diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..416e400 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,19 @@ +--- +kind: pipeline +type: docker +name: check + +steps: + - name: yamllint + image: python:3.9-alpine + commands: + - pip install yamllint==1.25.0 + - yamllint -c .yamllint.yml . + + - name: ansible-lint + image: python:3.9-alpine + commands: + - apk add --no-cache gcc libc-dev libffi-dev openssl-dev + - pip install ansible-lint==4.3.7 + - ansible-lint *.yml +... diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e11bdbf..c62f35b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ --- -image: python:3.6 +image: python:3.9-alpine stages: - lint @@ -7,12 +7,13 @@ stages: yamllint: stage: lint script: - - pip install yamllint==1.15.0 + - pip install yamllint==1.25.0 - yamllint -c .yamllint.yml . ansible-lint: stage: lint script: - - pip install ansible-lint==4.0.0 + - apk add gcc libc-dev libffi-dev openssl-dev + - pip install ansible-lint==4.3.7 - ansible-lint *.yml ... diff --git a/.yamllint.yml b/.yamllint.yml index bcc5101..3a7ea3d 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -3,5 +3,6 @@ extends: default rules: line-length: + max: 120 level: warning ... diff --git a/base.yml b/base.yml index 2e26b95..5aee2d2 100755 --- a/base.yml +++ b/base.yml @@ -9,5 +9,4 @@ # Plug LDAP on all servers - hosts: all,!unifi roles: - - ldap-client - + - ldap_client diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 90615a1..599e834 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -48,7 +48,7 @@ dns_host_suffix_main: 253 dns_host_suffix_backup: 153 backup_dns_servers: - - "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr) + - "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr) # Finally raised! mtu: 1500 diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 52a14ab..8fa4cbb 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,3 +1,4 @@ +--- $ANSIBLE_VAULT;1.1;AES256 61333538366635353537346231363235653162356330396434383631656465616330363136306563 3861333166386536633437386335613461646466346239360a643139303037613937373631313661 diff --git a/group_vars/edc/ldap_local_replica.yml b/group_vars/edc/ldap_local_replica.yml index bad6801..63cfeb4 100644 --- a/group_vars/edc/ldap_local_replica.yml +++ b/group_vars/edc/ldap_local_replica.yml @@ -1,4 +1,3 @@ --- ldap_local_replica_uri: - 'ldap://ldap-replica-edc.adm.auro.re' - diff --git a/ldap_replica.yml b/ldap_replica.yml index 1686293..b921957 100755 --- a/ldap_replica.yml +++ b/ldap_replica.yml @@ -4,4 +4,4 @@ # DON'T DO THIS AS IT RECREATES THE REPLICA - hosts: ldap_replica roles: - - ldap-replica + - ldap_replica diff --git a/matrix.yml b/matrix.yml index b25fc0d..be54c53 100755 --- a/matrix.yml +++ b/matrix.yml @@ -6,13 +6,13 @@ mxisd_releases: https://github.com/kamax-matrix/mxisd/releases mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb" roles: - - debian-backports + - debian_backports - nodejs - - matrix-synapse - - matrix-appservice-irc - - matrix-appservice-webhooks + - matrix_synapse + - matrix_appservice_irc + - matrix_appservice_webhooks # Install Matrix services - hosts: matrix-services.adm.auro.re roles: - - debian-backports + - debian_backports diff --git a/monitoring.yml b/monitoring.yml index 616e380..c0c58c8 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -59,4 +59,4 @@ # Monitor all hosts - hosts: all,!unifi,!ovh roles: - - prometheus-node + - prometheus_node diff --git a/network.yml b/network.yml index aa42e72..a491c79 100755 --- a/network.yml +++ b/network.yml @@ -3,7 +3,7 @@ # Set up DHCP servers. - hosts: dhcp-*.adm.auro.re roles: - - isc-dhcp-server + - isc_dhcp_server # Deploy unbound DNS server (recursive). @@ -24,7 +24,7 @@ - hosts: ~routeur-aurore.*\.adm\.auro\.re roles: - router - - ipv6-edge-router + - ipv6_edge_router # Radius (backup only for now) - hosts: radius-*.adm.auro.re @@ -47,19 +47,19 @@ # Deploy Unifi Controller -#- hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re -# roles: -# - unifi-controller +# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re +# roles: +# - unifi-controller # Deploy Re2o switch service -#- hosts: switchs-manager.adm.auro.re -# vars: -# service_repo: https://gitlab.federez.net/re2o/switchs.git -# service_name: switchs -# service_version: master -# service_config: -# hostname: re2o-server.adm.auro.re -# username: service-user -# password: "{{ vault_serviceuser_passwd }}" -# roles: -# - re2o-service +# - hosts: switchs-manager.adm.auro.re +# vars: +# service_repo: https://gitlab.federez.net/re2o/switchs.git +# service_name: switchs +# service_version: master +# service_config: +# hostname: re2o-server.adm.auro.re +# username: service-user +# password: "{{ vault_serviceuser_passwd }}" +# roles: +# - re2o-service diff --git a/nuke-radius-dbs.yml b/nuke_radius_dbs.yml similarity index 100% rename from nuke-radius-dbs.yml rename to nuke_radius_dbs.yml diff --git a/roles/baseconfig/tasks/apt-listchanges.yml b/roles/baseconfig/tasks/apt-listchanges.yml index ec68e1f..b4d6214 100644 --- a/roles/baseconfig/tasks/apt-listchanges.yml +++ b/roles/baseconfig/tasks/apt-listchanges.yml @@ -19,6 +19,7 @@ option: "{{ item.option }}" value: "{{ item.value }}" state: present + mode: 0644 loop: - option: confirm value: "true" diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index e4d2db1..d73cf07 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -77,6 +77,7 @@ copy: src: "skel/dot_{{ item }}" dest: "/etc/skel/.{{ item }}" + mode: 0644 loop: - zshrc - zshrc.local diff --git a/roles/basesecurity/tasks/main.yml b/roles/basesecurity/tasks/main.yml index 2db6b5b..a0c15b6 100644 --- a/roles/basesecurity/tasks/main.yml +++ b/roles/basesecurity/tasks/main.yml @@ -54,6 +54,7 @@ option: "{{ item.option }}" value: "{{ item.value }}" state: present + mode: 0644 notify: Restart fail2ban service loop: - section: sshd diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index 66cae27..d6314ac 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -26,6 +26,7 @@ file: path: /etc/letsencrypt/conf.d state: directory + mode: 0755 - name: Add Certbot configuration template: diff --git a/roles/ipv6-edge-router/frr-apt-key.asc b/roles/ipv6_edge_router/frr-apt-key.asc similarity index 100% rename from roles/ipv6-edge-router/frr-apt-key.asc rename to roles/ipv6_edge_router/frr-apt-key.asc diff --git a/roles/ipv6-edge-router/handlers/main.yml b/roles/ipv6_edge_router/handlers/main.yml similarity index 100% rename from roles/ipv6-edge-router/handlers/main.yml rename to roles/ipv6_edge_router/handlers/main.yml diff --git a/roles/ipv6-edge-router/tasks/main.yml b/roles/ipv6_edge_router/tasks/main.yml similarity index 92% rename from roles/ipv6-edge-router/tasks/main.yml rename to roles/ipv6_edge_router/tasks/main.yml index 40c945d..8ec1353 100644 --- a/roles/ipv6-edge-router/tasks/main.yml +++ b/roles/ipv6_edge_router/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: install GPG apt: name: gnupg @@ -18,21 +17,23 @@ - name: Install frr apt: name: frr - + - name: setup frr daemons template: src: daemons.j2 dest: /etc/frr/daemons + mode: 0644 notify: restart frr - name: setup frr.conf template: src: frr.conf.j2 dest: /etc/frr/frr.conf + mode: 0644 notify: restart frr - name: enable+start frr service: name: frr state: started - enabled: yes + enabled: true diff --git a/roles/ipv6-edge-router/templates/daemons.j2 b/roles/ipv6_edge_router/templates/daemons.j2 similarity index 100% rename from roles/ipv6-edge-router/templates/daemons.j2 rename to roles/ipv6_edge_router/templates/daemons.j2 diff --git a/roles/ipv6-edge-router/templates/frr.conf.j2 b/roles/ipv6_edge_router/templates/frr.conf.j2 similarity index 100% rename from roles/ipv6-edge-router/templates/frr.conf.j2 rename to roles/ipv6_edge_router/templates/frr.conf.j2 diff --git a/roles/isc-dhcp-server/handlers/main.yml b/roles/isc_dhcp_server/handlers/main.yml similarity index 78% rename from roles/isc-dhcp-server/handlers/main.yml rename to roles/isc_dhcp_server/handlers/main.yml index 840463c..fd4dd48 100644 --- a/roles/isc-dhcp-server/handlers/main.yml +++ b/roles/isc_dhcp_server/handlers/main.yml @@ -1,5 +1,6 @@ +--- - name: force run dhcp re2o-service - shell: /var/local/re2o-services/dhcp/main.py --force + command: /var/local/re2o-services/dhcp/main.py --force become_user: re2o-services - name: restart dhcpd @@ -11,4 +12,3 @@ systemd: name: rsyslog state: restarted - diff --git a/roles/isc-dhcp-server/tasks/main.yml b/roles/isc_dhcp_server/tasks/main.yml similarity index 96% rename from roles/isc-dhcp-server/tasks/main.yml rename to roles/isc_dhcp_server/tasks/main.yml index e198163..f3ffe54 100644 --- a/roles/isc-dhcp-server/tasks/main.yml +++ b/roles/isc_dhcp_server/tasks/main.yml @@ -17,7 +17,8 @@ state: directory owner: re2o-services group: nogroup - recurse: yes + recurse: true + mode: u=rwX,g=rX,o=rX - name: Install isc-dhcp-server apt: @@ -101,7 +102,7 @@ when: is_aurore_host - name: force run dhcp re2o-service - shell: /var/local/re2o-services/dhcp/main.py --force + command: /var/local/re2o-services/dhcp/main.py --force - name: Ensure dhcpd is running service: diff --git a/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2 b/roles/isc_dhcp_server/templates/default/isc-dhcp-server.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2 rename to roles/isc_dhcp_server/templates/default/isc-dhcp-server.j2 diff --git a/roles/isc-dhcp-server/templates/dhcp/aurore-subnets.conf.j2 b/roles/isc_dhcp_server/templates/dhcp/aurore-subnets.conf.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/dhcp/aurore-subnets.conf.j2 rename to roles/isc_dhcp_server/templates/dhcp/aurore-subnets.conf.j2 diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcp-failover.conf.j2 b/roles/isc_dhcp_server/templates/dhcp/dhcp-failover.conf.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/dhcp/dhcp-failover.conf.j2 rename to roles/isc_dhcp_server/templates/dhcp/dhcp-failover.conf.j2 diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc_dhcp_server/templates/dhcp/dhcpd.conf.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 rename to roles/isc_dhcp_server/templates/dhcp/dhcpd.conf.j2 diff --git a/roles/isc-dhcp-server/templates/dhcp/regular-subnets.conf.j2 b/roles/isc_dhcp_server/templates/dhcp/regular-subnets.conf.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/dhcp/regular-subnets.conf.j2 rename to roles/isc_dhcp_server/templates/dhcp/regular-subnets.conf.j2 diff --git a/roles/isc-dhcp-server/templates/logrotate.d/dhcp.j2 b/roles/isc_dhcp_server/templates/logrotate.d/dhcp.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/logrotate.d/dhcp.j2 rename to roles/isc_dhcp_server/templates/logrotate.d/dhcp.j2 diff --git a/roles/isc-dhcp-server/vars/main.yml b/roles/isc_dhcp_server/vars/main.yml similarity index 100% rename from roles/isc-dhcp-server/vars/main.yml rename to roles/isc_dhcp_server/vars/main.yml diff --git a/roles/ldap-client/handlers/main.yml b/roles/ldap_client/handlers/main.yml similarity index 100% rename from roles/ldap-client/handlers/main.yml rename to roles/ldap_client/handlers/main.yml diff --git a/roles/ldap-client/tasks/1_group_security.yml b/roles/ldap_client/tasks/1_group_security.yml similarity index 100% rename from roles/ldap-client/tasks/1_group_security.yml rename to roles/ldap_client/tasks/1_group_security.yml diff --git a/roles/ldap-client/tasks/2_userland_scripts.yml b/roles/ldap_client/tasks/2_userland_scripts.yml similarity index 100% rename from roles/ldap-client/tasks/2_userland_scripts.yml rename to roles/ldap_client/tasks/2_userland_scripts.yml diff --git a/roles/ldap-client/tasks/install_ldap.yml b/roles/ldap_client/tasks/install_ldap.yml similarity index 100% rename from roles/ldap-client/tasks/install_ldap.yml rename to roles/ldap_client/tasks/install_ldap.yml diff --git a/roles/ldap-client/tasks/main.yml b/roles/ldap_client/tasks/main.yml similarity index 100% rename from roles/ldap-client/tasks/main.yml rename to roles/ldap_client/tasks/main.yml diff --git a/roles/ldap-client/templates/chsh.j2 b/roles/ldap_client/templates/chsh.j2 similarity index 100% rename from roles/ldap-client/templates/chsh.j2 rename to roles/ldap_client/templates/chsh.j2 diff --git a/roles/ldap-client/templates/nslcd.conf.j2 b/roles/ldap_client/templates/nslcd.conf.j2 similarity index 100% rename from roles/ldap-client/templates/nslcd.conf.j2 rename to roles/ldap_client/templates/nslcd.conf.j2 diff --git a/roles/ldap-client/templates/passwd.j2 b/roles/ldap_client/templates/passwd.j2 similarity index 100% rename from roles/ldap-client/templates/passwd.j2 rename to roles/ldap_client/templates/passwd.j2 diff --git a/roles/ldap-replica/tasks/main.yml b/roles/ldap_replica/tasks/main.yml similarity index 98% rename from roles/ldap-replica/tasks/main.yml rename to roles/ldap_replica/tasks/main.yml index 914ce4e..cb79bd4 100644 --- a/roles/ldap-replica/tasks/main.yml +++ b/roles/ldap_replica/tasks/main.yml @@ -40,6 +40,7 @@ file: path: "{{ item }}" state: directory + mode: 0755 loop: - /etc/ldap/slapd.d - /var/lib/ldap diff --git a/roles/ldap-replica/templates/schema.ldiff.j2 b/roles/ldap_replica/templates/schema.ldiff.j2 similarity index 100% rename from roles/ldap-replica/templates/schema.ldiff.j2 rename to roles/ldap_replica/templates/schema.ldiff.j2 diff --git a/roles/matrix-appservice-irc/defaults/main.yml b/roles/matrix_appservice_irc/defaults/main.yml similarity index 100% rename from roles/matrix-appservice-irc/defaults/main.yml rename to roles/matrix_appservice_irc/defaults/main.yml diff --git a/roles/matrix-appservice-irc/tasks/main.yml b/roles/matrix_appservice_irc/tasks/main.yml similarity index 100% rename from roles/matrix-appservice-irc/tasks/main.yml rename to roles/matrix_appservice_irc/tasks/main.yml diff --git a/roles/matrix-appservice-irc/tasks/service_user.yml b/roles/matrix_appservice_irc/tasks/service_user.yml similarity index 100% rename from roles/matrix-appservice-irc/tasks/service_user.yml rename to roles/matrix_appservice_irc/tasks/service_user.yml diff --git a/roles/matrix-appservice-irc/templates/config.yaml.j2 b/roles/matrix_appservice_irc/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-appservice-irc/templates/config.yaml.j2 rename to roles/matrix_appservice_irc/templates/config.yaml.j2 diff --git a/roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 b/roles/matrix_appservice_irc/templates/systemd/appservice.service.j2 similarity index 100% rename from roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 rename to roles/matrix_appservice_irc/templates/systemd/appservice.service.j2 diff --git a/roles/matrix-appservice-webhooks/defaults/main.yml b/roles/matrix_appservice_webhooks/defaults/main.yml similarity index 100% rename from roles/matrix-appservice-webhooks/defaults/main.yml rename to roles/matrix_appservice_webhooks/defaults/main.yml diff --git a/roles/matrix-appservice-webhooks/tasks/main.yml b/roles/matrix_appservice_webhooks/tasks/main.yml similarity index 100% rename from roles/matrix-appservice-webhooks/tasks/main.yml rename to roles/matrix_appservice_webhooks/tasks/main.yml diff --git a/roles/matrix-appservice-webhooks/tasks/service_user.yml b/roles/matrix_appservice_webhooks/tasks/service_user.yml similarity index 100% rename from roles/matrix-appservice-webhooks/tasks/service_user.yml rename to roles/matrix_appservice_webhooks/tasks/service_user.yml diff --git a/roles/matrix-appservice-webhooks/templates/config.yaml.j2 b/roles/matrix_appservice_webhooks/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-appservice-webhooks/templates/config.yaml.j2 rename to roles/matrix_appservice_webhooks/templates/config.yaml.j2 diff --git a/roles/matrix-appservice-webhooks/templates/systemd/appservice.service.j2 b/roles/matrix_appservice_webhooks/templates/systemd/appservice.service.j2 similarity index 100% rename from roles/matrix-appservice-webhooks/templates/systemd/appservice.service.j2 rename to roles/matrix_appservice_webhooks/templates/systemd/appservice.service.j2 diff --git a/roles/matrix-synapse/files/rest_auth_provider.py b/roles/matrix_synapse/files/rest_auth_provider.py similarity index 100% rename from roles/matrix-synapse/files/rest_auth_provider.py rename to roles/matrix_synapse/files/rest_auth_provider.py diff --git a/roles/matrix-synapse/handlers/main.yml b/roles/matrix_synapse/handlers/main.yml similarity index 100% rename from roles/matrix-synapse/handlers/main.yml rename to roles/matrix_synapse/handlers/main.yml diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix_synapse/tasks/main.yml similarity index 100% rename from roles/matrix-synapse/tasks/main.yml rename to roles/matrix_synapse/tasks/main.yml diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/database.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/database.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/database.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/database.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2 diff --git a/roles/nginx-reverseproxy/handlers/main.yml b/roles/nginx_reverseproxy/handlers/main.yml similarity index 100% rename from roles/nginx-reverseproxy/handlers/main.yml rename to roles/nginx_reverseproxy/handlers/main.yml diff --git a/roles/nginx-reverseproxy/tasks/main.yml b/roles/nginx_reverseproxy/tasks/main.yml similarity index 93% rename from roles/nginx-reverseproxy/tasks/main.yml rename to roles/nginx_reverseproxy/tasks/main.yml index b1e3945..4ccaa2a 100644 --- a/roles/nginx-reverseproxy/tasks/main.yml +++ b/roles/nginx_reverseproxy/tasks/main.yml @@ -11,6 +11,7 @@ template: src: "nginx/snippets/{{ item }}.j2" dest: "/etc/nginx/snippets/{{ item }}" + mode: 0644 loop: - options-ssl.conf - options-proxypass.conf @@ -19,11 +20,13 @@ template: src: letsencrypt/dhparam.j2 dest: /etc/letsencrypt/dhparam + mode: 0644 - name: Copy reverse proxy sites template: src: "nginx/sites-available/{{ item }}.j2" dest: "/etc/nginx/sites-available/{{ item }}" + mode: 0644 loop: - reverseproxy - reverseproxy_redirect_dname @@ -35,6 +38,7 @@ src: "/etc/nginx/sites-available/{{ item }}" dest: "/etc/nginx/sites-enabled/{{ item }}" state: link + mode: 0644 loop: - reverseproxy - reverseproxy_redirect_dname @@ -45,6 +49,7 @@ template: src: www/html/50x.html.j2 dest: /var/www/html/50x.html + mode: 0644 - name: Indicate role in motd template: diff --git a/roles/nginx-reverseproxy/templates/letsencrypt/dhparam.j2 b/roles/nginx_reverseproxy/templates/letsencrypt/dhparam.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/letsencrypt/dhparam.j2 rename to roles/nginx_reverseproxy/templates/letsencrypt/dhparam.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/sites-available/redirect.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/sites-available/redirect.j2 rename to roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/sites-available/reverseproxy.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/sites-available/reverseproxy.j2 rename to roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 rename to roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 b/roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 rename to roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 b/roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 rename to roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 diff --git a/roles/nginx-reverseproxy/templates/update-motd.d/05-service.j2 b/roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/update-motd.d/05-service.j2 rename to roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2 diff --git a/roles/nginx-reverseproxy/templates/www/html/50x.html.j2 b/roles/nginx_reverseproxy/templates/www/html/50x.html.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/www/html/50x.html.j2 rename to roles/nginx_reverseproxy/templates/www/html/50x.html.j2 diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 62dde31..211aee3 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -13,12 +13,14 @@ template: src: prometheus/prometheus.yml.j2 dest: /etc/prometheus/prometheus.yml + mode: 0644 notify: Restart Prometheus - name: Configure Prometheus alert rules template: src: "prometheus/{{ item }}.j2" dest: "/etc/prometheus/{{ item }}" + mode: 0644 notify: Restart Prometheus loop: - alert.rules.yml @@ -45,12 +47,14 @@ copy: content: "{{ prometheus_targets | to_nice_json }}" dest: /etc/prometheus/targets.json + mode: 0644 # We don't need to restart Prometheus when updating nodes - name: Configure Prometheus Ubiquity Unifi SNMP devices copy: content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}" dest: /etc/prometheus/targets_unifi_snmp.json + mode: 0644 - name: Activate prometheus service systemd: diff --git a/roles/prometheus-node/handlers/main.yml b/roles/prometheus_node/handlers/main.yml similarity index 100% rename from roles/prometheus-node/handlers/main.yml rename to roles/prometheus_node/handlers/main.yml diff --git a/roles/prometheus-node/tasks/main.yml b/roles/prometheus_node/tasks/main.yml similarity index 100% rename from roles/prometheus-node/tasks/main.yml rename to roles/prometheus_node/tasks/main.yml diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml index 672bc6d..22cbf40 100644 --- a/roles/radius/tasks/main.yml +++ b/roles/radius/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Add backports repositories apt_repository: repo: "{{ item }} http://deb.debian.org/debian buster-backports main contrib non-free" @@ -5,11 +6,11 @@ - "deb" - "deb-src" - - name: Ensure /var/www exists file: name: "/var/www" - state: directory + state: directory + mode: 0755 - name: Clone re2o repo git: @@ -22,11 +23,11 @@ template: src: "{{ item }}.j2" dest: "/var/www/re2o/re2o/{{ item }}" + mode: 0644 loop: - settings_local.py - local_routers.py - # What follows is a hideous abomination. # Blame freeradius-python3 on backports. @@ -34,27 +35,28 @@ apt: name: freeradius-python3 default_release: buster-backports - update_cache: yes - ignore_errors: yes + update_cache: true + ignore_errors: true - name: fix freeradius-python3 postinstall script template: src: freeradius-python3.postinst.j2 dest: /var/lib/dpkg/info/freeradius-python3.postinst + mode: 0644 - name: reinstall broken package (this might fail too, for different reasons) apt: name: freeradius-python3 default_release: buster-backports - force: yes - ignore_errors: yes + force: true + ignore_errors: true - name: Setup radius symlinks file: src: "/var/www/re2o/freeradius_utils/{{ item.local_prefix }}{{ item.filename }}" dest: "/etc/freeradius/3.0/{{ item.filename }}" state: link - force: yes + force: true loop: - local_prefix: "" filename: auth.py @@ -69,6 +71,7 @@ template: src: "{{ item }}.j2" dest: "/etc/freeradius/3.0/{{ item }}" + mode: 0640 loop: - sites-enabled/default - sites-enabled/inner-tunnel @@ -77,6 +80,7 @@ template: src: "{{ item }}.j2" dest: "/etc/freeradius/3.0/{{ item }}" + mode: 0640 loop: - clients.conf - proxy.conf @@ -99,7 +103,7 @@ when: "'aurore_vm' in group_names" - name: Install radius requirements (except freeradius-python3) - shell: + command: cmd: "{{ item }}" chdir: /var/www/re2o/ loop: @@ -113,6 +117,7 @@ template: src: "freeradius-logrotate.j2" dest: "/etc/logrotate.d/freeradius" + mode: 0644 # Database setup @@ -154,7 +159,7 @@ state: absent become_user: postgres when: nuke_radius|default(false) - ignore_errors: yes + ignore_errors: true - name: Nuking - Destroy old local DB if it exists community.general.postgresql_db: @@ -244,13 +249,13 @@ dbname: re2o db: re2o publications: - - re2o_pub + - re2o_pub become_user: postgres - name: Restart freeradius, ensure enabled systemd: name: freeradius - enabled: yes + enabled: true state: restarted - daemon_reload: yes + daemon_reload: true diff --git a/roles/radvd/handlers/main.yml b/roles/radvd/handlers/main.yml index f2ce52c..6ed4ca7 100644 --- a/roles/radvd/handlers/main.yml +++ b/roles/radvd/handlers/main.yml @@ -1,5 +1,6 @@ +--- - name: restart radvd systemd: state: restarted name: radvd - enabled: yes + enabled: true diff --git a/roles/radvd/tasks/main.yml b/roles/radvd/tasks/main.yml index 75c72c1..47b1f9d 100644 --- a/roles/radvd/tasks/main.yml +++ b/roles/radvd/tasks/main.yml @@ -1,6 +1,4 @@ --- - - # Warning: radvd installation seems to fail if the configuration # file doesn't already exist when the package is installed, # so the order is important. @@ -19,4 +17,3 @@ name: radvd state: present notify: restart radvd - diff --git a/roles/re2o-service/defaults/main.yml b/roles/re2o_service/defaults/main.yml similarity index 100% rename from roles/re2o-service/defaults/main.yml rename to roles/re2o_service/defaults/main.yml diff --git a/roles/re2o-service/tasks/main.yml b/roles/re2o_service/tasks/main.yml similarity index 100% rename from roles/re2o-service/tasks/main.yml rename to roles/re2o_service/tasks/main.yml diff --git a/roles/re2o-service/tasks/service_user.yml b/roles/re2o_service/tasks/service_user.yml similarity index 100% rename from roles/re2o-service/tasks/service_user.yml rename to roles/re2o_service/tasks/service_user.yml diff --git a/roles/re2o-service/templates/update-motd.d/05-service.j2 b/roles/re2o_service/templates/update-motd.d/05-service.j2 similarity index 100% rename from roles/re2o-service/templates/update-motd.d/05-service.j2 rename to roles/re2o_service/templates/update-motd.d/05-service.j2 diff --git a/roles/router/handlers/main.yml b/roles/router/handlers/main.yml index b095c21..0583512 100644 --- a/roles/router/handlers/main.yml +++ b/roles/router/handlers/main.yml @@ -1,8 +1,9 @@ +--- - name: restart keepalived systemd: state: restarted name: keepalived - enabled: yes + enabled: true - name: run aurore-firewall command: python3 main.py --force diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml index a686a6e..2014572 100644 --- a/roles/router/tasks/main.yml +++ b/roles/router/tasks/main.yml @@ -3,25 +3,25 @@ # XXX: YES, this is ugly as fuck. - name: set IP suffix (main) set_fact: - router_hard_ip_suffix: 240 + router_hard_ip_suffix: 240 when: "'backup' not in ansible_hostname" - name: set IP suffix (backup) set_fact: - router_hard_ip_suffix: 140 + router_hard_ip_suffix: 140 when: "'backup' in ansible_hostname" - name: Enable IPv4 packet forwarding ansible.posix.sysctl: name: net.ipv4.ip_forward value: '1' - sysctl_set: yes + sysctl_set: true - name: Enable IPv6 packet forwarding ansible.posix.sysctl: name: net.ipv6.conf.all.forwarding value: '1' - sysctl_set: yes + sysctl_set: true - name: Configure /etc/network/interfaces for routeur-aurore* template: diff --git a/roles/unbound/handlers/main.yml b/roles/unbound/handlers/main.yml index a619b94..c9d2d42 100644 --- a/roles/unbound/handlers/main.yml +++ b/roles/unbound/handlers/main.yml @@ -1,3 +1,4 @@ +--- - name: restart unbound systemd: state: restarted diff --git a/roles/unifi-controller/tasks/main.yml b/roles/unifi_controller/tasks/main.yml similarity index 100% rename from roles/unifi-controller/tasks/main.yml rename to roles/unifi_controller/tasks/main.yml diff --git a/roles/unifi-controller/templates/update-motd.d/05-service.j2 b/roles/unifi_controller/templates/update-motd.d/05-service.j2 similarity index 100% rename from roles/unifi-controller/templates/update-motd.d/05-service.j2 rename to roles/unifi_controller/templates/update-motd.d/05-service.j2 diff --git a/services_web.yml b/services_web.yml index f368d9f..1d6f9ef 100755 --- a/services_web.yml +++ b/services_web.yml @@ -32,26 +32,26 @@ - fede-aurore.net reverseproxy_sites: - - {from: re2o.auro.re, to: 10.128.0.10} - - {from: intranet.auro.re, to: 10.128.0.10} + - {from: re2o.auro.re, to: 10.128.0.10} + - {from: intranet.auro.re, to: 10.128.0.10} - - {from: phabricator.auro.re, to: 10.128.0.50} - - {from: wiki.auro.re, to: 10.128.0.51} - - {from: www.auro.re, to: 10.128.0.52} + - {from: phabricator.auro.re, to: 10.128.0.50} + - {from: wiki.auro.re, to: 10.128.0.51} + - {from: www.auro.re, to: 10.128.0.52} - - {from: drone.auro.re, to: "10.128.0.64:8000"} + - {from: drone.auro.re, to: "10.128.0.64:8000"} - - {from: re2o-test.auro.re, to: 10.128.0.100} + - {from: re2o-test.auro.re, to: 10.128.0.100} - - {from: riot.auro.re, to: "10.128.0.150:8080"} - - {from: codimd.auro.re, to: "10.128.0.150:8081"} - - {from: grafana.auro.re, to: "10.128.0.150:8082"} - - {from: privatebin.auro.re, to: "10.128.0.150:8083"} - - {from: pad.auro.re, to: "10.128.0.150:8084"} - - {from: cas.auro.re, to: "10.128.0.150:8085"} + - {from: riot.auro.re, to: "10.128.0.150:8080"} + - {from: codimd.auro.re, to: "10.128.0.150:8081"} + - {from: grafana.auro.re, to: "10.128.0.150:8082"} + - {from: privatebin.auro.re, to: "10.128.0.150:8083"} + - {from: pad.auro.re, to: "10.128.0.150:8084"} + - {from: cas.auro.re, to: "10.128.0.150:8085"} redirect_sites: - - {from: auro.re, to: www.auro.re} + - {from: auro.re, to: www.auro.re} roles: - certbot - - nginx-reverseproxy + - nginx_reverseproxy