From a29a8fa5849c4c5f1dedc61fa05c7f668b4180e5 Mon Sep 17 00:00:00 2001 From: Salt Date: Sat, 18 Sep 2021 16:04:28 -0500 Subject: [PATCH] Get those stale roles the HECC out of my repo. We download dynamically from now on. --- .gitignore | 13 + roles/apache/.gitignore | 3 - roles/apache/.travis.yml | 33 - roles/apache/LICENSE | 20 - roles/apache/README.md | 156 ---- roles/apache/defaults/main.yml | 58 -- roles/apache/handlers/main.yml | 5 - roles/apache/meta/.galaxy_install_info | 2 - roles/apache/meta/main.yml | 38 - roles/apache/molecule/default/molecule.yml | 29 - roles/apache/molecule/default/playbook.yml | 21 - roles/apache/molecule/default/yaml-lint.yml | 6 - roles/apache/tasks/configure-Debian.yml | 54 -- roles/apache/tasks/configure-RedHat.yml | 36 - roles/apache/tasks/configure-Solaris.yml | 19 - roles/apache/tasks/configure-Suse.yml | 24 - roles/apache/tasks/main.yml | 47 -- roles/apache/tasks/setup-Debian.yml | 6 - roles/apache/tasks/setup-RedHat.yml | 6 - roles/apache/tasks/setup-Solaris.yml | 5 - roles/apache/tasks/setup-Suse.yml | 5 - roles/apache/templates/vhosts.conf.j2 | 82 --- roles/apache/vars/AmazonLinux.yml | 18 - roles/apache/vars/Debian.yml | 14 - roles/apache/vars/RedHat.yml | 20 - roles/apache/vars/Solaris.yml | 19 - roles/apache/vars/Suse.yml | 18 - roles/apache/vars/apache-22.yml | 12 - roles/apache/vars/apache-24.yml | 8 - roles/certbot/.github/FUNDING.yml | 4 - roles/certbot/.github/stale.yml | 56 -- roles/certbot/.gitignore | 3 - roles/certbot/.travis.yml | 32 - roles/certbot/.yamllint | 10 - roles/certbot/LICENSE | 20 - roles/certbot/README.md | 140 ---- roles/certbot/defaults/main.yml | 38 - roles/certbot/meta/.galaxy_install_info | 2 - roles/certbot/meta/main.yml | 34 - roles/certbot/molecule/default/converge.yml | 27 - roles/certbot/molecule/default/molecule.yml | 21 - .../default/playbook-source-install.yml | 26 - .../default/playbook-standalone-nginx-aws.yml | 180 ----- .../certbot/molecule/default/requirements.yml | 3 - .../certbot/tasks/create-cert-standalone.yml | 23 - roles/certbot/tasks/include-vars.yml | 8 - roles/certbot/tasks/install-from-source.yml | 17 - roles/certbot/tasks/install-with-package.yml | 7 - roles/certbot/tasks/main.yml | 22 - roles/certbot/tasks/renew-cron.yml | 8 - roles/certbot/tasks/setup-RedHat.yml | 20 - roles/certbot/vars/Ubuntu-16.04.yml | 2 - roles/certbot/vars/default.yml | 2 - roles/dhcp/.gitignore | 13 - roles/dhcp/.yamllint | 21 - roles/dhcp/CHANGELOG.md | 121 ---- roles/dhcp/LICENSE.md | 13 - roles/dhcp/README.md | 316 -------- roles/dhcp/defaults/main.yml | 7 - roles/dhcp/handlers/main.yml | 12 - roles/dhcp/meta/.galaxy_install_info | 2 - roles/dhcp/meta/main.yml | 21 - roles/dhcp/tasks/apparmor-fix.yml | 38 - roles/dhcp/tasks/default-fix.yml | 11 - roles/dhcp/tasks/main.yml | 70 -- roles/dhcp/templates/etc_dhcp_dhcpd.conf.j2 | 317 -------- roles/dhcp/vars/Alpine.yml | 12 - roles/dhcp/vars/Debian.yml | 13 - roles/dhcp/vars/RedHat.yml | 11 - roles/docker/.ansible-lint | 3 - roles/docker/.github/FUNDING.yml | 4 - roles/docker/.github/stale.yml | 56 -- roles/docker/.github/workflows/ci.yml | 72 -- roles/docker/.github/workflows/release.yml | 38 - roles/docker/.gitignore | 3 - roles/docker/.yamllint | 11 - roles/docker/LICENSE | 20 - roles/docker/README.md | 97 --- roles/docker/defaults/main.yml | 31 - roles/docker/handlers/main.yml | 3 - roles/docker/meta/.galaxy_install_info | 2 - roles/docker/meta/main.yml | 35 - roles/docker/molecule/default/converge.yml | 24 - roles/docker/molecule/default/molecule.yml | 17 - roles/docker/tasks/docker-compose.yml | 20 - roles/docker/tasks/docker-users.yml | 7 - roles/docker/tasks/main.yml | 27 - roles/docker/tasks/setup-Debian.yml | 40 -- roles/docker/tasks/setup-RedHat.yml | 50 -- .../.github/workflows/ansible-tests.yml | 65 -- roles/factorio/.gitignore | 1 - roles/factorio/.yamllint | 13 - roles/factorio/README.md | 257 ------- roles/factorio/defaults/main.yml | 44 -- roles/factorio/defaults/map-gen-settings.yml | 40 -- roles/factorio/defaults/map-settings.yml | 99 --- roles/factorio/defaults/server-settings.yml | 70 -- roles/factorio/defaults/server-whitelist.yml | 8 - roles/factorio/dev-requirements.txt | 2 - roles/factorio/handlers/main.yml | 13 - roles/factorio/makefile | 21 - roles/factorio/meta/.galaxy_install_info | 2 - roles/factorio/meta/main.yml | 21 - roles/factorio/molecule/centos/INSTALL.rst | 22 - roles/factorio/molecule/centos/converge.yml | 10 - roles/factorio/molecule/centos/molecule.yml | 16 - roles/factorio/molecule/centos/verify.yml | 9 - roles/factorio/molecule/debian/INSTALL.rst | 22 - roles/factorio/molecule/debian/converge.yml | 10 - roles/factorio/molecule/debian/molecule.yml | 22 - roles/factorio/molecule/debian/verify.yml | 9 - roles/factorio/molecule/ubuntu/INSTALL.rst | 22 - roles/factorio/molecule/ubuntu/converge.yml | 10 - roles/factorio/molecule/ubuntu/molecule.yml | 22 - roles/factorio/molecule/ubuntu/verify.yml | 9 - roles/factorio/tasks/main.yml | 90 --- roles/factorio/tasks/set-map-gen-settings.yml | 18 - roles/factorio/tasks/set-map-settings.yml | 18 - roles/factorio/tasks/set-server-settings.yml | 25 - roles/factorio/tasks/set-server-whitelist.yml | 18 - .../templates/service-template.service.j2 | 10 - roles/factorio/vars/main.yml | 2 - roles/gitea/.ansible-lint | 9 - roles/gitea/.gitignore | 10 - roles/gitea/.travis.yml | 26 - roles/gitea/.yamllint | 12 - roles/gitea/LICENSE | 11 - roles/gitea/README.md | 190 ----- roles/gitea/defaults/main.yml | 81 --- roles/gitea/handlers/main.yml | 17 - roles/gitea/meta/.galaxy_install_info | 2 - roles/gitea/meta/main.yml | 27 - roles/gitea/molecule/default/converge.yml | 9 - roles/gitea/molecule/default/molecule.yml | 43 -- roles/gitea/molecule/default/prepare.yml | 22 - .../molecule/default/tests/test_default.py | 25 - roles/gitea/requirements-travis.txt | 69 -- roles/gitea/tasks/check-variables.yml | 7 - roles/gitea/tasks/create_user.yml | 7 - roles/gitea/tasks/fail2ban.yml | 18 - roles/gitea/tasks/install_systemd.yml | 16 - roles/gitea/tasks/main.yml | 67 -- roles/gitea/templates/fail2ban/filter.conf.j2 | 4 - roles/gitea/templates/fail2ban/jail.conf.j2 | 9 - roles/gitea/templates/gitea.ini.j2 | 195 ----- roles/gitea/templates/gitea.service.j2 | 15 - roles/gitea/vars/main.yml | 2 - roles/k8s/.ansible-lint | 4 - roles/k8s/.github/FUNDING.yml | 4 - roles/k8s/.github/stale.yml | 56 -- roles/k8s/.github/workflows/ci.yml | 77 -- roles/k8s/.github/workflows/release.yml | 38 - roles/k8s/.gitignore | 3 - roles/k8s/.travis.yml | 36 - roles/k8s/.yamllint | 11 - roles/k8s/LICENSE | 20 - roles/k8s/README.md | 152 ---- roles/k8s/defaults/main.yml | 53 -- roles/k8s/handlers/main.yml | 3 - roles/k8s/meta/.galaxy_install_info | 2 - roles/k8s/meta/main.yml | 35 - roles/k8s/molecule/default/calico.yml | 50 -- roles/k8s/molecule/default/converge.yml | 46 -- roles/k8s/molecule/default/molecule.yml | 18 - roles/k8s/molecule/default/requirements.yml | 2 - roles/k8s/tasks/kubelet-setup.yml | 35 - roles/k8s/tasks/main.yml | 58 -- roles/k8s/tasks/master-setup.yml | 82 --- roles/k8s/tasks/node-setup.yml | 6 - roles/k8s/tasks/setup-Debian.yml | 26 - roles/k8s/tasks/setup-RedHat.yml | 23 - roles/k8s/tasks/sysctl-setup.yml | 21 - .../templates/apt-preferences-kubernetes.j2 | 11 - roles/k8s/vars/Debian.yml | 3 - roles/k8s/vars/RedHat.yml | 12 - roles/nextcloud/.gitignore | 2 - roles/nextcloud/.travis.yml | 35 - roles/nextcloud/.yamllint | 56 -- roles/nextcloud/LICENSE | 674 ------------------ roles/nextcloud/README.md | 96 --- roles/nextcloud/defaults/main.yml | 174 ----- roles/nextcloud/filter_plugins/opml.py | 46 -- roles/nextcloud/handlers/main.yml | 47 -- roles/nextcloud/meta/.galaxy_install_info | 2 - roles/nextcloud/meta/main.yml | 25 - .../nextcloud/molecule/default/Dockerfile.j2 | 14 - roles/nextcloud/molecule/default/INSTALL.rst | 16 - roles/nextcloud/molecule/default/molecule.yml | 20 - roles/nextcloud/molecule/default/playbook.yml | 73 -- roles/nextcloud/molecule/default/prepare.yml | 69 -- .../molecule/default/requirements.yml | 8 - .../molecule/default/tests/test_default.py | 14 - roles/nextcloud/tasks/apps/news.yml | 252 ------- roles/nextcloud/tasks/core/apps.yml | 149 ---- roles/nextcloud/tasks/core/config.yml | 55 -- roles/nextcloud/tasks/core/install.yml | 80 --- roles/nextcloud/tasks/core/integrity.yml | 97 --- roles/nextcloud/tasks/core/occ.yml | 43 -- roles/nextcloud/tasks/core/upgrade.yml | 54 -- roles/nextcloud/tasks/main.yml | 4 - roles/nextcloud/tasks/nextcloud.yml | 26 - roles/nextcloud/tasks/users/group.yml | 47 -- roles/nextcloud/tasks/users/user.yml | 51 -- roles/nextcloud/tasks/users/user_config.yml | 76 -- roles/nextcloud/tasks/variables.yml | 27 - roles/nextcloud/vars/main.yml | 30 - roles/nfs/.ansible-lint | 2 - roles/nfs/.github/FUNDING.yml | 4 - roles/nfs/.github/stale.yml | 56 -- roles/nfs/.github/workflows/ci.yml | 68 -- roles/nfs/.github/workflows/release.yml | 38 - roles/nfs/.gitignore | 3 - roles/nfs/.yamllint | 10 - roles/nfs/LICENSE | 20 - roles/nfs/README.md | 40 -- roles/nfs/defaults/main.yml | 5 - roles/nfs/handlers/main.yml | 3 - roles/nfs/meta/.galaxy_install_info | 2 - roles/nfs/meta/main.yml | 30 - roles/nfs/molecule/default/converge.yml | 13 - roles/nfs/molecule/default/molecule.yml | 17 - roles/nfs/tasks/main.yml | 36 - roles/nfs/tasks/setup-Debian.yml | 7 - roles/nfs/tasks/setup-RedHat.yml | 9 - roles/nfs/templates/exports.j2 | 13 - roles/nfs/vars/Debian.yml | 2 - roles/nfs/vars/Fedora.yml | 2 - roles/nfs/vars/RedHat.yml | 2 - roles/php/.ansible-lint | 5 - roles/php/.github/FUNDING.yml | 4 - roles/php/.github/stale.yml | 56 -- roles/php/.gitignore | 3 - roles/php/.travis.yml | 38 - roles/php/.yamllint | 11 - roles/php/LICENSE | 20 - roles/php/README.md | 239 ------- roles/php/defaults/main.yml | 140 ---- roles/php/handlers/main.yml | 15 - roles/php/meta/.galaxy_install_info | 2 - roles/php/meta/main.yml | 37 - roles/php/molecule/default/converge.yml | 70 -- roles/php/molecule/default/molecule.yml | 21 - .../php/molecule/default/playbook-source.yml | 32 - roles/php/molecule/default/requirements.yml | 3 - roles/php/tasks/configure-apcu.yml | 37 - roles/php/tasks/configure-fpm.yml | 78 -- roles/php/tasks/configure-opcache.yml | 37 - roles/php/tasks/configure.yml | 21 - roles/php/tasks/install-from-source.yml | 158 ---- roles/php/tasks/main.yml | 77 -- roles/php/tasks/setup-Debian.yml | 27 - roles/php/tasks/setup-RedHat.yml | 7 - roles/php/templates/apc.ini.j2 | 4 - roles/php/templates/fpm-init.j2 | 170 ----- roles/php/templates/opcache.ini.j2 | 14 - roles/php/templates/php-fpm.conf.j2 | 12 - roles/php/templates/php.ini.j2 | 221 ------ roles/php/templates/www.conf.j2 | 15 - roles/php/vars/Debian-10.yml | 2 - roles/php/vars/Debian-9.yml | 2 - roles/php/vars/Debian.yml | 39 - roles/php/vars/RedHat.yml | 32 - roles/php/vars/Ubuntu-16.yml | 2 - roles/php/vars/Ubuntu-18.yml | 2 - roles/php/vars/Ubuntu-20.yml | 2 - roles/postgresql/.ansible-lint | 3 - roles/postgresql/.github/FUNDING.yml | 4 - roles/postgresql/.github/stale.yml | 56 -- roles/postgresql/.gitignore | 3 - roles/postgresql/.travis.yml | 31 - roles/postgresql/.yamllint | 9 - roles/postgresql/LICENSE | 20 - roles/postgresql/README.md | 149 ---- roles/postgresql/defaults/main.yml | 67 -- roles/postgresql/handlers/main.yml | 6 - roles/postgresql/meta/.galaxy_install_info | 2 - roles/postgresql/meta/main.yml | 38 - .../postgresql/molecule/default/converge.yml | 47 -- .../postgresql/molecule/default/molecule.yml | 21 - roles/postgresql/tasks/configure.yml | 28 - roles/postgresql/tasks/databases.yml | 21 - roles/postgresql/tasks/initialize.yml | 29 - roles/postgresql/tasks/main.yml | 23 - roles/postgresql/tasks/setup-Debian.yml | 21 - roles/postgresql/tasks/setup-RedHat.yml | 16 - roles/postgresql/tasks/users.yml | 22 - roles/postgresql/tasks/variables.yml | 51 -- roles/postgresql/templates/pg_hba.conf.j2 | 9 - roles/postgresql/templates/postgres.sh.j2 | 2 - roles/postgresql/vars/Debian-10.yml | 12 - roles/postgresql/vars/Debian-7.yml | 10 - roles/postgresql/vars/Debian-8.yml | 10 - roles/postgresql/vars/Debian-9.yml | 10 - roles/postgresql/vars/Fedora-29.yml | 12 - roles/postgresql/vars/Fedora-30.yml | 13 - roles/postgresql/vars/Fedora-31.yml | 14 - roles/postgresql/vars/Fedora-32.yml | 14 - roles/postgresql/vars/RedHat-6.yml | 11 - roles/postgresql/vars/RedHat-7.yml | 11 - roles/postgresql/vars/RedHat-8.yml | 12 - roles/postgresql/vars/Ubuntu-16.yml | 10 - roles/postgresql/vars/Ubuntu-18.yml | 11 - roles/postgresql/vars/Ubuntu-20.yml | 11 - roles/snmpd/.ansible-lint | 3 - roles/snmpd/.github/workflows/ci.yml | 80 --- roles/snmpd/.github/workflows/release.yml | 20 - roles/snmpd/.gitignore | 30 - roles/snmpd/.yamllint | 15 - roles/snmpd/Dockerfile | 20 - roles/snmpd/LICENSE.txt | 19 - roles/snmpd/README.md | 74 -- roles/snmpd/Vagrantfile | 70 -- roles/snmpd/defaults/main.yml | 39 - roles/snmpd/files/empty | 0 roles/snmpd/handlers/main.yml | 7 - roles/snmpd/meta/.galaxy_install_info | 2 - roles/snmpd/meta/main.yml | 24 - roles/snmpd/molecule/default/converge.yml | 9 - roles/snmpd/molecule/default/molecule.yml | 19 - roles/snmpd/molecule/default/prepare.yml | 9 - roles/snmpd/molecule/default/verify.yml | 5 - roles/snmpd/tasks/main.yml | 57 -- roles/snmpd/templates/etc/default/snmpd.j2 | 24 - roles/snmpd/templates/etc/snmp/snmpd.conf.j2 | 42 -- roles/snmpd/tests/inventory | 1 - roles/snmpd/tests/tasks/pre.yml | 14 - roles/snmpd/tests/test.yml | 12 - roles/snmpd/tests/vagrant.yml | 10 - roles/snmpd/tests/vars/main.yml | 4 - roles/snmpd/vars/main.yml | 6 - roles/sshd/.ansible-lint | 2 - .../.github/workflows/ansible-centos7.yml | 16 - .../.github/workflows/ansible-centos8.yml | 16 - .../sshd/.github/workflows/ansible-fedora.yml | 17 - roles/sshd/.github/workflows/ansible-lint.yml | 38 - roles/sshd/.gitignore | 2 - roles/sshd/.pre-commit-config.yaml | 14 - roles/sshd/.travis.yml | 80 --- roles/sshd/.yamllint.yaml | 21 - roles/sshd/CHANGELOG | 27 - roles/sshd/CODE_OF_CONDUCT.md | 76 -- roles/sshd/LICENSE | 165 ----- roles/sshd/README.md | 299 -------- roles/sshd/Vagrantfile | 37 - roles/sshd/defaults/main.yml | 72 -- roles/sshd/handlers/main.yml | 27 - roles/sshd/meta/.galaxy_install_info | 2 - roles/sshd/meta/10_top.j2 | 35 - roles/sshd/meta/20_middle.j2 | 3 - roles/sshd/meta/30_bottom.j2 | 33 - roles/sshd/meta/main.yml | 56 -- roles/sshd/meta/make_option_list | 16 - roles/sshd/meta/options_body | 107 --- roles/sshd/meta/options_match | 55 -- roles/sshd/tasks/install.yml | 160 ----- roles/sshd/tasks/main.yml | 4 - roles/sshd/tasks/sshd.yml | 5 - roles/sshd/tasks/variables.yml | 27 - roles/sshd/templates/sshd.service.j2 | 17 - roles/sshd/templates/sshd.socket.j2 | 11 - roles/sshd/templates/sshd@.service.j2 | 9 - roles/sshd/templates/sshd_config.j2 | 242 ------- roles/sshd/templates/sysconfig.j2 | 10 - roles/sshd/tests/inventory | 1 - roles/sshd/tests/roles/.gitkeep | 0 roles/sshd/tests/roles/ansible-sshd | 1 - roles/sshd/tests/tests_alternative_file.yml | 92 --- roles/sshd/tests/tests_default.yml | 4 - roles/sshd/tests/tests_default_include.yml | 6 - roles/sshd/tests/tests_hostkeys.yml | 70 -- roles/sshd/tests/tests_hostkeys_missing.yml | 33 - roles/sshd/tests/tests_match.yml | 81 --- roles/sshd/tests/tests_match_iterate.yml | 79 -- roles/sshd/tests/tests_set_common.yml | 44 -- roles/sshd/tests/tests_set_uncommon.yml | 50 -- roles/sshd/tests/tests_sysconfig.yml | 41 -- roles/sshd/vars/AIX.yml | 14 - roles/sshd/vars/Amazon.yml | 23 - roles/sshd/vars/Arch Linux.yml | 1 - roles/sshd/vars/Archlinux.yml | 11 - roles/sshd/vars/Container Linux by CoreOS.yml | 13 - roles/sshd/vars/Debian.yml | 36 - roles/sshd/vars/Debian_10.yml | 34 - roles/sshd/vars/Debian_8.yml | 38 - roles/sshd/vars/Debian_9.yml | 34 - roles/sshd/vars/Fedora.yml | 13 - roles/sshd/vars/Fedora_31.yml | 28 - roles/sshd/vars/FreeBSD.yml | 5 - roles/sshd/vars/Gentoo.yml | 32 - roles/sshd/vars/OpenBSD.yml | 9 - roles/sshd/vars/RedHat_6.yml | 24 - roles/sshd/vars/RedHat_7.yml | 31 - roles/sshd/vars/RedHat_8.yml | 32 - roles/sshd/vars/Suse.yml | 25 - roles/sshd/vars/Ubuntu_12.yml | 36 - roles/sshd/vars/Ubuntu_14.yml | 38 - roles/sshd/vars/Ubuntu_16.yml | 40 -- roles/sshd/vars/Ubuntu_18.yml | 15 - roles/sshd/vars/Ubuntu_20.yml | 14 - roles/sshd/vars/default.yml | 1 - roles/sshd/vars/openSUSE Leap_15.yml | 14 - 401 files changed, 13 insertions(+), 14444 deletions(-) delete mode 100644 roles/apache/.gitignore delete mode 100644 roles/apache/.travis.yml delete mode 100644 roles/apache/LICENSE delete mode 100644 roles/apache/README.md delete mode 100644 roles/apache/defaults/main.yml delete mode 100644 roles/apache/handlers/main.yml delete mode 100644 roles/apache/meta/.galaxy_install_info delete mode 100644 roles/apache/meta/main.yml delete mode 100644 roles/apache/molecule/default/molecule.yml delete mode 100644 roles/apache/molecule/default/playbook.yml delete mode 100644 roles/apache/molecule/default/yaml-lint.yml delete mode 100644 roles/apache/tasks/configure-Debian.yml delete mode 100644 roles/apache/tasks/configure-RedHat.yml delete mode 100644 roles/apache/tasks/configure-Solaris.yml delete mode 100644 roles/apache/tasks/configure-Suse.yml delete mode 100644 roles/apache/tasks/main.yml delete mode 100644 roles/apache/tasks/setup-Debian.yml delete mode 100644 roles/apache/tasks/setup-RedHat.yml delete mode 100644 roles/apache/tasks/setup-Solaris.yml delete mode 100644 roles/apache/tasks/setup-Suse.yml delete mode 100644 roles/apache/templates/vhosts.conf.j2 delete mode 100644 roles/apache/vars/AmazonLinux.yml delete mode 100644 roles/apache/vars/Debian.yml delete mode 100644 roles/apache/vars/RedHat.yml delete mode 100644 roles/apache/vars/Solaris.yml delete mode 100644 roles/apache/vars/Suse.yml delete mode 100644 roles/apache/vars/apache-22.yml delete mode 100644 roles/apache/vars/apache-24.yml delete mode 100644 roles/certbot/.github/FUNDING.yml delete mode 100644 roles/certbot/.github/stale.yml delete mode 100644 roles/certbot/.gitignore delete mode 100644 roles/certbot/.travis.yml delete mode 100644 roles/certbot/.yamllint delete mode 100644 roles/certbot/LICENSE delete mode 100644 roles/certbot/README.md delete mode 100644 roles/certbot/defaults/main.yml delete mode 100644 roles/certbot/meta/.galaxy_install_info delete mode 100644 roles/certbot/meta/main.yml delete mode 100644 roles/certbot/molecule/default/converge.yml delete mode 100644 roles/certbot/molecule/default/molecule.yml delete mode 100644 roles/certbot/molecule/default/playbook-source-install.yml delete mode 100644 roles/certbot/molecule/default/playbook-standalone-nginx-aws.yml delete mode 100644 roles/certbot/molecule/default/requirements.yml delete mode 100644 roles/certbot/tasks/create-cert-standalone.yml delete mode 100644 roles/certbot/tasks/include-vars.yml delete mode 100644 roles/certbot/tasks/install-from-source.yml delete mode 100644 roles/certbot/tasks/install-with-package.yml delete mode 100644 roles/certbot/tasks/main.yml delete mode 100644 roles/certbot/tasks/renew-cron.yml delete mode 100644 roles/certbot/tasks/setup-RedHat.yml delete mode 100644 roles/certbot/vars/Ubuntu-16.04.yml delete mode 100644 roles/certbot/vars/default.yml delete mode 100644 roles/dhcp/.gitignore delete mode 100644 roles/dhcp/.yamllint delete mode 100644 roles/dhcp/CHANGELOG.md delete mode 100644 roles/dhcp/LICENSE.md delete mode 100644 roles/dhcp/README.md delete mode 100644 roles/dhcp/defaults/main.yml delete mode 100644 roles/dhcp/handlers/main.yml delete mode 100644 roles/dhcp/meta/.galaxy_install_info delete mode 100644 roles/dhcp/meta/main.yml delete mode 100644 roles/dhcp/tasks/apparmor-fix.yml delete mode 100644 roles/dhcp/tasks/default-fix.yml delete mode 100644 roles/dhcp/tasks/main.yml delete mode 100644 roles/dhcp/templates/etc_dhcp_dhcpd.conf.j2 delete mode 100644 roles/dhcp/vars/Alpine.yml delete mode 100644 roles/dhcp/vars/Debian.yml delete mode 100644 roles/dhcp/vars/RedHat.yml delete mode 100644 roles/docker/.ansible-lint delete mode 100644 roles/docker/.github/FUNDING.yml delete mode 100644 roles/docker/.github/stale.yml delete mode 100644 roles/docker/.github/workflows/ci.yml delete mode 100644 roles/docker/.github/workflows/release.yml delete mode 100644 roles/docker/.gitignore delete mode 100644 roles/docker/.yamllint delete mode 100644 roles/docker/LICENSE delete mode 100644 roles/docker/README.md delete mode 100644 roles/docker/defaults/main.yml delete mode 100644 roles/docker/handlers/main.yml delete mode 100644 roles/docker/meta/.galaxy_install_info delete mode 100644 roles/docker/meta/main.yml delete mode 100644 roles/docker/molecule/default/converge.yml delete mode 100644 roles/docker/molecule/default/molecule.yml delete mode 100644 roles/docker/tasks/docker-compose.yml delete mode 100644 roles/docker/tasks/docker-users.yml delete mode 100644 roles/docker/tasks/main.yml delete mode 100644 roles/docker/tasks/setup-Debian.yml delete mode 100644 roles/docker/tasks/setup-RedHat.yml delete mode 100644 roles/factorio/.github/workflows/ansible-tests.yml delete mode 100644 roles/factorio/.gitignore delete mode 100644 roles/factorio/.yamllint delete mode 100644 roles/factorio/README.md delete mode 100644 roles/factorio/defaults/main.yml delete mode 100644 roles/factorio/defaults/map-gen-settings.yml delete mode 100644 roles/factorio/defaults/map-settings.yml delete mode 100644 roles/factorio/defaults/server-settings.yml delete mode 100644 roles/factorio/defaults/server-whitelist.yml delete mode 100644 roles/factorio/dev-requirements.txt delete mode 100644 roles/factorio/handlers/main.yml delete mode 100644 roles/factorio/makefile delete mode 100644 roles/factorio/meta/.galaxy_install_info delete mode 100644 roles/factorio/meta/main.yml delete mode 100644 roles/factorio/molecule/centos/INSTALL.rst delete mode 100644 roles/factorio/molecule/centos/converge.yml delete mode 100644 roles/factorio/molecule/centos/molecule.yml delete mode 100644 roles/factorio/molecule/centos/verify.yml delete mode 100644 roles/factorio/molecule/debian/INSTALL.rst delete mode 100644 roles/factorio/molecule/debian/converge.yml delete mode 100644 roles/factorio/molecule/debian/molecule.yml delete mode 100644 roles/factorio/molecule/debian/verify.yml delete mode 100644 roles/factorio/molecule/ubuntu/INSTALL.rst delete mode 100644 roles/factorio/molecule/ubuntu/converge.yml delete mode 100644 roles/factorio/molecule/ubuntu/molecule.yml delete mode 100644 roles/factorio/molecule/ubuntu/verify.yml delete mode 100644 roles/factorio/tasks/main.yml delete mode 100644 roles/factorio/tasks/set-map-gen-settings.yml delete mode 100644 roles/factorio/tasks/set-map-settings.yml delete mode 100644 roles/factorio/tasks/set-server-settings.yml delete mode 100644 roles/factorio/tasks/set-server-whitelist.yml delete mode 100644 roles/factorio/templates/service-template.service.j2 delete mode 100644 roles/factorio/vars/main.yml delete mode 100644 roles/gitea/.ansible-lint delete mode 100644 roles/gitea/.gitignore delete mode 100644 roles/gitea/.travis.yml delete mode 100644 roles/gitea/.yamllint delete mode 100644 roles/gitea/LICENSE delete mode 100644 roles/gitea/README.md delete mode 100644 roles/gitea/defaults/main.yml delete mode 100644 roles/gitea/handlers/main.yml delete mode 100644 roles/gitea/meta/.galaxy_install_info delete mode 100644 roles/gitea/meta/main.yml delete mode 100644 roles/gitea/molecule/default/converge.yml delete mode 100644 roles/gitea/molecule/default/molecule.yml delete mode 100644 roles/gitea/molecule/default/prepare.yml delete mode 100644 roles/gitea/molecule/default/tests/test_default.py delete mode 100644 roles/gitea/requirements-travis.txt delete mode 100644 roles/gitea/tasks/check-variables.yml delete mode 100644 roles/gitea/tasks/create_user.yml delete mode 100644 roles/gitea/tasks/fail2ban.yml delete mode 100644 roles/gitea/tasks/install_systemd.yml delete mode 100644 roles/gitea/tasks/main.yml delete mode 100644 roles/gitea/templates/fail2ban/filter.conf.j2 delete mode 100644 roles/gitea/templates/fail2ban/jail.conf.j2 delete mode 100644 roles/gitea/templates/gitea.ini.j2 delete mode 100644 roles/gitea/templates/gitea.service.j2 delete mode 100644 roles/gitea/vars/main.yml delete mode 100644 roles/k8s/.ansible-lint delete mode 100644 roles/k8s/.github/FUNDING.yml delete mode 100644 roles/k8s/.github/stale.yml delete mode 100644 roles/k8s/.github/workflows/ci.yml delete mode 100644 roles/k8s/.github/workflows/release.yml delete mode 100644 roles/k8s/.gitignore delete mode 100644 roles/k8s/.travis.yml delete mode 100644 roles/k8s/.yamllint delete mode 100644 roles/k8s/LICENSE delete mode 100644 roles/k8s/README.md delete mode 100644 roles/k8s/defaults/main.yml delete mode 100644 roles/k8s/handlers/main.yml delete mode 100644 roles/k8s/meta/.galaxy_install_info delete mode 100644 roles/k8s/meta/main.yml delete mode 100644 roles/k8s/molecule/default/calico.yml delete mode 100644 roles/k8s/molecule/default/converge.yml delete mode 100644 roles/k8s/molecule/default/molecule.yml delete mode 100644 roles/k8s/molecule/default/requirements.yml delete mode 100644 roles/k8s/tasks/kubelet-setup.yml delete mode 100644 roles/k8s/tasks/main.yml delete mode 100644 roles/k8s/tasks/master-setup.yml delete mode 100644 roles/k8s/tasks/node-setup.yml delete mode 100644 roles/k8s/tasks/setup-Debian.yml delete mode 100644 roles/k8s/tasks/setup-RedHat.yml delete mode 100644 roles/k8s/tasks/sysctl-setup.yml delete mode 100644 roles/k8s/templates/apt-preferences-kubernetes.j2 delete mode 100644 roles/k8s/vars/Debian.yml delete mode 100644 roles/k8s/vars/RedHat.yml delete mode 100644 roles/nextcloud/.gitignore delete mode 100644 roles/nextcloud/.travis.yml delete mode 100644 roles/nextcloud/.yamllint delete mode 100644 roles/nextcloud/LICENSE delete mode 100644 roles/nextcloud/README.md delete mode 100644 roles/nextcloud/defaults/main.yml delete mode 100644 roles/nextcloud/filter_plugins/opml.py delete mode 100644 roles/nextcloud/handlers/main.yml delete mode 100644 roles/nextcloud/meta/.galaxy_install_info delete mode 100644 roles/nextcloud/meta/main.yml delete mode 100644 roles/nextcloud/molecule/default/Dockerfile.j2 delete mode 100644 roles/nextcloud/molecule/default/INSTALL.rst delete mode 100644 roles/nextcloud/molecule/default/molecule.yml delete mode 100644 roles/nextcloud/molecule/default/playbook.yml delete mode 100644 roles/nextcloud/molecule/default/prepare.yml delete mode 100644 roles/nextcloud/molecule/default/requirements.yml delete mode 100644 roles/nextcloud/molecule/default/tests/test_default.py delete mode 100644 roles/nextcloud/tasks/apps/news.yml delete mode 100644 roles/nextcloud/tasks/core/apps.yml delete mode 100644 roles/nextcloud/tasks/core/config.yml delete mode 100644 roles/nextcloud/tasks/core/install.yml delete mode 100644 roles/nextcloud/tasks/core/integrity.yml delete mode 100644 roles/nextcloud/tasks/core/occ.yml delete mode 100644 roles/nextcloud/tasks/core/upgrade.yml delete mode 100644 roles/nextcloud/tasks/main.yml delete mode 100644 roles/nextcloud/tasks/nextcloud.yml delete mode 100644 roles/nextcloud/tasks/users/group.yml delete mode 100644 roles/nextcloud/tasks/users/user.yml delete mode 100644 roles/nextcloud/tasks/users/user_config.yml delete mode 100644 roles/nextcloud/tasks/variables.yml delete mode 100644 roles/nextcloud/vars/main.yml delete mode 100644 roles/nfs/.ansible-lint delete mode 100644 roles/nfs/.github/FUNDING.yml delete mode 100644 roles/nfs/.github/stale.yml delete mode 100644 roles/nfs/.github/workflows/ci.yml delete mode 100644 roles/nfs/.github/workflows/release.yml delete mode 100644 roles/nfs/.gitignore delete mode 100644 roles/nfs/.yamllint delete mode 100644 roles/nfs/LICENSE delete mode 100644 roles/nfs/README.md delete mode 100644 roles/nfs/defaults/main.yml delete mode 100644 roles/nfs/handlers/main.yml delete mode 100644 roles/nfs/meta/.galaxy_install_info delete mode 100644 roles/nfs/meta/main.yml delete mode 100644 roles/nfs/molecule/default/converge.yml delete mode 100644 roles/nfs/molecule/default/molecule.yml delete mode 100644 roles/nfs/tasks/main.yml delete mode 100644 roles/nfs/tasks/setup-Debian.yml delete mode 100644 roles/nfs/tasks/setup-RedHat.yml delete mode 100644 roles/nfs/templates/exports.j2 delete mode 100644 roles/nfs/vars/Debian.yml delete mode 100644 roles/nfs/vars/Fedora.yml delete mode 100644 roles/nfs/vars/RedHat.yml delete mode 100644 roles/php/.ansible-lint delete mode 100644 roles/php/.github/FUNDING.yml delete mode 100644 roles/php/.github/stale.yml delete mode 100644 roles/php/.gitignore delete mode 100644 roles/php/.travis.yml delete mode 100644 roles/php/.yamllint delete mode 100644 roles/php/LICENSE delete mode 100644 roles/php/README.md delete mode 100644 roles/php/defaults/main.yml delete mode 100644 roles/php/handlers/main.yml delete mode 100644 roles/php/meta/.galaxy_install_info delete mode 100644 roles/php/meta/main.yml delete mode 100644 roles/php/molecule/default/converge.yml delete mode 100644 roles/php/molecule/default/molecule.yml delete mode 100644 roles/php/molecule/default/playbook-source.yml delete mode 100644 roles/php/molecule/default/requirements.yml delete mode 100644 roles/php/tasks/configure-apcu.yml delete mode 100644 roles/php/tasks/configure-fpm.yml delete mode 100644 roles/php/tasks/configure-opcache.yml delete mode 100644 roles/php/tasks/configure.yml delete mode 100644 roles/php/tasks/install-from-source.yml delete mode 100644 roles/php/tasks/main.yml delete mode 100644 roles/php/tasks/setup-Debian.yml delete mode 100644 roles/php/tasks/setup-RedHat.yml delete mode 100644 roles/php/templates/apc.ini.j2 delete mode 100644 roles/php/templates/fpm-init.j2 delete mode 100644 roles/php/templates/opcache.ini.j2 delete mode 100644 roles/php/templates/php-fpm.conf.j2 delete mode 100644 roles/php/templates/php.ini.j2 delete mode 100644 roles/php/templates/www.conf.j2 delete mode 100644 roles/php/vars/Debian-10.yml delete mode 100644 roles/php/vars/Debian-9.yml delete mode 100644 roles/php/vars/Debian.yml delete mode 100644 roles/php/vars/RedHat.yml delete mode 100644 roles/php/vars/Ubuntu-16.yml delete mode 100644 roles/php/vars/Ubuntu-18.yml delete mode 100644 roles/php/vars/Ubuntu-20.yml delete mode 100644 roles/postgresql/.ansible-lint delete mode 100644 roles/postgresql/.github/FUNDING.yml delete mode 100644 roles/postgresql/.github/stale.yml delete mode 100644 roles/postgresql/.gitignore delete mode 100644 roles/postgresql/.travis.yml delete mode 100644 roles/postgresql/.yamllint delete mode 100644 roles/postgresql/LICENSE delete mode 100644 roles/postgresql/README.md delete mode 100644 roles/postgresql/defaults/main.yml delete mode 100644 roles/postgresql/handlers/main.yml delete mode 100644 roles/postgresql/meta/.galaxy_install_info delete mode 100644 roles/postgresql/meta/main.yml delete mode 100644 roles/postgresql/molecule/default/converge.yml delete mode 100644 roles/postgresql/molecule/default/molecule.yml delete mode 100644 roles/postgresql/tasks/configure.yml delete mode 100644 roles/postgresql/tasks/databases.yml delete mode 100644 roles/postgresql/tasks/initialize.yml delete mode 100644 roles/postgresql/tasks/main.yml delete mode 100644 roles/postgresql/tasks/setup-Debian.yml delete mode 100644 roles/postgresql/tasks/setup-RedHat.yml delete mode 100644 roles/postgresql/tasks/users.yml delete mode 100644 roles/postgresql/tasks/variables.yml delete mode 100644 roles/postgresql/templates/pg_hba.conf.j2 delete mode 100644 roles/postgresql/templates/postgres.sh.j2 delete mode 100644 roles/postgresql/vars/Debian-10.yml delete mode 100644 roles/postgresql/vars/Debian-7.yml delete mode 100644 roles/postgresql/vars/Debian-8.yml delete mode 100644 roles/postgresql/vars/Debian-9.yml delete mode 100644 roles/postgresql/vars/Fedora-29.yml delete mode 100644 roles/postgresql/vars/Fedora-30.yml delete mode 100644 roles/postgresql/vars/Fedora-31.yml delete mode 100644 roles/postgresql/vars/Fedora-32.yml delete mode 100644 roles/postgresql/vars/RedHat-6.yml delete mode 100644 roles/postgresql/vars/RedHat-7.yml delete mode 100644 roles/postgresql/vars/RedHat-8.yml delete mode 100644 roles/postgresql/vars/Ubuntu-16.yml delete mode 100644 roles/postgresql/vars/Ubuntu-18.yml delete mode 100644 roles/postgresql/vars/Ubuntu-20.yml delete mode 100644 roles/snmpd/.ansible-lint delete mode 100644 roles/snmpd/.github/workflows/ci.yml delete mode 100644 roles/snmpd/.github/workflows/release.yml delete mode 100644 roles/snmpd/.gitignore delete mode 100644 roles/snmpd/.yamllint delete mode 100644 roles/snmpd/Dockerfile delete mode 100644 roles/snmpd/LICENSE.txt delete mode 100644 roles/snmpd/README.md delete mode 100644 roles/snmpd/Vagrantfile delete mode 100644 roles/snmpd/defaults/main.yml delete mode 100644 roles/snmpd/files/empty delete mode 100644 roles/snmpd/handlers/main.yml delete mode 100644 roles/snmpd/meta/.galaxy_install_info delete mode 100644 roles/snmpd/meta/main.yml delete mode 100644 roles/snmpd/molecule/default/converge.yml delete mode 100644 roles/snmpd/molecule/default/molecule.yml delete mode 100644 roles/snmpd/molecule/default/prepare.yml delete mode 100644 roles/snmpd/molecule/default/verify.yml delete mode 100644 roles/snmpd/tasks/main.yml delete mode 100644 roles/snmpd/templates/etc/default/snmpd.j2 delete mode 100644 roles/snmpd/templates/etc/snmp/snmpd.conf.j2 delete mode 100644 roles/snmpd/tests/inventory delete mode 100644 roles/snmpd/tests/tasks/pre.yml delete mode 100644 roles/snmpd/tests/test.yml delete mode 100644 roles/snmpd/tests/vagrant.yml delete mode 100644 roles/snmpd/tests/vars/main.yml delete mode 100644 roles/snmpd/vars/main.yml delete mode 100644 roles/sshd/.ansible-lint delete mode 100644 roles/sshd/.github/workflows/ansible-centos7.yml delete mode 100644 roles/sshd/.github/workflows/ansible-centos8.yml delete mode 100644 roles/sshd/.github/workflows/ansible-fedora.yml delete mode 100644 roles/sshd/.github/workflows/ansible-lint.yml delete mode 100644 roles/sshd/.gitignore delete mode 100644 roles/sshd/.pre-commit-config.yaml delete mode 100644 roles/sshd/.travis.yml delete mode 100644 roles/sshd/.yamllint.yaml delete mode 100644 roles/sshd/CHANGELOG delete mode 100644 roles/sshd/CODE_OF_CONDUCT.md delete mode 100644 roles/sshd/LICENSE delete mode 100644 roles/sshd/README.md delete mode 100644 roles/sshd/Vagrantfile delete mode 100644 roles/sshd/defaults/main.yml delete mode 100644 roles/sshd/handlers/main.yml delete mode 100644 roles/sshd/meta/.galaxy_install_info delete mode 100644 roles/sshd/meta/10_top.j2 delete mode 100644 roles/sshd/meta/20_middle.j2 delete mode 100644 roles/sshd/meta/30_bottom.j2 delete mode 100644 roles/sshd/meta/main.yml delete mode 100755 roles/sshd/meta/make_option_list delete mode 100644 roles/sshd/meta/options_body delete mode 100644 roles/sshd/meta/options_match delete mode 100644 roles/sshd/tasks/install.yml delete mode 100644 roles/sshd/tasks/main.yml delete mode 100644 roles/sshd/tasks/sshd.yml delete mode 100644 roles/sshd/tasks/variables.yml delete mode 100644 roles/sshd/templates/sshd.service.j2 delete mode 100644 roles/sshd/templates/sshd.socket.j2 delete mode 100644 roles/sshd/templates/sshd@.service.j2 delete mode 100644 roles/sshd/templates/sshd_config.j2 delete mode 100644 roles/sshd/templates/sysconfig.j2 delete mode 100644 roles/sshd/tests/inventory delete mode 100644 roles/sshd/tests/roles/.gitkeep delete mode 120000 roles/sshd/tests/roles/ansible-sshd delete mode 100644 roles/sshd/tests/tests_alternative_file.yml delete mode 100644 roles/sshd/tests/tests_default.yml delete mode 100644 roles/sshd/tests/tests_default_include.yml delete mode 100644 roles/sshd/tests/tests_hostkeys.yml delete mode 100644 roles/sshd/tests/tests_hostkeys_missing.yml delete mode 100644 roles/sshd/tests/tests_match.yml delete mode 100644 roles/sshd/tests/tests_match_iterate.yml delete mode 100644 roles/sshd/tests/tests_set_common.yml delete mode 100644 roles/sshd/tests/tests_set_uncommon.yml delete mode 100644 roles/sshd/tests/tests_sysconfig.yml delete mode 100644 roles/sshd/vars/AIX.yml delete mode 100644 roles/sshd/vars/Amazon.yml delete mode 120000 roles/sshd/vars/Arch Linux.yml delete mode 100644 roles/sshd/vars/Archlinux.yml delete mode 100644 roles/sshd/vars/Container Linux by CoreOS.yml delete mode 100644 roles/sshd/vars/Debian.yml delete mode 100644 roles/sshd/vars/Debian_10.yml delete mode 100644 roles/sshd/vars/Debian_8.yml delete mode 100644 roles/sshd/vars/Debian_9.yml delete mode 100644 roles/sshd/vars/Fedora.yml delete mode 100644 roles/sshd/vars/Fedora_31.yml delete mode 100644 roles/sshd/vars/FreeBSD.yml delete mode 100644 roles/sshd/vars/Gentoo.yml delete mode 100644 roles/sshd/vars/OpenBSD.yml delete mode 100644 roles/sshd/vars/RedHat_6.yml delete mode 100644 roles/sshd/vars/RedHat_7.yml delete mode 100644 roles/sshd/vars/RedHat_8.yml delete mode 100644 roles/sshd/vars/Suse.yml delete mode 100644 roles/sshd/vars/Ubuntu_12.yml delete mode 100644 roles/sshd/vars/Ubuntu_14.yml delete mode 100644 roles/sshd/vars/Ubuntu_16.yml delete mode 100644 roles/sshd/vars/Ubuntu_18.yml delete mode 100644 roles/sshd/vars/Ubuntu_20.yml delete mode 100644 roles/sshd/vars/default.yml delete mode 100644 roles/sshd/vars/openSUSE Leap_15.yml diff --git a/.gitignore b/.gitignore index 759895c..d5065a8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,15 @@ +roles/apache/ +roles/certbot/ +roles/dhcp/ +roles/docker/ +roles/factorio/ +roles/gitea/ +roles/k8s/ +roles/nextcloud/ +roles/nfs/ +roles/php/ +roles/postgresql/ +roles/snmpd/ +roles/sshd/ *.swp .cache diff --git a/roles/apache/.gitignore b/roles/apache/.gitignore deleted file mode 100644 index f56f5b5..0000000 --- a/roles/apache/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/apache/.travis.yml b/roles/apache/.travis.yml deleted file mode 100644 index 57deda1..0000000 --- a/roles/apache/.travis.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: apache - matrix: - - MOLECULE_DISTRO: ubi8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: centos6 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: ubuntu1604 - - MOLECULE_DISTRO: ubuntu1404 - - MOLECULE_DISTRO: debian10 - - MOLECULE_DISTRO: debian9 - -install: - # Install test dependencies. - - pip install molecule docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/apache/LICENSE b/roles/apache/LICENSE deleted file mode 100644 index 4275cf3..0000000 --- a/roles/apache/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/apache/README.md b/roles/apache/README.md deleted file mode 100644 index b4f52ec..0000000 --- a/roles/apache/README.md +++ /dev/null @@ -1,156 +0,0 @@ -# Ansible Role: Apache 2.x - -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache) - -An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris. - -## Requirements - -If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`. - -If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info. - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - apache_enablerepo: "" - -The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). - - apache_listen_ip: "*" - apache_listen_port: 80 - apache_listen_port_ssl: 443 - -The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. - - apache_create_vhosts: true - apache_vhosts_filename: "vhosts.conf" - apache_vhosts_template: "vhosts.conf.j2" - -If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. You can also override the template used and set a path to your own template, if you need to further customize the layout of your VirtualHosts. - - apache_remove_default_vhost: false - -On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file. - - apache_global_vhost_settings: | - DirectoryIndex index.php index.html - # Add other global settings on subsequent lines. - -You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration. - - apache_vhosts: - # Additional optional properties: 'serveradmin, serveralias, extra_parameters'. - - servername: "local.dev" - documentroot: "/var/www/html" - -Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `allow_override` (optional: defaults to the value of `apache_allow_override`), `options` (optional: defaults to the value of `apache_options`), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here). - -Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site: - - - servername: "www.local.dev" - serveralias: "local.dev" - documentroot: "/var/www/html" - extra_parameters: | - RewriteCond %{HTTP_HOST} !^www\. [NC] - RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] - -The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output. - - apache_vhosts_ssl: [] - -No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example: - - apache_vhosts_ssl: - - servername: "local.dev" - documentroot: "/var/www/html" - certificate_file: "/home/vagrant/example.crt" - certificate_key_file: "/home/vagrant/example.key" - certificate_chain_file: "/path/to/certificate_chain.crt" - extra_parameters: | - RewriteCond %{HTTP_HOST} !^www\. [NC] - RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] - -Other SSL directives can be managed with other SSL-related role variables. - - apache_ssl_protocol: "All -SSLv2 -SSLv3" - apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" - -The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings. - - apache_allow_override: "All" - apache_options: "-Indexes +FollowSymLinks" - -The default values for the `AllowOverride` and `Options` directives for the `documentroot` directory of each vhost. A vhost can overwrite these values by specifying `allow_override` or `options`. - - apache_mods_enabled: - - rewrite.load - - ssl.load - apache_mods_disabled: [] - -(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. - - apache_packages: - - [platform-specific] - -The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values). - - apache_state: started - -Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. - - apache_packages_state: present - -If you have enabled any additional repositories such as _ondrej/apache2_, [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel), or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to upgrade versions. You can set this to `latest` (combined with `apache_enablerepo` on RHEL) and can directly upgrade to a different Apache version from a different repo (instead of uninstalling and reinstalling Apache). - - apache_ignore_missing_ssl_certificate: true - -If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates). - -## .htaccess-based Basic Authorization - -If you require Basic Auth support, you can add it either through a custom template, or by adding `extra_parameters` to a VirtualHost configuration, like so: - - extra_parameters: | - - Require valid-user - AuthType Basic - AuthName "Please authenticate" - AuthUserFile /var/www/password-protected-directory/.htpasswd - - -To password protect everything within a VirtualHost directive, use the `Location` block instead of `Directory`: - - - Require valid-user - .... - - -You would need to generate/upload your own `.htpasswd` file in your own playbook. There may be other roles that support this functionality in a more integrated way. - -## Dependencies - -None. - -## Example Playbook - - - hosts: webservers - vars_files: - - vars/main.yml - roles: - - { role: geerlingguy.apache } - -*Inside `vars/main.yml`*: - - apache_listen_port: 8080 - apache_vhosts: - - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} - -## License - -MIT / BSD - -## Author Information - -This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/apache/defaults/main.yml b/roles/apache/defaults/main.yml deleted file mode 100644 index 941a57c..0000000 --- a/roles/apache/defaults/main.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -apache_enablerepo: "" - -apache_listen_ip: "*" -apache_listen_port: 80 -apache_listen_port_ssl: 443 - -apache_create_vhosts: true -apache_vhosts_filename: "vhosts.conf" -apache_vhosts_template: "vhosts.conf.j2" - -# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. -# Set this to `true` to remove that default. -apache_remove_default_vhost: false - -apache_global_vhost_settings: | - DirectoryIndex index.php index.html - -apache_vhosts: - # Additional properties: - # 'serveradmin, serveralias, allow_override, options, extra_parameters'. - - servername: "local.dev" - documentroot: "/var/www/html" - -apache_allow_override: "All" -apache_options: "-Indexes +FollowSymLinks" - -apache_vhosts_ssl: [] -# Additional properties: -# 'serveradmin, serveralias, allow_override, options, extra_parameters'. -# - servername: "local.dev", -# documentroot: "/var/www/html", -# certificate_file: "/path/to/certificate.crt", -# certificate_key_file: "/path/to/certificate.key", -# # Optional. -# certificate_chain_file: "/path/to/certificate_chain.crt" - -apache_ignore_missing_ssl_certificate: true - -apache_ssl_protocol: "All -SSLv2 -SSLv3" -apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" - -# Only used on Debian/Ubuntu. -apache_mods_enabled: - - rewrite.load - - ssl.load -apache_mods_disabled: [] - -# Set initial apache state. Recommended values: `started` or `stopped` -apache_state: started - -# Set apache state when configuration changes are made. Recommended values: -# `restarted` or `reloaded` -apache_restart_state: restarted - -# Apache package state; use `present` to make sure it's installed, or `latest` -# if you want to upgrade or switch versions using a new repo. -apache_packages_state: present diff --git a/roles/apache/handlers/main.yml b/roles/apache/handlers/main.yml deleted file mode 100644 index 53abffb..0000000 --- a/roles/apache/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart apache - service: - name: "{{ apache_service }}" - state: "{{ apache_restart_state }}" diff --git a/roles/apache/meta/.galaxy_install_info b/roles/apache/meta/.galaxy_install_info deleted file mode 100644 index 9b6a6d7..0000000 --- a/roles/apache/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Thu Oct 29 02:41:52 2020 -version: 3.1.0 diff --git a/roles/apache/meta/main.yml b/roles/apache/meta/main.yml deleted file mode 100644 index 16cc210..0000000 --- a/roles/apache/meta/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - author: geerlingguy - description: Apache 2.x for Linux. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - all - - name: Fedora - versions: - - all - - name: Amazon - versions: - - all - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - trusty - - xenial - - bionic - - name: Solaris - versions: - - 11.3 - galaxy_tags: - - web - - apache - - webserver - - html - - httpd - -allow_duplicates: true diff --git a/roles/apache/molecule/default/molecule.yml b/roles/apache/molecule/default/molecule.yml deleted file mode 100644 index 2ca6fea..0000000 --- a/roles/apache/molecule/default/molecule.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint - options: - config-file: molecule/default/yaml-lint.yml -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - lint: - name: ansible-lint - playbooks: - converge: ${MOLECULE_PLAYBOOK:-playbook.yml} -scenario: - name: default -verifier: - name: testinfra - lint: - name: flake8 diff --git a/roles/apache/molecule/default/playbook.yml b/roles/apache/molecule/default/playbook.yml deleted file mode 100644 index 416a2b9..0000000 --- a/roles/apache/molecule/default/playbook.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - apache_listen_port_ssl: 443 - apache_create_vhosts: true - apache_vhosts_filename: "vhosts.conf" - apache_vhosts: - - servername: "example.com" - documentroot: "/var/www/vhosts/example_com" - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' - changed_when: false - - roles: - - role: geerlingguy.apache diff --git a/roles/apache/molecule/default/yaml-lint.yml b/roles/apache/molecule/default/yaml-lint.yml deleted file mode 100644 index a3dbc38..0000000 --- a/roles/apache/molecule/default/yaml-lint.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -extends: default -rules: - line-length: - max: 120 - level: warning diff --git a/roles/apache/tasks/configure-Debian.yml b/roles/apache/tasks/configure-Debian.yml deleted file mode 100644 index e115e61..0000000 --- a/roles/apache/tasks/configure-Debian.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Configure Apache. - lineinfile: - dest: "{{ apache_server_root }}/ports.conf" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: present - with_items: "{{ apache_ports_configuration_items }}" - notify: restart apache - -- name: Enable Apache mods. - file: - src: "{{ apache_server_root }}/mods-available/{{ item }}" - dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" - state: link - with_items: "{{ apache_mods_enabled }}" - notify: restart apache - -- name: Disable Apache mods. - file: - path: "{{ apache_server_root }}/mods-enabled/{{ item }}" - state: absent - with_items: "{{ apache_mods_disabled }}" - notify: restart apache - -- name: Check whether certificates defined in vhosts exist. - stat: "path={{ item.certificate_file }}" - register: apache_ssl_certificates - with_items: "{{ apache_vhosts_ssl }}" - -- name: Add apache vhosts configuration. - template: - src: "{{ apache_vhosts_template }}" - dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" - owner: root - group: root - mode: 0644 - notify: restart apache - when: apache_create_vhosts | bool - -- name: Add vhost symlink in sites-enabled. - file: - src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" - dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" - state: link - notify: restart apache - when: apache_create_vhosts | bool - -- name: Remove default vhost in sites-enabled. - file: - path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}" - state: absent - notify: restart apache - when: apache_remove_default_vhost diff --git a/roles/apache/tasks/configure-RedHat.yml b/roles/apache/tasks/configure-RedHat.yml deleted file mode 100644 index 95675e4..0000000 --- a/roles/apache/tasks/configure-RedHat.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Configure Apache. - lineinfile: - dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: present - with_items: "{{ apache_ports_configuration_items }}" - notify: restart apache - -- name: Check whether certificates defined in vhosts exist. - stat: path={{ item.certificate_file }} - register: apache_ssl_certificates - with_items: "{{ apache_vhosts_ssl }}" - -- name: Add apache vhosts configuration. - template: - src: "{{ apache_vhosts_template }}" - dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" - owner: root - group: root - mode: 0644 - notify: restart apache - when: apache_create_vhosts | bool - -- name: Check if localhost cert exists (RHEL 8 and later). - stat: - path: /etc/pki/tls/certs/localhost.crt - register: localhost_cert - when: ansible_distribution_major_version | int >= 8 - -- name: Ensure httpd certs are installed (RHEL 8 and later). - command: /usr/libexec/httpd-ssl-gencerts - when: - - ansible_distribution_major_version | int >= 8 - - not localhost_cert.stat.exists diff --git a/roles/apache/tasks/configure-Solaris.yml b/roles/apache/tasks/configure-Solaris.yml deleted file mode 100644 index b6c121b..0000000 --- a/roles/apache/tasks/configure-Solaris.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Configure Apache. - lineinfile: - dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: present - with_items: "{{ apache_ports_configuration_items }}" - notify: restart apache - -- name: Add apache vhosts configuration. - template: - src: "{{ apache_vhosts_template }}" - dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" - owner: root - group: root - mode: 0644 - notify: restart apache - when: apache_create_vhosts | bool diff --git a/roles/apache/tasks/configure-Suse.yml b/roles/apache/tasks/configure-Suse.yml deleted file mode 100644 index 54d4d1c..0000000 --- a/roles/apache/tasks/configure-Suse.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Configure Apache. - lineinfile: - dest: "{{ apache_server_root }}/listen.conf" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: present - with_items: "{{ apache_ports_configuration_items }}" - notify: restart apache - -- name: Check whether certificates defined in vhosts exist. - stat: path={{ item.certificate_file }} - register: apache_ssl_certificates - with_items: "{{ apache_vhosts_ssl }}" - -- name: Add apache vhosts configuration. - template: - src: "{{ apache_vhosts_template }}" - dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" - owner: root - group: root - mode: 0644 - notify: restart apache - when: apache_create_vhosts | bool diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml deleted file mode 100644 index cdbcb63..0000000 --- a/roles/apache/tasks/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Include variables and define needed variables. -- name: Include OS-specific variables. - include_vars: "{{ ansible_os_family }}.yml" - -- name: Include variables for Amazon Linux. - include_vars: "AmazonLinux.yml" - when: - - ansible_distribution == "Amazon" - - ansible_distribution_major_version == "NA" - -- name: Define apache_packages. - set_fact: - apache_packages: "{{ __apache_packages | list }}" - when: apache_packages is not defined - -# Setup/install tasks. -- include_tasks: "setup-{{ ansible_os_family }}.yml" - -# Figure out what version of Apache is installed. -- name: Get installed version of Apache. - command: "{{ apache_daemon_path }}{{ apache_daemon }} -v" - changed_when: false - check_mode: false - register: _apache_version - -- name: Create apache_version variable. - set_fact: - apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}" - -- name: Include Apache 2.2 variables. - include_vars: apache-22.yml - when: "apache_version.split('.')[1] == '2'" - -- name: Include Apache 2.4 variables. - include_vars: apache-24.yml - when: "apache_version.split('.')[1] == '4'" - -# Configure Apache. -- name: Configure Apache. - include_tasks: "configure-{{ ansible_os_family }}.yml" - -- name: Ensure Apache has selected state and enabled on boot. - service: - name: "{{ apache_service }}" - state: "{{ apache_state }}" - enabled: true diff --git a/roles/apache/tasks/setup-Debian.yml b/roles/apache/tasks/setup-Debian.yml deleted file mode 100644 index b5d1412..0000000 --- a/roles/apache/tasks/setup-Debian.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Update apt cache. - apt: update_cache=yes cache_valid_time=3600 - -- name: Ensure Apache is installed on Debian. - apt: "name={{ apache_packages }} state={{ apache_packages_state }}" diff --git a/roles/apache/tasks/setup-RedHat.yml b/roles/apache/tasks/setup-RedHat.yml deleted file mode 100644 index dfc9016..0000000 --- a/roles/apache/tasks/setup-RedHat.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Ensure Apache is installed on RHEL. - package: - name: "{{ apache_packages }}" - state: "{{ apache_packages_state }}" - enablerepo: "{{ apache_enablerepo | default(omit, true) }}" diff --git a/roles/apache/tasks/setup-Solaris.yml b/roles/apache/tasks/setup-Solaris.yml deleted file mode 100644 index a4ae450..0000000 --- a/roles/apache/tasks/setup-Solaris.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Ensure Apache is installed on Solaris. - pkg5: - name: "{{ apache_packages }}" - state: "{{ apache_packages_state }}" diff --git a/roles/apache/tasks/setup-Suse.yml b/roles/apache/tasks/setup-Suse.yml deleted file mode 100644 index 725266b..0000000 --- a/roles/apache/tasks/setup-Suse.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Ensure Apache is installed on Suse. - zypper: - name: "{{ apache_packages }}" - state: "{{ apache_packages_state }}" diff --git a/roles/apache/templates/vhosts.conf.j2 b/roles/apache/templates/vhosts.conf.j2 deleted file mode 100644 index 8b7af90..0000000 --- a/roles/apache/templates/vhosts.conf.j2 +++ /dev/null @@ -1,82 +0,0 @@ -{{ apache_global_vhost_settings }} - -{# Set up VirtualHosts #} -{% for vhost in apache_vhosts %} - - ServerName {{ vhost.servername }} -{% if vhost.serveralias is defined %} - ServerAlias {{ vhost.serveralias }} -{% endif %} -{% if vhost.documentroot is defined %} - DocumentRoot "{{ vhost.documentroot }}" -{% endif %} - -{% if vhost.serveradmin is defined %} - ServerAdmin {{ vhost.serveradmin }} -{% endif %} -{% if vhost.documentroot is defined %} - - AllowOverride {{ vhost.allow_override | default(apache_allow_override) }} - Options {{ vhost.options | default(apache_options) }} -{% if apache_vhosts_version == "2.2" %} - Order allow,deny - Allow from all -{% else %} - Require all granted -{% endif %} - -{% endif %} -{% if vhost.extra_parameters is defined %} - {{ vhost.extra_parameters }} -{% endif %} - - -{% endfor %} - -{# Set up SSL VirtualHosts #} -{% for vhost in apache_vhosts_ssl %} -{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %} - - ServerName {{ vhost.servername }} -{% if vhost.serveralias is defined %} - ServerAlias {{ vhost.serveralias }} -{% endif %} -{% if vhost.documentroot is defined %} - DocumentRoot "{{ vhost.documentroot }}" -{% endif %} - - SSLEngine on - SSLCipherSuite {{ apache_ssl_cipher_suite }} - SSLProtocol {{ apache_ssl_protocol }} - SSLHonorCipherOrder On -{% if apache_vhosts_version == "2.4" %} - SSLCompression off -{% endif %} - SSLCertificateFile {{ vhost.certificate_file }} - SSLCertificateKeyFile {{ vhost.certificate_key_file }} -{% if vhost.certificate_chain_file is defined %} - SSLCertificateChainFile {{ vhost.certificate_chain_file }} -{% endif %} - -{% if vhost.serveradmin is defined %} - ServerAdmin {{ vhost.serveradmin }} -{% endif %} -{% if vhost.documentroot is defined %} - - AllowOverride {{ vhost.allow_override | default(apache_allow_override) }} - Options {{ vhost.options | default(apache_options) }} -{% if apache_vhosts_version == "2.2" %} - Order allow,deny - Allow from all -{% else %} - Require all granted -{% endif %} - -{% endif %} -{% if vhost.extra_parameters is defined %} - {{ vhost.extra_parameters }} -{% endif %} - - -{% endif %} -{% endfor %} diff --git a/roles/apache/vars/AmazonLinux.yml b/roles/apache/vars/AmazonLinux.yml deleted file mode 100644 index 165f65d..0000000 --- a/roles/apache/vars/AmazonLinux.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apache_service: httpd -apache_daemon: httpd -apache_daemon_path: /usr/sbin/ -apache_server_root: /etc/httpd -apache_conf_path: /etc/httpd/conf.d - -apache_vhosts_version: "2.4" - -__apache_packages: - - httpd24 - - httpd24-devel - - mod24_ssl - - openssh - -apache_ports_configuration_items: - - regexp: "^Listen " - line: "Listen {{ apache_listen_port }}" diff --git a/roles/apache/vars/Debian.yml b/roles/apache/vars/Debian.yml deleted file mode 100644 index 7ff09c5..0000000 --- a/roles/apache/vars/Debian.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apache_service: apache2 -apache_daemon: apache2 -apache_daemon_path: /usr/sbin/ -apache_server_root: /etc/apache2 -apache_conf_path: /etc/apache2 - -__apache_packages: - - apache2 - - apache2-utils - -apache_ports_configuration_items: - - regexp: "^Listen " - line: "Listen {{ apache_listen_port }}" diff --git a/roles/apache/vars/RedHat.yml b/roles/apache/vars/RedHat.yml deleted file mode 100644 index d79fa5a..0000000 --- a/roles/apache/vars/RedHat.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apache_service: httpd -apache_daemon: httpd -apache_daemon_path: /usr/sbin/ -apache_server_root: /etc/httpd -apache_conf_path: /etc/httpd/conf.d - -apache_vhosts_version: "2.2" - -__apache_packages: - - httpd - - httpd-devel - - mod_ssl - - openssh - -apache_ports_configuration_items: - - regexp: "^Listen " - line: "Listen {{ apache_listen_port }}" - - regexp: "^#?NameVirtualHost " - line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/roles/apache/vars/Solaris.yml b/roles/apache/vars/Solaris.yml deleted file mode 100644 index 576291e..0000000 --- a/roles/apache/vars/Solaris.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apache_service: apache24 -apache_daemon: httpd -apache_daemon_path: /usr/apache2/2.4/bin/ -apache_server_root: /etc/apache2/2.4/ -apache_conf_path: /etc/apache2/2.4/conf.d - -apache_vhosts_version: "2.2" - -__apache_packages: - - web/server/apache-24 - - web/server/apache-24/module/apache-ssl - - web/server/apache-24/module/apache-security - -apache_ports_configuration_items: - - regexp: "^Listen " - line: "Listen {{ apache_listen_port }}" - - regexp: "^#?NameVirtualHost " - line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/roles/apache/vars/Suse.yml b/roles/apache/vars/Suse.yml deleted file mode 100644 index 27703f3..0000000 --- a/roles/apache/vars/Suse.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apache_service: apache2 -apache_daemon: httpd2 -apache_daemon_path: /usr/sbin/ -apache_server_root: /etc/apache2 -apache_conf_path: /etc/apache2/conf.d - -apache_vhosts_version: "2.2" - -__apache_packages: - - apache2 - - openssh - -apache_ports_configuration_items: - - regexp: "^Listen " - line: "Listen {{ apache_listen_port }}" - - regexp: "^#?NameVirtualHost " - line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/roles/apache/vars/apache-22.yml b/roles/apache/vars/apache-22.yml deleted file mode 100644 index c932f93..0000000 --- a/roles/apache/vars/apache-22.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apache_vhosts_version: "2.2" -apache_default_vhost_filename: 000-default -apache_ports_configuration_items: - - { - regexp: "^Listen ", - line: "Listen {{ apache_listen_port }}" - } - - { - regexp: "^#?NameVirtualHost ", - line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" - } diff --git a/roles/apache/vars/apache-24.yml b/roles/apache/vars/apache-24.yml deleted file mode 100644 index 449a444..0000000 --- a/roles/apache/vars/apache-24.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apache_vhosts_version: "2.4" -apache_default_vhost_filename: 000-default.conf -apache_ports_configuration_items: - - { - regexp: "^Listen ", - line: "Listen {{ apache_listen_port }}" - } diff --git a/roles/certbot/.github/FUNDING.yml b/roles/certbot/.github/FUNDING.yml deleted file mode 100644 index 96b4938..0000000 --- a/roles/certbot/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/certbot/.github/stale.yml b/roles/certbot/.github/stale.yml deleted file mode 100644 index c7ff127..0000000 --- a/roles/certbot/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/certbot/.gitignore b/roles/certbot/.gitignore deleted file mode 100644 index f56f5b5..0000000 --- a/roles/certbot/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/certbot/.travis.yml b/roles/certbot/.travis.yml deleted file mode 100644 index b813939..0000000 --- a/roles/certbot/.travis.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: certbot - matrix: - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: centos6 - MOLECULE_PLAYBOOK: playbook-source-install.yml - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: ubuntu1604 - - MOLECULE_DISTRO: debian10 - -install: - # Install test dependencies. - - pip install molecule yamllint ansible-lint docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/certbot/.yamllint b/roles/certbot/.yamllint deleted file mode 100644 index 76a383c..0000000 --- a/roles/certbot/.yamllint +++ /dev/null @@ -1,10 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 120 - level: warning - -ignore: | - .github/stale.yml diff --git a/roles/certbot/LICENSE b/roles/certbot/LICENSE deleted file mode 100644 index 4275cf3..0000000 --- a/roles/certbot/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/certbot/README.md b/roles/certbot/README.md deleted file mode 100644 index a720e0d..0000000 --- a/roles/certbot/README.md +++ /dev/null @@ -1,140 +0,0 @@ -# Ansible Role: Certbot (for Let's Encrypt) - -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-certbot) - -Installs and configures Certbot (for Let's Encrypt). - -## Requirements - -If installing from source, Git is required. You can install Git using the `geerlingguy.git` role. - -Generally, installing from source (see section `Source Installation from Git`) leads to a better experience using Certbot and Let's Encrypt, especially if you're using an older OS release. - -## Role Variables - -The variable `certbot_install_from_source` controls whether to install Certbot from Git or package management. The latter is the default, so the variable defaults to `no`. - - certbot_auto_renew: true - certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" - certbot_auto_renew_hour: "3" - certbot_auto_renew_minute: "30" - certbot_auto_renew_options: "--quiet --no-self-upgrade" - -By default, this role configures a cron job to run under the provided user account at the given hour and minute, every day. The defaults run `certbot renew` (or `certbot-auto renew`) via cron every day at 03:30:00 by the user you use in your Ansible playbook. It's preferred that you set a custom user/hour/minute so the renewal is during a low-traffic period and done by a non-root user account. - -### Automatic Certificate Generation - -Currently there is one built-in method for generating new certificates using this role: `standalone`. Other methods (e.g. using nginx or apache and a webroot) may be added in the future. - -**For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml). - - certbot_create_if_missing: false - certbot_create_method: standalone - -Set `certbot_create_if_missing` to `yes` or `True` to let this role generate certs. Set the method used for generating certs with the `certbot_create_method` variable—current allowed values include: `standalone`. - - certbot_admin_email: email@example.com - -The email address used to agree to Let's Encrypt's TOS and subscribe to cert-related notifications. This should be customized and set to an email address that you or your organization regularly monitors. - - certbot_certs: [] - # - email: janedoe@example.com - # domains: - # - example1.com - # - example2.com - # - domains: - # - example3.com - -A list of domains (and other data) for which certs should be generated. You can add an `email` key to any list item to override the `certbot_admin_email`. - - certbot_create_command: "{{ certbot_script }} certonly --standalone --noninteractive --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(',') }}" - -The `certbot_create_command` defines the command used to generate the cert. - -#### Standalone Certificate Generation - - certbot_create_standalone_stop_services: - - nginx - -Services that should be stopped while `certbot` runs it's own standalone server on ports 80 and 443. If you're running Apache, set this to `apache2` (Ubuntu), or `httpd` (RHEL), or if you have Nginx on port 443 and something else on port 80 (e.g. Varnish, a Java app, or something else), add it to the list so it is stopped when the certificate is generated. - -These services will only be stopped the first time a new cert is generated. - -### Source Installation from Git - -You can install Certbot from it's Git source repository if desired. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8). - - certbot_install_from_source: false - certbot_repo: https://github.com/certbot/certbot.git - certbot_version: master - certbot_keep_updated: true - -Certbot Git repository options. To install from source, set `certbot_install_from_source` to `yes`. This clones the configured `certbot_repo`, respecting the `certbot_version` setting. If `certbot_keep_updated` is set to `yes`, the repository is updated every time this role runs. - - certbot_dir: /opt/certbot - -The directory inside which Certbot will be cloned. - -### Wildcard Certificates - -Let's Encrypt supports [generating wildcard certificates](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579), but the process for generating and using them is slightly more involved. See comments in [this pull request](https://github.com/geerlingguy/ansible-role-certbot/pull/60#issuecomment-423919284) for an example of how to use this role to maintain wildcard certs. - -Michael Porter also has a walkthrough of [Creating A Let’s Encrypt Wildcard Cert With Ansible](https://www.michaelpporter.com/2018/09/creating-a-wildcard-cert-with-ansible/), specifically with Cloudflare. - -## Dependencies - -None. - -## Example Playbook - - - hosts: servers - - vars: - certbot_auto_renew_user: your_username_here - certbot_auto_renew_minute: "20" - certbot_auto_renew_hour: "5" - - roles: - - geerlingguy.certbot - -See other examples in the `tests/` directory. - -### Manually creating certificates with certbot - -_Note: You can have this role automatically generate certificates; see the "Automatic Certificate Generation" documentation above._ - -You can manually create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04, or use `/opt/certbot/certbot-auto` if installing from source/Git. Here are some example commands to configure certificates with Certbot: - - # Automatically add certs for all Apache virtualhosts (use with caution!). - certbot --apache - - # Generate certs, but don't modify Apache configuration (safer). - certbot --apache certonly - -If you want to fully automate the process of adding a new certificate, but don't want to use this role's built in functionality, you can do so using the command line options to register, accept the terms of service, and then generate a cert using the standalone server: - - 1. Make sure any services listening on ports 80 and 443 (Apache, Nginx, Varnish, etc.) are stopped. - 2. Register with something like `certbot register --agree-tos --email [your-email@example.com]` - - Note: You won't need to do this step in the future, when generating additional certs on the same server. - 3. Generate a cert for a domain whose DNS points to this server: `certbot certonly --noninteractive --standalone -d example.com -d www.example.com` - 4. Re-start whatever was listening on ports 80 and 443 before. - 5. Update your webserver's virtualhost TLS configuration to point at the new certificate (`fullchain.pem`) and private key (`privkey.pem`) Certbot just generated for the domain you passed in the `certbot` command. - 6. Reload or restart your webserver so it uses the new HTTPS virtualhost configuration. - -### Certbot certificate auto-renewal - -By default, this role adds a cron job that will renew all installed certificates once per day at the hour and minute of your choosing. - -You can test the auto-renewal (without actually renewing the cert) with the command: - - /opt/certbot/certbot-auto renew --dry-run - -See full documentation and options on the [Certbot website](https://certbot.eff.org/). - -## License - -MIT / BSD - -## Author Information - -This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/certbot/defaults/main.yml b/roles/certbot/defaults/main.yml deleted file mode 100644 index 7002b26..0000000 --- a/roles/certbot/defaults/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Certbot auto-renew cron job configuration (for certificate renewals). -certbot_auto_renew: true -certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" -certbot_auto_renew_hour: "3" -certbot_auto_renew_minute: "30" -certbot_auto_renew_options: "--quiet --no-self-upgrade" - -# Parameters used when creating new Certbot certs. -certbot_create_if_missing: false -certbot_create_method: standalone -certbot_admin_email: email@example.com -certbot_certs: [] -# - email: janedoe@example.com -# domains: -# - example1.com -# - example2.com -# - domains: -# - example3.com -certbot_create_command: >- - {{ certbot_script }} certonly --standalone --noninteractive --agree-tos - --email {{ cert_item.email | default(certbot_admin_email) }} - -d {{ cert_item.domains | join(',') }} - -certbot_create_standalone_stop_services: - - nginx - # - apache - # - varnish - -# To install from source (on older OSes or if you need a specific or newer -# version of Certbot), set this variable to `yes` and configure other options. -certbot_install_from_source: false -certbot_repo: https://github.com/certbot/certbot.git -certbot_version: master -certbot_keep_updated: true - -# Where to put Certbot when installing from source. -certbot_dir: /opt/certbot diff --git a/roles/certbot/meta/.galaxy_install_info b/roles/certbot/meta/.galaxy_install_info deleted file mode 100644 index c0fcbcc..0000000 --- a/roles/certbot/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Sun Nov 8 05:56:00 2020 -version: 3.1.0 diff --git a/roles/certbot/meta/main.yml b/roles/certbot/meta/main.yml deleted file mode 100644 index c430b45..0000000 --- a/roles/certbot/meta/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - author: geerlingguy - description: "Installs and configures Certbot (for Let's Encrypt)." - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - 6 - - 7 - - 8 - - name: Fedora - versions: - - all - - name: Ubuntu - versions: - - all - - name: Debian - versions: - - all - galaxy_tags: - - networking - - system - - web - - certbot - - letsencrypt - - encryption - - certificates - - ssl - - https diff --git a/roles/certbot/molecule/default/converge.yml b/roles/certbot/molecule/default/converge.yml deleted file mode 100644 index 9d6e5e7..0000000 --- a/roles/certbot/molecule/default/converge.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - certbot_auto_renew_user: root - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' - changed_when: false - - - name: Install dependencies (RedHat). - yum: name={{ item }} state=present - when: ansible_os_family == 'RedHat' - with_items: - - cronie - - epel-release - - - name: Install cron (Debian). - apt: name=cron state=present - when: ansible_os_family == 'Debian' - - roles: - - geerlingguy.certbot diff --git a/roles/certbot/molecule/default/molecule.yml b/roles/certbot/molecule/default/molecule.yml deleted file mode 100644 index 2da47dd..0000000 --- a/roles/certbot/molecule/default/molecule.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/certbot/molecule/default/playbook-source-install.yml b/roles/certbot/molecule/default/playbook-source-install.yml deleted file mode 100644 index 77ced51..0000000 --- a/roles/certbot/molecule/default/playbook-source-install.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - certbot_install_from_source: true - certbot_auto_renew_user: root - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' - changed_when: false - - - name: Install cron (RedHat). - yum: name=cronie state=present - when: ansible_os_family == 'RedHat' - - - name: Install cron (Debian). - apt: name=cron state=present - when: ansible_os_family == 'Debian' - - roles: - - geerlingguy.git - - geerlingguy.certbot diff --git a/roles/certbot/molecule/default/playbook-standalone-nginx-aws.yml b/roles/certbot/molecule/default/playbook-standalone-nginx-aws.yml deleted file mode 100644 index 4d9fdd3..0000000 --- a/roles/certbot/molecule/default/playbook-standalone-nginx-aws.yml +++ /dev/null @@ -1,180 +0,0 @@ ---- -# To run: -# 1. Ensure Ansible and Boto are installed (pip install ansible boto). -# 2. Ensure you have AWS credentials stored where Boto can find them, and they -# are under the profile 'mm'. -# 3. Ensure you have a pubkey available at ~/.ssh/id_rsa.pub. -# 3. Run the playbook: ansible-playbook test-standalone-nginx-aws.yml - -# Play 1: Provision EC2 instance and A record. -- hosts: localhost - connection: local - gather_facts: false - - tasks: - - name: Configure EC2 Security Group. - ec2_group: - profile: mm - name: certbot_test_http - description: HTTP security group for Certbot testing. - region: "us-east-1" - state: present - rules: - - proto: tcp - from_port: 80 - to_port: 80 - cidr_ip: 0.0.0.0/0 - - proto: tcp - from_port: 443 - to_port: 443 - cidr_ip: 0.0.0.0/0 - - proto: tcp - from_port: 22 - to_port: 22 - cidr_ip: 0.0.0.0/0 - rules_egress: [] - - - name: Add EC2 Key Pair. - ec2_key: - profile: mm - region: "us-east-1" - name: certbot_test - key_material: "{{ item }}" - with_file: - - ~/.ssh/id_rsa.pub - - - name: Provision EC2 instance. - ec2: - profile: mm - key_name: certbot_test - instance_tags: - Name: "certbot-standalone-nginx-test" - group: ['default', 'certbot_test_http'] - instance_type: t2.micro - # CentOS Linux 7 x86_64 HVM EBS - image: ami-02e98f78 - region: "us-east-1" - wait: true - wait_timeout: 500 - exact_count: 1 - count_tag: - Name: "certbot-standalone-nginx-test" - register: created_instance - - - name: Add A record for the new EC2 instance IP in Route53. - route53: - profile: mm - command: create - zone: servercheck.in - record: certbot-test.servercheck.in - type: A - ttl: 300 - value: "{{ created_instance.tagged_instances.0.public_ip }}" - wait: true - overwrite: true - - - name: Add EC2 instance to inventory groups. - add_host: - name: "certbot-test.servercheck.in" - groups: "aws,aws_nginx" - ansible_ssh_user: centos - host_key_checking: false - when: created_instance.tagged_instances.0.id is defined - -# Play 2: Configure EC2 instance with Certbot and Nginx. -- hosts: aws_nginx - gather_facts: true - become: true - - vars: - certbot_admin_email: https@servercheck.in - certbot_create_if_missing: true - certbot_create_standalone_stop_services: [] - certbot_certs: - - domains: - - certbot-test.servercheck.in - nginx_vhosts: - - listen: "443 ssl http2" - server_name: "certbot-test.servercheck.in" - root: "/usr/share/nginx/html" - index: "index.html index.htm" - state: "present" - template: "{{ nginx_vhost_template }}" - filename: "certbot_test.conf" - extra_parameters: | - ssl_certificate /etc/letsencrypt/live/certbot-test.servercheck.in/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/certbot-test.servercheck.in/privkey.pem; - ssl_protocols TLSv1.1 TLSv1.2; - ssl_ciphers HIGH:!aNULL:!MD5; - - pre_tasks: - - name: Update apt cache. - apt: update_cache=true cache_valid_time=600 - when: ansible_os_family == 'Debian' - changed_when: false - - - name: Install dependencies (RedHat). - yum: name={{ item }} state=present - when: ansible_os_family == 'RedHat' - with_items: - - cronie - - epel-release - - - name: Install cron (Debian). - apt: name=cron state=present - when: ansible_os_family == 'Debian' - - roles: - - geerlingguy.certbot - - geerlingguy.nginx - - tasks: - - name: Flush handlers in case any configs have changed. - meta: flush_handlers - - - name: Test secure connection to SSL domain. - uri: - url: https://certbot-test.servercheck.in/ - status_code: 200 - delegate_to: localhost - become: false - -# Play 3: Tear down EC2 instance and A record. -- hosts: localhost - connection: local - gather_facts: false - - tasks: - - name: Destroy EC2 instance. - ec2: - profile: mm - instance_ids: ["{{ created_instance.tagged_instances.0.id }}"] - region: "us-east-1" - state: absent - wait: true - wait_timeout: 500 - - - name: Delete Security Group. - ec2_group: - profile: mm - name: certbot_test_http - region: "us-east-1" - state: absent - - - name: Delete Key Pair. - ec2_key: - profile: mm - name: certbot_test - region: "us-east-1" - state: absent - - - name: Delete Route53 record. - route53: - profile: mm - state: delete - zone: servercheck.in - record: certbot-test.servercheck.in - type: A - ttl: 300 - # See: https://github.com/ansible/ansible/pull/32297 - value: [] diff --git a/roles/certbot/molecule/default/requirements.yml b/roles/certbot/molecule/default/requirements.yml deleted file mode 100644 index 0b31312..0000000 --- a/roles/certbot/molecule/default/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- src: geerlingguy.git -- src: geerlingguy.nginx diff --git a/roles/certbot/tasks/create-cert-standalone.yml b/roles/certbot/tasks/create-cert-standalone.yml deleted file mode 100644 index 6f25b8a..0000000 --- a/roles/certbot/tasks/create-cert-standalone.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Check if certificate already exists. - stat: - path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem - register: letsencrypt_cert - -- name: Stop services to allow certbot to generate a cert. - service: - name: "{{ item }}" - state: stopped - when: not letsencrypt_cert.stat.exists - with_items: "{{ certbot_create_standalone_stop_services }}" - -- name: Generate new certificate if one doesn't exist. - command: "{{ certbot_create_command }}" - when: not letsencrypt_cert.stat.exists - -- name: Start services after cert has been generated. - service: - name: "{{ item }}" - state: started - when: not letsencrypt_cert.stat.exists - with_items: "{{ certbot_create_standalone_stop_services }}" diff --git a/roles/certbot/tasks/include-vars.yml b/roles/certbot/tasks/include-vars.yml deleted file mode 100644 index 0a70e50..0000000 --- a/roles/certbot/tasks/include-vars.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Load a variable file based on the OS type, or a default if not found. - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "{{ ansible_distribution }}.yml" - - "{{ ansible_os_family }}.yml" - - "default.yml" diff --git a/roles/certbot/tasks/install-from-source.yml b/roles/certbot/tasks/install-from-source.yml deleted file mode 100644 index daee685..0000000 --- a/roles/certbot/tasks/install-from-source.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Clone Certbot into configured directory. - git: - repo: "{{ certbot_repo }}" - dest: "{{ certbot_dir }}" - version: "{{ certbot_version }}" - update: "{{ certbot_keep_updated }}" - force: true - -- name: Set Certbot script variable. - set_fact: - certbot_script: "{{ certbot_dir }}/certbot-auto" - -- name: Ensure certbot-auto is executable. - file: - path: "{{ certbot_script }}" - mode: 0755 diff --git a/roles/certbot/tasks/install-with-package.yml b/roles/certbot/tasks/install-with-package.yml deleted file mode 100644 index 10490ff..0000000 --- a/roles/certbot/tasks/install-with-package.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Install Certbot. - package: "name={{ certbot_package }} state=present" - -- name: Set Certbot script variable. - set_fact: - certbot_script: "{{ certbot_package }}" diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml deleted file mode 100644 index 52aa6af..0000000 --- a/roles/certbot/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- import_tasks: include-vars.yml - -- import_tasks: setup-RedHat.yml - when: ansible_os_family == 'RedHat' - -- import_tasks: install-with-package.yml - when: not certbot_install_from_source - -- import_tasks: install-from-source.yml - when: certbot_install_from_source - -- include_tasks: create-cert-standalone.yml - with_items: "{{ certbot_certs }}" - when: - - certbot_create_if_missing - - certbot_create_method == 'standalone' - loop_control: - loop_var: cert_item - -- import_tasks: renew-cron.yml - when: certbot_auto_renew diff --git a/roles/certbot/tasks/renew-cron.yml b/roles/certbot/tasks/renew-cron.yml deleted file mode 100644 index 394a30e..0000000 --- a/roles/certbot/tasks/renew-cron.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Add cron job for certbot renewal (if configured). - cron: - name: Certbot automatic renewal. - job: "{{ certbot_script }} renew {{ certbot_auto_renew_options }}" - minute: "{{ certbot_auto_renew_minute }}" - hour: "{{ certbot_auto_renew_hour }}" - user: "{{ certbot_auto_renew_user }}" diff --git a/roles/certbot/tasks/setup-RedHat.yml b/roles/certbot/tasks/setup-RedHat.yml deleted file mode 100644 index f60ea15..0000000 --- a/roles/certbot/tasks/setup-RedHat.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# See: https://github.com/geerlingguy/ansible-role-certbot/issues/107 -- block: - - - name: Ensure dnf-plugins are installed on CentOS 8+. - yum: - name: dnf-plugins-core - state: present - - - name: Enable DNF module for CentOS 8+. - shell: | - dnf config-manager --set-enabled PowerTools - args: - warn: false - register: dnf_module_enable - changed_when: false - - when: - - ansible_os_family == 'RedHat' - - ansible_distribution_major_version | int >= 8 diff --git a/roles/certbot/vars/Ubuntu-16.04.yml b/roles/certbot/vars/Ubuntu-16.04.yml deleted file mode 100644 index 83cf124..0000000 --- a/roles/certbot/vars/Ubuntu-16.04.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -certbot_package: letsencrypt diff --git a/roles/certbot/vars/default.yml b/roles/certbot/vars/default.yml deleted file mode 100644 index d88f2dc..0000000 --- a/roles/certbot/vars/default.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -certbot_package: certbot diff --git a/roles/dhcp/.gitignore b/roles/dhcp/.gitignore deleted file mode 100644 index 0fb91c3..0000000 --- a/roles/dhcp/.gitignore +++ /dev/null @@ -1,13 +0,0 @@ -# .gitignore - -# Hidden Vagrant-directory -.vagrant - -# Backup files (e.g. Vim, Gedit, etc.) -*~ - -# Vagrant base boxes (you never know when someone puts one in the repository) -*.box - -# Ignore test code (it's a separate branch worktree) -*tests/ diff --git a/roles/dhcp/.yamllint b/roles/dhcp/.yamllint deleted file mode 100644 index d3f556e..0000000 --- a/roles/dhcp/.yamllint +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Based on ansible-lint config -extends: default - -rules: - braces: {max-spaces-inside: 1, level: error} - brackets: {max-spaces-inside: 1, level: error} - colons: {max-spaces-after: -1, level: error} - commas: {max-spaces-after: -1, level: error} - comments: disable - comments-indentation: disable - document-start: disable - empty-lines: {max: 3, level: error} - hyphens: {level: error} - indentation: disable - key-duplicates: enable - line-length: disable - new-line-at-end-of-file: disable - new-lines: {type: unix} - trailing-spaces: disable - truthy: disable \ No newline at end of file diff --git a/roles/dhcp/CHANGELOG.md b/roles/dhcp/CHANGELOG.md deleted file mode 100644 index c540ea3..0000000 --- a/roles/dhcp/CHANGELOG.md +++ /dev/null @@ -1,121 +0,0 @@ -# Change log - -This file contains all notable changes to the dhcp Ansible role. - -This file adheres to the guidelines of [http://keepachangelog.com/](http://keepachangelog.com/). Versioning follows [Semantic Versioning](http://semver.org/). - -## 3.0.3 - 2020-05-06 - -### Added - -- (GH-40) Added support for RHEL 8, and it's derivatives. (credit: [Stuart Knight](https://github.com/blofeldthefish)) - -## 3.0.2 - 2019-08-29 - -### Added - -- (GH-29) The ability to add customised config snippets, whilst using a locally defined (outside of this role) Jinja Template. (credit: [Alex Gittings](https://github.com/minitriga)) - -## 3.0.1 - 2019-08-14 - -### Changed - -- Fix ansible-lint warnings -- Update documentation for failover peer documentation - -## 3.0.0 - 2019-08-14 - -### Added - -- (GH-18) The ability to add multiple subnet ranges to a scope. (credit: [Stuart Knight](https://github.com/blofeldthefish)) -- (GH-24) Add parameter `dhcp_apparmor_fix` to enable/disable the AppArmor fix (credit: [Maxim Baranov](https://github.com/mbaran0v)) -- Variable `dhcp_pxeboot_server` in order to allow this role to refer PXEBoot clients to the correct PXEBoot server. - -### Changed - -- (GH-19) **Breaking change** Fix inconsistency with readme for omapi secret. In the README the `dhcp_global_omapi_secret` is defined as such, whereas in the template it is `dhcp_omapi_secret`. It *should* be `dhcp_global_omapi_secret`. This will break playbooks that use the `dhcp_omapi_secret` variable. -- (GH-21, GH-25) Define network device in /etc/defaults. This is needed on Debian based distros. -- (GH-22) Support `include` lines for non-existent files in role's `files/` directory. This allows the user to add `include` lines in dhcpd.conf for non-existent files; files not found in role's `files/` directory. It should permit successful configuration of `dhcpd.conf` with the expectation of another process (role, task, legacy method, etc.) to provide the include file. (credit: [RayfordJ](https://github.com/rayfordj)) -- (GH-23) Removed default value for `dhcp_global_other_options` and test for its definition in the config file template. This is more consistent with how the other role variables are handled in the config file template. (credit: [lijok](https://github.com/lijok)) -- (GH-26) Fixed typo in README (credit [Guillaume Parent](https://github.com/gparent)) -- (GH-27) Use list of packages directly instead of in a `with_items` loop. (credit [Guillaume Parent](https://github.com/gparent)) -- Increased minimum Ansible version to 2.8 due to usage of more recent Ansible syntax (e.g. package installation directly with variable containing list of packages instead of `with_items` loop). -- Updated list of supported versions to latest stable releases of tested distros (EL 7.6, Fedora 30, Ubuntu 18.04) -- Use Yamllint configuration from Ansible Galaxy and fix Yamllint warnings -- Updated Vagrant test environment, in new orphan branch `vagrant-tests`. - -## 2.2.0 - 2018-10-13 - -### Added - -- (GH-13,14) support fixed address hosts in subnets (credit: [Ahmed Sghaier](https://github.com/asghaier)) -- (GH-15) Add variable `dhcp_service_state`, to define the desired state of the service (default: started). (credit: [Alessandro Ogier](https://github.com/aogier)) -- (GH-17) New configuration items for failover peer: `address`, `failover_peer`, `hba`, `load_balance_max_seconds`, `max-balance`, `max-lease-misbalance`, `max-lease-ownership`, `max_response_delay`, `max_unacked_updates`, `mclt`, `min-balance`, `peer_address`, `peer_port`, `port`, `role`, `split` (credit: [cacheira](https://github.com/cacheira)) - -### Changed - -- (GH-11,12) The `domain_search` key of `dhcp_subnets` can now also be a list (credit: [Ahmed Sghaier](https://github.com/asghaier)) -- (GH-16) Allow host declaration without specifying `fixed-address`. (credit: [Alessandro Ogier](https://github.com/aogier)) - -## 2.1.2 - 2017-11-21 - -### Changed - -- Fixed Ansible 2.4 deprecation warnings (include: -> include_tasks) - -## 2.1.1 - 2017-07-03 - -### Changed - -- (GH-10) Fixed bug where playbook run fails because `dhcp_global_includes` is undefined - -## 2.1.0 - 2017-06-26 - -### Added - -- New configuration items: - - (GH-7) `dhcp_global_log_facility`, `dhcp_global_server_name`, `dhcp_global_authoritative` (credit: [@jpiron](https://github.com/jpiron)) - - `dhcp_global_ntp_servers`, `dhcp_global_includes` (credit: Felix Egli) - -- (GH-9) Support OMAPI keys and catch-all options (credit: [@joshbenner](https://github.com/joshbenner)) - -### Changed - -- (GH-7) Several improvements: package state as variable instead of hard-coded, made host declarations global (credit: [@jpiron](https://github.com/jpiron) -- (GH-8) Fixed typo in README (credit: [@donvipre](https://github.com/donvipre) -- Quoted values in `dhcp_global_domain_search` (credit: Felix Egli) - -## 2.0.0 - 2016-04-29 - -### Added - -- Support for Ubuntu LTS 14.04 (Trusty Tahr) and 16.04 (Xenial Xerus) -- Tested on Fedora 23 and CentOS 6, and added to supported platforms - -### Changed - -- This version now uses the general package management module introduced in Ansible 2.0. This is considered a breaking change, since it wil no longer work with Ansible 1.6-1.7. - -## 1.1.0 - 2016-04-28 - -### Added - -- Support for PXE boot parameters bootp, booting, next-server, filename. Credits to [Rian Bogle](https://github.com/rbogle) -- Address pools within subnet declaration. Credits to [Birgit Croux](https://github.com/birgitcroux) -- Definition of classes with match statements - -## 1.0.1 - 2015-08-28 - -### Changed - -- Fixed a tag name -- Fixed GH-1: domain name no longer needs to be "double quoted" - -## 1.0.0 - 2015-08-24 - -First release! - -### Added - -- Allow setting some global variables -- Subnet declarations in YAML diff --git a/roles/dhcp/LICENSE.md b/roles/dhcp/LICENSE.md deleted file mode 100644 index 8411892..0000000 --- a/roles/dhcp/LICENSE.md +++ /dev/null @@ -1,13 +0,0 @@ -# BSD License - -Copyright (c) 2014, Bert Van Vreckem, (bert.vanvreckem@gmail.com) - -All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/roles/dhcp/README.md b/roles/dhcp/README.md deleted file mode 100644 index e28a903..0000000 --- a/roles/dhcp/README.md +++ /dev/null @@ -1,316 +0,0 @@ -# Ansible role `dhcp` - -Ansible role for setting up ISC DHCPD. The responsibilities of this role are to install packages and manage the configuration ([dhcpd.conf(5)](http://linux.die.net/man/5/dhcpd.conf)). Managing the firewall configuration is NOT a concern of this role. You can do this in your local playbook, or use another role (e.g. [bertvv.rh-base](https://galaxy.ansible.com/bertvv/rh-base). - -Refer to the [change log](CHANGELOG.md) for notable changes in each release. - -Do you use/like this role? Please consider giving it a star. If you [rate this role](https://galaxy.ansible.com/bertvv/dhcp) on Ansible Galaxy and find it lacking in some respect, please consider opening an Issue with actionable feedback or a PR so we can improve it. Thank you! - -## Requirements - -No specific requirements - -## Role Variables - -This role is able to set global options, and to specify subnet declarations. - -See the [test playbook](https://github.com/bertvv/ansible-role-dhcp/blob/vagrant-tests/test.yml) for a working example of a DHCP server in a test environment based on Vagrant and VirtualBox. This section is a reference of all supported options. - -### Global options - -The following variables, when set, will be added to the global section of the DHCP configuration file. If there is no default value specified, the corresponding setting will be left out of `dhcpd.conf(5)`. - -See the [dhcp-options(5)](http://linux.die.net/man/5/dhcp-options) man page for more information about these options. - -| Variable | Comments | -| :--- | :--- | -| `dhcp_global_authoritative` | Global authoritative statement (`authoritative`, `not authoritative`) | -| `dhcp_global_booting` | Global booting (`allow`, `deny`, `ignore`) | -| `dhcp_global_bootp` | Global bootp (`allow`, `deny`, `ignore`) | -| `dhcp_global_broadcast_address` | Global broadcast address | -| `dhcp_global_classes` | Class definitions with a match statement(1) | -| `dhcp_global_default_lease_time` | Default lease time in seconds | -| `dhcp_global_domain_name_servers` | A list of IP addresses of DNS servers(2) | -| `dhcp_global_domain_name` | The domain name the client should use when resolving host names | -| `dhcp_global_domain_search` | A list of domain names to be used by the client to locate non-FQDNs(1) | -| `dhcp_global_failover` | Failover peer settings (3) | -| `dhcp_global_failover_peer` | Name for the failover peer (e.g. `foo`) | -| `dhcp_global_filename` | Filename to request for boot | -| `dhcp_global_includes_missing` | Boolean. Continue if `includes` file(s) missing from role's files/ | -| `dhcp_global_includes` | List of config files to be included (from `dhcp_config_dir`) | -| `dhcp_global_log_facility` | Global log facility (e.g. `daemon`, `syslog`, `user`, ...) | -| `dhcp_global_max_lease_time` | Maximum lease time in seconds | -| `dhcp_global_next_server` | IP for PXEboot server | -| `dhcp_global_ntp_servers` | List of IP addresses of NTP servers | -| `dhcp_global_omapi_port` | OMAPI port | -| `dhcp_global_omapi_secret` | OMAPI secret | -| `dhcp_global_other_options` | Array of arbitrary additional global options | -| `dhcp_global_routers` | IP address of the router | -| `dhcp_global_server_name` | Server name sent to the client | -| `dhcp_global_server_state` | Service state (started, stopped) | -| `dhcp_global_subnet_mask` | Global subnet mask | -| `dhcp_custom_includes` | List of jinja config files to be included (from `dhcp_config_dir`) | - -**Remarks** - -(1) This role supports the definition of classes with a match statement, e.g.: - -```Yaml -# Class for VirtualBox VMs -dhcp_global_classes: - - name: vbox - match: 'match if binary-to-ascii(16,8,":",substring(hardware, 1, 3)) = "8:0:27"' -``` - -Class names can be used in the definition of address pools (see below). - -(2) The role variable `dhcp_global_domain_name_servers` may be written either as a list (when you have more than one item), or as a string (when you have only one). The following snippet shows an example of both: - -```Yaml -# A single DNS server -dhcp_global_domain_name_servers: 8.8.8.8 - -# A list of DNS servers -dhcp_global_domain_name_servers: - - 8.8.8.8 - - 8.8.4.4 -``` - -(3) This role also supports the definition of a failover peer, e.g.: - -```Yaml -# Failover peer definition -dhcp_global_failover_peer: failover-group -dhcp_global_failover: - role: primary # | secondary - address: 192.168.222.2 - port: 647 - peer_address: 192.168.222.3 - peer_port: 647 - max_response_delay: 15 - max_unacked_updates: 10 - load_balance_max_seconds: 5 - split: 255 - mclt: 3600 -``` - -The variable `dhcp_global_failover_peer` contains a name for the configured peer, to be used on a per pool basis. The failover declaration options are specified with the variable `dhcp_global_failover`, a dictionary that may contain the following options: - -| Option | Required | Comment | -| :--- | :---: | :-- | -| `address` | no | This server's IP address | -| `hba` | no | colon-separated-hex-list | -| `load_balance_max_seconds` | no | Cutoff after which load balance is disabled (3 to 5 recommended) | -| `max-balance` | no | Failover pool balance statement | -| `max-lease-misbalance` | no | Failover pool balance statement | -| `max-lease-ownership` | no | Failover pool balance statement | -| `max_response_delay` | no | Maximum seconds without contact before engaging failover | -| `max_unacked_updates` | no | Maximum BNDUPD it can send before receiving a BNDACK (10 recommended) | -| `mclt` | no | Maximum Client Lead Time | -| `min-balance` | no | Failover pool balance statement | -| `peer_address` | no | Failover peer's IP addres | -| `peer_port` | no | This server's port (generally 519/520 or 647/847) | -| `port` | no | This server's port (generally 519/520 or 647/847) | -| `role` | no | primary, secondary | -| `split` | no | Load balance split (0-255) | - -The failover peer directive has to be in the definition of address pools (see below). - -### Subnet declarations - -The role variable `dhcp_subnets` contains a list of dicts, specifying the subnet declarations to be added to the DHCP configuration file. Every subnet declaration should have an `ip` and `netmask`, other options are not mandatory. We start this section with an example, a complete overview of supported options follows. - -```Yaml -dhcp_subnets: - - ip: 192.168.222.0 - netmask: 255.255.255.128 - domain_name_servers: - - 10.0.2.3 - - 10.0.2.4 - range_begin: 192.168.222.50 - range_end: 192.168.222.127 - - ip: 192.168.222.128 - default_lease_time: 3600 - max_lease_time: 7200 - netmask: 255.255.255.128 - domain_name_servers: 10.0.2.3 - routers: 192.168.222.129 -``` - -An alphabetical list of supported options in a subnet declaration: - -| Option | Required | Comment | -| :--- | :---: | :-- | -| `booting` | no | allow,deny,ignore | -| `bootp` | no | allow,deny,ignore | -| `default_lease_time` | no | Default lease time for this subnet (in seconds) | -| `domain_name_servers` | no | List of domain name servers for this subnet(1) | -| `domain_search` | no | List of domain names for resolution of non-FQDNs(1) | -| `filename` | no | filename to retrieve from boot server | -| `hosts` | no | List of fixed IP address hosts for each subnet, similar to dhcp_hosts | -| `ip` | yes | **Required.** IP address of the subnet | -| `max_lease_time` | no | Maximum lease time for this subnet (in seconds) | -| `netmask` | yes | **Required.** Network mask of the subnet (in dotted decimal notation) | -| `next_server` | no | IP address of the boot server | -| `ntp_servers` | no | List of NTP servers for this subnet | -| `range_begin` | no | Lowest address in the range of dynamic IP addresses to be assigned | -| `range_end` | no | Highest address in the range of dynamic IP addresses to be assigned | -| `ranges` | no | If multiple ranges are needed, they can be specified as a list (2) | -| `routers` | no | IP address of the gateway for this subnet | -| `server_name` | no | Server name sent to the client | -| `subnet_mask` | no | Overrides the `netmask` of the subnet declaration | - -You can specify address pools within a subnet by setting the `pools` options. This allows you to specify a pool of addresses that will be treated differently than another pool of addresses, even on the same network segment or subnet. It is a list of dicts with the following keys, all of which are optional: - -| Option | Comment | -| :--- | :--- | -| `allow` | Specifies which hosts are allowed in this pool(1) | -| `default_lease_time` | The default lease time for this pool | -| `deny` | Specifies which hosts are not allowed in this pool | -| `domain_name_servers` | The domain name servers to be used for this pool(1) | -| `max_lease_time` | The maximum lease time for this pool | -| `min_lease_time` | The minimum lease time for this pool | -| `range_begin` | The lowest address in this pool | -| `range_end` | The highest address in this pool | -| `ranges` | If multiple ranges are needed, they can be specified as a list (2) | - -(1) For the `allow` and `deny` fields, the options are enumerated in [dhcpd.conf(5)](http://linux.die.net/man/5/dhcpd.conf), but include: - -- `booting` -- `bootp` -- `client-updates` -- `known-clients` -- `members of "CLASS"` -- `unknown-clients` - -(2) For multiple subnet ranges, they can be specified, thus: - -```Yaml -ranges: - - { begin: 192.168.222.50, end: 192.168.222.99 } - - { begin: 192.168.222.110, end: 192.168.222.127 } -``` - -### Host declarations - -You can specify hosts that should get a fixed IP address based on their MAC by setting the `dhcp_hosts` option. This is a list of dicts with the following three keys, of which `name` and `mac` are mandatory: - -| Option | Comment | -| :--- | :--- | -| `name` | The name of the host | -| `mac` | The MAC address of the host | -| `ip` | The IP address to be assigned to the host | - -```Yaml -dhcp_hosts: - - name: cl1 - mac: '00:11:22:33:44:55' - ip: 192.168.222.150 - - name: cl2 - mac: '00:de:ad:be:ef:00' - ip: 192.168.222.151 -``` - -### Specify PXEBoot server - -Setting the variable `dhcp_pxeboot_server`, will redirect PXE clients to the specified PXEBoot server in order to boot over the network. The specified server should have boot images on the expected locations. Use e.g. [bertvv.pxeserver](https://galaxy.ansible.com/bertvv/pxeserver) to configure it. - -### Custom Includes - -Setting the variable `dhcp_custom_inludes` to a jinja template will allow custom configurations to be used which will subsequently be included into the `dhcpd.conf` file. If the template file name has the `.j2` extension it will be removed from the destination file name, else it will preserve the template file name in the destination. - -```Yaml -dhcp_custom_includes: - - custom-dhcp-config.conf[.j2] -``` - -You can create your own variables to use within the template allowing for total flexibility. To avoid variable conflicts make sure that you use variables that are not referenced within this role as this will duplicate configuration in multiple `.conf` files. - -```Yaml - dhcp_custom_hosts: - - name: Juniper1 - mac: 'de:ad:c0:de:ca:fe' - ip: 192.168.35.160 - options: - - name: tftp-server-name - value: 192.168.35.152 - - name: host-name - value: Juniper1 - - name: NEW_OP.transfer-mode - value: "http" - - name: NEW_OP.config-file-name - value: "/configurations/j1-switch.config" -``` - -Finally the jinja template must contain valid ISC DHCPD configuration ([dhcpd.conf(5)](http://linux.die.net/man/5/dhcpd.conf)). This is an example of using [bertvv.dhcp](https://galaxy.ansible.com/bertvv/dhcp) for juniper Zero-Touch-Provisioning. - -```Jinja -option space NEW_OP; -option NEW_OP.image-file-name code 0 = text; -option NEW_OP.config-file-name code 1 = text; -option NEW_OP.image-file-type code 2 = text; -option NEW_OP.transfer-mode code 3 = text; -option NEW_OP.alt-image-file-name code 4= text; -option NEW_OP.http-port code 5= text; -option NEW_OP-encapsulation code 43 = encapsulate NEW_OP; - -{% if dhcp_custom_hosts is defined %} - -# -# Host declarations -# -{% for host in dhcp_custom_hosts %} -host {{ host.name | replace (" ","_") | replace ("'","_") | replace (":","_") }} { - hardware ethernet {{ host.mac }}; -{% if host.ip is defined %} - fixed-address {{ host.ip }}; -{% endif %} -{% if host.options is defined %} -{% for option in host.options %} - {{ option.name }} "{{ option.value }}" -{% endfor %} -{% endif %} -} -{% endfor %} -{% endif %} -``` - -## Dependencies - -No dependencies. - -## Example Playbook - -See the [test playbook](https://github.com/bertvv/ansible-role-dhcp/blob/vagrant-tests/test.yml) - -## Testing - -Tests for this role are provided in the form of a Vagrant environment that is kept in a separate branch, `vagrant-tests`. For more information about setting up the test environment and running the tests, refer to the [README](https://github.com/bertvv/ansible-role-dhcp/blob/vagrant-tests/README.md) of the test branch. - -## License - -BSD - -## Contributing - -Issues, feature requests, ideas are appreciated and can be posted in the Issues section. Pull requests are also very welcome. Preferably, create a topic branch and when submitting, squash your commits into one (with a descriptive message). - -### Contributors - -- [Ahmed Sghaier](https://github.com/asghaier) -- [Alessandro Ogier](https://github.com/aogier) -- [Alex Gittings](https://github.com/minitriga) -- [Bert Van Vreckem](https://github.com/bertvv) (maintainer) -- [Birgit Croux](https://github.com/birgitcroux/) -- [@cacheira](https://github.com/cacheira) -- [@donvipre](https://github.com/donvipre) -- Felix Egli -- [Guillaume Parent](https://github.com/gparent) -- [Jonathan Piron](https://github.com/jpiron) -- [Josh Benner](https://github.com/joshbenner) -- [@jpiron](https://github.com/jpiron) -- [@lijok](https://github.com/lijok) -- [Maxim Baranov](https://github.com/mbaran0v) -- [@RayfordJ](https://github.com/rayfordj) -- [Rian Bogle](https://github.com/rbogle/) -- [Stuart Knight](https://github.com/blofeldthefish) (maintainer) diff --git a/roles/dhcp/defaults/main.yml b/roles/dhcp/defaults/main.yml deleted file mode 100644 index c52acbb..0000000 --- a/roles/dhcp/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -# roles/dhcp/defaults/main.yml ---- - -dhcp_apparmor_fix: true -dhcp_global_includes_missing: false -dhcp_packages_state: "present" -dhcp_subnets: [] diff --git a/roles/dhcp/handlers/main.yml b/roles/dhcp/handlers/main.yml deleted file mode 100644 index bd8038e..0000000 --- a/roles/dhcp/handlers/main.yml +++ /dev/null @@ -1,12 +0,0 @@ -# roles/dhcp/handlers/main.yml ---- - -- name: restart dhcp - service: - name: "{{ dhcp_service }}" - state: "{{ (dhcp_global_server_state | default('started') == 'started') | ternary('restarted', 'stopped') }}" - -- name: restart apparmor - service: - name: apparmor - state: restarted diff --git a/roles/dhcp/meta/.galaxy_install_info b/roles/dhcp/meta/.galaxy_install_info deleted file mode 100644 index afc4bbe..0000000 --- a/roles/dhcp/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Sat Feb 27 13:38:57 2021 -version: master diff --git a/roles/dhcp/meta/main.yml b/roles/dhcp/meta/main.yml deleted file mode 100644 index c058b6e..0000000 --- a/roles/dhcp/meta/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -galaxy_info: - author: Bert Van Vreckem - description: Ansible role for setting up ISC DHCPD. - license: BSD - min_ansible_version: 2.8 - platforms: - - name: EL - versions: - - 7 - - 8 - - name: Fedora - versions: - - 29 - - name: Ubuntu - versions: - - bionic - galaxy_tags: - - system - - networking -dependencies: [] diff --git a/roles/dhcp/tasks/apparmor-fix.yml b/roles/dhcp/tasks/apparmor-fix.yml deleted file mode 100644 index 1723123..0000000 --- a/roles/dhcp/tasks/apparmor-fix.yml +++ /dev/null @@ -1,38 +0,0 @@ -# roles/dhcp/tasks/apparmor-fix.yml -# This playbook adds an AppArmor policy rule that allows the dhcpd process to -# acces temporary config files copied to the server by Ansible. ---- - -- name: AppArmor fix | Check if policy file exists - stat: - path: "{{ dhcp_apparmor_policy }}" - register: apparmor_policyfile - tags: dhcp - -- name: AppArmor fix | Ensure dhcpd can acces temp config file for validation (1/2) - lineinfile: - dest: "{{ dhcp_apparmor_policy }}" - line: ' capability dac_override,' - insertafter: ' capability setuid,' - state: present - create: false - when: apparmor_policyfile.stat.exists - failed_when: false - notify: restart apparmor - tags: dhcp - -- name: AppArmor fix | Ensure dhcpd can acces temp config file for validation (2/2) - lineinfile: - dest: "{{ dhcp_apparmor_policy }}" - line: ' /home/*/.ansible/** r,' - insertbefore: '.*/etc/dhcp/ r,' - state: present - create: false - when: apparmor_policyfile.stat.exists - failed_when: false - #register: apparmor_fix_2 - notify: restart apparmor - tags: dhcp - -- name: AppArmor fix | Force running handlers now - meta: flush_handlers diff --git a/roles/dhcp/tasks/default-fix.yml b/roles/dhcp/tasks/default-fix.yml deleted file mode 100644 index 11deb7e..0000000 --- a/roles/dhcp/tasks/default-fix.yml +++ /dev/null @@ -1,11 +0,0 @@ -# roles/dhcp/tasks/default-fix.yml -# This playbook adjusts a required dhcp package "default" file, -# specific to debian-like installs ---- - -- name: Defaults fix | Set a default listening interface - lineinfile: - dest: /etc/default/isc-dhcp-server - line: 'INTERFACESv4="{{ dhcp_interfaces | default(ansible_default_ipv4.interface) }}"' - regexp: '^INTERFACESv4=' - tags: dhcp diff --git a/roles/dhcp/tasks/main.yml b/roles/dhcp/tasks/main.yml deleted file mode 100644 index 3784ea7..0000000 --- a/roles/dhcp/tasks/main.yml +++ /dev/null @@ -1,70 +0,0 @@ -# roles/dhcp/tasks/main.yml ---- - -- name: Load distro-specific variables - include_vars: "{{ item }}" - with_first_found: - - "{{ ansible_distribution }}.yml" - - "{{ ansible_os_family }}.yml" - - "{{ default }}.yml" - tags: dhcp - -- name: Install packages - package: - name: "{{ dhcp_packages }}" - state: "{{ dhcp_packages_state }}" - tags: dhcp - -- include_tasks: apparmor-fix.yml - when: ansible_os_family == 'Debian' and dhcp_apparmor_fix|bool - tags: dhcp - -- include_tasks: default-fix.yml - when: ansible_os_family == 'Debian' - tags: dhcp - -- name: Install custom includes - template: - src: "{{ item }}" - dest: "{{ dhcp_config_dir }}/{{ ( item | basename ).split('.j2')[0] }}" - owner: root - group: root - mode: 0644 - with_items: "{{ dhcp_custom_includes }}" - when: dhcp_custom_includes is defined - notify: restart dhcp - tags: dhcp - -- name: Install includes - copy: - src: "{{ item }}" - dest: "{{ dhcp_config_dir }}/{{ item | basename }}" - with_items: "{{ dhcp_global_includes }}" - when: dhcp_global_includes is defined - ignore_errors: "{{ dhcp_global_includes_missing }}" - tags: dhcp - -- name: Set config directory perms - file: - path: "{{ dhcp_config | dirname }}" - state: directory - mode: 0755 - tags: dhcp - -- name: Install config file - template: - src: etc_dhcp_dhcpd.conf.j2 - dest: "{{ dhcp_config }}" - owner: root - group: root - mode: 0644 - validate: 'dhcpd -t -cf %s' - notify: restart dhcp - tags: dhcp - -- name: "Ensure service is {{ dhcp_global_server_state | default('started') }}" - service: - name: "{{ dhcp_service }}" - state: "{{ dhcp_global_server_state | default('started') }}" - enabled: true - tags: dhcp diff --git a/roles/dhcp/templates/etc_dhcp_dhcpd.conf.j2 b/roles/dhcp/templates/etc_dhcp_dhcpd.conf.j2 deleted file mode 100644 index 3a21dbe..0000000 --- a/roles/dhcp/templates/etc_dhcp_dhcpd.conf.j2 +++ /dev/null @@ -1,317 +0,0 @@ -# ISC DHCPD configuration -- don't edit manually! -# -# {{ ansible_managed }} - -# -# Global options -# -{% if dhcp_global_omapi_port is defined %} -omapi-port {{ dhcp_global_omapi_port }}; -{% endif %} -{% if dhcp_global_omapi_secret is defined %} -key omapi_key { - algorithm HMAC-MD5; - secret "{{ dhcp_global_omapi_secret }}"; -}; -{% endif %} -{% if dhcp_global_authoritative is defined %} -{{ dhcp_global_authoritative }}; -{% endif %} -{% if dhcp_global_log_facility is defined %} -log-facility {{ dhcp_global_log_facility }}; -{% endif %} -{% if dhcp_global_bootp is defined %} -{{ dhcp_global_bootp }} bootp; -{% endif %} -{% if dhcp_global_booting is defined %} -{{ dhcp_global_booting }} booting; -{% endif %} -{% if dhcp_global_next_server is defined %} -next-server {{ dhcp_global_next_server}}; -{% endif %} -{% if dhcp_global_filename is defined %} -filename "{{ dhcp_global_filename }}"; -{% endif %} -{% if dhcp_global_default_lease_time is defined %} -default-lease-time {{ dhcp_global_default_lease_time }}; -{% endif %} -{% if dhcp_global_max_lease_time is defined %} -max-lease-time {{ dhcp_global_max_lease_time }}; -{% endif %} -{% if dhcp_global_subnet_mask is defined %} -option subnet-mask {{ dhcp_global_subnet_mask }}; -{% endif %} -{% if dhcp_global_broadcast_address is defined %} -option broadcast-address {{ dhcp_global_broadcast_address }}; -{% endif %} -{% if dhcp_global_routers is defined %} -option routers {{ dhcp_global_routers }}; -{% endif %} -{% if dhcp_global_domain_name is defined %} -option domain-name "{{ dhcp_global_domain_name }}"; -{% endif %} -{% if dhcp_global_ntp_servers is defined %} -{% if dhcp_global_ntp_servers is string %} -option ntp-servers {{ dhcp_global_ntp_servers }}; -{% else %} -option ntp-servers {{ dhcp_global_ntp_servers|join(', ') }}; -{% endif %} -{% endif %} -{% if dhcp_global_domain_name_servers is defined %} -{% if dhcp_global_domain_name_servers is string %} -option domain-name-servers {{ dhcp_global_domain_name_servers }}; -{% else %} -option domain-name-servers {{ dhcp_global_domain_name_servers|join(', ') }}; -{% endif %} -{% endif %} -{% if dhcp_global_domain_search is defined %} -{% if dhcp_global_domain_search is string %} -option domain-search "{{ dhcp_global_domain_search }}"; -{% else %} -option domain-search "{{ dhcp_global_domain_search|join('", "') }}"; -{% endif %} -{% endif %} -{% if dhcp_global_server_name is defined %} -option server-name "{{ dhcp_global_server_name }}"; -{% endif %} -{% if dhcp_global_other_options is defined %} -{% for option in dhcp_global_other_options %} -option {{ option }}; -{% endfor %} -{% endif %} -{% if dhcp_global_failover_peer is defined %} - -# -# DHCP Failover config -# -# Notes: In the past couple years, TCP ports 647 (primary) and 847 (peer) have -# emerged as the standard bindings for DHCP dhcp_global_failover It is worth noting that as -# recently as 2005, the dhcpd.conf(5) man page used ports 519 and 520 in its -# failover example, but 647 and 847 look like good choices as of 2008. However, -# the dhcpd.conf(5) man page says that the primary port and the peer port may be -# the same number. - -failover peer "{{ dhcp_global_failover_peer }}" { -{% if dhcp_global_failover.role is defined %} - # [ primary | secondary ]; - {{ dhcp_global_failover.role }}; -{% endif %} -{% if dhcp_global_failover.address is defined %} - address {{ dhcp_global_failover.address }}; -{% endif %} -{% if dhcp_global_failover.port is defined %} - port {{ dhcp_global_failover.port }}; -{% endif %} -{% if dhcp_global_failover.peer_address is defined %} - peer address {{ dhcp_global_failover.peer_address }}; -{% endif %} -{% if dhcp_global_failover.peer_port is defined %} - peer port {{ dhcp_global_failover.peer_port }}; -{% endif %} -{% if dhcp_global_failover.max_response_delay is defined %} - max-response-delay {{ dhcp_global_failover.max_response_delay }}; -{% endif %} -{% if dhcp_global_failover.max_unacked_updates is defined %} - max-unacked-updates {{ dhcp_global_failover.max_unacked_updates }}; -{% endif %} -{% if dhcp_global_failover.split is defined %} - split {{ dhcp_global_failover.split }}; -{% endif %} -{% if dhcp_global_failover.hba is defined %} - hba {{ dhcp_global_failover.hba }}; -{% endif %} -{% if dhcp_global_failover.mclt is defined %} - mclt {{ dhcp_global_failover.mclt }}; -{% endif %} -{% if dhcp_global_failover.load_balance_max_seconds is defined %} - load balance max seconds {{ dhcp_global_failover.load_balance_max_seconds }}; -{% endif %} -{% if dhcp_global_failover.max_lease_misbalance is defined %} - max-lease-misbalance {{ dhcp_global_failover.max_lease_misbalance }}; -{% endif %} -{% if dhcp_global_failover.max_lease_ownership is defined %} - max-lease-ownership {{ dhcp_global_failover.max_lease_ownership }}; -{% endif %} -{% if dhcp_global_failover.min_balance is defined %} - min-balance {{ dhcp_global_failover.min_balance }}; -{% endif %} -{% if dhcp_global_failover.max_balance is defined %} - max-balance {{ dhcp_global_failover.max_balance }}; -{% endif %} -} -{% endif %} -{% if dhcp_global_includes is defined %} -# -# Includes -# -{% for include in dhcp_global_includes %} -include "{{ dhcp_config_dir }}/{{ include | basename }}"; -{% endfor %} -{% endif %} - -{% if dhcp_custom_includes is defined%} -# -# Custom Includes -# -{% for include in dhcp_custom_includes %} -include "{{ dhcp_config_dir }}/{{ ( include | basename ).split('.j2')[0] }}"; -{% endfor %} -{% endif %} - -{% if dhcp_global_classes is defined %} -# -# Classes -# -{% for class in dhcp_global_classes %} -class "{{ class.name }}" { -{% if class.match is defined %} - {{ class.match }}; -{% endif %} -} -{% endfor %} -{% endif %} -# -# Subnet declarations -# -{% for subnet in dhcp_subnets %} -subnet {{ subnet.ip }} netmask {{ subnet.netmask }} { -{% if subnet.default_lease_time is defined %} - default-lease-time {{ subnet.default_lease_time }}; -{% endif %} -{% if subnet.max_lease_time is defined %} - max-lease-time {{ subnet.max_lease_time }}; -{% endif %} -{% if subnet.routers is defined %} - option routers {{ subnet.routers }}; -{% endif %} -{% if subnet.subnet_mask is defined %} - option subnet-mask {{ subnet.subnet_mask }}; -{% endif %} -{% if subnet.domain_search is defined %} -{% if subnet.domain_search is string %} - option domain-search "{{ subnet.domain_search }}"; -{% else %} - option domain-search "{{ subnet.domain_search|join('", "') }}"; -{% endif %} -{% endif %} -{% if subnet.domain_name_servers is defined %} -{% if subnet.domain_name_servers is string %} - option domain-name-servers {{ subnet.domain_name_servers }}; -{% else %} - option domain-name-servers {{ subnet.domain_name_servers|join(', ') }}; -{% endif %} -{% endif %} -{% if subnet.ntp_servers is defined %} -{% if subnet.ntp_servers is string %} -option ntp-servers {{ subnet.ntp_servers }}; -{% else %} -option ntp-servers {{ subnet.ntp_servers|join(', ') }}; -{% endif %} -{% endif %} -{% if subnet.range_begin is defined and subnet.range_end is defined %} - range {{ subnet.range_begin }} {{ subnet.range_end }}; -{% endif %} -{% if subnet.ranges is defined %} -{% for range in subnet.ranges %} - range {{ range.begin }} {{ range.end }}; -{% endfor %} -{% endif %} -{% if subnet.server_name is defined %} - server-name {{ subnet.server_name }}; -{% endif %} -{% if subnet.next_server is defined %} - next-server {{ subnet.next_server }}; -{% endif %} -{% if subnet.filename is defined %} - filename "{{ subnet.filename }}"; -{% endif %} -{% if subnet.bootp is defined %} -{{ subnet.bootp }} bootp; -{% endif %} -{% if subnet.booting is defined %} -{{ subnet.booting }} booting; -{% endif %} -{% if subnet.hosts is defined %} -{% for host in subnet.hosts %} - host {{ host.name }} { - hardware ethernet {{ host.mac }}; - fixed-address {{ host.ip }}; - } -{% endfor %} -{% endif %} -{% if subnet.pools is defined %} - # Address pool(s) -{% for pool in subnet.pools %} - pool { -{% if pool.failover_peer is defined %} -# This pool has failover, see above for server details - failover peer "{{ pool.failover_peer }}"; -{% endif %} -{% if pool.domain_name_servers is defined %} -{% if pool.domain_name_servers is string %} - option domain-name-servers {{ pool.domain_name_servers }}; -{% else %} - option domain-name-servers {{ pool.domain_name_servers|join(', ') }}; -{% endif %} -{% endif %} -{% if pool.default_lease_time is defined %} - default-lease-time {{ pool.default_lease_time }}; -{% endif %} -{% if pool.min_lease_time is defined %} - min-lease-time {{ pool.min_lease_time }}; -{% endif %} -{% if pool.max_lease_time is defined %} - max-lease-time {{ pool.max_lease_time }}; -{% endif %} -{% if pool.range_begin is defined and pool.range_end is defined %} - range {{ pool.range_begin }} {{ pool.range_end }}; -{% endif %} -{% if pool.ranges is defined %} -{% for range in pool.ranges %} - range {{ range.begin }} {{ range.end }}; -{% endfor %} -{% endif %} -{% if pool.allow is defined %} - allow {{ pool.allow }}; -{% endif %} -{% if pool.deny is defined %} - deny {{ pool.deny }}; -{% endif %} - } -{% endfor %} -{% endif %} -} -{% endfor %} -{% if dhcp_hosts is defined %} - -# -# Host declarations -# -{% for host in dhcp_hosts %} -host {{ host.name | replace (" ","_") | replace ("'","_") | replace (":","_") }} { - hardware ethernet {{ host.mac }}; -{% if host.ip is defined %} - fixed-address {{ host.ip }}; -{% endif %} -} -{% endfor %} -{% endif %} -{% if dhcp_pxeboot_server is defined %} - -# -# PXEBoot server settings -# -option arch code 93 = unsigned integer 16; # RFC4578 - -class "pxeclients" { - match if substring (option vendor-class-identifier, 0, 9) = "PXEClient"; - next-server {{ dhcp_pxeboot_server }}; - - if option arch = 00:07 { - filename "pxelinux/bootx64.efi"; - } else { - filename "pxelinux/pxelinux.0"; - } -} - -{% endif %} diff --git a/roles/dhcp/vars/Alpine.yml b/roles/dhcp/vars/Alpine.yml deleted file mode 100644 index 6af3c6f..0000000 --- a/roles/dhcp/vars/Alpine.yml +++ /dev/null @@ -1,12 +0,0 @@ -# roles/dhcp/vars/Alpine.yml ---- - -dhcp_packages: - - dhcp - -dhcp_config_dir: /etc/dhcp - -dhcp_config: /etc/dhcp/dhcpd.conf - -dhcp_service: dhcpd - diff --git a/roles/dhcp/vars/Debian.yml b/roles/dhcp/vars/Debian.yml deleted file mode 100644 index 7a5eb6f..0000000 --- a/roles/dhcp/vars/Debian.yml +++ /dev/null @@ -1,13 +0,0 @@ -# roles/dhcp/vars/Debian.yml ---- - -dhcp_packages: - - isc-dhcp-server - -dhcp_config_dir: /etc/dhcp - -dhcp_config: /etc/dhcp/dhcpd.conf - -dhcp_service: isc-dhcp-server - -dhcp_apparmor_policy: /etc/apparmor.d/usr.sbin.dhcpd diff --git a/roles/dhcp/vars/RedHat.yml b/roles/dhcp/vars/RedHat.yml deleted file mode 100644 index b14ebf7..0000000 --- a/roles/dhcp/vars/RedHat.yml +++ /dev/null @@ -1,11 +0,0 @@ -# roles/dhcp/vars/RedHat.yml ---- - -dhcp_packages: - - "{{ ( ansible_distribution_major_version == '8' ) | ternary( 'dhcp-server', 'dhcp' ) }}" - -dhcp_config_dir: /etc/dhcp - -dhcp_config: /etc/dhcp/dhcpd.conf - -dhcp_service: dhcpd diff --git a/roles/docker/.ansible-lint b/roles/docker/.ansible-lint deleted file mode 100644 index affe64f..0000000 --- a/roles/docker/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -skip_list: - - '306' - - '106' diff --git a/roles/docker/.github/FUNDING.yml b/roles/docker/.github/FUNDING.yml deleted file mode 100644 index 96b4938..0000000 --- a/roles/docker/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/docker/.github/stale.yml b/roles/docker/.github/stale.yml deleted file mode 100644 index 3ac21f9..0000000 --- a/roles/docker/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale ---- -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/docker/.github/workflows/ci.yml b/roles/docker/.github/workflows/ci.yml deleted file mode 100644 index 42b7a1d..0000000 --- a/roles/docker/.github/workflows/ci.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -name: CI -'on': - pull_request: - push: - branches: - - master - schedule: - - cron: "0 7 * * 0" - -defaults: - run: - working-directory: 'geerlingguy.docker' - -jobs: - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.docker' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install yamllint ansible-lint - - - name: Lint code. - run: | - yamllint . - ansible-lint - - molecule: - name: Molecule - runs-on: ubuntu-latest - strategy: - matrix: - distro: - - centos8 - - centos7 - - ubuntu2004 - - ubuntu1804 - - debian10 - - debian9 - - fedora31 - - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.docker' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install ansible molecule[docker] docker - - - name: Run Molecule tests. - run: molecule test - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/roles/docker/.github/workflows/release.yml b/roles/docker/.github/workflows/release.yml deleted file mode 100644 index 5d02a3e..0000000 --- a/roles/docker/.github/workflows/release.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# This workflow requires a GALAXY_API_KEY secret present in the GitHub -# repository or organization. -# -# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy -# See: https://github.com/ansible/galaxy/issues/46 - -name: Release -'on': - push: - tags: - - '*' - -defaults: - run: - working-directory: 'geerlingguy.docker' - -jobs: - - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.docker' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install Ansible. - run: pip3 install ansible-base - - - name: Trigger a new import on Galaxy. - run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/docker/.gitignore b/roles/docker/.gitignore deleted file mode 100644 index f56f5b5..0000000 --- a/roles/docker/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/docker/.yamllint b/roles/docker/.yamllint deleted file mode 100644 index e6fc538..0000000 --- a/roles/docker/.yamllint +++ /dev/null @@ -1,11 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 200 - level: warning - -ignore: | - .github/stale.yml - .travis.yml diff --git a/roles/docker/LICENSE b/roles/docker/LICENSE deleted file mode 100644 index 4275cf3..0000000 --- a/roles/docker/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/docker/README.md b/roles/docker/README.md deleted file mode 100644 index 3090374..0000000 --- a/roles/docker/README.md +++ /dev/null @@ -1,97 +0,0 @@ -# Ansible Role: Docker - -[![CI](https://github.com/geerlingguy/ansible-role-docker/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-docker/actions?query=workflow%3ACI) - -An Ansible Role that installs [Docker](https://www.docker.com) on Linux. - -## Requirements - -None. - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). - docker_edition: 'ce' - docker_package: "docker-{{ docker_edition }}" - docker_package_state: present - -The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: Red Hat/CentOS: `docker-{{ docker_edition }}-`; Debian/Ubuntu: `docker-{{ docker_edition }}=`. - -You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play). - - docker_service_state: started - docker_service_enabled: true - docker_restart_handler_state: restarted - -Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set these to `stopped` and set the enabled variable to `no`. - - docker_install_compose: true - docker_compose_version: "1.26.0" - docker_compose_path: /usr/local/bin/docker-compose - -Docker Compose installation options. - - docker_apt_release_channel: stable - docker_apt_arch: amd64 - docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" - docker_apt_ignore_key_error: True - docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg - -(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release. - -You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. -Usually in combination with changing `docker_apt_repository` as well. - - docker_yum_repo_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo - docker_yum_repo_enable_nightly: '0' - docker_yum_repo_enable_test: '0' - docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg - -(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`. - -You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. -Usually in combination with changing `docker_yum_repository` as well. - - docker_users: - - user1 - - user2 - -A list of system users to be added to the `docker` group (so they can use Docker on the server). - -## Use with Ansible (and `docker` Python library) - -Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role: - -```yaml -- hosts: all - - vars: - pip_install_packages: - - name: docker - - roles: - - geerlingguy.pip - - geerlingguy.docker -``` - -## Dependencies - -None. - -## Example Playbook - -```yaml -- hosts: all - roles: - - geerlingguy.docker -``` - -## License - -MIT / BSD - -## Author Information - -This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml deleted file mode 100644 index 8d66047..0000000 --- a/roles/docker/defaults/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). -docker_edition: 'ce' -docker_package: "docker-{{ docker_edition }}" -docker_package_state: present - -# Service options. -docker_service_state: started -docker_service_enabled: true -docker_restart_handler_state: restarted - -# Docker Compose options. -docker_install_compose: true -docker_compose_version: "1.26.0" -docker_compose_path: /usr/local/bin/docker-compose - -# Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed. -docker_apt_release_channel: stable -docker_apt_arch: amd64 -docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" -docker_apt_ignore_key_error: true -docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg - -# Used only for RedHat/CentOS/Fedora. -docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo -docker_yum_repo_enable_nightly: '0' -docker_yum_repo_enable_test: '0' -docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg - -# A list of users who will be added to the docker group. -docker_users: [] diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml deleted file mode 100644 index 7847bc1..0000000 --- a/roles/docker/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart docker - service: "name=docker state={{ docker_restart_handler_state }}" diff --git a/roles/docker/meta/.galaxy_install_info b/roles/docker/meta/.galaxy_install_info deleted file mode 100644 index 3e00bcc..0000000 --- a/roles/docker/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Tue Feb 16 21:35:59 2021 -version: 3.0.0 diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml deleted file mode 100644 index fc01727..0000000 --- a/roles/docker/meta/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: docker - author: geerlingguy - description: Docker for Linux. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - 7 - - 8 - - name: Fedora - versions: - - all - - name: Debian - versions: - - stretch - - buster - - name: Ubuntu - versions: - - xenial - - bionic - - focal - galaxy_tags: - - web - - system - - containers - - docker - - orchestration - - compose - - server diff --git a/roles/docker/molecule/default/converge.yml b/roles/docker/molecule/default/converge.yml deleted file mode 100644 index 629095b..0000000 --- a/roles/docker/molecule/default/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' - - - name: Wait for systemd to complete initialization. # noqa 303 - command: systemctl is-system-running - register: systemctl_status - until: > - 'running' in systemctl_status.stdout or - 'degraded' in systemctl_status.stdout - retries: 30 - delay: 5 - when: ansible_service_mgr == 'systemd' - changed_when: false - failed_when: systemctl_status.rc > 1 - - roles: - - role: geerlingguy.docker diff --git a/roles/docker/molecule/default/molecule.yml b/roles/docker/molecule/default/molecule.yml deleted file mode 100644 index 7490710..0000000 --- a/roles/docker/molecule/default/molecule.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/docker/tasks/docker-compose.yml b/roles/docker/tasks/docker-compose.yml deleted file mode 100644 index 92cf4f2..0000000 --- a/roles/docker/tasks/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Check current docker-compose version. - command: docker-compose --version - register: docker_compose_current_version - changed_when: false - failed_when: false - -- name: Delete existing docker-compose version if it's different. - file: - path: "{{ docker_compose_path }}" - state: absent - when: > - docker_compose_current_version.stdout is defined - and docker_compose_version not in docker_compose_current_version.stdout - -- name: Install Docker Compose (if configured). - get_url: - url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64 - dest: "{{ docker_compose_path }}" - mode: 0755 diff --git a/roles/docker/tasks/docker-users.yml b/roles/docker/tasks/docker-users.yml deleted file mode 100644 index b3b6e0f..0000000 --- a/roles/docker/tasks/docker-users.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Ensure docker users are added to the docker group. - user: - name: "{{ item }}" - groups: docker - append: true - with_items: "{{ docker_users }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml deleted file mode 100644 index 56449ef..0000000 --- a/roles/docker/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- include_tasks: setup-RedHat.yml - when: ansible_os_family == 'RedHat' - -- include_tasks: setup-Debian.yml - when: ansible_os_family == 'Debian' - -- name: Install Docker. - package: - name: "{{ docker_package }}" - state: "{{ docker_package_state }}" - notify: restart docker - -- name: Ensure Docker is started and enabled at boot. - service: - name: docker - state: "{{ docker_service_state }}" - enabled: "{{ docker_service_enabled }}" - -- name: Ensure handlers are notified now to avoid firewall conflicts. - meta: flush_handlers - -- include_tasks: docker-compose.yml - when: docker_install_compose | bool - -- include_tasks: docker-users.yml - when: docker_users | length > 0 diff --git a/roles/docker/tasks/setup-Debian.yml b/roles/docker/tasks/setup-Debian.yml deleted file mode 100644 index d701135..0000000 --- a/roles/docker/tasks/setup-Debian.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Ensure old versions of Docker are not installed. - package: - name: - - docker - - docker-engine - state: absent - -- name: Ensure dependencies are installed. - apt: - name: - - apt-transport-https - - ca-certificates - - gnupg2 - state: present - -- name: Add Docker apt key. - apt_key: - url: "{{ docker_apt_gpg_key }}" - id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 - state: present - register: add_repository_key - ignore_errors: "{{ docker_apt_ignore_key_error }}" - -- name: Ensure curl is present (on older systems without SNI). - package: name=curl state=present - when: add_repository_key is failed - -- name: Add Docker apt key (alternative for older systems without SNI). - shell: > - curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add - - args: - warn: false - when: add_repository_key is failed - -- name: Add Docker repository. - apt_repository: - repo: "{{ docker_apt_repository }}" - state: present - update_cache: true diff --git a/roles/docker/tasks/setup-RedHat.yml b/roles/docker/tasks/setup-RedHat.yml deleted file mode 100644 index 9607238..0000000 --- a/roles/docker/tasks/setup-RedHat.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: Ensure old versions of Docker are not installed. - package: - name: - - docker - - docker-common - - docker-engine - state: absent - -- name: Add Docker GPG key. - rpm_key: - key: "{{ docker_yum_gpg_key }}" - state: present - -- name: Add Docker repository. - get_url: - url: "{{ docker_yum_repo_url }}" - dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' - owner: root - group: root - mode: 0644 - -- name: Configure Docker Nightly repo. - ini_file: - dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' - section: 'docker-{{ docker_edition }}-nightly' - option: enabled - value: '{{ docker_yum_repo_enable_nightly }}' - mode: 0644 - -- name: Configure Docker Test repo. - ini_file: - dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' - section: 'docker-{{ docker_edition }}-test' - option: enabled - value: '{{ docker_yum_repo_enable_test }}' - mode: 0644 - -- name: Configure containerd on RHEL 8. - block: - - name: Ensure container-selinux is installed. - package: - name: container-selinux - state: present - - - name: Ensure containerd.io is installed. - package: - name: containerd.io - state: present - when: ansible_distribution_major_version | int == 8 diff --git a/roles/factorio/.github/workflows/ansible-tests.yml b/roles/factorio/.github/workflows/ansible-tests.yml deleted file mode 100644 index 55213cc..0000000 --- a/roles/factorio/.github/workflows/ansible-tests.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Got this action from: https://github.com/colin-mccarthy/ansible_lint_demo - -name: Ansible Tests -on: pull_request -jobs: - yamllint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: Set up Python 3.7 - uses: actions/setup-python@v1 - with: - python-version: 3.7 - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r dev-requirements.txt - - name: Test with molecule - run: make lint - molecule_centos: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: Set up Python 3.7 - uses: actions/setup-python@v1 - with: - python-version: 3.7 - - name: Install dependencies - run: | - sudo apt install docker - python -m pip install --upgrade pip - pip install -r dev-requirements.txt - - name: Test with molecule - run: make test_centos - molecule_debian: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: Set up Python 3.7 - uses: actions/setup-python@v1 - with: - python-version: 3.7 - - name: Install dependencies - run: | - sudo apt install docker - python -m pip install --upgrade pip - pip install -r dev-requirements.txt - - name: Test with molecule - run: make test_debian - molecule_ubuntu: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: Set up Python 3.7 - uses: actions/setup-python@v1 - with: - python-version: 3.7 - - name: Install dependencies - run: | - sudo apt install docker - python -m pip install --upgrade pip - pip install -r dev-requirements.txt - - name: Test with molecule - run: make test_ubuntu diff --git a/roles/factorio/.gitignore b/roles/factorio/.gitignore deleted file mode 100644 index 22d0d82..0000000 --- a/roles/factorio/.gitignore +++ /dev/null @@ -1 +0,0 @@ -vendor diff --git a/roles/factorio/.yamllint b/roles/factorio/.yamllint deleted file mode 100644 index 2988da4..0000000 --- a/roles/factorio/.yamllint +++ /dev/null @@ -1,13 +0,0 @@ ---- -extends: default - -rules: - empty-lines: disable - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - line-length: disable - truthy: disable diff --git a/roles/factorio/README.md b/roles/factorio/README.md deleted file mode 100644 index a061433..0000000 --- a/roles/factorio/README.md +++ /dev/null @@ -1,257 +0,0 @@ -# Factorio - -[![Install from Ansible Galaxy](https://img.shields.io/badge/role-bplower.factorio-blue.svg)](https://galaxy.ansible.com/bplower/factorio/) -![Ansible Lint](https://github.com/bplower/ansible-factorio/workflows/Ansible%20Tests/badge.svg) - -A role for creating Factorio servers -https://galaxy.ansible.com/bplower/factorio/ - -## Requirements - -No requirements - -## Role Variables - -Variables can be roughly divided into two groups: deployment configurations and -Factorio configurations. - -### Deployment Configurations - -The deployment configurations are all related to the way in which ansible -installs the factorio server. These should be abstracted enough to allow -multiple factorio servers to be run simultaneously. - -``` -server_sources: "/opt/games/sources/factorio" -server_version: "0.17.79" -download_url: "https://www.factorio.com/get-download/{{ server_version }}/headless/linux64" -service_name: "factorio-server" -service_user: "factorio" -service_group: "factorio" -service_root: "/home/{{ service_user }}" -service_port: 34197 -service_restart_permitted: true -factorio_default_save: "{{ service_root }}/factorio/saves/default-save.zip" -factorio_target_save: "{{ factorio_default_save }}" -``` - -More detailed information about these variables is as follows: - -- Variable: `server_sources`
- Default: `"/opt/games/sources/factorio"`
- Comments:
- Where to cache server binaries downloaded from the download_url - -- Variable: `server_version`
- Default: `"0.17.79"`
- Choices: - - "0.18.26" - - "0.17.79" - - "0.17.74" - - "0.16.51" - - "0.15.40" - - "0.14.23" - - "0.13.20" - - "0.12.35" - - Comments:
- You must set the `download_checksum` value if you set this variable. This - value is used in the default `download_url`. - -- Variable: `download_url`
- Default: `"https://www.factorio.com/get-download/{{ server_version }}/headless/linux64"`
- Comments:
- The URL to download the server binary from. This will only be downloaded if - the path `"{{ server_sources }}/factorio-{{ server_version }}.tar.gz"` does - not exist. - -- Variable: `download_checksum`
- Default: `"sha256:9ace12fa986df028dc1851bf4de2cb038044d743e98823bc1c48ba21aa4d23df"` - Comments:
- The checksum that must match the downloaded server binary. This ensures the integrity. - If you change the `download_url` or `server_version`, you need to adapt the checksum as well. To get the - checksum of a server binary, you can use `curl --silent --location | sha256sum`. - To disable the checksum verification, just set it to an empty string (`""`). - -- Variable: `service_name`
- Default: `"factorio-server"`
- Comments:
- The name of the service to create. Multiple instances of factorio servers can - be run on a single host by providing different values for this variable (See - the examples section of this document). - -- Variable: `service_user`
- Default: `"factorio"`
- Comments:
- The user the service should be run as. - -- Variable: `service_group`
- Default: `"factorio"`
- Comments:
- The group the service user should be a member of. - -- Variable: `service_root`
- Default: `"/home/{{ service_user }}"`
- Comments:
- The directory in which to store the contents of the factorio zip file - downloaded from the server. This will result in the factorio resources being - stored at `{{ service_root }}/factorio/`. - -- Variab: `service_port`
- Default: `34197`
- Comments:
- The port to host the service on. This default is the factorio default value. - -- Variable: `service_restart_permitted`
- Default: `true`
- Comments:
- Setting this to `false` will prevent the service from being restarted if - changes were applied. This allows settings to be applied in preparation for - the next service restart without immediately causing service interruption. - -- Variable: `factorio_default_save`
- Default: `"{{ service_root }}/factorio/saves/default-save.zip"`
- Comments:
- The default save file used by the server. - -- Variable: `factorio_target_save`
- Default: `"{{ factorio_default_save }}"`
- Comments:
- The save file to be run by the server. This distinction is provided to - facilitate switching between multiple save files. - -### Factorio Configurations - -Settings for various config files can be set in dictionaries loosely named after -the file. Each dictionary starts with `factorio_` followed by the filename -(excluding the filetype extension) where hyphens ( - ) are replaced by -underscores ( _ ). For example, the `server-settings.json` file is associated -with the dictionary variable `factorio_server_settings`. - -The `default/` folder contains serveral files showing example dictionaries -representing the values provided by the Factorio servers various examples JSON -files. - -The following is a list of config files that have been implemented: - -- Filename: `server-settings.json`
- Variable: `factorio_server_settings`
- Example: - ``` - factorio_server_settings: - name: "My Public Server" - max_players: 10 - game_password: "mypassword" - visibility: - public: true - lan: true - ``` - -- Filename: `server-whitelist.json`
- Variable: `factorio_server_whitelist`
- Example: - ``` - factorio_server_whitelist: - - Oxyd - ``` - -- Filename: `map-settings.json`
- Variable: `factorio_map_settings`
- Example: - ``` - factorio_map_settings: - pollution: - enabled: false - ``` - -- Filename: `map-gen-settings.json`
- Variable: `factorio_map_gen_settings`
- Example: - ``` - factorio_map_gen_settings: - water: "high" - autoplace_controles: - coal: - size: "very-low" - ``` - -## Example Playbooks - -An out of the box example might look as follows: - -``` ---- -- name: Create a default factorio server - hosts: localhost - roles: - - role: bplower.factorio -``` - -An example with a non-default port, and customized name: -``` ---- -- name: My slightly changed factorio server - hosts: localhost - roles: - - role: bplower.factorio - service_port: 12345 - factorio_server_settings: - name: "My factorio server" -``` - -An example of multiple servers on a single host: -``` ---- -- name: Factorio farm - hosts: localhost - roles: - - role: bplower.factorio - service_port: 50001 - service_name: factorio_1 - service_root: /home/{{ service_user }}/{{ service_name }} - - role: bplower.factorio - service_port: 50002 - service_name: factorio_2 - service_root: /home/{{ service_user }}/{{ service_name }} -``` - -## License - -GNU GPLv3 - -# Development & Contributions - -I don't use this project regularly anymore, but I try to keep it up to date when -possible. If you have any issues or questions about it, I encourage you to open -a PR or issue. - -## Testing - -This role uses yamllint for yaml validation, and molecule + docker for testing. -Both tools can be installed using the `dev-requirements.txt` file. You will need -to install docker separately. - -``` -pip install -r dev-requirements.txt` -``` - -Grouping all supported platforms together caused issues for CI, so the test are -split into 3 scenarios based on the platforms being tested. - -The makefile can be used to start each of the tests, and supports a helpmenu with -descriptions for each target: - -``` -$ make help - -Usage: - make - -Targets: - help Display this help - lint Lint yaml files - test_all Run all molecule tests - test_centos Run molecule centos tests - test_debian Run molecule debian tests - test_ubuntu Run molecule ubuntu tests -``` diff --git a/roles/factorio/defaults/main.yml b/roles/factorio/defaults/main.yml deleted file mode 100644 index 1941601..0000000 --- a/roles/factorio/defaults/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# defaults file for factorio -server_version: "0.17.79" -server_sources: "/opt/games/sources/factorio" -download_url: "https://www.factorio.com/get-download/{{ server_version }}/headless/linux64" -download_checksum: "sha256:9ace12fa986df028dc1851bf4de2cb038044d743e98823bc1c48ba21aa4d23df" - -# Configs for the service running the server -service_name: "factorio-server" -service_user: "factorio" -service_group: "factorio" -service_root: "/home/{{ service_user }}" -service_port: 34197 -service_restart_permitted: true -factorio_default_save: "{{ service_root }}/factorio/saves/default-save.zip" -factorio_target_save: "{{ factorio_default_save }}" - -# Configs for the factorio server. These examples were copied from -# server-settings.example.json and are saved in server-settings.json -factorio_server_settings: {} - -# Do not define server settings in this dictionary. This dictionary allows you -# to overwrite a single setting without requiring you to provide other defaults. -# See the documentation for more information. -default_factorio_server_settings: - name: "Name of the game as it will appear in the game listing" - description: "Description of the game that will appear in the listing" - visibility: - public: false - lan: true - -# server-whitelist.json settings -factorio_server_whitelist_enabled: false -# factorio_server_whitelist: [] - -# map-gen-settings.json settings -factorio_map_gen_settings_enabled: false -# factorio_map_gen_settings: {} - -# map-settings.json settings -factorio_map_settings_enabled: false -# factorio_map_settings: {} - -ansible_name_prefix: "({{ service_name }})" diff --git a/roles/factorio/defaults/map-gen-settings.yml b/roles/factorio/defaults/map-gen-settings.yml deleted file mode 100644 index 23a69ee..0000000 --- a/roles/factorio/defaults/map-gen-settings.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# Settings for the map-gen-settings.json file -# Right now this is just an example of the default values as shown in the -# map-gen-settings.example.json file that's provided with the factorio server - -factorio_map_gen_settings: - # Sizes can be specified as none, very-low, low, normal, high, very-high - terrain_segmentation: "normal" - water: "normal" - width: 0 - height: 0 - starting_area: "normal" - peaceful_mode: false - autoplace_controls: - coal: - frequency: "normal" - size: "normal" - richness: "normal" - copper-ore: - frequency: "normal" - size: "normal" - richness: "normal" - crude-oil: - frequency: "normal" - size: "normal" - richness: "normal" - enemy-base: - frequency: "normal" - size: "normal" - richness: "normal" - iron-ore: - frequency: "normal" - size: "normal" - richness: "normal" - stone: - frequency: "normal" - size: "normal" - richness: "normal" - # Use null for a random seed, number for a specific seed. - seed: null diff --git a/roles/factorio/defaults/map-settings.yml b/roles/factorio/defaults/map-settings.yml deleted file mode 100644 index f3450da..0000000 --- a/roles/factorio/defaults/map-settings.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# Settings for the map-settings.json file -# Right now this is just an example of the default values as shown in the -# map-settings.example.json file that's provided with the factorio server - -factorio_map_settings: - difficulty_settings: - recipe_difficulty: 1 - technology_difficulty: 1 - technology_price_multiplier: 1 - pollution: - enabled: true - # these are values for 60 ticks (1 simulated second) amount that is - # diffused to neighboring chunk - diffusion_ratio: 0.02 - min_to_diffuse: 15 - ageing: 1 - expected_max_per_chunk: 7000 - min_to_show_per_chunk: 700 - min_pollution_to_damage_trees: 3500 - pollution_with_max_forest_damage: 10000 - pollution_per_tree_damage: 2000 - pollution_restored_per_tree_damage: 500 - max_pollution_to_restore_trees: 1000 - enemy_evolution: - enabled: true - time_factor: 0.000004 - destroy_factor: 0.002 - pollution_factor: 0.000015 - enemy_expansion: - enabled: true - min_base_spacing: 3 - max_expansion_distance: 7 - friendly_base_influence_radius: 2 - enemy_building_influence_radius: 2 - building_coefficient: 0.1 - other_base_coefficient: 2.0 - neighbouring_chunk_coefficient: 0.5 - neighbouring_base_chunk_coefficient: 0.4 - max_colliding_tiles_coefficient: 0.9 - settler_group_min_size: 5 - settler_group_max_size: 20 - min_expansion_cooldown: 14400 - max_expansion_cooldown: 216000 - unit_group: - min_group_gathering_time: 3600 - max_group_gathering_time: 36000 - max_wait_time_for_late_members: 7200 - max_group_radius: 30.0 - min_group_radius: 5.0 - max_member_speedup_when_behind: 1.4 - max_member_slowdown_when_ahead: 0.6 - max_group_slowdown_factor: 0.3 - max_group_member_fallback_factor: 3 - member_disown_distance: 10 - tick_tolerance_when_member_arrives: 60 - max_gathering_unit_groups: 30 - max_unit_group_size: 200 - steering: - default: - radius: 1.2 - separation_force: 0.005 - separation_factor: 1.2 - force_unit_fuzzy_goto_behavior: false - moving: - radius: 3 - separation_force: 0.01 - separation_factor: 3 - force_unit_fuzzy_goto_behavior: false - path_finder: - fwd2bwd_ratio: 5 - goal_pressure_ratio: 2 - max_steps_worked_per_tick: 100 - use_path_cache: true - short_cache_size: 5 - long_cache_size: 25 - short_cache_min_cacheable_distance: 10 - short_cache_min_algo_steps_to_cache: 50 - long_cache_min_cacheable_distance: 30 - cache_max_connect_to_cache_steps_multiplier: 100 - cache_accept_path_start_distance_ratio: 0.2 - cache_accept_path_end_distance_ratio: 0.15 - negative_cache_accept_path_start_distance_ratio: 0.3 - negative_cache_accept_path_end_distance_ratio: 0.3 - cache_path_start_distance_rating_multiplier: 10 - cache_path_end_distance_rating_multiplier: 20 - stale_enemy_with_same_destination_collision_penalty: 30 - ignore_moving_enemy_collision_distance: 5 - enemy_with_different_destination_collision_penalty: 30 - general_entity_collision_penalty: 10 - general_entity_subsequent_collision_penalty: 3 - max_clients_to_accept_any_new_request: 10 - max_clients_to_accept_short_new_request: 100 - direct_distance_to_consider_short_request: 100 - short_request_max_steps: 1000 - short_request_ratio: 0.5 - min_steps_to_check_path_find_termination: 2000 - start_to_goal_cost_multiplier_to_terminate_path_find: 500.0 - max_failed_behavior_count: 3 diff --git a/roles/factorio/defaults/server-settings.yml b/roles/factorio/defaults/server-settings.yml deleted file mode 100644 index c103f2b..0000000 --- a/roles/factorio/defaults/server-settings.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# Settings for the server-settings.json file -# Right now this is just an example of the default values as shown in the -# server-settings.example.json file that's provided with the factorio server - -factorio_server_settings: - name: "Name of the game as it will appear in the game listing" - - description: "Description of the game that will appear in the listing" - - tags: ["game", "tags"] - - # Maximum number of players allowed, admins can join even a full server. - # 0 means unlimited. - max_players: 0 - - # public: Game will be published on the official Factorio matching server - # lan: Game will be broadcast on LAN - visibility: - public: true - lan: true - - # Your factorio.com login credentials. Required for games with visibility - # public - username: "" - password: "" - - # Authentication token. May be used instead of 'password' above. - token: "" - - game_password: "" - - # When set to true, the server will only allow clients that have a valid - # Factorio.com account - require_user_verification: true - - # optional, default value is 0. 0 means unlimited.", - max_upload_in_kilobytes_per_second: 0 - - # optional one tick is 16ms in default speed, default value is 0. 0 means no - # minimum. - minimum_latency_in_ticks: 0 - - # Players that played on this map already can join even when the max player - # limit was reached. - ignore_player_limit_for_returning_players: false - - # possible values are, true, false and admins-only - allow_commands: "admins-only" - - # Autosave interval in minutes - autosave_interval: 10 - - # server autosave slots, it is cycled through when the server autosaves. - autosave_slots: 5 - - # How many minutes until someone is kicked when doing nothing, 0 for never. - afk_autokick_interval: 0 - - # Whether should the server be paused when no players are present. - auto_pause: true - - only_admins_can_pause_the_game: true - - # Whether autosaves should be saved only on server or also on all connected - # clients. Default is true. - autosave_only_on_server: true - - # List of case insensitive usernames, that will be promoted immediately - admins: [] diff --git a/roles/factorio/defaults/server-whitelist.yml b/roles/factorio/defaults/server-whitelist.yml deleted file mode 100644 index 8f50448..0000000 --- a/roles/factorio/defaults/server-whitelist.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# Settings for the server-whitelist.json file -# Right now this is just an example of the default values as shown in the -# server-whitelist.example.json file that's provided with the factorio server - -factorio_server_whitelist: - - Rseding91 - - Oxyd diff --git a/roles/factorio/dev-requirements.txt b/roles/factorio/dev-requirements.txt deleted file mode 100644 index 8e5a6ff..0000000 --- a/roles/factorio/dev-requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -yamllint -molecule[docker] diff --git a/roles/factorio/handlers/main.yml b/roles/factorio/handlers/main.yml deleted file mode 100644 index 0e419b4..0000000 --- a/roles/factorio/handlers/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# handlers file for factorio - -- name: Reload factorio server (daemon_reload) - systemd: - name: "{{ service_name }}" - daemon_reload: yes - -- name: Restart factorio service - systemd: - name: "{{ service_name }}" - state: restarted - when: service_restart_permitted diff --git a/roles/factorio/makefile b/roles/factorio/makefile deleted file mode 100644 index a05bcac..0000000 --- a/roles/factorio/makefile +++ /dev/null @@ -1,21 +0,0 @@ -.DEFAULT_GOAL:=help - -.PHONY: help deps clean build watch - -help: ## Display this help - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n\nTargets:\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-10s\033[0m %s\n", $$1, $$2 }' $(MAKEFILE_LIST) - -lint: ## Lint yaml files - yamllint . - -test_all: ## Run molecule tests - molecule test --all - -test_centos: ## Run molecule centos tests - molecule test --scenario-name centos - -test_debian: ## Run molecule debian tests - molecule test --scenario-name debian - -test_ubuntu: ## Run molecule ubuntu tests - molecule test --scenario-name ubuntu diff --git a/roles/factorio/meta/.galaxy_install_info b/roles/factorio/meta/.galaxy_install_info deleted file mode 100644 index e8ffbb2..0000000 --- a/roles/factorio/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Tue Dec 22 03:10:51 2020 -version: master diff --git a/roles/factorio/meta/main.yml b/roles/factorio/meta/main.yml deleted file mode 100644 index 5e3baf3..0000000 --- a/roles/factorio/meta/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -galaxy_info: - author: Brahm Lower - description: A role for creating Factorio servers - license: license (GPLv3) - min_ansible_version: 2.0 - platforms: - - name: EL - versions: - - 8 - - name: Ubuntu - versions: - - bionic - - focal - - name: Debian - version: - - stretch - - buster - galaxy_tags: - - factorio -dependencies: [] diff --git a/roles/factorio/molecule/centos/INSTALL.rst b/roles/factorio/molecule/centos/INSTALL.rst deleted file mode 100644 index d926ca2..0000000 --- a/roles/factorio/molecule/centos/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ python3 -m pip install 'molecule[docker]' diff --git a/roles/factorio/molecule/centos/converge.yml b/roles/factorio/molecule/centos/converge.yml deleted file mode 100644 index 7a8a67d..0000000 --- a/roles/factorio/molecule/centos/converge.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Converge - hosts: all - tasks: - - name: "Include ansible-factorio" - include_role: - name: "ansible-factorio" - vars: - service_name: foobar - server_version: 0.17.79 diff --git a/roles/factorio/molecule/centos/molecule.yml b/roles/factorio/molecule/centos/molecule.yml deleted file mode 100644 index 1772a58..0000000 --- a/roles/factorio/molecule/centos/molecule.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance_centos8 - image: jrei/systemd-centos:8 - privileged: true - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro -provisioner: - name: ansible -verifier: - name: ansible diff --git a/roles/factorio/molecule/centos/verify.yml b/roles/factorio/molecule/centos/verify.yml deleted file mode 100644 index a82dd6f..0000000 --- a/roles/factorio/molecule/centos/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Example assertion - assert: - that: true diff --git a/roles/factorio/molecule/debian/INSTALL.rst b/roles/factorio/molecule/debian/INSTALL.rst deleted file mode 100644 index d926ca2..0000000 --- a/roles/factorio/molecule/debian/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ python3 -m pip install 'molecule[docker]' diff --git a/roles/factorio/molecule/debian/converge.yml b/roles/factorio/molecule/debian/converge.yml deleted file mode 100644 index 7a8a67d..0000000 --- a/roles/factorio/molecule/debian/converge.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Converge - hosts: all - tasks: - - name: "Include ansible-factorio" - include_role: - name: "ansible-factorio" - vars: - service_name: foobar - server_version: 0.17.79 diff --git a/roles/factorio/molecule/debian/molecule.yml b/roles/factorio/molecule/debian/molecule.yml deleted file mode 100644 index dbb8425..0000000 --- a/roles/factorio/molecule/debian/molecule.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance_debian9 - image: jrei/systemd-debian:9 - privileged: true - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: instance_debian10 - image: jrei/systemd-debian:10 - privileged: true - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro -provisioner: - name: ansible -verifier: - name: ansible diff --git a/roles/factorio/molecule/debian/verify.yml b/roles/factorio/molecule/debian/verify.yml deleted file mode 100644 index a82dd6f..0000000 --- a/roles/factorio/molecule/debian/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Example assertion - assert: - that: true diff --git a/roles/factorio/molecule/ubuntu/INSTALL.rst b/roles/factorio/molecule/ubuntu/INSTALL.rst deleted file mode 100644 index d926ca2..0000000 --- a/roles/factorio/molecule/ubuntu/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ python3 -m pip install 'molecule[docker]' diff --git a/roles/factorio/molecule/ubuntu/converge.yml b/roles/factorio/molecule/ubuntu/converge.yml deleted file mode 100644 index 7a8a67d..0000000 --- a/roles/factorio/molecule/ubuntu/converge.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Converge - hosts: all - tasks: - - name: "Include ansible-factorio" - include_role: - name: "ansible-factorio" - vars: - service_name: foobar - server_version: 0.17.79 diff --git a/roles/factorio/molecule/ubuntu/molecule.yml b/roles/factorio/molecule/ubuntu/molecule.yml deleted file mode 100644 index 7cf561a..0000000 --- a/roles/factorio/molecule/ubuntu/molecule.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance_ubuntu1804 - image: jrei/systemd-ubuntu:18.04 - privileged: true - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: instance_ubuntu2004 - image: jrei/systemd-ubuntu:20.04 - privileged: true - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro -provisioner: - name: ansible -verifier: - name: ansible diff --git a/roles/factorio/molecule/ubuntu/verify.yml b/roles/factorio/molecule/ubuntu/verify.yml deleted file mode 100644 index a82dd6f..0000000 --- a/roles/factorio/molecule/ubuntu/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Example assertion - assert: - that: true diff --git a/roles/factorio/tasks/main.yml b/roles/factorio/tasks/main.yml deleted file mode 100644 index d3fc655..0000000 --- a/roles/factorio/tasks/main.yml +++ /dev/null @@ -1,90 +0,0 @@ ---- -# tasks file for factorio -# Create the user and group to run the factorio server -- name: "{{ ansible_name_prefix }} Create OS group for factorio" - group: - name: "{{ service_group }}" - state: present - -- name: "{{ ansible_name_prefix }} Create OS user for factorio" - user: - name: "{{ service_user }}" - state: present - group: "{{ service_group }}" - -# Download the factorio server version if needed -- name: "{{ ansible_name_prefix }} Make factorio bin source folder" - file: - path: "{{ server_sources }}" - state: directory - mode: u+rwx - -- name: "{{ ansible_name_prefix }} Download factorio headless server from {{ download_url }}" - get_url: - url: "{{ download_url }}" - dest: "{{ server_sources }}/factorio-{{ server_version }}.tar.gz" - checksum: "{{ download_checksum }}" - retries: 3 - delay: 5 - -# Copy the factorio version to the production location -- name: "{{ ansible_name_prefix }} Make factorio bin source folder" - file: - path: "{{ service_root }}" - state: directory - mode: u+rwx - -- name: "{{ ansible_name_prefix }} Extract Factorio headless server to {{ server_sources }}" - unarchive: - src: "{{ server_sources }}/factorio-{{ server_version }}.tar.gz" - copy: no - dest: "{{ service_root }}" - creates: "{{ service_root }}/factorio" - -- name: "{{ ansible_name_prefix }} Make sure game save directory exists" - file: - path: "{{ service_root }}/factorio/saves" - state: directory - mode: u+rwx - -# Create the various settings files -- name: "{{ ansible_name_prefix }} Set server settings" - include: set-server-settings.yml - -- name: "{{ ansible_name_prefix }} Set server whitelist" - include: set-server-whitelist.yml - -- name: "{{ ansible_name_prefix }} Set map gen settings" - include: set-map-gen-settings.yml - -- name: "{{ ansible_name_prefix }} Set map settings" - include: set-map-settings.yml - -# Create the save if one doesn't already exist -- name: "{{ ansible_name_prefix }} Create default save file" - command: "{{ service_root }}/factorio/bin/x64/factorio --create {{ factorio_target_save }}" - args: - creates: "{{ factorio_target_save }}" - -# Set the permissions so only the user has access -- name: "{{ ansible_name_prefix }} Make {{ service_root }} owned by {{ service_user }}" - file: - path: "{{ service_root }}" - state: directory - owner: "{{ service_user }}" - group: "{{ service_group }}" - recurse: yes - -# Create the service -- name: "{{ ansible_name_prefix }} Create service file" - template: - src: service-template.service.j2 - dest: /etc/systemd/system/{{ service_name }}.service - mode: "u=rwx,g=r,o=r" - vars: - bin: "{{ service_root }}/factorio/bin/x64/factorio" - save: "{{ factorio_target_save }}" - description: "Factorio {{ server_version }} {{ service_name }}" - notify: - - Reload factorio server (daemon_reload) - - Restart factorio service diff --git a/roles/factorio/tasks/set-map-gen-settings.yml b/roles/factorio/tasks/set-map-gen-settings.yml deleted file mode 100644 index dca8913..0000000 --- a/roles/factorio/tasks/set-map-gen-settings.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Set the content of map-gen-settings.json - -- name: ({{ service_name }}) Create map-gen-settings.json file - copy: - content: "{{ factorio_map_gen_settings | to_json }}" - dest: "{{ service_root }}/factorio/data/map-gen-settings.json" - when: factorio_map_gen_settings_enabled - notify: - - Restart factorio service - -- name: ({{ service_name }}) Remove map-gen-settings.json file - file: - path: "{{ service_root }}/factorio/data/map-gen-settings.json" - state: absent - when: not factorio_map_gen_settings_enabled - notify: - - Restart factorio service diff --git a/roles/factorio/tasks/set-map-settings.yml b/roles/factorio/tasks/set-map-settings.yml deleted file mode 100644 index debaa19..0000000 --- a/roles/factorio/tasks/set-map-settings.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Set the content of map-settings.json - -- name: ({{ service_name }}) Create map-settings.json file - copy: - content: "{{ factorio_map_settings | to_json }}" - dest: "{{ service_root }}/factorio/data/map-settings.json" - when: factorio_map_settings_enabled - notify: - - Restart factorio service - -- name: ({{ service_name }}) Remove map-settings.json file - file: - path: "{{ service_root }}/factorio/data/map-settings.json" - state: absent - when: not factorio_map_settings_enabled - notify: - - Restart factorio service diff --git a/roles/factorio/tasks/set-server-settings.yml b/roles/factorio/tasks/set-server-settings.yml deleted file mode 100644 index b2c4c99..0000000 --- a/roles/factorio/tasks/set-server-settings.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Set the content of server-settings.json - -# Two tasks are used here as a somewhat lazy way around `factorio_server_settings` -# being passed to the `combine()` function when it hasn't been defined by the -# user. The default definition for it in defaults/main.py is an empty dict -# which for some reason results in being interpreted as undefined. - -# Open a pull request if you know a better way - -- name: ({{ service_name }}) Create server-settings.json file (overwriting defaults) - copy: - content: "{{ default_factorio_server_settings|combine(factorio_server_settings) | to_json }}" - dest: "{{ service_root }}/factorio/data/server-settings.json" - when: factorio_server_settings - notify: - - Restart factorio service - -- name: ({{ service_name }}) Create server-settings.json file (using defaults) - copy: - content: "{{ default_factorio_server_settings | to_json }}" - dest: "{{ service_root }}/factorio/data/server-settings.json" - when: not factorio_server_settings - notify: - - Restart factorio service diff --git a/roles/factorio/tasks/set-server-whitelist.yml b/roles/factorio/tasks/set-server-whitelist.yml deleted file mode 100644 index c3b6f01..0000000 --- a/roles/factorio/tasks/set-server-whitelist.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Set the content of server-whitelist.json - -- name: ({{ service_name }}) Create server-whitelist.json file - copy: - content: "{{ factorio_server_whitelist | to_json }}" - dest: "{{ service_root }}/factorio/data/server-whitelist.json" - when: factorio_server_whitelist_enabled - notify: - - Restart factorio service - -- name: ({{ service_name }}) Remove server-whitelist.json file - file: - path: "{{ service_root }}/factorio/data/server-whitelist.json" - state: absent - when: not factorio_server_whitelist_enabled - notify: - - Restart factorio service diff --git a/roles/factorio/templates/service-template.service.j2 b/roles/factorio/templates/service-template.service.j2 deleted file mode 100644 index 50c2597..0000000 --- a/roles/factorio/templates/service-template.service.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description={{ description }} - -[Service] -ExecStart={{ bin }} --start-server {{ save }} --port {{ service_port }} --server-settings {{ service_root }}/factorio/data/server-settings.json -User={{ service_user }} -Group={{ service_group }} - -[Install] -WantedBy=multi-user.target diff --git a/roles/factorio/vars/main.yml b/roles/factorio/vars/main.yml deleted file mode 100644 index c8b378b..0000000 --- a/roles/factorio/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for factorio diff --git a/roles/gitea/.ansible-lint b/roles/gitea/.ansible-lint deleted file mode 100644 index a48e52d..0000000 --- a/roles/gitea/.ansible-lint +++ /dev/null @@ -1,9 +0,0 @@ -use_default_rules: true - -exclude_paths: - - venv/ - - molecule/default/ - - tests/ - -#skip_list: -# - '301' diff --git a/roles/gitea/.gitignore b/roles/gitea/.gitignore deleted file mode 100644 index 64b554e..0000000 --- a/roles/gitea/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -*.pyc - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ diff --git a/roles/gitea/.travis.yml b/roles/gitea/.travis.yml deleted file mode 100644 index 524837b..0000000 --- a/roles/gitea/.travis.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -language: python -python: - - "3.7" - -env: - matrix: - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: ubuntu1604 - - MOLECULE_DISTRO: debian10 - - MOLECULE_DISTRO: debian9 - - MOLECULE_DISTRO: fedora31 - -services: - - docker - -install: - - python -m pip -q install -r requirements-travis.txt - -script: - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/gitea/.yamllint b/roles/gitea/.yamllint deleted file mode 100644 index 16fff78..0000000 --- a/roles/gitea/.yamllint +++ /dev/null @@ -1,12 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 100 - level: warning - -ignore: | - /venv/ - /env/ - /molecule/ diff --git a/roles/gitea/LICENSE b/roles/gitea/LICENSE deleted file mode 100644 index 195ba20..0000000 --- a/roles/gitea/LICENSE +++ /dev/null @@ -1,11 +0,0 @@ -Copyright 2019-present Thomas Maurice - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/roles/gitea/README.md b/roles/gitea/README.md deleted file mode 100644 index 46c2378..0000000 --- a/roles/gitea/README.md +++ /dev/null @@ -1,190 +0,0 @@ -# Ansible role gitea - Install a gitea server -[![Build Status](https://travis-ci.org/thomas-maurice/ansible-role-gitea.svg?branch=master)](https://travis-ci.org/thomas-maurice/ansible-role-gitea) -![Ansible Role](https://img.shields.io/ansible/role/38779) -![Ansible Role](https://img.shields.io/ansible/role/d/38779) -![Ansible Quality Score](https://img.shields.io/ansible/quality/38779) - -This role installs and manages a [gitea](https://gitea.io) server - -[Source code & screenshots](https://github.com/go-gitea/gitea). - -Gitea is a Golang Git repository webapp, having the same look and feel as GitHub. - -## Sample example of use in a playbook - -The following code has been tested with Debian 8, it should work on Ubuntu as well. - -```yaml -- name: "Install gitea" - hosts: all - vars: - gitea_user: "gitea" - gitea_home: "/var/lib/gitea" - # To limit your users to 30 repos - gitea_user_repo_limit: 30 - # Don't use a public CDN for frontend assets - gitea_offline_mode: true - - # Some 'rendering' options for your URLs - gitea_http_domain: git.yourdomain.fr - gitea_root_url: https://git.yourdomain.fr - - # Here we assume we are behind a reverse proxy that will - # handle https for us, so we bind on localhost:3000 using HTTP - gitea_protocol: http - gitea_http_listen: 127.0.0.1 - gitea_http_port: 3000 - - # SSH server configuration - gitea_ssh_listen: 0.0.0.0 - gitea_ssh_port: 2222 - # For URLs rendering again - gitea_ssh_domain: git.yourdomain.fr - gitea_start_ssh: true - - gitea_secret_key: 3sp00ky5me - gitea_disable_gravatar: true - # To make at least your first user register - gitea_disable_registration: false - gitea_require_signin: true - gitea_enable_captcha: true - - gitea_show_user_email: false - roles: - - gitea -``` - -## More detailed options -### General - -* `gitea_version_check`: Check if installed version != `gitea_version` before initiating binary download -* `gitea_user`: UNIX user used by Gitea -* `gitea_home`: Base directory to work -* `gitea_dl_url`: The URL, the compiled gitea-binary will be downloaded from -* `gitea_systemd_cap_net_bind_service`: Adds `AmbientCapabilities=CAP_NET_BIND_SERVICE` to systemd service file - -### Look and feel - -* `gitea_app_name`: Displayed application name -* `gitea_show_user_email`: Do you want to display email addresses ? (true/false) -* `gitea_disable_gravatar`: Do you want to disable Gravatar ? (privacy and so on) (true/false) -* `gitea_offline_mode`: Same but for disabling CDNs for frontend assets (true/false) -* `gitea_disable_registration`: Do you want to disable user registration ? (true/false) -* `gitea_only_allow_external_registration`: Do you want to force registration only using third-party services ? (true/false) -* `gitea_show_registration_button`: Do you want to show the registration button? (true/false) -* `gitea_require_signin`: Do you require a signin to see repo's (even public ones) ? (true/false) -* `gitea_enable_captcha`: Do you want to enable captcha's ? (true/false) -* `gitea_secret_key`: Cookie secret key -* `gitea_internal_token`: Internal API token -* `gitea_themes`: List of enabled themes -* `gitea_theme_default`: Default theme - -### Limits - -* `gitea_user_repo_limit`: Limit how many repos a user can have (-1 for unlimited) - -### HTTP configuration - -* `gitea_http_domain`: HTTP domain (displayed in your clone URLs, just the domain like git.foo.fr) -* `gitea_root_url`: Root URL used to access your web app (full URL) -* `gitea_protocol`: Listening protocol (http/https) -* `gitea_http_listen`: Bind address -* `gitea_http_port`: Bind port -* `gitea_disable_http_git`: Disable the use of Git over HTTP ? (true/false) - -### SSH configuration - -* `gitea_ssh_listen`: Bind address for the SSH server -* `gitea_ssh_domain`: SSH domain (displayed in your clone URLs) -* `gitea_start_ssh`: Do you want to start a built-in SSH server ? (true/false) -* `gitea_ssh_port`: SSH bind port - -### Database configuration - -* `gitea_db_type`: Database type, can be `mysql`, `postgres` or `sqlite3` -* `gitea_db_host`: Database host string `host:port` or `/run/postgresql/` when connectiong to postgres via local unix socket (peer authentication) -* `gitea_db_name`: Database name -* `gitea_db_user`: Database username -* `gitea_db_password`: Database password -* `gitea_db_ssl`: Use SSL ? (postgres only!). Can be `required`, `disable`, `verify-full` -* `gitea_db_path`: DB path, if you use `sqlite3`. The default is good enough to work though. - -### Mailer configuration - -* `gitea_mailer_enabled`: Whether to enable the mailer. Default: `false` -* `gitea_mailer_skip_verify`: Skip SMTP TLS certificate verification (true/false) -* `gitea_mailer_tls_enabled`: Enable TLS for SMTP connections (true/false) -* `gitea_mailer_host`: SMTP server hostname and port -* `gitea_mailer_user`: SMTP server username -* `gitea_mailer_password`: SMTP server password -* `gitea_mailer_from`: Sender mail address -* `gitea_enable_notify_mail`: Whether e-mail should be send to watchers of a repository when something happens. Default: `false` - -### Fail2Ban configuration - -If enabled, this will deploy a fail2ban filter and jail config for Gitea as described in the [Gitea Documentation](https://docs.gitea.io/en-us/fail2ban-setup/). - -As this will only deploy config files, fail2ban already has to be installed or otherwise the role will fail. - -* `gitea_fail2ban_enabled`: Whether to deploy the fail2ban config or not -* `gitea_fail2ban_jail_maxretry`: fail2ban jail `maxretry` setting. Default: `10` -* `gitea_fail2ban_jail_findtime`: fail2ban jail `findtime` setting. Default: `3600` -* `gitea_fail2ban_jail_bantime`: fail2ban jail `bantime` setting. Default: `900` -* `gitea_fail2ban_jail_action`: fail2ban jail `action` setting. Default: `iptables-allports` - -### Oauth2 provider configuration - -* `gitea_oauth2_enabled`: Enable the Oauth2 provider (true/false) -* `gitea_oauth2_jwt_secret`: JWT secret, cannot be longer than 32 characters - - -### Metrics endpoint configuration - -* `gitea_metrics_enabled`: Enable the metrics endpoint -* `gitea_metrics_token`: Bearer token for the Prometheus scrape job - -### Repository Indexer configuration - -* `gitea_repo_indexer_enabled`: Whether to enable the repository indexer (code search). Default: `false` -* `gitea_repo_indexer_include`: Glob patterns to include in the index (comma-separated list). Default: `""` (all files) -* `gitea_repo_indexer_exclude`: Glob patterns to exclude from the index (comma-separated list). Default: `""` (no files) -* `gitea_repo_exclude_vendored`: Exclude vendored files from the index. Default: `true` -* `gitea_repo_indexer_max_file_size`: Maximum size of files to be indexed (in bytes). Default: `1048576` (1 MB) - -## Contributing -Don't hesitate to create a pull request, and when in doubt you can reach me on -Twitter [@thomas_maurice](https://twitter.com/thomas_maurice). - -I'm happy to fix any issue that's been opened, or even better, review your pull requests :) - -## Testing -Testing uses [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html). To start the -tests, install the dependencies first. I would recommend you use [a virtual env](https://virtualenv.pypa.io/en/latest/) for that but who am I to tell you what to do. - -``` -pip install pew # install pew to manage the venvs -pew new ansible # create the venv -pip install -r requirements-travis.txt # install the requirements -molecule test # Run the actual tests -``` - -Note: you need Docker installed - -### Known testing limitations -Currently it's mainly validating that the playbook runs, the lint is ok, and that kind of things. -Since it runs in Docker, we currently have no way to check if the service is actually launched by systemd -and so on. This has to be worked on. - -## License -``` -Copyright 2019-present Thomas Maurice - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - -3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -``` diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml deleted file mode 100644 index 5a90792..0000000 --- a/roles/gitea/defaults/main.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -gitea_version: "1.12.4" -gitea_version_check: true -gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" - -gitea_app_name: "Gitea" -gitea_user: "gitea" -gitea_home: "/var/lib/gitea" -gitea_shell: "/bin/false" -gitea_systemd_cap_net_bind_service: false - -gitea_repository_root: "{{ gitea_home }}" -gitea_user_repo_limit: -1 - -gitea_http_domain: localhost -gitea_root_url: http://localhost:3000 -gitea_protocol: http -gitea_http_listen: 127.0.0.1 -gitea_http_port: 3000 -gitea_disable_http_git: false -gitea_offline_mode: true - -gitea_lfs_server_enabled: false -gitea_lfs_content_path: "data/lfs" - -gitea_db_type: sqlite3 -gitea_db_host: 127.0.0.0:3306 -gitea_db_name: root -gitea_db_user: gitea -gitea_db_password: lel -gitea_db_ssl: disable -gitea_db_path: "{{ gitea_home }}/data/gitea.db" - -gitea_ssh_listen: 0.0.0.0 -gitea_ssh_domain: localhost -gitea_start_ssh: true -gitea_ssh_port: 2222 - -gitea_secret_key: T0pS3cr31 -gitea_internal_token: SomethingVeryLong - -gitea_show_user_email: false -gitea_disable_gravatar: true -gitea_disable_registration: false -gitea_show_registration_button: true -gitea_require_signin: true -gitea_enable_captcha: true -gitea_only_allow_external_registration: false -gitea_enable_notify_mail: false - -gitea_force_private: false - -gitea_mailer_enabled: false -gitea_mailer_skip_verify: false -gitea_mailer_tls_enabled: true -gitea_mailer_host: localhost:25 -gitea_mailer_from: noreply@your.domain -gitea_mailer_user: "" -gitea_mailer_password: "" -gitea_mailer_type: smtp - -gitea_fail2ban_enabled: false -gitea_fail2ban_jail_maxretry: 10 -gitea_fail2ban_jail_findtime: 3600 -gitea_fail2ban_jail_bantime: 900 -gitea_fail2ban_jail_action: iptables-allports - -gitea_oauth2_enabled: true -gitea_oauth2_jwt_secret: ChangeMe - -gitea_metrics_enabled: false -gitea_metrics_token: ~ - -gitea_themes: gitea,arc-green -gitea_theme_default: gitea - -gitea_repo_indexer_enabled: false -gitea_repo_indexer_include: "" -gitea_repo_indexer_exclude: "" -gitea_repo_exclude_vendored: true -gitea_repo_indexer_max_file_size: 1048576 diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml deleted file mode 100644 index eade7a3..0000000 --- a/roles/gitea/handlers/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: "Restart gitea" - service: - name: gitea - state: restarted - when: ansible_service_mgr == "systemd" - -- name: "Reload systemd" - systemd: - daemon_reload: true - when: ansible_service_mgr == "systemd" - -- name: "Restart fail2ban" - service: - name: fail2ban - state: restarted - when: ansible_service_mgr == "systemd" diff --git a/roles/gitea/meta/.galaxy_install_info b/roles/gitea/meta/.galaxy_install_info deleted file mode 100644 index c1b36ab..0000000 --- a/roles/gitea/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Thu Oct 29 10:23:07 2020 -version: master diff --git a/roles/gitea/meta/main.yml b/roles/gitea/meta/main.yml deleted file mode 100644 index 27b7884..0000000 --- a/roles/gitea/meta/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -galaxy_info: - author: Thomas Maurice - description: Ansible Role - Gitea - min_ansible_version: 2.7.9 - license: BSD-3-Clause - galaxy_tags: - - git - - gitea - - system - - development - - sourcecontrol - - selfhosted - - gitserver - - gogs - platforms: - - name: Debian - versions: - - jessie - - stretch - - name: EL - versions: - - 7 - - name: Ubuntu - versions: - - xenial - - bionic diff --git a/roles/gitea/molecule/default/converge.yml b/roles/gitea/molecule/default/converge.yml deleted file mode 100644 index 828005f..0000000 --- a/roles/gitea/molecule/default/converge.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - roles: - - ansible-role-gitea - vars: - gitea_http_domain: localhost - gitea_root_url: http://localhost diff --git a/roles/gitea/molecule/default/molecule.yml b/roles/gitea/molecule/default/molecule.yml deleted file mode 100644 index c72fc04..0000000 --- a/roles/gitea/molecule/default/molecule.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: | - set -e - yamllint . - ansible-lint - -platforms: - - name: instance - image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1804}-ansible:latest - pre_build_image: true - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - - -provisioner: - name: ansible - playbooks: - prepare: prepare.yml - converge: converge.yml - -scenario: - test_sequence: - - lint - - destroy - - syntax - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra - lint: - name: flake8 diff --git a/roles/gitea/molecule/default/prepare.yml b/roles/gitea/molecule/default/prepare.yml deleted file mode 100644 index 54efeee..0000000 --- a/roles/gitea/molecule/default/prepare.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Perpare - hosts: all - become: true - tasks: - - name: install dependencies for gitea (RedHat based systems) - yum: - name: "{{ packages }}" - state: present - update_cache: true - when: ansible_os_family == "RedHat" - - name: install dependencies for gitea (Debian based systems) - apt: - name: "{{ packages }}" - state: present - update_cache: true - when: ansible_os_family == "Debian" - - vars: - packages: - - git - - curl diff --git a/roles/gitea/molecule/default/tests/test_default.py b/roles/gitea/molecule/default/tests/test_default.py deleted file mode 100644 index bc93aa1..0000000 --- a/roles/gitea/molecule/default/tests/test_default.py +++ /dev/null @@ -1,25 +0,0 @@ -import os -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_gitea_binary(host): - gitea_bin = host.file('/usr/local/bin/gitea') - assert gitea_bin.exists - assert gitea_bin.user == 'root' - assert gitea_bin.group == 'root' - -def test_gitea_config_file(host): - gitea_config = host.file('/etc/gitea/gitea.ini') - assert gitea_config.exists - assert gitea_config.mode == 0o600 - -def test_gitea_service_running(host): - gitea = host.service('gitea') - assert gitea.is_running - -def test_gitea_reachable(host): - gitea_http = host.run('curl http://localhost:3000') - assert gitea_http.rc == 0 diff --git a/roles/gitea/requirements-travis.txt b/roles/gitea/requirements-travis.txt deleted file mode 100644 index c44cb42..0000000 --- a/roles/gitea/requirements-travis.txt +++ /dev/null @@ -1,69 +0,0 @@ -ansible==2.9.6 -ansible-lint==4.2.0 -anyconfig==0.9.7 -arrow==0.15.5 -asn1crypto==0.24.0 -atomicwrites==1.3.0 -attrs==19.1.0 -autopep8==1.5.1 -bcrypt==3.1.7 -binaryornot==0.4.4 -Cerberus==1.3.2 -certifi==2020.4.5.1 -cffi==1.14.0 -chardet==3.0.4 -click==7.1.1 -click-completion==0.5.2 -click-help-colors==0.8 -colorama==0.4.3 -cookiecutter==1.7.0 -cryptography==2.9 -docker==4.2.0 -docker-pycreds==0.4.0 -entrypoints==0.3 -fasteners==0.15 -flake8==3.7.7 -future==0.18.2 -git-url-parse==1.2.1 -idna==2.9 -importlib-metadata==1.6.0 -Jinja2==2.11.2 -jinja2-time==0.2.0 -MarkupSafe==1.1.1 -mccabe==0.6.1 -molecule==3.0.3 -monotonic==1.5 -more-itertools==6.0.0 -paramiko==2.7.1 -pathspec==0.8.0 -pbr==5.1.1 -pexpect==4.8.0 -pi==0.1.2 -pluggy==0.13.1 -poyo==0.5.0 -psutil==5.6.6 -ptyprocess==0.6.0 -py==1.8.0 -pyasn1==0.4.5 -pycodestyle==2.5.0 -pycparser==2.20 -pyflakes==2.1.1 -PyNaCl==1.3.0 -pytest==4.3.1 -python-dateutil==2.8.1 -python-gilt==1.2.3 -PyYAML==5.3.1 -requests==2.23.0 -ruamel.yaml==0.16.10 -ruamel.yaml.clib==0.2.0 -sh==1.12.14 -shellingham==1.3.2 -six==1.14.0 -tabulate==0.8.7 -testinfra==5.0.0 -tree-format==0.1.2 -urllib3==1.25.8 -websocket-client==0.57.0 -whichcraft==0.6.1 -yamllint==1.22.1 -zipp==3.1.0 diff --git a/roles/gitea/tasks/check-variables.yml b/roles/gitea/tasks/check-variables.yml deleted file mode 100644 index e343bfe..0000000 --- a/roles/gitea/tasks/check-variables.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: run checks to ensure set variables do not crash gitea - block: - - name: "check token length" - fail: - msg: 'gitea_oauth2_jwt_secret cannot be longer than 32 characters.' - when: gitea_oauth2_jwt_secret | length > 32 diff --git a/roles/gitea/tasks/create_user.yml b/roles/gitea/tasks/create_user.yml deleted file mode 100644 index 306c2d6..0000000 --- a/roles/gitea/tasks/create_user.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: "Create Gitea user" - user: - name: "{{ gitea_user }}" - comment: "Gitea user" - home: "{{ gitea_home }}" - shell: "{{ gitea_shell }}" diff --git a/roles/gitea/tasks/fail2ban.yml b/roles/gitea/tasks/fail2ban.yml deleted file mode 100644 index 5a9837e..0000000 --- a/roles/gitea/tasks/fail2ban.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Install fail2ban filter - template: - src: fail2ban/filter.conf.j2 - dest: /etc/fail2ban/filter.d/gitea.conf - owner: root - group: root - mode: 0444 - notify: Restart fail2ban - -- name: Install fail2ban jail - template: - src: fail2ban/jail.conf.j2 - dest: /etc/fail2ban/jail.d/gitea.conf - owner: root - group: root - mode: 0444 - notify: Restart fail2ban diff --git a/roles/gitea/tasks/install_systemd.yml b/roles/gitea/tasks/install_systemd.yml deleted file mode 100644 index 6607472..0000000 --- a/roles/gitea/tasks/install_systemd.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: "Setup systemd service" - template: - src: gitea.service.j2 - dest: /lib/systemd/system/gitea.service - owner: root - group: root - mode: 0644 - notify: - - "Reload systemd" - - "Restart gitea" - -# systemd to be reloaded the first time because it is the only way Systemd is going to be aware of the new unit file. -- name: "Reload systemd" - systemd: - daemon_reload: true diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml deleted file mode 100644 index 78e8ed5..0000000 --- a/roles/gitea/tasks/main.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- - -- include: check-variables.yml - -- name: "Check gitea version" - shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3" - args: - executable: /bin/bash - register: gitea_active_version - changed_when: false - failed_when: false - when: gitea_version_check|bool - -- name: "Download the binary" - get_url: - url: "{{ gitea_dl_url }}" - dest: /usr/local/bin/gitea - owner: root - group: root - mode: 0755 - force: true - notify: "Restart gitea" - when: (not gitea_version_check|bool) or (not ansible_check_mode and (gitea_active_version.stdout != gitea_version)) - -- include: create_user.yml - -- name: "Create config and data directory" - file: - path: "{{ item }}" - state: directory - owner: "{{ gitea_user }}" - recurse: True - with_items: - - "/etc/gitea" - - "{{ gitea_home }}" - - "{{ gitea_home }}/data" - - "{{ gitea_home }}/custom" - - "{{ gitea_home }}/custom/https" - - "{{ gitea_home }}/custom/mailer" - - "{{ gitea_home }}/indexers" - - "{{ gitea_home }}/log" - -- include: install_systemd.yml - when: ansible_service_mgr == "systemd" - -- name: 'Install git' - package: - name: 'git' - state: 'present' - -- name: "Configure gitea" - template: - src: gitea.ini.j2 - dest: /etc/gitea/gitea.ini - owner: "{{ gitea_user }}" - mode: 0600 - notify: "Restart gitea" - -- name: "Service gitea" - service: - name: gitea - state: started - enabled: true - when: ansible_service_mgr == "systemd" - -- include: fail2ban.yml - when: gitea_fail2ban_enabled|bool diff --git a/roles/gitea/templates/fail2ban/filter.conf.j2 b/roles/gitea/templates/fail2ban/filter.conf.j2 deleted file mode 100644 index 6fd9eee..0000000 --- a/roles/gitea/templates/fail2ban/filter.conf.j2 +++ /dev/null @@ -1,4 +0,0 @@ -# Managed by Ansible -[Definition] -failregex = .*Failed authentication attempt for .* from -ignoreregex = diff --git a/roles/gitea/templates/fail2ban/jail.conf.j2 b/roles/gitea/templates/fail2ban/jail.conf.j2 deleted file mode 100644 index 92d5fc9..0000000 --- a/roles/gitea/templates/fail2ban/jail.conf.j2 +++ /dev/null @@ -1,9 +0,0 @@ -[gitea] -enabled = true -port = http,https -filter = gitea -logpath = {{ gitea_home }}/log/gitea.log -maxretry = {{ gitea_fail2ban_jail_maxretry }} -findtime = {{ gitea_fail2ban_jail_findtime }} -bantime = {{ gitea_fail2ban_jail_bantime }} -action = {{ gitea_fail2ban_jail_action }} diff --git a/roles/gitea/templates/gitea.ini.j2 b/roles/gitea/templates/gitea.ini.j2 deleted file mode 100644 index f70ec57..0000000 --- a/roles/gitea/templates/gitea.ini.j2 +++ /dev/null @@ -1,195 +0,0 @@ -; this file is the configuration of your local gitea instance -; {{ ansible_managed }} -; -; This file overwrites the default values from gitea. -; undefined variables will use the default value from gitea. -; Cheat Sheet: https://docs.gitea.io/en-us/config-cheat-sheet/ -; -; App name that shows on every page title -APP_NAME = {{ gitea_app_name }} -; Change it if you run locally -RUN_USER = {{ gitea_user }} -; Either "dev", "prod" or "test", default is "dev" -RUN_MODE = prod - -[repository] -ROOT = {{ gitea_repository_root }} -; Force every new repository to be private -FORCE_PRIVATE = {{ gitea_force_private }} -; Global limit of repositories per user, applied at creation time. -1 means no limit -MAX_CREATION_LIMIT = {{ gitea_user_repo_limit }} -; Mirror sync queue length, increase if mirror syncing starts hanging -MIRROR_QUEUE_LENGTH = 1000 -; Disable the ability to interact with repositories using the HTTP protocol -DISABLE_HTTP_GIT = {{ gitea_disable_http_git }} - -[ui] -; Whether the email of the user should be shown in the Explore Users page -SHOW_USER_EMAIL = {{ gitea_show_user_email }} -THEMES = {{ gitea_themes }} -DEFAULT_THEME = {{ gitea_theme_default }} - -[server] -; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. -PROTOCOL = {{ gitea_protocol }} -DOMAIN = {{ gitea_http_domain }} -ROOT_URL = {{ gitea_root_url }} -; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket. -HTTP_ADDR = {{ gitea_http_listen }} -HTTP_PORT = {{ gitea_http_port }} -; Disable SSH feature when not available -DISABLE_SSH = false -; Whether to use the builtin SSH server or not. -START_SSH_SERVER = {{ gitea_start_ssh }} -; Domain name to be exposed in clone URL -SSH_DOMAIN = {{ gitea_ssh_domain }} -; The network interface the builtin SSH server should listen on -SSH_LISTEN_HOST = {{ gitea_ssh_listen }} -; Port number to be exposed in clone URL -SSH_PORT = {{ gitea_ssh_port }} -; The port number the builtin SSH server should listen on -SSH_LISTEN_PORT = %(SSH_PORT)s -; Disable CDN even in "prod" mode -OFFLINE_MODE = {{ gitea_offline_mode }} -; Default path for App data -APP_DATA_PATH = {{ gitea_home }}/data -{%- if gitea_lfs_server_enabled | bool %} -;Enables git-lfs support. -LFS_START_SERVER = true -; Where to store LFS files. -LFS_CONTENT_PATH = {{ gitea_lfs_content_path }} -{%- endif %} - -[database] -; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice -DB_TYPE = {{ gitea_db_type }} -HOST = {{ gitea_db_host }} -NAME = {{ gitea_db_name }} -USER = {{ gitea_db_user }} -; Use PASSWD = `your password` for quoting if you use special characters in the password. -PASSWD = {{ gitea_db_password }} -; For Postgres, either "disable" (default), "require", or "verify-full" -; For MySQL, either "false" (default), "true", or "skip-verify" -SSL_MODE = {{ gitea_db_ssl }} -; For "sqlite3" and "tidb", use an absolute path when you start gitea as service -PATH = {{ gitea_db_path }} - -[indexer] -; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve -ISSUE_INDEXER_PATH = {{ gitea_home }}/indexers/issues.bleve -; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue -ISSUE_INDEXER_QUEUE_TYPE = levelqueue -; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path, -; default is indexers/issues.queue -ISSUE_INDEXER_QUEUE_DIR = {{ gitea_home }}/indexers/issues.queue - -; repo indexer by default disabled, since it uses a lot of disk space -REPO_INDEXER_ENABLED = {{ gitea_repo_indexer_enabled }} -REPO_INDEXER_PATH = {{ gitea_home }}/indexers/repos.bleve -REPO_INDEXER_INCLUDE = {{ gitea_repo_indexer_include }} -REPO_INDEXER_EXCLUDE = {{ gitea_repo_indexer_exclude }} -REPO_INDEXER_EXCLUDE_VENDORED = {{ gitea_repo_exclude_vendored }} -MAX_FILE_SIZE = {{ gitea_repo_indexer_max_file_size }} - -[security] -; Whether the installer is disabled -INSTALL_LOCK = true -; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!! -SECRET_KEY = {{ gitea_secret_key }} -INTERNAL_TOKEN = {{ gitea_internal_token }} -; How long to remember that an user is logged in before requiring relogin (in days) -LOGIN_REMEMBER_DAYS = 7 - -[service] -; Disallow registration, only allow admins to create accounts. -DISABLE_REGISTRATION = {{ gitea_disable_registration }} -; User must sign in to view anything. -REQUIRE_SIGNIN_VIEW = {{ gitea_require_signin }} -; Enable captcha validation for registration -ENABLE_CAPTCHA = {{ gitea_enable_captcha }} -; Type of captcha you want to use. Options: image, recaptcha -CAPTCHA_TYPE = image -; Enable recaptcha to use Google's recaptcha service -; Go to https://www.google.com/recaptcha/admin to sign up for a key -RECAPTCHA_SECRET = -RECAPTCHA_SITEKEY = -; Show Registration button -SHOW_REGISTRATION_BUTTON = {{ gitea_show_registration_button }} -ALLOW_ONLY_EXTERNAL_REGISTRATION = {{ gitea_only_allow_external_registration }} -ENABLE_NOTIFY_MAIL = {{ gitea_enable_notify_mail }} - -[mailer] -ENABLED = {{ gitea_mailer_enabled }} -; Mail server -; Gmail: smtp.gmail.com:587 -; QQ: smtp.qq.com:465 -; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used. -HOST = {{ gitea_mailer_host }} -; Disable HELO operation when hostnames are different. -DISABLE_HELO = -; Custom hostname for HELO operation, if no value is provided, one is retrieved from system. -HELO_HOSTNAME = -; Do not verify the certificate of the server. Only use this for self-signed certificates -SKIP_VERIFY = {{ gitea_mailer_skip_verify }} -; Use client certificate -USE_CERTIFICATE = false -CERT_FILE = {{ gitea_home }}/custom/mailer/cert.pem -KEY_FILE = {{ gitea_home }}/custom/mailer/key.pem -; Should SMTP connection use TLS -IS_TLS_ENABLED = {{ gitea_mailer_tls_enabled }} -; Mail from address, RFC 5322. This can be just an email address, or the `"Name" ` format -FROM = {{ gitea_mailer_from }} -; Mailer user name and password -USER = {{ gitea_mailer_user }} -; Use PASSWD = `your password` for quoting if you use special characters in the password. -PASSWD = `{{ gitea_mailer_password }}` -; Send mails as plain text -SEND_AS_PLAIN_TEXT = false -; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log) -MAILER_TYPE = {{ gitea_mailer_type }} -; Specify an alternative sendmail binary -SENDMAIL_PATH = sendmail -; Specify any extra sendmail arguments -SENDMAIL_ARGS = - - -[session] -; Either "memory", "file", or "redis", default is "memory" -PROVIDER = file -; Provider config options -; memory: doesn't have any config yet -; file: session file path, e.g. `data/sessions` -; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 -; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table` -PROVIDER_CONFIG = {{ gitea_home }}/data/sessions - -[picture] -AVATAR_UPLOAD_PATH = {{ gitea_home }}/data/avatars -; This value will always be true in offline mode. -DISABLE_GRAVATAR = {{ gitea_disable_gravatar }} - -[attachment] -; Whether attachments are enabled. Defaults to `true` -ENABLED = true -; Path for attachments. Defaults to `data/attachments` -PATH = {{ gitea_home }}/data/attachments - -[log] -ROOT_PATH = {{ gitea_home }}/log -; Either "console", "file", "conn", "smtp" or "database", default is "console" -; Use comma to separate multiple modes, e.g. "console, file" -MODE = file -; Buffer length of the channel, keep it as it is if you don't know what it is. -BUFFER_LEN = 10000 -; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace" -LEVEL = Info -REDIRECT_MACARON_LOG = false - -[oauth2] -ENABLE = {{ gitea_oauth2_enabled }} -JWT_SECRET = {{ gitea_oauth2_jwt_secret }} - -[metrics] -ENABLED = {{ gitea_metrics_enabled }} -TOKEN = {{ gitea_metrics_token }} - diff --git a/roles/gitea/templates/gitea.service.j2 b/roles/gitea/templates/gitea.service.j2 deleted file mode 100644 index f7c004d..0000000 --- a/roles/gitea/templates/gitea.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Gitea git server -After=network.target - -[Service] -User={{ gitea_user }} -ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini -Restart=on-failure -WorkingDirectory={{ gitea_home }} -{% if gitea_systemd_cap_net_bind_service %} -AmbientCapabilities=CAP_NET_BIND_SERVICE -{% endif %} - -[Install] -WantedBy=multi-user.target diff --git a/roles/gitea/vars/main.yml b/roles/gitea/vars/main.yml deleted file mode 100644 index 9ec5113..0000000 --- a/roles/gitea/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}" diff --git a/roles/k8s/.ansible-lint b/roles/k8s/.ansible-lint deleted file mode 100644 index e1543ed..0000000 --- a/roles/k8s/.ansible-lint +++ /dev/null @@ -1,4 +0,0 @@ -skip_list: - - '306' - - '405' - - '106' diff --git a/roles/k8s/.github/FUNDING.yml b/roles/k8s/.github/FUNDING.yml deleted file mode 100644 index 96b4938..0000000 --- a/roles/k8s/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/k8s/.github/stale.yml b/roles/k8s/.github/stale.yml deleted file mode 100644 index c7ff127..0000000 --- a/roles/k8s/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/k8s/.github/workflows/ci.yml b/roles/k8s/.github/workflows/ci.yml deleted file mode 100644 index 583bfef..0000000 --- a/roles/k8s/.github/workflows/ci.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -name: CI -'on': - pull_request: - push: - branches: - - master - schedule: - - cron: "0 4 * * 3" - -defaults: - run: - working-directory: 'geerlingguy.kubernetes' - -jobs: - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.kubernetes' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install yamllint ansible-lint - - - name: Lint code. - run: | - yamllint . - ansible-lint - - molecule: - name: Molecule - runs-on: ubuntu-latest - strategy: - matrix: - include: - - distro: centos8 - playbook: converge.yml - - distro: centos7 - playbook: converge.yml - - distro: ubuntu1804 - playbook: converge.yml - - distro: debian10 - playbook: converge.yml - - - distro: debian10 - playbook: calico.yml - - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.kubernetes' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install ansible molecule[docker] docker - - - name: Run Molecule tests. - run: molecule test - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - MOLECULE_DISTRO: ${{ matrix.distro }} - MOLECULE_PLAYBOOK: ${{ matrix.playbook }} diff --git a/roles/k8s/.github/workflows/release.yml b/roles/k8s/.github/workflows/release.yml deleted file mode 100644 index df3f1f0..0000000 --- a/roles/k8s/.github/workflows/release.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# This workflow requires a GALAXY_API_KEY secret present in the GitHub -# repository or organization. -# -# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy -# See: https://github.com/ansible/galaxy/issues/46 - -name: Release -'on': - push: - tags: - - '*' - -defaults: - run: - working-directory: 'geerlingguy.kubernetes' - -jobs: - - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.kubernetes' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install Ansible. - run: pip3 install ansible-base - - - name: Trigger a new import on Galaxy. - run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/k8s/.gitignore b/roles/k8s/.gitignore deleted file mode 100644 index f56f5b5..0000000 --- a/roles/k8s/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/k8s/.travis.yml b/roles/k8s/.travis.yml deleted file mode 100644 index 61c6b8e..0000000 --- a/roles/k8s/.travis.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: kubernetes - matrix: - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: debian10 - - - MOLECULE_DISTRO: debian10 - MOLECULE_PLAYBOOK: playbook-calico.yml - -before_install: - # Upgrade Docker to work with docker-py. - - curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash - -install: - # Install test dependencies. - - pip install molecule[docker] yamllint ansible-lint docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/k8s/.yamllint b/roles/k8s/.yamllint deleted file mode 100644 index 3a49cd8..0000000 --- a/roles/k8s/.yamllint +++ /dev/null @@ -1,11 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 150 - level: warning - -ignore: | - .github/stale.yml - .travis.yml diff --git a/roles/k8s/LICENSE b/roles/k8s/LICENSE deleted file mode 100644 index 6eb558e..0000000 --- a/roles/k8s/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2018 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/k8s/README.md b/roles/k8s/README.md deleted file mode 100644 index 4d540c4..0000000 --- a/roles/k8s/README.md +++ /dev/null @@ -1,152 +0,0 @@ -# Ansible Role: Kubernetes - -[![CI](https://github.com/geerlingguy/ansible-role-kubernetes/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-kubernetes/actions?query=workflow%3ACI) - -An Ansible Role that installs [Kubernetes](https://kubernetes.io) on Linux. - -## Requirements - -Requires Docker; recommended role for Docker installation: `geerlingguy.docker`. - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - kubernetes_packages: - - name: kubelet - state: present - - name: kubectl - state: present - - name: kubeadm - state: present - - name: kubernetes-cni - state: present - -Kubernetes packages to be installed on the server. You can either provide a list of package names, or set `name` and `state` to have more control over whether the package is `present`, `absent`, `latest`, etc. - - kubernetes_version: '1.17' - kubernetes_version_rhel_package: '1.17.2' - -The minor version of Kubernetes to install. The plain `kubernetes_version` is used to pin an apt package version on Debian, and as the Kubernetes version passed into the `kubeadm init` command (see `kubernetes_version_kubeadm`). The `kubernetes_version_rhel_package` variable must be a specific Kubernetes release, and is used to pin the version on Red Hat / CentOS servers. - - kubernetes_role: master - -Whether the particular server will serve as a Kubernetes `master` (default) or `node`. The master will have `kubeadm init` run on it to intialize the entire K8s control plane, while `node`s will have `kubeadm join` run on them to join them to the `master`. - - kubernetes_kubelet_extra_args: "" - kubernetes_kubelet_extra_args_config_file: /etc/default/kubelet - -Extra args to pass to `kubelet` during startup. E.g. to allow `kubelet` to start up even if there is swap is enabled on your server, set this to: `"--fail-swap-on=false"`. Or to specify the node-ip advertised by `kubelet`, set this to `"--node-ip={{ ansible_host }}"`. - - kubernetes_kubeadm_init_extra_opts: "" - -Extra args to pass to `kubeadm init` during K8s control plane initialization. E.g. to specify extra Subject Alternative Names for API server certificate, set this to: `"--apiserver-cert-extra-sans my-custom.host"` - - kubernetes_join_command_extra_opts: "" - -Extra args to pass to the generated `kubeadm join` command during K8s node initialization. E.g. to ignore certain preflight errors like swap being enabled, set this to: `--ignore-preflight-errors=Swap` - - kubernetes_allow_pods_on_master: true - -Whether to remove the taint that denies pods from being deployed to the Kubernetes master. If you have a single-node cluster, this should definitely be `True`. Otherwise, set to `False` if you want a dedicated Kubernetes master which doesn't run any other pods. - - kubernetes_enable_web_ui: false - kubernetes_web_ui_manifest_file: https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml - -Whether to enable the Kubernetes web dashboard UI (only accessible on the master itself, or proxied), and the file containing the web dashboard UI manifest. - - kubernetes_pod_network: - # Flannel CNI. - cni: 'flannel' - cidr: '10.244.0.0/16' - # - # Calico CNI. - # cni: 'calico' - # cidr: '192.168.0.0/16' - # - # Weave CNI. - # cni: 'weave' - # cidr: '192.168.0.0/16' - -This role currently supports `flannel` (default), `calico` or `weave` for cluster pod networking. Choose only one for your cluster; converting between them is not done automatically and could result in broken networking; if you need to switch from one to another, it should be done outside of this role. - - kubernetes_apiserver_advertise_address: '' - kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}' - kubernetes_ignore_preflight_errors: 'all' - -Options passed to `kubeadm init` when initializing the Kubernetes master. The `kubernetes_apiserver_advertise_address` defaults to `ansible_default_ipv4.address` if it's left empty. - - kubernetes_apt_release_channel: main - kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}" - kubernetes_apt_ignore_key_error: false - -Apt repository options for Kubernetes installation. - - kubernetes_yum_arch: x86_64 - kubernetes_yum_base_url: "https://packages.cloud.google.com/yum/repos/kubernetes-el7-{{ kubernetes_yum_arch }}" - kubernetes_yum_gpg_key: - - https://packages.cloud.google.com/yum/doc/yum-key.gpg - - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg - -Yum repository options for Kubernetes installation. You can change `kubernete_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. Usually in combination with changing `kubernetes_yum_base_url` as well. - - kubernetes_flannel_manifest_file_rbac: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml - kubernetes_flannel_manifest_file: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml - -Flannel manifest files to apply to the Kubernetes cluster to enable networking. You can copy your own files to your server and apply them instead, if you need to customize the Flannel networking configuration. - -## Dependencies - -None. - -## Example Playbooks - -### Single node (master-only) cluster - -```yaml -- hosts: all - - vars: - kubernetes_allow_pods_on_master: true - - roles: - - geerlingguy.docker - - geerlingguy.kubernetes -``` - -### Two or more nodes (single master) cluster - -Master inventory vars: - -```yaml -kubernetes_role: "master" -``` - -Node(s) inventory vars: - -```yaml -kubernetes_role: "node" -``` - -Playbook: - -```yaml -- hosts: all - - vars: - kubernetes_allow_pods_on_master: true - - roles: - - geerlingguy.docker - - geerlingguy.kubernetes -``` - -Then, log into the Kubernetes master, and run `kubectl get nodes` as root, and you should see a list of all the servers. - -## License - -MIT / BSD - -## Author Information - -This role was created in 2018 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/k8s/defaults/main.yml b/roles/k8s/defaults/main.yml deleted file mode 100644 index 5bb912d..0000000 --- a/roles/k8s/defaults/main.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -kubernetes_packages: - - name: kubelet - state: present - - name: kubectl - state: present - - name: kubeadm - state: present - - name: kubernetes-cni - state: present - -kubernetes_version: '1.19' -kubernetes_version_rhel_package: '1.19.0' - -kubernetes_role: master - -kubernetes_kubelet_extra_args: "" -kubernetes_kubeadm_init_extra_opts: "" -kubernetes_join_command_extra_opts: "" - -kubernetes_allow_pods_on_master: true -kubernetes_enable_web_ui: true -kubernetes_web_ui_manifest_file: https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml - -kubernetes_pod_network: - # Flannel CNI. - cni: 'flannel' - cidr: '10.244.0.0/16' - # Calico CNI. - # cni: 'calico' - # cidr: '192.168.0.0/16' - -kubernetes_apiserver_advertise_address: '' -kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}' -kubernetes_ignore_preflight_errors: 'all' - -kubernetes_apt_release_channel: main -# Note that xenial repo is used for all Debian derivatives at this time. -kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}" -kubernetes_apt_ignore_key_error: false - -kubernetes_yum_arch: x86_64 -kubernetes_yum_base_url: "https://packages.cloud.google.com/yum/repos/kubernetes-el7-{{ kubernetes_yum_arch }}" -kubernetes_yum_gpg_key: - - https://packages.cloud.google.com/yum/doc/yum-key.gpg - - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg - -# Flannel config files. -kubernetes_flannel_manifest_file_rbac: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml -kubernetes_flannel_manifest_file: https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml - -# Calico config files -kubernetes_calico_manifest_file: https://docs.projectcalico.org/v3.10/manifests/calico.yaml diff --git a/roles/k8s/handlers/main.yml b/roles/k8s/handlers/main.yml deleted file mode 100644 index ebdb957..0000000 --- a/roles/k8s/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart kubelet - service: name=kubelet state=restarted diff --git a/roles/k8s/meta/.galaxy_install_info b/roles/k8s/meta/.galaxy_install_info deleted file mode 100644 index 2dffc0d..0000000 --- a/roles/k8s/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Tue Feb 16 21:36:26 2021 -version: 5.0.1 diff --git a/roles/k8s/meta/main.yml b/roles/k8s/meta/main.yml deleted file mode 100644 index f7a195c..0000000 --- a/roles/k8s/meta/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: kubernetes - author: geerlingguy - description: Kubernetes for Linux. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - 7 - - 8 - - name: Debian - versions: - - stretch - - buster - - name: Ubuntu - versions: - - xenial - - bionic - - focal - galaxy_tags: - - system - - containers - - docker - - rkt - - orchestration - - kubernetes - - k8s - - paas - - saas - - hosting diff --git a/roles/k8s/molecule/default/calico.yml b/roles/k8s/molecule/default/calico.yml deleted file mode 100644 index 2e2258e..0000000 --- a/roles/k8s/molecule/default/calico.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - kubernetes_pod_network: - cni: 'calico' - cidr: '192.168.0.0/16' - - # Allow swap in test environments (hard to control in some Docker envs). - kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs" - docker_install_compose: false - - pre_tasks: - - name: Update apt cache. - apt: update_cache=true cache_valid_time=600 - when: ansible_os_family == 'Debian' - - - name: Ensure test dependencies are installed (RedHat). - package: name=iproute state=present - when: ansible_os_family == 'RedHat' - - - name: Ensure test dependencies are installed (Debian). - package: name=iproute2 state=present - when: ansible_os_family == 'Debian' - - - name: Gather facts. - action: setup - - roles: - - role: geerlingguy.docker - - role: geerlingguy.kubernetes - - post_tasks: - - name: Get cluster info. - command: kubectl cluster-info - changed_when: false - register: kubernetes_info - - - name: Print cluster info. - debug: var=kubernetes_info.stdout - - - name: Get all running pods. - command: kubectl get pods --all-namespaces - changed_when: false - register: kubernetes_pods - - - name: Print list of running pods. - debug: var=kubernetes_pods.stdout diff --git a/roles/k8s/molecule/default/converge.yml b/roles/k8s/molecule/default/converge.yml deleted file mode 100644 index f93c7d7..0000000 --- a/roles/k8s/molecule/default/converge.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - # Allow swap in test environments (hard to control in some Docker envs). - kubernetes_kubelet_extra_args: "--fail-swap-on=false --cgroup-driver=cgroupfs" - docker_install_compose: false - - pre_tasks: - - name: Update apt cache. - apt: update_cache=true cache_valid_time=600 - when: ansible_os_family == 'Debian' - - - name: Ensure test dependencies are installed (RedHat). - package: name=iproute state=present - when: ansible_os_family == 'RedHat' - - - name: Ensure test dependencies are installed (Debian). - package: name=iproute2 state=present - when: ansible_os_family == 'Debian' - - - name: Gather facts. - action: setup - - roles: - - role: geerlingguy.docker - - role: geerlingguy.kubernetes - - post_tasks: - - name: Get cluster info. - command: kubectl cluster-info - changed_when: false - register: kubernetes_info - - - name: Print cluster info. - debug: var=kubernetes_info.stdout - - - name: Get all running pods. - command: kubectl get pods --all-namespaces - changed_when: false - register: kubernetes_pods - - - name: Print list of running pods. - debug: var=kubernetes_pods.stdout diff --git a/roles/k8s/molecule/default/molecule.yml b/roles/k8s/molecule/default/molecule.yml deleted file mode 100644 index 46f4cc6..0000000 --- a/roles/k8s/molecule/default/molecule.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - /var/lib/docker - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/k8s/molecule/default/requirements.yml b/roles/k8s/molecule/default/requirements.yml deleted file mode 100644 index 3a013f3..0000000 --- a/roles/k8s/molecule/default/requirements.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- src: geerlingguy.docker diff --git a/roles/k8s/tasks/kubelet-setup.yml b/roles/k8s/tasks/kubelet-setup.yml deleted file mode 100644 index be6f57e..0000000 --- a/roles/k8s/tasks/kubelet-setup.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: Check for existence of kubelet environment file. - stat: - path: '{{ kubelet_environment_file_path }}' - register: kubelet_environment_file - -- name: Set facts for KUBELET_EXTRA_ARGS task if environment file exists. - set_fact: - kubelet_args_path: '{{ kubelet_environment_file_path }}' - kubelet_args_line: "{{ 'KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args }}" - kubelet_args_regexp: '^KUBELET_EXTRA_ARGS=' - when: kubelet_environment_file.stat.exists - -- name: Set facts for KUBELET_EXTRA_ARGS task if environment file doesn't exist. - set_fact: - kubelet_args_path: '/etc/systemd/system/kubelet.service.d/10-kubeadm.conf' - kubelet_args_line: "{{ 'Environment=\"KUBELET_EXTRA_ARGS=' + kubernetes_kubelet_extra_args + '\"' }}" - kubelet_args_regexp: '^Environment="KUBELET_EXTRA_ARGS=' - when: not kubelet_environment_file.stat.exists - -- name: Configure KUBELET_EXTRA_ARGS. - lineinfile: - path: '{{ kubelet_args_path }}' - line: '{{ kubelet_args_line }}' - regexp: '{{ kubelet_args_regexp }}' - state: present - mode: 0644 - register: kubelet_config_file - -- name: Reload systemd unit if args were changed. - systemd: - state: restarted - daemon_reload: true - name: kubelet - when: kubelet_config_file is changed diff --git a/roles/k8s/tasks/main.yml b/roles/k8s/tasks/main.yml deleted file mode 100644 index 1227585..0000000 --- a/roles/k8s/tasks/main.yml +++ /dev/null @@ -1,58 +0,0 @@ ---- -- name: Include OS-specific variables. - include_vars: "{{ ansible_os_family }}.yml" - -- include_tasks: setup-RedHat.yml - when: ansible_os_family == 'RedHat' - -- include_tasks: setup-Debian.yml - when: ansible_os_family == 'Debian' - -- name: Ensure dependencies are installed. - package: name=curl state=present - -- name: Install Kubernetes packages. - package: - name: "{{ item.name | default(item) }}" - state: "{{ item.state | default('present') }}" - notify: restart kubelet - with_items: "{{ kubernetes_packages }}" - -- include_tasks: sysctl-setup.yml - -- include_tasks: kubelet-setup.yml - -- name: Ensure kubelet is started and enabled at boot. - service: - name: kubelet - state: started - enabled: true - -- name: Check if Kubernetes has already been initialized. - stat: - path: /etc/kubernetes/admin.conf - register: kubernetes_init_stat - -# Set up master. -- include_tasks: master-setup.yml - when: kubernetes_role == 'master' - -# Set up nodes. -- name: Get the kubeadm join command from the Kubernetes master. - command: kubeadm token create --print-join-command - changed_when: false - when: kubernetes_role == 'master' - register: kubernetes_join_command_result - -- name: Set the kubeadm join command globally. - set_fact: - kubernetes_join_command: > - {{ kubernetes_join_command_result.stdout }} - {{ kubernetes_join_command_extra_opts }} - when: kubernetes_join_command_result.stdout is defined - delegate_to: "{{ item }}" - delegate_facts: true - with_items: "{{ groups['all'] }}" - -- include_tasks: node-setup.yml - when: kubernetes_role == 'node' diff --git a/roles/k8s/tasks/master-setup.yml b/roles/k8s/tasks/master-setup.yml deleted file mode 100644 index fffcd39..0000000 --- a/roles/k8s/tasks/master-setup.yml +++ /dev/null @@ -1,82 +0,0 @@ ---- -- name: Initialize Kubernetes master with kubeadm init. - command: > - kubeadm init - --pod-network-cidr={{ kubernetes_pod_network.cidr }} - --apiserver-advertise-address={{ kubernetes_apiserver_advertise_address | default(ansible_default_ipv4.address, true) }} - --kubernetes-version {{ kubernetes_version_kubeadm }} - --ignore-preflight-errors={{ kubernetes_ignore_preflight_errors }} - {{ kubernetes_kubeadm_init_extra_opts }} - register: kubeadmin_init - when: not kubernetes_init_stat.stat.exists - -- name: Print the init output to screen. - debug: - var: kubeadmin_init.stdout - verbosity: 2 - when: not kubernetes_init_stat.stat.exists - -- name: Ensure .kube directory exists. - file: - path: ~/.kube - state: directory - mode: 0755 - -- name: Symlink the kubectl admin.conf to ~/.kube/conf. - file: - src: /etc/kubernetes/admin.conf - dest: ~/.kube/config - state: link - mode: 0644 - -- name: Configure Flannel networking. - command: "{{ item }}" - with_items: - - kubectl apply -f {{ kubernetes_flannel_manifest_file_rbac }} - - kubectl apply -f {{ kubernetes_flannel_manifest_file }} - register: flannel_result - changed_when: "'created' in flannel_result.stdout" - when: kubernetes_pod_network.cni == 'flannel' - -- name: Configure Calico networking. - command: "{{ item }}" - with_items: - - kubectl apply -f {{ kubernetes_calico_manifest_file }} - register: calico_result - changed_when: "'created' in calico_result.stdout" - when: kubernetes_pod_network.cni == 'calico' - -- name: Get Kubernetes version for Weave installation. - shell: kubectl version | base64 | tr -d '\n' - changed_when: false - register: kubectl_version - when: kubernetes_pod_network.cni == 'weave' - -- name: Configure Weave networking. - command: "{{ item }}" - with_items: - - "kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version={{ kubectl_version.stdout_lines[0] }}" - register: weave_result - changed_when: "'created' in weave_result.stdout" - when: kubernetes_pod_network.cni == 'weave' - -# TODO: Check if taint exists with something like `kubectl describe nodes` -# instead of using kubernetes_init_stat.stat.exists check. -- name: Allow pods on master node (if configured). - command: "kubectl taint nodes --all node-role.kubernetes.io/master-" - when: - - kubernetes_allow_pods_on_master | bool - - not kubernetes_init_stat.stat.exists - -- name: Check if Kubernetes Dashboard UI service already exists. - shell: kubectl get services --namespace kube-system | grep -q kubernetes-dashboard - changed_when: false - failed_when: false - register: kubernetes_dashboard_service - when: kubernetes_enable_web_ui | bool - -- name: Enable the Kubernetes Web Dashboard UI (if configured). - command: "kubectl create -f {{ kubernetes_web_ui_manifest_file }}" - when: - - kubernetes_enable_web_ui | bool - - kubernetes_dashboard_service is failed diff --git a/roles/k8s/tasks/node-setup.yml b/roles/k8s/tasks/node-setup.yml deleted file mode 100644 index 304cbf1..0000000 --- a/roles/k8s/tasks/node-setup.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Join node to Kubernetes master - shell: > - {{ kubernetes_join_command }} - creates=/etc/kubernetes/kubelet.conf - tags: ['skip_ansible_lint'] diff --git a/roles/k8s/tasks/setup-Debian.yml b/roles/k8s/tasks/setup-Debian.yml deleted file mode 100644 index 4a83a58..0000000 --- a/roles/k8s/tasks/setup-Debian.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Ensure dependencies are installed. - apt: - name: - - apt-transport-https - - ca-certificates - state: present - -- name: Add Kubernetes apt key. - apt_key: - url: https://packages.cloud.google.com/apt/doc/apt-key.gpg - state: present - register: add_repository_key - ignore_errors: "{{ kubernetes_apt_ignore_key_error }}" - -- name: Add Kubernetes repository. - apt_repository: - repo: "{{ kubernetes_apt_repository }}" - state: present - update_cache: true - -- name: Add Kubernetes apt preferences file to pin a version. - template: - src: apt-preferences-kubernetes.j2 - dest: /etc/apt/preferences.d/kubernetes - mode: 0644 diff --git a/roles/k8s/tasks/setup-RedHat.yml b/roles/k8s/tasks/setup-RedHat.yml deleted file mode 100644 index 99a7098..0000000 --- a/roles/k8s/tasks/setup-RedHat.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Ensure Kubernetes repository exists. - yum_repository: - name: kubernetes - description: Kubernetes - enabled: true - gpgcheck: true - repo_gpgcheck: true - baseurl: "{{ kubernetes_yum_base_url }}" - gpgkey: "{{ kubernetes_yum_gpg_key }}" - -- name: Add Kubernetes GPG keys. - rpm_key: - key: "{{ item }}" - state: present - register: kubernetes_rpm_key - with_items: "{{ kubernetes_yum_gpg_key }}" - -- name: Make cache if Kubernetes GPG key changed. - command: "yum -q makecache -y --disablerepo='*' --enablerepo='kubernetes'" - when: kubernetes_rpm_key is changed - args: - warn: false diff --git a/roles/k8s/tasks/sysctl-setup.yml b/roles/k8s/tasks/sysctl-setup.yml deleted file mode 100644 index 174ebca..0000000 --- a/roles/k8s/tasks/sysctl-setup.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Ensure procps is installed. - package: - name: "{{ procps_package }}" - state: present - when: > - ansible_distribution != 'Debian' - or ansible_distribution_major_version | int < 10 - -# See: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic -- name: Let iptables see bridged traffic. - sysctl: - name: "{{ item }}" - value: '1' - state: present - loop: - - net.bridge.bridge-nf-call-iptables - - net.bridge.bridge-nf-call-ip6tables - when: > - ansible_distribution != 'Debian' - or ansible_distribution_major_version | int < 10 diff --git a/roles/k8s/templates/apt-preferences-kubernetes.j2 b/roles/k8s/templates/apt-preferences-kubernetes.j2 deleted file mode 100644 index 0c7d447..0000000 --- a/roles/k8s/templates/apt-preferences-kubernetes.j2 +++ /dev/null @@ -1,11 +0,0 @@ -Package: kubectl -Pin: version {{ kubernetes_version }}.* -Pin-Priority: 1000 - -Package: kubeadm -Pin: version {{ kubernetes_version }}.* -Pin-Priority: 1000 - -Package: kubelet -Pin: version {{ kubernetes_version }}.* -Pin-Priority: 1000 diff --git a/roles/k8s/vars/Debian.yml b/roles/k8s/vars/Debian.yml deleted file mode 100644 index 8b8d1a2..0000000 --- a/roles/k8s/vars/Debian.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -procps_package: procps -kubelet_environment_file_path: /etc/default/kubelet diff --git a/roles/k8s/vars/RedHat.yml b/roles/k8s/vars/RedHat.yml deleted file mode 100644 index e156651..0000000 --- a/roles/k8s/vars/RedHat.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -procps_package: procps-ng -kubelet_environment_file_path: /etc/sysconfig/kubelet -kubernetes_packages: - - name: kubelet-{{ kubernetes_version_rhel_package }}-0 - state: present - - name: kubectl-{{ kubernetes_version_rhel_package }}-0 - state: present - - name: kubeadm-{{ kubernetes_version_rhel_package }}-0 - state: present - - name: kubernetes-cni - state: present diff --git a/roles/nextcloud/.gitignore b/roles/nextcloud/.gitignore deleted file mode 100644 index 58af8a2..0000000 --- a/roles/nextcloud/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -__pycache__ -*.py[cod] diff --git a/roles/nextcloud/.travis.yml b/roles/nextcloud/.travis.yml deleted file mode 100644 index 8fd1b4b..0000000 --- a/roles/nextcloud/.travis.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -language: python -python: "2.7" - -sudo: false - -addons: - apt: - packages: - - python-pip - -env: - global: - ROLE_NAME: nextcloud - -install: - - pip install molecule docker - - - ansible --version - - - pwd - - # Create ansible.cfg with correct roles_path - - printf '[defaults]\nroles_path=../' > ansible.cfg - -before_script: - - cd ../ - - mv ansible-role-$ROLE_NAME nkakouros-original.$ROLE_NAME - - cd nkakouros-original.$ROLE_NAME - -script: - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/nextcloud/.yamllint b/roles/nextcloud/.yamllint deleted file mode 100644 index 34d1b66..0000000 --- a/roles/nextcloud/.yamllint +++ /dev/null @@ -1,56 +0,0 @@ ---- - -rules: - braces: - min-spaces-inside: 1 - max-spaces-inside: 1 - min-spaces-inside-empty: 0 - max-spaces-inside-empty: 0 - brackets: - min-spaces-inside: 0 - max-spaces-inside: 0 - min-spaces-inside-empty: -1 - max-spaces-inside-empty: -1 - colons: - max-spaces-before: 0 - max-spaces-after: 1 - commas: - max-spaces-before: 0 - min-spaces-after: 1 - max-spaces-after: 1 - comments: - require-starting-space: true - min-spaces-from-content: 2 - comments-indentation: enable - document-end: disable - document-start: - present: true - empty-lines: - max: 2 - max-start: 0 - max-end: 0 - empty-values: - forbid-in-block-mappings: true - forbid-in-flow-mappings: true - hyphens: - max-spaces-after: 1 - indentation: - spaces: 2 - indent-sequences: true - check-multi-line-strings: false - key-duplicates: enable - key-ordering: disable - line-length: - max: 80 - allow-non-breakable-words: true - allow-non-breakable-inline-mappings: false - new-line-at-end-of-file: enable - new-lines: - type: unix - octal-values: - forbid-implicit-octal: true - forbid-explicit-octal: false - trailing-spaces: enable - truthy: - level: warning - diff --git a/roles/nextcloud/LICENSE b/roles/nextcloud/LICENSE deleted file mode 100644 index 94a9ed0..0000000 --- a/roles/nextcloud/LICENSE +++ /dev/null @@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md deleted file mode 100644 index da15288..0000000 --- a/roles/nextcloud/README.md +++ /dev/null @@ -1,96 +0,0 @@ -[![Build Status](https://travis-ci.com/nkakouros-original/ansible-role-nextcloud.svg?branch=master)](https://travis-ci.com/nkakouros-original/ansible-role-nextcloud) -[![Galaxy](https://img.shields.io/badge/galaxy-nkakouros.nextcloud-blue.svg)](https://galaxy.ansible.com/nkakouros/nextcloud/) - -# Ansible Role: Nextcloud - -Installs and upgrades Nextcloud and apps. **It only does that**, it does not -install a web server, a db server, etc. - -## Features - -This role allows you to: -- install, update and configure Nextcloud core -- install, update and configure Nextcloud apps available on the app store -- create and update users and groups - -## Requirements - -Ansible >= 2.7 - -While there are a bunch of other roles around to install Nextcloud, I did not -found them useful as they try to do everything in one role, ie setup Apache, -then MySQL, then install Nextcloud, etc. This might be useful for users who want -to have a Nextcloud instance running as fast as possible. However, I find the -approach too limiting as there are too many assumptions taking place. - -This role does not care where you install Nextcloud. It only downloads, installs -and configures Nextcloud itself. Its aim is to be used in a modular way -alongside other roles. (Or at least it tries to make no assumptions. If you find -any or cannot install nextcloud due to missing functionality, please open an -issue or a PR. Currently it has been tested only on Ubuntu 16.04). - -See the [Example playbook](#example-playbook) on how a complete playbook that -uses 3rd-party roles might look like. - -The python `listparser` module should be installed if you want to import feeds -into the `News` app from an opml file. E.g.: - -``` -pip install listaprser -``` - - -## Versions - -- _Supported Nextcloud versions_: Each release of the role will support all - officially supported Nextcloud versions, starting from version 14. That is, - versions older than Nextcloud 14 will not be supported ever by this role (for - instance Nextcloud 13, although it is supported officially as of this - writing). Also, with each new major version of Nextcloud, the version that - this role installs by default will be updated to match that latest major - release. - -- _Supported Ansible versions_: I am using an installation of Ansible that is - daily checked out from their [development - branch](https://github.com/ansible/ansible/tree/devel/). With each new Ansible - stable version (currently 2.7), a new release of this role will be created - that will be compatible with that new Ansible version. Work following such - a release will take place with the in-development next version of Ansible and - might use new Ansible features. - -For this above reasons, role releases will have names such as `v14-2.7-1.0`, -where: - -- `14` is the version of Nextcloud that this role will install by default -- `2.7` is the Ansible version that the release will be compatible with -- `1.0` is semantic versioning of the role itself (reset when either of the two - components above gets updated) - -The above release will of course also be compatible with later Ansible versions -that are compatible with Ansible 2.7. - -Role Variables --------------- - -See -[defaults/main.yml](https://github.com/nkakouros-original/ansible-role-nextcloud/blob/master/defaults/main.yml) -for a full list of variables together with documentation on how to use them to -configure this role. - -Example Playbook ----------------- - -See [molecule/default/prepare.yml](molecule/default/prepare.yml) and -[molecule/default/playbook.yml](molecule/default/playbook.yml) for a working -example of how to use this role in conjuction with other roles to get a complete -server environment that runs Nextcloud. - -License -------- - -GPLv3 - -Author Information ------------------- - -Nikolaos Kakouros diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml deleted file mode 100644 index dfd04e3..0000000 --- a/roles/nextcloud/defaults/main.yml +++ /dev/null @@ -1,174 +0,0 @@ ---- - -nextcloud_enable: true -# Set this to 'no' to completely disable the role - -# Installation {{{ -nextcloud_version: 17 -# The major nextcloud version to install. You can use this to upgrade to a new -# major version as well. Even if you set 'nextcloud_download_url' manually (see -# next option), 'nextcloud_version' should be set as it is also used to -# correctly install the apps. - -nextcloud_download_url: >- - {%- if nextcloud_version > 0 -%} - https://download.nextcloud.com/server/releases/latest-{{ - nextcloud_version }}.zip - {%- else -%} - https://download.nextcloud.com/server/releases/latest.zip - {%- endif -%} -# The url to download nextcloud from. Currently only the latest stable version -# is supported by the role. - -nextcloud_installation_dir: '/var/www/html/nextcloud/' -# Where to extract nextcloud files. This is the directory where the web server -# will load nextcloud from. - -nextcloud_data_dir: "{{ nextcloud_installation_dir }}/data" -# Path to nextcloud user data directory. - -nextcloud_file_owner: 'www-data' -# The user that will own nextcloud files. - -nextcloud_database: - backend: mysql - # The database server that will be used. It should be already installed and - # the database should already exist. For 'mariadb', set this to 'mysql'. - - name: nextcloud - # The name of the database nextcloud will use. It should already exist on the - # system. - - user: nextcloud - # The database user that nextcloud will use to access the database. The user - # should already exist in the database backend (together with their password). - - pass: '' - # The database user's password. This variable should not be empty. - - host: localhost - # The database host - - port: 3306 - # The port the db server listens on - - prefix: oc_ - # Prefix for the nextcloud tables in the database. -# }}} -# Core configuration {{{ -# TODO make this part of nextcloud_config_system -nextcloud_enable_pretty_urls: true -# Set to yes to enable urls of the form https://example.org/calendar replacing -# https://example.org/nextcloud/index.php/s/Sv1b7krAUqmF8QQ. - -# TODO make this part of nextcloud_config_system -nextcloud_urls: - - https://localhost:80/folder -# This is a list of urls where your nextcloud installation should be accessible. -# You would normally need only one. If you specify more than one, the first one -# will be as the "main" one, for pretty urls, etc. -# }}} -# occ {{{ -nextcloud_occ_make_executable: true -# Whether to make the occ tool executable (to avoid using `php occ ...` and use -# `occ ...` directly). - -nextcloud_occ_system_command: true -# Whether to create a /usr/bin/occ executable script that will allow all users -# of the system to run `occ` (with completion if `nextcloud_occ_completions` is -# enabled). The script calls sudo to run `occ` as the nextcloud user. - -nextcloud_occ_completions: true -# Whether to enable bash completion for the occ tool -# }}} -# Users {{{ -nextcloud_admin_user: admin -# The name of the admin user - -nextcloud_admin_pass: '' -# The password of the admin user. This variable should not be empty. - -nextcloud_users: [] -# The ansible users to create, other than the admin. -# It is a list of hashes. Eg -# -# nextcloud_users: -# - name: alice -# pass: superstrongnot -# resetpassword: yes # reset the passsword every time the playbook is run -# display_name: Alice B. Charlie -# settings: -# - firstrunwizard: -# show: 0 -# - calendar: -# showWeekNr: 'yes' -# app_config: -# ... -# -# App and core configuration happens per user. To find out what config options -# are available, either make the changes manually and then the oc_preferences -# table in your nextcloud database or use the `occ config:list` command on your -# server to get a listing of the current configuration options. -# }}} -# Apps {{{ -nextcloud_remove_unknown_apps: false -# Setting to choose whether to remove or keep external apps which have not been -# installed through this role, but manually or via the Nextcloud admin interface - -nextcloud_apps: [] -# Nextcloud apps to be installed, removed, enabled or disabled -# It is a list of hashes. Eg -# -# nextcloud_apps: -# - name: calendar -# state: enabled -# -# The action can be defined using the app's state, the following states are -# supported: -# - present: The app will be installed, the enabled status will not be changed -# - absent: The app will be removed. Only available for external apps. -# - enabled: The app will be installed if not available yet, and will be -# enabled -# - disabled: The app will be installed if not available yet, and will be -# disabled -# -# Installation and removal is only supported for external apps, apps shipped -# with Nextcloud can only be enabled or disabled. By default, only apps with -# the explicit state `absent` are removed, to remove all apps missing from the -# list, set `nextcloud_remove_unknown_apps: true`. -# Currently, always the latest version available from the App Store is -# installed. - -nextcloud_config: {} -# A yaml array with settings of nextcloud apps. -# -# Nextcloud organizes its configuration in two categories: -# - system: this category contains all basic configuration parameters for the -# framework to operate. Its keys are stored in the `config.php` file -# of the instance installation's `config` directory. -# - apps: this category contains settings for the individual apps as well as -# for some core components of the framework (in `core`). These settings -# are stored in the database directly and require a correctly -# configured system to be accessed. -# -# For instance: -# ``` -# nextcloud_config: -# apps: -# core: -# backgroundjobs_mode: cron -# system: -# overwrite: -# cli: -# url: "{{ nextcloud_urls[0] | regex_replace(':[0-9]{2,5}', '') }}" -# trusted_domains: -# "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}" -# htaccess: -# RewriteBase: >- -# /{{ nextcloud_urls[0] -# | regex_replace('/$', '') -# | urlsplit('path') -# | regex_replace('^/') -# }} -# ``` -# }}} diff --git a/roles/nextcloud/filter_plugins/opml.py b/roles/nextcloud/filter_plugins/opml.py deleted file mode 100644 index 07360a8..0000000 --- a/roles/nextcloud/filter_plugins/opml.py +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env python - -import collections - -from ansible import errors - - -def read_opml(path): - try: - import listparser - except Exception: - raise errors.AnsibleFilterError( - 'the "opml" filter requires the "listparser" python module,' - + "install with `pip install listparser`" - ) - - try: - result = listparser.parse(path) - except Exception as e: - raise errors.AnsibleFilterError( - 'error while parsing opml file: "%s"' % str(e) - ) - - feeds = result["feeds"] - for index, feed in enumerate(feeds): - feeds[index]["folder"] = [ - item for sublist in feed.pop("categories") for item in sublist - ] - return feeds - - -# Taken from https://stackoverflow.com/questions/6027558/ -def dict_flatten(d, parent_key="", sep="_"): - items = [] - for k, v in d.items(): - new_key = parent_key + sep + k if parent_key else k - if isinstance(v, collections.MutableMapping): - items.extend(dict_flatten(v, new_key, sep=sep).items()) - else: - items.append((new_key, v)) - return dict(items) - - -class FilterModule(object): - def filters(self): - return {"opml": read_opml, "dict_flatten": dict_flatten} diff --git a/roles/nextcloud/handlers/main.yml b/roles/nextcloud/handlers/main.yml deleted file mode 100644 index 4fdb045..0000000 --- a/roles/nextcloud/handlers/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -- name: Update .htaccess - block: - - name: Make .htaccess writable - file: - path: "{{ nextcloud_installation_dir }}/.htaccess" - mode: g+w - listen: nextcloud update htaccess - - name: Update .htaccess file - command: php occ maintenance:update:htaccess --no-interaction - args: - chdir: "{{ nextcloud_installation_dir }}" - listen: nextcloud update htaccess - become: true - become_user: "{{ nextcloud_file_owner }}" - - name: Make .htaccess unwritable again - file: - path: "{{ nextcloud_installation_dir }}/.htaccess" - mode: g-w - listen: nextcloud update htaccess - -- name: Set file permissions on Nextcloud files - block: - - name: Set Nextcloud file permissions - file: - path: "{{ nextcloud_installation_dir }}" - mode: u=rwX,g=rX,o-rwx - owner: "{{ nextcloud_file_owner }}" - group: "{{ nextcloud_file_owner }}" - recurse: true - listen: nextcloud set file permissions - - name: Set permissions on installation directory - file: - path: "{{ nextcloud_installation_dir }}" - owner: root - group: "{{ nextcloud_file_owner }}" - mode: 0o750 - state: directory - listen: nextcloud set file permissions - - name: Set permissions on htaccess file - file: - path: "{{ nextcloud_installation_dir }}/.htaccess" - owner: root - group: "{{ nextcloud_file_owner }}" - mode: 0o644 - listen: nextcloud set file permissions diff --git a/roles/nextcloud/meta/.galaxy_install_info b/roles/nextcloud/meta/.galaxy_install_info deleted file mode 100644 index 35f337e..0000000 --- a/roles/nextcloud/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Sun Nov 1 09:50:37 2020 -version: master diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml deleted file mode 100644 index 842f666..0000000 --- a/roles/nextcloud/meta/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -galaxy_info: - role_name: nextcloud - author: Nikolaos Kakouros - description: - Featureful, unbloated Nextcloud Server role without php/DB/webserver/etc - provisions - # company: your company (optional) - license: GPLv3 - min_ansible_version: 2.7 - github_branch: master - platforms: - - name: Ubuntu - versions: - - xenial - galaxy_tags: - - nextcloud - - web - - cloud - - rss - - calendar - - tasks - -dependencies: [] diff --git a/roles/nextcloud/molecule/default/Dockerfile.j2 b/roles/nextcloud/molecule/default/Dockerfile.j2 deleted file mode 100644 index 0a60553..0000000 --- a/roles/nextcloud/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/roles/nextcloud/molecule/default/INSTALL.rst b/roles/nextcloud/molecule/default/INSTALL.rst deleted file mode 100644 index b42edf5..0000000 --- a/roles/nextcloud/molecule/default/INSTALL.rst +++ /dev/null @@ -1,16 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html) -* Docker Engine -* docker-py -* docker - -Install -======= - - $ sudo pip install docker-py diff --git a/roles/nextcloud/molecule/default/molecule.yml b/roles/nextcloud/molecule/default/molecule.yml deleted file mode 100644 index 4a998a8..0000000 --- a/roles/nextcloud/molecule/default/molecule.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: - name: yamllint -platforms: - - name: ubuntu-1604 - image: ubuntu:16.04 -provisioner: - name: ansible - lint: - name: ansible-lint -scenario: - name: default -verifier: - name: testinfra - lint: - name: flake8 diff --git a/roles/nextcloud/molecule/default/playbook.yml b/roles/nextcloud/molecule/default/playbook.yml deleted file mode 100644 index 9c380a0..0000000 --- a/roles/nextcloud/molecule/default/playbook.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- - -- name: Converge - hosts: all - become: true - vars: - mysql_databases: - - name: nextcloud - mysql_users: - - name: nextcloud - password: password - priv: "nextcloud.*:ALL" - apache_vhosts: - - servername: localhost - documentroot: /var/www/html/nextcloud - extra_parameters: | - SetEnv HOME /var/www/html/nextcloud - SetEnv HTTP_HOME /var/www/html/nextcloud - nextcloud_database: - name: "{{ mysql_databases[0].name }}" - user: "{{ mysql_users[0].name }}" - pass: "{{ mysql_users[0].password }}" - nextcloud_admin_user: admin - nextcloud_admin_pass: password - nextcloud_urls_tmp: >- - {{ apache_vhosts - | map(attribute='servername') - | list - | zip_longest([], fillvalue=':80') - | map('join') - | list }} - nextcloud_urls: >- - {{ [] - | zip_longest(nextcloud_urls_tmp, fillvalue='http://') - | map('join') - | list }} - nextcloud_apps: - - name: calendar - - name: tasks - - name: news - nextcloud_config: - apps: - core: - backgroundjobs_mode: cron - nextcloud_users: - - name: demo - pass: 'tE(DVOsdo24)$@#f9S' - groups: - - admin - resetpassword: false - display_name: Nikolaos Kakouros - settings: - - firstrunwizard: - show: 0 - - calendar: - showWeekNr: true - pre_tasks: - - name: Gather facts - setup: ~ - become: false - tasks: - - include_role: - name: nkakouros-original.nextcloud - post_tasks: - - name: Check Nextcloud responds ok - uri: - url: http://localhost - return_content: true - register: _result - - name: Check Nextcloud return login form - assert: - that: - - _result.content is search('a safe home for all your data') diff --git a/roles/nextcloud/molecule/default/prepare.yml b/roles/nextcloud/molecule/default/prepare.yml deleted file mode 100644 index b4780b4..0000000 --- a/roles/nextcloud/molecule/default/prepare.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- - -- name: Prepare - hosts: all - become: true - vars: - mysql_root_password_update: false - mysql_databases: - - name: nextcloud - mysql_users: - - name: nextcloud - password: password - priv: "nextcloud.*:ALL" - mysql_packages: - - mariadb-client - - mariadb-server - - python-mysqldb - php_default_version_debian: '7.3' - php_packages_extra: - - "libapache2-mod-php{{ php_default_version_debian }}" - - "php{{ php_default_version_debian }}-zip" - - "php{{ php_default_version_debian }}-mysql" - - "php{{ php_default_version_debian }}-bz2" - - "php{{ php_default_version_debian }}-intl" - - "php{{ php_default_version_debian }}-gmp" - - "php{{ php_default_version_debian }}-apcu" - - "php{{ php_default_version_debian }}-imagick" - - "php{{ php_default_version_debian }}-dom" - - "php{{ php_default_version_debian }}-gd" - - "php{{ php_default_version_debian }}-curl" - - "php{{ php_default_version_debian }}-mbstring" - - php-mcrypt - apache_remove_default_vhost: true - apache_vhosts: - - servername: cloud.kakouros.net - documentroot: /var/www/html/nextcloud - extra_parameters: | - SetEnv HOME /var/www/html/nextcloud - SetEnv HTTP_HOME /var/www/html/nextcloud - apache_mods_enabled: - - rewrite.load - - "php{{ php_default_version_debian }}.load" - - headers.load - - env.load - - dir.load - - mime.load - apache_state: restarted - manala_cron_files: - - file: nextcloud - user: www-data - jobs: - - name: Run nextcloud cron - job: "php-cli -f {{ apache_vhosts.0.documentroot }}/cron.php" - minute: "*/1" - pre_tasks: - - name: Gather facts - setup: null - become: false - tasks: - - include_role: - name: iambryancs.ppa-ondrej - - include_role: - name: geerlingguy.php - - include_role: - name: geerlingguy.apache - - include_role: - name: geerlingguy.mysql - - include_role: - name: manala.cron diff --git a/roles/nextcloud/molecule/default/requirements.yml b/roles/nextcloud/molecule/default/requirements.yml deleted file mode 100644 index 6d66e64..0000000 --- a/roles/nextcloud/molecule/default/requirements.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -- src: iambryancs.ppa-ondrej -- src: geerlingguy.php -- src: geerlingguy.mysql -- src: geerlingguy.apache -- src: geerlingguy.firewall -- src: manala.cron diff --git a/roles/nextcloud/molecule/default/tests/test_default.py b/roles/nextcloud/molecule/default/tests/test_default.py deleted file mode 100644 index eedd64a..0000000 --- a/roles/nextcloud/molecule/default/tests/test_default.py +++ /dev/null @@ -1,14 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_hosts_file(host): - f = host.file('/etc/hosts') - - assert f.exists - assert f.user == 'root' - assert f.group == 'root' diff --git a/roles/nextcloud/tasks/apps/news.yml b/roles/nextcloud/tasks/apps/news.yml deleted file mode 100644 index 30d6e49..0000000 --- a/roles/nextcloud/tasks/apps/news.yml +++ /dev/null @@ -1,252 +0,0 @@ ---- - -- name: Create api url - set_fact: - _nextcloud_api_url_news: "{{ nextcloud_urls[0] }}/apps/news/api/v1-2" - when: nextcloud_enable_pretty_urls - -- name: Create api url - set_fact: - # TODO find the url without pretty urls - _nextcloud_api_url_news: "{{ _nextcloud_api_url_news }}" - when: not nextcloud_enable_pretty_urls - -- name: Find users that have News enabled - set_fact: - _nextcloud_news_users: >- - {{ - nextcloud_users - | selectattr('app_config.news', 'defined') - | list - }} - -- name: Merge feeds from opml files - set_fact: - _nextcloud_news_users: >- - [ - {%- for user in _nextcloud_news_users -%} - {%- if 'opml_file' in user.app_config.news -%} - {%- set ns = namespace(result=[]) -%} - {%- for opml_feed in - user['app_config']['news']['opml_file'] - | opml - -%} - {%- set feed = - user.app_config.news.feeds - | selectattr('url', 'equalto', opml_feed.url) - | list - -%} - {%- if feed | length == 0 -%} - {%- set ns.result = ns.result | union([opml_feed]) -%} - {%- endif -%} - {%- endfor -%} - {{ - user - | combine({ - "app_config": { - "news": { - "feeds": - ns.result - | union(user.app_config.news.feeds) - } - } - } - ) - }}, - {%- else -%} - {{ user }}, - {%- endif -%} - {%- endfor -%} - ] - - -- name: Read existing folders - uri: - method: GET - url: "{{ _nextcloud_api_url_news }}/folders" - headers: - Authorization: Basic {{ (item.name + ':' + item.pass) | b64encode }} - register: _nextcloud_existing_folders - loop: "{{ _nextcloud_news_users }}" - delegate_to: localhost - -- name: Read existing feeds - uri: - method: GET - url: "{{ _nextcloud_api_url_news }}/feeds" - headers: - Authorization: Basic {{ (item.name + ':' + item.pass) | b64encode }} - register: _nextcloud_existing_feeds - loop: "{{ _nextcloud_news_users }}" - delegate_to: localhost - -- name: Create feed folders - uri: - method: POST - url: "{{ _nextcloud_api_url_news }}/folders" - body_format: json - body: - name: "{{ item.1 }}" - headers: - Authorization: Basic {{ (item.0.name + ':' + item.0.pass) | b64encode }} - when: >- - _nextcloud_existing_folders.results[ - ( - _nextcloud_news_users - | map(attribute='name') - | flatten - ).index(item.0.name) - ]['json']['folders'] - | selectattr('name', 'equalto', item.1) - | list - | length == 0 - register: result - changed_when: result is success - loop: >- - {{ - _nextcloud_news_users - | zip( - _nextcloud_news_users - | subelements('app_config.news.feeds') - | map('last') - | flatten - | selectattr('folder', 'defined') - | selectattr('folder', 'ne', []) - | map(attribute='folder') - | flatten - | unique - ) - | list - }} - delegate_to: localhost - -- name: Read folders again - uri: - method: GET - url: "{{ _nextcloud_api_url_news }}/folders" - headers: - Authorization: Basic {{ (item.name + ':' + item.pass) | b64encode }} - when: result is changed - register: _nextcloud_existing_folders_again - changed_when: _nextcloud_existing_folders_again is success - loop: "{{ _nextcloud_news_users }}" - delegate_to: localhost - -- name: Update folders variable - set_fact: - _nextcloud_existing_folders: "{{ _nextcloud_existing_folders_again }}" - when: _nextcloud_existing_folders_again is changed - -- name: Create feeds - uri: - method: POST - url: "{{ _nextcloud_api_url_news }}/feeds" - body_format: json - body: - url: "{{ item.1.url }}" - folderId: >- - {{ - ( - _nextcloud_existing_folders.results[ - ( - _nextcloud_news_users - | map(attribute='name') - | flatten - ).index(item.0.name) - ]['json']['folders'] - | selectattr( - 'name', - 'equalto', - item.1.folder - | default([]) - | first - | default('') - ) - | list - | last - | default('__undefined__') - )['id'] - | default(omit) - }} - headers: - Authorization: Basic {{ (item.0.name + ':' + item.0.pass) | b64encode }} - when: >- - _nextcloud_existing_feeds.results[ - ( - _nextcloud_news_users - | map(attribute='name') - | flatten - ).index(item.0.name) - ]['json']['feeds'] - | selectattr('url', 'equalto', item.1.url) - | list - | length == 0 - register: result - changed_when: result is success - loop: "{{ _nextcloud_news_users | subelements('app_config.news.feeds') }}" - delegate_to: localhost - -# TODO this is a v2 api endpoint. I need to break it into `rename` and -# move-to-folder api calls for v1-2 -# - name: Update feeds -# uri: -# method: PATCH -# url: >- -# {{ _nextcloud_api_url_news }}/feeds/{{ -# ( -# _nextcloud_existing_feeds.results[ -# ( -# _nextcloud_news_users -# | map(attribute='name') -# | flatten -# ).index(item.0.name) -# ]['json']['feeds'] -# | selectattr('url', 'equalto', item.1.url) -# | list -# | last -# )['id'] -# }} -# body_format: json -# body: -# url: "{{ item.1.url }}" -# folderId: >- -# {{ -# ( -# _nextcloud_existing_folders.results[ -# ( -# _nextcloud_news_users -# | map(attribute='name') -# | flatten -# ).index(item.0.name) -# ]['json']['folders'] -# | selectattr( -# 'name', -# 'equalto', -# item.1.folder -# | default([]) -# | first -# | default('') -# ) -# | list -# | last -# | default('__undefined__') -# )['id'] -# | default(omit) -# }} -# headers: -# Authorization: Basic {{ (item.0.name + ':' + item.0.pass) | b64encode }} -# when: >- -# _nextcloud_existing_feeds.results[ -# ( -# _nextcloud_news_users -# | map(attribute='name') -# | flatten -# ).index(item.0.name) -# ]['json']['feeds'] -# | selectattr('url', 'equalto', item.1.url) -# | list -# | length > 0 -# register: result -# changed_when: result is success -# loop: "{{ _nextcloud_news_users | subelements('app_config.news.feeds') }}" -# delegate_to: localhost diff --git a/roles/nextcloud/tasks/core/apps.yml b/roles/nextcloud/tasks/core/apps.yml deleted file mode 100644 index c8cfeb0..0000000 --- a/roles/nextcloud/tasks/core/apps.yml +++ /dev/null @@ -1,149 +0,0 @@ ---- - -- name: Read apps shipped with Nextcloud - command: php occ app:list --shipped=true --no-warnings --output=json - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - register: _result - changed_when: false - -- name: Parse occ command response as JSON - set_fact: - nextcloud_shipped_apps: "{{ _result.stdout | from_json }}" - -- name: Read external apps installed by the user - command: php occ app:list --shipped=false --no-warnings --output=json - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - register: _result - changed_when: false - -- name: Parse occ command response as JSON - set_fact: - nextcloud_installed_apps: "{{ _result.stdout | from_json }}" - -- name: Remove unknown external apps - command: php occ app:remove "{{ item.key }}" - loop: >- - {{ - nextcloud_installed_apps.enabled - | combine(nextcloud_installed_apps.disabled) - | dict2items - }} - become: true - become_user: "{{ nextcloud_file_owner }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - register: result - failed_when: result.stdout is not search('removed') or result is failed - changed_when: result is not failed - when: - - nextcloud_remove_unknown_apps | bool - - not (nextcloud_apps | selectattr('name', 'search', item.key) | list) - -- name: Remove unwanted external apps - command: php occ app:remove "{{ item.name }}" - loop: "{{ nextcloud_apps }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - register: result - failed_when: result.stdout is not search('removed') or result is failed - changed_when: result is not failed - when: - - item.name in (nextcloud_installed_apps.enabled - | combine(nextcloud_installed_apps.disabled)) - - item.state | default('enabled') == 'absent' - -# Install all apps from the configured list which -# - are external apps (not in the shipped apps list) and -# - are not yet installed (not in the installed apps list) and -# - have their state not set to "absent" -- name: Install external apps - command: php occ app:install "{{ item.name }}" - loop: "{{ nextcloud_apps }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - register: result - failed_when: result.stdout is not search('installed') or result is failed - changed_when: result is not failed - when: - - item.name not in (nextcloud_shipped_apps.enabled - | combine(nextcloud_shipped_apps.disabled)) - - item.name not in (nextcloud_installed_apps.enabled - | combine(nextcloud_installed_apps.disabled)) - - item.state | default('enabled') != 'absent' - notify: nextcloud set file permissions - -# Update list of available apps after installation and removal: -- name: Re-read installed external apps - command: php occ app:list --shipped=false --no-warnings --output=json - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - register: _result - changed_when: false - -- name: Parse occ command response as JSON - set_fact: - nextcloud_installed_apps: "{{ _result.stdout | from_json }}" - -# Check and update all external apps -- name: Update external apps - command: php occ app:update "{{ item.key }}" - loop: >- - {{ - nextcloud_installed_apps.enabled - | combine(nextcloud_installed_apps.disabled) - | dict2items - }} - become: true - become_user: "{{ nextcloud_file_owner }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - register: result - failed_when: result.stdout is search('not installed') or result is failed - changed_when: result.stdout is search('updated') and result is not failed - notify: nextcloud set file permissions - -# Enable all apps from the configured list which -# - are not yet enabled and -# - have their state set to "enabled" -- name: Enable apps - command: php occ app:enable "{{ item.name }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - loop: "{{ nextcloud_apps }}" - when: - - (item.state | default('enabled')) == 'enabled' - - item.name not in ( - nextcloud_installed_apps.enabled - | combine(nextcloud_shipped_apps.enabled) - ) - -# Disable all apps from the configured list which -# - are not yet disabled and -# - have their state set to "disabled" -- name: Disable apps - command: php occ app:disable "{{ item.name }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - loop: "{{ nextcloud_apps }}" - when: - - (item.state | default('enabled')) == 'disabled' - - item.name not in ( - nextcloud_installed_apps.disabled - | combine(nextcloud_shipped_apps.disabled) - ) diff --git a/roles/nextcloud/tasks/core/config.yml b/roles/nextcloud/tasks/core/config.yml deleted file mode 100644 index da2d2b5..0000000 --- a/roles/nextcloud/tasks/core/config.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- - -- name: Get global preferences - command: php occ config:list --private --output=json - args: - chdir: "{{ nextcloud_installation_dir }}" - register: _result - changed_when: false - no_log: true - become: true - become_user: "{{ nextcloud_file_owner }}" - -- name: Parse global preferences as json and merge configurations - set_fact: - _nextcloud_old_preferences: - "{{ _result.stdout | from_json }}" - _nextcloud_updated_preferences: >- - {{ - _result.stdout | from_json | combine(nextcloud_config, recursive=True) - }} - no_log: true - -- name: Configure nextcloud and apps - block: - - name: Create temporary config file - tempfile: - suffix: nextcloud - register: _result - - - name: Save config to file - copy: - content: "{{ nextcloud_config | to_json }}" - dest: "{{ _result.path }}" - owner: "{{ nextcloud_file_owner }}" - mode: 0o400 - - - name: Set up global preferences - command: php occ config:import "{{ _result.path }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - register: result - changed_when: result is success - notify: nextcloud update htaccess - failed_when: (result.stdout is not search('successfully imported') - or result is failed) - - - meta: flush_handlers - - - name: Delete temporary config file - file: - path: "{{ _result.path }}" - state: absent - when: _nextcloud_updated_preferences != _nextcloud_old_preferences diff --git a/roles/nextcloud/tasks/core/install.yml b/roles/nextcloud/tasks/core/install.yml deleted file mode 100644 index 9b2bbf7..0000000 --- a/roles/nextcloud/tasks/core/install.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- - -# These tasks install Nextcloud if it is not installed on the system already. -# They should run only once. - -- name: Install unzip - package: - name: unzip - state: present - when: download_file_type == '.zip' - -- name: Install dependencies - package: - name: "{{ package }}" - loop: "{{ packages }}" - loop_control: - loop_var: package - vars: - packages: - - imagemagick - -- name: Check if nextcloud is already installed - stat: - path: "{{ nextcloud_installation_dir }}/updater/updater.phar" - register: _result - -- name: Download nextcloud - unarchive: - src: "{{ nextcloud_download_url }}" - dest: "{{ nextcloud_installation_parent_dir }}" - remote_src: true - owner: "{{ nextcloud_file_owner }}" - group: "{{ nextcloud_file_owner }}" - register: _result - when: not _result.stat.exists - -- name: Install nextcloud - block: - # When extracting the downloaded nextcloud archive, the files are placed - # under a nextcloud folder. Here, we rename this folder if the user has - # specified a different folder. - - name: Move nextcloud folder - command: >- - mv - "{{ nextcloud_installation_parent_dir }}/nextcloud" - "{{ nextcloud_installation_dir }}" - when: - - _result is not skipped - - nextcloud_installation_dir | basename != "nextcloud" - - - name: Create nextcloud data folder - file: - path: "{{ nextcloud_data_dir }}" - state: directory - owner: "{{ nextcloud_file_owner }}" - group: "{{ nextcloud_file_owner }}" - mode: 0o750 - - - name: Install nextcloud - command: >- - php occ maintenance:install - --no-interaction - --database "{{ nextcloud_database.backend }}" - --database-name "{{ nextcloud_database.name }}" - --database-user "{{ nextcloud_database.user }}" - --database-pass "{{ nextcloud_database.pass }}" - --database-host "{{ nextcloud_database.host }}" - --database-port "{{ nextcloud_database.port }}" - --database-table-prefix "{{ nextcloud_database.prefix }}" - --admin-user "{{ nextcloud_admin_user }}" - --admin-pass "{{ nextcloud_admin_pass }}" - --data-dir "{{ nextcloud_data_dir }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - creates: "{{ nextcloud_installation_dir }}/config/config.php" - become: true - become_user: "{{ nextcloud_file_owner }}" - notify: nextcloud set file permissions - - when: _result is not skipped diff --git a/roles/nextcloud/tasks/core/integrity.yml b/roles/nextcloud/tasks/core/integrity.yml deleted file mode 100644 index 6f889fd..0000000 --- a/roles/nextcloud/tasks/core/integrity.yml +++ /dev/null @@ -1,97 +0,0 @@ ---- - -- name: Read extra files - block: - - name: Run integrity check for core - command: "php occ integrity:check-core --output=json" - args: - chdir: "{{ nextcloud_installation_dir }}" - register: nextcloud_integrity_core - become: true - become_user: "{{ nextcloud_file_owner }}" - failed_when: false - changed_when: false - - - name: Run integrity check for apps - command: "php occ integrity:check-app {{ item }} --output=json" - args: - chdir: "{{ nextcloud_installation_dir }}" - register: nextcloud_integrity_apps - loop: >- - {{ - ( - nextcloud_installed_apps.enabled - | combine(nextcloud_installed_apps.disabled) - ).keys() - | list - }} - changed_when: false - failed_when: false - become: true - become_user: "{{ nextcloud_file_owner }}" - - - name: Extract extra files that need deletion - set_fact: - nextcloud_extra_files: >- - [ - {%- for result in nextcloud_integrity_apps.results -%} - {%- set appname=result.item -%} - {%- set files=(result.stdout_lines[-1] | from_json) -%} - {%- if files is mapping and 'EXTRA_FILE' in files -%} - "{{ [] - | zip_longest( - files['EXTRA_FILE'].keys(), - fillvalue=("apps/" ~ appname) - ) - | map('join', '/') - | list - | join('","') }}" - , - {%- endif -%} - {%- endfor -%} - {%- set files=( - nextcloud_integrity_core.stdout_lines[-1] - | from_json - ) - -%} - {%- if files is mapping and 'EXTRA_FILE' in files -%} - '{{ files["EXTRA_FILE"].keys() | join("','") }}' - {%- endif -%} - ] - -- name: Delete extra files - block: - # Using `command` instead of `file` with a loop to make it (much) faster. - - name: Delete files found by integrity check - command: >- - rm -f '{{ nextcloud_extra_files | join("' '") }}' - args: - chdir: "{{ nextcloud_installation_dir }}" - warn: false - - - name: Re-run integrity check for core to update integrity results - command: "php occ integrity:check-core --output=json" - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - failed_when: false - changed_when: false - - - name: Re-run integrity check for apps to update integrity results - command: "php occ integrity:check-app {{ item }} --output=json" - args: - chdir: "{{ nextcloud_installation_dir }}" - loop: >- - {{ - ( - nextcloud_installed_apps.enabled - | combine(nextcloud_installed_apps.disabled) - ).keys() - | list - }} - changed_when: false - failed_when: false - become: true - become_user: "{{ nextcloud_file_owner }}" - when: nextcloud_extra_files | length > 0 diff --git a/roles/nextcloud/tasks/core/occ.yml b/roles/nextcloud/tasks/core/occ.yml deleted file mode 100644 index 50f93d5..0000000 --- a/roles/nextcloud/tasks/core/occ.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- - -- name: Make occ executable - file: - path: "{{ nextcloud_installation_dir }}/occ" - mode: "u+x" - owner: "{{ nextcloud_file_owner }}" - group: "{{ nextcloud_file_owner }}" - when: nextcloud_occ_make_executable | bool - -- name: Make occ available as a system command - copy: - content: >- - sudo --preserve-env --user {{ nextcloud_file_owner }} \ - '{{ nextcloud_installation_dir }}/occ' "$@" - dest: /usr/bin/occ - owner: root - group: root - when: nextcloud_occ_system_command | bool - -- name: Setup completion for occ - block: - - name: Read occ completion functions - command: php occ _completion --generate-hook --shell-type bash - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - changed_when: false - register: _occ_completion - - - name: Install bash_completion - package: - name: bash-completion - - - name: Setup occ completion - copy: - content: "{{ _occ_completion.stdout }}" - dest: '/etc/bash_completion.d/nextcloud' - owner: root - group: root - mode: 0o644 - when: nextcloud_occ_completions | bool diff --git a/roles/nextcloud/tasks/core/upgrade.yml b/roles/nextcloud/tasks/core/upgrade.yml deleted file mode 100644 index 3bd0887..0000000 --- a/roles/nextcloud/tasks/core/upgrade.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- - -- name: Check if update is available - command: php occ update:check --no-interaction - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - register: _result - changed_when: _result.stdout | regex_search('^Nextcloud .* is available') - failed_when: _result is failed - -- name: Make files writable by php user - file: - path: "{{ nextcloud_installation_dir }}" - mode: u=rwX,g=rX,o=rX - owner: "{{ nextcloud_file_owner }}" - group: "{{ nextcloud_file_owner }}" - recurse: true - when: _result.stdout | regex_search('^Nextcloud .* is available') - # Make sure to correctly set file permissions after the installation - notify: nextcloud set file permissions - -- name: Update Nextcloud installation - command: php updater/updater.phar --no-interaction - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - register: _result - failed_when: - - _result is failed - - _result.stdout is not search('Update successful') - # We only check for an upgrade of Nextcloud itself, not of the apps - when: _result.stdout | regex_search('^Nextcloud .* is available') - -- name: Check if upgrade is needed - command: php occ status - args: - chdir: "{{ nextcloud_installation_dir }}" - register: nextcloud_status - changed_when: false - become: true - become_user: "{{ nextcloud_file_owner }}" - -- name: Upgrade Nextcloud installation - command: php occ upgrade - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - when: >- - nextcloud_status.stdout - is search('Nextcloud or one of the apps require upgrade') diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml deleted file mode 100644 index ec0fa17..0000000 --- a/roles/nextcloud/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -- include_tasks: nextcloud.yml - when: nextcloud_enable | bool diff --git a/roles/nextcloud/tasks/nextcloud.yml b/roles/nextcloud/tasks/nextcloud.yml deleted file mode 100644 index f1f33b6..0000000 --- a/roles/nextcloud/tasks/nextcloud.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- - -- include_tasks: variables.yml - -- include_tasks: core/install.yml - -- include_tasks: core/upgrade.yml - -- include_tasks: core/apps.yml - -- include_tasks: core/integrity.yml - -- include_tasks: core/config.yml - -- include_tasks: core/occ.yml - -- include_tasks: users/user.yml - -- include_tasks: users/group.yml - -- include_tasks: users/user_config.yml - -- include_tasks: - file: apps/news.yml - apply: - become: false diff --git a/roles/nextcloud/tasks/users/group.yml b/roles/nextcloud/tasks/users/group.yml deleted file mode 100644 index a517580..0000000 --- a/roles/nextcloud/tasks/users/group.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -- name: Create user groups - command: php occ group:add "{{ item }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - loop: >- - {{ - nextcloud_users - | map(attribute='groups') - | flatten - | list - | unique - }} - register: result - changed_when: result is success - failed_when: - result is failed and result.stdout is not search('already exists') - become: true - become_user: "{{ nextcloud_file_owner }}" - -- name: Get user info - command: php occ user:info "{{ item.name }}" --output=json - args: - chdir: "{{ nextcloud_installation_dir }}" - register: _nextcloud_user_info - loop: "{{ nextcloud_users }}" - changed_when: false - become: true - become_user: "{{ nextcloud_file_owner }}" - -- name: Add users to groups - command: php occ group:adduser "{{ item.1 }}" "{{ item.0.name }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - loop: "{{ nextcloud_users | subelements('groups') }}" - when: >- - item.1 not in - ( - _nextcloud_user_info.results - | map(attribute='stdout') - | map('from_json') - | selectattr('user_id', 'equalto', item.0.name) - | first - ).groups - become: true - become_user: "{{ nextcloud_file_owner }}" diff --git a/roles/nextcloud/tasks/users/user.yml b/roles/nextcloud/tasks/users/user.yml deleted file mode 100644 index ad24b04..0000000 --- a/roles/nextcloud/tasks/users/user.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- - -- name: Get user list - command: php occ user:list --output=json - args: - chdir: "{{ nextcloud_installation_dir }}" - register: nextcloud_online_users - changed_when: false - become: true - become_user: "{{ nextcloud_file_owner }}" - -# There might be non-json lines that break parsing. -- name: Remove non-json text from command output - set_fact: - nextcloud_online_users: >- - {{ - ( - nextcloud_online_users.stdout - | regex_replace('^[^{]*(.*)$', '\1') - | from_json - ).keys() - | list - }} - -- name: Create users - command: >- - php occ user:add - "{{ item.name }}" - --display-name "{{ item.display_name }}" - --password-from-env - args: - chdir: "{{ nextcloud_installation_dir }}" - when: item.name not in nextcloud_online_users - environment: - OC_PASS: "{{ item.pass }}" - loop: "{{ nextcloud_users }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - -- name: Update user password - command: php occ user:resetpassword "{{ item.name }}" --password-from-env - args: - chdir: "{{ nextcloud_installation_dir }}" - when: - - item.resetpassword | default(False) - - item.name in nextcloud_online_users - environment: - OC_PASS: "{{ item.pass }}" - loop: "{{ nextcloud_users }}" - become: true - become_user: "{{ nextcloud_file_owner }}" diff --git a/roles/nextcloud/tasks/users/user_config.yml b/roles/nextcloud/tasks/users/user_config.yml deleted file mode 100644 index 988c759..0000000 --- a/roles/nextcloud/tasks/users/user_config.yml +++ /dev/null @@ -1,76 +0,0 @@ ---- - -- name: Get local python version - become: false - command: python -V - delegate_to: localhost - register: localhost_python - changed_when: false - -- name: Register local python version - set_fact: - localhost_python: >- - {{ - localhost_python.stdout - | regex_replace('^Python ([0-9])\\..*$', '\\1') - }} - changed_when: false - -# TODO simplify this with filters -- name: Create user settings list - set_fact: - user_settings: >- - [ - {%- for user in nextcloud_users -%} - {%- for app_setting in user.settings -%} - {%- if localhost_python == '2' -%} - {%- for app, settings in app_setting.iteritems() -%} - {%- for key, value in settings.iteritems() -%} - { - 'user': "{{ user.name }}", - 'app': "{{ app }}", - 'key': "{{ key }}", - 'value': "{{ value }}" - }, - {%- endfor -%} - {%- endfor -%} - {%- elif localhost_python == '3' -%} - {%- for app, settings in app_setting.items() -%} - {%- for key, value in settings.items() -%} - { - 'user': "{{ user.name }}", - 'app': "{{ app }}", - 'key': "{{ key }}", - 'value': "{{ value }}" - }, - {%- endfor -%} - {%- endfor -%} - {%- endif -%} - {%- endfor -%} - {%- endfor -%} - ] - -- name: Read existing config values - command: "php occ user:setting {{ item.user }} {{ item.app }} {{ item.key }}" - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - failed_when: false - changed_when: false - register: user_config_values - loop: "{{ user_settings }}" - -- name: Enable user settings - command: >- - php occ user:setting - {{ item.0.user }} - {{ item.0.app }} - {{ item.0.key }} - {{ item.0.value }} - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - when: item.0.value != item.1.stdout - loop: "{{ user_settings | zip(user_config_values.results) | list }}" diff --git a/roles/nextcloud/tasks/variables.yml b/roles/nextcloud/tasks/variables.yml deleted file mode 100644 index ff8477c..0000000 --- a/roles/nextcloud/tasks/variables.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Checking role configuration - assert: - that: - - nextcloud_database.pass - - ( nextcloud_admin_pass ) - msg: "DB user and admin user passwords cannot be empty" - -- name: Set missing defaults - set_fact: - nextcloud_database: - "{{ _nextcloud_database | combine(nextcloud_database) }}" - -- name: Extract download file type - set_fact: - download_file_type: "{{ nextcloud_download_url[-4:] }}" - -- name: Remove trailing slash from installation directory - set_fact: - nextcloud_installation_dir: >- - {{ nextcloud_installation_dir | regex_replace('/$', '') }} - -- name: Read installation parent dir - set_fact: - nextcloud_installation_parent_dir: - "{{ nextcloud_installation_dir | dirname }}" diff --git a/roles/nextcloud/vars/main.yml b/roles/nextcloud/vars/main.yml deleted file mode 100644 index 20eb7c1..0000000 --- a/roles/nextcloud/vars/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- - -# This provides defaults for `nextcloud_database` keys that the user may have -# skipped. In `defaults/main.yml` all keys are set to defaults, but if the user -# specifies in their playbook the `nextcloud_database` variable, then those -# defaults are overwritten. -_nextcloud_database: - backend: mysql - # The database server that will be used. It should be already installed and - # the database should already exist. For 'mariadb', set this to 'mysql'. - - name: nextcloud - # The name of the database nextcloud will use. It should already exist on the - # system. - - user: nextcloud - # The database user that nextcloud will use to access the database. The user - # should already exist in the database backend (together with their password). - - pass: '' - # The database user's password. This variable should not be empty. - - host: localhost - # The database host - - port: 3306 - # The port the db server listens on - - prefix: oc_ - # Prefix for the nextcloud tables in the database. diff --git a/roles/nfs/.ansible-lint b/roles/nfs/.ansible-lint deleted file mode 100644 index 5557294..0000000 --- a/roles/nfs/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: - - '106' diff --git a/roles/nfs/.github/FUNDING.yml b/roles/nfs/.github/FUNDING.yml deleted file mode 100644 index 96b4938..0000000 --- a/roles/nfs/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/nfs/.github/stale.yml b/roles/nfs/.github/stale.yml deleted file mode 100644 index c7ff127..0000000 --- a/roles/nfs/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/nfs/.github/workflows/ci.yml b/roles/nfs/.github/workflows/ci.yml deleted file mode 100644 index 8b55bd9..0000000 --- a/roles/nfs/.github/workflows/ci.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -name: CI -'on': - pull_request: - push: - branches: - - master - schedule: - - cron: "30 1 * * 3" - -defaults: - run: - working-directory: 'geerlingguy.nfs' - -jobs: - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.nfs' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install yamllint ansible-lint - - - name: Lint code. - run: | - yamllint . - ansible-lint - - molecule: - name: Molecule - runs-on: ubuntu-latest - strategy: - matrix: - distro: - - centos8 - - centos7 - - ubuntu2004 - - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.nfs' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install ansible molecule[docker] docker - - - name: Run Molecule tests. - run: molecule test - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/roles/nfs/.github/workflows/release.yml b/roles/nfs/.github/workflows/release.yml deleted file mode 100644 index a4775fd..0000000 --- a/roles/nfs/.github/workflows/release.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# This workflow requires a GALAXY_API_KEY secret present in the GitHub -# repository or organization. -# -# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy -# See: https://github.com/ansible/galaxy/issues/46 - -name: Release -'on': - push: - tags: - - '*' - -defaults: - run: - working-directory: 'geerlingguy.nfs' - -jobs: - - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.nfs' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install Ansible. - run: pip3 install ansible-base - - - name: Trigger a new import on Galaxy. - run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/nfs/.gitignore b/roles/nfs/.gitignore deleted file mode 100644 index f56f5b5..0000000 --- a/roles/nfs/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/nfs/.yamllint b/roles/nfs/.yamllint deleted file mode 100644 index 76a383c..0000000 --- a/roles/nfs/.yamllint +++ /dev/null @@ -1,10 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 120 - level: warning - -ignore: | - .github/stale.yml diff --git a/roles/nfs/LICENSE b/roles/nfs/LICENSE deleted file mode 100644 index 4275cf3..0000000 --- a/roles/nfs/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/nfs/README.md b/roles/nfs/README.md deleted file mode 100644 index 97e7f04..0000000 --- a/roles/nfs/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# Ansible Role: NFS - -[![CI](https://github.com/geerlingguy/ansible-role-nfs/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-nfs/actions?query=workflow%3ACI) - -Installs NFS utilities on RedHat/CentOS or Debian/Ubuntu. - -## Requirements - -None. - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - nfs_exports: [] - -A list of exports which will be placed in the `/etc/exports` file. See Ubuntu's simple [Network File System (NFS)](https://ubuntu.com/server/docs/service-nfs) guide for more info and examples. (Simple example: `nfs_exports: [ "/home/public *(rw,sync,no_root_squash)" ]`). - - nfs_rpcbind_state: started - nfs_rpcbind_enabled: true - -(RedHat/CentOS/Fedora only) The state of the `rpcbind` service, and whether it should be enabled at system boot. - -## Dependencies - -None. - -## Example Playbook - - - hosts: db-servers - roles: - - { role: geerlingguy.nfs } - -## License - -MIT / BSD - -## Author Information - -This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/nfs/defaults/main.yml b/roles/nfs/defaults/main.yml deleted file mode 100644 index 0bc919f..0000000 --- a/roles/nfs/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -nfs_exports: [] - -nfs_rpcbind_state: started -nfs_rpcbind_enabled: true diff --git a/roles/nfs/handlers/main.yml b/roles/nfs/handlers/main.yml deleted file mode 100644 index 4cdcec5..0000000 --- a/roles/nfs/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: reload nfs - command: 'exportfs -ra' diff --git a/roles/nfs/meta/.galaxy_install_info b/roles/nfs/meta/.galaxy_install_info deleted file mode 100644 index df99eff..0000000 --- a/roles/nfs/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Mon Mar 1 02:12:55 2021 -version: 2.0.0 diff --git a/roles/nfs/meta/main.yml b/roles/nfs/meta/main.yml deleted file mode 100644 index c16ec8b..0000000 --- a/roles/nfs/meta/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: nfs - author: geerlingguy - description: NFS installation for Linux. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - all - - name: Fedora - versions: - - all - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - all - galaxy_tags: - - system - - nfs - - filesystem - - share - - nfsv4 - - efs diff --git a/roles/nfs/molecule/default/converge.yml b/roles/nfs/molecule/default/converge.yml deleted file mode 100644 index ee8ce1d..0000000 --- a/roles/nfs/molecule/default/converge.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' - changed_when: false - - roles: - - role: geerlingguy.nfs diff --git a/roles/nfs/molecule/default/molecule.yml b/roles/nfs/molecule/default/molecule.yml deleted file mode 100644 index 7490710..0000000 --- a/roles/nfs/molecule/default/molecule.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/nfs/tasks/main.yml b/roles/nfs/tasks/main.yml deleted file mode 100644 index 4100030..0000000 --- a/roles/nfs/tasks/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Include variables and define needed variables. -- name: Include OS-specific variables. - include_vars: "{{ ansible_os_family }}.yml" - -- name: Include overrides specific to Fedora. - include_vars: Fedora.yml - when: - - ansible_os_family == 'RedHat' - - ansible_distribution == "Fedora" - -# Setup/install tasks. -- include_tasks: setup-RedHat.yml - when: ansible_os_family == 'RedHat' - -- include_tasks: setup-Debian.yml - when: ansible_os_family == 'Debian' - -- name: Ensure directories to export exist - file: # noqa 208 - path: "{{ item.strip().split()[0] }}" - state: directory - with_items: "{{ nfs_exports }}" - -- name: Copy exports file. - template: - src: exports.j2 - dest: /etc/exports - owner: root - group: root - mode: 0644 - notify: reload nfs - -- name: Ensure nfs is running. - service: "name={{ nfs_server_daemon }} state=started enabled=yes" - when: nfs_exports|length diff --git a/roles/nfs/tasks/setup-Debian.yml b/roles/nfs/tasks/setup-Debian.yml deleted file mode 100644 index 829b614..0000000 --- a/roles/nfs/tasks/setup-Debian.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Ensure NFS utilities are installed. - apt: - name: - - nfs-common - - nfs-kernel-server - state: present diff --git a/roles/nfs/tasks/setup-RedHat.yml b/roles/nfs/tasks/setup-RedHat.yml deleted file mode 100644 index d7198af..0000000 --- a/roles/nfs/tasks/setup-RedHat.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Ensure NFS utilities are installed. - package: name=nfs-utils state=present - -- name: Ensure rpcbind is running as configured. - service: - name: rpcbind - state: "{{ nfs_rpcbind_state }}" - enabled: "{{ nfs_rpcbind_enabled }}" diff --git a/roles/nfs/templates/exports.j2 b/roles/nfs/templates/exports.j2 deleted file mode 100644 index fa27c55..0000000 --- a/roles/nfs/templates/exports.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# /etc/exports: the access control list for filesystems which may be exported -# to NFS clients. See exports(5). -# -# Example for NFSv2 and NFSv3: -# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) -# -# Example for NFSv4: -# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) -# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) -# -{% for export in nfs_exports %} -{{ export }} -{% endfor %} \ No newline at end of file diff --git a/roles/nfs/vars/Debian.yml b/roles/nfs/vars/Debian.yml deleted file mode 100644 index d7ee6b5..0000000 --- a/roles/nfs/vars/Debian.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -nfs_server_daemon: nfs-kernel-server diff --git a/roles/nfs/vars/Fedora.yml b/roles/nfs/vars/Fedora.yml deleted file mode 100644 index 0538858..0000000 --- a/roles/nfs/vars/Fedora.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -nfs_server_daemon: nfs-server diff --git a/roles/nfs/vars/RedHat.yml b/roles/nfs/vars/RedHat.yml deleted file mode 100644 index 0538858..0000000 --- a/roles/nfs/vars/RedHat.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -nfs_server_daemon: nfs-server diff --git a/roles/php/.ansible-lint b/roles/php/.ansible-lint deleted file mode 100644 index 9034f22..0000000 --- a/roles/php/.ansible-lint +++ /dev/null @@ -1,5 +0,0 @@ -skip_list: - - '306' - - '405' - - '503' - - '106' diff --git a/roles/php/.github/FUNDING.yml b/roles/php/.github/FUNDING.yml deleted file mode 100644 index 96b4938..0000000 --- a/roles/php/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/php/.github/stale.yml b/roles/php/.github/stale.yml deleted file mode 100644 index c7ff127..0000000 --- a/roles/php/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/php/.gitignore b/roles/php/.gitignore deleted file mode 100644 index f56f5b5..0000000 --- a/roles/php/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/php/.travis.yml b/roles/php/.travis.yml deleted file mode 100644 index f13e273..0000000 --- a/roles/php/.travis.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: php - matrix: - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: ubuntu2004 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: debian10 - - MOLECULE_DISTRO: debian9 - - - MOLECULE_DISTRO: centos7 - MOLECULE_PLAYBOOK: playbook-source.yml - -before_install: - # Upgrade Docker to work with docker-py. - - curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash - -install: - # Install test dependencies. - - pip install molecule[docker] yamllint ansible-lint docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/php/.yamllint b/roles/php/.yamllint deleted file mode 100644 index f2033dd..0000000 --- a/roles/php/.yamllint +++ /dev/null @@ -1,11 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 120 - level: warning - -ignore: | - .github/stale.yml - .travis.yml diff --git a/roles/php/LICENSE b/roles/php/LICENSE deleted file mode 100644 index 4275cf3..0000000 --- a/roles/php/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/php/README.md b/roles/php/README.md deleted file mode 100644 index c56dea7..0000000 --- a/roles/php/README.md +++ /dev/null @@ -1,239 +0,0 @@ -# Ansible Role: PHP - -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-php.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-php) - -Installs PHP on RedHat/CentOS and Debian/Ubuntu servers. - -## Requirements - -If you're using an older LTS release of Ubuntu or RHEL, with an old/outdated version of PHP, you need to use a repo or PPA with a maintained PHP version, as this role only works with [PHP versions that are currently supported](http://php.net/supported-versions.php) by the PHP community. - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - php_packages: [] - -A list of the PHP packages to install (OS-specific by default). You'll likely want to install common packages like `php`, `php-cli`, `php-devel` and `php-pdo`, and you can add in whatever other packages you'd like (for example, `php-gd` for image manipulation, or `php-ldap` if you need to connect to an LDAP server for authentication). - -_Note: If you're using Debian/Ubuntu, you also need to install `libapache2-mod-fastcgi` (for cgi/PHP-FPM) or `libapache2-mod-php7.0` (or a similar package depending on PHP version) if you want to use `mod_php` with Apache._ - - php_packages_extra: [] - -A list of extra PHP packages to install without overriding the default list. - - php_enable_webserver: true - -If your usage of PHP is tied to a web server (e.g. Apache or Nginx), leave this default value. If you are using PHP server-side or to run some small application, set this value to `false` so this role doesn't attempt to interact with a web server. - - php_webserver_daemon: "httpd" - -The default values for the HTTP server deamon are `httpd` (used by Apache) for RedHat/CentOS, or `apache2` (also used by Apache) for Debian/Ubuntu. If you are running another webserver (for example, `nginx`), change this value to the name of the daemon under which the webserver runs. - - php_enablerepo: "" - -(RedHat/CentOS only) If you have enabled any additional repositories (might I suggest [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi)), those repositories can be listed under this variable (e.g. `remi-php70,epel`). This can be handy, as an example, if you want to install the latest version of PHP 7.0, which is in the Remi repository. - - php_default_version_debian: "" - -(Debian/Ubuntu only) The default version of PHP in the given OS version repositories. The specific version is set per distro and per version, but you can override it by providing a value here, like `"7.4"`. - -**If you'd like to be able to switch PHP versions easily, or use a version that's not available in system packages**: You can use the [`geerlingguy.php-versions`](https://galaxy.ansible.com/geerlingguy/php-versions/) role to more easily switch between major PHP versions (e.g. 5.6, 7.1, 7.2). - - php_packages_state: "present" - -If you have enabled any additional repositories such as [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel) or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to swap PHP versions on the fly. By default, this is set to `"present"`. You can override this variable to `"latest"` to upgrade to the latest available version. Combined with `php_enablerepo`, a user now doesn't need to manually uninstall the existing PHP packages before installing them from a different repository. - - php_install_recommends: true - -(Debian/Ubuntu only) Whether to install recommended packages when installing `php_packages`; you might want to set this to `no` explicitly if you're installing a PPA that recommends certain packages you don't want (e.g. Ondrej's `php` PPA will install `php7.0-cli` if you install `php-pear` alongside `php5.6-cli`... which is often not desired!). - - php_executable: "php" - -The executable to run when calling PHP from the command line. You should only change this if running `php` on your server doesn't target the correct executable, or if you're using software collections on RHEL/CentOS and need to target a different version of PHP. - -### PHP-FPM - -PHP-FPM is a simple and robust FastCGI Process Manager for PHP. It can dramatically ease scaling of PHP apps and is the normal way of running PHP-based sites and apps when using a webserver like Nginx (though it can be used with other webservers just as easily). - -When using this role with PHP running as `php-fpm` instead of as a process inside a webserver (e.g. Apache's `mod_php`), you need to set the following variable to `true`: - - php_enable_php_fpm: false - -If you're using Apache, you can easily get it configured to work with PHP-FPM using the [geerlingguy.apache-php-fpm](https://github.com/geerlingguy/ansible-role-apache-php-fpm) role. - - php_fpm_state: started - php_fpm_enabled_on_boot: true - -Control over the fpm daemon's state; set these to `stopped` and `false` if you want FPM to be installed and configured, but not running (e.g. when installing in a container). - - php_fpm_handler_state: restarted - -The handler restarts PHP-FPM by default. Setting the value to `reloaded` will reload the service, intead of restarting it. - - php_fpm_listen: "127.0.0.1:9000" - php_fpm_listen_allowed_clients: "127.0.0.1" - php_fpm_pm_max_children: 50 - php_fpm_pm_start_servers: 5 - php_fpm_pm_min_spare_servers: 5 - php_fpm_pm_max_spare_servers: 5 - -Specific settings inside the default `www.conf` PHP-FPM pool. If you'd like to manage additional settings, you can do so either by replacing the file with your own template or using `lineinfile` like this role does inside `tasks/configure-fpm.yml`. - -### php.ini settings - - php_use_managed_ini: true - -By default, all the extra defaults below are applied through the php.ini included with this role. You can self-manage your php.ini file (if you need more flexility in its configuration) by setting this to `false` (in which case all the below variables will be ignored). - - php_fpm_pool_user: "[apache|nginx|other]" # default varies by OS - php_fpm_pool_group: "[apache|nginx|other]" # default varies by OS - php_memory_limit: "256M" - php_max_execution_time: "60" - php_max_input_time: "60" - php_max_input_vars: "1000" - php_realpath_cache_size: "32K" - php_file_uploads: "On" - php_upload_max_filesize: "64M" - php_max_file_uploads: "20" - php_post_max_size: "32M" - php_date_timezone: "America/Chicago" - php_allow_url_fopen: "On" - php_sendmail_path: "/usr/sbin/sendmail -t -i" - php_output_buffering: "4096" - php_short_open_tag: false - php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" - php_display_errors: "Off" - php_display_startup_errors: "On" - php_expose_php: "On" - php_session_cookie_lifetime: 0 - php_session_gc_probability: 1 - php_session_gc_divisor: 1000 - php_session_gc_maxlifetime: 1440 - php_session_save_handler: files - php_session_save_path: '' - php_disable_functions: [] - php_precision: 14 - php_serialize_precision: "-1" - -Various defaults for PHP. Only used if `php_use_managed_ini` is set to `true`. - -### OpCache-related Variables - -The OpCache is included in PHP starting in version 5.5, and the following variables will only take effect if the version of PHP you have installed is 5.5 or greater. - - php_opcache_zend_extension: "opcache.so" - php_opcache_enable: "1" - php_opcache_enable_cli: "0" - php_opcache_memory_consumption: "96" - php_opcache_interned_strings_buffer: "16" - php_opcache_max_accelerated_files: "4096" - php_opcache_max_wasted_percentage: "5" - php_opcache_validate_timestamps: "1" - php_opcache_revalidate_path: "0" - php_opcache_revalidate_freq: "2" - php_opcache_max_file_size: "0" - -OpCache ini directives that are often customized on a system. Make sure you have enough memory and file slots allocated in the OpCache (`php_opcache_memory_consumption`, in MB, and `php_opcache_max_accelerated_files`) to contain all the PHP code you are running. If not, you may get less-than-optimal performance! - -For custom opcache.so location provide full path with `php_opcache_zend_extension`. - - php_opcache_conf_filename: [platform-specific] - -The platform-specific opcache configuration filename. Generally the default should work, but in some cases, you may need to override the filename. - -### APCu-related Variables - - php_enable_apc: true - -Whether to enable APCu. Other APCu variables will be ineffective if this is set to false. - - php_apc_shm_size: "96M" - php_apc_enable_cli: "0" - -APCu ini directives that are often customized on a system. Set the `php_apc_shm_size` so it will hold all cache entries in memory with a little overhead (fragmentation or APC running out of memory will slow down PHP *dramatically*). - - php_apc_conf_filename: [platform-specific] - -The platform-specific APC configuration filename. Generally the default should work, but in some cases, you may need to override the filename. - -#### Ensuring APC is installed - -If you use APC, you will need to make sure APC is installed (it is installed by default, but if you customize the `php_packages` list, you need to include APC in the list): - - - *On RHEL/CentOS systems*: Make sure `php-pecl-apcu` is in the list of `php_packages`. - - *On Debian/Ubuntu systems*: Make sure `php-apcu` is in the list of `php_packages`. - -### Installing from Source - -If you need a specific version of PHP, or would like to test the latest (e.g. master) version of PHP, there's a good chance there's no suitable package already available in your platform's package manager. In these cases, you may choose to install PHP from source by compiling it directly. - -Note that source compilation takes *much* longer than installing from packages (PHP HEAD takes 5+ minutes to compile on a modern quad-core computer, just as a point of reference). - - php_install_from_source: false - -Set this to `true` to install PHP from source instead of installing from packages. - - php_source_version: "master" - -The version of PHP to install from source (a git branch, tag, or commit hash). - - php_source_clone_dir: "~/php-src" - php_source_clone_depth: 1 - php_source_install_path: "/opt/php" - php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" - php_source_mysql_config: "/usr/bin/mysql_config" - -Location where source will be cloned and installed, and the location of the GMP header file (which can be platform/distribution specific), and `mysql_config` binary (this may be `mariadb_config` in newer operating system versions). - - php_source_make_command: "make" - -Set the `make` command to `make --jobs=X` where `X` is the number of cores present on the server where PHP is being compiled. Will speed up compilation times dramatically if you have multiple cores. - - php_source_configure_command: > - [...] - -The `./configure` command that will build the Makefile to be used for PHP compilation. Add in all the options you need for your particular environment. Using a folded scalar (`>`) allows you to define the variable over multiple lines, which is extremely helpful for legibility and source control! - -A few other notes/caveats for specific configurations: - - - **Apache with `mpm_prefork`**: If you're using Apache with prefork as a webserver for PHP, you will need to make sure `apxs2` is available on your system (e.g. by installing `apache2-prefork-dev` in Ubuntu), and you will need to make sure the option `--with-apxs2` is defined in `php_source_configure_command`. Finally, you will need to make sure the `mpm_prefork` module is loaded instead of `mpm_worker` or `mpm_event`, and likely add a `phpX.conf` (where `X` is the major version of PHP) configuration file to the Apache module config folder with contents like [`php7.conf`](https://gist.github.com/geerlingguy/5ae5445f28e71264e8c1). - - **Apache with `mpm_event` or `mpm_worker`**: If you're using Apache with event or worker as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. You'll also need to make sure Apache's support for CGI and event is installed (e.g. by installing `apache2-mpm-event` and `libapache2-mod-fastcgi`) and the `mpm_event` module is loaded. - - **Nginx**: If you're using Nginx as a webserver for PHP, you will need to compile PHP with FPM. Make sure the option `--enable-fpm` is defined in `php_source_configure_command`. - -## Dependencies - -None. - -## Example Playbook - - - hosts: webservers - vars_files: - - vars/main.yml - roles: - - { role: geerlingguy.php } - -*Inside `vars/main.yml`*: - - php_memory_limit: "128M" - php_max_execution_time: "90" - php_upload_max_filesize: "256M" - php_packages: - - php - - php-cli - - php-common - - php-devel - - php-gd - - php-mbstring - - php-pdo - - php-pecl-apcu - - php-xml - ... - -## License - -MIT / BSD - -## Author Information - -This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/php/defaults/main.yml b/roles/php/defaults/main.yml deleted file mode 100644 index e716d59..0000000 --- a/roles/php/defaults/main.yml +++ /dev/null @@ -1,140 +0,0 @@ ---- -# Pass in a comma-separated list of repos to use (e.g. "remi,epel"). Used only -# for RHEL/CentOS. -php_enablerepo: "" - -# Extra packages to install (in addition to distro-specific default lists). -php_packages_extra: [] - -# Default PHP version to install on Debian-based OSes (OS-specific). -# php_default_version_debian: "" - -# PHP package state; use 'present' to make sure it's installed, or 'latest' if -# you want to upgrade or switch versions using a new repo. -php_packages_state: present - -# Whether to install recommended packages. Used only for Debian/Ubuntu. -php_install_recommends: true - -# Set this to false if you're not using PHP with Apache/Nginx/etc. -php_enable_webserver: true - -# PHP-FPM configuration. -php_enable_php_fpm: false -php_fpm_state: started -php_fpm_handler_state: restarted -php_fpm_enabled_on_boot: true -php_fpm_listen: "127.0.0.1:9000" -php_fpm_listen_allowed_clients: "127.0.0.1" -php_fpm_pm_max_children: 50 -php_fpm_pm_start_servers: 5 -php_fpm_pm_min_spare_servers: 5 -php_fpm_pm_max_spare_servers: 5 - -# The executable to run when calling PHP from the command line. -php_executable: "php" - -# OpCache settings. -php_opcache_zend_extension: "opcache.so" -php_opcache_enable: "1" -php_opcache_enable_cli: "0" -php_opcache_memory_consumption: "96" -php_opcache_interned_strings_buffer: "16" -php_opcache_max_accelerated_files: "4096" -php_opcache_max_wasted_percentage: "5" -php_opcache_validate_timestamps: "1" -php_opcache_revalidate_path: "0" -php_opcache_revalidate_freq: "2" -php_opcache_max_file_size: "0" -php_opcache_blacklist_filename: "" - -# APCu settings. -php_enable_apc: true -php_apc_shm_size: "96M" -php_apc_enable_cli: "0" - -# If this is set to false, none of the following options will have any effect. -# Any and all changes to /etc/php.ini will be your responsibility. -php_use_managed_ini: true - -php_expose_php: "On" -php_memory_limit: "256M" -php_max_execution_time: "60" -php_max_input_time: "60" -php_max_input_vars: "1000" -php_realpath_cache_size: "32K" - -php_file_uploads: "On" -php_upload_max_filesize: "64M" -php_max_file_uploads: "20" - -php_post_max_size: "32M" -php_date_timezone: "America/Chicago" -php_allow_url_fopen: "On" - -php_sendmail_path: "/usr/sbin/sendmail -t -i" -php_output_buffering: "4096" -php_short_open_tag: "Off" -php_disable_functions: [] -php_precision: 14 -php_serialize_precision: "-1" - -php_session_cookie_lifetime: 0 -php_session_gc_probability: 1 -php_session_gc_divisor: 1000 -php_session_gc_maxlifetime: 1440 -php_session_save_handler: files -php_session_save_path: '' - -php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT" -php_display_errors: "Off" -php_display_startup_errors: "Off" - -# Install PHP from source (instead of using a package manager) with these vars. -php_install_from_source: false -php_source_repo: "https://git.php.net/repository/php-src.git" -php_source_version: "master" -php_source_clone_dir: "~/php-src" -php_source_clone_depth: 1 -php_source_install_path: "/opt/php" -php_source_install_gmp_path: "/usr/include/x86_64-linux-gnu/gmp.h" -php_source_mysql_config: "/usr/bin/mysql_config" -# For faster compile time: "make --jobs=X" where X is # of cores present. -php_source_make_command: "make" -php_source_configure_command: > - ./configure - --prefix={{ php_source_install_path }} - --with-config-file-path={{ php_conf_paths | first }} - --enable-mbstring - --enable-zip - --enable-bcmath - --enable-pcntl - --enable-ftp - --enable-exif - --enable-calendar - --enable-opcache - --enable-pdo - --enable-sysvmsg - --enable-sysvsem - --enable-sysvshm - --enable-wddx - --with-curl - --with-mcrypt - --with-iconv - --with-gmp - --with-pspell - --with-gd - --with-jpeg-dir=/usr - --with-png-dir=/usr - --with-zlib-dir=/usr - --with-xpm-dir=/usr - --with-freetype-dir=/usr - --enable-gd-native-ttf - --enable-gd-jis-conv - --with-openssl - --with-pdo-mysql=/usr - --with-gettext=/usr - --with-zlib=/usr - --with-bz2=/usr - --with-recode=/usr - --with-mysqli={{ php_source_mysql_config }} diff --git a/roles/php/handlers/main.yml b/roles/php/handlers/main.yml deleted file mode 100644 index e0d0a29..0000000 --- a/roles/php/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: restart webserver - service: - name: "{{ php_webserver_daemon }}" - state: restarted - notify: restart php-fpm - when: php_enable_webserver - -- name: restart php-fpm - service: - name: "{{ php_fpm_daemon }}" - state: "{{ php_fpm_handler_state }}" - when: - - php_enable_php_fpm - - php_fpm_state == 'started' diff --git a/roles/php/meta/.galaxy_install_info b/roles/php/meta/.galaxy_install_info deleted file mode 100644 index da32abd..0000000 --- a/roles/php/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Thu Oct 29 02:55:11 2020 -version: 4.5.1 diff --git a/roles/php/meta/main.yml b/roles/php/meta/main.yml deleted file mode 100644 index 821b973..0000000 --- a/roles/php/meta/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: php - author: geerlingguy - description: PHP for RedHat/CentOS/Fedora/Debian/Ubuntu. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.8 - platforms: - - name: EL - versions: - - 6 - - 7 - - 8 - - name: Fedora - versions: - - all - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - trusty - - xenial - - bionic - galaxy_tags: - - development - - web - - php - - language - - fpm - - drupal - - wordpress - - joomla - - magento diff --git a/roles/php/molecule/default/converge.yml b/roles/php/molecule/default/converge.yml deleted file mode 100644 index 41ae7c1..0000000 --- a/roles/php/molecule/default/converge.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - php_enable_webserver: false - php_enable_php_fpm: true - php_memory_limit: "192M" - php_enablerepo: "remi,remi-php70" - php_install_recommends: false - - handlers: - - name: update apt cache - apt: update_cache=true - when: ansible_os_family == 'Debian' - - pre_tasks: - - name: Update apt cache. - apt: update_cache=true cache_valid_time=600 - when: ansible_os_family == 'Debian' - changed_when: false - - # Ubuntu-specific tasks. - - name: Ensure dirmngr is installed (gnupg dependency). - apt: - name: dirmngr - state: present - when: ansible_os_family == 'Debian' - - - name: Add repository for PHP 7. - apt_repository: repo='ppa:ondrej/php' - when: ansible_distribution == 'Ubuntu' - - # Debian-specific tasks. - - name: Add dependencies for PHP versions (Debian). - apt: - name: - - apt-transport-https - - ca-certificates - - gnupg2 - state: present - when: ansible_distribution == "Debian" - - - name: Add Ondrej Sury's apt key (Debian). - apt_key: - url: https://packages.sury.org/php/apt.gpg - state: present - when: ansible_distribution == "Debian" - - - name: Add Ondrej Sury's repo (Debian). - apt_repository: - repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main" - state: present - when: ansible_distribution == "Debian" - notify: update apt cache - - - meta: flush_handlers - - roles: - - role: geerlingguy.repo-remi - when: - - ansible_os_family == 'RedHat' - - ansible_distribution != 'Fedora' - - role: geerlingguy.php - - post_tasks: - - name: Confirm PHP configuration is correct. - shell: php -i | grep 'memory_limit.*192' - changed_when: false diff --git a/roles/php/molecule/default/molecule.yml b/roles/php/molecule/default/molecule.yml deleted file mode 100644 index 2da47dd..0000000 --- a/roles/php/molecule/default/molecule.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/php/molecule/default/playbook-source.yml b/roles/php/molecule/default/playbook-source.yml deleted file mode 100644 index d9ad0f9..0000000 --- a/roles/php/molecule/default/playbook-source.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - php_enable_webserver: false - php_install_from_source: true - php_source_clone_dir: /root/php-src - php_source_make_command: "make --jobs=2" - php_version: "7.4.8" - php_source_version: "php-{{ php_version }}" - php_memory_limit: "192M" - - pre_tasks: - - name: Update apt cache. - apt: update_cache=true cache_valid_time=600 - when: ansible_os_family == 'Debian' - changed_when: false - - roles: - - role: geerlingguy.git - - role: geerlingguy.php - - post_tasks: - - name: Confirm PHP configuration is correct. - shell: php -i | grep 'memory_limit.*192' - changed_when: false - - - name: Check the installed PHP version. - shell: '/usr/bin/php --version | grep -qF "PHP {{ php_version }}"' - changed_when: false diff --git a/roles/php/molecule/default/requirements.yml b/roles/php/molecule/default/requirements.yml deleted file mode 100644 index 809b89b..0000000 --- a/roles/php/molecule/default/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- src: geerlingguy.repo-remi -- src: geerlingguy.git diff --git a/roles/php/tasks/configure-apcu.yml b/roles/php/tasks/configure-apcu.yml deleted file mode 100644 index a29f8d6..0000000 --- a/roles/php/tasks/configure-apcu.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Check for existing APCu config files. - find: - paths: "{{ item }}" - contains: 'extension(\s+)?=(\s+)?apc[u]?\.so' - register: php_installed_apc_confs - with_items: "{{ php_extension_conf_paths }}" - -- name: Remove any non-role-supplied APCu config files. - file: - path: "{{ item.1.path }}" - state: absent - when: php_apc_conf_filename != (item.1.path.split('/') | last) - with_subelements: - - "{{ php_installed_apc_confs.results }}" - - files - notify: restart webserver - -- name: Ensure APCu config file is present. - template: - src: apc.ini.j2 - dest: "{{ item }}/{{ php_apc_conf_filename }}" - owner: root - group: root - force: true - mode: 0644 - with_items: "{{ php_extension_conf_paths }}" - when: php_enable_apc - notify: restart webserver - -- name: Remove APCu config file if APC is disabled. - file: - path: "{{ item }}/{{ php_apc_conf_filename }}" - state: absent - with_items: "{{ php_extension_conf_paths }}" - when: not php_enable_apc - notify: restart webserver diff --git a/roles/php/tasks/configure-fpm.yml b/roles/php/tasks/configure-fpm.yml deleted file mode 100644 index dfebf0b..0000000 --- a/roles/php/tasks/configure-fpm.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -- name: Define php_fpm_daemon. - set_fact: - php_fpm_daemon: "{{ __php_fpm_daemon }}" - when: php_fpm_daemon is not defined - -- name: Define php_fpm_pool_conf_path. - set_fact: - php_fpm_pool_conf_path: "{{ __php_fpm_pool_conf_path }}" - when: php_fpm_pool_conf_path is not defined - -- name: Define php_fpm_pool_user. - set_fact: - php_fpm_pool_user: "{{ __php_fpm_pool_user }}" - when: php_fpm_pool_user is not defined - -- name: Define php_fpm_pool_group. - set_fact: - php_fpm_pool_group: "{{ __php_fpm_pool_group }}" - when: php_fpm_pool_group is not defined - -- name: Stat php_fpm_pool_conf_path - stat: - path: "{{ php_fpm_pool_conf_path | dirname }}" - register: php_fpm_pool_conf_path_dir_stat - -- name: Ensure the default pool directory exists. - file: - path: "{{ php_fpm_pool_conf_path | dirname }}" - state: directory - owner: root - group: root - mode: 0755 - when: php_fpm_pool_conf_path_dir_stat.stat.islnk is not defined - -- name: Ensure the default pool exists. - template: - src: www.conf.j2 - dest: "{{ php_fpm_pool_conf_path }}" - owner: root - group: root - mode: 0644 - force: false - when: php_enable_php_fpm - -- name: Configure php-fpm pool (if enabled). - lineinfile: - dest: "{{ php_fpm_pool_conf_path }}" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: present - mode: 0644 - with_items: - - regexp: "^user.?=.+$" - line: "user = {{ php_fpm_pool_user }}" - - regexp: "^group.?=.+$" - line: "group = {{ php_fpm_pool_group }}" - - regexp: "^listen.?=.+$" - line: "listen = {{ php_fpm_listen }}" - - regexp: '^listen\.allowed_clients.?=.+$' - line: "listen.allowed_clients = {{ php_fpm_listen_allowed_clients }}" - - regexp: '^pm\.max_children.?=.+$' - line: "pm.max_children = {{ php_fpm_pm_max_children }}" - - regexp: '^pm\.start_servers.?=.+$' - line: "pm.start_servers = {{ php_fpm_pm_start_servers }}" - - regexp: '^pm\.min_spare_servers.?=.+$' - line: "pm.min_spare_servers = {{ php_fpm_pm_min_spare_servers }}" - - regexp: '^pm\.max_spare_servers.?=.+$' - line: "pm.max_spare_servers = {{ php_fpm_pm_max_spare_servers }}" - when: php_enable_php_fpm - notify: restart php-fpm - -- name: Ensure php-fpm is started and enabled at boot (if configured). - service: - name: "{{ php_fpm_daemon }}" - state: "{{ php_fpm_state }}" - enabled: "{{ php_fpm_enabled_on_boot }}" - when: php_enable_php_fpm and ansible_distribution != "Debian" diff --git a/roles/php/tasks/configure-opcache.yml b/roles/php/tasks/configure-opcache.yml deleted file mode 100644 index fc043d0..0000000 --- a/roles/php/tasks/configure-opcache.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Check for existing OpCache config files. - find: - paths: "{{ item }}" - contains: 'zend_extension(\s+)?=(\s+)?opcache\.so' - register: php_installed_opcache_confs - with_items: "{{ php_extension_conf_paths }}" - -- name: Remove any non-role-supplied OpCache config files. - file: - path: "{{ item.1.path }}" - state: absent - when: php_opcache_conf_filename != (item.1.path.split('/') | last) - with_subelements: - - "{{ php_installed_opcache_confs.results }}" - - files - notify: restart webserver - -- name: Ensure OpCache config file is present. - template: - src: opcache.ini.j2 - dest: "{{ item }}/{{ php_opcache_conf_filename }}" - owner: root - group: root - force: true - mode: 0644 - with_items: "{{ php_extension_conf_paths }}" - when: php_opcache_enable | bool - notify: restart webserver - -- name: Remove OpCache config file if OpCache is disabled. - file: - path: "{{ item }}/{{ php_opcache_conf_filename }}" - state: absent - with_items: "{{ php_extension_conf_paths }}" - when: not php_opcache_enable | bool - notify: restart webserver diff --git a/roles/php/tasks/configure.yml b/roles/php/tasks/configure.yml deleted file mode 100644 index e0e1434..0000000 --- a/roles/php/tasks/configure.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Ensure configuration directories exist. - file: - path: "{{ item }}" - state: directory - follow: true - mode: 0755 - with_flattened: - - "{{ php_conf_paths }}" - - "{{ php_extension_conf_paths }}" - -- name: Place PHP configuration file in place. - template: - src: php.ini.j2 - dest: "{{ item }}/php.ini" - owner: root - group: root - mode: 0644 - with_items: "{{ php_conf_paths }}" - notify: restart webserver - when: php_use_managed_ini diff --git a/roles/php/tasks/install-from-source.yml b/roles/php/tasks/install-from-source.yml deleted file mode 100644 index cd18daa..0000000 --- a/roles/php/tasks/install-from-source.yml +++ /dev/null @@ -1,158 +0,0 @@ ---- -- name: Ensure dependencies for building from source are installed (RedHat). - package: - name: - - autoconf - - automake - - libtool - - bison - - make - - re2c - - sqlite-devel - - oniguruma-devel - - curl-devel - - recode-devel - - aspell-devel - - libxml2-devel - - pkgconfig - - libmcrypt-devel - - t1lib-devel - - libXpm-devel - - libpng-devel - - libjpeg-turbo-devel - - bzip2-devel - - openssl-devel - - freetype-devel - - libicu-devel - - mariadb-devel - - gmp-devel - state: present - when: ansible_os_family == 'RedHat' - -- name: Update apt cache (Debian). - apt: update_cache=yes cache_valid_time=86400 - when: ansible_os_family == 'Debian' - -- name: Ensure dependencies for building from source are installed (Debian). - apt: - name: - - build-essential - - autoconf - - automake - - libtool - - bison - - pkg-config - - re2c - - libsqlite3-dev - - libonig-dev - - libxml2-dev - - libcurl4-openssl-dev - - libbz2-dev - - libjpeg-dev - - libpng-dev - - libxpm-dev - - libfreetype6-dev - - libgmp3-dev - - libmcrypt-dev - - libmariadbclient-dev - - libpspell-dev - - librecode-dev - - libssl-dev - state: present - when: ansible_os_family == 'Debian' - -- name: Define php_fpm_daemon (if not defined already). - set_fact: - php_fpm_daemon: "php-fpm" - when: php_fpm_daemon is not defined - -- name: Check if gmp.h is already in a location accessible to gcc. - stat: path=/usr/include/gmp.h - register: gmp_file - -- name: Ensure gmp.h is symlinked into a location accessible to gcc. - file: # noqa 208 - src: "{{ php_source_install_gmp_path }}" - dest: /usr/include/gmp.h - state: link - when: not gmp_file.stat.exists - -- name: Check if PHP is installed. - command: which php - changed_when: false - failed_when: false - register: php_installed - -- name: Clone the PHP repository. - git: - repo: "{{ php_source_repo }}" - dest: "{{ php_source_clone_dir }}" - version: "{{ php_source_version }}" - accept_hostkey: true - depth: "{{ php_source_clone_depth }}" - when: php_installed.rc != 0 - -- name: Ensure PHP installation path exists. - file: - path: "{{ php_source_install_path }}" - state: directory - mode: 0755 - when: php_installed.rc != 0 - -- name: Build configure script. - command: > - ./buildconf --force - chdir={{ php_source_clone_dir }} - when: php_installed.rc != 0 - -- name: Run configure script. - command: > - {{ php_source_configure_command }} - chdir={{ php_source_clone_dir }} - when: php_installed.rc != 0 - -- name: Make and install PHP. - command: > - {{ item }} - chdir={{ php_source_clone_dir }} - with_items: - - "{{ php_source_make_command }}" - - make install - when: php_installed.rc != 0 - -- name: Ensure php executable is symlinked into a standard path. - file: # noqa 208 - src: "{{ php_source_install_path }}/bin/php" - dest: /usr/bin/php - state: link - -# PHP FPM configuration. -- name: Ensure php-fpm executable is symlinked into a standard path. - file: # noqa 208 - src: "{{ php_source_install_path }}/sbin/php-fpm" - dest: "/usr/sbin/{{ php_fpm_daemon }}" - state: link - when: "'--enable-fpm' in php_source_configure_command" - -- name: Ensure php-fpm init script is installed. - template: - src: fpm-init.j2 - dest: "/etc/init.d/{{ php_fpm_daemon }}" - mode: 0755 - when: "'--enable-fpm' in php_source_configure_command" - notify: restart php-fpm - -- name: Ensure php-fpm config directory exists. - file: - path: "{{ php_fpm_conf_path }}" - state: directory - mode: 0755 - when: "'--enable-fpm' in php_source_configure_command" - -- name: Ensure php-fpm config file is installed. - template: - src: php-fpm.conf.j2 - dest: "{{ php_fpm_conf_path }}/php-fpm.conf" - mode: 0644 - when: "'--enable-fpm' in php_source_configure_command" - notify: restart php-fpm diff --git a/roles/php/tasks/main.yml b/roles/php/tasks/main.yml deleted file mode 100644 index dbad765..0000000 --- a/roles/php/tasks/main.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -# Variable setup. -- name: Include distribution and version-specific vars. - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - skip: true - -- name: Set the default PHP version for Debian-based OSes. - set_fact: - php_default_version_debian: "{{ __php_default_version_debian }}" - when: php_default_version_debian is not defined and ansible_os_family == 'Debian' - -- name: Include OS-specific variables. - include_vars: "{{ ansible_os_family }}.yml" - -- name: Define php_packages. - set_fact: - php_packages: "{{ __php_packages | list }}" - when: php_packages is not defined - -- name: Define php_webserver_daemon. - set_fact: - php_webserver_daemon: "{{ __php_webserver_daemon }}" - when: php_webserver_daemon is not defined - -- name: Define php_conf_paths. - set_fact: - php_conf_paths: "{{ __php_conf_paths }}" - when: php_conf_paths is not defined - -- name: Define php_extension_conf_paths. - set_fact: - php_extension_conf_paths: "{{ __php_extension_conf_paths }}" - when: php_extension_conf_paths is not defined - -- name: Define php_apc_conf_filename. - set_fact: - php_apc_conf_filename: "{{ __php_apc_conf_filename }}" - when: php_apc_conf_filename is not defined - -- name: Define php_opcache_conf_filename (Ubuntu 16.04). - set_fact: - php_opcache_conf_filename: "10-opcache.ini" - when: php_opcache_conf_filename is not defined and ansible_distribution_version == "16.04" - -- name: Define php_opcache_conf_filename. - set_fact: - php_opcache_conf_filename: "{{ __php_opcache_conf_filename }}" - when: php_opcache_conf_filename is not defined - -- name: Define php_fpm_conf_path. - set_fact: - php_fpm_conf_path: "{{ __php_fpm_conf_path }}" - when: php_fpm_conf_path is not defined - -# Setup/install tasks. -- include_tasks: setup-RedHat.yml - when: - - not php_install_from_source - - ansible_os_family == 'RedHat' - -- include_tasks: setup-Debian.yml - when: - - not php_install_from_source - - ansible_os_family == 'Debian' - -# Install PHP from source when php_install_from_source is true. -- include_tasks: install-from-source.yml - when: php_install_from_source - -# Configure PHP. -- include_tasks: configure.yml -- include_tasks: configure-apcu.yml -- include_tasks: configure-opcache.yml -- include_tasks: configure-fpm.yml diff --git a/roles/php/tasks/setup-Debian.yml b/roles/php/tasks/setup-Debian.yml deleted file mode 100644 index a6657be..0000000 --- a/roles/php/tasks/setup-Debian.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Update apt cache. - apt: update_cache=yes cache_valid_time=86400 - -- name: Ensure PHP packages are installed. - apt: - name: "{{ php_packages + php_packages_extra }}" - state: "{{ php_packages_state }}" - install_recommends: "{{ php_install_recommends }}" - register: php_package_install - notify: restart webserver - -- name: Delete APCu configuration file if this role will provide one. - file: - path: "{{ item }}/{{ php_apc_conf_filename }}" - state: absent - with_items: "{{ php_extension_conf_paths }}" - when: php_enable_apc and php_package_install.changed - notify: restart webserver - -- name: Delete OpCache configuration file if this role will provide one. - file: - path: "{{ item }}/{{ php_opcache_conf_filename }}" - state: absent - with_items: "{{ php_extension_conf_paths }}" - when: php_opcache_enable | bool and php_package_install.changed - notify: restart webserver diff --git a/roles/php/tasks/setup-RedHat.yml b/roles/php/tasks/setup-RedHat.yml deleted file mode 100644 index 1d76b33..0000000 --- a/roles/php/tasks/setup-RedHat.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Ensure PHP packages are installed. - package: - name: "{{ php_packages + php_packages_extra }}" - state: "{{ php_packages_state }}" - enablerepo: "{{ php_enablerepo | default(omit, true) }}" - notify: restart webserver diff --git a/roles/php/templates/apc.ini.j2 b/roles/php/templates/apc.ini.j2 deleted file mode 100644 index bfd5706..0000000 --- a/roles/php/templates/apc.ini.j2 +++ /dev/null @@ -1,4 +0,0 @@ -extension=apcu.so -apc.shm_size={{ php_apc_shm_size }} -apc.enable_cli={{ php_apc_enable_cli }} -apc.rfc1867=1 diff --git a/roles/php/templates/fpm-init.j2 b/roles/php/templates/fpm-init.j2 deleted file mode 100644 index 4d6a6d5..0000000 --- a/roles/php/templates/fpm-init.j2 +++ /dev/null @@ -1,170 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: php-fpm {{ php_fpm_daemon }} -# Required-Start: $remote_fs $network -# Required-Stop: $remote_fs $network -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: starts {{ php_fpm_daemon }} -# Description: Starts The PHP FastCGI Process Manager Daemon -### END INIT INFO - -# Author: Ondrej Sury - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="PHP FastCGI Process Manager" -NAME={{ php_fpm_daemon }} -DAEMON=/usr/sbin/$NAME -DAEMON_ARGS="--daemonize --fpm-config {{ php_fpm_conf_path }}/php-fpm.conf" -PIDFILE=/var/run/{{ php_fpm_daemon }}.pid -TIMEOUT=2 -SCRIPTNAME=/etc/init.d/$NAME - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# Don't run if we are running upstart -if init_is_upstart; then - exit 1 -fi - -# -# Function to check the correctness of the config file -# -do_check() -{ - /usr/lib/php5/php5-fpm-checkconf || return 1 - return 0 -} - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ - $DAEMON_ARGS 2>/dev/null \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/$TIMEOUT/TERM/5/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - check) - do_check yes - ;; - reload|force-reload) - log_daemon_msg "Reloading $DESC" "$NAME" - do_reload - log_end_msg $? - ;; - reopen-logs) - log_daemon_msg "Reopening $DESC logs" $NAME - if start-stop-daemon --stop --signal USR1 --oknodo --quiet \ - --pidfile $PIDFILE --exec $DAEMON - then - log_end_msg 0 - else - log_end_msg 1 - fi - ;; - restart) - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 - exit 1 - ;; -esac - -: diff --git a/roles/php/templates/opcache.ini.j2 b/roles/php/templates/opcache.ini.j2 deleted file mode 100644 index 6146453..0000000 --- a/roles/php/templates/opcache.ini.j2 +++ /dev/null @@ -1,14 +0,0 @@ -zend_extension={{ php_opcache_zend_extension }} -opcache.enable={{ php_opcache_enable }} -opcache.enable_cli={{ php_opcache_enable_cli }} -opcache.memory_consumption={{ php_opcache_memory_consumption }} -opcache.interned_strings_buffer={{ php_opcache_interned_strings_buffer }} -opcache.max_accelerated_files={{ php_opcache_max_accelerated_files }} -opcache.max_wasted_percentage={{ php_opcache_max_wasted_percentage }} -opcache.validate_timestamps={{ php_opcache_validate_timestamps }} -opcache.revalidate_path={{ php_opcache_revalidate_path }} -opcache.revalidate_freq={{ php_opcache_revalidate_freq }} -opcache.max_file_size={{ php_opcache_max_file_size }} -{% if php_opcache_blacklist_filename != '' %} -opcache.blacklist_filename={{ php_opcache_blacklist_filename }} -{% endif %} diff --git a/roles/php/templates/php-fpm.conf.j2 b/roles/php/templates/php-fpm.conf.j2 deleted file mode 100644 index 12b277f..0000000 --- a/roles/php/templates/php-fpm.conf.j2 +++ /dev/null @@ -1,12 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;; -; FPM Configuration ; -;;;;;;;;;;;;;;;;;;;;; - -include={{ php_fpm_conf_path }}/pool.d/*.conf - -;;;;;;;;;;;;;;;;;; -; Global Options ; -;;;;;;;;;;;;;;;;;; - -[global] -error_log = /var/log/php-fpm.log diff --git a/roles/php/templates/php.ini.j2 b/roles/php/templates/php.ini.j2 deleted file mode 100644 index 14b7eeb..0000000 --- a/roles/php/templates/php.ini.j2 +++ /dev/null @@ -1,221 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -engine = On -short_open_tag = {{ php_short_open_tag }} -precision = {{ php_precision }} -output_buffering = {{ php_output_buffering }} - -zlib.output_compression = Off - -implicit_flush = Off -unserialize_callback_func = -serialize_precision = {{ php_serialize_precision }} -disable_functions = {{ php_disable_functions|join(",") }} -disable_classes = - -zend.enable_gc = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -expose_php = {{ php_expose_php }} - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -max_execution_time = {{ php_max_execution_time }} -max_input_time = {{ php_max_input_time }} -max_input_vars = {{ php_max_input_vars }} -memory_limit = {{ php_memory_limit }} - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -error_reporting = {{ php_error_reporting }} -display_errors = {{ php_display_errors }} -display_startup_errors = {{ php_display_startup_errors }} -log_errors = On -log_errors_max_len = 1024 -ignore_repeated_errors = Off -ignore_repeated_source = Off -report_memleaks = On -track_errors = Off -html_errors = On - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -variables_order = "GPCS" -request_order = "GP" -register_argc_argv = Off -auto_globals_jit = On - -post_max_size = {{ php_post_max_size }} -auto_prepend_file = -auto_append_file = - -default_mimetype = "text/html" - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -doc_root = -user_dir = - -enable_dl = Off - -realpath_cache_size = {{ php_realpath_cache_size }} - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -file_uploads = {{ php_file_uploads }} -upload_max_filesize = {{ php_upload_max_filesize }} -max_file_uploads = {{ php_max_file_uploads }} - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -allow_url_fopen = {{ php_allow_url_fopen }} -allow_url_include = Off - -default_socket_timeout = 60 - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -cli_server.color = On - -[Date] -date.timezone = {{ php_date_timezone }} - -[Pdo_mysql] -pdo_mysql.cache_size = 2000 -pdo_mysql.default_socket= - -[mail function] -; For Win32 only. -SMTP = localhost -smtp_port = 25 - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -sendmail_path = {{ php_sendmail_path }} - -mail.add_x_header = On - -[SQL] -sql.safe_mode = Off - -[ODBC] -odbc.allow_persistent = On -odbc.check_persistent = On -odbc.max_persistent = -1 -odbc.max_links = -1 -odbc.defaultlrl = 4096 -odbc.defaultbinmode = 1 - -[MySQL] -mysql.allow_local_infile = On -mysql.allow_persistent = On -mysql.cache_size = 2000 -mysql.max_persistent = -1 -mysql.max_links = -1 -mysql.default_port = -mysql.default_socket = -mysql.default_host = -mysql.default_user = -mysql.default_password = -mysql.connect_timeout = 60 -mysql.trace_mode = Off - -[MySQLi] -mysqli.max_persistent = -1 -mysqli.allow_persistent = On -mysqli.max_links = -1 -mysqli.cache_size = 2000 -mysqli.default_port = 3306 -mysqli.default_socket = -mysqli.default_host = -mysqli.default_user = -mysqli.default_pw = -mysqli.reconnect = Off - -[mysqlnd] -mysqlnd.collect_statistics = On -mysqlnd.collect_memory_statistics = Off - -[PostgreSQL] -pgsql.allow_persistent = On -pgsql.auto_reset_persistent = Off -pgsql.max_persistent = -1 -pgsql.max_links = -1 -pgsql.ignore_notice = 0 -pgsql.log_notice = 0 - -[bcmath] -bcmath.scale = 0 - -[Session] -session.save_handler = {{ php_session_save_handler }} -session.save_path = {{ php_session_save_path }} -session.use_cookies = 1 -session.use_only_cookies = 1 -session.name = PHPSESSID -session.auto_start = 0 - -session.cookie_lifetime = {{ php_session_cookie_lifetime }} -session.cookie_path = / -session.cookie_domain = -session.cookie_httponly = - -session.serialize_handler = php - -session.gc_probability = {{ php_session_gc_probability }} -session.gc_divisor = {{ php_session_gc_divisor }} -session.gc_maxlifetime = {{ php_session_gc_maxlifetime }} - -session.referer_check = - -session.cache_limiter = nocache -session.cache_expire = 180 - -session.use_trans_sid = 0 - -session.hash_function = 0 -session.hash_bits_per_character = 5 - -url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" - -[MSSQL] -mssql.allow_persistent = On -mssql.max_persistent = -1 -mssql.max_links = -1 -mssql.min_error_severity = 10 -mssql.min_message_severity = 10 -mssql.compatability_mode = Off -mssql.secure_connection = Off - -[Tidy] -tidy.clean_output = Off - -[soap] -soap.wsdl_cache_enabled=1 -soap.wsdl_cache_dir="/tmp" -soap.wsdl_cache_ttl=86400 -soap.wsdl_cache_limit = 5 - -[ldap] -ldap.max_links = -1 diff --git a/roles/php/templates/www.conf.j2 b/roles/php/templates/www.conf.j2 deleted file mode 100644 index da0921c..0000000 --- a/roles/php/templates/www.conf.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[www] -listen = 127.0.0.1:9000 -listen.allowed_clients = 127.0.0.1 -user = {{ php_fpm_pool_user }} -group = {{ php_fpm_pool_group }} - -listen.owner = {{ php_fpm_pool_user }} -listen.group = {{ php_fpm_pool_group }} - -pm = dynamic -pm.max_children = 50 -pm.start_servers = 5 -pm.min_spare_servers = 5 -pm.max_spare_servers = 5 -pm.max_requests = 500 diff --git a/roles/php/vars/Debian-10.yml b/roles/php/vars/Debian-10.yml deleted file mode 100644 index ec895ae..0000000 --- a/roles/php/vars/Debian-10.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "7.3" diff --git a/roles/php/vars/Debian-9.yml b/roles/php/vars/Debian-9.yml deleted file mode 100644 index eb23ce3..0000000 --- a/roles/php/vars/Debian-9.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "7.0" diff --git a/roles/php/vars/Debian.yml b/roles/php/vars/Debian.yml deleted file mode 100644 index c487fd8..0000000 --- a/roles/php/vars/Debian.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -__php_default_version_debian: "7.0" - -__php_packages: - - php{{ php_default_version_debian }}-common - - php{{ php_default_version_debian }}-cli - - php{{ php_default_version_debian }}-dev - - php{{ php_default_version_debian }}-fpm - - libpcre3-dev - - php{{ php_default_version_debian }}-gd - - php{{ php_default_version_debian }}-curl - - php{{ php_default_version_debian }}-imap - - php{{ php_default_version_debian }}-json - - php{{ php_default_version_debian }}-opcache - - php{{ php_default_version_debian }}-xml - - php{{ php_default_version_debian }}-mbstring - - php-sqlite3 - - php-apcu -__php_webserver_daemon: "apache2" - -# Vendor-specific configuration paths on Debian/Ubuntu make my brain asplode. -__php_conf_paths: - - /etc/php/{{ php_default_version_debian }}/fpm - - /etc/php/{{ php_default_version_debian }}/apache2 - - /etc/php/{{ php_default_version_debian }}/cli - -__php_extension_conf_paths: - - /etc/php/{{ php_default_version_debian }}/fpm/conf.d - - /etc/php/{{ php_default_version_debian }}/apache2/conf.d - - /etc/php/{{ php_default_version_debian }}/cli/conf.d - -__php_apc_conf_filename: 20-apcu.ini -__php_opcache_conf_filename: 10-opcache.ini -__php_fpm_daemon: php{{ php_default_version_debian }}-fpm -__php_fpm_conf_path: "/etc/php/{{ php_default_version_debian }}/fpm" -__php_fpm_pool_conf_path: "{{ __php_fpm_conf_path }}/pool.d/www.conf" - -__php_fpm_pool_user: www-data -__php_fpm_pool_group: www-data diff --git a/roles/php/vars/RedHat.yml b/roles/php/vars/RedHat.yml deleted file mode 100644 index e1e4458..0000000 --- a/roles/php/vars/RedHat.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -__php_packages: - - php - - php-cli - - php-common - - php-devel - - php-fpm - - php-gd - - php-ldap - - php-mbstring - - php-opcache - - php-pdo - - php-pear - - php-pecl-apcu - - php-xml - - php-xmlrpc -__php_webserver_daemon: "httpd" - -__php_conf_paths: - - /etc - -__php_extension_conf_paths: - - /etc/php.d - -__php_apc_conf_filename: 50-apc.ini -__php_opcache_conf_filename: 10-opcache.ini -__php_fpm_daemon: php-fpm -__php_fpm_conf_path: "/etc/fpm" -__php_fpm_pool_conf_path: "/etc/php-fpm.d/www.conf" - -__php_fpm_pool_user: apache -__php_fpm_pool_group: apache diff --git a/roles/php/vars/Ubuntu-16.yml b/roles/php/vars/Ubuntu-16.yml deleted file mode 100644 index eb23ce3..0000000 --- a/roles/php/vars/Ubuntu-16.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "7.0" diff --git a/roles/php/vars/Ubuntu-18.yml b/roles/php/vars/Ubuntu-18.yml deleted file mode 100644 index 82230bc..0000000 --- a/roles/php/vars/Ubuntu-18.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "7.2" diff --git a/roles/php/vars/Ubuntu-20.yml b/roles/php/vars/Ubuntu-20.yml deleted file mode 100644 index a16b99b..0000000 --- a/roles/php/vars/Ubuntu-20.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -__php_default_version_debian: "7.4" diff --git a/roles/postgresql/.ansible-lint b/roles/postgresql/.ansible-lint deleted file mode 100644 index f3c1090..0000000 --- a/roles/postgresql/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ -skip_list: - - '405' - - '503' diff --git a/roles/postgresql/.github/FUNDING.yml b/roles/postgresql/.github/FUNDING.yml deleted file mode 100644 index 96b4938..0000000 --- a/roles/postgresql/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/postgresql/.github/stale.yml b/roles/postgresql/.github/stale.yml deleted file mode 100644 index c7ff127..0000000 --- a/roles/postgresql/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/postgresql/.gitignore b/roles/postgresql/.gitignore deleted file mode 100644 index f56f5b5..0000000 --- a/roles/postgresql/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/postgresql/.travis.yml b/roles/postgresql/.travis.yml deleted file mode 100644 index 6f9a9ae..0000000 --- a/roles/postgresql/.travis.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: postgresql - matrix: - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: fedora32 - - MOLECULE_DISTRO: ubuntu2004 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: debian10 - -install: - # Install test dependencies. - - pip install molecule yamllint ansible-lint docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/postgresql/.yamllint b/roles/postgresql/.yamllint deleted file mode 100644 index dff5082..0000000 --- a/roles/postgresql/.yamllint +++ /dev/null @@ -1,9 +0,0 @@ ---- -extends: default -rules: - line-length: - max: 120 - level: warning - -ignore: | - .github/stale.yml diff --git a/roles/postgresql/LICENSE b/roles/postgresql/LICENSE deleted file mode 100644 index 4275cf3..0000000 --- a/roles/postgresql/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/postgresql/README.md b/roles/postgresql/README.md deleted file mode 100644 index d447a6e..0000000 --- a/roles/postgresql/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Ansible Role: PostgreSQL - -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-postgresql.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-postgresql) - -Installs and configures PostgreSQL server on RHEL/CentOS or Debian/Ubuntu servers. - -## Requirements - -No special requirements; note that this role requires root access, so either run it in a playbook with a global `become: yes`, or invoke the role in your playbook like: - - - hosts: database - roles: - - role: geerlingguy.postgresql - become: yes - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - postgresql_enablerepo: "" - -(RHEL/CentOS only) You can set a repo to use for the PostgreSQL installation by passing it in here. - - postgresql_restarted_state: "restarted" - -Set the state of the service when configuration changes are made. Recommended values are `restarted` or `reloaded`. - - postgresql_python_library: python-psycopg2 - -Library used by Ansible to communicate with PostgreSQL. If you are using Python 3 (e.g. set via `ansible_python_interpreter`), you should change this to `python3-psycopg2`. - - postgresql_user: postgres - postgresql_group: postgres - -The user and group under which PostgreSQL will run. - - postgresql_unix_socket_directories: - - /var/run/postgresql - -The directories (usually one, but can be multiple) where PostgreSQL's socket will be created. - - postgresql_service_state: started - postgresql_service_enabled: true - -Control the state of the postgresql service and whether it should start at boot time. - - postgresql_global_config_options: - - option: unix_socket_directories - value: '{{ postgresql_unix_socket_directories | join(",") }}' - -Global configuration options that will be set in `postgresql.conf`. Note that for RHEL/CentOS 6 (or very old versions of PostgreSQL), you need to at least override this variable and set the `option` to `unix_socket_directory`. - - postgresql_hba_entries: - - { type: local, database: all, user: postgres, auth_method: peer } - - { type: local, database: all, user: all, auth_method: peer } - - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 } - - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 } - -Configure [host based authentication](https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html) entries to be set in the `pg_hba.conf`. Options for entries include: - - - `type` (required) - - `database` (required) - - `user` (required) - - `address` (one of this or the following two are required) - - `ip_address` - - `ip_mask` - - `auth_method` (required) - - `auth_options` (optional) - -If overriding, make sure you copy all of the existing entries from `defaults/main.yml` if you need to preserve existing entries. - - postgresql_locales: - - 'en_US.UTF-8' - -(Debian/Ubuntu only) Used to generate the locales used by PostgreSQL databases. - - postgresql_databases: - - name: exampledb # required; the rest are optional - lc_collate: # defaults to 'en_US.UTF-8' - lc_ctype: # defaults to 'en_US.UTF-8' - encoding: # defaults to 'UTF-8' - template: # defaults to 'template0' - login_host: # defaults to 'localhost' - login_password: # defaults to not set - login_user: # defaults to 'postgresql_user' - login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories - port: # defaults to not set - owner: # defaults to postgresql_user - state: # defaults to 'present' - -A list of databases to ensure exist on the server. Only the `name` is required; all other properties are optional. - - postgresql_users: - - name: jdoe #required; the rest are optional - password: # defaults to not set - encrypted: # defaults to not set - priv: # defaults to not set - role_attr_flags: # defaults to not set - db: # defaults to not set - login_host: # defaults to 'localhost' - login_password: # defaults to not set - login_user: # defaults to '{{ postgresql_user }}' - login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories - port: # defaults to not set - state: # defaults to 'present' - -A list of users to ensure exist on the server. Only the `name` is required; all other properties are optional. - - postgres_users_no_log: true - -Whether to output user data (which may contain sensitive information, like passwords) when managing users. - - postgresql_version: [OS-specific] - postgresql_data_dir: [OS-specific] - postgresql_bin_path: [OS-specific] - postgresql_config_path: [OS-specific] - postgresql_daemon: [OS-specific] - postgresql_packages: [OS-specific] - -OS-specific variables that are set by include files in this role's `vars` directory. These shouldn't be overridden unless you're using a version of PostgreSQL that wasn't installed using system packages. - -## Dependencies - -None. - -## Example Playbook - - - hosts: database - become: yes - vars_files: - - vars/main.yml - roles: - - geerlingguy.postgresql - -*Inside `vars/main.yml`*: - - postgresql_databases: - - name: example_db - postgresql_users: - - name: example_user - password: supersecure - -## License - -MIT / BSD - -## Author Information - -This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/postgresql/defaults/main.yml b/roles/postgresql/defaults/main.yml deleted file mode 100644 index 0e2d503..0000000 --- a/roles/postgresql/defaults/main.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -# RHEL/CentOS only. Set a repository to use for PostgreSQL installation. -postgresql_enablerepo: "" - -# Set postgresql state when configuration changes are made. Recommended values: -# `restarted` or `reloaded` -postgresql_restarted_state: "restarted" - -postgresql_python_library: python-psycopg2 -postgresql_user: postgres -postgresql_group: postgres - -postgresql_unix_socket_directories: - - /var/run/postgresql - -postgresql_service_state: started -postgresql_service_enabled: true - -# Global configuration options that will be set in postgresql.conf. -postgresql_global_config_options: - - option: unix_socket_directories - value: '{{ postgresql_unix_socket_directories | join(",") }}' - -# Host based authentication (hba) entries to be added to the pg_hba.conf. This -# variable's defaults reflect the defaults that come with a fresh installation. -postgresql_hba_entries: - - {type: local, database: all, user: postgres, auth_method: peer} - - {type: local, database: all, user: all, auth_method: peer} - - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5} - - {type: host, database: all, user: all, address: '::1/128', auth_method: md5} - -# Debian only. Used to generate the locales used by PostgreSQL databases. -postgresql_locales: - - 'en_US.UTF-8' - -# Databases to ensure exist. -postgresql_databases: [] -# - name: exampledb # required; the rest are optional -# lc_collate: # defaults to 'en_US.UTF-8' -# lc_ctype: # defaults to 'en_US.UTF-8' -# encoding: # defaults to 'UTF-8' -# template: # defaults to 'template0' -# login_host: # defaults to 'localhost' -# login_password: # defaults to not set -# login_user: # defaults to '{{ postgresql_user }}' -# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories -# port: # defaults to not set -# owner: # defaults to postgresql_user -# state: # defaults to 'present' - -# Users to ensure exist. -postgresql_users: [] -# - name: jdoe #required; the rest are optional -# password: # defaults to not set -# encrypted: # defaults to not set -# priv: # defaults to not set -# role_attr_flags: # defaults to not set -# db: # defaults to not set -# login_host: # defaults to 'localhost' -# login_password: # defaults to not set -# login_user: # defaults to '{{ postgresql_user }}' -# login_unix_socket: # defaults to 1st of postgresql_unix_socket_directories -# port: # defaults to not set -# state: # defaults to 'present' - -# Whether to output user data when managing users. -postgres_users_no_log: true diff --git a/roles/postgresql/handlers/main.yml b/roles/postgresql/handlers/main.yml deleted file mode 100644 index cce42b7..0000000 --- a/roles/postgresql/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: restart postgresql - service: - name: "{{ postgresql_daemon }}" - state: "{{ postgresql_restarted_state }}" - sleep: 5 diff --git a/roles/postgresql/meta/.galaxy_install_info b/roles/postgresql/meta/.galaxy_install_info deleted file mode 100644 index 1c2ee11..0000000 --- a/roles/postgresql/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Thu Oct 29 02:33:33 2020 -version: 2.2.1 diff --git a/roles/postgresql/meta/main.yml b/roles/postgresql/meta/main.yml deleted file mode 100644 index 8657722..0000000 --- a/roles/postgresql/meta/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: postgresql - author: geerlingguy - description: PostgreSQL server for Linux. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.8 - platforms: - - name: EL - versions: - - 6 - - 7 - - 8 - - name: Fedora - versions: - - 29 - - 30 - - 31 - - 32 - - name: Ubuntu - versions: - - xenial - - bionic - - focal - - name: Debian - versions: - - wheezy - - jessie - - stretch - - buster - galaxy_tags: - - database - - postgresql - - postgres - - rdbms diff --git a/roles/postgresql/molecule/default/converge.yml b/roles/postgresql/molecule/default/converge.yml deleted file mode 100644 index bac2eb9..0000000 --- a/roles/postgresql/molecule/default/converge.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - postgresql_databases: - - name: example - postgresql_users: - - name: jdoe - - pre_tasks: - # The Fedora 30+ container images have only C.UTF-8 installed - - name: Set database locale if using Fedora 30+ or RedHat 8+ - set_fact: - postgresql_databases: - - name: example - lc_collate: 'C.UTF-8' - lc_ctype: 'C.UTF-8' - when: - - ( ansible_distribution == 'Fedora' and ansible_distribution_major_version >= '30') or - ( ansible_os_family == 'RedHat' and ansible_distribution_major_version == '8') - - - name: Update apt cache. - apt: update_cache=true cache_valid_time=600 - changed_when: false - when: ansible_os_family == 'Debian' - - - name: Set custom variables for old CentOS 6 PostgreSQL install. - set_fact: - postgresql_hba_entries: [] - postgresql_global_config_options: - - option: unix_socket_directory - value: '{{ postgresql_unix_socket_directories[0] }}' - when: - - ansible_os_family == 'RedHat' - - ansible_distribution_version.split('.')[0] == '6' - - roles: - - role: geerlingguy.postgresql - - post_tasks: - - name: Verify postgres is running. - command: "{{ postgresql_bin_path }}/pg_ctl -D {{ postgresql_data_dir }} status" - changed_when: false - become: true - become_user: postgres diff --git a/roles/postgresql/molecule/default/molecule.yml b/roles/postgresql/molecule/default/molecule.yml deleted file mode 100644 index 2da47dd..0000000 --- a/roles/postgresql/molecule/default/molecule.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/postgresql/tasks/configure.yml b/roles/postgresql/tasks/configure.yml deleted file mode 100644 index bcbc0fb..0000000 --- a/roles/postgresql/tasks/configure.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Configure global settings. - lineinfile: - dest: "{{ postgresql_config_path }}/postgresql.conf" - regexp: "^#?{{ item.option }}.+$" - line: "{{ item.option }} = '{{ item.value }}'" - state: "{{ item.state | default('present') }}" - with_items: "{{ postgresql_global_config_options }}" - notify: restart postgresql - -- name: Configure host based authentication (if entries are configured). - template: - src: "pg_hba.conf.j2" - dest: "{{ postgresql_config_path }}/pg_hba.conf" - owner: "{{ postgresql_user }}" - group: "{{ postgresql_group }}" - mode: 0600 - notify: restart postgresql - when: postgresql_hba_entries | length > 0 - -- name: Ensure PostgreSQL unix socket dirs exist. - file: - path: "{{ item }}" - state: directory - owner: "{{ postgresql_user }}" - group: "{{ postgresql_group }}" - mode: "{{ postgresql_unix_socket_directories_mode }}" - with_items: "{{ postgresql_unix_socket_directories }}" diff --git a/roles/postgresql/tasks/databases.yml b/roles/postgresql/tasks/databases.yml deleted file mode 100644 index e01d804..0000000 --- a/roles/postgresql/tasks/databases.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Ensure PostgreSQL databases are present. - postgresql_db: - name: "{{ item.name }}" - lc_collate: "{{ item.lc_collate | default('en_US.UTF-8') }}" - lc_ctype: "{{ item.lc_ctype | default('en_US.UTF-8') }}" - encoding: "{{ item.encoding | default('UTF-8') }}" - template: "{{ item.template | default('template0') }}" - login_host: "{{ item.login_host | default('localhost') }}" - login_password: "{{ item.login_password | default(omit) }}" - login_user: "{{ item.login_user | default(postgresql_user) }}" - login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}" - port: "{{ item.port | default(omit) }}" - owner: "{{ item.owner | default(postgresql_user) }}" - state: "{{ item.state | default('present') }}" - with_items: "{{ postgresql_databases }}" - become: true - become_user: "{{ postgresql_user }}" - # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509 - vars: - ansible_ssh_pipelining: true diff --git a/roles/postgresql/tasks/initialize.yml b/roles/postgresql/tasks/initialize.yml deleted file mode 100644 index 0183121..0000000 --- a/roles/postgresql/tasks/initialize.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Set PostgreSQL environment variables. - template: - src: postgres.sh.j2 - dest: /etc/profile.d/postgres.sh - mode: 0644 - notify: restart postgresql - -- name: Ensure PostgreSQL data directory exists. - file: - path: "{{ postgresql_data_dir }}" - owner: "{{ postgresql_user }}" - group: "{{ postgresql_group }}" - state: directory - mode: 0700 - -- name: Check if PostgreSQL database is initialized. - stat: - path: "{{ postgresql_data_dir }}/PG_VERSION" - register: pgdata_dir_version - -- name: Ensure PostgreSQL database is initialized. - command: "{{ postgresql_bin_path }}/initdb -D {{ postgresql_data_dir }}" - when: not pgdata_dir_version.stat.exists - become: true - become_user: "{{ postgresql_user }}" - # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509 - vars: - ansible_ssh_pipelining: true diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml deleted file mode 100644 index 5d4f5fe..0000000 --- a/roles/postgresql/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Variable configuration. -- include_tasks: variables.yml - -# Setup/install tasks. -- include_tasks: setup-RedHat.yml - when: ansible_os_family == 'RedHat' - -- include_tasks: setup-Debian.yml - when: ansible_os_family == 'Debian' - -- include_tasks: initialize.yml -- include_tasks: configure.yml - -- name: Ensure PostgreSQL is started and enabled on boot. - service: - name: "{{ postgresql_daemon }}" - state: "{{ postgresql_service_state }}" - enabled: "{{ postgresql_service_enabled }}" - -# Configure PostgreSQL. -- import_tasks: users.yml -- import_tasks: databases.yml diff --git a/roles/postgresql/tasks/setup-Debian.yml b/roles/postgresql/tasks/setup-Debian.yml deleted file mode 100644 index 1b54019..0000000 --- a/roles/postgresql/tasks/setup-Debian.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Ensure PostgreSQL Python libraries are installed. - apt: - name: "{{ postgresql_python_library }}" - state: present - -- name: Ensure PostgreSQL packages are installed. - apt: - name: "{{ postgresql_packages }}" - state: present - -- name: Ensure all configured locales are present. - locale_gen: "name={{ item }} state=present" - with_items: "{{ postgresql_locales }}" - register: locale_gen_result - -- name: Force-restart PostgreSQL after new locales are generated. - service: - name: "{{ postgresql_daemon }}" - state: restarted - when: locale_gen_result.changed diff --git a/roles/postgresql/tasks/setup-RedHat.yml b/roles/postgresql/tasks/setup-RedHat.yml deleted file mode 100644 index d536bcb..0000000 --- a/roles/postgresql/tasks/setup-RedHat.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Ensure PostgreSQL packages are installed. - yum: - name: "{{ postgresql_packages }}" - state: present - enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}" - # Don't let postgresql-contrib cause the /usr/bin/python symlink - # to be installed, which breaks later Ansible runs on Fedora 30, - # and affects system behavior in multiple ways. - exclude: python-unversioned-command - -- name: Ensure PostgreSQL Python libraries are installed. - yum: - name: "{{ postgresql_python_library }}" - state: present - enablerepo: "{{ postgresql_enablerepo | default(omit, true) }}" diff --git a/roles/postgresql/tasks/users.yml b/roles/postgresql/tasks/users.yml deleted file mode 100644 index a1ae894..0000000 --- a/roles/postgresql/tasks/users.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Ensure PostgreSQL users are present. - postgresql_user: - name: "{{ item.name }}" - password: "{{ item.password | default(omit) }}" - encrypted: "{{ item.encrypted | default(omit) }}" - priv: "{{ item.priv | default(omit) }}" - role_attr_flags: "{{ item.role_attr_flags | default(omit) }}" - db: "{{ item.db | default(omit) }}" - login_host: "{{ item.login_host | default('localhost') }}" - login_password: "{{ item.login_password | default(omit) }}" - login_user: "{{ item.login_user | default(postgresql_user) }}" - login_unix_socket: "{{ item.login_unix_socket | default(postgresql_unix_socket_directories[0]) }}" - port: "{{ item.port | default(omit) }}" - state: "{{ item.state | default('present') }}" - with_items: "{{ postgresql_users }}" - no_log: "{{ postgres_users_no_log }}" - become: true - become_user: "{{ postgresql_user }}" - # See: https://github.com/ansible/ansible/issues/16048#issuecomment-229012509 - vars: - ansible_ssh_pipelining: true diff --git a/roles/postgresql/tasks/variables.yml b/roles/postgresql/tasks/variables.yml deleted file mode 100644 index 5758972..0000000 --- a/roles/postgresql/tasks/variables.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Variable configuration. -- name: Include OS-specific variables (Debian). - include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" - when: ansible_os_family == 'Debian' - -- name: Include OS-specific variables (RedHat). - include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml" - when: - - ansible_os_family == 'RedHat' - - ansible_distribution != 'Fedora' - -- name: Include OS-specific variables (Fedora). - include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" - when: ansible_distribution == 'Fedora' - -- name: Define postgresql_packages. - set_fact: - postgresql_packages: "{{ __postgresql_packages | list }}" - when: postgresql_packages is not defined - -- name: Define postgresql_version. - set_fact: - postgresql_version: "{{ __postgresql_version }}" - when: postgresql_version is not defined - -- name: Define postgresql_daemon. - set_fact: - postgresql_daemon: "{{ __postgresql_daemon }}" - when: postgresql_daemon is not defined - -- name: Define postgresql_data_dir. - set_fact: - postgresql_data_dir: "{{ __postgresql_data_dir }}" - when: postgresql_data_dir is not defined - -- name: Define postgresql_bin_path. - set_fact: - postgresql_bin_path: "{{ __postgresql_bin_path }}" - when: postgresql_bin_path is not defined - -- name: Define postgresql_config_path. - set_fact: - postgresql_config_path: "{{ __postgresql_config_path }}" - when: postgresql_config_path is not defined - -- name: Define postgresql_unix_socket_directories_mode. - set_fact: - postgresql_unix_socket_directories_mode: >- - {{ __postgresql_unix_socket_directories_mode | default('02775') }} - when: postgresql_unix_socket_directories_mode is not defined diff --git a/roles/postgresql/templates/pg_hba.conf.j2 b/roles/postgresql/templates/pg_hba.conf.j2 deleted file mode 100644 index 05cc8a0..0000000 --- a/roles/postgresql/templates/pg_hba.conf.j2 +++ /dev/null @@ -1,9 +0,0 @@ -{{ ansible_managed | comment }} -# PostgreSQL Client Authentication Configuration File -# =================================================== -# -# See: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html - -{% for client in postgresql_hba_entries %} -{{ client.type }} {{ client.database }} {{ client.user }} {{ client.address|default('') }} {{ client.ip_address|default('') }} {{ client.ip_mask|default('') }} {{ client.auth_method }} {{ client.auth_options|default("") }} -{% endfor %} diff --git a/roles/postgresql/templates/postgres.sh.j2 b/roles/postgresql/templates/postgres.sh.j2 deleted file mode 100644 index 7264064..0000000 --- a/roles/postgresql/templates/postgres.sh.j2 +++ /dev/null @@ -1,2 +0,0 @@ -export PGDATA={{ postgresql_data_dir }} -export PATH=$PATH:{{ postgresql_bin_path }} diff --git a/roles/postgresql/vars/Debian-10.yml b/roles/postgresql/vars/Debian-10.yml deleted file mode 100644 index d8b5103..0000000 --- a/roles/postgresql/vars/Debian-10.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -__postgresql_version: "11" -__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" -__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" -__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" -__postgresql_daemon: "postgresql@{{ postgresql_version }}-main" -__postgresql_packages: - - postgresql - - postgresql-contrib - - libpq-dev -# Debian 10 uses Python 3 by default. -postgresql_python_library: python3-psycopg2 diff --git a/roles/postgresql/vars/Debian-7.yml b/roles/postgresql/vars/Debian-7.yml deleted file mode 100644 index 6b933bb..0000000 --- a/roles/postgresql/vars/Debian-7.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -__postgresql_version: "9.1" -__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" -__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" -__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-contrib - - libpq-dev diff --git a/roles/postgresql/vars/Debian-8.yml b/roles/postgresql/vars/Debian-8.yml deleted file mode 100644 index ec86f93..0000000 --- a/roles/postgresql/vars/Debian-8.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -__postgresql_version: "9.4" -__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" -__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" -__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" -__postgresql_daemon: "postgresql@{{ postgresql_version }}-main" -__postgresql_packages: - - postgresql - - postgresql-contrib - - libpq-dev diff --git a/roles/postgresql/vars/Debian-9.yml b/roles/postgresql/vars/Debian-9.yml deleted file mode 100644 index 2afb9f4..0000000 --- a/roles/postgresql/vars/Debian-9.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -__postgresql_version: "9.6" -__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" -__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" -__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" -__postgresql_daemon: "postgresql@{{ postgresql_version }}-main" -__postgresql_packages: - - postgresql - - postgresql-contrib - - libpq-dev diff --git a/roles/postgresql/vars/Fedora-29.yml b/roles/postgresql/vars/Fedora-29.yml deleted file mode 100644 index 4e09932..0000000 --- a/roles/postgresql/vars/Fedora-29.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -__postgresql_version: "10.5" -__postgresql_data_dir: "/var/lib/pgsql/data" -__postgresql_bin_path: "/usr/bin" -__postgresql_config_path: "/var/lib/pgsql/data" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-server - - postgresql-contrib - - postgresql-libs -postgresql_python_library: python2-psycopg2 diff --git a/roles/postgresql/vars/Fedora-30.yml b/roles/postgresql/vars/Fedora-30.yml deleted file mode 100644 index d07f14b..0000000 --- a/roles/postgresql/vars/Fedora-30.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -__postgresql_version: "11.2" -__postgresql_data_dir: "/var/lib/pgsql/data" -__postgresql_bin_path: "/usr/bin" -__postgresql_config_path: "/var/lib/pgsql/data" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-server - - postgresql-contrib - - postgresql-libs -# Fedora 30 containers only have python3 by default -postgresql_python_library: python3-psycopg2 diff --git a/roles/postgresql/vars/Fedora-31.yml b/roles/postgresql/vars/Fedora-31.yml deleted file mode 100644 index 27a023e..0000000 --- a/roles/postgresql/vars/Fedora-31.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -__postgresql_version: "11.5" -__postgresql_data_dir: "/var/lib/pgsql/data" -__postgresql_bin_path: "/usr/bin" -__postgresql_config_path: "/var/lib/pgsql/data" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-server - - postgresql-contrib - - postgresql-libs -__postgresql_unix_socket_directories_mode: '0755' -# Fedora 31 containers only have python3 by default -postgresql_python_library: python3-psycopg2 diff --git a/roles/postgresql/vars/Fedora-32.yml b/roles/postgresql/vars/Fedora-32.yml deleted file mode 100644 index 6ce9d9b..0000000 --- a/roles/postgresql/vars/Fedora-32.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -__postgresql_version: "12.2" -__postgresql_data_dir: "/var/lib/pgsql/data" -__postgresql_bin_path: "/usr/bin" -__postgresql_config_path: "/var/lib/pgsql/data" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-server - - postgresql-contrib - - postgresql-libs -__postgresql_unix_socket_directories_mode: '0755' -# Fedora 32 containers only have python3 by default -postgresql_python_library: python3-psycopg2 diff --git a/roles/postgresql/vars/RedHat-6.yml b/roles/postgresql/vars/RedHat-6.yml deleted file mode 100644 index 8923c50..0000000 --- a/roles/postgresql/vars/RedHat-6.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -__postgresql_version: "8.4" -__postgresql_data_dir: "/var/lib/pgsql/data" -__postgresql_bin_path: "/usr/bin" -__postgresql_config_path: "/var/lib/pgsql/data" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-server - - postgresql-contrib - - postgresql-libs diff --git a/roles/postgresql/vars/RedHat-7.yml b/roles/postgresql/vars/RedHat-7.yml deleted file mode 100644 index 1d5c517..0000000 --- a/roles/postgresql/vars/RedHat-7.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -__postgresql_version: "9.2" -__postgresql_data_dir: "/var/lib/pgsql/data" -__postgresql_bin_path: "/usr/bin" -__postgresql_config_path: "/var/lib/pgsql/data" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-server - - postgresql-contrib - - postgresql-libs diff --git a/roles/postgresql/vars/RedHat-8.yml b/roles/postgresql/vars/RedHat-8.yml deleted file mode 100644 index e519ea9..0000000 --- a/roles/postgresql/vars/RedHat-8.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -__postgresql_version: "10" -__postgresql_data_dir: "/var/lib/pgsql/data" -__postgresql_bin_path: "/usr/bin" -__postgresql_config_path: "/var/lib/pgsql/data" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-server - - postgresql-contrib -__postgresql_unix_socket_directories_mode: '0755' -postgresql_python_library: python3-psycopg2 diff --git a/roles/postgresql/vars/Ubuntu-16.yml b/roles/postgresql/vars/Ubuntu-16.yml deleted file mode 100644 index cf2ebb8..0000000 --- a/roles/postgresql/vars/Ubuntu-16.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -__postgresql_version: "9.5" -__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" -__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" -__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-contrib - - libpq-dev diff --git a/roles/postgresql/vars/Ubuntu-18.yml b/roles/postgresql/vars/Ubuntu-18.yml deleted file mode 100644 index 8136224..0000000 --- a/roles/postgresql/vars/Ubuntu-18.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -__postgresql_version: "10" -__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" -__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" -__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-contrib - - libpq-dev -postgresql_python_library: python3-psycopg2 diff --git a/roles/postgresql/vars/Ubuntu-20.yml b/roles/postgresql/vars/Ubuntu-20.yml deleted file mode 100644 index 9a9a065..0000000 --- a/roles/postgresql/vars/Ubuntu-20.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -__postgresql_version: "12" -__postgresql_data_dir: "/var/lib/postgresql/{{ __postgresql_version }}/main" -__postgresql_bin_path: "/usr/lib/postgresql/{{ __postgresql_version }}/bin" -__postgresql_config_path: "/etc/postgresql/{{ __postgresql_version }}/main" -__postgresql_daemon: postgresql -__postgresql_packages: - - postgresql - - postgresql-contrib - - libpq-dev -postgresql_python_library: python3-psycopg2 diff --git a/roles/snmpd/.ansible-lint b/roles/snmpd/.ansible-lint deleted file mode 100644 index 148ddda..0000000 --- a/roles/snmpd/.ansible-lint +++ /dev/null @@ -1,3 +0,0 @@ ---- -warn_list: - - '106' diff --git a/roles/snmpd/.github/workflows/ci.yml b/roles/snmpd/.github/workflows/ci.yml deleted file mode 100644 index e8a0475..0000000 --- a/roles/snmpd/.github/workflows/ci.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -name: CI -'on': - pull_request: - push: - branches: - - master - schedule: - - cron: '30 1 * * 3' - -jobs: - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase - uses: actions/checkout@v2 - - - name: Set up Python 3 - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies - run: pip install ansible-lint[community,yamllint] - - - name: Lint code - run: | - yamllint . - ansible-lint - - molecule: - name: Molecule - runs-on: ubuntu-latest - defaults: - run: - working-directory: "${{ github.repository }}" - needs: - - lint - strategy: - fail-fast: false - matrix: - include: - - distro: debian8 - - distro: debian9 - - distro: debian10 - - distro: ubuntu1604 - ansible-version: '>=2.8, <2.9' - - distro: ubuntu1604 - ansible-version: '>=2.9, <2.10' - - distro: ubuntu1604 - ansible-version: '>=2.10, <2.11' - - distro: ubuntu1604 - - distro: ubuntu1804 - - distro: ubuntu2004 - - steps: - - name: Check out the codebase - uses: actions/checkout@v2 - with: - path: "${{ github.repository }}" - - - name: Set up Python 3 - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies - run: pip install 'ansible${{ matrix.ansible-version }}' molecule[docker] docker - - - name: Run Molecule tests - run: | - molecule test - env: - ANSIBLE_FORCE_COLOR: '1' - ANSIBLE_VERBOSITY: '2' - MOLECULE_DEBUG: '1' - MOLECULE_DISTRO: "${{ matrix.distro }}" - PY_COLORS: '1' diff --git a/roles/snmpd/.github/workflows/release.yml b/roles/snmpd/.github/workflows/release.yml deleted file mode 100644 index 2354e68..0000000 --- a/roles/snmpd/.github/workflows/release.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Release -'on': - push: - tags: - - '*' - -jobs: - - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Check out the codebase - uses: actions/checkout@v2 - - - name: Publish to Galaxy - uses: robertdebock/galaxy-action@1.1.0 - with: - galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} diff --git a/roles/snmpd/.gitignore b/roles/snmpd/.gitignore deleted file mode 100644 index f74c83a..0000000 --- a/roles/snmpd/.gitignore +++ /dev/null @@ -1,30 +0,0 @@ -# OS generated files # -###################### -.DS_Store -.DS_Store? -._* -.Spotlight-V100 -.Trashes -Icon? -ehthumbs.db -Thumbs.db - -# IDE files # -################# -/.settings -/.buildpath -/.project -/nbproject -*.komodoproject -*.kpf -/.idea - -# Vagrant files # -.virtualbox/ -.vagrant/ -vagrant_ansible_inventory_* -ansible.cfg - -# Other files # -############### -!empty diff --git a/roles/snmpd/.yamllint b/roles/snmpd/.yamllint deleted file mode 100644 index 894450c..0000000 --- a/roles/snmpd/.yamllint +++ /dev/null @@ -1,15 +0,0 @@ ---- -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - line-length: disable - truthy: disable - -ignore: | - .tox/ diff --git a/roles/snmpd/Dockerfile b/roles/snmpd/Dockerfile deleted file mode 100644 index c7cdf41..0000000 --- a/roles/snmpd/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -FROM ubuntu:16.04 -MAINTAINER Mischa ter Smitten - -# python -RUN apt-get update && \ - DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \ - apt-get clean -RUN curl -sL https://bootstrap.pypa.io/pip/2.7/get-pip.py | python - -RUN rm -rf $HOME/.cache - -# ansible -RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev net-tools iproute2 ethtool && \ - apt-get clean -RUN pip install ansible==2.9.15 -RUN rm -rf $HOME/.cache - -# provision -COPY . /etc/ansible/roles/ansible-role -WORKDIR /etc/ansible/roles/ansible-role -RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local diff --git a/roles/snmpd/LICENSE.txt b/roles/snmpd/LICENSE.txt deleted file mode 100644 index 5708f35..0000000 --- a/roles/snmpd/LICENSE.txt +++ /dev/null @@ -1,19 +0,0 @@ -Copyright (c) Oefenweb.nl - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is furnished -to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/roles/snmpd/README.md b/roles/snmpd/README.md deleted file mode 100644 index 0361a0e..0000000 --- a/roles/snmpd/README.md +++ /dev/null @@ -1,74 +0,0 @@ -## snmpd - -[![CI](https://github.com/Oefenweb/ansible-snmpd/workflows/CI/badge.svg)](https://github.com/Oefenweb/ansible-snmpd/actions?query=workflow%3ACI) -[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-snmpd-blue.svg)](https://galaxy.ansible.com/Oefenweb/snmpd) - -Set up snmp(d) in Debian-like systems. - -#### Requirements - - -On **Debian** the **non-free** repository must be enabled to download the `snmp-mibs-downloader` package, -on **Ubuntu** this package is in **multiverse**. See the *"Recommended"* section below. - -#### Variables - -* `snmpd_install` [default: `[lm-sensors]`]: Additional packages to install -* `snmpd_mibs` [default: `UCD-SNMP-MIB`]: MIBs to load -* `snmpd_run` [default: `true`]: Snmpd control (true means start daemon) -* `snmpd_opts` [default: `'-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'`]: Snmpd options (use syslog, close stdin/out/err) -* `snmpd_trapd_run` [default: `false`]: Snmptrapd control (true means start daemon) -* `snmpd_trapd_opts` [default: `'-Lsd -p /var/run/snmptrapd.pid'`]: Snmptrapd options (use syslog) -* `snmpd_snmpd_compat` [default: `false`]: Create symlink on Debian legacy location to official RFC path - -* `snmpd_agent_address` [default: `['udp:161', 'udp6:[::1]:161']: Agent address - -* `snmpd_internal_user`: [default: see defaults.yml]: Internal user. **Make sure to change!** - -* `snmpd_users`: [default: see defaults.yml]: Additional users. **Make sure to change!** -* `snmpd_sys_location` [default: `''`]: System location -* `snmpd_sys_contact` [default: `Root `]: System contact -* `snmpd_sys_description` [default: `{{ inventory_hostname }}`]: System description - -* `snmpd_disks_include_all`: [default: `false`]: Include all disks mounted on the system in the SNMP table -* `snmpd_disks_include_all_threshold_minpercent`: [default: `10%`]: Minimum free space specified as a percentage -* `snmpd_disks`: [default: `[]`]: List of disk paths and their corresponding thresholds to be included in the SNMP table -* `snmpd_disks.{n}.path`: [required]: The disks mountpoint (e.g. `/`) -* `snmpd_disks.{n}.threshold`: [required]: The disks minimum threshold either be specified in kB (MINSPACE) or as a percentage of the total disk (MINPERCENT% with a '%' character) (e.g. `10%`) - -* `snmpd_default_monitors` [default: `true`]: Configure the Event `MIB` tables to monitor the various `UCD-SNMP-MIB` tables for problems -* `snmpd_link_up_down_notifications` [default: `true`]: Configure the Event `MIB` tables to monitor the `fTable` for network interfaces being taken up or down, and triggering a `linkUp` or `linkDown` notification as appropriate - -* `snmpd_extensions`: [default: `[]`]: Extension MIB declaration(s) -* `snmpd_extensions.{n}.name`: [required]: An identifying string for the extension -* `snmpd_extensions.{n}.prog`: [required]: The program to run -* `snmpd_extensions.{n}.args`: [default: `[]`]: The arguments to give the program - -## Dependencies - -None - -## Recommended - -* `ansible-apt` ([see](https://github.com/Oefenweb/ansible-apt), to manage `apt` repositories (in `/etc/apt/sources.list`) - -#### Example - -```yaml ---- -- hosts: all - roles: - - snmpd -``` - -#### License - -MIT - -#### Author Information - -Mischa ter Smitten - -#### Feedback, bug-reports, requests, ... - -Are [welcome](https://github.com/Oefenweb/ansible-snmpd/issues)! diff --git a/roles/snmpd/Vagrantfile b/roles/snmpd/Vagrantfile deleted file mode 100644 index a0182a0..0000000 --- a/roles/snmpd/Vagrantfile +++ /dev/null @@ -1,70 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby ts=2 sw=2 tw=0 et : - -role = File.basename(File.expand_path(File.dirname(__FILE__))) - -boxes = [ - { - :name => "ubuntu-1604", - :box => "bento/ubuntu-16.04", - :ip => '10.0.0.12', - :cpu => "50", - :ram => "256" - }, - { - :name => "ubuntu-1804", - :box => "bento/ubuntu-18.04", - :ip => '10.0.0.13', - :cpu => "50", - :ram => "384" - }, - { - :name => "ubuntu-2004", - :box => "bento/ubuntu-20.04", - :ip => '10.0.0.14', - :cpu => "50", - :ram => "384" - }, - { - :name => "debian-8", - :box => "bento/debian-8", - :ip => '10.0.0.16', - :cpu => "50", - :ram => "256" - }, - { - :name => "debian-9", - :box => "bento/debian-9", - :ip => '10.0.0.17', - :cpu => "50", - :ram => "256" - }, - { - :name => "debian-10", - :box => "bento/debian-10", - :ip => '10.0.0.18', - :cpu => "50", - :ram => "256" - }, -] - -Vagrant.configure("2") do |config| - boxes.each do |box| - config.vm.define box[:name] do |vms| - vms.vm.box = box[:box] - vms.vm.hostname = "ansible-#{role}-#{box[:name]}" - - vms.vm.provider "virtualbox" do |v| - v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]] - v.customize ["modifyvm", :id, "--memory", box[:ram]] - end - - vms.vm.network :private_network, ip: box[:ip] - - vms.vm.provision :ansible do |ansible| - ansible.playbook = "tests/vagrant.yml" - ansible.verbose = "vv" - end - end - end -end diff --git a/roles/snmpd/defaults/main.yml b/roles/snmpd/defaults/main.yml deleted file mode 100644 index ffb0f16..0000000 --- a/roles/snmpd/defaults/main.yml +++ /dev/null @@ -1,39 +0,0 @@ -# defaults file ---- -snmpd_install: - - lm-sensors -snmpd_mibs: UCD-SNMP-MIB -snmpd_run: true -snmpd_opts: '-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid' -snmpd_trapd_run: false -snmpd_trapd_opts: '-Lsd -p /var/run/snmptrapd.pid' -snmpd_snmpd_compat: false - -snmpd_agent_address: - - 'udp:161' - - 'udp6:[::1]:161' - -snmpd_internal_user: - username: internalUser - password: '=9zeba&hEpr3799sE_a!' - auth_protocol: MD5 - -snmpd_users: - - username: john-doe - password: '!ahab#ub_uk#2uhEThu6' - type: rouser - auth_protocol: SHA - privacy_passphrase: 'zusTAqEpHacEs9eju44@' - privacy_protocol: AES - -snmpd_sys_location: 'Unknown' -snmpd_sys_contact: Root -snmpd_sys_description: "{{ inventory_hostname }}" -snmpd_sys_services: 72 - -snmpd_disks_include_all: false -snmpd_disks_include_all_threshold: '10%' -snmpd_disks: [] - -snmpd_default_monitors: true -snmpd_link_up_down_notifications: true diff --git a/roles/snmpd/files/empty b/roles/snmpd/files/empty deleted file mode 100644 index e69de29..0000000 diff --git a/roles/snmpd/handlers/main.yml b/roles/snmpd/handlers/main.yml deleted file mode 100644 index 8cea04d..0000000 --- a/roles/snmpd/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -# handlers file ---- -- name: restart snmpd - service: - name: snmpd - state: restarted - when: service_default_state | default('started') == 'started' diff --git a/roles/snmpd/meta/.galaxy_install_info b/roles/snmpd/meta/.galaxy_install_info deleted file mode 100644 index 224e0f9..0000000 --- a/roles/snmpd/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: 'Sun 08 Aug 2021 06:26:26 PM ' -version: master diff --git a/roles/snmpd/meta/main.yml b/roles/snmpd/meta/main.yml deleted file mode 100644 index f7f6268..0000000 --- a/roles/snmpd/meta/main.yml +++ /dev/null @@ -1,24 +0,0 @@ -# meta file ---- -galaxy_info: - namespace: oefenweb - role_name: snmpd - author: Mischa ter Smitten - company: Oefenweb.nl B.V. - description: Set up snmp(d) in Debian-like systems - license: MIT - min_ansible_version: 2.8.0 - platforms: - - name: Ubuntu - versions: - - xenial - - bionic - - focal - - name: Debian - versions: - - jessie - - stretch - - buster - galaxy_tags: - - system -dependencies: [] diff --git a/roles/snmpd/molecule/default/converge.yml b/roles/snmpd/molecule/default/converge.yml deleted file mode 100644 index 73043c4..0000000 --- a/roles/snmpd/molecule/default/converge.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - pre_tasks: - - name: include vars - include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml" - roles: - - ../../../ diff --git a/roles/snmpd/molecule/default/molecule.yml b/roles/snmpd/molecule/default/molecule.yml deleted file mode 100644 index fbb7120..0000000 --- a/roles/snmpd/molecule/default/molecule.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1604}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - prepare: prepare.yml - converge: converge.yml - verify: verify.yml diff --git a/roles/snmpd/molecule/default/prepare.yml b/roles/snmpd/molecule/default/prepare.yml deleted file mode 100644 index 1600dec..0000000 --- a/roles/snmpd/molecule/default/prepare.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Prepare - hosts: all - become: true - pre_tasks: - - name: include vars - include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml" - - name: include tasks - include: "{{ playbook_dir }}/../../tests/tasks/pre.yml" diff --git a/roles/snmpd/molecule/default/verify.yml b/roles/snmpd/molecule/default/verify.yml deleted file mode 100644 index 44debad..0000000 --- a/roles/snmpd/molecule/default/verify.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Verify - hosts: all - become: true - tasks: [] diff --git a/roles/snmpd/tasks/main.yml b/roles/snmpd/tasks/main.yml deleted file mode 100644 index 52ecc7e..0000000 --- a/roles/snmpd/tasks/main.yml +++ /dev/null @@ -1,57 +0,0 @@ -# tasks file ---- -- name: install dependencies - apt: - name: "{{ snmpd_dependencies }}" - state: "{{ apt_install_state | default('latest') }}" - update_cache: true - cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}" - tags: - - configuration - - snmpd - - snmpd-dependencies - -- name: install - apt: - name: "{{ snmpd_install }}" - state: "{{ apt_install_state | default('latest') }}" - tags: - - configuration - - snmpd - - snmpd-install - -- name: update configuration file - /etc/default/snmpd.conf - template: - src: etc/default/snmpd.j2 - dest: /etc/default/snmpd - owner: root - group: root - mode: 0644 - notify: restart snmpd - tags: - - configuration - - snmpd - - snmpd-configuration - -- name: update configuration file - /etc/snmp/snmpd.conf - template: - src: etc/snmp/snmpd.conf.j2 - dest: /etc/snmp/snmpd.conf - owner: root - group: root - mode: 0600 - notify: restart snmpd - tags: - - configuration - - snmpd - - snmpd-configuration - -- name: start and enable service - service: - name: snmpd - state: "{{ service_default_state | default('started') }}" - enabled: "{{ service_default_enabled | default(true) | bool }}" - tags: - - configuration - - snmpd - - snmpd-start-enable-service diff --git a/roles/snmpd/templates/etc/default/snmpd.j2 b/roles/snmpd/templates/etc/default/snmpd.j2 deleted file mode 100644 index 3f28b89..0000000 --- a/roles/snmpd/templates/etc/default/snmpd.j2 +++ /dev/null @@ -1,24 +0,0 @@ -# {{ ansible_managed }} - -# This file controls the activity of snmpd and snmptrapd - -# Don't load any MIBs by default. -# You might comment this lines once you have the MIBs downloaded. -export MIBS={{ snmpd_mibs }} - -# snmpd control (yes means start daemon). -SNMPDRUN={{ 'yes' if snmpd_run else 'no' }} - -# snmpd options (use syslog, close stdin/out/err). -SNMPDOPTS='{{ snmpd_opts }}' - -# snmptrapd control (yes means start daemon). As of net-snmp version -# 5.0, master agentx support must be enabled in snmpd before snmptrapd -# can be run. See snmpd.conf(5) for how to do this. -TRAPDRUN={{ 'yes' if snmpd_trapd_run else 'no' }} - -# snmptrapd options (use syslog). -TRAPDOPTS='{{ snmpd_trapd_opts }}' - -# create symlink on Debian legacy location to official RFC path -SNMPDCOMPAT={{ 'yes' if snmpd_snmpd_compat else 'no' }} diff --git a/roles/snmpd/templates/etc/snmp/snmpd.conf.j2 b/roles/snmpd/templates/etc/snmp/snmpd.conf.j2 deleted file mode 100644 index 341b471..0000000 --- a/roles/snmpd/templates/etc/snmp/snmpd.conf.j2 +++ /dev/null @@ -1,42 +0,0 @@ -# {{ ansible_managed }} - -agentAddress {{ snmpd_agent_address | join(',') }} - -createUser {{ snmpd_internal_user.username }} {{ snmpd_internal_user.auth_protocol }} "{{ snmpd_internal_user.password }}" -{% for snmpd_user in snmpd_users %} -createUser {{ snmpd_user.username }} {{ snmpd_user.auth_protocol }} "{{ snmpd_user.password }}" {{ snmpd_user.privacy_protocol }} "{{ snmpd_user.privacy_passphrase }}" -{% endfor %} - -view systemonly included .1.3.6.1.2.1.1 -view systemonly included .1.3.6.1.2.1.25.1 - -rouser authOnlyUser -{% for snmpd_user in snmpd_users %} -{{ snmpd_user.type }} {{ snmpd_user.username }} -{% endfor %} - -sysLocation {{ snmpd_sys_location }} -sysContact {{ snmpd_sys_contact }} -{% if snmpd_sys_description %} -sysDescr {{ snmpd_sys_description }} -{% endif %} -sysServices {{ snmpd_sys_services }} - -iquerySecName {{ snmpd_internal_user.username }} -rouser {{ snmpd_internal_user.username }} - -{% if snmpd_disks_include_all %} -includeAllDisks {{ snmpd_disks_include_all_threshold_minpercent }} -{% endif %} -{% for snmpd_disk in snmpd_disks %} -disk {{ snmpd_disk.path }} {{ snmpd_disk.threshold }} -{% endfor %} - -defaultMonitors {{ 'yes' if snmpd_default_monitors else 'no' }} -linkUpDownNotifications {{ 'yes' if snmpd_link_up_down_notifications else 'no' }} - -{% for snmpd_extension in snmpd_extensions | default([]) %} -extend {{ snmpd_extension.name }} {{ snmpd_extension.prog }} {{ snmpd_extension.args | default([]) | join(' ') }} -{% endfor %} - -master agentx diff --git a/roles/snmpd/tests/inventory b/roles/snmpd/tests/inventory deleted file mode 100644 index 2fbb50c..0000000 --- a/roles/snmpd/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/roles/snmpd/tests/tasks/pre.yml b/roles/snmpd/tests/tasks/pre.yml deleted file mode 100644 index 9bcc66f..0000000 --- a/roles/snmpd/tests/tasks/pre.yml +++ /dev/null @@ -1,14 +0,0 @@ -# pre test file ---- -- name: enable non-free - apt_repository: - repo: "{{ item.type }} {{ item.url }} {{ item.component }}" - filename: non-free - with_items: - - type: deb - url: "http://ftp.nl.debian.org/debian/ {{ ansible_distribution_release }}" - component: contrib non-free - - type: deb-src - url: "http://ftp.nl.debian.org/debian/ {{ ansible_distribution_release }}" - component: contrib non-free - when: ansible_distribution == 'Debian' diff --git a/roles/snmpd/tests/test.yml b/roles/snmpd/tests/test.yml deleted file mode 100644 index 0062d99..0000000 --- a/roles/snmpd/tests/test.yml +++ /dev/null @@ -1,12 +0,0 @@ -# tests file for snmpd ---- -- hosts: localhost - connection: local - become: true - pre_tasks: - - name: include vars - include_vars: "{{ playbook_dir }}/vars/main.yml" - - name: include tasks - include: "{{ playbook_dir }}/tasks/pre.yml" - roles: - - ../../ diff --git a/roles/snmpd/tests/vagrant.yml b/roles/snmpd/tests/vagrant.yml deleted file mode 100644 index fed2ce2..0000000 --- a/roles/snmpd/tests/vagrant.yml +++ /dev/null @@ -1,10 +0,0 @@ -# test file ---- -- hosts: all - remote_user: vagrant - become: true - pre_tasks: - - name: include tasks - include: "{{ playbook_dir }}/tasks/pre.yml" - roles: - - ../../ diff --git a/roles/snmpd/tests/vars/main.yml b/roles/snmpd/tests/vars/main.yml deleted file mode 100644 index 7c673e4..0000000 --- a/roles/snmpd/tests/vars/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -# vars file ---- -snmpd_agent_address: - - "udp:{{ ansible_lo['ipv4']['address'] }}:10161" diff --git a/roles/snmpd/vars/main.yml b/roles/snmpd/vars/main.yml deleted file mode 100644 index 90ad567..0000000 --- a/roles/snmpd/vars/main.yml +++ /dev/null @@ -1,6 +0,0 @@ -# vars file ---- -snmpd_dependencies: - - snmpd - - snmp - - snmp-mibs-downloader diff --git a/roles/sshd/.ansible-lint b/roles/sshd/.ansible-lint deleted file mode 100644 index 6d6011d..0000000 --- a/roles/sshd/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -warn_list: # or 'skip_list' to silence them completely │ - - '106' # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern diff --git a/roles/sshd/.github/workflows/ansible-centos7.yml b/roles/sshd/.github/workflows/ansible-centos7.yml deleted file mode 100644 index 9eebd2b..0000000 --- a/roles/sshd/.github/workflows/ansible-centos7.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Run tests on CentOS 7 - -on: [push, pull_request] - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: ansible check with centos:7 - uses: roles-ansible/check-ansible-centos-centos7-action@master - with: - group: local - hosts: localhost - targets: "tests/*.yml" diff --git a/roles/sshd/.github/workflows/ansible-centos8.yml b/roles/sshd/.github/workflows/ansible-centos8.yml deleted file mode 100644 index 9afa024..0000000 --- a/roles/sshd/.github/workflows/ansible-centos8.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Run tests on CentOS 8 - -on: [push, pull_request] - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - name: ansible check with centos:8 - uses: roles-ansible/check-ansible-centos-centos8-action@master - with: - group: local - hosts: localhost - targets: "tests/*.yml" diff --git a/roles/sshd/.github/workflows/ansible-fedora.yml b/roles/sshd/.github/workflows/ansible-fedora.yml deleted file mode 100644 index 6162807..0000000 --- a/roles/sshd/.github/workflows/ansible-fedora.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Run tests on Fedora latest - -on: [push, pull_request] - -jobs: - build: - runs-on: ubuntu-latest - steps: - # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v2 - - - name: ansible check with fedora:latest - uses: roles-ansible/check-ansible-fedora-latest-action@master - with: - group: local - hosts: localhost - targets: "tests/*.yml" diff --git a/roles/sshd/.github/workflows/ansible-lint.yml b/roles/sshd/.github/workflows/ansible-lint.yml deleted file mode 100644 index 50f0665..0000000 --- a/roles/sshd/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Ansible Lint # feel free to pick your own name - -on: [push, pull_request] - -jobs: -# test-ansible28: -# runs-on: ubuntu-latest -# steps: -# - uses: actions/checkout@v2 -# - name: Lint Ansible Playbook -# uses: ansible/ansible-lint-action@master -# with: -# targets: "tests/test_*.yml" -# override-deps: | -# ansible==2.8 -# args: "" -# test-ansible29: -# runs-on: ubuntu-latest -# steps: -# - uses: actions/checkout@v2 -# - name: Lint Ansible Playbook -# uses: ansible/ansible-lint-action@master -# with: -# targets: "tests/test_*.yml" -# override-deps: | -# ansible==2.9 -# args: "" - test-ansible210: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Lint Ansible Playbook - uses: ansible/ansible-lint-action@master - with: - targets: "tests/test_*.yml" - override-deps: | - ansible==2.10 - args: "" diff --git a/roles/sshd/.gitignore b/roles/sshd/.gitignore deleted file mode 100644 index 5d14e0b..0000000 --- a/roles/sshd/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -.vagrant -tests/test.retry diff --git a/roles/sshd/.pre-commit-config.yaml b/roles/sshd/.pre-commit-config.yaml deleted file mode 100644 index d561167..0000000 --- a/roles/sshd/.pre-commit-config.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -repos: - - repo: https://github.com/adrienverge/yamllint.git - rev: v1.24.2 - hooks: - - id: yamllint - files: \.(yaml|yml)$ - types: [file, yaml] - entry: yamllint --strict - - repo: https://github.com/ansible/ansible-lint.git - rev: v4.3.5 - hooks: - - id: ansible-lint - files: \.(yaml|yml)$ diff --git a/roles/sshd/.travis.yml b/roles/sshd/.travis.yml deleted file mode 100644 index 1d08e2f..0000000 --- a/roles/sshd/.travis.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -os: linux -dist: focal -language: python -addons: - apt_packages: - - yamllint - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ - -before_install: - - sudo -H pip3 install ansible - -install: - # Add ansible.cfg to pick up roles path. - - "{ echo '[defaults]'; echo 'roles_path = ../'; echo 'deprecation_warnings=False'; } >> ansible.cfg" - -script: - # Test 0a: Check the roles syntax. - - "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default.yml --syntax-check" - - # Test 0b: Run yamllint with galaxy configuration to avoid quality score penalty - - wget https://raw.githubusercontent.com/ansible/galaxy/devel/galaxy/importer/linters/yamllint.yaml - - "yamllint -c yamllint.yaml **/*.yml" - - # Test 1a: Run the role - - "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default.yml --connection=local --become -v" - - # Test 1b: Run the role through include - - "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_default_include.yml --connection=local --become -v" - - # Test 2: Run the role/playbook again, checking to make sure it's idempotent. - - > - ansible-playbook -i tests/inventory tests/tests_default.yml --connection=local --become | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) - - # Test 3: Check we can set arbitrary configuration options - - > - ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_set_common.yml --connection=local --become -v - && (echo 'Common variables test: pass' && exit 0) - || (echo 'Common variables test: fail' && exit 1) - - # Test 4: Check if we set uncommon or unsupported configuration option, it will not fail hard - - > - ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_set_uncommon.yml --connection=local --become -v - && (echo 'Uncommon configuration test: pass' && exit 0) - || (echo 'Uncommon configuration test: fail' && exit 1) - - # Test 5: Make sure we can modify other files, for example for inclusion - # in the main sshd_config or second sshd service - - > - ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_alternative_file.yml --connection=local --become -v - && (echo 'Alternative configuration file test: pass' && exit 0) - || (echo 'Alternative configuration file test: fail' && exit 1) - - # Test 6: Test match blocks generators - - > - ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_match.yml --connection=local --become -v - && (echo 'Match blocks test: pass' && exit 0) - || (echo 'Match blocks test: fail' && exit 1) - - # Test 7: Test match blocks generators with iteration - - > - ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_match_iterate.yml --connection=local --become -v - && (echo 'Match blocks with iteration test: pass' && exit 0) - || (echo 'Match blocks with iteration test: fail' && exit 1) - - # Test 8: Test hostkeys can be generated by this role - - > - ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_hostkeys.yml --connection=local --become -v - && (echo 'Hostkeys test: pass' && exit 0) - || (echo 'Hostkeys test: fail' && exit 1) - - # Test 9: Test missing hostkeys - - > - ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/tests_hostkeys_missing.yml --connection=local --become -v - && (echo 'Missing hostkeys test: pass' && exit 0) - || (echo 'Missing hostkeys test: fail' && exit 1) diff --git a/roles/sshd/.yamllint.yaml b/roles/sshd/.yamllint.yaml deleted file mode 100644 index 1708d26..0000000 --- a/roles/sshd/.yamllint.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Based on ansible-lint config -extends: default - -rules: - braces: {max-spaces-inside: 1, level: error} - brackets: {max-spaces-inside: 1, level: error} - colons: {max-spaces-after: -1, level: error} - commas: {max-spaces-after: -1, level: error} - comments: disable - comments-indentation: disable - document-start: disable - empty-lines: {max: 3, level: error} - hyphens: {level: error} - indentation: disable - key-duplicates: enable - line-length: disable - new-line-at-end-of-file: disable - new-lines: {type: unix} - trailing-spaces: disable - truthy: disable diff --git a/roles/sshd/CHANGELOG b/roles/sshd/CHANGELOG deleted file mode 100644 index b005f05..0000000 --- a/roles/sshd/CHANGELOG +++ /dev/null @@ -1,27 +0,0 @@ -0.2.5 23 January 2014 Matt Willsher -- Fix for sftp-server install on Debian removing openssh-sftp-server. Thanks to @ricbra -- Reinstate defaults.yml as fall through -0.2.4 13 January 2014 Matt Willsher -- Allow reload to be skipped -- Test for OS support -- Documentation improvements -0.2.3 13 January 2014 Matt Willsher -- Fixed HostbasedAuthentication typo -0.2.2 13 January 2014 Matt Willsher -- Add warnings to README -- Tidy up naming -- Remove blacklist packages from Debian based distros -0.2.1 12 January 2014 Matt Willsher -- Standardise README.md format -- Add basic Travis CI testing -- Add networking metadata type -0.2.0 04 January 2014 Matt Willsher -- Change var file search order -- Add Arch Linux defaults (thanks GitHub user @brenix). -- A number of typo fixes (again, thanks @brenix), including UsePrivilegeSeparation. -- A Ubuntu precise defaults. -- A Debian jessie defaults. -- Unknown Ubuntu and Debian versions default to wheezy defaults. -- License to LGPL -0.1.0 25 December 2014 Matt Willsher -- Initial release diff --git a/roles/sshd/CODE_OF_CONDUCT.md b/roles/sshd/CODE_OF_CONDUCT.md deleted file mode 100644 index 6340074..0000000 --- a/roles/sshd/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,76 +0,0 @@ -# Contributor Covenant Code of Conduct - -## Our Pledge - -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, sex characteristics, gender identity and expression, -level of experience, education, socio-economic status, nationality, personal -appearance, race, religion, or sexual identity and orientation. - -## Our Standards - -Examples of behavior that contributes to creating a positive environment -include: - -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members - -Examples of unacceptable behavior by participants include: - -* The use of sexualized language or imagery and unwelcome sexual attention or - advances -* Trolling, insulting/derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or electronic - address, without explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Our Responsibilities - -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. - -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. - -## Scope - -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at matt@willsher.systems. All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. - -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html - -[homepage]: https://www.contributor-covenant.org - -For answers to common questions about this code of conduct, see -https://www.contributor-covenant.org/faq diff --git a/roles/sshd/LICENSE b/roles/sshd/LICENSE deleted file mode 100644 index 65c5ca8..0000000 --- a/roles/sshd/LICENSE +++ /dev/null @@ -1,165 +0,0 @@ - GNU LESSER GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - - This version of the GNU Lesser General Public License incorporates -the terms and conditions of version 3 of the GNU General Public -License, supplemented by the additional permissions listed below. - - 0. Additional Definitions. - - As used herein, "this License" refers to version 3 of the GNU Lesser -General Public License, and the "GNU GPL" refers to version 3 of the GNU -General Public License. - - "The Library" refers to a covered work governed by this License, -other than an Application or a Combined Work as defined below. - - An "Application" is any work that makes use of an interface provided -by the Library, but which is not otherwise based on the Library. -Defining a subclass of a class defined by the Library is deemed a mode -of using an interface provided by the Library. - - A "Combined Work" is a work produced by combining or linking an -Application with the Library. The particular version of the Library -with which the Combined Work was made is also called the "Linked -Version". - - The "Minimal Corresponding Source" for a Combined Work means the -Corresponding Source for the Combined Work, excluding any source code -for portions of the Combined Work that, considered in isolation, are -based on the Application, and not on the Linked Version. - - The "Corresponding Application Code" for a Combined Work means the -object code and/or source code for the Application, including any data -and utility programs needed for reproducing the Combined Work from the -Application, but excluding the System Libraries of the Combined Work. - - 1. Exception to Section 3 of the GNU GPL. - - You may convey a covered work under sections 3 and 4 of this License -without being bound by section 3 of the GNU GPL. - - 2. Conveying Modified Versions. - - If you modify a copy of the Library, and, in your modifications, a -facility refers to a function or data to be supplied by an Application -that uses the facility (other than as an argument passed when the -facility is invoked), then you may convey a copy of the modified -version: - - a) under this License, provided that you make a good faith effort to - ensure that, in the event an Application does not supply the - function or data, the facility still operates, and performs - whatever part of its purpose remains meaningful, or - - b) under the GNU GPL, with none of the additional permissions of - this License applicable to that copy. - - 3. Object Code Incorporating Material from Library Header Files. - - The object code form of an Application may incorporate material from -a header file that is part of the Library. You may convey such object -code under terms of your choice, provided that, if the incorporated -material is not limited to numerical parameters, data structure -layouts and accessors, or small macros, inline functions and templates -(ten or fewer lines in length), you do both of the following: - - a) Give prominent notice with each copy of the object code that the - Library is used in it and that the Library and its use are - covered by this License. - - b) Accompany the object code with a copy of the GNU GPL and this license - document. - - 4. Combined Works. - - You may convey a Combined Work under terms of your choice that, -taken together, effectively do not restrict modification of the -portions of the Library contained in the Combined Work and reverse -engineering for debugging such modifications, if you also do each of -the following: - - a) Give prominent notice with each copy of the Combined Work that - the Library is used in it and that the Library and its use are - covered by this License. - - b) Accompany the Combined Work with a copy of the GNU GPL and this license - document. - - c) For a Combined Work that displays copyright notices during - execution, include the copyright notice for the Library among - these notices, as well as a reference directing the user to the - copies of the GNU GPL and this license document. - - d) Do one of the following: - - 0) Convey the Minimal Corresponding Source under the terms of this - License, and the Corresponding Application Code in a form - suitable for, and under terms that permit, the user to - recombine or relink the Application with a modified version of - the Linked Version to produce a modified Combined Work, in the - manner specified by section 6 of the GNU GPL for conveying - Corresponding Source. - - 1) Use a suitable shared library mechanism for linking with the - Library. A suitable mechanism is one that (a) uses at run time - a copy of the Library already present on the user's computer - system, and (b) will operate properly with a modified version - of the Library that is interface-compatible with the Linked - Version. - - e) Provide Installation Information, but only if you would otherwise - be required to provide such information under section 6 of the - GNU GPL, and only to the extent that such information is - necessary to install and execute a modified version of the - Combined Work produced by recombining or relinking the - Application with a modified version of the Linked Version. (If - you use option 4d0, the Installation Information must accompany - the Minimal Corresponding Source and Corresponding Application - Code. If you use option 4d1, you must provide the Installation - Information in the manner specified by section 6 of the GNU GPL - for conveying Corresponding Source.) - - 5. Combined Libraries. - - You may place library facilities that are a work based on the -Library side by side in a single library together with other library -facilities that are not Applications and are not covered by this -License, and convey such a combined library under terms of your -choice, if you do both of the following: - - a) Accompany the combined library with a copy of the same work based - on the Library, uncombined with any other library facilities, - conveyed under the terms of this License. - - b) Give prominent notice with the combined library that part of it - is a work based on the Library, and explaining where to find the - accompanying uncombined form of the same work. - - 6. Revised Versions of the GNU Lesser General Public License. - - The Free Software Foundation may publish revised and/or new versions -of the GNU Lesser General Public License from time to time. Such new -versions will be similar in spirit to the present version, but may -differ in detail to address new problems or concerns. - - Each version is given a distinguishing version number. If the -Library as you received it specifies that a certain numbered version -of the GNU Lesser General Public License "or any later version" -applies to it, you have the option of following the terms and -conditions either of that published version or of any later version -published by the Free Software Foundation. If the Library as you -received it does not specify a version number of the GNU Lesser -General Public License, you may choose any version of the GNU Lesser -General Public License ever published by the Free Software Foundation. - - If the Library as you received it specifies that a proxy can decide -whether future versions of the GNU Lesser General Public License shall -apply, that proxy's public statement of acceptance of any version is -permanent authorization for you to choose that version for the -Library. diff --git a/roles/sshd/README.md b/roles/sshd/README.md deleted file mode 100644 index 263d136..0000000 --- a/roles/sshd/README.md +++ /dev/null @@ -1,299 +0,0 @@ -OpenSSH Server -============== - -[![Build Status](https://travis-ci.org/willshersystems/ansible-sshd.svg?branch=master)](https://travis-ci.org/willshersystems/ansible-sshd) [![Ansible Galaxy](http://img.shields.io/badge/galaxy-willshersystems.sshd-660198.svg?style=flat)](https://galaxy.ansible.com/willshersystems/sshd/) - -This role configures the OpenSSH daemon. It: - -* By default configures the SSH daemon with the normal OS defaults. -* Works across a variety of `UN*X` distributions -* Can be configured by dict or simple variables -* Supports Match sets -* Supports all `sshd_config` options. Templates are programmatically generated. - (see [`meta/make_option_list`](meta/make_option_list)) -* Tests the `sshd_config` before reloading sshd. - -**WARNING** Misconfiguration of this role can lock you out of your server! -Please test your configuration and its interaction with your users configuration -before using in production! - -**WARNING** Digital Ocean allows root with passwords via SSH on Debian and -Ubuntu. This is not the default assigned by this module - it will set -`PermitRootLogin without-password` which will allow access via SSH key but not -via simple password. If you need this functionality, be sure to set -`sshd_PermitRootLogin yes` for those hosts. - -Requirements ------------- - -Tested on: - -* Ubuntu precise, trusty, xenial, bionic, focal -* Debian wheezy, jessie, stretch, buster -* FreeBSD 10.1 -* EL 6, 7, 8 derived distributions -* Fedora 31, 32, 33 -* OpenBSD 6.0 -* AIX 7.1, 7.2 - -It will likely work on other flavours and more direct support via suitable -[vars/](vars/) files is welcome. - -Role variables ---------------- - -Unconfigured, this role will provide a `sshd_config` that matches the OS default, -minus the comments and in a different order. - -* `sshd_enable` - -If set to *false*, the role will be completely disabled. Defaults to *true*. - -* `sshd_skip_defaults` - -If set to *true*, don't apply default values. This means that you must have a -complete set of configuration defaults via either the `sshd` dict, or -`sshd_Key` variables. Defaults to *false*. - -* `sshd_manage_service` - -If set to *false*, the service/daemon won't be **managed** at all, i.e. will not -try to enable on boot or start or reload the service. Defaults to *true* -unless: Running inside a docker container (it is assumed ansible is used during -build phase) or AIX (Ansible `service` module does not currently support `enabled` -for AIX) - -* `sshd_allow_reload` - -If set to *false*, a reload of sshd wont happen on change. This can help with -troubleshooting. You'll need to manually reload sshd if you want to apply the -changed configuration. Defaults to the same value as `sshd_manage_service`. -(Except on AIX, where `sshd_manage_service` is default *false*, but -`sshd_allow_reload` is default *true*) - -* `sshd_install_service` - -If set to *true*, the role will install service files for the ssh service. -Defaults to *false*. - -The templates for the service files to be used are pointed to by the variables - - - `sshd_service_template_service` (__default__: `templates/sshd.service.j2`) - - `sshd_service_template_at_service` (__default__: `templates/sshd@.service.j2`) - - `sshd_service_template_socket` (__default__: `templates/sshd.socket.j2`) - -Using these variables, you can use your own custom templates. With the above -default templates, the name of the installed ssh service will be provided by -the `sshd_service` variable. - -* `sshd` - -A dict containing configuration. e.g. - -```yaml -sshd: - Compression: delayed - ListenAddress: - - 0.0.0.0 -``` - -* `sshd_...` - -Simple variables can be used rather than a dict. Simple values override dict -values. e.g.: - -```yaml -sshd_Compression: off -``` - -In all cases, booleans are correctly rendered as yes and no in sshd -configuration. Lists can be used for multiline configuration items. e.g. - -```yaml -sshd_ListenAddress: - - 0.0.0.0 - - '::' -``` - -Renders as: - -``` -ListenAddress 0.0.0.0 -ListenAddress :: -``` - -* `sshd_match` - -A list of dicts for a match section. See the example playbook. - -* `sshd_match_1` through `sshd_match_9` - -A list of dicts or just a dict for a Match section. - -* `sshd_backup` - -When set to *false*, the original `sshd_config` file is not backed up. Default -is *true*. - -* `sshd_sysconfig` - -On RHEL-based systems, sysconfig is used for configuring more details of sshd -service. If set to *true*, this role will manage also the `/etc/sysconfig/sshd` -configuration file based on the following configuration. Default is *false*. - -* `sshd_sysconfig_override_crypto_policy` - -In RHEL8-based systems, this can be used to override system-wide crypto policy -by setting to *true*. Defaults to *false*. - -* `sshd_sysconfig_use_strong_rng` - -In RHEL-based systems, this can be used to force sshd to reseed openssl random -number generator with the given amount of bytes as an argument. The default is -*0*, which disables this functionality. It is not recommended to turn this on -if the system does not have hardware random number generator. - -* `sshd_config_file` - -The path where the openssh configuration produced by this role should be saved. -This is useful mostly when generating configuration snippets to Include. - -### Secondary role variables - -These variables are used by the role internals and can be used to override the -defaults that correspond to each supported platform. - -* `sshd_packages` - -Use this variable to override the default list of packages to install. - -* `sshd_config_owner`, `sshd_config_group`, `sshd_config_mode` - -Use these variables to set the ownership and permissions for the openssh config -file that this role produces. - -* `sshd_binary` - -The path to the openssh executable - -* `sshd_service` - -The name of the openssh service. By default, this variable contains the name of -the ssh service that the target platform uses. But it can also be used to set -the name of the custom ssh service when the `sshd_install_service` variable is -used. - -* `sshd_verify_hostkeys` - -By default (*auto*), this list contains all the host keys that are present in -the produced configuration file. The paths are checked for presence and -generated if missing. Additionally, permissions and file owners are set to sane -defaults. This is useful if the role is used in deployment stage to make sure -the service is able to start on the first attempt. To disable this check, set -this to empty list. - -* `sshd_hostkey_owner`, `sshd_hostkey_group`, `sshd_hostkey_group` - -Use these variables to set the ownership and permissions for the host keys from -the above list. - -* `sshd_sftp_server` - -Default path to the sftp server binary. - -Dependencies ------------- - -None - -Example Playbook ----------------- - -**DANGER!** This example is to show the range of configuration this role -provides. Running it will likely break your SSH access to the server! - -```yaml ---- -- hosts: all - vars: - sshd_skip_defaults: true - sshd: - Compression: true - ListenAddress: - - "0.0.0.0" - - "::" - GSSAPIAuthentication: no - Match: - - Condition: "Group user" - GSSAPIAuthentication: yes - sshd_UsePrivilegeSeparation: no - sshd_match: - - Condition: "Group xusers" - X11Forwarding: yes - roles: - - role: willshersystems.sshd -``` - -Results in: - -``` -# Ansible managed: ... -Compression yes -GSSAPIAuthentication no -UsePrivilegeSeparation no -Match Group user - GSSAPIAuthentication yes -Match Group xusers - X11Forwarding yes -``` - -Since Ansible 2.4, the role can be invoked using `include_role` keyword, -for example: - -```yaml ---- -- hosts: all - become: true - tasks: - - name: "Configure sshd" - include_role: - name: willshersystems.sshd - vars: - sshd_skip_defaults: true - sshd: - Compression: true - ListenAddress: - - "0.0.0.0" - - "::" - GSSAPIAuthentication: no - Match: - - Condition: "Group user" - GSSAPIAuthentication: yes - sshd_UsePrivilegeSeparation: no - sshd_match: - - Condition: "Group xusers" - X11Forwarding: yes -``` - -Template Generation -------------------- - -The [`sshd_config.j2`](templates/sshd_config.j2) template is programatically -generated by the scripts in meta. New options should be added to the -`options_body` or `options_match`. - -To regenerate the template, from within the meta/ directory run: -`./make_option_list >../templates/sshd_config.j2` - -License -------- - -LGPLv3 - - -Author ------- - -Matt Willsher - -© 2014,2015 Willsher Systems Ltd. diff --git a/roles/sshd/Vagrantfile b/roles/sshd/Vagrantfile deleted file mode 100644 index f6eade3..0000000 --- a/roles/sshd/Vagrantfile +++ /dev/null @@ -1,37 +0,0 @@ - -# vi: set ft=ruby : - -VAGRANTFILE_API_VERSION = "2" - -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - - config.vm.synced_folder ".", "/vagrant", type: "nfs" - - config.vm.define "ubuntu" do |ubuntu| - ubuntu.vm.box = "boxcutter/ubuntu1604" - # ubuntu.vm.provision "shell", inline: <<-SHELL - # sudo add-apt-repository -y ppa:ansible/ansible - # sudo apt-get update -qq - # sudo apt-get -qq install ansible - # SHELL - end - - config.vm.define "centos7" do |centos| - centos.vm.box = "centos/7" - - centos.vm.provision "shell", inline: <<-SHELL - sudo yum install -y libselinux-python - SHELL - end - - config.vm.provision "shell", inline: <<-SHELL - test -e /vagrant/tests/roles/ansible-sshd || ln -s /vagrant /vagrant/tests/roles/ansible-sshd - SHELL - - config.vm.provision "ansible_local" do |ansible| -# ansible.config_file = "tests/ansible.cfg" - ansible.playbook = "tests/test.yml" - ansible.install = true - end - -end diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml deleted file mode 100644 index 704dca3..0000000 --- a/roles/sshd/defaults/main.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -### USER OPTIONS -# Set to false to disable this role completely -sshd_enable: true - -# Don't apply OS defaults when set to true -sshd_skip_defaults: false - -# If the below is false, don't manage the service or reload the SSH -# daemon at all -sshd_manage_service: true - -# If the below is false, don't reload the ssh daemon on change -sshd_allow_reload: true - -# If the below is true, also install service files from the templates pointed -# to by the `sshd_service_template_*` variables -sshd_install_service: false -sshd_service_template_service: sshd.service.j2 -sshd_service_template_at_service: sshd@.service.j2 -sshd_service_template_socket: sshd.socket.j2 - -# If the below is true, create a backup of the config file when the template is copied -sshd_backup: true - -# If the below is true, also install the sysconfig file with the below options -# (useful only on Fedora and RHEL) -sshd_sysconfig: false - -# If the below is true the role will override also crypto policy configuration -sshd_sysconfig_override_crypto_policy: false - -# If the below is set to non-zero value, the OpenSSL random generator is -# reseeded with the given amount of random bytes (from getrandom(2) -# with GRND_RANDOM or /dev/random). Minimum is 14 bytes when enabled. -# This is not recommended to enable if you do not have hardware random number -# generator -sshd_sysconfig_use_strong_rng: 0 - - -# Empty dicts to avoid errors -sshd: {} - -# The path to sshd_config file. This is useful when creating an included -# configuration file snippet or configuring second sshd service -sshd_config_file: /etc/ssh/sshd_config - -### VARS DEFAULTS -### The following are defaults for OS specific configuration in var files in -### this role. They should not be set directly by role users. -sshd_packages: [] -sshd_config_owner: root -sshd_config_group: root -sshd_config_mode: "0600" -sshd_binary: /usr/sbin/sshd -sshd_service: sshd -sshd_sftp_server: /usr/lib/openssh/sftp-server - -# This lists by default all hostkeys as rendered in the generated configuration -# file ("auto"). Before attempting to run sshd (either for verification of -# configuration or restarting), we make sure the keys exist and have correct -# permissions. To disable this check, set sshd_verify_hostkeys to false -sshd_verify_hostkeys: "auto" -sshd_hostkey_owner: root -sshd_hostkey_group: root -sshd_hostkey_mode: "0600" - -### These variables are used by role internals and should not be used. -__sshd_defaults: {} -__sshd_os_supported: no -__sshd_sysconfig_supports_crypto_policy: false -__sshd_sysconfig_supports_use_strong_rng: false diff --git a/roles/sshd/handlers/main.yml b/roles/sshd/handlers/main.yml deleted file mode 100644 index 8c0eb7d..0000000 --- a/roles/sshd/handlers/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- - -- name: Reload the SSH service - service: - name: "{{ sshd_service }}" - state: reloaded - when: - - sshd_allow_reload|bool - - ansible_virtualization_type|default(None) != 'docker' - - ansible_virtualization_type|default(None) != 'VirtualPC' # for Github Actions - - ansible_connection != 'chroot' - - ansible_os_family != 'AIX' - listen: reload_sshd - -# sshd on AIX cannot be 'reloaded', it must be Stopped+Started. -# It's dangerous to do this in two tasks.. you're stopping SSH and then trying to SSH back in to start it. -# Instead, use a dirty shell script: -# https://www.ibm.com/developerworks/community/blogs/brian/entry/scripting_the_stop_and_restart_of_src_controlled_processes_on_aix6 -- name: Reload sshd Service (AIX) - shell: | - stopsrc -s sshd - until $(lssrc -s sshd | grep -q inoperative); do sleep 1; done - startsrc -s sshd - listen: reload_sshd - when: - - sshd_allow_reload|bool - - ansible_os_family == 'AIX' diff --git a/roles/sshd/meta/.galaxy_install_info b/roles/sshd/meta/.galaxy_install_info deleted file mode 100644 index b3bfe48..0000000 --- a/roles/sshd/meta/.galaxy_install_info +++ /dev/null @@ -1,2 +0,0 @@ -install_date: Thu Mar 11 13:56:57 2021 -version: v0.12.0 diff --git a/roles/sshd/meta/10_top.j2 b/roles/sshd/meta/10_top.j2 deleted file mode 100644 index 040437b..0000000 --- a/roles/sshd/meta/10_top.j2 +++ /dev/null @@ -1,35 +0,0 @@ -# {{ ansible_managed }} -{% macro render_option(key,value,indent=false) %} -{% if value is defined %} -{% if indent == true %} {% endif %} -{% if value is sameas true %} -{{ key }} yes -{% elif value is sameas false %} -{{ key }} no -{% elif value is string or value is number %} -{{ key }} {{ value }} -{% else %} -{% for i in value %} -{{ key }} {{ i }} -{% endfor %} -{% endif %} -{% endif %} -{% endmacro %} -{% macro body_option(key,override) %} -{% set value = undefined %} -{% if override is defined %} -{% set value = override %} -{% elif sshd[key] is defined %} -{% set value = sshd[key] %} -{% elif __sshd_defaults[key] is defined and sshd_skip_defaults != true %} -{% set value = __sshd_defaults[key] %} -{% endif %} -{{ render_option(key,value) -}} -{% endmacro %} -{% macro match_block(match_list) %} -{% if match_list["Condition"] is defined %} -{% set match_list = [ match_list ]%} -{% endif %} -{% if match_list is iterable %} -{% for match in match_list %} -Match {{ match["Condition"] }} diff --git a/roles/sshd/meta/20_middle.j2 b/roles/sshd/meta/20_middle.j2 deleted file mode 100644 index a96e46a..0000000 --- a/roles/sshd/meta/20_middle.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% endfor %} -{% endif %} -{% endmacro %} diff --git a/roles/sshd/meta/30_bottom.j2 b/roles/sshd/meta/30_bottom.j2 deleted file mode 100644 index 252ed85..0000000 --- a/roles/sshd/meta/30_bottom.j2 +++ /dev/null @@ -1,33 +0,0 @@ -{% if sshd['Match'] is defined %} -{{ match_block(sshd['Match']) -}} -{% endif %} -{% if sshd_match is defined %} -{{ match_block(sshd_match) -}} -{% endif %} -{% if sshd_match_1 is defined %} -{{ match_block(sshd_match_1) -}} -{% endif %} -{% if sshd_match_2 is defined %} -{{ match_block(sshd_match_2) -}} -{% endif %} -{% if sshd_match_3 is defined %} -{{ match_block(sshd_match_3) -}} -{% endif %} -{% if sshd_match_4 is defined %} -{{ match_block(sshd_match_4) -}} -{% endif %} -{% if sshd_match_5 is defined %} -{{ match_block(sshd_match_5) -}} -{% endif %} -{% if sshd_match_6 is defined %} -{{ match_block(sshd_match_6) -}} -{% endif %} -{% if sshd_match_7 is defined %} -{{ match_block(sshd_match_7) -}} -{% endif %} -{% if sshd_match_8 is defined %} -{{ match_block(sshd_match_8) -}} -{% endif %} -{% if sshd_match_9 is defined %} -{{ match_block(sshd_match_9) -}} -{% endif %} diff --git a/roles/sshd/meta/main.yml b/roles/sshd/meta/main.yml deleted file mode 100644 index 84344b2..0000000 --- a/roles/sshd/meta/main.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -galaxy_info: - author: Matt Willsher - description: OpenSSH SSH daemon configuration - company: Willsher Systems - license: LGPLv3 - min_ansible_version: 2.8 - platforms: - - name: Debian - versions: - - wheezy - - jessie - - stretch - - buster - - name: Ubuntu - versions: - - precise - - trusty - - xenial - - bionic - - focal - - name: FreeBSD - version: - - 10.1 - - name: EL - versions: - - 6 - - 7 - - 8 - - name: Fedora - versions: - - 31 - - 32 - - 33 - - name: OpenBSD - versions: - - 6.0 - - name: AIX - versions: - - 7.1 - - 7.2 - galaxy_tags: - - networking - - system - - ssh - - openssh - - sshd - - server - - ubuntu - - debian - - centos - - redhat - - freebsd - - openbsd - - aix -dependencies: [] diff --git a/roles/sshd/meta/make_option_list b/roles/sshd/meta/make_option_list deleted file mode 100755 index b555093..0000000 --- a/roles/sshd/meta/make_option_list +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -cat 10_top.j2 - -cat options_match | - awk '{ -print "{{ render_option(\""$1"\",match[\""$1"\"],true) -}}" -}' - -cat 20_middle.j2 - -cat options_body | - awk '{ -print "{{ body_option(\""$1"\",sshd_"$1") -}}" -}' - -cat 30_bottom.j2 diff --git a/roles/sshd/meta/options_body b/roles/sshd/meta/options_body deleted file mode 100644 index ea65c0e..0000000 --- a/roles/sshd/meta/options_body +++ /dev/null @@ -1,107 +0,0 @@ -Port -AddressFamily -ListenAddress -Protocol -HostKey -AcceptEnv -AllowAgentForwarding -AllowGroups -AllowStreamLocalForwarding -AllowTcpForwarding -AllowUsers -AuthenticationMethods -AuthorizedKeysCommand -AuthorizedKeysCommandUser -AuthorizedKeysFile -AuthorizedPrincipalsCommand -AuthorizedPrincipalsCommandUser -AuthorizedPrincipalsFile -Banner -CASignatureAlgorithms -ChallengeResponseAuthentication -ChrootDirectory -Ciphers -ClientAliveCountMax -ClientAliveInterval -Compression -DebianBanner -DenyGroups -DenyUsers -DisableForwarding -ExposeAuthInfo -FingerprintHash -ForceCommand -GatewayPorts -GSSAPIAuthentication -GSSAPICleanupCredentials -GSSAPIKeyExchange -GSSAPIKexAlgorithms -GSSAPIStoreCredentialsOnRekey -GSSAPIStrictAcceptorCheck -HPNBufferSize -HPNDisabled -HostCertificate -HostKeyAgent -HostKeyAlgorithms -HostbasedAcceptedKeyTypes -HostbasedAuthentication -HostbasedUsesNameFromPacketOnly -Include -IPQoS -IgnoreRhosts -IgnoreUserKnownHosts -KbdInteractiveAuthentication -KerberosAuthentication -KerberosGetAFSToken -KerberosOrLocalPasswd -KerberosTicketCleanup -KexAlgorithms -KeyRegenerationInterval -LogLevel -LoginGraceTime -MACs -MaxAuthTries -MaxSessions -MaxStartups -NoneEnabled -PasswordAuthentication -PermitEmptyPasswords -PermitListen -PermitOpen -PermitRootLogin -PermitTTY -PermitTunnel -PermitUserEnvironment -PermitUserRC -PidFile -PrintLastLog -PrintMotd -PubkeyAcceptedKeyTypes -PubkeyAuthOptions -PubkeyAuthentication -RSAAuthentication -RekeyLimit -RevokedKeys -RDomain -RhostsRSAAuthentication -SecurityKeyProvider -SetEnv -ServerKeyBits -StreamLocalBindMask -StreamLocalBindUnlink -StrictModes -Subsystem -SyslogFacility -TCPKeepAlive -TcpRcvBufPoll -TrustedUserCAKeys -UseDNS -UseLogin -UsePAM -UsePrivilegeSeparation -VersionAddendum -X11DisplayOffset -X11MaxDisplays -X11Forwarding -X11UseLocalhost -XAuthLocation diff --git a/roles/sshd/meta/options_match b/roles/sshd/meta/options_match deleted file mode 100644 index e3f9dbe..0000000 --- a/roles/sshd/meta/options_match +++ /dev/null @@ -1,55 +0,0 @@ -AcceptEnv -AllowAgentForwarding -AllowGroups -AllowStreamLocalForwarding -AllowTcpForwarding -AllowUsers -AuthenticationMethods -AuthorizedKeysCommand -AuthorizedKeysCommandUser -AuthorizedKeysFile -AuthorizedPrincipalsCommand -AuthorizedPrincipalsCommandUser -AuthorizedPrincipalsFile -Banner -ChrootDirectory -ClientAliveCountMax -ClientAliveInterval -DenyGroups -DenyUsers -ForceCommand -GatewayPorts -GSSAPIAuthentication -HostbasedAcceptedKeyTypes -HostbasedAuthentication -HostbasedUsesNameFromPacketOnly -Include -IPQoS -KbdInteractiveAuthentication -KerberosAuthentication -LogLevel -MaxAuthTries -MaxSessions -PasswordAuthentication -PermitEmptyPasswords -PermitListen -PermitOpen -PermitRootLogin -PermitTTY -PermitTunnel -PermitUserRC -PubkeyAcceptedKeyTypes -PubkeyAuthentication -RDomain -RekeyLimit -RevokedKeys -RhostsRSAAuthentication -RSAAuthentication -SetEnv -StreamLocalBindMask -StreamLocalBindUnlink -TrustedUserCAKeys -X11DisplayOffset -X11MaxDisplays -X11Forwarding -X11UseLocalHost diff --git a/roles/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml deleted file mode 100644 index 2b7f6fd..0000000 --- a/roles/sshd/tasks/install.yml +++ /dev/null @@ -1,160 +0,0 @@ ---- -- name: OS is supported - meta: end_host - when: - - not __sshd_os_supported|bool - -- name: Install ssh packages - package: - name: "{{ sshd_packages }}" - state: present - -- name: Sysconfig configuration - template: - src: sysconfig.j2 - dest: "/etc/sysconfig/sshd" - owner: "root" - group: "root" - mode: "600" - backup: "{{ sshd_backup }}" - when: - - sshd_sysconfig|bool - notify: reload_sshd - -- name: Make sure hostkeys are available and have expected permissions - vars: &share_vars - # This mimics the macro body_option() in sshd_config.j2 - # The explicit to_json filter is needed for Python 2 compatibility - __sshd_hostkeys_from_config: >- - {% if sshd_HostKey is defined %} - {{ sshd_HostKey | to_json }} - {% elif sshd['HostKey'] is defined %} - {{ sshd['HostKey'] | to_json }} - {% elif __sshd_defaults['HostKey'] is defined and not sshd_skip_defaults %} - {{ __sshd_defaults['HostKey'] | to_json }} - {% else %} - [] - {% endif %} - __sshd_verify_hostkeys: >- - {% if not sshd_verify_hostkeys %} - [] - {% elif sshd_verify_hostkeys == 'auto' %} - {{ __sshd_hostkeys_from_config }} - {% else %} - {{ sshd_verify_hostkeys | to_json }} - {% endif %} - block: - - name: Make sure hostkeys are available - shell: > - {% if sshd_sysconfig %} - source /etc/sysconfig/sshd; - {% endif %} - ssh-keygen -q -t {{ item | regex_search('(rsa|dsa|ecdsa|ed25519)') }} -f {{ item }} -C '' -N '' - args: - creates: "{{ item }}" - loop: "{{ __sshd_verify_hostkeys | from_json | list }}" - - - name: Make sure private hostkeys have expected permissions - file: - path: "{{ item }}" - owner: "{{ sshd_hostkey_owner }}" - group: "{{ sshd_hostkey_group }}" - mode: "{{ sshd_hostkey_mode }}" - loop: "{{ __sshd_verify_hostkeys | from_json | list }}" - -- name: Apply configuration - vars: - <<: *share_vars - block: - - name: Create a temporary hostkey for syntax verification if needed - tempfile: - state: directory - register: sshd_test_hostkey - changed_when: False - when: - - __sshd_hostkeys_from_config | from_json == [] - - sshd_config_file != "/etc/ssh/sshd_config" - - - name: Generate temporary hostkey - shell: "ssh-keygen -q -t rsa -f {{ sshd_test_hostkey.path }}/rsa_key -C '' -N ''" - changed_when: False - when: sshd_test_hostkey.path is defined - - - name: Create the configuration file - template: - src: sshd_config.j2 - dest: "{{ sshd_config_file }}" - owner: "{{ sshd_config_owner }}" - group: "{{ sshd_config_group }}" - mode: "{{ sshd_config_mode }}" - validate: >- - {% if sshd_test_hostkey is defined and sshd_test_hostkey.path is defined %} - {{ sshd_binary }} -t -f %s -h {{ sshd_test_hostkey.path }}/rsa_key - {% else %} - {{ sshd_binary }} -t -f %s - {% endif %} - backup: "{{ sshd_backup }}" - notify: reload_sshd - rescue: - - name: re-raise the error - fail: - msg: "{{ ansible_failed_result }}" - always: - - name: Remove temporary host keys - file: - path: "{{ sshd_test_hostkey.path }}" - state: absent - changed_when: False - when: sshd_test_hostkey.path is defined - -- name: Install systemd service files - block: - - name: Install service unit file - template: - src: "{{ sshd_service_template_service }}" - dest: "/etc/systemd/system/{{ sshd_service }}.service" - owner: root - group: root - mode: "0644" - notify: reload_sshd - - name: Install instanced service unit file - template: - src: "{{ sshd_service_template_at_service }}" - dest: "/etc/systemd/system/{{ sshd_service }}@.service" - owner: root - group: root - mode: "0644" - notify: reload_sshd - - name: Install socket unit file - template: - src: "{{ sshd_service_template_socket }}" - dest: "/etc/systemd/system/{{ sshd_service }}.socket" - owner: root - group: root - mode: "0644" - notify: reload_sshd - when: sshd_install_service|bool - -- name: Service enabled and running - service: - name: "{{ sshd_service }}" - enabled: true - state: started - when: - - sshd_manage_service|bool - - ansible_virtualization_type|default(None) != 'docker' - - ansible_virtualization_type|default(None) != 'VirtualPC' # for Github Actions - - ansible_connection != 'chroot' - -# Due to ansible bug 21026, cannot use service module on RHEL 7 -- name: Enable service in chroot - command: systemctl enable {{ sshd_service }} # noqa 303 - when: - - ansible_connection == 'chroot' - - ansible_os_family == 'RedHat' - - ansible_distribution_major_version|int >= 7 - -- name: Register that this role has run - set_fact: - sshd_has_run: true - when: sshd_has_run is not defined diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml deleted file mode 100644 index 54b708e..0000000 --- a/roles/sshd/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -- include_tasks: sshd.yml - when: sshd_enable|bool diff --git a/roles/sshd/tasks/sshd.yml b/roles/sshd/tasks/sshd.yml deleted file mode 100644 index 57cb12b..0000000 --- a/roles/sshd/tasks/sshd.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- include_tasks: variables.yml - -- include_tasks: install.yml diff --git a/roles/sshd/tasks/variables.yml b/roles/sshd/tasks/variables.yml deleted file mode 100644 index 9d9aa1d..0000000 --- a/roles/sshd/tasks/variables.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- name: Set OS dependent variables - include_vars: "{{ lookup('first_found', params) }}" - vars: - ansible_distribution_lts_offset: >- - {{ - ansible_distribution_major_version|int % 2 - if ansible_distribution == "Ubuntu" - else 0 - }} - ansible_distribution_lts_version: >- - {{ - ansible_distribution_major_version|int - - ansible_distribution_lts_offset|int - if ansible_distribution == "Ubuntu" - else ansible_distribution_version - }} - params: - files: - - "{{ ansible_distribution }}_{{ ansible_distribution_lts_version }}.yml" - - "{{ ansible_distribution }}.yml" - - "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml" - - "{{ ansible_os_family }}.yml" - - default.yml - paths: - - "{{ role_path }}/vars" - - "{{ playbook_dir }}/vars" diff --git a/roles/sshd/templates/sshd.service.j2 b/roles/sshd/templates/sshd.service.j2 deleted file mode 100644 index a969ebb..0000000 --- a/roles/sshd/templates/sshd.service.j2 +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=OpenBSD Secure Shell server - -[Service] -ExecStartPre={{ sshd_binary }} -t -ExecStart={{ sshd_binary }} -D -f {{ sshd_config_file }} -ExecReload={{ sshd_binary }} -t -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -RestartPreventExitStatus=255 -Type=notify -RuntimeDirectory={{ sshd_binary | basename }} -RuntimeDirectoryMode=0755 - -[Install] -WantedBy=multi-user.target diff --git a/roles/sshd/templates/sshd.socket.j2 b/roles/sshd/templates/sshd.socket.j2 deleted file mode 100644 index add4731..0000000 --- a/roles/sshd/templates/sshd.socket.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=OpenBSD Secure Shell server socket -Before={{ sshd_service }}.service -Conflicts={{sshd_service }}.service - -[Socket] -ListenStream=22 -Accept=yes - -[Install] -WantedBy=sockets.target diff --git a/roles/sshd/templates/sshd@.service.j2 b/roles/sshd/templates/sshd@.service.j2 deleted file mode 100644 index d76fdde..0000000 --- a/roles/sshd/templates/sshd@.service.j2 +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=OpenBSD Secure Shell server per-connection daemon -After=auditd.service - -[Service] -ExecStart=-{{ sshd_binary }} -i -f {{ sshd_config_file }} -StandardInput=socket -RuntimeDirectory={{ sshd_binary }} -RuntimeDirectoryMode=0755 diff --git a/roles/sshd/templates/sshd_config.j2 b/roles/sshd/templates/sshd_config.j2 deleted file mode 100644 index 6f61832..0000000 --- a/roles/sshd/templates/sshd_config.j2 +++ /dev/null @@ -1,242 +0,0 @@ -# {{ ansible_managed }} -{% macro render_option(key,value,indent=false) %} -{% if value is defined %} -{% if indent == true %} {% endif %} -{% if value is sameas true %} -{{ key }} yes -{% elif value is sameas false %} -{{ key }} no -{% elif value is string or value is number %} -{{ key }} {{ value }} -{% else %} -{% for i in value %} -{{ key }} {{ i }} -{% endfor %} -{% endif %} -{% endif %} -{% endmacro %} -{% macro body_option(key,override) %} -{% set value = undefined %} -{% if override is defined %} -{% set value = override %} -{% elif sshd[key] is defined %} -{% set value = sshd[key] %} -{% elif __sshd_defaults[key] is defined and sshd_skip_defaults != true %} -{% set value = __sshd_defaults[key] %} -{% endif %} -{{ render_option(key,value) -}} -{% endmacro %} -{% macro match_block(match_list) %} -{% if match_list["Condition"] is defined %} -{% set match_list = [ match_list ]%} -{% endif %} -{% if match_list is iterable %} -{% for match in match_list %} -Match {{ match["Condition"] }} -{{ render_option("AcceptEnv",match["AcceptEnv"],true) -}} -{{ render_option("AllowAgentForwarding",match["AllowAgentForwarding"],true) -}} -{{ render_option("AllowGroups",match["AllowGroups"],true) -}} -{{ render_option("AllowStreamLocalForwarding",match["AllowStreamLocalForwarding"],true) -}} -{{ render_option("AllowTcpForwarding",match["AllowTcpForwarding"],true) -}} -{{ render_option("AllowUsers",match["AllowUsers"],true) -}} -{{ render_option("AuthenticationMethods",match["AuthenticationMethods"],true) -}} -{{ render_option("AuthorizedKeysCommand",match["AuthorizedKeysCommand"],true) -}} -{{ render_option("AuthorizedKeysCommandUser",match["AuthorizedKeysCommandUser"],true) -}} -{{ render_option("AuthorizedKeysFile",match["AuthorizedKeysFile"],true) -}} -{{ render_option("AuthorizedPrincipalsCommand",match["AuthorizedPrincipalsCommand"],true) -}} -{{ render_option("AuthorizedPrincipalsCommandUser",match["AuthorizedPrincipalsCommandUser"],true) -}} -{{ render_option("AuthorizedPrincipalsFile",match["AuthorizedPrincipalsFile"],true) -}} -{{ render_option("Banner",match["Banner"],true) -}} -{{ render_option("ChrootDirectory",match["ChrootDirectory"],true) -}} -{{ render_option("ClientAliveCountMax",match["ClientAliveCountMax"],true) -}} -{{ render_option("ClientAliveInterval",match["ClientAliveInterval"],true) -}} -{{ render_option("DenyGroups",match["DenyGroups"],true) -}} -{{ render_option("DenyUsers",match["DenyUsers"],true) -}} -{{ render_option("ForceCommand",match["ForceCommand"],true) -}} -{{ render_option("GatewayPorts",match["GatewayPorts"],true) -}} -{{ render_option("GSSAPIAuthentication",match["GSSAPIAuthentication"],true) -}} -{{ render_option("HostbasedAcceptedKeyTypes",match["HostbasedAcceptedKeyTypes"],true) -}} -{{ render_option("HostbasedAuthentication",match["HostbasedAuthentication"],true) -}} -{{ render_option("HostbasedUsesNameFromPacketOnly",match["HostbasedUsesNameFromPacketOnly"],true) -}} -{{ render_option("Include",match["Include"],true) -}} -{{ render_option("IPQoS",match["IPQoS"],true) -}} -{{ render_option("KbdInteractiveAuthentication",match["KbdInteractiveAuthentication"],true) -}} -{{ render_option("KerberosAuthentication",match["KerberosAuthentication"],true) -}} -{{ render_option("LogLevel",match["LogLevel"],true) -}} -{{ render_option("MaxAuthTries",match["MaxAuthTries"],true) -}} -{{ render_option("MaxSessions",match["MaxSessions"],true) -}} -{{ render_option("PasswordAuthentication",match["PasswordAuthentication"],true) -}} -{{ render_option("PermitEmptyPasswords",match["PermitEmptyPasswords"],true) -}} -{{ render_option("PermitListen",match["PermitListen"],true) -}} -{{ render_option("PermitOpen",match["PermitOpen"],true) -}} -{{ render_option("PermitRootLogin",match["PermitRootLogin"],true) -}} -{{ render_option("PermitTTY",match["PermitTTY"],true) -}} -{{ render_option("PermitTunnel",match["PermitTunnel"],true) -}} -{{ render_option("PermitUserRC",match["PermitUserRC"],true) -}} -{{ render_option("PubkeyAcceptedKeyTypes",match["PubkeyAcceptedKeyTypes"],true) -}} -{{ render_option("PubkeyAuthentication",match["PubkeyAuthentication"],true) -}} -{{ render_option("RDomain",match["RDomain"],true) -}} -{{ render_option("RekeyLimit",match["RekeyLimit"],true) -}} -{{ render_option("RevokedKeys",match["RevokedKeys"],true) -}} -{{ render_option("RhostsRSAAuthentication",match["RhostsRSAAuthentication"],true) -}} -{{ render_option("RSAAuthentication",match["RSAAuthentication"],true) -}} -{{ render_option("SetEnv",match["SetEnv"],true) -}} -{{ render_option("StreamLocalBindMask",match["StreamLocalBindMask"],true) -}} -{{ render_option("StreamLocalBindUnlink",match["StreamLocalBindUnlink"],true) -}} -{{ render_option("TrustedUserCAKeys",match["TrustedUserCAKeys"],true) -}} -{{ render_option("X11DisplayOffset",match["X11DisplayOffset"],true) -}} -{{ render_option("X11MaxDisplays",match["X11MaxDisplays"],true) -}} -{{ render_option("X11Forwarding",match["X11Forwarding"],true) -}} -{{ render_option("X11UseLocalHost",match["X11UseLocalHost"],true) -}} -{% endfor %} -{% endif %} -{% endmacro %} -{% macro match_iterate_block(match_list) %} -{% if match_list | type_debug == "list" %} -{% for match in match_list %} -{{ match_block(match) -}} -{% endfor %} -{% else %} -{{ match_block(match_list) -}} -{% endif %} -{% endmacro %} -{{ body_option("Port",sshd_Port) -}} -{{ body_option("AddressFamily",sshd_AddressFamily) -}} -{{ body_option("ListenAddress",sshd_ListenAddress) -}} -{{ body_option("Protocol",sshd_Protocol) -}} -{{ body_option("HostKey",sshd_HostKey) -}} -{{ body_option("AcceptEnv",sshd_AcceptEnv) -}} -{{ body_option("AllowAgentForwarding",sshd_AllowAgentForwarding) -}} -{{ body_option("AllowGroups",sshd_AllowGroups) -}} -{{ body_option("AllowStreamLocalForwarding",sshd_AllowStreamLocalForwarding) -}} -{{ body_option("AllowTcpForwarding",sshd_AllowTcpForwarding) -}} -{{ body_option("AllowUsers",sshd_AllowUsers) -}} -{{ body_option("AuthenticationMethods",sshd_AuthenticationMethods) -}} -{{ body_option("AuthorizedKeysCommand",sshd_AuthorizedKeysCommand) -}} -{{ body_option("AuthorizedKeysCommandUser",sshd_AuthorizedKeysCommandUser) -}} -{{ body_option("AuthorizedKeysFile",sshd_AuthorizedKeysFile) -}} -{{ body_option("AuthorizedPrincipalsCommand",sshd_AuthorizedPrincipalsCommand) -}} -{{ body_option("AuthorizedPrincipalsCommandUser",sshd_AuthorizedPrincipalsCommandUser) -}} -{{ body_option("AuthorizedPrincipalsFile",sshd_AuthorizedPrincipalsFile) -}} -{{ body_option("Banner",sshd_Banner) -}} -{{ body_option("CASignatureAlgorithms",sshd_CASignatureAlgorithms) -}} -{{ body_option("ChallengeResponseAuthentication",sshd_ChallengeResponseAuthentication) -}} -{{ body_option("ChrootDirectory",sshd_ChrootDirectory) -}} -{{ body_option("Ciphers",sshd_Ciphers) -}} -{{ body_option("ClientAliveCountMax",sshd_ClientAliveCountMax) -}} -{{ body_option("ClientAliveInterval",sshd_ClientAliveInterval) -}} -{{ body_option("Compression",sshd_Compression) -}} -{{ body_option("DebianBanner",sshd_DebianBanner) -}} -{{ body_option("DenyGroups",sshd_DenyGroups) -}} -{{ body_option("DenyUsers",sshd_DenyUsers) -}} -{{ body_option("DisableForwarding",sshd_DisableForwarding) -}} -{{ body_option("ExposeAuthInfo",sshd_ExposeAuthInfo) -}} -{{ body_option("FingerprintHash",sshd_FingerprintHash) -}} -{{ body_option("ForceCommand",sshd_ForceCommand) -}} -{{ body_option("GatewayPorts",sshd_GatewayPorts) -}} -{{ body_option("GSSAPIAuthentication",sshd_GSSAPIAuthentication) -}} -{{ body_option("GSSAPICleanupCredentials",sshd_GSSAPICleanupCredentials) -}} -{{ body_option("GSSAPIKeyExchange",sshd_GSSAPIKeyExchange) -}} -{{ body_option("GSSAPIKexAlgorithms",sshd_GSSAPIKexAlgorithms) -}} -{{ body_option("GSSAPIStoreCredentialsOnRekey",sshd_GSSAPIStoreCredentialsOnRekey) -}} -{{ body_option("GSSAPIStrictAcceptorCheck",sshd_GSSAPIStrictAcceptorCheck) -}} -{{ body_option("HPNBufferSize",sshd_HPNBufferSize) -}} -{{ body_option("HPNDisabled",sshd_HPNDisabled) -}} -{{ body_option("HostCertificate",sshd_HostCertificate) -}} -{{ body_option("HostKeyAgent",sshd_HostKeyAgent) -}} -{{ body_option("HostKeyAlgorithms",sshd_HostKeyAlgorithms) -}} -{{ body_option("HostbasedAcceptedKeyTypes",sshd_HostbasedAcceptedKeyTypes) -}} -{{ body_option("HostbasedAuthentication",sshd_HostbasedAuthentication) -}} -{{ body_option("HostbasedUsesNameFromPacketOnly",sshd_HostbasedUsesNameFromPacketOnly) -}} -{{ body_option("Include",sshd_Include) -}} -{{ body_option("IPQoS",sshd_IPQoS) -}} -{{ body_option("IgnoreRhosts",sshd_IgnoreRhosts) -}} -{{ body_option("IgnoreUserKnownHosts",sshd_IgnoreUserKnownHosts) -}} -{{ body_option("KbdInteractiveAuthentication",sshd_KbdInteractiveAuthentication) -}} -{{ body_option("KerberosAuthentication",sshd_KerberosAuthentication) -}} -{{ body_option("KerberosGetAFSToken",sshd_KerberosGetAFSToken) -}} -{{ body_option("KerberosOrLocalPasswd",sshd_KerberosOrLocalPasswd) -}} -{{ body_option("KerberosTicketCleanup",sshd_KerberosTicketCleanup) -}} -{{ body_option("KexAlgorithms",sshd_KexAlgorithms) -}} -{{ body_option("KeyRegenerationInterval",sshd_KeyRegenerationInterval) -}} -{{ body_option("LogLevel",sshd_LogLevel) -}} -{{ body_option("LoginGraceTime",sshd_LoginGraceTime) -}} -{{ body_option("MACs",sshd_MACs) -}} -{{ body_option("MaxAuthTries",sshd_MaxAuthTries) -}} -{{ body_option("MaxSessions",sshd_MaxSessions) -}} -{{ body_option("MaxStartups",sshd_MaxStartups) -}} -{{ body_option("NoneEnabled",sshd_NoneEnabled) -}} -{{ body_option("PasswordAuthentication",sshd_PasswordAuthentication) -}} -{{ body_option("PermitEmptyPasswords",sshd_PermitEmptyPasswords) -}} -{{ body_option("PermitListen",sshd_PermitListen) -}} -{{ body_option("PermitOpen",sshd_PermitOpen) -}} -{{ body_option("PermitRootLogin",sshd_PermitRootLogin) -}} -{{ body_option("PermitTTY",sshd_PermitTTY) -}} -{{ body_option("PermitTunnel",sshd_PermitTunnel) -}} -{{ body_option("PermitUserEnvironment",sshd_PermitUserEnvironment) -}} -{{ body_option("PermitUserRC",sshd_PermitUserRC) -}} -{{ body_option("PidFile",sshd_PidFile) -}} -{{ body_option("PrintLastLog",sshd_PrintLastLog) -}} -{{ body_option("PrintMotd",sshd_PrintMotd) -}} -{{ body_option("PubkeyAcceptedKeyTypes",sshd_PubkeyAcceptedKeyTypes) -}} -{{ body_option("PubkeyAuthOptions",sshd_PubkeyAuthOptions) -}} -{{ body_option("PubkeyAuthentication",sshd_PubkeyAuthentication) -}} -{{ body_option("RSAAuthentication",sshd_RSAAuthentication) -}} -{{ body_option("RekeyLimit",sshd_RekeyLimit) -}} -{{ body_option("RevokedKeys",sshd_RevokedKeys) -}} -{{ body_option("RDomain",sshd_RDomain) -}} -{{ body_option("RhostsRSAAuthentication",sshd_RhostsRSAAuthentication) -}} -{{ body_option("SecurityKeyProvider",sshd_SecurityKeyProvider) -}} -{{ body_option("SetEnv",sshd_SetEnv) -}} -{{ body_option("ServerKeyBits",sshd_ServerKeyBits) -}} -{{ body_option("StreamLocalBindMask",sshd_StreamLocalBindMask) -}} -{{ body_option("StreamLocalBindUnlink",sshd_StreamLocalBindUnlink) -}} -{{ body_option("StrictModes",sshd_StrictModes) -}} -{{ body_option("Subsystem",sshd_Subsystem) -}} -{{ body_option("SyslogFacility",sshd_SyslogFacility) -}} -{{ body_option("TCPKeepAlive",sshd_TCPKeepAlive) -}} -{{ body_option("TcpRcvBufPoll",sshd_TcpRcvBufPoll) -}} -{{ body_option("TrustedUserCAKeys",sshd_TrustedUserCAKeys) -}} -{{ body_option("UseDNS",sshd_UseDNS) -}} -{{ body_option("UseLogin",sshd_UseLogin) -}} -{{ body_option("UsePAM",sshd_UsePAM) -}} -{{ body_option("UsePrivilegeSeparation",sshd_UsePrivilegeSeparation) -}} -{{ body_option("VersionAddendum",sshd_VersionAddendum) -}} -{{ body_option("X11DisplayOffset",sshd_X11DisplayOffset) -}} -{{ body_option("X11MaxDisplays",sshd_X11MaxDisplays) -}} -{{ body_option("X11Forwarding",sshd_X11Forwarding) -}} -{{ body_option("X11UseLocalhost",sshd_X11UseLocalhost) -}} -{{ body_option("XAuthLocation",sshd_XAuthLocation) -}} -{% if sshd['Match'] is defined %} -{{ match_iterate_block(sshd['Match']) -}} -{% endif %} -{% if sshd_match is defined %} -{{ match_iterate_block(sshd_match) -}} -{% endif %} -{% if sshd_match_1 is defined %} -{{ match_block(sshd_match_1) -}} -{% endif %} -{% if sshd_match_2 is defined %} -{{ match_block(sshd_match_2) -}} -{% endif %} -{% if sshd_match_3 is defined %} -{{ match_block(sshd_match_3) -}} -{% endif %} -{% if sshd_match_4 is defined %} -{{ match_block(sshd_match_4) -}} -{% endif %} -{% if sshd_match_5 is defined %} -{{ match_block(sshd_match_5) -}} -{% endif %} -{% if sshd_match_6 is defined %} -{{ match_block(sshd_match_6) -}} -{% endif %} -{% if sshd_match_7 is defined %} -{{ match_block(sshd_match_7) -}} -{% endif %} -{% if sshd_match_8 is defined %} -{{ match_block(sshd_match_8) -}} -{% endif %} -{% if sshd_match_9 is defined %} -{{ match_block(sshd_match_9) -}} -{% endif %} diff --git a/roles/sshd/templates/sysconfig.j2 b/roles/sshd/templates/sysconfig.j2 deleted file mode 100644 index 045d61c..0000000 --- a/roles/sshd/templates/sysconfig.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# {{ ansible_managed }} -{% if __sshd_sysconfig_supports_crypto_policy %} -{% if sshd_sysconfig_override_crypto_policy == true %} -CRYPTO_POLICY= -{% endif %} -{% endif %} - -{% if __sshd_sysconfig_supports_use_strong_rng %} -SSH_USE_STRONG_RNG={{ sshd_sysconfig_use_strong_rng }} -{% endif %} diff --git a/roles/sshd/tests/inventory b/roles/sshd/tests/inventory deleted file mode 100644 index 2fbb50c..0000000 --- a/roles/sshd/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/roles/sshd/tests/roles/.gitkeep b/roles/sshd/tests/roles/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/roles/sshd/tests/roles/ansible-sshd b/roles/sshd/tests/roles/ansible-sshd deleted file mode 120000 index 6581736..0000000 --- a/roles/sshd/tests/roles/ansible-sshd +++ /dev/null @@ -1 +0,0 @@ -../../ \ No newline at end of file diff --git a/roles/sshd/tests/tests_alternative_file.yml b/roles/sshd/tests/tests_alternative_file.yml deleted file mode 100644 index 0272fce..0000000 --- a/roles/sshd/tests/tests_alternative_file.yml +++ /dev/null @@ -1,92 +0,0 @@ ---- -- hosts: all - tasks: - - name: Configure alternative sshd_config file - include_role: - name: ansible-sshd - vars: - # just anything -- will not get processed by sshd - sshd_config_file: /etc/ssh/sshd_config_custom - sshd_skip_defaults: true - sshd: - AcceptEnv: LANG - Banner: /etc/issue - Ciphers: aes256-gcm@openssh.com - sshd_Compression: no - - name: Configure second alternative sshd_config file - include_role: - name: ansible-sshd - vars: - # just anything -- will not get processed by sshd - sshd_config_file: /etc/ssh/sshd_config_custom_second - sshd_skip_defaults: true - sshd: - Banner: /etc/issue2 - Ciphers: aes128-gcm@openssh.com - sshd_MaxStartups: 100 - - name: Now configure the main sshd_config file - include_role: - name: ansible-sshd - vars: - sshd: - Banner: /etc/issue - Ciphers: aes128-ctr - HostKey: - - /tmp/ssh_host_ecdsa_key - sshd_PasswordAuthentication: no - - - name: Verify the options are correctly set - vars: - main_sshd_config: >- - {{ - "/etc/ssh/sshd_config.d/00-ansible_system_role.conf" - if ansible_facts['distribution'] == 'Fedora' - else "/etc/ssh/sshd_config" - }} - block: - - meta: flush_handlers - - - name: Print current configuration file - slurp: - src: /etc/ssh/sshd_config_custom - register: config - - - name: Print second configuration file - slurp: - src: /etc/ssh/sshd_config_custom_second - register: config2 - - - name: Print the main configuration file - slurp: - src: "{{ main_sshd_config }}" - register: config3 - - - name: Check content of first configuration file - assert: - that: - - "'AcceptEnv LANG' in config.content | b64decode" - - "'Banner /etc/issue' in config.content | b64decode" - - "'Ciphers aes256-gcm@openssh.com' in config.content | b64decode" - - "'HostKey' not in config.content | b64decode" - - "'Compression no' in config.content | b64decode" - - "'MaxStartups 100' not in config.content | b64decode" - - - name: Check content of second configuration file - assert: - that: - - "'Banner /etc/issue2' in config2.content | b64decode" - - "'Ciphers aes128-gcm@openssh.com' in config2.content | b64decode" - - "'HostKey' not in config2.content | b64decode" - - "'MaxStartups 100' in config2.content | b64decode" - - "'Compression no' not in config2.content | b64decode" - - - name: Check content of the main configuration file - assert: - that: - - "'Banner /etc/issue' in config3.content | b64decode" - - "'Ciphers aes128-ctr' in config3.content | b64decode" - - "'HostKey /tmp/ssh_host_ecdsa_key' in config3.content | b64decode" - - "'PasswordAuthentication no' in config3.content | b64decode" - - "'MaxStartups 100' not in config3.content | b64decode" - - "'Compression no' not in config3.content | b64decode" - tags: tests::verify diff --git a/roles/sshd/tests/tests_default.yml b/roles/sshd/tests/tests_default.yml deleted file mode 100644 index dfb0f89..0000000 --- a/roles/sshd/tests/tests_default.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: all - roles: - - ansible-sshd diff --git a/roles/sshd/tests/tests_default_include.yml b/roles/sshd/tests/tests_default_include.yml deleted file mode 100644 index d3d98d7..0000000 --- a/roles/sshd/tests/tests_default_include.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: all - tasks: - - name: "Configure sshd" - include_role: - name: ansible-sshd diff --git a/roles/sshd/tests/tests_hostkeys.yml b/roles/sshd/tests/tests_hostkeys.yml deleted file mode 100644 index 2e73538..0000000 --- a/roles/sshd/tests/tests_hostkeys.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -- hosts: all - tasks: - - name: Remove host key before the test - file: - path: /tmp/ssh_host_ed25519_key - state: absent - - - name: Ensure group 'nobody' exists - group: - name: nobody - - - name: Ensure the user 'nobody' exists - user: - name: nobody - group: nobody - comment: nobody - create_home: no - shell: /sbin/nologin - - - name: Configure sshd with alternative host keys - include_role: - name: ansible-sshd - vars: - # very BAD example - sshd_hostkey_owner: "nobody" - sshd_hostkey_group: "nobody" - sshd_hostkey_mode: "0664" - sshd: - HostKey: - - /tmp/ssh_host_ed25519_key - - - name: Verify the options are correctly set - vars: - main_sshd_config: >- - {{ - "/etc/ssh/sshd_config.d/00-ansible_system_role.conf" - if ansible_facts['distribution'] == 'Fedora' - else "/etc/ssh/sshd_config" - }} - block: - - meta: flush_handlers - - - name: Print current configuration file - slurp: - src: "{{ main_sshd_config }}" - register: config - - - stat: - path: /tmp/ssh_host_ed25519_key - register: privkey - - - stat: - path: /tmp/ssh_host_ed25519_key.pub - register: pubkey - - - name: Check the options are in configuration file - assert: - that: - - "'HostKey /tmp/ssh_host_ed25519_key' in config.content | b64decode" - - - name: Check the generated host key has requested properties - assert: - that: - - privkey.stat.exists - - privkey.stat.gr_name == 'nobody' - - privkey.stat.pw_name == 'nobody' - - privkey.stat.mode == '0664' - - pubkey.stat.exists - tags: tests::verify diff --git a/roles/sshd/tests/tests_hostkeys_missing.yml b/roles/sshd/tests/tests_hostkeys_missing.yml deleted file mode 100644 index 513ee19..0000000 --- a/roles/sshd/tests/tests_hostkeys_missing.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- hosts: all - tasks: - - name: Configure sshd with missing host keys and prevent their creation - block: - - name: Configure missing hostkey - include_role: - name: ansible-sshd - vars: - sshd_verify_hostkeys: [] - sshd: - HostKey: - - /tmp/missing_ssh_host_rsa_key - register: role_result - - - name: unreachable task - fail: - msg: UNREACH - - rescue: - - name: Check that we failed in the role - assert: - that: - - ansible_failed_result.msg != 'UNREACH' - - not role_result.changed - msg: "Role has not failed when it should have" - - - name: Make sure service is still running - service: - name: sshd - state: started - register: result - failed_when: result.changed diff --git a/roles/sshd/tests/tests_match.yml b/roles/sshd/tests/tests_match.yml deleted file mode 100644 index 829e628..0000000 --- a/roles/sshd/tests/tests_match.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -- hosts: all - tasks: - - name: Configure sshd - include_role: - name: ansible-sshd - vars: - # For Fedora containers, we need to make sure we have keys for sshd -T below - sshd_verify_hostkeys: - - /etc/ssh/ssh_host_rsa_key - sshd: - Match: - - Condition: "User xusers" - X11Forwarding: yes - Banner: /tmp/xusers-banner - sshd_match: - - Condition: "User bot" - AllowTcpForwarding: no - Banner: /tmp/bot-banner - sshd_match_1: - - Condition: "User sftponly" - ForceCommand: "internal-sftp" - ChrootDirectory: "/var/uploads/" - sshd_match_2: - - Condition: "User root" - PasswordAuthentication: no - PermitTunnel: yes - - - name: Verify the options are correctly set - vars: - main_sshd_config: >- - {{ - "/etc/ssh/sshd_config.d/00-ansible_system_role.conf" - if ansible_facts['distribution'] == 'Fedora' - else "/etc/ssh/sshd_config" - }} - block: - - meta: flush_handlers - - - name: List effective configuration using sshd -T for xusers - command: sshd -T -C user=xusers,addr=127.0.0.1,host=example.com - register: xusers_effective - - - name: List effective configuration using sshd -T for bot - command: sshd -T -C user=bot,addr=127.0.0.1,host=example.com - register: bot_effective - - - name: List effective configuration using sshd -T for sftponly - command: sshd -T -C user=sftponly,addr=127.0.0.1,host=example.com - register: sftponly_effective - - - name: List effective configuration using sshd -T for root - command: sshd -T -C user=root,addr=127.0.0.1,host=example.com - register: root_effective - - - name: Print current configuration file - slurp: - src: "{{ main_sshd_config }}" - register: config - - - name: Check the options are effective - # note, the options are in lower-case here - assert: - that: - - "'x11forwarding yes' in xusers_effective.stdout" - - "'banner /tmp/xusers-banner' in xusers_effective.stdout" - - "'allowtcpforwarding no' in bot_effective.stdout" - - "'banner /tmp/bot-banner' in bot_effective.stdout" - - "'forcecommand internal-sftp' in sftponly_effective.stdout" - - "'chrootdirectory /var/uploads/' in sftponly_effective.stdout" - - "'passwordauthentication no' in root_effective.stdout" - - "'permittunnel yes' in root_effective.stdout" - - - name: Check the options are in configuration file - assert: - that: - - "'Match User xusers' in config.content | b64decode" - - "'Match User bot' in config.content | b64decode" - - "'Match User sftponly' in config.content | b64decode" - - "'Match User root' in config.content | b64decode" - tags: tests::verify diff --git a/roles/sshd/tests/tests_match_iterate.yml b/roles/sshd/tests/tests_match_iterate.yml deleted file mode 100644 index 7c23564..0000000 --- a/roles/sshd/tests/tests_match_iterate.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- hosts: all - tasks: - - name: Configure sshd - include_role: - name: ansible-sshd - vars: - # For Fedora containers, we need to make sure we have keys for sshd -T below - sshd_verify_hostkeys: - - /etc/ssh/ssh_host_rsa_key - sshd: - Match: - - Condition: "User xusers" - X11Forwarding: yes - Banner: /tmp/xusers-banner - - Condition: "User bot" - AllowTcpForwarding: no - Banner: /tmp/bot-banner - sshd_match: - - Condition: "User sftponly" - ForceCommand: "internal-sftp" - ChrootDirectory: "/var/uploads/" - - Condition: "User root" - PasswordAuthentication: no - PermitTunnel: yes - - - name: Verify the options are correctly set - vars: - main_sshd_config: >- - {{ - "/etc/ssh/sshd_config.d/00-ansible_system_role.conf" - if ansible_facts['distribution'] == 'Fedora' - else "/etc/ssh/sshd_config" - }} - block: - - meta: flush_handlers - - - name: List effective configuration using sshd -T for xusers - command: sshd -T -C user=xusers,addr=127.0.0.1,host=example.com - register: xusers_effective - - - name: List effective configuration using sshd -T for bot - command: sshd -T -C user=bot,addr=127.0.0.1,host=example.com - register: bot_effective - - - name: List effective configuration using sshd -T for sftponly - command: sshd -T -C user=sftponly,addr=127.0.0.1,host=example.com - register: sftponly_effective - - - name: List effective configuration using sshd -T for root - command: sshd -T -C user=root,addr=127.0.0.1,host=example.com - register: root_effective - - - name: Print current configuration file - slurp: - src: "{{ main_sshd_config }}" - register: config - - - name: Check the options are effective - # note, the options are in lower-case here - assert: - that: - - "'x11forwarding yes' in xusers_effective.stdout" - - "'banner /tmp/xusers-banner' in xusers_effective.stdout" - - "'allowtcpforwarding no' in bot_effective.stdout" - - "'banner /tmp/bot-banner' in bot_effective.stdout" - - "'forcecommand internal-sftp' in sftponly_effective.stdout" - - "'chrootdirectory /var/uploads/' in sftponly_effective.stdout" - - "'passwordauthentication no' in root_effective.stdout" - - "'permittunnel yes' in root_effective.stdout" - - - name: Check the options are in configuration file - assert: - that: - - "'Match User xusers' in config.content | b64decode" - - "'Match User bot' in config.content | b64decode" - - "'Match User sftponly' in config.content | b64decode" - - "'Match User root' in config.content | b64decode" - tags: tests::verify diff --git a/roles/sshd/tests/tests_set_common.yml b/roles/sshd/tests/tests_set_common.yml deleted file mode 100644 index 845bf76..0000000 --- a/roles/sshd/tests/tests_set_common.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- hosts: all - tasks: - - name: Configure sshd - include_role: - name: ansible-sshd - vars: - sshd: - AcceptEnv: LANG - Banner: /etc/issue - Ciphers: aes256-gcm@openssh.com - Subsystem: "sftp internal-sftp" - sshd_config_file: /etc/ssh/sshd_config - - - name: Verify the options are correctly set - block: - - meta: flush_handlers - - - name: List effective configuration using sshd -T - command: sshd -T - register: runtime - - - name: Print current configuration file - slurp: - src: /etc/ssh/sshd_config - register: config - - - name: Check the options are effective - # note, the options are in lower-case here - assert: - that: - - "'acceptenv LANG' in runtime.stdout" - - "'banner /etc/issue' in runtime.stdout" - - "'ciphers aes256-gcm@openssh.com' in runtime.stdout" - - "'subsystem sftp internal-sftp' in runtime.stdout" - - - name: Check the options are in configuration file - assert: - that: - - "'AcceptEnv LANG' in config.content | b64decode" - - "'Banner /etc/issue' in config.content | b64decode" - - "'Ciphers aes256-gcm@openssh.com' in config.content | b64decode" - - "'Subsystem sftp internal-sftp' in config.content | b64decode" - tags: tests::verify diff --git a/roles/sshd/tests/tests_set_uncommon.yml b/roles/sshd/tests/tests_set_uncommon.yml deleted file mode 100644 index 13586f5..0000000 --- a/roles/sshd/tests/tests_set_uncommon.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- hosts: all - tasks: - - name: Configure sshd with uncommon options, making sure it keeps running - block: - - name: Configure ssh with unsupported options - include_role: - name: ansible-sshd - vars: - sshd: - # Unsupported in new versions, but ignored ? - Protocol: 1 - UsePrivilegeSeparation: no - UseLogin: yes - # Debian only - DebianBanner: /etc/motd - # Used in FreeBSD ? - VersionAddendum: FreeBSD-20180909 - # HPN only - HPNDisabled: yes - HPNBufferSize: 2MB - TcpRcvBufPoll: yes - NoneEnabled: yes - # some builds might be without kerberos/GSSAPI - KerberosAuthentication: yes - GSSAPIStoreCredentialsOnRekey: yes - # SSHv1 options - KeyRegenerationInterval: 1h - ServerKeyBits: 1024 - # This one is pretty new, but works on OpenBSD only - RDomain: 2 - register: role_result - - - name: unreachable task - fail: - msg: UNREACH - rescue: - - name: Check that we failed in the role - assert: - that: - - ansible_failed_result.msg != 'UNREACH' - - not role_result.changed - msg: "Role has not failed when it should have" - - - name: Make sure service is still running - service: - name: sshd - state: started - register: result - failed_when: result.changed diff --git a/roles/sshd/tests/tests_sysconfig.yml b/roles/sshd/tests/tests_sysconfig.yml deleted file mode 100644 index 872958d..0000000 --- a/roles/sshd/tests/tests_sysconfig.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- hosts: all - tasks: - - name: Configure sshd - include_role: - name: ansible-sshd - vars: - sshd_sysconfig: true - sshd_sysconfig_override_crypto_policy: true - sshd_sysconfig_use_strong_rng: 32 - - - name: Verify the options are correctly set - block: - - meta: flush_handlers - - - name: Print current configuration file - slurp: - src: /etc/sysconfig/sshd - register: config - - - name: Check the crypto policies is overridden in RHEL 8 - assert: - that: - - "'CRYPTO_POLICY=' in config.content | b64decode" - # these are string variants in default configuration file - - "'# CRYPTO_POLICY=' not in config.content | b64decode" - when: - - ansible_facts['os_family'] == "RedHat" - - ansible_facts['distribution_major_version'] == "8" - - - name: Check the RNG options are in configuration file - assert: - that: - - "'SSH_USE_STRONG_RNG=32' in config.content | b64decode" - # these are string variants in default configuration file - - "'SSH_USE_STRONG_RNG=0' not in config.content | b64decode" - - "'# SSH_USE_STRONG_RNG=1' not in config.content | b64decode" - when: - - ansible_facts['os_family'] == "RedHat" - - ansible_facts['distribution'] != 'Fedora' - tags: tests::verify diff --git a/roles/sshd/vars/AIX.yml b/roles/sshd/vars/AIX.yml deleted file mode 100644 index 0e9fb64..0000000 --- a/roles/sshd/vars/AIX.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -sshd_config_mode: '0644' -# sshd is not installed by yum / AIX toolbox for Linux. -# You'll need to manually install them using AIX Web Download Packs. -sshd_packages: [] -sshd_sftp_server: /usr/sbin/sftp-server -sshd_config_group: system -__sshd_defaults: - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes - -sshd_install_service: no -sshd_manage_service: no -sshd_allow_reload: yes diff --git a/roles/sshd/vars/Amazon.yml b/roles/sshd/vars/Amazon.yml deleted file mode 100644 index c010292..0000000 --- a/roles/sshd/vars/Amazon.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -sshd_config_mode: '0644' -sshd_packages: - - openssh - - openssh-server -sshd_sftp_server: /usr/libexec/openssh/sftp-server -__sshd_defaults: - SyslogFacility: AUTHPRIV - PermitRootLogin: forced-commands-only - AuthorizedKeysFile: .ssh/authorized_keys - PasswordAuthentication: no - ChallengeResponseAuthentication: no - UsePAM: yes - X11Forwarding: yes - PrintLastLog: yes - UsePrivilegeSeparation: sandbox - AcceptEnv: - - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - - LC_IDENTIFICATION LC_ALL LANGUAGE - - XMODIFIERS - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Arch Linux.yml b/roles/sshd/vars/Arch Linux.yml deleted file mode 120000 index d255bcd..0000000 --- a/roles/sshd/vars/Arch Linux.yml +++ /dev/null @@ -1 +0,0 @@ -Archlinux.yml \ No newline at end of file diff --git a/roles/sshd/vars/Archlinux.yml b/roles/sshd/vars/Archlinux.yml deleted file mode 100644 index de1da39..0000000 --- a/roles/sshd/vars/Archlinux.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -sshd_packages: - - openssh -sshd_sftp_server: /usr/lib/ssh/sftp-server -__sshd_defaults: - AuthorizedKeysFile: .ssh/authorized_keys - ChallengeResponseAuthentication: no - PrintMotd: no - Subsystem: "sftp {{ sshd_sftp_server }}" - UsePAM: yes -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Container Linux by CoreOS.yml b/roles/sshd/vars/Container Linux by CoreOS.yml deleted file mode 100644 index 656b455..0000000 --- a/roles/sshd/vars/Container Linux by CoreOS.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# There is no package manager in CoreOS -sshd_packages: [] -sshd_service: sshd -sshd_sftp_server: internal-sftp -__sshd_defaults: - Subsystem: "sftp {{ sshd_sftp_server }}" - ClientAliveInterval: 180 - UseDNS: no - UsePAM: yes - PrintLastLog: no - PrintMotd: no -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Debian.yml b/roles/sshd/vars/Debian.yml deleted file mode 100644 index a95c39b..0000000 --- a/roles/sshd/vars/Debian.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -sshd_service: ssh -sshd_packages: - - openssh-server -sshd_config_mode: "0644" -__sshd_defaults: - Port: 22 - Protocol: 2 - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_dsa_key - - /etc/ssh/ssh_host_ecdsa_key - UsePrivilegeSeparation: yes - KeyRegenerationInterval: 3600 - ServerKeyBits: 768 - SyslogFacility: AUTH - LogLevel: INFO - LoginGraceTime: 120 - PermitRootLogin: yes - StrictModes: yes - RSAAuthentication: yes - PubkeyAuthentication: yes - IgnoreRhosts: yes - RhostsRSAAuthentication: no - HostbasedAuthentication: no - PermitEmptyPasswords: no - ChallengeResponseAuthentication: no - X11Forwarding: yes - X11DisplayOffset: 10 - PrintMotd: no - PrintLastLog: yes - TCPKeepAlive: yes - AcceptEnv: LANG LC_* - Subsystem: "sftp {{ sshd_sftp_server }}" - UsePAM: yes -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Debian_10.yml b/roles/sshd/vars/Debian_10.yml deleted file mode 100644 index cca5691..0000000 --- a/roles/sshd/vars/Debian_10.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -sshd_service: ssh -sshd_packages: - - openssh-server - - openssh-sftp-server -sshd_config_mode: "0644" -__sshd_defaults: - Port: 22 - Protocol: 2 - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_ed25519_key - HostKeyAlgorithms: ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa,ssh-ed25519-cert-v01@openssh.com - KexAlgorithms: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256 - MACs: umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com - SyslogFacility: AUTH - LogLevel: INFO - LoginGraceTime: 120 - PermitRootLogin: without-password - StrictModes: yes - PubkeyAuthentication: yes - IgnoreRhosts: yes - HostbasedAuthentication: no - PermitEmptyPasswords: no - ChallengeResponseAuthentication: no - X11Forwarding: yes - X11DisplayOffset: 10 - PrintMotd: no - PrintLastLog: yes - TCPKeepAlive: yes - AcceptEnv: LANG LC_* - Subsystem: "sftp {{ sshd_sftp_server }}" - UsePAM: yes -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Debian_8.yml b/roles/sshd/vars/Debian_8.yml deleted file mode 100644 index f559c00..0000000 --- a/roles/sshd/vars/Debian_8.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -sshd_service: ssh -sshd_packages: - - openssh-server - - openssh-sftp-server -sshd_config_mode: "0644" -__sshd_defaults: - Port: 22 - Protocol: 2 - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_dsa_key - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ed25519_key - UsePrivilegeSeparation: yes - KeyRegenerationInterval: 3600 - ServerKeyBits: 1024 - SyslogFacility: AUTH - LogLevel: INFO - LoginGraceTime: 120 - PermitRootLogin: without-password - StrictModes: yes - RSAAuthentication: yes - PubkeyAuthentication: yes - IgnoreRhosts: yes - RhostsRSAAuthentication: no - HostbasedAuthentication: no - PermitEmptyPasswords: no - ChallengeResponseAuthentication: no - X11Forwarding: yes - X11DisplayOffset: 10 - PrintMotd: no - PrintLastLog: yes - TCPKeepAlive: yes - AcceptEnv: LANG LC_* - Subsystem: "sftp {{ sshd_sftp_server }}" - UsePAM: yes -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Debian_9.yml b/roles/sshd/vars/Debian_9.yml deleted file mode 100644 index 10745d2..0000000 --- a/roles/sshd/vars/Debian_9.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -sshd_service: ssh -sshd_packages: - - openssh-server - - openssh-sftp-server -sshd_config_mode: "0644" -__sshd_defaults: - Port: 22 - Protocol: 2 - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_dsa_key - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ed25519_key - UsePrivilegeSeparation: yes - SyslogFacility: AUTH - LogLevel: INFO - LoginGraceTime: 120 - PermitRootLogin: without-password - StrictModes: yes - PubkeyAuthentication: yes - IgnoreRhosts: yes - HostbasedAuthentication: no - PermitEmptyPasswords: no - ChallengeResponseAuthentication: no - X11Forwarding: yes - X11DisplayOffset: 10 - PrintMotd: no - PrintLastLog: yes - TCPKeepAlive: yes - AcceptEnv: LANG LC_* - Subsystem: "sftp {{ sshd_sftp_server }}" - UsePAM: yes -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Fedora.yml b/roles/sshd/vars/Fedora.yml deleted file mode 100644 index f6f5df2..0000000 --- a/roles/sshd/vars/Fedora.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -sshd_packages: - - openssh - - openssh-server -sshd_sftp_server: /usr/libexec/openssh/sftp-server -# Fedora 32 ships with drop-in directory support so we touch -# just included file with highest priority by default and have -# empty defaults -sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf -__sshd_defaults: -__sshd_os_supported: yes -sshd_hostkey_group: ssh_keys -sshd_hostkey_mode: "0640" diff --git a/roles/sshd/vars/Fedora_31.yml b/roles/sshd/vars/Fedora_31.yml deleted file mode 100644 index 4aa1cfe..0000000 --- a/roles/sshd/vars/Fedora_31.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -sshd_packages: - - openssh - - openssh-server -sshd_sftp_server: /usr/libexec/openssh/sftp-server -__sshd_defaults: - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ed25519_key - SyslogFacility: AUTHPRIV - AuthorizedKeysFile: .ssh/authorized_keys - PasswordAuthentication: yes - ChallengeResponseAuthentication: no - GSSAPIAuthentication: yes - GSSAPICleanupCredentials: no - UsePAM: yes - X11Forwarding: yes - AcceptEnv: - - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - - LC_IDENTIFICATION LC_ALL LANGUAGE - - XMODIFIERS - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes -__sshd_sysconfig_supports_crypto_policy: true -sshd_hostkey_group: ssh_keys -sshd_hostkey_mode: "0640" diff --git a/roles/sshd/vars/FreeBSD.yml b/roles/sshd/vars/FreeBSD.yml deleted file mode 100644 index 44f9cd0..0000000 --- a/roles/sshd/vars/FreeBSD.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -sshd_config_group: wheel -sshd_config_mode: "0644" -sshd_sftp_server: /usr/libexec/sftp-server -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Gentoo.yml b/roles/sshd/vars/Gentoo.yml deleted file mode 100644 index efb54df..0000000 --- a/roles/sshd/vars/Gentoo.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -sshd_packages: - - net-misc/openssh -sshd_sftp_server: /usr/lib64/misc/sftp-server -__sshd_defaults: - Subsystem: "sftp {{ sshd_sftp_server }}" - # Replace tcp keepalive with unspoofable keepalive - TCPKeepAlive: no - ClientAliveInterval: 300 - ClientAliveCountMax: 2 - # Secure cipher and algorithm settings - HostKey: - - /etc/ssh/ssh_host_ed25519_key - - /etc/ssh/ssh_host_rsa_key - HostKeyAlgorithms: "ssh-ed25519,ssh-rsa,ssh-ed25519-cert-v01@openssh.com" - KexAlgorithms: "curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256" - Ciphers: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr" - MACs: "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com" - AuthorizedKeysFile: .ssh/authorized_keys - # Security settings - PasswordAuthentication: no - ChallengeResponseAuthentication: no - PermitRootLogin: no - # Login settings - UsePAM: yes - PrintMotd: no - PrintLastLog: yes - # Disable most forwarding types for more security - AllowAgentForwarding: no - AllowTcpForwarding: no - AllowStreamLocalForwarding: no -__sshd_os_supported: yes diff --git a/roles/sshd/vars/OpenBSD.yml b/roles/sshd/vars/OpenBSD.yml deleted file mode 100644 index b0c0d26..0000000 --- a/roles/sshd/vars/OpenBSD.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -sshd_config_group: wheel -sshd_config_mode: "0600" -sshd_sftp_server: /usr/libexec/sftp-server -__sshd_defaults: - AuthorizedKeysFile: .ssh/authorized_keys - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes -__sshd_manage_var_run: no diff --git a/roles/sshd/vars/RedHat_6.yml b/roles/sshd/vars/RedHat_6.yml deleted file mode 100644 index 5b9ccb7..0000000 --- a/roles/sshd/vars/RedHat_6.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -sshd_packages: - - openssh - - openssh-server -sshd_sftp_server: /usr/libexec/openssh/sftp-server -__sshd_defaults: - Protocol: 2 - SyslogFacility: AUTHPRIV - PasswordAuthentication: yes - ChallengeResponseAuthentication: no - GSSAPIAuthentication: yes - GSSAPICleanupCredentials: yes - UsePAM: yes - AcceptEnv: - - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - - LC_IDENTIFICATION LC_ALL LANGUAGE - - XMODIFIERS - X11Forwarding: yes - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes -__sshd_sysconfig_supports_use_strong_rng: true -sshd_hostkey_group: ssh_keys -sshd_hostkey_mode: "0640" diff --git a/roles/sshd/vars/RedHat_7.yml b/roles/sshd/vars/RedHat_7.yml deleted file mode 100644 index 2d14066..0000000 --- a/roles/sshd/vars/RedHat_7.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -sshd_packages: - - openssh - - openssh-server -sshd_sftp_server: /usr/libexec/openssh/sftp-server -__sshd_defaults: - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ed25519_key - SyslogFacility: AUTHPRIV - AuthorizedKeysFile: .ssh/authorized_keys - PasswordAuthentication: yes - ChallengeResponseAuthentication: no - GSSAPIAuthentication: yes - GSSAPICleanupCredentials: no - # Note that UsePAM: no is not supported under RHEL/CentOS. See - # https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218 - UsePAM: yes - X11Forwarding: yes - UsePrivilegeSeparation: sandbox - AcceptEnv: - - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - - LC_IDENTIFICATION LC_ALL LANGUAGE - - XMODIFIERS - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes -__sshd_sysconfig_supports_use_strong_rng: true -sshd_hostkey_group: ssh_keys -sshd_hostkey_mode: "0640" diff --git a/roles/sshd/vars/RedHat_8.yml b/roles/sshd/vars/RedHat_8.yml deleted file mode 100644 index 909338f..0000000 --- a/roles/sshd/vars/RedHat_8.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -sshd_packages: - - openssh - - openssh-server -sshd_sftp_server: /usr/libexec/openssh/sftp-server -__sshd_defaults: - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ed25519_key - SyslogFacility: AUTHPRIV - AuthorizedKeysFile: .ssh/authorized_keys - PasswordAuthentication: yes - ChallengeResponseAuthentication: no - GSSAPIAuthentication: yes - GSSAPICleanupCredentials: no - # Note that UsePAM: no is not supported under RHEL/CentOS. See - # https://github.com/willshersystems/ansible-sshd/pull/51#issuecomment-287333218 - UsePAM: yes - X11Forwarding: yes - PrintMotd: no - AcceptEnv: - - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - - LC_IDENTIFICATION LC_ALL LANGUAGE - - XMODIFIERS - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes -__sshd_sysconfig_supports_use_strong_rng: true -__sshd_sysconfig_supports_crypto_policy: true -sshd_hostkey_group: ssh_keys -sshd_hostkey_mode: "0640" diff --git a/roles/sshd/vars/Suse.yml b/roles/sshd/vars/Suse.yml deleted file mode 100644 index 167010f..0000000 --- a/roles/sshd/vars/Suse.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -sshd_packages: - - openssh -sshd_sftp_server: /usr/lib/ssh/sftp-server -__sshd_defaults: - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ed25519_key - SyslogFacility: AUTH - AuthorizedKeysFile: .ssh/authorized_keys - PasswordAuthentication: yes - ChallengeResponseAuthentication: no - GSSAPIAuthentication: yes - GSSAPICleanupCredentials: no - UsePAM: yes - X11Forwarding: yes - UsePrivilegeSeparation: sandbox - AcceptEnv: - - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - - LC_IDENTIFICATION LC_ALL LANGUAGE - - XMODIFIERS - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Ubuntu_12.yml b/roles/sshd/vars/Ubuntu_12.yml deleted file mode 100644 index a95c39b..0000000 --- a/roles/sshd/vars/Ubuntu_12.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -sshd_service: ssh -sshd_packages: - - openssh-server -sshd_config_mode: "0644" -__sshd_defaults: - Port: 22 - Protocol: 2 - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_dsa_key - - /etc/ssh/ssh_host_ecdsa_key - UsePrivilegeSeparation: yes - KeyRegenerationInterval: 3600 - ServerKeyBits: 768 - SyslogFacility: AUTH - LogLevel: INFO - LoginGraceTime: 120 - PermitRootLogin: yes - StrictModes: yes - RSAAuthentication: yes - PubkeyAuthentication: yes - IgnoreRhosts: yes - RhostsRSAAuthentication: no - HostbasedAuthentication: no - PermitEmptyPasswords: no - ChallengeResponseAuthentication: no - X11Forwarding: yes - X11DisplayOffset: 10 - PrintMotd: no - PrintLastLog: yes - TCPKeepAlive: yes - AcceptEnv: LANG LC_* - Subsystem: "sftp {{ sshd_sftp_server }}" - UsePAM: yes -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Ubuntu_14.yml b/roles/sshd/vars/Ubuntu_14.yml deleted file mode 100644 index f559c00..0000000 --- a/roles/sshd/vars/Ubuntu_14.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -sshd_service: ssh -sshd_packages: - - openssh-server - - openssh-sftp-server -sshd_config_mode: "0644" -__sshd_defaults: - Port: 22 - Protocol: 2 - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_dsa_key - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ed25519_key - UsePrivilegeSeparation: yes - KeyRegenerationInterval: 3600 - ServerKeyBits: 1024 - SyslogFacility: AUTH - LogLevel: INFO - LoginGraceTime: 120 - PermitRootLogin: without-password - StrictModes: yes - RSAAuthentication: yes - PubkeyAuthentication: yes - IgnoreRhosts: yes - RhostsRSAAuthentication: no - HostbasedAuthentication: no - PermitEmptyPasswords: no - ChallengeResponseAuthentication: no - X11Forwarding: yes - X11DisplayOffset: 10 - PrintMotd: no - PrintLastLog: yes - TCPKeepAlive: yes - AcceptEnv: LANG LC_* - Subsystem: "sftp {{ sshd_sftp_server }}" - UsePAM: yes -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Ubuntu_16.yml b/roles/sshd/vars/Ubuntu_16.yml deleted file mode 100644 index 2ee35c8..0000000 --- a/roles/sshd/vars/Ubuntu_16.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -sshd_service: ssh -sshd_packages: - - openssh-server - - openssh-sftp-server -sshd_config_mode: "0644" -__sshd_defaults: - Port: 22 - Protocol: 2 - HostKey: - - /etc/ssh/ssh_host_rsa_key - - /etc/ssh/ssh_host_dsa_key - - /etc/ssh/ssh_host_ecdsa_key - - /etc/ssh/ssh_host_ed25519_key - UsePrivilegeSeparation: yes - KeyRegenerationInterval: 3600 - ServerKeyBits: 1024 - SyslogFacility: AUTH - LogLevel: INFO - LoginGraceTime: 120 - PermitRootLogin: prohibit-password - StrictModes: yes - RSAAuthentication: yes - PubkeyAuthentication: yes - AuthorizedKeysFile: "%h/.ssh/authorized_keys" - IgnoreRhosts: yes - RhostsRSAAuthentication: no - HostbasedAuthentication: no - PermitEmptyPasswords: no - ChallengeResponseAuthentication: no - X11Forwarding: yes - X11DisplayOffset: 10 - PrintMotd: no - PrintLastLog: yes - TCPKeepAlive: yes - AcceptEnv: LANG LC_* - Subsystem: "sftp {{ sshd_sftp_server }}" - UsePAM: yes - UseDNS: no -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Ubuntu_18.yml b/roles/sshd/vars/Ubuntu_18.yml deleted file mode 100644 index da8a005..0000000 --- a/roles/sshd/vars/Ubuntu_18.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -sshd_service: ssh -sshd_packages: - - openssh-server - - openssh-sftp-server -sshd_config_mode: "0644" -__sshd_defaults: - PasswordAuthentication: no - ChallengeResponseAuthentication: no - UsePAM: yes - X11Forwarding: yes - PrintMotd: no - AcceptEnv: LANG LC_* - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes diff --git a/roles/sshd/vars/Ubuntu_20.yml b/roles/sshd/vars/Ubuntu_20.yml deleted file mode 100644 index a60fba4..0000000 --- a/roles/sshd/vars/Ubuntu_20.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -sshd_service: ssh -sshd_packages: - - openssh-server - - openssh-sftp-server -sshd_config_mode: "0644" -__sshd_defaults: - ChallengeResponseAuthentication: no - UsePAM: yes - X11Forwarding: yes - PrintMotd: no - AcceptEnv: LANG LC_* - Subsystem: "sftp /usr/lib/openssh/sftp-server" -__sshd_os_supported: yes diff --git a/roles/sshd/vars/default.yml b/roles/sshd/vars/default.yml deleted file mode 100644 index ed97d53..0000000 --- a/roles/sshd/vars/default.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/roles/sshd/vars/openSUSE Leap_15.yml b/roles/sshd/vars/openSUSE Leap_15.yml deleted file mode 100644 index 883627c..0000000 --- a/roles/sshd/vars/openSUSE Leap_15.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -sshd_packages: - - openssh -sshd_sftp_server: /usr/lib/ssh/sftp-server -__sshd_defaults: - AuthorizedKeysFile: .ssh/authorized_keys - UsePAM: yes - X11Forwarding: yes - AcceptEnv: - - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - - LC_IDENTIFICATION LC_ALL - Subsystem: "sftp {{ sshd_sftp_server }}" -__sshd_os_supported: yes