jkirk / ansible-role-base Goto Github PK

At least samba-exporter_1.16.2.ppa1.debian11_amd64.deb from https://github.com/imker25/samba_exporter/releases/tag/1.16.2

  PHPFPM_STATE=false
 pgrep -f 'php-fpm: pool' >/dev/null 2>&1 && PHPFPM_STATE=true
 
+SAMBA_STATE=false
+pgrep -f /usr/sbin/smbd >/dev/null 2>&1 && SAMBA_STATE=true
+
 cat << EOF
 {
   "apache_service": "${APACHE_STATE}",
   "mysql_service": "${MYSQL_STATE}",
-  "phpfpm_service": "${PHPFPM_STATE}"
+  "phpfpm_service": "${PHPFPM_STATE}",
+  "samba_service": "${SAMBA_STATE}"
 }
 EOF

We need bsd-mailx

PermitRootLogin without-password is deprecated and prohibit-password is default and (old) equivalent of that option. We should make sure, that PermitRootLogin is not set at all.

❯ shellcheck files/ansible_facts.d/services.fact

In files/ansible_facts.d/services.fact line 13:
cat << EOF
^-- SC1009: The mentioned syntax error was in this simple command.
    ^-- SC1073: Couldn't parse this here document. Fix to allow more checks.
       ^-- SC1044: Couldn't find end token `EOF' in the here document.


In files/ansible_facts.d/services.fact line 19:

^-- SC1072: Here document was not correctly terminated. Fix any mentioned problems and try again.

Can you have a look a this @mika, thx!

If systemd-timesyncd, chrony or any other implementation is used (or supposed to be used), executing the jkirk.base ansible module removes those because it installs ntp (without checking if anything else is already used/supposed to be used), which then removes e.g. systemd-timesyncd on Debian/bullseye.

Should we add lines like these to remove mdadm if no MD array is in use?

  - name: Check if /dev/md/0 exists
    stat: path=/dev/md/0
    register: md0
  - name: Remove mdadm if no MD array is needed
    apt: name=mdadm state=absent
    when: md0.stat.exists == False

Do we have software raid systems where we do not have /dev/md0 (i.e. /dev/md1 only)?

ansible-role-base/templates/apt/sources.list.j2 has a static usage of $release-backports, while usage of backports might be a) unwanted (for good reasons) or b) unsupported (e.g. jessie and older Debian/releases have their backports only on archive.debian.org).

Also the mirror http://ftp.de.debian.org/debian is hardcoded, while a more local one exists and should be used. (Using deb.debian.org/debian as default might be worth an idea as well.)

The apt-transport-https package is a transitional package since buster and should no longer deployed on systems >=buster.

Debian/bookworm moved from ntp to ntpsec.
The configuration files are now saved in /etc/netsec.
The role needs to be adjusted accordingly.