From 67a5caef36d03fcc9fcb273912d233bc015d8e7e Mon Sep 17 00:00:00 2001 From: ilia Date: Fri, 29 Aug 2025 15:42:09 -0400 Subject: [PATCH] Refactor playbooks and roles to enhance task organization and improve package management. Update development and local playbooks to include descriptive names, streamline APT tasks, and ensure consistent use of Ansible modules. Modify group variables for timezone and update role metadata for clarity. Improve error handling and user feedback in various roles, including applications, base, and snap, by utilizing built-in Ansible modules and adding necessary checks. --- .ansible/.lock | 0 dev-playbook.yml | 9 ++-- group_vars/all.yml | 2 +- local-playbook.yml | 9 ++-- roles/applications/meta/main.yml | 1 - roles/applications/tasks/main.yml | 39 ++++++++------- roles/base/handlers/main.yml | 9 ++-- roles/base/meta/main.yml | 51 -------------------- roles/base/tasks/main.yml | 10 ++-- roles/base/tests/test.yml | 3 +- roles/development/meta/main.yml | 10 ++-- roles/development/tasks/main.yml | 6 +-- roles/development/tests/test.yml | 3 +- roles/docker/meta/main.yml | 10 ++-- roles/docker/tasks/main.yml | 45 +++++++++-------- roles/docker/tasks/setup_gpg_key.yml | 9 ++-- roles/docker/tasks/setup_repo_debian.yml | 4 +- roles/docker/tasks/setup_repo_linux_mint.yml | 14 ++++-- roles/docker/tasks/setup_repo_ubuntu.yml | 4 +- roles/docker/tests/test.yml | 3 +- roles/maintenance/meta/main.yml | 10 ++-- roles/maintenance/tasks/main.yml | 20 ++++---- roles/maintenance/tests/test.yml | 3 +- roles/shell/meta/main.yml | 10 ++-- roles/shell/tasks/main.yml | 33 +++++++------ roles/shell/tests/test.yml | 3 +- roles/snap/handlers/main.yml | 4 +- roles/snap/meta/main.yml | 12 ++++- roles/snap/tasks/main.yml | 34 +++++++------ roles/ssh/handlers/main.yml | 6 +-- roles/ssh/meta/main.yml | 10 ++-- roles/ssh/tasks/main.yml | 11 ++--- roles/ssh/tests/test.yml | 3 +- roles/user/meta/main.yml | 10 ++-- roles/user/tasks/main.yml | 8 +-- roles/user/tests/test.yml | 3 +- 36 files changed, 197 insertions(+), 224 deletions(-) create mode 100644 .ansible/.lock diff --git a/.ansible/.lock b/.ansible/.lock new file mode 100644 index 0000000..e69de29 diff --git a/dev-playbook.yml b/dev-playbook.yml index 12b6136..32e1be4 100644 --- a/dev-playbook.yml +++ b/dev-playbook.yml @@ -1,4 +1,5 @@ -- hosts: dev +- name: Configure development environment + hosts: dev become: true roles: @@ -14,11 +15,11 @@ pre_tasks: - name: Update apt cache - apt: - update_cache: yes + ansible.builtin.apt: + update_cache: true tasks: # Additional tasks can be added here if needed - name: Display completion message - debug: + ansible.builtin.debug: msg: "Development environment setup completed successfully!" diff --git a/group_vars/all.yml b/group_vars/all.yml index 874ab69..a94dad8 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,6 +1,6 @@ --- # Common variables for all hosts -timezone: UTC +timezone: America/Toronto locale: en_US.UTF-8 ansible_python_interpreter: /usr/bin/python3 diff --git a/local-playbook.yml b/local-playbook.yml index 1dbd461..2124be7 100644 --- a/local-playbook.yml +++ b/local-playbook.yml @@ -1,4 +1,5 @@ -- hosts: localhost +- name: Setup local development environment + hosts: localhost connection: local become: true @@ -15,10 +16,10 @@ pre_tasks: - name: Update apt cache - apt: - update_cache: yes + ansible.builtin.apt: + update_cache: true tasks: - name: Display completion message - debug: + ansible.builtin.debug: msg: "Local development environment setup completed successfully!" diff --git a/roles/applications/meta/main.yml b/roles/applications/meta/main.yml index 23d65c7..32cf5dd 100644 --- a/roles/applications/meta/main.yml +++ b/roles/applications/meta/main.yml @@ -1,2 +1 @@ ---- dependencies: [] diff --git a/roles/applications/tasks/main.yml b/roles/applications/tasks/main.yml index 3302853..fc6af80 100644 --- a/roles/applications/tasks/main.yml +++ b/roles/applications/tasks/main.yml @@ -1,34 +1,35 @@ --- - name: Check if applications are already installed - package_facts: + ansible.builtin.package_facts: manager: apt - name: Check if Brave browser is installed - command: brave-browser --version - register: brave_check + ansible.builtin.command: brave-browser --version + register: applications_brave_check ignore_errors: true changed_when: false failed_when: false no_log: true - name: Set installation conditions - set_fact: - desktop_apps_needed: "{{ ['redshift', 'libreoffice', 'evince'] | difference(ansible_facts.packages.keys()) | length > 0 }}" - brave_needs_install: "{{ brave_check.rc != 0 or 'brave-browser' not in ansible_facts.packages }}" + ansible.builtin.set_fact: + applications_desktop_apps_needed: "{{ ['redshift', 'libreoffice', 'evince'] | difference(ansible_facts.packages.keys()) | length > 0 }}" + applications_brave_needs_install: "{{ applications_brave_check.rc != 0 or 'brave-browser' not in ansible_facts.packages }}" - name: Install desktop applications - apt: + ansible.builtin.apt: name: - redshift - libreoffice - evince state: present - when: desktop_apps_needed + when: applications_desktop_apps_needed - name: Brave browser installation + when: applications_brave_needs_install block: - name: Remove old Brave repository files - file: + ansible.builtin.file: path: "{{ item }}" state: absent loop: @@ -36,31 +37,29 @@ - /etc/apt/sources.list.d/brave-browser-release.sources - name: Download Brave APT key - get_url: + ansible.builtin.get_url: url: https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg dest: /usr/share/keyrings/brave-browser-archive-keyring.gpg mode: '0644' - name: Add Brave repository - apt_repository: + ansible.builtin.apt_repository: repo: "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" filename: brave-browser state: present - name: Install Brave browser - apt: + ansible.builtin.apt: name: brave-browser state: present - when: brave_needs_install - - name: Display application status - debug: - msg: - - "Desktop apps needed: {{ desktop_apps_needed }}" - - "Brave needed: {{ brave_needs_install }}" + ansible.builtin.debug: + msg: + - "Desktop apps needed: {{ applications_desktop_apps_needed }}" + - "Brave needed: {{ applications_brave_needs_install }}" - "Redshift: {{ 'Installed' if 'redshift' in ansible_facts.packages else 'Missing' }}" - "LibreOffice: {{ 'Installed' if 'libreoffice' in ansible_facts.packages else 'Missing' }}" - "Evince: {{ 'Installed' if 'evince' in ansible_facts.packages else 'Missing' }}" - - "Brave: {{ brave_check.stdout if brave_check.rc == 0 else 'Not installed' }}" - when: ansible_debug_output | default(false) | bool \ No newline at end of file + - "Brave: {{ applications_brave_check.stdout if applications_brave_check.rc == 0 else 'Not installed' }}" + when: ansible_debug_output | default(false) | bool diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml index 13dc1ea..c0a890a 100644 --- a/roles/base/handlers/main.yml +++ b/roles/base/handlers/main.yml @@ -1,10 +1,11 @@ --- # handlers file for base -- name: restart fail2ban - systemd: +- name: Restart fail2ban + ansible.builtin.systemd: name: fail2ban state: restarted -- name: reload ufw - command: ufw reload +- name: Reload ufw + ansible.builtin.command: ufw reload + changed_when: false diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml index c572acc..32cf5dd 100644 --- a/roles/base/meta/main.yml +++ b/roles/base/meta/main.yml @@ -1,52 +1 @@ -galaxy_info: - author: your name - description: your role description - company: your company (optional) - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) - - min_ansible_version: 2.1 - - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 4f50c3e..83f04d5 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install base system packages - apt: + ansible.builtin.apt: name: # Base utilities - htop @@ -20,7 +20,7 @@ state: present - name: Configure fail2ban - template: + ansible.builtin.template: src: jail.local.j2 dest: /etc/fail2ban/jail.local mode: '0644' @@ -29,10 +29,10 @@ # UFW enablement moved to ssh role to avoid lockout - name: Set timezone - timezone: + community.general.timezone: name: "{{ timezone | default('UTC') }}" - name: Configure locale - locale_gen: + community.general.locale_gen: name: "{{ locale | default('en_US.UTF-8') }}" - state: present \ No newline at end of file + state: present diff --git a/roles/base/tests/test.yml b/roles/base/tests/test.yml index f1bada0..0ec43dd 100644 --- a/roles/base/tests/test.yml +++ b/roles/base/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test base role + hosts: localhost remote_user: root roles: - base diff --git a/roles/development/meta/main.yml b/roles/development/meta/main.yml index c572acc..1755f40 100644 --- a/roles/development/meta/main.yml +++ b/roles/development/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: Development tools and environment setup role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/development/tasks/main.yml b/roles/development/tasks/main.yml index 44c320c..d409250 100644 --- a/roles/development/tasks/main.yml +++ b/roles/development/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: Install development packages - apt: + ansible.builtin.apt: name: # Development tools - git - nodejs - npm - # Build tools + # Build tools - build-essential - python3 - python3-pip - state: present \ No newline at end of file + state: present diff --git a/roles/development/tests/test.yml b/roles/development/tests/test.yml index fc1ae60..8336558 100644 --- a/roles/development/tests/test.yml +++ b/roles/development/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test development role + hosts: localhost remote_user: root roles: - development diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml index c572acc..96ef253 100644 --- a/roles/docker/meta/main.yml +++ b/roles/docker/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: Docker installation and configuration role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index c354c34..4b8428b 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Debug distribution information - debug: - msg: + ansible.builtin.debug: + msg: - "Distribution: {{ ansible_facts['distribution'] }}" - "Distribution Release: {{ ansible_facts['distribution_release'] }}" - "Distribution Version: {{ ansible_facts['distribution_version'] }}" @@ -9,7 +9,7 @@ when: ansible_debug_output | default(false) | bool - name: Check if Docker is already installed - command: docker --version + ansible.builtin.command: docker --version register: docker_check ignore_errors: true changed_when: false @@ -17,19 +17,20 @@ no_log: true - name: Check if Docker packages are installed via apt - package_facts: + ansible.builtin.package_facts: manager: apt register: docker_apt_check changed_when: false - name: Set installation condition - set_fact: + ansible.builtin.set_fact: docker_needs_install: "{{ docker_check.rc != 0 or 'docker-ce' not in ansible_facts.packages }}" - name: Docker installation tasks + when: docker_needs_install block: - name: Install Docker requirements - apt: + ansible.builtin.apt: name: - apt-transport-https - ca-certificates @@ -39,7 +40,7 @@ state: present - name: Remove old Docker repository files - file: + ansible.builtin.file: path: "{{ item }}" state: absent loop: @@ -47,19 +48,19 @@ - /etc/apt/sources.list.d/docker-ce.list - name: Create keyrings directory - file: + ansible.builtin.file: path: /etc/apt/keyrings state: directory mode: '0755' - name: Setup Docker GPG key - include_tasks: setup_gpg_key.yml + ansible.builtin.include_tasks: setup_gpg_key.yml - name: Setup Docker repository - include_tasks: "setup_repo_{{ ansible_facts['distribution'] | lower | replace(' ', '_') }}.yml" + ansible.builtin.include_tasks: "setup_repo_{{ ansible_facts['distribution'] | lower | replace(' ', '_') }}.yml" - name: Install Docker CE - apt: + ansible.builtin.apt: name: - docker-ce - docker-ce-cli @@ -69,27 +70,25 @@ state: present - name: Start and enable Docker service - systemd: + ansible.builtin.systemd: name: docker state: started - enabled: yes + enabled: true - name: Set target user variable - set_fact: - target_user: "{{ ansible_user | default(ansible_user_id) }}" + ansible.builtin.set_fact: + docker_target_user: "{{ ansible_user | default(ansible_user_id) }}" - name: Add user to docker group - user: - name: "{{ target_user }}" + ansible.builtin.user: + name: "{{ docker_target_user }}" groups: docker - append: yes - - when: docker_needs_install + append: true - name: Display Docker status - debug: - msg: + ansible.builtin.debug: + msg: - "Docker already installed: {{ docker_check.stdout if docker_check.rc == 0 else 'Not found' }}" - "Docker CE package installed: {{ 'Yes' if 'docker-ce' in ansible_facts.packages else 'No' }}" - "Actions taken: {{ 'None - Docker already present' if not docker_needs_install else 'Docker installation/configuration performed' }}" - when: ansible_debug_output | default(false) | bool \ No newline at end of file + when: ansible_debug_output | default(false) | bool diff --git a/roles/docker/tasks/setup_gpg_key.yml b/roles/docker/tasks/setup_gpg_key.yml index 0a72cb3..915a29b 100644 --- a/roles/docker/tasks/setup_gpg_key.yml +++ b/roles/docker/tasks/setup_gpg_key.yml @@ -1,19 +1,20 @@ --- - name: Download Docker's official GPG key - get_url: + ansible.builtin.get_url: url: https://download.docker.com/linux/ubuntu/gpg dest: /tmp/docker.gpg mode: '0644' - name: Convert and install Docker GPG key - shell: gpg --dearmor < /tmp/docker.gpg > /etc/apt/keyrings/docker.gpg + ansible.builtin.shell: gpg --dearmor < /tmp/docker.gpg > /etc/apt/keyrings/docker.gpg + changed_when: false - name: Set permissions on Docker GPG key - file: + ansible.builtin.file: path: /etc/apt/keyrings/docker.gpg mode: '0644' - name: Clean up temporary GPG key file - file: + ansible.builtin.file: path: /tmp/docker.gpg state: absent diff --git a/roles/docker/tasks/setup_repo_debian.yml b/roles/docker/tasks/setup_repo_debian.yml index 9624a2c..18b5f1c 100644 --- a/roles/docker/tasks/setup_repo_debian.yml +++ b/roles/docker/tasks/setup_repo_debian.yml @@ -1,6 +1,6 @@ --- - name: Add Docker repository for Debian - apt_repository: + ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true diff --git a/roles/docker/tasks/setup_repo_linux_mint.yml b/roles/docker/tasks/setup_repo_linux_mint.yml index 37f2753..fb57c3f 100644 --- a/roles/docker/tasks/setup_repo_linux_mint.yml +++ b/roles/docker/tasks/setup_repo_linux_mint.yml @@ -1,10 +1,14 @@ --- - name: Set Ubuntu codename for Linux Mint - set_fact: - ubuntu_codename: "{{ 'jammy' if ansible_distribution_version is version('22', '>=') else 'focal' if ansible_distribution_version is version('21', '>=') else 'focal' if ansible_distribution_version is version('20', '>=') else 'bionic' }}" + ansible.builtin.set_fact: + docker_ubuntu_codename: > + {{ 'jammy' if ansible_distribution_version is version('22', '>=') else + 'focal' if ansible_distribution_version is version('21', '>=') else + 'focal' if ansible_distribution_version is version('20', '>=') else + 'bionic' }} - name: Add Docker repository for Linux Mint (using Ubuntu base) - apt_repository: - repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ubuntu_codename }} stable" + ansible.builtin.apt_repository: + repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ docker_ubuntu_codename }} stable" state: present - update_cache: yes + update_cache: true diff --git a/roles/docker/tasks/setup_repo_ubuntu.yml b/roles/docker/tasks/setup_repo_ubuntu.yml index 45cef72..d223c78 100644 --- a/roles/docker/tasks/setup_repo_ubuntu.yml +++ b/roles/docker/tasks/setup_repo_ubuntu.yml @@ -1,6 +1,6 @@ --- - name: Add Docker repository for Ubuntu - apt_repository: + ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present - update_cache: yes + update_cache: true diff --git a/roles/docker/tests/test.yml b/roles/docker/tests/test.yml index 7aabdb0..5b4d564 100644 --- a/roles/docker/tests/test.yml +++ b/roles/docker/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test docker role + hosts: localhost remote_user: root roles: - docker diff --git a/roles/maintenance/meta/main.yml b/roles/maintenance/meta/main.yml index c572acc..cff34e4 100644 --- a/roles/maintenance/meta/main.yml +++ b/roles/maintenance/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: System maintenance and updates role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/maintenance/tasks/main.yml b/roles/maintenance/tasks/main.yml index cd3c86c..c4c13e1 100644 --- a/roles/maintenance/tasks/main.yml +++ b/roles/maintenance/tasks/main.yml @@ -1,25 +1,25 @@ --- - name: Upgrade all packages - apt: + ansible.builtin.apt: upgrade: dist - name: Autoremove unused packages - apt: - autoremove: yes + ansible.builtin.apt: + autoremove: true - name: Clean apt cache - apt: - autoclean: yes + ansible.builtin.apt: + autoclean: true - name: Check if reboot is required - stat: + ansible.builtin.stat: path: /var/run/reboot-required - register: reboot_required + register: maintenance_reboot_required - name: Reboot if required - reboot: + ansible.builtin.reboot: msg: "Reboot triggered by Ansible after system changes." when: - ansible_facts['pkg_mgr'] == "apt" - - reboot_required.stat.exists - - skip_reboot | default(false) | bool == false \ No newline at end of file + - maintenance_reboot_required.stat.exists + - not (skip_reboot | default(false) | bool) diff --git a/roles/maintenance/tests/test.yml b/roles/maintenance/tests/test.yml index 1510a55..01ebeb2 100644 --- a/roles/maintenance/tests/test.yml +++ b/roles/maintenance/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test maintenance role + hosts: localhost remote_user: root roles: - maintenance diff --git a/roles/shell/meta/main.yml b/roles/shell/meta/main.yml index c572acc..76f3dba 100644 --- a/roles/shell/meta/main.yml +++ b/roles/shell/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: Shell configuration and setup role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/shell/tasks/main.yml b/roles/shell/tasks/main.yml index 75dcd60..ea47d25 100644 --- a/roles/shell/tasks/main.yml +++ b/roles/shell/tasks/main.yml @@ -1,40 +1,41 @@ --- - name: Set target user variable - set_fact: - target_user: "{{ ansible_user | default(ansible_user_id) }}" + ansible.builtin.set_fact: + shell_target_user: "{{ ansible_user | default(ansible_user_id) }}" - name: Install shell packages - apt: + ansible.builtin.apt: name: - zsh - tmux state: present - name: Set zsh as default shell for user - user: - name: "{{ target_user }}" + ansible.builtin.user: + name: "{{ shell_target_user }}" shell: /usr/bin/zsh - name: Install Oh My Zsh for user become: true - become_user: "{{ target_user }}" - shell: sh -c "$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)" "" --unattended + become_user: "{{ shell_target_user }}" + ansible.builtin.shell: sh -c "$(wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)" "" --unattended args: - creates: "/home/{{ target_user }}/.oh-my-zsh" + creates: "/home/{{ shell_target_user }}/.oh-my-zsh" - name: Clone Powerlevel10k theme - git: + ansible.builtin.git: repo: https://github.com/romkatv/powerlevel10k.git - dest: "/home/{{ target_user }}/.oh-my-zsh/custom/themes/powerlevel10k" + dest: "/home/{{ shell_target_user }}/.oh-my-zsh/custom/themes/powerlevel10k" + version: master depth: 1 - update: no + update: false become: true - become_user: "{{ target_user }}" + become_user: "{{ shell_target_user }}" - name: Deploy .zshrc for user - copy: + ansible.builtin.copy: src: files/.zshrc - dest: "/home/{{ target_user }}/.zshrc" - owner: "{{ target_user }}" - group: "{{ target_user }}" + dest: "/home/{{ shell_target_user }}/.zshrc" + owner: "{{ shell_target_user }}" + group: "{{ shell_target_user }}" mode: '0644' diff --git a/roles/shell/tests/test.yml b/roles/shell/tests/test.yml index 16f6612..5412280 100644 --- a/roles/shell/tests/test.yml +++ b/roles/shell/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test shell role + hosts: localhost remote_user: root roles: - shell diff --git a/roles/snap/handlers/main.yml b/roles/snap/handlers/main.yml index 13f5d95..9b2523e 100644 --- a/roles/snap/handlers/main.yml +++ b/roles/snap/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart snapd - systemd: +- name: Restart snapd + ansible.builtin.systemd: name: snapd state: restarted diff --git a/roles/snap/meta/main.yml b/roles/snap/meta/main.yml index 23d65c7..a7ceee0 100644 --- a/roles/snap/meta/main.yml +++ b/roles/snap/meta/main.yml @@ -1,2 +1,12 @@ ---- +galaxy_info: + author: ansible-user + description: Snap package manager configuration role + company: Personal + + license: MIT + + min_ansible_version: "2.9" + + galaxy_tags: [] + dependencies: [] diff --git a/roles/snap/tasks/main.yml b/roles/snap/tasks/main.yml index 7d0465a..0a55b23 100644 --- a/roles/snap/tasks/main.yml +++ b/roles/snap/tasks/main.yml @@ -1,76 +1,78 @@ --- - name: Enable 'universe' repo (Ubuntu and Mint only) - command: add-apt-repository universe + ansible.builtin.command: add-apt-repository universe when: ansible_facts['distribution'] in ["Ubuntu", "Linux Mint"] changed_when: false - ignore_errors: true + failed_when: false - name: Remove Mint's nosnap.pref block (Mint only) - file: + ansible.builtin.file: path: /etc/apt/preferences.d/nosnap.pref state: absent when: ansible_facts['distribution'] == "Linux Mint" - name: Install Snap daemon - apt: + ansible.builtin.apt: name: snapd state: present when: ansible_facts['os_family'] == "Debian" notify: restart snapd - name: Enable snapd socket on Debian - systemd: + ansible.builtin.systemd: name: snapd.socket enabled: true state: started when: ansible_facts['distribution'] == "Debian" - name: Force Ansible to reload facts - setup: + ansible.builtin.setup: - name: Wait for snapd to be ready - command: snap wait system seed.loaded + ansible.builtin.command: snap wait system seed.loaded register: snap_wait_result until: snap_wait_result.rc == 0 retries: 10 delay: 5 when: ansible_facts['os_family'] == "Debian" - ignore_errors: true + failed_when: false + changed_when: false - name: Check if snap is working - command: snap list + ansible.builtin.command: snap list register: snap_check when: ansible_facts['os_family'] == "Debian" - ignore_errors: true + failed_when: false + changed_when: false - name: Install VSCode IDE (Snap, all distros) community.general.snap: name: code classic: true state: present - when: + when: - ansible_facts['os_family'] == "Debian" - snap_check is defined - snap_check.rc == 0 - ignore_errors: true + failed_when: false - name: Install Cursor (Snap, all distros) community.general.snap: name: cursor state: present - when: + when: - ansible_facts['os_family'] == "Debian" - snap_check is defined - snap_check.rc == 0 - ignore_errors: true + failed_when: false - name: Display snap installation status - debug: + ansible.builtin.debug: msg: | Snap check result: {{ snap_check.rc if snap_check is defined else 'not defined' }} VSCode and Cursor installation may have failed if snap is not properly configured. You may need to manually install these applications or troubleshoot snap on this host. - when: + when: - ansible_facts['os_family'] == "Debian" - snap_check is defined - snap_check.rc != 0 diff --git a/roles/ssh/handlers/main.yml b/roles/ssh/handlers/main.yml index c567a5b..d76899b 100644 --- a/roles/ssh/handlers/main.yml +++ b/roles/ssh/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: restart ssh - systemd: +- name: Restart ssh + ansible.builtin.systemd: name: ssh - state: restarted \ No newline at end of file + state: restarted diff --git a/roles/ssh/meta/main.yml b/roles/ssh/meta/main.yml index c572acc..2f9a0ad 100644 --- a/roles/ssh/meta/main.yml +++ b/roles/ssh/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: SSH configuration and security role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml index 1a6234b..a0791f6 100644 --- a/roles/ssh/tasks/main.yml +++ b/roles/ssh/tasks/main.yml @@ -1,23 +1,22 @@ --- - name: Ensure SSH server installed - apt: + ansible.builtin.apt: name: openssh-server state: present - name: Configure firewalls - allow SSH port - ufw: + community.general.ufw: rule: allow port: '22' proto: tcp - name: Configure firewalls - allow SSH by name (backup) - ufw: + community.general.ufw: rule: allow name: OpenSSH - ignore_errors: true + failed_when: false - name: Enable UFW with deny default policy - ufw: + community.general.ufw: state: enabled policy: deny - diff --git a/roles/ssh/tests/test.yml b/roles/ssh/tests/test.yml index 3692ead..b982260 100644 --- a/roles/ssh/tests/test.yml +++ b/roles/ssh/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test ssh role + hosts: localhost remote_user: root roles: - ssh diff --git a/roles/user/meta/main.yml b/roles/user/meta/main.yml index c572acc..29d44f1 100644 --- a/roles/user/meta/main.yml +++ b/roles/user/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: ansible-user + description: User account management role + company: Personal # If the issue tracker for your role is not on github, uncomment the # next line and provide a value @@ -14,9 +14,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: MIT - min_ansible_version: 2.1 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 47bcd88..9ec6d81 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -1,10 +1,10 @@ --- - name: Set target user variable - set_fact: - target_user: "{{ ansible_user | default(ansible_user_id) }}" + ansible.builtin.set_fact: + user_target_user: "{{ ansible_user | default(ansible_user_id) }}" - name: Ensure user exists - user: - name: "{{ target_user }}" + ansible.builtin.user: + name: "{{ user_target_user }}" state: present when: ansible_connection != 'local' diff --git a/roles/user/tests/test.yml b/roles/user/tests/test.yml index 724a2ab..7768131 100644 --- a/roles/user/tests/test.yml +++ b/roles/user/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: localhost +- name: Test user role + hosts: localhost remote_user: root roles: - user