diff --git a/roles/backuphost/tasks/main.yaml b/roles/backuphost/tasks/main.yaml index 7c243e3..20f85cb 100644 --- a/roles/backuphost/tasks/main.yaml +++ b/roles/backuphost/tasks/main.yaml @@ -13,13 +13,13 @@ shell: "/sbin/nologin" - name: Undefine AllowUsers - lineinfile: + ansible.builtin.lineinfile: state: absent path: /etc/ssh/sshd_config line: "AllowUsers tormakris ansible service-user" - name: Check if AllowUsers is defined - lineinfile: + ansible.builtin.lineinfile: state: absent path: /etc/ssh/sshd_config regexp: "^AllowUsers" @@ -28,24 +28,24 @@ register: checkallowusers - name: Define AllowUsers if undefined - lineinfile: + ansible.builtin.lineinfile: state: present path: /etc/ssh/sshd_config line: "AllowUsers tormakris ansible backup" when: checkallowusers.found == 0 - name: "Restart sshd" - service: + ansible.builtin.service: name: sshd state: restarted - name: Create .ssh directory of backup user - file: + ansible.builtin.file: path: /home/backup/.ssh state: directory - name: Copy authorized_keys - copy: + ansible.builtin.copy: src: authorized_keys dest: /home/backup/.ssh/authorized_keys mode: 0600 @@ -53,7 +53,7 @@ group: backup - name: Copy ssh config - copy: + ansible.builtin.copy: src: ssh_config dest: /home/backup/.ssh/config mode: 0600 diff --git a/roles/backupscript/tasks/main.yaml b/roles/backupscript/tasks/main.yaml index c3028b0..a394464 100644 --- a/roles/backupscript/tasks/main.yaml +++ b/roles/backupscript/tasks/main.yaml @@ -8,12 +8,12 @@ mode: '0700' - name: Create .ssh directory of root user - file: + ansible.builtin.file: path: /root/.ssh state: directory - name: Copy ssh config - copy: + ansible.builtin.copy: src: ssh_config dest: /root/.ssh/config mode: 0600 diff --git a/roles/common/tasks/apt.yaml b/roles/common/tasks/apt.yaml index 1ec8c78..dfe3776 100644 --- a/roles/common/tasks/apt.yaml +++ b/roles/common/tasks/apt.yaml @@ -1,6 +1,6 @@ --- - name: "Use custom Ubuntu mirror" - replace: + ansible.builtin.replace: path: /etc/apt/sources.list regexp: 'http://hu.archive.ubuntu.com' replace: 'https://tormakris.jfrog.io/artifactory/ubuntu-mirror' @@ -12,25 +12,25 @@ delegate_to: localhost - name: "Render JFrog credentials configuration" - template: + ansible.builtin.template: src: jfrog.conf.template dest: /etc/apt/auth.conf.d/jfrog.conf - name: "Remove Ubuntu bloatware" - apt: + ansible.builtin.apt: state: absent name: ubutu-server autoremove: yes - name: "Update machine" - apt: + ansible.builtin.apt: update_cache: yes upgrade: "yes" autoclean: yes autoremove: yes - name: "Install my favourite applications" - apt: + ansible.builtin.apt: update_cache: yes state: present name: diff --git a/roles/common/tasks/clean-motd.yaml b/roles/common/tasks/clean-motd.yaml index b8fd3b3..2894fad 100644 --- a/roles/common/tasks/clean-motd.yaml +++ b/roles/common/tasks/clean-motd.yaml @@ -1,6 +1,6 @@ --- - name: clean motd - file: + ansible.builtin.file: state: touch owner: tormakris group: tormakris diff --git a/roles/common/tasks/disable-cloudinit.yaml b/roles/common/tasks/disable-cloudinit.yaml index 5b87ed4..032878e 100644 --- a/roles/common/tasks/disable-cloudinit.yaml +++ b/roles/common/tasks/disable-cloudinit.yaml @@ -1,12 +1,12 @@ --- - name: disable cloudinit - copy: + ansible.builtin.copy: content: "" dest: /etc/cloud/cloud-init.disabled force: no - name: disable network autoconfig - copy: + ansible.builtin.copy: content: "network: {config: disabled}" dest: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg force: no diff --git a/roles/common/tasks/node-exporter.yaml b/roles/common/tasks/node-exporter.yaml index e00d1e3..d7d07b5 100644 --- a/roles/common/tasks/node-exporter.yaml +++ b/roles/common/tasks/node-exporter.yaml @@ -1,6 +1,6 @@ --- - name: "Install node exporter" - apt: + ansible.builtin.apt: update_cache: yes state: present name: @@ -14,7 +14,7 @@ src: 192.168.69.0/24 - name: Enable and restart exporter daemon - service: + ansible.builtin.service: name: prometheus-node-exporter state: restarted enabled: yes diff --git a/roles/common/tasks/remove-snap.yaml b/roles/common/tasks/remove-snap.yaml index 3a9f163..2f7b59e 100644 --- a/roles/common/tasks/remove-snap.yaml +++ b/roles/common/tasks/remove-snap.yaml @@ -1,13 +1,13 @@ --- - name: Remove snapd from Ubuntu - apt: + ansible.builtin.apt: name: snapd state: absent purge: yes when: ansible_distribution == "Ubuntu" - name: Remove snapd-related directories - file: + ansible.builtin.file: path: "{{ item }}" state: absent with_items: diff --git a/roles/common/tasks/ssh-security-settings.yaml b/roles/common/tasks/ssh-security-settings.yaml index 65f56b8..3fb3e75 100644 --- a/roles/common/tasks/ssh-security-settings.yaml +++ b/roles/common/tasks/ssh-security-settings.yaml @@ -1,30 +1,30 @@ --- - name: Disable password authentication - replace: + ansible.builtin.replace: path: /etc/ssh/sshd_config regexp: 'PasswordAuthentication yes' replace: 'PasswordAuthentication no' - name: Disable root authentication - replace: + ansible.builtin.replace: path: /etc/ssh/sshd_config regexp: '#PermitRootLogin prohibit-password' replace: 'PermitRootLogin no' - name: Disable X11 forwarding - replace: + ansible.builtin.replace: path: /etc/ssh/sshd_config regexp: 'X11Forwarding yes' replace: 'X11Forwarding no' - name: Explicitly only listen on ipv4 - replace: + ansible.builtin.replace: path: /etc/ssh/sshd_config regexp: '#AddressFamily any' replace: 'AddressFamily inet' - name: Check if AllowUsers is defined - lineinfile: + ansible.builtin.lineinfile: state: absent path: /etc/ssh/sshd_config regexp: "^AllowUsers" @@ -33,14 +33,14 @@ register: checkallowusers - name: Define AllowUsers if undefined - lineinfile: + ansible.builtin.lineinfile: state: present path: /etc/ssh/sshd_config line: "AllowUsers tormakris ansible service-user" when: checkallowusers.found == 0 - name: "Restart sshd" - service: + ansible.builtin.service: name: sshd state: restarted ... diff --git a/roles/common/tasks/timesync.yaml b/roles/common/tasks/timesync.yaml index f6cd8c7..f9d6c38 100644 --- a/roles/common/tasks/timesync.yaml +++ b/roles/common/tasks/timesync.yaml @@ -1,13 +1,13 @@ --- - name: Setup timesync config - template: + ansible.builtin.template: src: timesyncd.conf.template dest: /etc/systemd/timesyncd.conf notify: run Timedatectl when: ansible_service_mgr == "systemd" - name: set Timezone - timezone: name={{ timedatectl_timezone }} + ansible.builtin.timezone: name={{ timedatectl_timezone }} when: ansible_service_mgr == "systemd" - name: Reastart timesyncd to apply changes diff --git a/roles/common/tasks/ufw.yaml b/roles/common/tasks/ufw.yaml index b283862..e9dcde8 100644 --- a/roles/common/tasks/ufw.yaml +++ b/roles/common/tasks/ufw.yaml @@ -1,6 +1,6 @@ --- - name: "Install ufw via apt" - apt: + ansible.builtin.apt: update_cache: yes state: present name: diff --git a/roles/common/tasks/user-ops.yaml b/roles/common/tasks/user-ops.yaml index dd487bc..6ef721e 100644 --- a/roles/common/tasks/user-ops.yaml +++ b/roles/common/tasks/user-ops.yaml @@ -19,14 +19,14 @@ append: yes - name: Create .ssh directory of root user - file: + ansible.builtin.file: path: /home/ansible/.ssh state: directory owner: ansible group: ansible - name: Copy authorized_keys - copy: + ansible.builtin.copy: src: authorized_keys dest: /home/ansible/.ssh/authorized_keys mode: 0600 @@ -34,7 +34,7 @@ group: ansible - name: Check if ansible is already nopasswd in sudoers - lineinfile: + ansible.builtin.lineinfile: state: absent path: /etc/sudoers regexp: "^ansible" @@ -43,7 +43,7 @@ register: checkallowusers - name: Define ansible nopasswd in sudoers - lineinfile: + ansible.builtin.lineinfile: state: present path: /etc/sudoers line: "ansible ALL=(ALL:ALL) NOPASSWD:ALL" diff --git a/roles/docker/tasks/main.yaml b/roles/docker/tasks/main.yaml index afb4dd7..4732e8f 100644 --- a/roles/docker/tasks/main.yaml +++ b/roles/docker/tasks/main.yaml @@ -1,6 +1,6 @@ --- - name: "Install Docker via apt" - apt: + ansible.builtin.apt: update_cache: yes state: present name: @@ -8,7 +8,7 @@ - docker-compose - name: Disable userland proxy - copy: + ansible.builtin.copy: src: daemon.json dest: /etc/docker/daemon.json mode: 644 @@ -16,7 +16,7 @@ group: backup - name: Enable and restart Docker daemon - service: + ansible.builtin.service: name: docker state: restarted enabled: yes diff --git a/roles/internalsmtp/tasks/main.yaml b/roles/internalsmtp/tasks/main.yaml index 656dd2a..61585bc 100644 --- a/roles/internalsmtp/tasks/main.yaml +++ b/roles/internalsmtp/tasks/main.yaml @@ -1,24 +1,24 @@ --- - name: "Install Postfix via apt" - apt: + ansible.builtin.apt: update_cache: yes state: present name: - postfix - name: Install Postfix forwarder config - template: + ansible.builtin.template: src: templates/main.cf dest: /etc/postfix/main.cf - name: Restart Postfix - service: + ansible.builtin.service: name: postfix state: restarted enabled: yes - name: "Install postfix exporter" - apt: + ansible.builtin.apt: update_cache: yes state: present name: @@ -39,7 +39,7 @@ append: yes - name: Enable and restart exporter daemon - service: + ansible.builtin.service: name: prometheus-postfix-exporter state: restarted enabled: yes diff --git a/roles/neko/tasks/main.yaml b/roles/neko/tasks/main.yaml index e5971c4..d52e8c2 100644 --- a/roles/neko/tasks/main.yaml +++ b/roles/neko/tasks/main.yaml @@ -1,13 +1,13 @@ --- - name: "Install haproxy via apt" - apt: + ansible.builtin.apt: update_cache: yes state: present name: - haproxy - name: Copy haproxy configuration - copy: + ansible.builtin.copy: src: haproxy.cfg dest: /etc/haproxy/haproxy.cfg mode: 0644 @@ -15,34 +15,34 @@ group: root - name: Enable and stop haproxy - service: + ansible.builtin.service: name: haproxy state: stopped enabled: yes - name: "Install certbot via apt" - apt: + ansible.builtin.apt: update_cache: yes state: present name: - python3-certbot - name: Generate certificate for Neko domain - command: + ansible.builtin.command: cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --standalone -d neko.tormakristof.eu - name: Generate certificate for TURN domain - command: + ansible.builtin.command: cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --standalone -d turn.tormakristof.eu - name: Enable and start haproxy - service: + ansible.builtin.service: name: haproxy state: started enabled: yes - name: Copy certbot cronjob - copy: + ansible.builtin.copy: src: certbot dest: /etc/cron.weekly/certbot mode: 0755 @@ -58,7 +58,7 @@ state: enabled - name: "Install haproxy exporter" - apt: + ansible.builtin.apt: update_cache: yes state: present name: diff --git a/roles/netplan/tasks/main.yaml b/roles/netplan/tasks/main.yaml index 7fb07d8..3f71eca 100644 --- a/roles/netplan/tasks/main.yaml +++ b/roles/netplan/tasks/main.yaml @@ -1,16 +1,16 @@ --- - name: "remove cloudinit config" - file: + ansible.builtin.file: path: /etc/netplan/50-cloud-init.yaml state: absent - name: "remove installer config" - file: + ansible.builtin.file: path: /etc/netplan/00-installer-config.yaml state: absent - name: "install static config" - template: + ansible.builtin.template: src: templates/netplan.yaml dest: /etc/netplan/00-static.yaml notify: netplanapply diff --git a/roles/openvpn/tasks/main.yaml b/roles/openvpn/tasks/main.yaml index 302e2fd..a526365 100644 --- a/roles/openvpn/tasks/main.yaml +++ b/roles/openvpn/tasks/main.yaml @@ -1,6 +1,6 @@ --- - name: "Install openvpn-server via apt" - apt: + ansible.builtin.apt: update_cache: yes state: present name: @@ -15,13 +15,13 @@ reload: yes - name: Enable and restart openvpn daemon - service: + ansible.builtin.service: name: openvpn-server@stargate state: restarted enabled: yes - name: Check if AllowUsers is defined - lineinfile: + ansible.builtin.lineinfile: state: absent path: /etc/ufw/before.rules regexp: "^# START OPENVPN" @@ -30,7 +30,7 @@ register: checkufwrules - name: Insert openvpn iptables rules - blockinfile: + ansible.builtin.blockinfile: path: /etc/ufw/before.rules block: | # START OPENVPN RULES diff --git a/roles/smtpgateway/tasks/main.yaml b/roles/smtpgateway/tasks/main.yaml index 73e2760..210c4e1 100644 --- a/roles/smtpgateway/tasks/main.yaml +++ b/roles/smtpgateway/tasks/main.yaml @@ -1,21 +1,21 @@ --- - name: "Install Postfix via apt" - apt: + ansible.builtin.apt: update_cache: yes state: present name: - postfix - name: Install Postfix mail gateway config - template: + ansible.builtin.template: src: templates/main.cf dest: /etc/postfix/main.cf - name: Build /etc/mailname - shell: hostname --fqdn > /etc/mailname + ansible.builtin.shell: hostname --fqdn > /etc/mailname - name: Restart Postfix - service: + ansible.builtin.service: name: postfix state: restarted enabled: yes @@ -27,7 +27,7 @@ src: 192.168.69.0/24 - name: "Install postfix exporter" - apt: + ansible.builtin.apt: update_cache: yes state: present name: @@ -48,7 +48,7 @@ append: yes - name: Enable and restart exporter daemon - service: + ansible.builtin.service: name: prometheus-postfix-exporter state: restarted enabled: yes diff --git a/roles/webgateway/tasks/main.yaml b/roles/webgateway/tasks/main.yaml index a2f2246..8f11802 100644 --- a/roles/webgateway/tasks/main.yaml +++ b/roles/webgateway/tasks/main.yaml @@ -1,6 +1,6 @@ --- - name: "Install nginx via apt" - apt: + ansible.builtin.apt: update_cache: yes state: present name: @@ -27,23 +27,23 @@ mode: '0644' - name: Enable and restart nginx daemon - service: + ansible.builtin.service: name: nginx state: restarted enabled: yes - name: Generate certificate for all proxied domains - command: + ansible.builtin.command: cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --nginx -d {{item.domain}} with_items: "{{ proxy }}" - name: Generate certificate for all static sites - command: + ansible.builtin.command: cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --nginx -d {{item.domain}} with_items: "{{ static }}" - name: Generate certificate for all redirect sites - command: + ansible.builtin.command: cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --nginx -d {{item.domain}} with_items: "{{ redirect }}" @@ -64,11 +64,11 @@ mode: '0644' - name: Validate nginx configuration - command: + ansible.builtin.command: cmd: nginx -t - name: Reload nginx after configuration change - service: + ansible.builtin.service: name: nginx state: reloaded @@ -91,7 +91,7 @@ with_items: "{{ static }}" - name: "Install nginx exporter" - apt: + ansible.builtin.apt: update_cache: yes state: present name: @@ -106,7 +106,7 @@ mode: '0644' - name: Enable and restart exporter daemon - service: + ansible.builtin.service: name: prometheus-nginx-exporter state: restarted enabled: yes diff --git a/roles/webserver/tasks/main.yaml b/roles/webserver/tasks/main.yaml index d818fc2..6ec0b58 100644 --- a/roles/webserver/tasks/main.yaml +++ b/roles/webserver/tasks/main.yaml @@ -6,7 +6,7 @@ src: 192.168.69.0/24 - name: "Install Nginx via apt" - apt: + ansible.builtin.apt: update_cache: yes state: present name: @@ -23,13 +23,13 @@ mode: '0644' - name: Enable and restart nginx daemon - service: + ansible.builtin.service: name: nginx state: restarted enabled: yes - name: Generate certificate for all server instances - command: + ansible.builtin.command: cmd: certbot certonly --non-interactive --agree-tos -m tormakristof@tormakristof.eu --nginx -d {{item.domain}} with_items: "{{ webserver }}" @@ -50,12 +50,12 @@ mode: '0644' - name: Reload nginx daemon - service: + ansible.builtin.service: name: nginx state: reloaded - name: "Install nginx exporter" - apt: + ansible.builtin.apt: update_cache: yes state: present name: @@ -77,7 +77,7 @@ mode: '0644' - name: Enable and restart exporter daemon - service: + ansible.builtin.service: name: prometheus-nginx-exporter state: restarted enabled: yes