19 files changed, 177 insertions, 28 deletions

diff --git a/galaxy.yml b/galaxy.yml
index 67e4c29..645a32d 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: tensin
 name: infra
-version: 4.0.0
+version: 4.3.0
 description: Some common Ansible roles used by me to manage things
 repository: https://github.com/egor-tensin/infra-ansible
 readme: README.md
diff --git a/roles/debian_cloud_server/meta/main.yml b/roles/debian_cloud_server/meta/main.yml
index 937ec95..4205fb7 100644
--- a/roles/debian_cloud_server/meta/main.yml
+++ b/roles/debian_cloud_server/meta/main.yml
@@ -3,3 +3,4 @@ dependencies:
   - role: debian_server
     vars:
       debian_server_unattended_upgrades: true
+  - role: firewall
diff --git a/roles/debian_server/defaults/main.yml b/roles/debian_server/defaults/main.yml
index 80776a4..a4661c8 100644
--- a/roles/debian_server/defaults/main.yml
+++ b/roles/debian_server/defaults/main.yml
@@ -14,3 +14,6 @@ debian_server_packages:
   - vim
   - wget
 debian_server_unattended_upgrades: false
+debian_server_locale_list:
+  # The saner option for Europe.
+  - en_GB.UTF-8
diff --git a/roles/debian_server/meta/main.yml b/roles/debian_server/meta/main.yml
index 10d3eb8..6ecaff6 100644
--- a/roles/debian_server/meta/main.yml
+++ b/roles/debian_server/meta/main.yml
@@ -3,7 +3,9 @@ dependencies:
     vars:
       apt_packages: '{{ debian_server_packages }}'
       apt_unattended_upgrades: '{{ debian_server_unattended_upgrades }}'
+  - role: locale
+    vars:
+      locale_list: '{{ debian_server_locale_list }}'
   - role: sshd
-  - role: firewall
-  - role: linux_status
   - role: journald
+  - role: linux_status
diff --git a/roles/locale/README.md b/roles/locale/README.md
new file mode 100644
index 0000000..7740691
--- /dev/null
+++ b/roles/locale/README.md
@@ -0,0 +1 @@
+This role sets up locales of your choice, including en_US.UTF-8.
diff --git a/roles/locale/defaults/main.yml b/roles/locale/defaults/main.yml
new file mode 100644
index 0000000..0072326
--- /dev/null
+++ b/roles/locale/defaults/main.yml
@@ -0,0 +1,4 @@
+# en_US.UTF-8 is always included.
+locale_list:
+  # The better locale for Europe, compared to en_US.
+  - en_GB.UTF-8
diff --git a/roles/locale/tasks/main.yml b/roles/locale/tasks/main.yml
new file mode 100644
index 0000000..54fd42d
--- /dev/null
+++ b/roles/locale/tasks/main.yml
@@ -0,0 +1,5 @@
+- name: Set up locales
+  become: true
+  community.general.locale_gen:
+    name: "{{ locale_list + ['en_US.UTF-8'] }}"
+    state: present
diff --git a/roles/my_workspace/defaults/main.yml b/roles/my_workspace/defaults/main.yml
index 2eb04de..2c861e4 100644
--- a/roles/my_workspace/defaults/main.yml
+++ b/roles/my_workspace/defaults/main.yml
@@ -3,3 +3,5 @@
 
 my_workspace_dir: /srv/workspace
 my_workspace_projects: []
+
+my_workspace_clone_only: false
diff --git a/roles/my_workspace/tasks/project.yml b/roles/my_workspace/tasks/project.yml
index 790ab74..260950a 100644
--- a/roles/my_workspace/tasks/project.yml
+++ b/roles/my_workspace/tasks/project.yml
@@ -22,31 +22,34 @@
         - name: user.email
           value: '{{ my_workspace_git_email }}'
 
-    - name: Check for Makefile
-      ansible.builtin.file:
-        path: '{{ project_dir }}/Makefile'
-        state: file
-      register: makefile_check
-      ignore_errors: true
+    - name: Set the project running
+      when: not my_workspace_clone_only
+      block:
+        - name: Check for Makefile
+          ansible.builtin.file:
+            path: '{{ project_dir }}/Makefile'
+            state: file
+          register: makefile_check
+          ignore_errors: true
 
-    - name: Check for docker-compose.yml
-      ansible.builtin.file:
-        path: '{{ project_dir }}/docker-compose.yml'
-        state: file
-      register: docker_compose_check
-      ignore_errors: true
+        - name: Check for docker-compose.yml
+          ansible.builtin.file:
+            path: '{{ project_dir }}/docker-compose.yml'
+            state: file
+          register: docker_compose_check
+          ignore_errors: true
 
-    - name: Run make
-      become: true
-      community.general.make:
-        chdir: '{{ project_dir }}'
-      when: makefile_check is succeeded
+        - name: Run make
+          become: true
+          community.general.make:
+            chdir: '{{ project_dir }}'
+          when: makefile_check is succeeded
 
-    - name: Run docker-compose
-      become: true
-      community.docker.docker_compose_v2:
-        project_src: '{{ project_dir }}'
-        pull: always
-        build: always
-        remove_orphans: true
-      when: makefile_check is not succeeded and docker_compose_check is succeeded
+        - name: Run docker-compose
+          become: true
+          community.docker.docker_compose_v2:
+            project_src: '{{ project_dir }}'
+            pull: always
+            build: always
+            remove_orphans: true
+          when: makefile_check is not succeeded and docker_compose_check is succeeded
diff --git a/roles/nfs/README.md b/roles/nfs/README.md
new file mode 100644
index 0000000..b26e8e7
--- /dev/null
+++ b/roles/nfs/README.md
@@ -0,0 +1,2 @@
+This role installs the NFS server & configures a mount. It doesn't support
+multiple mounts or anything like that.
diff --git a/roles/nfs/defaults/main.yml b/roles/nfs/defaults/main.yml
new file mode 100644
index 0000000..0308c64
--- /dev/null
+++ b/roles/nfs/defaults/main.yml
@@ -0,0 +1,5 @@
+#nfs_dir:
+nfs_opts:
+nfs_all_squash: false
+#nfs_anonuid:
+#nfs_anongid:
diff --git a/roles/nfs/handlers/main.yml b/roles/nfs/handlers/main.yml
new file mode 100644
index 0000000..e92820d
--- /dev/null
+++ b/roles/nfs/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Reload NFS mounts
+  become: true
+  ansible.builtin.command: /usr/sbin/exportfs -arv
+  listen: nfs_configured
diff --git a/roles/nfs/tasks/main.yml b/roles/nfs/tasks/main.yml
new file mode 100644
index 0000000..f8045e3
--- /dev/null
+++ b/roles/nfs/tasks/main.yml
@@ -0,0 +1,26 @@
+- name: Install NFS
+  become: true
+  ansible.builtin.package:
+    name: nfs-server
+    state: present
+
+- name: Enable & start NFS service
+  become: true
+  ansible.builtin.systemd_service:
+    name: nfs-server
+    enabled: true
+    state: started
+
+- name: Collect required info
+  ansible.builtin.setup:
+    gather_subset: [user]
+
+- name: Configure NFS
+  become: true
+  ansible.builtin.template:
+    src: exports.j2
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: '644'
+  notify: nfs_configured
diff --git a/roles/nfs/templates/exports.j2 b/roles/nfs/templates/exports.j2
new file mode 100644
index 0000000..301bb45
--- /dev/null
+++ b/roles/nfs/templates/exports.j2
@@ -0,0 +1,11 @@
+{% set _opts = 'rw,sync,insecure,no_subtree_check' %}
+{% if nfs_opts %}
+  {% set _opts %}{{ _opts }},{{ nfs_opts }}{% endset %}
+{% endif %}
+{% if nfs_all_squash %}
+  {% set _anonuid = nfs_anonuid if nfs_anonuid is defined else ansible_facts['user_uid'] %}
+  {% set _anongid = nfs_anongid if nfs_anongid is defined else ansible_facts['user_gid'] %}
+  {% set _opts %}{{ _opts }},all_squash,anonuid={{ _anonuid }},anongid={{ _anongid }}{% endset %}
+{% endif %}
+
+{{ nfs_dir }}	*({{ _opts }})
diff --git a/roles/samba/README.md b/roles/samba/README.md
new file mode 100644
index 0000000..db14c86
--- /dev/null
+++ b/roles/samba/README.md
@@ -0,0 +1,2 @@
+This role configures an anonymous Samba share. It doesn't support multiple
+shares, authentication or anything like that.
diff --git a/roles/samba/defaults/main.yml b/roles/samba/defaults/main.yml
new file mode 100644
index 0000000..d032b7f
--- /dev/null
+++ b/roles/samba/defaults/main.yml
@@ -0,0 +1,2 @@
+#samba_share_dir:
+#samba_share_name:
diff --git a/roles/samba/handlers/main.yml b/roles/samba/handlers/main.yml
new file mode 100644
index 0000000..81dfe5e
--- /dev/null
+++ b/roles/samba/handlers/main.yml
@@ -0,0 +1,12 @@
+- name: Collect service facts
+  ansible.builtin.service_facts:
+  listen: samba_configured
+
+- name: Restart Samba service
+  become: true
+  when: |
+    'smbd.service' in ansible_facts.services and ansible_facts.services['smbd.service'].state == 'running'
+  ansible.builtin.systemd_service:
+    name: smbd
+    state: restarted
+  listen: samba_configured
diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml
new file mode 100644
index 0000000..97aff98
--- /dev/null
+++ b/roles/samba/tasks/main.yml
@@ -0,0 +1,49 @@
+- name: Install Samba
+  become: true
+  ansible.builtin.package:
+    name: samba
+    state: present
+
+- name: Create /etc/samba
+  become: true
+  ansible.builtin.file:
+    path: /etc/samba
+    state: directory
+    owner: root
+    group: root
+    mode: '755'
+
+- name: Format smb.conf
+  become: true
+  ansible.builtin.template:
+    src: smb.conf.j2
+    dest: /etc/samba/smb.conf
+    owner: root
+    group: root
+    mode: '644'
+    validate: '/usr/bin/testparm --suppress-prompt %s'
+  notify: samba_configured
+
+- name: Enable & start Samba
+  become: true
+  ansible.builtin.systemd_service:
+    name: smbd
+    enabled: true
+    state: started
+
+- name: Restart Samba service if necessary
+  ansible.builtin.meta: flush_handlers
+
+# Enable network discovery on Windows.
+- name: Install wsdd
+  become: true
+  ansible.builtin.package:
+    name: wsdd
+    state: present
+
+- name: Enable & start wsdd
+  become: true
+  ansible.builtin.systemd_service:
+    name: wsdd
+    enabled: true
+    state: started
diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2
new file mode 100644
index 0000000..00ef87b
--- /dev/null
+++ b/roles/samba/templates/smb.conf.j2
@@ -0,0 +1,15 @@
+{{ ansible_managed | comment }}
+
+# https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server#Creating_a_Basic_guest_only_smb.conf_File
+
+[global]
+    logging = syslog
+    map to guest = Bad user
+    server role = standalone server
+    auto services = {{ samba_share_name }}
+
+[{{ samba_share_name }}]
+    path = {{ samba_share_dir }}
+    read only = no
+    guest ok = yes
+    guest only = yes