M molecule/default/prepare.yml => molecule/default/prepare.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: prepare hosts
+- name: Prepare hosts
hosts: all
tasks:
- name: Setup openssh
M playbooks/avalon.yml => playbooks/avalon.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: setup avalon
+- name: Setup avalon
hosts: xenrox.net
become: true
roles:
M playbooks/fenrir.yml => playbooks/fenrir.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: setup fenrir
+- name: Setup fenrir
hosts: fenrir.xenrox.net
become: true
roles:
M playbooks/izanagi.yml => playbooks/izanagi.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: setup izanagi
+- name: Setup izanagi
hosts: izanagi
become: true
roles:
M playbooks/izanami.yml => playbooks/izanami.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: setup izanami
+- name: Setup izanami
hosts: izanami
become: true
roles:
M playbooks/local.yml => playbooks/local.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: setup localhost
+- name: Setup localhost
hosts: 127.0.0.1
become: true
roles:
M playbooks/upgrade.yml => playbooks/upgrade.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: upgrade hosts
+- name: Upgrade hosts
hosts: all,!127.0.0.1
become: true
roles:
M roles/croc/tasks/main.yml => roles/croc/tasks/main.yml +5 -5
@@ 3,16 3,16 @@
ansible.builtin.set_fact:
croc_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/croc') }}"
-- name: install croc
+- name: Install croc
ansible.builtin.package:
name: croc
state: present
-- name: setup croc relay
+- name: Setup croc relay
import_tasks: relay.yml
when: croc_relay is defined and croc_relay
-- name: create croc config path
+- name: Create croc config path
ansible.builtin.file:
path: "/home/{{ primary_user }}/.config/croc"
state: directory
@@ 20,7 20,7 @@
group: "{{ primary_user }}"
mode: 0700
-- name: configure croc send
+- name: Configure croc send
ansible.builtin.template:
src: send.json.j2
dest: "/home/{{ primary_user }}/.config/croc/send.json"
@@ 28,7 28,7 @@
group: "{{ primary_user }}"
mode: 0600
-- name: configure croc receive
+- name: Configure croc receive
ansible.builtin.template:
src: receive.json.j2
dest: "/home/{{ primary_user }}/.config/croc/receive.json"
M roles/croc/tasks/relay.yml => roles/croc/tasks/relay.yml +4 -4
@@ 1,5 1,5 @@
---
-- name: create systemd unit override path
+- name: Create systemd unit override path
ansible.builtin.file:
path: /etc/systemd/system/croc.service.d
state: directory
@@ 7,7 7,7 @@
group: root
mode: 0755
-- name: install systemd unit override file
+- name: Install systemd unit override file
ansible.builtin.template:
src: croc.service.j2
dest: /etc/systemd/system/croc.service.d/override.conf
@@ 15,7 15,7 @@
group: root
mode: 0644
-- name: start and enable croc
+- name: Start and enable croc
ansible.builtin.systemd:
name: croc
enabled: true
@@ 37,7 37,7 @@
state: reloaded
when: croc_service.changed
-- name: firewalld allow croc
+- name: Firewalld allow croc
ansible.posix.firewalld:
service: croc
state: enabled
M roles/cron/tasks/main.yml => roles/cron/tasks/main.yml +3 -3
@@ 1,16 1,16 @@
---
-- name: install cron
+- name: Install cron
ansible.builtin.package:
name: "{{ cron_package[ansible_facts['os_family']] }}"
state: present
-- name: enable cron systemd service
+- name: Enable cron systemd service
ansible.builtin.systemd:
name: "{{ cron_package[ansible_facts['os_family']] }}.service"
enabled: true
state: started
-- name: set cron mailto
+- name: Set cron mailto
ansible.builtin.cron:
env: true
name: MAILTO
M roles/deploy/tasks/main.yml => roles/deploy/tasks/main.yml +2 -2
@@ 1,11 1,11 @@
---
-- name: create user
+- name: Create user
ansible.builtin.user:
name: deploy
shell: /bin/bash
home: /home/deploy
-- name: deposit ssh pub key
+- name: Deposit ssh pub key
ansible.posix.authorized_key:
user: deploy
state: present
M roles/ejabberd/handlers/main.yml => roles/ejabberd/handlers/main.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: restart ejabberd
+- name: Restart ejabberd
ansible.builtin.systemd:
name: ejabberd
state: restarted
M roles/ejabberd/tasks/main.yml => roles/ejabberd/tasks/main.yml +16 -16
@@ 3,15 3,15 @@
ansible.builtin.set_fact:
ejabberd_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/ejabberd') }}"
-- name: install
+- name: Install
community.general.pacman:
name: ejabberd
state: present
-- name: create DH group
+- name: Create DH group
ansible.builtin.command: openssl dhparam -out /etc/ejabberd/dhparams.pem 2048 creates=/etc/ejabberd/dhparams.pem
-- name: create db user
+- name: Create db user
community.general.postgresql_user:
name: ejabberd
password: "{{ ejabberd_secrets['psql_password'] }}"
@@ 19,7 19,7 @@
become_user: postgres
no_log: true
-- name: create db
+- name: Create db
community.general.postgresql_db:
name: ejabberd
owner: ejabberd
@@ 27,7 27,7 @@
become_user: postgres
register: ejabberd_db
-- name: get db schema
+- name: Get db schema
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/processone/ejabberd/master/sql/pg.sql
dest: /tmp/pg.sql
@@ 36,7 36,7 @@
mode: 0644
when: ejabberd_db.changed
-- name: import db schema
+- name: Import db schema
community.general.postgresql_db:
login_user: ejabberd
login_password: "{{ ejabberd_secrets['psql_password'] }}"
@@ 48,14 48,14 @@
when: ejabberd_db.changed
no_log: true
-- name: configure
+- name: Configure
ansible.builtin.template:
src: ejabberd.yml
dest: /etc/ejabberd/ejabberd.yml
owner: jabber
group: jabber
mode: 0600
- notify: restart ejabberd
+ notify: Restart ejabberd
- name: Copy certificate
ansible.builtin.copy:
@@ 69,13 69,13 @@
- fullchain.pem
- privkey.pem
-- name: start and enable
+- name: Start and enable
ansible.builtin.systemd:
name: ejabberd
enabled: true
state: started
-- name: firewalld allow
+- name: Firewalld allow
ansible.posix.firewalld:
service: "{{ item }}"
state: enabled
@@ 85,7 85,7 @@
- xmpp-client
- xmpp-server
-- name: create upload dir
+- name: Create upload dir
ansible.builtin.file:
path: /var/www/ejabberd_upload
state: directory
@@ 93,7 93,7 @@
group: jabber
mode: 0755
-- name: create well-known dir
+- name: Create well-known dir
ansible.builtin.file:
path: /etc/nginx/html/.well-known
state: directory
@@ 101,7 101,7 @@
group: http
mode: 0755
-- name: copy host-meta
+- name: Copy host-meta
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/nginx/html/.well-known/{{ item }}"
@@ 112,7 112,7 @@
- host-meta
- host-meta.json
-- name: create xenrox user
+- name: Create xenrox user
community.general.ejabberd_user:
username: xenrox
host: xenrox.net
@@ 123,14 123,14 @@
# wait for module update to remove changed_when
changed_when: false
-- name: set jabber cron mailto
+- name: Set jabber cron mailto
ansible.builtin.cron:
env: true
name: MAILTO
user: jabber
value: admin@xenrox.net
-- name: set jabber cronjobs
+- name: Set jabber cronjobs
ansible.builtin.cron:
name: "{{ item.name }}"
state: present
M roles/faceit/tasks/main.yml => roles/faceit/tasks/main.yml +1 -1
@@ 31,4 31,4 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
M roles/fail2ban/handlers/main.yml => roles/fail2ban/handlers/main.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: restart fail2ban
+- name: Restart fail2ban
ansible.builtin.systemd:
name: fail2ban
state: restarted
M roles/fail2ban/tasks/main.yml => roles/fail2ban/tasks/main.yml +6 -6
@@ 1,28 1,28 @@
---
-- name: install fail2ban
+- name: Install fail2ban
ansible.builtin.package:
name: fail2ban
state: present
-- name: install jail.local
+- name: Install jail.local
ansible.builtin.copy:
src: jail.local
dest: /etc/fail2ban/jail.local
owner: root
group: root
mode: 0644
- notify: restart fail2ban
+ notify: Restart fail2ban
-- name: install sshd.jail
+- name: Install sshd.jail
ansible.builtin.copy:
src: sshd.jail
dest: /etc/fail2ban/jail.d/sshd.local
owner: root
group: root
mode: 0644
- notify: restart fail2ban
+ notify: Restart fail2ban
-- name: start and enable fail2ban
+- name: Start and enable fail2ban
ansible.builtin.systemd:
name: fail2ban
enabled: true
M roles/firewalld/handlers/main.yml => roles/firewalld/handlers/main.yml +2 -2
@@ 4,10 4,10 @@
ansible.builtin.systemd:
name: firewalld
state: stopped
- listen: restart firewalld
+ listen: Restart firewalld
- name: Start firewalld
ansible.builtin.systemd:
name: firewalld
state: started
- listen: restart firewalld
+ listen: Restart firewalld
M roles/firewalld/tasks/main.yml => roles/firewalld/tasks/main.yml +6 -6
@@ 1,10 1,10 @@
---
-- name: install firewalld
+- name: Install firewalld
ansible.builtin.package:
name: firewalld
state: present
-- name: configure firewalld
+- name: Configure firewalld
ansible.builtin.template:
src: firewalld.conf.j2
dest: /etc/firewalld/firewalld.conf
@@ 12,22 12,22 @@
group: root
mode: 0644
when: "'archlinux' in group_names"
- notify: restart firewalld
+ notify: Restart firewalld
-- name: start and enable firewalld
+- name: Start and enable firewalld
ansible.builtin.systemd:
name: firewalld
enabled: true
state: started
-- name: disable default dhcpv6-client
+- name: Disable default dhcpv6-client
ansible.posix.firewalld:
service: dhcpv6-client
state: disabled
permanent: true
immediate: true
-- name: disable default ssh
+- name: Disable default ssh
ansible.posix.firewalld:
service: ssh
state: disabled
M roles/gamja/tasks/main.yml => roles/gamja/tasks/main.yml +1 -1
@@ 19,4 19,4 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
M roles/grafana/tasks/main.yml => roles/grafana/tasks/main.yml +1 -1
@@ 69,4 69,4 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
M roles/hedgedoc/tasks/main.yml => roles/hedgedoc/tasks/main.yml +1 -1
@@ 45,4 45,4 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
M roles/homepage/tasks/main.yml => roles/homepage/tasks/main.yml +5 -5
@@ 1,14 1,14 @@
---
-- name: copy nginx conf
+- name: Copy nginx conf
ansible.builtin.template:
src: homepage.conf.j2
dest: /etc/nginx/nginx.d/homepage.conf
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
-- name: create homepage dir
+- name: Create homepage dir
ansible.builtin.file:
state: directory
path: /usr/share/webapps/homepage
@@ 16,7 16,7 @@
group: deploy
mode: 0755
-- name: create repo dir
+- name: Create repo dir
ansible.builtin.file:
state: directory
path: /usr/share/webapps/repo
@@ 24,7 24,7 @@
group: xenrox
mode: 0755
-- name: add deploy user to http group
+- name: Add deploy user to http group
ansible.builtin.user:
name: deploy
append: true
M roles/keycloak/tasks/main.yml => roles/keycloak/tasks/main.yml +1 -1
@@ 51,4 51,4 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
M roles/mailcow/tasks/main.yml => roles/mailcow/tasks/main.yml +1 -1
@@ 10,7 10,7 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Install cert renewal hook
ansible.builtin.copy:
M roles/matrix/tasks/main.yml => roles/matrix/tasks/main.yml +1 -1
@@ 57,7 57,7 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Setup whatsapp bridge
block:
M roles/minio/handlers/main.yml => roles/minio/handlers/main.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: restart minio
+- name: Restart minio
ansible.builtin.systemd:
name: minio
state: restarted
M roles/minio/tasks/main.yml => roles/minio/tasks/main.yml +6 -6
@@ 8,7 8,7 @@
name: minio
state: present
-- name: create minio config path
+- name: Create minio config path
ansible.builtin.file:
path: /etc/minio
state: directory
@@ 16,7 16,7 @@
group: minio
mode: 0700
-- name: configure minio
+- name: Configure minio
ansible.builtin.template:
src: minio.conf.j2
dest: /etc/minio/minio.conf
@@ 24,19 24,19 @@
group: minio
mode: 0600
notify:
- - restart minio
+ - Restart minio
-- name: start and enable minio
+- name: Start and enable minio
ansible.builtin.systemd:
name: minio
enabled: true
state: started
-- name: copy nginx cong
+- name: Copy nginx conf
ansible.builtin.copy:
src: minio.conf
dest: /etc/nginx/nginx.d/minio.conf
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
M roles/navidrome/tasks/main.yml => roles/navidrome/tasks/main.yml +1 -1
@@ 38,4 38,4 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
M roles/nextcloud/tasks/main.yml => roles/nextcloud/tasks/main.yml +1 -1
@@ 72,7 72,7 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Copy upgrade hook
ansible.builtin.copy:
M roles/nginx/handlers/main.yml => roles/nginx/handlers/main.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: restart nginx
+- name: Restart nginx
ansible.builtin.systemd:
name: nginx
state: restarted
M roles/nginx/tasks/main.yml => roles/nginx/tasks/main.yml +10 -10
@@ 1,19 1,19 @@
---
-- name: install nginx
+- name: Install nginx
community.general.pacman:
name: nginx-mainline
state: present
-- name: configure nginx
+- name: Configure nginx
ansible.builtin.copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
-- name: create snippets dir
+- name: Create snippets dir
ansible.builtin.file:
state: directory
path: /etc/nginx/snippets
@@ 21,7 21,7 @@
group: root
mode: 0755
-- name: copy snippets
+- name: Copy snippets
ansible.builtin.copy:
src: "{{ item }}"
dest: /etc/nginx/snippets
@@ 29,7 29,7 @@
group: root
mode: 0644
with_fileglob: files/snippets/*
- notify: restart nginx
+ notify: Restart nginx
- name: Copy templated snippets
ansible.builtin.template:
@@ 40,9 40,9 @@
mode: 0644
with_items:
- internal_access.conf
- notify: restart nginx
+ notify: Restart nginx
-- name: create nginx.d directory
+- name: Create nginx.d directory
ansible.builtin.file:
state: directory
path: /etc/nginx/nginx.d
@@ 62,13 62,13 @@
# NOTE: Remove when upgrading to modern SSL config
ansible.builtin.command: openssl dhparam -out /etc/ssl/dhparams.pem 4096 creates=/etc/ssl/dhparams.pem
-- name: start and enable nginx
+- name: Start and enable nginx
ansible.builtin.systemd:
name: nginx
enabled: true
state: started
-- name: firewalld allow nginx
+- name: Firewalld allow nginx
ansible.posix.firewalld:
service: "{{ item }}"
state: enabled
M roles/ntfy_server/tasks/main.yml => roles/ntfy_server/tasks/main.yml +1 -1
@@ 42,7 42,7 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Make UnifiedPush topics world-writeable
ansible.builtin.command: ntfy access everyone 'up*' write-only
M roles/pacman/tasks/main.yml => roles/pacman/tasks/main.yml +10 -10
@@ 1,9 1,9 @@
---
-- name: get installed packages
+- name: Get installed packages
ansible.builtin.package_facts:
manager: pacman
-- name: install pacman config
+- name: Install pacman config
ansible.builtin.template:
src: pacman.conf.j2
dest: /etc/pacman.conf
@@ 22,13 22,13 @@
id: "{{ xenrox_pacman_key }}"
keyserver: "{{ keyserver }}"
-- name: install pacman packages
+- name: Install pacman packages
community.general.pacman:
name: "{{ pacman_packages }}"
state: present
update_cache: true
-- name: install paccache service
+- name: Install paccache service
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
@@ 39,14 39,14 @@
- paccache.service
- paccache.timer
-- name: enable paccache.timer
+- name: Enable paccache.timer
ansible.builtin.systemd:
name: paccache.timer
enabled: true
state: started
daemon_reload: true
-- name: install reflector service
+- name: Install reflector service
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
@@ 57,14 57,14 @@
