Add lint configuration and CI and fix the identified errors #14
21 changed files with 837 additions and 763 deletions
6
.ansible-lint
Normal file
6
.ansible-lint
Normal file
|
@ -0,0 +1,6 @@
|
|||
skip_list:
|
||||
- "yaml[line-length]"
|
||||
- "name[casing]"
|
||||
|
||||
exclude_paths:
|
||||
- .forgejo/
|
15
.editorconfig
Normal file
15
.editorconfig
Normal file
|
@ -0,0 +1,15 @@
|
|||
root = true
|
||||
|
||||
[*]
|
||||
end_of_line = lf
|
||||
insert_final_newline = true
|
||||
trim_trailing_whitespace = true
|
||||
indent_style = space
|
||||
charset = utf-8
|
||||
|
||||
[*.md]
|
||||
indent_size = 2
|
||||
trim_trailing_whitespace = false
|
||||
|
||||
[*.yaml]
|
||||
indent_size = 2
|
32
.forgejo/workflows/lint.yaml
Normal file
32
.forgejo/workflows/lint.yaml
Normal file
|
@ -0,0 +1,32 @@
|
|||
# Links & Resources:
|
||||
# https://github.com/ansible/ansible-lint?tab=readme-ov-file#using-ansible-lint-as-a-github-action
|
||||
# https://github.com/ansible/ansible-lint/blob/main/action.yml
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
|
||||
jobs:
|
||||
ansible-lint:
|
||||
name: Ansible Lint
|
||||
runs-on: docker
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Install pip
|
||||
run: |
|
||||
apt update
|
||||
apt install -y pip
|
||||
- name: Install python jmespath
|
||||
run: |
|
||||
pip install jmespath
|
||||
env:
|
||||
PIP_BREAK_SYSTEM_PACKAGES: 1
|
||||
# Don't let it setup python as the then called setup-python action doesn't
|
||||
# work in our environmnet.
|
||||
# Rather manually setup python (pip) before instead.
|
||||
- name: Run ansible-lint
|
||||
uses: https://github.com/ansible/ansible-lint@main
|
||||
with:
|
||||
setup_python: "false"
|
||||
requirements_file: "requirements.yml"
|
||||
env:
|
||||
PIP_BREAK_SYSTEM_PACKAGES: 1
|
6
.yamllint.yaml
Normal file
6
.yamllint.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
rules:
|
||||
brackets:
|
||||
min-spaces-inside: 1
|
||||
max-spaces-inside: 1
|
||||
min-spaces-inside-empty: 1
|
||||
max-spaces-inside-empty: 1
|
|
@ -1,5 +1,5 @@
|
|||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/ccchoir/compose.yaml.j2') }}"
|
||||
docker_compose__configuration_files: []
|
||||
docker_compose__configuration_files: [ ]
|
||||
|
||||
certbot__version_spec: ""
|
||||
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pad/compose.yaml.j2') }}"
|
||||
docker_compose__configuration_files: []
|
||||
docker_compose__configuration_files: [ ]
|
||||
|
||||
certbot__version_spec: ""
|
||||
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/pretalx/compose.yaml.j2') }}"
|
||||
docker_compose__configuration_files: []
|
||||
docker_compose__configuration_files: [ ]
|
||||
|
||||
certbot__version_spec: ""
|
||||
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'chaosknoten/configs/zammad/compose.yaml.j2') }}"
|
||||
docker_compose__configuration_files: []
|
||||
docker_compose__configuration_files: [ ]
|
||||
|
||||
certbot__version_spec: ""
|
||||
certbot__acme_account_email_address: le-admin@hamburg.ccc.de
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
apiVersion: 1
|
||||
|
||||
datasources:
|
||||
- name: Prometheus
|
||||
type: prometheus
|
||||
url: http://prometheus:9090
|
||||
isDefault: true
|
||||
access: proxy
|
||||
editable: true
|
||||
|
||||
- name: Prometheus
|
||||
type: prometheus
|
||||
url: http://prometheus:9090
|
||||
isDefault: true
|
||||
access: proxy
|
||||
editable: true
|
||||
|
|
|
@ -5,110 +5,110 @@ global:
|
|||
|
||||
alerting:
|
||||
alertmanagers:
|
||||
- scheme: http
|
||||
timeout: 10s
|
||||
static_configs:
|
||||
- targets:
|
||||
- "alertmanager:9093"
|
||||
- scheme: http
|
||||
timeout: 10s
|
||||
static_configs:
|
||||
- targets:
|
||||
- "alertmanager:9093"
|
||||
|
||||
rule_files:
|
||||
- "/etc/prometheus/rules/*.rules.yaml"
|
||||
|
||||
scrape_configs:
|
||||
- job_name: prometheus
|
||||
honor_timestamps: true
|
||||
metrics_path: /metrics
|
||||
scheme: http
|
||||
static_configs:
|
||||
- targets:
|
||||
- localhost:9090
|
||||
- job_name: alertmanager
|
||||
honor_timestamps: true
|
||||
metrics_path: /metrics
|
||||
scheme: http
|
||||
static_configs:
|
||||
- targets:
|
||||
- alertmanager:9093
|
||||
- job_name: c3lingo
|
||||
honor_timestamps: true
|
||||
scrape_interval: 5s
|
||||
scrape_timeout: 1s
|
||||
metrics_path: /mumblestats/metrics
|
||||
scheme: https
|
||||
static_configs:
|
||||
- targets:
|
||||
- mumble.c3lingo.org:443
|
||||
- job_name: mumble
|
||||
honor_timestamps: true
|
||||
scrape_interval: 5s
|
||||
scrape_timeout: 1s
|
||||
metrics_path: /metrics
|
||||
scheme: https
|
||||
static_configs:
|
||||
- targets:
|
||||
- mumble.hamburg.ccc.de:443
|
||||
- job_name: opnsense-ccchh
|
||||
honor_timestamps: true
|
||||
metrics_path: /metrics
|
||||
scheme: http
|
||||
static_configs:
|
||||
- targets:
|
||||
- 185.161.129.132:9100
|
||||
- job_name: jitsi
|
||||
honor_timestamps: true
|
||||
scrape_interval: 5s
|
||||
scrape_timeout: 1s
|
||||
metrics_path: /metrics
|
||||
scheme: http
|
||||
static_configs:
|
||||
- targets:
|
||||
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
|
||||
- job_name: 'pve'
|
||||
static_configs:
|
||||
- targets:
|
||||
- 212.12.48.126 # chaosknoten
|
||||
metrics_path: /pve
|
||||
params:
|
||||
module: [default]
|
||||
cluster: ['1']
|
||||
node: ['1']
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: pve-exporter:9221
|
||||
- job_name: hosts
|
||||
static_configs:
|
||||
# Wieske Chaosknoten VMs
|
||||
- labels:
|
||||
site: wieske
|
||||
type: virtual_machine
|
||||
hypervisor: chaosknoten
|
||||
targets:
|
||||
- netbox-intern.hamburg.ccc.de:9100
|
||||
- matrix-intern.hamburg.ccc.de:9100
|
||||
- public-web-static-intern.hamburg.ccc.de:9100
|
||||
- git-intern.hamburg.ccc.de:9100
|
||||
- forgejo-actions-runner-intern.hamburg.ccc.de:9100
|
||||
- eh22-wiki-intern.hamburg.ccc.de:9100
|
||||
- nix-box-june-intern.hamburg.ccc.de:9100
|
||||
- mjolnir-intern.hamburg.ccc.de:9100
|
||||
- woodpecker-intern.hamburg.ccc.de:9100
|
||||
- penpot-intern.hamburg.ccc.de:9100
|
||||
- jitsi.hamburg.ccc.de:9100
|
||||
- onlyoffice-intern.hamburg.ccc.de:9100
|
||||
- ccchoir-intern.hamburg.ccc.de:9100
|
||||
- tickets-intern.hamburg.ccc.de:9100
|
||||
- keycloak-intern.hamburg.ccc.de:9100
|
||||
- onlyoffice-intern.hamburg.ccc.de:9100
|
||||
- pad-intern.hamburg.ccc.de:9100
|
||||
- wiki-intern.hamburg.ccc.de:9100
|
||||
- zammad-intern.hamburg.ccc.de:9100
|
||||
- pretalx-intern.hamburg.ccc.de:9100
|
||||
- labels:
|
||||
site: wieske
|
||||
type: physical_machine
|
||||
targets:
|
||||
- chaosknoten.hamburg.ccc.de:9100
|
||||
- job_name: prometheus
|
||||
honor_timestamps: true
|
||||
metrics_path: /metrics
|
||||
scheme: http
|
||||
static_configs:
|
||||
- targets:
|
||||
- localhost:9090
|
||||
- job_name: alertmanager
|
||||
honor_timestamps: true
|
||||
metrics_path: /metrics
|
||||
scheme: http
|
||||
static_configs:
|
||||
- targets:
|
||||
- alertmanager:9093
|
||||
- job_name: c3lingo
|
||||
honor_timestamps: true
|
||||
scrape_interval: 5s
|
||||
scrape_timeout: 1s
|
||||
metrics_path: /mumblestats/metrics
|
||||
scheme: https
|
||||
static_configs:
|
||||
- targets:
|
||||
- mumble.c3lingo.org:443
|
||||
- job_name: mumble
|
||||
honor_timestamps: true
|
||||
scrape_interval: 5s
|
||||
scrape_timeout: 1s
|
||||
metrics_path: /metrics
|
||||
scheme: https
|
||||
static_configs:
|
||||
- targets:
|
||||
- mumble.hamburg.ccc.de:443
|
||||
- job_name: opnsense-ccchh
|
||||
honor_timestamps: true
|
||||
metrics_path: /metrics
|
||||
scheme: http
|
||||
static_configs:
|
||||
- targets:
|
||||
- 185.161.129.132:9100
|
||||
- job_name: jitsi
|
||||
honor_timestamps: true
|
||||
scrape_interval: 5s
|
||||
scrape_timeout: 1s
|
||||
metrics_path: /metrics
|
||||
scheme: http
|
||||
static_configs:
|
||||
- targets:
|
||||
- jitsi.hamburg.ccc.de:9888 # Jitsi Video Bridge
|
||||
- job_name: 'pve'
|
||||
static_configs:
|
||||
- targets:
|
||||
- 212.12.48.126 # chaosknoten
|
||||
metrics_path: /pve
|
||||
params:
|
||||
module: [ default ]
|
||||
cluster: [ '1' ]
|
||||
node: [ '1' ]
|
||||
relabel_configs:
|
||||
- source_labels: [ __address__ ]
|
||||
target_label: __param_target
|
||||
- source_labels: [ __param_target ]
|
||||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: pve-exporter:9221
|
||||
- job_name: hosts
|
||||
static_configs:
|
||||
# Wieske Chaosknoten VMs
|
||||
- labels:
|
||||
site: wieske
|
||||
type: virtual_machine
|
||||
hypervisor: chaosknoten
|
||||
targets:
|
||||
- netbox-intern.hamburg.ccc.de:9100
|
||||
- matrix-intern.hamburg.ccc.de:9100
|
||||
- public-web-static-intern.hamburg.ccc.de:9100
|
||||
- git-intern.hamburg.ccc.de:9100
|
||||
- forgejo-actions-runner-intern.hamburg.ccc.de:9100
|
||||
- eh22-wiki-intern.hamburg.ccc.de:9100
|
||||
- nix-box-june-intern.hamburg.ccc.de:9100
|
||||
- mjolnir-intern.hamburg.ccc.de:9100
|
||||
- woodpecker-intern.hamburg.ccc.de:9100
|
||||
- penpot-intern.hamburg.ccc.de:9100
|
||||
- jitsi.hamburg.ccc.de:9100
|
||||
- onlyoffice-intern.hamburg.ccc.de:9100
|
||||
- ccchoir-intern.hamburg.ccc.de:9100
|
||||
- tickets-intern.hamburg.ccc.de:9100
|
||||
- keycloak-intern.hamburg.ccc.de:9100
|
||||
- onlyoffice-intern.hamburg.ccc.de:9100
|
||||
- pad-intern.hamburg.ccc.de:9100
|
||||
- wiki-intern.hamburg.ccc.de:9100
|
||||
- zammad-intern.hamburg.ccc.de:9100
|
||||
- pretalx-intern.hamburg.ccc.de:9100
|
||||
- labels:
|
||||
site: wieske
|
||||
type: physical_machine
|
||||
targets:
|
||||
- chaosknoten.hamburg.ccc.de:9100
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -5,21 +5,21 @@ services:
|
|||
container_name: mailman-core
|
||||
hostname: mailman-core
|
||||
volumes:
|
||||
- /opt/mailman/core:/opt/mailman/
|
||||
- /opt/mailman/core:/opt/mailman/
|
||||
stop_grace_period: 30s
|
||||
links:
|
||||
- database:database
|
||||
- database:database
|
||||
depends_on:
|
||||
- database
|
||||
- database
|
||||
environment:
|
||||
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
|
||||
- DATABASE_TYPE=postgres
|
||||
- DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
|
||||
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
|
||||
- MTA=postfix
|
||||
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
|
||||
- DATABASE_TYPE=postgres
|
||||
- DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
|
||||
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
|
||||
- MTA=postfix
|
||||
ports:
|
||||
- "127.0.0.1:8001:8001" # API
|
||||
- "127.0.0.1:8024:8024" # LMTP - incoming emails
|
||||
- "127.0.0.1:8001:8001" # API
|
||||
- "127.0.0.1:8024:8024" # LMTP - incoming emails
|
||||
networks:
|
||||
mailman:
|
||||
|
||||
|
@ -29,36 +29,36 @@ services:
|
|||
container_name: mailman-web
|
||||
hostname: mailman-web
|
||||
depends_on:
|
||||
- database
|
||||
- database
|
||||
links:
|
||||
- mailman-core:mailman-core
|
||||
- database:database
|
||||
- mailman-core:mailman-core
|
||||
- database:database
|
||||
volumes:
|
||||
- /opt/mailman/web:/opt/mailman-web-data
|
||||
- /opt/mailman/web:/opt/mailman-web-data
|
||||
environment:
|
||||
- DATABASE_TYPE=postgres
|
||||
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
|
||||
- "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
|
||||
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
|
||||
- SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
|
||||
- SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt
|
||||
- MAILMAN_ADMIN_USER=ccchh-admin
|
||||
- MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de
|
||||
- DATABASE_TYPE=postgres
|
||||
- DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
|
||||
- "DJANGO_ALLOWED_HOSTS=lists.hamburg.ccc.de,lists.c3lingo.org"
|
||||
- HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
|
||||
- SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
|
||||
- SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt
|
||||
- MAILMAN_ADMIN_USER=ccchh-admin
|
||||
- MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de
|
||||
ports:
|
||||
- "127.0.0.1:8000:8000" # HTTP
|
||||
- "127.0.0.1:8080:8080" # uwsgi
|
||||
- "127.0.0.1:8000:8000" # HTTP
|
||||
- "127.0.0.1:8080:8080" # uwsgi
|
||||
networks:
|
||||
mailman:
|
||||
|
||||
database:
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_DB=mailmandb
|
||||
- POSTGRES_USER=mailman
|
||||
- POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
|
||||
- POSTGRES_DB=mailmandb
|
||||
- POSTGRES_USER=mailman
|
||||
- POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
|
||||
image: postgres:12-alpine
|
||||
volumes:
|
||||
- /opt/mailman/database:/var/lib/postgresql/data
|
||||
- /opt/mailman/database:/var/lib/postgresql/data
|
||||
networks:
|
||||
mailman:
|
||||
|
||||
|
@ -68,5 +68,5 @@ networks:
|
|||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
-
|
||||
subnet: 172.19.199.0/24
|
||||
-
|
||||
subnet: 172.19.199.0/24
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
- name: reboot the system
|
||||
become: true
|
||||
ansible.builtin.reboot:
|
|
@ -1,15 +1,13 @@
|
|||
- name: update, upgrade and potentially reboot
|
||||
become: true
|
||||
block:
|
||||
- name: apt-get update
|
||||
ansible.builtin.apt:
|
||||
update-cache: true
|
||||
- name: apt-get update
|
||||
ansible.builtin.apt:
|
||||
update-cache: true
|
||||
|
||||
- name: apt-get dist-upgrade
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
register: apt_update_and_upgrade__upgrade_result
|
||||
|
||||
- name: reboot, after package upgrade
|
||||
ansible.builtin.reboot:
|
||||
when: apt_update_and_upgrade__upgrade_result.changed
|
||||
- name: apt-get dist-upgrade
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
register: apt_update_and_upgrade__upgrade_result
|
||||
notify:
|
||||
- reboot the system
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
- name: reboot the system
|
||||
become: true
|
||||
ansible.builtin.reboot:
|
|
@ -3,21 +3,34 @@
|
|||
become: true
|
||||
|
||||
block:
|
||||
- name: deploy `sshd_config`
|
||||
ansible.builtin.template:
|
||||
force: true
|
||||
dest: /etc/ssh/sshd_config
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
src: sshd_config.j2
|
||||
register: deploy_ssh_server_config__ssh_config_copy_result
|
||||
- name: deploy `sshd_config`
|
||||
ansible.builtin.template:
|
||||
force: true
|
||||
dest: /etc/ssh/sshd_config
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
src: sshd_config.j2
|
||||
notify:
|
||||
# Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
|
||||
- reboot the system
|
||||
|
||||
- name: deactivate short moduli
|
||||
ansible.builtin.shell:
|
||||
cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli
|
||||
- name: deactivate short moduli
|
||||
ansible.builtin.shell:
|
||||
executable: /bin/bash
|
||||
cmd: |
|
||||
set -eo pipefail
|
||||
|
||||
# Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
|
||||
- name: reboot, if ssh server config got changed
|
||||
ansible.builtin.reboot:
|
||||
when: deploy_ssh_server_config__ssh_config_copy_result.changed
|
||||
awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp
|
||||
if diff /etc/ssh/moduli /etc/ssh/moduli.tmp; then
|
||||
rm /etc/ssh/moduli.tmp
|
||||
else
|
||||
mv /etc/ssh/moduli.tmp /etc/ssh/moduli
|
||||
echo "ansible-changed: changed /etc/ssh/moduli"
|
||||
fi
|
||||
register: result
|
||||
changed_when:
|
||||
- '"ansible-changed" in result.stdout'
|
||||
notify:
|
||||
# Reboot instead of just restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
|
||||
- reboot the system
|
||||
|
|
|
@ -4,4 +4,3 @@
|
|||
user: chaos
|
||||
exclusive: true
|
||||
key: https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/raw/branch/trunk/authorized_keys
|
||||
|
|
@ -17,4 +17,4 @@ dependencies:
|
|||
- role: docker_compose
|
||||
vars:
|
||||
docker_compose__compose_file_content: "{{ lookup('ansible.builtin.template', 'compose.yaml.j2') }}"
|
||||
docker_compose__configuration_files: []
|
||||
docker_compose__configuration_files: [ ]
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
nginx__deploy_redirect_conf: true
|
||||
nginx__deploy_tls_conf: true
|
||||
nginx__configurations: []
|
||||
nginx__configurations: [ ]
|
||||
nginx__use_custom_nginx_conf: false
|
||||
nginx__custom_nginx_conf: ""
|
||||
|
|
|
@ -7,11 +7,11 @@
|
|||
when: nginx__use_custom_nginx_conf
|
||||
block:
|
||||
- name: when no `nginx.conf.ansiblesave` is present, save the current `nginx.conf`
|
||||
when: nginx__nginx_conf_ansiblesave_stat_result.stat.exists == false
|
||||
when: not nginx__nginx_conf_ansiblesave_stat_result.stat.exists
|
||||
ansible.builtin.copy:
|
||||
force: true
|
||||
dest: /etc/nginx/nginx.conf.ansiblesave
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
remote_src: true
|
||||
|
@ -22,7 +22,7 @@
|
|||
ansible.builtin.copy:
|
||||
content: "{{ nginx__custom_nginx_conf }}"
|
||||
dest: "/etc/nginx/nginx.conf"
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
|
@ -36,7 +36,7 @@
|
|||
ansible.builtin.copy:
|
||||
force: true
|
||||
dest: /etc/nginx/nginx.conf
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
remote_src: true
|
||||
|
@ -55,7 +55,7 @@
|
|||
ansible.builtin.get_url:
|
||||
force: true
|
||||
dest: /etc/nginx-mozilla-dhparam
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
url: https://ssl-config.mozilla.org/ffdhe2048.txt
|
||||
become: true
|
||||
notify: Restart `nginx.service`
|
||||
|
@ -71,7 +71,7 @@
|
|||
ansible.builtin.copy:
|
||||
force: true
|
||||
dest: /etc/nginx/conf.d/tls.conf
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
src: tls.conf
|
||||
|
@ -89,7 +89,7 @@
|
|||
ansible.builtin.copy:
|
||||
force: true
|
||||
dest: /etc/nginx/conf.d/redirect.conf
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
src: redirect.conf
|
||||
|
@ -104,7 +104,7 @@
|
|||
ansible.builtin.copy:
|
||||
content: "{{ item.content }}"
|
||||
dest: "/etc/nginx/conf.d/{{ item.name }}.conf"
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
become: true
|
||||
|
|
Loading…
Reference in a new issue