Combine playbooks

2022-09-22 22:51:43 +02:00 · 2022-09-22 22:51:43 +02:00 · 0686e1fc9a
commit 0686e1fc9a
parent 12cb7842e7
12 changed files with 24 additions and 43 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,2 @@
-secrets/common.yml
-secrets/valkyrie.yml
-secrets/yggdrasil.yml
+group_vars/**
+host_vars/**
--- a/filesystem/common/etc/mailname.j2
+++ b/filesystem/common/etc/mailname.j2
@ -1 +1 @@
-{{ hostname }}.{{ domain }}
+{{ ansible_hostname }}.{{ domain }}
--- a/filesystem/common/etc/mailutils.conf.j2
+++ b/filesystem/common/etc/mailutils.conf.j2
@ -1,3 +1,3 @@
 address {
-  email-domain {{ hostname }}.{{ domain }};
+  email-domain {{ ansible_hostname }}.{{ domain }};
 };
--- a/filesystem/common/etc/postfix/main.cf.j2
+++ b/filesystem/common/etc/postfix/main.cf.j2
@ -35,10 +35,10 @@ smtp_tls_wrappermode = yes


 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = {{ hostname }}.{{ domain }}
+myhostname = {{ ansible_hostname }}.{{ domain }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
-mydestination = $myhostname, {{ hostname }}, localhost
+mydestination = $myhostname, {{ ansible_hostname }}, localhost
 relayhost = [{{ postfix_smtp_server }}]:{{ postfix_smtp_port }}
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_size_limit = 0
--- a/filesystem/yggdrasil/usr/local/sbin/systemd-mail-systemctl-status.j2
+++ b/filesystem/yggdrasil/usr/local/sbin/systemd-mail-systemctl-status.j2
@ -3,7 +3,7 @@
 /usr/sbin/sendmail -t <<SYSTEMDMAIL
 To: root
 From: systemd <systemd>
-Subject: systemctl status $1 on {{ hostname }}
+Subject: systemctl status $1 on {{ ansible_hostname }}
 Content-Transfer-Encoding: 8bit
 Content-Type: text/plain; charset=UTF-8

--- a/filesystem/yggdrasil/usr/local/sbin/systemd-mail-zpool-status.j2
+++ b/filesystem/yggdrasil/usr/local/sbin/systemd-mail-zpool-status.j2
@ -3,7 +3,7 @@
 /usr/sbin/sendmail -t <<SYSTEMDMAIL
 To: root
 From: systemd <systemd>
-Subject: zpool status $1 on {{ hostname }}
+Subject: zpool status $1 on {{ ansible_hostname }}
 Content-Transfer-Encoding: 8bit
 Content-Type: text/plain; charset=UTF-8

--- a/1
+++ b/1
@ -1,2 +1,3 @@
+[the_nine_worlds]
 valkyrie
 yggdrasil
--- a/yggdrasil.yml
+++ b/yggdrasil.yml
@ -1,9 +1,5 @@
 ---
- hosts: yggdrasil
-
-  vars_files:
-    - secrets/common.yml
-    - secrets/yggdrasil.yml
+- hosts: the_nine_worlds

  tasks:
    - import_tasks: tasks/sshd.yml
@ -12,15 +8,19 @@
    - import_tasks: tasks/mail.yml
    - import_tasks: tasks/unattended-upgrades.yml
    - import_tasks: tasks/fail2ban.yml
-    - import_tasks: tasks/systemd-mail.yml
-    - import_tasks: tasks/zfs-scrub.yml
-    - import_tasks: tasks/zfs-trim.yml
    - import_tasks: tasks/fstrim.yml
-    - import_tasks: tasks/zfsutils-cron.yml
-    - import_tasks: tasks/ups.yml
-    - import_tasks: tasks/smart.yml
    - import_tasks: tasks/logs.yml
    - import_tasks: tasks/motd.yml
    - import_tasks: tasks/utils.yml
    - import_tasks: tasks/user.yml
    - import_tasks: tasks/root-shell.yml
+
+- hosts: yggdrasil
+
+  tasks:
+    - import_tasks: tasks/systemd-mail.yml
+    - import_tasks: tasks/zfs-scrub.yml
+    - import_tasks: tasks/zfs-trim.yml
+    - import_tasks: tasks/zfsutils-cron.yml
+    - import_tasks: tasks/ups.yml
+    - import_tasks: tasks/smart.yml
--- a/tasks/logs.yml
+++ b/tasks/logs.yml
@ -13,6 +13,6 @@
 - name: Configure logcheck ignores
  template:
    src: ./filesystem/common/etc/logcheck/ignore.d.server/hostname.j2
-    dest: /etc/logcheck/ignore.d.server/{{ hostname }}
+    dest: /etc/logcheck/ignore.d.server/{{ ansible_hostname }}
    group: logcheck
    mode: 0644
--- a/tasks/motd.yml
+++ b/tasks/motd.yml
@ -1,5 +1,5 @@
 - name: Set MotD
  copy:
-    src: ./filesystem/{{ hostname }}/etc/motd
+    src: ./filesystem/{{ ansible_hostname }}/etc/motd
    dest: /etc/motd
    mode: 0644
--- a/valkyrie.yml
+++ b/valkyrie.yml
@ -1,20 +0,0 @@
---
- hosts: valkyrie
-
-  vars_files:
-    - secrets/common.yml
-    - secrets/valkyrie.yml
-
-  tasks:
-    - import_tasks: tasks/sshd.yml
-    - import_tasks: tasks/firewall.yml
-    - import_tasks: tasks/ntp.yml
-    - import_tasks: tasks/mail.yml
-    - import_tasks: tasks/unattended-upgrades.yml
-    - import_tasks: tasks/fail2ban.yml
-    - import_tasks: tasks/fstrim.yml
-    - import_tasks: tasks/logs.yml
-    - import_tasks: tasks/motd.yml
-    - import_tasks: tasks/utils.yml
-    - import_tasks: tasks/user.yml
-    - import_tasks: tasks/root-shell.yml
--- a/secrets/template.yml
+++ b/secrets/template.yml
@ -1,3 +1,5 @@
+# Set the variables and move to group_vars/<group> and host_vars/<host> as required and encrypt.
+
 # Ansible variables
 ansible_port:
 ansible_become_password:
@ -6,7 +8,6 @@ ansible_become_password:
 ssh_user:

 # Machine variables
-hostname:
 domain:
 subnet_address:
 subnet_masklen: