Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
f7529414
Commit
f7529414
authored
Jun 12, 2020
by
Frederik Schwan
Committed by
Sven-Hendrik Haase
Jun 12, 2020
Browse files
fix E502 'all tasks should be named'
parent
2b2bd065
Pipeline
#222
failed with stage
in 1 minute and 10 seconds
Changes
8
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
playbooks/apollo.yml
View file @
f7529414
...
...
@@ -3,15 +3,17 @@
-
name
:
"
prepare
postgres
ssl
hosts
list"
hosts
:
apollo.archlinux.org
tasks
:
-
set_fact
:
postgres_ssl_hosts4="{{ [orion4] + detected_ips}}"
-
name
:
assign ipv4 addresses to fact postgres_ssl_hosts4
set_fact
:
postgres_ssl_hosts4="{{ [orion4] + detected_ips }}"
vars
:
orion4
:
"
{{
hostvars['orion.archlinux.org']['ipv4_address']
}}/32"
detected_ips
:
"
{{
groups['mirrors']
|
map('extract',
hostvars,
['ipv4_address'])
|
select()
|
map('regex_replace',
'^(.+)$',
'
\\
1/32')
|
list}}"
detected_ips
:
"
{{
groups['mirrors']
|
map('extract',
hostvars,
['ipv4_address'])
|
select()
|
map('regex_replace',
'^(.+)$',
'
\\
1/32')
|
list
}}"
tags
:
[
"
postgres"
,
"
firewall"
]
-
set_fact
:
postgres_ssl_hosts6="{{ [orion6] + detected_ips}}"
-
name
:
assign ipv6 addresses to fact postgres_ssl_hosts6
set_fact
:
postgres_ssl_hosts6="{{ [orion6] + detected_ips }}"
vars
:
orion6
:
"
{{
hostvars['orion.archlinux.org']['ipv6_address']
}}/128"
detected_ips
:
"
{{
groups['mirrors']
|
map('extract',
hostvars,
['ipv6_address'])
|
select()
|
map('regex_replace',
'^(.+)$',
'
\\
1/128')
|
list}}"
detected_ips
:
"
{{
groups['mirrors']
|
map('extract',
hostvars,
['ipv6_address'])
|
select()
|
map('regex_replace',
'^(.+)$',
'
\\
1/128')
|
list
}}"
tags
:
[
"
postgres"
,
"
firewall"
]
-
name
:
setup apollo
...
...
playbooks/tasks/fetch-borg-keys.yml
View file @
f7529414
...
...
@@ -3,7 +3,8 @@
-
name
:
prepare local storage directory
hosts
:
127.0.0.1
tasks
:
-
file
:
path="{{playbook_dir}}/../../borg-keys/" state=directory
-
name
:
create borg-keys directory
file
:
path="{{ playbook_dir }}/../../borg-keys/" state=directory
-
name
:
fetch borg keys
hosts
:
borg_clients
...
...
playbooks/tasks/reencrypt-vault-key.yml
View file @
f7529414
...
...
@@ -2,5 +2,5 @@
-
name
:
reencrypt vault key
hosts
:
127.0.0.1
tasks
:
-
shell
:
gpg --decrypt --batch --quiet "{{playbook_dir}}/../../misc/vault-password.gpg" | gpg --batch --armor --encrypt --output - {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %} | sponge "{{playbook_dir}}/../../misc/vault-password.gpg"
-
name
:
reencrypt vault key
shell
:
gpg --decrypt --batch --quiet "{{playbook_dir}}/../../misc/vault-password.gpg" | gpg --batch --armor --encrypt --output - {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %} | sponge "{{playbook_dir}}/../../misc/vault-password.gpg"
roles/dbscripts/tasks/main.yml
View file @
f7529414
...
...
@@ -72,44 +72,74 @@
-
/srv/repos/svn-community
-
/srv/repos/svn-packages
-
file
:
path="/srv/repos/svn-community/package-cleanup" state=directory owner=svn-community group=tu mode=0775
-
acl
:
name=/srv/repos/svn-community/package-cleanup entry="user:cleanup:rwx" state=present
-
acl
:
name=/srv/repos/svn-community/package-cleanup entry="default:user::rwx" state=present
-
acl
:
name=/srv/repos/svn-community/package-cleanup entry="default:user:cleanup:rwx" state=present
-
acl
:
name=/srv/repos/svn-community/package-cleanup entry="default:group::rwx" state=present
-
acl
:
name=/srv/repos/svn-community/package-cleanup entry="default:other::r-x" state=present
-
file
:
path="/srv/repos/svn-packages/package-cleanup" state=directory owner=svn-packages group=dev mode=0775
-
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="user:cleanup:rwx" state=present
-
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="default:user::rwx" state=present
-
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="default:user:cleanup:rwx" state=present
-
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="default:group::rwx" state=present
-
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="default:other::r-x" state=present
-
file
:
path="/srv/repos/svn-community/source-cleanup" state=directory owner=sourceballs group=svn-community mode=0755
-
file
:
path="/srv/repos/svn-packages/source-cleanup" state=directory owner=sourceballs group=svn-packages mode=0755
-
file
:
path="/srv/repos/svn-community/svn" state=directory owner=svn-community group=svn-community mode=0755
-
acl
:
name=/srv/repos/svn-community/svn entry="default:user::rwx" state=present
-
acl
:
name=/srv/repos/svn-community/svn entry="default:group::r-x" state=present
-
acl
:
name=/srv/repos/svn-community/svn entry="default:other::r-x" state=present
-
file
:
path="/srv/repos/svn-packages/svn" state=directory owner=svn-packages group=svn-packages mode=0755
-
acl
:
name=/srv/repos/svn-packages/svn entry="default:user::rwx" state=present
-
acl
:
name=/srv/repos/svn-packages/svn entry="default:group::r-x" state=present
-
acl
:
name=/srv/repos/svn-packages/svn entry="default:other::r-x" state=present
-
file
:
path="/srv/repos/svn-community/tmp" state=directory owner=svn-community group=tu mode=1775
-
acl
:
name=/srv/repos/svn-community/tmp entry="user:sourceballs:rwx" state=present
-
file
:
path="/srv/repos/svn-packages/tmp" state=directory owner=svn-packages group=dev mode=1775
-
acl
:
name=/srv/repos/svn-packages/tmp entry="user:sourceballs:rwx" state=present
-
file
:
path="/srv/ftp/lastsync" state=touch owner=ftp group=ftp mode=0644
-
file
:
path="/srv/ftp/lastupdate" state=touch owner=ftp group=ftp mode=0644
-
acl
:
name=/srv/ftp/lastupdate entry="group:tu:rw-" state=present
-
acl
:
name=/srv/ftp/lastupdate entry="group:dev:rw-" state=present
-
name
:
create svn-community/package-cleanup directory
file
:
path="/srv/repos/svn-community/package-cleanup" state=directory owner=svn-community group=tu mode=0775
-
name
:
add acl user:cleanup:rwx to /srv/repos/svn-community/package-cleanup
acl
:
name=/srv/repos/svn-community/package-cleanup entry="user:cleanup:rwx" state=present
-
name
:
add acl default:user::rwx to /srv/repos/svn-community/package-cleanup
acl
:
name=/srv/repos/svn-community/package-cleanup entry="default:user::rwx" state=present
-
name
:
add acl default:user:cleanup:rwx to /srv/repos/svn-community/package-cleanup
acl
:
name=/srv/repos/svn-community/package-cleanup entry="default:user:cleanup:rwx" state=present
-
name
:
add acl default:group::rwx to /srv/repos/svn-community/package-cleanup
acl
:
name=/srv/repos/svn-community/package-cleanup entry="default:group::rwx" state=present
-
name
:
add acl default:other::r-x to /srv/repos/svn-community/package-cleanup
acl
:
name=/srv/repos/svn-community/package-cleanup entry="default:other::r-x" state=present
-
name
:
create svn-packages/package-cleanup directory
file
:
path="/srv/repos/svn-packages/package-cleanup" state=directory owner=svn-packages group=dev mode=0775
-
name
:
add acl user:cleanup:rwx to /srv/repos/svn-packages/package-cleanup
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="user:cleanup:rwx" state=present
-
name
:
add acl default:user::rwx to /srv/repos/svn-packages/package-cleanup
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="default:user::rwx" state=present
-
name
:
add acl default:user:cleanup:rwx to /srv/repos/svn-packages/package-cleanup
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="default:user:cleanup:rwx" state=present
-
name
:
add acl default:group::rwx to /srv/repos/svn-packages/package-cleanup
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="default:group::rwx" state=present
-
name
:
add acl default:other::r-x to /srv/repos/svn-packages/package-cleanup
acl
:
name=/srv/repos/svn-packages/package-cleanup entry="default:other::r-x" state=present
-
name
:
create svn-community/source-cleanup directory
file
:
path="/srv/repos/svn-community/source-cleanup" state=directory owner=sourceballs group=svn-community mode=0755
-
name
:
create svn-packages/source-cleanup directory
file
:
path="/srv/repos/svn-packages/source-cleanup" state=directory owner=sourceballs group=svn-packages mode=0755
-
name
:
create svn-community/svn directory
file
:
path="/srv/repos/svn-community/svn" state=directory owner=svn-community group=svn-community mode=0755
-
name
:
add acl default:user::rwx to /srv/repos/svn-community/svn
acl
:
name=/srv/repos/svn-community/svn entry="default:user::rwx" state=present
-
name
:
add acl default:group::r-x to /srv/repos/svn-community/svn
acl
:
name=/srv/repos/svn-community/svn entry="default:group::r-x" state=present
-
name
:
add acl default:other::r-x to /srv/repos/svn-community/svn
acl
:
name=/srv/repos/svn-community/svn entry="default:other::r-x" state=present
-
name
:
create svn-packages/svn directory
file
:
path="/srv/repos/svn-packages/svn" state=directory owner=svn-packages group=svn-packages mode=0755
-
name
:
add acl default:user::rwx to /srv/repos/svn-packages/svn
acl
:
name=/srv/repos/svn-packages/svn entry="default:user::rwx" state=present
-
name
:
add acl default:group::r-x to /srv/repos/svn-packages/svn
acl
:
name=/srv/repos/svn-packages/svn entry="default:group::r-x" state=present
-
name
:
add acl default:other::r-x to /srv/repos/svn-packages/svn
acl
:
name=/srv/repos/svn-packages/svn entry="default:other::r-x" state=present
-
name
:
create svn-community/tmp directory
file
:
path="/srv/repos/svn-community/tmp" state=directory owner=svn-community group=tu mode=1775
-
name
:
add acl user:sourceballs:rwx to /srv/repos/svn-community/tmp
acl
:
name=/srv/repos/svn-community/tmp entry="user:sourceballs:rwx" state=present
-
name
:
create svn-packages/tmp directory
file
:
path="/srv/repos/svn-packages/tmp" state=directory owner=svn-packages group=dev mode=1775
-
name
:
add acl user:sourceballs:rwx to /srv/repos/svn-packages/tmp
acl
:
name=/srv/repos/svn-packages/tmp entry="user:sourceballs:rwx" state=present
-
name
:
touch /srv/ftp/lastsync file
file
:
path="/srv/ftp/lastsync" state=touch owner=ftp group=ftp mode=0644
-
name
:
touch /srv/ftp/lastupdate file
file
:
path="/srv/ftp/lastupdate" state=touch owner=ftp group=ftp mode=0644
-
name
:
add acl group:tu:rw- to /srv/ftp/lastupdate
acl
:
name=/srv/ftp/lastupdate entry="group:tu:rw-" state=present
-
name
:
add acl group:dev:rw- to /srv/ftp/lastupdate
acl
:
name=/srv/ftp/lastupdate entry="group:dev:rw-" state=present
-
name
:
clone dbscripts git repo
git
:
>
...
...
roles/install_arch/tasks/main.yml
View file @
f7529414
...
...
@@ -158,11 +158,13 @@
-
name
:
enable services inside chroot
command
:
chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved fstrim.timer hcloud-init
-
set_fact
:
pubkey_list="{{ lookup('file', "{{ playbook_dir }}/../../pubkeys/" + item) }}"
-
name
:
assign pubkey list to fact
set_fact
:
pubkey_list="{{ lookup('file', "{{ playbook_dir }}/../../pubkeys/" + item) }}"
register
:
pubkeys
with_items
:
"
{{
root_ssh_keys
}}"
-
set_fact
:
pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
-
name
:
assign pubkey string to fact
set_fact
:
pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
-
name
:
add authorized key for root
authorized_key
:
user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes
...
...
roles/opendkim/tasks/main.yml
View file @
f7529414
...
...
@@ -8,14 +8,16 @@
notify
:
-
restart opendkim
-
file
:
path="/var/spool/opendkim/" state=directory owner=opendkim group=postfix mode=0750
-
name
:
create opendkim spool directory
file
:
path="/var/spool/opendkim/" state=directory owner=opendkim group=postfix mode=0750
-
name
:
install domains config
template
:
src=domains.j2 dest=/etc/opendkim/domains owner=root group=root mode=0644
notify
:
-
restart opendkim
-
file
:
path="/etc/opendkim/private" state=directory owner=root group=root mode=0700
-
name
:
create dkim key directory
file
:
path="/etc/opendkim/private" state=directory owner=root group=root mode=0700
-
name
:
generate DKIM key for {{ dkim_selector }}
command
:
opendkim-genkey -r -s {{ dkim_selector }} -d archlinux.org --bits=4096
...
...
roles/zabbix-agent/tasks/main.yml
View file @
f7529414
...
...
@@ -36,7 +36,8 @@
append
:
yes
when
:
"
'memcached'
in
group_names"
-
file
:
path=/etc/zabbix state=directory owner=root group=root mode=755
-
name
:
set zabbix directory permissions in /etc
file
:
path=/etc/zabbix state=directory owner=root group=root mode=755
-
name
:
create host PSK
shell
:
umask 077; openssl rand -hex 64 > /etc/zabbix/zabbix_agentd.psk creates=/etc/zabbix/zabbix_agentd.psk
...
...
roles/zabbix-server/tasks/main.yml
View file @
f7529414
...
...
@@ -3,7 +3,8 @@
-
name
:
install packages
pacman
:
name=zabbix-server,zabbix-frontend-php,irccat,gnu-netcat
-
file
:
path=/etc/zabbix state=directory owner=root group=root mode=755
-
name
:
set zabbix directory permissions in /etc
file
:
path=/etc/zabbix state=directory owner=root group=root mode=755
-
name
:
install server config
template
:
src=zabbix_server.conf dest=/etc/zabbix/zabbix_server.conf owner=zabbix-server group=zabbix-server mode=600
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment