merging all roles into one repo. - ansible_roles - Unnamed repository; edit thi… | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit 34be01c0601ea35294c19b9832933cf162526259 | |
Author: Jay Scott <[email protected]> | |
Date: Sat, 5 Sep 2020 16:32:57 +0100 | |
merging all roles into one repo. | |
Diffstat: | |
A LICENSE | 22 ++++++++++++++++++++++ | |
A README | 6 ++++++ | |
A ansible-role-stagit/.ansible-lint | 2 ++ | |
A ansible-role-stagit/.yamllint | 11 +++++++++++ | |
A ansible-role-stagit/LICENSE | 22 ++++++++++++++++++++++ | |
A ansible-role-stagit/README | 44 +++++++++++++++++++++++++++++… | |
A ansible-role-stagit/defaults/main.… | 12 ++++++++++++ | |
A ansible-role-stagit/files/favicon.… | 0 | |
A ansible-role-stagit/files/logo.png | 0 | |
A ansible-role-stagit/files/style.css | 106 ++++++++++++++++++++++++++++++ | |
A ansible-role-stagit/handlers/main.… | 4 ++++ | |
A ansible-role-stagit/meta/main.yml | 23 +++++++++++++++++++++++ | |
A ansible-role-stagit/molecule/defau… | 12 ++++++++++++ | |
A ansible-role-stagit/molecule/defau… | 23 +++++++++++++++++++++++ | |
A ansible-role-stagit/tasks/main.yml | 69 ++++++++++++++++++++++++++++++ | |
A ansible-role-stagit/tasks/setup-De… | 5 +++++ | |
A ansible-role-stagit/tasks/setup-Re… | 6 ++++++ | |
A ansible-role-stagit/tasks/variable… | 9 +++++++++ | |
A ansible-role-stagit/templates/crea… | 42 +++++++++++++++++++++++++++… | |
A ansible-role-stagit/templates/post… | 3 +++ | |
A ansible-role-stagit/vars/Debian-9.… | 7 +++++++ | |
A ansible-role-stagit/vars/RedHat-7.… | 7 +++++++ | |
A ansible-role-stagit/vars/RedHat-8.… | 7 +++++++ | |
A ansible-role-stagit/vars/Ubuntu-18… | 6 ++++++ | |
A ansible-role-stagit/vars/Ubuntu-20… | 6 ++++++ | |
A aws-vpc/LICENSE | 22 ++++++++++++++++++++++ | |
A aws-vpc/README | 60 +++++++++++++++++++++++++++++… | |
A aws-vpc/defaults/main.yml | 4 ++++ | |
A aws-vpc/meta/main.yml | 16 ++++++++++++++++ | |
A aws-vpc/tasks/create_nat_gateway.y… | 22 ++++++++++++++++++++++ | |
A aws-vpc/tasks/create_routes.yml | 41 +++++++++++++++++++++++++++++… | |
A aws-vpc/tasks/create_subnets.yml | 13 +++++++++++++ | |
A aws-vpc/tasks/create_vpc.yml | 21 +++++++++++++++++++++ | |
A aws-vpc/tasks/main.yml | 16 ++++++++++++++++ | |
A aws-vpc/tasks/pre_tasks.yml | 16 ++++++++++++++++ | |
A firewalld/LICENSE | 22 ++++++++++++++++++++++ | |
A firewalld/README | 71 +++++++++++++++++++++++++++++… | |
A firewalld/defaults/main.yml | 0 | |
A firewalld/handlers/main.yml | 3 +++ | |
A firewalld/meta/main.yml | 12 ++++++++++++ | |
A firewalld/tasks/main.yml | 15 +++++++++++++++ | |
A firewalld/vars/main.yml | 1 + | |
A quark/.ansible-lint | 2 ++ | |
A quark/.yamllint | 11 +++++++++++ | |
A quark/LICENSE | 22 ++++++++++++++++++++++ | |
A quark/README | 39 +++++++++++++++++++++++++++++… | |
A quark/defaults/main.yml | 13 +++++++++++++ | |
A quark/handlers/main.yml | 6 ++++++ | |
A quark/meta/main.yml | 21 +++++++++++++++++++++ | |
A quark/molecule/default/converge.yml | 25 +++++++++++++++++++++++++ | |
A quark/molecule/default/molecule.yml | 23 +++++++++++++++++++++++ | |
A quark/tasks/main.yml | 50 +++++++++++++++++++++++++++++… | |
A quark/tasks/setup-Debian.yml | 5 +++++ | |
A quark/tasks/setup-RedHat.yml | 5 +++++ | |
A quark/tasks/variables.yml | 9 +++++++++ | |
A quark/templates/quark.service.j2 | 12 ++++++++++++ | |
A quark/vars/RedHat-7.yml | 5 +++++ | |
A quark/vars/RedHat-8.yml | 5 +++++ | |
A quark/vars/Ubuntu-18.yml | 5 +++++ | |
A quark/vars/Ubuntu-20.yml | 5 +++++ | |
A searx/LICENSE | 22 ++++++++++++++++++++++ | |
A searx/README | 42 +++++++++++++++++++++++++++++… | |
A searx/defaults/main.yml | 16 ++++++++++++++++ | |
A searx/handlers/main.yml | 19 +++++++++++++++++++ | |
A searx/meta/main.yml | 22 ++++++++++++++++++++++ | |
A searx/molecule/default/converge.yml | 18 ++++++++++++++++++ | |
A searx/molecule/default/molecule.yml | 23 +++++++++++++++++++++++ | |
A searx/tasks/main.yml | 92 +++++++++++++++++++++++++++++… | |
A searx/tasks/setup-Debian.yml | 5 +++++ | |
A searx/tasks/setup-RedHat.yml | 25 +++++++++++++++++++++++++ | |
A searx/tasks/variables.yml | 19 +++++++++++++++++++ | |
A searx/templates/searx.service.j2 | 13 +++++++++++++ | |
A searx/templates/uwsgi.ini.j2 | 18 ++++++++++++++++++ | |
A searx/templates/uwsgi.service.j2 | 10 ++++++++++ | |
A searx/templates/vhost.conf.j2 | 17 +++++++++++++++++ | |
A searx/vars/RedHat-7.yml | 17 +++++++++++++++++ | |
A searx/vars/RedHat-8.yml | 17 +++++++++++++++++ | |
A searx/vars/Ubuntu-16.yml | 16 ++++++++++++++++ | |
A searx/vars/Ubuntu-18.yml | 16 ++++++++++++++++ | |
A searx/vars/Ubuntu-20.yml | 16 ++++++++++++++++ | |
80 files changed, 1515 insertions(+), 0 deletions(-) | |
--- | |
diff --git a/LICENSE b/LICENSE | |
@@ -0,0 +1,22 @@ | |
+The MIT License (MIT) | |
+ | |
+Copyright (c) 2015 Jay Scott | |
+ | |
+Permission is hereby granted, free of charge, to any person obtaining a copy | |
+of this software and associated documentation files (the "Software"), to deal | |
+in the Software without restriction, including without limitation the rights | |
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
+copies of the Software, and to permit persons to whom the Software is | |
+furnished to do so, subject to the following conditions: | |
+ | |
+The above copyright notice and this permission notice shall be included in all | |
+copies or substantial portions of the Software. | |
+ | |
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
+THE SOFTWARE. | |
+ | |
diff --git a/README b/README | |
@@ -0,0 +1,6 @@ | |
+-= ansible-roles =- | |
+ | |
+ This is a collection of ansible roles, these were all in separate git | |
+repos at one point, however, I have merged them into one as I rarely use them | |
+now. Within each role there is a README with more details on how to implement | |
+and use that role. | |
diff --git a/ansible-role-stagit/.ansible-lint b/ansible-role-stagit/.ansible-l… | |
@@ -0,0 +1,2 @@ | |
+skip_list: | |
+ - '503' | |
diff --git a/ansible-role-stagit/.yamllint b/ansible-role-stagit/.yamllint | |
@@ -0,0 +1,11 @@ | |
+--- | |
+# Based on ansible-lint config | |
+extends: default | |
+ | |
+rules: | |
+ line-length: | |
+ max: 120 | |
+ level: warning | |
+ | |
+ignore: | | |
+ .github/stale.yml | |
diff --git a/ansible-role-stagit/LICENSE b/ansible-role-stagit/LICENSE | |
@@ -0,0 +1,22 @@ | |
+The MIT License (MIT) | |
+ | |
+Copyright (c) 2015 Jay Scott | |
+ | |
+Permission is hereby granted, free of charge, to any person obtaining a copy | |
+of this software and associated documentation files (the "Software"), to deal | |
+in the Software without restriction, including without limitation the rights | |
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
+copies of the Software, and to permit persons to whom the Software is | |
+furnished to do so, subject to the following conditions: | |
+ | |
+The above copyright notice and this permission notice shall be included in all | |
+copies or substantial portions of the Software. | |
+ | |
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
+THE SOFTWARE. | |
+ | |
diff --git a/ansible-role-stagit/README b/ansible-role-stagit/README | |
@@ -0,0 +1,44 @@ | |
+-= jayscott.stagit =- | |
+ | |
+Install and configure a working copy of the suckless stagit application. | |
+ | |
+ | |
+Requirements | |
+------------ | |
+ | |
+None | |
+ | |
+ | |
+Role Variables | |
+-------------- | |
+ | |
+ stagit: | |
+ user: root | |
+ repo_url: git://git.codemadness.org/stagit | |
+ version: HEAD | |
+ build_path: /opt/stagit | |
+ install_path: /usr/local/bin | |
+ git_repos_path: /opt/git | |
+ html_path: /var/www/stagit | |
+ | |
+ cron_enabled: false | |
+ posthook_enabled: false | |
+ | |
+posthook_enabled will install a git hook within git_repos_path directories, | |
+this will run create_index on a push. To over-ride the default style.css, | |
+logo.png and favicon.png just add a copy block for your local files | |
+within your playbook. | |
+ | |
+ | |
+Dependencies | |
+------------ | |
+ | |
+None | |
+ | |
+ | |
+Example Playbook | |
+---------------- | |
+ | |
+ - hosts: servers | |
+ roles: | |
+ - { role: jayscott.stagit } | |
diff --git a/ansible-role-stagit/defaults/main.yml b/ansible-role-stagit/defaul… | |
@@ -0,0 +1,12 @@ | |
+--- | |
+stagit: | |
+ user: root | |
+ repo_url: git://git.codemadness.org/stagit | |
+ version: HEAD | |
+ build_path: /opt/stagit | |
+ install_path: /usr/local/bin | |
+ git_repos_path: /opt/git | |
+ html_path: /var/www/stagit | |
+ | |
+ cron_enabled: false | |
+ posthook_enabled: false | |
diff --git a/ansible-role-stagit/files/favicon.png b/ansible-role-stagit/files/… | |
Binary files differ. | |
diff --git a/ansible-role-stagit/files/logo.png b/ansible-role-stagit/files/log… | |
Binary files differ. | |
diff --git a/ansible-role-stagit/files/style.css b/ansible-role-stagit/files/st… | |
@@ -0,0 +1,106 @@ | |
+body { | |
+ color: #000; | |
+ background-color: #fff; | |
+ font-family: monospace; | |
+} | |
+ | |
+h1, h2, h3, h4, h5, h6 { | |
+ font-size: 1em; | |
+ margin: 0; | |
+} | |
+ | |
+img, h1, h2 { | |
+ vertical-align: middle; | |
+} | |
+ | |
+img { | |
+ border: 0; | |
+} | |
+ | |
+a:target { | |
+ background-color: #ccc; | |
+} | |
+ | |
+a.d, | |
+a.h, | |
+a.i, | |
+a.line { | |
+ text-decoration: none; | |
+} | |
+ | |
+#blob a { | |
+ color: #777; | |
+} | |
+ | |
+#blob a:hover { | |
+ color: blue; | |
+ text-decoration: none; | |
+} | |
+ | |
+table thead td { | |
+ font-weight: bold; | |
+} | |
+ | |
+table td { | |
+ padding: 0 0.4em; | |
+} | |
+ | |
+#content table td { | |
+ vertical-align: top; | |
+ white-space: nowrap; | |
+} | |
+ | |
+#branches tr:hover td, | |
+#tags tr:hover td, | |
+#index tr:hover td, | |
+#log tr:hover td, | |
+#files tr:hover td { | |
+ background-color: #eee; | |
+} | |
+ | |
+#index tr td:nth-child(2), | |
+#tags tr td:nth-child(3), | |
+#branches tr td:nth-child(3), | |
+#log tr td:nth-child(2) { | |
+ white-space: normal; | |
+} | |
+ | |
+td.num { | |
+ text-align: right; | |
+} | |
+ | |
+.desc { | |
+ color: #777; | |
+} | |
+ | |
+hr { | |
+ border: 0; | |
+ border-top: 1px solid #777; | |
+ height: 1px; | |
+} | |
+ | |
+pre { | |
+ font-family: monospace; | |
+} | |
+ | |
+pre a.h { | |
+ color: #00a; | |
+} | |
+ | |
+.A, | |
+span.i, | |
+pre a.i { | |
+ color: #070; | |
+} | |
+ | |
+.D, | |
+span.d, | |
+pre a.d { | |
+ color: #e00; | |
+} | |
+ | |
+pre a.h:hover, | |
+pre a.i:hover, | |
+pre a.d:hover { | |
+ text-decoration: none; | |
+} | |
diff --git a/ansible-role-stagit/handlers/main.yml b/ansible-role-stagit/handle… | |
@@ -0,0 +1,4 @@ | |
+--- | |
+ | |
+- name: reindex stagit | |
+ command: "{{ stagit.install_path }}/create_index" | |
diff --git a/ansible-role-stagit/meta/main.yml b/ansible-role-stagit/meta/main.… | |
@@ -0,0 +1,23 @@ | |
+--- | |
+galaxy_info: | |
+ role_name: stagit | |
+ author: jayscott | |
+ description: install role for stagit application. | |
+ license: "license (BSD, MIT)" | |
+ min_ansible_version: 2.9 | |
+ | |
+ platforms: | |
+ - name: Ubuntu | |
+ versions: | |
+ - focal | |
+ - bionic | |
+ - name: EL | |
+ versions: | |
+ - 8 | |
+ - name: Debian | |
+ version: | |
+ - 9 | |
+ | |
+ galaxy_tags: [] | |
+ | |
+dependencies: [] | |
diff --git a/ansible-role-stagit/molecule/default/converge.yml b/ansible-role-s… | |
@@ -0,0 +1,12 @@ | |
+--- | |
+- name: Converge | |
+ hosts: all | |
+ | |
+ pre_tasks: | |
+ - name: Update apt cache. | |
+ apt: update_cache=true cache_valid_time=600 | |
+ changed_when: false | |
+ when: ansible_os_family == 'Debian' | |
+ | |
+ roles: | |
+ - role: jayscott.stagit | |
diff --git a/ansible-role-stagit/molecule/default/molecule.yml b/ansible-role-s… | |
@@ -0,0 +1,23 @@ | |
+--- | |
+dependency: | |
+ name: galaxy | |
+driver: | |
+ name: docker | |
+lint: | | |
+ set -e | |
+ yamllint . | |
+ ansible-lint | |
+platforms: | |
+ - name: instance | |
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest" | |
+ command: ${MOLECULE_DOCKER_COMMAND:-""} | |
+ volumes: | |
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro | |
+ privileged: true | |
+ pre_build_image: true | |
+ published_ports: | |
+ - "0.0.0.0:8000:22/tcp" | |
+provisioner: | |
+ name: ansible | |
+ playbooks: | |
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml} | |
diff --git a/ansible-role-stagit/tasks/main.yml b/ansible-role-stagit/tasks/mai… | |
@@ -0,0 +1,69 @@ | |
+--- | |
+- name: Include variables | |
+ include_tasks: variables.yml | |
+ | |
+- name: Debian tasks | |
+ include_tasks: setup-Debian.yml | |
+ when: ansible_os_family == 'Debian' | |
+ | |
+- name: Redhat tasks | |
+ include_tasks: setup-RedHat.yml | |
+ when: ansible_os_family == 'RedHat' | |
+ | |
+- name: Git clone stagit | |
+ git: | |
+ repo: "{{ stagit.repo_url }}" | |
+ dest: "{{ stagit.build_path }}" | |
+ version: "{{ stagit.version }}" | |
+ update: false | |
+ force: false | |
+ depth: 1 | |
+ register: git_updated | |
+ | |
+- name: Make install stagit it | |
+ make: | |
+ chdir: "{{ stagit.build_path }}" | |
+ target: install | |
+ when: git_updated.changed | |
+ | |
+- name: Copy stagit create script | |
+ template: | |
+ src: "create_index.j2" | |
+ dest: "{{ stagit.install_path }}/create_index" | |
+ owner: "{{ stagit.user }}" | |
+ group: "{{ stagit.user }}" | |
+ mode: '755' | |
+ notify: reindex stagit | |
+ | |
+- name: Copy stagit posthook script | |
+ template: | |
+ src: "posthook.j2" | |
+ dest: "{{ stagit.install_path }}/posthook" | |
+ owner: "{{ stagit.user }}" | |
+ group: "{{ stagit.user }}" | |
+ mode: '755' | |
+ notify: reindex stagit | |
+ when: stagit.posthook_enabled | |
+ | |
+- name: Create HTML and assets directory | |
+ file: | |
+ path: "{{ stagit.html_path }}/assets" | |
+ state: directory | |
+ owner: "{{ stagit.user }}" | |
+ group: "{{ stagit.user }}" | |
+ mode: '0755' | |
+ | |
+- name: Create cron for stagit index | |
+ cron: | |
+ name: stagit update | |
+ minute: "*/10" | |
+ user: "{{ stagit.user }}" | |
+ job: "{{ stagit.install_path }}/create_index" | |
+ when: stagit.cron_enabled | |
+ | |
+- name: Disable cron for stagit index | |
+ cron: | |
+ name: stagit update | |
+ user: "{{ stagit.user }}" | |
+ state: absent | |
+ when: not stagit.cron_enabled | |
diff --git a/ansible-role-stagit/tasks/setup-Debian.yml b/ansible-role-stagit/t… | |
@@ -0,0 +1,5 @@ | |
+--- | |
+- name: Ensure stagit dependencies are installed. | |
+ apt: | |
+ name: "{{ stagit_dependencies }}" | |
+ state: present | |
diff --git a/ansible-role-stagit/tasks/setup-RedHat.yml b/ansible-role-stagit/t… | |
@@ -0,0 +1,6 @@ | |
+--- | |
+- name: Ensure stagit dependencies are installed | |
+ yum: | |
+ name: "{{ stagit_dependencies }}" | |
+ enablerepo: PowerTools | |
+ state: present | |
diff --git a/ansible-role-stagit/tasks/variables.yml b/ansible-role-stagit/task… | |
@@ -0,0 +1,9 @@ | |
+--- | |
+- name: Include OS-specific variables (Debian) | |
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.sp… | |
+ when: ansible_os_family == 'Debian' | |
+ | |
+- name: Include OS-specific variables (RedHat) | |
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split… | |
+ when: | |
+ - ansible_os_family == 'RedHat' | |
diff --git a/ansible-role-stagit/templates/create_index.j2 b/ansible-role-stagi… | |
@@ -0,0 +1,42 @@ | |
+#!/bin/sh | |
+ | |
+reposdir="{{ stagit.git_repos_path }}" | |
+curdir="{{ stagit.html_path }}" | |
+ | |
+{{ stagit.install_path }}/stagit-index "${reposdir}/"*/ > "${curdir}/index.htm… | |
+ | |
+cd {{ stagit.build_path }} | |
+cp style.css {{ stagit.html_path}}/style.css | |
+cp favicon.png {{ stagit.html_path}}/favicon.png | |
+cp logo.png {{ stagit.html_path}}/logo.png | |
+ | |
+for dir in "${reposdir}/"*/; do | |
+ | |
+ # install hook if defined | |
+ {% if stagit.posthook_enabled %} | |
+ if ! test -L "${dir}hooks/stagit_build"; then | |
+ ln -s "{{ stagit.install_path }}/posthook" "${dir}hooks/stagit… | |
+ fi | |
+ {% else %} | |
+ if test -L "${dir}hooks/stagit_build"; then | |
+ unlink "${dir}hooks/stagit_build" | |
+ fi | |
+ {% endif %} | |
+ | |
+ r=$(basename "${dir}") | |
+ d=$(basename "${dir}" ".git") | |
+ printf "%s... " "${d}" | |
+ | |
+ mkdir -p "${curdir}/${d}" | |
+ cd "${curdir}/${d}" || continue | |
+ {{ stagit.install_path }}/stagit -c ".cache" "${reposdir}/${r}" | |
+ | |
+ # symlinks | |
+ ln -sf log.html index.html | |
+ ln -sf ../style.css style.css | |
+ ln -sf ../logo.png logo.png | |
+ ln -sf ../favicon.png favicon.png | |
+ | |
+ echo "done" | |
+done | |
+ | |
diff --git a/ansible-role-stagit/templates/posthook.j2 b/ansible-role-stagit/te… | |
@@ -0,0 +1,3 @@ | |
+#!/usr/bin/env sh | |
+ | |
+{{ stagit.install_path }}/create_index | |
diff --git a/ansible-role-stagit/vars/Debian-9.yml b/ansible-role-stagit/vars/D… | |
@@ -0,0 +1,7 @@ | |
+--- | |
+stagit_dependencies: | |
+ - git | |
+ - libgit2-dev | |
+ - cron | |
+ - make | |
+ - gcc | |
diff --git a/ansible-role-stagit/vars/RedHat-7.yml b/ansible-role-stagit/vars/R… | |
@@ -0,0 +1,7 @@ | |
+--- | |
+stagit_dependencies: | |
+ - git | |
+ - libgit2-devel | |
+ - make | |
+ - gcc | |
+ - cronie | |
diff --git a/ansible-role-stagit/vars/RedHat-8.yml b/ansible-role-stagit/vars/R… | |
@@ -0,0 +1,7 @@ | |
+--- | |
+stagit_dependencies: | |
+ - git | |
+ - libgit2-devel | |
+ - make | |
+ - gcc | |
+ - cronie | |
diff --git a/ansible-role-stagit/vars/Ubuntu-18.yml b/ansible-role-stagit/vars/… | |
@@ -0,0 +1,6 @@ | |
+--- | |
+stagit_dependencies: | |
+ - git | |
+ - libgit2-dev | |
+ - make | |
+ - gcc | |
diff --git a/ansible-role-stagit/vars/Ubuntu-20.yml b/ansible-role-stagit/vars/… | |
@@ -0,0 +1,6 @@ | |
+--- | |
+stagit_dependencies: | |
+ - git | |
+ - libgit2-dev | |
+ - make | |
+ - gcc | |
diff --git a/aws-vpc/LICENSE b/aws-vpc/LICENSE | |
@@ -0,0 +1,22 @@ | |
+The MIT License (MIT) | |
+ | |
+Copyright (c) 2015 Jay Scott | |
+ | |
+Permission is hereby granted, free of charge, to any person obtaining a copy | |
+of this software and associated documentation files (the "Software"), to deal | |
+in the Software without restriction, including without limitation the rights | |
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
+copies of the Software, and to permit persons to whom the Software is | |
+furnished to do so, subject to the following conditions: | |
+ | |
+The above copyright notice and this permission notice shall be included in all | |
+copies or substantial portions of the Software. | |
+ | |
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
+THE SOFTWARE. | |
+ | |
diff --git a/aws-vpc/README b/aws-vpc/README | |
@@ -0,0 +1,60 @@ | |
+-= jayscott.aws_vpc =- | |
+ | |
+Provision AWS VPC, Subnets, Internet & NAT gateways and routes. | |
+ | |
+ | |
+Requirements | |
+------------ | |
+ | |
+You must already have AWS access keys setup in your environment: | |
+ | |
+aws_access_key_id | |
+aws_secret_access_key | |
+ | |
+ | |
+Role Variables | |
+-------------- | |
+ | |
+ aws_region: us-west-2 # The region to deploy the VPC | |
+ vpc_name: secuirty_vpc # A name for your VPC | |
+ vpc: | |
+ cidr_block: 10.0.0.0/16 # The CIDR block for the VPC | |
+ nat_gateway_subnet_name: public_secuirty_subnet # The public subnet th… | |
+ tenancy: default | |
+ subnets: | |
+ - name: public_secuirty_subnet # Name of the subnet | |
+ cidr_block: 10.0.0.0/24 # CIDR of the subnet | |
+ az: us-west-2a # The Availability zone within the region | |
+ gateway: igw # Type of gateway, igw = Internet Gateway, nat = NAT ga… | |
+ | |
+ | |
+Dependencies | |
+------------ | |
+ | |
+None | |
+ | |
+ | |
+Example Playbook | |
+---------------- | |
+ | |
+ | |
+ - hosts: servers | |
+ vars: | |
+ aws_region: us-west-2 | |
+ vpc_name: elk_cluster_vpc | |
+ vpc: | |
+ cidr_block: 10.0.0.0/16 | |
+ nat_gateway_subnet_name: public_elk_stack | |
+ tenancy: default | |
+ subnets: | |
+ - name: public_elk_stack | |
+ cidr_block: 10.0.0.0/24 | |
+ az: us-west-2a | |
+ gateway: igw | |
+ - name: private_elk_stack | |
+ cidr_block: 10.0.1.0/24 | |
+ az: us-west-2a | |
+ gateway: nat | |
+ roles: | |
+ - { role: aws_vpc } | |
+ | |
diff --git a/aws-vpc/defaults/main.yml b/aws-vpc/defaults/main.yml | |
@@ -0,0 +1,4 @@ | |
+--- | |
+tenancy: default | |
+aws_region: us-west-2 | |
+vpc.nat_gateway_subnet_name: '' | |
diff --git a/aws-vpc/meta/main.yml b/aws-vpc/meta/main.yml | |
@@ -0,0 +1,16 @@ | |
+--- | |
+galaxy_info: | |
+ author: jayscott | |
+ license: MIT | |
+ description: Provision an AWS VPC, Internet & NAT Gateways, Subnets and Rout… | |
+ min_ansible_version: 2.4 | |
+ platforms: | |
+ - name: Amazon | |
+ versions: | |
+ - all | |
+ galaxy_tags: | |
+ - system | |
+ - cloud | |
+ - vpc | |
+ - aws | |
+ - amazon | |
diff --git a/aws-vpc/tasks/create_nat_gateway.yml b/aws-vpc/tasks/create_nat_ga… | |
@@ -0,0 +1,22 @@ | |
+--- | |
+- name: get subnet ID for NAT GW deployment | |
+ ec2_vpc_subnet_facts: | |
+ filters: | |
+ vpc-id: "{{ my_vpc.vpc.id }}" | |
+ "tag:Name": "{{ vpc.nat_gateway_subnet_name }}" | |
+ region: "{{ aws_region }}" | |
+ register: nat_gateway_subnet | |
+ | |
+- name: fail if more than 1 subnet found | |
+ fail: | |
+ msg: "Found {{ nat_gateway_subnet.subnets|length }} subnets instead of 1 s… | |
+ when: 'nat_gateway_subnet.subnets|length != 1' | |
+ | |
+- name: create nat gateway | |
+ ec2_vpc_nat_gateway: | |
+ if_exist_do_not_create: true | |
+ region: "{{ aws_region }}" | |
+ state: present | |
+ subnet_id: "{{ nat_gateway_subnet.subnets[0].id }}" | |
+ wait: true | |
+ register: nat_gateway | |
diff --git a/aws-vpc/tasks/create_routes.yml b/aws-vpc/tasks/create_routes.yml | |
@@ -0,0 +1,41 @@ | |
+--- | |
+- name: lists | |
+ set_fact: | |
+ public_subnets: [] | |
+ private_subnets: [] | |
+ | |
+- name: public subnets | |
+ set_fact: | |
+ public_subnets: "{{ public_subnets + [ item.name ] }}" | |
+ with_items: "{{ vpc.subnets }}" | |
+ when: 'item.gateway is defined and item.gateway == "igw"' | |
+ | |
+- name: create public route table | |
+ ec2_vpc_route_table: | |
+ region: "{{ aws_region }}" | |
+ routes: | |
+ - dest: 0.0.0.0/0 | |
+ gateway_id: igw | |
+ state: present | |
+ subnets: "{{ public_subnets }}" | |
+ tags: | |
+ Name: "{{ vpc_name }}_public" | |
+ vpc_id: "{{ my_vpc.vpc.id }}" | |
+ | |
+- name: private subnets with outbound access | |
+ set_fact: | |
+ private_subnets: "{{ private_subnets + [ item.name ] }}" | |
+ with_items: "{{ vpc.subnets }}" | |
+ when: 'vpc.nat_gateway_subnet_name is defined and item.gateway is defined an… | |
+ | |
+- name: create private routes table with NAT gateway | |
+ ec2_vpc_route_table: | |
+ region: "{{ aws_region }}" | |
+ routes: | |
+ - dest: 0.0.0.0/0 | |
+ gateway_id: "{{ nat_gateway.nat_gateway_id }}" | |
+ state: present | |
+ subnets: "{{ private_subnets }}" | |
+ tags: | |
+ Name: "{{ vpc_name }}_private_nat" | |
+ vpc_id: "{{ my_vpc.vpc.id }}" | |
diff --git a/aws-vpc/tasks/create_subnets.yml b/aws-vpc/tasks/create_subnets.yml | |
@@ -0,0 +1,13 @@ | |
+--- | |
+ | |
+- name: create subnets | |
+ ec2_vpc_subnet: | |
+ az: "{{ item.az }}" | |
+ cidr: "{{ item.cidr_block }}" | |
+ region: "{{ aws_region }}" | |
+ state: present | |
+ map_public: "{{ item.assign_public_ip|default(omit) }}" | |
+ tags: | |
+ Name: "{{ item.name }}" | |
+ vpc_id: "{{ my_vpc.vpc.id }}" | |
+ with_items: "{{ vpc.subnets }}" | |
diff --git a/aws-vpc/tasks/create_vpc.yml b/aws-vpc/tasks/create_vpc.yml | |
@@ -0,0 +1,21 @@ | |
+--- | |
+- name: create VPC | |
+ ec2_vpc_net: | |
+ cidr_block: "{{ vpc.cidr_block }}" | |
+ name: "{{ vpc_name }}" | |
+ region: "{{ aws_region }}" | |
+ state: present | |
+ tenancy: default | |
+ register: my_vpc | |
+ | |
+- name: set VPC ID in variable | |
+ set_fact: | |
+ vpc_id: "{{ my_vpc.vpc.id }}" | |
+ when: my_vpc.vpc is defined | |
+ | |
+- name: create IGW | |
+ ec2_vpc_igw: | |
+ region: "{{ aws_region }}" | |
+ state: present | |
+ vpc_id: "{{ my_vpc.vpc.id }}" | |
+ register: created_igw | |
diff --git a/aws-vpc/tasks/main.yml b/aws-vpc/tasks/main.yml | |
@@ -0,0 +1,16 @@ | |
+--- | |
+- name: run pre-tasks | |
+ include: pre_tasks.yml | |
+ | |
+- name: create VPC | |
+ include: create_vpc.yml | |
+ | |
+- name: create Subnets | |
+ include: create_subnets.yml | |
+ | |
+- name: create NAT gateway | |
+ include: create_nat_gateway.yml | |
+ when: vpc.nat_gateway_subnet_name is defined | |
+ | |
+- name: create routing tables | |
+ include: create_routes.yml | |
diff --git a/aws-vpc/tasks/pre_tasks.yml b/aws-vpc/tasks/pre_tasks.yml | |
@@ -0,0 +1,16 @@ | |
+--- | |
+- name: "AWS | VPC | check region has been defined (aws_region)" | |
+ fail: msg="You must specify a AWS region." | |
+ when: aws_region is undefined | |
+ | |
+- name: "AWS | VPC | check VPC name has been defined (vpc_name)" | |
+ fail: msg="You must specify a VPC name." | |
+ when: vpc_name is undefined | |
+ | |
+- name: "AWS | VPC | check cidr_block been defined (vpc.cidr_block)" | |
+ fail: msg="You must specify a CIDR block." | |
+ when: vpc.cidr_block is undefined | |
+ | |
+- name: "AWS | VPC | check at least one been defined (vpc.subnets)" | |
+ fail: msg="You must specify at least one subnet." | |
+ when: vpc.subnets is undefined | |
diff --git a/firewalld/LICENSE b/firewalld/LICENSE | |
@@ -0,0 +1,22 @@ | |
+The MIT License (MIT) | |
+ | |
+Copyright (c) 2015 Jay Scott | |
+ | |
+Permission is hereby granted, free of charge, to any person obtaining a copy | |
+of this software and associated documentation files (the "Software"), to deal | |
+in the Software without restriction, including without limitation the rights | |
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
+copies of the Software, and to permit persons to whom the Software is | |
+furnished to do so, subject to the following conditions: | |
+ | |
+The above copyright notice and this permission notice shall be included in all | |
+copies or substantial portions of the Software. | |
+ | |
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
+THE SOFTWARE. | |
+ | |
diff --git a/firewalld/README b/firewalld/README | |
@@ -0,0 +1,71 @@ | |
+-= jayscott.firewalld =- | |
+ | |
+Allows you to add firewall rules to systems running firewalld. | |
+ | |
+Requirements | |
+------------ | |
+ | |
+Tested on RHEL 7 and CentOS 7 only. | |
+ | |
+Ansible 1.5 or above | |
+ | |
+ | |
+Role Variables | |
+-------------- | |
+ | |
+The following variables are used to define a rule: | |
+ | |
+ firewalld_rules: | |
+ name: | |
+ port: | |
+ protocol: | |
+ state: | |
+ zone: | |
+ permanent: | |
+ | |
+For example the default is to allow SSH on the public interface: | |
+ | |
+ firewalld_rules: | |
+ ssh: | |
+ port: 22 | |
+ protocol: tcp | |
+ state: enabled | |
+ zone: public | |
+ permanent: true | |
+ | |
+ | |
+Handlers | |
+-------- | |
+ | |
+These are the handlers that are defined in handlers/main.yml. | |
+ | |
+ restart firewalld | |
+ | |
+ | |
+Example Playbook | |
+---------------- | |
+ | |
+ - hosts: server-name | |
+ sudo: True | |
+ roles: | |
+ - jayscott.firewalld | |
+ vars: | |
+ firewalld_rules: | |
+ httpd: | |
+ port: 80 | |
+ protocol: tcp | |
+ state: enabled | |
+ zone: public | |
+ permanent: true | |
+ mysqld: | |
+ port: 3306 | |
+ protocol: tcp | |
+ state: enabled | |
+ zone: public | |
+ permanent: true | |
+ | |
+ | |
+License | |
+------- | |
+ | |
+MIT | |
diff --git a/firewalld/defaults/main.yml b/firewalld/defaults/main.yml | |
diff --git a/firewalld/handlers/main.yml b/firewalld/handlers/main.yml | |
@@ -0,0 +1,3 @@ | |
+--- | |
+- name: restart firewalld | |
+ service: name=firewalld state=restarted enabled=yes | |
diff --git a/firewalld/meta/main.yml b/firewalld/meta/main.yml | |
@@ -0,0 +1,12 @@ | |
+--- | |
+galaxy_info: | |
+ author: jayscott | |
+ description: Base role for firewalld | |
+ license: MIT | |
+ min_ansible_version: 1.5 | |
+ platforms: | |
+ - name: EL | |
+ versions: | |
+ - 7 | |
+ categories: | |
+ - system | |
diff --git a/firewalld/tasks/main.yml b/firewalld/tasks/main.yml | |
@@ -0,0 +1,15 @@ | |
+--- | |
+ | |
+- name: check if firewalld is installed | |
+ command: rpm -q firewalld | |
+ ignore_errors: True | |
+ register: rpm_check_firewalld | |
+ | |
+- name: install firewalld | |
+ yum: name=firewalld state=present enabled=yes | |
+ when: rpm_check_firewalld.stdout.find('is not installed') != -1 | |
+ | |
+- name: updating firewall rules | |
+ firewalld: port={{item.value.port}}/{{item.value.protocol}} permanent={{item… | |
+ with_dict: "{{firewalld_rules}}" | |
+ notify: restart firewalld | |
diff --git a/firewalld/vars/main.yml b/firewalld/vars/main.yml | |
@@ -0,0 +1 @@ | |
+--- | |
diff --git a/quark/.ansible-lint b/quark/.ansible-lint | |
@@ -0,0 +1,2 @@ | |
+skip_list: | |
+ - '503' | |
diff --git a/quark/.yamllint b/quark/.yamllint | |
@@ -0,0 +1,11 @@ | |
+--- | |
+# Based on ansible-lint config | |
+extends: default | |
+ | |
+rules: | |
+ line-length: | |
+ max: 120 | |
+ level: warning | |
+ | |
+ignore: | | |
+ .github/stale.yml | |
diff --git a/quark/LICENSE b/quark/LICENSE | |
@@ -0,0 +1,22 @@ | |
+The MIT License (MIT) | |
+ | |
+Copyright (c) 2015 Jay Scott | |
+ | |
+Permission is hereby granted, free of charge, to any person obtaining a copy | |
+of this software and associated documentation files (the "Software"), to deal | |
+in the Software without restriction, including without limitation the rights | |
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
+copies of the Software, and to permit persons to whom the Software is | |
+furnished to do so, subject to the following conditions: | |
+ | |
+The above copyright notice and this permission notice shall be included in all | |
+copies or substantial portions of the Software. | |
+ | |
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
+THE SOFTWARE. | |
+ | |
diff --git a/quark/README b/quark/README | |
@@ -0,0 +1,39 @@ | |
+-= jayscott.quark =- | |
+ | |
+Install and configure a working copy of the suckless quark web server. | |
+ | |
+ | |
+Requirements | |
+------------ | |
+ | |
+None | |
+ | |
+ | |
+Role Variables | |
+-------------- | |
+ | |
+ quark: | |
+ version: HEAD | |
+ build_path: /opt/quark | |
+ install_path: /usr/local/bin | |
+ user: nobody | |
+ group: nogroup | |
+ host: 0.0.0.0 | |
+ port: 8000 | |
+ html_path: /var/www/html | |
+ file: index.html | |
+ threads: 512 | |
+ | |
+ | |
+Dependencies | |
+------------ | |
+ | |
+None | |
+ | |
+ | |
+Example Playbook | |
+---------------- | |
+ | |
+ - hosts: servers | |
+ roles: | |
+ - { role: jayscott.quark } | |
diff --git a/quark/defaults/main.yml b/quark/defaults/main.yml | |
@@ -0,0 +1,13 @@ | |
+--- | |
+quark: | |
+ version: HEAD | |
+ build_path: /opt/quark | |
+ install_path: /usr/local/bin | |
+ | |
+ user: nobody | |
+ group: nogroup | |
+ host: 0.0.0.0 | |
+ port: 8000 | |
+ html_path: /var/www/html | |
+ file: index.html | |
+ threads: 512 | |
diff --git a/quark/handlers/main.yml b/quark/handlers/main.yml | |
@@ -0,0 +1,6 @@ | |
+--- | |
+- name: restart quark | |
+ systemd: | |
+ name: quark | |
+ state: restarted | |
+ daemon_reload: true | |
diff --git a/quark/meta/main.yml b/quark/meta/main.yml | |
@@ -0,0 +1,21 @@ | |
+--- | |
+galaxy_info: | |
+ role_name: quark | |
+ author: jayscott | |
+ description: install role for quark application. | |
+ license: "license (BSD, MIT)" | |
+ min_ansible_version: 2.9 | |
+ | |
+ platforms: | |
+ - name: Ubuntu | |
+ versions: | |
+ - focal | |
+ - bionic | |
+ - name: EL | |
+ versions: | |
+ - 7 | |
+ - 8 | |
+ | |
+ galaxy_tags: [] | |
+ | |
+dependencies: [] | |
diff --git a/quark/molecule/default/converge.yml b/quark/molecule/default/conve… | |
@@ -0,0 +1,25 @@ | |
+--- | |
+- name: Converge | |
+ hosts: all | |
+ | |
+ pre_tasks: | |
+ - name: Update apt cache. | |
+ apt: update_cache=true cache_valid_time=600 | |
+ changed_when: false | |
+ when: ansible_os_family == 'Debian' | |
+ | |
+ - name: Create directory for testing | |
+ file: | |
+ path: /var/www/html | |
+ state: directory | |
+ mode: '0755' | |
+ | |
+ - name: "Creat test index.html file" | |
+ copy: | |
+ content: "Quark test instance" | |
+ dest: /var/www/html/index.html | |
+ force: true | |
+ mode: 0744 | |
+ | |
+ roles: | |
+ - role: jayscott.quark | |
diff --git a/quark/molecule/default/molecule.yml b/quark/molecule/default/molec… | |
@@ -0,0 +1,23 @@ | |
+--- | |
+dependency: | |
+ name: galaxy | |
+driver: | |
+ name: docker | |
+lint: | | |
+ set -e | |
+ yamllint . | |
+ ansible-lint | |
+platforms: | |
+ - name: instance | |
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest" | |
+ command: ${MOLECULE_DOCKER_COMMAND:-""} | |
+ volumes: | |
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro | |
+ privileged: true | |
+ pre_build_image: true | |
+ published_ports: | |
+ - "0.0.0.0:8000:8000/tcp" | |
+provisioner: | |
+ name: ansible | |
+ playbooks: | |
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml} | |
diff --git a/quark/tasks/main.yml b/quark/tasks/main.yml | |
@@ -0,0 +1,50 @@ | |
+--- | |
+- name: Include variables | |
+ include_tasks: variables.yml | |
+ | |
+- name: Debian tasks | |
+ include_tasks: setup-Debian.yml | |
+ when: ansible_os_family == 'Debian' | |
+ | |
+- name: Redhat tasks | |
+ include_tasks: setup-RedHat.yml | |
+ when: ansible_os_family == 'RedHat' | |
+ | |
+- name: Add quark user account | |
+ user: | |
+ name: "{{ quark.user }}" | |
+ create_home: false | |
+ shell: /bin/false | |
+ | |
+- name: Ensure group exists | |
+ group: | |
+ name: "{{ quark.group }}" | |
+ state: present | |
+ | |
+- name: Git clone quark | |
+ git: | |
+ repo: "git://git.suckless.org/quark" | |
+ dest: "{{ quark.build_path }}" | |
+ version: "{{ quark.version }}" | |
+ update: false | |
+ force: false | |
+ depth: 1 | |
+ register: git_updated | |
+ | |
+- name: Make install quark | |
+ make: | |
+ chdir: "{{ quark.build_path }}" | |
+ target: install | |
+ when: git_updated.changed | |
+ | |
+- name: Copy quark systemd service template | |
+ template: | |
+ src: quark.service.j2 | |
+ dest: /lib/systemd/system/quark.service | |
+ notify: restart quark | |
+ | |
+- name: Enable and start quark service | |
+ service: | |
+ name: quark | |
+ state: started | |
+ enabled: true | |
diff --git a/quark/tasks/setup-Debian.yml b/quark/tasks/setup-Debian.yml | |
@@ -0,0 +1,5 @@ | |
+--- | |
+- name: Ensure quark dependencies are installed. | |
+ apt: | |
+ name: "{{ quark_dependencies }}" | |
+ state: present | |
diff --git a/quark/tasks/setup-RedHat.yml b/quark/tasks/setup-RedHat.yml | |
@@ -0,0 +1,5 @@ | |
+--- | |
+- name: Ensure quark dependencies are installed | |
+ yum: | |
+ name: "{{ quark_dependencies }}" | |
+ state: present | |
diff --git a/quark/tasks/variables.yml b/quark/tasks/variables.yml | |
@@ -0,0 +1,9 @@ | |
+--- | |
+- name: Include OS-specific variables (Debian) | |
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.sp… | |
+ when: ansible_os_family == 'Debian' | |
+ | |
+- name: Include OS-specific variables (RedHat) | |
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split… | |
+ when: | |
+ - ansible_os_family == 'RedHat' | |
diff --git a/quark/templates/quark.service.j2 b/quark/templates/quark.service.j2 | |
@@ -0,0 +1,12 @@ | |
+[Unit] | |
+Description=Quark suckless web server | |
+ | |
+[Service] | |
+Type=simple | |
+Restart=on-failure | |
+ | |
+WorkingDirectory={{ quark.html_path }} | |
+ExecStart={{ quark.install_path }}/quark -p {{ quark.port }} -u {{ quark.user … | |
+ | |
+[Install] | |
+WantedBy=multi-user.target | |
diff --git a/quark/vars/RedHat-7.yml b/quark/vars/RedHat-7.yml | |
@@ -0,0 +1,5 @@ | |
+--- | |
+quark_dependencies: | |
+ - git | |
+ - make | |
+ - gcc | |
diff --git a/quark/vars/RedHat-8.yml b/quark/vars/RedHat-8.yml | |
@@ -0,0 +1,5 @@ | |
+--- | |
+quark_dependencies: | |
+ - git | |
+ - make | |
+ - gcc | |
diff --git a/quark/vars/Ubuntu-18.yml b/quark/vars/Ubuntu-18.yml | |
@@ -0,0 +1,5 @@ | |
+--- | |
+quark_dependencies: | |
+ - git | |
+ - make | |
+ - gcc | |
diff --git a/quark/vars/Ubuntu-20.yml b/quark/vars/Ubuntu-20.yml | |
@@ -0,0 +1,5 @@ | |
+--- | |
+quark_dependencies: | |
+ - git | |
+ - make | |
+ - gcc | |
diff --git a/searx/LICENSE b/searx/LICENSE | |
@@ -0,0 +1,22 @@ | |
+The MIT License (MIT) | |
+ | |
+Copyright (c) 2015 Jay Scott | |
+ | |
+Permission is hereby granted, free of charge, to any person obtaining a copy | |
+of this software and associated documentation files (the "Software"), to deal | |
+in the Software without restriction, including without limitation the rights | |
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
+copies of the Software, and to permit persons to whom the Software is | |
+furnished to do so, subject to the following conditions: | |
+ | |
+The above copyright notice and this permission notice shall be included in all | |
+copies or substantial portions of the Software. | |
+ | |
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
+THE SOFTWARE. | |
+ | |
diff --git a/searx/README b/searx/README | |
@@ -0,0 +1,42 @@ | |
+-= jayscott.searx =- | |
+ | |
+Install and configure a working copy of the Searx application. | |
+ | |
+ | |
+Requirements | |
+------------ | |
+ | |
+None | |
+ | |
+ | |
+Role Variables | |
+-------------- | |
+ | |
+ # Searx config | |
+ searx_release: HEAD | |
+ searx_user: searx | |
+ searx_install_path: /usr/local/searx | |
+ searx_debug: false | |
+ | |
+ # Nginx config | |
+ searx_server_name: searx.mydomain.com | |
+ searx_access_log: /dev/null | |
+ searx_error_log: /dev/null | |
+ searx_remove_nginx_default: true | |
+ | |
+ # Uwsgi config | |
+ searx_uwsgi_workers: 4 | |
+ | |
+ | |
+Dependencies | |
+------------ | |
+ | |
+None | |
+ | |
+ | |
+Example Playbook | |
+---------------- | |
+ | |
+ - hosts: servers | |
+ roles: | |
+ - { role: jayscott.searx } | |
diff --git a/searx/defaults/main.yml b/searx/defaults/main.yml | |
@@ -0,0 +1,16 @@ | |
+--- | |
+ | |
+# Searx config | |
+searx_release: HEAD | |
+searx_user: searx | |
+searx_install_path: /usr/local/searx | |
+searx_debug: false | |
+ | |
+# Nginx config | |
+searx_server_name: localhost | |
+searx_access_log: /var/log/nginx/access.log | |
+searx_error_log: /var/log/nginx/error.log | |
+searx_remove_nginx_default: true | |
+ | |
+# Uwsgi config | |
+searx_uwsgi_workers: 4 | |
diff --git a/searx/handlers/main.yml b/searx/handlers/main.yml | |
@@ -0,0 +1,19 @@ | |
+--- | |
+ | |
+- name: Restart searx | |
+ systemd: | |
+ name: searx | |
+ state: restarted | |
+ daemon_reload: true | |
+ | |
+- name: Restart nginx | |
+ systemd: | |
+ name: nginx | |
+ state: restarted | |
+ daemon_reload: true | |
+ | |
+- name: Restart uwsgi | |
+ systemd: | |
+ name: uwsgi | |
+ state: restarted | |
+ daemon_reload: true | |
diff --git a/searx/meta/main.yml b/searx/meta/main.yml | |
@@ -0,0 +1,22 @@ | |
+--- | |
+galaxy_info: | |
+ role_name: searx | |
+ author: jayscott | |
+ description: install role for searx application. | |
+ license: "license (BSD, MIT)" | |
+ min_ansible_version: 2.9 | |
+ | |
+ platforms: | |
+ - name: Ubuntu | |
+ versions: | |
+ - focal | |
+ - bionic | |
+ - xenial | |
+ - name: EL | |
+ versions: | |
+ - 7 | |
+ - 8 | |
+ | |
+ galaxy_tags: [] | |
+ | |
+dependencies: [] | |
diff --git a/searx/molecule/default/converge.yml b/searx/molecule/default/conve… | |
@@ -0,0 +1,18 @@ | |
+--- | |
+- name: Converge | |
+ hosts: all | |
+ | |
+ pre_tasks: | |
+ - name: Update apt cache. | |
+ apt: update_cache=true cache_valid_time=600 | |
+ changed_when: false | |
+ when: ansible_os_family == 'Debian' | |
+ | |
+ roles: | |
+ - role: jayscott.searx | |
+ | |
+ post_tasks: | |
+ - name: Verify searx is listening. | |
+ uri: | |
+ url: "http://localhost:8888" | |
+ status_code: 200 | |
diff --git a/searx/molecule/default/molecule.yml b/searx/molecule/default/molec… | |
@@ -0,0 +1,23 @@ | |
+--- | |
+dependency: | |
+ name: galaxy | |
+driver: | |
+ name: docker | |
+lint: | | |
+ set -e | |
+ yamllint . | |
+ ansible-lint | |
+platforms: | |
+ - name: instance | |
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest" | |
+ command: ${MOLECULE_DOCKER_COMMAND:-""} | |
+ volumes: | |
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro | |
+ privileged: true | |
+ pre_build_image: true | |
+ published_ports: | |
+ - "0.0.0.0:8000:80/tcp" | |
+provisioner: | |
+ name: ansible | |
+ playbooks: | |
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml} | |
diff --git a/searx/tasks/main.yml b/searx/tasks/main.yml | |
@@ -0,0 +1,92 @@ | |
+--- | |
+- include_tasks: variables.yml | |
+ | |
+- name: Add searx user account. | |
+ user: | |
+ name: "{{ searx_user }}" | |
+ home: "{{ searx_install_path }}" | |
+ create_home: false | |
+ register: add_user | |
+ | |
+- include_tasks: setup-Debian.yml | |
+ when: ansible_os_family == 'Debian' | |
+ | |
+- include_tasks: setup-RedHat.yml | |
+ when: ansible_os_family == 'RedHat' | |
+ | |
+- name: Git clone searx repo. | |
+ git: | |
+ repo: 'https://github.com/asciimoo/searx.git' | |
+ dest: "{{ searx_install_path }}" | |
+ version: "{{ searx_release }}" | |
+ update: false | |
+ force: false | |
+ depth: 1 | |
+ register: git_updated | |
+ | |
+- name: Install python dependencies. | |
+ pip: | |
+ virtualenv: searx-ve | |
+ virtualenv_site_packages: true | |
+ requirements: requirements.txt | |
+ extra_args: '--no-cache-dir' | |
+ chdir: '{{ searx_install_path }}' | |
+ | |
+- name: Generate secret key. | |
+ command: openssl rand -hex 16 | |
+ register: searx_key | |
+ when: git_updated.changed | |
+ | |
+- name: Update searx secret key. | |
+ replace: | |
+ dest: "{{ searx_install_path }}/searx/settings.yml" | |
+ regexp: ultrasecretkey | |
+ replace: "{{ searx_key.stdout }}" | |
+ when: git_updated.changed | |
+ notify: Restart searx | |
+ | |
+- name: Disable searx debugging. | |
+ replace: | |
+ dest: "{{ searx_install_path }}/searx/settings.yml" | |
+ regexp: "debug : True" | |
+ replace: "debug : False" | |
+ when: not searx_debug | |
+ notify: Restart searx | |
+ | |
+- name: Enable searx debugging. | |
+ replace: | |
+ dest: "{{ searx_install_path }}/searx/settings.yml" | |
+ regexp: "debug : False" | |
+ replace: "debug : True" | |
+ when: searx_debug | |
+ notify: Restart searx | |
+ | |
+- name: Copy searx systemd service template. | |
+ template: | |
+ src: searx.service.j2 | |
+ dest: /lib/systemd/system/searx.service | |
+ | |
+- name: Enable and start searx service | |
+ service: | |
+ name: searx | |
+ state: started | |
+ enabled: true | |
+ | |
+- name: Copy nginx config. | |
+ template: | |
+ src: vhost.conf.j2 | |
+ dest: "{{ nginx_vhost_path }}/vhost_searx.conf" | |
+ notify: Restart nginx | |
+ | |
+- name: Remove default nginx config. | |
+ file: | |
+ path: /etc/nginx/sites-enabled/default | |
+ state: absent | |
+ when: searx_remove_nginx_default | |
+ notify: Restart nginx | |
+ | |
+- name: Copy uwsgi config. | |
+ template: | |
+ src: uwsgi.ini.j2 | |
+ dest: /etc/uwsgi/apps-enabled/searx.ini | |
+ notify: Restart uwsgi | |
diff --git a/searx/tasks/setup-Debian.yml b/searx/tasks/setup-Debian.yml | |
@@ -0,0 +1,5 @@ | |
+--- | |
+- name: Ensure searx dependencies are installed. | |
+ apt: | |
+ name: "{{ searx_dependencies }}" | |
+ state: present | |
diff --git a/searx/tasks/setup-RedHat.yml b/searx/tasks/setup-RedHat.yml | |
@@ -0,0 +1,25 @@ | |
+--- | |
+- name: Ensure searx dependencies are installed. | |
+ yum: | |
+ name: "{{ searx_dependencies }}" | |
+ state: present | |
+ | |
+- name: Install uwsgi via pip | |
+ pip: | |
+ name: uwsgi | |
+ state: present | |
+ | |
+- name: Copy uwsgi systemd service template. | |
+ template: | |
+ src: uwsgi.service.j2 | |
+ dest: /lib/systemd/system/uwsgi.service | |
+ when: ansible_os_family == 'RedHat' | |
+ notify: Restart uwsgi | |
+ | |
+- name: Create directories if they don't exist | |
+ file: | |
+ path: /etc/uwsgi/apps-enabled | |
+ state: directory | |
+ owner: "{{ searx_user }}" | |
+ group: "{{ searx_user }}" | |
+ mode: '0755' | |
diff --git a/searx/tasks/variables.yml b/searx/tasks/variables.yml | |
@@ -0,0 +1,19 @@ | |
+--- | |
+- name: Include OS-specific variables (Debian). | |
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.sp… | |
+ when: ansible_os_family == 'Debian' | |
+ | |
+- name: Include OS-specific variables (RedHat). | |
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split… | |
+ when: | |
+ - ansible_os_family == 'RedHat' | |
+ | |
+- name: Define searx_dependencies. | |
+ set_fact: | |
+ searx_dependencies: "{{ __searx_dependencies }}" | |
+ when: searx_dependencies is not defined | |
+ | |
+- name: Define nginx_vhost_path. | |
+ set_fact: | |
+ nginx_vhost_path: "{{ __nginx_vhost_path }}" | |
+ when: nginx_vhost_path is not defined | |
diff --git a/searx/templates/searx.service.j2 b/searx/templates/searx.service.j2 | |
@@ -0,0 +1,13 @@ | |
+[Unit] | |
+Description=Searx Meta Search Engine | |
+ | |
+[Service] | |
+Type=simple | |
+User={{ searx_user }} | |
+Group={{ searx_user }} | |
+Restart=on-failure | |
+WorkingDirectory={{ searx_install_path }} | |
+ExecStart={{ searx_install_path }}/searx-ve/bin/python searx/webapp.py | |
+ | |
+[Install] | |
+WantedBy=multi-user.target | |
diff --git a/searx/templates/uwsgi.ini.j2 b/searx/templates/uwsgi.ini.j2 | |
@@ -0,0 +1,18 @@ | |
+[uwsgi] | |
+uid = {{ searx_user }} | |
+gid = {{ searx_user }} | |
+ | |
+disable-logging = true | |
+workers = {{ searx_uwsgi_workers }} | |
+chmod-socket = 666 | |
+single-interpreter = true | |
+master = true | |
+plugin = python3 | |
+lazy-apps = true | |
+enable-threads = true | |
+module = searx.webapp | |
+socket = /run/uwsgi/app/searx/socket | |
+route-run = fixpathinfo: | |
+virtualenv = /usr/local/searx/searx-ve/ | |
+pythonpath = /usr/local/searx/ | |
+chdir = /usr/local/searx/searx/ | |
diff --git a/searx/templates/uwsgi.service.j2 b/searx/templates/uwsgi.service.j2 | |
@@ -0,0 +1,10 @@ | |
+[Unit] | |
+Description=uwsgi start up script | |
+ | |
+[Service] | |
+Type=simple | |
+Restart=on-failure | |
+ | |
+WorkingDirectory={{ searx_install_path }} | |
+ExecStartPre=-/usr/bin/bash -c 'mkdir -p /run/uwsgi/app/searx; chown -R {{ sea… | |
+ExecStart=/usr/bin/bash -c '{{ searx_install_path }}/searx-ve/bin/python searx… | |
diff --git a/searx/templates/vhost.conf.j2 b/searx/templates/vhost.conf.j2 | |
@@ -0,0 +1,17 @@ | |
+server { | |
+ listen 80; | |
+ server_name _ {{ searx_server_name }}; | |
+ root {{ searx_install_path}}/searx; | |
+ | |
+ server_tokens off; | |
+ access_log {{ searx_access_log }}; | |
+ error_log {{ searx_error_log }}; | |
+ | |
+ location /static { | |
+ } | |
+ | |
+ location / { | |
+ include uwsgi_params; | |
+ uwsgi_pass unix:/run/uwsgi/app/searx/socket; | |
+ } | |
+} | |
diff --git a/searx/vars/RedHat-7.yml b/searx/vars/RedHat-7.yml | |
@@ -0,0 +1,17 @@ | |
+--- | |
+__searx_dependencies: | |
+ - git | |
+ - gcc | |
+ - gcc-c++ | |
+ - kernel-devel | |
+ - make | |
+ - libxslt-devel | |
+ - python-devel | |
+ - python-virtualenv | |
+ - python-babel | |
+ - zlib-devel | |
+ - libffi-devel | |
+ - openssl-devel | |
+ - nginx | |
+ | |
+__nginx_vhost_path: /etc/nginx/conf.d | |
diff --git a/searx/vars/RedHat-8.yml b/searx/vars/RedHat-8.yml | |
@@ -0,0 +1,17 @@ | |
+--- | |
+__searx_dependencies: | |
+ - git | |
+ - gcc | |
+ - gcc-c++ | |
+ - kernel-devel | |
+ - make | |
+ - libxslt-devel | |
+ - platform-python-devel | |
+ - python3-virtualenv | |
+ - python3-babel | |
+ - zlib-devel | |
+ - libffi-devel | |
+ - openssl-devel | |
+ - nginx | |
+ | |
+__nginx_vhost_path: /etc/nginx/conf.d | |
diff --git a/searx/vars/Ubuntu-16.yml b/searx/vars/Ubuntu-16.yml | |
@@ -0,0 +1,16 @@ | |
+--- | |
+__searx_dependencies: | |
+ - git | |
+ - build-essential | |
+ - libxslt-dev | |
+ - python-dev | |
+ - virtualenv | |
+ - python-babel | |
+ - zlib1g-dev | |
+ - libffi-dev | |
+ - libssl-dev | |
+ - nginx | |
+ - uwsgi | |
+ - uwsgi-plugin-python3 | |
+ | |
+__nginx_vhost_path: /etc/nginx/sites-enabled | |
diff --git a/searx/vars/Ubuntu-18.yml b/searx/vars/Ubuntu-18.yml | |
@@ -0,0 +1,16 @@ | |
+--- | |
+__searx_dependencies: | |
+ - git | |
+ - build-essential | |
+ - libxslt-dev | |
+ - python-dev | |
+ - virtualenv | |
+ - python-babel | |
+ - zlib1g-dev | |
+ - libffi-dev | |
+ - libssl-dev | |
+ - nginx | |
+ - uwsgi | |
+ - uwsgi-plugin-python3 | |
+ | |
+__nginx_vhost_path: /etc/nginx/sites-enabled | |
diff --git a/searx/vars/Ubuntu-20.yml b/searx/vars/Ubuntu-20.yml | |
@@ -0,0 +1,16 @@ | |
+--- | |
+__searx_dependencies: | |
+ - git | |
+ - build-essential | |
+ - libxslt-dev | |
+ - python-dev | |
+ - virtualenv | |
+ - python-babel | |
+ - zlib1g-dev | |
+ - libffi-dev | |
+ - libssl-dev | |
+ - nginx | |
+ - uwsgi | |
+ - uwsgi-plugin-python3 | |
+ | |
+__nginx_vhost_path: /etc/nginx/sites-enabled |