paul/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Fix ansible-lint failures
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul Brinkmeier 2022-09-15 13:48:59 +02:00
parent 9121b5edc0
commit ef9d3d0beb
7 changed files with 63 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
ansible/playbooks/misc-docker.yaml
View File

@ -1,12 +1,13 @@
--- ---
- hosts: misc - name: Update Docker configuration on shamash
hosts: misc
tasks: tasks:
- name: Add users for running containers - name: Add users for running containers
become: yes become: true
ansible.builtin.user: ansible.builtin.user:
name: "{{ item.name }}" name: "{{ item.name }}"
uid: "{{ item.uid }}" uid: "{{ item.uid }}"
create_home: no create_home: false
state: present state: present
loop: loop:
- name: jupyter - name: jupyter
@ -17,13 +18,13 @@
state: present state: present
# All services that are behind Caddy need to be in this network # All services that are behind Caddy need to be in this network
- name: Create Caddy network - name: Create Caddy network
become: yes become: true
docker_network: docker_network:
name: caddy-network name: caddy-network
state: present state: present
- name: Upload docker configuration - name: Upload docker configuration
become: yes become: true
copy: ansible.builtin.copy:
src: ../../docker src: ../../docker
dest: /etc/pbri dest: /etc/pbri
# Files should inaccessible to non-root users. # Files should inaccessible to non-root users.
@ -31,19 +32,19 @@
# Directories should be listable # Directories should be listable
directory_mode: u=rwx,g=rx,o=rx directory_mode: u=rwx,g=rx,o=rx
- name: Create directory for docker volumes - name: Create directory for docker volumes
become: yes become: true
file: ansible.builtin.file:
path: /var/lib/pbri/docker path: /var/lib/pbri/docker
state: directory state: directory
# Hide contents from non-root users # Hide contents from non-root users
mode: u=rwx,g=,o= mode: u=rwx,g=,o=
- name: Set up docker stuff - name: Set up docker stuff
become: yes become: true
docker_compose: docker_compose:
project_src: "/etc/pbri/docker/{{ item.name }}" project_src: "/etc/pbri/docker/{{ item.name }}"
state: "{{ item.state }}" state: "{{ item.state }}"
build: yes build: true
debug: yes debug: true
loop: loop:
- name: caddy - name: caddy
state: present state: present
@ -54,11 +55,10 @@
- name: codi - name: codi
state: present state: present
- name: Add Notebooks folder - name: Add Notebooks folder
become: yes become: true
ansible.builtin.file: ansible.builtin.file:
path: /home/jupyter/Notebooks path: /home/jupyter/Notebooks
owner: jupyter owner: jupyter
group: jupyter group: jupyter
state: directory state: directory
mode: 0755 mode: 0755

36
ansible/playbooks/misc-setup.yaml
View File

@ -1,39 +1,41 @@
--- ---
- hosts: misc - name: Basic setup for shamash (packages, Docker, Nix, sshd)
hosts: misc
tasks: tasks:
- name: Install basic packages - name: Install basic packages
become: yes become: true
apt: ansible.builtin.apt:
name: name:
- vim - vim
- git - git
- htop - htop
- tmux - tmux
update_cache: yes update_cache: true
tags: tags:
- apt - apt
- include_role: - name: Install and set up Docker and docker-compose
ansible.builtin.include_role:
name: docker name: docker
- include_role: - name: Install and set up Nix
ansible.builtin.include_role:
name: install_nix name: install_nix
- name: Install pip prerequisites - name: Install pip prerequisites
become: yes become: true
apt: ansible.builtin.apt:
name: name:
- python3-pip - python3-pip
- python3-setuptools - python3-setuptools
- python3-virtualenv - python3-virtualenv
- name: Install global python docker package - name: Install global python docker package
become: yes become: true
pip: ansible.builtin.pip:
name: name:
- docker - docker
- docker-compose - docker-compose
- requests - requests
- name: Configure sshd - name: Configure sshd
register: sshdconfig become: true
become: yes ansible.builtin.copy:
copy:
dest: /etc/ssh/sshd_config.d/00_pbri.conf dest: /etc/ssh/sshd_config.d/00_pbri.conf
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
# Included by /etc/ssh/sshd_config before other configuration # Included by /etc/ssh/sshd_config before other configuration
@ -44,9 +46,11 @@
AuthorizedKeysFile .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no PasswordAuthentication no
validate: /usr/sbin/sshd -T -f %s validate: /usr/sbin/sshd -T -f %s
notify:
- Restart sshd
handlers:
- name: Restart sshd - name: Restart sshd
when: sshdconfig.changed ansible.builtin.service:
become: yes
service:
name: sshd name: sshd
state: restarted state: restarted

6
ansible/playbooks/misc-sites.yaml
View File

@ -1,7 +1,9 @@
--- ---
- hosts: misc - name: Check out static sites hosted on shamash
hosts: misc
tasks: tasks:
- include_role: - name: Check out static sites
ansible.builtin.include_role:
name: checkout_static_sites name: checkout_static_sites
vars: vars:
checkout_static_sites: checkout_static_sites:

4
ansible/roles/checkout_static_sites/tasks/main.yaml
View File

@ -1,6 +1,6 @@
--- ---
- name: Create static site directories - name: Create static site directories
become: yes become: true
ansible.builtin.file: ansible.builtin.file:
path: "{{ item.path }}" path: "{{ item.path }}"
state: directory state: directory
@ -9,7 +9,7 @@
group: "{{ item.owner }}" group: "{{ item.owner }}"
loop: "{{ checkout_static_sites.checkouts }}" loop: "{{ checkout_static_sites.checkouts }}"
- name: Check out static site repositories - name: Check out static site repositories
become: yes become: true
become_user: "{{ item.owner }}" become_user: "{{ item.owner }}"
ansible.builtin.git: ansible.builtin.git:
dest: "{{ item.path }}" dest: "{{ item.path }}"

35
ansible/roles/docker/tasks/main.yaml
View File

@ -1,37 +1,40 @@
--- ---
- name: Install Docker installation prerequisites - name: Install Docker installation prerequisites
become: yes become: true
apt: ansible.builtin.apt:
update_cache: yes update_cache: true
state: latest # Don't upgrade, only make sure that the packages are present
# state: latest
name: name:
- ca-certificates - ca-certificates
- curl - curl
- gnupg - gnupg
- lsb-release - lsb-release
- name: Add Docker GPG key - name: Add Docker GPG key # noqa command-instead-of-module risky-shell-pipe
become: yes become: true
shell: "curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg" ansible.builtin.shell: "curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg"
args: args:
creates: /usr/share/keyrings/docker-archive-keyring.gpg creates: /usr/share/keyrings/docker-archive-keyring.gpg
- name: Retrieve dpkg architecture - name: Retrieve dpkg architecture # noqa command-instead-of-shell
shell: dpkg --print-architecture ansible.builtin.shell: dpkg --print-architecture
register: dpkg_architecture register: dpkg_architecture
changed_when: False changed_when: false
- name: Add Docker apt repository - name: Add Docker apt repository
become: yes become: true
template: ansible.builtin.template:
src: docker.list.j2 src: docker.list.j2
dest: /etc/apt/sources.list.d/docker.list dest: /etc/apt/sources.list.d/docker.list
mode: 0644
- name: Install Docker - name: Install Docker
become: yes become: true
apt: ansible.builtin.apt:
update_cache: yes update_cache: true
state: latest # Don't upgrade, only make sure that the packages are present
# state: latest
name: name:
- docker-ce - docker-ce
- docker-ce-cli - docker-ce-cli

2
ansible/roles/install_nix/tasks/main.yaml
View File

@ -1,7 +1,7 @@
--- ---
# Obvious race condition here that we are just going to ignore # Obvious race condition here that we are just going to ignore
- name: Copy Nix installation script - name: Copy Nix installation script
become: yes become: true
ansible.builtin.copy: ansible.builtin.copy:
src: install-nix src: install-nix
dest: /etc/pbri/install-nix dest: /etc/pbri/install-nix