mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-19 00:16:04 +02:00
Make ansible-lint happy
yaml: truthy value should be one of [false, true] (truthy) yaml: wrong indentation: expected 4 but found 2 (indentation) yaml: too few spaces before comment (comments) yaml: missing starting space in comment (comments) yaml: too many blank lines (1 > 0) (empty-lines) yaml: too many spaces after colon (colons) yaml: comment not indented like content (comments-indentation) yaml: no new line character at the end of file (new-line-at-end-of-file) load-failure: Failed to load or parse file parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
This commit is contained in:
parent
f99cca5e3b
commit
4112bdf9fd
|
@ -1,8 +1,12 @@
|
||||||
exclude_paths:
|
exclude_paths:
|
||||||
- misc
|
- misc
|
||||||
|
# FIXME: parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
|
||||||
|
- playbooks/tasks
|
||||||
skip_list:
|
skip_list:
|
||||||
# line too long (x > 80 characters) (line-length)
|
# line too long (x > 80 characters) (line-length)
|
||||||
- 'line-length'
|
- 'line-length'
|
||||||
|
# yaml: too many spaces inside braces (braces)
|
||||||
|
- 'braces'
|
||||||
# Do not recommend running tasks as handlers
|
# Do not recommend running tasks as handlers
|
||||||
- 'no-handler'
|
- 'no-handler'
|
||||||
# Do not force galaxy info in meta/main.yml
|
# Do not force galaxy info in meta/main.yml
|
||||||
|
|
|
@ -11,7 +11,8 @@ ansible-lint:
|
||||||
# Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110)
|
# Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110)
|
||||||
- sed "s/,hcloud_inventory.py//" -i ansible.cfg
|
- sed "s/,hcloud_inventory.py//" -i ansible.cfg
|
||||||
- sed "/^vault_password_file/d" -i ansible.cfg
|
- sed "/^vault_password_file/d" -i ansible.cfg
|
||||||
- ansible-lint
|
# Fix load-failure: Failed to load or parse file
|
||||||
|
- ansible-lint $(printf -- "--exclude %s " */*/vault_*)
|
||||||
|
|
||||||
terraform-validate:
|
terraform-validate:
|
||||||
script:
|
script:
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
- { role: root_ssh }
|
- { role: root_ssh }
|
||||||
- { role: certbot }
|
- { role: certbot }
|
||||||
- { role: nginx }
|
- { role: nginx }
|
||||||
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
|
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
|
||||||
- { role: sudo }
|
- { role: sudo }
|
||||||
- { role: php_fpm, php_extensions: ['iconv', 'memcached', 'mysqli', 'pdo_mysql'], zend_extensions: ['opcache'] }
|
- { role: php_fpm, php_extensions: ['iconv', 'memcached', 'mysqli', 'pdo_mysql'], zend_extensions: ['opcache'] }
|
||||||
- { role: memcached }
|
- { role: memcached }
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
- { role: prometheus_exporters }
|
- { role: prometheus_exporters }
|
||||||
- { role: certbot }
|
- { role: certbot }
|
||||||
- { role: nginx }
|
- { role: nginx }
|
||||||
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True, mariadb_innodb_buffer_pool_size: '1G' }
|
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true, mariadb_innodb_buffer_pool_size: '1G' }
|
||||||
- { role: sudo }
|
- { role: sudo }
|
||||||
- { role: php_fpm, php_extensions: ['iconv', 'memcached', 'mysqli', 'pdo_mysql'], zend_extensions: ['opcache'] }
|
- { role: php_fpm, php_extensions: ['iconv', 'memcached', 'mysqli', 'pdo_mysql'], zend_extensions: ['opcache'] }
|
||||||
- { role: memcached }
|
- { role: memcached }
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
- { role: root_ssh }
|
- { role: root_ssh }
|
||||||
- { role: certbot }
|
- { role: certbot }
|
||||||
- { role: nginx }
|
- { role: nginx }
|
||||||
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
|
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
|
||||||
- { role: sudo }
|
- { role: sudo }
|
||||||
- { role: php_fpm, php_extensions: ['apcu', 'iconv', 'intl', 'mysqli'], zend_extensions: ['opcache'] }
|
- { role: php_fpm, php_extensions: ['apcu', 'iconv', 'intl', 'mysqli'], zend_extensions: ['opcache'] }
|
||||||
- { role: fluxbb }
|
- { role: fluxbb }
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
- { role: root_ssh }
|
- { role: root_ssh }
|
||||||
- { role: certbot }
|
- { role: certbot }
|
||||||
- { role: nginx }
|
- { role: nginx }
|
||||||
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
|
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
|
||||||
- { role: sudo }
|
- { role: sudo }
|
||||||
- { role: php7_fpm, php_extensions: ['mysqli'], zend_extensions: ['opcache'] }
|
- { role: php7_fpm, php_extensions: ['mysqli'], zend_extensions: ['opcache'] }
|
||||||
- { role: flyspray }
|
- { role: flyspray }
|
||||||
|
|
|
@ -13,8 +13,7 @@
|
||||||
gitlab_domain: "gitlab.archlinux.org",
|
gitlab_domain: "gitlab.archlinux.org",
|
||||||
gitlab_primary_addresses: ['159.69.41.129', '[2a01:4f8:c2c:5d2d::1]', '127.0.0.1', '[::1]'],
|
gitlab_primary_addresses: ['159.69.41.129', '[2a01:4f8:c2c:5d2d::1]', '127.0.0.1', '[::1]'],
|
||||||
gitlab_pages_http_addresses: ['116.203.6.156:80', '[2a01:4f8:c2c:5d2d::2]:80'],
|
gitlab_pages_http_addresses: ['116.203.6.156:80', '[2a01:4f8:c2c:5d2d::2]:80'],
|
||||||
gitlab_pages_https_addresses: ['116.203.6.156:443', '[2a01:4f8:c2c:5d2d::2]:443']
|
gitlab_pages_https_addresses: ['116.203.6.156:443', '[2a01:4f8:c2c:5d2d::2]:443']}
|
||||||
}
|
|
||||||
- { role: borg_client, tags: ["borg"] }
|
- { role: borg_client, tags: ["borg"] }
|
||||||
- { role: prometheus_exporters }
|
- { role: prometheus_exporters }
|
||||||
- { role: fail2ban }
|
- { role: fail2ban }
|
||||||
|
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
- name: setup Hetzner storagebox account
|
- name: setup Hetzner storagebox account
|
||||||
hosts: u236610.your-storagebox.de
|
hosts: u236610.your-storagebox.de
|
||||||
gather_facts: False
|
gather_facts: false
|
||||||
roles:
|
roles:
|
||||||
- { role: hetzner_storagebox, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }
|
- { role: hetzner_storagebox, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
roles:
|
roles:
|
||||||
- nginx
|
- nginx
|
||||||
- rspamd
|
- rspamd
|
||||||
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
|
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
|
||||||
- { role: prometheus_exporters }
|
- { role: prometheus_exporters }
|
||||||
# luna is hosting mailman lists; this postfix role does not cater to this yet
|
# luna is hosting mailman lists; this postfix role does not cater to this yet
|
||||||
# TODO: make postfix role handle mailman config?
|
# TODO: make postfix role handle mailman config?
|
||||||
|
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
- name: setup rsync.net account
|
- name: setup rsync.net account
|
||||||
hosts: prio.ch-s012.rsync.net
|
hosts: prio.ch-s012.rsync.net
|
||||||
gather_facts: False
|
gather_facts: false
|
||||||
roles:
|
roles:
|
||||||
- { role: rsync_net, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }
|
- { role: rsync_net, backup_dir: "backup", backup_clients: "{{ groups['borg_clients'] }}", tags: ["borg"] }
|
||||||
|
|
|
@ -30,4 +30,3 @@
|
||||||
- name: upload website
|
- name: upload website
|
||||||
unarchive: src={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc/website.tar.gz dest={{ archweb_dir }}/archlinux.org/pacman mode=0644
|
unarchive: src={{ tempdir.path }}/pacman/pacman-{{ pacman_version }}/doc/website.tar.gz dest={{ archweb_dir }}/archlinux.org/pacman mode=0644
|
||||||
delegate_to: archlinux.org
|
delegate_to: archlinux.org
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
- { role: certbot }
|
- { role: certbot }
|
||||||
- { role: nginx }
|
- { role: nginx }
|
||||||
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
|
- { role: postfix, postfix_relayhost: "mail.archlinux.org" }
|
||||||
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: True }
|
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
|
||||||
- { role: sudo }
|
- { role: sudo }
|
||||||
- { role: php_fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'sockets', 'zip'], zend_extensions: ['opcache'] }
|
- { role: php_fpm, php_extensions: ['bcmath', 'curl', 'gd', 'iconv', 'intl', 'mysqli', 'sockets', 'zip'], zend_extensions: ['opcache'] }
|
||||||
- { role: memcached }
|
- { role: memcached }
|
||||||
|
|
|
@ -22,9 +22,9 @@
|
||||||
- name: start and enable syncrepo unit
|
- name: start and enable syncrepo unit
|
||||||
systemd:
|
systemd:
|
||||||
name: syncrepo_arch32.timer
|
name: syncrepo_arch32.timer
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: make nginx log dir
|
- name: make nginx log dir
|
||||||
file: path=/var/log/nginx/{{ arch32_mirror_domain }} state=directory owner=root group=root mode=0755
|
file: path=/var/log/nginx/{{ arch32_mirror_domain }} state=directory owner=root group=root mode=0755
|
||||||
|
|
|
@ -2,4 +2,4 @@
|
||||||
|
|
||||||
- name: daemon reload
|
- name: daemon reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon-reload: yes
|
daemon-reload: true
|
||||||
|
|
|
@ -32,12 +32,12 @@
|
||||||
|
|
||||||
- name: configure archive.org client
|
- name: configure archive.org client
|
||||||
command: ia configure --username={{ vault_archive_username }} --password={{ vault_archive_password }} creates={{ archive_user_home }}/.config/ia.ini
|
command: ia configure --username={{ vault_archive_username }} --password={{ vault_archive_password }} creates={{ archive_user_home }}/.config/ia.ini
|
||||||
become: yes
|
become: true
|
||||||
become_user: "{{ archive_user_name }}"
|
become_user: "{{ archive_user_name }}"
|
||||||
|
|
||||||
- name: clone archive uploader code
|
- name: clone archive uploader code
|
||||||
git: repo=https://github.com/archlinux/arch-historical-archive.git dest="{{ archive_repo }}" version="{{ archive_uploader_version }}"
|
git: repo=https://github.com/archlinux/arch-historical-archive.git dest="{{ archive_repo }}" version="{{ archive_uploader_version }}"
|
||||||
become: yes
|
become: true
|
||||||
become_user: "{{ archive_user_name }}"
|
become_user: "{{ archive_user_name }}"
|
||||||
|
|
||||||
- name: install system service
|
- name: install system service
|
||||||
|
@ -49,6 +49,6 @@
|
||||||
- name: start uploader timer
|
- name: start uploader timer
|
||||||
systemd:
|
systemd:
|
||||||
name: archive-uploader.timer
|
name: archive-uploader.timer
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- name: daemon reload
|
- name: daemon reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon-reload: yes
|
daemon-reload: true
|
||||||
|
|
||||||
- name: restart archweb memcached
|
- name: restart archweb memcached
|
||||||
service: name=archweb-memcached state=restarted
|
service: name=archweb-memcached state=restarted
|
||||||
|
|
|
@ -216,9 +216,9 @@
|
||||||
- name: start and enable archweb memcached service and archweb-rsync_iso timer
|
- name: start and enable archweb memcached service and archweb-rsync_iso timer
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
with_items:
|
with_items:
|
||||||
- archweb-memcached.service
|
- archweb-memcached.service
|
||||||
- archweb-rsync_iso.timer
|
- archweb-rsync_iso.timer
|
||||||
|
|
|
@ -105,9 +105,9 @@
|
||||||
- name: start and enable archwiki timers and services
|
- name: start and enable archwiki timers and services
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
with_items:
|
with_items:
|
||||||
- archwiki-runjobs.timer
|
- archwiki-runjobs.timer
|
||||||
- archwiki-prune-cache.timer
|
- archwiki-prune-cache.timer
|
||||||
|
@ -118,7 +118,7 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: archwiki-question-updater.service
|
name: archwiki-question-updater.service
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: ensure question answer file exists and set permissions
|
- name: ensure question answer file exists and set permissions
|
||||||
file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
|
file: state=file path="{{ archwiki_question_answer_file }}" owner=root group=root mode=0644
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- name: daemon reload
|
- name: daemon reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon-reload: yes
|
daemon-reload: true
|
||||||
|
|
||||||
- name: restart php-fpm@{{ aurweb_user }}
|
- name: restart php-fpm@{{ aurweb_user }}
|
||||||
service: name=php-fpm@{{ aurweb_user }} state=restarted
|
service: name=php-fpm@{{ aurweb_user }} state=restarted
|
||||||
|
|
|
@ -104,7 +104,7 @@
|
||||||
|
|
||||||
- name: Check python module availability
|
- name: Check python module availability
|
||||||
command: "python3 -c 'import aurweb'"
|
command: "python3 -c 'import aurweb'"
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
register: aurweb_installed
|
register: aurweb_installed
|
||||||
tags:
|
tags:
|
||||||
- skip_ansible_lint
|
- skip_ansible_lint
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
environment:
|
environment:
|
||||||
BORG_RELOCATED_REPO_ACCESS_IS_OK: "yes"
|
BORG_RELOCATED_REPO_ACCESS_IS_OK: "yes"
|
||||||
register: borg_list
|
register: borg_list
|
||||||
ignore_errors: True
|
ignore_errors: true
|
||||||
loop: "{{ backup_hosts }}"
|
loop: "{{ backup_hosts }}"
|
||||||
changed_when: borg_list.stdout | length > 0
|
changed_when: borg_list.stdout | length > 0
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
when: borg_list is failed
|
when: borg_list is failed
|
||||||
environment:
|
environment:
|
||||||
BORG_PASSPHRASE: ""
|
BORG_PASSPHRASE: ""
|
||||||
ignore_errors: True # This can sometimes fail if a backup is in progress :/
|
ignore_errors: true # This can sometimes fail if a backup is in progress :/
|
||||||
loop: "{{ backup_hosts }}"
|
loop: "{{ backup_hosts }}"
|
||||||
|
|
||||||
- name: install convenience scripts
|
- name: install convenience scripts
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
- name: check whether postgres user exists
|
- name: check whether postgres user exists
|
||||||
command: getent passwd postgres
|
command: getent passwd postgres
|
||||||
register: check_postgres_user
|
register: check_postgres_user
|
||||||
ignore_errors: True
|
ignore_errors: true
|
||||||
changed_when: check_postgres_user.stdout | length > 0
|
changed_when: check_postgres_user.stdout | length > 0
|
||||||
|
|
||||||
- name: make postgres backup directory
|
- name: make postgres backup directory
|
||||||
|
|
|
@ -36,6 +36,6 @@
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: borg
|
user: borg
|
||||||
key: "{{ item.stdout }}"
|
key: "{{ item.stdout }}"
|
||||||
manage_dir: yes
|
manage_dir: true
|
||||||
key_options: "command=\"/usr/bin/borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc"
|
key_options: "command=\"/usr/bin/borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc"
|
||||||
with_items: "{{ ssh_keys.results }}"
|
with_items: "{{ ssh_keys.results }}"
|
||||||
|
|
|
@ -18,9 +18,9 @@
|
||||||
- name: activate letsencrypt renewal service
|
- name: activate letsencrypt renewal service
|
||||||
systemd:
|
systemd:
|
||||||
name: certbot-renewal.timer
|
name: certbot-renewal.timer
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: open firewall holes for certbot standalone authenticator
|
- name: open firewall holes for certbot standalone authenticator
|
||||||
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
|
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
|
||||||
|
|
|
@ -4,17 +4,17 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: systemd-networkd
|
name: systemd-networkd
|
||||||
state: restarted
|
state: restarted
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: restart journald
|
- name: restart journald
|
||||||
systemd:
|
systemd:
|
||||||
name: systemd-journald
|
name: systemd-journald
|
||||||
state: restarted
|
state: restarted
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: systemd daemon-reload
|
- name: systemd daemon-reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: restart syslog-ng
|
- name: restart syslog-ng
|
||||||
service: name=syslog-ng@default state=restarted
|
service: name=syslog-ng@default state=restarted
|
||||||
|
|
|
@ -91,7 +91,7 @@
|
||||||
sysctl:
|
sysctl:
|
||||||
name: net.ipv4.tcp_rmem
|
name: net.ipv4.tcp_rmem
|
||||||
value: "{{ tcp_rmem }}"
|
value: "{{ tcp_rmem }}"
|
||||||
sysctl_set: yes
|
sysctl_set: true
|
||||||
sysctl_file: /etc/sysctl.d/net.conf
|
sysctl_file: /etc/sysctl.d/net.conf
|
||||||
when: tcp_rmem is defined
|
when: tcp_rmem is defined
|
||||||
|
|
||||||
|
@ -99,7 +99,7 @@
|
||||||
sysctl:
|
sysctl:
|
||||||
name: net.ipv4.tcp_wmem
|
name: net.ipv4.tcp_wmem
|
||||||
value: "{{ tcp_wmem }}"
|
value: "{{ tcp_wmem }}"
|
||||||
sysctl_set: yes
|
sysctl_set: true
|
||||||
sysctl_file: /etc/sysctl.d/net.conf
|
sysctl_file: /etc/sysctl.d/net.conf
|
||||||
when: tcp_wmem is defined
|
when: tcp_wmem is defined
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
dbscripts_commit: HEAD
|
dbscripts_commit: HEAD
|
||||||
dbscripts_update: yes
|
dbscripts_update: true
|
||||||
dbscripts_pgp_emails: ['eschwartz@archlinux.org']
|
dbscripts_pgp_emails: ['eschwartz@archlinux.org']
|
||||||
|
|
|
@ -218,7 +218,7 @@
|
||||||
|
|
||||||
- name: configure svntogit git user name
|
- name: configure svntogit git user name
|
||||||
command: git config --global user.name = 'svntogit'
|
command: git config --global user.name = 'svntogit'
|
||||||
become: yes
|
become: true
|
||||||
become_user: svntogit
|
become_user: svntogit
|
||||||
register: git_config_username
|
register: git_config_username
|
||||||
changed_when: "git_config_username.rc == 0"
|
changed_when: "git_config_username.rc == 0"
|
||||||
|
@ -227,7 +227,7 @@
|
||||||
|
|
||||||
- name: configure svntogit git user email
|
- name: configure svntogit git user email
|
||||||
command: git config --global user.name = 'svntogit@repos.archlinux.org'
|
command: git config --global user.name = 'svntogit@repos.archlinux.org'
|
||||||
become: yes
|
become: true
|
||||||
become_user: svntogit
|
become_user: svntogit
|
||||||
register: git_config_email
|
register: git_config_email
|
||||||
changed_when: "git_config_email.rc == 0"
|
changed_when: "git_config_email.rc == 0"
|
||||||
|
@ -245,7 +245,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- community
|
- community
|
||||||
- packages
|
- packages
|
||||||
become: yes
|
become: true
|
||||||
become_user: svntogit
|
become_user: svntogit
|
||||||
tags:
|
tags:
|
||||||
- skip_ansible_lint
|
- skip_ansible_lint
|
||||||
|
@ -255,9 +255,9 @@
|
||||||
with_items:
|
with_items:
|
||||||
- community
|
- community
|
||||||
- packages
|
- packages
|
||||||
become: yes
|
become: true
|
||||||
become_user: svntogit
|
become_user: svntogit
|
||||||
ignore_errors: yes
|
ignore_errors: true
|
||||||
register: git_public_remote
|
register: git_public_remote
|
||||||
changed_when: "git_public_remote.rc == 0"
|
changed_when: "git_public_remote.rc == 0"
|
||||||
tags:
|
tags:
|
||||||
|
@ -269,7 +269,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- community
|
- community
|
||||||
- packages
|
- packages
|
||||||
become: yes
|
become: true
|
||||||
become_user: svntogit
|
become_user: svntogit
|
||||||
register: git_pull_upstream
|
register: git_pull_upstream
|
||||||
changed_when: "git_pull_upstream.rc == 0"
|
changed_when: "git_pull_upstream.rc == 0"
|
||||||
|
@ -281,7 +281,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- community
|
- community
|
||||||
- packages
|
- packages
|
||||||
become: yes
|
become: true
|
||||||
become_user: svntogit
|
become_user: svntogit
|
||||||
register: git_push_master
|
register: git_push_master
|
||||||
changed_when: "git_push_master.rc == 0"
|
changed_when: "git_push_master.rc == 0"
|
||||||
|
|
|
@ -52,7 +52,7 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: true
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
with_items:
|
with_items:
|
||||||
- dovecot-cleanup.timer
|
- dovecot-cleanup.timer
|
||||||
|
|
|
@ -80,6 +80,6 @@
|
||||||
- name: start and enable service
|
- name: start and enable service
|
||||||
systemd:
|
systemd:
|
||||||
name: "fail2ban.service"
|
name: "fail2ban.service"
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon-reload: yes
|
daemon-reload: true
|
||||||
|
|
|
@ -20,5 +20,5 @@
|
||||||
ansible.posix.firewalld:
|
ansible.posix.firewalld:
|
||||||
service: dhcpv6-client
|
service: dhcpv6-client
|
||||||
state: disabled
|
state: disabled
|
||||||
immediate: yes
|
immediate: true
|
||||||
when: configure_firewall
|
when: configure_firewall
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
- name: fix home permissions
|
- name: fix home permissions
|
||||||
file: state=directory owner=fluxbb group=fluxbb mode=0750 recurse=yes path="{{ fluxbb_dir }}"
|
file: state=directory owner=fluxbb group=fluxbb mode=0750 recurse=yes path="{{ fluxbb_dir }}"
|
||||||
changed_when: False
|
changed_when: false
|
||||||
|
|
||||||
- name: create uploads directory
|
- name: create uploads directory
|
||||||
file: state=directory owner=fluxbb group=fluxbb mode=0755 path="{{ fluxbb_dir }}/uploads"
|
file: state=directory owner=fluxbb group=fluxbb mode=0755 path="{{ fluxbb_dir }}/uploads"
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
|
|
||||||
- name: create setup dir with write permissions
|
- name: create setup dir with write permissions
|
||||||
file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=755
|
file: state=directory owner="{{ flyspray_user }}" group="{{ flyspray_user }}" path="{{ flyspray_dir }}/setup" mode=755
|
||||||
when: not user_created.changed
|
when: falset user_created.changed
|
||||||
|
|
||||||
- name: clone flyspray repo
|
- name: clone flyspray repo
|
||||||
git:
|
git:
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
hostname: "{{ gitlab_domain }}"
|
hostname: "{{ gitlab_domain }}"
|
||||||
container_default_behavior: compatibility
|
container_default_behavior: compatibility
|
||||||
network_mode: host
|
network_mode: host
|
||||||
pull: yes
|
pull: true
|
||||||
restart_policy: always
|
restart_policy: always
|
||||||
env:
|
env:
|
||||||
# See https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
|
# See https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-config-template/gitlab.rb.template
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
zone: public
|
zone: public
|
||||||
permanent: true
|
permanent: true
|
||||||
state: enabled
|
state: enabled
|
||||||
immediate: yes
|
immediate: true
|
||||||
rich_rule: rule family="ipv6" destination not address="fd00::1/80" source address="fd00::/80" masquerade
|
rich_rule: rule family="ipv6" destination not address="fd00::1/80" source address="fd00::/80" masquerade
|
||||||
when: configure_firewall
|
when: configure_firewall
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -5,13 +5,13 @@
|
||||||
|
|
||||||
- name: add hedgedoc postgres db
|
- name: add hedgedoc postgres db
|
||||||
postgresql_db: db=hedgedoc
|
postgresql_db: db=hedgedoc
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
- name: add hedgedoc postgres user
|
- name: add hedgedoc postgres user
|
||||||
postgresql_user: db=hedgedoc name=hedgedoc password={{ vault_postgres_users.hedgedoc }} encrypted=true
|
postgresql_user: db=hedgedoc name=hedgedoc password={{ vault_postgres_users.hedgedoc }} encrypted=true
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
|
|
|
@ -51,11 +51,11 @@
|
||||||
unarchive:
|
unarchive:
|
||||||
src: /tmp/archlinux-bootstrap-{{ bootstrap_version }}-x86_64.tar.gz
|
src: /tmp/archlinux-bootstrap-{{ bootstrap_version }}-x86_64.tar.gz
|
||||||
dest: /tmp
|
dest: /tmp
|
||||||
remote_src: yes
|
remote_src: true
|
||||||
creates: /tmp/root.x86_64
|
creates: /tmp/root.x86_64
|
||||||
|
|
||||||
- name: copy resolv.conf to bootstrap chroot
|
- name: copy resolv.conf to bootstrap chroot
|
||||||
copy: remote_src=True src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf owner=root group=root mode=0644
|
copy: remote_src=true src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf owner=root group=root mode=0644
|
||||||
|
|
||||||
- name: mount /proc to bootstrap chroot
|
- name: mount /proc to bootstrap chroot
|
||||||
command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime # noqa 303
|
command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime # noqa 303
|
||||||
|
@ -124,11 +124,11 @@
|
||||||
|
|
||||||
- name: configure network (static)
|
- name: configure network (static)
|
||||||
template: src=10-static-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
|
template: src=10-static-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
|
||||||
when: not dhcp|default(False)
|
when: not dhcp|default(false)
|
||||||
|
|
||||||
- name: configure network (dhcp)
|
- name: configure network (dhcp)
|
||||||
template: src=10-dhcp-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
|
template: src=10-dhcp-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
|
||||||
when: dhcp|default(False)
|
when: dhcp|default(false)
|
||||||
|
|
||||||
- name: install hcloud-init
|
- name: install hcloud-init
|
||||||
copy: src=hcloud-init dest=/mnt/usr/local/bin/hcloud-init owner=root group=root mode=0755
|
copy: src=hcloud-init dest=/mnt/usr/local/bin/hcloud-init owner=root group=root mode=0755
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
password: "{{ vault_keycloak_admin_password }}"
|
password: "{{ vault_keycloak_admin_password }}"
|
||||||
grant_type: password
|
grant_type: password
|
||||||
client_id: admin-cli
|
client_id: admin-cli
|
||||||
ignore_errors: True
|
ignore_errors: true
|
||||||
register: token
|
register: token
|
||||||
|
|
||||||
- name: create an admin user
|
- name: create an admin user
|
||||||
|
@ -49,14 +49,14 @@
|
||||||
|
|
||||||
- name: create postgres keycloak user
|
- name: create postgres keycloak user
|
||||||
postgresql_user: name="{{ keycloak_db_user }}" password="{{ keycloak_db_password }}"
|
postgresql_user: name="{{ keycloak_db_user }}" password="{{ keycloak_db_password }}"
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
no_log: True
|
no_log: true
|
||||||
|
|
||||||
- name: create keycloak db
|
- name: create keycloak db
|
||||||
postgresql_db: name=keycloak owner="{{ keycloak_db_user }}"
|
postgresql_db: name=keycloak owner="{{ keycloak_db_user }}"
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
|
|
|
@ -12,4 +12,3 @@
|
||||||
when: archweb_site
|
when: archweb_site
|
||||||
tags:
|
tags:
|
||||||
- nginx
|
- nginx
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
mariadb_skip_name_resolve: False
|
mariadb_skip_name_resolve: false
|
||||||
mariadb_skip_networking: False
|
mariadb_skip_networking: false
|
||||||
|
|
||||||
mariadb_key_buffer_size: '16M'
|
mariadb_key_buffer_size: '16M'
|
||||||
mariadb_max_allowed_packet: '16M'
|
mariadb_max_allowed_packet: '16M'
|
||||||
|
@ -22,7 +22,7 @@ mariadb_innodb_log_buffer_size: '16M'
|
||||||
mariadb_innodb_flush_log_at_trx_commit: '1'
|
mariadb_innodb_flush_log_at_trx_commit: '1'
|
||||||
mariadb_innodb_stats_sample_pages: '32'
|
mariadb_innodb_stats_sample_pages: '32'
|
||||||
mariadb_innodb_thread_concurrency: '8'
|
mariadb_innodb_thread_concurrency: '8'
|
||||||
mariadb_innodb_file_per_table: False
|
mariadb_innodb_file_per_table: false
|
||||||
|
|
||||||
mysql_backup_dir: '/root/backup-mysql'
|
mysql_backup_dir: '/root/backup-mysql'
|
||||||
mysql_backup_defaults: '/root/.backup-my.cnf'
|
mysql_backup_defaults: '/root/.backup-my.cnf'
|
||||||
|
|
|
@ -4,33 +4,33 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: synapse
|
name: synapse
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: true
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: restart pantalaimon
|
- name: restart pantalaimon
|
||||||
systemd:
|
systemd:
|
||||||
name: pantalaimon
|
name: pantalaimon
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: true
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: restart mjolnir
|
- name: restart mjolnir
|
||||||
systemd:
|
systemd:
|
||||||
name: mjolnir
|
name: mjolnir
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: true
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: restart matrix-appservice-irc
|
- name: restart matrix-appservice-irc
|
||||||
systemd:
|
systemd:
|
||||||
name: matrix-appservice-irc
|
name: matrix-appservice-irc
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: true
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
||||||
- name: restart turnserver
|
- name: restart turnserver
|
||||||
systemd:
|
systemd:
|
||||||
name: turnserver
|
name: turnserver
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: true
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
|
|
|
@ -68,7 +68,7 @@
|
||||||
state: latest
|
state: latest
|
||||||
extra_args: '--upgrade-strategy=eager'
|
extra_args: '--upgrade-strategy=eager'
|
||||||
virtualenv: '{{ item }}'
|
virtualenv: '{{ item }}'
|
||||||
become: yes
|
become: true
|
||||||
become_user: synapse
|
become_user: synapse
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -82,7 +82,7 @@
|
||||||
state: latest
|
state: latest
|
||||||
extra_args: '--upgrade-strategy=eager'
|
extra_args: '--upgrade-strategy=eager'
|
||||||
virtualenv: /var/lib/synapse/venv
|
virtualenv: /var/lib/synapse/venv
|
||||||
become: yes
|
become: true
|
||||||
become_user: synapse
|
become_user: synapse
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
register: synapse_pip
|
register: synapse_pip
|
||||||
|
@ -96,7 +96,7 @@
|
||||||
state: latest
|
state: latest
|
||||||
extra_args: '--upgrade-strategy=eager'
|
extra_args: '--upgrade-strategy=eager'
|
||||||
virtualenv: /var/lib/synapse/venv-pantalaimon
|
virtualenv: /var/lib/synapse/venv-pantalaimon
|
||||||
become: yes
|
become: true
|
||||||
become_user: synapse
|
become_user: synapse
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
notify:
|
notify:
|
||||||
|
@ -107,7 +107,7 @@
|
||||||
repo: https://github.com/matrix-org/mjolnir
|
repo: https://github.com/matrix-org/mjolnir
|
||||||
dest: /var/lib/synapse/mjolnir
|
dest: /var/lib/synapse/mjolnir
|
||||||
version: v0.1.17
|
version: v0.1.17
|
||||||
become: yes
|
become: true
|
||||||
become_user: synapse
|
become_user: synapse
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
register: mjolnir_git
|
register: mjolnir_git
|
||||||
|
@ -117,7 +117,7 @@
|
||||||
- name: install mjolnir
|
- name: install mjolnir
|
||||||
community.general.yarn:
|
community.general.yarn:
|
||||||
path: /var/lib/synapse/mjolnir
|
path: /var/lib/synapse/mjolnir
|
||||||
become: yes
|
become: true
|
||||||
become_user: synapse
|
become_user: synapse
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
when: mjolnir_git.changed
|
when: mjolnir_git.changed
|
||||||
|
@ -137,7 +137,7 @@
|
||||||
- /var/lib/synapse/mjolnir/synapse_antispam
|
- /var/lib/synapse/mjolnir/synapse_antispam
|
||||||
state: latest
|
state: latest
|
||||||
virtualenv: /var/lib/synapse/venv
|
virtualenv: /var/lib/synapse/venv
|
||||||
become: yes
|
become: true
|
||||||
become_user: synapse
|
become_user: synapse
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
when: synapse_pip.changed or mjolnir_git.changed
|
when: synapse_pip.changed or mjolnir_git.changed
|
||||||
|
@ -149,7 +149,7 @@
|
||||||
repo: https://github.com/matrix-org/matrix-appservice-irc
|
repo: https://github.com/matrix-org/matrix-appservice-irc
|
||||||
dest: /var/lib/synapse/matrix-appservice-irc
|
dest: /var/lib/synapse/matrix-appservice-irc
|
||||||
version: 0.23.0
|
version: 0.23.0
|
||||||
become: yes
|
become: true
|
||||||
become_user: synapse
|
become_user: synapse
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
register: irc_git
|
register: irc_git
|
||||||
|
@ -159,7 +159,7 @@
|
||||||
- name: install matrix-appservice-irc
|
- name: install matrix-appservice-irc
|
||||||
npm:
|
npm:
|
||||||
path: /var/lib/synapse/matrix-appservice-irc
|
path: /var/lib/synapse/matrix-appservice-irc
|
||||||
become: yes
|
become: true
|
||||||
become_user: synapse
|
become_user: synapse
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
when: irc_git.changed
|
when: irc_git.changed
|
||||||
|
@ -171,19 +171,19 @@
|
||||||
|
|
||||||
- name: add synapse postgres db
|
- name: add synapse postgres db
|
||||||
postgresql_db: db=synapse
|
postgresql_db: db=synapse
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
- name: add synapse postgres user
|
- name: add synapse postgres user
|
||||||
postgresql_user: db=synapse user=synapse password={{ vault_postgres_users.synapse }}
|
postgresql_user: db=synapse user=synapse password={{ vault_postgres_users.synapse }}
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
- name: add irc postgres db
|
- name: add irc postgres db
|
||||||
postgresql_db: db=irc
|
postgresql_db: db=irc
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ patchwork_dir: '/srv/http/patchwork'
|
||||||
patchwork_domain: 'patchwork.archlinux.org'
|
patchwork_domain: 'patchwork.archlinux.org'
|
||||||
patchwork_nginx_conf: '/etc/nginx/nginx.d/patchwork.conf'
|
patchwork_nginx_conf: '/etc/nginx/nginx.d/patchwork.conf'
|
||||||
patchwork_forced_deploy: false
|
patchwork_forced_deploy: false
|
||||||
patchwork_admins: ["('Giancarlo Razzolini', 'grazzolini@archlinux.org')", "('Frederik Schwan', "freswa@archlinux.org")"]
|
patchwork_admins: ["('Giancarlo Razzolini', 'grazzolini@archlinux.org')", "('Frederik Schwan', 'freswa@archlinux.org')"]
|
||||||
patchwork_version: 'v3.0.0'
|
patchwork_version: 'v3.0.0'
|
||||||
patchwork_from_email: 'Arch Linux Patchwork <patchwork@patchwork.archlinux.org>'
|
patchwork_from_email: 'Arch Linux Patchwork <patchwork@patchwork.archlinux.org>'
|
||||||
patchwork_notification_frequency: '10m'
|
patchwork_notification_frequency: '10m'
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- name: daemon reload
|
- name: daemon reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon-reload: yes
|
daemon-reload: true
|
||||||
|
|
||||||
- name: restart patchwork memcached
|
- name: restart patchwork memcached
|
||||||
service: name=patchwork-memcached state=restarted
|
service: name=patchwork-memcached state=restarted
|
||||||
|
|
|
@ -128,9 +128,9 @@
|
||||||
- name: start and enable patchwork memcached service and notification timer
|
- name: start and enable patchwork memcached service and notification timer
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
with_items:
|
with_items:
|
||||||
- patchwork-memcached.service
|
- patchwork-memcached.service
|
||||||
- patchwork-notification.timer
|
- patchwork-notification.timer
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
- name: daemon reload
|
- name: daemon reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon-reload: yes
|
daemon-reload: true
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
---
|
---
|
||||||
- name: daemon reload
|
- name: daemon reload
|
||||||
systemd:
|
systemd:
|
||||||
daemon-reload: yes
|
daemon-reload: true
|
||||||
|
|
|
@ -33,9 +33,9 @@
|
||||||
- name: start and enable pkgfile and phrikservice
|
- name: start and enable pkgfile and phrikservice
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
with_items:
|
with_items:
|
||||||
- pkgfile-update.timer
|
- pkgfile-update.timer
|
||||||
- phrik.service
|
- phrik.service
|
||||||
|
|
|
@ -100,7 +100,7 @@
|
||||||
shell: /sbin/nologin
|
shell: /sbin/nologin
|
