Fix linting and add backup cron job (#25)

3 years ago · 5cd48b220f
parent d49819acec
commit 5cd48b220f
36 changed files with 550 additions and 762 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -0,0 +1,3 @@
 skip_list:
  - '403' # allow for latest packages
  - name[casing]
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -20,10 +20,12 @@ jobs:
    - uses: actions/setup-python@v4
      with:
        python-version: 3.8.9
    - name: Create Vault Key
      run: echo "${{ secrets.VAULT_PASSWORD }}" > ~/.vault-key
    - name: Install dependencies
      run: make deps
    - name: Test Directory
-      run: ansible-lint ${{ matrix.directory }}
+      run: ansible-lint ${{ matrix.directory }} --exclude roles/sprat.mergerfs --exclude roles/docker_restore_container
  format:
    runs-on: ubuntu-latest
--- a/5
+++ b/5
@ -25,7 +25,7 @@ format:
 lint:
 	ansible-lint host_vars
 	ansible-lint group_vars
-	ansible-lint roles
+	ansible-lint roles --exclude roles/sprat.mergerfs --exclude roles/docker_restore_container
 	ansible-lint playbooks
 backup: deps
@ -33,3 +33,6 @@ backup: deps
 restore: deps
 	ansible-playbook playbooks/restore-docker-volumes.yml
 cron:
 	ansible-playbook playbooks/setup-homelab.yml --tags cron
--- a/group_vars/linodes.yml
+++ b/group_vars/linodes.yml
@ -9,7 +9,6 @@ services:
  - name: nextcloud
  - name: nginx-proxy-manager
  - name: uptime-kuma
 #- name: docker-volume-backup
  - name: mariadb
  - name: photoprism
  - name: olivetin
--- a/host_vars/qnap.yml
+++ b/host_vars/qnap.yml
@ -42,8 +42,6 @@ services:
    endpoint_id: 2
  - name: vpn-stack
    endpoint_id: 2
 #- name: docker-volume-backup
 #  endpoint_id: 2
  - name: mariadb
    endpoint_id: 2
  - name: photoprism
--- a/playbooks/backup-docker-volumes.yml
+++ b/playbooks/backup-docker-volumes.yml
@ -1,5 +1,6 @@
 ---
- hosts: qnap
+- name: Backup Docker Volumes.
  hosts: qnap
  become: true
  vars:
    # corrsponds to which category of backups will be used.
@ -8,12 +9,11 @@
  pre_tasks:
    - name: Include vault variables.
-    include_vars: '../{{vault_file}}'
+      ansible.builtin.include_vars: '../{{ vault_file }}'
      tags: [always]
  tasks:
    - name: Find Containers With Backup Label
      register: docker_info
      docker_host_info:
        containers: true
        containers_filters:
@ -21,15 +21,12 @@
            - "ie.cianhatton.backup.enabled=true"
            - "ie.cianhatton.backup.schedule={{ schedule }}"
      register: filter_output
    - debug: msg="{{filter_output}}"
    - name: Get Container Names
-      set_fact: container_names="{{ filter_output.containers  | map(attribute="Names")  | flatten }}"
+      ansible.builtin.set_fact: container_names="{{ filter_output.containers | map(attribute="Names") | flatten }}"
    - debug: msg="{{container_names}}"
    - name: Backup Containers with backup label
-      include_role:
+      ansible.builtin.include_role:
        name: chatton.docker_backup.docker_s3_backup
      vars:
        container_backup: "{{ container_item | regex_replace('^\\/', '') }}"
--- a/playbooks/bootstrap.yml
+++ b/playbooks/bootstrap.yml
@ -12,7 +12,8 @@
        path: ~/.ssh/ansible
        passphrase: ''
- hosts: all
+- name: Bootstrap Ansible hosts.
  hosts: all
  become: true
  roles:
    - role: bootstrap
--- a/playbooks/restore-docker-volumes.yml
+++ b/playbooks/restore-docker-volumes.yml
@ -1,9 +1,10 @@
 ---
- hosts: qnap
+- name: Restore a docker volume.
  hosts: qnap
  become: true
  pre_tasks:
  - name: Include vault variables.
-    include_vars: '../{{vault_file}}'
+    ansible.builtin.include_vars: '../{{ vault_file }}'
    tags: [always]
  roles:
    - role: chatton.docker_backup.docker_s3_volume_restore
--- a/playbooks/setup-homelab.yml
+++ b/playbooks/setup-homelab.yml
@ -5,7 +5,7 @@
  become: true
  pre_tasks:
    - name: Update Packages
-    apt:
+      ansible.builtin.apt:
        upgrade: dist
        update_cache: true
  roles:
@ -23,7 +23,7 @@
  become: true
  pre_tasks:
    - name: Include vault variables.
-    include_vars: '../{{vault_file}}'
+      ansible.builtin.include_vars: '../{{ vault_file }}'
      tags: [always]
  roles:
@ -37,12 +37,12 @@
      tags: [services]
- hosts: linodes
+- name: Setup home lab on linode instances.
  hosts: linodes
  become: true
  pre_tasks:
    - name: Include vault variables.
-    include_vars: '../{{vault_file}}'
+      ansible.builtin.include_vars: '../{{ vault_file }}'
      tags: [always]
  roles:
--- a/playbooks/setup-linode.yml
+++ b/playbooks/setup-linode.yml
@ -1,4 +1,6 @@
- hosts: localhost
+---
 - name: Setup linode instance.
  hosts: localhost
  become: true
  roles:
    - role: roles/setup_linode
--- a/playbooks/verify-homelab.yml
+++ b/playbooks/verify-homelab.yml
@ -1,27 +1,29 @@
 ---
- hosts: all
+- name: Verify HomeLab has been correctly set up.
  hosts: all
  become: true
  pre_tasks:
    - name: Include vault variables.
-    include_vars: ../{{vault_file}}
+      ansible.builtin.include_vars: ../{{ vault_file }}
      tags:
        - always
  tasks:
    - name: Docker Compose Files Exist
-    command: stat {{directories.docker_compose_directory}}/{{ item.name }}/docker-compose.yml
+      ansible.builtin.command: stat {{ directories.docker_compose_directory }}/{{ item.name }}/docker-compose.yml
      with_items: '{{ services }}'
      changed_when: false
      register: docker_compose_stat
    - name: Assert all Docker Compose files were created
-    assert:
+      ansible.builtin.assert:
        that: item.rc == 0
      with_items: '{{ docker_compose_stat.results }}'
    - name: Populate service facts
-    service_facts: {}
+      ansible.builtin.service_facts: {}
    - name: Assert docker is installed and started
-    assert:
+      ansible.builtin.assert:
        that:
          - ansible_facts.services.docker.state == "running"
          - ansible_facts.services['docker.service'].status == "enabled"
@ -29,20 +31,18 @@
      docker_image_info: {}
      register: image_details
    - name: Assert desired images exist
-    assert:
+      ansible.builtin.assert:
-      that: {{item in image_details.images | map(attribute='RepoTags') | flatten: !!null ''}: !!null ''}
+        that: "{{ item in image_details.images | map(attribute='RepoTags') | flatten }}"
      with_items: '{{ desired_docker_images }}'
    - name: Fetch Sudoers Files
-    command: stat /etc/sudoers.d/{{item.name}}
+      ansible.builtin.command: stat /etc/sudoers.d/{{ item.name }}
      changed_when: false
      register: sudoers_stat
      with_items: '{{ users }}'
-    when: item.passwordless_sudo == true
+      when: item.passwordless_sudo
    - name: Assert sudoers files are created
-    assert:
+      ansible.builtin.assert:
        that: item.rc == 0
      with_items: '{{ sudoers_stat.results }}'
--- a/roles/bootstrap/meta/main.yml
+++ b/roles/bootstrap/meta/main.yml
@ -1,53 +1,12 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
+  description: Bootstrap ansible
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: MIT
-
+  min_ansible_version: "2.1"
  min_ansible_version: 2.1
  # If this a Container Enabled role, provide the minimum Ansible Container version.
  # min_ansible_container_version:
  #
  # Provide a list of supported platforms, and for each platform a list of versions.
  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
  # To view available platforms and versions (or releases), visit:
  # https://galaxy.ansible.com/api/v1/platforms/
  #
  # platforms:
  # - name: Fedora
  #   versions:
  #   - all
  #   - 25
  # - name: SomePlatform
  #   versions:
  #   - all
  #   - 1.0
  #   - 7
  #   - 99.99
  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
+  platforms:
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    - name: Debian
-    # remove the '[]' above, if you add tags to this list.
+      versions:
-    #
+        - all
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/roles/bootstrap/tasks/main.yml
+++ b/roles/bootstrap/tasks/main.yml
@ -1,13 +1,14 @@
 ---
 - name: Update Packages
-  apt:
+  ansible.builtin.apt:
    upgrade: dist
    update_cache: true
 - name: Create ansible user
-  user:
+  ansible.builtin.user:
    name: ansible
    groups: root
-    system: true
+    shell: /bin/bash
 - name: Add ssh key for ansible
  authorized_key:
@ -16,7 +17,7 @@
    key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
 - name: Add sudoers file for ansible
-  copy:
+  ansible.builtin.copy:
    src: sudoer_ansible
    dest: /etc/sudoers.d/ansible
    owner: root
--- a/roles/docker_restore_container/tasks/main.yml
+++ b/roles/docker_restore_container/tasks/main.yml
@ -66,7 +66,7 @@
    volume_details: "{{ volume_details | default([]) + [ {'mount': item.0, 's3_key': item.1} ] }}"
  with_together:
    - "{{ volume_mounts }}"
-    - "{{ container_s3_keys }}"`
+    - "{{ container_s3_keys }}"
 - debug: msg="{{ volume_details }}"
--- a/roles/setup_docker/meta/main.yml
+++ b/roles/setup_docker/meta/main.yml
@ -1,10 +1,12 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: Bootstrap ansible
+  description: Setup Docker
  company: your company (optional)
  license: MIT
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
  galaxy_tags: []
-
+  platforms:
    - name: Debian
      versions:
        - all
 dependencies: []
--- a/roles/setup_docker/tasks/main.yml
+++ b/roles/setup_docker/tasks/main.yml
@ -7,7 +7,7 @@
 # following official instructions here: https://docs.docker.com/engine/install/debian/
 - name: Install packages using apt
-  apt:
+  ansible.builtin.apt:
    name:
      - ca-certificates
      - curl
@ -18,18 +18,18 @@
    update_cache: true
 - name: Add Docker GPG apt Key
-  apt_key:
+  ansible.builtin.apt_key:
    url: https://download.docker.com/linux/debian/gpg
    state: present
 # TODO: paramaterize this
 - name: Add Docker Repository
-  apt_repository:
+  ansible.builtin.apt_repository:
    repo: deb https://download.docker.com/linux/debian buster stable
    state: present
 - name: Install docker packages using apt
-  apt:
+  ansible.builtin.apt:
    name:
      - docker-ce
      - docker-ce-cli
@ -38,15 +38,13 @@
    state: present
    update_cache: true
- name: Install Docker Module for Python
+- name: Install Docker Modules for Python
-  pip:
+  ansible.builtin.pip:
-    name: docker
+    name:
-
+      - docker
- name: Install Docker Compose Module for Python
+      - docker-compose
  pip:
    name: docker-compose
 - name: Ensure docker is started
-  service:
+  ansible.builtin.service:
    name: docker
    state: started
--- a/roles/setup_hosted_services/handlers/main.yml
+++ b/roles/setup_hosted_services/handlers/main.yml
@ -1,10 +1,9 @@
 # handlers file for setup_hosted_services
 - name: restart-dashy
-  command: docker restart dashy
+  ansible.builtin.command: docker restart dashy
  ignore_errors: true
 - name: restart-olivetin
-  command: docker restart olivetin
+  ansible.builtin.command: docker restart olivetin
 - name: restart-docker-volume-backup
-  command: docker restart docker-volume-backup
+  ansible.builtin.command: docker restart docker-volume-backup
--- a/roles/setup_hosted_services/meta/main.yml
+++ b/roles/setup_hosted_services/meta/main.yml
@ -1,18 +1,12 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
+  description: Deploy all my hosted services
  company: your company (optional)
  license: MIT
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
+  platforms:
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    - name: Debian
-    # remove the '[]' above, if you add tags to this list.
+      versions:
-    #
+        - all
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/roles/setup_hosted_services/tasks/main.yml
+++ b/roles/setup_hosted_services/tasks/main.yml
@ -1,3 +1,4 @@
 ---
 - name: Docker | Pull images
  docker_image:
    name: '{{ item }}'
@ -7,21 +8,24 @@
    - busybox
 - name: Docker Compose | Create a directory if it does not exist
-  file:
+  ansible.builtin.file:
    path: '{{ directories.docker_compose_directory }}/{{ item.name }}'
    state: directory
    mode: '0755'
  with_items: '{{ services }}'
 - name: Docker Compose | Template Docker Compose Files
-  template:
+  ansible.builtin.template:
    src: '{{ item.name }}.j2'
    dest: '{{ directories.docker_compose_directory }}/{{ item.name }}/docker-compose.yml'
    owner: root
    group: root
    mode: 0440
  with_items: '{{ services }}'
 - name: Directories | Ensure required directories
-  file:
+  ansible.builtin.file:
    path: '{{ item }}'
    state: directory
    mode: '0755'
@ -31,33 +35,37 @@
    - '{{ directories.backups_dir }}/.s3tmp'
 - name: Dashy | Config Files
-  copy:
+  ansible.builtin.copy:
    src: '{{ dashy.source_file }}'
    dest: '{{ dashy.config_directory }}/{{ dashy.config_file }}'
    owner: root
    group: root
    mode: 0440
  notify:
    - restart-dashy
 - name: Olivetin | Config Files
-  copy:
+  ansible.builtin.copy:
    src: '{{ olivetin.source_file }}'
    dest: '{{ olivetin.config_directory }}/{{ olivetin.config_file }}'
    owner: root
    group: root
    mode: 0440
  notify:
    - restart-olivetin
 - name: Install python dependencies (requests)
-  pip:
+  ansible.builtin.pip:
    name: requests
 - name: Docker | Find docker volumes
-  shell: docker volume ls -f name={{item.name}} --format '{{ '{{' }}  .Name {{ '}}'}}'
+  ansible.builtin.shell: docker volume ls -f name={{ item.name }} --format '{{ '{{' }}  .Name {{ '}}' }}'
  with_items: '{{ services }}'
  register: find_volumes
  changed_when: false
 - debug: msg="{{ find_volumes.results | map(attribute='stdout_lines') | list | flatten }}"
 - name: Docker | Find volumes that need to be restored
-  script: scripts/find-volumes-to-restore.py
+  ansible.builtin.script: scripts/find-volumes-to-restore.py
  environment:
    EXISTING_VOLUMES: "{{ find_volumes.results | map(attribute='stdout_lines') | list | flatten }}"
    SERVICES: '{{ services }}'
@ -67,16 +75,16 @@
  register: python_output
  changed_when: false
- debug: msg="{{ python_output.stdout_lines | list }}"
+- name: Build list of volumes to restore.
