diff --git a/prerequisite.yml b/prerequisite.yml index 64b4549..c2fcfbe 100644 --- a/prerequisite.yml +++ b/prerequisite.yml @@ -3,10 +3,10 @@ --- - hosts: all - become: yes + become: true become_method: su user: root - gather_facts: no + gather_facts: false tasks: diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml index 0748c9f..b2173a8 100644 --- a/roles/base/defaults/main.yml +++ b/roles/base/defaults/main.yml @@ -1,6 +1,6 @@ --- ntpd_servers: -- "ntp.evolix.net" + - "ntp.evolix.net" general_alert_email: "root@localhost" general_technical_realm: "example.com" @@ -8,23 +8,23 @@ general_technical_realm: "example.com" evomaintenance_realm: "example.com" evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}" -evomaintenance_pg_host: Null -evomaintenance_pg_passwd: Null -evomaintenance_pg_db: Null -evomaintenance_pg_table: Null +evomaintenance_pg_host: null +evomaintenance_pg_passwd: null +evomaintenance_pg_db: null +evomaintenance_pg_table: null evomaintenance_from_domain: "{{ evomaintenance_realm }}" evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}" evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>" evomaintenance_urgency_from: mama.doe@example.com evomaintenance_urgency_tel: "06.00.00.00.00" -evomaintenance_install_vendor: False -evomaintenance_force_config: True -evomaintenance_api_endpoint: Null -evomaintenance_api_key: Null -evomaintenance_hook_api: True -evomaintenance_hook_db: False -evomaintenance_hook_commit: True -evomaintenance_hook_mail: True +evomaintenance_install_vendor: false +evomaintenance_force_config: true +evomaintenance_api_endpoint: null +evomaintenance_api_key: null +evomaintenance_hook_api: true +evomaintenance_hook_db: false +evomaintenance_hook_commit: true +evomaintenance_hook_mail: true evomaintenance_default_hosts: [] evomaintenance_additional_hosts: [] evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}" diff --git a/roles/base/tasks/doas.yml b/roles/base/tasks/doas.yml index 9c866a5..538b1af 100644 --- a/roles/base/tasks/doas.yml +++ b/roles/base/tasks/doas.yml @@ -6,8 +6,6 @@ owner: root group: wheel mode: "0640" - backup: no + backup: false tags: - - doas - - + - doas diff --git a/roles/base/tasks/dotfiles.yml b/roles/base/tasks/dotfiles.yml index a132e03..f8598df 100644 --- a/roles/base/tasks/dotfiles.yml +++ b/roles/base/tasks/dotfiles.yml @@ -39,10 +39,10 @@ dest: /etc/skel/.profile insertafter: EOF line: 'trap "doas /usr/share/scripts/evomaintenance.sh" 0' - create: yes + create: true tags: - - admin - - dotfiles + - admin + - dotfiles - name: Add vim configuration to dotfiles for new users copy: diff --git a/roles/base/tasks/evobackup.yml b/roles/base/tasks/evobackup.yml index ba5a24a..6ec8db5 100644 --- a/roles/base/tasks/evobackup.yml +++ b/roles/base/tasks/evobackup.yml @@ -6,7 +6,7 @@ owner: root group: wheel mode: "0755" - force: no + force: false tags: - evobackup @@ -16,6 +16,6 @@ line: '#sh /usr/share/scripts/zzz_evobackup' owner: root mode: "0644" - create: yes + create: true tags: - evobackup diff --git a/roles/base/tasks/evomaintenance.yml b/roles/base/tasks/evomaintenance.yml index f1d1c18..e963256 100644 --- a/roles/base/tasks/evomaintenance.yml +++ b/roles/base/tasks/evomaintenance.yml @@ -12,8 +12,8 @@ - name: Copy evomaintenance script and template copy: src={{ item.src }} dest={{ item.dest }} owner=root group=wheel mode="0755" with_items: - - { src: 'evomaintenance.sh', dest: '/usr/share/scripts/' } - - { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/' } + - {src: 'evomaintenance.sh', dest: '/usr/share/scripts/'} + - {src: 'evomaintenance.tpl', dest: '/usr/share/scripts/'} tags: - evomaintenance - script-evomaintenance @@ -25,6 +25,6 @@ owner: root group: wheel mode: "0600" - backup: no + backup: false tags: - evomaintenance diff --git a/roles/base/tasks/mail.yml b/roles/base/tasks/mail.yml index 321d837..dae151c 100644 --- a/roles/base/tasks/mail.yml +++ b/roles/base/tasks/mail.yml @@ -3,7 +3,7 @@ lineinfile: path: /etc/rc.local line: 'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}' - create: yes + create: true tags: - misc @@ -12,7 +12,7 @@ dest: /etc/mail/aliases regexp: "# root:" replace: "root: {{ general_alert_email }}" - backup: no + backup: false notify: - newaliases tags: diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml index 695ffe1..4decaee 100644 --- a/roles/base/tasks/packages.yml +++ b/roles/base/tasks/packages.yml @@ -10,20 +10,20 @@ - name: Install packages (vim rsync mtr etc) openbsd_pkg: name: - - wget - - vim--no_x11 - - rsync-- - - mtr-- - - iftop - - sudo-- - - postgresql-client + - wget + - vim--no_x11 + - rsync-- + - mtr-- + - iftop + - sudo-- + - postgresql-client tags: - pkg - name: Disable sndiod service: name: sndiod - enabled: no + enabled: false state: stopped tags: - pkg diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml index 8ba489e..0d0467d 100644 --- a/roles/base/tasks/sudo.yml +++ b/roles/base/tasks/sudo.yml @@ -4,11 +4,11 @@ lineinfile: dest: /etc/sudoers insertafter: '# and set environment variables.' - line: '%wheel ALL=(ALL) SETENV: ALL' + line: '%wheel ALL=(ALL) SETENV: ALL' validate: 'visudo -cf %s' - backup: no + backup: false tags: - - sudo + - sudo - name: Configure sudoers for evomaintenance and monitoring blockinfile: @@ -19,8 +19,6 @@ Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh %wheel ALL=NOPASSWD: MAINT validate: 'visudo -cf %s' - backup: no + backup: false tags: - - sudo - - + - sudo diff --git a/roles/bgp/tasks/main.yml b/roles/bgp/tasks/main.yml index b67ab8f..c08f47a 100644 --- a/roles/bgp/tasks/main.yml +++ b/roles/bgp/tasks/main.yml @@ -5,7 +5,7 @@ dest: /usr/share/scripts/bgpd-check-peers.sh when: group_names | select('search','bgp') | list | count > 0 tags: - - bgp + - bgp - name: Cron job for bgp check script is installed cron: @@ -15,13 +15,13 @@ tags: - bgp -- name: Create bgp log directory +- name: Create bgp log directory file: path: /var/log/bgp state: directory when: group_names | select('search','bgp') | list | count > 0 tags: - - bgp + - bgp - name: weekly best routes cron job is installed cron: diff --git a/roles/etc-git/defaults/main.yml b/roles/etc-git/defaults/main.yml index 8a822ab..f160858 100644 --- a/roles/etc-git/defaults/main.yml +++ b/roles/etc-git/defaults/main.yml @@ -1,4 +1,4 @@ --- commit_message: Ansible run -etc_git_monitor_status: True +etc_git_monitor_status: true diff --git a/roles/etc-git/tasks/commit.yml b/roles/etc-git/tasks/commit.yml index e4166e7..a816d81 100644 --- a/roles/etc-git/tasks/commit.yml +++ b/roles/etc-git/tasks/commit.yml @@ -3,20 +3,20 @@ command: git status --porcelain args: chdir: /etc - changed_when: False + changed_when: false register: git_status when: not ansible_check_mode - ignore_errors: yes + ignore_errors: true tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - debug: var: git_status verbosity: 3 tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - name: fetch current Git user.email git_config: @@ -24,18 +24,18 @@ repo: /etc scope: local register: git_config_user_email - ignore_errors: yes + ignore_errors: true tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - name: set commit author set_fact: commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}' - commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' + commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - name: /etc modifications are committed shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\"" @@ -43,14 +43,14 @@ chdir: /etc register: etc_commit_end_run when: not ansible_check_mode and git_status.stdout != "" - ignore_errors: yes + ignore_errors: true tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - debug: var: etc_commit_end_run verbosity: 4 tags: - - etc-git - - commit-etc + - etc-git + - commit-etc diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml index e81c2f5..e4c01e2 100644 --- a/roles/etc-git/tasks/main.yml +++ b/roles/etc-git/tasks/main.yml @@ -12,7 +12,7 @@ args: chdir: /etc creates: /etc/.git/ - warn: no + warn: false register: git_init tags: - etc-git @@ -48,11 +48,11 @@ command: "git log" args: chdir: /etc - warn: no - changed_when: False - failed_when: False + warn: false + changed_when: false + failed_when: false register: git_log - check_mode: no + check_mode: false tags: - etc-git @@ -60,7 +60,7 @@ shell: "git add -A . && git commit -m \"Initial commit via Ansible\"" args: chdir: /etc - warn: no + warn: false register: git_commit when: git_log.rc != 0 or (git_init is defined and git_init.changed) tags: @@ -72,7 +72,7 @@ line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet' owner: root mode: "0644" - create: yes + create: true tags: - etc-git @@ -82,7 +82,7 @@ line: "{{ item }}" owner: root mode: "0644" - create: yes + create: true when: etc_git_monitor_status tags: - etc-git diff --git a/roles/evocheck/tasks/exec.yml b/roles/evocheck/tasks/exec.yml index 244d034..d7f9ac6 100644 --- a/roles/evocheck/tasks/exec.yml +++ b/roles/evocheck/tasks/exec.yml @@ -2,9 +2,9 @@ - name: run evocheck command: "{{ evocheck_bin_dir }}/evocheck.sh" register: evocheck_run - changed_when: False - failed_when: False - check_mode: no + changed_when: false + failed_when: false + check_mode: false tags: - evocheck-exec @@ -12,4 +12,4 @@ var: evocheck_run.stdout_lines when: evocheck_run.stdout != "" tags: - - evocheck-exec + - evocheck-exec diff --git a/roles/evocheck/tasks/install.yml b/roles/evocheck/tasks/install.yml index 915bc98..6b88c17 100644 --- a/roles/evocheck/tasks/install.yml +++ b/roles/evocheck/tasks/install.yml @@ -15,7 +15,7 @@ dest: "{{ evocheck_bin_dir }}/evocheck.sh" mode: "0700" owner: root - force: yes + force: true tags: - evocheck @@ -23,7 +23,7 @@ copy: src: evocheck.cf dest: /etc/evocheck.cf - force: no + force: false tags: - evocheck @@ -33,6 +33,6 @@ line: 'sh /usr/share/scripts/evocheck.sh --verbose --cron' owner: root mode: "0644" - create: yes + create: true tags: - evocheck diff --git a/roles/forwarding/tasks/main.yml b/roles/forwarding/tasks/main.yml index d424c35..f97c4af 100644 --- a/roles/forwarding/tasks/main.yml +++ b/roles/forwarding/tasks/main.yml @@ -4,7 +4,7 @@ name: net.inet.ip.forwarding value: 1 state: present - reload: yes + reload: true tags: - net @@ -13,6 +13,6 @@ name: net.inet6.ip6.forwarding value: 1 state: present - reload: yes + reload: true tags: - net diff --git a/roles/nagios-nrpe/tasks/main.yml b/roles/nagios-nrpe/tasks/main.yml index 270de2f..2b4abd0 100644 --- a/roles/nagios-nrpe/tasks/main.yml +++ b/roles/nagios-nrpe/tasks/main.yml @@ -54,5 +54,5 @@ - name: Starting and enabling nrpe service: name: nrpe - enabled: yes + enabled: true state: started diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 79299c4..05e7b83 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -3,7 +3,7 @@ openbsd_pkg: name: "openvpn--" tags: - - openvpn + - openvpn - name: Create /etc/openvpn directory file: @@ -13,59 +13,58 @@ group: "wheel" mode: "0755" tags: - - openvpn + - openvpn - name: Deploy OpenVPN configuration - template: - src: "server.conf.j2" + template: + src: "server.conf.j2" dest: "/etc/openvpn/server.conf" - mode: "0600" + mode: "0600" notify: restart openvpn tags: - - openvpn + - openvpn - name: Enabling OpenVPN service: name: openvpn - enabled: yes + enabled: true tags: - - openvpn + - openvpn - name: Set OpenVPN flag shell: 'rcctl set openvpn flags "--config /etc/openvpn/server.conf"' tags: - - openvpn + - openvpn - name: Create shellpki user user: name: "_shellpki" - system: yes - state: present - system: yes + system: true + state: present home: "/etc/shellpki/" shell: "/sbin/nologin" tags: - - openvpn + - openvpn - name: Copy some shellpki files - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root group: wheel mode: "{{ item.mode }}" - force: yes + force: true with_items: - - { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' } - - { src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755' } + - {src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640'} + - {src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755'} tags: - openvpn - name: Deploy DH PARAMETERS - template: - src: "dh2048.pem.j2" + template: + src: "dh2048.pem.j2" dest: "/etc/shellpki/dh2048.pem" - mode: "0600" + mode: "0600" tags: - openvpn @@ -77,7 +76,7 @@ group: "wheel" mode: "0755" tags: - - openvpn + - openvpn - name: Include /etc/sudoers.d in sudoers configuration file lineinfile: @@ -91,20 +90,20 @@ src: "sudo_shellpki" dest: "/etc/sudoers.d/shellpki" force: true - mode: "0440" + mode: "0440" validate: '/usr/local/sbin/visudo -cf %s' tags: - - openvpn + - openvpn - name: Copy check_openvpn - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root group: wheel mode: "{{ item.mode }}" - force: yes + force: true with_items: - - { src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755' } + - {src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755'} tags: - openvpn diff --git a/roles/ospf/tasks/main.yml b/roles/ospf/tasks/main.yml index aa04759..d1b28be 100644 --- a/roles/ospf/tasks/main.yml +++ b/roles/ospf/tasks/main.yml @@ -8,7 +8,7 @@ - "ospf6d-check-peers.sh" when: group_names | select('search','ospf') | list | count > 0 tags: - - ospf + - ospf - name: Cron job for ospf check scripts is installed cron: diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml index 30aef63..8df8414 100644 --- a/roles/pf/tasks/main.yml +++ b/roles/pf/tasks/main.yml @@ -4,4 +4,4 @@ src: pf.conf.j2 dest: /etc/pf.conf mode: "0600" - backup: yes + backup: true diff --git a/tasks/commit_etc_git.yml b/tasks/commit_etc_git.yml index 8420431..bb8d5dd 100644 --- a/tasks/commit_etc_git.yml +++ b/tasks/commit_etc_git.yml @@ -3,10 +3,10 @@ command: git status --porcelain args: chdir: /etc - changed_when: False + changed_when: false register: git_status when: not ansible_check_mode - ignore_errors: yes + ignore_errors: true tags: - commit-etc @@ -16,6 +16,6 @@ chdir: /etc register: etc_commit_end_evolinux when: not ansible_check_mode and git_status.stdout != "" - ignore_errors: yes + ignore_errors: true tags: - commit-etc