From d60b75109a3be05500b675b0088ddefd67376f7e Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 18:50:10 +0100 Subject: [PATCH 01/13] Upgrade python, ansiblelint and yamllint --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e11bdbf..44b8430 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ --- -image: python:3.6 +image: python:3.9 stages: - lint @@ -7,12 +7,12 @@ stages: yamllint: stage: lint script: - - pip install yamllint==1.15.0 + - pip install yamllint==1.25.0 - yamllint -c .yamllint.yml . ansible-lint: stage: lint script: - - pip install ansible-lint==4.0.0 + - pip install ansible-lint==4.3.7 - ansible-lint *.yml ... From 9b8dee098e3ecd2b72eb93cee57f84bd3ad2a0b8 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 19:31:50 +0100 Subject: [PATCH 02/13] Always set file permissions --- roles/baseconfig/tasks/apt-listchanges.yml | 1 + roles/baseconfig/tasks/main.yml | 1 + roles/basesecurity/tasks/main.yml | 1 + roles/certbot/tasks/main.yml | 1 + roles/ipv6-edge-router/tasks/main.yml | 4 +++- roles/ldap-replica/tasks/main.yml | 1 + roles/nginx-reverseproxy/tasks/main.yml | 5 +++++ roles/prometheus/tasks/main.yml | 4 ++++ roles/radius/tasks/main.yml | 10 +++++++--- 9 files changed, 24 insertions(+), 4 deletions(-) diff --git a/roles/baseconfig/tasks/apt-listchanges.yml b/roles/baseconfig/tasks/apt-listchanges.yml index ec68e1f..b4d6214 100644 --- a/roles/baseconfig/tasks/apt-listchanges.yml +++ b/roles/baseconfig/tasks/apt-listchanges.yml @@ -19,6 +19,7 @@ option: "{{ item.option }}" value: "{{ item.value }}" state: present + mode: 0644 loop: - option: confirm value: "true" diff --git a/roles/baseconfig/tasks/main.yml b/roles/baseconfig/tasks/main.yml index e4d2db1..d73cf07 100644 --- a/roles/baseconfig/tasks/main.yml +++ b/roles/baseconfig/tasks/main.yml @@ -77,6 +77,7 @@ copy: src: "skel/dot_{{ item }}" dest: "/etc/skel/.{{ item }}" + mode: 0644 loop: - zshrc - zshrc.local diff --git a/roles/basesecurity/tasks/main.yml b/roles/basesecurity/tasks/main.yml index 2db6b5b..a0c15b6 100644 --- a/roles/basesecurity/tasks/main.yml +++ b/roles/basesecurity/tasks/main.yml @@ -54,6 +54,7 @@ option: "{{ item.option }}" value: "{{ item.value }}" state: present + mode: 0644 notify: Restart fail2ban service loop: - section: sshd diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index 66cae27..d6314ac 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -26,6 +26,7 @@ file: path: /etc/letsencrypt/conf.d state: directory + mode: 0755 - name: Add Certbot configuration template: diff --git a/roles/ipv6-edge-router/tasks/main.yml b/roles/ipv6-edge-router/tasks/main.yml index 40c945d..5978303 100644 --- a/roles/ipv6-edge-router/tasks/main.yml +++ b/roles/ipv6-edge-router/tasks/main.yml @@ -18,17 +18,19 @@ - name: Install frr apt: name: frr - + - name: setup frr daemons template: src: daemons.j2 dest: /etc/frr/daemons + mode: 0644 notify: restart frr - name: setup frr.conf template: src: frr.conf.j2 dest: /etc/frr/frr.conf + mode: 0644 notify: restart frr - name: enable+start frr diff --git a/roles/ldap-replica/tasks/main.yml b/roles/ldap-replica/tasks/main.yml index 914ce4e..cb79bd4 100644 --- a/roles/ldap-replica/tasks/main.yml +++ b/roles/ldap-replica/tasks/main.yml @@ -40,6 +40,7 @@ file: path: "{{ item }}" state: directory + mode: 0755 loop: - /etc/ldap/slapd.d - /var/lib/ldap diff --git a/roles/nginx-reverseproxy/tasks/main.yml b/roles/nginx-reverseproxy/tasks/main.yml index b1e3945..4ccaa2a 100644 --- a/roles/nginx-reverseproxy/tasks/main.yml +++ b/roles/nginx-reverseproxy/tasks/main.yml @@ -11,6 +11,7 @@ template: src: "nginx/snippets/{{ item }}.j2" dest: "/etc/nginx/snippets/{{ item }}" + mode: 0644 loop: - options-ssl.conf - options-proxypass.conf @@ -19,11 +20,13 @@ template: src: letsencrypt/dhparam.j2 dest: /etc/letsencrypt/dhparam + mode: 0644 - name: Copy reverse proxy sites template: src: "nginx/sites-available/{{ item }}.j2" dest: "/etc/nginx/sites-available/{{ item }}" + mode: 0644 loop: - reverseproxy - reverseproxy_redirect_dname @@ -35,6 +38,7 @@ src: "/etc/nginx/sites-available/{{ item }}" dest: "/etc/nginx/sites-enabled/{{ item }}" state: link + mode: 0644 loop: - reverseproxy - reverseproxy_redirect_dname @@ -45,6 +49,7 @@ template: src: www/html/50x.html.j2 dest: /var/www/html/50x.html + mode: 0644 - name: Indicate role in motd template: diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 62dde31..211aee3 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -13,12 +13,14 @@ template: src: prometheus/prometheus.yml.j2 dest: /etc/prometheus/prometheus.yml + mode: 0644 notify: Restart Prometheus - name: Configure Prometheus alert rules template: src: "prometheus/{{ item }}.j2" dest: "/etc/prometheus/{{ item }}" + mode: 0644 notify: Restart Prometheus loop: - alert.rules.yml @@ -45,12 +47,14 @@ copy: content: "{{ prometheus_targets | to_nice_json }}" dest: /etc/prometheus/targets.json + mode: 0644 # We don't need to restart Prometheus when updating nodes - name: Configure Prometheus Ubiquity Unifi SNMP devices copy: content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}" dest: /etc/prometheus/targets_unifi_snmp.json + mode: 0644 - name: Activate prometheus service systemd: diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml index 672bc6d..b840b39 100644 --- a/roles/radius/tasks/main.yml +++ b/roles/radius/tasks/main.yml @@ -5,11 +5,11 @@ - "deb" - "deb-src" - - name: Ensure /var/www exists file: name: "/var/www" - state: directory + state: directory + mode: 0755 - name: Clone re2o repo git: @@ -22,11 +22,11 @@ template: src: "{{ item }}.j2" dest: "/var/www/re2o/re2o/{{ item }}" + mode: 0644 loop: - settings_local.py - local_routers.py - # What follows is a hideous abomination. # Blame freeradius-python3 on backports. @@ -41,6 +41,7 @@ template: src: freeradius-python3.postinst.j2 dest: /var/lib/dpkg/info/freeradius-python3.postinst + mode: 0644 - name: reinstall broken package (this might fail too, for different reasons) apt: @@ -69,6 +70,7 @@ template: src: "{{ item }}.j2" dest: "/etc/freeradius/3.0/{{ item }}" + mode: 0640 loop: - sites-enabled/default - sites-enabled/inner-tunnel @@ -77,6 +79,7 @@ template: src: "{{ item }}.j2" dest: "/etc/freeradius/3.0/{{ item }}" + mode: 0640 loop: - clients.conf - proxy.conf @@ -113,6 +116,7 @@ template: src: "freeradius-logrotate.j2" dest: "/etc/logrotate.d/freeradius" + mode: 0644 # Database setup From 4c8e05e08f6367ad4b5f3ca4fe293b0e24d3c871 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 19:36:40 +0100 Subject: [PATCH 03/13] Use underscore instead of dashes --- base.yml | 3 +-- ldap_replica.yml | 2 +- matrix.yml | 10 +++++----- monitoring.yml | 2 +- network.yml | 4 ++-- nuke-radius-dbs.yml => nuke_radius_dbs.yml | 0 .../frr-apt-key.asc | 0 .../handlers/main.yml | 0 .../tasks/main.yml | 0 .../templates/daemons.j2 | 0 .../templates/frr.conf.j2 | 0 .../handlers/main.yml | 0 .../tasks/main.yml | 0 .../templates/default/isc-dhcp-server.j2 | 0 .../templates/dhcp/aurore-subnets.conf.j2 | 0 .../templates/dhcp/dhcp-failover.conf.j2 | 0 .../templates/dhcp/dhcpd.conf.j2 | 0 .../templates/dhcp/regular-subnets.conf.j2 | 0 .../templates/logrotate.d/dhcp.j2 | 0 .../{isc-dhcp-server => isc_dhcp_server}/vars/main.yml | 0 roles/{ldap-client => ldap_client}/handlers/main.yml | 0 .../tasks/1_group_security.yml | 0 .../tasks/2_userland_scripts.yml | 0 .../tasks/install_ldap.yml | 0 roles/{ldap-client => ldap_client}/tasks/main.yml | 0 roles/{ldap-client => ldap_client}/templates/chsh.j2 | 0 .../templates/nslcd.conf.j2 | 0 roles/{ldap-client => ldap_client}/templates/passwd.j2 | 0 roles/{ldap-replica => ldap_replica}/tasks/main.yml | 0 .../templates/schema.ldiff.j2 | 0 .../defaults/main.yml | 0 .../tasks/main.yml | 0 .../tasks/service_user.yml | 0 .../templates/config.yaml.j2 | 0 .../templates/systemd/appservice.service.j2 | 0 .../defaults/main.yml | 0 .../tasks/main.yml | 0 .../tasks/service_user.yml | 0 .../templates/config.yaml.j2 | 0 .../templates/systemd/appservice.service.j2 | 0 .../files/rest_auth_provider.py | 0 .../handlers/main.yml | 0 .../{matrix-synapse => matrix_synapse}/tasks/main.yml | 0 .../templates/matrix-synapse/conf.d/database.yaml.j2 | 0 .../conf.d/enable_group_creation.yaml.j2 | 0 .../templates/matrix-synapse/conf.d/listeners.yaml.j2 | 0 .../templates/matrix-synapse/conf.d/no_tls.yaml.j2 | 0 .../matrix-synapse/conf.d/password_providers.yaml.j2 | 0 .../matrix-synapse/conf.d/server_name.yaml.j2 | 0 .../conf.d/trusted_third_party_id_servers.yaml.j2 | 0 .../handlers/main.yml | 0 .../tasks/main.yml | 0 .../templates/letsencrypt/dhparam.j2 | 0 .../templates/nginx/sites-available/redirect.j2 | 0 .../templates/nginx/sites-available/reverseproxy.j2 | 0 .../sites-available/reverseproxy_redirect_dname.j2 | 0 .../templates/nginx/snippets/options-proxypass.conf.j2 | 0 .../templates/nginx/snippets/options-ssl.conf.j2 | 0 .../templates/update-motd.d/05-service.j2 | 0 .../templates/www/html/50x.html.j2 | 0 .../handlers/main.yml | 0 .../tasks/main.yml | 0 roles/{re2o-service => re2o_service}/defaults/main.yml | 0 roles/{re2o-service => re2o_service}/tasks/main.yml | 0 .../tasks/service_user.yml | 0 .../templates/update-motd.d/05-service.j2 | 0 .../tasks/main.yml | 0 .../templates/update-motd.d/05-service.j2 | 0 services_web.yml | 2 +- 69 files changed, 11 insertions(+), 12 deletions(-) rename nuke-radius-dbs.yml => nuke_radius_dbs.yml (100%) rename roles/{ipv6-edge-router => ipv6_edge_router}/frr-apt-key.asc (100%) rename roles/{ipv6-edge-router => ipv6_edge_router}/handlers/main.yml (100%) rename roles/{ipv6-edge-router => ipv6_edge_router}/tasks/main.yml (100%) rename roles/{ipv6-edge-router => ipv6_edge_router}/templates/daemons.j2 (100%) rename roles/{ipv6-edge-router => ipv6_edge_router}/templates/frr.conf.j2 (100%) rename roles/{isc-dhcp-server => isc_dhcp_server}/handlers/main.yml (100%) rename roles/{isc-dhcp-server => isc_dhcp_server}/tasks/main.yml (100%) rename roles/{isc-dhcp-server => isc_dhcp_server}/templates/default/isc-dhcp-server.j2 (100%) rename roles/{isc-dhcp-server => isc_dhcp_server}/templates/dhcp/aurore-subnets.conf.j2 (100%) rename roles/{isc-dhcp-server => isc_dhcp_server}/templates/dhcp/dhcp-failover.conf.j2 (100%) rename roles/{isc-dhcp-server => isc_dhcp_server}/templates/dhcp/dhcpd.conf.j2 (100%) rename roles/{isc-dhcp-server => isc_dhcp_server}/templates/dhcp/regular-subnets.conf.j2 (100%) rename roles/{isc-dhcp-server => isc_dhcp_server}/templates/logrotate.d/dhcp.j2 (100%) rename roles/{isc-dhcp-server => isc_dhcp_server}/vars/main.yml (100%) rename roles/{ldap-client => ldap_client}/handlers/main.yml (100%) rename roles/{ldap-client => ldap_client}/tasks/1_group_security.yml (100%) rename roles/{ldap-client => ldap_client}/tasks/2_userland_scripts.yml (100%) rename roles/{ldap-client => ldap_client}/tasks/install_ldap.yml (100%) rename roles/{ldap-client => ldap_client}/tasks/main.yml (100%) rename roles/{ldap-client => ldap_client}/templates/chsh.j2 (100%) rename roles/{ldap-client => ldap_client}/templates/nslcd.conf.j2 (100%) rename roles/{ldap-client => ldap_client}/templates/passwd.j2 (100%) rename roles/{ldap-replica => ldap_replica}/tasks/main.yml (100%) rename roles/{ldap-replica => ldap_replica}/templates/schema.ldiff.j2 (100%) rename roles/{matrix-appservice-irc => matrix_appservice_irc}/defaults/main.yml (100%) rename roles/{matrix-appservice-irc => matrix_appservice_irc}/tasks/main.yml (100%) rename roles/{matrix-appservice-irc => matrix_appservice_irc}/tasks/service_user.yml (100%) rename roles/{matrix-appservice-irc => matrix_appservice_irc}/templates/config.yaml.j2 (100%) rename roles/{matrix-appservice-irc => matrix_appservice_irc}/templates/systemd/appservice.service.j2 (100%) rename roles/{matrix-appservice-webhooks => matrix_appservice_webhooks}/defaults/main.yml (100%) rename roles/{matrix-appservice-webhooks => matrix_appservice_webhooks}/tasks/main.yml (100%) rename roles/{matrix-appservice-webhooks => matrix_appservice_webhooks}/tasks/service_user.yml (100%) rename roles/{matrix-appservice-webhooks => matrix_appservice_webhooks}/templates/config.yaml.j2 (100%) rename roles/{matrix-appservice-webhooks => matrix_appservice_webhooks}/templates/systemd/appservice.service.j2 (100%) rename roles/{matrix-synapse => matrix_synapse}/files/rest_auth_provider.py (100%) rename roles/{matrix-synapse => matrix_synapse}/handlers/main.yml (100%) rename roles/{matrix-synapse => matrix_synapse}/tasks/main.yml (100%) rename roles/{matrix-synapse => matrix_synapse}/templates/matrix-synapse/conf.d/database.yaml.j2 (100%) rename roles/{matrix-synapse => matrix_synapse}/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2 (100%) rename roles/{matrix-synapse => matrix_synapse}/templates/matrix-synapse/conf.d/listeners.yaml.j2 (100%) rename roles/{matrix-synapse => matrix_synapse}/templates/matrix-synapse/conf.d/no_tls.yaml.j2 (100%) rename roles/{matrix-synapse => matrix_synapse}/templates/matrix-synapse/conf.d/password_providers.yaml.j2 (100%) rename roles/{matrix-synapse => matrix_synapse}/templates/matrix-synapse/conf.d/server_name.yaml.j2 (100%) rename roles/{matrix-synapse => matrix_synapse}/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2 (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/handlers/main.yml (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/tasks/main.yml (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/templates/letsencrypt/dhparam.j2 (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/templates/nginx/sites-available/redirect.j2 (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/templates/nginx/sites-available/reverseproxy.j2 (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/templates/nginx/snippets/options-proxypass.conf.j2 (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/templates/nginx/snippets/options-ssl.conf.j2 (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/templates/update-motd.d/05-service.j2 (100%) rename roles/{nginx-reverseproxy => nginx_reverseproxy}/templates/www/html/50x.html.j2 (100%) rename roles/{prometheus-node => prometheus_node}/handlers/main.yml (100%) rename roles/{prometheus-node => prometheus_node}/tasks/main.yml (100%) rename roles/{re2o-service => re2o_service}/defaults/main.yml (100%) rename roles/{re2o-service => re2o_service}/tasks/main.yml (100%) rename roles/{re2o-service => re2o_service}/tasks/service_user.yml (100%) rename roles/{re2o-service => re2o_service}/templates/update-motd.d/05-service.j2 (100%) rename roles/{unifi-controller => unifi_controller}/tasks/main.yml (100%) rename roles/{unifi-controller => unifi_controller}/templates/update-motd.d/05-service.j2 (100%) diff --git a/base.yml b/base.yml index 2e26b95..5aee2d2 100755 --- a/base.yml +++ b/base.yml @@ -9,5 +9,4 @@ # Plug LDAP on all servers - hosts: all,!unifi roles: - - ldap-client - + - ldap_client diff --git a/ldap_replica.yml b/ldap_replica.yml index 1686293..b921957 100755 --- a/ldap_replica.yml +++ b/ldap_replica.yml @@ -4,4 +4,4 @@ # DON'T DO THIS AS IT RECREATES THE REPLICA - hosts: ldap_replica roles: - - ldap-replica + - ldap_replica diff --git a/matrix.yml b/matrix.yml index b25fc0d..be54c53 100755 --- a/matrix.yml +++ b/matrix.yml @@ -6,13 +6,13 @@ mxisd_releases: https://github.com/kamax-matrix/mxisd/releases mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb" roles: - - debian-backports + - debian_backports - nodejs - - matrix-synapse - - matrix-appservice-irc - - matrix-appservice-webhooks + - matrix_synapse + - matrix_appservice_irc + - matrix_appservice_webhooks # Install Matrix services - hosts: matrix-services.adm.auro.re roles: - - debian-backports + - debian_backports diff --git a/monitoring.yml b/monitoring.yml index 616e380..c0c58c8 100755 --- a/monitoring.yml +++ b/monitoring.yml @@ -59,4 +59,4 @@ # Monitor all hosts - hosts: all,!unifi,!ovh roles: - - prometheus-node + - prometheus_node diff --git a/network.yml b/network.yml index aa42e72..6d0af03 100755 --- a/network.yml +++ b/network.yml @@ -3,7 +3,7 @@ # Set up DHCP servers. - hosts: dhcp-*.adm.auro.re roles: - - isc-dhcp-server + - isc_dhcp_server # Deploy unbound DNS server (recursive). @@ -24,7 +24,7 @@ - hosts: ~routeur-aurore.*\.adm\.auro\.re roles: - router - - ipv6-edge-router + - ipv6_edge_router # Radius (backup only for now) - hosts: radius-*.adm.auro.re diff --git a/nuke-radius-dbs.yml b/nuke_radius_dbs.yml similarity index 100% rename from nuke-radius-dbs.yml rename to nuke_radius_dbs.yml diff --git a/roles/ipv6-edge-router/frr-apt-key.asc b/roles/ipv6_edge_router/frr-apt-key.asc similarity index 100% rename from roles/ipv6-edge-router/frr-apt-key.asc rename to roles/ipv6_edge_router/frr-apt-key.asc diff --git a/roles/ipv6-edge-router/handlers/main.yml b/roles/ipv6_edge_router/handlers/main.yml similarity index 100% rename from roles/ipv6-edge-router/handlers/main.yml rename to roles/ipv6_edge_router/handlers/main.yml diff --git a/roles/ipv6-edge-router/tasks/main.yml b/roles/ipv6_edge_router/tasks/main.yml similarity index 100% rename from roles/ipv6-edge-router/tasks/main.yml rename to roles/ipv6_edge_router/tasks/main.yml diff --git a/roles/ipv6-edge-router/templates/daemons.j2 b/roles/ipv6_edge_router/templates/daemons.j2 similarity index 100% rename from roles/ipv6-edge-router/templates/daemons.j2 rename to roles/ipv6_edge_router/templates/daemons.j2 diff --git a/roles/ipv6-edge-router/templates/frr.conf.j2 b/roles/ipv6_edge_router/templates/frr.conf.j2 similarity index 100% rename from roles/ipv6-edge-router/templates/frr.conf.j2 rename to roles/ipv6_edge_router/templates/frr.conf.j2 diff --git a/roles/isc-dhcp-server/handlers/main.yml b/roles/isc_dhcp_server/handlers/main.yml similarity index 100% rename from roles/isc-dhcp-server/handlers/main.yml rename to roles/isc_dhcp_server/handlers/main.yml diff --git a/roles/isc-dhcp-server/tasks/main.yml b/roles/isc_dhcp_server/tasks/main.yml similarity index 100% rename from roles/isc-dhcp-server/tasks/main.yml rename to roles/isc_dhcp_server/tasks/main.yml diff --git a/roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2 b/roles/isc_dhcp_server/templates/default/isc-dhcp-server.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/default/isc-dhcp-server.j2 rename to roles/isc_dhcp_server/templates/default/isc-dhcp-server.j2 diff --git a/roles/isc-dhcp-server/templates/dhcp/aurore-subnets.conf.j2 b/roles/isc_dhcp_server/templates/dhcp/aurore-subnets.conf.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/dhcp/aurore-subnets.conf.j2 rename to roles/isc_dhcp_server/templates/dhcp/aurore-subnets.conf.j2 diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcp-failover.conf.j2 b/roles/isc_dhcp_server/templates/dhcp/dhcp-failover.conf.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/dhcp/dhcp-failover.conf.j2 rename to roles/isc_dhcp_server/templates/dhcp/dhcp-failover.conf.j2 diff --git a/roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 b/roles/isc_dhcp_server/templates/dhcp/dhcpd.conf.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/dhcp/dhcpd.conf.j2 rename to roles/isc_dhcp_server/templates/dhcp/dhcpd.conf.j2 diff --git a/roles/isc-dhcp-server/templates/dhcp/regular-subnets.conf.j2 b/roles/isc_dhcp_server/templates/dhcp/regular-subnets.conf.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/dhcp/regular-subnets.conf.j2 rename to roles/isc_dhcp_server/templates/dhcp/regular-subnets.conf.j2 diff --git a/roles/isc-dhcp-server/templates/logrotate.d/dhcp.j2 b/roles/isc_dhcp_server/templates/logrotate.d/dhcp.j2 similarity index 100% rename from roles/isc-dhcp-server/templates/logrotate.d/dhcp.j2 rename to roles/isc_dhcp_server/templates/logrotate.d/dhcp.j2 diff --git a/roles/isc-dhcp-server/vars/main.yml b/roles/isc_dhcp_server/vars/main.yml similarity index 100% rename from roles/isc-dhcp-server/vars/main.yml rename to roles/isc_dhcp_server/vars/main.yml diff --git a/roles/ldap-client/handlers/main.yml b/roles/ldap_client/handlers/main.yml similarity index 100% rename from roles/ldap-client/handlers/main.yml rename to roles/ldap_client/handlers/main.yml diff --git a/roles/ldap-client/tasks/1_group_security.yml b/roles/ldap_client/tasks/1_group_security.yml similarity index 100% rename from roles/ldap-client/tasks/1_group_security.yml rename to roles/ldap_client/tasks/1_group_security.yml diff --git a/roles/ldap-client/tasks/2_userland_scripts.yml b/roles/ldap_client/tasks/2_userland_scripts.yml similarity index 100% rename from roles/ldap-client/tasks/2_userland_scripts.yml rename to roles/ldap_client/tasks/2_userland_scripts.yml diff --git a/roles/ldap-client/tasks/install_ldap.yml b/roles/ldap_client/tasks/install_ldap.yml similarity index 100% rename from roles/ldap-client/tasks/install_ldap.yml rename to roles/ldap_client/tasks/install_ldap.yml diff --git a/roles/ldap-client/tasks/main.yml b/roles/ldap_client/tasks/main.yml similarity index 100% rename from roles/ldap-client/tasks/main.yml rename to roles/ldap_client/tasks/main.yml diff --git a/roles/ldap-client/templates/chsh.j2 b/roles/ldap_client/templates/chsh.j2 similarity index 100% rename from roles/ldap-client/templates/chsh.j2 rename to roles/ldap_client/templates/chsh.j2 diff --git a/roles/ldap-client/templates/nslcd.conf.j2 b/roles/ldap_client/templates/nslcd.conf.j2 similarity index 100% rename from roles/ldap-client/templates/nslcd.conf.j2 rename to roles/ldap_client/templates/nslcd.conf.j2 diff --git a/roles/ldap-client/templates/passwd.j2 b/roles/ldap_client/templates/passwd.j2 similarity index 100% rename from roles/ldap-client/templates/passwd.j2 rename to roles/ldap_client/templates/passwd.j2 diff --git a/roles/ldap-replica/tasks/main.yml b/roles/ldap_replica/tasks/main.yml similarity index 100% rename from roles/ldap-replica/tasks/main.yml rename to roles/ldap_replica/tasks/main.yml diff --git a/roles/ldap-replica/templates/schema.ldiff.j2 b/roles/ldap_replica/templates/schema.ldiff.j2 similarity index 100% rename from roles/ldap-replica/templates/schema.ldiff.j2 rename to roles/ldap_replica/templates/schema.ldiff.j2 diff --git a/roles/matrix-appservice-irc/defaults/main.yml b/roles/matrix_appservice_irc/defaults/main.yml similarity index 100% rename from roles/matrix-appservice-irc/defaults/main.yml rename to roles/matrix_appservice_irc/defaults/main.yml diff --git a/roles/matrix-appservice-irc/tasks/main.yml b/roles/matrix_appservice_irc/tasks/main.yml similarity index 100% rename from roles/matrix-appservice-irc/tasks/main.yml rename to roles/matrix_appservice_irc/tasks/main.yml diff --git a/roles/matrix-appservice-irc/tasks/service_user.yml b/roles/matrix_appservice_irc/tasks/service_user.yml similarity index 100% rename from roles/matrix-appservice-irc/tasks/service_user.yml rename to roles/matrix_appservice_irc/tasks/service_user.yml diff --git a/roles/matrix-appservice-irc/templates/config.yaml.j2 b/roles/matrix_appservice_irc/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-appservice-irc/templates/config.yaml.j2 rename to roles/matrix_appservice_irc/templates/config.yaml.j2 diff --git a/roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 b/roles/matrix_appservice_irc/templates/systemd/appservice.service.j2 similarity index 100% rename from roles/matrix-appservice-irc/templates/systemd/appservice.service.j2 rename to roles/matrix_appservice_irc/templates/systemd/appservice.service.j2 diff --git a/roles/matrix-appservice-webhooks/defaults/main.yml b/roles/matrix_appservice_webhooks/defaults/main.yml similarity index 100% rename from roles/matrix-appservice-webhooks/defaults/main.yml rename to roles/matrix_appservice_webhooks/defaults/main.yml diff --git a/roles/matrix-appservice-webhooks/tasks/main.yml b/roles/matrix_appservice_webhooks/tasks/main.yml similarity index 100% rename from roles/matrix-appservice-webhooks/tasks/main.yml rename to roles/matrix_appservice_webhooks/tasks/main.yml diff --git a/roles/matrix-appservice-webhooks/tasks/service_user.yml b/roles/matrix_appservice_webhooks/tasks/service_user.yml similarity index 100% rename from roles/matrix-appservice-webhooks/tasks/service_user.yml rename to roles/matrix_appservice_webhooks/tasks/service_user.yml diff --git a/roles/matrix-appservice-webhooks/templates/config.yaml.j2 b/roles/matrix_appservice_webhooks/templates/config.yaml.j2 similarity index 100% rename from roles/matrix-appservice-webhooks/templates/config.yaml.j2 rename to roles/matrix_appservice_webhooks/templates/config.yaml.j2 diff --git a/roles/matrix-appservice-webhooks/templates/systemd/appservice.service.j2 b/roles/matrix_appservice_webhooks/templates/systemd/appservice.service.j2 similarity index 100% rename from roles/matrix-appservice-webhooks/templates/systemd/appservice.service.j2 rename to roles/matrix_appservice_webhooks/templates/systemd/appservice.service.j2 diff --git a/roles/matrix-synapse/files/rest_auth_provider.py b/roles/matrix_synapse/files/rest_auth_provider.py similarity index 100% rename from roles/matrix-synapse/files/rest_auth_provider.py rename to roles/matrix_synapse/files/rest_auth_provider.py diff --git a/roles/matrix-synapse/handlers/main.yml b/roles/matrix_synapse/handlers/main.yml similarity index 100% rename from roles/matrix-synapse/handlers/main.yml rename to roles/matrix_synapse/handlers/main.yml diff --git a/roles/matrix-synapse/tasks/main.yml b/roles/matrix_synapse/tasks/main.yml similarity index 100% rename from roles/matrix-synapse/tasks/main.yml rename to roles/matrix_synapse/tasks/main.yml diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/database.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/database.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/database.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/database.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/enable_group_creation.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/listeners.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/no_tls.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/password_providers.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/server_name.yaml.j2 diff --git a/roles/matrix-synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2 b/roles/matrix_synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2 similarity index 100% rename from roles/matrix-synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2 rename to roles/matrix_synapse/templates/matrix-synapse/conf.d/trusted_third_party_id_servers.yaml.j2 diff --git a/roles/nginx-reverseproxy/handlers/main.yml b/roles/nginx_reverseproxy/handlers/main.yml similarity index 100% rename from roles/nginx-reverseproxy/handlers/main.yml rename to roles/nginx_reverseproxy/handlers/main.yml diff --git a/roles/nginx-reverseproxy/tasks/main.yml b/roles/nginx_reverseproxy/tasks/main.yml similarity index 100% rename from roles/nginx-reverseproxy/tasks/main.yml rename to roles/nginx_reverseproxy/tasks/main.yml diff --git a/roles/nginx-reverseproxy/templates/letsencrypt/dhparam.j2 b/roles/nginx_reverseproxy/templates/letsencrypt/dhparam.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/letsencrypt/dhparam.j2 rename to roles/nginx_reverseproxy/templates/letsencrypt/dhparam.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/sites-available/redirect.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/sites-available/redirect.j2 rename to roles/nginx_reverseproxy/templates/nginx/sites-available/redirect.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/sites-available/reverseproxy.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/sites-available/reverseproxy.j2 rename to roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 b/roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 rename to roles/nginx_reverseproxy/templates/nginx/sites-available/reverseproxy_redirect_dname.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 b/roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 rename to roles/nginx_reverseproxy/templates/nginx/snippets/options-proxypass.conf.j2 diff --git a/roles/nginx-reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 b/roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 rename to roles/nginx_reverseproxy/templates/nginx/snippets/options-ssl.conf.j2 diff --git a/roles/nginx-reverseproxy/templates/update-motd.d/05-service.j2 b/roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/update-motd.d/05-service.j2 rename to roles/nginx_reverseproxy/templates/update-motd.d/05-service.j2 diff --git a/roles/nginx-reverseproxy/templates/www/html/50x.html.j2 b/roles/nginx_reverseproxy/templates/www/html/50x.html.j2 similarity index 100% rename from roles/nginx-reverseproxy/templates/www/html/50x.html.j2 rename to roles/nginx_reverseproxy/templates/www/html/50x.html.j2 diff --git a/roles/prometheus-node/handlers/main.yml b/roles/prometheus_node/handlers/main.yml similarity index 100% rename from roles/prometheus-node/handlers/main.yml rename to roles/prometheus_node/handlers/main.yml diff --git a/roles/prometheus-node/tasks/main.yml b/roles/prometheus_node/tasks/main.yml similarity index 100% rename from roles/prometheus-node/tasks/main.yml rename to roles/prometheus_node/tasks/main.yml diff --git a/roles/re2o-service/defaults/main.yml b/roles/re2o_service/defaults/main.yml similarity index 100% rename from roles/re2o-service/defaults/main.yml rename to roles/re2o_service/defaults/main.yml diff --git a/roles/re2o-service/tasks/main.yml b/roles/re2o_service/tasks/main.yml similarity index 100% rename from roles/re2o-service/tasks/main.yml rename to roles/re2o_service/tasks/main.yml diff --git a/roles/re2o-service/tasks/service_user.yml b/roles/re2o_service/tasks/service_user.yml similarity index 100% rename from roles/re2o-service/tasks/service_user.yml rename to roles/re2o_service/tasks/service_user.yml diff --git a/roles/re2o-service/templates/update-motd.d/05-service.j2 b/roles/re2o_service/templates/update-motd.d/05-service.j2 similarity index 100% rename from roles/re2o-service/templates/update-motd.d/05-service.j2 rename to roles/re2o_service/templates/update-motd.d/05-service.j2 diff --git a/roles/unifi-controller/tasks/main.yml b/roles/unifi_controller/tasks/main.yml similarity index 100% rename from roles/unifi-controller/tasks/main.yml rename to roles/unifi_controller/tasks/main.yml diff --git a/roles/unifi-controller/templates/update-motd.d/05-service.j2 b/roles/unifi_controller/templates/update-motd.d/05-service.j2 similarity index 100% rename from roles/unifi-controller/templates/update-motd.d/05-service.j2 rename to roles/unifi_controller/templates/update-motd.d/05-service.j2 diff --git a/services_web.yml b/services_web.yml index f368d9f..5fc935e 100755 --- a/services_web.yml +++ b/services_web.yml @@ -54,4 +54,4 @@ - {from: auro.re, to: www.auro.re} roles: - certbot - - nginx-reverseproxy + - nginx_reverseproxy From 0f9169284f9696e54976843c129030f3af8834f7 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 19:49:49 +0100 Subject: [PATCH 04/13] Use command instead of shell --- roles/isc_dhcp_server/handlers/main.yml | 2 +- roles/isc_dhcp_server/tasks/main.yml | 3 ++- roles/radius/tasks/main.yml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/isc_dhcp_server/handlers/main.yml b/roles/isc_dhcp_server/handlers/main.yml index 840463c..7df6d92 100644 --- a/roles/isc_dhcp_server/handlers/main.yml +++ b/roles/isc_dhcp_server/handlers/main.yml @@ -1,5 +1,5 @@ - name: force run dhcp re2o-service - shell: /var/local/re2o-services/dhcp/main.py --force + command: /var/local/re2o-services/dhcp/main.py --force become_user: re2o-services - name: restart dhcpd diff --git a/roles/isc_dhcp_server/tasks/main.yml b/roles/isc_dhcp_server/tasks/main.yml index e198163..3a0fe8a 100644 --- a/roles/isc_dhcp_server/tasks/main.yml +++ b/roles/isc_dhcp_server/tasks/main.yml @@ -18,6 +18,7 @@ owner: re2o-services group: nogroup recurse: yes + mode: u=rwX,g=rX,o=rX - name: Install isc-dhcp-server apt: @@ -101,7 +102,7 @@ when: is_aurore_host - name: force run dhcp re2o-service - shell: /var/local/re2o-services/dhcp/main.py --force + command: /var/local/re2o-services/dhcp/main.py --force - name: Ensure dhcpd is running service: diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml index b840b39..a5875b3 100644 --- a/roles/radius/tasks/main.yml +++ b/roles/radius/tasks/main.yml @@ -102,7 +102,7 @@ when: "'aurore_vm' in group_names" - name: Install radius requirements (except freeradius-python3) - shell: + command: cmd: "{{ item }}" chdir: /var/www/re2o/ loop: From 9505e87113a9637c118ac33b9e9a8d9cf28ecb00 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 19:58:54 +0100 Subject: [PATCH 05/13] Use true instead of yes --- group_vars/all/vault.yml | 1 + group_vars/edc/ldap_local_replica.yml | 1 - roles/ipv6_edge_router/tasks/main.yml | 3 +-- roles/isc_dhcp_server/handlers/main.yml | 2 +- roles/isc_dhcp_server/tasks/main.yml | 2 +- roles/radius/tasks/main.yml | 17 +++++++++-------- roles/radvd/handlers/main.yml | 3 ++- roles/radvd/tasks/main.yml | 3 --- roles/router/handlers/main.yml | 3 ++- roles/router/tasks/main.yml | 4 ++-- roles/unbound/handlers/main.yml | 1 + 11 files changed, 20 insertions(+), 20 deletions(-) diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 52a14ab..8fa4cbb 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,3 +1,4 @@ +--- $ANSIBLE_VAULT;1.1;AES256 61333538366635353537346231363235653162356330396434383631656465616330363136306563 3861333166386536633437386335613461646466346239360a643139303037613937373631313661 diff --git a/group_vars/edc/ldap_local_replica.yml b/group_vars/edc/ldap_local_replica.yml index bad6801..63cfeb4 100644 --- a/group_vars/edc/ldap_local_replica.yml +++ b/group_vars/edc/ldap_local_replica.yml @@ -1,4 +1,3 @@ --- ldap_local_replica_uri: - 'ldap://ldap-replica-edc.adm.auro.re' - diff --git a/roles/ipv6_edge_router/tasks/main.yml b/roles/ipv6_edge_router/tasks/main.yml index 5978303..8ec1353 100644 --- a/roles/ipv6_edge_router/tasks/main.yml +++ b/roles/ipv6_edge_router/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: install GPG apt: name: gnupg @@ -37,4 +36,4 @@ service: name: frr state: started - enabled: yes + enabled: true diff --git a/roles/isc_dhcp_server/handlers/main.yml b/roles/isc_dhcp_server/handlers/main.yml index 7df6d92..fd4dd48 100644 --- a/roles/isc_dhcp_server/handlers/main.yml +++ b/roles/isc_dhcp_server/handlers/main.yml @@ -1,3 +1,4 @@ +--- - name: force run dhcp re2o-service command: /var/local/re2o-services/dhcp/main.py --force become_user: re2o-services @@ -11,4 +12,3 @@ systemd: name: rsyslog state: restarted - diff --git a/roles/isc_dhcp_server/tasks/main.yml b/roles/isc_dhcp_server/tasks/main.yml index 3a0fe8a..f3ffe54 100644 --- a/roles/isc_dhcp_server/tasks/main.yml +++ b/roles/isc_dhcp_server/tasks/main.yml @@ -17,7 +17,7 @@ state: directory owner: re2o-services group: nogroup - recurse: yes + recurse: true mode: u=rwX,g=rX,o=rX - name: Install isc-dhcp-server diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml index a5875b3..71389d0 100644 --- a/roles/radius/tasks/main.yml +++ b/roles/radius/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Add backports repositories apt_repository: repo: "{{ item }} http://deb.debian.org/debian buster-backports main contrib non-free" @@ -34,8 +35,8 @@ apt: name: freeradius-python3 default_release: buster-backports - update_cache: yes - ignore_errors: yes + update_cache: true + ignore_errors: true - name: fix freeradius-python3 postinstall script template: @@ -47,15 +48,15 @@ apt: name: freeradius-python3 default_release: buster-backports - force: yes - ignore_errors: yes + force: true + ignore_errors: true - name: Setup radius symlinks file: src: "/var/www/re2o/freeradius_utils/{{ item.local_prefix }}{{ item.filename }}" dest: "/etc/freeradius/3.0/{{ item.filename }}" state: link - force: yes + force: true loop: - local_prefix: "" filename: auth.py @@ -158,7 +159,7 @@ state: absent become_user: postgres when: nuke_radius|default(false) - ignore_errors: yes + ignore_errors: true - name: Nuking - Destroy old local DB if it exists community.general.postgresql_db: @@ -255,6 +256,6 @@ - name: Restart freeradius, ensure enabled systemd: name: freeradius - enabled: yes + enabled: true state: restarted - daemon_reload: yes + daemon_reload: true diff --git a/roles/radvd/handlers/main.yml b/roles/radvd/handlers/main.yml index f2ce52c..6ed4ca7 100644 --- a/roles/radvd/handlers/main.yml +++ b/roles/radvd/handlers/main.yml @@ -1,5 +1,6 @@ +--- - name: restart radvd systemd: state: restarted name: radvd - enabled: yes + enabled: true diff --git a/roles/radvd/tasks/main.yml b/roles/radvd/tasks/main.yml index 75c72c1..47b1f9d 100644 --- a/roles/radvd/tasks/main.yml +++ b/roles/radvd/tasks/main.yml @@ -1,6 +1,4 @@ --- - - # Warning: radvd installation seems to fail if the configuration # file doesn't already exist when the package is installed, # so the order is important. @@ -19,4 +17,3 @@ name: radvd state: present notify: restart radvd - diff --git a/roles/router/handlers/main.yml b/roles/router/handlers/main.yml index b095c21..0583512 100644 --- a/roles/router/handlers/main.yml +++ b/roles/router/handlers/main.yml @@ -1,8 +1,9 @@ +--- - name: restart keepalived systemd: state: restarted name: keepalived - enabled: yes + enabled: true - name: run aurore-firewall command: python3 main.py --force diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml index a686a6e..317261e 100644 --- a/roles/router/tasks/main.yml +++ b/roles/router/tasks/main.yml @@ -15,13 +15,13 @@ ansible.posix.sysctl: name: net.ipv4.ip_forward value: '1' - sysctl_set: yes + sysctl_set: true - name: Enable IPv6 packet forwarding ansible.posix.sysctl: name: net.ipv6.conf.all.forwarding value: '1' - sysctl_set: yes + sysctl_set: true - name: Configure /etc/network/interfaces for routeur-aurore* template: diff --git a/roles/unbound/handlers/main.yml b/roles/unbound/handlers/main.yml index a619b94..c9d2d42 100644 --- a/roles/unbound/handlers/main.yml +++ b/roles/unbound/handlers/main.yml @@ -1,3 +1,4 @@ +--- - name: restart unbound systemd: state: restarted From 3aa43cd19847ea0f7f2e06daf0ae8866882b21ee Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 20:06:45 +0100 Subject: [PATCH 06/13] Enlarge max line length, some URLs didn't fit --- .yamllint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.yamllint.yml b/.yamllint.yml index bcc5101..3a7ea3d 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -3,5 +3,6 @@ extends: default rules: line-length: + max: 120 level: warning ... From c11b3bc20f75e9e870b972e1625c2325bf2e01bf Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 20:08:51 +0100 Subject: [PATCH 07/13] Comments must start by a space --- group_vars/all/vars.yml | 2 +- network.yml | 28 ++++++++++++++-------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 90615a1..599e834 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -48,7 +48,7 @@ dns_host_suffix_main: 253 dns_host_suffix_backup: 153 backup_dns_servers: - - "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr) + - "80.67.169.12" # French Data Network (FDN) (ns0.fdn.fr) # Finally raised! mtu: 1500 diff --git a/network.yml b/network.yml index 6d0af03..a491c79 100755 --- a/network.yml +++ b/network.yml @@ -47,19 +47,19 @@ # Deploy Unifi Controller -#- hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re -# roles: -# - unifi-controller +# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re +# roles: +# - unifi-controller # Deploy Re2o switch service -#- hosts: switchs-manager.adm.auro.re -# vars: -# service_repo: https://gitlab.federez.net/re2o/switchs.git -# service_name: switchs -# service_version: master -# service_config: -# hostname: re2o-server.adm.auro.re -# username: service-user -# password: "{{ vault_serviceuser_passwd }}" -# roles: -# - re2o-service +# - hosts: switchs-manager.adm.auro.re +# vars: +# service_repo: https://gitlab.federez.net/re2o/switchs.git +# service_name: switchs +# service_version: master +# service_config: +# hostname: re2o-server.adm.auro.re +# username: service-user +# password: "{{ vault_serviceuser_passwd }}" +# roles: +# - re2o-service From 26a84ab001828a35367ed61c2ac35f5f962c3b17 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 20:10:47 +0100 Subject: [PATCH 08/13] A comma must be followed by at most one space --- services_web.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/services_web.yml b/services_web.yml index 5fc935e..1d6f9ef 100755 --- a/services_web.yml +++ b/services_web.yml @@ -32,26 +32,26 @@ - fede-aurore.net reverseproxy_sites: - - {from: re2o.auro.re, to: 10.128.0.10} - - {from: intranet.auro.re, to: 10.128.0.10} + - {from: re2o.auro.re, to: 10.128.0.10} + - {from: intranet.auro.re, to: 10.128.0.10} - - {from: phabricator.auro.re, to: 10.128.0.50} - - {from: wiki.auro.re, to: 10.128.0.51} - - {from: www.auro.re, to: 10.128.0.52} + - {from: phabricator.auro.re, to: 10.128.0.50} + - {from: wiki.auro.re, to: 10.128.0.51} + - {from: www.auro.re, to: 10.128.0.52} - - {from: drone.auro.re, to: "10.128.0.64:8000"} + - {from: drone.auro.re, to: "10.128.0.64:8000"} - - {from: re2o-test.auro.re, to: 10.128.0.100} + - {from: re2o-test.auro.re, to: 10.128.0.100} - - {from: riot.auro.re, to: "10.128.0.150:8080"} - - {from: codimd.auro.re, to: "10.128.0.150:8081"} - - {from: grafana.auro.re, to: "10.128.0.150:8082"} - - {from: privatebin.auro.re, to: "10.128.0.150:8083"} - - {from: pad.auro.re, to: "10.128.0.150:8084"} - - {from: cas.auro.re, to: "10.128.0.150:8085"} + - {from: riot.auro.re, to: "10.128.0.150:8080"} + - {from: codimd.auro.re, to: "10.128.0.150:8081"} + - {from: grafana.auro.re, to: "10.128.0.150:8082"} + - {from: privatebin.auro.re, to: "10.128.0.150:8083"} + - {from: pad.auro.re, to: "10.128.0.150:8084"} + - {from: cas.auro.re, to: "10.128.0.150:8085"} redirect_sites: - - {from: auro.re, to: www.auro.re} + - {from: auro.re, to: www.auro.re} roles: - certbot - nginx_reverseproxy From 26427665f3632ee154c4677e5e0247e785932878 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 20:11:31 +0100 Subject: [PATCH 09/13] Fix indentation --- roles/radius/tasks/main.yml | 2 +- roles/router/tasks/main.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/radius/tasks/main.yml b/roles/radius/tasks/main.yml index 71389d0..22cbf40 100644 --- a/roles/radius/tasks/main.yml +++ b/roles/radius/tasks/main.yml @@ -249,7 +249,7 @@ dbname: re2o db: re2o publications: - - re2o_pub + - re2o_pub become_user: postgres diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml index 317261e..2014572 100644 --- a/roles/router/tasks/main.yml +++ b/roles/router/tasks/main.yml @@ -3,12 +3,12 @@ # XXX: YES, this is ugly as fuck. - name: set IP suffix (main) set_fact: - router_hard_ip_suffix: 240 + router_hard_ip_suffix: 240 when: "'backup' not in ansible_hostname" - name: set IP suffix (backup) set_fact: - router_hard_ip_suffix: 140 + router_hard_ip_suffix: 140 when: "'backup' in ansible_hostname" - name: Enable IPv4 packet forwarding From 1332a8f514cb8f34eecbb273fc78ce82ba0b00ee Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 20:13:32 +0100 Subject: [PATCH 10/13] Use Alpine Linux to reduce test image size --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 44b8430..6d28f6f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ --- -image: python:3.9 +image: python:3.9-alpine stages: - lint From 2eea740a666e8ed338315283de4df2c39cad177a Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 20:15:24 +0100 Subject: [PATCH 11/13] Prepare transition to Gitea, set up Drone CI --- .drone.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..d9eadcd --- /dev/null +++ b/.drone.yml @@ -0,0 +1,18 @@ +--- +kind: pipeline +type: docker +name: check + +steps: + - name: yamllint + image: python:3.9-alpine + commands: + - pip install yamllint==1.25.0 + - yamllint -c .yamllint.yml . + + - name: ansible-lint + image: python:3.9-alpine + commands: + - pip install ansible-lint==4.3.7 + - ansible-lint *.yml +... From 0e0da24cb1b3ca73717abdb0f11fde1100d0f984 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 20:17:37 +0100 Subject: [PATCH 12/13] Prepare transition to Gitea, set up Drone CI --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index d9eadcd..55a921d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -13,6 +13,6 @@ steps: - name: ansible-lint image: python:3.9-alpine commands: - - pip install ansible-lint==4.3.7 - - ansible-lint *.yml + - pip install ansible-lint==4.3.7 + - ansible-lint *.yml ... From ae1510ccbb59579112a5158892452bf44c454807 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 4 Nov 2020 20:18:36 +0100 Subject: [PATCH 13/13] Add missing dependencies in the CI --- .drone.yml | 1 + .gitlab-ci.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.drone.yml b/.drone.yml index 55a921d..416e400 100644 --- a/.drone.yml +++ b/.drone.yml @@ -13,6 +13,7 @@ steps: - name: ansible-lint image: python:3.9-alpine commands: + - apk add --no-cache gcc libc-dev libffi-dev openssl-dev - pip install ansible-lint==4.3.7 - ansible-lint *.yml ... diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6d28f6f..c62f35b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,6 +13,7 @@ yamllint: ansible-lint: stage: lint script: + - apk add gcc libc-dev libffi-dev openssl-dev - pip install ansible-lint==4.3.7 - ansible-lint *.yml ...