evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Allow more --check runs
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Details

Browse source 
Use “when: not ansible_check_mode” or “when <file>.stat.exists or not
ansible_check_mode” in order to provide a meaningful diff if possible.

This is an improvement from the previously reverted commit
1728eaee68.
This commit is contained in:
David Prevot 2022-12-21 17:06:11 +01:00
parent 7005344a5b
commit fc692cf65b
54 changed files with 347 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apache/handlers/main.yml
View file

@ -3,13 +3,16 @@
service: service:
name: apache2 name: apache2
state: restarted state: restarted
when: not ansible_check_mode
- name: reload apache - name: reload apache
service: service:
name: apache2 name: apache2
state: reloaded state: reloaded
when: not ansible_check_mode
- name: restart munin-node - name: restart munin-node
service: service:
name: munin-node name: munin-node
state: restarted state: restarted
when: not ansible_check_mode

15
apache/tasks/auth.yml
View file

@ -14,7 +14,12 @@
- name: Load IP whitelist task - name: Load IP whitelist task
include: ip_whitelist.yml include: ip_whitelist.yml
- name: include private IP whitelist for server-status - name: Is status.conf present?
stat:
path: /etc/apache2/mods-available/status.conf
register: _status_conf
- name: Include private IP whitelist for server-status
lineinfile: lineinfile:
dest: /etc/apache2/mods-available/status.conf dest: /etc/apache2/mods-available/status.conf
line: " include /etc/apache2/ipaddr_whitelist.conf" line: " include /etc/apache2/ipaddr_whitelist.conf"
@ -22,6 +27,7 @@
state: present state: present
tags: tags:
- apache - apache
when: _status_conf.stat.exists or not ansible_check_mode
- name: Copy private_htpasswd - name: Copy private_htpasswd
copy: copy:
@ -35,6 +41,11 @@
tags: tags:
- apache - apache
- name: Is private_htpasswd present?
stat:
path: /etc/apache2/private_htpasswd
register: _private_htpasswd
- name: add user:pwd to private htpasswd - name: add user:pwd to private htpasswd
lineinfile: lineinfile:
dest: /etc/apache2/private_htpasswd dest: /etc/apache2/private_htpasswd
@ -44,6 +55,7 @@
notify: reload apache notify: reload apache
tags: tags:
- apache - apache
when: _private_htpasswd.stat.exists or not ansible_check_mode
- name: remove user:pwd from private htpasswd - name: remove user:pwd from private htpasswd
lineinfile: lineinfile:
@ -54,3 +66,4 @@
notify: reload apache notify: reload apache
tags: tags:
- apache - apache
when: _private_htpasswd.stat.exists or not ansible_check_mode

10
apache/tasks/ip_whitelist.yml
View file

@ -1,6 +1,11 @@
--- ---
- name: add IP addresses to private IP whitelist - name: Is ipaddr_whitelist.conf present?
stat:
path: /etc/apache2/ipaddr_whitelist.conf
register: _ipaddr_whitelist_conf
- name: Add IP addresses to private IP whitelist
lineinfile: lineinfile:
dest: /etc/apache2/ipaddr_whitelist.conf dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}" line: "Require ip {{ item }}"
@ -10,8 +15,9 @@
tags: tags:
- apache - apache
- ips - ips
when: _ipaddr_whitelist_conf.stat.exists or not ansible_check_mode
- name: remove IP addresses from private IP whitelist - name: Remove IP addresses from private IP whitelist
lineinfile: lineinfile:
dest: /etc/apache2/ipaddr_whitelist.conf dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}" line: "Require ip {{ item }}"

1
apache/tasks/log2mail.yml
View file

@ -6,6 +6,7 @@
state: present state: present
tags: tags:
- apache - apache
when: not ansible_check_mode
- name: Add log2mail config for Apache segfaults - name: Add log2mail config for Apache segfaults
template: template:

34
apache/tasks/main.yml
View file

@ -53,6 +53,7 @@
notify: reload apache notify: reload apache
tags: tags:
- apache - apache
when: not ansible_check_mode
- name: basic modules are enabled - name: basic modules are enabled
apache2_module: apache2_module:
@ -61,7 +62,9 @@
loop: loop:
- cgi - cgi
notify: reload apache notify: reload apache
when: apache_mpm == "prefork" or apache_mpm == "itk" when:
- apache_mpm == "prefork" or apache_mpm == "itk"
- not ansible_check_mode
tags: tags:
- apache - apache
@ -123,14 +126,21 @@
tags: tags:
- apache - apache
- name: default vhost is enabled - name: Is 000-evolinux-default.conf present?
stat:
path: /etc/apache2/sites-available/000-evolinux-default.conf
register: _000_evolinux_default_conf
- name: Default vhost is enabled
file: file:
src: /etc/apache2/sites-available/000-evolinux-default.conf src: /etc/apache2/sites-available/000-evolinux-default.conf
dest: /etc/apache2/sites-enabled/000-default.conf dest: /etc/apache2/sites-enabled/000-default.conf
state: link state: link
force: yes force: yes
notify: reload apache notify: reload apache
when: apache_evolinux_default_enabled | bool when:
- apache_evolinux_default_enabled | bool
- _000_evolinux_default_conf.stat.exists or not ansible_check_mode
tags: tags:
- apache - apache
@ -138,7 +148,7 @@
tags: tags:
- apache - apache
- name: is umask already present? - name: Is umask already present?
command: "grep -E '^umask ' /etc/apache2/envvars" command: "grep -E '^umask ' /etc/apache2/envvars"
failed_when: False failed_when: False
changed_when: False changed_when: False
@ -147,6 +157,11 @@
tags: tags:
- apache - apache
- name: Is envvars present?
stat:
path: /etc/apache2/envvars
register: _envvars
- name: Add a mark in envvars for umask - name: Add a mark in envvars for umask
blockinfile: blockinfile:
dest: /etc/apache2/envvars dest: /etc/apache2/envvars
@ -155,7 +170,9 @@
## Set umask for writing by Apache user. ## Set umask for writing by Apache user.
## Set rights on files and directories written by Apache ## Set rights on files and directories written by Apache
umask 007 umask 007
when: envvar_grep_umask.rc != 0 when:
- envvar_grep_umask.rc != 0
- _envvars.stat.exists or not ansible_check_mode
tags: tags:
- apache - apache
@ -183,6 +200,11 @@
tags: tags:
- apache - apache
- name: Is logrotate.d/apache2 present?
stat:
path: /etc/logrotate.d/apache2
register: _logrotate_d_apache2
- name: "logrotate: {{ apache_logrotate_frequency }}" - name: "logrotate: {{ apache_logrotate_frequency }}"
replace: replace:
dest: /etc/logrotate.d/apache2 dest: /etc/logrotate.d/apache2
@ -190,6 +212,7 @@
replace: "{{ apache_logrotate_frequency }}" replace: "{{ apache_logrotate_frequency }}"
tags: tags:
- apache - apache
when: _logrotate_d_apache2.stat.exists or not ansible_check_mode
- name: "logrotate: rotate {{ apache_logrotate_rotate }}" - name: "logrotate: rotate {{ apache_logrotate_rotate }}"
replace: replace:
@ -198,6 +221,7 @@
replace: '\1 {{ apache_logrotate_rotate }}' replace: '\1 {{ apache_logrotate_rotate }}'
tags: tags:
- apache - apache
when: _logrotate_d_apache2.stat.exists or not ansible_check_mode
- include: log2mail.yml - include: log2mail.yml
when: apache_log2mail_include when: apache_log2mail_include

3
apache/tasks/munin.yml
View file

@ -23,6 +23,7 @@
tags: tags:
- apache - apache
- munin - munin
when: not ansible_check_mode
- name: "Install fcgi packages for Munin graphs" - name: "Install fcgi packages for Munin graphs"
apt: apt:
@ -43,6 +44,7 @@
tags: tags:
- apache - apache
- munin - munin
when: not ansible_check_mode
- name: "Apache has access to /var/log/munin/" - name: "Apache has access to /var/log/munin/"
file: file:
@ -51,3 +53,4 @@
tags: tags:
- apache - apache
- munin - munin
when: not ansible_check_mode

17
apache/tasks/server_status.yml
View file

@ -21,15 +21,22 @@
args: args:
creates: "{{ apache_serverstatus_suffix_file }}" creates: "{{ apache_serverstatus_suffix_file }}"
- name: Is apache_serverstatus_suffix_file present?
stat:
path: "{{ apache_serverstatus_suffix_file }}"
register: _apache_serverstatus_suffix_file
- name: read apache server status suffix - name: read apache server status suffix
command: "tail -n 1 {{ apache_serverstatus_suffix_file }}" command: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
changed_when: False changed_when: False
check_mode: no check_mode: no
register: new_apache_serverstatus_suffix register: new_apache_serverstatus_suffix
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
- name: overwrite apache_serverstatus_suffix - name: overwrite apache_serverstatus_suffix
set_fact: set_fact:
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}" apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
- debug: - debug:
var: apache_serverstatus_suffix var: apache_serverstatus_suffix
@ -40,12 +47,14 @@
dest: /var/www/index.html dest: /var/www/index.html
regexp: '__SERVERSTATUS_SUFFIX__' regexp: '__SERVERSTATUS_SUFFIX__'
replace: "{{ apache_serverstatus_suffix }}" replace: "{{ apache_serverstatus_suffix }}"
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
- name: add server-status suffix in default site index if missing - name: add server-status suffix in default site index if missing
replace: replace:
dest: /var/www/index.html dest: /var/www/index.html
regexp: '"/server-status-?"' regexp: '"/server-status-?"'
replace: '"/server-status-{{ apache_serverstatus_suffix }}"' replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
- name: add server-status suffix in default VHost - name: add server-status suffix in default VHost
replace: replace:
@ -53,12 +62,19 @@
regexp: '<Location /server-status-?>' regexp: '<Location /server-status-?>'
replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>' replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
notify: reload apache notify: reload apache
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
- name: Is munin-node present?
stat:
path: /etc/munin/plugin-conf.d/munin-node
register: _munin_node
- name: Munin configuration has a section for apache - name: Munin configuration has a section for apache
lineinfile: lineinfile:
dest: /etc/munin/plugin-conf.d/munin-node dest: /etc/munin/plugin-conf.d/munin-node
line: "[apache_*]" line: "[apache_*]"
create: no create: no
when: _munin_node.stat.exists or not ansible_check_mode
- name: apache-status URL is configured for Munin - name: apache-status URL is configured for Munin
lineinfile: lineinfile:
@ -68,3 +84,4 @@
insertafter: "[apache_*]" insertafter: "[apache_*]"
create: no create: no
notify: restart munin-node notify: restart munin-node
when: _munin_node.stat.exists or not ansible_check_mode

10
etc-git/tasks/main.yml
View file

@ -8,14 +8,22 @@
- etc-git - etc-git
when: when:
- ansible_distribution == "Debian" - ansible_distribution == "Debian"
- not ansible_check_mode
- name: Install and configure utilities - name: Install and configure utilities
include: utils.yml include: utils.yml
tags: tags:
- etc-git - etc-git
- name: Is git present?
stat:
path: /usr/bin/git
register: _git
- name: Configure repositories - name: Configure repositories
include: repositories.yml include: repositories.yml
tags: tags:
- etc-git - etc-git
when: etc_git_config_repositories | bool when:
- etc_git_config_repositories | bool
- _git.stat.exists or not ansible_check_mode

5
evoacme/handlers/main.yml
View file

@ -1,14 +1,17 @@
- name: newaliases - name: newaliases
command: newaliases command: newaliases
when: not ansible_check_mode
- name: Test Apache conf - name: Test Apache conf
command: apache2ctl -t command: apache2ctl -t
notify: "Reload Apache conf" notify: "Reload Apache conf"
when: not ansible_check_mode
- name: reload apache2 - name: reload apache2
service: service:
name: apache2 name: apache2
state: reloaded state: reloaded
when: not ansible_check_mode
- name: apt update - name: apt update
apt: apt:
@ -18,8 +21,10 @@
service: service:
name: squid3 name: squid3
state: reloaded state: reloaded
when: not ansible_check_mode
- name: reload squid - name: reload squid
service: service:
name: squid name: squid
state: reloaded state: reloaded
when: not ansible_check_mode

4
evocheck/tasks/exec.yml
View file

@ -10,6 +10,8 @@
- debug: - debug:
var: evocheck_run.stdout_lines var: evocheck_run.stdout_lines
when: evocheck_run.stdout | length > 0 when:
- not ansible_check_mode
- evocheck_run.stdout | length > 0
tags: tags:
- evocheck-exec - evocheck-exec

1
evolinux-base/tasks/default_www.yml
View file

@ -38,6 +38,7 @@
owner: root owner: root
group: ssl-cert group: ssl-cert
mode: "0640" mode: "0640"
when: not ansible_check_mode
- name: Create certificate for default site - name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt

8
evolinux-base/tasks/hardware.yml
View file

@ -43,7 +43,9 @@
state: present state: present
tags: tags:
- packages - packages
when: ansible_virtualization_role == "host" when:
- ansible_virtualization_role == "host"
- not ansible_check_mode
## RAID ## RAID
# Dell and others: MegaRAID SAS # Dell and others: MegaRAID SAS
@ -108,6 +110,7 @@
name: ssacli name: ssacli
tags: tags:
- packages - packages
when: not ansible_check_mode
when: when:
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout" - "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
- "'Adaptec Smart Storage PQI' in raidmodel.stdout" - "'Adaptec Smart Storage PQI' in raidmodel.stdout"
@ -134,6 +137,7 @@
state: present state: present
tags: tags:
- packages - packages
when: not ansible_check_mode
- name: cciss-vol-statusd init script is present (HP gen <10) - name: cciss-vol-statusd init script is present (HP gen <10)
template: template:
@ -246,6 +250,7 @@
allow_unauthenticated: yes allow_unauthenticated: yes
tags: tags:
- packages - packages
when: not ansible_check_mode
- name: Configure packages for DELL/LSI hardware - name: Configure packages for DELL/LSI hardware
template: template:
@ -263,6 +268,7 @@
tags: tags:
- packages - packages
- config - config
when: not ansible_check_mode
when: when:
- "'MegaRAID' in raidmodel.stdout" - "'MegaRAID' in raidmodel.stdout"
- evolinux_packages_hardware_raid | bool - evolinux_packages_hardware_raid | bool

7
evolinux-base/tasks/log2mail.yml
View file

@ -16,6 +16,12 @@
daemon-reload: yes daemon-reload: yes
state: started state: started
enabled: yes enabled: yes
when: not ansible_check_mode
- name: Is log2mail/config/default present?
stat:
path: /etc/log2mail/config/default
register: _log2mail_config_default
- name: log2mail config is present - name: log2mail config is present
blockinfile: blockinfile:
@ -32,4 +38,5 @@
notify: restart log2mail notify: restart log2mail
tags: tags:
- log2mail - log2mail
when: _log2mail_config_default.stat.exists or not ansible_check_mode

4
evolinux-base/tasks/packages.yml
View file

@ -89,7 +89,9 @@
apt: apt:
name: serveur-base name: serveur-base
allow_unauthenticated: yes allow_unauthenticated: yes
when: evolinux_packages_serveur_base | bool when:
- evolinux_packages_serveur_base | bool
- not ansible_check_mode
- name: Install/Update packages for Stretch and later - name: Install/Update packages for Stretch and later
apt: apt:

24
evolinux-base/tasks/postfix.yml
View file

@ -11,6 +11,11 @@
- packages - packages
- postfix - postfix
- name: Is main.cf present?
stat:
path: /etc/postfix/main.cf
register: _main_cf
- name: configure postfix myhostname - name: configure postfix myhostname
lineinfile: lineinfile:
dest: /etc/postfix/main.cf dest: /etc/postfix/main.cf
@ -20,6 +25,7 @@
notify: reload postfix notify: reload postfix
tags: tags:
- postfix - postfix
when: _main_cf.stat.exists or not ansible_check_mode
- name: configure postfix mynetworks - name: configure postfix mynetworks
lineinfile: lineinfile:
@ -30,6 +36,7 @@
notify: reload postfix notify: reload postfix
tags: tags:
- postfix - postfix
when: _main_cf.stat.exists or not ansible_check_mode
- name: fetch users list - name: fetch users list
shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root" shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root"
@ -41,6 +48,11 @@
tags: tags:
- postfix - postfix
- name: Is aliases present?
stat:
path: /etc/aliases
register: _aliases
- name: each user is aliased to root - name: each user is aliased to root
lineinfile: lineinfile:
dest: /etc/aliases dest: /etc/aliases
@ -48,7 +60,9 @@
line: "{{ item }}: root" line: "{{ item }}: root"
loop: "{{ non_root_users_list.stdout_lines }}" loop: "{{ non_root_users_list.stdout_lines }}"
notify: newaliases notify: newaliases
when: evolinux_postfix_users_alias_root | bool when:
- evolinux_postfix_users_alias_root | bool
- _aliases.stat.exists or not ansible_check_mode
tags: tags:
- postfix - postfix
@ -65,7 +79,9 @@
- error - error
- bounce - bounce
notify: newaliases notify: newaliases
when: evolinux_postfix_mailer_alias_root | bool when:
- evolinux_postfix_mailer_alias_root | bool
- _aliases.stat.exists or not ansible_check_mode
tags: tags:
- postfix - postfix
@ -75,7 +91,9 @@
regexp: "^root:" regexp: "^root:"
line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}" line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
notify: newaliases notify: newaliases
when: evolinux_postfix_root_alias | bool when:
- evolinux_postfix_root_alias | bool
- _aliases.stat.exists or not ansible_check_mode
tags: tags:
- postfix - postfix

11
evolinux-users/tasks/user.yml
View file

@ -154,13 +154,21 @@
register: grep_profile_evomaintenance register: grep_profile_evomaintenance
## Don't add the trap if it is present or commented ## Don't add the trap if it is present or commented
- name: "Is '/home/{{ user.name }}' present?"
stat:
path: '/home/{{ user.name }}'
register: _home_user_name
- name: "User '{{ user.name }}' has its shell trap for evomaintenance" - name: "User '{{ user.name }}' has its shell trap for evomaintenance"
lineinfile: lineinfile:
state: present state: present
dest: '/home/{{ user.name }}/.profile' dest: '/home/{{ user.name }}/.profile'
insertafter: EOF insertafter: EOF
line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0' line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0'
when: grep_profile_evomaintenance.rc != 0 when:
- grep_profile_evomaintenance.rc != 0
- _home_user_name.stat.exists or not ansible_check_mode
# SSH keys # SSH keys
@ -192,5 +200,6 @@
when: when:
- user.ssh_keys is defined - user.ssh_keys is defined
- user.ssh_keys | length > 0 - user.ssh_keys | length > 0
- _home_user_name.stat.exists or not ansible_check_mode
- meta: flush_handlers - meta: flush_handlers

3
haproxy/handlers/main.yml
View file

@ -3,13 +3,16 @@
service: service:
name: haproxy name: haproxy
state: reloaded state: reloaded
when: not ansible_check_mode
- name: restart haproxy - name: restart haproxy
service: service:
name: haproxy name: haproxy
state: restarted state: restarted
when: not ansible_check_mode
- name: restart munin-node - name: restart munin-node
service: service:
name: munin-node name: munin-node
state: restarted state: restarted
when: not ansible_check_mode

12
haproxy/tasks/main.yml
View file

@ -114,6 +114,11 @@
- config - config
- update-config - update-config
- name: Is haproxy.cfg present?
stat:
path: /etc/haproxy/haproxy.cfg
register: _haproxy_cfg
- name: Rotate logs with dateext - name: Rotate logs with dateext
lineinfile: lineinfile:
dest: /etc/logrotate.d/haproxy dest: /etc/logrotate.d/haproxy
@ -123,6 +128,12 @@
tags: tags:
- haproxy - haproxy
- logrotate - logrotate
when: _haproxy_cfg.stat.exists or not ansible_check_mode
- name: Is logrotate.d/haproxy present?
stat:
path: /etc/logrotate.d/haproxy
register: _logrotate_d_haproxy
- name: Rotate logs with nodelaycompress - name: Rotate logs with nodelaycompress
lineinfile: lineinfile:
@ -133,6 +144,7 @@
tags: tags:
- haproxy - haproxy
- logrotate - logrotate
when: _logrotate_d_haproxy.stat.exists or not ansible_check_mode
- name: Set net.ipv4.ip_nonlocal_bind - name: Set net.ipv4.ip_nonlocal_bind
sysctl: sysctl:

6
lxc-php/tasks/php74.yml
View file

@ -5,11 +5,17 @@
name: "{{ lxc_php_version }}" name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer" container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
- name: "Is sources.list present?"
stat:
path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
register: _sources_list
- name: "{{ lxc_php_version }} - fix bullseye repository" - name: "{{ lxc_php_version }} - fix bullseye repository"
replace: replace:
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
regexp: 'bullseye/updates' regexp: 'bullseye/updates'
replace: 'bullseye-security' replace: 'bullseye-security'
when: _sources_list.stat.exists or not ansible_check_mode
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration" - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
template: template:

6
lxc-php/tasks/php80.yml
View file

@ -5,11 +5,17 @@
name: "{{ lxc_php_version }}" name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg" container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg"
- name: "Is sources.list present?"
stat:
path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
register: _sources_list
- name: "{{ lxc_php_version }} - fix bullseye repository" - name: "{{ lxc_php_version }} - fix bullseye repository"
replace: replace:
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
regexp: 'bullseye/updates' regexp: 'bullseye/updates'
replace: 'bullseye-security' replace: 'bullseye-security'
when: _sources_list.stat.exists or not ansible_check_mode
- name: "{{ lxc_php_version }} - Add sury repo" - name: "{{ lxc_php_version }} - Add sury repo"
lineinfile: lineinfile:

6
lxc-php/tasks/php81.yml
View file

@ -5,11 +5,17 @@
name: "{{ lxc_php_version }}" name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg" container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg"
- name: "Is sources.list present?"
stat:
path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
register: _sources_list
- name: "{{ lxc_php_version }} - fix bullseye repository" - name: "{{ lxc_php_version }} - fix bullseye repository"
replace: replace:
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
regexp: 'bullseye/updates' regexp: 'bullseye/updates'
replace: 'bullseye-security' replace: 'bullseye-security'
when: _sources_list.stat.exists or not ansible_check_mode
- name: "{{ lxc_php_version }} - Add sury repo" - name: "{{ lxc_php_version }} - Add sury repo"
lineinfile: lineinfile:

29
lxc/tasks/create-container.yml
View file

@ -1,9 +1,16 @@
--- ---
- name: Is lxc installed?
stat:
path: /usr/bin/lxc-ls
register: _lxc_ls
- name: "Check if container {{ name }} exists" - name: "Check if container {{ name }} exists"
command: "lxc-ls {{ name }}" command: "lxc-ls {{ name }}"
changed_when: false changed_when: false
check_mode: no check_mode: no
register: container_exists register: container_exists
when: _lxc_ls.stat.exists or not ansible_check_mode
- name: "Create container {{ name }}" - name: "Create container {{ name }}"
lxc_container: lxc_container:
@ -12,20 +19,31 @@
template: debian template: debian
state: stopped state: stopped
template_options: "--arch amd64 --release {{ release }}" template_options: "--arch amd64 --release {{ release }}"
when: container_exists.stdout_lines | length == 0 when:
- container_exists.stdout_lines | length == 0
- _lxc_container.stat.exists or not ansible_check_mode
- name: "Is container {{ name }} created?"
stat:
path: "/var/lib/lxc/{{ name }}"
register: _lxc_container
- name: "Disable network configuration inside container {{ name }}" - name: "Disable network configuration inside container {{ name }}"
replace: replace:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/networking" name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/networking"
regexp: "^#CONFIGURE_INTERFACES=yes" regexp: "^#CONFIGURE_INTERFACES=yes"
replace: CONFIGURE_INTERFACES=no replace: CONFIGURE_INTERFACES=no
when: lxc_network_type == "none" when:
- lxc_network_type == "none"
- _lxc_container.stat.exists or not ansible_check_mode
- name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)" - name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
lineinfile: lineinfile:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt" name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
line: "NETDOWN=no" line: "NETDOWN=no"
when: lxc_network_type == "none" and release == "jessie" when:
- lxc_network_type == "none" and release == "jessie"
- _lxc_container.stat.exists or not ansible_check_mode
- name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)" - name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
file: file:
@ -44,13 +62,16 @@
lineinfile: lineinfile:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts" name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
line: "127.0.0.1 {{ name }}" line: "127.0.0.1 {{ name }}"
when: _lxc_container.stat.exists or not ansible_check_mode
- name: "Fix permission on /dev for container {{ name }}" - name: "Fix permission on /dev for container {{ name }}"
lineinfile: lineinfile:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/rc.local" name: "/var/lib/lxc/{{ name }}/rootfs/etc/rc.local"
line: "chmod 755 /dev" line: "chmod 755 /dev"
insertbefore: "^exit 0$" insertbefore: "^exit 0$"
when: release == 'jessie' when:
- release == 'jessie'
- _lxc_container.stat.exists or not ansible_check_mode
- name: "Ensure that {{ name }} container is running" - name: "Ensure that {{ name }} container is running"
lxc_container: lxc_container:

7
lxc/tasks/main.yml
View file

@ -43,11 +43,17 @@
- lxc_unprivilegied_containers | bool - lxc_unprivilegied_containers | bool
- root_subuids.rc != 0 - root_subuids.rc != 0
- name: Is lxc present?
stat:
path: /var/lib/lxc
register: _lib_lxc
- name: Get filesystem options - name: Get filesystem options
command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS
changed_when: false changed_when: false
check_mode: no check_mode: no
register: check_fs_options register: check_fs_options
when: _lib_lxc.stat.exists or not ansible_check_mode
- name: Check if options are correct - name: Check if options are correct
assert: assert:
@ -56,6 +62,7 @@
- "'noexec' not in check_fs_options.stdout" - "'noexec' not in check_fs_options.stdout"
- "'nosuid' not in check_fs_options.stdout" - "'nosuid' not in check_fs_options.stdout"
msg: "LXC directory is in a filesystem with incompatible options" msg: "LXC directory is in a filesystem with incompatible options"
when: _lib_lxc.stat.exists or not ansible_check_mode
- name: Create containers - name: Create containers
include: create-container.yml include: create-container.yml

27
minifirewall/tasks/config.yml
View file

@ -24,12 +24,18 @@
var: minifirewall_is_running var: minifirewall_is_running
verbosity: 1 verbosity: 1
- name: Is minifirewall present?
stat:
path: /etc/default/minifirewall
register: _minifirewall
- name: Begin marker for IP addresses - name: Begin marker for IP addresses
lineinfile: lineinfile:
dest: "/etc/default/minifirewall" dest: "/etc/default/minifirewall"
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS" line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
insertbefore: '^# Main interface' insertbefore: '^# Main interface'
create: no create: no
when: _minifirewall.stat.exists or not ansible_check_mode
- name: End marker for IP addresses - name: End marker for IP addresses
lineinfile: lineinfile:
@ -37,6 +43,7 @@
create: no create: no
line: "# END ANSIBLE MANAGED BLOCK FOR IPS" line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
insertafter: '^PRIVILEGIEDIPS=' insertafter: '^PRIVILEGIEDIPS='
when: _minifirewall.stat.exists or not ansible_check_mode
- name: Verify that at least 1 trusted IP is provided - name: Verify that at least 1 trusted IP is provided
assert: assert:
@ -84,6 +91,7 @@
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}' PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
create: no create: no
register: minifirewall_config_ips register: minifirewall_config_ips
when: _minifirewall.stat.exists or not ansible_check_mode
- name: Begin marker for ports - name: Begin marker for ports
lineinfile: lineinfile:
@ -91,6 +99,7 @@
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS" line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
insertbefore: '^# Protected services' insertbefore: '^# Protected services'
create: no create: no
when: _minifirewall.stat.exists or not ansible_check_mode
- name: End marker for ports - name: End marker for ports
lineinfile: lineinfile:
@ -98,6 +107,7 @@
line: "# END ANSIBLE MANAGED BLOCK FOR PORTS" line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
insertafter: '^SERVICESUDP3=' insertafter: '^SERVICESUDP3='
create: no create: no
when: _minifirewall.stat.exists or not ansible_check_mode
- name: Configure ports - name: Configure ports
blockinfile: blockinfile:
@ -122,6 +132,7 @@
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}' SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
create: no create: no
register: minifirewall_config_ports register: minifirewall_config_ports
when: _minifirewall.stat.exists or not ansible_check_mode
- name: Configure DNSSERVEURS - name: Configure DNSSERVEURS
lineinfile: lineinfile:
@ -193,7 +204,9 @@
line: "PROXY='{{ minifirewall_proxy }}'" line: "PROXY='{{ minifirewall_proxy }}'"
regexp: "PROXY=('|\").*('|\")" regexp: "PROXY=('|\").*('|\")"
create: no create: no
when: minifirewall_proxy is not none when:
- minifirewall_proxy is not none
- _minifirewall.stat.exists or not ansible_check_mode
- name: Configure PROXYPORT - name: Configure PROXYPORT
lineinfile: lineinfile:
@ -201,7 +214,9 @@
line: "PROXYPORT='{{ minifirewall_proxyport }}'" line: "PROXYPORT='{{ minifirewall_proxyport }}'"
regexp: "PROXYPORT=('|\").*('|\")" regexp: "PROXYPORT=('|\").*('|\")"
create: no create: no
when: minifirewall_proxyport is not none when:
- minifirewall_proxyport is not none
- _minifirewall.stat.exists or not ansible_check_mode
# Warning: keep double quotes for the value, # Warning: keep double quotes for the value,
# since we often reference a shell variable that needs to be interpolated # since we often reference a shell variable that needs to be interpolated
@ -211,7 +226,9 @@
line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\"" line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
regexp: "PROXYBYPASS=('|\").*('|\")" regexp: "PROXYBYPASS=('|\").*('|\")"
create: no create: no
when: minifirewall_proxybypass is not none when:
- minifirewall_proxyport is not none
- _minifirewall.stat.exists or not ansible_check_mode
- name: Configure BACKUPSERVERS - name: Configure BACKUPSERVERS
lineinfile: lineinfile:
@ -219,7 +236,9 @@
line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'" line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
regexp: "BACKUPSERVERS=('|\").*('|\")" regexp: "BACKUPSERVERS=('|\").*('|\")"
create: no create: no
when: minifirewall_backupservers is not none when:
- minifirewall_backupservers is not none
- _minifirewall.stat.exists or not ansible_check_mode
- name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS - name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
lineinfile: lineinfile:

4
munin/handlers/main.yml
View file

@ -4,12 +4,14 @@
service: service:
name: munin-node name: munin-node
state: restarted state: restarted
when: not ansible_check_mode
- name: restart munin_node - name: restart munin_node
service: service:
name: munin_node name: munin_node
state: restarted state: restarted
when: not ansible_check_mode
- name: systemd daemon-reload - name: systemd daemon-reload
systemd: systemd:
daemon_reload: yes daemon_reload: yes

7
munin/tasks/main.yml
View file

@ -32,7 +32,9 @@
removes: /var/lib/munin/localdomain removes: /var/lib/munin/localdomain
notify: restart munin-node notify: restart munin-node
when: not ansible_hostname == "localdomain" when:
- not ansible_hostname == "localdomain"
- not ansible_check_mode
tags: tags:
- munin - munin
@ -79,6 +81,7 @@
notify: restart munin-node notify: restart munin-node
tags: tags:
- munin - munin
when: not ansible_check_mode
- name: Enable sensors_ plugin on dedicated hardware - name: Enable sensors_ plugin on dedicated hardware
file: file:
@ -92,6 +95,7 @@
notify: restart munin-node notify: restart munin-node
tags: tags:
- munin - munin
when: not ansible_check_mode
- name: Enable ipmi_ plugin on dedicated hardware - name: Enable ipmi_ plugin on dedicated hardware
file: file:
@ -105,6 +109,7 @@
- temp - temp
- power - power
- volts - volts
when: not ansible_check_mode
- name: adjustments for grsec kernel - name: adjustments for grsec kernel
blockinfile: blockinfile:

1
mysql/tasks/datadir.yml
View file

@ -43,3 +43,4 @@
- mysql_custom_datadir | length > 0 - mysql_custom_datadir | length > 0
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout - mysql_custom_datadir != mysql_current_real_datadir_test.stdout
- not mysql_custom_datadir_test.stat.exists - not mysql_custom_datadir_test.stat.exists
- not ansible_check_mode

1
mysql/tasks/logdir.yml
View file

@ -43,3 +43,4 @@
- mysql_custom_logdir | length > 0 - mysql_custom_logdir | length > 0
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout - mysql_custom_logdir != mysql_current_real_logdir_test.stdout
- not mysql_custom_logdir_test.stat.exists - not mysql_custom_logdir_test.stat.exists
- not ansible_check_mode

1
mysql/tasks/packages_jessie.yml
View file

@ -42,6 +42,7 @@
tags: tags:
- mysql - mysql
- services - services
when: not ansible_check_mode
- name: apg package is installed - name: apg package is installed
apt: apt:

3
mysql/tasks/packages_stretch.yml
View file

@ -28,6 +28,7 @@
tags: tags:
- mysql - mysql
- services - services
when: not ansible_check_mode
- name: apg package is installed - name: apg package is installed
apt: apt:
@ -57,4 +58,4 @@
tags: tags:
- mysql - mysql
- packages - packages
when: ansible_python_version is version('3', '>=') when: ansible_python_version is version('3', '>=')

6
mysql/tasks/utils.yml
View file

@ -155,7 +155,9 @@
src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh" src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
state: link state: link
when: mysql_cron_optimize | bool when:
- mysql_cron_optimize | bool
- not ansible_check_mode
tags: tags:
- mysql - mysql
@ -248,4 +250,4 @@
mode: "0755" mode: "0755"
force: no force: no
tags: tags:
- mysql - mysql

2
nagios-nrpe/handlers/main.yml
View file

@ -4,8 +4,10 @@
service: service:
name: nagios-nrpe-server name: nagios-nrpe-server
state: restarted state: restarted
when: not ansible_check_mode
- name: restart nrpe - name: restart nrpe
service: service:
name: nrpe name: nrpe
state: restarted state: restarted
when: not ansible_check_mode

1
ntpd/tasks/main.yml
View file

@ -21,3 +21,4 @@
notify: restart ntp notify: restart ntp
tags: tags:
- ntp - ntp
when: not ansible_check_mode

6
packweb-apache/tasks/apache.yml
View file

@ -14,7 +14,9 @@
block: | block: |
# Used for Evoadmin-web # Used for Evoadmin-web
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
when: envvar_grep_path.rc != 0 when:
- envvar_grep_path.rc != 0
- not ansible_check_mode
- name: Additional packages are installed - name: Additional packages are installed
apt: apt:
@ -34,6 +36,7 @@
- negotiation - negotiation
- alias - alias
- log_forensic - log_forensic
when: not ansible_check_mode
- name: Copy Apache settings for modules - name: Copy Apache settings for modules
copy: copy:
@ -60,3 +63,4 @@
loop: loop:
- evolinux-evasive - evolinux-evasive
- evolinux-modsec - evolinux-modsec
when: not ansible_check_mode

4
packweb-apache/tasks/awstats.yml
View file

@ -22,6 +22,7 @@
AllowFullYearView=3 AllowFullYearView=3
ErrorMessages="An error occured. Contact your Administrator" ErrorMessages="An error occured. Contact your Administrator"
mode: "0644" mode: "0644"
when: not ansible_check_mode
- name: Create conf-available/awstats-icon.conf file - name: Create conf-available/awstats-icon.conf file
copy: copy:
@ -39,6 +40,7 @@
register: command_result register: command_result
changed_when: "'Enabling' in command_result.stderr" changed_when: "'Enabling' in command_result.stderr"
notify: reload apache notify: reload apache
when: not ansible_check_mode
- name: Create awstats cron - name: Create awstats cron
lineinfile: lineinfile:
@ -46,6 +48,7 @@
create: yes create: yes
regexp: '-config=awstats' regexp: '-config=awstats'
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null" line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
when: not ansible_check_mode
- name: Comment default awstat cron's tasks - name: Comment default awstat cron's tasks
lineinfile: lineinfile:
@ -54,3 +57,4 @@
line: '#\1' line: '#\1'
backrefs: yes backrefs: yes
state: present state: present
when: not ansible_check_mode

3
packweb-apache/tasks/main.yml
View file

@ -26,6 +26,7 @@
dest: /var/www/index.html dest: /var/www/index.html
line: ' <li><a href="/info.php">Infos PHP</a></li>' line: ' <li><a href="/info.php">Infos PHP</a></li>'
regexp: "Infos PHP" regexp: "Infos PHP"
when: not ansible_check_mode
- name: install opcache.php - name: install opcache.php
copy: copy:
@ -38,6 +39,7 @@
dest: /var/www/index.html dest: /var/www/index.html
line: ' <li><a href="/opcache.php">Infos OpCache PHP</a></li>' line: ' <li><a href="/opcache.php">Infos OpCache PHP</a></li>'
regexp: "Infos OpCache PHP" regexp: "Infos OpCache PHP"
when: not ansible_check_mode
- name: Add elements to user account template - name: Add elements to user account template
file: file:
@ -64,6 +66,7 @@
loop: loop:
- access.log - access.log
- error.log - error.log
when: not ansible_check_mode
- name: "Install userlogrotate (jessie)" - name: "Install userlogrotate (jessie)"
copy: copy:

1
packweb-apache/tasks/multiphp.yml
View file

@ -5,6 +5,7 @@
state: present state: present
name: proxy_fcgi name: proxy_fcgi
notify: restart apache2 notify: restart apache2
when: not ansible_check_mode
- include_role: - include_role:
name: remount-usr name: remount-usr

5
packweb-apache/tasks/phpmyadmin.yml
View file

@ -65,10 +65,12 @@
changed_when: False changed_when: False
check_mode: no check_mode: no
register: new_packweb_phpmyadmin_suffix register: new_packweb_phpmyadmin_suffix
when: not ansible_check_mode
- name: overwrite packweb_phpmyadmin_suffix - name: overwrite packweb_phpmyadmin_suffix
set_fact: set_fact:
packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}" packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}"
when: not ansible_check_mode
- debug: - debug:
var: packweb_phpmyadmin_suffix var: packweb_phpmyadmin_suffix
@ -86,15 +88,18 @@
Require all denied Require all denied
Include /etc/apache2/ipaddr_whitelist.conf Include /etc/apache2/ipaddr_whitelist.conf
</Directory> </Directory>
when: not ansible_check_mode
- name: enable phpmyadmin link in default site index - name: enable phpmyadmin link in default site index
replace: replace:
dest: /var/www/index.html dest: /var/www/index.html
regexp: '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->' regexp: '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
replace: ' <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>' replace: ' <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
when: not ansible_check_mode
- name: replace phpmyadmin suffix in default site index - name: replace phpmyadmin suffix in default site index
replace: replace:
dest: /var/www/index.html dest: /var/www/index.html
regexp: '__PHPMYADMIN_SUFFIX__' regexp: '__PHPMYADMIN_SUFFIX__'
replace: "{{ packweb_phpmyadmin_suffix }}" replace: "{{ packweb_phpmyadmin_suffix }}"
when: not ansible_check_mode

5
php/handlers/main.yml
View file

@ -4,23 +4,28 @@
service: service:
name: php5-fpm name: php5-fpm
state: restarted state: restarted
when: not ansible_check_mode
- name: restart php7.0-fpm - name: restart php7.0-fpm
service: service:
name: php7.0-fpm name: php7.0-fpm
state: restarted state: restarted
when: not ansible_check_mode
- name: restart php7.3-fpm - name: restart php7.3-fpm
service: service:
name: php7.3-fpm name: php7.3-fpm
state: restarted state: restarted
when: not ansible_check_mode
- name: restart php7.4-fpm - name: restart php7.4-fpm
service: service:
name: php7.4-fpm name: php7.4-fpm
state: restarted state: restarted
when: not ansible_check_mode
- name: restart php8.1-fpm - name: restart php8.1-fpm
service: service:
name: php8.1-fpm name: php8.1-fpm
state: restarted state: restarted
when: not ansible_check_mode

5
php/tasks/config_cli.yml
View file

@ -25,6 +25,7 @@
file: file:
dest: "{{ php_cli_custom_ini_file }}" dest: "{{ php_cli_custom_ini_file }}"
mode: "0644" mode: "0644"
when: not ansible_check_mode
- name: "Set custom values for PHP to enable Symfony" - name: "Set custom values for PHP to enable Symfony"
ini_file: ini_file:
@ -35,4 +36,6 @@
mode: "0644" mode: "0644"
loop: loop:
- { option: "date.timezone", value: "Europe/Paris" } - { option: "date.timezone", value: "Europe/Paris" }
when: php_symfony_requirements | bool when:
- php_symfony_requirements | bool
- not ansible_check_mode

10
php/tasks/main_bookworm.yml
View file

@ -79,12 +79,14 @@
with_items: with_items:
- /etc/php - /etc/php
- /etc/php/{{ php_version }} - /etc/php/{{ php_version }}
when: not ansible_check_mode
- include: config_cli.yml - include: config_cli.yml
- name: "Enforce permissions on PHP cli directory (Debian 12)" - name: "Enforce permissions on PHP cli directory (Debian 12)"
file: file:
dest: /etc/php/{{ php_version }}/cli dest: /etc/php/{{ php_version }}/cli
mode: "0755" mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml - include: config_fpm.yml
when: php_fpm_enable when: php_fpm_enable
@ -93,7 +95,9 @@
file: file:
dest: /etc/php/{{ php_version }}/fpm dest: /etc/php/{{ php_version }}/fpm
mode: "0755" mode: "0755"
when: php_fpm_enable when:
- php_fpm_enable
- not ansible_check_mode
- include: config_apache.yml - include: config_apache.yml
when: php_apache_enable when: php_apache_enable
@ -102,7 +106,9 @@
file: file:
dest: /etc/php/{{ php_version }}/apache2 dest: /etc/php/{{ php_version }}/apache2
mode: "0755" mode: "0755"
when: php_apache_enable when:
- php_apache_enable
- not ansible_check_mode
- include: sury_post.yml - include: sury_post.yml
when: php_sury_enable when: php_sury_enable

10
php/tasks/main_bullseye.yml
View file

@ -68,12 +68,14 @@
with_items: with_items:
- /etc/php - /etc/php
- /etc/php/7.4 - /etc/php/7.4
when: not ansible_check_mode
- include: config_cli.yml - include: config_cli.yml
- name: "Enforce permissions on PHP cli directory (Debian 11)" - name: "Enforce permissions on PHP cli directory (Debian 11)"
file: file:
dest: /etc/php/7.4/cli dest: /etc/php/7.4/cli
mode: "0755" mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml - include: config_fpm.yml
when: php_fpm_enable when: php_fpm_enable
@ -82,7 +84,9 @@
file: file:
dest: /etc/php/7.4/fpm dest: /etc/php/7.4/fpm
mode: "0755" mode: "0755"
when: php_fpm_enable when:
- php_fpm_enable
- not ansible_check_mode
- include: config_apache.yml - include: config_apache.yml
when: php_apache_enable when: php_apache_enable
@ -91,7 +95,9 @@
file: file:
dest: /etc/php/7.4/apache2 dest: /etc/php/7.4/apache2
mode: "0755" mode: "0755"
when: php_apache_enable when:
- php_apache_enable
- not ansible_check_mode
- include: sury_post.yml - include: sury_post.yml
when: php_sury_enable when: php_sury_enable

10
php/tasks/main_buster.yml
View file

@ -68,12 +68,14 @@
loop: loop:
- /etc/php - /etc/php
- /etc/php/7.3 - /etc/php/7.3
when: not ansible_check_mode
- include: config_cli.yml - include: config_cli.yml
- name: "Enforce permissions on PHP cli directory (Debian 10)" - name: "Enforce permissions on PHP cli directory (Debian 10)"
file: file:
dest: /etc/php/7.3/cli dest: /etc/php/7.3/cli
mode: "0755" mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml - include: config_fpm.yml
when: php_fpm_enable | bool when: php_fpm_enable | bool
@ -82,7 +84,9 @@
file: file:
dest: /etc/php/7.3/fpm dest: /etc/php/7.3/fpm
mode: "0755" mode: "0755"
when: php_fpm_enable | bool when:
- php_fpm_enable | bool
- not ansible_check_mode
- include: config_apache.yml - include: config_apache.yml
when: php_apache_enable | bool when: php_apache_enable | bool
@ -91,7 +95,9 @@
file: file:
dest: /etc/php/7.3/apache2 dest: /etc/php/7.3/apache2
mode: "0755" mode: "0755"
when: php_apache_enable | bool when:
- php_apache_enable | bool
- not ansible_check_mode
- include: sury_post.yml - include: sury_post.yml
when: php_sury_enable | bool when: php_sury_enable | bool

10
php/tasks/main_jessie.yml
View file

@ -56,6 +56,7 @@
file: file:
dest: /etc/php5 dest: /etc/php5
mode: "0755" mode: "0755"
when: not ansible_check_mode
- include: config_cli.yml - include: config_cli.yml
@ -63,6 +64,7 @@
file: file:
dest: /etc/php5/cli dest: /etc/php5/cli
mode: "0755" mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml - include: config_fpm.yml
when: php_fpm_enable | bool when: php_fpm_enable | bool
@ -71,7 +73,9 @@
file: file:
dest: /etc/php5/fpm dest: /etc/php5/fpm
mode: "0755" mode: "0755"
when: php_fpm_enable | bool when:
- php_fpm_enable | bool
- not ansible_check_mode
- include: config_apache.yml - include: config_apache.yml
when: php_apache_enable | bool when: php_apache_enable | bool
@ -80,4 +84,6 @@
file: file:
dest: /etc/php5/apache2 dest: /etc/php5/apache2
mode: "0755" mode: "0755"
when: php_apache_enable | bool when:
- php_apache_enable | bool
- not ansible_check_mode

10
php/tasks/main_stretch.yml
View file

@ -68,6 +68,7 @@
loop: loop:
- /etc/php - /etc/php
- /etc/php/7.0 - /etc/php/7.0
when: not ansible_check_mode
- include: config_cli.yml - include: config_cli.yml
@ -75,6 +76,7 @@
file: file:
dest: /etc/php/7.0/cli dest: /etc/php/7.0/cli
mode: "0755" mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml - include: config_fpm.yml
when: php_fpm_enable | bool when: php_fpm_enable | bool
@ -83,7 +85,9 @@
file: file:
dest: /etc/php/7.0/fpm dest: /etc/php/7.0/fpm
mode: "0755" mode: "0755"
when: php_fpm_enable | bool when:
- php_fpm_enable | bool
- not ansible_check_mode
- include: config_apache.yml - include: config_apache.yml
when: php_apache_enable | bool when: php_apache_enable | bool
@ -92,7 +96,9 @@
file: file:
dest: /etc/php/7.0/apache2 dest: /etc/php/7.0/apache2
mode: "0755" mode: "0755"
when: php_apache_enable | bool when:
- php_apache_enable | bool
- not ansible_check_mode
- include: sury_post.yml - include: sury_post.yml
when: php_sury_enable | bool when: php_sury_enable | bool

9
php/tasks/sury_post.yml
View file

@ -14,6 +14,7 @@
file: file:
dest: /etc/php/7.4/cli dest: /etc/php/7.4/cli
mode: "0755" mode: "0755"
when: not ansible_check_mode
- name: Symlink Evolix Apache config files from 7.4 to 7.0 - name: Symlink Evolix Apache config files from 7.4 to 7.0
file: file:
@ -30,7 +31,9 @@
file: file:
dest: /etc/php/7.4/apache2 dest: /etc/php/7.4/apache2
mode: "0755" mode: "0755"
when: php_apache_enable | bool when:
- php_apache_enable | bool
- not ansible_check_mode
- name: Symlink Evolix FPM config files from 7.4 to 7.0 - name: Symlink Evolix FPM config files from 7.4 to 7.0
file: file:
@ -49,4 +52,6 @@
file: file:
dest: /etc/php/7.4/fpm dest: /etc/php/7.4/fpm
mode: "0755" mode: "0755"
when: php_fpm_enable | bool when:
- php_fpm_enable | bool
- not ansible_check_mode

1
proftpd/handlers/main.yml
View file

@ -3,3 +3,4 @@
service: service:
name: proftpd name: proftpd
state: restarted state: restarted
when: not ansible_check_mode

2
proftpd/tasks/main.yml
View file

@ -70,6 +70,7 @@
notify: restart proftpd notify: restart proftpd
tags: tags:
- proftpd - proftpd
when: not ansible_check_mode
- name: Put empty vpasswd file if missing - name: Put empty vpasswd file if missing
copy: copy:
@ -92,6 +93,7 @@
notify: restart proftpd notify: restart proftpd
tags: tags:
- proftpd - proftpd
when: not ansible_check_mode
- include: accounts.yml - include: accounts.yml
when: proftpd_accounts | length > 0 when: proftpd_accounts | length > 0

7
squid/handlers/main.yml
View file

@ -3,31 +3,38 @@
service: service:
name: munin-node name: munin-node
state: restarted state: restarted
when: not ansible_check_mode
- name: restart squid - name: restart squid
service: service:
name: squid name: squid
state: restarted state: restarted
when: not ansible_check_mode
- name: reload squid - name: reload squid
service: service:
name: squid name: squid
state: reloaded state: reloaded
when: not ansible_check_mode
- name: restart squid3 - name: restart squid3
service: service:
name: squid3 name: squid3
state: restarted state: restarted
when: not ansible_check_mode
- name: reload squid3 - name: reload squid3
service: service:
name: squid3 name: squid3
state: reloaded state: reloaded
when: not ansible_check_mode
- name: restart log2mail - name: restart log2mail
service: service:
name: log2mail name: log2mail
state: restarted state: restarted
when: not ansible_check_mode
- name: restart minifirewall - name: restart minifirewall
command: /etc/init.d/minifirewall restart command: /etc/init.d/minifirewall restart
when: not ansible_check_mode

1
squid/tasks/main.yml
View file

@ -121,6 +121,7 @@
when: when:
- squid_localproxy_enable | bool - squid_localproxy_enable | bool
- ansible_distribution_major_version is version('9', '>=') - ansible_distribution_major_version is version('9', '>=')
- not ansible_check_mode
- name: "evolinux custom overrides (Debian 9 or later)" - name: "evolinux custom overrides (Debian 9 or later)"
copy: copy:

1
webapps/evoadmin-web/tasks/ftp.yml
View file

@ -10,3 +10,4 @@
remote_src: False remote_src: False
src: ftp/evolinux.conf.diff src: ftp/evolinux.conf.diff
dest: /etc/proftpd/conf.d/z-evolinux.conf dest: /etc/proftpd/conf.d/z-evolinux.conf
when: not ansible_check_mode

5
webapps/evoadmin-web/tasks/main.yml
View file

@ -3,7 +3,9 @@
- name: "Ensure that evoadmin_contact_email is defined" - name: "Ensure that evoadmin_contact_email is defined"
fail: fail:
msg: Please configure var evoadmin_contact_email msg: Please configure var evoadmin_contact_email
when: evoadmin_contact_email is none or evoadmin_contact_email | length == 0 when:
- evoadmin_contact_email is none or evoadmin_contact_email | length == 0
- not ansible_check_mode
- include: packages.yml - include: packages.yml
@ -23,3 +25,4 @@
marker: "<!-- {mark} evoadmin-web section -->" marker: "<!-- {mark} evoadmin-web section -->"
block: | block: |
<li><a href="https://{{ evoadmin_host }}">Interface admin web (EvoAdmin-web)</a></li> <li><a href="https://{{ evoadmin_host }}">Interface admin web (EvoAdmin-web)</a></li>
when: not ansible_check_mode

1
webapps/evoadmin-web/tasks/ssl.yml
View file

@ -17,6 +17,7 @@
owner: root owner: root
group: ssl-cert group: ssl-cert
mode: "0640" mode: "0640"
when: not ansible_check_mode
- name: Create certificate for default site - name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt

8
webapps/evoadmin-web/tasks/user.yml
View file

@ -54,7 +54,9 @@
dest: "{{ evoadmin_document_root }}" dest: "{{ evoadmin_document_root }}"
version: jessie version: jessie
update: False update: False
when: ansible_distribution_release == "jessie" when:
- ansible_distribution_release == "jessie"
- not ansible_check_mode
- name: "Clone evoadmin repository (Debian 9 or later)" - name: "Clone evoadmin repository (Debian 9 or later)"
git: git:
@ -62,7 +64,9 @@
dest: "{{ evoadmin_document_root }}" dest: "{{ evoadmin_document_root }}"
version: master version: master
update: False update: False
when: ansible_distribution_major_version is version('9', '>=') when:
- ansible_distribution_major_version is version('9', '>=')
- not ansible_check_mode
- name: Change ownership on git repository - name: Change ownership on git repository
file: file: