From 1c734cefb110e66a5301e619a0f6abffa24e9c6f Mon Sep 17 00:00:00 2001 From: Jannik Beyerstedt Date: Sat, 20 Dec 2025 21:08:31 +0100 Subject: [PATCH] [TIDY] Move to ansible_facts dict instead of injected variables --- README.md | 2 +- defaults/main.yml | 4 ++-- tasks/borgbackup-Debian-stretch.yml | 6 +++--- tasks/borgbackup-Debian.yml | 2 +- tasks/borgbackup.yml | 10 +++++----- tasks/caddy-install.yml | 6 +++--- tasks/caddy-setup.yml | 2 +- tasks/cronmails.yml | 6 +++--- tasks/docker-Debian.yml | 4 ++-- tasks/docker.yml | 8 ++++---- tasks/dyndns.yml | 4 ++-- tasks/telegraf-Debian.yml | 6 +++--- tasks/telegraf.yml | 10 +++++----- templates/sshd_config.j2 | 6 +++--- templates/telegraf.conf.j2 | 2 +- 15 files changed, 39 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index 98004a1..43f44ea 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ If you want to configure borgbackup backups, these variables need to be set: - `borgbackup_hostname`: Hostname to prefix the snapshots Optional configuration: -- `borgbackup_ssh_id`: Path to the used ssh id (default: `{{ ansible_user_dir }}/.ssh/id_ed25519`) +- `borgbackup_ssh_id`: Path to the used ssh id (default: `{{ ansible_facts['user_dir'] }}/.ssh/id_ed25519`) Attention: You still need to setup the borgbackup repository manually. diff --git a/defaults/main.yml b/defaults/main.yml index d14eedc..50f4016 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,9 +1,9 @@ --- # defaults file for server -borgbackup_ssh_id: "{{ ansible_user_dir }}/.ssh/id_ed25519" +borgbackup_ssh_id: "{{ ansible_facts['user_dir'] }}/.ssh/id_ed25519" -caddy_cachedir: "{{ ansible_user_dir }}/.ansbl-caddy-cache" +caddy_cachedir: "{{ ansible_facts['user_dir'] }}/.ansbl-caddy-cache" telegraf_interval: "300s" telegraf_docker_file: "telegraf-docker.conf" diff --git a/tasks/borgbackup-Debian-stretch.yml b/tasks/borgbackup-Debian-stretch.yml index e50a364..05b9137 100644 --- a/tasks/borgbackup-Debian-stretch.yml +++ b/tasks/borgbackup-Debian-stretch.yml @@ -9,7 +9,7 @@ - name: Borgbackup - Add debian repo key when: - - ansible_distribution_release == 'stretch' + - ansible_facts['distribution_release'] == 'stretch' become: true ansible.builtin.apt_key: keyserver: pgpkeys.mit.edu @@ -17,7 +17,7 @@ state: present - name: Borgbackup - Add stretch-backports when: - - ansible_distribution_release == 'stretch' + - ansible_facts['distribution_release'] == 'stretch' become: true ansible.builtin.apt_repository: repo: deb http://ftp.debian.org/debian stretch-backports main @@ -27,7 +27,7 @@ - borgbackup_passphrase is defined - borgbackup_repo is defined - borgbackup_hostname is defined - - ansible_distribution_release == 'stretch' + - ansible_facts['distribution_release'] == 'stretch' become: true ansible.builtin.apt: name: borgbackup diff --git a/tasks/borgbackup-Debian.yml b/tasks/borgbackup-Debian.yml index 306f605..98b18de 100644 --- a/tasks/borgbackup-Debian.yml +++ b/tasks/borgbackup-Debian.yml @@ -12,7 +12,7 @@ - borgbackup_passphrase is defined - borgbackup_repo is defined - borgbackup_hostname is defined - - ansible_distribution_release != 'stretch' + - ansible_facts['distribution_release'] != 'stretch' become: true ansible.builtin.apt: name: borgbackup diff --git a/tasks/borgbackup.yml b/tasks/borgbackup.yml index 5d80ed6..1f5839d 100644 --- a/tasks/borgbackup.yml +++ b/tasks/borgbackup.yml @@ -14,9 +14,9 @@ - name: Borgbackup - Install application ansible.builtin.include_tasks: "{{ item }}" with_first_found: - - "borgbackup-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - - "borgbackup-{{ ansible_distribution }}.yml" - - "borgbackup-{{ (override_os_family is defined) | ternary(override_os_family, ansible_os_family) }}.yml" + - "borgbackup-{{ ansible_facts['distribution'] }}.{{ ansible_facts['distribution_release'] }}.yml" + - "borgbackup-{{ ansible_facts['distribution'] }}.yml" + - "borgbackup-{{ (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) }}.yml" ignore_errors: true # copy backup script and enable cronjob @@ -25,8 +25,8 @@ ansible.builtin.template: src: "{{ role_path }}/templates/borgbackup.sh" dest: /usr/local/bin/borgbackup.sh - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_id }}" + owner: "{{ ansible_facts['user_id'] }}" + group: "{{ ansible_facts['user_id'] }}" mode: "0775" - name: Borgbackup - Run Borgbackup script at 1:00 daily become: true diff --git a/tasks/caddy-install.yml b/tasks/caddy-install.yml index 5fb4d26..fd182a3 100644 --- a/tasks/caddy-install.yml +++ b/tasks/caddy-install.yml @@ -22,7 +22,7 @@ state: directory - name: Caddyserver - Download caddy webserver (amd64) - when: ansible_architecture == "x86_64" + when: ansible_facts['architecture'] == "x86_64" become: true ansible.builtin.get_url: url: "https://caddyserver.com/api/download?os=linux&arch=amd64" @@ -31,7 +31,7 @@ owner: root mode: "0755" - name: Caddyserver - Download caddy webserver (armv7/ raspberry pi) - when: ansible_architecture == "armv7l" + when: ansible_facts['architecture'] == "armv7l" become: true ansible.builtin.get_url: url: "https://caddyserver.com/api/download?os=linux&arch=arm&arm=7" @@ -40,7 +40,7 @@ owner: root mode: "0755" - name: Caddyserver - Download caddy webserver (arm64) - when: ansible_architecture == "aarch64" + when: ansible_facts['architecture'] == "aarch64" become: true ansible.builtin.get_url: url: "https://caddyserver.com/api/download?os=linux&arch=arm64" diff --git a/tasks/caddy-setup.yml b/tasks/caddy-setup.yml index 6013503..e2bad88 100644 --- a/tasks/caddy-setup.yml +++ b/tasks/caddy-setup.yml @@ -40,6 +40,6 @@ - name: Caddyserver - Add standard user to www-data group become: true ansible.builtin.user: - name: "{{ ansible_user_id }}" + name: "{{ ansible_facts['user_id'] }}" groups: www-data append: true diff --git a/tasks/cronmails.yml b/tasks/cronmails.yml index 28f4e96..84f0202 100644 --- a/tasks/cronmails.yml +++ b/tasks/cronmails.yml @@ -6,9 +6,9 @@ when: not exim_skip_install ansible.builtin.include_tasks: "{{ item }}" with_first_found: - - "cronmails-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - - "cronmails-{{ ansible_distribution }}.yml" - - "cronmails-{{ (override_os_family is defined) | ternary(override_os_family, ansible_os_family) }}.yml" + - "cronmails-{{ ansible_facts['distribution'] }}.{{ ansible_facts['distribution_release'] }}.yml" + - "cronmails-{{ ansible_facts['distribution'] }}.yml" + - "cronmails-{{ (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) }}.yml" ignore_errors: true # Set cronjob env variables/ settings diff --git a/tasks/docker-Debian.yml b/tasks/docker-Debian.yml index bdaf993..9b52f1b 100644 --- a/tasks/docker-Debian.yml +++ b/tasks/docker-Debian.yml @@ -35,14 +35,14 @@ when: ansible_facts['lsb']['id'] != "Raspbian" become: true ansible.builtin.apt_repository: - repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" + repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable" state: present notify: Update Apt Cache - name: Docker - Add docker CE repo (Raspbian) when: ansible_facts['lsb']['id'] == "Raspbian" become: true ansible.builtin.apt_repository: - repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" + repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/raspbian {{ ansible_facts['distribution_release'] }} stable" state: present notify: Update Apt Cache diff --git a/tasks/docker.yml b/tasks/docker.yml index e919778..a6ffbed 100644 --- a/tasks/docker.yml +++ b/tasks/docker.yml @@ -6,14 +6,14 @@ - name: Docker - Install ansible.builtin.include_tasks: "{{ item }}" with_first_found: - - "docker-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - - "docker-{{ ansible_distribution }}.yml" - - "docker-{{ ansible_os_family }}.yml" + - "docker-{{ ansible_facts['distribution'] }}.{{ ansible_facts['distribution_release'] }}.yml" + - "docker-{{ ansible_facts['distribution'] }}.yml" + - "docker-{{ ansible_facts['os_family'] }}.yml" # Other setup tasks - name: Docker - Add standard user to docker group become: true ansible.builtin.user: - name: "{{ ansible_user_id }}" + name: "{{ ansible_facts['user_id'] }}" groups: docker append: true diff --git a/tasks/dyndns.yml b/tasks/dyndns.yml index 36c6aee..2e33be1 100644 --- a/tasks/dyndns.yml +++ b/tasks/dyndns.yml @@ -13,8 +13,8 @@ ansible.builtin.template: src: "{{ role_path }}/templates/ddns-hosts.sh" dest: /usr/local/bin/ddns-hosts.sh - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_id }}" + owner: "{{ ansible_facts['user_id'] }}" + group: "{{ ansible_facts['user_id'] }}" mode: "0775" - name: "Dyndns - Create cronjob for {{ ddns_zone }} dynDNS script" become: true diff --git a/tasks/telegraf-Debian.yml b/tasks/telegraf-Debian.yml index 358123c..249190f 100644 --- a/tasks/telegraf-Debian.yml +++ b/tasks/telegraf-Debian.yml @@ -14,12 +14,12 @@ state: present - name: Telegraf - Add telegraf repo become: true - when: ansible_distribution_release != 'bookworm' + when: ansible_facts['distribution_release'] != 'bookworm' ansible.builtin.apt_repository: - repo: "deb https://repos.influxdata.com/debian {{ ansible_distribution_release }} stable" + repo: "deb https://repos.influxdata.com/debian {{ ansible_facts['distribution_release'] }} stable" state: present - name: Telegraf - Add telegraf repo - when: ansible_distribution_release == 'bookworm' + when: ansible_facts['distribution_release'] == 'bookworm' become: true ansible.builtin.apt_repository: repo: "deb https://repos.influxdata.com/debian bullseye stable" diff --git a/tasks/telegraf.yml b/tasks/telegraf.yml index 9161c16..a454bcc 100644 --- a/tasks/telegraf.yml +++ b/tasks/telegraf.yml @@ -5,9 +5,9 @@ - name: Telegraf - Install telegraf ansible.builtin.include_tasks: "{{ item }}" with_first_found: - - "telegraf-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - - "telegraf-{{ ansible_distribution }}.yml" - - "telegraf-{{ (override_os_family is defined) | ternary(override_os_family, ansible_os_family) }}.yml" + - "telegraf-{{ ansible_facts['distribution'] }}.{{ ansible_facts['distribution_release'] }}.yml" + - "telegraf-{{ ansible_facts['distribution'] }}.yml" + - "telegraf-{{ (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) }}.yml" # Install SNMP MIBs - name: Telegraf - Install SNMP MIBs @@ -34,14 +34,14 @@ # Configure - name: Telegraf - Copy telegraf config (Linux) - when: (override_os_family is defined) | ternary(override_os_family, ansible_os_family) != "FreeBSD" + when: (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) != "FreeBSD" become: true ansible.builtin.template: src: "{{ role_path }}/templates/telegraf.conf.j2" dest: /etc/telegraf/telegraf.conf - name: Telegraf - Copy telegraf config (FreeBSD) - when: (override_os_family is defined) | ternary(override_os_family, ansible_os_family) == "FreeBSD" + when: (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) == "FreeBSD" become: true ansible.builtin.template: src: "{{ role_path }}/templates/telegraf.conf.j2" diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2 index f9611f5..343c842 100644 --- a/templates/sshd_config.j2 +++ b/templates/sshd_config.j2 @@ -18,7 +18,7 @@ LogLevel INFO # Authentication: #LoginGraceTime 2m -{% if 'root' == ansible_user_id %} +{% if 'root' == ansible_facts['user_id'] %} PermitRootLogin yes {% else %} PermitRootLogin no @@ -64,9 +64,9 @@ UseDNS no AcceptEnv LANG LC_* # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise. -{% if ((override_os_family is defined) | ternary(override_os_family,ansible_os_family)) == 'Centos' %} +{% if ((override_os_family is defined) | ternary(override_os_family,ansible_facts['os_family'])) == 'Centos' %} Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO -{% elif ((override_os_family is defined) | ternary(override_os_family,ansible_os_family)) == 'FreeBSD' %} +{% elif ((override_os_family is defined) | ternary(override_os_family,ansible_facts['os_family'])) == 'FreeBSD' %} Subsystem sftp /usr/libexec/sftp-server {% else %} Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO diff --git a/templates/telegraf.conf.j2 b/templates/telegraf.conf.j2 index 1ecd65a..7194686 100644 --- a/templates/telegraf.conf.j2 +++ b/templates/telegraf.conf.j2 @@ -75,7 +75,7 @@ # ## If true, a field name like 'temp1_input' will be changed to 'temp_input'. # # remove_numbers = true -{% if ansible_lsb.id is defined and ansible_lsb.id == "Raspbian" %} +{% if ansible_facts['lsb']['id'] is defined and ansible_facts['lsb']['id'] == "Raspbian" %} # On Raspbian, get CPU temperature (in millicelsius) [[inputs.exec]] commands = ["cat /sys/class/thermal/thermal_zone0/temp"]