Add roles for lego, logcli, mimir, process_exporter, smokeping_prober, and vector

roles/lego/tasks/configure.yaml

@@ -0,0 +1,98 @@
+---
+- name: create group
+  ansible.builtin.group:
+    name: "{{ lego_group_name }}"
+    system: true
+
+- name: create user
+  ansible.builtin.user:
+    name: "{{ lego_user_name }}"
+    shell: "{{ lego_user_shell }}"
+    home: "{{ lego_user_home }}"
+    system: true
+    group: "{{ lego_group_name }}"
+
+- name: create var path
+  ansible.builtin.file:
+    path: "{{ lego_var_dir_path }}"
+    owner: "{{ lego_var_dir_path_owner }}"
+    group: "{{ lego_var_dir_path_group }}"
+    mode: "{{ lego_var_dir_path_mode }}"
+    state: "{{ lego_var_dir_path_state }}"
+
+- name: create etc path
+  ansible.builtin.file:
+    path: "{{ lego_etc_dir_path }}"
+    owner: "{{ lego_etc_dir_path_owner }}"
+    group: "{{ lego_etc_dir_path_group }}"
+    mode: "{{ lego_etc_dir_path_mode }}"
+    state: "{{ lego_etc_dir_path_state }}"
+
+- name: "create {{ lego_systemd_service_d_dir_path }}"
+  ansible.builtin.file:
+    path: "{{ lego_systemd_service_d_dir_path }}"
+    owner: "{{ lego_systemd_service_d_dir_path_owner }}"
+    group: "{{ lego_systemd_service_d_dir_path_group }}"
+    mode: "{{ lego_systemd_service_d_dir_path_mode }}"
+    state: "{{ lego_systemd_service_d_dir_path_state }}"
+
+- name: "create {{ lego_systemd_service_d_template_dest }}"
+  ansible.builtin.template:
+    src: "{{ lego_systemd_service_d_template_src }}"
+    dest: "{{ lego_systemd_service_d_template_dest }}"
+    owner: "{{ lego_systemd_service_d_template_path_owner }}"
+    group: "{{ lego_systemd_service_d_template_path_group }}"
+    mode: "{{ lego_systemd_service_d_template_path_mode }}"
+  notify:
+    - restart lego
+
+- name: create credential files
+  ansible.builtin.copy:
+    dest: "{{ lego_etc_dir_path }}/{{ item.name }}"
+    owner: "{{ item.owner | default(lego_credential_file_owner) }}"
+    group: "{{ item.group | default(lego_credential_file_group) }}"
+    mode: "{{ item.mode | default(lego_credential_file_mode) }}"
+    content: "{{ item.content }}"
+  loop: "{{ lego_credential_files | default([]) }}"
+  no_log: true
+
+#- name: configure
+#  ansible.builtin.template:
+#    src: "{{ lego_config_file_template_src }}"
+#    dest: "{{ lego_config_file_template_dest }}"
+#    owner: "{{ lego_config_file_template_owner }}"
+#    group: "{{ lego_config_file_template_group }}"
+#    mode: "{{ lego_config_file_template_mode }}"
+#  notify:
+#    - restart lego
+#
+- name: configure systemd unit
+  ansible.builtin.template:
+    src: "{{ lego_service_template_src }}"
+    dest: "{{ lego_service_template_dest }}"
+    owner: "{{ lego_service_template_owner }}"
+    group: "{{ lego_service_template_group }}"
+    mode: "{{ lego_service_template_mode }}"
+  notify:
+    - restart lego
+
+- name: configure timer
+  ansible.builtin.template:
+    src: "{{ lego_timer_template_src }}"
+    dest: "{{ lego_timer_template_dest }}"
+    owner: "{{ lego_timer_template_owner }}"
+    group: "{{ lego_timer_template_group }}"
+    mode: "{{ lego_timer_template_mode }}"
+#
+#- name: manage service
+#  ansible.builtin.service:
+#    name: "{{ lego_service_name }}"
+#    enabled: "{{ lego_service_enabled | default(true) }}"
+#    state: "{{ lego_service_state | default('started') }}"
+
+- name: manage timers
+  ansible.builtin.systemd:
+    name: "lego@{{ item.name }}.timer"
+    enabled: "{{ item.enabled | default(true) }}"
+    state: "{{ item.state | default('started') }}"
+  loop: "{{ lego_domains | default([]) }}"

roles/lego/tasks/install.yaml

@@ -0,0 +1,56 @@
+---
+- name: determine install status
+  ansible.builtin.stat:
+    path: "{{ lego_opt_dir_path }}/lego"
+  register: st
+
+- name: create opt path
+  ansible.builtin.file:
+    path: "{{ lego_opt_dir_path }}"
+    owner: root
+    group: root
+    mode: 0755
+    state: directory
+    
+- block:
+  - name: download
+    ansible.builtin.get_url:
+      url: "{{ lego_release_url }}"
+      dest: "{{ lego_download_path }}"
+      checksum: "{{ lego_checksums[lego_release_file] }}"
+    register: dl
+    until: dl is success
+    retries: 5
+    delay: 10
+
+  - name: extract
+    ansible.builtin.unarchive:
+      src: "{{ lego_download_path }}"
+      dest: "{{ lego_unarchive_dest_path }}"
+      remote_src: true
+
+  - name: install
+    ansible.builtin.copy:
+      src: "{{ lego_extracted_path }}/{{ item }}"
+      dest: "{{ lego_opt_dir_path }}/{{ item }}"
+      remote_src: true
+    loop: "{{ lego_binaries }}"
+  when: not st.stat.exists
+
+- name: permissions
+  ansible.builtin.file:
+    path: "{{ lego_opt_dir_path }}/{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
+  loop: "{{ lego_binaries }}"
+
+- name: symlink
+  ansible.builtin.file:
+    src: "{{ lego_opt_dir_path }}/{{ item }}"
+    dest: "/usr/local/bin/{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
+    state: link
+  loop: "{{ lego_binaries }}"

roles/lego/tasks/main.yaml

@@ -0,0 +1,28 @@
+---
+- name: gather os specific variables
+  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- ansible.builtin.include_tasks: install.yaml
+
+- ansible.builtin.include_tasks: configure.yaml