From 89eaee113902087b76fac195647f9f719b05b60c Mon Sep 17 00:00:00 2001 From: Simon Cornet Date: Fri, 11 Jul 2025 19:25:53 +0200 Subject: [PATCH] feat: various fixes --- tasks/apt/config.yaml | 2 +- tasks/apt/packages.yaml | 2 +- tasks/apt/sources.yaml | 8 +++---- tasks/cron.yaml | 3 +-- tasks/environment.yaml | 3 +-- tasks/firewall/firewall-general.yaml | 3 +-- tasks/firewall/firewall-rules-routed.yaml | 2 +- tasks/firewall/firewall-rules.yaml | 3 +-- tasks/hostname.yaml | 3 +-- tasks/journald.yaml | 3 +-- tasks/lldpd.yaml | 3 +-- tasks/locale.yaml | 3 +-- tasks/lxd.yaml | 3 +-- tasks/main.yaml | 27 ++++++----------------- tasks/motd.yaml | 2 +- tasks/ntp.yaml | 2 +- tasks/snap/snap_daemon.yaml | 2 +- tasks/snap/snap_package.yaml | 3 +-- tasks/sshd.yaml | 3 +-- tasks/swap.yaml | 2 +- tasks/sysctl.yaml | 3 +-- tasks/syslog/config.yaml | 2 +- tasks/syslog/install.yaml | 3 +-- tasks/systemctl.yaml | 3 +-- tasks/telemetry.yaml | 3 +-- tasks/timezone.yaml | 3 +-- tasks/user.yaml | 22 +++++++++--------- 27 files changed, 47 insertions(+), 74 deletions(-) diff --git a/tasks/apt/config.yaml b/tasks/apt/config.yaml index 3cbfa06..12c8226 100644 --- a/tasks/apt/config.yaml +++ b/tasks/apt/config.yaml @@ -2,7 +2,7 @@ # apt config - name: "apt config" - tags: ["apt"] + tags: "apt" block: # configure apt auto update diff --git a/tasks/apt/packages.yaml b/tasks/apt/packages.yaml index 62d66ab..8e45576 100644 --- a/tasks/apt/packages.yaml +++ b/tasks/apt/packages.yaml @@ -2,7 +2,7 @@ # apt packages - name: "apt packages" - tags: ["apt"] + tags: "apt" block: # install packages diff --git a/tasks/apt/sources.yaml b/tasks/apt/sources.yaml index 6dcf004..715717c 100644 --- a/tasks/apt/sources.yaml +++ b/tasks/apt/sources.yaml @@ -2,7 +2,7 @@ # manage apt sources - name: "manage apt sources" - tags: ["apt"] + tags: "apt" block: # configure apt sources @@ -13,10 +13,10 @@ owner: "root" group: "root" mode: "0644" + notify: "apt force cache update" when: - 'ansible_os_family == "Debian"' - 'ansible_distribution_major_version <= "23"' - notify: "apt force cache update" # configure apt sources - proxmox list - name: "apt - config - configure apt sources - proxmox list" @@ -26,10 +26,10 @@ owner: "root" group: "root" mode: "0644" + notify: "apt force cache update" when: - 'ansible_os_family == "Debian"' - "inventory_hostname in groups['proxmox']" - notify: "apt force cache update" # configure apt sources - name: "apt - config - configure apt sources" @@ -39,10 +39,10 @@ owner: "root" group: "root" mode: "0644" + notify: "apt force cache update" when: - 'ansible_distribution == "Ubuntu"' - 'ansible_distribution_major_version >= "24"' - notify: "apt force cache update" # delete unused sources.list - name: "apt - config - remove old sources.list" diff --git a/tasks/cron.yaml b/tasks/cron.yaml index 8444f8f..0ce7208 100644 --- a/tasks/cron.yaml +++ b/tasks/cron.yaml @@ -9,5 +9,4 @@ group: "root" mode: "0644" when: 'type == "lxc"' - tags: - - "cron" + tags: "cron" diff --git a/tasks/environment.yaml b/tasks/environment.yaml index 9fd3676..236658e 100644 --- a/tasks/environment.yaml +++ b/tasks/environment.yaml @@ -9,5 +9,4 @@ group: "root" mode: "0644" when: 'ansible_distribution == "Ubuntu"' - tags: - - "environment-file" + tags: "environment-file" diff --git a/tasks/firewall/firewall-general.yaml b/tasks/firewall/firewall-general.yaml index fc0994b..4c8899a 100644 --- a/tasks/firewall/firewall-general.yaml +++ b/tasks/firewall/firewall-general.yaml @@ -7,5 +7,4 @@ direction: "incoming" policy: "deny" logging: "on" - tags: - - "firewall" + tags: "firewall" diff --git a/tasks/firewall/firewall-rules-routed.yaml b/tasks/firewall/firewall-rules-routed.yaml index 79fa974..7e10a46 100644 --- a/tasks/firewall/firewall-rules-routed.yaml +++ b/tasks/firewall/firewall-rules-routed.yaml @@ -2,7 +2,7 @@ # basic firewall rules - name: "basic firewall rules" - tags: ["firewall"] + tags: "firewall" block: # basic firewall rules diff --git a/tasks/firewall/firewall-rules.yaml b/tasks/firewall/firewall-rules.yaml index 1a1f373..c0e2d22 100644 --- a/tasks/firewall/firewall-rules.yaml +++ b/tasks/firewall/firewall-rules.yaml @@ -8,5 +8,4 @@ proto: "{{ __rule['proto'] | default('tcp') }}" from_ip: "{{ __rule['from_ip'] }}" to_port: "{{ __rule['to_port'] }}" - tags: - - "firewall" + tags: "firewall" diff --git a/tasks/hostname.yaml b/tasks/hostname.yaml index 3227d81..53ccfda 100644 --- a/tasks/hostname.yaml +++ b/tasks/hostname.yaml @@ -5,8 +5,7 @@ ansible.builtin.hostname: name: "{{ set_hostname | default(inventory_hostname_short) }}" use: "{{ hostname_use_method }}" - tags: - - "hostname" + tags: "hostname" # manage /etc/hosts file - name: "manage /etc/hosts file for hostname" diff --git a/tasks/journald.yaml b/tasks/journald.yaml index f31c122..f7ec7aa 100644 --- a/tasks/journald.yaml +++ b/tasks/journald.yaml @@ -10,5 +10,4 @@ mode: "0644" when: 'ansible_distribution == "Ubuntu"' notify: "restart journald" - tags: - - "journald" + tags: "journald" diff --git a/tasks/lldpd.yaml b/tasks/lldpd.yaml index 64268be..d4a9f59 100644 --- a/tasks/lldpd.yaml +++ b/tasks/lldpd.yaml @@ -8,5 +8,4 @@ cache_valid_time: "3600" when: 'ansible_os_family == "Debian"' notify: "restart lldpd" - tags: - - "lldp" + tags: "lldp" diff --git a/tasks/locale.yaml b/tasks/locale.yaml index 890df1c..0f3c28f 100644 --- a/tasks/locale.yaml +++ b/tasks/locale.yaml @@ -5,5 +5,4 @@ community.general.locale_gen: name: "en_US.UTF-8" state: "present" - tags: - - "locale" + tags: "locale" diff --git a/tasks/lxd.yaml b/tasks/lxd.yaml index be17c6d..d4a17d5 100644 --- a/tasks/lxd.yaml +++ b/tasks/lxd.yaml @@ -7,5 +7,4 @@ state: "absent" purge: true when: 'ansible_os_family == "Debian"' - tags: - - "lxd" + tags: "lxd" diff --git a/tasks/main.yaml b/tasks/main.yaml index 7757bf6..0f9091c 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -10,42 +10,28 @@ ansible.builtin.import_tasks: "hostname.yaml" tags: "hostname" -# flush handler -- name: "flush handlers" - ansible.builtin.meta: "flush_handlers" - # set locale - name: "set locale" ansible.builtin.import_tasks: "locale.yaml" tags: "locale" -# flush handler -- name: "flush handlers" - ansible.builtin.meta: "flush_handlers" - # environment - name: "environment" ansible.builtin.import_tasks: "environment.yaml" tags: "environment-file" -# flush handler -- name: "flush handlers" - ansible.builtin.meta: "flush_handlers" - # motd - name: "motd" ansible.builtin.import_tasks: "motd.yaml" + when: "ansible_os_family == 'Debian'" tags: "motd" # cron jobs - name: "cron jobs" ansible.builtin.import_tasks: "cron.yaml" + when: "ansible_os_family == 'Debian'" tags: "cron" -# flush handler -- name: "flush handlers" - ansible.builtin.meta: "flush_handlers" - # swap - name: "swap" ansible.builtin.import_tasks: "swap.yaml" @@ -55,6 +41,7 @@ # apt - name: "apt" ansible.builtin.import_tasks: "apt/sources.yaml" + when: "ansible_os_family == 'Debian'" tags: "apt" # flush handler @@ -63,14 +50,17 @@ - name: "apt - packages" ansible.builtin.import_tasks: "apt/packages.yaml" + when: "ansible_os_family == 'Debian'" tags: "apt" - name: "apt - config" ansible.builtin.import_tasks: "apt/config.yaml" + when: "ansible_os_family == 'Debian'" tags: "apt" - name: "apt - cleanup" ansible.builtin.import_tasks: "apt/cleanup.yaml" + when: "ansible_os_family == 'Debian'" tags: "apt-cleanup" # telemetry @@ -189,9 +179,6 @@ # user - name: "user - create users" ansible.builtin.include_tasks: "user.yaml" - loop: "{{ user }}" - loop_control: - loop_var: "__user" tags: "usermanagement" # firewall @@ -228,7 +215,7 @@ loop: "{{ firewall_rules }}" loop_control: loop_var: "__rule" - when: + when: - "firewall_rules is defined" - "firewall_enabled" tags: "firewall" diff --git a/tasks/motd.yaml b/tasks/motd.yaml index 603b706..3647bd6 100644 --- a/tasks/motd.yaml +++ b/tasks/motd.yaml @@ -1,7 +1,7 @@ --- - name: "manage motd" - tags: ["motd"] + tags: "motd" block: # find old motd files diff --git a/tasks/ntp.yaml b/tasks/ntp.yaml index b3b16aa..35f01b3 100644 --- a/tasks/ntp.yaml +++ b/tasks/ntp.yaml @@ -1,7 +1,7 @@ --- - name: "manage ntp" - tags: ["ntp"] + tags: "ntp" block: # install chrony diff --git a/tasks/snap/snap_daemon.yaml b/tasks/snap/snap_daemon.yaml index 3fe8569..1d0a172 100644 --- a/tasks/snap/snap_daemon.yaml +++ b/tasks/snap/snap_daemon.yaml @@ -2,7 +2,7 @@ # manage snapd - name: "manage snapd" - tags: ["snap"] + tags: "snap" block: # set defaults - name: "set facts" diff --git a/tasks/snap/snap_package.yaml b/tasks/snap/snap_package.yaml index 421c522..818f673 100644 --- a/tasks/snap/snap_package.yaml +++ b/tasks/snap/snap_package.yaml @@ -9,5 +9,4 @@ loop: "{{ snap_package }}" loop_control: loop_var: "__snap_package" - tags: - - "snap" + tags: "snap" diff --git a/tasks/sshd.yaml b/tasks/sshd.yaml index 1705701..40f24ad 100644 --- a/tasks/sshd.yaml +++ b/tasks/sshd.yaml @@ -9,5 +9,4 @@ group: "root" mode: "0644" notify: "restart ssh" - tags: - - "sshd" + tags: "sshd" diff --git a/tasks/swap.yaml b/tasks/swap.yaml index 75b2ec8..4c81b20 100644 --- a/tasks/swap.yaml +++ b/tasks/swap.yaml @@ -2,7 +2,7 @@ # manage swap - name: "manage swap" - tags: ["swap"] + tags: "swap" block: # enable or disable swap diff --git a/tasks/sysctl.yaml b/tasks/sysctl.yaml index 19dceef..6a3586f 100644 --- a/tasks/sysctl.yaml +++ b/tasks/sysctl.yaml @@ -6,5 +6,4 @@ name: "{{ __sysctl['name'] }}" value: "{{ __sysctl['value'] }}" sysctl_set: "yes" - tags: - - "sysctl" + tags: "sysctl" diff --git a/tasks/syslog/config.yaml b/tasks/syslog/config.yaml index 763ce1b..d1ea68c 100644 --- a/tasks/syslog/config.yaml +++ b/tasks/syslog/config.yaml @@ -2,7 +2,7 @@ # manage syslog - name: "manage syslog" - tags: ["syslog"] + tags: "syslog" block: # configure rsyslogd - debian diff --git a/tasks/syslog/install.yaml b/tasks/syslog/install.yaml index d0afc49..0ecaac9 100644 --- a/tasks/syslog/install.yaml +++ b/tasks/syslog/install.yaml @@ -7,5 +7,4 @@ state: "present" cache_valid_time: "3600" when: 'ansible_os_family == "Debian"' - tags: - - "syslog" + tags: "syslog" diff --git a/tasks/systemctl.yaml b/tasks/systemctl.yaml index 95c2ef0..2babc1a 100644 --- a/tasks/systemctl.yaml +++ b/tasks/systemctl.yaml @@ -10,5 +10,4 @@ mode: "0644" when: 'ansible_os_family == "Debian"' notify: "daemon-reload fstrim.timer" - tags: - - "systemctl" + tags: "systemctl" diff --git a/tasks/telemetry.yaml b/tasks/telemetry.yaml index 6d69d9c..1441db9 100644 --- a/tasks/telemetry.yaml +++ b/tasks/telemetry.yaml @@ -6,5 +6,4 @@ path: "/etc/cron.daily/popularity-contest" state: "absent" when: 'ansible_distribution == "Ubuntu"' - tags: - - "telemetry" + tags: "telemetry" diff --git a/tasks/timezone.yaml b/tasks/timezone.yaml index 668d935..f04fd0e 100644 --- a/tasks/timezone.yaml +++ b/tasks/timezone.yaml @@ -4,5 +4,4 @@ - name: "timezone - set {{ timezone }}" community.general.timezone: name: "{{ timezone }}" - tags: - - "timezone" + tags: "timezone" diff --git a/tasks/user.yaml b/tasks/user.yaml index db4103d..30f1301 100644 --- a/tasks/user.yaml +++ b/tasks/user.yaml @@ -2,7 +2,11 @@ # manage users - name: "manage users" - tags: ["usermanagement"] + tags: "usermanagement" + loop: "{{ user }}" + loop_control: + loop_var: "__user" + block: # manage facts @@ -13,7 +17,7 @@ sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}" user_state: "{{ __user['state'] | default('present') }}" - # create users + # create user with password - name: "user - create users with password - {{ __user['username'] }}" ansible.builtin.user: name: "{{ __user['username'] }}" @@ -25,12 +29,13 @@ - "__user['password'] is defined" - "user_state == 'present'" - - name: "user - create users withouth password - {{ __user['username'] }}" + # create user without password + - name: "user - create users without password - {{ __user['username'] }}" ansible.builtin.user: name: "{{ __user['username'] }}" comment: "{{ __user['name'] }}" shell: "{{ __user['shell'] | default('/bin/bash') }}" - state: "state" + state: "{{ user_state }}" when: - "__user['password'] is not defined" - "user_state == 'present'" @@ -42,8 +47,7 @@ key: "{{ __user['publickey'] }}" state: "present" manage_dir: "true" - when: - - "__user['publickey'] is defined" + when: "__user['publickey'] is defined" # delete users - name: "user - delete users - {{ __user['username'] }}" @@ -61,12 +65,10 @@ owner: "root" group: "root" mode: "0644" - when: - - "sudo_file" + when: "sudo_file" - name: "user - delete sudoers file - {{ __user['username'] }}" ansible.builtin.file: state: "absent" path: "/etc/sudoers.d/{{ __user['username'] }}" - when: - - "not sudo_file" + when: "not sudo_file"