- reflector.service
- reflector.timer
-- name: enable reflector.timer
+- name: Enable reflector.timer
ansible.builtin.systemd:
name: reflector.timer
enabled: true
state: started
daemon_reload: true
-- name: create pacman.d hooks dir
+- name: Create pacman.d hooks dir
ansible.builtin.file:
path: /etc/pacman.d/hooks
state: directory
@@ 72,7 72,7 @@
group: root
mode: 0755
-- name: install hooks
+- name: Install hooks
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/pacman.d/hooks/{{ item }}"
@@ 83,7 83,7 @@
- arch-audit.hook
- mirrorlist.hook
-- name: enable kernel-modules cleanup
+- name: Enable kernel-modules cleanup
ansible.builtin.systemd:
name: linux-modules-cleanup.service
enabled: true
M roles/peertube/handlers/main.yml => roles/peertube/handlers/main.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: restart peertube
+- name: Restart peertube
ansible.builtin.systemd:
name: peertube
state: restarted
M roles/peertube/tasks/main.yml => roles/peertube/tasks/main.yml +9 -9
@@ 9,7 9,7 @@
name: nodejs-lts-gallium,yarn
state: present
-- name: install
+- name: Install
community.general.pacman:
name: peertube
state: present
@@ 19,13 19,13 @@
name: prosody,lua52-sec
state: present
-- name: create db
+- name: Create db
community.general.postgresql_db:
db: peertube
become: true
become_user: postgres
-- name: create db user
+- name: Create db user
community.general.postgresql_user:
db: peertube
name: peertube
@@ 35,14 35,14 @@
become_user: postgres
no_log: true
-- name: configure
+- name: Configure
ansible.builtin.template:
src: production.yaml.j2
dest: /etc/peertube/production.yaml
owner: peertube
group: peertube
mode: 0600
- notify: restart peertube
+ notify: Restart peertube
- name: Fix folder permissions # TODO: Bug in aur package
ansible.builtin.file:
@@ 68,21 68,21 @@
group: root
mode: 0644
-- name: start and enable
+- name: Start and enable
ansible.builtin.systemd:
name: peertube
enabled: true
state: started
daemon_reload: true
-- name: copy nginx conf
+- name: Copy nginx conf
ansible.builtin.copy:
src: peertube.conf
dest: /etc/nginx/nginx.d/peertube.conf
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Copy firewalld RTMP service
ansible.builtin.copy:
@@ 99,7 99,7 @@
state: reloaded
when: rtmp_service.changed
-- name: firewalld allow rtmp
+- name: Firewalld allow rtmp
ansible.posix.firewalld:
service: rtmp
state: enabled
M roles/prometheus/handlers/main.yml => roles/prometheus/handlers/main.yml +1 -1
@@ 4,7 4,7 @@
name: prometheus
state: restarted
-- name: reload prometheus
+- name: Reload prometheus
ansible.builtin.systemd:
name: prometheus
state: reloaded
M roles/prometheus/tasks/main.yml => roles/prometheus/tasks/main.yml +7 -7
@@ 8,19 8,19 @@
ansible.builtin.set_fact:
ejabberd_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/ejabberd') }}"
-- name: install
+- name: Install
community.general.pacman:
name: "{{ prometheus_packages }}"
state: present
-- name: configure prometheus
+- name: Configure prometheus
ansible.builtin.template:
src: prometheus.yml.j2
dest: /etc/prometheus/prometheus.yml
owner: root
group: root
mode: 0644
- notify: reload prometheus
+ notify: Reload prometheus
- name: Install cli configuration
ansible.builtin.copy:
@@ 31,7 31,7 @@
mode: 0644
notify: Restart prometheus
-- name: configure rules
+- name: Configure rules
ansible.builtin.copy:
src: "{{ item }}"
dest: /etc/prometheus/
@@ 40,9 40,9 @@
mode: 0644
with_fileglob:
- files/rules/*
- notify: reload prometheus
+ notify: Reload prometheus
-- name: start and enable prometheus
+- name: Start and enable prometheus
ansible.builtin.systemd:
name: prometheus
enabled: true
@@ 64,7 64,7 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Install pushgateway service
ansible.builtin.copy:
M roles/prometheus_clients/handlers/main.yml => roles/prometheus_clients/handlers/main.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: restart node exporter
+- name: Restart node exporter
ansible.builtin.systemd:
name: prometheus-node-exporter
state: restarted
M roles/prometheus_clients/tasks/server.yml => roles/prometheus_clients/tasks/server.yml +7 -7
@@ 1,10 1,10 @@
---
-- name: install
+- name: Install
community.general.pacman:
name: prometheus-node-exporter
state: present
-- name: create textfile dir
+- name: Create textfile dir
ansible.builtin.file:
path: /var/lib/prometheus_textfiles
state: directory
@@ 12,16 12,16 @@
group: node_exporter
mode: 0755
-- name: configure node exporter
+- name: Configure node exporter
ansible.builtin.copy:
src: prometheus-node-exporter
dest: /etc/conf.d/prometheus-node-exporter
owner: root
group: root
mode: 0644
- notify: restart node exporter
+ notify: Restart node exporter
-- name: install textfile script
+- name: Install textfile script
ansible.builtin.copy:
src: prometheus_arch.sh
dest: /usr/local/bin/prometheus_arch.sh
@@ 29,7 29,7 @@
group: root
mode: 0755
-- name: start and enable node exporter
+- name: Start and enable node exporter
ansible.builtin.systemd:
name: prometheus-node-exporter
enabled: true
@@ 53,7 53,7 @@
state: started
daemon_reload: true
-- name: allow in firewalld
+- name: Allow in firewalld
ansible.posix.firewalld:
zone: wireguard
rich_rule: "rule family=ipv4 source address={{ hostvars['xenrox.net']['wireguard_address'] }} port port=9100 protocol=tcp accept"
M roles/screego/tasks/main.yml => roles/screego/tasks/main.yml +1 -1
@@ 40,7 40,7 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Copy firewalld service
ansible.builtin.copy:
M roles/searx/handlers/main.yml => roles/searx/handlers/main.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: restart searx
+- name: Restart searx
ansible.builtin.systemd:
name: uwsgi@searx
state: restarted
M roles/searx/tasks/main.yml => roles/searx/tasks/main.yml +8 -8
@@ 3,12 3,12 @@
ansible.builtin.set_fact:
searx_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/searx') }}"
-- name: install
+- name: Install
community.general.pacman:
name: searx
state: present
-- name: configure uwsgi
+- name: Configure uwsgi
ansible.builtin.lineinfile:
path: /etc/uwsgi/searx.ini
state: present
@@ 17,28 17,28 @@
owner: root
group: root
mode: 0644
- notify: restart searx
+ notify: Restart searx
-- name: configure
+- name: Configure
ansible.builtin.template:
src: settings.yml.j2
dest: /etc/searx/settings.yml
owner: root
group: root
mode: 0644
- notify: restart searx
+ notify: Restart searx
-- name: start and enable
+- name: Start and enable
ansible.builtin.systemd:
name: uwsgi@searx
enabled: true
state: started
-- name: copy nginx conf
+- name: Copy nginx conf
ansible.builtin.copy:
src: search.conf
dest: /etc/nginx/nginx.d/search.conf
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
M roles/sinusbot/tasks/main.yml => roles/sinusbot/tasks/main.yml +1 -1
@@ 32,7 32,7 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Clone scripts
ansible.builtin.git:
M roles/srht/handlers/main.yml => roles/srht/handlers/main.yml +2 -2
@@ 1,5 1,5 @@
---
-- name: restart srht
+- name: Restart srht
ansible.builtin.systemd:
name: "{{ item }}"
state: restarted
@@ 10,7 10,7 @@
name: builds.sr.ht-worker
state: restarted
-- name: restart nginx
+- name: Restart nginx
ansible.builtin.systemd:
name: nginx
state: restarted
M roles/srht/tasks/main.yml => roles/srht/tasks/main.yml +16 -16
@@ 6,12 6,12 @@
minio_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/minio') }}"
email_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/email') }}"
-- name: install srht packages
+- name: Install srht packages
community.general.pacman:
name: "{{ srht_packages }}"
state: present
-- name: create srht config path
+- name: Create srht config path
ansible.builtin.file:
path: /etc/sr.ht
state: directory
@@ 19,14 19,14 @@
group: root
mode: 0755
-- name: configure srht
+- name: Configure srht
ansible.builtin.template:
src: config.ini.j2
dest: /etc/sr.ht/config.ini
owner: root
group: root
mode: 0644
- notify: restart srht
+ notify: Restart srht
- name: Deposit GPG private key
ansible.builtin.template:
@@ 44,7 44,7 @@
group: root
mode: 0644
-- name: create systemd unit override path for git
+- name: Create systemd unit override path for git
ansible.builtin.file:
path: "/etc/systemd/system/{{ item }}.d"
state: directory
@@ 57,7 57,7 @@
- git.sr.ht-webhooks.service
- git.sr.ht-periodic.service
-- name: install systemd unit override file
+- name: Install systemd unit override file
ansible.builtin.copy:
src: override.conf
dest: "/etc/systemd/system/{{ item }}.d/override.conf"
@@ 178,7 178,7 @@
source: build
notify: Prune images
-- name: start and enable srht services
+- name: Start and enable srht services
ansible.builtin.systemd:
name: "{{ item }}"
enabled: true
@@ 186,7 186,7 @@
daemon_reload: true
with_items: "{{ srht_services }}"
-- name: add archlinux rebuild cronjob
+- name: Add archlinux rebuild cronjob
ansible.builtin.cron:
name: arch rebuild
state: present
@@ 195,7 195,7 @@
hour: "9"
minute: "0"
-- name: add alpine rebuild cronjob
+- name: Add alpine rebuild cronjob
ansible.builtin.cron:
name: alpine rebuild
state: present
@@ 204,7 204,7 @@
hour: "9"
minute: "30"
-- name: copy nginx conf
+- name: Copy nginx conf
ansible.builtin.copy:
src: "{{ item }}"
dest: /etc/nginx/nginx.d
@@ 214,7 214,7 @@
with_fileglob:
- files/nginx/*
notify:
- - restart nginx
+ - Restart nginx
- name: Install nginx runenr conf
ansible.builtin.template:
@@ 223,7 223,7 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Copy nginx snippets
ansible.builtin.copy:
@@ 237,9 237,9 @@
- srht.conf
- srht_robots.txt
- srht_web.conf
- notify: restart nginx
+ notify: Restart nginx
-- name: copy api key
+- name: Copy api key
ansible.builtin.template:
src: image-refresh-token.j2
dest: /etc/sr.ht/image-refresh-token
@@ 247,13 247,13 @@
group: root
mode: 0644
-- name: setup image build files
+- name: Setup image build files
ansible.builtin.git:
repo: https://git.xenrox.net/~xenrox/builds
dest: /var/lib/images/builds
version: master
-- name: add deploy user to buildsrht group
+- name: Add deploy user to buildsrht group
ansible.builtin.user:
name: deploy
append: true
M roles/ssh/handlers/main.yml => roles/ssh/handlers/main.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: restart sshd
+- name: Restart sshd
ansible.builtin.systemd:
name: sshd
state: restarted
M roles/ssh/tasks/main.yml => roles/ssh/tasks/main.yml +3 -3
@@ 1,11 1,11 @@
---
-- name: install openssh
+- name: Install openssh
ansible.builtin.package:
name: openssh
state: present
when: "'archlinux' in group_names"
-- name: setup server
+- name: Setup server
import_tasks: server.yml
when: "inventory_hostname != '127.0.0.1'"
@@ 13,7 13,7 @@
import_tasks: client.yml
when: "inventory_hostname == '127.0.0.1'"
-- name: set file permissions
+- name: Set file permissions
ansible.builtin.file:
path: /etc/ssh
mode: 0755
M roles/ssh/tasks/server.yml => roles/ssh/tasks/server.yml +3 -3
@@ 1,5 1,5 @@
---
-- name: configure sshd
+- name: Configure sshd
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
@@ 7,9 7,9 @@
group: root
mode: 0644
validate: /usr/sbin/sshd -t -f %s
- notify: restart sshd
+ notify: Restart sshd
-- name: start and enable sshd
+- name: Start and enable sshd
ansible.builtin.systemd:
name: sshd
enabled: true
M roles/upgrade/handlers/main.yml => roles/upgrade/handlers/main.yml +1 -1
@@ 1,3 1,3 @@
---
-- name: reboot debian
+- name: Reboot debian
ansible.builtin.reboot:
M roles/upgrade/tasks/Archlinux.yml => roles/upgrade/tasks/Archlinux.yml +2 -2
@@ 1,9 1,9 @@
---
-- name: upgrade archlinux
+- name: Upgrade archlinux
community.general.pacman:
update_cache: true
upgrade: true
register: upgrade_archlinux
-- name: list archlinux upgrades
+- name: List archlinux upgrades
ansible.builtin.debug: var=upgrade_archlinux.packages
M roles/upgrade/tasks/Debian.yml => roles/upgrade/tasks/Debian.yml +2 -2
@@ 1,8 1,8 @@
---
-- name: upgrade debian
+- name: Upgrade debian
ansible.builtin.apt:
update_cache: true
upgrade: dist
autoremove: true
autoclean: true
- notify: reboot debian
+ notify: Reboot debian
M roles/upgrade/tasks/main.yml => roles/upgrade/tasks/main.yml +1 -1
@@ 1,3 1,3 @@
---
-- name: include os specific upgrade playbook
+- name: Include os specific upgrade playbook
include_tasks: "{{ ansible_facts['os_family'] }}.yml"
M roles/uptime_kuma/tasks/main.yml => roles/uptime_kuma/tasks/main.yml +1 -1
@@ 22,7 22,7 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
- name: Install backup script
ansible.builtin.copy:
M roles/vault/tasks/main.yml => roles/vault/tasks/main.yml +1 -1
@@ 66,4 66,4 @@
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
M roles/vaultwarden/handlers/main.yml => roles/vaultwarden/handlers/main.yml +1 -1
@@ 1,5 1,5 @@
---
-- name: restart vaultwarden
+- name: Restart vaultwarden
ansible.builtin.systemd:
name: vaultwarden
state: restarted
M roles/vaultwarden/tasks/main.yml => roles/vaultwarden/tasks/main.yml +10 -10
@@ 7,7 7,7 @@
ansible.builtin.set_fact:
email_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/email') }}"
-- name: install
+- name: Install
community.general.pacman:
name: "{{ vaultwarden_packages }}"
state: present
@@ 27,44 27,44 @@
become_user: postgres
no_log: true
-- name: configure
+- name: Configure
ansible.builtin.template:
src: vaultwarden.env.j2
dest: /etc/vaultwarden.env
owner: vaultwarden
group: vaultwarden
mode: 0600
- notify: restart vaultwarden
+ notify: Restart vaultwarden
-- name: start and enable
+- name: Start and enable
ansible.builtin.systemd:
name: vaultwarden
enabled: true
state: started
-- name: copy nginx conf
+- name: Copy nginx conf
ansible.builtin.template:
src: pass.conf.j2
dest: /etc/nginx/nginx.d/pass.conf
owner: root
group: root
mode: 0644
- notify: restart nginx
+ notify: Restart nginx
-- name: install fail2ban filter
+- name: Install fail2ban filter
ansible.builtin.copy:
src: vaultwarden.filter
dest: /etc/fail2ban/filter.d/vaultwarden.local
owner: root
group: root
mode: 0644
- notify: restart fail2ban
+ notify: Restart fail2ban
-- name: install fail2ban jail
+- name: Install fail2ban jail
ansible.builtin.copy:
src: vaultwarden.jail
dest: /etc/fail2ban/jail.d/vaultwarden.local
owner: root
group: root
mode: 0644
- notify: restart fail2ban
+ notify: Restart fail2ban
M roles/xenrox/tasks/main.yml => roles/xenrox/tasks/main.yml +4 -4
@@ 3,7 3,7 @@
ansible.builtin.set_fact:
archlinux_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/archlinux') }}"
-- name: install xenrox packages
+- name: Install xenrox packages
community.general.pacman:
name: "{{ xenrox_packages }}"
state: present
@@ 16,7 16,7 @@
group: root
mode: 0440
-- name: create user
+- name: Create user
ansible.builtin.user:
name: xenrox
shell: /bin/zsh
@@ 24,7 24,7 @@
password: "{{ archlinux_secrets['xenrox_password'] | password_hash('sha512', archlinux_secrets['xenrox_hash']) }}"
no_log: true
-- name: add to wheel
+- name: Add to wheel
ansible.builtin.user:
name: xenrox
append: true
@@ 39,7 39,7 @@
ansible.builtin.set_fact:
authorized_keys: "{% for key in ssh_pubkeys %}{{ lookup('file', '../public_keys/' + key) }}\n{% endfor %}"
-- name: deposit ssh pub key
+- name: Deposit ssh pub key
ansible.posix.authorized_key:
user: xenrox
state: present