alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

Compare commits

base: alanorth:d261f81642afe9a5e026e97ea82d18ba066a8ead
Branches Tags
alanorth:master alanorth:debian13 alanorth:alpine
..
compare: alanorth:0fd05d496ebd4e62d15851284bf2b7bf96929d22
Branches Tags
alanorth:debian13 alanorth:master alanorth:alpine

6 Commits
d261f81642 ... 0fd05d496e

Author SHA1 Message Date
Alan Orth
0fd05d496e roles/nginx: Set mode of downloaded acme.sh 2021-09-07 17:10:35 +03:00
Alan Orth
023a0d48ba roles/nginx: Remove old comment 2021-09-07 17:07:53 +03:00
Alan Orth
c687b7a91a roles/nginx: Run Let's Encrypt on Debian 11 too 2021-09-07 17:07:33 +03:00
Alan Orth
bd4ae36bb6 roles/mariadb: use socket for all operations 
Otherwise Ansible will try to connect with host 'localhost', which
we do not use (and we have disabled name resolution anyways).
 2021-09-07 16:48:15 +03:00
Alan Orth
b60637c7d9 roles/mariadb: Update comments for Ansible module 2021-09-07 16:47:47 +03:00
Alan Orth
479127a5e4 roles/common: Fix nftables handler in Debian firewall 
We used to use reload, but now the idempotent thing to do is to use
restart instead of reload.
 2021-09-07 15:43:33 +03:00
4 changed files with 9 additions and 8 deletions
Expand all files Collapse all files

4
roles/common/tasks/firewall_Debian.yml
View File

@@ -28,7 +28,7 @@
when: ansible_distribution_major_version is version('11', '>=') when: ansible_distribution_major_version is version('11', '>=')
template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644 template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
notify: notify:
- reload nftables - restart nftables
- name: Create /etc/nftables extra config directory - name: Create /etc/nftables extra config directory
when: ansible_distribution_major_version is version('11', '>=') when: ansible_distribution_major_version is version('11', '>=')
@@ -44,7 +44,7 @@
- abuseipdb-ipv4.nft - abuseipdb-ipv4.nft
- abuseipdb-ipv6.nft - abuseipdb-ipv6.nft
notify: notify:
- reload nftables - restart nftables
- name: Use iptables backend in firewalld - name: Use iptables backend in firewalld
when: ansible_distribution_major_version is version('10', '==') when: ansible_distribution_major_version is version('10', '==')

8
roles/mariadb/tasks/main.yml
View File

@@ -29,8 +29,7 @@
- restart mariadb - restart mariadb
tags: mariadb tags: mariadb
# 'localhost' needs to be the last item for idempotency, see # See: https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_user_module.html
# https://docs.ansible.com/ansible/latest/mysql_user_module.html
- name: Update MariaDB root password for all root accounts - name: Update MariaDB root password for all root accounts
mysql_user: name=root host={{ item }} password={{ mariadb_root_password }} login_unix_socket={{ mariadb_login_unix_socket }} mysql_user: name=root host={{ item }} password={{ mariadb_root_password }} login_unix_socket={{ mariadb_login_unix_socket }}
loop: loop:
@@ -42,14 +41,15 @@
template: src=.my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600 template: src=.my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600
tags: mariadb tags: mariadb
# See: https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_db_module.html
- name: Create MariaDB database(s) - name: Create MariaDB database(s)
mysql_db: db={{ item.name }} state=present encoding=utf8mb4 mysql_db: db={{ item.name }} state=present encoding=utf8mb4 login_unix_socket={{ mariadb_login_unix_socket }}
loop: "{{ mariadb_databases }}" loop: "{{ mariadb_databases }}"
when: mariadb_databases is defined when: mariadb_databases is defined
tags: mariadb tags: mariadb
- name: Create MariaDB user(s) - name: Create MariaDB user(s)
mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL host=127.0.0.1 state=present mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL host=127.0.0.1 state=present login_unix_socket={{ mariadb_login_unix_socket }}
loop: "{{ mariadb_databases }}" loop: "{{ mariadb_databases }}"
when: mariadb_databases is defined when: mariadb_databases is defined
tags: mariadb tags: mariadb

4
roles/nginx/tasks/letsencrypt.yml
View File

@@ -20,6 +20,7 @@
get_url: get_url:
url: https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh url: https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh
dest: "{{ letsencrypt_acme_script }}" dest: "{{ letsencrypt_acme_script }}"
mode: 0700
- name: Prepare Let's Encrypt well-known directory - name: Prepare Let's Encrypt well-known directory
file: file:
@@ -53,7 +54,8 @@
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==') when: (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '=='))
or (ansible_distribution == 'Debian' and ansible_distribution_version is version('11', '=='))
tags: letsencrypt tags: letsencrypt
# vim: set ts=2 sw=2: # vim: set ts=2 sw=2:

1
roles/nginx/tasks/main.yml
View File

@@ -78,7 +78,6 @@
- name: Configure Let's Encrypt - name: Configure Let's Encrypt
include_tasks: letsencrypt.yml include_tasks: letsencrypt.yml
#when: use_letsencrypt is defined and use_letsencrypt
tags: letsencrypt tags: letsencrypt
# vim: set ts=2 sw=2: # vim: set ts=2 sw=2: