 |
merging all roles into one repo. - ansible-roles - A collection of ansible role… |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
commit 34be01c0601ea35294c19b9832933cf162526259 |
 |
Author: Jay Scott <[email protected]> |
|
Date: Sat, 5 Sep 2020 16:32:57 +0100 |
|
|
|
merging all roles into one repo. |
|
|
|
Diffstat: |
|
A LICENSE | 22 ++++++++++++++++++++++ |
|
A README | 6 ++++++ |
|
A ansible-role-stagit/.ansible-lint | 2 ++ |
|
A ansible-role-stagit/.yamllint | 11 +++++++++++ |
|
A ansible-role-stagit/LICENSE | 22 ++++++++++++++++++++++ |
|
A ansible-role-stagit/README | 44 +++++++++++++++++++++++++++++… |
|
A ansible-role-stagit/defaults/main.… | 12 ++++++++++++ |
|
A ansible-role-stagit/files/favicon.… | 0 |
|
A ansible-role-stagit/files/logo.png | 0 |
|
A ansible-role-stagit/files/style.css | 106 ++++++++++++++++++++++++++++++ |
|
A ansible-role-stagit/handlers/main.… | 4 ++++ |
|
A ansible-role-stagit/meta/main.yml | 23 +++++++++++++++++++++++ |
|
A ansible-role-stagit/molecule/defau… | 12 ++++++++++++ |
|
A ansible-role-stagit/molecule/defau… | 23 +++++++++++++++++++++++ |
|
A ansible-role-stagit/tasks/main.yml | 69 ++++++++++++++++++++++++++++++ |
|
A ansible-role-stagit/tasks/setup-De… | 5 +++++ |
|
A ansible-role-stagit/tasks/setup-Re… | 6 ++++++ |
|
A ansible-role-stagit/tasks/variable… | 9 +++++++++ |
|
A ansible-role-stagit/templates/crea… | 42 +++++++++++++++++++++++++++… |
|
A ansible-role-stagit/templates/post… | 3 +++ |
|
A ansible-role-stagit/vars/Debian-9.… | 7 +++++++ |
|
A ansible-role-stagit/vars/RedHat-7.… | 7 +++++++ |
|
A ansible-role-stagit/vars/RedHat-8.… | 7 +++++++ |
|
A ansible-role-stagit/vars/Ubuntu-18… | 6 ++++++ |
|
A ansible-role-stagit/vars/Ubuntu-20… | 6 ++++++ |
|
A aws-vpc/LICENSE | 22 ++++++++++++++++++++++ |
|
A aws-vpc/README | 60 +++++++++++++++++++++++++++++… |
|
A aws-vpc/defaults/main.yml | 4 ++++ |
|
A aws-vpc/meta/main.yml | 16 ++++++++++++++++ |
|
A aws-vpc/tasks/create_nat_gateway.y… | 22 ++++++++++++++++++++++ |
|
A aws-vpc/tasks/create_routes.yml | 41 +++++++++++++++++++++++++++++… |
|
A aws-vpc/tasks/create_subnets.yml | 13 +++++++++++++ |
|
A aws-vpc/tasks/create_vpc.yml | 21 +++++++++++++++++++++ |
|
A aws-vpc/tasks/main.yml | 16 ++++++++++++++++ |
|
A aws-vpc/tasks/pre_tasks.yml | 16 ++++++++++++++++ |
|
A firewalld/LICENSE | 22 ++++++++++++++++++++++ |
|
A firewalld/README | 71 +++++++++++++++++++++++++++++… |
|
A firewalld/defaults/main.yml | 0 |
|
A firewalld/handlers/main.yml | 3 +++ |
|
A firewalld/meta/main.yml | 12 ++++++++++++ |
|
A firewalld/tasks/main.yml | 15 +++++++++++++++ |
|
A firewalld/vars/main.yml | 1 + |
|
A quark/.ansible-lint | 2 ++ |
|
A quark/.yamllint | 11 +++++++++++ |
|
A quark/LICENSE | 22 ++++++++++++++++++++++ |
|
A quark/README | 39 +++++++++++++++++++++++++++++… |
|
A quark/defaults/main.yml | 13 +++++++++++++ |
|
A quark/handlers/main.yml | 6 ++++++ |
|
A quark/meta/main.yml | 21 +++++++++++++++++++++ |
|
A quark/molecule/default/converge.yml | 25 +++++++++++++++++++++++++ |
|
A quark/molecule/default/molecule.yml | 23 +++++++++++++++++++++++ |
|
A quark/tasks/main.yml | 50 +++++++++++++++++++++++++++++… |
|
A quark/tasks/setup-Debian.yml | 5 +++++ |
|
A quark/tasks/setup-RedHat.yml | 5 +++++ |
|
A quark/tasks/variables.yml | 9 +++++++++ |
|
A quark/templates/quark.service.j2 | 12 ++++++++++++ |
|
A quark/vars/RedHat-7.yml | 5 +++++ |
|
A quark/vars/RedHat-8.yml | 5 +++++ |
|
A quark/vars/Ubuntu-18.yml | 5 +++++ |
|
A quark/vars/Ubuntu-20.yml | 5 +++++ |
|
A searx/LICENSE | 22 ++++++++++++++++++++++ |
|
A searx/README | 42 +++++++++++++++++++++++++++++… |
|
A searx/defaults/main.yml | 16 ++++++++++++++++ |
|
A searx/handlers/main.yml | 19 +++++++++++++++++++ |
|
A searx/meta/main.yml | 22 ++++++++++++++++++++++ |
|
A searx/molecule/default/converge.yml | 18 ++++++++++++++++++ |
|
A searx/molecule/default/molecule.yml | 23 +++++++++++++++++++++++ |
|
A searx/tasks/main.yml | 92 +++++++++++++++++++++++++++++… |
|
A searx/tasks/setup-Debian.yml | 5 +++++ |
|
A searx/tasks/setup-RedHat.yml | 25 +++++++++++++++++++++++++ |
|
A searx/tasks/variables.yml | 19 +++++++++++++++++++ |
|
A searx/templates/searx.service.j2 | 13 +++++++++++++ |
|
A searx/templates/uwsgi.ini.j2 | 18 ++++++++++++++++++ |
|
A searx/templates/uwsgi.service.j2 | 10 ++++++++++ |
|
A searx/templates/vhost.conf.j2 | 17 +++++++++++++++++ |
|
A searx/vars/RedHat-7.yml | 17 +++++++++++++++++ |
|
A searx/vars/RedHat-8.yml | 17 +++++++++++++++++ |
|
A searx/vars/Ubuntu-16.yml | 16 ++++++++++++++++ |
|
A searx/vars/Ubuntu-18.yml | 16 ++++++++++++++++ |
|
A searx/vars/Ubuntu-20.yml | 16 ++++++++++++++++ |
|
|
|
80 files changed, 1515 insertions(+), 0 deletions(-) |
|
--- |
|
diff --git a/LICENSE b/LICENSE |
|
@@ -0,0 +1,22 @@ |
|
+The MIT License (MIT) |
|
+ |
|
+Copyright (c) 2015 Jay Scott |
|
+ |
|
+Permission is hereby granted, free of charge, to any person obtaining a copy |
|
+of this software and associated documentation files (the "Software"), to deal |
|
+in the Software without restriction, including without limitation the rights |
|
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
+copies of the Software, and to permit persons to whom the Software is |
|
+furnished to do so, subject to the following conditions: |
|
+ |
|
+The above copyright notice and this permission notice shall be included in all |
|
+copies or substantial portions of the Software. |
|
+ |
|
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
|
+THE SOFTWARE. |
|
+ |
|
diff --git a/README b/README |
|
@@ -0,0 +1,6 @@ |
|
+-= ansible-roles =- |
|
+ |
|
+ This is a collection of ansible roles, these were all in separate git |
|
+repos at one point, however, I have merged them into one as I rarely use them |
|
+now. Within each role there is a README with more details on how to implement |
|
+and use that role. |
|
diff --git a/ansible-role-stagit/.ansible-lint b/ansible-role-stagit/.ansible-l… |
|
@@ -0,0 +1,2 @@ |
|
+skip_list: |
|
+ - '503' |
|
diff --git a/ansible-role-stagit/.yamllint b/ansible-role-stagit/.yamllint |
|
@@ -0,0 +1,11 @@ |
|
+--- |
|
+# Based on ansible-lint config |
|
+extends: default |
|
+ |
|
+rules: |
|
+ line-length: |
|
+ max: 120 |
|
+ level: warning |
|
+ |
|
+ignore: | |
|
+ .github/stale.yml |
|
diff --git a/ansible-role-stagit/LICENSE b/ansible-role-stagit/LICENSE |
|
@@ -0,0 +1,22 @@ |
|
+The MIT License (MIT) |
|
+ |
|
+Copyright (c) 2015 Jay Scott |
|
+ |
|
+Permission is hereby granted, free of charge, to any person obtaining a copy |
|
+of this software and associated documentation files (the "Software"), to deal |
|
+in the Software without restriction, including without limitation the rights |
|
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
+copies of the Software, and to permit persons to whom the Software is |
|
+furnished to do so, subject to the following conditions: |
|
+ |
|
+The above copyright notice and this permission notice shall be included in all |
|
+copies or substantial portions of the Software. |
|
+ |
|
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
|
+THE SOFTWARE. |
|
+ |
|
diff --git a/ansible-role-stagit/README b/ansible-role-stagit/README |
|
@@ -0,0 +1,44 @@ |
|
+-= jayscott.stagit =- |
|
+ |
|
+Install and configure a working copy of the suckless stagit application. |
|
+ |
|
+ |
|
+Requirements |
|
+------------ |
|
+ |
|
+None |
|
+ |
|
+ |
|
+Role Variables |
|
+-------------- |
|
+ |
|
+ stagit: |
|
+ user: root |
|
+ repo_url: git://git.codemadness.org/stagit |
|
+ version: HEAD |
|
+ build_path: /opt/stagit |
|
+ install_path: /usr/local/bin |
|
+ git_repos_path: /opt/git |
|
+ html_path: /var/www/stagit |
|
+ |
|
+ cron_enabled: false |
|
+ posthook_enabled: false |
|
+ |
|
+posthook_enabled will install a git hook within git_repos_path directories, |
|
+this will run create_index on a push. To over-ride the default style.css, |
|
+logo.png and favicon.png just add a copy block for your local files |
|
+within your playbook. |
|
+ |
|
+ |
|
+Dependencies |
|
+------------ |
|
+ |
|
+None |
|
+ |
|
+ |
|
+Example Playbook |
|
+---------------- |
|
+ |
|
+ - hosts: servers |
|
+ roles: |
|
+ - { role: jayscott.stagit } |
|
diff --git a/ansible-role-stagit/defaults/main.yml b/ansible-role-stagit/defaul… |
|
@@ -0,0 +1,12 @@ |
|
+--- |
|
+stagit: |
|
+ user: root |
|
+ repo_url: git://git.codemadness.org/stagit |
|
+ version: HEAD |
|
+ build_path: /opt/stagit |
|
+ install_path: /usr/local/bin |
|
+ git_repos_path: /opt/git |
|
+ html_path: /var/www/stagit |
|
+ |
|
+ cron_enabled: false |
|
+ posthook_enabled: false |
|
diff --git a/ansible-role-stagit/files/favicon.png b/ansible-role-stagit/files/… |
|
Binary files differ. |
|
diff --git a/ansible-role-stagit/files/logo.png b/ansible-role-stagit/files/log… |
|
Binary files differ. |
|
diff --git a/ansible-role-stagit/files/style.css b/ansible-role-stagit/files/st… |
|
@@ -0,0 +1,106 @@ |
|
+body { |
|
+ color: #000; |
|
+ background-color: #fff; |
|
+ font-family: monospace; |
|
+} |
|
+ |
|
+h1, h2, h3, h4, h5, h6 { |
|
+ font-size: 1em; |
|
+ margin: 0; |
|
+} |
|
+ |
|
+img, h1, h2 { |
|
+ vertical-align: middle; |
|
+} |
|
+ |
|
+img { |
|
+ border: 0; |
|
+} |
|
+ |
|
+a:target { |
|
+ background-color: #ccc; |
|
+} |
|
+ |
|
+a.d, |
|
+a.h, |
|
+a.i, |
|
+a.line { |
|
+ text-decoration: none; |
|
+} |
|
+ |
|
+#blob a { |
|
+ color: #777; |
|
+} |
|
+ |
|
+#blob a:hover { |
|
+ color: blue; |
|
+ text-decoration: none; |
|
+} |
|
+ |
|
+table thead td { |
|
+ font-weight: bold; |
|
+} |
|
+ |
|
+table td { |
|
+ padding: 0 0.4em; |
|
+} |
|
+ |
|
+#content table td { |
|
+ vertical-align: top; |
|
+ white-space: nowrap; |
|
+} |
|
+ |
|
+#branches tr:hover td, |
|
+#tags tr:hover td, |
|
+#index tr:hover td, |
|
+#log tr:hover td, |
|
+#files tr:hover td { |
|
+ background-color: #eee; |
|
+} |
|
+ |
|
+#index tr td:nth-child(2), |
|
+#tags tr td:nth-child(3), |
|
+#branches tr td:nth-child(3), |
|
+#log tr td:nth-child(2) { |
|
+ white-space: normal; |
|
+} |
|
+ |
|
+td.num { |
|
+ text-align: right; |
|
+} |
|
+ |
|
+.desc { |
|
+ color: #777; |
|
+} |
|
+ |
|
+hr { |
|
+ border: 0; |
|
+ border-top: 1px solid #777; |
|
+ height: 1px; |
|
+} |
|
+ |
|
+pre { |
|
+ font-family: monospace; |
|
+} |
|
+ |
|
+pre a.h { |
|
+ color: #00a; |
|
+} |
|
+ |
|
+.A, |
|
+span.i, |
|
+pre a.i { |
|
+ color: #070; |
|
+} |
|
+ |
|
+.D, |
|
+span.d, |
|
+pre a.d { |
|
+ color: #e00; |
|
+} |
|
+ |
|
+pre a.h:hover, |
|
+pre a.i:hover, |
|
+pre a.d:hover { |
|
+ text-decoration: none; |
|
+} |
|
diff --git a/ansible-role-stagit/handlers/main.yml b/ansible-role-stagit/handle… |
|
@@ -0,0 +1,4 @@ |
|
+--- |
|
+ |
|
+- name: reindex stagit |
|
+ command: "{{ stagit.install_path }}/create_index" |
|
diff --git a/ansible-role-stagit/meta/main.yml b/ansible-role-stagit/meta/main.… |
|
@@ -0,0 +1,23 @@ |
|
+--- |
|
+galaxy_info: |
|
+ role_name: stagit |
|
+ author: jayscott |
|
+ description: install role for stagit application. |
|
+ license: "license (BSD, MIT)" |
|
+ min_ansible_version: 2.9 |
|
+ |
|
+ platforms: |
|
+ - name: Ubuntu |
|
+ versions: |
|
+ - focal |
|
+ - bionic |
|
+ - name: EL |
|
+ versions: |
|
+ - 8 |
|
+ - name: Debian |
|
+ version: |
|
+ - 9 |
|
+ |
|
+ galaxy_tags: [] |
|
+ |
|
+dependencies: [] |
|
diff --git a/ansible-role-stagit/molecule/default/converge.yml b/ansible-role-s… |
|
@@ -0,0 +1,12 @@ |
|
+--- |
|
+- name: Converge |
|
+ hosts: all |
|
+ |
|
+ pre_tasks: |
|
+ - name: Update apt cache. |
|
+ apt: update_cache=true cache_valid_time=600 |
|
+ changed_when: false |
|
+ when: ansible_os_family == 'Debian' |
|
+ |
|
+ roles: |
|
+ - role: jayscott.stagit |
|
diff --git a/ansible-role-stagit/molecule/default/molecule.yml b/ansible-role-s… |
|
@@ -0,0 +1,23 @@ |
|
+--- |
|
+dependency: |
|
+ name: galaxy |
|
+driver: |
|
+ name: docker |
|
+lint: | |
|
+ set -e |
|
+ yamllint . |
|
+ ansible-lint |
|
+platforms: |
|
+ - name: instance |
|
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest" |
|
+ command: ${MOLECULE_DOCKER_COMMAND:-""} |
|
+ volumes: |
|
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro |
|
+ privileged: true |
|
+ pre_build_image: true |
|
+ published_ports: |
|
+ - "0.0.0.0:8000:22/tcp" |
|
+provisioner: |
|
+ name: ansible |
|
+ playbooks: |
|
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml} |
|
diff --git a/ansible-role-stagit/tasks/main.yml b/ansible-role-stagit/tasks/mai… |
|
@@ -0,0 +1,69 @@ |
|
+--- |
|
+- name: Include variables |
|
+ include_tasks: variables.yml |
|
+ |
|
+- name: Debian tasks |
|
+ include_tasks: setup-Debian.yml |
|
+ when: ansible_os_family == 'Debian' |
|
+ |
|
+- name: Redhat tasks |
|
+ include_tasks: setup-RedHat.yml |
|
+ when: ansible_os_family == 'RedHat' |
|
+ |
|
+- name: Git clone stagit |
|
+ git: |
|
+ repo: "{{ stagit.repo_url }}" |
|
+ dest: "{{ stagit.build_path }}" |
|
+ version: "{{ stagit.version }}" |
|
+ update: false |
|
+ force: false |
|
+ depth: 1 |
|
+ register: git_updated |
|
+ |
|
+- name: Make install stagit it |
|
+ make: |
|
+ chdir: "{{ stagit.build_path }}" |
|
+ target: install |
|
+ when: git_updated.changed |
|
+ |
|
+- name: Copy stagit create script |
|
+ template: |
|
+ src: "create_index.j2" |
|
+ dest: "{{ stagit.install_path }}/create_index" |
|
+ owner: "{{ stagit.user }}" |
|
+ group: "{{ stagit.user }}" |
|
+ mode: '755' |
|
+ notify: reindex stagit |
|
+ |
|
+- name: Copy stagit posthook script |
|
+ template: |
|
+ src: "posthook.j2" |
|
+ dest: "{{ stagit.install_path }}/posthook" |
|
+ owner: "{{ stagit.user }}" |
|
+ group: "{{ stagit.user }}" |
|
+ mode: '755' |
|
+ notify: reindex stagit |
|
+ when: stagit.posthook_enabled |
|
+ |
|
+- name: Create HTML and assets directory |
|
+ file: |
|
+ path: "{{ stagit.html_path }}/assets" |
|
+ state: directory |
|
+ owner: "{{ stagit.user }}" |
|
+ group: "{{ stagit.user }}" |
|
+ mode: '0755' |
|
+ |
|
+- name: Create cron for stagit index |
|
+ cron: |
|
+ name: stagit update |
|
+ minute: "*/10" |
|
+ user: "{{ stagit.user }}" |
|
+ job: "{{ stagit.install_path }}/create_index" |
|
+ when: stagit.cron_enabled |
|
+ |
|
+- name: Disable cron for stagit index |
|
+ cron: |
|
+ name: stagit update |
|
+ user: "{{ stagit.user }}" |
|
+ state: absent |
|
+ when: not stagit.cron_enabled |
|
diff --git a/ansible-role-stagit/tasks/setup-Debian.yml b/ansible-role-stagit/t… |
|
@@ -0,0 +1,5 @@ |
|
+--- |
|
+- name: Ensure stagit dependencies are installed. |
|
+ apt: |
|
+ name: "{{ stagit_dependencies }}" |
|
+ state: present |
|
diff --git a/ansible-role-stagit/tasks/setup-RedHat.yml b/ansible-role-stagit/t… |
|
@@ -0,0 +1,6 @@ |
|
+--- |
|
+- name: Ensure stagit dependencies are installed |
|
+ yum: |
|
+ name: "{{ stagit_dependencies }}" |
|
+ enablerepo: PowerTools |
|
+ state: present |
|
diff --git a/ansible-role-stagit/tasks/variables.yml b/ansible-role-stagit/task… |
|
@@ -0,0 +1,9 @@ |
|
+--- |
|
+- name: Include OS-specific variables (Debian) |
|
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.sp… |
|
+ when: ansible_os_family == 'Debian' |
|
+ |
|
+- name: Include OS-specific variables (RedHat) |
|
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split… |
|
+ when: |
|
+ - ansible_os_family == 'RedHat' |
|
diff --git a/ansible-role-stagit/templates/create_index.j2 b/ansible-role-stagi… |
|
@@ -0,0 +1,42 @@ |
|
+#!/bin/sh |
|
+ |
|
+reposdir="{{ stagit.git_repos_path }}" |
|
+curdir="{{ stagit.html_path }}" |
|
+ |
|
+{{ stagit.install_path }}/stagit-index "${reposdir}/"*/ > "${curdir}/index.htm… |
|
+ |
|
+cd {{ stagit.build_path }} |
|
+cp style.css {{ stagit.html_path}}/style.css |
|
+cp favicon.png {{ stagit.html_path}}/favicon.png |
|
+cp logo.png {{ stagit.html_path}}/logo.png |
|
+ |
|
+for dir in "${reposdir}/"*/; do |
|
+ |
|
+ # install hook if defined |
|
+ {% if stagit.posthook_enabled %} |
|
+ if ! test -L "${dir}hooks/stagit_build"; then |
|
+ ln -s "{{ stagit.install_path }}/posthook" "${dir}hooks/stagit… |
|
+ fi |
|
+ {% else %} |
|
+ if test -L "${dir}hooks/stagit_build"; then |
|
+ unlink "${dir}hooks/stagit_build" |
|
+ fi |
|
+ {% endif %} |
|
+ |
|
+ r=$(basename "${dir}") |
|
+ d=$(basename "${dir}" ".git") |
|
+ printf "%s... " "${d}" |
|
+ |
|
+ mkdir -p "${curdir}/${d}" |
|
+ cd "${curdir}/${d}" || continue |
|
+ {{ stagit.install_path }}/stagit -c ".cache" "${reposdir}/${r}" |
|
+ |
|
+ # symlinks |
|
+ ln -sf log.html index.html |
|
+ ln -sf ../style.css style.css |
|
+ ln -sf ../logo.png logo.png |
|
+ ln -sf ../favicon.png favicon.png |
|
+ |
|
+ echo "done" |
|
+done |
|
+ |
|
diff --git a/ansible-role-stagit/templates/posthook.j2 b/ansible-role-stagit/te… |
|
@@ -0,0 +1,3 @@ |
|
+#!/usr/bin/env sh |
|
+ |
|
+{{ stagit.install_path }}/create_index |
|
diff --git a/ansible-role-stagit/vars/Debian-9.yml b/ansible-role-stagit/vars/D… |
|
@@ -0,0 +1,7 @@ |
|
+--- |
|
+stagit_dependencies: |
|
+ - git |
|
+ - libgit2-dev |
|
+ - cron |
|
+ - make |
|
+ - gcc |
|
diff --git a/ansible-role-stagit/vars/RedHat-7.yml b/ansible-role-stagit/vars/R… |
|
@@ -0,0 +1,7 @@ |
|
+--- |
|
+stagit_dependencies: |
|
+ - git |
|
+ - libgit2-devel |
|
+ - make |
|
+ - gcc |
|
+ - cronie |
|
diff --git a/ansible-role-stagit/vars/RedHat-8.yml b/ansible-role-stagit/vars/R… |
|
@@ -0,0 +1,7 @@ |
|
+--- |
|
+stagit_dependencies: |
|
+ - git |
|
+ - libgit2-devel |
|
+ - make |
|
+ - gcc |
|
+ - cronie |
|
diff --git a/ansible-role-stagit/vars/Ubuntu-18.yml b/ansible-role-stagit/vars/… |
|
@@ -0,0 +1,6 @@ |
|
+--- |
|
+stagit_dependencies: |
|
+ - git |
|
+ - libgit2-dev |
|
+ - make |
|
+ - gcc |
|
diff --git a/ansible-role-stagit/vars/Ubuntu-20.yml b/ansible-role-stagit/vars/… |
|
@@ -0,0 +1,6 @@ |
|
+--- |
|
+stagit_dependencies: |
|
+ - git |
|
+ - libgit2-dev |
|
+ - make |
|
+ - gcc |
|
diff --git a/aws-vpc/LICENSE b/aws-vpc/LICENSE |
|
@@ -0,0 +1,22 @@ |
|
+The MIT License (MIT) |
|
+ |
|
+Copyright (c) 2015 Jay Scott |
|
+ |
|
+Permission is hereby granted, free of charge, to any person obtaining a copy |
|
+of this software and associated documentation files (the "Software"), to deal |
|
+in the Software without restriction, including without limitation the rights |
|
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
+copies of the Software, and to permit persons to whom the Software is |
|
+furnished to do so, subject to the following conditions: |
|
+ |
|
+The above copyright notice and this permission notice shall be included in all |
|
+copies or substantial portions of the Software. |
|
+ |
|
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
|
+THE SOFTWARE. |
|
+ |
|
diff --git a/aws-vpc/README b/aws-vpc/README |
|
@@ -0,0 +1,60 @@ |
|
+-= jayscott.aws_vpc =- |
|
+ |
|
+Provision AWS VPC, Subnets, Internet & NAT gateways and routes. |
|
+ |
|
+ |
|
+Requirements |
|
+------------ |
|
+ |
|
+You must already have AWS access keys setup in your environment: |
|
+ |
|
+aws_access_key_id |
|
+aws_secret_access_key |
|
+ |
|
+ |
|
+Role Variables |
|
+-------------- |
|
+ |
|
+ aws_region: us-west-2 # The region to deploy the VPC |
|
+ vpc_name: secuirty_vpc # A name for your VPC |
|
+ vpc: |
|
+ cidr_block: 10.0.0.0/16 # The CIDR block for the VPC |
|
+ nat_gateway_subnet_name: public_secuirty_subnet # The public subnet th… |
|
+ tenancy: default |
|
+ subnets: |
|
+ - name: public_secuirty_subnet # Name of the subnet |
|
+ cidr_block: 10.0.0.0/24 # CIDR of the subnet |
|
+ az: us-west-2a # The Availability zone within the region |
|
+ gateway: igw # Type of gateway, igw = Internet Gateway, nat = NAT ga… |
|
+ |
|
+ |
|
+Dependencies |
|
+------------ |
|
+ |
|
+None |
|
+ |
|
+ |
|
+Example Playbook |
|
+---------------- |
|
+ |
|
+ |
|
+ - hosts: servers |
|
+ vars: |
|
+ aws_region: us-west-2 |
|
+ vpc_name: elk_cluster_vpc |
|
+ vpc: |
|
+ cidr_block: 10.0.0.0/16 |
|
+ nat_gateway_subnet_name: public_elk_stack |
|
+ tenancy: default |
|
+ subnets: |
|
+ - name: public_elk_stack |
|
+ cidr_block: 10.0.0.0/24 |
|
+ az: us-west-2a |
|
+ gateway: igw |
|
+ - name: private_elk_stack |
|
+ cidr_block: 10.0.1.0/24 |
|
+ az: us-west-2a |
|
+ gateway: nat |
|
+ roles: |
|
+ - { role: aws_vpc } |
|
+ |
|
diff --git a/aws-vpc/defaults/main.yml b/aws-vpc/defaults/main.yml |
|
@@ -0,0 +1,4 @@ |
|
+--- |
|
+tenancy: default |
|
+aws_region: us-west-2 |
|
+vpc.nat_gateway_subnet_name: '' |
|
diff --git a/aws-vpc/meta/main.yml b/aws-vpc/meta/main.yml |
|
@@ -0,0 +1,16 @@ |
|
+--- |
|
+galaxy_info: |
|
+ author: jayscott |
|
+ license: MIT |
|
+ description: Provision an AWS VPC, Internet & NAT Gateways, Subnets and Rout… |
|
+ min_ansible_version: 2.4 |
|
+ platforms: |
|
+ - name: Amazon |
|
+ versions: |
|
+ - all |
|
+ galaxy_tags: |
|
+ - system |
|
+ - cloud |
|
+ - vpc |
|
+ - aws |
|
+ - amazon |
|
diff --git a/aws-vpc/tasks/create_nat_gateway.yml b/aws-vpc/tasks/create_nat_ga… |
|
@@ -0,0 +1,22 @@ |
|
+--- |
|
+- name: get subnet ID for NAT GW deployment |
|
+ ec2_vpc_subnet_facts: |
|
+ filters: |
|
+ vpc-id: "{{ my_vpc.vpc.id }}" |
|
+ "tag:Name": "{{ vpc.nat_gateway_subnet_name }}" |
|
+ region: "{{ aws_region }}" |
|
+ register: nat_gateway_subnet |
|
+ |
|
+- name: fail if more than 1 subnet found |
|
+ fail: |
|
+ msg: "Found {{ nat_gateway_subnet.subnets|length }} subnets instead of 1 s… |
|
+ when: 'nat_gateway_subnet.subnets|length != 1' |
|
+ |
|
+- name: create nat gateway |
|
+ ec2_vpc_nat_gateway: |
|
+ if_exist_do_not_create: true |
|
+ region: "{{ aws_region }}" |
|
+ state: present |
|
+ subnet_id: "{{ nat_gateway_subnet.subnets[0].id }}" |
|
+ wait: true |
|
+ register: nat_gateway |
|
diff --git a/aws-vpc/tasks/create_routes.yml b/aws-vpc/tasks/create_routes.yml |
|
@@ -0,0 +1,41 @@ |
|
+--- |
|
+- name: lists |
|
+ set_fact: |
|
+ public_subnets: [] |
|
+ private_subnets: [] |
|
+ |
|
+- name: public subnets |
|
+ set_fact: |
|
+ public_subnets: "{{ public_subnets + [ item.name ] }}" |
|
+ with_items: "{{ vpc.subnets }}" |
|
+ when: 'item.gateway is defined and item.gateway == "igw"' |
|
+ |
|
+- name: create public route table |
|
+ ec2_vpc_route_table: |
|
+ region: "{{ aws_region }}" |
|
+ routes: |
|
+ - dest: 0.0.0.0/0 |
|
+ gateway_id: igw |
|
+ state: present |
|
+ subnets: "{{ public_subnets }}" |
|
+ tags: |
|
+ Name: "{{ vpc_name }}_public" |
|
+ vpc_id: "{{ my_vpc.vpc.id }}" |
|
+ |
|
+- name: private subnets with outbound access |
|
+ set_fact: |
|
+ private_subnets: "{{ private_subnets + [ item.name ] }}" |
|
+ with_items: "{{ vpc.subnets }}" |
|
+ when: 'vpc.nat_gateway_subnet_name is defined and item.gateway is defined an… |
|
+ |
|
+- name: create private routes table with NAT gateway |
|
+ ec2_vpc_route_table: |
|
+ region: "{{ aws_region }}" |
|
+ routes: |
|
+ - dest: 0.0.0.0/0 |
|
+ gateway_id: "{{ nat_gateway.nat_gateway_id }}" |
|
+ state: present |
|
+ subnets: "{{ private_subnets }}" |
|
+ tags: |
|
+ Name: "{{ vpc_name }}_private_nat" |
|
+ vpc_id: "{{ my_vpc.vpc.id }}" |
|
diff --git a/aws-vpc/tasks/create_subnets.yml b/aws-vpc/tasks/create_subnets.yml |
|
@@ -0,0 +1,13 @@ |
|
+--- |
|
+ |
|
+- name: create subnets |
|
+ ec2_vpc_subnet: |
|
+ az: "{{ item.az }}" |
|
+ cidr: "{{ item.cidr_block }}" |
|
+ region: "{{ aws_region }}" |
|
+ state: present |
|
+ map_public: "{{ item.assign_public_ip|default(omit) }}" |
|
+ tags: |
|
+ Name: "{{ item.name }}" |
|
+ vpc_id: "{{ my_vpc.vpc.id }}" |
|
+ with_items: "{{ vpc.subnets }}" |
|
diff --git a/aws-vpc/tasks/create_vpc.yml b/aws-vpc/tasks/create_vpc.yml |
|
@@ -0,0 +1,21 @@ |
|
+--- |
|
+- name: create VPC |
|
+ ec2_vpc_net: |
|
+ cidr_block: "{{ vpc.cidr_block }}" |
|
+ name: "{{ vpc_name }}" |
|
+ region: "{{ aws_region }}" |
|
+ state: present |
|
+ tenancy: default |
|
+ register: my_vpc |
|
+ |
|
+- name: set VPC ID in variable |
|
+ set_fact: |
|
+ vpc_id: "{{ my_vpc.vpc.id }}" |
|
+ when: my_vpc.vpc is defined |
|
+ |
|
+- name: create IGW |
|
+ ec2_vpc_igw: |
|
+ region: "{{ aws_region }}" |
|
+ state: present |
|
+ vpc_id: "{{ my_vpc.vpc.id }}" |
|
+ register: created_igw |
|
diff --git a/aws-vpc/tasks/main.yml b/aws-vpc/tasks/main.yml |
|
@@ -0,0 +1,16 @@ |
|
+--- |
|
+- name: run pre-tasks |
|
+ include: pre_tasks.yml |
|
+ |
|
+- name: create VPC |
|
+ include: create_vpc.yml |
|
+ |
|
+- name: create Subnets |
|
+ include: create_subnets.yml |
|
+ |
|
+- name: create NAT gateway |
|
+ include: create_nat_gateway.yml |
|
+ when: vpc.nat_gateway_subnet_name is defined |
|
+ |
|
+- name: create routing tables |
|
+ include: create_routes.yml |
|
diff --git a/aws-vpc/tasks/pre_tasks.yml b/aws-vpc/tasks/pre_tasks.yml |
|
@@ -0,0 +1,16 @@ |
|
+--- |
|
+- name: "AWS | VPC | check region has been defined (aws_region)" |
|
+ fail: msg="You must specify a AWS region." |
|
+ when: aws_region is undefined |
|
+ |
|
+- name: "AWS | VPC | check VPC name has been defined (vpc_name)" |
|
+ fail: msg="You must specify a VPC name." |
|
+ when: vpc_name is undefined |
|
+ |
|
+- name: "AWS | VPC | check cidr_block been defined (vpc.cidr_block)" |
|
+ fail: msg="You must specify a CIDR block." |
|
+ when: vpc.cidr_block is undefined |
|
+ |
|
+- name: "AWS | VPC | check at least one been defined (vpc.subnets)" |
|
+ fail: msg="You must specify at least one subnet." |
|
+ when: vpc.subnets is undefined |
|
diff --git a/firewalld/LICENSE b/firewalld/LICENSE |
|
@@ -0,0 +1,22 @@ |
|
+The MIT License (MIT) |
|
+ |
|
+Copyright (c) 2015 Jay Scott |
|
+ |
|
+Permission is hereby granted, free of charge, to any person obtaining a copy |
|
+of this software and associated documentation files (the "Software"), to deal |
|
+in the Software without restriction, including without limitation the rights |
|
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
+copies of the Software, and to permit persons to whom the Software is |
|
+furnished to do so, subject to the following conditions: |
|
+ |
|
+The above copyright notice and this permission notice shall be included in all |
|
+copies or substantial portions of the Software. |
|
+ |
|
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
|
+THE SOFTWARE. |
|
+ |
|
diff --git a/firewalld/README b/firewalld/README |
|
@@ -0,0 +1,71 @@ |
|
+-= jayscott.firewalld =- |
|
+ |
|
+Allows you to add firewall rules to systems running firewalld. |
|
+ |
|
+Requirements |
|
+------------ |
|
+ |
|
+Tested on RHEL 7 and CentOS 7 only. |
|
+ |
|
+Ansible 1.5 or above |
|
+ |
|
+ |
|
+Role Variables |
|
+-------------- |
|
+ |
|
+The following variables are used to define a rule: |
|
+ |
|
+ firewalld_rules: |
|
+ name: |
|
+ port: |
|
+ protocol: |
|
+ state: |
|
+ zone: |
|
+ permanent: |
|
+ |
|
+For example the default is to allow SSH on the public interface: |
|
+ |
|
+ firewalld_rules: |
|
+ ssh: |
|
+ port: 22 |
|
+ protocol: tcp |
|
+ state: enabled |
|
+ zone: public |
|
+ permanent: true |
|
+ |
|
+ |
|
+Handlers |
|
+-------- |
|
+ |
|
+These are the handlers that are defined in handlers/main.yml. |
|
+ |
|
+ restart firewalld |
|
+ |
|
+ |
|
+Example Playbook |
|
+---------------- |
|
+ |
|
+ - hosts: server-name |
|
+ sudo: True |
|
+ roles: |
|
+ - jayscott.firewalld |
|
+ vars: |
|
+ firewalld_rules: |
|
+ httpd: |
|
+ port: 80 |
|
+ protocol: tcp |
|
+ state: enabled |
|
+ zone: public |
|
+ permanent: true |
|
+ mysqld: |
|
+ port: 3306 |
|
+ protocol: tcp |
|
+ state: enabled |
|
+ zone: public |
|
+ permanent: true |
|
+ |
|
+ |
|
+License |
|
+------- |
|
+ |
|
+MIT |
|
diff --git a/firewalld/defaults/main.yml b/firewalld/defaults/main.yml |
|
diff --git a/firewalld/handlers/main.yml b/firewalld/handlers/main.yml |
|
@@ -0,0 +1,3 @@ |
|
+--- |
|
+- name: restart firewalld |
|
+ service: name=firewalld state=restarted enabled=yes |
|
diff --git a/firewalld/meta/main.yml b/firewalld/meta/main.yml |
|
@@ -0,0 +1,12 @@ |
|
+--- |
|
+galaxy_info: |
|
+ author: jayscott |
|
+ description: Base role for firewalld |
|
+ license: MIT |
|
+ min_ansible_version: 1.5 |
|
+ platforms: |
|
+ - name: EL |
|
+ versions: |
|
+ - 7 |
|
+ categories: |
|
+ - system |
|
diff --git a/firewalld/tasks/main.yml b/firewalld/tasks/main.yml |
|
@@ -0,0 +1,15 @@ |
|
+--- |
|
+ |
|
+- name: check if firewalld is installed |
|
+ command: rpm -q firewalld |
|
+ ignore_errors: True |
|
+ register: rpm_check_firewalld |
|
+ |
|
+- name: install firewalld |
|
+ yum: name=firewalld state=present enabled=yes |
|
+ when: rpm_check_firewalld.stdout.find('is not installed') != -1 |
|
+ |
|
+- name: updating firewall rules |
|
+ firewalld: port={{item.value.port}}/{{item.value.protocol}} permanent={{item… |
|
+ with_dict: "{{firewalld_rules}}" |
|
+ notify: restart firewalld |
|
diff --git a/firewalld/vars/main.yml b/firewalld/vars/main.yml |
|
@@ -0,0 +1 @@ |
|
+--- |
|
diff --git a/quark/.ansible-lint b/quark/.ansible-lint |
|
@@ -0,0 +1,2 @@ |
|
+skip_list: |
|
+ - '503' |
|
diff --git a/quark/.yamllint b/quark/.yamllint |
|
@@ -0,0 +1,11 @@ |
|
+--- |
|
+# Based on ansible-lint config |
|
+extends: default |
|
+ |
|
+rules: |
|
+ line-length: |
|
+ max: 120 |
|
+ level: warning |
|
+ |
|
+ignore: | |
|
+ .github/stale.yml |
|
diff --git a/quark/LICENSE b/quark/LICENSE |
|
@@ -0,0 +1,22 @@ |
|
+The MIT License (MIT) |
|
+ |
|
+Copyright (c) 2015 Jay Scott |
|
+ |
|
+Permission is hereby granted, free of charge, to any person obtaining a copy |
|
+of this software and associated documentation files (the "Software"), to deal |
|
+in the Software without restriction, including without limitation the rights |
|
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
+copies of the Software, and to permit persons to whom the Software is |
|
+furnished to do so, subject to the following conditions: |
|
+ |
|
+The above copyright notice and this permission notice shall be included in all |
|
+copies or substantial portions of the Software. |
|
+ |
|
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
|
+THE SOFTWARE. |
|
+ |
|
diff --git a/quark/README b/quark/README |
|
@@ -0,0 +1,39 @@ |
|
+-= jayscott.quark =- |
|
+ |
|
+Install and configure a working copy of the suckless quark web server. |
|
+ |
|
+ |
|
+Requirements |
|
+------------ |
|
+ |
|
+None |
|
+ |
|
+ |
|
+Role Variables |
|
+-------------- |
|
+ |
|
+ quark: |
|
+ version: HEAD |
|
+ build_path: /opt/quark |
|
+ install_path: /usr/local/bin |
|
+ user: nobody |
|
+ group: nogroup |
|
+ host: 0.0.0.0 |
|
+ port: 8000 |
|
+ html_path: /var/www/html |
|
+ file: index.html |
|
+ threads: 512 |
|
+ |
|
+ |
|
+Dependencies |
|
+------------ |
|
+ |
|
+None |
|
+ |
|
+ |
|
+Example Playbook |
|
+---------------- |
|
+ |
|
+ - hosts: servers |
|
+ roles: |
|
+ - { role: jayscott.quark } |
|
diff --git a/quark/defaults/main.yml b/quark/defaults/main.yml |
|
@@ -0,0 +1,13 @@ |
|
+--- |
|
+quark: |
|
+ version: HEAD |
|
+ build_path: /opt/quark |
|
+ install_path: /usr/local/bin |
|
+ |
|
+ user: nobody |
|
+ group: nogroup |
|
+ host: 0.0.0.0 |
|
+ port: 8000 |
|
+ html_path: /var/www/html |
|
+ file: index.html |
|
+ threads: 512 |
|
diff --git a/quark/handlers/main.yml b/quark/handlers/main.yml |
|
@@ -0,0 +1,6 @@ |
|
+--- |
|
+- name: restart quark |
|
+ systemd: |
|
+ name: quark |
|
+ state: restarted |
|
+ daemon_reload: true |
|
diff --git a/quark/meta/main.yml b/quark/meta/main.yml |
|
@@ -0,0 +1,21 @@ |
|
+--- |
|
+galaxy_info: |
|
+ role_name: quark |
|
+ author: jayscott |
|
+ description: install role for quark application. |
|
+ license: "license (BSD, MIT)" |
|
+ min_ansible_version: 2.9 |
|
+ |
|
+ platforms: |
|
+ - name: Ubuntu |
|
+ versions: |
|
+ - focal |
|
+ - bionic |
|
+ - name: EL |
|
+ versions: |
|
+ - 7 |
|
+ - 8 |
|
+ |
|
+ galaxy_tags: [] |
|
+ |
|
+dependencies: [] |
|
diff --git a/quark/molecule/default/converge.yml b/quark/molecule/default/conve… |
|
@@ -0,0 +1,25 @@ |
|
+--- |
|
+- name: Converge |
|
+ hosts: all |
|
+ |
|
+ pre_tasks: |
|
+ - name: Update apt cache. |
|
+ apt: update_cache=true cache_valid_time=600 |
|
+ changed_when: false |
|
+ when: ansible_os_family == 'Debian' |
|
+ |
|
+ - name: Create directory for testing |
|
+ file: |
|
+ path: /var/www/html |
|
+ state: directory |
|
+ mode: '0755' |
|
+ |
|
+ - name: "Creat test index.html file" |
|
+ copy: |
|
+ content: "Quark test instance" |
|
+ dest: /var/www/html/index.html |
|
+ force: true |
|
+ mode: 0744 |
|
+ |
|
+ roles: |
|
+ - role: jayscott.quark |
|
diff --git a/quark/molecule/default/molecule.yml b/quark/molecule/default/molec… |
|
@@ -0,0 +1,23 @@ |
|
+--- |
|
+dependency: |
|
+ name: galaxy |
|
+driver: |
|
+ name: docker |
|
+lint: | |
|
+ set -e |
|
+ yamllint . |
|
+ ansible-lint |
|
+platforms: |
|
+ - name: instance |
|
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest" |
|
+ command: ${MOLECULE_DOCKER_COMMAND:-""} |
|
+ volumes: |
|
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro |
|
+ privileged: true |
|
+ pre_build_image: true |
|
+ published_ports: |
|
+ - "0.0.0.0:8000:8000/tcp" |
|
+provisioner: |
|
+ name: ansible |
|
+ playbooks: |
|
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml} |
|
diff --git a/quark/tasks/main.yml b/quark/tasks/main.yml |
|
@@ -0,0 +1,50 @@ |
|
+--- |
|
+- name: Include variables |
|
+ include_tasks: variables.yml |
|
+ |
|
+- name: Debian tasks |
|
+ include_tasks: setup-Debian.yml |
|
+ when: ansible_os_family == 'Debian' |
|
+ |
|
+- name: Redhat tasks |
|
+ include_tasks: setup-RedHat.yml |
|
+ when: ansible_os_family == 'RedHat' |
|
+ |
|
+- name: Add quark user account |
|
+ user: |
|
+ name: "{{ quark.user }}" |
|
+ create_home: false |
|
+ shell: /bin/false |
|
+ |
|
+- name: Ensure group exists |
|
+ group: |
|
+ name: "{{ quark.group }}" |
|
+ state: present |
|
+ |
|
+- name: Git clone quark |
|
+ git: |
|
+ repo: "git://git.suckless.org/quark" |
|
+ dest: "{{ quark.build_path }}" |
|
+ version: "{{ quark.version }}" |
|
+ update: false |
|
+ force: false |
|
+ depth: 1 |
|
+ register: git_updated |
|
+ |
|
+- name: Make install quark |
|
+ make: |
|
+ chdir: "{{ quark.build_path }}" |
|
+ target: install |
|
+ when: git_updated.changed |
|
+ |
|
+- name: Copy quark systemd service template |
|
+ template: |
|
+ src: quark.service.j2 |
|
+ dest: /lib/systemd/system/quark.service |
|
+ notify: restart quark |
|
+ |
|
+- name: Enable and start quark service |
|
+ service: |
|
+ name: quark |
|
+ state: started |
|
+ enabled: true |
|
diff --git a/quark/tasks/setup-Debian.yml b/quark/tasks/setup-Debian.yml |
|
@@ -0,0 +1,5 @@ |
|
+--- |
|
+- name: Ensure quark dependencies are installed. |
|
+ apt: |
|
+ name: "{{ quark_dependencies }}" |
|
+ state: present |
|
diff --git a/quark/tasks/setup-RedHat.yml b/quark/tasks/setup-RedHat.yml |
|
@@ -0,0 +1,5 @@ |
|
+--- |
|
+- name: Ensure quark dependencies are installed |
|
+ yum: |
|
+ name: "{{ quark_dependencies }}" |
|
+ state: present |
|
diff --git a/quark/tasks/variables.yml b/quark/tasks/variables.yml |
|
@@ -0,0 +1,9 @@ |
|
+--- |
|
+- name: Include OS-specific variables (Debian) |
|
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.sp… |
|
+ when: ansible_os_family == 'Debian' |
|
+ |
|
+- name: Include OS-specific variables (RedHat) |
|
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split… |
|
+ when: |
|
+ - ansible_os_family == 'RedHat' |
|
diff --git a/quark/templates/quark.service.j2 b/quark/templates/quark.service.j2 |
|
@@ -0,0 +1,12 @@ |
|
+[Unit] |
|
+Description=Quark suckless web server |
|
+ |
|
+[Service] |
|
+Type=simple |
|
+Restart=on-failure |
|
+ |
|
+WorkingDirectory={{ quark.html_path }} |
|
+ExecStart={{ quark.install_path }}/quark -p {{ quark.port }} -u {{ quark.user … |
|
+ |
|
+[Install] |
|
+WantedBy=multi-user.target |
|
diff --git a/quark/vars/RedHat-7.yml b/quark/vars/RedHat-7.yml |
|
@@ -0,0 +1,5 @@ |
|
+--- |
|
+quark_dependencies: |
|
+ - git |
|
+ - make |
|
+ - gcc |
|
diff --git a/quark/vars/RedHat-8.yml b/quark/vars/RedHat-8.yml |
|
@@ -0,0 +1,5 @@ |
|
+--- |
|
+quark_dependencies: |
|
+ - git |
|
+ - make |
|
+ - gcc |
|
diff --git a/quark/vars/Ubuntu-18.yml b/quark/vars/Ubuntu-18.yml |
|
@@ -0,0 +1,5 @@ |
|
+--- |
|
+quark_dependencies: |
|
+ - git |
|
+ - make |
|
+ - gcc |
|
diff --git a/quark/vars/Ubuntu-20.yml b/quark/vars/Ubuntu-20.yml |
|
@@ -0,0 +1,5 @@ |
|
+--- |
|
+quark_dependencies: |
|
+ - git |
|
+ - make |
|
+ - gcc |
|
diff --git a/searx/LICENSE b/searx/LICENSE |
|
@@ -0,0 +1,22 @@ |
|
+The MIT License (MIT) |
|
+ |
|
+Copyright (c) 2015 Jay Scott |
|
+ |
|
+Permission is hereby granted, free of charge, to any person obtaining a copy |
|
+of this software and associated documentation files (the "Software"), to deal |
|
+in the Software without restriction, including without limitation the rights |
|
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|
+copies of the Software, and to permit persons to whom the Software is |
|
+furnished to do so, subject to the following conditions: |
|
+ |
|
+The above copyright notice and this permission notice shall be included in all |
|
+copies or substantial portions of the Software. |
|
+ |
|
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
|
+THE SOFTWARE. |
|
+ |
|
diff --git a/searx/README b/searx/README |
|
@@ -0,0 +1,42 @@ |
|
+-= jayscott.searx =- |
|
+ |
|
+Install and configure a working copy of the Searx application. |
|
+ |
|
+ |
|
+Requirements |
|
+------------ |
|
+ |
|
+None |
|
+ |
|
+ |
|
+Role Variables |
|
+-------------- |
|
+ |
|
+ # Searx config |
|
+ searx_release: HEAD |
|
+ searx_user: searx |
|
+ searx_install_path: /usr/local/searx |
|
+ searx_debug: false |
|
+ |
|
+ # Nginx config |
|
+ searx_server_name: searx.mydomain.com |
|
+ searx_access_log: /dev/null |
|
+ searx_error_log: /dev/null |
|
+ searx_remove_nginx_default: true |
|
+ |
|
+ # Uwsgi config |
|
+ searx_uwsgi_workers: 4 |
|
+ |
|
+ |
|
+Dependencies |
|
+------------ |
|
+ |
|
+None |
|
+ |
|
+ |
|
+Example Playbook |
|
+---------------- |
|
+ |
|
+ - hosts: servers |
|
+ roles: |
|
+ - { role: jayscott.searx } |
|
diff --git a/searx/defaults/main.yml b/searx/defaults/main.yml |
|
@@ -0,0 +1,16 @@ |
|
+--- |
|
+ |
|
+# Searx config |
|
+searx_release: HEAD |
|
+searx_user: searx |
|
+searx_install_path: /usr/local/searx |
|
+searx_debug: false |
|
+ |
|
+# Nginx config |
|
+searx_server_name: localhost |
|
+searx_access_log: /var/log/nginx/access.log |
|
+searx_error_log: /var/log/nginx/error.log |
|
+searx_remove_nginx_default: true |
|
+ |
|
+# Uwsgi config |
|
+searx_uwsgi_workers: 4 |
|
diff --git a/searx/handlers/main.yml b/searx/handlers/main.yml |
|
@@ -0,0 +1,19 @@ |
|
+--- |
|
+ |
|
+- name: Restart searx |
|
+ systemd: |
|
+ name: searx |
|
+ state: restarted |
|
+ daemon_reload: true |
|
+ |
|
+- name: Restart nginx |
|
+ systemd: |
|
+ name: nginx |
|
+ state: restarted |
|
+ daemon_reload: true |
|
+ |
|
+- name: Restart uwsgi |
|
+ systemd: |
|
+ name: uwsgi |
|
+ state: restarted |
|
+ daemon_reload: true |
|
diff --git a/searx/meta/main.yml b/searx/meta/main.yml |
|
@@ -0,0 +1,22 @@ |
|
+--- |
|
+galaxy_info: |
|
+ role_name: searx |
|
+ author: jayscott |
|
+ description: install role for searx application. |
|
+ license: "license (BSD, MIT)" |
|
+ min_ansible_version: 2.9 |
|
+ |
|
+ platforms: |
|
+ - name: Ubuntu |
|
+ versions: |
|
+ - focal |
|
+ - bionic |
|
+ - xenial |
|
+ - name: EL |
|
+ versions: |
|
+ - 7 |
|
+ - 8 |
|
+ |
|
+ galaxy_tags: [] |
|
+ |
|
+dependencies: [] |
|
diff --git a/searx/molecule/default/converge.yml b/searx/molecule/default/conve… |
|
@@ -0,0 +1,18 @@ |
|
+--- |
|
+- name: Converge |
|
+ hosts: all |
|
+ |
|
+ pre_tasks: |
|
+ - name: Update apt cache. |
|
+ apt: update_cache=true cache_valid_time=600 |
|
+ changed_when: false |
|
+ when: ansible_os_family == 'Debian' |
|
+ |
|
+ roles: |
|
+ - role: jayscott.searx |
|
+ |
|
+ post_tasks: |
|
+ - name: Verify searx is listening. |
|
+ uri: |
|
+ url: "http://localhost:8888" |
|
+ status_code: 200 |
|
diff --git a/searx/molecule/default/molecule.yml b/searx/molecule/default/molec… |
|
@@ -0,0 +1,23 @@ |
|
+--- |
|
+dependency: |
|
+ name: galaxy |
|
+driver: |
|
+ name: docker |
|
+lint: | |
|
+ set -e |
|
+ yamllint . |
|
+ ansible-lint |
|
+platforms: |
|
+ - name: instance |
|
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest" |
|
+ command: ${MOLECULE_DOCKER_COMMAND:-""} |
|
+ volumes: |
|
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro |
|
+ privileged: true |
|
+ pre_build_image: true |
|
+ published_ports: |
|
+ - "0.0.0.0:8000:80/tcp" |
|
+provisioner: |
|
+ name: ansible |
|
+ playbooks: |
|
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml} |
|
diff --git a/searx/tasks/main.yml b/searx/tasks/main.yml |
|
@@ -0,0 +1,92 @@ |
|
+--- |
|
+- include_tasks: variables.yml |
|
+ |
|
+- name: Add searx user account. |
|
+ user: |
|
+ name: "{{ searx_user }}" |
|
+ home: "{{ searx_install_path }}" |
|
+ create_home: false |
|
+ register: add_user |
|
+ |
|
+- include_tasks: setup-Debian.yml |
|
+ when: ansible_os_family == 'Debian' |
|
+ |
|
+- include_tasks: setup-RedHat.yml |
|
+ when: ansible_os_family == 'RedHat' |
|
+ |
|
+- name: Git clone searx repo. |
|
+ git: |
|
+ repo: 'https://github.com/asciimoo/searx.git' |
|
+ dest: "{{ searx_install_path }}" |
|
+ version: "{{ searx_release }}" |
|
+ update: false |
|
+ force: false |
|
+ depth: 1 |
|
+ register: git_updated |
|
+ |
|
+- name: Install python dependencies. |
|
+ pip: |
|
+ virtualenv: searx-ve |
|
+ virtualenv_site_packages: true |
|
+ requirements: requirements.txt |
|
+ extra_args: '--no-cache-dir' |
|
+ chdir: '{{ searx_install_path }}' |
|
+ |
|
+- name: Generate secret key. |
|
+ command: openssl rand -hex 16 |
|
+ register: searx_key |
|
+ when: git_updated.changed |
|
+ |
|
+- name: Update searx secret key. |
|
+ replace: |
|
+ dest: "{{ searx_install_path }}/searx/settings.yml" |
|
+ regexp: ultrasecretkey |
|
+ replace: "{{ searx_key.stdout }}" |
|
+ when: git_updated.changed |
|
+ notify: Restart searx |
|
+ |
|
+- name: Disable searx debugging. |
|
+ replace: |
|
+ dest: "{{ searx_install_path }}/searx/settings.yml" |
|
+ regexp: "debug : True" |
|
+ replace: "debug : False" |
|
+ when: not searx_debug |
|
+ notify: Restart searx |
|
+ |
|
+- name: Enable searx debugging. |
|
+ replace: |
|
+ dest: "{{ searx_install_path }}/searx/settings.yml" |
|
+ regexp: "debug : False" |
|
+ replace: "debug : True" |
|
+ when: searx_debug |
|
+ notify: Restart searx |
|
+ |
|
+- name: Copy searx systemd service template. |
|
+ template: |
|
+ src: searx.service.j2 |
|
+ dest: /lib/systemd/system/searx.service |
|
+ |
|
+- name: Enable and start searx service |
|
+ service: |
|
+ name: searx |
|
+ state: started |
|
+ enabled: true |
|
+ |
|
+- name: Copy nginx config. |
|
+ template: |
|
+ src: vhost.conf.j2 |
|
+ dest: "{{ nginx_vhost_path }}/vhost_searx.conf" |
|
+ notify: Restart nginx |
|
+ |
|
+- name: Remove default nginx config. |
|
+ file: |
|
+ path: /etc/nginx/sites-enabled/default |
|
+ state: absent |
|
+ when: searx_remove_nginx_default |
|
+ notify: Restart nginx |
|
+ |
|
+- name: Copy uwsgi config. |
|
+ template: |
|
+ src: uwsgi.ini.j2 |
|
+ dest: /etc/uwsgi/apps-enabled/searx.ini |
|
+ notify: Restart uwsgi |
|
diff --git a/searx/tasks/setup-Debian.yml b/searx/tasks/setup-Debian.yml |
|
@@ -0,0 +1,5 @@ |
|
+--- |
|
+- name: Ensure searx dependencies are installed. |
|
+ apt: |
|
+ name: "{{ searx_dependencies }}" |
|
+ state: present |
|
diff --git a/searx/tasks/setup-RedHat.yml b/searx/tasks/setup-RedHat.yml |
|
@@ -0,0 +1,25 @@ |
|
+--- |
|
+- name: Ensure searx dependencies are installed. |
|
+ yum: |
|
+ name: "{{ searx_dependencies }}" |
|
+ state: present |
|
+ |
|
+- name: Install uwsgi via pip |
|
+ pip: |
|
+ name: uwsgi |
|
+ state: present |
|
+ |
|
+- name: Copy uwsgi systemd service template. |
|
+ template: |
|
+ src: uwsgi.service.j2 |
|
+ dest: /lib/systemd/system/uwsgi.service |
|
+ when: ansible_os_family == 'RedHat' |
|
+ notify: Restart uwsgi |
|
+ |
|
+- name: Create directories if they don't exist |
|
+ file: |
|
+ path: /etc/uwsgi/apps-enabled |
|
+ state: directory |
|
+ owner: "{{ searx_user }}" |
|
+ group: "{{ searx_user }}" |
|
+ mode: '0755' |
|
diff --git a/searx/tasks/variables.yml b/searx/tasks/variables.yml |
|
@@ -0,0 +1,19 @@ |
|
+--- |
|
+- name: Include OS-specific variables (Debian). |
|
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.sp… |
|
+ when: ansible_os_family == 'Debian' |
|
+ |
|
+- name: Include OS-specific variables (RedHat). |
|
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split… |
|
+ when: |
|
+ - ansible_os_family == 'RedHat' |
|
+ |
|
+- name: Define searx_dependencies. |
|
+ set_fact: |
|
+ searx_dependencies: "{{ __searx_dependencies }}" |
|
+ when: searx_dependencies is not defined |
|
+ |
|
+- name: Define nginx_vhost_path. |
|
+ set_fact: |
|
+ nginx_vhost_path: "{{ __nginx_vhost_path }}" |
|
+ when: nginx_vhost_path is not defined |
|
diff --git a/searx/templates/searx.service.j2 b/searx/templates/searx.service.j2 |
|
@@ -0,0 +1,13 @@ |
|
+[Unit] |
|
+Description=Searx Meta Search Engine |
|
+ |
|
+[Service] |
|
+Type=simple |
|
+User={{ searx_user }} |
|
+Group={{ searx_user }} |
|
+Restart=on-failure |
|
+WorkingDirectory={{ searx_install_path }} |
|
+ExecStart={{ searx_install_path }}/searx-ve/bin/python searx/webapp.py |
|
+ |
|
+[Install] |
|
+WantedBy=multi-user.target |
|
diff --git a/searx/templates/uwsgi.ini.j2 b/searx/templates/uwsgi.ini.j2 |
|
@@ -0,0 +1,18 @@ |
|
+[uwsgi] |
|
+uid = {{ searx_user }} |
|
+gid = {{ searx_user }} |
|
+ |
|
+disable-logging = true |
|
+workers = {{ searx_uwsgi_workers }} |
|
+chmod-socket = 666 |
|
+single-interpreter = true |
|
+master = true |
|
+plugin = python3 |
|
+lazy-apps = true |
|
+enable-threads = true |
|
+module = searx.webapp |
|
+socket = /run/uwsgi/app/searx/socket |
|
+route-run = fixpathinfo: |
|
+virtualenv = /usr/local/searx/searx-ve/ |
|
+pythonpath = /usr/local/searx/ |
|
+chdir = /usr/local/searx/searx/ |
|
diff --git a/searx/templates/uwsgi.service.j2 b/searx/templates/uwsgi.service.j2 |
|
@@ -0,0 +1,10 @@ |
|
+[Unit] |
|
+Description=uwsgi start up script |
|
+ |
|
+[Service] |
|
+Type=simple |
|
+Restart=on-failure |
|
+ |
|
+WorkingDirectory={{ searx_install_path }} |
|
+ExecStartPre=-/usr/bin/bash -c 'mkdir -p /run/uwsgi/app/searx; chown -R {{ sea… |
|
+ExecStart=/usr/bin/bash -c '{{ searx_install_path }}/searx-ve/bin/python searx… |
|
diff --git a/searx/templates/vhost.conf.j2 b/searx/templates/vhost.conf.j2 |
|
@@ -0,0 +1,17 @@ |
|
+server { |
|
+ listen 80; |
|
+ server_name _ {{ searx_server_name }}; |
|
+ root {{ searx_install_path}}/searx; |
|
+ |
|
+ server_tokens off; |
|
+ access_log {{ searx_access_log }}; |
|
+ error_log {{ searx_error_log }}; |
|
+ |
|
+ location /static { |
|
+ } |
|
+ |
|
+ location / { |
|
+ include uwsgi_params; |
|
+ uwsgi_pass unix:/run/uwsgi/app/searx/socket; |
|
+ } |
|
+} |
|
diff --git a/searx/vars/RedHat-7.yml b/searx/vars/RedHat-7.yml |
|
@@ -0,0 +1,17 @@ |
|
+--- |
|
+__searx_dependencies: |
|
+ - git |
|
+ - gcc |
|
+ - gcc-c++ |
|
+ - kernel-devel |
|
+ - make |
|
+ - libxslt-devel |
|
+ - python-devel |
|
+ - python-virtualenv |
|
+ - python-babel |
|
+ - zlib-devel |
|
+ - libffi-devel |
|
+ - openssl-devel |
|
+ - nginx |
|
+ |
|
+__nginx_vhost_path: /etc/nginx/conf.d |
|
diff --git a/searx/vars/RedHat-8.yml b/searx/vars/RedHat-8.yml |
|
@@ -0,0 +1,17 @@ |
|
+--- |
|
+__searx_dependencies: |
|
+ - git |
|
+ - gcc |
|
+ - gcc-c++ |
|
+ - kernel-devel |
|
+ - make |
|
+ - libxslt-devel |
|
+ - platform-python-devel |
|
+ - python3-virtualenv |
|
+ - python3-babel |
|
+ - zlib-devel |
|
+ - libffi-devel |
|
+ - openssl-devel |
|
+ - nginx |
|
+ |
|
+__nginx_vhost_path: /etc/nginx/conf.d |
|
diff --git a/searx/vars/Ubuntu-16.yml b/searx/vars/Ubuntu-16.yml |
|
@@ -0,0 +1,16 @@ |
|
+--- |
|
+__searx_dependencies: |
|
+ - git |
|
+ - build-essential |
|
+ - libxslt-dev |
|
+ - python-dev |
|
+ - virtualenv |
|
+ - python-babel |
|
+ - zlib1g-dev |
|
+ - libffi-dev |
|
+ - libssl-dev |
|
+ - nginx |
|
+ - uwsgi |
|
+ - uwsgi-plugin-python3 |
|
+ |
|
+__nginx_vhost_path: /etc/nginx/sites-enabled |
|
diff --git a/searx/vars/Ubuntu-18.yml b/searx/vars/Ubuntu-18.yml |
|
@@ -0,0 +1,16 @@ |
|
+--- |
|
+__searx_dependencies: |
|
+ - git |
|
+ - build-essential |
|
+ - libxslt-dev |
|
+ - python-dev |
|
+ - virtualenv |
|
+ - python-babel |
|
+ - zlib1g-dev |
|
+ - libffi-dev |
|
+ - libssl-dev |
|
+ - nginx |
|
+ - uwsgi |
|
+ - uwsgi-plugin-python3 |
|
+ |
|
+__nginx_vhost_path: /etc/nginx/sites-enabled |
|
diff --git a/searx/vars/Ubuntu-20.yml b/searx/vars/Ubuntu-20.yml |
|
@@ -0,0 +1,16 @@ |
|
+--- |
|
+__searx_dependencies: |
|
+ - git |
|
+ - build-essential |
|
+ - libxslt-dev |
|
+ - python-dev |
|
+ - virtualenv |
|
+ - python-babel |
|
+ - zlib1g-dev |
|
+ - libffi-dev |
|
+ - libssl-dev |
|
+ - nginx |
|
+ - uwsgi |
|
+ - uwsgi-plugin-python3 |
|
+ |
|
+__nginx_vhost_path: /etc/nginx/sites-enabled |
