Skip to content
Snippets Groups Projects
Commit 701c1d01 authored by Robin Candau's avatar Robin Candau Committed by Robin Candau
Browse files

Migrate 'with_X' to 'loop'

parent a5f41049
No related branches found
No related tags found
1 merge request!899Fix some inconsistencies in ansible playbooks / roles
Showing
with 84 additions and 87 deletions
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
- name: Install archbuild scripts - name: Install archbuild scripts
copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755 copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
with_items: loop:
- mkpkg - mkpkg
- pkgdiffrepo - pkgdiffrepo
- clean-chroots - clean-chroots
...@@ -28,12 +28,12 @@ ...@@ -28,12 +28,12 @@
- name: Install archbuild config files - name: Install archbuild config files
copy: src={{ item }} dest=/usr/local/share/{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/usr/local/share/{{ item }} owner=root group=root mode=0644
with_items: loop:
- elinks-pkgdiffrepo.conf - elinks-pkgdiffrepo.conf
- name: Install archbuild units - name: Install archbuild units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items: loop:
- clean-chroots.timer - clean-chroots.timer
- clean-chroots.service - clean-chroots.service
- clean-dests.timer - clean-dests.timer
...@@ -47,27 +47,27 @@ ...@@ -47,27 +47,27 @@
- name: Install archbuild unit - name: Install archbuild unit
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items: loop:
- var-lib-archbuild.mount - var-lib-archbuild.mount
notify: notify:
- Daemon reload - Daemon reload
- name: Install archbuild user units - name: Install archbuild user units
copy: src={{ item }} dest=/etc/systemd/user/{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/etc/systemd/user/{{ item }} owner=root group=root mode=0644
with_items: loop:
- mkpkg@.timer - mkpkg@.timer
- mkpkg@.service - mkpkg@.service
- name: Create drop-in directories for devtools - name: Create drop-in directories for devtools
file: path=/etc/systemd/system/{{ item }}.d state=directory owner=root group=root mode=0755 file: path=/etc/systemd/system/{{ item }}.d state=directory owner=root group=root mode=0755
with_items: loop:
- arch-nspawn-.scope - arch-nspawn-.scope
- devtools.slice - devtools.slice
- user-.slice - user-.slice
- name: Install drop-in snippets for devtools - name: Install drop-in snippets for devtools
copy: src=devtools-override_{{ item }}.conf dest=/etc/systemd/system/{{ item }}.d/override.conf owner=root group=root mode=0644 copy: src=devtools-override_{{ item }}.conf dest=/etc/systemd/system/{{ item }}.d/override.conf owner=root group=root mode=0644
with_items: loop:
- arch-nspawn-.scope - arch-nspawn-.scope
- devtools.slice - devtools.slice
- user-.slice - user-.slice
...@@ -76,12 +76,12 @@ ...@@ -76,12 +76,12 @@
- name: Start and enable archbuild mounts - name: Start and enable archbuild mounts
service: name={{ item }} enabled={{ "yes" if archbuild_fs == 'tmpfs' else "no" }} state={{ "started" if archbuild_fs == 'tmpfs' else "stopped" }} service: name={{ item }} enabled={{ "yes" if archbuild_fs == 'tmpfs' else "no" }} state={{ "started" if archbuild_fs == 'tmpfs' else "stopped" }}
with_items: loop:
- var-lib-archbuild.mount - var-lib-archbuild.mount
- name: Start and enable archbuilddest mount - name: Start and enable archbuilddest mount
service: name={{ item }} enabled=yes state=started service: name={{ item }} enabled=yes state=started
with_items: loop:
- var-lib-archbuilddest.mount - var-lib-archbuilddest.mount
- name: Create archbuilddest - name: Create archbuilddest
...@@ -91,33 +91,30 @@ ...@@ -91,33 +91,30 @@
owner: root owner: root
group: root group: root
mode: '0777' mode: '0777'
with_nested: loop: "{{ ['archbuilddest'] | product(['srcdest']) | list }}"
- [archbuilddest]
- [srcdest]
- name: Set acl on archbuilddest - name: Set acl on archbuilddest
acl: acl:
name: '/var/lib/archbuilddest/{{ item[0] }}' name: '/var/lib/archbuilddest/{{ item[0] }}'
state: present state: present
entry: '{{ item[1] }}' entry: '{{ item[1] }}'
with_nested: loop: "{{ ['srcdest'] |
- [srcdest] product(['user::rwx',
- ['user::rwx', 'group::rwx',
'group::rwx', 'group:junior-dev:rwx',
'group:junior-dev:rwx', 'group:junior-packager:rwx',
'group:junior-packager:rwx', 'other::rwx',
'other::rwx', 'mask::rwx',
'mask::rwx', 'default:user::rwx',
'default:user::rwx', 'default:group::r-x',
'default:group::r-x', 'default:group:junior-dev:rwx',
'default:group:junior-dev:rwx', 'default:group:junior-packager:rwx',
'default:group:junior-packager:rwx', 'default:other::r-x',
'default:other::r-x', 'default:mask::rwx']) | list }}"
'default:mask::rwx']
- name: Start and enable archbuild units - name: Start and enable archbuild units
service: name={{ item }} enabled=yes state=started service: name={{ item }} enabled=yes state=started
with_items: loop:
- clean-chroots.timer - clean-chroots.timer
- clean-dests.timer - clean-dests.timer
- clean-offload-build.timer - clean-offload-build.timer
......
...@@ -81,7 +81,7 @@ ...@@ -81,7 +81,7 @@
- name: Run Django management tasks - name: Run Django management tasks
django_manage: app_path="{{ archmanweb_dir }}/repo" command="{{ item }}" django_manage: app_path="{{ archmanweb_dir }}/repo" command="{{ item }}"
with_items: loop:
- migrate - migrate
- collectstatic - collectstatic
- man_drop_cache - man_drop_cache
...@@ -98,7 +98,7 @@ ...@@ -98,7 +98,7 @@
- name: Install systemd units - name: Install systemd units
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644 template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items: loop:
- archmanweb_update.service - archmanweb_update.service
- archmanweb_update.timer - archmanweb_update.timer
......
- name: Create Arch Linux-specific groups - name: Create Arch Linux-specific groups
group: name="{{ item }}" state=present system=no group: name="{{ item }}" state=present system=no
with_items: "{{ arch_groups }}" loop: "{{ arch_groups }}"
- name: Filter arch_users for users with non-matching hosts - name: Filter arch_users for users with non-matching hosts
set_fact: arch_users_filtered="{{ (arch_users_filtered | default([])) + [item] }}" set_fact: arch_users_filtered="{{ (arch_users_filtered | default([])) + [item] }}"
when: item.value.hosts is not defined or inventory_hostname in item.value.hosts when: item.value.hosts is not defined or inventory_hostname in item.value.hosts
with_dict: "{{ arch_users }}" loop: "{{ arch_users | dict2items }}"
- name: Create Arch Linux-specific users - name: Create Arch Linux-specific users
ansible.builtin.user: ansible.builtin.user:
...@@ -42,4 +42,4 @@ ...@@ -42,4 +42,4 @@
when: when:
- item not in (arch_users_filtered | map(attribute='key')) - item not in (arch_users_filtered | map(attribute='key'))
- item not in (utility_users[inventory_hostname] | default([])) - item not in (utility_users[inventory_hostname] | default([]))
with_items: "{{ all_users.files | map(attribute='path') | map('basename') | list }}" loop: "{{ all_users.files | map(attribute='path') | map('basename') | list }}"
...@@ -97,7 +97,7 @@ ...@@ -97,7 +97,7 @@
postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes postgresql_user: name={{ item.user }} password={{ item.password }} login_host="{{ archweb_db_host }}" login_password="{{ vault_postgres_users.postgres }}" encrypted=yes
no_log: true no_log: true
when: archweb_site or archweb_services when: archweb_site or archweb_services
with_items: loop:
- { user: "{{ archweb_db_site_user }}", password: "{{ vault_archweb_db_site_password }}" } - { user: "{{ archweb_db_site_user }}", password: "{{ vault_archweb_db_site_password }}" }
- { user: "{{ archweb_db_services_user }}", password: "{{ vault_archweb_db_services_password }}" } - { user: "{{ archweb_db_services_user }}", password: "{{ vault_archweb_db_services_password }}" }
- { user: "{{ archweb_db_dbscripts_user }}", password: "{{ vault_archweb_db_dbscripts_password }}" } - { user: "{{ archweb_db_dbscripts_user }}", password: "{{ vault_archweb_db_dbscripts_password }}" }
...@@ -118,7 +118,7 @@ ...@@ -118,7 +118,7 @@
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" login_password="{{ vault_archweb_db_site_password }}" postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" login_password="{{ vault_archweb_db_site_password }}"
privs=CONNECT roles="{{ item }}" type=database privs=CONNECT roles="{{ item }}" type=database
when: archweb_site or archweb_services when: archweb_site or archweb_services
with_items: loop:
- "{{ archweb_db_services_user }}" - "{{ archweb_db_services_user }}"
- "{{ archweb_db_dbscripts_user }}" - "{{ archweb_db_dbscripts_user }}"
- "{{ archweb_db_backup_user }}" - "{{ archweb_db_backup_user }}"
...@@ -127,7 +127,7 @@ ...@@ -127,7 +127,7 @@
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" login_password="{{ vault_archweb_db_site_password }}" postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" login_password="{{ vault_archweb_db_site_password }}"
privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}" privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
when: archweb_site or archweb_services when: archweb_site or archweb_services
with_items: loop:
- { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_table_objs }}" } - { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_table_objs }}" }
- { user: "{{ archweb_db_dbscripts_user }}", objs: "{{ archweb_db_dbscripts_table_objs }}" } - { user: "{{ archweb_db_dbscripts_user }}", objs: "{{ archweb_db_dbscripts_table_objs }}" }
- { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_table_objs }}" } - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_table_objs }}" }
...@@ -136,7 +136,7 @@ ...@@ -136,7 +136,7 @@
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" login_password="{{ vault_archweb_db_site_password }}" postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" login_password="{{ vault_archweb_db_site_password }}"
privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}" privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
when: archweb_site or archweb_services when: archweb_site or archweb_services
with_items: loop:
- { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_sequence_objs }}" } - { user: "{{ archweb_db_services_user }}", objs: "{{ archweb_db_services_sequence_objs }}" }
- { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_sequence_objs }}" } - { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_sequence_objs }}" }
...@@ -160,7 +160,7 @@ ...@@ -160,7 +160,7 @@
- name: Install mirrorcheck service and timer - name: Install mirrorcheck service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644 template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items: loop:
- archweb-mirrorcheck.service - archweb-mirrorcheck.service
- archweb-mirrorcheck.timer - archweb-mirrorcheck.timer
notify: notify:
...@@ -169,7 +169,7 @@ ...@@ -169,7 +169,7 @@
- name: Install mirrorresolv service and timer - name: Install mirrorresolv service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644 template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items: loop:
- archweb-mirrorresolv.service - archweb-mirrorresolv.service
- archweb-mirrorresolv.timer - archweb-mirrorresolv.timer
notify: notify:
...@@ -178,7 +178,7 @@ ...@@ -178,7 +178,7 @@
- name: Install populate_signoffs service and timer - name: Install populate_signoffs service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644 template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items: loop:
- archweb-populate_signoffs.service - archweb-populate_signoffs.service
- archweb-populate_signoffs.timer - archweb-populate_signoffs.timer
notify: notify:
...@@ -187,7 +187,7 @@ ...@@ -187,7 +187,7 @@
- name: Install planet service and timer - name: Install planet service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644 template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items: loop:
- archweb-planet.service - archweb-planet.service
- archweb-planet.timer - archweb-planet.timer
notify: notify:
...@@ -196,7 +196,7 @@ ...@@ -196,7 +196,7 @@
- name: Install rebuilderd status service and timer - name: Install rebuilderd status service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644 template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items: loop:
- archweb-rebuilderd.service - archweb-rebuilderd.service
- archweb-rebuilderd.timer - archweb-rebuilderd.timer
notify: notify:
...@@ -225,7 +225,7 @@ ...@@ -225,7 +225,7 @@
- name: Install archweb rsync iso service and timer - name: Install archweb rsync iso service and timer
template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644 template: src="{{ item }}.j2" dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items: loop:
- archweb-rsync_iso.service - archweb-rsync_iso.service
- archweb-rsync_iso.timer - archweb-rsync_iso.timer
notify: notify:
...@@ -247,7 +247,7 @@ ...@@ -247,7 +247,7 @@
enabled: true enabled: true
state: started state: started
daemon_reload: true daemon_reload: true
with_items: loop:
- archweb-memcached.service - archweb-memcached.service
- archweb-rsync_iso.timer - archweb-rsync_iso.timer
when: archweb_site | bool when: archweb_site | bool
......
...@@ -116,7 +116,7 @@ ...@@ -116,7 +116,7 @@
enabled: true enabled: true
state: started state: started
daemon_reload: true daemon_reload: true
with_items: loop:
- archwiki-runjobs.timer - archwiki-runjobs.timer
- archwiki-runjobs-wait.service - archwiki-runjobs-wait.service
- archwiki-question-updater.timer - archwiki-question-updater.timer
......
...@@ -72,14 +72,14 @@ ...@@ -72,14 +72,14 @@
- name: Install AUR systemd service and timers - name: Install AUR systemd service and timers
template: src={{ item.name }}.j2 dest=/etc/systemd/system/{{ item.name }} owner=root group=root mode=0644 template: src={{ item.name }}.j2 dest=/etc/systemd/system/{{ item.name }} owner=root group=root mode=0644
with_items: loop:
- "{{ aurweb_services }}" - "{{ aurweb_services }}"
- "{{ aurweb_timers }}" - "{{ aurweb_timers }}"
when: release.changed and (item.install is not defined or item.install) when: release.changed and (item.install is not defined or item.install)
- name: Stop AUR systemd services and timers - name: Stop AUR systemd services and timers
service: name={{ item.name }} enabled=yes state=stopped service: name={{ item.name }} enabled=yes state=stopped
with_items: loop:
- "{{ aurweb_services }}" - "{{ aurweb_services }}"
- "{{ aurweb_timers }}" - "{{ aurweb_timers }}"
when: release.changed and (item.restart is not defined or item.restart) when: release.changed and (item.restart is not defined or item.restart)
...@@ -97,7 +97,7 @@ ...@@ -97,7 +97,7 @@
- name: Create necessary directories - name: Create necessary directories
file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} mode=0755 file: path={{ aurweb_dir }}/{{ item }} state=directory owner={{ aurweb_user }} group={{ aurweb_user }} mode=0755
with_items: loop:
- 'aurblup' - 'aurblup'
- 'sessions' - 'sessions'
- 'uploads' - 'uploads'
...@@ -290,7 +290,7 @@ ...@@ -290,7 +290,7 @@
- name: Start and enable AUR systemd services and timers - name: Start and enable AUR systemd services and timers
systemd_service: name={{ item.name }} enabled=yes state=started daemon_reload=yes systemd_service: name={{ item.name }} enabled=yes state=started daemon_reload=yes
with_items: loop:
- "{{ aurweb_services }}" - "{{ aurweb_services }}"
- "{{ aurweb_timers }}" - "{{ aurweb_timers }}"
when: release.changed and (item.restart is not defined or item.restart) when: release.changed and (item.restart is not defined or item.restart)
......
...@@ -50,7 +50,7 @@ ...@@ -50,7 +50,7 @@
- name: Install systemd timer and services for backup - name: Install systemd timer and services for backup
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items: loop:
- borg-backup.timer - borg-backup.timer
- borg-backup.service - borg-backup.service
- borg-backup-offsite.service - borg-backup-offsite.service
......
...@@ -21,13 +21,13 @@ ...@@ -21,13 +21,13 @@
owner: borg owner: borg
group: borg group: borg
mode: '0700' mode: '0700'
with_items: "{{ backup_clients }}" loop: "{{ backup_clients }}"
- name: Fetch ssh keys from each borg client machine - name: Fetch ssh keys from each borg client machine
command: cat /root/.ssh/id_rsa.pub command: cat /root/.ssh/id_rsa.pub
register: ssh_keys register: ssh_keys
delegate_to: "{{ item }}" delegate_to: "{{ item }}"
with_items: "{{ backup_clients }}" loop: "{{ backup_clients }}"
changed_when: ssh_keys.stdout | length > 0 changed_when: ssh_keys.stdout | length > 0
- name: Allow certain clients to connect - name: Allow certain clients to connect
...@@ -36,4 +36,4 @@ ...@@ -36,4 +36,4 @@
key: "{{ item.stdout }}" key: "{{ item.stdout }}"
manage_dir: true manage_dir: true
key_options: "command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",restrict" key_options: "command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",restrict"
with_items: "{{ ssh_keys.results }}" loop: "{{ ssh_keys.results }}"
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
- name: Receive valid signing keys - name: Receive valid signing keys
command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }} command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }}
with_items: '{{ bugbot_pgp_emails }}' loop: '{{ bugbot_pgp_emails }}'
register: gpg register: gpg
changed_when: "gpg.rc == 0" changed_when: "gpg.rc == 0"
......
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
- name: Install letsencrypt renewal service - name: Install letsencrypt renewal service
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items: loop:
- certbot-renewal.service - certbot-renewal.service
- certbot-renewal.timer - certbot-renewal.timer
...@@ -26,7 +26,7 @@ ...@@ -26,7 +26,7 @@
- name: Open firewall holes for certbot standalone authenticator - name: Open firewall holes for certbot standalone authenticator
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items: loop:
- http - http
when: configure_firewall when: configure_firewall
tags: tags:
......
...@@ -120,13 +120,13 @@ ...@@ -120,13 +120,13 @@
- name: Create drop-in directories for oomd - name: Create drop-in directories for oomd
file: path=/etc/systemd/system/{{ item }}.d state=directory owner=root group=root mode=0755 file: path=/etc/systemd/system/{{ item }}.d state=directory owner=root group=root mode=0755
with_items: loop:
- "-.slice" - "-.slice"
- user@.service - user@.service
- name: Install drop-in snippets for oomd - name: Install drop-in snippets for oomd
copy: src=oomd-override_{{ item }}.conf dest=/etc/systemd/system/{{ item }}.d/override.conf owner=root group=root mode=0644 copy: src=oomd-override_{{ item }}.conf dest=/etc/systemd/system/{{ item }}.d/override.conf owner=root group=root mode=0644
with_items: loop:
- "-.slice" - "-.slice"
- user@.service - user@.service
notify: notify:
...@@ -149,7 +149,7 @@ ...@@ -149,7 +149,7 @@
- name: Install root shell config - name: Install root shell config
copy: src={{ item }} dest=/root/.{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/root/.{{ item }} owner=root group=root mode=0644
with_items: loop:
- zshrc - zshrc
- dircolors - dircolors
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
- name: Create dbscripts users - name: Create dbscripts users
user: name="{{ item }}" shell=/bin/bash user: name="{{ item }}" shell=/bin/bash
with_items: loop:
- git-packages - git-packages
- name: Add cleanup user - name: Add cleanup user
...@@ -53,7 +53,7 @@ ...@@ -53,7 +53,7 @@
groups: "{{ item.value.groups | join(',') }}" groups: "{{ item.value.groups | join(',') }}"
comment: "{{ item.value.name }}" comment: "{{ item.value.name }}"
state: present state: present
with_dict: "{{ arch_users }}" loop: "{{ arch_users | dict2items }}"
- name: Create /etc/dbscripts directory - name: Create /etc/dbscripts directory
file: path=/etc/dbscripts state=directory owner=root group=root mode=0755 file: path=/etc/dbscripts state=directory owner=root group=root mode=0755
...@@ -75,7 +75,7 @@ ...@@ -75,7 +75,7 @@
- name: Create dbscripts paths - name: Create dbscripts paths
file: path="{{ item }}" state=directory owner=root group=root mode=0755 file: path="{{ item }}" state=directory owner=root group=root mode=0755
with_items: loop:
- /srv/repos/git-packages - /srv/repos/git-packages
- name: Create git-packages/package-cleanup directory - name: Create git-packages/package-cleanup directory
...@@ -142,7 +142,7 @@ ...@@ -142,7 +142,7 @@
- name: Fetch dbscripts PGP key - name: Fetch dbscripts PGP key
command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }} command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }}
with_items: '{{ dbscripts_pgp_emails }}' loop: '{{ dbscripts_pgp_emails }}'
register: gpg register: gpg
changed_when: "gpg.rc == 0" changed_when: "gpg.rc == 0"
...@@ -161,7 +161,7 @@ ...@@ -161,7 +161,7 @@
- name: Symlink dbscript binaries to /usr/local/bin - name: Symlink dbscript binaries to /usr/local/bin
file: path=/usr/local/bin/{{ item }} src=/packages/{{ item }} state=link owner=root group=root mode=0755 file: path=/usr/local/bin/{{ item }} src=/packages/{{ item }} state=link owner=root group=root mode=0755
with_items: loop:
- db-move - db-move
- db-update - db-update
- db-remove - db-remove
...@@ -177,35 +177,35 @@ ...@@ -177,35 +177,35 @@
- name: Make junior developer root repos - name: Make junior developer root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755 file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ junior_developer_repos }}' loop: '{{ junior_developer_repos }}'
- name: Make junior developer repos - name: Make junior developer repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-dev mode=0775 file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-dev mode=0775
with_items: '{{ junior_developer_repos }}' loop: '{{ junior_developer_repos }}'
- name: Make developer root repos - name: Make developer root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755 file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ developer_repos }}' loop: '{{ developer_repos }}'
- name: Make developer repos - name: Make developer repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=dev mode=0775 file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=dev mode=0775
with_items: '{{ developer_repos }}' loop: '{{ developer_repos }}'
- name: Make junior packager root repos - name: Make junior packager root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755 file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ junior_packager_repos }}' loop: '{{ junior_packager_repos }}'
- name: Make junior packager repos - name: Make junior packager repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-packager mode=0775 file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-packager mode=0775
with_items: '{{ junior_packager_repos }}' loop: '{{ junior_packager_repos }}'
- name: Make packager root repos - name: Make packager root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755 file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ packager_repos }}' loop: '{{ packager_repos }}'
- name: Make packager repos - name: Make packager repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=packager mode=0775 file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=packager mode=0775
with_items: '{{ packager_repos }}' loop: '{{ packager_repos }}'
- name: Make /srv/ftp/other/packages available - name: Make /srv/ftp/other/packages available
file: path=/srv/ftp/other/packages state=directory owner=root group=junior-packager mode=0775 file: path=/srv/ftp/other/packages state=directory owner=root group=junior-packager mode=0775
...@@ -239,7 +239,7 @@ ...@@ -239,7 +239,7 @@
- name: Install systemd timers - name: Install systemd timers
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items: loop:
- cleanup.timer - cleanup.timer
- cleanup.service - cleanup.service
- sourceballs.timer - sourceballs.timer
...@@ -253,7 +253,7 @@ ...@@ -253,7 +253,7 @@
- name: Activate systemd timers - name: Activate systemd timers
service: name={{ item }} enabled=yes state=started service: name={{ item }} enabled=yes state=started
with_items: loop:
- cleanup.timer - cleanup.timer
- sourceballs.timer - sourceballs.timer
- lastsync.timer - lastsync.timer
......
...@@ -58,7 +58,7 @@ ...@@ -58,7 +58,7 @@
- name: Open firewall holes - name: Open firewall holes
ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items: loop:
- imaps - imaps
- managesieve - managesieve
when: configure_firewall when: configure_firewall
...@@ -67,7 +67,7 @@ ...@@ -67,7 +67,7 @@
- name: Install systemd timers - name: Install systemd timers
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items: loop:
- dovecot-cleanup.timer - dovecot-cleanup.timer
- dovecot-cleanup.service - dovecot-cleanup.service
...@@ -77,5 +77,5 @@ ...@@ -77,5 +77,5 @@
state: started state: started
enabled: true enabled: true
daemon_reload: true daemon_reload: true
with_items: loop:
- dovecot-cleanup.timer - dovecot-cleanup.timer
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
owner: "root" owner: "root"
group: "root" group: "root"
mode: '0644' mode: '0644'
with_items: loop:
- "fail2ban.local" - "fail2ban.local"
- "jail.local" - "jail.local"
notify: notify:
......
...@@ -120,7 +120,7 @@ ...@@ -120,7 +120,7 @@
- name: Open firewall holes - name: Open firewall holes
ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
when: configure_firewall when: configure_firewall
with_items: loop:
- "80/tcp" - "80/tcp"
- "443/tcp" - "443/tcp"
- "22/tcp" - "22/tcp"
...@@ -133,7 +133,7 @@ ...@@ -133,7 +133,7 @@
- name: Copy {gitlab-cleanup,gitlab-bot-token-extender} timer and service - name: Copy {gitlab-cleanup,gitlab-bot-token-extender} timer and service
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644 copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items: loop:
- gitlab-cleanup.timer - gitlab-cleanup.timer
- gitlab-cleanup.service - gitlab-cleanup.service
- gitlab-bot-token-extender.timer - gitlab-bot-token-extender.timer
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
- name: Install systemd service/timer - name: Install systemd service/timer
copy: src={{ item }} dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644 copy: src={{ item }} dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
with_items: loop:
- gluebuddy.service - gluebuddy.service
- gluebuddy.timer - gluebuddy.timer
notify: notify:
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
- name: Create grafana provisioning directory - name: Create grafana provisioning directory
file: path={{ item }} mode=0700 owner=grafana group=grafana state=directory file: path={{ item }} mode=0700 owner=grafana group=grafana state=directory
with_items: loop:
- /etc/grafana/provisioning - /etc/grafana/provisioning
- /etc/grafana/provisioning/datasources - /etc/grafana/provisioning/datasources
- /etc/grafana/provisioning/dashboards - /etc/grafana/provisioning/dashboards
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
check_mode: false check_mode: false
register: client_ssh_keys register: client_ssh_keys
delegate_to: "{{ item }}" delegate_to: "{{ item }}"
with_items: "{{ backup_clients }}" loop: "{{ backup_clients }}"
changed_when: client_ssh_keys.changed changed_when: client_ssh_keys.changed
- name: Create tempfile - name: Create tempfile
......
...@@ -40,7 +40,7 @@ ...@@ -40,7 +40,7 @@
{% endif %} {% endif %}
--new=0:0:0 --change-name=0:root --typecode=0:8304 --new=0:0:0 --change-name=0:root --typecode=0:8304
{{ item }} {{ item }}
with_items: loop:
- "{{ system_disks }}" - "{{ system_disks }}"
register: sgdisk register: sgdisk
changed_when: "sgdisk.rc == 0" changed_when: "sgdisk.rc == 0"
...@@ -181,14 +181,14 @@ ...@@ -181,14 +181,14 @@
- name: Install grub (legacy mode) - name: Install grub (legacy mode)
command: chroot /mnt grub-install --target=i386-pc --recheck {{ item }} command: chroot /mnt grub-install --target=i386-pc --recheck {{ item }}
with_items: loop:
- "{{ system_disks }}" - "{{ system_disks }}"
register: chroot_grub_install_legacy register: chroot_grub_install_legacy
changed_when: "chroot_grub_install_legacy.rc == 0" changed_when: "chroot_grub_install_legacy.rc == 0"
- name: Install grub (uefi mode) - name: Install grub (uefi mode)
command: chroot /mnt grub-install --target=x86_64-efi --efi-directory=/efi --removable --recheck {{ item }} command: chroot /mnt grub-install --target=x86_64-efi --efi-directory=/efi --removable --recheck {{ item }}
with_items: loop:
- "{{ system_disks }}" - "{{ system_disks }}"
register: chroot_grub_install_uefi register: chroot_grub_install_uefi
changed_when: "chroot_grub_install_uefi.rc == 0" changed_when: "chroot_grub_install_uefi.rc == 0"
......
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
- name: Disallow remote root login - name: Disallow remote root login
command: 'mysql -NBe "{{ item }}"' command: 'mysql -NBe "{{ item }}"'
with_items: loop:
- DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1') - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
changed_when: false changed_when: false
...@@ -28,7 +28,7 @@ ...@@ -28,7 +28,7 @@
- name: Set root password - name: Set root password
mysql_user: user=root host={{ item }} password={{ vault_mariadb_users.root }} mysql_user: user=root host={{ item }} password={{ vault_mariadb_users.root }}
with_items: loop:
- '127.0.0.1' - '127.0.0.1'
- '::1' - '::1'
- 'localhost' - 'localhost'
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment