From: Matt Birkholz Date: Thu, 18 Sep 2025 19:49:42 +0000 (-0600) Subject: Configure a new Core without starting services. X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=f1a8ba0a6fc5e82627e7557b818beaa317437d4b;p=Institute Configure a new Core without starting services. Tasks that actually start services are tagged with ~actualizer~. Thus ~ansible-playbook~ can be given the ~--skip-tags actualizer~ command line option to configure a new Core without actually setting the static IP address, domain name, etc. nor starting any services. The intention is to work through any problems configuring core services on new hardware running, probably, a new OS version /without/ disturbing actual Core services. This required splitting many Enable/Start tasks in two: the latter tagged as the "actualizer". --- diff --git a/README.org b/README.org index c682817..f74d242 100644 --- a/README.org +++ b/README.org @@ -1203,19 +1203,31 @@ follows these recommendations (and /not/ the suggestion to enable - ansible_distribution == 'Debian' - 11 < ansible_distribution_major_version|int -- name: Enable/Start systemd-networkd. +- name: Start systemd-networkd. + become: yes + systemd: + service: systemd-networkd + state: started + tags: actualizer + +- name: Enable systemd-networkd. become: yes systemd: service: systemd-networkd enabled: yes + +- name: Start systemd-resolved. + become: yes + systemd: + service: systemd-resolved state: started + tags: actualizer -- name: Enable/Start systemd-resolved. +- name: Enable systemd-resolved. become: yes systemd: service: systemd-resolved enabled: yes - state: started - name: Link /etc/resolv.conf. become: yes @@ -1315,15 +1327,12 @@ delivery. loop: - /etc/hostname - /etc/mailname - notify: Update hostname. -#+END_SRC -#+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]] -#+BEGIN_SRC conf :tangle roles_t/front/handlers/main.yml :mkdirp yes ---- - name: Update hostname. become: yes command: hostname -F /etc/hostname + when: domain_name != ansible_hostname + tags: actualizer #+END_SRC ** Add Administrator to System Groups @@ -1376,6 +1385,7 @@ those stored in [[file:Secret/ssh_front/etc/ssh/][=Secret/ssh_front/etc/ssh/=]] systemd: service: ssh state: reloaded + tags: actualizer #+END_SRC ** Configure Monkey @@ -1623,12 +1633,18 @@ start and enable the service. dest: /etc/postfix/header_checks.cf notify: Postmap header checks. -- name: Enable/Start Postfix. +- name: Start Postfix. become: yes systemd: service: postfix - enabled: yes state: started + tags: actualizer + +- name: Enable Postfix. + become: yes + systemd: + service: postfix + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]] @@ -1639,6 +1655,7 @@ start and enable the service. systemd: service: postfix state: restarted + tags: actualizer - name: Postmap header checks. become: yes @@ -1684,6 +1701,7 @@ created by a more specialized role. - name: New aliases. become: yes command: newaliases + tags: actualizer #+END_SRC ** Configure Dovecot IMAPd @@ -1726,12 +1744,18 @@ and enables it to start at every reboot. dest: /etc/dovecot/local.conf notify: Restart Dovecot. -- name: Enable/Start Dovecot. +- name: Start Dovecot. become: yes systemd: service: dovecot - enabled: yes state: started + tags: actualizer + +- name: Enable Dovecot. + become: yes + systemd: + service: dovecot + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]] @@ -1742,6 +1766,7 @@ and enables it to start at every reboot. systemd: service: dovecot state: restarted + tags: actualizer #+END_SRC ** Configure Apache2 <> @@ -1928,12 +1953,18 @@ e.g. =/etc/apache2/sites-available/small.example.org.conf= and runs creates: /etc/apache2/sites-enabled/{{ domain_name }}.conf notify: Restart Apache2. -- name: Enable/Start Apache2. +- name: Start Apache2. become: yes systemd: service: apache2 - enabled: yes state: started + tags: actualizer + +- name: Enable Apache2. + become: yes + systemd: + service: apache2 + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]] @@ -1944,6 +1975,7 @@ e.g. =/etc/apache2/sites-available/small.example.org.conf= and runs systemd: service: apache2 state: restarted + tags: actualizer #+END_SRC Furthermore, the default web site and its HTTPS version is disabled so @@ -2090,12 +2122,18 @@ The following tasks install WireGuard™, configure it with group: root notify: Restart WireGuard™. -- name: Enable/Start WireGuard™ on boot. +- name: Start WireGuard™. become: yes systemd: service: wg-quick@wg0 - enabled: yes state: started + tags: actualizer + +- name: Enable WireGuard™. + become: yes + systemd: + service: wg-quick@wg0 + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]] @@ -2106,6 +2144,7 @@ The following tasks install WireGuard™, configure it with systemd: service: wg-quick@wg0 state: restarted + tags: actualizer #+END_SRC ** Configure Kamailio @@ -2178,6 +2217,7 @@ not be started before the ~wg0~ device has appeared. become: yes systemd: daemon-reload: yes + tags: actualizer #+END_SRC Finally, Kamailio can be configured and started. @@ -2193,12 +2233,18 @@ Finally, Kamailio can be configured and started. dest: /etc/kamailio/kamailio-local.cfg notify: Restart Kamailio. -- name: Enable/Start Kamailio. +- name: Start Kamailio. become: yes systemd: service: kamailio - enabled: yes state: started + tags: actualizer + +- name: Enable Kamailio. + become: yes + systemd: + service: kamailio + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]] @@ -2209,6 +2255,7 @@ Finally, Kamailio can be configured and started. systemd: service: kamailio state: restarted + tags: actualizer #+END_SRC @@ -2258,15 +2305,12 @@ proper email delivery. loop: - { name: "core.{{ domain_priv }}", file: /etc/mailname } - { name: "{{ inventory_hostname }}", file: /etc/hostname } - notify: Update hostname. -#+END_SRC -#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]] -#+BEGIN_SRC conf :tangle roles_t/core/handlers/main.yml :mkdirp yes ---- - name: Update hostname. become: yes command: hostname -F /etc/hostname + when: inventory_hostname != ansible_hostname + tags: actualizer #+END_SRC ** Configure Systemd Resolved @@ -2302,12 +2346,14 @@ list, and to disable its cache and stub listener. become: yes systemd: daemon-reload: yes + tags: actualizer - name: Restart Systemd resolved. become: yes systemd: service: systemd-resolved state: restarted + tags: actualizer #+END_SRC ** Configure Netplan @@ -2360,6 +2406,7 @@ core_ethernet: enp0s3 - name: Apply netplan. become: yes command: netplan apply + tags: actualizer #+END_SRC ** Configure DHCP For the Private Ethernet @@ -2436,12 +2483,18 @@ the real [[file:private/core-dhcpd.conf][=private/core-dhcpd.conf=]] (/not/ the dest: /etc/dhcp/dhcpd.conf notify: Restart DHCP server. -- name: Enable/Start DHCP server. +- name: Start DHCP server. become: yes systemd: service: isc-dhcp-server - enabled: yes state: started + tags: actualizer + +- name: Enable DHCP server. + become: yes + systemd: + service: isc-dhcp-server + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]] @@ -2452,6 +2505,7 @@ the real [[file:private/core-dhcpd.conf][=private/core-dhcpd.conf=]] (/not/ the systemd: service: isc-dhcp-server state: restarted + tags: actualizer #+END_SRC ** Configure BIND9 @@ -2493,12 +2547,18 @@ The following tasks install and configure BIND9 on Core. loop: [ domain, private, public_vpn, campus_vpn ] notify: Reload BIND9. -- name: Enable/Start BIND9. +- name: Start BIND9. become: yes systemd: service: bind9 - enabled: yes state: started + tags: actualizer + +- name: Enable BIND9. + become: yes + systemd: + service: bind9 + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]] @@ -2509,6 +2569,7 @@ The following tasks install and configure BIND9 on Core. systemd: service: bind9 state: reloaded + tags: actualizer #+END_SRC Examples of the necessary zone files, for the "Install BIND9 @@ -2943,12 +3004,18 @@ enable the service. Whenever =/etc/postfix/transport= is changed, the dest: /etc/postfix/transport notify: Postmap transport. -- name: Enable/Start Postfix. +- name: Start Postfix. become: yes systemd: service: postfix - enabled: yes state: started + tags: actualizer + +- name: Enable Postfix. + become: yes + systemd: + service: postfix + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]] @@ -2959,6 +3026,7 @@ enable the service. Whenever =/etc/postfix/transport= is changed, the systemd: service: postfix state: restarted + tags: actualizer - name: Postmap transport. become: yes @@ -3000,6 +3068,7 @@ installed by more specialized roles. - name: New aliases. become: yes command: newaliases + tags: actualizer #+END_SRC ** Configure Dovecot IMAPd @@ -3041,12 +3110,18 @@ and enables it to start at every reboot. dest: /etc/dovecot/local.conf notify: Restart Dovecot. -- name: Enable/Start Dovecot. +- name: Start Dovecot. become: yes systemd: service: dovecot - enabled: yes state: started + tags: actualizer + +- name: Enable Dovecot. + become: yes + systemd: + service: dovecot + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]] @@ -3057,6 +3132,7 @@ and enables it to start at every reboot. systemd: service: dovecot state: restarted + tags: actualizer #+END_SRC ** Configure Fetchmail @@ -3160,7 +3236,7 @@ provided the Core service. when: - members[item].status == 'current' - members[item].password_fetchmail is defined - tags: accounts + tags: accounts, actualizer #+END_SRC Finally, any former member's Fetchmail service on Core should be @@ -3393,12 +3469,18 @@ The ~a2ensite~ command enables them. loop: [ live, test, www, default-ssl ] notify: Restart Apache2. -- name: Enable/Start Apache2. +- name: Start Apache2. become: yes systemd: service: apache2 - enabled: yes state: started + tags: actualizer + +- name: Enable Apache2. + become: yes + systemd: + service: apache2 + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]] @@ -3409,6 +3491,7 @@ The ~a2ensite~ command enables them. systemd: service: apache2 state: restarted + tags: actualizer #+END_SRC ** Configure Website Updates @@ -3503,12 +3586,18 @@ The following tasks install WireGuard™, configure it with group: root notify: Restart WireGuard™. -- name: Enable/Start WireGuard™ on boot. +- name: Start WireGuard™. become: yes systemd: service: wg-quick@wg0 - enabled: yes state: started + tags: actualizer + +- name: Enable WireGuard™. + become: yes + systemd: + service: wg-quick@wg0 + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]] @@ -3519,6 +3608,7 @@ The following tasks install WireGuard™, configure it with systemd: service: wg-quick@wg0 state: restarted + tags: actualizer #+END_SRC ** Configure NAGIOS @@ -3581,12 +3671,18 @@ Core and Campus (and thus Gate) machines. dest: /etc/nagios4/conf.d/institute.cfg notify: Reload NAGIOS4. -- name: Enable/Start NAGIOS4. +- name: Start NAGIOS4. become: yes systemd: service: nagios4 - enabled: yes state: started + tags: actualizer + +- name: Enable NAGIOS4. + become: yes + systemd: + service: nagios4 + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]] @@ -3597,6 +3693,7 @@ Core and Campus (and thus Gate) machines. systemd: service: nagios4 state: reloaded + tags: actualizer #+END_SRC *** Configure NAGIOS Monitors for Core @@ -4601,6 +4698,7 @@ new network plan. - name: Apply netplan. become: yes command: netplan apply + tags: actualizer #+END_SRC Note that the =60-isp.yaml= file is only updated (created) if it does @@ -4820,12 +4918,18 @@ addresses (or perhaps finding no ~wild~ interface at all?). dest: /etc/systemd/system/isc-dhcp-server.service.d/depend.conf notify: Reload Systemd. -- name: Enable/Start DHCP server. +- name: Start DHCP server. become: yes systemd: service: isc-dhcp-server - enabled: yes state: started + tags: actualizer + +- name: Enable DHCP server. + become: yes + systemd: + service: isc-dhcp-server + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/gate/handlers/main.yml][=roles_t/gate/handlers/main.yml=]] @@ -4836,11 +4940,13 @@ addresses (or perhaps finding no ~wild~ interface at all?). systemd: service: isc-dhcp-server state: restarted + tags: actualizer - name: Reload Systemd. become: yes systemd: daemon-reload: yes + tags: actualizer #+END_SRC If Gate is configured with ~./abbey config gate~ and then connected to @@ -4952,12 +5058,18 @@ The following tasks install WireGuard™, configure it with group: root notify: Restart WireGuard™. -- name: Enable/Start WireGuard™ on boot. +- name: Start WireGuard™. become: yes systemd: service: wg-quick@wg0 - enabled: yes state: started + tags: actualizer + +- name: Enable WireGuard™. + become: yes + systemd: + service: wg-quick@wg0 + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/gate/handlers/main.yml][=roles_t/gate/handlers/main.yml=]] @@ -4968,6 +5080,7 @@ The following tasks install WireGuard™, configure it with systemd: service: wg-quick@wg0 state: restarted + tags: actualizer #+END_SRC @@ -5018,6 +5131,7 @@ Clients should be using the expected host name. become: yes command: hostname -F /etc/hostname when: inventory_hostname != ansible_hostname + tags: actualizer #+END_SRC ** Configure Systemd Timesyncd @@ -5045,6 +5159,7 @@ and file timestamps. systemd: service: systemd-timesyncd state: restarted + tags: actualizer #+END_SRC ** Add Administrator to System Groups @@ -5114,12 +5229,18 @@ tasks below. - { p: inet_interfaces, v: loopback-only } notify: Restart Postfix. -- name: Enable/Start Postfix. +- name: Start Postfix. become: yes systemd: service: postfix - enabled: yes state: started + tags: actualizer + +- name: Enable Postfix. + become: yes + systemd: + service: postfix + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]] @@ -5130,6 +5251,7 @@ tasks below. systemd: service: postfix state: restarted + tags: actualizer #+END_SRC ** Set Domain Name @@ -5189,12 +5311,18 @@ Role]]. dest: /etc/nagios/nrpe.d/institute.cfg notify: Reload NRPE server. -- name: Enable/Start NRPE server. +- name: Start NRPE server. become: yes systemd: service: nagios-nrpe-server - enabled: yes state: started + tags: actualizer + +- name: Enable NRPE server. + become: yes + systemd: + service: nagios-nrpe-server + enabled: yes #+END_SRC #+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]] @@ -5205,6 +5333,7 @@ Role]]. systemd: service: nagios-nrpe-server state: reloaded + tags: actualizer #+END_SRC diff --git a/roles_t/all/tasks/main.yml b/roles_t/all/tasks/main.yml index a3871b3..be4f3a9 100644 --- a/roles_t/all/tasks/main.yml +++ b/roles_t/all/tasks/main.yml @@ -10,19 +10,31 @@ - ansible_distribution == 'Debian' - 11 < ansible_distribution_major_version|int -- name: Enable/Start systemd-networkd. +- name: Start systemd-networkd. + become: yes + systemd: + service: systemd-networkd + state: started + tags: actualizer + +- name: Enable systemd-networkd. become: yes systemd: service: systemd-networkd enabled: yes + +- name: Start systemd-resolved. + become: yes + systemd: + service: systemd-resolved state: started + tags: actualizer -- name: Enable/Start systemd-resolved. +- name: Enable systemd-resolved. become: yes systemd: service: systemd-resolved enabled: yes - state: started - name: Link /etc/resolv.conf. become: yes diff --git a/roles_t/campus/handlers/main.yml b/roles_t/campus/handlers/main.yml index be1797f..58eeef3 100644 --- a/roles_t/campus/handlers/main.yml +++ b/roles_t/campus/handlers/main.yml @@ -4,15 +4,18 @@ systemd: service: systemd-timesyncd state: restarted + tags: actualizer - name: Restart Postfix. become: yes systemd: service: postfix state: restarted + tags: actualizer - name: Reload NRPE server. become: yes systemd: service: nagios-nrpe-server state: reloaded + tags: actualizer diff --git a/roles_t/campus/tasks/main.yml b/roles_t/campus/tasks/main.yml index 2290779..3e32d16 100644 --- a/roles_t/campus/tasks/main.yml +++ b/roles_t/campus/tasks/main.yml @@ -19,6 +19,7 @@ become: yes command: hostname -F /etc/hostname when: inventory_hostname != ansible_hostname + tags: actualizer - name: Configure timesyncd. become: yes @@ -64,12 +65,18 @@ - { p: inet_interfaces, v: loopback-only } notify: Restart Postfix. -- name: Enable/Start Postfix. +- name: Start Postfix. become: yes systemd: service: postfix - enabled: yes state: started + tags: actualizer + +- name: Enable Postfix. + become: yes + systemd: + service: postfix + enabled: yes - name: Set domain name. become: yes @@ -107,9 +114,15 @@ dest: /etc/nagios/nrpe.d/institute.cfg notify: Reload NRPE server. -- name: Enable/Start NRPE server. +- name: Start NRPE server. become: yes systemd: service: nagios-nrpe-server - enabled: yes state: started + tags: actualizer + +- name: Enable NRPE server. + become: yes + systemd: + service: nagios-nrpe-server + enabled: yes diff --git a/roles_t/core/handlers/main.yml b/roles_t/core/handlers/main.yml index d804487..ad8d341 100644 --- a/roles_t/core/handlers/main.yml +++ b/roles_t/core/handlers/main.yml @@ -1,40 +1,43 @@ --- -- name: Update hostname. - become: yes - command: hostname -F /etc/hostname - - name: Reload Systemd. become: yes systemd: daemon-reload: yes + tags: actualizer - name: Restart Systemd resolved. become: yes systemd: service: systemd-resolved state: restarted + tags: actualizer - name: Apply netplan. become: yes command: netplan apply + tags: actualizer - name: Restart DHCP server. become: yes systemd: service: isc-dhcp-server state: restarted + tags: actualizer - name: Reload BIND9. become: yes systemd: service: bind9 state: reloaded + tags: actualizer + - name: Restart Postfix. become: yes systemd: service: postfix state: restarted + tags: actualizer - name: Postmap transport. become: yes @@ -46,30 +49,35 @@ - name: New aliases. become: yes command: newaliases + tags: actualizer - name: Restart Dovecot. become: yes systemd: service: dovecot state: restarted + tags: actualizer - name: Restart Apache2. become: yes systemd: service: apache2 state: restarted + tags: actualizer - name: Restart WireGuard™. become: yes systemd: service: wg-quick@wg0 state: restarted + tags: actualizer - name: Reload NAGIOS4. become: yes systemd: service: nagios4 state: reloaded + tags: actualizer - name: Import root PGP key. become: no diff --git a/roles_t/core/tasks/main.yml b/roles_t/core/tasks/main.yml index 2710d73..74c4819 100644 --- a/roles_t/core/tasks/main.yml +++ b/roles_t/core/tasks/main.yml @@ -17,7 +17,12 @@ loop: - { name: "core.{{ domain_priv }}", file: /etc/mailname } - { name: "{{ inventory_hostname }}", file: /etc/hostname } - notify: Update hostname. + +- name: Update hostname. + become: yes + command: hostname -F /etc/hostname + when: inventory_hostname != ansible_hostname + tags: actualizer - name: Configure resolved. become: yes @@ -76,12 +81,18 @@ dest: /etc/dhcp/dhcpd.conf notify: Restart DHCP server. -- name: Enable/Start DHCP server. +- name: Start DHCP server. become: yes systemd: service: isc-dhcp-server - enabled: yes state: started + tags: actualizer + +- name: Enable DHCP server. + become: yes + systemd: + service: isc-dhcp-server + enabled: yes - name: Install BIND9. become: yes @@ -158,12 +169,18 @@ loop: [ domain, private, public_vpn, campus_vpn ] notify: Reload BIND9. -- name: Enable/Start BIND9. +- name: Start BIND9. become: yes systemd: service: bind9 - enabled: yes state: started + tags: actualizer + +- name: Enable BIND9. + become: yes + systemd: + service: bind9 + enabled: yes - name: Add {{ ansible_user }} to system groups. become: yes @@ -322,12 +339,18 @@ dest: /etc/postfix/transport notify: Postmap transport. -- name: Enable/Start Postfix. +- name: Start Postfix. become: yes systemd: service: postfix - enabled: yes state: started + tags: actualizer + +- name: Enable Postfix. + become: yes + systemd: + service: postfix + enabled: yes - name: Install institute email aliases. become: yes @@ -358,12 +381,18 @@ dest: /etc/dovecot/local.conf notify: Restart Dovecot. -- name: Enable/Start Dovecot. +- name: Start Dovecot. become: yes systemd: service: dovecot - enabled: yes state: started + tags: actualizer + +- name: Enable Dovecot. + become: yes + systemd: + service: dovecot + enabled: yes - name: Install fetchmail. become: yes @@ -430,7 +459,7 @@ when: - members[item].status == 'current' - members[item].password_fetchmail is defined - tags: accounts + tags: accounts, actualizer - name: Stop former user fetchmail services. become: yes @@ -567,12 +596,18 @@ loop: [ live, test, www, default-ssl ] notify: Restart Apache2. -- name: Enable/Start Apache2. +- name: Start Apache2. become: yes systemd: service: apache2 - enabled: yes state: started + tags: actualizer + +- name: Enable Apache2. + become: yes + systemd: + service: apache2 + enabled: yes - name: "Install Monkey's webupdate script." become: yes @@ -605,12 +640,18 @@ group: root notify: Restart WireGuard™. -- name: Enable/Start WireGuard™ on boot. +- name: Start WireGuard™. become: yes systemd: service: wg-quick@wg0 - enabled: yes state: started + tags: actualizer + +- name: Enable WireGuard™. + become: yes + systemd: + service: wg-quick@wg0 + enabled: yes - name: Install NAGIOS4. become: yes @@ -654,12 +695,18 @@ dest: /etc/nagios4/conf.d/institute.cfg notify: Reload NAGIOS4. -- name: Enable/Start NAGIOS4. +- name: Start NAGIOS4. become: yes systemd: service: nagios4 - enabled: yes state: started + tags: actualizer + +- name: Enable NAGIOS4. + become: yes + systemd: + service: nagios4 + enabled: yes - name: Install backup script. become: yes diff --git a/roles_t/front/handlers/main.yml b/roles_t/front/handlers/main.yml index 0db39f3..21f962a 100644 --- a/roles_t/front/handlers/main.yml +++ b/roles_t/front/handlers/main.yml @@ -1,19 +1,17 @@ --- -- name: Update hostname. - become: yes - command: hostname -F /etc/hostname - - name: Reload SSH server. become: yes systemd: service: ssh state: reloaded + tags: actualizer - name: Restart Postfix. become: yes systemd: service: postfix state: restarted + tags: actualizer - name: Postmap header checks. become: yes @@ -25,32 +23,38 @@ - name: New aliases. become: yes command: newaliases + tags: actualizer - name: Restart Dovecot. become: yes systemd: service: dovecot state: restarted + tags: actualizer - name: Restart Apache2. become: yes systemd: service: apache2 state: restarted + tags: actualizer - name: Restart WireGuard™. become: yes systemd: service: wg-quick@wg0 state: restarted + tags: actualizer - name: Reload Systemd. become: yes systemd: daemon-reload: yes + tags: actualizer - name: Restart Kamailio. become: yes systemd: service: kamailio state: restarted + tags: actualizer diff --git a/roles_t/front/tasks/main.yml b/roles_t/front/tasks/main.yml index 1203e7d..58a52c8 100644 --- a/roles_t/front/tasks/main.yml +++ b/roles_t/front/tasks/main.yml @@ -19,7 +19,12 @@ loop: - /etc/hostname - /etc/mailname - notify: Update hostname. + +- name: Update hostname. + become: yes + command: hostname -F /etc/hostname + when: domain_name != ansible_hostname + tags: actualizer - name: Add {{ ansible_user }} to system groups. become: yes @@ -163,12 +168,18 @@ dest: /etc/postfix/header_checks.cf notify: Postmap header checks. -- name: Enable/Start Postfix. +- name: Start Postfix. become: yes systemd: service: postfix - enabled: yes state: started + tags: actualizer + +- name: Enable Postfix. + become: yes + systemd: + service: postfix + enabled: yes - name: Install institute email aliases. become: yes @@ -204,12 +215,18 @@ dest: /etc/dovecot/local.conf notify: Restart Dovecot. -- name: Enable/Start Dovecot. +- name: Start Dovecot. become: yes systemd: service: dovecot - enabled: yes state: started + tags: actualizer + +- name: Enable Dovecot. + become: yes + systemd: + service: dovecot + enabled: yes - name: Install Apache2. become: yes @@ -304,12 +321,18 @@ creates: /etc/apache2/sites-enabled/{{ domain_name }}.conf notify: Restart Apache2. -- name: Enable/Start Apache2. +- name: Start Apache2. become: yes systemd: service: apache2 - enabled: yes state: started + tags: actualizer + +- name: Enable Apache2. + become: yes + systemd: + service: apache2 + enabled: yes - name: Disable default vhosts. become: yes @@ -366,12 +389,18 @@ group: root notify: Restart WireGuard™. -- name: Enable/Start WireGuard™ on boot. +- name: Start WireGuard™. become: yes systemd: service: wg-quick@wg0 - enabled: yes state: started + tags: actualizer + +- name: Enable WireGuard™. + become: yes + systemd: + service: wg-quick@wg0 + enabled: yes - name: Install Kamailio. become: yes @@ -401,9 +430,15 @@ dest: /etc/kamailio/kamailio-local.cfg notify: Restart Kamailio. -- name: Enable/Start Kamailio. +- name: Start Kamailio. become: yes systemd: service: kamailio - enabled: yes state: started + tags: actualizer + +- name: Enable Kamailio. + become: yes + systemd: + service: kamailio + enabled: yes diff --git a/roles_t/gate/handlers/main.yml b/roles_t/gate/handlers/main.yml index 857346d..2028a59 100644 --- a/roles_t/gate/handlers/main.yml +++ b/roles_t/gate/handlers/main.yml @@ -2,20 +2,24 @@ - name: Apply netplan. become: yes command: netplan apply + tags: actualizer - name: Restart DHCP server. become: yes systemd: service: isc-dhcp-server state: restarted + tags: actualizer - name: Reload Systemd. become: yes systemd: daemon-reload: yes + tags: actualizer - name: Restart WireGuard™. become: yes systemd: service: wg-quick@wg0 state: restarted + tags: actualizer diff --git a/roles_t/gate/tasks/main.yml b/roles_t/gate/tasks/main.yml index 9b3aa91..d6510b8 100644 --- a/roles_t/gate/tasks/main.yml +++ b/roles_t/gate/tasks/main.yml @@ -133,12 +133,19 @@ dest: /etc/systemd/system/isc-dhcp-server.service.d/depend.conf notify: Reload Systemd. -- name: Enable/Start DHCP server. +- name: Start DHCP server. become: yes systemd: service: isc-dhcp-server - enabled: yes state: started + tags: actualizer + +- name: Enable DHCP server. + become: yes + systemd: + service: isc-dhcp-server + enabled: yes + - name: Install WireGuard™. become: yes @@ -154,9 +161,15 @@ group: root notify: Restart WireGuard™. -- name: Enable/Start WireGuard™ on boot. +- name: Start WireGuard™. become: yes systemd: service: wg-quick@wg0 - enabled: yes state: started + tags: actualizer + +- name: Enable WireGuard™. + become: yes + systemd: + service: wg-quick@wg0 + enabled: yes