diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index be908ea..d932752 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -5,8 +5,11 @@ retry_files_enabled = False roles_path = $PWD/galaxy_roles:$PWD/roles collections_path = $PWD/galaxy_collections inventory = ./hosts -become_ask_pass = True interpreter_python = auto_silent +[privilege_escalation] +become = True +become_ask_pass = True + [ssh_connection] pipelining = True diff --git a/ansible/main.yml b/ansible/main.yml index 7e8ff42..86d183a 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -9,12 +9,10 @@ - hosts: casey roles: - nginx - - role: geerlingguy.certbot - become: true + - geerlingguy.certbot - gateway - headscale - restic - - artis3n.tailscale - glinet_vpn - hosts: @@ -25,7 +23,6 @@ - tang roles: - role: geerlingguy.ntp - become: true vars: ntp_timezone: "{{ timezone }}" ntp_manage_config: true @@ -37,8 +34,7 @@ - renovate - gitea-runner roles: - - role: geerlingguy.docker - become: true + - geerlingguy.docker - docker_cleanup - hosts: @@ -53,6 +49,14 @@ roles: - traefik +- hosts: + - ingress + - walker + - casey + become: false # Forcefully run as current user + roles: + - artis3n.tailscale + - hosts: pve-docker roles: - pve_docker @@ -71,17 +75,13 @@ roles: - nginx - ingress - - artis3n.tailscale - hosts: pve roles: - - role: ironicbadger.proxmox_nag_removal - become: true + - ironicbadger.proxmox_nag_removal - zfs - - role: ironicbadger.snapraid - become: true - - role: prometheus.prometheus.node_exporter - become: true + - ironicbadger.snapraid + - prometheus.prometheus.node_exporter - hosts: forrest roles: @@ -98,13 +98,11 @@ - hosts: walker roles: - nginx - - role: geerlingguy.certbot - become: true + - geerlingguy.certbot - coredns_docker_proxy - plausible - restic - website - - artis3n.tailscale - slides - comentario @@ -128,6 +126,5 @@ - hosts: tang roles: - adguardhome - - role: prometheus.prometheus.node_exporter - become: true + - prometheus.prometheus.node_exporter - restic diff --git a/ansible/roles/adguardhome/handlers/main.yml b/ansible/roles/adguardhome/handlers/main.yml index e8c56d8..e6aa845 100644 --- a/ansible/roles/adguardhome/handlers/main.yml +++ b/ansible/roles/adguardhome/handlers/main.yml @@ -3,11 +3,9 @@ name: coredns state: restarted enabled: true - become: true - name: restart systemd-resolved service: name: systemd-resolved state: restarted enabled: true - become: true diff --git a/ansible/roles/adguardhome/tasks/main.yml b/ansible/roles/adguardhome/tasks/main.yml index 0d85113..6ac2ccc 100644 --- a/ansible/roles/adguardhome/tasks/main.yml +++ b/ansible/roles/adguardhome/tasks/main.yml @@ -1,7 +1,6 @@ - name: Install adguardhome kewlfft.aur.aur: name: adguardhome-bin - become: true - name: Disable resolved stub template: @@ -10,7 +9,6 @@ owner: root mode: "0644" notify: restart systemd-resolved - become: true - name: Use resolved resolv.conf file: @@ -18,12 +16,10 @@ dest: /etc/resolv.conf state: link notify: restart systemd-resolved - become: true - name: Install coredns kewlfft.aur.aur: name: coredns - become: true - name: Install coredns config file template: @@ -32,4 +28,3 @@ owner: coredns mode: "0644" notify: restart coredns - become: true diff --git a/ansible/roles/authentik/tasks/main.yml b/ansible/roles/authentik/tasks/main.yml index 56122e2..e5c51a0 100644 --- a/ansible/roles/authentik/tasks/main.yml +++ b/ansible/roles/authentik/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,4 +16,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart authentik - become: true diff --git a/ansible/roles/base/tasks/fail2ban.yml b/ansible/roles/base/tasks/fail2ban.yml index 0d89ee3..ec2b2e6 100644 --- a/ansible/roles/base/tasks/fail2ban.yml +++ b/ansible/roles/base/tasks/fail2ban.yml @@ -1,25 +1,21 @@ - name: Install fail2ban package: name: fail2ban - become: true - name: Enable fail2ban service: name: fail2ban enabled: true - become: true - name: fail2ban SSH jail template: src: files/ssh-jail.conf dest: /etc/fail2ban/jail.d/ssh.conf mode: "0600" - become: true register: fail2ban_jail - name: Restart fail2ban service: name: fail2ban state: restarted - become: true when: fail2ban_jail.changed diff --git a/ansible/roles/base/tasks/logrotate.yml b/ansible/roles/base/tasks/logrotate.yml index ed8a1ec..47829d6 100644 --- a/ansible/roles/base/tasks/logrotate.yml +++ b/ansible/roles/base/tasks/logrotate.yml @@ -1,13 +1,11 @@ - name: Install logrotate package: name: logrotate - become: true - name: Enable logrotate timer service: name: logrotate.timer enabled: true - become: true when: ansible_os_family == 'Archlinux' - name: logrotate fail2ban config @@ -15,4 +13,3 @@ src: files/fail2ban-logrotate dest: /etc/logrotate.d/fail2ban mode: "0600" - become: true diff --git a/ansible/roles/base/tasks/packages.yml b/ansible/roles/base/tasks/packages.yml index 3b90110..f1d5c0b 100644 --- a/ansible/roles/base/tasks/packages.yml +++ b/ansible/roles/base/tasks/packages.yml @@ -1,7 +1,6 @@ - name: Install Base Packages package: name: "{{ item }}" - become: true loop: - htop - neofetch diff --git a/ansible/roles/base/tasks/ssh.yml b/ansible/roles/base/tasks/ssh.yml index 4ff6fec..3bff54d 100644 --- a/ansible/roles/base/tasks/ssh.yml +++ b/ansible/roles/base/tasks/ssh.yml @@ -1,13 +1,11 @@ - name: Install OpenSSH for Debian package: name: openssh-server - become: true when: ansible_os_family == 'Debian' - name: Install OpenSSH for Arch package: name: openssh - become: true when: ansible_os_family == 'Archlinux' - name: Define context @@ -22,7 +20,6 @@ validate: /usr/sbin/sshd -t -f %s backup: true mode: "644" - become: true register: sshd_config - name: Set up authorized keys @@ -38,11 +35,9 @@ service: name: sshd enabled: true - become: true - name: Restart SSH Daemon service: name: sshd state: reloaded when: sshd_config.changed - become: true diff --git a/ansible/roles/base/tasks/user.yml b/ansible/roles/base/tasks/user.yml index aa4c2ad..7928922 100644 --- a/ansible/roles/base/tasks/user.yml +++ b/ansible/roles/base/tasks/user.yml @@ -5,11 +5,9 @@ comment: "{{ me.name }}" shell: /bin/bash system: true - become: true - name: Give user sudo access user: name: "{{ me.user }}" groups: "{{ 'sudo' if ansible_os_family == 'Debian' else 'wheel' }}" append: true - become: true diff --git a/ansible/roles/comentario/tasks/main.yml b/ansible/roles/comentario/tasks/main.yml index ba4158d..cdd7725 100644 --- a/ansible/roles/comentario/tasks/main.yml +++ b/ansible/roles/comentario/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart comentario - become: true - name: Install secrets copy: @@ -26,7 +24,6 @@ mode: "600" owner: "{{ docker_user.name }}" notify: restart comentario - become: true - name: Install nginx config template: @@ -34,7 +31,6 @@ dest: /etc/nginx/http.d/comentario.conf mode: "0644" notify: reload nginx - become: true vars: server_name: comentario.theorangeone.net upstream: comentario-comentario-1.docker:80 diff --git a/ansible/roles/coredns_docker_proxy/tasks/main.yml b/ansible/roles/coredns_docker_proxy/tasks/main.yml index a4e5b73..8945646 100644 --- a/ansible/roles/coredns_docker_proxy/tasks/main.yml +++ b/ansible/roles/coredns_docker_proxy/tasks/main.yml @@ -2,7 +2,6 @@ docker_network: name: coredns internal: true - become: true - name: Create install directory file: @@ -10,7 +9,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -20,4 +18,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart coredns - become: true diff --git a/ansible/roles/db_auto_backup/tasks/main.yml b/ansible/roles/db_auto_backup/tasks/main.yml index cc6fd8c..742da5c 100644 --- a/ansible/roles/db_auto_backup/tasks/main.yml +++ b/ansible/roles/db_auto_backup/tasks/main.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -14,4 +13,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart db-auto-backup - become: true diff --git a/ansible/roles/docker_cleanup/tasks/main.yml b/ansible/roles/docker_cleanup/tasks/main.yml index 0f5b98b..f2e5e13 100644 --- a/ansible/roles/docker_cleanup/tasks/main.yml +++ b/ansible/roles/docker_cleanup/tasks/main.yml @@ -1,7 +1,6 @@ - name: Install docker-compose package: name: docker-compose - become: true when: ansible_os_family != 'Debian' - name: Install compose-switch @@ -9,7 +8,6 @@ url: "{{ docker_compose_url }}" dest: "{{ docker_compose_path }}" mode: "0755" - become: true when: ansible_os_family == 'Debian' - name: Create docker group @@ -17,7 +15,6 @@ name: "{{ docker_user.name }}" state: present gid: "{{ docker_user.id }}" - become: true - name: Create docker user user: @@ -25,21 +22,18 @@ uid: "{{ docker_user.id }}" group: "{{ docker_user.name }}" create_home: false - become: true - name: Add user to docker user group user: name: "{{ me.user }}" groups: "{{ docker_user.name }}" append: true - become: true - name: Add user to docker group user: name: "{{ me.user }}" groups: docker append: true - become: true - name: Clean up docker containers cron: @@ -47,6 +41,8 @@ hour: 1 minute: 0 job: docker system prune -af --volumes + cron_file: docker_cleanup + user: root - name: Install util scripts copy: @@ -54,6 +50,7 @@ dest: "{{ me.home }}" mode: "755" directory_mode: "755" + owner: "{{ me.user }}" - name: override docker service for zfs dependencies include_tasks: zfs-override.yml diff --git a/ansible/roles/docker_cleanup/tasks/zfs-override.yml b/ansible/roles/docker_cleanup/tasks/zfs-override.yml index 6921838..aa1d673 100644 --- a/ansible/roles/docker_cleanup/tasks/zfs-override.yml +++ b/ansible/roles/docker_cleanup/tasks/zfs-override.yml @@ -3,7 +3,6 @@ path: /etc/systemd/system/docker.service.d state: directory mode: "0755" - become: true - name: Create override.conf copy: @@ -12,4 +11,3 @@ owner: root group: root mode: "0644" - become: true diff --git a/ansible/roles/forgejo/tasks/main.yml b/ansible/roles/forgejo/tasks/main.yml index 2af0247..1d00db6 100644 --- a/ansible/roles/forgejo/tasks/main.yml +++ b/ansible/roles/forgejo/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart gitea - become: true - name: Install config file template: @@ -26,7 +24,6 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: restart gitea - become: true - name: Create custom templates directory file: @@ -35,7 +32,6 @@ owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" recurse: true - become: true - name: Install custom footer copy: @@ -44,4 +40,3 @@ owner: "{{ docker_user.name }}" mode: "{{ docker_compose_file_mask }}" notify: restart gitea - become: true diff --git a/ansible/roles/forgejo_runner/tasks/main.yml b/ansible/roles/forgejo_runner/tasks/main.yml index a49f432..013acd6 100644 --- a/ansible/roles/forgejo_runner/tasks/main.yml +++ b/ansible/roles/forgejo_runner/tasks/main.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install config file template: @@ -13,7 +12,6 @@ mode: "600" owner: "{{ docker_user.name }}" notify: restart forgejo-runner - become: true - name: Install compose file template: @@ -23,4 +21,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart forgejo-runner - become: true diff --git a/ansible/roles/gateway/tasks/fail2ban.yml b/ansible/roles/gateway/tasks/fail2ban.yml index aab8702..6307559 100644 --- a/ansible/roles/gateway/tasks/fail2ban.yml +++ b/ansible/roles/gateway/tasks/fail2ban.yml @@ -3,7 +3,6 @@ src: files/nginx-fail2ban-filter.conf dest: /etc/fail2ban/filter.d/nginx-tcp.conf mode: "0600" - become: true register: fail2ban_filter - name: fail2ban jail @@ -11,12 +10,10 @@ src: files/nginx-fail2ban-jail.conf dest: /etc/fail2ban/jail.d/nginx.conf mode: "0600" - become: true register: fail2ban_jail - name: Restart fail2ban service: name: fail2ban state: restarted - become: true when: fail2ban_filter.changed or fail2ban_jail.changed diff --git a/ansible/roles/gateway/tasks/nginx.yml b/ansible/roles/gateway/tasks/nginx.yml index 89dcc42..d45b6e8 100644 --- a/ansible/roles/gateway/tasks/nginx.yml +++ b/ansible/roles/gateway/tasks/nginx.yml @@ -3,7 +3,6 @@ src: files/nginx.conf dest: /etc/nginx/stream.d/gateway.conf mode: "0644" - become: true register: nginx_config - name: Install CDN config @@ -11,12 +10,10 @@ src: files/nginx-cdn.conf dest: /etc/nginx/http.d/cdn.conf mode: "0644" - become: true register: nginx_config - name: Reload Nginx service: name: nginx state: reloaded - become: true when: nginx_config.changed diff --git a/ansible/roles/gateway/tasks/wireguard.yml b/ansible/roles/gateway/tasks/wireguard.yml index 4d662cf..cc83418 100644 --- a/ansible/roles/gateway/tasks/wireguard.yml +++ b/ansible/roles/gateway/tasks/wireguard.yml @@ -1,7 +1,6 @@ - name: Install wireguard tools package: name: "{{ item }}" - become: true loop: - wireguard-tools - qrencode @@ -12,21 +11,18 @@ dest: /etc/wireguard/wg0.conf mode: "0600" backup: true - become: true register: wireguard_conf - name: Enable wireguard service: name: wg-quick@wg0 enabled: true - become: true - name: Restart wireguard service: name: wg-quick@wg0 state: restarted when: wireguard_conf.changed - become: true - name: Create wireguard client directory file: diff --git a/ansible/roles/glinet_vpn/handlers/main.yml b/ansible/roles/glinet_vpn/handlers/main.yml index 271a823..0ec65a5 100644 --- a/ansible/roles/glinet_vpn/handlers/main.yml +++ b/ansible/roles/glinet_vpn/handlers/main.yml @@ -2,4 +2,3 @@ service: name: wg-quick@glinet state: restarted - become: true diff --git a/ansible/roles/glinet_vpn/tasks/main.yml b/ansible/roles/glinet_vpn/tasks/main.yml index 84c3bda..2a62d9a 100644 --- a/ansible/roles/glinet_vpn/tasks/main.yml +++ b/ansible/roles/glinet_vpn/tasks/main.yml @@ -4,7 +4,6 @@ - name: Install wireguard tools package: name: "{{ item }}" - become: true loop: - wireguard-tools - qrencode @@ -15,7 +14,6 @@ dest: /etc/wireguard/glinet.conf mode: "0600" backup: true - become: true notify: restart wireguard - name: Wireguard client config @@ -24,11 +22,9 @@ dest: "{{ me.home }}/glinet-vpn.conf" mode: "0600" owner: "{{ me.user }}" - become: true notify: restart wireguard - name: Enable wireguard service: name: wg-quick@glinet enabled: true - become: true diff --git a/ansible/roles/headscale/handlers/main.yml b/ansible/roles/headscale/handlers/main.yml index 1b0710a..10e1f1f 100644 --- a/ansible/roles/headscale/handlers/main.yml +++ b/ansible/roles/headscale/handlers/main.yml @@ -3,4 +3,3 @@ name: headscale state: restarted enabled: true - become: true diff --git a/ansible/roles/headscale/tasks/main.yml b/ansible/roles/headscale/tasks/main.yml index ab1cfe6..2fb2e74 100644 --- a/ansible/roles/headscale/tasks/main.yml +++ b/ansible/roles/headscale/tasks/main.yml @@ -4,7 +4,6 @@ - name: Install Headscale package: name: headscale - become: true - name: Install headscale config file template: @@ -13,7 +12,6 @@ owner: headscale mode: "0600" notify: restart headscale - become: true - name: Install ACLs template: @@ -22,12 +20,10 @@ owner: headscale mode: "0600" notify: restart headscale - become: true - name: Install nginx config template: src: files/nginx.conf dest: /etc/nginx/http.d/headscale.conf mode: "0644" - become: true notify: reload nginx diff --git a/ansible/roles/http_proxy/handlers/main.yml b/ansible/roles/http_proxy/handlers/main.yml index 3b22b8c..c5ee5fe 100644 --- a/ansible/roles/http_proxy/handlers/main.yml +++ b/ansible/roles/http_proxy/handlers/main.yml @@ -2,4 +2,3 @@ service: name: squid state: restarted - become: true diff --git a/ansible/roles/http_proxy/tasks/main.yml b/ansible/roles/http_proxy/tasks/main.yml index 7c9da9f..88ef43f 100644 --- a/ansible/roles/http_proxy/tasks/main.yml +++ b/ansible/roles/http_proxy/tasks/main.yml @@ -1,18 +1,15 @@ - name: Install squid package: name: squid - become: true - name: Squid config template: src: files/squid.conf dest: /etc/squid/squid.conf mode: "0600" - become: true notify: restart squid - name: Enable squid service: name: squid enabled: true - become: true diff --git a/ansible/roles/ingress/handlers/main.yml b/ansible/roles/ingress/handlers/main.yml index 31559f2..d9a7830 100644 --- a/ansible/roles/ingress/handlers/main.yml +++ b/ansible/roles/ingress/handlers/main.yml @@ -2,13 +2,11 @@ service: name: wg-quick@wg0 state: restarted - become: true - name: reload nginx service: name: nginx state: reloaded - become: true - name: reload nftables command: @@ -16,4 +14,3 @@ - nft - -f - /etc/nftables.conf - become: true diff --git a/ansible/roles/ingress/tasks/firewall.yml b/ansible/roles/ingress/tasks/firewall.yml index e3ef0f4..4473fc1 100644 --- a/ansible/roles/ingress/tasks/firewall.yml +++ b/ansible/roles/ingress/tasks/firewall.yml @@ -1,7 +1,6 @@ - name: Install nftables package: name: nftables - become: true - name: Copy firewall config template: @@ -9,7 +8,6 @@ dest: /etc/nftables.conf validate: nft -c -f %s mode: "644" - become: true notify: reload nftables - name: Enable nftables @@ -17,4 +15,3 @@ name: nftables enabled: true state: started - become: true diff --git a/ansible/roles/ingress/tasks/nginx.yml b/ansible/roles/ingress/tasks/nginx.yml index a403504..320227b 100644 --- a/ansible/roles/ingress/tasks/nginx.yml +++ b/ansible/roles/ingress/tasks/nginx.yml @@ -3,5 +3,4 @@ src: files/nginx.conf dest: /etc/nginx/stream.d/ingress.conf mode: "0644" - become: true notify: reload nginx diff --git a/ansible/roles/ingress/tasks/wireguard.yml b/ansible/roles/ingress/tasks/wireguard.yml index 9144598..e13cad8 100644 --- a/ansible/roles/ingress/tasks/wireguard.yml +++ b/ansible/roles/ingress/tasks/wireguard.yml @@ -1,8 +1,6 @@ - name: Install Wireguard package: - name: - - wireguard - become: true + name: wireguard - name: Get wireguard credentials set_fact: @@ -14,14 +12,12 @@ dest: /etc/wireguard/wg0.conf mode: "0600" backup: true - become: true notify: restart wireguard - name: Enable wireguard service: name: wg-quick@wg0 enabled: true - become: true - name: Enable p2p communication sysctl: @@ -31,4 +27,3 @@ state: present reload: true sysctl_file: /etc/sysctl.d/99-sysctl.conf - become: true diff --git a/ansible/roles/jellyfin/tasks/main.yml b/ansible/roles/jellyfin/tasks/main.yml index 0fdf7c5..7077e73 100644 --- a/ansible/roles/jellyfin/tasks/main.yml +++ b/ansible/roles/jellyfin/tasks/main.yml @@ -2,23 +2,19 @@ ansible.builtin.apt_key: url: https://repo.jellyfin.org/jellyfin_team.gpg.key state: present - become: true - name: Add Jellyfin repository apt_repository: repo: deb [arch=amd64] https://repo.jellyfin.org/debian {{ ansible_distribution_release }} main filename: jellyfin state: present - become: true - name: Install jellyfin package: name: jellyfin - become: true - name: Set media dir permissions cron: name: Set media permissions special_time: daily job: chown -R jellyfin:jellyfin /mnt/media - become: true diff --git a/ansible/roles/mastodon/tasks/main.yml b/ansible/roles/mastodon/tasks/main.yml index 9a173a6..cf75a15 100644 --- a/ansible/roles/mastodon/tasks/main.yml +++ b/ansible/roles/mastodon/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart mastodon - become: true - name: Install media cleanup script template: @@ -25,7 +23,6 @@ dest: /opt/mastodon/purge-media.sh mode: "0755" owner: "{{ docker_user.name }}" - become: true - name: Schedule media cleanup cron: @@ -35,4 +32,3 @@ weekday: 1 job: /opt/mastodon/purge-media.sh user: "{{ me.user }}" - become: true diff --git a/ansible/roles/minio/tasks/main.yml b/ansible/roles/minio/tasks/main.yml index 06b6bab..95bc374 100644 --- a/ansible/roles/minio/tasks/main.yml +++ b/ansible/roles/minio/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,4 +16,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart minio - become: true diff --git a/ansible/roles/nginx/handlers/main.yml b/ansible/roles/nginx/handlers/main.yml index d5b7b4c..71ffc65 100644 --- a/ansible/roles/nginx/handlers/main.yml +++ b/ansible/roles/nginx/handlers/main.yml @@ -2,4 +2,3 @@ service: name: nginx state: reloaded - become: true diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index 53c3202..e908c91 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -1,7 +1,6 @@ - name: Install nginx package: name: nginx - become: true - name: Install nginx modules package: @@ -11,7 +10,6 @@ - libnginx-mod-http-brotli-filter - libnginx-mod-stream when: ansible_os_family != 'Archlinux' - become: true - name: Install nginx modules (on Arch) kewlfft.aur.aur: @@ -20,12 +18,10 @@ - nginx-mod-headers-more - nginx-mod-brotli when: ansible_os_family == 'Archlinux' - become: true - name: Generate Diffie-Hellman parameters community.crypto.openssl_dhparam: path: /etc/nginx/dhparams.pem - become: true - name: Create config directories file: @@ -36,7 +32,6 @@ - http.d - stream.d - includes - become: true - name: Copy config files template: @@ -44,7 +39,6 @@ dest: /etc/nginx/includes/{{ item | basename }} mode: "0644" with_fileglob: files/includes/*.conf - become: true notify: reload nginx - name: Install config @@ -52,7 +46,6 @@ src: files/nginx.conf dest: /etc/nginx/nginx.conf mode: "0644" - become: true notify: reload nginx - name: Install HTTPS redirect @@ -60,6 +53,5 @@ src: files/nginx-https-redirect.conf dest: /etc/nginx/http.d/https-redirect.conf mode: "0644" - become: true notify: reload nginx when: nginx_https_redirect diff --git a/ansible/roles/ntfy/tasks/main.yml b/ansible/roles/ntfy/tasks/main.yml index fe352d0..6399446 100644 --- a/ansible/roles/ntfy/tasks/main.yml +++ b/ansible/roles/ntfy/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,4 +16,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart ntfy - become: true diff --git a/ansible/roles/paccache/tasks/main.yml b/ansible/roles/paccache/tasks/main.yml index 3265413..2c178de 100644 --- a/ansible/roles/paccache/tasks/main.yml +++ b/ansible/roles/paccache/tasks/main.yml @@ -1,18 +1,15 @@ - name: Install Pacman utils package: name: pacman-contrib - become: true - name: Create hooks directory file: path: /etc/pacman.d/hooks/ state: directory mode: "0755" - become: true - name: Install pacman hook template: src: files/paccache.hook dest: /etc/pacman.d/hooks/clean_package_cache.hook mode: "0644" - become: true diff --git a/ansible/roles/plausible/tasks/main.yml b/ansible/roles/plausible/tasks/main.yml index b1afd03..87e16d0 100644 --- a/ansible/roles/plausible/tasks/main.yml +++ b/ansible/roles/plausible/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install clickhouse config template: @@ -15,7 +14,6 @@ dest: /opt/plausible/docker_related_config.xml mode: "0644" notify: restart plausible - become: true - name: Install clickhouse user config template: @@ -23,7 +21,6 @@ dest: /opt/plausible/docker_related_user_config.xml mode: "0644" notify: restart plausible - become: true - name: Install compose file template: @@ -33,7 +30,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart plausible - become: true - name: Install nginx config template: @@ -41,7 +37,6 @@ dest: /etc/nginx/http.d/plausible.conf mode: "0644" notify: reload nginx - become: true vars: server_name: plausible.theorangeone.net elbisualp.theorangeone.net upstream: plausible-plausible-1.docker:8000 diff --git a/ansible/roles/privatebin/tasks/main.yml b/ansible/roles/privatebin/tasks/main.yml index a2a631c..b7f2f78 100644 --- a/ansible/roles/privatebin/tasks/main.yml +++ b/ansible/roles/privatebin/tasks/main.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -14,7 +13,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart privatebin - become: true - name: Install config file template: @@ -23,4 +21,3 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: restart privatebin - become: true diff --git a/ansible/roles/prometheus/tasks/grafana.yml b/ansible/roles/prometheus/tasks/grafana.yml index 834e24a..ae40d59 100644 --- a/ansible/roles/prometheus/tasks/grafana.yml +++ b/ansible/roles/prometheus/tasks/grafana.yml @@ -8,7 +8,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install grafana compose file template: @@ -18,4 +17,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart grafana - become: true diff --git a/ansible/roles/prometheus/tasks/main.yml b/ansible/roles/prometheus/tasks/main.yml index 4e4accf..c9a4f40 100644 --- a/ansible/roles/prometheus/tasks/main.yml +++ b/ansible/roles/prometheus/tasks/main.yml @@ -17,7 +17,6 @@ - "{{ vps_hosts.private_ipv6_range }}" register: routes changed_when: false - become: true - name: Add route to private services via ingress command: @@ -31,5 +30,4 @@ - "{{ pve_hosts.ingress.ipv6 }}" - dev - eth0 - become: true when: vps_hosts.private_ipv6_marker not in routes.stdout diff --git a/ansible/roles/prometheus/tasks/prometheus.yml b/ansible/roles/prometheus/tasks/prometheus.yml index 35d1aba..05e6685 100644 --- a/ansible/roles/prometheus/tasks/prometheus.yml +++ b/ansible/roles/prometheus/tasks/prometheus.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install prometheus config template: @@ -13,7 +12,6 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: reload prometheus - become: true - name: Install prometheus compose file template: @@ -23,7 +21,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart prometheus - become: true - name: Install blackbox config template: @@ -32,7 +29,6 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: restart prometheus - become: true - name: Install alertmanager config template: @@ -41,7 +37,6 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: restart prometheus - become: true - name: Install prometheus alert rules copy: @@ -50,4 +45,3 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: reload prometheus - become: true diff --git a/ansible/roles/pve_docker/tasks/calibre.yml b/ansible/roles/pve_docker/tasks/calibre.yml index ce9dbed..3743c7b 100644 --- a/ansible/roles/pve_docker/tasks/calibre.yml +++ b/ansible/roles/pve_docker/tasks/calibre.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install calibre compose file template: @@ -14,7 +13,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config register: compose_file - become: true - name: restart calibre shell: diff --git a/ansible/roles/pve_docker/tasks/librespeed.yml b/ansible/roles/pve_docker/tasks/librespeed.yml index 6886f2c..2acebb2 100644 --- a/ansible/roles/pve_docker/tasks/librespeed.yml +++ b/ansible/roles/pve_docker/tasks/librespeed.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install librespeed compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config register: compose_file - become: true - name: restart librespeed shell: diff --git a/ansible/roles/pve_docker/tasks/nextcloud.yml b/ansible/roles/pve_docker/tasks/nextcloud.yml index 4d85c46..db3fab2 100644 --- a/ansible/roles/pve_docker/tasks/nextcloud.yml +++ b/ansible/roles/pve_docker/tasks/nextcloud.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install nextcloud compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config register: compose_file - become: true - name: Install nextcloud config template: @@ -26,7 +24,6 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" register: config_file - become: true - name: Install occ script template: @@ -34,7 +31,6 @@ dest: /opt/nextcloud/occ mode: "0755" owner: "{{ docker_user.name }}" - become: true - name: restart nextcloud shell: @@ -47,4 +43,3 @@ name: Set nextcloud data permissions special_time: daily job: chown -R {{ docker_user.name }}:{{ docker_user.name }} /mnt/tank/files/nextcloud - become: true diff --git a/ansible/roles/pve_docker/tasks/quassel.yml b/ansible/roles/pve_docker/tasks/quassel.yml index 3f60d57..8320db4 100644 --- a/ansible/roles/pve_docker/tasks/quassel.yml +++ b/ansible/roles/pve_docker/tasks/quassel.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install quassel compose file template: @@ -14,7 +13,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config register: compose_file - become: true - name: restart quassel shell: diff --git a/ansible/roles/pve_docker/tasks/synapse.yml b/ansible/roles/pve_docker/tasks/synapse.yml index 5efa1de..3df6b96 100644 --- a/ansible/roles/pve_docker/tasks/synapse.yml +++ b/ansible/roles/pve_docker/tasks/synapse.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install synapse compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config register: compose_file - become: true - name: Install synapse config template: @@ -26,7 +24,6 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" register: homeserver_config - become: true - name: restart synapse shell: diff --git a/ansible/roles/pve_docker/tasks/tt-rss.yml b/ansible/roles/pve_docker/tasks/tt-rss.yml index 33e8149..4c6ce8a 100644 --- a/ansible/roles/pve_docker/tasks/tt-rss.yml +++ b/ansible/roles/pve_docker/tasks/tt-rss.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Create tt-rss plugins directory file: @@ -13,7 +12,6 @@ owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" register: plugins_dir - become: true - name: Install tt-rss compose file template: @@ -23,7 +21,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config register: compose_file - become: true - name: Install fever plugin git: @@ -41,7 +38,6 @@ owner: "{{ docker_user.name }}" mode: u=rwX,g=rwX,o=rX recurse: true - become: true when: fever_plugin.changed - name: restart tt-rss diff --git a/ansible/roles/pve_docker/tasks/wallabag.yml b/ansible/roles/pve_docker/tasks/wallabag.yml index 7d99aa3..2785db1 100644 --- a/ansible/roles/pve_docker/tasks/wallabag.yml +++ b/ansible/roles/pve_docker/tasks/wallabag.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install wallabag compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config register: compose_file - become: true - name: restart wallabag shell: diff --git a/ansible/roles/pve_docker/tasks/whoami.yml b/ansible/roles/pve_docker/tasks/whoami.yml index 0a3afde..fa2c4bd 100644 --- a/ansible/roles/pve_docker/tasks/whoami.yml +++ b/ansible/roles/pve_docker/tasks/whoami.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install whoami compose file template: @@ -14,7 +13,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config register: compose_file - become: true - name: restart whoami shell: diff --git a/ansible/roles/pve_tailscale_route/tasks/main.yml b/ansible/roles/pve_tailscale_route/tasks/main.yml index ee0e7fb..2f2276b 100644 --- a/ansible/roles/pve_tailscale_route/tasks/main.yml +++ b/ansible/roles/pve_tailscale_route/tasks/main.yml @@ -7,7 +7,6 @@ - "{{ tailscale_cidr }}" register: routes changed_when: false - become: true - name: Add route to tailscale hosts via ingress command: @@ -18,5 +17,4 @@ - "{{ tailscale_cidr }}" - via - "{{ pve_hosts.ingress.ip }}" - become: true when: tailscale_cidr not in routes.stdout diff --git a/ansible/roles/qbittorrent/handlers/main.yml b/ansible/roles/qbittorrent/handlers/main.yml index 687331f..a41e385 100644 --- a/ansible/roles/qbittorrent/handlers/main.yml +++ b/ansible/roles/qbittorrent/handlers/main.yml @@ -2,10 +2,8 @@ service: name: nginx state: reloaded - become: true - name: restart qbittorrent service: name: qbittorrent-nox@{{ qbittorrent_user.name }} state: restarted - become: true diff --git a/ansible/roles/qbittorrent/tasks/nginx.yml b/ansible/roles/qbittorrent/tasks/nginx.yml index 4ed9cdd..4b176bd 100644 --- a/ansible/roles/qbittorrent/tasks/nginx.yml +++ b/ansible/roles/qbittorrent/tasks/nginx.yml @@ -3,5 +3,4 @@ src: files/nginx.conf dest: /etc/nginx/http.d/downloads.conf mode: "0644" - become: true notify: reload nginx diff --git a/ansible/roles/qbittorrent/tasks/qbittorrent.yml b/ansible/roles/qbittorrent/tasks/qbittorrent.yml index fefc05b..ca3edbf 100644 --- a/ansible/roles/qbittorrent/tasks/qbittorrent.yml +++ b/ansible/roles/qbittorrent/tasks/qbittorrent.yml @@ -1,20 +1,17 @@ - name: Install qbittorrent package: name: qbittorrent-nox - become: true - name: Create user user: name: qbittorrent system: true - become: true register: qbittorrent_user - name: Enable service service: name: qbittorrent-nox@{{ qbittorrent_user.name }} enabled: true - become: true - name: Set configuration ini_file: @@ -42,5 +39,4 @@ - {section: Preferences, option: Bittorrent\MaxConnecsPerTorrent, value: -1"} - {section: Preferences, option: Bittorrent\MaxUploads, value: -1"} - {section: Preferences, option: Bittorrent\MaxUploadsPerTorrent, value: -1"} - become: true notify: restart qbittorrent diff --git a/ansible/roles/renovate/tasks/main.yml b/ansible/roles/renovate/tasks/main.yml index 1dfff88..4d77b71 100644 --- a/ansible/roles/renovate/tasks/main.yml +++ b/ansible/roles/renovate/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart renovate - become: true - name: Install config file template: @@ -26,7 +24,6 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: restart renovate - become: true - name: Install custom entrypoint template: @@ -35,4 +32,3 @@ mode: "0755" owner: "{{ docker_user.name }}" notify: restart renovate - become: true diff --git a/ansible/roles/restic/tasks/homeassistant.yml b/ansible/roles/restic/tasks/homeassistant.yml index d0f9141..4cc2c18 100644 --- a/ansible/roles/restic/tasks/homeassistant.yml +++ b/ansible/roles/restic/tasks/homeassistant.yml @@ -1,21 +1,18 @@ - name: Install CIFS utils package: name: cifs-utils - become: true - name: Create dir for CIFS mount file: path: /mnt/home-assistant state: directory mode: "0755" - become: true - name: Create dir for each CIFS mount file: path: /mnt/home-assistant/{{ item }} state: directory mode: "0600" - become: true loop: "{{ restic_homeassistant_mounts }}" - name: Create mounts @@ -25,5 +22,4 @@ opts: username=homeassistant,password={{ vault_homeassistant_smb_password }} src: //{{ pve_hosts.homeassistant.ip }}/{{ item }} state: mounted - become: true loop: "{{ restic_homeassistant_mounts }}" diff --git a/ansible/roles/restic/tasks/main.yml b/ansible/roles/restic/tasks/main.yml index d24f47d..f1eda18 100644 --- a/ansible/roles/restic/tasks/main.yml +++ b/ansible/roles/restic/tasks/main.yml @@ -1,19 +1,16 @@ - name: Install restic package: name: restic - become: true - name: Install runitor kewlfft.aur.aur: name: runitor-bin - become: true - name: Make user user: name: restic shell: /bin/nologin system: false - become: true - name: Install scripts template: @@ -25,7 +22,6 @@ - backrest.sh - restic-backup.sh - restic-forget.sh - become: true - name: Install includes files copy: @@ -33,7 +29,6 @@ dest: /home/restic/restic-include.txt mode: "0644" owner: restic - become: true - name: Install excludes files copy: @@ -41,7 +36,6 @@ dest: /home/restic/restic-excludes.txt mode: "0644" owner: restic - become: true - name: Set restic binary permissions file: @@ -49,13 +43,11 @@ mode: "0750" owner: root group: restic - become: true - name: Set cap_sys_chroot=+ep on restic community.general.capabilities: path: /usr/bin/restic capability: cap_dac_read_search=+ep - become: true - name: Schedule backup cron: @@ -64,7 +56,6 @@ minute: 0 job: CHECK_UUID={{ vault_restic_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-backup.sh user: restic - become: true - name: Schedule forget cron: @@ -74,7 +65,6 @@ weekday: 0 job: CHECK_UUID={{ vault_restic_forget_healthchecks_id }} /usr/bin/runitor -- /home/restic/restic-forget.sh user: restic - become: true when: restic_forget - name: Install pacman post script @@ -82,7 +72,6 @@ src: files/restic-post.sh dest: /usr/share/libalpm/scripts/restic-post.sh mode: "0700" - become: true when: ansible_os_family == 'Archlinux' - name: Install pacman post hook @@ -90,7 +79,6 @@ src: files/restic-post.hook dest: /usr/share/libalpm/hooks/restic-post.hook mode: "0600" - become: true when: ansible_os_family == 'Archlinux' - name: Install HomeAssistant mounts diff --git a/ansible/roles/s3_sync/tasks/main.yml b/ansible/roles/s3_sync/tasks/main.yml index fdb94b2..1d4ca6c 100644 --- a/ansible/roles/s3_sync/tasks/main.yml +++ b/ansible/roles/s3_sync/tasks/main.yml @@ -4,12 +4,10 @@ - name: Install rclone package: name: rclone - become: true - name: Install runitor kewlfft.aur.aur: name: runitor-bin - become: true - name: Make user user: @@ -17,7 +15,6 @@ shell: /bin/nologin system: false register: rclone_user - become: true - name: Create config directory file: @@ -25,7 +22,6 @@ state: directory owner: rclone mode: "0700" - become: true - name: Install rclone config template: @@ -33,7 +29,6 @@ dest: "{{ rclone_user.home }}/.config/rclone/rclone.conf" owner: rclone mode: "0600" - become: true - name: Create config directory file: @@ -41,7 +36,6 @@ state: directory owner: rclone mode: "0700" - become: true - name: Schedule sync cron: @@ -50,4 +44,3 @@ minute: 0 job: CHECK_UUID={{ vault_healthchecks_id }} /usr/bin/runitor -- /usr/bin/rclone sync s3:0rng-terraform {{ rclone_user.home }}/sync/0rng-terraform user: rclone - become: true diff --git a/ansible/roles/slides/tasks/main.yml b/ansible/roles/slides/tasks/main.yml index 15c1e91..0dd08d9 100644 --- a/ansible/roles/slides/tasks/main.yml +++ b/ansible/roles/slides/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart slides - become: true - name: Create credentials htpasswd: @@ -30,7 +28,6 @@ loop_control: label: "{{ item.user }}" notify: restart slides - become: true - name: Install nginx config template: @@ -38,7 +35,6 @@ dest: /etc/nginx/http.d/slides.conf mode: "0644" notify: reload nginx - become: true vars: server_name: slides.jakehoward.tech upstream: slides-slides-1.docker:80 diff --git a/ansible/roles/tandoor/tasks/main.yml b/ansible/roles/tandoor/tasks/main.yml index 6b67033..6e0bb16 100644 --- a/ansible/roles/tandoor/tasks/main.yml +++ b/ansible/roles/tandoor/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,4 +16,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart tandoor - become: true diff --git a/ansible/roles/traefik/tasks/main.yml b/ansible/roles/traefik/tasks/main.yml index f7e5f64..32adec0 100644 --- a/ansible/roles/traefik/tasks/main.yml +++ b/ansible/roles/traefik/tasks/main.yml @@ -5,7 +5,6 @@ docker_network: name: traefik internal: true - become: true - name: Create install directory file: @@ -13,7 +12,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Create config directory file: @@ -21,7 +19,6 @@ state: directory mode: "{{ docker_compose_directory_mask }}" owner: "{{ docker_user.name }}" - become: true - name: Create file provider directory file: @@ -29,7 +26,6 @@ state: directory mode: "{{ docker_compose_directory_mask }}" owner: "{{ docker_user.name }}" - become: true - name: Install compose file template: @@ -39,7 +35,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart traefik - become: true - name: Install config template: @@ -50,7 +45,6 @@ lstrip_blocks: true trim_blocks: true notify: restart traefik - become: true - name: Install file provider template: @@ -59,7 +53,6 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: restart traefik - become: true - name: Install homeassistant provider template: @@ -69,7 +62,6 @@ owner: "{{ docker_user.name }}" notify: restart traefik when: traefik_provider_homeassistant - become: true - name: Install jellyfin provider template: @@ -79,7 +71,6 @@ owner: "{{ docker_user.name }}" notify: restart traefik when: traefik_provider_jellyfin - become: true - name: Install grafana provider template: @@ -89,7 +80,6 @@ owner: "{{ docker_user.name }}" notify: restart traefik when: traefik_provider_grafana - become: true - name: Install uptime-kuma provider template: @@ -99,4 +89,3 @@ owner: "{{ docker_user.name }}" notify: restart traefik when: traefik_provider_uptime_kuma - become: true diff --git a/ansible/roles/uptime_kuma/tasks/main.yml b/ansible/roles/uptime_kuma/tasks/main.yml index a2b460a..1ef17f0 100644 --- a/ansible/roles/uptime_kuma/tasks/main.yml +++ b/ansible/roles/uptime_kuma/tasks/main.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -14,4 +13,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart uptime-kuma - become: true diff --git a/ansible/roles/vaultwarden/tasks/main.yml b/ansible/roles/vaultwarden/tasks/main.yml index 229a4d6..b1829e9 100644 --- a/ansible/roles/vaultwarden/tasks/main.yml +++ b/ansible/roles/vaultwarden/tasks/main.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -14,4 +13,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart vaultwarden - become: true diff --git a/ansible/roles/vikunja/tasks/main.yml b/ansible/roles/vikunja/tasks/main.yml index 1e3fe7b..bf77301 100644 --- a/ansible/roles/vikunja/tasks/main.yml +++ b/ansible/roles/vikunja/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,4 +16,3 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart vikunja - become: true diff --git a/ansible/roles/website/tasks/main.yml b/ansible/roles/website/tasks/main.yml index 2e94ca6..f82d829 100644 --- a/ansible/roles/website/tasks/main.yml +++ b/ansible/roles/website/tasks/main.yml @@ -7,7 +7,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -17,7 +16,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart website - become: true - name: Install nginx config template: @@ -25,7 +23,6 @@ dest: /etc/nginx/http.d/website.conf mode: "0644" notify: reload nginx - become: true vars: server_name: theorangeone.net upstream: website-website-1.docker:8000 diff --git a/ansible/roles/yourls/tasks/main.yml b/ansible/roles/yourls/tasks/main.yml index 950db42..b48ed29 100644 --- a/ansible/roles/yourls/tasks/main.yml +++ b/ansible/roles/yourls/tasks/main.yml @@ -4,7 +4,6 @@ state: directory owner: "{{ docker_user.name }}" mode: "{{ docker_compose_directory_mask }}" - become: true - name: Install compose file template: @@ -14,7 +13,6 @@ owner: "{{ docker_user.name }}" validate: docker-compose -f %s config notify: restart yourls - become: true - name: Install redirect file template: @@ -23,4 +21,3 @@ mode: "{{ docker_compose_file_mask }}" owner: "{{ docker_user.name }}" notify: restart yourls - become: true diff --git a/ansible/roles/zfs/tasks/main.yml b/ansible/roles/zfs/tasks/main.yml index 2bd7f4e..cb81359 100644 --- a/ansible/roles/zfs/tasks/main.yml +++ b/ansible/roles/zfs/tasks/main.yml @@ -3,7 +3,6 @@ src: files/zfs-modprobe.conf dest: /etc/modprobe.d/zfs.conf mode: "0644" - become: true - name: ZFS Scrub cron: @@ -12,14 +11,12 @@ minute: 0 weekday: 5 job: zpool scrub {{ item }} - become: true loop: "{{ zpools_to_scrub }}" - name: Give user passwordless access to ZFS commands lineinfile: path: /etc/sudoers line: "{{ me.user }} ALL=(ALL) NOPASSWD: /usr/sbin/zfs,/usr/sbin/zpool" - become: true - name: Sanoid include_tasks: sanoid.yml diff --git a/ansible/roles/zfs/tasks/sanoid.yml b/ansible/roles/zfs/tasks/sanoid.yml index b30dd71..21b28f2 100644 --- a/ansible/roles/zfs/tasks/sanoid.yml +++ b/ansible/roles/zfs/tasks/sanoid.yml @@ -8,7 +8,6 @@ - pv - lzop when: ansible_os_family == 'Archlinux' - become: true - name: Install dependencies for Debian-based distros package: @@ -20,28 +19,24 @@ - lzop - mbuffer when: ansible_os_family == 'Debian' - become: true - name: Download git: repo: https://github.com/jimsalterjrs/sanoid.git dest: /opt/sanoid version: v2.1.0 - become: true - name: Create config directory file: path: /etc/sanoid state: directory mode: "0755" - become: true - name: Install default config file: src: /opt/sanoid/sanoid.defaults.conf dest: /etc/sanoid/sanoid.defaults.conf state: link - become: true - name: Install executables file: @@ -53,14 +48,12 @@ - syncoid - findoid - sleepymutex - become: true - name: Install config template: src: files/sanoid.conf dest: /etc/sanoid/sanoid.conf mode: "0755" - become: true - name: Install systemd services file: @@ -68,7 +61,6 @@ dest: /lib/systemd/system/{{ item }} state: link loop: "{{ sanoid_services }}" - become: true - name: Enable systemd services systemd: @@ -76,10 +68,8 @@ enabled: true masked: false loop: "{{ sanoid_services }}" - become: true - name: Start sanoid timer systemd: name: sanoid.timer state: started - become: true