Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Open sidebar
Arch Linux
infrastructure
Commits
8c5ec566
Commit
8c5ec566
authored
Feb 14, 2021
by
Sven-Hendrik Haase
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'fix-linting' into 'master'
Fix linting (ansible-lint v5.0.0) See merge request
!305
parents
230cc79a
4112bdf9
Pipeline
#5219
passed with stage
in 51 seconds
Changes
69
Pipelines
1
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
69 changed files
with
793 additions
and
793 deletions
+793
-793
.ansible-lint
.ansible-lint
+9
-5
.gitlab-ci.yml
.gitlab-ci.yml
+6
-2
group_vars/all/archusers.yml
group_vars/all/archusers.yml
+1
-1
group_vars/all/root_access.yml
group_vars/all/root_access.yml
+7
-7
one-shots/keycloak-importer/archusers.yml
one-shots/keycloak-importer/archusers.yml
+191
-191
playbooks/all-hosts-basic.yml
playbooks/all-hosts-basic.yml
+1
-1
playbooks/archlinux.org.yml
playbooks/archlinux.org.yml
+12
-12
playbooks/aur-dev.archlinux.org.yml
playbooks/aur-dev.archlinux.org.yml
+1
-1
playbooks/aur.archlinux.org.yml
playbooks/aur.archlinux.org.yml
+1
-1
playbooks/bbs.archlinux.org.yml
playbooks/bbs.archlinux.org.yml
+1
-1
playbooks/bugs.archlinux.org.yml
playbooks/bugs.archlinux.org.yml
+1
-1
playbooks/gitlab.archlinux.org.yml
playbooks/gitlab.archlinux.org.yml
+1
-2
playbooks/hetzner_storagebox.yml
playbooks/hetzner_storagebox.yml
+1
-1
playbooks/luna.yml
playbooks/luna.yml
+1
-1
playbooks/rsync.net.yml
playbooks/rsync.net.yml
+1
-1
playbooks/tasks/fetch-borg-keys.yml
playbooks/tasks/fetch-borg-keys.yml
+26
-26
playbooks/tasks/pacman-website.yml
playbooks/tasks/pacman-website.yml
+0
-1
playbooks/tasks/sync-ssh-hostkeys.yml
playbooks/tasks/sync-ssh-hostkeys.yml
+37
-37
playbooks/wiki.archlinux.org.yml
playbooks/wiki.archlinux.org.yml
+1
-1
roles/arch32_mirror/tasks/main.yml
roles/arch32_mirror/tasks/main.yml
+2
-2
roles/archbuild/handlers/main.yml
roles/archbuild/handlers/main.yml
+1
-1
roles/archive/tasks/main.yml
roles/archive/tasks/main.yml
+4
-4
roles/archmanweb/defaults/main.yml
roles/archmanweb/defaults/main.yml
+1
-1
roles/archweb/handlers/main.yml
roles/archweb/handlers/main.yml
+1
-1
roles/archweb/tasks/main.yml
roles/archweb/tasks/main.yml
+2
-2
roles/archwiki/tasks/main.yml
roles/archwiki/tasks/main.yml
+3
-3
roles/aurweb/defaults/main.yml
roles/aurweb/defaults/main.yml
+1
-1
roles/aurweb/handlers/main.yml
roles/aurweb/handlers/main.yml
+1
-1
roles/aurweb/tasks/main.yml
roles/aurweb/tasks/main.yml
+28
-28
roles/borg_client/tasks/main.yml
roles/borg_client/tasks/main.yml
+3
-3
roles/borg_server/tasks/main.yml
roles/borg_server/tasks/main.yml
+1
-1
roles/certbot/tasks/main.yml
roles/certbot/tasks/main.yml
+2
-2
roles/common/handlers/main.yml
roles/common/handlers/main.yml
+3
-3
roles/common/tasks/main.yml
roles/common/tasks/main.yml
+2
-2
roles/dbscripts/defaults/main.yml
roles/dbscripts/defaults/main.yml
+1
-1
roles/dbscripts/tasks/main.yml
roles/dbscripts/tasks/main.yml
+15
-15
roles/dovecot/tasks/main.yml
roles/dovecot/tasks/main.yml
+3
-3
roles/fail2ban/tasks/main.yml
roles/fail2ban/tasks/main.yml
+2
-2
roles/firewalld/handlers/main.yml
roles/firewalld/handlers/main.yml
+2
-2
roles/firewalld/tasks/main.yml
roles/firewalld/tasks/main.yml
+1
-1
roles/fluxbb/tasks/main.yml
roles/fluxbb/tasks/main.yml
+1
-1
roles/flyspray/tasks/main.yml
roles/flyspray/tasks/main.yml
+1
-1
roles/gitlab/tasks/main.yml
roles/gitlab/tasks/main.yml
+1
-1
roles/gitlab_runner/tasks/main.yml
roles/gitlab_runner/tasks/main.yml
+1
-1
roles/hedgedoc/tasks/main.yml
roles/hedgedoc/tasks/main.yml
+2
-2
roles/install_arch/tasks/main.yml
roles/install_arch/tasks/main.yml
+4
-4
roles/keycloak/tasks/main.yml
roles/keycloak/tasks/main.yml
+4
-4
roles/mailman/tasks/main.yml
roles/mailman/tasks/main.yml
+0
-1
roles/mariadb/defaults/main.yml
roles/mariadb/defaults/main.yml
+3
-3
roles/matrix/handlers/main.yml
roles/matrix/handlers/main.yml
+10
-10
roles/matrix/tasks/main.yml
roles/matrix/tasks/main.yml
+11
-11
roles/patchwork/defaults/main.yml
roles/patchwork/defaults/main.yml
+1
-1
roles/patchwork/handlers/main.yml
roles/patchwork/handlers/main.yml
+1
-1
roles/patchwork/tasks/main.yml
roles/patchwork/tasks/main.yml
+2
-2
roles/php7_fpm/handlers/main.yaml
roles/php7_fpm/handlers/main.yaml
+1
-1
roles/php_fpm/handlers/main.yaml
roles/php_fpm/handlers/main.yaml
+1
-1
roles/phrik/tasks/main.yml
roles/phrik/tasks/main.yml
+2
-2
roles/postfix/tasks/main.yml
roles/postfix/tasks/main.yml
+2
-4
roles/postfwd/handlers/main.yml
roles/postfwd/handlers/main.yml
+0
-1
roles/postfwd/tasks/main.yml
roles/postfwd/tasks/main.yml
+0
-1
roles/postgres/tasks/main.yml
roles/postgres/tasks/main.yml
+2
-2
roles/prometheus/files/node.rules.yml
roles/prometheus/files/node.rules.yml
+352
-352
roles/quassel/tasks/main.yml
roles/quassel/tasks/main.yml
+3
-3
roles/redirects/defaults/main.yml
roles/redirects/defaults/main.yml
+1
-2
roles/rsync_net/tasks/main.yml
roles/rsync_net/tasks/main.yml
+1
-1
roles/security_tracker/tasks/main.yml
roles/security_tracker/tasks/main.yml
+2
-2
roles/syncarchive/tasks/main.yml
roles/syncarchive/tasks/main.yml
+2
-2
roles/syncrepo/tasks/main.yml
roles/syncrepo/tasks/main.yml
+2
-2
roles/terraform_state/tasks/main.yml
roles/terraform_state/tasks/main.yml
+2
-2
No files found.
.ansible-lint
View file @
8c5ec566
exclude_paths:
- misc
# FIXME: parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
- playbooks/tasks
skip_list:
# Ignore lines longer than 160 chars
- '204'
# line too long (x > 80 characters) (line-length)
- 'line-length'
# yaml: too many spaces inside braces (braces)
- 'braces'
# Do not recommend running tasks as handlers
- '
503
'
- '
no-handler
'
# Do not force galaxy info in meta/main.yml
- '
701
'
- '
meta-no-info
'
# Allow package versions to be specified as 'latest'
- '
403
'
- '
package-latest
'
.gitlab-ci.yml
View file @
8c5ec566
image
:
"
archlinux:latest"
before_script
:
-
pacman -Syu --needed --noconfirm ansible-lint terraform
-
pacman -Syu --needed --noconfirm ansible-lint
yamllint
terraform
ansible-lint
:
script
:
# Fix weird ansible bug: https://github.com/trailofbits/algo/issues/1637
# This probably happens due to gitlab-runner mounting the git repo into the container
-
chmod o-w .
-
ansible-lint
# Fix syntax-check rule (https://github.com/ansible-community/ansible-lint/issues/1350#issuecomment-778764110)
-
sed "s/,hcloud_inventory.py//" -i ansible.cfg
-
sed "/^vault_password_file/d" -i ansible.cfg
# Fix load-failure: Failed to load or parse file
-
ansible-lint $(printf -- "--exclude %s " */*/vault_*)
terraform-validate
:
script
:
...
...
group_vars/all/archusers.yml
View file @
8c5ec566
...
...
@@ -222,7 +222,7 @@ arch_users:
ssh_key
:
foxxx0.pub
shell
:
/bin/zsh
groups
:
-
tu
-
tu
fukawi2
:
name
:
"
Phillip
Smith"
ssh_key
:
fukawi2.pub
...
...
group_vars/all/root_access.yml
View file @
8c5ec566
...
...
@@ -24,10 +24,10 @@ root_ssh_keys:
# run playbook 'playbooks/tasks/reencrypt-vault-key.yml' when this changes
# before running it, make sure to gpg --lsign-key all of the below keys
root_gpgkeys
:
-
86CFFCA918CF3AF47147588051E8B148A9999C34
# foutrelis
-
05C7775A9E8B977407FE08E69D4C5AA15426DA0A
# freswa
-
ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB
# grazzolini
-
A2FF3A36AAA56654109064AB19802F8B0D70FC30
# heftig
-
E499C79F53C96A54E572FEE1C06086337C50773E
# jelle
-
8FC15A064950A99DD1BD14DD39E4B877E62EB915
# svenstaro
-
E240B57E2C4630BA768E2F26FC1B547C8D8172C8
# anthraxx
-
86CFFCA918CF3AF47147588051E8B148A9999C34
# foutrelis
-
05C7775A9E8B977407FE08E69D4C5AA15426DA0A
# freswa
-
ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB
# grazzolini
-
A2FF3A36AAA56654109064AB19802F8B0D70FC30
# heftig
-
E499C79F53C96A54E572FEE1C06086337C50773E
# jelle
-
8FC15A064950A99DD1BD14DD39E4B877E62EB915
# svenstaro
-
E240B57E2C4630BA768E2F26FC1B547C8D8172C8
# anthraxx
one-shots/keycloak-importer/archusers.yml
View file @
8c5ec566
...
...
@@ -295,194 +295,194 @@ arch_users:
-
devops
-
tu
-
multilib
# jgc:
# name: "Jan de Groot"
# ssh_key: jgc.pub
# groups:
# - dev
# - multilib
# - tu
# jleclanche:
# name: "Jerome Leclanche"
# ssh_key: jleclanche.pub
# shell: /bin/zsh
# groups:
# - tu
# jlichtblau:
# name: "Jaroslav Lichtblau"
# ssh_key: jlichtblau.pub
# groups:
# - tu
# jouke:
# name: "Jouke Witteveen"
# ssh_key: jouke.pub
# groups:
# - ""
# jsteel:
# name: "Jonathan Steel"
# ssh_key: jsteel.pub
# groups:
# - tu
# juergen:
# name: "Jürgen Hötzel"
# ssh_key: juergen.pub
# groups:
# - dev
# - multilib
# - tu
# kgizdov:
# name: "Konstantin Gizdov"
# ssh_key: kgizdov.pub
# groups:
# - tu
# kkeen:
# name: "Kyle Keen"
# ssh_key: kkeen.pub
# groups:
# - tu
# - multilib
# lcarlier:
# name: "Laurent Carlier"
# ssh_key: lcarlier.pub
# groups:
# - dev
# - tu
# - multilib
# lfleischer:
# name: "Lukas Fleischer"
# ssh_key: lfleischer.pub
# shell: /bin/zsh
# groups:
# - dev
# - tu
# - multilib
# maximbaz:
# name: "Maxim Baz"
# ssh_key: maximbaz.pub
# groups:
# - tu
# mtorromeo:
# name: "Massimiliano Torromeo"
# ssh_key: mtorromeo.pub
# groups:
# - tu
# muflone:
# name: "Fabio Castelli"
# ssh_key: muflone.pub
# groups:
# - tu
# nicohood:
# name: "NicoHood"
# ssh_key: nicohood.pub
# groups:
# - tu
# pierre:
# name: "Pierre Schmitz"
# ssh_key: pierre.pub
# groups:
# - dev
# - multilib
# - tu
# polyzen:
# name: "Daniel M. Capella"
# ssh_key: polyzen.pub
# groups:
# - tu
# remy:
# name: "Rémy Oudompheng"
# ssh_key: remy.pub
# groups:
# - dev
# - tu
# ronald:
# name: "Ronald van Haren"
# ssh_key: ronald.pub
# groups:
# - dev
# - tu
# sangy:
# name: "Santiago Torres-Arias"
# ssh_key: sangy.pub
# groups:
# - tu
# - docker-image-sudo
# schuay:
# name: "Jakob Gruber"
# ssh_key: schuay.pub
# groups:
# - tu
# - multilib
# scimmia:
# name: "Doug Newgard"
# ssh_key: scimmia.pub
# groups: []
# morganamilo:
# name: "Morgan Adamiec"
# ssh_key: morganamilo.pub
# groups: []
# seblu:
# name: "Sébastien Luttringer"
# ssh_key: seblu.pub
# shell: /bin/zsh
# groups:
# - dev
# - tu
# - multilib
# shibumi:
# name: "Christian Rebischke"
# ssh_key: shibumi.pub
# shell: /bin/zsh
# groups:
# - tu
# - archboxes-sudo
# kpcyrd:
# name: "Kpcyrd"
# ssh_key: kpcyrd.pub
# groups:
# - tu
# spupykin:
# name: "Sergej Pupykin"
# ssh_key: spupykin.pub
# groups:
# - tu
# - multilib
# svenstaro:
# name: "Sven-Hendrik Haase"
# ssh_key: svenstaro.pub
# groups:
# - dev
# - devops
# - tu
# - multilib
# tensor5:
# name: "Nicola Squartini"
# ssh_key: tensor5.pub
# groups:
# - tu
# tpowa:
# name: "Tobias Powalowski"
# ssh_key: tpowa.pub
# groups:
# - dev
# - multilib
# - tu
# wild:
# name: "Dan Printzell"
# ssh_key: wild.pub
# groups:
# - tu
# xyne:
# name: "Xyne"
# ssh_key: xyne.pub
# groups:
# - tu
# yan12125:
# name: "Chih-Hsuan Yen"
# ssh_key: yan12125.pub
# groups:
# - tu
# zorun:
# name: "Baptiste Jonglez"
# ssh_key: zorun.pub
# groups:
# - tu
# jgc:
# name: "Jan de Groot"
# ssh_key: jgc.pub
# groups:
# - dev
# - multilib
# - tu
# jleclanche:
# name: "Jerome Leclanche"
# ssh_key: jleclanche.pub
# shell: /bin/zsh
# groups:
# - tu
# jlichtblau:
# name: "Jaroslav Lichtblau"
# ssh_key: jlichtblau.pub
# groups:
# - tu
# jouke:
# name: "Jouke Witteveen"
# ssh_key: jouke.pub
# groups:
# - ""
# jsteel:
# name: "Jonathan Steel"
# ssh_key: jsteel.pub
# groups:
# - tu
# juergen:
# name: "Jürgen Hötzel"
# ssh_key: juergen.pub
# groups:
# - dev
# - multilib
# - tu
# kgizdov:
# name: "Konstantin Gizdov"
# ssh_key: kgizdov.pub
# groups:
# - tu
# kkeen:
# name: "Kyle Keen"
# ssh_key: kkeen.pub
# groups:
