salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Get those stale roles the HECC out of my repo. We download dynamically from now on.

Browse Source
This commit is contained in:
Salt 2021-09-18 16:04:28 -05:00
parent 68eb7e5422
commit a29a8fa584
401 changed files with 13 additions and 14444 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.gitignore vendored
View File

@ -1,2 +1,15 @@
roles/apache/
roles/certbot/
roles/dhcp/
roles/docker/
roles/factorio/
roles/gitea/
roles/k8s/
roles/nextcloud/
roles/nfs/
roles/php/
roles/postgresql/
roles/snmpd/
roles/sshd/
*.swp
.cache

3
roles/apache/.gitignore vendored
View File

@ -1,3 +0,0 @@
*.retry
*/__pycache__
*.pyc

33
roles/apache/.travis.yml
View File

@ -1,33 +0,0 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: apache
matrix:
- MOLECULE_DISTRO: ubi8
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: centos6
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: ubuntu1604
- MOLECULE_DISTRO: ubuntu1404
- MOLECULE_DISTRO: debian10
- MOLECULE_DISTRO: debian9
install:
# Install test dependencies.
- pip install molecule docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

20
roles/apache/LICENSE
View File

@ -1,20 +0,0 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

156
roles/apache/README.md
View File

@ -1,156 +0,0 @@
# Ansible Role: Apache 2.x
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache)
An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris.
## Requirements
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.
If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
apache_enablerepo: ""
The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role).
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts_template: "vhosts.conf.j2"
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. You can also override the template used and set a path to your own template, if you need to further customize the layout of your VirtualHosts.
apache_remove_default_vhost: false
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file.
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
# Add other global settings on subsequent lines.
You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration.
apache_vhosts:
# Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `allow_override` (optional: defaults to the value of `apache_allow_override`), `options` (optional: defaults to the value of `apache_options`), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).
Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site:
- servername: "www.local.dev"
serveralias: "local.dev"
documentroot: "/var/www/html"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output.
apache_vhosts_ssl: []
No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example:
apache_vhosts_ssl:
- servername: "local.dev"
documentroot: "/var/www/html"
certificate_file: "/home/vagrant/example.crt"
certificate_key_file: "/home/vagrant/example.key"
certificate_chain_file: "/path/to/certificate_chain.crt"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Other SSL directives can be managed with other SSL-related role variables.
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.
apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"
The default values for the `AllowOverride` and `Options` directives for the `documentroot` directory of each vhost. A vhost can overwrite these values by specifying `allow_override` or `options`.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods.
apache_packages:
- [platform-specific]
The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values).
apache_state: started
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
apache_packages_state: present
If you have enabled any additional repositories such as _ondrej/apache2_, [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel), or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to upgrade versions. You can set this to `latest` (combined with `apache_enablerepo` on RHEL) and can directly upgrade to a different Apache version from a different repo (instead of uninstalling and reinstalling Apache).
apache_ignore_missing_ssl_certificate: true
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Lets Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
## .htaccess-based Basic Authorization
If you require Basic Auth support, you can add it either through a custom template, or by adding `extra_parameters` to a VirtualHost configuration, like so:
extra_parameters: |
<Directory "/var/www/password-protected-directory">
Require valid-user
AuthType Basic
AuthName "Please authenticate"
AuthUserFile /var/www/password-protected-directory/.htpasswd
</Directory>
To password protect everything within a VirtualHost directive, use the `Location` block instead of `Directory`:
<Location "/">
Require valid-user
....
</Location>
You would need to generate/upload your own `.htpasswd` file in your own playbook. There may be other roles that support this functionality in a more integrated way.
## Dependencies
None.
## Example Playbook
- hosts: webservers
vars_files:
- vars/main.yml
roles:
- { role: geerlingguy.apache }
*Inside `vars/main.yml`*:
apache_listen_port: 8080
apache_vhosts:
- {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

58
roles/apache/defaults/main.yml
View File

@ -1,58 +0,0 @@
---
apache_enablerepo: ""
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts_template: "vhosts.conf.j2"
# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.
# Set this to `true` to remove that default.
apache_remove_default_vhost: false
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
apache_vhosts:
# Additional properties:
# 'serveradmin, serveralias, allow_override, options, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"
apache_vhosts_ssl: []
# Additional properties:
# 'serveradmin, serveralias, allow_override, options, extra_parameters'.
# - servername: "local.dev",
# documentroot: "/var/www/html",
# certificate_file: "/path/to/certificate.crt",
# certificate_key_file: "/path/to/certificate.key",
# # Optional.
# certificate_chain_file: "/path/to/certificate_chain.crt"
apache_ignore_missing_ssl_certificate: true
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
# Only used on Debian/Ubuntu.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
# Set initial apache state. Recommended values: `started` or `stopped`
apache_state: started
# Set apache state when configuration changes are made. Recommended values:
# `restarted` or `reloaded`
apache_restart_state: restarted
# Apache package state; use `present` to make sure it's installed, or `latest`
# if you want to upgrade or switch versions using a new repo.
apache_packages_state: present

5
roles/apache/handlers/main.yml
View File

@ -1,5 +0,0 @@
---
- name: restart apache
service:
name: "{{ apache_service }}"
state: "{{ apache_restart_state }}"

2
roles/apache/meta/.galaxy_install_info
View File

@ -1,2 +0,0 @@
install_date: Thu Oct 29 02:41:52 2020
version: 3.1.0

38
roles/apache/meta/main.yml
View File

@ -1,38 +0,0 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: Apache 2.x for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- all
- name: Fedora
versions:
- all
- name: Amazon
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- trusty
- xenial
- bionic
- name: Solaris
versions:
- 11.3
galaxy_tags:
- web
- apache
- webserver
- html
- httpd
allow_duplicates: true

29
roles/apache/molecule/default/molecule.yml
View File

@ -1,29 +0,0 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
options:
config-file: molecule/default/yaml-lint.yml
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
lint:
name: ansible-lint
playbooks:
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
scenario:
name: default
verifier:
name: testinfra
lint:
name: flake8

21
roles/apache/molecule/default/playbook.yml
View File

@ -1,21 +0,0 @@
---
- name: Converge
hosts: all
become: true
vars:
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts:
- servername: "example.com"
documentroot: "/var/www/vhosts/example_com"
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
roles:
- role: geerlingguy.apache

6
roles/apache/molecule/default/yaml-lint.yml
View File

@ -1,6 +0,0 @@
---
extends: default
rules:
line-length:
max: 120
level: warning

54
roles/apache/tasks/configure-Debian.yml
View File

@ -1,54 +0,0 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/ports.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Enable Apache mods.
file:
src: "{{ apache_server_root }}/mods-available/{{ item }}"
dest: "{{ apache_server_root }}/mods-enabled/{{ item }}"
state: link
with_items: "{{ apache_mods_enabled }}"
notify: restart apache
- name: Disable Apache mods.
file:
path: "{{ apache_server_root }}/mods-enabled/{{ item }}"
state: absent
with_items: "{{ apache_mods_disabled }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: "path={{ item.certificate_file }}"
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool
- name: Add vhost symlink in sites-enabled.
file:
src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}"
state: link
notify: restart apache
when: apache_create_vhosts | bool
- name: Remove default vhost in sites-enabled.
file:
path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}"
state: absent
notify: restart apache
when: apache_remove_default_vhost

36
roles/apache/tasks/configure-RedHat.yml
View File

@ -1,36 +0,0 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool
- name: Check if localhost cert exists (RHEL 8 and later).
stat:
path: /etc/pki/tls/certs/localhost.crt
register: localhost_cert
when: ansible_distribution_major_version | int >= 8
- name: Ensure httpd certs are installed (RHEL 8 and later).
command: /usr/libexec/httpd-ssl-gencerts
when:
- ansible_distribution_major_version | int >= 8
- not localhost_cert.stat.exists

19
roles/apache/tasks/configure-Solaris.yml
View File

@ -1,19 +0,0 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool

24
roles/apache/tasks/configure-Suse.yml
View File

@ -1,24 +0,0 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/listen.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool

47
roles/apache/tasks/main.yml
View File

@ -1,47 +0,0 @@
---
# Include variables and define needed variables.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Include variables for Amazon Linux.
include_vars: "AmazonLinux.yml"
when:
- ansible_distribution == "Amazon"
- ansible_distribution_major_version == "NA"
- name: Define apache_packages.
set_fact:
apache_packages: "{{ __apache_packages | list }}"
when: apache_packages is not defined
# Setup/install tasks.
- include_tasks: "setup-{{ ansible_os_family }}.yml"
# Figure out what version of Apache is installed.
- name: Get installed version of Apache.
command: "{{ apache_daemon_path }}{{ apache_daemon }} -v"
changed_when: false
check_mode: false
register: _apache_version
- name: Create apache_version variable.
set_fact:
apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}"
- name: Include Apache 2.2 variables.
include_vars: apache-22.yml
when: "apache_version.split('.')[1] == '2'"
- name: Include Apache 2.4 variables.
include_vars: apache-24.yml
when: "apache_version.split('.')[1] == '4'"
# Configure Apache.
- name: Configure Apache.
include_tasks: "configure-{{ ansible_os_family }}.yml"
- name: Ensure Apache has selected state and enabled on boot.
service:
name: "{{ apache_service }}"
state: "{{ apache_state }}"
enabled: true

6
roles/apache/tasks/setup-Debian.yml
View File

@ -1,6 +0,0 @@
---
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=3600
- name: Ensure Apache is installed on Debian.
apt: "name={{ apache_packages }} state={{ apache_packages_state }}"

6
roles/apache/tasks/setup-RedHat.yml
View File

@ -1,6 +0,0 @@
---
- name: Ensure Apache is installed on RHEL.
package:
name: "{{ apache_packages }}"
state: "{{ apache_packages_state }}"
enablerepo: "{{ apache_enablerepo | default(omit, true) }}"

5
roles/apache/tasks/setup-Solaris.yml
View File

@ -1,5 +0,0 @@
---
- name: Ensure Apache is installed on Solaris.
pkg5:
name: "{{ apache_packages }}"
state: "{{ apache_packages_state }}"

5
roles/apache/tasks/setup-Suse.yml
View File

@ -1,5 +0,0 @@
---
- name: Ensure Apache is installed on Suse.
zypper:
name: "{{ apache_packages }}"
state: "{{ apache_packages_state }}"

82
roles/apache/templates/vhosts.conf.j2
View File

@ -1,82 +0,0 @@
{{ apache_global_vhost_settings }}
{# Set up VirtualHosts #}
{% for vhost in apache_vhosts %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot "{{ vhost.documentroot }}"
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
Options {{ vhost.options | default(apache_options) }}
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }}
{% endif %}
</VirtualHost>
{% endfor %}
{# Set up SSL VirtualHosts #}
{% for vhost in apache_vhosts_ssl %}
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port_ssl }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot "{{ vhost.documentroot }}"
{% endif %}
SSLEngine on
SSLCipherSuite {{ apache_ssl_cipher_suite }}
SSLProtocol {{ apache_ssl_protocol }}
SSLHonorCipherOrder On
{% if apache_vhosts_version == "2.4" %}
SSLCompression off
{% endif %}
SSLCertificateFile {{ vhost.certificate_file }}
SSLCertificateKeyFile {{ vhost.certificate_key_file }}
{% if vhost.certificate_chain_file is defined %}
SSLCertificateChainFile {{ vhost.certificate_chain_file }}
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
Options {{ vhost.options | default(apache_options) }}
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }}
{% endif %}
</VirtualHost>
{% endif %}
{% endfor %}

18
roles/apache/vars/AmazonLinux.yml
View File

@ -1,18 +0,0 @@
---
apache_service: httpd
apache_daemon: httpd
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/httpd
apache_conf_path: /etc/httpd/conf.d
apache_vhosts_version: "2.4"
__apache_packages:
- httpd24
- httpd24-devel
- mod24_ssl
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"

14
roles/apache/vars/Debian.yml
View File

@ -1,14 +0,0 @@
---
apache_service: apache2
apache_daemon: apache2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2
__apache_packages:
- apache2
- apache2-utils
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"

20
roles/apache/vars/RedHat.yml
View File

@ -1,20 +0,0 @@
---
apache_service: httpd
apache_daemon: httpd
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/httpd
apache_conf_path: /etc/httpd/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- httpd
- httpd-devel
- mod_ssl
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

19
roles/apache/vars/Solaris.yml
View File

@ -1,19 +0,0 @@
---
apache_service: apache24
apache_daemon: httpd
apache_daemon_path: /usr/apache2/2.4/bin/
apache_server_root: /etc/apache2/2.4/
apache_conf_path: /etc/apache2/2.4/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- web/server/apache-24
- web/server/apache-24/module/apache-ssl
- web/server/apache-24/module/apache-security
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

18
roles/apache/vars/Suse.yml
View File

@ -1,18 +0,0 @@
---
apache_service: apache2
apache_daemon: httpd2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- apache2
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

12
roles/apache/vars/apache-22.yml
View File

@ -1,12 +0,0 @@
---
apache_vhosts_version: "2.2"
apache_default_vhost_filename: 000-default
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ apache_listen_port }}"
}
- {
regexp: "^#?NameVirtualHost ",
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
}

8
roles/apache/vars/apache-24.yml
View File

@ -1,8 +0,0 @@
---
apache_vhosts_version: "2.4"
apache_default_vhost_filename: 000-default.conf
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ apache_listen_port }}"
}

4
roles/certbot/.github/FUNDING.yml vendored
View File

@ -1,4 +0,0 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

56
roles/certbot/.github/stale.yml vendored
View File

@ -1,56 +0,0 @@
# Configuration for probot-stale - https://github.com/probot/stale
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

3
roles/certbot/.gitignore vendored
View File

@ -1,3 +0,0 @@
*.retry
*/__pycache__
*.pyc

32
roles/certbot/.travis.yml
View File

@ -1,32 +0,0 @@
---
language: python
services: docker
env:
global:
- ROLE_NAME: certbot
matrix:
- MOLECULE_DISTRO: centos8
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: centos6
MOLECULE_PLAYBOOK: playbook-source-install.yml
- MOLECULE_DISTRO: ubuntu1804
- MOLECULE_DISTRO: ubuntu1604
- MOLECULE_DISTRO: debian10
install:
# Install test dependencies.
- pip install molecule yamllint ansible-lint docker
before_script:
# Use actual Ansible Galaxy role name for the project directory.
- cd ../
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
- cd geerlingguy.$ROLE_NAME
script:
# Run tests.
- molecule test
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

10
roles/certbot/.yamllint
View File

@ -1,10 +0,0 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/stale.yml

20
roles/certbot/LICENSE
View File

@ -1,20 +0,0 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

140
roles/certbot/README.md
View File

@ -1,140 +0,0 @@
# Ansible Role: Certbot (for Let's Encrypt)
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-certbot.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-certbot)
Installs and configures Certbot (for Let's Encrypt).
## Requirements
If installing from source, Git is required. You can install Git using the `geerlingguy.git` role.
Generally, installing from source (see section `Source Installation from Git`) leads to a better experience using Certbot and Let's Encrypt, especially if you're using an older OS release.
## Role Variables
The variable `certbot_install_from_source` controls whether to install Certbot from Git or package management. The latter is the default, so the variable defaults to `no`.
certbot_auto_renew: true
certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
certbot_auto_renew_hour: "3"
certbot_auto_renew_minute: "30"
certbot_auto_renew_options: "--quiet --no-self-upgrade"
By default, this role configures a cron job to run under the provided user account at the given hour and minute, every day. The defaults run `certbot renew` (or `certbot-auto renew`) via cron every day at 03:30:00 by the user you use in your Ansible playbook. It's preferred that you set a custom user/hour/minute so the renewal is during a low-traffic period and done by a non-root user account.
### Automatic Certificate Generation
Currently there is one built-in method for generating new certificates using this role: `standalone`. Other methods (e.g. using nginx or apache and a webroot) may be added in the future.
**For a complete example**: see the fully functional test playbook in [molecule/default/playbook-standalone-nginx-aws.yml](molecule/default/playbook-standalone-nginx-aws.yml).
certbot_create_if_missing: false
certbot_create_method: standalone
Set `certbot_create_if_missing` to `yes` or `True` to let this role generate certs. Set the method used for generating certs with the `certbot_create_method` variable—current allowed values include: `standalone`.
certbot_admin_email: email@example.com
The email address used to agree to Let's Encrypt's TOS and subscribe to cert-related notifications. This should be customized and set to an email address that you or your organization regularly monitors.
certbot_certs: []
# - email: janedoe@example.com
# domains:
# - example1.com
# - example2.com
# - domains:
# - example3.com
A list of domains (and other data) for which certs should be generated. You can add an `email` key to any list item to override the `certbot_admin_email`.
certbot_create_command: "{{ certbot_script }} certonly --standalone --noninteractive --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(',') }}"
The `certbot_create_command` defines the command used to generate the cert.
#### Standalone Certificate Generation
certbot_create_standalone_stop_services:
- nginx
Services that should be stopped while `certbot` runs it's own standalone server on ports 80 and 443. If you're running Apache, set this to `apache2` (Ubuntu), or `httpd` (RHEL), or if you have Nginx on port 443 and something else on port 80 (e.g. Varnish, a Java app, or something else), add it to the list so it is stopped when the certificate is generated.
These services will only be stopped the first time a new cert is generated.
### Source Installation from Git
You can install Certbot from it's Git source repository if desired. This might be useful in several cases, but especially when older distributions don't have Certbot packages available (e.g. CentOS < 7, Ubuntu < 16.10 and Debian < 8).
certbot_install_from_source: false
certbot_repo: https://github.com/certbot/certbot.git
certbot_version: master
certbot_keep_updated: true
Certbot Git repository options. To install from source, set `certbot_install_from_source` to `yes`. This clones the configured `certbot_repo`, respecting the `certbot_version` setting. If `certbot_keep_updated` is set to `yes`, the repository is updated every time this role runs.
certbot_dir: /opt/certbot
The directory inside which Certbot will be cloned.
### Wildcard Certificates
Let's Encrypt supports [generating wildcard certificates](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579), but the process for generating and using them is slightly more involved. See comments in [this pull request](https://github.com/geerlingguy/ansible-role-certbot/pull/60#issuecomment-423919284) for an example of how to use this role to maintain wildcard certs.
Michael Porter also has a walkthrough of [Creating A Lets Encrypt Wildcard Cert With Ansible](https://www.michaelpporter.com/2018/09/creating-a-wildcard-cert-with-ansible/), specifically with Cloudflare.
## Dependencies
None.
## Example Playbook
- hosts: servers
vars:
certbot_auto_renew_user: your_username_here
certbot_auto_renew_minute: "20"
certbot_auto_renew_hour: "5"
roles:
- geerlingguy.certbot
See other examples in the `tests/` directory.
### Manually creating certificates with certbot
_Note: You can have this role automatically generate certificates; see the "Automatic Certificate Generation" documentation above._
You can manually create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04, or use `/opt/certbot/certbot-auto` if installing from source/Git. Here are some example commands to configure certificates with Certbot:
# Automatically add certs for all Apache virtualhosts (use with caution!).
certbot --apache
# Generate certs, but don't modify Apache configuration (safer).
certbot --apache certonly
If you want to fully automate the process of adding a new certificate, but don't want to use this role's built in functionality, you can do so using the command line options to register, accept the terms of service, and then generate a cert using the standalone server:
1. Make sure any services listening on ports 80 and 443 (Apache, Nginx, Varnish, etc.) are stopped.
2. Register with something like `certbot register --agree-tos --email [your-email@example.com]`
- Note: You won't need to do this step in the future, when generating additional certs on the same server.
3. Generate a cert for a domain whose DNS points to this server: `certbot certonly --noninteractive --standalone -d example.com -d www.example.com`
4. Re-start whatever was listening on ports 80 and 443 before.
5. Update your webserver's virtualhost TLS configuration to point at the new certificate (`fullchain.pem`) and private key (`privkey.pem`) Certbot just generated for the domain you passed in the `certbot` command.
6. Reload or restart your webserver so it uses the new HTTPS virtualhost configuration.
### Certbot certificate auto-renewal
By default, this role adds a cron job that will renew all installed certificates once per day at the hour and minute of your choosing.
You can test the auto-renewal (without actually renewing the cert) with the command:
/opt/certbot/certbot-auto renew --dry-run
See full documentation and options on the [Certbot website](https://certbot.eff.org/).
## License
MIT / BSD
## Author Information
This role was created in 2016 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

38
roles/certbot/defaults/main.yml
View File

@ -1,38 +0,0 @@
---
# Certbot auto-renew cron job configuration (for certificate renewals).
certbot_auto_renew: true
certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
certbot_auto_renew_hour: "3"
certbot_auto_renew_minute: "30"
certbot_auto_renew_options: "--quiet --no-self-upgrade"
# Parameters used when creating new Certbot certs.
certbot_create_if_missing: false
certbot_create_method: standalone
certbot_admin_email: email@example.com
certbot_certs: []
# - email: janedoe@example.com
# domains:
# - example1.com
# - example2.com
# - domains:
# - example3.com
certbot_create_command: >-
{{ certbot_script }} certonly --standalone --noninteractive --agree-tos
--email {{ cert_item.email | default(certbot_admin_email) }}
-d {{ cert_item.domains | join(',') }}
certbot_create_standalone_stop_services:
- nginx
# - apache
# - varnish
# To install from source (on older OSes or if you need a specific or newer
# version of Certbot), set this variable to `yes` and configure other options.
certbot_install_from_source: false
certbot_repo: https://github.com/certbot/certbot.git
certbot_version: master
certbot_keep_updated: true
# Where to put Certbot when installing from source.
certbot_dir: /opt/certbot

2
roles/certbot/meta/.galaxy_install_info
View File

@ -1,2 +0,0 @@
install_date: Sun Nov 8 05:56:00 2020
version: 3.1.0

34
roles/certbot/meta/main.yml
View File

@ -1,34 +0,0 @@
---
dependencies: []
galaxy_info:
author: geerlingguy
description: "Installs and configures Certbot (for Let's Encrypt)."
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 6
- 7
- 8
- name: Fedora
versions:
- all
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
galaxy_tags:
- networking
- system
- web
- certbot
- letsencrypt
- encryption
- certificates
- ssl
- https

27
roles/certbot/molecule/default/converge.yml
View File

@ -1,27 +0,0 @@
---
- name: Converge
hosts: all
become: true
vars:
certbot_auto_renew_user: root
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Install dependencies (RedHat).
yum: name={{ item }} state=present
when: ansible_os_family == 'RedHat'
with_items:
- cronie
- epel-release
- name: Install cron (Debian).
apt: name=cron state=present
when: ansible_os_family == 'Debian'
roles:
- geerlingguy.certbot

21
roles/certbot/molecule/default/molecule.yml
View File

@ -1,21 +0,0 @@
---
dependency:
name: galaxy
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

26
roles/certbot/molecule/default/playbook-source-install.yml
View File

@ -1,26 +0,0 @@
---
- name: Converge
hosts: all
become: true
vars:
certbot_install_from_source: true
certbot_auto_renew_user: root
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Install cron (RedHat).
yum: name=cronie state=present
when: ansible_os_family == 'RedHat'
- name: Install cron (Debian).
apt: name=cron state=present
when: ansible_os_family == 'Debian'
roles:
- geerlingguy.git
- geerlingguy.certbot

180
roles/certbot/molecule/default/playbook-standalone-nginx-aws.yml
View File

@ -1,180 +0,0 @@
---
# To run:
# 1. Ensure Ansible and Boto are installed (pip install ansible boto).
# 2. Ensure you have AWS credentials stored where Boto can find them, and they
# are under the profile 'mm'.
# 3. Ensure you have a pubkey available at ~/.ssh/id_rsa.pub.
# 3. Run the playbook: ansible-playbook test-standalone-nginx-aws.yml
# Play 1: Provision EC2 instance and A record.
- hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Configure EC2 Security Group.
ec2_group:
profile: mm
name: certbot_test_http
description: HTTP security group for Certbot testing.
region: "us-east-1"
state: present
rules:
- proto: tcp
from_port: 80
to_port: 80
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 443
to_port: 443
cidr_ip: 0.0.0.0/0
- proto: tcp
from_port: 22
to_port: 22
cidr_ip: 0.0.0.0/0
rules_egress: []
- name: Add EC2 Key Pair.
ec2_key:
profile: mm
region: "us-east-1"
name: certbot_test
key_material: "{{ item }}"
with_file:
- ~/.ssh/id_rsa.pub
- name: Provision EC2 instance.
ec2:
profile: mm
key_name: certbot_test
instance_tags:
Name: "certbot-standalone-nginx-test"
group: ['default', 'certbot_test_http']
instance_type: t2.micro
# CentOS Linux 7 x86_64 HVM EBS
image: ami-02e98f78
region: "us-east-1"
wait: true
wait_timeout: 500
exact_count: 1
count_tag:
Name: "certbot-standalone-nginx-test"
register: created_instance
- name: Add A record for the new EC2 instance IP in Route53.
route53:
profile: mm
command: create
zone: servercheck.in
record: certbot-test.servercheck.in
type: A
ttl: 300
value: "{{ created_instance.tagged_instances.0.public_ip }}"
wait: true
overwrite: true
- name: Add EC2 instance to inventory groups.
add_host:
name: "certbot-test.servercheck.in"
groups: "aws,aws_nginx"
ansible_ssh_user: centos
host_key_checking: false
when: created_instance.tagged_instances.0.id is defined
# Play 2: Configure EC2 instance with Certbot and Nginx.
- hosts: aws_nginx
gather_facts: true
become: true
vars:
certbot_admin_email: https@servercheck.in
certbot_create_if_missing: true
certbot_create_standalone_stop_services: []
certbot_certs:
- domains:
- certbot-test.servercheck.in
nginx_vhosts:
- listen: "443 ssl http2"
server_name: "certbot-test.servercheck.in"
root: "/usr/share/nginx/html"
index: "index.html index.htm"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "certbot_test.conf"
extra_parameters: |
ssl_certificate /etc/letsencrypt/live/certbot-test.servercheck.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/certbot-test.servercheck.in/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Install dependencies (RedHat).
yum: name={{ item }} state=present
when: ansible_os_family == 'RedHat'
with_items:
- cronie
- epel-release
- name: Install cron (Debian).
apt: name=cron state=present
when: ansible_os_family == 'Debian'
roles:
- geerlingguy.certbot
- geerlingguy.nginx
tasks:
- name: Flush handlers in case any configs have changed.
meta: flush_handlers
- name: Test secure connection to SSL domain.
uri:
url: https://certbot-test.servercheck.in/
status_code: 200
delegate_to: localhost
become: false
# Play 3: Tear down EC2 instance and A record.
- hosts: localhost
connection: local
gather_facts: false
tasks:
- name: Destroy EC2 instance.
ec2:
profile: mm
instance_ids: ["{{ created_instance.tagged_instances.0.id }}"]
region: "us-east-1"
state: absent
wait: true
wait_timeout: 500
- name: Delete Security Group.
ec2_group:
profile: mm
name: certbot_test_http
region: "us-east-1"
state: absent
- name: Delete Key Pair.
ec2_key:
profile: mm
name: certbot_test
region: "us-east-1"
state: absent
- name: Delete Route53 record.
route53:
profile: mm
state: delete
zone: servercheck.in
record: certbot-test.servercheck.in
type: A
ttl: 300
# See: https://github.com/ansible/ansible/pull/32297
value: []

3
roles/certbot/molecule/default/requirements.yml
View File

@ -1,3 +0,0 @@
---
- src: geerlingguy.git
- src: geerlingguy.nginx

23
roles/certbot/tasks/create-cert-standalone.yml
View File

@ -1,23 +0,0 @@
---
- name: Check if certificate already exists.
stat:
path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
register: letsencrypt_cert
- name: Stop services to allow certbot to generate a cert.
service:
name: "{{ item }}"
state: stopped
when: not letsencrypt_cert.stat.exists
with_items: "{{ certbot_create_standalone_stop_services }}"
- name: Generate new certificate if one doesn't exist.
command: "{{ certbot_create_command }}"
when: not letsencrypt_cert.stat.exists
- name: Start services after cert has been generated.
service:
name: "{{ item }}"
state: started
when: not letsencrypt_cert.stat.exists
with_items: "{{ certbot_create_standalone_stop_services }}"

8
roles/certbot/tasks/include-vars.yml
View File

@ -1,8 +0,0 @@
---
- name: Load a variable file based on the OS type, or a default if not found.
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
- "default.yml"

17
roles/certbot/tasks/install-from-source.yml
View File

@ -1,17 +0,0 @@
---
- name: Clone Certbot into configured directory.
git:
repo: "{{ certbot_repo }}"
dest: "{{ certbot_dir }}"
version: "{{ certbot_version }}"
update: "{{ certbot_keep_updated }}"
force: true
- name: Set Certbot script variable.
set_fact:
certbot_script: "{{ certbot_dir }}/certbot-auto"
- name: Ensure certbot-auto is executable.
file:
path: "{{ certbot_script }}"
mode: 0755

7
roles/certbot/tasks/install-with-package.yml
View File

@ -1,7 +0,0 @@
---
- name: Install Certbot.
package: "name={{ certbot_package }} state=present"
- name: Set Certbot script variable.
set_fact:
certbot_script: "{{ certbot_package }}"

22
roles/certbot/tasks/main.yml
View File

@ -1,22 +0,0 @@
---
- import_tasks: include-vars.yml
- import_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- import_tasks: install-with-package.yml
when: not certbot_install_from_source
- import_tasks: install-from-source.yml
when: certbot_install_from_source
- include_tasks: create-cert-standalone.yml
with_items: "{{ certbot_certs }}"
when:
- certbot_create_if_missing
- certbot_create_method == 'standalone'
loop_control:
loop_var: cert_item
- import_tasks: renew-cron.yml
when: certbot_auto_renew

8
roles/certbot/tasks/renew-cron.yml
View File

@ -1,8 +0,0 @@
---
- name: Add cron job for certbot renewal (if configured).
cron:
name: Certbot automatic renewal.
job: "{{ certbot_script }} renew {{ certbot_auto_renew_options }}"
minute: "{{ certbot_auto_renew_minute }}"
hour: "{{ certbot_auto_renew_hour }}"
user: "{{ certbot_auto_renew_user }}"

20
roles/certbot/tasks/setup-RedHat.yml
View File

@ -1,20 +0,0 @@
---
# See: https://github.com/geerlingguy/ansible-role-certbot/issues/107
- block:
- name: Ensure dnf-plugins are installed on CentOS 8+.
yum:
name: dnf-plugins-core
state: present
- name: Enable DNF module for CentOS 8+.
shell: |
dnf config-manager --set-enabled PowerTools
args:
warn: false
register: dnf_module_enable
changed_when: false
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_major_version | int >= 8

2
roles/certbot/vars/Ubuntu-16.04.yml
View File

@ -1,2 +0,0 @@
---
certbot_package: letsencrypt

2
roles/certbot/vars/default.yml
View File

@ -1,2 +0,0 @@
---
certbot_package: certbot

13
roles/dhcp/.gitignore vendored
View File

@ -1,13 +0,0 @@
# .gitignore
# Hidden Vagrant-directory
.vagrant
# Backup files (e.g. Vim, Gedit, etc.)
*~
# Vagrant base boxes (you never know when someone puts one in the repository)
*.box
# Ignore test code (it's a separate branch worktree)
*tests/

21
roles/dhcp/.yamllint
View File

@ -1,21 +0,0 @@
---
# Based on ansible-lint config
extends: default
rules:
braces: {max-spaces-inside: 1, level: error}
brackets: {max-spaces-inside: 1, level: error}
colons: {max-spaces-after: -1, level: error}
commas: {max-spaces-after: -1, level: error}
comments: disable
comments-indentation: disable
document-start: disable
empty-lines: {max: 3, level: error}
hyphens: {level: error}
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines: {type: unix}
trailing-spaces: disable
truthy: disable

121
roles/dhcp/CHANGELOG.md
View File

@ -1,121 +0,0 @@
# Change log
This file contains all notable changes to the dhcp Ansible role.
This file adheres to the guidelines of [http://keepachangelog.com/](http://keepachangelog.com/). Versioning follows [Semantic Versioning](http://semver.org/).
## 3.0.3 - 2020-05-06
### Added
- (GH-40) Added support for RHEL 8, and it's derivatives. (credit: [Stuart Knight](https://github.com/blofeldthefish))
## 3.0.2 - 2019-08-29
### Added
- (GH-29) The ability to add customised config snippets, whilst using a locally defined (outside of this role) Jinja Template. (credit: [Alex Gittings](https://github.com/minitriga))
## 3.0.1 - 2019-08-14
### Changed
- Fix ansible-lint warnings
- Update documentation for failover peer documentation
## 3.0.0 - 2019-08-14
### Added
- (GH-18) The ability to add multiple subnet ranges to a scope. (credit: [Stuart Knight](https://github.com/blofeldthefish))
- (GH-24) Add parameter `dhcp_apparmor_fix` to enable/disable the AppArmor fix (credit: [Maxim Baranov](https://github.com/mbaran0v))
- Variable `dhcp_pxeboot_server` in order to allow this role to refer PXEBoot clients to the correct PXEBoot server.
### Changed
- (GH-19) **Breaking change** Fix inconsistency with readme for omapi secret. In the README the `dhcp_global_omapi_secret` is defined as such, whereas in the template it is `dhcp_omapi_secret`. It *should* be `dhcp_global_omapi_secret`. This will break playbooks that use the `dhcp_omapi_secret` variable.
- (GH-21, GH-25) Define network device in /etc/defaults. This is needed on Debian based distros.
- (GH-22) Support `include` lines for non-existent files in role's `files/` directory. This allows the user to add `include` lines in dhcpd.conf for non-existent files; files not found in role's `files/` directory. It should permit successful configuration of `dhcpd.conf` with the expectation of another process (role, task, legacy method, etc.) to provide the include file. (credit: [RayfordJ](https://github.com/rayfordj))
- (GH-23) Removed default value for `dhcp_global_other_options` and test for its definition in the config file template. This is more consistent with how the other role variables are handled in the config file template. (credit: [lijok](https://github.com/lijok))
- (GH-26) Fixed typo in README (credit [Guillaume Parent](https://github.com/gparent))
- (GH-27) Use list of packages directly instead of in a `with_items` loop. (credit [Guillaume Parent](https://github.com/gparent))
- Increased minimum Ansible version to 2.8 due to usage of more recent Ansible syntax (e.g. package installation directly with variable containing list of packages instead of `with_items` loop).
- Updated list of supported versions to latest stable releases of tested distros (EL 7.6, Fedora 30, Ubuntu 18.04)
- Use Yamllint configuration from Ansible Galaxy and fix Yamllint warnings
- Updated Vagrant test environment, in new orphan branch `vagrant-tests`.
## 2.2.0 - 2018-10-13
### Added
- (GH-13,14) support fixed address hosts in subnets (credit: [Ahmed Sghaier](https://github.com/asghaier))
- (GH-15) Add variable `dhcp_service_state`, to define the desired state of the service (default: started). (credit: [Alessandro Ogier](https://github.com/aogier))
- (GH-17) New configuration items for failover peer: `address`, `failover_peer`, `hba`, `load_balance_max_seconds`, `max-balance`, `max-lease-misbalance`, `max-lease-ownership`, `max_response_delay`, `max_unacked_updates`, `mclt`, `min-balance`, `peer_address`, `peer_port`, `port`, `role`, `split` (credit: [cacheira](https://github.com/cacheira))
### Changed
- (GH-11,12) The `domain_search` key of `dhcp_subnets` can now also be a list (credit: [Ahmed Sghaier](https://github.com/asghaier))
- (GH-16) Allow host declaration without specifying `fixed-address`. (credit: [Alessandro Ogier](https://github.com/aogier))
## 2.1.2 - 2017-11-21
### Changed
- Fixed Ansible 2.4 deprecation warnings (include: -> include_tasks)
## 2.1.1 - 2017-07-03
### Changed
- (GH-10) Fixed bug where playbook run fails because `dhcp_global_includes` is undefined
## 2.1.0 - 2017-06-26
### Added
- New configuration items:
- (GH-7) `dhcp_global_log_facility`, `dhcp_global_server_name`, `dhcp_global_authoritative` (credit: [@jpiron](https://github.com/jpiron))
- `dhcp_global_ntp_servers`, `dhcp_global_includes` (credit: Felix Egli)
- (GH-9) Support OMAPI keys and catch-all options (credit: [@joshbenner](https://github.com/joshbenner))
### Changed
- (GH-7) Several improvements: package state as variable instead of hard-coded, made host declarations global (credit: [@jpiron](https://github.com/jpiron)
- (GH-8) Fixed typo in README (credit: [@donvipre](https://github.com/donvipre)
- Quoted values in `dhcp_global_domain_search` (credit: Felix Egli)
## 2.0.0 - 2016-04-29
### Added
- Support for Ubuntu LTS 14.04 (Trusty Tahr) and 16.04 (Xenial Xerus)
- Tested on Fedora 23 and CentOS 6, and added to supported platforms
### Changed
- This version now uses the general package management module introduced in Ansible 2.0. This is considered a breaking change, since it wil no longer work with Ansible 1.6-1.7.
## 1.1.0 - 2016-04-28
### Added
- Support for PXE boot parameters bootp, booting, next-server, filename. Credits to [Rian Bogle](https://github.com/rbogle)
- Address pools within subnet declaration. Credits to [Birgit Croux](https://github.com/birgitcroux)
- Definition of classes with match statements
## 1.0.1 - 2015-08-28
### Changed
- Fixed a tag name
- Fixed GH-1: domain name no longer needs to be "double quoted"
## 1.0.0 - 2015-08-24
First release!
### Added
- Allow setting some global variables
- Subnet declarations in YAML

13
roles/dhcp/LICENSE.md
View File

@ -1,13 +0,0 @@
# BSD License
Copyright (c) 2014, Bert Van Vreckem, (bert.vanvreckem@gmail.com)
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

316
roles/dhcp/README.md
View File

@ -1,316 +0,0 @@
# Ansible role `dhcp`
Ansible role for setting up ISC DHCPD. The responsibilities of this role are to install packages and manage the configuration ([dhcpd.conf(5)](http://linux.die.net/man/5/dhcpd.conf)). Managing the firewall configuration is NOT a concern of this role. You can do this in your local playbook, or use another role (e.g. [bertvv.rh-base](https://galaxy.ansible.com/bertvv/rh-base).
Refer to the [change log](CHANGELOG.md) for notable changes in each release.
Do you use/like this role? Please consider giving it a star. If you [rate this role](https://galaxy.ansible.com/bertvv/dhcp) on Ansible Galaxy and find it lacking in some respect, please consider opening an Issue with actionable feedback or a PR so we can improve it. Thank you!
## Requirements
No specific requirements
## Role Variables
This role is able to set global options, and to specify subnet declarations.
See the [test playbook](https://github.com/bertvv/ansible-role-dhcp/blob/vagrant-tests/test.yml) for a working example of a DHCP server in a test environment based on Vagrant and VirtualBox. This section is a reference of all supported options.
### Global options
The following variables, when set, will be added to the global section of the DHCP configuration file. If there is no default value specified, the corresponding setting will be left out of `dhcpd.conf(5)`.
See the [dhcp-options(5)](http://linux.die.net/man/5/dhcp-options) man page for more information about these options.
| Variable | Comments |
| :--- | :--- |
| `dhcp_global_authoritative` | Global authoritative statement (`authoritative`, `not authoritative`) |
| `dhcp_global_booting` | Global booting (`allow`, `deny`, `ignore`) |
| `dhcp_global_bootp` | Global bootp (`allow`, `deny`, `ignore`) |
| `dhcp_global_broadcast_address` | Global broadcast address |
| `dhcp_global_classes` | Class definitions with a match statement(1) |
| `dhcp_global_default_lease_time` | Default lease time in seconds |
| `dhcp_global_domain_name_servers` | A list of IP addresses of DNS servers(2) |
| `dhcp_global_domain_name` | The domain name the client should use when resolving host names |
| `dhcp_global_domain_search` | A list of domain names to be used by the client to locate non-FQDNs(1) |
| `dhcp_global_failover` | Failover peer settings (3) |
| `dhcp_global_failover_peer` | Name for the failover peer (e.g. `foo`) |
| `dhcp_global_filename` | Filename to request for boot |
| `dhcp_global_includes_missing` | Boolean. Continue if `includes` file(s) missing from role's files/ |
| `dhcp_global_includes` | List of config files to be included (from `dhcp_config_dir`) |
| `dhcp_global_log_facility` | Global log facility (e.g. `daemon`, `syslog`, `user`, ...) |
| `dhcp_global_max_lease_time` | Maximum lease time in seconds |
| `dhcp_global_next_server` | IP for PXEboot server |
| `dhcp_global_ntp_servers` | List of IP addresses of NTP servers |
| `dhcp_global_omapi_port` | OMAPI port |
| `dhcp_global_omapi_secret` | OMAPI secret |
| `dhcp_global_other_options` | Array of arbitrary additional global options |
| `dhcp_global_routers` | IP address of the router |
| `dhcp_global_server_name` | Server name sent to the client |
| `dhcp_global_server_state` | Service state (started, stopped) |
| `dhcp_global_subnet_mask` | Global subnet mask |
| `dhcp_custom_includes` | List of jinja config files to be included (from `dhcp_config_dir`) |
**Remarks**
(1) This role supports the definition of classes with a match statement, e.g.:
```Yaml
# Class for VirtualBox VMs
dhcp_global_classes:
- name: vbox
match: 'match if binary-to-ascii(16,8,":",substring(hardware, 1, 3)) = "8:0:27"'
```
Class names can be used in the definition of address pools (see below).
(2) The role variable `dhcp_global_domain_name_servers` may be written either as a list (when you have more than one item), or as a string (when you have only one). The following snippet shows an example of both:
```Yaml
# A single DNS server
dhcp_global_domain_name_servers: 8.8.8.8
# A list of DNS servers
dhcp_global_domain_name_servers:
- 8.8.8.8
- 8.8.4.4
```
(3) This role also supports the definition of a failover peer, e.g.:
```Yaml
# Failover peer definition
dhcp_global_failover_peer: failover-group
dhcp_global_failover:
role: primary # | secondary
address: 192.168.222.2
port: 647
peer_address: 192.168.222.3
peer_port: 647
max_response_delay: 15
max_unacked_updates: 10
load_balance_max_seconds: 5
split: 255
mclt: 3600
```
The variable `dhcp_global_failover_peer` contains a name for the configured peer, to be used on a per pool basis. The failover declaration options are specified with the variable `dhcp_global_failover`, a dictionary that may contain the following options:
| Option | Required | Comment |
| :--- | :---: | :-- |
| `address` | no | This server's IP address |
| `hba` | no | colon-separated-hex-list |
| `load_balance_max_seconds` | no | Cutoff after which load balance is disabled (3 to 5 recommended) |
| `max-balance` | no | Failover pool balance statement |
| `max-lease-misbalance` | no | Failover pool balance statement |
| `max-lease-ownership` | no | Failover pool balance statement |
| `max_response_delay` | no | Maximum seconds without contact before engaging failover |
| `max_unacked_updates` | no | Maximum BNDUPD it can send before receiving a BNDACK (10 recommended) |
| `mclt` | no | Maximum Client Lead Time |
| `min-balance` | no | Failover pool balance statement |
| `peer_address` | no | Failover peer's IP addres |
| `peer_port` | no | This server's port (generally 519/520 or 647/847) |
| `port` | no | This server's port (generally 519/520 or 647/847) |
| `role` | no | primary, secondary |
| `split` | no | Load balance split (0-255) |
The failover peer directive has to be in the definition of address pools (see below).
### Subnet declarations
The role variable `dhcp_subnets` contains a list of dicts, specifying the subnet declarations to be added to the DHCP configuration file. Every subnet declaration should have an `ip` and `netmask`, other options are not mandatory. We start this section with an example, a complete overview of supported options follows.
```Yaml
dhcp_subnets:
- ip: 192.168.222.0
netmask: 255.255.255.128
domain_name_servers:
- 10.0.2.3
- 10.0.2.4
range_begin: 192.168.222.50
range_end: 192.168.222.127
- ip: 192.168.222.128
default_lease_time: 3600
max_lease_time: 7200
netmask: 255.255.255.128
domain_name_servers: 10.0.2.3
routers: 192.168.222.129
```
An alphabetical list of supported options in a subnet declaration:
| Option | Required | Comment |
| :--- | :---: | :-- |
| `booting` | no | allow,deny,ignore |
| `bootp` | no | allow,deny,ignore |
| `default_lease_time` | no | Default lease time for this subnet (in seconds) |
| `domain_name_servers` | no | List of domain name servers for this subnet(1) |
| `domain_search` | no | List of domain names for resolution of non-FQDNs(1) |
| `filename` | no | filename to retrieve from boot server |
| `hosts` | no | List of fixed IP address hosts for each subnet, similar to dhcp_hosts |
| `ip` | yes | **Required.** IP address of the subnet |
| `max_lease_time` | no | Maximum lease time for this subnet (in seconds) |
| `netmask` | yes | **Required.** Network mask of the subnet (in dotted decimal notation) |
| `next_server` | no | IP address of the boot server |
| `ntp_servers` | no | List of NTP servers for this subnet |
| `range_begin` | no | Lowest address in the range of dynamic IP addresses to be assigned |
| `range_end` | no | Highest address in the range of dynamic IP addresses to be assigned |
| `ranges` | no | If multiple ranges are needed, they can be specified as a list (2) |
| `routers` | no | IP address of the gateway for this subnet |
| `server_name` | no | Server name sent to the client |
| `subnet_mask` | no | Overrides the `netmask` of the subnet declaration |
You can specify address pools within a subnet by setting the `pools` options. This allows you to specify a pool of addresses that will be treated differently than another pool of addresses, even on the same network segment or subnet. It is a list of dicts with the following keys, all of which are optional:
| Option | Comment |
| :--- | :--- |
| `allow` | Specifies which hosts are allowed in this pool(1) |
| `default_lease_time` | The default lease time for this pool |
| `deny` | Specifies which hosts are not allowed in this pool |
| `domain_name_servers` | The domain name servers to be used for this pool(1) |
| `max_lease_time` | The maximum lease time for this pool |
| `min_lease_time` | The minimum lease time for this pool |
| `range_begin` | The lowest address in this pool |
| `range_end` | The highest address in this pool |
| `ranges` | If multiple ranges are needed, they can be specified as a list (2) |
(1) For the `allow` and `deny` fields, the options are enumerated in [dhcpd.conf(5)](http://linux.die.net/man/5/dhcpd.conf), but include:
- `booting`
- `bootp`
- `client-updates`
- `known-clients`
- `members of "CLASS"`
- `unknown-clients`
(2) For multiple subnet ranges, they can be specified, thus:
```Yaml
ranges:
- { begin: 192.168.222.50, end: 192.168.222.99 }
- { begin: 192.168.222.110, end: 192.168.222.127 }
```
### Host declarations
You can specify hosts that should get a fixed IP address based on their MAC by setting the `dhcp_hosts` option. This is a list of dicts with the following three keys, of which `name` and `mac` are mandatory:
| Option | Comment |
| :--- | :--- |
| `name` | The name of the host |
| `mac` | The MAC address of the host |
| `ip` | The IP address to be assigned to the host |
```Yaml
dhcp_hosts:
- name: cl1
mac: '00:11:22:33:44:55'
ip: 192.168.222.150
- name: cl2
mac: '00:de:ad:be:ef:00'
ip: 192.168.222.151
```
### Specify PXEBoot server
Setting the variable `dhcp_pxeboot_server`, will redirect PXE clients to the specified PXEBoot server in order to boot over the network. The specified server should have boot images on the expected locations. Use e.g. [bertvv.pxeserver](https://galaxy.ansible.com/bertvv/pxeserver) to configure it.
### Custom Includes
Setting the variable `dhcp_custom_inludes` to a jinja template will allow custom configurations to be used which will subsequently be included into the `dhcpd.conf` file. If the template file name has the `.j2` extension it will be removed from the destination file name, else it will preserve the template file name in the destination.
```Yaml
dhcp_custom_includes:
- custom-dhcp-config.conf[.j2]
```
You can create your own variables to use within the template allowing for total flexibility. To avoid variable conflicts make sure that you use variables that are not referenced within this role as this will duplicate configuration in multiple `.conf` files.
```Yaml
dhcp_custom_hosts:
- name: Juniper1
mac: 'de:ad:c0:de:ca:fe'
ip: 192.168.35.160
options:
- name: tftp-server-name
value: 192.168.35.152
- name: host-name
value: Juniper1
- name: NEW_OP.transfer-mode
value: "http"
- name: NEW_OP.config-file-name
value: "/configurations/j1-switch.config"
```
Finally the jinja template must contain valid ISC DHCPD configuration ([dhcpd.conf(5)](http://linux.die.net/man/5/dhcpd.conf)). This is an example of using [bertvv.dhcp](https://galaxy.ansible.com/bertvv/dhcp) for juniper Zero-Touch-Provisioning.
```Jinja
option space NEW_OP;
option NEW_OP.image-file-name code 0 = text;
option NEW_OP.config-file-name code 1 = text;
option NEW_OP.image-file-type code 2 = text;
option NEW_OP.transfer-mode code 3 = text;
option NEW_OP.alt-image-file-name code 4= text;
option NEW_OP.http-port code 5= text;
option NEW_OP-encapsulation code 43 = encapsulate NEW_OP;
{% if dhcp_custom_hosts is defined %}
#
# Host declarations
#
{% for host in dhcp_custom_hosts %}
host {{ host.name | replace (" ","_") | replace ("'","_") | replace (":","_") }} {
hardware ethernet {{ host.mac }};
{% if host.ip is defined %}
fixed-address {{ host.ip }};
{% endif %}
{% if host.options is defined %}
{% for option in host.options %}
{{ option.name }} "{{ option.value }}"
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
```
## Dependencies
No dependencies.
## Example Playbook
See the [test playbook](https://github.com/bertvv/ansible-role-dhcp/blob/vagrant-tests/test.yml)
## Testing
Tests for this role are provided in the form of a Vagrant environment that is kept in a separate branch, `vagrant-tests`. For more information about setting up the test environment and running the tests, refer to the [README](https://github.com/bertvv/ansible-role-dhcp/blob/vagrant-tests/README.md) of the test branch.
## License
BSD
## Contributing
Issues, feature requests, ideas are appreciated and can be posted in the Issues section. Pull requests are also very welcome. Preferably, create a topic branch and when submitting, squash your commits into one (with a descriptive message).
### Contributors
- [Ahmed Sghaier](https://github.com/asghaier)
- [Alessandro Ogier](https://github.com/aogier)
- [Alex Gittings](https://github.com/minitriga)
- [Bert Van Vreckem](https://github.com/bertvv) (maintainer)
- [Birgit Croux](https://github.com/birgitcroux/)
- [@cacheira](https://github.com/cacheira)
- [@donvipre](https://github.com/donvipre)
- Felix Egli
- [Guillaume Parent](https://github.com/gparent)
- [Jonathan Piron](https://github.com/jpiron)
- [Josh Benner](https://github.com/joshbenner)
- [@jpiron](https://github.com/jpiron)
- [@lijok](https://github.com/lijok)
- [Maxim Baranov](https://github.com/mbaran0v)
- [@RayfordJ](https://github.com/rayfordj)
- [Rian Bogle](https://github.com/rbogle/)
- [Stuart Knight](https://github.com/blofeldthefish) (maintainer)

7
roles/dhcp/defaults/main.yml
View File

@ -1,7 +0,0 @@
# roles/dhcp/defaults/main.yml
---
dhcp_apparmor_fix: true
dhcp_global_includes_missing: false
dhcp_packages_state: "present"
dhcp_subnets: []

12
roles/dhcp/handlers/main.yml
View File

@ -1,12 +0,0 @@
# roles/dhcp/handlers/main.yml
---
- name: restart dhcp
service:
name: "{{ dhcp_service }}"
state: "{{ (dhcp_global_server_state | default('started') == 'started') | ternary('restarted', 'stopped') }}"
- name: restart apparmor
service:
name: apparmor
state: restarted

2
roles/dhcp/meta/.galaxy_install_info
View File

@ -1,2 +0,0 @@
install_date: Sat Feb 27 13:38:57 2021
version: master

21
roles/dhcp/meta/main.yml
View File

@ -1,21 +0,0 @@
---
galaxy_info:
author: Bert Van Vreckem
description: Ansible role for setting up ISC DHCPD.
license: BSD
min_ansible_version: 2.8
platforms:
- name: EL
versions:
- 7
- 8
- name: Fedora
versions:
- 29
- name: Ubuntu
versions:
- bionic
galaxy_tags:
- system
- networking
dependencies: []

38
roles/dhcp/tasks/apparmor-fix.yml
View File

@ -1,38 +0,0 @@
# roles/dhcp/tasks/apparmor-fix.yml
# This playbook adds an AppArmor policy rule that allows the dhcpd process to
# acces temporary config files copied to the server by Ansible.
---
- name: AppArmor fix | Check if policy file exists
stat:
path: "{{ dhcp_apparmor_policy }}"
register: apparmor_policyfile
tags: dhcp
- name: AppArmor fix | Ensure dhcpd can acces temp config file for validation (1/2)
lineinfile:
dest: "{{ dhcp_apparmor_policy }}"
line: ' capability dac_override,'
insertafter: ' capability setuid,'
state: present
create: false
when: apparmor_policyfile.stat.exists
failed_when: false
notify: restart apparmor
tags: dhcp
- name: AppArmor fix | Ensure dhcpd can acces temp config file for validation (2/2)
lineinfile:
dest: "{{ dhcp_apparmor_policy }}"
line: ' /home/*/.ansible/** r,'
insertbefore: '.*/etc/dhcp/ r,'
state: present
create: false
when: apparmor_policyfile.stat.exists
failed_when: false
#register: apparmor_fix_2
notify: restart apparmor
tags: dhcp
- name: AppArmor fix | Force running handlers now
meta: flush_handlers

11
roles/dhcp/tasks/default-fix.yml
View File

@ -1,11 +0,0 @@
# roles/dhcp/tasks/default-fix.yml
# This playbook adjusts a required dhcp package "default" file,
# specific to debian-like installs
---
- name: Defaults fix | Set a default listening interface
lineinfile:
dest: /etc/default/isc-dhcp-server
line: 'INTERFACESv4="{{ dhcp_interfaces | default(ansible_default_ipv4.interface) }}"'
regexp: '^INTERFACESv4='
tags: dhcp

70
roles/dhcp/tasks/main.yml
View File

@ -1,70 +0,0 @@
# roles/dhcp/tasks/main.yml
---
- name: Load distro-specific variables
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yml"
- "{{ ansible_os_family }}.yml"
- "{{ default }}.yml"
tags: dhcp
- name: Install packages
package:
name: "{{ dhcp_packages }}"
state: "{{ dhcp_packages_state }}"
tags: dhcp
- include_tasks: apparmor-fix.yml
when: ansible_os_family == 'Debian' and dhcp_apparmor_fix|bool
tags: dhcp
- include_tasks: default-fix.yml
when: ansible_os_family == 'Debian'
tags: dhcp
- name: Install custom includes
template:
src: "{{ item }}"
dest: "{{ dhcp_config_dir }}/{{ ( item | basename ).split('.j2')[0] }}"
owner: root
group: root
mode: 0644
with_items: "{{ dhcp_custom_includes }}"
when: dhcp_custom_includes is defined
notify: restart dhcp
tags: dhcp
- name: Install includes
copy:
src: "{{ item }}"
dest: "{{ dhcp_config_dir }}/{{ item | basename }}"
with_items: "{{ dhcp_global_includes }}"
when: dhcp_global_includes is defined
ignore_errors: "{{ dhcp_global_includes_missing }}"
tags: dhcp
- name: Set config directory perms
file:
path: "{{ dhcp_config | dirname }}"
state: directory
mode: 0755
tags: dhcp
- name: Install config file
template:
src: etc_dhcp_dhcpd.conf.j2
dest: "{{ dhcp_config }}"
owner: root
group: root
mode: 0644
validate: 'dhcpd -t -cf %s'
notify: restart dhcp
tags: dhcp
- name: "Ensure service is {{ dhcp_global_server_state | default('started') }}"
service:
name: "{{ dhcp_service }}"
state: "{{ dhcp_global_server_state | default('started') }}"
enabled: true
tags: dhcp

317
roles/dhcp/templates/etc_dhcp_dhcpd.conf.j2
View File

@ -1,317 +0,0 @@
# ISC DHCPD configuration -- don't edit manually!
#
# {{ ansible_managed }}
#
# Global options
#
{% if dhcp_global_omapi_port is defined %}
omapi-port {{ dhcp_global_omapi_port }};
{% endif %}
{% if dhcp_global_omapi_secret is defined %}
key omapi_key {
algorithm HMAC-MD5;
secret "{{ dhcp_global_omapi_secret }}";
};
{% endif %}
{% if dhcp_global_authoritative is defined %}
{{ dhcp_global_authoritative }};
{% endif %}
{% if dhcp_global_log_facility is defined %}
log-facility {{ dhcp_global_log_facility }};
{% endif %}
{% if dhcp_global_bootp is defined %}
{{ dhcp_global_bootp }} bootp;
{% endif %}
{% if dhcp_global_booting is defined %}
{{ dhcp_global_booting }} booting;
{% endif %}
{% if dhcp_global_next_server is defined %}
next-server {{ dhcp_global_next_server}};
{% endif %}
{% if dhcp_global_filename is defined %}
filename "{{ dhcp_global_filename }}";
{% endif %}
{% if dhcp_global_default_lease_time is defined %}
default-lease-time {{ dhcp_global_default_lease_time }};
{% endif %}
{% if dhcp_global_max_lease_time is defined %}
max-lease-time {{ dhcp_global_max_lease_time }};
{% endif %}
{% if dhcp_global_subnet_mask is defined %}
option subnet-mask {{ dhcp_global_subnet_mask }};
{% endif %}
{% if dhcp_global_broadcast_address is defined %}
option broadcast-address {{ dhcp_global_broadcast_address }};
{% endif %}
{% if dhcp_global_routers is defined %}
option routers {{ dhcp_global_routers }};
{% endif %}
{% if dhcp_global_domain_name is defined %}
option domain-name "{{ dhcp_global_domain_name }}";
{% endif %}
{% if dhcp_global_ntp_servers is defined %}
{% if dhcp_global_ntp_servers is string %}
option ntp-servers {{ dhcp_global_ntp_servers }};
{% else %}
option ntp-servers {{ dhcp_global_ntp_servers|join(', ') }};
{% endif %}
{% endif %}
{% if dhcp_global_domain_name_servers is defined %}
{% if dhcp_global_domain_name_servers is string %}
option domain-name-servers {{ dhcp_global_domain_name_servers }};
{% else %}
option domain-name-servers {{ dhcp_global_domain_name_servers|join(', ') }};
{% endif %}
{% endif %}
{% if dhcp_global_domain_search is defined %}
{% if dhcp_global_domain_search is string %}
option domain-search "{{ dhcp_global_domain_search }}";
{% else %}
option domain-search "{{ dhcp_global_domain_search|join('", "') }}";
{% endif %}
{% endif %}
{% if dhcp_global_server_name is defined %}
option server-name "{{ dhcp_global_server_name }}";
{% endif %}
{% if dhcp_global_other_options is defined %}
{% for option in dhcp_global_other_options %}
option {{ option }};
{% endfor %}
{% endif %}
{% if dhcp_global_failover_peer is defined %}
#
# DHCP Failover config
#
# Notes: In the past couple years, TCP ports 647 (primary) and 847 (peer) have
# emerged as the standard bindings for DHCP dhcp_global_failover It is worth noting that as
# recently as 2005, the dhcpd.conf(5) man page used ports 519 and 520 in its
# failover example, but 647 and 847 look like good choices as of 2008. However,
# the dhcpd.conf(5) man page says that the primary port and the peer port may be
# the same number.
failover peer "{{ dhcp_global_failover_peer }}" {
{% if dhcp_global_failover.role is defined %}
# [ primary | secondary ];
{{ dhcp_global_failover.role }};
{% endif %}
{% if dhcp_global_failover.address is defined %}
address {{ dhcp_global_failover.address }};
{% endif %}
{% if dhcp_global_failover.port is defined %}
port {{ dhcp_global_failover.port }};
{% endif %}
{% if dhcp_global_failover.peer_address is defined %}
peer address {{ dhcp_global_failover.peer_address }};
{% endif %}
{% if dhcp_global_failover.peer_port is defined %}
peer port {{ dhcp_global_failover.peer_port }};
{% endif %}
{% if dhcp_global_failover.max_response_delay is defined %}
max-response-delay {{ dhcp_global_failover.max_response_delay }};
{% endif %}
{% if dhcp_global_failover.max_unacked_updates is defined %}
max-unacked-updates {{ dhcp_global_failover.max_unacked_updates }};
{% endif %}
{% if dhcp_global_failover.split is defined %}
split {{ dhcp_global_failover.split }};
{% endif %}
{% if dhcp_global_failover.hba is defined %}
hba {{ dhcp_global_failover.hba }};
{% endif %}
{% if dhcp_global_failover.mclt is defined %}
mclt {{ dhcp_global_failover.mclt }};
{% endif %}
{% if dhcp_global_failover.load_balance_max_seconds is defined %}
load balance max seconds {{ dhcp_global_failover.load_balance_max_seconds }};
{% endif %}
{% if dhcp_global_failover.max_lease_misbalance is defined %}
max-lease-misbalance {{ dhcp_global_failover.max_lease_misbalance }};
{% endif %}
{% if dhcp_global_failover.max_lease_ownership is defined %}
max-lease-ownership {{ dhcp_global_failover.max_lease_ownership }};
{% endif %}
{% if dhcp_global_failover.min_balance is defined %}
min-balance {{ dhcp_global_failover.min_balance }};
{% endif %}
{% if dhcp_global_failover.max_balance is defined %}
max-balance {{ dhcp_global_failover.max_balance }};
{% endif %}
}
{% endif %}
{% if dhcp_global_includes is defined %}
#
# Includes
#
{% for include in dhcp_global_includes %}
include "{{ dhcp_config_dir }}/{{ include | basename }}";
{% endfor %}
{% endif %}
{% if dhcp_custom_includes is defined%}
#
# Custom Includes
#
{% for include in dhcp_custom_includes %}
include "{{ dhcp_config_dir }}/{{ ( include | basename ).split('.j2')[0] }}";
{% endfor %}
{% endif %}
{% if dhcp_global_classes is defined %}
#
# Classes
#
{% for class in dhcp_global_classes %}
class "{{ class.name }}" {
{% if class.match is defined %}
{{ class.match }};
{% endif %}
}
{% endfor %}
{% endif %}
#
# Subnet declarations
#
{% for subnet in dhcp_subnets %}
subnet {{ subnet.ip }} netmask {{ subnet.netmask }} {
{% if subnet.default_lease_time is defined %}
default-lease-time {{ subnet.default_lease_time }};
{% endif %}
{% if subnet.max_lease_time is defined %}
max-lease-time {{ subnet.max_lease_time }};
{% endif %}
{% if subnet.routers is defined %}
option routers {{ subnet.routers }};
{% endif %}
{% if subnet.subnet_mask is defined %}
option subnet-mask {{ subnet.subnet_mask }};
{% endif %}
{% if subnet.domain_search is defined %}
{% if subnet.domain_search is string %}
option domain-search "{{ subnet.domain_search }}";
{% else %}
option domain-search "{{ subnet.domain_search|join('", "') }}";
{% endif %}
{% endif %}
{% if subnet.domain_name_servers is defined %}
{% if subnet.domain_name_servers is string %}
option domain-name-servers {{ subnet.domain_name_servers }};
{% else %}
option domain-name-servers {{ subnet.domain_name_servers|join(', ') }};
{% endif %}
{% endif %}
{% if subnet.ntp_servers is defined %}
{% if subnet.ntp_servers is string %}
option ntp-servers {{ subnet.ntp_servers }};
{% else %}
option ntp-servers {{ subnet.ntp_servers|join(', ') }};
{% endif %}
{% endif %}
{% if subnet.range_begin is defined and subnet.range_end is defined %}
range {{ subnet.range_begin }} {{ subnet.range_end }};
{% endif %}
{% if subnet.ranges is defined %}
{% for range in subnet.ranges %}
range {{ range.begin }} {{ range.end }};
{% endfor %}
{% endif %}
{% if subnet.server_name is defined %}
server-name {{ subnet.server_name }};
{% endif %}
{% if subnet.next_server is defined %}
next-server {{ subnet.next_server }};
{% endif %}
{% if subnet.filename is defined %}
filename "{{ subnet.filename }}";
{% endif %}
{% if subnet.bootp is defined %}
{{ subnet.bootp }} bootp;
{% endif %}
{% if subnet.booting is defined %}
{{ subnet.booting }} booting;
{% endif %}
{% if subnet.hosts is defined %}
{% for host in subnet.hosts %}
host {{ host.name }} {
hardware ethernet {{ host.mac }};
fixed-address {{ host.ip }};
}
{% endfor %}
{% endif %}
{% if subnet.pools is defined %}
# Address pool(s)
{% for pool in subnet.pools %}
pool {
{% if pool.failover_peer is defined %}
# This pool has failover, see above for server details
failover peer "{{ pool.failover_peer }}";
{% endif %}
{% if pool.domain_name_servers is defined %}
{% if pool.domain_name_servers is string %}
option domain-name-servers {{ pool.domain_name_servers }};
{% else %}
option domain-name-servers {{ pool.domain_name_servers|join(', ') }};
{% endif %}
{% endif %}
{% if pool.default_lease_time is defined %}
default-lease-time {{ pool.default_lease_time }};
{% endif %}
{% if pool.min_lease_time is defined %}
min-lease-time {{ pool.min_lease_time }};
{% endif %}
{% if pool.max_lease_time is defined %}
max-lease-time {{ pool.max_lease_time }};
{% endif %}
{% if pool.range_begin is defined and pool.range_end is defined %}
range {{ pool.range_begin }} {{ pool.range_end }};
{% endif %}
{% if pool.ranges is defined %}
{% for range in pool.ranges %}
range {{ range.begin }} {{ range.end }};
{% endfor %}
{% endif %}
{% if pool.allow is defined %}
allow {{ pool.allow }};
{% endif %}
{% if pool.deny is defined %}
deny {{ pool.deny }};
{% endif %}
}
{% endfor %}
{% endif %}
}
{% endfor %}
{% if dhcp_hosts is defined %}
#
# Host declarations
#
{% for host in dhcp_hosts %}
host {{ host.name | replace (" ","_") | replace ("'","_") | replace (":","_") }} {
hardware ethernet {{ host.mac }};
{% if host.ip is defined %}
fixed-address {{ host.ip }};
{% endif %}
}
{% endfor %}
{% endif %}
{% if dhcp_pxeboot_server is defined %}
#
# PXEBoot server settings
#
option arch code 93 = unsigned integer 16; # RFC4578
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
next-server {{ dhcp_pxeboot_server }};
if option arch = 00:07 {
filename "pxelinux/bootx64.efi";
} else {
filename "pxelinux/pxelinux.0";
}
}
{% endif %}

12
roles/dhcp/vars/Alpine.yml
View File

@ -1,12 +0,0 @@
# roles/dhcp/vars/Alpine.yml
---
dhcp_packages:
- dhcp
dhcp_config_dir: /etc/dhcp
dhcp_config: /etc/dhcp/dhcpd.conf
dhcp_service: dhcpd

13
roles/dhcp/vars/Debian.yml
View File

@ -1,13 +0,0 @@
# roles/dhcp/vars/Debian.yml
---
dhcp_packages:
- isc-dhcp-server
dhcp_config_dir: /etc/dhcp
dhcp_config: /etc/dhcp/dhcpd.conf
dhcp_service: isc-dhcp-server
dhcp_apparmor_policy: /etc/apparmor.d/usr.sbin.dhcpd

11
roles/dhcp/vars/RedHat.yml
View File

@ -1,11 +0,0 @@
# roles/dhcp/vars/RedHat.yml
---
dhcp_packages:
- "{{ ( ansible_distribution_major_version == '8' ) | ternary( 'dhcp-server', 'dhcp' ) }}"
dhcp_config_dir: /etc/dhcp
dhcp_config: /etc/dhcp/dhcpd.conf
dhcp_service: dhcpd

3
roles/docker/.ansible-lint
View File

@ -1,3 +0,0 @@
skip_list:
- '306'
- '106'

4
roles/docker/.github/FUNDING.yml vendored
View File

@ -1,4 +0,0 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

56
roles/docker/.github/stale.yml vendored
View File

@ -1,56 +0,0 @@
# Configuration for probot-stale - https://github.com/probot/stale
---
# Number of days of inactivity before an Issue or Pull Request becomes stale
daysUntilStale: 90
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
daysUntilClose: 30
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
onlyLabels: []
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
exemptLabels:
- pinned
- security
- planned
# Set to true to ignore issues in a project (defaults to false)
exemptProjects: false
# Set to true to ignore issues in a milestone (defaults to false)
exemptMilestones: false
# Set to true to ignore issues with an assignee (defaults to false)
exemptAssignees: false
# Label to use when marking as stale
staleLabel: stale
# Limit the number of actions per hour, from 1-30. Default is 30
limitPerRun: 30
pulls:
markComment: |-
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
unmarkComment: >-
This pull request is no longer marked for closure.
closeComment: >-
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
issues:
markComment: |-
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
unmarkComment: >-
This issue is no longer marked for closure.
closeComment: >-
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

72
roles/docker/.github/workflows/ci.yml vendored
View File

@ -1,72 +0,0 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 7 * * 0"
defaults:
run:
working-directory: 'geerlingguy.docker'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint ansible-lint
- name: Lint code.
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- centos8
- centos7
- ubuntu2004
- ubuntu1804
- debian10
- debian9
- fedora31
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

38
roles/docker/.github/workflows/release.yml vendored
View File

@ -1,38 +0,0 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.docker'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v2
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-base
- name: Trigger a new import on Galaxy.
run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

3
roles/docker/.gitignore vendored
View File

@ -1,3 +0,0 @@
*.retry
*/__pycache__
*.pyc

11
roles/docker/.yamllint
View File

@ -1,11 +0,0 @@
---
extends: default
rules:
line-length:
max: 200
level: warning
ignore: |
.github/stale.yml
.travis.yml

20
roles/docker/LICENSE
View File

@ -1,20 +0,0 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

97
roles/docker/README.md
View File

@ -1,97 +0,0 @@
# Ansible Role: Docker
[![CI](https://github.com/geerlingguy/ansible-role-docker/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-docker/actions?query=workflow%3ACI)
An Ansible Role that installs [Docker](https://www.docker.com) on Linux.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_package: "docker-{{ docker_edition }}"
docker_package_state: present
The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: Red Hat/CentOS: `docker-{{ docker_edition }}-<VERSION>`; Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>`.
You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted
Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set these to `stopped` and set the enabled variable to `no`.
docker_install_compose: true
docker_compose_version: "1.26.0"
docker_compose_path: /usr/local/bin/docker-compose
Docker Compose installation options.
docker_apt_release_channel: stable
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_ignore_key_error: True
docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
Usually in combination with changing `docker_apt_repository` as well.
docker_yum_repo_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
Usually in combination with changing `docker_yum_repository` as well.
docker_users:
- user1
- user2
A list of system users to be added to the `docker` group (so they can use Docker on the server).
## Use with Ansible (and `docker` Python library)
Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role:
```yaml
- hosts: all
vars:
pip_install_packages:
- name: docker
roles:
- geerlingguy.pip
- geerlingguy.docker
```
## Dependencies
None.
## Example Playbook
```yaml
- hosts: all
roles:
- geerlingguy.docker
```
## License
MIT / BSD
## Author Information
This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

31
roles/docker/defaults/main.yml
View File

@ -1,31 +0,0 @@
---
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_package: "docker-{{ docker_edition }}"
docker_package_state: present
# Service options.
docker_service_state: started
docker_service_enabled: true
docker_restart_handler_state: restarted
# Docker Compose options.
docker_install_compose: true
docker_compose_version: "1.26.0"
docker_compose_path: /usr/local/bin/docker-compose
# Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed.
docker_apt_release_channel: stable
docker_apt_arch: amd64
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
docker_apt_ignore_key_error: true
docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
# Used only for RedHat/CentOS/Fedora.
docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
# A list of users who will be added to the docker group.
docker_users: []

3
roles/docker/handlers/main.yml
View File

@ -1,3 +0,0 @@
---
- name: restart docker
service: "name=docker state={{ docker_restart_handler_state }}"

2
roles/docker/meta/.galaxy_install_info
View File

@ -1,2 +0,0 @@
install_date: Tue Feb 16 21:35:59 2021
version: 3.0.0

35
roles/docker/meta/main.yml
View File

@ -1,35 +0,0 @@
---
dependencies: []
galaxy_info:
role_name: docker
author: geerlingguy
description: Docker for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
platforms:
- name: EL
versions:
- 7
- 8
- name: Fedora
versions:
- all
- name: Debian
versions:
- stretch
- buster
- name: Ubuntu
versions:
- xenial
- bionic
- focal
galaxy_tags:
- web
- system
- containers
- docker
- orchestration
- compose
- server

24
roles/docker/molecule/default/converge.yml
View File

@ -1,24 +0,0 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
- name: Wait for systemd to complete initialization. # noqa 303
command: systemctl is-system-running
register: systemctl_status
until: >
'running' in systemctl_status.stdout or
'degraded' in systemctl_status.stdout
retries: 30
delay: 5
when: ansible_service_mgr == 'systemd'
changed_when: false
failed_when: systemctl_status.rc > 1
roles:
- role: geerlingguy.docker

17
roles/docker/molecule/default/molecule.yml
View File

@ -1,17 +0,0 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

20
roles/docker/tasks/docker-compose.yml
View File

@ -1,20 +0,0 @@
---
- name: Check current docker-compose version.
command: docker-compose --version
register: docker_compose_current_version
changed_when: false
failed_when: false
- name: Delete existing docker-compose version if it's different.
file:
path: "{{ docker_compose_path }}"
state: absent
when: >
docker_compose_current_version.stdout is defined
and docker_compose_version not in docker_compose_current_version.stdout
- name: Install Docker Compose (if configured).
get_url:
url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64
dest: "{{ docker_compose_path }}"
mode: 0755

7
roles/docker/tasks/docker-users.yml
View File

@ -1,7 +0,0 @@
---
- name: Ensure docker users are added to the docker group.
user:
name: "{{ item }}"
groups: docker
append: true
with_items: "{{ docker_users }}"

27
roles/docker/tasks/main.yml
View File

@ -1,27 +0,0 @@
---
- include_tasks: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include_tasks: setup-Debian.yml
when: ansible_os_family == 'Debian'
- name: Install Docker.
package:
name: "{{ docker_package }}"
state: "{{ docker_package_state }}"
notify: restart docker
- name: Ensure Docker is started and enabled at boot.
service:
name: docker
state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}"
- name: Ensure handlers are notified now to avoid firewall conflicts.
meta: flush_handlers
- include_tasks: docker-compose.yml
when: docker_install_compose | bool
- include_tasks: docker-users.yml
when: docker_users | length > 0

40
roles/docker/tasks/setup-Debian.yml
View File

@ -1,40 +0,0 @@
---
- name: Ensure old versions of Docker are not installed.
package:
name:
- docker
- docker-engine
state: absent
- name: Ensure dependencies are installed.
apt:
name:
- apt-transport-https
- ca-certificates
- gnupg2
state: present
- name: Add Docker apt key.
apt_key:
url: "{{ docker_apt_gpg_key }}"
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
state: present
register: add_repository_key
ignore_errors: "{{ docker_apt_ignore_key_error }}"
- name: Ensure curl is present (on older systems without SNI).
package: name=curl state=present
when: add_repository_key is failed
- name: Add Docker apt key (alternative for older systems without SNI).
shell: >
curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add -
args:
warn: false
when: add_repository_key is failed
- name: Add Docker repository.
apt_repository:
repo: "{{ docker_apt_repository }}"
state: present
update_cache: true

50
roles/docker/tasks/setup-RedHat.yml
View File

@ -1,50 +0,0 @@
---
- name: Ensure old versions of Docker are not installed.
package:
name:
- docker
- docker-common
- docker-engine
state: absent
- name: Add Docker GPG key.
rpm_key:
key: "{{ docker_yum_gpg_key }}"
state: present
- name: Add Docker repository.
get_url:
url: "{{ docker_yum_repo_url }}"
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
owner: root
group: root
mode: 0644
- name: Configure Docker Nightly repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-nightly'
option: enabled
value: '{{ docker_yum_repo_enable_nightly }}'
mode: 0644
- name: Configure Docker Test repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-test'
option: enabled
value: '{{ docker_yum_repo_enable_test }}'
mode: 0644
- name: Configure containerd on RHEL 8.
block:
- name: Ensure container-selinux is installed.
package:
name: container-selinux
state: present
- name: Ensure containerd.io is installed.
package:
name: containerd.io
state: present
when: ansible_distribution_major_version | int == 8

65
roles/factorio/.github/workflows/ansible-tests.yml vendored
View File

@ -1,65 +0,0 @@
---
# Got this action from: https://github.com/colin-mccarthy/ansible_lint_demo
name: Ansible Tests
on: pull_request
jobs:
yamllint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r dev-requirements.txt
- name: Test with molecule
run: make lint
molecule_centos:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install dependencies
run: |
sudo apt install docker
python -m pip install --upgrade pip
pip install -r dev-requirements.txt
- name: Test with molecule
run: make test_centos
molecule_debian:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install dependencies
run: |
sudo apt install docker
python -m pip install --upgrade pip
pip install -r dev-requirements.txt
- name: Test with molecule
run: make test_debian
molecule_ubuntu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install dependencies
run: |
sudo apt install docker
python -m pip install --upgrade pip
pip install -r dev-requirements.txt
- name: Test with molecule
run: make test_ubuntu

1
roles/factorio/.gitignore vendored
View File

@ -1 +0,0 @@
vendor

13
roles/factorio/.yamllint
View File

@ -1,13 +0,0 @@
---
extends: default
rules:
empty-lines: disable
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
truthy: disable

257
roles/factorio/README.md
View File

@ -1,257 +0,0 @@
# Factorio
[![Install from Ansible Galaxy](https://img.shields.io/badge/role-bplower.factorio-blue.svg)](https://galaxy.ansible.com/bplower/factorio/)
![Ansible Lint](https://github.com/bplower/ansible-factorio/workflows/Ansible%20Tests/badge.svg)
A role for creating Factorio servers
https://galaxy.ansible.com/bplower/factorio/
## Requirements
No requirements
## Role Variables
Variables can be roughly divided into two groups: deployment configurations and
Factorio configurations.
### Deployment Configurations
The deployment configurations are all related to the way in which ansible
installs the factorio server. These should be abstracted enough to allow
multiple factorio servers to be run simultaneously.
```
server_sources: "/opt/games/sources/factorio"
server_version: "0.17.79"
download_url: "https://www.factorio.com/get-download/{{ server_version }}/headless/linux64"
service_name: "factorio-server"
service_user: "factorio"
service_group: "factorio"
service_root: "/home/{{ service_user }}"
service_port: 34197
service_restart_permitted: true
factorio_default_save: "{{ service_root }}/factorio/saves/default-save.zip"
factorio_target_save: "{{ factorio_default_save }}"
```
More detailed information about these variables is as follows:
- Variable: `server_sources`<br>
Default: `"/opt/games/sources/factorio"`<br>
Comments: <br>
Where to cache server binaries downloaded from the download_url
- Variable: `server_version`<br>
Default: `"0.17.79"`<br>
Choices:
- "0.18.26"
- "0.17.79"
- "0.17.74"
- "0.16.51"
- "0.15.40"
- "0.14.23"
- "0.13.20"
- "0.12.35"
Comments:<br>
You must set the `download_checksum` value if you set this variable. This
value is used in the default `download_url`.
- Variable: `download_url`<br>
Default: `"https://www.factorio.com/get-download/{{ server_version }}/headless/linux64"`<br>
Comments:<br>
The URL to download the server binary from. This will only be downloaded if
the path `"{{ server_sources }}/factorio-{{ server_version }}.tar.gz"` does
not exist.
- Variable: `download_checksum`<br>
Default: `"sha256:9ace12fa986df028dc1851bf4de2cb038044d743e98823bc1c48ba21aa4d23df"`
Comments:<br>
The checksum that must match the downloaded server binary. This ensures the integrity.
If you change the `download_url` or `server_version`, you need to adapt the checksum as well. To get the
checksum of a server binary, you can use `curl --silent --location <download_url> | sha256sum`.
To disable the checksum verification, just set it to an empty string (`""`).
- Variable: `service_name`<br>
Default: `"factorio-server"`<br>
Comments:<br>
The name of the service to create. Multiple instances of factorio servers can
be run on a single host by providing different values for this variable (See
the examples section of this document).
- Variable: `service_user`<br>
Default: `"factorio"`<br>
Comments:<br>
The user the service should be run as.
- Variable: `service_group`<br>
Default: `"factorio"`<br>
Comments:<br>
The group the service user should be a member of.
- Variable: `service_root`<br>
Default: `"/home/{{ service_user }}"`<br>
Comments:<br>
The directory in which to store the contents of the factorio zip file
downloaded from the server. This will result in the factorio resources being
stored at `{{ service_root }}/factorio/`.
- Variab: `service_port`<br>
Default: `34197`<br>
Comments:<br>
The port to host the service on. This default is the factorio default value.
- Variable: `service_restart_permitted`<br>
Default: `true`<br>
Comments:<br>
Setting this to `false` will prevent the service from being restarted if
changes were applied. This allows settings to be applied in preparation for
the next service restart without immediately causing service interruption.
- Variable: `factorio_default_save`<br>
Default: `"{{ service_root }}/factorio/saves/default-save.zip"`<br>
Comments:<br>
The default save file used by the server.
- Variable: `factorio_target_save`<br>
Default: `"{{ factorio_default_save }}"`<br>
Comments:<br>
The save file to be run by the server. This distinction is provided to
facilitate switching between multiple save files.
### Factorio Configurations
Settings for various config files can be set in dictionaries loosely named after
the file. Each dictionary starts with `factorio_` followed by the filename
(excluding the filetype extension) where hyphens ( - ) are replaced by
underscores ( _ ). For example, the `server-settings.json` file is associated
with the dictionary variable `factorio_server_settings`.
The `default/` folder contains serveral files showing example dictionaries
representing the values provided by the Factorio servers various examples JSON
files.
The following is a list of config files that have been implemented:
- Filename: `server-settings.json`<br>
Variable: `factorio_server_settings`<br>
Example:
```
factorio_server_settings:
name: "My Public Server"
max_players: 10
game_password: "mypassword"
visibility:
public: true
lan: true
```
- Filename: `server-whitelist.json`<br>
Variable: `factorio_server_whitelist`<br>
Example:
```
factorio_server_whitelist:
- Oxyd
```
- Filename: `map-settings.json`<br>
Variable: `factorio_map_settings`<br>
Example:
```
factorio_map_settings:
pollution:
enabled: false
```
- Filename: `map-gen-settings.json`<br>
Variable: `factorio_map_gen_settings`<br>
Example:
```
factorio_map_gen_settings:
water: "high"
autoplace_controles:
coal:
size: "very-low"
```
## Example Playbooks
An out of the box example might look as follows:
```
---
- name: Create a default factorio server
hosts: localhost
roles:
- role: bplower.factorio
```
An example with a non-default port, and customized name:
```
---
- name: My slightly changed factorio server
hosts: localhost
roles:
- role: bplower.factorio
service_port: 12345
factorio_server_settings:
name: "My factorio server"
```
An example of multiple servers on a single host:
```
---
- name: Factorio farm
hosts: localhost
roles:
- role: bplower.factorio
service_port: 50001
service_name: factorio_1
service_root: /home/{{ service_user }}/{{ service_name }}
- role: bplower.factorio
service_port: 50002
service_name: factorio_2
service_root: /home/{{ service_user }}/{{ service_name }}
```
## License
GNU GPLv3
# Development & Contributions
I don't use this project regularly anymore, but I try to keep it up to date when
possible. If you have any issues or questions about it, I encourage you to open
a PR or issue.
## Testing
This role uses yamllint for yaml validation, and molecule + docker for testing.
Both tools can be installed using the `dev-requirements.txt` file. You will need
to install docker separately.
```
pip install -r dev-requirements.txt`
```
Grouping all supported platforms together caused issues for CI, so the test are
split into 3 scenarios based on the platforms being tested.
The makefile can be used to start each of the tests, and supports a helpmenu with
descriptions for each target:
```
$ make help
Usage:
make
Targets:
help Display this help
lint Lint yaml files
test_all Run all molecule tests
test_centos Run molecule centos tests
test_debian Run molecule debian tests
test_ubuntu Run molecule ubuntu tests
```

44
roles/factorio/defaults/main.yml
View File

@ -1,44 +0,0 @@
---
# defaults file for factorio
server_version: "0.17.79"
server_sources: "/opt/games/sources/factorio"
download_url: "https://www.factorio.com/get-download/{{ server_version }}/headless/linux64"
download_checksum: "sha256:9ace12fa986df028dc1851bf4de2cb038044d743e98823bc1c48ba21aa4d23df"
# Configs for the service running the server
service_name: "factorio-server"
service_user: "factorio"
service_group: "factorio"
service_root: "/home/{{ service_user }}"
service_port: 34197
service_restart_permitted: true
factorio_default_save: "{{ service_root }}/factorio/saves/default-save.zip"
factorio_target_save: "{{ factorio_default_save }}"
# Configs for the factorio server. These examples were copied from
# server-settings.example.json and are saved in server-settings.json
factorio_server_settings: {}
# Do not define server settings in this dictionary. This dictionary allows you
# to overwrite a single setting without requiring you to provide other defaults.
# See the documentation for more information.
default_factorio_server_settings:
name: "Name of the game as it will appear in the game listing"
description: "Description of the game that will appear in the listing"
visibility:
public: false
lan: true
# server-whitelist.json settings
factorio_server_whitelist_enabled: false
# factorio_server_whitelist: []
# map-gen-settings.json settings
factorio_map_gen_settings_enabled: false
# factorio_map_gen_settings: {}
# map-settings.json settings
factorio_map_settings_enabled: false
# factorio_map_settings: {}
ansible_name_prefix: "({{ service_name }})"

40
roles/factorio/defaults/map-gen-settings.yml
View File

@ -1,40 +0,0 @@
---
# Settings for the map-gen-settings.json file
# Right now this is just an example of the default values as shown in the
# map-gen-settings.example.json file that's provided with the factorio server
factorio_map_gen_settings:
# Sizes can be specified as none, very-low, low, normal, high, very-high
terrain_segmentation: "normal"
water: "normal"
width: 0
height: 0
starting_area: "normal"
peaceful_mode: false
autoplace_controls:
coal:
frequency: "normal"
size: "normal"
richness: "normal"
copper-ore:
frequency: "normal"
size: "normal"
richness: "normal"
crude-oil:
frequency: "normal"
size: "normal"
richness: "normal"
enemy-base:
frequency: "normal"
size: "normal"
richness: "normal"
iron-ore:
frequency: "normal"
size: "normal"
richness: "normal"
stone:
frequency: "normal"
size: "normal"
richness: "normal"
# Use null for a random seed, number for a specific seed.
seed: null

99
roles/factorio/defaults/map-settings.yml
View File

@ -1,99 +0,0 @@
---
# Settings for the map-settings.json file
# Right now this is just an example of the default values as shown in the
# map-settings.example.json file that's provided with the factorio server
factorio_map_settings:
difficulty_settings:
recipe_difficulty: 1
technology_difficulty: 1
technology_price_multiplier: 1
pollution:
enabled: true
# these are values for 60 ticks (1 simulated second) amount that is
# diffused to neighboring chunk
diffusion_ratio: 0.02
min_to_diffuse: 15
ageing: 1
expected_max_per_chunk: 7000
min_to_show_per_chunk: 700
min_pollution_to_damage_trees: 3500
pollution_with_max_forest_damage: 10000
pollution_per_tree_damage: 2000
pollution_restored_per_tree_damage: 500
max_pollution_to_restore_trees: 1000
enemy_evolution:
enabled: true
time_factor: 0.000004
destroy_factor: 0.002
pollution_factor: 0.000015
enemy_expansion:
enabled: true
min_base_spacing: 3
max_expansion_distance: 7
friendly_base_influence_radius: 2
enemy_building_influence_radius: 2
building_coefficient: 0.1
other_base_coefficient: 2.0
neighbouring_chunk_coefficient: 0.5
neighbouring_base_chunk_coefficient: 0.4
max_colliding_tiles_coefficient: 0.9
settler_group_min_size: 5
settler_group_max_size: 20
min_expansion_cooldown: 14400
max_expansion_cooldown: 216000
unit_group:
min_group_gathering_time: 3600
max_group_gathering_time: 36000
max_wait_time_for_late_members: 7200
max_group_radius: 30.0
min_group_radius: 5.0
max_member_speedup_when_behind: 1.4
max_member_slowdown_when_ahead: 0.6
max_group_slowdown_factor: 0.3
max_group_member_fallback_factor: 3
member_disown_distance: 10
tick_tolerance_when_member_arrives: 60
max_gathering_unit_groups: 30
max_unit_group_size: 200
steering:
default:
radius: 1.2
separation_force: 0.005
separation_factor: 1.2
force_unit_fuzzy_goto_behavior: false
moving:
radius: 3
separation_force: 0.01
separation_factor: 3
force_unit_fuzzy_goto_behavior: false
path_finder:
fwd2bwd_ratio: 5
goal_pressure_ratio: 2
max_steps_worked_per_tick: 100
use_path_cache: true
short_cache_size: 5
long_cache_size: 25
short_cache_min_cacheable_distance: 10
short_cache_min_algo_steps_to_cache: 50
long_cache_min_cacheable_distance: 30
cache_max_connect_to_cache_steps_multiplier: 100
cache_accept_path_start_distance_ratio: 0.2
cache_accept_path_end_distance_ratio: 0.15
negative_cache_accept_path_start_distance_ratio: 0.3
negative_cache_accept_path_end_distance_ratio: 0.3
cache_path_start_distance_rating_multiplier: 10
cache_path_end_distance_rating_multiplier: 20
stale_enemy_with_same_destination_collision_penalty: 30
ignore_moving_enemy_collision_distance: 5
enemy_with_different_destination_collision_penalty: 30
general_entity_collision_penalty: 10
general_entity_subsequent_collision_penalty: 3
max_clients_to_accept_any_new_request: 10
max_clients_to_accept_short_new_request: 100
direct_distance_to_consider_short_request: 100
short_request_max_steps: 1000
short_request_ratio: 0.5
min_steps_to_check_path_find_termination: 2000
start_to_goal_cost_multiplier_to_terminate_path_find: 500.0
max_failed_behavior_count: 3

70
roles/factorio/defaults/server-settings.yml
View File

@ -1,70 +0,0 @@
---
# Settings for the server-settings.json file
# Right now this is just an example of the default values as shown in the
# server-settings.example.json file that's provided with the factorio server
factorio_server_settings:
name: "Name of the game as it will appear in the game listing"
description: "Description of the game that will appear in the listing"
tags: ["game", "tags"]
# Maximum number of players allowed, admins can join even a full server.
# 0 means unlimited.
max_players: 0
# public: Game will be published on the official Factorio matching server
# lan: Game will be broadcast on LAN
visibility:
public: true
lan: true
# Your factorio.com login credentials. Required for games with visibility
# public
username: ""
password: ""
# Authentication token. May be used instead of 'password' above.
token: ""
game_password: ""
# When set to true, the server will only allow clients that have a valid
# Factorio.com account
require_user_verification: true
# optional, default value is 0. 0 means unlimited.",
max_upload_in_kilobytes_per_second: 0
# optional one tick is 16ms in default speed, default value is 0. 0 means no
# minimum.
minimum_latency_in_ticks: 0
# Players that played on this map already can join even when the max player
# limit was reached.
ignore_player_limit_for_returning_players: false
# possible values are, true, false and admins-only
allow_commands: "admins-only"
# Autosave interval in minutes
autosave_interval: 10
# server autosave slots, it is cycled through when the server autosaves.
autosave_slots: 5
# How many minutes until someone is kicked when doing nothing, 0 for never.
afk_autokick_interval: 0
# Whether should the server be paused when no players are present.
auto_pause: true
only_admins_can_pause_the_game: true
# Whether autosaves should be saved only on server or also on all connected
# clients. Default is true.
autosave_only_on_server: true
# List of case insensitive usernames, that will be promoted immediately
admins: []

8
roles/factorio/defaults/server-whitelist.yml
View File

@ -1,8 +0,0 @@
---
# Settings for the server-whitelist.json file
# Right now this is just an example of the default values as shown in the
# server-whitelist.example.json file that's provided with the factorio server
factorio_server_whitelist:
- Rseding91
- Oxyd

2
roles/factorio/dev-requirements.txt
View File

@ -1,2 +0,0 @@
yamllint
molecule[docker]

13
roles/factorio/handlers/main.yml
View File

@ -1,13 +0,0 @@
---
# handlers file for factorio
- name: Reload factorio server (daemon_reload)
systemd:
name: "{{ service_name }}"
daemon_reload: yes
- name: Restart factorio service
systemd:
name: "{{ service_name }}"
state: restarted
when: service_restart_permitted

Some files were not shown because too many files have changed in this diff Show More