klausdieter/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity

Merge pull request '🚨 Fix linter warnings of type 'fqcn'' () from alex/netz39-infra-ansible:lint into master

Browse source 
Reviewed-on: 
Reviewed-by: Stefan Haun <tux@netz39.de>
This commit is contained in:
Alexander Dahl 2025-03-12 17:59:47 +01:00
commit e1b9349f19
23 changed files with 102 additions and 102 deletions
group-all.ymlhost-krypton.ymlhost-platon.ymlhost-pottwal.ymlhost-radon.ymlhost-tau.ymlhost-unicorn.ymlhost-wittgenstein.yml
roles
apache
handlers
main.yml
tasks
main.yml
apache_letsencrypt/handlers
main.yml
cleanuri/tasks
main.yml
dd24_dyndns_cron/tasks
main.yml
desec_dyndns_cron/tasks
main.yml
nfs_host/handlers
main.yml
nginx_https_ingress
handlers
main.yml
tasks
main.yml
setup_http_site_forward
handlers
main.yml
tasks
main.yml
setup_http_site_proxy
handlers
main.yml
tasks
main.yml
users
handlers
main.yml
tasks
main.yml

6
group-all.yml
View file

@ -14,19 +14,19 @@
tasks:
- name: Update and clean package cache
apt:
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
autoclean: true
changed_when: false
- name: Ensure unattended-upgrades is installed and up to date
apt:
ansible.builtin.apt:
name: unattended-upgrades
state: present
- name: Setup unattended-upgrades
include_role:
ansible.builtin.include_role:
name: hifis.unattended_upgrades
vars:
unattended_origins_patterns:

10
host-krypton.yml
View file

@ -33,13 +33,13 @@
tasks:
# - name: Setup dehydrated challenge endpoint for {{ openldap_domain }}
# include_role:
# ansible.builtin.include_role:
# name: setup-http-dehydrated
# vars:
# site_name: "{{ openldap_domain }}"
- name: Ensure openLDAP directories are present.
file:
ansible.builtin.file:
path: "{{ item.path }}"
mode: "0755"
state: directory
@ -50,7 +50,7 @@
- path: "{{ dehydrated_certs_dir }}/{{ openldap_domain }}"
- name: Ensure container for openLDAP is running.
docker_container:
community.docker.docker_container:
name: openLDAP
image: osixia/openldap:1.5.0
detach: yes
@ -115,7 +115,7 @@
- name: Ensure container for entities validation service is running
docker_container:
community.docker.docker_container:
name: entities_validation_svc
image: netz39/entities_validation_svc:v1.0.4
pull: true
@ -128,7 +128,7 @@
TZ: "{{ timezone }}"
- name: Setup proxy site entities-validation.svc.n39.eu
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: entities-validation.svc.n39.eu

6
host-platon.yml
View file

@ -306,19 +306,19 @@
handlers:
- name: Restart mosquitto service
service:
ansible.builtin.service:
name: mosquitto
state: restarted
enabled: yes
- name: Restart rsyslog
service:
ansible.builtin.service:
name: rsyslog
state: restarted
enabled: yes
- name: Restart asterisk
service:
ansible.builtin.service:
name: asterisk
state: restarted
enabled: yes

