Tasks
main.yml
Synopsis: Main task.
Import tasks if enabled.
1---
2# linux_postinstall tasks
3
4- name: Import vars.yml
5 ansible.builtin.import_tasks: vars.yml
6 tags: [lp_vars, always]
7
8- name: Import debug.yml
9 ansible.builtin.import_tasks: debug.yml
10 when: lp_debug|bool
11 tags: [lp_debug, always]
12
13- name: Import swap.yml
14 ansible.builtin.import_tasks: swap.yml
15 when: ((ansible_os_family == 'RedHat') or
16 (ansible_os_family == 'Debian')) and lp_swap|bool
17 tags: lp_swap
18
19- name: Import modules.yml
20 ansible.builtin.import_tasks: modules.yml
21 when: (ansible_os_family == 'RedHat') or
22 (ansible_os_family == 'Debian')
23 tags: lp_modules
24
25- name: Import udev.yml
26 ansible.builtin.import_tasks: udev.yml
27 when: ((ansible_os_family == 'RedHat') or
28 (ansible_os_family == 'Debian')) and lp_udev|bool
29 tags: lp_udev
30
31- name: Import fstab.yml
32 ansible.builtin.import_tasks: fstab.yml
33 when: ((ansible_os_family == 'RedHat') or
34 (ansible_os_family == 'Debian'))
35 tags: lp_fstab
36
37- name: Import networkmanager.yml
38 ansible.builtin.import_tasks: networkmanager.yml
39 when: (ansible_os_family == 'Debian') and lp_nm|bool
40 tags: lp_nm
41
42- name: Import netplan.yml
43 ansible.builtin.import_tasks: netplan.yml
44 when: (ansible_os_family == 'Debian') and lp_netplan|bool
45 tags: lp_netplan
46
47- name: Import systemd.yml
48 ansible.builtin.import_tasks: systemd.yml
49 when: (ansible_os_family == 'Debian') and lp_systemd|bool
50 tags: lp_systemd
51
52- name: Import networkd.yml
53 ansible.builtin.import_tasks: networkd.yml
54 when: (ansible_os_family == 'Debian') and lp_networkd|bool
55 tags: lp_networkd
56
57- name: Import timezone.yml
58 ansible.builtin.import_tasks: timezone.yml
59 when: ((ansible_os_family == 'RedHat') or
60 (ansible_os_family == 'Debian')) and lp_timezone|bool
61 tags: lp_timezone
62
63- name: Import timesyncd.yml
64 ansible.builtin.import_tasks: timesyncd.yml
65 when: (ansible_os_family == 'Debian') and lp_timesyncd|bool
66 tags: lp_timesyncd
67
68- name: Import chrony.yml
69 ansible.builtin.import_tasks: chrony.yml
70 when: ((ansible_os_family == 'RedHat') or
71 (ansible_os_family == 'Debian')) and lp_chrony|bool
72 tags: lp_chrony
73
74- name: Import apt.yml
75 ansible.builtin.import_tasks: apt.yml
76 when: ansible_os_family == 'Debian' and lp_apt|bool
77 tags: lp_apt
78
79- name: Import snap.yml
80 ansible.builtin.import_tasks: snap.yml
81 when: ansible_os_family == 'Debian' and lp_snap|bool
82 tags: lp_snap
83
84- name: Import repos.yml
85 ansible.builtin.import_tasks: repos.yml
86 when: ansible_os_family == 'Debian'
87 tags: lp_repos
88
89- name: Import packages.yml
90 ansible.builtin.import_tasks: packages.yml
91 when: (ansible_os_family == 'RedHat') or
92 (ansible_os_family == 'Debian')
93 tags: lp_packages
94
95- name: Import upgrades.yml
96 ansible.builtin.import_tasks: auto_upgrades.yml
97 when: (ansible_os_family == 'Debian') and lp_auto_upgrades|bool
98 tags: lp_auto_upgrades
99
100- name: Import sysctl.yml
101 ansible.builtin.import_tasks: sysctl.yml
102 when: (ansible_os_family == 'RedHat') or
103 (ansible_os_family == 'Debian')
104 tags: lp_sysctl
105
106- name: Import zfs.yml
107 ansible.builtin.import_tasks: zfs.yml
108 when: (ansible_os_family == 'Debian') and lp_zfs|bool
109 tags: lp_zfs
110
111- name: Import hostname.yml
112 ansible.builtin.import_tasks: hostname.yml
113 when: (ansible_os_family == 'RedHat') or
114 (ansible_os_family == 'Debian')
115 tags: lp_hostname
116
117- name: Import hosts.yml
118 ansible.builtin.import_tasks: hosts.yml
119 when: (ansible_os_family == 'RedHat') or
120 (ansible_os_family == 'Debian')
121 tags: lp_hosts
122
123- name: Import iptables.yml
124 ansible.builtin.import_tasks: iptables.yml
125 when: (ansible_os_family == 'Debian') and lp_iptables|bool
126 tags: lp_iptables
127
128- name: Import grub.yml
129 ansible.builtin.import_tasks: grub.yml
130 when: (ansible_os_family == 'Debian') and lp_grub|bool
131 tags: lp_grub
132 # https://unix.stackexchange.com/questions/152222/
133 # equivalent-of-update-grub-for-rhel-fedora-centos-systems
134
135- name: Import groups.yml
136 ansible.builtin.import_tasks: groups.yml
137 when: (ansible_os_family == 'RedHat') or
138 (ansible_os_family == 'Debian')
139 tags: lp_groups
140
141- name: Import users.yml
142 ansible.builtin.import_tasks: users.yml
143 when: (ansible_os_family == 'RedHat') or
144 (ansible_os_family == 'Debian')
145 tags: lp_users
146
147- name: Import gpg.yml
148 ansible.builtin.import_tasks: gpg.yml
149 when: (ansible_os_family == 'Debian') and lp_gpg|bool
150 tags: lp_gpg
151
152- name: Import passwords.yml
153 ansible.builtin.import_tasks: passwords.yml
154 when: (ansible_os_family == 'RedHat') or
155 (ansible_os_family == 'Debian') and lp_passwords|bool
156 tags: lp_passwords
157
158- name: Import sudoers.yml
159 ansible.builtin.import_tasks: sudoers.yml
160 when: (ansible_os_family == 'RedHat') or
161 (ansible_os_family == 'Debian')
162 tags: lp_sudoers
163
164- name: Import keys.yml
165 ansible.builtin.import_tasks: authorized_keys.yml
166 when: (ansible_os_family == 'RedHat') or
167 (ansible_os_family == 'Debian')
168 tags: lp_authorized_keys
169
170- name: Import aliases.yml
171 ansible.builtin.import_tasks: aliases.yml
172 when: ((ansible_os_family == 'RedHat') or
173 (ansible_os_family == 'Debian')) and lp_aliases|bool
174 tags: lp_aliases
175
176- name: Import utils.yml
177 ansible.builtin.import_tasks: pm_utils.yml
178 when: (ansible_os_family == 'Debian') and lp_pm|bool
179 tags: lp_pm
180
181- name: Import ssh.yml
182 ansible.builtin.import_tasks: ssh.yml
183 when: ((ansible_os_family == 'RedHat') or
184 (ansible_os_family == 'Debian')) and lp_ssh|bool
185 tags: lp_ssh
186
187- name: Import sshd.yml
188 ansible.builtin.import_tasks: sshd.yml
189 when: ((ansible_os_family == 'RedHat') or
190 (ansible_os_family == 'Debian')) and lp_sshd|bool
191 tags: lp_sshd
192
193- name: Import bluetooth.yml
194 ansible.builtin.import_tasks: bluetooth.yml
195 when: (ansible_os_family == 'Debian') and lp_bluetooth|bool
196 tags: lp_bluetooth
197
198- name: Import xorg.yml
199 ansible.builtin.import_tasks: xorg.yml
200 when: (ansible_os_family == 'Debian') and lp_xorg|bool
201 tags: lp_xorg
202
203- name: Import cron.yml
204 ansible.builtin.import_tasks: cron.yml
205 when: (ansible_os_family == 'RedHat') or
206 (ansible_os_family == 'Debian')
207 tags: lp_cron
208
209- name: Import modemmanager.yml
210 ansible.builtin.import_tasks: modemmanager.yml
211 when: (ansible_os_family == 'Debian') and lp_modemmanager|bool
212 tags: lp_modemmanager
213
214- name: Import gpsd.yml
215 ansible.builtin.import_tasks: gpsd.yml
216 when: (ansible_os_family == 'Debian') and lp_gpsd|bool
217 tags: lp_gpsd
218
219- name: Import postfix.yml
220 ansible.builtin.import_tasks: postfix.yml
221 when: ((ansible_os_family == 'RedHat') or
222 (ansible_os_family == 'Debian')) and lp_postfix|bool
223 tags: lp_postfix
224
225- name: Import smart.yml
226 ansible.builtin.import_tasks: smart.yml
227 when: (ansible_os_family == 'Debian') and lp_smart|bool
228 tags: lp_smart
229
230- name: Import apparmor.yml
231 ansible.builtin.import_tasks: apparmor.yml
232 when: (ansible_os_family == 'Debian') and lp_apparmor|bool
233 tags: lp_apparmor
234
235- name: Flush handlers
236 ansible.builtin.meta: flush_handlers
237
238- name: Import zeitgeist.yml
239 ansible.builtin.import_tasks: zeitgeist.yml
240 when: (ansible_os_family == 'Debian') and lp_zeitgeist|bool
241 tags: lp_zeitgeist
242
243- name: Import lid.yml
244 ansible.builtin.import_tasks: lid.yml
245 when: (ansible_os_family == 'Debian') and lp_lid|bool
246 tags: lp_lid
247
248- name: Import acpi.yml
249 ansible.builtin.import_tasks: acpi.yml
250 when: (ansible_os_family == 'Debian') and lp_acpi|bool
251 tags: lp_acpi
252
253- name: Import speechd.yml
254 ansible.builtin.import_tasks: speechd.yml
255 when: (ansible_os_family == 'Debian') and lp_speechd|bool
256 tags: lp_speechd
257
258- name: Import nfsd.yml
259 ansible.builtin.import_tasks: nfsd.yml
260 when: (ansible_os_family == 'Debian') and lp_nfsd|bool
261 tags: lp_nfsd
262
263- name: Flush handlers
264 meta: flush_handlers
265
266- name: Import latex.yml
267 ansible.builtin.import_tasks: latex.yml
268 when: (ansible_os_family == 'Debian') and lp_latex|bool
269 tags: lp_latex
270
271- name: Import kvm.yml
272 ansible.builtin.import_tasks: kvm.yml
273 when: (ansible_os_family == 'Debian') and lp_kvm|bool
274 tags: lp_kvm
275
276- name: Import xen.yml
277 ansible.builtin.import_tasks: xen.yml
278 when: (ansible_os_family == 'Debian') and lp_xen|bool
279 tags: lp_xen
280
281- name: Import virtualbox.yml
282 ansible.builtin.import_tasks: virtualbox.yml
283 when: (ansible_os_family == 'Debian') and lp_virtualbox|bool
284 tags: lp_virtualbox
285
286- name: Import wpagui.yml
287 ansible.builtin.import_tasks: wpagui.yml
288 when: (ansible_os_family == 'Debian') and lp_wpagui|bool
289 tags: lp_wpagui
290
291- name: Import wpasupplicant.yml
292 ansible.builtin.import_tasks: wpasupplicant.yml
293 when: ((ansible_os_family == 'RedHat') or
294 (ansible_os_family == 'Debian')) and lp_wpasupplicant|bool
295 tags: lp_wpasupplicant
296
297- name: Import logrotate.yml
298 ansible.builtin.import_tasks: logrotate.yml
299 when: ((ansible_os_family == 'RedHat') or
300 (ansible_os_family == 'Debian')) and lp_logrotate|bool
301 tags: lp_logrotate
302
303- name: Import tlp.yml
304 ansible.builtin.import_tasks: tlp.yml
305 when: (ansible_os_family == 'Debian') and lp_tlp|bool
306 tags: lp_tlp
307
308- name: Import autofs.yml
309 ansible.builtin.import_tasks: autofs.yml
310 when: (ansible_os_family == 'Debian') and lp_autofs|bool
311 tags: lp_autofs
312
313- name: Import libvirt.yml
314 ansible.builtin.import_tasks: libvirt.yml
315 when: (ansible_os_family == 'Debian') and lp_libvirt|bool
316 tags: lp_libvirt
317
318- name: Import ufw.yml
319 ansible.builtin.import_tasks: ufw.yml
320 when: (ansible_os_family == 'Debian') and lp_ufw|bool
321 tags: lp_ufw
322
323- name: Import debsums.yml
324 ansible.builtin.import_tasks: debsums.yml
325 when: (ansible_os_family == 'Debian') and lp_debsums|bool
326 tags: lp_debsums
327
328- name: Flush handlers
329 meta: flush_handlers
330
331- name: Import rc_local.yml
332 ansible.builtin.import_tasks: rc_local.yml
333 when: (ansible_os_family == 'Debian') and lp_rc_local|bool
334 tags: lp_rc_local
335
336- name: Import service.yml
337 ansible.builtin.import_tasks: service.yml
338 tags: lp_service
339
340- name: Import resolvconf.yml
341 ansible.builtin.import_tasks: resolvconf.yml
342 when: (ansible_os_family == 'Debian') and lp_resolvconf|bool
343 tags: lp_resolvconf
344
345- name: Import dnsmasq.yml
346 ansible.builtin.import_tasks: dnsmasq.yml
347 when: (ansible_os_family == 'Debian') and lp_dnsmasq|bool
348 tags: lp_dnsmasq
349
350- name: Import reboot.yml
351 ansible.builtin.import_tasks: reboot.yml
352 when: ((ansible_os_family == 'RedHat') or
353 (ansible_os_family == 'Debian')) and lp_reboot|bool
354 tags: lp_reboot
355
356# EOF
357...
acpi.yml
Synopsis: Configure acpi.
Description of the task.
1---
2# linux_postinstall acpi
3
4- name: "acpi: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_acpi_install: {{ lp_acpi_install }}
9 lp_acpi_enable: {{ lp_acpi_enable }}
10 lp_acpi_service: {{ lp_acpi_service }}
11 lp_acpi_dir: {{ lp_acpi_dir }}
12 lp_acpi_owner: {{ lp_acpi_owner }}
13 lp_acpi_group: {{ lp_acpi_group }}
14 lp_acpi_event_mode: {{ lp_acpi_event_mode }}
15 lp_acpi_action_mode: {{ lp_acpi_action_mode }}
16 lp_acpi_packages: {{ lp_acpi_packages }}
17
18 lp_acpi_events:
19 {{ lp_acpi_events|to_nice_yaml(indent=2)|indent(2) }}
20 lp_acpi_actions:
21 {{ lp_acpi_actions|to_nice_yaml(indent=2)|indent(2) }}
22 ansible.builtin.debug:
23 msg: "{{ '{}'.format(msg) }}"
24 when: lp_acpi_debug|bool
25 tags: lp_acpi_debug
26
27- name: "acpi: Install packages"
28 ansible.builtin.import_role:
29 name: vbotka.linux_lib
30 tasks_from: install_package.yml
31 when: lp_acpi_install|bool
32 vars:
33 ll_ipkg_list: "{{ lp_acpi_packages }}"
34 ll_ipkg_state: "{{ lp_package_state }}"
35 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
36 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
37 ll_debug: "{{ lp_acpi_debug|bool }}"
38 tags: lp_acpi_packages
39
40- name: "acpi: Configure {{ lp_acpi_dir }}/events"
41 ansible.builtin.template:
42 src: "{{ item.value.template }}"
43 dest: "{{ lp_acpi_dir }}/events/{{ item.value.file }}"
44 owner: "{{ lp_acpi_owner }}"
45 group: "{{ lp_acpi_group }}"
46 mode: "{{ lp_acpi_event_mode }}"
47 backup: "{{ lp_backup_conf }}"
48 loop: "{{ lp_acpi_events|dict2items }}"
49 loop_control:
50 label: "{{ item.key }}"
51 notify: reload acpid
52 tags: lp_acpi_events
53
54- name: "acpi: Create actions in {{ lp_acpi_dir }}"
55 ansible.builtin.template:
56 src: "{{ item.value.template }}"
57 dest: "{{ lp_acpi_dir }}/{{ item.value.file }}"
58 owner: "{{ lp_acpi_owner }}"
59 group: "{{ lp_acpi_group }}"
60 mode: "{{ lp_acpi_action_mode }}"
61 backup: "{{ lp_backup_conf }}"
62 loop: "{{ lp_acpi_actions|dict2items }}"
63 loop_control:
64 label: "{{ item.value.file }}"
65 notify: reload acpid
66 tags: lp_acpi_actions
67
68- name: "acpi: Service {{ state }} and {{ enable }}"
69 ansible.builtin.service:
70 name: "{{ lp_acpi_service }}"
71 state: "{{ state }}"
72 enabled: "{{ enabled }}"
73 register: result
74 vars:
75 enabled: "{{ lp_acpi_enable|bool|d(false) }}"
76 state: "{{ lp_acpi_state|d(default_state) }}"
77 default_state: "{{ enabled|ternary('started', 'stopped') }}"
78 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
79 tags: lp_acpi_service
80
81# EOF
82...
aliases.yml
Synopsis: Configure aliases.
Description of the task.
1---
2# linux_postinstall aliases
3
4- name: "aliases: Configure /etc/aliases"
5 ansible.builtin.template:
6 src: aliases.j2
7 dest: /etc/aliases
8 owner: root
9 group: root
10 mode: "0644"
11 backup: "{{ lp_backup_conf }}"
12 notify: newaliases
13
14# EOF
15...
See also
Handler newaliases.yml
Template aliases.j2
apt.yml
Synopsis: Configure apt.
Description of the task.
1---
2# linux_postinstall apt
3
4- name: "apt: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_apt_conf:
9 {{ lp_apt_conf|to_nice_yaml(indent=2)|indent(2) }}
10 lp_backup_conf: {{ lp_backup_conf }}
11 ansible.builtin.debug:
12 msg: "{{ '{}'.format(msg) }}"
13 when: lp_apt_debug|bool
14 tags: lp_apt_debug
15
16- name: "apt: Configure /etc/apt/apt.conf.d"
17 ansible.builtin.template:
18 src: "{{ item.template|default('apt-confd.j2') }}"
19 dest: "/etc/apt/apt.conf.d/{{ item.file }}"
20 owner: "{{ item.owner|default('root') }}"
21 group: "{{ item.group|default('root') }}"
22 mode: "{{ item.mode|default('0644') }}"
23 backup: "{{ lp_backup_conf }}"
24 loop: "{{ lp_apt_conf }}"
25 loop_control:
26 label: "{{ item.file }}"
27 notify: "{{ item.notify|default(omit) }}"
28 tags: lp_apt_conf
29
30# EOF
31...
See also
Template apt_confd.j2
apparmor.yml
Synopsis: Configure apparmor.
Description of the task.
1---
2# linux_postinstall apparmor
3
4- name: "apparmor: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_apparmor_install: {{ lp_apparmor_install }}
9 lp_apparmor_packages:
10 {{ lp_apparmor_packages|to_nice_yaml(indent=2)|indent(2) }}
11 lp_backup_conf: {{ lp_backup_conf }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14 when: lp_apparmor_debug|bool
15 tags: lp_apparmor_debug
16
17- name: "apparmor: Install packages"
18 ansible.builtin.import_role:
19 name: vbotka.linux_lib
20 tasks_from: install_package.yml
21 when: lp_apparmor_install|bool
22 vars:
23 ll_ipkg_list: "{{ lp_apparmor_packages }}"
24 ll_ipkg_state: "{{ lp_package_state }}"
25 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
26 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
27 ll_debug: "{{ lp_apparmor_debug|bool }}"
28 tags: lp_apparmor_packages
29
30- name: "apparmor: Create list of profiles"
31 block:
32
33 - name: "apparmor: List profiles"
34 ansible.builtin.shell:
35 cmd: >
36 aa-status --json | jq .profiles | jq to_entries
37 register: result
38 changed_when: false
39
40 - name: "apparmor: Debug: List of profiles"
41 ansible.builtin.debug:
42 var: result
43 when: lp_apparmor_debug|bool
44
45 - name: "apparmor: Instantiate profiles"
46 ansible.builtin.set_fact:
47 lp_apparmor_profiles_enforce: "{{ lp_apparmor_profiles_enforce }}"
48 lp_apparmor_profiles_complain: "{{ lp_apparmor_profiles_complain }}"
49
50 - name: "apparmor: Debug profiles"
51 ansible.builtin.debug:
52 msg: |
53 lp_apparmor_profiles_enforce:
54 {{ lp_apparmor_profiles_enforce|to_nice_yaml(indent=2)|indent(2) }}
55 lp_apparmor_profiles_complain:
56 {{ lp_apparmor_profiles_complain|to_nice_yaml(indent=2)|indent(2) }}
57 when: lp_apparmor_debug|bool
58
59 tags: lp_apparmor_profiles
60
61- name: "apparmor: Disable profiles"
62 ansible.builtin.command:
63 cmd: >
64 aa-disable {{ item }}
65 loop: "{{ lp_apparmor_disable }}"
66 when: item in lp_apparmor_profiles_enforce or
67 item in lp_apparmor_profiles_complain
68 tags: lp_apparmor_disable
69
70- name: "apparmor: Enforce profiles"
71 ansible.builtin.command:
72 cmd: >
73 aa-enforce {{ item }}
74 loop: "{{ lp_apparmor_enforce }}"
75 when: item not in lp_apparmor_profiles_enforce
76 tags: lp_apparmor_enforce
77
78- name: "apparmor: Complain profiles"
79 ansible.builtin.command:
80 cmd: >
81 aa-complain {{ item }}
82 loop: "{{ lp_apparmor_complain }}"
83 when: item not in lp_apparmor_profiles_complain
84 tags: lp_apparmor_enforce
85
86- name: "apparmor: Service {{ state }} and {{ enable }}"
87 ansible.builtin.service:
88 name: "{{ lp_apparmor_service }}"
89 state: "{{ state }}"
90 enabled: "{{ enabled }}"
91 register: result
92 vars:
93 enabled: "{{ lp_apparmor_enable|bool|d(false) }}"
94 state: "{{ lp_apparmor_state|d(default_state) }}"
95 default_state: "{{ enabled|ternary('started', 'stopped') }}"
96 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
97 tags: lp_apparmor_service
98
99- name: "apparmor: Debug service"
100 ansible.builtin.debug:
101 var: result
102 when: lp_apparmor_debug|bool
103 tags: lp_apparmor_service
104
105# EOF
106...
autofs.yml
Synopsis: Configure autofs.
Description of the task.
1---
2# linux_postinstall autofs
3
4- name: "autofs: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_autofs_install: {{ lp_autofs_install }}
9 lp_autofs_enable: {{ lp_autofs_enable }}
10 lp_autofs_flush_handlers: {{ lp_swap_flush_handlers }}
11 lp_autofs_rescue_end_host: {{ lp_swap_rescue_end_host }}
12 lp_autofs_service: {{ lp_autofs_service }}
13 lp_autofs_conf_file: {{ lp_autofs_conf_file }}
14 lp_autofs_conf:
15 {{ lp_autofs_conf|to_nice_yaml(indent=2)|indent(2) }}
16 lp_autofs_master_conf_file: {{ lp_autofs_master_conf_file }}
17 lp_autofs_master_conf:
18 {{ lp_autofs_master_conf|to_nice_yaml(indent=2)|indent(2) }}
19 lp_autofs_misc_conf_file: {{ lp_autofs_misc_conf_file }}
20 lp_autofs_misc_conf:
21 {{ lp_autofs_misc_conf|to_nice_yaml(indent=2)|indent(2) }}
22 lp_autofs_packages:
23 {{ lp_autofs_packages|to_nice_yaml(indent=2)|indent(2) }}
24 lp_backup_conf: {{ lp_backup_conf }}
25 ansible.builtin.debug:
26 msg: "{{ '{}'.format(msg) }}"
27 when: lp_autofs_debug|bool
28 tags: lp_autofs_debug
29
30- name: "autofs: Install packages"
31 ansible.builtin.import_role:
32 name: vbotka.linux_lib
33 tasks_from: install_package.yml
34 when: lp_autofs_install|bool
35 vars:
36 ll_ipkg_list: "{{ lp_autofs_packages }}"
37 ll_ipkg_state: "{{ lp_package_state }}"
38 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
39 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
40 ll_debug: "{{ lp_autofs_debug|bool }}"
41 tags: lp_autofs_packages
42
43- name: "autofs: Configure, enable, start, or disable autofs"
44 block:
45
46 - name: "autofs: Configure {{ lp_autofs_conf_file }}"
47 ansible.builtin.lineinfile:
48 dest: "{{ lp_autofs_conf_file }}"
49 regexp: '^\s*{{ item.key }}\s*=\s*(.*)$'
50 line: "{{ item.key }} = {{ item.value }}"
51 backup: "{{ lp_backup_conf }}"
52 loop: "{{ lp_autofs_conf }}"
53 notify: reload autofs
54 tags: lp_autofs_conf
55
56 - name: "autofs: Configure {{ lp_autofs_master_conf_file }}"
57 ansible.builtin.lineinfile:
58 dest: "{{ lp_autofs_master_conf_file }}"
59 regexp: '^\s*{{ item.key }}\s*(.*)$'
60 line: "{{ item.key }} {{ item.value }}"
61 backup: "{{ lp_backup_conf }}"
62 loop: "{{ lp_autofs_master_conf }}"
63 notify: reload autofs
64 tags: lp_autofs_master_conf
65
66 - name: "autofs: Configure {{ lp_autofs_misc_conf_file }}"
67 ansible.builtin.lineinfile:
68 dest: "{{ lp_autofs_misc_conf_file }}"
69 regexp: '^\s*{{ item.key }}\s*(.*)$'
70 line: "{{ item.key }} {{ item.value }}"
71 backup: "{{ lp_backup_conf }}"
72 loop: "{{ lp_autofs_misc_conf }}"
73 notify: reload autofs
74 tags: lp_autofs_miscr_conf
75
76 - name: "autofs: Service {{ state }} and {{ enable }}"
77 ansible.builtin.service:
78 name: "{{ lp_autofs_service }}"
79 state: "{{ state }}"
80 enabled: "{{ enabled }}"
81 register: result
82 vars:
83 enabled: "{{ lp_autofs_enable|bool }}"
84 state: "{{ lp_sutofs_state|d(default_state) }}"
85 default_state: "{{ enabled|ternary('started', 'stopped') }}"
86 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
87 tags: lp_autofs_service
88
89 - name: "autofs: Debug service"
90 ansible.builtin.debug:
91 var: result
92 when: lp_autofs_debug|bool
93 tags: lp_autofs_service
94
95 rescue:
96
97 - name: "autofs: Print errors"
98 ansible.builtin.debug:
99 msg: |
100 [ERR] task {{ ansible_failed_task.name }} failed. End host.
101 ansible_failed_task:
102 {{ ansible_failed_task|to_yaml(indent=2)|indent(2) }}
103 ansible_failed_result:
104 {{ ansible_failed_result|to_yaml(indent=2)|indent(2) }}
105
106 - name: "autofs: End host"
107 ansible.builtin.meta: end_host
108 when:
109 - lp_autofs_rescue_end_host|bool
110 - not ansible_check_mode
111
112 - name: "autofs: Clear host errors"
113 ansible.builtin.meta: clear_host_errors
114
115- name: "autofs: Flush handlers"
116 ansible.builtin.meta: flush_handlers
117 when: lp_autofs_flush_handlers|bool
118
119# EOF
120...
See also
Handler autofs.yml
auto_upgrades.yml
Synopsis: Configure auto_upgrades.
Description of the task.
1---
2# linux_postinstall auto_upgrades
3
4- name: "auto_upgrades: Configure /etc/apt/apt.conf.d/20auto-upgrades"
5 ansible.builtin.template:
6 src: auto-upgrades.j2
7 dest: /etc/apt/apt.conf.d/20auto-upgrades
8 owner: root
9 group: root
10 mode: '0644'
11 backup: "{{ lp_backup_conf }}"
12
13- name: "auto_upgrades: Service {{ state }} and {{ enable }}"
14 ansible.builtin.service:
15 name: "{{ lp_auto_upgrades_service }}"
16 state: "{{ state }}"
17 enabled: "{{ enabled }}"
18 register: result
19 vars:
20 enabled: "{{ lp_auto_upgrades_enable|bool }}"
21 state: "{{ lp_auto_upgrades_state|d(default_state) }}"
22 default_state: "{{ enabled|ternary('started', 'stopped') }}"
23 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
24 tags: lp_auto_upgrades_service
25
26- name: "auto_upgrades: Debug service"
27 ansible.builtin.debug:
28 var: result
29 when: lp_auto_upgrades_debug|bool
30
31# EOF
32...
bluetooth.yml
Synopsis: Configure bluetooth.
Description of the task.
1---
2# linux_postinstall bluetooth
3
4- name: "bluetooth: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_bluetooth_enable: {{ lp_bluetooth_enable }}
9 lp_bluetooth_main_conf:
10 {{ lp_bluetooth_main_conf|to_yaml(indent=2)|indent(2) }}
11 lp_bluetooth_ini:
12 {{ lp_bluetooth_ini|to_yaml(indent=2)|indent(2) }}
13 lp_backup_conf: {{ lp_backup_conf }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16 when: lp_bluetooth_debug|bool
17 tags: lp_bluetooth_debug
18
19- name: "bluetooth: Configure /etc/bluetooth/main.conf"
20 ansible.builtin.lineinfile:
21 dest: /etc/bluetooth/main.conf
22 regexp: '^\s*{{ item.key }}\s*=\s*(.*)$'
23 insertbefore: '^[\s#]*{{ item.key }}(.*)$'
24 line: "{{ item.key }} = {{ item.value }}"
25 backup: "{{ lp_backup_conf }}"
26 loop: "{{ lp_bluetooth_main_conf }}"
27 loop_control:
28 label: "{{ item.key }} {{ item.value }}"
29 notify: restart bluetooth
30 tags: lp_bluetooth_conf
31
32- name: "bluetooth: Configure bluetooth"
33 community.general.ini_file:
34 path: "{{ item.0.path }}"
35 mode: "{{ item.0.mode }}"
36 section: "{{ item.1.section }}"
37 option: "{{ item.1.option|default(omit) }}"
38 value: "{{ item.1.value }}"
39 backup: "{{ lp_backup_conf }}"
40 loop: "{{ lp_bluetooth_ini|subelements('conf') }}"
41 loop_control:
42 label: "{{ item.1.option }}: {{ item.1.value }}"
43 notify: restart bluetooth
44 tags: lp_bluetooth_ini
45
46- name: "bluetooth: Service {{ state }} and {{ enable }}"
47 ansible.builtin.service:
48 name: "{{ lp_bluetooth_service }}"
49 state: "{{ state }}"
50 enabled: "{{ enabled }}"
51 register: result
52 vars:
53 enabled: "{{ lp_bluetooth_enable|bool|d(false) }}"
54 state: "{{ lp_bluetooth_state|d(default_state) }}"
55 default_state: "{{ enabled|ternary('started', 'stopped') }}"
56 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
57 tags: lp_bluetooth_service
58
59- name: "bluetooth: Debug service"
60 ansible.builtin.debug:
61 var: result
62 when: lp_bluetooth_debug|bool
63
64# EOF
65...
See also
Handler bluetooth.yml
chrony.yml
Synopsis: Configure chrony.
Description of the task.
1---
2# linux_postinstall chrony
3
4- name: "chrony: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_chrony_install: {{ lp_chrony_install }}
9 lp_chrony_enable: {{ lp_chrony_enable }}
10 lp_chrony_sanity: {{ lp_chrony_sanity }}
11 lp_chrony_flush_handlers: {{ lp_swap_flush_handlers }}
12 lp_chrony_rescue_end_host: {{ lp_swap_rescue_end_host }}
13 lp_chrony_service: {{ lp_chrony_service }}
14 lp_chrony_conf_file: {{ lp_chrony_conf_file }}
15 lp_chrony_conf:
16 {{ lp_chrony_conf|to_nice_yaml(indent=2)|indent(2) }}
17 lp_chrony_packages:
18 {{ lp_chrony_packages|to_nice_yaml(indent=2)|indent(2) }}
19 lp_backup_conf: {{ lp_backup_conf }}
20 lp_timesyncd_enable: {{ lp_timesyncd_enable }}
21 ansible.builtin.debug:
22 msg: "{{ '{}'.format(msg) }}"
23 when: lp_chrony_debug|bool
24 tags: lp_chrony_debug
25
26- name: "chrony: sanity"
27 block:
28 - name: "chrony: sanity: Disabled timesyncd"
29 ansible.builtin.assert:
30 that: not lp_timesyncd_enable|bool
31 fail_msg: "[ERR] Service {{ lp_timesyncd_service }} must be disabled."
32 when: lp_chrony_sanity|bool
33 tags: lp_chrony_sanity
34
35- name: "chrony: Install packages"
36 ansible.builtin.import_role:
37 name: vbotka.linux_lib
38 tasks_from: install_package.yml
39 when: lp_chrony_install|bool
40 vars:
41 ll_ipkg_list: "{{ lp_chrony_packages }}"
42 ll_ipkg_state: "{{ lp_package_state }}"
43 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
44 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
45 ll_debug: "{{ lp_chrony_debug|bool }}"
46 tags: lp_chrony_packages
47
48- name: "chrony: Configure, enable, start, or disable chrony"
49 block:
50
51 - name: "chrony: Configure {{ lp_chrony_conf_file }}"
52 ansible.builtin.template:
53 src: chrony.conf.j2
54 dest: "{{ lp_chrony_conf_file }}"
55 owner: root
56 group: root
57 mode: "0644"
58 backup: "{{ lp_backup_conf }}"
59 notify: restart chrony
60 tags: lp_chrony_conf
61
62 - name: "chrony: Service {{ state }} and {{ enable }}"
63 ansible.builtin.service:
64 name: "{{ lp_chrony_service }}"
65 state: "{{ state }}"
66 enabled: "{{ enabled }}"
67 register: result
68 vars:
69 enabled: "{{ lp_chrony_enable|bool|d(false) }}"
70 state: "{{ lp_chrony_state|d(default_state) }}"
71 default_state: "{{ enabled|ternary('started', 'stopped') }}"
72 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
73 tags: lp_chrony_service
74
75 - name: "chrony: Debug service"
76 ansible.builtin.debug:
77 var: result
78 when: lp_chrony_debug|bool
79 tags: lp_chrony_service
80
81 rescue:
82
83 - name: "chrony: Print errors"
84 ansible.builtin.debug:
85 msg: |
86 [ERR] task {{ ansible_failed_task.name }} failed. End host.
87 ansible_failed_task:
88 {{ ansible_failed_task|to_yaml(indent=2)|indent(2) }}
89 ansible_failed_result:
90 {{ ansible_failed_result|to_yaml(indent=2)|indent(2) }}
91
92 - name: "chrony: End host"
93 ansible.builtin.meta: end_host
94 when:
95 - lp_chrony_rescue_end_host|bool
96 - not ansible_check_mode
97
98 - name: "chrony: Clear host errors"
99 ansible.builtin.meta: clear_host_errors
100
101- name: "chrony: Flush handlers"
102 ansible.builtin.meta: flush_handlers
103 when: lp_chrony_flush_handlers|bool
104
105# EOF
106...
cron.yml
Synopsis: Configure cron.
Description of the task.
1---
2# linux_postinstall cron
3
4- name: "cron: Configure cron variables"
5 community.general.cronvar:
6 name: "{{ item.name }}"
7 value: "{{ item.value }}"
8 user: "{{ item.user }}"
9 loop: "{{ lp_cron_var }}"
10 tags: lp_cron_var
11
12- name: "cron: Configure cron"
13 ansible.builtin.cron:
14 state: "{{ item.state }}"
15 user: "{{ item.user }}"
16 name: "{{ item.name }}"
17 minute: "{{ item.minute }}"
18 hour: "{{ item.hour }}"
19 day: "{{ item.day }}"
20 month: "{{ item.month }}"
21 weekday: "{{ item.weekday }}"
22 job: "{{ item.command }}"
23 loop: "{{ lp_cron_tab }}"
24 loop_control:
25 label: "{{ item.name }}"
26 tags: lp_cron_tab
27
28# EOF
29...
debsums.yml
Synopsis: Configure debsums.
Description of the task.
1---
2# linux_postinstall debsums
3
4- name: "debsums: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_debsums_install: {{ lp_debsums_install }}
9 lp_debsums_default_file: {{ lp_debsums_default_file }}
10 lp_debsums_default_conf:
11 {{ lp_debsums_default_conf|to_yaml(indent=2)|indent(2) }}
12 lp_debsums_ignore_file: {{ lp_debsums_ignore_file }}
13 lp_debsums_ignore_conf:
14 {{ lp_debsums_ignore_conf|to_nice_yaml(indent=2)|indent(2) }}
15 lp_debsums_packages:
16 {{ lp_debsums_packages|to_nice_yaml(indent=2)|indent(2) }}
17 lp_backup_conf: {{ lp_backup_conf }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20 when: lp_debsums_debug|bool
21 tags: lp_debsums_debug
22
23- name: "debsums: Install packages"
24 ansible.builtin.import_role:
25 name: vbotka.linux_lib
26 tasks_from: install_package.yml
27 when: lp_debsums_install|bool
28 vars:
29 ll_ipkg_list: "{{ lp_debsums_packages }}"
30 ll_ipkg_state: "{{ lp_package_state }}"
31 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
32 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
33 ll_debug: "{{ lp_debsums_debug|bool }}"
34 tags: lp_debsums_packages
35
36- name: "debsums: Configure {{ lp_debsums_default_file }}"
37 ansible.builtin.lineinfile:
38 dest: "{{ lp_debsums_default_file }}"
39 state: "{{ item.state|default(omit) }}"
40 regexp: '^\s*{{ item.key }}\s*=(.*)$'
41 line: "{{ item.key }}={{ item.value }}"
42 backup: "{{ lp_backup_conf }}"
43 create: true
44 mode: "0644"
45 loop: "{{ lp_debsums_default_conf }}"
46 tags: lp_debsums_default_conf
47
48- name: "debsums: Configure {{ lp_debsums_ignore_file }}"
49 ansible.builtin.lineinfile:
50 dest: "{{ lp_debsums_ignore_file }}"
51 state: "{{ item.state|default(omit) }}"
52 line: "{{ item }}"
53 backup: "{{ lp_backup_conf }}"
54 create: true
55 mode: "0644"
56 loop: "{{ lp_debsums_ignore_conf }}"
57 tags: lp_debsums_ignore_conf
58
59# EOF
60...
debug.yml
Synopsis: Configure debug.
Description of the task.
1---
2# Hint: Get readable output with stdout_callback = yaml
3
4- name: "Debug"
5 vars:
6 msg: |-
7 ansible_architecture: {{ ansible_architecture }}
8 ansible_os_family: {{ ansible_os_family }}
9 ansible_distribution: {{ ansible_distribution }}
10 ansible_distribution_major_version: {{ ansible_distribution_major_version }}
11 ansible_distribution_version: {{ ansible_distribution_version }}
12 ansible_distribution_release: {{ ansible_distribution_release }}
13 ansible_python_version: {{ ansible_python_version }}
14
15 lp_vars_distro: {{ lp_vars_distro }}
16 lp_vars_distro_firstfound_skip: {{ lp_vars_distro_firstfound_skip }}
17 lp_vars_flavors: {{ lp_vars_flavors }}
18 lp_flavors_enable: {{ lp_flavors_enable }}
19 my_release:
20 {{ my_release|default([])|to_nice_yaml|indent(2) }}
21 lp_package_state: {{ lp_package_state }}
22 lp_package_state_remove: {{ lp_package_state_remove }}
23 lp_backup_conf: {{ lp_backup_conf }}
24 lp_service:
25 {{ lp_service|to_yaml|indent(2) }}
26 lp_tasks_enabled: {{ lp_tasks_enabled_print|ternary(lp_tasks_enabled, 'Disabled') }}
27 lp_tasks_disabled: {{ lp_tasks_disabled_print|ternary(lp_tasks_disabled, 'Disabled') }}
28
29 lp_acpi: {{ lp_acpi }} lp_acpi_install: {{ lp_acpi_install }} lp_acpi_enable: {{ lp_acpi_enable }} lp_acpi_service: {{ lp_acpi_service }}
30 lp_aliases: {{ lp_aliases }}
31 lp_apt: {{ lp_apt }}
32 lp_debsums: {{ lp_debsums }} lp_debsums_install: {{ lp_debsums_install }}
33 lp_gpg: {{ lp_gpg }} lp_gpg_install: {{ lp_gpg_install }}
34 lp_grub: {{ lp_grub }}
35 lp_iptables: {{ lp_iptables }}
36 lp_kvm: {{ lp_kvm }} lp_kvm_install: {{ lp_kvm_install }}
37 lp_latex: {{ lp_latex }} lp_latex_install: {{ lp_latex_install }}
38 lp_lid: {{ lp_lid }}
39 lp_logrotate: {{ lp_logrotate }} lp_logrotate_install: {{ lp_logrotate_install }}
40 lp_netplan: {{ lp_netplan }}
41 lp_packages_autoremove: {{ lp_packages_autoremove }}
42 lp_passwords: {{ lp_passwords }}
43 lp_pm: {{ lp_pm }}
44 lp_rc_local: {{ lp_rc_local }}
45 lp_reboot: {{ lp_reboot }}
46 lp_ssh: {{ lp_ssh }}
47 lp_swap: {{ lp_swap }} lp_swap_enable: {{ lp_swap_enable }}
48 lp_systemd: {{ lp_systemd }} lp_systemd_install: {{ lp_systemd_install }}
49 lp_timezone: {{ lp_timezone }}
50 lp_wpagui: {{ lp_wpagui }} lp_wpagui_install: {{ lp_wpagui_install }}
51
52 {% for service in lp_service_all %}
53 lp_{{ service }}: {{ lookup('vars', 'lp_' ~ service) }}, {% for suffix in ['_install', '_enable', '_service'] -%}
54 lp_{{ service }}{{ suffix }}: {{ lookup('vars', 'lp_' ~ service ~ suffix, default='UNDEFINED') }}, {% endfor %}
55
56 {% endfor %}
57
58 {% for group in lp_services_all %}
59 lp_{{ group }}: {{ lookup('vars', 'lp_' ~ group) }}, {% for suffix in ['_install', '_enable'] -%}
60 lp_{{ group }}{{ suffix }}: {{ lookup('vars', 'lp_' ~ group ~ suffix, default='UNDEFINED') }}, {% endfor %}
61
62 services:
63 {% for service in lookup('vars', 'lp_' ~ group ~ '_services') %}
64 - {{ service }}
65 {% endfor %}
66 {% endfor %}
67
68 lp_wpasupplicant: {{ lp_wpasupplicant }} lp_wpasupplicant_install: {{ lp_wpasupplicant_install }}
69 lp_xen: {{ lp_xen }} lp_xen_install: {{ lp_xen_install }}
70 lp_zeitgeist: {{ lp_zeitgeist }} lp_zeitgeist_install: {{ lp_zeitgeist_install }}
71 lp_zfs: {{ lp_zfs }} lp_zfs_install: {{ lp_zfs_install }}
72 [WIP] lp_snap: {{ lp_snap }} lp_snap_install: {{ lp_snap_install }} lp_snap_enable: {{ lp_snap_enable }}
73
74 ansible.builtin.debug:
75 msg: "{{ '{}'.format(msg) }}"
76
77# EOF
78...
dnsmasq.yml
Synopsis: Configure dnsmasq.
Description of the task.
1---
2# linux_postinstall dnsmasq
3
4- name: "dnsmasq: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_dnsmasq_install: {{ lp_dnsmasq_install }}
9 lp_dnsmasq_enable: {{ lp_dnsmasq_enable }}
10 lp_dnsmasq_service: {{ lp_dnsmasq_service }}
11 lp_dnsmasq_packages:
12 {{ lp_dnsmasq_packages|to_nice_yaml(indent=2)|indent(2) }}
13 lp_dnsmasq_config:
14 {{ lp_dnsmasq_config|to_nice_yaml(indent=2)|indent(2) }}
15 lp_dnsmasq_hosts:
16 {{ lp_dnsmasq_hosts|to_yaml(indent=2)|indent(2) }}
17 lp_backup_conf: {{ lp_backup_conf }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20 when: lp_dnsmasq_debug|bool
21 tags: lp_dnsmasq_debug
22
23- name: "dnsmasq: Install packages"
24 ansible.builtin.import_role:
25 name: vbotka.linux_lib
26 tasks_from: install_package.yml
27 when: lp_dnsmasq_install|bool
28 vars:
29 ll_ipkg_list: "{{ lp_dnsmasq_packages }}"
30 ll_ipkg_state: "{{ lp_package_state }}"
31 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
32 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
33 ll_debug: "{{ lp_dnsmasq_debug|bool }}"
34 tags: lp_dnsmasq_packages
35
36- name: "dnsmasq: Create directories"
37 ansible.builtin.file:
38 state: directory
39 path: "{{ item.dest|dirname }}"
40 owner: "{{ item.downer|d('root') }}"
41 group: "{{ item.dgroup|d('root') }}"
42 mode: "{{ item.dmode|d('0755') }}"
43 loop: "{{ lp_dnsmasq_config }}"
44 loop_control:
45 label: "{{ item.dest|dirname }}"
46 tags: lp_dnsmasq_directories
47
48- name: "dnsmasq: Configure"
49 ansible.builtin.template:
50 src: "{{ item.src }}"
51 dest: "{{ item.dest }}"
52 owner: "{{ item.owner|d('root') }}"
53 group: "{{ item.group|d('root') }}"
54 mode: "{{ item.mode|d('0600') }}"
55 backup: "{{ lp_backup_conf }}"
56 loop: "{{ lp_dnsmasq_config }}"
57 loop_control:
58 label: "{{ item.dest }}"
59 notify: restart dnsmasq
60 tags: lp_dnsmasq_config
61
62- name: "dnsmasq: Service {{ state }} and {{ enable }}"
63 ansible.builtin.service:
64 name: "{{ lp_dnsmasq_service }}"
65 state: "{{ state }}"
66 enabled: "{{ enabled }}"
67 register: result
68 vars:
69 enabled: "{{ lp_dnsmasq_enable|bool|d(false) }}"
70 state: "{{ lp_dnsmasq_state|d(default_state) }}"
71 default_state: "{{ enabled|ternary('started', 'stopped') }}"
72 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
73 tags: lp_dnsmasq_service
74
75- name: "dnsmasq: Debug service"
76 ansible.builtin.debug:
77 var: result
78 when: lp_dnsmasq_debug|bool
79 tags: lp_dnsmasq_service
80
81# EOF
82...
fstab.yml
Synopsis: Configure fstab.
Description of the task.
1---
2# linux_postinstall fstab
3
4- name: "fstab: Configure fstab entries"
5 ansible.posix.mount:
6 name: "{{ item.name }}"
7 state: "{{ item.state|default('mounted') }}"
8 src: "{{ item.src|default(omit) }}"
9 fstype: "{{ item.fstype|default(omit) }}"
10 opts: "{{ item.opts|default(omit) }}"
11 dump: "{{ item.dump|default(omit) }}"
12 passno: "{{ item.passno|default(omit) }}"
13 backup: "{{ lp_backup_conf }}"
14 loop: "{{ lp_fstab_entries }}"
15
16# EOF
17...
gpg.yml
Synopsis: Configure gpg.
Description of the task.
1---
2# linux_postinstall gpg
3
4- name: "gpg: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 ansible_python_version: {{ ansible_python_version }}
9 lp_gpg_install: {{ lp_gpg_install }}
10 lp_gpg_packages:
11 {{ lp_gpg_packages|to_nice_yaml(indent=2)|indent(2) }}
12 lp_gpg_packages_extra:
13 {{ lp_gpg_packages_extra|to_nice_yaml(indent=2)|indent(2) }}
14 lp_gpg_conf_template: {{ lp_gpg_conf_template }}
15 lp_gpg_conf:
16 {{ lp_gpg_conf|to_yaml(indent=2)|indent(2) }}
17 lp_backup_conf: {{ lp_backup_conf }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20 when: lp_gpg_debug|bool
21 tags: lp_gpg_debug
22
23- name: "gpg: Install packages"
24 ansible.builtin.import_role:
25 name: vbotka.linux_lib
26 tasks_from: install_package.yml
27 vars:
28 ll_ipkg_list: "{{ lp_gpg_packages + lp_gpg_packages_extra }}"
29 ll_ipkg_state: "{{ lp_package_state }}"
30 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
31 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
32 ll_debug: "{{ lp_gpg_debug|bool }}"
33 when: lp_gpg_install|bool
34 tags: lp_gpg_packages
35
36- name: "gpg: Create directories .gnupg"
37 ansible.builtin.file:
38 state: directory
39 dest: "/home/{{ item }}/.gnupg"
40 owner: "{{ item }}"
41 group: "{{ item }}"
42 mode: '0700'
43 loop: "{{ lp_gpg_conf|map(attribute='owner')|unique|sort }}"
44 tags: lp_gpg_dir
45
46- name: "gpg: Configure gnupg"
47 ansible.builtin.template:
48 src: "{{ lp_gpg_conf_template }}"
49 dest: "{{ '/home/' ~ item.owner ~ '/.gnupg/' ~ item.component ~ '.conf' }}"
50 owner: "{{ item.owner }}"
51 group: "{{ item.owner }}"
52 mode: '0600'
53 backup: "{{ lp_backup_conf }}"
54 register: lp_gpg_conf_reg
55 loop: "{{ lp_gpg_conf }}"
56 loop_control:
57 label: "{{ item.owner }} {{ item.component }}"
58 notify: gpgconf reload
59 tags: lp_gpg_conf
60
61# TODO: import keys, template blocks
62
63# EOF
64...
See also
Handler gpg.yml
Template gpg.conf.j2
gpsd.yml
Synopsis: Configure gpsd.
Description of the task.
1---
2# linux_postinstall gpsd
3
4- name: "gpsd: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_gpsd_install: {{ lp_gpsd_install }}
9 lp_gpsd_packages:
10 {{ lp_gpsd_packages|to_nice_yaml(indent=2)|indent(2) }}
11 lp_backup_conf: {{ lp_backup_conf }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14 when: lp_gpsd_debug|bool
15 tags: lp_gpsd_debug
16
17- name: "gpsd: Install packages for gpsd"
18 ansible.builtin.import_role:
19 name: vbotka.linux_lib
20 tasks_from: install_package.yml
21 when: lp_gpsd_install|bool
22 vars:
23 ll_ipkg_list: "{{ lp_gpsd_packages }}"
24 ll_ipkg_state: "{{ lp_package_state }}"
25 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
26 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
27 ll_debug: "{{ lp_gpsd_debug|bool }}"
28 tags: lp_gpsd_packages
29
30- name: "gpsd: Add user gpsd to group dialout"
31 ansible.builtin.user:
32 name: gpsd
33 groups: dialout
34 append: true
35 tags: lp_gpsd_group
36
37- name: "gpsd: Configure /etc/bluetooth/rfcomm.conf"
38 ansible.builtin.blockinfile:
39 dest: /etc/bluetooth/rfcomm.conf
40 create: true
41 marker: "# {mark} ANSIBLE MANAGED BLOCK rfcomm{{ item.rfcomm }}"
42 insertafter: EOF
43 owner: root
44 group: root
45 mode: '0644'
46 backup: "{{ lp_backup_conf }}"
47 block: |
48 rfcomm{{ item.rfcomm }} {
49 bind {{ item.bind }}
50 device {{ item.device }}
51 channel {{ item.channel }}
52 comment "{{ item.comment }}"
53 }
54 loop: "{{ lp_gpsd_bt_rfcomm }}"
55 notify: restart bluetooth
56 tags: lp_gpsd_bt_rfcom
57
58- name: "gpsd: Configure /etc/default/gpsd"
59 ansible.builtin.template:
60 src: gpsd.j2
61 dest: /etc/default/gpsd
62 owner: root
63 group: root
64 mode: '0644'
65 backup: "{{ lp_backup_conf }}"
66 notify: restart gpsd
67 tags: lp_gpsd_config
68
69- name: "gpsd: Service {{ state }} and {{ enable }}"
70 ansible.builtin.service:
71 name: "{{ lp_gpsd_service }}"
72 state: "{{ state }}"
73 enabled: "{{ enabled }}"
74 register: result
75 vars:
76 enabled: "{{ lp_gpsd_enable|bool|d(false) }}"
77 state: "{{ lp_gpsd_state|d(default_state) }}"
78 default_state: "{{ enabled|ternary('started', 'stopped') }}"
79 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
80 tags: lp_gpsd_service
81
82- name: "gpsd: Debug service"
83 ansible.builtin.debug:
84 var: result
85 when: lp_gpsd_debug|bool
86 tags: lp_gpsd_service
87
88# EOF
89...
See also
Handler gpsd.yml
Handler bluetooth.yml
Template gpsd.j2
groups.yml
Synopsis: Configure groups.
Description of the task.
1---
2# linux_postinstall groups
3
4- name: "groups: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_groups:
9 {{ lp_groups|to_nice_yaml(indent=2)|indent(2) }}
10 lp_backup_conf: {{ lp_backup_conf }}
11 ansible.builtin.debug:
12 msg: "{{ '{}'.format(msg) }}"
13 when: lp_groups_debug|bool
14 tags: lp_groups_debug
15
16- name: "groups: Manage groups"
17 ansible.builtin.group:
18 name: "{{ item.name }}"
19 gid: "{{ item.gid|default(omit) }}"
20 state: "{{ item.state|default(omit) }}"
21 system: "{{ item.system|default(omit) }}"
22 loop: "{{ lp_groups }}"
23
24# EOF
25...
grub.yml
Synopsis: Configure grub.
Description of the task.
1---
2# linux_postinstall grub
3
4- name: "grub: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_grub_default:
9 {{ lp_grub_default|to_yaml(indent=2)|indent(2) }}
10 lp_backup_conf: {{ lp_backup_conf }}
11 ansible.builtin.debug:
12 msg: "{{ '{}'.format(msg) }}"
13 when: lp_grub_debug|bool
14 tags: lp_grub_debug
15
16- name: "grub: Configure /etc/default/grub"
17 ansible.builtin.lineinfile:
18 dest: /etc/default/grub
19 regexp: '^\s*{{ item.var }}\s*=(.*)$'
20 line: "{{ item.var }}={{ item.value }}"
21 backup: "{{ lp_backup_conf }}"
22 loop: "{{ lp_grub_default }}"
23 loop_control:
24 label: "{{ item.var }}: {{ item.value }}"
25 notify: update grub
26 tags: lp_grub_conf
27
28# EOF
29...
See also
Handler grub.yml
hostname.yml
Synopsis: Configure hostname.
Description of the task.
1---
2# linux_postinstall hostname
3
4# TODO:
5# 1) SET/DONT_SET hostname via DHCP
6# /etc/dhcp/dhclient.conf
7# #send host-name = gethostname();
8# request host-name = "myhostname";
9# https://askubuntu.com/questions/104918/how-to-get-the-hostname-from-a-dhcp-server
10# http://blog.schlomo.schapiro.org/2013/11/setting-hostname-from-dhcp-in-debian.html
11# https://askubuntu.com/questions/757423/how-to-force-dhcp-client-to-allow-a-self-defined-domain-name
12
13- name: "hostname: Configure hostname in /etc/hostname"
14 ansible.builtin.template:
15 src: hostname.j2
16 dest: /etc/hostname
17 owner: root
18 group: root
19 mode: '0644'
20 backup: "{{ lp_backup_conf }}"
21 when:
22 - lp_hostname|length > 0
23 - ansible_os_family == 'Debian'
24# notify: set hostname
25
26- name: "hostname: Configure hostname"
27 ansible.builtin.hostname:
28 name: "{{ lp_hostname }}"
29 when: lp_hostname|length > 0
30
31# EOF
32...
hosts.yml
Synopsis: Configure hosts.
Description of the task.
1---
2# linux_postinstall hosts
3
4- name: "hosts: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_hosts_sanity: {{ lp_hosts_sanity }}
9 lp_hosts_default_override:
10 {{ lp_hosts_default_override|to_yaml(indent=2)|indent(2) }}
11 lp_hosts_default:
12 {{ lp_hosts_default|to_yaml(indent=2)|indent(2) }}
13 lp_hosts_template: {{ lp_hosts_template }}
14 lp_hosts:
15 {{ lp_hosts|to_yaml(indent=2)|indent(2) }}
16 lp_backup_conf: {{ lp_backup_conf }}
17 ansible.builtin.debug:
18 msg: "{{ '{}'.format(msg) }}"
19 when: lp_hosts_debug|bool
20 tags: lp_hosts_debug
21
22- name: "hosts: Sanity"
23 block:
24
25 - name: "hosts: Sanity valid IP"
26 ansible.builtin.fail:
27 msg: '[ERR] Invalid IP address'
28 when: (lp_hosts|map(attribute='ip')|map('ipaddr')) is not all
29
30 - name: "hosts: Sanity unique FQDN"
31 ansible.builtin.fail:
32 msg: '[ERR] FQDN not unique'
33 vars:
34 no_records: "{{ lp_hosts|length }}"
35 no_hosts: "{{ lp_hosts|map(attribute='fqdn')|list|unique|length }}"
36 when: no_records != no_hosts
37
38 when: lp_hosts_sanity|bool
39 tags: lp_hosts_sanity
40
41- name: "hosts: Configure hosts in /etc/hosts"
42 ansible.builtin.template:
43 src: "{{ lp_hosts_template }}"
44 dest: /etc/hosts
45 owner: root
46 group: root
47 mode: '0644'
48 backup: "{{ lp_backup_conf }}"
49 tags: lp_hosts_conf
50
51# EOF
52...
See also
Template hosts.j2
iptables.yml
Synopsis: Configure iptables.
Description of the task.
1---
2# linux_postinstall iptables
3
4- name: "iptables: Create /etc/network/if-pre-up.d/iptables"
5 ansible.builtin.template:
6 src: iptables-restore.j2
7 dest: /etc/network/if-pre-up.d/iptables
8 owner: root
9 group: root
10 mode: '0755'
11
12- name: "iptables: Create /etc/network/iptables
13 using {{ lp_iptables_type }}-iptables.j2"
14 ansible.builtin.template:
15 src: "{{ lp_iptables_type }}-iptables.j2"
16 dest: /etc/network/iptables
17 owner: root
18 group: root
19 mode: '0644'
20 notify: reload iptables
21
22# EOF
23...
See also
Handler iptables.yml
Template iptables_restore.j2
Template default_iptables.j2
Template router1_iptables.j2
kvm.yml
Synopsis: Configure kvm.
Description of the task.
1---
2# linux_postinstall kvm
3
4- name: "kvm: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_kvm_packages:
9 {{ lp_kvm_packages|to_nice_yaml(indent=2)|indent(2) }}
10 ansible.builtin.debug:
11 msg: "{{ '{}'.format(msg) }}"
12 when: lp_kvm_debug|bool
13 tags: lp_kvm_debug
14
15- name: "kvm: Install packages"
16 ansible.builtin.import_role:
17 name: vbotka.linux_lib
18 tasks_from: install_package.yml
19 when: lp_kvm_install|bool
20 vars:
21 ll_ipkg_list: "{{ lp_kvm_packages }}"
22 ll_ipkg_state: "{{ lp_package_state }}"
23 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
24 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
25 ll_debug: "{{ lp_kvm_debug|bool }}"
26 tags: lp_kvm_packages
27
28# EOF
29...
latex.yml
Synopsis: Configure latex.
Description of the task.
1---
2# linux_postinstall LaTeX
3
4- name: "latex: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_latex_install: {{ lp_latex_install }}
9 lp_latex_packages:
10 {{ lp_latex_packages|to_nice_yaml(indent=2)|indent(2) }}
11 lp_backup_conf: {{ lp_backup_conf }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14 when: lp_latex_debug|bool
15 tags: lp_latex_debug
16
17- name: "latex: Install packages"
18 ansible.builtin.import_role:
19 name: vbotka.linux_lib
20 tasks_from: install_package.yml
21 when: lp_latex_install|bool
22 vars:
23 ll_ipkg_list: "{{ lp_latex_packages }}"
24 ll_ipkg_state: "{{ lp_package_state }}"
25 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
26 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
27 ll_debug: "{{ lp_latex_debug|bool }}"
28 tags: lp_latex_packages
29
30- name: "latex: Create directory /usr/share/texmf/tex/latex"
31 ansible.builtin.file:
32 state: directory
33 path: /usr/share/texmf/tex/latex
34 mode: '0755'
35 tags: lp_latex_dir
36
37- name: "latex: Create directories for macros"
38 ansible.builtin.file:
39 state: directory
40 path: "{{ item }}"
41 mode: '0755'
42 loop: "{{ lp_latex_macros|map(attribute='dest')|unique }}"
43 tags: lp_latex_macros
44
45- name: "latex: Download macros"
46 ansible.builtin.get_url:
47 url: "{{ item.url }}"
48 dest: "{{ item.dest }}"
49 timeout: "{{ lp_latex_download_timeout }}"
50 loop: "{{ lp_latex_macros }}"
51 loop_control:
52 label: "{{ item.url }}"
53 ignore_errors: "{{ lp_latex_get_url_ignore_errors }}" # noqa ignore-errors
54 changed_when: false
55 tags: lp_latex_labels
56
57# Note
58# get_url: check mode reports changes with force enabled
59# https://github.com/ansible/ansible/issues/25418#issuecomment-307208773
60# https://github.com/ansible/ansible/issues/25418
61
62# [TODO]
63# 1) Compile and register labels.sty
64# cd /usr/share/texmf/tex/latex/labels/
65# latex labels.ins
66# texhash /usr/share/texmf
67
68# EOF
69...
libvirt.yml
Synopsis: Configure libvirt.
Description of the task.
1---
2# linux_postinstall libvirt
3
4- name: "libvirt Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_libvirt_guests_enable: {{ lp_libvirt_guests_enable }}
9 lp_libvirt_libvirtd_enable: {{ lp_libvirt_libvirtd_enable }}
10 lp_libvirt_conf_owner: {{ lp_libvirt_conf_owner }}
11 lp_libvirt_conf_group: {{ lp_libvirt_conf_group }}
12 lp_libvirt_conf_mode: {{ lp_libvirt_conf_mode }}
13 lp_libvirt_conf_dir: {{ lp_libvirt_conf_dir }}
14 lp_libvirt_packages:
15 {{ lp_libvirt_packages|to_nice_yaml|indent(2) }}
16 lp_libvirt_conf:
17 {{ lp_libvirt_conf|to_nice_yaml|indent(2) }}
18 lp_backup_conf: {{ lp_backup_conf }}
19 ansible.builtin.debug:
20 msg: "{{ '{}'.format(msg) }}"
21 when: lp_libvirt_debug|bool
22 tags: lp_libvirt_debug
23
24- name: "libvirt: Install packages"
25 ansible.builtin.import_role:
26 name: vbotka.linux_lib
27 tasks_from: install_package.yml
28 when: lp_libvirt_packages|bool
29 vars:
30 ll_ipkg_list: "{{ lp_libvirt_packages }}"
31 ll_ipkg_state: "{{ lp_package_state }}"
32 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
33 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
34 ll_debug: "{{ lp_libvirt_debug|bool }}"
35 tags: lp_libvirt_packages
36
37- name: "libvirt: Configure {{ lp_libvirt_conf_dir }}"
38 ansible.builtin.lineinfile:
39 dest: "{{ lp_libvirt_conf_dir }}/{{ item.0.key }}"
40 regexp: '^\s*{{ item.1.0 }}(\s|=)(.*)$'
41 line: "{{ item.1.0 }} = {{ item.1.1 }}"
42 state: "{{ item.1.2|default('present') }}"
43 backup: "{{ lp_backup_conf }}"
44 create: true
45 owner: "{{ item.0.owner|default('root') }}"
46 group: "{{ item.0.group|default('root') }}"
47 mode: "{{ item.0.mode|default('0644') }}"
48 loop: "{{ query('subelements',
49 lp_libvirt_conf|dict2items,
50 'value.conf',
51 {'skip_missing': True}) }}"
52 loop_control:
53 label: "{{ item.0.key }}
54 {{ item.1.0 }}: {{ item.1.1 }}
55 {{ item.1.2|default('present') }}"
56 notify:
57 - reload libvirtd
58 - reload libvirt_guests
59 tags: lp_libvirt_conf
60
61- name: "libvirt: Service {{ lp_libvirt_libvirtd_service }} {{ state }} and {{ enable }}"
62 ansible.builtin.service:
63 name: "{{ lp_libvirt_libvirtd_service }}"
64 state: "{{ state }}"
65 enabled: "{{ enabled }}"
66 register: result
67 vars:
68 enabled: "{{ lp_libvirt_libvirtd_enable|bool|d(false) }}"
69 state: "{{ lp_libvirt_libvirtd_state|d(default_state) }}"
70 default_state: "{{ enabled|ternary('started', 'stopped') }}"
71 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
72 tags: lp_libvirt_libvirtd_service
73
74- name: "libvirt: Service {{ lp_libvirt_guests_service }} {{ state }} and {{ enable }}"
75 ansible.builtin.service:
76 name: "{{ lp_libvirt_guests_service }}"
77 state: "{{ state }}"
78 enabled: "{{ enabled }}"
79 register: result
80 vars:
81 enabled: "{{ lp_libvirt_guests_enable|bool|d(false) }}"
82 state: "{{ lp_libvirt_guests_state|d(default_state) }}"
83 default_state: "{{ enabled|ternary('started', 'stopped') }}"
84 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
85 tags: lp_libvirt_guests_service
86
87# EOF
88...
lid.yml
Synopsis: Configure lid.
Description of the task.
1---
2# linux_postinstall lid
3
4- name: "lid: Configure {{ lp_lid_logind_conf }}"
5 ansible.builtin.lineinfile:
6 dest: "{{ lp_lid_logind_conf }}"
7 regexp: '^\s*{{ item.var }}\s*=\s*(.*)$'
8 line: "{{ item.var }}={{ item.value }}"
9 backup: "{{ lp_backup_conf }}"
10 loop: "{{ lp_lid_logind_conf_vars }}"
11 loop_control:
12 label: "{{ item.var }}: {{ item.value }}"
13 notify: logind message reboot
14
15- name: "lid: Configure {{ lp_lid_upower_conf }}"
16 ansible.builtin.lineinfile:
17 dest: "{{ lp_lid_upower_conf }}"
18 regexp: '^\s*{{ item.var }}\s*=\s*(.*)$'
19 line: "{{ item.var }}={{ item.value }}"
20 backup: "{{ lp_backup_conf }}"
21 loop: "{{ lp_lid_upower_conf_vars }}"
22 loop_control:
23 label: "{{ item.var }}: {{ item.value }}"
24
25# EOF
26...
See also
Handler messages.yml
logrotate.yml
Synopsis: Configure logrotate.
Description of the task.
1---
2# linux_postinstall logrotate
3
4- name: "logrotate: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_logrotate_install: {{ lp_logrotate_install }}
9 lp_logrotate_packages:
10 {{ lp_logrotate_packages|to_nice_yaml(indent=2)|indent(2) }}
11 lp_backup_conf: {{ lp_backup_conf }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14 when: lp_logrotate_debug|bool
15 tags: lp_logrotate_debug
16
17- name: "logrotate: Install packages for logrotate"
18 ansible.builtin.import_role:
19 name: vbotka.linux_lib
20 tasks_from: install_package.yml
21 when: lp_logrotate_install|bool
22 vars:
23 ll_ipkg_list: "{{ lp_logrotate_packages }}"
24 ll_ipkg_state: "{{ lp_package_state }}"
25 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
26 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
27 ll_debug: "{{ lp_logrotate_debug|bool }}"
28 tags: lp_logrotate_packages
29
30- name: "logrotate: Configure blocks in {{ lp_logrotate_conf_file }}"
31 ansible.builtin.blockinfile:
32 path: "{{ lp_logrotate_conf_file }}"
33 mark: "{{ item.mark }}"
34 block: "{{ item.block }}"
35 state: "{{ item.state }}"
36 backup: "{{ lp_backup_conf }}"
37 loop: "{{ lp_logrotate_conf_blocks }}"
38 tags: lp_logrotate_conf_blocks
39
40- name: "logrotate: Configure lines in {{ lp_logrotate_conf_file }}"
41 ansible.builtin.lineinfile:
42 path: "{{ lp_logrotate_conf_file }}"
43 line: "{{ item.line }}"
44 state: "{{ item.state }}"
45 backup: "{{ lp_backup_conf }}"
46 loop: "{{ lp_logrotate_conf_lines }}"
47 tags: lp_logrotate_conf_lines
48
49- name: "logrotate: Configure {{ lp_logrotate_conf_dir }}"
50 ansible.builtin.blockinfile:
51 path: "{{ lp_logrotate_conf_dir }}/{{ item.path }}"
52 block: "{{ item.conf }}"
53 backup: "{{ lp_backup_conf }}"
54 create: true
55 owner: "{{ item.owner|default('root') }}"
56 group: "{{ item.group|default('root') }}"
57 mode: "{{ item.mode|default('0644') }}"
58 loop: "{{ lp_logrotate_confd }}"
59 loop_control:
60 label: "{{ item.path }}"
61 tags: lp_logrotate_confd
62
63# EOF
64...
modemmanager.yml
Synopsis: Configure modemmanager.
Description of the task.
1---
2# linux_postinstall ModemManager
3
4- name: "modemmanager: Configure /etc/init/modemmanager.override"
5 ansible.builtin.template:
6 src: modem-manager-override.j2
7 dest: /etc/init/modemmanager.override
8 owner: root
9 group: root
10 mode: '0644'
11
12- name: "modemmanager: Service {{ state }} and {{ enable }}"
13 ansible.builtin.service:
14 name: "{{ lp_modemmanager_service }}"
15 state: "{{ state }}"
16 enabled: "{{ enabled }}"
17 register: result
18 vars:
19 enabled: "{{ lp_modemmanager_enable|bool|d(false) }}"
20 state: "{{ lp_modemmanager_state|d(default_state) }}"
21 default_state: "{{ enabled|ternary('started', 'stopped') }}"
22 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
23 tags: lp_modemmanager_service
24
25- name: "modemmanager: Debug service"
26 ansible.builtin.debug:
27 var: result
28 when: lp_modemmanager_debug|bool
29 tags: lp_modemmanager_service
30
31# EOF
32...
modules.yml
Synopsis: Configure modules.
Description of the task.
1---
2# linux_postinstall modules
3
4- name: "modules: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_modules_conf: {{ lp_modules_conf }}
9 lp_modules:
10 {{ lp_modules|to_yaml(indent=2)|indent(2) }}
11 lp_modules_options_path: {{ lp_modules_options_path }}
12 lp_modules_options:
13 {{ lp_modules_options|to_nice_yaml(indent=2)|indent(2) }}
14 lp_modules_blacklist_path: {{ lp_modules_blacklist_path }}
15 lp_modules_blacklist:
16 {{ lp_modules_blacklist|to_nice_yaml(indent=2)|indent(2) }}
17 lp_backup_conf: {{ lp_backup_conf }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20 when: lp_modules_debug|bool
21 tags: lp_modules_debug
22
23- name: "modules: modprobe modules"
24 community.general.modprobe:
25 name: "{{ item.name }}"
26 params: "{{ item.params }}"
27 state: "{{ item.state|default('present') }}"
28 loop: "{{ lp_modules }}"
29
30# Debian
31- name: "modules: Configure {{ lp_modules_conf }} in Debian"
32 ansible.builtin.lineinfile:
33 dest: "{{ lp_modules_conf }}"
34 regexp: '^\s*{{ item.name }}\s*(.*)$'
35 line: "{{ item.name }} {{ item.params }}"
36 backup: "{{ lp_backup_conf }}"
37 loop: "{{ lp_modules }}"
38 when:
39 - ansible_os_family == 'Debian'
40 - item.state|default('present') == 'present'
41
42# RedHat
43- name: "modules: Configure {{ lp_modules_conf }} in RedHat"
44 ansible.builtin.lineinfile:
45 dest: "{{ lp_modules_conf }}"
46 regexp: '^\s*modprobe\s+{{ item.name }}\s*(.*)$'
47 line: "modprobe {{ item.name }} {{ item.params }}"
48 backup: "{{ lp_backup_conf }}"
49 loop: "{{ lp_modules }}"
50 when:
51 - ansible_os_family == 'RedHat'
52 - item.state|default('present') == 'present'
53
54- name: "modules: Blacklist modules in {{ lp_modules_blacklist_path }}"
55 ansible.builtin.template:
56 src: blacklist-module.j2
57 dest: "{{ lp_modules_blacklist_path }}/blacklist-{{ item }}.conf"
58 backup: "{{ lp_backup_conf }}"
59 mode: '0644'
60 loop: "{{ lp_modules_blacklist }}"
61 notify: update initramfs
62
63- name: "modules: Set modules options in {{ lp_modules_options_path }}"
64 ansible.builtin.template:
65 src: options-module.j2
66 dest: "{{ lp_modules_options_path }}/{{ item.module }}.conf"
67 backup: "{{ lp_backup_conf }}"
68 mode: '0644'
69 loop: "{{ lp_modules_options }}"
70 loop_control:
71 label: "{{ item.module }}: {{ item.options }}"
72 notify: update initramfs
73
74# EOF
75...
netplan.yml
Synopsis: Configure netplan.
Description of the task.
1---
2# linux_postinstall netplan
3
4# Configure 01-network-manager-all.yaml only if it already exists
5- name: "netplan: Stat {{ lp_netplan_default }}"
6 ansible.builtin.stat:
7 path: "{{ lp_netplan_root }}/{{ lp_netplan_default }}"
8 register: result
9
10- name: "netplan: Configure {{ lp_netplan_root }}/{{ lp_netplan_default }}"
11 ansible.builtin.template:
12 src: netplan-default.j2
13 dest: "{{ lp_netplan_root }}/{{ lp_netplan_default }}"
14 owner: "{{ lp_netplan_owner }}"
15 group: "{{ lp_netplan_group }}"
16 mode: "{{ lp_netplan_mode }}"
17 backup: "{{ lp_backup_conf }}"
18 notify: netplan apply
19 when: result.stat.exists|default(false)
20
21- name: "netplan: Configure files in {{ lp_netplan_root }}"
22 ansible.builtin.template:
23 src: netplan-conf.j2
24 dest: "{{ lp_netplan_root }}/{{ item.file }}"
25 owner: "{{ item.owner | default(lp_netplan_owner) }}"
26 group: "{{ item.group | default(lp_netplan_group) }}"
27 mode: "{{ item.mode | default(lp_netplan_mode) }}"
28 backup: "{{ lp_backup_conf }}"
29 loop: "{{ lp_netplan_conf }}"
30 loop_control:
31 label: "{{ item.file }}"
32 notify: netplan apply
33
34# EOF
35...
