Use 'loop' syntax instead of 'with_items'

This commit is contained in:
Jérémy Lecour 2021-05-04 14:18:40 +02:00 committed by Jérémy Lecour
parent debc4a82ca
commit 5138065059
93 changed files with 154 additions and 155 deletions

View file

@ -19,7 +19,7 @@ The **patch** part changes incrementally at each release.
### Changed
* Use 'loop' syntax instead of 'with_first_found'
* Use 'loop' syntax instead of 'with_first_found/with_items'
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
* evolinux-base: copy GPG key instead of using apt-key
* ntpd: Add leapfile configuration setting to ntpd on debian 10+

View file

@ -21,11 +21,11 @@
groupname: launched-instances
ansible_user: admin
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
with_items: "{{ec2.instances}}"
loop: "{{ec2.instances}}"
- debug:
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
with_items: "{{ec2.instances}}"
loop: "{{ec2.instances}}"
- name: Wait for SSH to come up on all instances (give up after 2m)
wait_for:
@ -33,4 +33,4 @@
host: "{{item.public_dns_name}}"
port: 22
timeout: 120
with_items: "{{ec2.instances}}"
loop: "{{ec2.instances}}"

View file

@ -40,7 +40,7 @@
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: present
with_items: "{{ apache_private_htpasswd_present }}"
loop: "{{ apache_private_htpasswd_present }}"
notify: reload apache
tags:
- apache
@ -50,7 +50,7 @@
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: absent
with_items: "{{ apache_private_htpasswd_absent }}"
loop: "{{ apache_private_htpasswd_absent }}"
notify: reload apache
tags:
- apache

View file

@ -5,7 +5,7 @@
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: present
with_items: "{{ apache_ipaddr_whitelist_present }}"
loop: "{{ apache_ipaddr_whitelist_present }}"
notify: reload apache
tags:
- apache
@ -16,7 +16,7 @@
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: absent
with_items: "{{ apache_ipaddr_whitelist_absent }}"
loop: "{{ apache_ipaddr_whitelist_absent }}"
notify: reload apache
tags:
- apache

View file

@ -42,7 +42,7 @@
apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- rewrite
- expires
- headers
@ -58,7 +58,7 @@
apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- cgi
notify: reload apache
when: apache_mpm == "prefork" or apache_mpm == "itk"
@ -102,7 +102,7 @@
command: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
with_items:
loop:
- z-evolinux-defaults.conf
- zzz-evolinux-custom.conf
notify: reload apache

View file

@ -15,7 +15,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- apache_accesses
- apache_processes
- apache_volume

View file

@ -14,7 +14,7 @@
file:
path: '{{ item }}'
state: absent
with_items:
loop:
- /etc/apt/sources.list.d/debian-security.list
- /etc/apt/sources.list.d/debian-jessie.list
- /etc/apt/sources.list.d/debian-stretch.list

View file

@ -8,7 +8,7 @@
create: yes
state: present
mode: "0640"
with_items:
loop:
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
@ -23,7 +23,7 @@
create: yes
state: present
mode: "0640"
with_items:
loop:
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"

View file

@ -14,7 +14,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- bind9
- bind9_rndc
notify: restart munin-node
@ -30,7 +30,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- bind9
- bind9_rndc
notify: restart munin-node

View file

@ -5,7 +5,7 @@
question: "{{ item.key }}"
value: "{{ item.value }}"
vtype: "{{ item.type }}"
with_items:
loop:
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
@ -57,7 +57,7 @@
question: "{{ item.key }}"
value: "{{ item.value }}"
vtype: "{{ item.type }}"
with_items:
loop:
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }

View file

@ -80,7 +80,7 @@
src: "{{ item }}.j2"
dest: "{{ docker_tls_path }}/{{ item }}"
mode: "0744"
with_items:
loop:
- shellpki.sh
- openssl.cnf
when: docker_tls_enabled

View file

@ -24,7 +24,7 @@
line: "{{ item.key }} = {{ item.value }}"
regexp: "^#*{{ item.key }}"
state: present
with_items:
loop:
- { key: 'hosts', value: '127.0.0.1' }
- { key: 'auth_bind', value: 'yes' }
- { key: 'ldap_version', value: 3 }

View file

@ -46,7 +46,7 @@
lineinfile:
dest: "{{ repository_path }}/.gitignore"
line: "{{ item }}"
with_items: "{{ gitignore_items | default([]) }}"
loop: "{{ gitignore_items | default([]) }}"
tags:
- etc-git

View file

@ -4,7 +4,7 @@
section: 'req'
option: "{{ item.name }}"
value: "{{ item.var }}"
with_items:
loop:
- { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
- { name: 'encrypt_key', var: 'yes' }
- { name: 'distinguished_name', var: 'req_dn' }
@ -16,7 +16,7 @@
section: 'req_dn'
option: "{{ item.name }}"
value: "{{ item.var }}"
with_items:
loop:
- { name: 'C', var: "{{ evoacme_ssl_ct }}" }
- { name: 'ST', var: "{{ evoacme_ssl_state }}" }
- { name: 'L', var: "{{ evoacme_ssl_loc }}" }

View file

@ -39,6 +39,6 @@
file:
path: "/usr/local/bin/{{ item }}"
state: absent
with_items:
loop:
- 'make-csr'
- 'evoacme'

View file

@ -14,7 +14,7 @@
marker: "# {mark} {{ item.name }}"
block: |
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
with_items: "{{ evobackup_client__hosts }}"
loop: "{{ evobackup_client__hosts }}"
notify: restart minifirewall
when: evobackup_client__minifirewall.stat.exists
tags:

View file

@ -7,7 +7,7 @@
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present
reload: yes
with_items:
loop:
- { name: kernel.panic_on_oops, value: 1 }
- { name: kernel.panic, value: 60 }
when: evolinux_kernel_reboot_after_panic
@ -18,7 +18,7 @@
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: absent
reload: yes
with_items:
loop:
- kernel.panic_on_oops
- kernel.panic
when: not evolinux_kernel_reboot_after_panic
@ -57,7 +57,7 @@
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present
reload: yes
with_items:
loop:
- { name: "net.ipv4.ipfrag_low_thresh", value: 196608 }
- { name: "net.ipv6.ip6frag_low_thresh", value: 196608 }
- { name: "net.ipv4.ipfrag_high_thresh", value: 262144 }

View file

@ -128,7 +128,7 @@
dest: /etc/apt/listchanges.conf
regexp: '^{{ item.option }}\s*='
line: "{{ item.option }}={{ item.value }}"
with_items:
loop:
- { option: "confirm", value: "1" }
- { option: "which", value: "both" }
when:

View file

@ -45,7 +45,7 @@
dest: /etc/aliases
regexp: "^{{ item }}:.*"
line: "{{ item }}: root"
with_items: "{{ non_root_users_list.stdout_lines }}"
loop: "{{ non_root_users_list.stdout_lines }}"
notify: newaliases
when: evolinux_postfix_users_alias_root
tags:
@ -56,7 +56,7 @@
dest: /etc/aliases
regexp: "^{{ item }}:.*"
line: "{{ item }}: root"
with_items:
loop:
- postmaster
- abuse
- mailer-daemon

View file

@ -5,7 +5,7 @@
sysctl_file: /etc/sysctl.d/evolinux_fce.conf
state: present
reload: yes
with_items:
loop:
- { name: net.ipv4.tcp_keepalive_time, value: 250 }
- { name: net.ipv4.tcp_keepalive_intvl, value: 60 }
- { name: net.ipv6.conf.all.disable_ipv6, value: 1 }

View file

@ -13,7 +13,7 @@
line: "{{ item }}"
create: yes
state: present
with_items:
loop:
- "export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoreboth,erasedups"
- "export HISTSIZE=65535"
- "export HISTTIMEFORMAT=\"%c : \""
@ -79,7 +79,7 @@
line: "{{ item }}"
create: yes
state: present
with_items:
loop:
- "syntax on"
- "set background=dark"
- "set expandtab"

View file

@ -13,7 +13,7 @@
line: "{{ item }}"
create: yes
state: present
with_items:
loop:
- "en_US.UTF-8 UTF-8"
- "fr_FR ISO-8859-1"
- "fr_FR.UTF-8 UTF-8"
@ -112,7 +112,7 @@
dest: /etc/crontab
regexp: "{{ item.regexp }}"
replace: "{{ item.replace }}"
with_items:
loop:
- { regexp: '^17((\s*\*){4})', replace: '{{ 59|random(start=1) }}\1' }
- { regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
- { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }

View file

@ -120,7 +120,7 @@
- name: "Secondary Unix groups are present"
group:
name: "{{ group }}"
with_items: "{{ user.groups }}"
loop: "{{ user.groups }}"
loop_control:
loop_var: group
when:
@ -184,7 +184,7 @@
user: "{{ user.name }}"
key: "{{ ssk_key }}"
state: present
with_items: "{{ user.ssh_keys }}"
loop: "{{ user.ssh_keys }}"
loop_control:
loop_var: ssk_key
when: user.ssh_keys is defined

View file

@ -42,7 +42,7 @@
mode: "{{ item.mode }}"
force: yes
backup: yes
with_items:
loop:
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/', mode: '0700' }
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600' }
tags:

View file

@ -28,7 +28,7 @@
mode: "{{ item.mode }}"
force: yes
backup: yes
with_items:
loop:
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/', mode: '0700' }
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600' }
tags:

View file

@ -12,7 +12,7 @@
dest: /etc/default/minifirewall
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
insertafter: "^# EvoMaintenance"
with_items: "{{ evomaintenance_hosts }}"
loop: "{{ evomaintenance_hosts }}"
notify: "{{ minifirewall_restart_handler_name }}"
when: minifirewall_default_file.stat.exists
tags:

View file

@ -9,7 +9,7 @@
owner: root
group: root
mode: "0755"
with_items:
loop:
- "/etc/fail2ban"
- "/etc/fail2ban/filter.d"
tags:
@ -52,7 +52,7 @@
src: "{{ item }}"
dest: /etc/fail2ban/filter.d/
mode: "0644"
with_items:
loop:
- dovecot-evolix.conf
- sasl-evolix.conf
- wordpress-soft.conf

View file

@ -120,7 +120,7 @@
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
insertafter: "output.elasticsearch:"
with_items:
loop:
- { regexp: '^ #?username: .*', line: ' username: "{{ filebeat_elasticsearch_auth_username }}"' }
- { regexp: '^ #?password: .*', line: ' password: "{{ filebeat_elasticsearch_auth_password }}"' }
notify: restart filebeat

View file

@ -13,7 +13,7 @@
path: "{{ item }}"
state: directory
mode: "0777"
with_items:
loop:
- /srv/java-package
- /srv/java-package/src
- /srv/java-package/tmp

View file

@ -107,7 +107,7 @@
# args:
# creates: "/var/lib/kibana/{{ item }}"
# notify: restart kibana
# with_items:
# loop:
# - optimize
# - data

View file

@ -5,7 +5,7 @@
url: "https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/libvirt/{{ item }}"
dest: "/etc/munin/plugins/"
mode: "0755"
with_items:
loop:
- kvm_cpu
- kvm_io
- kvm_mem

View file

@ -33,7 +33,7 @@
special_time: "hourly"
user: root
job: "rsync -a --delete /etc/libvirt/qemu/ {{ hostvars[item]['ansible_hostname'] }}:/root/libvirt-{{ inventory_hostname }}/"
with_items:
loop:
- "{{ groups['hypervisors'] }}"
when: item != inventory_hostname
@ -44,6 +44,6 @@
special_time: "daily"
user: root
job: "virsh list | ssh {{ hostvars[item]['ansible_hostname'] }} 'cat >/root/libvirt-{{ inventory_hostname }}/virsh-list.txt'"
with_items:
loop:
- "{{ groups['hypervisors'] }}"
when: item != inventory_hostname

View file

@ -47,7 +47,7 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0640"
with_items:
loop:
- { option: 'hostname', value: '127.0.0.1' }
- { option: 'base', value: "{{ ldap_suffix }}" }
- { option: 'bind', value: "cn=nagios,ou=ldapusers,{{ ldap_suffix }}" }
@ -66,7 +66,7 @@
# and set the variable
- name: overwrite ldap_nagios_password (from file)
set_fact:
ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/etc/nagios/monitoring-plugins.ini') }}"
ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/monitoring-plugins.ini') }}"
- name: hash password for cn=nagios
command: "slappasswd -s {{ ldap_nagios_password }}"

View file

@ -11,7 +11,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

View file

@ -11,7 +11,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

View file

@ -11,7 +11,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

View file

@ -12,7 +12,7 @@
state: present
create: yes
mode: "0644"
with_items:
loop:
- "deb https://packages.sury.org/php/ buster main"
- "deb http://pub.evolix.net/ buster-php74/"
@ -44,7 +44,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

View file

@ -8,9 +8,9 @@
path: "/var/lib/lxc/{{ item.name }}/rootfs"
state: directory
mode: '0755'
with_items:
loop:
- "{{ lxc_containers }}"
- include: "solr.yml name={{item.name}} solr_version={{item.solr_version}} solr_port={{item.solr_port}}"
with_items:
loop:
- "{{ lxc_containers }}"

View file

@ -26,7 +26,7 @@
src: '/usr/share/munin/plugins/memcached_'
dest: /etc/munin/plugins/{{ multi }}{{ item }}
state: link
with_items:
loop:
- memcached_bytes
- memcached_counters
- memcached_rates

View file

@ -78,7 +78,7 @@
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
insertafter: "output.elasticsearch:"
with_items:
loop:
- { regexp: '^ #?username: .*', line: ' username: "{{ metricbeat_elasticsearch_auth_username }}"' }
- { regexp: '^ #?password: .*', line: ' password: "{{ metricbeat_elasticsearch_auth_password }}"' }
notify: restart metricbeat

View file

@ -184,7 +184,7 @@
dest: "{{ minifirewall_main_file }}"
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
insertafter: "^# EvoMaintenance"
with_items: "{{ evomaintenance_hosts }}"
loop: "{{ evomaintenance_hosts }}"
- name: remove minifirewall example rule for the evomaintenance
lineinfile:

View file

@ -57,7 +57,7 @@
src: "munin/{{ item }}"
dest: '/usr/local/share/munin/plugins/{{ item }}'
force: yes
with_items:
loop:
- mongo_btree
- mongo_collections
- mongo_conn
@ -73,7 +73,7 @@
src: '/usr/local/share/munin/plugins/{{ item }}'
dest: /etc/munin/plugins/{{ item }}
state: link
with_items:
loop:
- mongo_btree
- mongo_collections
- mongo_conn

View file

@ -35,7 +35,7 @@
file:
path: '/etc/munin/plugins/{{ item }}'
state: absent
with_items:
loop:
- http_loadtime
- exim_mailqueue
- exim_mailstats
@ -52,7 +52,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- meminfo
- netstat_multi
- tcp

View file

@ -22,7 +22,7 @@
src: '/usr/share/munin/plugins/{{ item }}'
dest: /etc/munin/plugins/{{ item }}
state: link
with_items:
loop:
- mysql_bytes
- mysql_queries
- mysql_slowqueries
@ -34,7 +34,7 @@
src: /usr/share/munin/plugins/mysql_
dest: '/etc/munin/plugins/mysql_{{ item }}'
state: link
with_items:
loop:
- commands
- connections
- files_tables

View file

@ -44,7 +44,7 @@
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
loop:
- { option: 'user', value: 'nrpe' }
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
when: create_nrpe_user.changed

View file

@ -36,7 +36,7 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user is changed

View file

@ -22,7 +22,7 @@
src: '/usr/share/munin/plugins/{{ item }}'
dest: /etc/munin/plugins/{{ item }}
state: link
with_items:
loop:
- mysql_bytes
- mysql_queries
- mysql_slowqueries
@ -34,7 +34,7 @@
src: /usr/share/munin/plugins/mysql_
dest: '/etc/munin/plugins/mysql_{{ item }}'
state: link
with_items:
loop:
- commands
- connections
- files_tables

View file

@ -44,7 +44,7 @@
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
loop:
- { option: 'user', value: 'nrpe' }
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
when: create_nrpe_user.changed

View file

@ -42,7 +42,7 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user.changed

View file

@ -37,7 +37,7 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user.changed

View file

@ -12,7 +12,7 @@
dest: /etc/resolv.conf
line: "nameserver {{ item }}"
state: present
with_items: "{{ nameservers }}"
loop: "{{ nameservers }}"
tags:
- nameserver
@ -21,7 +21,7 @@
dest: /etc/resolv.conf
line: "nameserver {{ item }}"
state: absent
with_items: "{{ grep_nameserver.stdout_lines }}"
loop: "{{ grep_nameserver.stdout_lines }}"
when: item not in nameservers
tags:
- nameserver

View file

@ -27,14 +27,14 @@
dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_aws'
line: 'newrelic.daemon.utilization.detect_aws = false'
with_items: "{{ find_newrelic_ini.stdout_lines }}"
loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Disable Docker detection
lineinfile:
dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_docker'
line: 'newrelic.daemon.utilization.detect_docker = false'
with_items: "{{ find_newrelic_ini.stdout_lines }}"
loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Install package for PHP
apt:

View file

@ -5,7 +5,7 @@
dest: /etc/nginx/snippets/ipaddr_whitelist
line: "allow {{ item }};"
state: present
with_items: "{{ nginx_ipaddr_whitelist_present }}"
loop: "{{ nginx_ipaddr_whitelist_present }}"
notify: reload nginx
tags:
- nginx
@ -16,7 +16,7 @@
dest: /etc/nginx/snippets/ipaddr_whitelist
line: "allow {{ item }};"
state: absent
with_items: "{{ nginx_ipaddr_whitelist_absent }}"
loop: "{{ nginx_ipaddr_whitelist_absent }}"
notify: reload nginx
tags:
- nginx

View file

@ -80,7 +80,7 @@
dest: /etc/nginx/snippets/private_htpasswd
line: "{{ item }}"
state: present
with_items: "{{ nginx_private_htpasswd_present }}"
loop: "{{ nginx_private_htpasswd_present }}"
notify: reload nginx
tags:
- nginx
@ -90,7 +90,7 @@
dest: /etc/nginx/snippets/private_htpasswd
line: "{{ item }}"
state: absent
with_items: "{{ nginx_private_htpasswd_absent }}"
loop: "{{ nginx_private_htpasswd_absent }}"
notify: reload nginx
tags:
- nginx

View file

@ -12,7 +12,7 @@
src: '/usr/share/munin/plugins/{{ item }}'
dest: '/etc/munin/plugins/{{ item }}'
state: link
with_items:
loop:
- nginx_request
- nginx_status
notify: restart munin

View file

@ -38,7 +38,7 @@
owner: opendkim
group: opendkim
mode: "0640"
with_items:
loop:
- 'KeyTable'
- 'SigningTable'
changed_when: False

View file

@ -28,7 +28,7 @@
apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- ssl
- include
- negotiation
@ -56,6 +56,6 @@
command: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
with_items:
loop:
- evolinux-evasive
- evolinux-modsec

View file

@ -5,7 +5,7 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /
- /etc
- /usr
@ -29,7 +29,7 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /var/log/apt
- /var/lib/dpkg
- /var/log/munin
@ -51,7 +51,7 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /bin/ping
- /bin/ping6
- /usr/bin/fping
@ -63,6 +63,6 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /var/log/evolix.log
- /etc/warnquota.conf

View file

@ -41,7 +41,7 @@
path: "/etc/skel/{{ item.path }}"
state: "{{ item.state }}"
mode: "{{ item.mode }}"
with_items:
loop:
- { path: log, mode: "0750", state: directory }
- { path: awstats, mode: "0750", state: directory }
- { path: www, mode: "0750", state: directory }
@ -50,7 +50,7 @@
command: "touch /etc/skel/log/{{ item }}"
args:
creates: "/etc/skel/log/{{ item }}"
with_items:
loop:
- access.log
- error.log
@ -58,7 +58,7 @@
file:
dest: "/etc/skel/log/{{ item }}"
mode: "0644"
with_items:
loop:
- access.log
- error.log
@ -85,7 +85,6 @@
- include: apache.yml
- include: phpmyadmin.yml
when: ansible_distribution_release != "buster"
- include: awstats.yml

View file

@ -8,7 +8,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "short_open_tag", value: "Off" }
- { option: "expose_php", value: "Off" }
- { option: "display_errors", value: "Off" }
@ -42,6 +42,6 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
with_items:
loop:
- { option: "date.timezone", value: "Europe/Paris" }
when: php_symfony_requirements

View file

@ -7,7 +7,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "display_errors", value: "On" }
- { option: "allow_url_fopen", value: "On" }
- { option: "disable_functions", value: "" }
@ -33,6 +33,6 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
with_items:
loop:
- { option: "date.timezone", value: "Europe/Paris" }
when: php_symfony_requirements

View file

@ -8,7 +8,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "short_open_tag", value: "Off" }
- { option: "expose_php", value: "Off" }
- { option: "display_errors", value: "Off" }
@ -43,7 +43,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "user", value: "www-data" }
- { option: "group", value: "www-data" }
- { option: "listen", value: "{{ php_fpm_default_pool_socket }}" }
@ -76,7 +76,7 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
with_items:
loop:
- { option: "date.timezone", value: "Europe/Paris" }
notify: "restart {{ php_fpm_service_name }}"
when: php_symfony_requirements

View file

@ -65,7 +65,7 @@
file:
dest: "{{ item }}"
mode: "0755"
with_items:
loop:
- /etc/php
- /etc/php/7.3

View file

@ -65,7 +65,7 @@
file:
dest: "{{ item }}"
mode: "0755"
with_items:
loop:
- /etc/php
- /etc/php/7.0

View file

@ -6,7 +6,7 @@
dest: "{{ item.dest }}"
force: yes
state: link
with_items:
loop:
- { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini" }
- { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini" }