remove fqdn

2023-08-30 23:13:59 +02:00 · 2023-08-30 23:13:59 +02:00 · 52f7e7e153
commit 52f7e7e153
parent 85fb26bf52
19 changed files with 96 additions and 96 deletions
--- a/roles/backuphost/tasks/main.yaml
+++ b/roles/backuphost/tasks/main.yaml
@ -1,18 +1,18 @@
 # TODO: Make backup user part of AD
 ---
 - name: "Add backup user"
-  ansible.builtin.user:
+  user:
    name: backup
    comment: Backup user
    shell: /bin/bash
 - name: Create .ssh directory of backup user
-  ansible.builtin.file:
+  file:
    path: /home/backup/.ssh
    state: directory
 - name: Copy authorized_keys
-  ansible.builtin.copy:
+  copy:
    src: authorized_keys
    dest: /home/backup/.ssh/authorized_keys
    mode: 0600
@ -20,7 +20,7 @@
    group: backup
 - name: Copy ssh config
-  ansible.builtin.copy:
+  copy:
    src: ssh_config
    dest: /home/backup/.ssh/config
    mode: 0600
--- a/roles/backupscript/tasks/main.yaml
+++ b/roles/backupscript/tasks/main.yaml
@ -1,6 +1,6 @@
 ---
 - name: "Generate backupscript"
-  ansible.builtin.template:
+  template:
    src: backupscript.sh
    dest: /etc/cron.weekly/backupscript
    owner: root
@ -8,12 +8,12 @@
    mode: '0700'
 - name: Create .ssh directory of root user
-  ansible.builtin.file:
+  file:
    path: /root/.ssh
    state: directory
 - name: Copy ssh config
-  ansible.builtin.copy:
+  copy:
    src: ssh_config
    dest: /root/.ssh/config
    mode: 0600
--- a/roles/common/tasks/apt.yaml
+++ b/roles/common/tasks/apt.yaml
@ -1,26 +1,26 @@
 ---
 - name: "Use custom Ubuntu mirror"
-  ansible.builtin.replace:
+  replace:
    path: /etc/apt/sources.list
    regexp: 'http://hu.archive.ubuntu.com'
    replace: 'https://mirror.niif.hu'
    backup: yes
 - name: "Remove Ubuntu bloatware"
-  ansible.builtin.apt: 
+  apt: 
    state: absent
    name: ubutu-server
    autoremove: yes
 - name: "Update machine"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    upgrade: "yes"
    autoclean: yes
    autoremove: yes
 - name: "Install my favourite applications"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
--- a/roles/common/tasks/clean-motd.yaml
+++ b/roles/common/tasks/clean-motd.yaml
@ -1,6 +1,6 @@
 ---
 - name: clean motd
-  ansible.builtin.file:
+  file:
    state: touch
    owner: tormakris@intra.tormakris.dev
    group: domain users@intra.tormakris.dev
--- a/roles/common/tasks/disable-cloudinit.yaml
+++ b/roles/common/tasks/disable-cloudinit.yaml
@ -1,12 +1,12 @@
 ---
 - name: disable cloudinit
-  ansible.builtin.copy:
+  copy:
    content: ""
    dest: /etc/cloud/cloud-init.disabled
    force: no
 - name: disable network autoconfig
-  ansible.builtin.copy:
+  copy:
    content: "network: {config: disabled}"
    dest: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
    force: no
--- a/roles/common/tasks/node-exporter.yaml
+++ b/roles/common/tasks/node-exporter.yaml
@ -1,6 +1,6 @@
 ---
 - name: "Install node exporter"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
@ -14,7 +14,7 @@
    src: 192.168.69.0/24
 - name: Enable and restart exporter daemon
-  ansible.builtin.service:
+  service:
    name: prometheus-node-exporter
    state: restarted
    enabled: yes
--- a/roles/common/tasks/remove-snap.yaml
+++ b/roles/common/tasks/remove-snap.yaml
@ -1,13 +1,13 @@
 ---
 - name: Remove snapd from Ubuntu
-  ansible.builtin.apt:
+  apt:
    name: snapd
    state: absent
    purge: yes
  when: ansible_distribution == "Ubuntu"
 - name: Remove snapd-related directories
-  ansible.builtin.file:
+  file:
    path: "{{ item }}"
    state: absent
  with_items:
--- a/roles/common/tasks/ssh-security-settings.yaml
+++ b/roles/common/tasks/ssh-security-settings.yaml
@ -1,24 +1,24 @@
 ---
 - name: Disable root authentication
-  ansible.builtin.replace:
+  replace:
    path: /etc/ssh/sshd_config
    regexp: '#PermitRootLogin prohibit-password'
    replace: 'PermitRootLogin no'
 - name: Disable X11 forwarding
-  ansible.builtin.replace:
+  replace:
    path: /etc/ssh/sshd_config
    regexp: 'X11Forwarding yes'
    replace: 'X11Forwarding no'
 - name: Explicitly only listen on ipv4
-  ansible.builtin.replace:
+  replace:
    path: /etc/ssh/sshd_config
    regexp: '#AddressFamily any'
    replace: 'AddressFamily inet'
 - name: "Restart sshd"
-  ansible.builtin.service:
+  service:
    name: sshd
    state: restarted
 ...
--- a/roles/common/tasks/timesync.yaml
+++ b/roles/common/tasks/timesync.yaml
@ -1,18 +1,18 @@
 ---
 - name: Setup timesync config
-  ansible.builtin.template:
+  template:
    src: timesyncd.conf.template
    dest: /etc/systemd/timesyncd.conf
  notify: run Timedatectl
  when: ansible_service_mgr == "systemd"
 - name: set Timezone
-  ansible.builtin.timezone: name={{ timedatectl_timezone }}
+  timezone: name={{ timedatectl_timezone }}
  when: ansible_service_mgr == "systemd"
 - name: Reastart timesyncd to apply changes
  when: ansible_service_mgr == "systemd"
-  ansible.builtin.systemd:
+  systemd:
    state: restarted
    daemon_reload: yes
    name: systemd-timesyncd
--- a/roles/common/tasks/ufw.yaml
+++ b/roles/common/tasks/ufw.yaml
@ -1,6 +1,6 @@
 ---
 - name: "Install ufw via apt"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
--- a/roles/common/tasks/user-ops.yaml
+++ b/roles/common/tasks/user-ops.yaml
@ -1,13 +1,13 @@
 ---
 - name: Create .ssh directory of ansible user
-  ansible.builtin.file:
+  file:
    path: /home/ansible@intra.tormakris.dev/.ssh
    state: directory
    owner: ansible@intra.tormakris.dev
    group: domain users@intra.tormakris.dev
 - name: Copy authorized_keys
-  ansible.builtin.copy:
+  copy:
    src: authorized_keys
    dest: /home/ansible@intra.tormakris.dev/.ssh/authorized_keys
    mode: 0600
@ -15,7 +15,7 @@
    group: domain users@intra.tormakris.dev
 - name: Check if group is present in sudoers
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/sudoers
    regexp: "^%linuxadmins"
@ -24,7 +24,7 @@
  register: checksudoers
 - name: Define group in sudoers
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: present
    path: /etc/sudoers
    line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
--- a/roles/docker/tasks/main.yaml
+++ b/roles/docker/tasks/main.yaml
@ -1,6 +1,6 @@
 ---
 - name: "Install Docker via apt"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
@ -8,7 +8,7 @@
     - docker-compose
 - name: Disable userland proxy
-  ansible.builtin.copy:
+  copy:
    src: daemon.json
    dest: /etc/docker/daemon.json
    mode: 644
@ -16,13 +16,13 @@
    group: backup
 - name: Enable and restart Docker daemon
-  ansible.builtin.service:
+  service:
    name: docker
    state: restarted
    enabled: yes
 - name: "Add service user to docker group"
-  ansible.builtin.user:
+  user:
    name: service-user@intra.tormakris.dev
    groups: docker
    append: yes
--- a/roles/internalsmtp/tasks/main.yaml
+++ b/roles/internalsmtp/tasks/main.yaml
@ -1,31 +1,31 @@
 ---
 - name: "Install Postfix via apt"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
     - postfix
 - name: Install Postfix forwarder config
-  ansible.builtin.template:
+  template:
    src: templates/main.cf
    dest: /etc/postfix/main.cf
 - name: Restart Postfix
-  ansible.builtin.service:
+  service:
    name: postfix
    state: restarted
    enabled: yes
 - name: "Install postfix exporter"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
     - prometheus-postfix-exporter
 - name: Copy postfix exporter config
-  ansible.builtin.copy:
+  copy:
    src: prometheus-postfix-exporter
    dest: /etc/default/prometheus-postfix-exporter
    owner: root
@ -33,13 +33,13 @@
    mode: '0644'
 - name: Add the prometheus user to postdrop group
-  ansible.builtin.user:
+  user:
    name: prometheus
    groups: postdrop
    append: yes
 - name: Enable and restart exporter daemon
-  ansible.builtin.service:
+  service:
    name: prometheus-postfix-exporter
    state: restarted
    enabled: yes
--- a/roles/netplan/tasks/main.yaml
+++ b/roles/netplan/tasks/main.yaml
@ -1,16 +1,16 @@
 ---
 - name: "remove cloudinit config"
-  ansible.builtin.file:
+  file:
    path: /etc/netplan/50-cloud-init.yaml
    state: absent
 - name: "remove installer config"
-  ansible.builtin.file:
+  file:
    path: /etc/netplan/00-installer-config.yaml
    state: absent
 - name: "install static config"
-  ansible.builtin.template:
+  template:
    src: templates/netplan.yaml
    dest: /etc/netplan/00-static.yaml
  notify: netplanapply
--- a/roles/openvpn/tasks/main.yaml
+++ b/roles/openvpn/tasks/main.yaml
@ -1,6 +1,6 @@
 ---
 - name: "Install openvpn-server via apt"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
@ -15,13 +15,13 @@
    reload: yes
 - name: Enable and restart openvpn daemon
-  ansible.builtin.service:
+  service:
    name: openvpn-server@stargate
    state: restarted
    enabled: yes
 - name: Check if AllowUsers is defined
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/ufw/before.rules
    regexp: "^# START OPENVPN"
@ -30,7 +30,7 @@
  register: checkufwrules
 - name: Insert openvpn iptables rules
-  ansible.builtin.blockinfile:
+  blockinfile:
    path: /etc/ufw/before.rules
    block: |
      # START OPENVPN RULES
--- a/roles/realmd/tasks/main.yaml
+++ b/roles/realmd/tasks/main.yaml
@ -1,6 +1,6 @@
 ---
 - name: "Install realmd and dependencies"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
@ -16,7 +16,7 @@
     - packagekit
 - name: Check if computer is joined to domain
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/sssd/sssd.conf
    line: "^ad_access_filter"
@ -25,22 +25,22 @@
  register: checkjoined
 - name: "Get join password from local environment variable"
-  ansible.builtin.set_fact:
+  set_fact:
    join_passw: "{{ lookup('env', 'JOIN_PASSW') }}"
  delegate_to: localhost
  when: checkjoined.found == 0
 - name: Join to AD with realmd
-  ansible.builtin.shell:
+  shell:
    cmd: echo {{ join_passw }} | realm join -v -U tormakris_admin intra.tormakris.dev
  when: checkjoined.found == 0
 - name: Enable pam homedir create on first logon
-  ansible.builtin.command:
+  command:
    cmd: pam-auth-update --enable mkhomedir
 - name: Check if ad_gpo_access_control is disabled
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/sssd/sssd.conf
    regexp: "^ad_gpo_access_control"
@ -49,14 +49,14 @@
  register: checkadgpoac
 - name: Set ad_gpo_access_control to disabled
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: present
    path: /etc/sssd/sssd.conf
    line: "ad_gpo_access_control = disabled"
  when: checkadgpoac.found == 0
 - name: Check if ad_access_filter is set
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/sssd/sssd.conf
    regexp: "^ad_access_filter"
@ -65,19 +65,19 @@
  register: checkadaf
 - name: Set ad_gpo_access_control to disabled
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: present
    path: /etc/sssd/sssd.conf
    line: "ad_access_filter = memberOf=CN=LinuxUsers,OU=Service Groups,DC=intra,DC=tormakris,DC=dev"
  when: checkadaf.found == 0
 - name: "Restart sssd"
-  ansible.builtin.service:
+  service:
    name: sssd
    state: restarted
 - name: Check if group is presend in sudoers
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: absent
    path: /etc/sudoers
    regexp: "^%linuxadmins"
@ -86,7 +86,7 @@
  register: checksudoers
 - name: Define group in sudoers
-  ansible.builtin.lineinfile:
+  lineinfile:
    state: present
    path: /etc/sudoers
    line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
--- a/roles/smtpgateway/tasks/main.yaml
+++ b/roles/smtpgateway/tasks/main.yaml
@ -1,22 +1,22 @@
 ---
 - name: "Install Postfix via apt"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
     - postfix
 - name: Install Postfix mail gateway config
-  ansible.builtin.template:
+  template:
    src: templates/main.cf
    dest: /etc/postfix/main.cf
 - name: Build /etc/mailname
-  ansible.builtin.shell:
+  shell:
    cmd: "hostname --fqdn > /etc/mailname"
 - name: Restart Postfix
-  ansible.builtin.service:
+  service:
    name: postfix
    state: restarted
    enabled: yes
@ -28,14 +28,14 @@
    src: 192.168.69.0/24
 - name: "Install postfix exporter"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
     - prometheus-postfix-exporter
 - name: Copy exporter config
-  ansible.builtin.copy:
+  copy:
    src: prometheus-postfix-exporter
    dest: /etc/default/prometheus-postfix-exporter
    owner: root
@ -43,13 +43,13 @@
    mode: '0644'
 - name: Add the prometheus user to postdrop group
-  ansible.builtin.user:
+  user:
    name: prometheus
    groups: postdrop
    append: yes
 - name: Enable and restart exporter daemon
-  ansible.builtin.service:
+  service:
    name: prometheus-postfix-exporter
    state: restarted
    enabled: yes
--- a/roles/webgateway/tasks/main.yaml
+++ b/roles/webgateway/tasks/main.yaml
@ -1,6 +1,6 @@
 ---
 - name: "Install nginx via apt"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
@ -19,7 +19,7 @@
    port: https
 - name: Copy default nginx config
-  ansible.builtin.copy:
+  copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
@ -27,28 +27,28 @@
    mode: '0644'
 - name: Enable and restart nginx daemon
-  ansible.builtin.service:
+  service:
    name: nginx
    state: restarted
    enabled: yes
 - name: Generate certificate for all proxied domains
-  ansible.builtin.command:
+  command:
    cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --nginx -d {{item.domain}}
  with_items: "{{ proxy }}"
 - name: Generate certificate for all static sites
-  ansible.builtin.command:
+  command:
    cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --nginx -d {{item.domain}}
  with_items: "{{ static }}"
 - name: Generate certificate for all redirect sites
-  ansible.builtin.command:
+  command:
    cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --nginx -d {{item.domain}}
  with_items: "{{ redirect }}"
 - name: "Generate certbot script"
-  ansible.builtin.template:
+  template:
    src: certbot.sh
    dest: /etc/cron.weekly/certbot
    owner: root
@ -56,7 +56,7 @@
    mode: '0700'
 - name: "Generate nginx configuration"
-  ansible.builtin.template:
+  template:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
@ -64,41 +64,41 @@
    mode: '0644'
 - name: Validate nginx configuration
-  ansible.builtin.command:
+  command:
    cmd: nginx -t
 - name: Reload nginx after configuration change
-  ansible.builtin.service:
+  service:
    name: nginx
    state: reloaded
 - name: "Remove any existing static file directories"
-  ansible.builtin.file:
+  file:
    path: "{{ item.directory }}"
    state: absent
  with_items: "{{ static }}"
 - name: "Checkout static websites from git"
-  ansible.builtin.git:
+  git:
    repo: "{{ item.repo }}"
    dest: "{{ item.directory }}"
  with_items: "{{ static }}"
 - name: "Remove .git directory from static websites"
-  ansible.builtin.file:
+  file:
    path: "{{ item.directory }}/.git"
    state: absent
  with_items: "{{ static }}"
 - name: "Install nginx exporter"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
     - prometheus-nginx-exporter
 - name: Copy nginx exporter config
-  ansible.builtin.copy:
+  copy:
    src: prometheus-nginx-exporter
    dest: /etc/default/prometheus-nginx-exporter
    owner: root
@ -106,7 +106,7 @@
    mode: '0644'
 - name: Enable and restart exporter daemon
-  ansible.builtin.service:
+  service:
    name: prometheus-nginx-exporter
    state: restarted
    enabled: yes
--- a/roles/webserver/tasks/main.yaml
+++ b/roles/webserver/tasks/main.yaml
@ -7,7 +7,7 @@
  with_items: "{{ allowedranges }}"
 - name: "Install Nginx via apt"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
@ -16,7 +16,7 @@
     - python3-certbot-dns-cloudflare
 - name: Copy default nginx config
-  ansible.builtin.copy:
+  copy:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
@ -24,18 +24,18 @@
    mode: '0644'
 - name: Enable and restart nginx daemon
-  ansible.builtin.service:
+  service:
    name: nginx
    state: restarted
    enabled: yes
 - name: "Get Cloudflare token from local environment variable"
-  ansible.builtin.set_fact:
+  set_fact:
    cloudflare_token: "{{ lookup('env', 'CLOUDFLARE_TOKEN') }}"
  delegate_to: localhost
 - name: "Render Cloudflare Certbot plugin configuration"
-  ansible.builtin.template:
+  template:
    src: cf-creds.ini
    dest: /root/cf-creds.ini
    owner: root
@ -43,12 +43,12 @@
    mode: 0600
 - name: Generate certificate for all server instances
-  ansible.builtin.shell:
+  shell:
    cmd: certbot certonly --non-interactive --agree-tos -m iam@tormakristof.eu --dns-cloudflare --dns-cloudflare-credentials /root/cf-creds.ini -d {{item.domain}}
  with_items: "{{ webserver }}"
 - name: "Generate certbot script"
-  ansible.builtin.template:
+  template:
    src: certbot.sh
    dest: /etc/cron.weekly/certbot
    owner: root
@ -56,7 +56,7 @@
    mode: '0700'
 - name: "Generate nginx configuration"
-  ansible.builtin.template:
+  template:
    src: nginx.conf
    dest: /etc/nginx/nginx.conf
    owner: root
@ -64,12 +64,12 @@
    mode: '0644'
 - name: Reload nginx daemon
-  ansible.builtin.service:
+  service:
    name: nginx
    state: reloaded
 - name: "Install nginx exporter"
-  ansible.builtin.apt:
+  apt:
    update_cache: yes
    state: present
    name:
@ -83,7 +83,7 @@
    src: 192.168.69.0/24
 - name: Copy nginx exporter config
-  ansible.builtin.copy:
+  copy:
    src: prometheus-nginx-exporter
    dest: /etc/default/prometheus-nginx-exporter
    owner: root
@ -91,7 +91,7 @@
    mode: '0644'
 - name: Enable and restart exporter daemon
-  ansible.builtin.service:
+  service:
    name: prometheus-nginx-exporter
    state: restarted
    enabled: yes