kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update base role to pass linting

Browse Source
This commit is contained in:
Kris Lamoureux
2023-10-20 21:30:25 -04:00
parent 7adb5f10e9
commit 5b09029239
11 changed files with 35 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/base/handlers/main.yml
View File

@@ -5,6 +5,10 @@
listen: reboot_host
when: allow_reboot
- name: Reconfigure locales
ansible.builtin.command: dpkg-reconfigure -f noninteractive locales
listen: reconfigure_locales
- name: Restart WireGuard
ansible.builtin.service:
name: wg-quick@wg0

2
roles/base/tasks/ansible.yml
View File

@@ -2,4 +2,4 @@
ansible.builtin.file:
path: "~/.ansible/tmp"
state: directory
mode: 0700
mode: "700"

2
roles/base/tasks/ddclient.yml
View File

@@ -7,7 +7,7 @@
ansible.builtin.template:
src: ddclient.conf.j2
dest: /etc/ddclient.conf
mode: 0600
mode: "600"
register: ddclient_settings
- name: Start ddclient and enable on boot

4
roles/base/tasks/firewall.yml
View File

@@ -32,14 +32,14 @@
ansible.builtin.template:
src: fail2ban-ssh.conf.j2
dest: /etc/fail2ban/jail.d/sshd.conf
mode: 0640
mode: "640"
notify: restart_fail2ban
- name: Install Fail2ban IP allow list
ansible.builtin.template:
src: fail2ban-allowlist.conf.j2
dest: /etc/fail2ban/jail.d/allowlist.conf
mode: 0640
mode: "640"
when: fail2ban_ignoreip is defined
notify: restart_fail2ban

4
roles/base/tasks/mail.yml
View File

@@ -11,10 +11,10 @@
ansible.builtin.template:
src: msmtprc.j2
dest: /root/.msmtprc
mode: 0600
mode: "600"
- name: Install /etc/aliases
ansible.builtin.copy:
dest: /etc/aliases
content: "root: {{ mail.rootalias }}"
mode: 0644
mode: "644"

2
roles/base/tasks/network.yml
View File

@@ -10,6 +10,6 @@
ansible.builtin.template:
src: "interface.j2"
dest: "/etc/network/interfaces.d/{{ item.name }}"
mode: 0400
mode: "400"
loop: "{{ interfaces }}"
notify: reboot_host

19
roles/base/tasks/samba.yml
View File

@@ -3,23 +3,15 @@
name: samba
state: present
- name: Create nologin shell accounts for Samba
ansible.builtin.user:
name: "{{ item.name }}"
state: present
shell: /usr/sbin/nologin
createhome: false
system: yes
loop: "{{ samba.users }}"
when: item.manage_user is defined and item.manage_user is true
- name: Create Samba users
ansible.builtin.shell: "smbpasswd -a {{ item.name }}"
ansible.builtin.command: "smbpasswd -a {{ item.name }}"
args:
stdin: "{{ item.password }}\n{{ item.password }}"
loop: "{{ samba.users }}"
loop_control:
label: "{{ item.name }}"
register: samba_users
changed_when: "'User added' in samba_users.stdout"
changed_when: "'Added user' in samba_users.stdout"
- name: Ensure share directories exist
ansible.builtin.file:
@@ -27,13 +19,14 @@
owner: "{{ item.owner }}"
group: "{{ item.group }}"
state: directory
mode: 0755
mode: "755"
loop: "{{ samba.shares }}"
- name: Configure Samba shares
ansible.builtin.template:
src: smb.conf.j2
dest: /etc/samba/smb.conf
mode: "700"
notify: restart_samba
- name: Start smbd and enable on boot

19
roles/base/tasks/system.yml
View File

@@ -10,7 +10,7 @@
state: present
- name: Check for existing GPG keys
command: "gpg --list-keys {{ item.id }} 2>/dev/null"
ansible.builtin.command: "gpg --list-keys {{ item.id }} 2>/dev/null"
register: gpg_check
loop: "{{ root_gpgkeys }}"
failed_when: false
@@ -18,20 +18,22 @@
when: root_gpgkeys is defined
- name: Import GPG keys
command: "gpg --keyserver {{ item.item.server | default('keys.openpgp.org') }} --recv-key {{ item.item.id }}"
ansible.builtin.command:
"gpg --keyserver {{ item.item.server | default('keys.openpgp.org') }} --recv-key {{ item.item.id }}"
register: gpg_check_import
loop: "{{ gpg_check.results }}"
loop_control:
label: "{{ item.item }}"
changed_when: false
when: root_gpgkeys is defined and item.rc != 0
- name: Check GPG key imports
fail:
ansible.builtin.fail:
msg: "{{ item.stderr }}"
loop: "{{ gpg_check_import.results }}"
loop_control:
label: "{{ item.item.item }}"
when: (item.skipped | default(false) == false) and ('imported' not in item.stderr)
when: root_gpgkeys is defined and (not item.skipped | default(false)) and ('imported' not in item.stderr)
- name: Install NTPsec
ansible.builtin.apt:
@@ -47,7 +49,7 @@
community.general.locale_gen:
name: "{{ locale_default }}"
state: present
register: locale_gen_output
notify: reconfigure_locales
- name: Set the default locale
ansible.builtin.lineinfile:
@@ -55,15 +57,11 @@
regexp: "^LANG="
line: "LANG={{ locale_default }}"
- name: Reconfigure locales
ansible.builtin.command: dpkg-reconfigure -f noninteractive locales
when: locale_gen_output.changed
- name: Manage root authorized_keys
ansible.builtin.template:
src: authorized_keys.j2
dest: /root/.ssh/authorized_keys
mode: 0400
mode: "400"
when: authorized_keys is defined
- name: Create system user groups
@@ -84,6 +82,7 @@
group: "{{ item.value.gid }}"
shell: "{{ item.value.shell | default('/bin/bash') }}"
create_home: "{{ item.value.home | default(false) }}"
system: "{{ item.value.system | default(false) }}"
loop: "{{ users | dict2items }}"
loop_control:
label: "{{ item.key }}"

2
roles/base/tasks/wireguard.yml
View File

@@ -22,7 +22,7 @@
ansible.builtin.template:
src: wireguard.j2
dest: /etc/wireguard/wg0.conf
mode: 0400
mode: "400"
notify: restart_wireguard
- name: Start WireGuard interface

4
roles/docker/tasks/main.yml
View File

@@ -48,7 +48,7 @@
repo: "{{ item.url }}"
dest: "{{ docker_repos_path }}/{{ item.name }}"
version: "{{ item.version }}"
accept_newhostkey: "{{ item.accept_newhostkey | default('false') }}"
accept_newhostkey: "{{ item.accept_newhostkey | default(false) }}"
gpg_whitelist: "{{ item.trusted_keys | default([]) }}"
verify_commit: "{{ true if (item.trusted_keys is defined and item.trusted_keys) else false }}"
key_file: "{{ docker_repos_keys }}/id_{{ docker_repos_keytype }}"
@@ -86,7 +86,7 @@
mode: 0400
register: compose_env_update
notify: compose_restart
no_log: "{{ docker_compose_env_nolog | default('true') }}"
no_log: "{{ docker_compose_env_nolog | default(true) }}"
loop: "{{ docker_compose_deploy }}"
loop_control:
label: "{{ item.name }}"