* conditional logic for nginx www redirect

+ use lxc_host & ssh proxying for resolve connection to inner lxc host in proxmox + bash helper for launch playbooks + nginx html default template * create databases moved into own custom variables + new using debops roles: yadm (dotfiles), sudo, root_account, system_users #861m7vaer Шаблон операционной системы на Debian 10
2 years ago · cb1b727da9
27 changed files with 816 additions and 39 deletions
--- a/apache-site.yml
+++ b/apache-site.yml
@ -1,9 +1,12 @@
 ---
 - import_playbook: debops/tzdata.yml
 - import_playbook: debops/pki.yml
 - import_playbook: debops/mariadb_server.yml
 - import_playbook: debops/mariadb-custom-db.yml
 - import_playbook: debops/php-wp.yml
 - import_playbook: debops/apache.yml
 - import_playbook: debops/users.yml
 - import_playbook: debops/sudo.yml
 # Import all other group playbooks in this file...
--- a/debops/apache.yml
+++ b/debops/apache.yml
@ -49,6 +49,7 @@
 #      name: '{{ apache__default_vhost_name }}'
 #      filename: '000-default'
 #      root: '/var/www/html'
    apache__vhost_allow_override: 'All'
  pre_tasks:
--- a/debops/files/etc/nginx/includes.d/octobercms.conf
+++ b/debops/files/etc/nginx/includes.d/octobercms.conf
--- a/debops/files/etc/nginx/includes.d/staticfiles.conf
+++ b/debops/files/etc/nginx/includes.d/staticfiles.conf
--- a/debops/files/etc/nginx/includes.d/www.conf
+++ b/debops/files/etc/nginx/includes.d/www.conf
--- a/debops/keyring.yml
+++ b/debops/keyring.yml
@ -0,0 +1,19 @@
 ---
 - name: Manage APT and GPG keyrings
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debian10' ]
  become: True
  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'
  vars:
    keyring__enabled: True
  roles:
    - role: keyring
      tags: [ 'role::keyring', 'skip::keyring' ]
--- a/debops/mariadb-custom-db.yml
+++ b/debops/mariadb-custom-db.yml
@ -10,17 +10,14 @@
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'
  vars:
    mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}'
    mariadb__upstream_version: '10.5'
    mariadb__databases:
      - name: 'intermetiz'
      - name: 'intermetiz-products'
    mariadb__users:
      - name: 'intermetiz'
        host: '%'
        database: 'intermetiz%'
  vars_files:
    - ./../vars/databases.yml
    -
  roles:
    - role: secret
--- a/debops/nginx.yml
+++ b/debops/nginx.yml
@ -10,6 +10,10 @@
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'
  vars_files:
    - ./../vars/nginx.yml
  vars:
    nginx_acme: False
    nginx_http_extra_options: |
@ -20,18 +24,15 @@
    nginx_ocsp: False
    nginx_worker_processes: auto
    nginx__servers:
      - name: vam-teplee
      - name: '{{ lxc_host }}'
        type: php
        root: /var/www/vam-teplee
        root: '/var/www/{{ lxc_host }}'
        public_dir_name: ''
        include_files_begin:
          - includes.d/www.conf
          - includes.d/octobercms.conf
          - includes.d/staticfiles.conf
        include_files_begin: '{{ nginx_includes_begin }}'
        options: set $upstream unix:/run/php7.4-fpm-www-data.sock;
@ -55,32 +56,54 @@
        php_location_path_info: ~ ^(?<script_name>/index\.php)(?<path_info>/.*)?
  pre_tasks:
    - name: Set filtered includes
      set_fact:
        nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}"
      when: item != omit
      loop:
          - "{{ (nginx_www_redirect | default(False)) | ternary('includes.d/www.conf', omit) }}"
          - includes.d/octobercms.conf
          - includes.d/staticfiles.conf
    - name: Copy OctoberCMS nginx conf includes and www redirect
      copy:
        src: "{{item}}"
        src: etc/nginx/includes.d
        dest: /etc/nginx/
        mode: 0644
      loop:
        - nginx/includes.d
  post_tasks:
    - name: Default index.html
      template:
        src: var/www/lxc_host/index.html.j2
        dest: '/var/www/{{ lxc_host }}/index.html'
        mode: 0644
        owner: '{{ lxc_host }}'
    - name: Copy normalized.css
      template:
        src: var/www/lxc_host/normalized.css
        dest: '/var/www/{{ lxc_host }}/'
        mode: 0644
        owner: '{{ lxc_host }}'
  roles:
    - role: keyring
      tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
      keyring__dependent_apt_keys:
        - '{{ nginx__keyring__dependent_apt_keys }}'
    - role: apt_preferences
      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
      apt_preferences__dependent_list:
        - '{{ nginx__apt_preferences__dependent_list }}'
    - role: python
      tags: [ 'role::python', 'skip::python' ]
      python__dependent_packages3:
        - '{{ nginx__python__dependent_packages3 }}'
      python__dependent_packages2:
        - '{{ nginx__python__dependent_packages2 }}'
 #    - role: keyring
 #      tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
 #      keyring__dependent_apt_keys:
 #        - '{{ nginx__keyring__dependent_apt_keys }}'
 #
 #    - role: apt_preferences
 #      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
 #      apt_preferences__dependent_list:
 #        - '{{ nginx__apt_preferences__dependent_list }}'
 #
 #    - role: python
 #      tags: [ 'role::python', 'skip::python' ]
 #      python__dependent_packages3:
 #        - '{{ nginx__python__dependent_packages3 }}'
 #      python__dependent_packages2:
 #        - '{{ nginx__python__dependent_packages2 }}'
    - role: nginx
      tags: [ 'role::nginx', 'skip::nginx' ]
--- a/debops/root_account.yml
+++ b/debops/root_account.yml
@ -0,0 +1,20 @@
 ---
 - name: Manage root system account
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debian10' ]
  become: True
  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'
  vars:
    root_account__enabled: True
 #    root_account__dotfiles_enabled: True
 #    root_account__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git'
  roles:
    - role: root_account
      tags: [ 'role::root_account', 'skip::root_account' ]
--- a/debops/sudo.yml
+++ b/debops/sudo.yml
@ -0,0 +1,30 @@
 ---
 - name: Configure sudo service
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debian10' ]
  become: True
  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'
  vars_files:
    - ./../vars/sudo.yml
  roles:
 #    - role: python
 #      tags: [ 'role::python', 'skip::python', 'role::ldap' ]
 #      python__dependent_packages3:
 #        - '{{ ldap__python__dependent_packages3 }}'
 #      python__dependent_packages2:
 #        - '{{ ldap__python__dependent_packages2 }}'
 #
 #    - role: ldap
 #      tags: [ 'role::ldap', 'skip::ldap' ]
 #      ldap__dependent_tasks:
 #        - '{{ sudo__ldap__dependent_tasks }}'
    - role: sudo
      tags: [ 'role::sudo', 'skip::sudo' ]
--- a/debops/system_users.yml
+++ b/debops/system_users.yml
@ -0,0 +1,27 @@
 ---
 - name: Manage local users and groups
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debian10' ]
  become: True
  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'
  vars:
    system_users__self: False
    system_users__dotfiles_enabled: True
    system_users__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git'
  vars_files:
    - ./../vars/system_users.yml
  roles:
    - role: libuser
      tags: [ 'role::libuser', 'skip::libuser' ]
    - role: system_users
      tags: [ 'role::system_users', 'skip::system_users' ]
--- a/debops/templates/var/www/lxc_host/index.html.j2
+++ b/debops/templates/var/www/lxc_host/index.html.j2
@ -0,0 +1,76 @@
 {# Copyright (C) 2014-2017 Maciej Delmanowski <drybjed@drybjed.net>
 # Copyright (C) 2015-2017 Robin Schneider <ypid@riseup.net>
 # Copyright (C) 2014-2017 DebOps <https://debops.org/>
 # SPDX-License-Identifier: GPL-3.0-only
 #}
 <!DOCTYPE html>
 <html lang="en">
 {% set nginx_tpl_domain = item.welcome_domain | d(item.name if (item.name is string) else item.name[0] | d(ansible_domain)) %}
 {% if nginx_tpl_domain %}
 {%   set nginx_tpl_welcome_title = '<a href="' + item.welcome_url_scheme | d("https") + '://' + nginx_tpl_domain + '/">' + nginx_tpl_domain + '</a>' %}
 {% else %}
 {%   set nginx_tpl_welcome_title = '<a href="http://companyname.website/">CompanyName.website</a>' %}
 {% endif %}
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta name="referrer" content="no-referrer">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>{{ nginx_tpl_domain | d("CompanyName.website") }}</title>
 {% if item.welcome_css | d(True) | bool %}
    <link rel="stylesheet" type="text/css" media="screen" href="normalize.css">
    <style type="text/css" media="screen">
 html {
  font-size: 17px;
  font-family: "Droid Sans Condensed", sans-serif;
 }
@media (max-width: 900px) {
  html { font-size: 15px; }
 }
@media (max-width: 400px) {
  html { font-size: 13px; }
 }
 #content {
  margin: 0 auto;
  width: 600px;
  padding: 2rem;
  text-align: center;
 }
@media (max-width: 900px) {
  #content {
    width: 70%;
    padding: 1.5rem;
  }
 }
 h1 {
  padding-bottom: 0.05em;
  border-bottom: 2px solid #0092DF;
 }
 a {
  text-decoration: none;
  color: #0092DF;
 }
    </style>
 {% endif %}
  </head>
  <body>
    <div id="content">
      <h2>{{ nginx_tpl_welcome_title }}</h2>
 {% if nginx_tpl_domain %}
      <p id="http-status"><strong>{{ item.welcome_status_choices | d([ '200 OK', "418 I'm a teapot" ]) | random }}</strong></p>
 {% elif not nginx_tpl_domain %}
      <p>If you're reading this, the web server was installed correctly.</p>
 {% endif %}
    </div>
  </body>
 </html>
--- a/debops/templates/var/www/lxc_host/normalize.css
+++ b/debops/templates/var/www/lxc_host/normalize.css
@ -0,0 +1,427 @@
 /*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */
 /* Copyright (C) 2015 Nicolas Gallagher <nicolasgallagher@gmail.com> */
 /* Copyright (C) 2015 Jonathan Neal <jonathantneal@hotmail.com> */
 /* SPDX-License-Identifier: MIT */
 /**
 * 1. Set default font family to sans-serif.
 * 2. Prevent iOS and IE text size adjust after device orientation change,
 *    without disabling user zoom.
 */
 html {
  font-family: sans-serif; /* 1 */
  -ms-text-size-adjust: 100%; /* 2 */
  -webkit-text-size-adjust: 100%; /* 2 */
 }
 /**
 * Remove default margin.
 */
 body {
  margin: 0;
 }
 /* HTML5 display definitions
   ========================================================================== */
 /**
 * Correct `block` display not defined for any HTML5 element in IE 8/9.
 * Correct `block` display not defined for `details` or `summary` in IE 10/11
 * and Firefox.
 * Correct `block` display not defined for `main` in IE 11.
 */
 article,
 aside,
 details,
 figcaption,
 figure,
 footer,
 header,
 hgroup,
 main,
 menu,
 nav,
 section,
 summary {
  display: block;
 }
 /**
 * 1. Correct `inline-block` display not defined in IE 8/9.
 * 2. Normalize vertical alignment of `progress` in Chrome, Firefox, and Opera.
 */
 audio,
 canvas,
 progress,
 video {
  display: inline-block; /* 1 */
  vertical-align: baseline; /* 2 */
 }
 /**
 * Prevent modern browsers from displaying `audio` without controls.
 * Remove excess height in iOS 5 devices.
 */
 audio:not([controls]) {
  display: none;
  height: 0;
 }
 /**
 * Address `[hidden]` styling not present in IE 8/9/10.
 * Hide the `template` element in IE 8/9/10/11, Safari, and Firefox < 22.
 */
 [hidden],
 template {
  display: none;
 }
 /* Links
   ========================================================================== */
 /**
 * Remove the gray background color from active links in IE 10.
 */
 a {
  background-color: transparent;
 }
 /**
 * Improve readability of focused elements when they are also in an
 * active/hover state.
 */
 a:active,
 a:hover {
  outline: 0;
 }
 /* Text-level semantics
   ========================================================================== */
 /**
 * Address styling not present in IE 8/9/10/11, Safari, and Chrome.
 */
 abbr[title] {
  border-bottom: 1px dotted;
 }
 /**
 * Address style set to `bolder` in Firefox 4+, Safari, and Chrome.
 */
 b,
 strong {
  font-weight: bold;
 }
 /**
 * Address styling not present in Safari and Chrome.
 */
 dfn {
  font-style: italic;
 }
 /**
 * Address variable `h1` font-size and margin within `section` and `article`
 * contexts in Firefox 4+, Safari, and Chrome.
 */
 h1 {
  font-size: 2em;
  margin: 0.67em 0;
 }
 /**
 * Address styling not present in IE 8/9.
 */
 mark {
  background: #ff0;
  color: #000;
 }
 /**
 * Address inconsistent and variable font size in all browsers.
 */
 small {
  font-size: 80%;
 }
 /**
 * Prevent `sub` and `sup` affecting `line-height` in all browsers.
 */
 sub,
 sup {
  font-size: 75%;
  line-height: 0;
  position: relative;
  vertical-align: baseline;
 }
 sup {
  top: -0.5em;
 }
 sub {
  bottom: -0.25em;
 }
 /* Embedded content
   ========================================================================== */
 /**
 * Remove border when inside `a` element in IE 8/9/10.
 */
 img {
  border: 0;
 }
 /**
 * Correct overflow not hidden in IE 9/10/11.
 */
 svg:not(:root) {
  overflow: hidden;
 }
 /* Grouping content
   ========================================================================== */
 /**
 * Address margin not present in IE 8/9 and Safari.
 */
 figure {
  margin: 1em 40px;
 }
 /**
 * Address differences between Firefox and other browsers.
 */
 hr {
  box-sizing: content-box;
  height: 0;
 }
 /**
 * Contain overflow in all browsers.
 */
 pre {
  overflow: auto;
 }
 /**
 * Address odd `em`-unit font size rendering in all browsers.
 */
 code,
 kbd,
 pre,
 samp {
  font-family: monospace, monospace;
  font-size: 1em;
 }
 /* Forms
   ========================================================================== */
 /**
 * Known limitation: by default, Chrome and Safari on OS X allow very limited
 * styling of `select`, unless a `border` property is set.
 */
 /**
 * 1. Correct color not being inherited.
 *    Known issue: affects color of disabled elements.
 * 2. Correct font properties not being inherited.
 * 3. Address margins set differently in Firefox 4+, Safari, and Chrome.
 */
 button,
 input,
 optgroup,
 select,
 textarea {
  color: inherit; /* 1 */
  font: inherit; /* 2 */
  margin: 0; /* 3 */
 }
 /**
 * Address `overflow` set to `hidden` in IE 8/9/10/11.
 */
 button {
  overflow: visible;
 }
 /**
 * Address inconsistent `text-transform` inheritance for `button` and `select`.
 * All other form control elements do not inherit `text-transform` values.
 * Correct `button` style inheritance in Firefox, IE 8/9/10/11, and Opera.
 * Correct `select` style inheritance in Firefox.
 */
 button,
 select {
  text-transform: none;
 }
 /**
 * 1. Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio`
 *    and `video` controls.
 * 2. Correct inability to style clickable `input` types in iOS.
 * 3. Improve usability and consistency of cursor style between image-type
 *    `input` and others.
 */
 button,
 html input[type="button"], /* 1 */
 input[type="reset"],
 input[type="submit"] {
  -webkit-appearance: button; /* 2 */
  cursor: pointer; /* 3 */
 }
 /**
 * Re-set default cursor for disabled elements.
 */
 button[disabled],
 html input[disabled] {
  cursor: default;
 }
 /**
 * Remove inner padding and border in Firefox 4+.
 */
 button::-moz-focus-inner,
 input::-moz-focus-inner {
  border: 0;
  padding: 0;
 }
 /**
 * Address Firefox 4+ setting `line-height` on `input` using `!important` in
 * the UA stylesheet.
 */
 input {
  line-height: normal;
 }
 /**
 * It's recommended that you don't attempt to style these elements.
 * Firefox's implementation doesn't respect box-sizing, padding, or width.
 *
 * 1. Address box sizing set to `content-box` in IE 8/9/10.
 * 2. Remove excess padding in IE 8/9/10.
 */
 input[type="checkbox"],
 input[type="radio"] {
  box-sizing: border-box; /* 1 */
  padding: 0; /* 2 */
 }
 /**
 * Fix the cursor style for Chrome's increment/decrement buttons. For certain
 * `font-size` values of the `input`, it causes the cursor style of the
 * decrement button to change from `default` to `text`.
 */
 input[type="number"]::-webkit-inner-spin-button,
 input[type="number"]::-webkit-outer-spin-button {
  height: auto;
 }
 /**
 * 1. Address `appearance` set to `searchfield` in Safari and Chrome.
 * 2. Address `box-sizing` set to `border-box` in Safari and Chrome.
 */
 input[type="search"] {
  -webkit-appearance: textfield; /* 1 */
  box-sizing: content-box; /* 2 */
 }
 /**
 * Remove inner padding and search cancel button in Safari and Chrome on OS X.
 * Safari (but not Chrome) clips the cancel button when the search input has
 * padding (and `textfield` appearance).
 */
 input[type="search"]::-webkit-search-cancel-button,
 input[type="search"]::-webkit-search-decoration {
  -webkit-appearance: none;
 }
 /**
 * Define consistent border, margin, and padding.
 */
 fieldset {
  border: 1px solid #c0c0c0;
  margin: 0 2px;
  padding: 0.35em 0.625em 0.75em;
 }
 /**
 * 1. Correct `color` not being inherited in IE 8/9/10/11.
 * 2. Remove padding so people aren't caught out if they zero out fieldsets.
 */
 legend {
  border: 0; /* 1 */
  padding: 0; /* 2 */
 }
 /**
 * Remove default vertical scrollbar in IE 8/9/10/11.
 */
 textarea {
  overflow: auto;
 }
 /**
 * Don't inherit the `font-weight` (applied by a rule above).
 * NOTE: the default cannot safely be changed in Chrome and Safari on OS X.
 */
 optgroup {
  font-weight: bold;
 }
 /* Tables
   ========================================================================== */
 /**
 * Remove most spacing between table cells.
 */
 table {
  border-collapse: collapse;
  border-spacing: 0;
 }
 td,
 th {
  padding: 0;
 }
--- a/debops/yadm.yml
+++ b/debops/yadm.yml
@ -0,0 +1,39 @@
 ---
 - name: Configure yadm, Yet Another Dotfiles Manager
  collections: [ 'debops.debops', 'debops.roles01',
                 'debops.roles02', 'debops.roles03' ]
  hosts: [ 'debian10' ]
  become: True
  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'
  vars:
    yadm__enabled: True
    yadm__dotfiles_enabled: True
    yadm__upstream_enabled: True
    yadm__upstream_version: '2.5.0'
    # That be used in yadm.fact.j2 - python script for resolving ansible.local.yadm.dotfile git repo
    yadm__dotfiles_host: vcs.wpstudio.ru
    yadm__dotfiles_owner: gitea
    yadm__default_dotfiles:
      - name: 'gitea'
        git: 'https://vcs.wpstudio.ru/gitea/dotfiles.git'
  roles:
    - role: keyring
      tags: [ 'role::keyring', 'skip::keyring', 'role::yadm' ]
      keyring__dependent_gpg_keys:
        - '{{ yadm__keyring__dependent_gpg_keys }}'
    - role: apt_preferences
      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
      apt_preferences__dependent_list:
        - '{{ yadm__apt_preferences__dependent_list }}'
    - role: yadm
      tags: [ 'role::yadm', 'skip::yadm' ]
--- a/3
+++ b/3
@ -10,7 +10,8 @@
 #   - A hostname/ip can be a member of multiple groups
 [lxc_templates]
 debian10  ansible_host=debian10.dedic106-dhcp.dimti.ru  ansible_user=root
 #debian10  ansible_host=debian10.dedic106-dhcp.dimti.ru  ansible_user=root
 debian10  ansible_host='{{ lxc_host }}'
 [anygroup]
 server1     ansible_host=192.168.0.1
--- a/nginx-only.yml
+++ b/nginx-only.yml
@ -0,0 +1,12 @@
 ---
 - hosts: debian10
  roles:
    - release-changed
    - locales
 #- import_playbook: debops/tzdata.yml
 #- import_playbook: debops/pki.yml
 - import_playbook: debops/yadm.yml
 - import_playbook: debops/root_account.yml
 #- import_playbook: debops/sudo.yml
 #- import_playbook: debops/system_users.yml
 #- import_playbook: debops/nginx.yml
--- a/nginx-site.yml
+++ b/nginx-site.yml
@ -1,11 +1,13 @@
 ---
 - import_playbook: debops/tzdata.yml
 #- import_playbook: debops/pki.yml
 #- import_playbook: debops/mariadb.yml
 #- import_playbook: debops/php-prod.yml
 #- import_playbook: debops/nginx.yml
 #- import_playbook: debops/nodejs.yml
 #- import_playbook: debops/redis.yml
 - import_playbook: debops/pki.yml
 - import_playbook: debops/mariadb.yml
 - import_playbook: debops/php-prod.yml
 - import_playbook: debops/nginx.yml
 - import_playbook: debops/nodejs.yml
 - import_playbook: debops/redis.yml
 - import_playbook: debops/users.yml
 - import_playbook: debops/sudo.yml
 # Import all other group playbooks in this file...
--- a/ping.yml
+++ b/ping.yml
@ -0,0 +1,9 @@
 ---
 - hosts: debian10
  tasks:
    - name: whoami test
      shell: whoami
 # Associate further roles to servers in specific group in this file...
 ...
--- a/roles/locales/tasks/main.yml
+++ b/roles/locales/tasks/main.yml
@ -0,0 +1,8 @@
 ---
 - name: Setup EN & RU UTF-8 locales
  shell: |
    apt install -y locales && \
    sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
    sed -i 's/# ru_RU.UTF-8 UTF-8/ru_RU.UTF-8 UTF-8/' /etc/locale.gen && \
    locale-gen
--- a/roles/release-changed/tasks/main.yml
+++ b/roles/release-changed/tasks/main.yml
@ -0,0 +1,4 @@
 ---
 - name: Allow release info changed
  shell: apt --allow-releaseinfo-change update
--- a/run-playbook.sh
+++ b/run-playbook.sh
@ -0,0 +1,48 @@
 #!/bin/bash
 SERVER=$1
 LXC_HOST=$2
 PLAYBOOK=$3
 usage() {
    echo "Usage: run-playbook.sh server lxc_host playbook"
    echo "server - main proxmox server IP address and lxc_host that the name of lxc container"
    echo "lxc_host - name of lxc container"
    echo "playbook - playbook file"
 }
 if [[ -z "$SERVER" ]]; then
  echo "You must defined SERVER as first argument"
  usage
  exit 1
 fi
 if [[ -z "$LXC_HOST" ]]; then
  echo "You must defined LXC_HOST as second argument"
  usage
  exit 1
 fi
 if [[ -z "$PLAYBOOK" ]]; then
  echo "You must defined PLAYBOOK as third argument"
  usage
  exit 1
 fi
 if [[ ! -f "$PLAYBOOK" ]]; then
  echo "Playbook file is not exists: $PLAYBOOK"
  usage
  exit 1
 fi
 COMMAND=$(cat <<EOF
 ansible-playbook -e "lxc_host=$LXC_HOST" --ssh-common-args="-o ProxyCommand='ssh -W %h:%p root@$SERVER'" $PLAYBOOK
 EOF
 )
 printf 'Launch ansible playbook:\n%s\n' "$COMMAND"
 read -p "Are you sure?  " -n 1 -r
 echo    # (optional) move to a new line
 if [[ $REPLY =~ ^[Yy]$ ]]
 then
    /bin/bash -c "$COMMAND"
 fi
--- a/vars/.gitignore
+++ b/vars/.gitignore
@ -0,0 +1,2 @@
 *
 !*-example.yml
--- a/vars/databases-example.yml
+++ b/vars/databases-example.yml
@ -0,0 +1,7 @@
 mariadb__databases:
  - name: '{{ lxc_host }}'
 mariadb__users:
  - name: '{{ lxc_host }}'
    host: '%'
    database: '{{ lxc_host }}%'
--- a/vars/nginx-example.yml
+++ b/vars/nginx-example.yml
@ -0,0 +1 @@
 nginx_www_redirect: False
--- a/vars/sudo-example.yml
+++ b/vars/sudo-example.yml
@ -0,0 +1,4 @@
 sudo__sudoers:
  - name: '{{ lxc_host }}-nopasswd'
    raw: |
      {{ lxc_host }}  ALL=(ALL) NOPASSWD: ALL
--- a/vars/system_users-example.yml
+++ b/vars/system_users-example.yml
@ -0,0 +1,9 @@
 system_users__groups:
  - name: '{{ lxc_host }}'
    user: False
 system_users__accounts:
  - name: '{{ lxc_host }}'
    group: '{{ lxc_host }}'
    admin: True
    shell: '/bin/bash'
--- a/yadm.yml
+++ b/yadm.yml
@ -0,0 +1,8 @@
 ---
 - import_playbook: debops/yadm.yml
 - import_playbook: debops/users.yml
 - import_playbook: debops/sudo.yml
 # Import all other group playbooks in this file...
 ...