mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-13 00:11:05 +01:00
Optimized different roles
This commit is contained in:
parent
828155f4dc
commit
19354e7cfb
40
playbook.yml
40
playbook.yml
@ -22,16 +22,8 @@
|
||||
become: true
|
||||
roles:
|
||||
- native-wireguard-behind-firewall
|
||||
- name: setup replica backup hosts
|
||||
hosts: replica_backup_hosts
|
||||
become: true
|
||||
roles:
|
||||
- role: native-pull-primary-backups
|
||||
- name: setup backups cleanup
|
||||
hosts: backups_cleanup
|
||||
become: true
|
||||
roles:
|
||||
- role: native-backups-cleanup
|
||||
|
||||
# Native Webserver Roles
|
||||
- name: setup homepages
|
||||
hosts: homepage_hosts
|
||||
become: true
|
||||
@ -39,6 +31,15 @@
|
||||
- role: native-homepage
|
||||
vars:
|
||||
domain: "{{top_domain}}"
|
||||
- name: setup redirect hosts
|
||||
hosts: redirect_hosts
|
||||
become: true
|
||||
roles:
|
||||
- role: native-https-redirect
|
||||
vars:
|
||||
domain_mappings: "{{redirect_domain_mappings}}"
|
||||
|
||||
# Docker Roles
|
||||
- name: setup nextcloud hosts
|
||||
hosts: nextcloud_hosts
|
||||
become: true
|
||||
@ -65,13 +66,6 @@
|
||||
vars:
|
||||
domains: "{{wordpress_domains}}"
|
||||
http_port: 8003
|
||||
- name: setup redirect hosts
|
||||
hosts: redirect_hosts
|
||||
become: true
|
||||
roles:
|
||||
- role: native-https-redirect
|
||||
vars:
|
||||
domain_mappings: "{{redirect_domain_mappings}}"
|
||||
- name: setup mediawiki hosts
|
||||
hosts: mediawiki_hosts
|
||||
become: true
|
||||
@ -125,3 +119,15 @@
|
||||
vars:
|
||||
domain: akaunting.{{top_domain}}
|
||||
http_port: 8080
|
||||
|
||||
# Backup Roles
|
||||
- name: setup replica backup hosts
|
||||
hosts: replica_backup_hosts
|
||||
become: true
|
||||
roles:
|
||||
- role: native-pull-primary-backups
|
||||
- name: setup backups cleanup
|
||||
hosts: backups_cleanup
|
||||
become: true
|
||||
roles:
|
||||
- role: native-backups-cleanup
|
||||
|
@ -1,6 +1,8 @@
|
||||
- name: create sshd_config
|
||||
copy:
|
||||
src: sshd_config
|
||||
template:
|
||||
src: "sshd_config.j2"
|
||||
dest: /etc/ssh/sshd_config
|
||||
backup: yes
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: sshd restart
|
||||
|
@ -108,7 +108,11 @@ PrintMotd no # pam does that
|
||||
#Banner none
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/lib/ssh/sftp-server
|
||||
{% if ansible_os_family == "Archlinux" %}
|
||||
Subsystem sftp /usr/lib/ssh/sftp-server
|
||||
{% else%}
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
{% endif %}
|
||||
|
||||
# Example of overriding settings on a per-user basis
|
||||
#Match User anoncvs
|
@ -1 +1,3 @@
|
||||
command="/home/backup/ssh-wrapper.sh" {{authorized_keys}}
|
||||
{% for authorized_key in authorized_keys_list %}
|
||||
command="/home/backup/ssh-wrapper.sh" {{authorized_key}}
|
||||
{% endfor %}
|
||||
|
@ -1,2 +1,2 @@
|
||||
authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys"
|
||||
authorized_keys: "{{ lookup('file', authorized_keys_path) }}"
|
||||
authorized_keys_list: "{{ lookup('file', authorized_keys_path).splitlines() }}"
|
||||
|
Loading…
Reference in New Issue
Block a user