Font Awesome 7.1.0 Update

INSTRUCTIONS.md

@@ -1,4 +1,4 @@
-# Tietojärjestelmäasentajien Infra
+# TIETOJÄRJESTELMÄASENTAJIEN INFRA
 ## Ylläpitäjän ohjeet
 
 **Työaseman asennus**
@@ -18,14 +18,16 @@
     2. Vaihda oletusarvoinen käyttöjärjestelmä – `wsl --set-default Debian`
     3. Käynnistä uudelleen käyttöjärjestelmä – `wsl -t Debian`
     4. Sulje ikkuna
-6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
+6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana – `wsl -d Debian`
-7. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `sudo apt update && sudo apt install curl`
+7. Kohota oikeudet – `sudo su`
-8. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
+8. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `apt update && apt install curl`
+9. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
 
 **Palvelimen asennus**
 1. Asenna Debian-käyttöjärjestelmä
-2. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `apt update && apt install curl`
+2. Kirjaudu root käyttäjänä tai kohota oikeudet – `sudo su`
-3. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
+3. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `apt update && apt install curl`
+4. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
 
 **Verkkolaitteiden konfigurointi**
 1. Kytke verkkolaitteen Console (Ethernet) porttiin serial portti adapteri sekä yhdistä siihen serial portti USB-adapteri
@@ -155,7 +157,7 @@ banner motd ^C
     `--'    `-----'   `--' `--' `-----'
 
 
- PVJJK 1.VOS NIINISALO
+ TIETOJÄRJESTELMÄASENTAJIEN INFRA
  r1.net.tjas
 
 ^C
@@ -217,7 +219,7 @@ banner motd "
     `--'    `-----'   `--' `--' `-----'
 
 
- PVJJK 1.VOS NIINISALO
+ TIETOJÄRJESTELMÄASENTAJIEN INFRA
  s1.net.tjas
 
 "
@@ -328,7 +330,7 @@ banner motd "
     `--'    `-----'   `--' `--' `-----'
 
 
- PVJJK 1.VOS NIINISALO
+ TIETOJÄRJESTELMÄASENTAJIEN INFRA
  s2.net.tjas
 
 "
@@ -407,7 +409,7 @@ banner motd "
     `--'    `-----'   `--' `--' `-----'
 
 
- PVJJK 1.VOS NIINISALO
+ TIETOJÄRJESTELMÄASENTAJIEN INFRA
  s3.net.tjas
 
 "

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-inventory = inventories/pvjjk-1vos-niinisalo
+inventory = inventories
 hash_behaviour = merge
 gathering = smart
 display_skipped_hosts = false

files/issue

@@ -12,9 +12,9 @@
    `--'    `-----'   `--' `--' `-----'
 
 
-{{ location | upper }}
 TIETOJÄRJESTELMÄASENTAJIEN INTRA
 {{ hostname | upper }}
+{{ location | upper }}
 
 Made by
 Jääkäri Warén

files/kea/kea-dhcp4.conf

@@ -1,7 +1,7 @@
 {
     "Dhcp4": {
         "interfaces-config": {
-            "interfaces": [ "enp0s25.20" ]
+            "interfaces": [ "{{ ansible_facts.interfaces | select('search', '^enp') | first }}.20" ]
         },
         "control-socket": {
             "socket-type": "unix",
@@ -69,7 +69,7 @@
             {
                 "id": 2,
                 "subnet": "192.168.2.0/27",
-                "interface": "enp0s25.20",
+                "interface": "{{ ansible_facts.interfaces | select('search', '^enp') | first }}.20",
                 "pools": [
                     {
                         "pool": "192.168.2.1 - 192.168.2.30"
@@ -161,7 +161,7 @@
             {
                 "id": 69,
                 "subnet": "192.168.69.0/26",
-                "interface": "enp0s25.69",
+                "interface": "{{ ansible_facts.interfaces | select('search', '^enp') | first }}.69",
                 "pools": [
                     {
                         "pool": "192.168.69.1 - 192.168.69.62"

files/motd

@@ -15,9 +15,9 @@
            |_|
 
 
-{{ location | upper }}
 TIETOJÄRJESTELMÄASENTAJIEN INTRA
 {{ hostname | upper }}
+{{ location | upper }}
 
 Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan
 ylikirjoittaa automatisoidusti.

files/networking/interfaces

@@ -8,16 +8,16 @@ auto lo
 iface lo inet loopback
 
 # The primary network interface
-allow-hotplug enp0s25
+allow-hotplug {{ ansible_facts.interfaces | select('search', '^enp') | first }}
-iface enp0s25 inet dhcp
+iface {{ ansible_facts.interfaces | select('search', '^enp') | first }} inet dhcp
 
-auto enp0s25.20
+auto {{ ansible_facts.interfaces | select('search', '^enp') | first }}.20
-iface enp0s25.20 inet static
+iface {{ ansible_facts.interfaces | select('search', '^enp') | first }}.20 inet static
   address 192.168.2.10/27
   gateway 192.168.2.1
   hwaddress 90:1b:0e:5b:18:fb
 
-auto enp0s25.69
+auto {{ ansible_facts.interfaces | select('search', '^enp') | first }}.69
-iface enp0s25.69 inet static
+iface {{ ansible_facts.interfaces | select('search', '^enp') | first }}.69 inet static
   address 192.168.69.20/26
   hwaddress 90:1b:0e:5b:18:fc

files/nginx/index.html

@@ -16,8 +16,8 @@
         <!-- Link: Preconnect & DNS Prefetch & Preload -->
         <link rel="preconnect" href="//cdn.waren.io">
         <link rel="dns-prefetch" href="//cdn.waren.io">
-        <link rel="preload" as="style" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/css/all.min.css" crossorigin="anonymous">
+        <link rel="preload" as="style" href="https://cdn.waren.io/frameworks/font-awesome/7.1.0/css/all.min.css" crossorigin="anonymous">
-        <link rel="preload" as="font" type="font/woff2" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/webfonts/fa-solid-900.woff2" crossorigin="anonymous">
+        <link rel="preload" as="font" type="font/woff2" href="https://cdn.waren.io/frameworks/font-awesome/7.1.0/webfonts/fa-solid-900.woff2" crossorigin="anonymous">
 
         <style>
             body {
@@ -67,7 +67,7 @@
         </style>
 
         <!-- Link: CSS -->
-        <link rel="stylesheet" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/css/all.min.css" crossorigin="anonymous" media="screen">
+        <link rel="stylesheet" href="https://cdn.waren.io/frameworks/font-awesome/7.1.0/css/all.min.css" crossorigin="anonymous" media="screen">
     </head>
     <body>
         <header>

files/ssh/authorized_keys

@@ -1,2 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw

init.sh

@@ -38,39 +38,39 @@ exit 1
 }
 
 ti-header "Haetaan pakettien tiedot..."
-sudo apt update
+apt update
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansiblen järjestelmäpaketti riippuvuudet..."
-sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release
+apt-get install -y python3-pip python3-venv jq git curl lsb-release
 echo -e "\n\n"
 
 ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
-python3 -m venv $HOME/.venv/ansible
+python3 -m venv /opt/ansible
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansiblen Python-kirjasto riippuvuudet..."
-$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
+/opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansible..."
-$HOME/.venv/ansible/bin/pip3 install ansible
+/opt/ansible/bin/pip3 install ansible
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansible kokoelmat..."
-$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
+/opt/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
 echo -e "\n\n"
 
-mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
+mkdir -p $HOME/.ssh/keys &> /dev/null
-if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
+if [[ ! -f $HOME/.ssh/keys/infra ]]
 then
     ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
-    ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
+    ssh-keygen -f $HOME/.ssh/keys/infra -t ed25519 -N '' -C $(hostname --fqdn)
     echo -e "\n\n"
 fi
 
 ti-header "Lisää SSH-avain Infra-repon käyttöön..."
-cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
+cat $HOME/.ssh/keys/infra.pub
 
 echo -n "Onko avain lisätty Github-repoon? [K/E]"
 while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -80,7 +80,7 @@ done
 echo -e "\n\n"
 
 mkdir -p $HOME/.ansible/vault &> /dev/null
-if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]]
+if [[ ! -f $HOME/.ansible/vault/infra ]]
 then
     ti-header "Syötä Ansible Vaultin salasana..."
     echo -n "Salasana: "
@@ -90,14 +90,14 @@ then
 
         if [[ ! -z $VAULT_PASSWORD ]]
         then
-            echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo
+            echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/infra
         fi
     done
     echo -e "\n\n"
 fi
 
 ti-header "Suoritetaan Infran asennus..."
-$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
+/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/infra --accept-host-key --private-key $HOME/.ssh/keys/infra --vault-password-file $HOME/.ansible/vault/infra tasks.yml -t installer
 echo -e "\n\n"
 
 echo "

inventories/host_vars/argo.aito.tjas

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.2;AES256;infra
+33386430326363383437666438386537326335363734643930613236613831626230643064356334
+3135626438653437383961306332336232656231313435390a346433363530366262653830363231
+65313965383261326366633238613662316663333735616136316332326534376331316364633633
+6531653864313533350a306437396165373635313063306636663761303762623633346536666437
+3961

inventories/host_vars/olympus.juva.tjas

@@ -0,0 +1,151 @@
+$ANSIBLE_VAULT;1.2;AES256;infra
+66646230653763333733613633343366663932356161303735316330396335626533613935623464
+3731306166663664633633343864666464376466353638620a313738393261326239383363366264
+66386264666265653937646439646531643431613665393830343939333339376636633265376261
+6563393338386236390a346233613363373337313335373139323433356161353231346336306632
+38393932323338343461373834626163356565353765366437636137376136356230366335616438
+38346437306161303331366537356630623566666566393364383161306663663837653430326232
+35313064313531316263333034316266383561666539313936363539646435646463346233616565
+34613962623633356232343838653435656365656563373637653131653336646139343862613831
+33623061656439383833346334396461643661626366326263386238396330646563333535643432
+35353335653463306237633961363431333734333638613462306365616635646130623239373732
+30323832313562356131663539343239643633323666363461356434373634633938313639626261
+34346561363962386666366565373435303130326534353039613831666366393863333439303331
+66363132326230626632306635363937656236626262646333623534323037356233333136643664
+30316363623835356334633230303961393230626161316661396166386638653836323330333933
+31323039643039353062636437646262663662633430636563613461313962343163663239366233
+62643665333363326239633064323033386136303831336230663831343633356535383330316262
+64353661396563373036653165383462626432653636316337373337373364636530323339313266
+61363238613966646464303934393161623463356132386562663066363564343363653734636565
+35616137376363373031346461633931336164323638663137303230373233366132613739386238
+36616134376263663561306461653637363835353930636165613439373265386462623736656161
+30333066383930633139616333613965636162316634613739633463616163653132623033666563
+61656466636130323937393334653464666636613631656239656263636339306563396162366637
+32613036323631643038653561383733663561363162656435626461356532323331636332316665
+63393637306661663231623061323138356166323534663630663239653034316538623763633435
+64633162623831636263613939643939356634306636616263323139333430663038336335663232
+37636537393835333737393365303530646666386133393732626235346133653138313432663734
+37386634633763356130343732363134393430656133373939623834646362343431663964373262
+33326361393433663266643636663935313066326561643765353061623832626166323337313835
+61303235626639346162373566343639643030333436323064376365343733623866646465636233
+33343930376534623663346136643739353963326163336538336530313061333432383664396432
+31393936643762353965653962666330323062633166346462646335316534656634383762323265
+66346436393836633064646139346433373436613533333133333736396531646564363135346436
+65613430353133313663386166386163643835373730353531343135396339346162336562623032
+64613033616466626437353036653530633037653332313962623466303436353039616133393261
+31633537343430316365366161386237353930633861626161303461626636373037336331356139
+61326532646230383535613538323735356639643834393837646638313965356262356532313562
+35333534613033653633303731353231363931346335363561346131353964633531326364303663
+30633336306334666535633030306334656130336161633637636163383066383330336664326561
+36383963656430303739303463366639643466636132323433323439383037323565636262346363
+39623637306233353836636639323639333832303563303364653763656235663963326466623630
+32373363313164663130666138333361343838316130623835623631373533386437663034376562
+32383533333832653361363333356266376666613661653632373562326561313837666263613464
+66646432633564313639656666306337313135666538396166396266633137383264313664613063
+34326563613335626564656336383434613133626232333733393233306365333039393138663235
+61396564343830386636643366393332636338366562333061626334636335626364633938613932
+33333139356537373966306565376366343765663434343936633930653033353564633165393065
+35646434643566333035303730373761616130653530636137353333323139663363636135343666
+34386662303136336239646263313366393762393664303030623934663861326237346536376239
+61643530636138626631626664343033363734366466386530666435336632363534616363333561
+62373936356637313334623064393865343264363932663839653936643365633161623764386562
+65363737653737333738646262336365386534653636336434636639366139616163386333393463
+32613566353564376334653735343034663630376364393532313233363837386639303666343136
+65623561316335303166643630383363633438373634653731633764346166323061333237363237
+35356564353339323636373435393661303633333338343063663335333163666430613137343565
+39373537636137383931376639666236343039353362623861633639313931323862376463626239
+39643239653030383737633132386436356631626263396166393834663936616563366661633666
+38363633616461623133636438333833363562653863323363373136313566393738333961396131
+61626564306537383434333931633839323663346565623765636636336266336366323137303232
+66323537353631636262373930386538623964393731653265383462666664356330663238346334
+30613539316163383165363732643665316462326534316138363963363563373631326633653766
+63343137393136663166373035333130366361666364373732316161383065646238326233383665
+38323133313863656431376238303830653935353762386537353539333534373337323230616131
+61323739393663643562363066373663393135663238353765633264666537626639343939616463
+63636339396366313835636466666536346465643536366434653534396465626261656263333361
+65326435383165343964623363646536356366336335663262386362393432653063363736623861
+65353036316630646163323439383438303638626562376134633363643830656561333163303466
+39363561306263396562646464623030623431393764393933393663343361633162353136626534
+35613465313063323531653365373361633866636161616366386230396232653863336663313064
+36633233656638643035316539366364613336303138643461653133323662666337323933643838
+30306335616132313634646332346565383638663062643439653461303062373439313631663738
+36353538643430663463396365636136383731646363633065623532396333326166643436373839
+63613735646230633635353130613130303362306661376361343632373661616364323037303435
+37636632313733343236323535663136633434653164373962303865373565616131316434646164
+33303865393864633439623366616335666439393261353634613532306331323261356662623031
+34333939626633623963383939373464303763316532393037363338393839653238663635656165
+32303132653235303762326532343436643763636232386162663834333635663761396532643165
+38326262653565626363366463663233396464356166393661366432383037663034346366653038
+34656633373933386661343030646362323032343736616461656166626432313633626239346132
+32366661643761376639393438303665633266653233303433346461313538343333393962613632
+39666231386535393366333965646363336636376565383732373133386462623763386666343938
+37363962346238386161356238626538646533333739633938643065313435396336323534616137
+30363665343832326136633662623966346235383739666431393161383238313933656464396264
+33343731363734386530663731623864663139343730343063613038323564343461366438366165
+32343330656436373033393538613334373462303434336562373263653838383138343564393639
+66306538616333616138326666373965616563323739663363303036626439633761316538663132
+62636633383936663436636637633863633561646339396463643031653338383465333336386166
+64303435353661383663303466633732373236656134623965623237623737626363656232346336
+36376663316630386265316135653334623564623939663138383266396537313532663839393366
+31623033346564623633343166646330386536333937626630343338396235663166623164386335
+63666437363439333866306131343831616434613033636431646263323039663761663830656431
+33633537643130373662386439656564386136383539386564646438353130363130313836316631
+31363365316138393734373666313631393331636136386364303131386231623838333863313337
+30343832336561336234616537646630633937646530666664623531366664343866643765326265
+34653764646237636563306134613762333235313362396662346261623035313331313435663536
+63643031353230653462333064383636383464393438396365633964656334376638366164343437
+34373766636665346361363064663962363161393464656566393630373831386235613837396138
+63656336623466643663656264353666363038353661653732393537653731646362393439653962
+36356663613638636139636530376363333132656135333531323735366338633730663366366335
+37653063626537373066653733326638336234393136323036313763666134333661636230393139
+34623038656435393466363836623566663732623135306437396435336636633166313337633761
+38346534643339616265333463373264383139323565353933623666353535353862633463373962
+36356432623431346235653231383664623466306635663939646362366663313362316561343239
+32663766356161353163666136663061653866656562383931336337316663396534616261336466
+31396130336638663232663031326461303939376463636633393830393566343630303934363365
+36313631643066393536346261336133303135333032333837303735303231306631336135303462
+66623962393936366665623330373133663630633730353336373165393138616565303432663066
+39633134643137326165353861336265316435663534616638663733353037633239643635363434
+63376538663163333336313433643133616262663036363164636334303336333563623339316237
+66643036366337303066356131643964663861626266333764663763313133373463343465633238
+39313930386662373638383831303264333537343064303365396166653135303235323861666638
+33343036303733666536633534663166343437656664303439373330643062663263343032653939
+64346365633934663536646562366133643665373636356137623161326433356336663836323436
+65636432366531373063383138386235373761393661613737346237303937303433353036393533
+34613233623964643961623335613934343665323062613963616435663833346465623061353161
+39643064303332643536656166313139623933653466353063356134653538366161636661663733
+38303536326333316366333339306538336334356365656661363861623130346337323063303138
+36376634386534313432326435633732303562326366636135653234333366643730353763313931
+30323365613436343733616330623734316262663165336537306635653966663764626463643764
+31393635323332363265666237363365326434353764306162303937613231386262613665333838
+33646133373663626161356566633333326165313461623131343539396430373463366539366634
+31643238666438306434383934363065643031613861393830663532643361613363353230356666
+65326666386264613135613664623834656234376431346665313235393463356536366132356239
+36613562376265346234623434643635333761376335363161353934333137616230383630323363
+36643433656139316364633566616161363036343537643037343632306331343864656239343536
+34343839326638663365383362656262366361313830653735336633623232616233633733656465
+65633333343261356563356434393361303162666335336335363361663362353466393233636638
+31316162303631306465383865353262336633393637613534313238623436623165643439353865
+36633364383839626134326661663037313336613835646232323236393838386438613134383432
+64663166616438623663633438343663646161633137353438393839366466663862623739613536
+66383232373434666263333136346434303637303164306563393739313038343031376630316138
+34303636363837353031363134633563366633373636363830663530623862656365336238623232
+37613063656531666631303566393461656266303839656266646563373135383930393231333065
+32396339636533306335633965633264633634613233336165623062363965643135363133376430
+30653063653736326164613833313036343236343838313036313035333361356132373439623865
+61616662383139663466353264373835313934623765623237323030613036346161646461613732
+36376236383463356565353830323335623238376533336636383539336539643134663234323930
+63373431326138396566313034613536643737633465663632623136376138663937383961653536
+38396339393434626436383530366130323864373131343038636337373437343263353561646132
+35613866366639666361396530303266383233646638333232366261653837643766363939383437
+38363732333166616331386562383933633964386433613136353034656231306237633238323261
+64383037333837323037646464343063326361333061613634663739363634653137363362636531
+33633033393665306464373238376535386435313831613861373130343661336638376237306366
+32343438366666646239343133333562333037626363316163626438663534633366383961626431
+61336534396163343062316330626431626433313563393638343365306639383861343437353132
+64376433333764656662323265343861643266366130623365353032373861363238643662616666
+32376534313364376461393132306633383266326534633034653331396466343537373931316235
+33646563356661393639663934333465343361303361393166356664306264353063313635343465
+30626435333565636637353539306264393166343936363066373861396134653435626262353139
+63363831363837633962303264393461333736363639313031323564333335343838393039313461
+3234353366373830613739383537393336353061306534336566

inventories/hosts.yml

@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.2;AES256;infra
+39633132376130303332653737373230626537373837343436343262663632626635633634653232
+3032316237633864646435336637353135383637653565640a323432326439303363643533636361
+35343364663632663366306465353138663036313131633366613463643337633233323436363836
+3564313436633339320a346637343865303138306562613965373762316331623933633434616538
+36393165643062303336323639326535613936363131383566633061323564393337366331366539
+38333037653139336361313931353861396361616364333230343663366361346634613765346233
+30326465353139643133626364306263383033336463333639393338613936343862636339663231
+63616361363861386164373135313265343338313038333962656535383139313830373939303730
+35373936613161366163316132336132356238313735663834356366373233633938386136656630
+38383361316565306164376264363239666663363134613336656366613863636335376431656239
+34336235653166373265633438386138336238373761366163326664616537643639663434363036
+34643335663835383336316664323963386464643061636461643732333534356161633234313361
+37396161333065333636336133616131333735366535663864646633643231396337356462353835
+30383831356236616564663739653031303638363937313965663365663464313138396231623134
+30353735363463623132323965333730303030393631633638386561396630316439653466626339
+61363165656561663236343463613066336235666631343365303663333535616337666637323166
+3965

inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo

@@ -1,7 +0,0 @@
-$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
-31336463653963313966646235346238623462333733313535336332633533623437646266386433
-6461336464326636313166303738663033303838313138660a653430373665333438653037613262
-62326232393864353639336463313438616537396561623564663531363533646437396539623239
-3337303265313538330a613831663136353439353132343631313938333831396665393061623832
-30313336653539663364336139633538653237646436653532656465326137653863653665353564
-3930333936663234613566346132326238393863313163363366

inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas

@@ -1,6 +0,0 @@
-$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
-61373664346238383532383233653236313665356163633438333031323734396466303263386637
-3561663839653238313163323236663336336535646266620a653963643632346338393865623737
-33336639656236383638303664656461653039643465623464336464303136323062613130306631
-6265636465313834650a663263353833633363653231353834313237663938363261656335613136
-6130

inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas

@@ -1,148 +0,0 @@
-$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
-62343938363461336438303861633037346462383865333837346639343034353161386538356638
-3663613435336664663832353035616435623733623335650a643866303564393030663434336437
-61343438316538343536633538313436636662623834646533353962303135626331666339613539
-6662376266333064310a326638643665393035623863376536323735333365376336373638343838
-64383934643134346363383164333739623163386266643530333638623130303333656262616331
-61663933376266303533663333353831313136303137323462363930373465396239333065316565
-36653364373530393031343862623636363035333661653165656532353564333734303737373636
-64623665336232326463653962633765336631343131663765666264336433616638643963663730
-61396433623633636334323938306264393063613130316331623237663562356433633532326165
-39303263623864343036363534626361376331373139633436363265316633393939353164356463
-65626333323565653361656336333234626362386362646139353765366333343836393833663537
-35393131363539303437663834663336353466643935623833643666623333373234386338386635
-31353436666230623965663036363539313030396331376230316633626564363632626462666235
-65303736323334633462303138636163626163613864366534653264396633396535613537613439
-39366465346237393037616236656362663637383762656338353862623336303864363761356535
-62386130336635663236613137626530633834306430326438656261363462393132646439396131
-33393933373539613565323933663434383839363030346532643233393239653130666137623731
-63393861313831383936373066663962393763613561643937346434656262623239346264303234
-34313439333265666666633666646330326137353132306533646532623265653534363338376534
-38363563343862336639393462303731313338336535346666313939653735306136383330373431
-36656163366162363739363939356535386664633563336236336537393862363062633032343464
-34306364376465653338613833313066383936383264376362656266383532333539643731636338
-38633331643237653138653734343531623764613761393861653664313737393938383161626364
-34636635613063613239633366336362303462646439373065663737336132643163626639356535
-30623830346461633631613538383434623534653331356430353532656661346230623734646232
-66366664393863626633303132313435343764653931623236366534613332386330656563383964
-64303039393061316633663530636131646533313432343661643230316334333334326261346331
-32333038646331656164386464383061363039313939616462633532303764613266623837323463
-66323433316338333265656131313830373536626230613565613134346534346238326431653162
-64626631643637313339376266303462313833616537396532356536386130306334343262353433
-66343633303934356161643936656136363830656565633935666439633231343439646434303536
-36376161313564613638663831343865303238383634303834303034373834306263306166633131
-37326565316237623134363437613861326631366364353964616330326162366363333539346165
-35363933623962363539643463313434353939383362353839613531643566626636623435636638
-65373932393362323730353964663263356433323064356339343133613230373030326534616363
-39303832393032613739663762663334393136363832336663346138636530376637353135646663
-31396538376265666435656462656463643032393761623739396531353838663630363962333466
-32643533346139343366343432666664613138373661306232623466333961626435326432643831
-61363236306562613264643335363235343634303034373739353466396436373736646665623139
-63376534316132326463393136393431383131636530383766633464623235616330643132333933
-63303137633531323064376439623561666632623038373132373861356237336236396363663566
-63313834303462343134633230333532316131306431316236656333373863383833323233303931
-32376138333433663034353739663766366135316566623830316332616366323933356266303435
-66666163326362656562613630333030636537343837323637383039393538613266333065643763
-33376138386238626636376434343030323565333639303532383039303637313033623561303162
-32383766313961326566626139646466666138353537303131313838613762303335386232313264
-63393732353638343562333932373235313766633738656536306264346431306130366633383839
-66363765366164373761386635646137626132666538653465646336303365633330663065313437
-34326430303139346364636334363734343437343738313437303131353132636338653566633561
-35386536363235663965613035393739373261376433343962383666306234343138363931313661
-37633165313964646565633934613662343038653339386366393265653537396138363762393464
-39623161663662643862336236626130353862303761656261616464623462353164366264666265
-63363236316363646165333833663438356136623865336461373534326464376437326339666165
-64663834356630333639346266373930626361633836313330396261323065333337313930653037
-36323039613966366164626362666364313761306566343463343762393166633831373237393931
-64363830633236313339303433316432646634323530613065393633363635316366636532386266
-63326139333336613534623661653830383761313638663236616463336136336263663762376232
-64366436326135666637333265663631343862623063353762616334303061343930623637653136
-31326163346662386337313637303861393830303862396538616339633931643632396530633736
-34336365383165623537303430326633653434396533316464346661353861623662343235663731
-62616435623434333934396136646636363532656537626364663731653934643663336135383461
-62666239326238326235383034306664343039613235396139336636636166653066366163623462
-64346535383239656533303038303862306630326139663335326664656137323931393463633736
-30663631366139313035346666353235326563353037653030313936393237396631353965663439
-31373337616261636539383339393961376135366561633261396235636437383237313533373039
-39316363653062313834313831653036356236623334343061336266643062383938316264613764
-35396536323236343961643136363366653438303839313965393563323762346161636539326266
-33373039346533373339313166623732613166303564326637333837636262303838356666303239
-61386539656337306163383266306231336239396534626430613434616163343230336234653836
-64323036373931623662373534316232303862393736383733643462366231613363643835316535
-64653039656464336638663263613665663563386132303737653064373666643062346132313365
-62323666303835383563316539346236326334663463363861363566323236333264666134363532
-30656466316337373238306266383965343133633239373236353461303033613534626437336637
-64323565376237626665393466373063666138346666356162663734623063653833613230383335
-30316539643939306366353931326434353534306535346463373833333964626137303535643334
-61666137366234373466616339663463663564343434373065346231306131386330303165616564
-63363339316530666532396632386465376236633362363034366131633966653035333039373733
-38343366346337336332646464383130653063396631306463336461313932363162363737663462
-66356165613266353636633438613236396263646538323434663234396164623833373630363937
-62643161376135336564636231643631383933366430643365393239623965303035383461396162
-39333033373664356565353565666666656663303064643133386464383863613465616130316636
-36653633366639303235303139663235393065353832656162613738346663623364613634653439
-61336330396332323738353365393732386365353538653461303163333966646638636363613833
-36616561646165356232363038343364663732303239386166663134396232336430323231333062
-39663062373135333364333436323538306335373334373232336562363866666165333938623037
-66363463353064386130303936623663323932613432373266613136306662653438313531636234
-30346439353735366434343164333863626161626630633236613365396332386562373136393236
-38653130643165646232356130336266656530366362393833613861643366366466306366623035
-37646163613632646339376534643661363836376333643136396138323265376461363038363531
-65366130306466393637326161303434383862316464646533386639613236383632373866343336
-31353235303235326463376139373931663831623134323334343866386633626161656634376632
-39366434616132643662386230383535323835313364393964616235396230376631336464626561
-62636561333262326162356438613165633332663430343337636263626330663461633966316566
-30623330386138666165613034343030373265373733633562363663633366653530373366623234
-64313630383238346638633065636639386634643039633962366137303135663536346366653265
-34336130396565656336346166366633376137303030316262656364343238383562633265333035
-63653461613131623232636538663235663334306166303238616664656334303265353632613034
-65613361373334643831386335663739613634303536343039313134353965633464386138353362
-64373662373065366463396534636338326566353431626364313765333264646135626335376434
-62326330323963346231313237333464393130363561653263373263356436313863626132373662
-31663330626165353331623034646139353861393163306262643961386430643666393038663238
-64316537373261396537626564343162333436656635323863323339316165623261386131396262
-34356132653637326231326363326161393534353864666364346466303264333536336135623863
-35653833313432323861363436356263373835653864316665633965393465663965623864646361
-36376433383764643034386162356137333638636135396466653831306330653232646630663739
-30366333656461373437613733333034303531623535626330633964643934643535303266373035
-61346361393766353930333938613562663366363432666466343439303730383265633561656163
-31303532653162656564316531363036326537616231376166323339313635663363633836613438
-36366534333261306337643766336163333265666461643836623531323765363766363237303661
-36353431623734396538613135376666646664323036363638663661393136373638366631623762
-32623533336231363065613637316636663061616339393133343366303165333564313531363166
-63376331373033343164363134653466626265343134616235643263363435663462643637363639
-66623666386235633530663166663666623336376362316562393931626366303531313334626234
-65373134316132346562386565366337613032313962346539363038366535613163346564386262
-30643661633133333262633966313738653533363034326232346161613538666462383235656264
-36353430363735666239383762333363333234666232396235356237383230613439653366383831
-39303030393538653763393763323031316433633164643166383464633837626466613463346631
-33336461383638643262663563393161323465646463653735633661633561396233383338653131
-34666534656438376633643630653866333631326236633463343434326436353334366564393737
-36323362613635666564613936333539623637303764653166313637653630616164316162353637
-62643439323136393965623332643965353166323434666632636335303833323337306662616434
-64363862643964346330666439356130316263306266343063633939666664313934303631326262
-37646336663466363734306637353433643466656564623831643634393366333065303235663032
-39633631303034613536663133363831383835343563366164613332333439306265636330333539
-66316130336631656262323863613239356632646139353037376438626634626331303166396531
-30623331363638666262393430623030366162393665396664613538386431653539666533373535
-31333534323531663665376538383362343431366561326365666539336562663532633864316566
-63393236393062333135373133326634613565613537633134333662646431313133363536323634
-65653339353266613166396635646436373631643433376263366135623461326162336539613634
-31323666393335656664393736336562303261356162363239663135336463626636626463613739
-38303437303235346463393232346263623366363735373231386166646438316230383462613961
-30393465356631643965303339616435323037303434383237303430353130373161366435313537
-31376636323136613761343130366632356261336230386662336430636435313131323030313836
-33363932396535363232623061373135643765346635356431636363356431396364373338653266
-33626234346636326235613730646538626563666631333663663236653638376531313138653539
-34303631376439303863613839373164663364626337366131623231386363616637633033346335
-30363931653631623033613064656263323366373962336637363462383563663832376561336166
-63306464623765323562343438383665343730376335626133303561663961633037373336323233
-63323830333433303033623062643663643639373239393136626362353539316162613361626539
-39386330346364383530353838633530353562336435646430383534313736616163636434346531
-38623662333331366430386663646362613732616230663732386163633432363338333030633735
-31363836316261326135373239333966363061613564633365306462386537316237623261653735
-38336133393035653736366564383431366162623061393161663732613536346132666236373436
-65393862303634303530326534656333653163366432616162396436643836646537383139613338
-33613532333865386564343365386238336561626331663462633130626537346532633230353636
-32373530346630373365633161653863383638376431643361636563613132643839653239626661
-376239633162646562313264633632666366

inventories/pvjjk-1vos-niinisalo/hosts.yml

@@ -1,9 +0,0 @@
----
-pvjjk_1vos_niinisalo:
-  hosts:
-    argo.aito.tjas:
-      hostname: argo.aito.tjas
-    olympus.juva.tjas:
-      hostname: olympus.juva.tjas
-  vars:
-    ansible_python_interpreter: /usr/bin/python3

maintainer.sh

@@ -18,7 +18,7 @@ echo "
    \`--'    \`-----'   \`--' \`--' \`-----'
 "
 echo "
-TIETOJÄRJESTELMÄASENTAJIEN INTRA
+TIETOJÄRJESTELMÄASENTAJIEN INFRA
 MAINTAINER SCRIPT
 "
 echo -n "${normal}"

protect.sh

@@ -18,23 +18,23 @@ echo "
    \`--'    \`-----'   \`--' \`--' \`-----'
 "
 echo "
-TIETOJÄRJESTELMÄASENTAJIEN INTRA
+TIETOJÄRJESTELMÄASENTAJIEN INFRA
 PROTECT SCRIPT
 "
 echo -n "${normal}"
 action=$1
 
 encrypt() {
-    execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
+    execute "ansible-vault encrypt --vault-id infra@vault/infra"
 }
 
 decrypt() {
-    execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
+    execute "ansible-vault decrypt --vault-id infra@vault/infra"
 }
 
 list() {
     i=0
-    for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
+    for file in inventories/hosts.yml inventories/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -43,7 +43,7 @@ list() {
 
 execute() {
 i=0
-for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
+for file in inventories/hosts.yml inventories/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -55,15 +55,15 @@ for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
 case $action in
     encrypt)
         echo "${underline}Encrypting...${nounderline}"
-        encrypt pvjjk-1vos-niinisalo
+        encrypt
         ;;
     decrypt)
         echo "${underline}Decrypting...${nounderline}"
-        decrypt pvjjk-1vos-niinisalo
+        decrypt
         ;;
     list)
         echo "${underline}Listing...${nounderline}"
-        list pvjjk-1vos-niinisalo
+        list
         ;;
     *)
         echo "${underline}HELP${nounderline}"

tasks.yml

@@ -8,8 +8,6 @@
   tasks:
     - name: "Installer"
       import_tasks: tasks/installer.yml
-      vars:
-        ansible_python_interpreter: "/root/.venv/ansible/bin/python3"
       when:
         - inventory_hostname == "olympus.juva.tjas"
       tags:
@@ -18,8 +16,6 @@
 
     - name: "Maintenance"
       import_tasks: tasks/maintenance.yml
-      vars:
-        ansible_python_interpreter: "/root/.venv/ansible/bin/python3"
       when:
         - inventory_hostname == "olympus.juva.tjas"
       tags:
@@ -28,8 +24,6 @@
 
     - name: "Deployer"
       import_tasks: tasks/deployer.yml
-      vars:
-        ansible_python_interpreter: "/root/.venv/ansible/bin/python3"
       when:
         - inventory_hostname == "olympus.juva.tjas"
       tags:

tasks/deployer.yml

@@ -1,4 +1,10 @@
 ---
+- name: "Migrater"
+  ansible.builtin.import_tasks:
+    file: 'tasks/migrater.yml'
+  tags:
+    - migrater
+
 - name: "Deployer - SSH - Add Authorized Keys"
   ansible.builtin.template:
     src: './files/ssh/authorized_keys'
@@ -68,7 +74,7 @@
 
 - name: "Deployer - Yggdrasil - Build Image"
   containers.podman.podman_image:
-    name: pvjjk-1vos-niinisalo/yggdrasil
+    name: tjas-infra/yggdrasil
     tag: latest
     path: "/root/data/yggdrasil"
     build:
@@ -79,7 +85,7 @@
 - name: "Deployer - Yggdrasil - Run Container"
   containers.podman.podman_container:
     name: yggdrasil
-    image: pvjjk-1vos-niinisalo/yggdrasil:latest
+    image: tjas-infra/yggdrasil:latest
     state: started
     recreate: on
     network: host
@@ -192,8 +198,7 @@
 
 - name: "Deployer - Kea - Install"
   ansible.builtin.apt:
-    name:
+    name: kea
-      - kea
     state: latest
 
 - name: "Deployer - Kea - Configure - DHCP4"
@@ -899,10 +904,265 @@
     - keycloak
     - sso
 
+- name: "Deployer - Keacloak - Configure - Wait"
+  ansible.builtin.wait_for:
+    host: "127.0.0.1"
+    port: 8080
+    delay: 30
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Groups : Create"
+  community.general.keycloak_group:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    name: "{{ group }}"
+  vars:
+    task_vars:
+      groups:
+        - admin
+        - users
+  loop: "{{ task_vars.groups }}"
+  loop_control:
+    label: "{{ group }}"
+    loop_var: group
+
+- name: "Deployer - Keacloak - Configure - Users : Create"
+  community.general.keycloak_user:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    username: "{{ config.keycloak.users[username].username }}"
+    email: "{{ username }}@tjas"
+    emailVerified: on
+    credentials:
+      - type: password
+        value: "{{ config.keycloak.users[username].password }}"
+        temporary: false
+    groups: "{{ config.keycloak.users[username].groups | map('regex_replace', '^(.*)$', '{\"name\": \"\\1\", \"state\": \"present\"}') | map('from_json') | list }}"
+    enabled: on
+    state: present
+  loop: "{{ config.keycloak.users.keys() | list }}"
+  loop_control:
+    label: "{{ username }}"
+    loop_var: username
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Modify"
+  community.general.keycloak_realm:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    displayName: "PVJJK TJAS"
+    display_name_html: ""
+    enabled: on
+    state: present
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Login"
+  community.general.keycloak_realm:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    rememberMe: on
+    loginWithEmailAllowed: off
+    duplicateEmailsAllowed: on
+    verifyEmail: off
+    editUsernameAllowed: on
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Themes"
+  community.general.keycloak_realm:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    loginTheme: "pvjjk-tjas"
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Client Scopes"
+  community.general.keycloak_clientscope:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    name: "groups"
+    protocol: openid-connect
+    protocol_mappers:
+      - name: groups
+        protocol: openid-connect
+        protocolMapper: oidc-group-membership-mapper
+        config:
+          claim.name: groups
+          userinfo.token.claim: "true"
+    state: present
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Client Scopes : Types"
+  community.general.keycloak_clientscope_type:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    default_clientscopes: "{{ default }}"
+    optional_clientscopes: "{{ optional }}"
+  vars:
+    default:
+      - acr
+      - basic
+      - email
+      - profile
+      - role_list
+      - roles
+      - saml_organization
+      - web-origins
+    optional:
+      - address
+      - groups
+      - microprofile-jwt
+      - offline_access
+      - organization
+      - phone
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - User Profile"
+  community.general.keycloak_userprofile:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    config:
+      kc_user_profile_config:
+        - unmanagedAttributePolicy: ADMIN_EDIT
+    state: present
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Users : Configure - Attributes"
+  community.general.keycloak_user:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    username: "{{ config.keycloak.users.admin.username }}"
+    email: "{{ config.keycloak.users.admin.username }}@tjas"
+    emailVerified: on
+    attributes:
+      - name: is_temporary_admin
+        values: "false"
+    state: present
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Clients"
+  community.general.keycloak_client:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    client_id: "{{ sso.client.id }}"
+    secret: "{{ sso.client.secret }}"
+    name: "{{ sso.client.name }}"
+    publicClient: false
+    baseUrl: "{{ sso.client.url.base }}"
+    redirectUris: "{{ sso.client.url.redirect }}"
+    default_client_scopes: "{{ default | ansible.builtin.difference(sso.scope.split(' ')[1:]) }}"
+    optional_client_scopes: "{{ optional + sso.scope.split(' ')[1:] }}"
+    state: present
+  vars:
+    default:
+      - acr
+      - basic
+      - email
+      - profile
+      - role_list
+      - roles
+      - saml_organization
+      - web-origins
+    optional:
+      - address
+      - microprofile-jwt
+      - offline_access
+      - organization
+      - phone
+  loop: "{{ hostvars | json_query('*.config[].*.integrations.sso') | flatten(1)  }}"
+  loop_control:
+    label: "{{ sso.client.id }}"
+    loop_var: "sso"
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Clients : Scopes"
+  community.general.keycloak_clientscope_type:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    client_id: "{{ sso.client.id }}"
+    default_clientscopes: "{{ default | ansible.builtin.difference(sso.scope.split(' ')[1:]) }}"
+    optional_clientscopes: "{{ optional + sso.scope.split(' ')[1:] }}"
+  vars:
+    default:
+      - acr
+      - basic
+      - email
+      - profile
+      - role_list
+      - roles
+      - saml_organization
+      - web-origins
+    optional:
+      - address
+      - microprofile-jwt
+      - offline_access
+      - organization
+      - phone
+  loop: "{{ hostvars | json_query('*.config[].*.integrations.sso') | flatten(1)  }}"
+  loop_control:
+    label: "{{ sso.client.id }}"
+    loop_var: "sso"
+  tags:
+    - keycloak
+    - sso
+
 - name: "Deployer - Nextcloud - Files - Create Folder"
   ansible.builtin.file:
     path: "/root/data/nextcloud/{{ folder }}"
     state: directory
+    owner: www-data
+    group: www-data
   loop: "{{ folders }}"
   loop_control:
     label: "{{ folder }}"
@@ -921,6 +1181,8 @@
   ansible.builtin.file:
     dest: '/root/data/nextcloud/{{ item.path }}'
     state: directory
+    owner: www-data
+    group: www-data
   with_filetree: './files/nextcloud/'
   loop_control:
     label: "{{ item.path }}"
@@ -987,7 +1249,7 @@
   changed_when:
     - task.stdout.find('Nextcloud was successfully installed') != -1
   until:
-    - "task.stdout.find('Nextcloud was successfully installed') != -1 or task.stdout.find('Searching for scripts (*.sh) to run, located in the folder: /docker-entrypoint-hooks.d/before-starting') != -1"
+    - task.stdout.find('Nextcloud was successfully installed') != -1 or task.stdout.find('Searching for scripts (*.sh) to run, located in the folder') != -1
   retries: 5
   delay: 150
   tags:

tasks/installer.yml

@@ -1,35 +1,35 @@
 ---
-- name: "Init : Python 3 : Install"
+- name: "Installer : Python 3 : Install"
   ansible.builtin.raw: apt install -y python3 python3-pip python3-setuptools python3-venv python3-dev
   register: task
   changed_when:
     - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
 
-- name: "Init: Python 3 : Libraries - APT"
+- name: "Installer: Python 3 : Libraries - APT"
   ansible.builtin.raw: apt install -y python3-apt
   register: task
   changed_when:
     - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
 
-- name: "Init : Python 3 : Configure - Virtual Environment : Test"
+- name: "Installer : Python 3 : Configure - Virtual Environment : Test"
-  ansible.builtin.raw: "/root/.venv/ansible/bin/pip3"
+  ansible.builtin.raw: "/opt/ansible/bin/pip3"
   register: task632
   changed_when: false
   failed_when: false
 
-- name: "Init : Python 3 : Configure - Virtual Environment : Delete"
+- name: "Installer : Python 3 : Configure - Virtual Environment : Delete"
   ansible.builtin.file:
-    path: "/root/.venv/ansible"
+    path: "/opt/ansible"
     state: absent
   when:
     - "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
 
-- name: "Init : Python 3 : Configure - Virtual Environment : Create"
+- name: "Installer : Python 3 : Configure - Virtual Environment : Create"
   ansible.builtin.pip:
     name: pip
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Installer : Tools : Install"
@@ -103,18 +103,27 @@
 
 - name: "Installer : FirewallD : Dependencies - Packages"
   ansible.builtin.apt:
-    name:
+    name: "{{ package }}"
+    state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    packages:
       - python3-firewall
       - iptables
-    state: latest
+  loop: "{{ packages }}"
+  loop_control:
+    label: "{{ package }}"
+    loop_var: "package"
   tags:
     - firewalld
     - firewall
 
 - name: "Installer : FirewallD : Install"
   ansible.builtin.apt:
-    name: "firewalld"
+    name: firewalld
     state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
   tags:
     - firewalld
     - firewall
@@ -136,6 +145,7 @@
     immediate: true
     offline: true
   vars:
+    ansible_python_interpreter: /usr/bin/python3
     services:
       - http
       - https
@@ -150,12 +160,47 @@
     - firewalld
     - firewall
 
+- name: "Installer : Ansible : Dependencies - Packages (APT / Debian & Ubuntu & Linux Mint)"
+  ansible.builtin.apt:
+    name: "{{ packages }}"
+    state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    packages:
+      - sshpass
+      - lsb-release
+  loop: "{{ packages }}"
+  loop_control:
+    label: "{{ package }}"
+    loop_var: "package"
+
+- name: "Installer : Ansible : Dependencies - Python Libraries"
+  ansible.builtin.pip:
+    name: "{{ library }}"
+    state: latest
+    extra_args: --upgrade
+    virtualenv: /opt/ansible
+    virtualenv_command: "python3 -m venv"
+  vars:
+    libraries:
+      - cryptography
+      - dnspython
+      - hvac
+      - jmespath
+      - netaddr
+      - pexpect
+      - xmltodict
+  loop: "{{ libraries }}"
+  loop_control:
+    label: "{{ library }}"
+    loop_var: "library"
+
 - name: "Installer - Ansible - Python Library"
   ansible.builtin.pip:
     name: ansible
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
   tags:
     - ansible
@@ -169,7 +214,7 @@
 
 - name: "Installer : Ansible : Create Symbolic Links"
   ansible.builtin.file:
-    src: /root/.venv/ansible/bin/{{ binary }}
+    src: /opt/ansible/bin/{{ binary }}
     dest: /root/bin/{{ binary }}
     state: link
   vars:
@@ -192,34 +237,12 @@
   tags:
     - ansible
 
-- name: "Installer - Ansible - Dependencies - Python Libraries"
-  ansible.builtin.pip:
-    name: "{{ library }}"
-    state: latest
-    extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
-    virtualenv_command: "python3 -m venv"
-  vars:
-    libraries:
-      - cryptography
-      - dnspython
-      - hvac
-      - jmespath
-      - netaddr
-      - pexpect
-  loop: "{{ libraries }}"
-  loop_control:
-    label: "{{ library }}"
-    loop_var: "library"
-  tags:
-    - ansible
-
 - name: "Installer : MariaDB : Dependencies - Python Library : pymysql"
   ansible.builtin.pip:
     name: pymysql
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
   tags:
     - mariadb
@@ -227,37 +250,46 @@
 
 - name: "Installer : MariaDB : Dependencies - Package : mariadb-client"
   ansible.builtin.apt:
-    name: "mariadb-client"
+    name: mariadb-client
     state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
   tags:
     - mariadb
     - database
 
 - name: "Installer : Podman : Install"
   ansible.builtin.apt:
-    name:
+    name: "{{ package }}"
+    state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    packages:
       - podman
       - podman-compose
       - netavark
       - buildah
       - slirp4netns
-    state: latest
+  loop: "{{ packages }}"
+  loop_control:
+    label: "{{ package }}"
+    loop_var: "package"
   tags:
     - podman
 
 - name: "Installer : Schedule : Maintenance"
   ansible.builtin.cron:
-    name: "{{ location | upper }} - Infra - Maintenance"
+    name: "Tietojärjestelmäasentajien Infra - Maintenance"
     hour: "*/3"
     minute: "0"
-    job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t maintenance"
   tags:
     - cron
 
 - name: "Installer : Schedule : Deployer"
   ansible.builtin.cron:
-    name: "{{ location | upper }} - Infra - Deployer"
+    name: "Tietojärjestelmäasentajien Infra - Deployer"
     minute: "*/5"
-    job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t deployer"
   tags:
     - cron

tasks/maintenance.yml

@@ -4,7 +4,7 @@
     name: "{{ library }}"
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
   vars:
     libraries:
@@ -24,7 +24,7 @@
     name: ansible
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
@@ -32,7 +32,7 @@
     name: pymysql
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Maintenance : Podman : Prune"

tasks/migrater.yml

@@ -0,0 +1,133 @@
+---
+- name: "Migrater - Copy Secrets"
+  ansible.builtin.copy:
+    src: "{{ file.src }}"
+    dest: "{{ file.dest }}"
+  vars:
+    files:
+      - src: /root/.ssh/keys/{{ location | lower | replace('.', '') | replace(' ', '-') }}/infra
+        dest: /root/.ssh/keys/infra
+      - src: /root/.ansible/vault/{{ location | lower | replace('.', '') | replace(' ', '-') }}/infra
+        dest: /root/.ansible/vault/infra
+  loop: "{{ files }}"
+  loop_control:
+    label: "{{ file }}"
+    loop_var: "file"
+  when:
+    - file.src is ansible.builtin.file
+
+- name: "Migrater : Python 3 : Configure - Virtual Environment : Test"
+  ansible.builtin.raw: "/opt/ansible/bin/pip3"
+  register: task632
+  changed_when: false
+  failed_when: false
+
+- name: "Migrater : Python 3 : Configure - Virtual Environment : Delete"
+  ansible.builtin.file:
+    path: "/opt/ansible"
+    state: absent
+  when:
+    - "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
+
+- name: "Migrater : Python 3 : Configure - Virtual Environment : Create"
+  ansible.builtin.pip:
+    name: pip
+    state: latest
+    extra_args: --upgrade
+    virtualenv: /opt/ansible
+    virtualenv_command: "python3 -m venv"
+
+- name: "Migrater : Ansible : Dependencies - Packages"
+  ansible.builtin.apt:
+    name: "{{ package }}"
+    state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    packages:
+      - sshpass
+      - lsb-release
+  loop: "{{ packages }}"
+  loop_control:
+    label: "{{ package }}"
+    loop_var: "package"
+
+- name: "Migrater : Ansible : Dependencies - Python Libraries"
+  ansible.builtin.pip:
+    name: "{{ library }}"
+    state: latest
+    extra_args: --upgrade
+    virtualenv: /opt/ansible
+    virtualenv_command: "python3 -m venv"
+  vars:
+    libraries:
+      - cryptography
+      - dnspython
+      - hvac
+      - jmespath
+      - netaddr
+      - pexpect
+      - xmltodict
+  loop: "{{ libraries }}"
+  loop_control:
+    label: "{{ library }}"
+    loop_var: "library"
+
+- name: "Migrater - Ansible - Python Library"
+  ansible.builtin.pip:
+    name: ansible
+    state: latest
+    extra_args: --upgrade
+    virtualenv: /opt/ansible
+    virtualenv_command: "python3 -m venv"
+  tags:
+    - ansible
+
+- name: "Migrater : Ansible : Create Symbolic Links"
+  ansible.builtin.file:
+    src: /opt/ansible/bin/{{ binary }}
+    dest: /bin/{{ binary }}
+    state: link
+  vars:
+    binaries:
+      - ansible
+      - ansible-community
+      - ansible-config
+      - ansible-console
+      - ansible-doc
+      - ansible-galaxy
+      - ansible-inventory
+      - ansible-playbook
+      - ansible-pull
+      - ansible-test
+      - ansible-vault
+  loop: "{{ binaries }}"
+  loop_control:
+    label: "{{ binary }}"
+    loop_var: "binary"
+  tags:
+    - ansible
+
+- name: "Migrater - Schedule : Maintenance"
+  ansible.builtin.cron:
+    name: "Tietojärjestelmäasentajien Infra - Maintenance"
+    hour: "*/3"
+    minute: "0"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t maintenance"
+
+- name: "Migrater - Schedule : Maintenance"
+  ansible.builtin.cron:
+    name: "Tietojärjestelmäasentajien Infra - Maintenance"
+    minute: "*/5"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t deployer"
+
+- name: "Migrater - Schedule : Deployer"
+  ansible.builtin.cron:
+    name: "{{ location | upper }} - Infra - Deployer"
+    state: absent
+
+- name: "Migrater - Schedule : Maintenance"
+  ansible.builtin.cron:
+    name: "{{ location | upper }} - Infra - Maintenance"
+    state: absent
+  tags:
+    - cron