jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-23 21:53:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2023-07-19 18:00

Browse Source
This commit is contained in:
Daniel Berteaud 2023-07-19 18:00:26 +02:00
parent a47b4985b2
commit 46009264eb
14 changed files with 38 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/consul/templates/consul.hcl.j2
View File

@ -102,7 +102,7 @@ acl {
{% endfor %} {% endfor %}
default_policy = "{{ consul_conf.acl.default_policy }}" default_policy = "{{ consul_conf.acl.default_policy }}"
tokens { tokens {
{% for key in ['initial_management', 'default', 'agent', 'agent_recovery', 'replication'] %} {% for key in ['initial_management', 'default', 'agent', 'agent_recovery', 'replication', 'config_file_service_registration'] %}
{% if consul_conf.acl.tokens[key] is defined %} {% if consul_conf.acl.tokens[key] is defined %}
{{ key }} = "{{ consul_conf.acl.tokens[key] }}" {{ key }} = "{{ consul_conf.acl.tokens[key] }}"
{% endif %} {% endif %}

9
roles/consul/templates/reload.hcl.j2
View File

@ -9,9 +9,12 @@ node_meta {
{% for service in consul_catalog_services.keys() | list %} {% for service in consul_catalog_services.keys() | list %}
services { services {
id = "{{ service }}" id = "{{ service }}"
name = "{{ consul_extra_catalog_services[service].name }}" name = "{{ consul_catalog_services[service].name }}"
address = "{{ consul_extra_catalog_services[service].address }}" address = "{{ consul_catalog_services[service].address }}"
port = {{ consul_extra_catalog_services[service].port }} port = {{ consul_catalog_services[service].port }}
{% if consul_catalog_services[service].token is defined %}
token = "{{ consul_catalog_services[service].token }}"
{% endif %}
} }
{% endfor %} {% endfor %}

4
roles/gitea/defaults/main.yml
View File

@ -1,11 +1,11 @@
--- ---
# Version to install # Version to install
gitea_version: 1.19.4 gitea_version: 1.20.0
# URL to the binary # URL to the binary
gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64 gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
# sha256 of the binary # sha256 of the binary
gitea_bin_sha256: bf68e8e39c70dc54a7876527d463b517f8af51a2d2924511cd047f479cd8aefd gitea_bin_sha256: a4db83051bcd5019ecb7879301f849a6513a5c074f1f684be1b39135747c70c9
# Handle updates. If set to false, ansible will only install # Handle updates. If set to false, ansible will only install
# Gitea and then won't touch an existing installation # Gitea and then won't touch an existing installation
gitea_manage_upgrade: True gitea_manage_upgrade: True

4
roles/gitea/templates/app.ini.j2
View File

@ -24,12 +24,14 @@ ROOT_URL = {{ gitea_public_url }}
DISABLE_SSH = false DISABLE_SSH = false
SSH_PORT = {{ gitea_ssh_port }} SSH_PORT = {{ gitea_ssh_port }}
LFS_START_SERVER = true LFS_START_SERVER = true
LFS_CONTENT_PATH = {{ gitea_root_dir }}/data/lfs
LFS_JWT_SECRET = {{ gitea_tokens.results | selectattr('item','equalto','LFS_JWT_SECRET') | map(attribute='stdout') | first | string }} LFS_JWT_SECRET = {{ gitea_tokens.results | selectattr('item','equalto','LFS_JWT_SECRET') | map(attribute='stdout') | first | string }}
OFFLINE_MODE = true OFFLINE_MODE = true
STATIC_ROOT_PATH = {{ gitea_root_dir }} STATIC_ROOT_PATH = {{ gitea_root_dir }}
LANDING_PAGE = explore LANDING_PAGE = explore
[LFS]
PATH = {{ gitea_root_dir }}/data/lfs
[oauth2] [oauth2]
JWT_SECRET = {{ gitea_tokens.results | selectattr('item','equalto','JWT_SECRET') | map(attribute='stdout') | first | string }} JWT_SECRET = {{ gitea_tokens.results | selectattr('item','equalto','JWT_SECRET') | map(attribute='stdout') | first | string }}

2
roles/gitea/templates/gitea.service.j2
View File

@ -4,7 +4,7 @@ After=syslog.target
After=network.target After=network.target
[Service] [Service]
Type=simple Type=notify
User=gitea User=gitea
Group=gitea Group=gitea
WorkingDirectory={{ gitea_root_dir }} WorkingDirectory={{ gitea_root_dir }}

4
roles/matrix_element/defaults/main.yml
View File

@ -5,8 +5,8 @@
element_id: element element_id: element
# Version to deploy, and expected sha256 # Version to deploy, and expected sha256
element_version: 1.11.35 element_version: 1.11.36
element_archive_sha256: b17c11950dbc41c8f9a3c2f89440335d5862432e1b028f6d8529c319099002f6 element_archive_sha256: ee6f3e1d9350bd64b4751d5b1cd25a19f38577734e177650bd982d261555a905
# Where to install element # Where to install element
element_root_dir: /opt/matrix/element element_root_dir: /opt/matrix/element

2
roles/matrix_synapse/defaults/main.yml
View File

@ -1,7 +1,7 @@
--- ---
# Synapse version to deploy # Synapse version to deploy
synapse_version: '1.87.0' synapse_version: '1.88.0'
# Should ansible handle Synapse upgrades ? If false, only initial install will be done # Should ansible handle Synapse upgrades ? If false, only initial install will be done
synapse_manage_upgrade: True synapse_manage_upgrade: True

4
roles/sftpgo/defaults/main.yml
View File

@ -1,11 +1,11 @@
--- ---
# Version to deploy # Version to deploy
sftpgo_version: 2.5.3 sftpgo_version: 2.5.4
# URL of the archive # URL of the archive
sftpgo_archive_url: https://github.com/drakkan/sftpgo/releases/download/v{{ sftpgo_version }}/sftpgo_v{{ sftpgo_version }}_linux_x86_64.tar.xz sftpgo_archive_url: https://github.com/drakkan/sftpgo/releases/download/v{{ sftpgo_version }}/sftpgo_v{{ sftpgo_version }}_linux_x86_64.tar.xz
# Expected sha1 of the archive # Expected sha1 of the archive
sftpgo_archive_sha256: d4b97469052bc67cdc8d833d81a854669e7c3c0d9159de6ca2c2614694dc1c07 sftpgo_archive_sha256: f2b18ff11d4720c9dc1feb9c688c6b1030afbfda4c2ae553fec58d92e97384e1
# Should ansible handle upgrades ? If False, only initial install will be done # Should ansible handle upgrades ? If False, only initial install will be done
sftpgo_manage_upgrade: True sftpgo_manage_upgrade: True

4
roles/squid/files/acl/software_various.domains
View File

@ -390,3 +390,7 @@ releases.hashicorp.com
# COPR repositories # COPR repositories
download.copr.fedorainfracloud.org download.copr.fedorainfracloud.org
# TrueNAS
update.ixsystems.com
update.freenas.org

2
roles/taiga/tasks/install.yml
View File

@ -38,6 +38,8 @@
name: name:
- pip - pip
- wheel - wheel
- reportlab
- svglib
virtualenv: "{{ taiga_root_dir }}/venv" virtualenv: "{{ taiga_root_dir }}/venv"
virtualenv_command: /bin/python3.9 -m venv virtualenv_command: /bin/python3.9 -m venv

16
roles/vault_agent/templates/nomad/agent_bundle.pem.tpl.j2
View File

@ -1,11 +1,11 @@
[[ with pkiCert "{{ vault_agent_nomad.nomad_pki.path }}/issue/{{ vault_agent_nomad.nomad_pki.role }}" "common_name={{ (nomad_conf.server.enabled) | ternary('server', 'client') }}-{{ ansible_fqdn | regex_replace('\\.', '-') }}.{{ nomad_conf.region | default('global') }}.nomad" "alt_names=localhost,{{ (nomad_conf.server.enabled) | ternary('server', 'client') }}.{{ nomad_conf.region | default('global') }}.nomad{% if nomad_conf.server.enabled and nomad_conf.client.enabled %},client.{{ nomad_conf.region | default('global') }}.nomad{% endif %}{% if consul_conf is defined %},nomad{{ nomad_conf.server.enabled | ternary('', '-client') }}.service.{{ consul_conf.domain | default('consul') }}{% if consul_conf is defined and consul_conf.alt_domain is defined %},nomad{{ nomad_conf.server.enabled | ternary('', '-client') }}.service.{{ consul_conf.alt_domain }}{% endif %}{% endif %}"{% if nomad_vault_secrets.pki.ttl is defined %} "ttl={{ vault_agent_nomad.nomad_pki.ttl }}"{% endif %} ]] [[- with pkiCert "{{ vault_agent_nomad.nomad_pki.path }}/issue/{{ vault_agent_nomad.nomad_pki.role }}" "common_name={{ (nomad_conf.server.enabled) | ternary('server', 'client') }}-{{ ansible_fqdn | regex_replace('\\.', '-') }}.{{ nomad_conf.region | default('global') }}.nomad" "alt_names=localhost,{{ (nomad_conf.server.enabled) | ternary('server', 'client') }}.{{ nomad_conf.region | default('global') }}.nomad{% if nomad_conf.server.enabled and nomad_conf.client.enabled %},client.{{ nomad_conf.region | default('global') }}.nomad{% endif %}{% if consul_conf is defined %},nomad{{ nomad_conf.server.enabled | ternary('', '-client') }}.service.{{ consul_conf.domain | default('consul') }}{% if consul_conf is defined and consul_conf.alt_domain is defined %},nomad{{ nomad_conf.server.enabled | ternary('', '-client') }}.service.{{ consul_conf.alt_domain }}{% endif %}{% endif %}"{% if nomad_vault_secrets.pki.ttl is defined %} "ttl={{ vault_agent_nomad.nomad_pki.ttl }}"{% endif %} -]]
[[ .CA ]] [[ .CA ]]
[[ .Cert ]] [[ .Cert ]]
[[ .Key ]] [[ .Key ]]
[[ .Cert | writeToFile "{{ nomad_conf.tls.cert_file }}" "root" "{{ nomad_user }}" "0644" ]] [[- .Cert | writeToFile "{{ nomad_conf.tls.cert_file }}" "root" "{{ nomad_user }}" "0644" -]]
[[ .CA | writeToFile "{{ nomad_conf.tls.cert_file }}" "" "" "0644" "append,newline" ]] [[- .CA | writeToFile "{{ nomad_conf.tls.cert_file }}" "" "" "0644" "append,newline" -]]
[[ .Key | writeToFile "{{ nomad_conf.tls.key_file }}" "root" "{{ nomad_user }}" "0640" ]] [[- .Key | writeToFile "{{ nomad_conf.tls.key_file }}" "root" "{{ nomad_user }}" "0640" -]]
[[ end ]] [[- end ]]
[[ with secret "{{ vault_agent_nomad.nomad_pki.path }}/cert/ca_chain" ]] [[- with secret "{{ vault_agent_nomad.nomad_pki.path }}/cert/ca_chain" ]]
[[ .Data.certificate | writeToFile "{{ nomad_conf.tls.ca_file }}" "{{ nomad_user }}" "{{ nomad_user }}" "0644" ]] [[ .Data.certificate | writeToFile "{{ nomad_conf.tls.ca_file }}" "{{ nomad_user }}" "{{ nomad_user }}" "0644" -]]
[[ end ]] [[- end -]]

8
roles/vault_agent/templates/nomad/cli_bundle.pem.tpl.j2
View File

@ -1,6 +1,6 @@
[[ with pkiCert "{{ vault_agent_nomad.nomad_pki.path }}/issue/{{ vault_agent_nomad.nomad_pki.role }}" "common_name=cli-{{ ansible_fqdn | regex_replace('\\.', '-') }}.{{ nomad_conf.region | default('global') }}.nomad" ]] [[- with pkiCert "{{ vault_agent_nomad.nomad_pki.path }}/issue/{{ vault_agent_nomad.nomad_pki.role }}" "common_name=cli-{{ ansible_fqdn | regex_replace('\\.', '-') }}.{{ nomad_conf.region | default('global') }}.nomad" -]]
[[ .Cert ]] [[ .Cert ]]
[[ .Key ]] [[ .Key ]]
[[ .Cert | writeToFile "{{ nomad_root_dir }}/tls/cli.crt" "{{ nomad_user }}" "{{ nomad_user }}" "0644" ]] [[- .Cert | writeToFile "{{ nomad_root_dir }}/tls/cli.crt" "{{ nomad_user }}" "{{ nomad_user }}" "0644" -]]
[[ .Key | writeToFile "{{ nomad_root_dir }}/tls/cli.key" "{{ nomad_user }}" "{{ nomad_user }}" "0640" ]] [[- .Key | writeToFile "{{ nomad_root_dir }}/tls/cli.key" "{{ nomad_user }}" "{{ nomad_user }}" "0640" -]]
[[ end ]] [[- end -]]

2
roles/vault_agent/templates/nomad/update_nomad_cert.sh.j2
View File

@ -2,7 +2,7 @@
set -eo pipefail set -eo pipefail
VAULT_ADDR={{ vault_agent_vault_address }} VAULT_ADDR=https://{{ inventory_hostname }}:{{ vault_services.api.port | default('8200') }}
VAULT_STATUS=$(vault status -format=json) VAULT_STATUS=$(vault status -format=json)
if [ "$(echo ${VAULT_STATUS} | jq .is_self)" != "true" ]; then if [ "$(echo ${VAULT_STATUS} | jq .is_self)" != "true" ]; then

2
roles/vault_agent/templates/vault-agent.hcl.j2
View File

@ -27,7 +27,7 @@ auto_auth {
wrap_ttl = "1s" wrap_ttl = "1s"
config = { config = {
path = "/run/vault_agent/vault.token" path = "/run/vault_agent/vault.token"
mode = 600 mode = 0600
} }
} }
} }