From 1ba50397db3aae6a14b6ccdcb173aeff8e310a27 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 11 Aug 2025 13:15:31 +0200 Subject: [PATCH] Optimized performance by moving multiple similar when includes to own tasks file --- roles/dev-locales/tasks/main.yml | 2 +- roles/dev-yay/tasks/main.yml | 8 +- roles/drv-lid-switch/handlers/main.yml | 2 +- roles/drv-lid-switch/tasks/main.yml | 6 +- roles/pkgmgr/tasks/01_core.yml | 42 ++++++++++ roles/pkgmgr/tasks/main.yml | 56 +------------ roles/srv-web-7-7-inj-compose/tasks/main.yml | 10 ++- roles/srv-web-7-7-inj-css/tasks/01_core.yml | 24 ++++++ roles/srv-web-7-7-inj-css/tasks/main.yml | 38 +-------- roles/sys-alm-email/tasks/01_core.yml | 16 ++++ roles/sys-alm-email/tasks/main.yml | 28 +------ roles/sys-alm-telegram/tasks/01_core.yml | 32 ++++++++ roles/sys-alm-telegram/tasks/main.yml | 44 +--------- roles/sys-bkp-provider-user/tasks/01_core.yml | 37 +++++++++ roles/sys-bkp-provider-user/tasks/main.yml | 49 +----------- roles/sys-cln-bkps-service/tasks/01_core.yml | 23 ++++++ roles/sys-cln-bkps-service/tasks/main.yml | 33 +------- roles/sys-cln-certs/tasks/01_core.yml | 21 +++++ roles/sys-cln-certs/tasks/main.yml | 32 +------- roles/sys-cln-faild-bkps/tasks/01_core.yml | 31 +++++++ roles/sys-cln-faild-bkps/tasks/main.yml | 44 +--------- roles/sys-hlth-csp/tasks/01_core.yml | 37 +++++++++ roles/sys-hlth-csp/tasks/main.yml | 52 +----------- .../tasks/01_core.yml | 26 ++++++ .../sys-hlth-docker-container/tasks/main.yml | 38 +-------- .../sys-hlth-docker-volumes/tasks/01_core.yml | 26 ++++++ roles/sys-hlth-docker-volumes/tasks/main.yml | 38 +-------- roles/sys-hlth-journalctl/tasks/01_core.yml | 26 ++++++ roles/sys-hlth-journalctl/tasks/main.yml | 38 +-------- roles/sys-hlth-webserver/tasks/01_core.yml | 31 +++++++ roles/sys-hlth-webserver/tasks/main.yml | 43 +--------- roles/sys-rpr-btrfs-blnc/tasks/01_core.yml | 21 +++++ roles/sys-rpr-btrfs-blnc/tasks/main.yml | 32 +------- roles/sys-rpr-docker-soft/tasks/01_core.yml | 27 +++++++ roles/sys-rpr-docker-soft/tasks/main.yml | 39 +-------- roles/update-compose/tasks/01_core.yml | 51 ++++++++++++ roles/update-compose/tasks/main.yml | 80 +------------------ roles/update-docker/tasks/01_core.yml | 23 ++++++ roles/update-docker/tasks/main.yml | 34 +------- roles/user-administrator/tasks/01_core.yml | 48 +++++++++++ roles/user-administrator/tasks/main.yml | 61 +------------- 41 files changed, 616 insertions(+), 733 deletions(-) create mode 100644 roles/pkgmgr/tasks/01_core.yml create mode 100644 roles/srv-web-7-7-inj-css/tasks/01_core.yml create mode 100644 roles/sys-alm-email/tasks/01_core.yml create mode 100644 roles/sys-alm-telegram/tasks/01_core.yml create mode 100644 roles/sys-bkp-provider-user/tasks/01_core.yml create mode 100644 roles/sys-cln-bkps-service/tasks/01_core.yml create mode 100644 roles/sys-cln-certs/tasks/01_core.yml create mode 100644 roles/sys-cln-faild-bkps/tasks/01_core.yml create mode 100644 roles/sys-hlth-csp/tasks/01_core.yml create mode 100644 roles/sys-hlth-docker-container/tasks/01_core.yml create mode 100644 roles/sys-hlth-docker-volumes/tasks/01_core.yml create mode 100644 roles/sys-hlth-journalctl/tasks/01_core.yml create mode 100644 roles/sys-hlth-webserver/tasks/01_core.yml create mode 100644 roles/sys-rpr-btrfs-blnc/tasks/01_core.yml create mode 100644 roles/sys-rpr-docker-soft/tasks/01_core.yml create mode 100644 roles/update-compose/tasks/01_core.yml create mode 100644 roles/update-docker/tasks/01_core.yml create mode 100644 roles/user-administrator/tasks/01_core.yml diff --git a/roles/dev-locales/tasks/main.yml b/roles/dev-locales/tasks/main.yml index 701cdfd0..0c6ffc10 100644 --- a/roles/dev-locales/tasks/main.yml +++ b/roles/dev-locales/tasks/main.yml @@ -5,4 +5,4 @@ template: src=locale.conf dest=/etc/locale.conf - name: Generate locales shell: locale-gen - become: yes + become: true diff --git a/roles/dev-yay/tasks/main.yml b/roles/dev-yay/tasks/main.yml index 773a12a6..9416f50b 100644 --- a/roles/dev-yay/tasks/main.yml +++ b/roles/dev-yay/tasks/main.yml @@ -6,14 +6,14 @@ state: present - name: Create the `aur_builder` user - become: yes + become: true ansible.builtin.user: name: aur_builder create_home: yes group: wheel - name: Allow the `aur_builder` user to run `sudo pacman` without a password - become: yes + become: true ansible.builtin.lineinfile: path: /etc/sudoers.d/11-install-aur_builder line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' @@ -21,7 +21,7 @@ validate: 'visudo -cf %s' - name: Clone yay from AUR - become: yes + become: true become_user: aur_builder git: repo: https://aur.archlinux.org/yay.git @@ -30,7 +30,7 @@ update: yes - name: Build and install yay - become: yes + become: true become_user: aur_builder shell: | cd /home/aur_builder/yay diff --git a/roles/drv-lid-switch/handlers/main.yml b/roles/drv-lid-switch/handlers/main.yml index bd9cae9a..b9cb00aa 100644 --- a/roles/drv-lid-switch/handlers/main.yml +++ b/roles/drv-lid-switch/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: Restart systemd-logind - become: yes + become: true systemd: name: systemd-logind state: restarted \ No newline at end of file diff --git a/roles/drv-lid-switch/tasks/main.yml b/roles/drv-lid-switch/tasks/main.yml index 1e5b3b59..d8398c39 100644 --- a/roles/drv-lid-switch/tasks/main.yml +++ b/roles/drv-lid-switch/tasks/main.yml @@ -10,7 +10,7 @@ become: true - name: Configure systemd lid switch behavior to hibernate on lid close (battery), lock on AC and docked - become: yes + become: true lineinfile: path: /etc/systemd/logind.conf regexp: '^#?HandleLidSwitch=' @@ -20,7 +20,7 @@ become: true - name: Configure systemd to lock session when lid is closed on external power - become: yes + become: true lineinfile: path: /etc/systemd/logind.conf regexp: '^#?HandleLidSwitchExternalPower=' @@ -30,7 +30,7 @@ become: true - name: Configure systemd to lock session when lid is closed while docked - become: yes + become: true lineinfile: path: /etc/systemd/logind.conf regexp: '^#?HandleLidSwitchDocked=' diff --git a/roles/pkgmgr/tasks/01_core.yml b/roles/pkgmgr/tasks/01_core.yml new file mode 100644 index 00000000..bc79cd07 --- /dev/null +++ b/roles/pkgmgr/tasks/01_core.yml @@ -0,0 +1,42 @@ +- name: Ensure GitHub host key is in known_hosts + known_hosts: + path: "~/.ssh/known_hosts" + name: github.com + key: "{{ lookup('pipe', 'ssh-keyscan -t ed25519 github.com | grep -v \"^#\"') }}" + become: true + +- name: Create installation directory for Kevin's Package Manager + file: + path: "{{ pkgmgr_install_path }}" + state: directory + mode: '0755' + become: true + +- name: Clone Kevin's Package Manager repository + git: + repo: "{{ pkgmgr_repo_url }}" + dest: "{{ pkgmgr_install_path }}" + version: "HEAD" + force: yes + become: true + +- name: Ensure main.py is executable + file: + path: "{{ pkgmgr_install_path }}/main.py" + mode: '0755' + become: true + +- name: create config.yaml + template: + src: config.yaml.j2 + dest: "{{pkgmgr_config_path}}" + become: true + +- name: Run the Package Manager install command to create an alias for Kevins package manager + shell: | + source ~/.venvs/pkgmgr/bin/activate + make setup + args: + chdir: "{{ pkgmgr_install_path }}" + executable: /bin/bash + become: true \ No newline at end of file diff --git a/roles/pkgmgr/tasks/main.yml b/roles/pkgmgr/tasks/main.yml index e08c9cfe..601e50d9 100644 --- a/roles/pkgmgr/tasks/main.yml +++ b/roles/pkgmgr/tasks/main.yml @@ -1,53 +1,5 @@ --- -- name: Ensure GitHub host key is in known_hosts - known_hosts: - path: "~/.ssh/known_hosts" - name: github.com - key: "{{ lookup('pipe', 'ssh-keyscan -t ed25519 github.com | grep -v \"^#\"') }}" - become: yes - -- name: Create installation directory for Kevin's Package Manager - file: - path: "{{ pkgmgr_install_path }}" - state: directory - mode: '0755' - become: yes - when: run_once_pkgmgr is not defined - -- name: Clone Kevin's Package Manager repository - git: - repo: "{{ pkgmgr_repo_url }}" - dest: "{{ pkgmgr_install_path }}" - version: "HEAD" - force: yes - become: yes - when: run_once_pkgmgr is not defined - -- name: Ensure main.py is executable - file: - path: "{{ pkgmgr_install_path }}/main.py" - mode: '0755' - become: yes - when: run_once_pkgmgr is not defined - -- name: create config.yaml - template: - src: config.yaml.j2 - dest: "{{pkgmgr_config_path}}" - become: yes - when: run_once_pkgmgr is not defined - -- name: Run the Package Manager install command to create an alias for Kevins package manager - shell: | - source ~/.venvs/pkgmgr/bin/activate - make setup - args: - chdir: "{{ pkgmgr_install_path }}" - executable: /bin/bash - become: yes - when: run_once_pkgmgr is not defined - -- name: run run_once_pkgmgr tasks once - set_fact: - run_once_pkgmgr: true - when: run_once_pkgmgr is not defined \ No newline at end of file +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml + when: run_once_pkgmgr is not definedd \ No newline at end of file diff --git a/roles/srv-web-7-7-inj-compose/tasks/main.yml b/roles/srv-web-7-7-inj-compose/tasks/main.yml index 4e482376..068c25cd 100644 --- a/roles/srv-web-7-7-inj-compose/tasks/main.yml +++ b/roles/srv-web-7-7-inj-compose/tasks/main.yml @@ -14,7 +14,10 @@ name: web-svc-cdn public: false # ATM just the Logout is using the CDN. - when: inj_enabled.logout and application_id != 'web-svc-cdn' + when: + - inj_enabled.logout + - application_id != 'web-svc-cdn' + - run_once_web_svc_cdn is not defined - name: Overwritte CDN handlers with neutral handlers ansible.builtin.include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml" @@ -26,7 +29,6 @@ vars: handler_role_name: "{{ item }}" - - name: Set inj_enabled dictionary set_fact: inj_enabled: @@ -39,7 +41,9 @@ - name: "Activate Global CSS for {{domain}}" include_role: name: srv-web-7-7-inj-css - when: inj_enabled.css + when: + - inj_enabled.css + - run_once_srv_web_7_7_inj_css is not defined - name: "Activate Global Matomo Tracking for {{domain}}" include_role: diff --git a/roles/srv-web-7-7-inj-css/tasks/01_core.yml b/roles/srv-web-7-7-inj-css/tasks/01_core.yml new file mode 100644 index 00000000..dc66dea2 --- /dev/null +++ b/roles/srv-web-7-7-inj-css/tasks/01_core.yml @@ -0,0 +1,24 @@ +- name: Generate color palette with colorscheme-generator + set_fact: + color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades) }}" + +- name: Generate inverted color palette with colorscheme-generator + set_fact: + inverted_color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades, invert_lightness=True) }}" + +- name: Deploy global.css + template: + src: global.css.j2 + dest: "{{ global_css_destination }}" + owner: "{{ nginx.user }}" + group: "{{ nginx.user }}" + mode: '0644' + +- name: Get stat for global.css + stat: + path: "{{ global_css_destination }}" + register: global_css_stat + +- name: Set global_css_version + set_fact: + global_css_version: "{{ global_css_stat.stat.mtime }}" \ No newline at end of file diff --git a/roles/srv-web-7-7-inj-css/tasks/main.yml b/roles/srv-web-7-7-inj-css/tasks/main.yml index afb3580f..589da695 100644 --- a/roles/srv-web-7-7-inj-css/tasks/main.yml +++ b/roles/srv-web-7-7-inj-css/tasks/main.yml @@ -1,34 +1,4 @@ -- name: Generate color palette with colorscheme-generator - set_fact: - color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades) }}" - when: run_once_srv_web_7_7_inj_css is not defined - -- name: Generate inverted color palette with colorscheme-generator - set_fact: - inverted_color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades, invert_lightness=True) }}" - when: run_once_srv_web_7_7_inj_css is not defined - -- name: Deploy global.css - template: - src: global.css.j2 - dest: "{{ global_css_destination }}" - owner: "{{ nginx.user }}" - group: "{{ nginx.user }}" - mode: '0644' - when: run_once_srv_web_7_7_inj_css is not defined - -- name: Get stat for global.css - stat: - path: "{{ global_css_destination }}" - register: global_css_stat - when: run_once_srv_web_7_7_inj_css is not defined - -- name: Set global_css_version - set_fact: - global_css_version: "{{ global_css_stat.stat.mtime }}" - when: run_once_srv_web_7_7_inj_css is not defined - -- name: Mark css as done - set_fact: - run_once_srv_web_7_7_inj_css: true - when: run_once_srv_web_7_7_inj_css is not defined +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml + when: run_once_srv_web_7_7_inj_css is not defined \ No newline at end of file diff --git a/roles/sys-alm-email/tasks/01_core.yml b/roles/sys-alm-email/tasks/01_core.yml new file mode 100644 index 00000000..05ad0a93 --- /dev/null +++ b/roles/sys-alm-email/tasks/01_core.yml @@ -0,0 +1,16 @@ +- name: "create {{systemd_notifier_email_folder}}" + file: + path: "{{systemd_notifier_email_folder}}" + state: directory + mode: 0755 + +- name: configure sys-alm-email.sh + template: + src: sys-alm-email.sh.j2 + dest: "{{systemd_notifier_email_folder}}sys-alm-email.sh" + +- name: configure sys-alm-email.infinito.service + template: + src: sys-alm-email@.service.j2 + dest: /etc/systemd/system/sys-alm-email.infinito@.service + notify: restart sys-alm-email service diff --git a/roles/sys-alm-email/tasks/main.yml b/roles/sys-alm-email/tasks/main.yml index 853fcb31..645661a2 100644 --- a/roles/sys-alm-email/tasks/main.yml +++ b/roles/sys-alm-email/tasks/main.yml @@ -1,24 +1,4 @@ -- name: "create {{systemd_notifier_email_folder}}" - file: - path: "{{systemd_notifier_email_folder}}" - state: directory - mode: 0755 - when: run_once_sys_alm_email is not defined - -- name: configure sys-alm-email.sh - template: - src: sys-alm-email.sh.j2 - dest: "{{systemd_notifier_email_folder}}sys-alm-email.sh" - when: run_once_sys_alm_email is not defined - -- name: configure sys-alm-email.infinito.service - template: - src: sys-alm-email@.service.j2 - dest: /etc/systemd/system/sys-alm-email.infinito@.service - notify: restart sys-alm-email service - when: run_once_sys_alm_email is not defined - -- name: run the systemd_notifier_email tasks once - set_fact: - run_once_sys_alm_email: true - when: run_once_sys_alm_email is not defined +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml + when: run_once_sys_alm_email is not defined \ No newline at end of file diff --git a/roles/sys-alm-telegram/tasks/01_core.yml b/roles/sys-alm-telegram/tasks/01_core.yml new file mode 100644 index 00000000..e602c241 --- /dev/null +++ b/roles/sys-alm-telegram/tasks/01_core.yml @@ -0,0 +1,32 @@ +- name: Fail if Telegram bot credentials are not set + assert: + that: + - telegram_bot_token != "" + - telegram_chat_id != "" + fail_msg: | + Telegram configuration is incomplete! + Please provide non‑empty values for: + - telegram_bot_token # Your Telegram bot’s API token + - telegram_chat_id # The Telegram chat ID to send messages to + +- name: install curl + pacman: + name: curl + state: present + +- name: Create a directory with a subdirectory + ansible.builtin.file: + path: "{{systemd_telegram_folder}}" + state: directory + mode: '0755' + +- name: configure sys-alm-telegram.sh + template: + src: sys-alm-telegram.sh.j2 + dest: "{{ systemd_telegram_script }}" + +- name: configure sys-alm-telegram.infinito.service + template: + src: sys-alm-telegram@.service.j2 + dest: "/etc/systemd/system/sys-alm-telegram.infinito@.service" + notify: "restart sys-alm-telegram service" diff --git a/roles/sys-alm-telegram/tasks/main.yml b/roles/sys-alm-telegram/tasks/main.yml index 1173de9b..56f5d2fb 100644 --- a/roles/sys-alm-telegram/tasks/main.yml +++ b/roles/sys-alm-telegram/tasks/main.yml @@ -1,42 +1,4 @@ -- name: Fail if Telegram bot credentials are not set - assert: - that: - - telegram_bot_token != "" - - telegram_chat_id != "" - fail_msg: | - Telegram configuration is incomplete! - Please provide non‑empty values for: - - telegram_bot_token # Your Telegram bot’s API token - - telegram_chat_id # The Telegram chat ID to send messages to - when: run_once_sys_alm_telegram is not defined - -- name: install curl - pacman: - name: curl - state: present - when: run_once_sys_alm_telegram is not defined - -- name: Create a directory with a subdirectory - ansible.builtin.file: - path: "{{systemd_telegram_folder}}" - state: directory - mode: '0755' - when: run_once_sys_alm_telegram is not defined - -- name: configure sys-alm-telegram.sh - template: - src: sys-alm-telegram.sh.j2 - dest: "{{ systemd_telegram_script }}" - when: run_once_sys_alm_telegram is not defined - -- name: configure sys-alm-telegram.infinito.service - template: - src: sys-alm-telegram@.service.j2 - dest: "/etc/systemd/system/sys-alm-telegram.infinito@.service" - notify: "restart sys-alm-telegram service" - when: run_once_sys_alm_telegram is not defined - -- name: run the systemd_notifier_telegram tasks once - set_fact: - run_once_sys_alm_telegram: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_alm_telegram is not defined \ No newline at end of file diff --git a/roles/sys-bkp-provider-user/tasks/01_core.yml b/roles/sys-bkp-provider-user/tasks/01_core.yml new file mode 100644 index 00000000..53a6caa2 --- /dev/null +++ b/roles/sys-bkp-provider-user/tasks/01_core.yml @@ -0,0 +1,37 @@ +- name: create backup user + user: + name: backup + create_home: yes + +- name: create .ssh directory + file: + path: /home/backup/.ssh + state: directory + owner: backup + group: backup + mode: '0700' + +- name: create /home/backup/.ssh/authorized_keys + template: + src: "authorized_keys.j2" + dest: /home/backup/.ssh/authorized_keys + owner: backup + group: backup + mode: '0644' + +- name: create /home/backup/ssh-wrapper.sh + copy: + src: "ssh-wrapper.sh" + dest: /home/backup/ssh-wrapper.sh + owner: backup + group: backup + mode: '0700' + +- name: grant backup sudo rights + copy: + src: "backup" + dest: /etc/sudoers.d/backup + mode: '0644' + owner: root + group: root + notify: sshd restart diff --git a/roles/sys-bkp-provider-user/tasks/main.yml b/roles/sys-bkp-provider-user/tasks/main.yml index 6da6b78b..4d13bff3 100644 --- a/roles/sys-bkp-provider-user/tasks/main.yml +++ b/roles/sys-bkp-provider-user/tasks/main.yml @@ -1,47 +1,4 @@ -- name: create backup user - user: - name: backup - create_home: yes - when: run_once_sys_bkp_provider_user is not defined - -- name: create .ssh directory - file: - path: /home/backup/.ssh - state: directory - owner: backup - group: backup - mode: '0700' - when: run_once_sys_bkp_provider_user is not defined - -- name: create /home/backup/.ssh/authorized_keys - template: - src: "authorized_keys.j2" - dest: /home/backup/.ssh/authorized_keys - owner: backup - group: backup - mode: '0644' - when: run_once_sys_bkp_provider_user is not defined - -- name: create /home/backup/ssh-wrapper.sh - copy: - src: "ssh-wrapper.sh" - dest: /home/backup/ssh-wrapper.sh - owner: backup - group: backup - mode: '0700' - when: run_once_sys_bkp_provider_user is not defined - -- name: grant backup sudo rights - copy: - src: "backup" - dest: /etc/sudoers.d/backup - mode: '0644' - owner: root - group: root - notify: sshd restart - when: run_once_sys_bkp_provider_user is not defined - -- name: run the backups_provider_user tasks once - set_fact: - run_once_sys_bkp_provider_user: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_bkp_provider_user is not defined \ No newline at end of file diff --git a/roles/sys-cln-bkps-service/tasks/01_core.yml b/roles/sys-cln-bkps-service/tasks/01_core.yml new file mode 100644 index 00000000..8c334cc5 --- /dev/null +++ b/roles/sys-cln-bkps-service/tasks/01_core.yml @@ -0,0 +1,23 @@ +- name: install lsof and python-psutil + community.general.pacman: + name: + - lsof + - python-psutil + state: present + +- name: "create {{cleanup_backups_directory}}" + file: + path: "{{cleanup_backups_directory}}" + state: directory + mode: 0755 + +- name: create sys-cln-backups.py + copy: + src: "sys-cln-backups.py" + dest: "{{cleanup_backups_directory}}sys-cln-backups.py" + +- name: create sys-cln-backups.infinito.service + template: + src: "sys-cln-backups.service.j2" + dest: "/etc/systemd/system/sys-cln-backups.infinito.service" + notify: reload sys-cln-backups.infinito.service diff --git a/roles/sys-cln-bkps-service/tasks/main.yml b/roles/sys-cln-bkps-service/tasks/main.yml index 289ed0fb..93feccfc 100644 --- a/roles/sys-cln-bkps-service/tasks/main.yml +++ b/roles/sys-cln-bkps-service/tasks/main.yml @@ -1,32 +1,5 @@ -- name: install lsof and python-psutil - community.general.pacman: - name: - - lsof - - python-psutil - state: present +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_cln_bkps_service is not defined -- name: "create {{cleanup_backups_directory}}" - file: - path: "{{cleanup_backups_directory}}" - state: directory - mode: 0755 - when: run_once_sys_cln_bkps_service is not defined - -- name: create sys-cln-backups.py - copy: - src: "sys-cln-backups.py" - dest: "{{cleanup_backups_directory}}sys-cln-backups.py" - when: run_once_sys_cln_bkps_service is not defined - -- name: create sys-cln-backups.infinito.service - template: - src: "sys-cln-backups.service.j2" - dest: "/etc/systemd/system/sys-cln-backups.infinito.service" - notify: reload sys-cln-backups.infinito.service - when: run_once_sys_cln_bkps_service is not defined - -- name: run the cleanup_backups_service tasks once - set_fact: - run_once_sys_cln_bkps_service: true - when: run_once_sys_cln_bkps_service is not defined diff --git a/roles/sys-cln-certs/tasks/01_core.yml b/roles/sys-cln-certs/tasks/01_core.yml new file mode 100644 index 00000000..c4334ee9 --- /dev/null +++ b/roles/sys-cln-certs/tasks/01_core.yml @@ -0,0 +1,21 @@ +- name: "pkgmgr install" + include_role: + name: pkgmgr-install + vars: + package_name: certreap + +- name: configure sys-cln-certs.infinito.service + template: + src: sys-cln-certs.service.j2 + dest: /etc/systemd/system/sys-cln-certs.infinito.service + notify: Reload and restart sys-cln-certs.infinito.service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{ on_calendar_cleanup_certs }}" diff --git a/roles/sys-cln-certs/tasks/main.yml b/roles/sys-cln-certs/tasks/main.yml index 320e85e6..ad7ad1b9 100644 --- a/roles/sys-cln-certs/tasks/main.yml +++ b/roles/sys-cln-certs/tasks/main.yml @@ -1,30 +1,4 @@ -- name: "pkgmgr install" - include_role: - name: pkgmgr-install - vars: - package_name: certreap - when: run_once_sys_cln_certs is not defined - -- name: configure sys-cln-certs.infinito.service - template: - src: sys-cln-certs.service.j2 - dest: /etc/systemd/system/sys-cln-certs.infinito.service - notify: Reload and restart sys-cln-certs.infinito.service - when: run_once_sys_cln_certs is not defined - -- name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - when: run_once_sys_cln_certs is not defined - -- name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{ on_calendar_cleanup_certs }}" - when: run_once_sys_cln_certs is not defined - -- name: run the run_once_sys_cln_certs tasks once - set_fact: - run_once_sys_cln_certs: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_cln_certs is not defined \ No newline at end of file diff --git a/roles/sys-cln-faild-bkps/tasks/01_core.yml b/roles/sys-cln-faild-bkps/tasks/01_core.yml new file mode 100644 index 00000000..257489a8 --- /dev/null +++ b/roles/sys-cln-faild-bkps/tasks/01_core.yml @@ -0,0 +1,31 @@ +- name: "pkgmgr install" + include_role: + name: pkgmgr-install + vars: + package_name: "{{ cln_failed_docker_backups_pkg }}" + +- name: "Retrieve {{ cln_failed_docker_backups_pkg }} path from pkgmgr" + command: "pkgmgr path {{ cln_failed_docker_backups_pkg }}" + register: pkgmgr_output + changed_when: false + +- name: Set fact for backup_docker_to_local_cleanup_script + set_fact: + backup_docker_to_local_cleanup_script: "{{ pkgmgr_output.stdout.rstrip('/') ~ '/cleanup-all.sh' }}" + changed_when: false + +- name: configure sys-cln-faild-bkps.infinito.service + template: + src: sys-cln-faild-bkps.service.j2 + dest: /etc/systemd/system/sys-cln-faild-bkps.infinito.service + notify: Reload sys-cln-faild-bkps.infinito.service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_cleanup_failed_docker}}" \ No newline at end of file diff --git a/roles/sys-cln-faild-bkps/tasks/main.yml b/roles/sys-cln-faild-bkps/tasks/main.yml index 77eaf260..104f51e8 100644 --- a/roles/sys-cln-faild-bkps/tasks/main.yml +++ b/roles/sys-cln-faild-bkps/tasks/main.yml @@ -1,42 +1,4 @@ -- name: "pkgmgr install" - include_role: - name: pkgmgr-install - vars: - package_name: "{{ cln_failed_docker_backups_pkg }}" - when: run_once_sys_cln_faild_bkps is not defined - -- name: "Retrieve {{ cln_failed_docker_backups_pkg }} path from pkgmgr" - command: "pkgmgr path {{ cln_failed_docker_backups_pkg }}" - register: pkgmgr_output - changed_when: false - when: run_once_sys_cln_faild_bkps is not defined - -- name: Set fact for backup_docker_to_local_cleanup_script - set_fact: - backup_docker_to_local_cleanup_script: "{{ pkgmgr_output.stdout.rstrip('/') ~ '/cleanup-all.sh' }}" - changed_when: false - when: run_once_sys_cln_faild_bkps is not defined - -- name: configure sys-cln-faild-bkps.infinito.service - template: - src: sys-cln-faild-bkps.service.j2 - dest: /etc/systemd/system/sys-cln-faild-bkps.infinito.service - notify: Reload sys-cln-faild-bkps.infinito.service - when: run_once_sys_cln_faild_bkps is not defined - -- name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - when: run_once_sys_cln_faild_bkps is not defined - -- name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_cleanup_failed_docker}}" - when: run_once_sys_cln_faild_bkps is not defined - -- name: run the cleanup_failed_docker_backups tasks once - set_fact: - run_once_sys_cln_faild_bkps: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_cln_faild_bkps is not defined \ No newline at end of file diff --git a/roles/sys-hlth-csp/tasks/01_core.yml b/roles/sys-hlth-csp/tasks/01_core.yml new file mode 100644 index 00000000..ebd99d77 --- /dev/null +++ b/roles/sys-hlth-csp/tasks/01_core.yml @@ -0,0 +1,37 @@ +- name: "pkgmgr install" + include_role: + name: pkgmgr-install + vars: + package_name: checkcsp + +- name: rebuild checkcsp docker image + shell: checkcsp build + # Todo this could be optimized in the future + +- name: "create {{ health_csp_crawler_folder }}" + file: + path: "{{ health_csp_crawler_folder }}" + state: directory + mode: 0755 + +- name: copy sys-hlth-csp.py + copy: + src: sys-hlth-csp.py + dest: "{{ health_csp_crawler_script }}" + mode: 0755 + +- name: create sys-hlth-csp.infinito.service + template: + src: sys-hlth-csp.service.j2 + dest: /etc/systemd/system/sys-hlth-csp.infinito.service + notify: reload sys-hlth-csp.infinito.service + +- name: set service_name to role_name + set_fact: + service_name: "{{ role_name }}" + +- name: include systemd timer role + include_role: + name: sys-timer + vars: + on_calendar: "{{ on_calendar_health_csp_crawler }}" diff --git a/roles/sys-hlth-csp/tasks/main.yml b/roles/sys-hlth-csp/tasks/main.yml index e9ba2ed1..2c2abe0f 100644 --- a/roles/sys-hlth-csp/tasks/main.yml +++ b/roles/sys-hlth-csp/tasks/main.yml @@ -1,48 +1,4 @@ -- name: "pkgmgr install" - include_role: - name: pkgmgr-install - vars: - package_name: checkcsp - when: run_once_sys_hlth_csp is not defined - -- name: rebuild checkcsp docker image - shell: checkcsp build - # Todo this could be optimized in the future - -- name: "create {{ health_csp_crawler_folder }}" - file: - path: "{{ health_csp_crawler_folder }}" - state: directory - mode: 0755 - when: run_once_sys_hlth_csp is not defined - -- name: copy sys-hlth-csp.py - copy: - src: sys-hlth-csp.py - dest: "{{ health_csp_crawler_script }}" - mode: 0755 - when: run_once_sys_hlth_csp is not defined - -- name: create sys-hlth-csp.infinito.service - template: - src: sys-hlth-csp.service.j2 - dest: /etc/systemd/system/sys-hlth-csp.infinito.service - notify: reload sys-hlth-csp.infinito.service - when: run_once_sys_hlth_csp is not defined - -- name: set service_name to role_name - set_fact: - service_name: "{{ role_name }}" - when: run_once_sys_hlth_csp is not defined - -- name: include systemd timer role - include_role: - name: sys-timer - vars: - on_calendar: "{{ on_calendar_health_csp_crawler }}" - when: run_once_sys_hlth_csp is not defined - -- name: run the health_csp tasks once - set_fact: - run_once_sys_hlth_csp: true - when: run_once_sys_hlth_csp is not defined +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml + when: run_once_sys_hlth_csp is not defined \ No newline at end of file diff --git a/roles/sys-hlth-docker-container/tasks/01_core.yml b/roles/sys-hlth-docker-container/tasks/01_core.yml new file mode 100644 index 00000000..7edb2e9e --- /dev/null +++ b/roles/sys-hlth-docker-container/tasks/01_core.yml @@ -0,0 +1,26 @@ +- name: "create {{health_docker_container_folder}}" + file: + path: "{{health_docker_container_folder}}" + state: directory + mode: 0755 + +- name: create sys-hlth-docker-container.sh + copy: + src: sys-hlth-docker-container.sh + dest: "{{health_docker_container_folder}}sys-hlth-docker-container.sh" + +- name: create sys-hlth-docker-container.infinito.service + template: + src: sys-hlth-docker-container.service.j2 + dest: /etc/systemd/system/sys-hlth-docker-container.infinito.service + notify: reload sys-hlth-docker-container.infinito.service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_health_docker_container}}" diff --git a/roles/sys-hlth-docker-container/tasks/main.yml b/roles/sys-hlth-docker-container/tasks/main.yml index 8c53cac5..66b59586 100644 --- a/roles/sys-hlth-docker-container/tasks/main.yml +++ b/roles/sys-hlth-docker-container/tasks/main.yml @@ -1,36 +1,4 @@ -- name: "create {{health_docker_container_folder}}" - file: - path: "{{health_docker_container_folder}}" - state: directory - mode: 0755 - when: run_once_sys_hlth_docker_container is not defined - -- name: create sys-hlth-docker-container.sh - copy: - src: sys-hlth-docker-container.sh - dest: "{{health_docker_container_folder}}sys-hlth-docker-container.sh" - when: run_once_sys_hlth_docker_container is not defined - -- name: create sys-hlth-docker-container.infinito.service - template: - src: sys-hlth-docker-container.service.j2 - dest: /etc/systemd/system/sys-hlth-docker-container.infinito.service - notify: reload sys-hlth-docker-container.infinito.service - when: run_once_sys_hlth_docker_container is not defined - -- name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - when: run_once_sys_hlth_docker_container is not defined - -- name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_health_docker_container}}" - when: run_once_sys_hlth_docker_container is not defined - -- name: run the health_docker_container tasks once - set_fact: - run_once_sys_hlth_docker_container: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_hlth_docker_container is not defined diff --git a/roles/sys-hlth-docker-volumes/tasks/01_core.yml b/roles/sys-hlth-docker-volumes/tasks/01_core.yml new file mode 100644 index 00000000..1a1dcb19 --- /dev/null +++ b/roles/sys-hlth-docker-volumes/tasks/01_core.yml @@ -0,0 +1,26 @@ +- name: "create {{health_docker_volumes_folder}}" + file: + path: "{{health_docker_volumes_folder}}" + state: directory + mode: 0755 + +- name: create sys-hlth-docker-volumes.sh + copy: + src: sys-hlth-docker-volumes.sh + dest: "{{health_docker_volumes_folder}}sys-hlth-docker-volumes.sh" + +- name: create sys-hlth-docker-volumes.infinito.service + template: + src: sys-hlth-docker-volumes.service.j2 + dest: /etc/systemd/system/sys-hlth-docker-volumes.infinito.service + notify: reload sys-hlth-docker-volumes.infinito.service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_health_docker_volumes}}" diff --git a/roles/sys-hlth-docker-volumes/tasks/main.yml b/roles/sys-hlth-docker-volumes/tasks/main.yml index b1be3b74..0e9e4edc 100644 --- a/roles/sys-hlth-docker-volumes/tasks/main.yml +++ b/roles/sys-hlth-docker-volumes/tasks/main.yml @@ -1,36 +1,4 @@ -- name: "create {{health_docker_volumes_folder}}" - file: - path: "{{health_docker_volumes_folder}}" - state: directory - mode: 0755 - when: run_once_sys_hlth_docker_volumes is not defined - -- name: create sys-hlth-docker-volumes.sh - copy: - src: sys-hlth-docker-volumes.sh - dest: "{{health_docker_volumes_folder}}sys-hlth-docker-volumes.sh" - when: run_once_sys_hlth_docker_volumes is not defined - -- name: create sys-hlth-docker-volumes.infinito.service - template: - src: sys-hlth-docker-volumes.service.j2 - dest: /etc/systemd/system/sys-hlth-docker-volumes.infinito.service - notify: reload sys-hlth-docker-volumes.infinito.service - when: run_once_sys_hlth_docker_volumes is not defined - -- name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - when: run_once_sys_hlth_docker_volumes is not defined - -- name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_health_docker_volumes}}" - when: run_once_sys_hlth_docker_volumes is not defined - -- name: run the health_docker_volumes tasks once - set_fact: - run_once_sys_hlth_docker_volumes: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_hlth_docker_volumes is not defined diff --git a/roles/sys-hlth-journalctl/tasks/01_core.yml b/roles/sys-hlth-journalctl/tasks/01_core.yml new file mode 100644 index 00000000..bbbbafab --- /dev/null +++ b/roles/sys-hlth-journalctl/tasks/01_core.yml @@ -0,0 +1,26 @@ +- name: "create {{health_journalctl_folder}}" + file: + path: "{{health_journalctl_folder}}" + state: directory + mode: 0755 + +- name: create sys-hlth-journalctl.sh + copy: + src: sys-hlth-journalctl.sh + dest: "{{health_journalctl_folder}}sys-hlth-journalctl.sh" + +- name: create sys-hlth-journalctl.infinito.service + template: + src: sys-hlth-journalctl.service.j2 + dest: /etc/systemd/system/sys-hlth-journalctl.infinito.service + notify: reload sys-hlth-journalctl.infinito.service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_health_journalctl}}" diff --git a/roles/sys-hlth-journalctl/tasks/main.yml b/roles/sys-hlth-journalctl/tasks/main.yml index a56fe627..b555c469 100644 --- a/roles/sys-hlth-journalctl/tasks/main.yml +++ b/roles/sys-hlth-journalctl/tasks/main.yml @@ -1,36 +1,4 @@ -- name: "create {{health_journalctl_folder}}" - file: - path: "{{health_journalctl_folder}}" - state: directory - mode: 0755 - when: run_once_sys_hlth_journalctl is not defined - -- name: create sys-hlth-journalctl.sh - copy: - src: sys-hlth-journalctl.sh - dest: "{{health_journalctl_folder}}sys-hlth-journalctl.sh" - when: run_once_sys_hlth_journalctl is not defined - -- name: create sys-hlth-journalctl.infinito.service - template: - src: sys-hlth-journalctl.service.j2 - dest: /etc/systemd/system/sys-hlth-journalctl.infinito.service - notify: reload sys-hlth-journalctl.infinito.service - when: run_once_sys_hlth_journalctl is not defined - -- name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - when: run_once_sys_hlth_journalctl is not defined - -- name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_health_journalctl}}" - when: run_once_sys_hlth_journalctl is not defined - -- name: run the health_journalctl tasks once - set_fact: - run_once_sys_hlth_journalctl: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_hlth_journalctl is not defined \ No newline at end of file diff --git a/roles/sys-hlth-webserver/tasks/01_core.yml b/roles/sys-hlth-webserver/tasks/01_core.yml new file mode 100644 index 00000000..f1bb466c --- /dev/null +++ b/roles/sys-hlth-webserver/tasks/01_core.yml @@ -0,0 +1,31 @@ +- name: Install required Python modules + pacman: + name: python-requests + state: present + +- name: "create {{ health_nginx_folder }}" + file: + path: "{{ health_nginx_folder }}" + state: directory + mode: 0755 + +- name: create sys-hlth-webserver.py + template: + src: sys-hlth-webserver.py.j2 + dest: "{{ health_nginx_folder }}sys-hlth-webserver.py" + +- name: create sys-hlth-webserver.infinito.service + template: + src: sys-hlth-webserver.service.j2 + dest: /etc/systemd/system/sys-hlth-webserver.infinito.service + notify: reload sys-hlth-webserver.infinito.service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_health_nginx}}" diff --git a/roles/sys-hlth-webserver/tasks/main.yml b/roles/sys-hlth-webserver/tasks/main.yml index 326afdb4..85b8d7a0 100644 --- a/roles/sys-hlth-webserver/tasks/main.yml +++ b/roles/sys-hlth-webserver/tasks/main.yml @@ -1,43 +1,6 @@ -- name: Install required Python modules - pacman: - name: python-requests - state: present +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_hlth_webserver is not defined -- name: "create {{ health_nginx_folder }}" - file: - path: "{{ health_nginx_folder }}" - state: directory - mode: 0755 - when: run_once_sys_hlth_webserver is not defined - -- name: create sys-hlth-webserver.py - template: - src: sys-hlth-webserver.py.j2 - dest: "{{ health_nginx_folder }}sys-hlth-webserver.py" - when: run_once_sys_hlth_webserver is not defined - -- name: create sys-hlth-webserver.infinito.service - template: - src: sys-hlth-webserver.service.j2 - dest: /etc/systemd/system/sys-hlth-webserver.infinito.service - notify: reload sys-hlth-webserver.infinito.service - when: run_once_sys_hlth_webserver is not defined - -- name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - when: run_once_sys_hlth_webserver is not defined - -- name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_health_nginx}}" - when: run_once_sys_hlth_webserver is not defined - -- name: run the health_nginx tasks once - set_fact: - run_once_sys_hlth_webserver: true - when: run_once_sys_hlth_webserver is not defined diff --git a/roles/sys-rpr-btrfs-blnc/tasks/01_core.yml b/roles/sys-rpr-btrfs-blnc/tasks/01_core.yml new file mode 100644 index 00000000..2cc5291d --- /dev/null +++ b/roles/sys-rpr-btrfs-blnc/tasks/01_core.yml @@ -0,0 +1,21 @@ +- name: "pkgmgr install" + include_role: + name: pkgmgr-install + vars: + package_name: btrfs-auto-balancer + +- name: configure sys-rpr-btrfs-blnc.infinito.service + template: + src: sys-rpr-btrfs-blnc.service.j2 + dest: /etc/systemd/system/sys-rpr-btrfs-blnc.infinito.service + notify: reload sys-rpr-btrfs-blnc.infinito.service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_btrfs_auto_balancer}}" \ No newline at end of file diff --git a/roles/sys-rpr-btrfs-blnc/tasks/main.yml b/roles/sys-rpr-btrfs-blnc/tasks/main.yml index ce7c33f1..f8533a36 100644 --- a/roles/sys-rpr-btrfs-blnc/tasks/main.yml +++ b/roles/sys-rpr-btrfs-blnc/tasks/main.yml @@ -1,30 +1,4 @@ -- name: "pkgmgr install" - include_role: - name: pkgmgr-install - vars: - package_name: btrfs-auto-balancer - when: run_once_sys_rpr_btrfs_blnc is not defined - -- name: configure sys-rpr-btrfs-blnc.infinito.service - template: - src: sys-rpr-btrfs-blnc.service.j2 - dest: /etc/systemd/system/sys-rpr-btrfs-blnc.infinito.service - notify: reload sys-rpr-btrfs-blnc.infinito.service - when: run_once_sys_rpr_btrfs_blnc is not defined - -- name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - when: run_once_sys_rpr_btrfs_blnc is not defined - -- name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_btrfs_auto_balancer}}" - when: run_once_sys_rpr_btrfs_blnc is not defined - -- name: run the system_btrfs_auto_balancer tasks once - set_fact: - run_once_sys_rpr_btrfs_blnc: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_rpr_btrfs_blnc is not defined diff --git a/roles/sys-rpr-docker-soft/tasks/01_core.yml b/roles/sys-rpr-docker-soft/tasks/01_core.yml new file mode 100644 index 00000000..959333a0 --- /dev/null +++ b/roles/sys-rpr-docker-soft/tasks/01_core.yml @@ -0,0 +1,27 @@ +- name: "create {{heal_docker}}" + file: + path: "{{heal_docker}}" + state: directory + mode: 0755 + +- name: create sys-rpr-docker-soft.py + copy: + src: sys-rpr-docker-soft.py + dest: "{{heal_docker}}sys-rpr-docker-soft.py" + notify: restart sys-rpr-docker-soft.infinito.service + +- name: create sys-rpr-docker-soft.infinito.service + template: + src: sys-rpr-docker-soft.service.j2 + dest: /etc/systemd/system/sys-rpr-docker-soft.infinito.service + notify: restart sys-rpr-docker-soft.infinito.service + +- name: "set 'service_name' to '{{ role_name }}'" + set_fact: + service_name: "{{ role_name }}" + +- name: "include role for sys-timer for {{service_name}}" + include_role: + name: sys-timer + vars: + on_calendar: "{{on_calendar_heal_docker}}" \ No newline at end of file diff --git a/roles/sys-rpr-docker-soft/tasks/main.yml b/roles/sys-rpr-docker-soft/tasks/main.yml index c2f512ad..c3790712 100644 --- a/roles/sys-rpr-docker-soft/tasks/main.yml +++ b/roles/sys-rpr-docker-soft/tasks/main.yml @@ -1,37 +1,4 @@ -- name: "create {{heal_docker}}" - file: - path: "{{heal_docker}}" - state: directory - mode: 0755 - when: run_once_sys_rpr_docker_soft is not defined - -- name: create sys-rpr-docker-soft.py - copy: - src: sys-rpr-docker-soft.py - dest: "{{heal_docker}}sys-rpr-docker-soft.py" - notify: restart sys-rpr-docker-soft.infinito.service - when: run_once_sys_rpr_docker_soft is not defined - -- name: create sys-rpr-docker-soft.infinito.service - template: - src: sys-rpr-docker-soft.service.j2 - dest: /etc/systemd/system/sys-rpr-docker-soft.infinito.service - notify: restart sys-rpr-docker-soft.infinito.service - when: run_once_sys_rpr_docker_soft is not defined - -- name: "set 'service_name' to '{{ role_name }}'" - set_fact: - service_name: "{{ role_name }}" - when: run_once_sys_rpr_docker_soft is not defined - -- name: "include role for sys-timer for {{service_name}}" - include_role: - name: sys-timer - vars: - on_calendar: "{{on_calendar_heal_docker}}" - when: run_once_sys_rpr_docker_soft is not defined - -- name: run the heal_docker tasks once - set_fact: - run_once_sys_rpr_docker_soft: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_sys_rpr_docker_soft is not defined \ No newline at end of file diff --git a/roles/update-compose/tasks/01_core.yml b/roles/update-compose/tasks/01_core.yml new file mode 100644 index 00000000..fef2708c --- /dev/null +++ b/roles/update-compose/tasks/01_core.yml @@ -0,0 +1,51 @@ +--- +- name: "Check if {{ path_docker_compose_instances }} directory exists" + stat: + path: "{{ path_docker_compose_instances }}" + register: docker_compose_directory_stat + +- name: "Update with pacman" + include_role: + name: update-pacman + when: ansible_distribution == 'Archlinux' + +- name: "Update with apt" + include_role: + name: update-apt + when: ansible_distribution == "Debian" + +- name: "Update Docker Images" + include_role: + name: update-docker + when: docker_compose_directory_stat.stat.exists + +- name: "Check if yay is installed" + command: which yay + register: yay_installed + changed_when: false + failed_when: false + +- name: "Update with yay" + include_role: + name: update-yay + when: yay_installed.rc == 0 + +- name: "Check if pip is installed" + command: which pip + register: pip_installed + changed_when: false + failed_when: false + +- name: "Update with pip" + include_role: + name: update-pip + +- name: "Check if pkgmgr command is available" + command: "which pkgmgr" + register: pkgmgr_available + failed_when: false + +- name: "Update all repositories using pkgmgr" + include_role: + name: update-pkgmgr + when: pkgmgr_available.rc == 0 diff --git a/roles/update-compose/tasks/main.yml b/roles/update-compose/tasks/main.yml index 773079f3..9c1b6559 100644 --- a/roles/update-compose/tasks/main.yml +++ b/roles/update-compose/tasks/main.yml @@ -1,78 +1,4 @@ ---- -- name: "Check if {{ path_docker_compose_instances }} directory exists" - stat: - path: "{{ path_docker_compose_instances }}" - register: docker_compose_directory_stat - when: - - run_once_update_compose is not defined - -- name: "Update with pacman" - include_role: - name: update-pacman - when: - - run_once_update_compose is not defined - - ansible_distribution == 'Archlinux' - -- name: "Update with apt" - include_role: - name: update-apt - when: - - run_once_update_compose is not defined - - ansible_distribution == "Debian" - -- name: "Update Docker Images" - include_role: - name: update-docker - when: - - run_once_update_compose is not defined - - docker_compose_directory_stat.stat.exists - -- name: "Check if yay is installed" - command: which yay - register: yay_installed - changed_when: false - failed_when: false - when: - - run_once_update_compose is not defined - -- name: "Update with yay" - include_role: - name: update-yay - when: - - run_once_update_compose is not defined - - yay_installed.rc == 0 - - -- name: "Check if pip is installed" - command: which pip - register: pip_installed - changed_when: false - failed_when: false - when: - - run_once_update_compose is not defined - -- name: "Update with pip" - include_role: - name: update-pip - when: - - run_once_update_compose is not defined - - -- name: "Check if pkgmgr command is available" - command: "which pkgmgr" - register: pkgmgr_available - failed_when: false - when: - - run_once_update_compose is not defined - -- name: "Update all repositories using pkgmgr" - include_role: - name: update-pkgmgr - when: - - pkgmgr_available.rc == 0 - - run_once_update_compose is not defined - -- name: run the update tasks once - set_fact: - run_once_update_compose: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_update_compose is not defined \ No newline at end of file diff --git a/roles/update-docker/tasks/01_core.yml b/roles/update-docker/tasks/01_core.yml new file mode 100644 index 00000000..657ffb19 --- /dev/null +++ b/roles/update-docker/tasks/01_core.yml @@ -0,0 +1,23 @@ +- name: "start sys-bkp-docker-2-loc-everything.infinito.service" + systemd: + name: sys-bkp-docker-2-loc-everything.infinito.service + state: started + when: + - mode_backup | bool + +- name: create {{update_docker_script}} + template: + src: update-docker.py.j2 + dest: "{{update_docker_script}}" + +- name: configure update-docker.infinito.service + template: + src: update-docker.service.j2 + dest: /etc/systemd/system/update-docker.infinito.service + +- name: "restart update-docker.infinito.service" + systemd: + name: update-docker.infinito.service + state: restarted + enabled: yes + daemon_reload: yes diff --git a/roles/update-docker/tasks/main.yml b/roles/update-docker/tasks/main.yml index 9272bd4e..9113e12e 100644 --- a/roles/update-docker/tasks/main.yml +++ b/roles/update-docker/tasks/main.yml @@ -1,32 +1,4 @@ -- name: "start sys-bkp-docker-2-loc-everything.infinito.service" - systemd: - name: sys-bkp-docker-2-loc-everything.infinito.service - state: started - when: - - run_once_update_docker is not defined - - mode_backup | bool - -- name: create {{update_docker_script}} - template: - src: update-docker.py.j2 - dest: "{{update_docker_script}}" - when: run_once_update_docker is not defined - -- name: configure update-docker.infinito.service - template: - src: update-docker.service.j2 - dest: /etc/systemd/system/update-docker.infinito.service - when: run_once_update_docker is not defined - -- name: "restart update-docker.infinito.service" - systemd: - name: update-docker.infinito.service - state: restarted - enabled: yes - daemon_reload: yes - when: run_once_update_docker is not defined - -- name: run the update docker tasks once - set_fact: - run_once_update_docker: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_update_docker is not defined \ No newline at end of file diff --git a/roles/user-administrator/tasks/01_core.yml b/roles/user-administrator/tasks/01_core.yml new file mode 100644 index 00000000..7ffc6dbd --- /dev/null +++ b/roles/user-administrator/tasks/01_core.yml @@ -0,0 +1,48 @@ +- name: create administrator + user: + name: administrator + update_password: on_create + password: "{{ users.administrator.password | password_hash('sha512') }}" + create_home: yes + generate_ssh_key: yes + ssh_key_type: rsa + ssh_key_bits: 8192 + +- name: "set correct rights for {{path_administrator_home}}" + file: + path: "{{path_administrator_home}}" + state: directory + owner: administrator + group: administrator + mode: 0700 + +- name: "create {{path_administrator_scripts}}" + file: + path: "{{path_administrator_home}}scripts" + state: directory + owner: administrator + group: administrator + mode: 0700 + +- name: create {{path_administrator_home}}.ssh/authorized_keys + copy: + src: "{{ inventory_dir }}/files/{{ inventory_hostname }}{{path_administrator_home}}.ssh/authorized_keys" + dest: "{{path_administrator_home}}.ssh/authorized_keys" + owner: administrator + group: administrator + mode: '0644' + +- name: grant administrator sudo rights with password + copy: + src: "administrator" + dest: /etc/sudoers.d/administrator + mode: '0644' + owner: root + group: root + notify: sshd restart + +- name: "embed user routines for {{ role_path | basename }}" + include_role: + name: user + vars: + user_name: "administrator" diff --git a/roles/user-administrator/tasks/main.yml b/roles/user-administrator/tasks/main.yml index 8cf7b338..52f7867e 100644 --- a/roles/user-administrator/tasks/main.yml +++ b/roles/user-administrator/tasks/main.yml @@ -1,59 +1,4 @@ -- name: create administrator - user: - name: administrator - update_password: on_create - password: "{{ users.administrator.password | password_hash('sha512') }}" - create_home: yes - generate_ssh_key: yes - ssh_key_type: rsa - ssh_key_bits: 8192 - when: run_once_user_administrator is not defined - -- name: "set correct rights for {{path_administrator_home}}" - file: - path: "{{path_administrator_home}}" - state: directory - owner: administrator - group: administrator - mode: 0700 - when: run_once_user_administrator is not defined - -- name: "create {{path_administrator_scripts}}" - file: - path: "{{path_administrator_home}}scripts" - state: directory - owner: administrator - group: administrator - mode: 0700 - when: run_once_user_administrator is not defined - -- name: create {{path_administrator_home}}.ssh/authorized_keys - copy: - src: "{{ inventory_dir }}/files/{{ inventory_hostname }}{{path_administrator_home}}.ssh/authorized_keys" - dest: "{{path_administrator_home}}.ssh/authorized_keys" - owner: administrator - group: administrator - mode: '0644' - when: run_once_user_administrator is not defined - -- name: grant administrator sudo rights with password - copy: - src: "administrator" - dest: /etc/sudoers.d/administrator - mode: '0644' - owner: root - group: root - notify: sshd restart - when: run_once_user_administrator is not defined - -- name: "embed user routines for {{ role_path | basename }}" - include_role: - name: user - vars: - user_name: "administrator" - when: run_once_user_administrator is not defined - -- name: run the user_administrator tasks once - set_fact: - run_once_user_administrator: true +- block: + - include_tasks: 01_core.yml + - include_tasks: utils/run_once.yml when: run_once_user_administrator is not defined \ No newline at end of file