Major clean-up

.github/filters.yml

@@ -8,9 +8,6 @@ common:
 dns:
   - roles/dns/**/!(**.md)
   - molecule/dns/**
-hashicorp:
-  - roles/hashicorp/**/!(**.md)
-  - molecule/hashicorp/**
 logs:
   - roles/logs/**/!(**.md)
   - molecule/logs/**
@@ -23,9 +20,6 @@ nfs:
 nut:
   - roles/nut/**/!(**.md)
   - molecule/nut/**
-pia:
-  - roles/pia/**/!(**.md)
-  - molecule/pia/**
 proxmox:
   - roles/proxmox/**/!(**.md)
   - molecule/proxmox/**
@@ -35,12 +29,6 @@ qemu_guest_agent:
 sanoid:
   - roles/sanoid/**/!(**.md)
   - molecule/sanoid/**
-shellcheck:
-  - roles/shellcheck/**/!(**.md)
-  - molecule/shellcheck/**
 wireguard:
   - roles/wireguard/**/!(**.md)
   - molecule/wireguard/**
-zsh:
-  - roles/zsh/**/!(**.md)
-  - molecule/zsh/**

.github/workflows/test.yml

@@ -59,4 +59,4 @@ jobs:
           MOLECULE_DISTRO: ${{ matrix.os }}
       #   continue-on-error: true
       # - name: Debugging with tmate
-      #   uses: mxschmitt/action-tmate@v3.16
+      #   uses: mxschmitt/action-tmate@v3.18

galaxy.yml

@@ -10,7 +10,6 @@ license_file: LICENSE
 tags:
   - common
   - dns
-  - hashicorp
   - linux
   - logs
   - msmtp
@@ -19,11 +18,9 @@ tags:
   - proxmox
   - qemu
   - sanoid
-  - shellcheck
   - system
   - ubuntu
   - wireguard
-  - zsh
 dependencies:
   ansible.posix: "*"
   community.general: "*"

molecule/common/converge.yml

@@ -78,7 +78,6 @@
             service_state: started
             service_enabled: true
         install_ca_certificates: true
-        fail2ban_enabled: true
         sysctl_overwrite:
           fs.inotify.max_user_watches: 524288
         unattended_upgrades_autoupdate_enabled: true

molecule/dns/converge.yml

@@ -8,5 +8,3 @@
         name: vladgh.system.dns
       vars:
         cloudflare_ddns_updater_enabled: true
-        dns_disable_stub_listener: true
-        dns_server_ips: 8.8.8.8

molecule/proxmox/converge.yml

@@ -7,7 +7,7 @@
       ansible.builtin.file:
         path: "{{ item }}"
         state: directory
-        mode: 0755
+        mode: '0755'
       loop:
         - /etc/lvm
     - name: Ensure required files
@@ -17,7 +17,7 @@
         force: false
         group: root
         owner: root
-        mode: 0664
+        mode: '0664'
       loop:
         - /etc/default/grub
         - /etc/lvm/lvm.conf

playbooks/docker_compose_stack.yml

@@ -0,0 +1,8 @@
+---
+- name: Docker Compose Stack
+  hosts: docker_compose_stack
+  become: true
+  tasks:
+    - name: Include stack role
+      ansible.builtin.include_role:
+        name: vladgh.system.docker_compose_stack

requirements.yml

@@ -2,9 +2,5 @@
 collections:
   - name: ansible.posix
     version: 1.5.4
-  - name: community.crypto
-    version: 2.19.1
   - name: community.general
     version: 8.6.0
-  - name: community.docker
-    version: 3.9.0

roles/common/defaults/main.yml

@@ -35,12 +35,7 @@ sysctl_overwrite: {}
 mounts: []
 systemd_mounts: []
 
-# Security
-## Set to `true` to install and configure Fail2ban
-fail2ban_enabled: false
-## SSH port for the fail2ban configuration
-fail2ban_ssh_port: 22
-## Set to `true` to enable unattended upgrades
+# Unattended upgrades
 unattended_upgrades_autoupdate_enabled: false
 unattended_upgrades_autoupdate_reboot: false
 unattended_upgrades_autoupdate_reboot_time: "03:33"

roles/common/handlers/main.yml

@@ -11,6 +11,7 @@
 
 - name: Update trusted CA certificates
   ansible.builtin.command: /usr/sbin/update-ca-certificates --fresh
+  changed_when: false
 
 - name: Restart SystemD mount
   ansible.builtin.systemd:

roles/common/meta/main.yml

@@ -4,7 +4,7 @@ galaxy_info:
   author: vladgh
   description: Vlad's Common Role
   license: Apache v2
-  min_ansible_version: '2.11'
+  min_ansible_version: '2.14'
   galaxy_tags: []
   platforms:
     - name: Ubuntu

roles/common/tasks/apt.yml

@@ -12,7 +12,7 @@
       loop: "{{ apt_disable_repositories }}"
     - name: Update APT cache
       ansible.builtin.apt:
-        update_cache: yes
+        update_cache: true
 
 - name: Add extra APT repositories
   when: apt_extra_repositories is defined and apt_extra_repositories

roles/common/tasks/ca.yml

@@ -9,7 +9,7 @@
   ansible.builtin.file:
     path: "{{ ca_path }}/"
     state: directory
-    mode: 0755
+    mode: '0755'
 
 - name: Install CA Certificates
   ansible.builtin.copy:

roles/common/tasks/main.yml

@@ -63,10 +63,6 @@
     ( mounts is defined and mounts ) or
     ( systemd_mounts is defined and systemd_mounts )
 
-- name: Fail2Ban
-  ansible.builtin.import_tasks: fail2ban.yml
-  when: fail2ban_enabled is defined and fail2ban_enabled | bool
-
 - name: Extra shell commands
   ansible.builtin.import_tasks: shell.yml
   when: shell_extra_commands is defined and shell_extra_commands

roles/dns/README.md

@@ -16,16 +16,17 @@ Installs this script  used to update Dynamic DNS (DDNS) service based on Cloudfl
 ```yml
 cloudflare_ddns_updater_enabled: true  # Set to `true` to install ddns updater script
 cloudflare_ddns_updater_config:
-  auth_email: ""           # The email used to login 'https://dash.cloudflare.com'
-  auth_method: "token"     # Set to "global" for Global API Key or "token" for Scoped API Token
-  auth_key: ""             # Your API Token or Global API Key
-  zone_identifier: ""      # Can be found in the "Overview" tab of your domain
-  record_name: ""          # Which record you want to be synced
-  ttl: "3600"              # Set the DNS TTL (seconds)
-  proxy: false             # Set the proxy to true or false
-  slacksitename: ""        # Title of site "Example Site"
-  slackchannel: ""         # Slack Channel #example
-  slackuri: ""             # URI for Slack WebHook "https://hooks.slack.com/services/xxxxx"
+  auth_email: ""        # The email used to login 'https://dash.cloudflare.com'
+  auth_method: "token"  # Set to "global" for Global API Key or "token" for Scoped API Token
+  auth_key: ""          # Your API Token or Global API Key
+  zone_identifier: ""   # Can be found in the "Overview" tab of your domain
+  record_name: ""       # Which record you want to be synced
+  ttl: "3600"           # Set the DNS TTL (seconds)
+  proxy: false          # Set the proxy to true or false
+  sitename: ""          # Title of site "Example Site"
+  slackchannel: ""      # Slack Channel #example
+  slackuri: ""          # URI for Slack WebHook "https://hooks.slack.com/services/xxxxx"
+  discorduri: ""        # URI for Discord WebHook "https://discordapp.com/api/webhooks/xxxxx"
 ```
 
 ### Cloudflare DNS records
@@ -41,13 +42,6 @@ cloudflare_dns_records:
     state: absent
 ```
 
-### Local DNS resolver
-
-```yaml
-dns_stub_listener: false  # Set to `false` to remove local stub listener and use the DNS below
-dns_resolved: 127.0.0.1  # Space separated list (Ex: 8.8.8.8 8.8.4.4)
-```
-
 ## Dependencies
 
 *_N/A_*

roles/dns/meta/main.yml

@@ -4,7 +4,7 @@ galaxy_info:
   author: vladgh
   description: Vlad's DNS Role
   license: Apache v2
-  min_ansible_version: '2.11'
+  min_ansible_version: '2.14'
   galaxy_tags: []
   platforms:
     - name: Ubuntu

roles/dns/tasks/ddns.yml

@@ -5,7 +5,7 @@
     dest: /usr/local/bin/cloudflare-ddns-updater
     owner: root
     group: root
-    mode: 0700
+    mode: '0770'
 
 - name: Configure script
   ansible.builtin.lineinfile:
@@ -21,9 +21,10 @@
     - {regexp: '^record_name=', line: "record_name='{{ cloudflare_ddns_updater_config.record_name | default('') }}'"}
     - {regexp: '^ttl=', line: "ttl='{{ cloudflare_ddns_updater_config.ttl | default('3600') }}'"}
     - {regexp: '^proxy=', line: "proxy={{ cloudflare_ddns_updater_config.proxy | default('false') }}"}
-    - {regexp: '^slacksitename=', line: "slacksitename='{{ cloudflare_ddns_updater_config.slacksitename | default('') }}'"}
+    - {regexp: '^sitename=', line: "sitename='{{ cloudflare_ddns_updater_config.sitename | default('') }}'"}
     - {regexp: '^slackchannel=', line: "slackchannel='{{ cloudflare_ddns_updater_config.slackchannel | default('') }}'"}
     - {regexp: '^slackuri=', line: "slackuri='{{ cloudflare_ddns_updater_config.slackuri | default('') }}'"}
+    - {regexp: '^discorduri=', line: "discorduri='{{ cloudflare_ddns_updater_config.discorduri | default('') }}'"}
   when: cloudflare_ddns_updater_config is defined and cloudflare_ddns_updater_config
 
 - name: Ensure Cron package is installed

roles/dns/tasks/main.yml

@@ -6,9 +6,3 @@
 - name: Provision DNS records
   ansible.builtin.import_tasks: dns-records.yml
   when: cloudflare_dns_records is defined and cloudflare_dns_records
-
-- name: Override SystemD Resolve
-  ansible.builtin.import_tasks: systemd.yml
-  when: >
-    ( dns_disable_stub_listener is defined and dns_disable_stub_listener | bool ) and
-    ( ansible_distribution == 'Ubuntu' )

roles/docker_compose_stack/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+docker_compose_stack_path: /opt/appstack

roles/zsh/meta/main.yml → roles/docker_compose_stack/meta/main.yml

@@ -1,10 +1,10 @@
 ---
 galaxy_info:
-  role_name: zsh
+  role_name: logs
   author: vladgh
-  description: Vlad's ZSH Role
+  description: Vlad's Logs Role
   license: Apache v2
-  min_ansible_version: '2.11'
+  min_ansible_version: '2.14'
   galaxy_tags: []
   platforms:
     - name: Ubuntu