├── .gitignore ├── .travis.yml ├── CHANGES.rst ├── COPYRIGHT ├── LICENSE ├── Makefile ├── README.rst ├── docs ├── changelog.rst ├── copyright.rst ├── custom-environment.rst ├── custom-features.rst ├── guides │ ├── getting-started.rst │ ├── index.rst │ ├── linux-containers.rst │ ├── local-apt-repository.rst │ └── service-ports.rst ├── includes │ ├── all.rst │ └── all_from_subdir.rst ├── index.rst ├── introduction.rst └── playbook-layout.rst ├── galaxy ├── requirements-manual.txt ├── requirements-testing.txt ├── requirements-testing.yml ├── requirements.txt └── requirements.yml ├── playbooks ├── app.yml ├── app │ ├── all.yml │ ├── boxbackup.yml │ ├── debops.yml │ ├── debops_api.yml │ ├── dokuwiki.yml │ ├── etherpad.yml │ ├── gitlab.yml │ ├── gitlab_runner.yml │ ├── ipxe.yml │ ├── librenms.yml │ ├── mailman.yml │ ├── netbox.yml │ ├── owncloud-apache.yml │ ├── owncloud-nginx.yml │ ├── owncloud.yml │ ├── phpipam.yml │ ├── preseed.yml │ ├── rsnapshot.yml │ ├── rstudio_server.yml │ └── sks.yml ├── bootstrap.yml ├── callback_plugins │ └── profile_tasks.py ├── common.yml ├── env.yml ├── env │ ├── all.yml │ ├── cran.yml │ ├── fcgiwrap.yml │ ├── golang.yml │ ├── java.yml │ ├── nodejs.yml │ ├── php.yml │ ├── php5.yml │ └── ruby.yml ├── filter_plugins │ ├── globmatch.py │ ├── ipaddr.py │ ├── ldappassword.py │ └── split.py ├── hw.yml ├── hw │ ├── all.yml │ ├── grub.yml │ └── hwraid.yml ├── library │ ├── __init__.py │ └── database │ │ ├── __init__.py │ │ └── ldap │ │ ├── __init__.py │ │ ├── ldap_attr.py │ │ └── ldap_entry.py ├── lookup_plugins │ ├── file_src.py │ ├── lists.py │ ├── task_src.py │ └── template_src.py ├── net.yml ├── net │ ├── all.yml │ ├── avahi.yml │ ├── dhcpd.yml │ ├── dnsmasq-persistent_paths.yml │ ├── dnsmasq-plain.yml │ ├── dnsmasq.yml │ ├── ifupdown.yml │ ├── radvd.yml │ ├── stunnel.yml │ ├── tinc-persistent_paths.yml │ ├── tinc-plain.yml │ ├── tinc.yml │ └── unbound.yml ├── service │ ├── apache.yml │ ├── apt.yml │ ├── apt_cacher_ng.yml │ ├── apt_install.yml │ ├── apt_listchanges.yml │ ├── apt_preferences.yml │ ├── apt_proxy.yml │ ├── atd.yml │ ├── auth.yml │ ├── authorized_keys.yml │ ├── avahi.yml │ ├── boxbackup.yml │ ├── console.yml │ ├── core.yml │ ├── cran.yml │ ├── cron.yml │ ├── cryptsetup-persistent_paths.yml │ ├── cryptsetup-plain.yml │ ├── cryptsetup.yml │ ├── debops.yml │ ├── debops_api.yml │ ├── debops_fact.yml │ ├── dhcpd.yml │ ├── dhparam.yml │ ├── dnsmasq-persistent_paths.yml │ ├── dnsmasq-plain.yml │ ├── dnsmasq.yml │ ├── docker.yml │ ├── docker_gen.yml │ ├── dokuwiki.yml │ ├── dovecot.yml │ ├── elastic_co.yml │ ├── elasticsearch.yml │ ├── environment.yml │ ├── etc_aliases.yml │ ├── etc_services.yml │ ├── etherpad.yml │ ├── fail2ban.yml │ ├── fcgiwrap.yml │ ├── ferm.yml │ ├── gitlab.yml │ ├── gitlab_ci.yml │ ├── gitlab_ci_runner.yml │ ├── gitlab_runner.yml │ ├── gitusers.yml │ ├── golang.yml │ ├── grub.yml │ ├── gunicorn.yml │ ├── hashicorp.yml │ ├── hwraid.yml │ ├── ifupdown.yml │ ├── ipxe.yml │ ├── iscsi.yml │ ├── java.yml │ ├── kibana.yml │ ├── librenms.yml │ ├── libvirt.yml │ ├── libvirtd.yml │ ├── libvirtd_qemu.yml │ ├── logrotate.yml │ ├── lvm.yml │ ├── lxc.yml │ ├── mailman.yml │ ├── mariadb.yml │ ├── mariadb_server.yml │ ├── memcached.yml │ ├── monit.yml │ ├── mosquitto-nginx.yml │ ├── mosquitto-plain.yml │ ├── mosquitto.yml │ ├── mysql.yml │ ├── netbox.yml │ ├── nfs.yml │ ├── nfs_server.yml │ ├── nginx.yml │ ├── nodejs.yml │ ├── nsswitch.yml │ ├── ntp.yml │ ├── nullmailer.yml │ ├── opendkim.yml │ ├── openvz.yml │ ├── owncloud-apache.yml │ ├── owncloud-nginx.yml │ ├── owncloud.yml │ ├── persistent_paths.yml │ ├── php.yml │ ├── php5.yml │ ├── phpipam.yml │ ├── pki.yml │ ├── postconf.yml │ ├── postfix.yml │ ├── postgresql.yml │ ├── postgresql_server.yml │ ├── postscreen.yml │ ├── postwhite.yml │ ├── preseed.yml │ ├── rabbitmq_management.yml │ ├── rabbitmq_server.yml │ ├── radvd.yml │ ├── redis.yml │ ├── reprepro.yml │ ├── resources.yml │ ├── root_account.yml │ ├── rsnapshot.yml │ ├── rstudio_server.yml │ ├── rsyslog.yml │ ├── ruby.yml │ ├── salt.yml │ ├── samba.yml │ ├── saslauthd.yml │ ├── sftpusers.yml │ ├── sks.yml │ ├── slapd.yml │ ├── smstools.yml │ ├── snmpd.yml │ ├── sshd.yml │ ├── stunnel.yml │ ├── swapfile.yml │ ├── sysctl.yml │ ├── tcpwrappers.yml │ ├── tftpd.yml │ ├── tgt.yml │ ├── tinc-persistent_paths.yml │ ├── tinc-plain.yml │ ├── tinc.yml │ ├── unattended_upgrades.yml │ ├── unbound.yml │ └── users.yml ├── site.yml ├── srv.yml ├── srv │ ├── all.yml │ ├── apache.yml │ ├── apt_cacher_ng.yml │ ├── docker_gen.yml │ ├── dovecot.yml │ ├── elastic_co.yml │ ├── elasticsearch.yml │ ├── etc_aliases.yml │ ├── fail2ban.yml │ ├── gunicorn.yml │ ├── hashicorp.yml │ ├── kibana.yml │ ├── mariadb.yml │ ├── mariadb_server.yml │ ├── memcached.yml │ ├── monit.yml │ ├── mosquitto-nginx.yml │ ├── mosquitto-plain.yml │ ├── mosquitto.yml │ ├── mysql.yml │ ├── nginx.yml │ ├── opendkim.yml │ ├── postconf.yml │ ├── postfix.yml │ ├── postgresql.yml │ ├── postgresql_server.yml │ ├── postscreen.yml │ ├── postwhite.yml │ ├── rabbitmq_management.yml │ ├── rabbitmq_server.yml │ ├── redis.yml │ ├── reprepro.yml │ ├── salt.yml │ ├── samba.yml │ ├── saslauthd.yml │ ├── smstools.yml │ ├── snmpd.yml │ ├── tftpd.yml │ └── tgt.yml ├── sys.yml ├── sys │ ├── all.yml │ ├── cryptsetup-persistent_paths.yml │ ├── cryptsetup-plain.yml │ ├── cryptsetup.yml │ ├── gitusers.yml │ ├── iscsi.yml │ ├── lvm.yml │ ├── nfs.yml │ ├── nfs_server.yml │ ├── persistent_paths.yml │ ├── sftpusers.yml │ ├── slapd.yml │ └── swapfile.yml ├── tools │ ├── 6to4.yml │ ├── debug.yml │ └── dist-upgrade.yml ├── virt.yml └── virt │ ├── all.yml │ ├── docker.yml │ ├── libvirt.yml │ ├── libvirtd.yml │ ├── libvirtd_qemu.yml │ ├── lxc.yml │ └── openvz.yml ├── scripts └── get_all_referenced_roles └── templates └── debops__tpl_macros.j2 /.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore user-created DebOps directories 2 | playbooks/roles 3 | roles 4 | inventory 5 | inventory.secret 6 | 7 | *.pyc 8 | 9 | # Created by http://gitignore.io 10 | 11 | ### vim ### 12 | .*.s[a-w][a-z] 13 | *.un~ 14 | Session.vim 15 | .netrwhist 16 | *~ 17 | 18 | ## For quick testing. 19 | ## Generated by https://github.com/ypid/ypid-ansible-common/blob/master/bin/sphinx-debops-role-build 20 | docs/Makefile 21 | docs/_build/ 22 | docs/conf.py 23 | docs/defaults.rst 24 | docs/includes/global.rst 25 | docs/_templates/page.html 26 | docs/_templates/.gitkeep 27 | docs/_static/custom.css 28 | docs/_static/.gitkeep 29 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | language: 'python' 4 | python: '2.7' 5 | 6 | virtualenv: 7 | system_site_packages: true 8 | 9 | before_install: True 10 | install: True 11 | 12 | script: 13 | - 'make check' 14 | - 'git clone --depth 1 https://github.com/nickjj/rolespec' 15 | - 'cd rolespec ; bin/rolespec -r https://github.com/debops/test-suite' 16 | -------------------------------------------------------------------------------- /COPYRIGHT: -------------------------------------------------------------------------------- 1 | debops-playbooks - Set of Ansible playbooks for DebOps Project 2 | 3 | Copyright (C) 2013-2017 Maciej Delmanowski 4 | Copyright (C) 2015-2017 Robin Schneider 5 | Copyright (C) 2014-2017 DebOps https://debops.org/ 6 | 7 | This repository is part of DebOps. 8 | 9 | DebOps is free software; you can redistribute it and/or modify 10 | it under the terms of the GNU General Public License version 3, as 11 | published by the Free Software Foundation. 12 | 13 | DebOps is distributed in the hope that it will be useful, 14 | but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | GNU General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with DebOps. If not, see https://www.gnu.org/licenses/. 20 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY : default all check fail-when-git-dirty 2 | 3 | .PHONY: FORCE_MAKE 4 | 5 | default: all 6 | 7 | all: galaxy 8 | 9 | check: all fail-when-git-dirty 10 | 11 | fail-when-git-dirty: 12 | git diff --quiet && git diff --cached --quiet 13 | 14 | galaxy: galaxy/requirements galaxy/requirements-testing 15 | @echo 'You need to `git add` all files in order for this script to pick up the changes!' 16 | 17 | galaxy/requirements: galaxy/requirements.txt galaxy/requirements.yml 18 | 19 | galaxy/requirements.txt: scripts/get_all_referenced_roles FORCE_MAKE 20 | "$<" > "$@" 21 | 22 | galaxy/requirements.yml: scripts/get_all_referenced_roles FORCE_MAKE 23 | "$<" | sed --regexp-extended 's/^(.*)$$/- src: \1\n/' > "$@" 24 | 25 | 26 | galaxy/requirements-testing: galaxy/requirements-testing.txt galaxy/requirements-testing.yml 27 | 28 | galaxy/requirements-testing.txt: scripts/get_all_referenced_roles FORCE_MAKE 29 | "$<" | sed --regexp-extended 's/^(.*)$$/\1,testing/' > "$@" 30 | 31 | galaxy/requirements-testing.yml: scripts/get_all_referenced_roles FORCE_MAKE 32 | "$<" | sed --regexp-extended 's/^(.*)$$/- src: \1\n version: testing\n/' > "$@" 33 | -------------------------------------------------------------------------------- /docs/changelog.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../CHANGES.rst 2 | -------------------------------------------------------------------------------- /docs/copyright.rst: -------------------------------------------------------------------------------- 1 | Copyright 2 | ========= 3 | 4 | .. literalinclude:: ../COPYRIGHT 5 | 6 | -------------------------------------------------------------------------------- /docs/custom-environment.rst: -------------------------------------------------------------------------------- 1 | Playbook environment variables 2 | ============================== 3 | 4 | .. include:: includes/all.rst 5 | 6 | In certain situations, for example on a network where direct Internet access is 7 | not allowed and users are required to use a HTTP proxy, you might need to 8 | define a custom set of environment variables for Ansible to execute playbooks. 9 | The DebOps playbooks allow you to do that using a set of Ansible inventory 10 | variables which should be defined as YAML dictionaries: 11 | 12 | ``inventory__environment`` 13 | This variable is meant to set environment variables on all hosts in Ansible 14 | inventory. 15 | 16 | ``inventory__group_environment`` 17 | This variable is meant to be used on a group of hosts in Ansible inventory. 18 | Only one group is supported. 19 | 20 | ``inventory__host_environment`` 21 | This variable is meant to set environment variables on specific hosts in 22 | Ansible inventory. 23 | 24 | The configured environment variables will be active in all of the DebOps 25 | playbooks included in this repository. The more specific variables override the 26 | more general ones, just as normal Ansible variables. 27 | 28 | The environment variables defined using these YAML dictionaries have only 29 | effect during the :command:`ansible-playbook` run. Normal :command:`ansible` commands as well 30 | as commands/services executed on remote hosts will not use them. To configure 31 | desired environment variables on remote hosts, you might wan to check the 32 | debops.resources_ Ansible role. 33 | 34 | Examples 35 | -------- 36 | 37 | To configure a HTTP proxy which should be used by Ansible roles on all hosts, 38 | add in the :file:`ansible/inventory/group_vars/all/inventory.yml` file: 39 | 40 | .. code-block:: yaml 41 | 42 | inventory__environment: 43 | http_proxy: 'http://proxy.{{ ansible_domain }}:3128' 44 | 45 | To add support for these variables in your own playbooks, make sure that they 46 | contain the following code: 47 | 48 | .. code-block:: yaml 49 | 50 | - name: Configure a custom service 51 | hosts: [ 'debops_service_custom' ] 52 | become: True 53 | 54 | environment: '{{ inventory__environment | d({}) 55 | | combine(inventory__group_environment | d({})) 56 | | combine(inventory__host_environment | d({})) }}' 57 | 58 | roles: 59 | 60 | - role: custom-role 61 | tags: [ 'role::custom' ] 62 | -------------------------------------------------------------------------------- /docs/custom-features.rst: -------------------------------------------------------------------------------- 1 | Custom DebOps features 2 | ====================== 3 | 4 | .. include:: includes/all.rst 5 | 6 | To make integration of DebOps roles with your own infrastructure easier, DebOps 7 | playbooks include a set of Ansible plugins and introduce several new concepts 8 | to Ansible best practices. 9 | 10 | The project directory 11 | --------------------- 12 | 13 | By default, Ansible is written to use :file:`/etc/ansible/` directory and its 14 | contents in its daily use. In contrast to this, DebOps playbooks are designed 15 | to be used from a custom local directory, which you can initialize using 16 | ``debops-init`` command. By using Ansible this way, it's much easier to create 17 | multiple, separate environments with distinct inventories and configuration. To 18 | change the environment you are working in, you just need to switch to 19 | a different directory - there's no need to use separate Ansible host groups, 20 | custom variables and so on. 21 | 22 | The official playbooks and roles are installed in central, fixed location 23 | (:file:`~/.local/share/debops/debops-playbooks/` on Linux systems), and the 24 | ``debops`` script generates ``ansible.cfg`` configuration file to provide 25 | correct paths for :command:`ansible-playbook` command to use them indirectly from the 26 | project directory. 27 | 28 | You can store your custom playbooks and roles in the project directory, in 29 | :file:`playbooks/` and :file:`roles/` subdirectories. 30 | 31 | Common playbooks 32 | ---------------- 33 | 34 | In many Ansible environments a popular practice is to have a "common role" that 35 | contains tasks that are expected to be run on any and all hosts managed by 36 | Ansible. 37 | 38 | In DebOps, there is an entire playbook dedicated to this, located in 39 | :file:`playbooks/common.yml`. It includes multiple roles that prepare a host from 40 | an unknown to a known state - for example, a :program:`ferm`-based firewall will be 41 | installed and configured on a given host, unless disabled, some common, useful 42 | packages will be installed, and so on. Other DebOps roles not included in the 43 | :file:`common.yml` playbook are designed for hosts that were configured by it 44 | - they might work outside of that environment, but it's not guaranteed. 45 | 46 | Host group namespace 47 | -------------------- 48 | 49 | To make host configuration in Ansible inventory more explicit, DebOps uses 50 | a set of Ansible host groups. All of the official groups are set in the 51 | ``[debops_*]`` namespace, so you are free to use other names without any 52 | possibility of a collision. 53 | 54 | Common DebOps playbook, as well as some other service playbooks that are 55 | included in it, use ``[debops_all_hosts]`` group. This is a base group of the 56 | project and all hosts managed by DebOps should be included in it. 57 | 58 | Service playbooks use the ``[debops_service_*]`` group namespace in Ansible 59 | inventory (for example, debops.nginx_ role is activated on hosts in 60 | ``[debops_service_nginx]`` group). Some service playbooks use additional groups 61 | for various purposes; you are advised to check the role documentation to see 62 | what is their intended use case. 63 | 64 | Flattened lists in inventory 65 | ---------------------------- 66 | 67 | Some DebOps roles use sets of default variables (usually lists) to allow you to 68 | define different settings for all hosts in inventory, a group of hosts, or even 69 | specific hosts. For example, using debops.sshd_ role you can whitelist 70 | a certain subnet for all hosts in your inventory, add another subnet for 71 | a particular group of hosts, and so on. You can also override more general 72 | list on specific hosts if needed. 73 | 74 | File, template and task hooks 75 | ----------------------------- 76 | 77 | DebOps project introduces a set of Ansible lookup plugins which allow you to 78 | override certain aspects of public Ansible roles without modifying them 79 | directly. This allows for easier updates or customization of the files and 80 | templates according to your specific needs. 81 | 82 | Certain roles use ``file_src`` or ``template_src`` to calculate path to files 83 | or templates used by a role. You can override these paths using ``.debops.cfg`` 84 | configuration file and provide your own versions of files and templates stored 85 | in DebOps project directory. 86 | 87 | Some roles provide "task hooks" at the beginning and end of task lists, which 88 | are empty files in a specific subdirectories. Using ``task_src`` lookup plugin 89 | and settings defined in ``.debops.cfg`` configuration file you can "inject" 90 | your own tasks at the beginning or end of these roles, which gives you more 91 | control over the configuration. 92 | 93 | By combining above techniques, you can very easily extend DebOps roles without 94 | losing the ability to update them using :command:`git` without merge conflicts. 95 | 96 | LDAP integration 97 | ---------------- 98 | 99 | Certain DebOps roles can access LDAP server to create or update data as needed. 100 | Custom modules are provided for LDAP entry and attribute management, deeper 101 | integration is planned in the future. 102 | -------------------------------------------------------------------------------- /docs/guides/index.rst: -------------------------------------------------------------------------------- 1 | .. _debops-playbooks guides: 2 | 3 | Guides 4 | ====== 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | :glob: 9 | 10 | * 11 | 12 | .. 13 | Local Variables: 14 | mode: rst 15 | ispell-local-dictionary: "american" 16 | End: 17 | -------------------------------------------------------------------------------- /docs/guides/linux-containers.rst: -------------------------------------------------------------------------------- 1 | Using Linux containers 2 | ====================== 3 | 4 | - `Host requirements`_ 5 | - `Configuring a host`_ to make it capable of storing containers 6 | - `LXC cheatsheet`_ to help you manage the containers 7 | - `Interacting with a container`_ 8 | 9 | Host requirements 10 | ----------------- 11 | 12 | **Your host must be Debian based** 13 | 14 | It can be Ubuntu 14.x, Debian Wheezy/Jessie, etc. 15 | 16 | If you're using a Mac or a different Linux distro then you'll want to setup a 17 | virtual machine to act as the container host. You can do this with 18 | `Vagrant `_ or some other virtualization software. 19 | 20 | **SSH key pair** 21 | 22 | You will also need an SSH key pair on your host. You probably have one setup 23 | but if you don’t you can run ``ssh-keygen -t`` and follow the instructions. 24 | DebOps expects the RSA keys to be in ``~/.ssh``. 25 | 26 | Configuring a host 27 | ------------------ 28 | 29 | **Add it to your inventory** 30 | 31 | The paths are relative to where you ``debops-init`` a new project. 32 | 33 | :command:`ansible/inventory/hosts` 34 | 35 | :: 36 | 37 | [debops_service_lxc] 38 | yourhostname 39 | 40 | **Decide on which network adapter you're using** 41 | 42 | If you plan to make your main OS an LXC host then you'll want to configure the 43 | host to use the NAT adapter by default. DNS is configured through NAT using 44 | dnsmasq. 45 | 46 | Basically this means you don't have to forward ports and DNS will work. 47 | 48 | :file:`ansible/inventory/host_vars/yourhostname.yml` 49 | 50 | :: 51 | 52 | lxc_configuration_default: 'nat' 53 | 54 | If you plan to use the bridged adapter through a VM then you do not have to set 55 | anything but keep in mind you will need to connect through an IP address unless 56 | you have configured DNS yourself. 57 | 58 | **Make the host an LXC host by running DebOps** 59 | 60 | Run this from your terminal: ``debops -l debops_service_lxc``. 61 | 62 | If you are running Debian Wheezy you will have to reboot your LXC host due to 63 | a kernal update. Other operating systems like Ubuntu 14.x and Debian Jessie 64 | do not require the reboot. 65 | 66 | LXC cheatsheet 67 | -------------- 68 | 69 | :: 70 | 71 | # Create a new container 72 | sudo lxc-create -n mycontainer -t debops 73 | 74 | # Return back a list of containers and basic information about them 75 | sudo lxc-ls -f 76 | 77 | # Start a container, the -d flag runs it as a daemon 78 | sudo lxc-start -n mycontainer -d 79 | 80 | # Stop a container 81 | sudo lxc-stop -n mycontainer 82 | 83 | # Destroy a container, the -f flag does a stop before destroying it 84 | sudo lxc-destroy -n mycontainer -f 85 | 86 | # There are many more commands like snapshotting, freezing, info, etc. 87 | # Check the LXC manpages for more information 88 | sudo lxc-[tab complete] 89 | 90 | Interacting with a container 91 | ---------------------------- 92 | 93 | Once it has been created and it's running you can SSH to it, just run: 94 | 95 | ``ssh containername`` if you have DNS setup, otherwise use the IP address. At 96 | this point you have a bare container ready to do whatever you want. 97 | 98 | **Setting it up with common DebOps services** 99 | 100 | If you plan to use containers for development then you'll probably want 101 | to group your containers together in your inventory. 102 | 103 | :command:`ansible/inventory/hosts` 104 | 105 | :: 106 | 107 | [local_containers] 108 | mycontainer 109 | 110 | Now you could create :file:`ansible/inventory/group_vars/local_containers.yml` and 111 | start doing things that would apply to all local containers. 112 | 113 | Perhaps you want to install emacs or use your own dotfiles, etc.. 114 | 115 | **Transferring files** 116 | 117 | To transfer files to/from the container you have 2 options. 118 | 119 | 1. SCP or some other file transfer utility that works through SSH 120 | 121 | :: 122 | 123 | # To the container 124 | scp somefile mycontainer:/tmp/somefile 125 | 126 | # From a container 127 | scp mycontainer:/tmp/somefile somefile 128 | 129 | The second option requires knowing the dirty details about where the container 130 | has its configuration and file system stored. 131 | 132 | On the LXC host, navigate to :file:`/var/lib/lxc`, then go into your container's 133 | directory. You can find its file system there among other things. You can simply 134 | ``cp`` directly if your LXC host is local to your main OS. 135 | -------------------------------------------------------------------------------- /docs/guides/local-apt-repository.rst: -------------------------------------------------------------------------------- 1 | Creating a local apt server 2 | =========================== 3 | 4 | - `What are some benefits of doing it this way?`_ 5 | - `Pick a server`_ 6 | - `Configure a throw away build server`_ 7 | - `Configure the local APT server`_ 8 | - `Make your hosts aware`_ 9 | - `Use your shiny new package`_ 10 | 11 | Certain roles such as Ruby and Golang offer the ability to use a backported 12 | version of the package so it's more up to date. The backports are built off of 13 | Debian testing without having to actually use the testing apt source. 14 | 15 | What are some benefits of doing it this way? 16 | -------------------------------------------- 17 | 18 | A lot of other roles will compile from source but that's time demanding and 19 | error prone. A backported version of Ruby 2.1.x will apt install in about 5 20 | seconds once you setup your local APT server once. 21 | 22 | Compile it once into a proper package and use it as many times as you want. 23 | 24 | It also future proofs your role because you wouldn't have to change anything 25 | once the next Debian version is officially released. From the role's point of view it's just 26 | installing an apt package using Ansible's :command:`apt` module. It does not care where 27 | the apt server is located. 28 | 29 | Pick a server 30 | ------------- 31 | 32 | The first step is to decide where you want this server. It doesn't need to be 33 | literally local to your workstation. It's local in the context of it not being 34 | an official APT server to the world. 35 | 36 | Popular options could be your Ansible controller inside of a container or a 37 | micro-size instance on the cloud depending on your requirements for availability. 38 | 39 | Configure a throw away build server 40 | ----------------------------------- 41 | 42 | You could use your apt server but it's best to use a temporary host. I would 43 | just spin up a container. 44 | 45 | In this example we're going to build Ruby 2.1.x. You will have to do this if 46 | you plan to use GitLab so it's a good idea to learn! 47 | 48 | :: 49 | 50 | # inventory/hosts 51 | 52 | [debops_service_ruby] 53 | yourbuildserver 54 | 55 | :: 56 | 57 | # inventory/host_vars/yourbuildserver.yml 58 | 59 | ruby_version: 'backport' 60 | 61 | That tells the `Ruby role `_ to use 62 | the `Backporter role `_ as a 63 | dependency and that will kick off the entire build process for you. 64 | 65 | **Then run:** 66 | 67 | ``debops -l yourbuildserver`` 68 | 69 | Expect it to take 5 to 15 minutes depending on how fast your server is. You only 70 | need to do this once. 71 | 72 | Where are the packages 73 | ~~~~~~~~~~~~~~~~~~~~~~ 74 | 75 | Good question, they have been transferred to your Ansible controller in the 76 | :file:`secret/reprepro/includedeb/wheezy-backports/` directory. 77 | 78 | At this point you can delete your build server. 79 | 80 | Configure the local APT server 81 | ------------------------------ 82 | 83 | Next up, we need to tell our server that it is an APT server. 84 | 85 | :: 86 | 87 | # inventory/host_vars/youraptserver.yml 88 | 89 | apt: 'youraptserver.{{ ansible_domain }}' 90 | 91 | You must use your apt server's fully qualified domain name. Run ``hostname -f`` on 92 | the server to check its fully qualified domain name. 93 | 94 | **We're just about done**, now you need to transfer the packages to your apt server: 95 | 96 | ``debops -l youraptserver -t apt`` 97 | 98 | Make your hosts aware 99 | --------------------- 100 | 101 | The last step is to make your hosts aware of the server. 102 | 103 | Below I'm just assuming you want to make it aware to all of your containers and 104 | you have your containers inside of a ``[containers]`` group. 105 | 106 | :: 107 | 108 | # inventory/group_vars/containers.yml 109 | 110 | apt: 'youraptserver.{{ ansible_domain }}' 111 | 112 | **Then run:** 113 | 114 | ``debops -l containers`` 115 | 116 | Use your shiny new package 117 | -------------------------- 118 | 119 | Well, this part is easy. Just use the Ruby role on any host that is aware of 120 | your local apt server and it will install Ruby 2.1.x in about 5 seconds. 121 | 122 | You do not need to set ``ruby_version: 'backport'`` on the hosts themselves. It 123 | will just use the default setting which is the apt package and now since your 124 | local apt server is setup and your host is aware, it will use the new backported 125 | version. 126 | -------------------------------------------------------------------------------- /docs/guides/service-ports.rst: -------------------------------------------------------------------------------- 1 | Custom services and their default ports 2 | ======================================= 3 | 4 | In various DebOps roles you can find named ports. They are defined in 5 | :file:`/etc/services` using debops.etc_services_ role which manages them using 6 | Ansible's ``assemble`` module. To avoid collisions between various services we 7 | list here custom ports that are set for applications and services that don't 8 | have specified system ports by default. 9 | 10 | You can find a list of ports used throughout the DebOps project by running 11 | command:: 12 | 13 | debops-defaults | grep '_port:' 14 | 15 | This should output list of all variables that define port numbers in various 16 | roles and are available in role defaults, and thus can be overridden by Ansible 17 | inventory. 18 | 19 | 20 | +----------------+-----------+----------------+ 21 | | Service | Port | Default bind | 22 | +================+===========+================+ 23 | | apt-cacher-ng | 3142 | all interfaces | 24 | +----------------+-----------+----------------+ 25 | | elasticsearch | 9200-9400 | localhost | 26 | +----------------+-----------+----------------+ 27 | | etherpad | 9000 | localhost | 28 | +----------------+-----------+----------------+ 29 | | redis-server | 6379 | localhost | 30 | +----------------+-----------+----------------+ 31 | | redis-sentinel | 26379 | localhost | 32 | +----------------+-----------+----------------+ 33 | | rails apps | 3000 | socket | 34 | +----------------+-----------+----------------+ 35 | | gitlab-ci | 18083 | localhost | 36 | +----------------+-----------+----------------+ 37 | 38 | Standard ports 39 | -------------- 40 | 41 | Run ``cat /etc/services`` to obtain a list of standard ports. 42 | 43 | .. _debops.etc_services: https://github.com/debops/ansible-etc_services/ 44 | 45 | -------------------------------------------------------------------------------- /docs/includes/all.rst: -------------------------------------------------------------------------------- 1 | .. include:: includes/global.rst 2 | -------------------------------------------------------------------------------- /docs/includes/all_from_subdir.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../includes/global.rst 2 | .. Refer to: https://github.com/debops/docs/issues/155#issuecomment-233184276 3 | -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- 1 | .. _debops playbooks: 2 | 3 | DebOps playbooks 4 | ================ 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | introduction 10 | playbook-layout 11 | custom-features 12 | custom-environment 13 | guides/index 14 | copyright 15 | changelog 16 | 17 | .. 18 | Local Variables: 19 | mode: rst 20 | ispell-local-dictionary: "american" 21 | End: 22 | -------------------------------------------------------------------------------- /docs/introduction.rst: -------------------------------------------------------------------------------- 1 | Introduction 2 | ============ 3 | 4 | To use Ansible roles, you need playbooks which define what roles are run on 5 | which hosts. ``debops-playbooks`` repository contains a set of such playbooks 6 | which let you use roles without the need to write them yourself. 7 | 8 | Apart from the playbooks, this repository contains a set of Ansible modules, 9 | various plugins and custom fact scripts used through the project. Some of 10 | them are required by the whole project, some just by a few selected roles. 11 | 12 | 13 | .. 14 | Local Variables: 15 | mode: rst 16 | ispell-local-dictionary: "american" 17 | End: 18 | -------------------------------------------------------------------------------- /docs/playbook-layout.rst: -------------------------------------------------------------------------------- 1 | Playbook layout 2 | =============== 3 | 4 | DebOps playbooks is split into several files to allow partial usage possible:: 5 | 6 | site.yml 7 | | ,---- <- core.yml 8 | |-- <- common.yml 9 | `-, 10 | |-- <- systems.yml 11 | |-- <- environments.yml 12 | |-- <- networking.yml 13 | |-- <- services.yml 14 | |-- <- applications.yml 15 | |-- <- virtualization.yml 16 | `-- <- hardware.yml 17 | 18 | When you run ``debops`` script or :command:`ansible-playbook`, you can either run the 19 | main :file:`site.yml` playbook, or specify name of the playbook you want to use to 20 | narrow the set of roles; this makes the Ansible runs shorter and lowers the 21 | startup time. 22 | 23 | Order of the playbooks apart from the common ones (:file:`common.yml`, 24 | :file:`core.yml`) is not significant, although running roles that are used many 25 | times as role dependencies first might make the whole playbook run faster. 26 | 27 | List of playbooks 28 | ----------------- 29 | 30 | Playbooks which are common for all hosts: 31 | 32 | :file:`site.yml` 33 | Main playbook, run by DebOps scripts by default, includes all other 34 | playbooks. 35 | 36 | :file:`common.yml` 37 | Playbook which runs on all hosts included in Ansible inventory. It executes 38 | a set of common roles which configure base services like SMTP service, a set 39 | of user accounts, :command:`ip(6)tables` firewall, APT repositories, and so on. 40 | 41 | :file:`core.yml` 42 | This is a playbook required on all hosts that use DebOps roles, regardless if 43 | you are using the playbooks or not. It's included by the :file:`common.yml` 44 | playbook. It will set up custom Ansible facts required by some of the roles, 45 | like root paths for several directory types, host UUID, installation of 46 | scripts that generate facts on the fly, and so on. 47 | 48 | It also gathers the IP address of the Ansible Controller, or IP of the 49 | closest router which leads to it, to allow connections from that IP address 50 | through the firewall. 51 | 52 | Playbooks which have only roles that are activated by specific Ansible host 53 | groups: 54 | 55 | :file:`systems.yml` 56 | This playbook includes roles that configure services and resources that might 57 | be required by other roles, such as user and group accounts, authentication 58 | services like LDAP, network filesystems like NFS. Anything that is expected 59 | to be used by other roles further down the playbook, but it's not common 60 | enough to be included in the :file:`common.yml` playbook, should be added here. 61 | 62 | :file:`environments.yml` 63 | This is a playbook focused on programming language environments, like Ruby, 64 | PHP, Java, NodeJS. Since these might be used by multiple roles further down 65 | the playbook, they are grouped here to be run first so that other roles might 66 | be executed faster. 67 | 68 | :file:`networking.yml` 69 | Playbook which focuses on roles that manage various network-related services, 70 | like DHCP, DNS, creating subnetworks or tunnels. 71 | 72 | :file:`services.yml` 73 | This playbook manages separate services like a webserver, various databases, 74 | file servers and others. These are usually standalone services which might be 75 | used by other roles down the line. 76 | 77 | :file:`applications.yml` 78 | This playbook manages either end-user applications which might use multiple 79 | services (usually web applications like GitLab or phpIPAM) or end-point 80 | applications which can be used by other hosts in the cluster, like iPXE, or 81 | rsnapshot. 82 | 83 | :file:`virtualization.yml` 84 | This playbook focuses on virtualization and hypervisors, like OpenVZ, 85 | KVM/libvirt or LXC. 86 | 87 | :file:`hardware.yml` 88 | At the end are roles which directly manage resources and services related to 89 | hardware, for example RAID health monitoring and notification. 90 | 91 | -------------------------------------------------------------------------------- /galaxy/requirements-manual.txt: -------------------------------------------------------------------------------- 1 | ## Manually added roles which are not automatically detected because they are 2 | ## only used as role dependencies. 3 | debops.ansible_plugins 4 | debops.backporter 5 | debops.kvm 6 | debops.monkeysphere 7 | debops.rails_deploy 8 | -------------------------------------------------------------------------------- /galaxy/requirements-testing.txt: -------------------------------------------------------------------------------- 1 | debops.ansible_plugins,testing 2 | debops.apache,testing 3 | debops.apt,testing 4 | debops.apt_cacher_ng,testing 5 | debops.apt_install,testing 6 | debops.apt_listchanges,testing 7 | debops.apt_preferences,testing 8 | debops.apt_proxy,testing 9 | debops.atd,testing 10 | debops.auth,testing 11 | debops.authorized_keys,testing 12 | debops.avahi,testing 13 | debops.backporter,testing 14 | debops.bootstrap,testing 15 | debops.boxbackup,testing 16 | debops.console,testing 17 | debops.core,testing 18 | debops.cran,testing 19 | debops.cron,testing 20 | debops.cryptsetup,testing 21 | debops.debops,testing 22 | debops.debops_api,testing 23 | debops.debops_fact,testing 24 | debops.dhcpd,testing 25 | debops.dhparam,testing 26 | debops.dnsmasq,testing 27 | debops.docker,testing 28 | debops.docker_gen,testing 29 | debops.dokuwiki,testing 30 | debops.dovecot,testing 31 | debops.elastic_co,testing 32 | debops.elasticsearch,testing 33 | debops.environment,testing 34 | debops.etc_aliases,testing 35 | debops.etc_services,testing 36 | debops.etherpad,testing 37 | debops.fail2ban,testing 38 | debops.fcgiwrap,testing 39 | debops.ferm,testing 40 | debops.gitlab,testing 41 | debops.gitlab_ci,testing 42 | debops.gitlab_ci_runner,testing 43 | debops.gitlab_runner,testing 44 | debops.gitusers,testing 45 | debops.golang,testing 46 | debops.grub,testing 47 | debops.gunicorn,testing 48 | debops.hashicorp,testing 49 | debops.hwraid,testing 50 | debops.ifupdown,testing 51 | debops.ipxe,testing 52 | debops.iscsi,testing 53 | debops.java,testing 54 | debops.kibana,testing 55 | debops.kvm,testing 56 | debops.librenms,testing 57 | debops.libvirt,testing 58 | debops.libvirtd,testing 59 | debops.libvirtd_qemu,testing 60 | debops.logrotate,testing 61 | debops.lvm,testing 62 | debops.lxc,testing 63 | debops.mailman,testing 64 | debops.mariadb,testing 65 | debops.mariadb_server,testing 66 | debops.memcached,testing 67 | debops.monit,testing 68 | debops.monkeysphere,testing 69 | debops.mosquitto,testing 70 | debops.mysql,testing 71 | debops.netbox,testing 72 | debops.nfs,testing 73 | debops.nfs_server,testing 74 | debops.nginx,testing 75 | debops.nodejs,testing 76 | debops.nsswitch,testing 77 | debops.ntp,testing 78 | debops.nullmailer,testing 79 | debops.opendkim,testing 80 | debops.openvz,testing 81 | debops.owncloud,testing 82 | debops.persistent_paths,testing 83 | debops.php,testing 84 | debops.php5,testing 85 | debops.phpipam,testing 86 | debops.phpmyadmin,testing 87 | debops.pki,testing 88 | debops.postconf,testing 89 | debops.postfix,testing 90 | debops.postgresql,testing 91 | debops.postgresql_server,testing 92 | debops.postscreen,testing 93 | debops.postwhite,testing 94 | debops.preseed,testing 95 | debops.rabbitmq_management,testing 96 | debops.rabbitmq_server,testing 97 | debops.radvd,testing 98 | debops.rails_deploy,testing 99 | debops.redis,testing 100 | debops.reprepro,testing 101 | debops.resources,testing 102 | debops.root_account,testing 103 | debops.rsnapshot,testing 104 | debops.rstudio_server,testing 105 | debops.rsyslog,testing 106 | debops.ruby,testing 107 | debops.salt,testing 108 | debops.samba,testing 109 | debops.saslauthd,testing 110 | debops.secret,testing 111 | debops.sftpusers,testing 112 | debops.sks,testing 113 | debops.slapd,testing 114 | debops.smstools,testing 115 | debops.snmpd,testing 116 | debops.sshd,testing 117 | debops.stunnel,testing 118 | debops.swapfile,testing 119 | debops.sysctl,testing 120 | debops.tcpwrappers,testing 121 | debops.tftpd,testing 122 | debops.tgt,testing 123 | debops.tinc,testing 124 | debops.unattended_upgrades,testing 125 | debops.unbound,testing 126 | debops.users,testing 127 | -------------------------------------------------------------------------------- /galaxy/requirements.txt: -------------------------------------------------------------------------------- 1 | debops.ansible_plugins 2 | debops.apache 3 | debops.apt 4 | debops.apt_cacher_ng 5 | debops.apt_install 6 | debops.apt_listchanges 7 | debops.apt_preferences 8 | debops.apt_proxy 9 | debops.atd 10 | debops.auth 11 | debops.authorized_keys 12 | debops.avahi 13 | debops.backporter 14 | debops.bootstrap 15 | debops.boxbackup 16 | debops.console 17 | debops.core 18 | debops.cran 19 | debops.cron 20 | debops.cryptsetup 21 | debops.debops 22 | debops.debops_api 23 | debops.debops_fact 24 | debops.dhcpd 25 | debops.dhparam 26 | debops.dnsmasq 27 | debops.docker 28 | debops.docker_gen 29 | debops.dokuwiki 30 | debops.dovecot 31 | debops.elastic_co 32 | debops.elasticsearch 33 | debops.environment 34 | debops.etc_aliases 35 | debops.etc_services 36 | debops.etherpad 37 | debops.fail2ban 38 | debops.fcgiwrap 39 | debops.ferm 40 | debops.gitlab 41 | debops.gitlab_ci 42 | debops.gitlab_ci_runner 43 | debops.gitlab_runner 44 | debops.gitusers 45 | debops.golang 46 | debops.grub 47 | debops.gunicorn 48 | debops.hashicorp 49 | debops.hwraid 50 | debops.ifupdown 51 | debops.ipxe 52 | debops.iscsi 53 | debops.java 54 | debops.kibana 55 | debops.kvm 56 | debops.librenms 57 | debops.libvirt 58 | debops.libvirtd 59 | debops.libvirtd_qemu 60 | debops.logrotate 61 | debops.lvm 62 | debops.lxc 63 | debops.mailman 64 | debops.mariadb 65 | debops.mariadb_server 66 | debops.memcached 67 | debops.monit 68 | debops.monkeysphere 69 | debops.mosquitto 70 | debops.mysql 71 | debops.netbox 72 | debops.nfs 73 | debops.nfs_server 74 | debops.nginx 75 | debops.nodejs 76 | debops.nsswitch 77 | debops.ntp 78 | debops.nullmailer 79 | debops.opendkim 80 | debops.openvz 81 | debops.owncloud 82 | debops.persistent_paths 83 | debops.php 84 | debops.php5 85 | debops.phpipam 86 | debops.phpmyadmin 87 | debops.pki 88 | debops.postconf 89 | debops.postfix 90 | debops.postgresql 91 | debops.postgresql_server 92 | debops.postscreen 93 | debops.postwhite 94 | debops.preseed 95 | debops.rabbitmq_management 96 | debops.rabbitmq_server 97 | debops.radvd 98 | debops.rails_deploy 99 | debops.redis 100 | debops.reprepro 101 | debops.resources 102 | debops.root_account 103 | debops.rsnapshot 104 | debops.rstudio_server 105 | debops.rsyslog 106 | debops.ruby 107 | debops.salt 108 | debops.samba 109 | debops.saslauthd 110 | debops.secret 111 | debops.sftpusers 112 | debops.sks 113 | debops.slapd 114 | debops.smstools 115 | debops.snmpd 116 | debops.sshd 117 | debops.stunnel 118 | debops.swapfile 119 | debops.sysctl 120 | debops.tcpwrappers 121 | debops.tftpd 122 | debops.tgt 123 | debops.tinc 124 | debops.unattended_upgrades 125 | debops.unbound 126 | debops.users 127 | -------------------------------------------------------------------------------- /galaxy/requirements.yml: -------------------------------------------------------------------------------- 1 | - src: debops.ansible_plugins 2 | 3 | - src: debops.apache 4 | 5 | - src: debops.apt 6 | 7 | - src: debops.apt_cacher_ng 8 | 9 | - src: debops.apt_install 10 | 11 | - src: debops.apt_listchanges 12 | 13 | - src: debops.apt_preferences 14 | 15 | - src: debops.apt_proxy 16 | 17 | - src: debops.atd 18 | 19 | - src: debops.auth 20 | 21 | - src: debops.authorized_keys 22 | 23 | - src: debops.avahi 24 | 25 | - src: debops.backporter 26 | 27 | - src: debops.bootstrap 28 | 29 | - src: debops.boxbackup 30 | 31 | - src: debops.console 32 | 33 | - src: debops.core 34 | 35 | - src: debops.cran 36 | 37 | - src: debops.cron 38 | 39 | - src: debops.cryptsetup 40 | 41 | - src: debops.debops 42 | 43 | - src: debops.debops_api 44 | 45 | - src: debops.debops_fact 46 | 47 | - src: debops.dhcpd 48 | 49 | - src: debops.dhparam 50 | 51 | - src: debops.dnsmasq 52 | 53 | - src: debops.docker 54 | 55 | - src: debops.docker_gen 56 | 57 | - src: debops.dokuwiki 58 | 59 | - src: debops.dovecot 60 | 61 | - src: debops.elastic_co 62 | 63 | - src: debops.elasticsearch 64 | 65 | - src: debops.environment 66 | 67 | - src: debops.etc_aliases 68 | 69 | - src: debops.etc_services 70 | 71 | - src: debops.etherpad 72 | 73 | - src: debops.fail2ban 74 | 75 | - src: debops.fcgiwrap 76 | 77 | - src: debops.ferm 78 | 79 | - src: debops.gitlab 80 | 81 | - src: debops.gitlab_ci 82 | 83 | - src: debops.gitlab_ci_runner 84 | 85 | - src: debops.gitlab_runner 86 | 87 | - src: debops.gitusers 88 | 89 | - src: debops.golang 90 | 91 | - src: debops.grub 92 | 93 | - src: debops.gunicorn 94 | 95 | - src: debops.hashicorp 96 | 97 | - src: debops.hwraid 98 | 99 | - src: debops.ifupdown 100 | 101 | - src: debops.ipxe 102 | 103 | - src: debops.iscsi 104 | 105 | - src: debops.java 106 | 107 | - src: debops.kibana 108 | 109 | - src: debops.kvm 110 | 111 | - src: debops.librenms 112 | 113 | - src: debops.libvirt 114 | 115 | - src: debops.libvirtd 116 | 117 | - src: debops.libvirtd_qemu 118 | 119 | - src: debops.logrotate 120 | 121 | - src: debops.lvm 122 | 123 | - src: debops.lxc 124 | 125 | - src: debops.mailman 126 | 127 | - src: debops.mariadb 128 | 129 | - src: debops.mariadb_server 130 | 131 | - src: debops.memcached 132 | 133 | - src: debops.monit 134 | 135 | - src: debops.monkeysphere 136 | 137 | - src: debops.mosquitto 138 | 139 | - src: debops.mysql 140 | 141 | - src: debops.netbox 142 | 143 | - src: debops.nfs 144 | 145 | - src: debops.nfs_server 146 | 147 | - src: debops.nginx 148 | 149 | - src: debops.nodejs 150 | 151 | - src: debops.nsswitch 152 | 153 | - src: debops.ntp 154 | 155 | - src: debops.nullmailer 156 | 157 | - src: debops.opendkim 158 | 159 | - src: debops.openvz 160 | 161 | - src: debops.owncloud 162 | 163 | - src: debops.persistent_paths 164 | 165 | - src: debops.php 166 | 167 | - src: debops.php5 168 | 169 | - src: debops.phpipam 170 | 171 | - src: debops.phpmyadmin 172 | 173 | - src: debops.pki 174 | 175 | - src: debops.postconf 176 | 177 | - src: debops.postfix 178 | 179 | - src: debops.postgresql 180 | 181 | - src: debops.postgresql_server 182 | 183 | - src: debops.postscreen 184 | 185 | - src: debops.postwhite 186 | 187 | - src: debops.preseed 188 | 189 | - src: debops.rabbitmq_management 190 | 191 | - src: debops.rabbitmq_server 192 | 193 | - src: debops.radvd 194 | 195 | - src: debops.rails_deploy 196 | 197 | - src: debops.redis 198 | 199 | - src: debops.reprepro 200 | 201 | - src: debops.resources 202 | 203 | - src: debops.root_account 204 | 205 | - src: debops.rsnapshot 206 | 207 | - src: debops.rstudio_server 208 | 209 | - src: debops.rsyslog 210 | 211 | - src: debops.ruby 212 | 213 | - src: debops.salt 214 | 215 | - src: debops.samba 216 | 217 | - src: debops.saslauthd 218 | 219 | - src: debops.secret 220 | 221 | - src: debops.sftpusers 222 | 223 | - src: debops.sks 224 | 225 | - src: debops.slapd 226 | 227 | - src: debops.smstools 228 | 229 | - src: debops.snmpd 230 | 231 | - src: debops.sshd 232 | 233 | - src: debops.stunnel 234 | 235 | - src: debops.swapfile 236 | 237 | - src: debops.sysctl 238 | 239 | - src: debops.tcpwrappers 240 | 241 | - src: debops.tftpd 242 | 243 | - src: debops.tgt 244 | 245 | - src: debops.tinc 246 | 247 | - src: debops.unattended_upgrades 248 | 249 | - src: debops.unbound 250 | 251 | - src: debops.users 252 | 253 | -------------------------------------------------------------------------------- /playbooks/app.yml: -------------------------------------------------------------------------------- 1 | 2 | - include: app/all.yml 3 | 4 | -------------------------------------------------------------------------------- /playbooks/app/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: sks.yml 4 | 5 | - include: ipxe.yml 6 | 7 | - include: boxbackup.yml 8 | 9 | - include: rsnapshot.yml 10 | 11 | - include: mailman.yml 12 | 13 | - include: librenms.yml 14 | 15 | - include: dokuwiki.yml 16 | 17 | - include: netbox.yml 18 | 19 | - include: etherpad.yml 20 | 21 | - include: preseed.yml 22 | 23 | - include: owncloud.yml 24 | 25 | - include: phpipam.yml 26 | 27 | - include: rstudio_server.yml 28 | 29 | - include: gitlab.yml 30 | 31 | - include: gitlab_runner.yml 32 | 33 | - include: debops.yml 34 | 35 | - include: debops_api.yml 36 | -------------------------------------------------------------------------------- /playbooks/app/boxbackup.yml: -------------------------------------------------------------------------------- 1 | ../service/boxbackup.yml -------------------------------------------------------------------------------- /playbooks/app/debops.yml: -------------------------------------------------------------------------------- 1 | ../service/debops.yml -------------------------------------------------------------------------------- /playbooks/app/debops_api.yml: -------------------------------------------------------------------------------- 1 | ../service/debops_api.yml -------------------------------------------------------------------------------- /playbooks/app/dokuwiki.yml: -------------------------------------------------------------------------------- 1 | ../service/dokuwiki.yml -------------------------------------------------------------------------------- /playbooks/app/etherpad.yml: -------------------------------------------------------------------------------- 1 | ../service/etherpad.yml -------------------------------------------------------------------------------- /playbooks/app/gitlab.yml: -------------------------------------------------------------------------------- 1 | ../service/gitlab.yml -------------------------------------------------------------------------------- /playbooks/app/gitlab_runner.yml: -------------------------------------------------------------------------------- 1 | ../service/gitlab_runner.yml -------------------------------------------------------------------------------- /playbooks/app/ipxe.yml: -------------------------------------------------------------------------------- 1 | ../service/ipxe.yml -------------------------------------------------------------------------------- /playbooks/app/librenms.yml: -------------------------------------------------------------------------------- 1 | ../service/librenms.yml -------------------------------------------------------------------------------- /playbooks/app/mailman.yml: -------------------------------------------------------------------------------- 1 | ../service/mailman.yml -------------------------------------------------------------------------------- /playbooks/app/netbox.yml: -------------------------------------------------------------------------------- 1 | ../service/netbox.yml -------------------------------------------------------------------------------- /playbooks/app/owncloud-apache.yml: -------------------------------------------------------------------------------- 1 | ../service/owncloud-apache.yml -------------------------------------------------------------------------------- /playbooks/app/owncloud-nginx.yml: -------------------------------------------------------------------------------- 1 | ../service/owncloud-nginx.yml -------------------------------------------------------------------------------- /playbooks/app/owncloud.yml: -------------------------------------------------------------------------------- 1 | ../service/owncloud.yml -------------------------------------------------------------------------------- /playbooks/app/phpipam.yml: -------------------------------------------------------------------------------- 1 | ../service/phpipam.yml -------------------------------------------------------------------------------- /playbooks/app/preseed.yml: -------------------------------------------------------------------------------- 1 | ../service/preseed.yml -------------------------------------------------------------------------------- /playbooks/app/rsnapshot.yml: -------------------------------------------------------------------------------- 1 | ../service/rsnapshot.yml -------------------------------------------------------------------------------- /playbooks/app/rstudio_server.yml: -------------------------------------------------------------------------------- 1 | ../service/rstudio_server.yml -------------------------------------------------------------------------------- /playbooks/app/sks.yml: -------------------------------------------------------------------------------- 1 | ../service/sks.yml -------------------------------------------------------------------------------- /playbooks/bootstrap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # This playbook can be used to bootstrap freshly installed minimal Debian 4 | # system for Ansible management. The expected state the host: 5 | # - host is already configured in Ansible inventory/hosts file; 6 | # - local user has prepared SSH keypair in RSA format; 7 | # - host has OpenSSH server installed; 8 | # 9 | # Modifications that will be made on the host: 10 | # - playbook will install Python support with some essential software; 11 | # - a system 'admins' group will be created for users who have administrator 12 | # privileges (full sudo permissions); 13 | # - a system administrator account will be created and added to the 'admins' 14 | # group; If you are connecting directly as root, this account will be named 15 | # after your local user account, otherwise it will be named after the user 16 | # you are connecting as (option `-u` or ansible_ssh_user from some config- or 17 | # inventory-file). 18 | # - no passwords are set or modified on any account; 19 | # - if set, playbook will configure hostname and domain on the host using 20 | # 'inventory_hostname' and 'bootstrap_domain' variables; 21 | # 22 | # Usage: 23 | # To connect directly as root, run: 24 | # 25 | # debops bootstrap -u root -k --limit host 26 | # 27 | # To connect as normal user and switch to sudo, run: 28 | # 29 | # debops bootstrap --become --limit host 30 | 31 | 32 | - name: Bootstrap Python support on a host 33 | hosts: [ 'debops_all_hosts', 'debops_service_bootstrap' ] 34 | gather_facts: False 35 | 36 | roles: 37 | 38 | - role: debops.bootstrap/raw 39 | 40 | 41 | - name: Bootstrap host for Ansible management 42 | hosts: [ 'debops_all_hosts', 'debops_service_bootstrap' ] 43 | 44 | environment: '{{ inventory__environment | d({}) 45 | | combine(inventory__group_environment | d({})) 46 | | combine(inventory__host_environment | d({})) }}' 47 | 48 | roles: 49 | 50 | - role: debops.bootstrap 51 | -------------------------------------------------------------------------------- /playbooks/callback_plugins/profile_tasks.py: -------------------------------------------------------------------------------- 1 | # profile_tasks.py: an Ansible plugin for timing tasks 2 | 3 | # Copyright (C) 2014 Jharrod LaFon 4 | # https://github.com/jlafon/ansible-profile/ 5 | # Included with permission 6 | 7 | 8 | # The MIT License (MIT) 9 | # 10 | # Copyright (c) 2014 Jharrod LaFon 11 | # 12 | # Permission is hereby granted, free of charge, to any person obtaining a copy of 13 | # this software and associated documentation files (the "Software"), to deal in 14 | # the Software without restriction, including without limitation the rights to 15 | # use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 16 | # the Software, and to permit persons to whom the Software is furnished to do so, 17 | # subject to the following conditions: 18 | # 19 | # The above copyright notice and this permission notice shall be included in all 20 | # copies or substantial portions of the Software. 21 | # 22 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 23 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 24 | # FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 25 | # COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 26 | # IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 27 | # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 28 | 29 | 30 | from ansible.plugins.callback import CallbackBase 31 | import time 32 | 33 | class CallbackModule(CallbackBase): 34 | """ 35 | A plugin for timing tasks 36 | """ 37 | def __init__(self): 38 | self.stats = {} 39 | self.current = None 40 | 41 | def playbook_on_task_start(self, name, is_conditional): 42 | """ 43 | Logs the start of each task 44 | """ 45 | if self.current is not None: 46 | # Record the running time of the last executed task 47 | self.stats[self.current] = time.time() - self.stats[self.current] 48 | 49 | # Record the start time of the current task 50 | self.current = name 51 | self.stats[self.current] = time.time() 52 | 53 | def playbook_on_stats(self, stats): 54 | """ 55 | Prints the timings 56 | """ 57 | # Record the timing of the very last task 58 | if self.current is not None: 59 | self.stats[self.current] = time.time() - self.stats[self.current] 60 | 61 | # Sort the tasks by their running time 62 | results = sorted(self.stats.items(), key=lambda value: value[1], reverse=True) 63 | 64 | # Just keep the top 10 65 | results = results[:10] 66 | 67 | # Print the timings 68 | for name, elapsed in results: 69 | print "{0:-<70}{1:->9}".format('{0} '.format(name), ' {0:.02f}s'.format(elapsed)) 70 | -------------------------------------------------------------------------------- /playbooks/common.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Security assertions 4 | hosts: [ 'all' ] 5 | tags: [ 'play::security-assertions' ] 6 | gather_facts: False 7 | become: False 8 | 9 | tasks: 10 | 11 | - name: Check for Ansible version without known vulnerabilities 12 | assert: 13 | that: 14 | - 'ansible_version.full | version_compare("2.1.5.0", ">=")' 15 | - '((ansible_version.minor == 2) and (ansible_version.full | version_compare("2.2.2.0", ">="))) or (ansible_version.minor != 2)' 16 | msg: 'VULNERABLE or unsupported Ansible version DETECTED, please update to Ansible >= v2.1.5 or a newer Ansible release >= v2.2.2! To skip, add "--skip-tags play::security-assertions" parameter. Check the debops-playbook changelog for details. Exiting.' 17 | run_once: True 18 | delegate_to: 'localhost' 19 | 20 | - include: service/core.yml 21 | 22 | - name: Common configuration for all hosts 23 | hosts: [ 'debops_all_hosts', '!debops_no_common' ] 24 | gather_facts: True 25 | become: True 26 | 27 | environment: '{{ inventory__environment | d({}) 28 | | combine(inventory__group_environment | d({})) 29 | | combine(inventory__host_environment | d({})) }}' 30 | 31 | roles: 32 | 33 | - role: debops.debops_fact 34 | tags: [ 'role::debops_fact' ] 35 | 36 | - role: debops.environment 37 | tags: [ 'role::environment' ] 38 | 39 | - role: debops.nullmailer/env 40 | tags: [ 'role::nullmailer', 'role::ferm', 'role::tcpwrappers' ] 41 | 42 | - role: debops.pki/env 43 | tags: [ 'role::pki', 'role::pki:secret', 'role::secret' ] 44 | 45 | - role: debops.secret 46 | tags: [ 'role::secret', 'role::pki', 'role::pki:secret' ] 47 | secret_directories: 48 | - '{{ pki_env_secret_directories }}' 49 | 50 | - role: debops.apt_preferences 51 | tags: [ 'apt_preferences', 'role::apt_preferences' ] 52 | apt_preferences__dependent_list: 53 | - '{{ sshd__apt_preferences__dependent_list }}' 54 | - '{{ apt__apt_preferences__dependent_list }}' 55 | - '{{ apt_install__apt_preferences__dependent_list }}' 56 | - '{{ rsyslog__apt_preferences__dependent_list }}' 57 | 58 | - role: debops.apt_proxy 59 | tags: [ 'role::apt_proxy' ] 60 | 61 | - role: debops.atd 62 | tags: [ 'role::atd' ] 63 | 64 | - role: debops.dhparam 65 | tags: [ 'role::dhparam' ] 66 | 67 | - role: debops.pki 68 | tags: [ 'role::pki' ] 69 | 70 | - role: debops.apt 71 | tags: [ 'role::apt' ] 72 | 73 | - role: debops.apt_listchanges 74 | tags: [ 'role::apt_listchanges' ] 75 | 76 | - role: debops.apt_install 77 | tags: [ 'role::apt_install' ] 78 | 79 | - role: debops.etc_services 80 | tags: [ 'role::etc_services' ] 81 | etc_services__dependent_list: 82 | - '{{ rsyslog__etc_services__dependent_list }}' 83 | 84 | - role: debops.logrotate 85 | tags: [ 'role::logrotate' ] 86 | logrotate__dependent_config: 87 | - '{{ rsyslog__logrotate__dependent_config }}' 88 | 89 | - role: debops.auth 90 | tags: [ 'role::auth' ] 91 | 92 | - role: debops.nsswitch 93 | tags: [ 'role::nsswitch' ] 94 | 95 | - role: debops.resources 96 | tags: [ 'role::resources' ] 97 | 98 | - role: debops.ferm 99 | tags: [ 'role::ferm' ] 100 | ferm__dependent_rules: 101 | - '{{ ntp__ferm__dependent_rules }}' 102 | - '{{ nullmailer__ferm__dependent_rules }}' 103 | - '{{ rsyslog__ferm__dependent_rules }}' 104 | - '{{ sshd__ferm__dependent_rules }}' 105 | 106 | - role: debops.tcpwrappers 107 | tags: [ 'role::tcpwrappers' ] 108 | tcpwrappers_dependent_allow: 109 | - '{{ nullmailer__tcpwrappers__dependent_allow }}' 110 | - '{{ sshd__tcpwrappers__dependent_allow }}' 111 | 112 | - role: debops.ntp 113 | tags: [ 'role::ntp' ] 114 | 115 | - role: debops.root_account 116 | tags: [ 'role::root_account' ] 117 | 118 | - role: debops.console 119 | tags: [ 'role::console' ] 120 | 121 | - role: debops.sysctl 122 | tags: [ 'role::sysctl' ] 123 | 124 | - role: debops.nullmailer 125 | tags: [ 'role::nullmailer' ] 126 | 127 | - role: debops.rsyslog 128 | tags: [ 'role::rsyslog' ] 129 | 130 | - role: debops.unattended_upgrades 131 | tags: [ 'role::unattended_upgrades' ] 132 | 133 | - role: debops.users 134 | tags: [ 'role::users' ] 135 | 136 | - role: debops.authorized_keys 137 | tags: [ 'role::authorized_keys' ] 138 | 139 | - role: debops.sshd 140 | tags: [ 'role::sshd' ] 141 | 142 | - role: debops.cron 143 | tags: [ 'role::cron' ] 144 | -------------------------------------------------------------------------------- /playbooks/env.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: env/all.yml 4 | 5 | -------------------------------------------------------------------------------- /playbooks/env/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: nodejs.yml 4 | 5 | - include: ruby.yml 6 | 7 | - include: golang.yml 8 | 9 | - include: java.yml 10 | 11 | - include: cran.yml 12 | 13 | - include: php5.yml 14 | 15 | - include: php.yml 16 | 17 | - include: fcgiwrap.yml 18 | 19 | -------------------------------------------------------------------------------- /playbooks/env/cran.yml: -------------------------------------------------------------------------------- 1 | ../service/cran.yml -------------------------------------------------------------------------------- /playbooks/env/fcgiwrap.yml: -------------------------------------------------------------------------------- 1 | ../service/fcgiwrap.yml -------------------------------------------------------------------------------- /playbooks/env/golang.yml: -------------------------------------------------------------------------------- 1 | ../service/golang.yml -------------------------------------------------------------------------------- /playbooks/env/java.yml: -------------------------------------------------------------------------------- 1 | ../service/java.yml -------------------------------------------------------------------------------- /playbooks/env/nodejs.yml: -------------------------------------------------------------------------------- 1 | ../service/nodejs.yml -------------------------------------------------------------------------------- /playbooks/env/php.yml: -------------------------------------------------------------------------------- 1 | ../service/php.yml -------------------------------------------------------------------------------- /playbooks/env/php5.yml: -------------------------------------------------------------------------------- 1 | ../service/php5.yml -------------------------------------------------------------------------------- /playbooks/env/ruby.yml: -------------------------------------------------------------------------------- 1 | ../service/ruby.yml -------------------------------------------------------------------------------- /playbooks/filter_plugins/globmatch.py: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2015 Maciej Delmanowski 2 | # 3 | # This file is part of Ansible 4 | # 5 | # Ansible is free software: you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation, either version 3 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Ansible is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with Ansible. If not, see . 17 | 18 | from ansible import errors 19 | 20 | try: 21 | import fnmatch 22 | except Exception, e: 23 | raise errors.AnsibleFilterError('fnmatch python library not found') 24 | 25 | 26 | def globmatch_filter(value, pattern): 27 | ''' Return string or list of items matching given glob pattern(s). ''' 28 | 29 | if not isinstance(pattern, (list, tuple)): 30 | pattern = [ pattern ] 31 | 32 | if isinstance(value, (list, tuple)): 33 | _ret = [] 34 | 35 | for element in pattern: 36 | for entry in value: 37 | if fnmatch.fnmatch(str(entry), str(element)): 38 | if entry not in _ret: 39 | _ret.append(entry) 40 | 41 | if _ret: 42 | return _ret 43 | else: 44 | return list() 45 | 46 | else: 47 | 48 | for element in pattern: 49 | if fnmatch.fnmatch(str(value), str(element)): 50 | return value 51 | 52 | 53 | class FilterModule(object): 54 | 55 | ''' Return string or list of items matching given glob pattern(s). ''' 56 | def filters(self): 57 | return { 58 | 'globmatch' : globmatch_filter 59 | } 60 | 61 | -------------------------------------------------------------------------------- /playbooks/filter_plugins/ldappassword.py: -------------------------------------------------------------------------------- 1 | # coding: utf-8 2 | 3 | # Copyright (C) 2015 Patryk Ściborek 4 | # 5 | # This file is part of Ansible 6 | # 7 | # Ansible is free software: you can redistribute it and/or modify 8 | # it under the terms of the GNU General Public License as published by 9 | # the Free Software Foundation, either version 3 of the License, or 10 | # (at your option) any later version. 11 | # 12 | # Ansible is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with Ansible. If not, see . 19 | 20 | from __future__ import absolute_import 21 | 22 | import os 23 | import hashlib 24 | import base64 25 | 26 | from ansible import errors 27 | 28 | 29 | def ldappassword(secret, schema='SHA', salt=None): 30 | '''Return password hash to be used as userPassword value''' 31 | hash_types = { 32 | 'SHA': 'sha1', 33 | 'SSHA': 'sha1', 34 | 'MD5': 'md5', 35 | 'SMD5': 'md5', 36 | } 37 | 38 | try: 39 | htype = hash_types[schema] 40 | except KeyError: 41 | raise errors.AnsibleFilterError( 42 | 'Unknown/unsupported storage schema: {}'.format(schema)) 43 | 44 | h = hashlib.new(htype) 45 | h.update(secret) 46 | 47 | if schema in ('SSHA', 'SMD5'): 48 | if salt is None: 49 | salt = os.urandom(4) 50 | h.update(salt) 51 | else: 52 | salt = '' 53 | 54 | rv = base64.standard_b64encode(h.digest()+salt) 55 | return '{{{}}}{}'.format(schema, rv) 56 | 57 | 58 | class FilterModule(object): 59 | def filters(self): 60 | return { 61 | 'ldappassword': ldappassword, 62 | } 63 | -------------------------------------------------------------------------------- /playbooks/hw.yml: -------------------------------------------------------------------------------- 1 | 2 | - include: hw/all.yml 3 | 4 | -------------------------------------------------------------------------------- /playbooks/hw/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: hwraid.yml 4 | 5 | - include: grub.yml 6 | 7 | -------------------------------------------------------------------------------- /playbooks/hw/grub.yml: -------------------------------------------------------------------------------- 1 | ../service/grub.yml -------------------------------------------------------------------------------- /playbooks/hw/hwraid.yml: -------------------------------------------------------------------------------- 1 | ../service/hwraid.yml -------------------------------------------------------------------------------- /playbooks/library/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/debops/debops-playbooks/e2ee94ae9dc93e53558308344b443d71fdf03d40/playbooks/library/__init__.py -------------------------------------------------------------------------------- /playbooks/library/database/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/debops/debops-playbooks/e2ee94ae9dc93e53558308344b443d71fdf03d40/playbooks/library/database/__init__.py -------------------------------------------------------------------------------- /playbooks/library/database/ldap/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/debops/debops-playbooks/e2ee94ae9dc93e53558308344b443d71fdf03d40/playbooks/library/database/ldap/__init__.py -------------------------------------------------------------------------------- /playbooks/lookup_plugins/file_src.py: -------------------------------------------------------------------------------- 1 | # (c) 2015, Robert Chady 2 | # Based on `runner/lookup_plugins/file.py` for Ansible 3 | # (c) 2012, Michael DeHaan 4 | # 5 | # This file is part of Debops. 6 | # This file is NOT part of Ansible yet. 7 | # 8 | # Debops is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # Ansible is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with Debops. If not, see . 20 | 21 | ''' 22 | 23 | This file implements the `file_src` lookup filter for Ansible. In difference 24 | to the `file` filter, this searches values based on the `file-paths` 25 | variable (colon separated) as configured in DebOps. 26 | 27 | NOTE: This means this filter relies on DebOps. 28 | 29 | ''' 30 | 31 | import os 32 | 33 | from debops import * 34 | from debops.cmds import * 35 | 36 | __author__ = "Robert Chady " 37 | __copyright__ = "Copyright 2015 by Robert Chady " 38 | __license__ = "GNU General Public LIcense version 3 (GPL v3) or later" 39 | 40 | try: 41 | from ansible.plugins.lookup import LookupBase 42 | except ImportError: 43 | LookupBase = object 44 | 45 | conf_template_paths = 'file-paths' 46 | 47 | from distutils.version import LooseVersion 48 | from ansible import __version__ as __ansible_version__ 49 | class LookupModule(LookupBase): 50 | def __new__(class_name, *args, **kwargs): 51 | if LooseVersion(__ansible_version__) < LooseVersion("2.0"): 52 | from ansible import utils, errors 53 | class LookupModuleV1(object): 54 | def __init__(self, basedir, *args, **kwargs): 55 | self.basedir = basedir 56 | 57 | def run(self, terms, inject=None, **kwargs): 58 | 59 | terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject) 60 | ret = [] 61 | 62 | # this can happen if the variable contains a string, strictly not desired for lookup 63 | # plugins, but users may try it, so make it work. 64 | if not isinstance(terms, list): 65 | terms = [ terms ] 66 | 67 | project_root = find_debops_project(required=False) 68 | config = read_config(project_root) 69 | places = [] 70 | 71 | if 'paths' in config and conf_template_paths in config['paths']: 72 | custom_places = config['paths'][conf_template_paths].split(':') 73 | for custom_path in custom_places: 74 | if os.path.isabs(custom_path): 75 | places.append(custom_path) 76 | else: 77 | places.append(os.path.join(project_root, custom_path)) 78 | 79 | for term in terms: 80 | if '_original_file' in inject: 81 | relative_path = utils.path_dwim_relative(inject['_original_file'], 'files', '', self.basedir, check=False) 82 | places.append(relative_path) 83 | for path in places: 84 | template = os.path.join(path, term) 85 | if template and os.path.exists(template): 86 | ret.append(template) 87 | break 88 | else: 89 | raise errors.AnsibleError("could not locate file in lookup: %s" % term) 90 | 91 | return ret 92 | 93 | return LookupModuleV1(*args, **kwargs) 94 | 95 | else: 96 | from ansible.errors import AnsibleError 97 | from ansible.plugins.lookup import LookupBase 98 | class LookupModuleV2(LookupBase): 99 | 100 | def run(self, terms, variables=None, **kwargs): 101 | ret = [] 102 | 103 | # this can happen if the variable contains a string, strictly not desired for lookup 104 | # plugins, but users may try it, so make it work. 105 | if not isinstance(terms, list): 106 | terms = [ terms ] 107 | 108 | project_root = find_debops_project(required=False) 109 | config = read_config(project_root) 110 | places = [] 111 | 112 | if 'paths' in config and conf_template_paths in config['paths']: 113 | custom_places = config['paths'][conf_template_paths].split(':') 114 | for custom_path in custom_places: 115 | if os.path.isabs(custom_path): 116 | places.append(custom_path) 117 | else: 118 | places.append(os.path.join(project_root, custom_path)) 119 | 120 | for term in terms: 121 | if 'role_path' in variables: 122 | relative_path = self._loader.path_dwim_relative(variables['role_path'], 'files', '') 123 | places.append(relative_path) 124 | for path in places: 125 | template = os.path.join(path, term) 126 | if template and os.path.exists(template): 127 | ret.append(template) 128 | break 129 | else: 130 | raise AnsibleError("could not locate file in lookup: %s" % term) 131 | 132 | return ret 133 | 134 | return LookupModuleV2(*args, **kwargs) 135 | 136 | -------------------------------------------------------------------------------- /playbooks/lookup_plugins/lists.py: -------------------------------------------------------------------------------- 1 | # (c) 2015, Hartmut Goebel 2 | # Based on `runner/lookup_plugins/items.py` for Ansible 3 | # (c) 2012, Michael DeHaan 4 | # 5 | # This file is part of Debops. 6 | # This file is NOT part of Ansible yet. 7 | # 8 | # Debops is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # Ansible is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with Debops. If not, see . 20 | ''' 21 | 22 | This file implements the `with_lists` lookup filter for Ansible. In 23 | differenceto `with_items`, this one does *not* flatten the lists passed to. 24 | 25 | Example: 26 | 27 | - debug: msg="{{item.0}} -- {{item.1}} -- {{item.2}}" 28 | with_lists: 29 | - ["General", "Verbosity", "0"] 30 | - ["Mapping", "Nobody-User", "nobody"] 31 | - ["Mapping", "Nobody-Group", "nogroup"] 32 | 33 | Output (shortend): 34 | "msg": "General -- Verbosity -- 0" 35 | "msg": "Mapping -- Nobody-User -- nobody" 36 | "msg": "Mapping -- Nobody-Group -- nogroup" 37 | ''' 38 | 39 | import ansible.utils as utils 40 | import ansible.errors as errors 41 | 42 | try: 43 | from ansible.plugins.lookup import LookupBase 44 | except ImportError: 45 | LookupBase = object 46 | 47 | class LookupModule(LookupBase): 48 | 49 | def __init__(self, basedir=None, **kwargs): 50 | self.basedir = basedir 51 | 52 | def run(self, terms, inject=None, **kwargs): 53 | terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject) 54 | 55 | if not isinstance(terms, (list, set)): 56 | raise errors.AnsibleError("with_list expects a list or a set") 57 | 58 | for i, elem in enumerate(terms): 59 | if not isinstance(elem, (list, tuple)): 60 | raise errors.AnsibleError("with_list expects a list (or a set) of lists or tuples, but elem %i is not") 61 | 62 | return terms 63 | -------------------------------------------------------------------------------- /playbooks/lookup_plugins/task_src.py: -------------------------------------------------------------------------------- 1 | # (c) 2015, Robert Chady 2 | # Based on `runner/lookup_plugins/file.py` for Ansible 3 | # (c) 2012, Michael DeHaan 4 | # 5 | # This file is part of Debops. 6 | # This file is NOT part of Ansible yet. 7 | # 8 | # Debops is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # Ansible is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with Debops. If not, see . 20 | 21 | ''' 22 | 23 | This file implements the `task_src` lookup filter for Ansible. In difference 24 | to the `file` filter, this searches values based on the `task-paths` 25 | variable (colon separated) as configured in DebOps. 26 | 27 | NOTE: This means this filter relies on DebOps. 28 | 29 | ''' 30 | 31 | import os 32 | 33 | from debops import * 34 | from debops.cmds import * 35 | 36 | __author__ = "Robert Chady " 37 | __copyright__ = "Copyright 2015 by Robert Chady " 38 | __license__ = "GNU General Public LIcense version 3 (GPL v3) or later" 39 | 40 | try: 41 | from ansible.plugins.lookup import LookupBase 42 | except ImportError: 43 | LookupBase = object 44 | 45 | conf_template_paths = 'task-paths' 46 | 47 | from distutils.version import LooseVersion 48 | from ansible import __version__ as __ansible_version__ 49 | class LookupModule(LookupBase): 50 | def __new__(class_name, *args, **kwargs): 51 | if LooseVersion(__ansible_version__) < LooseVersion("2.0"): 52 | from ansible import utils, errors 53 | class LookupModuleV1(object): 54 | def __init__(self, basedir, *args, **kwargs): 55 | self.basedir = basedir 56 | 57 | def run(self, terms, inject=None, **kwargs): 58 | 59 | terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject) 60 | ret = [] 61 | 62 | # this can happen if the variable contains a string, strictly not desired for lookup 63 | # plugins, but users may try it, so make it work. 64 | if not isinstance(terms, list): 65 | terms = [ terms ] 66 | 67 | project_root = find_debops_project(required=False) 68 | config = read_config(project_root) 69 | places = [] 70 | 71 | if 'paths' in config and conf_template_paths in config['paths']: 72 | custom_places = config['paths'][conf_template_paths].split(':') 73 | for custom_path in custom_places: 74 | if os.path.isabs(custom_path): 75 | places.append(custom_path) 76 | else: 77 | places.append(os.path.join(project_root, custom_path)) 78 | 79 | for term in terms: 80 | if '_original_file' in inject: 81 | relative_path = utils.path_dwim_relative(inject['_original_file'], 'tasks', '', self.basedir, check=False) 82 | places.append(relative_path) 83 | for path in places: 84 | template = os.path.join(path, term) 85 | if template and os.path.exists(template): 86 | ret.append(template) 87 | break 88 | else: 89 | raise errors.AnsibleError("could not locate file in lookup: %s" % term) 90 | 91 | return ret 92 | 93 | return LookupModuleV1(*args, **kwargs) 94 | 95 | else: 96 | from ansible.errors import AnsibleError 97 | from ansible.plugins.lookup import LookupBase 98 | class LookupModuleV2(LookupBase): 99 | 100 | def run(self, terms, variables=None, **kwargs): 101 | ret = [] 102 | 103 | # this can happen if the variable contains a string, strictly not desired for lookup 104 | # plugins, but users may try it, so make it work. 105 | if not isinstance(terms, list): 106 | terms = [ terms ] 107 | 108 | project_root = find_debops_project(required=False) 109 | config = read_config(project_root) 110 | places = [] 111 | 112 | if 'paths' in config and conf_template_paths in config['paths']: 113 | custom_places = config['paths'][conf_template_paths].split(':') 114 | for custom_path in custom_places: 115 | if os.path.isabs(custom_path): 116 | places.append(custom_path) 117 | else: 118 | places.append(os.path.join(project_root, custom_path)) 119 | 120 | for term in terms: 121 | if 'role_path' in variables: 122 | relative_path = self._loader.path_dwim_relative(variables['role_path'], 'tasks', '') 123 | places.append(relative_path) 124 | for path in places: 125 | template = os.path.join(path, term) 126 | if template and os.path.exists(template): 127 | ret.append(template) 128 | break 129 | else: 130 | raise AnsibleError("could not locate file in lookup: %s" % term) 131 | 132 | return ret 133 | 134 | return LookupModuleV2(*args, **kwargs) 135 | 136 | -------------------------------------------------------------------------------- /playbooks/lookup_plugins/template_src.py: -------------------------------------------------------------------------------- 1 | # (c) 2015, Robert Chady 2 | # Based on `runner/lookup_plugins/file.py` for Ansible 3 | # (c) 2012, Michael DeHaan 4 | # 5 | # This file is part of Debops. 6 | # This file is NOT part of Ansible yet. 7 | # 8 | # Debops is free software: you can redistribute it and/or modify 9 | # it under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation, either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # Ansible is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with Debops. If not, see . 20 | 21 | ''' 22 | 23 | This file implements the `template_src` lookup filter for Ansible. In difference 24 | to the `template` filter, this searches values based on the `template-paths` 25 | variable (colon separated) as configured in DebOps. 26 | 27 | NOTE: This means this filter relies on DebOps. 28 | 29 | ''' 30 | 31 | import os 32 | 33 | from debops import * 34 | from debops.cmds import * 35 | 36 | __author__ = "Robert Chady " 37 | __copyright__ = "Copyright 2015 by Robert Chady " 38 | __license__ = "GNU General Public LIcense version 3 (GPL v3) or later" 39 | 40 | try: 41 | from ansible.plugins.lookup import LookupBase 42 | except ImportError: 43 | LookupBase = object 44 | 45 | conf_template_paths = 'template-paths' 46 | 47 | from distutils.version import LooseVersion 48 | from ansible import __version__ as __ansible_version__ 49 | class LookupModule(LookupBase): 50 | def __new__(class_name, *args, **kwargs): 51 | if LooseVersion(__ansible_version__) < LooseVersion("2.0"): 52 | from ansible import utils, errors 53 | class LookupModuleV1(object): 54 | def __init__(self, basedir, *args, **kwargs): 55 | self.basedir = basedir 56 | 57 | def run(self, terms, inject=None, **kwargs): 58 | 59 | terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject) 60 | ret = [] 61 | 62 | # this can happen if the variable contains a string, strictly not desired for lookup 63 | # plugins, but users may try it, so make it work. 64 | if not isinstance(terms, list): 65 | terms = [ terms ] 66 | 67 | project_root = find_debops_project(required=False) 68 | config = read_config(project_root) 69 | places = [] 70 | 71 | if 'paths' in config and conf_template_paths in config['paths']: 72 | custom_places = config['paths'][conf_template_paths].split(':') 73 | for custom_path in custom_places: 74 | if os.path.isabs(custom_path): 75 | places.append(custom_path) 76 | else: 77 | places.append(os.path.join(project_root, custom_path)) 78 | 79 | for term in terms: 80 | if '_original_file' in inject: 81 | relative_path = utils.path_dwim_relative(inject['_original_file'], 'templates', '', self.basedir, check=False) 82 | places.append(relative_path) 83 | for path in places: 84 | template = os.path.join(path, term) 85 | if template and os.path.exists(template): 86 | ret.append(template) 87 | break 88 | else: 89 | raise errors.AnsibleError("could not locate file in lookup: %s" % term) 90 | 91 | return ret 92 | 93 | return LookupModuleV1(*args, **kwargs) 94 | 95 | else: 96 | from ansible.errors import AnsibleError 97 | from ansible.plugins.lookup import LookupBase 98 | class LookupModuleV2(LookupBase): 99 | 100 | def run(self, terms, variables=None, **kwargs): 101 | ret = [] 102 | 103 | # this can happen if the variable contains a string, strictly not desired for lookup 104 | # plugins, but users may try it, so make it work. 105 | if not isinstance(terms, list): 106 | terms = [ terms ] 107 | 108 | project_root = find_debops_project(required=False) 109 | config = read_config(project_root) 110 | places = [] 111 | 112 | if 'paths' in config and conf_template_paths in config['paths']: 113 | custom_places = config['paths'][conf_template_paths].split(':') 114 | for custom_path in custom_places: 115 | if os.path.isabs(custom_path): 116 | places.append(custom_path) 117 | else: 118 | places.append(os.path.join(project_root, custom_path)) 119 | 120 | for term in terms: 121 | if 'role_path' in variables: 122 | relative_path = self._loader.path_dwim_relative(variables['role_path'], 'templates', '') 123 | places.append(relative_path) 124 | for path in places: 125 | template = os.path.join(path, term) 126 | if template and os.path.exists(template): 127 | ret.append(template) 128 | break 129 | else: 130 | raise AnsibleError("could not locate file in lookup: %s" % term) 131 | 132 | return ret 133 | 134 | return LookupModuleV2(*args, **kwargs) 135 | 136 | -------------------------------------------------------------------------------- /playbooks/net.yml: -------------------------------------------------------------------------------- 1 | 2 | - include: net/all.yml 3 | -------------------------------------------------------------------------------- /playbooks/net/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: ifupdown.yml 4 | 5 | - include: radvd.yml 6 | 7 | - include: dhcpd.yml 8 | 9 | - include: unbound.yml 10 | 11 | - include: dnsmasq.yml 12 | 13 | - include: tinc.yml 14 | 15 | - include: stunnel.yml 16 | 17 | - include: avahi.yml 18 | -------------------------------------------------------------------------------- /playbooks/net/avahi.yml: -------------------------------------------------------------------------------- 1 | ../service/avahi.yml -------------------------------------------------------------------------------- /playbooks/net/dhcpd.yml: -------------------------------------------------------------------------------- 1 | ../service/dhcpd.yml -------------------------------------------------------------------------------- /playbooks/net/dnsmasq-persistent_paths.yml: -------------------------------------------------------------------------------- 1 | ../service/dnsmasq-persistent_paths.yml -------------------------------------------------------------------------------- /playbooks/net/dnsmasq-plain.yml: -------------------------------------------------------------------------------- 1 | ../service/dnsmasq-plain.yml -------------------------------------------------------------------------------- /playbooks/net/dnsmasq.yml: -------------------------------------------------------------------------------- 1 | ../service/dnsmasq.yml -------------------------------------------------------------------------------- /playbooks/net/ifupdown.yml: -------------------------------------------------------------------------------- 1 | ../service/ifupdown.yml -------------------------------------------------------------------------------- /playbooks/net/radvd.yml: -------------------------------------------------------------------------------- 1 | ../service/radvd.yml -------------------------------------------------------------------------------- /playbooks/net/stunnel.yml: -------------------------------------------------------------------------------- 1 | ../service/stunnel.yml -------------------------------------------------------------------------------- /playbooks/net/tinc-persistent_paths.yml: -------------------------------------------------------------------------------- 1 | ../service/tinc-persistent_paths.yml -------------------------------------------------------------------------------- /playbooks/net/tinc-plain.yml: -------------------------------------------------------------------------------- 1 | ../service/tinc-plain.yml -------------------------------------------------------------------------------- /playbooks/net/tinc.yml: -------------------------------------------------------------------------------- 1 | ../service/tinc.yml -------------------------------------------------------------------------------- /playbooks/net/unbound.yml: -------------------------------------------------------------------------------- 1 | ../service/unbound.yml -------------------------------------------------------------------------------- /playbooks/service/apache.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage and configure the Apache HTTP Server 4 | hosts: [ 'debops_service_apache' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apache/env 14 | tags: [ 'role::apache', 'role::apache:env' ] 15 | 16 | - role: debops.ferm 17 | tags: [ 'role::ferm' ] 18 | ferm__dependent_rules: 19 | - '{{ apache__ferm__dependent_rules }}' 20 | 21 | - role: debops.apache 22 | tags: [ 'role::apache' ] 23 | -------------------------------------------------------------------------------- /playbooks/service/apt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Advanced Package Manager 4 | hosts: [ 'debops_all_hosts', 'debops_service_apt' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ apt__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.apt 19 | tags: [ 'role::apt' ] 20 | -------------------------------------------------------------------------------- /playbooks/service/apt_cacher_ng.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install and manage the caching HTTP proxy Apt-Cacher NG. 4 | hosts: [ 'debops_service_apt_cacher_ng' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_services 14 | tags: [ 'role::etc_services' ] 15 | etc_services__dependent_list: 16 | - '{{ apt_cacher_ng__etc_services__dependent_list }}' 17 | 18 | - role: debops.apt_preferences 19 | tags: [ 'role::apt_preferences' ] 20 | apt_preferences__dependent_list: 21 | - '{{ apt_cacher_ng__apt_preferences__dependent_list }}' 22 | - '{{ nginx_apt_preferences_dependent_list }}' 23 | 24 | - role: debops.ferm 25 | tags: [ 'role::ferm' ] 26 | ferm__dependent_rules: 27 | - '{{ apt_cacher_ng__ferm__dependent_rules }}' 28 | - '{{ nginx_ferm_dependent_rules }}' 29 | 30 | - role: debops.nginx 31 | tags: [ 'role::nginx' ] 32 | nginx_servers: 33 | - '{{ apt_cacher_ng__nginx__servers }}' 34 | nginx_upstreams: 35 | - '{{ apt_cacher_ng__nginx__upstream }}' 36 | 37 | - role: debops.apt_cacher_ng 38 | tags: [ 'role::apt_cacher_ng' ] 39 | -------------------------------------------------------------------------------- /playbooks/service/apt_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install APT packages 4 | hosts: [ 'debops_all_hosts', 'debops_service_apt_install' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ apt_install__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.apt_install 19 | tags: [ 'role::apt_install' ] 20 | 21 | -------------------------------------------------------------------------------- /playbooks/service/apt_listchanges.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure apt-listchanges 4 | hosts: [ 'debops_all_hosts', 'debops_service_apt_listchanges' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_listchanges 14 | tags: [ 'role::apt_listchanges' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/apt_preferences.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage APT preferences 4 | hosts: [ 'debops_all_hosts', 'debops_service_apt_preferences' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/apt_proxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure APT proxy 4 | hosts: [ 'debops_all_hosts', 'debops_service_apt_proxy' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_proxy 14 | tags: [ 'role::apt_proxy' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/atd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage at service 4 | hosts: [ 'debops_all_hosts', 'debops_service_atd' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.atd 14 | tags: [ 'role::atd' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/auth.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage authentication and authorization 4 | hosts: [ 'debops_all_hosts', 'debops_service_auth' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.auth 14 | tags: [ 'role::auth' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/authorized_keys.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage SSH public keys 4 | hosts: [ 'debops_all_hosts', 'debops_service_authorized_keys' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.authorized_keys 14 | tags: [ 'role::authorized_keys' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/avahi.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Avahi service 4 | hosts: [ 'debops_service_avahi' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ferm 14 | tags: [ 'role::ferm' ] 15 | ferm__dependent_rules: 16 | - '{{ avahi__ferm__dependent_rules }}' 17 | 18 | - role: debops.avahi 19 | tags: [ 'role::avahi' ] 20 | 21 | - role: debops.nsswitch 22 | tags: [ 'role::nsswitch' ] 23 | -------------------------------------------------------------------------------- /playbooks/service/boxbackup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage BoxBackup service 4 | hosts: [ 'debops_service_boxbackup', 'debops_boxbackup' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.boxbackup 14 | tags: [ 'role::boxbackup' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/console.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage console configuration 4 | hosts: [ 'debops_all_hosts', 'debops_service_console' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.console 14 | tags: [ 'role::console' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/core.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Prepare core environment 4 | hosts: [ 'debops_all_hosts', 'debops_service_core' ] 5 | become: False 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.core 14 | tags: [ 'role::core' ] 15 | become: True 16 | -------------------------------------------------------------------------------- /playbooks/service/cran.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage the Comprehensive R Archive Network packages 4 | hosts: [ 'debops_service_cran' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ cran__apt_preferences__dependent_list }}' 17 | - '{{ java__apt_preferences__dependent_list 18 | if cran__java_integration|bool else [] }}' 19 | 20 | - role: debops.java 21 | tags: [ 'role::java' ] 22 | java__install_jdk: True 23 | when: cran__java_integration|bool 24 | 25 | - role: debops.cran 26 | tags: [ 'role::cran' ] 27 | -------------------------------------------------------------------------------- /playbooks/service/cron.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage cron jobs 4 | hosts: [ 'debops_all_hosts', 'debops_service_cron' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.cron 14 | tags: [ 'role::cron' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/cryptsetup-persistent_paths.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Setup and manage encrypted filesystems and ensure persistence 4 | hosts: [ 'debops_service_cryptsetup_persistent_paths' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.cryptsetup 14 | tags: [ 'role::cryptsetup' ] 15 | 16 | - role: debops.persistent_paths 17 | tags: [ 'role::persistent_paths' ] 18 | persistent_paths__dependent_paths: '{{ cryptsetup__persistent_paths__dependent_paths }}' 19 | -------------------------------------------------------------------------------- /playbooks/service/cryptsetup-plain.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Setup and manage encrypted filesystems 4 | hosts: [ 'debops_service_cryptsetup' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.cryptsetup 14 | tags: [ 'role::cryptsetup' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/cryptsetup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: cryptsetup-plain.yml 4 | 5 | - include: cryptsetup-persistent_paths.yml 6 | -------------------------------------------------------------------------------- /playbooks/service/debops.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install DebOps recursively 4 | hosts: [ 'debops_service_debops', 'debops_service_recursively', 5 | 'debops_recursively' ] 6 | become: True 7 | 8 | environment: '{{ inventory__environment | d({}) 9 | | combine(inventory__group_environment | d({})) 10 | | combine(inventory__host_environment | d({})) }}' 11 | 12 | roles: 13 | 14 | - role: debops.apt_preferences 15 | tags: [ 'role::apt_preferences' ] 16 | apt_preferences__dependent_list: 17 | - '{{ debops__apt_preferences__dependent_list }}' 18 | 19 | - role: debops.debops 20 | tags: [ 'role::debops' ] 21 | 22 | -------------------------------------------------------------------------------- /playbooks/service/debops_api.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Setup and manage a DebOps API server 4 | hosts: [ 'debops_service_debops_api' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ nginx_apt_preferences_dependent_list }}' 17 | 18 | - role: debops.ferm 19 | tags: [ 'role::ferm' ] 20 | ferm__dependent_rules: 21 | - '{{ nginx_ferm_dependent_rules }}' 22 | 23 | - role: debops.nginx 24 | tags: [ 'role::nginx' ] 25 | nginx__dependent_servers: 26 | - '{{ debops_api__nginx__servers }}' 27 | 28 | - role: debops.debops_api 29 | tags: [ 'role::debops_api' ] 30 | -------------------------------------------------------------------------------- /playbooks/service/debops_fact.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Ansible local facts for other roles 4 | hosts: [ 'debops_all_hosts', 'debops_service_debops_fact' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.debops_fact 14 | tags: [ 'role::debops_fact' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/dhcpd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage ISC DHCP server 4 | hosts: [ 'debops_service_dhcpd', 'debops_dhcpd' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.dhcpd 14 | tags: [ 'role::dhcpd' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/dhparam.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Diffie-Hellman parameters 4 | hosts: [ 'debops_all_hosts', 'debops_service_dhparam' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.dhparam 14 | tags: [ 'role::dhparam' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/dnsmasq-persistent_paths.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure dnsmasq and ensure persistence 4 | hosts: [ 'debops_service_dnsmasq_persistent_paths' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ferm 14 | tags: [ 'role::ferm' ] 15 | ferm__dependent_rules: 16 | - '{{ dnsmasq__ferm__dependent_rules }}' 17 | 18 | - role: debops.tcpwrappers 19 | tags: [ 'role::tcpwrappers' ] 20 | 21 | - role: debops.dnsmasq 22 | tags: [ 'role::dnsmasq' ] 23 | 24 | - role: debops.persistent_paths 25 | tags: [ 'role::persistent_paths' ] 26 | persistent_paths__dependent_paths: '{{ dnsmasq__persistent_paths__dependent_paths }}' 27 | -------------------------------------------------------------------------------- /playbooks/service/dnsmasq-plain.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure dnsmasq 4 | hosts: [ 'debops_service_dnsmasq' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ferm 14 | tags: [ 'role::ferm' ] 15 | ferm__dependent_rules: 16 | - '{{ dnsmasq__ferm__dependent_rules }}' 17 | 18 | - role: debops.tcpwrappers 19 | tags: [ 'role::tcpwrappers' ] 20 | 21 | - role: debops.dnsmasq 22 | tags: [ 'role::dnsmasq' ] 23 | -------------------------------------------------------------------------------- /playbooks/service/dnsmasq.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: dnsmasq-plain.yml 4 | 5 | - include: dnsmasq-persistent_paths.yml 6 | -------------------------------------------------------------------------------- /playbooks/service/docker.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Docker service 4 | hosts: [ 'debops_service_docker', 'debops_docker' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_services 14 | tags: [ 'role::etc_services' ] 15 | etc_services__dependent_list: 16 | - '{{ docker__etc_services__dependent_list }}' 17 | 18 | - role: debops.ferm 19 | tags: [ 'role::ferm' ] 20 | ferm__dependent_rules: 21 | - '{{ docker__ferm__dependent_rules }}' 22 | 23 | - role: debops.docker 24 | tags: [ 'role::docker' ] 25 | 26 | -------------------------------------------------------------------------------- /playbooks/service/docker_gen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage docker-gen service 4 | hosts: [ 'debops_service_docker_gen', 'debops_docker_gen' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.docker_gen 14 | tags: [ 'role::docker_gen' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/dokuwiki.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage DokuWiki 4 | hosts: [ 'debops_service_dokuwiki', 'debops_dokuwiki' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.php/env 14 | tags: [ 'role::php', 'role::logrotate' ] 15 | 16 | - role: debops.apt_preferences 17 | tags: [ 'role::apt_preferences' ] 18 | apt_preferences__dependent_list: 19 | - '{{ php__apt_preferences__dependent_list }}' 20 | - '{{ nginx__apt_preferences__dependent_list }}' 21 | 22 | - role: debops.logrotate 23 | tags: [ 'role::logrotate' ] 24 | logrotate__dependent_config: 25 | - '{{ php__logrotate__dependent_config }}' 26 | 27 | - role: debops.php 28 | tags: [ 'role::php' ] 29 | php__dependent_packages: 30 | - '{{ dokuwiki__php__dependent_packages }}' 31 | php__dependent_pools: 32 | - '{{ dokuwiki__php__dependent_pools }}' 33 | 34 | - role: debops.ferm 35 | tags: [ 'role::ferm' ] 36 | ferm__dependent_rules: 37 | - '{{ nginx__ferm__dependent_rules }}' 38 | 39 | - role: debops.nginx 40 | tags: [ 'role::nginx' ] 41 | nginx__dependent_upstreams: 42 | - '{{ dokuwiki__nginx__dependent_upstreams }}' 43 | nginx__dependent_servers: 44 | - '{{ dokuwiki__nginx__dependent_servers }}' 45 | 46 | - role: debops.dokuwiki 47 | tags: [ 'role::dokuwiki' ] 48 | 49 | -------------------------------------------------------------------------------- /playbooks/service/dovecot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Dovecot service 4 | hosts: [ 'debops_service_dovecot' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.postfix/env 14 | tags: [ 'role::postfix', 'role::secret', 'role::ferm' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::postfix' ] 18 | secret__directories: 19 | - '{{ postfix__secret__directories }}' 20 | 21 | - role: debops.ferm 22 | tags: [ 'role::ferm' ] 23 | ferm__dependent_rules: 24 | - '{{ postfix__ferm__dependent_rules }}' 25 | 26 | - role: debops.postfix 27 | tags: [ 'role::postfix' ] 28 | postfix__dependent_maincf: 29 | - role: 'dovecot' 30 | config: '{{ dovecot__postfix__dependent_maincf }}' 31 | postfix__dependent_mastercf: 32 | - role: 'dovecot' 33 | config: '{{ dovecot__postfix__dependent_mastercf }}' 34 | 35 | - role: debops.dovecot 36 | tags: [ 'role::dovecot' ] 37 | -------------------------------------------------------------------------------- /playbooks/service/elastic_co.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Elasticsearch BV. APT repositories 4 | hosts: [ 'debops_service_elastic_co' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ elastic_co__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.elastic_co 19 | tags: [ 'role::elastic_co' ] 20 | -------------------------------------------------------------------------------- /playbooks/service/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Elasticsearch cluster 4 | hosts: [ 'debops_service_elasticsearch', 5 | 'debops_service_elasticsearch_master', 6 | 'debops_service_elasticsearch_data', 7 | 'debops_service_elasticsearch_ingest', 8 | 'debops_service_elasticsearch_lb' ] 9 | become: True 10 | 11 | environment: '{{ inventory__environment | d({}) 12 | | combine(inventory__group_environment | d({})) 13 | | combine(inventory__host_environment | d({})) }}' 14 | 15 | roles: 16 | 17 | - role: debops.elasticsearch/env 18 | tags: [ 'role::elasticsearch', 'role::secret', 'role::elasticsearch:config' ] 19 | 20 | - role: debops.secret 21 | tags: [ 'role::secret', 'role::elasticsearch', 'role::elasticsearch:config' ] 22 | secret__directories: 23 | - '{{ elasticsearch__secret__directories }}' 24 | 25 | - role: debops.apt_preferences 26 | tags: [ 'role::apt_preferences' ] 27 | apt_preferences__dependent_list: 28 | - '{{ java__apt_preferences__dependent_list }}' 29 | - '{{ elastic_co__apt_preferences__dependent_list }}' 30 | 31 | - role: debops.etc_services 32 | tags: [ 'role::etc_services' ] 33 | etc_services__dependent_list: 34 | - '{{ elasticsearch__etc_services__dependent_list }}' 35 | 36 | - role: debops.ferm 37 | tags: [ 'role::ferm' ] 38 | ferm__dependent_rules: 39 | - '{{ elasticsearch__ferm__dependent_rules }}' 40 | 41 | - role: debops.java 42 | tags: [ 'role::java' ] 43 | 44 | - role: debops.elastic_co 45 | tags: [ 'role::elastic_co' ] 46 | elastic_co__dependent_packages: 47 | - '{{ elasticsearch__elastic_co__dependent_packages }}' 48 | 49 | - role: debops.elasticsearch 50 | tags: [ 'role::elasticsearch' ] 51 | -------------------------------------------------------------------------------- /playbooks/service/environment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage system environment variables 4 | hosts: [ 'debops_all_hosts', 'debops_service_environment' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.environment 14 | tags: [ 'role::environment' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/etc_aliases.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage /etc/aliases database 4 | hosts: [ 'debops_service_etc_aliases' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_aliases/env 14 | tags: [ 'role::etc_aliases', 'role::secret' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::etc_aliases' ] 18 | secret__directories: 19 | - '{{ etc_aliases__secret__directories }}' 20 | 21 | - role: debops.etc_aliases 22 | tags: [ 'role::etc_aliases' ] 23 | -------------------------------------------------------------------------------- /playbooks/service/etc_services.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage /etc/services database 4 | hosts: [ 'debops_all_hosts', 'debops_service_etc_services' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_services 14 | tags: [ 'role::etc_services' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/etherpad.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Etherpad service 4 | hosts: [ 'debops_service_etherpad' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_services 14 | tags: [ 'role::etc_services' ] 15 | etc_services__dependent_list: 16 | - '{{ etherpad__etc_services__dependent_list }}' 17 | 18 | - role: debops.logrotate 19 | tags: [ 'role::logrotate' ] 20 | logrotate__dependent_config: 21 | - '{{ etherpad__logrotate__dependent_config }}' 22 | 23 | - role: debops.nodejs 24 | tags: [ 'role::nodejs' ] 25 | 26 | - role: debops.apt_preferences 27 | tags: [ 'role::apt_preferences' ] 28 | apt_preferences__dependent_list: 29 | - '{{ nginx__apt_preferences__dependent_list }}' 30 | 31 | - role: debops.ferm 32 | tags: [ 'role::ferm' ] 33 | ferm__dependent_rules: 34 | - '{{ nginx__ferm__dependent_rules }}' 35 | 36 | - role: debops.mariadb 37 | tags: [ 'role::mariadb' ] 38 | mariadb__dependent_users: 39 | - '{{ etherpad__mariadb__dependent_users }}' 40 | mariadb__dependent_databases: 41 | - '{{ etherpad__mariadb__dependent_databases }}' 42 | when: etherpad__database == 'mysql' 43 | 44 | - role: debops.nginx 45 | tags: [ 'role::nginx' ] 46 | nginx__dependent_servers: 47 | - '{{ etherpad__nginx__dependent_servers }}' 48 | nginx__dependent_upstreams: 49 | - '{{ etherpad__nginx__dependent_upstreams }}' 50 | 51 | - role: debops.etherpad 52 | tags: [ 'role::etherpad' ] 53 | -------------------------------------------------------------------------------- /playbooks/service/fail2ban.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage fail2ban service 4 | hosts: [ 'debops_service_fail2ban', 'debops_fail2ban' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.fail2ban 14 | tags: [ 'role::fail2ban' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/fcgiwrap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage fcgiwrap instances 4 | hosts: [ 'debops_service_fcgiwrap', 'debops_fcgiwrap' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.fcgiwrap 14 | tags: [ 'role::fcgiwrap' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/ferm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage firewall using ferm 4 | hosts: [ 'debops_all_hosts', 'debops_service_ferm' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ferm 14 | tags: [ 'role::ferm' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/gitlab.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage GitLab service 4 | hosts: [ 'debops_service_gitlab' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.gitlab/env 14 | tags: [ 'role::gitlab', 'role::postgresql' ] 15 | 16 | - role: debops.apt_preferences 17 | tags: [ 'role::apt_preferences' ] 18 | apt_preferences__dependent_list: 19 | - '{{ golang__apt_preferences__dependent_list }}' 20 | - '{{ nginx__apt_preferences__dependent_list }}' 21 | - '{{ postgresql__apt_preferences__dependent_list }}' 22 | - '{{ redis__apt_preferences__dependent_list }}' 23 | - '{{ ruby__apt_preferences__dependent_list }}' 24 | - '{{ gitlab__apt_preferences__dependent_list }}' 25 | 26 | - role: debops.golang 27 | tags: [ 'role::golang' ] 28 | 29 | - role: debops.nodejs 30 | tags: [ 'role::nodejs' ] 31 | nodejs__upstream: True 32 | 33 | - role: debops.etc_services 34 | tags: [ 'role::etc_services' ] 35 | etc_services__dependent_list: 36 | - '{{ redis__etc_services__dependent_list }}' 37 | - '{{ gitlab__etc_services__dependent_list }}' 38 | 39 | - role: debops.ferm 40 | tags: [ 'role::ferm' ] 41 | ferm__dependent_rules: 42 | - '{{ nginx__ferm__dependent_rules }}' 43 | - '{{ redis__ferm__dependent_rules }}' 44 | 45 | - role: debops.ruby 46 | tags: [ 'role::ruby' ] 47 | ruby__dev_support: True 48 | 49 | - role: debops.redis 50 | tags: [ 'role::redis' ] 51 | 52 | - role: debops.postgresql 53 | tags: [ 'role::postgresql' ] 54 | postgresql__dependent_roles: 55 | - '{{ gitlab__postgresql__dependent_roles }}' 56 | postgresql__dependent_groups: 57 | - '{{ gitlab__postgresql__dependent_groups }}' 58 | postgresql__dependent_databases: 59 | - '{{ gitlab__postgresql__dependent_databases }}' 60 | postgresql__dependent_extensions: 61 | - '{{ gitlab__postgresql__dependent_extensions }}' 62 | postgresql__dependent_pgpass: 63 | - '{{ gitlab__postgresql__dependent_pgpass }}' 64 | when: gitlab__database == 'postgresql' 65 | 66 | - role: debops.nginx 67 | tags: [ 'role::nginx' ] 68 | nginx__dependent_servers: 69 | - '{{ gitlab__nginx__dependent_servers }}' 70 | nginx__dependent_upstreams: 71 | - '{{ gitlab__nginx__dependent_upstreams }}' 72 | 73 | - role: debops.gitlab 74 | tags: [ 'role::gitlab' ] 75 | -------------------------------------------------------------------------------- /playbooks/service/gitlab_ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage GitLab CI service 4 | hosts: [ 'debops_service_gitlab_ci', 'debops_gitlab_ci' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.gitlab_ci 14 | tags: [ 'role::gitlab_ci' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/gitlab_ci_runner.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage GitLab CI Runner service 4 | hosts: [ 'debops_service_gitlab_ci_runner', 'debops_gitlab_ci_runner' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.gitlab_ci_runner 14 | tags: [ 'role::gitlab_ci_runner' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/gitlab_runner.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage GitLab Runner service 4 | hosts: [ 'debops_service_gitlab_runner' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.gitlab_runner 14 | tags: [ 'role::gitlab_runner' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/gitusers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage users with git-shell accounts 4 | hosts: [ 'debops_service_gitusers', 'debops_gitusers' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.gitusers 14 | tags: [ 'role::gitusers' ] 15 | 16 | - role: debops.authorized_keys 17 | tags: [ 'role::authorized_keys' ] 18 | -------------------------------------------------------------------------------- /playbooks/service/golang.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Go environment 4 | hosts: [ 'debops_service_golang', 'debops_golang' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ golang__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.golang 19 | tags: [ 'role::golang' ] 20 | 21 | -------------------------------------------------------------------------------- /playbooks/service/grub.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure GRUB 4 | hosts: [ 'debops_service_grub', 'debops_grub' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.grub 14 | tags: [ 'role::grub' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/gunicorn.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Green Unicorn service 4 | hosts: [ 'debops_service_gunicorn' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ gunicorn__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.gunicorn 19 | tags: [ 'role::gunicorn' ] 20 | -------------------------------------------------------------------------------- /playbooks/service/hashicorp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install HashiCorp applications 4 | hosts: [ 'debops_service_hashicorp' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.hashicorp 14 | tags: [ 'role::hashicorp' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/hwraid.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure HWRaid support 4 | hosts: [ 'debops_service_hwraid', 'debops_hwraid' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.hwraid 14 | tags: [ 'role::hwraid' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/ifupdown.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage network configuration using ifupdown 4 | hosts: [ 'debops_service_ifupdown' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ifupdown/env 14 | tags: [ 'role::ifupdown', 'role::ferm' ] 15 | 16 | - role: debops.ferm 17 | tags: [ 'role::ferm' ] 18 | ferm__dependent_rules: 19 | - '{{ ifupdown__env_ferm__dependent_rules }}' 20 | 21 | - role: debops.ifupdown 22 | tags: [ 'role::ifupdown' ] 23 | -------------------------------------------------------------------------------- /playbooks/service/ipxe.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage iPXE configuration files 4 | hosts: [ 'debops_service_ipxe', 'debops_ipxe' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ipxe 14 | tags: [ 'role::ipxe' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/iscsi.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure iSCSI Initiator 4 | hosts: [ 'debops_service_iscsi', 'debops_iscsi' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.unattended_upgrades 14 | tags: [ 'role::unattended_upgrades' ] 15 | unattended_upgrades__dependent_blacklist: '{{ iscsi__unattended_upgrades__dependent_blacklist }}' 16 | 17 | - role: debops.lvm 18 | tags: [ 'role::lvm' ] 19 | 20 | - role: debops.iscsi 21 | tags: [ 'role::iscsi' ] 22 | 23 | -------------------------------------------------------------------------------- /playbooks/service/java.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Java environment 4 | hosts: [ 'debops_service_java', 'debops_java' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ java__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.java 19 | tags: [ 'role::java' ] 20 | -------------------------------------------------------------------------------- /playbooks/service/kibana.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Kibana service 4 | hosts: [ 'debops_service_kibana' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.kibana/env 14 | tags: [ 'role::kibana', 'role::secret', 'role::kibana:config' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::kibana', 'role::kibana:config' ] 18 | secret__directories: 19 | - '{{ kibana__secret__directories }}' 20 | 21 | - role: debops.apt_preferences 22 | tags: [ 'role::apt_preferences' ] 23 | apt_preferences__dependent_list: 24 | - '{{ elastic_co__apt_preferences__dependent_list }}' 25 | - '{{ nginx__apt_preferences__dependent_list }}' 26 | 27 | - role: debops.etc_services 28 | tags: [ 'role::etc_services' ] 29 | etc_services__dependent_list: 30 | - '{{ kibana__etc_services__dependent_list }}' 31 | 32 | - role: debops.ferm 33 | tags: [ 'role::ferm' ] 34 | ferm__dependent_rules: 35 | - '{{ nginx__ferm__dependent_rules }}' 36 | 37 | - role: debops.nginx 38 | tags: [ 'role::nginx' ] 39 | nginx__dependent_servers: 40 | - '{{ kibana__nginx__dependent_servers }}' 41 | nginx__dependent_upstreams: 42 | - '{{ kibana__nginx__dependent_upstreams }}' 43 | 44 | - role: debops.elastic_co 45 | tags: [ 'role::elastic_co' ] 46 | elastic_co__dependent_packages: 47 | - '{{ kibana__elastic_co__dependent_packages }}' 48 | 49 | - role: debops.kibana 50 | tags: [ 'role::kibana' ] 51 | -------------------------------------------------------------------------------- /playbooks/service/librenms.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage LibreNMS service 4 | hosts: [ 'debops_service_librenms', 'debops_librenms' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.php/env 14 | tags: [ 'role::php', 'role::logrotate' ] 15 | 16 | - role: debops.apt_preferences 17 | tags: [ 'role::apt_preferences' ] 18 | apt_preferences__dependent_list: 19 | - '{{ php__apt_preferences__dependent_list }}' 20 | - '{{ nginx__apt_preferences__dependent_list }}' 21 | 22 | - role: debops.logrotate 23 | tags: [ 'role::logrotate' ] 24 | logrotate__dependent_config: 25 | - '{{ php__logrotate__dependent_config }}' 26 | - '{{ librenms__logrotate__dependent_config }}' 27 | 28 | - role: debops.ferm 29 | tags: [ 'role::ferm' ] 30 | ferm__dependent_rules: 31 | - '{{ nginx__ferm__dependent_rules }}' 32 | 33 | - role: debops.php 34 | tags: [ 'role::php' ] 35 | php__dependent_packages: 36 | - '{{ librenms__php__dependent_packages }}' 37 | php__dependent_pools: 38 | - '{{ librenms__php__dependent_pools }}' 39 | 40 | - role: debops.nginx 41 | tags: [ 'role::nginx' ] 42 | nginx__dependent_servers: 43 | - '{{ librenms__nginx__dependent_servers }}' 44 | nginx__dependent_upstreams: 45 | - '{{ librenms__nginx__dependent_upstreams }}' 46 | 47 | - role: debops.mariadb 48 | tags: [ 'role::mariadb' ] 49 | mariadb__dependent_users: 50 | - '{{ librenms__mariadb__dependent_users }}' 51 | 52 | - role: debops.librenms 53 | tags: [ 'role::librenms' ] 54 | -------------------------------------------------------------------------------- /playbooks/service/libvirt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage libvirt hosts 4 | hosts: [ 'debops_service_libvirt', 'debops_libvirt' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.libvirt 14 | tags: [ 'role::libvirt' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/libvirtd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install and manage libvirtd 4 | hosts: [ 'debops_service_libvirtd' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ libvirtd__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.ferm 19 | tags: [ 'role::ferm' ] 20 | ferm__forward: '{{ libvirtd__ferm__forward|d() | bool }}' 21 | ferm__forward_accept: '{{ libvirtd__ferm__forward|d() | bool }}' 22 | ferm__dependent_rules: 23 | - '{{ libvirtd__ferm__dependent_rules }}' 24 | - '{{ libvirtd_qemu__ferm__dependent_rules }}' 25 | 26 | - role: debops.libvirtd 27 | tags: [ 'role::libvirtd' ] 28 | 29 | - role: debops.libvirtd_qemu 30 | tags: [ 'role::libvirtd_qemu', 'role::libvirtd' ] 31 | -------------------------------------------------------------------------------- /playbooks/service/libvirtd_qemu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install and manage libvirtd QEMU configuration 4 | hosts: [ 'debops_service_libvirtd_qemu' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ferm 14 | tags: [ 'role::ferm' ] 15 | ferm__dependent_rules: 16 | - '{{ libvirtd_qemu__ferm__dependent_rules }}' 17 | 18 | - role: debops.libvirtd_qemu 19 | tags: [ 'role::libvirtd_qemu' ] 20 | -------------------------------------------------------------------------------- /playbooks/service/logrotate.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage log rotation configuration 4 | hosts: [ 'debops_all_hosts', 'debops_service_logrotate' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.logrotate 14 | tags: [ 'role::logrotate' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/lvm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure Logical Volume Manager 4 | hosts: [ 'debops_service_lvm', 'debops_lvm' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.lvm 14 | tags: [ 'role::lvm' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/lxc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage LXC hosts 4 | hosts: [ 'debops_service_lxc' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ lxc__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.ferm 19 | tags: [ 'role::ferm' ] 20 | ferm__forward: '{{ lxc__ferm__forward|bool }}' 21 | ferm__dependent_rules: 22 | - '{{ lxc__ferm__dependent_rules }}' 23 | 24 | - role: debops.lxc 25 | tags: [ 'role::lxc' ] 26 | -------------------------------------------------------------------------------- /playbooks/service/mailman.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Mailman service 4 | hosts: [ 'debops_service_mailman' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.postfix/env 14 | tags: [ 'role::postfix', 'role::secret', 'role::ferm' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::postfix' ] 18 | secret__directories: 19 | - '{{ postfix__secret__directories }}' 20 | 21 | - role: debops.fcgiwrap 22 | tags: [ 'role::fcgiwrap' ] 23 | fcgiwrap__instances: 24 | - '{{ mailman__fcgiwrap__instance }}' 25 | 26 | - role: debops.unattended_upgrades 27 | tags: [ 'role::unattended_upgrades' ] 28 | unattended_upgrades__dependent_blacklist: '{{ mailman__unattended_upgrades__dependent_blacklist }}' 29 | 30 | - role: debops.apt_preferences 31 | tags: [ 'role::apt_preferences' ] 32 | apt_preferences__dependent_list: 33 | - '{{ mailman__apt_preferences__dependent_list }}' 34 | - '{{ nginx__apt_preferences__dependent_list }}' 35 | 36 | - role: debops.ferm 37 | tags: [ 'role::ferm' ] 38 | ferm__dependent_rules: 39 | - '{{ postfix__ferm__dependent_rules }}' 40 | - '{{ nginx__ferm__dependent_rules }}' 41 | 42 | - role: debops.postfix 43 | tags: [ 'role::postfix' ] 44 | postfix__dependent_maincf: 45 | - role: 'mailman' 46 | config: '{{ mailman__postfix__dependent_maincf }}' 47 | 48 | - role: debops.nginx 49 | tags: [ 'role::nginx' ] 50 | nginx__servers: '{{ mailman__nginx__servers }}' 51 | 52 | - role: debops.mailman 53 | tags: [ 'role::mailman' ] 54 | -------------------------------------------------------------------------------- /playbooks/service/mariadb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage MariaDB client 4 | hosts: [ 'debops_service_mariadb', 'debops_mariadb' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.mariadb 14 | tags: [ 'role::mariadb' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/mariadb_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage MariaDB server 4 | hosts: [ 'debops_service_mariadb_server', 'debops_mariadb_server' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ferm 14 | tags: [ 'role::ferm' ] 15 | ferm__dependent_rules: 16 | - '{{ mariadb_server__ferm__dependent_rules }}' 17 | 18 | - role: debops.tcpwrappers 19 | tags: [ 'role::tcpwrappers' ] 20 | tcpwrappers__dependent__allow: 21 | - '{{ mariadb_server__tcpwrappers__dependent_allow }}' 22 | 23 | - role: debops.mariadb_server 24 | tags: [ 'role::mariadb_server' ] 25 | 26 | -------------------------------------------------------------------------------- /playbooks/service/memcached.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage memcached server 4 | hosts: [ 'debops_service_memcached', 'debops_memcached' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.memcached 14 | tags: [ 'role::memcached' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/monit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Monit service 4 | hosts: [ 'debops_service_monit', 'debops_monit' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.monit 14 | tags: [ 'role::monit' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/mosquitto-nginx.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure Mosquitto service with Nginx 4 | hosts: [ 'debops_service_mosquitto_nginx' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ nginx__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.etc_services 19 | tags: [ 'role::etc_services' ] 20 | etc_services__dependent_list: 21 | - '{{ mosquitto__etc_services__dependent_list }}' 22 | 23 | - role: debops.tcpwrappers 24 | tags: [ 'role::tcpwrappers' ] 25 | tcpwrappers__dependent_allow: 26 | - '{{ mosquitto__tcpwrappers__dependent_allow }}' 27 | 28 | - role: debops.ferm 29 | tags: [ 'role::ferm' ] 30 | ferm__dependent_rules: 31 | - '{{ mosquitto__ferm__dependent_rules }}' 32 | - '{{ nginx__ferm__dependent_rules }}' 33 | 34 | - role: debops.nginx 35 | tags: [ 'role::nginx' ] 36 | nginx__dependent_servers: 37 | - '{{ mosquitto__nginx__dependent_servers }}' 38 | nginx__dependent_upstreams: 39 | - '{{ mosquitto__nginx__dependent_upstreams }}' 40 | 41 | - role: debops.mosquitto 42 | tags: [ 'role::mosquitto' ] 43 | -------------------------------------------------------------------------------- /playbooks/service/mosquitto-plain.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure Mosquitto service 4 | hosts: [ 'debops_service_mosquitto' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_services 14 | tags: [ 'role::etc_services' ] 15 | etc_services__dependent_list: 16 | - '{{ mosquitto__etc_services__dependent_list }}' 17 | 18 | - role: debops.tcpwrappers 19 | tags: [ 'role::tcpwrappers' ] 20 | tcpwrappers__dependent_allow: 21 | - '{{ mosquitto__tcpwrappers__dependent_allow }}' 22 | 23 | - role: debops.ferm 24 | tags: [ 'role::ferm' ] 25 | ferm__dependent_rules: 26 | - '{{ mosquitto__ferm__dependent_rules }}' 27 | 28 | - role: debops.mosquitto 29 | tags: [ 'role::mosquitto' ] 30 | -------------------------------------------------------------------------------- /playbooks/service/mosquitto.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: mosquitto-plain.yml 4 | 5 | - include: mosquitto-nginx.yml 6 | -------------------------------------------------------------------------------- /playbooks/service/mysql.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage MySQL server 4 | hosts: 'debops_mysql' 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.mysql 14 | tags: mysql 15 | 16 | - role: debops.phpmyadmin 17 | when: mysql_phpmyadmin is defined and mysql_phpmyadmin 18 | tags: [ 'mysql', 'phpmyadmin' ] 19 | 20 | -------------------------------------------------------------------------------- /playbooks/service/netbox.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage NetBox IPAM/DCIM application 4 | hosts: [ 'debops_service_netbox' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ postgresql__apt_preferences__dependent_list }}' 17 | - '{{ nginx__apt_preferences__dependent_list }}' 18 | 19 | - role: debops.ferm 20 | tags: [ 'role::ferm' ] 21 | ferm__dependent_rules: 22 | - '{{ nginx__ferm__dependent_rules }}' 23 | 24 | - role: debops.postgresql 25 | tags: [ 'role::postgresql' ] 26 | postgresql__dependent_roles: 27 | - '{{ netbox__postgresql__dependent_roles }}' 28 | postgresql__dependent_groups: 29 | - '{{ netbox__postgresql__dependent_groups }}' 30 | postgresql__dependent_databases: 31 | - '{{ netbox__postgresql__dependent_databases }}' 32 | postgresql__dependent_pgpass: 33 | - '{{ netbox__postgresql__dependent_pgpass }}' 34 | 35 | - role: debops.gunicorn 36 | tags: [ 'role::gunicorn' ] 37 | gunicorn__dependent_applications: 38 | - '{{ netbox__gunicorn__dependent_applications }}' 39 | 40 | - role: debops.nginx 41 | tags: [ 'role::nginx' ] 42 | nginx__dependent_upstreams: 43 | - '{{ netbox__nginx__dependent_upstreams }}' 44 | nginx__dependent_servers: 45 | - '{{ netbox__nginx__dependent_servers }}' 46 | 47 | - role: debops.netbox 48 | tags: [ 'role::netbox' ] 49 | -------------------------------------------------------------------------------- /playbooks/service/nfs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage NFS shares 4 | hosts: [ 'debops_service_nfs' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.nfs 14 | tags: [ 'role::nfs' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/nfs_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure NFS Server 4 | hosts: [ 'debops_service_nfs_server' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_services 14 | tags: [ 'role::etc_services', 'role::ferm' ] 15 | etc_services__dependent_list: 16 | - '{{ nfs_server__etc_services__dependent_list }}' 17 | 18 | - role: debops.ferm 19 | tags: [ 'role::ferm' ] 20 | ferm__dependent_rules: 21 | - '{{ nfs_server__ferm__dependent_rules }}' 22 | 23 | - role: debops.tcpwrappers 24 | tags: [ 'role::tcpwrappers' ] 25 | tcpwrappers__dependent_allow: 26 | - '{{ nfs_server__tcpwrappers__dependent_allow }}' 27 | 28 | - role: debops.nfs_server 29 | tags: [ 'role::nfs_server' ] 30 | -------------------------------------------------------------------------------- /playbooks/service/nginx.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage nginx webserver 4 | hosts: [ 'debops_service_nginx' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ nginx__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.ferm 19 | tags: [ 'role::ferm' ] 20 | ferm__dependent_rules: 21 | - '{{ nginx__ferm__dependent_rules }}' 22 | 23 | - role: debops.nginx 24 | tags: [ 'role::nginx' ] 25 | -------------------------------------------------------------------------------- /playbooks/service/nodejs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage NodeJS environment 4 | hosts: [ 'debops_service_nodejs', 'debops_nodejs' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.nodejs 14 | tags: [ 'role::nodejs' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/nsswitch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Name Service Swtich configuration 4 | hosts: [ 'debops_all_hosts', 'debops_service_nsswitch' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.nsswitch 14 | tags: [ 'role::nsswitch' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/ntp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Network Time Protocol service 4 | hosts: [ 'debops_all_hosts', 'debops_service_ntp' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ferm 14 | tags: [ 'role::ferm' ] 15 | ferm__dependent_rules: 16 | - '{{ ntp__ferm__dependent_rules }}' 17 | 18 | - role: debops.ntp 19 | tags: [ 'role::ntp' ] 20 | 21 | -------------------------------------------------------------------------------- /playbooks/service/nullmailer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage nullmailer SMTP server 4 | hosts: [ 'debops_all_hosts', 'debops_service_nullmailer' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.nullmailer/env 14 | tags: [ 'role::nullmailer', 'role::ferm', 'role::tcpwrappers' ] 15 | 16 | - role: debops.ferm 17 | tags: [ 'role::ferm' ] 18 | ferm__dependent_rules: 19 | - '{{ nullmailer__ferm__dependent_rules }}' 20 | 21 | - role: debops.tcpwrappers 22 | tags: [ 'role::tcpwrappers' ] 23 | tcpwrappers__dependent_allow: 24 | - '{{ nullmailer__tcpwrappers__dependent_allow }}' 25 | 26 | - role: debops.nullmailer 27 | tags: [ 'role::nullmailer' ] 28 | -------------------------------------------------------------------------------- /playbooks/service/opendkim.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage OpenDKIM service 4 | hosts: [ 'debops_service_opendkim' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.postfix/env 14 | tags: [ 'role::postfix', 'role::secret' ] 15 | when: opendkim__postfix_integration|bool 16 | 17 | - role: debops.opendkim/env 18 | tags: [ 'role::opendkim', 'role::secret' ] 19 | 20 | - role: debops.secret 21 | tags: [ 'role::secret', 'role::opendkim', 'role::postfix' ] 22 | secret__directories: 23 | - '{{ postfix__secret__directories | d([]) }}' 24 | - '{{ opendkim__secret__directories | d([]) }}' 25 | 26 | - role: debops.postfix 27 | tags: [ 'role::postfix' ] 28 | postfix__dependent_maincf: 29 | - role: 'opendkim' 30 | config: '{{ opendkim__postfix__dependent_maincf }}' 31 | when: opendkim__postfix_integration|bool 32 | 33 | - role: debops.opendkim 34 | tags: [ 'role::opendkim' ] 35 | -------------------------------------------------------------------------------- /playbooks/service/openvz.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage OpenVZ Hardware Nodes 4 | hosts: [ 'debops_service_openvz', 'debops_openvz' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.openvz 14 | tags: [ 'role::openvz' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/owncloud-apache.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install and manage ownCloud instances with Apache as webserver 4 | hosts: [ 'debops_service_owncloud_apache' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apache/env 14 | tags: [ 'role::apache', 'role::apache:env' ] 15 | 16 | - role: debops.php/env 17 | tags: [ 'role::php', 'role::php:env','role::apt_preferences', 'role::logrotate' ] 18 | 19 | - role: debops.owncloud/env 20 | tags: [ 'role::owncloud', 'role::owncloud:env' ] 21 | 22 | - role: debops.apt_preferences 23 | tags: [ 'role::apt_preferences' ] 24 | apt_preferences__dependent_list: 25 | - '{{ owncloud__apt_preferences__dependent_list }}' 26 | - '{{ php__apt_preferences__dependent_list }}' 27 | 28 | - role: debops.ferm 29 | tags: [ 'role::ferm' ] 30 | ferm__dependent_rules: 31 | - '{{ apache__ferm__dependent_rules }}' 32 | 33 | - role: debops.mariadb 34 | tags: [ 'role::mariadb' ] 35 | mariadb__dependent_users: '{{ owncloud__mariadb__dependent_users }}' 36 | when: (owncloud__database == 'mariadb') 37 | 38 | - role: debops.postgresql 39 | postgresql__dependent_roles: '{{ owncloud__postgresql__dependent_roles }}' 40 | postgresql__dependent_groups: '{{ owncloud__postgresql__dependent_groups }}' 41 | postgresql__dependent_databases: '{{ owncloud__postgresql__dependent_databases }}' 42 | when: (owncloud__database == 'postgresql') 43 | tags: [ 'role::postgresql' ] 44 | 45 | - role: debops.unattended_upgrades 46 | tags: [ 'role::unattended_upgrades' ] 47 | unattended_upgrades__dependent_origins: '{{ owncloud__unattended_upgrades__dependent_origins }}' 48 | 49 | - role: debops.php 50 | tags: [ 'role::php' ] 51 | php__dependent_packages: 52 | - '{{ owncloud__php__dependent_packages }}' 53 | php__dependent_configuration: 54 | - '{{ owncloud__php__dependent_configuration }}' 55 | php__dependent_pools: 56 | - '{{ owncloud__php__dependent_pools }}' 57 | 58 | - role: debops.logrotate 59 | tags: [ 'role::logrotate' ] 60 | logrotate__dependent_config: 61 | - '{{ php__logrotate__dependent_config }}' 62 | - '{{ owncloud__logrotate__dependent_config }}' 63 | 64 | - role: debops.apache 65 | tags: [ 'role::apache' ] 66 | apache__dependent_snippets: '{{ owncloud__apache__dependent_snippets }}' 67 | apache__dependent_vhosts: 68 | - '{{ owncloud__apache__dependent_vhosts }}' 69 | 70 | - role: debops.owncloud 71 | tags: [ 'role::owncloud' ] 72 | -------------------------------------------------------------------------------- /playbooks/service/owncloud-nginx.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install and manage ownCloud instances with Nginx as webserver 4 | hosts: [ 'debops_service_owncloud', 'debops_service_owncloud_nginx' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.php/env 14 | tags: [ 'role::php', 'role::php:env','role::apt_preferences', 'role::logrotate' ] 15 | 16 | - role: debops.owncloud/env 17 | tags: [ 'role::owncloud', 'role::owncloud:env', 'role::nginx' ] 18 | 19 | - role: debops.apt_preferences 20 | tags: [ 'role::apt_preferences', 'role::nginx', 'role::php' ] 21 | apt_preferences__dependent_list: 22 | - '{{ nginx__apt_preferences__dependent_list }}' 23 | - '{{ owncloud__apt_preferences__dependent_list }}' 24 | - '{{ php__apt_preferences__dependent_list }}' 25 | 26 | - role: debops.ferm 27 | tags: [ 'role::ferm', 'role::nginx' ] 28 | ferm__dependent_rules: 29 | - '{{ nginx__ferm__dependent_rules }}' 30 | 31 | - role: debops.mariadb 32 | tags: [ 'role::mariadb' ] 33 | mariadb__dependent_databases: '{{ owncloud__mariadb__dependent_databases }}' 34 | mariadb__dependent_users: '{{ owncloud__mariadb__dependent_users }}' 35 | when: (owncloud__database == 'mariadb') 36 | 37 | - role: debops.postgresql 38 | postgresql__dependent_roles: '{{ owncloud__postgresql__dependent_roles }}' 39 | postgresql__dependent_groups: '{{ owncloud__postgresql__dependent_groups }}' 40 | postgresql__dependent_databases: '{{ owncloud__postgresql__dependent_databases }}' 41 | when: (owncloud__database == 'postgresql') 42 | tags: [ 'role::postgresql' ] 43 | 44 | - role: debops.unattended_upgrades 45 | tags: [ 'role::unattended_upgrades' ] 46 | unattended_upgrades__dependent_origins: '{{ owncloud__unattended_upgrades__dependent_origins }}' 47 | 48 | - role: debops.php 49 | tags: [ 'role::php' ] 50 | php__dependent_packages: 51 | - '{{ owncloud__php__dependent_packages }}' 52 | php__dependent_configuration: 53 | - '{{ owncloud__php__dependent_configuration }}' 54 | php__dependent_pools: 55 | - '{{ owncloud__php__dependent_pools }}' 56 | 57 | - role: debops.logrotate 58 | tags: [ 'role::logrotate' ] 59 | logrotate__dependent_config: 60 | - '{{ php__logrotate__dependent_config }}' 61 | - '{{ owncloud__logrotate__dependent_config }}' 62 | 63 | - role: debops.nginx 64 | tags: [ 'role::nginx' ] 65 | nginx__dependent_servers: 66 | - '{{ owncloud__nginx__dependent_servers }}' 67 | nginx__dependent_upstreams: 68 | - '{{ owncloud__nginx__dependent_upstreams }}' 69 | 70 | - role: debops.owncloud 71 | tags: [ 'role::owncloud' ] 72 | -------------------------------------------------------------------------------- /playbooks/service/owncloud.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: owncloud-apache.yml 4 | 5 | - include: owncloud-nginx.yml 6 | -------------------------------------------------------------------------------- /playbooks/service/persistent_paths.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Ensure paths are stored on persistent storage 4 | hosts: [ 'debops_service_persistent_paths' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.persistent_paths 14 | tags: [ 'role::persistent_paths' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/php.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install and manage PHP environment 4 | hosts: [ 'debops_service_php' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.php/env 14 | tags: [ 'role::php', 'role::logrotate' ] 15 | 16 | - role: debops.apt_preferences 17 | tags: [ 'role::apt_preferences' ] 18 | apt_preferences__dependent_list: 19 | - '{{ php__apt_preferences__dependent_list }}' 20 | 21 | - role: debops.logrotate 22 | tags: [ 'role::logrotate' ] 23 | logrotate__dependent_config: 24 | - '{{ php__logrotate__dependent_config }}' 25 | 26 | - role: debops.php 27 | tags: [ 'role::php' ] 28 | -------------------------------------------------------------------------------- /playbooks/service/php5.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage PHP5 environment 4 | hosts: [ 'debops_service_php5', 'debops_php5' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.php5 14 | tags: [ 'role::php5' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/phpipam.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage phpIPAM service 4 | hosts: [ 'debops_service_phpipam', 'debops_phpipam' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.phpipam 14 | tags: [ 'role::phpipam' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/pki.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Public Key Infrastructure 4 | hosts: [ 'debops_all_hosts', 'debops_service_pki' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.pki/env 14 | tags: [ 'role::pki', 'role::pki:secret', 'role::secret' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::pki', 'role::pki:secret' ] 18 | secret_directories: 19 | - '{{ pki_env_secret_directories }}' 20 | 21 | - role: debops.pki 22 | tags: [ 'role::pki' ] 23 | 24 | -------------------------------------------------------------------------------- /playbooks/service/postconf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Postfix configuration 4 | hosts: [ 'debops_service_postconf' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.postconf/env 14 | tags: [ 'role::postconf', 'role::postfix', 'role::ferm' ] 15 | 16 | - role: debops.postfix/env 17 | tags: [ 'role::postfix', 'role::secret', 'role::ferm' ] 18 | postfix__dependent_mastercf: 19 | - role: 'postconf' 20 | config: '{{ postconf__postfix__dependent_mastercf }}' 21 | 22 | - role: debops.secret 23 | tags: [ 'role::secret', 'role::postfix' ] 24 | secret__directories: 25 | - '{{ postfix__secret__directories }}' 26 | 27 | - role: debops.ferm 28 | tags: [ 'role::ferm' ] 29 | ferm__dependent_rules: 30 | - '{{ postfix__ferm__dependent_rules }}' 31 | 32 | - role: debops.postfix 33 | tags: [ 'role::postfix' ] 34 | postfix__dependent_maincf: 35 | - role: 'postconf' 36 | config: '{{ postconf__postfix__dependent_maincf }}' 37 | postfix__dependent_mastercf: 38 | - role: 'postconf' 39 | config: '{{ postconf__postfix__dependent_mastercf }}' 40 | postfix__dependent_lookup_tables: 41 | - '{{ postconf__postfix__dependent_lookup_tables }}' 42 | 43 | - role: debops.postconf 44 | tags: [ 'role::postconf' ] 45 | -------------------------------------------------------------------------------- /playbooks/service/postfix.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Postfix SMTP service 4 | hosts: [ 'debops_service_postfix' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_aliases/env 14 | tags: [ 'role::etc_aliases', 'role::secret', 'role::postfix' ] 15 | 16 | - role: debops.postfix/env 17 | tags: [ 'role::postfix', 'role::secret', 'role::ferm' ] 18 | 19 | - role: debops.secret 20 | tags: [ 'role::secret', 'role::postfix' ] 21 | secret__directories: 22 | - '{{ etc_aliases__secret__directories }}' 23 | - '{{ postfix__secret__directories }}' 24 | 25 | - role: debops.ferm 26 | tags: [ 'role::ferm' ] 27 | ferm__dependent_rules: 28 | - '{{ postfix__ferm__dependent_rules }}' 29 | 30 | - role: debops.etc_aliases 31 | tags: [ 'role::etc_aliases' ] 32 | 33 | - role: debops.postfix 34 | tags: [ 'role::postfix' ] 35 | -------------------------------------------------------------------------------- /playbooks/service/postgresql.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage PostgreSQL client 4 | hosts: [ 'debops_service_postgresql', 'debops_postgresql' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ postgresql__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.postgresql 19 | tags: [ 'role::postgresql' ] 20 | 21 | -------------------------------------------------------------------------------- /playbooks/service/postgresql_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage PostgreSQL server 4 | hosts: [ 'debops_service_postgresql_server', 'debops_postgresql_server' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ postgresql_server__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.etc_services 19 | tags: [ 'role::etc_services' ] 20 | etc_services__dependent_list: 21 | - '{{ postgresql_server__etc_services__dependent_list }}' 22 | 23 | - role: debops.ferm 24 | tags: [ 'role::ferm' ] 25 | ferm__dependent_rules: 26 | - '{{ postgresql_server__ferm__dependent_rules }}' 27 | 28 | - role: debops.postgresql_server 29 | tags: [ 'role::postgresql_server' ] 30 | 31 | -------------------------------------------------------------------------------- /playbooks/service/postscreen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Postfix postscreen configuration 4 | hosts: [ 'debops_service_postscreen' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.postfix/env 14 | tags: [ 'role::postfix', 'role::secret' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::postfix' ] 18 | secret__directories: 19 | - '{{ postfix__secret__directories }}' 20 | 21 | - role: debops.postfix 22 | tags: [ 'role::postfix' ] 23 | postfix__dependent_packages: 24 | - '{{ postscreen__postfix__dependent_packages }}' 25 | postfix__dependent_maincf: 26 | - role: 'postscreen' 27 | config: '{{ postscreen__postfix__dependent_maincf }}' 28 | postfix__dependent_mastercf: 29 | - role: 'postscreen' 30 | config: '{{ postscreen__postfix__dependent_mastercf }}' 31 | 32 | - role: debops.postscreen 33 | tags: [ 'role::postscreen' ] 34 | -------------------------------------------------------------------------------- /playbooks/service/postwhite.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Postwhite service 4 | hosts: [ 'debops_service_postwhite' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.postfix/env 14 | tags: [ 'role::postfix', 'role::secret' ] 15 | when: (ansible_local|d() and ansible_local.postfix|d() and 16 | (ansible_local.postfix.installed|d())|bool) 17 | 18 | - role: debops.secret 19 | tags: [ 'role::secret', 'role::postfix' ] 20 | secret__directories: 21 | - '{{ postfix__secret__directories }}' 22 | when: (ansible_local|d() and ansible_local.postfix|d() and 23 | (ansible_local.postfix.installed|d())|bool) 24 | 25 | - role: debops.postfix 26 | tags: [ 'role::postfix' ] 27 | postfix__dependent_maincf: 28 | - role: 'postwhite' 29 | config: '{{ postwhite__postfix__dependent_maincf }}' 30 | when: (ansible_local|d() and ansible_local.postfix|d() and 31 | (ansible_local.postfix.installed|d())|bool) 32 | 33 | - role: debops.postwhite 34 | tags: [ 'role::postwhite' ] 35 | -------------------------------------------------------------------------------- /playbooks/service/preseed.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Provide Debian Preseed configuration files over HTTP 4 | hosts: [ 'debops_service_preseed' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ nginx_apt_preferences_dependent_list }}' 17 | 18 | - role: debops.ferm 19 | tags: [ 'role::ferm' ] 20 | ferm__dependent_rules: 21 | - '{{ nginx_ferm_dependent_rules }}' 22 | 23 | - role: debops.nginx 24 | tags: [ 'role::nginx' ] 25 | nginx_servers: '{{ preseed__nginx__servers }}' 26 | 27 | - role: debops.preseed 28 | tags: [ 'role::preseed' ] 29 | 30 | -------------------------------------------------------------------------------- /playbooks/service/rabbitmq_management.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure RabbitMQ Management Console 4 | hosts: [ 'debops_service_rabbitmq_management' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.rabbitmq_server/env 14 | tags: [ 'role::rabbitmq_server', 'role::secret', 'role::rabbitmq_server:config' ] 15 | when: rabbitmq_management__local|bool 16 | 17 | - role: debops.secret 18 | tags: [ 'role::secret', 'role::rabbitmq_server', 'role::rabbitmq_server:config' ] 19 | secret__directories: 20 | - '{{ rabbitmq_server__secret__directories }}' 21 | when: rabbitmq_management__local|bool 22 | 23 | - role: debops.etc_services 24 | tags: [ 'role::etc_services' ] 25 | etc_services__dependent_list: 26 | - '{{ rabbitmq_management__etc_services__dependent_list }}' 27 | when: rabbitmq_management__local|bool 28 | 29 | - role: debops.apt_preferences 30 | tags: [ 'role::apt_preferences' ] 31 | apt_preferences__dependent_list: 32 | - '{{ nginx__apt_preferences__dependent_list }}' 33 | 34 | - role: debops.ferm 35 | tags: [ 'role::ferm' ] 36 | ferm__dependent_rules: 37 | - '{{ nginx__ferm__dependent_rules }}' 38 | 39 | - role: debops.nginx 40 | tags: [ 'role::nginx' ] 41 | nginx__dependent_servers: 42 | - '{{ rabbitmq_management__nginx__dependent_servers }}' 43 | nginx__dependent_upstreams: 44 | - '{{ rabbitmq_management__nginx__dependent_upstreams }}' 45 | 46 | - role: debops.rabbitmq_server 47 | tags: [ 'role::rabbitmq_server' ] 48 | rabbitmq_server__dependent_role: 'rabbitmq_management' 49 | rabbitmq_server__dependent_state: '{{ rabbitmq_management__deploy_state }}' 50 | rabbitmq_server__dependent_config: 51 | - '{{ rabbitmq_management__rabbitmq_server__dependent_config }}' 52 | when: rabbitmq_management__local|bool 53 | 54 | - role: debops.rabbitmq_management 55 | tags: [ 'role::rabbitmq_management' ] 56 | -------------------------------------------------------------------------------- /playbooks/service/rabbitmq_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage RabbitMQ service 4 | hosts: [ 'debops_service_rabbitmq_server' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.rabbitmq_server/env 14 | tags: [ 'role::rabbitmq_server', 'role::secret', 'role::rabbitmq_server:config' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::rabbitmq_server', 'role::rabbitmq_server:config' ] 18 | secret__directories: 19 | - '{{ rabbitmq_server__secret__directories }}' 20 | 21 | - role: debops.apt_preferences 22 | tags: [ 'role::apt_preferences' ] 23 | apt_preferences__dependent_list: 24 | - '{{ rabbitmq_server__apt_preferences__dependent_list }}' 25 | 26 | - role: debops.etc_services 27 | tags: [ 'role::etc_services' ] 28 | etc_services__dependent_list: 29 | - '{{ rabbitmq_server__etc_services__dependent_list }}' 30 | 31 | - role: debops.ferm 32 | tags: [ 'role::ferm' ] 33 | ferm__dependent_rules: 34 | - '{{ rabbitmq_server__ferm__dependent_rules }}' 35 | 36 | - role: debops.rabbitmq_server 37 | tags: [ 'role::rabbitmq_server' ] 38 | -------------------------------------------------------------------------------- /playbooks/service/radvd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure Router Advertisement Daemon 4 | hosts: [ 'debops_service_radvd', 'debops_radvd' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.radvd 14 | tags: [ 'role::radvd' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/redis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Redis server 4 | hosts: [ 'debops_service_redis' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ redis__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.etc_services 19 | tags: [ 'role::etc_services' ] 20 | etc_services__dependent_list: 21 | - '{{ redis__etc_services__dependent_list }}' 22 | 23 | - role: debops.ferm 24 | tags: [ 'role::ferm' ] 25 | ferm__dependent_rules: 26 | - '{{ redis__ferm__dependent_rules }}' 27 | 28 | - role: debops.redis 29 | tags: [ 'role::redis' ] 30 | -------------------------------------------------------------------------------- /playbooks/service/reprepro.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage reprepro repositories 4 | hosts: [ 'debops_service_reprepro', 'debops_reprepro' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.reprepro 14 | tags: [ 'role::reprepro' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/resources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage custom resources 4 | hosts: [ 'debops_all_hosts', 'debops_service_resources' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.resources 14 | tags: [ 'role::resources' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/root_account.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage root system account 4 | hosts: [ 'debops_all_hosts', 'debops_service_root_account' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.root_account 14 | tags: [ 'role::root_account' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/rsnapshot.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage rsnapshot service 4 | hosts: [ 'debops_service_rsnapshot', 'debops_service_rsnapshot_rsync', 5 | 'debops_service_rsnapshot_clients', 'debops_service_rsnapshot_servers', 6 | 'debops_rsnapshot', 'debops_rsnapshot_rsync' ] 7 | become: True 8 | 9 | environment: '{{ inventory__environment | d({}) 10 | | combine(inventory__group_environment | d({})) 11 | | combine(inventory__host_environment | d({})) }}' 12 | 13 | roles: 14 | 15 | - role: debops.rsnapshot 16 | tags: [ 'role::rsnapshot' ] 17 | 18 | -------------------------------------------------------------------------------- /playbooks/service/rstudio_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage RStudio Server service 4 | hosts: [ 'debops_service_rstudio_server' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_services 14 | tags: [ 'role::etc_services' ] 15 | etc_services__dependent_list: 16 | - '{{ rstudio_server__etc_services__dependent_list }}' 17 | 18 | - role: debops.apt_preferences 19 | tags: [ 'role::apt_preferences' ] 20 | apt_preferences__dependent_list: 21 | - '{{ nginx__apt_preferences__dependent_list }}' 22 | - '{{ cran__apt_preferences__dependent_list }}' 23 | - '{{ java__apt_preferences__dependent_list 24 | if cran__java_integration|bool else [] }}' 25 | 26 | - role: debops.ferm 27 | tags: [ 'role::ferm' ] 28 | ferm__dependent_rules: 29 | - '{{ nginx__ferm__dependent_rules }}' 30 | 31 | - role: debops.nginx 32 | tags: [ 'role::nginx' ] 33 | nginx__dependent_servers: 34 | - '{{ rstudio_server__nginx__dependent_servers }}' 35 | 36 | - role: debops.java 37 | tags: [ 'role::java' ] 38 | java__install_jdk: True 39 | when: cran__java_integration|bool 40 | 41 | - role: debops.cran 42 | tags: [ 'role::cran' ] 43 | cran__dependent_packages: 44 | - '{{ rstudio_server__cran__dependent_packages }}' 45 | 46 | - role: debops.rstudio_server 47 | tags: [ 'role::rstudio_server' ] 48 | -------------------------------------------------------------------------------- /playbooks/service/rsyslog.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage rsyslog service 4 | hosts: [ 'debops_all_hosts', 'debops_service_rsyslog' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_services 14 | tags: [ 'role::etc_services' ] 15 | etc_services__dependent_list: 16 | - '{{ rsyslog__etc_services__dependent_list }}' 17 | 18 | - role: debops.apt_preferences 19 | tags: [ 'role::apt_preferences' ] 20 | apt_preferences__dependent_list: 21 | - '{{ rsyslog__apt_preferences__dependent_list }}' 22 | 23 | - role: debops.ferm 24 | tags: [ 'role::ferm' ] 25 | ferm__dependent_rules: 26 | - '{{ rsyslog__ferm__dependent_rules }}' 27 | 28 | - role: debops.logrotate 29 | tags: [ 'role::logrotate' ] 30 | logrotate__dependent_config: 31 | - '{{ rsyslog__logrotate__dependent_config }}' 32 | 33 | - role: debops.rsyslog 34 | tags: [ 'role::rsyslog' ] 35 | 36 | -------------------------------------------------------------------------------- /playbooks/service/ruby.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Ruby environment 4 | hosts: [ 'debops_service_ruby', 'debops_ruby' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ ruby__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.ruby 19 | tags: [ 'role::ruby' ] 20 | 21 | -------------------------------------------------------------------------------- /playbooks/service/salt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Salt Master service 4 | hosts: [ 'debops_service_salt' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ salt__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.etc_services 19 | tags: [ 'role::etc_services' ] 20 | etc_services__dependent_list: 21 | - '{{ salt__etc_services__dependent_list }}' 22 | 23 | - role: debops.ferm 24 | tags: [ 'role::ferm' ] 25 | ferm__dependent_rules: 26 | - '{{ salt__ferm__dependent_rules }}' 27 | 28 | - role: debops.salt 29 | tags: [ 'role::salt' ] 30 | -------------------------------------------------------------------------------- /playbooks/service/samba.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Samba service 4 | hosts: [ 'debops_service_samba', 'debops_samba' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ferm 14 | tags: [ 'role::ferm' ] 15 | ferm__dependent_rules: 16 | - '{{ samba__ferm__dependent_rules }}' 17 | 18 | - role: debops.samba 19 | tags: [ 'role::samba' ] 20 | 21 | -------------------------------------------------------------------------------- /playbooks/service/saslauthd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Cyrus SASL authentication service 4 | hosts: [ 'debops_service_saslauthd' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.saslauthd 14 | tags: [ 'role::saslauthd' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/sftpusers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage users with SFTPonly accounts 4 | hosts: [ 'debops_service_sftpusers', 'debops_sftpusers' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.sftpusers 14 | tags: [ 'role::sftpusers' ] 15 | 16 | - role: debops.authorized_keys 17 | tags: [ 'role::authorized_keys' ] 18 | -------------------------------------------------------------------------------- /playbooks/service/sks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage SKS Keyserver 4 | hosts: [ 'debops_service_sks', 'debops_sks' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.sks 14 | tags: [ 'role::sks' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/slapd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage OpenLDAP service 4 | hosts: [ 'debops_service_slapd', 'debops_slapd' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.ferm 14 | tags: [ 'role::ferm' ] 15 | ferm__dependent_rules: 16 | - '{{ slapd_ferm_dependent_rules }}' 17 | 18 | - role: debops.tcpwrappers 19 | tags: [ 'role::tcpwrappers' ] 20 | tcpwrappers_dependent_allow: 21 | - '{{ slapd_tcpwrappers_dependent_allow }}' 22 | 23 | - role: debops.slapd 24 | tags: [ 'role::slapd' ] 25 | 26 | -------------------------------------------------------------------------------- /playbooks/service/smstools.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage SMS Gateway service 4 | hosts: [ 'debops_service_smstools' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.postfix/env 14 | tags: [ 'role::postfix', 'role::secret', 'role::ferm' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::postfix' ] 18 | secret__directories: 19 | - '{{ postfix__secret__directories }}' 20 | 21 | - role: debops.etc_services 22 | tags: [ 'role::etc_services' ] 23 | etc_services__dependent_list: 24 | - '{{ smstools__etc_services__dependent_list }}' 25 | 26 | - role: debops.rsyslog 27 | tags: [ 'role::syslog' ] 28 | 29 | - role: debops.tcpwrappers 30 | tags: [ 'role::tcpwrappers' ] 31 | tcpwrappers__dependent_allow: 32 | - '{{ smstools__tcpwrappers__dependent_allow }}' 33 | 34 | - role: debops.ferm 35 | tags: [ 'role::ferm' ] 36 | ferm__dependent_rules: 37 | - '{{ postfix__ferm__dependent_rules }}' 38 | - '{{ smstools__ferm__dependent_rules }}' 39 | 40 | - role: debops.postfix 41 | tags: [ 'role::postfix' ] 42 | postfix__dependent_maincf: 43 | - role: 'smstools' 44 | config: '{{ smstools__postfix__dependent_maincf }}' 45 | postfix__dependent_mastercf: 46 | - role: 'smstools' 47 | config: '{{ smstools__postfix__dependent_mastercf }}' 48 | 49 | - role: debops.smstools 50 | tags: [ 'role::smstools' ] 51 | -------------------------------------------------------------------------------- /playbooks/service/snmpd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage SNMP service 4 | hosts: [ 'debops_service_snmpd', 'debops_snmpd' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferencesA' ] 15 | apt_preferences__dependent_list: 16 | - '{{ snmpd_apt_preferences_dependent_list }}' 17 | 18 | - role: debops.ferm 19 | tags: [ 'role::ferm' ] 20 | ferm__dependent_rules: 21 | - '{{ snmpd_ferm_dependent_rules }}' 22 | 23 | - role: debops.tcpwrappers 24 | tags: [ 'role::tcpwrappers' ] 25 | tcpwrappers_dependent_allow: 26 | - '{{ snmpd_tcpwrappers_dependent_allow }}' 27 | 28 | - role: debops.snmpd 29 | tags: [ 'role::snmpd' ] 30 | 31 | -------------------------------------------------------------------------------- /playbooks/service/sshd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage OpenSSH Server 4 | hosts: [ 'debops_all_hosts', 'debops_service_sshd' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ sshd__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.ferm 19 | tags: [ 'role::ferm' ] 20 | ferm__dependent_rules: 21 | - '{{ sshd__ferm__dependent_rules }}' 22 | 23 | - role: debops.tcpwrappers 24 | tags: [ 'role::tcpwrappers' ] 25 | tcpwrappers_dependent_allow: 26 | - '{{ sshd__tcpwrappers__dependent_allow }}' 27 | 28 | - role: debops.sshd 29 | tags: [ 'role::sshd' ] 30 | 31 | -------------------------------------------------------------------------------- /playbooks/service/stunnel.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure stunnel 4 | hosts: [ 'debops_service_stunnel', 'debops_stunnel' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.etc_services 14 | tags: [ 'role::etc_services' ] 15 | etc_services_dependent_list: '{{ stunnel_services }}' 16 | 17 | - role: debops.ferm 18 | tags: [ 'role::ferm' ] 19 | ferm_input_dependent_list: '{{ stunnel_services }}' 20 | 21 | - role: debops.tcpwrappers 22 | tags: [ 'role::tcpwrappers' ] 23 | tcpwrappers_dependent_allow: '{{ stunnel_services }}' 24 | 25 | - role: debops.stunnel 26 | tags: [ 'role::stunnel' ] 27 | 28 | -------------------------------------------------------------------------------- /playbooks/service/swapfile.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure swap files 4 | hosts: [ 'debops_service_swapfile' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.swapfile 14 | tags: [ 'role::swapfile' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/sysctl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage kernel parameters using sysctl 4 | hosts: [ 'debops_all_hosts', 'debops_service_sysctl' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.sysctl 14 | tags: [ 'role::sysctl' ] 15 | -------------------------------------------------------------------------------- /playbooks/service/tcpwrappers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage TCP Wrappers 4 | hosts: [ 'debops_all_hosts', 'debops_service_tcpwrappers' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.tcpwrappers 14 | tags: [ 'role::tcpwrappers' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/tftpd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage TFTP service 4 | hosts: [ 'debops_service_tftpd', 'debops_tftpd' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.tftpd 14 | tags: [ 'role::tftpd' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/tgt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage iSCSI Target service 4 | hosts: [ 'debops_service_tgt', 'debops_tgt' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.tgt 14 | tags: [ 'role::tgt' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/tinc-persistent_paths.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure Tinc VPN and ensure persistence 4 | hosts: [ 'debops_service_tinc_persistent_paths', 'debops_service_tinc_aux' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.tinc/env 14 | tags: [ 'role::tinc', 'role::tinc:secret', 'role::secret', 'role::ferm' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::tinc:secret' ] 18 | secret__directories: '{{ tinc__env_secret__directories }}' 19 | 20 | - role: debops.apt_preferences 21 | tags: [ 'role::apt_preferences' ] 22 | apt_preferences__dependent_list: '{{ tinc__apt_preferences__dependent_list }}' 23 | 24 | - role: debops.etc_services 25 | tags: [ 'role::etc_services' ] 26 | etc_services__dependent_list: '{{ tinc__env_etc_services__dependent_list }}' 27 | 28 | - role: debops.ferm 29 | tags: [ 'role::ferm' ] 30 | ferm__dependent_rules: '{{ tinc__env_ferm__dependent_rules }}' 31 | 32 | - role: debops.tinc 33 | tags: [ 'role::tinc' ] 34 | 35 | - role: debops.persistent_paths 36 | tags: [ 'role::persistent_paths' ] 37 | persistent_paths__dependent_paths: '{{ tinc__persistent_paths__dependent_paths }}' 38 | -------------------------------------------------------------------------------- /playbooks/service/tinc-plain.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure Tinc VPN 4 | hosts: [ 'debops_service_tinc', 'debops_service_tinc_aux' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.tinc/env 14 | tags: [ 'role::tinc', 'role::tinc:secret', 'role::secret', 'role::ferm' ] 15 | 16 | - role: debops.secret 17 | tags: [ 'role::secret', 'role::tinc:secret' ] 18 | secret__directories: '{{ tinc__env_secret__directories }}' 19 | 20 | - role: debops.apt_preferences 21 | tags: [ 'role::apt_preferences' ] 22 | apt_preferences__dependent_list: '{{ tinc__apt_preferences__dependent_list }}' 23 | 24 | - role: debops.etc_services 25 | tags: [ 'role::etc_services' ] 26 | etc_services__dependent_list: '{{ tinc__env_etc_services__dependent_list }}' 27 | 28 | - role: debops.ferm 29 | tags: [ 'role::ferm' ] 30 | ferm__dependent_rules: '{{ tinc__env_ferm__dependent_rules }}' 31 | 32 | - role: debops.tinc 33 | tags: [ 'role::tinc' ] 34 | -------------------------------------------------------------------------------- /playbooks/service/tinc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: tinc-plain.yml 4 | 5 | - include: tinc-persistent_paths.yml 6 | -------------------------------------------------------------------------------- /playbooks/service/unattended_upgrades.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage unattended APT upgrades 4 | hosts: [ 'debops_all_hosts', 'debops_service_unattended_upgrades' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.unattended_upgrades 14 | tags: [ 'role::unattended_upgrades' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/service/unbound.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage Unbound, local DNS resolver 4 | hosts: [ 'debops_service_unbound' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.apt_preferences 14 | tags: [ 'role::apt_preferences' ] 15 | apt_preferences__dependent_list: 16 | - '{{ unbound__apt_preferences__dependent_list }}' 17 | 18 | - role: debops.etc_services 19 | tags: [ 'role::etc_services' ] 20 | etc_services__dependent_list: 21 | - '{{ unbound__etc_services__dependent_list }}' 22 | 23 | - role: debops.unbound 24 | tags: [ 'role::unbound' ] 25 | -------------------------------------------------------------------------------- /playbooks/service/users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Manage local users and groups 4 | hosts: [ 'debops_all_hosts', 'debops_service_users' ] 5 | become: True 6 | 7 | environment: '{{ inventory__environment | d({}) 8 | | combine(inventory__group_environment | d({})) 9 | | combine(inventory__host_environment | d({})) }}' 10 | 11 | roles: 12 | 13 | - role: debops.users 14 | tags: [ 'role::users' ] 15 | 16 | -------------------------------------------------------------------------------- /playbooks/site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # This is main entry point for DebOps playbooks. By default 'debops' script 4 | # accesses this playbook; with command line arguments you can access 5 | # sub-playbooks separately for a lighter ansible-playbook run, if needed. 6 | 7 | 8 | # This playbook contains roles that are run on all hosts in the inventory 9 | # - common services like SMTP server, administrative tasks, authentication 10 | # and authorization control, system services used by other applications like 11 | # firewall, etc. 12 | - include: common.yml 13 | 14 | # This playbook manages internal system plumbing expected on the host by 15 | # services, like user accounts, NFS mounts from remote hosts, and so on. 16 | # Everything that is not common, but enabled on a per group/host basis. 17 | - include: sys.yml 18 | 19 | # This playbook manages different programming language environments available 20 | # on each host, enabled using Ansible groups. 21 | - include: env.yml 22 | 23 | # This playbook manages network infrastructure, like creation and management 24 | # of separate subnets, DNS, DHCP services, routing configuration, etc. 25 | - include: net.yml 26 | 27 | # This playbook manages system services enabled using Ansible groups, like 28 | # databases, webservers, application servers, and so on. 29 | - include: srv.yml 30 | 31 | # This playbook contains plays which install and manage more complex 32 | # applications which can use multiple services at a time, or are user-facing 33 | # applications like webservices. 34 | - include: app.yml 35 | 36 | # This playbook manages virtualized environments installed on hosts, like 37 | # OpenVZ Hardware Nodes, support for LXC containers in a host, or support for 38 | # KVM virtual machines. This is meant for the host-side of the virtualization 39 | # support, guest-side is managed by the rest of the playbook without the use 40 | # of the plays contained here. 41 | - include: virt.yml 42 | 43 | # This playbook manages hardware-related roles - device management, disk 44 | # partitioning, hardware monitoring, kernel management, any roles that would 45 | # require a reboot. 46 | - include: hw.yml 47 | -------------------------------------------------------------------------------- /playbooks/srv.yml: -------------------------------------------------------------------------------- 1 | 2 | - include: srv/all.yml 3 | 4 | -------------------------------------------------------------------------------- /playbooks/srv/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: etc_aliases.yml 4 | 5 | - include: hashicorp.yml 6 | 7 | - include: apt_cacher_ng.yml 8 | 9 | - include: docker_gen.yml 10 | 11 | - include: gunicorn.yml 12 | 13 | - include: postfix.yml 14 | 15 | - include: saslauthd.yml 16 | 17 | - include: dovecot.yml 18 | 19 | - include: postscreen.yml 20 | 21 | - include: postwhite.yml 22 | 23 | - include: postconf.yml 24 | 25 | - include: opendkim.yml 26 | 27 | - include: apache.yml 28 | 29 | - include: nginx.yml 30 | 31 | - include: mosquitto.yml 32 | 33 | - include: snmpd.yml 34 | 35 | - include: monit.yml 36 | 37 | - include: tftpd.yml 38 | 39 | - include: samba.yml 40 | 41 | - include: tgt.yml 42 | 43 | - include: mariadb_server.yml 44 | 45 | - include: mariadb.yml 46 | 47 | - include: mysql.yml 48 | 49 | - include: postgresql_server.yml 50 | 51 | - include: postgresql.yml 52 | 53 | - include: elastic_co.yml 54 | 55 | - include: elasticsearch.yml 56 | 57 | - include: kibana.yml 58 | 59 | - include: rabbitmq_server.yml 60 | 61 | - include: rabbitmq_management.yml 62 | 63 | - include: memcached.yml 64 | 65 | - include: redis.yml 66 | 67 | - include: reprepro.yml 68 | 69 | - include: smstools.yml 70 | 71 | - include: salt.yml 72 | 73 | - include: fail2ban.yml 74 | -------------------------------------------------------------------------------- /playbooks/srv/apache.yml: -------------------------------------------------------------------------------- 1 | ../service/apache.yml -------------------------------------------------------------------------------- /playbooks/srv/apt_cacher_ng.yml: -------------------------------------------------------------------------------- 1 | ../service/apt_cacher_ng.yml -------------------------------------------------------------------------------- /playbooks/srv/docker_gen.yml: -------------------------------------------------------------------------------- 1 | ../service/docker_gen.yml -------------------------------------------------------------------------------- /playbooks/srv/dovecot.yml: -------------------------------------------------------------------------------- 1 | ../service/dovecot.yml -------------------------------------------------------------------------------- /playbooks/srv/elastic_co.yml: -------------------------------------------------------------------------------- 1 | ../service/elastic_co.yml -------------------------------------------------------------------------------- /playbooks/srv/elasticsearch.yml: -------------------------------------------------------------------------------- 1 | ../service/elasticsearch.yml -------------------------------------------------------------------------------- /playbooks/srv/etc_aliases.yml: -------------------------------------------------------------------------------- 1 | ../service/etc_aliases.yml -------------------------------------------------------------------------------- /playbooks/srv/fail2ban.yml: -------------------------------------------------------------------------------- 1 | ../service/fail2ban.yml -------------------------------------------------------------------------------- /playbooks/srv/gunicorn.yml: -------------------------------------------------------------------------------- 1 | ../service/gunicorn.yml -------------------------------------------------------------------------------- /playbooks/srv/hashicorp.yml: -------------------------------------------------------------------------------- 1 | ../service/hashicorp.yml -------------------------------------------------------------------------------- /playbooks/srv/kibana.yml: -------------------------------------------------------------------------------- 1 | ../service/kibana.yml -------------------------------------------------------------------------------- /playbooks/srv/mariadb.yml: -------------------------------------------------------------------------------- 1 | ../service/mariadb.yml -------------------------------------------------------------------------------- /playbooks/srv/mariadb_server.yml: -------------------------------------------------------------------------------- 1 | ../service/mariadb_server.yml -------------------------------------------------------------------------------- /playbooks/srv/memcached.yml: -------------------------------------------------------------------------------- 1 | ../service/memcached.yml -------------------------------------------------------------------------------- /playbooks/srv/monit.yml: -------------------------------------------------------------------------------- 1 | ../service/monit.yml -------------------------------------------------------------------------------- /playbooks/srv/mosquitto-nginx.yml: -------------------------------------------------------------------------------- 1 | ../service/mosquitto-nginx.yml -------------------------------------------------------------------------------- /playbooks/srv/mosquitto-plain.yml: -------------------------------------------------------------------------------- 1 | ../service/mosquitto-plain.yml -------------------------------------------------------------------------------- /playbooks/srv/mosquitto.yml: -------------------------------------------------------------------------------- 1 | ../service/mosquitto.yml -------------------------------------------------------------------------------- /playbooks/srv/mysql.yml: -------------------------------------------------------------------------------- 1 | ../service/mysql.yml -------------------------------------------------------------------------------- /playbooks/srv/nginx.yml: -------------------------------------------------------------------------------- 1 | ../service/nginx.yml -------------------------------------------------------------------------------- /playbooks/srv/opendkim.yml: -------------------------------------------------------------------------------- 1 | ../service/opendkim.yml -------------------------------------------------------------------------------- /playbooks/srv/postconf.yml: -------------------------------------------------------------------------------- 1 | ../service/postconf.yml -------------------------------------------------------------------------------- /playbooks/srv/postfix.yml: -------------------------------------------------------------------------------- 1 | ../service/postfix.yml -------------------------------------------------------------------------------- /playbooks/srv/postgresql.yml: -------------------------------------------------------------------------------- 1 | ../service/postgresql.yml -------------------------------------------------------------------------------- /playbooks/srv/postgresql_server.yml: -------------------------------------------------------------------------------- 1 | ../service/postgresql_server.yml -------------------------------------------------------------------------------- /playbooks/srv/postscreen.yml: -------------------------------------------------------------------------------- 1 | ../service/postscreen.yml -------------------------------------------------------------------------------- /playbooks/srv/postwhite.yml: -------------------------------------------------------------------------------- 1 | ../service/postwhite.yml -------------------------------------------------------------------------------- /playbooks/srv/rabbitmq_management.yml: -------------------------------------------------------------------------------- 1 | ../service/rabbitmq_management.yml -------------------------------------------------------------------------------- /playbooks/srv/rabbitmq_server.yml: -------------------------------------------------------------------------------- 1 | ../service/rabbitmq_server.yml -------------------------------------------------------------------------------- /playbooks/srv/redis.yml: -------------------------------------------------------------------------------- 1 | ../service/redis.yml -------------------------------------------------------------------------------- /playbooks/srv/reprepro.yml: -------------------------------------------------------------------------------- 1 | ../service/reprepro.yml -------------------------------------------------------------------------------- /playbooks/srv/salt.yml: -------------------------------------------------------------------------------- 1 | ../service/salt.yml -------------------------------------------------------------------------------- /playbooks/srv/samba.yml: -------------------------------------------------------------------------------- 1 | ../service/samba.yml -------------------------------------------------------------------------------- /playbooks/srv/saslauthd.yml: -------------------------------------------------------------------------------- 1 | ../service/saslauthd.yml -------------------------------------------------------------------------------- /playbooks/srv/smstools.yml: -------------------------------------------------------------------------------- 1 | ../service/smstools.yml -------------------------------------------------------------------------------- /playbooks/srv/snmpd.yml: -------------------------------------------------------------------------------- 1 | ../service/snmpd.yml -------------------------------------------------------------------------------- /playbooks/srv/tftpd.yml: -------------------------------------------------------------------------------- 1 | ../service/tftpd.yml -------------------------------------------------------------------------------- /playbooks/srv/tgt.yml: -------------------------------------------------------------------------------- 1 | ../service/tgt.yml -------------------------------------------------------------------------------- /playbooks/sys.yml: -------------------------------------------------------------------------------- 1 | 2 | - include: sys/all.yml 3 | 4 | -------------------------------------------------------------------------------- /playbooks/sys/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: swapfile.yml 4 | 5 | - include: lvm.yml 6 | 7 | - include: nfs_server.yml 8 | 9 | - include: nfs.yml 10 | 11 | - include: gitusers.yml 12 | 13 | - include: sftpusers.yml 14 | 15 | - include: slapd.yml 16 | 17 | - include: iscsi.yml 18 | 19 | - include: cryptsetup.yml 20 | 21 | - include: persistent_paths.yml 22 | -------------------------------------------------------------------------------- /playbooks/sys/cryptsetup-persistent_paths.yml: -------------------------------------------------------------------------------- 1 | ../service/cryptsetup-persistent_paths.yml -------------------------------------------------------------------------------- /playbooks/sys/cryptsetup-plain.yml: -------------------------------------------------------------------------------- 1 | ../service/cryptsetup-plain.yml -------------------------------------------------------------------------------- /playbooks/sys/cryptsetup.yml: -------------------------------------------------------------------------------- 1 | ../service/cryptsetup.yml -------------------------------------------------------------------------------- /playbooks/sys/gitusers.yml: -------------------------------------------------------------------------------- 1 | ../service/gitusers.yml -------------------------------------------------------------------------------- /playbooks/sys/iscsi.yml: -------------------------------------------------------------------------------- 1 | ../service/iscsi.yml -------------------------------------------------------------------------------- /playbooks/sys/lvm.yml: -------------------------------------------------------------------------------- 1 | ../service/lvm.yml -------------------------------------------------------------------------------- /playbooks/sys/nfs.yml: -------------------------------------------------------------------------------- 1 | ../service/nfs.yml -------------------------------------------------------------------------------- /playbooks/sys/nfs_server.yml: -------------------------------------------------------------------------------- 1 | ../service/nfs_server.yml -------------------------------------------------------------------------------- /playbooks/sys/persistent_paths.yml: -------------------------------------------------------------------------------- 1 | ../service/persistent_paths.yml -------------------------------------------------------------------------------- /playbooks/sys/sftpusers.yml: -------------------------------------------------------------------------------- 1 | ../service/sftpusers.yml -------------------------------------------------------------------------------- /playbooks/sys/slapd.yml: -------------------------------------------------------------------------------- 1 | ../service/slapd.yml -------------------------------------------------------------------------------- /playbooks/sys/swapfile.yml: -------------------------------------------------------------------------------- 1 | ../service/swapfile.yml -------------------------------------------------------------------------------- /playbooks/tools/6to4.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # DebOps playbook: tools/6to4 4 | # (C) 2014 Maciej Delmanowski 5 | # Homepage: https://debops.org/ 6 | # 7 | # This playbook sets up and enables IPv6 6to4 tunnel interface to connect your 8 | # IPv4 host to IPv6 network. More information about 6to4 transition mechanism: 9 | # https://en.wikipedia.org/wiki/6to4 10 | # 11 | # This playbook requires 'ipaddr()' Ansible filter plugin, available in 12 | # https://github.com/debops/debops-playbooks/ repository. 13 | 14 | 15 | - name: Configure and enable IPv6 6to4 tunnel 16 | hosts: debops_6to4 17 | become: True 18 | 19 | vars: 20 | 21 | # Default 6to4 interface name 22 | debops_6to4_var_iface: '{{ debops_6to4_iface | default("6to4") }}' 23 | 24 | # IPv4 interface which will be used to calculate 6to4 addres 25 | debops_6to4_var_ipv4_interface: '{{ debops_6to4_ipv4_interface | default(ansible_default_ipv4.interface) }}' 26 | 27 | # IPv6 address converted from IPv4 public address 28 | debops_6to4_var_ipv6_address: '{{ hostvars[inventory_hostname]["ansible_" + debops_6to4_var_ipv4_interface].ipv4.address | ipv4("6to4") }}' 29 | 30 | 31 | pre_tasks: 32 | 33 | - name: Make sure that host has a public IPv4 address 34 | assert: 35 | that: [ '{{ debops_6to4_var_ipv6_address != "False" }}' ] 36 | 37 | 38 | roles: 39 | 40 | - role: debops.ifupdown 41 | tags: ifupdown 42 | ifupdown_dependent_interfaces: 43 | 44 | - iface: '{{ debops_6to4_var_iface }}' 45 | type: '6to4' 46 | tunnel_6to4_ipv4_interface: '{{ debops_6to4_var_ipv4_interface }}' 47 | filename: 'debops_6to4_tunnel_{{ debops_6to4_var_ipv4_interface }}' 48 | weight: '30' 49 | 50 | - role: debops.ferm 51 | tags: ferm 52 | ferm_input_dependent_list: 53 | 54 | - type: 'custom' 55 | dport: [] 56 | by_role: 'DebOps playbook: net/ipv6/6to4' 57 | filename: 'debops_6to4_tunnel_{{ debops_6to4_var_ipv4_interface }}' 58 | weight: '30' 59 | rules: | 60 | {% if debops_6to4_var_ipv6_address is defined and debops_6to4_var_ipv6_address %} 61 | # Allow IPv6-in-IPv4 traffic 62 | @if @eq($DOMAIN, ip) protocol ipv6 interface {{ debops_6to4_var_ipv4_interface }} ACCEPT; 63 | {% else %} 64 | # IPv6-in-IPv4 traffic not allowed 65 | {% endif %} 66 | 67 | -------------------------------------------------------------------------------- /playbooks/tools/debug.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Debug host variables 3 | hosts: all 4 | tasks: 5 | - name: Display all variables/facts known for a host 6 | debug: var=hostvars[inventory_hostname] 7 | -------------------------------------------------------------------------------- /playbooks/virt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: virt/all.yml 4 | 5 | -------------------------------------------------------------------------------- /playbooks/virt/all.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: lxc.yml 4 | 5 | - include: docker.yml 6 | 7 | - include: libvirtd.yml 8 | 9 | - include: libvirtd_qemu.yml 10 | 11 | - include: libvirt.yml 12 | 13 | - include: openvz.yml 14 | 15 | -------------------------------------------------------------------------------- /playbooks/virt/docker.yml: -------------------------------------------------------------------------------- 1 | ../service/docker.yml -------------------------------------------------------------------------------- /playbooks/virt/libvirt.yml: -------------------------------------------------------------------------------- 1 | ../service/libvirt.yml -------------------------------------------------------------------------------- /playbooks/virt/libvirtd.yml: -------------------------------------------------------------------------------- 1 | ../service/libvirtd.yml -------------------------------------------------------------------------------- /playbooks/virt/libvirtd_qemu.yml: -------------------------------------------------------------------------------- 1 | ../service/libvirtd_qemu.yml -------------------------------------------------------------------------------- /playbooks/virt/lxc.yml: -------------------------------------------------------------------------------- 1 | ../service/lxc.yml -------------------------------------------------------------------------------- /playbooks/virt/openvz.yml: -------------------------------------------------------------------------------- 1 | ../service/openvz.yml -------------------------------------------------------------------------------- /scripts/get_all_referenced_roles: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ## @author Copyright (C) 2016 Robin Schneider 3 | ## @license GPL-3.0 4 | 5 | ## Go into the directory where this script is stored. 6 | cd "$( dirname "${BASH_SOURCE[0]}" )" || exit 7 | 8 | ## Get all files, independently what the current subdirectory is. 9 | cd "$(git rev-parse --show-toplevel)" || exit 10 | ( 11 | git ls-files -z | xargs --null -I '{}' find '{}' -type f -name '*.yml' -print0 | xargs --null egrep --no-filename -e '^\s{4}-\s?role:\s?[^/]+$$' | sed --regexp-extended 's/.*?:\s+//' 12 | test -r galaxy/requirements-manual.txt && grep --invert-match '^\s*#' galaxy/requirements-manual.txt 13 | ) | sort -u 14 | --------------------------------------------------------------------------------