See also
Handler netplan.yml
Template netplan_default.j2
Template netplan_conf.j2
networkd.yml
Synopsis: Configure networkd.
Description of the task.
1---
2# linux_postinstall networkd
3
4- name: "networkd: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_networkd_install: {{ lp_networkd_install }}
9 lp_networkd_packages:
10 {{ lp_networkd_packages|to_nice_yaml(indent=2)|indent(2) }}
11 lp_networkd_enable: {{ lp_networkd_enable }}
12 lp_networkd_service: {{ lp_networkd_service }}
13 lp_networkd_conf:
14 {{ lp_networkd_conf|to_yaml(indent=2)|indent(2) }}
15 lp_systemd_owner: {{ lp_systemd_owner }}
16 lp_systemd_group: {{ lp_systemd_group }}
17 lp_systemd_mode: {{ lp_systemd_mode }}
18 lp_backup_conf: {{ lp_backup_conf }}
19 ansible.builtin.debug:
20 msg: "{{ '{}'.format(msg) }}"
21 when: lp_networkd_debug|bool
22 tags: lp_networkd_debug
23
24# Packages
25- name: "networkd: Install packages"
26 ansible.builtin.import_role:
27 name: vbotka.linux_lib
28 tasks_from: install_package.yml
29 when: lp_networkd_install|bool
30 vars:
31 ll_ipkg_list: "{{ lp_networkd_packages }}"
32 ll_ipkg_state: "{{ lp_package_state }}"
33 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
34 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
35 ll_debug: "{{ lp_networkd_debug|bool }}"
36 tags: lp_networkd_packages
37
38# Conf
39- name: "networkd: Configure networkd"
40 ansible.builtin.template:
41 src: "{{ item.src }}"
42 dest: "{{ item.dest }}"
43 owner: "{{ item.owner|default(lp_systemd_owner) }}"
44 group: "{{ item.group|default(lp_systemd_group) }}"
45 mode: "{{ item.mode|default(lp_systemd_mode) }}"
46 backup: "{{ lp_backup_conf }}"
47 loop: "{{ lp_networkd_conf }}"
48 loop_control:
49 label: "{{ item.dest }}"
50 notify: restart networkd
51 tags: lp_networkd_conf
52
53# Service
54- name: "networkd: Service {{ state }} and {{ enable }}"
55 ansible.builtin.service:
56 name: "{{ lp_networkd_service }}"
57 state: "{{ state }}"
58 enabled: "{{ enabled }}"
59 register: result
60 vars:
61 enabled: "{{ lp_networkd_enable|bool|d(false) }}"
62 state: "{{ lp_networkd_state|d(default_state) }}"
63 default_state: "{{ enabled|ternary('started', 'stopped') }}"
64 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
65 tags: lp_networkd_service
66
67- name: "networkd: Debug service"
68 ansible.builtin.debug:
69 var: result
70 when: lp_networkd_debug|bool
71
72# EOF
73...
networkmanager.yml
Synopsis: Configure networkmanager.
Description of the task.
1---
2# linux_postinstall networkmanager
3
4- name: "nm: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_nm_install: {{ lp_nm_install }}
9 lp_nm_packages:
10 {{ lp_nm_packages|to_nice_yaml(indent=2)|indent(2) }}
11 lp_nm_enable: {{ lp_nm_enable }}
12 lp_nm_override: {{ lp_nm_override }}
13 lp_nm_conf_path: {{ lp_nm_conf_path }}
14 lp_nm_conf_no_extra_spaces: {{ lp_nm_conf_no_extra_spaces }}
15 lp_nm_conf:
16 {{ lp_nm_conf|to_yaml(indent=2)|indent(2) }}
17 lp_nm_services:
18 {{ lp_nm_services|to_nice_yaml(indent=2)|indent(2) }}
19 lp_nm_mask: {{ lp_nm_mask }}
20 lp_nm_service_mask:
21 {{ lp_nm_services_mask|to_nice_yaml(indent=2)|indent(2) }}
22 lp_backup_conf: {{ lp_backup_conf }}
23 ansible.builtin.debug:
24 msg: "{{ '{}'.format(msg) }}"
25 when: lp_nm_debug|bool
26 tags: lp_nm_debug
27
28# Packages
29- name: "nm: Install packages"
30 ansible.builtin.import_role:
31 name: vbotka.linux_lib
32 tasks_from: install_package.yml
33 when: lp_nm_install|bool
34 vars:
35 ll_ipkg_list: "{{ lp_nm_packages }}"
36 ll_ipkg_state: "{{ lp_package_state }}"
37 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
38 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
39 ll_debug: "{{ lp_nm_debug|bool }}"
40 tags: lp_nm_packages
41
42# Override
43- name: "nm: Create /etc/init/network-manager.override"
44 ansible.builtin.template:
45 src: network-manager-override.j2
46 dest: /etc/init/network-manager.override
47 owner: root
48 group: root
49 mode: '0644'
50 when: not lp_nm_enable|bool
51 tags: lp_nm_override
52
53- name: "nm: Remove /etc/init/network-manager.override"
54 ansible.builtin.file:
55 state: absent
56 dest: /etc/init/network-manager.override
57 when: lp_nm_enable|bool
58 tags: lp_nm_override
59
60# Conf
61- name: "nm: Configure {{ lp_nm_conf_path }}"
62 community.general.ini_file:
63 path: "{{ lp_nm_conf_path }}"
64 section: "{{ item.section }}"
65 option: "{{ item.key }}"
66 value: "{{ item.val }}"
67 no_extra_spaces: "{{ lp_nm_conf_no_extra_spaces }}"
68 backup: "{{ lp_backup_conf }}"
69 mode: '0644'
70 loop: "{{ lp_nm_conf }}"
71 tags: lp_nm_conf
72
73# Service
74
75- name: "nm: Services start/stop and enable/disable"
76 ansible.builtin.service:
77 name: "{{ srv_name }}"
78 state: "{{ srv_stat }}"
79 enabled: "{{ srv_enbl }}"
80 loop: "{{ lp_nm_services }}"
81 loop_control:
82 label: "{{ srv_name }} state: {{ srv_stat }} enabled: {{ srv_enbl }}"
83 vars:
84 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
85 srv_enbl: "{{ lookup('vars', 'lp_' ~ item ~ '_enable', default=false) }}"
86 srv_stat: "{{ lookup('vars', 'lp_' ~ item ~ '_state', default=default_stat) }}"
87 default_stat: "{{ srv_enbl|bool|ternary('started', 'stopped') }}"
88 tags: lp_nm_service
89
90# Mask service
91- name: "nm: Services mask/unmask"
92 ansible.builtin.command:
93 cmd: "systemctl {{ srv_mask }} {{ srv_name }}"
94 loop: "{{ lp_nm_services_mask }}"
95 loop_control:
96 label: "{{ srv_name }} {{ srv_mask }}"
97 vars:
98 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
99 srv_mask: "{{ lp_nm_mask|bool|ternary('mask', 'unmask') }}"
100 changed_when: false
101 tags: lp_nm_mask
102
103# EOF
104...
nfsd.yml
Synopsis: Configure nfsd.
Description of the task.
1---
2# linux_postinstall nfsd
3
4- name: "nfsd: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_nfsd_install: {{ lp_nfsd_install }}
9 lp_nfsd_packages:
10 {{ lp_nfsd_packages|to_nice_yaml(indent=2)|indent(2) }}
11 lp_backup_conf: {{ lp_backup_conf }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14 when: lp_nfsd_debug|bool
15 tags: lp_nfsd_debug
16
17- name: "nfsd: Install packages"
18 ansible.builtin.import_role:
19 name: vbotka.linux_lib
20 tasks_from: install_package.yml
21 when: lp_nfsd_install|bool
22 vars:
23 ll_ipkg_list: "{{ lp_nfsd_packages }}"
24 ll_ipkg_state: "{{ lp_package_state }}"
25 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
26 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
27 ll_debug: "{{ lp_nfsd_debug|bool }}"
28 tags: lp_nfsd_packages
29
30- name: "nfsd: Configure exports"
31 ansible.builtin.template:
32 src: exports.j2
33 dest: /etc/exports
34 owner: root
35 group: root
36 mode: '0644'
37 notify: reload nfsd
38 tags: lp_nfsd_exports
39
40- name: "nfsd: Services start/stop and enable/disable"
41 ansible.builtin.service:
42 name: "{{ srv_name }}"
43 state: "{{ srv_stat }}"
44 enabled: "{{ srv_enbl }}"
45 loop: "{{ lp_nfsd_services }}"
46 loop_control:
47 label: "{{ srv_name }} state: {{ srv_stat }} enabled: {{ srv_enbl }}"
48 register: result
49 vars:
50 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
51 srv_enbl: "{{ lookup('vars', 'lp_' ~ item ~ '_enable', default=false) }}"
52 srv_stat: "{{ lookup('vars', 'lp_' ~ item ~ '_state', default=default_stat) }}"
53 default_stat: "{{ srv_enbl|bool|ternary('started', 'stopped') }}"
54 tags: lp_nfsd_service
55
56- name: "nfsd: Debug service"
57 ansible.builtin.debug:
58 var: result
59 when: lp_nfsd_debug|bool
60 tags: lp_nfsd_service
61
62- name: "nfsd: Enable and start nfsd services"
63 ansible.builtin.service:
64 name: "{{ item }}"
65 enabled: true
66 state: started
67 loop: "{{ lp_nfsd_services }}"
68 when:
69 - lp_nfsd_enable|bool
70 - lp_nfsd_services|length > 0
71 tags: lp_nfsd_service
72
73- name: "nfsd: Stop and disable nfsd services"
74 ansible.builtin.service:
75 name: "{{ item }}"
76 enabled: false
77 state: stopped
78 loop: "{{ lp_nfsd_services }}"
79 when:
80 - not lp_nfsd_enable|bool
81 - lp_nfsd_services|length > 0
82 tags: lp_nfsd_service
83
84# EOF
85...
packages.yml
Synopsis: Manage packages.
Dynamic variables (4)
TBD
Debug (13)
TBD
Install packages automatically (41)
If enabled (52) and not empty (53) import install_package.yml
(44) from the role vbotka.linux_lib (43). Flatten and filter
unique items in the lists my_packages_auto (46). Set it to the
mandatory variable ll_ipkg_list. Optionally, set other variables
(47-50).
Install packages (56)
If not empty (66) TBD
Remove packages (69)
TBD
1---
2# linux_postinstall packages
3
4- name: "packages: Instantiate dynamic variables"
5 set_fact:
6 my_packages_install: "{{ my_packages_install }}"
7 my_packages_lists: "{{ my_packages_lists }}"
8 my_packages_auto: "{{ my_packages_auto }}"
9 tags:
10 - lp_packages_debug
11 - lp_packages_auto
12
13- name: "packages: Debug (lp_packages_debug={{ lp_packages_debug }})"
14 vars:
15 msg: |-
16 ansible_os_family: {{ ansible_os_family }}
17 lp_packages_auto: {{ lp_packages_auto }}
18 lp_package_state: {{ lp_package_state }}
19 lp_packages_autoremove: {{ lp_packages_autoremove|bool }}
20 lp_packages_rescue_end_host: {{ lp_packages_rescue_end_host|bool }}
21
22 lp_packages_selections_preinstall:
23 {{ lp_packages_selections_preinstall|to_yaml(indent=2)|indent(2) }}
24 lp_packages_install:
25 {{ lp_packages_install|to_nice_yaml(indent=2)|indent(2) }}
26 lp_packages_remove:
27 {{ lp_packages_remove|to_nice_yaml(indent=2)|indent(2) }}
28 lp_packages_selections_postinstall:
29 {{ lp_packages_selections_postinstall|to_nice_yaml(indent=2)|indent(2) }}
30 my_packages_install:
31 {{ my_packages_install|to_yaml(indent=2)|indent(2) }}
32 my_packages_lists:
33 {{ my_packages_lists|to_yaml(indent=2)|indent(2) }}
34 my_packages_auto:
35 {{ my_packages_auto|to_yaml(indent=2)|indent(2) }}
36 ansible.builtin.debug:
37 msg: "{{ '{}'.format(msg) }}"
38 when: lp_packages_debug|bool
39 tags: lp_packages_debug
40
41- name: "packages: Auto install"
42 ansible.builtin.import_role:
43 name: vbotka.linux_lib
44 tasks_from: install_package.yml
45 vars:
46 ll_ipkg_list: "{{ my_packages_auto|flatten|unique }}"
47 ll_ipkg_state: "{{ lp_package_state }}"
48 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
49 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
50 ll_debug: "{{ lp_packages_debug|bool }}"
51 when:
52 - lp_packages_auto|bool
53 - my_packages_auto|flatten|length > 0
54 tags: lp_packages_auto
55
56- name: "packages: Install"
57 ansible.builtin.import_role:
58 name: vbotka.linux_lib
59 tasks_from: install_package.yml
60 vars:
61 ll_ipkg_list: "{{ lp_packages_install }}"
62 ll_ipkg_state: "{{ lp_package_state }}"
63 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
64 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
65 ll_debug: "{{ lp_packages_debug|bool }}"
66 when: lp_packages_install|length > 0
67 tags: lp_packages_install
68
69- name: "packages: Remove"
70 ansible.builtin.package:
71 name: "{{ item }}"
72 state: "{{ lp_package_state_remove }}"
73 loop: "{{ lp_packages_remove }}"
74 register: result
75 retries: "{{ lp_install_retries }}"
76 delay: "{{ lp_install_delay }}"
77 until: result is succeeded
78 tags: lp_packages_remove
79
80- name: "packages: Debug result"
81 ansible.builtin.debug:
82 var: result
83 when: lp_packages_debug|bool
84 tags: lp_packages_remove
85
86# EOF
87...
passwords.yml
Synopsis: Configure passwords.
Description of the task.
1---
2# linux_postinstall passwords
3
4- name: "passwords: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_passwords_fail_gracefully: {{ lp_passwords_fail_gracefully }}
9 lp_passwords_update_password: {{ lp_passwords_update_password }}
10 lp_users:
11 {% if lp_passwords_debug_classified|bool %}
12 {{ lp_users|default([])|to_nice_yaml(indent=2)|indent(2) }}
13 {% else %}
14 {% for user in lp_users|default([]) %}
15 - userpass: ************
16 {% for k,v in user.items() %}
17 {% if k not in ['userpass'] %}
18 {{ k }}: {{ v }}
19 {% endif %}
20 {% endfor %}
21 {% endfor %}
22 {% endif %}
23
24 lp_passwordstore: {{ lp_passwordstore }}
25 lp_passwordstore_install: {{ lp_passwordstore_install }}
26 lp_passwordstore_debug: {{ lp_passwordstore_debug }}
27 lp_passwordstore_backup: {{ lp_passwordstore_backup }}
28 lp_passwordstore_create: {{ lp_passwordstore_create }}
29 lp_passwordstore_length: {{ lp_passwordstore_length }}
30 lp_passwordstore_nosymbols: {{ lp_passwordstore_nosymbols }}
31 lp_passwordstore_overwrite: {{ lp_passwordstore_overwrite }}
32 lp_passwordstore_passwordstore: {{ lp_passwordstore_passwordstore }}
33 lp_passwordstore_returnall : {{ lp_passwordstore_returnall }}
34 lp_passwordstore_subkey: {{ lp_passwordstore_subkey }}
35 lp_passwordstore_idempotent_password_hash: {{ lp_passwordstore_idempotent_password_hash }}
36 lp_passwordstore_packages:
37 {{ lp_passwordstore_packages|to_nice_yaml(indent=2)|indent(2) }}
38 ansible.builtin.debug:
39 msg: "{{ '{}'.format(msg) }}"
40 when: lp_passwords_debug|bool
41 tags: lp_passwords_debug
42
43- name: "passwords: Passwordstore"
44 block:
45
46 - name: "passwords: Passwordstore: Install packages"
47 ansible.builtin.package:
48 name: "{{ item }}"
49 loop: "{{ lp_passwordstore_packages + lp_gpg_packages + lp_gpg_packages_extra }}"
50 delegate_to: localhost
51 run_once: true
52 when: lp_passwordstore_install|bool
53
54 - name: "passwords: Passwordstore: Retrieve, create, or update userpass"
55 ansible.builtin.include_role:
56 name: vbotka.ansible_lib
57 tasks_from: al_pws_user_host.yml
58 vars:
59 al_pws_debug: "{{ lp_passwordstore_debug }}"
60 al_pws_backup: "{{ lp_passwordstore_backup }}"
61 al_pws_create: "{{ lp_passwordstore_create }}"
62 al_pws_length: "{{ lp_passwordstore_length }}"
63 al_pws_nosymbols: "{{ lp_passwordstore_nosymbols }}"
64 al_pws_overwrite: "{{ lp_passwordstore_overwrite }}"
65 al_pws_passwordstore: "{{ lp_passwordstore_passwordstore }}"
66 al_pws_returnall: "{{ lp_passwordstore_returnall }}"
67 al_pws_subkey: "{{ lp_passwordstore_subkey }}"
68 al_pws_idempotent_password_hash: "{{ lp_passwordstore_idempotent_password_hash }}"
69 al_pws_query: "{{ lp_users }}"
70 register: result
71
72 - name: "passwords: Passwordstore: Create empty list my_passwords"
73 ansible.builtin.set_fact:
74 my_passwords: []
75 no_log: true # no-log-password password should not be logged.
76
77 - name: "passwords: Passwordstore: Create my_passwords"
78 ansible.builtin.set_fact:
79 my_passwords: "{{ my_passwords +
80 [item|dict2items|
81 rejectattr('key', 'equalto', 'userpass')|
82 list|items2dict|
83 combine({'update_password': lp_passwords_update_password})] }}"
84 loop: "{{ al_pws_query_result }}"
85 loop_control:
86 label: "{{ item.name }}"
87 no_log: true # no-log-password password should not be logged.
88
89 - name: "passwords: Passwordstore: Debug my_passwords"
90 ansible.builtin.debug:
91 var: my_passwords
92 when: lp_passwords_debug|bool
93
94 - name: "passwords: Passwordstore: Include users"
95 ansible.builtin.include_tasks:
96 file: users.yml
97 apply:
98 tags: lp_passwords_passwordstore
99 vars:
100 lp_users: "{{ my_passwords }}"
101
102 rescue:
103
104 - name: "passwords: Passwordstore: Debug fail"
105 ansible.builtin.debug:
106 var: result
107 when: lp_passwords_debug_classified|bool
108
109 - name: "passwords: Passwordstore: Fail"
110 ansible.builtin.fail:
111 msg: '[ERR] Passwordstore failed.'
112 when: not lp_passwords_fail_gracefully|bool
113
114 when: lp_passwordstore|bool
115 tags: lp_passwords_passwordstore
116
117# EOF
118...
pm_utils.yml
Synopsis: Configure pm_utils.
Description of the task.
1---
2# linux_postinstall pm_utils
3
4# TODO:
5# 1) add variables: lp_pm_powerd, lp_pm_configd
6# 2) add templates: pm-powerd.j2, pm-configd.j2
7# 3) add cases: resume, thaw, suspend, hibernate
8# 4) install pm_utils
9
10- name: "pm_utils: Configure /etc/pm/sleep.d"
11 ansible.builtin.template:
12 src: pm-sleepd.j2
13 dest: "/etc/pm/sleep.d/{{ item.value.file }}"
14 owner: root
15 group: root
16 mode: '0755'
17 backup: "{{ lp_backup_conf }}"
18 with_dict: "{{ lp_pm_sleepd|default({}) }}"
19 when: item.value.file|length > 0
20
21# EOF
22...
postfix.yml
Synopsis: Configure postfix.
Description of the task.
1---
2# linux_postinstall postfix
3
4- name: "postfix: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_postfix_install: {{ lp_postfix_install }}
9 lp_postfix_enable: {{ lp_postfix_enable }}
10 lp_postfix_flush_handlers: {{ lp_postfix_flush_handlers }}
11 lp_postfix_rescue_end_host: {{ lp_postfix_rescue_end_host }}
12 lp_postfix_service: {{ lp_postfix_service }}
13 lp_postfix_main_conf:
14 {{ lp_postfix_main_conf|to_yaml(indent=2)|indent(2) }}
15 lp_postfix_packages:
16 {{ lp_postfix_packages|to_nice_yaml(indent=2)|indent(2) }}
17 lp_backup_conf: {{ lp_backup_conf }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20 when: lp_postfix_debug|bool
21 tags: lp_postfix_debug
22
23- name: "postfix: Install packages"
24 ansible.builtin.import_role:
25 name: vbotka.linux_lib
26 tasks_from: install_package.yml
27 when: lp_postfix_install|bool
28 vars:
29 ll_ipkg_list: "{{ lp_postfix_packages }}"
30 ll_ipkg_state: "{{ lp_package_state }}"
31 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
32 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
33 ll_debug: "{{ lp_postfix_debug|bool }}"
34 tags: lp_postfix_packages
35
36- name: "chrony: Configure, enable, start, or disable postfix"
37 block:
38
39 - name: "postfix: Configure /etc/postfix/main.cf"
40 ansible.builtin.lineinfile:
41 dest: /etc/postfix/main.cf
42 regexp: '^\s*{{ item.key }}\s*=\s*(.*)$'
43 line: "{{ item.key }} = {{ item.value }}"
44 backup: "{{ lp_backup_conf }}"
45 create: true
46 mode: '0644'
47 loop: "{{ lp_postfix_main_conf }}"
48 loop_control:
49 label: "{{ item.key }}: {{ item.value }}"
50 notify: reload postfix
51 tags: lp_postfix_conf
52
53 - name: "postfix: Service {{ state }} and {{ enable }}"
54 ansible.builtin.service:
55 name: "{{ lp_postfix_service }}"
56 state: "{{ state }}"
57 enabled: "{{ enabled }}"
58 register: result
59 vars:
60 enabled: "{{ lp_postfix_enable|bool|d(false) }}"
61 state: "{{ lp_postfix_state|d(default_state) }}"
62 default_state: "{{ enabled|ternary('started', 'stopped') }}"
63 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
64 tags: lp_postfix_service
65
66 - name: "postfix: Debug service"
67 ansible.builtin.debug:
68 var: result
69 when: lp_postfix_debug|bool
70
71 rescue:
72
73 - name: "postfix: Print errors"
74 ansible.builtin.debug:
75 msg: |
76 [ERR] task {{ ansible_failed_task.name }} failed. End host.
77 ansible_failed_task:
78 {{ ansible_failed_task|to_yaml(indent=2)|indent(2) }}
79 ansible_failed_result:
80 {{ ansible_failed_result|to_yaml(indent=2)|indent(2) }}
81
82 - name: "postfix: End host"
83 ansible.builtin.meta: end_host
84 when:
85 - lp_postfix_rescue_end_host|bool
86 - not ansible_check_mode
87
88 - name: "postfix: Clear host errors"
89 ansible.builtin.meta: clear_host_errors
90
91- name: "postfix: Flush handlers"
92 ansible.builtin.meta: flush_handlers
93 when: lp_postfix_flush_handlers|bool
94
95# EOF
96...
rc_local.yml
Synopsis: Configure rc_local.
Description of the task.
1---
2# linux_postinstall rc_local
3
4- name: "rc_local: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_rc_local_service: {{ lp_rc_local_service }}
9 lp_rc_local_state: {{ lp_rc_local_state }}
10 lp_rc_local_template: {{ lp_rc_local_template }}
11 lp_rc_local_file: {{ lp_rc_local_file }}
12 lp_rc_local_owner: {{ lp_rc_local_owner }}
13 lp_rc_local_group: {{ lp_rc_local_group }}
14 lp_rc_local_mode: {{ lp_rc_local_mode }}
15 lp_rc_local_content:
16 {{ lp_rc_local_content|indent(2) }}
17 lp_backup_conf: {{ lp_backup_conf }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20 when: lp_rc_local_debug|bool
21 tags: lp_rc_local_debug
22
23- name: "rc_local: Manage service {{ lp_rc_local_service }}.service"
24 ansible.builtin.service:
25 name: "{{ lp_rc_local_service }}"
26 state: "{{ lp_rc_local_state }}"
27 tags: lp_rc_local_service
28
29- name: "rc_local: Create /etc/rc.local"
30 ansible.builtin.template:
31 src: "{{ lp_rc_local_template }}"
32 dest: "{{ lp_rc_local_file }}"
33 owner: "{{ lp_rc_local_owner }}"
34 group: "{{ lp_rc_local_group }}"
35 mode: "{{ lp_rc_local_mode }}"
36 backup: "{{ lp_backup_conf }}"
37 notify: restart rc-local
38 tags: lp_rc_local_file
39
40# EOF
41...
reboot.yml
Synopsis: Configure reboot.
Description of the task.
1---
2# linux_postinstall reboot
3
4- name: "reboot Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_reboot_force: {{ lp_reboot_force }}
9 lp_reboot_required_ignore: {{ lp_reboot_required_ignore }}
10 lp_reboot_required_file: {{ lp_reboot_required_file }}
11 lp_reboot_command: {{ lp_reboot_command }}
12 lp_reboot_wait_connect_timeout: {{ lp_reboot_wait_connect_timeout }}
13 lp_reboot_wait_sleep: {{ lp_reboot_wait_sleep }}
14 lp_reboot_wait_delay: {{ lp_reboot_wait_delay }}
15 lp_reboot_wait_timeout: {{ lp_reboot_wait_timeout }}
16 ansible.builtin.debug:
17 msg: "{{ '{}'.format(msg) }}"
18 when: lp_reboot_debug|bool
19 tags: lp_reboot_debug
20
21- name: "reboot: Debian test {{ lp_reboot_required_file }}"
22 block:
23 - name: "reboot: Stat {{ lp_reboot_required_file }}"
24 ansible.builtin.stat:
25 path: "{{ lp_reboot_required_file }}"
26 register: reboot_required_file_status
27 - name: "reboot: Set reboot_required"
28 ansible.builtin.set_fact:
29 reboot_required: "{{ reboot_required_file_status.exists|
30 default(false) }}"
31 when: ansible_os_family == 'Debian'
32
33- name: "reboot: RedHat test {{ lp_reboot_required_command }}"
34 block:
35 - name: "reboot: Run {{ lp_reboot_required_command }}"
36 ansible.builtin.command:
37 cmd: >
38 {{ lp_reboot_required_command }}
39 register: reboot_required_cmd_status
40 - name: "reboot: Set reboot_required"
41 ansible.builtin.set_fact:
42 reboot_required: "{{ (reboot_required_cmd_status.rc != 0)|
43 ternary(true, false) }}"
44 when: ansible_os_family == 'RedHat'
45
46- name: "reboot: Debug reboot_required"
47 ansible.builtin.debug:
48 var: reboot_required
49 when: lp_reboot_debug|bool
50
51- name: "reboot: Reboot and wait for connection"
52 ansible.builtin.reboot:
53 connect_timeout: "{{ lp_reboot_wait_connect_timeout }}"
54 post_reboot_delay: "{{ lp_reboot_wait_delay }}"
55 reboot_timeout: "{{ lp_reboot_wait_timeout }}"
56 when: (reboot_required|default(false) and (not lp_reboot_required_ignore)) or
57 lp_reboot_force|bool
58
59# - name: "reboot: Reboot and wait for connection"
60# block:
61# - name: "reboot: Reboot" # noqa 305
62# shell: "{{ lp_reboot_command }}"
63# async: 1
64# poll: 0
65# - name: "reboot: Wait for connection"
66# wait_for_connection:
67# connect_timeout: "{{ lp_reboot_wait_connect_timeout }}"
68# sleep: "{{ lp_reboot_wait_sleep }}"
69# delay: "{{ lp_reboot_wait_delay }}"
70# timeout: "{{ lp_reboot_wait_timeout }}"
71# when: (reboot_required|default(false) and
72# (not lp_reboot_required_ignore)) or lp_reboot_force
73
74# EOF
75...
repos.yml
Synopsis: Configure repos.
Description of the task.
1---
2# linux_postinstall repos
3
4- name: "repos: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_repos_keys:
9 {{ lp_repos_keys|to_nice_yaml(indent=2)|indent(2) }}
10 lp_repos:
11 {{ lp_repos|to_nice_yaml(indent=2)|indent(2) }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14 when: lp_repos_debug|bool
15 tags: lp_repos_debug
16
17- name: "repos: Manage repo signing keys"
18 ansible.builtin.apt_key:
19 data: "{{ item.data|default(omit) }}"
20 file: "{{ item.file|default(omit) }}"
21 id: "{{ item.id|default(omit) }}"
22 keyring: "{{ item.keyring|default(omit) }}"
23 keyserver: "{{ item.keyserver|default(omit) }}"
24 state: "{{ item.state|default(omit) }}"
25 url: "{{ item.url|default(omit) }}"
26 validate_certs: "{{ item.validate_certs|default(omit) }}"
27 loop: "{{ lp_repos_keys }}"
28 register: result
29 retries: "{{ lp_install_retries }}"
30 until: result is succeeded
31 delay: "{{ lp_install_delay }}"
32 tags: lp_repos_keys_manage
33
34- name: "repos: Manage repositories"
35 ansible.builtin.apt_repository:
36 codename: "{{ item.codename|default(omit) }}"
37 filename: "{{ item.filename|default(omit) }}"
38 mode: "{{ item.mode|default(omit) }}"
39 repo: "{{ item.repo|mandatory }}"
40 state: "{{ item.state|default(omit) }}"
41 update_cache: "{{ item.update_cache|default(omit) }}"
42 validate_certs: "{{ item.validate_certs|default(omit) }}"
43 loop: "{{ lp_repos }}"
44 loop_control:
45 label: "{{ item.repo }}"
46 tags: lp_repos_manage
47
48# EOF
49...
resolvconf.yml
Synopsis: Configure resolvconf.
Description of the task.
1---
2# linux_postinstall resolvconf
3
4- name: "resolvconf: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_resolvconf_service: {{ lp_resolvconf_service }}
9 lp_resolvconf_enable: {{ lp_resolvconf_enable }}
10 lp_package_state: {{ lp_package_state }}
11 lp_resolvconf_install: {{ lp_resolvconf_install }}
12 lp_resolvconf_packages:
13 {{ lp_resolvconf_packages|to_nice_yaml(indent=2)|indent(2) }}
14 lp_resolvconf_conf_owner: {{ lp_resolvconf_conf_owner }}
15 lp_resolvconf_conf_group: {{ lp_resolvconf_conf_group }}
16 lp_resolvconf_conf_mode: {{ lp_resolvconf_conf_mode }}
17 lp_resolvconf_conf:
18 {{ lp_resolvconf_conf|to_nice_yaml(indent=2)|indent(2) }}
19 lp_resolvconf_confd_head:
20 {{ lp_resolvconf_confd_head|to_yaml(indent=2)|indent(2) }}
21 lp_backup_conf: {{ lp_backup_conf }}
22 ansible.builtin.debug:
23 msg: "{{ '{}'.format(msg) }}"
24 when: lp_resolvconf_debug|bool
25 tags: lp_resolvconf_debug
26
27- name: "resolvconf: Install packages"
28 ansible.builtin.import_role:
29 name: vbotka.linux_lib
30 tasks_from: install_package.yml
31 when: lp_resolvconf_install|bool
32 vars:
33 ll_ipkg_list: "{{ lp_resolvconf_packages }}"
34 ll_ipkg_state: "{{ lp_package_state }}"
35 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
36 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
37 ll_debug: "{{ lp_resolvconf_debug|bool }}"
38 tags: lp_resolvconf_packages
39
40- name: "resolvconf: Configure lp_resolvconf_conf"
41 ansible.builtin.template:
42 src: "{{ item.src }}"
43 dest: "{{ item.dest }}"
44 owner: "{{ item.owner }}"
45 group: "{{ item.group }}"
46 mode: "{{ item.mode }}"
47 backup: "{{ lp_backup_conf }}"
48 loop: "{{ lp_resolvconf_conf }}"
49 loop_control:
50 label: "{{ item.dest }}"
51 notify: restart resolvconf
52 tags: lp_resolvconf_confd_head
53
54- name: "resolvconf: Service {{ state }} and {{ enable }}"
55 ansible.builtin.service:
56 name: "{{ lp_resolvconf_service }}"
57 state: "{{ state }}"
58 enabled: "{{ enabled }}"
59 register: result
60 vars:
61 enabled: "{{ lp_resolvconf_enable|bool|d(false) }}"
62 state: "{{ lp_resolvconf_state|d(default_state) }}"
63 default_state: "{{ enabled|ternary('started', 'stopped') }}"
64 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
65 tags: lp_resolvconf_service
66
67- name: "resolvconf: Debug service"
68 ansible.builtin.debug:
69 var: result
70 when: lp_resolvconf_debug|bool
71 tags: lp_resolvconf_service
72
73# EOF
74...
service.yml
Synopsis: Manage services.
Debug (6)
TBD
Sanity (24)
TBD
Automatic management of listed services (60)
If not empty (86) iterate lp_service_auto (69). Skip when lp_
~ item (76) is not True (73). Get (77) and use (65) the OS
dependent name of the service. Get (78) and set (66) the service
enablement. Get (80) and set (66) the service state. Use
default_stat (81) if lp_*_state does not exist. Get (79) and
use the module (68).
Manual management of listed services (89)
If not empty (100) iterate lp_service in the included tasks
(98). If auto (95) set the module (94) to ansible_service_mgr
(OS native service manager found by the setup). TBC
Flush handlers (103)
Automatic management of listed services notifies
ansible_service_mgr (74). See the tasks service-*.yml how manual
management options notify handlers.
1---
2# linux_postinstall service
3
4# [TODO] add list of services, e.g. tlp and nm 'lp_' ~ item ~ '_services'
5
6- name: "service: Debug"
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_os_family }}
10 ansible_service_mgr: {{ ansible_service_mgr }}
11 lp_service_sanity: {{ lp_service_sanity }}
12
13 lp_service_module: {{ lp_service_module }}
14 lp_service_module_valid: {{ lp_service_module_valid }}
15 lp_service:
16 {{ lp_service|to_nice_yaml(indent=2)|indent(2) }}
17 lp_service_auto:
18 {{ lp_service_auto|to_nice_yaml(indent=2)|indent(2) }}
19 ansible.builtin.debug:
20 msg: "{{ '{}'.format(msg) }}"
21 when: lp_service_debug|bool
22 tags: lp_service_debug
23
24- name: Sanity
25 block:
26
27 - name: "service: Get service facts"
28 ansible.builtin.service_facts:
29
30 - name: "service: Sanity lp_service_auto items are defined"
31 ansible.builtin.assert:
32 that: my_services_undef|length == 0
33 fail_msg: "[ERR] Undefined services: {{ my_services_undef }}"
34 success_msg: "[OK] All service names in lp_service_auto are valid."
35 quiet: "{{ lp_service_sanity_quiet }}"
36 when: lp_service_auto|length > 0
37 vars:
38 my_services_alias: "{{ lp_service_auto }}"
39
40 - name: "service: Sanity lp_service names are defined"
41 ansible.builtin.assert:
42 that: my_services_undef|length == 0
43 fail_msg: "[ERR] Undefined services: {{ my_services_undef }}"
44 success_msg: "[OK] All service names in lp_service are valid."
45 quiet: "{{ lp_service_sanity_quiet }}"
46 when: lp_service|length > 0
47 vars:
48 my_services_alias: "{{ lp_service|map(attribute='name') }}"
49
50 - name: "service: Sanity lp_service_module"
51 ansible.builtin.assert:
52 that: lp_service_module in lp_service_module_valid
53 fail_msg: "[ERR] {{ lp_service_module }} not in {{ lp_service_module_valid }}"
54 success_msg: "[OK] {{ lp_service_module }} is valid value of lp_service_module."
55 quiet: "{{ lp_service_sanity_quiet }}"
56
57 when: lp_service_sanity|bool
58 tags: lp_service_sanity
59
60- name: Automatic management of listed services
61 block:
62
63 - name: "service: Automatic management of listed services"
64 ansible.builtin.service:
65 name: "{{ srv_name }}"
66 state: "{{ srv_stat }}"
67 enabled: "{{ srv_enbl|bool }}"
68 use: "{{ use_modl }}"
69 loop: "{{ lp_service_auto }}"
70 loop_control:
71 label: "{{ srv_name }} enabled={{ srv_enbl }} state={{ srv_stat }} use={{ use_modl }}"
72 register: result
73 when: run_task
74 notify: "reload {{ ansible_service_mgr }} daemon"
75 vars:
76 run_task: "{{ lookup('vars', 'lp_' ~ item, default=false) }}"
77 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
78 srv_enbl: "{{ lookup('vars', 'lp_' ~ item ~ '_enable', default=false) }}"
79 use_modl: "{{ lookup('vars', 'lp_' ~ item ~ '_module', default='auto') }}"
80 srv_stat: "{{ lookup('vars', 'lp_' ~ item ~ '_state', default=default_stat) }}"
81 default_stat: "{{ srv_enbl|bool|ternary('started', 'stopped') }}"
82
83 - name: "service: Debug"
84 ansible.builtin.include_tasks: fn/service-debug.yml
85
86 when: lp_service_auto|length > 0
87 tags: lp_service_auto
88
89- name: Manual management of listed services
90 block:
91
92 - name: "service: Manual management set module auto"
93 set_fact:
94 lp_service_module: "{{ ansible_service_mgr }}"
95 when: lp_service_module == 'auto'
96
97 - name: "service: Include {{ lp_service_module }}"
98 include_tasks: "fn/service-{{ lp_service_module }}.yml"
99
100 when: lp_service|length > 0
101 tags: lp_service_manual
102
103- name: "service: Flush handlers"
104 ansible.builtin.meta: flush_handlers
105 tags:
106 - lp_service_auto
107 - lp_service_manual
108
109# EOF
110...
service-service.yml
Synopsis: Configure service-service.
Description of the task.
[tasks/fn/service-service.yml]
1---
2# linux_postinstall function service-service
3
4- name: "service: Manual management of listed services"
5 ansible.builtin.service:
6 name: "{{ item.name }}"
7 arguments: "{{ item.arguments|default(omit) }}"
8 enabled: "{{ item.enabled|default(omit) }}"
9 pattern: "{{ item.pattern|default(omit) }}"
10 runlevel: "{{ item.runlevel|default(omit) }}"
11 sleep: "{{ item.sleep|default(omit) }}"
12 state: "{{ item.state|default(omit) }}"
13 use: "{{ item.use|default(omit) }}"
14 loop: "{{ lp_service }}"
15 loop_control:
16 label: >-
17 {{ item.name }}
18 enabled={{ item.enabled|d('UNDEFINED') }}
19 state={{ item.state|d('UNDEFINED') }}
20 use={{ item.use|d('UNDEFINED') }}
21 register: result
22 notify: "reload {{ ansible_service_mgr }} daemon"
23
24- name: "service: Debug Manual management full results"
25 ansible.builtin.debug:
26 var: result
27 when: lp_service_debug2|d(false)|bool
28
29- name: "service: Debug Manual management selected results"
30 ansible.builtin.debug:
31 msg: |
32 {% for i in result.results %}
33 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
34 changed: {{ i.changed }}
35 name: {{ i.name|d('UNDEFINED') }}
36 enabled: {{ i.enabled|d('UNDEFINED') }}
37 state: {{ i.state|d('UNDEFINED') }}
38 msg: {{ i.msg|d('UNDEFINED') }}
39
40 invocation:
41 {{ i.invocation.module_args|to_nice_yaml(indent=2)|indent(2) }}
42 item:
43 {{ i.item|to_nice_yaml(indent=2)|indent(2) }}
44 {% endfor %}
45 when: lp_service_debug|bool
46
47# EOF
48...
service-systemd.yml
Synopsis: Configure service-systemd.
Description of the task.
[tasks/fn/service-systemd.yml]
1---
2# linux_postinstall function service-systemd
3
4# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/systemd_service_module.html#notes
5# Quoting from Notes: The order of execution when having multiple
6# properties is to first enable/disable, then mask/unmask and then
7# deal with service state. It has been reported that systemctl can
8# behave differently depending on the order of operations if you do
9# the same manually.
10
11- name: "service:systemd"
12 block:
13
14 - name: "service:systemd: enable/disable"
15 ansible.builtin.systemd:
16 loop: "{{ _enabld }}"
17 loop_control:
18 label: "{{ item.name }} enabled={{ enabled }}"
19 register: result
20 notify: reload systemd daemon
21 - name: "service:systemd: Debug"
22 ansible.builtin.include_tasks: fn/service-debug.yml
23 when: _enabld|length > 0
24 - name: "service:systemd: Flush handlers"
25 ansible.builtin.meta: flush_handlers
26 when: _enabld|length > 0
27
28 - name: "service:systemd: mask/unmask"
29 ansible.builtin.systemd:
30 loop: "{{ _masked }}"
31 loop_control:
32 label: "{{ item.name }} enabled={{ enabled }} masked={{ masked }}"
33 register: result
34 notify: reload systemd daemon
35 - name: "service:systemd: Debug"
36 ansible.builtin.include_tasks: fn/service-debug.yml
37 when: _masked|length > 0
38 - name: "service:systemd: Flush handlers"
39 ansible.builtin.meta: flush_handlers
40 when: _masked|length > 0
41
42 - name: "service:systemd: all"
43 ansible.builtin.systemd:
44 loop: "{{ lp_service }}"
45 loop_control:
46 label: "{{ item.name }} enabled={{ enabled }} masked={{ masked }} state={{ state }}"
47 register: result
48 notify: reload systemd daemon
49 - name: "service:systemd: Debug"
50 ansible.builtin.include_tasks: fn/service-debug.yml
51 when: lp_service|length > 0
52
53 module_defaults:
54
55 ansible.builtin.systemd:
56 name: "{{ item.name|default(omit) }}"
57 daemon_reexec: "{{ item.daemon_reexec|default(omit) }}"
58 daemon_reload: "{{ item.daemon_reload|default(omit) }}"
59 enabled: "{{ item.enabled|default(omit) }}"
60 force: "{{ item.force|default(omit) }}"
61 masked: "{{ item.masked|default(omit) }}"
62 no_block: "{{ item.no_block|default(omit) }}"
63 scope: "{{ item.scope|default(omit) }}"
64 state: "{{ item.state|default(omit) }}"
65
66 vars:
67
68 _enabld: "{{ lp_service|selectattr('enabled', 'defined')|
69 ansible.utils.remove_keys(target=['masked', 'state']) }}"
70 _masked: "{{ lp_service|selectattr('masked', 'defined')|
71 ansible.utils.remove_keys(target=['state']) }}"
72 enabled: "{{ item.enabled|d('UNDEFINED') }}"
73 masked: "{{ item.masked|d('UNDEFINED') }}"
74 state: "{{ item.state|d('UNDEFINED') }}"
75
76# EOF
77...
service-sysvinit.yml
Synopsis: Configure service-sysvinit.
Description of the task.
[tasks/fn/service-sysvinit.yml]
1---
2# linux_postinstall function service-sysvinit
3
4- name: "service:sysvinit"
5 ansible.builtin.debug:
6 msg: "[WARNING] Not implemented yet. End host."
7- ansible.builtin.meta: end_host
service-debug.yml
Synopsis: Configure service-debug.
Description of the task.
1---
2# linux_postinstall function service-debug
3
4- name: "service: Debug management full results"
5 ansible.builtin.debug:
6 var: result
7 when: lp_service_debug2|d(false)|bool
8
9- name: "service: Debug management selected results"
10 ansible.builtin.debug:
11 msg: |
12 {% for i in result.results %}
13 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14 changed: {{ i.changed }}
15 item:
16 {{ i.item|to_nice_yaml(indent=2)|indent(2) }}
17 {% if i.skipped|d(false) %}
18 skip_reason: {{ i.skip_reason }}
19 {% else %}
20 name: {{ i.name|d('UNDEFINED') }}
21 enabled: {{ i.enabled|d('UNDEFINED') }}
22 state: {{ i.state|d('UNDEFINED') }}
23 msg: {{ i.msg|d('UNDEFINED') }}
24 invocation:
25 {{ i.invocation.module_args|to_nice_yaml(indent=2)|indent(2) }}
26 {% endif %}
27 {% endfor %}
28 when: lp_service_debug|bool
29
30# EOF
31...
smart.yml
Synopsis: Configure smart.
Description of the task.
1---
2# linux_postinstall smart
3
4- name: "smart: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_smart_install: {{ lp_smart_install }}
9 lp_smart_packages:
10 {{ lp_smart_packages|to_nice_yaml(indent=2)|indent(2) }}
11 lp_backup_conf: {{ lp_backup_conf }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14 when: lp_smart_debug|bool
15 tags: lp_smart_debug
16
17- name: "smart: Install packages"
18 ansible.builtin.import_role:
19 name: vbotka.linux_lib
20 tasks_from: install_package.yml
21 when: lp_smart_install|bool
22 vars:
23 ll_ipkg_list: "{{ lp_smart_packages }}"
24 ll_ipkg_state: "{{ lp_package_state }}"
25 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
26 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
27 ll_debug: "{{ lp_smart_debug|bool }}"
28 tags: lp_smart_packages
29
30- name: "smart: Configure {{ lp_smart_conf_file }}. Do not scan for devices"
31 ansible.builtin.lineinfile:
32 state: absent
33 dest: "{{ lp_smart_conf_file }}"
34 regexp: '^\s*DEVICESCAN\s*(.*)$'
35 owner: "{{ lp_smart_conf_owner }}"
36 group: "{{ lp_smart_conf_group }}"
37 mode: "{{ lp_smart_conf_mode }}"
38 backup: "{{ lp_backup_conf }}"
39 create: true
40 when: not lp_smart_devicescan|bool
41 notify: reload smart
42 tags: lp_smart_conf
43
44- name: "smart: Configure devices in {{ lp_smart_conf_file }}"
45 ansible.builtin.lineinfile:
46 dest: "{{ lp_smart_conf_file }}"
47 regexp: "{{ item.regexp }}"
48 line: "{{ item.line }}"
49 owner: "{{ lp_smart_conf_owner }}"
50 group: "{{ lp_smart_conf_group }}"
51 mode: "{{ lp_smart_conf_mode }}"
52 backup: "{{ lp_backup_conf }}"
53 create: true
54 loop: "{{ lp_smart_devices }}"
55 loop_control:
56 label: "{{ item.line }}"
57 notify: reload smart
58 tags: lp_smart_conf
59
60- name: "smart: Service {{ state }} and {{ enable }}"
61 ansible.builtin.service:
62 name: "{{ lp_smart_service }}"
63 state: "{{ state }}"
64 enabled: "{{ enabled }}"
65 register: result
66 vars:
67 enabled: "{{ lp_smart_enable|bool|d(false) }}"
68 state: "{{ lp_smart_state|d(default_state) }}"
69 default_state: "{{ enabled|ternary('started', 'stopped') }}"
70 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
71 tags: lp_smart_service
72
73- name: "smart: Debug service"
74 ansible.builtin.debug:
75 var: result
76 when: lp_smart_debug|bool
77 tags: lp_smart_service
78
79# EOF
80...
snap.yml
Synopsis: Configure snap.
Description of the task.
1---
2# linux_postinstall snap
3
4- name: "snap: Debug"
5 ansible.builtin.debug:
6 msg: Not implemented yet.
7
8# [TODO]
9#
10# https://snapcraft.io/docs/getting-started
11# https://www.osnews.com/story/131714/disabling-snaps-in-ubuntu-20-04/
12# https://www.kevin-custer.com/blog/disabling-snaps-in-ubuntu-20-04/
13# https://askubuntu.com/questions/1204571/chromium-without-snap
14
15# EOF
16...
speechd.yml
Synopsis: Configure speechd.
Description of the task.
1---
2# linux_postinstall speechd
3
4- name: "speechd: Debug"
5 ansible.builtin.debug:
6 msg: "lp_speechd_enable: {{ lp_speechd_enable }}"
7 when: lp_speechd_debug|bool
8
9- name: "speechd: Service {{ state }} and {{ enable }}"
10 ansible.builtin.service:
11 name: "{{ lp_speechd_service }}"
12 state: "{{ state }}"
13 enabled: "{{ enabled }}"
14 register: result
15 vars:
16 enabled: "{{ lp_speechd_enable|bool|d(false) }}"
17 state: "{{ lp_speechd_state|d(default_state) }}"
18 default_state: "{{ enabled|ternary('started', 'stopped') }}"
19 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
20 tags: lp_speechd_service
21
22- name: "speechd: Debug service"
23 ansible.builtin.debug:
24 var: result
25 when: lp_speechd_debug|bool
26
27# EOF
28...
sshd.yml
Synopsis: Configure sshd.
Description of the task.
1---
2# linux_postinstall sshd
3
4- name: "sshd: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_sshd_enable: {{ lp_sshd_enable }}
9 lp_sshd_config_remove_duplicates: {{ lp_sshd_config_remove_duplicates }}
10 lp_sshd_config:
11 {{ lp_sshd_config|to_yaml(indent=2)|indent(2) }}
12 lp_backup_conf: {{ lp_backup_conf }}
13 ansible.builtin.debug:
14 msg: "{{ '{}'.format(msg) }}"
15 when: lp_sshd_debug|bool
16 tags: lp_sshd_debug
17
18- name: "sshd: Remove duplicate parameters from /etc/ssh/sshd_config"
19 ansible.builtin.replace:
20 dest: /etc/ssh/sshd_config
21 after: '^\s*{{ item.key }}(?!\S)'
22 regexp: '^\s*{{ item.key }}(?!\S).*$'
23 backup: "{{ lp_backup_conf }}"
24 validate: "{{ lp_sshd_path }} -t -f %s"
25 loop: "{{ lp_sshd_config }}"
26 loop_control:
27 label: "{{ item.key }}"
28 notify: reload sshd
29 when: lp_sshd_config_remove_duplicates|bool
30 tags: lp_sshd_config
31
32- name: "sshd: Configure /etc/ssh/sshd_config"
33 ansible.builtin.lineinfile:
34 dest: /etc/ssh/sshd_config
35 regexp: '^\s*{{ item.key }}(?!\S).*$'
36 line: "{{ item.key }} {{ item.value }}"
37 backup: "{{ lp_backup_conf }}"
38 validate: "{{ lp_sshd_path }} -t -f %s"
39 loop: "{{ lp_sshd_config }}"
40 loop_control:
41 label: "{{ item.key }}: {{ item.value }}"
42 notify: reload sshd
43 tags: lp_sshd_config
44
45- name: "sshd: Service {{ state }} and {{ enable }}"
46 ansible.builtin.service:
47 name: "{{ lp_sshd_service }}"
48 state: "{{ state }}"
49 enabled: "{{ enabled }}"
50 register: result
51 vars:
52 enabled: "{{ lp_sshd_enable|bool|d(false) }}"
53 state: "{{ lp_sshd_state|d(default_state) }}"
54 default_state: "{{ enabled|ternary('started', 'stopped') }}"
55 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
56 tags: lp_sshd_service
57
58- name: "sshd: Debug service"
59 ansible.builtin.debug:
60 var: result
61 when: lp_sshd_debug|bool
62 tags: lp_sshd_service
63
64# EOF
65...
ssh.yml
Synopsis: Configure ssh.
Description of the task.
1---
2# linux_postinstall ssh
3
4- name: "ssh: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_ssh_config:
9 {{ lp_ssh_config|to_yaml(indent=2)|indent(2) }}
10 lp_backup_conf: {{ lp_backup_conf }}
11 ansible.builtin.debug:
12 msg: "{{ '{}'.format(msg) }}"
13 when: lp_ssh_debug|bool
14 tags: lp_ssh_debug
15
16- name: "ssh: Configure /etc/ssh/ssh_config"
17 ansible.builtin.template:
18 src: ssh_config.j2
19 dest: /etc/ssh/ssh_config
20 backup: "{{ lp_backup_conf }}"
21 mode: '0644'
22 tags: lp_ssh_conf
23
24# EOF
25...
sudoers.yml
Synopsis: Configure sudoers.
Description of the task.
1---
2# linux_postinstall sudoers
3
4- name: "sudoers: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_sudoers_conf:
9 {{ lp_sudoers_conf|to_yaml(indent=2)|indent(2) }}
10 lp_backup_conf: {{ lp_backup_conf }}
11 ansible.builtin.debug:
12 msg: "{{ '{}'.format(msg) }}"
13 when: lp_sudoers_debug|bool
14 tags: lp_sudoers_debug
15
16- name: "sudoers: Configure /etc/sudoers"
17 ansible.builtin.lineinfile:
18 path: /etc/sudoers
19 line: "{{ item.line }}"
20 state: "{{ item.state|default('present') }}"
21 backup: "{{ lp_backup_conf }}"
22 create: true
23 mode: '0440'
24 loop: "{{ lp_sudoers_conf }}"
25 tags: lp_sudoers_conf
26
27- name: "sudoers: Configure /etc/sudoers.d/01"
28 ansible.builtin.lineinfile:
29 path: /etc/sudoers.d/01
30 line: "{{ item }}"
31 owner: "{{ lp_sudoers_owner }}"
32 group: "{{ lp_sudoers_group }}"
33 mode: "{{ lp_sudoers_mode }}"
34 backup: "{{ lp_backup_conf }}"
35 create: true
36 loop: "{{ lp_sudoers_01 }}"
37 tags: lp_sudoers_dconf
38
39# EOF
40...
swap.yml
Synopsis: Configure swap.
Description of the task.
1---
2# linux_postinstall swap
3
4- name: "swap: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_swap: {{ lp_swap }}
9 lp_swap_enable: {{ lp_swap_enable }}
10 lp_swap_sanity: {{ lp_swap_sanity }}
11 lp_swap_flush_handlers: {{ lp_swap_flush_handlers }}
12 lp_swap_rescue_end_host: {{ lp_swap_rescue_end_host }}
13 lp_swap_file: {{ lp_swap_file|default("UNDEFINED") }}
14 lp_swap_size: {{ lp_swap_size|default("UNDEFINED") }}
15 lp_swap_stsize: {{ lp_swap_stsize|default("UNDEFINED") }}
16 lp_backup_conf: {{ lp_backup_conf }}
17 ansible.builtin.debug:
18 msg: "{{ '{}'.format(msg) }}"
19 when: lp_swap_debug|bool
20 tags: lp_swap_debug
21
22- name: "swap: Sanity"
23 block:
24
25 - name: "swap: sanity: Defined lp_swap_file"
26 ansible.builtin.assert:
27 that: lp_swap_file is defined
28 fail_msg: "[ERR] Variable lp_swap_file must be defined."
29
30 - name: "swap: sanity: Defined lp_swap_size and lp_swap_stsize"
31 ansible.builtin.assert:
32 that: lp_swap_size is defined and lp_swap_stsize is defined
33 fail_msg: "[ERR] Variables lp_swap_size and lp_swap_stsize must be defined."
34 when: lp_swap_enable|bool
35
36 when: lp_swap_sanity|bool
37 tags: lp_swap_sanity
38
39- name: "swap: Create, change, or remove {{ lp_swap_file }}"
40 block:
41
42 - name: "swap: Create swapfile {{ lp_swap_file }}"
43 ansible.builtin.shell:
44 cmd: >
45 sh -c
46 'if [ ! -e {{ lp_swap_file }} ];
47 then printf "create";
48 fi'
49 register: command_result
50 changed_when: command_result.stdout == 'create'
51 notify: create and mount swap file
52 tags: lp_swap_swapfile
53
54 - name: "swap: Change swapfile {{ lp_swap_file }}"
55 ansible.builtin.shell:
56 cmd: >
57 sh -c
58 'if [ -e {{ lp_swap_file }} ] &&
59 [ "`stat --format '%s' {{ lp_swap_file }}`" -ne "{{ lp_swap_stsize }}" ];
60 then printf "change";
61 fi'
62 register: command_result
63 changed_when: command_result.stdout == 'change'
64 notify: change and mount swap file
65 tags: lp_swap_swapfile
66
67 - name: "swap: Create swap entry in /etc/fstab"
68 ansible.posix.mount:
69 path: none
70 src: "{{ lp_swap_file }}"
71 fstype: swap
72 opts: sw
73 passno: '0'
74 dump: '0'
75 state: present
76 backup: "{{ lp_backup_conf }}"
77 when: lp_swap_enable|bool
78 tags: lp_swap_fstab
79
80 - name: "swap: Remove swap entry from /etc/fstab"
81 ansible.posix.mount:
82 path: none
83 src: "{{ lp_swap_file }}"
84 fstype: swap
85 opts: sw
86 passno: '0'
87 dump: '0'
88 state: absent
89 backup: "{{ lp_backup_conf }}"
90 notify: remove swap file
91 when: not lp_swap_enable|bool
92 tags: lp_swap_swapfile
93
94 rescue:
95
96 - name: "swap: Print errors"
97 ansible.builtin.debug:
98 msg: |
99 [ERR] task {{ ansible_failed_task.name }} failed. End host.
100 ansible_failed_task:
101 {{ ansible_failed_task|to_yaml(indent=2)|indent(2)
102 ansible_failed_result:
103 {{ ansible_failed_result|to_yaml(indent=2)|indent(2)
104
105 - name: "swap: End host"
106 ansible.builtin.meta: end_host
107 when: lp_swap_rescue_end_host|bool
108
109- name: "swap: Flush handlers"
110 ansible.builtin.meta: flush_handlers
111 when: lp_swap_flush_handlers|bool
112
113# EOF
114...
sysctl.yml
Synopsis: Configure sysctl.
Description of the task.
1---
2# linux_postinstall sysctl
3
4- name: "sysctl: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_sysctl_no_extra_spaces: {{ lp_sysctl_no_extra_spaces }}
9 lp_sysctl_vars:
10 {{ lp_sysctl_vars|to_yaml(indent=2)|indent(2) }}
11 ansible.builtin.debug:
12 msg: "{{ '{}'.format(msg) }}"
13 when: lp_sysctl_debug|bool
14 tags: lp_sysctl_debug
15
16- name: "sysctl: Configure /etc/sysctl.conf"
17 ansible.builtin.lineinfile:
18 dest: /etc/sysctl.conf
19 regexp: '^\s*{{ item.var }}\s*=(.*)$'
20 line: "{{ item.var }}{{ lp_sysctl_extra_space }}={{ lp_sysctl_extra_space }}{{ item.value }}"
21 backup: "{{ lp_backup_conf }}"
22 loop: "{{ lp_sysctl_vars }}"
23 loop_control:
24 label: "{{ item.var }}: {{ item.value }}"
25 notify: load sysctl settings
26
27# EOF
28...
systemd.yml
Synopsis: Configure systemd.
Set my_services (13)
Iterate lp_systemd_unit (18) and create dictionary
my_services. It will be used by handlers to decide if and
how to reload or restart services
1my_services:
2 <name>.<type|default(lp_systemd_unit_type)>:
3 state: <control.state|default('started')>
4 restart_or_reload: <control.restart_or_reload|default('reload')>
5...
Debug (31)
To see the values of the variables run the playbook with
options -t lp_systemd_debug -e lp_systemd_debug=True (54).
Packages (58)
Install packages when enabled (62).
Configure systemd (72)
Use community.general.ini_file (73) to configure files (74) in loop
with_subelements (84-86). Register
lp_systemd_conf_changes (83) and notify handler reload
systemd conf (89).
1lp_systemd_conf:
2 <path>:
3 owner: <owner|default(lp_systemd_owner)>
4 group: <group|default(lp_systemd_group)>
5 mode: <mode|default(lp_systemd_mode)>
6 reload_service: <service to be reloaded or restarted by handler>
7 conf:
8 - {section: <section>, key: <option>, val: <value>}
9 ...
Create units (114)
Use `` ansible.builtin.template`` (115) to create units in the loop
(123) when state == 'create' (127). Register
lp_systemd_unit_create_changes (122) and notify handler reload
systemd units (126).
1lp_systemd_unit:
2 - name: <name of the service>
3 type: <type of the service|default(lp_systemd_unit_type)>
4 path: <directory of the units|default(lp_systemd_unit_dir)>
5 owner: <owner|default(lp_systemd_owner)>
6 group: <group|default(lp_systemd_group)>
7 mode: <mode|default(lp_systemd_mode)>
8 state: <'create' or 'absent'|default('noop')>
9 ...
Remove units (136)
<TBD>
Control units (153)
1lp_systemd_unit:
2 - name: <name of the service>
3 type: <type of the service|default(lp_systemd_unit_type)>
4 control:
5 daemon_reexec: <daemon_reexec|default(omit)>
6 daemon_reload: <daemon_reload|default(omit)>
7 enabled: <enabled|default(systemd_units_enabled)>
8 force: <force|default(omit)>
9 masked: <masked|default(omit)>
10 no_block: <no_block|default(omit)>
11 scope: <scope|default(omit)>
12 state: <state|default(omit)>
See also
Description of Parameters Ansible module systemd
<TBD>
1---
2# linux_postinstall systemd
3
4# Vars
5- name: "systemd: Create empty dictionary my_services"
6 ansible.builtin.set_fact:
7 my_services: {}
8 tags:
9 - lp_systemd_debug
10 - lp_systemd_packages
11 - lp_systemd_conf
12
13- name: "systemd: Set my_services"
14 ansible.builtin.set_fact:
15 my_services: "{{ my_services|
16 combine({my_name: {'state': my_state,
17 'restart_or_reload': my_restart_or_reload }}) }}"
18 loop: "{{ lp_systemd_unit }}"
19 loop_control:
20 label: "{{ my_name }}"
21 vars:
22 my_name: "{{ item.name }}.{{ item.type|default(lp_systemd_unit_type) }}"
23 my_state: "{{ item.control.state|default('started') }}"
24 my_restart_or_reload: "{{ item.control.restart_or_reload|default('reloaded') }}"
25 tags:
26 - lp_systemd_debug
27 - lp_systemd_packages
28 - lp_systemd_conf
29
30# Debug
31- name: "systemd: Debug"
32 vars:
33 msg: |-
34 ansible_os_family: {{ ansible_os_family }}
35 lp_systemd_install: {{ lp_systemd_install }}
36 lp_systemd_packages:
37 {{ lp_systemd_packages|to_nice_yaml(indent=2)|indent(2) }}
38 lp_systemd_dir: {{ lp_systemd_dir }}
39 lp_systemd_owner: {{ lp_systemd_owner }}
40 lp_systemd_group: {{ lp_systemd_group }}
41 lp_systemd_mode: {{ lp_systemd_mode }}
42 lp_systemd_conf_no_extra_spaces: {{ lp_systemd_conf_no_extra_spaces }}
43 lp_systemd_conf:
44 {{ lp_systemd_conf|to_yaml(indent=2)|indent(2) }}
45 lp_systemd_unit_dir: {{ lp_systemd_unit_dir }}
46 lp_systemd_unit_type: {{ lp_systemd_unit_type }}
47 lp_systemd_unit:
48 {{ lp_systemd_unit|to_nice_yaml(indent=2)|indent(2) }}
49 my_services:
50 {{ my_services|to_yaml(indent=2)|indent(2) }}
51 lp_backup_conf: {{ lp_backup_conf }}
52 ansible.builtin.debug:
53 msg: "{{ '{}'.format(msg) }}"
54 when: lp_systemd_debug|bool
55 tags: lp_systemd_debug
56
57# Packages
58- name: "systemd: Install packages"
59 ansible.builtin.import_role:
60 name: vbotka.linux_lib
61 tasks_from: install_package.yml
62 when: lp_systemd_install|bool
63 vars:
64 ll_ipkg_list: "{{ lp_systemd_packages }}"
65 ll_ipkg_state: "{{ lp_package_state }}"
66 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
67 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
68 ll_debug: "{{ lp_systemd_debug|bool }}"
69 tags: lp_systemd_packages
70
71# Conf
72- name: "systemd: Configure systemd"
73 community.general.ini_file:
74 path: "{{ item.0.key }}"
75 section: "{{ item.1.section }}"
76 option: "{{ item.1.key }}"
77 value: "{{ item.1.val }}"
78 owner: "{{ item.0.value.owner|default(lp_systemd_owner) }}"
79 group: "{{ item.0.value.group|default(lp_systemd_group) }}"
80 mode: "{{ item.0.value.mode|default(lp_systemd_mode) }}"
81 no_extra_spaces: "{{ lp_systemd_conf_no_extra_spaces }}"
82 backup: "{{ lp_backup_conf }}"
83 register: lp_systemd_conf_changes
84 with_subelements:
85 - "{{ lp_systemd_conf|dict2items }}"
86 - value.conf
87 loop_control:
88 label: "{{ item.0.key }} {{ item.1.section }} {{ item.1.key }} {{ item.1.val }}"
89 notify: reload systemd conf
90 tags: lp_systemd_conf
91
92- name: "systemd: Debug conf results"
93 ansible.builtin.debug:
94 msg: "{{ lp_systemd_conf_changes.results }}"
95 when: lp_systemd_debug|bool
96 tags: lp_systemd_conf
97
98- name: "systemd: Debug loop conf results"
99 ansible.builtin.debug:
100 msg: "{{ my_service }} {{ my_state }} {{ my_restart_or_reload }}"
101 loop: "{{ lp_systemd_conf_changes.results }}"
102 loop_control:
103 label: "{{ item.path|default('NA') }}" # 'lp_systemd: false' complains "no attribute 'path'"
104 vars:
105 my_service: "{{ item.item.0.value.reload_service }}"
106 my_state: "{{ my_services[my_service].state|default('started') }}"
107 my_restart_or_reload: "{{ my_services[my_service].restart_or_reload|default('reloaded') }}"
108 when:
109 - lp_systemd_debug|bool
110 - lp_systemd_conf_changes.results|default([])|length > 0
111 tags: lp_systemd_conf
112
113# Units
114- name: "systemd: Create units"
115 ansible.builtin.template:
116 src: systemd-unit.j2
117 dest: "{{ item.path|default(lp_systemd_unit_dir) }}/{{ item.name }}.{{ item.type|default(lp_systemd_unit_type) }}"
118 owner: "{{ item.owner|default(lp_systemd_owner) }}"
119 group: "{{ item.group|default(lp_systemd_group) }}"
120 mode: "{{ item.mode|default(lp_systemd_mode) }}"
121 backup: "{{ lp_backup_conf }}"
122 register: lp_systemd_unit_create_changes
123 loop: "{{ lp_systemd_unit }}"
124 loop_control:
125 label: "{{ item.name }}.{{ item.type|default(lp_systemd_unit_type) }}"
126 notify: reload systemd units
127 when: item.state|default('noop') == 'create'
128 tags: lp_systemd_unit_create
129
130- name: "systemd: Debug unit create results"
131 ansible.builtin.debug:
132 var: lp_systemd_unit_create_changes
133 when: lp_systemd_debug|bool
134 tags: lp_systemd_unit_create
135
136- name: "systemd: Remove units"
137 ansible.builtin.file:
138 state: absent
139 path: "{{ item.path|default(lp_systemd_unit_dir) }}/{{ item.name }}.{{ item.type|default(lp_systemd_unit_type) }}"
140 register: lp_systemd_unit_remove_changes
141 loop: "{{ lp_systemd_unit }}"
142 loop_control:
143 label: "{{ item.name }}.{{ item.type|default(lp_systemd_unit_type) }}"
144 when: item.state|default('noop') == 'absent'
145 tags: lp_systemd_unit_remove
146
147- name: "systemd: Debug unit remove results"
148 ansible.builtin.debug:
149 var: lp_systemd_unit_remove_changes
150 when: lp_systemd_debug|bool
151 tags: lp_systemd_unit_remove
152
153- name: "systemd: Control units"
154 ansible.builtin.systemd:
155 name: "{{ item.name }}.{{ item.type|default(lp_systemd_unit_type) }}"
156 daemon_reexec: "{{ item.control.daemon_reexec|default(omit) }}"
157 daemon_reload: "{{ item.control.daemon_reload|default(omit) }}"
158 enabled: "{{ item.control.enabled|default(omit) }}"
159 force: "{{ item.control.force|default(omit) }}"
160 masked: "{{ item.control.masked|default(omit) }}"
161 no_block: "{{ item.control.no_block|default(omit) }}"
162 scope: "{{ item.control.scope|default(omit) }}"
163 state: "{{ item.control.state|default(omit) }}"
164 register: lp_systemd_unit_control_changes
165 loop: "{{ lp_systemd_unit }}"
166 loop_control:
167 label: "{{ item.name }}.{{ item.type|default(lp_systemd_unit_type) }}"
168 when:
169 - item.control|default([])|length > 0
170 - not (item.name|regex_search('^(.*)@\.\w+$'))
171 tags: lp_systemd_unit_control
172
173- name: "systemd: Debug unit control results"
174 ansible.builtin.debug:
175 var: lp_systemd_unit_control_changes
176 when: lp_systemd_debug|bool
177 tags: lp_systemd_unit_control
178
179# EOF
180...
timesyncd.yml
Synopsis: Configure timesyncd.
Description of the task.
1---
2# linux_postinstall timesyncd
3
4- name: "timesyncd: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_timesyncd: {{ lp_timesyncd }}
9 lp_timesyncd_ntp: {{ lp_timesyncd_ntp }}
10 lp_timesyncd_fallbackntp: {{ lp_timesyncd_fallbackntp }}
11 lp_timesyncd_rootdistancemaxsec: {{ lp_timesyncd_rootdistancemaxsec }}
12 lp_timesyncd_pollintervalminsec: {{ lp_timesyncd_pollintervalminsec }}
13 lp_timesyncd_pollintervalmaxsec: {{ lp_timesyncd_pollintervalmaxsec }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16 when: lp_timesyncd_debug|bool
17 tags: lp_timesyncd_debug
18
19- name: "timesyncd: Configure /etc/systemd/timesyncd.conf"
20 ansible.builtin.template:
21 src: timesyncd.conf.j2
22 dest: /etc/systemd/timesyncd.conf
23 owner: root
24 group: root
25 mode: '0644'
26 backup: "{{ lp_backup_conf }}"
27 notify: restart timesyncd
28 tags: lp_timesyncd_conf
29
30- name: "timesyncd: Service {{ state }} and {{ enable }}"
31 ansible.builtin.service:
32 name: "{{ lp_timesyncd_service }}"
33 state: "{{ state }}"
34 enabled: "{{ enabled }}"
35 register: result
36 vars:
37 enabled: "{{ lp_timesyncd_enable|bool|d(false) }}"
38 state: "{{ lp_timesyncd_state|d(default_state) }}"
39 default_state: "{{ enabled|ternary('started', 'stopped') }}"
40 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
41 tags: lp_timesyncd_service
42
43- name: "timesyncd: Debug service"
44 ansible.builtin.debug:
45 var: result
46 when: lp_timesyncd_debug|bool
47 tags: lp_timesyncd_service
48
49# Notes on CentOS
50# * systemd compiled without timesyncd service in CentOS 7 ?
51# * use ntpd or chrony only ?
52# https://unix.stackexchange.com/questions/286708/
53# centos-7-2-minimal-time-synchronization-timedated-and-or-ntpd-chrony
54# https://www.freedesktop.org/wiki/Software/systemd/timedated/
55
56# EOF
57...
timezone.yml
Synopsis: Configure timezone.
Description of the task.
1---
2# linux_postinstall timezone
3
4- name: "timezone: Debug"
5 ansible.builtin.debug:
6 msg: "lp_timezone_zoneinfo: {{ lp_timezone_zoneinfo }}"
7 when: lp_timezone_debug|bool
8 tags: lp_timezone_debug
9
10- name: "timezone: Set timezone {{ lp_timezone_zoneinfo }}"
11 community.general.timezone:
12 name: "{{ lp_timezone_zoneinfo|default('UTC') }}"
13 tags: lp_timezone_set
14
15# EOF
16...
tlp.yml
Synopsis: Configure tlp.
Description of the task.
1---
2# linux_postinstall tlp
3
4- name: "tlp: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_tlp_enable: {{ lp_tlp_enable }}
9 lp_tlp_install: {{ lp_tlp_install }}
10 lp_tlp_packages:
11 {{ lp_tlp_packages|to_nice_yaml(indent=2)|indent(2) }}
12 lp_tlp_thinkpad: {{ lp_tlp_thinkpad }}
13 lp_tlp_packages_tp:
14 {{ lp_tlp_packages_tp|to_nice_yaml(indent=2)|indent(2) }}
15 lp_tlp_config_file: {{ lp_tlp_config_file }}
16 lp_tlp_config:
17 {{ lp_tlp_config|to_nice_yaml(indent=2)|indent(2) }}
18 lp_tlp_services:
19 {{ lp_tlp_services|to_nice_yaml(indent=2)|indent(2) }}
20 lp_tlp_restart_service: {{ lp_tlp_restart_service }}
21 lp_backup_conf: {{ lp_backup_conf }}
22 ansible.builtin.debug:
23 msg: "{{ '{}'.format(msg) }}"
24 when: lp_tlp_debug|bool
25 tags: lp_tlp_debug
26
27- name: "tlp: Install packages"
28 ansible.builtin.import_role:
29 name: vbotka.linux_lib
30 tasks_from: install_package.yml
31 when: lp_tlp_install|bool
32 vars:
33 ll_ipkg_list: "{{ lp_tlp_packages }}"
34 ll_ipkg_state: "{{ lp_package_state }}"
35 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
36 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
37 ll_debug: "{{ lp_tlp_debug|bool }}"
38 tags: lp_tlp_packages
39
40- name: "tlp: Install packages for ThinkPad"
41 ansible.builtin.import_role:
42 name: vbotka.linux_lib
43 tasks_from: install_package.yml
44 when: lp_tlp_thinkpad|bool
45 vars:
46 ll_ipkg_list: "{{ lp_tlp_packages_tp }}"
47 ll_ipkg_state: "{{ lp_package_state }}"
48 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
49 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
50 ll_debug: "{{ lp_tlp_debug|bool }}"
51 tags: lp_tlp_packages
52
53- name: "tlp: Configure {{ lp_tlp_config_file }}"
54 ansible.builtin.lineinfile:
55 dest: "{{ lp_tlp_config_file }}"
56 regexp: '^\s*{{ item.key }}\s*=\s*(.*)$'
57 line: "{{ item.key }}={{ item.value }}"
58 create: true
59 mode: '0644'
60 backup: "{{ lp_backup_conf }}"
61 loop: "{{ lp_tlp_config }}"
62 loop_control:
63 label: "{{ item.key }}: {{ item.value }}"
64 notify: restart tlp
65 tags: lp_tlp_conf
66
67- name: "tlp: Services start/stop and enable/disable"
68 ansible.builtin.service:
69 name: "{{ srv_name }}"
70 state: "{{ srv_stat }}"
71 enabled: "{{ srv_enbl }}"
72 loop: "{{ lp_tlp_services }}"
73 loop_control:
74 label: "{{ srv_name }} state: {{ srv_stat }} enabled: {{ srv_enbl }}"
75 vars:
76 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
77 srv_enbl: "{{ lookup('vars', 'lp_' ~ item ~ '_enable', default=false) }}"
78 srv_stat: "{{ lookup('vars', 'lp_' ~ item ~ '_state', default=default_stat) }}"
79 default_stat: "{{ srv_enbl|bool|ternary('started', 'stopped') }}"
80 tags: lp_tlp_service
81
82# EOF
83...
udev.yml
Synopsis: Configure udev.
Description of the task.
1---
2# linux_postinstall udev
3
4- name: "udev: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_udev_debug2: {{ lp_udev_debug2|d(false)|bool }}
9 lp_udev_enable: {{ lp_udev_enable }}
10 lp_udev_enable_module: {{ lp_udev_enable_module }}
11 lp_udev_service: {{ lp_udev_service }}
12 lp_udev_conf_file: {{ lp_udev_conf_file }}
13 lp_udev_conf:
14 {{ lp_udev_conf|to_yaml(indent=2)|indent(2) }}
15 lp_udev_rules_dir: {{ lp_udev_rules_dir }}
16 lp_udev_rules_template: {{ lp_udev_rules_template }}
17 lp_udev_rules:
18 {{ lp_udev_rules|to_yaml(indent=2)|indent(2) }}
19 lp_udev_persistent_net_template: {{ lp_udev_persistent_net_template }}
20 lp_udev_persistent_net_rules_file: {{ lp_udev_persistent_net_rules_file }}
21 lp_udev_persistent_net_rules:
22 {{ lp_udev_persistent_net_rules|to_nice_yaml(indent=2)|indent(2) }}
23 lp_udev_hci_name_rules_file: {{ lp_udev_hci_name_rules_file }}
24 lp_udev_hci_name_rules:
25 {{ lp_udev_hci_name_rules|to_nice_yaml(indent=2)|indent(2) }}
26 lp_udev_hci_run_rules_file: {{ lp_udev_hci_run_rules_file }}
27 lp_udev_hci_run_rules:
28 {{ lp_udev_hci_run_rules|to_nice_yaml(indent=2)|indent(2) }}
29 lp_backup_conf: {{ lp_backup_conf }}
30 ansible.builtin.debug:
31 msg: "{{ '{}'.format(msg) }}"
32 when: lp_udev_debug|bool
33 tags: lp_udev_debug
34
35- name: "udev: Configure {{ lp_udev_conf_file }}"
36 ansible.builtin.lineinfile:
37 dest: "{{ lp_udev_conf_file }}"
38 regexp: '^\s*{{ item.key }}\s*=(.*)$'
39 line: "{{ item.key }}={{ item.val }}"
40 backup: "{{ lp_backup_conf }}"
41 loop: "{{ lp_udev_conf }}"
42 notify: update initrd
43
44- name: "udev: Configure {{ lp_udev_rules_dir }}"
45 ansible.builtin.template:
46 src: "{{ lp_udev_rules_template }}"
47 dest: "{{ lp_udev_rules_dir }}/{{ item.key }}"
48 owner: root
49 group: root
50 mode: '0644'
51 backup: "{{ lp_backup_conf }}"
52 loop: "{{ lp_udev_rules|dict2items }}"
53 loop_control:
54 label: "{{ item.key }}"
55 notify: reload udev
56 tags: lp_udev_rules
57
58 # > > > Deprecated, use lp_udev_rules instead - - - - - - - - - - - - - - - - - -
59
60- name: "udev: Configure {{ lp_udev_rules_dir }}/
61 {{ lp_udev_persistent_net_rules_file }}"
62 ansible.builtin.template:
63 src: "{{ lp_udev_persistent_net_template }}"
64 dest: "{{ lp_udev_rules_dir }}/{{ lp_udev_persistent_net_rules_file }}"
65 owner: root
66 group: root
67 mode: '0644'
68 backup: "{{ lp_backup_conf }}"
69 loop: "{{ lp_udev_persistent_net_rules }}"
70 notify: reload udev
71 tags: lp_udev_persistentnet
72
73- name: "udev: Configure {{ lp_udev_rules_dir }}/
74 {{ lp_udev_hci_name_rules_file }}"
75 ansible.builtin.template:
76 src: hci-name.rules.j2
77 dest: "{{ lp_udev_rules_dir }}/{{ lp_udev_hci_name_rules_file }}"
78 owner: root
79 group: root
80 mode: '0644'
81 backup: "{{ lp_backup_conf }}"
82 loop: "{{ lp_udev_hci_name_rules }}"
83 notify: reload udev
84 tags: lp_udev_hciname
85
86- name: "udev: Configure {{ lp_udev_rules_dir }}/
87 {{ lp_udev_hci_run_rules_file }}"
88 ansible.builtin.template:
89 src: hci-run.rules.j2
90 dest: "{{ lp_udev_rules_dir }}/{{ lp_udev_hci_run_rules_file }}"
91 owner: root
92 group: root
93 mode: '0644'
94 backup: "{{ lp_backup_conf }}"
95 loop: "{{ lp_udev_hci_run_rules }}"
96 notify: reload udev
97 tags: lp_udev_hcirun
98
99 # - - - - - - - - - - - - - - - - - - Deprecated, use lp_udev_rules instead < < <
100
101 # Service
102
103 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
104 # NOTE: ansible.builtin.service not idempotent when 'enabled: true'
105 # SEE: https://github.com/ansible/ansible/issues/75542
106 # systemd module reports changed every time disabling a service
107 # that is enabled-runtime #75542
108 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
109
110- name: "udev: Debug ansible_facts.services"
111 block:
112 - name: "udev: Get ansible_facts.services"
113 ansible.builtin.service_facts:
114 - name: "udev: Debug ansible_facts.services"
115 ansible.builtin.debug:
116 var: ansible_facts.services
117 when: lp_udev_debug2|d(false)|bool
118
119- name: "udev: Start and enable udev"
120 block:
121
122 - name: "udev: Start and enable udev (sysvinit)"
123 ansible.builtin.sysvinit:
124 name: "{{ lp_udev_service }}"
125 state: started
126 enabled: true
127 register: result
128 when: lp_udev_enable_module == 'sysvinit'
129
130 - name: "udev: Start and enable udev (systemd)"
131 ansible.builtin.systemd:
132 name: "{{ lp_udev_service }}"
133 state: started
134 enabled: true
135 register: result
136 when: lp_udev_enable_module == 'systemd'
137
138 - name: "udev: Start and enable udev (service)"
139 ansible.builtin.service:
140 name: "{{ lp_udev_service }}"
141 state: started
142 enabled: true
143 register: result
144 when: lp_udev_enable_module == 'service'
145
146 - name: "udev: Debug result"
147 ansible.builtin.debug:
148 var: result
149 when: lp_udev_debug2|d(false)|bool
150
151 when: lp_udev_enable|bool
152 tags: lp_udev_service
153
154- name: "udev: Stop and disable udev"
155 block:
156
157 - name: "udev: Stop and disable udev"
158 ansible.builtin.service:
159 name: "{{ lp_udev_service }}"
160 state: stopped
161 enabled: false
162 register: result
163
164 - name: "udev: Debug result"
165 ansible.builtin.debug:
166 var: result
167 when: lp_udev_debug2|d(false)|bool
168
169 when: not lp_udev_enable|bool
170 tags: lp_udev_service
171
172
173# EOF
174...
ufw.yml
Synopsis: Configure ufw.
Description of the task.
1---
2# linux_postinstall ufw
3
4# Notes
5#
6# 1.Aliases of parameters in ufw module not implemented in task
7# "Configure ufw".
8# 2.It's not necessary to reload ufw after configuration has
9# changed. Module ufw automatically updates the rules.
10# 3.Best practice: First time 'lp_ufw_reset: true'; configure and enable
11# ufs (configuration item {state: 'enabled'} reloads firewall and
12# enables firewall on boot); 'lp_ufw_enable: true' start and enable ufw
13# service.
14# 4.Configuration on the fly: configure and enable ufs.
15# 5.The last configuration item should be {state: 'enabled'}.
16# 6.ufw is not starting on boot despite ENABLED=yes in /etc/ufw/ufw.conf
17# See: How do I get ufw to start on boot?
18# https://askubuntu.com/questions/1040539/how-do-i-get-ufw-to-start-on-boot
19# 7.See: man ufw.
20
21- name: "ufw: Debug"
22 vars:
23 msg: |-
24 ansible_os_family: {{ ansible_os_family }}
25 lp_ufw_install: {{ lp_ufw_install }}
26 lp_ufw_enable: {{ lp_ufw_enable }}
27 lp_ufw_reset: {{ lp_ufw_reset }}
28 lp_ufw_reload: {{ lp_ufw_reload }}
29 lp_ufw_packages:
30 {{ lp_ufw_packages|to_nice_yaml(indent=2)|indent(2) }}
31 lp_ufw_default:
32 {{ lp_ufw_default|to_yaml(indent=2)|indent(2) }}
33 lp_ufw_sysctl:
34 {{ lp_ufw_sysctl|to_yaml(indent=2)|indent(2) }}
35 lp_ufw_blocks:
36 {{ lp_ufw_blocks|to_nice_yaml(indent=2)|indent(2) }}
37 lp_ufw_conf:
38 {{ lp_ufw_conf|to_yaml(indent=2)|indent(2) }}
39 lp_ufw_service_conf:
40 {{ lp_ufw_service_conf|to_yaml(indent=2)|indent(2) }}
41 lp_backup_conf: {{ lp_backup_conf }}
42 ansible.builtin.debug:
43 msg: "{{ '{}'.format(msg) }}"
44 when: lp_ufw_debug|bool
45 tags: lp_ufw_debug
46
47- name: "ufw: Install packages"
48 ansible.builtin.import_role:
49 name: vbotka.linux_lib
50 tasks_from: install_package.yml
51 when: lp_ufw_install|bool
52 vars:
53 ll_ipkg_list: "{{ lp_ufw_packages }}"
54 ll_ipkg_state: "{{ lp_package_state }}"
55 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
56 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
57 ll_debug: "{{ lp_ufw_debug|bool }}"
58 tags: lp_ufw_packages
59
60- name: "ufw: Disable and reset firewall to installation defaults"
61 community.general.ufw:
62 state: reset
63 when: lp_ufw_reset|bool
64 tags: lp_ufw_reset
65
66- name: "ufw: Reload firewall"
67 community.general.ufw:
68 state: reloaded
69 when: lp_ufw_reload|bool
70 tags: lp_ufw_reload
71
72- name: "ufw: Configure /etc/default/ufw"
73 ansible.builtin.lineinfile:
74 path: /etc/default/ufw
75 regexp: '^\s*{{ item.key }}\s*=(.*)$'
76 line: '{{ item.key }}={{ item.val }}'
77 backup: "{{ lp_backup_conf }}"
78 loop: "{{ lp_ufw_default }}"
79 loop_control:
80 label: "{{ item.key }}: {{ item.val }}"
81 notify: reload ufw
82 tags: lp_ufw_defaults
83
84- name: "ufw: Configure /etc/ufw/sysctl.conf"
85 ansible.builtin.lineinfile:
86 path: /etc/ufw/sysctl.conf
87 regexp: '^\s*{{ item.key }}\s*=(.*)$'
88 line: '{{ item.key }}={{ item.val }}'
89 backup: "{{ lp_backup_conf }}"
90 loop: "{{ lp_ufw_sysctl }}"
91 loop_control:
92 label: "{{ item.key }}: {{ item.val }}"
93 notify: reload ufw
94 tags: lp_ufw_defaults
95
96- name: "ufw: Configure blocks"
97 ansible.builtin.blockinfile:
98 path: "/etc/ufw/{{ item.0.key }}"
99 marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.1.mark }}"
100 block: "{{ item.1.block }}"
101 insertbefore: "{{ item.1.insertbefore|default(omit) }}"
102 insertafter: "{{ item.1.insertafter|default(omit) }}"
103 backup: "{{ lp_backup_conf }}"
104 loop: "{{ lp_ufw_blocks|dict2items|subelements('value') }}"
105 loop_control:
106 label: "{{ item.0.key }} {{ item.1.mark }}"
107 notify: reload ufw
108 tags: lp_ufw_defaults
109
110- name: "ufw: Configure ufw"
111 community.general.ufw:
112 comment: "{{ item.comment|default(omit) }}"
113 default: "{{ item.default|default(omit) }}"
114 delete: "{{ item.delete|default(omit) }}"
115 direction: "{{ item.direction|default(omit) }}"
116 from_ip: "{{ item.from_ip|default(omit) }}"
117 from_port: "{{ item.from_port|default(omit) }}"
118 insert: "{{ item.insert|default(omit) }}"
119 insert_relative_to: "{{ item.insert_relative_to|default(omit) }}"
120 interface: "{{ item.interface|default(omit) }}"
121 log: "{{ item.log|default(omit) }}"
122 logging: "{{ item.logging|default(omit) }}"
123 name: "{{ item.name|default(omit) }}"
124 proto: "{{ item.proto|default(omit) }}"
125 route: "{{ item.route|default(omit) }}"
126 rule: "{{ item.rule|default(omit) }}"
127 state: "{{ item.state|default(omit) }}"
128 to_ip: "{{ item.to_ip|default(omit) }}"
129 to_port: "{{ item.to_port|default(omit) }}"
130 loop: "{{ lp_ufw_conf }}"
131 loop_control:
132 label: "{{ item.comment|default('no comment') }}"
133 tags: lp_ufw_conf
134
135- name: "ufw: Configure service"
136 community.general.ini_file:
137 path: "{{ item.0.path }}"
138 owner: "{{ item.0.owner|default(omit) }}"
139 group: "{{ item.0.group|default(omit) }}"
140 mode: "{{ item.0.mode|default(omit) }}"
141 create: "{{ item.0.create|default(omit) }}"
142 no_extra_spaces: "{{ item.0.no_extra_spaces|default(omit) }}"
143 section: "{{ item.1.section }}"
144 state: "{{ item.1.state|default(omit) }}"
145 option: "{{ item.1.option|default(omit) }}"
146 value: "{{ item.1.value|default(omit) }}"
147 backup: "{{ lp_backup_conf }}"
148 loop: "{{ lp_ufw_service_conf|subelements('ini', {'skip_missing': True}) }}"
149 loop_control:
150 label: "{{ item.0.path }}
151 {{ item.1.section|default('none') }}
152 {{ item.1.option|default('none') }}
153 {{ item.1.value|default('none') }}
154 {{ item.1.state|default('none') }}"
155 notify: "{{ item.0.handlers|default(omit) }}"
156 tags: lp_ufw_service_conf
157
158- name: "ufw: Service {{ state }} and {{ enable }}"
159 ansible.builtin.service:
160 name: "{{ lp_ufw_service }}"
161 state: "{{ state }}"
162 enabled: "{{ enabled }}"
163 register: result
164 vars:
165 enabled: "{{ lp_ufw_enable|bool|d(false) }}"
166 state: "{{ lp_ufw_state|d(default_state) }}"
167 default_state: "{{ enabled|ternary('started', 'stopped') }}"
168 enable: "{{ enabled|ternary('enabled', 'disabled') }}"
169 tags: lp_ufw_service
170
171- name: "ufw: Debug service"
172 ansible.builtin.debug:
173 var: result
174 when: lp_ufw_debug|bool
175 tags: lp_ufw_service
176
177# EOF
178...
users.yml
Synopsis: Configure users.
Description of the task.
1---
2# linux_postinstall users
3
4- name: "users: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_users_nolog: {{ lp_users_nolog }}
9 lp_users:
10 {{ lp_users|to_nice_yaml(indent=2)|indent(2) }}
11 lp_users_groups:
12 {{ lp_users_groups|to_nice_yaml(indent=2)|indent(2) }}
13 ansible.builtin.debug:
14 msg: "{{ '{}'.format(msg) }}"
15 when: lp_users_debug|bool
16 tags: lp_users_debug
17
18- name: "users: Manage user accounts"
19 ansible.builtin.user:
20 name: "{{ item.name }}"
21 authorization: "{{ item.authorization|default(omit) }}"
22 comment: "{{ item.comment|default(omit) }}"
23 create_home: "{{ item.create_home|default(omit) }}"
24 expires: "{{ item.expires|default(omit) }}"
25 force: "{{ item.force|default(omit) }}"
26 generate_ssh_key: "{{ item.generate_ssh_key|default(omit) }}"
27 group: "{{ item.group|default(omit) }}"
28 hidden: "{{ item.hidden|default(omit) }}"
29 home: "{{ item.home|default(omit) }}"
30 local: "{{ item.local|default(omit) }}"
31 login_class: "{{ item.login_class|default(omit) }}"
32 move_home: "{{ item.move_home|default(omit) }}"
33 non_unique: "{{ item.non_unique|default(omit) }}"
34 password: "{{ item.password|default(omit) }}"
35 password_lock: "{{ item.password_lock|default(omit) }}"
36 profile: "{{ item.profile|default(omit) }}"
37 remove: "{{ item.remove|default(omit) }}"
38 role: "{{ item.role|default(omit) }}"
39 seuser: "{{ item.seuser|default(omit) }}"
40 shell: "{{ item.shell|default(omit) }}"
41 skeleton: "{{ item.skeleton|default(omit) }}"
42 ssh_key_bits: "{{ item.ssh_key_bits|default(omit) }}"
43 ssh_key_comment: "{{ item.ssh_key_comment|default(omit) }}"
44 ssh_key_file: "{{ item.ssh_key_file|default(omit) }}"
45 ssh_key_passphrase: "{{ item.ssh_key_passphrase|default(omit) }}"
46 ssh_key_type: "{{ item.ssh_key_type|default(omit) }}"
47 state: "{{ item.state|default(omit) }}"
48 system: "{{ item.system|default(omit) }}"
49 uid: "{{ item.uid|default(omit) }}"
50 update_password: "{{ item.update_password|default(omit) }}"
51 loop: "{{ lp_users }}"
52 loop_control:
53 label: "{{ item.name }}"
54 no_log: "{{ lp_users_nolog|bool }}"
55 tags: lp_users_accounts
56
57- name: "users: Add users to additional groups"
58 ansible.builtin.user:
59 name: "{{ item.name }}"
60 groups: "{{ item.groups }}"
61 append: "{{ item.append|default(true) }}"
62 loop: "{{ lp_users_groups }}"
63 loop_control:
64 label: "{{ item.name }}: {{ item.groups }}"
65 tags: lp_users_groups
66
67# EOF
68...
vars_firstfound.yml
Synopsis: Configure vars_firstfound.
Description of the task.
1---
2# linux_postinstall vars_firstfound
3
4- name: "vars_firstfound: Include default vars for
5 [{{ ansible_distribution_release }},
6 {{ ansible_distribution }},
7 {{ ansible_os_family }}]"
8 ansible.builtin.include_vars: "{{ file }}"
9# register: result
10 vars:
11 file: "{{ lookup('first_found', params) }}"
12 params:
13 skip: "{{ lp_vars_distro_firstfound_skip|bool }}"
14 files:
15 - "{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml"
16 - "{{ ansible_distribution }}.yml"
17 - "{{ ansible_os_family }}.yml"
18 - default.yml
19 - defaults.yml
20 paths:
21 - "{{ role_path }}/vars/defaults"
22
23# Note: skip doesn't work with first_found lookup #43833
24# https://github.com/ansible/ansible/issues/43833
25# workaround: Create empty defaults.yml
26
27# - name: "vars_firstfound: Debug include default vars from"
28# ansible.builtin.debug:
29# var: result.ansible_included_var_files
30# when: lp_debug|bool
31
32- name: "vars_firstfound: Include custom vars for
33 [{{ ansible_distribution_release }},
34 {{ ansible_distribution }},
35 {{ ansible_os_family }}]"
36# register: result
37 ansible.builtin.include_vars: "{{ file }}"
38 vars:
39 file: "{{ lookup('first_found', params) }}"
40 params:
41 skip: "{{ lp_vars_distro_firstfound_skip|bool }}"
42 files:
43 - "{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml"
44 - "{{ ansible_distribution }}.yml"
45 - "{{ ansible_os_family }}.yml"
46 - default.yml
47 - defaults.yml
48 paths:
49 - "{{ role_path }}/vars"
50
51# Note: skip doesn't work with first_found lookup #43833
52# https://github.com/ansible/ansible/issues/43833
53# workaround: Create empty defaults.yml
54
55# - name: "vars_firstfound: Debug include custom vars from"
56# ansible.builtin.debug:
57# var: result.ansible_included_var_files
58# when: lp_debug|bool
59
60# EOF
61...
vars_incremental.yml
Synopsis: Configure vars_incremental.
Description of the task.
1---
2# linux_postinstall vars_incremental
3
4- name: "vars_incemental: Include default vars for
5 [{{ ansible_os_family }},
6 {{ ansible_distribution }},
7 {{ ansible_distribution_release }}]"
8 ansible.builtin.include_vars: "{{ item }}"
9 register: result
10 loop:
11 - "{{ my_path }}/defaults.yml"
12 - "{{ my_path }}/default.yml"
13 - "{{ my_path }}/{{ ansible_os_family }}.yml"
14 - "{{ my_path }}/{{ ansible_distribution }}.yml"
15 - "{{ my_path }}/{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml"
16 when: item is exists
17 vars:
18 my_path: "{{ role_path }}/vars/defaults.incr"
19
20- name: "vars_incemental: Debug include default vars"
21 ansible.builtin.debug:
22 var: result
23 when: lp_debug2|d(false)|bool
24
25- name: "vars_incemental: Include custom vars for
26 [{{ ansible_os_family }},
27 {{ ansible_distribution }},
28 {{ ansible_distribution_release }}]"
29 ansible.builtin.include_vars: "{{ item }}"
30 register: result
31 loop:
32 - "{{ my_path }}/defaults.yml"
33 - "{{ my_path }}/default.yml"
34 - "{{ my_path }}/{{ ansible_os_family }}.yml"
35 - "{{ my_path }}/{{ ansible_distribution }}.yml"
36 - "{{ my_path }}/{{ ansible_distribution }}-{{ ansible_distribution_release }}.yml"
37 when: item is exists
38 vars:
39 my_path: "{{ role_path }}/vars"
40
41- name: "vars_incemental: Debug include custom vars"
42 ansible.builtin.debug:
43 var: result
44 when: lp_debug2|d(false)|bool
45
46# EOF
47...
vars.yml
Synopsis: Configure vars.
Description of the task.
1---
2# linux_postinstall vars
3
4- name: "vars: Include firstfound default vars"
5 ansible.builtin.include_tasks: vars_firstfound.yml
6 when: lp_vars_distro == 'firstfound'
7
8- name: "vars: Include incremental default vars"
9 ansible.builtin.include_tasks: vars_incremental.yml
10 when: lp_vars_distro == 'incremental'
11
12- name: "vars: Include firstfound default vars for various flavors"
13 ansible.builtin.include_tasks: sub/vars_flavors.yml
14 when: lp_flavors_enable|bool
15
16# TODO "vars: Include incremental default vars for various flavors"
17
18# EOF
19...
virtualbox.yml
Synopsis: Configure virtualbox.
Description of the task.
1---
2# linux_postinstall virtualbox
3
4- name: "virtualbox: Debug"
5 vars:
6 msg: |-
7 ansible_lsb.description: {{ ansible_lsb.codename }}
8 lp_virtualbox: {{ lp_virtualbox }}
9 lp_virtualbox_ignore_errors: {{ lp_virtualbox_ignore_errors }}
10 lp_virtualbox_keys: {{ lp_virtualbox_keys }}
11 lp_virtualbox_repos: {{ lp_virtualbox_repos }}
12 lp_virtualbox_packages:
13 {{ lp_virtualbox_packages|to_nice_yaml(indent=2)|indent(2) }}
14 lp_virtualbox_services:
15 {{ lp_virtualbox_services|to_nice_yaml(indent=2)|indent(2) }}
16 ansible.builtin.debug:
17 msg: "{{ '{}'.format(msg) }}"
18 when: lp_virtualbox_debug|bool
19 tags: lp_virtualbox_debug
20
21# TODO: assert lp_virtualbox_modules are loaded
22# when: lp_virtualbox|bool
23
24- name: "virtualbox: Add signing key of VirtualBox"
25 ansible.builtin.apt_key:
26 url: "{{ item }}"
27 state: present
28 loop: "{{ lp_virtualbox_keys }}"
29 register: result
30 retries: "{{ lp_install_retries }}"
31 until: result is succeeded
32 delay: "{{ lp_install_delay }}"
33 ignore_errors: "{{ lp_virtualbox_ignore_errors }}" # noqa ignore-errors
34 tags: lp_virtualbox_keys
35
36- name: "virtualbox: Add repository of VirtualBox"
37 ansible.builtin.apt_repository:
38 repo: "{{ item }}"
39 state: present
40 loop: "{{ lp_virtualbox_repos }}"
41 ignore_errors: "{{ lp_virtualbox_ignore_errors }}" # noqa ignore-errors
42 tags: lp_virtualbox_repos
43
44- name: "virtualbox: Install VirtualBox packages"
45 ansible.builtin.import_role:
46 name: vbotka.linux_lib
47 tasks_from: install_package.yml
48 when: lp_virtualbox_install|bool
49 vars:
50 ll_ipkg_list: "{{ lp_virtualbox_packages }}"
51 ll_ipkg_state: "{{ lp_package_state }}"
52 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
53 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
54 ll_debug: "{{ lp_virtualboxool_debug|bool }}"
55 ignore_errors: "{{ lp_virtualbox_ignore_errors }}" # noqa ignore-errors
56 tags: lp_virtualbox_packages
57
58- name: "virtualbox: Services start/stop and enable/disable"
59 ansible.builtin.service:
60 name: "{{ srv_name }}"
61 state: "{{ srv_stat }}"
62 enabled: "{{ srv_enbl }}"
63 loop: "{{ lp_virtualbox_services }}"
64 loop_control:
65 label: "{{ srv_name }} state: {{ srv_stat }} enabled: {{ srv_enbl }}"
66 vars:
67 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
68 srv_enbl: "{{ lookup('vars', 'lp_' ~ item ~ '_enable', default=false) }}"
69 srv_stat: "{{ lookup('vars', 'lp_' ~ item ~ '_state', default=default_stat) }}"
70 default_stat: "{{ srv_enbl|bool|ternary('started', 'stopped') }}"
71 tags: lp_virtualbox_service
72
73# EOF
74...
wpagui.yml
Synopsis: Configure wpagui.
Description of the task.
1---
2# linux_postinstall wpa_gui
3
4# Note: Disable NetworkManager before installing wpagui
5#
6# Example:
7#
8# lp_nm: true
9# lp_nm_install: false
10# lp_nm_enable: false
11# lp_nm_conf:
12# - {key: managed, val: 'false'}
13# lp_nm_mask: true
14
15- name: "wpagui: Debug"
16 vars:
17 msg: |-
18 ansible_os_family: {{ ansible_os_family }}
19 lp_wpagui_install: {{ lp_wpagui_install }}
20 lp_wpagui_packages:
21 {{ lp_wpagui_packages|to_nice_yaml(indent=2)|indent(2) }}
22 ansible.builtin.debug:
23 msg: "{{ '{}'.format(msg) }}"
24 when: lp_wpagui_debug|bool
25 tags: lp_wpagui_debug
26
27- name: "wpagui: Install packages"
28 ansible.builtin.import_role:
29 name: vbotka.linux_lib
30 tasks_from: install_package.yml
31 when: lp_wpagui_install|bool
32 vars:
33 ll_ipkg_list: "{{ lp_wpagui_packages }}"
34 ll_ipkg_state: "{{ lp_package_state }}"
35 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
36 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
37 ll_debug: "{{ lp_wpagui_debug|bool }}"
38 tags: lp_wpagui_packages
39
40# EOF
41...
wpasupplicant.yml
Synopsis: Configure wpasupplicant.
Description of the task.
1---
2# linux_postinstall wpasupplicant
3
4- name: "wpasupplicant: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_package_state: {{ lp_package_state }}
9 lp_wpasupplicant_install: {{ lp_wpasupplicant_install }}
10 lp_wpasupplicant_packages:
11 {{ lp_wpasupplicant_packages|to_nice_yaml(indent=2)|indent(2) }}
12 lp_wpasupplicant_bin: {{ lp_wpasupplicant_bin }}
13 lp_wpasupplicant_conf_only: {{ lp_wpasupplicant_conf_only }}
14 lp_wpasupplicant_conf_dir: {{ lp_wpasupplicant_conf_dir }}
15 lp_wpasupplicant_conf_owner: {{ lp_wpasupplicant_conf_owner }}
16 lp_wpasupplicant_conf_group: {{ lp_wpasupplicant_conf_group }}
17 lp_wpasupplicant_conf_mode: {{ lp_wpasupplicant_conf_mode }}
18 lp_wpasupplicant_conf_ctrl_interface: {{ lp_wpasupplicant_conf_ctrl_interface }}
19 lp_wpasupplicant_conf_global:
20 {{ lp_wpasupplicant_conf_global|to_yaml(indent=2)|indent(2) }}
21 lp_wpa_action_script: {{ lp_wpa_action_script }}
22 lp_wpa_action_script_dir: {{ lp_wpa_action_script_dir }}
23 lp_wpa_action_script_dir_owner: {{ lp_wpa_action_script_dir_owner }}
24 lp_wpa_action_script_dir_group: {{ lp_wpa_action_script_dir_group }}
25 lp_wpa_action_script_dir_mode: {{ lp_wpa_action_script_dir_mode }}
26 lp_wpa_action_script_file: {{ lp_wpa_action_script_file }}
27 lp_wpa_action_script_owner: {{ lp_wpa_action_script_owner }}
28 lp_wpa_action_script_group: {{ lp_wpa_action_script_group }}
29 lp_wpa_action_script_mode: {{ lp_wpa_action_script_mode }}
30 lp_wpa_action_script_dhclient: {{ lp_wpa_action_script_dhclient }}
31 lp_wpa_action_script_pidfile: {{ lp_wpa_action_script_pidfile }}
32 lp_wpa_action_script_options_connect: {{ lp_wpa_action_script_options_connect }}
33 lp_wpa_action_script_options_disconnect: {{ lp_wpa_action_script_options_disconnect }}
34 lp_wpa_action_script_logfile: {{ lp_wpa_action_script_logfile }}
35 lp_wpasupplicant_service_conf:
36 {{ lp_wpasupplicant_service_conf|to_yaml(indent=2)|indent(2) }}
37 {% if lp_wpasupplicant_debug_classified|bool %}
38 lp_wpasupplicant_conf:
39 {{ lp_wpasupplicant_conf|to_yaml(indent=2)|indent(2) }}
40 {% endif %}
41 lp_backup_conf: {{ lp_backup_conf }}
42 ansible.builtin.debug:
43 msg: "{{ '{}'.format(msg) }}"
44 when: lp_wpasupplicant_debug|bool
45 tags: lp_wpasupplicant_debug
46
47# Packages
48- name: "wpasupplicant: Install packages"
49 ansible.builtin.import_role:
50 name: vbotka.linux_lib
51 tasks_from: install_package.yml
52 when: lp_wpasupplicant_install|bool
53 vars:
54 ll_ipkg_list: "{{ lp_wpasupplicant_packages }}"
55 ll_ipkg_state: "{{ lp_package_state }}"
56 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
57 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
58 ll_debug: "{{ lp_wpasupplicant_debug|bool }}"
59 tags: lp_wpasupplicant_packages
60
61# Action script for wpa_cli
62- name: "wpasupplicant: Create dir {{ lp_wpa_action_script_dir }}"
63 ansible.builtin.file:
64 state: directory
65 path: "{{ lp_wpa_action_script_dir }}"
66 owner: "{{ lp_wpa_action_script_dir_owner }}"
67 group: "{{ lp_wpa_action_script_dir_group }}"
68 mode: "{{ lp_wpa_action_script_dir_mode }}"
69 when: lp_wpa_action_script|bool
70 tags: lp_wpa_action_script_dir
71
72- name: "wpasupplicant: Create script {{ lp_wpa_action_script_file }}"
73 ansible.builtin.template:
74 src: wpa_action.sh.j2
75 dest: "{{ lp_wpa_action_script_file }}"
76 owner: "{{ lp_wpa_action_script_owner }}"
77 group: "{{ lp_wpa_action_script_group }}"
78 mode: "{{ lp_wpa_action_script_mode }}"
79 backup: "{{ lp_backup_conf }}"
80 when: lp_wpa_action_script|bool
81 tags: lp_wpa_action_script
82
83# Conf
84- name: "wpasupplicant: Create wpasupplicant configuration"
85 ansible.builtin.template:
86 src: wpa_supplicant.conf.j2
87 dest: "{{ lp_wpasupplicant_conf_dir }}/{{ my_filename }}"
88 owner: "{{ lp_wpasupplicant_conf_owner }}"
89 group: "{{ lp_wpasupplicant_conf_group }}"
90 mode: "{{ lp_wpasupplicant_conf_mode }}"
91 backup: "{{ lp_backup_conf }}"
92 register: lp_wpasupplicant_conf_changes
93 notify: reconfigure wpa_supplicant
94 loop: "{{ lp_wpasupplicant_conf }}"
95 loop_control:
96 label: "{{ my_filename }}"
97 no_log: "{{ not lp_wpasupplicant_debug_classified }}"
98 vars:
99 my_filename: "{{ lp_wpasupplicant_conf_file[item.type|default('default')] }}"
100 tags: lp_wpasupplicant_conf
101
102- name: "wpasupplicant: Debug: Create wpasupplicant configuration"
103 ansible.builtin.debug:
104 var: lp_wpasupplicant_conf_changes
105 when: lp_wpasupplicant_debug_classified|bool
106 tags: lp_wpasupplicant_conf
107
108# Service
109- name: "wpasupplicant: Configure wpa_supplicant services"
110 community.general.ini_file:
111 path: "{{ item.0.path }}/{{ item.0.service }}"
112 owner: "{{ item.0.owner|default(omit) }}"
113 group: "{{ item.0.group|default(omit) }}"
114 mode: "{{ item.0.mode|default(omit) }}"
115 create: "{{ item.0.create|default(omit) }}"
116 no_extra_spaces: "{{ item.0.no_extra_spaces|default(omit) }}"
117 section: "{{ item.1.section }}"
118 state: "{{ item.1.state|default(omit) }}"
119 option: "{{ item.1.option|default(omit) }}"
120 value: "{{ item.1.value|default(omit) }}"
121 backup: "{{ lp_backup_conf }}"
122 register: lp_wpasupplicant_service_conf_changes
123 notify: "{{ item.0.handlers|default(omit) }}" # TODO: see handlers
124 loop: "{{ lp_wpasupplicant_service_conf|subelements('ini', {'skip_missing': True}) }}"
125 loop_control:
126 label: "{{ item.0.path }}/{{ item.0.service }}"
127 tags: lp_wpasupplicant_service_conf
128
129- name: "wpasupplicant: Debug: Configure wpasupplicant services"
130 ansible.builtin.debug:
131 var: lp_wpasupplicant_service_conf_changes
132 when: lp_wpasupplicant_debug|bool
133 tags: lp_wpasupplicant_service_conf
134
135- name: "wpasupplicant: Manage wpa_supplicant services"
136 ansible.builtin.service:
137 name: "{{ my_service }}"
138 state: "{{ item.state|default('started') }}"
139 enabled: "{{ item.enabled|default(true) }}"
140 arguments: "{{ item.arguments|default(omit) }}"
141 pattern: "{{ item.pattern|default(omit) }}"
142 runlevel: "{{ item.runlevel|default(omit) }}"
143 sleep: "{{ item.sleep|default(omit) }}"
144 use: "{{ item.use|default(omit) }}"
145 register: lp_wpasupplicant_service_changes
146 loop: "{{ lp_wpasupplicant_conf }}"
147 loop_control:
148 label: "{{ my_service }}"
149 vars:
150 my_dev: "{{ item.dev }}"
151 my_service: "{{ lp_wpasupplicant_service[item.type|default('default')] }}"
152 tags: lp_wpasupplicant_service
153
154- name: "wpasupplicant: Debug: Manage wpa_supplicant services"
155 ansible.builtin.debug:
156 var: lp_wpasupplicant_service_changes
157 when: lp_wpasupplicant_debug_classified|bool
158 tags: lp_wpasupplicant_service
159
160# EOF
161...
xen.yml
Synopsis: Configure xen.
Description of the task.
1---
2# linux_postinstall xen
3
4- name: "xen: Debug"
5 vars:
6 msg: |-
7 ansible_os_family: {{ ansible_os_family }}
8 lp_xen_packages:
9 {{ lp_xen_packages|to_nice_yaml(indent=2)|indent(2) }}
10 lp_xen_dom0_mem:
11 {{ lp_xen_dom0_mem|to_nice_yaml(indent=2)|indent(2) }}
12 lp_xen_default_grub_conf:
13 {{ lp_xen_default_grub_conf|to_nice_yaml(indent=2)|indent(2) }}
14 lp_xen_global:
15 {{ lp_xen_global|to_nice_yaml(indent=2)|indent(2) }}
16 lp_backup_conf: {{ lp_backup_conf }}
17 ansible.builtin.debug:
18 msg: "{{ '{}'.format(msg) }}"
19 when: lp_xen_debug|bool
20 tags: lp_xen_debug
21
22- name: "xen: Install packages"
23 ansible.builtin.import_role:
24 name: vbotka.linux_lib
25 tasks_from: install_package.yml
26 when: lp_xen_install|bool
27 vars:
28 ll_ipkg_list: "{{ lp_xen_packages }}"
29 ll_ipkg_state: "{{ lp_package_state }}"
30 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
31 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
32 ll_debug: "{{ lp_xen_debug|bool }}"
33 tags: lp_xen_packages
34
35- name: "xen: Configure /etc/default/grub"
36 ansible.builtin.lineinfile:
37 dest: /etc/default/grub
38 regexp: '^\s*{{ item.key }}\s*=\s*(.*)$'
39 line: "{{ item.key }}={{ item.value }}"
40 backup: "{{ lp_backup_conf }}"
41 loop: "{{ lp_xen_default_grub_conf }}"
42 loop_control:
43 label: "{{ item.key }}: {{ item.value }}"
44 notify: update grub
45 tags: lp_xen_default_grub
46
47- name: "xen: Configure /etc/xen/xl.conf"
48 ansible.builtin.lineinfile:
49 dest: /etc/xen/xl.conf
50 regexp: '^\s*{{ item.var }}\s*=\s*(.*)$'
51 line: "{{ item.var }}={{ item.value }}"
52 backup: "{{ lp_backup_conf }}"
53 create: true
54 mode: "0644"
55 loop: "{{ lp_xen_global }}"
56 loop_control:
57 label: "{{ item.var }}: {{ item.value }}"
58 tags: lp_xen_global
59
60# EOF
61...
xorg.yml
Synopsis: Configure xorg.
Description of the task.
1---
2# linux_postinstall xorg
3
4- name: "xorg: Debug"
5 vars:
6 msg: |-
7 lp_xorg_conf:
8 {{ lp_xorg_conf|to_yaml(indent=2)|indent(2) }}
9 ansible.builtin.debug:
10 msg: "{{ '{}'.format(msg) }}"
11 when: lp_xorg_debug|bool
12 tags: lp_xorg_debug
13
14- name: "xorg: Configure {{ lp_xorg_conf_dir }}"
15 ansible.builtin.template:
16 src: xorg.conf.j2
17 dest: "{{ lp_xorg_conf_dir }}/{{ item.file }}"
18 backup: "{{ lp_backup_conf }}"
19 mode: '0644'
20 loop: "{{ lp_xorg_conf }}"
21 loop_control:
22 label: "{{ item.file }}"
23 tags: lp_xorg_conf
24
25# EOF
26...
zeitgeist.yml
Synopsis: Configure zeitgeist.
Description of the task.
1---
2# linux_postinstall zeitgeist
3
4# One-way atm
5- name: "zeitgeist: Remove zeitgeist"
6 ansible.builtin.apt:
7 state: absent
8 name: zeitgeist
9 purge: true
10 when: not lp_zeitgeist_install|bool
11
12- name: "zeitgeist: Remove zeitgeist-*"
13 ansible.builtin.apt:
14 state: absent
15 name: zeitgeist-*
16 purge: true
17 when: not lp_zeitgeist_install|bool
18
19# - name: Disable zeitgeist
20# ansible.builtin.service:
21# name: zeitgeist
22# state: stopped
23# enabled: no
24# when: not lp_zeitgeist
25# "Could not find the requested service zeitgeist"
26
27# for i in zeitgeist-fts zeitgeist; do
28# systemctl --user disable $i;
29# systemctl --user stop $i;
30# systemctl --user mask $i;
31# done
32
33# EOF
34...
zfs.yml
Synopsis: Configure zfs.
Description of the task.
1---
2# linux_postinstall zfs
3
4- name: "zfs: Debug"
5 vars:
6 msg: |-
7 lp_zfs_install: {{ lp_zfs_install }}
8 lp_zfs_packages:
9 {{ lp_zfs_packages|to_nice_yaml(indent=2)|indent(2) }}
10 lp_zfs_services:
11 {{ lp_zfs_services|default([])|to_yaml(indent=2)|indent(2) }}
12 lp_zfs_manage:
13 {{ lp_zfs_manage|to_yaml(indent=2)|indent(2) }}
14 lp_zfs_mountpoints:
15 {{ lp_zfs_mountpoints|to_yaml(indent=2)|indent(2) }}
16 ansible.builtin.debug:
17 msg: "{{ '{}'.format(msg) }}"
18 when: lp_zfs_debug|bool
19 tags: lp_zfs_debug
20
21- name: "zfs: Install packages"
22 ansible.builtin.import_role:
23 name: vbotka.linux_lib
24 tasks_from: install_package.yml
25 when: lp_zfs_install|bool
26 vars:
27 ll_ipkg_list: "{{ lp_zfs_packages }}"
28 ll_ipkg_state: "{{ lp_package_state }}"
29 ll_ipkg_autoremove: "{{ lp_packages_autoremove|bool }}"
30 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host|bool }}"
31 ll_debug: "{{ lp_zfs_debug|bool }}"
32 tags: lp_zfs_packages
33
34- name: "zfs: Manage zfs services"
35 ansible.builtin.service:
36 name: "{{ item.name }}"
37 enabled: "{{ srv_enbl }}"
38 state: "{{ srv_stat }}"
39 loop: "{{ lp_zfs_services|default([]) }}"
40 loop_control:
41 label: "{{ item.name }} enabled: {{ srv_enbl }} state: {{ srv_stat }}"
42 vars:
43 srv_enbl: "{{ item.enabled|default(true) }}"
44 srv_stat: "{{ item.state|default(default_stat) }}"
45 default_stat: "{{ srv_enbl|bool|ternary('started', 'stopped') }}"
46 tags: lp_zfs_services
47
48- name: "zfs: Manage zfs"
49 community.general.zfs:
50 name: "{{ item.name }}"
51 state: "{{ item.state }}"
52 origin: "{{ item.origin|default(omit) }}"
53 extra_zfs_properties: "{{ item.extra_zfs_properties|default(omit) }}"
54 loop: "{{ lp_zfs_manage }}"
55 loop_control:
56 label: "{{ item.name }}"
57 tags: lp_zfs_manage
58
59- name: "zfs: Set mode and ownership of zfs mountpoints"
60 ansible.builtin.file:
61 state: directory
62 path: "{{ item.mountpoint }}"
63 owner: "{{ item.owner|default(omit) }}"
64 group: "{{ item.group|default(omit) }}"
65 mode: "{{ item.mode|default(omit) }}"
66 loop: "{{ lp_zfs_mountpoints }}"
67 loop_control:
68 label: "{{ item.mountpoint }}"
69 tags: lp_zfs_mountpoints
70
71# EOF
72...
vars_flavors.yml
Synopsis: Configure vars_flavors.
Description of the task.
1---
2# linux_postinstall vars: vars_flavors
3
4# Create dir lp_flavors_dir. Loop lp_flavors and get stat of
5# release_file(s). If release_file exists include tasks specific to this
6# flavor.
7
8- name: 'sub: vars_flavors: Debug'
9 vars:
10 msg: |-
11 lp_flavors_dir [{{ lp_flavors_dir }}]
12 lp_flavors_dir_owner [{{ lp_flavors_dir_owner }}]
13 lp_flavors_dir_group [{{ lp_flavors_dir_group }}]
14 lp_flavors_dir_mode [{{ lp_flavors_dir_mode }}]
15 lp_flavors
16 {{ lp_flavors|to_nice_yaml }}
17 ansible.builtin.debug:
18 msg: "{{ '{}'.format(msg) }}"
19 when: lp_debug|bool
20
21- name: 'sub: vars_flavors: Create {{ lp_flavors_dir }}'
22 ansible.builtin.file:
23 state: directory
24 path: '{{ lp_flavors_dir }}'
25 owner: '{{ lp_flavors_dir_owner }}'
26 group: '{{ lp_flavors_dir_group }}'
27 mode: '{{ lp_flavors_dir_mode }}'
28 delegate_to: localhost
29 run_once: true
30
31- name: 'sub: vars_flavors: Detect flavor'
32 ansible.builtin.stat:
33 path: '{{ item.value.release_file }}'
34 loop: '{{ lp_flavors|dict2items }}'
35 register: result
36
37- name: 'sub: vars_flavors: Debug result'
38 ansible.builtin.debug:
39 msg: "{{ result.results|json_query('[?stat.exists].item') }}"
40 when: lp_debug|bool
41
42- name: 'sub: vars_flavors: Include tasks for flavor'
43 ansible.builtin.include_tasks: "{{ 'sub/vars_flavors-' ~ outer_item.key ~ '.yml' }}"
44 loop: "{{ result.results|json_query('[?stat.exists].item') }}"
45 loop_control:
46 loop_var: outer_item
47
48# EOF
49...
vars_flavors_common.yml
Synopsis: Configure vars_flavors_common.
Description of the task.
[tasks/sub/vars_flavors_common.yml]
1---
2# linux_postinstall vars: vars-flavors-common
3
4# Fetch my_release_file from the remote host and store the file in
5# lp_flavors_dir. Read release_attr from the fetched file and include
6# vars that correspond the flavor, release and HW.
7
8# my_release_file
9- name: 'sub: vars-flavors-common: Set my_release_file'
10 ansible.builtin.set_fact:
11 my_release_file: '{{ outer_item.value.release_file }}'
12- name: 'sub: vars-flavors-common: Debug my_release_file'
13 ansible.builtin.debug:
14 var: my_release_file
15 when: lp_debug|bool
16
17# my_flavor
18- name: 'sub: vars-flavors-common: Set my_flavor'
19 ansible.builtin.set_fact:
20 my_flavor: '{{ outer_item.key }}'
21- name: 'sub: vars-flavors-common: Debug my_flavor'
22 ansible.builtin.debug:
23 var: my_flavor
24 when: lp_debug|bool
25
26# my_release_file_fetch
27- name: 'sub: vars-flavors-common: Set my_release_file_fetch'
28 ansible.builtin.set_fact:
29 my_release_file_fetch: "{{ lp_flavors_dir ~ '/' ~
30 inventory_hostname ~ '-' ~
31 my_flavor }}"
32- name: 'sub: vars-flavors-common: Fetch {{ my_release_file }} to
33 {{ my_release_file_fetch }}'
34 ansible.builtin.fetch:
35 flat: true
36 src: '{{ my_release_file }}'
37 dest: '{{ my_release_file_fetch }}'
38
39# my_release_keys
40- name: 'sub: vars-flavors-common: Clear my_release_keys'
41 ansible.builtin.set_fact:
42 my_release_keys: []
43- name: 'sub: vars-flavors-common: Set my_release_keys'
44 ansible.builtin.set_fact:
45 my_release_keys: "{{ my_release_keys|
46 default([]) + [item.split('=').0|trim] }}"
47 loop: "{{ lookup('file', my_release_file_fetch).splitlines() }}"
48 when: item is match('^(\s*[a-zA-Z0-9_]+\s*)=(.*)$')
49- name: 'sub: vars-flavors-common: Debug my_release_keys'
50 ansible.builtin.debug:
51 var: my_release_keys
52 when: lp_debug|bool
53
54# my_release_dict
55- name: 'sub: vars-flavors-common: Clear my_release_dict'
56 ansible.builtin.set_fact:
57 my_release_dict: {}
58- name: 'sub: vars-flavors-common: Set my_release_dict attributes'
59 ansible.builtin.set_fact:
60 my_release_dict: "{{ my_release_dict|
61 combine({item: lookup('ini', item ~
62 ' type=properties file=' ~
63 my_release_file_fetch)}) }}"
64 loop: '{{ my_release_keys }}'
65- name: 'sub: vars-flavors-common: Debug my_release_dict'
66 ansible.builtin.debug:
67 var: my_release_dict
68 when: lp_debug|bool
69
70# my_release
71- name: 'sub: vars-flavors-common: Add flavor to my_release'
72 ansible.builtin.set_fact:
73 my_release: '{{ my_release|
74 default({})|
75 combine({my_flavor: my_release_dict}) }}'
76- name: 'sub: vars-flavors-common: Debug my_release'
77 ansible.builtin.debug:
78 var: my_release
79 when: lp_debug|bool
80
81# my_labels
82- name: 'sub: vars-flavors-common: Set my_labels'
83 ansible.builtin.set_fact:
84 my_labels: "{{ lp_flavors[my_flavor].file_labels|
85 map('extract', my_release[my_flavor])|
86 list }}"
87- name: 'sub: vars-flavors-common: Debug my_labels'
88 ansible.builtin.debug:
89 var: my_labels
90 when: lp_debug|bool
91
92# Include default vars for flavor
93- name: 'sub: vars-flavors-common: Include default vars for flavor
94 [{{ my_labels.1 }},
95 {{ my_labels.0 }},
96 {{ my_flavor }}]'
97 ansible.builtin.include_vars: "{{ file }}"
98 vars:
99 file: "{{ lookup('first_found', params) }}"
100 params:
101 skip: "{{ lp_vars_distro_firstfound_skip|bool }}"
102 files:
103 - '{{ my_flavor }}_{{ my_labels.0 }}_{{ my_labels.1 }}.yml'
104 - '{{ my_flavor }}_{{ my_labels.0 }}.yml'
105 - '{{ my_flavor }}.yml'
106 - default.yml
107 - defaults.yml
108 paths:
109 - '{{ role_path }}/vars/flavors'
110
111# Note: skip doesn't work with first_found lookup #43833
112# https://github.com/ansible/ansible/issues/43833
113# workaround: Create empty defaults.yml
114
115# EOF
116...