diff options
| -rw-r--r-- | TODO.txt | 1 | ||||
| -rw-r--r-- | roles/certificate/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/dotfiles/tasks/main.yml | 34 | ||||
| -rw-r--r-- | roles/nginx/tasks/main.yml | 4 | ||||
| -rw-r--r-- | roles/sshd/tasks/main.yml | 6 | ||||
| -rw-r--r-- | roles/sudo/tasks/main.yml | 4 |
6 files changed, 25 insertions, 26 deletions
@@ -1,6 +1,5 @@ TODO -* Fix quotes: use either single quotes or double quotes. * Enable linters: ansible-lint, yamllint. * Enable IPv6 for wireguard. * Setup L2TP/IPsec VPN server. diff --git a/roles/certificate/tasks/main.yml b/roles/certificate/tasks/main.yml index a736e6b..1456fe2 100644 --- a/roles/certificate/tasks/main.yml +++ b/roles/certificate/tasks/main.yml @@ -12,7 +12,7 @@ --rsa-key-size 4096 \ -d {{ domains | join(' -d ') }} args: - creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem' + creates: /etc/letsencrypt/live/{{ domains | first }}/fullchain.pem # TODO: rewrite this role or make it more generic. # diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml index beb8aeb..f34335f 100644 --- a/roles/dotfiles/tasks/main.yml +++ b/roles/dotfiles/tasks/main.yml @@ -16,13 +16,13 @@ - name: Copy bash_profile to home directory ansible.builtin.copy: src: misc/dotfiles/bash_profile - dest: "~{{ user }}/.bash_profile" + dest: ~{{ user }}/.bash_profile when: has_bash.rc == 0 - name: Template bashrc to home directory ansible.builtin.template: src: misc/dotfiles/bashrc.j2 - dest: "~{{ user }}/.bashrc" + dest: ~{{ user }}/.bashrc when: has_bash.rc == 0 - name: Configure vim if installed @@ -37,7 +37,7 @@ - name: Copy vimrc to home directory ansible.builtin.copy: src: misc/dotfiles/vimrc - dest: "~{{ user }}/.vimrc" + dest: ~{{ user }}/.vimrc when: has_vim.rc == 0 - name: Configure screen if installed @@ -52,7 +52,7 @@ - name: Template screenrc to home directory ansible.builtin.template: src: misc/dotfiles/screenrc.j2 - dest: "~{{ user }}/.screenrc" + dest: ~{{ user }}/.screenrc # For some reason screen's exit status is 1 for --version. when: has_screen.rc == 1 @@ -67,25 +67,25 @@ - name: Setup ssh directory ansible.builtin.file: - path: "~{{ user }}/.ssh" + path: ~{{ user }}/.ssh state: directory - owner: "{{ user }}" + owner: '{{ user }}' mode: u+rw,g-rw,o-rw when: has_ssh.rc == 0 - name: Template ssh config to home directory ansible.builtin.template: src: misc/dotfiles/ssh/config.j2 - dest: "~{{ user }}/.ssh/config" - owner: "{{ user }}" + dest: ~{{ user }}/.ssh/config + owner: '{{ user }}' mode: u+rw,g-rw,o-rw when: has_ssh.rc == 0 - name: Copy ssh rc to home directory ansible.builtin.copy: src: misc/dotfiles/ssh/rc - dest: "~{{ user }}/.ssh/rc" - owner: "{{ user }}" + dest: ~{{ user }}/.ssh/rc + owner: '{{ user }}' mode: u+rwx,g-rw,o-rw when: - has_ssh.rc == 0 @@ -103,7 +103,7 @@ - name: Copy gitconfig to home directory ansible.builtin.copy: src: misc/dotfiles/gitconfig - dest: "~{{ user }}/.gitconfig" + dest: ~{{ user }}/.gitconfig when: has_git.rc == 0 - name: Configure gdb if installed @@ -118,7 +118,7 @@ - name: Copy gdbinit to home directory ansible.builtin.copy: src: misc/dotfiles/gdbinit - dest: "~{{ user }}/.gdbinit" + dest: ~{{ user }}/.gdbinit when: has_gdb.rc == 0 - name: Configure mutt if installed @@ -133,7 +133,7 @@ - name: Copy muttrc to home directory ansible.builtin.copy: src: misc/dotfiles/muttrc - dest: "~{{ user }}/.muttrc" + dest: ~{{ user }}/.muttrc when: has_mutt.rc == 0 - name: Copy templates files if necessary @@ -153,19 +153,19 @@ - name: Setup templates directory ansible.builtin.file: - path: "~{{ user }}/.templates" + path: ~{{ user }}/.templates state: directory - owner: "{{ user }}" + owner: '{{ user }}' when: has_cpp.rc == 0 or has_python.rc == 0 - name: Copy template.cpp to home directory ansible.builtin.copy: src: misc/dotfiles/templates/template.cpp - dest: "~{{ user }}/.templates/template.cpp" + dest: ~{{ user }}/.templates/template.cpp when: has_cpp.rc == 0 - name: Copy template.py to home directory ansible.builtin.copy: src: misc/dotfiles/templates/template.py - dest: "~{{ user }}/.templates/template.py" + dest: ~{{ user }}/.templates/template.py when: has_python.rc == 0 diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 71e0aee..bfb38e4 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -45,8 +45,8 @@ - name: Copy nginx certificate renewal hook ansible.builtin.copy: - src: 'files/hooks/{{ item }}/nginx.sh' - dest: '/etc/letsencrypt/renewal-hooks/{{ item }}/nginx.sh' + src: files/hooks/{{ item }}/nginx.sh + dest: /etc/letsencrypt/renewal-hooks/{{ item }}/nginx.sh owner: root group: root mode: u+rwx,g+r,o+r diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 1991564..1c099ad 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -2,9 +2,9 @@ ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config state: present - regexp: '^#?PasswordAuthentication' - line: 'PasswordAuthentication no' - validate: "/usr/sbin/sshd -t -f %s" + regexp: ^#?PasswordAuthentication + line: PasswordAuthentication no + validate: /usr/sbin/sshd -t -f %s owner: root group: root mode: u+r,g+r,o+r diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml index e2d4861..2837aa7 100644 --- a/roles/sudo/tasks/main.yml +++ b/roles/sudo/tasks/main.yml @@ -10,7 +10,7 @@ state: present regexp: '^(# )?%wheel ALL=\(ALL:ALL\) NOPASSWD: ALL' line: '%wheel ALL=(ALL:ALL) NOPASSWD: ALL' - validate: "visudo -cf %s" + validate: visudo -cf %s owner: root group: root mode: u+r,g+r,o-rwx @@ -25,7 +25,7 @@ /usr/sbin:/usr/bin:/sbin:/bin\"" line: "Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:\ /usr/sbin:/usr/bin:/sbin:/bin\"" - validate: "visudo -cf %s" + validate: visudo -cf %s owner: root group: root mode: u+r,g+r,o-rwx |