av/pet-project-server
1
0
Fork 0
Code Pull Requests Activity

Compare commits

base: av:3054836085feb4210cc6273c3c6aeda7266d9ac7
Branches Tags
av:master
...
compare: av:9a3e646d8a2c7e513538d64d48bcaa257e7bfb18
Branches Tags
av:master

2 Commits
3054836085 ... 9a3e646d8a

Author SHA1 Message Date
Anton Vakhrushev
9a3e646d8a Refactor gitea app: deploy with ansible 2025-05-03 14:44:23 +03:00
Anton Vakhrushev
f4b5fcb0f1 Format playbooks with ansible-lint 2025-05-03 10:41:00 +03:00
17 changed files with 240 additions and 218 deletions
Expand all files Collapse all files

0
app/gitea/.env → files/gitea/.env
View File

0
app/gitea/.gitignore → files/gitea/.gitignore vendored
View File

3
app/gitea/docker-compose.yml → files/gitea/docker-compose.yml.j2
View File

@ -1,8 +1,9 @@
services: services:
server: server:
image: gitea/gitea:1.23.1 image: gitea/gitea:1.22.6
restart: unless-stopped restart: unless-stopped
container_name: gitea_web_app
environment: environment:
- "USER_UID=${USER_UID}" - "USER_UID=${USER_UID}"
- "USER_GID=${USER_GID}" - "USER_GID=${USER_GID}"

61
playbook-app-homepage.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Deploy homepage application' - name: "Deploy homepage application"
hosts: all hosts: all
vars_files: vars_files:
@ -7,59 +7,58 @@
- vars/vars.yml - vars/vars.yml
vars: vars:
app_name: 'homepage' app_name: "homepage"
base_dir: '/home/major/applications/{{ app_name }}/' base_dir: "/home/major/applications/{{ app_name }}/"
docker_registry_prefix: 'cr.yandex/crplfk0168i4o8kd7ade' docker_registry_prefix: "cr.yandex/crplfk0168i4o8kd7ade"
homepage_web_image: '{{ homepage_web_image | default(omit) }}' homepage_web_image: "{{ homepage_web_image | default(omit) }}"
tasks: tasks:
- name: "Check is web service imape passed"
- name: 'Check is web service imape passed'
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- 'homepage_web_image is defined' - "homepage_web_image is defined"
fail_msg: 'You must pass variable "homepage_web_image"' fail_msg: 'You must pass variable "homepage_web_image"'
- name: 'Create full image name with container registry' - name: "Create full image name with container registry"
ansible.builtin.set_fact: ansible.builtin.set_fact:
registry_homepage_web_image: '{{ (docker_registry_prefix, homepage_web_image) | path_join }}' registry_homepage_web_image: "{{ (docker_registry_prefix, homepage_web_image) | path_join }}"
- name: 'Push web service image to remote registry' - name: "Push web service image to remote registry"
community.docker.docker_image: community.docker.docker_image:
state: present state: present
source: local source: local
name: '{{ homepage_web_image }}' name: "{{ homepage_web_image }}"
repository: '{{ registry_homepage_web_image }}' repository: "{{ registry_homepage_web_image }}"
push: true push: true
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
- name: 'Create application directories' - name: "Create application directories"
ansible.builtin.file: ansible.builtin.file:
path: '{{ item }}' path: "{{ item }}"
state: 'directory' state: "directory"
mode: '0755' mode: "0755"
loop: loop:
- '{{ base_dir }}' - "{{ base_dir }}"
- name: 'Copy application files' - name: "Copy application files"
ansible.builtin.copy: ansible.builtin.copy:
src: '{{ item }}' src: "{{ item }}"
dest: '{{ base_dir }}' dest: "{{ base_dir }}"
mode: '0644' mode: "0644"
loop: loop:
- './files/{{ app_name }}/docker-compose.yml' - "./files/{{ app_name }}/docker-compose.yml"
- name: 'Set up environment variables for application' - name: "Set up environment variables for application"
ansible.builtin.template: ansible.builtin.template:
src: 'env.j2' src: "env.j2"
dest: '{{ (base_dir, ".env") | path_join }}' dest: '{{ (base_dir, ".env") | path_join }}'
mode: '0644' mode: "0644"
vars: vars:
env_dict: env_dict:
WEB_SERVICE_IMAGE: '{{ registry_homepage_web_image }}' WEB_SERVICE_IMAGE: "{{ registry_homepage_web_image }}"
WEB_SERVICE_PORT: '{{ homepage_port }}' WEB_SERVICE_PORT: "{{ homepage_port }}"
- name: 'Run application with docker compose' - name: "Run application with docker compose"
community.docker.docker_compose_v2: community.docker.docker_compose_v2:
project_src: '{{ base_dir }}' project_src: "{{ base_dir }}"
state: 'present' state: "present"

45
playbook-backups.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Configure restic and backup schedule' - name: "Configure restic and backup schedule"
hosts: all hosts: all
vars_files: vars_files:
@ -7,8 +7,7 @@
- vars/secrets.yml - vars/secrets.yml
tasks: tasks:
- name: "Copy restic shell script"
- name: 'Copy restic shell script'
ansible.builtin.template: ansible.builtin.template:
src: "files/backups/restic-shell.sh.j2" src: "files/backups/restic-shell.sh.j2"
dest: "{{ bin_prefix }}/restic-shell.sh" dest: "{{ bin_prefix }}/restic-shell.sh"
@ -16,49 +15,49 @@
group: root group: root
mode: "0700" mode: "0700"
- name: 'Copy restic backup script' - name: "Copy restic backup script"
ansible.builtin.template: ansible.builtin.template:
src: "files/backups/restic-backup.sh.j2" src: "files/backups/restic-backup.sh.j2"
dest: "{{ bin_prefix }}/restic-backup.sh" dest: "{{ bin_prefix }}/restic-backup.sh"
owner: root owner: root
group: root group: root
mode: '0700' mode: "0700"
- name: 'Create gobackup config directory' - name: "Create gobackup config directory"
ansible.builtin.file: ansible.builtin.file:
path: "{{ backup_gobackup_config | dirname }}" path: "{{ backup_gobackup_config | dirname }}"
state: directory state: directory
mode: '0755' mode: "0755"
- name: 'Copy gobackup config files' - name: "Copy gobackup config files"
ansible.builtin.template: ansible.builtin.template:
src: "files/backups/gobackup.yml.j2" src: "files/backups/gobackup.yml.j2"
dest: "{{ backup_gobackup_config }}" dest: "{{ backup_gobackup_config }}"
owner: root owner: root
group: root group: root
mode: '0700' mode: "0700"
- name: "Setup paths for backup cron file" - name: "Setup paths for backup cron file"
ansible.builtin.cron: ansible.builtin.cron:
cron_file: 'ansible_restic_backup' cron_file: "ansible_restic_backup"
user: 'root' user: "root"
env: true env: true
name: 'PATH' name: "PATH"
job: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin' job: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
- name: "Setup mail for backup cron file" - name: "Setup mail for backup cron file"
ansible.builtin.cron: ansible.builtin.cron:
cron_file: 'ansible_restic_backup' cron_file: "ansible_restic_backup"
user: 'root' user: "root"
env: true env: true
name: 'MAILTO' name: "MAILTO"
job: '' job: ""
- name: "Creates a cron file for backups under /etc/cron.d" - name: "Creates a cron file for backups under /etc/cron.d"
ansible.builtin.cron: ansible.builtin.cron:
name: 'restic backup' name: "restic backup"
minute: '0' minute: "0"
hour: '1' hour: "1"
job: '/usr/local/bin/restic-backup.sh 2>&1 | logger -t backup' job: "/usr/local/bin/restic-backup.sh 2>&1 | logger -t backup"
cron_file: 'ansible_restic_backup' cron_file: "ansible_restic_backup"
user: 'root' user: "root"

9
playbook-caddy.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Install and configure Caddy server' - name: "Install and configure Caddy server"
hosts: all hosts: all
vars_files: vars_files:
@ -7,18 +7,17 @@
- vars/vars.yml - vars/vars.yml
tasks: tasks:
- name: "Ensure networkd service is started (required by Caddy)."
- name: 'Ensure networkd service is started (required by Caddy).'
ansible.builtin.systemd: ansible.builtin.systemd:
name: systemd-networkd name: systemd-networkd
state: started state: started
enabled: true enabled: true
- name: 'Install and configure Caddy server' - name: "Install and configure Caddy server"
ansible.builtin.import_role: ansible.builtin.import_role:
name: caddy_ansible.caddy_ansible name: caddy_ansible.caddy_ansible
vars: vars:
caddy_github_token: '{{ caddy_vars.github_token }}' caddy_github_token: "{{ caddy_vars.github_token }}"
caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}' caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}'
caddy_setcap: true caddy_setcap: true
caddy_systemd_capabilities_enabled: true caddy_systemd_capabilities_enabled: true

94
playbook-configuration.yml
View File

@ -6,29 +6,9 @@
- vars/vars.yml - vars/vars.yml
tasks: tasks:
# Applications # Applications
- import_role: - ansible.builtin.import_role:
name: docker-app
vars:
username: gitea
extra_groups:
- docker
ssh_keys:
- '{{ lookup("file", "files/av_id_rsa.pub") }}'
env:
PROJECT_NAME: gitea
DOCKER_PREFIX: gitea
IMAGE_PREFIX: gitea
CONTAINER_PREFIX: gitea
WEB_SERVER_PORT: '127.0.0.1:{{ gitea_port }}'
USER_UID: '{{ uc_result.uid }}'
USER_GID: '{{ uc_result.group }}'
tags:
- apps
- import_role:
name: docker-app name: docker-app
vars: vars:
username: keycloak username: keycloak
@ -41,15 +21,15 @@
DOCKER_PREFIX: keycloak DOCKER_PREFIX: keycloak
IMAGE_PREFIX: keycloak IMAGE_PREFIX: keycloak
CONTAINER_PREFIX: keycloak CONTAINER_PREFIX: keycloak
WEB_SERVER_PORT: '127.0.0.1:{{ keycloak_port }}' WEB_SERVER_PORT: "127.0.0.1:{{ keycloak_port }}"
KEYCLOAK_ADMIN: '{{ keycloak.admin_login }}' KEYCLOAK_ADMIN: "{{ keycloak.admin_login }}"
KEYCLOAK_ADMIN_PASSWORD: '{{ keycloak.admin_password }}' KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak.admin_password }}"
USER_UID: '{{ uc_result.uid }}' USER_UID: "{{ uc_result.uid }}"
USER_GID: '{{ uc_result.group }}' USER_GID: "{{ uc_result.group }}"
tags: tags:
- apps - apps
- import_role: - ansible.builtin.import_role:
name: docker-app name: docker-app
vars: vars:
username: outline username: outline
@ -62,38 +42,38 @@
DOCKER_PREFIX: outline DOCKER_PREFIX: outline
IMAGE_PREFIX: outline IMAGE_PREFIX: outline
CONTAINER_PREFIX: outline CONTAINER_PREFIX: outline
WEB_SERVER_PORT: '127.0.0.1:{{ outline_port }}' WEB_SERVER_PORT: "127.0.0.1:{{ outline_port }}"
USER_UID: '{{ uc_result.uid }}' USER_UID: "{{ uc_result.uid }}"
USER_GID: '{{ uc_result.group }}' USER_GID: "{{ uc_result.group }}"
# Postgres # Postgres
POSTGRES_USER: '{{ outline.postgres_user }}' POSTGRES_USER: "{{ outline.postgres_user }}"
POSTGRES_PASSWORD: '{{ outline.postgres_password }}' POSTGRES_PASSWORD: "{{ outline.postgres_password }}"
POSTGRES_DB: 'outline' POSTGRES_DB: "outline"
# See sample https://github.com/outline/outline/blob/main/.env.sample # See sample https://github.com/outline/outline/blob/main/.env.sample
NODE_ENV: 'production' NODE_ENV: "production"
SECRET_KEY: '{{ outline.secret_key }}' SECRET_KEY: "{{ outline.secret_key }}"
UTILS_SECRET: '{{ outline.utils_secret }}' UTILS_SECRET: "{{ outline.utils_secret }}"
DATABASE_URL: 'postgres://{{ outline.postgres_user }}:{{ outline.postgres_password }}@postgres:5432/outline' DATABASE_URL: "postgres://{{ outline.postgres_user }}:{{ outline.postgres_password }}@postgres:5432/outline"
PGSSLMODE: 'disable' PGSSLMODE: "disable"
REDIS_URL: 'redis://redis:6379' REDIS_URL: "redis://redis:6379"
URL: 'https://outline.vakhrushev.me' URL: "https://outline.vakhrushev.me"
FILE_STORAGE: 's3' FILE_STORAGE: "s3"
AWS_ACCESS_KEY_ID: '{{ outline.s3_access_key }}' AWS_ACCESS_KEY_ID: "{{ outline.s3_access_key }}"
AWS_SECRET_ACCESS_KEY: '{{ outline.s3_secret_key }}' AWS_SECRET_ACCESS_KEY: "{{ outline.s3_secret_key }}"
AWS_REGION: 'ru-central1' AWS_REGION: "ru-central1"
AWS_S3_ACCELERATE_URL: '' AWS_S3_ACCELERATE_URL: ""
AWS_S3_UPLOAD_BUCKET_URL: 'https://storage.yandexcloud.net' AWS_S3_UPLOAD_BUCKET_URL: "https://storage.yandexcloud.net"
AWS_S3_UPLOAD_BUCKET_NAME: 'av-outline-wiki' AWS_S3_UPLOAD_BUCKET_NAME: "av-outline-wiki"
AWS_S3_FORCE_PATH_STYLE: 'true' AWS_S3_FORCE_PATH_STYLE: "true"
AWS_S3_ACL: 'private' AWS_S3_ACL: "private"
OIDC_CLIENT_ID: '{{ outline.oidc_client_id }}' OIDC_CLIENT_ID: "{{ outline.oidc_client_id }}"
OIDC_CLIENT_SECRET: '{{ outline.oidc_client_secret }}' OIDC_CLIENT_SECRET: "{{ outline.oidc_client_secret }}"
OIDC_AUTH_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/auth' OIDC_AUTH_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/auth"
OIDC_TOKEN_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/token' OIDC_TOKEN_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/token"
OIDC_USERINFO_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/userinfo' OIDC_USERINFO_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/userinfo"
OIDC_LOGOUT_URI: 'https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/logout' OIDC_LOGOUT_URI: "https://kk.vakhrushev.me/realms/outline/protocol/openid-connect/logout"
OIDC_USERNAME_CLAIM: 'email' OIDC_USERNAME_CLAIM: "email"
OIDC_DISPLAY_NAME: 'KK' OIDC_DISPLAY_NAME: "KK"
tags: tags:
- apps - apps

13
playbook-docker.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Configure docker parameters' - name: "Configure docker parameters"
hosts: all hosts: all
vars_files: vars_files:
@ -7,16 +7,15 @@
- vars/vars.yml - vars/vars.yml
tasks: tasks:
- name: "Install python docker lib from pip"
- name: 'Install python docker lib from pip'
ansible.builtin.pip: ansible.builtin.pip:
name: docker name: docker
- name: 'Install docker' - name: "Install docker"
ansible.builtin.import_role: ansible.builtin.import_role:
name: geerlingguy.docker name: geerlingguy.docker
vars: vars:
docker_edition: 'ce' docker_edition: "ce"
docker_packages: docker_packages:
- "docker-{{ docker_edition }}" - "docker-{{ docker_edition }}"
- "docker-{{ docker_edition }}-cli" - "docker-{{ docker_edition }}-cli"
@ -24,6 +23,6 @@
docker_users: docker_users:
- major - major
- name: 'Login to yandex docker registry.' - name: "Login to yandex docker registry."
ansible.builtin.script: ansible.builtin.script:
cmd: 'files/yandex-docker-registry-auth.sh' cmd: "files/yandex-docker-registry-auth.sh"

31
playbook-eget.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Install eget' - name: "Install eget"
hosts: all hosts: all
vars_files: vars_files:
@ -9,39 +9,38 @@
# See: https://github.com/zyedidia/eget/releases # See: https://github.com/zyedidia/eget/releases
vars: vars:
eget_install_dir: '{{ bin_prefix }}' eget_install_dir: "{{ bin_prefix }}"
eget_bin_path: '{{ (eget_install_dir, "eget") | path_join }}' eget_bin_path: '{{ (eget_install_dir, "eget") | path_join }}'
tasks: tasks:
- name: "Install eget"
- name: 'Install eget'
ansible.builtin.import_role: ansible.builtin.import_role:
name: eget name: eget
vars: vars:
eget_version: '1.3.4' eget_version: "1.3.4"
eget_install_path: '{{ eget_bin_path }}' eget_install_path: "{{ eget_bin_path }}"
- name: 'Install rclone' - name: "Install rclone"
ansible.builtin.command: ansible.builtin.command:
cmd: '{{ eget_bin_path }} rclone/rclone --quiet --upgrade-only --to {{ eget_install_dir }} --asset zip --tag v1.69.2' cmd: "{{ eget_bin_path }} rclone/rclone --quiet --upgrade-only --to {{ eget_install_dir }} --asset zip --tag v1.69.2"
changed_when: false changed_when: false
- name: 'Install btop' - name: "Install btop"
ansible.builtin.command: ansible.builtin.command:
cmd: '{{ eget_bin_path }} aristocratos/btop --quiet --upgrade-only --to {{ eget_install_dir }} --tag v1.4.2' cmd: "{{ eget_bin_path }} aristocratos/btop --quiet --upgrade-only --to {{ eget_install_dir }} --tag v1.4.2"
changed_when: false changed_when: false
- name: 'Install restic' - name: "Install restic"
ansible.builtin.command: ansible.builtin.command:
cmd: '{{ eget_bin_path }} restic/restic --quiet --upgrade-only --to {{ eget_install_dir }} --tag v0.18.0' cmd: "{{ eget_bin_path }} restic/restic --quiet --upgrade-only --to {{ eget_install_dir }} --tag v0.18.0"
changed_when: false changed_when: false
- name: 'Install gobackup' - name: "Install gobackup"
ansible.builtin.command: ansible.builtin.command:
cmd: '{{ eget_bin_path }} gobackup/gobackup --quiet --upgrade-only --to {{ eget_install_dir }} --tag v2.14.0' cmd: "{{ eget_bin_path }} gobackup/gobackup --quiet --upgrade-only --to {{ eget_install_dir }} --tag v2.14.0"
changed_when: false changed_when: false
- name: 'Install task' - name: "Install task"
ansible.builtin.command: ansible.builtin.command:
cmd: '{{ eget_bin_path }} go-task/task --quiet --upgrade-only --to {{ eget_install_dir }} --asset tar.gz --tag v3.43.3' cmd: "{{ eget_bin_path }} go-task/task --quiet --upgrade-only --to {{ eget_install_dir }} --asset tar.gz --tag v3.43.3"
changed_when: false changed_when: false

55
playbook-gitea.yml Normal file
View File

@ -0,0 +1,55 @@
---
- name: "Configure gitea application"
hosts: all
vars_files:
- vars/ports.yml
- vars/vars.yml
vars:
app_name: "gitea"
app_user: "{{ app_name }}"
base_dir: "/home/{{ app_name }}"
tasks:
- name: "Create user and environment"
ansible.builtin.import_role:
name: owner
vars:
owner_name: "{{ app_user }}"
owner_extra_groups:
- "docker"
owner_ssh_keys:
- "{{ lookup('file', 'files/av_id_rsa.pub') }}"
owner_env:
PROJECT_NAME: "{{ app_name }}"
DOCKER_PREFIX: "{{ app_name }}"
IMAGE_PREFIX: "{{ app_name }}"
CONTAINER_PREFIX: "{{ app_name }}"
WEB_SERVER_PORT: "127.0.0.1:{{ gitea_port }}"
USER_UID: "{{ user_create_result.uid }}"
USER_GID: "{{ user_create_result.group }}"
- name: "Create internal application directories"
ansible.builtin.file:
path: "{{ item }}"
state: "directory"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0775"
loop:
- "{{ (base_dir, 'data') | path_join }}"
- name: "Copy docker compose file"
ansible.builtin.template:
src: "./files/{{ app_name }}/docker-compose.yml.j2"
dest: "{{ base_dir }}/docker-compose.yml"
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: "0644"
- name: "Run application with docker compose"
community.docker.docker_compose_v2:
project_src: "{{ base_dir }}"
state: "present"
remove_orphans: true

39
playbook-gramps.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Configure gramps application' - name: "Configure gramps application"
hosts: all hosts: all
vars_files: vars_files:
@ -7,32 +7,31 @@
- vars/vars.yml - vars/vars.yml
vars: vars:
app_name: 'gramps' app_name: "gramps"
base_dir: '/home/{{ primary_user }}/applications/{{ app_name }}/' base_dir: "/home/{{ primary_user }}/applications/{{ app_name }}/"
tasks: tasks:
- name: "Create application directories"
- name: 'Create application directories'
ansible.builtin.file: ansible.builtin.file:
path: '{{ item }}' path: "{{ item }}"
state: 'directory' state: "directory"
owner: '{{ primary_user }}' owner: "{{ primary_user }}"
group: '{{ primary_user }}' group: "{{ primary_user }}"
mode: '0755' mode: "0755"
loop: loop:
- '{{ base_dir }}' - "{{ base_dir }}"
- '{{ (base_dir, "data") | path_join }}' - '{{ (base_dir, "data") | path_join }}'
- name: 'Copy docker compose file' - name: "Copy docker compose file"
ansible.builtin.template: ansible.builtin.template:
src: './files/{{ app_name }}/docker-compose.yml.j2' src: "./files/{{ app_name }}/docker-compose.yml.j2"
dest: '{{ base_dir }}/docker-compose.yml' dest: "{{ base_dir }}/docker-compose.yml"
owner: '{{ primary_user }}' owner: "{{ primary_user }}"
group: '{{ primary_user }}' group: "{{ primary_user }}"
mode: '0644' mode: "0644"
- name: 'Run application with docker compose' - name: "Run application with docker compose"
community.docker.docker_compose_v2: community.docker.docker_compose_v2:
project_src: '{{ base_dir }}' project_src: "{{ base_dir }}"
state: 'present' state: "present"
remove_orphans: true remove_orphans: true

8
playbook-netdata.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Install Netdata monitoring service' - name: "Install Netdata monitoring service"
hosts: all hosts: all
vars_files: vars_files:
@ -7,11 +7,11 @@
- vars/vars.yml - vars/vars.yml
tasks: tasks:
- name: 'Install Netdata from role' - name: "Install Netdata from role"
ansible.builtin.import_role: ansible.builtin.import_role:
name: netdata name: netdata
vars: vars:
netdata_version: 'v2.4.0' netdata_version: "v2.4.0"
netdata_exposed_port: '{{ netdata_port }}' netdata_exposed_port: "{{ netdata_port }}"
tags: tags:
- monitoring - monitoring

12
playbook-remove-user-and-app.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Update and upgrade system packages' - name: "Update and upgrade system packages"
hosts: all hosts: all
vars_files: vars_files:
@ -7,21 +7,21 @@
- vars/vars.yml - vars/vars.yml
vars: vars:
user_name: '<put-name-here>' user_name: "<put-name-here>"
tasks: tasks:
- name: 'Remove user "{{ user_name }}"' - name: 'Remove user "{{ user_name }}"'
ansible.builtin.user: ansible.builtin.user:
name: '{{ user_name }}' name: "{{ user_name }}"
state: absent state: absent
remove: true remove: true
- name: 'Remove group "{{ user_name }}"' - name: 'Remove group "{{ user_name }}"'
ansible.builtin.group: ansible.builtin.group:
name: '{{ user_name }}' name: "{{ user_name }}"
state: absent state: absent
- name: 'Remove web dir' - name: "Remove web dir"
ansible.builtin.file: ansible.builtin.file:
path: '/var/www/{{ user_name }}' path: "/var/www/{{ user_name }}"
state: absent state: absent

11
playbook-system.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Configure base system parameters' - name: "Configure base system parameters"
hosts: all hosts: all
vars_files: vars_files:
@ -20,13 +20,12 @@
- tree - tree
tasks: tasks:
- name: "Install additional apt packages"
- name: 'Install additional apt packages'
ansible.builtin.apt: ansible.builtin.apt:
name: '{{ apt_packages }}' name: "{{ apt_packages }}"
update_cache: true update_cache: true
- name: 'Configure timezone' - name: "Configure timezone"
ansible.builtin.import_role: ansible.builtin.import_role:
name: yatesr.timezone name: yatesr.timezone
vars: vars:
@ -34,7 +33,7 @@
tags: tags:
- skip_ansible_lint - skip_ansible_lint
- name: 'Configure security settings' - name: "Configure security settings"
ansible.builtin.import_role: ansible.builtin.import_role:
name: geerlingguy.security name: geerlingguy.security
vars: vars:

4
playbook-upgrade.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: 'Update and upgrade system packages' - name: "Update and upgrade system packages"
hosts: all hosts: all
vars_files: vars_files:
@ -9,7 +9,7 @@
tasks: tasks:
- name: Perform an upgrade of packages - name: Perform an upgrade of packages
ansible.builtin.apt: ansible.builtin.apt:
upgrade: 'yes' upgrade: "yes"
update_cache: true update_cache: true
- name: Check if a reboot is required - name: Check if a reboot is required

5
roles/owner/defaults/main.yml
View File

@ -1,5 +1,6 @@
--- ---
owner_name: '' owner_name: ""
owner_group: '{{ owner_name }}' owner_group: "{{ owner_name }}"
owner_extra_groups: []
owner_ssh_keys: [] owner_ssh_keys: []
owner_env: {} owner_env: {}

68
roles/owner/tasks/main.yml
View File

@ -1,60 +1,52 @@
--- ---
- name: 'Check app requirements for user "{{ owner_name }}".' - name: 'Check app requirements for user "{{ owner_name }}".'
fail: ansible.builtin.fail:
msg: You must set owner name. msg: You must set owner name.
when: not owner_name when: not owner_name
- name: 'Create group "{{ owner_group }}".' - name: 'Create group "{{ owner_group }}".'
group: ansible.builtin.group:
name: '{{ owner_group }}' name: "{{ owner_group }}"
state: present state: present
- name: 'Create user "{{ owner_name }}".' - name: 'Create user "{{ owner_name }}".'
user: ansible.builtin.user:
name: '{{ owner_name }}' name: "{{ owner_name }}"
group: '{{ owner_group }}' group: "{{ owner_group }}"
groups: '{{ owner_extra_groups }}' groups: "{{ owner_extra_groups }}"
shell: /bin/bash shell: /bin/bash
register: uc_result register: user_create_result
- name: 'Set up user ssh keys for user "{{ owner_name }}".' - name: 'Set up user ssh keys for user "{{ owner_name }}".'
authorized_key: ansible.posix.authorized_key:
user: '{{ owner_name }}' user: "{{ owner_name }}"
key: '{{ item }}' key: "{{ item }}"
state: present state: present
with_items: '{{ owner_ssh_keys }}' with_items: "{{ owner_ssh_keys }}"
when: owner_ssh_keys | length > 0 when: owner_ssh_keys | length > 0
- name: 'Prepare env variables.' - name: "Prepare env variables."
set_fact: ansible.builtin.set_fact:
env_dict: '{{ owner_env | combine({ env_dict: '{{ owner_env | combine({ "CURRENT_UID": user_create_result.uid | default(owner_name), "CURRENT_GID": user_create_result.group | default(owner_group)
"CURRENT_UID": uc_result.uid | default(owner_name), }) }}'
"CURRENT_GID": uc_result.group | default(owner_group) }) }}'
tags:
- env
- name: 'Set up environment variables for user "{{ owner_name }}".' - name: 'Set up environment variables for user "{{ owner_name }}".'
template: ansible.builtin.template:
src: env.j2 src: env.j2
dest: '/home/{{ owner_name }}/.env' dest: "/home/{{ owner_name }}/.env"
owner: '{{ owner_name }}' owner: "{{ owner_name }}"
group: '{{ owner_group }}' group: "{{ owner_group }}"
tags: mode: "0640"
- env
- name: 'Remove absent environment variables for user "{{ owner_name }}" from bashrc.' - name: 'Remove from bashrc absent environment variables for user "{{ owner_name }}".'
lineinfile: ansible.builtin.lineinfile:
path: '/home/{{ owner_name }}/.bashrc' path: "/home/{{ owner_name }}/.bashrc"
regexp: '^export {{ item.key }}=' regexp: "^export {{ item.key }}="
state: absent state: absent
with_dict: '{{ env_dict }}' with_dict: "{{ env_dict }}"
tags:
- env
- name: 'Include environment variables for user "{{ owner_name }}" in bashrc.' - name: 'Include in bashrc environment variables for user "{{ owner_name }}".'
lineinfile: ansible.builtin.lineinfile:
path: '/home/{{ owner_name }}/.bashrc' path: "/home/{{ owner_name }}/.bashrc"
regexp: '^export \$\(grep -v' regexp: "^export \\$\\(grep -v"
line: 'export $(grep -v "^#" "$HOME"/.env | xargs)' line: 'export $(grep -v "^#" "$HOME"/.env | xargs)'
tags:
- env