mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-22 12:41:05 +01:00
Optimized different roles
This commit is contained in:
parent
99b66dda81
commit
3f37ee5c6c
40
playbook.yml
40
playbook.yml
@ -22,16 +22,8 @@
|
|||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- native-wireguard-behind-firewall
|
- native-wireguard-behind-firewall
|
||||||
- name: setup replica backup hosts
|
|
||||||
hosts: replica_backup_hosts
|
# Native Webserver Roles
|
||||||
become: true
|
|
||||||
roles:
|
|
||||||
- role: native-pull-primary-backups
|
|
||||||
- name: setup backups cleanup
|
|
||||||
hosts: backups_cleanup
|
|
||||||
become: true
|
|
||||||
roles:
|
|
||||||
- role: native-backups-cleanup
|
|
||||||
- name: setup homepages
|
- name: setup homepages
|
||||||
hosts: homepage_hosts
|
hosts: homepage_hosts
|
||||||
become: true
|
become: true
|
||||||
@ -39,6 +31,15 @@
|
|||||||
- role: native-homepage
|
- role: native-homepage
|
||||||
vars:
|
vars:
|
||||||
domain: "{{top_domain}}"
|
domain: "{{top_domain}}"
|
||||||
|
- name: setup redirect hosts
|
||||||
|
hosts: redirect_hosts
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role: native-https-redirect
|
||||||
|
vars:
|
||||||
|
domain_mappings: "{{redirect_domain_mappings}}"
|
||||||
|
|
||||||
|
# Docker Roles
|
||||||
- name: setup nextcloud hosts
|
- name: setup nextcloud hosts
|
||||||
hosts: nextcloud_hosts
|
hosts: nextcloud_hosts
|
||||||
become: true
|
become: true
|
||||||
@ -65,13 +66,6 @@
|
|||||||
vars:
|
vars:
|
||||||
domains: "{{wordpress_domains}}"
|
domains: "{{wordpress_domains}}"
|
||||||
http_port: 8003
|
http_port: 8003
|
||||||
- name: setup redirect hosts
|
|
||||||
hosts: redirect_hosts
|
|
||||||
become: true
|
|
||||||
roles:
|
|
||||||
- role: native-https-redirect
|
|
||||||
vars:
|
|
||||||
domain_mappings: "{{redirect_domain_mappings}}"
|
|
||||||
- name: setup mediawiki hosts
|
- name: setup mediawiki hosts
|
||||||
hosts: mediawiki_hosts
|
hosts: mediawiki_hosts
|
||||||
become: true
|
become: true
|
||||||
@ -125,3 +119,15 @@
|
|||||||
vars:
|
vars:
|
||||||
domain: akaunting.{{top_domain}}
|
domain: akaunting.{{top_domain}}
|
||||||
http_port: 8080
|
http_port: 8080
|
||||||
|
|
||||||
|
# Backup Roles
|
||||||
|
- name: setup replica backup hosts
|
||||||
|
hosts: replica_backup_hosts
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role: native-pull-primary-backups
|
||||||
|
- name: setup backups cleanup
|
||||||
|
hosts: backups_cleanup
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role: native-backups-cleanup
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
- name: create sshd_config
|
- name: create sshd_config
|
||||||
copy:
|
template:
|
||||||
src: sshd_config
|
src: "sshd_config.j2"
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
backup: yes
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
notify: sshd restart
|
notify: sshd restart
|
||||||
|
@ -108,7 +108,11 @@ PrintMotd no # pam does that
|
|||||||
#Banner none
|
#Banner none
|
||||||
|
|
||||||
# override default of no subsystems
|
# override default of no subsystems
|
||||||
|
{% if ansible_os_family == "Archlinux" %}
|
||||||
Subsystem sftp /usr/lib/ssh/sftp-server
|
Subsystem sftp /usr/lib/ssh/sftp-server
|
||||||
|
{% else%}
|
||||||
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Example of overriding settings on a per-user basis
|
# Example of overriding settings on a per-user basis
|
||||||
#Match User anoncvs
|
#Match User anoncvs
|
@ -1 +1,3 @@
|
|||||||
command="/home/backup/ssh-wrapper.sh" {{authorized_keys}}
|
{% for authorized_key in authorized_keys_list %}
|
||||||
|
command="/home/backup/ssh-wrapper.sh" {{authorized_key}}
|
||||||
|
{% endfor %}
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys"
|
authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys"
|
||||||
authorized_keys: "{{ lookup('file', authorized_keys_path) }}"
|
authorized_keys_list: "{{ lookup('file', authorized_keys_path).splitlines() }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user