Lots of updated roles

README.md

@@ -15,7 +15,60 @@ ln -s ~/Code/ansible-shared ~/Code/ansible/playbooks/roles/shared
 
 These shared roles are geared toward Debian 9 and 10 with a few compatible with Ubuntu.
 
-These shared roles assume a fresh stock Debian base with the main user being `toor`.
+File `playbooks/group_vars/all` has user directory like so...add all your users here
+```
+users:
+  # Root and toor
+  root:
+    id: 0
+    gid: 0
+    password: '{{ root_linux_password }}'
+  toor:
+    id: 1000
+    gid: 1000
+    password: '{{ toor_linux_password }}'
+    groups: '{{ superuser_groups }}'
+```
+
+File `playbooks/group_vars/Debian.yml` like so
+```
+# ------------------------------------------------------------------------------
+# Debian specific variables
+# ------------------------------------------------------------------------------
+superuser: toor
+supergroup: staff
+sudogroup: sudo
+superuser_groups: [sudo,users,staff,adm,cdrom,floppy,audio,dip,video,plugdev,netdev]
+```
+
+Make one for each of your OS types, a `ManjroLinux.yml` may look like so
+```
+# ------------------------------------------------------------------------------
+# Manjaro specific variables
+# ------------------------------------------------------------------------------
+superuser: toor
+supergroup: staff
+sudogroup: wheel
+superuser_groups: [wheel,users,staff,adm,sys,network,power,video,storage,lp,input,audio]
+```
+
+Your `ansible.cfg` should look about like so.
+```
+# Ansible configuration for defaults and path modifications
+# mReschke 2020-04-02
+
+[defaults]
+remote_user = root
+remote_tmp = /tmp/ansible-$USER
+roles_path = ./roles
+private_key_file = ~/.ssh/mreschke-root.key
+vault_password_file = ~/.files/configs/ansible/vault.passwd
+retry_files_enabled = False
+display_skipped_hosts = False
+force_color = 1
+nocows = 1
+```
+
 
 
 # Snippets
@@ -24,10 +77,10 @@ Quick helpers to remember common tasks
 
 
 ```yaml
-# Detect Manjaro
+# Detect OS
-- name: Configure Manjaro mirrorlist for linstore nginx proxy
+when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
-  include_tasks: manjaro.yml
+when: ansible_distribution == "Ubuntu" and ansible_distribution_version == "16.04"
-  when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
+when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
 
 # Copy profiles to /etc/profile.d/
 - include_tasks: ../../../functions/copy_etc-profile.d.yml
@@ -45,6 +98,26 @@ Quick helpers to remember common tasks
     mode: '0644'
   notify: restart nginx
 
+# Template in a loop
+- name: Templating ~/.getmail/config
+  template:
+    src: getmail
+    dest: '{{ "~" + item.username | expanduser }}/.getmail/config'
+    owner: '{{ item.username }}'
+    group: 'users'
+    mode: '0644'
+  with_items: "{{ getmail_users }}"
+
+# Symlink in a loop
+- name: Symlinking /store/apps/getmail to ~/Mail
+  file:
+    src: '/store/apps/getmail/{ item.email }'
+    dest: '{{ "~" + item.username | expanduser }}/Mail'
+    state: link
+    owner: '{{ item.username }}'
+    group: 'users'
+  with_items: "{{ getmail_users }}"
+
 # Install common apps for all debian machines
 - name: Installing Debian common applications
   apt:
@@ -59,8 +132,8 @@ Quick helpers to remember common tasks
   file:
     path: /etc/nginx
     state: directory
-    owner: toor
+    owner: '{{ superuser }}'
-    group: toor
+    group: '{{ superuser }}'
     mode: '0755'
 
 # Set chown toor:toor -R /etc/nginx
@@ -69,7 +142,7 @@ Quick helpers to remember common tasks
     path: /etc/nginx
     state: directory
     recurse: yes
-    owner: toor
+    owner: '{{ superuser }}'
-    group: toor
+    group: '{{ superuser }}'
 
 ```

app/atlassian/confluence/tasks/mysql.yml

@@ -6,7 +6,7 @@
     dest: /etc/mysql/mysql.conf.d/mysqld.cnf
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   notify: restart mysql # Only reloads if file has changed!
 
 # Create the confluence MySQL database

app/atlassian/servicedesk/tasks/mysql.yml

@@ -6,7 +6,7 @@
     dest: "/etc/mysql/percona-server.conf.d/mysqld.cnf"
     owner: root
     group: root
-    mode: 0644 #-rw-r--r--
+    mode: '0644' #-rw-r--r--
   notify: restart mysql # Only runs if file changed!
 
 # Create the servicedesk MySQL database

app/erpnext-12/tasks/configure-erpnext.yml

@@ -10,14 +10,14 @@
   file:
     path: '{{ base }}'
     state: directory
-    owner: toor
+    owner: '{{ superuser }}'
-    group: toor
+    group: '{{ superuser }}'
     mode: '0755'
 
 # Run frappe bench init
 - name: Running frappe bench init
-  # NOTICE: running as toor
+  # NOTICE: running as superuser
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench init {{ projectname }} --frappe-branch version-12 --no-backups
   args:
     chdir: '{{ base }}'
@@ -27,8 +27,8 @@
 
 # Run frappe bench init with custom repo
 - name: Running frappe bench init with custom repo
-  # NOTICE: running as toor
+  # NOTICE: running as superuser
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench init {{ projectname }} --frappe-path {{ frappe_repo }} --frappe-branch version-12 --no-backups
   args:
     chdir: '{{ base }}'
@@ -38,7 +38,7 @@
 
 # Create frappe-bench supervisor configs
 - name: Creating frappe-bench supervisor config
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench setup supervisor
   args:
     chdir: '{{ path }}'
@@ -54,7 +54,7 @@
 
 # Get ERPNext app
 - name: Getting ERPNext app
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench get-app erpnext --branch version-12
   args:
     chdir: '{{ path }}'
@@ -64,7 +64,7 @@
 
 # Get ERPNext app from custom repo
 - name: Getting ERPNext app from custom repo
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench get-app erpnext {{ erpnext_repo }} --branch version-12
   args:
     chdir: '{{ path }}'
@@ -74,7 +74,7 @@
 
 # Settings frappe bench mariadb-host
 - name: Setting frappe bench mariadb-host
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench set-mariadb-host {{ db_host }}
   args:
     chdir: '{{ path }}'
@@ -82,7 +82,7 @@
 
 # Create new site using local database
 - name: Creating new frappe site using local database
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench new-site {{ site }} --admin-password {{ erpnext_admin_password }} --db-name {{ db_name }} --db-password {{ erpnext_db_password }} --mariadb-root-username root --mariadb-root-password {{ root_db_password }} --force
   args:
     chdir: '{{ path }}'
@@ -92,7 +92,7 @@
 
 # Create new site using remote database
 - name: Creating new frappe site using remote database
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench new-site {{ site }} --admin-password {{ erpnext_admin_password }} --db-name {{ db_name }} --db-password {{ erpnext_db_password }} --mariadb-root-username root --mariadb-root-password {{ root_db_password }} --force --no-mariadb-socket
   args:
     chdir: '{{ path }}'
@@ -102,7 +102,7 @@
 
 # Adding ERPNext to site
 - name: Adding ERPNext to site
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench --site {{ site }} install-app erpnext
   args:
     chdir: '{{ path }}'
@@ -111,7 +111,7 @@
 
 # Create frappe-bench nginx configs
 - name: Creating frappe-bench nginx config
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: bench setup nginx
   args:
     chdir: '{{ path }}'

app/erpnext-12/tasks/configure-linux.yml

@@ -1,9 +1,9 @@
 ---
-# Copy ssh client config for toor user so we can git clone without confirmation
+# Copy ssh client config for superuser user so we can git clone without confirmation
-- name: Copying toor SSH client config
+- name: Copying superuser SSH client config
   copy:
     src: 'ssh.config'
-    dest: '/home/toor/.ssh/config'
+    dest: '/home/{{ superuser }}/.ssh/config'
-    owner: toor
+    owner: '{{ superuser }}'
-    group: toor
+    group: '{{ superuser }}'
     mode: '0644'

app/erpnext-12/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
 # NOTICE: Commands like frappe bench and git clone need to run
-# as the toor user, not root.  The playbook that runs this role
+# as the superuser user, not root.  The playbook that runs this role
-# should be logging in as toor, using become:yes with toors ssh key
+# should be logging in as superuser, using become:yes with superusers ssh key
 # Because become:yes all command still run as root, until I use
-# become_user: toor below.
+# become_user: superuser below.
 
 - include_tasks: configure-linux.yml
 - include_tasks: configure-mysql.yml

app/konga-0.14.7/tasks/main.yml

@@ -13,8 +13,8 @@
   file:
     path: /var/www
     state: directory
-    owner: toor
+    owner: '{{ superuser }}'
-    group: toor
+    group: '{{ superuser }}'
     mode: '0755'
 
 # Create /var/www/konga folder
@@ -22,14 +22,14 @@
   file:
     path: /var/www/konga
     state: directory
-    owner: toor
+    owner: '{{ superuser }}'
-    group: toor
+    group: '{{ superuser }}'
     mode: '0755'
 
 # Git clone https://github.com/pantsel/konga.git
 - name: Git clone https://github.com/pantsel/konga.git tag 0.14.7
-  # NOTICE: running as toor
+  # NOTICE: running as superuser
-  become_user: toor
+  become_user: '{{ superuser }}'
   git:
     clone: yes
     force: yes
@@ -38,13 +38,13 @@
     version: 0.14.7
     depth: 1
 
-# Ensure konga git contents owned by toor
+# Ensure konga git contents owned by superuser
-- name: Ensuring konga git contents owned by toor
+- name: Ensuring konga git contents owned by superuser
   file:
     path: /var/www/konga
     state: directory
-    owner: toor
+    owner: '{{ superuser }}'
-    group: toor
+    group: '{{ superuser }}'
     recurse: yes
 
 # Delete package-lock.json
@@ -55,31 +55,31 @@
 
 # Install konga npm packages
 - name: Installing konga NPM packages
-  # NOTICE: running as toor
+  # NOTICE: running as superuser
-  become_user: toor
+  become_user: '{{ superuser }}'
   npm:
     path: /var/www/konga
 
 # Install konga bower dependencies
 - name: Installing konga bower dependencies
-  # NOTICE: running as toor
+  # NOTICE: running as superuser
-  become_user: toor
+  become_user: '{{ superuser }}'
   shell: npm run bower-deps
   args:
     chdir: /var/www/konga
 
-# Ensure konga git contents owned by toor
+# Ensure konga git contents owned by superuser
-- name: Ensuring konga git contents owned by toor
+- name: Ensuring konga git contents owned by superuser
   file:
     path: /var/www/konga
     state: directory
-    owner: toor
+    owner: '{{ superuser }}'
-    group: toor
+    group: '{{ superuser }}'
     recurse: yes
 
 # Copy konga systemd unit file
 - name: Copying konga.service systemd unit file
-  copy:
+  template:
     src: konga.service
     dest: "/etc/systemd/system/konga.service"
     owner: root

app/konga-0.14.7/templates/konga.service

@@ -4,7 +4,7 @@ After=network.target
 
 [Service]
 Type=simple
-User=toor
+User={{ superuser }}
 WorkingDirectory=/var/www/konga
 ExecStart=/usr/bin/node --harmony app.js --prod
 Restart=on-failure

build/artifactory-pro/tasks/main.yml

@@ -17,5 +17,5 @@
     dest: /etc/opt/jfrog/artifactory/default
     owner: artifactory
     group: artifactory
-    mode: 0644
+    mode: '0644'
   notify: restart artifactory

code/pyenv/files/profile.d/pyenv.sh

@@ -12,8 +12,4 @@ if command -v pyenv 1>/dev/null 2>&1; then
         eval "$(pyenv init -)"
 fi
 
-
+# Python aliases for pv, activate and pips should already be defined in shared/server
-# Python aliases
-alias pv='echo "Version:" && python --version && echo && echo "Interpreter Path:" && python -c "import sys;print(sys.prefix)" && echo && echo "Paths:" && python -c "import sys;print(sys.path);"'
-alias activate='source env/bin/activate && pv'
-alias pips='pipenv shell && echo "pipenv shell has been deactivated" && echo && pv'

code/pyenv/tasks/install-pyenv.yml

@@ -17,6 +17,8 @@
       - libgdbm-dev
       - libc6-dev
       - libbz2-dev
+      - libffi-dev
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
 
 # Debian 10
 - name: Installing build-essential and pyenv dependencies
@@ -36,19 +38,17 @@
       - libffi-dev
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
 
-
+# Install pyenv using git clone
-
-    # Install pyenv using git clone
 - name: Installing pyenv using git clone
   git:
     repo: https://github.com/pyenv/pyenv.git
     dest: /usr/local/lib/pyenv
+    force: yes
     depth: 1
 
 # Set users and permissions
 # There is also a files/bin/pyenv-fix-permissions.sh that mirror the below
 # which you can run manually after you install a new version (pyenv sets mask and ignores setfacl)
-- command: chown toor:staff /usr/local/lib/pyenv -R
+- file: 'path=/usr/local/lib/pyenv owner={{ superuser }} group={{ supergroup }} state=directory recurse=yes mode=2775'
-- command: chmod 2775 /usr/local/lib/pyenv
 - command: find /usr/local/lib/pyenv -type d -exec chmod 2775 {} \;
 - command: setfacl -R -d -m user::rwx,group::rwx /usr/local/lib/pyenv

code/pyenv/tasks/install-python.yml

@@ -0,0 +1,20 @@
+---
+# Pre output
+- debug:
+    msg: 'Pyenv about to install python {{ item }}'
+  with_items: '{{ python_versions }}'
+
+# Install python versions via pyenv
+- name: 'Installing Python version(s) via pyenv'
+  become_user: '{{ superuser }}'
+  shell: 'source /etc/profile.d/pyenv.sh && /usr/local/lib/pyenv/bin/pyenv install --skip-existing {{ item }}'
+  args:
+    executable: /bin/bash
+  with_items: '{{ python_versions }}'
+
+# Set pyenv global python versions
+- name: 'Setting pyenv global python versions'
+  become_user: '{{ superuser }}'
+  shell: 'source /etc/profile.d/pyenv.sh && /usr/local/lib/pyenv/bin/pyenv global {{ python_global_versions }}'
+  args:
+    executable: /bin/bash

code/pyenv/tasks/main.yml

@@ -1,9 +1,13 @@
 ---
-# Install pyenv
-- include_tasks: install-pyenv.yml
-
 # Copy profiles to /etc/profile.d/
 - include_tasks: ../../../functions/copy_etc-profile.d.yml
 
 # Copy scripts to /usr/local/bin
 - include_tasks: ../../../functions/copy_usr-local-bin.yml
+
+# Install pyenv
+- include_tasks: install-pyenv.yml
+
+# Install python versions
+- include_tasks: install-python.yml
+

code/pyenv/templates/bin/pyenv-fix-permissions.sh

@@ -7,7 +7,7 @@
 # mReschke 2019-04-19
 
 path=/usr/local/lib/pyenv
-chown toor:staff $path -R
+chown {{ superuser }}:{{ supergroup }} $path -R
 chmod 2775 $path
 find $path -type d -exec chmod 2775 {} \;
 setfacl -R -d -m user::rwx,group::rwx $path

functions/copy_etc-profile.d.yml

@@ -1,10 +1,24 @@
 # Copy profiles to /etc/profile.d/
+# Templates messes up a lot of back scripts (errors on odd chars)
+# So copy all files/bin/* using COPY
 - name: Copying profiles to /etc/profile.d
   copy:
     src: "{{ item }}"
     dest: /etc/profile.d/
     owner: root
     group: root
-    mode: 0755
+    mode: '0755'
   with_fileglob:
-    - profile.d/*
+    - files/profile.d/*
+
+# Template and copy profiles to /etc/profile.d/
+# Careful here, as some script can mess up the template system (jinja2)
+- name: Copy templated profiles to /etc/profile.d/
+  template:
+    src: "{{ item }}"
+    dest: /etc/profile.d/
+    owner: root
+    group: root
+    mode: '0755'
+  with_fileglob:
+    - templates/profile.d/*

functions/copy_usr-local-bin.yml

@@ -1,10 +1,24 @@
 # Copy scripts to /usr/local/bin
+# Templates messes up a lot of back scripts (errors on odd chars)
+# So copy all files/bin/* using COPY
 - name: Copying scripts to /usr/local/bin
   copy:
     src: "{{ item }}"
     dest: /usr/local/bin/
-    owner: toor
+    owner: '{{ superuser }}'
-    group: staff
+    group: '{{ supergroup }}'
-    mode: 0775
+    mode: '0775'
   with_fileglob:
-    - bin/*
+    - files/bin/*
+
+# Template and copy scripts to /usr/local/bin
+# Careful here, as some script can mess up the template system (jinja2)
+- name: Copy templated scripts to /usr/local/bin
+  template:
+    src: "{{ item }}"
+    dest: /usr/local/bin/
+    owner: '{{ superuser }}'
+    group: '{{ supergroup }}'
+    mode: '0775'
+  with_fileglob:
+    - templates/bin/*

mail/getmail/tasks/main.yml

@@ -1,7 +1,16 @@
 ---
-# Install getmail
+# Install getmail for Debian 9
-- name: Installing getmail
+- name: Installing getmail for Debian 9
   apt:
     update_cache: yes
     state: present
     name: getmail4
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
+
+# Install getmail for Debian 10
+- name: Installing getmail for Debian 10
+  apt:
+    update_cache: yes
+    state: present
+    name: getmail
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"

mail/mutt/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+# Install mutt email client
+- name: Installing mutt email client
+  apt:
+    update_cache: yes
+    state: present
+    name: mutt
+

server/files/profile.d/bash_aliases.sh

@@ -43,3 +43,13 @@ alias rm='rm -Irv'
 # What is my external IP address
 alias whatismyip='curl -s http://icanhazip.com/'
 
+# Python
+alias pv='echo "Version:" && python --version && echo && echo "Interpreter Path:" && python -c "import sys;print(sys.prefix)" && echo && echo "Paths:" && python -c "import sys;print(sys.path);"'
+alias activate='source env/bin/activate && pv'
+alias pips='pipenv shell && echo "pipenv shell has been deactivated" && echo && pv'
+
+# Docker
+alias dps="docker ps"
+alias dpsa="docker ps -a"
+alias dimg="docker images"
+alias dimga="docker images -a"

system/tmux/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+# Install tmux
+- name: Installing tmux
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - tmux

user/tasks/create.yml

@@ -41,6 +41,6 @@
     ssh_info: ""
     add_sudo: no
     create: yes
-    ssh_keys: yes
+    ssh_keys: no
-    ssh_authorize: no
+    ssh_authorize: yes
 

user/tasks/debug.yml

@@ -7,5 +7,4 @@
       - "ID: {{ users[user]['id'] }}"
       - "GID: {{ users[user]['gid'] }}"
       - "Groups: {{ user_groups }}"
-      - "Password: {{ users[user]['password'] }}"
+      #- "Password: {{ users[user]['password'] }}"
-      #- "{{ network['netmask'] }}"

user/tasks/ssh.yml

@@ -1,6 +1,6 @@
 ---
 # Create users ~/.ssh directory
-- name: Creating {{ user }} ~/.ssh directory
+- name: Creating {{ user }} ~/.ssh directoryxx
   file:
     path: '{{ "~" + user | expanduser }}/.ssh'
     state: directory
@@ -26,7 +26,7 @@
     dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa.pub'
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0644
+    mode: '0644'
   when: ssh_keys|default(false)|bool
 
 # Create users private key
@@ -36,5 +36,5 @@
     dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa'
     owner: '{{ user }}'
     group: '{{ user }}'
-    mode: 0600
+    mode: '0600'
   when: ssh_keys|default(false)|bool

user/tasks/sudo.yml

@@ -3,7 +3,7 @@
   file:
     path: '/etc/sudoers.d/{{ user }}'
     state: touch
-    mode: "0640" #-rw-r-----
+    mode: '0640'
   when: 'sudogroup in user_groups'
 
 - name: Setting user to nopasswd sudo access

virt/opennebula-5.10-controller/tasks/main.yml

@@ -66,4 +66,4 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'

virt/opennebula-5.10-kvm-node/tasks/main.yml

@@ -27,7 +27,7 @@
     dest: '/etc/libvirt/libvirtd.conf'
     owner: 'root'
     group: 'root'
-    mode: 0644
+    mode: '0644'
   notify: restart libvirtd
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "10"
 
@@ -38,7 +38,7 @@
     dest: '/etc/libvirt/libvirtd.conf'
     owner: 'root'
     group: 'root'
-    mode: 0644
+    mode: '0644'
   notify: restart libvirtd
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
 
@@ -76,4 +76,4 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'

virt/opennebula-5.4-controller/tasks/configure-mariadb.yml

@@ -6,7 +6,7 @@
     dest: "/etc/mysql/mariadb.conf.d/50-server.cnf"
     owner: root
     group: root
-    mode: 0644 #-rw-r--r--
+    mode: '0644' #-rw-r--r--
   notify: restart mariadb # Only runs if file changed!
 
 # Set MySQL options defined in OpenNebula docs

virt/opennebula-5.4-controller/tasks/configure-redis.yml

@@ -6,5 +6,5 @@
     dest: "/etc/redis/redis.conf"
     owner: root
     group: root
-    mode: 0644 # -rw-r--r--
+    mode: '0644' # -rw-r--r--
   notify: restart redis # Only runs if file changed!

virt/opennebula-5.4-controller/tasks/configure.yml

@@ -10,7 +10,7 @@
     dest: "/etc/one/oned.conf"
     owner: root
     group: root
-    mode: 0644 #-rw-r--r--
+    mode: '0644' #-rw-r--r--
   notify: restart opennebula
 
 # Override sunstone CSS
@@ -20,7 +20,7 @@
     dest: '/usr/lib/one/sunstone/public/css/custom.css'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
   notify: restart sunstone
 
 # Set oneadmin password (not linux password, but OpenNebula software password)
@@ -45,7 +45,7 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
 
 # Authorize oneadmin user to SSH into itself
 - name: Authorizing SSH keys for oneadmin
@@ -62,7 +62,7 @@
     dest: '/var/lib/one/.ssh/id_rsa.pub'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
 
 # Create oneadmin private key
 - name: Copying oneadmin SSH private key
@@ -71,4 +71,4 @@
     dest: '/var/lib/one/.ssh/id_rsa'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0600
+    mode: '0600'

virt/opennebula-5.4-controller/tasks/user.yml

@@ -24,7 +24,7 @@
     dest: /var/lib/one/.ssh/id_rsa.pub
     owner: oneadmin
     group: oneadmin
-    mode: 0644
+    mode: '0644'
 
 - name: Copying oneadmin SSH private key
   copy:
@@ -32,7 +32,7 @@
     dest: /var/lib/one/.ssh/id_rsa
     owner: oneadmin
     group: oneadmin
-    mode: 0600
+    mode: '0600'
 
 # Authorize oneadmin to SSH to self
 - name: Authorizing oneadmin SSH keys

virt/opennebula-5.4-kvm-node/tasks/configure.yml

@@ -38,7 +38,7 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
 
 # Authorize oneadmin user to SSH into itself
 - name: Authorizing SSH keys for oneadmin
@@ -55,7 +55,7 @@
     dest: '/var/lib/one/.ssh/id_rsa.pub'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'
 
 # Create oneadmin private key
 - name: Copying oneadmin SSH private key
@@ -64,7 +64,7 @@
     dest: '/var/lib/one/.ssh/id_rsa'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0600
+    mode: '0600'
 
 # Copy libvirt.conf
 - name: Copying /etc/libvirt/libvirt.conf
@@ -73,19 +73,11 @@
     dest: /etc/libvirt/libvirt.conf
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   notify: restart libvirtd # Only runs if file changed!
 
 # Copy scripts to /usr/local/bin
-- name: Copying scripts to /usr/local/bin
+- include_tasks: ../../../functions/copy_usr-local-bin.yml
-  template:
-    src: "{{ item }}"
-    dest: /usr/local/bin/
-    owner: toor
-    group: staff
-    mode: 0755
-  with_fileglob:
-    - files/bin/*
 
 # Schedule cron
 - name: Scheduling cron cron-root-daily-12am

virt/opennebula-5.8-controller/tasks/main.yml

@@ -60,4 +60,4 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'

virt/opennebula-5.8-kvm-node/tasks/main.yml

@@ -54,4 +54,4 @@
     dest: '/var/lib/one/.ssh/config'
     owner: 'oneadmin'
     group: 'oneadmin'
-    mode: 0644
+    mode: '0644'

web/haproxy/tasks/main.yml

@@ -13,7 +13,7 @@
     dest: /etc/rsyslog.conf
     owner: root
     group: root
-    mode: 0644 # -rw-r--r--
+    mode: '0644' # -rw-r--r--
   notify: restart rsyslog
 
 # Copy /etc/rsyslog.d/49-haproxy.conf
@@ -24,16 +24,8 @@
     dest: /etc/rsyslog.d/49-haproxy.conf
     owner: root
     group: root
-    mode: 0644 # -rw-r--r--
+    mode: '0644' # -rw-r--r--
   notify: restart rsyslog
 
 # Copy scripts to /usr/local/bin
-- name: Copying scripts to /usr/local/bin
+- include_tasks: ../../../functions/copy_usr-local-bin.yml
-  copy:
-    src: "{{ item }}"
-    dest: /usr/local/bin/
-    owner: toor
-    group: staff
-    mode: 0775
-  with_fileglob:
-    - bin/*

web/haproxy/templates/bin/haproxy_create_error_log.sh

@@ -22,4 +22,4 @@ cat $log_src \
 	> $log_dest
 
 
-chown toor:toor $log_dest
+chown {{ superuser }}:{{ superuser }} $log_dest