quick push of recent changes for synchronous work on other devices

2026-06-06 16:36:53 -04:00
parent e2128552b9
commit 1b6811b42b
6 changed files with 438 additions and 381 deletions
--- a/roles/init-server/tasks/harden.yml
+++ b/roles/init-server/tasks/harden.yml
@@ -5,7 +5,7 @@
  when: ansible_user not in (admins | map(attribute="username") | list) and ansible_user != "root"
  ansible.builtin.fail:
    msg: Must use administrative user for subsequent tasks
- name: Hardening SSH service for the Linode VPS
+- name: Hardening SSH service
  ansible.builtin.copy:
    src: sshd_config.d/harden.conf
    dest: /etc/ssh/sshd_config.d/harden.conf
--- a/roles/init-server/tasks/install-pkgs.yml
+++ b/roles/init-server/tasks/install-pkgs.yml
@@ -1,10 +1,6 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for roles/init-vps
- name: Checking whether administrative login used
-  when: ansible_user not in (admins | map(attribute="username") | list)
-  ansible.builtin.fail:
-    msg: Must use administrative user for subsequent tasks
 - name: Creating prerequisite directory tree for installation scripts
  ansible.builtin.file:
    path: "{{ ansible_facts['user_dir'] }}/.local/bin"
@@ -27,36 +23,17 @@
      when: ansible_facts["os_family"] == "Debian"
      become: true
      block:
-        - name: Registering a package signing key
-          when: item.key != None and item.key_path != None
-          ansible.builtin.get_url:
-            url: "{{ item.key }}"
-            dest: "{{ item.key_path | default('/etc/apt/keyrings/') }}"
-            owner: root
-            group: root
-            mode: "644"
-            force: true
-            backup: true
-          loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace | rejectattr('key', 'search', '\\.deb$') }}"
-        - name: Premature stop
-          ansible.builtin.meta: end_play
-        - name: Installing a package signing key
-          when: item.key != None
-          ansible.builtin.apt:
-            deb: "{{ item.key }}"
-            state: present
-          loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace | selectattr('key', 'search', '\\.deb$') }}"
        - name: Registering a package source
-          when: item.src_entry != None and item.src_path != None
-          ansible.builtin.copy:
-            content: "{{ item.src_entry }}"
-            dest: "{{ item.src_path }}"
-            owner: root
-            group: root
-            mode: "644"
-            force: true
-            backup: true
-          loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace }}"
+          when: item.sources != None
+          ansible.builtin.deb822_repository:
+            name: "{{ item.name }}"
+            uris: "{{ item.sources }}"
+            types: "{{ item.types | default('deb') }}"
+            suites: "{{ item.suites | default('*') }}"
+            components: "{{ item.comps | default('*') }}"
+            signed_by: "{{ item.sigkey }}"
+            state: present
+          loop: "{{ ((pkgs.mngr.core | default([])) + (pkgs.mngr.userspace | default([]))) }}"
        - name: Installing a local package in managed node
          when: item.uri != None
          ansible.builtin.apt:
@@ -64,34 +41,35 @@
            update_cache: true
            state: present
          notify: "{{ item.name }}"
-          loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace | selectattr('uri', 'search', '\\.deb$') }}"
+          loop: "{{ ((pkgs.mngr.core | default([])) + (pkgs.mngr.userspace | default([]))) | selectattr('uri', 'search', '\\.deb$') }}"
        - name: Installing a package
          when: item.name != None and item.uri == None
          ansible.builtin.package:
            name: "{{ item.name }}"
            update_cache: true
            state: latest
-          notify: "{{ item.name }}" # @TODO create corresponding roles/init-vps handlers
-          loop: "{{ pkgs.mngr.core + pkgs.mngr.userspace | rejectattr('uri', 'search', '\\.deb$') }}"
+          # notify: "{{ item.name }}" # @TODO create corresponding roles/init-vps handlers
+          loop: "{{ ((pkgs.mngr.core | default([])) + (pkgs.mngr.userspace | default([]))) | rejectattr('uri', 'search', '\\.deb$') }}"
      tags:
        - get_mngr_pkgs
    - name: Installing software by executing installation shell scripts
-      when: item.src != None
      block:
        - name: Acquiring installation shell script
+          when: item.src != None
          ansible.builtin.get_url:
            url: "{{ item.src }}"
            dest: "{{ ansible_facts['user_dir'] }}/.local/bin/{{ item.name }}-install.sh"
            force: true
            backup: true
            mode: "744"
-          loop: "{{ pkgs.script.core + pkgs.script.userspace }}"
+          loop: "{{ (pkgs.script.core | default([])) + (pkgs.script.userspace | default([])) }}"
          register: install_scripts
        - name: Executing a shell-scripted installation process
+          when: item.src != None and (((pkgs.script.core | default([])) + (pkgs.script.userspace | default([]))) | length) > 0
          become: true
          ansible.builtin.shell:
            cmd: "{{ item.dest }}"
-          notify: "{{ (pkgs.script.core + pkgs.script.userspace)[idx].name }}"
+          notify: "{{ ((pkgs.script.core | default([])) + (pkgs.script.userspace | default([])))[idx].name }}"
          loop: "{{ install_scripts.results }}"
          loop_control:
            index_var: idx
@@ -101,20 +79,22 @@
    - name: Installing software by building it from source archives
      block:
        - name: Acquiring software source archive
+          when: item.src != None
          ansible.builtin.get_url:
            url: "{{ item.src }}"
            dest: "{{ ansible_facts['user_dir'] }}/downloads/archives/"
            force: true
            backup: true
            mode: "644"
-          loop: "{{ pkgs.archive.core + pkgs.archive.userspace }}"
+          loop: "{{ (pkgs.archive.core | default([])) + (pkgs.archive.userspace | default([])) }}"
          register: archived_builds
        - name: Unarchiving software build archive
+          when: item.dest != None and (((pkgs.script.core | default([])) + (pkgs.script.userspace | default([]))) | length) > 0
          ansible.builtin.unarchive:
-            src: "{{ item.dest  }}"
+            src: "{{ item.dest }}"
            remote_src: true
-            dest: "{{ ansible_facts['user_dir'] }}/downloads/archives/released/{{ (pkgs.archive.core + pkgs.archive.userspace)[idx].name }}/"
-          notify: "{{ (pkgs.archive.core + pkgs.archive.userspace)[idx].name }}"
+            dest: "{{ ansible_facts['user_dir'] }}/downloads/archives/released/{{ ((pkgs.archive.core | default([])) + (pkgs.archive.userspace | default([])))[idx].name }}/"
+          notify: "{{ ((pkgs.archive.core | default([])) + (pkgs.archive.userspace | default([])))[idx].name }}"
          loop: "{{ archived_builds.results }}"
          loop_control:
            index_var: idx
@@ -123,6 +103,7 @@
    - name: Installing software from source git repositories
      block:
        - name: Clone git bare repository
+          when: item.src != None
          ansible.builtin.git:
            repo: "{{ item.src }}"
            dest: "{{ ansible_facts['user_dir'] }}/repos/.foreign/{{ item.name }}"
@@ -130,7 +111,7 @@
            clone: true
            single_branch: true
          notify: "{{ item.name }}"
-          loop: "{{ pkgs.git_repos.core + pkgs.git_repos.userspace }}"
+          loop: "{{ (pkgs.git_repos.core | default([])) + (pkgs.git_repos.userspace | default([])) }}"
          register: installation_repos
      tags:
        - get_git_pkgs