merging all roles into one repo. - ansible-roles - A collection of ansible roles I have created over the years.
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 34be01c0601ea35294c19b9832933cf162526259
(HTM) Author: Jay Scott <me@jay.scot>
Date: Sat, 5 Sep 2020 16:32:57 +0100
merging all roles into one repo.
Diffstat:
A LICENSE | 22 ++++++++++++++++++++++
A README | 6 ++++++
A ansible-role-stagit/.ansible-lint | 2 ++
A ansible-role-stagit/.yamllint | 11 +++++++++++
A ansible-role-stagit/LICENSE | 22 ++++++++++++++++++++++
A ansible-role-stagit/README | 44 +++++++++++++++++++++++++++++++
A ansible-role-stagit/defaults/main.… | 12 ++++++++++++
A ansible-role-stagit/files/favicon.… | 0
A ansible-role-stagit/files/logo.png | 0
A ansible-role-stagit/files/style.css | 106 ++++++++++++++++++++++++++++++
A ansible-role-stagit/handlers/main.… | 4 ++++
A ansible-role-stagit/meta/main.yml | 23 +++++++++++++++++++++++
A ansible-role-stagit/molecule/defau… | 12 ++++++++++++
A ansible-role-stagit/molecule/defau… | 23 +++++++++++++++++++++++
A ansible-role-stagit/tasks/main.yml | 69 ++++++++++++++++++++++++++++++
A ansible-role-stagit/tasks/setup-De… | 5 +++++
A ansible-role-stagit/tasks/setup-Re… | 6 ++++++
A ansible-role-stagit/tasks/variable… | 9 +++++++++
A ansible-role-stagit/templates/crea… | 42 +++++++++++++++++++++++++++++++
A ansible-role-stagit/templates/post… | 3 +++
A ansible-role-stagit/vars/Debian-9.… | 7 +++++++
A ansible-role-stagit/vars/RedHat-7.… | 7 +++++++
A ansible-role-stagit/vars/RedHat-8.… | 7 +++++++
A ansible-role-stagit/vars/Ubuntu-18… | 6 ++++++
A ansible-role-stagit/vars/Ubuntu-20… | 6 ++++++
A aws-vpc/LICENSE | 22 ++++++++++++++++++++++
A aws-vpc/README | 60 +++++++++++++++++++++++++++++++
A aws-vpc/defaults/main.yml | 4 ++++
A aws-vpc/meta/main.yml | 16 ++++++++++++++++
A aws-vpc/tasks/create_nat_gateway.y… | 22 ++++++++++++++++++++++
A aws-vpc/tasks/create_routes.yml | 41 +++++++++++++++++++++++++++++++
A aws-vpc/tasks/create_subnets.yml | 13 +++++++++++++
A aws-vpc/tasks/create_vpc.yml | 21 +++++++++++++++++++++
A aws-vpc/tasks/main.yml | 16 ++++++++++++++++
A aws-vpc/tasks/pre_tasks.yml | 16 ++++++++++++++++
A firewalld/LICENSE | 22 ++++++++++++++++++++++
A firewalld/README | 71 +++++++++++++++++++++++++++++++
A firewalld/defaults/main.yml | 0
A firewalld/handlers/main.yml | 3 +++
A firewalld/meta/main.yml | 12 ++++++++++++
A firewalld/tasks/main.yml | 15 +++++++++++++++
A firewalld/vars/main.yml | 1 +
A quark/.ansible-lint | 2 ++
A quark/.yamllint | 11 +++++++++++
A quark/LICENSE | 22 ++++++++++++++++++++++
A quark/README | 39 +++++++++++++++++++++++++++++++
A quark/defaults/main.yml | 13 +++++++++++++
A quark/handlers/main.yml | 6 ++++++
A quark/meta/main.yml | 21 +++++++++++++++++++++
A quark/molecule/default/converge.yml | 25 +++++++++++++++++++++++++
A quark/molecule/default/molecule.yml | 23 +++++++++++++++++++++++
A quark/tasks/main.yml | 50 +++++++++++++++++++++++++++++++
A quark/tasks/setup-Debian.yml | 5 +++++
A quark/tasks/setup-RedHat.yml | 5 +++++
A quark/tasks/variables.yml | 9 +++++++++
A quark/templates/quark.service.j2 | 12 ++++++++++++
A quark/vars/RedHat-7.yml | 5 +++++
A quark/vars/RedHat-8.yml | 5 +++++
A quark/vars/Ubuntu-18.yml | 5 +++++
A quark/vars/Ubuntu-20.yml | 5 +++++
A searx/LICENSE | 22 ++++++++++++++++++++++
A searx/README | 42 +++++++++++++++++++++++++++++++
A searx/defaults/main.yml | 16 ++++++++++++++++
A searx/handlers/main.yml | 19 +++++++++++++++++++
A searx/meta/main.yml | 22 ++++++++++++++++++++++
A searx/molecule/default/converge.yml | 18 ++++++++++++++++++
A searx/molecule/default/molecule.yml | 23 +++++++++++++++++++++++
A searx/tasks/main.yml | 92 +++++++++++++++++++++++++++++++
A searx/tasks/setup-Debian.yml | 5 +++++
A searx/tasks/setup-RedHat.yml | 25 +++++++++++++++++++++++++
A searx/tasks/variables.yml | 19 +++++++++++++++++++
A searx/templates/searx.service.j2 | 13 +++++++++++++
A searx/templates/uwsgi.ini.j2 | 18 ++++++++++++++++++
A searx/templates/uwsgi.service.j2 | 10 ++++++++++
A searx/templates/vhost.conf.j2 | 17 +++++++++++++++++
A searx/vars/RedHat-7.yml | 17 +++++++++++++++++
A searx/vars/RedHat-8.yml | 17 +++++++++++++++++
A searx/vars/Ubuntu-16.yml | 16 ++++++++++++++++
A searx/vars/Ubuntu-18.yml | 16 ++++++++++++++++
A searx/vars/Ubuntu-20.yml | 16 ++++++++++++++++
80 files changed, 1515 insertions(+), 0 deletions(-)
---
(DIR) diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Jay Scott
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
(DIR) diff --git a/README b/README
@@ -0,0 +1,6 @@
+-= ansible-roles =-
+
+ This is a collection of ansible roles, these were all in separate git
+repos at one point, however, I have merged them into one as I rarely use them
+now. Within each role there is a README with more details on how to implement
+and use that role.
