diff --git a/group_vars/armitage.yml b/group_vars/armitage.yml index 4366873..186dbad 100644 --- a/group_vars/armitage.yml +++ b/group_vars/armitage.yml @@ -27,15 +27,15 @@ admins: # > hashed (and maybe salted) password password: !vault | $ANSIBLE_VAULT;1.1;AES256 - 33663131343861303735643439393165356231366338346538333537643464343761373139303364 - 6630303563346437373161626662313432306138353132350a353334356139376662333562353834 - 36326461613664616565373835303636636533616462303732633461343130346134366662373566 - 6431623034653363310a303665636366353535313436666532623737373930356364616339313633 - 34663839656637373031393031656332393761623161643730326563323863363461333864353338 - 30633964353339323465643064636538346464343035626461333366303835333039653661383030 - 62656663336536373262623062633563646434646431303137306438633937323764633334396539 - 64353734613662663063343966356562326661626436663430623430663766343030646333306634 - 32353839313235313339353431323837356537336231366564313431313462613333 + 31663265653031323833373663653132653532646638316465393364613961643130653330393062 + 6165386239303965386261363565353137636164356130370a336465353931373564393339363561 + 37353162333331663833656631663165356134633961323337663439663733316231666334336539 + 6537373334326634610a623037613462663733343230306538386561363838316638623365636533 + 32313931666439363435663161663665346266653763343265376366383837376436643163376430 + 39393861613037333766386138376335653334363737626664383236303234653461313230383564 + 33393834636165386562383435666233313664656233326364616237636230303264363732376639 + 64396564366335366430303031323865333635306536346463386334303235386438663061343934 + 37376466373566396130366330383834323332626166316661336339346462343466 # @TODO change 'key' attributes of package entres under 'mngr' section below to 'signkey' # and edit 'roles/init-server/install-pks.yml' accordngly # :]> package groups @@ -46,228 +46,258 @@ pkgs: core: - name: neovim uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: flatpak uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: snapd uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: git uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: fail2ban uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: crowdsec uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: glow uri: ~ - key: "https://repo.charm.sh/apt/gpg.key" - key_path: /etc/apt/keyrings/charm.gpg - src_entry: "deb [signed-by=/etc/apt/keyrings/charm.gpg] https://repo.charm.sh/apt/ * *" - src_path: /etc/apt/sources.list.d/charm.list + sigkey: "https://repo.charm.sh/apt/gpg.key" + sources: "https://repo.charm.sh/apt/" + types: deb + suites: "*" + comps: "*" - name: vim-vimwiki uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: pandoc uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: tor uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: i2pd uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ - - name: radicle - uri: ~ - key: "https://radicle.dev/apt/radicle-archive-keyring.deb" - key_path: "{{ ansible_facts['user_dir'] }}/.local_pkgs/" - src_entry: "deb [signed-by=/usr/share/radicle/radicle-archive-keyring.asc] https://radicle.dev/apt release main" - src_path: /etc/apt/sources.list + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ + # # @TODO troubleshoot radicle installation issue or change installation method for radicle to script + # - name: radicle-keyring + # uri: "https://radicle.dev/apt/radicle-archive-keyring.deb" + # sigkey: ~ + # sources: ~ + # types: ~ + # suites: ~ + # comps: ~ + # - name: radicle + # uri: ~ + # sigkey: "https://radicle.dev/apt/radicle-archive-keyring.deb" + # sources: "https://radicle.dev/apt" + # types: deb + # suites: release + # comps: main # - name: syncthing # uri: ~ - # key: ~ - # key_path: ~ - # src_entry: ~ - # src_path: ~ + # sigkey: ~ + # sources: ~ + # types: ~ + # suites: ~ + # comps: ~ userspace: - name: podman uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: podman-compose uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: distrobox uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-core uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-doc uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-mod-crypto uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-mod-ldap uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-mod-sqlite uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: aria2 uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: syncplay-server uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: caddy uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: erlang uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: erlang-hex uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: elixir uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: python3.13 uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: python3-venv uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: python3-pip uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: golang uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: hugo uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: yt-dlp uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: syncthing-discosrv uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: syncthing-relaysrv uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ - handler: ~ - - name: avahi-daemon - uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ - - name: avahi-utils - uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ # :]> representing package groups installed by shell scripts script: # ]> representing user-level or supplemental shell script installations diff --git a/group_vars/homeserver.yml b/group_vars/homeserver.yml index 5a72559..eb503f9 100644 --- a/group_vars/homeserver.yml +++ b/group_vars/homeserver.yml @@ -17,20 +17,22 @@ pkgs: mngr: # ]> representing system-level or essential packages core: - - name: "" # name of package in repositori/repositories; used by handler listener - uri: "" # URI/URL or path to package installation file - key: "" # URI/URL or path to package signing key - key_path: "" # destination path of signing key - src_entry: "" # repository entry line/block - src_path: "" # filepath for repository entry insertion + - name: "" + uri: "" + sigkey: "" + sources: "" + types: "" + suites: "" + comps: "" # ]> representing user-level or supplemental packages userspace: - name: "" uri: "" - key: "" - key_path: "" - src_entry: "" - src_path: "" + sigkey: "" + sources: "" + types: "" + suites: "" + comps: "" # :]> representing package groups installed by shell scripts script: # ]> representing system-level or essential shell script software installations diff --git a/group_vars/sukaato.yml b/group_vars/sukaato.yml index 855c507..bcff9d6 100644 --- a/group_vars/sukaato.yml +++ b/group_vars/sukaato.yml @@ -38,15 +38,15 @@ admins: # > hashed (and maybe salted) password password: !vault | $ANSIBLE_VAULT;1.1;AES256 - 35326430616661626233643261316438323631373736323033666362353732646564366534346333 - 3435643432336165633832373634333864623363323461630a643366636136393031656163663161 - 30313863393037623661333030383931366535626135366664656538666330613936656238653862 - 6232356463633565390a363331306665393832303363316432396363623361396238623064356662 - 64363061613136643932613430633236313238306366363237366130623031326135393364326164 - 63303037376431373237616463323938623630333666356634363966613761376266346163636563 - 63316665653032653533656464336566626166333834653539343961666136653234356362333966 - 39313436363935303430393966653762326463616264373739333638373337643666623531383064 - 66353136383666626566643666663761313437396137383063373033366336663731 + 31663265653031323833373663653132653532646638316465393364613961643130653330393062 + 6165386239303965386261363565353137636164356130370a336465353931373564393339363561 + 37353162333331663833656631663165356134633961323337663439663733316231666334336539 + 6537373334326634610a623037613462663733343230306538386561363838316638623365636533 + 32313931666439363435663161663665346266653763343265376366383837376436643163376430 + 39393861613037333766386138376335653334363737626664383236303234653461313230383564 + 33393834636165386562383435666233313664656233326364616237636230303264363732376639 + 64396564366335366430303031323865333635306536346463386334303235386438663061343934 + 37376466373566396130366330383834323332626166316661336339346462343466 # @TODO change 'key' attributes of package entres under 'mngr' section below to 'signkey' # and edit 'roles/init-server/install-pks.yml' accordngly # :]> package groups @@ -57,216 +57,258 @@ pkgs: core: - name: neovim uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: flatpak uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: snapd uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: git uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: fail2ban uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: crowdsec uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sources: ~ + sigkey: ~ + types: ~ + suites: ~ + comps: ~ - name: glow uri: ~ - key: "https://repo.charm.sh/apt/gpg.key" - key_path: /etc/apt/keyrings/charm.gpg - src_entry: "deb [signed-by=/etc/apt/keyrings/charm.gpg] https://repo.charm.sh/apt/ * *" - src_path: /etc/apt/sources.list.d/charm.list + sigkey: "https://repo.charm.sh/apt/gpg.key" + sources: "https://repo.charm.sh/apt/" + types: deb + suites: "*" + comps: "*" - name: vim-vimwiki uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: pandoc uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: tor uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: i2pd uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ - - name: radicle - uri: ~ - key: "https://radicle.dev/apt/radicle-archive-keyring.deb" - key_path: "{{ ansible_facts['user_dir'] }}/.local_pkgs/" - src_entry: "deb [signed-by=/usr/share/radicle/radicle-archive-keyring.asc] https://radicle.dev/apt release main" - src_path: /etc/apt/sources.list + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ + # # @TODO troubleshoot radicle installation issue or change installation method for radicle to script + # - name: radicle-keyring + # uri: "https://radicle.dev/apt/radicle-archive-keyring.deb" + # sigkey: ~ + # sources: ~ + # types: ~ + # suites: ~ + # comps: ~ + # - name: radicle + # uri: ~ + # sigkey: "https://radicle.dev/apt/radicle-archive-keyring.deb" + # sources: "https://radicle.dev/apt" + # types: deb + # suites: release + # comps: main # - name: syncthing # uri: ~ - # key: ~ - # key_path: ~ - # src_entry: ~ - # src_path: ~ + # sigkey: ~ + # sources: ~ + # types: ~ + # suites: ~ + # comps: ~ userspace: - name: podman uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: podman-compose uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: distrobox uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-core uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-doc uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-mod-crypto uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-mod-ldap uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: proftpd-mod-sqlite uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: aria2 uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: syncplay-server uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: caddy uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: erlang uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: erlang-hex uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: elixir uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: python3.13 uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: python3-venv uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: python3-pip uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: golang uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: hugo uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: yt-dlp uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: syncthing-discosrv uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ - name: syncthing-relaysrv uri: ~ - key: ~ - key_path: ~ - src_entry: ~ - src_path: ~ - handler: ~ + sigkey: ~ + sources: ~ + types: ~ + suites: ~ + comps: ~ # :]> representing package groups installed by shell scripts script: # ]> representing user-level or supplemental shell script installations diff --git a/group_vars/vps.yml b/group_vars/vps.yml index 44ad8fa..cf4a20e 100644 --- a/group_vars/vps.yml +++ b/group_vars/vps.yml @@ -18,20 +18,22 @@ pkgs: mngr: # ]> representing system-level or essential packages core: - - name: "" # name of package in repositori/repositories; used by handler listener - uri: "" # URI/URL or path to package installation file - key: "" # URI/URL or path to package signing key - key_path: "" # destination path of signing key - src_entry: "" # repository entry line/block - src_path: "" # filepath for repository entry insertion + - name: "" + uri: "" + sigkey: "" + sources: "" + types: "" + suites: "" + comps: "" # ]> representing user-level or supplemental packages userspace: - name: "" uri: "" - key: "" - key_path: "" - src_entry: "" - src_path: "" + sigkey: "" + sources: "" + types: "" + suites: "" + comps: "" # :]> representing package groups installed by shell scripts script: # ]> representing system-level or essential shell script software installations diff --git a/roles/init-server/tasks/harden.yml b/roles/init-server/tasks/harden.yml index 2cb44e8..a285f68 100644 --- a/roles/init-server/tasks/harden.yml +++ b/roles/init-server/tasks/harden.yml @@ -5,7 +5,7 @@ when: ansible_user not in (admins | map(attribute="username") | list) and ansible_user != "root" ansible.builtin.fail: msg: Must use administrative user for subsequent tasks -- name: Hardening SSH service for the Linode VPS +- name: Hardening SSH service ansible.builtin.copy: src: sshd_config.d/harden.conf dest: /etc/ssh/sshd_config.d/harden.conf diff --git a/roles/init-server/tasks/install-pkgs.yml b/roles/init-server/tasks/install-pkgs.yml index e6eb686..c6f6f68 100644 --- a/roles/init-server/tasks/install-pkgs.yml +++ b/roles/init-server/tasks/install-pkgs.yml @@ -1,10 +1,6 @@ #SPDX-License-Identifier: MIT-0 --- # tasks file for roles/init-vps -- name: Checking whether administrative login used - when: ansible_user not in (admins | map(attribute="username") | list) - ansible.builtin.fail: - msg: Must use administrative user for subsequent tasks - name: Creating prerequisite directory tree for installation scripts ansible.builtin.file: path: "{{ ansible_facts['user_dir'] }}/.local/bin" @@ -27,36 +23,17 @@ when: ansible_facts["os_family"] == "Debian" become: true block: - - name: Registering a package signing key - when: item.key != None and item.key_path != None - ansible.builtin.get_url: - url: "{{ item.key }}" - dest: "{{ item.key_path | default('/etc/apt/keyrings/') }}" - owner: root - group: root - mode: "644" - force: true - backup: true - loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace | rejectattr('key', 'search', '\\.deb$') }}" - - name: Premature stop - ansible.builtin.meta: end_play - - name: Installing a package signing key - when: item.key != None - ansible.builtin.apt: - deb: "{{ item.key }}" - state: present - loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace | selectattr('key', 'search', '\\.deb$') }}" - name: Registering a package source - when: item.src_entry != None and item.src_path != None - ansible.builtin.copy: - content: "{{ item.src_entry }}" - dest: "{{ item.src_path }}" - owner: root - group: root - mode: "644" - force: true - backup: true - loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace }}" + when: item.sources != None + ansible.builtin.deb822_repository: + name: "{{ item.name }}" + uris: "{{ item.sources }}" + types: "{{ item.types | default('deb') }}" + suites: "{{ item.suites | default('*') }}" + components: "{{ item.comps | default('*') }}" + signed_by: "{{ item.sigkey }}" + state: present + loop: "{{ ((pkgs.mngr.core | default([])) + (pkgs.mngr.userspace | default([]))) }}" - name: Installing a local package in managed node when: item.uri != None ansible.builtin.apt: @@ -64,34 +41,35 @@ update_cache: true state: present notify: "{{ item.name }}" - loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace | selectattr('uri', 'search', '\\.deb$') }}" + loop: "{{ ((pkgs.mngr.core | default([])) + (pkgs.mngr.userspace | default([]))) | selectattr('uri', 'search', '\\.deb$') }}" - name: Installing a package when: item.name != None and item.uri == None ansible.builtin.package: name: "{{ item.name }}" update_cache: true state: latest - notify: "{{ item.name }}" # @TODO create corresponding roles/init-vps handlers - loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace | rejectattr('uri', 'search', '\\.deb$') }}" + # notify: "{{ item.name }}" # @TODO create corresponding roles/init-vps handlers + loop: "{{ ((pkgs.mngr.core | default([])) + (pkgs.mngr.userspace | default([]))) | rejectattr('uri', 'search', '\\.deb$') }}" tags: - get_mngr_pkgs - name: Installing software by executing installation shell scripts - when: item.src != None block: - name: Acquiring installation shell script + when: item.src != None ansible.builtin.get_url: url: "{{ item.src }}" dest: "{{ ansible_facts['user_dir'] }}/.local/bin/{{ item.name }}-install.sh" force: true backup: true mode: "744" - loop: "{{ pkgs.script.core + pkgs.script.userspace }}" + loop: "{{ (pkgs.script.core | default([])) + (pkgs.script.userspace | default([])) }}" register: install_scripts - name: Executing a shell-scripted installation process + when: item.src != None and (((pkgs.script.core | default([])) + (pkgs.script.userspace | default([]))) | length) > 0 become: true ansible.builtin.shell: cmd: "{{ item.dest }}" - notify: "{{ (pkgs.script.core + pkgs.script.userspace)[idx].name }}" + notify: "{{ ((pkgs.script.core | default([])) + (pkgs.script.userspace | default([])))[idx].name }}" loop: "{{ install_scripts.results }}" loop_control: index_var: idx @@ -101,20 +79,22 @@ - name: Installing software by building it from source archives block: - name: Acquiring software source archive + when: item.src != None ansible.builtin.get_url: url: "{{ item.src }}" dest: "{{ ansible_facts['user_dir'] }}/downloads/archives/" force: true backup: true mode: "644" - loop: "{{ pkgs.archive.core + pkgs.archive.userspace }}" + loop: "{{ (pkgs.archive.core | default([])) + (pkgs.archive.userspace | default([])) }}" register: archived_builds - name: Unarchiving software build archive + when: item.dest != None and (((pkgs.script.core | default([])) + (pkgs.script.userspace | default([]))) | length) > 0 ansible.builtin.unarchive: - src: "{{ item.dest }}" + src: "{{ item.dest }}" remote_src: true - dest: "{{ ansible_facts['user_dir'] }}/downloads/archives/released/{{ (pkgs.archive.core + pkgs.archive.userspace)[idx].name }}/" - notify: "{{ (pkgs.archive.core + pkgs.archive.userspace)[idx].name }}" + dest: "{{ ansible_facts['user_dir'] }}/downloads/archives/released/{{ ((pkgs.archive.core | default([])) + (pkgs.archive.userspace | default([])))[idx].name }}/" + notify: "{{ ((pkgs.archive.core | default([])) + (pkgs.archive.userspace | default([])))[idx].name }}" loop: "{{ archived_builds.results }}" loop_control: index_var: idx @@ -123,6 +103,7 @@ - name: Installing software from source git repositories block: - name: Clone git bare repository + when: item.src != None ansible.builtin.git: repo: "{{ item.src }}" dest: "{{ ansible_facts['user_dir'] }}/repos/.foreign/{{ item.name }}" @@ -130,7 +111,7 @@ clone: true single_branch: true notify: "{{ item.name }}" - loop: "{{ pkgs.git_repos.core + pkgs.git_repos.userspace }}" + loop: "{{ (pkgs.git_repos.core | default([])) + (pkgs.git_repos.userspace | default([])) }}" register: installation_repos tags: - get_git_pkgs \ No newline at end of file