From 3955089eb06245426100e1d88c5236b40215c86a Mon Sep 17 00:00:00 2001 From: Vladislav Ponomarev Date: Tue, 7 May 2024 18:33:48 +0700 Subject: [PATCH] Fix CI, edit TODO --- .ansible-lint | 13 +- .github/workflows/lint.yml | 50 ++---- README.md | 156 +++++++++--------- collections/requirements.yml | 8 + provisioning.yml | 10 +- roles/blocky/tasks/main.yml | 8 +- roles/cheatsheet/tasks/main.yml | 2 +- roles/doku/tasks/main.yml | 2 +- roles/dozzle/tasks/main.yml | 2 +- roles/filebrowser/tasks/main.yml | 16 +- roles/glances/tasks/main.yml | 2 +- roles/hemmelig/tasks/main.yml | 6 +- roles/homer/tasks/main.yml | 6 +- roles/mayurifag_github_io/tasks/main.yml | 2 +- roles/navidrome/tasks/main.yml | 6 +- roles/netdata/tasks/main.yml | 4 +- roles/ocis/tasks/main.yml | 6 +- roles/portainer/tasks/main.yml | 6 +- roles/proxy/tasks/main.yml | 4 +- .../defaults/main.yml | 0 .../tasks/main.yml | 32 ++-- roles/shadowsocks/tasks/main.yml | 2 +- roles/swapoff/tasks/main.yml | 5 +- roles/traefik/tasks/main.yml | 12 +- .../defaults/main.yml | 0 .../tasks/main.yml | 9 +- roles/users/tasks/main.yml | 22 +-- roles/vaultwarden/tasks/main.yml | 4 +- roles/wallabag/tasks/main.yml | 4 +- roles/watchtower/tasks/main.yml | 2 +- roles/whattocommit/tasks/main.yml | 2 +- roles/wireguard/tasks/main.yml | 6 +- 32 files changed, 204 insertions(+), 205 deletions(-) create mode 100644 collections/requirements.yml rename roles/{server-general-preparations => server_general_preparations}/defaults/main.yml (100%) rename roles/{server-general-preparations => server_general_preparations}/tasks/main.yml (58%) rename roles/{upgrade-packages => upgrade_packages}/defaults/main.yml (100%) rename roles/{upgrade-packages => upgrade_packages}/tasks/main.yml (92%) diff --git a/.ansible-lint b/.ansible-lint index 341336f..0d60b0d 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,9 +1,6 @@ -# [108] role names have "-" -# [208] file permissions not mentioned +--- skip_list: - - '106' - - '208' -# use_default_rules: true -# verbosity: 1 - -# example: https://opendev.org/openstack/openstack-zuul-jobs/src/branch/master/.ansible-lint + - "risky-file-permissions" + - "var-naming[no-role-prefix]" + - "package-latest" + - "no-changed-when" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4c71b12..55a85d6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,53 +1,37 @@ --- -name: Run linters +name: Linters -on: +"on": push: branches: - main pull_request: - # Allows you to run this workflow manually from the Actions tab workflow_dispatch: jobs: -############### ansible-lint: name: ansible-lint runs-on: ubuntu-latest steps: - - name: Check out the codebase - uses: actions/checkout@v2 - - - name: Set up Python 3 - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install ansible-lint - # run: pip3 install ansible-lint==4.3.7 - run: pip3 install ansible-lint - + - uses: actions/checkout@v4 - name: Run ansible-lint - # ansible-lint ./provisioning.yml -x 106,208 - run: | - ansible-lint ./provisioning.yml -############### + uses: ansible/ansible-lint@main # or version tag instead of 'main' + yamllint: - name: yamllint + name: yaml-lint runs-on: ubuntu-latest steps: - - name: Check out the codebase - uses: actions/checkout@v2 - - - name: Set up Python 3 - uses: actions/setup-python@v2 + - uses: actions/checkout@master + - name: Run yamllint + uses: karancode/yamllint-github-action@master with: - python-version: '3.x' - - - name: Install yamllint - run: pip3 install yamllint + yamllint_strict: true + yamllint_comment: false - - name: Run yamllint - run: | - yamllint . + markdown-lint: + name: markdown-lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + - uses: articulate/actions-markdownlint@v1 diff --git a/README.md b/README.md index 7a86f27..2740852 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Ansible playbook for provisioning mayurifag.ru +[![Linters](https://github.com/Mayurifag/mayurifag.ru/actions/workflows/lint.yml/badge.svg)](https://github.com/Mayurifag/mayurifag.ru/actions/workflows/lint.yml) + ## Description **DONT USE THIS REPOSITORY NO MATTER WHAT** due to security reasons (i.e. there @@ -17,15 +19,15 @@ Cloudflare or your favourite DNS provider. ### VPS -- Debian 10-11 (maybe works fine on other `apt` distros) -- Large folder for docker data (Done by VPS via large disk) -- ssh authorization key for root user (Done by VPS or +* Debian 10-11 (maybe works fine on other `apt` distros) +* Large folder for docker data (Done by VPS via large disk) +* ssh authorization key for root user (Done by VPS or `ssh-copy-id root@mayurifag.ru`) ### Your PC -- Ansible `python3 -m pip install --user ansible` -- (only MacOS) - passlib `python3 -m pip install --user passlib` (to use crypto +* Ansible `python3 -m pip install --user ansible` +* (only MacOS) - passlib `python3 -m pip install --user passlib` (to use crypto module from ansible) ## Instructions @@ -54,13 +56,13 @@ apt-get --allow-releaseinfo-change update #### Optional in-before steps -- Remove old remote host identification +* Remove old remote host identification ```sh ssh-keygen -R mayurifag.ru ; ssh-keygen -R $(host mayurifag.ru | awk '/has address/ {print $4}') ``` -- Generate new ssh key and add it to your inventory vars file +* Generate new ssh key and add it to your inventory vars file ```sh ssh-keygen -t rsa -b 4096 -C "Mayurifag@mayurifag.ru" -f ~/Desktop/mayurifag.ru @@ -69,7 +71,7 @@ vi inventories/my-provision/group_vars/sample.yml # add key here in section keepassxc # Make new ssh agent entry ``` -- Make new ssh config section. You need to change it after deploy. +* Make new ssh config section. You need to change it after deploy. ```sh vi ~/.ssh/config @@ -126,76 +128,78 @@ need to deploy my services once again. ### High priority -- [x] Some strange things with Traefik config. If problem with "my-headers@file" -> - return "my-headers@file" -- [ ] Log rotation for docker containers -- [ ] ~~https://github.com/alexta69/metube~~ -- [ ] ~~Add cleaning up apt-get to get extra 1GB~~ -- [ ] ~~Think how to rotate logs easily for docker (takes all the space in a year or more)~~ -- [ ] Ssh configuration: change port and make the sshd configuration cheatsheet with Readme -- [x] Comment out ports sections on containers and try to work with them -- [x] Add Dozzle -- [ ] Uptime Kuma -- [x] Blocky DNS -- [ ] Add systemd services -- [ ] Migrate to dashboard which is easy maintainable: flame (with labels) -- [ ] Add Authentik / Remove baseauth -- [ ] Add Cloudflare companion tiredofit/traefik-cloudflare-companion:latest docker -- [ ] Add Vikunja -- [ ] Move this section to issues and kanban -- [ ] Add zswap -- [ ] ~~~~ -- [x] Migrate from mysql to postgres for nextcloud. Look other perfomance boosters. cron at docker for nextcloud. bump versions - - [x] - - [x] - - [x] - - [x] +* [x] Some strange things with Traefik config. If problem with + "my-headers@file" -> return "my-headers@file" +* [ ] Log rotation for docker containers - or default settings after install +* [ ] ~~~~ +* [ ] ~~Add cleaning up apt-get to get extra 1GB~~ +* [ ] ~~Think how to rotate logs easily for docker (takes all the space in a + year or more)~~ +* [ ] Ssh configuration: change port and make the sshd configuration cheatsheet + with Readme +* [x] Comment out ports sections on containers and try to work with them +* [x] Add Dozzle +* [ ] ~~Uptime Kuma~~ +* [x] Blocky DNS +* [ ] ~~Add systemd services - do I need them or I'm fine~~ +* [ ] Migrate to dashboard which is easy maintainable: flame (with labels) +* [ ] Add Authentik / Remove baseauth +* [ ] Add Cloudflare companion tiredofit/traefik-cloudflare-companion:latest docker +* [ ] ~~Add Vikunja ~~ +* [ ] Move this section to issues and kanban +* [ ] Add zswap +* [ ] ~~~~ +* [x] Migrate from mysql to postgres for nextcloud. Look other perfomance + boosters. cron at docker for nextcloud. bump versions + * [x] + * [x] + * [x] + * [x] ### Medium priority -- [ ] https://github.com/epoupon/lms -- [ ] Add automatic backup solution (duplicati?). Do I need anything more than +* [x] +* [ ] Add automatic backup solution (duplicati?). Do I need anything more than /data/docker_data? -- [ ] Add ufw with rules + make docker respect the rules -- [ ] Add pastebin -- [ ] ~~Make traefik to write logs to file + logrotate them~~ -- [ ] Suggest if I need more fail2ban jail rules - - [ ] -- [ ] Add motd.txt to server - - [ ] About lazydocker - - [ ] Aliases -- [ ] ~~~~ -- [x] Navidrome -- [x] Doku https://github.com/tborychowski/self-hosted-cookbook/blob/master/apps/docker/doku.md -- [ ] ~~~~ -- [x] FileRun -- [x] Simple proxy server in docker -- [x] Makefiles + info to launch only specified tags -- [ ] Librespeed +* [ ] Add ufw with rules + make docker respect the rules +* [ ] Add pastebin +* [ ] ~~Make traefik to write logs to file + logrotate them~~ +* [ ] Suggest if I need more fail2ban jail rules + * [ ] +* [ ] Add motd.txt to server + * [ ] About lazydocker + * [ ] Aliases +* [ ] ~~~~ +* [x] Navidrome +* [x] Doku +* [ ] ~~~~ +* [x] FileRun +* [x] Simple proxy server in docker +* [x] Makefiles + info to launch only specified tags ### Low priority -- [ ] Add zsh -- [ ] Make CI working -- [x] Add instructions for requirements and deployment -- [ ] Try to make deploy from zero to hero. Add instructions if needed. -- [x] Add lightweight filesharing nextcloud alternative (FileRun?) -- [ ] Add web analytics (matomo?) -- [ ] Add rocket.chat -- [ ] Add url shortener -- [ ] Add wiki -- [ ] Add ci/cd runner for gitlab/github -- [ ] Add bitwarden -- [ ] Add Git (gitea/gitlab) -- [ ] Check security -- [ ] Make connection to docker through proxy fluencelabs/docker-socket-proxy -- [x] Migrate from dante to something docker based - - [x] - - [x] -- [x] Migrate from shadowsocks-rust + v2ray to shadowsocks2-go + x-ray / maybe docker - - [x] - - [x] -- [ ] https://hub.docker.com/r/linuxserver/librespeed +* [ ] Add zsh +* [ ] Make CI working +* [x] Add instructions for requirements and deployment +* [ ] Try to make deploy from zero to hero. Add instructions if needed. +* [x] Add lightweight filesharing nextcloud alternative (FileRun?) +* [ ] Add web analytics (matomo?) +* [ ] Add rocket.chat +* [ ] ~~Add url shortener~~ +* [ ] Add wiki +* [ ] Add Git (gitea/gitlab/else) + * [ ] Add ci/cd runner for selfhosted git +* [x] Add ~~bitwarden~~ Vaultwarden +* [ ] Check security +* [ ] Make connection to docker through proxy fluencelabs/docker-socket-proxy +* [x] Migrate from dante to something docker based + * [x] + * [x] +* [x] Migrate from shadowsocks-rust + v2ray to shadowsocks2-go + x-ray / maybe docker + * [x] + * [x] +* [ ] ## Older implementation @@ -206,8 +210,8 @@ migrate into newer implementation. ## Based on / inspired / helpful -- -- -- -- -- +* +* +* +* +* diff --git a/collections/requirements.yml b/collections/requirements.yml new file mode 100644 index 0000000..5c43049 --- /dev/null +++ b/collections/requirements.yml @@ -0,0 +1,8 @@ +--- +collections: + - name: community.docker + version: 3.9.0 + - name: community.general + version: 8.6.0 + - name: ansible.posix + version: 1.5.4 diff --git a/provisioning.yml b/provisioning.yml index 89cd44f..d395ff1 100644 --- a/provisioning.yml +++ b/provisioning.yml @@ -1,5 +1,6 @@ --- -- hosts: all +- name: Bootstrap + hosts: all become: yes gather_facts: no roles: @@ -8,7 +9,8 @@ - bootstrap when: (bootstrap_enabled | default(True)) -- hosts: all +- name: Provisioning + hosts: all gather_facts: no roles: ### @@ -24,11 +26,11 @@ - swap when: (swap_enabled | default(False)) - - role: server-general-preparations + - role: server_general_preparations tags: - mayurifag-general - - role: upgrade-packages + - role: upgrade_packages tags: - mayurifag-general diff --git a/roles/blocky/tasks/main.yml b/roles/blocky/tasks/main.yml index eece240..8342a98 100644 --- a/roles/blocky/tasks/main.yml +++ b/roles/blocky/tasks/main.yml @@ -1,23 +1,23 @@ --- - name: Delete Blocky directory - file: + ansible.builtin.file: path: "{{ blocky_data_directory }}" state: absent - name: Create Blocky directory - file: + ansible.builtin.file: path: "{{ item }}" state: directory with_items: - "{{ blocky_data_directory }}/" - name: Template Blocky config.yaml - template: + ansible.builtin.template: src: config.yaml.j2 dest: "{{ blocky_data_directory }}/config.yaml" - name: Blocky Docker Container - docker_container: + community.docker.docker_container: name: blocky image: spx01/blocky pull: true diff --git a/roles/cheatsheet/tasks/main.yml b/roles/cheatsheet/tasks/main.yml index 1f831d6..01a9043 100644 --- a/roles/cheatsheet/tasks/main.yml +++ b/roles/cheatsheet/tasks/main.yml @@ -1,7 +1,7 @@ --- # TODO: show only if enabled - name: Show cheatsheet - pause: + ansible.builtin.pause: seconds: 1 prompt: | =============================== diff --git a/roles/doku/tasks/main.yml b/roles/doku/tasks/main.yml index 3c6ba13..1af6848 100644 --- a/roles/doku/tasks/main.yml +++ b/roles/doku/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Doku Docker Container - docker_container: + community.docker.docker_container: name: doku image: amerkurev/doku pull: true diff --git a/roles/dozzle/tasks/main.yml b/roles/dozzle/tasks/main.yml index f2ed1a5..c5bbd8a 100644 --- a/roles/dozzle/tasks/main.yml +++ b/roles/dozzle/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Create Dozzle Docker Container - docker_container: + community.docker.docker_container: name: dozzle image: amir20/dozzle:latest pull: true diff --git a/roles/filebrowser/tasks/main.yml b/roles/filebrowser/tasks/main.yml index 188d7c8..ee11fdd 100644 --- a/roles/filebrowser/tasks/main.yml +++ b/roles/filebrowser/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Delete Filebrowser directory - file: + ansible.builtin.file: path: "{{ filebrowser_data_directory }}" state: absent - name: Create Filebrowser directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: "{{ filebroswer_uid }}" @@ -19,7 +19,7 @@ - "{{ filebrowser_data_directory }}/lms_config" - name: Touch Filebrowser database file - file: + ansible.builtin.file: path: "{{ filebrowser_data_directory }}/config/filebrowser.db" state: touch mode: u+rw,g-wx,o-rwx @@ -29,7 +29,7 @@ group: "{{ filebroswer_gid }}" - name: Copy Filebrowser settings file - template: + ansible.builtin.template: src: settings.json.j2 dest: "{{ filebrowser_data_directory }}/config/settings.json" owner: "{{ filebroswer_uid }}" @@ -37,7 +37,7 @@ mode: u+rw,g-wx,o-rwx - name: Filebrowser Docker Container - docker_container: + community.docker.docker_container: name: filebrowser image: "{{ filebrowser_container }}:{{ filebrowser_version }}" pull: true @@ -64,7 +64,7 @@ traefik.http.routers.filebrowser.middlewares: "my-headers@file" - name: Syncthing Docker Container - docker_container: + community.docker.docker_container: name: syncthing image: linuxserver/syncthing:1.27.6 pull: true @@ -87,7 +87,7 @@ traefik.http.routers.syncthing.middlewares: "my-headers@file" - name: SFTPGo Docker Container - docker_container: + community.docker.docker_container: name: sftpgo image: drakkan/sftpgo:v2.5.6 pull: true @@ -116,7 +116,7 @@ traefik.http.routers.webdav.service: "webdav" - name: LMS Docker Container https://github.com/epoupon/lms - docker_container: + community.docker.docker_container: name: lms image: epoupon/lms:3.51.0 pull: true diff --git a/roles/glances/tasks/main.yml b/roles/glances/tasks/main.yml index 72b3ee9..661465e 100644 --- a/roles/glances/tasks/main.yml +++ b/roles/glances/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Create Glances Docker Container - docker_container: + community.docker.docker_container: name: glances image: nicolargo/glances pull: true diff --git a/roles/hemmelig/tasks/main.yml b/roles/hemmelig/tasks/main.yml index 79d4a9f..c54d0ca 100644 --- a/roles/hemmelig/tasks/main.yml +++ b/roles/hemmelig/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Delete Hemmelig directory - file: + ansible.builtin.file: path: "{{ hemmelig_data_directory }}" state: absent - name: Create Hemmelig Directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: "{{ admin_uid }}" @@ -15,7 +15,7 @@ - "{{ hemmelig_data_directory }}/database" - name: Create Hemmelig container - docker_container: + community.docker.docker_container: name: hemmelig image: "{{ hemmelig_docker_image }}" pull: true diff --git a/roles/homer/tasks/main.yml b/roles/homer/tasks/main.yml index acb49af..c5e916f 100644 --- a/roles/homer/tasks/main.yml +++ b/roles/homer/tasks/main.yml @@ -1,18 +1,18 @@ --- - name: Create Homer Directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory with_items: - "{{ homer_data_directory }}/assets" - name: Template Homer config.yml - template: + ansible.builtin.template: src: config.yml.j2 dest: "{{ homer_data_directory }}/assets/config.yml" - name: Create Homer container - docker_container: + community.docker.docker_container: name: homer image: "{{ homer_docker_image }}" pull: true diff --git a/roles/mayurifag_github_io/tasks/main.yml b/roles/mayurifag_github_io/tasks/main.yml index 5b90b51..4034718 100644 --- a/roles/mayurifag_github_io/tasks/main.yml +++ b/roles/mayurifag_github_io/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Create mayurifag github io Docker Container - docker_container: + community.docker.docker_container: name: mayurifag_github_io image: mayurifag/mayurifag.github.io:latest pull: true diff --git a/roles/navidrome/tasks/main.yml b/roles/navidrome/tasks/main.yml index 21ad4a5..64e8dce 100644 --- a/roles/navidrome/tasks/main.yml +++ b/roles/navidrome/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Delete Navidrome directories - file: + ansible.builtin.file: path: "{{ navidrome_data_directory }}/" state: absent - name: Create Navidrome data directory - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: www-data @@ -15,7 +15,7 @@ - "{{ navidrome_data_directory }}/" - name: Navidrome Docker Container - docker_container: + community.docker.docker_container: name: navidrome image: deluan/navidrome:latest user: "{{ navidrome_user_and_group }}" diff --git a/roles/netdata/tasks/main.yml b/roles/netdata/tasks/main.yml index cdb3da2..1e475eb 100644 --- a/roles/netdata/tasks/main.yml +++ b/roles/netdata/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Get docker group id - group: + ansible.builtin.group: name: docker register: docker_group - name: Netdata Docker Container - docker_container: + community.docker.docker_container: name: netdata hostname: "{{ netdata_subdomain }}.{{ server_hostname }}" image: netdata/netdata diff --git a/roles/ocis/tasks/main.yml b/roles/ocis/tasks/main.yml index ab4a731..7f6ee8c 100644 --- a/roles/ocis/tasks/main.yml +++ b/roles/ocis/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: Delete OCIS directory - file: + ansible.builtin.file: path: "{{ ocis_data_directory }}" state: absent - name: Create OCIS directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: "{{ admin_uid }}" @@ -15,7 +15,7 @@ - "{{ ocis_data_directory }}/config" - name: OCIS Docker Container - docker_container: + community.docker.docker_container: name: ocis image: "{{ ocis_container }}:{{ ocis_version }}" pull: true diff --git a/roles/portainer/tasks/main.yml b/roles/portainer/tasks/main.yml index f3ca028..6e25543 100644 --- a/roles/portainer/tasks/main.yml +++ b/roles/portainer/tasks/main.yml @@ -1,18 +1,18 @@ --- - name: Delete Portainer directories - file: + ansible.builtin.file: path: "{{ portainer_data_directory }}" state: absent - name: Create Portainer Directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory with_items: - "{{ portainer_data_directory }}" - name: Portainer Docker Container - docker_container: + community.docker.docker_container: name: portainer image: portainer/portainer-ce pull: true diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index fe26d37..2e7fc2a 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -1,6 +1,6 @@ --- -- name: go-socks5-proxy Docker Container - docker_container: +- name: Start go-socks5-proxy Docker Container + community.docker.docker_container: name: go-socks5-proxy image: serjs/go-socks5-proxy:latest pull: true diff --git a/roles/server-general-preparations/defaults/main.yml b/roles/server_general_preparations/defaults/main.yml similarity index 100% rename from roles/server-general-preparations/defaults/main.yml rename to roles/server_general_preparations/defaults/main.yml diff --git a/roles/server-general-preparations/tasks/main.yml b/roles/server_general_preparations/tasks/main.yml similarity index 58% rename from roles/server-general-preparations/tasks/main.yml rename to roles/server_general_preparations/tasks/main.yml index 25b7d98..a7092c4 100644 --- a/roles/server-general-preparations/tasks/main.yml +++ b/roles/server_general_preparations/tasks/main.yml @@ -1,10 +1,10 @@ --- - name: "Set hostname to {{ server_hostname }}" - hostname: + ansible.builtin.hostname: name: "{{ server_hostname }}" - name: "Set timezone to {{ server_timezone }}" - timezone: + community.general.timezone: name: "{{ server_timezone }}" # - name: Ensure the locale en_US.UTF-8 exists @@ -16,7 +16,7 @@ # command: localectl set-locale LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 - name: Apply custom sysctl values - sysctl: + ansible.posix.sysctl: name: "{{ item.key }}" value: "{{ item.value }}" ignoreerrors: yes @@ -26,20 +26,24 @@ with_items: "{{ sysctl_values }}" # https://unix.stackexchange.com/a/368309 -- name: clean sshd config out of legacy settings and warnings - shell: | - sed -i '/KeyRegenerationInterval/d' /etc/ssh/sshd_config - sed -i '/ServerKeyBits/d' /etc/ssh/sshd_config - sed -i '/RSAAuthentication/d' /etc/ssh/sshd_config - sed -i '/RhostsRSAAuthentication/d' /etc/ssh/sshd_config - sed -i '/UsePrivilegeSeparation/d' /etc/ssh/sshd_config +- name: Clean sshd config out of legacy settings and warnings + ansible.builtin.lineinfile: + path: /etc/ssh/sshd_config + state: absent + regexp: "{{ item }}" + loop: + - KeyRegenerationInterval + - ServerKeyBits + - RSAAuthentication + - RhostsRSAAuthentication + - UsePrivilegeSeparation -- name: restart sshd after changing configuration - systemd: +- name: Restart sshd after changing configuration + ansible.builtin.systemd: name: sshd state: restarted -- name: cleanup packaging - apt: +- name: Cleanup packaging + ansible.builtin.apt: autoclean: yes autoremove: yes diff --git a/roles/shadowsocks/tasks/main.yml b/roles/shadowsocks/tasks/main.yml index 5fcfec6..e62ce69 100644 --- a/roles/shadowsocks/tasks/main.yml +++ b/roles/shadowsocks/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Shadowsocks + xray-plugin Docker Container - docker_container: + community.docker.docker_container: name: ss-xray image: mazy/ss-xray:v1.13.1-v1.5.3-0 pull: true diff --git a/roles/swapoff/tasks/main.yml b/roles/swapoff/tasks/main.yml index 12b7a62..908daec 100644 --- a/roles/swapoff/tasks/main.yml +++ b/roles/swapoff/tasks/main.yml @@ -1,9 +1,10 @@ +--- - name: Disable SWAP - shell: | + ansible.builtin.shell: | swapoff -a - name: Disable SWAP in fstab - replace: + ansible.builtin.replace: path: /etc/fstab regexp: '^([^#].*?\sswap\s+.*)$' replace: '# \1' diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index 588f102..e86a3a2 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Remove Traefik Config Directory - file: + ansible.builtin.file: path: "{{ item }}" state: absent with_items: @@ -8,7 +8,7 @@ # - "{{ traefik_data_directory }}/letsencrypt" - name: Create Traefik Directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory with_items: @@ -16,21 +16,21 @@ - "{{ traefik_data_directory }}/letsencrypt" - name: Create Traefik config.toml from template - template: + ansible.builtin.template: src: traefik.toml.j2 dest: "{{ traefik_data_directory }}/traefik.toml" register: template_config - name: Create Traefik dynamic configuration files - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ traefik_data_directory }}/dynamic_configs/{{ item.path | regex_replace('\\.j2$', '') }}" force: yes - with_filetree: "../templates/dynamic_configs" + loop: "{{ query('filetree', '../templates/dynamic_configs') }}" when: item.state == 'file' - name: Traefik Docker Container - docker_container: + community.docker.docker_container: name: traefik image: "{{ traefik_docker_image }}" pull: true diff --git a/roles/upgrade-packages/defaults/main.yml b/roles/upgrade_packages/defaults/main.yml similarity index 100% rename from roles/upgrade-packages/defaults/main.yml rename to roles/upgrade_packages/defaults/main.yml diff --git a/roles/upgrade-packages/tasks/main.yml b/roles/upgrade_packages/tasks/main.yml similarity index 92% rename from roles/upgrade-packages/tasks/main.yml rename to roles/upgrade_packages/tasks/main.yml index 1aa1b46..57ff57e 100644 --- a/roles/upgrade-packages/tasks/main.yml +++ b/roles/upgrade_packages/tasks/main.yml @@ -7,18 +7,18 @@ # shell: echo 'APT::Install-Suggests "0";' > /etc/apt/apt.conf.d/01nosuggests - name: Update apt-cache - apt: + ansible.builtin.apt: update_cache: yes cache_valid_time: 3600 - name: Upgrade all packages - apt: + ansible.builtin.apt: upgrade: dist state: latest force_apt_get: yes - name: Install extra packages - apt: + ansible.builtin.apt: name: "{{ mayurifag_general_extra_packages }}" state: present force_apt_get: yes @@ -38,7 +38,6 @@ # when: reboot_required_file.stat.exists - name: Automatically remove any unused dependencies - apt: + ansible.builtin.apt: autoremove: true - # TODO: add clean apt diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index 4b706a3..ddc29bd 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -1,19 +1,19 @@ --- - name: Make sure we have a 'wheel' group - group: + ansible.builtin.group: name: wheel state: present - name: Allow 'wheel' group to have passwordless sudo - lineinfile: + ansible.builtin.lineinfile: dest: /etc/sudoers state: present - regexp: '^%wheel' - line: '%wheel ALL=(ALL) NOPASSWD: ALL' - validate: 'visudo -cf %s' + regexp: "^%wheel" + line: "%wheel ALL=(ALL) NOPASSWD: ALL" + validate: "visudo -cf %s" - name: Add admin user with wheel group - user: + ansible.builtin.user: name: "{{ admin_username }}" groups: wheel append: yes @@ -21,21 +21,21 @@ createhome: yes shell: /bin/bash -- name: Set admin password - command: "echo \"{{ admin_username }}:{{ admin_userpassword }}\" | chpasswd" +- name: Set admin user password + ansible.builtin.command: 'echo "{{ admin_username }}:{{ admin_userpassword }}" | chpasswd' - name: Set root password - command: "echo \"root:{{ root_userpassword }}\" | chpasswd" + ansible.builtin.command: 'echo "root:{{ root_userpassword }}" | chpasswd' - name: Create user .ssh directory - file: + ansible.builtin.file: path: "~{{ admin_username }}/.ssh" mode: 0700 state: directory owner: "{{ admin_username }}" - name: Create user authorized_keys - template: + ansible.builtin.template: src: "templates/authorized_keys.j2" dest: "~{{ admin_username }}/.ssh/authorized_keys" owner: "{{ admin_username }}" diff --git a/roles/vaultwarden/tasks/main.yml b/roles/vaultwarden/tasks/main.yml index 0335f96..5027730 100644 --- a/roles/vaultwarden/tasks/main.yml +++ b/roles/vaultwarden/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: Create Vaultwarden Directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory with_items: - "{{ vaultwarden_data_directory }}/" - name: Vaultwarden Docker Container - docker_container: + community.docker.docker_container: name: vaultwarden image: vaultwarden/server:1.30.5-alpine pull: true diff --git a/roles/wallabag/tasks/main.yml b/roles/wallabag/tasks/main.yml index 608c564..3bf3821 100644 --- a/roles/wallabag/tasks/main.yml +++ b/roles/wallabag/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Create Wallabag Directories - file: + ansible.builtin.file: path: "{{ item }}" state: directory with_items: @@ -8,7 +8,7 @@ - "{{ wallabag_data_directory }}/images" - name: Wallabag Docker Container - docker_container: + community.docker.docker_container: name: wallabag image: wallabag/wallabag:latest pull: true diff --git a/roles/watchtower/tasks/main.yml b/roles/watchtower/tasks/main.yml index a9d8bbd..c647d9c 100644 --- a/roles/watchtower/tasks/main.yml +++ b/roles/watchtower/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Watchtower Docker Container - docker_container: + community.docker.docker_container: name: watchtower image: containrrr/watchtower pull: true diff --git a/roles/whattocommit/tasks/main.yml b/roles/whattocommit/tasks/main.yml index 94445d1..cf51259 100644 --- a/roles/whattocommit/tasks/main.yml +++ b/roles/whattocommit/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Whattocommit Docker Container - docker_container: + community.docker.docker_container: name: whattocommit image: mayurifag/whattocommit:main pull: true diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index dc73029..327672f 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -1,18 +1,18 @@ --- - name: Delete wireguard directories - file: + ansible.builtin.file: path: "{{ wireguard_data_directory }}/" state: absent - name: Create wireguard data directory - file: + ansible.builtin.file: path: "{{ item }}" state: directory with_items: - "{{ wireguard_data_directory }}/" - name: Wireguard-Easy Docker Container - docker_container: + community.docker.docker_container: name: wg-easy image: "{{ wireguard_docker_image }}" pull: true