Introduce yamllint
This commit is contained in:
parent
2794486fef
commit
69c5bd067e
38
.yamllint
Normal file
38
.yamllint
Normal file
@ -0,0 +1,38 @@
|
||||
---
|
||||
|
||||
yaml-files:
|
||||
- '*.yaml'
|
||||
- '*.yml'
|
||||
- '.yamllint'
|
||||
|
||||
ignore: |
|
||||
vault.yml
|
||||
|
||||
rules:
|
||||
braces: enable
|
||||
brackets: enable
|
||||
colons: enable
|
||||
commas: enable
|
||||
comments:
|
||||
level: warning
|
||||
comments-indentation:
|
||||
level: warning
|
||||
document-end: disable
|
||||
document-start:
|
||||
level: warning
|
||||
empty-lines: enable
|
||||
empty-values: disable
|
||||
float-values: disable
|
||||
hyphens: enable
|
||||
indentation: enable
|
||||
key-duplicates: enable
|
||||
key-ordering: disable
|
||||
line-length:
|
||||
max: 100
|
||||
new-line-at-end-of-file: enable
|
||||
new-lines: enable
|
||||
octal-values: disable
|
||||
quoted-strings: disable
|
||||
trailing-spaces: enable
|
||||
truthy:
|
||||
level: warning
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# ansible
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# vpn:wireguard
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# network
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:base
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:mail
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:mail
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
# system:zfs
|
||||
# --------------------------------------------------------------------------------------------------
|
||||
|
2
makefile
2
makefile
@ -2,7 +2,7 @@ ansible-lint:
|
||||
@ansible-lint
|
||||
|
||||
ansible-syntax:
|
||||
@ansible --syntax-check main.yml -i production
|
||||
@ansible-playbook --syntax-check main.yml -i production
|
||||
|
||||
yamllint:
|
||||
@yamllint .
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "check if restic is installed"
|
||||
ansible.builtin.stat:
|
||||
path: "/usr/local/bin/restic"
|
||||
@ -7,7 +8,8 @@
|
||||
|
||||
- name: "download restic binary"
|
||||
ansible.builtin.get_url:
|
||||
url: "https://github.com/restic/restic/releases/download/v0.14.0/restic_0.14.0_linux_amd64.bz2"
|
||||
url: "\
|
||||
https://github.com/restic/restic/releases/download/v0.14.0/restic_0.14.0_linux_amd64.bz2"
|
||||
dest: "/usr/local/bin/restic.bz2"
|
||||
mode: 0644
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "install sanoid and syncoid"
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "{{ services_service_name }} : restic : create restic password file"
|
||||
ansible.builtin.template:
|
||||
src: "./restic/restic.password.j2"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "{{ services_service_name }} : snapshots : configure service sanoid snapshots"
|
||||
ansible.builtin.blockinfile:
|
||||
path: "/etc/sanoid/sanoid.conf"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "play:services : role:backups:{{ services_service_name }} : tasks:vars"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
|
@ -1 +1,2 @@
|
||||
---
|
||||
services_backups_user_data_dataset: "{{ services_data_dataset }}/{{ services_service_user_name }}"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "create root backup dataset"
|
||||
community.general.zfs:
|
||||
name: "{{ services_backups_snapshots_dataset }}"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "{{ services_service_name }} : set variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "create containers dataset"
|
||||
community.general.zfs:
|
||||
name: "rpool/var/lib/containers"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "{{ services_service_name }} : set variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
@ -13,7 +14,9 @@
|
||||
- name: "configure postgres password"
|
||||
ansible.builtin.template:
|
||||
src: "./postgres/database.password.j2"
|
||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/database.password"
|
||||
dest: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
|
||||
database.password"
|
||||
mode: 0600
|
||||
register: services_deploy_database_password_file
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
services_deploy_versions:
|
||||
rproxy:
|
||||
nginx: "stable"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
@ -16,7 +17,8 @@
|
||||
|
||||
- name: "create nginx conf.d"
|
||||
ansible.builtin.file:
|
||||
path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
|
||||
path: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
@ -55,9 +57,13 @@
|
||||
register: services_deploy_lrproxy_rsync_certificates_timer
|
||||
|
||||
- name: "generate diffie hellman ephemeral parameters"
|
||||
ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem 4096"
|
||||
ansible.builtin.command: >-
|
||||
openssl dhparam
|
||||
--out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
|
||||
4096
|
||||
args:
|
||||
creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
||||
creates: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
||||
register: services_deploy_lrproxy_dhparam
|
||||
|
||||
- name: "create the .ssh directory"
|
||||
@ -79,7 +85,11 @@
|
||||
user: "pod-rproxy"
|
||||
state: "present"
|
||||
key: "{{ services_deploy_lrproxy_keypair.public_key }}"
|
||||
key_options: "command=\"rsync --server --sender -avz . {{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/\",from=\"{{ vpn_wireguard_address }}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding"
|
||||
key_options: "\
|
||||
command=\"rsync --server --sender -avz . \
|
||||
{{ hostvars['valkyrie'].services_data_directory }}/pod-rproxy/etc-letsencrypt/\
|
||||
\",from=\"{{ vpn_wireguard_address }}\",\
|
||||
no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding"
|
||||
|
||||
- name: "enable the service"
|
||||
ansible.builtin.systemd:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
@ -16,7 +17,8 @@
|
||||
|
||||
- name: "create nginx conf.d"
|
||||
ansible.builtin.file:
|
||||
path: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
|
||||
path: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/nginx-conf.d"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
|
||||
@ -55,9 +57,13 @@
|
||||
register: services_deploy_rproxy_certbot_timer
|
||||
|
||||
- name: "generate diffie hellman ephemeral parameters"
|
||||
ansible.builtin.command: "openssl dhparam --out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem 4096"
|
||||
ansible.builtin.command: >-
|
||||
openssl dhparam
|
||||
--out /{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem
|
||||
4096
|
||||
args:
|
||||
creates: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
||||
creates: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
||||
register: services_deploy_rproxy_dhparam
|
||||
|
||||
- name: "enable the service"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
services_rproxy_nginx_add_hosts: "\
|
||||
{% set add_host_list = [] %}\
|
||||
{% for service in ( services_all_services | dict2items ) %}\
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "set the user variables"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
@ -17,7 +18,10 @@
|
||||
|
||||
- name: "install hugo"
|
||||
ansible.builtin.apt:
|
||||
deb: "https://github.com/gohugoio/hugo/releases/download/v{{ services_deploy_www_hugo_version }}/hugo_extended_{{ services_deploy_www_hugo_version }}_Linux-64bit.deb"
|
||||
deb: "\
|
||||
https://github.com/gohugoio/hugo/releases/download/\
|
||||
v{{ services_deploy_www_hugo_version }}/\
|
||||
hugo_extended_{{ services_deploy_www_hugo_version }}_Linux-64bit.deb"
|
||||
when:
|
||||
not services_deploy_www_hugo_path.stat.exists
|
||||
|
||||
@ -51,15 +55,22 @@
|
||||
|
||||
- name: "clone website repository"
|
||||
ansible.builtin.git:
|
||||
repo: "https://{{ services[services_service_name].repo_user }}:{{ services[services_service_name].repo_token }}@git.wojciechkozlowski.eu/wojtek/wojciechkozlowski.eu.git"
|
||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/wojciechkozlowski.eu"
|
||||
repo: "\
|
||||
https://{{ services[services_service_name].repo_user }}:\
|
||||
{{ services[services_service_name].repo_token }}@\
|
||||
git.wojciechkozlowski.eu/wojtek/wojciechkozlowski.eu.git"
|
||||
dest: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
|
||||
wojciechkozlowski.eu"
|
||||
recursive: true
|
||||
register: services_deploy_www_webiste_git
|
||||
|
||||
- name: "generate static page using hugo"
|
||||
ansible.builtin.command:
|
||||
cmd: "hugo"
|
||||
chdir: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/wojciechkozlowski.eu"
|
||||
chdir: "\
|
||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/\
|
||||
wojciechkozlowski.eu"
|
||||
when:
|
||||
services_deploy_www_webiste_git.changed
|
||||
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
daemon_reload:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "daemon_reload : loop over services"
|
||||
ansible.builtin.include_tasks: "daemon_reload/main.yml"
|
||||
loop: "{{ services_host_services }}"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "daemon_reload : {{ services_service_name }} : set variables"
|
||||
ansible.builtin.import_tasks: "../vars.yml"
|
||||
|
||||
|
@ -1,4 +1,6 @@
|
||||
---
|
||||
services_service_user_name: "pod-{{ services_service_name }}"
|
||||
services_service_user_home: "{{ services_home_directory }}/{{ services_service_user_name }}"
|
||||
services_service_user_data: "{{ services_data_directory }}/{{ services_service_user_name }}"
|
||||
services_service_user_containers: "{{ services_containers_directory }}/{{ services_service_user_name }}"
|
||||
services_service_user_containers: "\
|
||||
{{ services_containers_directory }}/{{ services_service_user_name }}"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
services_volumes:
|
||||
rproxy:
|
||||
etc-letsencrypt:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
dependencies:
|
||||
- role: "system/nftables"
|
||||
- role: "vpn/bridge"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "auto_update : pod-service update script"
|
||||
ansible.builtin.copy:
|
||||
src: "./auto_update/pod-service-auto-update"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "directories : create services directory"
|
||||
ansible.builtin.file:
|
||||
path: "{{ services_root_directory }}"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "nameserver : fetch valkyrie's resolv.conf"
|
||||
ansible.builtin.fetch:
|
||||
src: "/etc/resolv.conf"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "podman : install podman"
|
||||
ansible.builtin.apt:
|
||||
name: "podman"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "veth : configure connect-pod-service"
|
||||
ansible.builtin.copy:
|
||||
src: "./veth/connect-pod-service@.service"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "play:services : role:setup:system : tasks:podman"
|
||||
ansible.builtin.import_tasks: "include/podman.yml"
|
||||
tags: "services:setup:system:podman"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- block:
|
||||
|
||||
- name: "{{ services_service_name }} : auto_update : enable auto-update timer"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "{{ services_service_name }} : directories : create containers directory"
|
||||
ansible.builtin.file:
|
||||
path: "{{ services_service_user_containers }}"
|
||||
|
@ -1,4 +1,6 @@
|
||||
- name: "{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\""
|
||||
---
|
||||
- name: "\
|
||||
{{ services_service_name }} : directories : create volume \"{{ services_service_volume.key }}\""
|
||||
ansible.builtin.file:
|
||||
path: "{{ services_service_user_data }}/{{ services_service_volume.key }}"
|
||||
state: "directory"
|
||||
@ -6,12 +8,15 @@
|
||||
group: "{{ services_service_user_name }}"
|
||||
mode: 0755
|
||||
|
||||
- name: "{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" mount exists"
|
||||
- name: "\
|
||||
{{ services_service_name }} : directories : check if \"{{ services_service_volume.key }}\" \
|
||||
mount exists"
|
||||
ansible.builtin.stat:
|
||||
path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data"
|
||||
register: services_setup_user_volume_mount
|
||||
|
||||
- name: "{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
|
||||
- name: "\
|
||||
{{ services_service_name }} : directories : create \"{{ services_service_volume.key }}\" mount"
|
||||
ansible.builtin.file:
|
||||
path: "{{ services_service_user_data }}/{{ services_service_volume.key }}/_data"
|
||||
state: "directory"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- block:
|
||||
|
||||
- name: "{{ services_service_name }} : podman : create container configuration directory"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "{{ services_service_name }} : setup : create system user"
|
||||
ansible.builtin.user:
|
||||
name: "{{ services_service_user_name }}"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "{{ services_service_name }} : veth : configure interface"
|
||||
ansible.builtin.template:
|
||||
src: "./veth/interface.j2"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "play:services : role:setup:user:{{ services_service_name }} : tasks:vars"
|
||||
ansible.builtin.import_role:
|
||||
name: "services/include"
|
||||
|
@ -1,2 +1,3 @@
|
||||
---
|
||||
services_setup_user_shell:
|
||||
rproxy: "/usr/bin/rbash"
|
||||
|
@ -1 +1,2 @@
|
||||
---
|
||||
system_base_additional_ssh_users: []
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "fail2ban : install fail2ban"
|
||||
ansible.builtin.apt:
|
||||
name: "fail2ban"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "fstrim : enable fstrim.timer"
|
||||
ansible.builtin.systemd:
|
||||
name: "fstrim.timer"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "logs : install logcheck and logrotate"
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "motd : set motd"
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "ntp : install systemd-timesyncd"
|
||||
ansible.builtin.apt:
|
||||
name: "systemd-timesyncd"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "root : disable root shell"
|
||||
ansible.builtin.user:
|
||||
name: "root"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# SSH must be installed so we don't bother with installing it.
|
||||
|
||||
- name: "sshd : configure sshd"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "systemd_mail : systemd mail root script"
|
||||
ansible.builtin.template:
|
||||
src: "./systemd_mail/system/systemd-mail-systemctl-status.j2"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "unattended_upgrades : install unattended-upgrades"
|
||||
ansible.builtin.apt:
|
||||
name: "unattended-upgrades"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- block:
|
||||
|
||||
- name: "user : clone tmux dotfiles"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "utils : install utility programs"
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "play:system : role:base : tasks:sshd"
|
||||
ansible.builtin.import_tasks: "include/sshd.yml"
|
||||
tags: "system:base:sshd"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "configure mailname"
|
||||
ansible.builtin.template:
|
||||
src: "./mailname.j2"
|
||||
|
@ -1,2 +1,3 @@
|
||||
---
|
||||
system_base_additional_tcp_ports: []
|
||||
system_base_udp_ports: []
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "install nftables"
|
||||
ansible.builtin.apt:
|
||||
name: "nftables"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "install smartmontools"
|
||||
ansible.builtin.apt:
|
||||
name: "smartmontools"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "install acpupsd"
|
||||
ansible.builtin.apt:
|
||||
name: "apcupsd"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
system_zfs_zpools: []
|
||||
system_zfs_zpools_trim: []
|
||||
system_zfs_zpools_load_key: []
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "conf : configure zfs module via modprobe.d"
|
||||
ansible.builtin.copy:
|
||||
src: "./conf/zfs.conf"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "cron : remove the zfsutils cron job"
|
||||
ansible.builtin.file:
|
||||
state: "absent"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
# Run fstrim daily on ZFS. It's a no-op on ZFS filesystems, but it will run on zvols mounted via
|
||||
# fstab. Untrimmed zvol blocks occupy space in th ZFS pool. Therefore, this helps keep zvol space
|
||||
# requirements down if they are busy.
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "load_key : zfs load key service file"
|
||||
ansible.builtin.copy:
|
||||
src: "./load_key/zfs-load-key@.service"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "scrub : zpool status mail script"
|
||||
ansible.builtin.template:
|
||||
src: "./scrub/systemd-mail-zpool-status.j2"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "trim : zfs trim service file"
|
||||
ansible.builtin.copy:
|
||||
src: "./trim/zfs-trim@.service"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "play:system : role:zfs : tasks:conf"
|
||||
ansible.builtin.import_tasks: "include/conf.yml"
|
||||
tags: "system:zfs:conf"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "enable ipv4 forwarding"
|
||||
ansible.posix.sysctl:
|
||||
name: "net.ipv4.ip_forward"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "post-up nftables inet script"
|
||||
ansible.builtin.template:
|
||||
src: "./post-up-br0-inet.nft.j2"
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
argument_specs:
|
||||
main:
|
||||
options:
|
||||
|
@ -1,3 +1,4 @@
|
||||
---
|
||||
- name: "install wireguard"
|
||||
ansible.builtin.apt:
|
||||
name: "wireguard"
|
||||
|
Loading…
Reference in New Issue
Block a user