From 2cf34e8e558e31c92eec05c303e0ebbc8bfae45f Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Sat, 11 Jun 2022 12:42:02 +0200 Subject: [PATCH] Fix some ansible-lint complaints. --- README.kerberox | 4 +- cloudbox.yml | 14 ++--- edubox.yml | 8 +-- host_vars/blackbox.yml | 2 +- host_vars/bluebox.yml | 2 +- installbox.yml | 2 +- kerberox-client.yml | 8 +-- kerberox.yml | 10 ++-- kiosk.yml | 4 +- minimal-krb5.yml | 2 +- minimal.yml | 2 +- roles/apt-cacher/tasks/main.yml | 14 ++--- roles/backup/handlers/main.yml | 2 +- roles/backup/tasks/main.yml | 5 +- roles/ddns-update/handlers/main.yml | 4 +- roles/ddns-update/tasks/main.yml | 3 + roles/dns-dhcp-tftp/tasks/main.yml | 23 ++++---- roles/dns-dhcp-tftp/templates/dhcpd.conf.j2 | 2 +- roles/dnsmasq/tasks/main.yml | 4 +- roles/educontainer/handlers/main.yml | 2 +- roles/educontainer/tasks/main.yml | 4 +- roles/educontainer/tasks/setup.yml | 45 +++++++++----- roles/gnome/tasks/main.yml | 18 ++++-- roles/kde/tasks/main.yml | 4 +- roles/kiosk/handlers/main.yml | 23 ++------ roles/kiosk/tasks/main.yml | 35 ++++++----- roles/krb5-kdc-ldap/meta/main.yml | 2 +- roles/krb5-kdc-ldap/tasks/main.yml | 24 +++++--- roles/lan-client/defaults/main.yml | 2 +- roles/lan-client/handlers/main.yml | 4 +- roles/lan-client/tasks/main.yml | 7 ++- roles/ldap/defaults/main.yml | 6 +- roles/ldap/handlers/main.cfg | 4 ++ roles/ldap/tasks/main.yml | 7 ++- roles/ldap/tasks/setup.yml | 26 ++++----- roles/ldap/templates/slapd-TLS.ldif | 4 +- roles/low-power/handlers/main.yml | 2 +- roles/low-power/tasks/main.yml | 4 +- roles/netboot-installer/tasks/main.yml | 8 ++- roles/nextcloud-upgrade/handlers/main.yml | 14 +++++ roles/nextcloud-upgrade/tasks/main.yml | 38 ++---------- roles/nextcloud/defaults/main.yml | 2 +- roles/nextcloud/handlers/main.yml | 2 +- roles/nextcloud/tasks/main.yml | 58 +++++++++++-------- roles/nfs-server/defaults/main.yml | 2 +- roles/nfs-server/tasks/main.yml | 14 +++-- roles/prepare4clients/handlers/main.yml | 4 +- roles/prepare4clients/tasks/main.yml | 30 ++++++---- roles/samba-ldap/handlers/main.yml | 1 - roles/samba-ldap/meta/main.yml | 2 +- roles/samba-ldap/tasks/main.yml | 20 +++---- roles/samba-ldap/templates/sssd.conf.j2 | 2 +- roles/smb-sshfs-client/handlers/main.yml | 3 +- roles/smb-sshfs-client/tasks/main.yml | 12 ++-- .../handlers/main.yml | 6 +- .../systemd-networkd-resolved/tasks/main.yml | 15 ++--- .../templates/20-static.network.j2 | 2 +- roles/transparent-squid/tasks/main.yml | 20 ++++--- roles/two-interface-firewalld/tasks/main.yml | 14 +++-- roles/two-interface-shorewall/tasks/main.yml | 15 ++--- roles/up2date-debian/tasks/main.yml | 14 ++--- roles/web-server/tasks/main.yml | 2 +- sambox-client.yml | 6 +- sambox.yml | 10 ++-- 64 files changed, 357 insertions(+), 297 deletions(-) create mode 100644 roles/ldap/handlers/main.cfg create mode 100644 roles/nextcloud-upgrade/handlers/main.yml diff --git a/README.kerberox b/README.kerberox index 9362321..1e969af 100644 --- a/README.kerberox +++ b/README.kerberox @@ -5,7 +5,7 @@ sudo cat /root/kadmin.pwd ## Then: - cd /home/ansible/debian-lan/ + cd /home/ansible/debian-lan/ ansible-playbook --ask-become-pass kerberox-client.yml -## Enter the 'BECOME' password and the kadmin password obtained above. +## Enter the 'BECOME' password and the kadmin password obtained above. diff --git a/cloudbox.yml b/cloudbox.yml index 81634fd..0a78efc 100644 --- a/cloudbox.yml +++ b/cloudbox.yml @@ -4,12 +4,12 @@ - name: apply configuration to the cloudbox hosts: cloudboxes remote_user: ansible - become: Yes + become: true vars: if_lan: "enp1s0" ipaddr: "192.168.2.50/24" gateway: "192.168.2.1" - DNS: "192.168.2.1" + dns: "192.168.2.1" ddns_domain: "something.ddnss.de" ddns_updkey: "138638.some.key.here.635620" ## 'nc_download' and 'nc_checksum' are only @@ -32,17 +32,16 @@ # - low-power - nextcloud - nextcloud-upgrade - - backup +# - backup - -## Hosts in the the 'only_nextcloud'-group are only upgraded: +## Hosts in the the 'only_nextcloud'-group are only upgraded: - name: upgrade nextcloud only hosts: only_nextcloud remote_user: ansible - become: Yes + become: true vars: - nc_dir: "/var/www/nextcloud" + nc_dir: "/var/www/nextcloud" nc_apps: - calendar - notes @@ -51,4 +50,3 @@ roles: - up2date-debian - nextcloud-upgrade - diff --git a/edubox.yml b/edubox.yml index 8376eef..06ca4fe 100644 --- a/edubox.yml +++ b/edubox.yml @@ -23,7 +23,7 @@ - name: apply configuration to the edubox hosts: all # eduboxes remote_user: ansible - become: yes + become: true vars: contname: cont ## User name for the user in the container: @@ -52,19 +52,19 @@ - name: install apt-cacher-ng apt: name: apt-cacher-ng - state: latest + state: latest # noqa package-latest - name: enable apt-cacher-ng lineinfile: path: /etc/apt/apt.conf.d/30proxy line: 'Acquire::http::Proxy "http://localhost:3142/";' - create: yes + create: true - name: enable and start systemd-networkd on the host systemd: name: systemd-networkd state: started - enabled: yes + enabled: true roles: - up2date-debian diff --git a/host_vars/blackbox.yml b/host_vars/blackbox.yml index 7e2e4aa..a1f3799 100644 --- a/host_vars/blackbox.yml +++ b/host_vars/blackbox.yml @@ -1,4 +1,4 @@ -allow_download: True +allow_download: true backup_dirs_extra: - /home backup_opts_extra: "" diff --git a/host_vars/bluebox.yml b/host_vars/bluebox.yml index 3fff54c..dacab7d 100644 --- a/host_vars/bluebox.yml +++ b/host_vars/bluebox.yml @@ -1 +1 @@ -allow_download: True +allow_download: true diff --git a/installbox.yml b/installbox.yml index 6e1c4c6..81ddb59 100644 --- a/installbox.yml +++ b/installbox.yml @@ -6,7 +6,7 @@ - name: apply configuration to the installbox hosts: all remote_user: ansible - become: yes + become: true vars: ## This interface provides the default route: diff --git a/kerberox-client.yml b/kerberox-client.yml index cd7b29f..695c3a1 100644 --- a/kerberox-client.yml +++ b/kerberox-client.yml @@ -4,7 +4,7 @@ - name: apply configuration to the machines hosts: all remote_user: ansible - become: yes + become: true vars: extra_pkgs: - webext-privacy-badger @@ -16,12 +16,12 @@ vars_prompt: - name: "kadmin_pwd" prompt: "Provide kadmin password to fetch kerberos keytab.\nLeave empty if done already" - private: yes + private: true roles: - up2date-debian - lan-client - kerberize ## Choose either gnome or KDE: - #- gnome - #- kde + # - gnome + # - kde diff --git a/kerberox.yml b/kerberox.yml index edb56d3..976db14 100644 --- a/kerberox.yml +++ b/kerberox.yml @@ -5,7 +5,7 @@ - name: apply configuration to the kerberox server hosts: all remote_user: ansible - become: yes + become: true vars: ## This interface provides the default route: @@ -34,7 +34,7 @@ In case you would like to prepare a test user 'foo' and have not done so yet, provide foo's password here. Leave empty to just continue - private: yes + private: true pre_tasks: @@ -50,7 +50,9 @@ - netboot-installer - dnsmasq - apt-cacher - - { role: krb5-kdc-ldap, when: not run_in_installer|default(false)|bool } - - { role: nfs-server, when: not run_in_installer|default(false)|bool } + - role: krb5-kdc-ldap + when: not run_in_installer|default(false)|bool + - role: nfs-server + when: not run_in_installer|default(false)|bool - prepare4clients - kerberize diff --git a/kiosk.yml b/kiosk.yml index b68bbb7..076e42d 100644 --- a/kiosk.yml +++ b/kiosk.yml @@ -4,7 +4,7 @@ - name: apply configuration to the machines hosts: all remote_user: ansible - become: yes + become: true vars: auto_user: debi wifi_ssid: "YOUR SSID HERE" @@ -18,5 +18,5 @@ - up2date-debian ## Choose either gnome or KDE: - gnome - #- kde + # - kde - kiosk diff --git a/minimal-krb5.yml b/minimal-krb5.yml index ebba3a2..a7644c8 100644 --- a/minimal-krb5.yml +++ b/minimal-krb5.yml @@ -4,7 +4,7 @@ - name: apply a minimal configuration with kerberos LAN integration hosts: all remote_user: ansible - become: yes + become: true roles: - up2date-debian - lan-client diff --git a/minimal.yml b/minimal.yml index c31c0c8..921b8db 100644 --- a/minimal.yml +++ b/minimal.yml @@ -4,6 +4,6 @@ - name: apply a minimal configuration to the machine hosts: all remote_user: ansible - become: yes + become: true roles: - up2date-debian diff --git a/roles/apt-cacher/tasks/main.yml b/roles/apt-cacher/tasks/main.yml index 7439eb4..01b745d 100644 --- a/roles/apt-cacher/tasks/main.yml +++ b/roles/apt-cacher/tasks/main.yml @@ -1,17 +1,17 @@ - name: install apt-cacher-ng package apt: name: apt-cacher-ng - state: latest + state: latest # noqa package-latest - name: enable apt-cacher-ng for localhost copy: src: apt.conf dest: /etc/apt/apt.conf - force: no + force: false + mode: 0644 notify: "start apt-cacher-ng" when: not run_in_installer|default(false)|bool ## do not enable apt-cacher during installation - - name: check if preseeded installer is available stat: path={{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg register: preseedcfg @@ -27,8 +27,8 @@ firewalld: zone: internal port: 3142/tcp - permanent: yes - immediate: yes + permanent: true + immediate: true state: enabled when: not run_in_installer|default(false)|bool @@ -36,5 +36,5 @@ command: "firewall-offline-cmd --zone=internal --add-port=3142/tcp" when: run_in_installer|default(false)|bool - -- meta: flush_handlers +- name: flush handler to make apt-cacher available + meta: flush_handlers diff --git a/roles/backup/handlers/main.yml b/roles/backup/handlers/main.yml index 43950ec..3a4f8f6 100644 --- a/roles/backup/handlers/main.yml +++ b/roles/backup/handlers/main.yml @@ -2,5 +2,5 @@ systemd: name: backup.timer state: started - enabled: True + enabled: true listen: "enable backup.timer" diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml index 5cbd241..f263d5c 100644 --- a/roles/backup/tasks/main.yml +++ b/roles/backup/tasks/main.yml @@ -1,7 +1,7 @@ - name: install borg apt: name: borgbackup - state: latest + state: latest # noqa package-latest - name: check if borg password is available stat: path="{{ borg_pwd_file }}" @@ -9,7 +9,7 @@ - name: dump borg password shell: echo -n "{{ borg_pwd }}" > "{{ borg_pwd_file }}" ; chmod 0600 "{{ borg_pwd_file }}" - no_log: True + no_log: true when: not borg.stat.exists - name: provide backup script @@ -22,6 +22,7 @@ copy: src: "{{ item }}" dest: "/etc/systemd/system/{{ item }}" + mode: 0644 with_items: - backup.service - backup.timer diff --git a/roles/ddns-update/handlers/main.yml b/roles/ddns-update/handlers/main.yml index a1700e2..1022036 100644 --- a/roles/ddns-update/handlers/main.yml +++ b/roles/ddns-update/handlers/main.yml @@ -2,6 +2,6 @@ systemd: name: ddns-update.timer state: restarted - daemon_reload: yes - enabled: yes + daemon_reload: true + enabled: true listen: "enable ddns-update timer" diff --git a/roles/ddns-update/tasks/main.yml b/roles/ddns-update/tasks/main.yml index 54e3412..a345036 100644 --- a/roles/ddns-update/tasks/main.yml +++ b/roles/ddns-update/tasks/main.yml @@ -5,6 +5,7 @@ template: src: ddns-update.conf.j2 dest: /etc/ddns-update/ddns-update.conf + mode: 0644 - name: install ddns-update script copy: @@ -16,9 +17,11 @@ copy: src: ddns-update.service dest: /etc/systemd/system/ddns-update.service + mode: 0644 - name: install ddns-update.timer copy: src: ddns-update.timer dest: /etc/systemd/system/ddns-update.timer + mode: 0644 notify: enable ddns-update timer diff --git a/roles/dns-dhcp-tftp/tasks/main.yml b/roles/dns-dhcp-tftp/tasks/main.yml index 98d4b00..623741f 100644 --- a/roles/dns-dhcp-tftp/tasks/main.yml +++ b/roles/dns-dhcp-tftp/tasks/main.yml @@ -12,7 +12,7 @@ - isc-dhcp-server - tftpd-hpa - bind9 - state: latest + state: latest # noqa package-latest ## FIXME: preseeding seems to be ignored - name: configure TFTP root directory @@ -22,7 +22,7 @@ replace: 'TFTP_DIRECTORY="/var/lib/tftpboot"' notify: restart tftpd-hpa -- name: serve dhcp on LAN interface +- name: serve dhcp on LAN interface replace: path: /etc/default/isc-dhcp-server regexp: '^INTERFACESv4=".*"$' @@ -33,13 +33,15 @@ template: src: dhcpd.conf.j2 dest: /etc/dhcp/dhcpd.conf - backup: yes + mode: 0644 + backup: true notify: restart isc-dhcp-server -- name: deploy config files for bind9 +- name: deploy config files for bind9 template: src: "{{ item }}.j2" dest: "/etc/bind/{{ item }}" + mode: 0644 loop: - db.intern - localzones @@ -49,6 +51,7 @@ template: src: db.lan.j2 dest: "/etc/bind/db.{{ ipaddr_lan_threeoct }}" + mode: 0644 notify: restart bind - name: link zone files to writeable directory for DDNS @@ -71,6 +74,7 @@ template: src: resolv.conf.j2 dest: /etc/resolv.conf + mode: 0644 notify: restart isc-dhcp-server ## stop dhclient from overwriting /etc/resolv.conf: @@ -80,7 +84,7 @@ block: | supersede domain-search "{{ ansible_domain }}"; supersede domain-name-servers 127.0.0.1; - insertbefore: "#send dhcp-client-identifier.*" + insertbefore: "#send dhcp-client-identifier.*" notify: restart dhcp-client - name: generate rndc key @@ -90,11 +94,10 @@ - name: copy rndc key copy: - src: /etc/bind/rndc.key + src: /etc/bind/rndc.key dest: /etc/dhcp/ - owner: root + owner: root group: root - mode: '0640' - remote_src: yes + mode: 0640 + remote_src: true notify: restart isc-dhcp-server - diff --git a/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2 b/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2 index cca662e..9bb803c 100644 --- a/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2 +++ b/roles/dns-dhcp-tftp/templates/dhcpd.conf.j2 @@ -56,7 +56,7 @@ subnet {{ ipaddr_lan | ipaddr("network") }} netmask {{ ipaddr_lan | ipaddr("netm } -# No service will be given on this subnet, but declaring it helps the +# No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology. #subnet 10.152.187.0 netmask 255.255.255.0 { diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml index d5e7fc2..00f73a6 100644 --- a/roles/dnsmasq/tasks/main.yml +++ b/roles/dnsmasq/tasks/main.yml @@ -7,16 +7,18 @@ name: - dnsmasq - resolvconf - state: latest + state: latest # noqa package-latest - name: configure dnsmasq dhcp template: src: dnsmasq-dhcp.j2 dest: /etc/dnsmasq.d/dnsmasq-dhcp + mode: 0644 notify: "restart dnsmasq" - name: configure dnsmasq tftp template: src: dnsmasq-tftp-netboot-installer.j2 dest: /etc/dnsmasq.d/tftp-netboot-installer + mode: 0644 notify: "restart dnsmasq" diff --git a/roles/educontainer/handlers/main.yml b/roles/educontainer/handlers/main.yml index 44ccc8e..70b52ec 100644 --- a/roles/educontainer/handlers/main.yml +++ b/roles/educontainer/handlers/main.yml @@ -2,6 +2,6 @@ systemd: name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service state: restarted - enabled: yes + enabled: true loop: "{{ containers }}" listen: enable and restart containers diff --git a/roles/educontainer/tasks/main.yml b/roles/educontainer/tasks/main.yml index 76748af..d5dfc93 100644 --- a/roles/educontainer/tasks/main.yml +++ b/roles/educontainer/tasks/main.yml @@ -2,8 +2,8 @@ ## ## Port mapping to the host: ## -## container 0: ssh → host port 10000, HTTP → 10100 -## container 1: ssh → host port 10001, HTTP → 10101 +## container 0: ssh → host port 10000, HTTP → 10100 +## container 1: ssh → host port 10001, HTTP → 10101 ## ... ... ... ## ## User '{{ contuser }}' in the sudo group. Password is '{{ contpwd }}'. diff --git a/roles/educontainer/tasks/setup.yml b/roles/educontainer/tasks/setup.yml index 3aa3b32..4296a72 100644 --- a/roles/educontainer/tasks/setup.yml +++ b/roles/educontainer/tasks/setup.yml @@ -5,7 +5,7 @@ name: - systemd-container - debootstrap - state: latest + state: latest # noqa package-latest - name: prepare machine directory file: @@ -23,7 +23,7 @@ args: chdir: /var/lib/machines/ creates: /var/lib/machines/{{ contname }}00 - environment: + environment: http_proxy: "{{ '' if run_in_installer|default(false) else 'http://localhost:3142' }}" notify: enable and restart containers @@ -31,7 +31,8 @@ copy: src: /etc/apt/sources.list dest: /var/lib/machines/{{ contname }}00/etc/apt/sources.list - remote_src: yes + mode: 0644 + remote_src: true - name: configure locale lineinfile: @@ -57,7 +58,7 @@ - name: provide {{ contuser }} user account command: cmd: > - chroot . sh -c '/usr/sbin/useradd -m -s /bin/bash + chroot . sh -c '/usr/sbin/useradd -m -s /bin/bash -c "User {{ contuser }},,," -G sudo {{ contuser }}' args: chdir: /var/lib/machines/{{ contname }}00 @@ -89,6 +90,7 @@ file: path: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item }} state: directory + mode: 0755 loop: - multi-user.target.wants - sockets.target.wants @@ -100,13 +102,17 @@ src: /lib/systemd/system/{{ item.src }} dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }} state: link - follow: False - force: yes + follow: false + force: true loop: - - { src: systemd-networkd.service, dest: dbus-org.freedesktop.network1.service } - - { src: systemd-networkd.service, dest: multi-user.target.wants/systemd-networkd.service } - - { src: systemd-networkd.socket, dest: sockets.target.wants/systemd-networkd.socket } - - { src: systemd-networkd-wait-online.service, dest: network-online.target.wants/systemd-networkd-wait-online.service } + - src: systemd-networkd.service + dest: dbus-org.freedesktop.network1.service + - src: systemd-networkd.service + dest: multi-user.target.wants/systemd-networkd.service + - src: systemd-networkd.socket + dest: sockets.target.wants/systemd-networkd.socket + - src: systemd-networkd-wait-online.service + dest: network-online.target.wants/systemd-networkd-wait-online.service notify: enable and restart containers - name: enable systemd-resolved in containers @@ -114,11 +120,13 @@ src: /lib/systemd/system/{{ item.src }} dest: /var/lib/machines/{{ contname }}00/etc/systemd/system/{{ item.dest }} state: link - follow: False - force: yes + follow: false + force: true loop: - - { src: systemd-resolved.service, dest: dbus-org.freedesktop.resolve1.service } - - { src: systemd-resolved.service, dest: multi-user.target.wants/systemd-resolved.service } + - src: systemd-resolved.service + dest: dbus-org.freedesktop.resolve1.service + - src: systemd-resolved.service + dest: multi-user.target.wants/systemd-resolved.service notify: enable and restart containers ######## @@ -126,7 +134,8 @@ copy: content: "# Avoid 'too many open files' error:" dest: /etc/sysctl.d/inotify.conf - force: no + mode: 0644 + force: false - name: fix too many open files error sysctl: @@ -146,11 +155,13 @@ file: path: /etc/systemd/nspawn state: directory + mode: 0755 - name: provide container configuration template: src: contcfg.nspawn.j2 - dest: /etc/systemd/nspawn/{{ contname}}{{ "%02d" | format(item|int) }}.nspawn + dest: /etc/systemd/nspawn/{{ contname }}{{ "%02d" | format(item|int) }}.nspawn + mode: 0644 loop: "{{ containers }}" notify: enable and restart containers @@ -158,6 +169,7 @@ template: src: hostname.j2 dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hostname + mode: 0644 loop: "{{ containers }}" notify: enable and restart containers @@ -165,5 +177,6 @@ template: src: hosts.j2 dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts + mode: 0644 loop: "{{ containers }}" notify: enable and restart containers diff --git a/roles/gnome/tasks/main.yml b/roles/gnome/tasks/main.yml index 432229c..ab80bda 100644 --- a/roles/gnome/tasks/main.yml +++ b/roles/gnome/tasks/main.yml @@ -1,5 +1,5 @@ -#- name: gnome hibernate by default -# apt: name=gnome-shell-extension-suspend-button state=latest +# - name: gnome hibernate by default +# apt: name=gnome-shell-extension-suspend-button state=latest # noqa package-latest - name: gnome desktop apt: @@ -8,24 +8,32 @@ - cups - ssh-askpass-gnome - gnome-shell-extension-dashtodock - state: latest + state: latest # noqa package-latest - name: make sure /etc/dconf/profile/ exists - file: path=/etc/dconf/profile/ state=directory recurse=yes + file: + path: /etc/dconf/profile/ + state: directory + recurse: true - name: prepare for gnome customized defaults copy: src: user dest: /etc/dconf/profile/user + mode: 0644 notify: update dconf - name: make sure /etc/dconf/db/local.d/ exists - file: path=/etc/dconf/db/local.d/ state=directory recurse=yes + file: + path: /etc/dconf/db/local.d/ + state: directory + recurse: true - name: modify gnome defaults copy: src: defaults dest: /etc/dconf/db/local.d/defaults + mode: 0644 notify: update dconf ## Bug #698504 diff --git a/roles/kde/tasks/main.yml b/roles/kde/tasks/main.yml index 74f7e1f..5ce612c 100644 --- a/roles/kde/tasks/main.yml +++ b/roles/kde/tasks/main.yml @@ -4,9 +4,9 @@ - task-kde-desktop - sddm-theme-debian-breeze - cups - state: latest + state: latest # noqa package-latest + - ## Bug #698504 - name: allow print job management replace: diff --git a/roles/kiosk/handlers/main.yml b/roles/kiosk/handlers/main.yml index 7c9de36..cacbe56 100644 --- a/roles/kiosk/handlers/main.yml +++ b/roles/kiosk/handlers/main.yml @@ -5,26 +5,15 @@ - name: reload NetworkManager when: not run_in_installer|default(false)|bool systemd: - daemon_reload: yes + daemon_reload: true name: NetworkManager state: reloaded - enabled: yes + enabled: true listen: reload NetworkManager -# fails in installer with stretch, workaround below: -#- name: enable tmp.mount -# systemd: -# daemon_reload: yes -# name: tmp.mount -# enabled: yes - -- name: make sure local-fs.target.wants exists - file: path=/etc/systemd/system/local-fs.target.wants/ state=directory - listen: enable tmp.mount - - name: enable tmp.mount - file: - src: /etc/systemd/system/tmp.mount - dest: /etc/systemd/system/local-fs.target.wants/tmp.mount - state: link + systemd: + daemon_reload: true + name: tmp.mount + enabled: true listen: enable tmp.mount diff --git a/roles/kiosk/tasks/main.yml b/roles/kiosk/tasks/main.yml index 60ab55e..accf9b8 100644 --- a/roles/kiosk/tasks/main.yml +++ b/roles/kiosk/tasks/main.yml @@ -9,37 +9,40 @@ ## gdm3: - name: enable auto login in gdm3 - when: gdm3.stat.exists == true lineinfile: dest: /etc/gdm3/daemon.conf insertafter: '^#\s*AutomaticLoginEnable = true' line: 'AutomaticLoginEnable = true' + when: gdm3.stat.exists - name: auto login user in gdm3 - when: gdm3.stat.exists == true lineinfile: dest: /etc/gdm3/daemon.conf insertafter: '^#\s*AutomaticLogin = ' line: 'AutomaticLogin = {{ auto_user }}' + when: gdm3.stat.exists ## sddm/KDE: - name: enable auto login in sddm - when: sddm.stat.exists == true + when: sddm.stat.exists template: src: sddm.conf.j2 dest: /etc/sddm.conf + mode: 0644 - name: kde global defaults - when: sddm.stat.exists == true + when: sddm.stat.exists copy: src: kde5rc dest: /etc/kde5rc + mode: 0644 - name: modify kde screen lock - when: sddm.stat.exists == true + when: sddm.stat.exists copy: src: kscreenlockerrc dest: /etc/xdg/kscreenlockerrc + mode: 0644 ######## @@ -49,7 +52,7 @@ dest: /etc/default/grub regexp: '^(GRUB_CMDLINE_LINUX=)""' line: '\1"video=SVIDEO-1:d"' - backrefs: yes + backrefs: true notify: update grub - name: grub timeout @@ -57,7 +60,7 @@ dest: /etc/default/grub regexp: '^(GRUB_TIMEOUT=).*' line: '\g<1>1' - backrefs: yes + backrefs: true notify: update grub - name: keyboard compose key @@ -65,7 +68,7 @@ dest: /etc/default/keyboard regexp: '^(XKBOPTIONS=).