diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml index bb2b623..4d51e98 100644 --- a/group_vars/all/secrets.yml +++ b/group_vars/all/secrets.yml @@ -1,40 +1,42 @@ $ANSIBLE_VAULT;1.1;AES256 -33343537323631306437363833656262343362616463373262346436363462373561373565323035 -3838366637626533363434363539633261346332343939340a393433623033653933336461336337 -61306630343036326139663164646137333235323235306138653030663832353137376339373539 -3965303431346538300a306331363135346262346138343430613337373632343538336664383932 -34333163646339613238646161343239383931343566373337313938323963356338663031333731 -61346636656337346166663132383263666332363162323132303939623566353937633939313166 -38313465363738336336316538356266333138373039356337326133306265616232323466363037 -36643637396262666432356233313964636663623636376637336232633462656537313638376663 -62366162396365343530343335643762656661313762333532656532333334396230626631623561 -32363734376261346264643636323636623935633737306262623630373832363763306364653662 -37323930323432383330313331393930396339393530316133666330386531313731656534633436 -62633737393635626561346364656531333531636633633837353634376439653438616433376464 -65613334623439356637323837383863373034363634373531383862323362323237643431636263 -36306563353238373330643337313833376263663938376663323462626563633035616637663432 -62613862303832633238316436353534306137356663373737313931643132333962646536623837 -34616666396238633432306364633434346334376331633137613235383938643735323536373531 -30393033613662393266306666343337373862613034303538353138653562616662653062316538 -32626233613838313331336634613963636230396131313333376330353061363532623664373331 -62303733383237383666633733643164613065323131616239316537666138393130656332396335 -33333761313261373730333733646135313230346161636536353065366365303436366235323463 -31343334303738333362626665363965306531373862363930656666636434323064656339383462 -64393332623663363762313364333131303539363264656632646564306262323534366531356561 -39303062363530623733343437343836636233353163643733363739316461373431623264643333 -61313465363635653333626230643932363563663066366163636565356431666563343866613862 -65643862636331646434393032363163336565613732373338616237366131626566316534623435 -66343964303335626461323132653734653136363762656166336532633964323636653838626531 -30386130393032623965336336393930653239393263633466666135363439653839663038656264 -65336463636331313365623433383237383730393262656262376465376236613732353663306535 -31653230363263626135393338313864643561346438643633623331333931386337376431303566 -65353736353339653937303164383765653635336632666439313366626133376430626435623232 -64393936363266303934313033303562303562323165316334653162343139636663316534333331 -30323139326265626566393365316434323863333037646235646235363761326336626561376463 -61396439363932643936623764396538346361373635653737633534656665613137656132303033 -31306230326264353133313665346261653033626163323461346330353134323836666139326633 -62326139653762326262393630303932383461353761386434643230633134643163303463613961 -39333531373539366461356166623466626635323564393337396136616363663763313030393863 -31633938323332646366326662393339653137636535343062306233633330656266396162666465 -63623735393864346137333864326165656133653836353836396432396436346265343138666339 -626635323031343133366135303261356136 +38643536646364396264393762346530636461343832356138326530653235386333356566343966 +3132373931663266656135356365386432653862303738660a376634366138373136343439353664 +33633961343737303561383862343036653930646565616138623235333437346632373137313031 +3831636239366235630a383438623139326336356533656638316236326631386366376232343737 +39313364656138336261313037666534356339326136393666303334343432396261323634623062 +35663364383435653235313566653330633738623530363265663662663066356134326430306332 +64616661366332623736666266633230326336323962363239303738303131623235666332303634 +33376561306333343933363432643037666565343865333436633934353638643262616531633439 +32656432356135613535626665303963363836633462643362613630373465313466653564323735 +64626466306239623130326637383965356131366463303834356364356561356231376337353737 +34383136366137303937393161333138353731336565323066396238616435386231373565366465 +65636231626466633635623839363066353530623366663166363231663864616665373736653739 +37623135346530646230386662363561643861613532376331626461653162343330313662346366 +34326262666666323061373336643363353763343833353531613236313961363664656564643464 +61356436333466633036303863396663326135626363376339346366336663363638663165643761 +31383266633164353665653366323732623066323962323065346562353034386634613332356265 +31666662626334313864633633363730373539373331333630316432653161663561356632353438 +34323365366366336437363966306235656135383265313634316666653166313739666465336232 +62313430626464323034663163353037353631653434303036653266346265616636303031323736 +31336165316534383539386363636331366132653531616434303532353336363033613537623561 +63336563383739643163346632656339643861646230373664333234636566383734376433346234 +34356230643730373465666334623934653461323035313264616465383734636235303837393735 +35613861613032396134663433623131646235356631333634326632306566353164653864343731 +61356538613163356662633435616266326434376338383361666537346334333038393666613466 +61653432613038333566636162613839616161366361366439353533336530616161653831336132 +63633462396134353739666239323530373235343164323861613161653332303164653739336434 +30373761353961393131643364363932306333623263663864663661336566656363346663373634 +32316264366431383734396638616135393937663330363037613262626230316366633631316134 +39333263376465333635663665316363376165343161613461616333623362646433623036383963 +63323765616133363331396164316565633934386563666534616464353330376634316430313430 +64313065653637653831383561343266306266613464663239363361393964613235623762613562 +34643831363961313135386630663934396334353235316134626463366635333863353834633464 +65363366653339653437363934373564323966616134336534343636346238316366653736666465 +65613062633237326265636561303230623462376364326339383733326630653331356566343062 +32383962663938376432643839383863316335663339303039363034313434366334646536333034 +63303564666635353765333864333434393162313539643061343537356265613837616661663636 +30336431383332396463613966663338613266313065396631653136653235663261343064326465 +33653463663761663963306138626164316462646363383633653564613463643236633332353538 +35306563306135636639343331623362343233633037383561356431323036643131383932356331 +34623631303533323363663365386666383238366530393165333831343634386439343235653662 +36353132343531376636323065623662333235346137613236383031656630643532 diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 91f3bc3..7a2d29b 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -40,6 +40,7 @@ template: src: daemon.json.j2 dest: /etc/docker/daemon.json + owner: root mode: u=rw,g=r,o=r - name: Set up Docker services diff --git a/roles/docker/tasks/services/caddy.yml b/roles/docker/tasks/services/caddy.yml index c21b5c1..9c47a45 100644 --- a/roles/docker/tasks/services/caddy.yml +++ b/roles/docker/tasks/services/caddy.yml @@ -3,6 +3,7 @@ - name: Create Caddy volume directories file: name: "{{ services.caddy.volume }}/{{ dir }}" + owner: root mode: u=rwx,g=rx,o=rx state: directory loop: @@ -15,6 +16,7 @@ template: src: Caddyfile.j2 dest: "{{ services.caddy.volume }}/Caddyfile" + owner: root mode: u=rw,g=r,o=r - name: Deploy Caddy Docker container diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml index a441e76..3aa7e46 100644 --- a/roles/docker/tasks/services/nextcloud.yml +++ b/roles/docker/tasks/services/nextcloud.yml @@ -3,6 +3,7 @@ - name: Create Nextcloud volume directories file: name: "{{ services.nextcloud.volume }}/{{ dir }}" + owner: root mode: u=rwx,g=rx,o=rx state: directory loop: @@ -16,6 +17,7 @@ copy: src: "nextcloud/apache2/{{ file }}" dest: "{{ services.nextcloud.volume }}/apache2/{{ file }}" + owner: root mode: u=rw,g=r,o=r loop: - apache2.conf diff --git a/roles/docker/tasks/services/wireguard.yml b/roles/docker/tasks/services/wireguard.yml index bb03079..f9e39b0 100644 --- a/roles/docker/tasks/services/wireguard.yml +++ b/roles/docker/tasks/services/wireguard.yml @@ -3,6 +3,7 @@ - name: Create Wireguard volume directory file: name: "{{ services.wireguard.volume }}" + owner: root mode: u=rwx,g=rx,o=rx state: directory diff --git a/roles/os_config/tasks/disks.yml b/roles/os_config/tasks/disks.yml index d3a9ea1..456b4e7 100644 --- a/roles/os_config/tasks/disks.yml +++ b/roles/os_config/tasks/disks.yml @@ -38,6 +38,7 @@ community.general.filesize: path: "{{ ssd_mount_point }}/swapfile" size: 8G + owner: root mode: 0600 - name: Mount swapfile diff --git a/roles/os_config/tasks/ufw.yml b/roles/os_config/tasks/firewall.yml similarity index 100% rename from roles/os_config/tasks/ufw.yml rename to roles/os_config/tasks/firewall.yml diff --git a/roles/os_config/tasks/main.yml b/roles/os_config/tasks/main.yml index 18078d3..3497d2a 100644 --- a/roles/os_config/tasks/main.yml +++ b/roles/os_config/tasks/main.yml @@ -2,8 +2,11 @@ - name: Configure system packages import_tasks: pkgs.yml +- name: Configure updates + import_tasks: updates.yml + - name: Configure firewall - import_tasks: ufw.yml + import_tasks: firewall.yml - name: Configure SSH import_tasks: ssh.yml diff --git a/roles/os_config/tasks/updates.yml b/roles/os_config/tasks/updates.yml new file mode 100644 index 0000000..f40f2b2 --- /dev/null +++ b/roles/os_config/tasks/updates.yml @@ -0,0 +1,19 @@ +# vim: ft=yaml.ansible +--- +- name: Clone apt-update-push + git: + dest: "/home/{{ ansible_user }}/apt-update-push" + repo: https://github.com/samsapti/apt-update-push.git + clone: true + update: true + single_branch: true + depth: 1 + become: false + register: clone + +- name: Install apt-update-push + shell: + cmd: "echo 'topic={{ secrets.ntfy_topic }}' > .env && ./install.sh" + stdin: 20 + chdir: "/home/{{ ansible_user }}/apt-update-push" + when: clone is defined and clone.changed