Update base role to pass linting
This commit is contained in:
@@ -2,4 +2,4 @@
|
||||
ansible.builtin.file:
|
||||
path: "~/.ansible/tmp"
|
||||
state: directory
|
||||
mode: 0700
|
||||
mode: "700"
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
ansible.builtin.template:
|
||||
src: ddclient.conf.j2
|
||||
dest: /etc/ddclient.conf
|
||||
mode: 0600
|
||||
mode: "600"
|
||||
register: ddclient_settings
|
||||
|
||||
- name: Start ddclient and enable on boot
|
||||
|
||||
@@ -32,14 +32,14 @@
|
||||
ansible.builtin.template:
|
||||
src: fail2ban-ssh.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/sshd.conf
|
||||
mode: 0640
|
||||
mode: "640"
|
||||
notify: restart_fail2ban
|
||||
|
||||
- name: Install Fail2ban IP allow list
|
||||
ansible.builtin.template:
|
||||
src: fail2ban-allowlist.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/allowlist.conf
|
||||
mode: 0640
|
||||
mode: "640"
|
||||
when: fail2ban_ignoreip is defined
|
||||
notify: restart_fail2ban
|
||||
|
||||
|
||||
@@ -11,10 +11,10 @@
|
||||
ansible.builtin.template:
|
||||
src: msmtprc.j2
|
||||
dest: /root/.msmtprc
|
||||
mode: 0600
|
||||
mode: "600"
|
||||
|
||||
- name: Install /etc/aliases
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/aliases
|
||||
content: "root: {{ mail.rootalias }}"
|
||||
mode: 0644
|
||||
mode: "644"
|
||||
|
||||
@@ -10,6 +10,6 @@
|
||||
ansible.builtin.template:
|
||||
src: "interface.j2"
|
||||
dest: "/etc/network/interfaces.d/{{ item.name }}"
|
||||
mode: 0400
|
||||
mode: "400"
|
||||
loop: "{{ interfaces }}"
|
||||
notify: reboot_host
|
||||
|
||||
@@ -3,23 +3,15 @@
|
||||
name: samba
|
||||
state: present
|
||||
|
||||
- name: Create nologin shell accounts for Samba
|
||||
ansible.builtin.user:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
shell: /usr/sbin/nologin
|
||||
createhome: false
|
||||
system: yes
|
||||
loop: "{{ samba.users }}"
|
||||
when: item.manage_user is defined and item.manage_user is true
|
||||
|
||||
- name: Create Samba users
|
||||
ansible.builtin.shell: "smbpasswd -a {{ item.name }}"
|
||||
ansible.builtin.command: "smbpasswd -a {{ item.name }}"
|
||||
args:
|
||||
stdin: "{{ item.password }}\n{{ item.password }}"
|
||||
loop: "{{ samba.users }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
register: samba_users
|
||||
changed_when: "'User added' in samba_users.stdout"
|
||||
changed_when: "'Added user' in samba_users.stdout"
|
||||
|
||||
- name: Ensure share directories exist
|
||||
ansible.builtin.file:
|
||||
@@ -27,13 +19,14 @@
|
||||
owner: "{{ item.owner }}"
|
||||
group: "{{ item.group }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
mode: "755"
|
||||
loop: "{{ samba.shares }}"
|
||||
|
||||
- name: Configure Samba shares
|
||||
ansible.builtin.template:
|
||||
src: smb.conf.j2
|
||||
dest: /etc/samba/smb.conf
|
||||
mode: "700"
|
||||
notify: restart_samba
|
||||
|
||||
- name: Start smbd and enable on boot
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
state: present
|
||||
|
||||
- name: Check for existing GPG keys
|
||||
command: "gpg --list-keys {{ item.id }} 2>/dev/null"
|
||||
ansible.builtin.command: "gpg --list-keys {{ item.id }} 2>/dev/null"
|
||||
register: gpg_check
|
||||
loop: "{{ root_gpgkeys }}"
|
||||
failed_when: false
|
||||
@@ -18,20 +18,22 @@
|
||||
when: root_gpgkeys is defined
|
||||
|
||||
- name: Import GPG keys
|
||||
command: "gpg --keyserver {{ item.item.server | default('keys.openpgp.org') }} --recv-key {{ item.item.id }}"
|
||||
ansible.builtin.command:
|
||||
"gpg --keyserver {{ item.item.server | default('keys.openpgp.org') }} --recv-key {{ item.item.id }}"
|
||||
register: gpg_check_import
|
||||
loop: "{{ gpg_check.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item }}"
|
||||
changed_when: false
|
||||
when: root_gpgkeys is defined and item.rc != 0
|
||||
|
||||
- name: Check GPG key imports
|
||||
fail:
|
||||
ansible.builtin.fail:
|
||||
msg: "{{ item.stderr }}"
|
||||
loop: "{{ gpg_check_import.results }}"
|
||||
loop_control:
|
||||
label: "{{ item.item.item }}"
|
||||
when: (item.skipped | default(false) == false) and ('imported' not in item.stderr)
|
||||
when: root_gpgkeys is defined and (not item.skipped | default(false)) and ('imported' not in item.stderr)
|
||||
|
||||
- name: Install NTPsec
|
||||
ansible.builtin.apt:
|
||||
@@ -47,7 +49,7 @@
|
||||
community.general.locale_gen:
|
||||
name: "{{ locale_default }}"
|
||||
state: present
|
||||
register: locale_gen_output
|
||||
notify: reconfigure_locales
|
||||
|
||||
- name: Set the default locale
|
||||
ansible.builtin.lineinfile:
|
||||
@@ -55,15 +57,11 @@
|
||||
regexp: "^LANG="
|
||||
line: "LANG={{ locale_default }}"
|
||||
|
||||
- name: Reconfigure locales
|
||||
ansible.builtin.command: dpkg-reconfigure -f noninteractive locales
|
||||
when: locale_gen_output.changed
|
||||
|
||||
- name: Manage root authorized_keys
|
||||
ansible.builtin.template:
|
||||
src: authorized_keys.j2
|
||||
dest: /root/.ssh/authorized_keys
|
||||
mode: 0400
|
||||
mode: "400"
|
||||
when: authorized_keys is defined
|
||||
|
||||
- name: Create system user groups
|
||||
@@ -84,6 +82,7 @@
|
||||
group: "{{ item.value.gid }}"
|
||||
shell: "{{ item.value.shell | default('/bin/bash') }}"
|
||||
create_home: "{{ item.value.home | default(false) }}"
|
||||
system: "{{ item.value.system | default(false) }}"
|
||||
loop: "{{ users | dict2items }}"
|
||||
loop_control:
|
||||
label: "{{ item.key }}"
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
ansible.builtin.template:
|
||||
src: wireguard.j2
|
||||
dest: /etc/wireguard/wg0.conf
|
||||
mode: 0400
|
||||
mode: "400"
|
||||
notify: restart_wireguard
|
||||
|
||||
- name: Start WireGuard interface
|
||||
|
||||
Reference in New Issue
Block a user