diff --git a/playbook-app-homepage.yml b/playbook-app-homepage.yml index f49e4d3..554ca4e 100644 --- a/playbook-app-homepage.yml +++ b/playbook-app-homepage.yml @@ -1,5 +1,5 @@ --- -- name: 'Deploy homepage application' +- name: "Deploy homepage application" hosts: all vars_files: @@ -7,59 +7,58 @@ - vars/vars.yml vars: - app_name: 'homepage' - base_dir: '/home/major/applications/{{ app_name }}/' - docker_registry_prefix: 'cr.yandex/crplfk0168i4o8kd7ade' - homepage_web_image: '{{ homepage_web_image | default(omit) }}' + app_name: "homepage" + base_dir: "/home/major/applications/{{ app_name }}/" + docker_registry_prefix: "cr.yandex/crplfk0168i4o8kd7ade" + homepage_web_image: "{{ homepage_web_image | default(omit) }}" tasks: - - - name: 'Check is web service imape passed' + - name: "Check is web service imape passed" ansible.builtin.assert: that: - - 'homepage_web_image is defined' + - "homepage_web_image is defined" fail_msg: 'You must pass variable "homepage_web_image"' - - name: 'Create full image name with container registry' + - name: "Create full image name with container registry" ansible.builtin.set_fact: - registry_homepage_web_image: '{{ (docker_registry_prefix, homepage_web_image) | path_join }}' + registry_homepage_web_image: "{{ (docker_registry_prefix, homepage_web_image) | path_join }}" - - name: 'Push web service image to remote registry' + - name: "Push web service image to remote registry" community.docker.docker_image: state: present source: local - name: '{{ homepage_web_image }}' - repository: '{{ registry_homepage_web_image }}' + name: "{{ homepage_web_image }}" + repository: "{{ registry_homepage_web_image }}" push: true delegate_to: 127.0.0.1 - - name: 'Create application directories' + - name: "Create application directories" ansible.builtin.file: - path: '{{ item }}' - state: 'directory' - mode: '0755' + path: "{{ item }}" + state: "directory" + mode: "0755" loop: - - '{{ base_dir }}' + - "{{ base_dir }}" - - name: 'Copy application files' + - name: "Copy application files" ansible.builtin.copy: - src: '{{ item }}' - dest: '{{ base_dir }}' - mode: '0644' + src: "{{ item }}" + dest: "{{ base_dir }}" + mode: "0644" loop: - - './files/{{ app_name }}/docker-compose.yml' + - "./files/{{ app_name }}/docker-compose.yml" - - name: 'Set up environment variables for application' + - name: "Set up environment variables for application" ansible.builtin.template: - src: 'env.j2' + src: "env.j2" dest: '{{ (base_dir, ".env") | path_join }}' - mode: '0644' + mode: "0644" vars: env_dict: - WEB_SERVICE_IMAGE: '{{ registry_homepage_web_image }}' - WEB_SERVICE_PORT: '{{ homepage_port }}' + WEB_SERVICE_IMAGE: "{{ registry_homepage_web_image }}" + WEB_SERVICE_PORT: "{{ homepage_port }}" - - name: 'Run application with docker compose' + - name: "Run application with docker compose" community.docker.docker_compose_v2: - project_src: '{{ base_dir }}' - state: 'present' + project_src: "{{ base_dir }}" + state: "present" diff --git a/playbook-backups.yml b/playbook-backups.yml index 180a40b..45f89f5 100644 --- a/playbook-backups.yml +++ b/playbook-backups.yml @@ -1,5 +1,5 @@ --- -- name: 'Configure restic and backup schedule' +- name: "Configure restic and backup schedule" hosts: all vars_files: @@ -7,8 +7,7 @@ - vars/secrets.yml tasks: - - - name: 'Copy restic shell script' + - name: "Copy restic shell script" ansible.builtin.template: src: "files/backups/restic-shell.sh.j2" dest: "{{ bin_prefix }}/restic-shell.sh" @@ -16,49 +15,49 @@ group: root mode: "0700" - - name: 'Copy restic backup script' + - name: "Copy restic backup script" ansible.builtin.template: src: "files/backups/restic-backup.sh.j2" dest: "{{ bin_prefix }}/restic-backup.sh" owner: root group: root - mode: '0700' + mode: "0700" - - name: 'Create gobackup config directory' + - name: "Create gobackup config directory" ansible.builtin.file: path: "{{ backup_gobackup_config | dirname }}" state: directory - mode: '0755' + mode: "0755" - - name: 'Copy gobackup config files' + - name: "Copy gobackup config files" ansible.builtin.template: src: "files/backups/gobackup.yml.j2" dest: "{{ backup_gobackup_config }}" owner: root group: root - mode: '0700' + mode: "0700" - name: "Setup paths for backup cron file" ansible.builtin.cron: - cron_file: 'ansible_restic_backup' - user: 'root' + cron_file: "ansible_restic_backup" + user: "root" env: true - name: 'PATH' - job: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin' + name: "PATH" + job: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin" - name: "Setup mail for backup cron file" ansible.builtin.cron: - cron_file: 'ansible_restic_backup' - user: 'root' + cron_file: "ansible_restic_backup" + user: "root" env: true - name: 'MAILTO' - job: '' + name: "MAILTO" + job: "" - name: "Creates a cron file for backups under /etc/cron.d" ansible.builtin.cron: - name: 'restic backup' - minute: '0' - hour: '1' - job: '/usr/local/bin/restic-backup.sh 2>&1 | logger -t backup' - cron_file: 'ansible_restic_backup' - user: 'root' + name: "restic backup" + minute: "0" + hour: "1" + job: "/usr/local/bin/restic-backup.sh 2>&1 | logger -t backup" + cron_file: "ansible_restic_backup" + user: "root" diff --git a/playbook-caddy.yml b/playbook-caddy.yml index d2a4112..8975b07 100644 --- a/playbook-caddy.yml +++ b/playbook-caddy.yml @@ -1,5 +1,5 @@ --- -- name: 'Install and configure Caddy server' +- name: "Install and configure Caddy server" hosts: all vars_files: @@ -7,18 +7,17 @@ - vars/vars.yml tasks: - - - name: 'Ensure networkd service is started (required by Caddy).' + - name: "Ensure networkd service is started (required by Caddy)." ansible.builtin.systemd: name: systemd-networkd state: started enabled: true - - name: 'Install and configure Caddy server' + - name: "Install and configure Caddy server" ansible.builtin.import_role: name: caddy_ansible.caddy_ansible vars: - caddy_github_token: '{{ caddy_vars.github_token }}' + caddy_github_token: "{{ caddy_vars.github_token }}" caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}' caddy_setcap: true caddy_systemd_capabilities_enabled: true diff --git a/playbook-configuration.yml b/playbook-configuration.yml index dbe28a0..b32c582 100644 --- a/playbook-configuration.yml +++ b/playbook-configuration.yml @@ -6,10 +6,9 @@ - vars/vars.yml tasks: - # Applications - - import_role: + - ansible.builtin.import_role: name: docker-app vars: username: gitea @@ -22,13 +21,13 @@ DOCKER_PREFIX: gitea IMAGE_PREFIX: gitea CONTAINER_PREFIX: gitea - WEB_SERVER_PORT: '127.0.0.1:{{ gitea_port }}' - USER_UID: '{{ uc_result.uid }}' - USER_GID: '{{ uc_result.group }}' + WEB_SERVER_PORT: "127.0.0.1:{{ gitea_port }}" + USER_UID: "{{ uc_result.uid }}" + USER_GID: "{{ uc_result.group }}" tags: - apps - - import_role: + - ansible.builtin.import_role: name: docker-app vars: username: keycloak @@ -41,15 +40,15 @@ DOCKER_PREFIX: keycloak IMAGE_PREFIX: keycloak CONTAINER_PREFIX: keycloak - WEB_SERVER_PORT: '127.0.0.1:{{ keycloak_port }}' - KEYCLOAK_ADMIN: '{{ keycloak.admin_login }}' - KEYCLOAK_ADMIN_PASSWORD: '{{ keycloak.admin_password }}' - USER_UID: '{{ uc_result.uid }}' - USER_GID: '{{ uc_result.group }}' + WEB_SERVER_PORT: "127.0.0.1:{{ keycloak_port }}" + KEYCLOAK_ADMIN: "{{ keycloak.admin_login }}" + KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak.admin_password }}" + USER_UID: "{{ uc_result.uid }}" + USER_GID: "{{ uc_result.group }}" tags: - apps - - import_role: + - ansible.builtin.import_role: name: docker-app vars: username: outline @@ -62,38 +61,38 @@ DOCKER_PREFIX: outline IMAGE_PREFIX: outline CONTAINER_PREFIX: outline - WEB_SERVER_PORT: '127.0.0.1:{{ outline_port }}' - USER_UID: '{{ uc_result.uid }}' - USER_GID: '{{ uc_result.group }}' + WEB_SERVER_PORT: "127.0.0.1:{{ outline_port }}" + USER_UID: "{{ uc_result.uid }}" + USER_GID: "{{ uc_result.group }}" # Postgres - POSTGRES_USER: '{{ outline.postgres_user }}' - POSTGRES_PASSWORD: '{{ outline.postgres_password }}' - POSTGRES_DB: 'outline' + POSTGRES_USER: "{{ outline.postgres_user }}" + POSTGRES_PASSWORD: "{{ outline.postgres_password }}" + POSTGRES_DB: "outline" # See sample https://github.com/outline/outline/blob/main/.env.sample - NODE_ENV: 'production' - SECRET_KEY: '{{ outline.secret_key }}' - UTILS_SECRET: '{{ outline.utils_secret }}' - DATABASE_URL: 'postgres://{{ outline.postgres_user }}:{{ outline.postgres_password }}@postgres:5432/outline' - PGSSLMODE: 'disable' - REDIS_URL: 'redis://redis:6379' - URL: 'https://outline.vakhrushev.me' - FILE_STORAGE: 's3' - AWS_ACCESS_KEY_ID: '{{ outline.s3_access_key }}' - AWS_SECRET_ACCESS_KEY: '{{ outline.s3_secret_key }}' - AWS_REGION: 'ru-central1' - AWS_S3_ACCELERATE_URL: '' - AWS_S3_UPLOAD_BUCKET_URL: 'https://storage.yandexcloud.net' - AWS_S3_UPLOAD_BUCKET_NAME: 'av-outline-wiki' - AWS_S3_FORCE_PATH_STYLE: 'true' - AWS_S3_ACL: 'private' - OIDC_CLIENT_ID: '{{ outline.oidc_client_id }}' - OIDC_CLIENT_SECRET: '{{ outline.oidc_client_secret }}' - OIDC_AUTH_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/auth' - OIDC_TOKEN_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/token' - OIDC_USERINFO_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/userinfo' - OIDC_LOGOUT_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/logout' - OIDC_USERNAME_CLAIM: 'email' - OIDC_DISPLAY_NAME: 'KK' + NODE_ENV: "production" + SECRET_KEY: "{{ outline.secret_key }}" + UTILS_SECRET: "{{ outline.utils_secret }}" + DATABASE_URL: "postgres://{{ outline.postgres_user }}:{{ outline.postgres_password }}@postgres:5432/outline" + PGSSLMODE: "disable" + REDIS_URL: "redis://redis:6379" + URL: "https://outline.vakhrushev.me" + FILE_STORAGE: "s3" + AWS_ACCESS_KEY_ID: "{{ outline.s3_access_key }}" + AWS_SECRET_ACCESS_KEY: "{{ outline.s3_secret_key }}" + AWS_REGION: "ru-central1" + AWS_S3_ACCELERATE_URL: "" + AWS_S3_UPLOAD_BUCKET_URL: "https://storage.yandexcloud.net" + AWS_S3_UPLOAD_BUCKET_NAME: "av-outline-wiki" + AWS_S3_FORCE_PATH_STYLE: "true" + AWS_S3_ACL: "private" + OIDC_CLIENT_ID: "{{ outline.oidc_client_id }}" + OIDC_CLIENT_SECRET: "{{ outline.oidc_client_secret }}" + OIDC_AUTH_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/auth" + OIDC_TOKEN_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/token" + OIDC_USERINFO_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/userinfo" + OIDC_LOGOUT_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/logout" + OIDC_USERNAME_CLAIM: "email" + OIDC_DISPLAY_NAME: "KK" tags: - apps diff --git a/playbook-docker.yml b/playbook-docker.yml index 2c4589f..a300ea8 100644 --- a/playbook-docker.yml +++ b/playbook-docker.yml @@ -1,5 +1,5 @@ --- -- name: 'Configure docker parameters' +- name: "Configure docker parameters" hosts: all vars_files: @@ -7,16 +7,15 @@ - vars/vars.yml tasks: - - - name: 'Install python docker lib from pip' + - name: "Install python docker lib from pip" ansible.builtin.pip: name: docker - - name: 'Install docker' + - name: "Install docker" ansible.builtin.import_role: name: geerlingguy.docker vars: - docker_edition: 'ce' + docker_edition: "ce" docker_packages: - "docker-{{ docker_edition }}" - "docker-{{ docker_edition }}-cli" @@ -24,6 +23,6 @@ docker_users: - major - - name: 'Login to yandex docker registry.' + - name: "Login to yandex docker registry." ansible.builtin.script: - cmd: 'files/yandex-docker-registry-auth.sh' + cmd: "files/yandex-docker-registry-auth.sh" diff --git a/playbook-eget.yml b/playbook-eget.yml index af59993..a8eea7f 100644 --- a/playbook-eget.yml +++ b/playbook-eget.yml @@ -1,5 +1,5 @@ --- -- name: 'Install eget' +- name: "Install eget" hosts: all vars_files: @@ -9,39 +9,38 @@ # See: https://github.com/zyedidia/eget/releases vars: - eget_install_dir: '{{ bin_prefix }}' + eget_install_dir: "{{ bin_prefix }}" eget_bin_path: '{{ (eget_install_dir, "eget") | path_join }}' tasks: - - - name: 'Install eget' + - name: "Install eget" ansible.builtin.import_role: name: eget vars: - eget_version: '1.3.4' - eget_install_path: '{{ eget_bin_path }}' + eget_version: "1.3.4" + eget_install_path: "{{ eget_bin_path }}" - - name: 'Install rclone' + - name: "Install rclone" ansible.builtin.command: - cmd: '{{ eget_bin_path }} rclone/rclone --quiet --upgrade-only --to {{ eget_install_dir }} --asset zip --tag v1.69.2' + cmd: "{{ eget_bin_path }} rclone/rclone --quiet --upgrade-only --to {{ eget_install_dir }} --asset zip --tag v1.69.2" changed_when: false - - name: 'Install btop' + - name: "Install btop" ansible.builtin.command: - cmd: '{{ eget_bin_path }} aristocratos/btop --quiet --upgrade-only --to {{ eget_install_dir }} --tag v1.4.2' + cmd: "{{ eget_bin_path }} aristocratos/btop --quiet --upgrade-only --to {{ eget_install_dir }} --tag v1.4.2" changed_when: false - - name: 'Install restic' + - name: "Install restic" ansible.builtin.command: - cmd: '{{ eget_bin_path }} restic/restic --quiet --upgrade-only --to {{ eget_install_dir }} --tag v0.18.0' + cmd: "{{ eget_bin_path }} restic/restic --quiet --upgrade-only --to {{ eget_install_dir }} --tag v0.18.0" changed_when: false - - name: 'Install gobackup' + - name: "Install gobackup" ansible.builtin.command: - cmd: '{{ eget_bin_path }} gobackup/gobackup --quiet --upgrade-only --to {{ eget_install_dir }} --tag v2.14.0' + cmd: "{{ eget_bin_path }} gobackup/gobackup --quiet --upgrade-only --to {{ eget_install_dir }} --tag v2.14.0" changed_when: false - - name: 'Install task' + - name: "Install task" ansible.builtin.command: - cmd: '{{ eget_bin_path }} go-task/task --quiet --upgrade-only --to {{ eget_install_dir }} --asset tar.gz --tag v3.43.3' + cmd: "{{ eget_bin_path }} go-task/task --quiet --upgrade-only --to {{ eget_install_dir }} --asset tar.gz --tag v3.43.3" changed_when: false diff --git a/playbook-gramps.yml b/playbook-gramps.yml index bce486e..b1400af 100644 --- a/playbook-gramps.yml +++ b/playbook-gramps.yml @@ -1,5 +1,5 @@ --- -- name: 'Configure gramps application' +- name: "Configure gramps application" hosts: all vars_files: @@ -7,32 +7,31 @@ - vars/vars.yml vars: - app_name: 'gramps' - base_dir: '/home/{{ primary_user }}/applications/{{ app_name }}/' + app_name: "gramps" + base_dir: "/home/{{ primary_user }}/applications/{{ app_name }}/" tasks: - - - name: 'Create application directories' + - name: "Create application directories" ansible.builtin.file: - path: '{{ item }}' - state: 'directory' - owner: '{{ primary_user }}' - group: '{{ primary_user }}' - mode: '0755' + path: "{{ item }}" + state: "directory" + owner: "{{ primary_user }}" + group: "{{ primary_user }}" + mode: "0755" loop: - - '{{ base_dir }}' + - "{{ base_dir }}" - '{{ (base_dir, "data") | path_join }}' - - name: 'Copy docker compose file' + - name: "Copy docker compose file" ansible.builtin.template: - src: './files/{{ app_name }}/docker-compose.yml.j2' - dest: '{{ base_dir }}/docker-compose.yml' - owner: '{{ primary_user }}' - group: '{{ primary_user }}' - mode: '0644' + src: "./files/{{ app_name }}/docker-compose.yml.j2" + dest: "{{ base_dir }}/docker-compose.yml" + owner: "{{ primary_user }}" + group: "{{ primary_user }}" + mode: "0644" - - name: 'Run application with docker compose' + - name: "Run application with docker compose" community.docker.docker_compose_v2: - project_src: '{{ base_dir }}' - state: 'present' + project_src: "{{ base_dir }}" + state: "present" remove_orphans: true diff --git a/playbook-netdata.yml b/playbook-netdata.yml index 3558ad1..aa46980 100644 --- a/playbook-netdata.yml +++ b/playbook-netdata.yml @@ -1,5 +1,5 @@ --- -- name: 'Install Netdata monitoring service' +- name: "Install Netdata monitoring service" hosts: all vars_files: @@ -7,11 +7,11 @@ - vars/vars.yml tasks: - - name: 'Install Netdata from role' + - name: "Install Netdata from role" ansible.builtin.import_role: name: netdata vars: - netdata_version: 'v2.4.0' - netdata_exposed_port: '{{ netdata_port }}' + netdata_version: "v2.4.0" + netdata_exposed_port: "{{ netdata_port }}" tags: - monitoring diff --git a/playbook-remove-user-and-app.yml b/playbook-remove-user-and-app.yml index f0ff17c..0f825d4 100644 --- a/playbook-remove-user-and-app.yml +++ b/playbook-remove-user-and-app.yml @@ -1,5 +1,5 @@ --- -- name: 'Update and upgrade system packages' +- name: "Update and upgrade system packages" hosts: all vars_files: @@ -7,21 +7,21 @@ - vars/vars.yml vars: - user_name: '' + user_name: "" tasks: - name: 'Remove user "{{ user_name }}"' ansible.builtin.user: - name: '{{ user_name }}' + name: "{{ user_name }}" state: absent remove: true - name: 'Remove group "{{ user_name }}"' ansible.builtin.group: - name: '{{ user_name }}' + name: "{{ user_name }}" state: absent - - name: 'Remove web dir' + - name: "Remove web dir" ansible.builtin.file: - path: '/var/www/{{ user_name }}' + path: "/var/www/{{ user_name }}" state: absent diff --git a/playbook-system.yml b/playbook-system.yml index 372004f..6b40af1 100644 --- a/playbook-system.yml +++ b/playbook-system.yml @@ -1,5 +1,5 @@ --- -- name: 'Configure base system parameters' +- name: "Configure base system parameters" hosts: all vars_files: @@ -20,13 +20,12 @@ - tree tasks: - - - name: 'Install additional apt packages' + - name: "Install additional apt packages" ansible.builtin.apt: - name: '{{ apt_packages }}' + name: "{{ apt_packages }}" update_cache: true - - name: 'Configure timezone' + - name: "Configure timezone" ansible.builtin.import_role: name: yatesr.timezone vars: @@ -34,7 +33,7 @@ tags: - skip_ansible_lint - - name: 'Configure security settings' + - name: "Configure security settings" ansible.builtin.import_role: name: geerlingguy.security vars: diff --git a/playbook-upgrade.yml b/playbook-upgrade.yml index e273304..493dfc2 100644 --- a/playbook-upgrade.yml +++ b/playbook-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: 'Update and upgrade system packages' +- name: "Update and upgrade system packages" hosts: all vars_files: @@ -9,7 +9,7 @@ tasks: - name: Perform an upgrade of packages ansible.builtin.apt: - upgrade: 'yes' + upgrade: "yes" update_cache: true - name: Check if a reboot is required