diff --git a/.gitignore b/.gitignore index d9399221..bed1e33b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -site.retry +site.retry \ No newline at end of file diff --git a/group_vars/all b/group_vars/all index 9d70b6b6..08508a6a 100644 --- a/group_vars/all +++ b/group_vars/all @@ -20,4 +20,8 @@ on_calendar_deploy_mailu_certificates: "*-*-* 13,01:30:00" # Space Variables size_percent_maximum_backup: 75 size_percent_disc_space_warning: 85 -size_percent_free_disc_space: 90 \ No newline at end of file +size_percent_free_disc_space: 90 + +# Path Variables +path_docker_volumes: "/home/administrator/volumes/docker/" +path_docker_compose_files: "/home/administrator/docker-compose/" \ No newline at end of file diff --git a/playbook.yml b/playbook.yml index 2f15e090..d8847f41 100644 --- a/playbook.yml +++ b/playbook.yml @@ -93,11 +93,6 @@ vars: domain: forum.{{top_domain}} http_port: 8005 -- name: setup turn server - hosts: turn_server - become: true - roles: - - role: server_docker-turn-server - name: setup yourls hosts hosts: yourls become: true diff --git a/roles/independent_user-administrator/tasks/main.yml b/roles/independent_user-administrator/tasks/main.yml new file mode 100644 index 00000000..8b8cdf84 --- /dev/null +++ b/roles/independent_user-administrator/tasks/main.yml @@ -0,0 +1,17 @@ +- name: create administrator + user: + name: administrator + update_password: on_create + password: "{{ user_administrator_initial_password | password_hash('sha512') }}" + create_home: yes + generate_ssh_key: yes + ssh_key_type: rsa + ssh_key_bits: 8192 + +- name: "create /home/administrator/scripts/" + file: + path: "/home/administrator/scripts" + state: directory + owner: administrator + group: administrator + mode: 0700 \ No newline at end of file diff --git a/roles/server_docker-akaunting/README.md b/roles/server_docker-akaunting/README.md index 465623bf..4c7163ea 100644 --- a/roles/server_docker-akaunting/README.md +++ b/roles/server_docker-akaunting/README.md @@ -2,7 +2,7 @@ ## new setup ```bash -cd /home/administrator/docker-compose/akaunting/ +cd {{path_docker_compose_files}}akaunting/ export COMPOSE_HTTP_TIMEOUT=600 export DOCKER_CLIENT_TIMEOUT=600 AKAUNTING_SETUP=true docker-compose -p akaunting up -d @@ -68,7 +68,7 @@ export COMPOSE_HTTP_TIMEOUT=600 export DOCKER_CLIENT_TIMEOUT=600 # destroy all containers -cd /home/administrator/docker-compose/akaunting/ && +cd {{path_docker_compose_files}}akaunting/ && docker-compose down && docker network prune -f diff --git a/roles/server_docker-akaunting/vars/main.yml b/roles/server_docker-akaunting/vars/main.yml index 70dc32af..d9e84148 100644 --- a/roles/server_docker-akaunting/vars/main.yml +++ b/roles/server_docker-akaunting/vars/main.yml @@ -1 +1 @@ -docker_compose_akaunting_path: "/home/administrator/docker-compose/akaunting/" +docker_compose_akaunting_path: "{{path_docker_compose_files}}akaunting/" diff --git a/roles/server_docker-bigbluebutton/vars/main.yml b/roles/server_docker-bigbluebutton/vars/main.yml index 51232f32..b6df9f22 100644 --- a/roles/server_docker-bigbluebutton/vars/main.yml +++ b/roles/server_docker-bigbluebutton/vars/main.yml @@ -1 +1 @@ -docker_compose_bigbluebutton_path: "/home/administrator/docker-compose/bigbluebutton/" \ No newline at end of file +docker_compose_bigbluebutton_path: "{{path_docker_compose_files}}bigbluebutton/" \ No newline at end of file diff --git a/roles/server_docker-funkwhale/handlers/main.yml b/roles/server_docker-funkwhale/handlers/main.yml index 965d57ad..21fbb6b6 100644 --- a/roles/server_docker-funkwhale/handlers/main.yml +++ b/roles/server_docker-funkwhale/handlers/main.yml @@ -2,7 +2,7 @@ - name: recreate funkwhale command: cmd: docker-compose -p funkwhale up -d --force-recreate - chdir: /home/administrator/docker-compose/funkwhale/ + chdir: "{{docker_compose_path}}" environment: COMPOSE_HTTP_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600 diff --git a/roles/server_docker-funkwhale/vars/main.yml b/roles/server_docker-funkwhale/vars/main.yml index 4d75d754..88dc822e 100644 --- a/roles/server_docker-funkwhale/vars/main.yml +++ b/roles/server_docker-funkwhale/vars/main.yml @@ -1,2 +1,2 @@ -docker_compose_path: "/home/administrator/docker-compose/funkwhale/" +docker_compose_path: "{{path_docker_compose_files}}funkwhale/" client_max_body_size: "512M" diff --git a/roles/server_docker-gitea/README.md b/roles/server_docker-gitea/README.md index 27404e71..f558401f 100644 --- a/roles/server_docker-gitea/README.md +++ b/roles/server_docker-gitea/README.md @@ -2,7 +2,7 @@ ## update ```bash -cd /home/administrator/docker-compose/gitea/ +cd {{path_docker_compose_folder}} docker-compose down docker-compose pull docker-compose up -d @@ -19,7 +19,7 @@ Keep in mind to track and to don't interrupt the update process until the migrat ## recreate ```bash -cd /home/administrator/docker-compose/gitea/ && docker-compose -p gitea up -d --force-recreate +cd {{path_docker_compose_folder}} && docker-compose -p gitea up -d --force-recreate ``` ## database access diff --git a/roles/server_docker-gitea/handlers/main.yml b/roles/server_docker-gitea/handlers/main.yml index 328cb4d1..612b7b3b 100644 --- a/roles/server_docker-gitea/handlers/main.yml +++ b/roles/server_docker-gitea/handlers/main.yml @@ -2,7 +2,7 @@ - name: recreate gitea command: cmd: docker-compose -p gitea up -d --force-recreate - chdir: /home/administrator/docker-compose/gitea/ + chdir: "{{path_docker_compose_folder}}" environment: COMPOSE_HTTP_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600 diff --git a/roles/server_docker-gitea/tasks/main.yml b/roles/server_docker-gitea/tasks/main.yml index 7d306181..f7dc603b 100644 --- a/roles/server_docker-gitea/tasks/main.yml +++ b/roles/server_docker-gitea/tasks/main.yml @@ -6,12 +6,12 @@ template: src=roles/server_native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx -- name: "create /home/administrator/docker-compose/gitea/" +- name: "create {{path_docker_compose_folder}}" file: - path: "/home/administrator/docker-compose/gitea/" + path: "{{path_docker_compose_folder}}" state: directory mode: 0755 - name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/gitea/docker-compose.yml + template: src=docker-compose.yml.j2 dest={{path_docker_compose_folder}}docker-compose.yml notify: recreate gitea diff --git a/roles/server_docker-gitea/vars/main.yml b/roles/server_docker-gitea/vars/main.yml new file mode 100644 index 00000000..3ec603fc --- /dev/null +++ b/roles/server_docker-gitea/vars/main.yml @@ -0,0 +1 @@ +path_docker_compose_folder: "{{path_docker_compose_files}}gitea/" diff --git a/roles/server_docker-mailu/handlers/main.yml b/roles/server_docker-mailu/handlers/main.yml index 1d4c5ff1..f7857c4a 100644 --- a/roles/server_docker-mailu/handlers/main.yml +++ b/roles/server_docker-mailu/handlers/main.yml @@ -2,7 +2,7 @@ - name: recreate mailu command: cmd: docker-compose -p mailu up -d --force-recreate - chdir: /home/administrator/docker-compose/mailu/ + chdir: "{{path_docker_compose_files}}mailu/" environment: COMPOSE_HTTP_TIMEOUT: 900 DOCKER_CLIENT_TIMEOUT: 900 diff --git a/roles/server_docker-mailu/tasks/main.yml b/roles/server_docker-mailu/tasks/main.yml index efbe01e1..038fb9b5 100644 --- a/roles/server_docker-mailu/tasks/main.yml +++ b/roles/server_docker-mailu/tasks/main.yml @@ -9,9 +9,9 @@ template: src=roles/server_native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf notify: restart nginx -- name: "create /home/administrator/docker-compose/mailu" +- name: "create {{path_docker_compose_files}}mailu" file: - path: "/home/administrator/docker-compose/mailu" + path: "{{path_docker_compose_files}}mailu" state: directory mode: 0755 @@ -34,20 +34,30 @@ mode: 0755 - name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/mailu/docker-compose.yml + template: + src: "docker-compose.yml.j2" + dest: "{{path_docker_compose_files}}mailu/docker-compose.yml" notify: recreate mailu - name: add mailu.env - template: src=mailu.env.j2 dest=/home/administrator/docker-compose/mailu/mailu.env + template: + src: "mailu.env.j2" + dest: "{{path_docker_compose_files}}mailu/mailu.env" notify: recreate mailu - name: add deploy-letsencrypt-mailu.sh - template: src=deploy-letsencrypt-mailu.sh.j2 dest=/home/administrator/scripts/mailu/deploy-letsencrypt-mailu.sh + template: + src: "deploy-letsencrypt-mailu.sh.j2" + dest: "/home/administrator/scripts/mailu/deploy-letsencrypt-mailu.sh" - name: configure deploy-letsencrypt-mailu.service - template: src=deploy-letsencrypt-mailu.service.j2 dest=/etc/systemd/system/deploy-letsencrypt-mailu.service + template: + src: "deploy-letsencrypt-mailu.service.j2" + dest: "/etc/systemd/system/deploy-letsencrypt-mailu.service" notify: restart deploy-letsencrypt-mailu.service - name: configure deploy-letsencrypt-mailu.timer - template: src=deploy-letsencrypt-mailu.timer.j2 dest=/etc/systemd/system/deploy-letsencrypt-mailu.timer - notify: restart deploy-letsencrypt-mailu.timer + template: + src: "deploy-letsencrypt-mailu.timer.j2" + dest: "/etc/systemd/system/deploy-letsencrypt-mailu.timer" + notify: restart deploy-letsencrypt-mailu.timer \ No newline at end of file diff --git a/roles/server_docker-mastodon/README.md b/roles/server_docker-mastodon/README.md index 0190b01c..ace28ff5 100644 --- a/roles/server_docker-mastodon/README.md +++ b/roles/server_docker-mastodon/README.md @@ -5,11 +5,11 @@ ``` ## cleanup ```bash -cd /home/administrator/docker-compose/mastodon/ +cd {{path_docker_compose_files}}mastodon/ docker-compose down docker volume rm mastodon_data mastodon_database mastodon_redis -cd /home/administrator/docker-compose/ && -rm -vR /home/administrator/docker-compose/mastodon +cd {{path_docker_compose_files}} && +rm -vR {{path_docker_compose_files}}mastodon ``` ## access terminal diff --git a/roles/server_docker-mastodon/vars/main.yml b/roles/server_docker-mastodon/vars/main.yml index 968df619..bd18500a 100644 --- a/roles/server_docker-mastodon/vars/main.yml +++ b/roles/server_docker-mastodon/vars/main.yml @@ -1 +1 @@ -docker_compose_mastodon_path: "/home/administrator/docker-compose/mastodon/" +docker_compose_mastodon_path: "{{path_docker_compose_files}}mastodon/" diff --git a/roles/server_docker-nextcloud/README.md b/roles/server_docker-nextcloud/README.md index 55ac0bed..53ed7487 100644 --- a/roles/server_docker-nextcloud/README.md +++ b/roles/server_docker-nextcloud/README.md @@ -16,7 +16,7 @@ To update the nextcloud container execute the following commands on the server: sudo python /home/administrator/scripts/docker-volume-backup/docker-volume-backup.py export COMPOSE_HTTP_TIMEOUT=600 export DOCKER_CLIENT_TIMEOUT=600 - cd /home/administrator/docker-compose/nextcloud && docker-compose down + cd {{path_docker_compose_files}}nextcloud && docker-compose down ``` Afterwards update the ***nextcloud_version*** variable to the next version and run the this repository with this ansible role. @@ -55,7 +55,7 @@ and disable the not functioning apps. ## recover latest backup ```bash -cd /home/administrator/docker-compose/nextcloud && +cd {{path_docker_compose_files}}nextcloud && docker-compose down && docker exec -i nextcloud_database_1 mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/docker-volume-backup/latest/nextcloud_database/sql/backup.sql" && cd /home/administrator/scripts/docker-volume-backup && diff --git a/roles/server_docker-nextcloud/handlers/main.yml b/roles/server_docker-nextcloud/handlers/main.yml index bba6641f..bbfeec16 100644 --- a/roles/server_docker-nextcloud/handlers/main.yml +++ b/roles/server_docker-nextcloud/handlers/main.yml @@ -2,7 +2,7 @@ - name: recreate nextcloud command: cmd: docker-compose -p nextcloud up -d --force-recreate - chdir: /home/administrator/docker-compose/nextcloud/ + chdir: "{{path_docker_compose_files}}nextcloud/" environment: COMPOSE_HTTP_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600 diff --git a/roles/server_docker-nextcloud/tasks/main.yml b/roles/server_docker-nextcloud/tasks/main.yml index 832f6343..e9923713 100644 --- a/roles/server_docker-nextcloud/tasks/main.yml +++ b/roles/server_docker-nextcloud/tasks/main.yml @@ -3,25 +3,31 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=templates/nextcloud.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: + src: "templates/nextcloud.conf.j2" + dest: "/etc/nginx/conf.d/{{domain}}.conf" notify: restart nginx -- name: "create /home/administrator/volumes/docker/nextcloud/" +- name: "create {{path_volumes_docker}}nextcloud/" file: - path: "/home/administrator/volumes/docker/nextcloud" + path: "{{path_volumes_docker}}nextcloud" state: directory mode: 0755 - name: configure nginx.conf - template: src=templates/nginx.conf.j2 dest=/home/administrator/volumes/docker/nextcloud/nginx.conf + template: + src: "templates/nginx.conf.j2" + dest: "{{path_volumes_docker}}nextcloud/nginx.conf" notify: recreate nextcloud -- name: "create /home/administrator/docker-compose/nextcloud/" +- name: "create {{path_docker_compose_files}}nextcloud/" file: - path: "/home/administrator/docker-compose/nextcloud/" + path: "{{path_docker_compose_files}}nextcloud/" state: directory mode: 0755 - name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/nextcloud/docker-compose.yml + template: + src: docker-compose.yml.j2 + dest: "{{path_docker_compose_files}}nextcloud/docker-compose.yml" notify: recreate nextcloud diff --git a/roles/server_docker-nextcloud/templates/docker-compose.yml.j2 b/roles/server_docker-nextcloud/templates/docker-compose.yml.j2 index 8e7e2f34..cccdc4a8 100644 --- a/roles/server_docker-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/server_docker-nextcloud/templates/docker-compose.yml.j2 @@ -44,7 +44,7 @@ services: depends_on: - application volumes: - - /home/administrator/volumes/docker/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro + - "{{path_volumes_docker}}nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro" volumes_from: - application redis: diff --git a/roles/server_docker-peertube/README.md b/roles/server_docker-peertube/README.md index b172b777..18ba943e 100644 --- a/roles/server_docker-peertube/README.md +++ b/roles/server_docker-peertube/README.md @@ -7,7 +7,7 @@ watch -n 2 "docker ps -a | grep peertube" ## clean rebuild ```bash -cd /home/administrator/docker-compose/peertube/ && +cd {{path_docker_compose_files}}peertube/ && docker-compose down docker volume rm peertube_assets peertube_config peertube_data peertube_database peertube_redis docker-compose up -d diff --git a/roles/server_docker-peertube/vars/main.yml b/roles/server_docker-peertube/vars/main.yml index ad0f030f..eed99e54 100644 --- a/roles/server_docker-peertube/vars/main.yml +++ b/roles/server_docker-peertube/vars/main.yml @@ -1 +1 @@ -docker_compose_peertube_path: "/home/administrator/docker-compose/peertube/" +docker_compose_peertube_path: "{{path_docker_compose_files}}peertube/" diff --git a/roles/server_docker-pixelfed/README.md b/roles/server_docker-pixelfed/README.md index b6b43df7..5c6c4f3c 100644 --- a/roles/server_docker-pixelfed/README.md +++ b/roles/server_docker-pixelfed/README.md @@ -8,7 +8,7 @@ docker volume rm pixelfed_application_data pixelfed_database pixelfed_redis_data ## update ```bash -cd /home/administrator/docker-compose/pixelfed/ && +cd {{path_docker_compose_files}}pixelfed/ && docker-compose down && docker network prune -f && docker-compose pull && diff --git a/roles/server_docker-pixelfed/handlers/main.yml b/roles/server_docker-pixelfed/handlers/main.yml index 7eacd53a..7d828b11 100644 --- a/roles/server_docker-pixelfed/handlers/main.yml +++ b/roles/server_docker-pixelfed/handlers/main.yml @@ -2,7 +2,7 @@ - name: recreate pixelfed command: cmd: docker-compose -p pixelfed up -d --force-recreate - chdir: /home/administrator/docker-compose/pixelfed/ + chdir: "{{path_docker_compose_files}}pixelfed/" environment: COMPOSE_HTTP_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600 diff --git a/roles/server_docker-pixelfed/vars/main.yml b/roles/server_docker-pixelfed/vars/main.yml index 5418c5ec..75337cc1 100644 --- a/roles/server_docker-pixelfed/vars/main.yml +++ b/roles/server_docker-pixelfed/vars/main.yml @@ -1,2 +1,2 @@ -docker_compose_path: "/home/administrator/docker-compose/pixelfed/" +docker_compose_path: "{{path_docker_compose_files}}pixelfed/" client_max_body_size: "512M" diff --git a/roles/server_docker-roulette-wheel/vars/main.yml b/roles/server_docker-roulette-wheel/vars/main.yml index d63ac859..6244653c 100644 --- a/roles/server_docker-roulette-wheel/vars/main.yml +++ b/roles/server_docker-roulette-wheel/vars/main.yml @@ -1,2 +1,2 @@ -docker_compose_path: "/home/administrator/docker-compose/roulette-wheel/" -app_path: "/home/administrator/docker-compose/roulette-wheel/app/" \ No newline at end of file +docker_compose_path: "{{path_docker_compose_files}}roulette-wheel/" +app_path: "{{path_docker_compose_files}}roulette-wheel/app/" \ No newline at end of file diff --git a/roles/server_docker-turn-server/handlers/main.yml b/roles/server_docker-turn-server/handlers/main.yml deleted file mode 100644 index 420e02f7..00000000 --- a/roles/server_docker-turn-server/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: recreate turn server - command: - cmd: docker restart -d -p "{{turn_server_listening_port}}:{{turn_server_listening_port}}" -p "{{turn_server_listening_port}}:{{turn_server_listening_port}}/udp" --mount type=tmpfs,destination=/var/lib/coturn --name "turn_server" -v "/home/administrator/volumes/docker/turn-server/turnserver.conf:/etc/coturn/turnserver.conf" coturn/coturn -# -p 49152-65535:49152-65535/udp - environment: - COMPOSE_HTTP_TIMEOUT: 600 - DOCKER_CLIENT_TIMEOUT: 600 diff --git a/roles/server_docker-turn-server/readme.md b/roles/server_docker-turn-server/readme.md deleted file mode 100644 index d081f1dd..00000000 --- a/roles/server_docker-turn-server/readme.md +++ /dev/null @@ -1,10 +0,0 @@ -#role server_docker-turn-server - -May this service needs to be implemented for jitis. It's directly integrated in the docker compose file of role server_docker-nextcloud - -## see -- https://nextcloud-talk.readthedocs.io/en/latest/TURN/ -- https://hub.docker.com/r/instrumentisto/coturn -- https://forum.openmediavault.org/index.php?thread/31782-server_docker-nextcloud-talk-plugin-and-turnserver/ -- https://markus-blog.de/index.php/2020/11/20/how-to-run-nextcloud-talk-high-performance-backend-with-stun-turnserver-on-ubuntu-with-docker-compose/ -- https://github.com/crazy-max/server_docker-nextcloud/issues/15 diff --git a/roles/server_docker-turn-server/tasks/main.yml b/roles/server_docker-turn-server/tasks/main.yml deleted file mode 100644 index 7bdf7286..00000000 --- a/roles/server_docker-turn-server/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -#- name: recieve {{turn_server_domain}} certificate -# command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{turn_server_domain}} - -- name: "create /home/administrator/volumes/docker/turn-server/" - file: - path: "/home/administrator/volumes/docker/turn-server" - state: directory - mode: 0755 - -- name: configure turnserver.conf - template: src=templates/turnserver.conf.j2 dest=/home/administrator/volumes/docker/turn-server/turnserver.conf - notify: recreate turn server diff --git a/roles/server_docker-turn-server/templates/turnserver.conf.j2 b/roles/server_docker-turn-server/templates/turnserver.conf.j2 deleted file mode 100644 index b1708e96..00000000 --- a/roles/server_docker-turn-server/templates/turnserver.conf.j2 +++ /dev/null @@ -1,9 +0,0 @@ -listening-port={{turn_server_listening_port}} -fingerprint -use-auth-secret -static-auth-secret={{turn_server_secret}} -realm={{turn_server_domain}} -total-quota=0 -bps-capacity=0 -stale-nonce -no-multicast-peers diff --git a/roles/server_docker-turn-server/vars/main.yml b/roles/server_docker-turn-server/vars/main.yml deleted file mode 100644 index f226d0a7..00000000 --- a/roles/server_docker-turn-server/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -turn_server_listening_port: 3478 diff --git a/roles/server_docker-wordpress/handlers/main.yml b/roles/server_docker-wordpress/handlers/main.yml index a0e69d58..5d586c31 100644 --- a/roles/server_docker-wordpress/handlers/main.yml +++ b/roles/server_docker-wordpress/handlers/main.yml @@ -2,7 +2,7 @@ - name: recreate wordpress command: cmd: docker-compose -p wordpress up -d --force-recreate - chdir: /home/administrator/docker-compose/wordpress/ + chdir: "{{path_docker_compose_files}}wordpress/" environment: COMPOSE_HTTP_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600 diff --git a/roles/server_docker-wordpress/tasks/main.yml b/roles/server_docker-wordpress/tasks/main.yml index 881a6e68..79f147b6 100644 --- a/roles/server_docker-wordpress/tasks/main.yml +++ b/roles/server_docker-wordpress/tasks/main.yml @@ -11,12 +11,12 @@ loop: "{{domains}}" notify: restart nginx -- name: "create /home/administrator/docker-compose/wordpress/" +- name: "create {{path_docker_compose_files}}wordpress/" file: - path: "/home/administrator/docker-compose/wordpress/" + path: "{{path_docker_compose_files}}wordpress/" state: directory mode: 0755 - name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/wordpress/docker-compose.yml + template: src=docker-compose.yml.j2 dest={{path_docker_compose_files}}wordpress/docker-compose.yml notify: recreate wordpress diff --git a/roles/server_docker-yourls/handlers/main.yml b/roles/server_docker-yourls/handlers/main.yml index e31116c5..37907a0f 100644 --- a/roles/server_docker-yourls/handlers/main.yml +++ b/roles/server_docker-yourls/handlers/main.yml @@ -2,7 +2,7 @@ - name: recreate yourls command: cmd: docker-compose -p yourls up -d --force-recreate - chdir: /home/administrator/docker-compose/yourls/ + chdir: "{{path_docker_compose_files}}yourls/" environment: COMPOSE_HTTP_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600 diff --git a/roles/server_docker-yourls/tasks/main.yml b/roles/server_docker-yourls/tasks/main.yml index 2ccfe61f..53f113db 100644 --- a/roles/server_docker-yourls/tasks/main.yml +++ b/roles/server_docker-yourls/tasks/main.yml @@ -3,15 +3,19 @@ command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} - name: configure {{domain}}.conf - template: src=roles/server_native-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: + src: "roles/server_native-docker-reverse-proxy/templates/domain.conf.j2" + dest: "/etc/nginx/conf.d/{{domain}}.conf" notify: restart nginx -- name: "create /home/administrator/docker-compose/yourls/" +- name: "create {{path_docker_compose_files}}yourls/" file: - path: "/home/administrator/docker-compose/yourls/" + path: "{{path_docker_compose_files}}yourls/" state: directory mode: 0755 - name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest=/home/administrator/docker-compose/yourls/docker-compose.yml + template: + src: "docker-compose.yml.j2" + dest: "{{path_docker_compose_files}}yourls/docker-compose.yml" notify: recreate yourls diff --git a/roles/server_native-docker-compose-restart-unhealthy/files/docker-compose-restart-unhealthy.py b/roles/server_native-docker-compose-restart-unhealthy/files/docker-compose-restart-unhealthy.py index 7e0dee99..8db4f49a 100644 --- a/roles/server_native-docker-compose-restart-unhealthy/files/docker-compose-restart-unhealthy.py +++ b/roles/server_native-docker-compose-restart-unhealthy/files/docker-compose-restart-unhealthy.py @@ -49,6 +49,6 @@ for failed_container in failed_containers: filtered_failed_docker_compose_repositories=list(dict.fromkeys(unfiltered_failed_docker_compose_repositories)) for filtered_failed_docker_compose_repository in filtered_failed_docker_compose_repositories: print("restarting unhealthy container: " + filtered_failed_docker_compose_repository) - print_bash('cd /home/administrator/docker-compose/' + filtered_failed_docker_compose_repository + '/ && docker-compose restart') + print_bash('cd {{path_docker_compose_files}}' + filtered_failed_docker_compose_repository + '/ && docker-compose restart') print("finished restart procedure.") \ No newline at end of file diff --git a/roles/server_native-docker/meta/main.yml b/roles/server_native-docker/meta/main.yml index f21023ce..b260e072 100644 --- a/roles/server_native-docker/meta/main.yml +++ b/roles/server_native-docker/meta/main.yml @@ -1,5 +1,5 @@ dependencies: - server_native-docker-volume-backup - - server_native-user-administrator + - server_user-administrator - server_native-docker-health-check - server_native-docker-compose-restart-unhealthy diff --git a/roles/server_native-docker/tasks/main.yml b/roles/server_native-docker/tasks/main.yml index 80b5f1a5..36d0b112 100644 --- a/roles/server_native-docker/tasks/main.yml +++ b/roles/server_native-docker/tasks/main.yml @@ -5,17 +5,17 @@ state: present notify: docker restart -- name: "create /home/administrator/docker-compose/" +- name: "create {{path_docker_compose_files}}" file: - path: "/home/administrator/docker-compose" + path: "{{path_docker_compose_files}}" state: directory mode: 0700 owner: administrator group: administrator -- name: "create /home/administrator/volumes/docker" +- name: "create {{path_docker_volumes}}" file: - path: "/home/administrator/volumes/docker" + path: "{{path_docker_volumes}}" state: directory mode: 0700 owner: administrator diff --git a/roles/server_native-postfix/meta/main.yml b/roles/server_native-postfix/meta/main.yml index c1ded5b5..a4412db8 100644 --- a/roles/server_native-postfix/meta/main.yml +++ b/roles/server_native-postfix/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- server_native-user-administrator +- server_user-administrator diff --git a/roles/server_native-sshd/readme.md b/roles/server_native-sshd/README.md similarity index 82% rename from roles/server_native-sshd/readme.md rename to roles/server_native-sshd/README.md index 1a9f9d7a..366a069f 100644 --- a/roles/server_native-sshd/readme.md +++ b/roles/server_native-sshd/README.md @@ -1,7 +1,7 @@ # role server_native-sshd ## dependencies This role depends on that a well configured user administrator exist. -For this reason this role depends on the role server_native-user-administrator. +For this reason this role depends on the role server_user-administrator. A wrong configuration of this role can lead to an lockout of the system which just will be reversal via chroot. ## PAM diff --git a/roles/server_native-sshd/meta/main.yml b/roles/server_native-sshd/meta/main.yml index c1ded5b5..a4412db8 100644 --- a/roles/server_native-sshd/meta/main.yml +++ b/roles/server_native-sshd/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- server_native-user-administrator +- server_user-administrator diff --git a/roles/server_system-security/meta/main.yml b/roles/server_system-security/meta/main.yml index 3741c80c..1f94ebb6 100644 --- a/roles/server_system-security/meta/main.yml +++ b/roles/server_system-security/meta/main.yml @@ -1,3 +1,3 @@ dependencies: -- server_native-user-alarm +- server_user-alarm - server_native-sshd diff --git a/roles/server_native-user-administrator/Readme.md b/roles/server_user-administrator/Readme.md similarity index 100% rename from roles/server_native-user-administrator/Readme.md rename to roles/server_user-administrator/Readme.md diff --git a/roles/server_native-user-administrator/files/administrator b/roles/server_user-administrator/files/administrator similarity index 100% rename from roles/server_native-user-administrator/files/administrator rename to roles/server_user-administrator/files/administrator diff --git a/roles/server_native-user-administrator/meta/main.yml b/roles/server_user-administrator/meta/main.yml similarity index 51% rename from roles/server_native-user-administrator/meta/main.yml rename to roles/server_user-administrator/meta/main.yml index fe8d11f1..ec2881b0 100644 --- a/roles/server_native-user-administrator/meta/main.yml +++ b/roles/server_user-administrator/meta/main.yml @@ -1,2 +1,3 @@ dependencies: - server_native-sudo +- independent_user-administrator diff --git a/roles/server_native-user-administrator/tasks/main.yml b/roles/server_user-administrator/tasks/main.yml similarity index 59% rename from roles/server_native-user-administrator/tasks/main.yml rename to roles/server_user-administrator/tasks/main.yml index 359adb61..76bcdadf 100644 --- a/roles/server_native-user-administrator/tasks/main.yml +++ b/roles/server_user-administrator/tasks/main.yml @@ -1,13 +1,3 @@ -- name: create administrator - user: - name: administrator - update_password: on_create - password: "{{ user_administrator_initial_password | password_hash('sha512') }}" - create_home: yes - generate_ssh_key: yes - ssh_key_type: rsa - ssh_key_bits: 8192 - - name: create /home/administrator/.ssh/authorized_keys copy: src: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/administrator/.ssh/authorized_keys" @@ -25,14 +15,6 @@ group: root notify: sshd restart -- name: "create /home/administrator/scripts/" - file: - path: "/home/administrator/scripts" - state: directory - owner: administrator - group: administrator - mode: 0700 - - name: "create /home/administrator/volumes/" file: path: "/home/administrator/volumes" diff --git a/roles/server_native-user-alarm/tasks/main.yml b/roles/server_user-alarm/tasks/main.yml similarity index 100% rename from roles/server_native-user-alarm/tasks/main.yml rename to roles/server_user-alarm/tasks/main.yml