diff --git a/README.md b/README.md index 6906a7f..68c92b4 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,3 @@ Im Ansible-Repo müssen diese Sachen hinzugefügt werden: * Individuelle Config für den Service. Wenn Docker Compose, hier weiterleiten auf den eigentlichen Dienst in Compose. * Cert-Dateinamen anpassen * `resources/chaosknoten/`*host*`/docker_compose/compose.yaml.j2`: Config für Docker Compose (wenn verwendet) - -## License - -This CCCHH ansible-ccchh repository is licensed under the [MIT License](./LICENSE). -[`custom_pipeline_oidc_group_and_role_mapping.py`](./roles/netbox/files/custom_pipeline_oidc_group_and_role_mapping.py) is licensed under the Creative Commons: CC BY-SA 4.0 license. diff --git a/inventories/chaosknoten/host_vars/netbox.yaml b/inventories/chaosknoten/host_vars/netbox.yaml deleted file mode 100644 index 2304112..0000000 --- a/inventories/chaosknoten/host_vars/netbox.yaml +++ /dev/null @@ -1,16 +0,0 @@ -netbox__version: "v4.1.7" -netbox__db_password: "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}" -netbox__config: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/netbox/netbox/configuration.py.j2') }}" -netbox__custom_pipeline_oidc_group_and_role_mapping: true - -nginx__version_spec: "" -nginx__configurations: - - name: netbox.hamburg.ccc.de - content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/netbox/nginx/netbox.hamburg.ccc.de.conf') }}" - -certbot__version_spec: "" -certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz -certbot__certificate_domains: - - "netbox.hamburg.ccc.de" -certbot__new_cert_commands: - - "systemctl reload nginx.service" diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index 0f10bea..911a87d 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -32,10 +32,6 @@ all: mumble: ansible_host: mumble.hamburg.ccc.de ansible_user: chaos - netbox: - ansible_host: netbox-intern.hamburg.ccc.de - ansible_user: chaos - ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de onlyoffice: ansible_host: onlyoffice-intern.hamburg.ccc.de ansible_user: chaos @@ -68,7 +64,6 @@ all: keycloak: lists: mumble: - netbox: onlyoffice: pad: pretalx: @@ -99,7 +94,6 @@ all: keycloak: lists: mumble: - netbox: onlyoffice: pad: pretalx: @@ -118,7 +112,6 @@ all: keycloak: lists: mumble: - netbox: onlyoffice: pad: pretalx: @@ -130,7 +123,6 @@ all: eh22-wiki: tickets: keycloak: - netbox: onlyoffice: pad: pretalx: @@ -144,7 +136,6 @@ all: tickets: cloud: keycloak: - netbox: onlyoffice: pad: pretalx: @@ -155,6 +146,3 @@ all: hosts: eh22-wiki: wiki: - netbox_hosts: - hosts: - netbox: diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index 66f03de..da2937f 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -29,11 +29,6 @@ roles: - dokuwiki -- name: Ensure NetBox deployment on netbox_hosts - hosts: netbox_hosts - roles: - - netbox - - name: Ensure NGINX deployment on nginx_hosts, which are also public_reverse_proxy_hosts, before certbot role runs hosts: nginx_hosts:&public_reverse_proxy_hosts roles: diff --git a/resources/chaosknoten/netbox/netbox/configuration.py.j2 b/resources/chaosknoten/netbox/netbox/configuration.py.j2 deleted file mode 100644 index 789a539..0000000 --- a/resources/chaosknoten/netbox/netbox/configuration.py.j2 +++ /dev/null @@ -1,60 +0,0 @@ -ALLOWED_HOSTS = [ "netbox.hamburg.ccc.de" ] -DATABASE = { - "HOST": "localhost", - "NAME": "netbox", - "USER": "netbox", - "PASSWORD": "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/DATABASE_PASSWORD', create=false, missing='error') }}", -} -REDIS = { - "tasks": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 0, - "SSL": False, - }, - "caching": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 1, - "SSL": False, - }, -} -SECRET_KEY = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SECRET_KEY', create=false, missing='error') }}" -SESSION_COOKIE_SECURE = True - -# CCCHH ID (Keycloak) integration. -# https://github.com/python-social-auth/social-core/blob/0925304a9e437f8b729862687d3a808c7fb88a95/social_core/backends/keycloak.py#L7 -# https://python-social-auth.readthedocs.io/en/latest/backends/keycloak.html -REMOTE_AUTH_BACKEND = "social_core.backends.keycloak.KeycloakOAuth2" -SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = ( - "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/token" -) -SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = ( - "https://id.hamburg.ccc.de/realms/ccchh/protocol/openid-connect/auth" -) -SOCIAL_AUTH_KEYCLOAK_KEY = "netbox" -SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/Shi+b2OyYNGVFPsa6qf9SesEpRl5U5rpwgmt8H7NawMvwpPUYVW9o46QW0ulYcDmysT3BzpP3tagO/SFNoOjZdYe0D9nJ7vEp8KHbzR09KCfkyQIi0wLssKnDotVHL5JeUY+iKk+gjiwF9FSFSHPBqsST7hXVAut9LkOvs2aDod9AzbTH/uYbt4wfUm5l/1Ii8D+K7YcsFGUIqxv4XS/ylKqObqN4M2dac69iIwapoh6reaBQEm66vrOzJ+3yi4DZuPrkShJqi2hddtoyZihyCkF+eJJKEI5LrBf1KZB3Ec2YUrqk93ZGUGs/XY6R87QSfR3hJ82B1wnF+c2pw+QIDAQAB" -SOCIAL_AUTH_KEYCLOAK_SECRET = "{{ lookup('community.general.passwordstore', 'noc/vm-secrets/chaosknoten/netbox/SOCIAL_AUTH_KEYCLOAK_SECRET', create=false, missing='error') }}" -# Use custom OIDC group and role mapping pipeline functions added in via -# netbox__custom_pipeline_oidc_group_and_role_mapping. -# The default pipeline this is based on can be found here: -# https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py -SOCIAL_AUTH_PIPELINE = [ - "social_core.pipeline.social_auth.social_details", - "social_core.pipeline.social_auth.social_uid", - "social_core.pipeline.social_auth.social_user", - "social_core.pipeline.user.get_username", - "social_core.pipeline.user.create_user", - "social_core.pipeline.social_auth.associate_user", - "netbox.authentication.user_default_groups_handler", - "social_core.pipeline.social_auth.load_extra_data", - "social_core.pipeline.user.user_details", - # Custom OIDC group and role mapping functions. - "netbox.custom_pipeline_oidc_mapping.add_groups", - "netbox.custom_pipeline_oidc_mapping.remove_groups", - "netbox.custom_pipeline_oidc_mapping.set_roles", -] diff --git a/resources/chaosknoten/netbox/nginx/netbox.hamburg.ccc.de.conf b/resources/chaosknoten/netbox/nginx/netbox.hamburg.ccc.de.conf deleted file mode 100644 index 5550686..0000000 --- a/resources/chaosknoten/netbox/nginx/netbox.hamburg.ccc.de.conf +++ /dev/null @@ -1,48 +0,0 @@ -# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration -# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 -server { - # Listen on a custom port for the proxy protocol. - listen 8443 ssl http2 proxy_protocol; - # Make use of the ngx_http_realip_module to set the $remote_addr and - # $remote_port to the client address and client port, when using proxy - # protocol. - # First set our proxy protocol proxy as trusted. - set_real_ip_from 172.31.17.140; - # Then tell the realip_module to get the addreses from the proxy protocol - # header. - real_ip_header proxy_protocol; - - server_name netbox.hamburg.ccc.de; - - ssl_certificate /etc/letsencrypt/live/netbox.hamburg.ccc.de/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/netbox.hamburg.ccc.de/privkey.pem; - # verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/netbox.hamburg.ccc.de/chain.pem; - - # HSTS (ngx_http_headers_module is required) (63072000 seconds) - add_header Strict-Transport-Security "max-age=63072000" always; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Port 443; - # This is https in any case. - proxy_set_header X-Forwarded-Proto https; - # Hide the X-Forwarded header. - proxy_hide_header X-Forwarded; - # Assume we are the only Reverse Proxy (well using Proxy Protocol, but that - # is transparent). - # Also provide "_hidden" for by, since it's not relevant. - proxy_set_header Forwarded "for=$remote_addr;proto=https;host=$host;by=_hidden"; - - client_max_body_size 25m; - - location /static/ { - alias /opt/netbox/netbox/static/; - } - - location / { - proxy_pass http://127.0.0.1:8001; - } -} diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf index c3f9fed..d5ae146 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf @@ -17,7 +17,7 @@ map $host $upstream_acme_challenge_host { invite.hamburg.ccc.de 172.31.17.144:31820; keycloak-admin.hamburg.ccc.de 172.31.17.144:31820; matrix.hamburg.ccc.de 172.31.17.150:31820; - netbox.hamburg.ccc.de 172.31.17.167:31820; + netbox.hamburg.ccc.de 172.31.17.149:31820; onlyoffice.hamburg.ccc.de 172.31.17.147:31820; pad.hamburg.ccc.de 172.31.17.141:31820; pretalx.hamburg.ccc.de 172.31.17.157:31820; diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf index dfcf8d2..0529f4c 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf @@ -32,7 +32,7 @@ stream { onlyoffice.hamburg.ccc.de 172.31.17.147:8443; hackertours.hamburg.ccc.de 172.31.17.151:8443; staging.hackertours.hamburg.ccc.de 172.31.17.151:8443; - netbox.hamburg.ccc.de 172.31.17.167:8443; + netbox.hamburg.ccc.de 172.31.17.149:8443; matrix.hamburg.ccc.de 172.31.17.150:8443; element.hamburg.ccc.de 172.31.17.151:8443; branding-resources.hamburg.ccc.de 172.31.17.151:8443; diff --git a/roles/netbox/README.md b/roles/netbox/README.md deleted file mode 100644 index 594e8f8..0000000 --- a/roles/netbox/README.md +++ /dev/null @@ -1,88 +0,0 @@ -# `netbox` role - -A role for setting up NetBox. -It automatically pulls in all required dependencies like Redis and PostgreSQL, deploys the provided systemd services and gunicorn config and sets up a PostgreSQL database named `netbox` with an owner named `netbox` and the specified password. -However providing the [NetBox configuration](#netbox-configuration), [setting up a web server like nginx to proxy to gunicorn](#web-server-setup) and tasks like creating users, etc. you have to do yourself. - -## Supported Distributions - -Should work on Debian-based distributions. - -## Required Arguments - -- `netbox__version`: The NetBox version to deploy. -- `netbox__db_password`: The password to use for connection to the database. - This is required since the upgrade script runs as root and therefore peer authentication doesn't work. -- `netbox__config`: The NetBox config to deploy. - See [NetBox Configuration](#netbox-configuration) for more infos. - -## Optional Arguments - -- `netbox__custom_pipeline_oidc_group_and_role_mapping`: Whether or not to have custom pipeline code for OIDC group and role mapping present. - See [Custom Pipeline Code for OIDC Group and Role Mapping](#custom-pipeline-code-for-oidc-group-and-role-mapping) for more infos. - Defaults to `false`. - -## NetBox Configuration - -The NetBox configuration should include a connection to Redis as well as a connection to PostgreSQL. -Configuration for the Redis connection: - -```python -REDIS = { - "tasks": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 0, - "SSL": False, - }, - "caching": { - "HOST": "localhost", - "PORT": 6379, - "USERNAME": "", - "PASSWORD": "", - "DATABASE": 1, - "SSL": False, - }, -} -``` - -Configuration for the PostgreSQL connection: - -```python -DATABASE = { - "HOST": "localhost", - "NAME": "netbox", - "USER": "netbox", - "PASSWORD": "", -} -``` - -Further configuration should take place. Some relevant resources can be found here: - -- Installation guide configuration docs: -- Configuration docs: -- Example configuration: - -## Web Server Setup - -As this role just sets up gunicorn, but doesn't set up a web server, you need to do that yourself. -The relevant documentation on how to do that can be found here: - -- Web server setup docs: -- Example base nginx config: - -## Custom Pipeline Code for OIDC Group and Role Mapping - -Setting the option `netbox__custom_pipeline_oidc_group_and_role_mapping` to `true` makes this role ensure custom pipeline code for OIDC group and role mapping is present. -Note that this role uses code for NetBox >= 4.0.0. -The code is available in `files/custom_pipeline_oidc_group_and_role_mapping.py`, licensed under the CC BY-SA 4.0 license and taken from [this authentik NetBox documentation](https://docs.goauthentik.io/integrations/services/netbox/). -The documentation also shows how to use the pipeline code by defining a custom `SOCIAL_AUTH_PIPELINE`, which you also need to do, as the configuration isn't provided by this role. -However instead of under `netbox.custom_pipeline.` the functions are available under `netbox.custom_pipeline_oidc_mapping.` with this role. -See also [the default settings.py](https://github.com/netbox-community/netbox/blob/main/netbox/netbox/settings.py) for the default `SOCIAL_AUTH_PIPELINE`. - -## Links & Resources - -- The NetBox Git Repo: -- The NetBox installation docs: diff --git a/roles/netbox/defaults/main.yaml b/roles/netbox/defaults/main.yaml deleted file mode 100644 index 49b518e..0000000 --- a/roles/netbox/defaults/main.yaml +++ /dev/null @@ -1 +0,0 @@ -netbox__custom_pipeline_oidc_group_and_role_mapping: false diff --git a/roles/netbox/files/custom_pipeline_oidc_group_and_role_mapping.py b/roles/netbox/files/custom_pipeline_oidc_group_and_role_mapping.py deleted file mode 100644 index 470f388..0000000 --- a/roles/netbox/files/custom_pipeline_oidc_group_and_role_mapping.py +++ /dev/null @@ -1,55 +0,0 @@ -# Licensed under Creative Commons: CC BY-SA 4.0 license. -# https://github.com/goauthentik/authentik/blob/main/LICENSE -# https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md -# https://docs.goauthentik.io/integrations/services/netbox/ -from netbox.authentication import Group - -class AuthFailed(Exception): - pass - -def add_groups(response, user, backend, *args, **kwargs): - try: - groups = response['groups'] - except KeyError: - pass - - # Add all groups from oAuth token - for group in groups: - group, created = Group.objects.get_or_create(name=group) - user.groups.add(group) - -def remove_groups(response, user, backend, *args, **kwargs): - try: - groups = response['groups'] - except KeyError: - # Remove all groups if no groups in oAuth token - user.groups.clear() - pass - - # Get all groups of user - user_groups = [item.name for item in user.groups.all()] - # Get groups of user which are not part of oAuth token - delete_groups = list(set(user_groups) - set(groups)) - - # Delete non oAuth token groups - for delete_group in delete_groups: - group = Group.objects.get(name=delete_group) - user.groups.remove(group) - - -def set_roles(response, user, backend, *args, **kwargs): - # Remove Roles temporary - user.is_superuser = False - user.is_staff = False - try: - groups = response['groups'] - except KeyError: - # When no groups are set - # save the user without Roles - user.save() - pass - - # Set roles is role (superuser or staff) is in groups - user.is_superuser = True if 'superusers' in groups else False - user.is_staff = True if 'staff' in groups else False - user.save() diff --git a/roles/netbox/handlers/main.yaml b/roles/netbox/handlers/main.yaml deleted file mode 100644 index fd7eb62..0000000 --- a/roles/netbox/handlers/main.yaml +++ /dev/null @@ -1,24 +0,0 @@ -- name: Run upgrade script - ansible.builtin.command: /opt/netbox/upgrade.sh - become: true - # When it runs, this should always report changed. - changed_when: true - -- name: Ensure netbox systemd services are set up and up-to-date - ansible.builtin.systemd_service: - daemon_reload: true - name: "{{ item }}" - enabled: true - state: restarted - become: true - loop: - - "netbox.service" - - "netbox-rq.service" - -- name: Ensure netbox housekeeping timer is set up and up-to-date - ansible.builtin.systemd_service: - daemon_reload: true - name: "netbox-housekeeping.timer" - enabled: true - state: restarted - become: true diff --git a/roles/netbox/meta/argument_specs.yaml b/roles/netbox/meta/argument_specs.yaml deleted file mode 100644 index 0506389..0000000 --- a/roles/netbox/meta/argument_specs.yaml +++ /dev/null @@ -1,16 +0,0 @@ -argument_specs: - main: - options: - netbox__version: - type: str - required: true - netbox__db_password: - type: str - required: true - netbox__config: - type: str - required: true - netbox__custom_pipeline_oidc_group_and_role_mapping: - type: bool - required: false - default: false diff --git a/roles/netbox/meta/main.yaml b/roles/netbox/meta/main.yaml deleted file mode 100644 index 79c845d..0000000 --- a/roles/netbox/meta/main.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -dependencies: - - role: redis - - role: postgresql - vars: - postgresql__dbs: - - name: netbox - owner: netbox - postgresql__users: - - name: netbox - password: "{{ netbox__db_password }}" diff --git a/roles/netbox/tasks/main.yaml b/roles/netbox/tasks/main.yaml deleted file mode 100644 index dffa746..0000000 --- a/roles/netbox/tasks/main.yaml +++ /dev/null @@ -1,124 +0,0 @@ -- name: Ensure all dependencies are installed - ansible.builtin.apt: - name: - - python3 - - python3-pip - - python3-venv - - python3-dev - - build-essential - - libxml2-dev - - libxslt1-dev - - libffi-dev - - libpq-dev - - libssl-dev - - zlib1g-dev - - git - become: true - -- name: Ensure NetBox source is present - ansible.builtin.git: - repo: https://github.com/netbox-community/netbox.git - dest: /opt/netbox/ - version: "{{ netbox__version }}" - become: true - notify: - - Run upgrade script - - Ensure netbox systemd services are set up and up-to-date - -- name: Ensures custom pipeline code for OIDC group and role mapping is present - ansible.builtin.copy: - src: custom_pipeline_oidc_group_and_role_mapping.py - dest: /opt/netbox/netbox/netbox/custom_pipeline_oidc_mapping.py - mode: "0644" - owner: root - group: root - when: netbox__custom_pipeline_oidc_group_and_role_mapping - become: true - notify: - - Ensure netbox systemd services are set up and up-to-date - -- name: Ensures custom pipeline code for OIDC group and role mapping is not present - ansible.builtin.file: - path: /opt/netbox/netbox/netbox/custom_pipeline_oidc_mapping.py - state: absent - when: not netbox__custom_pipeline_oidc_group_and_role_mapping - become: true - notify: - - Ensure netbox systemd services are set up and up-to-date - -- name: Ensure netbox user - block: - - name: Ensure netbox group exists - ansible.builtin.group: - name: netbox - system: true - become: true - - - name: Ensure netbox user exists - ansible.builtin.user: - name: netbox - group: netbox - password: '!' - system: true - become: true - -- name: Ensure relevant directories are owned by netbox user - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: netbox - recurse: true - become: true - loop: - - "/opt/netbox/netbox/media/" - - "/opt/netbox/netbox/reports/" - - "/opt/netbox/netbox/scripts/" - -- name: Deploy configuration.py - ansible.builtin.copy: - content: "{{ netbox__config }}" - dest: "/opt/netbox/netbox/netbox/configuration.py" - mode: "0644" - owner: root - group: root - become: true - notify: Ensure netbox systemd services are set up and up-to-date - -- name: Ensure provided gunicorn config is copied - ansible.builtin.copy: - remote_src: true - src: "/opt/netbox/contrib/gunicorn.py" - dest: "/opt/netbox/gunicorn.py" - mode: "0644" - owner: root - group: root - become: true - notify: Ensure netbox systemd services are set up and up-to-date - -- name: Ensure provided netbox systemd service files are copied - ansible.builtin.copy: - remote_src: true - src: "/opt/netbox/contrib/{{ item }}" - dest: "/etc/systemd/system/{{ item }}" - mode: "0644" - owner: root - group: root - become: true - loop: - - "netbox.service" - - "netbox-rq.service" - notify: Ensure netbox systemd services are set up and up-to-date - -- name: Ensure provided housekeeping systemd service and timer are copied - ansible.builtin.copy: - remote_src: true - src: "/opt/netbox/contrib/{{ item }}" - dest: "/etc/systemd/system/{{ item }}" - mode: "0644" - owner: root - group: root - become: true - loop: - - "netbox-housekeeping.service" - - "netbox-housekeeping.timer" - notify: Ensure netbox housekeeping timer is set up and up-to-date diff --git a/roles/postgresql/README.md b/roles/postgresql/README.md deleted file mode 100644 index 6457931..0000000 --- a/roles/postgresql/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# Role `postgresql` - -Ensures `postgresql` is installed by installing the distributions package. -Also ensures the optionally given databases and users are set up as specified. - -## Supported Distributions - -Should work on Debian-based distributions. - -## Required Arguments - -None. - -## Optional Arguments - -- `postgresql__dbs`: List of databases with their owner to ensure are set up. -- `postgresql__dbs.*.name`: Name of the database. -- `postgresql__dbs.*.owner`: Owner of the database. -- `postgresql__users`: List of users to ensure are set up. -- `postgresql__users.*.name`: Name of the user. -- `postgresql__users.*.password`: Optional password for the user. - If left unset, the user will have no password set, but can still connect using [peer authentication](https://www.postgresql.org/docs/current/auth-peer.html) on the local system. - (Peer authentication works when a password is set as well.) - -## Example Arguments - -```yaml -postgresql__dbs: - - name: netbox - owner: netbox - - name: foo - owner: bar -postgresql__users: - - name: netbox - password: super_secret - - name: bar -``` diff --git a/roles/postgresql/defaults/main.yaml b/roles/postgresql/defaults/main.yaml deleted file mode 100644 index 21fcd46..0000000 --- a/roles/postgresql/defaults/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ -postgresql__dbs: [ ] -postgresql__users: [ ] diff --git a/roles/postgresql/meta/argument_specs.yaml b/roles/postgresql/meta/argument_specs.yaml deleted file mode 100644 index 28e5813..0000000 --- a/roles/postgresql/meta/argument_specs.yaml +++ /dev/null @@ -1,28 +0,0 @@ -argument_specs: - main: - options: - postgresql__dbs: - type: list - elements: dict - required: false - default: [ ] - options: - name: - type: str - required: true - owner: - type: str - required: true - postgresql__users: - type: list - elements: dict - required: false - default: [ ] - options: - name: - type: str - required: true - password: - type: str - required: false - default: "" diff --git a/roles/postgresql/tasks/main.yaml b/roles/postgresql/tasks/main.yaml deleted file mode 100644 index 8f89018..0000000 --- a/roles/postgresql/tasks/main.yaml +++ /dev/null @@ -1,30 +0,0 @@ -- name: Ensure postgresql is installed - ansible.builtin.apt: - name: - - postgresql - become: true - -- name: Ensure Python library for community.postgresql is installed if needed - ansible.builtin.apt: - name: - - python3-psycopg - become: true - when: postgresql__dbs != [ ] or postgresql__users != [ ] - -- name: Ensure users - community.postgresql.postgresql_user: - name: "{{ item.name }}" - password: "{{ item.password | default('') }}" - become: true - become_user: postgres - loop: "{{ postgresql__users }}" - loop_control: - label: "user {{ item.name }} with {{ 'a password' if item.password is defined else 'no password' }}" - -- name: Ensure dbs with owners - community.postgresql.postgresql_db: - name: "{{ item.name }}" - owner: "{{ item.owner }}" - become: true - become_user: postgres - loop: "{{ postgresql__dbs }}" diff --git a/roles/redis/README.md b/roles/redis/README.md deleted file mode 100644 index dd30500..0000000 --- a/roles/redis/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# Role `redis` - -Ensures `redis` is installed by installing the distributions package. - -## Supported Distributions - -Should work on Debian-based distributions. - -## Required Arguments - -None. - -## Optional Arguments - -None. diff --git a/roles/redis/tasks/main.yaml b/roles/redis/tasks/main.yaml deleted file mode 100644 index ad70e44..0000000 --- a/roles/redis/tasks/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Ensure redis is installed - ansible.builtin.apt: - name: - - redis - become: true