summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-02-12 15:25:31 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-02-12 20:06:22 +0100
commitfa8d2b668550259e6f78d16fc209c4da1a20b842 (patch)
treecfa56bc2941f14626cbecf7e785d6c3a9c000e0d /roles
parentce731cb119b501b2de58473c6fb0d205d772c004 (diff)
Upgrade playbooks to Ansible 2.0.
Diffstat (limited to 'roles')
-rw-r--r--roles/IMAP/handlers/main.yml2
-rw-r--r--roles/IMAP/tasks/imap.yml2
-rw-r--r--roles/IMAP/tasks/main.yml18
-rw-r--r--roles/LDAP-provider/tasks/main.yml4
-rw-r--r--roles/MSA/tasks/main.yml2
-rw-r--r--roles/MX/tasks/main.yml2
-rw-r--r--roles/bacula-dir/tasks/main.yml2
-rw-r--r--roles/bacula-sd/tasks/main.yml2
-rw-r--r--roles/common-LDAP/tasks/main.yml2
-rw-r--r--roles/common/tasks/bacula.yml2
-rw-r--r--roles/common/tasks/mail.yml6
-rw-r--r--roles/common/tasks/main.yml57
-rw-r--r--roles/common/tasks/munin-node.yml2
-rw-r--r--roles/common/tasks/sysctl.yml2
-rw-r--r--roles/git/tasks/cgit.yml2
-rw-r--r--roles/git/tasks/gitolite.yml4
-rw-r--r--roles/git/tasks/main.yml6
-rw-r--r--roles/lists/tasks/main.yml16
-rw-r--r--roles/lists/tasks/nginx.yml2
-rw-r--r--roles/webmail/tasks/main.yml10
-rw-r--r--roles/webmail/tasks/roundcube.yml6
-rw-r--r--roles/wiki/handlers/main.yml2
-rw-r--r--roles/wiki/tasks/main.yml4
23 files changed, 107 insertions, 50 deletions
diff --git a/roles/IMAP/handlers/main.yml b/roles/IMAP/handlers/main.yml
index 10a717d..2c49611 100644
--- a/roles/IMAP/handlers/main.yml
+++ b/roles/IMAP/handlers/main.yml
@@ -6,7 +6,7 @@
service: name=postfix state=reloaded
- name: Compile Spamassassin rules
- sudo_user: debian-spamd
+ become_user: debian-spamd
# it might take a while...
command: /usr/bin/sa-compile --quiet
chdir=/var/lib/spamassassin/
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml
index c9686c9..883b6a8 100644
--- a/roles/IMAP/tasks/imap.yml
+++ b/roles/IMAP/tasks/imap.yml
@@ -79,7 +79,7 @@
- name: Fetch Dovecot's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/dovecot/ssl/imap.fripost.org.pem
dest=certs/public/
fail_on_missing=yes
diff --git a/roles/IMAP/tasks/main.yml b/roles/IMAP/tasks/main.yml
index 9ed2ea6..f9b25d1 100644
--- a/roles/IMAP/tasks/main.yml
+++ b/roles/IMAP/tasks/main.yml
@@ -1,4 +1,16 @@
---
-- include: imap.yml tags=imap,dovecot
-- include: mda.yml tags=mda,mail,postfix
-#- include: spam.yml tags=spam,spamassassin # TODO spam filter
+- include: imap.yml
+ tags:
+ - imap
+ - dovecot
+- include: mda.yml
+ tags:
+ - mda
+ - mail
+ - postfix
+# TODO spam filter
+#- include: spam.yml
+# tags
+# - spam
+# - spamassassin
+#
diff --git a/roles/LDAP-provider/tasks/main.yml b/roles/LDAP-provider/tasks/main.yml
index 3f7f29f..ad6e7bb 100644
--- a/roles/LDAP-provider/tasks/main.yml
+++ b/roles/LDAP-provider/tasks/main.yml
@@ -6,8 +6,8 @@
- name: Enable the EXTERNAL SASL mechanism
lineinfile: dest=/usr/lib/sasl2/slapd.conf
- regexp='^mech_list'':'
- line=mech_list':'' EXTERNAL'
+ regexp='^mech_list{{':'}}'
+ line='mech_list{{':'}} EXTERNAL'
create=yes
owner=root group=root
mode=0644
diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml
index 499880f..4c0ceef 100644
--- a/roles/MSA/tasks/main.yml
+++ b/roles/MSA/tasks/main.yml
@@ -26,7 +26,7 @@
- name: Fetch Postfix's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
# `/usr/sbin/postmulti -i msa -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
fetch: src=/etc/postfix/ssl/smtp.fripost.org.pem
dest=certs/public/
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index 1b820e3..6ca11c0 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -80,7 +80,7 @@
- name: Fetch Postfix's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
# `/usr/sbin/postmulti -i mx -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
fetch: src=/etc/postfix/ssl/mx.fripost.org.pem
dest=certs/public/mx{{ mxno | default('') }}.fripost.org.pem
diff --git a/roles/bacula-dir/tasks/main.yml b/roles/bacula-dir/tasks/main.yml
index cee6fc2..1dd0683 100644
--- a/roles/bacula-dir/tasks/main.yml
+++ b/roles/bacula-dir/tasks/main.yml
@@ -30,7 +30,7 @@
- name: Fetch Bacula Dir X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/{{ inventory_hostname_short }}-dir.pem
dest=certs/bacula/
fail_on_missing=yes
diff --git a/roles/bacula-sd/tasks/main.yml b/roles/bacula-sd/tasks/main.yml
index 7a6c8c3..a888db6 100644
--- a/roles/bacula-sd/tasks/main.yml
+++ b/roles/bacula-sd/tasks/main.yml
@@ -30,7 +30,7 @@
- name: Fetch Bacula SD X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/{{ inventory_hostname_short }}-sd.pem
dest=certs/bacula/
fail_on_missing=yes
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 5b7143f..960189b 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -56,7 +56,7 @@
- name: Fetch slapd's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/ldap/ssl/{{ item.name }}.pem
dest=certs/ldap/
fail_on_missing=yes
diff --git a/roles/common/tasks/bacula.yml b/roles/common/tasks/bacula.yml
index 248d47d..91b37c8 100644
--- a/roles/common/tasks/bacula.yml
+++ b/roles/common/tasks/bacula.yml
@@ -30,7 +30,7 @@
- name: Fetch Bacula FD X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/{{ inventory_hostname_short }}-fd.pem
dest=certs/bacula/
fail_on_missing=yes
diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml
index c8e2495..273dc5c 100644
--- a/roles/common/tasks/mail.yml
+++ b/roles/common/tasks/mail.yml
@@ -68,7 +68,7 @@
- name: Fetch Postfix's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/postfix/ssl/{{ ansible_fqdn }}.pem
dest=certs/postfix/
fail_on_missing=yes
@@ -78,8 +78,8 @@
- name: Add a 'root' alias
lineinfile: dest=/etc/aliases create=yes
- regexp="^root:"" "
- line="root:"" root@fripost.org"
+ regexp="^root{{':'}} "
+ line="root{{':'}} root@fripost.org"
- name: Compile the static local Postfix database
postmap: cmd=postalias src=/etc/aliases db=cdb
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 3b95c92..3e6a4a8 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,20 +1,36 @@
---
-- include: sysctl.yml tags=sysctl
+- include: sysctl.yml
+ tags: sysctl
- include: hosts.yml
-- include: apt.yml tags=apt
+- include: apt.yml
+ tags: apt
- name: Install intel-microcode
apt: pkg=intel-microcode
when: "ansible_processor[0] | search('^(Genuine)?Intel.*') and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')"
tags: intel
-- include: firewall.yml tags=firewall,iptables
-- include: samhain.yml tags=samhain
-- include: auditd.yml tags=auditd
-- include: rkhunter.yml tags=rkhunter
-- include: clamav.yml tags=clamav
-- include: fail2ban.yml tags=fail2ban
-- include: smart.yml tags=smartmontools,smart
+- include: firewall.yml
+ tags:
+ - firewall
+ - iptables
+- include: samhain.yml
+ tags: samhain
+- include: auditd.yml
+ tags: auditd
+- include: rkhunter.yml
+ tags: rkhunter
+- include: clamav.yml
+ tags: clamav
+- include: fail2ban.yml
+ tags: fail2ban
+- include: smart.yml
+ tags:
+ - smartmontools
+ - smart
when: "not ((ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') or ansible_system_vendor == 'QEMU')"
-- include: haveged.yml tags=haveged,entropy
+- include: haveged.yml
+ tags:
+ - haveged
+ - entropy
- name: Copy genkeypair.sh and gendhparam.sh
copy: src=usr/local/bin/{{ item }}
dest=/usr/local/bin/{{ item }}
@@ -27,11 +43,22 @@
- name: Generate DH parameters
command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem
tags: genkey
-- include: logging.yml tags=logging
-- include: ntp.yml tags=ntp
-- include: mail.yml tags=mail,postfix
-- include: bacula.yml tags=bacula-fd,bacula
-- include: munin-node.yml tags=munin-node,munin
+- include: logging.yml
+ tags: logging
+- include: ntp.yml
+ tags: ntp
+- include: mail.yml
+ tags:
+ - mail
+ - postfix
+- include: bacula.yml
+ tags:
+ - bacula-fd
+ - bacula
+- include: munin-node.yml
+ tags:
+ - munin-node
+ - munin
- name: Install common packages
apt: pkg={{ item }}
diff --git a/roles/common/tasks/munin-node.yml b/roles/common/tasks/munin-node.yml
index 9e5d8f4..c585d60 100644
--- a/roles/common/tasks/munin-node.yml
+++ b/roles/common/tasks/munin-node.yml
@@ -172,7 +172,7 @@
- name: Fetch Munin X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/munin-{{ inventory_hostname_short }}.pem
dest=certs/munin/{{ inventory_hostname }}.pem
fail_on_missing=yes
diff --git a/roles/common/tasks/sysctl.yml b/roles/common/tasks/sysctl.yml
index 6ac7feb..d3ae86f 100644
--- a/roles/common/tasks/sysctl.yml
+++ b/roles/common/tasks/sysctl.yml
@@ -1,4 +1,4 @@
-- sysctl: name={{ item.name }} "value={{ item.value }}" sysctl_set=yes
+- sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
with_items:
- { name: 'kernel.domainname', value: '{{ ansible_domain }}' }
diff --git a/roles/git/tasks/cgit.yml b/roles/git/tasks/cgit.yml
index 7237aa9..cebcec8 100644
--- a/roles/git/tasks/cgit.yml
+++ b/roles/git/tasks/cgit.yml
@@ -98,7 +98,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/nginx/ssl/git.fripost.org.pem
dest=certs/public/
fail_on_missing=yes
diff --git a/roles/git/tasks/gitolite.yml b/roles/git/tasks/gitolite.yml
index 5cbce23..90b3015 100644
--- a/roles/git/tasks/gitolite.yml
+++ b/roles/git/tasks/gitolite.yml
@@ -26,8 +26,8 @@
- name: Configure gitolite
lineinfile: dest=/var/lib/gitolite/.gitolite.rc
- "regexp=^(\\s*{{ item.var }}\\s*=>\\s*)"
- "line= {{ item.var }} => {{ item.value }},"
+ regexp='^(\\s*{{ item.var }}\\s*=>\\s*)'
+ line=' {{ item.var }} => {{ item.value }},'
owner=root group=root
mode=0644
with_items:
diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml
index da9f876..e24402a 100644
--- a/roles/git/tasks/main.yml
+++ b/roles/git/tasks/main.yml
@@ -1,2 +1,4 @@
-- include: gitolite.yml tags=gitolite
-- include: cgit.yml tags=cgit
+- include: gitolite.yml
+ tags: gitolite
+- include: cgit.yml
+ tags: cgit
diff --git a/roles/lists/tasks/main.yml b/roles/lists/tasks/main.yml
index f0e8e26..b43c948 100644
--- a/roles/lists/tasks/main.yml
+++ b/roles/lists/tasks/main.yml
@@ -1,3 +1,13 @@
-- include: mail.yml tags=postfix,mail
-- include: nginx.yml tags=nginx,www,web
-- include: sympa.yml tags=sympa,lists
+- include: mail.yml
+ tags:
+ - postfix
+ - mail
+- include: nginx.yml
+ tags:
+ - nginx
+ - www
+ - web
+- include: sympa.yml
+ tags:
+ - sympa
+ - lists
diff --git a/roles/lists/tasks/nginx.yml b/roles/lists/tasks/nginx.yml
index 21e769a..34d42bd 100644
--- a/roles/lists/tasks/nginx.yml
+++ b/roles/lists/tasks/nginx.yml
@@ -27,7 +27,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/nginx/ssl/lists.fripost.org.pem
dest=certs/public/
fail_on_missing=yes
diff --git a/roles/webmail/tasks/main.yml b/roles/webmail/tasks/main.yml
index 030a547..8ee50bd 100644
--- a/roles/webmail/tasks/main.yml
+++ b/roles/webmail/tasks/main.yml
@@ -1,3 +1,9 @@
-- include: mail.yml tags=postfix,mail
+- include: mail.yml
when: "'out' not in group_names"
-- include: roundcube.yml tags=roundcube,webmail
+ tags:
+ - postfix
+ - mail
+- include: roundcube.yml
+ tags:
+ - roundcube
+ - webmail
diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml
index 3eaf766..eb04ba1 100644
--- a/roles/webmail/tasks/roundcube.yml
+++ b/roles/webmail/tasks/roundcube.yml
@@ -40,8 +40,8 @@
- name: Configure Roundcube
lineinfile: dest=/etc/roundcube/config.inc.php
- "regexp=^\\s*\\$config\\['{{ item.var }}'\\]\\s*="
- "line=$config['{{ item.var }}'] = {{ item.value }};"
+ regexp='^\\s*\\$config\\[\'{{ item.var }}\'\\]\\s*='
+ line='$config[\'{{ item.var }}\'] = {{ item.value }};'
owner=root group=www-data
mode=0640
with_items:
@@ -129,7 +129,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/nginx/ssl/mail.fripost.org.pem
dest=certs/public/
fail_on_missing=yes
diff --git a/roles/wiki/handlers/main.yml b/roles/wiki/handlers/main.yml
index 42ae6ef..109c63d 100644
--- a/roles/wiki/handlers/main.yml
+++ b/roles/wiki/handlers/main.yml
@@ -3,5 +3,5 @@
service: name=nginx state=restarted
- name: Refresh ikiwiki
- sudo_user: ikiwiki
+ become_user: ikiwiki
command: ikiwiki --setup /var/lib/ikiwiki/fripost-wiki.setup --refresh --wrappers
diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
index 763f99a..9748768 100644
--- a/roles/wiki/tasks/main.yml
+++ b/roles/wiki/tasks/main.yml
@@ -59,7 +59,7 @@
- name: Add fripost-wiki to /etc/ikiwiki/wikilist
lineinfile: dest=/etc/ikiwiki/wikilist
- "line=ikiwiki /var/lib/ikiwiki/fripost-wiki.setup"
+ line='ikiwiki /var/lib/ikiwiki/fripost-wiki.setup'
owner=root group=root
mode=0644
@@ -97,7 +97,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/nginx/ssl/www.fripost.org.pem
dest=certs/public/fripost.org.pem
fail_on_missing=yes