diff --git a/roles/base/tasks/firewall.yml b/roles/base/tasks/firewall.yml index a43553b..0fd8529 100644 --- a/roles/base/tasks/firewall.yml +++ b/roles/base/tasks/firewall.yml @@ -1,46 +1,46 @@ - name: Install the Uncomplicated Firewall - apt: + ansible.builtin.apt: name: ufw state: present - name: Install Fail2ban - apt: + ansible.builtin.apt: name: fail2ban state: present - name: Deny incoming traffic by default - ufw: + community.general.ufw: default: deny direction: incoming - name: Allow outgoing traffic by default - ufw: + community.general.ufw: default: allow direction: outgoing - name: Allow OpenSSH with rate limiting - ufw: + community.general.ufw: name: ssh rule: limit - name: Remove Fail2ban defaults-debian.conf - file: + ansible.builtin.file: path: /etc/fail2ban/jail.d/defaults-debian.conf state: absent - name: Install OpenSSH's Fail2ban jail - template: + ansible.builtin.template: src: fail2ban-ssh.conf.j2 dest: /etc/fail2ban/jail.d/sshd.conf notify: restart_fail2ban - name: Install Fail2ban IP allow list - template: + ansible.builtin.template: src: fail2ban-allowlist.conf.j2 dest: /etc/fail2ban/jail.d/allowlist.conf when: fail2ban_ignoreip is defined notify: restart_fail2ban - name: Enable firewall - ufw: + community.general.ufw: state: enabled diff --git a/roles/base/tasks/mail.yml b/roles/base/tasks/mail.yml index 57c3c16..93c0fe3 100644 --- a/roles/base/tasks/mail.yml +++ b/roles/base/tasks/mail.yml @@ -1,5 +1,5 @@ - name: Install msmtp - apt: + ansible.builtin.apt: name: "{{ item }}" state: present loop: @@ -8,12 +8,12 @@ - mailutils - name: Install msmtp configuration - template: + ansible.builtin.template: src: msmtprc.j2 dest: /root/.msmtprc mode: 0700 - name: Install /etc/aliases - copy: + ansible.builtin.copy: dest: /etc/aliases content: "root: {{ mail.rootalias }}" diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index ab72fa0..27040c7 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -1,24 +1,24 @@ -- import_tasks: ansible.yml +- ansible.builtin.import_tasks: ansible.yml tags: ansible -- import_tasks: system.yml +- ansible.builtin.import_tasks: system.yml tags: system -- import_tasks: firewall.yml +- ansible.builtin.import_tasks: firewall.yml tags: firewall -- import_tasks: network.yml +- ansible.builtin.import_tasks: network.yml tags: network when: manage_network -- import_tasks: mail.yml +- ansible.builtin.import_tasks: mail.yml tags: mail when: mail is defined -- import_tasks: ddclient.yml +- ansible.builtin.import_tasks: ddclient.yml tags: ddclient when: ddclient is defined -- import_tasks: wireguard.yml +- ansible.builtin.import_tasks: wireguard.yml tags: wireguard when: wireguard is defined diff --git a/roles/base/tasks/network.yml b/roles/base/tasks/network.yml index 7efaa9c..c2d5743 100644 --- a/roles/base/tasks/network.yml +++ b/roles/base/tasks/network.yml @@ -1,5 +1,5 @@ - name: Install network interfaces file - copy: + ansible.builtin.copy: src: network-interfaces.cfg dest: /etc/network/interfaces owner: root @@ -7,7 +7,7 @@ mode: '0644' - name: Install network interfaces - template: + ansible.builtin.template: src: "interface.j2" dest: "/etc/network/interfaces.d/{{ item.name }}" loop: "{{ interfaces }}" diff --git a/roles/base/tasks/system.yml b/roles/base/tasks/system.yml index d04d51e..89ceef7 100644 --- a/roles/base/tasks/system.yml +++ b/roles/base/tasks/system.yml @@ -1,17 +1,17 @@ - name: Install useful software - apt: + ansible.builtin.apt: name: "{{ packages }}" state: present update_cache: true - name: Manage root authorized_keys - template: + ansible.builtin.template: src: authorized_keys.j2 dest: /root/.ssh/authorized_keys when: authorized_keys is defined - name: Manage filesystem mounts - mount: + ansible.posix.mount: path: "{{ item.path }}" src: "UUID={{ item.uuid }}" fstype: "{{ item.fstype }}" diff --git a/roles/base/tasks/wireguard.yml b/roles/base/tasks/wireguard.yml index 21a3be1..99a51f3 100644 --- a/roles/base/tasks/wireguard.yml +++ b/roles/base/tasks/wireguard.yml @@ -1,35 +1,35 @@ - name: Install WireGuard - apt: + ansible.builtin.apt: name: wireguard state: present update_cache: true - name: Generate WireGuard keys - shell: wg genkey | tee privatekey | wg pubkey > publickey + ansible.builtin.shell: wg genkey | tee privatekey | wg pubkey > publickey args: chdir: /etc/wireguard/ creates: /etc/wireguard/privatekey - name: Grab WireGuard private key for configuration - slurp: + ansible.builtin.slurp: src: /etc/wireguard/privatekey register: wgkey - name: Install WireGuard configuration - template: + ansible.builtin.template: src: wireguard.j2 dest: /etc/wireguard/wg0.conf notify: - restart_wireguard - name: Start WireGuard interface - service: + ansible.builtin.service: name: wg-quick@wg0 state: started enabled: true - name: Add WireGuard firewall rule - ufw: + community.general.ufw: rule: allow port: "{{ wireguard.listenport }}" proto: tcp diff --git a/roles/bitwarden/handlers/main.yml b/roles/bitwarden/handlers/main.yml index 1e9b262..1253c45 100644 --- a/roles/bitwarden/handlers/main.yml +++ b/roles/bitwarden/handlers/main.yml @@ -1,15 +1,15 @@ - name: Stop Bitwarden for rebuild - service: + ansible.builtin.service: name: "{{ bitwarden_name }}" state: stopped listen: rebuild_bitwarden - name: Rebuild Bitwarden - shell: "{{ bitwarden_root }}/bitwarden.sh rebuild" + ansible.builtin.shell: "{{ bitwarden_root }}/bitwarden.sh rebuild" listen: rebuild_bitwarden - name: Start Bitwarden after rebuild - service: + ansible.builtin.service: name: "{{ bitwarden_name }}" state: started enabled: true diff --git a/roles/bitwarden/tasks/main.yml b/roles/bitwarden/tasks/main.yml index 74663c8..8c607ed 100644 --- a/roles/bitwarden/tasks/main.yml +++ b/roles/bitwarden/tasks/main.yml @@ -1,40 +1,40 @@ - name: Install expect - apt: + ansible.builtin.apt: name: expect state: present - name: Create Bitwarden directory - file: + ansible.builtin.file: path: "{{ bitwarden_root }}" state: directory - name: Download Bitwarden script - get_url: + ansible.builtin.get_url: url: "https://raw.githubusercontent.com/\ bitwarden/self-host/master/bitwarden.sh" dest: "{{ bitwarden_root }}" mode: u+x - name: Install Bitwarden script wrapper - template: + ansible.builtin.template: src: bw_wrapper.j2 dest: "{{ bitwarden_root }}/bw_wrapper" mode: u+x - name: Run Bitwarden installation script - shell: "{{ bitwarden_root }}/bw_wrapper" + ansible.builtin.shell: "{{ bitwarden_root }}/bw_wrapper" args: creates: "{{ bitwarden_root }}/bwdata/config.yml" - name: Install docker-compose override - template: + ansible.builtin.template: src: compose.override.yml.j2 dest: "{{ bitwarden_root }}/bwdata/docker/docker-compose.override.yml" when: traefik_version is defined notify: rebuild_bitwarden - name: Disable bitwarden-nginx HTTP on 80 - replace: + ansible.builtin.replace: path: "{{ bitwarden_root }}/bwdata/config.yml" regexp: "^http_port: 80$" replace: "http_port: 127.0.0.1:8080" @@ -42,7 +42,7 @@ notify: rebuild_bitwarden - name: Disable bitwarden-nginx HTTPS on 443 - replace: + ansible.builtin.replace: path: "{{ bitwarden_root }}/bwdata/config.yml" regexp: "^https_port: 443$" replace: "https_port: 127.0.0.1:8443" @@ -50,7 +50,7 @@ notify: rebuild_bitwarden - name: Disable Bitwarden managed Lets Encrypt - replace: + ansible.builtin.replace: path: "{{ bitwarden_root }}/bwdata/config.yml" regexp: "^ssl_managed_lets_encrypt: true$" replace: "ssl_managed_lets_encrypt: false" @@ -58,7 +58,7 @@ notify: rebuild_bitwarden - name: Disable Bitwarden managed SSL - replace: + ansible.builtin.replace: path: "{{ bitwarden_root }}/bwdata/config.yml" regexp: "^ssl: true$" replace: "ssl: false" @@ -66,39 +66,39 @@ notify: rebuild_bitwarden - name: Define reverse proxy servers - lineinfile: + ansible.builtin.lineinfile: path: "{{ bitwarden_root }}/bwdata/config.yml" line: "- {{ bitwarden_realips }}" insertafter: "^real_ips" notify: rebuild_bitwarden - name: Install Bitwarden systemd service - template: + ansible.builtin.template: src: bitwarden.service.j2 dest: "/etc/systemd/system/{{ bitwarden_name }}.service" register: bitwarden_systemd notify: rebuild_bitwarden - name: Create Bitwarden's initial logging directory - file: + ansible.builtin.file: path: "{{ bitwarden_logs_identity }}" state: directory register: bitwarden_logs - name: Create Bitwarden's initial log file - file: + ansible.builtin.file: path: "{{ bitwarden_logs_identity }}/{{ bitwarden_logs_identity_date }}.txt" state: touch when: bitwarden_logs.changed - name: Install Bitwarden's Fail2ban jail - template: + ansible.builtin.template: src: fail2ban-jail.conf.j2 dest: /etc/fail2ban/jail.d/bitwarden.conf notify: restart_fail2ban - name: Reload systemd manager configuration - systemd: + ansible.builtin.systemd: daemon_reload: true when: bitwarden_systemd.changed notify: rebuild_bitwarden diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 042918d..f02a2ed 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,27 +1,27 @@ - name: Install Docker - apt: + ansible.builtin.apt: name: ['docker.io', 'docker-compose'] state: present update_cache: true - name: Create docker-compose root - file: + ansible.builtin.file: path: "{{ docker_compose_root }}" state: directory - name: Install docker-compose systemd service - template: + ansible.builtin.template: src: docker-compose.service.j2 dest: "/etc/systemd/system/{{ docker_compose_service }}@.service" register: compose_systemd - name: Reload systemd manager configuration - systemd: + ansible.builtin.systemd: daemon_reload: true when: compose_systemd.changed - name: Add users to docker group - user: + ansible.builtin.user: name: "{{ item }}" groups: docker append: true @@ -29,7 +29,7 @@ when: docker_users is defined - name: Start Docker and enable on boot - service: + ansible.builtin.service: name: docker state: started enabled: true diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml index 9605ef0..f36f530 100644 --- a/roles/gitea/handlers/main.yml +++ b/roles/gitea/handlers/main.yml @@ -1,5 +1,5 @@ - name: Restart Gitea - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ gitea_name }}" state: restarted listen: restart_gitea diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index 5d3f20d..d4f12c7 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -1,16 +1,16 @@ - name: Create Gitea directory - file: + ansible.builtin.file: path: "{{ gitea_root }}" state: directory - name: Create Gitea database - mysql_db: + community.mysql.mysql_db: name: "{{ gitea_dbname }}" state: present login_unix_socket: /var/run/mysqld/mysqld.sock - name: Create Gitea database user - mysql_user: + community.mysql.mysql_user: name: "{{ gitea_dbuser }}" password: "{{ gitea_dbpass }}" host: '%' @@ -19,93 +19,93 @@ login_unix_socket: /var/run/mysqld/mysqld.sock - name: Create git user - user: + ansible.builtin.user: name: git state: present - name: Git user uid - getent: + ansible.builtin.getent: database: passwd key: git - name: Git user gid - getent: + ansible.builtin.getent: database: group key: git - name: Create git's .ssh directory - file: + ansible.builtin.file: path: /home/git/.ssh state: directory - name: Generate git's SSH keys - openssh_keypair: + community.crypto.openssh_keypair: path: /home/git/.ssh/id_rsa - name: Find git's public SSH key - slurp: + ansible.builtin.slurp: src: /home/git/.ssh/id_rsa.pub register: git_rsapub - name: Get stats on git's authorized_keys file - stat: + ansible.builtin.stat: path: /home/git/.ssh/authorized_keys register: git_authkeys - name: Create git's authorized_keys file - file: + ansible.builtin.file: path: /home/git/.ssh/authorized_keys state: touch when: not git_authkeys.stat.exists - name: Add git's public SSH key to authorized_keys - lineinfile: + ansible.builtin.lineinfile: path: /home/git/.ssh/authorized_keys regex: "^ssh-rsa" line: "{{ git_rsapub['content'] | b64decode }}" - name: Create Gitea host script for SSH - template: + ansible.builtin.template: src: gitea.sh.j2 dest: /usr/local/bin/gitea mode: 0755 - name: Install Gitea's docker-compose file - template: + ansible.builtin.template: src: docker-compose.yml.j2 dest: "{{ gitea_root }}/docker-compose.yml" notify: restart_gitea - name: Install Gitea's docker-compose variables - template: + ansible.builtin.template: src: compose-env.j2 dest: "{{ gitea_root }}/.env" notify: restart_gitea - name: Create Gitea's logging directory - file: + ansible.builtin.file: name: /var/log/gitea state: directory - name: Create Gitea's initial log file - file: + ansible.builtin.file: name: /var/log/gitea/gitea.log state: touch - name: Install Gitea's Fail2ban filter - template: + ansible.builtin.template: src: fail2ban-filter.conf.j2 dest: /etc/fail2ban/filter.d/gitea.conf notify: restart_fail2ban - name: Install Gitea's Fail2ban jail - template: + ansible.builtin.template: src: fail2ban-jail.conf.j2 dest: /etc/fail2ban/jail.d/gitea.conf notify: restart_fail2ban - name: Start and enable Gitea service - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ gitea_name }}" state: started enabled: true diff --git a/roles/jellyfin/handlers/main.yml b/roles/jellyfin/handlers/main.yml index cb6ec9a..3d78beb 100644 --- a/roles/jellyfin/handlers/main.yml +++ b/roles/jellyfin/handlers/main.yml @@ -1,5 +1,5 @@ - name: Restart Jellyfin - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ jellyfin_name }}" state: restarted listen: restart_jellyfin diff --git a/roles/jellyfin/tasks/main.yml b/roles/jellyfin/tasks/main.yml index f2c97e1..9efb0eb 100644 --- a/roles/jellyfin/tasks/main.yml +++ b/roles/jellyfin/tasks/main.yml @@ -4,34 +4,34 @@ state: directory - name: Create jellyfin user - user: + ansible.builtin.user: name: jellyfin state: present - name: jellyfin user uid - getent: + ansible.builtin.getent: database: passwd key: jellyfin - name: jellyfin user gid - getent: + ansible.builtin.getent: database: group key: jellyfin - name: Install Jellyfin's docker-compose file - template: + ansible.builtin.template: src: docker-compose.yml.j2 dest: "{{ jellyfin_root }}/docker-compose.yml" notify: restart_jellyfin - name: Install Jellyfin's docker-compose variables - template: + ansible.builtin.template: src: compose-env.j2 dest: "{{ jellyfin_root }}/.env" notify: restart_jellyfin - name: Start and enable Jellyfin service - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ jellyfin_name }}" state: started enabled: true diff --git a/roles/jenkins/tasks/agent.yml b/roles/jenkins/tasks/agent.yml index 6121c98..36786a3 100644 --- a/roles/jenkins/tasks/agent.yml +++ b/roles/jenkins/tasks/agent.yml @@ -1,5 +1,5 @@ - name: Create Jenkins user - user: + ansible.builtin.user: name: "{{ jenkins_user }}" state: present shell: /bin/bash @@ -7,25 +7,25 @@ generate_ssh_key: true - name: Set Jenkins authorized key - authorized_key: + ansible.posix.authorized_key: user: jenkins state: present exclusive: true key: "{{ jenkins_sshkey }}" - name: Give Jenkins user passwordless sudo - template: + ansible.builtin.template: src: jenkins_sudoers.j2 dest: /etc/sudoers.d/{{ jenkins_user }} validate: "visudo -cf %s" mode: 0440 - name: Install Ansible - apt: + ansible.builtin.apt: name: ansible state: present - name: Install Java - apt: + ansible.builtin.apt: name: default-jre state: present diff --git a/roles/jenkins/tasks/main.yml b/roles/jenkins/tasks/main.yml index f65b290..530803d 100644 --- a/roles/jenkins/tasks/main.yml +++ b/roles/jenkins/tasks/main.yml @@ -1,5 +1,5 @@ -- import_tasks: agent.yml +- ansible.builtin.import_tasks: agent.yml when: jenkins_sshkey is defined -- import_tasks: server.yml +- ansible.builtin.import_tasks: server.yml when: jenkins_domain is defined diff --git a/roles/jenkins/tasks/server.yml b/roles/jenkins/tasks/server.yml index e6f08b5..b59abd5 100644 --- a/roles/jenkins/tasks/server.yml +++ b/roles/jenkins/tasks/server.yml @@ -1,12 +1,12 @@ - name: Create Jenkin's directory - file: + ansible.builtin.file: path: "{{ jenkins_root }}" state: directory owner: "1000" group: "1000" - name: Start Jenkins Container - docker_container: + community.general.docker_container: name: "{{ jenkins_name }}" image: jenkins/jenkins:{{ jenkins_version }} state: started diff --git a/roles/libvirt/tasks/main.yml b/roles/libvirt/tasks/main.yml index c820aa7..1bff023 100644 --- a/roles/libvirt/tasks/main.yml +++ b/roles/libvirt/tasks/main.yml @@ -1,15 +1,15 @@ - name: Install QEMU/KVM - apt: + ansible.builtin.apt: name: qemu-kvm state: present - name: Install Libvirt - apt: + ansible.builtin.apt: name: ["libvirt-clients", "libvirt-daemon-system"] state: present - name: Add users to libvirt group - user: + ansible.builtin.user: name: "{{ item }}" groups: libvirt append: yes @@ -17,12 +17,12 @@ when: libvirt_users is defined - name: Check for NODOWNLOAD file - stat: + ansible.builtin.stat: path: /var/lib/libvirt/images/NODOWNLOAD register: NODOWNLOAD - name: Download GNU/Linux ISOs - get_url: + ansible.builtin.get_url: url: "{{ item.url }}" dest: /var/lib/libvirt/images checksum: "{{ item.hash }}" @@ -34,7 +34,7 @@ # Prevent downloaded ISOs from being rehashed every run - name: Create NODOWNLOAD file - file: + ansible.builtin.file: path: /var/lib/libvirt/images/NODOWNLOAD state: touch when: download_isos.changed diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index 29c5f33..0c43cc9 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -1,23 +1,23 @@ - name: Install MariaDB - apt: + ansible.builtin.apt: name: mariadb-server state: present - name: Change the bind-address to allow Docker - lineinfile: + ansible.builtin.lineinfile: path: /etc/mysql/mariadb.conf.d/50-server.cnf regex: "^bind-address" line: "bind-address = 0.0.0.0" register: mariadb_conf - name: Restart MariaDB - service: + ansible.builtin.service: name: mariadb state: restarted when: mariadb_conf.changed - name: Allow database connections - ufw: + community.general.ufw: rule: allow port: "3306" proto: tcp diff --git a/roles/minecraft/tasks/java.yml b/roles/minecraft/tasks/java.yml index d34f9bc..3885735 100644 --- a/roles/minecraft/tasks/java.yml +++ b/roles/minecraft/tasks/java.yml @@ -1,28 +1,28 @@ - name: Install GPG - apt: + ansible.builtin.apt: name: gpg state: present - name: Add AdoptOpenJDK's signing key - apt_key: + ansible.builtin.apt_key: id: 8ED17AF5D7E675EB3EE3BCE98AC3B29174885C03 url: https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public - name: Install AdoptOpenJDK repository - apt_repository: + ansible.builtin.apt_repository: repo: deb https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/ buster main mode: 0644 state: present - name: Install Java - apt: + ansible.builtin.apt: name: "adoptopenjdk-{{ item.java.version }}-hotspot" state: present when: item.java.version is defined loop: "{{ minecraft }}" - name: "Install default Java, version {{ minecraft_java }}" - apt: + ansible.builtin.apt: name: "{{ minecraft_java_pkg }}" state: present when: item.java.version is not defined @@ -30,7 +30,7 @@ register: minecraft_java_default - name: "Activate default Java, version {{ minecraft_java }}" - alternatives: + community.general.alternatives: name: java path: "/usr/lib/jvm/{{ minecraft_java_pkg }}-amd64/bin/java" when: minecraft_java_default.changed diff --git a/roles/minecraft/tasks/main.yml b/roles/minecraft/tasks/main.yml index c13ec8d..61d4c85 100644 --- a/roles/minecraft/tasks/main.yml +++ b/roles/minecraft/tasks/main.yml @@ -1,14 +1,14 @@ -- import_tasks: system.yml +- ansible.builtin.import_tasks: system.yml when: minecraft_eula -- import_tasks: java.yml +- ansible.builtin.import_tasks: java.yml when: minecraft_eula -- import_tasks: vanilla.yml +- ansible.builtin.import_tasks: vanilla.yml when: minecraft_eula -- import_tasks: modpacks.yml +- ansible.builtin.import_tasks: modpacks.yml when: minecraft_eula -- import_tasks: service.yml +- ansible.builtin.import_tasks: service.yml when: minecraft_eula diff --git a/roles/minecraft/tasks/modpacks.yml b/roles/minecraft/tasks/modpacks.yml index 5871668..94f2ad4 100644 --- a/roles/minecraft/tasks/modpacks.yml +++ b/roles/minecraft/tasks/modpacks.yml @@ -1,5 +1,5 @@ - name: Download Minecraft modpack installer - get_url: + ansible.builtin.get_url: url: "{{ minecraft_modpack_url }}" dest: "{{ minecraft_home }}/{{ item.name }}/serverinstall_{{ item.modpack | replace ('/', '_') }}" owner: "{{ minecraft_user }}" @@ -9,7 +9,7 @@ when: item.modpack is defined and item.sha1 is not defined - name: Run Minecraft modpack installer - command: "sudo -u {{ minecraft_user }} ./serverinstall_{{ item.modpack | replace ('/', '_') }} --auto" + ansible.builtin.command: "sudo -u {{ minecraft_user }} ./serverinstall_{{ item.modpack | replace ('/', '_') }} --auto" args: creates: "{{ minecraft_home }}/{{ item.name }}/mods" chdir: "{{ minecraft_home }}/{{ item.name }}" @@ -17,7 +17,7 @@ when: item.modpack is defined and item.sha1 is not defined - name: Find Minecraft Forge - find: + ansible.builtin.find: paths: "{{ minecraft_home }}/{{ item.name }}" patterns: "forge*.jar" register: minecraft_forge @@ -25,7 +25,7 @@ when: item.modpack is defined and item.sha1 is not defined - name: Link to Minecraft Forge - file: + ansible.builtin.file: src: "{{ item.files[0].path }}" dest: "{{ minecraft_home }}/{{ item.item.name }}/minecraft_server.jar" owner: "{{ minecraft_user }}" diff --git a/roles/minecraft/tasks/service.yml b/roles/minecraft/tasks/service.yml index a0e9f17..ad052b5 100644 --- a/roles/minecraft/tasks/service.yml +++ b/roles/minecraft/tasks/service.yml @@ -1,11 +1,11 @@ - name: Deploy Minecraft systemd service - template: + ansible.builtin.template: src: minecraft.service.j2 dest: "/etc/systemd/system/minecraft@.service" register: minecraft_systemd - name: Deploy service environmental variables - template: + ansible.builtin.template: src: environment.conf.j2 dest: "{{ minecraft_home }}/{{ item.name }}/environment.conf" owner: "{{ minecraft_user }}" @@ -13,25 +13,25 @@ loop: "{{ minecraft }}" - name: Reload systemd manager configuration - systemd: + ansible.builtin.systemd: daemon_reload: true when: minecraft_systemd.changed - name: Disable non-default service instances - service: + ansible.builtin.service: name: "minecraft@{{ item.name }}" enabled: false loop: "{{ minecraft }}" when: item.name != minecraft_onboot - name: Enable default service instance - service: + ansible.builtin.service: name: "minecraft@{{ minecraft_onboot }}" enabled: true when: minecraft_eula and minecraft_onboot is defined - name: Run default service instance - service: + ansible.builtin.service: name: "minecraft@{{ minecraft_onboot }}" state: started when: minecraft_eula and minecraft_onboot is defined and minecraft_onboot_run diff --git a/roles/minecraft/tasks/system.yml b/roles/minecraft/tasks/system.yml index 5a8aeb1..7297de8 100644 --- a/roles/minecraft/tasks/system.yml +++ b/roles/minecraft/tasks/system.yml @@ -1,16 +1,16 @@ - name: Install Screen - apt: + ansible.builtin.apt: name: screen state: present - name: Create Minecraft user - user: + ansible.builtin.user: name: "{{ minecraft_user }}" state: present - shell: /bin/bash + ansible.builtin.shell: /bin/bash - name: Create Minecraft directory - file: + ansible.builtin.file: path: "{{ minecraft_home }}/{{ item.name }}" state: directory owner: "{{ minecraft_user }}" @@ -18,7 +18,7 @@ loop: "{{ minecraft }}" - name: Answer to Mojang's EULA - template: + ansible.builtin.template: src: eula.txt.j2 dest: "{{ minecraft_home }}/{{ item.name }}/eula.txt" owner: "{{ minecraft_user }}" diff --git a/roles/minecraft/tasks/vanilla.yml b/roles/minecraft/tasks/vanilla.yml index 2d70038..39c36fd 100644 --- a/roles/minecraft/tasks/vanilla.yml +++ b/roles/minecraft/tasks/vanilla.yml @@ -1,5 +1,5 @@ - name: Download Minecraft - get_url: + ansible.builtin.get_url: url: "{{ minecraft_url }}" dest: "{{ minecraft_home }}/{{ item.name }}/minecraft_server.jar" checksum: "sha1:{{ item.sha1 }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index ea344e2..7387a3f 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -1,9 +1,9 @@ - name: Create Nextcloud network - docker_network: + community.general.docker_network: name: "{{ nextcloud_container }}" - name: Start Nextcloud's database container - docker_container: + community.general.docker_container: name: "{{ nextcloud_dbcontainer }}" image: mariadb:{{ nextcloud_dbversion }} state: started @@ -19,7 +19,7 @@ MYSQL_PASSWORD: "{{ nextcloud_dbpass }}" - name: Start Nextcloud container - docker_container: + community.general.docker_container: name: "{{ nextcloud_container }}" image: nextcloud:{{ nextcloud_version }} state: started @@ -41,34 +41,34 @@ traefik.enable: "true" - name: Grab Nextcloud database container information - docker_container_info: + community.general.docker_container_info: name: "{{ nextcloud_dbcontainer }}" register: nextcloud_dbinfo - name: Grab Nextcloud container information - docker_container_info: + community.general.docker_container_info: name: "{{ nextcloud_container }}" register: nextcloud_info - name: Wait for Nextcloud to become available - wait_for: + ansible.builtin.wait_for: host: "{{ nextcloud_info.container.NetworkSettings.Networks.traefik.IPAddress }}" port: 80 - name: Check Nextcloud status - command: "docker exec --user www-data {{ nextcloud_container }} + ansible.builtin.command: "docker exec --user www-data {{ nextcloud_container }} php occ status" register: nextcloud_status args: removes: "{{ nextcloud_root }}/config/CAN_INSTALL" - name: Wait for Nextcloud database to become available - wait_for: + ansible.builtin.wait_for: host: "{{ nextcloud_dbinfo.container.NetworkSettings.Networks.nextcloud.IPAddress }}" port: 3306 - name: Install Nextcloud - command: 'docker exec --user www-data {{ nextcloud_container }} + ansible.builtin.command: 'docker exec --user www-data {{ nextcloud_container }} php occ maintenance:install --database "mysql" --database-host "{{ nextcloud_dbcontainer }}" @@ -83,19 +83,19 @@ - nextcloud_domain is defined - name: Set Nextcloud's Trusted Proxy - command: 'docker exec --user www-data {{ nextcloud_container }} + ansible.builtin.command: 'docker exec --user www-data {{ nextcloud_container }} php occ config:system:set trusted_proxies 0 --value="{{ traefik_name }}"' when: nextcloud_install.changed - name: Set Nextcloud's Trusted Domain - command: 'docker exec --user www-data {{ nextcloud_container }} + ansible.builtin.command: 'docker exec --user www-data {{ nextcloud_container }} php occ config:system:set trusted_domains 0 --value="{{ nextcloud_domain }}"' when: nextcloud_install.changed - name: Preform Nextcloud database maintenance - command: "docker exec --user www-data {{ nextcloud_container }} {{ item }}" + ansible.builtin.command: "docker exec --user www-data {{ nextcloud_container }} {{ item }}" loop: - "php occ maintenance:mode --on" - "php occ db:add-missing-indices" @@ -104,6 +104,6 @@ when: nextcloud_install.changed - name: Remove Nextcloud's CAN_INSTALL file - file: + ansible.builtin.file: path: "{{ nextcloud_root }}/config/CAN_INSTALL" state: absent diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 968b681..92c75df 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,15 +1,15 @@ - name: Create nginx root - file: + ansible.builtin.file: path: "{{ nginx_root }}" state: directory - name: Generate deploy keys - openssh_keypair: + community.crypto.openssh_keypair: path: "{{ nginx_repo_key }}" state: present - name: Clone static website files - git: + ansible.builtin.git: repo: "{{ nginx_repo_url }}" dest: "{{ nginx_html }}" version: "{{ nginx_repo_branch }}" @@ -17,7 +17,7 @@ separate_git_dir: "{{ nginx_repo_dest }}" - name: Start nginx container - docker_container: + community.general.docker_container: name: "{{ nginx_name }}" image: nginx:{{ nginx_version }} state: started diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 713aac5..3f68fb2 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -1,10 +1,10 @@ - name: Install PostgreSQL - apt: + ansible.builtin.apt: name: postgresql state: present - name: Trust connections to PostgreSQL - postgresql_pg_hba: + community.general.postgresql_pg_hba: dest: "{{ postgresql_config }}" contype: host databases: all @@ -15,7 +15,7 @@ loop: "{{ postgresql_trust }}" - name: Change PostgreSQL listen addresses - postgresql_set: + community.general.postgresql_set: name: listen_addresses value: "{{ postgresql_listen }}" become: true @@ -23,19 +23,19 @@ register: postgresql_config - name: Reload PostgreSQL - service: + ansible.builtin.service: name: postgresql state: reloaded when: postgresql_hba.changed and not postgresql_config.changed - name: Restart PostgreSQL - service: + ansible.builtin.service: name: postgresql state: restarted when: postgresql_config.changed - name: Allow database connections - ufw: + community.general.ufw: rule: allow port: "5432" proto: tcp diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index f19fead..e17975e 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -1,35 +1,35 @@ - name: Install Prometheus node exporter - apt: + ansible.builtin.apt: name: prometheus-node-exporter state: present - name: Run Prometheus node exporter - service: + ansible.builtin.service: name: prometheus-node-exporter state: started - name: Create Prometheus data directory - file: + ansible.builtin.file: path: "{{ prom_root }}/prometheus" state: directory owner: nobody - name: Create Prometheus config directory - file: + ansible.builtin.file: path: "{{ prom_root }}/config" state: directory - name: Install Prometheus configuration - template: + ansible.builtin.template: src: prometheus.yml.j2 dest: "{{ prom_root }}/config/prometheus.yml" - name: Create Prometheus network - docker_network: + community.general.docker_network: name: "{{ prom_name }}" - name: Start Prometheus container - docker_container: + community.general.docker_container: name: "{{ prom_name }}" image: prom/prometheus:{{ prom_version }} state: started @@ -51,7 +51,7 @@ traefik.enable: "true" - name: Start Grafana container - docker_container: + community.general.docker_container: name: "{{ grafana_name }}" image: grafana/grafana:{{ grafana_version }} state: started diff --git a/roles/proxy/handlers/main.yml b/roles/proxy/handlers/main.yml index 00e75ca..4bfa1bb 100644 --- a/roles/proxy/handlers/main.yml +++ b/roles/proxy/handlers/main.yml @@ -1,5 +1,5 @@ - name: Reload nginx - service: + ansible.builtin.service: name: nginx state: reloaded listen: reload_nginx diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index f87fec8..a35075a 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -1,29 +1,29 @@ - name: Install nginx - apt: + ansible.builtin.apt: name: nginx state: present update_cache: true - name: Start nginx and enable on boot - service: + ansible.builtin.service: name: nginx state: started enabled: true - name: Generate DH Parameters - openssl_dhparam: + community.crypto.openssl_dhparam: path: /etc/ssl/dhparams.pem size: 4096 - name: Install nginx base configuration - template: + ansible.builtin.template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf mode: '0644' notify: reload_nginx - name: Install nginx sites configuration - template: + ansible.builtin.template: src: server-nginx.conf.j2 dest: "/etc/nginx/sites-available/{{ item.domain }}.conf" mode: '0644' @@ -32,7 +32,7 @@ register: nginx_sites - name: Enable nginx sites configuration - file: + ansible.builtin.file: src: "/etc/nginx/sites-available/{{ item.item.domain }}.conf" dest: "/etc/nginx/sites-enabled/{{ item.item.domain }}.conf" state: link @@ -41,7 +41,7 @@ notify: reload_nginx - name: Generate self-signed certificate - shell: 'openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes \ + ansible.builtin.shell: 'openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes \ -subj "/C=US/ST=Local/L=Local/O=Org/OU=IT/CN=example.com" \ -keyout /etc/ssl/private/nginx-selfsigned.key \ -out /etc/ssl/certs/nginx-selfsigned.crt' @@ -51,33 +51,33 @@ notify: reload_nginx - name: Install LE's certbot - apt: + ansible.builtin.apt: name: ['certbot', 'python3-certbot-dns-cloudflare'] state: present when: proxy.production is defined and proxy.production - name: Install Cloudflare API token - template: + ansible.builtin.template: src: cloudflare.ini.j2 dest: /root/.cloudflare.ini mode: '0600' when: proxy.production is defined and proxy.production and proxy.dns_cloudflare is defined - name: Create nginx post renewal hook directory - file: + ansible.builtin.file: path: /etc/letsencrypt/renewal-hooks/post state: directory when: proxy.production is defined and proxy.production - name: Install nginx post renewal hook - copy: + ansible.builtin.copy: src: reload-nginx.sh dest: /etc/letsencrypt/renewal-hooks/post/reload-nginx.sh mode: '0755' when: proxy.production is defined and proxy.production - name: Run Cloudflare DNS-01 challenges on wildcard domains - shell: '/usr/bin/certbot certonly \ + ansible.builtin.shell: '/usr/bin/certbot certonly \ --non-interactive \ --agree-tos \ --email "{{ proxy.dns_cloudflare.email }}" \ @@ -93,7 +93,7 @@ notify: reload_nginx - name: Add HTTP and HTTPS firewall rule - ufw: + community.general.ufw: rule: allow port: "{{ item }}" proto: tcp diff --git a/roles/rsnapshot/tasks/main.yml b/roles/rsnapshot/tasks/main.yml index 63de8a8..8553594 100644 --- a/roles/rsnapshot/tasks/main.yml +++ b/roles/rsnapshot/tasks/main.yml @@ -13,12 +13,12 @@ # along with this program. If not, see . - name: Install rsnapshot - apt: + ansible.builtin.apt: name: rsnapshot state: present - name: Create rsnapshot system directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory loop: @@ -26,19 +26,19 @@ - "{{ rsnapshot_logdir }}" - name: Create snapshot_root directories - file: + ansible.builtin.file: path: "{{ item.root | default(rsnapshot_root) }}" state: directory loop: "{{ rsnapshot }}" - name: Install rsnapshot configuration - template: + ansible.builtin.template: src: rsnapshot.conf.j2 dest: "{{ rsnapshot_confdir }}/{{ item.name }}.conf" loop: "{{ rsnapshot }}" - name: Install rsnapshot crons - cron: + ansible.builtin.cron: name: "{{ item.1.interval }} rsnapshot of {{ item.0.name }}" job: "/usr/bin/rsnapshot -c {{ rsnapshot_confdir }}/{{ item.0.name }}.conf {{ item.1.interval }} >/dev/null" user: "root" @@ -53,13 +53,13 @@ - cron - name: Install rsnapshot report script - template: + ansible.builtin.template: src: rsnapshot-report.sh.j2 dest: /usr/local/bin/rsnapshot-report mode: '0750' - name: Install rsnapshot report crons - cron: + ansible.builtin.cron: name: "{{ item.name }} rsnapshot report email" job: "/usr/local/bin/rsnapshot-report {{ rsnapshot_reportlog }} | mail -s '{{ item.report.subject | default('Backup Report') }}' {{ item.report.to }}" diff --git a/roles/traefik/handlers/main.yml b/roles/traefik/handlers/main.yml index 79f9ea8..3fe7c10 100644 --- a/roles/traefik/handlers/main.yml +++ b/roles/traefik/handlers/main.yml @@ -1,11 +1,11 @@ - name: Reload Traefik container - file: + ansible.builtin.file: path: "{{ traefik_root }}/config/dynamic" state: touch listen: reload_traefik - name: Restart Traefik - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ traefik_name }}" state: restarted listen: restart_traefik diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index c85ac56..225f2be 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -1,10 +1,10 @@ - name: Create Traefik directories - file: + ansible.builtin.file: path: "{{ traefik_root }}/config/dynamic" state: directory - name: Install dynamic security configuration - template: + ansible.builtin.template: src: security.yml.j2 dest: "{{ traefik_root }}/config/dynamic/security.yml" owner: root @@ -13,32 +13,32 @@ notify: reload_traefik - name: Install dynamic non-docker configuration - template: + ansible.builtin.template: src: "external.yml.j2" dest: "{{ traefik_root }}/config/dynamic/{{ item.name }}.yml" loop: "{{ traefik_external }}" when: traefik_external is defined - name: Install Traefik's docker-compose file - template: + ansible.builtin.template: src: docker-compose.yml.j2 dest: "{{ traefik_root }}/docker-compose.yml" notify: restart_traefik - name: Install Traefik's docker-compose variables - template: + ansible.builtin.template: src: compose-env.j2 dest: "{{ traefik_root }}/.env" notify: restart_traefik - name: Install static Traefik configuration - template: + ansible.builtin.template: src: traefik.yml.j2 dest: "{{ traefik_root }}/config/traefik.yml" notify: restart_traefik - name: Start and enable Traefik service - service: + ansible.builtin.service: name: "{{ docker_compose_service }}@{{ traefik_name }}" state: started enabled: true diff --git a/roles/unifi/tasks/main.yml b/roles/unifi/tasks/main.yml index 096dd40..2baf8de 100644 --- a/roles/unifi/tasks/main.yml +++ b/roles/unifi/tasks/main.yml @@ -1,52 +1,52 @@ - name: Install GnuPG - apt: + ansible.builtin.apt: name: gnupg state: present - name: Add AdoptOpenJDK's signing key - apt_key: + ansible.builtin.apt_key: id: 8ED17AF5D7E675EB3EE3BCE98AC3B29174885C03 url: https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public - name: Add MongoDB 3.6's signing key - apt_key: + ansible.builtin.apt_key: id: 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5 url: https://www.mongodb.org/static/pgp/server-3.6.asc - name: Add UniFi's signing key - apt_key: + ansible.builtin.apt_key: id: 4A228B2D358A5094178285BE06E85760C0A52C50 keyserver: keyserver.ubuntu.com - name: Install AdoptOpenJDK repository - apt_repository: + ansible.builtin.apt_repository: repo: deb https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/ buster main mode: 0644 state: present - name: Install MongoDB 3.6 repository - apt_repository: + ansible.builtin.apt_repository: repo: deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/3.6 main mode: 0644 state: present - name: Install UniFi repository - apt_repository: + ansible.builtin.apt_repository: repo: deb https://www.ui.com/downloads/unifi/debian stable ubiquiti mode: 0644 state: present - name: Install MongoDB 3.6 - apt: + ansible.builtin.apt: name: mongodb-org state: present - name: Install OpenJDK 8 LTS - apt: + ansible.builtin.apt: name: adoptopenjdk-8-hotspot state: present - name: Install UniFi - apt: + ansible.builtin.apt: name: unifi state: present diff --git a/roles/wordpress/tasks/main.yml b/roles/wordpress/tasks/main.yml index 2e3c1c6..3d00e40 100644 --- a/roles/wordpress/tasks/main.yml +++ b/roles/wordpress/tasks/main.yml @@ -1,5 +1,5 @@ - name: Start WordPress database container - docker_container: + community.general.docker_container: name: "{{ wordpress_dbcontainer }}" image: mariadb:{{ wordpress_dbversion }} restart_policy: always @@ -11,7 +11,7 @@ MYSQL_PASSWORD: "{{ wordpress_dbpass }}" - name: Start WordPress container - docker_container: + community.general.docker_container: name: "{{ wordpress_container }}" image: wordpress:{{ wordpress_version }} restart_policy: always