diff --git a/roles/matrix_synapse/tasks/cleanup.yml b/roles/matrix_synapse/tasks/cleanup.yml new file mode 100644 index 0000000..410af10 --- /dev/null +++ b/roles/matrix_synapse/tasks/cleanup.yml @@ -0,0 +1,12 @@ +--- + +- name: Remove unused and tmp files + file: path={{ synapse_root_dir }}/{{ item }} state=absent + loop: + - lib + - lib64 + - include + - bin + - db_dumps + tags: matrix + diff --git a/roles/seafile/tasks/cleanup.yml b/roles/seafile/tasks/cleanup.yml index 9bc3452..669d075 100644 --- a/roles/seafile/tasks/cleanup.yml +++ b/roles/seafile/tasks/cleanup.yml @@ -10,4 +10,9 @@ - /etc/cron.d/seafil_gc - "{{ seafile_data_dir }}/db_dumps" - "{{ seafile_data_dir }}/backup" + # All these are obsoletes backup hooks + - /etc/backup/pre.d/seafile_dump_db.sh + - /etc/backup/pre.d/seafile_mount_fuse.sh + - /etc/backup/post.d/seafile_rm_dumps.sh + - /etc/backup/post.d/seafile_umount_fuse.sh tags: seafile diff --git a/roles/seafile/tasks/install.yml b/roles/seafile/tasks/install.yml index 81ab0a9..521be2c 100644 --- a/roles/seafile/tasks/install.yml +++ b/roles/seafile/tasks/install.yml @@ -234,4 +234,9 @@ when: seafile_systemd_unit.changed tags: seafile - +- name: Deploy pre and post backup hooks + template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/seafile.sh mode=700 + loop: + - pre + - post + tags: seafile diff --git a/roles/seafile/templates/post-backup.sh.j2 b/roles/seafile/templates/post-backup.sh.j2 new file mode 100644 index 0000000..a69782b --- /dev/null +++ b/roles/seafile/templates/post-backup.sh.j2 @@ -0,0 +1,7 @@ +#!/bin/bash -e + +# Delete database dumps +rm -f {{ seafile_root_dir }}/backup/* + +# Umount fuse FS +{{ seafile_root_dir }}/seafile-server/seaf-fuse.sh stop diff --git a/roles/seafile/templates/pre-backup.sh.j2 b/roles/seafile/templates/pre-backup.sh.j2 new file mode 100644 index 0000000..b9bf809 --- /dev/null +++ b/roles/seafile/templates/pre-backup.sh.j2 @@ -0,0 +1,16 @@ +#!/bin/bash -e + +# Dump Databases +for DB in {{ seafile_db_ccnet }} {{ seafile_db_seafile }} {{ seafile_db_seahub }}; do + /usr/bin/mysqldump \ + --quick --single-transaction \ +{% if seafile_db_server not in ['127.0.0.1', 'localhost'] %} + --user='{{ seafile_db_user }}' \ + --password='{{ seafile_db_pass }}' \ + --host={{ seafile_db_server }} \ +{% endif %} + --add-drop-table $DB | zstd -T0 -c > {{ seafile_root_dir }}/backup/$DB.sql.zst +done + +# Mount fuse FS +{{ seafile_root_dir }}/seafile-server/seaf-fuse.sh start {{ seafile_root_dir }}/fuse/ diff --git a/roles/sudo/defaults/main.yml b/roles/sudo/defaults/main.yml index 97a74d5..cabd6f8 100644 --- a/roles/sudo/defaults/main.yml +++ b/roles/sudo/defaults/main.yml @@ -2,6 +2,9 @@ sudo_admin_groups: "{{ system_admin_groups | default(ad_auth | default(False) | ternary(['Domain\ Admins'],['admins'])) }}" -sudo_defaults: {} +sudo_base_defaults: + secure_path: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin +sudo_extra_defaults: {} # sudo_defaults: # timestamp_timeout: 10 +sudo_defaults: "{{ sudo_base_defaults | combine(sudo_extra_defaults, recursive=True) }}" diff --git a/roles/zabbix_agent/tasks/iptables.yml b/roles/zabbix_agent/tasks/iptables.yml new file mode 100644 index 0000000..13cba98 --- /dev/null +++ b/roles/zabbix_agent/tasks/iptables.yml @@ -0,0 +1,8 @@ +--- +- name: Handle Zabbix Agent port + iptables_raw: + name: zabbix_agent_port + state: "{{ (zabbix_agent_src_ip | length > 0) | ternary('present', 'absent') }}" + rules: "-A INPUT -m state --state NEW -p tcp --dport {{ zabbix_agent_port }} -s {{ zabbix_agent_src_ip | join(',') }} -j ACCEPT" + when: iptables_manage | default(True) + tags: zabbix diff --git a/roles/zabbix_agent/tasks/service.yml b/roles/zabbix_agent/tasks/service.yml new file mode 100644 index 0000000..0b173a9 --- /dev/null +++ b/roles/zabbix_agent/tasks/service.yml @@ -0,0 +1,4 @@ +--- +- name: Start Zabbix Agent + service: name=zabbix-agent state=started enabled=True + tags: zabbix