diff --git a/roles/base/tasks/firewall.yml b/roles/base/tasks/firewall.yml index a43553b..0fd8529 100644 --- a/roles/base/tasks/firewall.yml +++ b/roles/base/tasks/firewall.yml @@ -1,46 +1,46 @@ - name: Install the Uncomplicated Firewall - apt: + ansible.builtin.apt: name: ufw state: present - name: Install Fail2ban - apt: + ansible.builtin.apt: name: fail2ban state: present - name: Deny incoming traffic by default - ufw: + community.general.ufw: default: deny direction: incoming - name: Allow outgoing traffic by default - ufw: + community.general.ufw: default: allow direction: outgoing - name: Allow OpenSSH with rate limiting - ufw: + community.general.ufw: name: ssh rule: limit - name: Remove Fail2ban defaults-debian.conf - file: + ansible.builtin.file: path: /etc/fail2ban/jail.d/defaults-debian.conf state: absent - name: Install OpenSSH's Fail2ban jail - template: + ansible.builtin.template: src: fail2ban-ssh.conf.j2 dest: /etc/fail2ban/jail.d/sshd.conf notify: restart_fail2ban - name: Install Fail2ban IP allow list - template: + ansible.builtin.template: src: fail2ban-allowlist.conf.j2 dest: /etc/fail2ban/jail.d/allowlist.conf when: fail2ban_ignoreip is defined notify: restart_fail2ban - name: Enable firewall - ufw: + community.general.ufw: state: enabled diff --git a/roles/base/tasks/mail.yml b/roles/base/tasks/mail.yml index 57c3c16..93c0fe3 100644 --- a/roles/base/tasks/mail.yml +++ b/roles/base/tasks/mail.yml @@ -1,5 +1,5 @@ - name: Install msmtp - apt: + ansible.builtin.apt: name: "{{ item }}" state: present loop: @@ -8,12 +8,12 @@ - mailutils - name: Install msmtp configuration - template: + ansible.builtin.template: src: msmtprc.j2 dest: /root/.msmtprc mode: 0700 - name: Install /etc/aliases - copy: + ansible.builtin.copy: dest: /etc/aliases content: "root: {{ mail.rootalias }}" diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index ab72fa0..27040c7 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -1,24 +1,24 @@ -- import_tasks: ansible.yml +- ansible.builtin.import_tasks: ansible.yml tags: ansible -- import_tasks: system.yml +- ansible.builtin.import_tasks: system.yml tags: system -- import_tasks: firewall.yml +- ansible.builtin.import_tasks: firewall.yml tags: firewall -- import_tasks: network.yml +- ansible.builtin.import_tasks: network.yml tags: network when: manage_network -- import_tasks: mail.yml +- ansible.builtin.import_tasks: mail.yml tags: mail when: mail is defined -- import_tasks: ddclient.yml +- ansible.builtin.import_tasks: ddclient.yml tags: ddclient when: ddclient is defined -- import_tasks: wireguard.yml +- ansible.builtin.import_tasks: wireguard.yml tags: wireguard when: wireguard is defined diff --git a/roles/base/tasks/network.yml b/roles/base/tasks/network.yml index 7efaa9c..c2d5743 100644 --- a/roles/base/tasks/network.yml +++ b/roles/base/tasks/network.yml @@ -1,5 +1,5 @@ - name: Install network interfaces file - copy: + ansible.builtin.copy: src: network-interfaces.cfg dest: /etc/network/interfaces owner: root @@ -7,7 +7,7 @@ mode: '0644' - name: Install network interfaces - template: + ansible.builtin.template: src: "interface.j2" dest: "/etc/network/interfaces.d/{{ item.name }}" loop: "{{ interfaces }}" diff --git a/roles/base/tasks/system.yml b/roles/base/tasks/system.yml index d04d51e..89ceef7 100644 --- a/roles/base/tasks/system.yml +++ b/roles/base/tasks/system.yml @@ -1,17 +1,17 @@ - name: Install useful software - apt: + ansible.builtin.apt: name: "{{ packages }}" state: present update_cache: true - name: Manage root authorized_keys - template: + ansible.builtin.template: src: authorized_keys.j2 dest: /root/.ssh/authorized_keys when: authorized_keys is defined - name: Manage filesystem mounts - mount: + ansible.posix.mount: path: "{{ item.path }}" src: "UUID={{ item.uuid }}" fstype: "{{ item.fstype }}" diff --git a/roles/base/tasks/wireguard.yml b/roles/base/tasks/wireguard.yml index 21a3be1..51e1639 100644 --- a/roles/base/tasks/wireguard.yml +++ b/roles/base/tasks/wireguard.yml @@ -1,11 +1,11 @@ - name: Install WireGuard - apt: + ansible.builtin.apt: name: wireguard state: present update_cache: true - name: Generate WireGuard keys - shell: wg genkey | tee privatekey | wg pubkey > publickey + ansible.builtin.shell: wg genkey | tee privatekey | wg pubkey > publickey args: chdir: /etc/wireguard/ creates: /etc/wireguard/privatekey @@ -16,20 +16,20 @@ register: wgkey - name: Install WireGuard configuration - template: + ansible.builtin.template: src: wireguard.j2 dest: /etc/wireguard/wg0.conf notify: - restart_wireguard - name: Start WireGuard interface - service: + ansible.builtin.service: name: wg-quick@wg0 state: started enabled: true - name: Add WireGuard firewall rule - ufw: + community.general.ufw: rule: allow port: "{{ wireguard.listenport }}" proto: tcp diff --git a/roles/bitwarden/handlers/main.yml b/roles/bitwarden/handlers/main.yml index 1e9b262..1253c45 100644 --- a/roles/bitwarden/handlers/main.yml +++ b/roles/bitwarden/handlers/main.yml @@ -1,15 +1,15 @@ - name: Stop Bitwarden for rebuild - service: + ansible.builtin.service: name: "{{ bitwarden_name }}" state: stopped listen: rebuild_bitwarden - name: Rebuild Bitwarden - shell: "{{ bitwarden_root }}/bitwarden.sh rebuild" + ansible.builtin.shell: "{{ bitwarden_root }}/bitwarden.sh rebuild" listen: rebuild_bitwarden - name: Start Bitwarden after rebuild - service: + ansible.builtin.service: name: "{{ bitwarden_name }}" state: started enabled: true diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml index 74663c8..a1d3529 100644 --- a/roles/bitwarden/tasks/main.yml +++ b/roles/bitwarden/tasks/main.yml @@ -1,10 +1,10 @@ - name: Install expect - apt: + ansible.builtin.apt: name: expect state: present - name: Create Bitwarden directory - file: + ansible.builtin.file: path: "{{ bitwarden_root }}" state: directory @@ -16,18 +16,18 @@ mode: u+x - name: Install Bitwarden script wrapper - template: + ansible.builtin.template: src: bw_wrapper.j2 dest: "{{ bitwarden_root }}/bw_wrapper" mode: u+x - name: Run Bitwarden installation script - shell: "{{ bitwarden_root }}/bw_wrapper" + ansible.builtin.shell: "{{ bitwarden_root }}/bw_wrapper" args: creates: "{{ bitwarden_root }}/bwdata/config.yml" - name: Install docker-compose override - template: + ansible.builtin.template: src: compose.override.yml.j2 dest: "{{ bitwarden_root }}/bwdata/docker/docker-compose.override.yml" when: traefik_version is defined @@ -73,32 +73,32 @@ notify: rebuild_bitwarden - name: Install Bitwarden systemd service - template: + ansible.builtin.template: src: bitwarden.service.j2 dest: "/etc/systemd/system/{{ bitwarden_name }}.service" register: bitwarden_systemd notify: rebuild_bitwarden - name: Create Bitwarden's initial logging directory - file: + ansible.builtin.file: path: "{{ bitwarden_logs_identity }}" state: directory register: bitwarden_logs - name: Create Bitwarden's initial log file - file: + ansible.builtin.file: path: "{{ bitwarden_logs_identity }}/{{ bitwarden_logs_identity_date }}.txt" state: touch when: bitwarden_logs.changed - name: Install Bitwarden's Fail2ban jail - template: + ansible.builtin.template: src: fail2ban-jail.conf.j2 dest: /etc/fail2ban/jail.d/bitwarden.conf notify: restart_fail2ban - name: Reload systemd manager configuration - systemd: + ansible.builtin.systemd: daemon_reload: true when: bitwarden_systemd.changed notify: rebuild_bitwarden diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 042918d..f02a2ed 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,27 +1,27 @@ - name: Install Docker - apt: + ansible.builtin.apt: name: ['docker.io', 'docker-compose'] state: present update_cache: true - name: Create docker-compose root - file: + ansible.builtin.file: path: "{{ docker_compose_root }}" state: directory - name: Install docker-compose systemd service - template: + ansible.builtin.template: src: docker-compose.service.j2 dest: "/etc/systemd/system/{{ docker_compose_service }}@.service" register: compose_systemd - name: Reload systemd manager configuration - systemd: + ansible.builtin.systemd: daemon_reload: true when: compose_systemd.changed - name: Add users to docker group - user: + ansible.builtin.user: name: "{{ item }}" groups: docker append: true @@ -29,7 +29,7 @@ when: docker_users is defined - name: Start Docker and enable on boot - service: + ansible.builtin.service: name: docker state: started enabled: true diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml index 9605ef0..f36f530 100644 --- a/roles/gitea/handlers/main.yml +++ b/roles/gitea/handlers/main.yml @@ -1,5 +1,5 @@ - name: Restart Gitea - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ gitea_name }}" state: restarted listen: restart_gitea diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 5d3f20d..648986c 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -1,5 +1,5 @@ - name: Create Gitea directory - file: + ansible.builtin.file: path: "{{ gitea_root }}" state: directory @@ -19,7 +19,7 @@ login_unix_socket: /var/run/mysqld/mysqld.sock - name: Create git user - user: + ansible.builtin.user: name: git state: present @@ -34,7 +34,7 @@ key: git - name: Create git's .ssh directory - file: + ansible.builtin.file: path: /home/git/.ssh state: directory @@ -53,7 +53,7 @@ register: git_authkeys - name: Create git's authorized_keys file - file: + ansible.builtin.file: path: /home/git/.ssh/authorized_keys state: touch when: not git_authkeys.stat.exists @@ -65,47 +65,47 @@ line: "{{ git_rsapub['content'] | b64decode }}" - name: Create Gitea host script for SSH - template: + ansible.builtin.template: src: gitea.sh.j2 dest: /usr/local/bin/gitea mode: 0755 - name: Install Gitea's docker-compose file - template: + ansible.builtin.template: src: docker-compose.yml.j2 dest: "{{ gitea_root }}/docker-compose.yml" notify: restart_gitea - name: Install Gitea's docker-compose variables - template: + ansible.builtin.template: src: compose-env.j2 dest: "{{ gitea_root }}/.env" notify: restart_gitea - name: Create Gitea's logging directory - file: + ansible.builtin.file: name: /var/log/gitea state: directory - name: Create Gitea's initial log file - file: + ansible.builtin.file: name: /var/log/gitea/gitea.log state: touch - name: Install Gitea's Fail2ban filter - template: + ansible.builtin.template: src: fail2ban-filter.conf.j2 dest: /etc/fail2ban/filter.d/gitea.conf notify: restart_fail2ban - name: Install Gitea's Fail2ban jail - template: + ansible.builtin.template: src: fail2ban-jail.conf.j2 dest: /etc/fail2ban/jail.d/gitea.conf notify: restart_fail2ban - name: Start and enable Gitea service - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ gitea_name }}" state: started enabled: true diff --git a/roles/jellyfin/handlers/main.yml b/roles/jellyfin/handlers/main.yml index cb6ec9a..3d78beb 100644 --- a/roles/jellyfin/handlers/main.yml +++ b/roles/jellyfin/handlers/main.yml @@ -1,5 +1,5 @@ - name: Restart Jellyfin - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ jellyfin_name }}" state: restarted listen: restart_jellyfin diff --git a/roles/jellyfin/tasks/main.yml b/roles/jellyfin/tasks/main.yml index f2c97e1..f9837c5 100644 --- a/roles/jellyfin/tasks/main.yml +++ b/roles/jellyfin/tasks/main.yml @@ -4,7 +4,7 @@ state: directory - name: Create jellyfin user - user: + ansible.builtin.user: name: jellyfin state: present @@ -19,19 +19,19 @@ key: jellyfin - name: Install Jellyfin's docker-compose file - template: + ansible.builtin.template: src: docker-compose.yml.j2 dest: "{{ jellyfin_root }}/docker-compose.yml" notify: restart_jellyfin - name: Install Jellyfin's docker-compose variables - template: + ansible.builtin.template: src: compose-env.j2 dest: "{{ jellyfin_root }}/.env" notify: restart_jellyfin - name: Start and enable Jellyfin service - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ jellyfin_name }}" state: started enabled: true diff --git a/roles/jenkins/tasks/agent.yml b/roles/jenkins/tasks/agent.yml index 6121c98..b9ce9ea 100644 --- a/roles/jenkins/tasks/agent.yml +++ b/roles/jenkins/tasks/agent.yml @@ -1,8 +1,8 @@ - name: Create Jenkins user - user: + ansible.builtin.user: name: "{{ jenkins_user }}" state: present - shell: /bin/bash + ansible.builtin.shell: /bin/bash skeleton: /etc/skel generate_ssh_key: true @@ -14,18 +14,18 @@ key: "{{ jenkins_sshkey }}" - name: Give Jenkins user passwordless sudo - template: + ansible.builtin.template: src: jenkins_sudoers.j2 dest: /etc/sudoers.d/{{ jenkins_user }} validate: "visudo -cf %s" mode: 0440 - name: Install Ansible - apt: + ansible.builtin.apt: name: ansible state: present - name: Install Java - apt: + ansible.builtin.apt: name: default-jre state: present diff --git a/roles/jenkins/tasks/main.yml b/roles/jenkins/tasks/main.yml index f65b290..530803d 100644 --- a/roles/jenkins/tasks/main.yml +++ b/roles/jenkins/tasks/main.yml @@ -1,5 +1,5 @@ -- import_tasks: agent.yml +- ansible.builtin.import_tasks: agent.yml when: jenkins_sshkey is defined -- import_tasks: server.yml +- ansible.builtin.import_tasks: server.yml when: jenkins_domain is defined diff --git a/roles/jenkins/tasks/server.yml b/roles/jenkins/tasks/server.yml index e6f08b5..6d59aab 100644 --- a/roles/jenkins/tasks/server.yml +++ b/roles/jenkins/tasks/server.yml @@ -1,5 +1,5 @@ - name: Create Jenkin's directory - file: + ansible.builtin.file: path: "{{ jenkins_root }}" state: directory owner: "1000" diff --git a/roles/libvirt/tasks/main.yml b/roles/libvirt/tasks/main.yml index c820aa7..0cdff46 100644 --- a/roles/libvirt/tasks/main.yml +++ b/roles/libvirt/tasks/main.yml @@ -1,15 +1,15 @@ - name: Install QEMU/KVM - apt: + ansible.builtin.apt: name: qemu-kvm state: present - name: Install Libvirt - apt: + ansible.builtin.apt: name: ["libvirt-clients", "libvirt-daemon-system"] state: present - name: Add users to libvirt group - user: + ansible.builtin.user: name: "{{ item }}" groups: libvirt append: yes @@ -34,7 +34,7 @@ # Prevent downloaded ISOs from being rehashed every run - name: Create NODOWNLOAD file - file: + ansible.builtin.file: path: /var/lib/libvirt/images/NODOWNLOAD state: touch when: download_isos.changed diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index 29c5f33..0d73b4c 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install MariaDB - apt: + ansible.builtin.apt: name: mariadb-server state: present @@ -11,13 +11,13 @@ register: mariadb_conf - name: Restart MariaDB - service: + ansible.builtin.service: name: mariadb state: restarted when: mariadb_conf.changed - name: Allow database connections - ufw: + community.general.ufw: rule: allow port: "3306" proto: tcp diff --git a/roles/minecraft/tasks/java.yml b/roles/minecraft/tasks/java.yml index d34f9bc..96ff77b 100644 --- a/roles/minecraft/tasks/java.yml +++ b/roles/minecraft/tasks/java.yml @@ -1,5 +1,5 @@ - name: Install GPG - apt: + ansible.builtin.apt: name: gpg state: present @@ -15,14 +15,14 @@ state: present - name: Install Java - apt: + ansible.builtin.apt: name: "adoptopenjdk-{{ item.java.version }}-hotspot" state: present when: item.java.version is defined loop: "{{ minecraft }}" - name: "Install default Java, version {{ minecraft_java }}" - apt: + ansible.builtin.apt: name: "{{ minecraft_java_pkg }}" state: present when: item.java.version is not defined diff --git a/roles/minecraft/tasks/main.yml b/roles/minecraft/tasks/main.yml index c13ec8d..61d4c85 100644 --- a/roles/minecraft/tasks/main.yml +++ b/roles/minecraft/tasks/main.yml @@ -1,14 +1,14 @@ -- import_tasks: system.yml +- ansible.builtin.import_tasks: system.yml when: minecraft_eula -- import_tasks: java.yml +- ansible.builtin.import_tasks: java.yml when: minecraft_eula -- import_tasks: vanilla.yml +- ansible.builtin.import_tasks: vanilla.yml when: minecraft_eula -- import_tasks: modpacks.yml +- ansible.builtin.import_tasks: modpacks.yml when: minecraft_eula -- import_tasks: service.yml +- ansible.builtin.import_tasks: service.yml when: minecraft_eula diff --git a/roles/minecraft/tasks/modpacks.yml b/roles/minecraft/tasks/modpacks.yml index 5871668..7de00ad 100644 --- a/roles/minecraft/tasks/modpacks.yml +++ b/roles/minecraft/tasks/modpacks.yml @@ -25,7 +25,7 @@ when: item.modpack is defined and item.sha1 is not defined - name: Link to Minecraft Forge - file: + ansible.builtin.file: src: "{{ item.files[0].path }}" dest: "{{ minecraft_home }}/{{ item.item.name }}/minecraft_server.jar" owner: "{{ minecraft_user }}" diff --git a/roles/minecraft/tasks/service.yml b/roles/minecraft/tasks/service.yml index a0e9f17..ad052b5 100644 --- a/roles/minecraft/tasks/service.yml +++ b/roles/minecraft/tasks/service.yml @@ -1,11 +1,11 @@ - name: Deploy Minecraft systemd service - template: + ansible.builtin.template: src: minecraft.service.j2 dest: "/etc/systemd/system/minecraft@.service" register: minecraft_systemd - name: Deploy service environmental variables - template: + ansible.builtin.template: src: environment.conf.j2 dest: "{{ minecraft_home }}/{{ item.name }}/environment.conf" owner: "{{ minecraft_user }}" @@ -13,25 +13,25 @@ loop: "{{ minecraft }}" - name: Reload systemd manager configuration - systemd: + ansible.builtin.systemd: daemon_reload: true when: minecraft_systemd.changed - name: Disable non-default service instances - service: + ansible.builtin.service: name: "minecraft@{{ item.name }}" enabled: false loop: "{{ minecraft }}" when: item.name != minecraft_onboot - name: Enable default service instance - service: + ansible.builtin.service: name: "minecraft@{{ minecraft_onboot }}" enabled: true when: minecraft_eula and minecraft_onboot is defined - name: Run default service instance - service: + ansible.builtin.service: name: "minecraft@{{ minecraft_onboot }}" state: started when: minecraft_eula and minecraft_onboot is defined and minecraft_onboot_run diff --git a/roles/minecraft/tasks/system.yml b/roles/minecraft/tasks/system.yml index 5a8aeb1..7297de8 100644 --- a/roles/minecraft/tasks/system.yml +++ b/roles/minecraft/tasks/system.yml @@ -1,16 +1,16 @@ - name: Install Screen - apt: + ansible.builtin.apt: name: screen state: present - name: Create Minecraft user - user: + ansible.builtin.user: name: "{{ minecraft_user }}" state: present - shell: /bin/bash + ansible.builtin.shell: /bin/bash - name: Create Minecraft directory - file: + ansible.builtin.file: path: "{{ minecraft_home }}/{{ item.name }}" state: directory owner: "{{ minecraft_user }}" @@ -18,7 +18,7 @@ loop: "{{ minecraft }}" - name: Answer to Mojang's EULA - template: + ansible.builtin.template: src: eula.txt.j2 dest: "{{ minecraft_home }}/{{ item.name }}/eula.txt" owner: "{{ minecraft_user }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index ea344e2..5ccde1a 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -104,6 +104,6 @@ when: nextcloud_install.changed - name: Remove Nextcloud's CAN_INSTALL file - file: + ansible.builtin.file: path: "{{ nextcloud_root }}/config/CAN_INSTALL" state: absent diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 968b681..ba5204c 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,5 +1,5 @@ - name: Create nginx root - file: + ansible.builtin.file: path: "{{ nginx_root }}" state: directory diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 713aac5..b211bfc 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install PostgreSQL - apt: + ansible.builtin.apt: name: postgresql state: present @@ -23,19 +23,19 @@ register: postgresql_config - name: Reload PostgreSQL - service: + ansible.builtin.service: name: postgresql state: reloaded when: postgresql_hba.changed and not postgresql_config.changed - name: Restart PostgreSQL - service: + ansible.builtin.service: name: postgresql state: restarted when: postgresql_config.changed - name: Allow database connections - ufw: + community.general.ufw: rule: allow port: "5432" proto: tcp diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index f19fead..9da570f 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -1,26 +1,26 @@ - name: Install Prometheus node exporter - apt: + ansible.builtin.apt: name: prometheus-node-exporter state: present - name: Run Prometheus node exporter - service: + ansible.builtin.service: name: prometheus-node-exporter state: started - name: Create Prometheus data directory - file: + ansible.builtin.file: path: "{{ prom_root }}/prometheus" state: directory owner: nobody - name: Create Prometheus config directory - file: + ansible.builtin.file: path: "{{ prom_root }}/config" state: directory - name: Install Prometheus configuration - template: + ansible.builtin.template: src: prometheus.yml.j2 dest: "{{ prom_root }}/config/prometheus.yml" diff --git a/roles/proxy/handlers/main.yml b/roles/proxy/handlers/main.yml index 00e75ca..4bfa1bb 100644 --- a/roles/proxy/handlers/main.yml +++ b/roles/proxy/handlers/main.yml @@ -1,5 +1,5 @@ - name: Reload nginx - service: + ansible.builtin.service: name: nginx state: reloaded listen: reload_nginx diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index f87fec8..8066094 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -1,11 +1,11 @@ - name: Install nginx - apt: + ansible.builtin.apt: name: nginx state: present update_cache: true - name: Start nginx and enable on boot - service: + ansible.builtin.service: name: nginx state: started enabled: true @@ -16,14 +16,14 @@ size: 4096 - name: Install nginx base configuration - template: + ansible.builtin.template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf mode: '0644' notify: reload_nginx - name: Install nginx sites configuration - template: + ansible.builtin.template: src: server-nginx.conf.j2 dest: "/etc/nginx/sites-available/{{ item.domain }}.conf" mode: '0644' @@ -32,7 +32,7 @@ register: nginx_sites - name: Enable nginx sites configuration - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/{{ item.item.domain }}.conf" dest: "/etc/nginx/sites-enabled/{{ item.item.domain }}.conf" state: link @@ -41,7 +41,7 @@ notify: reload_nginx - name: Generate self-signed certificate - shell: 'openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes \ + ansible.builtin.shell: 'openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes \ -subj "/C=US/ST=Local/L=Local/O=Org/OU=IT/CN=example.com" \ -keyout /etc/ssl/private/nginx-selfsigned.key \ -out /etc/ssl/certs/nginx-selfsigned.crt' @@ -51,33 +51,33 @@ notify: reload_nginx - name: Install LE's certbot - apt: + ansible.builtin.apt: name: ['certbot', 'python3-certbot-dns-cloudflare'] state: present when: proxy.production is defined and proxy.production - name: Install Cloudflare API token - template: + ansible.builtin.template: src: cloudflare.ini.j2 dest: /root/.cloudflare.ini mode: '0600' when: proxy.production is defined and proxy.production and proxy.dns_cloudflare is defined - name: Create nginx post renewal hook directory - file: + ansible.builtin.file: path: /etc/letsencrypt/renewal-hooks/post state: directory when: proxy.production is defined and proxy.production - name: Install nginx post renewal hook - copy: + ansible.builtin.copy: src: reload-nginx.sh dest: /etc/letsencrypt/renewal-hooks/post/reload-nginx.sh mode: '0755' when: proxy.production is defined and proxy.production - name: Run Cloudflare DNS-01 challenges on wildcard domains - shell: '/usr/bin/certbot certonly \ + ansible.builtin.shell: '/usr/bin/certbot certonly \ --non-interactive \ --agree-tos \ --email "{{ proxy.dns_cloudflare.email }}" \ @@ -93,7 +93,7 @@ notify: reload_nginx - name: Add HTTP and