Optimized different roles

This commit is contained in:
Kevin Veen-Birkenbach 2022-03-17 16:28:57 +01:00
parent 99b66dda81
commit 3f37ee5c6c
5 changed files with 37 additions and 23 deletions

View File

@ -22,16 +22,8 @@
become: true become: true
roles: roles:
- native-wireguard-behind-firewall - native-wireguard-behind-firewall
- name: setup replica backup hosts
hosts: replica_backup_hosts # Native Webserver Roles
become: true
roles:
- role: native-pull-primary-backups
- name: setup backups cleanup
hosts: backups_cleanup
become: true
roles:
- role: native-backups-cleanup
- name: setup homepages - name: setup homepages
hosts: homepage_hosts hosts: homepage_hosts
become: true become: true
@ -39,6 +31,15 @@
- role: native-homepage - role: native-homepage
vars: vars:
domain: "{{top_domain}}" domain: "{{top_domain}}"
- name: setup redirect hosts
hosts: redirect_hosts
become: true
roles:
- role: native-https-redirect
vars:
domain_mappings: "{{redirect_domain_mappings}}"
# Docker Roles
- name: setup nextcloud hosts - name: setup nextcloud hosts
hosts: nextcloud_hosts hosts: nextcloud_hosts
become: true become: true
@ -65,13 +66,6 @@
vars: vars:
domains: "{{wordpress_domains}}" domains: "{{wordpress_domains}}"
http_port: 8003 http_port: 8003
- name: setup redirect hosts
hosts: redirect_hosts
become: true
roles:
- role: native-https-redirect
vars:
domain_mappings: "{{redirect_domain_mappings}}"
- name: setup mediawiki hosts - name: setup mediawiki hosts
hosts: mediawiki_hosts hosts: mediawiki_hosts
become: true become: true
@ -125,3 +119,15 @@
vars: vars:
domain: akaunting.{{top_domain}} domain: akaunting.{{top_domain}}
http_port: 8080 http_port: 8080
# Backup Roles
- name: setup replica backup hosts
hosts: replica_backup_hosts
become: true
roles:
- role: native-pull-primary-backups
- name: setup backups cleanup
hosts: backups_cleanup
become: true
roles:
- role: native-backups-cleanup

View File

@ -1,6 +1,8 @@
- name: create sshd_config - name: create sshd_config
copy: template:
src: sshd_config src: "sshd_config.j2"
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
backup: yes owner: root
group: root
mode: '0644'
notify: sshd restart notify: sshd restart

View File

@ -108,7 +108,11 @@ PrintMotd no # pam does that
#Banner none #Banner none
# override default of no subsystems # override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server {% if ansible_os_family == "Archlinux" %}
Subsystem sftp /usr/lib/ssh/sftp-server
{% else%}
Subsystem sftp /usr/lib/openssh/sftp-server
{% endif %}
# Example of overriding settings on a per-user basis # Example of overriding settings on a per-user basis
#Match User anoncvs #Match User anoncvs

View File

@ -1 +1,3 @@
command="/home/backup/ssh-wrapper.sh" {{authorized_keys}} {% for authorized_key in authorized_keys_list %}
command="/home/backup/ssh-wrapper.sh" {{authorized_key}}
{% endfor %}

View File

@ -1,2 +1,2 @@
authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys" authorized_keys_path: "{{ inventory_dir }}/files/{{ inventory_hostname }}/home/backup/.ssh/authorized_keys"
authorized_keys: "{{ lookup('file', authorized_keys_path) }}" authorized_keys_list: "{{ lookup('file', authorized_keys_path).splitlines() }}"