# - tu
# - multilib
# lcarlier:
# name: "Laurent Carlier"
# ssh_key: lcarlier.pub
# groups:
# - dev
# - tu
# - multilib
# lfleischer:
# name: "Lukas Fleischer"
# ssh_key: lfleischer.pub
# shell: /bin/zsh
# groups:
# - dev
# - tu
# - multilib
# maximbaz:
# name: "Maxim Baz"
# ssh_key: maximbaz.pub
# groups:
# - tu
# mtorromeo:
# name: "Massimiliano Torromeo"
# ssh_key: mtorromeo.pub
# groups:
# - tu
# muflone:
# name: "Fabio Castelli"
# ssh_key: muflone.pub
# groups:
# - tu
# nicohood:
# name: "NicoHood"
# ssh_key: nicohood.pub
# groups:
# - tu
# pierre:
# name: "Pierre Schmitz"
# ssh_key: pierre.pub
# groups:
# - dev
# - multilib
# - tu
# polyzen:
# name: "Daniel M. Capella"
# ssh_key: polyzen.pub
# groups:
# - tu
# remy:
# name: "Rémy Oudompheng"
# ssh_key: remy.pub
# groups:
# - dev
# - tu
# ronald:
# name: "Ronald van Haren"
# ssh_key: ronald.pub
# groups:
# - dev
# - tu
# sangy:
# name: "Santiago Torres-Arias"
# ssh_key: sangy.pub
# groups:
# - tu
# - docker-image-sudo
# schuay:
# name: "Jakob Gruber"
# ssh_key: schuay.pub
# groups:
# - tu
# - multilib
# scimmia:
# name: "Doug Newgard"
# ssh_key: scimmia.pub
# groups: []
# morganamilo:
# name: "Morgan Adamiec"
# ssh_key: morganamilo.pub
# groups: []
# seblu:
# name: "Sébastien Luttringer"
# ssh_key: seblu.pub
# shell: /bin/zsh
# groups:
# - dev
# - tu
# - multilib
# shibumi:
# name: "Christian Rebischke"
# ssh_key: shibumi.pub
# shell: /bin/zsh
# groups:
# - tu
# - archboxes-sudo
# kpcyrd:
# name: "Kpcyrd"
# ssh_key: kpcyrd.pub
# groups:
# - tu
# spupykin:
# name: "Sergej Pupykin"
# ssh_key: spupykin.pub
# groups:
# - tu
# - multilib
# svenstaro:
# name: "Sven-Hendrik Haase"
# ssh_key: svenstaro.pub
# groups:
# - dev
# - devops
# - tu
# - multilib
# tensor5:
# name: "Nicola Squartini"
# ssh_key: tensor5.pub
# groups:
# - tu
# tpowa:
# name: "Tobias Powalowski"
# ssh_key: tpowa.pub
# groups:
# - dev
# - multilib
# - tu
# wild:
# name: "Dan Printzell"
# ssh_key: wild.pub
# groups:
# - tu
# xyne:
# name: "Xyne"
# ssh_key: xyne.pub
# groups:
# - tu
# yan12125:
# name: "Chih-Hsuan Yen"
# ssh_key: yan12125.pub
# groups:
# - tu
# zorun:
# name: "Baptiste Jonglez"
# ssh_key: zorun.pub
# groups:
# - tu
playbooks/all-hosts-basic.yml
View file @
8c5ec566
...
...
@@ -9,7 +9,7 @@
-
{
role
:
firewalld
}
-
{
role
:
unbound
}
# reconfiguring sshd may break the AUR on luna (unchecked)
#- { role: sshd, tags: ['sshd'] }
#
- { role: sshd, tags: ['sshd'] }
-
{
role
:
root_ssh
}
-
{
role
:
borg_client
,
tags
:
[
"
borg"
],
when
:
"
'borg_clients'
in
group_names"
}
-
{
role
:
hardening
}
playbooks/archlinux.org.yml
View file @
8c5ec566
...
...
@@ -3,18 +3,18 @@
-
name
:
"
prepare
postgres
ssl
hosts
list"
hosts
:
archlinux.org
tasks
:
-
name
:
assign ipv4 addresses to fact postgres_ssl_hosts4
set_fact
:
postgres_ssl_hosts4="{{ [gemini4] + detected_ips }}"
vars
:
gemini4
:
"
{{
hostvars['gemini.archlinux.org']['ipv4_address']
}}/32"
detected_ips
:
"
{{
groups['mirrors']
|
map('extract',
hostvars,
['ipv4_address'])
|
select()
|
map('regex_replace',
'^(.+)$',
'
\\
1/32')
|
list
}}"
tags
:
[
"
postgres"
,
"
firewall"
]
-
name
:
assign ipv6 addresses to fact postgres_ssl_hosts6
set_fact
:
postgres_ssl_hosts6="{{ [gemini6] + detected_ips }}"
vars
:
gemini6
:
"
{{
hostvars['gemini.archlinux.org']['ipv6_address']
}}/128"
detected_ips
:
"
{{
groups['mirrors']
|
map('extract',
hostvars,
['ipv6_address'])
|
select()
|
map('regex_replace',
'^(.+)$',
'
\\
1/128')
|
list
}}"
tags
:
[
"
postgres"
,
"
firewall"
]
-
name
:
assign ipv4 addresses to fact postgres_ssl_hosts4
set_fact
:
postgres_ssl_hosts4="{{ [gemini4] + detected_ips }}"
vars
:
gemini4
:
"
{{
hostvars['gemini.archlinux.org']['ipv4_address']
}}/32"
detected_ips
:
"
{{
groups['mirrors']
|
map('extract',
hostvars,
['ipv4_address'])
|
select()
|
map('regex_replace',
'^(.+)$',
'
\\
1/32')
|
list
}}"
tags
:
[
"
postgres"
,
"
firewall"
]
-
name
:
assign ipv6 addresses to fact postgres_ssl_hosts6
set_fact
:
postgres_ssl_hosts6="{{ [gemini6] + detected_ips }}"
vars
:
gemini6
:
"
{{
hostvars['gemini.archlinux.org']['ipv6_address']
}}/128"
detected_ips
:
"
{{
groups['mirrors']
|
map('extract',
hostvars,
['ipv6_address'])
|
select()
|
map('regex_replace',
'^(.+)$',
'
\\
1/128')
|
list
}}"
tags
:
[
"
postgres"
,
"
firewall"
]
-
name
:
setup archlinux.org
hosts
:
archlinux.org
...
...
playbooks/aur-dev.archlinux.org.yml
View file @
8c5ec566
...
...
@@ -10,7 +10,7 @@
-
{
role
:
root_ssh
}
-
{
role
:
certbot
}
-
{
role
:
nginx
}
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
T
rue
}
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
t
rue
}
-
{
role
:
sudo
}
-
{
role
:
php_fpm
,
php_extensions
:
[
'
iconv'
,
'
memcached'
,
'
mysqli'
,
'
pdo_mysql'
],
zend_extensions
:
[
'
opcache'
]
}
-
{
role
:
memcached
}
...
...
playbooks/aur.archlinux.org.yml
View file @
8c5ec566
...
...
@@ -11,7 +11,7 @@
-
{
role
:
prometheus_exporters
}
-
{
role
:
certbot
}
-
{
role
:
nginx
}
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
T
rue
,
mariadb_innodb_buffer_pool_size
:
'
1G'
}
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
t
rue
,
mariadb_innodb_buffer_pool_size
:
'
1G'
}
-
{
role
:
sudo
}
-
{
role
:
php_fpm
,
php_extensions
:
[
'
iconv'
,
'
memcached'
,
'
mysqli'
,
'
pdo_mysql'
],
zend_extensions
:
[
'
opcache'
]
}
-
{
role
:
memcached
}
...
...
playbooks/bbs.archlinux.org.yml
View file @
8c5ec566
...
...
@@ -10,7 +10,7 @@
-
{
role
:
root_ssh
}
-
{
role
:
certbot
}
-
{
role
:
nginx
}
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
T
rue
}
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
t
rue
}
-
{
role
:
sudo
}
-
{
role
:
php_fpm
,
php_extensions
:
[
'
apcu'
,
'
iconv'
,
'
intl'
,
'
mysqli'
],
zend_extensions
:
[
'
opcache'
]
}
-
{
role
:
fluxbb
}
...
...
playbooks/bugs.archlinux.org.yml
View file @
8c5ec566
...
...
@@ -10,7 +10,7 @@
-
{
role
:
root_ssh
}
-
{
role
:
certbot
}
-
{
role
:
nginx
}
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
T
rue
}
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
t
rue
}
-
{
role
:
sudo
}
-
{
role
:
php7_fpm
,
php_extensions
:
[
'
mysqli'
],
zend_extensions
:
[
'
opcache'
]
}
-
{
role
:
flyspray
}
...
...
playbooks/gitlab.archlinux.org.yml
View file @
8c5ec566
...
...
@@ -13,8 +13,7 @@
gitlab_domain
:
"
gitlab.archlinux.org"
,
gitlab_primary_addresses
:
[
'
159.69.41.129'
,
'
[2a01:4f8:c2c:5d2d::1]'
,
'
127.0.0.1'
,
'
[::1]'
],
gitlab_pages_http_addresses
:
[
'
116.203.6.156:80'
,
'
[2a01:4f8:c2c:5d2d::2]:80'
],
gitlab_pages_https_addresses
:
[
'
116.203.6.156:443'
,
'
[2a01:4f8:c2c:5d2d::2]:443'
]
}
gitlab_pages_https_addresses
:
[
'
116.203.6.156:443'
,
'
[2a01:4f8:c2c:5d2d::2]:443'
]}
-
{
role
:
borg_client
,
tags
:
[
"
borg"
]
}
-
{
role
:
prometheus_exporters
}
-
{
role
:
fail2ban
}
playbooks/hetzner_storagebox.yml
View file @
8c5ec566
...
...
@@ -2,6 +2,6 @@
-
name
:
setup Hetzner storagebox account
hosts
:
u236610.your-storagebox.de
gather_facts
:
F
alse
gather_facts
:
f
alse
roles
:
-
{
role
:
hetzner_storagebox
,
backup_dir
:
"
backup"
,
backup_clients
:
"
{{
groups['borg_clients']
}}"
,
tags
:
[
"
borg"
]
}
playbooks/luna.yml
View file @
8c5ec566
...
...
@@ -27,7 +27,7 @@
roles
:
-
nginx
-
rspamd
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
T
rue
}
-
{
role
:
mariadb
,
mariadb_query_cache_type
:
'
0'
,
mariadb_innodb_file_per_table
:
t
rue
}
-
{
role
:
prometheus_exporters
}
# luna is hosting mailman lists; this postfix role does not cater to this yet
# TODO: make postfix role handle mailman config?
...
...
playbooks/rsync.net.yml
View file @
8c5ec566
...
...
@@ -2,6 +2,6 @@
-
name
:
setup rsync.net account
hosts
:
prio.ch-s012.rsync.net
gather_facts
:
F
alse
gather_facts
:
f
alse
roles
:
-
{
role
:
rsync_net
,
backup_dir
:
"
backup"
,
backup_clients
:
"
{{
groups['borg_clients']
}}"
,
tags
:
[
"
borg"
]
}
playbooks/tasks/fetch-borg-keys.yml
View file @
8c5ec566
...
...
@@ -3,36 +3,36 @@
-
name
:
prepare local storage directory
hosts
:
127.0.0.1
tasks
:
-
name
:
create borg-keys directory
file
:
path="{{ playbook_dir }}/../../borg-keys/" state=directory
# noqa 208
-
name
:
create borg-keys directory
file
:
path="{{ playbook_dir }}/../../borg-keys/" state=directory
# noqa 208
-
name
:
fetch borg keys
hosts
:
borg_clients