - uid: 'uid' - bind_dn: 'cn=gitlab,ou=service-users,dc=crans,dc=org' + uid: uid + bind_dn: cn=gitlab,ou=service-users,dc=crans,dc=org bind_password: "{{ vault.gitlab.ldap.bind_password }}" - base: 'cn=Utilisateurs,dc=crans,dc=org' - user_filter: '(&(!(shadowExpire=0))(uid=*))' - cas_name: 'cas3' - cas_label: 'CAS Cr@ns' - cas_url: 'https://cas.crans.org' + base: cn=Utilisateurs,dc=crans,dc=org + user_filter: (&(!(shadowExpire=0))(uid=*)) + cas_name: cas3 + cas_label: CAS Cr@ns + cas_url: https://cas.crans.org smtp: address: "{{ query('ldap', 'ip', 'redisdead', 'adm') | first }}" port: 25 diff --git a/group_vars/grafana.yml b/group_vars/grafana.yml index 9653f4a3..55f57b2c 100644 --- a/group_vars/grafana.yml +++ b/group_vars/grafana.yml @@ -3,10 +3,10 @@ glob_grafana: root_url: https://grafana.crans.org ldap_base: "{{ glob_ldap.base }}" ldap_master_ipv4: "{{ glob_ldap.servers[0] }}" - ldap_user_tree: "ou=passwd,{{ glob_ldap.base }}" - ldap_group_tree: "ou=group,{{ glob_ldap.base }}" - ldap_group_filter: "uid" - ldap_group_admin: "cn=_nounou,ou=group,{{ glob_ldap.base }}" + ldap_user_tree: ou=passwd,{{ glob_ldap.base }} + ldap_group_tree: ou=group,{{ glob_ldap.base }} + ldap_group_filter: uid + ldap_group_admin: cn=_nounou,ou=group,{{ glob_ldap.base }} ldap_group_editor: "*" # Everyone is editor logos: @@ -14,4 +14,4 @@ logos: where: /usr/share/grafana/public/img/grafana_icon.svg owner: root group: root - mode: '0644' + mode: "0644" diff --git a/group_vars/horde.yml b/group_vars/horde.yml index ec4ce238..6bb6f262 100644 --- a/group_vars/horde.yml +++ b/group_vars/horde.yml @@ -1,6 +1,6 @@ --- glob_horde: - secret: '{{ vault.horde.secret }}' + secret: "{{ vault.horde.secret }}" imap: imap.adm.crans.org smtp: smtp.adm.crans.org maildomain: crans.org diff --git a/group_vars/jitsi.yml b/group_vars/jitsi.yml index 7a9a38ad..7d788691 100644 --- a/group_vars/jitsi.yml +++ b/group_vars/jitsi.yml @@ -2,23 +2,22 @@ # We use embedded Jitsi configuration loc_nginx: servers: [] - glob_jitsi: ip: "{{ query('ldap', 'ip', ansible_hostname, 'srv') }}" hostname: "{{ ansible_hostname }}.crans.org" configuration: - - "liveStreamingEnabled" - - "prejoinPageEnabled" + - liveStreamingEnabled + - prejoinPageEnabled logos: - which: crans_logo_white.svg where: /usr/share/jitsi-meet/images/watermark.svg owner: root group: root - mode: '0644' + mode: "0644" - which: crans_favicon.ico where: /usr/share/jitsi-meet/images/favicon.ico owner: root group: root - mode: '0644' + mode: "0644" diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml index 11175f46..732661fd 100644 --- a/group_vars/keepalived.yml +++ b/group_vars/keepalived.yml @@ -14,29 +14,26 @@ glob_keepalived: - vlan: via ipv4: 138.195.159.250/30 ipv6: - - {ip: '2a0c:b641:2f3::2/64', scope: 'global'} + - { ip: 2a0c:b641:2f3::2/64, scope: global } - vlan: aurore ipv4: 185.230.79.253/29 ipv6: - - {ip: '2a0c:700:28::1/64', scope: 'global'} + - { ip: 2a0c:700:28::1/64, scope: global } - vlan: srv ipv4: 185.230.79.62/26 ipv6: - - {ip: '2a0c:700:2::ff:fe00:9902/64', scope: 'global'} - - {ip: 'fe80::1/64', scope: 'link'} + - { ip: 2a0c:700:2::ff:fe00:9902/64, scope: global } + - { ip: fe80::1/64, scope: link } - vlan: srv_nat ipv4: 172.16.3.99/24 ipv6: - - {ip: '2a0c:700:3::ff:fe00:9903/64', scope: 'global'} - - {ip: 'fe80::1/64', scope: 'link'} + - { ip: 2a0c:700:3::ff:fe00:9903/64, scope: global } + - { ip: fe80::1/64, scope: link } - vlan: adh ipv4: 185.230.78.99/24 ipv6: - - {ip: '2a0c:700:12::ff:fe00:9912/48', scope: 'global'} - - {ip: 'fe80::1/64', scope: 'link'} - # - vlan: ens - # ipv4: 100.84.0.99/16 - # ipv6: 2a0c:700:54::ff:fe00:9954/48 + - { ip: 2a0c:700:12::ff:fe00:9912/48, scope: global } + - { ip: fe80::1/64, scope: link } glob_service_keepalived: name: keepalived diff --git a/group_vars/linx.yml b/group_vars/linx.yml index 4523854c..faebaa6a 100644 --- a/group_vars/linx.yml +++ b/group_vars/linx.yml @@ -1,4 +1,4 @@ --- glob_linx: - siteurl: "https://linx.crans.org/" - name: "CRANS Linx" + siteurl: https://linx.crans.org/ + name: CRANS Linx diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml index 7f1d21ae..58b02722 100644 --- a/group_vars/mailman.yml +++ b/group_vars/mailman.yml @@ -3,83 +3,83 @@ loc_nginx: service_name: mailman3 upstreams: - name: mailman3 - server: "unix:/run/mailman3-web/uwsgi.sock fail_timeout=0" + server: unix:/run/mailman3-web/uwsgi.sock fail_timeout=0 servers: - ssl: false server_name: - - "localhost" + - localhost locations: - - filter: "/" + - filter: / params: - - "uwsgi_pass mailman3" - - "include /etc/nginx/uwsgi_params" + - uwsgi_pass mailman3 + - include /etc/nginx/uwsgi_params - ssl: false default: true server_name: - - "lists.crans.org" + - lists.crans.org locations: - - filter: "/" + - filter: / params: - - "uwsgi_pass mailman3" - - "include /etc/nginx/uwsgi_params" - - "satisfy any" - - "allow 185.230.76.0/22" - - "allow 2a0c:700:0::/40" - - "deny all" - - "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\"" - - "auth_basic_user_file /etc/nginx/passwd" - - "error_page 401 /error/401.html" + - uwsgi_pass mailman3 + - include /etc/nginx/uwsgi_params + - satisfy any + - allow 185.230.76.0/22 + - allow 2a0c:700:0::/40 + - deny all + - auth_basic "On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam." + - auth_basic_user_file /etc/nginx/passwd + - error_page 401 /error/401.html - - filter: "/mailman3/static" + - filter: /mailman3/static params: - - "alias /var/lib/mailman3/web/static" + - alias /var/lib/mailman3/web/static - - filter: "/mailman3/static/favicon.ico" + - filter: /mailman3/static/favicon.ico params: - - "alias /var/lib/mailman3/web/static/postorius/img/favicon.ico" + - alias /var/lib/mailman3/web/static/postorius/img/favicon.ico - - filter: "/error/" + - filter: /error/ params: - - "internal" - - "alias /var/www/html/" + - internal + - alias /var/www/html/ - - filter: "/robots.txt" + - filter: /robots.txt params: - - "alias /var/www/robots.txt" + - alias /var/www/robots.txt auth_passwd: - Stop: "$apr1$NXaV5H7Q$J3ora3Jo5h775Y1nm93PN1" # Spam + Stop: $apr1$NXaV5H7Q$J3ora3Jo5h775Y1nm93PN1 # Spam deploy_robots_file: true glob_mailman3: site_owner: root@crans.org database: - user: "mailman3" + user: mailman3 pass: "{{ vault.mailman3.database.pass }}" host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" port: 5432 - name: "mailman3" + name: mailman3 web_database: - user: "mailman3web" + user: mailman3web pass: "{{ vault.mailman3.web_database.pass }}" host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" port: 5432 - name: "mailman3web" + name: mailman3web restadmin_pass: "{{ vault.mailman3.restadmin_pass }}" archiver_key: "{{ vault.mailman3.archiver_key }}" web_secret_key: "{{ vault.mailman3.web_secret_key }}" web_domains: - - "lists.crans.org" - default_domain: "lists.crans.org" - postfix_domain: "crans.org" + - lists.crans.org + default_domain: lists.crans.org + postfix_domain: crans.org loc_opendkim: - domain: "lists.crans.org" - selector: "lists" + domain: lists.crans.org + selector: lists signing: - "*@lists.crans.org" - sender_headers: "List-Post,Sender,From" + sender_headers: List-Post,Sender,From txt_record: | lists._domainkey IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7jkgGjxZvQDbgFIuqb59lt7O1Jg6DFTSBxFlTfBW+3MF+AFjBR3AZ/UXwDA1vH4UTZqq0fWN6y6wqE/F7+HDjpqZGGuygZWTGVbBxwiKSjc2kq2mz7kLisE3a/jP8kyQDdb7fWrtTw9fxYu+Ygs0744otjRsui/ZK6zbrO8XQfd5UYnj4IGALeIuVFVLmwTY+VL/xWR/UjcfxgAprRfH0ec8PGlrxhpeLhUSJxw3Q6QfTnDsIpWLfJdgxILGa58TmhH6d+faxa1OIP37wswPjkDykmMFsCQJX9P7mXXR0+1FIRhhNpfCRXXj37udbIezDEMfA15rWSoYinPU+x7i6LhfJD7G40p1oDBiaOimZ8D/PUDAtoWRQeFiNOOQmNqDaVwlaOMvIZH2ZFD2I0eJIDb2FBYqhTb5GVyhKPePqT5FZE0s8SXqvYRNUWHuomS79kfo4TC74UPlavIbyCVTFlLi5ujc5RANm/FuH2w3ns1+YAlCeoblzwVdgN+h4/DI5kI88+0Hf+HCfQg+rPQL7ak7Wszo0iWvYUZ8t+IPbNDcVm5YI6koqkWGgfMrC0bDI5r+ZQACK15Fi6x3tV0umhytgRQWG9MyK61diNIc1LFsyL2lD0oOAjlpDlVSpUnXKhjRPq4YdaIojlgGSsWsq8sBhQTCY5DNHUuJLL1iPqsCAwEAAQ==" ; ----- DKIM key lists for lists.crans.org private_key: "{{ vault.opendkim['lists.crans.org'].private_key }}" diff --git a/group_vars/mirror_backend.yml b/group_vars/mirror_backend.yml index 531d60bf..68ce0882 100644 --- a/group_vars/mirror_backend.yml +++ b/group_vars/mirror_backend.yml @@ -10,17 +10,17 @@ glob_ftpsync: targets: - name: main dest: debian - cron_time: "25 1,13" + cron_time: 25 1,13 rsync_host: ftp.fr.debian.org rsync_path: debian - name: security dest: debian-security - cron_time: "40 *" + cron_time: 40 * rsync_host: ftp.fr.debian.org rsync_path: debian-security - name: ubuntu dest: ubuntu - cron_time: "43 5,17" + cron_time: 43 5,17 rsync_host: fr.archive.ubuntu.com rsync_path: ubuntu @@ -29,49 +29,49 @@ glob_rsync_mirror: targets: - name: videolan dest: videolan - cron_time: "03 10,14,18,22,2,6" + cron_time: 03 10,14,18,22,2,6 rsync_host: rsync.videolan.org rsync_path: videolan-ftp - name: debian dest: distributions/linux/debian - cron_time: "00 5" + cron_time: 00 5 rsync_host: cdimage.debian.org rsync_path: cdimage/release - name: debian-cloud dest: distributions/linux/debian/cloud - cron_time: "00 5" + cron_time: 00 5 rsync_host: cdimage.debian.org rsync_path: cdimage/cloud/OpenStack exclude: - archive - name: ubuntu dest: distributions/linux/ubuntu - cron_time: "00 5" + cron_time: 00 5 rsync_host: cdimage.ubuntu.com rsync_path: cdimage/releases - name: xubuntu dest: distributions/linux/xubuntu - cron_time: "00 5" + cron_time: 00 5 rsync_host: cdimage.ubuntu.com rsync_path: cdimage/xubuntu/releases - name: kubuntu dest: distributions/linux/kubuntu - cron_time: "00 5" + cron_time: 00 5 rsync_host: cdimage.ubuntu.com rsync_path: cdimage/kubuntu/releases - name: lubuntu dest: distributions/linux/lubuntu - cron_time: "00 5" + cron_time: 00 5 rsync_host: cdimage.ubuntu.com rsync_path: cdimage/lubuntu/releases - name: ubuntu-mate dest: distributions/linux/ubuntu-mate - cron_time: "00 5" + cron_time: 00 5 rsync_host: cdimage.ubuntu.com rsync_path: cdimage/ubuntu-mate/releases - name: archlinux dest: archlinux - cron_time: "08 3,15" + cron_time: 08 3,15 rsync_host: archlinux.polymorf.fr rsync_path: archlinux/ diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml index 3dc6e157..49ff8568 100644 --- a/group_vars/nginx.yml +++ b/group_vars/nginx.yml @@ -1,7 +1,7 @@ --- glob_nginx: contact: contact@crans.org - who: "L'équipe technique du Cr@ns" + who: L'équipe technique du Cr@ns service_name: service ssl: # Add adm.crans.org if necessary @@ -13,20 +13,19 @@ glob_nginx: - ssl: false # Replace by crans.org or adm.crans.org default: true server_name: - - "default" - - "_" - root: "/var/www/html" + - default + - _ + root: /var/www/html locations: - - filter: "/" + - filter: / params: [] additional_params: [] upstreams: [] - auth_passwd: [] default_server: default_ssl_server: default_ssl_domain: crans.org real_ip_from: - - "172.16.0.0/16" - - "fd00::/56" + - 172.16.0.0/16 + - fd00::/56 deploy_robots_file: false diff --git a/group_vars/opendkim.yml b/group_vars/opendkim.yml index bd730163..3deff7aa 100644 --- a/group_vars/opendkim.yml +++ b/group_vars/opendkim.yml @@ -1,21 +1,21 @@ --- glob_opendkim: - domain: "crans.org" - selector: "mail" + domain: crans.org + selector: mail signing: - "*@crans.org" - "*@crans.fr" - "*@crans.eu" trust: - - "localhost" - - "127.0.0.1" - - "::1" - - "185.230.79.0/26" - - "172.16.3.0/24" - - "172.16.10.0/24" - - "2a0c:700:0:2::/64" - - "2a0c:700:0:3::/64" - - "2a0c:700:0:10::/64" + - localhost + - 127.0.0.1 + - ::1 + - 185.230.79.0/26 + - 172.16.3.0/24 + - 172.16.10.0/24 + - 2a0c:700:0:2::/64 + - 2a0c:700:0:3::/64 + - 2a0c:700:0:10::/64 - "*.crans.org" - "*.crans.fr" - "*.crans.eu" diff --git a/group_vars/printer.yml b/group_vars/printer.yml index da1fb882..9fa07ebb 100644 --- a/group_vars/printer.yml +++ b/group_vars/printer.yml @@ -4,29 +4,29 @@ glob_printer: admins: - ('Root', 'root@crans.org') allowed_hosts: - - 'helloworld.crans.org' - - 'imprimante.crans.org' + - helloworld.crans.org + - imprimante.crans.org email: ssl: false host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}" port: 25 - user: '' - password: '' - from: "root@crans.org" - from_full: "Crans " + user: "" + password: "" + from: root@crans.org + from_full: Crans database: host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" port: 5432 - user: 'helloworld' + user: helloworld password: "{{ vault.printer.django_db_password }}" - name: 'helloworld' + name: helloworld note: - url: 'https://note.crans.org/' - client_id: '{{ vault.printer.note.client_id }}' - client_secret: '{{ vault.printer.note.client_secret }}' + url: https://note.crans.org/ + client_id: "{{ vault.printer.note.client_id }}" + client_secret: "{{ vault.printer.note.client_secret }}" note_id: 2088 - note_alias: 'Crans' - printer_name: 'Lexmark_X950_Series' + note_alias: Crans + printer_name: Lexmark_X950_Series domain: "{{ query('ldap', 'ip', 'printer', 'lp') | ansible.utils.ipv4 | first }}" scan_server: address: "{{ query('ldap', 'ip', ansible_hostname, 'lp') | ansible.utils.ipv4 | first }}" @@ -38,7 +38,7 @@ glob_printer: settings_local_owner: www-data settings_local_group: _nounou ldap: - uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/" + uri: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/ dn_template: uid=%(user)s,ou=passwd,dc=crans,dc=org group_search: ou=group,dc=crans,dc=org read_group: cn=_user,ou=group,dc=crans,dc=org @@ -51,28 +51,28 @@ loc_nginx: - ssl: false default: true server_name: - - "helloworld.crans.org" - - "imprimante.crans.org" + - helloworld.crans.org + - imprimante.crans.org additional_params: - - "client_max_body_size 100M" + - client_max_body_size 100M locations: - - filter: "/static" + - filter: /static params: - - "alias /var/lib/django-printer/static/" + - alias /var/lib/django-printer/static/ - - filter: "/protected/files" + - filter: /protected/files params: - - "internal" - - "alias /var/lib/django-printer/files/" + - internal + - alias /var/lib/django-printer/files/ - - filter: "/doc" + - filter: /doc params: - - "alias /var/www/django-printer-doc/" + - alias /var/www/django-printer-doc/ - - filter: "/" + - filter: / params: - - "uwsgi_pass printer" - - "include /etc/nginx/uwsgi_params" + - uwsgi_pass printer + - include /etc/nginx/uwsgi_params upstreams: - - name: 'printer' - server: 'unix:///var/run/uwsgi/app/django-printer/socket' + - name: printer + server: unix:///var/run/uwsgi/app/django-printer/socket diff --git a/group_vars/prometheus.yml b/group_vars/prometheus.yml index ccd9a040..186ef601 100644 --- a/group_vars/prometheus.yml +++ b/group_vars/prometheus.yml @@ -1,6 +1,5 @@ --- glob_prometheus: {} - glob_ninjabot: config: nick: monitoring diff --git a/group_vars/radius.yml b/group_vars/radius.yml index 09e14fd1..6bb62711 100644 --- a/group_vars/radius.yml +++ b/group_vars/radius.yml @@ -2,23 +2,23 @@ glob_freeradius: realm: crans proxy_to: FEDEREZ - infra_switch: "172.16.33.0/24" - infra_bornes: "172.16.34.0/24" + infra_switch: 172.16.33.0/24 + infra_bornes: 172.16.34.0/24 secret_switch: "{{ vault.radius.secret.switch }}" secret_bornes: "{{ vault.radius.secret.bornes }}" delegations: - name: parangon ipv4: 185.230.78.47 ipv6: 2a0c:700:12:0:67:e5ff:fee9:5 - secret: '{{ vault.radius.secret.federez }}' + secret: "{{ vault.radius.secret.federez }}" server: radius-wifi - name: dodecagon ipv4: 195.154.165.76 ipv6: 2001:bc8:273e::1 - secret: '{{ vault.radius.secret.federez }}' + secret: "{{ vault.radius.secret.federez }}" server: radius-wifi loc_certbot: - mail: root@crans.org certname: crans.org - domains: "crans.org" + domains: crans.org diff --git a/group_vars/re2o.yml b/group_vars/re2o.yml index fe6f777b..7e5954f6 100644 --- a/group_vars/re2o.yml +++ b/group_vars/re2o.yml @@ -5,20 +5,20 @@ glob_re2o: admins: - ('Root', 'root@crans.org') allowed_hosts: - - 're2o.adm.crans.org' - - 'intranet.adm.crans.org' - - 're2o.crans.org' - - 'intranet.crans.org' - - '172.16.10.156' - from_email: "root@crans.org" + - re2o.adm.crans.org + - intranet.adm.crans.org + - re2o.crans.org + - intranet.crans.org + - 172.16.10.156 + from_email: root@crans.org smtp_server: smtp.adm.crans.org ldap: master_password: "{{ vault.slapd.re2o.admin.bindpass }}" - uri: "ldap://re2o-ldap.adm.crans.org/" + uri: ldap://re2o-ldap.adm.crans.org/ dn: "{{ vault.slapd.re2o.admin.binddn }}" database: password: "{{ vault.re2o.database.password }}" - uri: "172.16.10.1" + uri: 172.16.10.1 optional_apps: - api - captcha diff --git a/group_vars/re2o_front.yml b/group_vars/re2o_front.yml index d53e848c..565956dc 100644 --- a/group_vars/re2o_front.yml +++ b/group_vars/re2o_front.yml @@ -15,19 +15,19 @@ service_nginx: - ssl: false server_name: "{{ re2o_front.server_names }}" locations: - - filter: "/static" + - filter: /static params: - - "alias /var/www/re2o/static_files/" - - filter: "/javascript" + - alias /var/www/re2o/static_files/ + - filter: /javascript params: - - "alias /usr/share/javascript/" - - filter: "/media" + - alias /usr/share/javascript/ + - filter: /media params: - - "alias /var/www/re2o/media/" - - filter: "/" + - alias /var/www/re2o/media/ + - filter: / params: - - "uwsgi_pass re2o" - - "include /etc/nginx/uwsgi_params" + - uwsgi_pass re2o + - include /etc/nginx/uwsgi_params upstreams: - name: re2o server: unix:///var/run/uwsgi/app/re2o/re2o.sock diff --git a/group_vars/re2o_ldap.yml b/group_vars/re2o_ldap.yml index 26d5d265..ac3aca1b 100644 --- a/group_vars/re2o_ldap.yml +++ b/group_vars/re2o_ldap.yml @@ -1,7 +1,7 @@ --- glob_re2o_ldap: suffix: dc=crans,dc=org - url: "ldaps://{{ query('ldap', 'ip', 'yson-partou', 'adm') | ansible.utils.ipv4 | first }}:636" + url: ldaps://{{ query('ldap', 'ip', 'yson-partou', 'adm') | ansible.utils.ipv4 | first }}:636 root_password_hash: "{{ vault.slapd.re2o.admin.bindpass_hash }}" certificate: "{{ vault.slapd.re2o.certificate }}" private_key: "{{ vault.slapd.re2o.private_key }}" diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml index fc4dc511..773a67a2 100644 --- a/group_vars/reverseproxy.yml +++ b/group_vars/reverseproxy.yml @@ -2,11 +2,11 @@ loc_certbot: - mail: root@crans.org certname: crans.org - domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu" + domains: crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu loc_service_certbot: config: - "crans.org": + crans.org: zone: _acme-challenge.crans.org server: 172.16.10.147 port: 53 @@ -14,7 +14,7 @@ loc_service_certbot: name: certbot_challenge. secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" algorithm: HMAC-SHA512 - "crans.eu": + crans.eu: zone: _acme-challenge.crans.org server: 172.16.10.147 port: 53 @@ -22,7 +22,7 @@ loc_service_certbot: name: certbot_challenge. secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" algorithm: HMAC-SHA512 - "crans.fr": + crans.fr: zone: _acme-challenge.crans.org server: 172.16.10.147 port: 53 @@ -39,7 +39,6 @@ loc_nginx: cert_key: /etc/letsencrypt/live/crans.org/privkey.pem trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem - glob_reverseproxy: redirect_dnames: - crans.eu @@ -47,54 +46,51 @@ glob_reverseproxy: reverseproxy_sites: # Services web Crans - - {from: belenios.crans.org, to: 172.16.10.111} - - {from: cas.crans.org, to: 172.16.10.120} - - {from: constellation-dev.crans.org, to: 172.16.10.167} - - {from: eclats.crans.org, to: 172.16.10.104} - - {from: ftps.crans.org, to: 172.16.10.113} - - {from: ethercalc.crans.org, to: "172.16.10.133:8000"} - - {from: framadate.crans.org, to: 172.16.10.109} - - {from: galene-token.crans.org, to: "172.16.10.115:3000"} - - {from: grafana.crans.org, to: "172.16.10.121:3000"} - - {from: hedgedoc.crans.org, to: "172.16.10.128:3000"} - - {from: helloworld.crans.org, to: 172.16.10.131} - - {from: horde.crans.org, to: 172.16.10.108} - - {from: imprimante.crans.org, to: 172.16.10.131} - - {from: intranet.crans.org, to: 172.16.10.156} - - {from: linx.crans.org, to: "172.16.10.119:8080"} - - {from: lists.crans.org, to: 172.16.10.110} - - {from: matrix.crans.org, to: "172.16.10.123:8008"} - - {from: mirrors.crans.org, to: 172.16.10.104} - - {from: owncloud.crans.org, to: 172.16.10.136} - - {from: pad.crans.org, to: "172.16.10.130:9001"} - - {from: re2o.crans.org, to: 172.16.10.156} - - {from: re2o-dev.crans.org, to: 172.16.10.166} - - {from: roundcube.crans.org, to: 172.16.10.107} - - {from: tmpad.crans.org, to: "172.16.10.130:9002"} - - {from: webirc.crans.org, to: "172.16.10.31:9000"} - - {from: webmail.crans.org, to: 172.16.10.108} - - {from: wiki.crans.org, to: 172.16.10.161} - - {from: zero.crans.org, to: 172.16.10.130} - - {from: hosts.crans.org, to: 172.16.10.114} - + - { from: belenios.crans.org, to: 172.16.10.111 } + - { from: cas.crans.org, to: 172.16.10.120 } + - { from: constellation-dev.crans.org, to: 172.16.10.167 } + - { from: eclats.crans.org, to: 172.16.10.104 } + - { from: ftps.crans.org, to: 172.16.10.113 } + - { from: ethercalc.crans.org, to: 172.16.10.133:8000 } + - { from: framadate.crans.org, to: 172.16.10.109 } + - { from: galene-token.crans.org, to: 172.16.10.115:3000 } + - { from: grafana.crans.org, to: 172.16.10.121:3000 } + - { from: hedgedoc.crans.org, to: 172.16.10.128:3000 } + - { from: helloworld.crans.org, to: 172.16.10.131 } + - { from: horde.crans.org, to: 172.16.10.108 } + - { from: imprimante.crans.org, to: 172.16.10.131 } + - { from: intranet.crans.org, to: 172.16.10.156 } + - { from: linx.crans.org, to: 172.16.10.119:8080 } + - { from: lists.crans.org, to: 172.16.10.110 } + - { from: matrix.crans.org, to: 172.16.10.123:8008 } + - { from: mirrors.crans.org, to: 172.16.10.104 } + - { from: owncloud.crans.org, to: 172.16.10.136 } + - { from: pad.crans.org, to: 172.16.10.130:9001 } + - { from: re2o.crans.org, to: 172.16.10.156 } + - { from: re2o-dev.crans.org, to: 172.16.10.166 } + - { from: roundcube.crans.org, to: 172.16.10.107 } + - { from: tmpad.crans.org, to: 172.16.10.130:9002 } + - { from: webirc.crans.org, to: 172.16.10.31:9000 } + - { from: webmail.crans.org, to: 172.16.10.108 } + - { from: wiki.crans.org, to: 172.16.10.161 } + - { from: zero.crans.org, to: 172.16.10.130 } + - { from: hosts.crans.org, to: 172.16.10.114 } # Zamok - - {from: amap.crans.org, to: 172.16.10.31} - - {from: bonvivens.crans.org, to: 172.16.10.31} - - {from: perso.crans.org, to: 172.16.10.31} + - { from: amap.crans.org, to: 172.16.10.31 } + - { from: bonvivens.crans.org, to: 172.16.10.31 } + - { from: perso.crans.org, to: 172.16.10.31 } redirect_sites: - - {from: crans.org, to: www.crans.org} - + - { from: crans.org, to: www.crans.org } # Aliases or legacy support - - {from: adopteunpingouin.crans.org, to: install-party.crans.org} - - {from: clubs.crans.org, to: perso.crans.org} - - {from: i-p.crans.org, to: install-party.crans.org} - - {from: pot-vieux.crans.org, to: perso.crans.org/club-vieux} - + - { from: adopteunpingouin.crans.org, to: install-party.crans.org } + - { from: clubs.crans.org, to: perso.crans.org } + - { from: i-p.crans.org, to: install-party.crans.org } + - { from: pot-vieux.crans.org, to: perso.crans.org/club-vieux } # To the wiki - - {from: television.crans.org, to: wiki.crans.org/CransTv} - - {from: tv.crans.org, to: wiki.crans.org/CransTv} - - {from: wikipedia.crans.org, to: wiki.crans.org} + - { from: television.crans.org, to: wiki.crans.org/CransTv } + - { from: tv.crans.org, to: wiki.crans.org/CransTv } + - { from: wikipedia.crans.org, to: wiki.crans.org } static_sites: - autoconfig.crans.org diff --git a/group_vars/roundcube.yml b/group_vars/roundcube.yml index 7d7210ce..89660ccd 100644 --- a/group_vars/roundcube.yml +++ b/group_vars/roundcube.yml @@ -7,16 +7,16 @@ glob_roundcube: mail_domain: crans.org des_key: "{{ vault.roundcube.des_key }}" plugins: - - repo: 'https://gitlab.adm.crans.org/nounous/roundcube-intranet.git' + - repo: https://gitlab.adm.crans.org/nounous/roundcube-intranet.git name: intranet version: HEAD - - repo: 'https://gitlab.adm.crans.org/nounous/roundcube-plugin-filters.git' + - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-filters.git name: filters version: master - - repo: 'https://gitlab.adm.crans.org/nounous/roundcube-plugin-automatic_addressbook.git' + - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-automatic_addressbook.git name: automatic_addressbook version: 0.4.3 - - repo: 'https://gitlab.adm.crans.org/nounous/roundcube-plugin-identity_smtp.git' + - repo: https://gitlab.adm.crans.org/nounous/roundcube-plugin-identity_smtp.git name: identity_smtp version: HEAD - name: zipdownload @@ -32,22 +32,22 @@ glob_roundcube: classic: https://www.crans.org/images/crans_banner.png loc_nginx: - service_name: "roundcube" + service_name: roundcube ssl: [] servers: - server_name: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipwrap + [ansible_hostname, ansible_hostname + '.adm.crans.org'] }}" default: true - root: "/var/lib/roundcube" + root: /var/lib/roundcube locations: - - filter: "~ \\.php$" + - filter: ~ \.php$ params: - - "include snippets/fastcgi-php.conf" - - "fastcgi_buffer_size 128k" - - "fastcgi_buffers 4 256k" - - "fastcgi_busy_buffers_size 256k" - - "fastcgi_pass unix:/var/run/php/php7.4-fpm.sock" - - "include fastcgi_params" + - include snippets/fastcgi-php.conf + - fastcgi_buffer_size 128k + - fastcgi_buffers 4 256k + - fastcgi_busy_buffers_size 256k + - fastcgi_pass unix:/var/run/php/php7.4-fpm.sock + - include fastcgi_params additional_params: - - "index index.php index.htm index.html" - - "try_files $uri $uri/ /index.php?q=$uri&$args" - - "client_max_body_size 10G" + - index index.php index.htm index.html + - try_files $uri $uri/ /index.php?q=$uri&$args + - client_max_body_size 10G diff --git a/group_vars/slapd.yml b/group_vars/slapd.yml index 98995765..ddc62405 100644 --- a/group_vars/slapd.yml +++ b/group_vars/slapd.yml @@ -1,7 +1,7 @@ --- glob_slapd: master_ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" - regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$" + regex: ^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$ replication_credentials: "{{ vault.slapd.tealc.replication_credentials }}" - private_key: "{{ vault.slapd.tealc.private_key }}" + private_key: "{{ vault.slapd.tealc.private_key }}" certificate: "{{ vault.slapd.tealc.certificate }}" diff --git a/group_vars/sssd.yml b/group_vars/sssd.yml index de3a5442..8994a242 100644 --- a/group_vars/sssd.yml +++ b/group_vars/sssd.yml @@ -4,18 +4,18 @@ glob_sssd: domain: tealc.adm.crans.org enumerate: "true" servers: - - "ldaps://{{ query('ldap','ip','tealc','adm') | ansible.utils.ipv4 | first }}/" - - "ldaps://{{ query('ldap','ip','sam','adm') | ansible.utils.ipv4 | first }}/" - - "ldaps://{{ query('ldap','ip','daniel','adm') | ansible.utils.ipv4 | first }}/" - - "ldaps://{{ query('ldap','ip','jack','adm') | ansible.utils.ipv4 | first }}/" - base: "dc=crans,dc=org" + - ldaps://{{ query('ldap','ip','tealc','adm') | ansible.utils.ipv4 | first }}/ + - ldaps://{{ query('ldap','ip','sam','adm') | ansible.utils.ipv4 | first }}/ + - ldaps://{{ query('ldap','ip','daniel','adm') | ansible.utils.ipv4 | first }}/ + - ldaps://{{ query('ldap','ip','jack','adm') | ansible.utils.ipv4 | first }}/ + base: dc=crans,dc=org secondary: domain: re2o-ldap.adm.crans.org enumerate: "false" servers: - - "ldaps://{{ query('ldap','ip','re2o-ldap','adm') | ansible.utils.ipv4 | first }}/" - - "ldaps://{{ query('ldap','ip','terenez','adm') | ansible.utils.ipv4 | first }}/" - base: "dc=crans,dc=org" + - ldaps://{{ query('ldap','ip','re2o-ldap','adm') | ansible.utils.ipv4 | first }}/ + - ldaps://{{ query('ldap','ip','terenez','adm') | ansible.utils.ipv4 | first }}/ + base: dc=crans,dc=org bind: dn: "{{ vault.sssd.secondary_ldap.binddn }}" passwd: "{{ vault.sssd.secondary_ldap.bindpass }}" diff --git a/group_vars/thelounge.yml b/group_vars/thelounge.yml index 8c4c891c..ec101243 100644 --- a/group_vars/thelounge.yml +++ b/group_vars/thelounge.yml @@ -1,7 +1,7 @@ --- glob_thelounge: public: "false" - host: "undefined" + host: undefined reverseProxy: "false" oidentd: "null" irc: @@ -11,16 +11,16 @@ glob_thelounge: password: tls: "true" rejectUnauthorized: "true" - nick: "thelounge%%" - username: "thelounge" - realname: "The Lounge User" + nick: thelounge%% + username: thelounge + realname: The Lounge User join: "#general" ldap_enable: "false" ldap: - url: "ldap://172.16.10.157" - primaryKey: "cn" + url: ldap://172.16.10.157 + primaryKey: cn rootDN: "{{ vault.thelounge.ldap.rootDN }}" rootPassword: "{{ vault.thelounge.ldap.rootPassword }}" - filter: "(objectclass=inetOrgPerson)" - base: "dc=crans,dc=org" - scope: "sub" + filter: (objectclass=inetOrgPerson) + base: dc=crans,dc=org + scope: sub diff --git a/group_vars/viarezo/home_nounou.yml b/group_vars/viarezo/home_nounou.yml index a9a6ed67..8268add5 100644 --- a/group_vars/viarezo/home_nounou.yml +++ b/group_vars/viarezo/home_nounou.yml @@ -7,4 +7,4 @@ loc_home_nounou: name: home_nounou owner: root group: _user - mode: '0750' + mode: "0750" diff --git a/group_vars/viarezo/ssh_known_hosts.yml b/group_vars/viarezo/ssh_known_hosts.yml index a38dade9..eb6e7fe9 100644 --- a/group_vars/viarezo/ssh_known_hosts.yml +++ b/group_vars/viarezo/ssh_known_hosts.yml @@ -2,4 +2,4 @@ loc_service_ssh_known_hosts: config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}" + server: ldaps://{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }} diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml index eec9f781..28a74da6 100644 --- a/group_vars/virtu.yml +++ b/group_vars/virtu.yml @@ -1,8 +1,8 @@ --- glob_debian_images: - cron_timer: '39 06 * * *' - rsync_host: 'eclat.adm.crans.org' - rsync_module: 'mirror' + cron_timer: 39 06 * * * + rsync_host: eclat.adm.crans.org + rsync_module: mirror include_extra_images: false glob_service_proxmox_user: @@ -18,9 +18,9 @@ glob_service_proxmox_user: config: ldap: admin: - uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/" - userBase: "ou=passwd,dc=crans,dc=org" - realm: "pam" + uri: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/ + userBase: ou=passwd,dc=crans,dc=org + realm: pam dependencies: - python3-jinja2 - python3-ldap diff --git a/group_vars/virtu_adh.yml b/group_vars/virtu_adh.yml index c3ad33ea..fdf0cbb0 100644 --- a/group_vars/virtu_adh.yml +++ b/group_vars/virtu_adh.yml @@ -12,13 +12,13 @@ glob_service_proxmox_user: config: ldap: admin: - uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/" - userBase: "ou=passwd,dc=crans,dc=org" - realm: "pam" + uri: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/ + userBase: ou=passwd,dc=crans,dc=org + realm: pam user: - uri: "ldaps://{{ query('ldap', 'ip', 'flirt', 'adm') | ansible.utils.ipv4 | first }}/" - userBase: "ou=users,dc=adh,dc=crans,dc=org" - realm: "pve" + uri: ldaps://{{ query('ldap', 'ip', 'flirt', 'adm') | ansible.utils.ipv4 | first }}/ + userBase: ou=users,dc=adh,dc=crans,dc=org + realm: pve binddn: "{{ vault.ldap_adh_reader.binddn }}" passwd: "{{ vault.ldap_adh_reader.bindpass }}" dependencies: diff --git a/group_vars/vsftpd_mirror.yml b/group_vars/vsftpd_mirror.yml index 892dbecb..6dcfc47a 100644 --- a/group_vars/vsftpd_mirror.yml +++ b/group_vars/vsftpd_mirror.yml @@ -4,4 +4,4 @@ glob_vsftpd_mirror: cert: /etc/letsencrypt/live/crans.org/cert.pem private_key: /etc/letsencrypt/live/crans.org/privkey.pem anonymous: {} - passive: yes + passive: true diff --git a/group_vars/wiki.yml b/group_vars/wiki.yml index 47419505..2b9ed80a 100644 --- a/group_vars/wiki.yml +++ b/group_vars/wiki.yml @@ -8,43 +8,43 @@ loc_nginx: servers: - server_name: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipwrap + [ansible_hostname, ansible_hostname + '.adm.crans.org'] }}" default: true - access_log: "/var/log/nginx/wiki.log combined" - error_log: "/var/log/nginx/wiki.error.log" + access_log: /var/log/nginx/wiki.log combined + error_log: /var/log/nginx/wiki.error.log additional_params: - - "rewrite ^/$ $scheme://wiki.crans.org/PageAccueil" - - "client_max_body_size 15M" + - rewrite ^/$ $scheme://wiki.crans.org/PageAccueil + - client_max_body_size 15M locations: - - filter: "/wiki/" + - filter: /wiki/ params: - - "alias /var/local/wiki/htdocs/" + - alias /var/local/wiki/htdocs/ - - filter: "/robots.txt" + - filter: /robots.txt params: - - "alias /var/local/wiki/robots.txt" + - alias /var/local/wiki/robots.txt - - filter: "/favicon.ico" + - filter: /favicon.ico params: - - "alias /var/local/wiki/favicon.ico" + - alias /var/local/wiki/favicon.ico - - filter: "/www-sitemap.xml" + - filter: /www-sitemap.xml params: - - "alias /var/local/wiki/www-sitemap.xml" + - alias /var/local/wiki/www-sitemap.xml - - filter: "/" + - filter: / params: - - "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket" - - "include uwsgi_params" + - uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket + - include uwsgi_params logos: - which: crans_logo_white.svg where: /var/local/wiki/htdocs/logo.svg owner: root group: www-data - mode: '0644' + mode: "0644" - which: crans_favicon.ico where: /var/local/wiki/favicon.ico owner: root group: www-data - mode: '0644' + mode: "0644" diff --git a/host_vars/backup-ft.adm.crans.org.yml b/host_vars/backup-ft.adm.crans.org.yml index 86d938d7..9d72bc01 100644 --- a/host_vars/backup-ft.adm.crans.org.yml +++ b/host_vars/backup-ft.adm.crans.org.yml @@ -10,11 +10,11 @@ loc_home_nounou: name: home_nounou owner: root group: _user - mode: '0750' + mode: "0750" - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}" mountpoint: /rpool/backup target: /backup name: backup owner: root group: root - mode: '0755' + mode: "0755" diff --git a/host_vars/backup-thot.adm.crans.org.yml b/host_vars/backup-thot.adm.crans.org.yml index 015a6900..12d2ccc2 100644 --- a/host_vars/backup-thot.adm.crans.org.yml +++ b/host_vars/backup-thot.adm.crans.org.yml @@ -10,11 +10,11 @@ loc_home_nounou: name: home_nounou owner: root group: _user - mode: '0750' + mode: "0750" - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}" mountpoint: /rpool/backup target: /backup name: backup owner: root group: root - mode: '0755' + mode: "0755" diff --git a/host_vars/boeing.adm.crans.org.yml b/host_vars/boeing.adm.crans.org.yml index e7d986cb..3e40589f 100644 --- a/host_vars/boeing.adm.crans.org.yml +++ b/host_vars/boeing.adm.crans.org.yml @@ -5,7 +5,7 @@ interfaces: loc_wireguard: tunnels: - - name: "sputnik" + - name: sputnik listen_port: 51820 private_key: "{{ vault.wireguard.boeing.sputnik.privkey }}" table: "off" @@ -16,14 +16,14 @@ loc_wireguard: - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv6 | first }}/128" endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ansible.utils.ipv4 | first }}:51820" post_up: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - - "python3 /var/local/services/proxy/proxy.py --alter" + - sysctl -w net.ipv4.conf.%i.proxy_arp=1 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=1 + - python3 /var/local/services/proxy/proxy.py --alter pre_down: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=0" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0" - - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" - - name: "viarezo" + - sysctl -w net.ipv4.conf.%i.proxy_arp=0 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=0 + - ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy + - name: viarezo listen_port: 51821 private_key: "{{ vault.wireguard.boeing.viarezo.privkey }}" table: "off" @@ -31,17 +31,17 @@ loc_wireguard: - public_key: "{{ vault.wireguard.routeur_ft.pubkey }}" allowed_ips: - "{{ query('ldap', 'network', 'adm') }}" - - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + - fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64 persistent_keepalive: 25 post_up: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - - "python3 /var/local/services/proxy/proxy.py --alter" + - sysctl -w net.ipv4.conf.%i.proxy_arp=1 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=1 + - python3 /var/local/services/proxy/proxy.py --alter pre_down: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=0" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0" - - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" - - name: "aurore" + - sysctl -w net.ipv4.conf.%i.proxy_arp=0 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=0 + - ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy + - name: aurore listen_port: 51822 private_key: "{{ vault.wireguard.boeing.aurore.privkey }}" table: "off" @@ -49,25 +49,25 @@ loc_wireguard: - public_key: "{{ vault.wireguard.routeur_thot.pubkey }}" allowed_ips: - "{{ query('ldap', 'network', 'adm') }}" - - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + - fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64 persistent_keepalive: 25 post_up: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - - "python3 /var/local/services/proxy/proxy.py --alter" + - sysctl -w net.ipv4.conf.%i.proxy_arp=1 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=1 + - python3 /var/local/services/proxy/proxy.py --alter pre_down: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=0" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0" - - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" + - sysctl -w net.ipv4.conf.%i.proxy_arp=0 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=0 + - ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy loc_service_proxy: config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/" - protocol: "proxy" - filter: "adm.crans.org" + server: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/ + protocol: proxy + filter: adm.crans.org proxy: - default: "ens18" - viarezo: "viarezo" - aurore: "aurore" - ovh: "sputnik" + default: ens18 + viarezo: viarezo + aurore: aurore + ovh: sputnik diff --git a/host_vars/constellation-dev.adm.crans.org.yml b/host_vars/constellation-dev.adm.crans.org.yml index ba973a4d..18b23d27 100644 --- a/host_vars/constellation-dev.adm.crans.org.yml +++ b/host_vars/constellation-dev.adm.crans.org.yml @@ -5,28 +5,28 @@ interfaces: loc_constellation: allowed_hosts: - - 'constellation-dev.crans.org' + - constellation-dev.crans.org database: - host: '127.0.0.1' - user: 'constellation-dev' - name: 'constellation-dev' + host: 127.0.0.1 + user: constellation-dev + name: constellation-dev applications: - - 'access' - - 'billing' - - 'debug' - - 'dnsmanager' - - 'firewall' - - 'layers' - - 'management' - - 'member' - - 'topography' - - 'unix' + - access + - billing + - debug + - dnsmanager + - firewall + - layers + - management + - member + - topography + - unix stripe: - private_key: '{{ vault.constellation.stripe.test.private_key }}' - public_key: '{{ vault.constellation.stripe.test.public_key }}' + private_key: "{{ vault.constellation.stripe.test.private_key }}" + public_key: "{{ vault.constellation.stripe.test.public_key }}" note: - url: 'https://note-dev.crans.org/' - client_id: '{{ vault.constellation.note.client_id }}' - client_secret: '{{ vault.constellation.note.client_secret }}' + url: https://note-dev.crans.org/ + client_id: "{{ vault.constellation.note.client_id }}" + client_secret: "{{ vault.constellation.note.client_secret }}" debug: true version: dev diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml index 43c45e8c..7b8c19db 100644 --- a/host_vars/daniel.adm.crans.org.yml +++ b/host_vars/daniel.adm.crans.org.yml @@ -10,4 +10,4 @@ loc_postgres: addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ansible.utils.ipaddr('address') }}" loc_service_proxmox_user: - cron: null + cron: diff --git a/host_vars/eclat.adm.crans.org.yml b/host_vars/eclat.adm.crans.org.yml index cc342837..352c0630 100644 --- a/host_vars/eclat.adm.crans.org.yml +++ b/host_vars/eclat.adm.crans.org.yml @@ -12,11 +12,10 @@ loc_nfs_mount: name: mirror owner: root group: root - mode: '0755' + mode: "0755" loc_ftpsync: {} loc_rsync_mirror: {} - loc_rsyncd: modules: - name: mirror @@ -33,22 +32,22 @@ loc_nginx: ssl: [] servers: - server_name: - - "eclat" - - "eclat.*" - - "eclats" - - "eclats.*" - - "mirror" - - "mirror.*" - - "mirrors" - - "mirrors.*" - root: "/mirror/pub" + - eclat + - eclat.* + - eclats + - eclats.* + - mirror + - mirror.* + - mirrors + - mirrors.* + root: /mirror/pub locations: - - filter: "/" + - filter: / params: - - "autoindex on" - - "autoindex_exact_size off" - - "add_before_body /.html/HEADER.html" - - "add_after_body /.html/FOOTER.html" + - autoindex on + - autoindex_exact_size off + - add_before_body /.html/HEADER.html + - add_after_body /.html/FOOTER.html loc_vsftpd: anonymous: diff --git a/host_vars/gitzly.adm.crans.org.yml b/host_vars/gitzly.adm.crans.org.yml index 13b0558d..99cdeb38 100644 --- a/host_vars/gitzly.adm.crans.org.yml +++ b/host_vars/gitzly.adm.crans.org.yml @@ -13,7 +13,7 @@ loc_certbot: loc_service_certbot: config: - "crans.org": + crans.org: zone: _acme-challenge.crans.org server: 172.16.10.147 port: 53 @@ -21,7 +21,7 @@ loc_service_certbot: name: certbot_challenge. secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" algorithm: HMAC-SHA512 - "adm.crans.org": + adm.crans.org: zone: _acme-challenge.adm.crans.org server: 172.16.10.147 port: 53 @@ -41,12 +41,10 @@ loc_nginx: cert_key: /etc/letsencrypt/live/crans.org/privkey.pem trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem servers: [] - loc_reverseproxy: reverseproxy_sites: - - {from: gitlab.crans.org, to: "127.0.0.1:8000"} - - {from: gitlab.adm.crans.org, to: "127.0.0.1:8000", ssl: adm.crans.org} + - { from: gitlab.crans.org, to: 127.0.0.1:8000 } + - { from: gitlab.adm.crans.org, to: 127.0.0.1:8000, ssl: adm.crans.org } redirect_sites: [] - static_sites: [] diff --git a/host_vars/gulp.adm.crans.org.yml b/host_vars/gulp.adm.crans.org.yml index 4c4ef29d..447d283e 100644 --- a/host_vars/gulp.adm.crans.org.yml +++ b/host_vars/gulp.adm.crans.org.yml @@ -3,4 +3,4 @@ loc_debian_images: include_extra_images: true loc_service_proxmox_user: - cron: null + cron: diff --git a/host_vars/irc.adm.crans.org.yml b/host_vars/irc.adm.crans.org.yml index 1e528069..b7525f24 100644 --- a/host_vars/irc.adm.crans.org.yml +++ b/host_vars/irc.adm.crans.org.yml @@ -4,24 +4,24 @@ interfaces: srv: ens19 loc_nginx: - service_name: "thelounge" + service_name: thelounge servers: - server_name: - - "irc.crans.org" - - "irc" + - irc.crans.org + - irc default: true ssl: crans.org locations: - - filter: "^~ /web/" + - filter: ^~ /web/ params: - - "proxy_pass http://localhost:9000/" - - "include \"/etc/nginx/snippets/options-proxypass.conf\"" - - filter: "~ ^/$" + - proxy_pass http://localhost:9000/ + - include "/etc/nginx/snippets/options-proxypass.conf" + - filter: ~ ^/$ params: - - "return 302 https://irc.crans.org/web/" - - filter: "/" + - return 302 https://irc.crans.org/web/ + - filter: / params: - - "return 302 \"https://wiki.crans.org/VieCrans/UtiliserIrc#Via_l.27interface_web\"" + - return 302 "https://wiki.crans.org/VieCrans/UtiliserIrc#Via_l.27interface_web" loc_thelounge: public: "true" diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml index 59caef34..cd884f47 100644 --- a/host_vars/jack.adm.crans.org.yml +++ b/host_vars/jack.adm.crans.org.yml @@ -10,4 +10,4 @@ loc_postgres: addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ansible.utils.ipaddr('address') }}" loc_service_proxmox_user: - cron: null + cron: diff --git a/host_vars/monitoring.adm.crans.org.yml b/host_vars/monitoring.adm.crans.org.yml index fc4f2a9b..f8308b18 100644 --- a/host_vars/monitoring.adm.crans.org.yml +++ b/host_vars/monitoring.adm.crans.org.yml @@ -11,7 +11,7 @@ loc_prometheus: - job_name: servers file_sd_configs: - files: - - '/etc/prometheus/targets_node.json' + - /etc/prometheus/targets_node.json relabel_configs: - source_labels: [__address__] target_label: __param_target @@ -19,7 +19,7 @@ loc_prometheus: target_label: instance - source_labels: [__param_target] target_label: __address__ - replacement: '$1:9100' + replacement: $1:9100 nginx: file: targets_nginx.json @@ -28,13 +28,13 @@ loc_prometheus: - job_name: nginx file_sd_configs: - files: - - '/etc/prometheus/targets_nginx.json' + - /etc/prometheus/targets_nginx.json relabel_configs: - source_labels: [__address__] target_label: instance - source_labels: [instance] target_label: __address__ - replacement: '$1:9117' + replacement: $1:9117 blackbox: file: targets_blackbox.json @@ -64,7 +64,7 @@ loc_prometheus: - job_name: blackbox file_sd_configs: - files: - - '/etc/prometheus/targets_blackbox.json' + - /etc/prometheus/targets_blackbox.json metrics_path: /probe params: module: [http_2xx] # Look for a HTTP 200 response. @@ -86,7 +86,7 @@ loc_prometheus: - job_name: blackbox_icmp file_sd_configs: - files: - - '/etc/prometheus/targets_icmp.json' + - /etc/prometheus/targets_icmp.json metrics_path: /probe params: module: [icmp] # Look for a ICMP ping @@ -105,13 +105,13 @@ loc_prometheus: config: - job_name: mtail static_configs: - - targets: ["tealc.adm.crans.org"] + - targets: [tealc.adm.crans.org] relabel_configs: - source_labels: [__address__] target_label: instance - source_labels: [instance] target_label: __address__ - replacement: '$1:3903' + replacement: $1:3903 ilo_snmp: file: targets_ilo_snmp.json @@ -120,8 +120,8 @@ loc_prometheus: - job_name: ilo_snmp file_sd_configs: - files: - - '/etc/prometheus/targets_ilo_snmp.json' - metrics_path: '/snmp' + - /etc/prometheus/targets_ilo_snmp.json + metrics_path: /snmp params: module: - ilo @@ -130,17 +130,17 @@ loc_prometheus: target_label: __param_target - source_labels: [__param_target] target_label: instance - - replacement: '127.0.0.1:9116' + - replacement: 127.0.0.1:9116 target_label: __address__ printer_snmp: file: targets_printer.json - targets: ["printer.lp.crans.org"] + targets: [printer.lp.crans.org] config: - job_name: printer_snmp static_configs: - - targets: ["printer.lp.crans.org"] - metrics_path: '/snmp' + - targets: [printer.lp.crans.org] + metrics_path: /snmp params: module: - printer_mib diff --git a/host_vars/odlyd.adm.crans.org.yml b/host_vars/odlyd.adm.crans.org.yml index 4c4ef29d..447d283e 100644 --- a/host_vars/odlyd.adm.crans.org.yml +++ b/host_vars/odlyd.adm.crans.org.yml @@ -3,4 +3,4 @@ loc_debian_images: include_extra_images: true loc_service_proxmox_user: - cron: null + cron: diff --git a/host_vars/owncloud.adm.crans.org.yml b/host_vars/owncloud.adm.crans.org.yml index 0441f9fd..2278573a 100644 --- a/host_vars/owncloud.adm.crans.org.yml +++ b/host_vars/owncloud.adm.crans.org.yml @@ -7,4 +7,4 @@ interfaces: loc_ldap: base_dn: "{{ vault.slapd.re2o.admin.binddn }}" password: "{{ vault.slapd.re2o.admin.bindpass }}" - uri: "ldap://172.16.10.157" + uri: ldap://172.16.10.157 diff --git a/host_vars/ptf.adm.crans.org.yml b/host_vars/ptf.adm.crans.org.yml index c0e5bbb1..f02cd6a8 100644 --- a/host_vars/ptf.adm.crans.org.yml +++ b/host_vars/ptf.adm.crans.org.yml @@ -12,62 +12,62 @@ loc_nfs_mount: name: ftp owner: root group: root - mode: '0755' + mode: "0755" loc_nginx: service_name: ptf ssl: [] servers: - server_name: - - "ptf" - - "ptf.*" - - "ftp" - - "ftp.*" + - ptf + - ptf.* + - ftp + - ftp.* root: /ftp locations: - - filter: "/" + - filter: / params: - - "autoindex on" - - "autoindex_exact_size off" - - "add_before_body /.html/HEADER.html" - - "add_after_body /.html/FOOTER.html" + - autoindex on + - autoindex_exact_size off + - add_before_body /.html/HEADER.html + - add_after_body /.html/FOOTER.html - filter: ~ ^(\/pub)?(\/debian|\/ubuntu|\/archlinux|\/videolan|\/cdimage|\/grafana|\/proxmox|\/distributions)(.*)$ params: - return 301 http://eclat.crans.org$2$3 - - filter: "/events" + - filter: /events params: - - "autoindex on" - - "autoindex_exact_size off" - - "add_before_body /.html/HEADER.html" - - "add_after_body /.html/FOOTER.html" - - "mp4" - - "mp4_buffer_size 1m" - - "mp4_max_buffer_size 5m" + - autoindex on + - autoindex_exact_size off + - add_before_body /.html/HEADER.html + - add_after_body /.html/FOOTER.html + - mp4 + - mp4_buffer_size 1m + - mp4_max_buffer_size 5m - server_name: - - "ptfs" - - "ptfs.*" - - "ftps" - - "ftps.*" + - ptfs + - ptfs.* + - ftps + - ftps.* root: /ftp locations: - - filter: "/" + - filter: / params: - - "autoindex on" - - "autoindex_exact_size off" - - "add_before_body /.html/HEADER.html" - - "add_after_body /.html/FOOTER.html" + - autoindex on + - autoindex_exact_size off + - add_before_body /.html/HEADER.html + - add_after_body /.html/FOOTER.html - filter: ~ ^(\/pub)?(\/debian|\/ubuntu|\/archlinux|\/videolan|\/cdimage|\/grafana|\/proxmox|\/distributions)(.*)$ params: - return 301 https://eclats.crans.org$2$3 - - filter: "/events" + - filter: /events params: - - "autoindex on" - - "autoindex_exact_size off" - - "add_before_body /.html/HEADER.html" - - "add_after_body /.html/FOOTER.html" - - "mp4" - - "mp4_buffer_size 1m" - - "mp4_max_buffer_size 5m" + - autoindex on + - autoindex_exact_size off + - add_before_body /.html/HEADER.html + - add_after_body /.html/FOOTER.html + - mp4 + - mp4_buffer_size 1m + - mp4_max_buffer_size 5m loc_vsftpd: anonymous: diff --git a/host_vars/re2o-dev.adm.crans.org.yml b/host_vars/re2o-dev.adm.crans.org.yml index 3fc6b733..9226f66a 100644 --- a/host_vars/re2o-dev.adm.crans.org.yml +++ b/host_vars/re2o-dev.adm.crans.org.yml @@ -4,4 +4,4 @@ interfaces: srv_nat: eth1 loc_re2o_ldap_replica: - url: "ldaps://{{ query('ldap', 'ip', 'yson-partou', 'adm') | ansible.utils.ipv4 | first }}:636" + url: ldaps://{{ query('ldap', 'ip', 'yson-partou', 'adm') | ansible.utils.ipv4 | first }}:636 diff --git a/host_vars/redisdead.adm.crans.org.yml b/host_vars/redisdead.adm.crans.org.yml index 9bd797c4..6b507e10 100644 --- a/host_vars/redisdead.adm.crans.org.yml +++ b/host_vars/redisdead.adm.crans.org.yml @@ -17,7 +17,7 @@ loc_certbot: loc_service_certbot: config: - "crans.org": + crans.org: zone: _acme-challenge.crans.org server: 172.16.10.147 port: 53 @@ -25,7 +25,7 @@ loc_service_certbot: name: certbot_challenge. secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" algorithm: HMAC-SHA512 - "adm.crans.org": + adm.crans.org: zone: _acme-challenge.adm.crans.org server: 172.16.10.147 port: 53 diff --git a/host_vars/romanesco.adm.crans.org.yml b/host_vars/romanesco.adm.crans.org.yml index 4bbdaaa4..e8f903e6 100644 --- a/host_vars/romanesco.adm.crans.org.yml +++ b/host_vars/romanesco.adm.crans.org.yml @@ -1,8 +1,8 @@ --- interfaces: - name: ens18 - name: ens19 - name: ens20 + adm: ens18 + srv: ens19 + adh: ens20 unbound: verbosity: 1 @@ -10,32 +10,32 @@ unbound: - 0.0.0.0 - ::0 access-control: - - name: "srv" + - name: srv addr: - 185.230.79.0/26 - 2a0c:700:2::/48 policy: allow - - name: "srv-nat" + - name: srv-nat addr: - 172.16.3.0/24 - 2a0c:700:3::/48 policy: allow - - name: "adm" + - name: adm addr: - 172.16.10.0/24 - fd00:0:0:10::/64 policy: allow - - name: "infra" + - name: infra addr: - 172.16.32.0/22 - fd00:0:0:11::/64 policy: allow - - name: "adh" + - name: adh addr: - 185.230.78.0/24 - 2a0c:700:12::/48 policy: allow - - name: "adh-nat" + - name: adh-nat addr: - 100.64.0.0/16 - 2a0c:700:13::/48 diff --git a/host_vars/routeur-daniel.adm.crans.org/bird.yml b/host_vars/routeur-daniel.adm.crans.org/bird.yml index ba338177..4be06249 100644 --- a/host_vars/routeur-daniel.adm.crans.org/bird.yml +++ b/host_vars/routeur-daniel.adm.crans.org/bird.yml @@ -12,7 +12,7 @@ loc_bird: - route 2a0c:700::/32 unreachable bgp: - name: aurore4 - description: "BGP4 session with aurore" + description: BGP4 session with aurore local: asn: crans addr: 185.230.79.253 @@ -21,7 +21,7 @@ loc_bird: addr: 185.230.79.254 ipv4: true - name: aurore6 - description: "BGP6 session with aurore" + description: BGP6 session with aurore local: asn: crans addr: 2a0c:700:28::1 @@ -30,7 +30,7 @@ loc_bird: addr: 2a0c:700:28::2 ipv6: true - name: viarezo4 - description: "BGP4 session with viarezo" + description: BGP4 session with viarezo local: asn: crans addr: 138.195.159.250 @@ -39,7 +39,7 @@ loc_bird: addr: 138.195.159.249 ipv4: true - name: viarezo6 - description: "BGP6 session with viarezo" + description: BGP6 session with viarezo local: asn: crans addr: 2a0c:b641:2f3::2 diff --git a/host_vars/routeur-daniel.adm.crans.org/dhcp.yml b/host_vars/routeur-daniel.adm.crans.org/dhcp.yml index 2acf4c75..83411c1a 100644 --- a/host_vars/routeur-daniel.adm.crans.org/dhcp.yml +++ b/host_vars/routeur-daniel.adm.crans.org/dhcp.yml @@ -2,17 +2,17 @@ loc_dhcp: authoritative: true subnets: - - network: "185.230.78.0/24" + - network: 185.230.78.0/24 deny_unknown: true - vlan: "adh" + vlan: adh default_lease_time: "600" max_lease_time: "7200" - routers: "185.230.78.99" - dns: ["185.230.78.99"] - domain_name: "adh.crans.org" - domain_search: "adh.crans.org" + routers: 185.230.78.99 + dns: [185.230.78.99] + domain_name: adh.crans.org + domain_search: adh.crans.org options: [] - lease_file: "/var/local/services/dhcp/generated/dhcp.adh.crans.org.list" + lease_file: /var/local/services/dhcp/generated/dhcp.adh.crans.org.list loc_service_dhcp: git: diff --git a/host_vars/routeur-daniel.adm.crans.org/prefix_delegation.yml b/host_vars/routeur-daniel.adm.crans.org/prefix_delegation.yml index 3a1973b1..370c1f53 100644 --- a/host_vars/routeur-daniel.adm.crans.org/prefix_delegation.yml +++ b/host_vars/routeur-daniel.adm.crans.org/prefix_delegation.yml @@ -1,5 +1,4 @@ --- - loc_service_prefix_delegation: name: prefix_delegation install_dir: /var/local/services/prefix_delegation @@ -15,6 +14,6 @@ loc_service_prefix_delegation: prefix: "2a0c:700:12::" length: "48" ldap: - server: "ldaps://172.16.10.114" + server: ldaps://172.16.10.114 binddn: "{{ vault.ldap_adh_reader.binddn }}" password: "{{ vault.ldap_adh_reader.bindpass }}" diff --git a/host_vars/routeur-ft.adm.crans.org.yml b/host_vars/routeur-ft.adm.crans.org.yml index 3c12dd40..44c59549 100644 --- a/host_vars/routeur-ft.adm.crans.org.yml +++ b/host_vars/routeur-ft.adm.crans.org.yml @@ -5,7 +5,7 @@ interfaces: loc_wireguard: tunnels: - - name: "boeing" + - name: boeing listen_port: 51820 private_key: "{{ vault.wireguard.routeur_ft.privkey }}" table: "off" @@ -13,25 +13,25 @@ loc_wireguard: - public_key: "{{ vault.wireguard.boeing.viarezo.pubkey }}" allowed_ips: - "{{ query('ldap', 'network', 'adm') }}" - - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + - fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64 endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51821" persistent_keepalive: 25 post_up: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - - "ip route add 172.16.10.1 dev %i proto proxy" - - "python3 /var/local/services/proxy/proxy.py --alter" + - sysctl -w net.ipv4.conf.%i.proxy_arp=1 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=1 + - ip route add 172.16.10.1 dev %i proto proxy + - python3 /var/local/services/proxy/proxy.py --alter pre_down: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=0" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0" - - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" + - sysctl -w net.ipv4.conf.%i.proxy_arp=0 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=0 + - ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy loc_service_proxy: config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/" - protocol: "proxy" - filter: "adm.crans.org" + server: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/ + protocol: proxy + filter: adm.crans.org proxy: - default: "boeing" - viarezo: "ens18" + default: boeing + viarezo: ens18 diff --git a/host_vars/routeur-jack.adm.crans.org/dhcp.yml b/host_vars/routeur-jack.adm.crans.org/dhcp.yml index 2acf4c75..83411c1a 100644 --- a/host_vars/routeur-jack.adm.crans.org/dhcp.yml +++ b/host_vars/routeur-jack.adm.crans.org/dhcp.yml @@ -2,17 +2,17 @@ loc_dhcp: authoritative: true subnets: - - network: "185.230.78.0/24" + - network: 185.230.78.0/24 deny_unknown: true - vlan: "adh" + vlan: adh default_lease_time: "600" max_lease_time: "7200" - routers: "185.230.78.99" - dns: ["185.230.78.99"] - domain_name: "adh.crans.org" - domain_search: "adh.crans.org" + routers: 185.230.78.99 + dns: [185.230.78.99] + domain_name: adh.crans.org + domain_search: adh.crans.org options: [] - lease_file: "/var/local/services/dhcp/generated/dhcp.adh.crans.org.list" + lease_file: /var/local/services/dhcp/generated/dhcp.adh.crans.org.list loc_service_dhcp: git: diff --git a/host_vars/routeur-jack.adm.crans.org/prefix_delegation.yml b/host_vars/routeur-jack.adm.crans.org/prefix_delegation.yml index 3a1973b1..370c1f53 100644 --- a/host_vars/routeur-jack.adm.crans.org/prefix_delegation.yml +++ b/host_vars/routeur-jack.adm.crans.org/prefix_delegation.yml @@ -1,5 +1,4 @@ --- - loc_service_prefix_delegation: name: prefix_delegation install_dir: /var/local/services/prefix_delegation @@ -15,6 +14,6 @@ loc_service_prefix_delegation: prefix: "2a0c:700:12::" length: "48" ldap: - server: "ldaps://172.16.10.114" + server: ldaps://172.16.10.114 binddn: "{{ vault.ldap_adh_reader.binddn }}" password: "{{ vault.ldap_adh_reader.bindpass }}" diff --git a/host_vars/routeur-sam.adm.crans.org/bird.yml b/host_vars/routeur-sam.adm.crans.org/bird.yml index ba338177..4be06249 100644 --- a/host_vars/routeur-sam.adm.crans.org/bird.yml +++ b/host_vars/routeur-sam.adm.crans.org/bird.yml @@ -12,7 +12,7 @@ loc_bird: - route 2a0c:700::/32 unreachable bgp: - name: aurore4 - description: "BGP4 session with aurore" + description: BGP4 session with aurore local: asn: crans addr: 185.230.79.253 @@ -21,7 +21,7 @@ loc_bird: addr: 185.230.79.254 ipv4: true - name: aurore6 - description: "BGP6 session with aurore" + description: BGP6 session with aurore local: asn: crans addr: 2a0c:700:28::1 @@ -30,7 +30,7 @@ loc_bird: addr: 2a0c:700:28::2 ipv6: true - name: viarezo4 - description: "BGP4 session with viarezo" + description: BGP4 session with viarezo local: asn: crans addr: 138.195.159.250 @@ -39,7 +39,7 @@ loc_bird: addr: 138.195.159.249 ipv4: true - name: viarezo6 - description: "BGP6 session with viarezo" + description: BGP6 session with viarezo local: asn: crans addr: 2a0c:b641:2f3::2 diff --git a/host_vars/routeur-sam.adm.crans.org/dhcp.yml b/host_vars/routeur-sam.adm.crans.org/dhcp.yml index 2acf4c75..83411c1a 100644 --- a/host_vars/routeur-sam.adm.crans.org/dhcp.yml +++ b/host_vars/routeur-sam.adm.crans.org/dhcp.yml @@ -2,17 +2,17 @@ loc_dhcp: authoritative: true subnets: - - network: "185.230.78.0/24" + - network: 185.230.78.0/24 deny_unknown: true - vlan: "adh" + vlan: adh default_lease_time: "600" max_lease_time: "7200" - routers: "185.230.78.99" - dns: ["185.230.78.99"] - domain_name: "adh.crans.org" - domain_search: "adh.crans.org" + routers: 185.230.78.99 + dns: [185.230.78.99] + domain_name: adh.crans.org + domain_search: adh.crans.org options: [] - lease_file: "/var/local/services/dhcp/generated/dhcp.adh.crans.org.list" + lease_file: /var/local/services/dhcp/generated/dhcp.adh.crans.org.list loc_service_dhcp: git: diff --git a/host_vars/routeur-sam.adm.crans.org/prefix_delegation.yml b/host_vars/routeur-sam.adm.crans.org/prefix_delegation.yml index 3a1973b1..370c1f53 100644 --- a/host_vars/routeur-sam.adm.crans.org/prefix_delegation.yml +++ b/host_vars/routeur-sam.adm.crans.org/prefix_delegation.yml @@ -1,5 +1,4 @@ --- - loc_service_prefix_delegation: name: prefix_delegation install_dir: /var/local/services/prefix_delegation @@ -15,6 +14,6 @@ loc_service_prefix_delegation: prefix: "2a0c:700:12::" length: "48" ldap: - server: "ldaps://172.16.10.114" + server: ldaps://172.16.10.114 binddn: "{{ vault.ldap_adh_reader.binddn }}" password: "{{ vault.ldap_adh_reader.bindpass }}" diff --git a/host_vars/routeur-thot.adm.crans.org.yml b/host_vars/routeur-thot.adm.crans.org.yml index 9721c565..76597632 100644 --- a/host_vars/routeur-thot.adm.crans.org.yml +++ b/host_vars/routeur-thot.adm.crans.org.yml @@ -5,7 +5,7 @@ interfaces: loc_wireguard: tunnels: - - name: "boeing" + - name: boeing listen_port: 51820 private_key: "{{ vault.wireguard.routeur_thot.privkey }}" table: "off" @@ -13,26 +13,25 @@ loc_wireguard: - public_key: "{{ vault.wireguard.boeing.aurore.pubkey }}" allowed_ips: - "{{ query('ldap', 'network', 'adm') }}" - - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + - fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64 endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51822" persistent_keepalive: 25 post_up: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - - "ip route add 172.16.10.1 dev %i proto proxy" - - "python3 /var/local/services/proxy/proxy.py --alter" + - sysctl -w net.ipv4.conf.%i.proxy_arp=1 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=1 + - ip route add 172.16.10.1 dev %i proto proxy + - python3 /var/local/services/proxy/proxy.py --alter pre_down: - - "sysctl -w net.ipv4.conf.%i.proxy_arp=0" - - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0" - - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy" - + - sysctl -w net.ipv4.conf.%i.proxy_arp=0 + - sysctl -w net.ipv6.conf.%i.proxy_ndp=0 + - ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy loc_service_proxy: config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/" - protocol: "proxy" - filter: "adm.crans.org" + server: ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/ + protocol: proxy + filter: adm.crans.org proxy: - default: "boeing" - aurore: "ens18" + default: boeing + aurore: ens18 diff --git a/host_vars/silice.adm.crans.org.yml b/host_vars/silice.adm.crans.org.yml index f5bf6519..61debd84 100644 --- a/host_vars/silice.adm.crans.org.yml +++ b/host_vars/silice.adm.crans.org.yml @@ -6,25 +6,25 @@ interfaces: loc_bind: options: secondaries: "{{ query('ldap', 'ip', 'sputnik', 'adm') | union(query('ldap', 'ip', 'en7', 'adm')) }}" - key_directory: "/var/cache/bind/keys" + key_directory: /var/cache/bind/keys default: - format: 'generated/%s.db' + format: generated/%s.db type: primary - notify: 'yes' + notify: "yes" dnssec: true zones: - '_acme-challenge.crans.org': + _acme-challenge.crans.org: update_policy: - - 'grant certbot_challenge. name _acme-challenge.crans.org. txt' - format: 'bak.%s' - '_acme-challenge.adm.crans.org': + - grant certbot_challenge. name _acme-challenge.crans.org. txt + format: bak.%s + _acme-challenge.adm.crans.org: update_policy: - - 'grant certbot_adm_challenge. name _acme-challenge.adm.crans.org. txt' - format: 'bak.%s' + - grant certbot_adm_challenge. name _acme-challenge.adm.crans.org. txt + format: bak.%s rfc2136_keys: - 'certbot_challenge.': + certbot_challenge.: algorithm: hmac-sha512 secret: "{{ vault.bind.rfc2136_keys['certbot_challenge.'].secret }}" - 'certbot_adm_challenge.': + certbot_adm_challenge.: algorithm: hmac-sha512 secret: "{{ vault.bind.rfc2136_keys['certbot_adm_challenge.'].secret }}" diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml index 92678fef..84eebb8e 100644 --- a/host_vars/sputnik.adm.crans.org.yml +++ b/host_vars/sputnik.adm.crans.org.yml @@ -10,7 +10,7 @@ postfix: loc_wireguard: tunnels: - - name: "sputnik" + - name: sputnik addresses: - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}/24" - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv6 | first }}/64" @@ -20,10 +20,10 @@ loc_wireguard: - public_key: "{{ vault.wireguard.boeing.sputnik.pubkey }}" allowed_ips: - "{{ query('ldap', 'network', 'adm') }}" - - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" + - fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64 endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51820" post_up: - - "/sbin/ip link set sputnik alias adm" + - /sbin/ip link set sputnik alias adm loc_slapd: ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}" @@ -43,7 +43,7 @@ loc_certbot: loc_service_certbot: config: - "crans.org": + crans.org: zone: _acme-challenge.crans.org server: 172.16.10.147 port: 53 @@ -51,7 +51,7 @@ loc_service_certbot: name: certbot_challenge. secret: "{{ vault.bind.keys['certbot_challenge.'].secret }}" algorithm: HMAC-SHA512 - "adm.crans.org": + adm.crans.org: zone: _acme-challenge.adm.crans.org server: 172.16.10.147 port: 53 @@ -73,46 +73,44 @@ loc_nginx: trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem servers: - server_name: - - "wiki2.crans.org" - ssl: "crans.org" - access_log: "/var/log/nginx/wiki.log combined" - error_log: "/var/log/nginx/wiki.error.log" + - wiki2.crans.org + ssl: crans.org + access_log: /var/log/nginx/wiki.log combined + error_log: /var/log/nginx/wiki.error.log additional_params: - - "rewrite ^/$ $scheme://wiki2.crans.org/PageAccueil" - - "client_max_body_size 15M" + - rewrite ^/$ $scheme://wiki2.crans.org/PageAccueil + - client_max_body_size 15M locations: - - filter: "/wiki" + - filter: /wiki params: - - "alias /var/local/wiki/htdocs/" + - alias /var/local/wiki/htdocs/ - - filter: "/robots.txt" + - filter: /robots.txt params: - - "alias /var/local/wiki/robots.txt" + - alias /var/local/wiki/robots.txt - - filter: "/favicon.ico" + - filter: /favicon.ico params: - - "alias /var/local/wiki/favicon.ico" + - alias /var/local/wiki/favicon.ico - - filter: "/www-sitemap.xml" + - filter: /www-sitemap.xml params: - - "alias /var/local/wiki/www-sitemap.xml" + - alias /var/local/wiki/www-sitemap.xml - - filter: "/" + - filter: / params: - - "uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket" - - "include uwsgi_params" + - uwsgi_pass unix:///var/run/uwsgi/app/moinmoin/socket + - include uwsgi_params loc_reverseproxy: reverseproxy_sites: - - {from: status.crans.org, to: "127.0.0.1:8080"} - - {from: git2.crans.org, to: "127.0.0.1:3000"} - - {from: git2.adm.crans.org, to: "127.0.0.1:3000", ssl: adm.crans.org} + - { from: status.crans.org, to: 127.0.0.1:8080 } + - { from: git2.crans.org, to: 127.0.0.1:3000 } + - { from: git2.adm.crans.org, to: 127.0.0.1:3000, ssl: adm.crans.org } redirect_sites: [] - static_sites: [] - loc_bind: default: type: slave @@ -121,4 +119,4 @@ loc_bind: loc_service_ssh_known_hosts: config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}" + server: ldaps://{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }} diff --git a/host_vars/tealc.adm.crans.org.yml b/host_vars/tealc.adm.crans.org.yml index c84d862b..1274d779 100644 --- a/host_vars/tealc.adm.crans.org.yml +++ b/host_vars/tealc.adm.crans.org.yml @@ -1,32 +1,32 @@ --- -debian_mirror: 'file:/pool/mirror/pub/debian' +debian_mirror: file:/pool/mirror/pub/debian loc_postgres: version: 13 hosts: - db: etherpad user: crans - map: {name: etherpad, system: etherpad, pg: crans} + map: { name: etherpad, system: etherpad, pg: crans } - db: etherpad_tmp user: crans - map: {name: etherpad_tmp, system: etherpad, pg: crans} + map: { name: etherpad_tmp, system: etherpad, pg: crans } - db: horde5 user: www-data - map: {name: horde, system: www-data, pg: www-data} + map: { name: horde, system: www-data, pg: www-data } - db: roundcube user: roundcube - map: {name: webmail, system: www-data, pg: roundcube} - - {db: owncloud, user: owncloud} - - {db: cas, user: cas} - - {db: hedgedoc, user: hedgedoc} - - {db: sqlgrey, user: sqlgrey, method: ident} - - {db: re2o, user: re2o} - - {db: re2o_test, user: re2o} - - {db: constellation-dev, user: constellation-dev} - - {db: mailman3, user: mailman3} - - {db: mailman3web, user: mailman3web} - - {db: all, user: all, subnets: ['127.0.0.1/32', '::1/128'], local: true} - - {db: replication, user: replication, local: true} + map: { name: webmail, system: www-data, pg: roundcube } + - { db: owncloud, user: owncloud } + - { db: cas, user: cas } + - { db: hedgedoc, user: hedgedoc } + - { db: sqlgrey, user: sqlgrey, method: ident } + - { db: re2o, user: re2o } + - { db: re2o_test, user: re2o } + - { db: constellation-dev, user: constellation-dev } + - { db: mailman3, user: mailman3 } + - { db: mailman3web, user: mailman3web } + - { db: all, user: all, subnets: [127.0.0.1/32, "::1/128"], local: true } + - { db: replication, user: replication, local: true } addresses: "['tealc.adm.crans.org'] + {{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipaddr('address') }}" backup: dir: /var/local/db-backup @@ -75,13 +75,13 @@ loc_nginx: ssl: [] servers: - server_name: - - "mirror2" - - "mirror2.*" - root: "/pool/mirror/pub" + - mirror2 + - mirror2.* + root: /pool/mirror/pub locations: - - filter: "/" + - filter: / params: - - "autoindex on" - - "autoindex_exact_size off" - - "add_before_body /.html/HEADER.html" - - "add_after_body /.html/FOOTER.html" + - autoindex on + - autoindex_exact_size off + - add_before_body /.html/HEADER.html + - add_after_body /.html/FOOTER.html diff --git a/host_vars/vol447.adm.crans.org.yml b/host_vars/vol447.adm.crans.org.yml index 556e4ec6..f0837f55 100644 --- a/host_vars/vol447.adm.crans.org.yml +++ b/host_vars/vol447.adm.crans.org.yml @@ -5,7 +5,7 @@ interfaces: loc_wireguard: tunnels: - - name: "gulp" + - name: gulp listen_port: 51820 private_key: "{{ vault.wireguard.vol447.privkey }}" peers: @@ -14,5 +14,7 @@ loc_wireguard: - "{{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv4 | first }}/32" - "{{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }}/128" endpoint: "{{ query('ldap', 'ip', 'freebox', 'srv') | ansible.utils.ipv4 | first }}:51820" - post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }} dev ens18" - post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }} dev ens18" + post_up: sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; + ip neigh add proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }} dev ens18 + post_down: sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; + ip neigh delete proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }} dev ens18 diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml index 514f1fbd..9f00cccb 100644 --- a/host_vars/zamok.adm.crans.org.yml +++ b/host_vars/zamok.adm.crans.org.yml @@ -7,8 +7,8 @@ loc_borg: - /var/lib/mysql loc_thelounge: - host: "\"172.16.10.31\"" - oidentd: "\"/usr/local/lib/thelounge/.oidentd.conf\"" + host: '"172.16.10.31"' + oidentd: '"/usr/local/lib/thelounge/.oidentd.conf"' reverseProxy: "true" ldap_enable: "true" @@ -25,11 +25,11 @@ loc_nfs_mount: name: home owner: root group: root - mode: '0755' + mode: "0755" - ip: 172.16.4.2 mountpoint: /pool/mail target: /var/mail name: var-mail owner: root group: mail - mode: '0755' + mode: "0755" diff --git a/plays/nginx.yml b/plays/nginx.yml index 551f93a0..7ca83867 100755 --- a/plays/nginx.yml +++ b/plays/nginx.yml @@ -4,6 +4,6 @@ - hosts: nginx,!adh_server vars: nginx: "{{ glob_nginx | default({}) | combine(service_nginx | default({}) | combine(loc_nginx | default({}))) }}" - re2o_front: "{{ glob_re2o_front | default({}) | combine(loc_re2o_front | default({})) }}" # necessary for re2o-front + re2o_front: "{{ glob_re2o_front | default({}) | combine(loc_re2o_front | default({})) }}" roles: - nginx diff --git a/roles/anope/tasks/main.yml b/roles/anope/tasks/main.yml index 0397cf74..71c42671 100644 --- a/roles/anope/tasks/main.yml +++ b/roles/anope/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Anope - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -10,7 +10,7 @@ until: apt_result is succeeded - name: Deploy Anope configuration - template: + ansible.builtin.template: src: anope/{{ item }}.j2 dest: /etc/anope/{{ item }} mode: 0640 diff --git a/roles/apt-mirror/tasks/main.yml b/roles/apt-mirror/tasks/main.yml index 6367c476..8168777a 100644 --- a/roles/apt-mirror/tasks/main.yml +++ b/roles/apt-mirror/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install apt-mirror - apt: + ansible.builtin.apt: update_cache: true name: apt-mirror register: apt_result @@ -8,7 +8,7 @@ until: apt_result is succeeded - name: Create mirrors directory - file: + ansible.builtin.file: path: "{{ apt_mirror.root }}/{{ item.host }}" owner: apt-mirror group: mirror @@ -17,7 +17,7 @@ loop: "{{ apt_mirror.targets }}" - name: Create mirror symlink - file: + ansible.builtin.file: # Use relative path to stay modular if the folder is mounted on multiple server at different locations src: "{{ item.host }}/{{ item.symlink }}" dest: "{{ apt_mirror.root }}/{{ item.name }}" @@ -26,17 +26,17 @@ loop: "{{ apt_mirror.targets }}" - name: Copy apt-mirror configurations - template: + ansible.builtin.template: src: apt/mirror.list.j2 dest: /etc/apt/mirror.list - name: Configure apt-mirror cron - template: + ansible.builtin.template: src: cron.d/apt-mirror.j2 dest: /etc/cron.d/apt-mirror - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-apt-mirror mode: 0755 diff --git a/roles/arpproxy/tasks/main.yml b/roles/arpproxy/tasks/main.yml index 0f514893..b54a43cb 100644 --- a/roles/arpproxy/tasks/main.yml +++ b/roles/arpproxy/tasks/main.yml @@ -1,22 +1,22 @@ --- - name: Register proto proxy - lineinfile: + ansible.builtin.lineinfile: path: /etc/iproute2/rt_protos.d/proxy.conf - regexp: "^\\d+ proxy$" + regexp: ^\d+ proxy$ line: "{{ service.proto_id }} {{ service.config.protocol }}" owner: root group: root mode: 0644 - name: Enable IP forward and ARP and NDP proxies - sysctl: + ansible.posix.sysctl: name: "{{ item.name }}" value: "1" - sysctl_file: "/etc/sysctl.d/{{ item.file }}.conf" + sysctl_file: /etc/sysctl.d/{{ item.file }}.conf sysctl_set: true reload: true loop: - - {name: "net.ipv4.ip_forward", file: "10-forwarding"} - - {name: "net.ipv6.conf.all.forwarding", file: "10-forwarding"} - - {name: "net.ipv4.conf.{{ service.main_interface }}.proxy_arp", file: "11-proxy-{{ service.main_interface }}"} - - {name: "net.ipv6.conf.{{ service.main_interface }}.proxy_ndp", file: "11-proxy-{{ service.main_interface }}"} + - { name: net.ipv4.ip_forward, file: 10-forwarding } + - { name: net.ipv6.conf.all.forwarding, file: 10-forwarding } + - { name: "net.ipv4.conf.{{ service.main_interface }}.proxy_arp", file: "11-proxy-{{ service.main_interface }}" } + - { name: "net.ipv6.conf.{{ service.main_interface }}.proxy_ndp", file: "11-proxy-{{ service.main_interface }}" } diff --git a/roles/autoconfig/tasks/main.yml b/roles/autoconfig/tasks/main.yml index 8d6d9b9c..952ed01e 100644 --- a/roles/autoconfig/tasks/main.yml +++ b/roles/autoconfig/tasks/main.yml @@ -1,10 +1,10 @@ --- - name: Create base directory - file: + ansible.builtin.file: path: "{{ autoconfig.path }}/mail" state: directory - name: Deploy autoconfiguration website - template: + ansible.builtin.template: src: mail/config-v1.1.xml.j2 dest: "{{ autoconfig.path }}/mail/config-v1.1.xml" diff --git a/roles/baie/tasks/main.yml b/roles/baie/tasks/main.yml index cef61129..d5d02b28 100644 --- a/roles/baie/tasks/main.yml +++ b/roles/baie/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install ZFS - apt: + ansible.builtin.apt: update_cache: true name: - zfs-dkms @@ -10,7 +10,7 @@ until: apt_result is succeeded - name: Install ifenslave - apt: + ansible.builtin.apt: update_cache: true name: - ifenslave diff --git a/roles/belenios/handlers/main.yml b/roles/belenios/handlers/main.yml index 552e8142..23dd9d71 100644 --- a/roles/belenios/handlers/main.yml +++ b/roles/belenios/handlers/main.yml @@ -1,5 +1,11 @@ --- +- name: Make belenios project + community.general.make: + chdir: /var/local/belenios + target: build-release-server + notify: Restart ocsigenserver + - name: Restart ocsigenserver - systemd: + ansible.builtin.systemd: name: ocsigenserver state: restarted diff --git a/roles/belenios/tasks/main.yml b/roles/belenios/tasks/main.yml index 5b37ad8b..5dd05e93 100644 --- a/roles/belenios/tasks/main.yml +++ b/roles/belenios/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Belenios dependencies from APT - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -40,29 +40,23 @@ until: apt_result is succeeded - name: Start ocsigenserver at boot - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/ocsigenserver regexp: ^LAUNCH_AT_STARTUP= line: LAUNCH_AT_STARTUP=true notify: Restart ocsigenserver - name: Clone belenios into /var/local/belenios - git: + ansible.builtin.git: repo: https://gitlab.inria.fr/belenios/belenios.git dest: /var/local/belenios version: "1.15" force: true + notify: Make belenios project register: git_result -- name: Make belenios project - when: git_result.changed - make: - chdir: /var/local/belenios - target: build-release-server - notify: Restart ocsigenserver - - name: Create belenios data directories - file: + ansible.builtin.file: path: "{{ item }}" owner: ocsigen group: ocsigen @@ -77,7 +71,7 @@ - /var/log/belenios - name: Link belenios directories into proper locations - file: + ansible.builtin.file: src: "{{ item.src }}" path: "{{ item.path }}" owner: root @@ -105,7 +99,7 @@ path: /usr/share/belenios-server - name: Deploy ocsigenserver configuration - template: + ansible.builtin.template: src: ocsigenserver/conf.d/belenios.conf.j2 dest: /etc/ocsigenserver/conf.d/belenios.conf owner: root diff --git a/roles/bind-authoritative/handlers/main.yml b/roles/bind-authoritative/handlers/main.yml index ce766928..95ef49bf 100644 --- a/roles/bind-authoritative/handlers/main.yml +++ b/roles/bind-authoritative/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: systemctl reload bind9.service - systemd: + ansible.builtin.systemd: name: bind9 state: reloaded diff --git a/roles/bind-authoritative/tasks/main.yml b/roles/bind-authoritative/tasks/main.yml index 649d8415..a3160182 100644 --- a/roles/bind-authoritative/tasks/main.yml +++ b/roles/bind-authoritative/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Bind9 - apt: + ansible.builtin.apt: update_cache: true name: bind9 register: apt_result @@ -8,7 +8,7 @@ until: apt_result is succeeded - name: Deploy Bind9 configuration - template: + ansible.builtin.template: src: bind/{{ item }}.j2 dest: /etc/bind/{{ item }} mode: 0640 @@ -23,7 +23,7 @@ notify: systemctl reload bind9.service - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-bind mode: 0755 diff --git a/roles/bind-recursive/handlers/main.yml b/roles/bind-recursive/handlers/main.yml index c6741672..a5b0de35 100644 --- a/roles/bind-recursive/handlers/main.yml +++ b/roles/bind-recursive/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Reload bind9 - systemd: + ansible.builtin.systemd: name: bind9 state: reloaded diff --git a/roles/bind-recursive/tasks/main.yml b/roles/bind-recursive/tasks/main.yml index e45f12c2..665d7b17 100644 --- a/roles/bind-recursive/tasks/main.yml +++ b/roles/bind-recursive/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Bind9 - apt: + ansible.builtin.apt: update_cache: true name: bind9 register: apt_result @@ -8,7 +8,7 @@ until: apt_result is succeeded - name: Deploy Bind9 configuration - template: + ansible.builtin.template: src: bind/{{ item }}.j2 dest: /etc/bind/{{ item }} mode: 0644 diff --git a/roles/bird/handlers/main.yml b/roles/bird/handlers/main.yml deleted file mode 100644 index ce44e9e2..00000000 --- a/roles/bird/handlers/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: check bird status - service_facts: - listen: 'reload bird' - -- name: reload bird - systemd: - name: bird - state: reloaded - when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running' - -- name: check bird6 status - service_facts: - listen: 'reload bird6' - -- name: reload bird6 - systemd: - name: bird6 - state: reloaded - when: not ansible_check_mode and ansible_facts.services['bird6']['state'] == 'running' diff --git a/roles/bird/tasks/main.yml b/roles/bird/tasks/main.yml deleted file mode 100644 index 86f81bf4..00000000 --- a/roles/bird/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: PLEASE STOP - pause: - prompt: "{{ item }}" - loop: - - APPUIE SUR ^C TOUT DE SUITE ET LANCE LE RÔLE BIRD2 ! - - NAN MAIS VRAIMENT - - GENRE ARRÈTE - - ON T'AURA PRÉVENU - -#- name: Install BIRD -# apt: -# update_cache: true -# name: -# - bird -# register: apt_result -# retries: 3 -# until: apt_result is succeeded - -#- name: Deploy bird configuration -# template: -# src: bird/bird.conf.j2 -# dest: /etc/bird/bird.conf -# mode: 0640 -# owner: bird -# group: bird -# notify: reload bird - -#- name: Deploy bird6 configuration -# template: -# src: bird/bird6.conf.j2 -# dest: /etc/bird/bird6.conf -# mode: 0640 -# owner: bird -# group: bird -# notify: reload bird6 diff --git a/roles/bird/templates/bird/bird.conf.j2 b/roles/bird/templates/bird/bird.conf.j2 deleted file mode 100644 index 5c837643..00000000 --- a/roles/bird/templates/bird/bird.conf.j2 +++ /dev/null @@ -1,66 +0,0 @@ -{{ ansible_header | comment }} - -# This is a minimal configuration file, which allows the bird daemon to start -# but will not cause anything else to happen. -# -# Please refer to the documentation in the bird-doc package or BIRD User's -# Guide on http://bird.network.cz/ for more information on configuring BIRD and -# adding routing protocols. - -# Change this into your BIRD router ID. It's a world-wide unique identification -# of your router, usually one of router's IPv4 addresses. -router id {{ bird.ipv4.id }}; - -{% for bind in bird.ipv4.binds %} -listen bgp address {{ bind }} port 179; -{% endfor %} - - -# The Kernel protocol is not a real routing protocol. Instead of communicating -# with other routers in the network, it performs synchronization of BIRD's -# routing tables with the OS kernel. -protocol kernel { -# persist; - scan time 60; - import none; -{% if bird.ipv4.kernel_filter is defined %} - export filter { - if ( net ~ [ {{ bird.ipv4.kernel_filter|join(', ') }} ] ) then reject; - accept; - }; -{% else %} - export all; -{% endif %} -} - -# The Device protocol is not a real routing protocol. It doesn't generate any -# routes and it only serves as a module for getting information about network -# interfaces from the kernel. -protocol device { - scan time 60; -} - -protocol static { -{% for static in bird.ipv4.statics %} - route {{ static }} reject; -{% endfor %} -} - -{% for bgp in bird.ipv4.bgps %} -protocol bgp {{ bgp.name }} { -{% if bgp.local.address is defined %} - local {{ bgp.local.address }} as {{ bgp.local.as }}; -{% else %} - local as {{ bgp.local.as }}; -{% endif %} -{% if bgp.allow_local_as is defined %} - allow local as {{ bgp.allow_local_as }}; -{% endif %} - neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }}; - import all; - export filter { - if ( net ~ [ {{ bgp.allow_export_prefixes|join(', ') }} ] ) then accept; - reject; - }; -} -{% endfor %} diff --git a/roles/bird/templates/bird/bird6.conf.j2 b/roles/bird/templates/bird/bird6.conf.j2 deleted file mode 100644 index 8e02921c..00000000 --- a/roles/bird/templates/bird/bird6.conf.j2 +++ /dev/null @@ -1,65 +0,0 @@ -{{ ansible_header | comment }} - -# This is a minimal configuration file, which allows the bird daemon to start -# but will not cause anything else to happen. -# -# Please refer to the documentation in the bird-doc package or BIRD User's -# Guide on http://bird.network.cz/ for more information on configuring BIRD and -# adding routing protocols. - -# Change this into your BIRD router ID. It's a world-wide unique identification -# of your router, usually one of router's IPv6 addresses. -router id {{ bird.ipv6.id }}; - -{% for bind in bird.ipv6.binds %} -listen bgp address {{ bind }} port 179; -{% endfor %} - -# The Kernel protocol is not a real routing protocol. Instead of communicating -# with other routers in the network, it performs synchronization of BIRD's -# routing tables with the OS kernel. -protocol kernel { -# persist; - scan time 60; - import none; -{% if bird.ipv6.kernel_filter is defined %} - export filter { - if ( net ~ [ {{ bird.ipv6.kernel_filter|join(', ') }} ] ) then reject; - accept; - }; -{% else %} - export all; -{% endif %} -} - -# The Device protocol is not a real routing protocol. It doesn't generate any -# routes and it only serves as a module for getting information about network -# interfaces from the kernel. -protocol device { - scan time 60; -} - -protocol static { -{% for route in bird.ipv6.statics %} - route {{ route }} reject; -{% endfor %} -} - -{%for bgp in bird.ipv6.bgps %} -protocol bgp {{ bgp.name }} { -{% if bgp.local.address is defined %} - local {{ bgp.local.address }} as {{ bgp.local.as }}; -{% else %} - local as {{ bgp.local.as }}; -{% endif %} -{% if bgp.allow_local_as is defined %} - allow local as {{ bgp.allow_local_as }}; -{% endif %} - neighbor {{ bgp.remote.address }} as {{ bgp.remote.as }}; - import all; - export filter { - if ( net ~ [ {{ bgp.allow_export_prefixes|join(', ') }} ] ) then accept; - reject; - }; -} -{% endfor %} diff --git a/roles/bird2/handlers/main.yml b/roles/bird2/handlers/main.yml index 6001124b..fd64b460 100644 --- a/roles/bird2/handlers/main.yml +++ b/roles/bird2/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: systemctl status bird.service - service_facts: + ansible.builtin.service_facts: listen: systemctl reload bird.service - name: systemctl reload bird.service - pause: + ansible.builtin.pause: prompt: |- On a préféré ne pas redemarrer bird automatiquement. Du coup, c'est à toi de t'en occuper: @@ -14,6 +14,6 @@ when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running' - name: systemctl stop bird.service - systemd: + ansible.builtin.systemd: name: bird.service state: stopped diff --git a/roles/bird2/tasks/main.yml b/roles/bird2/tasks/main.yml index 2c0ec3d8..38bb2ec5 100644 --- a/roles/bird2/tasks/main.yml +++ b/roles/bird2/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install BIRD2 - apt: + ansible.builtin.apt: update_cache: true name: - bird2 @@ -10,12 +10,12 @@ notify: systemctl stop bird.service - name: systemctl disable bird.service - systemd: + ansible.builtin.systemd: name: bird.service enabled: false - name: Deploy bird configuration - template: + ansible.builtin.template: src: bird/bird.conf.j2 dest: /etc/bird/bird.conf mode: 0640 diff --git a/roles/borgbackup-client/tasks/main.yml b/roles/borgbackup-client/tasks/main.yml index 2833d6b5..2c86ea92 100644 --- a/roles/borgbackup-client/tasks/main.yml +++ b/roles/borgbackup-client/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Pin borgmatic - template: + ansible.builtin.template: src: apt/{{ item }}.j2 dest: /etc/apt/{{ item }} loop: @@ -12,7 +12,7 @@ - ansible_distribution_release != "bullseye" - name: Don't pin borgmatic if we are on bullseye - file: + ansible.builtin.file: path: /etc/apt/{{ item }} state: absent loop: @@ -23,7 +23,7 @@ - ansible_distribution_release == "bullseye" - name: Install borgbackup - apt: + ansible.builtin.apt: update_cache: true name: - borgbackup @@ -34,21 +34,21 @@ until: apt_result is succeeded - name: Ensures /etc/borgmatic exists - file: + ansible.builtin.file: path: /etc/borgmatic state: directory mode: 0700 owner: root - name: Deploy ssh private key - template: + ansible.builtin.template: src: borgmatic/id_ed25519_borg.j2 dest: /etc/borgmatic/id_ed25519_borg mode: 0600 owner: root - name: Deploy borgmatic config - template: + ansible.builtin.template: src: borgmatic/config.yaml.j2 dest: /etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml mode: 0600 @@ -56,18 +56,18 @@ group: root - name: Init borg repository - command: + ansible.builtin.command: cmd: /usr/bin/borgmatic init -c /etc/borgmatic/config{{ borg.path_suffix | default('') }}.yaml -e repokey register: borg_init changed_when: '"does not exist" in borg_init.stderr' - name: Deploy borg cron - template: + ansible.builtin.template: src: cron.d/borg.j2 dest: /etc/cron.d/borg{{ borg.path_suffix | default('') }} - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/04-service.j2 dest: /etc/update-motd.d/04-borgbackup mode: 0755 diff --git a/roles/borgbackup-server/tasks/main.yml b/roles/borgbackup-server/tasks/main.yml index b728718f..9e53b713 100644 --- a/roles/borgbackup-server/tasks/main.yml +++ b/roles/borgbackup-server/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install borgbackup - apt: + ansible.builtin.apt: update_cache: true name: - borgbackup @@ -10,7 +10,7 @@ until: apt_result is succeeded - name: Create borgbackup user - user: + ansible.builtin.user: create_home: true home: /var/lib/borg/ system: true @@ -19,21 +19,21 @@ name: borg - name: Ensures .ssh dir exists - file: + ansible.builtin.file: path: /var/lib/borg/.ssh state: directory mode: 0700 owner: borg - name: Deploy authorized_keys - template: + ansible.builtin.template: src: authorized_keys.j2 dest: /var/lib/borg/.ssh/authorized_keys mode: 0600 owner: borg - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-borg mode: 0755 diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index 6fe6eb57..74f46b66 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install certbot and RFC2136 plugin - apt: + ansible.builtin.apt: update_cache: true name: - certbot @@ -10,25 +10,25 @@ until: apt_result is succeeded - name: Add dhparam - template: + ansible.builtin.template: src: letsencrypt/dhparam.j2 dest: /etc/letsencrypt/dhparam mode: 0600 - name: Create /etc/letsencrypt/conf.d - file: + ansible.builtin.file: path: /etc/letsencrypt/conf.d state: directory - name: Add Certbot configuration - template: + ansible.builtin.template: src: letsencrypt/conf.d/certname.ini.j2 dest: /etc/letsencrypt/conf.d/{{ item.certname }}.ini mode: 0644 loop: "{{ certbot }}" - name: Run certbot - command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly + ansible.builtin.command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly register: certbot_output changed_when: not "Certificate not yet due for renewal" in certbot_output.stdout loop: "{{ certbot }}" diff --git a/roles/common-tools/tasks/main.yml b/roles/common-tools/tasks/main.yml index 178d6cb8..d1cf6f00 100644 --- a/roles/common-tools/tasks/main.yml +++ b/roles/common-tools/tasks/main.yml @@ -1,46 +1,45 @@ --- - name: Install common tools - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: - - acl # advanced ACL - - apt # better than apt-get + - acl # advanced ACL + - apt # better than apt-get - apt-file - - aptitude # nice to have for Ansible - - bash-completion # because bash - - curl # placeholder + - aptitude # nice to have for Ansible + - bash-completion # because bash + - curl # placeholder - debsums - - emacs-nox # for maman - - git # code versioning - - htop # better than top - - iotop # monitor i/o - - less # i like cats - - lsb-release # needed to autodetect Debian version - - lsscsi # to list SCSI devices - - molly-guard # prevent reboot - - nano # for vulcain - - needrestart # ask to restart services after upgrade - - resolvconf # for dns configuration in network interfaces - - screen # Vulcain asked for this + - emacs-nox # for maman + - git # code versioning + - htop # better than top + - iotop # monitor i/o + - less # i like cats + - lsb-release # needed to autodetect Debian version + - lsscsi # to list SCSI devices + - molly-guard # prevent reboot + - nano # for vulcain + - needrestart # ask to restart services after upgrade + - resolvconf # for dns configuration in network interfaces + - screen # Vulcain asked for this - sudo - - tmux # better than screen - - tree # create a graphical tree of files - - vim # better than nano - - vlock # virtual console lock - - zsh # to be able to ssh @erdnaxe + - tmux # better than screen + - tree # create a graphical tree of files + - vim # better than nano + - vlock # virtual console lock + - zsh # to be able to ssh @erdnaxe register: apt_result retries: 3 until: apt_result is succeeded - name: Clean up unused packages - apt: + ansible.builtin.apt: state: absent name: - - doc-debian # graphical - - debian-faq # graphical - - os-prober # makes grub-install lag - # - oidentd # kill the monster, https://youtu.be/yhNB0vO7FxI + - doc-debian # graphical + - debian-faq # graphical + - os-prober # makes grub-install lag - python3-reportbug - fish - joe @@ -49,7 +48,7 @@ until: apt_result is succeeded - name: Set permissions on screen - file: + ansible.builtin.file: path: /usr/bin/screen owner: root group: utmp @@ -57,7 +56,7 @@ check_mode: false - name: Deploy screen tmpfile - template: + ansible.builtin.template: src: tmpfiles.d/screen-cleanup.conf.j2 dest: /etc/tmpfiles.d/screen-cleanup.conf mode: 0644 diff --git a/roles/constellation-doc/tasks/main.yml b/roles/constellation-doc/tasks/main.yml index 31253733..083330c0 100644 --- a/roles/constellation-doc/tasks/main.yml +++ b/roles/constellation-doc/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Sphinx and RTD theme - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -11,7 +11,7 @@ until: apt_result is succeeded - name: Create documentation directory with good permissions - file: + ansible.builtin.file: path: /var/www/constellation-doc state: directory owner: www-data @@ -19,5 +19,5 @@ mode: u=rwx,g=rwxs,o=rx - name: Build HTML documentation - command: sphinx-build -b dirhtml {{ project_path }}/docs/ /var/www/constellation-doc/ + ansible.builtin.command: sphinx-build -b dirhtml {{ project_path }}/docs/ /var/www/constellation-doc/ become_user: www-data diff --git a/roles/constellation-front/handlers/main.yml b/roles/constellation-front/handlers/main.yml index 73c9606a..04a9e252 100644 --- a/roles/constellation-front/handlers/main.yml +++ b/roles/constellation-front/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart uWSGI - systemd: + ansible.builtin.systemd: name: uwsgi state: restarted diff --git a/roles/constellation-front/tasks/main.yml b/roles/constellation-front/tasks/main.yml index 73d966b5..b714cebf 100644 --- a/roles/constellation-front/tasks/main.yml +++ b/roles/constellation-front/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install some front APT packages - apt: + ansible.builtin.apt: install_recommends: false update_cache: true name: @@ -14,31 +14,31 @@ until: apt_result is succeeded - name: Install some front pip packages - pip: + ansible.builtin.pip: name: - git+https://gitlab.adm.crans.org/nounous/crispy-bootstrap5.git - name: Set data directories in development mode when: constellation.version != "master" - set_fact: + ansible.builtin.set_fact: project_path: /var/local/constellation module_path: /var/local/constellation/constellation - name: Set data directories in production mode when: constellation.version == "master" - set_fact: + ansible.builtin.set_fact: project_path: /usr/local/lib/python3.9/dist-packages/constellation module_path: /usr/local/lib/python3.9/dist-packages/constellation - name: Check front dependencies (production) when: constellation.version == "master" - pip: + ansible.builtin.pip: name: - git+https://gitlab.adm.crans.org/nounous/constellation.git[front] state: latest - name: Install uWSGI - apt: + ansible.builtin.apt: install_recommends: false update_cache: true name: @@ -49,7 +49,7 @@ until: apt_result is succeeded - name: Copy constellation uWSGI app - template: + ansible.builtin.template: src: uwsgi/apps-available/constellation.ini.j2 dest: /etc/uwsgi/apps-available/constellation.ini owner: root @@ -58,7 +58,7 @@ notify: Restart uWSGI - name: Activate constellation uWSGI app - file: + ansible.builtin.file: src: ../apps-available/constellation.ini dest: /etc/uwsgi/apps-enabled/constellation.ini owner: root @@ -69,19 +69,19 @@ # In the future, migrations will be included in the repository. - name: Make Django migrations - django_manage: + community.general.django_manage: command: makemigrations project_path: "{{ project_path }}" notify: Restart uWSGI - name: Migrate database - django_manage: + community.general.django_manage: command: migrate project_path: "{{ project_path }}" notify: Restart uWSGI - name: Create static files directory - file: + ansible.builtin.file: path: /var/lib/constellation/{{ item }} state: directory mode: "2775" @@ -93,7 +93,7 @@ - media - name: Symlink static and media directories (dev) - file: + ansible.builtin.file: src: /var/lib/constellation/{{ item }} dest: /var/local/constellation/{{ item }} state: link @@ -104,7 +104,7 @@ - media - name: Collect static files - django_manage: + community.general.django_manage: command: collectstatic project_path: "{{ project_path }}" notify: Restart uWSGI diff --git a/roles/constellation/tasks/main.yml b/roles/constellation/tasks/main.yml index c8ac9a4c..114d3164 100644 --- a/roles/constellation/tasks/main.yml +++ b/roles/constellation/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Pin Django from Debian bullseye-backports - template: + ansible.builtin.template: src: apt/sources.list.d/bullseye-backports.list.j2 dest: /etc/apt/sources.list.d/bullseye-backports.list - name: Install constellation dependencies - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -22,24 +22,24 @@ until: apt_result is succeeded - name: Install constellation pip dependencies - pip: + ansible.builtin.pip: name: - git+https://gitlab.adm.crans.org/nounous/django-dnsmanager.git - name: Set configuration directories in development mode when: constellation.version != "main" - set_fact: + ansible.builtin.set_fact: module_path: /var/local/constellation/constellation project_path: /var/local/constellation - name: Set configuration directories in production mode when: constellation.version == "main" - set_fact: + ansible.builtin.set_fact: module_path: /usr/local/lib/python3.9/dist-packages/constellation project_path: /usr/local/lib/python3.9/dist-packages/constellation - name: Create constellation directory - file: + ansible.builtin.file: path: /etc/constellation state: directory mode: "2775" @@ -47,7 +47,7 @@ group: "{{ constellation.group }}" - name: Set ACL for constellation directory - acl: + ansible.posix.acl: path: /etc/constellation default: true entity: nounou @@ -58,7 +58,7 @@ - name: Clone constellation repository (development) when: constellation.version != "main" - git: + ansible.builtin.git: repo: https://gitlab.adm.crans.org/nounous/constellation.git dest: "{{ project_path }}" umask: "002" @@ -67,7 +67,7 @@ - name: Install pip module with editable flag (development) when: constellation.version != "main" - pip: + ansible.builtin.pip: name: - "{{ project_path }}" editable: true @@ -75,21 +75,21 @@ - name: Install and upgrade constellation (production) when: constellation.version == "main" - pip: + ansible.builtin.pip: name: - git+https://gitlab.adm.crans.org/nounous/constellation.git state: latest - name: Set owner of cloned project when: constellation.version != "main" - file: + ansible.builtin.file: path: "{{ project_path }}" owner: "{{ constellation.owner }}" group: "{{ constellation.group }}" recurse: true - name: Deploy Constellation settings_local.py - template: + ansible.builtin.template: src: constellation/settings_local.py.j2 dest: /etc/constellation/settings_local.py mode: 0660 @@ -97,14 +97,14 @@ group: "{{ constellation.settings_local_group }}" - name: Symlink configuration file - file: + ansible.builtin.file: src: /etc/constellation/settings_local.py dest: "{{ module_path }}/settings_local.py" state: link - name: Deploy crontab when: constellation.crontab - template: + ansible.builtin.template: src: cron.d/constellation.j2 dest: /etc/cron.d/constellation owner: root @@ -113,31 +113,31 @@ - name: Compile messages when: not constellation.front - django_manage: + community.general.django_manage: command: compilemessages project_path: "{{ project_path }}" # In the future, migrations will be included in the repository. - name: Make Django migrations (non-front app) when: not constellation.front - django_manage: + community.general.django_manage: command: makemigrations project_path: "{{ project_path }}" - name: Migrate database (non-front app) when: not constellation.front - django_manage: + community.general.django_manage: command: migrate project_path: "{{ project_path }}" - name: Load initial data (non-front app) when: not constellation.front - django_manage: + community.general.django_manage: command: loaddata initial project_path: "{{ project_path }}" - name: Indicate constellation in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-constellation mode: 0755 diff --git a/roles/crans-scripts/tasks/main.yml b/roles/crans-scripts/tasks/main.yml index 5f8a57ae..8ea28be2 100644 --- a/roles/crans-scripts/tasks/main.yml +++ b/roles/crans-scripts/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Create scripts directory - file: + ansible.builtin.file: path: "{{ crans_scripts.dest }}" state: directory mode: "2775" @@ -8,7 +8,7 @@ group: "{{ crans_scripts.group }}" - name: Set ACL for scripts directory - acl: + ansible.posix.acl: path: "{{ crans_scripts.dest }}" default: true entity: "{{ crans_scripts.group }}" @@ -18,7 +18,7 @@ when: not ansible_check_mode - name: Clone scripts repository - git: + ansible.builtin.git: repo: "{{ crans_scripts.remote }}" dest: "{{ crans_scripts.dest }}" version: "{{ crans_scripts.version }}" diff --git a/roles/debian-apt-sources/tasks/main.yml b/roles/debian-apt-sources/tasks/main.yml index 24c5fc4e..026299e2 100644 --- a/roles/debian-apt-sources/tasks/main.yml +++ b/roles/debian-apt-sources/tasks/main.yml @@ -1,5 +1,5 @@ --- - name: Configure Debian repositories - template: + ansible.builtin.template: src: apt/sources.list.j2 dest: /etc/apt/sources.list diff --git a/roles/django-cas/handlers/main.yml b/roles/django-cas/handlers/main.yml index ba46876d..e0496180 100644 --- a/roles/django-cas/handlers/main.yml +++ b/roles/django-cas/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart uwsgi - service: + ansible.builtin.service: name: uwsgi state: restarted diff --git a/roles/django-cas/tasks/main.yml b/roles/django-cas/tasks/main.yml index f4906c38..ff3fb882 100644 --- a/roles/django-cas/tasks/main.yml +++ b/roles/django-cas/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install APT dependencies - apt: + ansible.builtin.apt: update_cache: true name: - uwsgi @@ -14,7 +14,7 @@ until: apt_result is succeeded - name: Clone Django CAS project repository - git: + ansible.builtin.git: repo: "{{ django_cas.repo }}" dest: "{{ django_cas.path }}" force: true @@ -22,7 +22,7 @@ umask: "002" - name: Configure Django CAS - template: + ansible.builtin.template: src: cas/settings_local.py.j2 dest: "{{ django_cas.path }}/cas/settings_local.py" mode: 0600 @@ -30,27 +30,27 @@ notify: Restart uwsgi - name: Configure UWSGI app - template: + ansible.builtin.template: src: uwsgi/apps-available/cas.ini.j2 dest: /etc/uwsgi/apps-available/cas.ini mode: 0644 notify: Restart uwsgi - name: Enable uwsgi app - file: + ansible.builtin.file: src: /etc/uwsgi/apps-available/cas.ini dest: /etc/uwsgi/apps-enabled/cas.ini state: link notify: Restart uwsgi - name: Install CAS crons - template: + ansible.builtin.template: src: cron.d/cas.j2 dest: /etc/cron.d/cas mode: 0644 - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-cas mode: 0755 diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index 9a207baa..9d670348 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install dns dependencies - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -12,15 +12,15 @@ until: apt_result is succeeded - name: Create dns directory - file: + ansible.builtin.file: path: /var/local/dns state: directory - mode: '2775' + mode: "2775" owner: root group: _nounou - name: Set ACL for dns directory - acl: + ansible.posix.acl: path: /var/local/dns default: true entity: _nounou @@ -29,13 +29,14 @@ state: query - name: Clone dns repository - git: - repo: 'http://gitlab.adm.crans.org/nounous/dns.git' + ansible.builtin.git: + repo: http://gitlab.adm.crans.org/nounous/dns.git dest: /var/local/dns - umask: '002' + version: main + umask: "002" - name: Deploy re2o config - template: + ansible.builtin.template: src: dns/re2o-config.ini.j2 dest: /var/local/dns/re2o-config.ini mode: 0600 @@ -43,7 +44,7 @@ group: root - name: Create generated directory - file: + ansible.builtin.file: path: /var/cache/bind/generated state: directory mode: 0655 @@ -51,7 +52,7 @@ group: bind - name: Create symbolic link to generated - file: + ansible.builtin.file: src: /var/cache/bind/generated dest: /var/local/dns/generated owner: root @@ -59,6 +60,6 @@ state: link - name: Deploy cron for dns - template: + ansible.builtin.template: src: cron.d/dns.j2 dest: /etc/cron.d/dns diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index fb5c96a4..7630fa30 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: Restart Docker - systemd: + ansible.builtin.systemd: name: docker daemon_reload: true state: restarted diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 5b1e9c4f..f4897a62 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,16 +1,16 @@ --- - name: Install Docker - apt: + ansible.builtin.apt: update_cache: true name: - - docker.io # Warning: Docker package stands for an unrelated project + - docker.io # Warning: Docker package stands for an unrelated project state: present register: apt_result retries: 3 until: apt_result is succeeded - name: Protect adm from Docker containers - template: + ansible.builtin.template: src: systemd/system/docker.service.d/override.conf.j2 dest: /etc/systemd/system/docker.service.d/override.conf owner: root diff --git a/roles/dovecot/handlers/main.yml b/roles/dovecot/handlers/main.yml index 8f8b702c..ac3a7f16 100644 --- a/roles/dovecot/handlers/main.yml +++ b/roles/dovecot/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart dovecot - service: + ansible.builtin.service: name: dovecot state: restarted diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml index 4330b203..17a0860b 100644 --- a/roles/dovecot/tasks/main.yml +++ b/roles/dovecot/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install dovecot - apt: + ansible.builtin.apt: update_cache: true name: - dovecot-imapd @@ -13,7 +13,7 @@ until: apt_result is succeeded - name: Deploy dovecot configuration - template: + ansible.builtin.template: src: dovecot/{{ item }}.j2 dest: /etc/dovecot/{{ item }} loop: diff --git a/roles/dropbear/handlers/main.yml b/roles/dropbear/handlers/main.yml index 1ef3879a..1e235ab8 100644 --- a/roles/dropbear/handlers/main.yml +++ b/roles/dropbear/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: Update initramfs - command: update-initramfs -u + ansible.builtin.command: update-initramfs -u diff --git a/roles/dropbear/tasks/main.yml b/roles/dropbear/tasks/main.yml index 80a2a69c..95c243d8 100644 --- a/roles/dropbear/tasks/main.yml +++ b/roles/dropbear/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install dropbear - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: dropbear-initramfs @@ -9,7 +9,7 @@ until: apt_result is succeeded - name: Configure initramfs network - template: + ansible.builtin.template: src: initramfs-tools/conf.d/10-network.j2 dest: /etc/initramfs-tools/conf.d/10-network owner: root @@ -18,7 +18,7 @@ notify: Update initramfs - name: Deploy configuration - template: + ansible.builtin.template: src: dropbear-initramfs/config.j2 dest: /etc/dropbear-initramfs/config owner: root @@ -27,7 +27,7 @@ notify: Update initramfs - name: Deploy authorized keys - template: + ansible.builtin.template: src: dropbear-initramfs/authorized_keys.j2 dest: /etc/dropbear-initramfs/authorized_keys owner: root diff --git a/roles/ethercalc/tasks/main.yml b/roles/ethercalc/tasks/main.yml index e5e04bfa..a2dd96f9 100644 --- a/roles/ethercalc/tasks/main.yml +++ b/roles/ethercalc/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Redis and NPM - apt: + ansible.builtin.apt: update_cache: true name: - redis-server @@ -11,7 +11,7 @@ until: apt_result is succeeded - name: Install EtherCalc - npm: + community.general.npm: name: ethercalc global: true state: latest @@ -20,19 +20,19 @@ until: npm_result is succeeded - name: Install EtherCalc systemd unit - template: + ansible.builtin.template: src: systemd/system/ethercalc.service.j2 dest: /etc/systemd/system/ethercalc.service - name: Activate EtherCalc service - systemd: + ansible.builtin.systemd: daemon_reload: true name: ethercalc enabled: true state: started - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-ethercalc mode: 0755 diff --git a/roles/etherpad/handlers/main.yml b/roles/etherpad/handlers/main.yml index 7c4abcf2..391ae637 100644 --- a/roles/etherpad/handlers/main.yml +++ b/roles/etherpad/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: Restart Etherpad - systemd: + ansible.builtin.systemd: name: "{{ item.name }}" state: restarted loop: "{{ etherpad.instances }}" diff --git a/roles/etherpad/tasks/main.yml b/roles/etherpad/tasks/main.yml index 28497312..dede8a7a 100644 --- a/roles/etherpad/tasks/main.yml +++ b/roles/etherpad/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Etherpad dependencies - apt: + ansible.builtin.apt: update_cache: true name: - libssl-dev @@ -12,7 +12,7 @@ until: apt_result is succeeded - name: Clone EtherPad - git: + ansible.builtin.git: repo: https://github.com/ether/etherpad-lite.git dest: /var/www/{{ item.name }} version: 1.8.4 @@ -22,7 +22,7 @@ notify: Restart Etherpad - name: Configure EtherPad - template: + ansible.builtin.template: src: etherpad/settings.json.j2 dest: /var/www/{{ item.name }}/settings.json owner: etherpad @@ -32,7 +32,7 @@ notify: Restart Etherpad - name: Install delete_after_delay module - npm: + community.general.npm: name: ep_delete_after_delay path: /var/www/{{ item.name }}/node_modules state: "{% if item.temporary.enabled is defined and item.temporary.enabled %}present{% else %}absent{% endif %}" @@ -42,14 +42,14 @@ notify: Restart Etherpad - name: Install EtherPad systemd unit - template: + ansible.builtin.template: src: systemd/system/etherpad-lite.service.j2 dest: /etc/systemd/system/{{ item.name }}.service loop: "{{ etherpad.instances }}" notify: Restart Etherpad - name: Activate EtherPad service - systemd: + ansible.builtin.systemd: daemon_reload: true name: "{{ item.name }}" enabled: true @@ -57,7 +57,7 @@ loop: "{{ etherpad.instances }}" - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-etherpad mode: 0755 diff --git a/roles/framadate/handlers/main.yml b/roles/framadate/handlers/main.yml index 6deed0cd..06947324 100644 --- a/roles/framadate/handlers/main.yml +++ b/roles/framadate/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart nginx - service: + ansible.builtin.service: name: nginx state: restarted diff --git a/roles/framadate/tasks/main.yml b/roles/framadate/tasks/main.yml index a01a1e52..8ca0c26f 100644 --- a/roles/framadate/tasks/main.yml +++ b/roles/framadate/tasks/main.yml @@ -1,7 +1,7 @@ --- # Setup dependencies - name: Install framadate APT dependencies - apt: + ansible.builtin.apt: update_cache: true name: - nginx @@ -10,7 +10,7 @@ - php-mbstring - php-mysql - composer - - python3-passlib # Necessary for htpasswd module + - python3-passlib # Necessary for htpasswd module - python3-pymysql - mariadb-server register: apt_result @@ -18,7 +18,7 @@ until: apt_result is succeeded - name: Clone framadate project - git: + ansible.builtin.git: repo: "{{ glob_framadate.repo }}" dest: "{{ loc_framadate.path }}" version: "{{ glob_framadate.version }}" @@ -26,7 +26,7 @@ # Cet item là raises forcement un changed à cause du recurse: true # https://github.com/ansible/ansible/issues/32636 - name: Set perms on framadate code - file: + ansible.builtin.file: path: "{{ loc_framadate.path }}" state: directory owner: www-data @@ -34,7 +34,7 @@ recurse: true - name: Install Framadate dependencies - composer: + community.general.composer: command: install working_dir: "{{ loc_framadate.path }}" become: true @@ -44,21 +44,21 @@ until: composer_result is succeeded - name: Create log file - file: + ansible.builtin.file: path: "{{ loc_framadate.path }}/admin/stdout.log" owner: www-data mode: 0600 state: file - name: Configure framadate - template: + ansible.builtin.template: src: framadate/app/inc/config.php.j2 dest: "{{ loc_framadate.path }}/app/inc/config.php" owner: www-data group: www-data - name: Configure admin password - htpasswd: + community.general.htpasswd: path: /etc/nginx/.htpasswd name: "{{ glob_framadate.admin_username }}" password: "{{ glob_framadate.admin_password }}" @@ -67,26 +67,26 @@ mode: 0640 - name: Configure nginx site - template: + ansible.builtin.template: src: nginx/sites-available/framadate.j2 dest: /etc/nginx/sites-available/framadate notify: restart nginx - name: Enable nginx site - file: + ansible.builtin.file: src: /etc/nginx/sites-available/framadate dest: /etc/nginx/sites-enabled/framadate state: link notify: restart nginx - name: Create the database - mysql_db: + community.mysql.mysql_db: login_unix_socket: /var/run/mysqld/mysqld.sock name: framadate state: present - name: Grant access right to framadate - mysql_user: + community.mysql.mysql_user: login_unix_socket: /var/run/mysqld/mysqld.sock name: framadate password: "{{ glob_framadate.db_password }}" @@ -94,7 +94,7 @@ state: present - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-framadate mode: 0755 diff --git a/roles/freeradius/handlers/main.yml b/roles/freeradius/handlers/main.yml index 127e032e..e8348331 100644 --- a/roles/freeradius/handlers/main.yml +++ b/roles/freeradius/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart freeradius - systemd: + ansible.builtin.systemd: name: freeradius state: restarted diff --git a/roles/freeradius/tasks/main.yml b/roles/freeradius/tasks/main.yml index b33e7cc7..50a7cb00 100644 --- a/roles/freeradius/tasks/main.yml +++ b/roles/freeradius/tasks/main.yml @@ -1,16 +1,16 @@ --- - name: Add buster-backports to apt sources - apt_repository: + ansible.builtin.apt_repository: repo: deb {{ debian_mirror }} buster-backports main state: present - name: Pin freeradius from backports - template: + ansible.builtin.template: src: apt/preferences.d/freeradius_python3.j2 dest: /etc/apt/preferences.d/freeradius_python3 - name: Install freeradius - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -24,7 +24,7 @@ until: apt_result is succeeded - name: Deploy freeradius configuration - template: + ansible.builtin.template: src: freeradius/3.0/{{ item }}.j2 dest: /etc/freeradius/3.0/{{ item }} owner: freerad @@ -40,7 +40,7 @@ notify: Restart freeradius - name: Bring auth.py from re2o - file: + ansible.builtin.file: src: /var/www/re2o/freeradius_utils/auth.py dest: /etc/freeradius/3.0/auth.py state: link @@ -48,13 +48,13 @@ notify: Restart freeradius - name: Ensure ${certdir}/letsencrypt directory exists - file: + ansible.builtin.file: path: /etc/freeradius/3.0/certs/letsencrypt state: directory recurse: true - name: Symlink radius certificates - file: + ansible.builtin.file: src: /etc/letsencrypt/live/crans.org/{{ item }} dest: /etc/freeradius/3.0/certs/letsencrypt/{{ item }} state: link @@ -64,7 +64,7 @@ - privkey.pem - name: Set permissions on certificates - file: + ansible.builtin.file: path: /etc/letsencrypt/{{ item }} group: freerad mode: "0755" diff --git a/roles/ftpsync/tasks/main.yml b/roles/ftpsync/tasks/main.yml index 208cbaa1..d6668ea6 100644 --- a/roles/ftpsync/tasks/main.yml +++ b/roles/ftpsync/tasks/main.yml @@ -2,7 +2,7 @@ # For installation instruction, see /usr/share/doc/ftpsync/README.md.gz # Not everything is up to date in this README, be careful! - name: Install ftpsync - apt: + ansible.builtin.apt: update_cache: true name: ftpsync register: apt_result @@ -11,13 +11,13 @@ # cron run as mirror user - name: Add the mirror user - user: + ansible.builtin.user: name: mirror - home: /var/mirror # unused, should be something empty + home: /var/mirror # unused, should be something empty shell: /bin/false - name: Create /etc/ftpsync directory - file: + ansible.builtin.file: path: "{{ item }}" owner: root group: root @@ -28,7 +28,7 @@ - "{{ ftpsync.root }}/.html" - name: Create root directory - file: + ansible.builtin.file: path: "{{ ftpsync.root }}" owner: mirror group: mirror @@ -36,24 +36,24 @@ state: directory - name: Copy ftpsync configurations - template: + ansible.builtin.template: src: ftpsync.conf.j2 dest: /etc/ftpsync/ftpsync-{{ item.name }}.conf loop: "{{ ftpsync.targets }}" - name: Configure ftpsync cron - template: + ansible.builtin.template: src: ftpsync-cron.j2 dest: /etc/cron.d/ftpsync - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-ftpsync mode: 0755 - name: Copy configuration files - template: + ansible.builtin.template: src: html/{{ item }}.j2 dest: "{{ ftpsync.root }}/.html/{{ item }}" mode: 0644 diff --git a/roles/galene/handlers/main.yml b/roles/galene/handlers/main.yml index cf0b5792..11d8bd8d 100644 --- a/roles/galene/handlers/main.yml +++ b/roles/galene/handlers/main.yml @@ -1,5 +1,13 @@ --- +- name: Build galene + ansible.builtin.command: + cmd: go build -ldflags='-s -w' + chdir: /var/local/galene + environment: + CGO_ENABLED: 0 + notify: Restart galène + - name: Restart galène - systemd: + ansible.builtin.systemd: name: galene state: restarted diff --git a/roles/galene/tasks/main.yml b/roles/galene/tasks/main.yml index ee33d0a6..ee756e88 100644 --- a/roles/galene/tasks/main.yml +++ b/roles/galene/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install golang and git - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -11,14 +11,14 @@ until: apt_result is succeeded - name: Create galene account - user: + ansible.builtin.user: name: galene comment: Galène home: "" create_home: false - name: Create Galène directory - file: + ansible.builtin.file: path: /var/local/galene state: directory owner: galene @@ -26,24 +26,15 @@ mode: u+rw,g+rws,o+r - name: Clone Galène - git: + ansible.builtin.git: repo: https://github.com/jech/galene.git dest: /var/local/galene version: galene-0.3.5 - register: git_result + notify: Build galene become_user: galene -- name: Build galene - when: git_result.changed - shell: go build -ldflags='-s -w' - args: - chdir: /var/local/galene - environment: - CGO_ENABLED: 0 - notify: Restart galène - - name: Make Galène configuration directory - file: + ansible.builtin.file: path: /var/lib/galene/groups state: directory owner: galene @@ -51,7 +42,7 @@ mode: 0775 - name: Link groups file into /etc - file: + ansible.builtin.file: src: /var/lib/galene/groups dest: /var/local/galene/groups state: link @@ -59,12 +50,13 @@ group: galene - name: Deploy custom static files - git: + ansible.builtin.git: repo: https://gitlab.adm.crans.org/nounous/galene-static.git dest: /var/www/galene-static + version: master - name: Install systemd unit - template: + ansible.builtin.template: src: systemd/system/galene.service.j2 dest: /etc/systemd/system/galene.service owner: root @@ -73,14 +65,14 @@ notify: Restart galène - name: Enable systemd unit - systemd: + ansible.builtin.systemd: name: galene enabled: true daemon_reload: true state: started - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-galene mode: 0755 diff --git a/roles/gitlab-runner/tasks/main.yml b/roles/gitlab-runner/tasks/main.yml index 8ee0eafe..dc44c0ff 100644 --- a/roles/gitlab-runner/tasks/main.yml +++ b/roles/gitlab-runner/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install apt-transport-https - apt: + ansible.builtin.apt: update_cache: true name: - apt-transport-https @@ -15,7 +15,7 @@ # Add the key - name: Configure Gitlab apt key - apt_key: + ansible.builtin.apt_key: url: https://packages.gitlab.com/runner/gitlab-runner/gpgkey id: F6403F6544A38863DAA0B6E03F01618A51312F3F state: present @@ -25,12 +25,12 @@ # Add the repository into source list - name: Configure Gitlab repository - apt_repository: + ansible.builtin.apt_repository: repo: deb https://packages.gitlab.com/runner/gitlab-runner/debian/ buster main state: present - name: Install gitlab-runner - apt: + ansible.builtin.apt: update_cache: true name: gitlab-runner state: present diff --git a/roles/gitlab/handlers/main.yml b/roles/gitlab/handlers/main.yml index cf8b6429..8e6047a0 100644 --- a/roles/gitlab/handlers/main.yml +++ b/roles/gitlab/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: Reconfigure Gitlab - command: gitlab-ctl reconfigure + ansible.builtin.command: gitlab-ctl reconfigure diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml index 65d0e1da..6289c647 100644 --- a/roles/gitlab/tasks/main.yml +++ b/roles/gitlab/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install GPG and apt-transport-https - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -11,11 +11,11 @@ until: apt_result is succeeded - name: Import Gitlab public key - apt_key: + ansible.builtin.apt_key: url: https://packages.gitlab.com/gitlab/gitlab-ee/gpgkey - name: Configure Gitlab repository - template: + ansible.builtin.template: src: apt/sources.list.d/gitlab_gitlab-ce.list.j2 dest: /etc/apt/sources.list.d/gitlab_gitlab-ce.list mode: 0644 @@ -23,7 +23,7 @@ group: root - name: Install Gitlab - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -33,7 +33,7 @@ until: apt_result is succeeded - name: Add Gitlab configuration - template: + ansible.builtin.template: src: gitlab.rb.j2 dest: /etc/gitlab/gitlab.rb mode: 0600 diff --git a/roles/grafana/handlers/main.yml b/roles/grafana/handlers/main.yml index cbd4ffd0..3394f7ee 100644 --- a/roles/grafana/handlers/main.yml +++ b/roles/grafana/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart grafana - service: + ansible.builtin.service: name: grafana-server state: restarted diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index 89201e19..a5f4d63f 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Import Grafana GPG signing key - apt_key: + ansible.builtin.apt_key: url: https://packages.grafana.com/gpg.key state: present validate_certs: false @@ -9,13 +9,13 @@ until: apt_key_result is succeeded - name: Add Grafana repository - apt_repository: + ansible.builtin.apt_repository: repo: deb http://mirror.adm.crans.org/grafana/oss/deb stable main state: present update_cache: true - name: Install Grafana - apt: + ansible.builtin.apt: name: grafana state: present register: apt_result @@ -23,7 +23,7 @@ until: apt_result is succeeded - name: Configure Grafana - ini_file: + community.general.ini_file: path: /etc/grafana/grafana.ini section: "{{ item.section }}" option: "{{ item.option }}" @@ -60,7 +60,7 @@ - section: auth.anonymous option: hide_version value: "true" - - section: auth.basic # Only LDAP auth + - section: auth.basic # Only LDAP auth option: enabled value: "false" - section: auth.ldap @@ -72,21 +72,21 @@ notify: Restart grafana - name: Configure Grafana LDAP - template: + ansible.builtin.template: src: ldap.toml.j2 dest: /etc/grafana/ldap.toml mode: 0640 notify: Restart grafana - name: Enable and start Grafana - systemd: + ansible.builtin.systemd: name: grafana-server enabled: true state: started daemon_reload: true - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-grafana mode: 0755 diff --git a/roles/horde/handlers/main.yml b/roles/horde/handlers/main.yml index 5a2a60a3..09ab494e 100644 --- a/roles/horde/handlers/main.yml +++ b/roles/horde/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart nginx - service: + ansible.builtin.service: name: nginx.service state: restarted diff --git a/roles/horde/tasks/main.yml b/roles/horde/tasks/main.yml index 8cb36f53..ce523f6a 100644 --- a/roles/horde/tasks/main.yml +++ b/roles/horde/tasks/main.yml @@ -1,10 +1,10 @@ --- # Setup dependencies - name: Install horde APT dependencies - apt: + ansible.builtin.apt: update_cache: true name: "{{ item }}" - loop: # Install dependencies in the right order. + loop: # Install dependencies in the right order. - nginx - php-fpm - php-horde-webmail @@ -15,7 +15,7 @@ until: apt_result is succeeded - name: Configure horde - template: + ansible.builtin.template: src: "{{ item }}.j2" dest: /etc/{{ item }} owner: www-data @@ -26,7 +26,7 @@ - horde/imp/backends.php - name: Enable horde plugins - template: + ansible.builtin.template: src: horde/{{ item }}/conf.php.j2 dest: /etc/horde/{{ item }}/conf.php owner: www-data @@ -43,7 +43,7 @@ - turba - name: Configure nginx site - template: + ansible.builtin.template: src: "{{ item }}.j2" dest: /etc/{{ item }} owner: root @@ -56,7 +56,7 @@ notify: Restart nginx - name: Enable nginx site - file: + ansible.builtin.file: src: /etc/nginx/sites-available/{{ item }} dest: /etc/nginx/sites-enabled/{{ item }} state: link @@ -66,7 +66,7 @@ notify: Restart nginx - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-horde mode: 0755 diff --git a/roles/inspircd/handlers/main.yml b/roles/inspircd/handlers/main.yml index 2a02fe19..64c8e911 100644 --- a/roles/inspircd/handlers/main.yml +++ b/roles/inspircd/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Reload InspIRCd - service: + ansible.builtin.service: name: inspircd state: reloaded diff --git a/roles/inspircd/tasks/main.yml b/roles/inspircd/tasks/main.yml index 5a1a6dd1..539a829b 100644 --- a/roles/inspircd/tasks/main.yml +++ b/roles/inspircd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Deploy InspIRCd configuration - template: + ansible.builtin.template: src: inspircd/{{ item.dest }}.j2 dest: /etc/inspircd/{{ item.dest }} mode: "{{ item.mode }}" @@ -16,7 +16,7 @@ notify: Reload InspIRCd - name: Deploy certificate refresh CRON - template: + ansible.builtin.template: src: cron.monthly/irc-certs.j2 dest: /etc/cron.monthly/irc-certs mode: 0755 diff --git a/roles/irker/handlers/main.yml b/roles/irker/handlers/main.yml index 40d97cb4..476d4ef9 100644 --- a/roles/irker/handlers/main.yml +++ b/roles/irker/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Reload irker - systemd: + ansible.builtin.systemd: name: irkerd state: restarted diff --git a/roles/irker/tasks/main.yml b/roles/irker/tasks/main.yml index f0efd019..4abf8af2 100644 --- a/roles/irker/tasks/main.yml +++ b/roles/irker/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Pin irker from Debian Bullseye - template: + ansible.builtin.template: src: apt/{{ item }}.j2 dest: /etc/apt/{{ item }} loop: @@ -12,7 +12,7 @@ - ansible_distribution_release != "bullseye" - name: Don't pin irker if we are on bullseye - file: + ansible.builtin.file: path: /etc/apt/{{ item }} state: absent loop: @@ -24,7 +24,7 @@ - ansible_distribution_release == "bullseye" - name: Install Irker for IRC support - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -34,7 +34,7 @@ until: apt_result is succeeded - name: Setup Irker parameters - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/irker regexp: ^IRKER_OPTIONS= line: IRKER_OPTIONS="-n {{ irker.name }} -d warning" diff --git a/roles/isc-dhcp-server/handlers/main.yml b/roles/isc-dhcp-server/handlers/main.yml index f1902c01..4c00835e 100644 --- a/roles/isc-dhcp-server/handlers/main.yml +++ b/roles/isc-dhcp-server/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: check isc-dhcp-server - service_facts: + ansible.builtin.service_facts: listen: restart isc-dhcp-server - name: restart dhcp server - systemd: + ansible.builtin.systemd: name: isc-dhcp-server state: restarted listen: restart isc-dhcp-server diff --git a/roles/isc-dhcp-server/tasks/main.yml b/roles/isc-dhcp-server/tasks/main.yml index 95dc16d8..58a84a76 100644 --- a/roles/isc-dhcp-server/tasks/main.yml +++ b/roles/isc-dhcp-server/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install isc-dhcp-server - apt: + ansible.builtin.apt: update_cache: true name: isc-dhcp-server state: present @@ -9,7 +9,7 @@ until: apt_result is succeeded - name: Configure /etc/default/isc-dhcp-server - template: + ansible.builtin.template: src: default/isc-dhcp-server.j2 dest: /etc/default/isc-dhcp-server mode: 0600 @@ -17,7 +17,7 @@ - restart isc-dhcp-server - name: Configure isc-dhcp-server - template: + ansible.builtin.template: src: dhcp/dhcpd.conf.j2 dest: /etc/dhcp/dhcpd.conf mode: 0600 diff --git a/roles/jitsi/tasks/main.yml b/roles/jitsi/tasks/main.yml index 56be2f63..5f38fcc1 100644 --- a/roles/jitsi/tasks/main.yml +++ b/roles/jitsi/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install GPG dependencies - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -11,18 +11,18 @@ until: apt_result is succeeded - name: Define host - lineinfile: + ansible.builtin.lineinfile: path: /etc/hosts regexp: ^{{ item }} line: "{{ item }} {{ jitsi.hostname }}" loop: "{{ jitsi.ip }}" - name: Import public key of Jitsi repository - apt_key: + ansible.builtin.apt_key: url: https://download.jitsi.org/jitsi-key.gpg.key - name: Configure Jitsi repository - template: + ansible.builtin.template: src: apt/sources.list.d/jitsi.list.j2 dest: /etc/apt/sources.list.d/jitsi.list mode: 0644 @@ -30,7 +30,7 @@ group: root - name: Configure debian questions - debconf: + ansible.builtin.debconf: name: "{{ item.name }}" question: "{{ item.question }}" value: "{{ item.value }}" @@ -54,7 +54,7 @@ vtype: string - name: Install Jitsi-meet - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -64,14 +64,14 @@ until: apt_result is succeeded - name: Apply Jitsi configuration - lineinfile: + ansible.builtin.lineinfile: path: /etc/jitsi/meet/{{ jitsi.hostname }}-config.js regexp: "{{ item }}" line: " {{ item }}: true," loop: "{{ jitsi.configuration }}" - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-jitsi mode: 0755 diff --git a/roles/keepalived/handlers/main.yml b/roles/keepalived/handlers/main.yml index e4806543..57382843 100644 --- a/roles/keepalived/handlers/main.yml +++ b/roles/keepalived/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Reload keepalived.service - service: + ansible.builtin.service: name: keepalived.service state: reloaded diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml index b493b344..82def1b4 100644 --- a/roles/keepalived/tasks/main.yml +++ b/roles/keepalived/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install keepalived - apt: + ansible.builtin.apt: update_cache: true name: keepalived register: apt_result @@ -8,14 +8,14 @@ until: apt_result is succeeded - name: Deploy keepalived configuration - template: + ansible.builtin.template: src: keepalived/keepalived.conf.j2 dest: /etc/keepalived/keepalived.conf mode: 0644 notify: Reload keepalived.service - name: Create keepalived service directory for systemd - file: + ansible.builtin.file: path: /etc/systemd/system/keepalived.service.d owner: root group: root @@ -23,7 +23,7 @@ state: directory - name: Override keepalived StopPost to stop some services after keepalived switch - template: + ansible.builtin.template: src: systemd/system/keepalived.service.d/override.conf.j2 dest: /etc/systemd/system/keepalived.service.d/override.conf owner: root @@ -31,7 +31,7 @@ mode: 0644 - name: Start and enable keepalived - service: + ansible.builtin.service: name: keepalived daemon-reload: true state: started diff --git a/roles/ldap-client/handlers/main.yml b/roles/ldap-client/handlers/main.yml index 5dacb64c..71802c1e 100644 --- a/roles/ldap-client/handlers/main.yml +++ b/roles/ldap-client/handlers/main.yml @@ -1,16 +1,16 @@ --- - name: Reconfigure libnss-ldapd package - command: dpkg-reconfigure libnss-ldapd -f noninteractive + ansible.builtin.command: dpkg-reconfigure libnss-ldapd -f noninteractive - name: Restart nslcd service - service: + ansible.builtin.service: name: nslcd state: restarted # Empty cache when nslcd is restarted - name: Restart nscd service - service: + ansible.builtin.service: name: nscd state: restarted - ignore_errors: true # Sometimes service do not exist + ignore_errors: true # Sometimes service do not exist listen: Restart nslcd service diff --git a/roles/ldap-client/tasks/main.yml b/roles/ldap-client/tasks/main.yml index 1e58d8aa..23258dea 100644 --- a/roles/ldap-client/tasks/main.yml +++ b/roles/ldap-client/tasks/main.yml @@ -1,7 +1,7 @@ --- # Install LDAP client packages - name: Install LDAP client packages - apt: + ansible.builtin.apt: update_cache: true name: - libnss-ldapd @@ -13,7 +13,7 @@ # Configure /etc/nslcd.conf - name: Configure nslcd - template: + ansible.builtin.template: src: nslcd.conf.j2 dest: /etc/nslcd.conf mode: 0600 @@ -21,7 +21,7 @@ # Configure /etc/nsswitch.conf - name: Configure NSS to use LDAP - lineinfile: + ansible.builtin.lineinfile: dest: /etc/nsswitch.conf regexp: "^{{ item }}:" line: "{{ item }}: files systemd ldap" @@ -31,7 +31,7 @@ notify: Restart nslcd service - name: Configure NSS to use LDAP - lineinfile: + ansible.builtin.lineinfile: dest: /etc/nsswitch.conf regexp: "^{{ item }}:" line: "{{ item }}: files ldap" @@ -41,7 +41,7 @@ notify: Restart nslcd service - name: Configure NSS to use LDAP - lineinfile: + ansible.builtin.lineinfile: dest: /etc/nsswitch.conf regexp: "^{{ item }}:" line: "{{ item }}: files ldap dns" diff --git a/roles/linx/handlers/main.yml b/roles/linx/handlers/main.yml index e7565721..9bf80c8d 100644 --- a/roles/linx/handlers/main.yml +++ b/roles/linx/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart linx-server - service: + ansible.builtin.service: name: linx-server state: restarted diff --git a/roles/linx/tasks/main.yml b/roles/linx/tasks/main.yml index e113dc95..3130cdf3 100644 --- a/roles/linx/tasks/main.yml +++ b/roles/linx/tasks/main.yml @@ -2,7 +2,7 @@ # - name: Install linx - name: Create linx user - user: + ansible.builtin.user: create_home: true home: /var/lib/linx system: true @@ -12,25 +12,25 @@ name: linx - name: Create linx config dir - file: + ansible.builtin.file: path: /etc/linx state: directory - name: Deploy configuration file - template: + ansible.builtin.template: src: linx/server.conf.j2 dest: /etc/linx/server.conf mode: 0644 - name: Install linx systemd unit - template: + ansible.builtin.template: src: systemd/system/linx-server.service.j2 dest: /etc/systemd/system/linx-server.service mode: 0644 notify: Restart linx-server - name: Load and activate linx systemd unit - systemd: + ansible.builtin.systemd: name: linx-server.service daemon_reload: true enabled: true diff --git a/roles/logall/handlers/main.yml b/roles/logall/handlers/main.yml index ae4936a5..051c255d 100644 --- a/roles/logall/handlers/main.yml +++ b/roles/logall/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: systemctl restart rsyslog.service - systemd: + ansible.builtin.systemd: name: rsyslog state: restarted - name: systemctl restart logrotate.service - systemd: + ansible.builtin.systemd: name: logrotate state: restarted diff --git a/roles/logall/tasks/main.yml b/roles/logall/tasks/main.yml index 529db78b..9dfc9c7a 100644 --- a/roles/logall/tasks/main.yml +++ b/roles/logall/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Create firewall log directory - file: + ansible.builtin.file: path: /var/log/firewall mode: 0755 owner: root @@ -8,7 +8,7 @@ state: directory - name: Deploy firewall rsyslog - template: + ansible.builtin.template: src: rsyslog.d/10-firewall.conf.j2 dest: /etc/rsyslog.d/10-firewall.conf mode: 0644 @@ -17,7 +17,7 @@ notify: systemctl restart rsyslog - name: Deploy firewall logrotate - template: + ansible.builtin.template: src: logrotate.d/firewall.j2 dest: /etc/logrotate.d/firewall mode: 0644 diff --git a/roles/logos/tasks/main.yml b/roles/logos/tasks/main.yml index a4965c1e..8c575637 100644 --- a/roles/logos/tasks/main.yml +++ b/roles/logos/tasks/main.yml @@ -1,9 +1,9 @@ --- - name: Deploy custom logos - copy: + ansible.builtin.copy: src: "{{ item.which }}" dest: "{{ item.where }}" - owner: "{{ item.owner|default('root') }}" - group: "{{ item.group|default('root') }}" - mode: "{{ item.mode|default('0644') }}" - loop: "{{ logos|default([]) }}" + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + mode: "{{ item.mode | default('0644') }}" + loop: "{{ logos | default([]) }}" diff --git a/roles/mailman3/handlers/main.yml b/roles/mailman3/handlers/main.yml index cea84667..0fa2b372 100644 --- a/roles/mailman3/handlers/main.yml +++ b/roles/mailman3/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: Restart mailman3 - service: + ansible.builtin.service: name: mailman3 state: restarted - name: Restart mailman3-web - service: + ansible.builtin.service: name: mailman3-web state: restarted diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml index 1cd2289c..41822d95 100644 --- a/roles/mailman3/tasks/main.yml +++ b/roles/mailman3/tasks/main.yml @@ -1,12 +1,12 @@ --- - name: Install mailman3 - apt: + ansible.builtin.apt: update_cache: true name: - mailman3-full - - python3-ipython # Prettier shell - - python3-pip # CAS - - python3-lxml # CAS + - python3-ipython # Prettier shell + - python3-pip # CAS + - python3-lxml # CAS - sassc install_recommends: false register: apt_result @@ -14,7 +14,7 @@ until: apt_result is succeeded - name: Install Crans python modules - pip: + ansible.builtin.pip: name: "{{ item }}" loop: - git+https://gitlab.adm.crans.org/nounous/mailman-crans-theme.git @@ -24,7 +24,7 @@ # sudo -u postgres createuser -P mailman3 # sudo -u postgres createdb -O mailman3 mailman3 - name: Configure mailman3 - template: + ansible.builtin.template: src: mailman3/{{ item }}.j2 dest: /etc/mailman3/{{ item }} mode: 0640 @@ -36,7 +36,7 @@ notify: Restart mailman3 - name: Apply permissions to the mailman directory - file: + ansible.builtin.file: path: /var/lib/mailman3 state: directory owner: list @@ -46,7 +46,7 @@ # sudo -u postgres createuser -P mailman3web # sudo -u postgres createdb -O mailman3web mailman3web - name: Configure mailman3-web - template: + ansible.builtin.template: src: mailman3/mailman-web.py.j2 dest: /etc/mailman3/mailman-web.py mode: 0640 @@ -55,7 +55,7 @@ notify: Restart mailman3-web - name: Migrate Django database - django_manage: + community.general.django_manage: command: migrate project_path: /usr/share/mailman3-web become: true @@ -63,7 +63,7 @@ notify: Restart mailman3-web - name: Collect static files - django_manage: + community.general.django_manage: command: collectstatic project_path: /usr/share/mailman3-web become: true @@ -71,7 +71,7 @@ notify: Restart mailman3-web - name: Compress static files - django_manage: + community.general.django_manage: command: compress project_path: /usr/share/mailman3-web become: true @@ -80,7 +80,7 @@ # When notifying moderators daily, add link to moderation page - name: Patch daily moderation mails - blockinfile: + ansible.builtin.blockinfile: path: /usr/lib/python3/dist-packages/mailman/commands/cli_notify.py marker: "{mark}" marker_begin: " # XXX This should be a template." @@ -89,14 +89,14 @@ \ }}/postorius/lists/{}/held_messages\n\"\"\").format(mlist.fqdn_listname, count, detail, mlist.fqdn_listname)" - name: Send owner notifications from listname-bounces@domain - lineinfile: + ansible.builtin.lineinfile: path: /usr/lib/python3/dist-packages/mailman/email/message.py regexp: " sender =" line: ' sender = f"{mlist.list_name}-bounces@{mlist.domain.mail_host}"' # When notifying moderators of a new incoming message, add link to moderation page - name: Patch moderation requests messages - template: + ansible.builtin.template: src: mailman/templates/fr/list:admin:action:post.txt.j2 dest: /usr/lib/python3/dist-packages/mailman/templates/fr/list:admin:action:post.txt owner: root @@ -104,7 +104,7 @@ mode: 0644 - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-mailman3 mode: 0755 diff --git a/roles/matrix-synapse/handlers/main.yml b/roles/matrix-synapse/handlers/main.yml index aab51dae..97779f76 100644 --- a/roles/matrix-synapse/handlers/main.yml +++ b/roles/matrix-synapse/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart matrix-synapse - service: + ansible.builtin.service: name: matrix-synapse state: restarted diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix-synapse/tasks/main.yml index 6ba08617..5fd119b4 100644 --- a/roles/matrix-synapse/tasks/main.yml +++ b/roles/matrix-synapse/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Configure Debian backports repository - template: + ansible.builtin.template: src: apt/sources.list.d/backports.list.j2 dest: /etc/apt/sources.list.d/backports.list - name: Install matrix-synapse - apt: + ansible.builtin.apt: update_cache: true default_release: "{{ ansible_lsb.codename }}-backports" name: matrix-synapse @@ -14,7 +14,7 @@ until: apt_result is succeeded - name: Configure matrix-synapse - template: + ansible.builtin.template: src: matrix-synapse/conf.d/{{ item }}.j2 dest: /etc/matrix-synapse/conf.d/{{ item }} mode: 0640 diff --git a/roles/moinmoin-gendoc/tasks/main.yml b/roles/moinmoin-gendoc/tasks/main.yml index c66ad943..a18b406c 100644 --- a/roles/moinmoin-gendoc/tasks/main.yml +++ b/roles/moinmoin-gendoc/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install python3-dmidecode - apt: + ansible.builtin.apt: update_cache: true name: python3-dmidecode register: apt_result @@ -16,7 +16,7 @@ - name: Create wiki page documenting {{ ansible_hostname }} (physical) when: ansible_system_vendor != 'QEMU' moinmoin_page: - url: "{{ moinmoin_base_url }}/Serveur{{ ansible_hostname|title|replace('-', '') }}/CaracteristiquesTechniques" + url: "{{ moinmoin_base_url }}/Serveur{{ ansible_hostname | title | replace('-', '') }}/CaracteristiquesTechniques" user: "{{ moinmoin_user }}" password: "{{ moinmoin_password }}" content: "{{ lookup('template', 'server.j2') }}" @@ -27,7 +27,7 @@ - name: Create wiki page documenting {{ ansible_hostname }} (virtual) when: ansible_system_vendor == 'QEMU' moinmoin_page: - url: "{{ moinmoin_base_url }}/Virtuels/Serveur{{ ansible_hostname|title|replace('-', '') }}/CaracteristiquesTechniques" + url: "{{ moinmoin_base_url }}/Virtuels/Serveur{{ ansible_hostname | title | replace('-', '') }}/CaracteristiquesTechniques" user: "{{ moinmoin_user }}" password: "{{ moinmoin_password }}" content: "{{ lookup('template', 'server.j2') }}" diff --git a/roles/moinmoin/handlers/main.yml b/roles/moinmoin/handlers/main.yml index ba46876d..e0496180 100644 --- a/roles/moinmoin/handlers/main.yml +++ b/roles/moinmoin/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart uwsgi - service: + ansible.builtin.service: name: uwsgi state: restarted diff --git a/roles/moinmoin/tasks/main.yml b/roles/moinmoin/tasks/main.yml index a8af6671..a576345e 100644 --- a/roles/moinmoin/tasks/main.yml +++ b/roles/moinmoin/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Install MoinMoin - apt: + ansible.builtin.apt: update_cache: true name: - python-lxml - python-moinmoin - - python-markdown # markdown parser + - python-markdown # markdown parser - python-netaddr - uwsgi - uwsgi-plugin-python @@ -14,36 +14,36 @@ until: apt_result is succeeded - name: Configure MoinMoin - template: + ansible.builtin.template: src: moin/mywiki.py.j2 dest: /etc/moin/mywiki.py - name: Configure MoinMoin cron - template: + ansible.builtin.template: src: cron.d/moinmoin.j2 dest: /etc/cron.d/moinmoin - name: Configure uwsgi - template: + ansible.builtin.template: src: uwsgi/apps-available/moinmoin.ini.j2 dest: /etc/uwsgi/apps-available/moinmoin.ini notify: Restart uwsgi - name: Activate uwsgi site - file: + ansible.builtin.file: src: /etc/uwsgi/apps-available/moinmoin.ini dest: /etc/uwsgi/apps-enabled/moinmoin.ini state: link notify: Restart uwsgi - name: Activate uwsgi service - systemd: + ansible.builtin.systemd: name: uwsgi enabled: true state: started - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-moinmoin mode: 0755 diff --git a/roles/mtail/handlers/main.yml b/roles/mtail/handlers/main.yml index ad7558b6..22ba6cf7 100644 --- a/roles/mtail/handlers/main.yml +++ b/roles/mtail/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart mtail - service: + ansible.builtin.service: name: mtail state: restarted diff --git a/roles/mtail/tasks/main.yml b/roles/mtail/tasks/main.yml index 399d2664..7fbe788b 100644 --- a/roles/mtail/tasks/main.yml +++ b/roles/mtail/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Pin mtail - template: + ansible.builtin.template: src: apt/{{ item }}.j2 dest: /etc/apt/{{ item }} loop: @@ -12,7 +12,7 @@ - ansible_distribution_release != "bullseye" - name: Install mtail - apt: + ansible.builtin.apt: update_cache: true name: mtail register: apt_result @@ -20,13 +20,13 @@ until: apt_result is succeeded - name: Configure mtail - template: + ansible.builtin.template: src: default/mtail.j2 dest: /etc/default/mtail notify: Restart mtail - name: Copy mtail configurations - template: + ansible.builtin.template: src: mtail/{{ item }}.j2 dest: /etc/mtail/{{ item }} mode: 0644 @@ -34,14 +34,14 @@ notify: Restart mtail - name: Drop unusued configuration - file: + ansible.builtin.file: path: /etc/mtail/{{ item }} state: absent loop: "{{ mtail.remove }}" notify: Restart mtail - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-mtail mode: 0755 diff --git a/roles/network-interfaces/tasks/main.yml b/roles/network-interfaces/tasks/main.yml index ac71ba7c..6b0ea16d 100644 --- a/roles/network-interfaces/tasks/main.yml +++ b/roles/network-interfaces/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install vlan support - apt: + ansible.builtin.apt: update_cache: true name: vlan state: present @@ -9,18 +9,18 @@ until: apt_result is succeeded - name: Deploy default interfaces config - template: + ansible.builtin.template: src: network/interfaces.j2 dest: /etc/network/interfaces mode: 0644 - name: Remove cloud-init interface configuration - file: + ansible.builtin.file: path: /etc/network/interfaces.d/50-cloud-init state: absent - name: Deploy interfaces config - template: + ansible.builtin.template: src: network/interfaces.d/ifalias.j2 dest: /etc/network/interfaces.d/{{ '%02d' | format(item.id) }}-{{ item.name | replace('_', '-') }} mode: 0644 diff --git a/roles/nfs-common/tasks/main.yml b/roles/nfs-common/tasks/main.yml index c0f9d083..824b61f6 100644 --- a/roles/nfs-common/tasks/main.yml +++ b/roles/nfs-common/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install nfs-common - apt: + ansible.builtin.apt: update_cache: true name: nfs-common register: apt_result @@ -8,17 +8,17 @@ until: apt_result is succeeded - name: Configure nfs-common - template: + ansible.builtin.template: src: nfs-common.j2 dest: /etc/default/nfs-common mode: 0644 - name: Disable and mask rpcbind.service - systemd: + ansible.builtin.systemd: name: rpcbind.service masked: false -- name: - systemd: +- name: Make sure that rpcbind.socket is not masked + ansible.builtin.systemd: name: rpcbind.socket masked: false diff --git a/roles/nfs-mount/tasks/main.yml b/roles/nfs-mount/tasks/main.yml index a07a920b..3200f6c0 100644 --- a/roles/nfs-mount/tasks/main.yml +++ b/roles/nfs-mount/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install NFS client - apt: + ansible.builtin.apt: update_cache: true name: - nfs-common @@ -10,7 +10,7 @@ until: apt_result is succeeded - name: Create target directory - file: + ansible.builtin.file: path: "{{ item.target }}" state: directory owner: "{{ item.owner }}" @@ -19,14 +19,14 @@ loop: "{{ nfs_mount.mounts }}" - name: Deploy nfs systemd mount - template: + ansible.builtin.template: src: systemd/system/nfs.mount.j2 dest: /etc/systemd/system/{{ item.name }}.mount mode: 0644 loop: "{{ nfs_mount.mounts }}" - name: Load and activate nfs systemd mount - systemd: + ansible.builtin.systemd: name: "{{ item.name }}.mount" daemon_reload: true enabled: true diff --git a/roles/nftables/tasks/main.yml b/roles/nftables/tasks/main.yml index 0bdc6f5d..32f12db8 100644 --- a/roles/nftables/tasks/main.yml +++ b/roles/nftables/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install nftables - apt: + ansible.builtin.apt: name: nftables state: present update_cache: true @@ -9,7 +9,7 @@ until: apt_result is succeeded - name: Deploy the configuration files - template: + ansible.builtin.template: src: "{{ item }}" dest: /etc/unbound/{{ item }} owner: unbound @@ -19,7 +19,7 @@ - unbound.conf - name: Enable and start nftables - systemd: + ansible.builtin.systemd: name: nftables enabled: true state: started diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml index 6dfcdd76..7419154d 100644 --- a/roles/nginx/handlers/main.yml +++ b/roles/nginx/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Reload nginx - systemd: + ansible.builtin.systemd: name: nginx state: reloaded diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 5b51da86..98524d41 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install NGINX - apt: + ansible.builtin.apt: update_cache: true name: nginx register: apt_result @@ -8,7 +8,7 @@ until: apt_result is succeeded - name: Copy proxypass snippets - template: + ansible.builtin.template: src: nginx/snippets/options-proxypass.conf.j2 dest: /etc/nginx/snippets/options-proxypass.conf owner: root @@ -16,7 +16,7 @@ mode: 0644 - name: Copy SSL snippets - template: + ansible.builtin.template: src: nginx/snippets/options-ssl.conf.j2 dest: /etc/nginx/snippets/options-ssl.{{ item.name }}.conf owner: root @@ -25,13 +25,13 @@ loop: "{{ nginx.ssl }}" - name: Disable default site - file: + ansible.builtin.file: dest: /etc/nginx/sites-enabled/default state: absent - name: Copy reverse proxy sites when: reverseproxy is defined - template: + ansible.builtin.template: src: nginx/sites-available/{{ item }}.j2 dest: /etc/nginx/sites-available/{{ item }} owner: root @@ -45,7 +45,7 @@ - name: Activate reverse proxy sites when: reverseproxy is defined - file: + ansible.builtin.file: src: /etc/nginx/sites-available/{{ item }} dest: /etc/nginx/sites-enabled/{{ item }} owner: root @@ -60,7 +60,7 @@ - name: Copy service nginx configuration when: nginx.servers is defined and nginx.servers|length > 0 - template: + ansible.builtin.template: src: nginx/sites-available/service.j2 dest: /etc/nginx/sites-available/{{ nginx.service_name }} owner: root @@ -70,7 +70,7 @@ - name: Activate local nginx service site when: nginx.servers is defined and nginx.servers|length > 0 - file: + ansible.builtin.file: src: /etc/nginx/sites-available/{{ nginx.service_name }} dest: /etc/nginx/sites-enabled/{{ nginx.service_name }} owner: root @@ -80,7 +80,7 @@ ignore_errors: "{{ ansible_check_mode }}" - name: Copy 50x error page - template: + ansible.builtin.template: src: www/html/50x.html.j2 dest: /var/www/html/50x.html owner: www-data @@ -89,7 +89,7 @@ - name: Copy robots.txt file when: nginx.deploy_robots_file - template: + ansible.builtin.template: src: www/html/robots.txt.j2 dest: /var/www/html/robots.txt owner: www-data @@ -98,14 +98,14 @@ - name: Install passwords when: nginx.auth_passwd|length > 0 - template: + ansible.builtin.template: src: nginx/passwd.j2 dest: /etc/nginx/passwd mode: 0644 - name: Copy 401 error page when: nginx.auth_passwd|length > 0 - template: + ansible.builtin.template: src: www/html/401.html.j2 dest: /var/www/html/401.html owner: www-data @@ -113,13 +113,13 @@ mode: 0644 - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-nginx mode: 0755 - name: Clean old files - file: + ansible.builtin.file: path: "{{ item }}" state: absent loop: diff --git a/roles/ninjabot/tasks/main.yml b/roles/ninjabot/tasks/main.yml index 34d0184b..c364f289 100644 --- a/roles/ninjabot/tasks/main.yml +++ b/roles/ninjabot/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Ninjabot dependencies - apt: + ansible.builtin.apt: name: - python3-dateutil - python3-flask @@ -12,31 +12,31 @@ until: apt_result is succeeded - name: Clone NinjaBot code - git: + ansible.builtin.git: repo: https://gitlab.adm.crans.org/nounous/NinjaBot.git dest: /var/local/ninjabot version: master - name: Deploy NinjaBot configuration - template: + ansible.builtin.template: src: ninjabot/ninjabot.json.j2 dest: /var/local/ninjabot/ninjabot.json - name: Deploy NinjaBot systemd unit - template: + ansible.builtin.template: src: systemd/system/ninjabot.service.j2 dest: /etc/systemd/system/ninjabot.service mode: 0644 - name: Load and activate NinjaBot service - systemd: + ansible.builtin.systemd: name: ninjabot daemon_reload: true enabled: true state: started - name: Indicate NinjaBot in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-ninjabot mode: 0755 diff --git a/roles/ntp-client/handlers/main.yml b/roles/ntp-client/handlers/main.yml index ffd2754d..b16ecfa1 100644 --- a/roles/ntp-client/handlers/main.yml +++ b/roles/ntp-client/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart systemd-timesyncd - service: + ansible.builtin.service: name: systemd-timesyncd state: restarted diff --git a/roles/ntp-client/tasks/main.yml b/roles/ntp-client/tasks/main.yml index 7e7d69b3..10e9001c 100644 --- a/roles/ntp-client/tasks/main.yml +++ b/roles/ntp-client/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Clean up ntp - apt: + ansible.builtin.apt: state: absent name: ntp purge: true @@ -10,7 +10,7 @@ when: "'ntp_server' not in group_names" - name: Install systemd-timesyncd (bullseye) - apt: + ansible.builtin.apt: name: systemd-timesyncd update_cache: true install_recommends: false @@ -22,7 +22,7 @@ - ansible_distribution_release == "bullseye" - name: Configure NTP - template: + ansible.builtin.template: src: systemd/timesyncd.conf.j2 dest: /etc/systemd/timesyncd.conf notify: Restart systemd-timesyncd diff --git a/roles/ntp-server/tasks/main.yml b/roles/ntp-server/tasks/main.yml index 3be6a719..222a7582 100644 --- a/roles/ntp-server/tasks/main.yml +++ b/roles/ntp-server/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install NTP - apt: + ansible.builtin.apt: update_cache: true name: ntp register: apt_result @@ -8,20 +8,20 @@ until: apt_result is succeeded - name: Configure NTP daemon - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/ntp regexp: ^NTPD_OPTS line: NTPD_OPTS='-g -x' check_mode: false - name: Configure NTP - template: + ansible.builtin.template: src: ntp.conf.j2 dest: /etc/ntp.conf mode: 0644 - name: Start ntp service - systemd: + ansible.builtin.systemd: name: ntp enabled: true state: started diff --git a/roles/nullmailer/tasks/main.yml b/roles/nullmailer/tasks/main.yml index 864b2f5a..cb92b428 100644 --- a/roles/nullmailer/tasks/main.yml +++ b/roles/nullmailer/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install nullmailer - apt: + ansible.builtin.apt: update_cache: true name: - nullmailer @@ -10,25 +10,25 @@ until: apt_result is succeeded - name: Set nullmailer remotes - copy: + ansible.builtin.copy: content: "{{ nullmailer.smtp_server }} smtp\n" dest: /etc/nullmailer/remotes mode: 0644 - name: Set nullmailer adminaddr - copy: + ansible.builtin.copy: content: "{{ nullmailer.root }}\n" dest: /etc/nullmailer/adminaddr mode: 0644 - name: Set nullmailer defaulthost - copy: + ansible.builtin.copy: content: "{{ nullmailer.defaulthost }}\n" dest: /etc/nullmailer/defaulthost mode: 0644 - name: Set nullmailer allmailfrom - copy: + ansible.builtin.copy: content: "{{ nullmailer.allmailfrom }}\n" dest: /etc/nullmailer/allmailfrom mode: 0644 diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml index a439e8be..c48b4a20 100644 --- a/roles/opendkim/tasks/main.yml +++ b/roles/opendkim/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install opendkim - apt: + ansible.builtin.apt: update_cache: true name: - opendkim @@ -10,27 +10,27 @@ until: apt_result is succeeded - name: Ensure opendkim directories are here - file: + ansible.builtin.file: path: /etc/opendkim/keys/{{ opendkim.domain }} state: directory - mode: 0750 + mode: "0750" owner: opendkim group: opendkim when: not ansible_check_mode - name: Deploy opendkim configuration - template: + ansible.builtin.template: src: opendkim.conf.j2 dest: /etc/opendkim.conf - mode: 644 + mode: "0644" owner: opendkim group: opendkim - name: Deploy opendkim configuration - template: + ansible.builtin.template: src: opendkim/{{ item }}.j2 dest: /etc/opendkim/{{ item }} - mode: 0644 + mode: "0644" owner: opendkim group: opendkim loop: @@ -39,10 +39,10 @@ - TrustedHosts - name: Deploy opendkim key - template: + ansible.builtin.template: src: opendkim/keys/key.{{ item }}.j2 dest: /etc/opendkim/keys/{{ opendkim.domain }}/{{ opendkim.selector }}.{{ item }} - mode: 0600 + mode: "0600" owner: opendkim group: opendkim loop: diff --git a/roles/openssh/handlers/main.yml b/roles/openssh/handlers/main.yml index 3c59dc25..030ddfc8 100644 --- a/roles/openssh/handlers/main.yml +++ b/roles/openssh/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart sshd service - service: + ansible.builtin.service: name: sshd state: restarted diff --git a/roles/openssh/tasks/main.yml b/roles/openssh/tasks/main.yml index b2e5efe2..6a37e224 100644 --- a/roles/openssh/tasks/main.yml +++ b/roles/openssh/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Filter SSH on groups - lineinfile: + ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config regexp: ^#?PermitRootLogin line: PermitRootLogin yes @@ -8,7 +8,7 @@ notify: Restart sshd service - name: Delete authorized SSH keys for root account - file: + ansible.builtin.file: path: "{{ item }}" state: absent loop: diff --git a/roles/owncloud-autofs/handlers/main.yml b/roles/owncloud-autofs/handlers/main.yml index b075971f..56dc7bb0 100644 --- a/roles/owncloud-autofs/handlers/main.yml +++ b/roles/owncloud-autofs/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart autofs service - service: + ansible.builtin.service: name: autofs state: restarted diff --git a/roles/owncloud-autofs/tasks/main.yml b/roles/owncloud-autofs/tasks/main.yml index a290439d..6fd350a5 100644 --- a/roles/owncloud-autofs/tasks/main.yml +++ b/roles/owncloud-autofs/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install autofs and bindfs - apt: + ansible.builtin.apt: update_cache: true name: - autofs @@ -10,7 +10,7 @@ until: apt_result is succeeded - name: Configure autofs deamon - template: + ansible.builtin.template: src: "{{ item }}.j2" dest: /etc/{{ item }} mode: 0644 @@ -20,7 +20,7 @@ notify: Restart autofs service - name: Configure home-adh autofs - template: + ansible.builtin.template: src: auto.master.d/{{ item.0 }}.j2 dest: /etc/auto.master.d/{{ item.0 }} mode: "{{ item.1 }}" @@ -30,7 +30,7 @@ notify: Restart autofs service - name: Create /home-owncloud/ directory - file: + ansible.builtin.file: path: /home-owncloud state: directory mode: 0750 @@ -38,12 +38,12 @@ group: root - name: Install autoclean cron - template: + ansible.builtin.template: src: cron.d/owncloud-clean-autofs.j2 dest: /etc/cron.d/owncloud-clean-autofs - name: Start autofs service - systemd: + ansible.builtin.systemd: name: autofs enabled: true state: started diff --git a/roles/owncloud/handlers/main.yml b/roles/owncloud/handlers/main.yml index 2e593d34..3ba7687f 100644 --- a/roles/owncloud/handlers/main.yml +++ b/roles/owncloud/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart nginx - service: + ansible.builtin.service: name: nginx state: restarted diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml index f0610010..fb0c7358 100644 --- a/roles/owncloud/tasks/main.yml +++ b/roles/owncloud/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install gpg - apt: + ansible.builtin.apt: update_cache: true name: - gpg @@ -10,7 +10,7 @@ # Add the key - name: Configure the apt key - apt_key: + ansible.builtin.apt_key: url: https://download.opensuse.org/repositories/isv:/ownCloud:/server:/10/Debian_11/Release.key id: 4ABE1AC7557BEFF9 state: present @@ -20,12 +20,12 @@ # Add the repository into source list - name: Configure owncloud repository - apt_repository: + ansible.builtin.apt_repository: repo: deb http://download.opensuse.org/repositories/isv:/ownCloud:/server:/10/Debian_11/ / state: present - name: Install OwnCloud - apt: + ansible.builtin.apt: update_cache: true name: - nginx @@ -38,25 +38,25 @@ until: apt_result is succeeded - name: Copy NGINX site - template: + ansible.builtin.template: src: nginx/owncloud.j2 dest: /etc/nginx/sites-available/owncloud notify: Restart nginx - name: Activate NGINX site - file: + ansible.builtin.file: src: /etc/nginx/sites-available/owncloud dest: /etc/nginx/sites-enabled/owncloud state: link notify: Restart nginx - name: Copy OwnCloud cron - template: + ansible.builtin.template: src: cron.d/owncloud.j2 dest: /etc/cron.d/owncloud - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-owncloud mode: 0755 diff --git a/roles/policyd/tasks/main.yml b/roles/policyd/tasks/main.yml index 1ea44d29..4775ffa1 100644 --- a/roles/policyd/tasks/main.yml +++ b/roles/policyd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install policyd-rate-limit - apt: + ansible.builtin.apt: update_cache: true name: - policyd-rate-limit @@ -13,7 +13,7 @@ vars: exempt_v4: "{{ policyd.exemptions | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}" exempt_v6: "{{ policyd.exemptions | json_query('servers[].interface[?vlan_id==`2`].ipv6[][].ipv6') }}" - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" chmod: 0640 @@ -23,7 +23,7 @@ when: postfix.primary - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-policyd.j2 dest: /etc/update-motd.d/05-policyd mode: 0755 diff --git a/roles/postfix-mailman3/handlers/main.yml b/roles/postfix-mailman3/handlers/main.yml index a1a7a2ce..0b0f8e9b 100644 --- a/roles/postfix-mailman3/handlers/main.yml +++ b/roles/postfix-mailman3/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart postfix - service: + ansible.builtin.service: name: postfix state: restarted diff --git a/roles/postfix-mailman3/tasks/main.yml b/roles/postfix-mailman3/tasks/main.yml index c81fd026..efed4d17 100644 --- a/roles/postfix-mailman3/tasks/main.yml +++ b/roles/postfix-mailman3/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install postfix - apt: + ansible.builtin.apt: update_cache: true name: - postfix @@ -9,7 +9,7 @@ until: apt_result is succeeded - name: Deploy postfix configuration - template: + ansible.builtin.template: src: postfix/{{ item }}.j2 dest: /etc/postfix/{{ item }} mode: 0644 @@ -20,7 +20,7 @@ notify: Restart postfix - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-postfix-mailman.j2 dest: /etc/update-motd.d/05-postfix-mailman mode: 0755 diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml index e705858e..0ac9ff93 100644 --- a/roles/postfix/handlers/main.yml +++ b/roles/postfix/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: generate postmaps - command: /usr/sbin/postmap {{ item }} + ansible.builtin.command: /usr/sbin/postmap {{ item }} loop: - /etc/postfix/mime_header_checks - /etc/postfix/recipient_access diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml index 7239b9fb..a1cbe20b 100644 --- a/roles/postfix/tasks/main.yml +++ b/roles/postfix/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install postfix - apt: + ansible.builtin.apt: update_cache: true name: - postfix @@ -9,7 +9,7 @@ until: apt_result is succeeded - name: Deploy postfix configuration - template: + ansible.builtin.template: src: postfix/{{ item }}.j2 dest: /etc/postfix/{{ item }} mode: 0644 @@ -29,19 +29,19 @@ - generate postmaps - name: Make sure let's encrypt renewal-hooks exists - file: + ansible.builtin.file: path: /etc/letsencrypt/renewal-hooks/deploy state: directory when: not ansible_check_mode - name: Reload postfix after certificate renewal - template: + ansible.builtin.template: src: letsencrypt/renewal-hooks/deploy/reload-postfix.sh.j2 dest: /etc/letsencrypt/renewal-hooks/deploy/reload-postfix.sh mode: 0755 - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-postfix.j2 dest: /etc/update-motd.d/05-postfix mode: 0755 diff --git a/roles/postgresql/handlers/main.yml b/roles/postgresql/handlers/main.yml index 2081f6e4..6005bb96 100644 --- a/roles/postgresql/handlers/main.yml +++ b/roles/postgresql/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: reload postgresql - command: /usr/bin/pg_ctlcluster {{ postgres.version }} main reload + ansible.builtin.command: /usr/bin/pg_ctlcluster {{ postgres.version }} main reload diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 43610a31..d2396a56 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -1,10 +1,10 @@ --- - name: Set postgresql installation directory - set_fact: + ansible.builtin.set_fact: postgres_dir: /etc/postgresql/{{ postgres.version }}/main - name: Install postgresql - apt: + ansible.builtin.apt: update_cache: true name: postgresql state: present @@ -13,7 +13,7 @@ until: apt_result is succeeded - name: Ensure main postgresql directory exists - file: + ansible.builtin.file: path: "{{ postgres_dir }}" state: directory owner: postgres @@ -21,7 +21,7 @@ mode: 0755 - name: Ensure configuration directory exists - file: + ansible.builtin.file: path: "{{ postgres_dir }}/conf.d" state: directory owner: postgres @@ -29,7 +29,7 @@ mode: 0755 - name: Configuration of postgresql {{ postgres.version }} - template: + ansible.builtin.template: src: postgresql/postgresql.conf.j2 dest: "{{ postgres_dir }}/postgresql.conf" mode: 0640 @@ -39,7 +39,7 @@ - reload postgresql - name: Master of configuration of postgresql {{ postgres.version }} - template: + ansible.builtin.template: src: postgresql/{{ item }}.j2 dest: "{{ postgres_dir }}/{{ item }}" mode: 0640 @@ -53,7 +53,7 @@ when: not(postgres.replica | default(False)) - name: Create backup directory - file: + ansible.builtin.file: path: "{{ postgres.backup.dir }}" owner: postgres group: postgres @@ -62,7 +62,7 @@ when: postgres.backup is defined - name: Create backup cron - template: + ansible.builtin.template: src: cron.d/pg_dump.j2 dest: /etc/cron.d/pg_dump when: postgres.backup is defined diff --git a/roles/printer/handlers/main.yml b/roles/printer/handlers/main.yml index 73c9606a..04a9e252 100644 --- a/roles/printer/handlers/main.yml +++ b/roles/printer/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart uWSGI - systemd: + ansible.builtin.systemd: name: uwsgi state: restarted diff --git a/roles/printer/tasks/main.yml b/roles/printer/tasks/main.yml index 0ad5f692..17d36d82 100644 --- a/roles/printer/tasks/main.yml +++ b/roles/printer/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Pin Django from Debian bullseye-backports - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" loop: @@ -10,7 +10,7 @@ dest: /etc/apt/preferences.d/django-backports - name: Install printer dependencies - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -37,11 +37,11 @@ until: apt_result is succeeded - name: Install non-packaged dependencies - pip: + ansible.builtin.pip: name: crispy-bootstrap5==0.4 - name: Create django-printer configuration directory - file: + ansible.builtin.file: path: /etc/django-printer state: directory mode: "2775" @@ -49,7 +49,7 @@ group: "{{ printer.group }}" - name: Set ACL for printer directory - acl: + ansible.posix.acl: path: /etc/django-printer default: true entity: _nounou @@ -59,7 +59,7 @@ ignore_errors: "{{ ansible_check_mode }}" - name: Clone printer repository - git: + ansible.builtin.git: repo: https://gitlab.adm.crans.org/nounous/django-printer.git dest: /var/local/django-printer umask: "002" @@ -67,25 +67,25 @@ recursive: true - name: Set owner of cloned project - file: + ansible.builtin.file: path: /var/local/django-printer owner: "{{ printer.owner }}" group: "{{ printer.group }}" recurse: true - name: Set manage.py executable - file: + ansible.builtin.file: path: /var/local/django-printer/manage.py mode: 0755 - name: Deploy local settings - template: + ansible.builtin.template: src: django-printer/settings_local.py.j2 dest: /etc/django-printer/settings_local.py mode: 0660 - name: Symlink configuration file - file: + ansible.builtin.file: src: /etc/django-printer/settings_local.py dest: /var/local/django-printer/printer/settings_local.py state: link @@ -93,19 +93,19 @@ # In the future, migrations will be included in the repository. - name: Make Django migrations - django_manage: + community.general.django_manage: command: makemigrations project_path: /var/local/django-printer notify: Restart uWSGI - name: Migrate database - django_manage: + community.general.django_manage: command: migrate project_path: /var/local/django-printer notify: Restart uWSGI - name: Create static files directory - file: + ansible.builtin.file: path: /var/lib/django-printer/{{ item }} state: directory mode: "2775" @@ -117,18 +117,18 @@ - files - name: Collect static files - django_manage: + community.general.django_manage: command: collectstatic project_path: /var/local/django-printer notify: Restart uWSGI - name: Compile messages - django_manage: + community.general.django_manage: command: compilemessages project_path: /var/local/django-printer - name: Copy uWSGI app - template: + ansible.builtin.template: src: uwsgi/apps-available/django-printer.ini.j2 dest: /etc/uwsgi/apps-available/django-printer.ini owner: root @@ -137,7 +137,7 @@ notify: Restart uWSGI - name: Activate uWSGI app - file: + ansible.builtin.file: src: ../apps-available/django-printer.ini dest: /etc/uwsgi/apps-enabled/django-printer.ini owner: root @@ -147,7 +147,7 @@ notify: Restart uWSGI - name: Create documentation directory with good permissions - file: + ansible.builtin.file: path: /var/www/django-printer-doc state: directory owner: www-data @@ -155,11 +155,11 @@ mode: u=rwx,g=rwxs,o=rx - name: Build HTML documentation - command: sphinx-build -b dirhtml /var/local/django-printer/docs/ /var/www/django-printer-doc/ + ansible.builtin.command: sphinx-build -b dirhtml /var/local/django-printer/docs/ /var/www/django-printer-doc/ become_user: www-data - name: Indicate module in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-django-printer mode: 0755 diff --git a/roles/prometheus-alertmanager/handlers/main.yml b/roles/prometheus-alertmanager/handlers/main.yml index 3ddbf930..c39520bd 100644 --- a/roles/prometheus-alertmanager/handlers/main.yml +++ b/roles/prometheus-alertmanager/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart Prometheus Alertmanager - service: + ansible.builtin.service: name: prometheus-alertmanager state: restarted diff --git a/roles/prometheus-alertmanager/tasks/main.yml b/roles/prometheus-alertmanager/tasks/main.yml index b65a2955..bab10f16 100644 --- a/roles/prometheus-alertmanager/tasks/main.yml +++ b/roles/prometheus-alertmanager/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Prometheus Alertmanager - apt: + ansible.builtin.apt: update_cache: true name: prometheus-alertmanager register: apt_result @@ -8,7 +8,7 @@ until: apt_result is succeeded - name: Configure Prometheus Alertmanager - template: + ansible.builtin.template: src: prometheus/alertmanager.yml.j2 dest: /etc/prometheus/alertmanager.yml notify: Restart Prometheus Alertmanager diff --git a/roles/prometheus-apache-exporter/handlers/main.yml b/roles/prometheus-apache-exporter/handlers/main.yml index 88098ed1..02e24ac5 100644 --- a/roles/prometheus-apache-exporter/handlers/main.yml +++ b/roles/prometheus-apache-exporter/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart prometheus-apache-exporter - service: + ansible.builtin.service: name: prometheus-apache-exporter state: restarted diff --git a/roles/prometheus-apache-exporter/tasks/main.yml b/roles/prometheus-apache-exporter/tasks/main.yml index cd7a2ab6..8343c5c1 100644 --- a/roles/prometheus-apache-exporter/tasks/main.yml +++ b/roles/prometheus-apache-exporter/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install prometheus-apache-exporter - apt: + ansible.builtin.apt: update_cache: true name: prometheus-apache-exporter register: apt_result @@ -8,9 +8,9 @@ until: apt_result is succeeded - name: Make prometheus-apache-exporter listen on adm only - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/prometheus-apache-exporter - regexp: '^ARGS=' + regexp: ^ARGS= line: | ARGS="-telemetry.address={{ adm_ipv4 }}:9117" notify: Restart prometheus-apache-exporter diff --git a/roles/prometheus-blackbox-exporter/handlers/main.yml b/roles/prometheus-blackbox-exporter/handlers/main.yml index 72a6fc53..9196f5dc 100644 --- a/roles/prometheus-blackbox-exporter/handlers/main.yml +++ b/roles/prometheus-blackbox-exporter/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart prometheus-blackbox-exporter - service: + ansible.builtin.service: name: prometheus-blackbox-exporter state: restarted diff --git a/roles/prometheus-blackbox-exporter/tasks/main.yml b/roles/prometheus-blackbox-exporter/tasks/main.yml index 025d1cbb..1605e022 100644 --- a/roles/prometheus-blackbox-exporter/tasks/main.yml +++ b/roles/prometheus-blackbox-exporter/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Configure the exporter to allow pings - debconf: + ansible.builtin.debconf: name: prometheus-blackbox-exporter question: prometheus-blackbox-exporter/want_cap_net_raw value: "true" @@ -8,7 +8,7 @@ notify: Restart prometheus-blackbox-exporter - name: Install Prometheus Blackbox exporter - apt: + ansible.builtin.apt: update_cache: true name: prometheus-blackbox-exporter register: apt_result @@ -16,7 +16,7 @@ until: apt_result is succeeded - name: Make Prometheus Blackbox exporter listen on localhost only - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/prometheus-blackbox-exporter regexp: ^ARGS= line: > @@ -25,7 +25,7 @@ notify: Restart prometheus-blackbox-exporter - name: Activate prometheus Blackbox exporter service - systemd: + ansible.builtin.systemd: name: prometheus-blackbox-exporter enabled: true state: started diff --git a/roles/prometheus-nginx-exporter/handlers/main.yml b/roles/prometheus-nginx-exporter/handlers/main.yml index a1c55e86..29806db0 100644 --- a/roles/prometheus-nginx-exporter/handlers/main.yml +++ b/roles/prometheus-nginx-exporter/handlers/main.yml @@ -1,14 +1,14 @@ --- - name: Restart nginx - service: + ansible.builtin.service: name: nginx state: restarted - name: Restart prometheus-nginx-exporter - service: + ansible.builtin.service: name: prometheus-nginx-exporter state: restarted - name: systemctl daemon-reload - systemd: + ansible.builtin.systemd: daemon_reload: true diff --git a/roles/prometheus-nginx-exporter/tasks/main.yml b/roles/prometheus-nginx-exporter/tasks/main.yml index 22d9db64..7e79cc1a 100644 --- a/roles/prometheus-nginx-exporter/tasks/main.yml +++ b/roles/prometheus-nginx-exporter/tasks/main.yml @@ -1,16 +1,16 @@ --- - name: Install prometheus-nginx-exporter - apt: + ansible.builtin.apt: update_cache: true name: - - nginx # Nginx may be not already installed + - nginx # Nginx may be not already installed - prometheus-nginx-exporter register: apt_result retries: 3 until: apt_result is succeeded - name: Make prometheus-nginx-exporter listen on adm only - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/prometheus-nginx-exporter regexp: ^ARGS= line: | @@ -20,25 +20,25 @@ - Restart prometheus-nginx-exporter - name: Configure nginx - template: + ansible.builtin.template: src: nginx/status.j2 dest: /etc/nginx/sites-available/status notify: Restart nginx - name: Activate nginx site - file: + ansible.builtin.file: src: /etc/nginx/sites-available/status dest: /etc/nginx/sites-enabled/status state: link notify: Restart nginx - name: Create /etc/systemd/system/prometheus-nginx-exporter.service.d/ - file: + ansible.builtin.file: path: /etc/systemd/system/prometheus-nginx-exporter.service.d/ state: directory - name: Patch prometheus-nginx-exporter service - template: + ansible.builtin.template: src: systemd/system/prometheus-nginx-exporter.service.d/override.conf.j2 dest: /etc/systemd/system/prometheus-nginx-exporter.service.d/override.conf notify: systemctl daemon-reload diff --git a/roles/prometheus-node-exporter-postfix/tasks/main.yml b/roles/prometheus-node-exporter-postfix/tasks/main.yml index 5e6ca8a5..2564ff71 100644 --- a/roles/prometheus-node-exporter-postfix/tasks/main.yml +++ b/roles/prometheus-node-exporter-postfix/tasks/main.yml @@ -1,7 +1,7 @@ --- # Install Postfix textfile collector, in bullseye you will have postfix exporter - name: Install Postfix textfile collector - copy: + ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root @@ -19,7 +19,7 @@ mode: "0644" - name: Activate prometheus-node-exporter-postfix timer - systemd: + ansible.builtin.systemd: name: prometheus-node-exporter-postfix.timer enabled: true state: started diff --git a/roles/prometheus-node-exporter/handlers/main.yml b/roles/prometheus-node-exporter/handlers/main.yml index db71ecdb..ab458a6d 100644 --- a/roles/prometheus-node-exporter/handlers/main.yml +++ b/roles/prometheus-node-exporter/handlers/main.yml @@ -1,9 +1,9 @@ --- - name: Restart prometheus-node-exporter - service: + ansible.builtin.service: name: prometheus-node-exporter state: restarted - name: systemctl daemon-reload - systemd: + ansible.builtin.systemd: daemon_reload: true diff --git a/roles/prometheus-node-exporter/tasks/main.yml b/roles/prometheus-node-exporter/tasks/main.yml index 5f44f637..9d8c0a18 100644 --- a/roles/prometheus-node-exporter/tasks/main.yml +++ b/roles/prometheus-node-exporter/tasks/main.yml @@ -1,15 +1,15 @@ --- - name: Install Prometheus node-exporter - apt: + ansible.builtin.apt: update_cache: true name: prometheus-node-exporter - install_recommends: false # Do not install smartmontools + install_recommends: false # Do not install smartmontools register: apt_result retries: 3 until: apt_result is succeeded - name: Install Prometheus node-exporter-collectors (bullseye) - apt: + ansible.builtin.apt: update_cache: true name: prometheus-node-exporter-collectors install_recommends: false @@ -20,7 +20,7 @@ - ansible_lsb.codename == 'bullseye' - name: Make Prometheus node-exporter listen on adm only - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/prometheus-node-exporter regexp: ^ARGS= line: | @@ -28,18 +28,18 @@ tags: restart-node-exporter - name: Create /etc/systemd/system/prometheus-node-exporter.service.d/ - file: + ansible.builtin.file: path: /etc/systemd/system/prometheus-node-exporter.service.d/ state: directory - name: Patch prometheus-node-exporter service - template: + ansible.builtin.template: src: systemd/system/prometheus-node-exporter.service.d/override.conf.j2 dest: /etc/systemd/system/prometheus-node-exporter.service.d/override.conf register: override - name: Deploy APT obsolete collector - copy: + ansible.builtin.copy: src: apt-obsolete.sh dest: /usr/share/prometheus-node-exporter-collectors/apt-obsolete.sh owner: root @@ -48,25 +48,25 @@ when: ansible_distribution_release == "bullseye" - name: Create /etc/systemd/system/prometheus-node-exporter-apt.service.d/ - file: + ansible.builtin.file: path: /etc/systemd/system/prometheus-node-exporter-apt.service.d/ state: directory when: ansible_distribution_release == "bullseye" - name: Patch prometheus-node-exporter-apt service - template: + ansible.builtin.template: src: systemd/system/prometheus-node-exporter-apt.service.d/override.conf.j2 dest: /etc/systemd/system/prometheus-node-exporter-apt.service.d/override.conf register: apt_override when: ansible_distribution_release == "bullseye" - name: systemctl daemon-reload - systemd: + ansible.builtin.systemd: daemon_reload: true when: override.changed or ( apt_override is defined and apt_override.changed ) - name: Activate prometheus-node-exporter service - systemd: + ansible.builtin.systemd: name: prometheus-node-exporter enabled: true state: started @@ -74,7 +74,7 @@ # Install new APT textfile collector, it might be upstreamed one day # https://github.com/prometheus-community/node-exporter-textfile-collector-scripts/pull/35 - name: Patch APT textfile collector - copy: + ansible.builtin.copy: src: apt.sh dest: /usr/share/prometheus-node-exporter/apt.sh owner: root diff --git a/roles/prometheus-snmp-exporter/handlers/main.yml b/roles/prometheus-snmp-exporter/handlers/main.yml index 9b65002c..a524c732 100644 --- a/roles/prometheus-snmp-exporter/handlers/main.yml +++ b/roles/prometheus-snmp-exporter/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart prometheus-snmp-exporter - service: + ansible.builtin.service: name: prometheus-snmp-exporter state: restarted diff --git a/roles/prometheus-snmp-exporter/tasks/main.yml b/roles/prometheus-snmp-exporter/tasks/main.yml index 3178d709..50183445 100644 --- a/roles/prometheus-snmp-exporter/tasks/main.yml +++ b/roles/prometheus-snmp-exporter/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Prometheus SNMP exporter - apt: + ansible.builtin.apt: update_cache: true name: prometheus-snmp-exporter register: apt_result @@ -8,7 +8,7 @@ until: apt_result is succeeded - name: Make Prometheus SNMP exporter listen on localhost only - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/prometheus-snmp-exporter regexp: ^ARGS= line: ARGS="--web.listen-address={{ snmp_exporter.listen_address }}" @@ -16,7 +16,7 @@ # This file store SNMP OIDs - name: Configure Prometheus SNMP exporter - template: + ansible.builtin.template: src: prometheus/snmp.yml.j2 dest: /etc/prometheus/snmp.yml mode: 0600 @@ -24,7 +24,7 @@ notify: Restart prometheus-snmp-exporter - name: Activate prometheus SNMP exporter service - systemd: + ansible.builtin.systemd: name: prometheus-snmp-exporter enabled: true state: started diff --git a/roles/prometheus/handlers/main.yml b/roles/prometheus/handlers/main.yml index 4214def5..58166153 100644 --- a/roles/prometheus/handlers/main.yml +++ b/roles/prometheus/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart Prometheus - service: + ansible.builtin.service: name: prometheus state: restarted diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 3e62cf9f..fb11df17 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Prometheus - apt: + ansible.builtin.apt: update_cache: true name: prometheus register: apt_result @@ -8,14 +8,14 @@ until: apt_result is succeeded - name: Configure Prometheus - template: + ansible.builtin.template: src: prometheus/prometheus.yml.j2 dest: /etc/prometheus/prometheus.yml mode: 0644 notify: Restart Prometheus - name: Configure Prometheus alert rules - template: + ansible.builtin.template: src: prometheus/alert.rules.yml.j2 dest: /etc/prometheus/alert.rules.yml mode: 0644 @@ -23,20 +23,20 @@ # We don't need to restart Prometheus when updating nodes - name: Configure Prometheus targets - copy: + ansible.builtin.copy: content: "{{ [{'targets': item.value.targets}] | to_nice_json }}\n" dest: /etc/prometheus/{{ item.value.file }} mode: 0644 loop: "{{ prometheus | dict2items }}" - name: Activate prometheus service - systemd: + ansible.builtin.systemd: name: prometheus enabled: true state: started - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-prometheus mode: 0755 diff --git a/roles/proxmox-apt-sources/tasks/main.yml b/roles/proxmox-apt-sources/tasks/main.yml index 1774927c..5468014b 100644 --- a/roles/proxmox-apt-sources/tasks/main.yml +++ b/roles/proxmox-apt-sources/tasks/main.yml @@ -1,5 +1,5 @@ --- - name: Configure Proxmox repositories - template: + ansible.builtin.template: src: apt/sources.list.d/pve-enterprise.list.j2 dest: /etc/apt/sources.list.d/pve-enterprise.list diff --git a/roles/proxmox-debian-images/tasks/main.yml b/roles/proxmox-debian-images/tasks/main.yml index d96e23d5..e822908a 100644 --- a/roles/proxmox-debian-images/tasks/main.yml +++ b/roles/proxmox-debian-images/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Auto-sync debian CD images to always have up-to-date Debian images - template: + ansible.builtin.template: src: cron.d/debian-images.j2 dest: /etc/cron.d/debian-images - name: Install rsync - apt: + ansible.builtin.apt: update_cache: true name: rsync register: apt_result @@ -13,7 +13,7 @@ until: apt_result is succeeded - name: Create specific directory for Debian image - file: + ansible.builtin.file: path: /var/lib/vz/template/iso/debian owner: root group: root @@ -21,7 +21,7 @@ state: directory - name: Create specific directory for extra images (Arch Linux, Ubuntu) - file: + ansible.builtin.file: path: /var/lib/vz/template/iso/{{ item }} owner: root group: root @@ -33,8 +33,9 @@ when: debian_images.include_extra_images - name: Initial synchronization to download Debian images - shell: rsync --verbose --dirs --compress --times --update --delete-after --delete-excluded --include 'debian-[0-9]*-amd64-netinst.iso' --exclude '*' rsync://{{ - debian_images.rsync_host }}/{{ debian_images.rsync_module }}/cdimage-debian/release/current/amd64/iso-cd/ /var/lib/vz/template/iso/debian/ && find /var/lib/vz/template/iso/debian - -type f -iregex '.*/debian-[0-9.]*-amd64-netinst.iso' -exec ln -sf {} /var/lib/vz/template/iso/debian-stable-amd64-netinst.iso \; + ansible.builtin.command: rsync --verbose --dirs --compress --times --update --delete-after --delete-excluded --include 'debian-[0-9]*-amd64-netinst.iso' --exclude + '*' rsync://{{ debian_images.rsync_host }}/{{ debian_images.rsync_module }}/cdimage-debian/release/current/amd64/iso-cd/ /var/lib/vz/template/iso/debian/ && find + /var/lib/vz/template/iso/debian -type f -iregex '.*/debian-[0-9.]*-amd64-netinst.iso' -exec ln -sf {} /var/lib/vz/template/iso/debian-stable-amd64-netinst.iso + \; register: rsync_output changed_when: '"debian" in rsync_output.stdout' diff --git a/roles/qemu-guest-agent/tasks/main.yml b/roles/qemu-guest-agent/tasks/main.yml index 72a322aa..6f91cb30 100644 --- a/roles/qemu-guest-agent/tasks/main.yml +++ b/roles/qemu-guest-agent/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install qemu guest agent - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: diff --git a/roles/radvd/handlers/main.yml b/roles/radvd/handlers/main.yml index 3ca4d567..a8c9baa1 100644 --- a/roles/radvd/handlers/main.yml +++ b/roles/radvd/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: check radvd status - service_facts: + ansible.builtin.service_facts: listen: Restart radvd service - name: Restart radvd service - service: + ansible.builtin.service: name: radvd state: restarted when: not ansible_check_mode and ansible_facts.services['bird']['state'] == 'running' diff --git a/roles/radvd/tasks/main.yml b/roles/radvd/tasks/main.yml index 65715038..d6d1d32b 100644 --- a/roles/radvd/tasks/main.yml +++ b/roles/radvd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install radvd - apt: + ansible.builtin.apt: name: radvd state: present update_cache: true @@ -9,7 +9,7 @@ until: apt_result is succeeded - name: Deploy radvd configuration - template: + ansible.builtin.template: src: radvd.conf.j2 dest: /etc/radvd.conf mode: 0644 diff --git a/roles/re2o-front/handlers/main.yml b/roles/re2o-front/handlers/main.yml index bc651bf9..f4365b31 100644 --- a/roles/re2o-front/handlers/main.yml +++ b/roles/re2o-front/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: Reload NGINX - systemd: + ansible.builtin.systemd: name: nginx state: reloaded - name: Reload uWSGI - systemd: + ansible.builtin.systemd: name: uwsgi state: reloaded diff --git a/roles/re2o-front/tasks/main.yml b/roles/re2o-front/tasks/main.yml index f74fbe8b..6f74c995 100644 --- a/roles/re2o-front/tasks/main.yml +++ b/roles/re2o-front/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install re2o dependencies - apt: + ansible.builtin.apt: update_cache: true name: - gettext @@ -12,7 +12,7 @@ until: apt_result is succeeded - name: Install uWSGI - apt: + ansible.builtin.apt: update_cache: true name: - uwsgi @@ -22,12 +22,12 @@ until: apt_result is succeeded - name: Copy re2o uWSGI app - template: + ansible.builtin.template: src: uwsgi/apps-available/re2o.ini.j2 dest: /etc/uwsgi/apps-available/re2o.ini - name: Activate re2o uWSGI app - file: + ansible.builtin.file: src: ../apps-available/re2o.ini dest: /etc/uwsgi/apps-enabled/re2o.ini state: link diff --git a/roles/re2o-ldap/handlers/main.yml b/roles/re2o-ldap/handlers/main.yml index ce4f0cdd..03ee40e2 100644 --- a/roles/re2o-ldap/handlers/main.yml +++ b/roles/re2o-ldap/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart slapd - service: + ansible.builtin.service: name: slapd.service state: restarted diff --git a/roles/re2o-ldap/tasks/main.yml b/roles/re2o-ldap/tasks/main.yml index 7e5fd604..dcee4a23 100644 --- a/roles/re2o-ldap/tasks/main.yml +++ b/roles/re2o-ldap/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install slapd - apt: + ansible.builtin.apt: name: - ldap-utils - libio-socket-ssl-perl @@ -18,19 +18,19 @@ # the reploy. If it was deleted or missing, then we # rebuild the replica. - name: Check if installation was done - stat: + ansible.builtin.stat: path: /var/lib/slapd/.delete_me_to_reset_ldap_configuration register: installation - name: Stop slapd when: not installation.stat.exists - systemd: + ansible.builtin.systemd: name: slapd state: stopped - name: Delete old slapd configuration and data when: not installation.stat.exists - file: + ansible.builtin.file: path: "{{ item }}" state: absent loop: @@ -38,7 +38,7 @@ - /var/lib/ldap - name: Create slapd configuration and data directory - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: openldap @@ -49,7 +49,7 @@ - /var/lib/ldap - name: Copy ldif files - template: + ansible.builtin.template: src: ldap/{{ item }}.ldif.j2 dest: /var/lib/slapd/{{ item }}.ldif owner: openldap @@ -62,27 +62,27 @@ - name: Initialize re2o-ldap schema when: not installation.stat.exists - shell: slapadd -n 0 -l /var/lib/slapd/schema.ldif -F /etc/ldap/slapd.d/ + ansible.builtin.command: slapadd -n 0 -l /var/lib/slapd/schema.ldif -F /etc/ldap/slapd.d/ become_user: openldap - name: Initialize re2o-ldap database when: not installation.stat.exists - shell: slapadd -n 1 -l /var/lib/slapd/db.ldif + ansible.builtin.command: slapadd -n 1 -l /var/lib/slapd/db.ldif become_user: openldap - name: Start slapd when: not installation.stat.exists - systemd: + ansible.builtin.systemd: name: slapd state: started - name: Enable data replication when: not installation.stat.exists and re2o_ldap.replica is defined - shell: ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /var/lib/slapd/replication.ldif + ansible.builtin.command: ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /var/lib/slapd/replication.ldif # LDAPS configuration - name: Copy TLS certificate - template: + ansible.builtin.template: src: ldap/{{ item }}.j2 dest: /etc/ldap/{{ item }} owner: openldap @@ -93,7 +93,7 @@ - ldap.key - name: Enable LDAPS - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/slapd regexp: ^SLAPD_SERVICES= line: SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///" @@ -102,7 +102,7 @@ - name: Touch installation marker when: not installation.stat.exists - file: + ansible.builtin.file: path: /var/lib/slapd/.delete_me_to_reset_ldap_configuration state: touch owner: root diff --git a/roles/re2o/tasks/main.yml b/roles/re2o/tasks/main.yml index d35df15a..90af8879 100644 --- a/roles/re2o/tasks/main.yml +++ b/roles/re2o/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install re2o dependencies - apt: + ansible.builtin.apt: update_cache: true name: - python3-dateutil @@ -26,14 +26,14 @@ until: apt_result is succeeded - name: Install re2o pip3 dependencies - pip: + ansible.builtin.pip: executable: pip3 name: - django-bootstrap3==11.1.0 - django-macaddress==1.6.0 - name: Create re2o directory - file: + ansible.builtin.file: path: /var/www/re2o state: directory mode: "2775" @@ -41,7 +41,7 @@ group: "{{ re2o.group }}" - name: Set ACL for re2o directory - acl: + ansible.posix.acl: path: /var/www/re2o default: true entity: _nounou @@ -50,26 +50,26 @@ state: query - name: Clone re2o repository - git: + ansible.builtin.git: repo: http://gitlab.adm.crans.org/nounous/re2o.git dest: /var/www/re2o umask: "002" version: "{{ re2o.version }}" - name: Set owner of cloned project - file: + ansible.builtin.file: path: /var/www/re2o owner: "{{ re2o.owner }}" recurse: true - name: Indicate re2o in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-re2o mode: 0755 - name: Deploy Re2o settings_local.py - template: + ansible.builtin.template: src: re2o/settings_local.py.j2 dest: /var/www/re2o/re2o/settings_local.py mode: 0660 diff --git a/roles/root-config/tasks/main.yml b/roles/root-config/tasks/main.yml index 4631e40d..5fe98e01 100644 --- a/roles/root-config/tasks/main.yml +++ b/roles/root-config/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Create or rewrite .nanorc for root - template: + ansible.builtin.template: src: "{{ item.src }}.j2" dest: /root/{{ item.dest }} loop: diff --git a/roles/root/tasks/main.yml b/roles/root/tasks/main.yml index be3a7d78..4b0a7527 100644 --- a/roles/root/tasks/main.yml +++ b/roles/root/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Deploys root password hash - replace: + ansible.builtin.replace: path: /etc/shadow regexp: "^root:[^:]*:" replace: "root:{{ root.passwd_hash }}:" diff --git a/roles/roundcube/tasks/main.yml b/roles/roundcube/tasks/main.yml index 071aa58e..7f01589b 100644 --- a/roles/roundcube/tasks/main.yml +++ b/roles/roundcube/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install Roundcube - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -17,7 +17,7 @@ until: apt_result is succeeded - name: Configure Roundcube - template: + ansible.builtin.template: src: roundcube/{{ item }}.j2 dest: /etc/roundcube/{{ item }} owner: root @@ -28,7 +28,7 @@ - config.inc.php - name: Clone custom plugins - git: + ansible.builtin.git: repo: "{{ item.repo }}" dest: /etc/roundcube/plugins/{{ item.name }} version: "{{ item.version }}" @@ -36,7 +36,7 @@ when: item.repo is defined - name: Symlink custom plugins (1) - file: + ansible.builtin.file: src: /usr/share/roundcube/plugins/{{ item.name }} dest: /var/lib/roundcube/plugins/{{ item.name }} state: link @@ -44,7 +44,7 @@ when: item.repo is defined - name: Symlink custom plugins (2) - file: + ansible.builtin.file: src: /etc/roundcube/plugins/{{ item.name }} dest: /usr/share/roundcube/plugins/{{ item.name }} state: link @@ -52,7 +52,7 @@ when: item.repo is defined - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-roundcube mode: 0755 diff --git a/roles/rsync-mirror/tasks/main.yml b/roles/rsync-mirror/tasks/main.yml index 8357bf65..097bf075 100644 --- a/roles/rsync-mirror/tasks/main.yml +++ b/roles/rsync-mirror/tasks/main.yml @@ -1,13 +1,13 @@ --- # cron run as mirror user - name: Add the mirror user - user: + ansible.builtin.user: name: mirror - home: /var/mirror # unused, should be something empty + home: /var/mirror # unused, should be something empty shell: /bin/false - name: Create root directory - file: + ansible.builtin.file: path: "{{ ftpsync.root }}" owner: mirror group: mirror @@ -15,7 +15,7 @@ state: directory - name: Create target directory - file: + ansible.builtin.file: path: "{{ rsync_mirror.root }}/{{ item.dest }}" owner: mirror group: mirror @@ -24,12 +24,12 @@ loop: "{{ rsync_mirror.targets }}" - name: Configure rsync cron - template: + ansible.builtin.template: src: rsync-mirror-cron.j2 dest: /etc/cron.d/rsync-mirror - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-rsync-mirror mode: 0755 diff --git a/roles/rsyncd/tasks/main.yml b/roles/rsyncd/tasks/main.yml index e805149d..b1987e73 100644 --- a/roles/rsyncd/tasks/main.yml +++ b/roles/rsyncd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install rsync - apt: + ansible.builtin.apt: update_cache: true name: rsync register: apt_result @@ -8,19 +8,19 @@ until: apt_result is succeeded - name: Enable rsync daemon - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/rsync regexp: ^RSYNC_ENABLE line: RSYNC_ENABLE=true - name: Configure rsyncd - template: + ansible.builtin.template: src: rsyncd.conf.j2 dest: /etc/rsyncd.conf mode: 0644 - name: Start rsync service - systemd: + ansible.builtin.systemd: name: rsync enabled: true state: started diff --git a/roles/rsyslog-client/handlers/main.yml b/roles/rsyslog-client/handlers/main.yml index 54052ec3..775286d7 100644 --- a/roles/rsyslog-client/handlers/main.yml +++ b/roles/rsyslog-client/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart rsyslog - systemd: + ansible.builtin.systemd: name: rsyslog state: restarted diff --git a/roles/rsyslog-client/tasks/main.yml b/roles/rsyslog-client/tasks/main.yml index 121e2ab1..9689d64d 100644 --- a/roles/rsyslog-client/tasks/main.yml +++ b/roles/rsyslog-client/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install common tools - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -10,7 +10,7 @@ until: apt_result is succeeded - name: Create spool directory - file: + ansible.builtin.file: path: /var/log/spool state: directory mode: "0750" @@ -18,7 +18,7 @@ group: root - name: Deploy rsyslog config - template: + ansible.builtin.template: src: rsyslog.d/50-send_relp.conf.j2 dest: /etc/rsyslog.d/50-send_relp.conf mode: 0640 diff --git a/roles/rsyslog-server/handlers/main.yml b/roles/rsyslog-server/handlers/main.yml index 6500301b..d3ee028b 100644 --- a/roles/rsyslog-server/handlers/main.yml +++ b/roles/rsyslog-server/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart rsyslog - service: + ansible.builtin.service: name: rsyslog state: restarted diff --git a/roles/rsyslog-server/tasks/main.yml b/roles/rsyslog-server/tasks/main.yml index 5a9ad3d5..d02357df 100644 --- a/roles/rsyslog-server/tasks/main.yml +++ b/roles/rsyslog-server/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install common tools - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: @@ -10,7 +10,7 @@ until: apt_result is succeeded - name: Deploy logrotate config - template: + ansible.builtin.template: src: logrotate.d/logrotate.j2 dest: /etc/logrotate.d/{{ rsyslog_server.name }} mode: 0644 @@ -18,7 +18,7 @@ group: root - name: Deploy rsyslog config - template: + ansible.builtin.template: src: rsyslog.d/30-rules.conf.j2 dest: /etc/rsyslog.d/30-rules.conf mode: 0640 @@ -27,7 +27,7 @@ notify: restart rsyslog - name: Deploy rsyslog modules config - template: + ansible.builtin.template: src: rsyslog.d/50-module.conf.j2 dest: /etc/rsyslog.d/{{ item.index }}-module_{{ item.name }}.conf mode: 0640 diff --git a/roles/serial-tty/tasks/main.yml b/roles/serial-tty/tasks/main.yml index 1a7cd278..eab081ec 100644 --- a/roles/serial-tty/tasks/main.yml +++ b/roles/serial-tty/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Load and activate getty service for ttyS0 - systemd: + ansible.builtin.systemd: name: getty@ttyS0 enabled: true state: started diff --git a/roles/service/tasks/main.yml b/roles/service/tasks/main.yml index 73fbfb59..ca5795cd 100644 --- a/roles/service/tasks/main.yml +++ b/roles/service/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install service dependencies - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: "{{ service.dependencies }}" @@ -10,7 +10,7 @@ when: service.dependencies is defined - name: Create service directory - file: + ansible.builtin.file: path: "{{ service.install_dir }}" state: directory mode: "2775" @@ -18,7 +18,7 @@ group: _nounou - name: Set ACL for service directory - acl: + ansible.posix.acl: path: "{{ service.install_dir }}" default: true entity: _nounou @@ -27,14 +27,14 @@ state: query - name: Clone service repository - git: + ansible.builtin.git: repo: "{{ service.git.remote }}" version: "{{ service.git.version }}" dest: "{{ service.install_dir }}" umask: "002" - name: Create generated directory - file: + ansible.builtin.file: path: "{{ service.install_dir }}/generated" state: directory mode: "2770" @@ -43,7 +43,7 @@ when: service.generated is defined and service.generated - name: Deploy re2o config - template: + ansible.builtin.template: src: service/re2o-config.ini.j2 dest: "{{ service.install_dir }}/re2o-config.ini" mode: 0600 @@ -52,13 +52,13 @@ when: service.re2o is defined - name: Deploy cron for service - template: + ansible.builtin.template: src: cron.d/service.j2 dest: /etc/cron.d/services-{{ service.name }} when: service.cron is defined and service.cron.frequency is defined - name: Deploy service configuration - template: + ansible.builtin.template: src: service/config.json dest: "{{ service.install_dir }}/{{ service.name }}.json" when: service.config is defined diff --git a/roles/slapd/handlers/main.yml b/roles/slapd/handlers/main.yml index ce4f0cdd..03ee40e2 100644 --- a/roles/slapd/handlers/main.yml +++ b/roles/slapd/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart slapd - service: + ansible.builtin.service: name: slapd.service state: restarted diff --git a/roles/slapd/tasks/main.yml b/roles/slapd/tasks/main.yml index 312c3227..0b84ac4e 100644 --- a/roles/slapd/tasks/main.yml +++ b/roles/slapd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install slapd - apt: + ansible.builtin.apt: update_cache: true name: - slapd @@ -9,12 +9,12 @@ until: apt_result is succeeded - name: Remove slapd config directory - file: + ansible.builtin.file: path: /etc/ldap/slapd.d/ state: absent - name: Deploy slapd configuration - template: + ansible.builtin.template: src: ldap/{{ item.dest }}.j2 dest: /etc/ldap/{{ item.dest }} mode: "{{ item.mode }}" @@ -27,7 +27,7 @@ notify: Restart slapd - name: Deploy ldap services - lineinfile: + ansible.builtin.lineinfile: path: /etc/default/slapd regexp: ^SLAPD_SERVICES= line: SLAPD_SERVICES="ldaps://{{ slapd.ip }}/ ldapi:///" diff --git a/roles/sqlgrey/tasks/main.yml b/roles/sqlgrey/tasks/main.yml index 04fb5e75..aaa4ceed 100644 --- a/roles/sqlgrey/tasks/main.yml +++ b/roles/sqlgrey/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install sqlgrey - apt: + ansible.builtin.apt: update_cache: true name: - sqlgrey @@ -9,7 +9,7 @@ until: apt_result is succeeded - name: Deploy sqlgrey configuration - template: + ansible.builtin.template: src: sqlgrey/{{ item }}.j2 dest: /etc/sqlgrey/{{ item }} mode: 0644 diff --git a/roles/sssd/handlers/main.yml b/roles/sssd/handlers/main.yml index 1c219c2a..c232c7c3 100644 --- a/roles/sssd/handlers/main.yml +++ b/roles/sssd/handlers/main.yml @@ -1,10 +1,10 @@ --- - name: Restart nslcd service - service: + ansible.builtin.service: name: nslcd state: restarted - name: Restart sssd service - service: + ansible.builtin.service: name: sssd state: restarted diff --git a/roles/sssd/tasks/main.yml b/roles/sssd/tasks/main.yml index d2615dfa..8e85bb3b 100644 --- a/roles/sssd/tasks/main.yml +++ b/roles/sssd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install sssd and nslcd - apt: + ansible.builtin.apt: update_cache: true name: - libnss-ldapd @@ -13,14 +13,14 @@ until: apt_result is succeeded - name: Configure sssd - template: + ansible.builtin.template: src: sssd/sssd.conf.j2 dest: /etc/sssd/sssd.conf mode: 0600 notify: Restart sssd service - name: Enable sssd socket activation - systemd: + ansible.builtin.systemd: name: sssd-{{ item }} enabled: true loop: @@ -28,14 +28,14 @@ - pam - name: Configure nslcd for hosts - template: + ansible.builtin.template: src: nslcd.conf.j2 dest: /etc/nslcd.conf mode: 0600 notify: Restart nslcd service - name: Configure NSS to use sss - lineinfile: + ansible.builtin.lineinfile: dest: /etc/nsswitch.conf regexp: "^{{ item.name }}:" line: "{{ item.name }}:\t\t{{ item.db }}" @@ -47,7 +47,7 @@ - { name: hosts, db: files ldap dns } - name: Disable nscd cache - lineinfile: + ansible.builtin.lineinfile: dest: /etc/nscd.conf regex: "enable-cache\t\t{{ item }}" line: "\tenable-cache\t\t{{ item }}\t\tno" @@ -56,7 +56,7 @@ - group - name: Override PAM rule priority for unix login to insert sssd login - pamd: + community.general.pamd: # Standard Unix auth by default if available (for root) name: common-auth type: auth @@ -65,7 +65,7 @@ module_path: pam_unix.so - name: Insert PAM SSS authentication rule - pamd: + community.general.pamd: name: common-auth type: auth control: "[success=3 default=ignore]" @@ -76,7 +76,7 @@ state: after - name: Update PAM arguments for SSS authentication - pamd: + community.general.pamd: name: common-auth type: auth module_path: pam_sss.so @@ -84,7 +84,7 @@ module_arguments: use_first_pass - name: Add PAM rule for SSS sessions - pamd: + community.general.pamd: name: common-session type: session control: required @@ -95,7 +95,7 @@ state: after - name: Override PAM rule priority for unix passwords - pamd: + community.general.pamd: name: common-password type: password control: "[success=2 default=ignore]" @@ -103,7 +103,7 @@ module_path: pam_unix.so - name: Insert PAM SSS password rule - pamd: + community.general.pamd: name: common-password type: password control: "[success=3 default=ignore]" @@ -114,7 +114,7 @@ state: after - name: Update PAM arguments for SSS authentication - pamd: + community.general.pamd: name: common-password type: password module_path: pam_sss.so diff --git a/roles/statping/handlers/main.yml b/roles/statping/handlers/main.yml index 4868a5ce..239d8290 100644 --- a/roles/statping/handlers/main.yml +++ b/roles/statping/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart statping - service: + ansible.builtin.service: name: statping state: restarted diff --git a/roles/statping/tasks/main.yml b/roles/statping/tasks/main.yml index eb06eaa7..38120f1d 100644 --- a/roles/statping/tasks/main.yml +++ b/roles/statping/tasks/main.yml @@ -1,12 +1,12 @@ --- - name: Install statping - unarchive: + ansible.builtin.unarchive: src: https://github.com/statping/statping/releases/download/v0.90.74/statping-linux-amd64.tar.gz dest: /usr/local/bin/ remote_src: true - name: Create statping user - user: + ansible.builtin.user: create_home: true home: /var/lib/statping system: true @@ -16,21 +16,21 @@ name: statping - name: Install statping systemd unit - template: + ansible.builtin.template: src: systemd/system/statping.service.j2 dest: /etc/systemd/system/statping.service mode: 0644 notify: Restart statping - name: Load and activate statping systemd unit - systemd: + ansible.builtin.systemd: name: statping.service daemon_reload: true enabled: true state: started - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-statping mode: 0755 diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml index 6ee4500b..53f834f1 100644 --- a/roles/sudo/tasks/main.yml +++ b/roles/sudo/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Configure sudoers - template: + ansible.builtin.template: src: "{{ item }}.j2" dest: /etc/{{ item }} mode: 0440 diff --git a/roles/sysctl-forwarding/tasks/main.yml b/roles/sysctl-forwarding/tasks/main.yml index e9230039..64062070 100644 --- a/roles/sysctl-forwarding/tasks/main.yml +++ b/roles/sysctl-forwarding/tasks/main.yml @@ -1,5 +1,5 @@ --- - name: Deploy sysctl configuration - template: + ansible.builtin.template: src: sysctl.d/10-forwarding.conf.j2 dest: /etc/sysctl.d/10-forwarding.conf diff --git a/roles/thelounge/handlers/main.yml b/roles/thelounge/handlers/main.yml index 95b737c9..b1e0cf9e 100644 --- a/roles/thelounge/handlers/main.yml +++ b/roles/thelounge/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Restart The Lounge - systemd: + ansible.builtin.systemd: name: thelounge state: restarted diff --git a/roles/thelounge/tasks/main.yml b/roles/thelounge/tasks/main.yml index 7403a1dc..da1403fc 100644 --- a/roles/thelounge/tasks/main.yml +++ b/roles/thelounge/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install NodeJS - apt: + ansible.builtin.apt: update_cache: true install_recommends: false name: nodejs @@ -9,7 +9,7 @@ until: apt_result is succeeded - name: Download The Lounge packet - get_url: + ansible.builtin.get_url: url: https://github.com/thelounge/thelounge/releases/download/v4.2.0/thelounge_4.2.0_all.deb dest: /var/cache/apt/archives/thelounge_4.2.0_all.deb checksum: sha512:10d17c199fef595c46ba55f36ab7aa0a7469448603482eb780284e05532f5d69302d47bdc9c558badc30b0a026767a24b7065a4fe8d7c865f1737b0041420208 @@ -18,12 +18,12 @@ mode: 0644 - name: Install The Lounge from the deb package - apt: + ansible.builtin.apt: deb: /var/cache/apt/archives/thelounge_4.2.0_all.deb notify: Restart The Lounge - name: Deploy The Lounge configuration - template: + ansible.builtin.template: src: config.js.j2 dest: /etc/thelounge/config.js owner: thelounge diff --git a/roles/unbound/handlers/main.yml b/roles/unbound/handlers/main.yml index b433c429..c14a15c6 100644 --- a/roles/unbound/handlers/main.yml +++ b/roles/unbound/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: Restart unbound - systemd: + ansible.builtin.systemd: name: unbound enabled: true state: restart diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml index 11ad0224..dd8e594b 100644 --- a/roles/unbound/tasks/main.yml +++ b/roles/unbound/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install unbound - apt: + ansible.builtin.apt: name: unbound state: present update_cache: true @@ -9,17 +9,17 @@ until: apt_result is succeeded - name: Download the root file - get_url: + ansible.builtin.get_url: url: https://www.internic.net/domain/named.root dest: /var/unbound/etc/root.hints mode: "0444" notify: Reload unbound - name: Fetch the initial keys - command: unbound-anchor + ansible.builtin.command: unbound-anchor - name: Deploy the configuration - template: + ansible.builtin.template: src: unbound.conf.j2 dest: /etc/unbound/unbound.conf owner: root @@ -28,7 +28,7 @@ notify: Reload unbound - name: Enable and start unbound - systemd: + ansible.builtin.systemd: name: unbound enabled: true state: started diff --git a/roles/vsftpd/handlers/main.yml b/roles/vsftpd/handlers/main.yml index 061d4f21..7dd24d24 100644 --- a/roles/vsftpd/handlers/main.yml +++ b/roles/vsftpd/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: systemctl restart vsftpd - service: + ansible.builtin.service: name: vsftpd state: restarted diff --git a/roles/vsftpd/tasks/main.yml b/roles/vsftpd/tasks/main.yml index dcda24a1..f441c18c 100644 --- a/roles/vsftpd/tasks/main.yml +++ b/roles/vsftpd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install vsftpd - apt: + ansible.builtin.apt: update_cache: true name: vsftpd register: apt_result @@ -8,21 +8,21 @@ until: apt_result is succeeded - name: Configure vsftpd - template: + ansible.builtin.template: src: vsftpd.conf.j2 dest: /etc/vsftpd.conf mode: 0644 notify: systemctl restart vsftpd - name: Deploy userlist - template: + ansible.builtin.template: src: vsftpd.user_list.j2 dest: /etc/vsftpd.user_list notify: systemctl restart vsftpd when: vsftpd.userlist is defined - name: systemctl enable --now service - systemd: + ansible.builtin.systemd: name: vsftpd enabled: true state: started diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index 449759ec..6b9f07e4 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install wireguard - apt: + ansible.builtin.apt: update_cache: true name: - wireguard @@ -10,20 +10,20 @@ until: apt_result is succeeded - name: Indicate role in motd - template: + ansible.builtin.template: src: update-motd.d/05-service.j2 dest: /etc/update-motd.d/05-wireguard mode: 0755 - name: Ensure wireguard directory is present - file: + ansible.builtin.file: path: /etc/wireguard mode: 0700 owner: root group: root - name: Deploy wireguard configuration - template: + ansible.builtin.template: src: wireguard/tunnel.conf.j2 dest: /etc/wireguard/{{ item.name }}.conf mode: 0700 @@ -32,7 +32,7 @@ loop: "{{ wireguard.tunnels }}" - name: Enable and start wireguard service - systemd: + ansible.builtin.systemd: name: wg-quick@{{ item.name }} state: started enabled: true diff --git a/roles/zamok-tools/handlers/main.yml b/roles/zamok-tools/handlers/main.yml index 30eacce9..9f438346 100644 --- a/roles/zamok-tools/handlers/main.yml +++ b/roles/zamok-tools/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: Reload apache - systemd: + ansible.builtin.systemd: name: apache2 state: reloaded diff --git a/roles/zamok-tools/tasks/main.yml b/roles/zamok-tools/tasks/main.yml index fbe6385f..7a3ba633 100644 --- a/roles/zamok-tools/tasks/main.yml +++ b/roles/zamok-tools/tasks/main.yml @@ -1,57 +1,57 @@ --- - name: Import GPG public key of Weechat repository - apt_key: + ansible.builtin.apt_key: url: https://weechat.org/dev/info/debian_repository_signing_key/ state: present keyring: /etc/apt/trusted.gpg.d/weechat.gpg - name: Install custom repository for Weechat sources - apt_repository: + ansible.builtin.apt_repository: repo: deb https://weechat.org/debian {{ ansible_distribution_release }} main state: present - name: Install zamok tools - apt: + ansible.builtin.apt: update_cache: true name: - apache2 - - bat # Rajouté par shirenn le 10/11/2021 - - bitlbee # Demande du 06/09/2017 17:40 sur #crans + - bat # Rajouté par shirenn le 10/11/2021 + - bitlbee # Demande du 06/09/2017 17:40 sur #crans - byobu - cabal-install - - cmake # Demande irc #root 22/05/2018 15h45 + - cmake # Demande irc #root 22/05/2018 15h45 - cpanminus - - exiv2 # Demande du 25/08/2017 14:19 sur #crans + - exiv2 # Demande du 25/08/2017 14:19 sur #crans - fetchmail - fish - # - freefem++ # Demande du 14/05/2018 17:12 sur #roots - - graphviz # Demande du 10/02/2018 15:46 sur #roots - - inotify-tools # Demande du 24/10/2017 23:17 sur #crans - - jed # Demande du 04/08/2017 sur nounou@ + # - freefem++ # Demande du 14/05/2018 17:12 sur #roots + - graphviz # Demande du 10/02/2018 15:46 sur #roots + - inotify-tools # Demande du 24/10/2017 23:17 sur #crans + - jed # Demande du 04/08/2017 sur nounou@ - joe - libapache2-mod-php - libapache2-mod-wsgi-py3 - - lua-cjson # Demande du 01/09/2017 18:50 sur #crans - - lynx # Demande du 30/07/2017 sur nounou@ + - lua-cjson # Demande du 01/09/2017 18:50 sur #crans + - lynx # Demande du 30/07/2017 sur nounou@ - mariadb-server - - moreutils # Ce package, c'est la vie ! + - moreutils # Ce package, c'est la vie ! - nyancat - - octave # Demande irc #crans 28/02/2019 14h28 + - octave # Demande irc #crans 28/02/2019 14h28 - odt2txt - par - - pdftk # Demande mail nounou@ 16/10/2018 16h01 + - pdftk # Demande mail nounou@ 16/10/2018 16h01 - php - php-bz2 - php-curl - php-gd - - php-imagick # dépendance de WordPress, BDS 27/10/2021 + - php-imagick # dépendance de WordPress, BDS 27/10/2021 - php-mbstring - php-mysql - php-sqlite3 - php-xml - php-zip - phpmyadmin - - pkg-config # Demande du 01/02/2018 15:00 sur #roots + - pkg-config # Demande du 01/02/2018 15:00 sur #roots - poppler-utils - python3-dialog - python3-django @@ -62,21 +62,21 @@ - python3-netaddr - python3-pip - python3-scipy - - python3-venv # Ajout par erdnaxe pour la Med 10/08/2019 10h50 + - python3-venv # Ajout par erdnaxe pour la Med 10/08/2019 10h50 - pyzor - - ranger # Demande du 31/01/2020 11h10 par Solal + - ranger # Demande du 31/01/2020 11h10 par Solal - razor - reptyr - - ruby-dev # Demande du 07/01/2018 18:50 sur #crans pour compiler des gem + - ruby-dev # Demande du 07/01/2018 18:50 sur #crans pour compiler des gem - sl - slrn - - spamassassin # utile pour filtrer le spam avec procmail + - spamassassin # utile pour filtrer le spam avec procmail - texlive-full - - unison # Demande news crans.crans 11/04/18 - - uwsgi # pratique pour utiliser Django sur sa page perso + - unison # Demande news crans.crans 11/04/18 + - uwsgi # pratique pour utiliser Django sur sa page perso - uwsgi-plugin-python3 - - vim-gtk # Demande du 23/09/2017 22:04 sur #crans - - weechat # Parceque c'est normal qu'il soit installe + - vim-gtk # Demande du 23/09/2017 22:04 sur #crans + - weechat # Parceque c'est normal qu'il soit installe register: apt_result retries: 3 until: apt_result is succeeded @@ -95,7 +95,7 @@ notify: Reload apache - name: Copy apache configuration - template: + ansible.builtin.template: src: apache2/{{ item }}.j2 dest: /etc/apache2/{{ item }} owner: root @@ -107,7 +107,7 @@ notify: Reload apache - name: Enable apache sites - file: + ansible.builtin.file: src: /etc/apache2/sites-available/000-perso.conf dest: /etc/apache2/sites-enabled/000-perso.conf owner: root @@ -117,7 +117,7 @@ notify: Reload apache - name: Add PAM rule to use namespaces to have separate temporary directories - pamd: + community.general.pamd: name: common-session type: session control: optional