||||||
update_password: always
|
update_password: always
|
||||||
home: /home/"{{ inventory_hostname }}" # Set home directory so shadow.service does not fail
|
home: /home/"{{ inventory_hostname }}" # Set home directory so shadow.service does not fail
|
||||||
create_home: yes
|
create_home: true
|
||||||
|
|
||||||
- name: open firewall holes
|
- name: open firewall holes
|
||||||
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
|
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
|
||||||
|
@ -111,5 +111,3 @@
|
||||||
when: postfix_smtpd_public and configure_firewall
|
when: postfix_smtpd_public and configure_firewall
|
||||||
tags:
|
tags:
|
||||||
- firewall
|
- firewall
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -2,4 +2,3 @@
|
||||||
|
|
||||||
- name: reload postfwd
|
- name: reload postfwd
|
||||||
service: name=postfwd state=reloaded
|
service: name=postfwd state=reloaded
|
||||||
|
|
||||||
|
|
|
@ -10,4 +10,3 @@
|
||||||
|
|
||||||
- name: start and enable postfwd
|
- name: start and enable postfwd
|
||||||
service: name=postfwd enabled=yes state=started
|
service: name=postfwd enabled=yes state=started
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
when: filesystem == "btrfs"
|
when: filesystem == "btrfs"
|
||||||
|
|
||||||
- name: initialize postgres
|
- name: initialize postgres
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
command: initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'
|
command: initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
|
|
||||||
- name: set postgres user password
|
- name: set postgres user password
|
||||||
postgresql_user: name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
|
postgresql_user: name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
|
|
|
@ -5,18 +5,18 @@
|
||||||
|
|
||||||
- name: add quassel postgres db
|
- name: add quassel postgres db
|
||||||
postgresql_db: db=quassel
|
postgresql_db: db=quassel
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
- name: add quassel postgres user
|
- name: add quassel postgres user
|
||||||
postgresql_user: db=quassel name=quassel password={{ vault_postgres_users.quassel }} encrypted=true
|
postgresql_user: db=quassel name=quassel password={{ vault_postgres_users.quassel }} encrypted=true
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
- name: initialize quassel
|
- name: initialize quassel
|
||||||
become: yes
|
become: true
|
||||||
become_user: quassel
|
become_user: quassel
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
expect:
|
expect:
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
# Every entry creates a redirect listening on port 80 and 443 with the following parameters:
|
# Every entry creates a redirect listening on port 80 and 443 with the following parameters:
|
||||||
# - domain: the domain to listen on
|
# - domain: the domain to listen on
|
||||||
# - to: the redirect target as defined by the nginx return statement
|
# - to: the redirect target as defined by the nginx return statement
|
||||||
# - type: HTTP status code to use (302 = temporary redirect, 301 = permanent redirect
|
# - type: HTTP status code to use (302 = temporary redirect, 301 = permanent redirect)
|
||||||
#)
|
|
||||||
redirects:
|
redirects:
|
||||||
- mailman:
|
- mailman:
|
||||||
domain: mailman.archlinux.org
|
domain: mailman.archlinux.org
|
||||||
|
|
|
@ -102,7 +102,7 @@
|
||||||
- name: start and enable security-tracker timer
|
- name: start and enable security-tracker timer
|
||||||
systemd:
|
systemd:
|
||||||
name: security-tracker-update.timer
|
name: security-tracker-update.timer
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
when: maintenance is not defined
|
when: maintenance is not defined
|
||||||
|
|
|
@ -14,8 +14,8 @@
|
||||||
- name: start and enable syncarchive units
|
- name: start and enable syncarchive units
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
with_items:
|
with_items:
|
||||||
- syncarchive.timer
|
- syncarchive.timer
|
||||||
|
|
|
@ -25,9 +25,9 @@
|
||||||
- name: start and enable syncrepo units
|
- name: start and enable syncrepo units
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
enabled: yes
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: yes
|
daemon_reload: true
|
||||||
with_items:
|
with_items:
|
||||||
- syncrepo.timer
|
- syncrepo.timer
|
||||||
- rsyncd.socket
|
- rsyncd.socket
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- name: create terraform state db
|
- name: create terraform state db
|
||||||
postgresql_db: db="{{ terraform_db }}"
|
postgresql_db: db="{{ terraform_db }}"
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
||||||
|
@ -13,6 +13,6 @@
|
||||||
password: "{{ vault_terraform_db_password }}"
|
password: "{{ vault_terraform_db_password }}"
|
||||||
encrypted: true
|
encrypted: true
|
||||||
priv: "ALL"
|
priv: "ALL"
|
||||||
become: yes
|
become: true
|
||||||
become_user: postgres
|
become_user: postgres
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
Loading…
Reference in New Issue