Tasks
main.yml
Synopsis: Main task.
Import tasks if enabled.
1---
2# linux_postinstall tasks
3
4- name: Import vars.yml
5 ansible.builtin.import_tasks: vars.yml
6 tags: [lp_vars, always]
7
8- name: Import debug.yml
9 ansible.builtin.import_tasks: debug.yml
10 when: lp_debug | bool
11 tags: [lp_debug, always]
12
13- name: Import swap.yml
14 ansible.builtin.import_tasks: swap.yml
15 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_swap | bool
16 tags: lp_swap
17
18- name: Import modules.yml
19 ansible.builtin.import_tasks: modules.yml
20 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
21 tags: lp_modules
22
23- name: Import udev.yml
24 ansible.builtin.import_tasks: udev.yml
25 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_udev | bool
26 tags: lp_udev
27
28- name: Import fstab.yml
29 ansible.builtin.import_tasks: fstab.yml
30 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian'))
31 tags: lp_fstab
32
33- name: Import networkmanager.yml
34 ansible.builtin.import_tasks: networkmanager.yml
35 when: (ansible_facts['os_family'] == 'Debian') and lp_nm | bool
36 tags: lp_nm
37
38- name: Import netplan.yml
39 ansible.builtin.import_tasks: netplan.yml
40 when: (ansible_facts['os_family'] == 'Debian') and lp_netplan | bool
41 tags: lp_netplan
42
43- name: Import systemd.yml
44 ansible.builtin.import_tasks: systemd.yml
45 when: (ansible_facts['os_family'] == 'Debian') and lp_systemd | bool
46 tags: lp_systemd
47
48- name: Import networkd.yml
49 ansible.builtin.import_tasks: networkd.yml
50 when: (ansible_facts['os_family'] == 'Debian') and lp_networkd | bool
51 tags: lp_networkd
52
53- name: Import timezone.yml
54 ansible.builtin.import_tasks: timezone.yml
55 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_timezone | bool
56 tags: lp_timezone
57
58- name: Import timesyncd.yml
59 ansible.builtin.import_tasks: timesyncd.yml
60 when: (ansible_facts['os_family'] == 'Debian') and lp_timesyncd | bool
61 tags: lp_timesyncd
62
63- name: Import chrony.yml
64 ansible.builtin.import_tasks: chrony.yml
65 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_chrony | bool
66 tags: lp_chrony
67
68- name: Import apt.yml
69 ansible.builtin.import_tasks: apt.yml
70 when: ansible_facts['os_family'] == 'Debian' and lp_apt | bool
71 tags: lp_apt
72
73- name: Import snap.yml
74 ansible.builtin.import_tasks: snap.yml
75 when: ansible_facts['os_family'] == 'Debian' and lp_snap | bool
76 tags: lp_snap
77
78- name: Import repos.yml
79 ansible.builtin.import_tasks: repos.yml
80 when: ansible_facts['os_family'] == 'Debian'
81 tags: lp_repos
82
83- name: Import packages.yml
84 ansible.builtin.import_tasks: packages.yml
85 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
86 tags: lp_packages
87
88- name: Import upgrades.yml
89 ansible.builtin.import_tasks: auto_upgrades.yml
90 when: (ansible_facts['os_family'] == 'Debian') and lp_auto_upgrades | bool
91 tags: lp_auto_upgrades
92
93- name: Import sysctl.yml
94 ansible.builtin.import_tasks: sysctl.yml
95 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
96 tags: lp_sysctl
97
98- name: Import zfs.yml
99 ansible.builtin.import_tasks: zfs.yml
100 when: (ansible_facts['os_family'] == 'Debian') and lp_zfs | bool
101 tags: lp_zfs
102
103- name: Import hostname.yml
104 ansible.builtin.import_tasks: hostname.yml
105 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
106 tags: lp_hostname
107
108- name: Import hosts.yml
109 ansible.builtin.import_tasks: hosts.yml
110 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
111 tags: lp_hosts
112
113- name: Import iptables.yml
114 ansible.builtin.import_tasks: iptables.yml
115 when: (ansible_facts['os_family'] == 'Debian') and lp_iptables | bool
116 tags: lp_iptables
117
118- name: Import grub.yml
119 ansible.builtin.import_tasks: grub.yml
120 when: (ansible_facts['os_family'] == 'Debian') and lp_grub | bool
121 tags: lp_grub
122 # https://unix.stackexchange.com/questions/152222/
123 # equivalent-of-update-grub-for-rhel-fedora-centos-systems
124
125- name: Import groups.yml
126 ansible.builtin.import_tasks: groups.yml
127 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
128 tags: lp_groups
129
130- name: Import users.yml
131 ansible.builtin.import_tasks: users.yml
132 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
133 tags: lp_users
134
135- name: Import gpg.yml
136 ansible.builtin.import_tasks: gpg.yml
137 when: (ansible_facts['os_family'] == 'Debian') and lp_gpg | bool
138 tags: lp_gpg
139
140- name: Import passwords.yml
141 ansible.builtin.import_tasks: passwords.yml
142 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian') and lp_passwords | bool
143 tags: lp_passwords
144
145- name: Import sudoers.yml
146 ansible.builtin.import_tasks: sudoers.yml
147 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
148 tags: lp_sudoers
149
150- name: Import keys.yml
151 ansible.builtin.import_tasks: authorized_keys.yml
152 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
153 tags: lp_authorized_keys
154
155- name: Import aliases.yml
156 ansible.builtin.import_tasks: aliases.yml
157 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_aliases | bool
158 tags: lp_aliases
159
160- name: Import utils.yml
161 ansible.builtin.import_tasks: pm_utils.yml
162 when: (ansible_facts['os_family'] == 'Debian') and lp_pm | bool
163 tags: lp_pm
164
165- name: Import ssh.yml
166 ansible.builtin.import_tasks: ssh.yml
167 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_ssh | bool
168 tags: lp_ssh
169
170- name: Import sshd.yml
171 ansible.builtin.import_tasks: sshd.yml
172 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_sshd | bool
173 tags: lp_sshd
174
175- name: Import bluetooth.yml
176 ansible.builtin.import_tasks: bluetooth.yml
177 when: (ansible_facts['os_family'] == 'Debian') and lp_bluetooth | bool
178 tags: lp_bluetooth
179
180- name: Import xorg.yml
181 ansible.builtin.import_tasks: xorg.yml
182 when: (ansible_facts['os_family'] == 'Debian') and lp_xorg | bool
183 tags: lp_xorg
184
185- name: Import cron.yml
186 ansible.builtin.import_tasks: cron.yml
187 when: (ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')
188 tags: lp_cron
189
190- name: Import modemmanager.yml
191 ansible.builtin.import_tasks: modemmanager.yml
192 when: (ansible_facts['os_family'] == 'Debian') and lp_modemmanager | bool
193 tags: lp_modemmanager
194
195- name: Import gpsd.yml
196 ansible.builtin.import_tasks: gpsd.yml
197 when: (ansible_facts['os_family'] == 'Debian') and lp_gpsd | bool
198 tags: lp_gpsd
199
200- name: Import postfix.yml
201 ansible.builtin.import_tasks: postfix.yml
202 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_postfix | bool
203 tags: lp_postfix
204
205- name: Import smart.yml
206 ansible.builtin.import_tasks: smart.yml
207 when: (ansible_facts['os_family'] == 'Debian') and lp_smart | bool
208 tags: lp_smart
209
210- name: Import apparmor.yml
211 ansible.builtin.import_tasks: apparmor.yml
212 when: (ansible_facts['os_family'] == 'Debian') and lp_apparmor | bool
213 tags: lp_apparmor
214
215- name: Flush handlers
216 ansible.builtin.meta: flush_handlers
217
218- name: Import zeitgeist.yml
219 ansible.builtin.import_tasks: zeitgeist.yml
220 when: (ansible_facts['os_family'] == 'Debian') and lp_zeitgeist | bool
221 tags: lp_zeitgeist
222
223- name: Import lid.yml
224 ansible.builtin.import_tasks: lid.yml
225 when: (ansible_facts['os_family'] == 'Debian') and lp_lid | bool
226 tags: lp_lid
227
228- name: Import acpi.yml
229 ansible.builtin.import_tasks: acpi.yml
230 when: (ansible_facts['os_family'] == 'Debian') and lp_acpi | bool
231 tags: lp_acpi
232
233- name: Import speechd.yml
234 ansible.builtin.import_tasks: speechd.yml
235 when: (ansible_facts['os_family'] == 'Debian') and lp_speechd | bool
236 tags: lp_speechd
237
238- name: Import nfsd.yml
239 ansible.builtin.import_tasks: nfsd.yml
240 when: (ansible_facts['os_family'] == 'Debian') and lp_nfsd | bool
241 tags: lp_nfsd
242
243- name: Flush handlers
244 ansible.builtin.meta: flush_handlers
245- name: Import latex.yml
246 ansible.builtin.import_tasks: latex.yml
247 when: (ansible_facts['os_family'] == 'Debian') and lp_latex | bool
248 tags: lp_latex
249
250- name: Import kvm.yml
251 ansible.builtin.import_tasks: kvm.yml
252 when: (ansible_facts['os_family'] == 'Debian') and lp_kvm | bool
253 tags: lp_kvm
254
255- name: Import xen.yml
256 ansible.builtin.import_tasks: xen.yml
257 when: (ansible_facts['os_family'] == 'Debian') and lp_xen | bool
258 tags: lp_xen
259
260- name: Import virtualbox.yml
261 ansible.builtin.import_tasks: virtualbox.yml
262 when: (ansible_facts['os_family'] == 'Debian') and lp_virtualbox | bool
263 tags: lp_virtualbox
264
265- name: Import wpagui.yml
266 ansible.builtin.import_tasks: wpagui.yml
267 when: (ansible_facts['os_family'] == 'Debian') and lp_wpagui | bool
268 tags: lp_wpagui
269
270- name: Import wpasupplicant.yml
271 ansible.builtin.import_tasks: wpasupplicant.yml
272 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_wpasupplicant | bool
273 tags: lp_wpasupplicant
274
275- name: Import logrotate.yml
276 ansible.builtin.import_tasks: logrotate.yml
277 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_logrotate | bool
278 tags: lp_logrotate
279
280- name: Import tlp.yml
281 ansible.builtin.import_tasks: tlp.yml
282 when: (ansible_facts['os_family'] == 'Debian') and lp_tlp | bool
283 tags: lp_tlp
284
285- name: Import autofs.yml
286 ansible.builtin.import_tasks: autofs.yml
287 when: (ansible_facts['os_family'] == 'Debian') and lp_autofs | bool
288 tags: lp_autofs
289
290- name: Import libvirt.yml
291 ansible.builtin.import_tasks: libvirt.yml
292 when: (ansible_facts['os_family'] == 'Debian') and lp_libvirt | bool
293 tags: lp_libvirt
294
295- name: Import ufw.yml
296 ansible.builtin.import_tasks: ufw.yml
297 when: (ansible_facts['os_family'] == 'Debian') and lp_ufw | bool
298 tags: lp_ufw
299
300- name: Import debsums.yml
301 ansible.builtin.import_tasks: debsums.yml
302 when: (ansible_facts['os_family'] == 'Debian') and lp_debsums | bool
303 tags: lp_debsums
304
305- name: Flush handlers
306 ansible.builtin.meta: flush_handlers
307- name: Import rc_local.yml
308 ansible.builtin.import_tasks: rc_local.yml
309 when: (ansible_facts['os_family'] == 'Debian') and lp_rc_local | bool
310 tags: lp_rc_local
311
312- name: Import resolvconf.yml
313 ansible.builtin.import_tasks: resolvconf.yml
314 when: (ansible_facts['os_family'] == 'Debian') and lp_resolvconf | bool
315 tags: lp_resolvconf
316
317- name: Import dnsmasq.yml
318 ansible.builtin.import_tasks: dnsmasq.yml
319 when: (ansible_facts['os_family'] == 'Debian') and lp_dnsmasq | bool
320 tags: lp_dnsmasq
321
322- name: Import service.yml
323 ansible.builtin.import_tasks: service.yml
324 tags: lp_service
325
326- name: Import reboot.yml
327 ansible.builtin.import_tasks: reboot.yml
328 when: ((ansible_facts['os_family'] == 'RedHat') or (ansible_facts['os_family'] == 'Debian')) and lp_reboot | bool
329 tags: lp_reboot
330
331# EOF
acpi.yml
Synopsis: Configure acpi
Description of the task.
1---
2# linux_postinstall acpi
3
4- name: "Acpi: Debug lp_acpi_debug={{ lp_acpi_debug }}"
5 when: lp_acpi_debug | bool
6 tags: lp_acpi_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 ansible_distribution: {{ ansible_facts['distribution'] }}
11 ansible_distribution_version: {{ ansible_facts['distribution_version'] }}
12 ansible_distribution_release: {{ ansible_facts['distribution_release'] }}
13
14 lp_acpi_install: {{ lp_acpi_install }}
15 lp_acpi_enable: {{ lp_acpi_enable }}
16 lp_acpi_service: {{ lp_acpi_service }}
17 lp_acpi_dir: {{ lp_acpi_dir }}
18 lp_acpi_owner: {{ lp_acpi_owner }}
19 lp_acpi_group: {{ lp_acpi_group }}
20 lp_acpi_event_mode: {{ lp_acpi_event_mode }}
21 lp_acpi_action_mode: {{ lp_acpi_action_mode }}
22 lp_acpi_packages: {{ lp_acpi_packages }}
23
24 lp_acpi_events:
25 {{ lp_acpi_events | to_nice_yaml(indent=2) | indent(2) }}
26 lp_acpi_actions:
27 {{ lp_acpi_actions | to_nice_yaml(indent=2) | indent(2) }}
28 ansible.builtin.debug:
29 msg: "{{ '{}'.format(msg) }}"
30
31- name: "Acpi: Install packages"
32 when: lp_acpi_install | bool
33 tags: lp_acpi_packages
34 vars:
35 ll_ipkg_list: "{{ lp_acpi_packages }}"
36 ll_ipkg_state: "{{ lp_package_state }}"
37 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
38 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
39 ll_debug: "{{ lp_acpi_debug | bool }}"
40 ansible.builtin.import_role:
41 name: vbotka.linux_lib
42 tasks_from: install_package.yml
43
44- name: "Acpi: Configure {{ lp_acpi_dir ~ '/events' }}"
45 tags: lp_acpi_events
46 notify: restart acpid
47 ansible.builtin.template:
48 src: "{{ item.value.template }}"
49 dest: "{{ lp_acpi_dir }}/events/{{ item.value.file }}"
50 owner: "{{ lp_acpi_owner }}"
51 group: "{{ lp_acpi_group }}"
52 mode: "{{ lp_acpi_event_mode }}"
53 backup: "{{ lp_backup_conf }}"
54 loop: "{{ lp_acpi_events | dict2items }}"
55 loop_control:
56 label: "{{ item.key }}"
57
58- name: "Acpi: Create actions in {{ lp_acpi_dir }}"
59 tags: lp_acpi_actions
60 notify: restart acpid
61 ansible.builtin.template:
62 src: "{{ item.value.template }}"
63 dest: "{{ lp_acpi_dir }}/{{ item.value.file }}"
64 owner: "{{ lp_acpi_owner }}"
65 group: "{{ lp_acpi_group }}"
66 mode: "{{ lp_acpi_action_mode }}"
67 backup: "{{ lp_backup_conf }}"
68 loop: "{{ lp_acpi_actions | dict2items }}"
69 loop_control:
70 label: "{{ item.value.file }}"
71
72- name: "Acpi: Service/State {{ state ~ '/' ~ enable }}"
73 tags: lp_acpi_service
74 register: result
75 vars:
76 enabled: "{{ lp_acpi_enable | bool | d(false) }}"
77 state: "{{ lp_acpi_state | d(default_state) }}"
78 default_state: "{{ enabled | ternary('started', 'stopped') }}"
79 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
80 ansible.builtin.service:
81 name: "{{ lp_acpi_service }}"
82 state: "{{ state }}"
83 enabled: "{{ enabled }}"
84
85# EOF
aliases.yml
Synopsis: Configure aliases
Description of the task.
1---
2# linux_postinstall aliases
3
4- name: "Aliases: Configure /etc/aliases"
5 notify: newaliases
6 ansible.builtin.template:
7 src: aliases.j2
8 dest: /etc/aliases
9 owner: root
10 group: root
11 mode: "0644"
12 backup: "{{ lp_backup_conf }}"
13
14# EOF
See also
Handler newaliases.yml
Template aliases.j2
apt.yml
Synopsis: Configure apt
Description of the task.
1---
2# linux_postinstall apt
3
4- name: "Apt: Debug lp_apt_debug={{ lp_apt_debug }}"
5 when: lp_apt_debug | bool
6 tags: lp_apt_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_apt_conf:
11 {{ lp_apt_conf | to_nice_yaml(indent=2) | indent(2) }}
12 lp_backup_conf: {{ lp_backup_conf }}
13 ansible.builtin.debug:
14 msg: "{{ '{}'.format(msg) }}"
15
16- name: "Apt: Configure /etc/apt/apt.conf.d"
17 notify: "{{ item.notify | d(omit) }}"
18 tags: lp_apt_conf
19 ansible.builtin.template:
20 src: "{{ item.template | d('apt-confd.j2') }}"
21 dest: /etc/apt/apt.conf.d/{{ item.file }}
22 owner: "{{ item.owner | d('root') }}"
23 group: "{{ item.group | d('root') }}"
24 mode: "{{ item.mode | d('0644') }}"
25 backup: "{{ lp_backup_conf }}"
26 loop: "{{ lp_apt_conf }}"
27 loop_control:
28 label: "{{ item.file }}"
29
30# EOF
See also
Template apt_confd.j2
apparmor.yml
Synopsis: Configure apparmor
Description of the task.
1---
2# linux_postinstall apparmor
3
4- name: "Apparmor: Debug lp_apparmor_debug={{ lp_apparmor_debug }}"
5 when: lp_apparmor_debug | bool
6 tags: lp_apparmor_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_apparmor_install: {{ lp_apparmor_install }}
11 lp_apparmor_packages:
12 {{ lp_apparmor_packages | to_nice_yaml(indent=2) | indent(2) }}
13 lp_backup_conf: {{ lp_backup_conf }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16
17- name: "Apparmor: Install packages"
18 when: lp_apparmor_install | bool
19 tags: lp_apparmor_packages
20 vars:
21 ll_ipkg_list: "{{ lp_apparmor_packages }}"
22 ll_ipkg_state: "{{ lp_package_state }}"
23 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
24 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
25 ll_debug: "{{ lp_apparmor_debug | bool }}"
26 ansible.builtin.import_role:
27 name: vbotka.linux_lib
28 tasks_from: install_package.yml
29
30- name: "Apparmor: Create list of profiles"
31 tags: lp_apparmor_profiles
32
33 block:
34 - name: "Apparmor: List profiles"
35 register: result
36 changed_when: false
37 ansible.builtin.shell:
38 cmd: >
39 set -o pipefail && aa-status --json | jq .profiles | jq to_entries
40 executable: /usr/bin/bash
41
42 - name: "Apparmor: Debug: List of profiles lp_apparmor_debug={{ lp_apparmor_debug }}"
43 when: lp_apparmor_debug | bool
44 ansible.builtin.debug:
45 var: result
46
47 - name: "Apparmor: Instantiate profiles"
48 ansible.builtin.set_fact:
49 lp_apparmor_profiles_enforce: "{{ lp_apparmor_profiles_enforce }}"
50 lp_apparmor_profiles_complain: "{{ lp_apparmor_profiles_complain }}"
51
52 - name: "Apparmor: Debug profiles lp_apparmor_debug={{ lp_apparmor_debug }}"
53 when: lp_apparmor_debug | bool
54 ansible.builtin.debug:
55 msg: |
56 lp_apparmor_profiles_enforce:
57 {{ lp_apparmor_profiles_enforce | to_nice_yaml(indent=2) | indent(2) }}
58 lp_apparmor_profiles_complain:
59 {{ lp_apparmor_profiles_complain | to_nice_yaml(indent=2) | indent(2) }}
60
61- name: "Apparmor: Disable profiles"
62 when: item in lp_apparmor_profiles_enforce or item in lp_apparmor_profiles_complain
63 tags: lp_apparmor_disable
64 ansible.builtin.command: # noqa: no-changed-when
65 cmd: >
66 aa-disable {{ item }}
67 loop: "{{ lp_apparmor_disable }}"
68
69- name: "Apparmor: Enforce profiles"
70 when: item not in lp_apparmor_profiles_enforce
71 tags: lp_apparmor_enforce
72 ansible.builtin.command: # noqa: no-changed-when
73 cmd: >
74 aa-enforce {{ item }}
75 loop: "{{ lp_apparmor_enforce }}"
76
77- name: "Apparmor: Complain profiles"
78 when: item not in lp_apparmor_profiles_complain
79 tags: lp_apparmor_complain
80 ansible.builtin.command: # noqa: no-changed-when
81 cmd: >
82 aa-complain {{ item }}
83 loop: "{{ lp_apparmor_complain }}"
84
85- name: Service
86 tags: lp_apparmor_service
87 block:
88
89 - name: "Apparmor: Service {{ state ~ ' and ' ~ enable }}"
90 register: result
91 vars:
92 enabled: "{{ lp_apparmor_enable | bool | d(false) }}"
93 state: "{{ lp_apparmor_state | d(default_state) }}"
94 default_state: "{{ enabled | ternary('started', 'stopped') }}"
95 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
96 ansible.builtin.service:
97 name: "{{ lp_apparmor_service }}"
98 state: "{{ state }}"
99 enabled: "{{ enabled }}"
100
101 - name: "Apparmor: Debug service lp_apparmor_debug={{ lp_apparmor_debug }}"
102 when: lp_apparmor_debug | bool
103 ansible.builtin.debug:
104 var: result
105
106# EOF
autofs.yml
Synopsis: Configure autofs
Description of the task.
1---
2# linux_postinstall autofs
3
4- name: "Autofs: Debug lp_autofs_debug={{ lp_autofs_debug }}"
5 when: lp_autofs_debug | bool
6 tags: lp_autofs_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_autofs_install: {{ lp_autofs_install }}
11 lp_autofs_enable: {{ lp_autofs_enable }}
12 lp_autofs_flush_handlers: {{ lp_swap_flush_handlers }}
13 lp_autofs_rescue_end_host: {{ lp_swap_rescue_end_host }}
14 lp_autofs_service: {{ lp_autofs_service }}
15 lp_autofs_conf_file: {{ lp_autofs_conf_file }}
16 lp_autofs_conf:
17 {{ lp_autofs_conf | to_nice_yaml(indent=2) | indent(2) }}
18 lp_autofs_master_conf_file: {{ lp_autofs_master_conf_file }}
19 lp_autofs_master_conf:
20 {{ lp_autofs_master_conf | to_nice_yaml(indent=2) | indent(2) }}
21 lp_autofs_misc_conf_file: {{ lp_autofs_misc_conf_file }}
22 lp_autofs_misc_conf:
23 {{ lp_autofs_misc_conf | to_nice_yaml(indent=2) | indent(2) }}
24 lp_autofs_packages:
25 {{ lp_autofs_packages | to_nice_yaml(indent=2) | indent(2) }}
26 lp_backup_conf: {{ lp_backup_conf }}
27 ansible.builtin.debug:
28 msg: "{{ '{}'.format(msg) }}"
29
30- name: "Autofs: Install packages"
31 when: lp_autofs_install | bool
32 tags: lp_autofs_packages
33 vars:
34 ll_ipkg_list: "{{ lp_autofs_packages }}"
35 ll_ipkg_state: "{{ lp_package_state }}"
36 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
37 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
38 ll_debug: "{{ lp_autofs_debug | bool }}"
39 ansible.builtin.import_role:
40 name: vbotka.linux_lib
41 tasks_from: install_package.yml
42
43- name: Configure autofs
44 notify: reload autofs
45 block:
46
47 - name: "Autofs: Configure {{ lp_autofs_conf_file }}"
48 tags: lp_autofs_conf
49 ansible.builtin.lineinfile:
50 dest: "{{ lp_autofs_conf_file }}"
51 regexp: ^\s*{{ item.key }}\s*=\s*(.*)$
52 line: "{{ item.key }} = {{ item.value }}"
53 backup: "{{ lp_backup_conf }}"
54 loop: "{{ lp_autofs_conf }}"
55
56 - name: "Autofs: Configure {{ lp_autofs_master_conf_file }}"
57 tags: lp_autofs_master_conf
58 ansible.builtin.lineinfile:
59 dest: "{{ lp_autofs_master_conf_file }}"
60 regexp: ^\s*{{ item.key }}\s*(.*)$
61 line: "{{ item.key }} {{ item.value }}"
62 backup: "{{ lp_backup_conf }}"
63 loop: "{{ lp_autofs_master_conf }}"
64
65 - name: "Autofs: Configure {{ lp_autofs_misc_conf_file }}"
66 tags: lp_autofs_misc_conf
67 ansible.builtin.lineinfile:
68 dest: "{{ lp_autofs_misc_conf_file }}"
69 regexp: ^\s*{{ item.key }}\s*(.*)$
70 line: "{{ item.key }} {{ item.value }}"
71 backup: "{{ lp_backup_conf }}"
72 loop: "{{ lp_autofs_misc_conf }}"
73
74- name: Service autofs
75 tags: lp_autofs_service
76 block:
77
78 - name: "Autofs: Service {{ state ~ ' and ' ~ enable }}"
79 register: result
80 vars:
81 enabled: "{{ lp_autofs_enable | bool }}"
82 state: "{{ lp_sutofs_state | d(default_state) }}"
83 default_state: "{{ enabled | ternary('started', 'stopped') }}"
84 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
85 ansible.builtin.service:
86 name: "{{ lp_autofs_service }}"
87 state: "{{ state }}"
88 enabled: "{{ enabled }}"
89
90 - name: "Autofs: Debug service lp_autofs_debug={{ lp_autofs_debug }}"
91 when: lp_autofs_debug | bool
92 ansible.builtin.debug:
93 var: result
94
95 rescue:
96
97 - name: "Autofs: Print errors"
98 ansible.builtin.debug:
99 msg: |
100 [ERR] task {{ ansible_failed_task.name }} failed. End host.
101 ansible_failed_task:
102 {{ ansible_failed_task | to_yaml(indent=2) | indent(2) }}
103 ansible_failed_result:
104 {{ ansible_failed_result | to_yaml(indent=2) | indent(2) }}
105
106 - name: "Autofs: End host"
107 when: lp_autofs_rescue_end_host | bool
108 ansible.builtin.meta: end_host
109
110 - name: "Autofs: Clear host errors"
111 ansible.builtin.meta: clear_host_errors
112
113- name: "Autofs: Flush handlers"
114 ansible.builtin.meta: flush_handlers
115 when: lp_autofs_flush_handlers | bool
116
117# EOF
See also
Handler autofs.yml
auto_upgrades.yml
Synopsis: Configure auto_upgrades
Description of the task.
1---
2# linux_postinstall auto_upgrades
3
4- name: "Auto_upgrades: Configure /etc/apt/apt.conf.d/20auto-upgrades"
5 tags: lp_auto_upgrades_conf
6 ansible.builtin.template:
7 src: auto-upgrades.j2
8 dest: /etc/apt/apt.conf.d/20auto-upgrades
9 owner: root
10 group: root
11 mode: "0644"
12 backup: "{{ lp_backup_conf }}"
13
14- name: Service
15 tags: lp_auto_upgrades_service
16 block:
17
18 - name: "Auto_upgrades: Service {{ state ~ ' and ' ~ enable }}"
19 register: result
20 vars:
21 enabled: "{{ lp_auto_upgrades_enable | bool }}"
22 state: "{{ lp_auto_upgrades_state | d(default_state) }}"
23 default_state: "{{ enabled | ternary('started', 'stopped') }}"
24 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
25 ansible.builtin.service:
26 name: "{{ lp_auto_upgrades_service }}"
27 state: "{{ state }}"
28 enabled: "{{ enabled }}"
29
30 - name: "Auto_upgrades: Debug service lp_auto_upgrades_debug={{ lp_auto_upgrades_debug }}"
31 when: lp_auto_upgrades_debug | bool
32 ansible.builtin.debug:
33 var: result
34
35# EOF
bluetooth.yml
Synopsis: Configure bluetooth
Description of the task.
1---
2# linux_postinstall bluetooth
3
4- name: "Bluetooth: Debug lp_bluetooth_debug={{ lp_bluetooth_debug }}"
5 when: lp_bluetooth_debug | bool
6 tags: lp_bluetooth_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_bluetooth_enable: {{ lp_bluetooth_enable }}
11 lp_bluetooth_main_conf:
12 {{ lp_bluetooth_main_conf | to_yaml(indent=2) | indent(2) }}
13 lp_bluetooth_ini:
14 {{ lp_bluetooth_ini | to_yaml(indent=2) | indent(2) }}
15 lp_backup_conf: {{ lp_backup_conf }}
16 ansible.builtin.debug:
17 msg: "{{ '{}'.format(msg) }}"
18
19- name: Configure bluetooth
20 notify: restart bluetooth
21 block:
22
23 - name: "Bluetooth: Configure /etc/bluetooth/main.conf"
24 tags: lp_bluetooth_conf
25 ansible.builtin.lineinfile:
26 dest: /etc/bluetooth/main.conf
27 regexp: ^\s*{{ item.key }}\s*=\s*(.*)$
28 insertbefore: ^[\s#]*{{ item.key }}(.*)$
29 line: "{{ item.key }} = {{ item.value }}"
30 backup: "{{ lp_backup_conf }}"
31 loop: "{{ lp_bluetooth_main_conf }}"
32 loop_control:
33 label: "{{ item.key }} {{ item.value }}"
34
35 - name: "Bluetooth: Configure bluetooth"
36 tags: lp_bluetooth_ini
37 community.general.ini_file:
38 path: "{{ item.0.path }}"
39 mode: "{{ item.0.mode }}"
40 section: "{{ item.1.section }}"
41 option: "{{ item.1.option | d(omit) }}"
42 value: "{{ item.1.value }}"
43 backup: "{{ lp_backup_conf }}"
44 loop: "{{ lp_bluetooth_ini | subelements('conf') }}"
45 loop_control:
46 label: "{{ item.1.option }}: {{ item.1.value }}"
47
48- name: Service bluetooth
49 tags: lp_bluetooth_service
50 block:
51
52 - name: "Bluetooth: Service {{ state ~ ' and ' ~ enable }}"
53 register: result
54 vars:
55 enabled: "{{ lp_bluetooth_enable | bool | d(false) }}"
56 state: "{{ lp_bluetooth_state | d(default_state) }}"
57 default_state: "{{ enabled | ternary('started', 'stopped') }}"
58 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
59 ansible.builtin.service:
60 name: "{{ lp_bluetooth_service }}"
61 state: "{{ state }}"
62 enabled: "{{ enabled }}"
63
64 - name: "Bluetooth: Debug service lp_bluetooth_debug={{ lp_bluetooth_debug }}"
65 when: lp_bluetooth_debug | bool
66 ansible.builtin.debug:
67 var: result
68
69# EOF
See also
Handler bluetooth.yml
chrony.yml
Synopsis: Configure chrony
Description of the task.
1---
2# linux_postinstall chrony
3
4- name: "Chrony: Debug lp_chrony_debug={{ lp_chrony_debug }}"
5 when: lp_chrony_debug | bool
6 tags: lp_chrony_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 ansible_distribution: {{ ansible_facts['distribution'] }}
11 ansible_distribution_version: {{ ansible_facts['distribution_version'] }}
12 ansible_distribution_release: {{ ansible_facts['distribution_release'] }}
13
14 lp_backup_conf: {{ lp_backup_conf }}
15
16 lp_chrony_install: {{ lp_chrony_install }}
17 lp_chrony_enable: {{ lp_chrony_enable }}
18 lp_chrony_service: {{ lp_chrony_service }}
19 lp_chrony_sanity: {{ lp_chrony_sanity }}
20 lp_chrony_service_exists_fatal: {{ lp_chrony_service_exists_fatal }}
21 lp_chrony_rescue_end_host: {{ lp_swap_rescue_end_host }}
22 lp_chrony_flush_handlers: {{ lp_swap_flush_handlers }}
23 lp_chrony_conf_file: {{ lp_chrony_conf_file }}
24 lp_chrony_conf_file_orig: {{ lp_chrony_conf_file_orig }}
25 lp_chrony_conf_template: {{ lp_chrony_conf_template }}
26 lp_chrony_conf:
27 {{ lp_chrony_conf | to_nice_yaml(indent=2) | indent(2) }}
28 lp_chrony_packages:
29 {{ lp_chrony_packages | to_nice_yaml(indent=2) | indent(2) }}
30 ansible.builtin.debug:
31 msg: "{{ '{}'.format(msg) }}"
32
33- name: Sanity
34 when: lp_chrony_sanity | bool
35 tags: lp_chrony_sanity
36 block:
37
38 - name: "Chrony: sanity: Assert chrony and timesyncd packages mutually exclusive."
39 ansible.builtin.assert:
40 that: not (lp_chrony_install | bool and lp_timesyncd_install | bool)
41 fail_msg: >
42 [ERR] Packages for chrony and timesyncd are mutually exclusive.
43
44 - name: "Chrony: sanity: Assert chrony and timesyncd services mutually exclusive."
45 ansible.builtin.assert:
46 that: not (lp_chrony_enable | bool and lp_timesyncd_enable | bool)
47 fail_msg: >
48 [ERR] Services {{ lp_chrony_service }} and {{ lp_timesyncd_service }}
49 are mutually exclusive.
50
51 - name: "Chrony: sanity: Get package facts"
52 ansible.builtin.package_facts:
53
54 - name: "Chrony: sanity: Assert installed lp_chrony_packages in ansible_check_mode"
55 ansible.builtin.assert:
56 that: missing | length == 0
57 fail_msg: >
58 [ERR] Packages must be installed before running --check
59 Missing packages: {{ missing }}
60 vars:
61 missing: "{{ lp_chrony_packages | difference(ansible_facts.packages) }}"
62 when: ansible_check_mode
63
64- name: "Chrony: Install packages"
65 when: lp_chrony_install | bool
66 tags: lp_chrony_packages
67 vars:
68 ll_ipkg_list: "{{ lp_chrony_packages }}"
69 ll_ipkg_state: "{{ lp_package_state }}"
70 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
71 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
72 ll_debug: "{{ lp_chrony_debug | bool }}"
73 ansible.builtin.import_role:
74 name: vbotka.linux_lib
75 tasks_from: install_package.yml
76
77- name: Set lp_chrony_service_exists/found
78 block:
79
80 - name: "Chrony: Get Service facts"
81 ansible.builtin.service_facts:
82
83 - name: "Chrony: Set lp_chrony_service_exists/found={{ exists ~ '/' ~ found }}"
84 vars:
85 service: "{{ lp_chrony_service | splitext | first }}.service"
86 exists: "{{ service in ansible_facts.services }}"
87 found: "{{ ansible_facts.services[service]['status'] | d('not-found') != 'not-found' }}"
88 ansible.builtin.set_fact:
89 lp_chrony_service_exists: "{{ exists }}"
90 lp_chrony_service_found: "{{ found }}"
91
92 - name: "Chrony: Debug lp_timesyncd_service lp_timesyncd_debug={{ lp_timesyncd_debug }}"
93 when: lp_chrony_debug | bool
94 vars:
95 service: "{{ lp_chrony_service | splitext | first }}.service"
96 ansible.builtin.debug:
97 msg: |
98 lp_chrony_service_exists: {{ lp_chrony_service_exists }}
99 lp_chrony_service_found: {{ lp_chrony_service_found }}
100 {% if lp_chrony_service_exists %}
101 {{ service }}:
102 {{ ansible_facts.services[service] | to_nice_yaml(indent=2) | indent(2) }}
103 {% endif %}
104
105 - name: "Chrony: Assert exists and found {{ lp_chrony_service }}"
106 when: lp_chrony_service_exists_fatal | bool
107 ansible.builtin.assert:
108 that:
109 - lp_chrony_service_exists
110 - lp_chrony_service_found
111 fail_msg: "[ERR] Service {{ lp_chrony_service }} must exists and be found."
112
113- name: Configure chrony
114 block:
115
116 - name: "Chrony: Keep original {{ lp_chrony_conf_file }}"
117 when: lp_chrony_conf_file_orig | bool
118 tags: lp_chrony_conf_orig
119 ansible.builtin.copy:
120 src: "{{ lp_chrony_conf_file }}"
121 dest: "{{ lp_chrony_conf_file }}.orig"
122 mode: "0644"
123 remote_src: true
124 force: false
125
126 - name: "Chrony: Configure {{ lp_chrony_conf_file }}"
127 tags: lp_chrony_conf
128 notify: restart chrony
129 ansible.builtin.template:
130 src: "{{ lp_chrony_conf_template }}"
131 dest: "{{ lp_chrony_conf_file }}"
132 owner: root
133 group: root
134 mode: "0644"
135 backup: "{{ lp_backup_conf }}"
136
137- name: Service chrony
138 tags: lp_chrony_service
139 block:
140
141 - name: "Chrony: Set service state/status {{ state ~ '/' ~ enable }}"
142 register: result
143 vars:
144 enabled: "{{ lp_chrony_enable | bool | d(false) }}"
145 default_state: "{{ enabled | ternary('started', 'stopped') }}"
146 state: "{{ lp_chrony_state | d(default_state) }}"
147 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
148 ansible.builtin.service:
149 name: "{{ lp_chrony_service }}"
150 state: "{{ state }}"
151 enabled: "{{ enabled }}"
152
153 - name: "Chrony: Debug set state/status result lp_chrony_debug2={{ lp_chrony_debug2 | d(false) | bool }}"
154 when: lp_chrony_debug2 | d(false) | bool
155 ansible.builtin.debug:
156 var: result
157
158 rescue:
159 - name: "Chrony: Print errors"
160 ansible.builtin.debug:
161 msg: |
162 [ERR] task {{ ansible_failed_task.name }} failed. End host.
163 ansible_failed_task:
164 {{ ansible_failed_task | to_yaml(indent=2) | indent(2) }}
165 ansible_failed_result:
166 {{ ansible_failed_result | to_yaml(indent=2) | indent(2) }}
167
168 - name: "Chrony: End host"
169 ansible.builtin.meta: end_host
170 when: lp_chrony_rescue_end_host | bool
171
172 - name: "Chrony: Clear host errors"
173 ansible.builtin.meta: clear_host_errors
174
175- name: "Chrony: Flush handlers"
176 ansible.builtin.meta: flush_handlers
177 when: lp_chrony_flush_handlers | bool
178 tags: lp_chrony_flush_handlers
179
180# EOF
cron.yml
Synopsis: Configure cron
Description of the task.
1---
2# linux_postinstall cron
3
4- name: "Cron: Configure cron variables"
5 tags: lp_cron_var
6 community.general.cronvar:
7 name: "{{ item.name }}"
8 value: "{{ item.value }}"
9 user: "{{ item.user }}"
10 loop: "{{ lp_cron_var }}"
11
12- name: "Cron: Configure cron"
13 tags: lp_cron_tab
14 ansible.builtin.cron:
15 state: "{{ item.state }}"
16 user: "{{ item.user }}"
17 name: "{{ item.name }}"
18 minute: "{{ item.minute }}"
19 hour: "{{ item.hour }}"
20 day: "{{ item.day }}"
21 month: "{{ item.month }}"
22 weekday: "{{ item.weekday }}"
23 job: "{{ item.command }}"
24 loop: "{{ lp_cron_tab }}"
25 loop_control:
26 label: "{{ item.name }}"
27
28# EOF
debsums.yml
Synopsis: Configure debsums
Description of the task.
1---
2# linux_postinstall debsums
3
4- name: "Debsums: Debug lp_debsums_debug={{ lp_debsums_debug }}"
5 when: lp_debsums_debug | bool
6 tags: lp_debsums_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_debsums_install: {{ lp_debsums_install }}
11 lp_debsums_default_file: {{ lp_debsums_default_file }}
12 lp_debsums_default_conf:
13 {{ lp_debsums_default_conf | to_yaml(indent=2) | indent(2) }}
14 lp_debsums_ignore_file: {{ lp_debsums_ignore_file }}
15 lp_debsums_ignore_conf:
16 {{ lp_debsums_ignore_conf | to_nice_yaml(indent=2) | indent(2) }}
17 lp_debsums_packages:
18 {{ lp_debsums_packages | to_nice_yaml(indent=2) | indent(2) }}
19 lp_backup_conf: {{ lp_backup_conf }}
20 ansible.builtin.debug:
21 msg: "{{ '{}'.format(msg) }}"
22
23- name: "Debsums: Install packages"
24 when: lp_debsums_install | bool
25 tags: lp_debsums_packages
26 vars:
27 ll_ipkg_list: "{{ lp_debsums_packages }}"
28 ll_ipkg_state: "{{ lp_package_state }}"
29 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
30 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
31 ll_debug: "{{ lp_debsums_debug | bool }}"
32 ansible.builtin.import_role:
33 name: vbotka.linux_lib
34 tasks_from: install_package.yml
35
36- name: "Debsums: Configure {{ lp_debsums_default_file }}"
37 tags: lp_debsums_default_conf
38 ansible.builtin.lineinfile:
39 dest: "{{ lp_debsums_default_file }}"
40 state: "{{ item.state | d(omit) }}"
41 regexp: ^\s*{{ item.key }}\s*=(.*)$
42 line: "{{ item.key }}={{ item.value }}"
43 backup: "{{ lp_backup_conf }}"
44 create: true
45 mode: "0644"
46 loop: "{{ lp_debsums_default_conf }}"
47
48- name: "Debsums: Configure {{ lp_debsums_ignore_file }}"
49 tags: lp_debsums_ignore_conf
50 ansible.builtin.lineinfile:
51 dest: "{{ lp_debsums_ignore_file }}"
52 state: "{{ item.state | d(omit) }}"
53 line: "{{ item }}"
54 backup: "{{ lp_backup_conf }}"
55 create: true
56 mode: "0644"
57 loop: "{{ lp_debsums_ignore_conf }}"
58
59# EOF
debug.yml
Synopsis: Configure debug
Description of the task.
1---
2# Hint: Get readable output with stdout_callback = yaml
3
4- name: Debug
5 vars:
6 msg: |-
7 lp_role_version: {{ lp_role_version }}
8 ansible_architecture: {{ ansible_facts['architecture'] }}
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 ansible_distribution: {{ ansible_facts['distribution'] }}
11 ansible_distribution_major_version: {{ ansible_distribution_major_version }}
12 ansible_distribution_version: {{ ansible_facts['distribution_version'] }}
13 ansible_distribution_release: {{ ansible_facts['distribution_release'] }}
14 ansible_python_version: {{ ansible_facts['python_version'] }}
15
16 lp_vars_distro: {{ lp_vars_distro }}
17 lp_vars_distro_firstfound_skip: {{ lp_vars_distro_firstfound_skip }}
18 lp_vars_flavors: {{ lp_vars_flavors }}
19 lp_flavors_enable: {{ lp_flavors_enable }}
20 my_release:
21 {{ my_release | d([]) | to_nice_yaml(indent=2) | indent(2) }}
22 lp_packages_auto: {{ lp_packages_auto }}
23 lp_package_state: {{ lp_package_state }}
24 lp_package_state_remove: {{ lp_package_state_remove }}
25 lp_backup_conf: {{ lp_backup_conf }}
26 lp_service:
27 {{ lp_service | to_yaml(indent=2) | indent(2) }}
28 lp_tasks_enabled: {{ lp_tasks_enabled_print | ternary(lp_tasks_enabled, 'Disabled') }}
29 lp_tasks_disabled: {{ lp_tasks_disabled_print | ternary(lp_tasks_disabled, 'Disabled') }}
30
31 lp_aliases: {{ lp_aliases }}
32 lp_apt: {{ lp_apt }}
33 lp_debsums: {{ lp_debsums }} lp_debsums_install: {{ lp_debsums_install }}
34 lp_gpg: {{ lp_gpg }} lp_gpg_install: {{ lp_gpg_install }}
35 lp_grub: {{ lp_grub }}
36 lp_iptables: {{ lp_iptables }}
37 lp_kvm: {{ lp_kvm }} lp_kvm_install: {{ lp_kvm_install }}
38 lp_latex: {{ lp_latex }} lp_latex_install: {{ lp_latex_install }}
39 lp_lid: {{ lp_lid }}
40 lp_logrotate: {{ lp_logrotate }} lp_logrotate_install: {{ lp_logrotate_install }}
41 lp_netplan: {{ lp_netplan }}
42 lp_packages_autoremove: {{ lp_packages_autoremove }}
43 lp_passwords: {{ lp_passwords }}
44 lp_pm: {{ lp_pm }}
45 lp_rc_local: {{ lp_rc_local }}
46 lp_reboot: {{ lp_reboot }}
47 lp_ssh: {{ lp_ssh }}
48 lp_swap: {{ lp_swap }} lp_swap_enable: {{ lp_swap_enable }}
49 lp_systemd: {{ lp_systemd }} lp_systemd_install: {{ lp_systemd_install }}
50 lp_timezone: {{ lp_timezone }}
51 lp_wpagui: {{ lp_wpagui }} lp_wpagui_install: {{ lp_wpagui_install }}
52
53 {% for service in lp_service_all %}
54 lp_{{ service }}: {{ lookup('vars', 'lp_' ~ service) }}, {% for suffix in ['_install', '_enable', '_service'] -%}
55 lp_{{ service }}{{ suffix }}: {{ lookup('vars', 'lp_' ~ service ~ suffix, default='UNDEFINED') }}, {% endfor %}
56
57 {% endfor %}
58
59 {% for group in lp_services_all %}
60 lp_{{ group }}: {{ lookup('vars', 'lp_' ~ group) }}, {% for suffix in ['_install', '_enable'] -%}
61 lp_{{ group }}{{ suffix }}: {{ lookup('vars', 'lp_' ~ group ~ suffix, default='UNDEFINED') }}, {% endfor %}
62
63 services:
64 {% for service in lookup('vars', 'lp_' ~ group ~ '_services') %}
65 - {{ service }}
66 {% endfor %}
67 {% endfor %}
68
69 lp_wpasupplicant: {{ lp_wpasupplicant }} lp_wpasupplicant_install: {{ lp_wpasupplicant_install }}
70 lp_xen: {{ lp_xen }} lp_xen_install: {{ lp_xen_install }}
71 lp_zeitgeist: {{ lp_zeitgeist }} lp_zeitgeist_install: {{ lp_zeitgeist_install }}
72 lp_zfs: {{ lp_zfs }} lp_zfs_install: {{ lp_zfs_install }}
73 [WIP] lp_snap: {{ lp_snap }} lp_snap_install: {{ lp_snap_install }} lp_snap_enable: {{ lp_snap_enable }}
74
75 ansible.builtin.debug:
76 msg: "{{ '{}'.format(msg) }}"
77
78# EOF
dnsmasq.yml
Synopsis: Configure dnsmasq
Description of the task.
1---
2# linux_postinstall dnsmasq
3
4- name: "Dnsmasq: Debug lp_dnsmasq_debug={{ lp_dnsmasq_debug }}"
5 when: lp_dnsmasq_debug | bool
6 tags: lp_dnsmasq_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_dnsmasq_install: {{ lp_dnsmasq_install }}
11 lp_dnsmasq_enable: {{ lp_dnsmasq_enable }}
12 lp_dnsmasq_service: {{ lp_dnsmasq_service }}
13 lp_dnsmasq_packages:
14 {{ lp_dnsmasq_packages | to_nice_yaml(indent=2) | indent(2) }}
15 lp_dnsmasq_config:
16 {{ lp_dnsmasq_config | to_nice_yaml(indent=2) | indent(2) }}
17 lp_dnsmasq_hosts:
18 {{ lp_dnsmasq_hosts | to_yaml(indent=2) | indent(2) }}
19 lp_backup_conf: {{ lp_backup_conf }}
20 ansible.builtin.debug:
21 msg: "{{ '{}'.format(msg) }}"
22
23- name: "Dnsmasq: Install packages"
24 when: lp_dnsmasq_install | bool
25 tags: lp_dnsmasq_packages
26 vars:
27 ll_ipkg_list: "{{ lp_dnsmasq_packages }}"
28 ll_ipkg_state: "{{ lp_package_state }}"
29 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
30 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
31 ll_debug: "{{ lp_dnsmasq_debug | bool }}"
32 ansible.builtin.import_role:
33 name: vbotka.linux_lib
34 tasks_from: install_package.yml
35
36- name: "Dnsmasq: Create directories"
37 tags: lp_dnsmasq_directories
38 ansible.builtin.file:
39 state: directory
40 path: "{{ item.dest | dirname }}"
41 owner: "{{ item.downer | d('root') }}"
42 group: "{{ item.dgroup | d('root') }}"
43 mode: "{{ item.dmode | d('0755') }}"
44 loop: "{{ lp_dnsmasq_config }}"
45 loop_control:
46 label: "{{ item.dest | dirname }}"
47
48- name: "Dnsmasq: Configure"
49 tags: lp_dnsmasq_config
50 notify: restart dnsmasq
51 ansible.builtin.template:
52 src: "{{ item.src }}"
53 dest: "{{ item.dest }}"
54 owner: "{{ item.owner | d('root') }}"
55 group: "{{ item.group | d('root') }}"
56 mode: "{{ item.mode | d('0600') }}"
57 backup: "{{ lp_backup_conf }}"
58 loop: "{{ lp_dnsmasq_config }}"
59 loop_control:
60 label: "{{ item.dest }}"
61
62- name: Service
63 tags: lp_dnsmasq_service
64 block:
65
66 - name: "Dnsmasq: Service {{ state ~ ' and ' ~ enable }}"
67 register: result
68 vars:
69 enabled: "{{ lp_dnsmasq_enable | bool | d(false) }}"
70 state: "{{ lp_dnsmasq_state | d(default_state) }}"
71 default_state: "{{ enabled | ternary('started', 'stopped') }}"
72 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
73 ansible.builtin.service:
74 name: "{{ lp_dnsmasq_service }}"
75 state: "{{ state }}"
76 enabled: "{{ enabled }}"
77
78 - name: "Dnsmasq: Debug service lp_dnsmasq_debug={{ lp_dnsmasq_debug }}"
79 when: lp_dnsmasq_debug | bool
80 ansible.builtin.debug:
81 var: result
82
83# EOF
fstab.yml
Synopsis: Configure fstab
Description of the task.
1---
2# linux_postinstall fstab
3
4- name: "Fstab: Configure fstab entries"
5 ansible.posix.mount:
6 name: "{{ item.name }}"
7 state: "{{ item.state | d('mounted') }}"
8 src: "{{ item.src | d(omit) }}"
9 fstype: "{{ item.fstype | d(omit) }}"
10 opts: "{{ item.opts | d(omit) }}"
11 dump: "{{ item.dump | d(omit) }}"
12 passno: "{{ item.passno | d(omit) }}"
13 backup: "{{ lp_backup_conf }}"
14 loop: "{{ lp_fstab_entries }}"
15
16# EOF
gpg.yml
Synopsis: Configure gpg
Description of the task.
1---
2# linux_postinstall gpg
3
4- name: "Gpg: Debug lp_gpg_debug={{ lp_gpg_debug }}"
5 when: lp_gpg_debug | bool
6 tags: lp_gpg_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 ansible_python_version: {{ ansible_facts['python_version'] }}
11 lp_gpg_install: {{ lp_gpg_install }}
12 lp_gpg_packages:
13 {{ lp_gpg_packages | to_nice_yaml(indent=2) | indent(2) }}
14 lp_gpg_packages_extra:
15 {{ lp_gpg_packages_extra | to_nice_yaml(indent=2) | indent(2) }}
16 lp_gpg_conf_template: {{ lp_gpg_conf_template }}
17 lp_gpg_conf:
18 {{ lp_gpg_conf | to_yaml(indent=2) | indent(2) }}
19 lp_backup_conf: {{ lp_backup_conf }}
20 ansible.builtin.debug:
21 msg: "{{ '{}'.format(msg) }}"
22
23- name: "Gpg: Install packages"
24 when: lp_gpg_install | bool
25 tags: lp_gpg_packages
26 vars:
27 ll_ipkg_list: "{{ lp_gpg_packages + lp_gpg_packages_extra }}"
28 ll_ipkg_state: "{{ lp_package_state }}"
29 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
30 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
31 ll_debug: "{{ lp_gpg_debug | bool }}"
32 ansible.builtin.import_role:
33 name: vbotka.linux_lib
34 tasks_from: install_package.yml
35
36- name: "Gpg: Create directories .gnupg"
37 tags: lp_gpg_dir
38 ansible.builtin.file:
39 state: directory
40 dest: /home/{{ item }}/.gnupg
41 owner: "{{ item }}"
42 group: "{{ item }}"
43 mode: "0700"
44 loop: "{{ lp_gpg_conf | map(attribute='owner') | unique | sort }}"
45
46- name: "Gpg: Configure gnupg"
47 tags: lp_gpg_conf
48 register: lp_gpg_conf_reg
49 notify: gpgconf reload
50 ansible.builtin.template:
51 src: "{{ lp_gpg_conf_template }}"
52 dest: "{{ ['/home/', item.owner, '/.gnupg/', item.component, '.conf'] | join }}"
53 owner: "{{ item.owner }}"
54 group: "{{ item.owner }}"
55 mode: "0600"
56 backup: "{{ lp_backup_conf }}"
57 loop: "{{ lp_gpg_conf }}"
58 loop_control:
59 label: "{{ item.owner }} {{ item.component }}"
60
61# TODO: import keys, template blocks
62
63# EOF
See also
Handler gpg.yml
Template gpg.conf.j2
gpsd.yml
Synopsis: Configure gpsd
Description of the task.
1---
2# linux_postinstall gpsd
3
4- name: "Gpsd: Debug lp_gpsd_debug={{ lp_gpsd_debug }}"
5 when: lp_gpsd_debug | bool
6 tags: lp_gpsd_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_gpsd_install: {{ lp_gpsd_install }}
11 lp_gpsd_packages:
12 {{ lp_gpsd_packages | to_nice_yaml(indent=2) | indent(2) }}
13 lp_backup_conf: {{ lp_backup_conf }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16
17- name: "Gpsd: Install packages for gpsd"
18 when: lp_gpsd_install | bool
19 tags: lp_gpsd_packages
20 vars:
21 ll_ipkg_list: "{{ lp_gpsd_packages }}"
22 ll_ipkg_state: "{{ lp_package_state }}"
23 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
24 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
25 ll_debug: "{{ lp_gpsd_debug | bool }}"
26 ansible.builtin.import_role:
27 name: vbotka.linux_lib
28 tasks_from: install_package.yml
29
30- name: "Gpsd: Add user gpsd to group dialout"
31 tags: lp_gpsd_group
32 ansible.builtin.user:
33 name: gpsd
34 groups: dialout
35 append: true
36
37- name: "Gpsd: Configure /etc/bluetooth/rfcomm.conf"
38 tags: lp_gpsd_bt_rfcom
39 notify: restart bluetooth
40 ansible.builtin.blockinfile:
41 dest: /etc/bluetooth/rfcomm.conf
42 create: true
43 marker: "# {mark} ANSIBLE MANAGED BLOCK rfcomm{{ item.rfcomm }}"
44 insertafter: EOF
45 owner: root
46 group: root
47 mode: "0644"
48 backup: "{{ lp_backup_conf }}"
49 block: |
50 rfcomm{{ item.rfcomm }} {
51 bind {{ item.bind }}
52 device {{ item.device }}
53 channel {{ item.channel }}
54 comment "{{ item.comment }}"
55 }
56 loop: "{{ lp_gpsd_bt_rfcomm }}"
57
58- name: "Gpsd: Configure /etc/default/gpsd"
59 tags: lp_gpsd_config
60 notify: restart gpsd
61 ansible.builtin.template:
62 src: gpsd.j2
63 dest: /etc/default/gpsd
64 owner: root
65 group: root
66 mode: "0644"
67 backup: "{{ lp_backup_conf }}"
68
69- name: Service gpsd
70 tags: lp_gpsd_service
71 block:
72
73 - name: "Gpsd: Service {{ state ~ ' and ' ~ enable }}"
74 register: result
75 vars:
76 enabled: "{{ lp_gpsd_enable | bool | d(false) }}"
77 state: "{{ lp_gpsd_state | d(default_state) }}"
78 default_state: "{{ enabled | ternary('started', 'stopped') }}"
79 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
80 ansible.builtin.service:
81 name: "{{ lp_gpsd_service }}"
82 state: "{{ state }}"
83 enabled: "{{ enabled }}"
84
85 - name: "Gpsd: Debug service lp_gpsd_debug={{ lp_gpsd_debug }}"
86 when: lp_gpsd_debug | bool
87 ansible.builtin.debug:
88 var: result
89
90# EOF
See also
Handler gpsd.yml
Handler bluetooth.yml
Template gpsd.j2
groups.yml
Synopsis: Configure groups
Description of the task.
1---
2# linux_postinstall groups
3
4- name: "Groups: Debug lp_groups_debug={{ lp_groups_debug }}"
5 when: lp_groups_debug | bool
6 tags: lp_groups_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_groups:
11 {{ lp_groups | to_nice_yaml(indent=2) | indent(2) }}
12 lp_backup_conf: {{ lp_backup_conf }}
13 ansible.builtin.debug:
14 msg: "{{ '{}'.format(msg) }}"
15
16- name: "Groups: Manage groups"
17 ansible.builtin.group:
18 name: "{{ item.name }}"
19 gid: "{{ item.gid | d(omit) }}"
20 state: "{{ item.state | d(omit) }}"
21 system: "{{ item.system | d(omit) }}"
22 loop: "{{ lp_groups }}"
23
24# EOF
grub.yml
Synopsis: Configure grub
Description of the task.
1---
2# linux_postinstall grub
3
4- name: "Grub: Debug lp_grub_debug={{ lp_grub_debug }}"
5 when: lp_grub_debug | bool
6 tags: lp_grub_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_grub_default:
11 {{ lp_grub_default | to_yaml(indent=2) | indent(2) }}
12 lp_backup_conf: {{ lp_backup_conf }}
13 ansible.builtin.debug:
14 msg: "{{ '{}'.format(msg) }}"
15
16- name: "Grub: Configure /etc/default/grub"
17 tags: lp_grub_conf
18 notify: update grub
19 ansible.builtin.lineinfile:
20 dest: /etc/default/grub
21 regexp: ^\s*{{ item.var }}\s*=(.*)$
22 line: "{{ item.var }}={{ item.value }}"
23 backup: "{{ lp_backup_conf }}"
24 loop: "{{ lp_grub_default }}"
25 loop_control:
26 label: "{{ item.var }}: {{ item.value }}"
27
28# EOF
See also
Handler grub.yml
hostname.yml
Synopsis: Configure hostname
Description of the task.
1---
2# linux_postinstall hostname
3
4# TODO:
5# 1) SET/DONT_SET hostname via DHCP
6# /etc/dhcp/dhclient.conf
7# #send host-name = gethostname();
8# request host-name = "myhostname";
9# https://askubuntu.com/questions/104918/how-to-get-the-hostname-from-a-dhcp-server
10# http://blog.schlomo.schapiro.org/2013/11/setting-hostname-from-dhcp-in-debian.html
11# https://askubuntu.com/questions/757423/how-to-force-dhcp-client-to-allow-a-self-defined-domain-name
12
13- name: Sanity
14 block:
15
16 - name: "Hostname: Sanity lp_hostname not empty"
17 ansible.builtin.assert:
18 that: lp_hostname | length > 0
19 fail_msg: The variable lp_hostname is empty.
20
21 - name: "Hostname: Sanity lp_hostname RFC 1123 and RFC 952"
22 when: lp_hostname_fqdn_valid | bool
23 ansible.builtin.assert:
24 that: lp_hostname is community.general.fqdn_valid
25 fail_msg: The variable lp_hostname not conforming RFC 1123 and RFC 952.
26
27- name: "Hostname: Configure hostname in /etc/hostname"
28 when: ansible_facts['os_family'] == 'Debian'
29 ansible.builtin.template:
30 src: hostname.j2
31 dest: /etc/hostname
32 owner: root
33 group: root
34 mode: "0644"
35 backup: "{{ lp_backup_conf }}"
36
37- name: "Hostname: Configure hostname"
38 ansible.builtin.hostname:
39 name: "{{ lp_hostname }}"
40
41# EOF
hosts.yml
Synopsis: Configure hosts
Description of the task.
1---
2# linux_postinstall hosts
3
4- name: "Hosts: Debug lp_hosts_debug={{ lp_hosts_debug }}"
5 when: lp_hosts_debug | bool
6 tags: lp_hosts_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_hosts_sanity: {{ lp_hosts_sanity }}
11 lp_hosts_default_override:
12 {{ lp_hosts_default_override | to_yaml(indent=2) | indent(2) }}
13 lp_hosts_default:
14 {{ lp_hosts_default | to_yaml(indent=2) | indent(2) }}
15 lp_hosts_template: {{ lp_hosts_template }}
16 lp_hosts:
17 {{ lp_hosts | to_yaml(indent=2) | indent(2) }}
18 lp_backup_conf: {{ lp_backup_conf }}
19 ansible.builtin.debug:
20 msg: "{{ '{}'.format(msg) }}"
21
22- name: "Hosts: Sanity"
23 when: lp_hosts_sanity | bool
24 tags: lp_hosts_sanity
25 block:
26
27 - name: "Hosts: Sanity valid IP"
28 ansible.builtin.assert:
29 that: (lp_hosts | map(attribute='ip') | map('ansible.utils.ipaddr')) is all
30 fail_msg: "[ERR] Invalid IP address."
31
32 - name: "Hosts: Sanity unique FQDN"
33 vars:
34 no_records: "{{ lp_hosts | length }}"
35 no_hosts: "{{ lp_hosts | map(attribute='fqdn') | list | unique | length }}"
36 ansible.builtin.assert:
37 that: no_records == no_hosts
38 fail_msg: "[ERR] FQDN not unique."
39
40- name: "Hosts: Configure hosts in /etc/hosts"
41 tags: lp_hosts_conf
42 ansible.builtin.template:
43 src: "{{ lp_hosts_template }}"
44 dest: /etc/hosts
45 owner: root
46 group: root
47 mode: "0644"
48 backup: "{{ lp_backup_conf }}"
49
50# EOF
See also
Template hosts.j2
iptables.yml
Synopsis: Configure iptables
Description of the task.
1---
2# linux_postinstall iptables
3
4- name: "Iptables: Create /etc/network/if-pre-up.d/iptables"
5 ansible.builtin.template:
6 src: iptables-restore.j2
7 dest: /etc/network/if-pre-up.d/iptables
8 owner: root
9 group: root
10 mode: "0755"
11
12- name: "Iptables: Create /etc/network/iptables using {{ lp_iptables_type ~ '-iptables.j2' }}"
13 notify: reload iptables
14 ansible.builtin.template:
15 src: "{{ lp_iptables_type }}-iptables.j2"
16 dest: /etc/network/iptables
17 owner: root
18 group: root
19 mode: "0644"
20
21# EOF
See also
Handler iptables.yml
Template iptables_restore.j2
Template default_iptables.j2
Template router1_iptables.j2
kvm.yml
Synopsis: Configure kvm
Description of the task.
1---
2# linux_postinstall kvm
3
4- name: "Kvm: Debug lp_kvm_debug={{ lp_kvm_debug }}"
5 when: lp_kvm_debug | bool
6 tags: lp_kvm_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_kvm_packages:
11 {{ lp_kvm_packages | to_nice_yaml(indent=2) | indent(2) }}
12 ansible.builtin.debug:
13 msg: "{{ '{}'.format(msg) }}"
14
15- name: "Kvm: Install packages"
16 when: lp_kvm_install | bool
17 tags: lp_kvm_packages
18 vars:
19 ll_ipkg_list: "{{ lp_kvm_packages }}"
20 ll_ipkg_state: "{{ lp_package_state }}"
21 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
22 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
23 ll_debug: "{{ lp_kvm_debug | bool }}"
24 ansible.builtin.import_role:
25 name: vbotka.linux_lib
26 tasks_from: install_package.yml
27
28# EOF
latex.yml
Synopsis: Configure latex
Description of the task.
1---
2# linux_postinstall LaTeX
3
4- name: "Latex: Debug lp_latex_debug={{ lp_latex_debug }}"
5 when: lp_latex_debug | bool
6 tags: lp_latex_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_backup_conf: {{ lp_backup_conf }}
11 lp_latex_install: {{ lp_latex_install }}
12 lp_latex_packages:
13 {{ lp_latex_packages | to_nice_yaml(indent=2) | indent(2) }}
14 lp_latex_macros:
15 {{ lp_latex_macros | to_nice_yaml(indent=2) | indent(2) }}
16 ansible.builtin.debug:
17 msg: "{{ '{}'.format(msg) }}"
18
19- name: "Latex: Install packages"
20 when: lp_latex_install | bool
21 tags: lp_latex_packages
22 vars:
23 ll_ipkg_list: "{{ lp_latex_packages }}"
24 ll_ipkg_state: "{{ lp_package_state }}"
25 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
26 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
27 ll_debug: "{{ lp_latex_debug | bool }}"
28 ansible.builtin.import_role:
29 name: vbotka.linux_lib
30 tasks_from: install_package.yml
31
32- name: "Latex: Create directory /usr/share/texmf/tex/latex"
33 tags: lp_latex_dir
34 ansible.builtin.file:
35 state: directory
36 path: /usr/share/texmf/tex/latex
37 mode: "0755"
38
39- name: "Latex: Create directories for macros"
40 tags: lp_latex_macros
41 ansible.builtin.file:
42 state: directory
43 path: "{{ item }}"
44 mode: "0755"
45 loop: "{{ lp_latex_macros | map(attribute='dest') | unique }}"
46
47- name: "Latex: Download macros"
48 tags: lp_latex_labels
49 ignore_errors: "{{ lp_latex_get_url_ignore_errors }}" # noqa ignore-errors
50 changed_when: false
51 environment:
52 CRYPTOGRAPHY_OPENSSL_NO_LEGACY: '1'
53 ansible.builtin.get_url:
54 url: "{{ item.url }}"
55 dest: "{{ item.dest }}"
56 mode: "0644"
57 timeout: "{{ lp_latex_download_timeout }}"
58 loop: "{{ lp_latex_macros }}"
59 loop_control:
60 label: "{{ item.url }}"
61
62# Note
63# get_url: check mode reports changes with force enabled
64# https://github.com/ansible/ansible/issues/25418#issuecomment-307208773
65# https://github.com/ansible/ansible/issues/25418
66
67# [TODO]
68# 1) Compile and register labels.sty
69# cd /usr/share/texmf/tex/latex/labels/
70# latex labels.ins
71# texhash /usr/share/texmf
72
73# EOF
libvirt.yml
Synopsis: Configure libvirt
Description of the task.
1---
2# linux_postinstall libvirt
3
4- name: "Libvirt Debug lp_libvirt_debug={{ lp_libvirt_debug }}"
5 when: lp_libvirt_debug | bool
6 tags: lp_libvirt_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_libvirt_guests_enable: {{ lp_libvirt_guests_enable }}
11 lp_libvirt_libvirtd_enable: {{ lp_libvirt_libvirtd_enable }}
12 lp_libvirt_conf_owner: {{ lp_libvirt_conf_owner }}
13 lp_libvirt_conf_group: {{ lp_libvirt_conf_group }}
14 lp_libvirt_conf_mode: {{ lp_libvirt_conf_mode }}
15 lp_libvirt_conf_dir: {{ lp_libvirt_conf_dir }}
16 lp_libvirt_install: {{ lp_libvirt_install }}
17 lp_libvirt_packages:
18 {{ lp_libvirt_packages | to_nice_yaml | indent(2) }}
19 lp_libvirt_conf:
20 {{ lp_libvirt_conf | to_nice_yaml | indent(2) }}
21 lp_backup_conf: {{ lp_backup_conf }}
22 ansible.builtin.debug:
23 msg: "{{ '{}'.format(msg) }}"
24
25- name: "Libvirt: Install packages"
26 when: lp_libvirt_install | bool
27 tags: lp_libvirt_packages
28 vars:
29 ll_ipkg_list: "{{ lp_libvirt_packages }}"
30 ll_ipkg_state: "{{ lp_package_state }}"
31 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
32 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
33 ll_debug: "{{ lp_libvirt_debug | bool }}"
34 ansible.builtin.import_role:
35 name: vbotka.linux_lib
36 tasks_from: install_package.yml
37
38- name: "Libvirt: Configure {{ lp_libvirt_conf_dir }}"
39 tags: lp_libvirt_conf
40 notify:
41 - reload libvirtd
42 - reload libvirt_guests
43 ansible.builtin.lineinfile:
44 dest: "{{ lp_libvirt_conf_dir }}/{{ item.0.key }}"
45 regexp: ^\s*{{ item.1.0 }}(\s|=)(.*)$
46 line: "{{ item.1.0 }} = {{ item.1.1 }}"
47 state: "{{ item.1.2 | d('present') }}"
48 backup: "{{ lp_backup_conf }}"
49 create: true
50 owner: "{{ item.0.owner | d('root') }}"
51 group: "{{ item.0.group | d('root') }}"
52 mode: "{{ item.0.mode | d('0644') }}"
53 loop: "{{ lp_libvirt_conf | dict2items | subelements('value.conf', {'skip_missing': True}) }}"
54 loop_control:
55 label: "{{ item.0.key }} {{ item.1.0 }}: {{ item.1.1 }} {{ item.1.2 | d('present') }}"
56
57- name: "Libvirt: Service {{ lp_libvirt_libvirtd_service ~ ' ' ~ state ~ ' and ' ~ enable }}"
58 tags: lp_libvirt_libvirtd_service
59 register: result
60 vars:
61 enabled: "{{ lp_libvirt_libvirtd_enable | bool | d(false) }}"
62 state: "{{ lp_libvirt_libvirtd_state | d(default_state) }}"
63 default_state: "{{ enabled | ternary('started', 'stopped') }}"
64 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
65 ansible.builtin.service:
66 name: "{{ lp_libvirt_libvirtd_service }}"
67 state: "{{ state }}"
68 enabled: "{{ enabled }}"
69
70- name: "Libvirt: Service {{ lp_libvirt_guests_service ~ ' ' ~ state ~ ' and ' ~ enable }}"
71 tags: lp_libvirt_guests_service
72 register: result
73 vars:
74 enabled: "{{ lp_libvirt_guests_enable | bool | d(false) }}"
75 state: "{{ lp_libvirt_guests_state | d(default_state) }}"
76 default_state: "{{ enabled | ternary('started', 'stopped') }}"
77 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
78 ansible.builtin.service:
79 name: "{{ lp_libvirt_guests_service }}"
80 state: "{{ state }}"
81 enabled: "{{ enabled }}"
82
83# EOF
lid.yml
Synopsis: Configure lid
Description of the task.
1---
2# linux_postinstall lid
3
4- name: "Lid: Configure {{ lp_lid_logind_conf }}"
5 notify: logind message reboot
6 ansible.builtin.lineinfile:
7 dest: "{{ lp_lid_logind_conf }}"
8 regexp: ^\s*{{ item.var }}\s*=\s*(.*)$
9 line: "{{ item.var }}={{ item.value }}"
10 backup: "{{ lp_backup_conf }}"
11 loop: "{{ lp_lid_logind_conf_vars }}"
12 loop_control:
13 label: "{{ item.var }}: {{ item.value }}"
14
15- name: "Lid: Configure {{ lp_lid_upower_conf }}"
16 ansible.builtin.lineinfile:
17 dest: "{{ lp_lid_upower_conf }}"
18 regexp: ^\s*{{ item.var }}\s*=\s*(.*)$
19 line: "{{ item.var }}={{ item.value }}"
20 backup: "{{ lp_backup_conf }}"
21 loop: "{{ lp_lid_upower_conf_vars }}"
22 loop_control:
23 label: "{{ item.var }}: {{ item.value }}"
24
25# EOF
See also
Handler messages.yml
logrotate.yml
Synopsis: Configure logrotate
Description of the task.
1---
2# linux_postinstall logrotate
3
4- name: "Logrotate: Debug lp_logrotate_debug={{ lp_logrotate_debug }}"
5 when: lp_logrotate_debug | bool
6 tags: lp_logrotate_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_logrotate_install: {{ lp_logrotate_install }}
11 lp_logrotate_packages:
12 {{ lp_logrotate_packages | to_nice_yaml(indent=2) | indent(2) }}
13 lp_backup_conf: {{ lp_backup_conf }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16
17- name: "Logrotate: Install packages for logrotate"
18 when: lp_logrotate_install | bool
19 tags: lp_logrotate_packages
20 vars:
21 ll_ipkg_list: "{{ lp_logrotate_packages }}"
22 ll_ipkg_state: "{{ lp_package_state }}"
23 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
24 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
25 ll_debug: "{{ lp_logrotate_debug | bool }}"
26 ansible.builtin.import_role:
27 name: vbotka.linux_lib
28 tasks_from: install_package.yml
29
30- name: "Logrotate: Configure blocks in {{ lp_logrotate_conf_file }}"
31 tags: lp_logrotate_conf_blocks
32 ansible.builtin.blockinfile:
33 path: "{{ lp_logrotate_conf_file }}"
34 mark: "{{ item.mark }}"
35 block: "{{ item.block }}"
36 state: "{{ item.state }}"
37 backup: "{{ lp_backup_conf }}"
38 loop: "{{ lp_logrotate_conf_blocks }}"
39
40- name: "Logrotate: Configure lines in {{ lp_logrotate_conf_file }}"
41 tags: lp_logrotate_conf_lines
42 ansible.builtin.lineinfile:
43 path: "{{ lp_logrotate_conf_file }}"
44 line: "{{ item.line }}"
45 state: "{{ item.state }}"
46 backup: "{{ lp_backup_conf }}"
47 loop: "{{ lp_logrotate_conf_lines }}"
48
49- name: "Logrotate: Configure {{ lp_logrotate_conf_dir }}"
50 tags: lp_logrotate_confd
51 ansible.builtin.blockinfile:
52 path: "{{ lp_logrotate_conf_dir }}/{{ item.path }}"
53 block: "{{ item.conf }}"
54 backup: "{{ lp_backup_conf }}"
55 create: true
56 owner: "{{ item.owner | d('root') }}"
57 group: "{{ item.group | d('root') }}"
58 mode: "{{ item.mode | d('0644') }}"
59 loop: "{{ lp_logrotate_confd }}"
60 loop_control:
61 label: "{{ item.path }}"
62
63# EOF
modemmanager.yml
Synopsis: Configure modemmanager
Description of the task.
1---
2# linux_postinstall ModemManager
3
4- name: "Modemmanager: Configure /etc/init/modemmanager.override"
5 tags: lp_modemmanager_override
6 ansible.builtin.template:
7 src: modem-manager-override.j2
8 dest: /etc/init/modemmanager.override
9 owner: root
10 group: root
11 mode: "0644"
12
13- name: Service
14 tags: lp_modemmanager_service
15 block:
16
17 - name: "Modemmanager: Service {{ state ~ ' and ' ~ enable }}"
18 register: result
19 vars:
20 enabled: "{{ lp_modemmanager_enable | bool | d(false) }}"
21 state: "{{ lp_modemmanager_state | d(default_state) }}"
22 default_state: "{{ enabled | ternary('started', 'stopped') }}"
23 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
24 ansible.builtin.service:
25 name: "{{ lp_modemmanager_service }}"
26 state: "{{ state }}"
27 enabled: "{{ enabled }}"
28
29 - name: "Modemmanager: Debug service lp_modemmanager_service={{ lp_modemmanager_service }}"
30 when: lp_modemmanager_debug | bool
31 ansible.builtin.debug:
32 var: result
33
34# EOF
modules.yml
Synopsis: Configure modules
Description of the task.
1---
2# linux_postinstall modules
3
4- name: "Modules: Debug lp_modules_debug={{ lp_modules_debug }}"
5 when: lp_modules_debug | bool
6 tags: lp_modules_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_modules_conf: {{ lp_modules_conf }}
11 lp_modules:
12 {{ lp_modules | to_yaml(indent=2) | indent(2) }}
13 lp_modules_options_path: {{ lp_modules_options_path }}
14 lp_modules_options:
15 {{ lp_modules_options | to_nice_yaml(indent=2) | indent(2) }}
16 lp_modules_blacklist_path: {{ lp_modules_blacklist_path }}
17 lp_modules_blacklist:
18 {{ lp_modules_blacklist | to_nice_yaml(indent=2) | indent(2) }}
19 lp_backup_conf: {{ lp_backup_conf }}
20 ansible.builtin.debug:
21 msg: "{{ '{}'.format(msg) }}"
22
23- name: "Modules: modprobe modules"
24 community.general.modprobe:
25 name: "{{ item.name }}"
26 params: "{{ item.params }}"
27 state: "{{ item.state | d('present') }}"
28 loop: "{{ lp_modules }}"
29
30- name: "Modules: Configure in Debian {{ lp_modules_conf }}"
31 ansible.builtin.lineinfile:
32 dest: "{{ lp_modules_conf }}"
33 regexp: ^\s*{{ item.name }}\s*(.*)$
34 line: "{{ item.name }} {{ item.params }}"
35 backup: "{{ lp_backup_conf }}"
36 loop: "{{ lp_modules }}"
37 when:
38 - ansible_facts['os_family'] == 'Debian'
39 - item.state | d('present') == 'present'
40
41- name: "Modules: Configure in RedHat {{ lp_modules_conf }}"
42 ansible.builtin.lineinfile:
43 dest: "{{ lp_modules_conf }}"
44 regexp: ^\s*modprobe\s+{{ item.name }}\s*(.*)$
45 line: modprobe {{ item.name }} {{ item.params }}
46 backup: "{{ lp_backup_conf }}"
47 loop: "{{ lp_modules }}"
48 when:
49 - ansible_facts['os_family'] == 'RedHat'
50 - item.state | d('present') == 'present'
51
52- name: Configure modules
53 notify: update initramfs
54 block:
55
56 - name: "Modules: Blacklist modules in {{ lp_modules_blacklist_path }}"
57 ansible.builtin.template:
58 src: blacklist-module.j2
59 dest: "{{ lp_modules_blacklist_path }}/blacklist-{{ item }}.conf"
60 backup: "{{ lp_backup_conf }}"
61 mode: "0644"
62 loop: "{{ lp_modules_blacklist }}"
63
64 - name: "Modules: Set modules options in {{ lp_modules_options_path }}"
65 ansible.builtin.template:
66 src: options-module.j2
67 dest: "{{ lp_modules_options_path }}/{{ item.module }}.conf"
68 backup: "{{ lp_backup_conf }}"
69 mode: "0644"
70 loop: "{{ lp_modules_options }}"
71 loop_control:
72 label: "{{ item.module }}: {{ item.options }}"
73
74# EOF
netplan.yml
Synopsis: Configure netplan
Description of the task.
1---
2# linux_postinstall netplan
3
4- name: Configure 01-network-manager-all.yaml if it exists
5 block:
6
7 - name: "Netplan: Stat {{ lp_netplan_default }}"
8 register: result
9 ansible.builtin.stat:
10 path: "{{ lp_netplan_root }}/{{ lp_netplan_default }}"
11
12 - name: "Netplan: Configure {{ lp_netplan_root ~ '/' ~ lp_netplan_default }}"
13 when: result.stat.exists | d(false)
14 notify: netplan apply
15 ansible.builtin.template:
16 src: netplan-default.j2
17 dest: "{{ lp_netplan_root }}/{{ lp_netplan_default }}"
18 owner: "{{ lp_netplan_owner }}"
19 group: "{{ lp_netplan_group }}"
20 mode: "{{ lp_netplan_mode }}"
21 backup: "{{ lp_backup_conf }}"
22
23- name: "Netplan: Configure files in {{ lp_netplan_root }}"
24 notify: netplan apply
25 ansible.builtin.template:
26 src: netplan-conf.j2
27 dest: "{{ lp_netplan_root }}/{{ item.file }}"
28 owner: "{{ item.owner | d(lp_netplan_owner) }}"
29 group: "{{ item.group | d(lp_netplan_group) }}"
30 mode: "{{ item.mode | d(lp_netplan_mode) }}"
31 backup: "{{ lp_backup_conf }}"
32 loop: "{{ lp_netplan_conf }}"
33 loop_control:
34 label: "{{ item.file }}"
35
36# EOF
See also
Handler netplan.yml
Template netplan_default.j2
Template netplan_conf.j2
networkd.yml
Synopsis: Configure networkd
Description of the task.
1---
2# linux_postinstall networkd
3
4- name: "Networkd: Debug lp_networkd_debug={{ lp_networkd_debug }}"
5 when: lp_networkd_debug | bool
6 tags: lp_networkd_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_networkd_install: {{ lp_networkd_install }}
11 lp_networkd_packages:
12 {{ lp_networkd_packages | to_nice_yaml(indent=2) | indent(2) }}
13 lp_networkd_enable: {{ lp_networkd_enable }}
14 lp_networkd_service: {{ lp_networkd_service }}
15 lp_networkd_conf:
16 {{ lp_networkd_conf | to_yaml(indent=2) | indent(2) }}
17 lp_systemd_owner: {{ lp_systemd_owner }}
18 lp_systemd_group: {{ lp_systemd_group }}
19 lp_systemd_mode: {{ lp_systemd_mode }}
20 lp_backup_conf: {{ lp_backup_conf }}
21 ansible.builtin.debug:
22 msg: "{{ '{}'.format(msg) }}"
23
24- name: "Networkd: Install packages"
25 when: lp_networkd_install | bool
26 tags: lp_networkd_packages
27 vars:
28 ll_ipkg_list: "{{ lp_networkd_packages }}"
29 ll_ipkg_state: "{{ lp_package_state }}"
30 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
31 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
32 ll_debug: "{{ lp_networkd_debug | bool }}"
33 ansible.builtin.import_role:
34 name: vbotka.linux_lib
35 tasks_from: install_package.yml
36
37- name: "Networkd: Configure networkd"
38 tags: lp_networkd_conf
39 notify: restart networkd
40 ansible.builtin.template:
41 src: "{{ item.src }}"
42 dest: "{{ item.dest }}"
43 owner: "{{ item.owner | d(lp_systemd_owner) }}"
44 group: "{{ item.group | d(lp_systemd_group) }}"
45 mode: "{{ item.mode | d(lp_systemd_mode) }}"
46 backup: "{{ lp_backup_conf }}"
47 loop: "{{ lp_networkd_conf }}"
48 loop_control:
49 label: "{{ item.dest }}"
50
51- name: Service
52 tags: lp_networkd_service
53 block:
54
55 - name: "Networkd: Service {{ state ~ ' and ' ~ enable }}"
56 register: result
57 vars:
58 enabled: "{{ lp_networkd_enable | bool | d(false) }}"
59 state: "{{ lp_networkd_state | d(default_state) }}"
60 default_state: "{{ enabled | ternary('started', 'stopped') }}"
61 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
62 ansible.builtin.service:
63 name: "{{ lp_networkd_service }}"
64 state: "{{ state }}"
65 enabled: "{{ enabled }}"
66
67 - name: "Networkd: Debug service lp_networkd_debug={{ lp_networkd_debug }}"
68 when: lp_networkd_debug | bool
69 ansible.builtin.debug:
70 var: result
71
72# EOF
networkmanager.yml
Synopsis: Configure networkmanager
Description of the task.
1---
2# linux_postinstall networkmanager
3
4- name: "Nm: Debug lp_nm_debug={{ lp_nm_debug }}"
5 when: lp_nm_debug | bool
6 tags: lp_nm_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 ansible_distribution: {{ ansible_facts['distribution'] }}
11 ansible_distribution_version: {{ ansible_facts['distribution_version'] }}
12 ansible_distribution_release: {{ ansible_facts['distribution_release'] }}
13
14 lp_backup_conf: {{ lp_backup_conf }}
15
16 lp_nm_install: {{ lp_nm_install }}
17 lp_nm_packages:
18 {{ lp_nm_packages | to_nice_yaml(indent=2) | indent(2) }}
19 lp_nm_enable: {{ lp_nm_enable }}
20 lp_nm_override: {{ lp_nm_override }}
21 lp_nm_conf_path: {{ lp_nm_conf_path }}
22 lp_nm_conf_no_extra_spaces: {{ lp_nm_conf_no_extra_spaces }}
23 lp_nm_conf:
24 {{ lp_nm_conf | to_yaml(indent=2) | indent(2) }}
25 lp_nm_services:
26 {{ lp_nm_services | to_nice_yaml(indent=2) | indent(2) }}
27 lp_nm_mask: {{ lp_nm_mask }}
28 lp_nm_service_mask:
29 {{ lp_nm_services_mask | to_nice_yaml(indent=2) | indent(2) }}
30 lp_backup_conf: {{ lp_backup_conf }}
31 ansible.builtin.debug:
32 msg: "{{ '{}'.format(msg) }}"
33
34- name: "Nm: Install packages"
35 when: lp_nm_install | bool
36 tags: lp_nm_packages
37 vars:
38 ll_ipkg_list: "{{ lp_nm_packages }}"
39 ll_ipkg_state: "{{ lp_package_state }}"
40 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
41 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
42 ll_debug: "{{ lp_nm_debug | bool }}"
43 ansible.builtin.import_role:
44 name: vbotka.linux_lib
45 tasks_from: install_package.yml
46
47- name: Override Network Manager
48 tags: lp_nm_override
49 block:
50
51 - name: "Nm: Create /etc/init/network-manager.override"
52 when: not lp_nm_enable | bool
53 ansible.builtin.template:
54 src: network-manager-override.j2
55 dest: /etc/init/network-manager.override
56 owner: root
57 group: root
58 mode: "0644"
59
60 - name: "Nm: Remove /etc/init/network-manager.override"
61 when: lp_nm_enable | bool
62 ansible.builtin.file:
63 state: absent
64 dest: /etc/init/network-manager.override
65
66- name: "Nm: Configure {{ lp_nm_conf_path }}"
67 tags: lp_nm_conf
68 community.general.ini_file:
69 path: "{{ lp_nm_conf_path }}"
70 section: "{{ item.section }}"
71 option: "{{ item.key }}"
72 value: "{{ item.val }}"
73 no_extra_spaces: "{{ lp_nm_conf_no_extra_spaces }}"
74 backup: "{{ lp_backup_conf }}"
75 mode: "0644"
76 loop: "{{ lp_nm_conf }}"
77
78- name: Service enable or disable
79 tags: lp_nm_service
80 vars:
81 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
82 srv_enbl: "{{ lookup('vars', 'lp_' ~ item ~ '_enable', default=false) }}"
83 srv_stat: "{{ lookup('vars', 'lp_' ~ item ~ '_state', default=default_stat) }}"
84 default_stat: "{{ srv_enbl | bool | ternary('started', 'stopped') }}"
85 status: "{{ dict(out.results | json_query('[].[name, status.UnitFileState]')) }}"
86 block:
87
88 - name: "Nm: Get services status."
89 register: out
90 ansible.builtin.service:
91 name: "{{ srv_name }}"
92 loop: "{{ lp_nm_services }}"
93 loop_control:
94 label: "{{ srv_name }}"
95
96 - name: "Nm: Debug service status lp_nm_debug={{ lp_nm_debug }}"
97 when: lp_nm_debug | bool
98 ansible.builtin.debug:
99 var: status
100
101 - name: "Nm: Services start/stop and enable/disable"
102 when: status[srv_name] in ['disabled', 'enabled']
103 ansible.builtin.service:
104 name: "{{ srv_name }}"
105 state: "{{ srv_stat }}"
106 enabled: "{{ srv_enbl }}"
107 loop: "{{ lp_nm_services }}"
108 loop_control:
109 label: "{{ srv_name }} state: {{ srv_stat }} enabled: {{ srv_enbl }}"
110
111- name: "Nm: Services mask={{ lp_nm_mask }}"
112 tags: lp_nm_mask
113 vars:
114 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
115 ansible.builtin.systemd_service:
116 name: "{{ srv_name }}"
117 masked: "{{ lp_nm_mask }}"
118 loop: "{{ lp_nm_services_mask }}"
119 loop_control:
120 label: "{{ srv_name }}"
121
122# EOF
nfsd.yml
Synopsis: Configure nfsd
Description of the task.
1---
2# linux_postinstall nfsd
3
4- name: "Nfsd: Debug lp_nfsd_debug={{ lp_nfsd_debug }}"
5 when: lp_nfsd_debug | bool
6 tags: lp_nfsd_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_nfsd_install: {{ lp_nfsd_install }}
11 lp_nfsd_packages:
12 {{ lp_nfsd_packages | to_nice_yaml(indent=2) | indent(2) }}
13 lp_backup_conf: {{ lp_backup_conf }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16
17- name: "Nfsd: Install packages"
18 when: lp_nfsd_install | bool
19 tags: lp_nfsd_packages
20 vars:
21 ll_ipkg_list: "{{ lp_nfsd_packages }}"
22 ll_ipkg_state: "{{ lp_package_state }}"
23 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
24 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
25 ll_debug: "{{ lp_nfsd_debug | bool }}"
26 ansible.builtin.import_role:
27 name: vbotka.linux_lib
28 tasks_from: install_package.yml
29
30- name: "Nfsd: Configure exports"
31 tags: lp_nfsd_exports
32 notify: reload nfsd
33 ansible.builtin.template:
34 src: exports.j2
35 dest: /etc/exports
36 owner: root
37 group: root
38 mode: "0644"
39
40- name: Service
41 tags: lp_nfsd_service
42 block:
43
44 - name: "Nfsd: Debug service lp_nfsd_debug={{ lp_nfsd_debug }}"
45 when: lp_nfsd_debug | bool
46 ansible.builtin.debug:
47 var: result
48
49 - name: "Nfsd: Services start/stop and enable/disable"
50 register: result
51 vars:
52 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
53 srv_enbl: "{{ lookup('vars', 'lp_' ~ item ~ '_enable', default=false) }}"
54 srv_stat: "{{ lookup('vars', 'lp_' ~ item ~ '_state', default=default_stat) }}"
55 default_stat: "{{ srv_enbl | bool | ternary('started', 'stopped') }}"
56 ansible.builtin.service:
57 name: "{{ srv_name }}"
58 state: "{{ srv_stat }}"
59 enabled: "{{ srv_enbl }}"
60 loop: "{{ lp_nfsd_services }}"
61 loop_control:
62 label: "{{ srv_name }} state: {{ srv_stat }} enabled: {{ srv_enbl }}"
63
64 # - name: "Nfsd: Enable and start nfsd services"
65 # ansible.builtin.service:
66 # name: "{{ item }}"
67 # enabled: true
68 # state: started
69 # loop: "{{ lp_nfsd_services }}"
70 # when: lp_nfsd_enable | bool
71
72 # - name: "Nfsd: Stop and disable nfsd services"
73 # ansible.builtin.service:
74 # name: "{{ item }}"
75 # enabled: false
76 # state: stopped
77 # loop: "{{ lp_nfsd_services }}"
78 # when: not lp_nfsd_enable | bool
79
80# EOF
packages.yml
Synopsis: Manage packages.
Dynamic variables (4)
TBD
Debug (13)
TBD
Install packages automatically (41)
If enabled (52) and not empty (53) import install_package.yml
(44) from the role vbotka.linux_lib (43). Flatten and filter
unique items in the lists my_packages_auto (46). Set it to the
mandatory variable ll_ipkg_list. Optionally, set other variables
(47-50).
Install packages (56)
If not empty (66) TBD
Remove packages (69)
TBD
1---
2# linux_postinstall packages
3
4- name: "Packages: Instantiate dynamic variables"
5 tags:
6 - lp_packages_debug
7 - lp_packages_auto
8 ansible.builtin.set_fact:
9 my_packages_install: "{{ my_packages_install }}"
10 my_packages_lists: "{{ my_packages_lists }}"
11 my_packages_auto: "{{ my_packages_auto }}"
12
13- name: "Packages: Debug (lp_packages_debug={{ lp_packages_debug }})"
14 when: lp_packages_debug | bool
15 tags: lp_packages_debug
16 vars:
17 msg: |-
18 ansible_os_family: {{ ansible_facts['os_family'] }}
19 lp_packages_auto: {{ lp_packages_auto }}
20 lp_package_state: {{ lp_package_state }}
21 lp_packages_autoremove: {{ lp_packages_autoremove | bool }}
22 lp_packages_rescue_end_host: {{ lp_packages_rescue_end_host | bool }}
23
24 lp_packages_selections_preinstall:
25 {{ lp_packages_selections_preinstall | to_yaml(indent=2) | indent(2) }}
26 lp_packages_install:
27 {{ lp_packages_install | to_nice_yaml(indent=2) | indent(2) }}
28 lp_packages_remove:
29 {{ lp_packages_remove | to_nice_yaml(indent=2) | indent(2) }}
30 lp_packages_selections_postinstall:
31 {{ lp_packages_selections_postinstall | to_nice_yaml(indent=2) | indent(2) }}
32 my_packages_install:
33 {{ my_packages_install | to_yaml(indent=2) | indent(2) }}
34 my_packages_lists:
35 {{ my_packages_lists | to_yaml(indent=2) | indent(2) }}
36 my_packages_auto:
37 {{ my_packages_auto | to_yaml(indent=2) | indent(2) }}
38 ansible.builtin.debug:
39 msg: "{{ '{}'.format(msg) }}"
40
41- name: "Packages: Auto install"
42 when:
43 - lp_packages_auto | bool
44 - my_packages_auto | flatten | length > 0
45 tags: lp_packages_auto
46 ansible.builtin.import_role:
47 name: vbotka.linux_lib
48 tasks_from: install_package.yml
49 vars:
50 ll_ipkg_list: "{{ my_packages_auto | flatten | unique }}"
51 ll_ipkg_state: "{{ lp_package_state }}"
52 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
53 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
54 ll_debug: "{{ lp_packages_debug | bool }}"
55
56- name: "Packages: Install"
57 when: lp_packages_install | length > 0
58 tags: lp_packages_install
59 vars:
60 ll_ipkg_list: "{{ lp_packages_install }}"
61 ll_ipkg_state: "{{ lp_package_state }}"
62 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
63 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
64 ll_debug: "{{ lp_packages_debug | bool }}"
65 ansible.builtin.import_role:
66 name: vbotka.linux_lib
67 tasks_from: install_package.yml
68
69- name: Remove packages
70 tags: lp_packages_remove
71 block:
72
73 - name: "Packages: Remove"
74 ansible.builtin.package:
75 name: "{{ item }}"
76 state: "{{ lp_package_state_remove }}"
77 loop: "{{ lp_packages_remove }}"
78 register: result
79 retries: "{{ lp_install_retries }}"
80 delay: "{{ lp_install_delay }}"
81 until: result is succeeded
82
83 - name: "Packages: Debug result lp_packages_debug={{ lp_packages_debug }}"
84 when: lp_packages_debug | bool
85 ansible.builtin.debug:
86 var: result
87
88# EOF
passwords.yml
Synopsis: Configure passwords
Description of the task.
1---
2# linux_postinstall passwords
3
4- name: "Passwords: Debug lp_passwords_debug={{ lp_passwords_debug }}"
5 when: lp_passwords_debug | bool
6 tags: lp_passwords_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_passwords_fail_gracefully: {{ lp_passwords_fail_gracefully }}
11 lp_passwords_update_password: {{ lp_passwords_update_password }}
12 lp_users:
13 {% if lp_passwords_debug_classified | bool %}
14 {{ lp_users | d([]) | to_nice_yaml(indent=2) | indent(2) }}
15 {% else %}
16 {% for user in lp_users | d([]) %}
17 - userpass: ************
18 {% for k, v in user.items() %}
19 {% if k not in ['userpass'] %}
20 {{ k }}: {{ v }}
21 {% endif %}
22 {% endfor %}
23 {% endfor %}
24 {% endif %}
25
26 lp_passwordstore: {{ lp_passwordstore }}
27 lp_passwordstore_install: {{ lp_passwordstore_install }}
28 lp_passwordstore_debug: {{ lp_passwordstore_debug }}
29 lp_passwordstore_backup: {{ lp_passwordstore_backup }}
30 lp_passwordstore_create: {{ lp_passwordstore_create }}
31 lp_passwordstore_length: {{ lp_passwordstore_length }}
32 lp_passwordstore_nosymbols: {{ lp_passwordstore_nosymbols }}
33 lp_passwordstore_overwrite: {{ lp_passwordstore_overwrite }}
34 lp_passwordstore_passwordstore: {{ lp_passwordstore_passwordstore }}
35 lp_passwordstore_returnall : {{ lp_passwordstore_returnall }}
36 lp_passwordstore_subkey: {{ lp_passwordstore_subkey }}
37 lp_passwordstore_idempotent_password_hash: {{ lp_passwordstore_idempotent_password_hash }}
38 lp_passwordstore_packages:
39 {{ lp_passwordstore_packages | to_nice_yaml(indent=2) | indent(2) }}
40 ansible.builtin.debug:
41 msg: "{{ '{}'.format(msg) }}"
42
43- name: Passwordstore
44 when: lp_passwordstore | bool
45 tags: lp_passwords_passwordstore
46 block:
47
48 - name: "Passwords: Passwordstore: Install packages"
49 ansible.builtin.package:
50 name: "{{ item }}"
51 loop: "{{ lp_passwordstore_packages + lp_gpg_packages + lp_gpg_packages_extra }}"
52 delegate_to: localhost
53 run_once: true
54 when: lp_passwordstore_install | bool
55
56 - name: "Passwords: Passwordstore: Retrieve, create, or update userpass"
57 register: result
58 vars:
59 al_pws_debug: "{{ lp_passwordstore_debug }}"
60 al_pws_backup: "{{ lp_passwordstore_backup }}"
61 al_pws_create: "{{ lp_passwordstore_create }}"
62 al_pws_length: "{{ lp_passwordstore_length }}"
63 al_pws_nosymbols: "{{ lp_passwordstore_nosymbols }}"
64 al_pws_overwrite: "{{ lp_passwordstore_overwrite }}"
65 al_pws_passwordstore: "{{ lp_passwordstore_passwordstore }}"
66 al_pws_returnall: "{{ lp_passwordstore_returnall }}"
67 al_pws_subkey: "{{ lp_passwordstore_subkey }}"
68 al_pws_idempotent_password_hash: "{{ lp_passwordstore_idempotent_password_hash }}"
69 al_pws_query: "{{ lp_users }}"
70 ansible.builtin.include_role:
71 name: vbotka.ansible_lib
72 tasks_from: al_pws_user_host.yml
73
74 - name: "Passwords: Passwordstore: Create empty list my_passwords"
75 ansible.builtin.set_fact:
76 my_passwords: []
77 no_log: true # no-log-password password should not be logged.
78
79 - name: "Passwords: Passwordstore: Create my_passwords"
80 ansible.builtin.set_fact:
81 my_passwords: "{{ my_passwords +
82 [item | dict2items | rejectattr('key', 'equalto', 'userpass') | list |
83 items2dict | combine({'update_password': lp_passwords_update_password})] }}"
84 loop: "{{ al_pws_query_result }}"
85 loop_control:
86 label: "{{ item.name }}"
87 no_log: true # no-log-password password should not be logged.
88
89 - name: "Passwords: Passwordstore: Debug my_passwordsg lp_passwords_debug={{ lp_passwords_debug }}"
90 when: lp_passwords_debug | bool
91 ansible.builtin.debug:
92 var: my_passwords
93
94 - name: "Passwords: Passwordstore: Include users"
95 vars:
96 lp_users: "{{ my_passwords }}"
97 ansible.builtin.include_tasks:
98 file: users.yml
99 apply:
100 tags: lp_passwords_passwordstore
101
102 rescue:
103
104 - name: "Passwords: Passwordstore: Debug fail lp_passwords_debug_classified={{ lp_passwords_debug_classified }}"
105 when: lp_passwords_debug_classified | bool
106 ansible.builtin.debug:
107 var: result
108
109 - name: "Passwords: Passwordstore: Fail"
110 when: not lp_passwords_fail_gracefully | bool
111 ansible.builtin.fail:
112 msg: "[ERR] Passwordstore failed."
113
114# EOF
pm_utils.yml
Synopsis: Configure pm_utils
Description of the task.
1---
2# linux_postinstall pm_utils
3
4# TODO:
5# 1) add variables: lp_pm_powerd, lp_pm_configd
6# 2) add templates: pm-powerd.j2, pm-configd.j2
7# 3) add cases: resume, thaw, suspend, hibernate
8# 4) install pm_utils
9
10- name: "Pm_utils: Configure /etc/pm/sleep.d"
11 ansible.builtin.template:
12 src: pm-sleepd.j2
13 dest: /etc/pm/sleep.d/{{ item.value.file }}
14 owner: root
15 group: root
16 mode: "0755"
17 backup: "{{ lp_backup_conf }}"
18 loop: "{{ lp_pm_sleepd | d({}) | dict2items | selectattr('value.file') }}"
19
20# EOF
postfix.yml
Synopsis: Configure postfix
Description of the task.
1---
2# linux_postinstall postfix
3
4- name: "Postfix: Debug lp_postfix_debug={{ lp_postfix_debug }}"
5 when: lp_postfix_debug | bool
6 tags: lp_postfix_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_postfix_install: {{ lp_postfix_install }}
11 lp_postfix_enable: {{ lp_postfix_enable }}
12 lp_postfix_flush_handlers: {{ lp_postfix_flush_handlers }}
13 lp_postfix_rescue_end_host: {{ lp_postfix_rescue_end_host }}
14 lp_postfix_service: {{ lp_postfix_service }}
15 lp_postfix_main_conf:
16 {{ lp_postfix_main_conf | to_yaml(indent=2) | indent(2) }}
17 lp_postfix_packages:
18 {{ lp_postfix_packages | to_nice_yaml(indent=2) | indent(2) }}
19 lp_backup_conf: {{ lp_backup_conf }}
20 ansible.builtin.debug:
21 msg: "{{ '{}'.format(msg) }}"
22
23- name: "Postfix: Install packages"
24 when: lp_postfix_install | bool
25 tags: lp_postfix_packages
26 ansible.builtin.import_role:
27 name: vbotka.linux_lib
28 tasks_from: install_package.yml
29 vars:
30 ll_ipkg_list: "{{ lp_postfix_packages }}"
31 ll_ipkg_state: "{{ lp_package_state }}"
32 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
33 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
34 ll_debug: "{{ lp_postfix_debug | bool }}"
35
36- name: "Chrony: Configure, enable, start, or disable postfix"
37 block:
38
39 - name: "Postfix: Configure /etc/postfix/main.cf"
40 tags: lp_postfix_conf
41 notify: reload postfix
42 ansible.builtin.lineinfile:
43 dest: /etc/postfix/main.cf
44 regexp: ^\s*{{ item.key }}\s*=\s*(.*)$
45 line: "{{ item.key }} = {{ item.value }}"
46 backup: "{{ lp_backup_conf }}"
47 create: true
48 mode: "0644"
49 loop: "{{ lp_postfix_main_conf }}"
50 loop_control:
51 label: "{{ item.key }}: {{ item.value }}"
52
53 - name: "Postfix: Service {{ state ~ ' and ' ~ enable }}"
54 tags: lp_postfix_service
55 register: result
56 vars:
57 enabled: "{{ lp_postfix_enable | bool | d(false) }}"
58 state: "{{ lp_postfix_state | d(default_state) }}"
59 default_state: "{{ enabled | ternary('started', 'stopped') }}"
60 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
61 ansible.builtin.service:
62 name: "{{ lp_postfix_service }}"
63 state: "{{ state }}"
64 enabled: "{{ enabled }}"
65
66 - name: "Postfix: Debug service lp_postfix_debug={{ lp_postfix_debug }}"
67 when: lp_postfix_debug | bool
68 tags: lp_postfix_service
69 ansible.builtin.debug:
70 var: result
71
72 rescue:
73
74 - name: "Postfix: Print errors"
75 ansible.builtin.debug:
76 msg: |
77 [ERR] task {{ ansible_failed_task.name }} failed. End host.
78 ansible_failed_task:
79 {{ ansible_failed_task | to_yaml(indent=2) | indent(2) }}
80 ansible_failed_result:
81 {{ ansible_failed_result | to_yaml(indent=2) | indent(2) }}
82
83 - name: "Postfix: End host"
84 when: lp_postfix_rescue_end_host | bool
85 ansible.builtin.meta: end_host
86
87 - name: "Postfix: Clear host errors"
88 ansible.builtin.meta: clear_host_errors
89
90- name: "Postfix: Flush handlers"
91 when: lp_postfix_flush_handlers | bool
92 ansible.builtin.meta: flush_handlers
93
94# EOF
rc_local.yml
Synopsis: Configure rc_local
Description of the task.
1---
2# linux_postinstall rc_local
3
4- name: "Rc_local: Debug lp_rc_local_debug={{ lp_rc_local_debug }}"
5 when: lp_rc_local_debug | bool
6 tags: lp_rc_local_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_rc_local_service: {{ lp_rc_local_service }}
11 lp_rc_local_state: {{ lp_rc_local_state }}
12 lp_rc_local_template: {{ lp_rc_local_template }}
13 lp_rc_local_file: {{ lp_rc_local_file }}
14 lp_rc_local_owner: {{ lp_rc_local_owner }}
15 lp_rc_local_group: {{ lp_rc_local_group }}
16 lp_rc_local_mode: {{ lp_rc_local_mode }}
17 lp_rc_local_content:
18 {{ lp_rc_local_content | indent(2) }}
19 lp_backup_conf: {{ lp_backup_conf }}
20 ansible.builtin.debug:
21 msg: "{{ '{}'.format(msg) }}"
22
23- name: "Rc_local: Manage service {{ lp_rc_local_service }}"
24 tags: lp_rc_local_service
25 ansible.builtin.service:
26 name: "{{ lp_rc_local_service }}"
27 state: "{{ lp_rc_local_state }}"
28
29- name: "Rc_local: Create /etc/rc.local"
30 tags: lp_rc_local_file
31 notify: restart rc-local
32 ansible.builtin.template:
33 src: "{{ lp_rc_local_template }}"
34 dest: "{{ lp_rc_local_file }}"
35 owner: "{{ lp_rc_local_owner }}"
36 group: "{{ lp_rc_local_group }}"
37 mode: "{{ lp_rc_local_mode }}"
38 backup: "{{ lp_backup_conf }}"
39
40# EOF
reboot.yml
Synopsis: Configure reboot
Description of the task.
1---
2# linux_postinstall reboot
3
4- name: "Reboot Debug lp_reboot_debug={{ lp_reboot_debug }}"
5 when: lp_reboot_debug | bool
6 tags: lp_reboot_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_reboot_force: {{ lp_reboot_force }}
11 lp_reboot_required_ignore: {{ lp_reboot_required_ignore }}
12 lp_reboot_required_file: {{ lp_reboot_required_file }}
13 lp_reboot_command: {{ lp_reboot_command }}
14 lp_reboot_wait_connect_timeout: {{ lp_reboot_wait_connect_timeout }}
15 lp_reboot_wait_sleep: {{ lp_reboot_wait_sleep }}
16 lp_reboot_wait_delay: {{ lp_reboot_wait_delay }}
17 lp_reboot_wait_timeout: {{ lp_reboot_wait_timeout }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20
21- name: "Reboot: Debian test {{ lp_reboot_required_file }}"
22 when: ansible_os_family == 'Debian'
23 block:
24
25 - name: "Reboot: Stat {{ lp_reboot_required_file }}"
26 register: reboot_required_file_status
27 ansible.builtin.stat:
28 path: "{{ lp_reboot_required_file }}"
29
30 - name: "Reboot: Set reboot_required"
31 ansible.builtin.set_fact:
32 reboot_required: "{{ reboot_required_file_status.exists | d(false) }}"
33
34- name: "Reboot: RedHat test {{ lp_reboot_required_command }}"
35 when: ansible_os_family == 'RedHat'
36 block:
37
38 - name: "Reboot: Run {{ lp_reboot_required_command }}"
39 register: reboot_required_cmd_status
40 ansible.builtin.command: # noqa: no-changed-when
41 cmd: >
42 {{ lp_reboot_required_command }}
43
44 - name: "Reboot: Set reboot_required"
45 ansible.builtin.set_fact:
46 reboot_required: "{{ (reboot_required_cmd_status.rc != 0) | ternary(true, false) }}"
47
48- name: "Reboot: Debug reboot_required lp_reboot_debug={{ lp_reboot_debug }}"
49 when: lp_reboot_debug | bool
50 ansible.builtin.debug:
51 var: reboot_required
52
53- name: "Reboot: Reboot and wait for connection"
54 when:
55 - reboot_required | d(false)
56 - (not lp_reboot_required_ignore) or lp_reboot_force | bool
57 ansible.builtin.reboot:
58 connect_timeout: "{{ lp_reboot_wait_connect_timeout }}"
59 post_reboot_delay: "{{ lp_reboot_wait_delay }}"
60 reboot_timeout: "{{ lp_reboot_wait_timeout }}"
61
62# - name: "Reboot: Reboot and wait for connection"
63# when: (reboot_required | d(false) and not lp_reboot_required_ignore) or lp_reboot_force
64# block:
65#
66# - name: "reboot: Reboot"
67# shell: "{{ lp_reboot_command }}"
68# async: 1
69# poll: 0
70#
71# - name: "reboot: Wait for connection"
72# wait_for_connection:
73# connect_timeout: "{{ lp_reboot_wait_connect_timeout }}"
74# sleep: "{{ lp_reboot_wait_sleep }}"
75# delay: "{{ lp_reboot_wait_delay }}"
76# timeout: "{{ lp_reboot_wait_timeout }}"
77
78# EOF
repos.yml
Synopsis: Configure repos
Description of the task.
1---
2# linux_postinstall repos
3
4- name: "Repos: Debug lp_repos_debug={{ lp_repos_debug }}"
5 when: lp_repos_debug | bool
6 tags: lp_repos_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_repos_keys:
11 {{ lp_repos_keys | to_nice_yaml(indent=2) | indent(2) }}
12 lp_repos:
13 {{ lp_repos | to_nice_yaml(indent=2) | indent(2) }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16
17- name: Manage repo signing keys
18 tags: lp_repos_keys_manage
19 block:
20
21 - name: "Repos: Manage repo signing keys"
22 ansible.builtin.apt_key:
23 data: "{{ item.data | d(omit) }}"
24 file: "{{ item.file | d(omit) }}"
25 id: "{{ item.id | d(omit) }}"
26 keyring: "{{ item.keyring | d(omit) }}"
27 keyserver: "{{ item.keyserver | d(omit) }}"
28 state: "{{ item.state | d(omit) }}"
29 url: "{{ item.url | d(omit) }}"
30 validate_certs: "{{ item.validate_certs | d(omit) }}"
31 loop: "{{ lp_repos_keys }}"
32 register: result
33 retries: "{{ lp_install_retries }}"
34 until: result is succeeded
35 delay: "{{ lp_install_delay }}"
36
37 - name: "Repos: Debug manage repo signing keys lp_repos_debug={{ lp_repos_debug }}"
38 when: lp_repos_debug | bool
39 ansible.builtin.debug:
40 var: result
41
42- name: Manage repositories
43 tags: lp_repos_manage
44 block:
45
46 - name: "Repos: Manage repositories"
47 register: result
48 ansible.builtin.apt_repository:
49 codename: "{{ item.codename | d(omit) }}"
50 filename: "{{ item.filename | d(omit) }}"
51 mode: "{{ item.mode | d(omit) }}"
52 repo: "{{ item.repo | mandatory }}"
53 state: "{{ item.state | d(omit) }}"
54 update_cache: "{{ item.update_cache | d(omit) }}"
55 validate_certs: "{{ item.validate_certs | d(omit) }}"
56 loop: "{{ lp_repos }}"
57 loop_control:
58 label: "{{ item.repo }}"
59
60 - name: "Repos: Debug manage repositories lp_repos_debug={{ lp_repos_debug }}"
61 when: lp_repos_debug | bool
62 ansible.builtin.debug:
63 var: result
64
65# EOF
resolvconf.yml
Synopsis: Configure resolvconf
Description of the task.
1---
2# linux_postinstall resolvconf
3
4- name: "Resolvconf: Debug lp_resolvconf_debug={{ lp_resolvconf_debug }}"
5 when: lp_resolvconf_debug | bool
6 tags: lp_resolvconf_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_resolvconf_service: {{ lp_resolvconf_service }}
11 lp_resolvconf_enable: {{ lp_resolvconf_enable }}
12 lp_package_state: {{ lp_package_state }}
13 lp_resolvconf_install: {{ lp_resolvconf_install }}
14 lp_resolvconf_packages:
15 {{ lp_resolvconf_packages | to_nice_yaml(indent=2) | indent(2) }}
16 lp_resolvconf_conf_owner: {{ lp_resolvconf_conf_owner }}
17 lp_resolvconf_conf_group: {{ lp_resolvconf_conf_group }}
18 lp_resolvconf_conf_mode: {{ lp_resolvconf_conf_mode }}
19 lp_resolvconf_conf:
20 {{ lp_resolvconf_conf | to_nice_yaml(indent=2) | indent(2) }}
21 lp_resolvconf_confd_head:
22 {{ lp_resolvconf_confd_head | to_yaml(indent=2) | indent(2) }}
23 lp_backup_conf: {{ lp_backup_conf }}
24 ansible.builtin.debug:
25 msg: "{{ '{}'.format(msg) }}"
26
27- name: "Resolvconf: Install packages"
28 when: lp_resolvconf_install | bool
29 tags: lp_resolvconf_packages
30 vars:
31 ll_ipkg_list: "{{ lp_resolvconf_packages }}"
32 ll_ipkg_state: "{{ lp_package_state }}"
33 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
34 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
35 ll_debug: "{{ lp_resolvconf_debug | bool }}"
36 ansible.builtin.import_role:
37 name: vbotka.linux_lib
38 tasks_from: install_package.yml
39
40- name: "Resolvconf: Configure lp_resolvconf_conf"
41 tags: lp_resolvconf_confd_head
42 notify: restart resolvconf
43 ansible.builtin.template:
44 src: "{{ item.src }}"
45 dest: "{{ item.dest }}"
46 owner: "{{ item.owner }}"
47 group: "{{ item.group }}"
48 mode: "{{ item.mode }}"
49 backup: "{{ lp_backup_conf }}"
50 loop: "{{ lp_resolvconf_conf }}"
51 loop_control:
52 label: "{{ item.dest }}"
53
54- name: Service
55 tags: lp_resolvconf_service
56 block:
57
58 - name: "Resolvconf: Service {{ state ~ ' and ' ~ enable }}"
59 register: result
60 vars:
61 enabled: "{{ lp_resolvconf_enable | bool | d(false) }}"
62 default_state: "{{ enabled | ternary('started', 'stopped') }}"
63 state: "{{ lp_resolvconf_state | d(default_state) }}"
64 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
65 ansible.builtin.service:
66 name: "{{ lp_resolvconf_service }}"
67 state: "{{ state }}"
68 enabled: "{{ enabled }}"
69
70 - name: "Resolvconf: Debug service lp_resolvconf_debug={{ lp_resolvconf_debug }}"
71 when: lp_resolvconf_debug | bool
72 ansible.builtin.debug:
73 var: result
74
75# EOF
service.yml
Synopsis: Manage services.
Debug (4)
TBD
Sanity (23)
TBD
Automatic management of listed services (74)
When not empty (75) iterate my_services_varnames (97) (See default s/main/service.yml). Skip
when run_task (80) is not True.
Manual management of listed services (104)
When not empty (105) iterate lp_service in the included tasks (115). When auto (110) set the
module (112) to ansible_service_mgr (OS native service manager found by the setup). TBC
Flush handlers (117)
Automatic management of listed services notifies ansible_service_mgr. See the tasks
service-*.yml how manual management options notify handlers.
1---
2# linux_postinstall service
3
4- name: "Service: Debug lp_service_debug={{ lp_service_debug }}"
5 when: lp_service_debug | bool
6 tags: lp_service_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 ansible_service_mgr: {{ ansible_facts['service_mgr'] }}
11 lp_service_sanity: {{ lp_service_sanity }}
12
13 lp_service_module: {{ lp_service_module }}
14 lp_service_module_valid: {{ lp_service_module_valid }}
15
16 lp_service:
17 {{ lp_service | to_nice_yaml(indent=2) | indent(2) }}
18 lp_service_auto:
19 {{ lp_service_auto | to_nice_yaml(indent=2) | indent(2) }}
20 ansible.builtin.debug:
21 msg: "{{ '{}'.format(msg) }}"
22
23- name: Sanity
24 when: lp_service_sanity | bool
25 tags: lp_service_sanity
26 block:
27
28 - name: "Service: Get service facts"
29 ansible.builtin.service_facts:
30
31 - name: "Service: Debug my_services_* lp_service_debug2={{ lp_service_debug2 }}"
32 when: lp_service_debug2 | bool
33 vars:
34 my_services_alias: "{{ lp_service_auto }}"
35 msg: |-
36 my_services_regex: {{ my_services_regex }}
37 my_services_all: {{ my_services_all | to_yaml }}
38 my_services_varnames:
39 {{ my_services_varnames | to_nice_yaml(indent=2) | indent(2) }}
40 my_services_names:
41 {{ my_services_names | to_nice_yaml(indent=2) | indent(2) }}
42 my_services_undef:
43 {{ my_services_undef | to_nice_yaml(indent=2) | indent(2) }}
44 ansible.builtin.debug:
45 msg: "{{ '{}'.format(msg) }}"
46
47 - name: "Service: Sanity lp_service_auto items are defined"
48 when: lp_service_auto | length > 0
49 vars:
50 my_services_alias: "{{ lp_service_auto }}"
51 ansible.builtin.assert:
52 that: my_services_undef | length == 0
53 fail_msg: "[ERR] Undefined services: {{ my_services_undef }}"
54 success_msg: "[OK] All service names in lp_service_auto are valid."
55 quiet: "{{ lp_service_sanity_quiet }}"
56
57 - name: "Service: Sanity lp_service names are defined"
58 when: lp_service | length > 0
59 vars:
60 my_services_alias: "{{ lp_service | map(attribute='name') }}"
61 ansible.builtin.assert:
62 that: my_services_undef | length == 0
63 fail_msg: "[ERR] Undefined services: {{ my_services_undef }}"
64 success_msg: "[OK] All service names in lp_service are valid."
65 quiet: "{{ lp_service_sanity_quiet }}"
66
67 - name: "Service: Sanity lp_service_module"
68 ansible.builtin.assert:
69 that: lp_service_module in lp_service_module_valid
70 fail_msg: "[ERR] {{ lp_service_module }} not in {{ lp_service_module_valid }}"
71 success_msg: "[OK] {{ lp_service_module }} is valid value of lp_service_module."
72 quiet: "{{ lp_service_sanity_quiet }}"
73
74- name: Automatic management of services
75 when: lp_service_auto | length > 0
76 tags: lp_service_auto
77 block:
78
79 - name: "Service: Automatic management of services"
80 when: run_task | bool
81 register: result
82 notify: reload {{ ansible_facts['service_mgr'] }} daemon
83 vars:
84 my_services_alias: "{{ lp_service_auto }}"
85 vbase: "{{ item | reverse | replace('ecivres_', '', 1) | reverse }}"
86 run_task: "{{ lookup('vars', vbase, default=false) }}"
87 srv_name: "{{ lookup('vars', vbase ~ '_service', default=item) }}"
88 srv_enbl: "{{ lookup('vars', vbase ~ '_enable', default=false) }}"
89 use_modl: "{{ lookup('vars', vbase ~ '_module', default='auto') }}"
90 srv_stat: "{{ lookup('vars', vbase ~ '_state', default=default_state) }}"
91 default_state: "{{ srv_enbl | bool | ternary('started', 'stopped') }}"
92 ansible.builtin.service:
93 name: "{{ srv_name }}"
94 state: "{{ srv_stat }}"
95 enabled: "{{ srv_enbl | bool }}"
96 use: "{{ use_modl }}"
97 loop: "{{ my_services_varnames }}"
98 loop_control:
99 label: "{{ srv_name }} enabled={{ srv_enbl }} state={{ srv_stat }} use={{ use_modl }}"
100
101 - name: "Service: Debug"
102 ansible.builtin.include_tasks: fn/service-debug.yml
103
104- name: Manual management of services
105 when: lp_service | length > 0
106 tags: lp_service_manual
107 block:
108
109 - name: "Service: Manual management set module auto"
110 when: lp_service_module == 'auto'
111 ansible.builtin.set_fact:
112 lp_service_module: "{{ ansible_facts['service_mgr'] }}"
113
114 - name: "Service: Include {{ lp_service_module }}"
115 ansible.builtin.include_tasks: fn/service-{{ lp_service_module }}.yml
116
117- name: "Service: Flush handlers"
118 tags:
119 - lp_service_auto
120 - lp_service_manual
121 ansible.builtin.meta: flush_handlers
122
123# EOF
service-service.yml
Synopsis: Configure service-service
Description of the task.
[tasks/fn/service-service.yml]
1---
2# linux_postinstall function service-service
3
4- name: "Service: Manual management of services"
5 register: result
6 notify: reload {{ ansible_facts['service_mgr'] }} daemon
7 ansible.builtin.service:
8 name: "{{ item.name }}"
9 arguments: "{{ item.arguments | d(omit) }}"
10 enabled: "{{ item.enabled | d(omit) }}"
11 pattern: "{{ item.pattern | d(omit) }}"
12 runlevel: "{{ item.runlevel | d(omit) }}"
13 sleep: "{{ item.sleep | d(omit) }}"
14 state: "{{ item.state | d(omit) }}"
15 use: "{{ item.use | d(omit) }}"
16 loop: "{{ lp_service }}"
17 loop_control:
18 label: >-
19 {{ item.name }}
20 enabled={{ item.enabled | d('UNDEFINED') }}
21 state={{ item.state | d('UNDEFINED') }}
22 use={{ item.use | d('UNDEFINED') }}
23
24- name: "Service: Debug Manual management full results lp_service_debug2={{ lp_service_debug2 }}"
25 when: lp_service_debug2 | d(false) | bool
26 ansible.builtin.debug:
27 var: result
28
29- name: "Service: Debug Manual management results lp_service_debug2={{ lp_service_debug2 }}"
30 when: lp_service_debug2 | d(false) | bool
31 ansible.builtin.debug:
32 msg: |
33 {% for i in result.results %}
34 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
35 changed: {{ i.changed }}
36 name: {{ i.name | d('UNDEFINED') }}
37 enabled: {{ i.enabled | d('UNDEFINED') }}
38 state: {{ i.state | d('UNDEFINED') }}
39 msg: {{ i.msg | d('UNDEFINED') }}
40
41 invocation:
42 {{ i.invocation.module_args | to_nice_yaml(indent=2) | indent(2) }}
43 item:
44 {{ i.item | to_nice_yaml(indent=2) | indent(2) }}
45 {% endfor %}
46
47# EOF
service-systemd.yml
Synopsis: Configure service-systemd
Description of the task.
[tasks/fn/service-systemd.yml]
1---
2# linux_postinstall function service-systemd
3
4# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/systemd_service_module.html#notes
5# Quoting from Notes: The order of execution when having multiple
6# properties is to first enable/disable, then mask/unmask and then
7# deal with service state. It has been reported that systemctl can
8# behave differently depending on the order of operations if you do
9# the same manually.
10
11- name: Service systemd
12 module_defaults:
13 ansible.builtin.systemd:
14 name: "{{ item.name | d(omit) }}"
15 daemon_reexec: "{{ item.daemon_reexec | d(omit) }}"
16 daemon_reload: "{{ item.daemon_reload | d(omit) }}"
17 enabled: "{{ item.enabled | d(omit) }}"
18 force: "{{ item.force | d(omit) }}"
19 masked: "{{ item.masked | d(omit) }}"
20 no_block: "{{ item.no_block | d(omit) }}"
21 scope: "{{ item.scope | d(omit) }}"
22 state: "{{ item.state | d(omit) }}"
23 vars:
24 _enabld: "{{ lp_service | selectattr('enabled', 'defined') | community.general.remove_keys(target=['masked', 'state']) }}"
25 _masked: "{{ lp_service | selectattr('masked', 'defined') | community.general.remove_keys(target=['state']) }}"
26 enabled: "{{ item.enabled | d('UNDEFINED') }}"
27 masked: "{{ item.masked | d('UNDEFINED') }}"
28 state: "{{ item.state | d('UNDEFINED') }}"
29 block:
30
31 - name: "Service:systemd: enable/disable"
32 register: result
33 notify: reload systemd daemon
34 ansible.builtin.systemd:
35 loop: "{{ _enabld }}"
36 loop_control:
37 label: "{{ item.name }} enabled={{ enabled }}"
38
39 - name: "Service:systemd: Debug"
40 when: _enabld | length > 0
41 ansible.builtin.include_tasks: fn/service-debug.yml
42
43 - name: "Service:systemd: Flush handlers"
44 when: _enabld | length > 0
45 ansible.builtin.meta: flush_handlers
46
47 - name: "Service:systemd: mask/unmask"
48 register: result
49 notify: reload systemd daemon
50 ansible.builtin.systemd:
51 loop: "{{ _masked }}"
52 loop_control:
53 label: "{{ item.name }} enabled={{ enabled }} masked={{ masked }}"
54
55 - name: "Service:systemd: Debug"
56 when: _masked | length > 0
57 ansible.builtin.include_tasks: fn/service-debug.yml
58
59 - name: "Service:systemd: Flush handlers"
60 when: _masked | length > 0
61 ansible.builtin.meta: flush_handlers
62
63 - name: "Service:systemd: all"
64 register: result
65 notify: reload systemd daemon
66 ansible.builtin.systemd:
67 loop: "{{ lp_service }}"
68 loop_control:
69 label: "{{ item.name }} enabled={{ enabled }} masked={{ masked }} state={{ state }}"
70
71 - name: "Service:systemd: Debug"
72 when: lp_service | length > 0
73 ansible.builtin.include_tasks: fn/service-debug.yml
74
75# EOF
service-sysvinit.yml
Synopsis: Configure service-sysvinit
Description of the task.
[tasks/fn/service-sysvinit.yml]
1---
2# linux_postinstall function service-sysvinit
3
4- name: Service:sysvinit debug
5 ansible.builtin.debug:
6 msg: "[WARNING] Not implemented yet. End host."
7
8- name: Service:sysvinit meta
9 ansible.builtin.meta: end_host
10
11# EOF
service-debug.yml
Synopsis: Configure service-debug
Description of the task.
1---
2# linux_postinstall function service-debug
3
4- name: "Service: Debug management full results lp_service_debug2={{ lp_service_debug2 }}"
5 when: lp_service_debug2 | d(false) | bool
6 ansible.builtin.debug:
7 var: result
8
9- name: "Service: Debug management selected results lp_service_debug2={{ lp_service_debug2 }}"
10 when: lp_service_debug2 | d(false) | bool
11 ansible.builtin.debug:
12 msg: |
13 {% for i in result.results %}
14 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15 changed: {{ i.changed }}
16 item:
17 {{ i.item | to_nice_yaml(indent=2) | indent(2) }}
18 {% if i.skipped | d(false) %}
19 skip_reason: {{ i.skip_reason }}
20 {% else %}
21 name: {{ i.name | d('UNDEFINED') }}
22 enabled: {{ i.enabled | d('UNDEFINED') }}
23 state: {{ i.state | d('UNDEFINED') }}
24 msg: {{ i.msg | d('UNDEFINED') }}
25 invocation:
26 {{ i.invocation.module_args | to_nice_yaml(indent=2) | indent(2) }}
27 {% endif %}
28 {% endfor %}
29
30# EOF
smart.yml
Synopsis: Configure smart
Description of the task.
1---
2# linux_postinstall smart
3
4- name: "Smart: Debug lp_smart_debug={{ lp_smart_debug }}"
5 when: lp_smart_debug | bool
6 tags: lp_smart_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_smart_install: {{ lp_smart_install }}
11 lp_smart_packages:
12 {{ lp_smart_packages | to_nice_yaml(indent=2) | indent(2) }}
13 lp_backup_conf: {{ lp_backup_conf }}
14 ansible.builtin.debug:
15 msg: "{{ '{}'.format(msg) }}"
16
17- name: "Smart: Install packages"
18 when: lp_smart_install | bool
19 tags: lp_smart_packages
20 vars:
21 ll_ipkg_list: "{{ lp_smart_packages }}"
22 ll_ipkg_state: "{{ lp_package_state }}"
23 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
24 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
25 ll_debug: "{{ lp_smart_debug | bool }}"
26 ansible.builtin.import_role:
27 name: vbotka.linux_lib
28 tasks_from: install_package.yml
29
30- name: Configure lp_smart_conf_file
31 tags: lp_smart_conf
32 notify: reload smart
33 block:
34
35 - name: "Smart: Do not scan for devices. Configure {{ lp_smart_conf_file }}"
36 when: not lp_smart_devicescan | bool
37 ansible.builtin.lineinfile:
38 state: absent
39 dest: "{{ lp_smart_conf_file }}"
40 regexp: ^\s*DEVICESCAN\s*(.*)$
41 owner: "{{ lp_smart_conf_owner }}"
42 group: "{{ lp_smart_conf_group }}"
43 mode: "{{ lp_smart_conf_mode }}"
44 backup: "{{ lp_backup_conf }}"
45 create: true
46
47 - name: "Smart: Configure devices in {{ lp_smart_conf_file }}"
48 ansible.builtin.lineinfile:
49 dest: "{{ lp_smart_conf_file }}"
50 regexp: "{{ item.regexp }}"
51 line: "{{ item.line }}"
52 owner: "{{ lp_smart_conf_owner }}"
53 group: "{{ lp_smart_conf_group }}"
54 mode: "{{ lp_smart_conf_mode }}"
55 backup: "{{ lp_backup_conf }}"
56 create: true
57 loop: "{{ lp_smart_devices }}"
58 loop_control:
59 label: "{{ item.line }}"
60
61- name: Service
62 tags: lp_smart_service
63 block:
64
65 - name: "Smart: Service {{ state ~ ' and ' ~ enable }}"
66 register: result
67 vars:
68 enabled: "{{ lp_smart_enable | bool | d(false) }}"
69 state: "{{ lp_smart_state | d(default_state) }}"
70 default_state: "{{ enabled | ternary('started', 'stopped') }}"
71 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
72 ansible.builtin.service:
73 name: "{{ lp_smart_service }}"
74 state: "{{ state }}"
75 enabled: "{{ enabled }}"
76
77 - name: "Smart: Debug service lp_smart_debug={{ lp_smart_debug }}"
78 when: lp_smart_debug | bool
79 ansible.builtin.debug:
80 var: result
81
82# EOF
snap.yml
Synopsis: Configure snap
Description of the task.
1---
2# linux_postinstall snap
3
4- name: "Snap: Debug"
5 ansible.builtin.debug:
6 msg: Not implemented yet.
7
8# [TODO]
9#
10# https://snapcraft.io/docs/getting-started
11# https://www.osnews.com/story/131714/disabling-snaps-in-ubuntu-20-04/
12# https://www.kevin-custer.com/blog/disabling-snaps-in-ubuntu-20-04/
13# https://askubuntu.com/questions/1204571/chromium-without-snap
14
15# EOF
speechd.yml
Synopsis: Configure speechd
Description of the task.
1---
2# linux_postinstall speechd
3
4- name: "Speechd: Debug lp_speechd_debug={{ lp_speechd_debug }}"
5 when: lp_speechd_debug | bool
6 ansible.builtin.debug:
7 msg: "lp_speechd_enable: {{ lp_speechd_enable }}"
8
9- name: Service speechd
10 tags: lp_speechd_service
11 block:
12
13 - name: "Speechd: Service {{ state ~ ' and ' ~ enable }}"
14 register: result
15 vars:
16 enabled: "{{ lp_speechd_enable | bool | d(false) }}"
17 state: "{{ lp_speechd_state | d(default_state) }}"
18 default_state: "{{ enabled | ternary('started', 'stopped') }}"
19 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
20 ansible.builtin.service:
21 name: "{{ lp_speechd_service }}"
22 state: "{{ state }}"
23 enabled: "{{ enabled }}"
24
25 - name: "Speechd: Debug service lp_speechd_debug={{ lp_speechd_debug }}"
26 when: lp_speechd_debug | bool
27 ansible.builtin.debug:
28 var: result
29
30# EOF
sshd.yml
Synopsis: Configure sshd
Description of the task.
1---
2# linux_postinstall sshd
3
4- name: "Sshd: Debug lp_sshd_debug={{ lp_sshd_debug }}"
5 when: lp_sshd_debug | bool
6 tags: lp_sshd_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_sshd_enable: {{ lp_sshd_enable }}
11 lp_sshd_config_remove_duplicates: {{ lp_sshd_config_remove_duplicates }}
12 lp_sshd_config:
13 {{ lp_sshd_config | to_yaml(indent=2) | indent(2) }}
14 lp_backup_conf: {{ lp_backup_conf }}
15 ansible.builtin.debug:
16 msg: "{{ '{}'.format(msg) }}"
17
18- name: Configure /etc/ssh/sshd_config
19 tags: lp_sshd_config
20 notify: reload sshd
21 block:
22
23 - name: "Sshd: Remove duplicate parameters from /etc/ssh/sshd_config"
24 when: lp_sshd_config_remove_duplicates | bool
25 ansible.builtin.replace:
26 dest: /etc/ssh/sshd_config
27 after: ^\s*{{ item.key }}(?!\S)
28 regexp: ^\s*{{ item.key }}(?!\S).*$
29 backup: "{{ lp_backup_conf }}"
30 validate: "{{ lp_sshd_path }} -t -f %s"
31 loop: "{{ lp_sshd_config }}"
32 loop_control:
33 label: "{{ item.key }}"
34
35 - name: "Sshd: Configure /etc/ssh/sshd_config"
36 ansible.builtin.lineinfile:
37 dest: /etc/ssh/sshd_config
38 regexp: ^\s*{{ item.key }}(?!\S).*$
39 line: "{{ item.key }} {{ item.value }}"
40 backup: "{{ lp_backup_conf }}"
41 validate: "{{ lp_sshd_path }} -t -f %s"
42 loop: "{{ lp_sshd_config }}"
43 loop_control:
44 label: "{{ item.key }}: {{ item.value }}"
45
46- name: Service
47 tags: lp_sshd_service
48 block:
49
50 - name: "Sshd: Service {{ state ~ ' and ' ~ enable }}"
51 register: result
52 vars:
53 enabled: "{{ lp_sshd_enable | bool | d(false) }}"
54 state: "{{ lp_sshd_state | d(default_state) }}"
55 default_state: "{{ enabled | ternary('started', 'stopped') }}"
56 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
57 ansible.builtin.service:
58 name: "{{ lp_sshd_service }}"
59 state: "{{ state }}"
60 enabled: "{{ enabled }}"
61
62 - name: "Sshd: Debug service lp_sshd_debug={{ lp_sshd_debug }}"
63 when: lp_sshd_debug | bool
64 ansible.builtin.debug:
65 var: result
66
67# EOF
ssh.yml
Synopsis: Configure ssh
Description of the task.
1---
2# linux_postinstall ssh
3
4- name: "Ssh: Debug lp_ssh_debug={{ lp_ssh_debug }}"
5 when: lp_ssh_debug | bool
6 tags: lp_ssh_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_ssh_config:
11 {{ lp_ssh_config | to_yaml(indent=2) | indent(2) }}
12 lp_backup_conf: {{ lp_backup_conf }}
13 ansible.builtin.debug:
14 msg: "{{ '{}'.format(msg) }}"
15
16- name: "Ssh: Configure /etc/ssh/ssh_config"
17 tags: lp_ssh_conf
18 ansible.builtin.template:
19 src: ssh_config.j2
20 dest: /etc/ssh/ssh_config
21 backup: "{{ lp_backup_conf }}"
22 mode: "0644"
23
24# EOF
sudoers.yml
Synopsis: Configure sudoers
Description of the task.
1---
2# linux_postinstall sudoers
3
4- name: "Sudoers: Debug lp_sudoers_debug={{ lp_sudoers_debug }}"
5 when: lp_sudoers_debug | bool
6 tags: lp_sudoers_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_sudoers_conf:
11 {{ lp_sudoers_conf | to_yaml(indent=2) | indent(2) }}
12 lp_backup_conf: {{ lp_backup_conf }}
13 ansible.builtin.debug:
14 msg: "{{ '{}'.format(msg) }}"
15
16- name: "Sudoers: Configure /etc/sudoers"
17 tags: lp_sudoers_conf
18 ansible.builtin.lineinfile:
19 path: /etc/sudoers
20 line: "{{ item.line }}"
21 state: "{{ item.state | d('present') }}"
22 backup: "{{ lp_backup_conf }}"
23 create: true
24 mode: "0440"
25 loop: "{{ lp_sudoers_conf }}"
26
27- name: "Sudoers: Configure /etc/sudoers.d/01"
28 tags: lp_sudoers_dconf
29 ansible.builtin.lineinfile:
30 path: /etc/sudoers.d/01
31 line: "{{ item }}"
32 owner: "{{ lp_sudoers_owner }}"
33 group: "{{ lp_sudoers_group }}"
34 mode: "{{ lp_sudoers_mode }}"
35 backup: "{{ lp_backup_conf }}"
36 create: true
37 loop: "{{ lp_sudoers_01 }}"
38
39# EOF
swap.yml
Synopsis: Configure swap
Description of the task.
1---
2# linux_postinstall swap
3
4- name: "Swap: Debug lp_swap_debug={{ lp_swap_debug }}"
5 when: lp_swap_debug | bool
6 tags: lp_swap_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_swap: {{ lp_swap }}
11 lp_swap_enable: {{ lp_swap_enable }}
12 lp_swap_sanity: {{ lp_swap_sanity }}
13 lp_swap_flush_handlers: {{ lp_swap_flush_handlers }}
14 lp_swap_rescue_end_host: {{ lp_swap_rescue_end_host }}
15 lp_swap_file: {{ lp_swap_file | d("UNDEFINED") }}
16 lp_swap_size: {{ lp_swap_size | d("UNDEFINED") }}
17 lp_swap_stsize: {{ lp_swap_stsize | d("UNDEFINED") }}
18 lp_backup_conf: {{ lp_backup_conf }}
19 ansible.builtin.debug:
20 msg: "{{ '{}'.format(msg) }}"
21
22- name: Sanity
23 when: lp_swap_sanity | bool
24 tags: lp_swap_sanity
25 block:
26
27 - name: "Swap: sanity: Defined lp_swap_file"
28 ansible.builtin.assert:
29 that: lp_swap_file is defined
30 fail_msg: "[ERR] Variable lp_swap_file must be defined."
31
32 - name: "Swap: sanity: Defined lp_swap_size and lp_swap_stsize"
33 when: lp_swap_enable | bool
34 ansible.builtin.assert:
35 that: lp_swap_size is defined and lp_swap_stsize is defined
36 fail_msg: "[ERR] Variables lp_swap_size and lp_swap_stsize must be defined."
37
38- name: Create or change lp_swap_file
39 tags: lp_swap_swapfile
40 block:
41
42 - name: "Swap: Create swapfile {{ lp_swap_file }}"
43 ansible.builtin.shell:
44 cmd: >
45 sh -c
46 'if [ ! -e {{ lp_swap_file }} ];
47 then printf "create";
48 fi'
49 register: command_result
50 changed_when: command_result.stdout == 'create'
51 notify: create and mount swap file
52
53 - name: "Swap: Change swapfile {{ lp_swap_file }}"
54 ansible.builtin.shell:
55 cmd: >
56 sh -c
57 'if [ -e {{ lp_swap_file }} ] &&
58 [ "`stat --format '%s' {{ lp_swap_file }}`" -ne "{{ lp_swap_stsize }}" ];
59 then printf "change";
60 fi'
61 register: command_result
62 changed_when: command_result.stdout == 'change'
63 notify: change and mount swap file
64
65 rescue:
66
67 - name: "Swap: Print errors"
68 ansible.builtin.debug:
69 msg: |
70 [ERR] task {{ ansible_failed_task.name }} failed. End host.
71 ansible_failed_task:
72 {{ ansible_failed_task | to_yaml(indent=2) | indent(2) }}
73 ansible_failed_result:
74 {{ ansible_failed_result | to_yaml(indent=2) | indent(2) }}
75
76 - name: "Swap: End host"
77 when: lp_swap_rescue_end_host | bool
78 ansible.builtin.meta: end_host
79
80- name: Create or remove swap entry in /etc/fstab
81 tags: lp_swap_fstab
82 block:
83
84 - name: "Swap: Create swap entry in /etc/fstab"
85 when: lp_swap_enable | bool
86 ansible.posix.mount:
87 path: none
88 src: "{{ lp_swap_file }}"
89 fstype: swap
90 opts: sw
91 passno: "0"
92 dump: "0"
93 state: present
94 backup: "{{ lp_backup_conf }}"
95
96 - name: "Swap: Remove swap entry from /etc/fstab"
97 when: not lp_swap_enable | bool
98 notify: remove swap file
99 ansible.posix.mount:
100 path: none
101 src: "{{ lp_swap_file }}"
102 fstype: swap
103 opts: sw
104 passno: "0"
105 dump: "0"
106 state: absent
107 backup: "{{ lp_backup_conf }}"
108
109 rescue:
110
111 - name: "Swap: Print errors"
112 ansible.builtin.debug:
113 msg: |
114 [ERR] task {{ ansible_failed_task.name }} failed. End host.
115 ansible_failed_task:
116 {{ ansible_failed_task | to_yaml(indent=2) | indent(2) }}
117 ansible_failed_result:
118 {{ ansible_failed_result | to_yaml(indent=2) | indent(2) }}
119
120 - name: "Swap: End host"
121 when: lp_swap_rescue_end_host | bool
122 ansible.builtin.meta: end_host
123
124- name: "Swap: Flush handlers"
125 when: lp_swap_flush_handlers | bool
126 ansible.builtin.meta: flush_handlers
127
128# EOF
sysctl.yml
Synopsis: Configure sysctl
Description of the task.
1---
2# linux_postinstall sysctl
3
4- name: "Sysctl: Debug lp_sysctl_debug={{ lp_sysctl_debug }}"
5 when: lp_sysctl_debug | bool
6 tags: lp_sysctl_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_sysctl_owner: {{ lp_sysctl_owner }}
11 lp_sysctl_group: {{ lp_sysctl_group }}
12 lp_sysctl_mode: {{ lp_sysctl_mode }}
13 lp_sysctl_no_extra_spaces: {{ lp_sysctl_no_extra_spaces }}
14 lp_sysctl_vars:
15 {{ lp_sysctl_vars | to_yaml(indent=2) | indent(2) }}
16 lp_sysctld_root: {{ lp_sysctld_root }}
17 lp_sysctld_template: {{ lp_sysctld_template }}
18 lp_sysctld_conf:
19 {{ lp_sysctld_conf | to_yaml(indent=2) | indent(2) }}
20 ansible.builtin.debug:
21 msg: "{{ '{}'.format(msg) }}"
22
23- name: "Sysctl: Configure /etc/sysctl.conf"
24 notify: load sysctl settings
25 tags: lp_sysctl_conf
26 ansible.builtin.lineinfile:
27 dest: /etc/sysctl.conf
28 create: true
29 mode: "0644"
30 regexp: ^\s*{{ item.var }}\s*=(.*)$
31 line: "{{ item.var }}{{ lp_sysctl_extra_space }}={{ lp_sysctl_extra_space }}{{ item.value }}"
32 state: "{{ item.state | d(omit) }}"
33 backup: "{{ lp_backup_conf }}"
34 loop: "{{ lp_sysctl_vars }}"
35 loop_control:
36 label: "{{ item.var }}: {{ item.value }} {{ item.state | d('present') }}"
37
38- name: "Sysctl: Configure files in {{ lp_sysctld_root }}"
39 notify: load sysctl system
40 tags: lp_sysctld_conf
41 ansible.builtin.template:
42 src: "{{ lp_sysctld_template }}"
43 dest: "{{ lp_sysctld_root }}/{{ item.file }}"
44 owner: "{{ item.owner | d(lp_sysctl_owner) }}"
45 group: "{{ item.group | d(lp_sysctl_group) }}"
46 mode: "{{ item.mode | d(lp_sysctl_mode) }}"
47 backup: "{{ lp_backup_conf }}"
48 loop: "{{ lp_sysctld_conf }}"
49 loop_control:
50 label: "{{ item.file }}"
51
52# EOF
systemd.yml
Synopsis: Configure systemd.
Set my_services (4)
Iterate lp_systemd_unit (24) and create dictionary
my_services. It will be used by handlers to decide if and how to
reload or restart services
1my_services:
2 <name>.<type | d(lp_systemd_unit_type)>:
3 state: <control.state | d('started')>
4 restart_or_reload: <control.restart_or_reload | d('reload')>
5...
Debug (28)
To see the values of the variables run the playbook with options
-t lp_systemd_debug -e lp_systemd_debug=True (29).
Packages (54)
Install packages when enabled (55).
Configure systemd (67)
Use community.general.ini_file (72) to configure files in loop
(83). Register lp_systemd_conf_changes (82) and notify handler
reload systemd conf (72).
1lp_systemd_conf:
2 <path>:
3 owner: <owner | d(lp_systemd_owner)>
4 group: <group | d(lp_systemd_group)>
5 mode: <mode | d(lp_systemd_mode)>
6 reload_service: <service to be reloaded or restarted by handler>
7 conf:
8 - {section: <section>, key: <option>, val: <value>}
9 ...
Create units (105)
Use `` ansible.builtin.template`` (112) to create units in the loop
(120) when state == 'create' (110). Register
lp_systemd_unit_create_changes (119) and notify handler reload
systemd units (111).
1lp_systemd_unit:
2 - name: <name of the service>
3 type: <type of the service | d(lp_systemd_unit_type)>
4 path: <directory of the units | d(lp_systemd_unit_dir)>
5 owner: <owner | d(lp_systemd_owner)>
6 group: <group | d(lp_systemd_group)>
7 mode: <mode | d(lp_systemd_mode)>
8 state: <'create' or 'absent' | d('noop')>
9 ...
Remove units (129)
<TBD>
Control units (148)
1lp_systemd_unit:
2 - name: <name of the service>
3 type: <type of the service | d(lp_systemd_unit_type)>
4 control:
5 daemon_reexec: <daemon_reexec | d(omit)>
6 daemon_reload: <daemon_reload | d(omit)>
7 enabled: <enabled | d(systemd_units_enabled)>
8 force: <force | d(omit)>
9 masked: <masked | d(omit)>
10 no_block: <no_block | d(omit)>
11 scope: <scope | d(omit)>
12 state: <state | d(omit)>
See also
Description of Parameters Ansible module systemd
<TBD>
1---
2# linux_postinstall systemd
3
4- name: Set my_services
5 tags:
6 - lp_systemd_debug
7 - lp_systemd_packages
8 - lp_systemd_conf
9 block:
10
11 - name: "Systemd: Create empty my_services"
12 ansible.builtin.set_fact:
13 my_services: {}
14
15 - name: "Systemd: Set my_services"
16 vars:
17 my_name: "{{ item.name }}.{{ item.type | d(lp_systemd_unit_type) }}"
18 my_state: "{{ item.control.state | d('started') }}"
19 my_restart_or_reload: "{{ item.control.restart_or_reload | d('reloaded') }}"
20 ansible.builtin.set_fact:
21 my_services: "{{ my_services |
22 combine({my_name: {'state': my_state,
23 'restart_or_reload': my_restart_or_reload}}) }}"
24 loop: "{{ lp_systemd_unit }}"
25 loop_control:
26 label: "{{ my_name }}"
27
28- name: "Systemd: Debug lp_systemd_debug={{ lp_systemd_debug }}"
29 when: lp_systemd_debug | bool
30 tags: lp_systemd_debug
31 vars:
32 msg: |-
33 ansible_os_family: {{ ansible_facts['os_family'] }}
34 lp_systemd_install: {{ lp_systemd_install }}
35 lp_systemd_packages:
36 {{ lp_systemd_packages | to_nice_yaml(indent=2) | indent(2) }}
37 lp_systemd_dir: {{ lp_systemd_dir }}
38 lp_systemd_owner: {{ lp_systemd_owner }}
39 lp_systemd_group: {{ lp_systemd_group }}
40 lp_systemd_mode: {{ lp_systemd_mode }}
41 lp_systemd_conf_no_extra_spaces: {{ lp_systemd_conf_no_extra_spaces }}
42 lp_systemd_conf:
43 {{ lp_systemd_conf | to_yaml(indent=2) | indent(2) }}
44 lp_systemd_unit_dir: {{ lp_systemd_unit_dir }}
45 lp_systemd_unit_type: {{ lp_systemd_unit_type }}
46 lp_systemd_unit:
47 {{ lp_systemd_unit | to_nice_yaml(indent=2) | indent(2) }}
48 my_services:
49 {{ my_services | to_yaml(indent=2) | indent(2) }}
50 lp_backup_conf: {{ lp_backup_conf }}
51 ansible.builtin.debug:
52 msg: "{{ '{}'.format(msg) }}"
53
54- name: "Systemd: Install packages"
55 when: lp_systemd_install | bool
56 tags: lp_systemd_packages
57 vars:
58 ll_ipkg_list: "{{ lp_systemd_packages }}"
59 ll_ipkg_state: "{{ lp_package_state }}"
60 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
61 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
62 ll_debug: "{{ lp_systemd_debug | bool }}"
63 ansible.builtin.import_role:
64 name: vbotka.linux_lib
65 tasks_from: install_package.yml
66
67- name: Configure systemd
68 tags: lp_systemd_conf
69 block:
70
71 - name: "Systemd: Configure systemd"
72 register: lp_systemd_conf_changes
73 notify: reload systemd conf
74 community.general.ini_file:
75 path: "{{ item.0.key }}"
76 section: "{{ item.1.section }}"
77 option: "{{ item.1.key }}"
78 value: "{{ item.1.val }}"
79 owner: "{{ item.0.value.owner | d(lp_systemd_owner) }}"
80 group: "{{ item.0.value.group | d(lp_systemd_group) }}"
81 mode: "{{ item.0.value.mode | d(lp_systemd_mode) }}"
82 no_extra_spaces: "{{ lp_systemd_conf_no_extra_spaces }}"
83 backup: "{{ lp_backup_conf }}"
84 loop: "{{ lp_systemd_conf | dict2items | subelements('value.conf') }}"
85 loop_control:
86 label: "{{ item.0.key }} {{ item.1.section }} {{ item.1.key }} {{ item.1.val }}"
87
88 - name: "Systemd: Debug conf results lp_systemd_debug={{ lp_systemd_debug }}"
89 when: lp_systemd_debug | bool
90 ansible.builtin.debug:
91 msg: "{{ lp_systemd_conf_changes.results }}"
92
93 - name: "Systemd: Debug loop conf results lp_systemd_debug={{ lp_systemd_debug }}"
94 when: lp_systemd_debug | bool
95 vars:
96 my_service: "{{ item.item.0.value.reload_service }}"
97 my_state: "{{ my_services[my_service].state | d('started') }}"
98 my_restart_or_reload: "{{ my_services[my_service].restart_or_reload | d('reloaded') }}"
99 ansible.builtin.debug:
100 msg: "{{ my_service }} {{ my_state }} {{ my_restart_or_reload }}"
101 loop: "{{ lp_systemd_conf_changes.results | d([]) }}"
102 loop_control:
103 label: "{{ item.path | d('NA') }}" # 'lp_systemd: false' complains "no attribute 'path'"
104
105- name: Create units
106 tags: lp_systemd_unit_create
107 block:
108
109 - name: "Systemd: Create units"
110 when: item.state | d('noop') == 'create'
111 register: lp_systemd_unit_create_changes
112 notify: reload systemd units
113 ansible.builtin.template:
114 src: systemd-unit.j2
115 dest: "{{ item.path | d(lp_systemd_unit_dir) }}/{{ item.name }}.{{ item.type | d(lp_systemd_unit_type) }}"
116 owner: "{{ item.owner | d(lp_systemd_owner) }}"
117 group: "{{ item.group | d(lp_systemd_group) }}"
118 mode: "{{ item.mode | d(lp_systemd_mode) }}"
119 backup: "{{ lp_backup_conf }}"
120 loop: "{{ lp_systemd_unit }}"
121 loop_control:
122 label: "{{ item.name }}.{{ item.type | d(lp_systemd_unit_type) }}"
123
124 - name: "Systemd: Debug unit create results lp_systemd_debug={{ lp_systemd_debug }}"
125 when: lp_systemd_debug | bool
126 ansible.builtin.debug:
127 var: lp_systemd_unit_create_changes
128
129- name: Remove units
130 tags: lp_systemd_unit_remove
131 block:
132
133 - name: "Systemd: Remove units"
134 when: item.state | d('noop') == 'absent'
135 register: lp_systemd_unit_remove_changes
136 ansible.builtin.file:
137 state: absent
138 path: "{{ item.path | d(lp_systemd_unit_dir) }}/{{ item.name }}.{{ item.type | d(lp_systemd_unit_type) }}"
139 loop: "{{ lp_systemd_unit }}"
140 loop_control:
141 label: "{{ item.name }}.{{ item.type | d(lp_systemd_unit_type) }}"
142
143 - name: "Systemd: Debug unit remove results lp_systemd_debug={{ lp_systemd_debug }}"
144 when: lp_systemd_debug | bool
145 ansible.builtin.debug:
146 var: lp_systemd_unit_remove_changes
147
148- name: Control units
149 tags: lp_systemd_unit_control
150 block:
151
152 - name: "Systemd: Control units"
153 when:
154 - item.control | d([]) | length > 0
155 - not (item.name | regex_search('^(.*)@\.\w+$'))
156 register: lp_systemd_unit_control_changes
157 ansible.builtin.systemd:
158 name: "{{ item.name }}.{{ item.type | d(lp_systemd_unit_type) }}"
159 daemon_reexec: "{{ item.control.daemon_reexec | d(omit) }}"
160 daemon_reload: "{{ item.control.daemon_reload | d(omit) }}"
161 enabled: "{{ item.control.enabled | d(omit) }}"
162 force: "{{ item.control.force | d(omit) }}"
163 masked: "{{ item.control.masked | d(omit) }}"
164 no_block: "{{ item.control.no_block | d(omit) }}"
165 scope: "{{ item.control.scope | d(omit) }}"
166 state: "{{ item.control.state | d(omit) }}"
167 loop: "{{ lp_systemd_unit }}"
168 loop_control:
169 label: "{{ item.name }}.{{ item.type | d(lp_systemd_unit_type) }}"
170
171 - name: "Systemd: Debug unit control results lp_systemd_debug={{ lp_systemd_debug }}"
172 when: lp_systemd_debug | bool
173 ansible.builtin.debug:
174 var: lp_systemd_unit_control_changes
175
176# EOF
timesyncd.yml
Synopsis: Configure timesyncd
Description of the task.
1---
2# linux_postinstall timesyncd
3
4- name: "Timesyncd: Debug lp_timesyncd_debug={{ lp_timesyncd_debug }}"
5 when: lp_timesyncd_debug | bool
6 tags: lp_timesyncd_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 ansible_distribution: {{ ansible_facts['distribution'] }}
11 ansible_distribution_version: {{ ansible_facts['distribution_version'] }}
12 ansible_distribution_release: {{ ansible_facts['distribution_release'] }}
13
14 lp_backup_conf: {{ lp_backup_conf }}
15
16 lp_timesyncd_install: {{ lp_timesyncd_install }}
17 lp_timesyncd_enable: {{ lp_timesyncd_enable }}
18 lp_timesyncd_service: {{ lp_timesyncd_service }}
19 lp_timesyncd_sanity: {{ lp_timesyncd_sanity }}
20 lp_timesyncd_service_exists_fatal: {{ lp_timesyncd_service_exists_fatal }}
21 lp_timesyncd_rescue_end_host {{ lp_timesyncd_rescue_end_host }}
22 lp_timesyncd_flush_handlers: {{ lp_timesyncd_flush_handlers }}
23 lp_timesyncd_conf_file: {{ lp_timesyncd_conf_file }}
24 lp_timesyncd_conf_file_orig: {{ lp_timesyncd_conf_file_orig }}
25 lp_timesyncd_conf_template: {{ lp_timesyncd_conf_template }}
26 lp_timesyncd_ntp: {{ lp_timesyncd_ntp }}
27 lp_timesyncd_fallbackntp: {{ lp_timesyncd_fallbackntp }}
28 lp_timesyncd_rootdistancemaxsec: {{ lp_timesyncd_rootdistancemaxsec }}
29 lp_timesyncd_pollintervalminsec: {{ lp_timesyncd_pollintervalminsec }}
30 lp_timesyncd_pollintervalmaxsec: {{ lp_timesyncd_pollintervalmaxsec }}
31 lp_timesyncd_connectionretrysec: {{ lp_timesyncd_connectionretrysec }}
32 lp_timesyncd_saveintervalsec: {{ lp_timesyncd_saveintervalsec }}
33 lp_timesyncd_packages:
34 {{ lp_timesyncd_packages | to_nice_yaml(indent=2) | indent(2) }}
35 ansible.builtin.debug:
36 msg: "{{ '{}'.format(msg) }}"
37
38- name: Sanity
39 when: lp_timesyncd_sanity | bool
40 tags: lp_timesyncd_sanity
41 block:
42
43 - name: "Timesyncd: sanity: Assert chrony and timesyncd packages mutually exclusive."
44 ansible.builtin.assert:
45 that: not (lp_chrony_install | bool and lp_timesyncd_install | bool)
46 fail_msg: >
47 [ERR] Packages for chrony and timesyncd are mutually exclusive.
48
49 - name: "Timesyncd: sanity: Assert chrony and timesyncd services mutually exclusive."
50 ansible.builtin.assert:
51 that: not (lp_chrony_enable | bool and lp_timesyncd_enable | bool)
52 fail_msg: >
53 [ERR] Services {{ lp_chrony_service }} and {{ lp_timesyncd_service }}
54 are mutually exclusive.
55
56 - name: "Timesyncd: sanity: Get package facts"
57 ansible.builtin.package_facts:
58
59 - name: "Timesyncd: sanity: Assert installed lp_timesyncd_packages in ansible_check_mode"
60 when: lp_timesyncd_install | bool
61 vars:
62 missing: "{{ lp_timesyncd_packages | difference(ansible_facts.packages) }}"
63 ansible.builtin.assert:
64 that: missing | length == 0
65 fail_msg: >
66 [ERR] Packages must be installed before running --check
67 Missing packages: {{ missing }}
68
69- name: "Timesyncd: Install packages"
70 when: lp_timesyncd_install | bool
71 tags: lp_timesyncd_packages
72 vars:
73 ll_ipkg_list: "{{ lp_timesyncd_packages }}"
74 ll_ipkg_state: "{{ lp_package_state }}"
75 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
76 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
77 ll_debug: "{{ lp_timesyncd_debug | bool }}"
78 ansible.builtin.import_role:
79 name: vbotka.linux_lib
80 tasks_from: install_package.yml
81
82- name: Set lp_timesyncd_service_exists/found
83 block:
84
85 - name: "Timesyncd: Get Service facts"
86 ansible.builtin.service_facts:
87
88 - name: "Timesyncd: Set lp_timesyncd_service_exists/found={{ exists ~ '/' ~ found }}"
89 vars:
90 service: "{{ lp_timesyncd_service | splitext | first }}.service"
91 exists: "{{ service in ansible_facts.services }}"
92 found: "{{ ansible_facts.services[service]['status'] | d('not-found') != 'not-found' }}"
93 ansible.builtin.set_fact:
94 lp_timesyncd_service_exists: "{{ exists }}"
95 lp_timesyncd_service_found: "{{ found }}"
96
97 - name: "Timesyncd: Debug lp_timesyncd_service lp_timesyncd_debug={{ lp_timesyncd_debug }}"
98 when: lp_timesyncd_debug | bool
99 vars:
100 service: "{{ lp_timesyncd_service | splitext | first }}.service"
101 ansible.builtin.debug:
102 msg: |
103 lp_timesyncd_service_exists: {{ lp_timesyncd_service_exists }}
104 lp_timesyncd_service_found: {{ lp_timesyncd_service_found }}
105 {% if lp_timesyncd_service_exists %}
106 {{ service }}:
107 {{ ansible_facts.services[service] | to_nice_yaml(indent=2) | indent(2) }}
108 {% endif %}
109
110 - name: "Timesyncd: Assert exists and found {{ lp_timesyncd_service }}"
111 when: lp_timesyncd_service_exists_fatal | bool
112 ansible.builtin.assert:
113 that:
114 - lp_timesyncd_service_exists
115 - lp_timesyncd_service_found
116 fail_msg: "[ERR] Service {{ lp_timesyncd_service }} must exists and be found."
117
118- name: Configure timesyncd
119 tags: lp_timesyncd_conf
120 block:
121
122 - name: "Timesyncd: Keep original {{ lp_timesyncd_conf_file }}"
123 when: lp_timesyncd_conf_file_orig | bool
124 ansible.builtin.copy:
125 src: "{{ lp_timesyncd_conf_file }}"
126 dest: "{{ lp_timesyncd_conf_file }}.orig"
127 mode: "0644"
128 remote_src: true
129 force: false
130
131 - name: "Timesyncd: Configure {{ lp_timesyncd_conf_file }}"
132 notify: restart timesyncd
133 ansible.builtin.template:
134 src: "{{ lp_timesyncd_conf_template }}"
135 dest: "{{ lp_timesyncd_conf_file }}"
136 owner: root
137 group: root
138 mode: "0644"
139 backup: "{{ lp_backup_conf }}"
140
141 rescue:
142
143 - name: "Timesyncd: Print errors"
144 ansible.builtin.debug:
145 msg: |
146 [ERR] task {{ ansible_failed_task.name }} failed. End host.
147 ansible_failed_task:
148 {{ ansible_failed_task | to_yaml(indent=2) | indent(2) }}
149 ansible_failed_result:
150 {{ ansible_failed_result | to_yaml(indent=2) | indent(2) }}
151
152 - name: "Timesyncd: End host"
153 when: lp_timesyncd_rescue_end_host | bool
154 ansible.builtin.meta: end_host
155
156 - name: "Timesyncd: Clear host errors"
157 ansible.builtin.meta: clear_host_errors
158
159- name: Service timesyncd
160 when: lp_timesyncd_service_found
161 tags: lp_timesyncd_service
162 block:
163
164 - name: "Timesyncd: Set service state/status {{ state ~ '/' ~ enable }}"
165 register: result
166 vars:
167 enabled: "{{ lp_timesyncd_enable | bool | d(false) }}"
168 default_state: "{{ enabled | ternary('started', 'stopped') }}"
169 state: "{{ lp_timesyncd_state | d(default_state) }}"
170 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
171 ansible.builtin.service:
172 name: "{{ lp_timesyncd_service }}"
173 state: "{{ state }}"
174 enabled: "{{ enabled }}"
175
176 - name: "Timesyncd: Debug set state/status result lp_timesyncd_debug2={{ lp_timesyncd_debug2 | d(false) | bool }}"
177 when: lp_timesyncd_debug2 | d(false) | bool
178 ansible.builtin.debug:
179 var: result
180
181 rescue:
182
183 - name: "Timesyncd: Print errors"
184 ansible.builtin.debug:
185 msg: |
186 [ERR] task {{ ansible_failed_task.name }} failed. End host.
187 ansible_failed_task:
188 {{ ansible_failed_task | to_yaml(indent=2) | indent(2) }}
189 ansible_failed_result:
190 {{ ansible_failed_result | to_yaml(indent=2) | indent(2) }}
191
192 - name: "Timesyncd: End host"
193 when: lp_timesyncd_rescue_end_host | bool
194 ansible.builtin.meta: end_host
195
196 - name: "Timesyncd: Clear host errors"
197 ansible.builtin.meta: clear_host_errors
198
199- name: "Timesyncd: Flush handlers"
200 when: lp_timesyncd_flush_handlers | bool
201 tags: lp_timesyncd_flush_handlers
202 ansible.builtin.meta: flush_handlers
203
204# Notes:
205
206# chrony and timesyncd are mutually exclusive
207# -------------------------------------------
208# To configure timesyncd without installation disable the service and
209# disable crashing on missing service
210# lp_timesyncd: true
211# lp_timesyncd_enable: false
212# lp_timesyncd_service_exists_fatal: false
213
214# CentOS
215# ------
216# * systemd compiled without timesyncd service in CentOS 7 ?
217# * use ntpd or chrony only ?
218# https://unix.stackexchange.com/questions/286708/
219# centos-7-2-minimal-time-synchronization-timedated-and-or-ntpd-chrony
220# https://www.freedesktop.org/wiki/Software/systemd/timedated/
221
222# EOF
timezone.yml
Synopsis: Configure timezone
Description of the task.
1---
2# linux_postinstall timezone
3
4- name: "Timezone: Debug lp_timezone_debug={{ lp_timezone_debug }}"
5 when: lp_timezone_debug | bool
6 tags: lp_timezone_debug
7 ansible.builtin.debug:
8 msg: "lp_timezone_zoneinfo: {{ lp_timezone_zoneinfo }}"
9
10- name: "Timezone: Set timezone {{ lp_timezone_zoneinfo }}"
11 tags: lp_timezone_set
12 community.general.timezone:
13 name: "{{ lp_timezone_zoneinfo | d('UTC') }}"
14
15# EOF
tlp.yml
Synopsis: Configure tlp
Description of the task.
1---
2# linux_postinstall tlp
3
4- name: "Tlp: Debug lp_tlp_debug={{ lp_tlp_debug }}"
5 when: lp_tlp_debug | bool
6 tags: lp_tlp_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_tlp_enable: {{ lp_tlp_enable }}
11 lp_tlp_install: {{ lp_tlp_install }}
12 lp_tlp_packages:
13 {{ lp_tlp_packages | to_nice_yaml(indent=2) | indent(2) }}
14 lp_tlp_thinkpad: {{ lp_tlp_thinkpad }}
15 lp_tlp_packages_tp:
16 {{ lp_tlp_packages_tp | to_nice_yaml(indent=2) | indent(2) }}
17 lp_tlp_config_file: {{ lp_tlp_config_file }}
18 lp_tlp_config:
19 {{ lp_tlp_config | to_nice_yaml(indent=2) | indent(2) }}
20 lp_tlp_services:
21 {{ lp_tlp_services | to_nice_yaml(indent=2) | indent(2) }}
22 lp_tlp_restart_service: {{ lp_tlp_restart_service }}
23 lp_backup_conf: {{ lp_backup_conf }}
24 ansible.builtin.debug:
25 msg: "{{ '{}'.format(msg) }}"
26
27- name: Install packages
28 tags: lp_tlp_packages
29 block:
30
31 - name: "Tlp: Install packages"
32 when: lp_tlp_install | bool
33 vars:
34 ll_ipkg_list: "{{ lp_tlp_packages }}"
35 ll_ipkg_state: "{{ lp_package_state }}"
36 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
37 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
38 ll_debug: "{{ lp_tlp_debug | bool }}"
39 ansible.builtin.import_role:
40 name: vbotka.linux_lib
41 tasks_from: install_package.yml
42
43 - name: "Tlp: Install packages for ThinkPad"
44 when: lp_tlp_thinkpad | bool
45 vars:
46 ll_ipkg_list: "{{ lp_tlp_packages_tp }}"
47 ll_ipkg_state: "{{ lp_package_state }}"
48 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
49 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
50 ll_debug: "{{ lp_tlp_debug | bool }}"
51 ansible.builtin.import_role:
52 name: vbotka.linux_lib
53 tasks_from: install_package.yml
54
55- name: "Tlp: Configure {{ lp_tlp_config_file }}"
56 tags: lp_tlp_conf
57 notify: restart tlp
58 ansible.builtin.lineinfile:
59 dest: "{{ lp_tlp_config_file }}"
60 regexp: ^\s*{{ item.key }}\s*=\s*(.*)$
61 line: "{{ item.key }}={{ item.value }}"
62 create: true
63 mode: "0644"
64 backup: "{{ lp_backup_conf }}"
65 loop: "{{ lp_tlp_config }}"
66 loop_control:
67 label: "{{ item.key }}: {{ item.value }}"
68
69- name: "Tlp: Services start/stop and enable/disable"
70 tags: lp_tlp_service
71 vars:
72 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
73 srv_enbl: "{{ lookup('vars', 'lp_' ~ item ~ '_enable', default=false) }}"
74 srv_stat: "{{ lookup('vars', 'lp_' ~ item ~ '_state', default=default_stat) }}"
75 default_stat: "{{ srv_enbl | bool | ternary('started', 'stopped') }}"
76 ansible.builtin.service:
77 name: "{{ srv_name }}"
78 state: "{{ srv_stat }}"
79 enabled: "{{ srv_enbl }}"
80 loop: "{{ lp_tlp_services }}"
81 loop_control:
82 label: "{{ srv_name }} state: {{ srv_stat }} enabled: {{ srv_enbl }}"
83
84# EOF
udev.yml
Synopsis: Configure udev
Description of the task.
1---
2# linux_postinstall udev
3
4- name: "Udev: Debug lp_udev_debug={{ lp_udev_debug }}"
5 when: lp_udev_debug | bool
6 tags: lp_udev_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 ansible_distribution: {{ ansible_facts['distribution'] }}
11 ansible_distribution_version: {{ ansible_facts['distribution_version'] }}
12 ansible_distribution_release: {{ ansible_facts['distribution_release'] }}
13
14 lp_backup_conf: {{ lp_backup_conf }}
15
16 lp_udev_debug2: {{ lp_udev_debug2 | bool }}
17 lp_udev_enable: {{ lp_udev_enable }}
18 lp_udev_module: {{ lp_udev_module }}
19 lp_udev_service: {{ lp_udev_service }}
20 lp_udev_path: {{ lp_udev_path }}
21 lp_udev_conf_file: {{ lp_udev_conf_file }}
22 lp_udev_conf:
23 {{ lp_udev_conf | to_yaml(indent=2) | indent(2) }}
24 lp_udev_rules_dir: {{ lp_udev_rules_dir }}
25 lp_udev_rules_template: {{ lp_udev_rules_template }}
26 lp_udev_rules:
27 {{ lp_udev_rules | to_yaml(indent=2) | indent(2) }}
28 >>> Deprecated - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
29 lp_udev_persistent_net_template: {{ lp_udev_persistent_net_template }}
30 lp_udev_persistent_net_rules_file: {{ lp_udev_persistent_net_rules_file }}
31 lp_udev_persistent_net_rules:
32 {{ lp_udev_persistent_net_rules | to_nice_yaml(indent=2) | indent(2) }}
33 lp_udev_hci_name_rules_file: {{ lp_udev_hci_name_rules_file }}
34 lp_udev_hci_name_rules:
35 {{ lp_udev_hci_name_rules | to_nice_yaml(indent=2) | indent(2) }}
36 lp_udev_hci_run_rules_file: {{ lp_udev_hci_run_rules_file }}
37 lp_udev_hci_run_rules:
38 {{ lp_udev_hci_run_rules | to_nice_yaml(indent=2) | indent(2) }}
39 ansible.builtin.debug:
40 msg: "{{ '{}'.format(msg) }}"
41
42- name: "Udev: Configure {{ lp_udev_conf_file }}"
43 tags: lp_udev_conf
44 notify: update initrd
45 ansible.builtin.lineinfile:
46 dest: "{{ lp_udev_conf_file }}"
47 regexp: ^\s*{{ item.key }}\s*=(.*)$
48 line: "{{ item.key }}={{ item.val }}"
49 backup: "{{ lp_backup_conf }}"
50 loop: "{{ lp_udev_conf }}"
51
52- name: "Udev: Configure {{ lp_udev_rules_dir }}"
53 tags: lp_udev_rules
54 notify: reload udev
55 ansible.builtin.template:
56 src: "{{ lp_udev_rules_template }}"
57 dest: "{{ lp_udev_rules_dir }}/{{ item.key }}"
58 owner: root
59 group: root
60 mode: "0644"
61 backup: "{{ lp_backup_conf }}"
62 loop: "{{ lp_udev_rules | dict2items }}"
63 loop_control:
64 label: "{{ item.key }}"
65
66 # > > > Deprecated, use lp_udev_rules instead - - - - - - - - - - - - - - - - - -
67
68- name: Configure legacy templates
69 notify: reload udev
70 block:
71
72 - name: "Udev: Configure {{ lp_udev_rules_dir ~ '/' ~ lp_udev_persistent_net_rules_file }}"
73 tags: lp_udev_persistentnet
74 ansible.builtin.template:
75 src: "{{ lp_udev_persistent_net_template }}"
76 dest: "{{ lp_udev_rules_dir }}/{{ lp_udev_persistent_net_rules_file }}"
77 owner: root
78 group: root
79 mode: "0644"
80 backup: "{{ lp_backup_conf }}"
81 loop: "{{ lp_udev_persistent_net_rules }}"
82
83 - name: "Udev: Configure {{ lp_udev_rules_dir ~ '/' ~ lp_udev_hci_name_rules_file }}"
84 tags: lp_udev_hciname
85 ansible.builtin.template:
86 src: hci-name.rules.j2
87 dest: "{{ lp_udev_rules_dir }}/{{ lp_udev_hci_name_rules_file }}"
88 owner: root
89 group: root
90 mode: "0644"
91 backup: "{{ lp_backup_conf }}"
92 loop: "{{ lp_udev_hci_name_rules }}"
93
94 - name: "Udev: Configure {{ lp_udev_rules_dir ~ '/' ~ lp_udev_hci_run_rules_file }}"
95 tags: lp_udev_hcirun
96 ansible.builtin.template:
97 src: hci-run.rules.j2
98 dest: "{{ lp_udev_rules_dir }}/{{ lp_udev_hci_run_rules_file }}"
99 owner: root
100 group: root
101 mode: "0644"
102 backup: "{{ lp_backup_conf }}"
103 loop: "{{ lp_udev_hci_run_rules }}"
104
105 # - - - - - - - - - - - - - - - - - - Deprecated, use lp_udev_rules instead < < <
106
107- name: Debug ansible_facts.services
108 when: lp_udev_debug2 | bool
109 block:
110
111 - name: "Udev: Get ansible_facts.services"
112 ansible.builtin.service_facts:
113
114 - name: "Udev: Debug ansible_facts.services *udev* lp_udev_debug2={{ lp_udev_debug2 }}"
115 vars:
116 udev_service: "{{ ansible_facts.services | dict2items | selectattr('key', 'search', 'udev') | items2dict }}"
117 ansible.builtin.debug:
118 var: udev_service
119
120# The module ansible.builtin.service is not idempotent when the
121# parameter enabled is True for udev.service. udev.service is alias to
122# systemd-udevd.service. systemd-udevd.service is static (see man
123# systemctl; unit file command is-enabled).
124# See: systemd and service modules don't check is-enabled stdout values
125# https://github.com/ansible/ansible/issues/28247
126
127- name: Start and enable udev
128 when: lp_udev_enable | bool
129 tags: lp_udev_service
130 block:
131
132 - name: "Udev: Start and enable udev (service)"
133 when: lp_udev_module == 'service'
134 register: result_service
135 ansible.builtin.service:
136 name: "{{ lp_udev_service }}"
137 state: started
138
139 - name: "Udev: Start and enable udev (systemd)"
140 when: lp_udev_module == 'systemd'
141 register: result_systemd
142 ansible.builtin.systemd_service:
143 name: "{{ lp_udev_service }}"
144 state: started
145
146 - name: "Udev: Start and enable udev (sysvinit)"
147 when: lp_udev_module == 'sysvinit'
148 register: result_sysvinit
149 ansible.builtin.sysvinit:
150 name: "{{ lp_udev_service }}"
151 state: started
152 enabled: true
153
154 - name: "Udev: Debug result lp_udev_debug2={{ lp_udev_debug2 }}"
155 when: lp_udev_debug2 | bool
156 ansible.builtin.debug:
157 msg: "{{ lookup('vars', 'result_' ~ lp_udev_module) }}"
158
159- name: Stop and disable udev
160 when: not lp_udev_enable | bool
161 tags: lp_udev_service
162 block:
163
164 - name: "Udev: Stop and disable udev"
165 register: result
166 ansible.builtin.service:
167 name: "{{ lp_udev_service }}"
168 state: stopped
169 enabled: false
170
171 - name: "Udev: Debug result lp_udev_debug2={{ lp_udev_debug2 }}"
172 when: lp_udev_debug2 | bool
173 ansible.builtin.debug:
174 var: result
175
176# EOF
ufw.yml
Synopsis: Configure ufw
Description of the task.
1---
2# linux_postinstall ufw
3
4# Notes
5#
6# 1.Aliases of parameters in ufw module not implemented in task
7# "Configure ufw".
8# 2.It's not necessary to reload ufw after configuration changed.
9# The module ufw automatically updates the rules.
10# 3.Best practice: First time 'lp_ufw_reset: true'; configure and enable
11# ufs (configuration item {state: 'enabled'} reloads firewall and
12# enables firewall on boot); 'lp_ufw_enable: true' start and enable ufw
13# service.
14# 4.Configuration on the fly: configure and enable ufs.
15# 5.The last configuration item should be {state: 'enabled'}.
16# 6.ufw is not starting on boot despite ENABLED=yes in /etc/ufw/ufw.conf
17# See: How do I get ufw to start on boot?
18# https://askubuntu.com/questions/1040539/how-do-i-get-ufw-to-start-on-boot
19# 7.See: man ufw.
20
21- name: "Ufw: Debug lp_ufw_debug={{ lp_ufw_debug }}"
22 when: lp_ufw_debug | bool
23 tags: lp_ufw_debug
24 vars:
25 msg: |-
26 ansible_os_family: {{ ansible_facts['os_family'] }}
27 lp_ufw_install: {{ lp_ufw_install }}
28 lp_ufw_enable: {{ lp_ufw_enable }}
29 lp_ufw_reset: {{ lp_ufw_reset }}
30 lp_ufw_reload: {{ lp_ufw_reload }}
31 lp_ufw_packages:
32 {{ lp_ufw_packages | to_nice_yaml(indent=2) | indent(2) }}
33 lp_ufw_default:
34 {{ lp_ufw_default | to_yaml(indent=2) | indent(2) }}
35 lp_ufw_sysctl:
36 {{ lp_ufw_sysctl | to_yaml(indent=2) | indent(2) }}
37 lp_ufw_blocks:
38 {{ lp_ufw_blocks | to_nice_yaml(indent=2) | indent(2) }}
39 lp_ufw_conf:
40 {{ lp_ufw_conf | to_yaml(indent=2) | indent(2) }}
41 lp_ufw_service_conf:
42 {{ lp_ufw_service_conf | to_yaml(indent=2) | indent(2) }}
43 lp_backup_conf: {{ lp_backup_conf }}
44 ansible.builtin.debug:
45 msg: "{{ '{}'.format(msg) }}"
46
47- name: "Ufw: Install packages"
48 when: lp_ufw_install | bool
49 tags: lp_ufw_packages
50 vars:
51 ll_ipkg_list: "{{ lp_ufw_packages }}"
52 ll_ipkg_state: "{{ lp_package_state }}"
53 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
54 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
55 ll_debug: "{{ lp_ufw_debug | bool }}"
56 ansible.builtin.import_role:
57 name: vbotka.linux_lib
58 tasks_from: install_package.yml
59
60- name: "Ufw: Disable and reset firewall to installation defaults"
61 when: lp_ufw_reset | bool
62 tags: lp_ufw_reset
63 community.general.ufw:
64 state: reset
65
66- name: "Ufw: Reload firewall"
67 when: lp_ufw_reload | bool
68 tags: lp_ufw_reload
69 community.general.ufw:
70 state: reloaded
71
72- name: "Ufw: Configure /etc/default/ufw"
73 tags: lp_ufw_default
74 notify: reload ufw
75 ansible.builtin.lineinfile:
76 path: /etc/default/ufw
77 regexp: ^\s*{{ item.key }}\s*=(.*)$
78 line: "{{ item.key }}={{ item.val }}"
79 backup: "{{ lp_backup_conf }}"
80 loop: "{{ lp_ufw_default }}"
81 loop_control:
82 label: "{{ item.key }}: {{ item.val }}"
83
84- name: "Ufw: Configure /etc/ufw/sysctl.conf"
85 tags: lp_ufw_sysctl
86 notify: reload ufw
87 ansible.builtin.lineinfile:
88 path: /etc/ufw/sysctl.conf
89 regexp: ^\s*{{ item.key }}\s*=(.*)$
90 line: "{{ item.key }}={{ item.val }}"
91 backup: "{{ lp_backup_conf }}"
92 loop: "{{ lp_ufw_sysctl }}"
93 loop_control:
94 label: "{{ item.key }}: {{ item.val }}"
95
96- name: "Ufw: Configure blocks"
97 tags: lp_ufw_blocks
98 notify: reload ufw
99 ansible.builtin.blockinfile:
100 path: /etc/ufw/{{ item.0.key }}
101 marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item.1.mark }}"
102 block: "{{ item.1.block }}"
103 insertbefore: "{{ item.1.insertbefore | d(omit) }}"
104 insertafter: "{{ item.1.insertafter | d(omit) }}"
105 backup: "{{ lp_backup_conf }}"
106 loop: "{{ lp_ufw_blocks | dict2items | subelements('value') }}"
107 loop_control:
108 label: "{{ item.0.key }} {{ item.1.mark }}"
109
110- name: "Ufw: Configure ufw"
111 tags: lp_ufw_conf
112 community.general.ufw:
113 comment: "{{ item.comment | d(omit) }}"
114 default: "{{ item.default | d(omit) }}"
115 delete: "{{ item.delete | d(omit) }}"
116 direction: "{{ item.direction | d(omit) }}"
117 from_ip: "{{ item.from_ip | d(omit) }}"
118 from_port: "{{ item.from_port | d(omit) }}"
119 insert: "{{ item.insert | d(omit) }}"
120 insert_relative_to: "{{ item.insert_relative_to | d(omit) }}"
121 interface: "{{ item.interface | d(omit) }}"
122 log: "{{ item.log | d(omit) }}"
123 logging: "{{ item.logging | d(omit) }}"
124 name: "{{ item.name | d(omit) }}"
125 proto: "{{ item.proto | d(omit) }}"
126 route: "{{ item.route | d(omit) }}"
127 rule: "{{ item.rule | d(omit) }}"
128 state: "{{ item.state | d(omit) }}"
129 to_ip: "{{ item.to_ip | d(omit) }}"
130 to_port: "{{ item.to_port | d(omit) }}"
131 loop: "{{ lp_ufw_conf }}"
132 loop_control:
133 label: "{{ item.comment | d('no comment') }}"
134
135- name: "Ufw: Configure service"
136 tags: lp_ufw_service_conf
137 notify: "{{ item.0.handlers | d(omit) }}"
138 community.general.ini_file:
139 path: "{{ item.0.path }}"
140 owner: "{{ item.0.owner | d(omit) }}"
141 group: "{{ item.0.group | d(omit) }}"
142 mode: "{{ item.0.mode | d(omit) }}"
143 create: "{{ item.0.create | d(omit) }}"
144 no_extra_spaces: "{{ item.0.no_extra_spaces | d(omit) }}"
145 section: "{{ item.1.section }}"
146 state: "{{ item.1.state | d(omit) }}"
147 option: "{{ item.1.option | d(omit) }}"
148 value: "{{ item.1.value | d(omit) }}"
149 backup: "{{ lp_backup_conf }}"
150 loop: "{{ lp_ufw_service_conf | subelements('ini', {'skip_missing': True}) }}"
151 loop_control:
152 label: >
153 {{ item.0.path }}
154 {{ item.1.section | d('none') }}
155 {{ item.1.option | d('none') }}
156 {{ item.1.value | d('none') }}
157 {{ item.1.state | d('none') }}
158
159- name: Service
160 tags: lp_ufw_service
161 block:
162
163 - name: "Ufw: Service {{ state ~ ' and ' ~ enable }}"
164 register: result
165 vars:
166 enabled: "{{ lp_ufw_enable | bool | d(false) }}"
167 state: "{{ lp_ufw_state | d(default_state) }}"
168 default_state: "{{ enabled | ternary('started', 'stopped') }}"
169 enable: "{{ enabled | ternary('enabled', 'disabled') }}"
170 ansible.builtin.service:
171 name: "{{ lp_ufw_service }}"
172 state: "{{ state }}"
173 enabled: "{{ enabled }}"
174
175 - name: "Ufw: Debug service lp_ufw_debug={{ lp_ufw_debug }}"
176 when: lp_ufw_debug | bool
177 ansible.builtin.debug:
178 var: result
179
180# EOF
users.yml
Synopsis: Configure users
Description of the task.
1---
2# linux_postinstall users
3
4- name: "Users: Debug lp_users_debug={{ lp_users_debug }}"
5 when: lp_users_debug | bool
6 tags: lp_users_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_users_nolog: {{ lp_users_nolog }}
11 lp_users:
12 {{ lp_users | to_nice_yaml(indent=2) | indent(2) }}
13 lp_users_groups:
14 {{ lp_users_groups | to_nice_yaml(indent=2) | indent(2) }}
15 ansible.builtin.debug:
16 msg: "{{ '{}'.format(msg) }}"
17
18- name: "Users: Manage user accounts"
19 tags: lp_users_accounts
20 no_log: "{{ lp_users_nolog | bool }}"
21 ansible.builtin.user:
22 name: "{{ item.name }}"
23 authorization: "{{ item.authorization | d(omit) }}"
24 comment: "{{ item.comment | d(omit) }}"
25 create_home: "{{ item.create_home | d(omit) }}"
26 expires: "{{ item.expires | d(omit) }}"
27 force: "{{ item.force | d(omit) }}"
28 generate_ssh_key: "{{ item.generate_ssh_key | d(omit) }}"
29 group: "{{ item.group | d(omit) }}"
30 hidden: "{{ item.hidden | d(omit) }}"
31 home: "{{ item.home | d(omit) }}"
32 local: "{{ item.local | d(omit) }}"
33 login_class: "{{ item.login_class | d(omit) }}"
34 move_home: "{{ item.move_home | d(omit) }}"
35 non_unique: "{{ item.non_unique | d(omit) }}"
36 password: "{{ item.password | d(omit) }}"
37 password_lock: "{{ item.password_lock | d(omit) }}"
38 profile: "{{ item.profile | d(omit) }}"
39 remove: "{{ item.remove | d(omit) }}"
40 role: "{{ item.role | d(omit) }}"
41 seuser: "{{ item.seuser | d(omit) }}"
42 shell: "{{ item.shell | d(omit) }}"
43 skeleton: "{{ item.skeleton | d(omit) }}"
44 ssh_key_bits: "{{ item.ssh_key_bits | d(omit) }}"
45 ssh_key_comment: "{{ item.ssh_key_comment | d(omit) }}"
46 ssh_key_file: "{{ item.ssh_key_file | d(omit) }}"
47 ssh_key_passphrase: "{{ item.ssh_key_passphrase | d(omit) }}"
48 ssh_key_type: "{{ item.ssh_key_type | d(omit) }}"
49 state: "{{ item.state | d(omit) }}"
50 system: "{{ item.system | d(omit) }}"
51 uid: "{{ item.uid | d(omit) }}"
52 update_password: "{{ item.update_password | d(omit) }}"
53 loop: "{{ lp_users }}"
54 loop_control:
55 label: "{{ item.name }}"
56
57- name: "Users: Add users to additional groups"
58 tags: lp_users_groups
59 ansible.builtin.user:
60 name: "{{ item.name }}"
61 groups: "{{ item.groups }}"
62 append: "{{ item.append | d(true) }}"
63 loop: "{{ lp_users_groups }}"
64 loop_control:
65 label: "{{ item.name }}: {{ item.groups }}"
66
67# EOF
vars_firstfound.yml
Synopsis: Configure vars_firstfound
Description of the task.
1---
2# linux_postinstall vars_firstfound
3
4- name: "Vars_firstfound: Include defaults for {{ label }}"
5 ansible.builtin.include_vars: "{{ file }}"
6 # register: result
7 vars:
8 label: "{{ [ansible_distribution_release, ansible_distribution, ansible_os_family] | join(',') }}"
9 file: "{{ lookup('first_found', params) }}"
10 params:
11 skip: "{{ lp_vars_distro_firstfound_skip | bool }}"
12 files:
13 - "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_release'] }}.yml"
14 - "{{ ansible_facts['distribution'] }}.yml"
15 - "{{ ansible_facts['os_family'] }}.yml"
16 - default.yml
17 - defaults.yml
18 paths:
19 - "{{ role_path }}/vars/defaults"
20
21# Note: skip doesn't work with first_found lookup #43833
22# https://github.com/ansible/ansible/issues/43833
23# workaround: Create empty defaults.yml
24
25# - name: "vars_firstfound: Debug include default vars from"
26# ansible.builtin.debug:
27# var: result.ansible_included_var_files
28# when: lp_debug | bool
29
30- name: "Vars_firstfound: Include custom vars for {{ label }}"
31 # register: result
32 ansible.builtin.include_vars: "{{ file }}"
33 vars:
34 label: "{{ [ansible_distribution_release, ansible_distribution, ansible_os_family] | join(',') }}"
35 file: "{{ lookup('first_found', params) }}"
36 params:
37 skip: "{{ lp_vars_distro_firstfound_skip | bool }}"
38 files:
39 - "{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_release'] }}.yml"
40 - "{{ ansible_facts['distribution'] }}.yml"
41 - "{{ ansible_facts['os_family'] }}.yml"
42 - default.yml
43 - defaults.yml
44 paths:
45 - "{{ role_path }}/vars"
46
47# Note: skip doesn't work with first_found lookup #43833
48# https://github.com/ansible/ansible/issues/43833
49# workaround: Create empty defaults.yml
50
51# - name: "vars_firstfound: Debug include custom vars from"
52# ansible.builtin.debug:
53# var: result.ansible_included_var_files
54# when: lp_debug|bool
55
56# EOF
vars_incremental.yml
Synopsis: Configure vars_incremental
Description of the task.
1---
2# linux_postinstall vars_incremental
3
4- name: "Vars_incemental: Include default vars"
5 when: item is exists
6 register: result
7 vars:
8 my_path: "{{ role_path }}/vars/defaults.incr"
9 ansible.builtin.include_vars: "{{ item }}"
10 loop:
11 - "{{ my_path }}/defaults.yml"
12 - "{{ my_path }}/default.yml"
13 - "{{ my_path }}/{{ ansible_facts['os_family'] }}.yml"
14 - "{{ my_path }}/{{ ansible_facts['distribution'] }}.yml"
15 - "{{ my_path }}/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_release'] }}.yml"
16
17- name: "Vars_incemental: Debug include default vars"
18 when: lp_debug2 | d(false) | bool
19 ansible.builtin.debug:
20 var: result
21
22- name: "Vars_incemental: Include custom vars"
23 when: item is exists
24 register: result
25 vars:
26 my_path: "{{ role_path }}/vars"
27 ansible.builtin.include_vars: "{{ item }}"
28 loop:
29 - "{{ my_path }}/defaults.yml"
30 - "{{ my_path }}/default.yml"
31 - "{{ my_path }}/{{ ansible_facts['os_family'] }}.yml"
32 - "{{ my_path }}/{{ ansible_facts['distribution'] }}.yml"
33 - "{{ my_path }}/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_release'] }}.yml"
34
35- name: "Vars_incemental: Debug include custom vars"
36 when: lp_debug2 | d(false) | bool
37 ansible.builtin.debug:
38 var: result
39
40# EOF
vars.yml
Synopsis: Configure vars
Description of the task.
1---
2# linux_postinstall vars
3
4- name: "Vars: Include firstfound default vars"
5 when: lp_vars_distro == 'firstfound'
6 ansible.builtin.include_tasks: vars_firstfound.yml
7
8- name: "Vars: Include incremental default vars"
9 when: lp_vars_distro == 'incremental'
10 ansible.builtin.include_tasks: vars_incremental.yml
11
12- name: "Vars: Include firstfound default vars for various flavors"
13 when: lp_flavors_enable | bool
14 ansible.builtin.include_tasks: sub/vars_flavors.yml
15
16# TODO "vars: Include incremental default vars for various flavors"
17
18# EOF
virtualbox.yml
Synopsis: Configure virtualbox
Description of the task.
1---
2# linux_postinstall virtualbox
3
4- name: "Virtualbox: Debug lp_virtualbox_debug={{ lp_virtualbox_debug }}"
5 when: lp_virtualbox_debug | bool
6 tags: lp_virtualbox_debug
7 vars:
8 msg: |-
9 ansible_lsb.description: {{ ansible_lsb.codename }}
10 lp_virtualbox: {{ lp_virtualbox }}
11 lp_virtualbox_ignore_errors: {{ lp_virtualbox_ignore_errors }}
12 lp_virtualbox_keys: {{ lp_virtualbox_keys }}
13 lp_virtualbox_repos: {{ lp_virtualbox_repos }}
14 lp_virtualbox_packages:
15 {{ lp_virtualbox_packages | to_nice_yaml(indent=2) | indent(2) }}
16 lp_virtualbox_services:
17 {{ lp_virtualbox_services | to_nice_yaml(indent=2) | indent(2) }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20
21# TODO: assert lp_virtualbox_modules are loaded
22# when: lp_virtualbox | bool
23
24- name: "Virtualbox: Add signing key of VirtualBox"
25 tags: lp_virtualbox_keys
26 ansible.builtin.apt_key:
27 url: "{{ item }}"
28 state: present
29 loop: "{{ lp_virtualbox_keys }}"
30 register: result
31 retries: "{{ lp_install_retries }}"
32 until: result is succeeded
33 delay: "{{ lp_install_delay }}"
34 ignore_errors: "{{ lp_virtualbox_ignore_errors }}" # noqa ignore-errors
35
36- name: "Virtualbox: Add repository of VirtualBox"
37 tags: lp_virtualbox_repos
38 ansible.builtin.apt_repository:
39 repo: "{{ item }}"
40 state: present
41 loop: "{{ lp_virtualbox_repos }}"
42 ignore_errors: "{{ lp_virtualbox_ignore_errors }}" # noqa ignore-errors
43
44- name: "Virtualbox: Install VirtualBox packages"
45 when: lp_virtualbox_install | bool
46 tags: lp_virtualbox_packages
47 vars:
48 ll_ipkg_list: "{{ lp_virtualbox_packages }}"
49 ll_ipkg_state: "{{ lp_package_state }}"
50 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
51 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
52 ll_debug: "{{ lp_virtualboxool_debug | bool }}"
53 ignore_errors: "{{ lp_virtualbox_ignore_errors }}" # noqa ignore-errors
54 ansible.builtin.import_role:
55 name: vbotka.linux_lib
56 tasks_from: install_package.yml
57
58- name: "Virtualbox: Services start/stop and enable/disable"
59 tags: lp_virtualbox_service
60 vars:
61 srv_name: "{{ lookup('vars', 'lp_' ~ item ~ '_service', default=item) }}"
62 srv_enbl: "{{ lookup('vars', 'lp_' ~ item ~ '_enable', default=false) }}"
63 srv_stat: "{{ lookup('vars', 'lp_' ~ item ~ '_state', default=default_stat) }}"
64 default_stat: "{{ srv_enbl | bool | ternary('started', 'stopped') }}"
65 ansible.builtin.service:
66 name: "{{ srv_name }}"
67 state: "{{ srv_stat }}"
68 enabled: "{{ srv_enbl }}"
69 loop: "{{ lp_virtualbox_services }}"
70 loop_control:
71 label: "{{ srv_name }} state: {{ srv_stat }} enabled: {{ srv_enbl }}"
72
73# EOF
wpagui.yml
Synopsis: Configure wpagui
Description of the task.
1---
2# linux_postinstall wpa_gui
3
4# Note: Disable NetworkManager before installing wpagui
5#
6# Example:
7#
8# lp_nm: true
9# lp_nm_install: false
10# lp_nm_enable: false
11# lp_nm_conf:
12# - {key: managed, val: 'false'}
13# lp_nm_mask: true
14
15- name: "Wpagui: Debug lp_wpagui_debug={{ lp_wpagui_debug }}"
16 when: lp_wpagui_debug | bool
17 tags: lp_wpagui_debug
18 vars:
19 msg: |-
20 ansible_os_family: {{ ansible_facts['os_family'] }}
21 lp_wpagui_install: {{ lp_wpagui_install }}
22 lp_wpagui_packages:
23 {{ lp_wpagui_packages | to_nice_yaml(indent=2) | indent(2) }}
24 ansible.builtin.debug:
25 msg: "{{ '{}'.format(msg) }}"
26
27- name: "Wpagui: Install packages"
28 when: lp_wpagui_install | bool
29 tags: lp_wpagui_packages
30 vars:
31 ll_ipkg_list: "{{ lp_wpagui_packages }}"
32 ll_ipkg_state: "{{ lp_package_state }}"
33 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
34 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
35 ll_debug: "{{ lp_wpagui_debug | bool }}"
36 ansible.builtin.import_role:
37 name: vbotka.linux_lib
38 tasks_from: install_package.yml
39
40# EOF
wpasupplicant.yml
Synopsis: Configure wpasupplicant
Description of the task.
1---
2# linux_postinstall wpasupplicant
3
4- name: "Wpasupplicant: Debug lp_wpasupplicant_debug={{ lp_wpasupplicant_debug }}"
5 when: lp_wpasupplicant_debug | bool
6 tags: lp_wpasupplicant_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 ansible_distribution: {{ ansible_facts['distribution'] }}
11 ansible_distribution_version: {{ ansible_facts['distribution_version'] }}
12 ansible_distribution_release: {{ ansible_facts['distribution_release'] }}
13
14 lp_backup_conf: {{ lp_backup_conf }}
15 lp_package_state: {{ lp_package_state }}
16
17 lp_wpasupplicant_install: {{ lp_wpasupplicant_install }}
18 lp_wpasupplicant_packages:
19 {{ lp_wpasupplicant_packages | to_nice_yaml(indent=2) | indent(2) }}
20 lp_wpasupplicant_bin: {{ lp_wpasupplicant_bin }}
21 lp_wpasupplicant_conf_only: {{ lp_wpasupplicant_conf_only }}
22 lp_wpasupplicant_conf_dir: {{ lp_wpasupplicant_conf_dir }}
23 lp_wpasupplicant_conf_template: {{ lp_wpasupplicant_conf_template }}
24 lp_wpasupplicant_conf_owner: {{ lp_wpasupplicant_conf_owner }}
25 lp_wpasupplicant_conf_group: {{ lp_wpasupplicant_conf_group }}
26 lp_wpasupplicant_conf_mode: {{ lp_wpasupplicant_conf_mode }}
27 lp_wpasupplicant_conf_ctrl_interface: {{ lp_wpasupplicant_conf_ctrl_interface }}
28 lp_wpasupplicant_conf_global:
29 {{ lp_wpasupplicant_conf_global | to_yaml(indent=2) | indent(2) }}
30 lp_wpa_action_script: {{ lp_wpa_action_script }}
31 lp_wpa_action_script_dir: {{ lp_wpa_action_script_dir }}
32 lp_wpa_action_script_dir_owner: {{ lp_wpa_action_script_dir_owner }}
33 lp_wpa_action_script_dir_group: {{ lp_wpa_action_script_dir_group }}
34 lp_wpa_action_script_dir_mode: {{ lp_wpa_action_script_dir_mode }}
35 lp_wpa_action_script_file: {{ lp_wpa_action_script_file }}
36 lp_wpa_action_script_owner: {{ lp_wpa_action_script_owner }}
37 lp_wpa_action_script_group: {{ lp_wpa_action_script_group }}
38 lp_wpa_action_script_mode: {{ lp_wpa_action_script_mode }}
39 lp_wpa_action_script_dhclient: {{ lp_wpa_action_script_dhclient }}
40 lp_wpa_action_script_pidfile: {{ lp_wpa_action_script_pidfile }}
41 lp_wpa_action_script_options_connect: {{ lp_wpa_action_script_options_connect }}
42 lp_wpa_action_script_options_disconnect: {{ lp_wpa_action_script_options_disconnect }}
43 lp_wpa_action_script_logfile: {{ lp_wpa_action_script_logfile }}
44
45 lp_wpasupplicant_service_conf:
46 {{ lp_wpasupplicant_service_conf | to_nice_yaml(indent=2) | indent(2) }}
47 lp_wpasupplicant_debug_classified: {{ lp_wpasupplicant_debug_classified }}
48 {% if lp_wpasupplicant_debug_classified | bool %}
49 lp_wpasupplicant_conf:
50 {{ lp_wpasupplicant_conf | to_yaml(indent=2) | indent(2) }}
51 {% endif %}
52 ansible.builtin.debug:
53 msg: "{{ '{}'.format(msg) }}"
54
55- name: "Wpasupplicant: Install packages"
56 when: lp_wpasupplicant_install | bool
57 tags: lp_wpasupplicant_packages
58 vars:
59 ll_ipkg_list: "{{ lp_wpasupplicant_packages }}"
60 ll_ipkg_state: "{{ lp_package_state }}"
61 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
62 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
63 ll_debug: "{{ lp_wpasupplicant_debug | bool }}"
64 ansible.builtin.import_role:
65 name: vbotka.linux_lib
66 tasks_from: install_package.yml
67
68- name: Action script for wpa_cli
69 when: lp_wpa_action_script | bool
70 block:
71
72 - name: "Wpasupplicant: Create dir {{ lp_wpa_action_script_dir }}"
73 tags: lp_wpa_action_script_dir
74 ansible.builtin.file:
75 state: directory
76 path: "{{ lp_wpa_action_script_dir }}"
77 owner: "{{ lp_wpa_action_script_dir_owner }}"
78 group: "{{ lp_wpa_action_script_dir_group }}"
79 mode: "{{ lp_wpa_action_script_dir_mode }}"
80
81 - name: "Wpasupplicant: Create script {{ lp_wpa_action_script_file }}"
82 tags: lp_wpa_action_script
83 ansible.builtin.template:
84 src: wpa_action.sh.j2
85 dest: "{{ lp_wpa_action_script_file }}"
86 owner: "{{ lp_wpa_action_script_owner }}"
87 group: "{{ lp_wpa_action_script_group }}"
88 mode: "{{ lp_wpa_action_script_mode }}"
89 backup: "{{ lp_backup_conf }}"
90
91- name: Configuration wpa_supplicant.conf
92 tags: lp_wpasupplicant_conf
93 block:
94
95 - name: "Wpasupplicant: Create wpasupplicant configuration lp_wpasupplicant_debug_classified={{ lp_wpasupplicant_debug_classified }}"
96 register: lp_wpasupplicant_conf_changes
97 notify: reconfigure wpa_supplicant
98 no_log: "{{ not lp_wpasupplicant_debug_classified | bool }}"
99 vars:
100 my_filename: "{{ lp_wpasupplicant_conf_file[item.type | d('default')] }}"
101 ansible.builtin.template:
102 src: "{{ lp_wpasupplicant_conf_template }}"
103 dest: "{{ lp_wpasupplicant_conf_dir }}/{{ my_filename }}"
104 owner: "{{ lp_wpasupplicant_conf_owner }}"
105 group: "{{ lp_wpasupplicant_conf_group }}"
106 mode: "{{ lp_wpasupplicant_conf_mode }}"
107 backup: "{{ lp_backup_conf }}"
108 loop: "{{ lp_wpasupplicant_conf }}"
109 loop_control:
110 label: "{{ my_filename }}"
111
112 - name: "Wpasupplicant: Debug: Create wpasupplicant configuration lp_wpasupplicant_debug_classified={{ lp_wpasupplicant_debug_classified }}"
113 when: lp_wpasupplicant_debug_classified | bool
114 ansible.builtin.debug:
115 var: lp_wpasupplicant_conf_changes
116
117- name: Configure wpa_supplicant services
118 tags: lp_wpasupplicant_service_conf
119 block:
120
121 - name: "Wpasupplicant: Configure wpa_supplicant services"
122 register: lp_wpasupplicant_service_conf_changes
123 notify: "{{ item.0.handlers | d(omit) }}" # TODO: see handlers
124 community.general.ini_file:
125 path: "{{ item.0.path }}/{{ item.0.service }}"
126 owner: "{{ item.0.owner | d(omit) }}"
127 group: "{{ item.0.group | d(omit) }}"
128 mode: "{{ item.0.mode | d(omit) }}"
129 create: "{{ item.0.create | d(omit) }}"
130 no_extra_spaces: "{{ item.0.no_extra_spaces | d(omit) }}"
131 section: "{{ item.1.section }}"
132 state: "{{ item.1.state | d(omit) }}"
133 option: "{{ item.1.option | d(omit) }}"
134 value: "{{ item.1.value | d(omit) }}"
135 backup: "{{ lp_backup_conf }}"
136 loop: "{{ lp_wpasupplicant_service_conf | subelements('ini', {'skip_missing': True}) }}"
137 loop_control:
138 label: "{{ item.0.path }}/{{ item.0.service }}"
139
140 - name: "Wpasupplicant: Debug: Configure wpasupplicant services lp_wpasupplicant_debug={{ lp_wpasupplicant_debug }}"
141 when: lp_wpasupplicant_debug | bool
142 ansible.builtin.debug:
143 var: lp_wpasupplicant_service_conf_changes
144
145- name: Service
146 tags: lp_wpasupplicant_service
147 block:
148
149 - name: "Wpasupplicant: Manage wpa_supplicant services"
150 register: lp_wpasupplicant_service_changes
151 vars:
152 my_service: "{{ lp_wpasupplicant_service[item.type | d('default')] }}"
153 ansible.builtin.service:
154 name: "{{ my_service }}"
155 state: "{{ item.state | d('started') }}"
156 enabled: "{{ item.enabled | d(true) }}"
157 arguments: "{{ item.arguments | d(omit) }}"
158 pattern: "{{ item.pattern | d(omit) }}"
159 runlevel: "{{ item.runlevel | d(omit) }}"
160 sleep: "{{ item.sleep | d(omit) }}"
161 use: "{{ item.use | d(omit) }}"
162 loop: "{{ lp_wpasupplicant_conf }}"
163 loop_control:
164 label: "{{ my_service }}"
165
166 - name: "Wpasupplicant: Debug: Manage wpa_supplicant services lp_wpasupplicant_debug_classified={{ lp_wpasupplicant_debug_classified }}"
167 when: lp_wpasupplicant_debug_classified | bool
168 ansible.builtin.debug:
169 var: lp_wpasupplicant_service_changes
170
171# EOF
xen.yml
Synopsis: Configure xen
Description of the task.
1---
2# linux_postinstall xen
3
4- name: "Xen: Debug lp_xen_debug={{ lp_xen_debug }}"
5 when: lp_xen_debug | bool
6 tags: lp_xen_debug
7 vars:
8 msg: |-
9 ansible_os_family: {{ ansible_facts['os_family'] }}
10 lp_xen_packages:
11 {{ lp_xen_packages | to_nice_yaml(indent=2) | indent(2) }}
12 lp_xen_dom0_mem:
13 {{ lp_xen_dom0_mem | to_nice_yaml(indent=2) | indent(2) }}
14 lp_xen_default_grub_conf:
15 {{ lp_xen_default_grub_conf | to_nice_yaml(indent=2) | indent(2) }}
16 lp_xen_global:
17 {{ lp_xen_global | to_nice_yaml(indent=2) | indent(2) }}
18 lp_backup_conf: {{ lp_backup_conf }}
19 ansible.builtin.debug:
20 msg: "{{ '{}'.format(msg) }}"
21
22- name: "Xen: Install packages"
23 when: lp_xen_install | bool
24 tags: lp_xen_packages
25 vars:
26 ll_ipkg_list: "{{ lp_xen_packages }}"
27 ll_ipkg_state: "{{ lp_package_state }}"
28 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
29 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
30 ll_debug: "{{ lp_xen_debug | bool }}"
31 ansible.builtin.import_role:
32 name: vbotka.linux_lib
33 tasks_from: install_package.yml
34
35- name: "Xen: Configure /etc/default/grub"
36 tags: lp_xen_default_grub
37 notify: update grub
38 ansible.builtin.lineinfile:
39 dest: /etc/default/grub
40 regexp: ^\s*{{ item.key }}\s*=\s*(.*)$
41 line: "{{ item.key }}={{ item.value }}"
42 backup: "{{ lp_backup_conf }}"
43 loop: "{{ lp_xen_default_grub_conf }}"
44 loop_control:
45 label: "{{ item.key }}: {{ item.value }}"
46
47- name: "Xen: Configure /etc/xen/xl.conf"
48 tags: lp_xen_global
49 ansible.builtin.lineinfile:
50 dest: /etc/xen/xl.conf
51 regexp: ^\s*{{ item.var }}\s*=\s*(.*)$
52 line: "{{ item.var }}={{ item.value }}"
53 backup: "{{ lp_backup_conf }}"
54 create: true
55 mode: "0644"
56 loop: "{{ lp_xen_global }}"
57 loop_control:
58 label: "{{ item.var }}: {{ item.value }}"
59
60# EOF
xorg.yml
Synopsis: Configure xorg
Description of the task.
1---
2# linux_postinstall xorg
3
4- name: "Xorg: Debug lp_xorg_debug={{ lp_xorg_debug }}"
5 when: lp_xorg_debug | bool
6 tags: lp_xorg_debug
7 vars:
8 msg: |-
9 lp_xorg_conf:
10 {{ lp_xorg_conf | to_yaml(indent=2) | indent(2) }}
11 ansible.builtin.debug:
12 msg: "{{ '{}'.format(msg) }}"
13
14- name: "Xorg: Configure {{ lp_xorg_conf_dir }}"
15 tags: lp_xorg_conf
16 ansible.builtin.template:
17 src: xorg.conf.j2
18 dest: "{{ lp_xorg_conf_dir }}/{{ item.file }}"
19 backup: "{{ lp_backup_conf }}"
20 mode: "0644"
21 loop: "{{ lp_xorg_conf }}"
22 loop_control:
23 label: "{{ item.file }}"
24
25# EOF
zeitgeist.yml
Synopsis: Configure zeitgeist
Description of the task.
1---
2# linux_postinstall zeitgeist
3
4- name: Remove zeitgeist
5 when: not lp_zeitgeist_install | bool
6 block:
7
8 - name: "Zeitgeist: Remove zeitgeist"
9 ansible.builtin.apt:
10 state: absent
11 name: zeitgeist
12 purge: true
13
14 - name: "Zeitgeist: Remove zeitgeist-*"
15 ansible.builtin.apt:
16 state: absent
17 name: zeitgeist-*
18 purge: true
19
20# - name: Disable zeitgeist
21# ansible.builtin.service:
22# name: zeitgeist
23# state: stopped
24# enabled: no
25# when: not lp_zeitgeist
26# "Could not find the requested service zeitgeist"
27
28# for i in zeitgeist-fts zeitgeist; do
29# systemctl --user disable $i;
30# systemctl --user stop $i;
31# systemctl --user mask $i;
32# done
33
34# EOF
zfs.yml
Synopsis: Configure zfs
Description of the task.
1---
2# linux_postinstall zfs
3
4- name: "Zfs: Debug lp_zfs_debug={{ lp_zfs_debug }}"
5 when: lp_zfs_debug | bool
6 tags: lp_zfs_debug
7 vars:
8 msg: |-
9 lp_zfs_install: {{ lp_zfs_install }}
10 lp_zfs_packages:
11 {{ lp_zfs_packages | to_nice_yaml(indent=2) | indent(2) }}
12 lp_zfs_services:
13 {{ lp_zfs_services | d([]) | to_yaml(indent=2) | indent(2) }}
14 lp_zfs_manage:
15 {{ lp_zfs_manage | to_yaml(indent=2) | indent(2) }}
16 lp_zfs_mountpoints:
17 {{ lp_zfs_mountpoints | to_yaml(indent=2) | indent(2) }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20
21- name: "Zfs: Install packages"
22 when: lp_zfs_install | bool
23 tags: lp_zfs_packages
24 vars:
25 ll_ipkg_list: "{{ lp_zfs_packages }}"
26 ll_ipkg_state: "{{ lp_package_state }}"
27 ll_ipkg_autoremove: "{{ lp_packages_autoremove | bool }}"
28 ll_ipkg_rescue_end_host: "{{ lp_packages_rescue_end_host | bool }}"
29 ll_debug: "{{ lp_zfs_debug | bool }}"
30 ansible.builtin.import_role:
31 name: vbotka.linux_lib
32 tasks_from: install_package.yml
33
34- name: "Zfs: Manage zfs services"
35 tags: lp_zfs_services
36 vars:
37 srv_enbl: "{{ item.enabled | d(true) }}"
38 srv_stat: "{{ item.state | d(default_stat) }}"
39 default_stat: "{{ srv_enbl | bool | ternary('started', 'stopped') }}"
40 ansible.builtin.service:
41 name: "{{ item.name }}"
42 enabled: "{{ srv_enbl }}"
43 state: "{{ srv_stat }}"
44 loop: "{{ lp_zfs_services | d([]) }}"
45 loop_control:
46 label: "{{ item.name }} enabled: {{ srv_enbl }} state: {{ srv_stat }}"
47
48- name: "Zfs: Manage zfs"
49 tags: lp_zfs_manage
50 community.general.zfs:
51 name: "{{ item.name }}"
52 state: "{{ item.state }}"
53 origin: "{{ item.origin | d(omit) }}"
54 extra_zfs_properties: "{{ item.extra_zfs_properties | d(omit) }}"
55 loop: "{{ lp_zfs_manage }}"
56 loop_control:
57 label: "{{ item.name }}"
58
59- name: "Zfs: Set mode and ownership of zfs mountpoints"
60 tags: lp_zfs_mountpoints
61 ansible.builtin.file:
62 state: directory
63 path: "{{ item.mountpoint }}"
64 owner: "{{ item.owner | d(omit) }}"
65 group: "{{ item.group | d(omit) }}"
66 mode: "{{ item.mode | d(omit) }}"
67 loop: "{{ lp_zfs_mountpoints }}"
68 loop_control:
69 label: "{{ item.mountpoint }}"
70
71# EOF
vars_flavors.yml
Synopsis: Configure vars_flavors
Description of the task.
1---
2# linux_postinstall vars: vars_flavors
3
4# Create dir lp_flavors_dir. Loop lp_flavors and get stat of
5# release_file(s). If release_file exists include tasks specific to this
6# flavor.
7
8- name: "Sub: vars_flavors: Debug lp_debug={{ lp_debug }}"
9 when: lp_debug | bool
10 vars:
11 msg: |-
12 lp_flavors_dir [{{ lp_flavors_dir }}]
13 lp_flavors_dir_owner [{{ lp_flavors_dir_owner }}]
14 lp_flavors_dir_group [{{ lp_flavors_dir_group }}]
15 lp_flavors_dir_mode [{{ lp_flavors_dir_mode }}]
16 lp_flavors
17 {{ lp_flavors | to_nice_yaml }}
18 ansible.builtin.debug:
19 msg: "{{ '{}'.format(msg) }}"
20
21- name: "Sub: vars_flavors: Create {{ lp_flavors_dir }}"
22 delegate_to: localhost
23 run_once: true
24 ansible.builtin.file:
25 state: directory
26 path: "{{ lp_flavors_dir }}"
27 owner: "{{ lp_flavors_dir_owner }}"
28 group: "{{ lp_flavors_dir_group }}"
29 mode: "{{ lp_flavors_dir_mode }}"
30
31- name: "Sub: vars_flavors: Detect flavor"
32 register: result
33 ansible.builtin.stat:
34 path: "{{ item.value.release_file }}"
35 loop: "{{ lp_flavors | dict2items }}"
36
37- name: "Sub: vars_flavors: Debug result lp_debug={{ lp_debug }}"
38 when: lp_debug | bool
39 ansible.builtin.debug:
40 msg: "{{ result.results | json_query('[?stat.exists].item') }}"
41
42- name: "Sub: vars_flavors: Include tasks for flavor"
43 ansible.builtin.include_tasks: "{{ 'sub/vars_flavors-' ~ outer_item.key ~ '.yml' }}"
44 loop: "{{ result.results | json_query('[?stat.exists].item') }}"
45 loop_control:
46 loop_var: outer_item
47
48# EOF
vars_flavors_common.yml
Synopsis: Configure vars_flavors_common
Description of the task.
[tasks/sub/vars_flavors_common.yml]
1---
2# linux_postinstall vars: vars-flavors-common
3
4# Fetch my_release_file from the remote host and store the file in
5# lp_flavors_dir. Read release_attr from the fetched file and include
6# vars that correspond the flavor, release and HW.
7
8- name: Set my_release_file
9 block:
10
11 - name: "Sub: vars-flavors-common: Set my_release_file"
12 ansible.builtin.set_fact:
13 my_release_file: "{{ outer_item.value.release_file }}"
14
15 - name: "Sub: vars-flavors-common: Debug my_release_file lp_debug={{ lp_debug }}"
16 when: lp_debug | bool
17 ansible.builtin.debug:
18 var: my_release_file
19
20- name: Set my_flavor
21 block:
22
23 - name: "Sub: vars-flavors-common: Set my_flavor"
24 ansible.builtin.set_fact:
25 my_flavor: "{{ outer_item.key }}"
26
27 - name: "Sub: vars-flavors-common: Debug my_flavor lp_debug={{ lp_debug }}"
28 when: lp_debug | bool
29 ansible.builtin.debug:
30 var: my_flavor
31
32- name: Set my_release_file_fetch
33 block:
34
35 - name: "Sub: vars-flavors-common: Set my_release_file_fetch"
36 ansible.builtin.set_fact:
37 my_release_file_fetch: "{{ lp_flavors_dir ~ '/' ~ inventory_hostname ~ '-' ~ my_flavor }}"
38
39 - name: "Sub: vars-flavors-common: Fetch {{ my_release_file ~ ' to ' ~ my_release_file_fetch }}"
40 ansible.builtin.fetch:
41 flat: true
42 src: "{{ my_release_file }}"
43 dest: "{{ my_release_file_fetch }}"
44
45- name: Set my_release_keys
46 block:
47
48 - name: "Sub: vars-flavors-common: Clear my_release_keys"
49 ansible.builtin.set_fact:
50 my_release_keys: []
51
52 - name: "Sub: vars-flavors-common: Set my_release_keys"
53 ansible.builtin.set_fact:
54 my_release_keys: "{{ my_release_keys | d([]) + [item.split('=').0 | trim] }}"
55 loop: "{{ lookup('file', my_release_file_fetch).splitlines() }}"
56 when: item is match('^(\s*[a-zA-Z0-9_]+\s*)=(.*)$')
57
58 - name: "Sub: vars-flavors-common: Debug my_release_keys lp_debug={{ lp_debug }}"
59 when: lp_debug | bool
60 ansible.builtin.debug:
61 var: my_release_keys
62
63- name: Set my_release_dict
64 block:
65
66 - name: "Sub: vars-flavors-common: Clear my_release_dict"
67 ansible.builtin.set_fact:
68 my_release_dict: {}
69
70 - name: "Sub: vars-flavors-common: Set my_release_dict attributes"
71 ansible.builtin.set_fact:
72 my_release_dict: "{{ my_release_dict |
73 combine({item: lookup('ansible.builtin.ini',
74 item,
75 'type=properties',
76 'file=' ~ my_release_file_fetch)}) }}"
77 loop: "{{ my_release_keys }}"
78
79 - name: "Sub: vars-flavors-common: Debug my_release_dict"
80 when: lp_debug | bool
81 ansible.builtin.debug:
82 var: my_release_dict
83
84- name: Set my_release
85 block:
86
87 - name: "Sub: vars-flavors-common: Add flavor to my_release"
88 ansible.builtin.set_fact:
89 my_release: "{{ my_release | d({}) | combine({my_flavor: my_release_dict}) }}"
90
91 - name: "Sub: vars-flavors-common: Debug my_release lp_debug={{ lp_debug }}"
92 when: lp_debug | bool
93 ansible.builtin.debug:
94 var: my_release
95
96- name: Set my_labels
97 block:
98
99 - name: "Sub: vars-flavors-common: Set my_labels"
100 ansible.builtin.set_fact:
101 my_labels: "{{ lp_flavors[my_flavor].file_labels | map('extract', my_release[my_flavor]) | list }}"
102
103 - name: "Sub: vars-flavors-common: Debug my_labels lp_debug={{ lp_debug }}"
104 when: lp_debug | bool
105 ansible.builtin.debug:
106 var: my_labels
107
108- name: "Sub: vars-flavors-common: Include defaults for flavor {{ [my_labels.1, my_labels.0, my_flavor] | join(',') }}"
109 vars:
110 file: "{{ lookup('first_found', params) }}"
111 params:
112 skip: "{{ lp_vars_distro_firstfound_skip | bool }}"
113 files:
114 - "{{ my_flavor }}_{{ my_labels.0 }}_{{ my_labels.1 }}.yml"
115 - "{{ my_flavor }}_{{ my_labels.0 }}.yml"
116 - "{{ my_flavor }}.yml"
117 - default.yml
118 - defaults.yml
119 paths:
120 - "{{ role_path }}/vars/flavors"
121 ansible.builtin.include_vars: "{{ file }}"
122
123# Note: skip doesn't work with first_found lookup #43833
124# https://github.com/ansible/ansible/issues/43833
125# workaround: Create empty defaults.yml
126
127# EOF