Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
d68771ea
Verified
Commit
d68771ea
authored
Sep 23, 2020
by
Sven-Hendrik Haase
Browse files
Fix for ansible 2.10 (fixes
#149
)
parent
15a05e07
Pipeline
#1809
passed with stage
in 38 seconds
Changes
20
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
playbooks/luna.yml
View file @
d68771ea
...
...
@@ -5,7 +5,7 @@
remote_user
:
root
tasks
:
-
name
:
open firewall holes for services
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
with_items
:
-
http
-
https
...
...
@@ -17,7 +17,7 @@
-
firewall
-
name
:
open firewall holes for ports
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
with_items
:
-
6969/tcp
-
4949/tcp
...
...
playbooks/tasks/fetch-borg-keys.yml
View file @
d68771ea
...
...
@@ -4,7 +4,7 @@
hosts
:
127.0.0.1
tasks
:
-
name
:
create borg-keys directory
file
:
path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve
file
:
path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve
# noqa 208
-
name
:
fetch borg keys
hosts
:
borg_clients
...
...
roles/aurweb/tasks/main.yml
View file @
d68771ea
...
...
@@ -172,7 +172,12 @@
-
name
:
deploy new smartgit release
become
:
true
become_user
:
"
{{
aurweb_user
}}"
file
:
path=/etc/uwsgi/vassals/smartgit.ini state=touch mode=preserve
file
:
path
:
/etc/uwsgi/vassals/smartgit.ini
state
:
touch
owner
:
"
{{
aurweb_user
}}"
group
:
http
mode
:
0644
when
:
git.changed
-
name
:
create git repo dir
...
...
roles/certbot/tasks/main.yml
View file @
d68771ea
...
...
@@ -23,7 +23,7 @@
daemon_reload
:
yes
-
name
:
open firewall holes for certbot standalone authenticator
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
with_items
:
-
http
when
:
configure_firewall
...
...
roles/dbscripts/tasks/main.yml
View file @
d68771ea
...
...
@@ -295,7 +295,7 @@
service
:
name=rsyncd.socket enabled=yes state=started
-
name
:
open firewall holes for rsync
firewalld
:
service=rsyncd permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service=rsyncd permanent=true state=enabled immediate=yes
when
:
configure_firewall
tags
:
-
firewall
...
...
@@ -307,7 +307,7 @@
service
:
name=svnserve enabled=yes state=started
-
name
:
open firewall holes for svnserve
firewalld
:
port=3690/tcp permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
port=3690/tcp permanent=true state=enabled immediate=yes
when
:
configure_firewall
tags
:
-
firewall
...
...
roles/dovecot/tasks/main.yml
View file @
d68771ea
...
...
@@ -21,7 +21,7 @@
service
:
name=dovecot enabled=yes state=started
-
name
:
open firewall holes
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
with_items
:
-
pop3
-
pop3s
...
...
roles/firewalld/tasks/main.yml
View file @
d68771ea
...
...
@@ -17,7 +17,7 @@
state
:
"
{{
configure_firewall
|
ternary('started',
'stopped')
}}"
-
name
:
disable default dhcpv6-client rule
firewalld
:
ansible.posix.
firewalld
:
service
:
dhcpv6-client
state
:
disabled
immediate
:
yes
...
...
roles/gitlab/tasks/main.yml
View file @
d68771ea
...
...
@@ -86,7 +86,7 @@
-
"
/srv/gitlab/data:/var/opt/gitlab"
-
name
:
open firewall holes
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
when
:
configure_firewall
with_items
:
-
"
80/tcp"
...
...
@@ -97,7 +97,7 @@
-
firewall
-
name
:
make docker0 interface trusted
firewalld
:
interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
when
:
configure_firewall
tags
:
-
firewall
roles/gitlab_runner/tasks/main.yml
View file @
d68771ea
...
...
@@ -8,7 +8,7 @@
systemd
:
name=docker enabled=yes state=started daemon_reload=yes
-
name
:
make docker0 interface trusted
firewalld
:
interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
when
:
configure_firewall
tags
:
-
firewall
...
...
roles/keycloak/tasks/main.yml
View file @
d68771ea
...
...
@@ -27,7 +27,7 @@
service
:
name=keycloak enabled=yes state=started
-
name
:
open firewall hole
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
when
:
configure_firewall
with_items
:
-
80/tcp
...
...
roles/matrix/tasks/main.yml
View file @
d68771ea
...
...
@@ -195,7 +195,7 @@
-
restart matrix-appservice-irc
-
name
:
open firewall holes
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
with_items
:
-
113/tcp
when
:
configure_firewall
...
...
roles/nginx/tasks/main.yml
View file @
d68771ea
...
...
@@ -56,7 +56,7 @@
service
:
name=nginx enabled=yes
-
name
:
open firewall holes
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
with_items
:
-
http
-
https
...
...
roles/postfix/tasks/main.yml
View file @
d68771ea
...
...
@@ -104,7 +104,7 @@
create_home
:
no
-
name
:
open firewall holes
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service={{ item }} permanent=true state=enabled immediate=yes
with_items
:
-
smtp
-
smtp-submission
...
...
roles/postgres/tasks/main.yml
View file @
d68771ea
...
...
@@ -67,7 +67,7 @@
when
:
postgres_ssl == 'on'
-
name
:
open firewall holes to known postgresql ipv4 clients
firewalld
:
permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
permanent=true state=enabled immediate=yes
rich_rule="rule family=ipv4 source address={{ item }} port protocol=tcp port=5432 accept"
with_items
:
"
{{
postgres_ssl_hosts4
}}"
when
:
configure_firewall
...
...
@@ -75,7 +75,7 @@
-
firewall
-
name
:
open firewall holes to known postgresql ipv6 clients
firewalld
:
permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
permanent=true state=enabled immediate=yes
rich_rule="rule family=ipv6 source address={{ item }} port protocol=tcp port=5432 accept"
with_items
:
"
{{
postgres_ssl_hosts6
}}"
when
:
configure_firewall
...
...
roles/prometheus_exporters/tasks/main.yml
View file @
d68771ea
...
...
@@ -110,21 +110,21 @@
when
:
"
'memcached'
in
group_names"
-
name
:
open prometheus-node-exporter ipv4 port for monitoring.archlinux.org
firewalld
:
state=enabled permanent=true immediate=yes
ansible.posix.
firewalld
:
state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_exporter_port }} accept"
when
:
"
'prometheus'
not
in
group_names"
-
name
:
open gitlab exporter ipv4 port for monitoring.archlinux.org
firewalld
:
state=enabled permanent=true immediate=yes
ansible.posix.
firewalld
:
state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ gitlab_runner_exporter_port }} accept"
when
:
"
'gitlab_runners'
in
group_names"
-
name
:
open prometheus mysqld exporter ipv4 port for monitoring.archlinux.org
firewalld
:
state=enabled permanent=true immediate=yes
ansible.posix.
firewalld
:
state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_mysqld_exporter_port }} accept"
when
:
"
'mysql_servers'
in
group_names"
-
name
:
open prometheus memcached exporter ipv4 port for monitoring.archlinux.org
firewalld
:
state=enabled permanent=true immediate=yes
ansible.posix.
firewalld
:
state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_memcached_exporter_port }} accept"
when
:
"
'memcached'
in
group_names"
roles/quassel/tasks/main.yml
View file @
d68771ea
...
...
@@ -57,7 +57,7 @@
-
clean-quassel.timer
-
name
:
open firewall holes
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
port={{ item }} permanent=true state=enabled immediate=yes
with_items
:
-
4242/tcp
-
113/tcp
...
...
roles/sshd/tasks/main.yml
View file @
d68771ea
...
...
@@ -22,7 +22,7 @@
service
:
name=sshd enabled=yes state=started
-
name
:
open firewall holes
firewalld
:
service=ssh permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service=ssh permanent=true state=enabled immediate=yes
when
:
configure_firewall is defined and configure_firewall
tags
:
-
firewall
roles/syncrepo/tasks/main.yml
View file @
d68771ea
...
...
@@ -51,7 +51,7 @@
tags
:
[
'
nginx'
]
-
name
:
open firewall holes
firewalld
:
service=rsyncd permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service=rsyncd permanent=true state=enabled immediate=yes
when
:
configure_firewall
tags
:
-
firewall
roles/zabbix_agent/tasks/main.yml
View file @
d68771ea
...
...
@@ -122,7 +122,7 @@
service
:
name=zabbix-agent enabled=yes state=started
-
name
:
open firewall holes
firewalld
:
service=zabbix-agent permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service=zabbix-agent permanent=true state=enabled immediate=yes
when
:
configure_firewall
tags
:
-
firewall
roles/zabbix_server/tasks/main.yml
View file @
d68771ea
...
...
@@ -75,7 +75,7 @@
service
:
name=php-fpm@zabbix-web.socket state=started enabled=true
-
name
:
open firewall holes
firewalld
:
service=zabbix-server permanent=true state=enabled immediate=yes
ansible.posix.
firewalld
:
service=zabbix-server permanent=true state=enabled immediate=yes
when
:
configure_firewall
tags
:
-
firewall
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment