diff --git a/ansible/max.yml b/ansible/max.yml index f2e06e0..b45bdd2 100644 --- a/ansible/max.yml +++ b/ansible/max.yml @@ -6,7 +6,19 @@ - name: Start services hosts: max + pre_tasks: + - name: Create base service directory + file: + path: "{{ base_service_dir }}" + state: directory + - name: Delete externally managed environment file + shell: + cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED" + register: rm + changed_when: "rm.rc == 0" + failed_when: "false" roles: + - {role: 'setup-apt', tags: 'setup-apt'} - {role: 'watchtower', tags: 'watchtower'} - {role: 'forgejo', tags: 'forgejo'} - {role: 'syncthing', tags: 'syncthing'} diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 5530c9f..971722f 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -1,3 +1,3 @@ -- name: cloudinit-wait - src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait +- name: setup-apt + src: https://github.com/sunscrapers/ansible-role-apt.git scm: git diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml deleted file mode 100644 index b8f79d0..0000000 --- a/ansible/roles/common/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -- name: APT upgrade - apt: - autoremove: true - upgrade: yes - state: latest - update_cache: yes - cache_valid_time: 86400 # One day -- name: Create base service directory - file: - path: "{{ base_service_dir }}" - state: directory -- name: Delete externally managed environment file - shell: - cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED" - register: rm - changed_when: "rm.rc == 0" - failed_when: "false" diff --git a/ansible/roles/cyberchef/meta/main.yml b/ansible/roles/cyberchef/meta/main.yml index 7f5b1d3..cb0cd84 100644 --- a/ansible/roles/cyberchef/meta/main.yml +++ b/ansible/roles/cyberchef/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - \ No newline at end of file + - role: traefik diff --git a/ansible/roles/firewall/tasks/main.yml b/ansible/roles/firewall/tasks/main.yml deleted file mode 100644 index 6b6bcb4..0000000 --- a/ansible/roles/firewall/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Install firewalld - apt: - pkg: - - firewalld - state: latest - update_cache: true -- name: Allow SSH - firewalld: - service: ssh - permanent: yes - state: enabled -- name: Start firewalld - systemd: - enabled: true - name: sshd - state: started diff --git a/ansible/roles/forgejo/meta/main.yml b/ansible/roles/forgejo/meta/main.yml index 6b03734..cb0cd84 100644 --- a/ansible/roles/forgejo/meta/main.yml +++ b/ansible/roles/forgejo/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - role: traefik diff --git a/ansible/roles/freshrss/meta/main.yml b/ansible/roles/freshrss/meta/main.yml index 6b03734..cb0cd84 100644 --- a/ansible/roles/freshrss/meta/main.yml +++ b/ansible/roles/freshrss/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - role: traefik diff --git a/ansible/roles/hedgedoc/meta/main.yml b/ansible/roles/hedgedoc/meta/main.yml index 6b03734..cb0cd84 100644 --- a/ansible/roles/hedgedoc/meta/main.yml +++ b/ansible/roles/hedgedoc/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - role: traefik diff --git a/ansible/roles/inbucket/meta/main.yml b/ansible/roles/inbucket/meta/main.yml index 7f5b1d3..6ad37f8 100644 --- a/ansible/roles/inbucket/meta/main.yml +++ b/ansible/roles/inbucket/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - role: docker - \ No newline at end of file diff --git a/ansible/roles/jitsi/meta/main.yml b/ansible/roles/jitsi/meta/main.yml index 6b03734..cb0cd84 100644 --- a/ansible/roles/jitsi/meta/main.yml +++ b/ansible/roles/jitsi/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - role: traefik diff --git a/ansible/roles/kms/meta/main.yml b/ansible/roles/kms/meta/main.yml index 7f5b1d3..6ad37f8 100644 --- a/ansible/roles/kms/meta/main.yml +++ b/ansible/roles/kms/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - role: docker - \ No newline at end of file diff --git a/ansible/roles/mastodon/meta/main.yml b/ansible/roles/mastodon/meta/main.yml index 6b03734..cb0cd84 100644 --- a/ansible/roles/mastodon/meta/main.yml +++ b/ansible/roles/mastodon/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - role: traefik diff --git a/ansible/roles/overleaf/meta/main.yml b/ansible/roles/overleaf/meta/main.yml index 6b03734..cb0cd84 100644 --- a/ansible/roles/overleaf/meta/main.yml +++ b/ansible/roles/overleaf/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - role: traefik diff --git a/ansible/roles/prometheus/meta/main.yml b/ansible/roles/prometheus/meta/main.yml index 090690b..6ad37f8 100644 --- a/ansible/roles/prometheus/meta/main.yml +++ b/ansible/roles/prometheus/meta/main.yml @@ -1,3 +1,2 @@ dependencies: - - role: common - role: docker diff --git a/ansible/roles/radicale/meta/main.yml b/ansible/roles/radicale/meta/main.yml index 6b03734..cb0cd84 100644 --- a/ansible/roles/radicale/meta/main.yml +++ b/ansible/roles/radicale/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - role: traefik diff --git a/ansible/roles/seafile/meta/main.yml b/ansible/roles/seafile/meta/main.yml index 6b03734..cb0cd84 100644 --- a/ansible/roles/seafile/meta/main.yml +++ b/ansible/roles/seafile/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - role: traefik diff --git a/ansible/roles/ssh/files/ssh_config b/ansible/roles/ssh/files/ssh_config deleted file mode 100644 index 9ea50e1..0000000 --- a/ansible/roles/ssh/files/ssh_config +++ /dev/null @@ -1,54 +0,0 @@ -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -Include /etc/ssh/ssh_config.d/*.conf - -Host * -# ForwardAgent no -# ForwardX11 no -# ForwardX11Trusted yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# GSSAPIKeyExchange no -# GSSAPITrustDNS no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# IdentityFile ~/.ssh/id_ecdsa -# IdentityFile ~/.ssh/id_ed25519 -# Port 22 -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com -# RekeyLimit 1G 1h -# UserKnownHostsFile ~/.ssh/known_hosts.d/%k - SendEnv LANG LC_* - -# set HashKnownHosts to no to make known_hosts human readable and reviewable. -# HashKnownHosts yes -# GSSAPIAuthentication yes diff --git a/ansible/roles/ssh/files/sshd_config b/ansible/roles/ssh/files/sshd_config deleted file mode 100644 index e532138..0000000 --- a/ansible/roles/ssh/files/sshd_config +++ /dev/null @@ -1,41 +0,0 @@ -Include /etc/ssh/sshd_config.d/*.conf - -HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -HostKeyAlgorithms ssh-ed25519 -CASignatureAlgorithms ssh-ed25519 -HostbasedAcceptedKeyTypes ssh-ed25519 -HostKeyAlgorithms ssh-ed25519 -KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org -Ciphers chacha20-poly1305@openssh.com -MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com - -# To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no -PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -KbdInteractiveAuthentication no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -UsePAM yes - -X11Forwarding yes -PrintMotd no - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - diff --git a/ansible/roles/ssh/meta/main.yml b/ansible/roles/ssh/meta/main.yml deleted file mode 100644 index 9711b33..0000000 --- a/ansible/roles/ssh/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: common diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml deleted file mode 100644 index 9c7311c..0000000 --- a/ansible/roles/ssh/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Copy sshd config - copy: - src: "{{ role_path }}/files/sshd_config" - dest: /etc/ssh/sshd_config - register: sshd_config -- name: Copy ssh config - copy: - src: "{{ role_path }}/files/ssh_config" - dest: /etc/ssh/ssh_config - register: ssh_config -- name: Restart SSH service - systemd: - enabled: true - name: sshd - state: reloaded - when: sshd_config.changed diff --git a/ansible/roles/static/meta/main.yml b/ansible/roles/static/meta/main.yml index 6b03734..cb0cd84 100644 --- a/ansible/roles/static/meta/main.yml +++ b/ansible/roles/static/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - - role: docker - role: traefik diff --git a/ansible/roles/syncthing/meta/main.yml b/ansible/roles/syncthing/meta/main.yml index 090690b..6ad37f8 100644 --- a/ansible/roles/syncthing/meta/main.yml +++ b/ansible/roles/syncthing/meta/main.yml @@ -1,3 +1,2 @@ dependencies: - - role: common - role: docker diff --git a/ansible/roles/traefik/meta/main.yml b/ansible/roles/traefik/meta/main.yml index 090690b..6ad37f8 100644 --- a/ansible/roles/traefik/meta/main.yml +++ b/ansible/roles/traefik/meta/main.yml @@ -1,3 +1,2 @@ dependencies: - - role: common - role: docker diff --git a/ansible/roles/watchtower/meta/main.yml b/ansible/roles/watchtower/meta/main.yml index 7f5b1d3..6ad37f8 100644 --- a/ansible/roles/watchtower/meta/main.yml +++ b/ansible/roles/watchtower/meta/main.yml @@ -1,4 +1,2 @@ dependencies: - - role: common - role: docker - \ No newline at end of file