rilla
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make linter happy

main
Ricard Illa 2022-09-04 17:25:14 +02:00
parent 3782a5420d
commit 9d5d211ac4
No known key found for this signature in database
GPG Key ID: F69A672B72E54902
17 changed files with 31 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
deploy.yml
View File

@ -1,6 +1,7 @@
---
- name: snitch deployment
hosts: snitch
become: yes
become: true
become_method: doas
roles:
- basic
@ -19,7 +20,7 @@
- name: caladan deployment
hosts: caladan
become: yes
become: true
become_method: doas
roles:
- basic
@ -35,7 +36,7 @@
- name: narwhal deployment
hosts: narwhal
become: yes
become: true
become_method: sudo
roles:
- basic

1
hosts.yml
View File

@ -1,3 +1,4 @@
---
all:
hosts:

1
roles/basic/tasks/main.yml
View File

@ -1,3 +1,4 @@
---
- name: install python3
apk:
name: python3

3
roles/sshd/tasks/alpine.yml
View File

@ -1,3 +1,4 @@
---
- name: install openssh
apk:
name: openssh
@ -5,5 +6,5 @@
- name: enable sshd service
service:
name: sshd
enabled: yes
enabled: true
state: started

1
roles/sshd/tasks/certs.yml
View File

@ -1,3 +1,4 @@
---
- name: ssh_host_ed25519_key-cert.pub
copy:
src: "host_files/{{ ansible_hostname }}/ssh_host_ed25519_key-cert.pub"

1
roles/sshd/tasks/main.yml
View File

@ -1,3 +1,4 @@
---
- name: set sshd config
template:
src: sshd_config.j2

5
roles/tinyproxy/tasks/main.yml
View File

@ -2,6 +2,7 @@
# * curl icanhazip.com
# * http_proxy=caladan:8888 curl icanhazip.com
---
- name: install tinyproxy
apk:
name: tinyproxy
@ -19,7 +20,7 @@
service:
name: tinyproxy
state: started
enabled: yes
enabled: true
when: ansible_distribution == "Alpine"
- name: set awall firewall rule
@ -35,5 +36,5 @@
awall:
name: tinyproxy
state: enabled
activate: yes
activate: true
when: ansible_distribution == "Alpine"

1
roles/users/meta/main.yml
View File

@ -1,2 +1,3 @@
---
dependencies:
- role: wheel

3
roles/users/tasks/ansible.yml
View File

@ -1,3 +1,4 @@
---
- name: create group 'ansible'
group:
name: ansible
@ -12,7 +13,7 @@
password: "*" # disabled password but can be accessed with SSH
groups:
- wheel
append: yes
append: true
- name: make sure ansible owns its home
file:

1
roles/users/tasks/main.yml
View File

@ -1,3 +1,4 @@
---
- name: create group 'deploy'
group:
name: deploy

5
roles/users/tasks/rilla.yml
View File

@ -1,3 +1,4 @@
---
- name: create group 'rilla'
group:
name: rilla
@ -12,13 +13,13 @@
groups:
- deploy
- wheel
append: yes
append: true
- name: additional groups to rilla
user:
name: rilla
groups: "{{item}}"
append: yes
append: true
when: item in ansible_facts.getent_group
with_items:
- docker

5
roles/users/tasks/woodpecker.yml
View File

@ -1,3 +1,4 @@
---
- name: create group 'woodpecker'
group:
name: woodpecker
@ -12,13 +13,13 @@
password: "*" # disabled password but can be accessed with SSH
groups:
- deploy
append: yes
append: true
- name: additional groups to woodpecker
user:
name: woodpecker
groups: "{{item}}"
append: yes
append: true
when: item in ansible_facts.getent_group
with_items:
- docker

1
roles/wheel/tasks/alpine.yml
View File

@ -1,3 +1,4 @@
---
- name: install doas
apk:
name: doas

1
roles/wheel/tasks/main.yml
View File

@ -1,3 +1,4 @@
---
- name: create 'wheel' group
group:
name: wheel

1
roles/wheel/tasks/sudo.yml
View File

@ -1,3 +1,4 @@
---
- name: install sudo
apt:
name: sudo

7
roles/wifi/tasks/main.yml
View File

@ -1,3 +1,4 @@
---
- name: install wpa-supplicant (alpine)
apk:
name: wpa_supplicant
@ -21,7 +22,7 @@
service:
name: wpa_supplicant
state: started
enabled: yes
enabled: true
runlevel: boot
when: ansible_distribution == "Alpine"
@ -29,7 +30,7 @@
service:
name: networking
state: started
enabled: yes
enabled: true
runlevel: boot
when: ansible_distribution == "Alpine"
@ -45,6 +46,6 @@
service:
name: wpa_cli
state: started
enabled: yes
enabled: true
runlevel: boot
when: ansible_distribution == "Alpine"

1
roles/wifi/vars/main.yml
View File

@ -1,3 +1,4 @@
---
wifi_ssid: CocoPeach
wifi_psk: !vault |