Optimized different roles

2024-11-22 12:41:05 +01:00 · 2022-03-17 16:28:57 +01:00 · 2022-03-17 16:28:57 +01:00 · 19354e7cfb
commit 19354e7cfb
parent 828155f4dc
5 changed files with 37 additions and 23 deletions
--- a/playbook.yml
+++ b/playbook.yml
@ -22,16 +22,8 @@
  become: true
  roles:
    - native-wireguard-behind-firewall
- name: setup replica backup hosts
-  hosts: replica_backup_hosts
-  become: true
-  roles:
-    - role: native-pull-primary-backups
- name: setup backups cleanup
-  hosts: backups_cleanup
-  become: true
-  roles:
-    - role: native-backups-cleanup
+
+# Native Webserver Roles
 - name: setup homepages
  hosts: homepage_hosts
  become: true
@ -39,6 +31,15 @@
   -  role: native-homepage
      vars:
        domain: "{{top_domain}}"
+- name: setup redirect hosts
+  hosts: redirect_hosts
+  become: true
+  roles:
+   -  role: native-https-redirect
+      vars:
+        domain_mappings: "{{redirect_domain_mappings}}"
+
+# Docker Roles
 - name: setup nextcloud hosts
  hosts: nextcloud_hosts
  become: true
@ -65,13 +66,6 @@
      vars:
        domains: "{{wordpress_domains}}"
        http_port: 8003
- name: setup redirect hosts
-  hosts: redirect_hosts
-  become: true
-  roles:
-   -  role: native-https-redirect
-      vars:
-        domain_mappings: "{{redirect_domain_mappings}}"
 - name: setup mediawiki hosts
  hosts: mediawiki_hosts
  become: true
@ -125,3 +119,15 @@
      vars:
        domain: akaunting.{{top_domain}}
        http_port: 8080
+
+# Backup Roles
+- name: setup replica backup hosts
+  hosts: replica_backup_hosts
+  become: true
+  roles:
+    - role: native-pull-primary-backups
+- name: setup backups cleanup
+  hosts: backups_cleanup
+  become: true
+  roles:
+    - role: native-backups-cleanup
--- a/roles/native-sshd/tasks/main.yml
+++ b/roles/native-sshd/tasks/main.yml
@ -1,6 +1,8 @@
 - name: create sshd_config
-  copy:
-    src:  sshd_config
+  template:
+    src: "sshd_config.j2"
    dest: /etc/ssh/sshd_config
-    backup: yes
+    owner: root
+    group: root
+    mode: '0644'
  notify: sshd restart
--- a/roles/native-sshd/templates/sshd_config.j2
+++ b/roles/native-sshd/templates/sshd_config.j2
@ -108,7 +108,11 @@ PrintMotd no # pam does that
 #Banner none

 # override default of no subsystems
-Subsystem	sftp	/usr/lib/ssh/sftp-server
+{% if ansible_os_family == "Archlinux" %}
+Subsystem	sftp /usr/lib/ssh/sftp-server
+{% else%}
+Subsystem	sftp /usr/lib/openssh/sftp-server
+{% endif %}

 # Example of overriding settings on a per-user basis
 #Match User anoncvs
--- a/roles/native-user-backup/templates/authorized_keys.j2
+++ b/roles/native-user-backup/templates/authorized_keys.j2
@ -1 +1,3 @@
-command="/home/backup/ssh-wrapper.sh" {{authorized_keys}}
+{% for authorized_key in authorized_keys_list %}
+command="/home/backup/ssh-wrapper.sh" {{authorized_key}}
+{% endfor %}
--- a/roles/native-user-backup/vars/main.yml
+++ b/roles/native-user-backup/vars/main.yml
@ -1,2 +1,2 @@
 authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys"
-authorized_keys: "{{ lookup('file', authorized_keys_path) }}"
+authorized_keys_list: "{{ lookup('file', authorized_keys_path).splitlines() }}"