diff --git a/README.md b/README.md index 1f9303a..3b0f6cf 100644 --- a/README.md +++ b/README.md @@ -86,46 +86,46 @@ The different tasks should be used on a case-by-case basis: hosts: servers tasks: - name: Servers - Generic setup tasks - import_role: + ansible.builtin.import_role: name: server tasks_from: setup - name: Servers - Setup cronjob mails - import_role: + ansible.builtin.import_role: name: server tasks_from: cronmails - name: Servers - Setup dyndns cronjob - import_role: + ansible.builtin.import_role: name: server tasks_from: dyndns - name: Servers - Setup monitoring - import_role: + ansible.builtin.import_role: name: server tasks_from: telegraf - name: Servers - Setup backups (if variables are set) - import_role: + ansible.builtin.import_role: name: server tasks_from: borgbackup # Docker - name: Servers - Install docker - import_role: + ansible.builtin.import_role: name: server tasks_from: docker - name: Servers - Add telegraf to docker group become: yes - user: + ansible.builtin.user: name: telegraf groups: docker append: yes # Caddy Webserver - name: Servers - Install and setup caddy - import_role: + ansible.builtin.import_role: name: server tasks_from: caddyserver - name: Servers - Start caddy service become: yes - service: + ansible.builtin.service: name: caddy enabled: yes state: started @@ -133,7 +133,7 @@ The different tasks should be used on a case-by-case basis: # UFW Firewall - name: Servers - Install UFW become: yes - apt: + ansible.builtin.apt: name: ufw state: present ``` diff --git a/handlers/main.yml b/handlers/main.yml index 992b63c..8282c47 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,25 +3,25 @@ - name: Restart sshd become: yes - service: + ansible.builtin.service: name: ssh state: restarted - name: Enable caddy become: yes - service: + ansible.builtin.service: name: caddy enabled: yes - name: Restart caddy become: yes - service: + ansible.builtin.service: name: caddy state: restarted - name: Enable and restart caddy become: yes - service: + ansible.builtin.service: name: caddy state: restarted enabled: yes diff --git a/tasks/borgbackup-Debian-stretch.yml b/tasks/borgbackup-Debian-stretch.yml index e6a6c54..30ae68d 100644 --- a/tasks/borgbackup-Debian-stretch.yml +++ b/tasks/borgbackup-Debian-stretch.yml @@ -9,7 +9,7 @@ - name: borgbackup - Add debian repo key become: yes - apt_key: + ansible.builtin.apt_key: keyserver: pgpkeys.mit.edu id: 8B48AD6246925553 state: present @@ -17,14 +17,14 @@ - ansible_distribution_release == 'stretch' - name: borgbackup - Add stretch-backports become: yes - apt_repository: + ansible.builtin.apt_repository: repo: deb http://ftp.debian.org/debian stretch-backports main state: present when: - ansible_distribution_release == 'stretch' - name: borgbackup - Install borgbackup from stretch-backports become: yes - apt: + ansible.builtin.apt: name: borgbackup state: latest default_release: stretch-backports diff --git a/tasks/borgbackup-Debian.yml b/tasks/borgbackup-Debian.yml index ddf0669..00cc2bc 100644 --- a/tasks/borgbackup-Debian.yml +++ b/tasks/borgbackup-Debian.yml @@ -9,7 +9,7 @@ - name: borgbackup - Install borgbackup become: yes - apt: + ansible.builtin.apt: name: borgbackup state: present when: diff --git a/tasks/borgbackup.yml b/tasks/borgbackup.yml index 1e071e7..bedc692 100644 --- a/tasks/borgbackup.yml +++ b/tasks/borgbackup.yml @@ -6,7 +6,7 @@ # - borgbackup_hostname - name: borgbackup - Install - include_tasks: "{{ item }}" + ansible.builtin.include_tasks: "{{ item }}" with_first_found: - "borgbackup-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - "borgbackup-{{ ansible_distribution }}.yml" @@ -20,7 +20,7 @@ # copy backup script and enable cronjob - name: borgbackup - Copy Borgbackup script become: yes - template: + ansible.builtin.template: src: "{{ role_path }}/templates/borgbackup.sh" dest: /usr/local/bin/borgbackup.sh owner: "{{ ansible_user_id }}" @@ -32,7 +32,7 @@ - borgbackup_hostname is defined - name: borgbackup - Run Borgbackup script at 1:00 daily become: yes - cron: + ansible.builtin.cron: name: "Create Backup" minute: "0" hour: "1" @@ -47,12 +47,12 @@ block: - name: borgbackup - Remove Borgbackup script if no borgbackup config become: yes - file: + ansible.builtin.file: path: /usr/local/bin/borgbackup.sh state: absent - name: borgbackup - Remove Cronjob if no borgbackup config become: yes - cron: + ansible.builtin.cron: name: "Create Backup" minute: "0" hour: "1" diff --git a/tasks/caddy-install.yml b/tasks/caddy-install.yml index 45b60c2..c344eb9 100644 --- a/tasks/caddy-install.yml +++ b/tasks/caddy-install.yml @@ -2,12 +2,12 @@ # Server/Caddyserver-Install: Install/Update Caddy Webserver (with some modules) - name: caddyserver - Create cache directory - file: + ansible.builtin.file: path: "{{ caddy_cachedir }}" state: directory - name: caddyserver - Get all caddy releases - get_url: + ansible.builtin.get_url: url: https://api.github.com/repos/caddyserver/caddy/git/refs/tags dest: "{{ caddy_cachedir }}/releases.txt" force: yes @@ -16,13 +16,13 @@ - name: caddyserver - Install or update block: - name: caddyserver - Make temp download directory - file: + ansible.builtin.file: path: "{{ caddy_cachedir }}/tmp" state: directory - name: caddyserver - Download caddy webserver (amd64) become: yes - get_url: + ansible.builtin.get_url: url: "https://caddyserver.com/api/download?os=linux&arch=amd64" dest: "{{ caddy_cachedir }}/tmp/caddy" group: root @@ -31,7 +31,7 @@ when: ansible_architecture == "x86_64" - name: caddyserver - Download caddy webserver (armv7/ raspberry pi) become: yes - get_url: + ansible.builtin.get_url: url: "https://caddyserver.com/api/download?os=linux&arch=arm&arm=7" dest: "{{ caddy_cachedir }}/tmp/caddy" group: root @@ -40,7 +40,7 @@ when: ansible_architecture == "armv7l" - name: caddyserver - Download caddy webserver (arm64) become: yes - get_url: + ansible.builtin.get_url: url: "https://caddyserver.com/api/download?os=linux&arch=arm64" dest: "{{ caddy_cachedir }}/tmp/caddy" group: root @@ -50,17 +50,17 @@ - name: caddyserver - Stop caddy become: yes - service: + ansible.builtin.service: name: caddy state: stopped ignore_errors: yes - name: caddyserver - Copy caddy to a PATH location become: yes - shell: "cp {{ caddy_cachedir }}/tmp/caddy /usr/local/bin" + ansible.builtin.shell: "cp {{ caddy_cachedir }}/tmp/caddy /usr/local/bin" - name: caddyserver - Clean up download files become: yes - file: + ansible.builtin.file: path: "{{ caddy_cachedir }}/tmp" state: absent when: caddy_releases_cache.changed diff --git a/tasks/caddy-setup.yml b/tasks/caddy-setup.yml index 69f9973..c720457 100644 --- a/tasks/caddy-setup.yml +++ b/tasks/caddy-setup.yml @@ -3,7 +3,7 @@ - name: caddyserver - Add www-data system user become: yes - user: + ansible.builtin.user: name: www-data create_home: no system: yes @@ -11,7 +11,7 @@ state: present - name: caddyserver - Add Caddy directories become: yes - file: + ansible.builtin.file: path: "{{ item }}" state: directory owner: www-data @@ -22,7 +22,7 @@ - /etc/caddy - name: caddyserver - Add Caddy home directory become: yes - file: + ansible.builtin.file: path: /var/www state: directory owner: www-data @@ -30,7 +30,7 @@ mode: 0555 - name: caddyserver - Copy Caddy systemd service file become: yes - template: + ansible.builtin.template: src: "{{ role_path }}/templates/caddy.service" dest: /etc/systemd/system/caddy.service owner: root @@ -39,7 +39,7 @@ - name: caddyserver - Add standard user to www-data group become: yes - user: + ansible.builtin.user: name: "{{ ansible_user_id }}" groups: www-data append: yes diff --git a/tasks/caddyserver.yml b/tasks/caddyserver.yml index 0901cb7..76a3ce4 100644 --- a/tasks/caddyserver.yml +++ b/tasks/caddyserver.yml @@ -3,8 +3,8 @@ # ATTENTION: No Caddyfile is created yet and caddy is not enabled or started! - name: caddyserver - Install caddy server - include_tasks: "caddy-install.yml" + ansible.builtin.include_tasks: "caddy-install.yml" - name: caddyserver - Setup caddy server - include_tasks: "caddy-setup.yml" + ansible.builtin.include_tasks: "caddy-setup.yml" when: caddy_email is defined diff --git a/tasks/cronmails-Centos.yml b/tasks/cronmails-Centos.yml index 4aa940e..3eadedd 100644 --- a/tasks/cronmails-Centos.yml +++ b/tasks/cronmails-Centos.yml @@ -4,7 +4,7 @@ # Install exim - name: cronmails - Install exim4 as MTA become: yes - yum: + ansible.builtin.yum: name: "{{ packages }}" state: present vars: @@ -14,29 +14,29 @@ # Configure exim - name: cronmails - Create exim config folder become: yes - file: + ansible.builtin.file: path: /etc/exim state: directory # TODO: exim config works quite differently on CentOS compared to Debian!!! # # - name: cronmails - Copy exim config template # # become: yes -# # copy: +# # ansible.builtin.copy: # # src: "{{ role_path }}/files/exim4.conf.template" # # dest: /etc/exim/exim.conf.template # # register: cronmails_conftmp_update # # - name: cronmails - Copy exim config file # # become: yes -# # template: +# # ansible.builtin.template: # # src: "{{ role_path }}/templates/update-exim4.conf.conf" # # dest: /etc/exim/update-exim.conf.conf # # register: cronmails_conffile_update # # - name: cronmails - Run update-exim.conf # # become: yes -# # shell: "update-exim.conf" +# # ansible.builtin.shell: "update-exim.conf" # # when: cronmails_conftmp_update.changed or cronmails_conffile_update.changed # - name: cronmails - Enable and start exim # become: yes -# service: +# ansible.builtin.service: # name: exim # state: started # enabled: yes diff --git a/tasks/cronmails-Debian.yml b/tasks/cronmails-Debian.yml index 5adb7df..224eb5b 100644 --- a/tasks/cronmails-Debian.yml +++ b/tasks/cronmails-Debian.yml @@ -4,7 +4,7 @@ # Install exim - name: cronmails - Install exim4 as MTA become: yes - apt: + ansible.builtin.apt: name: "{{ packages }}" state: present vars: @@ -15,28 +15,28 @@ # Configure exim - name: cronmails - Create exim4 config folder become: yes - file: + ansible.builtin.file: path: /etc/exim4 state: directory - name: cronmails - Copy exim4 config template become: yes - copy: + ansible.builtin.copy: src: "{{ role_path }}/files/exim4.conf.template" dest: /etc/exim4/exim4.conf.template register: cronmails_conftmp_update - name: cronmails - Copy exim4 config file become: yes - template: + ansible.builtin.template: src: "{{ role_path }}/templates/update-exim4.conf.conf" dest: /etc/exim4/update-exim4.conf.conf register: cronmails_conffile_update - name: cronmails - Run update-exim4.conf become: yes - shell: "update-exim4.conf" + ansible.builtin.shell: "update-exim4.conf" when: cronmails_conftmp_update.changed or cronmails_conffile_update.changed - name: cronmails - Enable and start exim4 become: yes - service: + ansible.builtin.service: name: exim4 state: started enabled: yes diff --git a/tasks/cronmails.yml b/tasks/cronmails.yml index 3841aa2..0107780 100644 --- a/tasks/cronmails.yml +++ b/tasks/cronmails.yml @@ -3,7 +3,7 @@ # Install and configure exim - name: cronmails - Install exim4 - include_tasks: "{{ item }}" + ansible.builtin.include_tasks: "{{ item }}" with_first_found: - "cronmails-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - "cronmails-{{ ansible_distribution }}.yml" @@ -13,13 +13,13 @@ # Set cronjob env variables/ settings - name: cronmails - Crontab set path become: yes - cron: + ansible.builtin.cron: name: PATH env: yes value: /bin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin - name: cronmails - Crontab set mailto become: yes - cron: + ansible.builtin.cron: name: MAILTO env: yes value: "{{ cron_email }}" diff --git a/tasks/docker-Debian.yml b/tasks/docker-Debian.yml index 123e8d1..3437c70 100644 --- a/tasks/docker-Debian.yml +++ b/tasks/docker-Debian.yml @@ -5,13 +5,13 @@ # Detect some more host facts - name: docker - Detect architecture - shell: dpkg --print-architecture + ansible.builtin.shell: dpkg --print-architecture register: dpkg_arch # Install docker CE - name: docker - Install docker CE APT dependencies become: yes - apt: + ansible.builtin.apt: name: "{{ packages }}" state: present vars: @@ -23,27 +23,27 @@ - software-properties-common - name: docker - Add docker CE repo key become: yes - apt_key: + ansible.builtin.apt_key: url: https://download.docker.com/linux/debian/gpg state: present # IMPORTANT: raspbian needs deb [arch=armhf] https://download.docker.com/linux/raspbian ... - name: docker - Add docker CE repo (Debian) become: yes - apt_repository: + ansible.builtin.apt_repository: repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" state: present when: ansible_facts['lsb']['id'] != "Raspbian" - name: docker - Add docker CE repo (Raspbian) become: yes - apt_repository: + ansible.builtin.apt_repository: repo: "deb [arch={{ dpkg_arch.stdout }}] https://download.docker.com/linux/raspbian {{ ansible_distribution_release }} stable" state: present when: ansible_facts['lsb']['id'] == "Raspbian" - name: docker - Install docker CE become: yes - apt: + ansible.builtin.apt: name: docker-ce state: latest install_recommends: no @@ -54,14 +54,14 @@ # docker only provides pre-compiled binaries for x86_64, but not for armhf/ arm64! # but ansible needs the python package anyway - name: docker-compose - Discover if ARM is used - set_fact: + ansible.builtin.set_fact: dockercompose_use_pip: true when: ansible_architecture == "aarch64" or ansible_architecture == "armv7l" - name: docker-compose - Install x86_46 binary block: - name: docker-compose - Get version number of stable - shell: | + ansible.builtin.shell: | curl -s https://api.github.com/repos/docker/compose/releases/latest \ | grep tag_name \ | cut -d '"' -f 4 @@ -70,13 +70,13 @@ register: latest_dc_version - name: docker-compose - Download and install become: yes - get_url: + ansible.builtin.get_url: url: "https://github.com/docker/compose/releases/download/{{ latest_dc_version.stdout }}/docker-compose-Linux-x86_64" dest: /usr/local/bin/docker-compose force: yes # otherwise updates will not be downloaded - name: docker-compose - Make docker-compose executable become: yes - file: + ansible.builtin.file: path: /usr/local/bin/docker-compose mode: 0755 when: dockercompose_use_pip == false and ansible_architecture == "x86_64" @@ -84,7 +84,7 @@ block: - name: docker-compose - Install requirements become: yes - apt: + ansible.builtin.apt: name: "{{ packages }}" state: present vars: @@ -93,7 +93,7 @@ - python3-setuptools - name: docker-compose - Install using pip3 become: yes - pip: + ansible.builtin.pip: name: docker-compose executable: pip3 when: dockercompose_use_pip == true diff --git a/tasks/docker.yml b/tasks/docker.yml index c067921..1e45cae 100644 --- a/tasks/docker.yml +++ b/tasks/docker.yml @@ -4,7 +4,7 @@ # - dockercompose_use_pip: boolean to use pip instead of manual download (default: false) - name: docker - Install - include_tasks: "{{ item }}" + ansible.builtin.include_tasks: "{{ item }}" with_first_found: - "docker-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - "docker-{{ ansible_distribution }}.yml" @@ -13,7 +13,7 @@ # Other setup tasks - name: docker - Add standard user to docker group become: yes - user: + ansible.builtin.user: name: "{{ ansible_user_id }}" groups: docker append: yes diff --git a/tasks/dyndns.yml b/tasks/dyndns.yml index 4836af7..8505bc2 100644 --- a/tasks/dyndns.yml +++ b/tasks/dyndns.yml @@ -3,13 +3,13 @@ - name: dyndns - Install needed tools become: yes - package: + ansible.builtin.package: name: curl state: present - name: dyndns - Copy dynDNS script become: yes - template: + ansible.builtin.template: src: "{{ role_path }}/templates/ddns-hosts.sh" dest: /usr/local/bin/ddns-hosts.sh owner: "{{ ansible_user_id }}" @@ -17,7 +17,7 @@ mode: 0775 - name: "dyndns - Create cronjob for {{ ddns_zone }} dynDNS script" become: yes - cron: + ansible.builtin.cron: name: "{{ ddns_zone }} dynDNS" minute: "*/5" hour: "*" diff --git a/tasks/main.yml b/tasks/main.yml index d5eb939..e5fec06 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -4,7 +4,7 @@ # Activate them on a case-by-case basis. - name: Basic setup - import_tasks: setup.yml + ansible.builtin.import_tasks: setup.yml - name: Setup cronjob mails - import_tasks: cronmails.yml + ansible.builtin.import_tasks: cronmails.yml diff --git a/tasks/setup.yml b/tasks/setup.yml index dd065f2..8e64220 100644 --- a/tasks/setup.yml +++ b/tasks/setup.yml @@ -4,7 +4,7 @@ # SSH - name: setup - Copy sshd_config become: yes - template: + ansible.builtin.template: src: "{{ role_path }}/templates/sshd_config.j2" dest: "/etc/ssh/sshd_config" backup: yes diff --git a/tasks/telegraf-Centos.yml b/tasks/telegraf-Centos.yml index 1659a2c..ee9babe 100644 --- a/tasks/telegraf-Centos.yml +++ b/tasks/telegraf-Centos.yml @@ -3,7 +3,7 @@ - name: telegraf - Add telegraf repo become: yes - yum_repository: + ansible.builtin.yum_repository: name: influxdb description: InfluxDB Repository baseurl: https://repos.influxdata.com/rhel/\$releasever/\$basearch/stable @@ -12,7 +12,7 @@ gpgkey: https://repos.influxdata.com/influxdb.key - name: telegraf - Install telegraf become: yes - yum: + ansible.builtin.yum: name: telegraf state: latest update_cache: yes diff --git a/tasks/telegraf-Debian.yml b/tasks/telegraf-Debian.yml index a7b22ad..35c7d8e 100644 --- a/tasks/telegraf-Debian.yml +++ b/tasks/telegraf-Debian.yml @@ -3,22 +3,22 @@ - name: telegraf - Install apt-transport-https become: yes - apt: + ansible.builtin.apt: name: apt-transport-https state: present - name: telegraf - Add telegraf repo key become: yes - apt_key: + ansible.builtin.apt_key: url: https://repos.influxdata.com/influxdb.key state: present - name: telegraf - Add telegraf repo become: yes - apt_repository: + ansible.builtin.apt_repository: repo: "deb https://repos.influxdata.com/debian {{ ansible_distribution_release }} stable" state: present - name: telegraf - Install telegraf become: yes - apt: + ansible.builtin.apt: name: telegraf state: latest update_cache: yes @@ -27,7 +27,7 @@ # Install SNMP utilities for telegraf monitoring - name: telegraf - Install SNMP utilities become: yes - apt: + ansible.builtin.apt: name: "{{ packages }}" state: present vars: diff --git a/tasks/telegraf.yml b/tasks/telegraf.yml index e499a96..9af18e9 100644 --- a/tasks/telegraf.yml +++ b/tasks/telegraf.yml @@ -3,7 +3,7 @@ # Install - name: telegraf - Install telegraf - include_tasks: "{{ item }}" + ansible.builtin.include_tasks: "{{ item }}" with_first_found: - "telegraf-{{ ansible_distribution }}.{{ ansible_distribution_release }}.yml" - "telegraf-{{ ansible_distribution }}.yml" @@ -14,19 +14,19 @@ become: yes block: - name: SNMP - Download and install Ubiquiti MIB - copy: + ansible.builtin.copy: src: "{{ role_path }}/files/UBNT-MIB.txt" dest: /usr/share/snmp/mibs/UBNT-MIB - name: SNMP - Download and install Ubiquiti MIB - copy: + ansible.builtin.copy: src: "{{ role_path }}/files/UBNT-AirMAX-MIB.txt" dest: /usr/share/snmp/mibs/UBNT-AirMAX-MIB - name: SNMP - Download and install UniFi MIB - copy: + ansible.builtin.copy: src: "{{ role_path }}/files/UBNT-UniFi-MIB.txt" dest: /usr/share/snmp/mibs/UBNT-UniFi-MIB - name: SNMP - Setup snmp.conf - lineinfile: + ansible.builtin.lineinfile: name: /etc/snmp/snmp.conf line: mibs +ALL create: yes @@ -35,21 +35,21 @@ # Configure - name: telegraf - Copy telegraf config (Linux) become: yes - template: + ansible.builtin.template: src: "{{ role_path }}/templates/telegraf.conf.j2" dest: /etc/telegraf/telegraf.conf when: (override_os_family is defined) | ternary(override_os_family,ansible_os_family) != "FreeBSD" - name: telegraf - Copy telegraf config (FreeBSD) become: yes - template: + ansible.builtin.template: src: "{{ role_path }}/templates/telegraf.conf.j2" dest: /usr/local/etc/telegraf.conf when: (override_os_family is defined) | ternary(override_os_family,ansible_os_family) == "FreeBSD" - name: telegraf - Enable and restart telegraf become: yes - service: + ansible.builtin.service: name: telegraf state: restarted enabled: yes