klausdieter/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity

Merge pull request 'Fix linter warnings of type 'name'' () from alex/netz39-infra-ansible:lint into master

Browse source 
Reviewed-on: 
Reviewed-by: Stefan Haun <tux@netz39.de>
This commit is contained in:
Alexander Dahl 2025-03-05 18:13:58 +01:00
commit de7d285ee4
33 changed files with 76 additions and 61 deletions

5
group-all.yml
View file

@ -1,7 +1,6 @@
---
# tasks for all hosts
- hosts: all
- name: Tasks for all hosts
hosts: all
become: true
vars:

6
group-docker_host.yml
View file

@ -1,11 +1,13 @@
---
- hosts: docker_host
- name: Tasks for docker hosts
hosts: docker_host
become: true
roles:
- role: netz39.host_docker
- hosts: docker_host:&location_space
- name: Tasks for docker hosts at location space
hosts: docker_host:&location_space
become: true
roles:

3
group-k3s.yml
View file

@ -1,5 +1,6 @@
---
- hosts: k3s
- name: Tasks for kubernetes hosts
hosts: k3s
become: true
tasks:

3
group-proxmox.yml
View file

@ -1,5 +1,6 @@
---
- hosts: proxmox
- name: Tasks for virtual machines on proxmox host
hosts: proxmox
become: true
tasks:

7
host-beaker.yml
View file

@ -1,5 +1,6 @@
---
- hosts: beaker.n39.eu
- name: Setup things on host 'beaker' (proxmox server im space)
hosts: beaker.n39.eu
become: true
vars:
@ -9,7 +10,7 @@
tasks:
- name: enable proxmox gui login for admin users
- name: Enable proxmox gui login for admin users
ansible.builtin.lineinfile:
path: /etc/pve/user.cfg
regexp: "^user:{{ item.logname }}@pam"
@ -18,7 +19,7 @@
state: present
loop: "{{ users }}"
- name: configure proxmox admin group
- name: Configure proxmox admin group
ansible.builtin.lineinfile:
path: /etc/pve/user.cfg
regexp: "^group:Admins:"

3
host-hobbes.yml
View file

@ -1,5 +1,6 @@
---
- hosts: hobbes.n39.eu
- name: Setup things on host 'hobbes' (raspberry pi for kiosk screen)
hosts: hobbes.n39.eu
become: true
vars:

3
host-holmium.yml
View file

@ -1,5 +1,6 @@
---
- hosts: holmium.n39.eu
- name: Setup things on host 'holmium' (http ingress vm)
hosts: holmium.n39.eu
become: true
vars:

3
host-krypton.yml
View file

@ -1,5 +1,6 @@
---
- hosts: krypton.n39.eu
- name: Setup things on host 'krypton' (ldap vm)
hosts: krypton.n39.eu
become: true
vars:

3
host-oganesson.yml
View file

@ -1,5 +1,6 @@
---
- hosts: oganesson.n39.eu
- name: Setup things on host 'oganesson' (ssh jump host vm)
hosts: oganesson.n39.eu
become: true
vars:

19
host-platon.yml
View file

@ -1,5 +1,6 @@
---
- hosts: platon.n39.eu
- name: Setup things on host 'platon' (raspberry pi for entrance door)
hosts: platon.n39.eu
become: true
vars:
ansible_python_interpreter: /usr/bin/python3
@ -63,7 +64,7 @@
owner: root
group: root
mode: '0644'
notify: restart mosquitto
notify: Restart mosquitto service
### Sesam for SSH access
@ -245,7 +246,7 @@
owner: root
group: root
mode: "0644"
notify: restart rsyslog
notify: Restart rsyslog
### Asterisk
@ -258,7 +259,7 @@
owner: root
group: root
mode: "0644"
notify: restart asterisk
notify: Restart asterisk
- name: Set up extensions for asterisk
# This uses the variables gatekeeper_user and door_open_command
@ -268,14 +269,14 @@
owner: root
group: root
mode: "0644"
notify: restart asterisk
notify: Restart asterisk
- name: Ensure asterisk is in the right groups
ansible.builtin.user:
name: asterisk
groups: audio,i2c,gpio
append: yes
notify: restart asterisk
notify: Restart asterisk
# Asterisk now executes shell scripts with reduced privileges, so we need to
# use sudo for I2C access.
@ -304,19 +305,19 @@
handlers:
- name: restart mosquitto
- name: Restart mosquitto service
service:
name: mosquitto
state: restarted
enabled: yes
- name: restart rsyslog
- name: Restart rsyslog
service:
name: rsyslog
state: restarted
enabled: yes
- name: restart asterisk
- name: Restart asterisk
service:
name: asterisk
state: restarted

3
host-plumbum.yml
View file

@ -1,5 +1,6 @@
---
- hosts: plumbum.n39.eu
- name: Setup things on host 'plumbum' (nfs server)
hosts: plumbum.n39.eu
become: true
roles:

7
host-pottwal.yml
View file

@ -1,5 +1,6 @@
---
- hosts: pottwal.n39.eu
- name: Setup things on host 'pottwal' (the big docker container host)
hosts: pottwal.n39.eu
become: true
roles:
@ -642,7 +643,7 @@
src: templates/pottwal/renovate-cron.j2
dest: /etc/cron.hourly/renovate-bot
mode: "0700"
notify: reload cron
notify: Reload cron
tags:
- renovate
@ -658,7 +659,7 @@
name: apache2
state: restarted
- name: reload cron
- name: Reload cron
ansible.builtin.shell:
cmd: service cron reload
# Use the shell call because the task sometimes has problems finding the service state

7
host-radon.yml
View file

@ -1,5 +1,6 @@
---
- hosts: radon.n39.eu
- name: Setup things on host 'radon' (services for space automation)
hosts: radon.n39.eu
become: true
vars:
@ -53,7 +54,7 @@
src: "templates/mosquitto.conf.j2"
dest: "{{ mosquitto_data }}/config/mosquitto.conf"
mode: 0644
notify: restart mosquitto
notify: Restart mosquitto container
tags:
- mosquitto
@ -226,7 +227,7 @@
- grafana-screenshot
handlers:
- name: restart mosquitto
- name: Restart mosquitto container
docker_container:
name: mosquitto
state: started

3
host-tau.yml
View file

@ -1,5 +1,6 @@
---
- hosts: tau.netz39.de
- name: Setup things on host 'tau' (vserver for wiki etc.)
hosts: tau.netz39.de
become: true
vars:

3
host-unicorn.yml
View file

@ -1,6 +1,7 @@
---
# this is for a dedicated vm just hosting the unifi controller.
- hosts: unicorn.n39.eu
- name: Setup things on host 'unicorn' (vm for ubiquiti unifi controller)
hosts: unicorn.n39.eu
become: true
vars:
ansible_python_interpreter: /usr/bin/python3

3
host-wittgenstein.yml
View file

@ -1,5 +1,6 @@
---
- hosts: wittgenstein.n39.eu
- name: Setup things on host 'wittgenstein' (raspberry pi for ampel and spaceapi)
hosts: wittgenstein.n39.eu
become: true
roles:

2
roles/apache/handlers/main.yml
View file

@ -1,6 +1,6 @@
# Handlers for role apache
---
- name: restart apache2
- name: Restart apache2
service:
name: apache2
state: restarted

4
roles/apache/tasks/main.yml
View file

@ -23,7 +23,7 @@
mode: "0644"
owner: root
group: root
notify: restart apache2
notify: Restart apache2
- name: Add symlink to enable configuration
ansible.builtin.file:
@ -32,4 +32,4 @@
state: link
owner: root
group: root
notify: restart apache2
notify: Restart apache2

2
roles/apache_letsencrypt/handlers/main.yml
View file

@ -1,6 +1,6 @@
# Handlers for role apache_letsencrypt
---
- name: restart apache2
- name: Restart apache2
service:
name: apache2
state: restarted

4
roles/apache_letsencrypt/tasks/main.yml
View file

@ -7,7 +7,7 @@
mode: "0644"
owner: root
group: root
notify: restart apache2
notify: Restart apache2
- name: Add symlink to enable configuration
ansible.builtin.file:
@ -17,4 +17,4 @@
mode: "0644"
owner: root
group: root
notify: restart apache2
notify: Restart apache2

2
roles/dd24_dyndns_cron/handlers/main.yml
View file

@ -1,6 +1,6 @@
# handlers file for cron-dd24-dyndns
---
- name: reload cron
- name: Reload cron
ansible.builtin.shell:
cmd: service cron reload
warn: no

2
roles/dd24_dyndns_cron/tasks/main.yml
View file

@ -13,6 +13,6 @@
owner: root
group: root
mode: "0644"
notify: reload cron
notify: Reload cron
# There is ansible.builtin.cron, but this makes configuration much
# more complicated, so we stick to the template.

2
roles/desec_dyndns_cron/handlers/main.yml
View file

@ -1,6 +1,6 @@
# handlers file for desec_dyndns_cron
---
- name: reload cron
- name: Reload cron
ansible.builtin.shell:
cmd: service cron reload
warn: no

2
roles/desec_dyndns_cron/tasks/main.yml
View file

@ -13,6 +13,6 @@
owner: root
group: root
mode: "0644"
notify: reload cron
notify: Reload cron
# There is ansible.builtin.cron, but this makes configuration much
# more complicated, so we stick to the template.

2
roles/nfs_host/handlers/main.yml
View file

@ -1,3 +1,3 @@
---
- name: reload nfs
- name: Reload nfs
command: 'exportfs -ra'

6
roles/nfs_host/tasks/main.yml
View file

@ -14,7 +14,7 @@
state: present
fs_type: ext4
- name: ensure nfs mountpoints exist
- name: Ensure nfs mountpoints exist
ansible.builtin.file:
path: "{{ item.directory }}"
state: directory
@ -30,11 +30,11 @@
fstype: ext4
state: present
- name: template /etc/exports
- name: Put /etc/exports in place from template
ansible.builtin.template:
src: templates/exports.j2
dest: "/etc/exports"
notify: reload nfs
notify: Reload nfs
- name: Ensure nfs is running.
ansible.builtin.service: "name=nfs-kernel-server state=started enabled=yes"

2
roles/nginx_https_ingress/handlers/main.yml
View file

@ -1,6 +1,6 @@
# Handlers für nginx-https-proxy
---
- name: restart nginx
- name: Restart nginx
service:
name: nginx
state: restarted

6
roles/nginx_https_ingress/tasks/main.yml
View file

@ -56,7 +56,7 @@
owner: root
group: root
mode: '0644'
notify: restart nginx
notify: Restart nginx
- name: Create directory for dehydrated forwardings
ansible.builtin.file:
@ -74,7 +74,7 @@
group: root
mode: '0644'
loop: "{{ ingress }}"
notify: restart nginx
notify: Restart nginx
- name: Setup nginx configuration
# Note the order here: The nginx configuration _needs_ he dehydrated-hosts
@ -86,4 +86,4 @@
owner: root
group: root
mode: '0644'
notify: restart nginx
notify: Restart nginx

2
roles/setup_http_site_forward/handlers/main.yml
View file

@ -1,5 +1,5 @@
---
- name: restart apache2
- name: Restart apache2
service:
name: apache2
state: restarted

4
roles/setup_http_site_forward/tasks/main.yml
View file

@ -3,10 +3,10 @@
template:
src: templates/apache-docker-forward-site.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
notify: restart apache2
notify: Restart apache2
- name: Activate Apache2 site
command: a2ensite {{ site_name }}
args:
creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
notify: restart apache2
notify: Restart apache2

2
roles/setup_http_site_proxy/handlers/main.yml
View file

@ -1,5 +1,5 @@
---
- name: restart apache2
- name: Restart apache2
service:
name: apache2
state: restarted

4
roles/setup_http_site_proxy/tasks/main.yml
View file

@ -4,10 +4,10 @@
src: templates/apache-docker-proxy-site.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
mode: "0644"
notify: restart apache2
notify: Restart apache2
- name: Activate Apache2 site
command: a2ensite {{ site_name }}
args:
creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
notify: restart apache2
notify: Restart apache2

8
setup-ssh.yml
View file

@ -1,21 +1,21 @@
---
- name: configure local ssh to access n39 hosts
- name: Configure local ssh to access n39 hosts
hosts: localhost
tasks:
- name: ensure {{ lookup('env', 'HOME') }}/.ssh/config.d/ dir is present
- name: Ensure $HOME/.ssh/config.d/ dir is present
ansible.builtin.file:
path: "{{ lookup('env', 'HOME') }}/.ssh/config.d/"
state: directory
delegate_to: localhost
- name: template ssh config for access to internal systems
- name: Put ssh config for access to n39 internal systems in place
ansible.builtin.template:
src: templates/ssh_config.j2
dest: "{{ lookup('env', 'HOME') }}/.ssh/config.d/n39_config"
delegate_to: localhost
- name: ensure that n39 access config is included
- name: Ensure that n39 access config is included
ansible.builtin.lineinfile:
path: ~/.ssh/config
insertbefore: BOF