Add linter
This commit is contained in:
parent
78b894192c
commit
dc997a359e
|
@ -0,0 +1 @@
|
||||||
|
profile: production
|
|
@ -0,0 +1 @@
|
||||||
|
ansible-lint roles/*/tasks/main.yml tasks/*.yml
|
|
@ -7,7 +7,7 @@
|
||||||
- keycloak.db.password is defined
|
- keycloak.db.password is defined
|
||||||
|
|
||||||
- name: Create PostgreSQL database
|
- name: Create PostgreSQL database
|
||||||
ansible.builtin.include_tasks: create_postgres_db.yml
|
ansible.builtin.include_tasks: tasks/create_postgres_db.yml
|
||||||
vars:
|
vars:
|
||||||
user: "{{ keycloak.db.user }}"
|
user: "{{ keycloak.db.user }}"
|
||||||
database: "{{ keycloak.db.database }}"
|
database: "{{ keycloak.db.database }}"
|
||||||
|
@ -29,6 +29,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
state: directory
|
state: directory
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
|
mode: "755"
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ keycloak.datadir }}/keystore/"
|
- "{{ keycloak.datadir }}/keystore/"
|
||||||
|
|
||||||
|
@ -36,6 +37,7 @@
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: units/sso-keycloak.container.j2
|
src: units/sso-keycloak.container.j2
|
||||||
dest: ~/.config/containers/systemd/sso-keycloak.container
|
dest: ~/.config/containers/systemd/sso-keycloak.container
|
||||||
|
mode: "644"
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ keycloak.podman.user }}"
|
become_user: "{{ keycloak.podman.user }}"
|
||||||
|
|
||||||
|
@ -55,7 +57,7 @@
|
||||||
keycloak-db-user: "{{ keycloak.db.user }}"
|
keycloak-db-user: "{{ keycloak.db.user }}"
|
||||||
keycloak-db-password: "{{ keycloak.db.password }}"
|
keycloak-db-password: "{{ keycloak.db.password }}"
|
||||||
with_dict: "{{ secrets }}"
|
with_dict: "{{ secrets }}"
|
||||||
no_log: true # Secret values
|
no_log: true
|
||||||
|
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ keycloak.podman.user }}"
|
become_user: "{{ keycloak.podman.user }}"
|
||||||
|
@ -71,7 +73,7 @@
|
||||||
become_user: "{{ keycloak.podman.user }}"
|
become_user: "{{ keycloak.podman.user }}"
|
||||||
|
|
||||||
- name: Set up reverse proxy
|
- name: Set up reverse proxy
|
||||||
ansible.builtin.include_tasks: create_vhost.yml
|
ansible.builtin.include_tasks: tasks/create_vhost.yml
|
||||||
vars:
|
vars:
|
||||||
external_url: "{{ keycloak.reverse_proxy.external_url }}"
|
external_url: "{{ keycloak.reverse_proxy.external_url }}"
|
||||||
proxy_url: "{{ keycloak.reverse_proxy.proxy_url }}"
|
proxy_url: "{{ keycloak.reverse_proxy.proxy_url }}"
|
||||||
|
|
|
@ -17,4 +17,4 @@
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: slapd.service
|
name: slapd.service
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Set up OpenLDAP
|
- name: Set up OpenLDAP
|
||||||
include_tasks: ldap.yml
|
ansible.builtin.include_tasks: ldap.yml
|
||||||
|
|
||||||
- name: Set up Keycloak
|
- name: Set up Keycloak
|
||||||
include_tasks: keycloak.yml
|
ansible.builtin.include_tasks: keycloak.yml
|
||||||
vars:
|
vars:
|
||||||
keycloak: "{{ keycloak_config }}"
|
keycloak: "{{ keycloak_config }}"
|
||||||
|
|
|
@ -14,12 +14,14 @@
|
||||||
src: nftables.service
|
src: nftables.service
|
||||||
dest: /etc/systemd/system/nftables.service
|
dest: /etc/systemd/system/nftables.service
|
||||||
state: present
|
state: present
|
||||||
|
mode: "644"
|
||||||
when: ansible_facts.services['nftables.service'] is not defined
|
when: ansible_facts.services['nftables.service'] is not defined
|
||||||
|
|
||||||
- name: Add config file
|
- name: Add config file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: nftables.conf.j2
|
src: nftables.conf.j2
|
||||||
dest: "{{ nftables_main_file[ansible_os_family] | default('/etc/nftables.conf') }}"
|
dest: "{{ nftables_main_file[ansible_os_family] | default('/etc/nftables.conf') }}"
|
||||||
|
mode: "644"
|
||||||
vars:
|
vars:
|
||||||
nftables_main_file:
|
nftables_main_file:
|
||||||
Debian: /etc/nftables.conf
|
Debian: /etc/nftables.conf
|
||||||
|
@ -29,6 +31,7 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
mode: "755"
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/nftables/input.d
|
- /etc/nftables/input.d
|
||||||
- /etc/nftables/forward.d
|
- /etc/nftables/forward.d
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "{{ user }}"
|
user: "{{ user }}"
|
||||||
key: "{{ lookup('file', '../../access/keys/' + item + '.pub') }}"
|
key: "{{ lookup('file', '../../access/keys/' + item + '.pub') }}"
|
||||||
state: present # Note: we don't remove other/existing keys
|
state: present # Note: we don't remove other/existing keys
|
||||||
with_items: "{{ global_ssh_keys + (ssh_keys[user] | default([])) + (ssh_keys['*'] | default([])) }}"
|
with_items: "{{ global_ssh_keys + (ssh_keys[user] | default([])) + (ssh_keys['*'] | default([])) }}"
|
||||||
|
|
||||||
|
|
||||||
|
@ -28,10 +28,12 @@
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: ~/.config/containers/systemd
|
path: ~/.config/containers/systemd
|
||||||
state: directory
|
state: directory
|
||||||
|
mode: "755"
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ user }}"
|
become_user: "{{ user }}"
|
||||||
|
|
||||||
# Note: We check whether lingering is already enabled so we show as OK/skipped instead of changed
|
# Note: We check whether lingering is already enabled
|
||||||
|
# so we don't execute the command if not needed
|
||||||
- name: Check if user is lingering
|
- name: Check if user is lingering
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "/var/lib/systemd/linger/{{ user }}"
|
path: "/var/lib/systemd/linger/{{ user }}"
|
||||||
|
@ -41,3 +43,4 @@
|
||||||
ansible.builtin.command: "loginctl enable-linger {{ user }}"
|
ansible.builtin.command: "loginctl enable-linger {{ user }}"
|
||||||
when:
|
when:
|
||||||
- not user_lingering.stat.exists
|
- not user_lingering.stat.exists
|
||||||
|
changed_when: not user_lingering.stat.exists
|
||||||
|
|
|
@ -9,11 +9,13 @@
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: Caddyfile
|
src: Caddyfile
|
||||||
dest: /etc/caddy/Caddyfile
|
dest: /etc/caddy/Caddyfile
|
||||||
|
mode: "644"
|
||||||
|
|
||||||
- name: Create site config directories
|
- name: Create site config directories
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
mode: "755"
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/caddy/sites-available
|
- /etc/caddy/sites-available
|
||||||
- /etc/caddy/sites-enabled
|
- /etc/caddy/sites-enabled
|
||||||
|
@ -25,6 +27,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
owner: caddy
|
owner: caddy
|
||||||
group: caddy
|
group: caddy
|
||||||
|
mode: "755"
|
||||||
with_items:
|
with_items:
|
||||||
- /var/log/caddy
|
- /var/log/caddy
|
||||||
|
|
||||||
|
@ -38,5 +41,6 @@
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
dest: /etc/nftables/input.d/caddy.nft
|
dest: /etc/nftables/input.d/caddy.nft
|
||||||
src: caddy.nft
|
src: caddy.nft
|
||||||
|
mode: "644"
|
||||||
when: firewall is defined
|
when: firewall is defined
|
||||||
notify: Restart nftables
|
notify: Restart nftables
|
||||||
|
|
|
@ -8,13 +8,14 @@
|
||||||
- tls.type is not defined or (tls.type in ['auto', 'internal', 'cloudflare', 'file'] )
|
- tls.type is not defined or (tls.type in ['auto', 'internal', 'cloudflare', 'file'] )
|
||||||
|
|
||||||
- name: Set up Caddy
|
- name: Set up Caddy
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: reverse-proxy
|
name: reverse-proxy
|
||||||
|
|
||||||
- name: Template vhost file
|
- name: Template vhost file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "{{ template_file | default('vhost.caddy.j2') }}"
|
src: "{{ template_file | default('vhost.caddy.j2') }}"
|
||||||
dest: "/etc/caddy/sites-available/{{ app_name }}.caddy"
|
dest: "/etc/caddy/sites-available/{{ app_name }}.caddy"
|
||||||
|
mode: "644"
|
||||||
|
|
||||||
- name: Symlink vhost
|
- name: Symlink vhost
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
|
Loading…
Reference in New Issue