commit 24dfc626ea9dd35ae5d095e85798b807deead594
parent a98a2ca3394b4a694d2bc3ebc8a692637b62f3e7
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 22 Feb 2021 17:05:47 +0100
parent a98a2ca3394b4a694d2bc3ebc8a692637b62f3e7
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 22 Feb 2021 17:05:47 +0100
misc: improvements
6 files changed, 38 insertions(+), 265 deletions(-)
M
|
102
+++++++------------------------------------------------------------------------
M
|
174
+++++++------------------------------------------------------------------------
diff --git a/roles/cgit/meta/main.yml b/roles/cgit/meta/main.yml @@ -1,5 +1,6 @@ --- dependencies: - - openssh - - nginx-handler- \ No newline at end of file + - role: nginx + when: + - services.cgit.nginx.enable is true
diff --git a/roles/cgit/tasks/main.yml b/roles/cgit/tasks/main.yml @@ -27,10 +27,10 @@ - services.cgit.enable is defined - services.cgit.enable is true -- name: Run handlers - meta: flush_handlers - - include: remove.yml when: - services.cgit.enable is defined - services.cgit.enable is false + +- name: Run handlers + meta: flush_handlers
diff --git a/roles/cgit/tasks/remove.yml b/roles/cgit/tasks/remove.yml @@ -26,4 +26,5 @@ - /usr/share/webapps/cgit - /etc/conf.d/spawn-fcgi.cgit - /etc/init.d/spawn-fcgi.cgit - - /etc/nginx/conf.d/cgit.conf- \ No newline at end of file + - /etc/nginx/conf.d/cgit.conf + notify: "Restart nginx"+ \ No newline at end of file
diff --git a/roles/frps/meta/main.yml b/roles/frps/meta/main.yml @@ -1,6 +1,9 @@ --- dependencies: - - nginx - - nginx-handler - - nftables-handler- \ No newline at end of file + - role: nginx + when: + - services.frps.nginx.enable is true + - role: nftables-handler + when: + - network.nftables.enable is true
diff --git a/roles/gitolite/tasks/main.yml b/roles/gitolite/tasks/main.yml @@ -1,106 +1,21 @@ --- -# fail when needed options not set - -- fail: msg="Option 'gitolite.initalKey' has to be defined!" - when: - - services.gitolite.enable is true - - services.gitolite.initialKey is not defined - -- fail: msg="Option 'system.enableSSH' has to be true! Gitolite needs SSH!" - when: - - services.gitolite.enable is true - - system.enableSSH is not defined or system.enableSSH is false - - -#install it - -- name: "[Alpine] Install package: gitolite" - apk: - name: gitolite, git - state: present - update_cache: yes - when: - - ansible_distribution == "Alpine" - - services.gitolite.enable is true - -- name: "[Archlinux] Install package: gitolite" - apk: - name: gitolite, git - state: present - update_cache: yes - when: - - ansible_distribution == "Archlinux" - - services.gitolite.enable is true - - -# configure it - -- name: copy initial ssh-key to destination host - copy: - content: "{{ services.gitolite.initialKey }}" - dest: /var/lib/git/first-user-key.pub - owner: git - group: git +- include: checks.yml when: + - services.gitolite.enable is defined - services.gitolite.enable is true - - services.gitolite.initialKey is defined -- name: Initial setup of gitolite - become: yes - become_user: git - command: - cmd: gitolite setup -pk /var/lib/git/first-user-key.pub - creates: /var/lib/git/.gitolite +- include: install.yml when: + - services.gitolite.enable is defined - services.gitolite.enable is true -- name: Delete first-user-key.pub - file: - path: /var/lib/git/first-user-key.pub - state: absent +- include: configure.yml when: + - services.gitolite.enable is defined - services.gitolite.enable is true -- name: Unlock the git user - ignore_errors: yes - command: - cmd: passwd -u git +- include: remove.yml when: - - services.gitolite.enable is true - -- name: fix gitolite.rc to set correct permissons - patch: - src: gitolite.rc.patch - dest: /var/lib/git/.gitolite.rc - when: - - services.gitolite.enable is true - -- name: set permissions for git dir - file: - path: /var/lib/git - state: directory - mode: 0755 - owner: git - group: git - when: - - services.gitolite.enable is true - - -#remove it - -- name: "[Alpine] Remove package: gitolite" - apk: - name: gitolite - state: absent - when: - - ansible_distribution == "Alpine" + - services.gitolite.enable is defined - services.gitolite.enable is false - -- name: "[Archlinux] Remove package: gitolite" - apk: - name: gitolite - state: absent - when: - - ansible_distribution == "Archlinux" - - services.gitolite.enable is false- \ No newline at end of file
diff --git a/roles/oeffi-web/tasks/main.yml b/roles/oeffi-web/tasks/main.yml @@ -1,175 +1,31 @@ - --- - -# check - -- fail: msg="This role currently only supports AlpineLinux!" +- include: checks.yml when: + - services.oeffi_web.enable is defined - services.oeffi_web.enable is true - - ansible_distribution != "Alpine" -- fail: msg="This Role only works when Option 'system.enableOwnRepos' is true!" +- include: install.yml when: + - services.oeffi_web.enable is defined - services.oeffi_web.enable is true - - system.enableOwnRepos is false - -- fail: msg="Option 'services.oeffi_web.instances' has to be set!" +- include: nginx.yml when: + - services.oeffi_web.enable is defined - services.oeffi_web.enable is true - - services.oeffi_web.instances is not defined - -- fail: msg="Nginx role has to be enabled when using nginx options!" - when: + - services.oeffi_web.nginx.enable is defined - services.oeffi_web.nginx.enable is true - - services.nginx.enable is false - - -# install it - -- name: "[Alpine] Install package: oeffi-web" - apk: - name: oeffi-web - state: present - update_cache: yes - when: - - ansible_distribution == "Alpine" - - services.oeffi_web.enable is true - -# configure it - -- name: "[OpenRC] Create service files" - template: - src: oeffi-web.initd.j2 - dest: "/etc/init.d/oeffi-web{{item}}" - mode: 0755 - loop: - - 1 - - 2 - - 3 - - 4 - when: - - ansible_service_mgr == "openrc" - - services.oeffi_web.enable is true - -- name: "Create directory: /var/log/oeffi-web" - file: - path: "/var/log/oeffi-web" - mode: 0755 - state: directory - loop: - - 1 - - 2 - - 3 - - 4 - when: - - ansible_distribution == "Alpine" - - services.oeffi_web.enable is true - -- name: "Create logfiles in /var/log/oeffi-web" - file: - path: "/var/log/oeffi-web/{{item}}.log" - mode: 0777 - state: touch - loop: - - 1 - - 2 - - 3 - - 4 - when: - - ansible_distribution == "Alpine" - - services.oeffi_web.enable is true - -- name: "[nginx] Create vhost" - template: - src: nginx-vhost.conf.j2 - dest: /etc/nginx/conf.d/oeffi-web.conf - mode: 0644 - owner: nginx - group: nginx - when: - - ansible_distribution == "Alpine" - - services.oeffi_web.enable is true - - services.oeffi_web.nginx.enable is true - - -# start it - -- name: "[OpenRC] Enable and restart service: oeffi-web" - service: - name: "oeffi-web{{item}}" - enabled: yes - state: restarted - loop: - - 1 - - 2 - - 3 - - 4 - when: - - ansible_service_mgr == "openrc" - - services.oeffi_web.enable is true - -- name: "[OpenRC] Restart service: nginx" - service: - name: nginx - state: restarted - when: - - ansible_service_mgr == "openrc" +- include: start.yml + when: + - services.oeffi_web.enable is defined - services.oeffi_web.enable is true - - services.oeffi_web.nginx.enable is true - -# remove it - -- name: "[OpenRC] Disable and stop service: oeffi-web" - service: - name: "oeffi-web{{item}}" - enabled: no - state: stopped - loop: - - 1 - - 2 - - 3 - - 4 - when: - - ansible_service_mgr == "openrc" - - services.oeffi_web.enable is false - -- name: "[Alpine] Remove package: oeffi-web" - apk: - name: oeffi-web - state: absent - when: - - ansible_distribution == "Alpine" - - services.oeffi_web.enable is false - -- name: "Delete files: /etc/init.d/oeffi-webX" - file: - path: "/etc/init.d/oeffi-web{{ item }}" - state: absent - loop: - - 1 - - 2 - - 3 - - 4 - when: - - ansible_distribution == "Alpine" - - services.oeffi_web.enable is false - -- name: "Delete directory: /var/log/oeffi-web" - file: - path: /var/log/oeffi-web - state: absent - when: - - ansible_distribution == "Alpine" +- include: remove.yml + when: + - services.oeffi_web.enable is defined - services.oeffi_web.enable is false -- name: "Delete file: /etc/nginx/conf.d/oeffi-web.conf" - file: - path: /etc/nginx/conf.d/oeffi-web.conf - state: absent - when: - - ansible_distribution == "Alpine" - - services.oeffi_web.enable is false +- name: Run handlers + meta: flush_handlers