Fix stuff

2022-12-23 16:57:37 +01:00 · 2022-12-23 16:57:37 +01:00 · a285034ca5
parent 5087174b78
commit a285034ca5
5 changed files with 20 additions and 10 deletions
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -2,7 +2,7 @@
 - name: Add Docker PGP key
  apt_key:
    keyserver: keys.openpgp.org
-    id: 0x8D81803C0EBFCD88
+    id: '0x8D81803C0EBFCD88'
    state: present
 - name: Add Docker apt repository
@ -22,8 +22,8 @@
 - name: Create docker-compose symlink
  file:
    src: /usr/libexec/docker/cli-plugins/docker-compose
    name: /usr/local/bin/docker-compose
    src: /usr/libexec/docker/cli-plugins/docker-compose
    state: link
 - name: Install Python bindings for Docker
--- a/roles/docker/tasks/services/restic.yml
+++ b/roles/docker/tasks/services/restic.yml
@ -12,7 +12,7 @@
          image: "mazzolino/restic:{{ services.restic.version }}"
          restart: unless-stopped
          environment:
-            RUN_ON_STARTUP: false
+            RUN_ON_STARTUP: 'false'
            BACKUP_CRON: '0 30 3 * * *'
            RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
            RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
@ -38,7 +38,7 @@
          image: "mazzolino/restic:{{ services.restic.version }}"
          restart: unless-stopped
          environment:
-            RUN_ON_STARTUP: false
+            RUN_ON_STARTUP: 'false'
            PRUNE_CRON: '0 0 4 * * *'
            RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
            RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
@ -52,7 +52,7 @@
          image: "mazzolino/restic:{{ services.restic.version }}"
          restart: unless-stopped
          environment:
-            RUN_ON_STARTUP: false
+            RUN_ON_STARTUP: 'false'
            CHECK_CRON: '0 30 4 * * *'
            RESTIC_REPOSITORY: "b2:{{ secrets.restic.b2.bucket }}:{{ services.restic.repo }}"
            RESTIC_PASSWORD: "{{ secrets.restic.repo_pw }}"
--- a/roles/docker/tasks/services/watchtower.yml
+++ b/roles/docker/tasks/services/watchtower.yml
@ -6,6 +6,6 @@
    image: "containrrr/watchtower:{{ services.watchtower.version }}"
    restart_policy: unless-stopped
    env:
-      WATCHTOWER_POLL_INTERVAL: 3600
+      WATCHTOWER_POLL_INTERVAL: '3600'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:rw
--- a/roles/os_config/tasks/disks.yml
+++ b/roles/os_config/tasks/disks.yml
@ -27,21 +27,30 @@
    src: "/dev/disk/by-uuid/{{ item.uuid }}"
    path: "{{ item.path }}"
    fstype: ext4
-    state: ephemeral
+    fstab: /dev/null
    state: present
  loop:
    - uuid: "{{ secrets.hdd.uuid }}"
      path: "{{ hdd_mount_point }}"
    - uuid: "{{ secrets.ssd.uuid }}"
      path: "{{ ssd_mount_point }}"
 - name: Check if swapfile is mounted
  shell: "swapon | grep -q '{{ ssd_mount_point }}/swapfile'"
  ignore_errors: true
  register: swap_mounted
 - name: Create swapfile
  community.general.filesize:
    path: "{{ ssd_mount_point }}/swapfile"
-    size: 8G
+    size: 2G
    blocksize: 512B
    owner: root
-    mode: 0600
+    mode: u=rw,go=
  when: swap_mounted is undefined
 - name: Mount swapfile
  shell: |
    mkswap {{ ssd_mount_point }}/swapfile
    swapon {{ ssd_mount_point }}/swapfile
  when: swap_mounted is undefined
--- a/roles/os_config/tasks/pkgs.yml
+++ b/roles/os_config/tasks/pkgs.yml
@ -11,7 +11,8 @@
    state: present
  vars:
    pkgs:
      - python3-pip
      - apparmor
      - haveged
      - needrestart
      - python3-pip
      - ufw