-
+  ansible.builtin.set_fact:
 - set_fact:
    restore_volumes: "{{ restore_volumes | default([]) + [{'volume_name':item}] }}"
  with_items: "{{ python_output.stdout_lines | list }}"
 - name: Restore any missing volumes from S3
-  include_role:
+  ansible.builtin.include_role:
    name: chatton.docker_backup.docker_s3_volume_restore
  when: restore_volumes is defined
  #  ignore_errors: true
  vars:
    docker_backup_restore_force: false
    docker_backup_restore_latest_s3_key: true
@ -105,21 +113,37 @@
    state: present
  with_items: '{{ services }}'
 - name: Install Ansible pull
  tags: ["cron"]
  ansible.builtin.pip:
    name:
      - ansible
 # TODO: need to specify ansible pull directly, it doesn't find it when it's in PATH
 - name: Ensure Nightly Cron Backups
  tags: ["cron"]
  ansible.builtin.cron:
    name: backup docker volumes (nightly)
-    weekday: "0"
+    weekday: "*"
-    minute: "0"
+    minute: "*"
-    hour: "3"
+    hour: "4"
-    user: ansible
+    user: "{{ homelab_user }}"
-    job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=nightly"
+    job: >
      /home/{{ homelab_user }}/.local/bin/ansible-pull
      -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=nightly >> ~/logs/nightly.log 2>&1
    cron_file: ansible_nightly_docker_volume_backup
    state: present
 - name: Ensure Monthly Cron Backups
  tags: ["cron"]
  ansible.builtin.cron:
    name: backup docker volumes (monthly)
    month: "*"
    day: "1"
-    user: ansible
+    user: "{{ homelab_user }}"
-    job: "ansible-pull -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=monthly"
+    job: >
      /home/{{ homelab_user }}/.local/bin/ansible-pull
      -U https://github.com/chatton/ansible-homelab playbooks/backup-docker-volumes.yml -e schedule=monthly >> ~/logs/monthly.log 2>&1
    cron_file: ansible_monthly_docker_volume_backup
    state: present
--- a/roles/setup_linode/defaults/main-vault.yml
+++ b/roles/setup_linode/defaults/main-vault.yml
@ -1,7 +1,12 @@
-$ANSIBLE_VAULT;1.1;AES256 36356161663039666634393933383830653035633438343866643730303434353632383031303965
+$ANSIBLE_VAULT;1.1;AES256
-3465343332353437616663643662343262373333366162300a373662386533363234636234633339 35383439373430656130353938653531636563663066646265643838323230356231333836326262
+38343033383061343739363362626366376630376337376639376235316665363736376362633830
-6439626538643837390a383039373366626637333738386332356361306131323133383534323462 32376564376363663666383639313064316365353037356633363035373632313561643030643933
+6638383135303063363866623262303736393337386364630a353533323537376437343033666334
-34663533313231636162306465656433663634643038343938396462643261656238626432633136 39356562353463353034373534386537313634326534623830616362336638396337386631663538
+32353832353466343832643238313834616662333736363738353565623063316438393635343631
-30663236653532316461306636333536373836626537363430613961346137626261333238366234 30633438653936316539326436393634366236616664383835396434373966333166366265636661
+6662366132396337320a326335353333306262666561353037356539633432376439666133386463
-39666335653265323565313831303264336331363339333532353939653330383362363965353032 383434386133323961373833303262336439
+30326230316634346431346266333030303435313065616665656362663164313638313639313633
-...
+63343538653230653330383336386138643636333361326139346336646665366530343537663331
 61303639313335343162613838303034616362303935653862666166656634613562376330306165
 32373832666438623638616363363931636664633337396336653237356234616438623261353134
 62373463313235323233343734363561353237613439663534393537333964323932373837356564
 32383536613332323532633534306632373762666236366664383636323264363433396437666437
 323637336362613139633237316237666365
--- a/roles/setup_linode/defaults/main.yml
+++ b/roles/setup_linode/defaults/main.yml
@ -1,10 +1,9 @@
 # defaults file for setup_linode
 ssh_keys:
  - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
 label: simple-linode
 # hosts that are added to the generated .ini file.
-hosts:
+linode_hosts:
  - user: root
    ip: '{{ my_linode.instance.ipv4[0] }}'
--- a/roles/setup_linode/meta/main.yml
+++ b/roles/setup_linode/meta/main.yml
@ -1,53 +1,13 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
+  description: Setup Linode instance
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: MIT
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
-
+  platforms:
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
+    - name: Debian
-  # min_ansible_container_version:
+      versions:
-
+        - all
  #
  # Provide a list of supported platforms, and for each platform a list of versions.
  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
  # To view available platforms and versions (or releases), visit:
  # https://galaxy.ansible.com/api/v1/platforms/
  #
  # platforms:
  # - name: Fedora
  #   versions:
  #   - all
  #   - 25
  # - name: SomePlatform
  #   versions:
  #   - all
  #   - 1.0
  #   - 7
  #   - 99.99
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/roles/setup_linode/tasks/main.yml
+++ b/roles/setup_linode/tasks/main.yml
@ -1,5 +1,6 @@
 ---
 - name: Include vault variables.
-  include_vars: defaults/main-vault.yml
+  ansible.builtin.include_vars: defaults/main-vault.yml
 - name: Create a new Linode.
  linode_v4:
@ -15,19 +16,22 @@
  register: my_linode
 - name: Wait for SSH to come up
-  local_action:
+  delegate_to: localhost
-    module: wait_for host={{ my_linode.instance.ipv4[0] }} port=22 search_regex=OpenSSH
+  ansible.builtin.wait_for:
-      timeout=320
+    host: "{{ my_linode.instance.ipv4[0] }}"
    port: 22
    search_regex: OpenSSH
    timeout: 320
 - name: Instance Details
-  debug:
+  ansible.builtin.debug:
    msg: '{{ my_linode }}'
- name: Update hosts.ini
+# - name: Update hosts.ini
-  blockinfile:
+#   blockinfile:
-    path: hosts.ini
+#    path: hosts.ini
-    block: |
+#    block: |
-      [linode]
+#      [linode]
-      {% for host in hosts %}
+#      {% for host in linode_hosts %}
-      {{host.user}}@{{host.ip}}
+#      {{ host.user }}@{{ host.ip }}
-      {% endfor %}
+#      {% endfor %}
--- a/roles/setup_mergerfs/meta/main.yml
+++ b/roles/setup_mergerfs/meta/main.yml
@ -1,53 +1,11 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
+  description: Configures Mergerfs
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: MIT
-
+  min_ansible_version: "2.1"
-  min_ansible_version: 2.1
+  platforms:
-
+    - name: Debian
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
+      versions:
-  # min_ansible_container_version:
+        - all
  #
  # Provide a list of supported platforms, and for each platform a list of versions.
  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
  # To view available platforms and versions (or releases), visit:
  # https://galaxy.ansible.com/api/v1/platforms/
  #
  # platforms:
  # - name: Fedora
  #   versions:
  #   - all
  #   - 25
  # - name: SomePlatform
  #   versions:
  #   - all
  #   - 1.0
  #   - 7
  #   - 99.99
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/roles/setup_mergerfs/tasks/main.yml
+++ b/roles/setup_mergerfs/tasks/main.yml
@ -1,13 +1,6 @@
-# dangerous to use this as the device name changes when there are new drives.
+---
 # can this be done with an ID?
 #- name: Create a ext4 filesystem on /dev/sdb1
 #  filesystem:
 #    fstype: ext4
 #    dev: /dev/sdb1
 #    state: present
 - name: Mount Volumes
-  mount:
+  ansible.builtin.mount:
    path: '{{ item.path }}'
    src: UUID={{ item.uuid }}
    fstype: ext4
@ -16,11 +9,14 @@
  loop: '{{ devices }}'
  register: volume_out
- debug: msg="{{volume_out}}"
+- name: Display volumes.
  ansible.builtin.debug:
    var: "{{ volume_out }}"
    verbosity: 3
 # tasks file for setup_mergerfs
 - name: Create Mergerfs directory
-  file:
+  ansible.builtin.file:
    path: /mnt/mergerfs
    state: directory
    owner: cianhatton
@ -30,11 +26,11 @@
 # Ensure the actual folder can't be written to only when it has just been created.
 - name: Make /mnt/mergerfs immutable
-  command: chattr +i /mnt/mergerfs
+  ansible.builtin.command: chattr +i /mnt/mergerfs
-  when: directory_creation.changed == true
+  when: directory_creation.diff.after.path != directory_creation.diff.before.path
 - name: Create Mergerfs pool
-  include_role:
+  ansible.builtin.include_role:
    name: sprat.mergerfs
  vars:
    mergerfs_mounts: '{{ mounts }}'
--- a/roles/setup_portainer/files/docker-compose.yml
+++ b/roles/setup_portainer/files/docker-compose.yml
@ -1,3 +1,4 @@
 ---
 version: '3.2'
 services:
  portainer:
--- a/roles/setup_portainer/meta/main.yml
+++ b/roles/setup_portainer/meta/main.yml
@ -1,53 +1,15 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
+  description: Setup Portainer for my Home Lab
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: MIT
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
-
+  platforms:
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
+    - name: Debian
-  # min_ansible_container_version:
+      versions:
-
+        - all
  #
  # Provide a list of supported platforms, and for each platform a list of versions.
  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
  # To view available platforms and versions (or releases), visit:
  # https://galaxy.ansible.com/api/v1/platforms/
  #
  # platforms:
  # - name: Fedora
  #   versions:
  #   - all
  #   - 25
  # - name: SomePlatform
  #   versions:
  #   - all
  #   - 1.0
  #   - 7
  #   - 99.99
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/roles/setup_portainer/tasks/main.yml
+++ b/roles/setup_portainer/tasks/main.yml
@ -1,17 +1,22 @@
- name: Portainer | Create directory if it does not exist
+---
 - name: Portainer | Create directory if it does not exist.
  ansible.builtin.file:
    path: '{{ directories.docker_compose_directory }}'
    state: directory
-    mode: '0755'
+    owner: root
    group: root
    mode: 0440
- name: Portainer | Copy docker compose file
+- name: Portainer | Copy docker compose file.
-  copy:
+  ansible.builtin.copy:
    src: docker-compose.yml
    dest: '{{ directories.docker_compose_directory }}/docker-compose.yml'
    owner: root
    group: root
    mode: 0440
 - name: Portainer | Check if volume exists
-  shell: docker volume ls -f name=portainer_portainer_data --format '{{ '{{' }}  .Name
+  ansible.builtin.shell: docker volume ls -f name=portainer_portainer_data --format '{{ '{{' }}  .Name {{ '}}' }}'
    {{ '}}' }}'
  register: portainer_volume
  changed_when: false
@ -31,7 +36,7 @@
    name: s3-restore-portainer
    cleanup: true # delete container after it's done.
    state: started # container should execute.
-    detach: no # task fails if container exits.
+    detach: false # task fails if container exits.
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /tmp:/tmp   # temp s3 archive goes here
@ -42,23 +47,6 @@
      AWS_BUCKET: '{{ aws_s3.bucket }}'
      AWS_ENDPOINT: '{{ aws_s3.s3_url }}'
 - name: Portainer | Docker compose up
  community.docker.docker_compose:
    project_src: '{{ directories.docker_compose_directory }}/portainer'
 # Don't really need this as long as there is an S3 backup.
 #- name: Portainer | Register Admin User
 #  when: (portainer_volume.stdout_lines | length) == 0
 #  uri:
 #    url: http://localhost:9000/api/users/admin/init
 #    method: POST
 #    body:
 #      Username: admin
 #      Password: "{{portainer.password}}"
 #    status_code: 200
 #    body_format: json
 #  register: result
 #  until: result.status == 200
 #  retries: 60
 #  delay: 1
--- a/roles/setup_samba/defaults/main.yml
+++ b/roles/setup_samba/defaults/main.yml
@ -1,3 +1,4 @@
 ---
 samba_group: smbgroup
 samba_user: smbuser
 users:
--- a/roles/setup_samba/meta/main.yml
+++ b/roles/setup_samba/meta/main.yml
@ -1,53 +1,15 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
+  description: Setup Samba Shares for my Home Lab.
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: MIT
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
-
+  platforms:
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
+    - name: Debian
-  # min_ansible_container_version:
+      versions:
-
+        - all
  #
  # Provide a list of supported platforms, and for each platform a list of versions.
  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
  # To view available platforms and versions (or releases), visit:
  # https://galaxy.ansible.com/api/v1/platforms/
  #
  # platforms:
  # - name: Fedora
  #   versions:
  #   - all
  #   - 25
  # - name: SomePlatform
  #   versions:
  #   - all
  #   - 1.0
  #   - 7
  #   - 99.99
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/roles/setup_samba/tasks/main.yml
+++ b/roles/setup_samba/tasks/main.yml
@ -1,11 +1,12 @@
- name: Install samba packages using apt
+---
-  apt:
+- name: Install samba packages using apt.
  ansible.builtin.apt:
    name:
      - samba
    state: present
    update_cache: true
- name: Ensure samba group exists
+- name: Ensure samba group exists.
  ansible.builtin.group:
    name: '{{ samba_group }}'
    state: present
@ -13,7 +14,7 @@
  notify:
    - reload-samba
- name: Ensure samba user
+- name: Ensure samba user.
  ansible.builtin.user:
    name: '{{ samba_user }}'
    comment: Samba user
@ -23,14 +24,14 @@
  notify:
    - reload-samba
- name: Add the User(s) to Samba group
+- name: Add the User(s) to Samba group.
-  user:
+  ansible.builtin.user:
    name: '{{ item.name }}'
    groups: '{{ samba_group }}'
    append: true
  with_items: '{{ users }}'
- name: Ensure Share directories
+- name: Ensure Share directories.
  ansible.builtin.file:
    path: '{{ item }}'
    recurse: true
@ -42,10 +43,13 @@
  notify:
    - reload-samba
- name: Copy smb conf files
+- name: Copy smb conf files.
-  copy:
+  ansible.builtin.copy:
    src: '{{ item }}'
-    dest: /etc/samba/{{item}}
+    dest: "/etc/samba/{{ item }}"
    mode: 0644
    owner: "{{ samba_user }}"
    group: "{{ samba_group }}"
  with_items:
    - smb.conf
    - shares.conf
--- a/roles/setup_users/meta/main.yml
+++ b/roles/setup_users/meta/main.yml
@ -1,53 +1,15 @@
 galaxy_info:
  author: Cian Hatton
  namespace: chatton
-  description: your role description
+  description: Setup users for my Home Lab
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
  # next line and provide a value
  # issue_tracker_url: http://example.com/issue/tracker
  # Choose a valid license ID from https://spdx.org - some suggested licenses:
  # - BSD-3-Clause (default)
  # - MIT
  # - GPL-2.0-or-later
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
  license: MIT
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
-
+  platforms:
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
+    - name: Debian
-  # min_ansible_container_version:
+      versions:
-
+        - all
  #
  # Provide a list of supported platforms, and for each platform a list of versions.
  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
  # To view available platforms and versions (or releases), visit:
  # https://galaxy.ansible.com/api/v1/platforms/
  #
  # platforms:
  # - name: Fedora
  #   versions:
  #   - all
  #   - 25
  # - name: SomePlatform
  #   versions:
  #   - all
  #   - 1.0
  #   - 7
  #   - 99.99
  galaxy_tags: []
    # List tags for your role here, one per line. A tag is a keyword that describes
    # and categorizes the role. Users find roles by searching for tags. Be sure to
    # remove the '[]' above, if you add tags to this list.
    #
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/roles/setup_users/tasks/main.yml
+++ b/roles/setup_users/tasks/main.yml
@ -1,39 +1,42 @@
 # https://stackoverflow.com/questions/37333305/ansible-create-a-user-with-sudo-privileges
- name: Install Sudo
+- name: Install Sudo.
-  apt:
+  ansible.builtin.apt:
    pkg:
      - sudo
    state: latest
    update_cache: true
- name: Make sure we have a  groups
+- name: Make sure we have a groups.
-  group:
+  ansible.builtin.group:
    name: '{{ item.group }}'
    state: present
  with_items: '{{ users }}'
- name: Add Users
+- name: Add Users.
  ansible.builtin.user:
    name: '{{ item.name }}'
    comment: '{{ item.name }} user'
    group: '{{ item.group }}'
  with_items: '{{ users }}'
- name: Add sudoers
+- name: Add sudoers.
-  template:
+  ansible.builtin.template:
    src: sudoers.j2
    dest: /etc/sudoers.d/{{ item.name }}
    mode: 0440
  with_items: '{{ users }}'
-  when: item.passwordless_sudo == true
+  when: item.passwordless_sudo
- name: Set authorized key
+- name: Set authorized key.
  authorized_key:
    user: '{{ homelab_user }}'
    state: present
    key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
- name: Copy Bashrc
+- name: Copy Bashrc.
-  copy:
+  ansible.builtin.copy:
    src: bash_rc
    dest: "/home/{{ homelab_user }}/.bash_rc"
    group: "{{ homelab_user }}"
    owner: "{{ homelab_user }}"
    mode: 0644