Some repositories couldn't be updated, please check application logs for details.
BadCredentialsException: 401 {"message": "Bad credentials", "documentation_url": "https://docs.github.com/rest", "status": "401"}

aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--galaxy.yml2
-rw-r--r--roles/apt/defaults/main.yml2
-rw-r--r--roles/apt/tasks/main.yml2
-rw-r--r--roles/apt/templates/50unattended-upgrades.j220
-rw-r--r--roles/debian_cloud_server/meta/main.yml8
-rw-r--r--roles/debian_server/README.md2
-rw-r--r--roles/debian_server/defaults/main.yml (renamed from roles/debian_cloud_server/defaults/main.yml)6
-rw-r--r--roles/debian_server/meta/main.yml11
-rw-r--r--roles/locale/README.md1
-rw-r--r--roles/locale/defaults/main.yml4
-rw-r--r--roles/locale/tasks/main.yml5
-rw-r--r--roles/my_workspace/defaults/main.yml2
-rw-r--r--roles/my_workspace/tasks/project.yml54
-rw-r--r--roles/nfs/README.md2
-rw-r--r--roles/nfs/defaults/main.yml5
-rw-r--r--roles/nfs/handlers/main.yml4
-rw-r--r--roles/nfs/tasks/main.yml26
-rw-r--r--roles/nfs/templates/exports.j211
-rw-r--r--roles/samba/README.md2
-rw-r--r--roles/samba/defaults/main.yml2
-rw-r--r--roles/samba/handlers/main.yml12
-rw-r--r--roles/samba/tasks/main.yml49
-rw-r--r--roles/samba/templates/smb.conf.j215
23 files changed, 211 insertions, 36 deletions
diff --git a/galaxy.yml b/galaxy.yml
index 2169ba5..645a32d 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
namespace: tensin
name: infra
-version: 3.0.0
+version: 4.3.0
description: Some common Ansible roles used by me to manage things
repository: https://github.com/egor-tensin/infra-ansible
readme: README.md
diff --git a/roles/apt/defaults/main.yml b/roles/apt/defaults/main.yml
index 900172f..2c0fef4 100644
--- a/roles/apt/defaults/main.yml
+++ b/roles/apt/defaults/main.yml
@@ -1,4 +1,4 @@
apt_packages: []
-apt_unattended: false
+apt_unattended_upgrades: false
apt_unattended_reboot: true
apt_unattended_reboot_time: "02:00"
diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml
index e24430f..871d055 100644
--- a/roles/apt/tasks/main.yml
+++ b/roles/apt/tasks/main.yml
@@ -23,4 +23,4 @@
- name: Configure unattended-upgrades
ansible.builtin.include_tasks: unattended_upgrades.yml
- when: apt_unattended
+ when: apt_unattended_upgrades
diff --git a/roles/apt/templates/50unattended-upgrades.j2 b/roles/apt/templates/50unattended-upgrades.j2
index 389bb2b..57c8d20 100644
--- a/roles/apt/templates/50unattended-upgrades.j2
+++ b/roles/apt/templates/50unattended-upgrades.j2
@@ -1,5 +1,25 @@
{{ ansible_managed | comment }}
+// Lines below have the format format is "keyword=value,...". A
+// package will be upgraded only if the values in its metadata match
+// all the supplied keywords in a line. (In other words, omitted
+// keywords are wild cards.) The keywords originate from the Release
+// file, but several aliases are accepted. The accepted keywords are:
+// a,archive,suite (eg, "stable")
+// c,component (eg, "main", "contrib", "non-free")
+// l,label (eg, "Debian", "Debian-Security")
+// o,origin (eg, "Debian", "Unofficial Multimedia Packages")
+// n,codename (eg, "jessie", "jessie-updates")
+// site (eg, "http.debian.net")
+// The available values on the system are printed by the command
+// "apt-cache policy", and can be debugged by running
+// "unattended-upgrades -d" and looking at the log file.
+//
+// Within lines unattended-upgrades allows 2 macros whose values are
+// derived from /etc/debian_version:
+// ${distro_id} Installed origin.
+// ${distro_codename} Installed codename (eg, "buster")
+
Unattended-Upgrade::Origins-Pattern {
"origin=${distro_id},codename=${distro_codename}";
"origin=${distro_id},codename=${distro_codename}-security";
diff --git a/roles/debian_cloud_server/meta/main.yml b/roles/debian_cloud_server/meta/main.yml
index 71d1bc2..4205fb7 100644
--- a/roles/debian_cloud_server/meta/main.yml
+++ b/roles/debian_cloud_server/meta/main.yml
@@ -1,10 +1,6 @@
dependencies:
- role: cloud_init_wait
- - role: apt
+ - role: debian_server
vars:
- apt_packages: '{{ debian_cloud_server_packages }}'
- apt_unattended: true
- - role: sshd
+ debian_server_unattended_upgrades: true
- role: firewall
- - role: linux_status
- - role: journald
diff --git a/roles/debian_server/README.md b/roles/debian_server/README.md
new file mode 100644
index 0000000..ae55607
--- /dev/null
+++ b/roles/debian_server/README.md
@@ -0,0 +1,2 @@
+This is a meta-role, it simply pulls in other roles as dependencies. It's used
+for general maintenance of all my Debian-based machines.
diff --git a/roles/debian_cloud_server/defaults/main.yml b/roles/debian_server/defaults/main.yml
index 8fcd07e..a4661c8 100644
--- a/roles/debian_cloud_server/defaults/main.yml
+++ b/roles/debian_server/defaults/main.yml
@@ -1,4 +1,4 @@
-debian_cloud_server_packages:
+debian_server_packages:
# Some common & useful packages:
- curl
- dnsutils
@@ -13,3 +13,7 @@ debian_cloud_server_packages:
- tmux
- vim
- wget
+debian_server_unattended_upgrades: false
+debian_server_locale_list:
+ # The saner option for Europe.
+ - en_GB.UTF-8
diff --git a/roles/debian_server/meta/main.yml b/roles/debian_server/meta/main.yml
new file mode 100644
index 0000000..6ecaff6
--- /dev/null
+++ b/roles/debian_server/meta/main.yml
@@ -0,0 +1,11 @@
+dependencies:
+ - role: apt
+ vars:
+ apt_packages: '{{ debian_server_packages }}'
+ apt_unattended_upgrades: '{{ debian_server_unattended_upgrades }}'
+ - role: locale
+ vars:
+ locale_list: '{{ debian_server_locale_list }}'
+ - role: sshd
+ - role: journald
+ - role: linux_status
diff --git a/roles/locale/README.md b/roles/locale/README.md
new file mode 100644
index 0000000..7740691
--- /dev/null
+++ b/roles/locale/README.md
@@ -0,0 +1 @@
+This role sets up locales of your choice, including en_US.UTF-8.
diff --git a/roles/locale/defaults/main.yml b/roles/locale/defaults/main.yml
new file mode 100644
index 0000000..0072326
--- /dev/null
+++ b/roles/locale/defaults/main.yml
@@ -0,0 +1,4 @@
+# en_US.UTF-8 is always included.
+locale_list:
+ # The better locale for Europe, compared to en_US.
+ - en_GB.UTF-8
diff --git a/roles/locale/tasks/main.yml b/roles/locale/tasks/main.yml
new file mode 100644
index 0000000..54fd42d
--- /dev/null
+++ b/roles/locale/tasks/main.yml
@@ -0,0 +1,5 @@
+- name: Set up locales
+ become: true
+ community.general.locale_gen:
+ name: "{{ locale_list + ['en_US.UTF-8'] }}"
+ state: present
diff --git a/roles/my_workspace/defaults/main.yml b/roles/my_workspace/defaults/main.yml
index 2eb04de..2c861e4 100644
--- a/roles/my_workspace/defaults/main.yml
+++ b/roles/my_workspace/defaults/main.yml
@@ -3,3 +3,5 @@
my_workspace_dir: /srv/workspace
my_workspace_projects: []
+
+my_workspace_clone_only: false
diff --git a/roles/my_workspace/tasks/project.yml b/roles/my_workspace/tasks/project.yml
index e788eef..260950a 100644
--- a/roles/my_workspace/tasks/project.yml
+++ b/roles/my_workspace/tasks/project.yml
@@ -22,32 +22,34 @@
- name: user.email
value: '{{ my_workspace_git_email }}'
- - name: Check for Makefile
- ansible.builtin.file:
- path: '{{ project_dir }}/Makefile'
- state: file
- register: makefile_check
- ignore_errors: true
+ - name: Set the project running
+ when: not my_workspace_clone_only
+ block:
+ - name: Check for Makefile
+ ansible.builtin.file:
+ path: '{{ project_dir }}/Makefile'
+ state: file
+ register: makefile_check
+ ignore_errors: true
- - name: Check for docker-compose.yml
- ansible.builtin.file:
- path: '{{ project_dir }}/docker-compose.yml'
- state: file
- register: docker_compose_check
- ignore_errors: true
+ - name: Check for docker-compose.yml
+ ansible.builtin.file:
+ path: '{{ project_dir }}/docker-compose.yml'
+ state: file
+ register: docker_compose_check
+ ignore_errors: true
- - name: Run make
- become: true
- community.general.make:
- chdir: '{{ project_dir }}'
- when: makefile_check is succeeded
+ - name: Run make
+ become: true
+ community.general.make:
+ chdir: '{{ project_dir }}'
+ when: makefile_check is succeeded
- - name: Run docker-compose
- become: true
- community.docker.docker_compose:
- project_src: '{{ project_dir }}'
- pull: true
- build: true
- remove_orphans: true
- debug: true
- when: makefile_check is not succeeded and docker_compose_check is succeeded
+ - name: Run docker-compose
+ become: true
+ community.docker.docker_compose_v2:
+ project_src: '{{ project_dir }}'
+ pull: always
+ build: always
+ remove_orphans: true
+ when: makefile_check is not succeeded and docker_compose_check is succeeded
diff --git a/roles/nfs/README.md b/roles/nfs/README.md
new file mode 100644
index 0000000..b26e8e7
--- /dev/null
+++ b/roles/nfs/README.md
@@ -0,0 +1,2 @@
+This role installs the NFS server & configures a mount. It doesn't support
+multiple mounts or anything like that.
diff --git a/roles/nfs/defaults/main.yml b/roles/nfs/defaults/main.yml
new file mode 100644
index 0000000..0308c64
--- /dev/null
+++ b/roles/nfs/defaults/main.yml
@@ -0,0 +1,5 @@
+#nfs_dir:
+nfs_opts:
+nfs_all_squash: false
+#nfs_anonuid:
+#nfs_anongid:
diff --git a/roles/nfs/handlers/main.yml b/roles/nfs/handlers/main.yml
new file mode 100644
index 0000000..e92820d
--- /dev/null
+++ b/roles/nfs/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Reload NFS mounts
+ become: true
+ ansible.builtin.command: /usr/sbin/exportfs -arv
+ listen: nfs_configured
diff --git a/roles/nfs/tasks/main.yml b/roles/nfs/tasks/main.yml
new file mode 100644
index 0000000..f8045e3
--- /dev/null
+++ b/roles/nfs/tasks/main.yml
@@ -0,0 +1,26 @@
+- name: Install NFS
+ become: true
+ ansible.builtin.package:
+ name: nfs-server
+ state: present
+
+- name: Enable & start NFS service
+ become: true
+ ansible.builtin.systemd_service:
+ name: nfs-server
+ enabled: true
+ state: started
+
+- name: Collect required info
+ ansible.builtin.setup:
+ gather_subset: [user]
+
+- name: Configure NFS
+ become: true
+ ansible.builtin.template:
+ src: exports.j2
+ dest: /etc/exports
+ owner: root
+ group: root
+ mode: '644'
+ notify: nfs_configured
diff --git a/roles/nfs/templates/exports.j2 b/roles/nfs/templates/exports.j2
new file mode 100644
index 0000000..301bb45
--- /dev/null
+++ b/roles/nfs/templates/exports.j2
@@ -0,0 +1,11 @@
+{% set _opts = 'rw,sync,insecure,no_subtree_check' %}
+{% if nfs_opts %}
+ {% set _opts %}{{ _opts }},{{ nfs_opts }}{% endset %}
+{% endif %}
+{% if nfs_all_squash %}
+ {% set _anonuid = nfs_anonuid if nfs_anonuid is defined else ansible_facts['user_uid'] %}
+ {% set _anongid = nfs_anongid if nfs_anongid is defined else ansible_facts['user_gid'] %}
+ {% set _opts %}{{ _opts }},all_squash,anonuid={{ _anonuid }},anongid={{ _anongid }}{% endset %}
+{% endif %}
+
+{{ nfs_dir }} *({{ _opts }})
diff --git a/roles/samba/README.md b/roles/samba/README.md
new file mode 100644
index 0000000..db14c86
--- /dev/null
+++ b/roles/samba/README.md
@@ -0,0 +1,2 @@
+This role configures an anonymous Samba share. It doesn't support multiple
+shares, authentication or anything like that.
diff --git a/roles/samba/defaults/main.yml b/roles/samba/defaults/main.yml
new file mode 100644
index 0000000..d032b7f
--- /dev/null
+++ b/roles/samba/defaults/main.yml
@@ -0,0 +1,2 @@
+#samba_share_dir:
+#samba_share_name:
diff --git a/roles/samba/handlers/main.yml b/roles/samba/handlers/main.yml
new file mode 100644
index 0000000..81dfe5e
--- /dev/null
+++ b/roles/samba/handlers/main.yml
@@ -0,0 +1,12 @@
+- name: Collect service facts
+ ansible.builtin.service_facts:
+ listen: samba_configured
+
+- name: Restart Samba service
+ become: true
+ when: |
+ 'smbd.service' in ansible_facts.services and ansible_facts.services['smbd.service'].state == 'running'
+ ansible.builtin.systemd_service:
+ name: smbd
+ state: restarted
+ listen: samba_configured
diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml
new file mode 100644
index 0000000..97aff98
--- /dev/null
+++ b/roles/samba/tasks/main.yml
@@ -0,0 +1,49 @@
+- name: Install Samba
+ become: true
+ ansible.builtin.package:
+ name: samba
+ state: present
+
+- name: Create /etc/samba
+ become: true
+ ansible.builtin.file:
+ path: /etc/samba
+ state: directory
+ owner: root
+ group: root
+ mode: '755'
+
+- name: Format smb.conf
+ become: true
+ ansible.builtin.template:
+ src: smb.conf.j2
+ dest: /etc/samba/smb.conf
+ owner: root
+ group: root
+ mode: '644'
+ validate: '/usr/bin/testparm --suppress-prompt %s'
+ notify: samba_configured
+
+- name: Enable & start Samba
+ become: true
+ ansible.builtin.systemd_service:
+ name: smbd
+ enabled: true
+ state: started
+
+- name: Restart Samba service if necessary
+ ansible.builtin.meta: flush_handlers
+
+# Enable network discovery on Windows.
+- name: Install wsdd
+ become: true
+ ansible.builtin.package:
+ name: wsdd
+ state: present
+
+- name: Enable & start wsdd
+ become: true
+ ansible.builtin.systemd_service:
+ name: wsdd
+ enabled: true
+ state: started
diff --git a/roles/samba/templates/smb.conf.j2 b/roles/samba/templates/smb.conf.j2
new file mode 100644
index 0000000..00ef87b
--- /dev/null
+++ b/roles/samba/templates/smb.conf.j2
@@ -0,0 +1,15 @@
+{{ ansible_managed | comment }}
+
+# https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server#Creating_a_Basic_guest_only_smb.conf_File
+
+[global]
+ logging = syslog
+ map to guest = Bad user
+ server role = standalone server
+ auto services = {{ samba_share_name }}
+
+[{{ samba_share_name }}]
+ path = {{ samba_share_dir }}
+ read only = no
+ guest ok = yes
+ guest only = yes
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-06 10:50:06 +0000