Migrate all with_* loops to new loop directive
This commit is contained in:
parent
2b8ff2184c
commit
69a12e0696
35 changed files with 76 additions and 114 deletions
|
@ -5,7 +5,7 @@
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
cache_valid_time: 21600
|
cache_valid_time: 21600
|
||||||
with_items:
|
loop:
|
||||||
- build-essential
|
- build-essential
|
||||||
- ecdsautils
|
- ecdsautils
|
||||||
- gawk
|
- gawk
|
||||||
|
|
3
roles/git-repos/defaults/main.yml
Normal file
3
roles/git-repos/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
git_packages:
|
||||||
|
- "git"
|
|
@ -1,10 +1,8 @@
|
||||||
---
|
---
|
||||||
- name: install git packages
|
- name: install git packages
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ git_packages }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
|
||||||
- git
|
|
||||||
|
|
||||||
- name: ensure git directory is present
|
- name: ensure git directory is present
|
||||||
file:
|
file:
|
||||||
|
@ -20,5 +18,5 @@
|
||||||
dest: "/home/admin/clones/{{ item.key }}"
|
dest: "/home/admin/clones/{{ item.key }}"
|
||||||
version: "{{ item.value.version }}"
|
version: "{{ item.value.version }}"
|
||||||
force: "{{ item.value.force }}"
|
force: "{{ item.value.force }}"
|
||||||
with_dict: "{{ common_repos }}"
|
loop: "{{ common_repos | dict2items }}"
|
||||||
become: false
|
become: false
|
||||||
|
|
5
roles/kmod-batman/defaults/main.yml
Normal file
5
roles/kmod-batman/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
batman_packages:
|
||||||
|
- "linux-headers-amd64"
|
||||||
|
- "batman-adv-dkms"
|
||||||
|
- "batctl"
|
|
@ -1,12 +1,8 @@
|
||||||
---
|
---
|
||||||
- name: install batman-module and linux headers
|
- name: install batman-module and linux headers
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ batman_packages }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
|
||||||
- linux-headers-amd64
|
|
||||||
- batman-adv-dkms
|
|
||||||
- batctl
|
|
||||||
|
|
||||||
- name: configure batman module to load on system boot
|
- name: configure batman module to load on system boot
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -4,14 +4,14 @@
|
||||||
src: dummy.j2
|
src: dummy.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.id }}0"
|
dest: "/etc/network/interfaces.d/{{ item.id }}0"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_items: "{{ meshes }}"
|
loop: "{{ meshes }}"
|
||||||
|
|
||||||
- name: create batman interfaces
|
- name: create batman interfaces
|
||||||
template:
|
template:
|
||||||
src: batman.j2
|
src: batman.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.id }}bat"
|
dest: "/etc/network/interfaces.d/{{ item.id }}bat"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_items: "{{ meshes }}"
|
loop: "{{ meshes }}"
|
||||||
|
|
||||||
- name: flush handlers
|
- name: flush handlers
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
|
|
@ -5,18 +5,14 @@
|
||||||
src: fastd-mesh.j2
|
src: fastd-mesh.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
dest: "/etc/network/interfaces.d/{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
|
|
||||||
- name: create fastd backbone interfaces
|
- name: create fastd backbone interfaces
|
||||||
template:
|
template:
|
||||||
src: fastd-backbone.j2
|
src: fastd-backbone.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
dest: "/etc/network/interfaces.d/{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.backbone.instances
|
|
||||||
|
|
||||||
- name: flush handlers
|
- name: flush handlers
|
||||||
meta: flush_handlers
|
meta: flush_handlers
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
src: ffrl.j2
|
src: ffrl.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.key }}"
|
dest: "/etc/network/interfaces.d/{{ item.key }}"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_dict: "{{ ffrl_exit_server }}"
|
loop: "{{ ffrl_exit_server | dict2items }}"
|
||||||
|
|
||||||
- name: create ffrl-nat dummy interface
|
- name: create ffrl-nat dummy interface
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- iptables
|
- iptables
|
||||||
- iptables-persistent
|
- iptables-persistent
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
modprobe:
|
modprobe:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- nf_conntrack
|
- nf_conntrack
|
||||||
- nf_conntrack_ipv4
|
- nf_conntrack_ipv4
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ sysctl_settings_netfilter }}"
|
loop: "{{ sysctl_settings_netfilter }}"
|
||||||
|
|
||||||
- name: write iptables configuration
|
- name: write iptables configuration
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -4,13 +4,13 @@
|
||||||
src: bridge.j2
|
src: bridge.j2
|
||||||
dest: "/etc/network/interfaces.d/{{ item.id }}br"
|
dest: "/etc/network/interfaces.d/{{ item.id }}br"
|
||||||
notify: reload network interfaces
|
notify: reload network interfaces
|
||||||
with_items: "{{ meshes }}"
|
loop: "{{ meshes }}"
|
||||||
|
|
||||||
- name: set sysfs variables
|
- name: set sysfs variables
|
||||||
template:
|
template:
|
||||||
src: sysfs.j2
|
src: sysfs.j2
|
||||||
dest: "/etc/sysfs.d/99-{{ item.id }}br.conf"
|
dest: "/etc/sysfs.d/99-{{ item.id }}br.conf"
|
||||||
with_items: "{{ meshes }}"
|
loop: "{{ meshes }}"
|
||||||
notify: activate sysfs variables
|
notify: activate sysfs variables
|
||||||
|
|
||||||
- name: flush handlers
|
- name: flush handlers
|
||||||
|
|
|
@ -5,4 +5,4 @@
|
||||||
regexp: '^{{ item.value }}'
|
regexp: '^{{ item.value }}'
|
||||||
line: "{{ item.value }}{{ '\t' }}{{ item.key }}"
|
line: "{{ item.value }}{{ '\t' }}{{ item.key }}"
|
||||||
state: present
|
state: present
|
||||||
with_dict: "{{ routing_tables }}"
|
loop: "{{ routing_tables | dict2items }}"
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0750
|
mode: 0750
|
||||||
with_items:
|
loop:
|
||||||
- ffmwu-add-static-routes.sh
|
- ffmwu-add-static-routes.sh
|
||||||
- ffmwu-del-static-routes.sh
|
- ffmwu-del-static-routes.sh
|
||||||
notify: restart systemd unit ffmwu-static-routes
|
notify: restart systemd unit ffmwu-static-routes
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0750
|
mode: 0750
|
||||||
with_items:
|
loop:
|
||||||
- ffmwu-add-ip-rules.sh
|
- ffmwu-add-ip-rules.sh
|
||||||
- ffmwu-del-ip-rules.sh
|
- ffmwu-del-ip-rules.sh
|
||||||
notify: restart systemd unit ffmwu-ip-rules
|
notify: restart systemd unit ffmwu-ip-rules
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ sysctl_settings_routing_basic }}"
|
loop: "{{ sysctl_settings_routing_basic }}"
|
||||||
|
|
||||||
- name: set gateway sysctl settings for routing
|
- name: set gateway sysctl settings for routing
|
||||||
when: ffmwu_server_type == "gateway"
|
when: ffmwu_server_type == "gateway"
|
||||||
|
@ -66,4 +66,4 @@
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ sysctl_settings_routing_gateway }}"
|
loop: "{{ sysctl_settings_routing_gateway }}"
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- dirmngr
|
- dirmngr
|
||||||
- apt-transport-https
|
- apt-transport-https
|
||||||
|
|
||||||
|
@ -19,4 +19,4 @@
|
||||||
repo: "{{ item.repo }}"
|
repo: "{{ item.repo }}"
|
||||||
update_cache: "{{ item.update_cache }}"
|
update_cache: "{{ item.update_cache }}"
|
||||||
filename: "{{ item.name }}"
|
filename: "{{ item.name }}"
|
||||||
with_items: "{{ repos }}"
|
loop: "{{ repos }}"
|
||||||
|
|
|
@ -18,9 +18,8 @@
|
||||||
|
|
||||||
- name: ensure common packages are installed
|
- name: ensure common packages are installed
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ packages }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ packages }}"
|
|
||||||
|
|
||||||
- name: ensure vim is default editor
|
- name: ensure vim is default editor
|
||||||
alternatives:
|
alternatives:
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- bind9
|
- bind9
|
||||||
- bind9-doc
|
- bind9-doc
|
||||||
- bind9utils
|
- bind9utils
|
||||||
|
@ -43,7 +43,7 @@
|
||||||
group: bind
|
group: bind
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: restart bind9
|
notify: restart bind9
|
||||||
with_items: "{{ meshes }}"
|
loop: "{{ meshes }}"
|
||||||
|
|
||||||
- name: write initial icvpn bind config
|
- name: write initial icvpn bind config
|
||||||
shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkdns -f bind -x mwu -x bingen -s /home/admin/clones/icvpn-meta > /etc/bind/named.conf.icvpn
|
shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkdns -f bind -x mwu -x bingen -s /home/admin/clones/icvpn-meta > /etc/bind/named.conf.icvpn
|
||||||
|
|
|
@ -52,7 +52,7 @@
|
||||||
owner: admin
|
owner: admin
|
||||||
group: bird
|
group: bird
|
||||||
notify: reload systemd unit bird
|
notify: reload systemd unit bird
|
||||||
with_items:
|
loop:
|
||||||
- /etc/bird/icvpn_ipv4_peers.conf
|
- /etc/bird/icvpn_ipv4_peers.conf
|
||||||
- /etc/bird/icvpn_ipv4_roa.conf
|
- /etc/bird/icvpn_ipv4_roa.conf
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@
|
||||||
owner: admin
|
owner: admin
|
||||||
group: bird
|
group: bird
|
||||||
notify: reload systemd unit bird6
|
notify: reload systemd unit bird6
|
||||||
with_items:
|
loop:
|
||||||
- /etc/bird/icvpn_ipv6_peers.conf
|
- /etc/bird/icvpn_ipv6_peers.conf
|
||||||
- /etc/bird/icvpn_ipv6_roa.conf
|
- /etc/bird/icvpn_ipv6_roa.conf
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- bird-bgp
|
- bird-bgp
|
||||||
- bird-doc
|
- bird-doc
|
||||||
|
|
||||||
|
@ -54,6 +54,6 @@
|
||||||
name: bird{{ item }}
|
name: bird{{ item }}
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
with_items:
|
loop:
|
||||||
- ""
|
- ""
|
||||||
- 6
|
- 6
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
---
|
---
|
||||||
- name: install dhcp packages
|
- name: install dhcp packages
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ kea_packages }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ kea_packages }}"
|
|
||||||
|
|
||||||
- name: create systemd override dir for kea-dhcp4-server.service
|
- name: create systemd override dir for kea-dhcp4-server.service
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -3,6 +3,4 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.backbone.instances
|
|
||||||
|
|
|
@ -4,9 +4,7 @@
|
||||||
path: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
path: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.backbone.instances
|
|
||||||
|
|
||||||
- name: create fastd peer backbone directories
|
- name: create fastd peer backbone directories
|
||||||
file:
|
file:
|
||||||
|
@ -15,9 +13,7 @@
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.backbone.instances
|
|
||||||
|
|
||||||
- name: clone fastd peer backbone repos
|
- name: clone fastd peer backbone repos
|
||||||
git:
|
git:
|
||||||
|
@ -25,9 +21,7 @@
|
||||||
dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/peers"
|
dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/peers"
|
||||||
version: "{{ item.1.peers.version }}"
|
version: "{{ item.1.peers.version }}"
|
||||||
update: yes
|
update: yes
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.backbone.instances
|
|
||||||
become: false
|
become: false
|
||||||
|
|
||||||
- name: template fastd backbone config
|
- name: template fastd backbone config
|
||||||
|
@ -35,24 +29,18 @@
|
||||||
src: fastd-backbone.conf.j2
|
src: fastd-backbone.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/fastd.conf"
|
dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/fastd.conf"
|
||||||
notify: restart fastd backbone instances
|
notify: restart fastd backbone instances
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.backbone.instances
|
|
||||||
|
|
||||||
- name: write fastd backbone secret
|
- name: write fastd backbone secret
|
||||||
template:
|
template:
|
||||||
src: fastd-secret.conf.j2
|
src: fastd-secret.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/secret.conf"
|
dest: "/etc/fastd/{{ item.0.id }}igvpn-{{ item.1.mtu }}/secret.conf"
|
||||||
notify: restart fastd backbone instances
|
notify: restart fastd backbone instances
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.backbone.instances
|
|
||||||
|
|
||||||
- name: configure systemd unit fastd@
|
- name: configure systemd unit fastd@
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
name: "fastd@{{ item.0.id }}igvpn-{{ item.1.mtu }}"
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.backbone.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.backbone.instances
|
|
||||||
|
|
|
@ -7,6 +7,4 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
|
|
|
@ -4,9 +4,7 @@
|
||||||
path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
path: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
|
|
||||||
- name: create fastd peer mesh directories
|
- name: create fastd peer mesh directories
|
||||||
file:
|
file:
|
||||||
|
@ -15,9 +13,7 @@
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
|
|
||||||
- name: create fastd peer mesh directories for ffbin
|
- name: create fastd peer mesh directories for ffbin
|
||||||
file:
|
file:
|
||||||
|
@ -26,7 +22,7 @@
|
||||||
mode: 0755
|
mode: 0755
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
with_items:
|
loop:
|
||||||
- 1406
|
- 1406
|
||||||
- 1312
|
- 1312
|
||||||
|
|
||||||
|
@ -36,9 +32,7 @@
|
||||||
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
|
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/peers"
|
||||||
version: "{{ item.1.peers.version }}"
|
version: "{{ item.1.peers.version }}"
|
||||||
update: no
|
update: no
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
become: false
|
become: false
|
||||||
|
|
||||||
- name: clone fastd peer mesh repo for ffbin
|
- name: clone fastd peer mesh repo for ffbin
|
||||||
|
@ -47,7 +41,7 @@
|
||||||
dest: "/etc/fastd/mzvpn-{{ item }}/peers_bingen"
|
dest: "/etc/fastd/mzvpn-{{ item }}/peers_bingen"
|
||||||
version: master
|
version: master
|
||||||
update: no
|
update: no
|
||||||
with_items:
|
loop:
|
||||||
- 1406
|
- 1406
|
||||||
- 1312
|
- 1312
|
||||||
become: false
|
become: false
|
||||||
|
@ -57,18 +51,14 @@
|
||||||
src: fastd-mesh.conf.j2
|
src: fastd-mesh.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/fastd.conf"
|
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/fastd.conf"
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
|
|
||||||
- name: write fastd mesh secret
|
- name: write fastd mesh secret
|
||||||
template:
|
template:
|
||||||
src: fastd-secret.conf.j2
|
src: fastd-secret.conf.j2
|
||||||
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/secret.conf"
|
dest: "/etc/fastd/{{ item.0.id }}vpn-{{ item.1.mtu }}/secret.conf"
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
|
|
||||||
- name: copy peer_limit.conf if not exist
|
- name: copy peer_limit.conf if not exist
|
||||||
copy:
|
copy:
|
||||||
|
@ -79,9 +69,7 @@
|
||||||
mode: 0640
|
mode: 0640
|
||||||
force: no
|
force: no
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
|
|
||||||
- name: set file attributes for peer_limit.conf
|
- name: set file attributes for peer_limit.conf
|
||||||
file:
|
file:
|
||||||
|
@ -90,9 +78,7 @@
|
||||||
owner: admin
|
owner: admin
|
||||||
group: admin
|
group: admin
|
||||||
notify: restart fastd mesh instances
|
notify: restart fastd mesh instances
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
|
|
||||||
- name: write systemd unit fastd-sync-meshkeys.service
|
- name: write systemd unit fastd-sync-meshkeys.service
|
||||||
template:
|
template:
|
||||||
|
@ -151,7 +137,7 @@
|
||||||
name: "{{ item }}.timer"
|
name: "{{ item }}.timer"
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
with_items:
|
loop:
|
||||||
- fastd-sync-meshkeys
|
- fastd-sync-meshkeys
|
||||||
- fastd-peer-limit-update
|
- fastd-peer-limit-update
|
||||||
|
|
||||||
|
@ -160,6 +146,4 @@
|
||||||
name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
name: "fastd@{{ item.0.id }}vpn-{{ item.1.mtu }}"
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
with_subelements:
|
loop: "{{ meshes | subelements('fastd.nodes.instances') }}"
|
||||||
- "{{ meshes }}"
|
|
||||||
- fastd.nodes.instances
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- fastd
|
- fastd
|
||||||
- git
|
- git
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
repo: "{{ item }}"
|
repo: "{{ item }}"
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
filename: nginx
|
filename: nginx
|
||||||
with_items:
|
loop:
|
||||||
- deb http://nginx.org/packages/debian/ stretch nginx
|
- deb http://nginx.org/packages/debian/ stretch nginx
|
||||||
- deb-src http://nginx.org/packages/debian/ stretch nginx
|
- deb-src http://nginx.org/packages/debian/ stretch nginx
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- ntp
|
- ntp
|
||||||
- ntp-doc
|
- ntp-doc
|
||||||
- ntpdate
|
- ntpdate
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
---
|
---
|
||||||
- name: install postfix packages
|
- name: install postfix packages
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ nullmailer_packages }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ nullmailer_packages }}"
|
|
||||||
|
|
||||||
- name: write /etc/mailname
|
- name: write /etc/mailname
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
src: "{{ alertmanager_daemon_dir }}/{{ item }}"
|
src: "{{ alertmanager_daemon_dir }}/{{ item }}"
|
||||||
dest: "/usr/local/bin/{{ item }}"
|
dest: "/usr/local/bin/{{ item }}"
|
||||||
state: link
|
state: link
|
||||||
with_items:
|
loop:
|
||||||
- "alertmanager"
|
- "alertmanager"
|
||||||
- "amtool"
|
- "amtool"
|
||||||
|
|
||||||
|
@ -40,8 +40,7 @@
|
||||||
owner: "{{ prometheus_user }}"
|
owner: "{{ prometheus_user }}"
|
||||||
group: "{{ prometheus_group }}"
|
group: "{{ prometheus_group }}"
|
||||||
mode: "u=rwx,g=rx,o="
|
mode: "u=rwx,g=rx,o="
|
||||||
with_items:
|
loop: "{{ alertmanager_db_path }}"
|
||||||
- "{{ alertmanager_db_path }}"
|
|
||||||
|
|
||||||
- name: copy alertmanager systemd config
|
- name: copy alertmanager systemd config
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
owner: "{{ prometheus_user }}"
|
owner: "{{ prometheus_user }}"
|
||||||
group: "{{ prometheus_group }}"
|
group: "{{ prometheus_group }}"
|
||||||
mode: "u=rwx,g=rx,o="
|
mode: "u=rwx,g=rx,o="
|
||||||
with_items:
|
loop:
|
||||||
- "{{ prometheus_install_path }}"
|
- "{{ prometheus_install_path }}"
|
||||||
- "{{ prometheus_config_path }}"
|
- "{{ prometheus_config_path }}"
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
src: "{{ prometheus_daemon_dir }}/{{ item }}"
|
src: "{{ prometheus_daemon_dir }}/{{ item }}"
|
||||||
dest: "/usr/local/bin/{{ item }}"
|
dest: "/usr/local/bin/{{ item }}"
|
||||||
state: link
|
state: link
|
||||||
with_items:
|
loop:
|
||||||
- "prometheus"
|
- "prometheus"
|
||||||
- "promtool"
|
- "promtool"
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@
|
||||||
owner: "{{ prometheus_user }}"
|
owner: "{{ prometheus_user }}"
|
||||||
group: "{{ prometheus_group }}"
|
group: "{{ prometheus_group }}"
|
||||||
mode: "u=rwx,g=rx,o="
|
mode: "u=rwx,g=rx,o="
|
||||||
with_items:
|
loop:
|
||||||
- "{{ prometheus_rule_path }}"
|
- "{{ prometheus_rule_path }}"
|
||||||
- "{{ prometheus_file_sd_config_path }}"
|
- "{{ prometheus_file_sd_config_path }}"
|
||||||
- "{{ prometheus_db_path }}"
|
- "{{ prometheus_db_path }}"
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
src: "{{ playbook_dir }}/{{ item.value.src }}"
|
src: "{{ playbook_dir }}/{{ item.value.src }}"
|
||||||
dest: "{{ prometheus_rule_path }}/{{ item.value.dest }}"
|
dest: "{{ prometheus_rule_path }}/{{ item.value.dest }}"
|
||||||
validate: "{{ prometheus_daemon_dir }}/promtool check rules %s"
|
validate: "{{ prometheus_daemon_dir }}/promtool check rules %s"
|
||||||
with_dict: '{{ prometheus_rule_files | default({}) }}'
|
loop: '{{ prometheus_rule_files | dict2items | default({}) }}'
|
||||||
notify:
|
notify:
|
||||||
- restart prometheus
|
- restart prometheus
|
||||||
|
|
||||||
|
|
|
@ -7,4 +7,4 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: "respondd-{{ item.id }}"
|
name: "respondd-{{ item.id }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
with_items: "{{ meshes }}"
|
loop: "{{ meshes }}"
|
||||||
|
|
|
@ -29,11 +29,11 @@
|
||||||
notify:
|
notify:
|
||||||
- reload systemd
|
- reload systemd
|
||||||
- restart respondd
|
- restart respondd
|
||||||
with_items: "{{ meshes }}"
|
loop: "{{ meshes }}"
|
||||||
|
|
||||||
- name: configure systemd unit files
|
- name: configure systemd unit files
|
||||||
systemd:
|
systemd:
|
||||||
name: "respondd-{{ item.id }}"
|
name: "respondd-{{ item.id }}"
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
with_items: "{{ meshes }}"
|
loop: "{{ meshes }}"
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- tinc
|
- tinc
|
||||||
|
|
||||||
- name: clone icvpn repo
|
- name: clone icvpn repo
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
package:
|
package:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
loop:
|
||||||
- vnstat
|
- vnstat
|
||||||
- vnstati
|
- vnstati
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
state: present
|
state: present
|
||||||
with_items: "{{ sysctl_settings }}"
|
loop: "{{ sysctl_settings }}"
|
||||||
|
|
||||||
- name: create systemd override dir for systemd-sysctl.service
|
- name: create systemd override dir for systemd-sysctl.service
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
shell: "{{ item.shell }}"
|
shell: "{{ item.shell }}"
|
||||||
home: "{{ item.home }}"
|
home: "{{ item.home }}"
|
||||||
state: "{{ item.state }}"
|
state: "{{ item.state }}"
|
||||||
with_items: "{{ system_users }}"
|
loop: "{{ system_users }}"
|
||||||
|
|
||||||
- name: ensure ssh config directory is present
|
- name: ensure ssh config directory is present
|
||||||
file:
|
file:
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
owner: "{{ item.name }}"
|
owner: "{{ item.name }}"
|
||||||
group: "{{ item.name }}"
|
group: "{{ item.name }}"
|
||||||
mode: '0700'
|
mode: '0700'
|
||||||
with_items: "{{ system_users }}"
|
loop: "{{ system_users }}"
|
||||||
|
|
||||||
- name: configure ssh public keys
|
- name: configure ssh public keys
|
||||||
template:
|
template:
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
owner: "{{ item.name }}"
|
owner: "{{ item.name }}"
|
||||||
group: "{{ item.name }}"
|
group: "{{ item.name }}"
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
with_items: "{{ system_users }}"
|
loop: "{{ system_users }}"
|
||||||
|
|
||||||
- name: configure passwordless sudo access
|
- name: configure passwordless sudo access
|
||||||
template:
|
template:
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
group: root
|
group: root
|
||||||
mode: '0440'
|
mode: '0440'
|
||||||
validate: "/usr/sbin/visudo -cf %s"
|
validate: "/usr/sbin/visudo -cf %s"
|
||||||
with_items: "{{ system_users }}"
|
loop: "{{ system_users }}"
|
||||||
|
|
||||||
- name: remove admin lines from /etc/sudoers
|
- name: remove admin lines from /etc/sudoers
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
Loading…
Reference in a new issue