(DIR) diff --git a/ansible-role-stagit/.ansible-lint b/ansible-role-stagit/.ansible-lint
@@ -0,0 +1,2 @@
+skip_list:
+ - '503'
(DIR) diff --git a/ansible-role-stagit/.yamllint b/ansible-role-stagit/.yamllint
@@ -0,0 +1,11 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+ line-length:
+ max: 120
+ level: warning
+
+ignore: |
+ .github/stale.yml
(DIR) diff --git a/ansible-role-stagit/LICENSE b/ansible-role-stagit/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Jay Scott
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
(DIR) diff --git a/ansible-role-stagit/README b/ansible-role-stagit/README
@@ -0,0 +1,44 @@
+-= jayscott.stagit =-
+
+Install and configure a working copy of the suckless stagit application.
+
+
+Requirements
+------------
+
+None
+
+
+Role Variables
+--------------
+
+ stagit:
+ user: root
+ repo_url: git://git.codemadness.org/stagit
+ version: HEAD
+ build_path: /opt/stagit
+ install_path: /usr/local/bin
+ git_repos_path: /opt/git
+ html_path: /var/www/stagit
+
+ cron_enabled: false
+ posthook_enabled: false
+
+posthook_enabled will install a git hook within git_repos_path directories,
+this will run create_index on a push. To over-ride the default style.css,
+logo.png and favicon.png just add a copy block for your local files
+within your playbook.
+
+
+Dependencies
+------------
+
+None
+
+
+Example Playbook
+----------------
+
+ - hosts: servers
+ roles:
+ - { role: jayscott.stagit }
(DIR) diff --git a/ansible-role-stagit/defaults/main.yml b/ansible-role-stagit/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+stagit:
+ user: root
+ repo_url: git://git.codemadness.org/stagit
+ version: HEAD
+ build_path: /opt/stagit
+ install_path: /usr/local/bin
+ git_repos_path: /opt/git
+ html_path: /var/www/stagit
+
+ cron_enabled: false
+ posthook_enabled: false
(DIR) diff --git a/ansible-role-stagit/files/favicon.png b/ansible-role-stagit/files/favicon.png
Binary files differ.
(DIR) diff --git a/ansible-role-stagit/files/logo.png b/ansible-role-stagit/files/logo.png
Binary files differ.
(DIR) diff --git a/ansible-role-stagit/files/style.css b/ansible-role-stagit/files/style.css
@@ -0,0 +1,106 @@
+body {
+ color: #000;
+ background-color: #fff;
+ font-family: monospace;
+}
+
+h1, h2, h3, h4, h5, h6 {
+ font-size: 1em;
+ margin: 0;
+}
+
+img, h1, h2 {
+ vertical-align: middle;
+}
+
+img {
+ border: 0;
+}
+
+a:target {
+ background-color: #ccc;
+}
+
+a.d,
+a.h,
+a.i,
+a.line {
+ text-decoration: none;
+}
+
+#blob a {
+ color: #777;
+}
+
+#blob a:hover {
+ color: blue;
+ text-decoration: none;
+}
+
+table thead td {
+ font-weight: bold;
+}
+
+table td {
+ padding: 0 0.4em;
+}
+
+#content table td {
+ vertical-align: top;
+ white-space: nowrap;
+}
+
+#branches tr:hover td,
+#tags tr:hover td,
+#index tr:hover td,
+#log tr:hover td,
+#files tr:hover td {
+ background-color: #eee;
+}
+
+#index tr td:nth-child(2),
+#tags tr td:nth-child(3),
+#branches tr td:nth-child(3),
+#log tr td:nth-child(2) {
+ white-space: normal;
+}
+
+td.num {
+ text-align: right;
+}
+
+.desc {
+ color: #777;
+}
+
+hr {
+ border: 0;
+ border-top: 1px solid #777;
+ height: 1px;
+}
+
+pre {
+ font-family: monospace;
+}
+
+pre a.h {
+ color: #00a;
+}
+
+.A,
+span.i,
+pre a.i {
+ color: #070;
+}
+
+.D,
+span.d,
+pre a.d {
+ color: #e00;
+}
+
+pre a.h:hover,
+pre a.i:hover,
+pre a.d:hover {
+ text-decoration: none;
+}
(DIR) diff --git a/ansible-role-stagit/handlers/main.yml b/ansible-role-stagit/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: reindex stagit
+ command: "{{ stagit.install_path }}/create_index"
(DIR) diff --git a/ansible-role-stagit/meta/main.yml b/ansible-role-stagit/meta/main.yml
@@ -0,0 +1,23 @@
+---
+galaxy_info:
+ role_name: stagit
+ author: jayscott
+ description: install role for stagit application.
+ license: "license (BSD, MIT)"
+ min_ansible_version: 2.9
+
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+ - bionic
+ - name: EL
+ versions:
+ - 8
+ - name: Debian
+ version:
+ - 9
+
+ galaxy_tags: []
+
+dependencies: []
(DIR) diff --git a/ansible-role-stagit/molecule/default/converge.yml b/ansible-role-stagit/molecule/default/converge.yml
@@ -0,0 +1,12 @@
+---
+- name: Converge
+ hosts: all
+
+ pre_tasks:
+ - name: Update apt cache.
+ apt: update_cache=true cache_valid_time=600
+ changed_when: false
+ when: ansible_os_family == 'Debian'
+
+ roles:
+ - role: jayscott.stagit
(DIR) diff --git a/ansible-role-stagit/molecule/default/molecule.yml b/ansible-role-stagit/molecule/default/molecule.yml
@@ -0,0 +1,23 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint: |
+ set -e
+ yamllint .
+ ansible-lint
+platforms:
+ - name: instance
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest"
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ volumes:
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
+ privileged: true
+ pre_build_image: true
+ published_ports:
+ - "0.0.0.0:8000:22/tcp"
+provisioner:
+ name: ansible
+ playbooks:
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml}
(DIR) diff --git a/ansible-role-stagit/tasks/main.yml b/ansible-role-stagit/tasks/main.yml
@@ -0,0 +1,69 @@
+---
+- name: Include variables
+ include_tasks: variables.yml
+
+- name: Debian tasks
+ include_tasks: setup-Debian.yml
+ when: ansible_os_family == 'Debian'
+
+- name: Redhat tasks
+ include_tasks: setup-RedHat.yml
+ when: ansible_os_family == 'RedHat'
+
+- name: Git clone stagit
+ git:
+ repo: "{{ stagit.repo_url }}"
+ dest: "{{ stagit.build_path }}"
+ version: "{{ stagit.version }}"
+ update: false
+ force: false
+ depth: 1
+ register: git_updated
+
+- name: Make install stagit it
+ make:
+ chdir: "{{ stagit.build_path }}"
+ target: install
+ when: git_updated.changed
+
+- name: Copy stagit create script
+ template:
+ src: "create_index.j2"
+ dest: "{{ stagit.install_path }}/create_index"
+ owner: "{{ stagit.user }}"
+ group: "{{ stagit.user }}"
+ mode: '755'
+ notify: reindex stagit
+
+- name: Copy stagit posthook script
+ template:
+ src: "posthook.j2"
+ dest: "{{ stagit.install_path }}/posthook"
+ owner: "{{ stagit.user }}"
+ group: "{{ stagit.user }}"
+ mode: '755'
+ notify: reindex stagit
+ when: stagit.posthook_enabled
+
+- name: Create HTML and assets directory
+ file:
+ path: "{{ stagit.html_path }}/assets"
+ state: directory
+ owner: "{{ stagit.user }}"
+ group: "{{ stagit.user }}"
+ mode: '0755'
+
+- name: Create cron for stagit index
+ cron:
+ name: stagit update
+ minute: "*/10"
+ user: "{{ stagit.user }}"
+ job: "{{ stagit.install_path }}/create_index"
+ when: stagit.cron_enabled
+
+- name: Disable cron for stagit index
+ cron:
+ name: stagit update
+ user: "{{ stagit.user }}"
+ state: absent
+ when: not stagit.cron_enabled
(DIR) diff --git a/ansible-role-stagit/tasks/setup-Debian.yml b/ansible-role-stagit/tasks/setup-Debian.yml
@@ -0,0 +1,5 @@
+---
+- name: Ensure stagit dependencies are installed.
+ apt:
+ name: "{{ stagit_dependencies }}"
+ state: present
(DIR) diff --git a/ansible-role-stagit/tasks/setup-RedHat.yml b/ansible-role-stagit/tasks/setup-RedHat.yml
@@ -0,0 +1,6 @@
+---
+- name: Ensure stagit dependencies are installed
+ yum:
+ name: "{{ stagit_dependencies }}"
+ enablerepo: PowerTools
+ state: present
(DIR) diff --git a/ansible-role-stagit/tasks/variables.yml b/ansible-role-stagit/tasks/variables.yml
@@ -0,0 +1,9 @@
+---
+- name: Include OS-specific variables (Debian)
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
+ when: ansible_os_family == 'Debian'
+
+- name: Include OS-specific variables (RedHat)
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
+ when:
+ - ansible_os_family == 'RedHat'
(DIR) diff --git a/ansible-role-stagit/templates/create_index.j2 b/ansible-role-stagit/templates/create_index.j2
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+reposdir="{{ stagit.git_repos_path }}"
+curdir="{{ stagit.html_path }}"
+
+{{ stagit.install_path }}/stagit-index "${reposdir}/"*/ > "${curdir}/index.html"
+
+cd {{ stagit.build_path }}
+cp style.css {{ stagit.html_path}}/style.css
+cp favicon.png {{ stagit.html_path}}/favicon.png
+cp logo.png {{ stagit.html_path}}/logo.png
+
+for dir in "${reposdir}/"*/; do
+
+ # install hook if defined
+ {% if stagit.posthook_enabled %}
+ if ! test -L "${dir}hooks/stagit_build"; then
+ ln -s "{{ stagit.install_path }}/posthook" "${dir}hooks/stagit_build"
+ fi
+ {% else %}
+ if test -L "${dir}hooks/stagit_build"; then
+ unlink "${dir}hooks/stagit_build"
+ fi
+ {% endif %}
+
+ r=$(basename "${dir}")
+ d=$(basename "${dir}" ".git")
+ printf "%s... " "${d}"
+
+ mkdir -p "${curdir}/${d}"
+ cd "${curdir}/${d}" || continue
+ {{ stagit.install_path }}/stagit -c ".cache" "${reposdir}/${r}"
+
+ # symlinks
+ ln -sf log.html index.html
+ ln -sf ../style.css style.css
+ ln -sf ../logo.png logo.png
+ ln -sf ../favicon.png favicon.png
+
+ echo "done"
+done
+
(DIR) diff --git a/ansible-role-stagit/templates/posthook.j2 b/ansible-role-stagit/templates/posthook.j2
@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+{{ stagit.install_path }}/create_index
(DIR) diff --git a/ansible-role-stagit/vars/Debian-9.yml b/ansible-role-stagit/vars/Debian-9.yml
@@ -0,0 +1,7 @@
+---
+stagit_dependencies:
+ - git
+ - libgit2-dev
+ - cron
+ - make
+ - gcc
(DIR) diff --git a/ansible-role-stagit/vars/RedHat-7.yml b/ansible-role-stagit/vars/RedHat-7.yml
@@ -0,0 +1,7 @@
+---
+stagit_dependencies:
+ - git
+ - libgit2-devel
+ - make
+ - gcc
+ - cronie
(DIR) diff --git a/ansible-role-stagit/vars/RedHat-8.yml b/ansible-role-stagit/vars/RedHat-8.yml
@@ -0,0 +1,7 @@
+---
+stagit_dependencies:
+ - git
+ - libgit2-devel
+ - make
+ - gcc
+ - cronie
(DIR) diff --git a/ansible-role-stagit/vars/Ubuntu-18.yml b/ansible-role-stagit/vars/Ubuntu-18.yml
@@ -0,0 +1,6 @@
+---
+stagit_dependencies:
+ - git
+ - libgit2-dev
+ - make
+ - gcc
(DIR) diff --git a/ansible-role-stagit/vars/Ubuntu-20.yml b/ansible-role-stagit/vars/Ubuntu-20.yml
@@ -0,0 +1,6 @@
+---
+stagit_dependencies:
+ - git
+ - libgit2-dev
+ - make
+ - gcc
(DIR) diff --git a/aws-vpc/LICENSE b/aws-vpc/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Jay Scott
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
(DIR) diff --git a/aws-vpc/README b/aws-vpc/README
@@ -0,0 +1,60 @@
+-= jayscott.aws_vpc =-
+
+Provision AWS VPC, Subnets, Internet & NAT gateways and routes.
+
+
+Requirements
+------------
+
+You must already have AWS access keys setup in your environment:
+
+aws_access_key_id
+aws_secret_access_key
+
+
+Role Variables
+--------------
+
+ aws_region: us-west-2 # The region to deploy the VPC
+ vpc_name: secuirty_vpc # A name for your VPC
+ vpc:
+ cidr_block: 10.0.0.0/16 # The CIDR block for the VPC
+ nat_gateway_subnet_name: public_secuirty_subnet # The public subnet the NAT gateway will be located.
+ tenancy: default
+ subnets:
+ - name: public_secuirty_subnet # Name of the subnet
+ cidr_block: 10.0.0.0/24 # CIDR of the subnet
+ az: us-west-2a # The Availability zone within the region
+ gateway: igw # Type of gateway, igw = Internet Gateway, nat = NAT gateway
+
+
+Dependencies
+------------
+
+None
+
+
+Example Playbook
+----------------
+
+
+ - hosts: servers
+ vars:
+ aws_region: us-west-2
+ vpc_name: elk_cluster_vpc
+ vpc:
+ cidr_block: 10.0.0.0/16
+ nat_gateway_subnet_name: public_elk_stack
+ tenancy: default
+ subnets:
+ - name: public_elk_stack
+ cidr_block: 10.0.0.0/24
+ az: us-west-2a
+ gateway: igw
+ - name: private_elk_stack
+ cidr_block: 10.0.1.0/24
+ az: us-west-2a
+ gateway: nat
+ roles:
+ - { role: aws_vpc }
+
(DIR) diff --git a/aws-vpc/defaults/main.yml b/aws-vpc/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+tenancy: default
+aws_region: us-west-2
+vpc.nat_gateway_subnet_name: ''
(DIR) diff --git a/aws-vpc/meta/main.yml b/aws-vpc/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+ author: jayscott
+ license: MIT
+ description: Provision an AWS VPC, Internet & NAT Gateways, Subnets and Routes.
+ min_ansible_version: 2.4
+ platforms:
+ - name: Amazon
+ versions:
+ - all
+ galaxy_tags:
+ - system
+ - cloud
+ - vpc
+ - aws
+ - amazon
(DIR) diff --git a/aws-vpc/tasks/create_nat_gateway.yml b/aws-vpc/tasks/create_nat_gateway.yml
@@ -0,0 +1,22 @@
+---
+- name: get subnet ID for NAT GW deployment
+ ec2_vpc_subnet_facts:
+ filters:
+ vpc-id: "{{ my_vpc.vpc.id }}"
+ "tag:Name": "{{ vpc.nat_gateway_subnet_name }}"
+ region: "{{ aws_region }}"
+ register: nat_gateway_subnet
+
+- name: fail if more than 1 subnet found
+ fail:
+ msg: "Found {{ nat_gateway_subnet.subnets|length }} subnets instead of 1 subnet"
+ when: 'nat_gateway_subnet.subnets|length != 1'
+
+- name: create nat gateway
+ ec2_vpc_nat_gateway:
+ if_exist_do_not_create: true
+ region: "{{ aws_region }}"
+ state: present
+ subnet_id: "{{ nat_gateway_subnet.subnets[0].id }}"
+ wait: true
+ register: nat_gateway
(DIR) diff --git a/aws-vpc/tasks/create_routes.yml b/aws-vpc/tasks/create_routes.yml
@@ -0,0 +1,41 @@
+---
+- name: lists
+ set_fact:
+ public_subnets: []
+ private_subnets: []
+
+- name: public subnets
+ set_fact:
+ public_subnets: "{{ public_subnets + [ item.name ] }}"
+ with_items: "{{ vpc.subnets }}"
+ when: 'item.gateway is defined and item.gateway == "igw"'
+
+- name: create public route table
+ ec2_vpc_route_table:
+ region: "{{ aws_region }}"
+ routes:
+ - dest: 0.0.0.0/0
+ gateway_id: igw
+ state: present
+ subnets: "{{ public_subnets }}"
+ tags:
+ Name: "{{ vpc_name }}_public"
+ vpc_id: "{{ my_vpc.vpc.id }}"
+
+- name: private subnets with outbound access
+ set_fact:
+ private_subnets: "{{ private_subnets + [ item.name ] }}"
+ with_items: "{{ vpc.subnets }}"
+ when: 'vpc.nat_gateway_subnet_name is defined and item.gateway is defined and item.gateway == "nat"'
+
+- name: create private routes table with NAT gateway
+ ec2_vpc_route_table:
+ region: "{{ aws_region }}"
+ routes:
+ - dest: 0.0.0.0/0
+ gateway_id: "{{ nat_gateway.nat_gateway_id }}"
+ state: present
+ subnets: "{{ private_subnets }}"
+ tags:
+ Name: "{{ vpc_name }}_private_nat"
+ vpc_id: "{{ my_vpc.vpc.id }}"
(DIR) diff --git a/aws-vpc/tasks/create_subnets.yml b/aws-vpc/tasks/create_subnets.yml
@@ -0,0 +1,13 @@
+---
+
+- name: create subnets
+ ec2_vpc_subnet:
+ az: "{{ item.az }}"
+ cidr: "{{ item.cidr_block }}"
+ region: "{{ aws_region }}"
+ state: present
+ map_public: "{{ item.assign_public_ip|default(omit) }}"
+ tags:
+ Name: "{{ item.name }}"
+ vpc_id: "{{ my_vpc.vpc.id }}"
+ with_items: "{{ vpc.subnets }}"
(DIR) diff --git a/aws-vpc/tasks/create_vpc.yml b/aws-vpc/tasks/create_vpc.yml
@@ -0,0 +1,21 @@
+---
+- name: create VPC
+ ec2_vpc_net:
+ cidr_block: "{{ vpc.cidr_block }}"
+ name: "{{ vpc_name }}"
+ region: "{{ aws_region }}"
+ state: present
+ tenancy: default
+ register: my_vpc
+
+- name: set VPC ID in variable
+ set_fact:
+ vpc_id: "{{ my_vpc.vpc.id }}"
+ when: my_vpc.vpc is defined
+
+- name: create IGW
+ ec2_vpc_igw:
+ region: "{{ aws_region }}"
+ state: present
+ vpc_id: "{{ my_vpc.vpc.id }}"
+ register: created_igw
(DIR) diff --git a/aws-vpc/tasks/main.yml b/aws-vpc/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: run pre-tasks
+ include: pre_tasks.yml
+
+- name: create VPC
+ include: create_vpc.yml
+
+- name: create Subnets
+ include: create_subnets.yml
+
+- name: create NAT gateway
+ include: create_nat_gateway.yml
+ when: vpc.nat_gateway_subnet_name is defined
+
+- name: create routing tables
+ include: create_routes.yml
(DIR) diff --git a/aws-vpc/tasks/pre_tasks.yml b/aws-vpc/tasks/pre_tasks.yml
@@ -0,0 +1,16 @@
+---
+- name: "AWS | VPC | check region has been defined (aws_region)"
+ fail: msg="You must specify a AWS region."
+ when: aws_region is undefined
+
+- name: "AWS | VPC | check VPC name has been defined (vpc_name)"
+ fail: msg="You must specify a VPC name."
+ when: vpc_name is undefined
+
+- name: "AWS | VPC | check cidr_block been defined (vpc.cidr_block)"
+ fail: msg="You must specify a CIDR block."
+ when: vpc.cidr_block is undefined
+
+- name: "AWS | VPC | check at least one been defined (vpc.subnets)"
+ fail: msg="You must specify at least one subnet."
+ when: vpc.subnets is undefined
(DIR) diff --git a/firewalld/LICENSE b/firewalld/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Jay Scott
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
(DIR) diff --git a/firewalld/README b/firewalld/README
@@ -0,0 +1,71 @@
+-= jayscott.firewalld =-
+
+Allows you to add firewall rules to systems running firewalld.
+
+Requirements
+------------
+
+Tested on RHEL 7 and CentOS 7 only.
+
+Ansible 1.5 or above
+
+
+Role Variables
+--------------
+
+The following variables are used to define a rule:
+
+ firewalld_rules:
+ name:
+ port:
+ protocol:
+ state:
+ zone:
+ permanent:
+
+For example the default is to allow SSH on the public interface:
+
+ firewalld_rules:
+ ssh:
+ port: 22
+ protocol: tcp
+ state: enabled
+ zone: public
+ permanent: true
+
+
+Handlers
+--------
+
+These are the handlers that are defined in handlers/main.yml.
+
+ restart firewalld
+
+
+Example Playbook
+----------------
+
+ - hosts: server-name
+ sudo: True
+ roles:
+ - jayscott.firewalld
+ vars:
+ firewalld_rules:
+ httpd:
+ port: 80
+ protocol: tcp
+ state: enabled
+ zone: public
+ permanent: true
+ mysqld:
+ port: 3306
+ protocol: tcp
+ state: enabled
+ zone: public
+ permanent: true
+
+
+License
+-------
+
+MIT
(DIR) diff --git a/firewalld/defaults/main.yml b/firewalld/defaults/main.yml
(DIR) diff --git a/firewalld/handlers/main.yml b/firewalld/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart firewalld
+ service: name=firewalld state=restarted enabled=yes
(DIR) diff --git a/firewalld/meta/main.yml b/firewalld/meta/main.yml
@@ -0,0 +1,12 @@
+---
+galaxy_info:
+ author: jayscott
+ description: Base role for firewalld
+ license: MIT
+ min_ansible_version: 1.5
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - system
(DIR) diff --git a/firewalld/tasks/main.yml b/firewalld/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- name: check if firewalld is installed
+ command: rpm -q firewalld
+ ignore_errors: True
+ register: rpm_check_firewalld
+
+- name: install firewalld
+ yum: name=firewalld state=present enabled=yes
+ when: rpm_check_firewalld.stdout.find('is not installed') != -1
+
+- name: updating firewall rules
+ firewalld: port={{item.value.port}}/{{item.value.protocol}} permanent={{item.value.permanent}} state={{item.value.state }} zone={{item.value.zone}}
+ with_dict: "{{firewalld_rules}}"
+ notify: restart firewalld
(DIR) diff --git a/firewalld/vars/main.yml b/firewalld/vars/main.yml
@@ -0,0 +1 @@
+---
(DIR) diff --git a/quark/.ansible-lint b/quark/.ansible-lint
@@ -0,0 +1,2 @@
+skip_list:
+ - '503'
(DIR) diff --git a/quark/.yamllint b/quark/.yamllint
@@ -0,0 +1,11 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+ line-length:
+ max: 120
+ level: warning
+
+ignore: |
+ .github/stale.yml
(DIR) diff --git a/quark/LICENSE b/quark/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Jay Scott
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
(DIR) diff --git a/quark/README b/quark/README
@@ -0,0 +1,39 @@
+-= jayscott.quark =-
+
+Install and configure a working copy of the suckless quark web server.
+
+
+Requirements
+------------
+
+None
+
+
+Role Variables
+--------------
+
+ quark:
+ version: HEAD
+ build_path: /opt/quark
+ install_path: /usr/local/bin
+ user: nobody
+ group: nogroup
+ host: 0.0.0.0
+ port: 8000
+ html_path: /var/www/html
+ file: index.html
+ threads: 512
+
+
+Dependencies
+------------
+
+None
+
+
+Example Playbook
+----------------
+
+ - hosts: servers
+ roles:
+ - { role: jayscott.quark }
(DIR) diff --git a/quark/defaults/main.yml b/quark/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+quark:
+ version: HEAD
+ build_path: /opt/quark
+ install_path: /usr/local/bin
+
+ user: nobody
+ group: nogroup
+ host: 0.0.0.0
+ port: 8000
+ html_path: /var/www/html
+ file: index.html
+ threads: 512
(DIR) diff --git a/quark/handlers/main.yml b/quark/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart quark
+ systemd:
+ name: quark
+ state: restarted
+ daemon_reload: true
(DIR) diff --git a/quark/meta/main.yml b/quark/meta/main.yml
@@ -0,0 +1,21 @@
+---
+galaxy_info:
+ role_name: quark
+ author: jayscott
+ description: install role for quark application.
+ license: "license (BSD, MIT)"
+ min_ansible_version: 2.9
+
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+ - bionic
+ - name: EL
+ versions:
+ - 7
+ - 8
+
+ galaxy_tags: []
+
+dependencies: []
(DIR) diff --git a/quark/molecule/default/converge.yml b/quark/molecule/default/converge.yml
@@ -0,0 +1,25 @@
+---
+- name: Converge
+ hosts: all
+
+ pre_tasks:
+ - name: Update apt cache.
+ apt: update_cache=true cache_valid_time=600
+ changed_when: false
+ when: ansible_os_family == 'Debian'
+
+ - name: Create directory for testing
+ file:
+ path: /var/www/html
+ state: directory
+ mode: '0755'
+
+ - name: "Creat test index.html file"
+ copy:
+ content: "Quark test instance"
+ dest: /var/www/html/index.html
+ force: true
+ mode: 0744
+
+ roles:
+ - role: jayscott.quark
(DIR) diff --git a/quark/molecule/default/molecule.yml b/quark/molecule/default/molecule.yml
@@ -0,0 +1,23 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint: |
+ set -e
+ yamllint .
+ ansible-lint
+platforms:
+ - name: instance
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest"
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ volumes:
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
+ privileged: true
+ pre_build_image: true
+ published_ports:
+ - "0.0.0.0:8000:8000/tcp"
+provisioner:
+ name: ansible
+ playbooks:
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml}
(DIR) diff --git a/quark/tasks/main.yml b/quark/tasks/main.yml
@@ -0,0 +1,50 @@
+---
+- name: Include variables
+ include_tasks: variables.yml
+
+- name: Debian tasks
+ include_tasks: setup-Debian.yml
+ when: ansible_os_family == 'Debian'
+
+- name: Redhat tasks
+ include_tasks: setup-RedHat.yml
+ when: ansible_os_family == 'RedHat'
+
+- name: Add quark user account
+ user:
+ name: "{{ quark.user }}"
+ create_home: false
+ shell: /bin/false
+
+- name: Ensure group exists
+ group:
+ name: "{{ quark.group }}"
+ state: present
+
+- name: Git clone quark
+ git:
+ repo: "git://git.suckless.org/quark"
+ dest: "{{ quark.build_path }}"
+ version: "{{ quark.version }}"
+ update: false
+ force: false
+ depth: 1
+ register: git_updated
+
+- name: Make install quark
+ make:
+ chdir: "{{ quark.build_path }}"
+ target: install
+ when: git_updated.changed
+
+- name: Copy quark systemd service template
+ template:
+ src: quark.service.j2
+ dest: /lib/systemd/system/quark.service
+ notify: restart quark
+
+- name: Enable and start quark service
+ service:
+ name: quark
+ state: started
+ enabled: true
(DIR) diff --git a/quark/tasks/setup-Debian.yml b/quark/tasks/setup-Debian.yml
@@ -0,0 +1,5 @@
+---
+- name: Ensure quark dependencies are installed.
+ apt:
+ name: "{{ quark_dependencies }}"
+ state: present
(DIR) diff --git a/quark/tasks/setup-RedHat.yml b/quark/tasks/setup-RedHat.yml
@@ -0,0 +1,5 @@
+---
+- name: Ensure quark dependencies are installed
+ yum:
+ name: "{{ quark_dependencies }}"
+ state: present
(DIR) diff --git a/quark/tasks/variables.yml b/quark/tasks/variables.yml
@@ -0,0 +1,9 @@
+---
+- name: Include OS-specific variables (Debian)
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
+ when: ansible_os_family == 'Debian'
+
+- name: Include OS-specific variables (RedHat)
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
+ when:
+ - ansible_os_family == 'RedHat'
(DIR) diff --git a/quark/templates/quark.service.j2 b/quark/templates/quark.service.j2
@@ -0,0 +1,12 @@
+[Unit]
+Description=Quark suckless web server
+
+[Service]
+Type=simple
+Restart=on-failure
+
+WorkingDirectory={{ quark.html_path }}
+ExecStart={{ quark.install_path }}/quark -p {{ quark.port }} -u {{ quark.user }} -g {{ quark.group }} -i {{ quark.file }} -n {{ quark.threads }} -h {{ quark.host }}
+
+[Install]
+WantedBy=multi-user.target
(DIR) diff --git a/quark/vars/RedHat-7.yml b/quark/vars/RedHat-7.yml
@@ -0,0 +1,5 @@
+---
+quark_dependencies:
+ - git
+ - make
+ - gcc
(DIR) diff --git a/quark/vars/RedHat-8.yml b/quark/vars/RedHat-8.yml
@@ -0,0 +1,5 @@
+---
+quark_dependencies:
+ - git
+ - make
+ - gcc
(DIR) diff --git a/quark/vars/Ubuntu-18.yml b/quark/vars/Ubuntu-18.yml
@@ -0,0 +1,5 @@
+---
+quark_dependencies:
+ - git
+ - make
+ - gcc
(DIR) diff --git a/quark/vars/Ubuntu-20.yml b/quark/vars/Ubuntu-20.yml
@@ -0,0 +1,5 @@
+---
+quark_dependencies:
+ - git
+ - make
+ - gcc
(DIR) diff --git a/searx/LICENSE b/searx/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Jay Scott
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
(DIR) diff --git a/searx/README b/searx/README
@@ -0,0 +1,42 @@
+-= jayscott.searx =-
+
+Install and configure a working copy of the Searx application.
+
+
+Requirements
+------------
+
+None
+
+
+Role Variables
+--------------
+
+ # Searx config
+ searx_release: HEAD
+ searx_user: searx
+ searx_install_path: /usr/local/searx
+ searx_debug: false
+
+ # Nginx config
+ searx_server_name: searx.mydomain.com
+ searx_access_log: /dev/null
+ searx_error_log: /dev/null
+ searx_remove_nginx_default: true
+
+ # Uwsgi config
+ searx_uwsgi_workers: 4
+
+
+Dependencies
+------------
+
+None
+
+
+Example Playbook
+----------------
+
+ - hosts: servers
+ roles:
+ - { role: jayscott.searx }
(DIR) diff --git a/searx/defaults/main.yml b/searx/defaults/main.yml
@@ -0,0 +1,16 @@
+---
+
+# Searx config
+searx_release: HEAD
+searx_user: searx
+searx_install_path: /usr/local/searx
+searx_debug: false
+
+# Nginx config
+searx_server_name: localhost
+searx_access_log: /var/log/nginx/access.log
+searx_error_log: /var/log/nginx/error.log
+searx_remove_nginx_default: true
+
+# Uwsgi config
+searx_uwsgi_workers: 4
(DIR) diff --git a/searx/handlers/main.yml b/searx/handlers/main.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Restart searx
+ systemd:
+ name: searx
+ state: restarted
+ daemon_reload: true
+
+- name: Restart nginx
+ systemd:
+ name: nginx
+ state: restarted
+ daemon_reload: true
+
+- name: Restart uwsgi
+ systemd:
+ name: uwsgi
+ state: restarted
+ daemon_reload: true
(DIR) diff --git a/searx/meta/main.yml b/searx/meta/main.yml
@@ -0,0 +1,22 @@
+---
+galaxy_info:
+ role_name: searx
+ author: jayscott
+ description: install role for searx application.
+ license: "license (BSD, MIT)"
+ min_ansible_version: 2.9
+
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+ - bionic
+ - xenial
+ - name: EL
+ versions:
+ - 7
+ - 8
+
+ galaxy_tags: []
+
+dependencies: []
(DIR) diff --git a/searx/molecule/default/converge.yml b/searx/molecule/default/converge.yml
@@ -0,0 +1,18 @@
+---
+- name: Converge
+ hosts: all
+
+ pre_tasks:
+ - name: Update apt cache.
+ apt: update_cache=true cache_valid_time=600
+ changed_when: false
+ when: ansible_os_family == 'Debian'
+
+ roles:
+ - role: jayscott.searx
+
+ post_tasks:
+ - name: Verify searx is listening.
+ uri:
+ url: "http://localhost:8888"
+ status_code: 200
(DIR) diff --git a/searx/molecule/default/molecule.yml b/searx/molecule/default/molecule.yml
@@ -0,0 +1,23 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint: |
+ set -e
+ yamllint .
+ ansible-lint
+platforms:
+ - name: instance
+ image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest"
+ command: ${MOLECULE_DOCKER_COMMAND:-""}
+ volumes:
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
+ privileged: true
+ pre_build_image: true
+ published_ports:
+ - "0.0.0.0:8000:80/tcp"
+provisioner:
+ name: ansible
+ playbooks:
+ converge: ${MOLECULE_PLAYBOOK:-converge.yml}
(DIR) diff --git a/searx/tasks/main.yml b/searx/tasks/main.yml
@@ -0,0 +1,92 @@
+---
+- include_tasks: variables.yml
+
+- name: Add searx user account.
+ user:
+ name: "{{ searx_user }}"
+ home: "{{ searx_install_path }}"
+ create_home: false
+ register: add_user
+
+- include_tasks: setup-Debian.yml
+ when: ansible_os_family == 'Debian'
+
+- include_tasks: setup-RedHat.yml
+ when: ansible_os_family == 'RedHat'
+
+- name: Git clone searx repo.
+ git:
+ repo: 'https://github.com/asciimoo/searx.git'
+ dest: "{{ searx_install_path }}"
+ version: "{{ searx_release }}"
+ update: false
+ force: false
+ depth: 1
+ register: git_updated
+
+- name: Install python dependencies.
+ pip:
+ virtualenv: searx-ve
+ virtualenv_site_packages: true
+ requirements: requirements.txt
+ extra_args: '--no-cache-dir'
+ chdir: '{{ searx_install_path }}'
+
+- name: Generate secret key.
+ command: openssl rand -hex 16
+ register: searx_key
+ when: git_updated.changed
+
+- name: Update searx secret key.
+ replace:
+ dest: "{{ searx_install_path }}/searx/settings.yml"
+ regexp: ultrasecretkey
+ replace: "{{ searx_key.stdout }}"
+ when: git_updated.changed
+ notify: Restart searx
+
+- name: Disable searx debugging.
+ replace:
+ dest: "{{ searx_install_path }}/searx/settings.yml"
+ regexp: "debug : True"
+ replace: "debug : False"
+ when: not searx_debug
+ notify: Restart searx
+
+- name: Enable searx debugging.
+ replace:
+ dest: "{{ searx_install_path }}/searx/settings.yml"
+ regexp: "debug : False"
+ replace: "debug : True"
+ when: searx_debug
+ notify: Restart searx
+
+- name: Copy searx systemd service template.
+ template:
+ src: searx.service.j2
+ dest: /lib/systemd/system/searx.service
+
+- name: Enable and start searx service
+ service:
+ name: searx
+ state: started
+ enabled: true
+
+- name: Copy nginx config.
+ template:
+ src: vhost.conf.j2
+ dest: "{{ nginx_vhost_path }}/vhost_searx.conf"
+ notify: Restart nginx
+
+- name: Remove default nginx config.
+ file:
+ path: /etc/nginx/sites-enabled/default
+ state: absent
+ when: searx_remove_nginx_default
+ notify: Restart nginx
+
+- name: Copy uwsgi config.
+ template:
+ src: uwsgi.ini.j2
+ dest: /etc/uwsgi/apps-enabled/searx.ini
+ notify: Restart uwsgi
(DIR) diff --git a/searx/tasks/setup-Debian.yml b/searx/tasks/setup-Debian.yml
@@ -0,0 +1,5 @@
+---
+- name: Ensure searx dependencies are installed.
+ apt:
+ name: "{{ searx_dependencies }}"
+ state: present
(DIR) diff --git a/searx/tasks/setup-RedHat.yml b/searx/tasks/setup-RedHat.yml
@@ -0,0 +1,25 @@
+---
+- name: Ensure searx dependencies are installed.
+ yum:
+ name: "{{ searx_dependencies }}"
+ state: present
+
+- name: Install uwsgi via pip
+ pip:
+ name: uwsgi
+ state: present
+
+- name: Copy uwsgi systemd service template.
+ template:
+ src: uwsgi.service.j2
+ dest: /lib/systemd/system/uwsgi.service
+ when: ansible_os_family == 'RedHat'
+ notify: Restart uwsgi
+
+- name: Create directories if they don't exist
+ file:
+ path: /etc/uwsgi/apps-enabled
+ state: directory
+ owner: "{{ searx_user }}"
+ group: "{{ searx_user }}"
+ mode: '0755'
(DIR) diff --git a/searx/tasks/variables.yml b/searx/tasks/variables.yml
@@ -0,0 +1,19 @@
+---
+- name: Include OS-specific variables (Debian).
+ include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
+ when: ansible_os_family == 'Debian'
+
+- name: Include OS-specific variables (RedHat).
+ include_vars: "{{ ansible_os_family }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
+ when:
+ - ansible_os_family == 'RedHat'
+
+- name: Define searx_dependencies.
+ set_fact:
+ searx_dependencies: "{{ __searx_dependencies }}"
+ when: searx_dependencies is not defined
+
+- name: Define nginx_vhost_path.
+ set_fact:
+ nginx_vhost_path: "{{ __nginx_vhost_path }}"
+ when: nginx_vhost_path is not defined
(DIR) diff --git a/searx/templates/searx.service.j2 b/searx/templates/searx.service.j2
@@ -0,0 +1,13 @@
+[Unit]
+Description=Searx Meta Search Engine
+
+[Service]
+Type=simple
+User={{ searx_user }}
+Group={{ searx_user }}
+Restart=on-failure
+WorkingDirectory={{ searx_install_path }}
+ExecStart={{ searx_install_path }}/searx-ve/bin/python searx/webapp.py
+
+[Install]
+WantedBy=multi-user.target
(DIR) diff --git a/searx/templates/uwsgi.ini.j2 b/searx/templates/uwsgi.ini.j2
@@ -0,0 +1,18 @@
+[uwsgi]
+uid = {{ searx_user }}
+gid = {{ searx_user }}
+
+disable-logging = true
+workers = {{ searx_uwsgi_workers }}
+chmod-socket = 666
+single-interpreter = true
+master = true
+plugin = python3
+lazy-apps = true
+enable-threads = true
+module = searx.webapp
+socket = /run/uwsgi/app/searx/socket
+route-run = fixpathinfo:
+virtualenv = /usr/local/searx/searx-ve/
+pythonpath = /usr/local/searx/
+chdir = /usr/local/searx/searx/
(DIR) diff --git a/searx/templates/uwsgi.service.j2 b/searx/templates/uwsgi.service.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=uwsgi start up script
+
+[Service]
+Type=simple
+Restart=on-failure
+
+WorkingDirectory={{ searx_install_path }}
+ExecStartPre=-/usr/bin/bash -c 'mkdir -p /run/uwsgi/app/searx; chown -R {{ searx_user }}.nginx /run/uwsgi'
+ExecStart=/usr/bin/bash -c '{{ searx_install_path }}/searx-ve/bin/python searx/webapp.py; uwsgi --ini /etc/uwsgi/apps-enabled/searx.ini'
(DIR) diff --git a/searx/templates/vhost.conf.j2 b/searx/templates/vhost.conf.j2
@@ -0,0 +1,17 @@
+server {
+ listen 80;
+ server_name _ {{ searx_server_name }};
+ root {{ searx_install_path}}/searx;
+
+ server_tokens off;
+ access_log {{ searx_access_log }};
+ error_log {{ searx_error_log }};
+
+ location /static {
+ }
+
+ location / {
+ include uwsgi_params;
+ uwsgi_pass unix:/run/uwsgi/app/searx/socket;
+ }
+}
(DIR) diff --git a/searx/vars/RedHat-7.yml b/searx/vars/RedHat-7.yml
@@ -0,0 +1,17 @@
+---
+__searx_dependencies:
+ - git
+ - gcc
+ - gcc-c++
+ - kernel-devel
+ - make
+ - libxslt-devel
+ - python-devel
+ - python-virtualenv
+ - python-babel
+ - zlib-devel
+ - libffi-devel
+ - openssl-devel
+ - nginx
+
+__nginx_vhost_path: /etc/nginx/conf.d
(DIR) diff --git a/searx/vars/RedHat-8.yml b/searx/vars/RedHat-8.yml
@@ -0,0 +1,17 @@
+---
+__searx_dependencies:
+ - git
+ - gcc
+ - gcc-c++
+ - kernel-devel
+ - make
+ - libxslt-devel
+ - platform-python-devel
+ - python3-virtualenv
+ - python3-babel
+ - zlib-devel
+ - libffi-devel
+ - openssl-devel
+ - nginx
+
+__nginx_vhost_path: /etc/nginx/conf.d
(DIR) diff --git a/searx/vars/Ubuntu-16.yml b/searx/vars/Ubuntu-16.yml
@@ -0,0 +1,16 @@
+---
+__searx_dependencies:
+ - git
+ - build-essential
+ - libxslt-dev
+ - python-dev
+ - virtualenv
+ - python-babel
+ - zlib1g-dev
+ - libffi-dev
+ - libssl-dev
+ - nginx
+ - uwsgi
+ - uwsgi-plugin-python3
+
+__nginx_vhost_path: /etc/nginx/sites-enabled
(DIR) diff --git a/searx/vars/Ubuntu-18.yml b/searx/vars/Ubuntu-18.yml
@@ -0,0 +1,16 @@
+---
+__searx_dependencies:
+ - git
+ - build-essential
+ - libxslt-dev
+ - python-dev
+ - virtualenv
+ - python-babel
+ - zlib1g-dev
+ - libffi-dev
+ - libssl-dev
+ - nginx
+ - uwsgi
+ - uwsgi-plugin-python3
+
+__nginx_vhost_path: /etc/nginx/sites-enabled
(DIR) diff --git a/searx/vars/Ubuntu-20.yml b/searx/vars/Ubuntu-20.yml
@@ -0,0 +1,16 @@
+---
+__searx_dependencies:
+ - git
+ - build-essential
+ - libxslt-dev
+ - python-dev
+ - virtualenv
+ - python-babel
+ - zlib1g-dev
+ - libffi-dev
+ - libssl-dev
+ - nginx
+ - uwsgi
+ - uwsgi-plugin-python3
+
+__nginx_vhost_path: /etc/nginx/sites-enabled