From 3f37ee5c6cfc63535fe41ba84cdabbac7e31cbdb Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Thu, 17 Mar 2022 16:28:57 +0100 Subject: [PATCH] Optimized different roles --- playbook.yml | 40 +++++++++++-------- roles/native-sshd/tasks/main.yml | 8 ++-- .../sshd_config => templates/sshd_config.j2} | 6 ++- .../templates/authorized_keys.j2 | 4 +- roles/native-user-backup/vars/main.yml | 2 +- 5 files changed, 37 insertions(+), 23 deletions(-) rename roles/native-sshd/{files/sshd_config => templates/sshd_config.j2} (95%) diff --git a/playbook.yml b/playbook.yml index 90f0e378..278cece6 100644 --- a/playbook.yml +++ b/playbook.yml @@ -22,16 +22,8 @@ become: true roles: - native-wireguard-behind-firewall -- name: setup replica backup hosts - hosts: replica_backup_hosts - become: true - roles: - - role: native-pull-primary-backups -- name: setup backups cleanup - hosts: backups_cleanup - become: true - roles: - - role: native-backups-cleanup + +# Native Webserver Roles - name: setup homepages hosts: homepage_hosts become: true @@ -39,6 +31,15 @@ - role: native-homepage vars: domain: "{{top_domain}}" +- name: setup redirect hosts + hosts: redirect_hosts + become: true + roles: + - role: native-https-redirect + vars: + domain_mappings: "{{redirect_domain_mappings}}" + +# Docker Roles - name: setup nextcloud hosts hosts: nextcloud_hosts become: true @@ -65,13 +66,6 @@ vars: domains: "{{wordpress_domains}}" http_port: 8003 -- name: setup redirect hosts - hosts: redirect_hosts - become: true - roles: - - role: native-https-redirect - vars: - domain_mappings: "{{redirect_domain_mappings}}" - name: setup mediawiki hosts hosts: mediawiki_hosts become: true @@ -125,3 +119,15 @@ vars: domain: akaunting.{{top_domain}} http_port: 8080 + +# Backup Roles +- name: setup replica backup hosts + hosts: replica_backup_hosts + become: true + roles: + - role: native-pull-primary-backups +- name: setup backups cleanup + hosts: backups_cleanup + become: true + roles: + - role: native-backups-cleanup diff --git a/roles/native-sshd/tasks/main.yml b/roles/native-sshd/tasks/main.yml index 49c14b8f..6c713929 100644 --- a/roles/native-sshd/tasks/main.yml +++ b/roles/native-sshd/tasks/main.yml @@ -1,6 +1,8 @@ - name: create sshd_config - copy: - src: sshd_config + template: + src: "sshd_config.j2" dest: /etc/ssh/sshd_config - backup: yes + owner: root + group: root + mode: '0644' notify: sshd restart diff --git a/roles/native-sshd/files/sshd_config b/roles/native-sshd/templates/sshd_config.j2 similarity index 95% rename from roles/native-sshd/files/sshd_config rename to roles/native-sshd/templates/sshd_config.j2 index c5057301..b0a4d1d2 100644 --- a/roles/native-sshd/files/sshd_config +++ b/roles/native-sshd/templates/sshd_config.j2 @@ -108,7 +108,11 @@ PrintMotd no # pam does that #Banner none # override default of no subsystems -Subsystem sftp /usr/lib/ssh/sftp-server +{% if ansible_os_family == "Archlinux" %} +Subsystem sftp /usr/lib/ssh/sftp-server +{% else%} +Subsystem sftp /usr/lib/openssh/sftp-server +{% endif %} # Example of overriding settings on a per-user basis #Match User anoncvs diff --git a/roles/native-user-backup/templates/authorized_keys.j2 b/roles/native-user-backup/templates/authorized_keys.j2 index 29256455..7c602c02 100644 --- a/roles/native-user-backup/templates/authorized_keys.j2 +++ b/roles/native-user-backup/templates/authorized_keys.j2 @@ -1 +1,3 @@ -command="/home/backup/ssh-wrapper.sh" {{authorized_keys}} +{% for authorized_key in authorized_keys_list %} +command="/home/backup/ssh-wrapper.sh" {{authorized_key}} +{% endfor %} diff --git a/roles/native-user-backup/vars/main.yml b/roles/native-user-backup/vars/main.yml index b6a2ce98..031eba48 100644 --- a/roles/native-user-backup/vars/main.yml +++ b/roles/native-user-backup/vars/main.yml @@ -1,2 +1,2 @@ authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys" -authorized_keys: "{{ lookup('file', authorized_keys_path) }}" +authorized_keys_list: "{{ lookup('file', authorized_keys_path).splitlines() }}"