aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--ansible.cfg1
-rw-r--r--roles/certbot/tasks/main.yml8
-rw-r--r--roles/common/tasks/main.yml3
-rw-r--r--roles/fail2ban/tasks/main.yml2
-rw-r--r--roles/nginx-cloudflare-mtls/meta/main.yml2
-rw-r--r--roles/nginx-cloudflare-mtls/tasks/main.yml4
-rw-r--r--roles/nginx-geoip/meta/main.yml2
-rw-r--r--roles/nginx-geoip/tasks/main.yml2
-rw-r--r--roles/nginx-ufw/meta/main.yml4
-rw-r--r--roles/nginx-ufw/tasks/main.yml2
-rw-r--r--roles/nginx/handlers/main.yml2
-rw-r--r--roles/nginx/tasks/main.yml2
-rw-r--r--roles/prometheus/tasks/main.yml2
-rw-r--r--roles/wireguard/handlers/main.yml2
15 files changed, 22 insertions, 18 deletions
diff --git a/.gitignore b/.gitignore
index 68015c4..7fe4ce4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
vault_passwords
venv
.cache/
-.vscode/ \ No newline at end of file
+.vscode/
diff --git a/ansible.cfg b/ansible.cfg
index cbc8f09..6cbcfc6 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -2,6 +2,7 @@
remote_user = root
inventory = inventory/hosts.yaml
host_key_checking = False
+vault_password_file = vault_passwords
[privilege_escalation]
become = yes
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index 3766444..8b05420 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -25,7 +25,7 @@
dest: /etc/letsencrypt/cloudflare.ini
owner: root
group: root
- mode: 0400
+ mode: "0400"
tags:
- role::certbot
@@ -50,7 +50,7 @@
state: directory
owner: root
group: root
- mode: 0700
+ mode: "0700"
tags:
- role::certbot
@@ -61,7 +61,7 @@
dest: /opt/cert_rsync.sh
owner: root
group: root
- mode: 0500
+ mode: "0500"
tags:
- role::certbot
@@ -93,7 +93,7 @@
dest: /etc/letsencrypt/renewal-hooks/deploy/distribute-certs
owner: root
group: root
- mode: 0700
+ mode: "0700"
tags:
- role::certbot
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 26138a5..b9b9c52 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -71,5 +71,8 @@
copy:
src: /etc/skel/.bashrc
dest: /root/.bashrc
+ mode: '0644'
+ owner: root
+ group: root
tags:
- role::common
diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml
index c71335b..74a5442 100644
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@@ -12,7 +12,7 @@
dest: /etc/fail2ban/jail.local
owner: root
group: root
- mode: 0644
+ mode: "0644"
tags:
- role::fail2ban
notify:
diff --git a/roles/nginx-cloudflare-mtls/meta/main.yml b/roles/nginx-cloudflare-mtls/meta/main.yml
index 72b1bd7..8b662c9 100644
--- a/roles/nginx-cloudflare-mtls/meta/main.yml
+++ b/roles/nginx-cloudflare-mtls/meta/main.yml
@@ -1,3 +1,3 @@
---
dependencies:
- - nginx
+ - role: nginx
diff --git a/roles/nginx-cloudflare-mtls/tasks/main.yml b/roles/nginx-cloudflare-mtls/tasks/main.yml
index d5ef7f4..21d1b28 100644
--- a/roles/nginx-cloudflare-mtls/tasks/main.yml
+++ b/roles/nginx-cloudflare-mtls/tasks/main.yml
@@ -5,7 +5,7 @@
state: directory
owner: root
group: root
- mode: 0444
+ mode: "0444"
tags:
- role::nginx-cloudflare-mtls
@@ -15,6 +15,6 @@
dest: /etc/nginx/certs/cloudflare.crt
owner: root
group: root
- mode: 0444
+ mode: "0444"
tags:
- role::nginx-cloudflare-mtls
diff --git a/roles/nginx-geoip/meta/main.yml b/roles/nginx-geoip/meta/main.yml
index 72b1bd7..8b662c9 100644
--- a/roles/nginx-geoip/meta/main.yml
+++ b/roles/nginx-geoip/meta/main.yml
@@ -1,3 +1,3 @@
---
dependencies:
- - nginx
+ - role: nginx
diff --git a/roles/nginx-geoip/tasks/main.yml b/roles/nginx-geoip/tasks/main.yml
index f772278..50ba93d 100644
--- a/roles/nginx-geoip/tasks/main.yml
+++ b/roles/nginx-geoip/tasks/main.yml
@@ -6,7 +6,7 @@
dest: /etc/nginx/conf.d/geoip.conf
owner: root
group: root
- mode: 0444
+ mode: "0444"
tags:
- role::nginx-geoip
notify:
diff --git a/roles/nginx-ufw/meta/main.yml b/roles/nginx-ufw/meta/main.yml
index dac7049..a6e9124 100644
--- a/roles/nginx-ufw/meta/main.yml
+++ b/roles/nginx-ufw/meta/main.yml
@@ -1,4 +1,4 @@
---
dependencies:
- - nginx
- - ufw
+ - role: nginx
+ - role: ufw
diff --git a/roles/nginx-ufw/tasks/main.yml b/roles/nginx-ufw/tasks/main.yml
index fb703bf..3b52f14 100644
--- a/roles/nginx-ufw/tasks/main.yml
+++ b/roles/nginx-ufw/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: Allow http(s) traffic through the firewall
- ufw:
+ community.general.ufw:
app: Nginx Full
rule: allow
tags:
diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml
index 376d85a..2e84daf 100644
--- a/roles/nginx/handlers/main.yml
+++ b/roles/nginx/handlers/main.yml
@@ -1,5 +1,5 @@
---
-- name: reload the nginx service
+- name: Reload the nginx service
service:
name: nginx
state: reloaded
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 29fc854..266e916 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -15,7 +15,7 @@
dest: /etc/nginx/conf.d/default_server.conf
group: root
owner: root
- mode: 0644
+ mode: "0644"
tags:
- role::nginx
notify:
diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml
index eb60335..b1bb67a 100644
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@@ -26,7 +26,7 @@
dest: /etc/prometheus/prometheus.yml
owner: prometheus
group: prometheus
- mode: 0400
+ mode: "0400"
tags:
- role::prometheus
notify:
diff --git a/roles/wireguard/handlers/main.yml b/roles/wireguard/handlers/main.yml
index 0edcf3a..86f6400 100644
--- a/roles/wireguard/handlers/main.yml
+++ b/roles/wireguard/handlers/main.yml
@@ -1,4 +1,4 @@
-- name: reload wg-quick
+- name: Reload wg-quick
service:
name: wg-quick@wg0
state: reloaded