Fix new ansible-lint errors
Quite a few changes here, hopefully they work!
This commit is contained in:
parent
2a0d40aca9
commit
2af9f8529d
27 changed files with 52 additions and 47 deletions
|
@ -2,6 +2,10 @@ skip_list:
|
|||
- command-instead-of-shell
|
||||
- no-handler
|
||||
- git-latest
|
||||
- fqcn
|
||||
- name[casing]
|
||||
- name[play]
|
||||
- no-changed-when
|
||||
|
||||
exclude_paths:
|
||||
- galaxy_roles/
|
||||
|
|
|
@ -2,7 +2,7 @@ docker_user:
|
|||
id: 3000
|
||||
name: dockeruser
|
||||
|
||||
docker_compose_file_mask: 0664
|
||||
docker_compose_directory_mask: 0775
|
||||
docker_compose_file_mask: "664"
|
||||
docker_compose_directory_mask: "775"
|
||||
|
||||
docker_update_command: docker-compose pull && docker-compose down --remove-orphans && docker-compose rm && docker-compose up -d
|
||||
|
|
4
ansible/group_vars/all/me.yml
Normal file
4
ansible/group_vars/all/me.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
me:
|
||||
user: jake
|
||||
home: /home/jake
|
||||
name: Jake Howard
|
|
@ -1,3 +0,0 @@
|
|||
user: jake
|
||||
home: /home/{{ user }}
|
||||
name: Jake Howard
|
|
@ -1,4 +1,4 @@
|
|||
"hosts":
|
||||
"vps_hosts":
|
||||
"casey_ip": "213.219.38.11"
|
||||
"grimes_ip": "104.238.172.209"
|
||||
"walker_ip": "192.248.168.230"
|
|
@ -1,5 +1,5 @@
|
|||
wireguard:
|
||||
public_ip: "{{ hosts.casey_ip }}"
|
||||
public_ip: "{{ vps_hosts.casey_ip }}"
|
||||
port: 51820
|
||||
cidr: 10.23.0.0/24
|
||||
server:
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
vars:
|
||||
docker_install_compose_plugin: "{{ ansible_os_family == 'Debian' }}"
|
||||
docker_users:
|
||||
- "{{ user }}"
|
||||
- "{{ me.user }}"
|
||||
- docker_cleanup
|
||||
|
||||
- hosts:
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
password: aurto
|
||||
owner: http
|
||||
group: http
|
||||
mode: 0600
|
||||
mode: "600"
|
||||
become: true
|
||||
notify: restart nginx
|
||||
|
||||
|
@ -24,6 +24,6 @@
|
|||
template:
|
||||
src: files/nginx.conf
|
||||
dest: /etc/nginx/nginx.conf
|
||||
mode: "0600"
|
||||
mode: "600"
|
||||
become: true
|
||||
notify: restart nginx
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# Change to a high/odd port if this server is exposed to the internet directly
|
||||
Port {{ ssh_port }}
|
||||
|
||||
AllowUsers {% if hostname_slug in pve_hosts %}{{ user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
|
||||
AllowUsers {% if hostname_slug in pve_hosts %}{{ me.user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ me.user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }}
|
||||
|
||||
# Bind to all interfaces (change to specific interface if needed)
|
||||
ListenAddress 0.0.0.0
|
||||
|
|
|
@ -21,13 +21,13 @@
|
|||
dest: /etc/ssh/sshd_config
|
||||
validate: /usr/sbin/sshd -t -f %s
|
||||
backup: true
|
||||
mode: 0644
|
||||
mode: "644"
|
||||
become: true
|
||||
register: sshd_config
|
||||
|
||||
- name: Set up authorized keys
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ user }}"
|
||||
user: "{{ me.user }}"
|
||||
state: present
|
||||
key: "{{ lookup('file', item) }}"
|
||||
loop:
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
- name: Make me
|
||||
user:
|
||||
name: "{{ user }}"
|
||||
home: "{{ home }}"
|
||||
comment: "{{ name }}"
|
||||
name: "{{ me.user }}"
|
||||
home: "{{ me.home }}"
|
||||
comment: "{{ me.name }}"
|
||||
shell: /bin/bash
|
||||
system: true
|
||||
become: true
|
||||
|
||||
- name: Give user sudo access
|
||||
user:
|
||||
name: "{{ user }}"
|
||||
name: "{{ me.user }}"
|
||||
groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}"
|
||||
append: true
|
||||
become: true
|
||||
|
|
|
@ -21,14 +21,14 @@
|
|||
|
||||
- name: Add user to docker user group
|
||||
user:
|
||||
name: "{{ user }}"
|
||||
name: "{{ me.user }}"
|
||||
groups: "{{ docker_user.name }}"
|
||||
append: true
|
||||
become: true
|
||||
|
||||
- name: Add user to docker group
|
||||
user:
|
||||
name: "{{ user }}"
|
||||
name: "{{ me.user }}"
|
||||
groups: docker
|
||||
append: true
|
||||
become: true
|
||||
|
@ -44,8 +44,8 @@
|
|||
copy:
|
||||
src: ./files/docker-utils
|
||||
dest: "{{ home }}"
|
||||
mode: 0755
|
||||
directory_mode: 0755
|
||||
mode: "755"
|
||||
directory_mode: "755"
|
||||
|
||||
- name: override docker service for zfs dependencies
|
||||
include_tasks: zfs-override.yml
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
- name: Make user
|
||||
user:
|
||||
name: "{{ f2b_user }}"
|
||||
comment: "{{ name }}"
|
||||
comment: "{{ me.user }}"
|
||||
shell: /home/{{ f2b_user }}/f2b-entrypoint.sh
|
||||
system: false
|
||||
become: true
|
||||
|
@ -22,7 +22,7 @@
|
|||
template:
|
||||
src: files/f2b-entrypoint.sh
|
||||
dest: /home/{{ f2b_user }}/f2b-entrypoint.sh
|
||||
mode: 0755
|
||||
mode: "755"
|
||||
become: true
|
||||
register: sshd_config
|
||||
|
||||
|
|
|
@ -98,7 +98,7 @@ scrape_configs:
|
|||
module: [https_redir]
|
||||
static_configs:
|
||||
- targets:
|
||||
- http://{{ hosts.casey_ip }}
|
||||
- http://{{ vps_hosts.casey_ip }}
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
|
|
|
@ -6,9 +6,9 @@ maxretry = 100
|
|||
filter = nginx-tcp
|
||||
logpath = /var/log/nginx/ips.log
|
||||
port = http,https,8448
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
|
||||
|
||||
[traefik]
|
||||
enabled = true
|
||||
port = http,https,8448
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
|
||||
|
|
|
@ -32,15 +32,15 @@
|
|||
file:
|
||||
path: "{{ home }}/wireguard-clients"
|
||||
state: directory
|
||||
owner: "{{ user }}"
|
||||
mode: 0700
|
||||
owner: "{{ me.user }}"
|
||||
mode: "700"
|
||||
|
||||
- name: Wireguard client configuration
|
||||
template:
|
||||
src: files/wireguard-client.conf
|
||||
dest: "{{ home }}/wireguard-clients/{{ item.key }}.conf"
|
||||
owner: "{{ user }}"
|
||||
mode: 0600
|
||||
owner: "{{ me.user }}"
|
||||
mode: "600"
|
||||
loop: "{{ wireguard.clients | dict2items }}"
|
||||
loop_control:
|
||||
label: "{{ item.key }}"
|
||||
|
|
|
@ -34,5 +34,5 @@
|
|||
minute: 0
|
||||
weekday: 1
|
||||
job: /opt/mastodon/purge-media.sh
|
||||
user: "{{ user }}"
|
||||
user: "{{ me.user }}"
|
||||
become: true
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
nebula_lighthouse_public_ip: "{{ hosts.casey_ip }}"
|
||||
nebula_lighthouse_public_ip: "{{ vps_hosts.casey_ip }}"
|
||||
nebula_lighthouse_ip: "{{ nebula.clients.casey.ip }}"
|
||||
nebula_lighthouse_port: 6328
|
||||
|
||||
|
|
|
@ -1 +1 @@
|
|||
alias={{ hosts.casey_ip }},{{ pve_hosts.ingress.external_ip }}
|
||||
alias={{ vps_hosts.casey_ip }},{{ pve_hosts.ingress.external_ip }}
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
template:
|
||||
src: files/internal-alias.conf
|
||||
dest: /etc/dnsmasq.d/internal-alias.conf
|
||||
mode: 0644
|
||||
mode: "644"
|
||||
notify: restart pihole FTL
|
||||
become: true
|
||||
|
||||
|
@ -13,6 +13,6 @@
|
|||
template:
|
||||
src: files/setup-vars.conf
|
||||
dest: /etc/pihole/setupVars.conf
|
||||
mode: 0644
|
||||
mode: "644"
|
||||
notify: restart pihole FTL
|
||||
become: true
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
- name: Set configuration
|
||||
ini_file:
|
||||
path: "{{ qbittorrent_user.home }}/.config/qBittorrent/qBittorrent.conf"
|
||||
mode: 0700
|
||||
mode: "700"
|
||||
owner: "{{ qbittorrent_user.name }}"
|
||||
section: "{{ item.section }}"
|
||||
option: "{{ item.option }}"
|
||||
|
|
|
@ -6,5 +6,5 @@ maxretry = 5
|
|||
filter = traefik
|
||||
logpath = /tmp/traefik-logs/access.log
|
||||
port = http,https
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ hosts.values()|sort|join(",") }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }}
|
||||
action = gateway
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
template:
|
||||
src: files/fail2ban/traefik-jail.conf
|
||||
dest: /etc/fail2ban/jail.d/traefik.conf
|
||||
mode: 0644
|
||||
mode: "644"
|
||||
become: true
|
||||
notify: restart fail2ban
|
||||
|
||||
|
@ -10,7 +10,7 @@
|
|||
template:
|
||||
src: files/fail2ban/traefik-filter.conf
|
||||
dest: /etc/fail2ban/filter.d/traefik.conf
|
||||
mode: 0644
|
||||
mode: "644"
|
||||
become: true
|
||||
notify: restart fail2ban
|
||||
|
||||
|
@ -18,7 +18,7 @@
|
|||
template:
|
||||
src: files/fail2ban/remote-action.conf
|
||||
dest: /etc/fail2ban/action.d/gateway.conf
|
||||
mode: 0644
|
||||
mode: "644"
|
||||
become: true
|
||||
notify: restart fail2ban
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
path: /opt/upload/htpasswd.txt
|
||||
name: jake
|
||||
password: "{{ superuser_upload_password }}"
|
||||
mode: 0640
|
||||
mode: "640"
|
||||
owner: "{{ docker_user.name }}"
|
||||
become: true
|
||||
|
||||
|
@ -33,5 +33,5 @@
|
|||
path: /opt/upload/htpasswd.txt
|
||||
name: nextcloud
|
||||
password: "{{ nextcloud_upload_password }}"
|
||||
mode: 0640
|
||||
mode: "640"
|
||||
become: true
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
- name: Give user passwordless access to ZFS commands
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
line: "{{ user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
|
||||
line: "{{ me.user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool"
|
||||
become: true
|
||||
|
||||
- name: Sanoid
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
resource "local_file" "hosts" {
|
||||
content = yamlencode({
|
||||
hosts : {
|
||||
vps_hosts : {
|
||||
casey_ip : linode_instance.casey.ip_address,
|
||||
walker_ip : vultr_instance.walker.main_ip,
|
||||
grimes_ip : vultr_instance.grimes.main_ip,
|
||||
}
|
||||
})
|
||||
filename = "${path.module}/../ansible/group_vars/all/hosts.yml"
|
||||
filename = "${path.module}/../ansible/group_vars/all/vps-hosts.yml"
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ extends: default
|
|||
ignore: |
|
||||
ansible/galaxy_roles
|
||||
ansible/galaxy_collections
|
||||
ansible/group_vars/all/hosts.yml
|
||||
ansible/group_vars/all/vps-hosts.yml
|
||||
ansible/roles/traefik/files/traefik.yml
|
||||
ansible/roles/nebula/files/nebula.yml
|
||||
|
||||
|
|
Loading…
Reference in a new issue