diff --git a/README.kerberox b/README.kerberox
index 9362321..1e969af 100644
--- a/README.kerberox
+++ b/README.kerberox
@@ -5,7 +5,7 @@
sudo cat /root/kadmin.pwd
## Then:
- cd /home/ansible/debian-lan/
+ cd /home/ansible/debian-lan/
ansible-playbook --ask-become-pass kerberox-client.yml
-## Enter the 'BECOME' password and the kadmin password obtained above.
+## Enter the 'BECOME' password and the kadmin password obtained above.
diff --git a/cloudbox.yml b/cloudbox.yml
index 81634fd..0a78efc 100644
--- a/cloudbox.yml
+++ b/cloudbox.yml
@@ -4,12 +4,12 @@
- name: apply configuration to the cloudbox
hosts: cloudboxes
remote_user: ansible
- become: Yes
+ become: true
vars:
if_lan: "enp1s0"
ipaddr: "192.168.2.50/24"
gateway: "192.168.2.1"
- DNS: "192.168.2.1"
+ dns: "192.168.2.1"
ddns_domain: "something.ddnss.de"
ddns_updkey: "138638.some.key.here.635620"
## 'nc_download' and 'nc_checksum' are only
@@ -32,17 +32,16 @@
# - low-power
- nextcloud
- nextcloud-upgrade
- - backup
+# - backup
-
-## Hosts in the the 'only_nextcloud'-group are only upgraded:
+## Hosts in the the 'only_nextcloud'-group are only upgraded:
- name: upgrade nextcloud only
hosts: only_nextcloud
remote_user: ansible
- become: Yes
+ become: true
vars:
- nc_dir: "/var/www/nextcloud"
+ nc_dir: "/var/www/nextcloud"
nc_apps:
- calendar
- notes
@@ -51,4 +50,3 @@
roles:
- up2date-debian
- nextcloud-upgrade
-
diff --git a/edubox.yml b/edubox.yml
index 8376eef..06ca4fe 100644
--- a/edubox.yml
+++ b/edubox.yml
@@ -23,7 +23,7 @@
- name: apply configuration to the edubox
hosts: all # eduboxes
remote_user: ansible
- become: yes
+ become: true
vars:
contname: cont
## User name for the user in the container:
@@ -52,19 +52,19 @@
- name: install apt-cacher-ng
apt:
name: apt-cacher-ng
- state: latest
+ state: latest # noqa package-latest
- name: enable apt-cacher-ng
lineinfile:
path: /etc/apt/apt.conf.d/30proxy
line: 'Acquire::http::Proxy "http://localhost:3142/";'
- create: yes
+ create: true
- name: enable and start systemd-networkd on the host
systemd:
name: systemd-networkd
state: started
- enabled: yes
+ enabled: true
roles:
- up2date-debian
diff --git a/host_vars/blackbox.yml b/host_vars/blackbox.yml
index 7e2e4aa..a1f3799 100644
--- a/host_vars/blackbox.yml
+++ b/host_vars/blackbox.yml
@@ -1,4 +1,4 @@
-allow_download: True
+allow_download: true
backup_dirs_extra:
- /home
backup_opts_extra: ""
diff --git a/host_vars/bluebox.yml b/host_vars/bluebox.yml
index 3fff54c..dacab7d 100644
--- a/host_vars/bluebox.yml
+++ b/host_vars/bluebox.yml
@@ -1 +1 @@
-allow_download: True
+allow_download: true
diff --git a/installbox.yml b/installbox.yml
index 6e1c4c6..81ddb59 100644
--- a/installbox.yml
+++ b/installbox.yml
@@ -6,7 +6,7 @@
- name: apply configuration to the installbox
hosts: all
remote_user: ansible
- become: yes
+ become: true
vars:
## This interface provides the default route:
diff --git a/kerberox-client.yml b/kerberox-client.yml
index cd7b29f..695c3a1 100644
--- a/kerberox-client.yml
+++ b/kerberox-client.yml
@@ -4,7 +4,7 @@
- name: apply configuration to the machines
hosts: all
remote_user: ansible
- become: yes
+ become: true
vars:
extra_pkgs:
- webext-privacy-badger
@@ -16,12 +16,12 @@
vars_prompt:
- name: "kadmin_pwd"
prompt: "Provide kadmin password to fetch kerberos keytab.\nLeave empty if done already"
- private: yes
+ private: true
roles:
- up2date-debian
- lan-client
- kerberize
## Choose either gnome or KDE:
- #- gnome
- #- kde
+ # - gnome
+ # - kde
diff --git a/kerberox.yml b/kerberox.yml
index edb56d3..976db14 100644
--- a/kerberox.yml
+++ b/kerberox.yml
@@ -5,7 +5,7 @@
- name: apply configuration to the kerberox server
hosts: all
remote_user: ansible
- become: yes
+ become: true
vars:
## This interface provides the default route:
@@ -34,7 +34,7 @@
In case you would like to prepare a test user 'foo' and have
not done so yet, provide foo's password here. Leave empty to
just continue
- private: yes
+ private: true
pre_tasks:
@@ -50,7 +50,9 @@
- netboot-installer
- dnsmasq
- apt-cacher
- - { role: krb5-kdc-ldap, when: not run_in_installer|default(false)|bool }
- - { role: nfs-server, when: not run_in_installer|default(false)|bool }
+ - role: krb5-kdc-ldap
+ when: not run_in_installer|default(false)|bool
+ - role: nfs-server
+ when: not run_in_installer|default(false)|bool
- prepare4clients
- kerberize
diff --git a/kiosk.yml b/kiosk.yml
index b68bbb7..076e42d 100644
--- a/kiosk.yml
+++ b/kiosk.yml
@@ -4,7 +4,7 @@
- name: apply configuration to the machines
hosts: all
remote_user: ansible
- become: yes
+ become: true
vars:
auto_user: debi
wifi_ssid: "YOUR SSID HERE"
@@ -18,5 +18,5 @@
- up2date-debian
## Choose either gnome or KDE:
- gnome
- #- kde
+ # - kde
- kiosk
diff --git a/minimal-krb5.yml b/minimal-krb5.yml
index ebba3a2..a7644c8 100644
--- a/minimal-krb5.yml
+++ b/minimal-krb5.yml
@@ -4,7 +4,7 @@
- name: apply a minimal configuration with kerberos LAN integration
hosts: all
remote_user: ansible
- become: yes
+ become: true
roles:
- up2date-debian
- lan-client
diff --git a/minimal.yml b/minimal.yml
index c31c0c8..921b8db 100644
--- a/minimal.yml
+++ b/minimal.yml
@@ -4,6 +4,6 @@
- name: apply a minimal configuration to the machine
hosts: all
remote_user: ansible
- become: yes
+ become: true
roles:
- up2date-debian
diff --git a/roles/apt-cacher/tasks/main.yml b/roles/apt-cacher/tasks/main.yml
index 7439eb4..01b745d 100644
--- a/roles/apt-cacher/tasks/main.yml
+++ b/roles/apt-cacher/tasks/main.yml
@@ -1,17 +1,17 @@
- name: install apt-cacher-ng package
apt:
name: apt-cacher-ng
- state: latest
+ state: latest # noqa package-latest
- name: enable apt-cacher-ng for localhost
copy:
src: apt.conf
dest: /etc/apt/apt.conf
- force: no
+ force: false
+ mode: 0644
notify: "start apt-cacher-ng"
when: not run_in_installer|default(false)|bool ## do not enable apt-cacher during installation
-
- name: check if preseeded installer is available
stat: path={{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg
register: preseedcfg
@@ -27,8 +27,8 @@
firewalld:
zone: internal
port: 3142/tcp
- permanent: yes
- immediate: yes
+ permanent: true
+ immediate: true
state: enabled
when: not run_in_installer|default(false)|bool
@@ -36,5 +36,5 @@
command: "firewall-offline-cmd --zone=internal --add-port=3142/tcp"
when: run_in_installer|default(false)|bool
-
-- meta: flush_handlers
+- name: flush handler to make apt-cacher available
+ meta: flush_handlers
diff --git a/roles/backup/handlers/main.yml b/roles/backup/handlers/main.yml
index 43950ec..3a4f8f6 100644
--- a/roles/backup/handlers/main.yml
+++ b/roles/backup/handlers/main.yml
@@ -2,5 +2,5 @@
systemd:
name: backup.timer
state: started
- enabled: True
+ enabled: true
listen: "enable backup.timer"
diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml
index 5cbd241..f263d5c 100644
--- a/roles/backup/tasks/main.yml
+++ b/roles/backup/tasks/main.yml
@@ -1,7 +1,7 @@
- name: install borg
apt:
name: borgbackup
- state: latest
+ state: latest # noqa package-latest
- name: check if borg password is available
stat: path="{{ borg_pwd_file }}"
@@ -9,7 +9,7 @@
- name: dump borg password
shell: echo -n "{{ borg_pwd }}" > "{{ borg_pwd_file }}" ; chmod 0600 "{{ borg_pwd_file }}"
- no_log: True
+ no_log: true
when: not borg.stat.exists
- name: provide backup script
@@ -22,6 +22,7 @@
copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
+ mode: 0644
with_items:
- backup.service
- backup.timer
diff --git a/roles/ddns-update/handlers/main.yml b/roles/ddns-update/handlers/main.yml
index a1700e2..1022036 100644
--- a/roles/ddns-update/handlers/main.yml
+++ b/roles/ddns-update/handlers/main.yml
@@ -2,6 +2,6 @@
systemd:
name: ddns-update.timer
state: restarted
- daemon_reload: yes
- enabled: yes
+ daemon_reload: true
+ enabled: true
listen: "enable ddns-update timer"
diff --git a/roles/ddns-update/tasks/main.yml b/roles/ddns-update/tasks/main.yml
index 54e3412..a345036 100644
--- a/roles/ddns-update/tasks/main.yml
+++ b/roles/ddns-update/tasks/main.yml
@@ -5,6 +5,7 @@
template:
src: ddns-update.conf.j2
dest: /etc/ddns-update/ddns-update.conf
+ mode: 0644
- name: install ddns-update script
copy:
@@ -16,9 +17,11 @@
copy:
src: ddns-update.service
dest: /etc/systemd/system/ddns-update.service
+ mode: 0644
- name: install ddns-update.timer
copy:
src: ddns-update.timer
dest: /etc/systemd/system/ddns-update.timer
+ mode: 0644
notify: enable ddns-update timer
diff --git a/roles/dns-dhcp-tftp/tasks/main.yml b/roles/dns-dhcp-tftp/tasks/main.yml
index 98d4b00..623741f 100644
--- a/roles/dns-dhcp-tftp/tasks/main.yml
+++ b/roles/dns-dhcp-tftp/tasks/main.yml
@@ -12,7 +12,7 @@
- isc-dhcp-server
- tftpd-hpa
- bind9
- state: latest
+ state: latest # noqa package-latest
## FIXME: preseeding seems to be ignored
- name: configure TFTP root directory
@@ -22,7 +22,7 @@
replace: 'TFTP_DIRECTORY="/var/lib/tftpboot"'
notify: restart tftpd-hpa
-- name: serve dhcp on LAN interface
+- name: serve dhcp on LAN interface
replace:
path: /etc/default/isc-dhcp-server
regexp: '^INTERFACESv4=".*"$'
@@ -33,13 +33,15 @@
template:
src: dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf
- backup: yes
+ mode: 0644
+ backup: true
notify: restart isc-dhcp-server
-- name: deploy config files for bind9
+- name: deploy config files for bind9
template:
src: "{{ item }}.j2"
dest: "/etc/bind/{{ item }}"
+ mode: 0644
loop:
- db.intern
- localzones
@@ -49,6 +51,7 @@
template:
src: db.lan.j2
dest: "/etc/bind/db.{{ ipaddr_lan_threeoct }}"
+ mode: 0644
notify: restart bind
- name: link zone files to writeable directory for DDNS
@@ -71,6 +74,7 @@
template:
src: resolv.conf.j2
dest: /etc/resolv.conf
+ mode: 0644
notify: restart isc-dhcp-server
## stop dhclient from overwriting /etc/resolv.conf:
@@ -80,7 +84,7 @@
block: |
supersede domain-search "{{ ansible_domain }}";
supersede domain-name-servers 127.0.0.1;
- insertbefore: "#send dhcp-client-identifier.*"
+ insertbefore: "#send dhcp-client-identifier.*"
notify: restart dhcp-client
- name: generate rndc key
@@ -90,11 +94,10 @@
- name: copy rndc key
copy:
- src: /etc/bind/rndc.key
+ src: /etc/bind/rndc.key
dest: /etc/dhcp/
- owner: root
+ owner: root
group: root
- mode: '0640'
- remote_src: yes
+ mode: 0640
+ remote_src: true
notify: restart isc-dhcp-server
-
diff --git a/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2 b/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2
index cca662e..9bb803c 100644
--- a/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2
+++ b/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2
@@ -56,7 +56,7 @@ subnet {{ ipaddr_lan | ipaddr("network") }} netmask {{ ipaddr_lan | ipaddr("netm
}
-# No service will be given on this subnet, but declaring it helps the
+# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index d5e7fc2..00f73a6 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -7,16 +7,18 @@
name:
- dnsmasq
- resolvconf
- state: latest
+ state: latest # noqa package-latest
- name: configure dnsmasq dhcp
template:
src: dnsmasq-dhcp.j2
dest: /etc/dnsmasq.d/dnsmasq-dhcp
+ mode: 0644
notify: "restart dnsmasq"
- name: configure dnsmasq tftp
template:
src: dnsmasq-tftp-netboot-installer.j2
dest: /etc/dnsmasq.d/tftp-netboot-installer
+ mode: 0644
notify: "restart dnsmasq"
diff --git a/roles/educontainer/handlers/main.yml b/roles/educontainer/handlers/main.yml
index 44ccc8e..70b52ec 100644
--- a/roles/educontainer/handlers/main.yml
+++ b/roles/educontainer/handlers/main.yml
@@ -2,6 +2,6 @@
systemd:
name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service
state: restarted
- enabled: yes
+ enabled: true
loop: "{{ containers }}"
listen: enable and restart containers
diff --git a/roles/educontainer/tasks/main.yml b/roles/educontainer/tasks/main.yml
index 76748af..d5dfc93 100644
--- a/roles/educontainer/tasks/main.yml
+++ b/roles/educontainer/tasks/main.yml
@@ -2,8 +2,8 @@
##
## Port mapping to the host:
##
-## container 0: ssh → host port 10000, HTTP → 10100
-## container 1: ssh → host port 10001, HTTP → 10101
+## container 0: ssh → host port 10000, HTTP → 10100
+## container 1: ssh → host port 10001, HTTP → 10101
## ... ... ...
##
## User '{{ contuser }}' in the sudo group. Password is '{{ contpwd }}'.
diff --git a/roles/educontainer/tasks/setup.yml b/roles/educontainer/tasks/setup.yml
index 3aa3b32..4296a72 100644
--- a/roles/educontainer/tasks/setup.yml
+++ b/roles/educontainer/tasks/setup.yml
@@ -5,7 +5,7 @@
name:
- systemd-container
- debootstrap
- state: latest
+ state: latest # noqa package-latest
- name: prepare machine directory
file:
@@ -23,7 +23,7 @@
args:
chdir: /var/lib/machines/
creates: /var/lib/machines/{{ contname }}00
- environment:
+ environment:
http_proxy: "{{ '' if run_in_installer|default(false) else 'http://localhost:3142' }}"
notify: enable and restart containers
@@ -31,7 +31,8 @@
copy:
src: /etc/apt/sources.list
dest: /var/lib/machines/{{ contname }}00/etc/apt/sources.list
- remote_src: yes
+ mode: 0644
+ remote_src: true
- name: configure locale
lineinfile:
@@ -57,7 +58,7 @@
- name: provide {{ contuser }} user account
command:
cmd: >
- chroot . sh -c '/usr/sbin/useradd -m -s /bin/bash
+ chroot . sh -c '/usr/sbin/useradd -m -s /bin/bash
-c "User {{ contuser }},,," -G sudo {{ contuser }}'
args:
chdir: /var/lib/machines/{{ contname }}00
@@ -89,6 +90,7 @@
file:
path: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item }}
state: directory
+ mode: 0755
loop:
- multi-user.target.wants
- sockets.target.wants
@@ -100,13 +102,17 @@
src: /lib/systemd/system/{{ item.src }}
dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }}
state: link
- follow: False
- force: yes
+ follow: false
+ force: true
loop:
- - { src: systemd-networkd.service, dest: dbus-org.freedesktop.network1.service }
- - { src: systemd-networkd.service, dest: multi-user.target.wants/systemd-networkd.service }
- - { src: systemd-networkd.socket, dest: sockets.target.wants/systemd-networkd.socket }
- - { src: systemd-networkd-wait-online.service, dest: network-online.target.wants/systemd-networkd-wait-online.service }
+ - src: systemd-networkd.service
+ dest: dbus-org.freedesktop.network1.service
+ - src: systemd-networkd.service
+ dest: multi-user.target.wants/systemd-networkd.service
+ - src: systemd-networkd.socket
+ dest: sockets.target.wants/systemd-networkd.socket
+ - src: systemd-networkd-wait-online.service
+ dest: network-online.target.wants/systemd-networkd-wait-online.service
notify: enable and restart containers
- name: enable systemd-resolved in containers
@@ -114,11 +120,13 @@
src: /lib/systemd/system/{{ item.src }}
dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }}
state: link
- follow: False
- force: yes
+ follow: false
+ force: true
loop:
- - { src: systemd-resolved.service, dest: dbus-org.freedesktop.resolve1.service }
- - { src: systemd-resolved.service, dest: multi-user.target.wants/systemd-resolved.service }
+ - src: systemd-resolved.service
+ dest: dbus-org.freedesktop.resolve1.service
+ - src: systemd-resolved.service
+ dest: multi-user.target.wants/systemd-resolved.service
notify: enable and restart containers
########
@@ -126,7 +134,8 @@
copy:
content: "# Avoid 'too many open files' error:"
dest: /etc/sysctl.d/inotify.conf
- force: no
+ mode: 0644
+ force: false
- name: fix too many open files error
sysctl:
@@ -146,11 +155,13 @@
file:
path: /etc/systemd/nspawn
state: directory
+ mode: 0755
- name: provide container configuration
template:
src: contcfg.nspawn.j2
- dest: /etc/systemd/nspawn/{{ contname}}{{ "%02d" | format(item|int) }}.nspawn
+ dest: /etc/systemd/nspawn/{{ contname }}{{ "%02d" | format(item|int) }}.nspawn
+ mode: 0644
loop: "{{ containers }}"
notify: enable and restart containers
@@ -158,6 +169,7 @@
template:
src: hostname.j2
dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hostname
+ mode: 0644
loop: "{{ containers }}"
notify: enable and restart containers
@@ -165,5 +177,6 @@
template:
src: hosts.j2
dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts
+ mode: 0644
loop: "{{ containers }}"
notify: enable and restart containers
diff --git a/roles/gnome/tasks/main.yml b/roles/gnome/tasks/main.yml
index 432229c..ab80bda 100644
--- a/roles/gnome/tasks/main.yml
+++ b/roles/gnome/tasks/main.yml
@@ -1,5 +1,5 @@
-#- name: gnome hibernate by default
-# apt: name=gnome-shell-extension-suspend-button state=latest
+# - name: gnome hibernate by default
+# apt: name=gnome-shell-extension-suspend-button state=latest # noqa package-latest
- name: gnome desktop
apt:
@@ -8,24 +8,32 @@
- cups
- ssh-askpass-gnome
- gnome-shell-extension-dashtodock
- state: latest
+ state: latest # noqa package-latest
- name: make sure /etc/dconf/profile/ exists
- file: path=/etc/dconf/profile/ state=directory recurse=yes
+ file:
+ path: /etc/dconf/profile/
+ state: directory
+ recurse: true
- name: prepare for gnome customized defaults
copy:
src: user
dest: /etc/dconf/profile/user
+ mode: 0644
notify: update dconf
- name: make sure /etc/dconf/db/local.d/ exists
- file: path=/etc/dconf/db/local.d/ state=directory recurse=yes
+ file:
+ path: /etc/dconf/db/local.d/
+ state: directory
+ recurse: true
- name: modify gnome defaults
copy:
src: defaults
dest: /etc/dconf/db/local.d/defaults
+ mode: 0644
notify: update dconf
## Bug #698504
diff --git a/roles/kde/tasks/main.yml b/roles/kde/tasks/main.yml
index 74f7e1f..5ce612c 100644
--- a/roles/kde/tasks/main.yml
+++ b/roles/kde/tasks/main.yml
@@ -4,9 +4,9 @@
- task-kde-desktop
- sddm-theme-debian-breeze
- cups
- state: latest
+ state: latest # noqa package-latest
+
-
## Bug #698504
- name: allow print job management
replace:
diff --git a/roles/kiosk/handlers/main.yml b/roles/kiosk/handlers/main.yml
index 7c9de36..cacbe56 100644
--- a/roles/kiosk/handlers/main.yml
+++ b/roles/kiosk/handlers/main.yml
@@ -5,26 +5,15 @@
- name: reload NetworkManager
when: not run_in_installer|default(false)|bool
systemd:
- daemon_reload: yes
+ daemon_reload: true
name: NetworkManager
state: reloaded
- enabled: yes
+ enabled: true
listen: reload NetworkManager
-# fails in installer with stretch, workaround below:
-#- name: enable tmp.mount
-# systemd:
-# daemon_reload: yes
-# name: tmp.mount
-# enabled: yes
-
-- name: make sure local-fs.target.wants exists
- file: path=/etc/systemd/system/local-fs.target.wants/ state=directory
- listen: enable tmp.mount
-
- name: enable tmp.mount
- file:
- src: /etc/systemd/system/tmp.mount
- dest: /etc/systemd/system/local-fs.target.wants/tmp.mount
- state: link
+ systemd:
+ daemon_reload: true
+ name: tmp.mount
+ enabled: true
listen: enable tmp.mount
diff --git a/roles/kiosk/tasks/main.yml b/roles/kiosk/tasks/main.yml
index 60ab55e..accf9b8 100644
--- a/roles/kiosk/tasks/main.yml
+++ b/roles/kiosk/tasks/main.yml
@@ -9,37 +9,40 @@
## gdm3:
- name: enable auto login in gdm3
- when: gdm3.stat.exists == true
lineinfile:
dest: /etc/gdm3/daemon.conf
insertafter: '^#\s*AutomaticLoginEnable = true'
line: 'AutomaticLoginEnable = true'
+ when: gdm3.stat.exists
- name: auto login user in gdm3
- when: gdm3.stat.exists == true
lineinfile:
dest: /etc/gdm3/daemon.conf
insertafter: '^#\s*AutomaticLogin = '
line: 'AutomaticLogin = {{ auto_user }}'
+ when: gdm3.stat.exists
## sddm/KDE:
- name: enable auto login in sddm
- when: sddm.stat.exists == true
+ when: sddm.stat.exists
template:
src: sddm.conf.j2
dest: /etc/sddm.conf
+ mode: 0644
- name: kde global defaults
- when: sddm.stat.exists == true
+ when: sddm.stat.exists
copy:
src: kde5rc
dest: /etc/kde5rc
+ mode: 0644
- name: modify kde screen lock
- when: sddm.stat.exists == true
+ when: sddm.stat.exists
copy:
src: kscreenlockerrc
dest: /etc/xdg/kscreenlockerrc
+ mode: 0644
########
@@ -49,7 +52,7 @@
dest: /etc/default/grub
regexp: '^(GRUB_CMDLINE_LINUX=)""'
line: '\1"video=SVIDEO-1:d"'
- backrefs: yes
+ backrefs: true
notify: update grub
- name: grub timeout
@@ -57,7 +60,7 @@
dest: /etc/default/grub
regexp: '^(GRUB_TIMEOUT=).*'
line: '\g<1>1'
- backrefs: yes
+ backrefs: true
notify: update grub
- name: keyboard compose key
@@ -65,7 +68,7 @@
dest: /etc/default/keyboard
regexp: '^(XKBOPTIONS=).*'
line: '\1"compose:caps"'
- backrefs: yes
+ backrefs: true
- name: hibernate when lid is closed
lineinfile:
@@ -74,9 +77,11 @@
line: 'HandleLidSwitch=hibernate'
- name: tmp on tmpfs
- shell: cp /usr/share/systemd/tmp.mount /etc/systemd/system/
- args:
- creates: /etc/systemd/system/tmp.mount
+ copy:
+ src: /usr/share/systemd/tmp.mount
+ dest: /etc/systemd/system/tmp.mount
+ mode: 0644
+ remote_src: true
notify: enable tmp.mount
- name: mount tmpfs on /home/{{ auto_user }}
@@ -92,19 +97,19 @@
name: "{{ auto_user }}"
comment: "Autologin Debian User,,,"
shell: /bin/bash
- createhome: no
+ createhome: false
password: '*'
- name: check if NetworkManager is installed
stat: path=/etc/NetworkManager/system-connections
- register: NetworkManager
+ register: networkmanager
- name: add wifi config
- when: NetworkManager.stat.exists == true
template:
src: wifi.j2
dest: /etc/NetworkManager/system-connections/{{ wifi_ssid }}
owner: root
group: root
- mode: '0600'
+ mode: 0600
+ when: networkmanager.stat.exists
notify: reload NetworkManager
diff --git a/roles/krb5-kdc-ldap/meta/main.yml b/roles/krb5-kdc-ldap/meta/main.yml
index b19fb35..36ca9ba 100644
--- a/roles/krb5-kdc-ldap/meta/main.yml
+++ b/roles/krb5-kdc-ldap/meta/main.yml
@@ -1,3 +1,3 @@
---
-dependencies:
+dependencies: # noqa meta-no-info
- role: ldap
diff --git a/roles/krb5-kdc-ldap/tasks/main.yml b/roles/krb5-kdc-ldap/tasks/main.yml
index 76646b9..50a3f39 100644
--- a/roles/krb5-kdc-ldap/tasks/main.yml
+++ b/roles/krb5-kdc-ldap/tasks/main.yml
@@ -1,7 +1,8 @@
## Install and configure krb5-kdc-ldap (if not done yet),
## run most tasks only on krb5-kdc-ldap installation.
---
-- fail: msg="The machine's domain must not be empty."
+- name: check that domain name is available
+ fail: msg="The machine's domain must not be empty."
when: ansible_domain | length == 0
- name: check if krb5kdc is already there
@@ -12,19 +13,26 @@
template:
src: krb5.conf.j2
dest: /etc/krb5.conf
+ mode: 0644
- name: make sure krb5kdc exists
- file: path=/etc/krb5kdc state=directory recurse=yes
+ file:
+ path: /etc/krb5kdc
+ state: directory
+ recurse: true
+ mode: 0755
- name: prepare kdc.conf
template:
src: kdc.conf.j2
dest: /etc/krb5kdc/kdc.conf
+ mode: 0644
- name: prepare kadm5.acl
template:
src: kadm5.acl.j2
dest: /etc/krb5kdc/kadm5.acl
+ mode: 0644
notify: "restart krb5-admin-server"
- name: install krb5-kdc-ldap and krb5-admin-server
@@ -32,7 +40,7 @@
name:
- krb5-kdc-ldap
- krb5-admin-server
- state: latest
+ state: latest # noqa package-latest
- name: prepare kerberos.openldap.ldif
shell: gunzip -c /usr/share/doc/krb5-kdc-ldap/kerberos.openldap.ldif.gz > /etc/ldap/schema/kerberos.openldap.ldif
@@ -126,12 +134,12 @@
- "{1}uid=([^,]*),cn=gs2-iakerb,cn=auth uid=$1,ou=people,{{ basedn }}"
state: exact
-- name: prepare password for kdc
+- name: prepare password for kdc # noqa risky-shell-pipe
shell: echo "cn=kdc,cn=kerberos,{{ basedn }}#{HEX}$(echo -n {{ kdc_service_pwd }} | xxd -g0 -ps -c 256 | sed 's/0a$//')" > /etc/krb5kdc/service.keyfile
no_log: true
when: not krb5kdc.stat.exists
-- name: prepare password for kadmin
+- name: prepare password for kadmin # noqa risky-shell-pipe
shell: echo "cn=kadmin,cn=kerberos,{{ basedn }}#{HEX}$(echo -n {{ kadmin_service_pwd }} | xxd -g0 -ps -c 256 | sed 's/0a$//')" >> /etc/krb5kdc/service.keyfile
no_log: true
when: not krb5kdc.stat.exists
@@ -196,7 +204,7 @@
replace:
path: /etc/hosts
regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$"
- replace: '\1 kerberos'
+ replace: '\1 kerberos'
when: not krb5kdc.stat.exists
########################
@@ -212,8 +220,8 @@
firewalld:
zone: internal
service: "{{ item }}"
- permanent: yes
- immediate: yes
+ permanent: true
+ immediate: true
state: enabled
with_items:
- kerberos
diff --git a/roles/lan-client/defaults/main.yml b/roles/lan-client/defaults/main.yml
index 81690e1..29dadef 100644
--- a/roles/lan-client/defaults/main.yml
+++ b/roles/lan-client/defaults/main.yml
@@ -1,4 +1,4 @@
-lan_homes: /home/lan
+lan_homes: /home/lan
basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
ldap_server: ldap
krb_server: kerberos
diff --git a/roles/lan-client/handlers/main.yml b/roles/lan-client/handlers/main.yml
index 66f15d5..ec063a1 100644
--- a/roles/lan-client/handlers/main.yml
+++ b/roles/lan-client/handlers/main.yml
@@ -4,12 +4,12 @@
- name: reload systemd
systemd:
- daemon_reload: yes
+ daemon_reload: true
listen: "reload systemd"
- name: restart rpc-gssd
systemd:
name: rpc-gssd
- daemon_reload: yes
+ daemon_reload: true
state: restarted
notify: "restart rpc-gssd"
diff --git a/roles/lan-client/tasks/main.yml b/roles/lan-client/tasks/main.yml
index e394016..adaee16 100644
--- a/roles/lan-client/tasks/main.yml
+++ b/roles/lan-client/tasks/main.yml
@@ -1,5 +1,6 @@
---
-- fail: msg="The machine's domain must not be empty."
+- name: check if domain name is available
+ fail: msg="The machine's domain must not be empty."
when: ansible_domain | length == 0
- name: preseed krb5-config realm
@@ -31,7 +32,7 @@
- sssd-krb5
- sssd-ldap
- nfs-common
- state: latest
+ state: latest # noqa package-latest
- name: add URI to ldap.conf
lineinfile:
@@ -48,7 +49,7 @@
- name: enable pam_umask
lineinfile:
dest: /etc/pam.d/common-session
- line: "session optional pam_umask.so usergroups"
+ line: "session optional pam_umask.so usergroups"
## oddjob-mkhomedir works only with sec=sys for the NFSv4 share
diff --git a/roles/ldap/defaults/main.yml b/roles/ldap/defaults/main.yml
index e126f1e..32da1a2 100644
--- a/roles/ldap/defaults/main.yml
+++ b/roles/ldap/defaults/main.yml
@@ -1,9 +1,9 @@
ldap_admin_pwd: "{{ lookup('password', '/tmp/ldap_admin.pwd chars=ascii_letters,digits length=32') }}"
ldap_admin_pwd_file: "/root/ldap-admin.pwd"
basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
-TLSCertificateFile: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
-TLSCertificateKeyFile: "/etc/ssl/private/ssl-cert-snakeoil.key"
-lan_homes: /home/lan
+certpub: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+certpriv: "/etc/ssl/private/ssl-cert-snakeoil.key"
+lan_homes: /home/lan
min_id: 10000
max_id: 20000
ldapuser_gid: 8000
diff --git a/roles/ldap/handlers/main.cfg b/roles/ldap/handlers/main.cfg
new file mode 100644
index 0000000..93bbc44
--- /dev/null
+++ b/roles/ldap/handlers/main.cfg
@@ -0,0 +1,4 @@
+---
+- name: restart slapd
+ systemd: name=slapd state=restarted
+ listen: restart slapd
diff --git a/roles/ldap/tasks/main.yml b/roles/ldap/tasks/main.yml
index 4d0c307..25bcf84 100644
--- a/roles/ldap/tasks/main.yml
+++ b/roles/ldap/tasks/main.yml
@@ -1,6 +1,7 @@
## Install and configure slapd.
---
-- fail: msg="The machine's domain must not be empty."
+- name: check if domain name is available
+ fail: msg="The machine's domain must not be empty."
when: ansible_domain | length == 0
- name: check if slapd is already set up
@@ -87,6 +88,6 @@
firewalld:
zone: internal
service: ldap
- permanent: yes
- immediate: yes
+ permanent: true
+ immediate: true
state: enabled
diff --git a/roles/ldap/tasks/setup.yml b/roles/ldap/tasks/setup.yml
index d5ccfbe..9bbf5e9 100644
--- a/roles/ldap/tasks/setup.yml
+++ b/roles/ldap/tasks/setup.yml
@@ -3,7 +3,7 @@
- name: preseed ldap domain
debconf:
name: slapd
- question: slapd/domain
+ question: slapd/domain
value: "{{ ansible_domain }}"
vtype: string
@@ -24,7 +24,9 @@
no_log: true
- name: dump admin password
- shell: echo -n "{{ ldap_admin_pwd }}" > "{{ ldap_admin_pwd_file }}" ; chmod 0600 "{{ ldap_admin_pwd_file }}"
+ shell:
+ cmd: echo -n "{{ ldap_admin_pwd }}" > "{{ ldap_admin_pwd_file }}" ; chmod 0600 "{{ ldap_admin_pwd_file }}"
+ creates: "{{ ldap_admin_pwd_file }}"
no_log: true
- name: install packages for LDAP
@@ -35,37 +37,35 @@
- ldapvi
- python3-ldap
- ssl-cert
- state: latest
+ state: latest # noqa package-latest
- name: add openldap to the ssl-cert group
user:
name: openldap
groups: ssl-cert
- append: yes
- register: ssl_cert_group
-
-- name: restart slapd
- systemd: name=slapd state=restarted
- when: ssl_cert_group.changed
+ append: true
+ notify: restart slapd
- name: make initial slapd configuration available
copy:
src: slapd-config.ldif
dest: /etc/ldap/slapd.d/
+ mode: 0644
- name: make slapd TLS configuration available
template:
src: slapd-TLS.ldif
dest: /etc/ldap/slapd.d/
+ mode: 0644
- name: activate ppolicy schema
- command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif
+ command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif # noqa no-changed-when
- name: initialize slapd if it has just been installed
- command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-config.ldif
+ command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-config.ldif # noqa no-changed-when
- name: configure LDAP TLS
- command: ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-TLS.ldif
+ command: ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-TLS.ldif # noqa no-changed-when
- name: add URI to ldap.conf
lineinfile:
@@ -83,7 +83,7 @@
replace:
path: /etc/ldap/ldap.conf
regexp: "^(TLS_CACERT\\s+/etc/ssl/certs/ca-certificates.crt)$"
- replace: '#\1\nTLS_CACERT\t{{ TLSCertificateFile }}'
+ replace: '#\1\nTLS_CACERT\t{{ certpub }}'
- name: enable pam-mkhomedir
command: pam-auth-update --enable mkhomedir
diff --git a/roles/ldap/templates/slapd-TLS.ldif b/roles/ldap/templates/slapd-TLS.ldif
index e94216f..236841f 100644
--- a/roles/ldap/templates/slapd-TLS.ldif
+++ b/roles/ldap/templates/slapd-TLS.ldif
@@ -2,8 +2,8 @@
dn: cn=config
changetype: modify
add: olcTLSCertificateFile
-olcTLSCertificateFile: {{ TLSCertificateFile }}
+olcTLSCertificateFile: {{ certpub }}
-
add: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: {{ TLSCertificateKeyFile }}
+olcTLSCertificateKeyFile: {{ certpriv }}
-
diff --git a/roles/low-power/handlers/main.yml b/roles/low-power/handlers/main.yml
index 601c75f..c0c1c9a 100644
--- a/roles/low-power/handlers/main.yml
+++ b/roles/low-power/handlers/main.yml
@@ -1,5 +1,5 @@
- name: enable powertop timer
systemd:
name: powertop.timer
- enabled: yes
+ enabled: true
listen: "enable powertop timer"
diff --git a/roles/low-power/tasks/main.yml b/roles/low-power/tasks/main.yml
index 7a2edd8..a4fc825 100644
--- a/roles/low-power/tasks/main.yml
+++ b/roles/low-power/tasks/main.yml
@@ -1,5 +1,5 @@
- name: install some packages
- apt: name={{ item }} state=latest
+ apt: name={{ item }} state=latest # noqa package-latest
with_items:
- powertop
@@ -7,9 +7,11 @@
copy:
src: powertop.service
dest: /etc/systemd/system/powertop.service
+ mode: 0644
- name: install powertop.timer
copy:
src: powertop.timer
dest: /etc/systemd/system/powertop.timer
+ mode: 0644
notify: enable powertop timer
diff --git a/roles/netboot-installer/tasks/main.yml b/roles/netboot-installer/tasks/main.yml
index e2e88bc..4902791 100644
--- a/roles/netboot-installer/tasks/main.yml
+++ b/roles/netboot-installer/tasks/main.yml
@@ -2,6 +2,7 @@
file:
path: "{{ tftp_root }}/d-i/{{ di_dist }}"
state: directory
+ mode: 0755
- name: install di-netboot-assistant and installer package
apt:
@@ -16,11 +17,12 @@
copy:
src: /usr/share/doc/di-netboot-assistant/examples/preseed.cfg
dest: "{{ tftp_root }}/d-i/{{ di_dist }}"
- force: no
- remote_src: yes
+ mode: 0644
+ force: false
+ remote_src: true
- name: make the hostname resolvable from the LAN
replace:
path: /etc/hosts
regexp: '^(127\.0\.1\.1.*)$'
- replace: '#\1\n{{ ipaddr_lan | ipaddr("address") }} {{ ansible_hostname }}.{{ ansible_domain }} {{ ansible_hostname }}'
+ replace: '#\1\n{{ ipaddr_lan | ipaddr("address") }} {{ ansible_hostname }}.{{ ansible_domain }} {{ ansible_hostname }}'
diff --git a/roles/nextcloud-upgrade/handlers/main.yml b/roles/nextcloud-upgrade/handlers/main.yml
new file mode 100644
index 0000000..dfe1270
--- /dev/null
+++ b/roles/nextcloud-upgrade/handlers/main.yml
@@ -0,0 +1,14 @@
+---
+## DB fixes (only on upgrade)
+- name: add missing indices, columns and convert filecache
+ command: "{{ item }}"
+ args:
+ chdir: "{{ nc_dir }}"
+ warn: false
+ register: cmd_result
+ changed_when: cmd_result.stdout is search("updated successfully")
+ with_items:
+ - "sudo -u www-data php ./occ db:add-missing-indices"
+ - "sudo -u www-data php ./occ db:add-missing-columns"
+ - "sudo -u www-data php ./occ -n db:convert-filecache-bigint"
+ listen: update and fix data base
diff --git a/roles/nextcloud-upgrade/tasks/main.yml b/roles/nextcloud-upgrade/tasks/main.yml
index 497c9aa..7d6d0a5 100644
--- a/roles/nextcloud-upgrade/tasks/main.yml
+++ b/roles/nextcloud-upgrade/tasks/main.yml
@@ -1,18 +1,18 @@
---
-
- name: check/run upgrade
command: sudo -u www-data php updater.phar --no-interaction
args:
chdir: "{{ nc_dir }}/updater"
- warn: False
+ warn: false
register: upgrade_result
changed_when: upgrade_result.stdout is not search('Nothing to do.')
+ notify: update and fix data base
- name: update apps
command: "sudo -u www-data php ./occ app:update --all"
args:
chdir: "{{ nc_dir }}"
- warn: False
+ warn: false
register: cmd_result
changed_when: cmd_result.stdout | length > 0
@@ -20,36 +20,8 @@
command: "sudo -u www-data php ./occ app:install {{ item }}"
args:
chdir: "{{ nc_dir }}"
- warn: False
+ warn: false
with_items: "{{ nc_apps }}"
register: cmd_result
changed_when: cmd_result.stdout is not search('already installed')
- failed_when: cmd_result.stdout is not search('already installed') and cmd_result.rc != 0
-
-## DB fixes (only on upgrade)
-- name: add missing indices
- command: "sudo -u www-data php ./occ db:add-missing-indices"
- args:
- chdir: "{{ nc_dir }}"
- warn: False
- register: cmd_result
- changed_when: cmd_result.stdout is search('table updated successfully')
- when: upgrade_result.changed | default(true)
-
-- name: add missing columns
- command: "sudo -u www-data php ./occ db:add-missing-columns"
- args:
- chdir: "{{ nc_dir }}"
- warn: False
- register: cmd_result
- changed_when: cmd_result.stdout is search('table updated successfully')
- when: upgrade_result.changed | default(true)
-
-- name: convert filecache to bigint
- command: "sudo -u www-data php ./occ -n db:convert-filecache-bigint"
- args:
- chdir: "{{ nc_dir }}"
- warn: False
- register: cmd_result
- changed_when: cmd_result.stdout is not search('tables already up to date')
- when: upgrade_result.changed | default(true)
+ failed_when: cmd_result.stdout is not search('already installed') and cmd_result.rc != 0
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
index a4dfa67..be2e996 100644
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@@ -4,4 +4,4 @@ nc_admin_pwd_file: "/root/nc-admin.pwd"
www_root: "/var/www"
nc_dir: "{{ www_root }}/nextcloud"
data_dir: "/var/nc-data"
-allow_download: False
+allow_download: false
diff --git a/roles/nextcloud/handlers/main.yml b/roles/nextcloud/handlers/main.yml
index f514172..2446778 100644
--- a/roles/nextcloud/handlers/main.yml
+++ b/roles/nextcloud/handlers/main.yml
@@ -14,5 +14,5 @@
systemd:
name: nextcloudcron.timer
state: started
- enabled: True
+ enabled: true
listen: "enable nextcloudcron.timer"
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index 5506349..25c6163 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -5,8 +5,10 @@
register: nextcloud
- name: check for nextcloud archive
- local_action: stat path=nextcloud.tar.bz2
- become: No
+ stat:
+ path: nextcloud.tar.bz2
+ become: false
+ delegate_to: localhost
register: nc_archive
when: not nextcloud.stat.exists
@@ -45,7 +47,7 @@
- php-xml
- php-zip
- unzip
- state: latest
+ state: latest # noqa package-latest
- name: disable apache modules
apache2_module:
@@ -68,10 +70,10 @@
- http2
notify: "restart apache2"
-- name: find php version
+- name: find php version # noqa risky-shell-pipe
shell: ls /etc/php/ | sort | tail -1
register: php_ver
- changed_when: False
+ changed_when: false
- name: enable php-fpm conf
command: a2enconf php{{ php_ver.stdout }}-fpm
@@ -85,10 +87,14 @@
regexp: "{{ item.regex }}"
replace: "{{ item.replace }}"
with_items:
- - { regex: "^pm.max_children = .*$", replace: "pm.max_children = 10" }
- - { regex: "^pm.start_servers = .*$", replace: "pm.start_servers = 4" }
- - { regex: "^pm.min_spare_servers = .*$", replace: "pm.min_spare_servers = 2" }
- - { regex: "^pm.max_spare_servers = .*$", replace: "pm.max_spare_servers = 6" }
+ - regex: "^pm.max_children = .*$"
+ replace: "pm.max_children = 10"
+ - regex: "^pm.start_servers = .*$"
+ replace: "pm.start_servers = 4"
+ - regex: "^pm.min_spare_servers = .*$"
+ replace: "pm.min_spare_servers = 2"
+ - regex: "^pm.max_spare_servers = .*$"
+ replace: "pm.max_spare_servers = 6"
notify: "restart php-fpm"
- name: increase php memory limit
@@ -102,6 +108,7 @@
copy:
src: nextcloud.conf
dest: /etc/apache2/sites-available/nextcloud.conf
+ mode: 0644
notify: "restart apache2"
- name: enable nextcloud site
@@ -123,6 +130,7 @@
file:
path: "{{ data_dir }}"
state: directory
+ mode: 0770
owner: www-data
group: www-data
@@ -140,7 +148,7 @@
dest: "{{ www_root }}"
owner: www-data
group: www-data
- remote_src: Yes
+ remote_src: true
when: not nextcloud.stat.exists and run_in_installer|default(false)|bool
- name: unpack provided nextcloud archive
@@ -184,19 +192,19 @@
--data-dir "{{ data_dir }}"
args:
chdir: "{{ nc_dir }}"
- no_log: True
+ no_log: true
when: not nextcloud.stat.exists
- name: dump nc-admin password
shell: echo -n "{{ nc_admin_pwd }}" > "{{ nc_admin_pwd_file }}" ; chmod 0600 "{{ nc_admin_pwd_file }}"
- no_log: True
+ no_log: true
when: not nextcloud.stat.exists
- name: enable APCu memcache
command: sudo -u www-data php ./occ config:system:set memcache.local --value='\OC\Memcache\APCu'
args:
chdir: "{{ nc_dir }}"
- warn: False
+ warn: false
when: not nextcloud.stat.exists
- name: enable acpu for nextcloud updates
@@ -208,7 +216,7 @@
command: sudo -u www-data php ./occ config:system:set trusted_domains {{ item[0] }} --value='{{ item[1] }}'
args:
chdir: "{{ nc_dir }}"
- warn: False
+ warn: false
when: not nextcloud.stat.exists
loop:
- [1, '192.168.*.*']
@@ -220,6 +228,7 @@
copy:
src: "{{ item }}"
dest: "/etc/systemd/system/{{ item }}"
+ mode: 0644
with_items:
- nextcloudcron.service
- nextcloudcron.timer
@@ -229,8 +238,8 @@
firewalld:
interface: "{{ ansible_default_ipv4.interface }}"
zone: public
- permanent: Yes
- immediate: Yes
+ permanent: true
+ immediate: true
state: enabled
when: not run_in_installer|default(false)|bool
@@ -242,8 +251,8 @@
firewalld:
zone: public
service: https
- permanent: Yes
- immediate: Yes
+ permanent: true
+ immediate: true
state: enabled
when: not run_in_installer|default(false)|bool
@@ -257,7 +266,7 @@
- name: install libapache2-mod-auth-gssapi
apt:
name: libapache2-mod-auth-gssapi
- state: latest
+ state: latest # noqa package-latest
when: "'kerberize' in role_names"
notify: "restart apache2"
@@ -267,8 +276,8 @@
dest: /etc/krb5.keytab.http
group: www-data
mode: "0640"
- remote_src: yes
- force: no
+ remote_src: true
+ force: false
when: "'kerberize' in role_names"
notify: "restart apache2"
@@ -276,6 +285,7 @@
copy:
src: krb5-nextcloud.conf
dest: /etc/apache2/sites-available/krb5-nextcloud.conf
+ mode: 0644
when: "'kerberize' in role_names"
notify: "restart apache2"
@@ -290,8 +300,8 @@
firewalld:
zone: internal
service: https
- permanent: Yes
- immediate: Yes
+ permanent: true
+ immediate: true
state: enabled
when: not run_in_installer|default(false)|bool and 'kerberize' in role_names
@@ -303,7 +313,7 @@
command: sudo -u www-data php ./occ config:system:set trusted_domains 2 --value='{{ ansible_hostname }}.{{ ansible_domain }}'
args:
chdir: "{{ nc_dir }}"
- warn: False
+ warn: false
when: not nextcloud.stat.exists and 'kerberize' in role_names
diff --git a/roles/nfs-server/defaults/main.yml b/roles/nfs-server/defaults/main.yml
index 456b8e5..4aea529 100644
--- a/roles/nfs-server/defaults/main.yml
+++ b/roles/nfs-server/defaults/main.yml
@@ -1,5 +1,5 @@
export_root: /srv/nfs4
-lan_homes: /home/lan
+lan_homes: /home/lan
basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
min_id: 10000
min_id_sssd: 5000
diff --git a/roles/nfs-server/tasks/main.yml b/roles/nfs-server/tasks/main.yml
index eaab5bb..65ad478 100644
--- a/roles/nfs-server/tasks/main.yml
+++ b/roles/nfs-server/tasks/main.yml
@@ -1,6 +1,7 @@
## Install and configure nfs-server
---
-- fail: msg="The machine's domain must not be empty."
+- name: check if ansible domain is nonempty
+ fail: msg="The machine's domain must not be empty."
when: ansible_domain | length == 0
- name: check if we are installing
@@ -11,7 +12,7 @@
apt:
name:
- nfs-kernel-server
- state: latest
+ state: latest # noqa package-latest # noqa package-latest
- name: make sure the export paths exists
file: path={{ export_root }}/home/ state=directory recurse=yes
@@ -33,7 +34,7 @@
replace:
path: /etc/hosts
regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$"
- replace: '\1 nfs'
+ replace: '\1 nfs'
when: not exports.stat.exists
- name: check if there is a local kadmin
@@ -55,7 +56,7 @@
- sssd-krb5
- sssd-ldap
- sssd-tools ## sss_cache -U -G
- state: latest
+ state: latest # noqa package-latest
when: kadmin.stat.exists
- name: provide identities from directory
@@ -80,6 +81,7 @@
template:
src: dhcp-send-domain.j2
dest: /etc/dnsmasq.d/dhcp-send-domain
+ mode: 0644
notify: "restart dnsmasq"
when: dnsmasq.stat.exists
@@ -87,6 +89,6 @@
firewalld:
zone: internal
service: nfs
- permanent: yes
- immediate: yes
+ permanent: true
+ immediate: true
state: enabled
diff --git a/roles/prepare4clients/handlers/main.yml b/roles/prepare4clients/handlers/main.yml
index 3d30c45..dc6f9ad 100644
--- a/roles/prepare4clients/handlers/main.yml
+++ b/roles/prepare4clients/handlers/main.yml
@@ -1,7 +1,7 @@
- name: start git-repo
systemd:
- daemon_reload: yes
+ daemon_reload: true
name: git-repo
state: started
- enabled: yes
+ enabled: true
listen: start git-repo
diff --git a/roles/prepare4clients/tasks/main.yml b/roles/prepare4clients/tasks/main.yml
index f1fbc97..d5679e0 100644
--- a/roles/prepare4clients/tasks/main.yml
+++ b/roles/prepare4clients/tasks/main.yml
@@ -1,13 +1,13 @@
- name: make sure ansible is available
apt:
name: ansible
- state: latest
+ state: latest # noqa package-latest
- name: generate ssh key
command: "su -l {{ ansible_user }} -c \"ssh-keygen -t rsa -f /home/{{ ansible_user }}/.ssh/id_rsa -P ''\""
args:
creates: "/home/{{ ansible_user }}/.ssh/id_rsa"
- warn: False
+ warn: false
- name: slurp public key
slurp:
@@ -15,7 +15,8 @@
register: sshpubkey
# The following seems to be necessary to get rid of a newline:
-- set_fact:
+- name: define variable
+ set_fact:
sshpubkey: "{{ sshpubkey['content'] | b64decode | replace('\n', '') }}"
- name: enable backports in preseed file
@@ -87,12 +88,15 @@
block: |
# Use a temporary package cache during installation, install etckeeper.
menuentry 'Debian stable (amd64) + temporary package cache' {
- linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux mirror/http/proxy?=http://{{ ansible_hostname }}:3142/ pkgsel/include=etckeeper preseed/late_command="rm -fv /target/etc/apt/apt.conf" ---
+ linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux \
+ mirror/http/proxy?=http://{{ ansible_hostname }}:3142/ pkgsel/include=etckeeper \
+ preseed/late_command="rm -fv /target/etc/apt/apt.conf" ---
initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz
}
menuentry 'Debian {{ di_version }} (amd64) + preseed + kiosk.yml' {
- linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kiosk.yml ---
+ linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux \
+ auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kiosk.yml ---
initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz
}
@@ -128,7 +132,8 @@
insertbefore: EOF
block: |
menuentry 'Debian {{ di_version }} (amd64) + preseed + kerberox-client.yml' {
- linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kerberox-client.yml ---
+ linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux \
+ auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kerberox-client.yml ---
initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz
}
marker: "# {mark} ANSIBLE MANAGED BLOCK kerberox-client"
@@ -161,13 +166,16 @@
block: |
menuentry 'Debian {{ di_version }} (amd64) + preseed + sambox-client.yml' {
regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 "\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac
- linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical hostname=${oct4}${oct5}${oct6} url=tftp://{{ ansible_hostname }} playbook=sambox-client.yml ---
+ linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux \
+ auto=true priority=critical hostname=${oct4}${oct5}${oct6} url=tftp://{{ ansible_hostname }} \
+ playbook=sambox-client.yml ---
initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz
}
menuentry 'Debian daily (amd64) + preseed + sambox-client.yml' {
regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 "\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac
- linux /d-i/n-a/daily/amd64/linux auto=true priority=critical hostname=${oct4}${oct5}${oct6} url=tftp://{{ ansible_hostname }} playbook=sambox-client.yml ---
+ linux /d-i/n-a/daily/amd64/linux auto=true priority=critical hostname=${oct4}${oct5}${oct6} \
+ url=tftp://{{ ansible_hostname }} playbook=sambox-client.yml ---
initrd /d-i/n-a/daily/amd64/initrd.gz
}
marker: "# {mark} ANSIBLE MANAGED BLOCK sambox-client"
@@ -181,7 +189,7 @@
git:
repo: 'https://salsa.debian.org/andi/debian-lan-ansible.git'
dest: "{{ repo_dir }}"
- update: no
+ update: false
become_user: "{{ ansible_user }}"
when: not run_in_installer|default(false)|bool
@@ -189,6 +197,7 @@
template:
src: git-repo.j2
dest: "/etc/systemd/system/git-repo.service"
+ mode: 0644
notify: start git-repo
when: not run_in_installer|default(false)|bool
@@ -197,7 +206,8 @@
- name: add clients to inventory
blockinfile:
dest: /etc/ansible/hosts
- create: yes
+ create: true
+ mode: 0644
block: |
[kerberox-client]
{{ in_inventory }}
diff --git a/roles/samba-ldap/handlers/main.yml b/roles/samba-ldap/handlers/main.yml
index 99844ab..aef70e4 100644
--- a/roles/samba-ldap/handlers/main.yml
+++ b/roles/samba-ldap/handlers/main.yml
@@ -5,4 +5,3 @@
- name: restart smbd
service: name=smbd state=restarted enabled=yes
listen: "restart smbd"
-
diff --git a/roles/samba-ldap/meta/main.yml b/roles/samba-ldap/meta/main.yml
index b19fb35..36ca9ba 100644
--- a/roles/samba-ldap/meta/main.yml
+++ b/roles/samba-ldap/meta/main.yml
@@ -1,3 +1,3 @@
---
-dependencies:
+dependencies: # noqa meta-no-info
- role: ldap
diff --git a/roles/samba-ldap/tasks/main.yml b/roles/samba-ldap/tasks/main.yml
index cf0e871..e272ee2 100644
--- a/roles/samba-ldap/tasks/main.yml
+++ b/roles/samba-ldap/tasks/main.yml
@@ -9,8 +9,7 @@
name:
- samba
- sssd-ldap
- state: latest
-
+ state: latest # noqa package-latest
- name: provide identities from LDAP
template:
@@ -19,8 +18,8 @@
mode: 0600
notify: restart sssd
-- meta: flush_handlers
-
+- name: flush all handlers
+ meta: flush_handlers
- name: prepare samba schema
command: cp /usr/share/doc/samba/examples/LDAP/samba.ldif /etc/ldap/schema/
@@ -87,8 +86,8 @@
- name: slurp admin password for samba setup
slurp:
src: "{{ ldap_admin_pwd_file }}"
- register: ldap_admin_pwd
- no_log: true
+ register: ldap_admin_pwd
+ no_log: true
when: not samba_ldap.stat.exists
- name: make samba admin password available to smbd
@@ -97,9 +96,10 @@
notify: restart smbd
when: not samba_ldap.stat.exists
-- meta: flush_handlers
+- name: flush all handlers
+ meta: flush_handlers
-- name: add samba attributes to dummy user foo
+- name: add samba attributes to dummy user foo
command:
cmd: smbpasswd -s -a foo
stdin: "{{ foo_pwd }}\n{{ foo_pwd }}"
@@ -111,8 +111,8 @@
firewalld:
zone: internal
service: "{{ item }}"
- permanent: yes
- immediate: yes
+ permanent: true
+ immediate: true
state: enabled
with_items:
- samba
diff --git a/roles/samba-ldap/templates/sssd.conf.j2 b/roles/samba-ldap/templates/sssd.conf.j2
index c5c4187..6e6ac14 100644
--- a/roles/samba-ldap/templates/sssd.conf.j2
+++ b/roles/samba-ldap/templates/sssd.conf.j2
@@ -19,5 +19,5 @@ cache_credentials = true
min_id = {{ min_id_sssd }}
max_id = {{ max_id_sssd }}
-## remove this after providing propper certificates:
+## remove this after providing propper certificates:
ldap_tls_reqcert = allow
diff --git a/roles/smb-sshfs-client/handlers/main.yml b/roles/smb-sshfs-client/handlers/main.yml
index 3c18dd6..d54b258 100644
--- a/roles/smb-sshfs-client/handlers/main.yml
+++ b/roles/smb-sshfs-client/handlers/main.yml
@@ -4,6 +4,5 @@
- name: reload systemd
systemd:
- daemon_reload: yes
+ daemon_reload: true
listen: "reload systemd"
-
diff --git a/roles/smb-sshfs-client/tasks/main.yml b/roles/smb-sshfs-client/tasks/main.yml
index 0aaedde..4dcf1e1 100644
--- a/roles/smb-sshfs-client/tasks/main.yml
+++ b/roles/smb-sshfs-client/tasks/main.yml
@@ -3,10 +3,10 @@
apt:
name:
- sssd-ldap
- - libpam-mount
+ - libpam-mount
- cifs-utils
- - sshfs
- state: latest
+ - sshfs
+ state: latest # noqa package-latest
- name: add URI to ldap.conf
lineinfile:
@@ -23,7 +23,7 @@
- name: enable pam_umask
lineinfile:
dest: /etc/pam.d/common-session
- line: "session optional pam_umask.so usergroups"
+ line: "session optional pam_umask.so usergroups"
- name: provide identities from directory
template:
@@ -65,4 +65,6 @@
## gnome-keyring fails with sshfs:
- name: disable gnome-keyring-daemon
- command: dpkg-divert --divert /usr/bin/gnome-keyring-daemon.distrib --rename /usr/bin/gnome-keyring-daemon
+ command:
+ cmd: dpkg-divert --divert /usr/bin/gnome-keyring-daemon.distrib --rename /usr/bin/gnome-keyring-daemon
+ creates: /usr/bin/gnome-keyring-daemon.distrib
diff --git a/roles/systemd-networkd-resolved/handlers/main.yml b/roles/systemd-networkd-resolved/handlers/main.yml
index 6084965..457c60b 100644
--- a/roles/systemd-networkd-resolved/handlers/main.yml
+++ b/roles/systemd-networkd-resolved/handlers/main.yml
@@ -1,14 +1,14 @@
- name: restart and enable systemd-networkd
systemd:
name: systemd-networkd
- enabled: yes
+ enabled: true
state: restarted
- daemon_reload: yes
+ daemon_reload: true
listen: "start and enable systemd-networkd"
- name: start and enable systemd-resolved
systemd:
name: systemd-resolved
- enabled: yes
+ enabled: true
state: started
listen: "start and enable systemd-resolved"
diff --git a/roles/systemd-networkd-resolved/tasks/main.yml b/roles/systemd-networkd-resolved/tasks/main.yml
index 3033c67..2918d11 100644
--- a/roles/systemd-networkd-resolved/tasks/main.yml
+++ b/roles/systemd-networkd-resolved/tasks/main.yml
@@ -7,19 +7,20 @@
copy:
src: all-eth.network
dest: /etc/systemd/network/all-eth.network
+ mode: 0644
notify: "start and enable systemd-networkd"
-#- name: install static configuration for networkd
-# template:
-# src: 20-static.network.j2
-# dest: /etc/systemd/network/20-static.network
-# notify: "enable systemd-networkd"
+# - name: install static configuration for networkd
+# template:
+# src: 20-static.network.j2
+# dest: /etc/systemd/network/20-static.network
+# notify: "enable systemd-networkd"
- name: enable local stub resolver
file:
src: /run/systemd/resolve/stub-resolv.conf
dest: /etc/resolv.conf
state: link
- follow: False
- force: yes
+ follow: false
+ force: true
notify: "start and enable systemd-resolved"
diff --git a/roles/systemd-networkd-resolved/templates/20-static.network.j2 b/roles/systemd-networkd-resolved/templates/20-static.network.j2
index 04195a9..fbdc83b 100644
--- a/roles/systemd-networkd-resolved/templates/20-static.network.j2
+++ b/roles/systemd-networkd-resolved/templates/20-static.network.j2
@@ -4,4 +4,4 @@ Name={{ if_lan }}
[Network]
Address={{ ipaddr }}
Gateway={{ gateway }}
-DNS={{ DNS }}
+DNS={{ dns }}
diff --git a/roles/transparent-squid/tasks/main.yml b/roles/transparent-squid/tasks/main.yml
index d5df254..63f1199 100644
--- a/roles/transparent-squid/tasks/main.yml
+++ b/roles/transparent-squid/tasks/main.yml
@@ -1,7 +1,7 @@
- name: install squid package
apt:
name: squid
- state: latest
+ state: latest # noqa package-latest
- name: configure squid extra lines
lineinfile:
@@ -9,11 +9,16 @@
line: "{{ item.line }}"
insertafter: "{{ item.insertafter }}"
with_items:
- - { line: "http_access allow localnet", insertafter: "#http_access allow localnet" }
- - { line: "http_port 3129 intercept", insertafter: "http_port 3128" }
- - { line: "maximum_object_size_in_memory 10240 KB", insertafter: "# maximum_object_size_in_memory" }
- - { line: "maximum_object_size 512 MB", insertafter: "# maximum_object_size" }
- - { line: "cache_dir aufs /var/spool/squid 20000 16 256", insertafter: "#cache_dir ufs /var/spool/squid" }
+ - line: "http_access allow localnet"
+ insertafter: "#http_access allow localnet"
+ - line: "http_port 3129 intercept"
+ insertafter: "http_port 3128"
+ - line: "maximum_object_size_in_memory 10240 KB"
+ insertafter: "# maximum_object_size_in_memory"
+ - line: "maximum_object_size 512 MB"
+ insertafter: "# maximum_object_size"
+ - line: "cache_dir aufs /var/spool/squid 20000 16 256"
+ insertafter: "#cache_dir ufs /var/spool/squid"
notify: "restart squid"
- name: configure squid store IDs
@@ -29,6 +34,7 @@
copy:
src: store_id_regex.conf
dest: /etc/squid/store_id_regex.conf
+ mode: 0644
notify: "restart squid"
- name: configure squid as package cache
@@ -53,5 +59,5 @@
- name: redirect www traffic in shorewall
lineinfile:
dest: /etc/shorewall/rules
- line: "REDIRECT loc 3129 tcp www"
+ line: "REDIRECT loc 3129 tcp www"
notify: "restart shorewall"
diff --git a/roles/two-interface-firewalld/tasks/main.yml b/roles/two-interface-firewalld/tasks/main.yml
index a5e9850..c21b90c 100644
--- a/roles/two-interface-firewalld/tasks/main.yml
+++ b/roles/two-interface-firewalld/tasks/main.yml
@@ -2,13 +2,15 @@
template:
src: interfaces-static.j2
dest: /etc/network/interfaces.d/static
+ mode: 0644
notify: "bring up LAN interface"
- name: install firewalld package
- apt: name=firewalld state=latest
+ apt: name=firewalld state=latest # noqa package-latest
notify: "start firewalld"
-- meta: flush_handlers
+- name: flush all handlers
+ meta: flush_handlers
## Do not run the following in the installer:
@@ -17,7 +19,7 @@
firewalld:
zone: public
interface: "{{ if_wan }}"
- permanent: yes
+ permanent: true
state: enabled
immediate: true
when: not run_in_installer|default(false)|bool
@@ -26,7 +28,7 @@
firewalld:
zone: public
masquerade: 'yes'
- permanent: yes
+ permanent: true
state: enabled
immediate: true
when: not run_in_installer|default(false)|bool
@@ -35,7 +37,7 @@
firewalld:
zone: internal
interface: "{{ if_lan }}"
- permanent: yes
+ permanent: true
state: enabled
immediate: true
when: not run_in_installer|default(false)|bool
@@ -44,7 +46,7 @@
firewalld:
zone: internal
service: "{{ item }}"
- permanent: yes
+ permanent: true
state: enabled
immediate: true
with_items:
diff --git a/roles/two-interface-shorewall/tasks/main.yml b/roles/two-interface-shorewall/tasks/main.yml
index e92f99c..0974a2e 100644
--- a/roles/two-interface-shorewall/tasks/main.yml
+++ b/roles/two-interface-shorewall/tasks/main.yml
@@ -2,10 +2,11 @@
template:
src: interfaces-static.j2
dest: /etc/network/interfaces.d/static
+ mode: 0644
notify: restart networking
- name: install shorewall packages
- apt: name=shorewall state=latest
+ apt: name=shorewall state=latest # noqa package-latest
- name: copy shorewall configuration
command: cp {{ item }} /etc/shorewall/
@@ -24,7 +25,7 @@
- name: find files in /etc/shorewall/
find:
paths: /etc/shorewall/
- use_regex: yes
+ use_regex: true
pattern: '.+[^~]$'
contains: '.*(eth0|eth1).*'
register: find_result
@@ -35,7 +36,7 @@
dest: "{{ item.path }}"
regexp: 'eth0'
replace: "{{ if_wan }}"
- backup: yes
+ backup: true
with_items: "{{ find_result.files }}"
notify: restart shorewall
@@ -44,7 +45,7 @@
dest: "{{ item.path }}"
regexp: 'eth1'
replace: "{{ if_lan }}"
- backup: yes
+ backup: true
with_items: "{{ find_result.files }}"
notify: restart shorewall
@@ -53,7 +54,7 @@
dest: /etc/shorewall/shorewall.conf
regexp: 'IP_FORWARDING=Keep'
replace: 'IP_FORWARDING=Yes'
- backup: yes
+ backup: true
notify: restart shorewall
- name: configure shorewall policy
@@ -61,7 +62,7 @@
dest: /etc/shorewall/policy
regexp: 'loc(\s+)net(\s+)ACCEPT'
replace: 'loc\1all\2ACCEPT\n$FW\1all\2ACCEPT'
- backup: yes
+ backup: true
notify: restart shorewall
- name: configure shorewall rules
@@ -69,5 +70,5 @@
dest: /etc/shorewall/rules
regexp: '(SSH\(ACCEPT\)\s+)loc(\s+\$FW)'
replace: '\1all\2'
- backup: yes
+ backup: true
notify: restart shorewall
diff --git a/roles/up2date-debian/tasks/main.yml b/roles/up2date-debian/tasks/main.yml
index cd11949..d28bc9e 100644
--- a/roles/up2date-debian/tasks/main.yml
+++ b/roles/up2date-debian/tasks/main.yml
@@ -2,36 +2,36 @@
- name: update apt package lists
apt:
- update_cache: yes
+ update_cache: true
cache_valid_time: 86400
- name: upgrade packages
apt:
upgrade: dist
- autoremove: yes
- autoclean: yes
+ autoremove: true
+ autoclean: true
- name: install etckeeper
apt:
name: etckeeper
- state: latest
+ state: latest # noqa package-latest
- name: install extra packages from stable
apt:
name: "{{ extra_pkgs }}"
- state: latest
+ state: latest # noqa package-latest
when: extra_pkgs|length
- name: add {{ ansible_distribution_release }}-backports
apt_repository:
repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main
state: present
- update_cache: yes
+ update_cache: true
when: extra_pkgs_bpo|length
- name: install extra packages from backports
apt:
name: "{{ extra_pkgs_bpo }}"
- state: latest
+ state: latest # noqa package-latest
default_release: "{{ ansible_distribution_release }}-backports"
when: extra_pkgs_bpo|length
diff --git a/roles/web-server/tasks/main.yml b/roles/web-server/tasks/main.yml
index c0d073c..f6b46a8 100644
--- a/roles/web-server/tasks/main.yml
+++ b/roles/web-server/tasks/main.yml
@@ -1,5 +1,5 @@
- name: install some packages
- apt: name={{ item }} state=latest
+ apt: name={{ item }} state=latest # noqa package-latest
with_items:
- unattended-upgrades
- screen
diff --git a/sambox-client.yml b/sambox-client.yml
index 8b63293..305f81c 100644
--- a/sambox-client.yml
+++ b/sambox-client.yml
@@ -4,7 +4,7 @@
- name: apply configuration to the machines
hosts: all
remote_user: ansible
- become: yes
+ become: true
vars:
extra_pkgs:
- webext-privacy-badger
@@ -16,5 +16,5 @@
- up2date-debian
- smb-sshfs-client
## Choose either gnome or KDE:
- #- gnome
- #- kde
+ # - gnome
+ # - kde
diff --git a/sambox.yml b/sambox.yml
index a8efcc1..465a5d8 100644
--- a/sambox.yml
+++ b/sambox.yml
@@ -1,13 +1,13 @@
---
## This playbook deploys the sambox server. Add 'hostname=XXX' and 'domain=YYY'
## to the installer boot parameters to set hostname and domain.
-##
+##
- name: apply configuration to the sambox server
hosts: all
remote_user: ansible
- become: yes
+ become: true
vars:
## This interface provides the default route:
@@ -22,11 +22,11 @@
ipaddr_lan_ptr: "{{ (ipaddr_lan | ipaddr('revdns')).split('.')[1:] | join('.') }}"
ipaddr_lan_ptr_threeoct: "{{ ipaddr_lan_ptr.split('.')[0:3] | join('.') }}"
dhcp_start: 192.168.0.50
- dhcp_stop: 192.168.0.150
+ dhcp_stop: 192.168.0.150
in_inventory: 192.168.0.[50:150]
di_dist: "{{ ansible_distribution_release }}"
- di_version: 10 #"{{ ansible_distribution_major_version }}"
+ di_version: 10 # "{{ ansible_distribution_major_version }}"
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
ansible_user: ansible
@@ -40,7 +40,7 @@
In case you would like to prepare a test user 'foo' and have
not done so yet, provide foo's password here. Leave empty to
just continue
- private: yes
+ private: true
pre_tasks: