Add base_config and deploy_systemd_journal_config

2025-01-19 20:30:05 +01:00 · 2025-01-19 20:30:05 +01:00 · 328ec744cc
commit 328ec744cc
parent 93212e2248
6 changed files with 48 additions and 18 deletions
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@ -51,6 +51,21 @@ all:
          ansible_host: zammad-intern.hamburg.ccc.de
          ansible_user: chaos
          ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
+    base_config_hosts:
+      hosts:
+        ccchoir:
+        cloud:
+        grafana:
+        keycloak:
+        lists:
+        mumble:
+        onlyoffice:
+        pad:
+        pretalx:
+        public-reverse-proxy:
+        tickets:
+        wiki:
+        zammad:
    docker_compose_hosts:
      hosts:
        ccchoir:
@ -82,21 +97,6 @@ all:
    public_reverse_proxy_hosts:
      hosts:
        public-reverse-proxy:
-    ssh_server_config_hosts:
-      hosts:
-        ccchoir:
-        cloud:
-        grafana:
-        keycloak:
-        lists:
-        mumble:
-        onlyoffice:
-        pad:
-        pretalx:
-        public-reverse-proxy:
-        tickets:
-        wiki:
-        zammad:
    certbot_hosts:
      hosts:
        ccchoir:
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@ -1,8 +1,8 @@
 ---
- name: Ensure SSH server config deployment on ssh_server_config_hosts
-  hosts: ssh_server_config_hosts
+- name: Ensure base config is deployment on base_config_hosts
+  hosts: base_config_hosts
  roles:
-    - deploy_ssh_server_config
+    - base_config

 - name: Ensure deployment of infrastructure authorized keys
  hosts: infrastructure_authorized_keys_hosts
--- a/roles/base_config/meta/main.yaml
+++ b/roles/base_config/meta/main.yaml
@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: deploy_ssh_server_config
+  - role: deploy_systemd_journal_config
--- a/roles/deploy_systemd_journal_config/files/10-ccchh.conf
+++ b/roles/deploy_systemd_journal_config/files/10-ccchh.conf
@ -0,0 +1,3 @@
+[Journal]
+MaxFileSec=2day
+MaxRetentionSec=2week
--- a/roles/deploy_systemd_journal_config/handlers/main.yaml
+++ b/roles/deploy_systemd_journal_config/handlers/main.yaml
@ -0,0 +1,5 @@
+- name: Restart `systemd-journald.service`
+  ansible.builtin.systemd:
+    name: systemd-journald.service
+    state: restarted
+  become: true
--- a/roles/deploy_systemd_journal_config/tasks/main.yaml
+++ b/roles/deploy_systemd_journal_config/tasks/main.yaml
@ -0,0 +1,18 @@
+- name: Create 'journald.conf.d' directory if it does not exist
+  ansible.builtin.file:
+    path: "/etc/systemd/journald.conf.d"
+    state: directory
+    mode: '0644'
+    owner: root
+    group: root
+  become: true
+
+- name: make sure the custom configuration file is deployed
+  ansible.builtin.copy:
+    src: "10-ccchh.conf"
+    dest: "/etc/systemd/journald.conf.d/10-ccchh.conf"
+    mode: "0644"
+    owner: root
+    group: root
+  become: true
+  notify: Restart `systemd-journald.service`