evolix
/
ansible-roles
16
2
Fork 2
Code Issues 60 Pull Requests 18 Releases 27 Wiki Activity

Add “when: not ansible_check_mode” to allow more --check
gitea/ansible-roles/pipeline/head This commit looks good Details

Browse Source
pull/165/head
David Prevot 4 months ago
parent a1bad43b25
commit fafff25c20
56 changed files with 188 additions and 20 deletions
Show Stats Download Patch File Download Diff File

3
apache/handlers/main.yml
Unescape Escape View File

@ -3,13 +3,16 @@
service:
name: apache2
state: restarted
when: not ansible_check_mode
- name: reload apache
service:
name: apache2
state: reloaded
when: not ansible_check_mode
- name: restart munin-node
service:
name: munin-node
state: restarted
when: not ansible_check_mode

3
apache/tasks/auth.yml
Unescape Escape View File

@ -22,6 +22,7 @@
state: present
tags:
- apache
when: not ansible_check_mode
- name: Copy private_htpasswd
copy:
@ -44,6 +45,7 @@
notify: reload apache
tags:
- apache
when: not ansible_check_mode
- name: remove user:pwd from private htpasswd
lineinfile:
@ -54,3 +56,4 @@
notify: reload apache
tags:
- apache
when: not ansible_check_mode

1
apache/tasks/ip_whitelist.yml
Unescape Escape View File

@ -10,6 +10,7 @@
tags:
- apache
- ips
when: not ansible_check_mode
- name: remove IP addresses from private IP whitelist
lineinfile:

1
apache/tasks/log2mail.yml
Unescape Escape View File

@ -6,6 +6,7 @@
state: present
tags:
- apache
when: not ansible_check_mode
- name: Add log2mail config for Apache segfaults
template:

6
apache/tasks/main.yml
Unescape Escape View File

@ -53,6 +53,7 @@
notify: reload apache
tags:
- apache
when: not ansible_check_mode
- name: basic modules are enabled
apache2_module:
@ -64,6 +65,7 @@
when: apache_mpm == "prefork" or apache_mpm == "itk"
tags:
- apache
when: not ansible_check_mode
- name: Copy Apache defaults config file
@ -133,6 +135,7 @@
when: apache_evolinux_default_enabled | bool
tags:
- apache
when: not ansible_check_mode
- include: server_status.yml
tags:
@ -158,6 +161,7 @@
when: envvar_grep_umask.rc != 0
tags:
- apache
when: not ansible_check_mode
- include_role:
name: evolix/remount-usr
@ -190,6 +194,7 @@
replace: "{{ apache_logrotate_frequency }}"
tags:
- apache
when: not ansible_check_mode
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
replace:
@ -198,6 +203,7 @@
replace: '\1 {{ apache_logrotate_rotate }}'
tags:
- apache
when: not ansible_check_mode
- include: log2mail.yml
when: apache_log2mail_include

3
apache/tasks/munin.yml
Unescape Escape View File

@ -23,6 +23,7 @@
tags:
- apache
- munin
when: not ansible_check_mode
- name: "Install fcgi packages for Munin graphs"
apt:
@ -43,6 +44,7 @@
tags:
- apache
- munin
when: not ansible_check_mode
- name: "Apache has access to /var/log/munin/"
file:
@ -51,3 +53,4 @@
tags:
- apache
- munin
when: not ansible_check_mode

7
apache/tasks/server_status.yml
Unescape Escape View File

@ -26,10 +26,12 @@
changed_when: False
check_mode: no
register: new_apache_serverstatus_suffix
when: not ansible_check_mode
- name: overwrite apache_serverstatus_suffix
set_fact:
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
when: not ansible_check_mode
- debug:
var: apache_serverstatus_suffix
@ -40,12 +42,14 @@
dest: /var/www/index.html
regexp: '__SERVERSTATUS_SUFFIX__'
replace: "{{ apache_serverstatus_suffix }}"
when: not ansible_check_mode
- name: add server-status suffix in default site index if missing
replace:
dest: /var/www/index.html
regexp: '"/server-status-?"'
replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
when: not ansible_check_mode
- name: add server-status suffix in default VHost
replace:
@ -53,12 +57,14 @@
regexp: '<Location /server-status-?>'
replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
notify: reload apache
when: not ansible_check_mode
- name: Munin configuration has a section for apache
lineinfile:
dest: /etc/munin/plugin-conf.d/munin-node
line: "[apache_*]"
create: no
when: not ansible_check_mode
- name: apache-status URL is configured for Munin
lineinfile:
@ -68,3 +74,4 @@
insertafter: "[apache_*]"
create: no
notify: restart munin-node
when: not ansible_check_mode

5
etc-git/tasks/main.yml
Unescape Escape View File

@ -8,6 +8,7 @@
- etc-git
when:
- ansible_distribution == "Debian"
- not ansible_check_mode
- name: Install and configure utilities
include: utils.yml
@ -18,4 +19,6 @@
include: repositories.yml
tags:
- etc-git
when: etc_git_config_repositories | bool
when:
- etc_git_config_repositories | bool
- not ansible_check_mode

2
etc-git/tasks/repositories.yml
Unescape Escape View File

@ -34,4 +34,4 @@
- _usr_share_scripts.stat.isdir
- ansible_distribution_major_version is version('10', '>=')
tags:
- etc-git
- etc-git

4
etc-git/tasks/repository.yml
Unescape Escape View File

@ -22,6 +22,7 @@
value: "root@{{ ansible_fqdn | default('localhost') }}"
tags:
- etc-git
when: not ansible_check_mode
- name: "{{ repository_path }}/.git is restricted to root"
file:
@ -49,6 +50,7 @@
loop: "{{ gitignore_items | default([]) }}"
tags:
- etc-git
when: not ansible_check_mode
- name: "does {{ repository_path }}/ have any commit?"
command: "git log"
@ -70,4 +72,4 @@
register: git_commit
when: git_log.rc != 0 or (git_init is defined and git_init is changed)
tags:
- etc-git
- etc-git

5
evoacme/handlers/main.yml
Unescape Escape View File

@ -1,14 +1,17 @@
- name: newaliases
command: newaliases
when: not ansible_check_mode
- name: Test Apache conf
command: apache2ctl -t
notify: "Reload Apache conf"
when: not ansible_check_mode
- name: reload apache2
service:
name: apache2
state: reloaded
when: not ansible_check_mode
- name: apt update
apt:
@ -18,8 +21,10 @@
service:
name: squid3
state: reloaded
when: not ansible_check_mode
- name: reload squid
service:
name: squid
state: reloaded
when: not ansible_check_mode

4
evocheck/tasks/exec.yml
Unescape Escape View File

@ -10,6 +10,8 @@
- debug:
var: evocheck_run.stdout_lines
when: evocheck_run.stdout | length > 0
when:
- not ansible_check_mode
- evocheck_run.stdout | length > 0
tags:
- evocheck-exec

1
evolinux-base/tasks/default_www.yml
Unescape Escape View File

@ -38,6 +38,7 @@
owner: root
group: ssl-cert
mode: "0640"
when: not ansible_check_mode
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt

8
evolinux-base/tasks/hardware.yml
Unescape Escape View File

@ -43,7 +43,9 @@
state: present
tags:
- packages
when: ansible_virtualization_role == "host"
when:
- ansible_virtualization_role == "host"
- not ansible_check_mode
## RAID
# Dell and others: MegaRAID SAS
@ -108,6 +110,7 @@
name: ssacli
tags:
- packages
when: not ansible_check_mode
when:
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
- "'Adaptec Smart Storage PQI' in raidmodel.stdout"
@ -134,6 +137,7 @@
state: present
tags:
- packages
when: not ansible_check_mode
- name: cciss-vol-statusd init script is present (HP gen <10)
template:
@ -246,6 +250,7 @@
allow_unauthenticated: yes
tags:
- packages
when: not ansible_check_mode
- name: Configure packages for DELL/LSI hardware
template:
@ -263,6 +268,7 @@
tags:
- packages
- config
when: not ansible_check_mode
when:
- "'MegaRAID' in raidmodel.stdout"
- evolinux_packages_hardware_raid | bool

2
evolinux-base/tasks/log2mail.yml
Unescape Escape View File

@ -16,6 +16,7 @@
daemon-reload: yes
state: started
enabled: yes
when: not ansible_check_mode
- name: log2mail config is present
blockinfile:
@ -32,4 +33,5 @@
notify: restart log2mail
tags:
- log2mail
when: not ansible_check_mode

4
evolinux-base/tasks/packages.yml
Unescape Escape View File

@ -89,7 +89,9 @@
apt:
name: serveur-base
allow_unauthenticated: yes
when: evolinux_packages_serveur_base | bool
when:
- evolinux_packages_serveur_base | bool
- not ansible_check_mode
- name: Install/Update packages for Stretch and later
apt:

14
evolinux-base/tasks/postfix.yml
Unescape Escape View File

@ -20,6 +20,7 @@
notify: reload postfix
tags:
- postfix
when: not ansible_check_mode
- name: configure postfix mynetworks
lineinfile:
@ -30,6 +31,7 @@
notify: reload postfix
tags:
- postfix
when: not ansible_check_mode
- name: fetch users list
shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root"
@ -48,7 +50,9 @@
line: "{{ item }}: root"
loop: "{{ non_root_users_list.stdout_lines }}"
notify: newaliases
when: evolinux_postfix_users_alias_root | bool
when:
- evolinux_postfix_users_alias_root | bool
- not ansible_check_mode
tags:
- postfix
@ -65,7 +69,9 @@
- error
- bounce
notify: newaliases
when: evolinux_postfix_mailer_alias_root | bool
when:
- evolinux_postfix_mailer_alias_root | bool
- not ansible_check_mode
tags:
- postfix
@ -75,7 +81,9 @@
regexp: "^root:"
line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
notify: newaliases
when: evolinux_postfix_root_alias | bool
when:
- evolinux_postfix_root_alias | bool
- not ansible_check_mode
tags:
- postfix

2
evolinux-users/tasks/user.yml
Unescape Escape View File

@ -161,6 +161,7 @@
insertafter: EOF
line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0'
when: grep_profile_evomaintenance.rc != 0
when: not ansible_check_mode
# SSH keys
@ -192,5 +193,6 @@
when:
- user.ssh_keys is defined
- user.ssh_keys | length > 0
- not ansible_check_mode
- meta: flush_handlers

3
haproxy/handlers/main.yml
Unescape Escape View File

@ -3,13 +3,16 @@
service:
name: haproxy
state: reloaded
when: not ansible_check_mode
- name: restart haproxy
service:
name: haproxy
state: restarted
when: not ansible_check_mode
- name: restart munin-node
service:
name: munin-node
state: restarted
when: not ansible_check_mode

2
haproxy/tasks/main.yml
Unescape Escape View File

@ -123,6 +123,7 @@
tags:
- haproxy
- logrotate
when: not ansible_check_mode
- name: Rotate logs with nodelaycompress
lineinfile:
@ -133,6 +134,7 @@
tags:
- haproxy
- logrotate
when: not ansible_check_mode
- name: Set net.ipv4.ip_nonlocal_bind
sysctl:

1
lxc-php/tasks/php74.yml
Unescape Escape View File

@ -10,6 +10,7 @@
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
regexp: 'bullseye/updates'
replace: 'bullseye-security'
when: not ansible_check_mode
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
template:

