jannik/ansible-role-server
1
1
Fork 0
Code Issues 3 Releases Activity

[TIDY] Move to ansible_facts dict instead of injected variables

Browse source
This commit is contained in:
Jannik Beyerstedt 2025-12-20 21:08:31 +01:00
parent d1c6d34a64
commit 1c734cefb1
15 changed files with 39 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -25,7 +25,7 @@ If you want to configure borgbackup backups, these variables need to be set:
- `borgbackup_hostname`: Hostname to prefix the snapshots - `borgbackup_hostname`: Hostname to prefix the snapshots
Optional configuration: Optional configuration:
- `borgbackup_ssh_id`: Path to the used ssh id (default: `{{ ansible_user_dir }}/.ssh/id_ed25519`) - `borgbackup_ssh_id`: Path to the used ssh id (default: `{{ ansible_facts['user_dir'] }}/.ssh/id_ed25519`)
Attention: You still need to setup the borgbackup repository manually. Attention: You still need to setup the borgbackup repository manually.

4
defaults/main.yml
View file

@ -1,9 +1,9 @@
--- ---
# defaults file for server # defaults file for server
borgbackup_ssh_id: "{{ ansible_user_dir }}/.ssh/id_ed25519" borgbackup_ssh_id: "{{ ansible_facts['user_dir'] }}/.ssh/id_ed25519"
caddy_cachedir: "{{ ansible_user_dir }}/.ansbl-caddy-cache" caddy_cachedir: "{{ ansible_facts['user_dir'] }}/.ansbl-caddy-cache"
telegraf_interval: "300s" telegraf_interval: "300s"
telegraf_docker_file: "telegraf-docker.conf" telegraf_docker_file: "telegraf-docker.conf"

6
tasks/borgbackup-Debian-stretch.yml
View file

@ -9,7 +9,7 @@
- name: Borgbackup - Add debian repo key - name: Borgbackup - Add debian repo key
when: when:
- ansible_distribution_release == 'stretch' - ansible_facts['distribution_release'] == 'stretch'
become: true become: true
ansible.builtin.apt_key: ansible.builtin.apt_key:
keyserver: pgpkeys.mit.edu keyserver: pgpkeys.mit.edu
@ -17,7 +17,7 @@
state: present state: present
- name: Borgbackup - Add stretch-backports - name: Borgbackup - Add stretch-backports
when: when:
- ansible_distribution_release == 'stretch' - ansible_facts['distribution_release'] == 'stretch'
become: true become: true
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: deb http://ftp.debian.org/debian stretch-backports main repo: deb http://ftp.debian.org/debian stretch-backports main
@ -27,7 +27,7 @@
- borgbackup_passphrase is defined - borgbackup_passphrase is defined
- borgbackup_repo is defined - borgbackup_repo is defined
- borgbackup_hostname is defined - borgbackup_hostname is defined
- ansible_distribution_release == 'stretch' - ansible_facts['distribution_release'] == 'stretch'
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
name: borgbackup name: borgbackup

2
tasks/borgbackup-Debian.yml
View file

@ -12,7 +12,7 @@
- borgbackup_passphrase is defined - borgbackup_passphrase is defined
- borgbackup_repo is defined - borgbackup_repo is defined
- borgbackup_hostname is defined - borgbackup_hostname is defined
- ansible_distribution_release != 'stretch' - ansible_facts['distribution_release'] != 'stretch'
become: true become: true
ansible.builtin.apt: ansible.builtin.apt:
name: borgbackup name: borgbackup

10
tasks/borgbackup.yml
View file

@ -14,9 +14,9 @@
- name: Borgbackup - Install application - name: Borgbackup - Install application
ansible.builtin.include_tasks: "{{ item }}" ansible.builtin.include_tasks: "{{ item }}"
with_first_found: with_first_found:
- "borgbackup-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - "borgbackup-{{ ansible_facts['distribution'] }}.{{ ansible_facts['distribution_release'] }}.yml"
- "borgbackup-{{ ansible_distribution }}.yml" - "borgbackup-{{ ansible_facts['distribution'] }}.yml"
- "borgbackup-{{ (override_os_family is defined) | ternary(override_os_family, ansible_os_family) }}.yml" - "borgbackup-{{ (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) }}.yml"
ignore_errors: true ignore_errors: true
# copy backup script and enable cronjob # copy backup script and enable cronjob
@ -25,8 +25,8 @@
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/borgbackup.sh" src: "{{ role_path }}/templates/borgbackup.sh"
dest: /usr/local/bin/borgbackup.sh dest: /usr/local/bin/borgbackup.sh
owner: "{{ ansible_user_id }}" owner: "{{ ansible_facts['user_id'] }}"
group: "{{ ansible_user_id }}" group: "{{ ansible_facts['user_id'] }}"
mode: "0775" mode: "0775"
- name: Borgbackup - Run Borgbackup script at 1:00 daily - name: Borgbackup - Run Borgbackup script at 1:00 daily
become: true become: true

6
tasks/caddy-install.yml
View file

@ -22,7 +22,7 @@
state: directory state: directory
- name: Caddyserver - Download caddy webserver (amd64) - name: Caddyserver - Download caddy webserver (amd64)
when: ansible_architecture == "x86_64" when: ansible_facts['architecture'] == "x86_64"
become: true become: true
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://caddyserver.com/api/download?os=linux&arch=amd64" url: "https://caddyserver.com/api/download?os=linux&arch=amd64"
@ -31,7 +31,7 @@
owner: root owner: root
mode: "0755" mode: "0755"
- name: Caddyserver - Download caddy webserver (armv7/ raspberry pi) - name: Caddyserver - Download caddy webserver (armv7/ raspberry pi)
when: ansible_architecture == "armv7l" when: ansible_facts['architecture'] == "armv7l"
become: true become: true
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://caddyserver.com/api/download?os=linux&arch=arm&arm=7" url: "https://caddyserver.com/api/download?os=linux&arch=arm&arm=7"
@ -40,7 +40,7 @@
owner: root owner: root
mode: "0755" mode: "0755"
- name: Caddyserver - Download caddy webserver (arm64) - name: Caddyserver - Download caddy webserver (arm64)
when: ansible_architecture == "aarch64" when: ansible_facts['architecture'] == "aarch64"
become: true become: true
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://caddyserver.com/api/download?os=linux&arch=arm64" url: "https://caddyserver.com/api/download?os=linux&arch=arm64"

2
tasks/caddy-setup.yml
View file

@ -40,6 +40,6 @@
- name: Caddyserver - Add standard user to www-data group - name: Caddyserver - Add standard user to www-data group
become: true become: true
ansible.builtin.user: ansible.builtin.user:
name: "{{ ansible_user_id }}" name: "{{ ansible_facts['user_id'] }}"
groups: www-data groups: www-data
append: true append: true

6
tasks/cronmails.yml
View file

@ -6,9 +6,9 @@
when: not exim_skip_install when: not exim_skip_install
ansible.builtin.include_tasks: "{{ item }}" ansible.builtin.include_tasks: "{{ item }}"
with_first_found: with_first_found:
- "cronmails-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - "cronmails-{{ ansible_facts['distribution'] }}.{{ ansible_facts['distribution_release'] }}.yml"
- "cronmails-{{ ansible_distribution }}.yml" - "cronmails-{{ ansible_facts['distribution'] }}.yml"
- "cronmails-{{ (override_os_family is defined) | ternary(override_os_family, ansible_os_family) }}.yml" - "cronmails-{{ (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) }}.yml"
ignore_errors: true ignore_errors: true
# Set cronjob env variables/ settings # Set cronjob env variables/ settings

4
tasks/docker-Debian.yml
View file

@ -35,14 +35,14 @@
when: ansible_facts['lsb']['id'] != "Raspbian" when: ansible_facts['lsb']['id'] != "Raspbian"
become: true become: true
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable"
state: present state: present
notify: Update Apt Cache notify: Update Apt Cache
- name: Docker - Add docker CE repo (Raspbian) - name: Docker - Add docker CE repo (Raspbian)
when: ansible_facts['lsb']['id'] == "Raspbian" when: ansible_facts['lsb']['id'] == "Raspbian"
become: true become: true
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/raspbian {{ ansible_facts['distribution_release'] }} stable"
state: present state: present
notify: Update Apt Cache notify: Update Apt Cache

8
tasks/docker.yml
View file

@ -6,14 +6,14 @@
- name: Docker - Install - name: Docker - Install
ansible.builtin.include_tasks: "{{ item }}" ansible.builtin.include_tasks: "{{ item }}"
with_first_found: with_first_found:
- "docker-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - "docker-{{ ansible_facts['distribution'] }}.{{ ansible_facts['distribution_release'] }}.yml"
- "docker-{{ ansible_distribution }}.yml" - "docker-{{ ansible_facts['distribution'] }}.yml"
- "docker-{{ ansible_os_family }}.yml" - "docker-{{ ansible_facts['os_family'] }}.yml"
# Other setup tasks # Other setup tasks
- name: Docker - Add standard user to docker group - name: Docker - Add standard user to docker group
become: true become: true
ansible.builtin.user: ansible.builtin.user:
name: "{{ ansible_user_id }}" name: "{{ ansible_facts['user_id'] }}"
groups: docker groups: docker
append: true append: true

4
tasks/dyndns.yml
View file

@ -13,8 +13,8 @@
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/ddns-hosts.sh" src: "{{ role_path }}/templates/ddns-hosts.sh"
dest: /usr/local/bin/ddns-hosts.sh dest: /usr/local/bin/ddns-hosts.sh
owner: "{{ ansible_user_id }}" owner: "{{ ansible_facts['user_id'] }}"
group: "{{ ansible_user_id }}" group: "{{ ansible_facts['user_id'] }}"
mode: "0775" mode: "0775"
- name: "Dyndns - Create cronjob for {{ ddns_zone }} dynDNS script" - name: "Dyndns - Create cronjob for {{ ddns_zone }} dynDNS script"
become: true become: true

6
tasks/telegraf-Debian.yml
View file

@ -14,12 +14,12 @@
state: present state: present
- name: Telegraf - Add telegraf repo - name: Telegraf - Add telegraf repo
become: true become: true
when: ansible_distribution_release != 'bookworm' when: ansible_facts['distribution_release'] != 'bookworm'
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: "deb https://repos.influxdata.com/debian {{ ansible_distribution_release }} stable" repo: "deb https://repos.influxdata.com/debian {{ ansible_facts['distribution_release'] }} stable"
state: present state: present
- name: Telegraf - Add telegraf repo - name: Telegraf - Add telegraf repo
when: ansible_distribution_release == 'bookworm' when: ansible_facts['distribution_release'] == 'bookworm'
become: true become: true
ansible.builtin.apt_repository: ansible.builtin.apt_repository:
repo: "deb https://repos.influxdata.com/debian bullseye stable" repo: "deb https://repos.influxdata.com/debian bullseye stable"

10
tasks/telegraf.yml
View file

@ -5,9 +5,9 @@
- name: Telegraf - Install telegraf - name: Telegraf - Install telegraf
ansible.builtin.include_tasks: "{{ item }}" ansible.builtin.include_tasks: "{{ item }}"
with_first_found: with_first_found:
- "telegraf-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - "telegraf-{{ ansible_facts['distribution'] }}.{{ ansible_facts['distribution_release'] }}.yml"
- "telegraf-{{ ansible_distribution }}.yml" - "telegraf-{{ ansible_facts['distribution'] }}.yml"
- "telegraf-{{ (override_os_family is defined) | ternary(override_os_family, ansible_os_family) }}.yml" - "telegraf-{{ (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) }}.yml"
# Install SNMP MIBs # Install SNMP MIBs
- name: Telegraf - Install SNMP MIBs - name: Telegraf - Install SNMP MIBs
@ -34,14 +34,14 @@
# Configure # Configure
- name: Telegraf - Copy telegraf config (Linux) - name: Telegraf - Copy telegraf config (Linux)
when: (override_os_family is defined) | ternary(override_os_family, ansible_os_family) != "FreeBSD" when: (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) != "FreeBSD"
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/telegraf.conf.j2" src: "{{ role_path }}/templates/telegraf.conf.j2"
dest: /etc/telegraf/telegraf.conf dest: /etc/telegraf/telegraf.conf
- name: Telegraf - Copy telegraf config (FreeBSD) - name: Telegraf - Copy telegraf config (FreeBSD)
when: (override_os_family is defined) | ternary(override_os_family, ansible_os_family) == "FreeBSD" when: (override_os_family is defined) | ternary(override_os_family, ansible_facts['os_family']) == "FreeBSD"
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: "{{ role_path }}/templates/telegraf.conf.j2" src: "{{ role_path }}/templates/telegraf.conf.j2"

6
templates/sshd_config.j2
View file

@ -18,7 +18,7 @@ LogLevel INFO
# Authentication: # Authentication:
#LoginGraceTime 2m #LoginGraceTime 2m
{% if 'root' == ansible_user_id %} {% if 'root' == ansible_facts['user_id'] %}
PermitRootLogin yes PermitRootLogin yes
{% else %} {% else %}
PermitRootLogin no PermitRootLogin no
@ -64,9 +64,9 @@ UseDNS no
AcceptEnv LANG LC_* AcceptEnv LANG LC_*
# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise. # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
{% if ((override_os_family is defined) | ternary(override_os_family,ansible_os_family)) == 'Centos' %} {% if ((override_os_family is defined) | ternary(override_os_family,ansible_facts['os_family'])) == 'Centos' %}
Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
{% elif ((override_os_family is defined) | ternary(override_os_family,ansible_os_family)) == 'FreeBSD' %} {% elif ((override_os_family is defined) | ternary(override_os_family,ansible_facts['os_family'])) == 'FreeBSD' %}
Subsystem sftp /usr/libexec/sftp-server Subsystem sftp /usr/libexec/sftp-server
{% else %} {% else %}
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

2
templates/telegraf.conf.j2
View file

@ -75,7 +75,7 @@
# ## If true, a field name like 'temp1_input' will be changed to 'temp_input'. # ## If true, a field name like 'temp1_input' will be changed to 'temp_input'.
# # remove_numbers = true # # remove_numbers = true
{% if ansible_lsb.id is defined and ansible_lsb.id == "Raspbian" %} {% if ansible_facts['lsb']['id'] is defined and ansible_facts['lsb']['id'] == "Raspbian" %}
# On Raspbian, get CPU temperature (in millicelsius) # On Raspbian, get CPU temperature (in millicelsius)
[[inputs.exec]] [[inputs.exec]]
commands = ["cat /sys/class/thermal/thermal_zone0/temp"] commands = ["cat /sys/class/thermal/thermal_zone0/temp"]