roles/common: remove sudoers.d

We are not using this.
roles: remove tests for Debian
2025-09-21 23:09:40 +03:00 · 2025-09-21 22:20:31 +03:00 · 2025-09-21 22:19:00 +03:00
6 changed files with 8 additions and 9 deletions
--- a/roles/caddy/templates/etc/caddy/conf.d/vhost.j2
+++ b/roles/caddy/templates/etc/caddy/conf.d/vhost.j2
@@ -36,7 +36,7 @@
    {% elif has_wordpress -%}
    root * {{ document_root }}
    encode
-    {%   if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('12', '==') -%}
+    {%   if ansible_distribution_major_version is version('12', '==') -%}
    php_fastcgi unix//run/php/php8.2-fpm-{{ domain_name }}.sock
    {%   endif -%}
    file_server
--- a/roles/common/files/etc/sudoers.d/provisioning
+++ b/roles/common/files/etc/sudoers.d/provisioning
@@ -1 +0,0 @@
 provisioning   ALL=(ALL)  ALL
--- a/roles/common/tasks/fail2ban.yml
+++ b/roles/common/tasks/fail2ban.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install fail2ban
-  when: ansible_distribution_major_version is version('11', '>=')
+  when: ansible_distribution_version is version('11', '>=')
  ansible.builtin.apt:
    name:
      - fail2ban
--- a/roles/common/tasks/firewall.yml
+++ b/roles/common/tasks/firewall.yml
@@ -2,14 +2,14 @@
 # Debian 11+ will use nftables directly, with no firewalld.
 - name: Install Debian firewall packages
-  when: ansible_distribution_major_version is version('11', '>=')
+  when: ansible_distribution_version is version('11', '>=')
  ansible.builtin.apt:
    name: nftables
    state: present
    cache_valid_time: 3600
 - name: Remove iptables on newer Debian
-  when: ansible_distribution_major_version is version('11', '>=')
+  when: ansible_distribution_version is version('11', '>=')
  ansible.builtin.apt:
    pkg: iptables
    state: absent
@@ -19,7 +19,7 @@
  ansible.builtin.include_tasks: nftables.yml
 - name: Configure fail2ban
-  when: ansible_distribution_major_version is version('9', '>=')
+  when: ansible_distribution_version is version('9', '>=')
  ansible.builtin.include_tasks: fail2ban.yml
 # vim: set sw=2 ts=2:
--- a/roles/common/templates/etc/systemd/system/fail2ban.service.d/override.conf.j2
+++ b/roles/common/templates/etc/systemd/system/fail2ban.service.d/override.conf.j2
@@ -6,14 +6,14 @@ PartOf=nftables.service
 PrivateDevices=yes
 PrivateTmp=yes
 ProtectHome=read-only
-{% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11','>=') %}
+{% if ansible_distribution_version is version('11','>=') %}
 ProtectSystem=strict
 {% else %}
 {# Older systemd versions don't have ProtectSystem=strict #}
 ProtectSystem=full
 {% endif %}
 NoNewPrivileges=yes
-{% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11','>=') %}
+{% if ansible_distribution_version is version('11','>=') %}
 ReadWritePaths=-/var/run/fail2ban
 ReadWritePaths=-/var/lib/fail2ban
 ReadWritePaths=-/var/log/fail2ban.log
--- a/roles/nginx/templates/vhost.conf.j2
+++ b/roles/nginx/templates/vhost.conf.j2
@@ -77,7 +77,7 @@ server {
        # See: https://httpoxy.org/
        fastcgi_param HTTP_PROXY "";
-        {% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('12', '==') %}
+        {% if ansible_distribution_major_version is version('12', '==') %}
        fastcgi_pass unix:/run/php/php8.2-fpm-{{ domain_name }}.sock;
        {% endif %}
        fastcgi_index index.php;
Author	SHA1	Message	Date
Alan Orth	0db7911b70	roles/common: remove sudoers.d We are not using this.	2025-09-21 23:09:40 +03:00
Alan Orth	ee4c62e5f9	roles: remove tests for Debian We only run on Debian now.	2025-09-21 22:20:31 +03:00
Alan Orth	a315db8a7c	roles/common: use ansible_distribution_version In most cases it is enough to use the full version (ie 12.12) since we use Ansible's version comparison function. We rarely need to use the major version (ie 12) directly.	2025-09-21 22:19:00 +03:00