From c870c2f14e7b790b8c3a0cec97c457043fe4e41a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=AD=C3=B0ir=20Valberg=20Gu=C3=B0mundsson?= Date: Sat, 26 Nov 2022 10:47:37 +0100 Subject: [PATCH] WIP. --- .ansible-lint | 4 ++-- .pre-commit-config.yaml | 2 +- playbook.yml | 9 ++++++--- roles/docker/handlers/main.yml | 2 +- roles/docker/tasks/main.yml | 18 +++++++++--------- roles/docker/tasks/services.yml | 8 +++++--- .../docker/tasks/services/docker_registry.yml | 4 ++-- roles/docker/tasks/services/matrix_riot.yml | 4 +++- .../services/websites/new-new.data.coop.yml | 4 ++-- roles/ubuntu_base/tasks/base.yml | 2 +- roles/ubuntu_base/tasks/dell-apt-repo.yml | 2 +- roles/ubuntu_base/tasks/firewall.yml | 2 ++ roles/ubuntu_base/tasks/users.yml | 16 ++++++++++------ 13 files changed, 45 insertions(+), 32 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 03e5b4f..6aeb90d 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -42,7 +42,7 @@ use_default_rules: true # Ansible-lint completely ignores rules or tags listed below skip_list: - - skip_this_tag + - no-log-password # Ansible-lint does not automatically load rules that have the 'opt-in' tag. # You must enable opt-in rules by listing each rule 'id' below. @@ -108,4 +108,4 @@ kinds: # List of additions modules to allow in only-builtins rule. # only_builtins_allow_modules: -# - example_module \ No newline at end of file +# - example_module diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 76295f4..57a8a6f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,7 +2,7 @@ repos: - repo: https://github.com/lyz-code/yamlfix/ - rev: master + rev: 1.1.1 hooks: - id: yamlfix diff --git a/playbook.yml b/playbook.yml index 62b87a2..799b189 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,5 +1,6 @@ --- -- hosts: all +- name: Deploy data.coop services + hosts: all gather_facts: true become: true vars: @@ -14,9 +15,11 @@ smtp_port: '587' tasks: - - import_role: + - name: Setup host basics + ansible.builtin.import_role: name: ubuntu_base tags: - base_only - - import_role: + - name: Deploy docker containers (services) + ansible.builtin.import_role: name: docker diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 86415fe..02aa6dc 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart nginx +- name: Restart nginx community.docker.docker_container: name: nginx-proxy restart: 'yes' diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index f47c35c..2579c5b 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,33 +1,33 @@ --- -- name: add docker gpg key - apt_key: +- name: Add docker gpg key + ansible.builtin.apt_key: keyserver: pgp.mit.edu id: 8D81803C0EBFCD88 state: present -- name: add docker apt repository +- name: Add docker apt repository ansible.builtin.apt_repository: repo: deb https://download.docker.com/linux/ubuntu bionic stable state: present update_cache: true -- name: install docker-ce +- name: Install docker-ce ansible.builtin.apt: name: docker-ce state: present -- name: install docker python bindings - pip: +- name: Install docker python bindings + ansible.builtin.pip: executable: pip3 name: docker-compose state: present -- name: create folder structure for bind mounts +- name: Create folder structure for bind mounts ansible.builtin.file: name: '{{ volume_root_folder }}' state: directory -- name: setup services - import_tasks: services.yml +- name: Setup services + ansible.builtin.import_tasks: services.yml tags: - setup_services diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml index 12fdf58..37fe862 100644 --- a/roles/docker/tasks/services.yml +++ b/roles/docker/tasks/services.yml @@ -4,10 +4,12 @@ name: external_services - name: setup services - include_tasks: services/{{ item.value.file }} + include_tasks: services/{{ docker_service.value.file }} loop: '{{ services | dict2items }}' - when: single_service is not defined and item.value.file is defined and item.value.disabled_in_vagrant - is not defined + loop_control: + loop_var: docker_service + when: single_service is not defined and docker_service.value.file is defined and + docker_service.value.disabled_in_vagrant is not defined - name: setup single service include_tasks: services/{{ services[single_service].file }} diff --git a/roles/docker/tasks/services/docker_registry.yml b/roles/docker/tasks/services/docker_registry.yml index bda60af..cd3c8c3 100644 --- a/roles/docker/tasks/services/docker_registry.yml +++ b/roles/docker/tasks/services/docker_registry.yml @@ -24,8 +24,8 @@ REGISTRY_AUTH_HTPASSWD_REALM: data.coop docker registry - name: generate htpasswd file - shell: docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > {{ - services.docker_registry.volume_folder }}/auth/htpasswd + shell: docker exec -it registry htpasswd -Bbn docker {{ docker_password }} > services.docker_registry.volume_folder + }}/auth/htpasswd args: creates: '{{ services.docker_registry.volume_folder }}/auth/htpasswd' diff --git a/roles/docker/tasks/services/matrix_riot.yml b/roles/docker/tasks/services/matrix_riot.yml index 35946c5..296418b 100644 --- a/roles/docker/tasks/services/matrix_riot.yml +++ b/roles/docker/tasks/services/matrix_riot.yml @@ -50,8 +50,10 @@ - name: upload vhost config for riot domain ansible.builtin.template: src: files/configs/matrix/vhost-riot - dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ item }}' + dest: '{{ services.nginx_proxy.volume_folder }}/vhost/{{ domain }}' loop: '{{ services.riot.domains }}' + loop_control: + loop_var: domain - name: upload homeserver.yaml ansible.builtin.template: diff --git a/roles/docker/tasks/services/websites/new-new.data.coop.yml b/roles/docker/tasks/services/websites/new-new.data.coop.yml index e4bb37f..8dc690e 100644 --- a/roles/docker/tasks/services/websites/new-new.data.coop.yml +++ b/roles/docker/tasks/services/websites/new-new.data.coop.yml @@ -8,8 +8,8 @@ networks: - name: external_services env: - VIRTUAL_HOST: new-new.{{ services.data_coop_website.domains|join(',') }} - LETSENCRYPT_HOST: new-new.{{ services.data_coop_website.domains|join(',') + VIRTUAL_HOST: new-new.{{ services.data_coop_website.domains | join(',') }} + LETSENCRYPT_HOST: new-new.{{ services.data_coop_website.domains | join(',') }} LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}' # The ssh-key is for read-only only diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index c2e0d40..17dacb6 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -16,7 +16,7 @@ when: not vagrant - name: Install necessary packages via pip - pip: + ansible.builtin.pip: name: '{{ packages }}' vars: packages: diff --git a/roles/ubuntu_base/tasks/dell-apt-repo.yml b/roles/ubuntu_base/tasks/dell-apt-repo.yml index b33e5bd..a5f3943 100644 --- a/roles/ubuntu_base/tasks/dell-apt-repo.yml +++ b/roles/ubuntu_base/tasks/dell-apt-repo.yml @@ -1,6 +1,6 @@ --- - name: Import dell apt signing key - apt_key: + ansible.builtin.apt_key: id: 1285491434D8786F keyserver: keyserver.ubuntu.com diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml index 84fc700..2713e94 100644 --- a/roles/ubuntu_base/tasks/firewall.yml +++ b/roles/ubuntu_base/tasks/firewall.yml @@ -20,3 +20,5 @@ - port: 587 # Email - port: 993 # Email - port: 19022 # SSH + loop_control: + loop_var: ubuntu_base_port diff --git a/roles/ubuntu_base/tasks/users.yml b/roles/ubuntu_base/tasks/users.yml index ef51be0..49a20a5 100644 --- a/roles/ubuntu_base/tasks/users.yml +++ b/roles/ubuntu_base/tasks/users.yml @@ -1,19 +1,23 @@ --- - name: Add users user: - name: '{{ item.name }}' - comment: '{{ item.comment }}' - password: '{{ item.password }}' - groups: '{{ item.groups }}' + name: '{{ ubuntu_base_user.name }}' + comment: '{{ ubuntu_base_user.comment }}' + password: '{{ ubuntu_base_user.password }}' + groups: '{{ ubuntu_base_user.groups }}' update_password: always loop: '{{ users | default([]) }}' + loop_control: + loop_var: ubuntu_base_user - name: Add ssh authorized_keys ansible.posix.authorized_key: - user: '{{ item.name }}' - key: "{{ item.ssh_keys | join('\n') }}" + user: '{{ ubuntu_base_user.name }}' + key: "{{ ubuntu_base_user.ssh_keys | join('\n') }}" exclusive: true loop: '{{ users | default([]) }}' + loop_control: + loop_var: ubuntu_base_user - name: Add ssh authorized_keys to root user ansible.posix.authorized_key: