Commit f7529414 authored by Frederik Schwan's avatar Frederik Schwan Committed by Sven-Hendrik Haase
Browse files

fix E502 'all tasks should be named'

parent 2b2bd065
Pipeline #222 failed with stage
in 1 minute and 10 seconds
......@@ -3,15 +3,17 @@
- name: "prepare postgres ssl hosts list"
hosts: apollo.archlinux.org
tasks:
- set_fact: postgres_ssl_hosts4="{{ [orion4] + detected_ips}}"
- name: assign ipv4 addresses to fact postgres_ssl_hosts4
set_fact: postgres_ssl_hosts4="{{ [orion4] + detected_ips }}"
vars:
orion4: "{{ hostvars['orion.archlinux.org']['ipv4_address'] }}/32"
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list}}"
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | select() | map('regex_replace', '^(.+)$', '\\1/32') | list }}"
tags: ["postgres", "firewall"]
- set_fact: postgres_ssl_hosts6="{{ [orion6] + detected_ips}}"
- name: assign ipv6 addresses to fact postgres_ssl_hosts6
set_fact: postgres_ssl_hosts6="{{ [orion6] + detected_ips }}"
vars:
orion6: "{{ hostvars['orion.archlinux.org']['ipv6_address'] }}/128"
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list}}"
detected_ips: "{{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | select() | map('regex_replace', '^(.+)$', '\\1/128') | list }}"
tags: ["postgres", "firewall"]
- name: setup apollo
......
......@@ -3,7 +3,8 @@
- name: prepare local storage directory
hosts: 127.0.0.1
tasks:
- file: path="{{playbook_dir}}/../../borg-keys/" state=directory
- name: create borg-keys directory
file: path="{{ playbook_dir }}/../../borg-keys/" state=directory
- name: fetch borg keys
hosts: borg_clients
......
......@@ -2,5 +2,5 @@
- name: reencrypt vault key
hosts: 127.0.0.1
tasks:
- shell: gpg --decrypt --batch --quiet "{{playbook_dir}}/../../misc/vault-password.gpg" | gpg --batch --armor --encrypt --output - {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %} | sponge "{{playbook_dir}}/../../misc/vault-password.gpg"
- name: reencrypt vault key
shell: gpg --decrypt --batch --quiet "{{playbook_dir}}/../../misc/vault-password.gpg" | gpg --batch --armor --encrypt --output - {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %} | sponge "{{playbook_dir}}/../../misc/vault-password.gpg"
......@@ -72,44 +72,74 @@
- /srv/repos/svn-community
- /srv/repos/svn-packages
- file: path="/srv/repos/svn-community/package-cleanup" state=directory owner=svn-community group=tu mode=0775
- acl: name=/srv/repos/svn-community/package-cleanup entry="user:cleanup:rwx" state=present
- acl: name=/srv/repos/svn-community/package-cleanup entry="default:user::rwx" state=present
- acl: name=/srv/repos/svn-community/package-cleanup entry="default:user:cleanup:rwx" state=present
- acl: name=/srv/repos/svn-community/package-cleanup entry="default:group::rwx" state=present
- acl: name=/srv/repos/svn-community/package-cleanup entry="default:other::r-x" state=present
- file: path="/srv/repos/svn-packages/package-cleanup" state=directory owner=svn-packages group=dev mode=0775
- acl: name=/srv/repos/svn-packages/package-cleanup entry="user:cleanup:rwx" state=present
- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user::rwx" state=present
- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user:cleanup:rwx" state=present
- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:group::rwx" state=present
- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:other::r-x" state=present
- file: path="/srv/repos/svn-community/source-cleanup" state=directory owner=sourceballs group=svn-community mode=0755
- file: path="/srv/repos/svn-packages/source-cleanup" state=directory owner=sourceballs group=svn-packages mode=0755
- file: path="/srv/repos/svn-community/svn" state=directory owner=svn-community group=svn-community mode=0755
- acl: name=/srv/repos/svn-community/svn entry="default:user::rwx" state=present
- acl: name=/srv/repos/svn-community/svn entry="default:group::r-x" state=present
- acl: name=/srv/repos/svn-community/svn entry="default:other::r-x" state=present
- file: path="/srv/repos/svn-packages/svn" state=directory owner=svn-packages group=svn-packages mode=0755
- acl: name=/srv/repos/svn-packages/svn entry="default:user::rwx" state=present
- acl: name=/srv/repos/svn-packages/svn entry="default:group::r-x" state=present
- acl: name=/srv/repos/svn-packages/svn entry="default:other::r-x" state=present
- file: path="/srv/repos/svn-community/tmp" state=directory owner=svn-community group=tu mode=1775
- acl: name=/srv/repos/svn-community/tmp entry="user:sourceballs:rwx" state=present
- file: path="/srv/repos/svn-packages/tmp" state=directory owner=svn-packages group=dev mode=1775
- acl: name=/srv/repos/svn-packages/tmp entry="user:sourceballs:rwx" state=present
- file: path="/srv/ftp/lastsync" state=touch owner=ftp group=ftp mode=0644
- file: path="/srv/ftp/lastupdate" state=touch owner=ftp group=ftp mode=0644
- acl: name=/srv/ftp/lastupdate entry="group:tu:rw-" state=present
- acl: name=/srv/ftp/lastupdate entry="group:dev:rw-" state=present
- name: create svn-community/package-cleanup directory
file: path="/srv/repos/svn-community/package-cleanup" state=directory owner=svn-community group=tu mode=0775
- name: add acl user:cleanup:rwx to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="user:cleanup:rwx" state=present
- name: add acl default:user::rwx to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="default:user::rwx" state=present
- name: add acl default:user:cleanup:rwx to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="default:user:cleanup:rwx" state=present
- name: add acl default:group::rwx to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="default:group::rwx" state=present
- name: add acl default:other::r-x to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="default:other::r-x" state=present
- name: create svn-packages/package-cleanup directory
file: path="/srv/repos/svn-packages/package-cleanup" state=directory owner=svn-packages group=dev mode=0775
- name: add acl user:cleanup:rwx to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="user:cleanup:rwx" state=present
- name: add acl default:user::rwx to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user::rwx" state=present
- name: add acl default:user:cleanup:rwx to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user:cleanup:rwx" state=present
- name: add acl default:group::rwx to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="default:group::rwx" state=present
- name: add acl default:other::r-x to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="default:other::r-x" state=present
- name: create svn-community/source-cleanup directory
file: path="/srv/repos/svn-community/source-cleanup" state=directory owner=sourceballs group=svn-community mode=0755
- name: create svn-packages/source-cleanup directory
file: path="/srv/repos/svn-packages/source-cleanup" state=directory owner=sourceballs group=svn-packages mode=0755
- name: create svn-community/svn directory
file: path="/srv/repos/svn-community/svn" state=directory owner=svn-community group=svn-community mode=0755
- name: add acl default:user::rwx to /srv/repos/svn-community/svn
acl: name=/srv/repos/svn-community/svn entry="default:user::rwx" state=present
- name: add acl default:group::r-x to /srv/repos/svn-community/svn
acl: name=/srv/repos/svn-community/svn entry="default:group::r-x" state=present
- name: add acl default:other::r-x to /srv/repos/svn-community/svn
acl: name=/srv/repos/svn-community/svn entry="default:other::r-x" state=present
- name: create svn-packages/svn directory
file: path="/srv/repos/svn-packages/svn" state=directory owner=svn-packages group=svn-packages mode=0755
- name: add acl default:user::rwx to /srv/repos/svn-packages/svn
acl: name=/srv/repos/svn-packages/svn entry="default:user::rwx" state=present
- name: add acl default:group::r-x to /srv/repos/svn-packages/svn
acl: name=/srv/repos/svn-packages/svn entry="default:group::r-x" state=present
- name: add acl default:other::r-x to /srv/repos/svn-packages/svn
acl: name=/srv/repos/svn-packages/svn entry="default:other::r-x" state=present
- name: create svn-community/tmp directory
file: path="/srv/repos/svn-community/tmp" state=directory owner=svn-community group=tu mode=1775
- name: add acl user:sourceballs:rwx to /srv/repos/svn-community/tmp
acl: name=/srv/repos/svn-community/tmp entry="user:sourceballs:rwx" state=present
- name: create svn-packages/tmp directory
file: path="/srv/repos/svn-packages/tmp" state=directory owner=svn-packages group=dev mode=1775
- name: add acl user:sourceballs:rwx to /srv/repos/svn-packages/tmp
acl: name=/srv/repos/svn-packages/tmp entry="user:sourceballs:rwx" state=present
- name: touch /srv/ftp/lastsync file
file: path="/srv/ftp/lastsync" state=touch owner=ftp group=ftp mode=0644
- name: touch /srv/ftp/lastupdate file
file: path="/srv/ftp/lastupdate" state=touch owner=ftp group=ftp mode=0644
- name: add acl group:tu:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:tu:rw-" state=present
- name: add acl group:dev:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:dev:rw-" state=present
- name: clone dbscripts git repo
git: >
......
......@@ -158,11 +158,13 @@
- name: enable services inside chroot
command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved fstrim.timer hcloud-init
- set_fact: pubkey_list="{{ lookup('file', "{{ playbook_dir }}/../../pubkeys/" + item) }}"
- name: assign pubkey list to fact
set_fact: pubkey_list="{{ lookup('file', "{{ playbook_dir }}/../../pubkeys/" + item) }}"
register: pubkeys
with_items: "{{ root_ssh_keys }}"
- set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
- name: assign pubkey string to fact
set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
- name: add authorized key for root
authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes
......
......@@ -8,14 +8,16 @@
notify:
- restart opendkim
- file: path="/var/spool/opendkim/" state=directory owner=opendkim group=postfix mode=0750
- name: create opendkim spool directory
file: path="/var/spool/opendkim/" state=directory owner=opendkim group=postfix mode=0750
- name: install domains config
template: src=domains.j2 dest=/etc/opendkim/domains owner=root group=root mode=0644
notify:
- restart opendkim
- file: path="/etc/opendkim/private" state=directory owner=root group=root mode=0700
- name: create dkim key directory
file: path="/etc/opendkim/private" state=directory owner=root group=root mode=0700
- name: generate DKIM key for {{ dkim_selector }}
command: opendkim-genkey -r -s {{ dkim_selector }} -d archlinux.org --bits=4096
......
......@@ -36,7 +36,8 @@
append: yes
when: "'memcached' in group_names"
- file: path=/etc/zabbix state=directory owner=root group=root mode=755
- name: set zabbix directory permissions in /etc
file: path=/etc/zabbix state=directory owner=root group=root mode=755
- name: create host PSK
shell: umask 077; openssl rand -hex 64 > /etc/zabbix/zabbix_agentd.psk creates=/etc/zabbix/zabbix_agentd.psk
......
......@@ -3,7 +3,8 @@
- name: install packages
pacman: name=zabbix-server,zabbix-frontend-php,irccat,gnu-netcat
- file: path=/etc/zabbix state=directory owner=root group=root mode=755
- name: set zabbix directory permissions in /etc
file: path=/etc/zabbix state=directory owner=root group=root mode=755
- name: install server config
template: src=zabbix_server.conf dest=/etc/zabbix/zabbix_server.conf owner=zabbix-server group=zabbix-server mode=600
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment