craftbukkit 1.16.1

roles/certbot/vars/Debian.yaml

@@ -1,2 +1,2 @@
 ---
-certbot_challenge_webroot_path: /var/www/.acme-challenge
+certbot_challenge_webroot_path: /var/www/html

roles/craftbukkit/defaults/main.yaml

@@ -2,7 +2,7 @@
 craftbukkit_java_package_name: openjdk-8-jre-headless
 craftbukkit_java_package_state: present
 
-craftbukkit_version: 1.15.2
+craftbukkit_version: 1.16.1
 craftbukkit_jar: "craftbukkit-{{ craftbukkit_version }}.jar"
 
 craftbukkit_service_name: craftbukkit.service

roles/gitea/defaults/main.yaml

@@ -3,10 +3,8 @@ gitea_service_name: gitea.service
 gitea_service_state: started
 gitea_service_enabled: yes
 
-gitea_arch: amd64
-gitea_version: 1.11.5
+gitea_version: 1.12.2
 gitea_url: "https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
-gitea_checksum: sha256:d8d43c13e71596c79b541e85e29defe065b4f70ac5155e6d0212bcfc669e1b9c
 gitea_bin_path: /usr/local/bin
 gitea_var_path: /var/lib/gitea
 gitea_log_path: /var/log/gitea

roles/gitea/tasks/main.yaml

@@ -1,12 +1,14 @@
 ---
-#- name: OS specific variables
-#  include_vars: "{{ item }}"
-#  with_first_found:
-#    - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
-#    - "{{ ansible_distribution }}.yml"
-#    - "{{ ansible_os_family }}.yml"
-#    - "default.yml"
-#
+- name: gather architecture specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_userspace_architecture }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
 - name: "download gitea {{ gitea_version }}"
   get_url:
     url: "{{ gitea_url }}"

roles/gitea/templates/nginx.conf.j2

@@ -6,7 +6,7 @@ server {
     server_name {{ gitea_domain }};
 
     location /.well-known/acme-challenge/ {
-        root /var/www/.acme-challenge;
+        root /var/www/html;
         try_files $uri =404;
     }
 

roles/gitea/vars/x86_64.yaml

@@ -0,0 +1,3 @@
+---
+gitea_arch: amd64
+gitea_checksum: sha256:3faa3e97a621c3b9ecba7917fd870c07c3c6c88c8cc7c29ecbf2c7b9802d91b0

roles/grafana/templates/nginx.conf.j2

@@ -6,7 +6,7 @@ server {
     server_name {{ grafana_domain }};
 
     location /.well-known/acme-challenge/ {
-        root /var/www/.acme-challenge;
+        root /var/www/html;
         try_files $uri =404;
     }
 

roles/influxdb/defaults/main.yaml

@@ -18,3 +18,4 @@ influxdb_config:
     query-log-enabled: no
   http:
     log-enabled: no
+    flux-enabled: yes

roles/minecraft/defaults/main.yaml

@@ -11,12 +11,11 @@ minecraft_port: 25565
 minecraft_user: minecraft
 minecraft_group: minecraft
 
-minecraft_jar_url: https://launcher.mojang.com/v1/objects/bb2b6b1aefcd70dfd1892149ac3a215f6c636b07/server.jar
-minecraft_jar_checksum: sha256:80cf86dc2004ec6a2dc0183d1c75a9af3ba0669f7c332e4247afb1d76fb67e8a
+minecraft_jar_url: https://launcher.mojang.com/v1/objects/c5f6fb23c3876461d46ec380421e42b289789530/server.jar
+minecraft_jar_checksum: sha256:2902ed3ff84e4f810a2c0620c6b6df9c3ef8488b272c61274d5eac2433876f39
 
 minecraft_opt_path: /opt/minecraft
-minecraft_var_path: "{{ minecraft_opt_path }}/var"
-minecraft_backup_path: "{{ minecraft_opt_path }}/backup"
+minecraft_var_path: /var/opt/minecraft
 
 minecraft_syslog_facility: local5
 

roles/minecraft/handlers/main.yaml

@@ -14,9 +14,3 @@
   service:
     name: rsyslog
     state: restarted
-
-- name: restart minecraft instances
-  service:
-    name: "minecraft@{{ item.name }}.service"
-    state: restarted
-  loop: "{{ minecraft_worlds | default([]) }}"

roles/minecraft/tasks/main.yaml

@@ -37,12 +37,11 @@
 
 - name: create minecraft var directory
   file:
-    path: "{{ minecraft_var_path }}/{{ item.name }}"
+    path: "{{ minecraft_var_path }}"
     state: directory
     owner: "{{ minecraft_user }}"
     group: "{{ minecraft_group }}"
     mode: "0755"
-  loop: "{{ minecraft_worlds }}"
 
 - name: download minecraft server
   get_url:
@@ -52,31 +51,29 @@
     group: "{{ minecraft_group }}"
     mode: "0644"
     checksum: "{{ minecraft_jar_checksum }}"
-  notify: restart minecraft instances
+  notify: restart minecraft
 
 - name: agree to the eula
   copy:
     content: "eula=true"
-    dest: "{{ minecraft_var_path }}/{{ item.name }}/eula.txt"
+    dest: "{{ minecraft_var_path }}/eula.txt"
     owner: "{{ minecraft_user }}"
     group: "{{ minecraft_group }}"
     mode: "0644"
-  loop: "{{ minecraft_worlds }}"
 
 - name: configure minecraft
   template:
     src: server.properties.j2
-    dest: "{{ minecraft_var_path }}/{{ item.name }}/server.properties"
+    dest: "{{ minecraft_var_path }}/server.properties"
     owner: root
     group: root
     mode: 0644
-  notify: restart minecraft instances
-  loop: "{{ minecraft_worlds }}"
+  notify: restart minecraft
 
 - name: configure systemd unit
   template:
     src: minecraft.service.j2
-    dest: /etc/systemd/system/minecraft@.service
+    dest: /etc/systemd/system/minecraft.service
     owner: root
     group: root
     mode: 0644
@@ -85,30 +82,9 @@
 
 - name: manage minecraft service
   service:
-    name: "minecraft@{{ item.name }}"
-    state: "{{ item.state | default(minecraft_service_state) }}"
-    enabled: "{{ item.enabled | default(minecraft_service_enabled) }}"
-  loop: "{{ minecraft_worlds }}"
-
-    #- name: configure ops
-    #  copy:
-    #    content: "{{ (minecraft_ops | default([])) | to_nice_json }}"
-    #    dest: "{{ minecraft_var_path }}/ops.json"
-    #    owner: "{{ minecraft_user }}"
-    #    group: "{{ minecraft_group }}"
-    #    mode: "0644"
-    #    force: no
-    #  notify: restart minecraft instances
-    #
-    #- name: configure whitelist
-    #  copy:
-    #    content: "{{ (minecraft_whitelist | default([])) | to_nice_json }}"
-    #    dest: "{{ minecraft_var_path }}/whitelist.json"
-    #    owner: "{{ minecraft_user }}"
-    #    group: "{{ minecraft_group }}"
-    #    mode: "0644"
-    #    force: no
-    #  notify: restart minecraft instances
+    name: minecraft.service
+    state: "{{ minecraft_service_state }}"
+    enabled: "{{ minecraft_service_enabled }}"
 
 - name: install discord notifier
   copy:

roles/minecraft/templates/minecraft.service.j2

@@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 
 [Unit]
-Description=Minecraft server %i
+Description=Minecraft server
 After=network.target
 
 [Service]
@@ -10,7 +10,7 @@ SuccessExitStatus=143
 Type=simple
 User={{ minecraft_user }}
 Group={{ minecraft_group }}
-WorkingDirectory={{ minecraft_var_path }}/%i
+WorkingDirectory={{ minecraft_var_path }}
 Restart=on-failure
 SyslogIdentifier=minecraft
 SyslogFacility={{ minecraft_syslog_facility }}

roles/nginx/templates/default.j2

@@ -11,11 +11,4 @@ server {
     location / {
         try_files $uri $uri/ =404;
     }
-
-{% if nginx_acme_challenge_enabled %}
-    location /.well-known/acme-challenge/ {
-        alias {{ nginx_acme_challenge_path }};
-        try_files $uri $uri/ =404;
-    }
-{% endif %}
 }

roles/restic/files/hooks/minecraft.sh

@@ -3,7 +3,7 @@
 set -e
 
 SERVICE=minecraft.service
-VAR_DIR=/opt/minecraft/var
+VAR_DIR=/var/opt/minecraft
 WAIT=30
 VERBOSE=${VERBOSE:-4}
 
@@ -34,7 +34,6 @@ stop_server() {
         return 0
     fi
 
-    printf "stopping %s\n" "$instance"
     systemctl -q stop "$unit"
 
     while systemctl -q is-active "$unit"; do
@@ -63,7 +62,6 @@ start_server() {
         return 0
     fi
 
-    printf "starting %s\n" "$instance"
     systemctl -q start "$unit"
 
     while ! systemctl -q is-active "$unit"; do
@@ -78,7 +76,6 @@ start_server() {
     return 0
 }
 
-
 open_files() {
     local dir=${1-$VAR_DIR}
     local attempts="${2:-$WAIT}"
@@ -95,28 +92,22 @@ open_files() {
     return 0
 }
 
-
 main() {
 
     if [ "$1" == "pre" ]; then
-        for path in "$VAR_DIR"/*; do
-            instance="minecraft@$(basename "$path").service"
-            if ! stop_server "$instance"; then
-                error_exit "Failed to stop $instance"
-            fi
-        done
+        if ! stop_server $SERVICE; then
+            error_exit "Failed to stop $SERVICE"
+        fi
 
         printf "checking for open files\n"
+
         if ! open_files $VAR_DIR; then
             error_exit "Open files exist in $VAR_DIR"
         fi
     elif [ "$1" == "post" ]; then
-        for path in "$VAR_DIR"/*; do
-            instance="minecraft@$(basename "$path").service"
-            if ! start_server "$instance"; then
-                error_exit "Failed to start $instance"
-            fi
-        done
+        if ! start_server $SERVICE; then
+            error_exit "Failed to start $SERVICE"
+        fi
     fi
 }
 

roles/restic/files/restic-job.sh

@@ -76,10 +76,10 @@ if [ -f "$LOCK" ]; then
             if ! [[ $cmdline =~ $(basename "$0") ]]; then
                 printf "removing orphaned lock, pid %d belongs to another process\n" "$pid"
                 rm -f "$LOCK"
+            else
+                KEEP_LOCK=1
+                error_exit "another job is running, pid=${pid}"
             fi
-        else
-            KEEP_LOCK=1
-            error_exit "another job is running, pid=${pid}"
         fi
     fi
 fi

roles/restic/files/restic-tidy.sh

@@ -8,6 +8,16 @@ error_exit() {
 }
 
 RESTIC_ETC_PATH=${RESTIC_ETC_PATH:-/etc/restic}
+LOCK_PATH=/run/restic
+LOCK="${LOCK_PATH}/tidy.lock"
+KEEP_LOCK=
+
+function finish {
+    if [ -z $KEEP_LOCK ]; then
+        rm -f "$LOCK"
+    fi
+}
+trap finish EXIT
 
 # shellcheck source=/dev/null
 source "${RESTIC_ETC_PATH}/env.sh"
@@ -43,6 +53,25 @@ KEEP_WEEKLY=${KEEP_WEEKLY:-5}
 KEEP_MONTHLY=${KEEP_MONTHLY:-12}
 KEEP_YEARLY=${KEEP_YEARLY:-10}
 
+if [ -f "$LOCK" ]; then
+    pid=$(cat "$LOCK")
+    if ! kill -0 "$pid" 2> /dev/null; then
+        printf "removing orphaned lock, pid %d does not exist\n" "$pid"
+        rm -f "$LOCK"
+    else
+        if [[ -f "/proc/${pid}/cmdline" ]]; then
+            cmdline=$(tr "\0" " " <"/proc/${pid}/cmdline")
+            if ! [[ $cmdline =~ $(basename "$0") ]]; then
+                printf "removing orphaned lock, pid %d belongs to another process\n" "$pid"
+                rm -f "$LOCK"
+            else
+                KEEP_LOCK=1
+                error_exit "another job is running, pid=${pid}"
+            fi
+        fi
+    fi
+fi
+
 printf "started, keep hourly:%d daily:%d weekly:%d monthly:%d year:%d\n" \
     "$KEEP_HOURLY" \
     "$KEEP_DAILY" \

roles/teleport/defaults/main.yaml

@@ -0,0 +1,21 @@
+---
+teleport_service_name: teleport
+teleport_service_state: started
+teleport_service_enabled: yes
+
+teleport_systemd_unit_path: /etc/systemd/system/teleport.service
+
+teleport_version: 4.3.5
+teleport_baseurl: https://get.gravitational.com 
+
+teleport_roles:
+  - auth
+  - proxy
+  - node
+
+teleport_config_path: /etc/teleport.yaml
+teleport_config_owner: root
+teleport_config_group: root
+teleport_config_mode: 0400
+
+teleport_config: {}

roles/teleport/handlers/main.yaml

@@ -0,0 +1,14 @@
+---
+- name: autossh daemon-reload
+  systemd:
+    daemon_reload: yes
+
+- name: reload teleport
+  service:
+    name: "{{ teleport_service_name }}"
+    state: reloaded
+
+- name: restart teleport
+  service:
+    name: "{{ teleport_service_name }}"
+    state: restarted

roles/teleport/tasks/Debian.yaml

@@ -0,0 +1,4 @@
+---
+- name: install package
+  apt:
+    deb: "{{ teleport_package_url }}"

roles/teleport/tasks/main.yaml

@@ -0,0 +1,63 @@
+---
+- name: gather architecture specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_userspace_architecture }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: gather os specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  include_tasks: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- name: configure teleport
+  copy:
+    dest: "{{ teleport_config_path }}"
+    owner: "{{ teleport_config_owner }}"
+    group: "{{ teleport_config_group }}"
+    mode: "{{ teleport_config_mode }}"
+    content: "{{ teleport_config | to_yaml }}"
+  notify:
+    - reload teleport
+  no_log: true
+
+- name: systemd unit
+  template:
+    src: teleport.service.j2
+    dest: "{{ teleport_systemd_unit_path }}"
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - restart teleport
+    - autossh daemon-reload
+  when: ansible_service_mgr == 'systemd'
+
+- name: manage service
+  service:
+    name: "{{ teleport_service_name }}"
+    state: "{{ teleport_service_state }}"
+    enabled: "{{ teleport_service_enabled }}"

roles/teleport/templates/teleport.service.j2

@@ -0,0 +1,15 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=Teleport SSH Service
+After=network.target
+
+[Service]
+Type=simple
+Restart=on-failure
+ExecStart=/usr/local/bin/teleport start --roles {{ teleport_roles | join(',') }} --config=/etc/teleport.yaml --pid-file=/run/teleport.pid
+ExecReload=/bin/kill -HUP $MAINPID
+PIDFile=/run/teleport.pid
+
+[Install]
+WantedBy=multi-user.target

roles/teleport/vars/Debian.yaml

@@ -0,0 +1,2 @@
+---
+teleport_package_url: "{{ teleport_baseurl }}/teleport_{{ teleport_version }}_{{ teleport_arch }}.deb"

roles/teleport/vars/x86_64.yaml

@@ -0,0 +1,3 @@
+---
+teleport_arch: amd64
+teleport_checksum: 0b472d847b9c492f74757c6e806af5bad85c79d4dfa12cea1fc3c9ec1e5dc4ac

roles/util/defaults/main.yaml

@@ -61,3 +61,6 @@ util_packages:
     - python3-pip
     - python-requests
     - python3-requests
+  fun:
+    - cmatrix
+    - cowsay