diff --git a/.ansible/.lock b/.ansible/.lock new file mode 100644 index 0000000..e69de29 diff --git a/dev-playbook.yml b/dev-playbook.yml index 12b6136..32e1be4 100644 --- a/dev-playbook.yml +++ b/dev-playbook.yml @@ -1,4 +1,5 @@ -- hosts: dev +- name: Configure development environment + hosts: dev become: true roles: @@ -14,11 +15,11 @@ pre_tasks: - name: Update apt cache - apt: - update_cache: yes + ansible.builtin.apt: + update_cache: true tasks: # Additional tasks can be added here if needed - name: Display completion message - debug: + ansible.builtin.debug: msg: "Development environment setup completed successfully!" diff --git a/group_vars/all.yml b/group_vars/all.yml index 874ab69..a94dad8 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,6 +1,6 @@ --- # Common variables for all hosts -timezone: UTC +timezone: America/Toronto locale: en_US.UTF-8 ansible_python_interpreter: /usr/bin/python3 diff --git a/local-playbook.yml b/local-playbook.yml index 1dbd461..2124be7 100644 --- a/local-playbook.yml +++ b/local-playbook.yml @@ -1,4 +1,5 @@ -- hosts: localhost +- name: Setup local development environment + hosts: localhost connection: local become: true @@ -15,10 +16,10 @@ pre_tasks: - name: Update apt cache - apt: - update_cache: yes + ansible.builtin.apt: + update_cache: true tasks: - name: Display completion message - debug: + ansible.builtin.debug: msg: "Local development environment setup completed successfully!" diff --git a/roles/applications/meta/main.yml b/roles/applications/meta/main.yml index 23d65c7..32cf5dd 100644 --- a/roles/applications/meta/main.yml +++ b/roles/applications/meta/main.yml @@ -1,2 +1 @@ ---- dependencies: [] diff --git a/roles/applications/tasks/main.yml b/roles/applications/tasks/main.yml index 3302853..fc6af80 100644 --- a/roles/applications/tasks/main.yml +++ b/roles/applications/tasks/main.yml @@ -1,34 +1,35 @@ --- - name: Check if applications are already installed - package_facts: + ansible.builtin.package_facts: manager: apt - name: Check if Brave browser is installed - command: brave-browser --version - register: brave_check + ansible.builtin.command: brave-browser --version + register: applications_brave_check ignore_errors: true changed_when: false failed_when: false no_log: true - name: Set installation conditions - set_fact: - desktop_apps_needed: "{{ ['redshift', 'libreoffice', 'evince'] | difference(ansible_facts.packages.keys()) | length > 0 }}" - brave_needs_install: "{{ brave_check.rc != 0 or 'brave-browser' not in ansible_facts.packages }}" + ansible.builtin.set_fact: + applications_desktop_apps_needed: "{{ ['redshift', 'libreoffice', 'evince'] | difference(ansible_facts.packages.keys()) | length > 0 }}" + applications_brave_needs_install: "{{ applications_brave_check.rc != 0 or 'brave-browser' not in ansible_facts.packages }}" - name: Install desktop applications - apt: + ansible.builtin.apt: name: - redshift - libreoffice - evince state: present - when: desktop_apps_needed + when: applications_desktop_apps_needed - name: Brave browser installation + when: applications_brave_needs_install block: - name: Remove old Brave repository files - file: + ansible.builtin.file: path: "{{ item }}" state: absent loop: @@ -36,31 +37,29 @@ - /etc/apt/sources.list.d/brave-browser-release.sources - name: Download Brave APT key - get_url: + ansible.builtin.get_url: url: https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg dest: /usr/share/keyrings/brave-browser-archive-keyring.gpg mode: '0644' - name: Add Brave repository - apt_repository: + ansible.builtin.apt_repository: repo: "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" filename: brave-browser state: present - name: Install Brave browser - apt: + ansible.builtin.apt: name: brave-browser state: present - when: brave_needs_install - - name: Display application status - debug: - msg: - - "Desktop apps needed: {{ desktop_apps_needed }}" - - "Brave needed: {{ brave_needs_install }}" + ansible.builtin.debug: + msg: + - "Desktop apps needed: {{ applications_desktop_apps_needed }}" + - "Brave needed: {{ applications_brave_needs_install }}" - "Redshift: {{ 'Installed' if 'redshift' in ansible_facts.packages else 'Missing' }}" - "LibreOffice: {{ 'Installed' if 'libreoffice' in ansible_facts.packages else 'Missing' }}" - "Evince: {{ 'Installed' if 'evince' in ansible_facts.packages else 'Missing' }}" - - "Brave: {{ brave_check.stdout if brave_check.rc == 0 else 'Not installed' }}" - when: ansible_debug_output | default(false) | bool \ No newline at end of file + - "Brave: {{ applications_brave_check.stdout if applications_brave_check.rc == 0 else 'Not installed' }}" + when: ansible_debug_output | default(false) | bool diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml index 13dc1ea..c0a890a 100644 --- a/roles/base/handlers/main.yml +++ b/roles/base/handlers/main.yml @@ -1,10 +1,11 @@ --- # handlers file for base -- name: restart fail2ban - systemd: +- name: Restart fail2ban + ansible.builtin.systemd: name: fail2ban state: restarted -- name: reload ufw - command: ufw reload +- name: Reload ufw + ansible.builtin.command: ufw reload + changed_when: false diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml index c572acc..32cf5dd 100644 --- a/roles/base/meta/main.yml +++ b/roles/base/meta/main.yml @@ -1,52 +1 @@ -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 4f50c3e..83f04d5 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install base system packages - apt: + ansible.builtin.apt: name: # Base utilities - htop @@ -20,7 +20,7 @@ state: present - name: Configure fail2ban - template: + ansible.builtin.template: src: jail.local.j2 dest: /etc/fail2ban/jail.local mode: '0644' @@ -29,10 +29,10 @@ # UFW enablement moved to ssh role to avoid lockout - name: Set timezone - timezone: + community.general.timezone: name: "{{ timezone | default('UTC') }}" - name: Configure locale - locale_gen: + community.general.locale_gen: name: "{{ locale | default('en_US.UTF-8') }}" - state: present \ No newline at end of file + state: present diff --git a/roles/base/tests/test.yml b/roles/base/tests/test.yml index f1bada0..0ec43dd 100644 --- a/roles/base/tests/test.yml +++ b/roles/base/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test base role + hosts: localhost remote_user: root roles: - base diff --git a/roles/development/meta/main.yml b/roles/development/meta/main.yml index c572acc..1755f40 100644 --- a/roles/development/meta/main.yml +++ b/roles/development/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: Development tools and environment setup role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/development/tasks/main.yml b/roles/development/tasks/main.yml index 44c320c..d409250 100644 --- a/roles/development/tasks/main.yml +++ b/roles/development/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: Install development packages - apt: + ansible.builtin.apt: name: # Development tools - git - nodejs - npm - # Build tools + # Build tools - build-essential - python3 - python3-pip - state: present \ No newline at end of file + state: present diff --git a/roles/development/tests/test.yml b/roles/development/tests/test.yml index fc1ae60..8336558 100644 --- a/roles/development/tests/test.yml +++ b/roles/development/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test development role + hosts: localhost remote_user: root roles: - development diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml index c572acc..96ef253 100644 --- a/roles/docker/meta/main.yml +++ b/roles/docker/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: Docker installation and configuration role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index c354c34..4b8428b 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Debug distribution information - debug: - msg: + ansible.builtin.debug: + msg: - "Distribution: {{ ansible_facts['distribution'] }}" - "Distribution Release: {{ ansible_facts['distribution_release'] }}" - "Distribution Version: {{ ansible_facts['distribution_version'] }}" @@ -9,7 +9,7 @@ when: ansible_debug_output | default(false) | bool - name: Check if Docker is already installed - command: docker --version + ansible.builtin.command: docker --version register: docker_check ignore_errors: true changed_when: false @@ -17,19 +17,20 @@ no_log: true - name: Check if Docker packages are installed via apt - package_facts: + ansible.builtin.package_facts: manager: apt register: docker_apt_check changed_when: false - name: Set installation condition - set_fact: + ansible.builtin.set_fact: docker_needs_install: "{{ docker_check.rc != 0 or 'docker-ce' not in ansible_facts.packages }}" - name: Docker installation tasks + when: docker_needs_install block: - name: Install Docker requirements - apt: + ansible.builtin.apt: name: - apt-transport-https - ca-certificates @@ -39,7 +40,7 @@ state: present - name: Remove old Docker repository files - file: + ansible.builtin.file: path: "{{ item }}" state: absent loop: @@ -47,19 +48,19 @@ - /etc/apt/sources.list.d/docker-ce.list - name: Create keyrings directory - file: + ansible.builtin.file: path: /etc/apt/keyrings state: directory mode: '0755' - name: Setup Docker GPG key - include_tasks: setup_gpg_key.yml + ansible.builtin.include_tasks: setup_gpg_key.yml - name: Setup Docker repository - include_tasks: "setup_repo_{{ ansible_facts['distribution'] | lower | replace(' ', '_') }}.yml" + ansible.builtin.include_tasks: "setup_repo_{{ ansible_facts['distribution'] | lower | replace(' ', '_') }}.yml" - name: Install Docker CE - apt: + ansible.builtin.apt: name: - docker-ce - docker-ce-cli @@ -69,27 +70,25 @@ state: present - name: Start and enable Docker service - systemd: + ansible.builtin.systemd: name: docker state: started - enabled: yes + enabled: true - name: Set target user variable - set_fact: - target_user: "{{ ansible_user | default(ansible_user_id) }}" + ansible.builtin.set_fact: + docker_target_user: "{{ ansible_user | default(ansible_user_id) }}" - name: Add user to docker group - user: - name: "{{ target_user }}" + ansible.builtin.user: + name: "{{ docker_target_user }}" groups: docker - append: yes - - when: docker_needs_install + append: true - name: Display Docker status - debug: - msg: + ansible.builtin.debug: + msg: - "Docker already installed: {{ docker_check.stdout if docker_check.rc == 0 else 'Not found' }}" - "Docker CE package installed: {{ 'Yes' if 'docker-ce' in ansible_facts.packages else 'No' }}" - "Actions taken: {{ 'None - Docker already present' if not docker_needs_install else 'Docker installation/configuration performed' }}" - when: ansible_debug_output | default(false) | bool \ No newline at end of file + when: ansible_debug_output | default(false) | bool diff --git a/roles/docker/tasks/setup_gpg_key.yml b/roles/docker/tasks/setup_gpg_key.yml index 0a72cb3..915a29b 100644 --- a/roles/docker/tasks/setup_gpg_key.yml +++ b/roles/docker/tasks/setup_gpg_key.yml @@ -1,19 +1,20 @@ --- - name: Download Docker's official GPG key - get_url: + ansible.builtin.get_url: url: https://download.docker.com/linux/ubuntu/gpg dest: /tmp/docker.gpg mode: '0644' - name: Convert and install Docker GPG key - shell: gpg --dearmor < /tmp/docker.gpg > /etc/apt/keyrings/docker.gpg + ansible.builtin.shell: gpg --dearmor < /tmp/docker.gpg > /etc/apt/keyrings/docker.gpg + changed_when: false - name: Set permissions on Docker GPG key - file: + ansible.builtin.file: path: /etc/apt/keyrings/docker.gpg mode: '0644' - name: Clean up temporary GPG key file - file: + ansible.builtin.file: path: /tmp/docker.gpg state: absent diff --git a/roles/docker/tasks/setup_repo_debian.yml b/roles/docker/tasks/setup_repo_debian.yml index 9624a2c..18b5f1c 100644 --- a/roles/docker/tasks/setup_repo_debian.yml +++ b/roles/docker/tasks/setup_repo_debian.yml @@ -1,6 +1,6 @@ --- - name: Add Docker repository for Debian - apt_repository: + ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true diff --git a/roles/docker/tasks/setup_repo_linux_mint.yml b/roles/docker/tasks/setup_repo_linux_mint.yml index 37f2753..fb57c3f 100644 --- a/roles/docker/tasks/setup_repo_linux_mint.yml +++ b/roles/docker/tasks/setup_repo_linux_mint.yml @@ -1,10 +1,14 @@ --- - name: Set Ubuntu codename for Linux Mint - set_fact: - ubuntu_codename: "{{ 'jammy' if ansible_distribution_version is version('22', '>=') else 'focal' if ansible_distribution_version is version('21', '>=') else 'focal' if ansible_distribution_version is version('20', '>=') else 'bionic' }}" + ansible.builtin.set_fact: + docker_ubuntu_codename: > + {{ 'jammy' if ansible_distribution_version is version('22', '>=') else + 'focal' if ansible_distribution_version is version('21', '>=') else + 'focal' if ansible_distribution_version is version('20', '>=') else + 'bionic' }} - name: Add Docker repository for Linux Mint (using Ubuntu base) - apt_repository: - repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ubuntu_codename }} stable" + ansible.builtin.apt_repository: + repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ docker_ubuntu_codename }} stable" state: present - update_cache: yes + update_cache: true diff --git a/roles/docker/tasks/setup_repo_ubuntu.yml b/roles/docker/tasks/setup_repo_ubuntu.yml index 45cef72..d223c78 100644 --- a/roles/docker/tasks/setup_repo_ubuntu.yml +++ b/roles/docker/tasks/setup_repo_ubuntu.yml @@ -1,6 +1,6 @@ --- - name: Add Docker repository for Ubuntu - apt_repository: + ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true diff --git a/roles/docker/tests/test.yml b/roles/docker/tests/test.yml index 7aabdb0..5b4d564 100644 --- a/roles/docker/tests/test.yml +++ b/roles/docker/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test docker role + hosts: localhost remote_user: root roles: - docker diff --git a/roles/maintenance/meta/main.yml b/roles/maintenance/meta/main.yml index c572acc..cff34e4 100644 --- a/roles/maintenance/meta/main.yml +++ b/roles/maintenance/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: System maintenance and updates role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/maintenance/tasks/main.yml b/roles/maintenance/tasks/main.yml index cd3c86c..c4c13e1 100644 --- a/roles/maintenance/tasks/main.yml +++ b/roles/maintenance/tasks/main.yml @@ -1,25 +1,25 @@ --- - name: Upgrade all packages - apt: + ansible.builtin.apt: upgrade: dist - name: Autoremove unused packages - apt: - autoremove: yes + ansible.builtin.apt: + autoremove: true - name: Clean apt cache - apt: - autoclean: yes + ansible.builtin.apt: + autoclean: true - name: Check if reboot is required - stat: + ansible.builtin.stat: path: /var/run/reboot-required - register: reboot_required + register: maintenance_reboot_required - name: Reboot if required - reboot: + ansible.builtin.reboot: msg: "Reboot triggered by Ansible after system changes." when: - ansible_facts['pkg_mgr'] == "apt" - - reboot_required.stat.exists - - skip_reboot | default(false) | bool == false \ No newline at end of file + - maintenance_reboot_required.stat.exists + - not (skip_reboot | default(false) | bool) diff --git a/roles/maintenance/tests/test.yml b/roles/maintenance/tests/test.yml index 1510a55..01ebeb2 100644 --- a/roles/maintenance/tests/test.yml +++ b/roles/maintenance/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test maintenance role + hosts: localhost remote_user: root roles: - maintenance diff --git a/roles/shell/meta/main.yml b/roles/shell/meta/main.yml index c572acc..76f3dba 100644 --- a/roles/shell/meta/main.yml +++ b/roles/shell/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: Shell configuration and setup role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/shell/tasks/main.yml b/roles/shell/tasks/main.yml index 75dcd60..ea47d25 100644 --- a/roles/shell/tasks/main.yml +++ b/roles/shell/tasks/main.yml @@ -1,40 +1,41 @@ --- - name: Set target user variable - set_fact: - target_user: "{{ ansible_user | default(ansible_user_id) }}" + ansible.builtin.set_fact: + shell_target_user: "{{ ansible_user | default(ansible_user_id) }}" - name: Install shell packages - apt: + ansible.builtin.apt: name: - zsh - tmux state: present - name: Set zsh as default shell for user - user: - name: "{{ target_user }}" + ansible.builtin.user: + name: "{{ shell_target_user }}" shell: /usr/bin/zsh - name: Install Oh My Zsh for user become: true - become_user: "{{ target_user }}" - shell: sh -c "$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)" "" --unattended + become_user: "{{ shell_target_user }}" + ansible.builtin.shell: sh -c "$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)" "" --unattended args: - creates: "/home/{{ target_user }}/.oh-my-zsh" + creates: "/home/{{ shell_target_user }}/.oh-my-zsh" - name: Clone Powerlevel10k theme - git: + ansible.builtin.git: repo: https://github.com/romkatv/powerlevel10k.git - dest: "/home/{{ target_user }}/.oh-my-zsh/custom/themes/powerlevel10k" + dest: "/home/{{ shell_target_user }}/.oh-my-zsh/custom/themes/powerlevel10k" + version: master depth: 1 - update: no + update: false become: true - become_user: "{{ target_user }}" + become_user: "{{ shell_target_user }}" - name: Deploy .zshrc for user - copy: + ansible.builtin.copy: src: files/.zshrc - dest: "/home/{{ target_user }}/.zshrc" - owner: "{{ target_user }}" - group: "{{ target_user }}" + dest: "/home/{{ shell_target_user }}/.zshrc" + owner: "{{ shell_target_user }}" + group: "{{ shell_target_user }}" mode: '0644' diff --git a/roles/shell/tests/test.yml b/roles/shell/tests/test.yml index 16f6612..5412280 100644 --- a/roles/shell/tests/test.yml +++ b/roles/shell/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test shell role + hosts: localhost remote_user: root roles: - shell diff --git a/roles/snap/handlers/main.yml b/roles/snap/handlers/main.yml index 13f5d95..9b2523e 100644 --- a/roles/snap/handlers/main.yml +++ b/roles/snap/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart snapd - systemd: +- name: Restart snapd + ansible.builtin.systemd: name: snapd state: restarted diff --git a/roles/snap/meta/main.yml b/roles/snap/meta/main.yml index 23d65c7..a7ceee0 100644 --- a/roles/snap/meta/main.yml +++ b/roles/snap/meta/main.yml @@ -1,2 +1,12 @@ ---- +galaxy_info: + author: ansible-user + description: Snap package manager configuration role + company: Personal + + license: MIT + + min_ansible_version: "2.9" + + galaxy_tags: [] + dependencies: [] diff --git a/roles/snap/tasks/main.yml b/roles/snap/tasks/main.yml index 7d0465a..0a55b23 100644 --- a/roles/snap/tasks/main.yml +++ b/roles/snap/tasks/main.yml @@ -1,76 +1,78 @@ --- - name: Enable 'universe' repo (Ubuntu and Mint only) - command: add-apt-repository universe + ansible.builtin.command: add-apt-repository universe when: ansible_facts['distribution'] in ["Ubuntu", "Linux Mint"] changed_when: false - ignore_errors: true + failed_when: false - name: Remove Mint's nosnap.pref block (Mint only) - file: + ansible.builtin.file: path: /etc/apt/preferences.d/nosnap.pref state: absent when: ansible_facts['distribution'] == "Linux Mint" - name: Install Snap daemon - apt: + ansible.builtin.apt: name: snapd state: present when: ansible_facts['os_family'] == "Debian" notify: restart snapd - name: Enable snapd socket on Debian - systemd: + ansible.builtin.systemd: name: snapd.socket enabled: true state: started when: ansible_facts['distribution'] == "Debian" - name: Force Ansible to reload facts - setup: + ansible.builtin.setup: - name: Wait for snapd to be ready - command: snap wait system seed.loaded + ansible.builtin.command: snap wait system seed.loaded register: snap_wait_result until: snap_wait_result.rc == 0 retries: 10 delay: 5 when: ansible_facts['os_family'] == "Debian" - ignore_errors: true + failed_when: false + changed_when: false - name: Check if snap is working - command: snap list + ansible.builtin.command: snap list register: snap_check when: ansible_facts['os_family'] == "Debian" - ignore_errors: true + failed_when: false + changed_when: false - name: Install VSCode IDE (Snap, all distros) community.general.snap: name: code classic: true state: present - when: + when: - ansible_facts['os_family'] == "Debian" - snap_check is defined - snap_check.rc == 0 - ignore_errors: true + failed_when: false - name: Install Cursor (Snap, all distros) community.general.snap: name: cursor state: present - when: + when: - ansible_facts['os_family'] == "Debian" - snap_check is defined - snap_check.rc == 0 - ignore_errors: true + failed_when: false - name: Display snap installation status - debug: + ansible.builtin.debug: msg: | Snap check result: {{ snap_check.rc if snap_check is defined else 'not defined' }} VSCode and Cursor installation may have failed if snap is not properly configured. You may need to manually install these applications or troubleshoot snap on this host. - when: + when: - ansible_facts['os_family'] == "Debian" - snap_check is defined - snap_check.rc != 0 diff --git a/roles/ssh/handlers/main.yml b/roles/ssh/handlers/main.yml index c567a5b..d76899b 100644 --- a/roles/ssh/handlers/main.yml +++ b/roles/ssh/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart ssh - systemd: +- name: Restart ssh + ansible.builtin.systemd: name: ssh - state: restarted \ No newline at end of file + state: restarted diff --git a/roles/ssh/meta/main.yml b/roles/ssh/meta/main.yml index c572acc..2f9a0ad 100644 --- a/roles/ssh/meta/main.yml +++ b/roles/ssh/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: SSH configuration and security role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml index 1a6234b..a0791f6 100644 --- a/roles/ssh/tasks/main.yml +++ b/roles/ssh/tasks/main.yml @@ -1,23 +1,22 @@ --- - name: Ensure SSH server installed - apt: + ansible.builtin.apt: name: openssh-server state: present - name: Configure firewalls - allow SSH port - ufw: + community.general.ufw: rule: allow port: '22' proto: tcp - name: Configure firewalls - allow SSH by name (backup) - ufw: + community.general.ufw: rule: allow name: OpenSSH - ignore_errors: true + failed_when: false - name: Enable UFW with deny default policy - ufw: + community.general.ufw: state: enabled policy: deny - diff --git a/roles/ssh/tests/test.yml b/roles/ssh/tests/test.yml index 3692ead..b982260 100644 --- a/roles/ssh/tests/test.yml +++ b/roles/ssh/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test ssh role + hosts: localhost remote_user: root roles: - ssh diff --git a/roles/user/meta/main.yml b/roles/user/meta/main.yml index c572acc..29d44f1 100644 --- a/roles/user/meta/main.yml +++ b/roles/user/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: User account management role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 47bcd88..9ec6d81 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -1,10 +1,10 @@ --- - name: Set target user variable - set_fact: - target_user: "{{ ansible_user | default(ansible_user_id) }}" + ansible.builtin.set_fact: + user_target_user: "{{ ansible_user | default(ansible_user_id) }}" - name: Ensure user exists - user: - name: "{{ target_user }}" + ansible.builtin.user: + name: "{{ user_target_user }}" state: present when: ansible_connection != 'local' diff --git a/roles/user/tests/test.yml b/roles/user/tests/test.yml index 724a2ab..7768131 100644 --- a/roles/user/tests/test.yml +++ b/roles/user/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test user role + hosts: localhost remote_user: root roles: - user