wip

2024-03-01 21:52:27 +01:00 · 2024-03-01 21:52:27 +01:00 · 3a53634dfa
parent a2b6301fad
commit 3a53634dfa
11 changed files with 21 additions and 37 deletions
--- a/group_vars/production/vars.yml
+++ b/group_vars/production/vars.yml
@ -1,16 +1,16 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-ldap_dn: "dc=data,dc=coop"
-
 vagrant: "{{ from_vagrant is defined and from_vagrant }}"
 letsencrypt_enabled: "{{ not vagrant }}"

 base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
 letsencrypt_email: admin@data.coop

+services_exclude:
+  - uptime_kuma
+
 smtp_host: "postfix"
 smtp_port: "587"

-services_exclude:
-  - uptime_kuma
+ldap_dn: "dc=data,dc=coop"
--- a/group_vars/staging/vars.yml
+++ b/group_vars/staging/vars.yml
@ -1,16 +1,16 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-ldap_dn: "dc=staging,dc=data,dc=coop"
-
 vagrant: "{{ from_vagrant is defined and from_vagrant }}"
 letsencrypt_enabled: "{{ not vagrant }}"

 base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
 letsencrypt_email: admin@data.coop

+services_exclude:
+  - uptime_kuma
+
 smtp_host: "postfix"
 smtp_port: "587"

-services_exclude:
-  - uptime_kuma
+ldap_dn: "dc=staging,dc=data,dc=coop"
--- a/playbook.yml
+++ b/playbook.yml
@ -4,10 +4,10 @@
 - hosts: all
  gather_facts: true
  become: true
-  tasks:
-    - import_role:
-        name: ubuntu_base
+  roles:
+    - name: os_base
      tags:
        - base_only
-    - import_role:
-        name: docker
+    - name: docker
+      tags:
+        - docker
--- a/roles/ubuntu_base/tasks/base.yml
+++ b/roles/ubuntu_base/tasks/base.yml
@ -2,12 +2,12 @@
 # code: language=ansible
 ---
 - name: Install necessary packages via apt
-  apt:
+  ansible.builtin.apt:
    name: "{{ packages }}"
  vars:
    packages:
-      - aptitude
-      - python3-pip
      - apparmor
      - haveged
      - mosh
+      - ufw
+      - vim
--- a/roles/ubuntu_base/tasks/firewall.yml
+++ b/roles/ubuntu_base/tasks/firewall.yml
@ -22,3 +22,4 @@
    - port: 587    # Email
    - port: 993    # Email
    - port: 19022  # SSH
+  when: inventory_hostname in groups['virtual']
--- a/roles/ubuntu_base/tasks/main.yml
+++ b/roles/ubuntu_base/tasks/main.yml
@ -1,18 +1,15 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
- import_tasks: ssh-port.yml
+- ansible.builtin.import_tasks: ssh-port.yml
  tags: [change-ssh-port]
  when: ansible_port != 22

- import_tasks: upgrade.yml
-  tags: [do-full-system-upgrade]
-
- import_tasks: base.yml
+- ansible.builtin.import_tasks: base.yml
  tags: [install-base-packages]

- import_tasks: users.yml
+- ansible.builtin.import_tasks: users.yml
  tags: [setup-users]

- import_tasks: firewall.yml
+- ansible.builtin.import_tasks: firewall.yml
  tags: [setup-firewall]
--- a/roles/ubuntu_base/tasks/ssh-port.yml
+++ b/roles/ubuntu_base/tasks/ssh-port.yml
--- a/roles/ubuntu_base/tasks/upgrade.yml
+++ b/roles/ubuntu_base/tasks/upgrade.yml
--- a/roles/ubuntu_base/tasks/users.yml
+++ b/roles/ubuntu_base/tasks/users.yml
--- a/uptime.data.coop.yml
+++ b/uptime.data.coop.yml
@ -1,14 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
---
- hosts: monitoring
-  gather_facts: true
-  become: true
-  vars:
-  tasks:
-    - import_role:
-        name: ubuntu_base
-      tags:
-        - base_only
-    - import_role:
-        name: docker
--- a/vagrant.ini
+++ b/vagrant.ini