*' line: '\1"compose:caps"' - backrefs: yes + backrefs: true - name: hibernate when lid is closed lineinfile: @@ -74,9 +77,11 @@ line: 'HandleLidSwitch=hibernate' - name: tmp on tmpfs - shell: cp /usr/share/systemd/tmp.mount /etc/systemd/system/ - args: - creates: /etc/systemd/system/tmp.mount + copy: + src: /usr/share/systemd/tmp.mount + dest: /etc/systemd/system/tmp.mount + mode: 0644 + remote_src: true notify: enable tmp.mount - name: mount tmpfs on /home/{{ auto_user }} @@ -92,19 +97,19 @@ name: "{{ auto_user }}" comment: "Autologin Debian User,,," shell: /bin/bash - createhome: no + createhome: false password: '*' - name: check if NetworkManager is installed stat: path=/etc/NetworkManager/system-connections - register: NetworkManager + register: networkmanager - name: add wifi config - when: NetworkManager.stat.exists == true template: src: wifi.j2 dest: /etc/NetworkManager/system-connections/{{ wifi_ssid }} owner: root group: root - mode: '0600' + mode: 0600 + when: networkmanager.stat.exists notify: reload NetworkManager diff --git a/roles/krb5-kdc-ldap/meta/main.yml b/roles/krb5-kdc-ldap/meta/main.yml index b19fb35..36ca9ba 100644 --- a/roles/krb5-kdc-ldap/meta/main.yml +++ b/roles/krb5-kdc-ldap/meta/main.yml @@ -1,3 +1,3 @@ --- -dependencies: +dependencies: # noqa meta-no-info - role: ldap diff --git a/roles/krb5-kdc-ldap/tasks/main.yml b/roles/krb5-kdc-ldap/tasks/main.yml index 76646b9..50a3f39 100644 --- a/roles/krb5-kdc-ldap/tasks/main.yml +++ b/roles/krb5-kdc-ldap/tasks/main.yml @@ -1,7 +1,8 @@ ## Install and configure krb5-kdc-ldap (if not done yet), ## run most tasks only on krb5-kdc-ldap installation. --- -- fail: msg="The machine's domain must not be empty." +- name: check that domain name is available + fail: msg="The machine's domain must not be empty." when: ansible_domain | length == 0 - name: check if krb5kdc is already there @@ -12,19 +13,26 @@ template: src: krb5.conf.j2 dest: /etc/krb5.conf + mode: 0644 - name: make sure krb5kdc exists - file: path=/etc/krb5kdc state=directory recurse=yes + file: + path: /etc/krb5kdc + state: directory + recurse: true + mode: 0755 - name: prepare kdc.conf template: src: kdc.conf.j2 dest: /etc/krb5kdc/kdc.conf + mode: 0644 - name: prepare kadm5.acl template: src: kadm5.acl.j2 dest: /etc/krb5kdc/kadm5.acl + mode: 0644 notify: "restart krb5-admin-server" - name: install krb5-kdc-ldap and krb5-admin-server @@ -32,7 +40,7 @@ name: - krb5-kdc-ldap - krb5-admin-server - state: latest + state: latest # noqa package-latest - name: prepare kerberos.openldap.ldif shell: gunzip -c /usr/share/doc/krb5-kdc-ldap/kerberos.openldap.ldif.gz > /etc/ldap/schema/kerberos.openldap.ldif @@ -126,12 +134,12 @@ - "{1}uid=([^,]*),cn=gs2-iakerb,cn=auth uid=$1,ou=people,{{ basedn }}" state: exact -- name: prepare password for kdc +- name: prepare password for kdc # noqa risky-shell-pipe shell: echo "cn=kdc,cn=kerberos,{{ basedn }}#{HEX}$(echo -n {{ kdc_service_pwd }} | xxd -g0 -ps -c 256 | sed 's/0a$//')" > /etc/krb5kdc/service.keyfile no_log: true when: not krb5kdc.stat.exists -- name: prepare password for kadmin +- name: prepare password for kadmin # noqa risky-shell-pipe shell: echo "cn=kadmin,cn=kerberos,{{ basedn }}#{HEX}$(echo -n {{ kadmin_service_pwd }} | xxd -g0 -ps -c 256 | sed 's/0a$//')" >> /etc/krb5kdc/service.keyfile no_log: true when: not krb5kdc.stat.exists @@ -196,7 +204,7 @@ replace: path: /etc/hosts regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$" - replace: '\1 kerberos' + replace: '\1 kerberos' when: not krb5kdc.stat.exists ######################## @@ -212,8 +220,8 @@ firewalld: zone: internal service: "{{ item }}" - permanent: yes - immediate: yes + permanent: true + immediate: true state: enabled with_items: - kerberos diff --git a/roles/lan-client/defaults/main.yml b/roles/lan-client/defaults/main.yml index 81690e1..29dadef 100644 --- a/roles/lan-client/defaults/main.yml +++ b/roles/lan-client/defaults/main.yml @@ -1,4 +1,4 @@ -lan_homes: /home/lan +lan_homes: /home/lan basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}" ldap_server: ldap krb_server: kerberos diff --git a/roles/lan-client/handlers/main.yml b/roles/lan-client/handlers/main.yml index 66f15d5..ec063a1 100644 --- a/roles/lan-client/handlers/main.yml +++ b/roles/lan-client/handlers/main.yml @@ -4,12 +4,12 @@ - name: reload systemd systemd: - daemon_reload: yes + daemon_reload: true listen: "reload systemd" - name: restart rpc-gssd systemd: name: rpc-gssd - daemon_reload: yes + daemon_reload: true state: restarted notify: "restart rpc-gssd" diff --git a/roles/lan-client/tasks/main.yml b/roles/lan-client/tasks/main.yml index e394016..adaee16 100644 --- a/roles/lan-client/tasks/main.yml +++ b/roles/lan-client/tasks/main.yml @@ -1,5 +1,6 @@ --- -- fail: msg="The machine's domain must not be empty." +- name: check if domain name is available + fail: msg="The machine's domain must not be empty." when: ansible_domain | length == 0 - name: preseed krb5-config realm @@ -31,7 +32,7 @@ - sssd-krb5 - sssd-ldap - nfs-common - state: latest + state: latest # noqa package-latest - name: add URI to ldap.conf lineinfile: @@ -48,7 +49,7 @@ - name: enable pam_umask lineinfile: dest: /etc/pam.d/common-session - line: "session optional pam_umask.so usergroups" + line: "session optional pam_umask.so usergroups" ## oddjob-mkhomedir works only with sec=sys for the NFSv4 share diff --git a/roles/ldap/defaults/main.yml b/roles/ldap/defaults/main.yml index e126f1e..32da1a2 100644 --- a/roles/ldap/defaults/main.yml +++ b/roles/ldap/defaults/main.yml @@ -1,9 +1,9 @@ ldap_admin_pwd: "{{ lookup('password', '/tmp/ldap_admin.pwd chars=ascii_letters,digits length=32') }}" ldap_admin_pwd_file: "/root/ldap-admin.pwd" basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}" -TLSCertificateFile: "/etc/ssl/certs/ssl-cert-snakeoil.pem" -TLSCertificateKeyFile: "/etc/ssl/private/ssl-cert-snakeoil.key" -lan_homes: /home/lan +certpub: "/etc/ssl/certs/ssl-cert-snakeoil.pem" +certpriv: "/etc/ssl/private/ssl-cert-snakeoil.key" +lan_homes: /home/lan min_id: 10000 max_id: 20000 ldapuser_gid: 8000 diff --git a/roles/ldap/handlers/main.cfg b/roles/ldap/handlers/main.cfg new file mode 100644 index 0000000..93bbc44 --- /dev/null +++ b/roles/ldap/handlers/main.cfg @@ -0,0 +1,4 @@ +--- +- name: restart slapd + systemd: name=slapd state=restarted + listen: restart slapd diff --git a/roles/ldap/tasks/main.yml b/roles/ldap/tasks/main.yml index 4d0c307..25bcf84 100644 --- a/roles/ldap/tasks/main.yml +++ b/roles/ldap/tasks/main.yml @@ -1,6 +1,7 @@ ## Install and configure slapd. --- -- fail: msg="The machine's domain must not be empty." +- name: check if domain name is available + fail: msg="The machine's domain must not be empty." when: ansible_domain | length == 0 - name: check if slapd is already set up @@ -87,6 +88,6 @@ firewalld: zone: internal service: ldap - permanent: yes - immediate: yes + permanent: true + immediate: true state: enabled diff --git a/roles/ldap/tasks/setup.yml b/roles/ldap/tasks/setup.yml index d5ccfbe..9bbf5e9 100644 --- a/roles/ldap/tasks/setup.yml +++ b/roles/ldap/tasks/setup.yml @@ -3,7 +3,7 @@ - name: preseed ldap domain debconf: name: slapd - question: slapd/domain + question: slapd/domain value: "{{ ansible_domain }}" vtype: string @@ -24,7 +24,9 @@ no_log: true - name: dump admin password - shell: echo -n "{{ ldap_admin_pwd }}" > "{{ ldap_admin_pwd_file }}" ; chmod 0600 "{{ ldap_admin_pwd_file }}" + shell: + cmd: echo -n "{{ ldap_admin_pwd }}" > "{{ ldap_admin_pwd_file }}" ; chmod 0600 "{{ ldap_admin_pwd_file }}" + creates: "{{ ldap_admin_pwd_file }}" no_log: true - name: install packages for LDAP @@ -35,37 +37,35 @@ - ldapvi - python3-ldap - ssl-cert - state: latest + state: latest # noqa package-latest - name: add openldap to the ssl-cert group user: name: openldap groups: ssl-cert - append: yes - register: ssl_cert_group - -- name: restart slapd - systemd: name=slapd state=restarted - when: ssl_cert_group.changed + append: true + notify: restart slapd - name: make initial slapd configuration available copy: src: slapd-config.ldif dest: /etc/ldap/slapd.d/ + mode: 0644 - name: make slapd TLS configuration available template: src: slapd-TLS.ldif dest: /etc/ldap/slapd.d/ + mode: 0644 - name: activate ppolicy schema - command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif + command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif # noqa no-changed-when - name: initialize slapd if it has just been installed - command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-config.ldif + command: ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-config.ldif # noqa no-changed-when - name: configure LDAP TLS - command: ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-TLS.ldif + command: ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/slapd-TLS.ldif # noqa no-changed-when - name: add URI to ldap.conf lineinfile: @@ -83,7 +83,7 @@ replace: path: /etc/ldap/ldap.conf regexp: "^(TLS_CACERT\\s+/etc/ssl/certs/ca-certificates.crt)$" - replace: '#\1\nTLS_CACERT\t{{ TLSCertificateFile }}' + replace: '#\1\nTLS_CACERT\t{{ certpub }}' - name: enable pam-mkhomedir command: pam-auth-update --enable mkhomedir diff --git a/roles/ldap/templates/slapd-TLS.ldif b/roles/ldap/templates/slapd-TLS.ldif index e94216f..236841f 100644 --- a/roles/ldap/templates/slapd-TLS.ldif +++ b/roles/ldap/templates/slapd-TLS.ldif @@ -2,8 +2,8 @@ dn: cn=config changetype: modify add: olcTLSCertificateFile -olcTLSCertificateFile: {{ TLSCertificateFile }} +olcTLSCertificateFile: {{ certpub }} - add: olcTLSCertificateKeyFile -olcTLSCertificateKeyFile: {{ TLSCertificateKeyFile }} +olcTLSCertificateKeyFile: {{ certpriv }} - diff --git a/roles/low-power/handlers/main.yml b/roles/low-power/handlers/main.yml index 601c75f..c0c1c9a 100644 --- a/roles/low-power/handlers/main.yml +++ b/roles/low-power/handlers/main.yml @@ -1,5 +1,5 @@ - name: enable powertop timer systemd: name: powertop.timer - enabled: yes + enabled: true listen: "enable powertop timer" diff --git a/roles/low-power/tasks/main.yml b/roles/low-power/tasks/main.yml index 7a2edd8..a4fc825 100644 --- a/roles/low-power/tasks/main.yml +++ b/roles/low-power/tasks/main.yml @@ -1,5 +1,5 @@ - name: install some packages - apt: name={{ item }} state=latest + apt: name={{ item }} state=latest # noqa package-latest with_items: - powertop @@ -7,9 +7,11 @@ copy: src: powertop.service dest: /etc/systemd/system/powertop.service + mode: 0644 - name: install powertop.timer copy: src: powertop.timer dest: /etc/systemd/system/powertop.timer + mode: 0644 notify: enable powertop timer diff --git a/roles/netboot-installer/tasks/main.yml b/roles/netboot-installer/tasks/main.yml index e2e88bc..4902791 100644 --- a/roles/netboot-installer/tasks/main.yml +++ b/roles/netboot-installer/tasks/main.yml @@ -2,6 +2,7 @@ file: path: "{{ tftp_root }}/d-i/{{ di_dist }}" state: directory + mode: 0755 - name: install di-netboot-assistant and installer package apt: @@ -16,11 +17,12 @@ copy: src: /usr/share/doc/di-netboot-assistant/examples/preseed.cfg dest: "{{ tftp_root }}/d-i/{{ di_dist }}" - force: no - remote_src: yes + mode: 0644 + force: false + remote_src: true - name: make the hostname resolvable from the LAN replace: path: /etc/hosts regexp: '^(127\.0\.1\.1.*)$' - replace: '#\1\n{{ ipaddr_lan | ipaddr("address") }} {{ ansible_hostname }}.{{ ansible_domain }} {{ ansible_hostname }}' + replace: '#\1\n{{ ipaddr_lan | ipaddr("address") }} {{ ansible_hostname }}.{{ ansible_domain }} {{ ansible_hostname }}' diff --git a/roles/nextcloud-upgrade/handlers/main.yml b/roles/nextcloud-upgrade/handlers/main.yml new file mode 100644 index 0000000..dfe1270 --- /dev/null +++ b/roles/nextcloud-upgrade/handlers/main.yml @@ -0,0 +1,14 @@ +--- +## DB fixes (only on upgrade) +- name: add missing indices, columns and convert filecache + command: "{{ item }}" + args: + chdir: "{{ nc_dir }}" + warn: false + register: cmd_result + changed_when: cmd_result.stdout is search("updated successfully") + with_items: + - "sudo -u www-data php ./occ db:add-missing-indices" + - "sudo -u www-data php ./occ db:add-missing-columns" + - "sudo -u www-data php ./occ -n db:convert-filecache-bigint" + listen: update and fix data base diff --git a/roles/nextcloud-upgrade/tasks/main.yml b/roles/nextcloud-upgrade/tasks/main.yml index 497c9aa..7d6d0a5 100644 --- a/roles/nextcloud-upgrade/tasks/main.yml +++ b/roles/nextcloud-upgrade/tasks/main.yml @@ -1,18 +1,18 @@ --- - - name: check/run upgrade command: sudo -u www-data php updater.phar --no-interaction args: chdir: "{{ nc_dir }}/updater" - warn: False + warn: false register: upgrade_result changed_when: upgrade_result.stdout is not search('Nothing to do.') + notify: update and fix data base - name: update apps command: "sudo -u www-data php ./occ app:update --all" args: chdir: "{{ nc_dir }}" - warn: False + warn: false register: cmd_result changed_when: cmd_result.stdout | length > 0 @@ -20,36 +20,8 @@ command: "sudo -u www-data php ./occ app:install {{ item }}" args: chdir: "{{ nc_dir }}" - warn: False + warn: false with_items: "{{ nc_apps }}" register: cmd_result changed_when: cmd_result.stdout is not search('already installed') - failed_when: cmd_result.stdout is not search('already installed') and cmd_result.rc != 0 - -## DB fixes (only on upgrade) -- name: add missing indices - command: "sudo -u www-data php ./occ db:add-missing-indices" - args: - chdir: "{{ nc_dir }}" - warn: False - register: cmd_result - changed_when: cmd_result.stdout is search('table updated successfully') - when: upgrade_result.changed | default(true) - -- name: add missing columns - command: "sudo -u www-data php ./occ db:add-missing-columns" - args: - chdir: "{{ nc_dir }}" - warn: False - register: cmd_result - changed_when: cmd_result.stdout is search('table updated successfully') - when: upgrade_result.changed | default(true) - -- name: convert filecache to bigint - command: "sudo -u www-data php ./occ -n db:convert-filecache-bigint" - args: - chdir: "{{ nc_dir }}" - warn: False - register: cmd_result - changed_when: cmd_result.stdout is not search('tables already up to date') - when: upgrade_result.changed | default(true) + failed_when: cmd_result.stdout is not search('already installed') and cmd_result.rc != 0 diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index a4dfa67..be2e996 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -4,4 +4,4 @@ nc_admin_pwd_file: "/root/nc-admin.pwd" www_root: "/var/www" nc_dir: "{{ www_root }}/nextcloud" data_dir: "/var/nc-data" -allow_download: False +allow_download: false diff --git a/roles/nextcloud/handlers/main.yml b/roles/nextcloud/handlers/main.yml index f514172..2446778 100644 --- a/roles/nextcloud/handlers/main.yml +++ b/roles/nextcloud/handlers/main.yml @@ -14,5 +14,5 @@ systemd: name: nextcloudcron.timer state: started - enabled: True + enabled: true listen: "enable nextcloudcron.timer" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 5506349..25c6163 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -5,8 +5,10 @@ register: nextcloud - name: check for nextcloud archive - local_action: stat path=nextcloud.tar.bz2 - become: No + stat: + path: nextcloud.tar.bz2 + become: false + delegate_to: localhost register: nc_archive when: not nextcloud.stat.exists @@ -45,7 +47,7 @@ - php-xml - php-zip - unzip - state: latest + state: latest # noqa package-latest - name: disable apache modules apache2_module: @@ -68,10 +70,10 @@ - http2 notify: "restart apache2" -- name: find php version +- name: find php version # noqa risky-shell-pipe shell: ls /etc/php/ | sort | tail -1 register: php_ver - changed_when: False + changed_when: false - name: enable php-fpm conf command: a2enconf php{{ php_ver.stdout }}-fpm @@ -85,10 +87,14 @@ regexp: "{{ item.regex }}" replace: "{{ item.replace }}" with_items: - - { regex: "^pm.max_children = .*$", replace: "pm.max_children = 10" } - - { regex: "^pm.start_servers = .*$", replace: "pm.start_servers = 4" } - - { regex: "^pm.min_spare_servers = .*$", replace: "pm.min_spare_servers = 2" } - - { regex: "^pm.max_spare_servers = .*$", replace: "pm.max_spare_servers = 6" } + - regex: "^pm.max_children = .*$" + replace: "pm.max_children = 10" + - regex: "^pm.start_servers = .*$" + replace: "pm.start_servers = 4" + - regex: "^pm.min_spare_servers = .*$" + replace: "pm.min_spare_servers = 2" + - regex: "^pm.max_spare_servers = .*$" + replace: "pm.max_spare_servers = 6" notify: "restart php-fpm" - name: increase php memory limit @@ -102,6 +108,7 @@ copy: src: nextcloud.conf dest: /etc/apache2/sites-available/nextcloud.conf + mode: 0644 notify: "restart apache2" - name: enable nextcloud site @@ -123,6 +130,7 @@ file: path: "{{ data_dir }}" state: directory + mode: 0770 owner: www-data group: www-data @@ -140,7 +148,7 @@ dest: "{{ www_root }}" owner: www-data group: www-data - remote_src: Yes + remote_src: true when: not nextcloud.stat.exists and run_in_installer|default(false)|bool - name: unpack provided nextcloud archive @@ -184,19 +192,19 @@ --data-dir "{{ data_dir }}" args: chdir: "{{ nc_dir }}" - no_log: True + no_log: true when: not nextcloud.stat.exists - name: dump nc-admin password shell: echo -n "{{ nc_admin_pwd }}" > "{{ nc_admin_pwd_file }}" ; chmod 0600 "{{ nc_admin_pwd_file }}" - no_log: True + no_log: true when: not nextcloud.stat.exists - name: enable APCu memcache command: sudo -u www-data php ./occ config:system:set memcache.local --value='\OC\Memcache\APCu' args: chdir: "{{ nc_dir }}" - warn: False + warn: false when: not nextcloud.stat.exists - name: enable acpu for nextcloud updates @@ -208,7 +216,7 @@ command: sudo -u www-data php ./occ config:system:set trusted_domains {{ item[0] }} --value='{{ item[1] }}' args: chdir: "{{ nc_dir }}" - warn: False + warn: false when: not nextcloud.stat.exists loop: - [1, '192.168.*.*'] @@ -220,6 +228,7 @@ copy: src: "{{ item }}" dest: "/etc/systemd/system/{{ item }}" + mode: 0644 with_items: - nextcloudcron.service - nextcloudcron.timer @@ -229,8 +238,8 @@ firewalld: interface: "{{ ansible_default_ipv4.interface }}" zone: public - permanent: Yes - immediate: Yes + permanent: true + immediate: true state: enabled when: not run_in_installer|default(false)|bool @@ -242,8 +251,8 @@ firewalld: zone: public service: https - permanent: Yes - immediate: Yes + permanent: true + immediate: true state: enabled when: not run_in_installer|default(false)|bool @@ -257,7 +266,7 @@ - name: install libapache2-mod-auth-gssapi apt: name: libapache2-mod-auth-gssapi - state: latest + state: latest # noqa package-latest when: "'kerberize' in role_names" notify: "restart apache2" @@ -267,8 +276,8 @@ dest: /etc/krb5.keytab.http group: www-data mode: "0640" - remote_src: yes - force: no + remote_src: true + force: false when: "'kerberize' in role_names" notify: "restart apache2" @@ -276,6 +285,7 @@ copy: src: krb5-nextcloud.conf dest: /etc/apache2/sites-available/krb5-nextcloud.conf + mode: 0644 when: "'kerberize' in role_names" notify: "restart apache2" @@ -290,8 +300,8 @@ firewalld: zone: internal service: https - permanent: Yes - immediate: Yes + permanent: true + immediate: true state: enabled when: not run_in_installer|default(false)|bool and 'kerberize' in role_names @@ -303,7 +313,7 @@ command: sudo -u www-data php ./occ config:system:set trusted_domains 2 --value='{{ ansible_hostname }}.{{ ansible_domain }}' args: chdir: "{{ nc_dir }}" - warn: False + warn: false when: not nextcloud.stat.exists and 'kerberize' in role_names diff --git a/roles/nfs-server/defaults/main.yml b/roles/nfs-server/defaults/main.yml index 456b8e5..4aea529 100644 --- a/roles/nfs-server/defaults/main.yml +++ b/roles/nfs-server/defaults/main.yml @@ -1,5 +1,5 @@ export_root: /srv/nfs4 -lan_homes: /home/lan +lan_homes: /home/lan basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}" min_id: 10000 min_id_sssd: 5000 diff --git a/roles/nfs-server/tasks/main.yml b/roles/nfs-server/tasks/main.yml index eaab5bb..65ad478 100644 --- a/roles/nfs-server/tasks/main.yml +++ b/roles/nfs-server/tasks/main.yml @@ -1,6 +1,7 @@ ## Install and configure nfs-server --- -- fail: msg="The machine's domain must not be empty." +- name: check if ansible domain is nonempty + fail: msg="The machine's domain must not be empty." when: ansible_domain | length == 0 - name: check if we are installing @@ -11,7 +12,7 @@ apt: name: - nfs-kernel-server - state: latest + state: latest # noqa package-latest # noqa package-latest - name: make sure the export paths exists file: path={{ export_root }}/home/ state=directory recurse=yes @@ -33,7 +34,7 @@ replace: path: /etc/hosts regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$" - replace: '\1 nfs' + replace: '\1 nfs' when: not exports.stat.exists - name: check if there is a local kadmin @@ -55,7 +56,7 @@ - sssd-krb5 - sssd-ldap - sssd-tools ## sss_cache -U -G - state: latest + state: latest # noqa package-latest when: kadmin.stat.exists - name: provide identities from directory @@ -80,6 +81,7 @@ template: src: dhcp-send-domain.j2 dest: /etc/dnsmasq.d/dhcp-send-domain + mode: 0644 notify: "restart dnsmasq" when: dnsmasq.stat.exists @@ -87,6 +89,6 @@ firewalld: zone: internal service: nfs - permanent: yes - immediate: yes + permanent: true + immediate: true state: enabled diff --git a/roles/prepare4clients/handlers/main.yml b/roles/prepare4clients/handlers/main.yml index 3d30c45..dc6f9ad 100644 --- a/roles/prepare4clients/handlers/main.yml +++ b/roles/prepare4clients/handlers/main.yml @@ -1,7 +1,7 @@ - name: start git-repo systemd: - daemon_reload: yes + daemon_reload: true name: git-repo state: started - enabled: yes + enabled: true listen: start git-repo diff --git a/roles/prepare4clients/tasks/main.yml b/roles/prepare4clients/tasks/main.yml index f1fbc97..d5679e0 100644 --- a/roles/prepare4clients/tasks/main.yml +++ b/roles/prepare4clients/tasks/main.yml @@ -1,13 +1,13 @@ - name: make sure ansible is available apt: name: ansible - state: latest + state: latest # noqa package-latest - name: generate ssh key command: "su -l {{ ansible_user }} -c \"ssh-keygen -t rsa -f /home/{{ ansible_user }}/.ssh/id_rsa -P ''\"" args: creates: "/home/{{ ansible_user }}/.ssh/id_rsa" - warn: False + warn: false - name: slurp public key slurp: @@ -15,7 +15,8 @@ register: sshpubkey # The following seems to be necessary to get rid of a newline: -- set_fact: +- name: define variable + set_fact: sshpubkey: "{{ sshpubkey['content'] | b64decode | replace('\n', '') }}" - name: enable backports in preseed file @@ -87,12 +88,15 @@ block: | # Use a temporary package cache during installation, install etckeeper. menuentry 'Debian stable (amd64) + temporary package cache' { - linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux mirror/http/proxy?=http://{{ ansible_hostname }}:3142/ pkgsel/include=etckeeper preseed/late_command="rm -fv /target/etc/apt/apt.conf" --- + linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux \ + mirror/http/proxy?=http://{{ ansible_hostname }}:3142/ pkgsel/include=etckeeper \ + preseed/late_command="rm -fv /target/etc/apt/apt.conf" --- initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz } menuentry 'Debian {{ di_version }} (amd64) + preseed + kiosk.yml' { - linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kiosk.yml --- + linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux \ + auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kiosk.yml --- initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz } @@ -128,7 +132,8 @@ insertbefore: EOF block: | menuentry 'Debian {{ di_version }} (amd64) + preseed + kerberox-client.yml' { - linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kerberox-client.yml --- + linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux \ + auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kerberox-client.yml --- initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz } marker: "# {mark} ANSIBLE MANAGED BLOCK kerberox-client" @@ -161,13 +166,16 @@ block: | menuentry 'Debian {{ di_version }} (amd64) + preseed + sambox-client.yml' { regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 "\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac - linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical hostname=${oct4}${oct5}${oct6} url=tftp://{{ ansible_hostname }} playbook=sambox-client.yml --- + linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux \ + auto=true priority=critical hostname=${oct4}${oct5}${oct6} url=tftp://{{ ansible_hostname }} \ + playbook=sambox-client.yml --- initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz } menuentry 'Debian daily (amd64) + preseed + sambox-client.yml' { regexp --set=1:oct4 --set=2:oct5 --set=3:oct6 "\:([[:xdigit:]]+)\:([[:xdigit:]]+)\:([[:xdigit:]]+)\$" $net_default_mac - linux /d-i/n-a/daily/amd64/linux auto=true priority=critical hostname=${oct4}${oct5}${oct6} url=tftp://{{ ansible_hostname }} playbook=sambox-client.yml --- + linux /d-i/n-a/daily/amd64/linux auto=true priority=critical hostname=${oct4}${oct5}${oct6} \ + url=tftp://{{ ansible_hostname }} playbook=sambox-client.yml --- initrd /d-i/n-a/daily/amd64/initrd.gz } marker: "# {mark} ANSIBLE MANAGED BLOCK sambox-client" @@ -181,7 +189,7 @@ git: repo: 'https://salsa.debian.org/andi/debian-lan-ansible.git' dest: "{{ repo_dir }}" - update: no + update: false become_user: "{{ ansible_user }}" when: not run_in_installer|default(false)|bool @@ -189,6 +197,7 @@ template: src: git-repo.j2 dest: "/etc/systemd/system/git-repo.service" + mode: 0644 notify: start git-repo when: not run_in_installer|default(false)|bool @@ -197,7 +206,8 @@ - name: add clients to inventory blockinfile: dest: /etc/ansible/hosts - create: yes + create: true + mode: 0644 block: | [kerberox-client] {{ in_inventory }} diff --git a/roles/samba-ldap/handlers/main.yml b/roles/samba-ldap/handlers/main.yml index 99844ab..aef70e4 100644 --- a/roles/samba-ldap/handlers/main.yml +++ b/roles/samba-ldap/handlers/main.yml @@ -5,4 +5,3 @@ - name: restart smbd service: name=smbd state=restarted enabled=yes listen: "restart smbd" - diff --git a/roles/samba-ldap/meta/main.yml b/roles/samba-ldap/meta/main.yml index b19fb35..36ca9ba 100644 --- a/roles/samba-ldap/meta/main.yml +++ b/roles/samba-ldap/meta/main.yml @@ -1,3 +1,3 @@ --- -dependencies: +dependencies: # noqa meta-no-info - role: ldap diff --git a/roles/samba-ldap/tasks/main.yml b/roles/samba-ldap/tasks/main.yml index cf0e871..e272ee2 100644 --- a/roles/samba-ldap/tasks/main.yml +++ b/roles/samba-ldap/tasks/main.yml @@ -9,8 +9,7 @@ name: - samba - sssd-ldap - state: latest - + state: latest # noqa package-latest - name: provide identities from LDAP template: @@ -19,8 +18,8 @@ mode: 0600 notify: restart sssd -- meta: flush_handlers - +- name: flush all handlers + meta: flush_handlers - name: prepare samba schema command: cp /usr/share/doc/samba/examples/LDAP/samba.ldif /etc/ldap/schema/ @@ -87,8 +86,8 @@ - name: slurp admin password for samba setup slurp: src: "{{ ldap_admin_pwd_file }}" - register: ldap_admin_pwd - no_log: true + register: ldap_admin_pwd + no_log: true when: not samba_ldap.stat.exists - name: make samba admin password available to smbd @@ -97,9 +96,10 @@ notify: restart smbd when: not samba_ldap.stat.exists -- meta: flush_handlers +- name: flush all handlers + meta: flush_handlers -- name: add samba attributes to dummy user foo +- name: add samba attributes to dummy user foo command: cmd: smbpasswd -s -a foo stdin: "{{ foo_pwd }}\n{{ foo_pwd }}" @@ -111,8 +111,8 @@ firewalld: zone: internal service: "{{ item }}" - permanent: yes - immediate: yes + permanent: true + immediate: true state: enabled with_items: - samba diff --git a/roles/samba-ldap/templates/sssd.conf.j2 b/roles/samba-ldap/templates/sssd.conf.j2 index c5c4187..6e6ac14 100644 --- a/roles/samba-ldap/templates/sssd.conf.j2 +++ b/roles/samba-ldap/templates/sssd.conf.j2 @@ -19,5 +19,5 @@ cache_credentials = true min_id = {{ min_id_sssd }} max_id = {{ max_id_sssd }} -## remove this after providing propper certificates: +## remove this after providing propper certificates: ldap_tls_reqcert = allow diff --git a/roles/smb-sshfs-client/handlers/main.yml b/roles/smb-sshfs-client/handlers/main.yml index 3c18dd6..d54b258 100644 --- a/roles/smb-sshfs-client/handlers/main.yml +++ b/roles/smb-sshfs-client/handlers/main.yml @@ -4,6 +4,5 @@ - name: reload systemd systemd: - daemon_reload: yes + daemon_reload: true listen: "reload systemd" - diff --git a/roles/smb-sshfs-client/tasks/main.yml b/roles/smb-sshfs-client/tasks/main.yml index 0aaedde..4dcf1e1 100644 --- a/roles/smb-sshfs-client/tasks/main.yml +++ b/roles/smb-sshfs-client/tasks/main.yml @@ -3,10 +3,10 @@ apt: name: - sssd-ldap - - libpam-mount + - libpam-mount - cifs-utils - - sshfs - state: latest + - sshfs + state: latest # noqa package-latest - name: add URI to ldap.conf lineinfile: @@ -23,7 +23,7 @@ - name: enable pam_umask lineinfile: dest: /etc/pam.d/common-session - line: "session optional pam_umask.so usergroups" + line: "session optional pam_umask.so usergroups" - name: provide identities from directory template: @@ -65,4 +65,6 @@ ## gnome-keyring fails with sshfs: - name: disable gnome-keyring-daemon - command: dpkg-divert --divert /usr/bin/gnome-keyring-daemon.distrib --rename /usr/bin/gnome-keyring-daemon + command: + cmd: dpkg-divert --divert /usr/bin/gnome-keyring-daemon.distrib --rename /usr/bin/gnome-keyring-daemon + creates: /usr/bin/gnome-keyring-daemon.distrib diff --git a/roles/systemd-networkd-resolved/handlers/main.yml b/roles/systemd-networkd-resolved/handlers/main.yml index 6084965..457c60b 100644 --- a/roles/systemd-networkd-resolved/handlers/main.yml +++ b/roles/systemd-networkd-resolved/handlers/main.yml @@ -1,14 +1,14 @@ - name: restart and enable systemd-networkd systemd: name: systemd-networkd - enabled: yes + enabled: true state: restarted - daemon_reload: yes + daemon_reload: true listen: "start and enable systemd-networkd" - name: start and enable systemd-resolved systemd: name: systemd-resolved - enabled: yes + enabled: true state: started listen: "start and enable systemd-resolved" diff --git a/roles/systemd-networkd-resolved/tasks/main.yml b/roles/systemd-networkd-resolved/tasks/main.yml index 3033c67..2918d11 100644 --- a/roles/systemd-networkd-resolved/tasks/main.yml +++ b/roles/systemd-networkd-resolved/tasks/main.yml @@ -7,19 +7,20 @@ copy: src: all-eth.network dest: /etc/systemd/network/all-eth.network + mode: 0644 notify: "start and enable systemd-networkd" -#- name: install static configuration for networkd -# template: -# src: 20-static.network.j2 -# dest: /etc/systemd/network/20-static.network -# notify: "enable systemd-networkd" +# - name: install static configuration for networkd +# template: +# src: 20-static.network.j2 +# dest: /etc/systemd/network/20-static.network +# notify: "enable systemd-networkd" - name: enable local stub resolver file: src: /run/systemd/resolve/stub-resolv.conf dest: /etc/resolv.conf state: link - follow: False - force: yes + follow: false + force: true notify: "start and enable systemd-resolved" diff --git a/roles/systemd-networkd-resolved/templates/20-static.network.j2 b/roles/systemd-networkd-resolved/templates/20-static.network.j2 index 04195a9..fbdc83b 100644 --- a/roles/systemd-networkd-resolved/templates/20-static.network.j2 +++ b/roles/systemd-networkd-resolved/templates/20-static.network.j2 @@ -4,4 +4,4 @@ Name={{ if_lan }} [Network] Address={{ ipaddr }} Gateway={{ gateway }} -DNS={{ DNS }} +DNS={{ dns }} diff --git a/roles/transparent-squid/tasks/main.yml b/roles/transparent-squid/tasks/main.yml index d5df254..63f1199 100644 --- a/roles/transparent-squid/tasks/main.yml +++ b/roles/transparent-squid/tasks/main.yml @@ -1,7 +1,7 @@ - name: install squid package apt: name: squid - state: latest + state: latest # noqa package-latest - name: configure squid extra lines lineinfile: @@ -9,11 +9,16 @@ line: "{{ item.line }}" insertafter: "{{ item.insertafter }}" with_items: - - { line: "http_access allow localnet", insertafter: "#http_access allow localnet" } - - { line: "http_port 3129 intercept", insertafter: "http_port 3128" } - - { line: "maximum_object_size_in_memory 10240 KB", insertafter: "# maximum_object_size_in_memory" } - - { line: "maximum_object_size 512 MB", insertafter: "# maximum_object_size" } - - { line: "cache_dir aufs /var/spool/squid 20000 16 256", insertafter: "#cache_dir ufs /var/spool/squid" } + - line: "http_access allow localnet" + insertafter: "#http_access allow localnet" + - line: "http_port 3129 intercept" + insertafter: "http_port 3128" + - line: "maximum_object_size_in_memory 10240 KB" + insertafter: "# maximum_object_size_in_memory" + - line: "maximum_object_size 512 MB" + insertafter: "# maximum_object_size" + - line: "cache_dir aufs /var/spool/squid 20000 16 256" + insertafter: "#cache_dir ufs /var/spool/squid" notify: "restart squid" - name: configure squid store IDs @@ -29,6 +34,7 @@ copy: src: store_id_regex.conf dest: /etc/squid/store_id_regex.conf + mode: 0644 notify: "restart squid" - name: configure squid as package cache @@ -53,5 +59,5 @@ - name: redirect www traffic in shorewall lineinfile: dest: /etc/shorewall/rules - line: "REDIRECT loc 3129 tcp www" + line: "REDIRECT loc 3129 tcp www" notify: "restart shorewall" diff --git a/roles/two-interface-firewalld/tasks/main.yml b/roles/two-interface-firewalld/tasks/main.yml index a5e9850..c21b90c 100644 --- a/roles/two-interface-firewalld/tasks/main.yml +++ b/roles/two-interface-firewalld/tasks/main.yml @@ -2,13 +2,15 @@ template: src: interfaces-static.j2 dest: /etc/network/interfaces.d/static + mode: 0644 notify: "bring up LAN interface" - name: install firewalld package - apt: name=firewalld state=latest + apt: name=firewalld state=latest # noqa package-latest notify: "start firewalld" -- meta: flush_handlers +- name: flush all handlers + meta: flush_handlers ## Do not run the following in the installer: @@ -17,7 +19,7 @@ firewalld: zone: public interface: "{{ if_wan }}" - permanent: yes + permanent: true state: enabled immediate: true when: not run_in_installer|default(false)|bool @@ -26,7 +28,7 @@ firewalld: zone: public masquerade: 'yes' - permanent: yes + permanent: true state: enabled immediate: true when: not run_in_installer|default(false)|bool @@ -35,7 +37,7 @@ firewalld: zone: internal interface: "{{ if_lan }}" - permanent: yes + permanent: true state: enabled immediate: true when: not run_in_installer|default(false)|bool @@ -44,7 +46,7 @@ firewalld: zone: internal service: "{{ item }}" - permanent: yes + permanent: true state: enabled immediate: true with_items: diff --git a/roles/two-interface-shorewall/tasks/main.yml b/roles/two-interface-shorewall/tasks/main.yml index e92f99c..0974a2e 100644 --- a/roles/two-interface-shorewall/tasks/main.yml +++ b/roles/two-interface-shorewall/tasks/main.yml @@ -2,10 +2,11 @@ template: src: interfaces-static.j2 dest: /etc/network/interfaces.d/static + mode: 0644 notify: restart networking - name: install shorewall packages - apt: name=shorewall state=latest + apt: name=shorewall state=latest # noqa package-latest - name: copy shorewall configuration command: cp {{ item }} /etc/shorewall/ @@ -24,7 +25,7 @@ - name: find files in /etc/shorewall/ find: paths: /etc/shorewall/ - use_regex: yes + use_regex: true pattern: '.+[^~]$' contains: '.*(eth0|eth1).*' register: find_result @@ -35,7 +36,7 @@ dest: "{{ item.path }}" regexp: 'eth0' replace: "{{ if_wan }}" - backup: yes + backup: true with_items: "{{ find_result.files }}" notify: restart shorewall @@ -44,7 +45,7 @@ dest: "{{ item.path }}" regexp: 'eth1' replace: "{{ if_lan }}" - backup: yes + backup: true with_items: "{{ find_result.files }}" notify: restart shorewall @@ -53,7 +54,7 @@ dest: /etc/shorewall/shorewall.conf regexp: 'IP_FORWARDING=Keep' replace: 'IP_FORWARDING=Yes' - backup: yes + backup: true notify: restart shorewall - name: configure shorewall policy @@ -61,7 +62,7 @@ dest: /etc/shorewall/policy regexp: 'loc(\s+)net(\s+)ACCEPT' replace: 'loc\1all\2ACCEPT\n$FW\1all\2ACCEPT' - backup: yes + backup: true notify: restart shorewall - name: configure shorewall rules @@ -69,5 +70,5 @@ dest: /etc/shorewall/rules regexp: '(SSH\(ACCEPT\)\s+)loc(\s+\$FW)' replace: '\1all\2' - backup: yes + backup: true notify: restart shorewall diff --git a/roles/up2date-debian/tasks/main.yml b/roles/up2date-debian/tasks/main.yml index cd11949..d28bc9e 100644 --- a/roles/up2date-debian/tasks/main.yml +++ b/roles/up2date-debian/tasks/main.yml @@ -2,36 +2,36 @@ - name: update apt package lists apt: - update_cache: yes + update_cache: true cache_valid_time: 86400 - name: upgrade packages apt: upgrade: dist - autoremove: yes - autoclean: yes + autoremove: true + autoclean: true - name: install etckeeper apt: name: etckeeper - state: latest + state: latest # noqa package-latest - name: install extra packages from stable apt: name: "{{ extra_pkgs }}" - state: latest + state: latest # noqa package-latest when: extra_pkgs|length - name: add {{ ansible_distribution_release }}-backports apt_repository: repo: deb http://deb.debian.org/debian/ {{ ansible_distribution_release }}-backports main state: present - update_cache: yes + update_cache: true when: extra_pkgs_bpo|length - name: install extra packages from backports apt: name: "{{ extra_pkgs_bpo }}" - state: latest + state: latest # noqa package-latest default_release: "{{ ansible_distribution_release }}-backports" when: extra_pkgs_bpo|length diff --git a/roles/web-server/tasks/main.yml b/roles/web-server/tasks/main.yml index c0d073c..f6b46a8 100644 --- a/roles/web-server/tasks/main.yml +++ b/roles/web-server/tasks/main.yml @@ -1,5 +1,5 @@ - name: install some packages - apt: name={{ item }} state=latest + apt: name={{ item }} state=latest # noqa package-latest with_items: - unattended-upgrades - screen diff --git a/sambox-client.yml b/sambox-client.yml index 8b63293..305f81c 100644 --- a/sambox-client.yml +++ b/sambox-client.yml @@ -4,7 +4,7 @@ - name: apply configuration to the machines hosts: all remote_user: ansible - become: yes + become: true vars: extra_pkgs: - webext-privacy-badger @@ -16,5 +16,5 @@ - up2date-debian - smb-sshfs-client ## Choose either gnome or KDE: - #- gnome - #- kde + # - gnome + # - kde diff --git a/sambox.yml b/sambox.yml index a8efcc1..465a5d8 100644 --- a/sambox.yml +++ b/sambox.yml @@ -1,13 +1,13 @@ --- ## This playbook deploys the sambox server. Add 'hostname=XXX' and 'domain=YYY' ## to the installer boot parameters to set hostname and domain. -## +## - name: apply configuration to the sambox server hosts: all remote_user: ansible - become: yes + become: true vars: ## This interface provides the default route: @@ -22,11 +22,11 @@ ipaddr_lan_ptr: "{{ (ipaddr_lan | ipaddr('revdns')).split('.')[1:] | join('.') }}" ipaddr_lan_ptr_threeoct: "{{ ipaddr_lan_ptr.split('.')[0:3] | join('.') }}" dhcp_start: 192.168.0.50 - dhcp_stop: 192.168.0.150 + dhcp_stop: 192.168.0.150 in_inventory: 192.168.0.[50:150] di_dist: "{{ ansible_distribution_release }}" - di_version: 10 #"{{ ansible_distribution_major_version }}" + di_version: 10 # "{{ ansible_distribution_major_version }}" di_pkg: "debian-installer-{{ di_version }}-netboot-amd64" ansible_user: ansible @@ -40,7 +40,7 @@ In case you would like to prepare a test user 'foo' and have not done so yet, provide foo's password here. Leave empty to just continue - private: yes + private: true pre_tasks: