Use 'loop' syntax instead of 'with_items'

This commit is contained in:
Jérémy Lecour 2021-05-04 14:18:40 +02:00 committed by Jérémy Lecour
parent debc4a82ca
commit 5138065059
93 changed files with 154 additions and 155 deletions

View File

@ -19,7 +19,7 @@ The **patch** part changes incrementally at each release.
### Changed
* Use 'loop' syntax instead of 'with_first_found'
* Use 'loop' syntax instead of 'with_first_found/with_items'
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
* evolinux-base: copy GPG key instead of using apt-key
* ntpd: Add leapfile configuration setting to ntpd on debian 10+

View File

@ -21,11 +21,11 @@
groupname: launched-instances
ansible_user: admin
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
with_items: "{{ec2.instances}}"
loop: "{{ec2.instances}}"
- debug:
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
with_items: "{{ec2.instances}}"
loop: "{{ec2.instances}}"
- name: Wait for SSH to come up on all instances (give up after 2m)
wait_for:
@ -33,4 +33,4 @@
host: "{{item.public_dns_name}}"
port: 22
timeout: 120
with_items: "{{ec2.instances}}"
loop: "{{ec2.instances}}"

View File

@ -40,7 +40,7 @@
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: present
with_items: "{{ apache_private_htpasswd_present }}"
loop: "{{ apache_private_htpasswd_present }}"
notify: reload apache
tags:
- apache
@ -50,7 +50,7 @@
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: absent
with_items: "{{ apache_private_htpasswd_absent }}"
loop: "{{ apache_private_htpasswd_absent }}"
notify: reload apache
tags:
- apache

View File

@ -5,7 +5,7 @@
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: present
with_items: "{{ apache_ipaddr_whitelist_present }}"
loop: "{{ apache_ipaddr_whitelist_present }}"
notify: reload apache
tags:
- apache
@ -16,7 +16,7 @@
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: absent
with_items: "{{ apache_ipaddr_whitelist_absent }}"
loop: "{{ apache_ipaddr_whitelist_absent }}"
notify: reload apache
tags:
- apache

View File

@ -42,7 +42,7 @@
apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- rewrite
- expires
- headers
@ -58,7 +58,7 @@
apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- cgi
notify: reload apache
when: apache_mpm == "prefork" or apache_mpm == "itk"
@ -102,7 +102,7 @@
command: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
with_items:
loop:
- z-evolinux-defaults.conf
- zzz-evolinux-custom.conf
notify: reload apache

View File

@ -15,7 +15,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- apache_accesses
- apache_processes
- apache_volume

View File

@ -14,7 +14,7 @@
file:
path: '{{ item }}'
state: absent
with_items:
loop:
- /etc/apt/sources.list.d/debian-security.list
- /etc/apt/sources.list.d/debian-jessie.list
- /etc/apt/sources.list.d/debian-stretch.list

View File

@ -8,7 +8,7 @@
create: yes
state: present
mode: "0640"
with_items:
loop:
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
@ -23,7 +23,7 @@
create: yes
state: present
mode: "0640"
with_items:
loop:
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"

View File

@ -14,7 +14,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- bind9
- bind9_rndc
notify: restart munin-node
@ -30,7 +30,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- bind9
- bind9_rndc
notify: restart munin-node

View File

@ -5,7 +5,7 @@
question: "{{ item.key }}"
value: "{{ item.value }}"
vtype: "{{ item.type }}"
with_items:
loop:
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
@ -57,7 +57,7 @@
question: "{{ item.key }}"
value: "{{ item.value }}"
vtype: "{{ item.type }}"
with_items:
loop:
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }

View File

@ -80,7 +80,7 @@
src: "{{ item }}.j2"
dest: "{{ docker_tls_path }}/{{ item }}"
mode: "0744"
with_items:
loop:
- shellpki.sh
- openssl.cnf
when: docker_tls_enabled

View File

@ -24,7 +24,7 @@
line: "{{ item.key }} = {{ item.value }}"
regexp: "^#*{{ item.key }}"
state: present
with_items:
loop:
- { key: 'hosts', value: '127.0.0.1' }
- { key: 'auth_bind', value: 'yes' }
- { key: 'ldap_version', value: 3 }

View File

@ -46,7 +46,7 @@
lineinfile:
dest: "{{ repository_path }}/.gitignore"
line: "{{ item }}"
with_items: "{{ gitignore_items | default([]) }}"
loop: "{{ gitignore_items | default([]) }}"
tags:
- etc-git

View File

@ -4,7 +4,7 @@
section: 'req'
option: "{{ item.name }}"
value: "{{ item.var }}"
with_items:
loop:
- { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
- { name: 'encrypt_key', var: 'yes' }
- { name: 'distinguished_name', var: 'req_dn' }
@ -16,7 +16,7 @@
section: 'req_dn'
option: "{{ item.name }}"
value: "{{ item.var }}"
with_items:
loop:
- { name: 'C', var: "{{ evoacme_ssl_ct }}" }
- { name: 'ST', var: "{{ evoacme_ssl_state }}" }
- { name: 'L', var: "{{ evoacme_ssl_loc }}" }

View File

@ -39,6 +39,6 @@
file:
path: "/usr/local/bin/{{ item }}"
state: absent
with_items:
loop:
- 'make-csr'
- 'evoacme'

View File

@ -14,7 +14,7 @@
marker: "# {mark} {{ item.name }}"
block: |
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
with_items: "{{ evobackup_client__hosts }}"
loop: "{{ evobackup_client__hosts }}"
notify: restart minifirewall
when: evobackup_client__minifirewall.stat.exists
tags:

View File

@ -7,7 +7,7 @@
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present
reload: yes
with_items:
loop:
- { name: kernel.panic_on_oops, value: 1 }
- { name: kernel.panic, value: 60 }
when: evolinux_kernel_reboot_after_panic
@ -18,7 +18,7 @@
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: absent
reload: yes
with_items:
loop:
- kernel.panic_on_oops
- kernel.panic
when: not evolinux_kernel_reboot_after_panic
@ -57,7 +57,7 @@
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present
reload: yes
with_items:
loop:
- { name: "net.ipv4.ipfrag_low_thresh", value: 196608 }
- { name: "net.ipv6.ip6frag_low_thresh", value: 196608 }
- { name: "net.ipv4.ipfrag_high_thresh", value: 262144 }

View File

@ -128,7 +128,7 @@
dest: /etc/apt/listchanges.conf
regexp: '^{{ item.option }}\s*='
line: "{{ item.option }}={{ item.value }}"
with_items:
loop:
- { option: "confirm", value: "1" }
- { option: "which", value: "both" }
when:

View File

@ -45,7 +45,7 @@
dest: /etc/aliases
regexp: "^{{ item }}:.*"
line: "{{ item }}: root"
with_items: "{{ non_root_users_list.stdout_lines }}"
loop: "{{ non_root_users_list.stdout_lines }}"
notify: newaliases
when: evolinux_postfix_users_alias_root
tags:
@ -56,7 +56,7 @@
dest: /etc/aliases
regexp: "^{{ item }}:.*"
line: "{{ item }}: root"
with_items:
loop:
- postmaster
- abuse
- mailer-daemon

View File

@ -5,7 +5,7 @@
sysctl_file: /etc/sysctl.d/evolinux_fce.conf
state: present
reload: yes
with_items:
loop:
- { name: net.ipv4.tcp_keepalive_time, value: 250 }
- { name: net.ipv4.tcp_keepalive_intvl, value: 60 }
- { name: net.ipv6.conf.all.disable_ipv6, value: 1 }

View File

@ -13,7 +13,7 @@
line: "{{ item }}"
create: yes
state: present
with_items:
loop:
- "export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoreboth,erasedups"
- "export HISTSIZE=65535"
- "export HISTTIMEFORMAT=\"%c : \""
@ -79,7 +79,7 @@
line: "{{ item }}"
create: yes
state: present
with_items:
loop:
- "syntax on"
- "set background=dark"
- "set expandtab"

View File

@ -13,7 +13,7 @@
line: "{{ item }}"
create: yes
state: present
with_items:
loop:
- "en_US.UTF-8 UTF-8"
- "fr_FR ISO-8859-1"
- "fr_FR.UTF-8 UTF-8"
@ -112,7 +112,7 @@
dest: /etc/crontab
regexp: "{{ item.regexp }}"
replace: "{{ item.replace }}"
with_items:
loop:
- { regexp: '^17((\s*\*){4})', replace: '{{ 59|random(start=1) }}\1' }
- { regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
- { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }

View File

@ -120,7 +120,7 @@
- name: "Secondary Unix groups are present"
group:
name: "{{ group }}"
with_items: "{{ user.groups }}"
loop: "{{ user.groups }}"
loop_control:
loop_var: group
when:
@ -184,7 +184,7 @@
user: "{{ user.name }}"
key: "{{ ssk_key }}"
state: present
with_items: "{{ user.ssh_keys }}"
loop: "{{ user.ssh_keys }}"
loop_control:
loop_var: ssk_key
when: user.ssh_keys is defined

View File

@ -42,7 +42,7 @@
mode: "{{ item.mode }}"
force: yes
backup: yes
with_items:
loop:
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/', mode: '0700' }
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600' }
tags:

View File

@ -28,7 +28,7 @@
mode: "{{ item.mode }}"
force: yes
backup: yes
with_items:
loop:
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/', mode: '0700' }
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600' }
tags:

View File

@ -12,7 +12,7 @@
dest: /etc/default/minifirewall
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
insertafter: "^# EvoMaintenance"
with_items: "{{ evomaintenance_hosts }}"
loop: "{{ evomaintenance_hosts }}"
notify: "{{ minifirewall_restart_handler_name }}"
when: minifirewall_default_file.stat.exists
tags:

View File

@ -9,7 +9,7 @@
owner: root
group: root
mode: "0755"
with_items:
loop:
- "/etc/fail2ban"
- "/etc/fail2ban/filter.d"
tags:
@ -52,7 +52,7 @@
src: "{{ item }}"
dest: /etc/fail2ban/filter.d/
mode: "0644"
with_items:
loop:
- dovecot-evolix.conf
- sasl-evolix.conf
- wordpress-soft.conf

View File

@ -120,7 +120,7 @@
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
insertafter: "output.elasticsearch:"
with_items:
loop:
- { regexp: '^ #?username: .*', line: ' username: "{{ filebeat_elasticsearch_auth_username }}"' }
- { regexp: '^ #?password: .*', line: ' password: "{{ filebeat_elasticsearch_auth_password }}"' }
notify: restart filebeat

View File

@ -13,7 +13,7 @@
path: "{{ item }}"
state: directory
mode: "0777"
with_items:
loop:
- /srv/java-package
- /srv/java-package/src
- /srv/java-package/tmp

View File

@ -107,7 +107,7 @@
# args:
# creates: "/var/lib/kibana/{{ item }}"
# notify: restart kibana
# with_items:
# loop:
# - optimize
# - data

View File

@ -5,7 +5,7 @@
url: "https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/libvirt/{{ item }}"
dest: "/etc/munin/plugins/"
mode: "0755"
with_items:
loop:
- kvm_cpu
- kvm_io
- kvm_mem

View File

@ -33,7 +33,7 @@
special_time: "hourly"
user: root
job: "rsync -a --delete /etc/libvirt/qemu/ {{ hostvars[item]['ansible_hostname'] }}:/root/libvirt-{{ inventory_hostname }}/"
with_items:
loop:
- "{{ groups['hypervisors'] }}"
when: item != inventory_hostname
@ -44,6 +44,6 @@
special_time: "daily"
user: root
job: "virsh list | ssh {{ hostvars[item]['ansible_hostname'] }} 'cat >/root/libvirt-{{ inventory_hostname }}/virsh-list.txt'"
with_items:
loop:
- "{{ groups['hypervisors'] }}"
when: item != inventory_hostname

View File

@ -47,7 +47,7 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0640"
with_items:
loop:
- { option: 'hostname', value: '127.0.0.1' }
- { option: 'base', value: "{{ ldap_suffix }}" }
- { option: 'bind', value: "cn=nagios,ou=ldapusers,{{ ldap_suffix }}" }
@ -66,7 +66,7 @@
# and set the variable
- name: overwrite ldap_nagios_password (from file)
set_fact:
ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/etc/nagios/monitoring-plugins.ini') }}"
ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/monitoring-plugins.ini') }}"
- name: hash password for cn=nagios
command: "slappasswd -s {{ ldap_nagios_password }}"

View File

@ -11,7 +11,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

View File

@ -11,7 +11,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

View File

@ -11,7 +11,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

View File

@ -12,7 +12,7 @@
state: present
create: yes
mode: "0644"
with_items:
loop:
- "deb https://packages.sury.org/php/ buster main"
- "deb http://pub.evolix.net/ buster-php74/"
@ -44,7 +44,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

View File

@ -8,9 +8,9 @@
path: "/var/lib/lxc/{{ item.name }}/rootfs"
state: directory
mode: '0755'
with_items:
loop:
- "{{ lxc_containers }}"
- include: "solr.yml name={{item.name}} solr_version={{item.solr_version}} solr_port={{item.solr_port}}"
with_items:
loop:
- "{{ lxc_containers }}"

View File

@ -26,7 +26,7 @@
src: '/usr/share/munin/plugins/memcached_'
dest: /etc/munin/plugins/{{ multi }}{{ item }}
state: link
with_items:
loop:
- memcached_bytes
- memcached_counters
- memcached_rates

View File

@ -78,7 +78,7 @@
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
insertafter: "output.elasticsearch:"
with_items:
loop:
- { regexp: '^ #?username: .*', line: ' username: "{{ metricbeat_elasticsearch_auth_username }}"' }
- { regexp: '^ #?password: .*', line: ' password: "{{ metricbeat_elasticsearch_auth_password }}"' }
notify: restart metricbeat

View File

@ -184,7 +184,7 @@
dest: "{{ minifirewall_main_file }}"
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
insertafter: "^# EvoMaintenance"
with_items: "{{ evomaintenance_hosts }}"
loop: "{{ evomaintenance_hosts }}"
- name: remove minifirewall example rule for the evomaintenance
lineinfile:

View File

@ -57,7 +57,7 @@
src: "munin/{{ item }}"
dest: '/usr/local/share/munin/plugins/{{ item }}'
force: yes
with_items:
loop:
- mongo_btree
- mongo_collections
- mongo_conn
@ -73,7 +73,7 @@
src: '/usr/local/share/munin/plugins/{{ item }}'
dest: /etc/munin/plugins/{{ item }}
state: link
with_items:
loop:
- mongo_btree
- mongo_collections
- mongo_conn

View File

@ -35,7 +35,7 @@
file:
path: '/etc/munin/plugins/{{ item }}'
state: absent
with_items:
loop:
- http_loadtime
- exim_mailqueue
- exim_mailstats
@ -52,7 +52,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- meminfo
- netstat_multi
- tcp

View File

@ -22,7 +22,7 @@
src: '/usr/share/munin/plugins/{{ item }}'
dest: /etc/munin/plugins/{{ item }}
state: link
with_items:
loop:
- mysql_bytes
- mysql_queries
- mysql_slowqueries
@ -34,7 +34,7 @@
src: /usr/share/munin/plugins/mysql_
dest: '/etc/munin/plugins/mysql_{{ item }}'
state: link
with_items:
loop:
- commands
- connections
- files_tables

View File

@ -44,7 +44,7 @@
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
loop:
- { option: 'user', value: 'nrpe' }
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
when: create_nrpe_user.changed

View File

@ -36,7 +36,7 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user is changed

View File

@ -22,7 +22,7 @@
src: '/usr/share/munin/plugins/{{ item }}'
dest: /etc/munin/plugins/{{ item }}
state: link
with_items:
loop:
- mysql_bytes
- mysql_queries
- mysql_slowqueries
@ -34,7 +34,7 @@
src: /usr/share/munin/plugins/mysql_
dest: '/etc/munin/plugins/mysql_{{ item }}'
state: link
with_items:
loop:
- commands
- connections
- files_tables

View File

@ -44,7 +44,7 @@
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
loop:
- { option: 'user', value: 'nrpe' }
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
when: create_nrpe_user.changed

View File

@ -42,7 +42,7 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user.changed

View File

@ -37,7 +37,7 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user.changed

View File

@ -12,7 +12,7 @@
dest: /etc/resolv.conf
line: "nameserver {{ item }}"
state: present
with_items: "{{ nameservers }}"
loop: "{{ nameservers }}"
tags:
- nameserver
@ -21,7 +21,7 @@
dest: /etc/resolv.conf
line: "nameserver {{ item }}"
state: absent
with_items: "{{ grep_nameserver.stdout_lines }}"
loop: "{{ grep_nameserver.stdout_lines }}"
when: item not in nameservers
tags:
- nameserver

View File

@ -27,14 +27,14 @@
dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_aws'
line: 'newrelic.daemon.utilization.detect_aws = false'
with_items: "{{ find_newrelic_ini.stdout_lines }}"
loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Disable Docker detection
lineinfile:
dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_docker'
line: 'newrelic.daemon.utilization.detect_docker = false'
with_items: "{{ find_newrelic_ini.stdout_lines }}"
loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Install package for PHP
apt:

View File

@ -5,7 +5,7 @@
dest: /etc/nginx/snippets/ipaddr_whitelist
line: "allow {{ item }};"
state: present
with_items: "{{ nginx_ipaddr_whitelist_present }}"
loop: "{{ nginx_ipaddr_whitelist_present }}"
notify: reload nginx
tags:
- nginx
@ -16,7 +16,7 @@
dest: /etc/nginx/snippets/ipaddr_whitelist
line: "allow {{ item }};"
state: absent
with_items: "{{ nginx_ipaddr_whitelist_absent }}"
loop: "{{ nginx_ipaddr_whitelist_absent }}"
notify: reload nginx
tags:
- nginx

View File

@ -80,7 +80,7 @@
dest: /etc/nginx/snippets/private_htpasswd
line: "{{ item }}"
state: present
with_items: "{{ nginx_private_htpasswd_present }}"
loop: "{{ nginx_private_htpasswd_present }}"
notify: reload nginx
tags:
- nginx
@ -90,7 +90,7 @@
dest: /etc/nginx/snippets/private_htpasswd
line: "{{ item }}"
state: absent
with_items: "{{ nginx_private_htpasswd_absent }}"
loop: "{{ nginx_private_htpasswd_absent }}"
notify: reload nginx
tags:
- nginx

View File

@ -12,7 +12,7 @@
src: '/usr/share/munin/plugins/{{ item }}'
dest: '/etc/munin/plugins/{{ item }}'
state: link
with_items:
loop:
- nginx_request
- nginx_status
notify: restart munin

View File

@ -38,7 +38,7 @@
owner: opendkim
group: opendkim
mode: "0640"
with_items:
loop:
- 'KeyTable'
- 'SigningTable'
changed_when: False

View File

@ -28,7 +28,7 @@
apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- ssl
- include
- negotiation
@ -56,6 +56,6 @@
command: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
with_items:
loop:
- evolinux-evasive
- evolinux-modsec

View File

@ -5,7 +5,7 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /
- /etc
- /usr
@ -29,7 +29,7 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /var/log/apt
- /var/lib/dpkg
- /var/log/munin
@ -51,7 +51,7 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /bin/ping
- /bin/ping6
- /usr/bin/fping
@ -63,6 +63,6 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /var/log/evolix.log
- /etc/warnquota.conf

View File

@ -41,7 +41,7 @@
path: "/etc/skel/{{ item.path }}"
state: "{{ item.state }}"
mode: "{{ item.mode }}"
with_items:
loop:
- { path: log, mode: "0750", state: directory }
- { path: awstats, mode: "0750", state: directory }
- { path: www, mode: "0750", state: directory }
@ -50,7 +50,7 @@
command: "touch /etc/skel/log/{{ item }}"
args:
creates: "/etc/skel/log/{{ item }}"
with_items:
loop:
- access.log
- error.log
@ -58,7 +58,7 @@
file:
dest: "/etc/skel/log/{{ item }}"
mode: "0644"
with_items:
loop:
- access.log
- error.log
@ -85,7 +85,6 @@
- include: apache.yml
- include: phpmyadmin.yml
when: ansible_distribution_release != "buster"
- include: awstats.yml

View File

@ -8,7 +8,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "short_open_tag", value: "Off" }
- { option: "expose_php", value: "Off" }
- { option: "display_errors", value: "Off" }
@ -42,6 +42,6 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
with_items:
loop:
- { option: "date.timezone", value: "Europe/Paris" }
when: php_symfony_requirements

View File

@ -7,7 +7,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "display_errors", value: "On" }
- { option: "allow_url_fopen", value: "On" }
- { option: "disable_functions", value: "" }
@ -33,6 +33,6 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
with_items:
loop:
- { option: "date.timezone", value: "Europe/Paris" }
when: php_symfony_requirements

View File

@ -8,7 +8,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "short_open_tag", value: "Off" }
- { option: "expose_php", value: "Off" }
- { option: "display_errors", value: "Off" }
@ -43,7 +43,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "user", value: "www-data" }
- { option: "group", value: "www-data" }
- { option: "listen", value: "{{ php_fpm_default_pool_socket }}" }
@ -76,7 +76,7 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
with_items:
loop:
- { option: "date.timezone", value: "Europe/Paris" }
notify: "restart {{ php_fpm_service_name }}"
when: php_symfony_requirements

View File

@ -65,7 +65,7 @@
file:
dest: "{{ item }}"
mode: "0755"
with_items:
loop:
- /etc/php
- /etc/php/7.3

View File

@ -65,7 +65,7 @@
file:
dest: "{{ item }}"
mode: "0755"
with_items:
loop:
- /etc/php
- /etc/php/7.0

View File

@ -6,7 +6,7 @@
dest: "{{ item.dest }}"
force: yes
state: link
with_items:
loop:
- { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini" }
- { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini" }
@ -21,7 +21,7 @@
dest: "{{ item.dest }}"
force: yes
state: link
with_items:
loop:
- { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini" }
- { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini" }
when: php_apache_enable
@ -38,7 +38,7 @@
dest: "{{ item.dest }}"
force: yes
state: link
with_items:
loop:
- { src: "{{ php_fpm_defaults_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini" }
- { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini" }
- { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/z-evolinux-defaults.conf" }

View File

@ -14,7 +14,7 @@
line: '{{ item }}'
state: present
create: no
with_items:
loop:
- "postfix/sa-blacklist.access"
- "postfix/*.db"
tags:

View File

@ -37,7 +37,7 @@
src: filter
dest: "/etc/postfix/{{ item }}"
force: no
with_items:
loop:
- virtual
- client.access
- client.access_local
@ -55,7 +55,7 @@
- name: postmap filter files
command: "postmap /etc/postfix/{{ item }}"
with_items:
loop:
- virtual
- client.access
- client.access_local
@ -76,7 +76,7 @@
src: "{{ item }}.j2"
dest: "/etc/postfix/{{ item }}"
mode: "0644"
with_items:
loop:
- virtual_aliases.cf
- virtual_domains.cf
- virtual_mailboxes.cf

View File

@ -13,7 +13,7 @@
dest: /etc/postfix/transport
line: "{{ item }}"
create: yes
with_items:
loop:
- "orange.fr slow:"
- "wanadoo.fr slow:"
- "voila.fr slow:"

View File

@ -6,7 +6,7 @@
locale_gen:
name: "{{ item }}"
state: present
with_items:
loop:
- "fr_FR.UTF-8"
become: yes
notify: reconfigure locales

View File

@ -14,7 +14,7 @@
state: link
src: '/usr/share/munin/plugins/{{item}}'
dest: '/etc/munin/plugins/{{item}}'
with_items:
loop:
- postgres_bgwriter
- postgres_checkpoints
- postgres_connections_db

View File

@ -11,7 +11,7 @@
- name: Install postgresql package
apt:
name: '{{item}}'
with_items:
loop:
- "postgresql-{{postgresql_version}}"
- ptop
- libdbd-pg-perl

View File

@ -15,7 +15,7 @@
create: yes
state: present
changed_when: false
with_items:
loop:
- "en_US.UTF-8 UTF-8"
- "fr_FR ISO-8859-1"
- "fr_FR.UTF-8 UTF-8"

View File

@ -1,14 +1,14 @@
---
- include: accounts_password.yml
when: item.password is undefined
with_items: "{{ proftpd_accounts }}"
loop: "{{ proftpd_accounts }}"
tags:
- proftpd
- set_fact:
proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}"
when: item.password is defined
with_items: "{{ proftpd_accounts }}"
loop: "{{ proftpd_accounts }}"
tags:
- proftpd
@ -20,7 +20,7 @@
mode: "0440"
line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false"
regexp: "^{{ item.name }}:.*"
with_items: "{{ proftpd_accounts_final }}"
loop: "{{ proftpd_accounts_final }}"
notify: restart proftpd
tags:
- proftpd
@ -31,7 +31,7 @@
state: present
line: "\tAllowUser {{ item.name }}"
insertbefore: "DenyAll"
with_items: "{{ proftpd_accounts_final }}"
loop: "{{ proftpd_accounts_final }}"
notify: restart proftpd
when: proftpd_ftp_enable
tags:
@ -43,7 +43,7 @@
state: present
line: "\tAllowUser {{ item.name }}"
insertbefore: "DenyAll"
with_items: "{{ proftpd_accounts_final }}"
loop: "{{ proftpd_accounts_final }}"
notify: restart proftpd
when: proftpd_ftps_enable
tags:
@ -55,7 +55,7 @@
state: present
line: "\tAllowUser {{ item.name }}"
insertbefore: "DenyAll"
with_items: "{{ proftpd_accounts_final }}"
loop: "{{ proftpd_accounts_final }}"
notify: restart proftpd
when: proftpd_sftp_enable
tags:

View File

@ -46,7 +46,7 @@
owner: '{{ username }}'
group: '{{ username }}'
create: yes
with_items: '{{ rbenv_default_gems }}'
loop: '{{ rbenv_default_gems }}'
become_user: "{{ username }}"
become: yes
tags:
@ -68,7 +68,7 @@
version: '{{ item.version }}'
accept_hostkey: yes
force: yes
with_items:
loop:
- "{{ rbenv_plugins }}"
become_user: "{{ username }}"
become: yes

View File

@ -41,7 +41,7 @@
src: /usr/local/share/munin/plugins/redis_
dest: "/etc/munin/plugins/redis_{{item}}"
state: link
with_items:
loop:
- connected_clients
- key_ratio
- keys_per_sec

View File

@ -41,7 +41,7 @@
src: /usr/local/share/munin/plugins/redis_
dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{item}}"
state: link
with_items:
loop:
- connected_clients
- key_ratio
- keys_per_sec

View File

@ -44,7 +44,7 @@
group: "root"
follow: yes
state: directory
with_items:
loop:
- "{{ redis_conf_dir }}/redis-server.pre-up.d"
- "{{ redis_conf_dir }}/redis-server.post-up.d"
- "{{ redis_conf_dir }}/redis-server.pre-down.d"
@ -59,7 +59,7 @@
command: "cp -a /etc/redis/{{ item }}/00_example {{ redis_conf_dir }}/{{ item }}"
args:
creates: "{{ redis_conf_dir }}/{{ item }}/00_example"
with_items:
loop:
- "redis-server.pre-up.d"
- "redis-server.post-up.d"
- "redis-server.pre-down.d"
@ -78,7 +78,7 @@
group: "redis-{{ redis_instance_name }}"
follow: yes
state: directory
with_items:
loop:
- "{{ redis_pid_dir }}"
- "{{ redis_socket_dir }}"
tags:
@ -92,7 +92,7 @@
group: "redis-{{ redis_instance_name }}"
follow: yes
state: directory
with_items:
loop:
- "{{ redis_data_dir }}"
- "{{ redis_log_dir }}"
tags:

View File

@ -6,7 +6,7 @@
mode: "0750"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
with_items:
loop:
- ".config"
- ".config/systemd"
- ".config/systemd/user"
@ -50,7 +50,7 @@
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0640"
with_items:
loop:
- 'configuration.yml'
- 'database.yml'
- 'additional_environment.rb'

View File

@ -42,7 +42,7 @@
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
loop:
- { option: 'host', value: "{{ redmine_db_host }}" }
- { option: 'user', value: "{{ redmine_db_username }}" }
- { option: 'database', value: "{{ redmine_db_name }}" }

View File

@ -6,7 +6,7 @@
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
with_items:
loop:
- "releases"
- "releases/{{ redmine_version }}"
tags:
@ -30,7 +30,7 @@
dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/config/{{ item }}"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
with_items:
loop:
- 'configuration.yml'
- 'database.yml'
- 'additional_environment.rb'
@ -46,7 +46,7 @@
group: "{{ redmine_user }}"
mode: "0750"
when: item.zip is defined
with_items: "{{ redmine_plugins }}"
loop: "{{ redmine_plugins }}"
tags:
- redmine
@ -58,7 +58,7 @@
umask: "027"
become_user: "{{ redmine_user }}"
when: item.git is defined
with_items: "{{ redmine_plugins }}"
loop: "{{ redmine_plugins }}"
tags:
- redmine
@ -71,7 +71,7 @@
group: "{{ redmine_user }}"
mode: "0750"
when: item.zip is defined
with_items: "{{ redmine_themes }}"
loop: "{{ redmine_themes }}"
tags:
- redmine
@ -83,7 +83,7 @@
umask: "027"
become_user: "{{ redmine_user }}"
when: item.git is defined
with_items: "{{ redmine_themes }}"
loop: "{{ redmine_themes }}"
tags:
- redmine

View File

@ -33,7 +33,7 @@
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
with_items:
loop:
- "/home/{{ redmine_user }}"
- "/home/{{ redmine_user }}/files"
tags:

View File

@ -119,7 +119,7 @@
dest: /etc/squid3/whitelist.conf
line: "{{ item }}"
state: present
with_items: '{{ squid_whitelist_items }}'
loop: '{{ squid_whitelist_items }}'
notify: "reload squid3"
when: ansible_distribution_major_version == '8'
@ -129,7 +129,7 @@
dest: /etc/squid/evolinux-whitelist-custom.conf
line: "{{ item }}"
state: present
with_items: '{{ squid_whitelist_items }}'
loop: '{{ squid_whitelist_items }}'
notify: "reload squid"
when: ansible_distribution_major_version is version('9', '>=')

View File

@ -27,7 +27,7 @@
regexp: "^#? *{{ item }}"
line: "{{ item }}"
insertafter: "^# Proxy"
with_items:
loop:
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT"
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT"
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT"

View File

@ -6,7 +6,7 @@
mode: "u=rwx,g=rwxs,o="
owner: "{{ tomcat_instance_name }}"
group: "{{ tomcat_instance_name }}"
with_items:
loop:
- 'conf'
- 'logs'
- 'webapps'

View File

@ -10,7 +10,7 @@
file:
path: "{{ item }}"
state: absent
with_items:
loop:
- /etc/default/varnish
- /etc/default/varnishncsa
- /etc/default/varnishlog

View File

@ -35,7 +35,7 @@
src: /usr/local/share/munin/plugins/varnish4_
dest: "/etc/munin/plugins/varnish4_{{item}}"
state: link
with_items:
loop:
- backend_traffic
- bad
- expunge

View File

@ -18,7 +18,7 @@
value: "{{ item.value }}"
sysctl_set: yes
state: present
with_items:
loop:
- { name: 'net.ipv4.conf.default.rp_filter', value: 0 }
- { name: 'net.ipv4.conf.eth0.rp_filter', value: 0 }
- { name: 'net.ipv4.conf.all.rp_filter', value: 0 }

View File

@ -19,7 +19,7 @@
apt:
deb: '{{ item }}'
state: present
with_items:
loop:
- 'http://mirror.evolix.org/debian/pool/main/p/php-log/php-log_1.12.9-2_all.deb'
when: ansible_distribution_major_version is version('10', '>=')

View File

@ -37,7 +37,7 @@
line: "{{ item.line }}"
regexp: "{{ item.regexp }}"
state: present
with_items:
loop:
- line: 'evoadmin: root'
regexp: '^evoadmin:'
- line: 'www-evoadmin: root'

View File

@ -54,7 +54,7 @@
section: client
option: "{{ item.option }}"
value: "{{ item.value }}"
with_items:
loop:
- { option: "user", value: "{{ nextcloud_db_user }}" }
- { option: "database", value: "{{ nextcloud_db_name }}" }
- { option: "password", value: "{{ nextcloud_db_pass }}" }

View File

@ -30,7 +30,7 @@
mode: "0770"
owner: "{{ nextcloud_user }}"
group: "{{ nextcloud_user }}"
with_items:
loop:
- "{{ nextcloud_home }}/log"
- "{{ nextcloud_home }}/tmp"
- "{{ nextcloud_home }}/data"

View File

@ -5,7 +5,7 @@
question: "{{ item.key }}"
value: "{{ item.value }}"
vtype: "{{ item.type }}"
with_items:
loop:
- { key: 'roundcube/database-type', type: 'select', value: 'sqlite3' }
- { key: 'roundcube/db/basepath', type: 'string', value: '/var/lib/roundcube/' }
tags:

View File

@ -66,17 +66,17 @@
- name: Install default plugin
shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} || {{ wordpress_wpcli }} plugin install {{ item }}'
changed_when: false
with_items: "{{ wordpress_plugins }}"
loop: "{{ wordpress_plugins }}"
- name: Update default plugins
shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin update {{ item }}'
changed_when: false
with_items: "{{ wordpress_plugins }}"
loop: "{{ wordpress_plugins }}"
- name: Activate default plugins
shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin activate {{ item }}'
changed_when: false
with_items: "{{ wordpress_plugins }}"
loop: "{{ wordpress_plugins }}"
- name: Send a summary mail
mail: