diff options
24 files changed, 115 insertions, 125 deletions
diff --git a/roles/apt-repo/aptly/handlers/main.yml b/roles/apt-repo/aptly/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/apt-repo/aptly/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/apt-repo/aptly/tasks/main.yml b/roles/apt-repo/aptly/tasks/main.yml index e11d610e..7a482549 100644 --- a/roles/apt-repo/aptly/tasks/main.yml +++ b/roles/apt-repo/aptly/tasks/main.yml @@ -3,14 +3,17 @@ copy: src: repo.gpg dest: /etc/apt/trusted.gpg.d/aptly.gpg - notify: update apt cache + register: apt_repo_aptly_key - name: add repository entry copy: content: | deb http://repo.aptly.info/ squeeze main dest: /etc/apt/sources.list.d/aptly.list - notify: update apt cache + register: apt_repo_aptly_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_aptly_key is changed or + apt_repo_aptly_sources is changed + apt: + update_cache: yes diff --git a/roles/apt-repo/backports/handlers/main.yml b/roles/apt-repo/backports/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/apt-repo/backports/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/apt-repo/backports/tasks/main.yml b/roles/apt-repo/backports/tasks/main.yml index 7f182ca7..e21b628f 100644 --- a/roles/apt-repo/backports/tasks/main.yml +++ b/roles/apt-repo/backports/tasks/main.yml @@ -4,7 +4,9 @@ content: | deb http://{{ apt_repo_providers[apt_repo_provider][(ansible_distribution | lower)].host }}{{ apt_repo_providers[apt_repo_provider][(ansible_distribution | lower)].path }} {{ ansible_distribution_release }}-backports {{ apt_repo_components | default(apt_repo_backports_components[(ansible_distribution | lower)]) | join(' ') }} dest: /etc/apt/sources.list.d/backports.list - notify: update apt cache + register: apt_repo_backports_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_backports_sources is changed + apt: + update_cache: yes diff --git a/roles/apt-repo/base/handlers/main.yml b/roles/apt-repo/base/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/apt-repo/base/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/apt-repo/base/tasks/main.yml b/roles/apt-repo/base/tasks/main.yml index cea99d04..cc2bc8a0 100644 --- a/roles/apt-repo/base/tasks/main.yml +++ b/roles/apt-repo/base/tasks/main.yml @@ -3,15 +3,17 @@ template: src: "{{ ansible_distribution }}.list.j2" dest: /etc/apt/sources.list - notify: update apt cache + register: apt_repo_base_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_base_sources is changed + apt: + update_cache: yes ## aptitude is needed for package upgrade roles - name: install aptitude and https transport apt: name: - - aptitude - - apt-transport-https + - aptitude + - apt-transport-https state: present diff --git a/roles/apt-repo/blackmagic/handlers/main.yml b/roles/apt-repo/blackmagic/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/apt-repo/blackmagic/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/apt-repo/blackmagic/tasks/main.yml b/roles/apt-repo/blackmagic/tasks/main.yml index 3152d7b8..c2652ed3 100644 --- a/roles/apt-repo/blackmagic/tasks/main.yml +++ b/roles/apt-repo/blackmagic/tasks/main.yml @@ -3,7 +3,7 @@ copy: src: repo.gpg dest: /etc/apt/trusted.gpg.d/blackmagic.gpg - notify: update apt cache + register: apt_repo_blackmagic_key - name: configure repo authentication @@ -16,28 +16,28 @@ line: "machine build.spreadspace.org login {{ apt_repo_blackmagic_auth.username }} password {{ apt_repo_blackmagic_auth.password }}" create: yes mode: 0600 - notify: update apt cache + register: apt_repo_blackmagic_auth_legacy - name: configure repo authentication when: (ansible_distribution == "Ubuntu") or (ansible_distribution == "Debian" and (ansible_distribution_major_version | int) >= 10) block: - - name: remove old repo authentication - lineinfile: - path: /etc/apt/auth.conf - regexp: "^machine build.spreadspace.org " - state: absent - notify: update apt cache + - name: remove old repo authentication + lineinfile: + path: /etc/apt/auth.conf + regexp: "^machine build.spreadspace.org " + state: absent + register: apt_repo_blackmagic_auth_legacy_remove - - name: configure repo authentication - copy: - content: | - machine build.spreadspace.org - login {{ apt_repo_blackmagic_auth.username }} - password {{ apt_repo_blackmagic_auth.password }} - dest: /etc/apt/auth.conf.d/blackmagic.conf - mode: 0600 - notify: update apt cache + - name: configure repo authentication + copy: + content: | + machine build.spreadspace.org + login {{ apt_repo_blackmagic_auth.username }} + password {{ apt_repo_blackmagic_auth.password }} + dest: /etc/apt/auth.conf.d/blackmagic.conf + mode: 0600 + register: apt_repo_blackmagic_auth - name: add repository entry @@ -45,7 +45,13 @@ content: | deb https://build.spreadspace.org/ {{ ansible_distribution_release }} blackmagic dest: /etc/apt/sources.list.d/blackmagic.list - notify: update apt cache + register: apt_repo_blackmagic_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_blackmagic_key is changed or + apt_repo_blackmagic_auth_legacy is changed or + apt_repo_blackmagic_auth_legacy_remove is changed or + apt_repo_blackmagic_auth is changed or + apt_repo_blackmagic_sources is changed + apt: + update_cache: yes diff --git a/roles/apt-repo/kubernetes/handlers/main.yml b/roles/apt-repo/kubernetes/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/apt-repo/kubernetes/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/apt-repo/kubernetes/tasks/main.yml b/roles/apt-repo/kubernetes/tasks/main.yml index 0226a3ff..56e11f78 100644 --- a/roles/apt-repo/kubernetes/tasks/main.yml +++ b/roles/apt-repo/kubernetes/tasks/main.yml @@ -3,14 +3,17 @@ copy: src: repo.gpg dest: /etc/apt/trusted.gpg.d/kubernetes.gpg - notify: update apt cache + register: apt_repo_kubernetes_key - name: add repository entry copy: content: | deb https://apt.kubernetes.io/ kubernetes-xenial main dest: /etc/apt/sources.list.d/kubernetes.list - notify: update apt cache + register: apt_repo_kubernetes_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_kubernetes_key is changed or + apt_repo_kubernetes_sources is changed + apt: + update_cache: yes diff --git a/roles/apt-repo/riot/handlers/main.yml b/roles/apt-repo/riot/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/apt-repo/riot/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/apt-repo/riot/tasks/main.yml b/roles/apt-repo/riot/tasks/main.yml index 060cc8e3..8bc075dd 100644 --- a/roles/apt-repo/riot/tasks/main.yml +++ b/roles/apt-repo/riot/tasks/main.yml @@ -3,14 +3,17 @@ copy: src: repo.gpg dest: /etc/apt/trusted.gpg.d/riot.gpg - notify: update apt cache + register: apt_repo_riot_key - name: add repository entry copy: content: | deb https://riot.im/packages/debian/ default main dest: /etc/apt/sources.list.d/riot.list - notify: update apt cache + register: apt_repo_riot_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_riot_key is changed or + apt_repo_riot_sources is changed + apt: + update_cache: yes diff --git a/roles/apt-repo/spreadspace/handlers/main.yml b/roles/apt-repo/spreadspace/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/apt-repo/spreadspace/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/apt-repo/spreadspace/tasks/main.yml b/roles/apt-repo/spreadspace/tasks/main.yml index 0b3f3cd6..9f656413 100644 --- a/roles/apt-repo/spreadspace/tasks/main.yml +++ b/roles/apt-repo/spreadspace/tasks/main.yml @@ -3,14 +3,17 @@ copy: src: repo.gpg dest: /etc/apt/trusted.gpg.d/spreadspace.gpg - notify: update apt cache + register: apt_repo_spreadspace_key - name: add repository entry copy: content: | deb https://build.spreadspace.org/ {{ ansible_distribution_release }} main dest: /etc/apt/sources.list.d/spreadspace.list - notify: update apt cache + register: apt_repo_spreadspace_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_spreadspace_key is changed or + apt_repo_spreadspace_sources is changed + apt: + update_cache: yes diff --git a/roles/apt-repo/tor-project/handlers/main.yml b/roles/apt-repo/tor-project/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/apt-repo/tor-project/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/apt-repo/tor-project/tasks/main.yml b/roles/apt-repo/tor-project/tasks/main.yml index 2283e41a..5c850de0 100644 --- a/roles/apt-repo/tor-project/tasks/main.yml +++ b/roles/apt-repo/tor-project/tasks/main.yml @@ -3,14 +3,17 @@ copy: src: repo.gpg dest: /etc/apt/trusted.gpg.d/tor-project.gpg - notify: update apt cache + register: apt_repo_tor_project_key - name: add repository entry copy: content: | deb [arch=amd64] http://deb.torproject.org/torproject.org {{ ansible_distribution_release }} main dest: /etc/apt/sources.list.d/tor-poject.list - notify: update apt cache + register: apt_repo_tor_project_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_tor_project_key is changed or + apt_repo_tor_project_sources is changed + apt: + update_cache: yes diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 5fcd0f26..3627303e 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,8 +1,4 @@ --- -- name: update apt cache - apt: - update_cache: yes - - name: restart docker service: name: docker diff --git a/roles/docker/tasks/docker-com.yml b/roles/docker/tasks/docker-com.yml index 92e9b002..f44d2755 100644 --- a/roles/docker/tasks/docker-com.yml +++ b/roles/docker/tasks/docker-com.yml @@ -3,14 +3,17 @@ copy: src: docker-com.gpg dest: /etc/apt/trusted.gpg.d/docker.gpg - notify: update apt cache + register: apt_repo_docker_com_key - name: add repository entry copy: content: | deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable dest: /etc/apt/sources.list.d/docker.list - notify: update apt cache + register: apt_repo_docker_com_key - name: update apt cache - meta: flush_handlers + when: apt_repo_docker_com_key is changed or + apt_repo_docker_com_sources is changed + apt: + update_cache: yes diff --git a/roles/elevate/liquidtruth/handlers/main.yml b/roles/elevate/liquidtruth/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/elevate/liquidtruth/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/elevate/liquidtruth/tasks/nodejs.yml b/roles/elevate/liquidtruth/tasks/nodejs.yml index 78063298..2ef1db34 100644 --- a/roles/elevate/liquidtruth/tasks/nodejs.yml +++ b/roles/elevate/liquidtruth/tasks/nodejs.yml @@ -3,17 +3,20 @@ copy: src: nodesource.gpg dest: /etc/apt/trusted.gpg.d/nodejs.gpg - notify: update apt cache + register: apt_repo_nodejs_key - name: add repository entry copy: content: | deb https://deb.nodesource.com/node_10.x {{ ansible_distribution_release }} main dest: /etc/apt/sources.list.d/nodejs.list - notify: update apt cache + register: apt_repo_nodejs_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_nodejs_key is changed or + apt_repo_nodejs_sources is changed + apt: + update_cache: yes - name: install nodejs apt: diff --git a/roles/elevate/media/tasks/network.yml b/roles/elevate/media/tasks/network.yml index 17e82097..ef6d364a 100644 --- a/roles/elevate/media/tasks/network.yml +++ b/roles/elevate/media/tasks/network.yml @@ -6,11 +6,11 @@ - name: install netplan configs loop: - - lan-only - - r3 - - r3-with-lan - - elevate-festival - - elevate-office + - lan-only + - r3 + - r3-with-lan + - elevate-festival + - elevate-office template: src: "netplan/{{ item }}.yaml.j2" dest: "/etc/netplan/conf-available/{{ item }}.yaml" @@ -18,11 +18,11 @@ - name: install firewall scripts loop: - - lan-only - - r3 - - r3-with-lan - - elevate-festival - - elevate-office + - lan-only + - r3 + - r3-with-lan + - elevate-festival + - elevate-office template: src: "firewall/{{ item }}.sh.j2" dest: "/etc/saswall/{{ item }}.sh" @@ -37,17 +37,17 @@ - name: set active netwok setup loop: - - dest: /etc/netplan/01-active.yaml - src: "conf-available/{{ network_setup }}.yaml" - - dest: /etc/saswall/rules.sh - src: "{{ network_setup }}.sh" + - dest: /etc/netplan/01-active.yaml + src: "conf-available/{{ network_setup }}.yaml" + - dest: /etc/saswall/rules.sh + src: "{{ network_setup }}.sh" file: state: link dest: "{{ item.dest }}" src: "{{ item.src }}" notify: - - netplan apply - - firewall restart + - netplan apply + - firewall restart - name: make sure network config has been applied meta: flush_handlers diff --git a/roles/mysql/handlers/main.yml b/roles/mysql/handlers/main.yml deleted file mode 100644 index 03ed878a..00000000 --- a/roles/mysql/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: update apt cache - apt: - update_cache: yes diff --git a/roles/mysql/tasks/percona.yml b/roles/mysql/tasks/percona.yml index b47e1ac4..72b4b9d9 100644 --- a/roles/mysql/tasks/percona.yml +++ b/roles/mysql/tasks/percona.yml @@ -3,14 +3,17 @@ copy: src: percona.gpg dest: /etc/apt/trusted.gpg.d/mysql.gpg - notify: update apt cache + register: apt_repo_percona_key - name: add repository entry copy: content: | deb http://repo.percona.com/apt {{ ansible_distribution_release }} main dest: /etc/apt/sources.list.d/mysql.list - notify: update apt cache + register: apt_repo_percona_sources - name: update apt cache - meta: flush_handlers + when: apt_repo_percona_key is changed or + apt_repo_percona_sources is changed + apt: + update_cache: yes diff --git a/roles/nginx/vhost/tasks/acme.yml b/roles/nginx/vhost/tasks/acme.yml index 1044adb9..21ab8695 100644 --- a/roles/nginx/vhost/tasks/acme.yml +++ b/roles/nginx/vhost/tasks/acme.yml @@ -14,24 +14,24 @@ - name: link nonexistent hostnames to self-signed interim cert when: acmecert_missing_hostnames | length > 0 block: - - name: get id of existing selfsigned interim certificate - command: cat /var/lib/acme/.selfsigned-interim-cert - changed_when: false - check_mode: false - register: selfsigned_interim_cert_id + - name: get id of existing selfsigned interim certificate + command: cat /var/lib/acme/.selfsigned-interim-cert + changed_when: false + check_mode: false + register: selfsigned_interim_cert_id - - name: set selfsigned_interim_cert_id variable - set_fact: - selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}" + - name: set selfsigned_interim_cert_id variable + set_fact: + selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}" - - name: link to snakeoil cert for nonexistent hostnames - loop: "{{ acmecert_missing_hostnames }}" - loop_control: - loop_var: acme_missing_hostname - file: - src: "../certs/{{ selfsigned_interim_cert_id }}" - dest: "/var/lib/acme/live/{{ acme_missing_hostname }}" - state: link + - name: link to snakeoil cert for nonexistent hostnames + loop: "{{ acmecert_missing_hostnames }}" + loop_control: + loop_var: acme_missing_hostname + file: + src: "../certs/{{ selfsigned_interim_cert_id }}" + dest: "/var/lib/acme/live/{{ acme_missing_hostname }}" + state: link - name: make sure nginx config has been (re)loaded meta: flush_handlers |