diff --git a/README.md b/README.md index 0d7d1275..f8e48365 100644 --- a/README.md +++ b/README.md @@ -152,7 +152,7 @@ Focuses on web server roles and applications, covering SSL certificates, Nginx c - **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx. - **[Nginx-Matomo-Tracking](./roles/nginx-matomo-tracking/)**: Integrates Matomo tracking with Nginx. - **[Nginx-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx. -- **[Certbot Nginx](./roles/certbot-nginx/)**: Integrates Certbot with Nginx for SSL certificates. +- **[Certbot Nginx](./roles/nginx-certbot/)**: Integrates Certbot with Nginx for SSL certificates. - **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent. #### Docker and Containerization diff --git a/roles/backup-docker-to-local/tasks/main.yml b/roles/backup-docker-to-local/tasks/main.yml index c765b65c..95d9044f 100644 --- a/roles/backup-docker-to-local/tasks/main.yml +++ b/roles/backup-docker-to-local/tasks/main.yml @@ -4,6 +4,7 @@ - lsof - python-pandas state: present + when: run_once_backup_docker_to_local is not defined - name: pull backup-docker-to-local.git git: @@ -12,23 +13,26 @@ update: yes register: git_result ignore_errors: true + when: run_once_backup_docker_to_local is not defined - name: Warn if repo is not reachable debug: msg: "Warning: Repository is not reachable." - when: git_result.failed + when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined - name: configure backup-docker-to-local.service template: src: backup-docker-to-local.service.j2 dest: /etc/systemd/system/backup-docker-to-local.service notify: reload backup-docker-to-local.service + when: run_once_backup_docker_to_local is not defined - name: configure backup-docker-to-local.timer.tpl template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer register: backup_docker_to_local_timer changed_when: backup_docker_to_local_timer.changed or activate_all_timers | default(false) | bool notify: restart backup-docker-to-local.timer + when: run_once_backup_docker_to_local is not defined - name: create {{backup_docker_to_local_folder}}databases.csv copy: @@ -36,3 +40,9 @@ dest: "{{backup_docker_to_local_folder}}databases.csv" owner: root group: root + when: run_once_backup_docker_to_local is not defined + +- name: run the backup_docker_to_local tasks once + set_fact: + run_once_backup_docker_to_local: true + when: run_once_backup_docker_to_local is not defined diff --git a/roles/backups-provider-user/tasks/main.yml b/roles/backups-provider-user/tasks/main.yml index 53a6caa2..3270d087 100644 --- a/roles/backups-provider-user/tasks/main.yml +++ b/roles/backups-provider-user/tasks/main.yml @@ -2,6 +2,7 @@ user: name: backup create_home: yes + when: run_once_backups_provider_user is not defined - name: create .ssh directory file: @@ -10,6 +11,7 @@ owner: backup group: backup mode: '0700' + when: run_once_backups_provider_user is not defined - name: create /home/backup/.ssh/authorized_keys template: @@ -18,6 +20,7 @@ owner: backup group: backup mode: '0644' + when: run_once_backups_provider_user is not defined - name: create /home/backup/ssh-wrapper.sh copy: @@ -26,6 +29,7 @@ owner: backup group: backup mode: '0700' + when: run_once_backups_provider_user is not defined - name: grant backup sudo rights copy: @@ -35,3 +39,9 @@ owner: root group: root notify: sshd restart + when: run_once_backups_provider_user is not defined + +- name: run the backups_provider_user tasks once + set_fact: + run_once_backups_provider_user: true + when: run_once_backups_provider_user is not defined \ No newline at end of file diff --git a/roles/cleanup-backups-service/tasks/main.yml b/roles/cleanup-backups-service/tasks/main.yml index 190adb62..3a8b7c15 100644 --- a/roles/cleanup-backups-service/tasks/main.yml +++ b/roles/cleanup-backups-service/tasks/main.yml @@ -4,20 +4,29 @@ - lsof - python-psutil state: present + when: run_once_cleanup_backups_service is not defined - name: "create {{docker_cleanup_backups}}" file: path: "{{docker_cleanup_backups}}" state: directory mode: 0755 + when: run_once_cleanup_backups_service is not defined - name: create cleanup-backups.py copy: src: "cleanup-backups.py" dest: "{{docker_cleanup_backups}}cleanup-backups.py" + when: run_once_cleanup_backups_service is not defined - name: create cleanup-backups.service template: src: "cleanup-backups.service.j2" dest: "/etc/systemd/system/cleanup-backups.service" notify: reload cleanup-backups.service + when: run_once_cleanup_backups_service is not defined + +- name: run the cleanup_backups_service tasks once + set_fact: + run_once_cleanup_backups_service: true + when: run_once_cleanup_backups_service is not defined diff --git a/roles/cleanup-backups-timer/handlers/main.yml b/roles/cleanup-backups-timer/handlers/main.yml index 0913c641..0f0c8dcb 100644 --- a/roles/cleanup-backups-timer/handlers/main.yml +++ b/roles/cleanup-backups-timer/handlers/main.yml @@ -4,3 +4,9 @@ state: restarted enabled: yes daemon_reload: yes + when: run_once_cleanup_backup_timer is not defined + +- name: run the cleanup_backup_timer tasks once + set_fact: + run_once_cleanup_backup_timer: true + when: run_once_cleanup_backup_timer is not defined \ No newline at end of file diff --git a/roles/cleanup-backups-timer/tasks/main.yml b/roles/cleanup-backups-timer/tasks/main.yml index 6d5a1e01..b3c1712b 100644 --- a/roles/cleanup-backups-timer/tasks/main.yml +++ b/roles/cleanup-backups-timer/tasks/main.yml @@ -5,3 +5,9 @@ register: cleanup_backups_timer changed_when: cleanup_backups_timer.changed or activate_all_timers | default(false) | bool notify: restart cleanup-backups.timer + when: run_once_cleanup_backups_timer is not defined + +- name: run the cleanup_backups_timer tasks once + set_fact: + run_once_cleanup_backups_timer: true + when: run_once_cleanup_backups_timer is not defined diff --git a/roles/cleanup-failed-docker-backups/tasks/main.yml b/roles/cleanup-failed-docker-backups/tasks/main.yml index 27b427c5..e525834a 100644 --- a/roles/cleanup-failed-docker-backups/tasks/main.yml +++ b/roles/cleanup-failed-docker-backups/tasks/main.yml @@ -5,14 +5,21 @@ update: yes register: git_result ignore_errors: true + when: run_once_cleanup_failed_docker_backups is not defined - name: Warn if repo is not reachable debug: msg: "Warning: Repository is not reachable." - when: git_result.failed + when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined - name: configure cleanup-failed-docker-backups.service template: src: cleanup-failed-docker-backups.service.j2 dest: /etc/systemd/system/cleanup-failed-docker-backups.service - notify: reload cleanup-failed-docker-backups.service daemon \ No newline at end of file + notify: reload cleanup-failed-docker-backups.service daemon + when: run_once_cleanup_failed_docker_backups is not defined + +- name: run the cleanup_failed_docker_backups tasks once + set_fact: + run_once_cleanup_failed_docker_backups: true + when: run_once_cleanup_failed_docker_backups is not defined \ No newline at end of file diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 159f0a63..8b34d9e1 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -5,6 +5,7 @@ name: ['docker','docker-compose'] state: present notify: docker restart + when: run_once_docker is not defined - name: "create {{path_docker_compose_instances}}" file: @@ -13,6 +14,7 @@ mode: 0700 owner: administrator group: administrator + when: run_once_docker is not defined - name: "create {{path_docker_volumes}}" file: @@ -21,6 +23,13 @@ mode: 0700 owner: administrator group: administrator + when: run_once_docker is not defined - name: flush docker service meta: flush_handlers + when: run_once_docker is not defined + +- name: run the docker tasks once + set_fact: + run_once_docker: true + when: run_once_docker is not defined diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml index db22afc5..2a4fba37 100644 --- a/roles/git/tasks/main.yml +++ b/roles/git/tasks/main.yml @@ -1,2 +1,8 @@ - name: install git pacman: name=git state=present + when: run_once_git is not defined + +- name: run the git tasks once + set_fact: + run_once_git: true + when: run_once_git is not defined \ No newline at end of file diff --git a/roles/heal-docker/tasks/main.yml b/roles/heal-docker/tasks/main.yml index 01f831d6..5b32335c 100644 --- a/roles/heal-docker/tasks/main.yml +++ b/roles/heal-docker/tasks/main.yml @@ -3,17 +3,20 @@ path: "{{heal_docker}}" state: directory mode: 0755 + when: run_once_heal_docker is not defined - name: create heal-docker.py copy: src: heal-docker.py dest: "{{heal_docker}}heal-docker.py" + when: run_once_heal_docker is not defined - name: create heal-docker.service template: src: heal-docker.service.j2 dest: /etc/systemd/system/heal-docker.service notify: reload heal-docker.service + when: run_once_heal_docker is not defined - name: create heal-docker.timer template: @@ -21,4 +24,10 @@ dest: "/etc/systemd/system/heal-docker.timer" register: heal_docker_timer changed_when: heal_docker_timer.changed or activate_all_timers | default(false) | bool - notify: restart heal-docker.timer \ No newline at end of file + notify: restart heal-docker.timer + when: run_once_heal_docker is not defined + +- name: run the heal_docker tasks once + set_fact: + run_once_heal_docker: true + when: run_once_heal_docker is not defined \ No newline at end of file diff --git a/roles/health-docker-container/tasks/main.yml b/roles/health-docker-container/tasks/main.yml index ae0ba794..607495f4 100644 --- a/roles/health-docker-container/tasks/main.yml +++ b/roles/health-docker-container/tasks/main.yml @@ -3,15 +3,18 @@ path: "{{health_docker_container_folder}}" state: directory mode: 0755 + when: run_once_health_docker_container is not defined - name: create health-docker-container.sh copy: src: health-docker-container.sh dest: "{{health_docker_container_folder}}health-docker-container.sh" + when: run_once_health_docker_container is not defined - name: create health-docker-container.service template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service notify: reload health-docker-container.service + when: run_once_health_docker_container is not defined - name: create health-docker-container.timer template: @@ -20,3 +23,9 @@ register: health_docker_container_timer changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool notify: restart health-docker-container.timer + when: run_once_health_docker_container is not defined + +- name: run the health_docker_container tasks once + set_fact: + run_once_health_docker_container: true + when: run_once_health_docker_container is not defined diff --git a/roles/health-docker-volumes/tasks/main.yml b/roles/health-docker-volumes/tasks/main.yml index 016bea8e..f1163555 100644 --- a/roles/health-docker-volumes/tasks/main.yml +++ b/roles/health-docker-volumes/tasks/main.yml @@ -3,15 +3,18 @@ path: "{{health_docker_volumes_folder}}" state: directory mode: 0755 + when: run_once_health_docker_volumes is not defined - name: create health-docker-volumes.sh copy: src: health-docker-volumes.sh dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh" + when: run_once_health_docker_volumes is not defined - name: create health-docker-volumes.service template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service notify: reload health-docker-volumes.service + when: run_once_health_docker_volumes is not defined - name: create health-docker-volumes.timer template: @@ -20,3 +23,9 @@ register: health_docker_volumes_timer changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool notify: restart health-docker-volumes.timer + when: run_once_health_docker_volumes is not defined + +- name: run the health_docker_volumes tasks once + set_fact: + run_once_health_docker_volumes: true + when: run_once_health_docker_volumes is not defined diff --git a/roles/health-nginx/tasks/main.yml b/roles/health-nginx/tasks/main.yml index b3b7994b..7b73990b 100644 --- a/roles/health-nginx/tasks/main.yml +++ b/roles/health-nginx/tasks/main.yml @@ -2,23 +2,27 @@ pacman: name: python-requests state: present + when: run_once_health_nginx is not defined - name: "create {{ health_nginx_folder }}" file: path: "{{ health_nginx_folder }}" state: directory mode: 0755 + when: run_once_health_nginx is not defined - name: create health-nginx.py copy: src: health-nginx.py dest: "{{ health_nginx_folder }}health-nginx.py" + when: run_once_health_nginx is not defined - name: create health-nginx.service template: src: health-nginx.service.j2 dest: /etc/systemd/system/health-nginx.service notify: reload health-nginx.service + when: run_once_health_nginx is not defined - name: create health-nginx.timer template: @@ -27,3 +31,10 @@ register: health_nginx_timer changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool notify: restart health-nginx.timer + when: run_once_health_nginx is not defined + +- name: run the health_nginx tasks once + set_fact: + run_once_health_nginx: true + when: run_once_health_nginx is not defined + diff --git a/roles/letsencrypt/meta/main.yml b/roles/letsencrypt/meta/main.yml index 12d1f51a..4f45948e 100644 --- a/roles/letsencrypt/meta/main.yml +++ b/roles/letsencrypt/meta/main.yml @@ -1,2 +1,2 @@ dependencies: -- certbot-nginx +- nginx-certbot diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index ce44be87..28aa6b71 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -1,6 +1,13 @@ - name: create nginx letsencrypt config file template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf notify: restart nginx + when: run_once_letsencrypt is not defined - name: flush nginx service meta: flush_handlers + when: run_once_letsencrypt is not defined + +- name: run the letsencrypt logic just once + set_fact: + run_once_letsencrypt: true + when: run_once_letsencrypt is not defined diff --git a/roles/certbot-nginx/handlers/main.yml b/roles/nginx-certbot/handlers/main.yml similarity index 100% rename from roles/certbot-nginx/handlers/main.yml rename to roles/nginx-certbot/handlers/main.yml diff --git a/roles/certbot-nginx/meta/main.yml b/roles/nginx-certbot/meta/main.yml similarity index 100% rename from roles/certbot-nginx/meta/main.yml rename to roles/nginx-certbot/meta/main.yml diff --git a/roles/certbot-nginx/tasks/main.yml b/roles/nginx-certbot/tasks/main.yml similarity index 65% rename from roles/certbot-nginx/tasks/main.yml rename to roles/nginx-certbot/tasks/main.yml index e6b63603..f6897a9f 100644 --- a/roles/certbot-nginx/tasks/main.yml +++ b/roles/nginx-certbot/tasks/main.yml @@ -2,12 +2,14 @@ pacman: name: [certbot,certbot-nginx] state: present + when: run_once_nginx_certbot is not defined - name: configure certbot.service.tpl template: src: certbot.service.j2 dest: /etc/systemd/system/certbot.service notify: reload certbot service + when: run_once_nginx_certbot is not defined - name: configure certbot.timer.tpl template: @@ -16,3 +18,9 @@ register: certbot_timer changed_when: certbot_timer.changed or activate_all_timers | default(false) | bool notify: restart certbot timer + when: run_once_nginx_certbot is not defined + +- name: run the nginx_certbot tasks once + set_fact: + run_once_nginx_certbot: true + when: run_once_nginx_certbot is not defined diff --git a/roles/certbot-nginx/templates/certbot.service.j2 b/roles/nginx-certbot/templates/certbot.service.j2 similarity index 100% rename from roles/certbot-nginx/templates/certbot.service.j2 rename to roles/nginx-certbot/templates/certbot.service.j2 diff --git a/roles/certbot-nginx/templates/certbot.timer.j2 b/roles/nginx-certbot/templates/certbot.timer.j2 similarity index 100% rename from roles/certbot-nginx/templates/certbot.timer.j2 rename to roles/nginx-certbot/templates/certbot.timer.j2 diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 889924b5..d5d09427 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -2,6 +2,7 @@ - name: install nginx pacman: name=nginx state=present notify: restart nginx + when: run_once_nginx is not defined - name: Ensure nginx configuration directories are present file: @@ -12,10 +13,18 @@ - "{{nginx_servers_directory}}" - "{{nginx_maps_directory}}" - "{{nginx_upstreams_directory}}" + when: run_once_nginx is not defined - name: create nginx config file template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf notify: restart nginx + when: run_once_nginx is not defined - name: flush nginx service meta: flush_handlers + when: run_once_nginx is not defined + +- name: run the nginx tasks once + set_fact: + run_once_nginx: true + when: run_once_nginx is not defined diff --git a/roles/python-pip/tasks/main.yml b/roles/python-pip/tasks/main.yml index 015772c1..3c209cbc 100644 --- a/roles/python-pip/tasks/main.yml +++ b/roles/python-pip/tasks/main.yml @@ -3,3 +3,9 @@ pacman: name: python-pip state: present + when: run_once_python_pip is not defined + +- name: run the python_pip tasks once + set_fact: + run_once_python_pip: true + when: run_once_python_pip is not defined diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 6c713929..7b639b6d 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -6,3 +6,9 @@ group: root mode: '0644' notify: sshd restart + when: run_once_sshd is not defined + +- name: run the sshd tasks once + set_fact: + run_once_sshd: true + when: run_once_sshd is not defined diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml index 29e4b6b9..6ca300bd 100644 --- a/roles/sudo/tasks/main.yml +++ b/roles/sudo/tasks/main.yml @@ -2,3 +2,9 @@ package: name: sudo state: present + when: run_once_sudo is not defined + +- name: run the sudo tasks once + set_fact: + run_once_sudo: true + when: run_once_sudo is not defined \ No newline at end of file diff --git a/roles/systemd-notifier-email/tasks/main.yml b/roles/systemd-notifier-email/tasks/main.yml index 762cb8e8..cec74cf3 100644 --- a/roles/systemd-notifier-email/tasks/main.yml +++ b/roles/systemd-notifier-email/tasks/main.yml @@ -1,18 +1,28 @@ - name: install smtp-forwarder pacman: name=smtp-forwarder state=present + when: run_once_systemd_notifier_email is not defined - name: configure msmtprc.conf.j2 template: src=msmtprc.conf.j2 dest=/root/.msmtprc + when: run_once_systemd_notifier_email is not defined - name: "create {{systemd_notifier_email_folder}}" file: path: "{{systemd_notifier_email_folder}}" state: directory mode: 0755 + when: run_once_systemd_notifier_email is not defined - name: configure systemd-notifier-email.sh template: src=systemd-notifier-email.sh.j2 dest={{systemd_notifier_email_folder}}systemd-notifier-email.sh + when: run_once_systemd_notifier_email is not defined - name: configure systemd-notifier-email.service template: src=systemd-notifier-email@.service.j2 dest=/etc/systemd/system/systemd-notifier-email@.service notify: restart systemd-notifier-email service + when: run_once_systemd_notifier_email is not defined + +- name: run the systemd_notifier_email tasks once + set_fact: + run_once_systemd_notifier_email: true + when: run_once_systemd_notifier_email is not defined diff --git a/roles/systemd-notifier-telegram/tasks/main.yml b/roles/systemd-notifier-telegram/tasks/main.yml index beeb44f1..f449588e 100644 --- a/roles/systemd-notifier-telegram/tasks/main.yml +++ b/roles/systemd-notifier-telegram/tasks/main.yml @@ -2,20 +2,29 @@ pacman: name: curl state: present + when: run_once_systemd_notifier_telegram is not defined - name: Create a directory with a subdirectory ansible.builtin.file: path: "{{systemd_telegram_folder}}" state: directory mode: '0755' + when: run_once_systemd_notifier_telegram is not defined - name: configure systemd-notifier-telegram.sh template: src: systemd-notifier-telegram.sh.j2 dest: "{{ systemd_telegram_script }}" + when: run_once_systemd_notifier_telegram is not defined - name: configure systemd-notifier-telegram.service template: src: systemd-notifier-telegram@.service.j2 dest: "/etc/systemd/system/systemd-notifier-telegram@.service" notify: "restart systemd-notifier-telegram service" + when: run_once_systemd_notifier_telegram is not defined + +- name: run the systemd_notifier_telegram tasks once + set_fact: + run_once_systemd_notifier_telegram: true + when: run_once_systemd_notifier_telegram is not defined \ No newline at end of file diff --git a/roles/systemd-notifier/handlers/main.yml b/roles/systemd-notifier/handlers/main.yml index afd16509..d68ba6d9 100644 --- a/roles/systemd-notifier/handlers/main.yml +++ b/roles/systemd-notifier/handlers/main.yml @@ -2,3 +2,9 @@ systemd: name: systemd-notifier.service daemon_reload: yes + when: run_once_systemd_notifier_service is not defined + +- name: run the systemd_notifier_service tasks once + set_fact: + run_once_systemd_notifier_service: true + when: run_once_systemd_notifier_service is not defined diff --git a/roles/systemd-notifier/tasks/main.yml b/roles/systemd-notifier/tasks/main.yml index 0cd3b21d..acaf3e17 100644 --- a/roles/systemd-notifier/tasks/main.yml +++ b/roles/systemd-notifier/tasks/main.yml @@ -4,3 +4,9 @@ src: systemd-notifier@.service.j2 dest: "/etc/systemd/system/systemd-notifier@.service" notify: "restart systemd-notifier service" + when: run_once_systemd_notifier_service is not defined + +- name: run the systemd_notifier_service tasks once + set_fact: + run_once_systemd_notifier_service: true + when: run_once_systemd_notifier_service is not defined \ No newline at end of file diff --git a/roles/user-administrator/tasks/main.yml b/roles/user-administrator/tasks/main.yml index dd18691d..de55b794 100644 --- a/roles/user-administrator/tasks/main.yml +++ b/roles/user-administrator/tasks/main.yml @@ -7,6 +7,7 @@ generate_ssh_key: yes ssh_key_type: rsa ssh_key_bits: 8192 + when: run_once_user_administrator is not defined - name: "create {{path_administrator_scripts}}" file: @@ -15,6 +16,7 @@ owner: administrator group: administrator mode: 0700 + when: run_once_user_administrator is not defined - name: create {{path_administrator_home}}.ssh/authorized_keys copy: @@ -23,6 +25,7 @@ owner: administrator group: administrator mode: '0644' + when: run_once_user_administrator is not defined - name: grant administrator sudo rights with password copy: @@ -32,6 +35,7 @@ owner: root group: root notify: sshd restart + when: run_once_user_administrator is not defined - name: "create {{path_administrator_home}}volumes/" file: @@ -40,3 +44,9 @@ owner: administrator group: administrator mode: 0700 + when: run_once_user_administrator is not defined + +- name: run the user_administrator tasks once + set_fact: + run_once_user_administrator: true + when: run_once_user_administrator is not defined \ No newline at end of file