kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized performance by moving multiple similar when includes to own tasks file

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-08-11 13:15:31 +02:00
parent 6318611931
commit 1ba50397db
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
41 changed files with 616 additions and 733 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/dev-locales/tasks/main.yml
View File

@ -5,4 +5,4 @@
template: src=locale.conf dest=/etc/locale.conf template: src=locale.conf dest=/etc/locale.conf
- name: Generate locales - name: Generate locales
shell: locale-gen shell: locale-gen
become: yes become: true

8
roles/dev-yay/tasks/main.yml
View File

@ -6,14 +6,14 @@
state: present state: present
- name: Create the `aur_builder` user - name: Create the `aur_builder` user
become: yes become: true
ansible.builtin.user: ansible.builtin.user:
name: aur_builder name: aur_builder
create_home: yes create_home: yes
group: wheel group: wheel
- name: Allow the `aur_builder` user to run `sudo pacman` without a password - name: Allow the `aur_builder` user to run `sudo pacman` without a password
become: yes become: true
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/sudoers.d/11-install-aur_builder path: /etc/sudoers.d/11-install-aur_builder
line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman' line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
@ -21,7 +21,7 @@
validate: 'visudo -cf %s' validate: 'visudo -cf %s'
- name: Clone yay from AUR - name: Clone yay from AUR
become: yes become: true
become_user: aur_builder become_user: aur_builder
git: git:
repo: https://aur.archlinux.org/yay.git repo: https://aur.archlinux.org/yay.git
@ -30,7 +30,7 @@
update: yes update: yes
- name: Build and install yay - name: Build and install yay
become: yes become: true
become_user: aur_builder become_user: aur_builder
shell: | shell: |
cd /home/aur_builder/yay cd /home/aur_builder/yay

2
roles/drv-lid-switch/handlers/main.yml
View File

@ -1,6 +1,6 @@
--- ---
- name: Restart systemd-logind - name: Restart systemd-logind
become: yes become: true
systemd: systemd:
name: systemd-logind name: systemd-logind
state: restarted state: restarted

6
roles/drv-lid-switch/tasks/main.yml
View File

@ -10,7 +10,7 @@
become: true become: true
- name: Configure systemd lid switch behavior to hibernate on lid close (battery), lock on AC and docked - name: Configure systemd lid switch behavior to hibernate on lid close (battery), lock on AC and docked
become: yes become: true
lineinfile: lineinfile:
path: /etc/systemd/logind.conf path: /etc/systemd/logind.conf
regexp: '^#?HandleLidSwitch=' regexp: '^#?HandleLidSwitch='
@ -20,7 +20,7 @@
become: true become: true
- name: Configure systemd to lock session when lid is closed on external power - name: Configure systemd to lock session when lid is closed on external power
become: yes become: true
lineinfile: lineinfile:
path: /etc/systemd/logind.conf path: /etc/systemd/logind.conf
regexp: '^#?HandleLidSwitchExternalPower=' regexp: '^#?HandleLidSwitchExternalPower='
@ -30,7 +30,7 @@
become: true become: true
- name: Configure systemd to lock session when lid is closed while docked - name: Configure systemd to lock session when lid is closed while docked
become: yes become: true
lineinfile: lineinfile:
path: /etc/systemd/logind.conf path: /etc/systemd/logind.conf
regexp: '^#?HandleLidSwitchDocked=' regexp: '^#?HandleLidSwitchDocked='

42
roles/pkgmgr/tasks/01_core.yml Normal file
View File

@ -0,0 +1,42 @@
- name: Ensure GitHub host key is in known_hosts
known_hosts:
path: "~/.ssh/known_hosts"
name: github.com
key: "{{ lookup('pipe', 'ssh-keyscan -t ed25519 github.com | grep -v \"^#\"') }}"
become: true
- name: Create installation directory for Kevin's Package Manager
file:
path: "{{ pkgmgr_install_path }}"
state: directory
mode: '0755'
become: true
- name: Clone Kevin's Package Manager repository
git:
repo: "{{ pkgmgr_repo_url }}"
dest: "{{ pkgmgr_install_path }}"
version: "HEAD"
force: yes
become: true
- name: Ensure main.py is executable
file:
path: "{{ pkgmgr_install_path }}/main.py"
mode: '0755'
become: true
- name: create config.yaml
template:
src: config.yaml.j2
dest: "{{pkgmgr_config_path}}"
become: true
- name: Run the Package Manager install command to create an alias for Kevins package manager
shell: |
source ~/.venvs/pkgmgr/bin/activate
make setup
args:
chdir: "{{ pkgmgr_install_path }}"
executable: /bin/bash
become: true

56
roles/pkgmgr/tasks/main.yml
View File

@ -1,53 +1,5 @@
--- ---
- name: Ensure GitHub host key is in known_hosts - block:
known_hosts: - include_tasks: 01_core.yml
path: "~/.ssh/known_hosts" - include_tasks: utils/run_once.yml
name: github.com when: run_once_pkgmgr is not definedd
key: "{{ lookup('pipe', 'ssh-keyscan -t ed25519 github.com | grep -v \"^#\"') }}"
become: yes
- name: Create installation directory for Kevin's Package Manager
file:
path: "{{ pkgmgr_install_path }}"
state: directory
mode: '0755'
become: yes
when: run_once_pkgmgr is not defined
- name: Clone Kevin's Package Manager repository
git:
repo: "{{ pkgmgr_repo_url }}"
dest: "{{ pkgmgr_install_path }}"
version: "HEAD"
force: yes
become: yes
when: run_once_pkgmgr is not defined
- name: Ensure main.py is executable
file:
path: "{{ pkgmgr_install_path }}/main.py"
mode: '0755'
become: yes
when: run_once_pkgmgr is not defined
- name: create config.yaml
template:
src: config.yaml.j2
dest: "{{pkgmgr_config_path}}"
become: yes
when: run_once_pkgmgr is not defined
- name: Run the Package Manager install command to create an alias for Kevins package manager
shell: |
source ~/.venvs/pkgmgr/bin/activate
make setup
args:
chdir: "{{ pkgmgr_install_path }}"
executable: /bin/bash
become: yes
when: run_once_pkgmgr is not defined
- name: run run_once_pkgmgr tasks once
set_fact:
run_once_pkgmgr: true
when: run_once_pkgmgr is not defined

10
roles/srv-web-7-7-inj-compose/tasks/main.yml
View File

@ -14,7 +14,10 @@
name: web-svc-cdn name: web-svc-cdn
public: false public: false
# ATM just the Logout is using the CDN. # ATM just the Logout is using the CDN.
when: inj_enabled.logout and application_id != 'web-svc-cdn' when:
- inj_enabled.logout
- application_id != 'web-svc-cdn'
- run_once_web_svc_cdn is not defined
- name: Overwritte CDN handlers with neutral handlers - name: Overwritte CDN handlers with neutral handlers
ansible.builtin.include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml" ansible.builtin.include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml"
@ -26,7 +29,6 @@
vars: vars:
handler_role_name: "{{ item }}" handler_role_name: "{{ item }}"
- name: Set inj_enabled dictionary - name: Set inj_enabled dictionary
set_fact: set_fact:
inj_enabled: inj_enabled:
@ -39,7 +41,9 @@
- name: "Activate Global CSS for {{domain}}" - name: "Activate Global CSS for {{domain}}"
include_role: include_role:
name: srv-web-7-7-inj-css name: srv-web-7-7-inj-css
when: inj_enabled.css when:
- inj_enabled.css
- run_once_srv_web_7_7_inj_css is not defined
- name: "Activate Global Matomo Tracking for {{domain}}" - name: "Activate Global Matomo Tracking for {{domain}}"
include_role: include_role:

24
roles/srv-web-7-7-inj-css/tasks/01_core.yml Normal file
View File

@ -0,0 +1,24 @@
- name: Generate color palette with colorscheme-generator
set_fact:
color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades) }}"
- name: Generate inverted color palette with colorscheme-generator
set_fact:
inverted_color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades, invert_lightness=True) }}"
- name: Deploy global.css
template:
src: global.css.j2
dest: "{{ global_css_destination }}"
owner: "{{ nginx.user }}"
group: "{{ nginx.user }}"
mode: '0644'
- name: Get stat for global.css
stat:
path: "{{ global_css_destination }}"
register: global_css_stat
- name: Set global_css_version
set_fact:
global_css_version: "{{ global_css_stat.stat.mtime }}"

38
roles/srv-web-7-7-inj-css/tasks/main.yml
View File

@ -1,34 +1,4 @@
- name: Generate color palette with colorscheme-generator - block:
set_fact: - include_tasks: 01_core.yml
color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades) }}" - include_tasks: utils/run_once.yml
when: run_once_srv_web_7_7_inj_css is not defined when: run_once_srv_web_7_7_inj_css is not defined
- name: Generate inverted color palette with colorscheme-generator
set_fact:
inverted_color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades, invert_lightness=True) }}"
when: run_once_srv_web_7_7_inj_css is not defined
- name: Deploy global.css
template:
src: global.css.j2
dest: "{{ global_css_destination }}"
owner: "{{ nginx.user }}"
group: "{{ nginx.user }}"
mode: '0644'
when: run_once_srv_web_7_7_inj_css is not defined
- name: Get stat for global.css
stat:
path: "{{ global_css_destination }}"
register: global_css_stat
when: run_once_srv_web_7_7_inj_css is not defined
- name: Set global_css_version
set_fact:
global_css_version: "{{ global_css_stat.stat.mtime }}"
when: run_once_srv_web_7_7_inj_css is not defined
- name: Mark css as done
set_fact:
run_once_srv_web_7_7_inj_css: true
when: run_once_srv_web_7_7_inj_css is not defined

16
roles/sys-alm-email/tasks/01_core.yml Normal file
View File

@ -0,0 +1,16 @@
- name: "create {{systemd_notifier_email_folder}}"
file:
path: "{{systemd_notifier_email_folder}}"
state: directory
mode: 0755
- name: configure sys-alm-email.sh
template:
src: sys-alm-email.sh.j2
dest: "{{systemd_notifier_email_folder}}sys-alm-email.sh"
- name: configure sys-alm-email.infinito.service
template:
src: sys-alm-email@.service.j2
dest: /etc/systemd/system/sys-alm-email.infinito@.service
notify: restart sys-alm-email service

28
roles/sys-alm-email/tasks/main.yml
View File

@ -1,24 +1,4 @@
- name: "create {{systemd_notifier_email_folder}}" - block:
file: - include_tasks: 01_core.yml
path: "{{systemd_notifier_email_folder}}" - include_tasks: utils/run_once.yml
state: directory when: run_once_sys_alm_email is not defined
mode: 0755
when: run_once_sys_alm_email is not defined
- name: configure sys-alm-email.sh
template:
src: sys-alm-email.sh.j2
dest: "{{systemd_notifier_email_folder}}sys-alm-email.sh"
when: run_once_sys_alm_email is not defined
- name: configure sys-alm-email.infinito.service
template:
src: sys-alm-email@.service.j2
dest: /etc/systemd/system/sys-alm-email.infinito@.service
notify: restart sys-alm-email service
when: run_once_sys_alm_email is not defined
- name: run the systemd_notifier_email tasks once
set_fact:
run_once_sys_alm_email: true
when: run_once_sys_alm_email is not defined

32
roles/sys-alm-telegram/tasks/01_core.yml Normal file
View File

@ -0,0 +1,32 @@
- name: Fail if Telegram bot credentials are not set
assert:
that:
- telegram_bot_token != ""
- telegram_chat_id != ""
fail_msg: |
Telegram configuration is incomplete!
Please provide nonempty values for:
- telegram_bot_token # Your Telegram bots API token
- telegram_chat_id # The Telegram chat ID to send messages to
- name: install curl
pacman:
name: curl
state: present
- name: Create a directory with a subdirectory
ansible.builtin.file:
path: "{{systemd_telegram_folder}}"
state: directory
mode: '0755'
- name: configure sys-alm-telegram.sh
template:
src: sys-alm-telegram.sh.j2
dest: "{{ systemd_telegram_script }}"
- name: configure sys-alm-telegram.infinito.service
template:
src: sys-alm-telegram@.service.j2
dest: "/etc/systemd/system/sys-alm-telegram.infinito@.service"
notify: "restart sys-alm-telegram service"

44
roles/sys-alm-telegram/tasks/main.yml
View File

@ -1,42 +1,4 @@
- name: Fail if Telegram bot credentials are not set - block:
assert: - include_tasks: 01_core.yml
that: - include_tasks: utils/run_once.yml
- telegram_bot_token != ""
- telegram_chat_id != ""
fail_msg: |
Telegram configuration is incomplete!
Please provide nonempty values for:
- telegram_bot_token # Your Telegram bots API token
- telegram_chat_id # The Telegram chat ID to send messages to
when: run_once_sys_alm_telegram is not defined
- name: install curl
pacman:
name: curl
state: present
when: run_once_sys_alm_telegram is not defined
- name: Create a directory with a subdirectory
ansible.builtin.file:
path: "{{systemd_telegram_folder}}"
state: directory
mode: '0755'
when: run_once_sys_alm_telegram is not defined
- name: configure sys-alm-telegram.sh
template:
src: sys-alm-telegram.sh.j2
dest: "{{ systemd_telegram_script }}"
when: run_once_sys_alm_telegram is not defined
- name: configure sys-alm-telegram.infinito.service
template:
src: sys-alm-telegram@.service.j2
dest: "/etc/systemd/system/sys-alm-telegram.infinito@.service"
notify: "restart sys-alm-telegram service"
when: run_once_sys_alm_telegram is not defined
- name: run the systemd_notifier_telegram tasks once
set_fact:
run_once_sys_alm_telegram: true
when: run_once_sys_alm_telegram is not defined when: run_once_sys_alm_telegram is not defined

37
roles/sys-bkp-provider-user/tasks/01_core.yml Normal file
View File

@ -0,0 +1,37 @@
- name: create backup user
user:
name: backup
create_home: yes
- name: create .ssh directory
file:
path: /home/backup/.ssh
state: directory
owner: backup
group: backup
mode: '0700'
- name: create /home/backup/.ssh/authorized_keys
template:
src: "authorized_keys.j2"
dest: /home/backup/.ssh/authorized_keys
owner: backup
group: backup
mode: '0644'
- name: create /home/backup/ssh-wrapper.sh
copy:
src: "ssh-wrapper.sh"
dest: /home/backup/ssh-wrapper.sh
owner: backup
group: backup
mode: '0700'
- name: grant backup sudo rights
copy:
src: "backup"
dest: /etc/sudoers.d/backup
mode: '0644'
owner: root
group: root
notify: sshd restart

49
roles/sys-bkp-provider-user/tasks/main.yml
View File

@ -1,47 +1,4 @@
- name: create backup user - block:
user: - include_tasks: 01_core.yml
name: backup - include_tasks: utils/run_once.yml
create_home: yes
when: run_once_sys_bkp_provider_user is not defined
- name: create .ssh directory
file:
path: /home/backup/.ssh
state: directory
owner: backup
group: backup
mode: '0700'
when: run_once_sys_bkp_provider_user is not defined
- name: create /home/backup/.ssh/authorized_keys
template:
src: "authorized_keys.j2"
dest: /home/backup/.ssh/authorized_keys
owner: backup
group: backup
mode: '0644'
when: run_once_sys_bkp_provider_user is not defined
- name: create /home/backup/ssh-wrapper.sh
copy:
src: "ssh-wrapper.sh"
dest: /home/backup/ssh-wrapper.sh
owner: backup
group: backup
mode: '0700'
when: run_once_sys_bkp_provider_user is not defined
- name: grant backup sudo rights
copy:
src: "backup"
dest: /etc/sudoers.d/backup
mode: '0644'
owner: root
group: root
notify: sshd restart
when: run_once_sys_bkp_provider_user is not defined
- name: run the backups_provider_user tasks once
set_fact:
run_once_sys_bkp_provider_user: true
when: run_once_sys_bkp_provider_user is not defined when: run_once_sys_bkp_provider_user is not defined

23
roles/sys-cln-bkps-service/tasks/01_core.yml Normal file
View File

@ -0,0 +1,23 @@
- name: install lsof and python-psutil
community.general.pacman:
name:
- lsof
- python-psutil
state: present
- name: "create {{cleanup_backups_directory}}"
file:
path: "{{cleanup_backups_directory}}"
state: directory
mode: 0755
- name: create sys-cln-backups.py
copy:
src: "sys-cln-backups.py"
dest: "{{cleanup_backups_directory}}sys-cln-backups.py"
- name: create sys-cln-backups.infinito.service
template:
src: "sys-cln-backups.service.j2"
dest: "/etc/systemd/system/sys-cln-backups.infinito.service"
notify: reload sys-cln-backups.infinito.service

33
roles/sys-cln-bkps-service/tasks/main.yml
View File

@ -1,32 +1,5 @@
- name: install lsof and python-psutil - block:
community.general.pacman: - include_tasks: 01_core.yml
name: - include_tasks: utils/run_once.yml
- lsof
- python-psutil
state: present
when: run_once_sys_cln_bkps_service is not defined when: run_once_sys_cln_bkps_service is not defined
- name: "create {{cleanup_backups_directory}}"
file:
path: "{{cleanup_backups_directory}}"
state: directory
mode: 0755
when: run_once_sys_cln_bkps_service is not defined
- name: create sys-cln-backups.py
copy:
src: "sys-cln-backups.py"
dest: "{{cleanup_backups_directory}}sys-cln-backups.py"
when: run_once_sys_cln_bkps_service is not defined
- name: create sys-cln-backups.infinito.service
template:
src: "sys-cln-backups.service.j2"
dest: "/etc/systemd/system/sys-cln-backups.infinito.service"
notify: reload sys-cln-backups.infinito.service
when: run_once_sys_cln_bkps_service is not defined
- name: run the cleanup_backups_service tasks once
set_fact:
run_once_sys_cln_bkps_service: true
when: run_once_sys_cln_bkps_service is not defined

21
roles/sys-cln-certs/tasks/01_core.yml Normal file
View File

@ -0,0 +1,21 @@
- name: "pkgmgr install"
include_role:
name: pkgmgr-install
vars:
package_name: certreap
- name: configure sys-cln-certs.infinito.service
template:
src: sys-cln-certs.service.j2
dest: /etc/systemd/system/sys-cln-certs.infinito.service
notify: Reload and restart sys-cln-certs.infinito.service
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{ on_calendar_cleanup_certs }}"

32
roles/sys-cln-certs/tasks/main.yml
View File

@ -1,30 +1,4 @@
- name: "pkgmgr install" - block:
include_role: - include_tasks: 01_core.yml
name: pkgmgr-install - include_tasks: utils/run_once.yml
vars:
package_name: certreap
when: run_once_sys_cln_certs is not defined
- name: configure sys-cln-certs.infinito.service
template:
src: sys-cln-certs.service.j2
dest: /etc/systemd/system/sys-cln-certs.infinito.service
notify: Reload and restart sys-cln-certs.infinito.service
when: run_once_sys_cln_certs is not defined
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_sys_cln_certs is not defined
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{ on_calendar_cleanup_certs }}"
when: run_once_sys_cln_certs is not defined
- name: run the run_once_sys_cln_certs tasks once
set_fact:
run_once_sys_cln_certs: true
when: run_once_sys_cln_certs is not defined when: run_once_sys_cln_certs is not defined

31
roles/sys-cln-faild-bkps/tasks/01_core.yml Normal file
View File

@ -0,0 +1,31 @@
- name: "pkgmgr install"
include_role:
name: pkgmgr-install
vars:
package_name: "{{ cln_failed_docker_backups_pkg }}"
- name: "Retrieve {{ cln_failed_docker_backups_pkg }} path from pkgmgr"
command: "pkgmgr path {{ cln_failed_docker_backups_pkg }}"
register: pkgmgr_output
changed_when: false
- name: Set fact for backup_docker_to_local_cleanup_script
set_fact:
backup_docker_to_local_cleanup_script: "{{ pkgmgr_output.stdout.rstrip('/') ~ '/cleanup-all.sh' }}"
changed_when: false
- name: configure sys-cln-faild-bkps.infinito.service
template:
src: sys-cln-faild-bkps.service.j2
dest: /etc/systemd/system/sys-cln-faild-bkps.infinito.service
notify: Reload sys-cln-faild-bkps.infinito.service
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_cleanup_failed_docker}}"

44
roles/sys-cln-faild-bkps/tasks/main.yml
View File

@ -1,42 +1,4 @@
- name: "pkgmgr install" - block:
include_role: - include_tasks: 01_core.yml
name: pkgmgr-install - include_tasks: utils/run_once.yml
vars:
package_name: "{{ cln_failed_docker_backups_pkg }}"
when: run_once_sys_cln_faild_bkps is not defined
- name: "Retrieve {{ cln_failed_docker_backups_pkg }} path from pkgmgr"
command: "pkgmgr path {{ cln_failed_docker_backups_pkg }}"
register: pkgmgr_output
changed_when: false
when: run_once_sys_cln_faild_bkps is not defined
- name: Set fact for backup_docker_to_local_cleanup_script
set_fact:
backup_docker_to_local_cleanup_script: "{{ pkgmgr_output.stdout.rstrip('/') ~ '/cleanup-all.sh' }}"
changed_when: false
when: run_once_sys_cln_faild_bkps is not defined
- name: configure sys-cln-faild-bkps.infinito.service
template:
src: sys-cln-faild-bkps.service.j2
dest: /etc/systemd/system/sys-cln-faild-bkps.infinito.service
notify: Reload sys-cln-faild-bkps.infinito.service
when: run_once_sys_cln_faild_bkps is not defined
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_sys_cln_faild_bkps is not defined
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_cleanup_failed_docker}}"
when: run_once_sys_cln_faild_bkps is not defined
- name: run the cleanup_failed_docker_backups tasks once
set_fact:
run_once_sys_cln_faild_bkps: true
when: run_once_sys_cln_faild_bkps is not defined when: run_once_sys_cln_faild_bkps is not defined

37
roles/sys-hlth-csp/tasks/01_core.yml Normal file
View File

@ -0,0 +1,37 @@
- name: "pkgmgr install"
include_role:
name: pkgmgr-install
vars:
package_name: checkcsp
- name: rebuild checkcsp docker image
shell: checkcsp build
# Todo this could be optimized in the future
- name: "create {{ health_csp_crawler_folder }}"
file:
path: "{{ health_csp_crawler_folder }}"
state: directory
mode: 0755
- name: copy sys-hlth-csp.py
copy:
src: sys-hlth-csp.py
dest: "{{ health_csp_crawler_script }}"
mode: 0755
- name: create sys-hlth-csp.infinito.service
template:
src: sys-hlth-csp.service.j2
dest: /etc/systemd/system/sys-hlth-csp.infinito.service
notify: reload sys-hlth-csp.infinito.service
- name: set service_name to role_name
set_fact:
service_name: "{{ role_name }}"
- name: include systemd timer role
include_role:
name: sys-timer
vars:
on_calendar: "{{ on_calendar_health_csp_crawler }}"

52
roles/sys-hlth-csp/tasks/main.yml
View File

@ -1,48 +1,4 @@
- name: "pkgmgr install" - block:
include_role: - include_tasks: 01_core.yml
name: pkgmgr-install - include_tasks: utils/run_once.yml
vars: when: run_once_sys_hlth_csp is not defined
package_name: checkcsp
when: run_once_sys_hlth_csp is not defined
- name: rebuild checkcsp docker image
shell: checkcsp build
# Todo this could be optimized in the future
- name: "create {{ health_csp_crawler_folder }}"
file:
path: "{{ health_csp_crawler_folder }}"
state: directory
mode: 0755
when: run_once_sys_hlth_csp is not defined
- name: copy sys-hlth-csp.py
copy:
src: sys-hlth-csp.py
dest: "{{ health_csp_crawler_script }}"
mode: 0755
when: run_once_sys_hlth_csp is not defined
- name: create sys-hlth-csp.infinito.service
template:
src: sys-hlth-csp.service.j2
dest: /etc/systemd/system/sys-hlth-csp.infinito.service
notify: reload sys-hlth-csp.infinito.service
when: run_once_sys_hlth_csp is not defined
- name: set service_name to role_name
set_fact:
service_name: "{{ role_name }}"
when: run_once_sys_hlth_csp is not defined
- name: include systemd timer role
include_role:
name: sys-timer
vars:
on_calendar: "{{ on_calendar_health_csp_crawler }}"
when: run_once_sys_hlth_csp is not defined
- name: run the health_csp tasks once
set_fact:
run_once_sys_hlth_csp: true
when: run_once_sys_hlth_csp is not defined

26
roles/sys-hlth-docker-container/tasks/01_core.yml Normal file
View File

@ -0,0 +1,26 @@
- name: "create {{health_docker_container_folder}}"
file:
path: "{{health_docker_container_folder}}"
state: directory
mode: 0755
- name: create sys-hlth-docker-container.sh
copy:
src: sys-hlth-docker-container.sh
dest: "{{health_docker_container_folder}}sys-hlth-docker-container.sh"
- name: create sys-hlth-docker-container.infinito.service
template:
src: sys-hlth-docker-container.service.j2
dest: /etc/systemd/system/sys-hlth-docker-container.infinito.service
notify: reload sys-hlth-docker-container.infinito.service
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_health_docker_container}}"

38
roles/sys-hlth-docker-container/tasks/main.yml
View File

@ -1,36 +1,4 @@
- name: "create {{health_docker_container_folder}}" - block:
file: - include_tasks: 01_core.yml
path: "{{health_docker_container_folder}}" - include_tasks: utils/run_once.yml
state: directory
mode: 0755
when: run_once_sys_hlth_docker_container is not defined
- name: create sys-hlth-docker-container.sh
copy:
src: sys-hlth-docker-container.sh
dest: "{{health_docker_container_folder}}sys-hlth-docker-container.sh"
when: run_once_sys_hlth_docker_container is not defined
- name: create sys-hlth-docker-container.infinito.service
template:
src: sys-hlth-docker-container.service.j2
dest: /etc/systemd/system/sys-hlth-docker-container.infinito.service
notify: reload sys-hlth-docker-container.infinito.service
when: run_once_sys_hlth_docker_container is not defined
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_sys_hlth_docker_container is not defined
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_health_docker_container}}"
when: run_once_sys_hlth_docker_container is not defined
- name: run the health_docker_container tasks once
set_fact:
run_once_sys_hlth_docker_container: true
when: run_once_sys_hlth_docker_container is not defined when: run_once_sys_hlth_docker_container is not defined

26
roles/sys-hlth-docker-volumes/tasks/01_core.yml Normal file
View File

@ -0,0 +1,26 @@
- name: "create {{health_docker_volumes_folder}}"
file:
path: "{{health_docker_volumes_folder}}"
state: directory
mode: 0755
- name: create sys-hlth-docker-volumes.sh
copy:
src: sys-hlth-docker-volumes.sh
dest: "{{health_docker_volumes_folder}}sys-hlth-docker-volumes.sh"
- name: create sys-hlth-docker-volumes.infinito.service
template:
src: sys-hlth-docker-volumes.service.j2
dest: /etc/systemd/system/sys-hlth-docker-volumes.infinito.service
notify: reload sys-hlth-docker-volumes.infinito.service
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_health_docker_volumes}}"

38
roles/sys-hlth-docker-volumes/tasks/main.yml
View File

@ -1,36 +1,4 @@
- name: "create {{health_docker_volumes_folder}}" - block:
file: - include_tasks: 01_core.yml
path: "{{health_docker_volumes_folder}}" - include_tasks: utils/run_once.yml
state: directory
mode: 0755
when: run_once_sys_hlth_docker_volumes is not defined
- name: create sys-hlth-docker-volumes.sh
copy:
src: sys-hlth-docker-volumes.sh
dest: "{{health_docker_volumes_folder}}sys-hlth-docker-volumes.sh"
when: run_once_sys_hlth_docker_volumes is not defined
- name: create sys-hlth-docker-volumes.infinito.service
template:
src: sys-hlth-docker-volumes.service.j2
dest: /etc/systemd/system/sys-hlth-docker-volumes.infinito.service
notify: reload sys-hlth-docker-volumes.infinito.service
when: run_once_sys_hlth_docker_volumes is not defined
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_sys_hlth_docker_volumes is not defined
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_health_docker_volumes}}"
when: run_once_sys_hlth_docker_volumes is not defined
- name: run the health_docker_volumes tasks once
set_fact:
run_once_sys_hlth_docker_volumes: true
when: run_once_sys_hlth_docker_volumes is not defined when: run_once_sys_hlth_docker_volumes is not defined

26
roles/sys-hlth-journalctl/tasks/01_core.yml Normal file
View File

@ -0,0 +1,26 @@
- name: "create {{health_journalctl_folder}}"
file:
path: "{{health_journalctl_folder}}"
state: directory
mode: 0755
- name: create sys-hlth-journalctl.sh
copy:
src: sys-hlth-journalctl.sh
dest: "{{health_journalctl_folder}}sys-hlth-journalctl.sh"
- name: create sys-hlth-journalctl.infinito.service
template:
src: sys-hlth-journalctl.service.j2
dest: /etc/systemd/system/sys-hlth-journalctl.infinito.service
notify: reload sys-hlth-journalctl.infinito.service
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_health_journalctl}}"

38
roles/sys-hlth-journalctl/tasks/main.yml
View File

@ -1,36 +1,4 @@
- name: "create {{health_journalctl_folder}}" - block:
file: - include_tasks: 01_core.yml
path: "{{health_journalctl_folder}}" - include_tasks: utils/run_once.yml
state: directory
mode: 0755
when: run_once_sys_hlth_journalctl is not defined
- name: create sys-hlth-journalctl.sh
copy:
src: sys-hlth-journalctl.sh
dest: "{{health_journalctl_folder}}sys-hlth-journalctl.sh"
when: run_once_sys_hlth_journalctl is not defined
- name: create sys-hlth-journalctl.infinito.service
template:
src: sys-hlth-journalctl.service.j2
dest: /etc/systemd/system/sys-hlth-journalctl.infinito.service
notify: reload sys-hlth-journalctl.infinito.service
when: run_once_sys_hlth_journalctl is not defined
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_sys_hlth_journalctl is not defined
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_health_journalctl}}"
when: run_once_sys_hlth_journalctl is not defined
- name: run the health_journalctl tasks once
set_fact:
run_once_sys_hlth_journalctl: true
when: run_once_sys_hlth_journalctl is not defined when: run_once_sys_hlth_journalctl is not defined

31
roles/sys-hlth-webserver/tasks/01_core.yml Normal file
View File

@ -0,0 +1,31 @@
- name: Install required Python modules
pacman:
name: python-requests
state: present
- name: "create {{ health_nginx_folder }}"
file:
path: "{{ health_nginx_folder }}"
state: directory
mode: 0755
- name: create sys-hlth-webserver.py
template:
src: sys-hlth-webserver.py.j2
dest: "{{ health_nginx_folder }}sys-hlth-webserver.py"
- name: create sys-hlth-webserver.infinito.service
template:
src: sys-hlth-webserver.service.j2
dest: /etc/systemd/system/sys-hlth-webserver.infinito.service
notify: reload sys-hlth-webserver.infinito.service
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_health_nginx}}"

43
roles/sys-hlth-webserver/tasks/main.yml
View File

@ -1,43 +1,6 @@
- name: Install required Python modules - block:
pacman: - include_tasks: 01_core.yml
name: python-requests - include_tasks: utils/run_once.yml
state: present
when: run_once_sys_hlth_webserver is not defined when: run_once_sys_hlth_webserver is not defined
- name: "create {{ health_nginx_folder }}"
file:
path: "{{ health_nginx_folder }}"
state: directory
mode: 0755
when: run_once_sys_hlth_webserver is not defined
- name: create sys-hlth-webserver.py
template:
src: sys-hlth-webserver.py.j2
dest: "{{ health_nginx_folder }}sys-hlth-webserver.py"
when: run_once_sys_hlth_webserver is not defined
- name: create sys-hlth-webserver.infinito.service
template:
src: sys-hlth-webserver.service.j2
dest: /etc/systemd/system/sys-hlth-webserver.infinito.service
notify: reload sys-hlth-webserver.infinito.service
when: run_once_sys_hlth_webserver is not defined
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_sys_hlth_webserver is not defined
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_health_nginx}}"
when: run_once_sys_hlth_webserver is not defined
- name: run the health_nginx tasks once
set_fact:
run_once_sys_hlth_webserver: true
when: run_once_sys_hlth_webserver is not defined

21
roles/sys-rpr-btrfs-blnc/tasks/01_core.yml Normal file
View File

@ -0,0 +1,21 @@
- name: "pkgmgr install"
include_role:
name: pkgmgr-install
vars:
package_name: btrfs-auto-balancer
- name: configure sys-rpr-btrfs-blnc.infinito.service
template:
src: sys-rpr-btrfs-blnc.service.j2
dest: /etc/systemd/system/sys-rpr-btrfs-blnc.infinito.service
notify: reload sys-rpr-btrfs-blnc.infinito.service
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_btrfs_auto_balancer}}"

32
roles/sys-rpr-btrfs-blnc/tasks/main.yml
View File

@ -1,30 +1,4 @@
- name: "pkgmgr install" - block:
include_role: - include_tasks: 01_core.yml
name: pkgmgr-install - include_tasks: utils/run_once.yml
vars:
package_name: btrfs-auto-balancer
when: run_once_sys_rpr_btrfs_blnc is not defined
- name: configure sys-rpr-btrfs-blnc.infinito.service
template:
src: sys-rpr-btrfs-blnc.service.j2
dest: /etc/systemd/system/sys-rpr-btrfs-blnc.infinito.service
notify: reload sys-rpr-btrfs-blnc.infinito.service
when: run_once_sys_rpr_btrfs_blnc is not defined
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_sys_rpr_btrfs_blnc is not defined
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_btrfs_auto_balancer}}"
when: run_once_sys_rpr_btrfs_blnc is not defined
- name: run the system_btrfs_auto_balancer tasks once
set_fact:
run_once_sys_rpr_btrfs_blnc: true
when: run_once_sys_rpr_btrfs_blnc is not defined when: run_once_sys_rpr_btrfs_blnc is not defined

27
roles/sys-rpr-docker-soft/tasks/01_core.yml Normal file
View File

@ -0,0 +1,27 @@
- name: "create {{heal_docker}}"
file:
path: "{{heal_docker}}"
state: directory
mode: 0755
- name: create sys-rpr-docker-soft.py
copy:
src: sys-rpr-docker-soft.py
dest: "{{heal_docker}}sys-rpr-docker-soft.py"
notify: restart sys-rpr-docker-soft.infinito.service
- name: create sys-rpr-docker-soft.infinito.service
template:
src: sys-rpr-docker-soft.service.j2
dest: /etc/systemd/system/sys-rpr-docker-soft.infinito.service
notify: restart sys-rpr-docker-soft.infinito.service
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_heal_docker}}"

39
roles/sys-rpr-docker-soft/tasks/main.yml
View File

@ -1,37 +1,4 @@
- name: "create {{heal_docker}}" - block:
file: - include_tasks: 01_core.yml
path: "{{heal_docker}}" - include_tasks: utils/run_once.yml
state: directory
mode: 0755
when: run_once_sys_rpr_docker_soft is not defined
- name: create sys-rpr-docker-soft.py
copy:
src: sys-rpr-docker-soft.py
dest: "{{heal_docker}}sys-rpr-docker-soft.py"
notify: restart sys-rpr-docker-soft.infinito.service
when: run_once_sys_rpr_docker_soft is not defined
- name: create sys-rpr-docker-soft.infinito.service
template:
src: sys-rpr-docker-soft.service.j2
dest: /etc/systemd/system/sys-rpr-docker-soft.infinito.service
notify: restart sys-rpr-docker-soft.infinito.service
when: run_once_sys_rpr_docker_soft is not defined
- name: "set 'service_name' to '{{ role_name }}'"
set_fact:
service_name: "{{ role_name }}"
when: run_once_sys_rpr_docker_soft is not defined
- name: "include role for sys-timer for {{service_name}}"
include_role:
name: sys-timer
vars:
on_calendar: "{{on_calendar_heal_docker}}"
when: run_once_sys_rpr_docker_soft is not defined
- name: run the heal_docker tasks once
set_fact:
run_once_sys_rpr_docker_soft: true
when: run_once_sys_rpr_docker_soft is not defined when: run_once_sys_rpr_docker_soft is not defined

51
roles/update-compose/tasks/01_core.yml Normal file
View File

@ -0,0 +1,51 @@
---
- name: "Check if {{ path_docker_compose_instances }} directory exists"
stat:
path: "{{ path_docker_compose_instances }}"
register: docker_compose_directory_stat
- name: "Update with pacman"
include_role:
name: update-pacman
when: ansible_distribution == 'Archlinux'
- name: "Update with apt"
include_role:
name: update-apt
when: ansible_distribution == "Debian"
- name: "Update Docker Images"
include_role:
name: update-docker
when: docker_compose_directory_stat.stat.exists
- name: "Check if yay is installed"
command: which yay
register: yay_installed
changed_when: false
failed_when: false
- name: "Update with yay"
include_role:
name: update-yay
when: yay_installed.rc == 0
- name: "Check if pip is installed"
command: which pip
register: pip_installed
changed_when: false
failed_when: false
- name: "Update with pip"
include_role:
name: update-pip
- name: "Check if pkgmgr command is available"
command: "which pkgmgr"
register: pkgmgr_available
failed_when: false
- name: "Update all repositories using pkgmgr"
include_role:
name: update-pkgmgr
when: pkgmgr_available.rc == 0

80
roles/update-compose/tasks/main.yml
View File

@ -1,78 +1,4 @@
--- - block:
- name: "Check if {{ path_docker_compose_instances }} directory exists" - include_tasks: 01_core.yml
stat: - include_tasks: utils/run_once.yml
path: "{{ path_docker_compose_instances }}"
register: docker_compose_directory_stat
when:
- run_once_update_compose is not defined
- name: "Update with pacman"
include_role:
name: update-pacman
when:
- run_once_update_compose is not defined
- ansible_distribution == 'Archlinux'
- name: "Update with apt"
include_role:
name: update-apt
when:
- run_once_update_compose is not defined
- ansible_distribution == "Debian"
- name: "Update Docker Images"
include_role:
name: update-docker
when:
- run_once_update_compose is not defined
- docker_compose_directory_stat.stat.exists
- name: "Check if yay is installed"
command: which yay
register: yay_installed
changed_when: false
failed_when: false
when:
- run_once_update_compose is not defined
- name: "Update with yay"
include_role:
name: update-yay
when:
- run_once_update_compose is not defined
- yay_installed.rc == 0
- name: "Check if pip is installed"
command: which pip
register: pip_installed
changed_when: false
failed_when: false
when:
- run_once_update_compose is not defined
- name: "Update with pip"
include_role:
name: update-pip
when:
- run_once_update_compose is not defined
- name: "Check if pkgmgr command is available"
command: "which pkgmgr"
register: pkgmgr_available
failed_when: false
when:
- run_once_update_compose is not defined
- name: "Update all repositories using pkgmgr"
include_role:
name: update-pkgmgr
when:
- pkgmgr_available.rc == 0
- run_once_update_compose is not defined
- name: run the update tasks once
set_fact:
run_once_update_compose: true
when: run_once_update_compose is not defined when: run_once_update_compose is not defined

23
roles/update-docker/tasks/01_core.yml Normal file
View File

@ -0,0 +1,23 @@
- name: "start sys-bkp-docker-2-loc-everything.infinito.service"
systemd:
name: sys-bkp-docker-2-loc-everything.infinito.service
state: started
when:
- mode_backup | bool
- name: create {{update_docker_script}}
template:
src: update-docker.py.j2
dest: "{{update_docker_script}}"
- name: configure update-docker.infinito.service
template:
src: update-docker.service.j2
dest: /etc/systemd/system/update-docker.infinito.service
- name: "restart update-docker.infinito.service"
systemd:
name: update-docker.infinito.service
state: restarted
enabled: yes
daemon_reload: yes

34
roles/update-docker/tasks/main.yml
View File

@ -1,32 +1,4 @@
- name: "start sys-bkp-docker-2-loc-everything.infinito.service" - block:
systemd: - include_tasks: 01_core.yml
name: sys-bkp-docker-2-loc-everything.infinito.service - include_tasks: utils/run_once.yml
state: started
when:
- run_once_update_docker is not defined
- mode_backup | bool
- name: create {{update_docker_script}}
template:
src: update-docker.py.j2
dest: "{{update_docker_script}}"
when: run_once_update_docker is not defined
- name: configure update-docker.infinito.service
template:
src: update-docker.service.j2
dest: /etc/systemd/system/update-docker.infinito.service
when: run_once_update_docker is not defined
- name: "restart update-docker.infinito.service"
systemd:
name: update-docker.infinito.service
state: restarted
enabled: yes
daemon_reload: yes
when: run_once_update_docker is not defined
- name: run the update docker tasks once
set_fact:
run_once_update_docker: true
when: run_once_update_docker is not defined when: run_once_update_docker is not defined

48
roles/user-administrator/tasks/01_core.yml Normal file
View File

@ -0,0 +1,48 @@
- name: create administrator
user:
name: administrator
update_password: on_create
password: "{{ users.administrator.password | password_hash('sha512') }}"
create_home: yes
generate_ssh_key: yes
ssh_key_type: rsa
ssh_key_bits: 8192
- name: "set correct rights for {{path_administrator_home}}"
file:
path: "{{path_administrator_home}}"
state: directory
owner: administrator
group: administrator
mode: 0700
- name: "create {{path_administrator_scripts}}"
file:
path: "{{path_administrator_home}}scripts"
state: directory
owner: administrator
group: administrator
mode: 0700
- name: create {{path_administrator_home}}.ssh/authorized_keys
copy:
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}{{path_administrator_home}}.ssh/authorized_keys"
dest: "{{path_administrator_home}}.ssh/authorized_keys"
owner: administrator
group: administrator
mode: '0644'
- name: grant administrator sudo rights with password
copy:
src: "administrator"
dest: /etc/sudoers.d/administrator
mode: '0644'
owner: root
group: root
notify: sshd restart
- name: "embed user routines for {{ role_path | basename }}"
include_role:
name: user
vars:
user_name: "administrator"

61
roles/user-administrator/tasks/main.yml
View File

@ -1,59 +1,4 @@
- name: create administrator - block:
user: - include_tasks: 01_core.yml
name: administrator - include_tasks: utils/run_once.yml
update_password: on_create
password: "{{ users.administrator.password | password_hash('sha512') }}"
create_home: yes
generate_ssh_key: yes
ssh_key_type: rsa
ssh_key_bits: 8192
when: run_once_user_administrator is not defined
- name: "set correct rights for {{path_administrator_home}}"
file:
path: "{{path_administrator_home}}"
state: directory
owner: administrator
group: administrator
mode: 0700
when: run_once_user_administrator is not defined
- name: "create {{path_administrator_scripts}}"
file:
path: "{{path_administrator_home}}scripts"
state: directory
owner: administrator
group: administrator
mode: 0700
when: run_once_user_administrator is not defined
- name: create {{path_administrator_home}}.ssh/authorized_keys
copy:
src: "{{ inventory_dir }}/files/{{ inventory_hostname }}{{path_administrator_home}}.ssh/authorized_keys"
dest: "{{path_administrator_home}}.ssh/authorized_keys"
owner: administrator
group: administrator
mode: '0644'
when: run_once_user_administrator is not defined
- name: grant administrator sudo rights with password
copy:
src: "administrator"
dest: /etc/sudoers.d/administrator
mode: '0644'
owner: root
group: root
notify: sshd restart
when: run_once_user_administrator is not defined
- name: "embed user routines for {{ role_path | basename }}"
include_role:
name: user
vars:
user_name: "administrator"
when: run_once_user_administrator is not defined
- name: run the user_administrator tasks once
set_fact:
run_once_user_administrator: true
when: run_once_user_administrator is not defined when: run_once_user_administrator is not defined