HTTPS firewall rule - ufw: + community.general.ufw: rule: allow port: "{{ item }}" proto: tcp diff --git a/roles/rsnapshot/tasks/main.yml b/roles/rsnapshot/tasks/main.yml index 63de8a8..3a364a7 100644 --- a/roles/rsnapshot/tasks/main.yml +++ b/roles/rsnapshot/tasks/main.yml @@ -13,12 +13,12 @@ # along with this program. If not, see . - name: Install rsnapshot - apt: + ansible.builtin.apt: name: rsnapshot state: present - name: Create rsnapshot system directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory loop: @@ -26,13 +26,13 @@ - "{{ rsnapshot_logdir }}" - name: Create snapshot_root directories - file: + ansible.builtin.file: path: "{{ item.root | default(rsnapshot_root) }}" state: directory loop: "{{ rsnapshot }}" - name: Install rsnapshot configuration - template: + ansible.builtin.template: src: rsnapshot.conf.j2 dest: "{{ rsnapshot_confdir }}/{{ item.name }}.conf" loop: "{{ rsnapshot }}" @@ -53,7 +53,7 @@ - cron - name: Install rsnapshot report script - template: + ansible.builtin.template: src: rsnapshot-report.sh.j2 dest: /usr/local/bin/rsnapshot-report mode: '0750' diff --git a/roles/traefik/handlers/main.yml b/roles/traefik/handlers/main.yml index 79f9ea8..3fe7c10 100644 --- a/roles/traefik/handlers/main.yml +++ b/roles/traefik/handlers/main.yml @@ -1,11 +1,11 @@ - name: Reload Traefik container - file: + ansible.builtin.file: path: "{{ traefik_root }}/config/dynamic" state: touch listen: reload_traefik - name: Restart Traefik - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ traefik_name }}" state: restarted listen: restart_traefik diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index c85ac56..225f2be 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -1,10 +1,10 @@ - name: Create Traefik directories - file: + ansible.builtin.file: path: "{{ traefik_root }}/config/dynamic" state: directory - name: Install dynamic security configuration - template: + ansible.builtin.template: src: security.yml.j2 dest: "{{ traefik_root }}/config/dynamic/security.yml" owner: root @@ -13,32 +13,32 @@ notify: reload_traefik - name: Install dynamic non-docker configuration - template: + ansible.builtin.template: src: "external.yml.j2" dest: "{{ traefik_root }}/config/dynamic/{{ item.name }}.yml" loop: "{{ traefik_external }}" when: traefik_external is defined - name: Install Traefik's docker-compose file - template: + ansible.builtin.template: src: docker-compose.yml.j2 dest: "{{ traefik_root }}/docker-compose.yml" notify: restart_traefik - name: Install Traefik's docker-compose variables - template: + ansible.builtin.template: src: compose-env.j2 dest: "{{ traefik_root }}/.env" notify: restart_traefik - name: Install static Traefik configuration - template: + ansible.builtin.template: src: traefik.yml.j2 dest: "{{ traefik_root }}/config/traefik.yml" notify: restart_traefik - name: Start and enable Traefik service - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ traefik_name }}" state: started enabled: true diff --git a/roles/traefik/templates/traefik.yml.j2 b/roles/traefik/templates/traefik.yml.j2 index b2ac124..09d3cfe 100644 --- a/roles/traefik/templates/traefik.yml.j2 +++ b/roles/traefik/templates/traefik.yml.j2 @@ -4,7 +4,7 @@ api: providers: docker: exposedbydefault: false - file: + ansible.builtin.file: directory: /etc/traefik/dynamic entrypoints: diff --git a/roles/unifi/tasks/main.yml b/roles/unifi/tasks/main.yml index 096dd40..30b6ee0 100644 --- a/roles/unifi/tasks/main.yml +++ b/roles/unifi/tasks/main.yml @@ -1,5 +1,5 @@ - name: Install GnuPG - apt: + ansible.builtin.apt: name: gnupg state: present @@ -37,16 +37,16 @@ state: present - name: Install MongoDB 3.6 - apt: + ansible.builtin.apt: name: mongodb-org state: present - name: Install OpenJDK 8 LTS - apt: + ansible.builtin.apt: name: adoptopenjdk-8-hotspot state: present - name: Install UniFi - apt: + ansible.builtin.apt: name: unifi state: present