* conditional logic for nginx www redirect

+ use lxc_host & ssh proxying for resolve connection to inner lxc host in proxmox
+ bash helper for launch playbooks
+ nginx html default template
* create databases moved into own custom variables
+ new using debops roles: yadm (dotfiles), sudo, root_account, system_users

#861m7vaer Шаблон операционной системы на Debian 10

apache-site.yml

@@ -1,9 +1,12 @@
 ---
+- import_playbook: debops/tzdata.yml
 - import_playbook: debops/pki.yml
 - import_playbook: debops/mariadb_server.yml
 - import_playbook: debops/mariadb-custom-db.yml
 - import_playbook: debops/php-wp.yml
 - import_playbook: debops/apache.yml
+- import_playbook: debops/users.yml
+- import_playbook: debops/sudo.yml
 
 # Import all other group playbooks in this file...
 

debops/apache.yml

@@ -49,6 +49,7 @@
 #      name: '{{ apache__default_vhost_name }}'
 #      filename: '000-default'
 #      root: '/var/www/html'
+    apache__vhost_allow_override: 'All'
 
   pre_tasks:
 

debops/keyring.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Manage APT and GPG keyrings
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    keyring__enabled: True
+
+  roles:
+
+    - role: keyring
+      tags: [ 'role::keyring', 'skip::keyring' ]

debops/mariadb-custom-db.yml

@@ -10,17 +10,14 @@
                    | combine(inventory__group_environment | d({}))
                    | combine(inventory__host_environment  | d({})) }}'
 
+
   vars:
     mariadb__flavor: '{{ ansible_local.mariadb.flavor|d(mariadb__flavor_map[ansible_distribution_release] | d("mariadb")) }}'
     mariadb__upstream_version: '10.5'
-    mariadb__databases:
-      - name: 'intermetiz'
-      - name: 'intermetiz-products'
-    mariadb__users:
-      - name: 'intermetiz'
-        host: '%'
-        database: 'intermetiz%'
 
+  vars_files:
+    - ./../vars/databases.yml
+    -
   roles:
 
     - role: secret

debops/nginx.yml

@@ -10,6 +10,10 @@
                    | combine(inventory__group_environment | d({}))
                    | combine(inventory__host_environment  | d({})) }}'
 
+
+  vars_files:
+    - ./../vars/nginx.yml
+
   vars:
     nginx_acme: False
     nginx_http_extra_options: |
@@ -20,18 +24,15 @@
     nginx_ocsp: False
     nginx_worker_processes: auto
     nginx__servers:
-      - name: vam-teplee
+      - name: '{{ lxc_host }}'
 
         type: php
 
-        root: /var/www/vam-teplee
+        root: '/var/www/{{ lxc_host }}'
 
         public_dir_name: ''
 
-        include_files_begin:
-          - includes.d/www.conf
-          - includes.d/octobercms.conf
-          - includes.d/staticfiles.conf
+        include_files_begin: '{{ nginx_includes_begin }}'
 
         options: set $upstream unix:/run/php7.4-fpm-www-data.sock;
 
@@ -55,32 +56,54 @@
         php_location_path_info: ~ ^(?<script_name>/index\.php)(?<path_info>/.*)?
 
   pre_tasks:
+    - name: Set filtered includes
+      set_fact:
+        nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}"
+      when: item != omit
+      loop:
+          - "{{ (nginx_www_redirect | default(False)) | ternary('includes.d/www.conf', omit) }}"
+          - includes.d/octobercms.conf
+          - includes.d/staticfiles.conf
+
     - name: Copy OctoberCMS nginx conf includes and www redirect
       copy:
-        src: "{{item}}"
+        src: etc/nginx/includes.d
         dest: /etc/nginx/
         mode: 0644
-      loop:
-        - nginx/includes.d
+
+  post_tasks:
+    - name: Default index.html
+      template:
+        src: var/www/lxc_host/index.html.j2
+        dest: '/var/www/{{ lxc_host }}/index.html'
+        mode: 0644
+        owner: '{{ lxc_host }}'
+
+    - name: Copy normalized.css
+      template:
+        src: var/www/lxc_host/normalized.css
+        dest: '/var/www/{{ lxc_host }}/'
+        mode: 0644
+        owner: '{{ lxc_host }}'
 
   roles:
 
-    - role: keyring
-      tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
-      keyring__dependent_apt_keys:
-        - '{{ nginx__keyring__dependent_apt_keys }}'
-
-    - role: apt_preferences
-      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
-      apt_preferences__dependent_list:
-        - '{{ nginx__apt_preferences__dependent_list }}'
-
-    - role: python
-      tags: [ 'role::python', 'skip::python' ]
-      python__dependent_packages3:
-        - '{{ nginx__python__dependent_packages3 }}'
-      python__dependent_packages2:
-        - '{{ nginx__python__dependent_packages2 }}'
+#    - role: keyring
+#      tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
+#      keyring__dependent_apt_keys:
+#        - '{{ nginx__keyring__dependent_apt_keys }}'
+#
+#    - role: apt_preferences
+#      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
+#      apt_preferences__dependent_list:
+#        - '{{ nginx__apt_preferences__dependent_list }}'
+#
+#    - role: python
+#      tags: [ 'role::python', 'skip::python' ]
+#      python__dependent_packages3:
+#        - '{{ nginx__python__dependent_packages3 }}'
+#      python__dependent_packages2:
+#        - '{{ nginx__python__dependent_packages2 }}'
 
     - role: nginx
       tags: [ 'role::nginx', 'skip::nginx' ]

debops/root_account.yml

@@ -0,0 +1,20 @@
+---
+
+- name: Manage root system account
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    root_account__enabled: True
+#    root_account__dotfiles_enabled: True
+#    root_account__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git'
+
+  roles:
+    - role: root_account
+      tags: [ 'role::root_account', 'skip::root_account' ]

debops/sudo.yml

@@ -0,0 +1,30 @@
+---
+
+- name: Configure sudo service
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars_files:
+    - ./../vars/sudo.yml
+
+  roles:
+#    - role: python
+#      tags: [ 'role::python', 'skip::python', 'role::ldap' ]
+#      python__dependent_packages3:
+#        - '{{ ldap__python__dependent_packages3 }}'
+#      python__dependent_packages2:
+#        - '{{ ldap__python__dependent_packages2 }}'
+#
+#    - role: ldap
+#      tags: [ 'role::ldap', 'skip::ldap' ]
+#      ldap__dependent_tasks:
+#        - '{{ sudo__ldap__dependent_tasks }}'
+
+    - role: sudo
+      tags: [ 'role::sudo', 'skip::sudo' ]

debops/system_users.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Manage local users and groups
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    system_users__self: False
+    system_users__dotfiles_enabled: True
+    system_users__dotfiles_repo: 'https://vcs.wpstudio.ru/gitea/dotfiles.git'
+
+  vars_files:
+    - ./../vars/system_users.yml
+
+  roles:
+
+    - role: libuser
+      tags: [ 'role::libuser', 'skip::libuser' ]
+
+    - role: system_users
+      tags: [ 'role::system_users', 'skip::system_users' ]

debops/templates/var/www/lxc_host/index.html.j2

@@ -0,0 +1,76 @@
+{# Copyright (C) 2014-2017 Maciej Delmanowski <drybjed@drybjed.net>
+ # Copyright (C) 2015-2017 Robin Schneider <ypid@riseup.net>
+ # Copyright (C) 2014-2017 DebOps <https://debops.org/>
+ # SPDX-License-Identifier: GPL-3.0-only
+ #}
+<!DOCTYPE html>
+<html lang="en">
+{% set nginx_tpl_domain = item.welcome_domain | d(item.name if (item.name is string) else item.name[0] | d(ansible_domain)) %}
+{% if nginx_tpl_domain %}
+{%   set nginx_tpl_welcome_title = '<a href="' + item.welcome_url_scheme | d("https") + '://' + nginx_tpl_domain + '/">' + nginx_tpl_domain + '</a>' %}
+{% else %}
+{%   set nginx_tpl_welcome_title = '<a href="http://companyname.website/">CompanyName.website</a>' %}
+{% endif %}
+
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <meta name="referrer" content="no-referrer">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{{ nginx_tpl_domain | d("CompanyName.website") }}</title>
+{% if item.welcome_css | d(True) | bool %}
+    <link rel="stylesheet" type="text/css" media="screen" href="normalize.css">
+    <style type="text/css" media="screen">
+html {
+  font-size: 17px;
+  font-family: "Droid Sans Condensed", sans-serif;
+}
+
+@media (max-width: 900px) {
+  html { font-size: 15px; }
+}
+
+@media (max-width: 400px) {
+  html { font-size: 13px; }
+}
+
+#content {
+  margin: 0 auto;
+  width: 600px;
+  padding: 2rem;
+  text-align: center;
+}
+
+@media (max-width: 900px) {
+  #content {
+    width: 70%;
+    padding: 1.5rem;
+  }
+}
+
+h1 {
+  padding-bottom: 0.05em;
+  border-bottom: 2px solid #0092DF;
+}
+
+a {
+  text-decoration: none;
+  color: #0092DF;
+}
+    </style>
+{% endif %}
+  </head>
+
+  <body>
+    <div id="content">
+
+      <h2>{{ nginx_tpl_welcome_title }}</h2>
+
+{% if nginx_tpl_domain %}
+      <p id="http-status"><strong>{{ item.welcome_status_choices | d([ '200 OK', "418 I'm a teapot" ]) | random }}</strong></p>
+{% elif not nginx_tpl_domain %}
+      <p>If you're reading this, the web server was installed correctly.</p>
+{% endif %}
+
+    </div>
+  </body>
+</html>

debops/templates/var/www/lxc_host/normalize.css

@@ -0,0 +1,427 @@
+/*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */
+/* Copyright (C) 2015 Nicolas Gallagher <nicolasgallagher@gmail.com> */
+/* Copyright (C) 2015 Jonathan Neal <jonathantneal@hotmail.com> */
+/* SPDX-License-Identifier: MIT */
+
+/**
+ * 1. Set default font family to sans-serif.
+ * 2. Prevent iOS and IE text size adjust after device orientation change,
+ *    without disabling user zoom.
+ */
+
+html {
+  font-family: sans-serif; /* 1 */
+  -ms-text-size-adjust: 100%; /* 2 */
+  -webkit-text-size-adjust: 100%; /* 2 */
+}
+
+/**
+ * Remove default margin.
+ */
+
+body {
+  margin: 0;
+}
+
+/* HTML5 display definitions
+   ========================================================================== */
+
+/**
+ * Correct `block` display not defined for any HTML5 element in IE 8/9.
+ * Correct `block` display not defined for `details` or `summary` in IE 10/11
+ * and Firefox.
+ * Correct `block` display not defined for `main` in IE 11.
+ */
+
+article,
+aside,
+details,
+figcaption,
+figure,
+footer,
+header,
+hgroup,
+main,
+menu,
+nav,
+section,
+summary {
+  display: block;
+}
+
+/**
+ * 1. Correct `inline-block` display not defined in IE 8/9.
+ * 2. Normalize vertical alignment of `progress` in Chrome, Firefox, and Opera.
+ */
+
+audio,
+canvas,
+progress,
+video {
+  display: inline-block; /* 1 */
+  vertical-align: baseline; /* 2 */
+}
+
+/**
+ * Prevent modern browsers from displaying `audio` without controls.
+ * Remove excess height in iOS 5 devices.
+ */
+
+audio:not([controls]) {
+  display: none;
+  height: 0;
+}
+
+/**
+ * Address `[hidden]` styling not present in IE 8/9/10.
+ * Hide the `template` element in IE 8/9/10/11, Safari, and Firefox < 22.
+ */
+
+[hidden],
+template {
+  display: none;
+}
+
+/* Links
+   ========================================================================== */
+
+/**
+ * Remove the gray background color from active links in IE 10.
+ */
+
+a {
+  background-color: transparent;
+}
+
+/**
+ * Improve readability of focused elements when they are also in an
+ * active/hover state.
+ */
+
+a:active,
+a:hover {
+  outline: 0;
+}
+
+/* Text-level semantics
+   ========================================================================== */
+
+/**
+ * Address styling not present in IE 8/9/10/11, Safari, and Chrome.
+ */
+
+abbr[title] {
+  border-bottom: 1px dotted;
+}
+
+/**
+ * Address style set to `bolder` in Firefox 4+, Safari, and Chrome.
+ */
+
+b,
+strong {
+  font-weight: bold;
+}
+
+/**
+ * Address styling not present in Safari and Chrome.
+ */
+
+dfn {
+  font-style: italic;
+}
+
+/**
+ * Address variable `h1` font-size and margin within `section` and `article`
+ * contexts in Firefox 4+, Safari, and Chrome.
+ */
+
+h1 {
+  font-size: 2em;
+  margin: 0.67em 0;
+}
+
+/**
+ * Address styling not present in IE 8/9.
+ */
+
+mark {
+  background: #ff0;
+  color: #000;
+}
+
+/**
+ * Address inconsistent and variable font size in all browsers.
+ */
+
+small {
+  font-size: 80%;
+}
+
+/**
+ * Prevent `sub` and `sup` affecting `line-height` in all browsers.
+ */
+
+sub,
+sup {
+  font-size: 75%;
+  line-height: 0;
+  position: relative;
+  vertical-align: baseline;
+}
+
+sup {
+  top: -0.5em;
+}
+
+sub {
+  bottom: -0.25em;
+}
+
+/* Embedded content
+   ========================================================================== */
+
+/**
+ * Remove border when inside `a` element in IE 8/9/10.
+ */
+
+img {
+  border: 0;
+}
+
+/**
+ * Correct overflow not hidden in IE 9/10/11.
+ */
+
+svg:not(:root) {
+  overflow: hidden;
+}
+
+/* Grouping content
+   ========================================================================== */
+
+/**
+ * Address margin not present in IE 8/9 and Safari.
+ */
+
+figure {
+  margin: 1em 40px;
+}
+
+/**
+ * Address differences between Firefox and other browsers.
+ */
+
+hr {
+  box-sizing: content-box;
+  height: 0;
+}
+
+/**
+ * Contain overflow in all browsers.
+ */
+
+pre {
+  overflow: auto;
+}
+
+/**
+ * Address odd `em`-unit font size rendering in all browsers.
+ */
+
+code,
+kbd,
+pre,
+samp {
+  font-family: monospace, monospace;
+  font-size: 1em;
+}
+
+/* Forms
+   ========================================================================== */
+
+/**
+ * Known limitation: by default, Chrome and Safari on OS X allow very limited
+ * styling of `select`, unless a `border` property is set.
+ */
+
+/**
+ * 1. Correct color not being inherited.
+ *    Known issue: affects color of disabled elements.
+ * 2. Correct font properties not being inherited.
+ * 3. Address margins set differently in Firefox 4+, Safari, and Chrome.
+ */
+
+button,
+input,
+optgroup,
+select,
+textarea {
+  color: inherit; /* 1 */
+  font: inherit; /* 2 */
+  margin: 0; /* 3 */
+}
+
+/**
+ * Address `overflow` set to `hidden` in IE 8/9/10/11.
+ */
+
+button {
+  overflow: visible;
+}
+
+/**
+ * Address inconsistent `text-transform` inheritance for `button` and `select`.
+ * All other form control elements do not inherit `text-transform` values.
+ * Correct `button` style inheritance in Firefox, IE 8/9/10/11, and Opera.
+ * Correct `select` style inheritance in Firefox.
+ */
+
+button,
+select {
+  text-transform: none;
+}
+
+/**
+ * 1. Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio`
+ *    and `video` controls.
+ * 2. Correct inability to style clickable `input` types in iOS.
+ * 3. Improve usability and consistency of cursor style between image-type
+ *    `input` and others.
+ */
+
+button,
+html input[type="button"], /* 1 */
+input[type="reset"],
+input[type="submit"] {
+  -webkit-appearance: button; /* 2 */
+  cursor: pointer; /* 3 */
+}
+
+/**
+ * Re-set default cursor for disabled elements.
+ */
+
+button[disabled],
+html input[disabled] {
+  cursor: default;
+}
+
+/**
+ * Remove inner padding and border in Firefox 4+.
+ */
+
+button::-moz-focus-inner,
+input::-moz-focus-inner {
+  border: 0;
+  padding: 0;
+}
+
+/**
+ * Address Firefox 4+ setting `line-height` on `input` using `!important` in
+ * the UA stylesheet.
+ */
+
+input {
+  line-height: normal;
+}
+
+/**
+ * It's recommended that you don't attempt to style these elements.
+ * Firefox's implementation doesn't respect box-sizing, padding, or width.
+ *
+ * 1. Address box sizing set to `content-box` in IE 8/9/10.
+ * 2. Remove excess padding in IE 8/9/10.
+ */
+
+input[type="checkbox"],
+input[type="radio"] {
+  box-sizing: border-box; /* 1 */
+  padding: 0; /* 2 */
+}
+
+/**
+ * Fix the cursor style for Chrome's increment/decrement buttons. For certain
+ * `font-size` values of the `input`, it causes the cursor style of the
+ * decrement button to change from `default` to `text`.
+ */
+
+input[type="number"]::-webkit-inner-spin-button,
+input[type="number"]::-webkit-outer-spin-button {
+  height: auto;
+}
+
+/**
+ * 1. Address `appearance` set to `searchfield` in Safari and Chrome.
+ * 2. Address `box-sizing` set to `border-box` in Safari and Chrome.
+ */
+
+input[type="search"] {
+  -webkit-appearance: textfield; /* 1 */
+  box-sizing: content-box; /* 2 */
+}
+
+/**
+ * Remove inner padding and search cancel button in Safari and Chrome on OS X.
+ * Safari (but not Chrome) clips the cancel button when the search input has
+ * padding (and `textfield` appearance).
+ */
+
+input[type="search"]::-webkit-search-cancel-button,
+input[type="search"]::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+/**
+ * Define consistent border, margin, and padding.
+ */
+
+fieldset {
+  border: 1px solid #c0c0c0;
+  margin: 0 2px;
+  padding: 0.35em 0.625em 0.75em;
+}
+
+/**
+ * 1. Correct `color` not being inherited in IE 8/9/10/11.
+ * 2. Remove padding so people aren't caught out if they zero out fieldsets.
+ */
+
+legend {
+  border: 0; /* 1 */
+  padding: 0; /* 2 */
+}
+
+/**
+ * Remove default vertical scrollbar in IE 8/9/10/11.
+ */
+
+textarea {
+  overflow: auto;
+}
+
+/**
+ * Don't inherit the `font-weight` (applied by a rule above).
+ * NOTE: the default cannot safely be changed in Chrome and Safari on OS X.
+ */
+
+optgroup {
+  font-weight: bold;
+}
+
+/* Tables
+   ========================================================================== */
+
+/**
+ * Remove most spacing between table cells.
+ */
+
+table {
+  border-collapse: collapse;
+  border-spacing: 0;
+}
+
+td,
+th {
+  padding: 0;
+}

debops/yadm.yml

@@ -0,0 +1,39 @@
+---
+
+- name: Configure yadm, Yet Another Dotfiles Manager
+  collections: [ 'debops.debops', 'debops.roles01',
+                 'debops.roles02', 'debops.roles03' ]
+  hosts: [ 'debian10' ]
+  become: True
+
+  environment: '{{ inventory__environment | d({})
+                   | combine(inventory__group_environment | d({}))
+                   | combine(inventory__host_environment  | d({})) }}'
+
+  vars:
+    yadm__enabled: True
+    yadm__dotfiles_enabled: True
+
+    yadm__upstream_enabled: True
+    yadm__upstream_version: '2.5.0'
+
+    # That be used in yadm.fact.j2 - python script for resolving ansible.local.yadm.dotfile git repo
+    yadm__dotfiles_host: vcs.wpstudio.ru
+    yadm__dotfiles_owner: gitea
+    yadm__default_dotfiles:
+      - name: 'gitea'
+        git: 'https://vcs.wpstudio.ru/gitea/dotfiles.git'
+
+  roles:
+    - role: keyring
+      tags: [ 'role::keyring', 'skip::keyring', 'role::yadm' ]
+      keyring__dependent_gpg_keys:
+        - '{{ yadm__keyring__dependent_gpg_keys }}'
+
+    - role: apt_preferences
+      tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
+      apt_preferences__dependent_list:
+        - '{{ yadm__apt_preferences__dependent_list }}'
+
+    - role: yadm
+      tags: [ 'role::yadm', 'skip::yadm' ]

hosts

@@ -10,7 +10,8 @@
 #   - A hostname/ip can be a member of multiple groups
 
 [lxc_templates]
-debian10  ansible_host=debian10.dedic106-dhcp.dimti.ru  ansible_user=root
+#debian10  ansible_host=debian10.dedic106-dhcp.dimti.ru  ansible_user=root
+debian10  ansible_host='{{ lxc_host }}'
 
 [anygroup]
 server1     ansible_host=192.168.0.1

nginx-only.yml

@@ -0,0 +1,12 @@
+---
+- hosts: debian10
+  roles:
+    - release-changed
+    - locales
+#- import_playbook: debops/tzdata.yml
+#- import_playbook: debops/pki.yml
+- import_playbook: debops/yadm.yml
+- import_playbook: debops/root_account.yml
+#- import_playbook: debops/sudo.yml
+#- import_playbook: debops/system_users.yml
+#- import_playbook: debops/nginx.yml

nginx-site.yml

@@ -1,11 +1,13 @@
 ---
 - import_playbook: debops/tzdata.yml
-#- import_playbook: debops/pki.yml
-#- import_playbook: debops/mariadb.yml
-#- import_playbook: debops/php-prod.yml
-#- import_playbook: debops/nginx.yml
-#- import_playbook: debops/nodejs.yml
-#- import_playbook: debops/redis.yml
+- import_playbook: debops/pki.yml
+- import_playbook: debops/mariadb.yml
+- import_playbook: debops/php-prod.yml
+- import_playbook: debops/nginx.yml
+- import_playbook: debops/nodejs.yml
+- import_playbook: debops/redis.yml
+- import_playbook: debops/users.yml
+- import_playbook: debops/sudo.yml
 
 # Import all other group playbooks in this file...
 

ping.yml

@@ -0,0 +1,9 @@
+---
+- hosts: debian10
+  tasks:
+    - name: whoami test
+      shell: whoami
+
+# Associate further roles to servers in specific group in this file...
+
+...

roles/locales/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Setup EN & RU UTF-8 locales
+  shell: |
+    apt install -y locales && \
+    sed -i 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
+    sed -i 's/# ru_RU.UTF-8 UTF-8/ru_RU.UTF-8 UTF-8/' /etc/locale.gen && \
+    locale-gen

roles/release-changed/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: Allow release info changed
+  shell: apt --allow-releaseinfo-change update

run-playbook.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+SERVER=$1
+LXC_HOST=$2
+PLAYBOOK=$3
+
+usage() {
+    echo "Usage: run-playbook.sh server lxc_host playbook"
+    echo "server - main proxmox server IP address and lxc_host that the name of lxc container"
+    echo "lxc_host - name of lxc container"
+    echo "playbook - playbook file"
+}
+
+if [[ -z "$SERVER" ]]; then
+  echo "You must defined SERVER as first argument"
+  usage
+  exit 1
+fi
+
+if [[ -z "$LXC_HOST" ]]; then
+  echo "You must defined LXC_HOST as second argument"
+  usage
+  exit 1
+fi
+
+if [[ -z "$PLAYBOOK" ]]; then
+  echo "You must defined PLAYBOOK as third argument"
+  usage
+  exit 1
+fi
+
+if [[ ! -f "$PLAYBOOK" ]]; then
+  echo "Playbook file is not exists: $PLAYBOOK"
+  usage
+  exit 1
+fi
+
+COMMAND=$(cat <<EOF
+ansible-playbook -e "lxc_host=$LXC_HOST" --ssh-common-args="-o ProxyCommand='ssh -W %h:%p root@$SERVER'" $PLAYBOOK
+EOF
+)
+
+printf 'Launch ansible playbook:\n%s\n' "$COMMAND"
+read -p "Are you sure?  " -n 1 -r
+echo    # (optional) move to a new line
+if [[ $REPLY =~ ^[Yy]$ ]]
+then
+    /bin/bash -c "$COMMAND"
+fi

vars/.gitignore

@@ -0,0 +1,2 @@
+*
+!*-example.yml

vars/databases-example.yml

@@ -0,0 +1,7 @@
+mariadb__databases:
+  - name: '{{ lxc_host }}'
+
+mariadb__users:
+  - name: '{{ lxc_host }}'
+    host: '%'
+    database: '{{ lxc_host }}%'

vars/nginx-example.yml

@@ -0,0 +1 @@
+nginx_www_redirect: False

vars/sudo-example.yml

@@ -0,0 +1,4 @@
+sudo__sudoers:
+  - name: '{{ lxc_host }}-nopasswd'
+    raw: |
+      {{ lxc_host }}  ALL=(ALL) NOPASSWD: ALL

vars/system_users-example.yml

@@ -0,0 +1,9 @@
+system_users__groups:
+  - name: '{{ lxc_host }}'
+    user: False
+
+system_users__accounts:
+  - name: '{{ lxc_host }}'
+    group: '{{ lxc_host }}'
+    admin: True
+    shell: '/bin/bash'

yadm.yml

@@ -0,0 +1,8 @@
+---
+- import_playbook: debops/yadm.yml
+- import_playbook: debops/users.yml
+- import_playbook: debops/sudo.yml
+
+# Import all other group playbooks in this file...
+
+...