68
host-pottwal.yml
View file

@ -55,7 +55,7 @@
# If port 2222 is changed here, it must also be adapted
# in the forgejo config file (see application volume)!!
- name: Setup the docker container for forgejo
docker_container:
community.docker.docker_container:
name: forgejo
image: "{{ forgejo_image }}"
pull: true
@ -81,7 +81,7 @@
tags: ["forgejo"]
- name: Setup proxy site "{{ forgejo_domain_name }}"
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ forgejo_domain_name }}"
@ -89,7 +89,7 @@
tags: ["forgejo"]
- name: Ensure apt-cacher container is running
docker_container:
community.docker.docker_container:
name: apt_cacher_ng
image: mrtux/apt-cacher-ng:latest
pull: true
@ -102,7 +102,7 @@
TZ: "{{ timezone }}"
- name: Setup docker network
docker_network:
community.docker.docker_network:
name: shlinknet
state: present
internal: true
@ -118,7 +118,7 @@
- shlink
- name: Ensure shlink database container is running
docker_container:
community.docker.docker_container:
name: shlinkdb
image: postgres:16.8-alpine
pull: true
@ -138,7 +138,7 @@
- shlink
- name: Ensure container for shlink is running
docker_container:
community.docker.docker_container:
name: shlink
image: "{{ shlink_image }}"
pull: true
@ -167,7 +167,7 @@
- shlink
- name: Setup proxy site {{ shlink_domain_name }}
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ shlink_domain_name }}"
@ -235,7 +235,7 @@
- Restart prosody
- name: Ensure container for prosody XMPP server is running
docker_container:
community.docker.docker_container:
name: prosody
image: "{{ prosody_image }}"
pull: true
@ -257,7 +257,7 @@
- name: Ensure container for static XMPP website is running
docker_container:
community.docker.docker_container:
name: jabber-static-website
image: "{{ prosody_web_image }}"
pull: true
@ -277,7 +277,7 @@
- name: Setup proxy site {{ prosody_domain_name }}
# point to static website for now
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ prosody_domain_name }}"
@ -299,7 +299,7 @@
- hedgedoc
- name: Ensure the hedgedoc directories exist
file:
ansible.builtin.file:
path: "{{ item.path }}"
mode: "{{ item.mode }}"
state: directory
@ -312,7 +312,7 @@
- hedgedoc
- name: Setup docker network
docker_network:
community.docker.docker_network:
name: hedgedocnet
state: present
internal: true
@ -320,7 +320,7 @@
- hedgedoc
- name: Install HedgeDoc database container
docker_container:
community.docker.docker_container:
name: hedgedocdb
image: "{{ hedgedoc_db_image }}"
pull: true
@ -340,7 +340,7 @@
- hedgedoc
- name: Ensure container for hedgedoc is running
docker_container:
community.docker.docker_container:
name: hedgedoc
image: "{{ hedgedoc_image }}"
pull: true
@ -372,7 +372,7 @@
- hedgedoc
- name: Setup proxy site "{{ hedgedoc_domain_name }}"
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ hedgedoc_domain_name }}"
@ -381,7 +381,7 @@
- hedgedoc
- name: Ensure the influxdb directories exist
file:
ansible.builtin.file:
path: "{{ item }}"
mode: 0700
state: directory
@ -391,7 +391,7 @@
- "{{ data_dir }}/influxdb/cfg"
- name: Ensure container for influxdb is running
docker_container:
community.docker.docker_container:
name: influxdb
image: "{{ influxdb_image }}"
pull: true
@ -411,7 +411,7 @@
- "{{ data_dir }}/influxdb/cfg:/etc/influxdb2"
- name: Setup proxy site {{ influxdb_domain_name }}
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ influxdb_domain_name }}"
@ -436,7 +436,7 @@
- redmine
- name: Setup Redmine docker network
docker_network:
community.docker.docker_network:
name: redminenet
state: present
internal: true
@ -444,7 +444,7 @@
- redmine
- name: Setup Redmine MySQL container
docker_container:
community.docker.docker_container:
name: redminedb
image: "{{ redmine_mysql_image }}"
pull: true
@ -464,7 +464,7 @@
- redmine
- name: Setup Redmine container
docker_container:
community.docker.docker_container:
name: redmine
image: "{{ redmine_image }}"
pull: true
@ -490,7 +490,7 @@
- redmine
- name: Setup proxy site "{{ redmine_domain_name }}"
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ redmine_domain_name }}"
@ -499,7 +499,7 @@
- redmine
- name: Ensure the uptime-kuma directories exist
file:
ansible.builtin.file:
path: "{{ item }}"
mode: "0755"
state: directory
@ -509,7 +509,7 @@
- uptimekuma
- name: Ensure container for uptime-kuma is running
docker_container:
community.docker.docker_container:
name: uptime-kuma
image: "{{ uptimekuma_image }}"
pull: true
@ -526,7 +526,7 @@
- uptimekuma
- name: Setup proxy site "{{ uptimekuma_domain_name }}"
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ uptimekuma_domain_name }}"
@ -535,7 +535,7 @@
- uptimekuma
- name: Ensure the grafana directories exist
file:
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ item.owner | default('root') }}"
mode: "{{ item.mode }}"
@ -552,7 +552,7 @@
- grafana
- name: Ensure container for grafana is running
docker_container:
community.docker.docker_container:
name: grafana
image: "{{ grafana_image }}"
pull: true
@ -573,7 +573,7 @@
- grafana
- name: Setup proxy site "{{ grafana_domain_name }}"
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ grafana_domain_name }}"
@ -583,7 +583,7 @@
- grafana
- name: Ensure the homebox directories exist
file:
ansible.builtin.file:
path: "{{ item.path }}"
owner: "{{ item.owner | default('root') }}"
mode: "{{ item.mode }}"
@ -597,7 +597,7 @@
- homebox
- name: Ensure container for homebox is running
docker_container:
community.docker.docker_container:
name: homebox
image: "{{ homebox_image }}"
pull: true
@ -617,7 +617,7 @@
- homebox
- name: Setup proxy site {{ homebox_domain_name }}
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ homebox_domain_name }}"
@ -627,7 +627,7 @@
- homebox
- name: Setup proxy site spaceapi.n39.eu
template:
ansible.builtin.template:
src: templates/pottwal/spaceapi-apache-site.j2
dest: /etc/apache2/sites-available/spaceapi.n39.eu.conf
mode: "0644"
@ -656,7 +656,7 @@
restart: yes
- name: Restart apache2
service:
ansible.builtin.service:
name: apache2
state: restarted
@ -664,6 +664,6 @@
ansible.builtin.shell:
cmd: service cron reload
# Use the shell call because the task sometimes has problems finding the service state
# service:
# ansible.builtin.service:
# name: cron
# state: restarted

26
host-radon.yml
View file

@ -38,7 +38,7 @@
tasks:
- name: Ensure the mosquitto directories exist
file:
ansible.builtin.file:
path: "{{ item }}"
mode: 0755
state: directory
@ -50,7 +50,7 @@
- mosquitto
- name: Make sure mosquitto config is there
template:
ansible.builtin.template:
src: "templates/mosquitto.conf.j2"
dest: "{{ mosquitto_data }}/config/mosquitto.conf"
mode: 0644
@ -59,7 +59,7 @@
- mosquitto
- name: Ensure mosquitto is running
docker_container:
community.docker.docker_container:
name: mosquitto
image: "{{ mosquitto_image }}"
pull: true
@ -89,7 +89,7 @@
when: not nodered_dir.stat.exists
- name: Ensure nodered is running
docker_container:
community.docker.docker_container:
name: nodered
image: "{{ nodered_image }}"
pull: true
@ -109,7 +109,7 @@
restart_policy: unless-stopped
- name: Setup proxy site nodered.n39.eu
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "nodered.n39.eu"
@ -130,7 +130,7 @@
- rabbitmq
- name: Ensure rabbitmq docker container is running
docker_container:
community.docker.docker_container:
name: rabbitmq
image: "{{ rabbitmq_image }}"
ports:
@ -151,7 +151,7 @@
- rabbitmq
- name: Setup proxy site rabbitmq.n39.eu
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "rabbitmq.n39.eu"
@ -160,7 +160,7 @@
- rabbitmq
- name: Ensure Power Meter Pulse Gateway for 19i room is running
docker_container:
community.docker.docker_container:
name: pwr-meter-pulse-gw-19i
image: "{{ pwr_meter_pulse_gw_image }}"
ports:
@ -178,7 +178,7 @@
restart_policy: unless-stopped
- name: Setup proxy site pwr-meter-pulse-gw-19i.svc.n39.eu
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "pwr-meter-pulse-gw-19i.svc.n39.eu"
@ -186,7 +186,7 @@
- name: Setup docker container for BrotherQL Web UI printer
docker_container:
community.docker.docker_container:
name: brotherql-web
image: dersimn/brother_ql_web:2.1.9-alpine
pull: true
@ -202,7 +202,7 @@
- labelprinter
- name: Setup proxy site labelprinter.n39.eu
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: labelprinter.n39.eu
@ -211,7 +211,7 @@
- labelprinter
- name: Setup docker container for Grafana Screenshots
docker_container:
community.docker.docker_container:
name: grafana-screenshot
image: mrtux/grafana-screenshot:0.1.3
pull: true
@ -228,7 +228,7 @@
handlers:
- name: Restart mosquitto container
docker_container:
community.docker.docker_container:
name: mosquitto
state: started
restart: yes

24
host-tau.yml
View file

@ -26,7 +26,7 @@
tasks:
- name: Setup docker network
docker_network:
community.docker.docker_network:
name: dockernet
driver: bridge
ipam_config:
@ -35,7 +35,7 @@
state: present
- name: Setup Dehydrated
include_role:
ansible.builtin.include_role:
name: 24367dfa.dehydrated
vars:
dehydrated_contact_email: "{{ server_admin }}"
@ -52,14 +52,14 @@
deploy_challenge_hook: "/bin/systemctl restart apache2"
- name: Setup proxy site testredmine.netz39.de
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: testredmine.netz39.de
proxy_port: 9004
- name: Setup phpmyadmin
docker_container:
community.docker.docker_container:
name: phpmyadmin
state: started
image: phpmyadmin:5.2
@ -76,7 +76,7 @@
- 9001:80
- name: Setup proxy site mysql.adm.netz39.de
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: mysql.adm.netz39.de
@ -93,13 +93,13 @@
when: not docker_dir.stat.exists
- name: Ensure the Docker Registry data directory exists
# This may not be part of the backup
file:
ansible.builtin.file:
path: "{{ data_dir }}/registry/data"
state: directory
mode: "0755"
- name: Setup Docker Registry Container
docker_container:
community.docker.docker_container:
name: registry
image: registry:2
pull: true
@ -118,7 +118,7 @@
- "{{ data_dir }}/registry/auth:/auth:rw"
- name: Setup proxy site for the Docker Registry
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ docker_registry_domain }}"
@ -147,7 +147,7 @@
- dokuwiki
- name: Setup Dokuwiki Container
docker_container:
community.docker.docker_container:
name: dokuwiki
image: "{{ dokuwiki_image }}"
pull: true
@ -166,7 +166,7 @@
- dokuwiki
- name: Setup proxy site for Dokuwiki
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ dokuwiki_domain }}"
@ -176,7 +176,7 @@
- name: Setup container for secondary FFMD DNS
docker_container:
community.docker.docker_container:
name: bind9-md-freifunk-net
image: ffmd/bind9-md-freifunk-net:v2022122301
pull: true
@ -191,7 +191,7 @@
- ffmd-dns
- name: Setup forwarding for Discord invite
include_role:
ansible.builtin.include_role:
name: setup_http_site_forward
vars:
site_name: "{{ discord_invite_domain }}"

2
host-unicorn.yml
View file

@ -12,7 +12,7 @@
tasks:
- name: Setup the docker container for unifi-controller
docker_container:
community.docker.docker_container:
name: unifi-controller
image: jacobalberty/unifi:v9.0.114
state: started

4
host-wittgenstein.yml
View file

@ -130,7 +130,7 @@
### Space API
- name: Setup the SpaceAPI Docker container
docker_container:
community.docker.docker_container:
name: spaceapi
image: "{{ spaceapi_image }}"
pull: true
@ -149,7 +149,7 @@
- spaceapi
- name: Setup the Ampel Controller Docker container
docker_container:
community.docker.docker_container:
name: ampelcontroller
image: "{{ ampelcontroller_image }}"
pull: true

2
roles/apache/handlers/main.yml
View file

@ -1,6 +1,6 @@
# Handlers for role apache
---
- name: Restart apache2
service:
ansible.builtin.service:
name: apache2
state: restarted

4
roles/apache/tasks/main.yml
View file

@ -1,12 +1,12 @@
---
- name: Ensure Apache2 and modules are installed and up to date
apt:
ansible.builtin.apt:
name:
- apache2
state: present
- name: Ensure necessary modules are enabled
apache2_module:
community.general.apache2_module:
name: "{{ item }}"
state: present
with_items:

2
roles/apache_letsencrypt/handlers/main.yml
View file

@ -1,6 +1,6 @@
# Handlers for role apache_letsencrypt
---
- name: Restart apache2
service:
ansible.builtin.service:
name: apache2
state: restarted

12
roles/cleanuri/tasks/main.yml
View file

@ -1,7 +1,7 @@
# Tasks for the cleanuri role
---
- name: Ensure CleanURI WebUI is running
docker_container:
community.docker.docker_container:
name: cleanuri-webui
image: "{{ cleanuri_image_webui }}"
pull: true
@ -15,7 +15,7 @@
REACT_APP_API_GATEWAY: "https://{{ cleanuri_api_domain }}"
- name: Setup proxy site for the CleanURI WebUI
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ cleanuri_ui_domain }}"
@ -23,7 +23,7 @@
- name: Ensure CleanURI API Gateway is running
docker_container:
community.docker.docker_container:
name: cleanuri-apigateway
image: "{{ cleanuri_image_apigateway }}"
pull: true
@ -42,7 +42,7 @@
GATEWAY_TASK_RK: "{{ cleanuri_amqp_canonizer }}"
- name: Ensure CleanURI Canonizer is running
docker_container:
community.docker.docker_container:
name: cleanuri-canonizer
image: "{{ cleanuri_image_canonizer }}"
pull: true
@ -59,7 +59,7 @@
EXTRACTOR_TASK_RK: "{{ cleanuri_amqp_retrieval }}"
- name: Ensure CleanURI Extractor is running
docker_container:
community.docker.docker_container:
name: cleanuri-extractor
image: "{{ cleanuri_image_extractor }}"
pull: true
@ -76,7 +76,7 @@
- name: Setup proxy site the CleanURI API Gateway
include_role:
ansible.builtin.include_role:
name: setup_http_site_proxy
vars:
site_name: "{{ cleanuri_api_domain }}"

2
roles/dd24_dyndns_cron/tasks/main.yml
View file

@ -1,6 +1,6 @@
---
- name: Make sure cron and curl are installed
apt:
ansible.builtin.apt:
name:
- cron
- curl

2
roles/desec_dyndns_cron/tasks/main.yml
View file

@ -1,6 +1,6 @@
---
- name: Make sure cron and curl are installed
apt:
ansible.builtin.apt:
name:
- cron
- curl

2
roles/nfs_host/handlers/main.yml
View file

@ -1,3 +1,3 @@
---
- name: Reload nfs
command: 'exportfs -ra'
ansible.builtin.command: 'exportfs -ra'

2
roles/nginx_https_ingress/handlers/main.yml
View file

@ -1,7 +1,7 @@
# Handlers für nginx-https-proxy
---
- name: Restart nginx
service:
ansible.builtin.service:
name: nginx
state: restarted
enabled: yes

2
roles/nginx_https_ingress/tasks/main.yml
View file

@ -18,7 +18,7 @@
# for SSL passthrough.
- name: Add nginx apt-key
apt_key:
ansible.builtin.apt_key:
url: https://nginx.org/keys/nginx_signing.key
state: present

2
roles/setup_http_site_forward/handlers/main.yml
View file

@ -1,5 +1,5 @@
---
- name: Restart apache2
service:
ansible.builtin.service:
name: apache2
state: restarted

4
roles/setup_http_site_forward/tasks/main.yml
View file

@ -1,12 +1,12 @@
---
- name: Add or update Apache2 site
template:
ansible.builtin.template:
src: templates/apache-docker-forward-site.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
notify: Restart apache2
- name: Activate Apache2 site
command: a2ensite {{ site_name }}
ansible.builtin.command: a2ensite {{ site_name }}
args:
creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
notify: Restart apache2

2
roles/setup_http_site_proxy/handlers/main.yml
View file

@ -1,5 +1,5 @@
---
- name: Restart apache2
service:
ansible.builtin.service:
name: apache2
state: restarted

4
roles/setup_http_site_proxy/tasks/main.yml
View file

@ -1,13 +1,13 @@
---
- name: Add or update Apache2 site
template:
ansible.builtin.template:
src: templates/apache-docker-proxy-site.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
mode: "0644"
notify: Restart apache2
- name: Activate Apache2 site
command: a2ensite {{ site_name }}
ansible.builtin.command: a2ensite {{ site_name }}
args:
creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
notify: Restart apache2

2
roles/users/handlers/main.yml
View file

@ -1,3 +1,3 @@
---
- name: Update aliases
shell: which newaliases && newaliases || true
ansible.builtin.shell: which newaliases && newaliases || true

14
roles/users/tasks/main.yml
View file

@ -1,12 +1,12 @@
---
- name: Ensure sudo is installed
package:
ansible.builtin.package:
name:
- sudo
state: present
- name: Configure group sudo for sudoers without password
lineinfile:
ansible.builtin.lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo\s'
@ -14,7 +14,7 @@
validate: /usr/sbin/visudo -cf %s
- name: Add users | create users' shell and home dir
user:
ansible.builtin.user:
name: "{{ item.logname }}"
shell: /bin/bash
createhome: yes
@ -22,7 +22,7 @@
with_items: "{{ users }}"
- name: Add authorized keys for user
authorized_key:
ansible.posix.authorized_key:
user: "{{ item.0.logname }}"
key: "{{ item.1 }}"
state: present
@ -32,7 +32,7 @@
- skip_missing: true
- name: Place user in sudo group
user:
ansible.builtin.user:
name: "{{ item.logname }}"
groups: [sudo]
append: yes
@ -40,12 +40,12 @@
with_items: "{{ users }}"
- name: Check if /etc/aliases exists
stat:
ansible.builtin.stat:
path: /etc/aliases
register: aliases
- name: Set system email alias
lineinfile:
ansible.builtin.lineinfile:
path: /etc/aliases
state: present
regexp: "^{{ item.logname }}:"