feat: various fixes

2025-07-11 19:25:53 +02:00 · 2025-07-11 19:25:53 +02:00 · 89eaee1139
commit 89eaee1139
parent 8f396d90b6
27 changed files with 47 additions and 74 deletions
--- a/tasks/apt/config.yaml
+++ b/tasks/apt/config.yaml
@ -2,7 +2,7 @@

 # apt config
 - name: "apt config"
-  tags: ["apt"]
+  tags: "apt"
  block:

    # configure apt auto update
--- a/tasks/apt/packages.yaml
+++ b/tasks/apt/packages.yaml
@ -2,7 +2,7 @@

 # apt packages
 - name: "apt packages"
-  tags: ["apt"]
+  tags: "apt"
  block:

    # install packages
--- a/tasks/apt/sources.yaml
+++ b/tasks/apt/sources.yaml
@ -2,7 +2,7 @@

 # manage apt sources
 - name: "manage apt sources"
-  tags: ["apt"]
+  tags: "apt"
  block:

    # configure apt sources
@ -13,10 +13,10 @@
        owner: "root"
        group: "root"
        mode: "0644"
+      notify: "apt force cache update"
      when:
        - 'ansible_os_family == "Debian"'
        - 'ansible_distribution_major_version <= "23"'
-      notify: "apt force cache update"

    # configure apt sources - proxmox list
    - name: "apt - config - configure apt sources - proxmox list"
@ -26,10 +26,10 @@
        owner: "root"
        group: "root"
        mode: "0644"
+      notify: "apt force cache update"
      when:
        - 'ansible_os_family == "Debian"'
        - "inventory_hostname in groups['proxmox']"
-      notify: "apt force cache update"

    # configure apt sources
    - name: "apt - config - configure apt sources"
@ -39,10 +39,10 @@
        owner: "root"
        group: "root"
        mode: "0644"
+      notify: "apt force cache update"
      when:
        - 'ansible_distribution == "Ubuntu"'
        - 'ansible_distribution_major_version >= "24"'
-      notify: "apt force cache update"

    # delete unused sources.list
    - name: "apt - config - remove old sources.list"
--- a/tasks/cron.yaml
+++ b/tasks/cron.yaml
@ -9,5 +9,4 @@
    group: "root"
    mode: "0644"
  when: 'type == "lxc"'
-  tags:
-    - "cron"
+  tags: "cron"
--- a/tasks/environment.yaml
+++ b/tasks/environment.yaml
@ -9,5 +9,4 @@
    group: "root"
    mode: "0644"
  when: 'ansible_distribution == "Ubuntu"'
-  tags:
-    - "environment-file"
+  tags: "environment-file"
--- a/tasks/firewall/firewall-general.yaml
+++ b/tasks/firewall/firewall-general.yaml
@ -7,5 +7,4 @@
    direction: "incoming"
    policy: "deny"
    logging: "on"
-  tags:
-    - "firewall"
+  tags: "firewall"
--- a/tasks/firewall/firewall-rules-routed.yaml
+++ b/tasks/firewall/firewall-rules-routed.yaml
@ -2,7 +2,7 @@

 # basic firewall rules
 - name: "basic firewall rules"
-  tags: ["firewall"]
+  tags: "firewall"
  block:

    # basic firewall rules
--- a/tasks/firewall/firewall-rules.yaml
+++ b/tasks/firewall/firewall-rules.yaml
@ -8,5 +8,4 @@
    proto: "{{ __rule['proto'] | default('tcp') }}"
    from_ip: "{{ __rule['from_ip'] }}"
    to_port: "{{ __rule['to_port'] }}"
-  tags:
-    - "firewall"
+  tags: "firewall"
--- a/tasks/hostname.yaml
+++ b/tasks/hostname.yaml
@ -5,8 +5,7 @@
  ansible.builtin.hostname:
    name: "{{ set_hostname | default(inventory_hostname_short) }}"
    use: "{{ hostname_use_method }}"
-  tags:
-    - "hostname"
+  tags: "hostname"

 # manage /etc/hosts file
 - name: "manage /etc/hosts file for hostname"
--- a/tasks/journald.yaml
+++ b/tasks/journald.yaml
@ -10,5 +10,4 @@
    mode: "0644"
  when: 'ansible_distribution == "Ubuntu"'
  notify: "restart journald"
-  tags:
-    - "journald"
+  tags: "journald"
--- a/tasks/lldpd.yaml
+++ b/tasks/lldpd.yaml
@ -8,5 +8,4 @@
    cache_valid_time: "3600"
  when: 'ansible_os_family == "Debian"'
  notify: "restart lldpd"
-  tags:
-    - "lldp"
+  tags: "lldp"
--- a/tasks/locale.yaml
+++ b/tasks/locale.yaml
@ -5,5 +5,4 @@
  community.general.locale_gen:
    name: "en_US.UTF-8"
    state: "present"
-  tags:
-    - "locale"
+  tags: "locale"
--- a/tasks/lxd.yaml
+++ b/tasks/lxd.yaml
@ -7,5 +7,4 @@
    state: "absent"
    purge: true
  when: 'ansible_os_family == "Debian"'
-  tags:
-    - "lxd"
+  tags: "lxd"
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -10,42 +10,28 @@
  ansible.builtin.import_tasks: "hostname.yaml"
  tags: "hostname"

-# flush handler
- name: "flush handlers"
-  ansible.builtin.meta: "flush_handlers"
-
 # set locale
 - name: "set locale"
  ansible.builtin.import_tasks: "locale.yaml"
  tags: "locale"

-# flush handler
- name: "flush handlers"
-  ansible.builtin.meta: "flush_handlers"
-
 # environment
 - name: "environment"
  ansible.builtin.import_tasks: "environment.yaml"
  tags: "environment-file"

-# flush handler
- name: "flush handlers"
-  ansible.builtin.meta: "flush_handlers"
-
 # motd
 - name: "motd"
  ansible.builtin.import_tasks: "motd.yaml"
+  when: "ansible_os_family == 'Debian'"
  tags: "motd"

 # cron jobs
 - name: "cron jobs"
  ansible.builtin.import_tasks: "cron.yaml"
+  when: "ansible_os_family == 'Debian'"
  tags: "cron"

-# flush handler
- name: "flush handlers"
-  ansible.builtin.meta: "flush_handlers"
-
 # swap
 - name: "swap"
  ansible.builtin.import_tasks: "swap.yaml"
@ -55,6 +41,7 @@
 # apt
 - name: "apt"
  ansible.builtin.import_tasks: "apt/sources.yaml"
+  when: "ansible_os_family == 'Debian'"
  tags: "apt"

 # flush handler
@ -63,14 +50,17 @@

 - name: "apt - packages"
  ansible.builtin.import_tasks: "apt/packages.yaml"
+  when: "ansible_os_family == 'Debian'"
  tags: "apt"

 - name: "apt - config"
  ansible.builtin.import_tasks: "apt/config.yaml"
+  when: "ansible_os_family == 'Debian'"
  tags: "apt"

 - name: "apt - cleanup"
  ansible.builtin.import_tasks: "apt/cleanup.yaml"
+  when: "ansible_os_family == 'Debian'"
  tags: "apt-cleanup"

 # telemetry
@ -189,9 +179,6 @@
 # user
 - name: "user - create users"
  ansible.builtin.include_tasks: "user.yaml"
-  loop: "{{ user }}"
-  loop_control:
-    loop_var: "__user"
  tags: "usermanagement"

 # firewall
--- a/tasks/motd.yaml
+++ b/tasks/motd.yaml
@ -1,7 +1,7 @@
 ---

 - name: "manage motd"
-  tags: ["motd"]
+  tags: "motd"
  block:

    # find old motd files
--- a/tasks/ntp.yaml
+++ b/tasks/ntp.yaml
@ -1,7 +1,7 @@
 ---

 - name: "manage ntp"
-  tags: ["ntp"]
+  tags: "ntp"
  block:

    # install chrony
--- a/tasks/snap/snap_daemon.yaml
+++ b/tasks/snap/snap_daemon.yaml
@ -2,7 +2,7 @@

 # manage snapd
 - name: "manage snapd"
-  tags: ["snap"]
+  tags: "snap"
  block:
    # set defaults
    - name: "set facts"
--- a/tasks/snap/snap_package.yaml
+++ b/tasks/snap/snap_package.yaml
@ -9,5 +9,4 @@
  loop: "{{ snap_package }}"
  loop_control:
    loop_var: "__snap_package"
-  tags:
-    - "snap"
+  tags: "snap"
--- a/tasks/sshd.yaml
+++ b/tasks/sshd.yaml
@ -9,5 +9,4 @@
    group: "root"
    mode: "0644"
  notify: "restart ssh"
-  tags:
-    - "sshd"
+  tags: "sshd"
--- a/tasks/swap.yaml
+++ b/tasks/swap.yaml
@ -2,7 +2,7 @@

 # manage swap
 - name: "manage swap"
-  tags: ["swap"]
+  tags: "swap"
  block:

    # enable or disable swap
--- a/tasks/sysctl.yaml
+++ b/tasks/sysctl.yaml
@ -6,5 +6,4 @@
    name: "{{ __sysctl['name'] }}"
    value: "{{ __sysctl['value'] }}"
    sysctl_set: "yes"
-  tags:
-    - "sysctl"
+  tags: "sysctl"
--- a/tasks/syslog/config.yaml
+++ b/tasks/syslog/config.yaml
@ -2,7 +2,7 @@

 # manage syslog
 - name: "manage syslog"
-  tags: ["syslog"]
+  tags: "syslog"
  block:

    # configure rsyslogd - debian
--- a/tasks/syslog/install.yaml
+++ b/tasks/syslog/install.yaml
@ -7,5 +7,4 @@
    state: "present"
    cache_valid_time: "3600"
  when: 'ansible_os_family == "Debian"'
-  tags:
-    - "syslog"
+  tags: "syslog"
--- a/tasks/systemctl.yaml
+++ b/tasks/systemctl.yaml
@ -10,5 +10,4 @@
    mode: "0644"
  when: 'ansible_os_family == "Debian"'
  notify: "daemon-reload fstrim.timer"
-  tags:
-    - "systemctl"
+  tags: "systemctl"
--- a/tasks/telemetry.yaml
+++ b/tasks/telemetry.yaml
@ -6,5 +6,4 @@
    path: "/etc/cron.daily/popularity-contest"
    state: "absent"
  when: 'ansible_distribution == "Ubuntu"'
-  tags:
-    - "telemetry"
+  tags: "telemetry"
--- a/tasks/timezone.yaml
+++ b/tasks/timezone.yaml
@ -4,5 +4,4 @@
 - name: "timezone - set {{ timezone }}"
  community.general.timezone:
    name: "{{ timezone }}"
-  tags:
-    - "timezone"
+  tags: "timezone"
--- a/tasks/user.yaml
+++ b/tasks/user.yaml
@ -2,7 +2,11 @@

 # manage users
 - name: "manage users"
-  tags: ["usermanagement"]
+  tags: "usermanagement"
+  loop: "{{ user }}"
+  loop_control:
+    loop_var: "__user"
+
  block:

    # manage facts
@ -13,7 +17,7 @@
        sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
        user_state: "{{ __user['state'] | default('present') }}"

-    # create users
+    # create user with password
    - name: "user - create users with password - {{ __user['username'] }}"
      ansible.builtin.user:
        name: "{{ __user['username'] }}"
@ -25,12 +29,13 @@
        - "__user['password'] is defined"
        - "user_state == 'present'"

-    - name: "user - create users withouth password - {{ __user['username'] }}"
+    # create user without password
+    - name: "user - create users without password - {{ __user['username'] }}"
      ansible.builtin.user:
        name: "{{ __user['username'] }}"
        comment: "{{ __user['name'] }}"
        shell: "{{ __user['shell'] | default('/bin/bash') }}"
-        state: "state"
+        state: "{{ user_state }}"
      when:
        - "__user['password'] is not defined"
        - "user_state == 'present'"
@ -42,8 +47,7 @@
        key: "{{ __user['publickey'] }}"
        state: "present"
        manage_dir: "true"
-      when:
-        - "__user['publickey'] is defined"
+      when: "__user['publickey'] is defined"

    # delete users
    - name: "user - delete users - {{ __user['username'] }}"
@ -61,12 +65,10 @@
        owner: "root"
        group: "root"
        mode: "0644"
-      when:
-        - "sudo_file"
+      when: "sudo_file"

    - name: "user - delete sudoers file - {{ __user['username'] }}"
      ansible.builtin.file:
        state: "absent"
        path: "/etc/sudoers.d/{{ __user['username'] }}"
-      when:
-        - "not sudo_file"
+      when: "not sudo_file"