~xenrox/ansible

34bfc54204f8401bb5af02733bd835c1aabb43ae — Thorben Günther 6 months ago 120d584 master 
ansible-lint: Fix warnings

no-role-prefix: Variables names from within roles should use foo_ as a
prefix. (vars: bar)
patch browse .tar.gz 
14 files changed, 41 insertions(+), 41 deletions(-)

M host_vars/xenrox.net/vars.yml
M roles/ntfy_server/defaults/main.yml
M roles/ntfy_server/templates/server.yml.j2
M roles/ntfy_server/vars/main.yml
M roles/postgres/defaults/main.yml
M roles/postgres/templates/postgresql.conf.j2
M roles/setup_archlinux/tasks/main.yml
M roles/setup_archlinux/vars/main.yml
M roles/teamspeak/defaults/main.yml
M roles/teamspeak/templates/teamspeak.xml.j2
M roles/wireguard_vpn_server/templates/wg1.netdev.j2
M roles/wireguard_vpn_server/vars/main.yml
M roles/xenrox/defaults/main.yml
M roles/xenrox/tasks/main.yml

M host_vars/xenrox.net/vars.yml => host_vars/xenrox.net/vars.yml +9 -9
@@ 18,13 18,13 @@ hostname: avalon.xenrox.net
srht: true

# PostgreSQL settings
pg_max_connections: 200
pg_shared_buffers: 8GB
pg_work_mem: 64MB
pg_maintenance_work_mem: 2GB
pg_effective_io_concurrency: 100
pg_effective_cache_size: 24GB
postgres_max_connections: 200
postgres_shared_buffers: 8GB
postgres_work_mem: 64MB
postgres_maintenance_work_mem: 2GB
postgres_effective_io_concurrency: 100
postgres_effective_cache_size: 24GB

pg_logging_collector: on # noqa yaml[truthy]
pg_log_min_duration_statement: 15ms
pg_log_line_prefix: "%d %m [%p] "
postgres_logging_collector: on # noqa yaml[truthy]
postgres_log_min_duration_statement: 15ms
postgres_log_line_prefix: "%d %m [%p] "


M roles/ntfy_server/defaults/main.yml => roles/ntfy_server/defaults/main.yml +1 -1
@@ 1,2 1,2 @@
---
ntfy_enable_metrics: false
ntfy_server_enable_metrics: false


M roles/ntfy_server/templates/server.yml.j2 => roles/ntfy_server/templates/server.yml.j2 +1 -1
@@ 328,7 328,7 @@ enable-reservations: true
# - metrics-listen-http exposes the metrics endpoint via a dedicated [IP]:port. If set, this option implicitly
#   enables metrics as well, e.g. "10.0.1.1:9090" or ":9090"
#
enable-metrics: {{ ntfy_enable_metrics }}
enable-metrics: {{ ntfy_server_enable_metrics }}
# metrics-listen-http:

# Profiling


M roles/ntfy_server/vars/main.yml => roles/ntfy_server/vars/main.yml +1 -1
@@ 1,2 1,2 @@
---
ntfy_enable_metrics: true
ntfy_server_enable_metrics: true


M roles/postgres/defaults/main.yml => roles/postgres/defaults/main.yml +9 -9
@@ 1,11 1,11 @@
---
pg_max_connections: 100
pg_shared_buffers: 128MB
pg_work_mem: 4MB
pg_maintenance_work_mem: 64MB
pg_effective_io_concurrency: 1
pg_effective_cache_size: 4GB
postgres_max_connections: 100
postgres_shared_buffers: 128MB
postgres_work_mem: 4MB
postgres_maintenance_work_mem: 64MB
postgres_effective_io_concurrency: 1
postgres_effective_cache_size: 4GB

pg_logging_collector: off # noqa yaml[truthy]
pg_log_min_duration_statement: -1
pg_log_line_prefix: "%m [%p] "
postgres_logging_collector: off # noqa yaml[truthy]
postgres_log_min_duration_statement: -1
postgres_log_line_prefix: "%m [%p] "


M roles/postgres/templates/postgresql.conf.j2 => roles/postgres/templates/postgresql.conf.j2 +9 -9
@@ 62,7 62,7 @@
					# defaults to 'localhost'; use '*' for all
					# (change requires restart)
#port = 5432				# (change requires restart)
max_connections = {{ pg_max_connections }}			# (change requires restart)
max_connections = {{ postgres_max_connections }}			# (change requires restart)
#superuser_reserved_connections = 3	# (change requires restart)
#unix_socket_directories = '/run/postgresql'	# comma-separated list of directories
					# (change requires restart)


@@ 124,7 124,7 @@ ssl_key_file = '/var/lib/postgres/data/privkey.pem'

# - Memory -

shared_buffers = {{ pg_shared_buffers }}			# min 128kB
shared_buffers = {{ postgres_shared_buffers }}			# min 128kB
					# (change requires restart)
#huge_pages = try			# on, off, or try
					# (change requires restart)


@@ 135,9 135,9 @@ shared_buffers = {{ pg_shared_buffers }}			# min 128kB
					# (change requires restart)
# Caution: it is not advisable to set max_prepared_transactions nonzero unless
# you actively intend to use prepared transactions.
work_mem = {{ pg_work_mem }}				# min 64kB
work_mem = {{ postgres_work_mem }}				# min 64kB
#hash_mem_multiplier = 1.0		# 1-1000.0 multiplier on hash table work_mem
maintenance_work_mem = {{ pg_maintenance_work_mem }}		# min 1MB
maintenance_work_mem = {{ postgres_maintenance_work_mem }}		# min 1MB
#autovacuum_work_mem = -1		# min 1MB, or -1 to use maintenance_work_mem
#logical_decoding_work_mem = 64MB	# min 64kB
#max_stack_depth = 2MB			# min 100kB


@@ 184,7 184,7 @@ dynamic_shared_memory_type = posix	# the default is the first option
# - Asynchronous Behavior -

#backend_flush_after = 0		# measured in pages, 0 disables
effective_io_concurrency = {{ pg_effective_io_concurrency }}		# 1-1000; 0 disables prefetching
effective_io_concurrency = {{ postgres_effective_io_concurrency }}		# 1-1000; 0 disables prefetching
#maintenance_io_concurrency = 10	# 1-1000; 0 disables prefetching
#max_worker_processes = 8		# (change requires restart)
#max_parallel_maintenance_workers = 2	# taken from max_parallel_workers


@@ 390,7 390,7 @@ min_wal_size = 80MB
#parallel_tuple_cost = 0.1		# same scale as above
#min_parallel_table_scan_size = 8MB
#min_parallel_index_scan_size = 512kB
effective_cache_size = {{ pg_effective_cache_size }}
effective_cache_size = {{ postgres_effective_cache_size }}

#jit_above_cost = 100000		# perform JIT compilation if available
					# and query more expensive than this;


@@ 436,7 436,7 @@ effective_cache_size = {{ pg_effective_cache_size }}
					# requires logging_collector to be on.

# This is used when logging to stderr:
logging_collector = {{ pg_logging_collector }}		# Enable capturing of stderr and csvlog
logging_collector = {{ postgres_logging_collector }}		# Enable capturing of stderr and csvlog
					# into log files. Required to be on for
					# csvlogs.
					# (change requires restart)


@@ 502,7 502,7 @@ logging_collector = {{ pg_logging_collector }}		# Enable capturing of stderr and
					#   fatal
					#   panic (effectively off)

log_min_duration_statement = {{ pg_log_min_duration_statement }}	# -1 is disabled, 0 logs all statements
log_min_duration_statement = {{ postgres_log_min_duration_statement }}	# -1 is disabled, 0 logs all statements
					# and their durations, > 0 logs only
					# statements running at least this number
					# of milliseconds


@@ 539,7 539,7 @@ log_min_duration_statement = {{ pg_log_min_duration_statement }}	# -1 is disable
#log_duration = off
#log_error_verbosity = default		# terse, default, or verbose messages
#log_hostname = off
log_line_prefix = '{{ pg_log_line_prefix }}'		# special values:
log_line_prefix = '{{ postgres_log_line_prefix }}'		# special values:
					#   %a = application name
					#   %u = user name
					#   %d = database name


M roles/setup_archlinux/tasks/main.yml => roles/setup_archlinux/tasks/main.yml +1 -1
@@ 1,7 1,7 @@
---
- name: Install useful tools
  community.general.pacman:
    name: "{{ archlinux_packages }}"
    name: "{{ setup_archlinux_packages }}"
    state: present

- name: Set hostname


M roles/setup_archlinux/vars/main.yml => roles/setup_archlinux/vars/main.yml +1 -1
@@ 1,5 1,5 @@
---
archlinux_packages:
setup_archlinux_packages:
  - dfrs
  - eza
  - git


M roles/teamspeak/defaults/main.yml => roles/teamspeak/defaults/main.yml +1 -1
@@ 1,2 1,2 @@
---
expose_serverquery: false
teamspeak_expose_serverquery: false


M roles/teamspeak/templates/teamspeak.xml.j2 => roles/teamspeak/templates/teamspeak.xml.j2 +1 -1
@@ 4,7 4,7 @@
  <description>TeamSpeak 3 server.</description>
  <port protocol="udp" port="9987"/>
  <port protocol="tcp" port="30033"/>
{% if expose_serverquery %}
{% if teamspeak_expose_serverquery %}
  <port protocol="tcp" port="10011"/>
{% endif %}
</service>


M roles/wireguard_vpn_server/templates/wg1.netdev.j2 => roles/wireguard_vpn_server/templates/wg1.netdev.j2 +1 -1
@@ 7,7 7,7 @@ Description=WireGuard VPN wg1
ListenPort=51821
PrivateKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard_vpn/xenrox.net.key:content') | trim }}

{% for client in wireguard_clients %}
{% for client in wireguard_vpn_server_wireguard_clients %}
[WireGuardPeer]
PublicKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard_vpn/' ~ client.name ~ '.pub:content') | trim }}
PresharedKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard_vpn/' ~ client.name ~ '.psk:content') | trim }}


M roles/wireguard_vpn_server/vars/main.yml => roles/wireguard_vpn_server/vars/main.yml +1 -1
@@ 1,5 1,5 @@
---
wireguard_clients:
wireguard_vpn_server_wireguard_clients:
  - name: localhost
    address: 10.200.200.2
  - name: smartphone


M roles/xenrox/defaults/main.yml => roles/xenrox/defaults/main.yml +2 -2
@@ 1,5 1,5 @@
---
# Set to true for hosts whose playbooks are executed in the CI/CD pipeline
ci_deploy_target: false
ssh_pubkeys:
xenrox_ci_deploy_target: false
xenrox_ssh_pubkeys:
  - yubikey.pub


M roles/xenrox/tasks/main.yml => roles/xenrox/tasks/main.yml +3 -3
@@ 32,12 32,12 @@

- name: Add SSH public key for auto-deployment
  ansible.builtin.set_fact:
    ssh_pubkeys: "{{ ssh_pubkeys + ['xenrox_ansible.pub'] }}"
  when: ci_deploy_target
    xenrox_ssh_pubkeys: "{{ xenrox_ssh_pubkeys + ['xenrox_ansible.pub'] }}"
  when: xenrox_ci_deploy_target

- name: Read SSH public keys
  ansible.builtin.set_fact:
    authorized_keys: "{% for key in ssh_pubkeys %}{{ lookup('file', '../public_keys/' + key) }}\n{% endfor %}"
    authorized_keys: "{% for key in xenrox_ssh_pubkeys %}{{ lookup('file', '../public_keys/' + key) }}\n{% endfor %}"

- name: Deposit ssh pub key
  ansible.posix.authorized_key: