diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | ansible.cfg | 1 | ||||
-rw-r--r-- | roles/certbot/tasks/main.yml | 8 | ||||
-rw-r--r-- | roles/common/tasks/main.yml | 3 | ||||
-rw-r--r-- | roles/fail2ban/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/nginx-cloudflare-mtls/meta/main.yml | 2 | ||||
-rw-r--r-- | roles/nginx-cloudflare-mtls/tasks/main.yml | 4 | ||||
-rw-r--r-- | roles/nginx-geoip/meta/main.yml | 2 | ||||
-rw-r--r-- | roles/nginx-geoip/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/nginx-ufw/meta/main.yml | 4 | ||||
-rw-r--r-- | roles/nginx-ufw/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/nginx/handlers/main.yml | 2 | ||||
-rw-r--r-- | roles/nginx/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/prometheus/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/wireguard/handlers/main.yml | 2 |
15 files changed, 22 insertions, 18 deletions
@@ -1,4 +1,4 @@ vault_passwords venv .cache/ -.vscode/
\ No newline at end of file +.vscode/ diff --git a/ansible.cfg b/ansible.cfg index cbc8f09..6cbcfc6 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,6 +2,7 @@ remote_user = root inventory = inventory/hosts.yaml host_key_checking = False +vault_password_file = vault_passwords [privilege_escalation] become = yes diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index 3766444..8b05420 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -25,7 +25,7 @@ dest: /etc/letsencrypt/cloudflare.ini owner: root group: root - mode: 0400 + mode: "0400" tags: - role::certbot @@ -50,7 +50,7 @@ state: directory owner: root group: root - mode: 0700 + mode: "0700" tags: - role::certbot @@ -61,7 +61,7 @@ dest: /opt/cert_rsync.sh owner: root group: root - mode: 0500 + mode: "0500" tags: - role::certbot @@ -93,7 +93,7 @@ dest: /etc/letsencrypt/renewal-hooks/deploy/distribute-certs owner: root group: root - mode: 0700 + mode: "0700" tags: - role::certbot diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 26138a5..b9b9c52 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -71,5 +71,8 @@ copy: src: /etc/skel/.bashrc dest: /root/.bashrc + mode: '0644' + owner: root + group: root tags: - role::common diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml index c71335b..74a5442 100644 --- a/roles/fail2ban/tasks/main.yml +++ b/roles/fail2ban/tasks/main.yml @@ -12,7 +12,7 @@ dest: /etc/fail2ban/jail.local owner: root group: root - mode: 0644 + mode: "0644" tags: - role::fail2ban notify: diff --git a/roles/nginx-cloudflare-mtls/meta/main.yml b/roles/nginx-cloudflare-mtls/meta/main.yml index 72b1bd7..8b662c9 100644 --- a/roles/nginx-cloudflare-mtls/meta/main.yml +++ b/roles/nginx-cloudflare-mtls/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - nginx + - role: nginx diff --git a/roles/nginx-cloudflare-mtls/tasks/main.yml b/roles/nginx-cloudflare-mtls/tasks/main.yml index d5ef7f4..21d1b28 100644 --- a/roles/nginx-cloudflare-mtls/tasks/main.yml +++ b/roles/nginx-cloudflare-mtls/tasks/main.yml @@ -5,7 +5,7 @@ state: directory owner: root group: root - mode: 0444 + mode: "0444" tags: - role::nginx-cloudflare-mtls @@ -15,6 +15,6 @@ dest: /etc/nginx/certs/cloudflare.crt owner: root group: root - mode: 0444 + mode: "0444" tags: - role::nginx-cloudflare-mtls diff --git a/roles/nginx-geoip/meta/main.yml b/roles/nginx-geoip/meta/main.yml index 72b1bd7..8b662c9 100644 --- a/roles/nginx-geoip/meta/main.yml +++ b/roles/nginx-geoip/meta/main.yml @@ -1,3 +1,3 @@ --- dependencies: - - nginx + - role: nginx diff --git a/roles/nginx-geoip/tasks/main.yml b/roles/nginx-geoip/tasks/main.yml index f772278..50ba93d 100644 --- a/roles/nginx-geoip/tasks/main.yml +++ b/roles/nginx-geoip/tasks/main.yml @@ -6,7 +6,7 @@ dest: /etc/nginx/conf.d/geoip.conf owner: root group: root - mode: 0444 + mode: "0444" tags: - role::nginx-geoip notify: diff --git a/roles/nginx-ufw/meta/main.yml b/roles/nginx-ufw/meta/main.yml index dac7049..a6e9124 100644 --- a/roles/nginx-ufw/meta/main.yml +++ b/roles/nginx-ufw/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - nginx - - ufw + - role: nginx + - role: ufw diff --git a/roles/nginx-ufw/tasks/main.yml b/roles/nginx-ufw/tasks/main.yml index fb703bf..3b52f14 100644 --- a/roles/nginx-ufw/tasks/main.yml +++ b/roles/nginx-ufw/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Allow http(s) traffic through the firewall - ufw: + community.general.ufw: app: Nginx Full rule: allow tags: diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml index 376d85a..2e84daf 100644 --- a/roles/nginx/handlers/main.yml +++ b/roles/nginx/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: reload the nginx service +- name: Reload the nginx service service: name: nginx state: reloaded diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 29fc854..266e916 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -15,7 +15,7 @@ dest: /etc/nginx/conf.d/default_server.conf group: root owner: root - mode: 0644 + mode: "0644" tags: - role::nginx notify: diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index eb60335..b1bb67a 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -26,7 +26,7 @@ dest: /etc/prometheus/prometheus.yml owner: prometheus group: prometheus - mode: 0400 + mode: "0400" tags: - role::prometheus notify: diff --git a/roles/wireguard/handlers/main.yml b/roles/wireguard/handlers/main.yml index 0edcf3a..86f6400 100644 --- a/roles/wireguard/handlers/main.yml +++ b/roles/wireguard/handlers/main.yml @@ -1,4 +1,4 @@ -- name: reload wg-quick +- name: Reload wg-quick service: name: wg-quick@wg0 state: reloaded |