ctucx.git: ansible-configs

My personal ansible roles and playbooks [deprecated in favor of nixos]

commit 24dfc626ea9dd35ae5d095e85798b807deead594
parent a98a2ca3394b4a694d2bc3ebc8a692637b62f3e7
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 22 Feb 2021 17:05:47 +0100

misc: improvements
6 files changed, 38 insertions(+), 265 deletions(-)
M
roles/cgit/meta/main.yml
|
6
+++---
M
roles/cgit/tasks/main.yml
|
6
+++---
M
roles/cgit/tasks/remove.yml
|
5
+++--
M
roles/frps/meta/main.yml
|
10
++++++----
M
roles/gitolite/tasks/main.yml
|
102
+++++++------------------------------------------------------------------------
M
roles/oeffi-web/tasks/main.yml
|
174
+++++++------------------------------------------------------------------------
diff --git a/roles/cgit/meta/main.yml b/roles/cgit/meta/main.yml
@@ -1,5 +1,6 @@
 ---
 
 dependencies:
-  - openssh
-  - nginx-handler-
\ No newline at end of file
+  - role: nginx
+    when:
+      - services.cgit.nginx.enable is true
diff --git a/roles/cgit/tasks/main.yml b/roles/cgit/tasks/main.yml
@@ -27,10 +27,10 @@
     - services.cgit.enable is defined
     - services.cgit.enable is true
 
-- name: Run handlers
-  meta: flush_handlers
-
 - include: remove.yml
   when:
     - services.cgit.enable is defined
     - services.cgit.enable is false
+
+- name: Run handlers
+  meta: flush_handlers
diff --git a/roles/cgit/tasks/remove.yml b/roles/cgit/tasks/remove.yml
@@ -26,4 +26,5 @@
     - /usr/share/webapps/cgit
     - /etc/conf.d/spawn-fcgi.cgit
     - /etc/init.d/spawn-fcgi.cgit
-    - /etc/nginx/conf.d/cgit.conf-
\ No newline at end of file
+    - /etc/nginx/conf.d/cgit.conf
+  notify: "Restart nginx"+
\ No newline at end of file
diff --git a/roles/frps/meta/main.yml b/roles/frps/meta/main.yml
@@ -1,6 +1,9 @@
 ---
 
 dependencies:
-  - nginx
-  - nginx-handler
-  - nftables-handler-
\ No newline at end of file
+  - role: nginx
+    when:
+      - services.frps.nginx.enable is true
+  - role: nftables-handler
+    when:
+      - network.nftables.enable is true
diff --git a/roles/gitolite/tasks/main.yml b/roles/gitolite/tasks/main.yml
@@ -1,106 +1,21 @@
 ---
 
-# fail when needed options not set
-
-- fail: msg="Option 'gitolite.initalKey' has to be defined!"
-  when:
-    - services.gitolite.enable is true
-    - services.gitolite.initialKey is not defined
-
-- fail: msg="Option 'system.enableSSH' has to be true! Gitolite needs SSH!"
-  when:
-    - services.gitolite.enable is true
-    - system.enableSSH is not defined or system.enableSSH is false
-
-
-#install it
-
-- name: "[Alpine] Install package: gitolite"
-  apk:
-    name: gitolite, git
-    state: present
-    update_cache: yes
-  when: 
-    - ansible_distribution == "Alpine" 
-    - services.gitolite.enable is true
-
-- name: "[Archlinux] Install package: gitolite"
-  apk:
-    name: gitolite, git
-    state: present
-    update_cache: yes
-  when: 
-    - ansible_distribution == "Archlinux" 
-    - services.gitolite.enable is true
-
-
-# configure it
-
-- name: copy initial ssh-key to destination host
-  copy:
-    content: "{{ services.gitolite.initialKey }}"
-    dest: /var/lib/git/first-user-key.pub
-    owner: git
-    group: git
+- include: checks.yml
   when:
+    - services.gitolite.enable is defined
     - services.gitolite.enable is true
-    - services.gitolite.initialKey is defined
 
-- name: Initial setup of gitolite
-  become: yes
-  become_user: git
-  command:
-    cmd: gitolite setup -pk /var/lib/git/first-user-key.pub
-    creates: /var/lib/git/.gitolite
+- include: install.yml
   when:
+    - services.gitolite.enable is defined
     - services.gitolite.enable is true
 
-- name: Delete first-user-key.pub
-  file:
-    path: /var/lib/git/first-user-key.pub
-    state: absent
+- include: configure.yml
   when:
+    - services.gitolite.enable is defined
     - services.gitolite.enable is true
 
-- name: Unlock the git user
-  ignore_errors: yes
-  command:
-    cmd: passwd -u git
+- include: remove.yml
   when:
-    - services.gitolite.enable is true
-
-- name: fix gitolite.rc to set correct permissons
-  patch:
-    src: gitolite.rc.patch
-    dest: /var/lib/git/.gitolite.rc
-  when:
-    - services.gitolite.enable is true
-
-- name: set permissions for git dir
-  file:
-    path: /var/lib/git
-    state: directory  
-    mode: 0755
-    owner: git
-    group: git
-  when:
-    - services.gitolite.enable is true
-
-
-#remove it
-
-- name: "[Alpine] Remove package: gitolite"
-  apk:
-    name: gitolite
-    state: absent
-  when: 
-    - ansible_distribution == "Alpine" 
+    - services.gitolite.enable is defined
     - services.gitolite.enable is false
-
-- name: "[Archlinux] Remove package: gitolite"
-  apk:
-    name: gitolite
-    state: absent
-  when: 
-    - ansible_distribution == "Archlinux" 
-    - services.gitolite.enable is false-
\ No newline at end of file
diff --git a/roles/oeffi-web/tasks/main.yml b/roles/oeffi-web/tasks/main.yml
@@ -1,175 +1,31 @@
-
 ---
 
-
-# check 
-
-- fail: msg="This role currently only supports AlpineLinux!"
+- include: checks.yml
   when:
+    - services.oeffi_web.enable is defined
     - services.oeffi_web.enable is true
-    - ansible_distribution != "Alpine" 
 
-- fail: msg="This Role only works when Option 'system.enableOwnRepos' is true!"
+- include: install.yml
   when:
+    - services.oeffi_web.enable is defined
     - services.oeffi_web.enable is true
-    - system.enableOwnRepos is false
 
-
-- fail: msg="Option 'services.oeffi_web.instances' has to be set!"
+- include: nginx.yml
   when:
+    - services.oeffi_web.enable is defined
     - services.oeffi_web.enable is true
-    - services.oeffi_web.instances is not defined 
-
-- fail: msg="Nginx role has to be enabled when using nginx options!"
-  when:
+    - services.oeffi_web.nginx.enable is defined
     - services.oeffi_web.nginx.enable is true
-    - services.nginx.enable is false
-
-
-# install it 
-
-- name: "[Alpine] Install package: oeffi-web"
-  apk:
-    name: oeffi-web
-    state: present
-    update_cache: yes
-  when: 
-    - ansible_distribution == "Alpine" 
-    - services.oeffi_web.enable is true
 
-
-# configure it 
-
-- name: "[OpenRC] Create service files" 
-  template: 
-    src: oeffi-web.initd.j2
-    dest: "/etc/init.d/oeffi-web{{item}}"
-    mode: 0755
-  loop:
-    - 1
-    - 2
-    - 3
-    - 4
-  when: 
-    - ansible_service_mgr == "openrc"
-    - services.oeffi_web.enable is true
-
-- name: "Create directory: /var/log/oeffi-web"
-  file:
-    path: "/var/log/oeffi-web"
-    mode: 0755
-    state: directory
-  loop:
-    - 1
-    - 2
-    - 3
-    - 4
-  when: 
-    - ansible_distribution == "Alpine" 
-    - services.oeffi_web.enable is true
-
-- name: "Create logfiles in /var/log/oeffi-web"
-  file:
-    path: "/var/log/oeffi-web/{{item}}.log"
-    mode: 0777
-    state: touch
-  loop:
-    - 1
-    - 2
-    - 3
-    - 4
-  when: 
-    - ansible_distribution == "Alpine" 
-    - services.oeffi_web.enable is true
-
-- name: "[nginx] Create vhost" 
-  template: 
-    src: nginx-vhost.conf.j2
-    dest: /etc/nginx/conf.d/oeffi-web.conf
-    mode: 0644
-    owner: nginx
-    group: nginx
-  when: 
-    - ansible_distribution == "Alpine" 
-    - services.oeffi_web.enable is true
-    - services.oeffi_web.nginx.enable is true
-
-
-# start it
-
-- name: "[OpenRC] Enable and restart service: oeffi-web"
-  service:
-    name: "oeffi-web{{item}}"
-    enabled: yes
-    state: restarted
-  loop:
-    - 1
-    - 2
-    - 3
-    - 4
-  when: 
-    - ansible_service_mgr == "openrc"
-    - services.oeffi_web.enable is true
-
-- name: "[OpenRC] Restart service: nginx"
-  service:
-    name: nginx
-    state: restarted
-  when: 
-    - ansible_service_mgr == "openrc"
+- include: start.yml
+  when:
+    - services.oeffi_web.enable is defined
     - services.oeffi_web.enable is true
-    - services.oeffi_web.nginx.enable is true
-
 
-# remove it
-
-- name: "[OpenRC] Disable and stop service: oeffi-web"
-  service:
-    name: "oeffi-web{{item}}"
-    enabled: no
-    state: stopped
-  loop:
-    - 1
-    - 2
-    - 3
-    - 4
-  when: 
-    - ansible_service_mgr == "openrc"
-    - services.oeffi_web.enable is false
-
-- name: "[Alpine] Remove package: oeffi-web"
-  apk:
-    name: oeffi-web
-    state: absent
-  when: 
-    - ansible_distribution == "Alpine" 
-    - services.oeffi_web.enable is false
-
-- name: "Delete files: /etc/init.d/oeffi-webX"
-  file:
-    path: "/etc/init.d/oeffi-web{{ item }}"
-    state: absent
-  loop:
-    - 1
-    - 2
-    - 3
-    - 4
-  when: 
-    - ansible_distribution == "Alpine" 
-    - services.oeffi_web.enable is false
-
-- name: "Delete directory: /var/log/oeffi-web"
-  file:
-    path: /var/log/oeffi-web
-    state: absent
-  when: 
-    - ansible_distribution == "Alpine" 
+- include: remove.yml
+  when:
+    - services.oeffi_web.enable is defined
     - services.oeffi_web.enable is false
 
-- name: "Delete file: /etc/nginx/conf.d/oeffi-web.conf"
-  file:
-    path: /etc/nginx/conf.d/oeffi-web.conf
-    state: absent
-  when: 
-    - ansible_distribution == "Alpine" 
-    - services.oeffi_web.enable is false
+- name: Run handlers
+  meta: flush_handlers