mirror of https://github.com/trailofbits/algo
chore: more fix ansible-lint 6.17.2
parent
0fa40513cd
commit
d9fe5e8561
@ -1,3 +1,5 @@
|
||||
---
|
||||
- name: restart strongswan
|
||||
service: name={{ strongswan_service }} state=restarted
|
||||
- name: Restart strongswan
|
||||
ansible.builtin.service:
|
||||
name: "{{ strongswan_service }}"
|
||||
state: restarted
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Set OS specific facts
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
prerequisites:
|
||||
- epel-release
|
||||
configs_prefix: /etc/strongswan
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Set OS specific facts
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
prerequisites:
|
||||
- libstrongswan-standard-plugins
|
||||
configs_prefix: /etc
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Set OS specific facts
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
prerequisites:
|
||||
- libselinux-python
|
||||
configs_prefix: /etc/strongswan
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Set OS specific facts
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
prerequisites:
|
||||
- libstrongswan-standard-plugins
|
||||
configs_prefix: /etc
|
||||
|
@ -1,12 +1,16 @@
|
||||
---
|
||||
- include_tasks: Debian.yml
|
||||
- name: Include Debian
|
||||
ansible.builtin.include_tasks: Debian.yml
|
||||
when: ansible_distribution == 'Debian'
|
||||
|
||||
- include_tasks: Ubuntu.yml
|
||||
- name: Include Ubuntu
|
||||
ansible.builtin.include_tasks: Ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- include_tasks: CentOS.yml
|
||||
- name: Include CentOS
|
||||
ansible.builtin.include_tasks: CentOS.yml
|
||||
when: ansible_distribution == 'CentOS'
|
||||
|
||||
- include_tasks: Fedora.yml
|
||||
- name: Include Fedora
|
||||
ansible.builtin.include_tasks: Fedora.yml
|
||||
when: ansible_distribution == 'Fedora'
|
||||
|
@ -1,20 +1,20 @@
|
||||
---
|
||||
- name: Define facts
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
p12_export_password: "{{ p12_password|default(lookup('password', '/dev/null length=9 chars=ascii_letters,digits,_,@')) }}"
|
||||
tags: update-users
|
||||
|
||||
- name: Set facts
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
CA_password: "{{ ca_password|default(lookup('password', '/dev/null length=16 chars=ascii_letters,digits,_,@')) }}"
|
||||
IP_subject_alt_name: "{{ IP_subject_alt_name }}"
|
||||
|
||||
- name: Set IPv6 support as a fact
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
ipv6_support: "{% if ansible_default_ipv6['gateway'] is defined %}true{% else %}false{% endif %}"
|
||||
tags: always
|
||||
|
||||
- name: Check size of MTU
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
reduce_mtu: "{{ 1500 - ansible_default_ipv4['mtu']|int if reduce_mtu|int == 0 and ansible_default_ipv4['mtu']|int < 1500 else reduce_mtu|int }}"
|
||||
tags: always
|
||||
|
@ -1,30 +1,35 @@
|
||||
---
|
||||
- name: Check the system
|
||||
raw: uname -a
|
||||
ansible.builtin.raw: uname -a
|
||||
register: OS
|
||||
changed_when: false
|
||||
tags:
|
||||
- update-users
|
||||
|
||||
- fail:
|
||||
- name: Fail
|
||||
ansible.builtin.fail:
|
||||
when: cloud_test|default(false)|bool
|
||||
|
||||
- include_tasks: ubuntu.yml
|
||||
- name: Include ubuntu
|
||||
ansible.builtin.include_tasks: ubuntu.yml
|
||||
when: '"Ubuntu" in OS.stdout or "Linux" in OS.stdout'
|
||||
tags:
|
||||
- update-users
|
||||
|
||||
- include_tasks: freebsd.yml
|
||||
- name: Include freebsd
|
||||
ansible.builtin.include_tasks: freebsd.yml
|
||||
when: '"FreeBSD" in OS.stdout'
|
||||
tags:
|
||||
- update-users
|
||||
|
||||
- name: Sysctl tuning
|
||||
sysctl: name="{{ item.item }}" value="{{ item.value }}"
|
||||
ansible.posix.sysctl:
|
||||
name: "{{ item.item }}"
|
||||
value: "{{ item.value }}"
|
||||
when: item.item
|
||||
with_items:
|
||||
- "{{ sysctl|default([]) }}"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- meta: flush_handlers
|
||||
- ansible.builtin.meta: flush_handlers
|
||||
|
@ -1,21 +1,21 @@
|
||||
---
|
||||
- name: Install unattended-upgrades
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: unattended-upgrades
|
||||
state: present
|
||||
|
||||
- name: Configure unattended-upgrades
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 50unattended-upgrades.j2
|
||||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
|
||||
- name: Periodic upgrades configured
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 10periodic.j2
|
||||
dest: /etc/apt/apt.conf.d/10periodic
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
mode: "0644"
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
- name: Linux | set OS specific facts
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
tmpfs_volume_name: AlgoVPN-{{ IP_subject_alt_name }}
|
||||
tmpfs_volume_path: /dev/shm
|
||||
|
@ -1,17 +1,17 @@
|
||||
---
|
||||
- name: Include tasks for MacOS
|
||||
import_tasks: macos.yml
|
||||
ansible.builtin.import_tasks: macos.yml
|
||||
when: ansible_system == "Darwin"
|
||||
|
||||
- name: Include tasks for Linux
|
||||
import_tasks: linux.yml
|
||||
ansible.builtin.import_tasks: linux.yml
|
||||
when: ansible_system == "Linux"
|
||||
|
||||
- name: Set config paths as facts
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
ipsec_pki_path: /{{ tmpfs_volume_path }}/{{ tmpfs_volume_name }}/IPsec/
|
||||
|
||||
- name: Update config paths
|
||||
add_host:
|
||||
ansible.builtin.add_host:
|
||||
name: "{{ 'localhost' if cloud_instance_ip == 'localhost' else cloud_instance_ip }}"
|
||||
ipsec_pki_path: "{{ ipsec_pki_path }}"
|
||||
|
Loading…
Reference in New Issue