From ea5435d8942a37fa1b15e72ee6c86da9db8f2c0b Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Mon, 21 Oct 2024 01:10:35 +0200 Subject: [PATCH] TESTING --- host_vars/folald.yml | 6 +++--- host_vars/hestur.yml | 6 +++--- host_vars/poltre.yml | 6 +++--- host_vars/varsa.yml | 8 ++++---- roles/services/defaults/main.yml | 6 ++++-- roles/services/tasks/pre_deploy/mailu.yml | 2 ++ roles/vm-common/tasks/base.yml | 6 +++--- roles/vm-common/tasks/firewall.yml | 23 ----------------------- roles/vm-common/tasks/main.yml | 6 ------ roles/vm-common/tasks/users.yml | 2 +- playbook.yml => site.yml | 4 ++-- 11 files changed, 25 insertions(+), 50 deletions(-) delete mode 100644 roles/vm-common/tasks/firewall.yml rename playbook.yml => site.yml (86%) diff --git a/host_vars/folald.yml b/host_vars/folald.yml index e0033c3..ecc38be 100644 --- a/host_vars/folald.yml +++ b/host_vars/folald.yml @@ -1,12 +1,12 @@ # vim: ft=yaml.ansible # code: language=ansible --- +vm_host: cavall +vm_type: control + hostname: "{{ inventory_hostname }}" fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop" ansible_host: "{{ fqdn }}" ansible_port: 19022 internal_ipv4: 10.2.1.5 - -vm_host: cavall -vm_type: control diff --git a/host_vars/hestur.yml b/host_vars/hestur.yml index 807c6ca..237cb43 100644 --- a/host_vars/hestur.yml +++ b/host_vars/hestur.yml @@ -1,11 +1,11 @@ # vim: ft=yaml.ansible # code: language=ansible --- +vm_host: cloud +vm_type: uptime + hostname: "{{ inventory_hostname }}" fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop" ansible_host: "{{ fqdn }}" ansible_port: 22 - -vm_host: cloud -vm_type: uptime diff --git a/host_vars/poltre.yml b/host_vars/poltre.yml index 9eba9d8..5f26e6a 100644 --- a/host_vars/poltre.yml +++ b/host_vars/poltre.yml @@ -1,12 +1,12 @@ # vim: ft=yaml.ansible # code: language=ansible --- +vm_host: cavall +vm_type: app + hostname: "{{ inventory_hostname }}" fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop" ansible_host: "{{ fqdn }}" ansible_port: 19022 internal_ipv4: 10.2.1.2 - -vm_host: cavall -vm_type: app diff --git a/host_vars/varsa.yml b/host_vars/varsa.yml index 4c2825a..84c80ba 100644 --- a/host_vars/varsa.yml +++ b/host_vars/varsa.yml @@ -1,12 +1,12 @@ # vim: ft=yaml.ansible # code: language=ansible --- +vm_host: cavall +vm_type: app + hostname: "{{ inventory_hostname }}" fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop" -ansible_host: "{{ fqdn }}" +ansible_host: 85.209.118.143 # "{{ fqdn }}" ansible_port: 19022 internal_ipv4: 10.2.1.3 - -vm_host: cavall -vm_type: app diff --git a/roles/services/defaults/main.yml b/roles/services/defaults/main.yml index 4e2368a..648ef44 100644 --- a/roles/services/defaults/main.yml +++ b/roles/services/defaults/main.yml @@ -226,5 +226,7 @@ services: pre_deploy_tasks: true version: "latest" -services_exclude: [] -services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}" +services_exclude: + - uptime_kuma + +services_include: "{{ services | dict2items | map(attribute='key') | list | community.general.lists_difference(services_exclude) }}" diff --git a/roles/services/tasks/pre_deploy/mailu.yml b/roles/services/tasks/pre_deploy/mailu.yml index 06c1b5b..b7da856 100644 --- a/roles/services/tasks/pre_deploy/mailu.yml +++ b/roles/services/tasks/pre_deploy/mailu.yml @@ -35,6 +35,7 @@ dest: "{{ services.mailu.volume_folder }}/certs/cert.pem" state: hard force: true + ignore_errors: true - name: Hard link to Let's Encrypt TLS key file: @@ -42,3 +43,4 @@ dest: "{{ services.mailu.volume_folder }}/certs/key.pem" state: hard force: true + ignore_errors: true diff --git a/roles/vm-common/tasks/base.yml b/roles/vm-common/tasks/base.yml index 8a9fce8..695724e 100644 --- a/roles/vm-common/tasks/base.yml +++ b/roles/vm-common/tasks/base.yml @@ -5,8 +5,8 @@ ansible.builtin.apt: name: - apparmor - - bind-utils - - firewalld + - bind9-utils + - gnupg - haveged - htop - jq @@ -22,5 +22,5 @@ enabled: true state: started loop: - - firewalld + - fstrim.timer - haveged diff --git a/roles/vm-common/tasks/firewall.yml b/roles/vm-common/tasks/firewall.yml deleted file mode 100644 index 2936a6e..0000000 --- a/roles/vm-common/tasks/firewall.yml +++ /dev/null @@ -1,23 +0,0 @@ -# vim: ft=yaml.ansible -# code: language=ansible ---- -- name: Move internal network to zone 'internal' - ansible.posix.firewalld: - zone: internal - source: 10.2.1.0/24 - permanent: true - state: enabled - -- name: Allow incoming connections to SSH port in zone 'internal' - ansible.posix.firewalld: - zone: internal - port: "{{ ansible_port }}" - permanent: true - state: enabled - -# Until control VM is deployed -- name: Allow incoming connections to SSH port in default zone - ansible.posix.firewalld: - port: "{{ ansible_port }}" - permanent: true - state: enabled diff --git a/roles/vm-common/tasks/main.yml b/roles/vm-common/tasks/main.yml index 8106c12..a4d774b 100644 --- a/roles/vm-common/tasks/main.yml +++ b/roles/vm-common/tasks/main.yml @@ -10,9 +10,3 @@ ansible.builtin.import_tasks: users.yml tags: - setup-users - -- name: Firewall configuration - ansible.builtin.import_tasks: firewall.yml - notify: Reload firewalld - tags: - - setup-firewall diff --git a/roles/vm-common/tasks/users.yml b/roles/vm-common/tasks/users.yml index 8e70529..2907aed 100644 --- a/roles/vm-common/tasks/users.yml +++ b/roles/vm-common/tasks/users.yml @@ -18,7 +18,7 @@ user: "{{ item.name }}" key: "{{ item.ssh_keys | join('\n') }}" exclusive: true - loop: "{{ users }}" + loop: "{{ users | selectattr('name', 'ne', 'ansible') }}" - name: Add SSH keys to Ansible user ansible.posix.authorized_key: diff --git a/playbook.yml b/site.yml similarity index 86% rename from playbook.yml rename to site.yml index c8d2da7..8b44477 100644 --- a/playbook.yml +++ b/site.yml @@ -7,8 +7,8 @@ roles: - name: vm-common tags: [base_only] - - name: zfs - tags: [zfs] + # - name: zfs + # tags: [zfs] - name: docker tags: [docker] - name: services