1
lxc-php/tasks/php80.yml
Unescape Escape View File

@ -10,6 +10,7 @@
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
regexp: 'bullseye/updates'
replace: 'bullseye-security'
when: not ansible_check_mode
- name: "{{ lxc_php_version }} - Add sury repo"
lineinfile:

1
lxc-php/tasks/php81.yml
Unescape Escape View File

@ -10,6 +10,7 @@
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
regexp: 'bullseye/updates'
replace: 'bullseye-security'
when: not ansible_check_mode
- name: "{{ lxc_php_version }} - Add sury repo"
lineinfile:

6
lxc/tasks/create-container.yml
Unescape Escape View File

@ -4,6 +4,7 @@
changed_when: false
check_mode: no
register: container_exists
when: not ansible_check_mode
- name: "Create container {{ name }}"
lxc_container:
@ -13,6 +14,7 @@
state: stopped
template_options: "--arch amd64 --release {{ release }}"
when: container_exists.stdout_lines | length == 0
when: not ansible_check_mode
- name: "Disable network configuration inside container {{ name }}"
replace:
@ -20,12 +22,14 @@
regexp: "^#CONFIGURE_INTERFACES=yes"
replace: CONFIGURE_INTERFACES=no
when: lxc_network_type == "none"
when: not ansible_check_mode
- name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
lineinfile:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
line: "NETDOWN=no"
when: lxc_network_type == "none" and release == "jessie"
when: not ansible_check_mode
- name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
file:
@ -44,6 +48,7 @@
lineinfile:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
line: "127.0.0.1 {{ name }}"
when: not ansible_check_mode
- name: "Fix permission on /dev for container {{ name }}"
lineinfile:
@ -51,6 +56,7 @@
line: "chmod 755 /dev"
insertbefore: "^exit 0$"
when: release == 'jessie'
when: not ansible_check_mode
- name: "Ensure that {{ name }} container is running"
lxc_container:

2
lxc/tasks/main.yml
Unescape Escape View File

@ -48,6 +48,7 @@
changed_when: false
check_mode: no
register: check_fs_options
when: not ansible_check_mode
- name: Check if options are correct
assert:
@ -56,6 +57,7 @@
- "'noexec' not in check_fs_options.stdout"
- "'nosuid' not in check_fs_options.stdout"
msg: "LXC directory is in a filesystem with incompatible options"
when: not ansible_check_mode
- name: Create containers
include: create-container.yml

22
minifirewall/tasks/config.yml
Unescape Escape View File

@ -30,6 +30,7 @@
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
insertbefore: '^# Main interface'
create: no
when: not ansible_check_mode
- name: End marker for IP addresses
lineinfile:
@ -37,6 +38,7 @@
create: no
line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
insertafter: '^PRIVILEGIEDIPS='
when: not ansible_check_mode
- name: Verify that at least 1 trusted IP is provided
assert:
@ -84,6 +86,7 @@
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
create: no
register: minifirewall_config_ips
when: not ansible_check_mode
- name: Begin marker for ports
lineinfile:
@ -91,6 +94,7 @@
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
insertbefore: '^# Protected services'
create: no
when: not ansible_check_mode
- name: End marker for ports
lineinfile:
@ -98,6 +102,7 @@
line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
insertafter: '^SERVICESUDP3='
create: no
when: not ansible_check_mode
- name: Configure ports
blockinfile:
@ -122,6 +127,7 @@
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
create: no
register: minifirewall_config_ports
when: not ansible_check_mode
- name: Configure DNSSERVEURS
lineinfile:
@ -193,7 +199,9 @@
line: "PROXY='{{ minifirewall_proxy }}'"
regexp: "PROXY=('|\").*('|\")"
create: no
when: minifirewall_proxy is not none
when:
- minifirewall_proxy is not none
- not ansible_check_mode
- name: Configure PROXYPORT
lineinfile:
@ -201,7 +209,9 @@
line: "PROXYPORT='{{ minifirewall_proxyport }}'"
regexp: "PROXYPORT=('|\").*('|\")"
create: no
when: minifirewall_proxyport is not none
when:
- minifirewall_proxyport is not none
- not ansible_check_mode
# Warning: keep double quotes for the value,
# since we often reference a shell variable that needs to be interpolated
@ -211,7 +221,9 @@
line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
regexp: "PROXYBYPASS=('|\").*('|\")"
create: no
when: minifirewall_proxybypass is not none
when:
- minifirewall_proxyport is not none
- not ansible_check_mode
- name: Configure BACKUPSERVERS
lineinfile:
@ -219,7 +231,9 @@
line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
regexp: "BACKUPSERVERS=('|\").*('|\")"
create: no
when: minifirewall_backupservers is not none
when:
- minifirewall_backupservers is not none
- not ansible_check_mode
- name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
lineinfile:

4
munin/handlers/main.yml
Unescape Escape View File

@ -4,12 +4,14 @@
service:
name: munin-node
state: restarted
when: not ansible_check_mode
- name: restart munin_node
service:
name: munin_node
state: restarted
when: not ansible_check_mode
- name: systemd daemon-reload
systemd:
daemon_reload: yes
daemon_reload: yes

4
munin/tasks/main.yml
Unescape Escape View File

@ -33,6 +33,7 @@
notify: restart munin-node
when: not ansible_hostname == "localdomain"
when: not ansible_check_mode
tags:
- munin
@ -79,6 +80,7 @@
notify: restart munin-node
tags:
- munin
when: not ansible_check_mode
- name: Enable sensors_ plugin on dedicated hardware
file:
@ -92,6 +94,7 @@
notify: restart munin-node
tags:
- munin
when: not ansible_check_mode
- name: Enable ipmi_ plugin on dedicated hardware
file:
@ -105,6 +108,7 @@
- temp
- power
- volts
when: not ansible_check_mode
- name: adjustments for grsec kernel
blockinfile:

1
mysql/tasks/datadir.yml
Unescape Escape View File

@ -43,3 +43,4 @@
- mysql_custom_datadir | length > 0
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
- not mysql_custom_datadir_test.stat.exists
- not ansible_check_mode

1
mysql/tasks/logdir.yml
Unescape Escape View File

@ -43,3 +43,4 @@
- mysql_custom_logdir | length > 0
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
- not mysql_custom_logdir_test.stat.exists
- not ansible_check_mode

1
mysql/tasks/packages_jessie.yml
Unescape Escape View File

@ -42,6 +42,7 @@
tags:
- mysql
- services
when: not ansible_check_mode
- name: apg package is installed
apt:

3
mysql/tasks/packages_stretch.yml
Unescape Escape View File

@ -28,6 +28,7 @@
tags:
- mysql
- services
when: not ansible_check_mode
- name: apg package is installed
apt:
@ -57,4 +58,4 @@
tags:
- mysql
- packages
when: ansible_python_version is version('3', '>=')
when: ansible_python_version is version('3', '>=')

3
mysql/tasks/utils.yml
Unescape Escape View File

@ -156,6 +156,7 @@
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
state: link
when: mysql_cron_optimize | bool
when: not ansible_check_mode
tags:
- mysql
@ -248,4 +249,4 @@
mode: "0755"
force: no
tags:
- mysql
- mysql

2
nagios-nrpe/handlers/main.yml
Unescape Escape View File

@ -4,8 +4,10 @@
service:
name: nagios-nrpe-server
state: restarted
when: not ansible_check_mode
- name: restart nrpe
service:
name: nrpe
state: restarted
when: not ansible_check_mode

1
ntpd/tasks/main.yml
Unescape Escape View File

@ -21,3 +21,4 @@
notify: restart ntp
tags:
- ntp
when: not ansible_check_mode

6
packweb-apache/tasks/apache.yml
Unescape Escape View File

@ -14,7 +14,9 @@
block: |
# Used for Evoadmin-web
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
when: envvar_grep_path.rc != 0
when:
- envvar_grep_path.rc != 0
- not ansible_check_mode
- name: Additional packages are installed
apt:
@ -34,6 +36,7 @@
- negotiation
- alias
- log_forensic
when: not ansible_check_mode
- name: Copy Apache settings for modules
copy:
@ -60,3 +63,4 @@
loop:
- evolinux-evasive
- evolinux-modsec
when: not ansible_check_mode

4
packweb-apache/tasks/awstats.yml
Unescape Escape View File

@ -22,6 +22,7 @@
AllowFullYearView=3
ErrorMessages="An error occured. Contact your Administrator"
mode: "0644"
when: not ansible_check_mode
- name: Create conf-available/awstats-icon.conf file
copy:
@ -39,6 +40,7 @@
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
when: not ansible_check_mode
- name: Create awstats cron
lineinfile:
@ -46,6 +48,7 @@
create: yes
regexp: '-config=awstats'
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
when: not ansible_check_mode
- name: Comment default awstat cron's tasks
lineinfile:
@ -54,3 +57,4 @@
line: '#\1'
backrefs: yes
state: present
when: not ansible_check_mode

3
packweb-apache/tasks/main.yml
Unescape Escape View File

@ -26,6 +26,7 @@
dest: /var/www/index.html
line: ' <li><a href="/info.php">Infos PHP</a></li>'
regexp: "Infos PHP"
when: not ansible_check_mode
- name: install opcache.php
copy:
@ -38,6 +39,7 @@
dest: /var/www/index.html
line: ' <li><a href="/opcache.php">Infos OpCache PHP</a></li>'
regexp: "Infos OpCache PHP"
when: not ansible_check_mode
- name: Add elements to user account template
file:
@ -64,6 +66,7 @@
loop:
- access.log
- error.log
when: not ansible_check_mode
- name: "Install userlogrotate (jessie)"
copy:

1
packweb-apache/tasks/multiphp.yml
Unescape Escape View File

@ -5,6 +5,7 @@
state: present
name: proxy_fcgi
notify: restart apache2
when: not ansible_check_mode
- include_role:
name: remount-usr

5
packweb-apache/tasks/phpmyadmin.yml
Unescape Escape View File

@ -65,10 +65,12 @@
changed_when: False
check_mode: no
register: new_packweb_phpmyadmin_suffix
when: not ansible_check_mode
- name: overwrite packweb_phpmyadmin_suffix
set_fact:
packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}"
when: not ansible_check_mode
- debug:
var: packweb_phpmyadmin_suffix
@ -86,15 +88,18 @@
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
when: not ansible_check_mode
- name: enable phpmyadmin link in default site index
replace:
dest: /var/www/index.html
regexp: '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
replace: ' <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
when: not ansible_check_mode
- name: replace phpmyadmin suffix in default site index
replace:
dest: /var/www/index.html
regexp: '__PHPMYADMIN_SUFFIX__'
replace: "{{ packweb_phpmyadmin_suffix }}"
when: not ansible_check_mode

5
php/handlers/main.yml
Unescape Escape View File

@ -4,23 +4,28 @@
service:
name: php5-fpm
state: restarted
when: not ansible_check_mode
- name: restart php7.0-fpm
service:
name: php7.0-fpm
state: restarted
when: not ansible_check_mode
- name: restart php7.3-fpm
service:
name: php7.3-fpm
state: restarted
when: not ansible_check_mode
- name: restart php7.4-fpm
service:
name: php7.4-fpm
state: restarted
when: not ansible_check_mode
- name: restart php8.1-fpm
service:
name: php8.1-fpm
state: restarted
when: not ansible_check_mode

2
php/tasks/config_cli.yml
Unescape Escape View File

@ -25,6 +25,7 @@
file:
dest: "{{ php_cli_custom_ini_file }}"
mode: "0644"
when: not ansible_check_mode
- name: "Set custom values for PHP to enable Symfony"
ini_file:
@ -36,3 +37,4 @@
loop:
- { option: "date.timezone", value: "Europe/Paris" }
when: php_symfony_requirements | bool
when: not ansible_check_mode

4
php/tasks/main_bookworm.yml
Unescape Escape View File

@ -79,12 +79,14 @@
with_items:
- /etc/php
- /etc/php/{{ php_version }}
when: not ansible_check_mode
- include: config_cli.yml
- name: "Enforce permissions on PHP cli directory (Debian 12)"
file:
dest: /etc/php/{{ php_version }}/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable
@ -94,6 +96,7 @@
dest: /etc/php/{{ php_version }}/fpm
mode: "0755"
when: php_fpm_enable
when: not ansible_check_mode
- include: config_apache.yml
when: php_apache_enable
@ -103,6 +106,7 @@
dest: /etc/php/{{ php_version }}/apache2
mode: "0755"
when: php_apache_enable
when: not ansible_check_mode
- include: sury_post.yml
when: php_sury_enable

4
php/tasks/main_bullseye.yml
Unescape Escape View File

@ -68,12 +68,14 @@
with_items:
- /etc/php
- /etc/php/7.4
when: not ansible_check_mode
- include: config_cli.yml
- name: "Enforce permissions on PHP cli directory (Debian 11)"
file:
dest: /etc/php/7.4/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable
@ -83,6 +85,7 @@
dest: /etc/php/7.4/fpm
mode: "0755"
when: php_fpm_enable
when: not ansible_check_mode
- include: config_apache.yml
when: php_apache_enable
@ -92,6 +95,7 @@
dest: /etc/php/7.4/apache2
mode: "0755"
when: php_apache_enable
when: not ansible_check_mode
- include: sury_post.yml
when: php_sury_enable

4
php/tasks/main_buster.yml
Unescape Escape View File

@ -68,12 +68,14 @@
loop:
- /etc/php
- /etc/php/7.3
when: not ansible_check_mode
- include: config_cli.yml
- name: "Enforce permissions on PHP cli directory (Debian 10)"
file:
dest: /etc/php/7.3/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable | bool
@ -83,6 +85,7 @@
dest: /etc/php/7.3/fpm
mode: "0755"
when: php_fpm_enable | bool
when: not ansible_check_mode
- include: config_apache.yml
when: php_apache_enable | bool
@ -92,6 +95,7 @@
dest: /etc/php/7.3/apache2
mode: "0755"
when: php_apache_enable | bool
when: not ansible_check_mode
- include: sury_post.yml
when: php_sury_enable | bool

4
php/tasks/main_jessie.yml
Unescape Escape View File

@ -56,6 +56,7 @@
file:
dest: /etc/php5
mode: "0755"
when: not ansible_check_mode
- include: config_cli.yml
@ -63,6 +64,7 @@
file:
dest: /etc/php5/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable | bool
@ -72,6 +74,7 @@
dest: /etc/php5/fpm
mode: "0755"
when: php_fpm_enable | bool
when: not ansible_check_mode
- include: config_apache.yml
when: php_apache_enable | bool
@ -81,3 +84,4 @@
dest: /etc/php5/apache2
mode: "0755"
when: php_apache_enable | bool
when: not ansible_check_mode

4
php/tasks/main_stretch.yml
Unescape Escape View File

@ -68,6 +68,7 @@
loop:
- /etc/php
- /etc/php/7.0
when: not ansible_check_mode
- include: config_cli.yml
@ -75,6 +76,7 @@
file:
dest: /etc/php/7.0/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable | bool
@ -84,6 +86,7 @@
dest: /etc/php/7.0/fpm
mode: "0755"
when: php_fpm_enable | bool
when: not ansible_check_mode
- include: config_apache.yml
when: php_apache_enable | bool
@ -93,6 +96,7 @@
dest: /etc/php/7.0/apache2
mode: "0755"
when: php_apache_enable | bool
when: not ansible_check_mode
- include: sury_post.yml
when: php_sury_enable | bool

3
php/tasks/sury_post.yml
Unescape Escape View File

@ -14,6 +14,7 @@
file:
dest: /etc/php/7.4/cli
mode: "0755"
when: not ansible_check_mode
- name: Symlink Evolix Apache config files from 7.4 to 7.0
file:
@ -31,6 +32,7 @@
dest: /etc/php/7.4/apache2
mode: "0755"
when: php_apache_enable | bool
when: not ansible_check_mode
- name: Symlink Evolix FPM config files from 7.4 to 7.0
file:
@ -50,3 +52,4 @@
dest: /etc/php/7.4/fpm
mode: "0755"
when: php_fpm_enable | bool
when: not ansible_check_mode

1
proftpd/handlers/main.yml
Unescape Escape View File

@ -3,3 +3,4 @@
service:
name: proftpd
state: restarted
when: not ansible_check_mode

2
proftpd/tasks/main.yml
Unescape Escape View File

@ -70,6 +70,7 @@
notify: restart proftpd
tags:
- proftpd
when: not ansible_check_mode
- name: Put empty vpasswd file if missing
copy:
@ -92,6 +93,7 @@
notify: restart proftpd
tags:
- proftpd
when: not ansible_check_mode
- include: accounts.yml
when: proftpd_accounts | length > 0

7
squid/handlers/main.yml
Unescape Escape View File

@ -3,31 +3,38 @@
service:
name: munin-node
state: restarted
when: not ansible_check_mode
- name: restart squid
service:
name: squid
state: restarted
when: not ansible_check_mode
- name: reload squid
service:
name: squid
state: reloaded
when: not ansible_check_mode
- name: restart squid3
service:
name: squid3
state: restarted
when: not ansible_check_mode
- name: reload squid3
service:
name: squid3
state: reloaded
when: not ansible_check_mode
- name: restart log2mail
service:
name: log2mail
state: restarted
when: not ansible_check_mode
- name: restart minifirewall
command: /etc/init.d/minifirewall restart
when: not ansible_check_mode

1
squid/tasks/main.yml
Unescape Escape View File

@ -121,6 +121,7 @@
when:
- squid_localproxy_enable | bool
- ansible_distribution_major_version is version('9', '>=')
- not ansible_check_mode
- name: "evolinux custom overrides (Debian 9 or later)"
copy:

1
webapps/evoadmin-web/tasks/ftp.yml
Unescape Escape View File

@ -10,3 +10,4 @@
remote_src: False
src: ftp/evolinux.conf.diff
dest: /etc/proftpd/conf.d/z-evolinux.conf
when: not ansible_check_mode

5
webapps/evoadmin-web/tasks/main.yml
Unescape Escape View File

@ -3,7 +3,9 @@
- name: "Ensure that evoadmin_contact_email is defined"
fail:
msg: Please configure var evoadmin_contact_email
when: evoadmin_contact_email is none or evoadmin_contact_email | length == 0
when:
- evoadmin_contact_email is none or evoadmin_contact_email | length == 0
- not ansible_check_mode
- include: packages.yml
@ -23,3 +25,4 @@
marker: "<!-- {mark} evoadmin-web section -->"
block: |
<li><a href="https://{{ evoadmin_host }}">Interface admin web (EvoAdmin-web)</a></li>
when: not ansible_check_mode

1
webapps/evoadmin-web/tasks/ssl.yml
Unescape Escape View File

@ -17,6 +17,7 @@
owner: root
group: ssl-cert
mode: "0640"
when: not ansible_check_mode
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt

8
webapps/evoadmin-web/tasks/user.yml
Unescape Escape View File

@ -54,7 +54,9 @@