Compare commits

..

6 Commits

Author SHA1 Message Date
0fd05d496e
roles/nginx: Set mode of downloaded acme.sh 2021-09-07 17:10:35 +03:00
023a0d48ba
roles/nginx: Remove old comment 2021-09-07 17:07:53 +03:00
c687b7a91a
roles/nginx: Run Let's Encrypt on Debian 11 too 2021-09-07 17:07:33 +03:00
bd4ae36bb6
roles/mariadb: use socket for all operations
Otherwise Ansible will try to connect with host 'localhost', which
we do not use (and we have disabled name resolution anyways).
2021-09-07 16:48:15 +03:00
b60637c7d9
roles/mariadb: Update comments for Ansible module 2021-09-07 16:47:47 +03:00
479127a5e4
roles/common: Fix nftables handler in Debian firewall
We used to use reload, but now the idempotent thing to do is to use
restart instead of reload.
2021-09-07 15:43:33 +03:00
4 changed files with 9 additions and 8 deletions

View File

@ -28,7 +28,7 @@
when: ansible_distribution_major_version is version('11', '>=')
template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
notify:
- reload nftables
- restart nftables
- name: Create /etc/nftables extra config directory
when: ansible_distribution_major_version is version('11', '>=')
@ -44,7 +44,7 @@
- abuseipdb-ipv4.nft
- abuseipdb-ipv6.nft
notify:
- reload nftables
- restart nftables
- name: Use iptables backend in firewalld
when: ansible_distribution_major_version is version('10', '==')

View File

@ -29,8 +29,7 @@
- restart mariadb
tags: mariadb
# 'localhost' needs to be the last item for idempotency, see
# https://docs.ansible.com/ansible/latest/mysql_user_module.html
# See: https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_user_module.html
- name: Update MariaDB root password for all root accounts
mysql_user: name=root host={{ item }} password={{ mariadb_root_password }} login_unix_socket={{ mariadb_login_unix_socket }}
loop:
@ -42,14 +41,15 @@
template: src=.my.cnf.j2 dest=/root/.my.cnf owner=root mode=0600
tags: mariadb
# See: https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_db_module.html
- name: Create MariaDB database(s)
mysql_db: db={{ item.name }} state=present encoding=utf8mb4
mysql_db: db={{ item.name }} state=present encoding=utf8mb4 login_unix_socket={{ mariadb_login_unix_socket }}
loop: "{{ mariadb_databases }}"
when: mariadb_databases is defined
tags: mariadb
- name: Create MariaDB user(s)
mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL host=127.0.0.1 state=present
mysql_user: name={{ item.user }} password={{ item.pass }} priv={{ item.name }}.*:ALL host=127.0.0.1 state=present login_unix_socket={{ mariadb_login_unix_socket }}
loop: "{{ mariadb_databases }}"
when: mariadb_databases is defined
tags: mariadb

View File

@ -20,6 +20,7 @@
get_url:
url: https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh
dest: "{{ letsencrypt_acme_script }}"
mode: 0700
- name: Prepare Let's Encrypt well-known directory
file:
@ -53,7 +54,8 @@
enabled: yes
daemon_reload: yes
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')
when: (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '=='))
or (ansible_distribution == 'Debian' and ansible_distribution_version is version('11', '=='))
tags: letsencrypt
# vim: set ts=2 sw=2:

View File

@ -78,7 +78,6 @@
- name: Configure Let's Encrypt
include_tasks: letsencrypt.yml
#when: use_letsencrypt is defined and use_letsencrypt
tags: letsencrypt
# vim: set ts=2 sw=2: