Font Awesome 7.1.0 Update

INSTRUCTIONS.md

@@ -1,4 +1,4 @@
-# Tietojärjestelmäasentajien Infra
+# TIETOJÄRJESTELMÄASENTAJIEN INFRA
 ## Ylläpitäjän ohjeet
 
 **Työaseman asennus**
@@ -18,14 +18,16 @@
     2. Vaihda oletusarvoinen käyttöjärjestelmä – `wsl --set-default Debian`
     3. Käynnistä uudelleen käyttöjärjestelmä – `wsl -t Debian`
     4. Sulje ikkuna
-6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana `wsl -d Debian`
-7. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `sudo apt update && sudo apt install curl`
-8. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
+6. Avaa Debian käynnistävalikosta tai suorita Powershellissä komento järjestelmänvalvojana – `wsl -d Debian`
+7. Kohota oikeudet – `sudo su`
+8. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `apt update && apt install curl`
+9. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
 
 **Palvelimen asennus**
 1. Asenna Debian-käyttöjärjestelmä
-2. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `apt update && apt install curl`
-3. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
+2. Kirjaudu root käyttäjänä tai kohota oikeudet – `sudo su`
+3. Asenna curl-paketti käyttämällä APT-paketinhallintaa – `apt update && apt install curl`
+4. Lataa ja suorita Init.sh skripti – `bash <(curl https://raw.githubusercontent.com/cwchristerw/tjas-infra/refs/heads/master/init.sh)`
 
 **Verkkolaitteiden konfigurointi**
 1. Kytke verkkolaitteen Console (Ethernet) porttiin serial portti adapteri sekä yhdistä siihen serial portti USB-adapteri
@@ -155,7 +157,7 @@ banner motd ^C
     `--'    `-----'   `--' `--' `-----'
 
 
- PVJJK 1.VOS NIINISALO
+ TIETOJÄRJESTELMÄASENTAJIEN INFRA
  r1.net.tjas
 
 ^C
@@ -217,7 +219,7 @@ banner motd "
     `--'    `-----'   `--' `--' `-----'
 
 
- PVJJK 1.VOS NIINISALO
+ TIETOJÄRJESTELMÄASENTAJIEN INFRA
  s1.net.tjas
 
 "
@@ -328,7 +330,7 @@ banner motd "
     `--'    `-----'   `--' `--' `-----'
 
 
- PVJJK 1.VOS NIINISALO
+ TIETOJÄRJESTELMÄASENTAJIEN INFRA
  s2.net.tjas
 
 "
@@ -407,7 +409,7 @@ banner motd "
     `--'    `-----'   `--' `--' `-----'
 
 
- PVJJK 1.VOS NIINISALO
+ TIETOJÄRJESTELMÄASENTAJIEN INFRA
  s3.net.tjas
 
 "

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-inventory = inventories/pvjjk-1vos-niinisalo
+inventory = inventories
 hash_behaviour = merge
 gathering = smart
 display_skipped_hosts = false

assets/images/logo-square.svg

@@ -0,0 +1,274 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="695.94501"
+   height="695.94501"
+   viewBox="0 0 184.13545 184.13545"
+   version="1.1"
+   id="svg1"
+   sodipodi:docname="logo-square.svg"
+   inkscape:version="1.4.2 (ebf0e940d0, 2025-05-08)"
+   inkscape:export-filename="logo-square.png"
+   inkscape:export-xdpi="96.010002"
+   inkscape:export-ydpi="96.010002"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:xlink="http://www.w3.org/1999/xlink"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <sodipodi:namedview
+     id="namedview1"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="px"
+     inkscape:zoom="1.44"
+     inkscape:cx="329.51389"
+     inkscape:cy="169.44444"
+     inkscape:window-width="1920"
+     inkscape:window-height="1008"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" />
+  <defs
+     id="defs1">
+    <linearGradient
+       id="linearGradient1"
+       inkscape:collect="always">
+      <stop
+         style="stop-color:#c84dff;stop-opacity:1;"
+         offset="0"
+         id="stop1" />
+      <stop
+         style="stop-color:#ad00fa;stop-opacity:1;"
+         offset="0.20007552"
+         id="stop3" />
+      <stop
+         style="stop-color:#c84dff;stop-opacity:1;"
+         offset="0.36412308"
+         id="stop4" />
+      <stop
+         style="stop-color:#8800c4;stop-opacity:1;"
+         offset="0.49973571"
+         id="stop5" />
+      <stop
+         style="stop-color:#c84dff;stop-opacity:1;"
+         offset="0.82178771"
+         id="stop6" />
+      <stop
+         style="stop-color:#58007e;stop-opacity:1;"
+         offset="1"
+         id="stop2" />
+    </linearGradient>
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient2"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044"
+       gradientUnits="userSpaceOnUse" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient3"
+       gradientUnits="userSpaceOnUse"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient4"
+       gradientUnits="userSpaceOnUse"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient5"
+       gradientUnits="userSpaceOnUse"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044" />
+    <linearGradient
+       inkscape:collect="always"
+       xlink:href="#linearGradient1"
+       id="linearGradient6"
+       gradientUnits="userSpaceOnUse"
+       x1="25.938683"
+       y1="80.4786"
+       x2="25.641027"
+       y2="115.3044" />
+  </defs>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(1.7166583e-5,54.181246)">
+    <g
+       id="g9"
+       style="display:none"
+       transform="translate(-8.8234898,-66.083592)">
+      <g
+         id="g7">
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke-width:0.264583"
+           x="39.283604"
+           y="115.8997"
+           id="text1"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;text-anchor:middle;stroke-width:0.264583"
+             x="39.283604"
+             y="115.8997"
+             id="tspan5">T</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke-width:0.264583"
+           x="79.859314"
+           y="115.52763"
+           id="text1-1"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;text-anchor:middle;stroke-width:0.264583"
+             x="79.859314"
+             y="115.52763"
+             id="tspan5-8">J</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke-width:0.264583"
+           x="122.32855"
+           y="115.8997"
+           id="text1-28"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;text-anchor:middle;stroke-width:0.264583"
+             x="122.32855"
+             y="115.8997"
+             id="tspan5-9">A</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke-width:0.264583"
+           x="161.78362"
+           y="116.07333"
+           id="text1-2"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;text-anchor:middle;stroke-width:0.264583"
+             x="161.78362"
+             y="116.07333"
+             id="tspan5-3">S</tspan></text>
+      </g>
+      <g
+         id="g8"
+         style="stroke:none">
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke:none;stroke-width:0.264583"
+           x="39.344238"
+           y="128.46199"
+           id="text1-3-2"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;text-anchor:middle;stroke:none;stroke-width:0.264583"
+             x="39.344238"
+             y="128.46199"
+             id="tspan5-2-9">TANGO</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke:none;stroke-width:0.264583"
+           x="79.264"
+           y="128.3297"
+           id="text1-3"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;text-anchor:middle;stroke:none;stroke-width:0.264583"
+             x="79.264"
+             y="128.3297"
+             id="tspan5-2">JULIET</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke:none;stroke-width:0.264583"
+           x="122.30926"
+           y="128.43994"
+           id="text1-3-7"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;text-anchor:middle;stroke:none;stroke-width:0.264583"
+             x="122.30926"
+             y="128.43994"
+             id="tspan5-2-8">ALPHA</tspan></text>
+        <text
+           xml:space="preserve"
+           style="font-size:22.5778px;text-align:center;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;direction:ltr;text-anchor:middle;fill:#000000;stroke:none;stroke-width:0.264583"
+           x="161.81256"
+           y="128.5116"
+           id="text1-3-6"><tspan
+             sodipodi:role="line"
+             style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;text-anchor:middle;stroke:none;stroke-width:0.264583"
+             x="161.81256"
+             y="128.5116"
+             id="tspan5-2-1">SIERRA</tspan></text>
+      </g>
+    </g>
+    <g
+       id="g17"
+       style="display:inline;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+       transform="translate(-8.8234921,-66.083609)">
+      <g
+         id="g12"
+         style="fill:url(#linearGradient2);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers">
+        <path
+           style="font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:url(#linearGradient3);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 52.975791,80.428994 -0.248047,10.517187 -7.391797,0.297656 -1.885156,23.514843 -10.467578,0.5457 0.04961,-23.51484 -7.391797,0.396875 0.297656,-11.707812 z"
+           id="text9"
+           aria-label="T" />
+        <path
+           style="font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:url(#linearGradient4);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 91.864783,95.088571 q 0,1.463477 0,2.902149 0,1.438672 -0.148829,2.90215 -0.272851,3.10058 -1.339453,5.87871 -1.066601,2.75332 -2.902148,4.83691 -1.810742,2.0836 -4.415234,3.29903 -2.604493,1.21543 -5.97793,1.21543 -1.314648,0 -2.75332,-0.22325 -1.413867,-0.22324 -2.827735,-0.66972 -1.389062,-0.44649 -2.678906,-1.09141 -1.265039,-0.66973 -2.257226,-1.53789 l 1.53789,-10.26914 q 1.463477,1.41387 3.249414,2.30684 1.785938,0.86816 3.894336,0.86816 1.364258,0 2.306836,-0.39687 0.942578,-0.39688 1.562695,-1.09141 0.620118,-0.69453 0.967383,-1.61231 0.37207,-0.94257 0.520899,-1.98437 0.173632,-1.066602 0.198437,-2.182813 0.04961,-1.116211 0.04961,-2.207617 0,-3.943946 -0.396875,-7.838282 -0.396875,-3.91914 -0.694531,-7.838281 l 11.360547,-0.74414 q 0.744141,7.739062 0.74414,15.478124 z"
+           id="text10"
+           aria-label="J" />
+        <path
+           style="font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:url(#linearGradient5);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 138.9725,113.76649 -12.30313,1.5875 -1.48828,-5.60586 h -5.65547 l -1.24023,5.60586 -12.65039,-1.24023 9.87226,-33.039844 13.79141,-0.694532 z m -14.68438,-11.60859 -1.88515,-8.632031 -1.83555,8.632031 z"
+           id="text11"
+           aria-label="A" />
+        <path
+           style="font-size:50.8px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:url(#linearGradient6);stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 174.96731,102.87724 q 0,3.39824 -1.19063,5.95313 -1.16582,2.53007 -3.22461,4.21679 -2.03398,1.68672 -4.7873,2.53008 -2.72852,0.84336 -5.87871,0.84336 -1.21543,0 -2.67891,-0.32246 -1.43867,-0.32246 -2.92695,-0.79375 -1.48828,-0.4961 -2.87735,-1.0418 -1.36425,-0.57051 -2.43086,-1.0666 l 1.09141,-10.21953 q 2.1084,1.26504 4.66328,1.93476 2.57969,0.64493 5.06016,0.64493 0.47129,0 1.14101,-0.0248 0.66973,-0.0496 1.26504,-0.22324 0.62012,-0.19844 1.0418,-0.57051 0.42168,-0.37207 0.42168,-1.0666 0,-0.47129 -0.29766,-0.79375 -0.29765,-0.34727 -0.76894,-0.5457 -0.47129,-0.22325 -1.0666,-0.32246 -0.59532,-0.12403 -1.16582,-0.17364 -0.57051,-0.0496 -1.06661,-0.0496 -0.49609,0 -0.79375,0 -2.1332,0 -3.89433,-0.74414 -1.73633,-0.74414 -3.00137,-2.058786 -1.24023,-1.339453 -1.93476,-3.150195 -0.69454,-1.835547 -0.69454,-3.96875 0,-2.926953 1.16582,-5.233789 1.19063,-2.33164 3.1502,-3.943945 1.98437,-1.637109 4.53926,-2.505274 2.55488,-0.868164 5.2834,-0.868164 1.21543,0 2.50527,0.09922 1.28984,0.07441 2.55488,0.297656 1.28985,0.223243 2.50528,0.570508 1.21543,0.347266 2.30683,0.868164 l -0.94258,10.070703 q -1.68672,-0.570508 -3.54707,-0.942578 -1.83554,-0.396875 -3.59668,-0.396875 -0.32246,0 -0.84336,0.02481 -0.49609,0 -1.0666,0.07441 -0.5457,0.04961 -1.11621,0.173633 -0.57051,0.124023 -1.01699,0.347265 -0.44649,0.198438 -0.71934,0.545703 -0.27285,0.347266 -0.24804,0.818555 0.0248,0.545703 0.39687,0.892969 0.39688,0.322461 0.99219,0.520898 0.62012,0.173633 1.33945,0.248047 0.74414,0.07441 1.46348,0.09922 0.71933,0 1.33945,0 0.62012,-0.02481 1.01699,0.02481 1.98438,0.124023 3.57188,0.843359 1.5875,0.719336 2.67891,1.909961 1.11621,1.190625 1.68671,2.852539 0.59532,1.637116 0.59532,3.621486 z"
+           id="text12"
+           aria-label="S" />
+      </g>
+      <g
+         id="g16"
+         style="fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers">
+        <path
+           style="font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 28.126996,120.5796 -0.05512,2.33716 -1.642623,0.0661 -0.418924,5.22553 -2.326131,0.12127 0.01103,-5.22553 -1.642624,0.0882 0.06615,-2.60174 z m 6.493322,7.40834 -2.73403,0.35278 -0.33073,-1.24574 h -1.256772 l -0.275608,1.24574 -2.8112,-0.27561 2.193839,-7.34219 3.06476,-0.15434 z m -3.263197,-2.57969 -0.418924,-1.91823 -0.4079,1.91823 z m 10.875488,-4.85069 -0.396876,7.47448 -2.888371,0.26459 -1.543404,-4.00183 -0.242535,4.079 h -2.480471 l 0.198437,-7.81624 2.756079,-0.1323 1.907207,3.96876 0.08819,-3.74827 z m 7.099659,6.77995 q -0.259071,0.32522 -0.63941,0.56775 -0.380339,0.24254 -0.8158,0.40239 -0.43546,0.15985 -0.892969,0.23702 -0.457509,0.0827 -0.870921,0.0827 -0.799263,0 -1.471747,-0.28664 -0.672483,-0.28663 -1.163065,-0.78824 -0.48507,-0.50711 -0.760678,-1.19062 -0.275608,-0.68351 -0.275608,-1.47175 0,-0.60082 0.137804,-1.17409 0.137804,-0.57877 0.391363,-1.08589 0.259072,-0.51263 0.628386,-0.93707 0.369315,-0.42995 0.837849,-0.73863 0.468533,-0.30868 1.025261,-0.47956 0.556728,-0.17087 1.190626,-0.17087 0.237023,0 0.507119,0.022 0.270096,0.0165 0.534679,0.0661 0.270096,0.0441 0.523655,0.12678 0.25356,0.0827 0.463022,0.20395 l -0.154341,2.10564 q -0.308681,-0.11575 -0.63941,-0.15434 -0.325218,-0.0441 -0.639411,-0.0441 -0.440972,0 -0.826823,0.1378 -0.380339,0.13229 -0.666972,0.38585 -0.28112,0.25356 -0.446484,0.61736 -0.165365,0.36381 -0.165365,0.82132 0,0.28663 0.07717,0.55672 0.07717,0.26459 0.231511,0.47405 0.159852,0.20395 0.391363,0.33073 0.237023,0.12678 0.545704,0.12678 0.209462,0 0.429948,-0.0551 0.225998,-0.0551 0.385851,-0.18742 l 0.02205,-0.42995 -1.322918,-0.022 0.06615,-1.65365 q 0.821311,-0.0276 1.642623,-0.0441 0.821311,-0.0221 1.653647,-0.0551 z m 7.231952,-2.7671 q 0,0.5016 -0.115755,0.97014 -0.115755,0.46302 -0.336241,0.87092 -0.214975,0.4079 -0.529168,0.74965 -0.308681,0.33624 -0.700044,0.57878 -0.385851,0.24253 -0.84336,0.38034 -0.457509,0.13229 -0.97014,0.13229 -0.496094,0 -0.948091,-0.12678 -0.446485,-0.12678 -0.837848,-0.35278 -0.391363,-0.23151 -0.711069,-0.55122 -0.314193,-0.32521 -0.540191,-0.71658 -0.220487,-0.39687 -0.347266,-0.84887 -0.121268,-0.452 -0.121268,-0.94258 0,-0.47956 0.115756,-0.93706 0.115755,-0.46303 0.330729,-0.87093 0.220487,-0.4079 0.529167,-0.74965 0.308681,-0.34175 0.68902,-0.5898 0.385851,-0.24805 0.832336,-0.38585 0.446485,-0.1378 0.942579,-0.1378 0.799263,0 1.45521,0.24804 0.661459,0.24805 1.12448,0.71107 0.468534,0.45751 0.722093,1.11346 0.259071,0.65043 0.259071,1.45521 z m -2.447398,0.14331 q 0,-0.23702 -0.07166,-0.45751 -0.06615,-0.22599 -0.198438,-0.39687 -0.132291,-0.17639 -0.330729,-0.28112 -0.192926,-0.11025 -0.446485,-0.11025 -0.259071,0 -0.463021,0.0937 -0.20395,0.0937 -0.352778,0.25907 -0.143316,0.15986 -0.220487,0.38034 -0.07717,0.21498 -0.07717,0.45751 0,0.23151 0.06615,0.46302 0.06615,0.23151 0.198438,0.41893 0.132291,0.18741 0.325217,0.30317 0.198438,0.11575 0.457509,0.11575 0.259072,0 0.463021,-0.0992 0.209462,-0.10473 0.352779,-0.27561 0.143316,-0.17639 0.220486,-0.40238 0.07717,-0.226 0.07717,-0.46854 z"
+           id="text13"
+           aria-label="TANGO" />
+        <path
+           style="font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 68.416072,123.78768 q 0,0.32522 0,0.64492 0,0.31971 -0.03307,0.64492 -0.06063,0.68902 -0.297656,1.30638 -0.237023,0.61185 -0.644923,1.07488 -0.402387,0.46302 -0.981164,0.73311 -0.578777,0.2701 -1.32843,0.2701 -0.292145,0 -0.61185,-0.0496 -0.314193,-0.0496 -0.628386,-0.14883 -0.308681,-0.0992 -0.595313,-0.24253 -0.28112,-0.14883 -0.501606,-0.34176 l 0.341754,-2.28203 q 0.325217,0.31419 0.722092,0.51263 0.396876,0.19292 0.865409,0.19292 0.303169,0 0.512631,-0.0882 0.209462,-0.0882 0.347266,-0.24253 0.137804,-0.15435 0.214974,-0.3583 0.08268,-0.20946 0.115755,-0.44097 0.03858,-0.23702 0.0441,-0.48507 0.01102,-0.24804 0.01102,-0.49058 0,-0.87643 -0.08819,-1.74184 -0.08819,-0.87092 -0.15434,-1.74184 l 2.524568,-0.16537 q 0.165365,1.71979 0.165365,3.43959 z m 7.083124,-1.5875 q 0,0.4079 -0.03858,0.89848 -0.03858,0.49058 -0.12678,1.01424 -0.08819,0.52365 -0.23151,1.06384 -0.137804,0.53468 -0.347266,1.03078 -0.209462,0.49609 -0.490583,0.93155 -0.275607,0.42995 -0.63941,0.75517 -0.35829,0.3197 -0.804775,0.5016 -0.446485,0.18742 -0.992189,0.18742 -0.63941,0 -1.113456,-0.20947 -0.468533,-0.20395 -0.804775,-0.55121 -0.336241,-0.35278 -0.551216,-0.8158 -0.214974,-0.46853 -0.336241,-0.98668 -0.121268,-0.52365 -0.170877,-1.06384 -0.0441,-0.54571 -0.0441,-1.04731 0,-0.77171 0.07717,-1.5379 0.07717,-0.7717 0.220486,-1.53789 l 2.57969,0.0992 q -0.148828,0.86541 -0.259071,1.74184 -0.104731,0.87092 -0.104731,1.75287 0,0.0937 0.0055,0.28112 0.01102,0.1819 0.03307,0.41341 0.02205,0.226 0.06063,0.46853 0.0441,0.23703 0.115755,0.43546 0.07166,0.19844 0.170877,0.32522 0.104731,0.12678 0.242535,0.12678 0.159853,0 0.286632,-0.14883 0.12678,-0.15434 0.220486,-0.4079 0.09922,-0.25356 0.170877,-0.58429 0.07166,-0.33072 0.121268,-0.68902 0.04961,-0.35829 0.07717,-0.71658 0.03307,-0.35829 0.04961,-0.66697 0.02205,-0.30868 0.02756,-0.5457 0.0055,-0.23702 0.0055,-0.35278 0,-0.42995 -0.01654,-0.85438 -0.01102,-0.42995 -0.03859,-0.85439 h 2.57969 q 0.06615,0.76068 0.06615,1.54341 z m 5.28616,2.98759 -0.23151,2.44739 -4.641238,0.36381 q 0.03307,-1.92375 0.07166,-3.82544 0.0441,-1.9017 0.104731,-3.82544 h 2.866323 q -0.12678,1.20716 -0.242535,2.41433 -0.115756,1.20165 -0.165365,2.42535 0.259071,0.011 0.512631,0.011 0.253559,0 0.51263,0 0.308681,0 0.606338,-0.006 0.297656,-0.006 0.606337,-0.006 z m 3.235636,-4.61919 -0.606337,7.50756 -2.326131,0.12126 v -7.47448 z m 5.600354,-0.18742 q -0.03307,0.51815 -0.06063,1.02527 -0.02756,0.50711 -0.07166,1.02526 l -2.337155,0.12126 -0.05512,0.69454 H 88.7394 l -0.121267,1.70877 -1.653648,0.0551 -0.05512,0.80477 h 1.367015 0.97014 q -0.03307,0.60634 -0.07166,1.20717 -0.03307,0.59531 -0.06063,1.19613 l -4.751481,0.11025 0.17639,-7.94854 z m 6.013764,0.0662 -0.05512,2.33716 -1.642623,0.0661 -0.418924,5.22553 -2.326131,0.12126 0.01102,-5.22552 -1.642623,0.0882 0.06615,-2.60174 z"
+           id="text14"
+           aria-label="JULIET" />
+        <path
+           style="font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 113.02678,127.9659 -2.73403,0.35277 -0.33073,-1.24574 h -1.25677 l -0.27561,1.24574 -2.8112,-0.2756 2.19384,-7.3422 3.06476,-0.15434 z m -3.26319,-2.57969 -0.41893,-1.91824 -0.4079,1.91824 z m 8.22414,-0.0882 -0.23152,2.4474 -4.64123,0.3638 q 0.0331,-1.92374 0.0717,-3.82544 0.0441,-1.90169 0.10473,-3.82543 h 2.86632 q -0.12678,1.20716 -0.24254,2.41432 -0.11575,1.20165 -0.16536,2.42535 0.25907,0.011 0.51263,0.011 0.25356,0 0.51263,0 0.30868,0 0.60634,-0.006 0.29765,-0.006 0.60634,-0.006 z m 6.68073,-2.16076 q 0,0.53467 -0.15985,0.94809 -0.15985,0.41341 -0.44097,0.72209 -0.27561,0.30868 -0.65044,0.52365 -0.37483,0.21498 -0.80477,0.35278 -0.42444,0.13229 -0.88195,0.19844 -0.45751,0.0606 -0.89848,0.0661 v 2.56866 h -2.56867 q 0,-1.26228 0.006,-2.51354 0.006,-1.25126 0.0165,-2.52457 0.011,-0.67248 0.006,-1.34497 -0.006,-0.67248 0.0276,-1.35599 0.70556,-0.20946 1.41112,-0.31419 0.70555,-0.10473 1.45521,-0.10473 0.42443,0 0.84887,0.0717 0.42444,0.0661 0.81029,0.21497 0.39136,0.14883 0.72209,0.37483 0.33624,0.22048 0.57878,0.52916 0.24253,0.30868 0.38033,0.70556 0.14332,0.39136 0.14332,0.88195 z m -2.4474,0.18741 q 0,-0.35829 -0.22048,-0.55673 -0.21498,-0.20395 -0.56224,-0.20395 -0.11576,0 -0.24254,0.022 -0.12127,0.0165 -0.23151,0.0441 l -0.0662,1.60955 q 0.0772,0.011 0.14883,0.011 0.0717,0 0.14883,0 0.19844,0 0.38034,-0.0661 0.18741,-0.0662 0.33073,-0.18742 0.14332,-0.12678 0.226,-0.29214 0.0882,-0.17088 0.0882,-0.38034 z m 9.2935,5.11528 -2.75608,0.13229 -0.022,-2.54661 h -1.26779 l -0.0772,2.41432 h -2.46945 l 0.20946,-7.75009 2.62379,0.12126 -0.16536,3.95773 h 1.22369 l 0.011,-4.25538 2.51354,0.0661 z m 7.47449,-0.47404 -2.73403,0.35277 -0.33073,-1.24574 h -1.25677 l -0.27561,1.24574 -2.8112,-0.2756 2.19384,-7.3422 3.06476,-0.15434 z m -3.2632,-2.57969 -0.41892,-1.91824 -0.4079,1.91824 z"
+           id="text15"
+           aria-label="ALPHA" />
+        <path
+           style="font-size:11.2889px;font-family:'Luckiest Guy';-inkscape-font-specification:'Luckiest Guy';text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;fill:#f9f9f9;stroke:#000000;stroke-width:2.64583;stroke-linecap:round;stroke-linejoin:round;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke fill markers"
+           d="m 149.98623,125.57913 q 0,0.75516 -0.26459,1.32292 -0.25907,0.56224 -0.71658,0.93706 -0.452,0.37483 -1.06385,0.56224 -0.60633,0.18742 -1.30638,0.18742 -0.27009,0 -0.59531,-0.0717 -0.31971,-0.0717 -0.65043,-0.17639 -0.33073,-0.11024 -0.63942,-0.23151 -0.30316,-0.12678 -0.54019,-0.23702 l 0.24254,-2.27101 q 0.46853,0.28112 1.03628,0.42995 0.57327,0.14331 1.12448,0.14331 0.10474,0 0.25356,-0.006 0.14883,-0.011 0.28112,-0.0496 0.13781,-0.0441 0.23151,-0.12678 0.0937,-0.0827 0.0937,-0.23702 0,-0.10473 -0.0661,-0.17639 -0.0661,-0.0772 -0.17088,-0.12127 -0.10473,-0.0496 -0.23702,-0.0717 -0.1323,-0.0276 -0.25908,-0.0386 -0.12678,-0.011 -0.23702,-0.011 -0.11024,0 -0.17639,0 -0.47404,0 -0.86541,-0.16536 -0.38585,-0.16537 -0.66697,-0.45751 -0.27561,-0.29766 -0.42995,-0.70004 -0.15434,-0.4079 -0.15434,-0.88195 0,-0.65043 0.25907,-1.16307 0.26459,-0.51814 0.70005,-0.87643 0.44097,-0.3638 1.00872,-0.55673 0.56776,-0.19292 1.17409,-0.19292 0.2701,0 0.55673,0.0221 0.28663,0.0165 0.56775,0.0661 0.28664,0.0496 0.55673,0.12678 0.2701,0.0772 0.51263,0.19293 l -0.20946,2.23793 q -0.37483,-0.12678 -0.78824,-0.20946 -0.4079,-0.0882 -0.79926,-0.0882 -0.0717,0 -0.18741,0.006 -0.11025,0 -0.23703,0.0165 -0.12126,0.011 -0.24804,0.0386 -0.12678,0.0276 -0.226,0.0772 -0.0992,0.0441 -0.15986,0.12127 -0.0606,0.0772 -0.0551,0.1819 0.006,0.12127 0.0882,0.19844 0.0882,0.0717 0.22048,0.11575 0.13781,0.0386 0.29766,0.0551 0.16537,0.0165 0.32522,0.022 0.15985,0 0.29765,0 0.13781,-0.006 0.226,0.006 0.44098,0.0276 0.79375,0.18741 0.35278,0.15985 0.59532,0.42444 0.24804,0.26458 0.37482,0.63389 0.1323,0.36381 0.1323,0.80478 z m 3.32383,-4.82865 -0.60634,7.50756 -2.32613,0.12126 v -7.47448 z m 5.60035,-0.18742 q -0.0331,0.51815 -0.0606,1.02527 -0.0276,0.50711 -0.0717,1.02526 l -2.33716,0.12126 -0.0551,0.69454 h 1.64263 l -0.12127,1.70877 -1.65365,0.0551 -0.0551,0.80477 h 1.36701 0.97014 q -0.0331,0.60634 -0.0717,1.20717 -0.0331,0.59531 -0.0606,1.19613 l -4.75148,0.11025 0.17639,-7.94854 z m 6.64766,2.63482 q 0,0.42994 -0.0772,0.78272 -0.0717,0.34727 -0.23151,0.63941 -0.15985,0.29215 -0.41341,0.54019 -0.25356,0.24805 -0.61185,0.47405 l 1.31189,2.33716 -2.48047,0.48507 -0.84887,-2.34818 -0.68351,0.022 -0.0992,2.29306 h -2.37022 q 0.0276,-1.25677 0.0496,-2.50252 0.0276,-1.24575 0.0606,-2.50252 0.011,-0.6339 0.0221,-1.25677 0.011,-0.62287 0.0441,-1.25677 0.38585,-0.14332 0.76067,-0.23702 0.37483,-0.0937 0.74966,-0.14332 0.38034,-0.0551 0.76619,-0.0717 0.39136,-0.0221 0.79926,-0.0221 0.62839,0 1.21267,0.17639 0.58981,0.17088 1.0418,0.51814 0.452,0.34727 0.72209,0.86541 0.27561,0.51815 0.27561,1.20717 z m -2.46944,0.17639 q 0,-0.23152 -0.0661,-0.42444 -0.0606,-0.19293 -0.18741,-0.33073 -0.12127,-0.14332 -0.30868,-0.22049 -0.18191,-0.0827 -0.42995,-0.0827 -0.11025,0 -0.21498,0.0165 -0.10473,0.011 -0.20395,0.0386 l -0.0882,2.05053 h 0.13229 q 0.23702,0 0.47956,-0.0606 0.24805,-0.0606 0.44097,-0.18741 0.19844,-0.12678 0.31971,-0.32522 0.12678,-0.19844 0.12678,-0.47404 z m 9.31003,-0.17639 q 0,0.42994 -0.0772,0.78272 -0.0717,0.34727 -0.23151,0.63941 -0.15985,0.29215 -0.41341,0.54019 -0.25356,0.24805 -0.61185,0.47405 l 1.31189,2.33716 -2.48047,0.48507 -0.84887,-2.34818 -0.68351,0.022 -0.0992,2.29306 h -2.37022 q 0.0276,-1.25677 0.0496,-2.50252 0.0276,-1.24575 0.0606,-2.50252 0.011,-0.6339 0.0221,-1.25677 0.011,-0.62287 0.0441,-1.25677 0.38586,-0.14332 0.76068,-0.23702 0.37483,-0.0937 0.74966,-0.14332 0.38033,-0.0551 0.76619,-0.0717 0.39136,-0.0221 0.79926,-0.0221 0.62838,0 1.21267,0.17639 0.5898,0.17088 1.0418,0.51814 0.452,0.34727 0.72209,0.86541 0.27561,0.51815 0.27561,1.20717 z m -2.46944,0.17639 q 0,-0.23152 -0.0661,-0.42444 -0.0606,-0.19293 -0.18741,-0.33073 -0.12127,-0.14332 -0.30868,-0.22049 -0.18191,-0.0827 -0.42995,-0.0827 -0.11025,0 -0.21498,0.0165 -0.10473,0.011 -0.20395,0.0386 l -0.0882,2.05053 h 0.13229 q 0.23702,0 0.47956,-0.0606 0.24805,-0.0606 0.44097,-0.18741 0.19844,-0.12678 0.31971,-0.32522 0.12678,-0.19844 0.12678,-0.47404 z m 9.80061,4.66328 -2.73403,0.35278 -0.33073,-1.24575 h -1.25677 l -0.27561,1.24575 -2.8112,-0.27561 2.19384,-7.34219 3.06476,-0.15434 z m -3.2632,-2.57969 -0.41892,-1.91823 -0.4079,1.91823 z"
+           id="text16"
+           aria-label="SIERRA" />
+      </g>
+    </g>
+  </g>
+</svg>

files/issue

@@ -12,9 +12,9 @@
    `--'    `-----'   `--' `--' `-----'
 
 
-{{ location | upper }}
 TIETOJÄRJESTELMÄASENTAJIEN INTRA
 {{ hostname | upper }}
+{{ location | upper }}
 
 Made by
 Jääkäri Warén

files/kea/kea-dhcp4.conf

@@ -1,7 +1,7 @@
 {
     "Dhcp4": {
         "interfaces-config": {
-            "interfaces": [ "enp0s25.20" ]
+            "interfaces": [ "{{ ansible_facts.interfaces | select('search', '^enp') | first }}.20" ]
         },
         "control-socket": {
             "socket-type": "unix",
@@ -69,7 +69,7 @@
             {
                 "id": 2,
                 "subnet": "192.168.2.0/27",
-                "interface": "enp0s25.20",
+                "interface": "{{ ansible_facts.interfaces | select('search', '^enp') | first }}.20",
                 "pools": [
                     {
                         "pool": "192.168.2.1 - 192.168.2.30"
@@ -161,7 +161,7 @@
             {
                 "id": 69,
                 "subnet": "192.168.69.0/26",
-                "interface": "enp0s25.69",
+                "interface": "{{ ansible_facts.interfaces | select('search', '^enp') | first }}.69",
                 "pools": [
                     {
                         "pool": "192.168.69.1 - 192.168.69.62"

files/keycloak/themes/pvjjk-tjas/login/resources/css/pvjjk-tjas.css

@@ -13,6 +13,7 @@ body {
 
 #kc-header-wrapper {
     font-family: "Luckiest Guy", sans-serif;
+    text-transform: uppercase;
 }
 
 div.kc-logo-text.kc-logo-custom {

files/keycloak/themes/pvjjk-tjas/welcome/resources/css/pvjjk-tjas.css

@@ -11,6 +11,7 @@ body {
     color: #ffffff;
     text-decoration: none;
     font-family: "Luckiest Guy", sans-serif;
+    text-transform: uppercase;
 }
 
 @font-face {
@@ -29,7 +30,7 @@ p, main a {
 }
 
 h1 {
-    font-size: 3em;
+    font-size: 12em;
     margin-bottom: 0;
     background-image: url(../img/logo.svg);
     background-repeat: no-repeat;

files/motd

@@ -15,9 +15,9 @@
            |_|
 
 
-{{ location | upper }}
 TIETOJÄRJESTELMÄASENTAJIEN INTRA
 {{ hostname | upper }}
+{{ location | upper }}
 
 Palvelimen hallinta on automatisoitu. Manuaaliset muutokset saatetaan
 ylikirjoittaa automatisoidusti.

files/networking/interfaces

@@ -8,16 +8,16 @@ auto lo
 iface lo inet loopback
 
 # The primary network interface
-allow-hotplug enp0s25
-iface enp0s25 inet dhcp
+allow-hotplug {{ ansible_facts.interfaces | select('search', '^enp') | first }}
+iface {{ ansible_facts.interfaces | select('search', '^enp') | first }} inet dhcp
 
-auto enp0s25.20
-iface enp0s25.20 inet static
+auto {{ ansible_facts.interfaces | select('search', '^enp') | first }}.20
+iface {{ ansible_facts.interfaces | select('search', '^enp') | first }}.20 inet static
   address 192.168.2.10/27
   gateway 192.168.2.1
   hwaddress 90:1b:0e:5b:18:fb
 
-auto enp0s25.69
-iface enp0s25.69 inet static
+auto {{ ansible_facts.interfaces | select('search', '^enp') | first }}.69
+iface {{ ansible_facts.interfaces | select('search', '^enp') | first }}.69 inet static
   address 192.168.69.20/26
   hwaddress 90:1b:0e:5b:18:fc

files/nextcloud/config/apache2/ports.conf

@@ -0,0 +1 @@
+Listen 8090

files/nextcloud/config/apache2/sites-enabled/000-default.conf

@@ -0,0 +1,29 @@
+<VirtualHost *:8090>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+</VirtualHost>

files/nginx/conf/001-services.conf

@@ -31,7 +31,7 @@ server {
     location / {
         proxy_pass http://127.0.0.1:3001;
         proxy_set_header Host $http_host;
-        proxy_intercept_errors: on;
+        proxy_intercept_errors on;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
@@ -72,9 +72,9 @@ server {
     gunzip on;
 
     location / {
-        proxy_pass http://127.0.0.1:3001;
+        proxy_pass http://127.0.0.1:8080;
         proxy_set_header Host $http_host;
-        proxy_intercept_errors: on;
+        proxy_intercept_errors on;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
@@ -115,9 +115,9 @@ server {
     gunzip on;
 
     location / {
-        proxy_pass http://127.0.0.1:3001;
+        proxy_pass http://127.0.0.1:8090;
         proxy_set_header Host $http_host;
-        proxy_intercept_errors: on;
+        proxy_intercept_errors on;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";

files/nginx/index.html

@@ -16,8 +16,8 @@
         <!-- Link: Preconnect & DNS Prefetch & Preload -->
         <link rel="preconnect" href="//cdn.waren.io">
         <link rel="dns-prefetch" href="//cdn.waren.io">
-        <link rel="preload" as="style" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/css/all.min.css" crossorigin="anonymous">
-        <link rel="preload" as="font" type="font/woff2" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/webfonts/fa-solid-900.woff2" crossorigin="anonymous">
+        <link rel="preload" as="style" href="https://cdn.waren.io/frameworks/font-awesome/7.1.0/css/all.min.css" crossorigin="anonymous">
+        <link rel="preload" as="font" type="font/woff2" href="https://cdn.waren.io/frameworks/font-awesome/7.1.0/webfonts/fa-solid-900.woff2" crossorigin="anonymous">
 
         <style>
             body {
@@ -67,7 +67,7 @@
         </style>
 
         <!-- Link: CSS -->
-        <link rel="stylesheet" href="https://cdn.waren.io/frameworks/font-awesome/7.0.0/css/all.min.css" crossorigin="anonymous" media="screen">
+        <link rel="stylesheet" href="https://cdn.waren.io/frameworks/font-awesome/7.1.0/css/all.min.css" crossorigin="anonymous" media="screen">
     </head>
     <body>
         <header>
@@ -77,6 +77,7 @@
         <nav>
             <ul>
                 <li><a href="https://cloud.tjas"><i class="fa-solid fa-cloud"></i> Cloud</a></li>
+                <li><a href="https://sso.tjas"><i class="fa-solid fa-user-lock"></i> SSO</a></li>
                 <li><a href="https://status.tjas"><i class="fa-solid fa-signal"></i> Status</a></li>
             </ul>
         </nav>

files/resolv.conf

@@ -0,0 +1,2 @@
+nameserver 127.0.0.1
+nameserver 1.1.1.1

files/ssh/authorized_keys

@@ -1,2 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClWZxHhmgV2LD3mrbLU2VxPXGMx02WaB5MU9t8XJsqAmsIKwUZSqHTrlR20dXPGlZhe5Rx4vf+ZKx0kuNKJMvswEkvpP0la9WSsawWHxhOTrqDr0yZMV1/CncdARw1vse3zJCQVbOflbKYsKgpdJHbMzk5SfSZijSscrgxRTa8qX/ndnmlGrgm4MxezgFBEJrzC4vCTZLK5LPkAva+2A6fwElgR7V1Dkg5p5l0/nvKbBje+ugaiTw7RPy42oC/hHrsvsnTQ4KheD1phRJFCSEnj6l7gxVetVBznZ/K697MrK4aNUFLDV29uiPALj+1fWAYTIO3WPNU/QkH7OEP8JO3 argo.aito.tjas
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW5phGhwAG8dmT+sR0uF1gRc0X9xXZiiFxvKUEsPk1N cwchristerw

init.sh

@@ -38,39 +38,39 @@ exit 1
 }
 
 ti-header "Haetaan pakettien tiedot..."
-sudo apt update
+apt update
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansiblen järjestelmäpaketti riippuvuudet..."
-sudo apt-get install -y python3-pip python3-venv jq git curl lsb-release
+apt-get install -y python3-pip python3-venv jq git curl lsb-release
 echo -e "\n\n"
 
 ti-header "Luodaan Ansiblelle virtuaalinen ympäristö..."
-python3 -m venv $HOME/.venv/ansible
+python3 -m venv /opt/ansible
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansiblen Python-kirjasto riippuvuudet..."
-$HOME/.venv/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
+/opt/ansible/bin/pip3 install cryptography dnspython hvac jmespath netaddr pexpect
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansible..."
-$HOME/.venv/ansible/bin/pip3 install ansible
+/opt/ansible/bin/pip3 install ansible
 echo -e "\n\n"
 
 ti-header "Asennetaan Ansible kokoelmat..."
-$HOME/.venv/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
+/opt/ansible/bin/ansible-galaxy collection install ansible.posix containers.podman --upgrade
 echo -e "\n\n"
 
-mkdir -p $HOME/.ssh/keys/pvjjk-1vos-niinisalo &> /dev/null
-if [[ ! -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra ]]
+mkdir -p $HOME/.ssh/keys &> /dev/null
+if [[ ! -f $HOME/.ssh/keys/infra ]]
 then
     ti-header "Generoidaan SSH-avain Infra-repon käyttöön..."
-    ssh-keygen -f $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra -t ed25519 -N '' -C $(hostname --fqdn)
+    ssh-keygen -f $HOME/.ssh/keys/infra -t ed25519 -N '' -C $(hostname --fqdn)
     echo -e "\n\n"
 fi
 
 ti-header "Lisää SSH-avain Infra-repon käyttöön..."
-cat $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra.pub
+cat $HOME/.ssh/keys/infra.pub
 
 echo -n "Onko avain lisätty Github-repoon? [K/E]"
 while [[ -z $SSHKEY_QUESTION || ! -z $SSHKEY_QUESTION && $SSHKEY_QUESTION != "K" ]]
@@ -80,7 +80,7 @@ done
 echo -e "\n\n"
 
 mkdir -p $HOME/.ansible/vault &> /dev/null
-if [[ ! -f $HOME/.ansible/vault/pvjjk-1vos-niinisalo ]]
+if [[ ! -f $HOME/.ansible/vault/infra ]]
 then
     ti-header "Syötä Ansible Vaultin salasana..."
     echo -n "Salasana: "
@@ -90,14 +90,14 @@ then
 
         if [[ ! -z $VAULT_PASSWORD ]]
         then
-            echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/pvjjk-1vos-niinisalo
+            echo "$VAULT_PASSWORD" > $HOME/.ansible/vault/infra
         fi
     done
     echo -e "\n\n"
 fi
 
 ti-header "Suoritetaan Infran asennus..."
-$HOME/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key $HOME/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file $HOME/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t installer
+/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d $HOME/.ansible/pull/infra --accept-host-key --private-key $HOME/.ssh/keys/infra --vault-password-file $HOME/.ansible/vault/infra tasks.yml -t installer
 echo -e "\n\n"
 
 echo "

inventories/host_vars/argo.aito.tjas

@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.2;AES256;infra
+33386430326363383437666438386537326335363734643930613236613831626230643064356334
+3135626438653437383961306332336232656231313435390a346433363530366262653830363231
+65313965383261326366633238613662316663333735616136316332326534376331316364633633
+6531653864313533350a306437396165373635313063306636663761303762623633346536666437
+3961

inventories/host_vars/olympus.juva.tjas

@@ -0,0 +1,151 @@
+$ANSIBLE_VAULT;1.2;AES256;infra
+66646230653763333733613633343366663932356161303735316330396335626533613935623464
+3731306166663664633633343864666464376466353638620a313738393261326239383363366264
+66386264666265653937646439646531643431613665393830343939333339376636633265376261
+6563393338386236390a346233613363373337313335373139323433356161353231346336306632
+38393932323338343461373834626163356565353765366437636137376136356230366335616438
+38346437306161303331366537356630623566666566393364383161306663663837653430326232
+35313064313531316263333034316266383561666539313936363539646435646463346233616565
+34613962623633356232343838653435656365656563373637653131653336646139343862613831
+33623061656439383833346334396461643661626366326263386238396330646563333535643432
+35353335653463306237633961363431333734333638613462306365616635646130623239373732
+30323832313562356131663539343239643633323666363461356434373634633938313639626261
+34346561363962386666366565373435303130326534353039613831666366393863333439303331
+66363132326230626632306635363937656236626262646333623534323037356233333136643664
+30316363623835356334633230303961393230626161316661396166386638653836323330333933
+31323039643039353062636437646262663662633430636563613461313962343163663239366233
+62643665333363326239633064323033386136303831336230663831343633356535383330316262
+64353661396563373036653165383462626432653636316337373337373364636530323339313266
+61363238613966646464303934393161623463356132386562663066363564343363653734636565
+35616137376363373031346461633931336164323638663137303230373233366132613739386238
+36616134376263663561306461653637363835353930636165613439373265386462623736656161
+30333066383930633139616333613965636162316634613739633463616163653132623033666563
+61656466636130323937393334653464666636613631656239656263636339306563396162366637
+32613036323631643038653561383733663561363162656435626461356532323331636332316665
+63393637306661663231623061323138356166323534663630663239653034316538623763633435
+64633162623831636263613939643939356634306636616263323139333430663038336335663232
+37636537393835333737393365303530646666386133393732626235346133653138313432663734
+37386634633763356130343732363134393430656133373939623834646362343431663964373262
+33326361393433663266643636663935313066326561643765353061623832626166323337313835
+61303235626639346162373566343639643030333436323064376365343733623866646465636233
+33343930376534623663346136643739353963326163336538336530313061333432383664396432
+31393936643762353965653962666330323062633166346462646335316534656634383762323265
+66346436393836633064646139346433373436613533333133333736396531646564363135346436
+65613430353133313663386166386163643835373730353531343135396339346162336562623032
+64613033616466626437353036653530633037653332313962623466303436353039616133393261
+31633537343430316365366161386237353930633861626161303461626636373037336331356139
+61326532646230383535613538323735356639643834393837646638313965356262356532313562
+35333534613033653633303731353231363931346335363561346131353964633531326364303663
+30633336306334666535633030306334656130336161633637636163383066383330336664326561
+36383963656430303739303463366639643466636132323433323439383037323565636262346363
+39623637306233353836636639323639333832303563303364653763656235663963326466623630
+32373363313164663130666138333361343838316130623835623631373533386437663034376562
+32383533333832653361363333356266376666613661653632373562326561313837666263613464
+66646432633564313639656666306337313135666538396166396266633137383264313664613063
+34326563613335626564656336383434613133626232333733393233306365333039393138663235
+61396564343830386636643366393332636338366562333061626334636335626364633938613932
+33333139356537373966306565376366343765663434343936633930653033353564633165393065
+35646434643566333035303730373761616130653530636137353333323139663363636135343666
+34386662303136336239646263313366393762393664303030623934663861326237346536376239
+61643530636138626631626664343033363734366466386530666435336632363534616363333561
+62373936356637313334623064393865343264363932663839653936643365633161623764386562
+65363737653737333738646262336365386534653636336434636639366139616163386333393463
+32613566353564376334653735343034663630376364393532313233363837386639303666343136
+65623561316335303166643630383363633438373634653731633764346166323061333237363237
+35356564353339323636373435393661303633333338343063663335333163666430613137343565
+39373537636137383931376639666236343039353362623861633639313931323862376463626239
+39643239653030383737633132386436356631626263396166393834663936616563366661633666
+38363633616461623133636438333833363562653863323363373136313566393738333961396131
+61626564306537383434333931633839323663346565623765636636336266336366323137303232
+66323537353631636262373930386538623964393731653265383462666664356330663238346334
+30613539316163383165363732643665316462326534316138363963363563373631326633653766
+63343137393136663166373035333130366361666364373732316161383065646238326233383665
+38323133313863656431376238303830653935353762386537353539333534373337323230616131
+61323739393663643562363066373663393135663238353765633264666537626639343939616463
+63636339396366313835636466666536346465643536366434653534396465626261656263333361
+65326435383165343964623363646536356366336335663262386362393432653063363736623861
+65353036316630646163323439383438303638626562376134633363643830656561333163303466
+39363561306263396562646464623030623431393764393933393663343361633162353136626534
+35613465313063323531653365373361633866636161616366386230396232653863336663313064
+36633233656638643035316539366364613336303138643461653133323662666337323933643838
+30306335616132313634646332346565383638663062643439653461303062373439313631663738
+36353538643430663463396365636136383731646363633065623532396333326166643436373839
+63613735646230633635353130613130303362306661376361343632373661616364323037303435
+37636632313733343236323535663136633434653164373962303865373565616131316434646164
+33303865393864633439623366616335666439393261353634613532306331323261356662623031
+34333939626633623963383939373464303763316532393037363338393839653238663635656165
+32303132653235303762326532343436643763636232386162663834333635663761396532643165
+38326262653565626363366463663233396464356166393661366432383037663034346366653038
+34656633373933386661343030646362323032343736616461656166626432313633626239346132
+32366661643761376639393438303665633266653233303433346461313538343333393962613632
+39666231386535393366333965646363336636376565383732373133386462623763386666343938
+37363962346238386161356238626538646533333739633938643065313435396336323534616137
+30363665343832326136633662623966346235383739666431393161383238313933656464396264
+33343731363734386530663731623864663139343730343063613038323564343461366438366165
+32343330656436373033393538613334373462303434336562373263653838383138343564393639
+66306538616333616138326666373965616563323739663363303036626439633761316538663132
+62636633383936663436636637633863633561646339396463643031653338383465333336386166
+64303435353661383663303466633732373236656134623965623237623737626363656232346336
+36376663316630386265316135653334623564623939663138383266396537313532663839393366
+31623033346564623633343166646330386536333937626630343338396235663166623164386335
+63666437363439333866306131343831616434613033636431646263323039663761663830656431
+33633537643130373662386439656564386136383539386564646438353130363130313836316631
+31363365316138393734373666313631393331636136386364303131386231623838333863313337
+30343832336561336234616537646630633937646530666664623531366664343866643765326265
+34653764646237636563306134613762333235313362396662346261623035313331313435663536
+63643031353230653462333064383636383464393438396365633964656334376638366164343437
+34373766636665346361363064663962363161393464656566393630373831386235613837396138
+63656336623466643663656264353666363038353661653732393537653731646362393439653962
+36356663613638636139636530376363333132656135333531323735366338633730663366366335
+37653063626537373066653733326638336234393136323036313763666134333661636230393139
+34623038656435393466363836623566663732623135306437396435336636633166313337633761
+38346534643339616265333463373264383139323565353933623666353535353862633463373962
+36356432623431346235653231383664623466306635663939646362366663313362316561343239
+32663766356161353163666136663061653866656562383931336337316663396534616261336466
+31396130336638663232663031326461303939376463636633393830393566343630303934363365
+36313631643066393536346261336133303135333032333837303735303231306631336135303462
+66623962393936366665623330373133663630633730353336373165393138616565303432663066
+39633134643137326165353861336265316435663534616638663733353037633239643635363434
+63376538663163333336313433643133616262663036363164636334303336333563623339316237
+66643036366337303066356131643964663861626266333764663763313133373463343465633238
+39313930386662373638383831303264333537343064303365396166653135303235323861666638
+33343036303733666536633534663166343437656664303439373330643062663263343032653939
+64346365633934663536646562366133643665373636356137623161326433356336663836323436
+65636432366531373063383138386235373761393661613737346237303937303433353036393533
+34613233623964643961623335613934343665323062613963616435663833346465623061353161
+39643064303332643536656166313139623933653466353063356134653538366161636661663733
+38303536326333316366333339306538336334356365656661363861623130346337323063303138
+36376634386534313432326435633732303562326366636135653234333366643730353763313931
+30323365613436343733616330623734316262663165336537306635653966663764626463643764
+31393635323332363265666237363365326434353764306162303937613231386262613665333838
+33646133373663626161356566633333326165313461623131343539396430373463366539366634
+31643238666438306434383934363065643031613861393830663532643361613363353230356666
+65326666386264613135613664623834656234376431346665313235393463356536366132356239
+36613562376265346234623434643635333761376335363161353934333137616230383630323363
+36643433656139316364633566616161363036343537643037343632306331343864656239343536
+34343839326638663365383362656262366361313830653735336633623232616233633733656465
+65633333343261356563356434393361303162666335336335363361663362353466393233636638
+31316162303631306465383865353262336633393637613534313238623436623165643439353865
+36633364383839626134326661663037313336613835646232323236393838386438613134383432
+64663166616438623663633438343663646161633137353438393839366466663862623739613536
+66383232373434666263333136346434303637303164306563393739313038343031376630316138
+34303636363837353031363134633563366633373636363830663530623862656365336238623232
+37613063656531666631303566393461656266303839656266646563373135383930393231333065
+32396339636533306335633965633264633634613233336165623062363965643135363133376430
+30653063653736326164613833313036343236343838313036313035333361356132373439623865
+61616662383139663466353264373835313934623765623237323030613036346161646461613732
+36376236383463356565353830323335623238376533336636383539336539643134663234323930
+63373431326138396566313034613536643737633465663632623136376138663937383961653536
+38396339393434626436383530366130323864373131343038636337373437343263353561646132
+35613866366639666361396530303266383233646638333232366261653837643766363939383437
+38363732333166616331386562383933633964386433613136353034656231306237633238323261
+64383037333837323037646464343063326361333061613634663739363634653137363362636531
+33633033393665306464373238376535386435313831613861373130343661336638376237306366
+32343438366666646239343133333562333037626363316163626438663534633366383961626431
+61336534396163343062316330626431626433313563393638343365306639383861343437353132
+64376433333764656662323265343861643266366130623365353032373861363238643662616666
+32376534313364376461393132306633383266326534633034653331396466343537373931316235
+33646563356661393639663934333465343361303361393166356664306264353063313635343465
+30626435333565636637353539306264393166343936363066373861396134653435626262353139
+63363831363837633962303264393461333736363639313031323564333335343838393039313461
+3234353366373830613739383537393336353061306534336566

inventories/hosts.yml

@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.2;AES256;infra
+39633132376130303332653737373230626537373837343436343262663632626635633634653232
+3032316237633864646435336637353135383637653565640a323432326439303363643533636361
+35343364663632663366306465353138663036313131633366613463643337633233323436363836
+3564313436633339320a346637343865303138306562613965373762316331623933633434616538
+36393165643062303336323639326535613936363131383566633061323564393337366331366539
+38333037653139336361313931353861396361616364333230343663366361346634613765346233
+30326465353139643133626364306263383033336463333639393338613936343862636339663231
+63616361363861386164373135313265343338313038333962656535383139313830373939303730
+35373936613161366163316132336132356238313735663834356366373233633938386136656630
+38383361316565306164376264363239666663363134613336656366613863636335376431656239
+34336235653166373265633438386138336238373761366163326664616537643639663434363036
+34643335663835383336316664323963386464643061636461643732333534356161633234313361
+37396161333065333636336133616131333735366535663864646633643231396337356462353835
+30383831356236616564663739653031303638363937313965663365663464313138396231623134
+30353735363463623132323965333730303030393631633638386561396630316439653466626339
+61363165656561663236343463613066336235666631343365303663333535616337666637323166
+3965

inventories/pvjjk-1vos-niinisalo/group_vars/pvjjk_1vos_niinisalo

@@ -1,7 +0,0 @@
-$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
-63646462633232383165393662366332363539326132373738626332663663356138303563393563
-3837663132336666326263366236363439376234326431660a656538633864373830386566363864
-33323837663339316265393065633030333637306661373938363436666664626565323664363136
-3461373766653266310a366534313830366562306430306339383038366238323137323531633734
-36333835663538643766353038356230326537623036343865396465383864346162313764383962
-6463623739633434653932336630663961613664383466666464

inventories/pvjjk-1vos-niinisalo/host_vars/argo.aito.tjas

@@ -1,6 +0,0 @@
-$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
-35313263303635393563313765663966353063383763346330343366636334626330663934663566
-3631316330623037373134393162656163656235326535650a386234656164653838663334633964
-66323161396432653739663461336563316336336130646639343766636334376138623738393731
-3339613630636264610a376439386432303230386362393633613633646463623339346464363466
-6533

inventories/pvjjk-1vos-niinisalo/host_vars/olympus.juva.tjas

@@ -1,140 +0,0 @@
-$ANSIBLE_VAULT;1.2;AES256;pvjjk-1vos-niinisalo
-30623437366534396537383865326662323361366635353366393830353631653137633734313939
-3234626566343537636530393332396630646162373566660a336662636264353136313539326162
-63396364643866313865393764353261353532666435323565643131303338626230653138613165
-6261663638616262650a313938316365326562366437333538346163336630656636323335326265
-64626230343738613139626664623238303063613666663733353732393334333630343364633737
-30656361363039643261386566313930386362323563613932303466646231383633393039633938
-38636663626461666531646635636233373061363533373839313430653834336365346461636161
-31393665656164666231643634343966636138623238626463633765636130323361376562303639
-37633432633633306632383465343430303031343234333565643034303935333937373436343663
-66373335393233343164643035363938333433636234643139646239653431633633363635616438
-63313264303935333938636264323965663061386438353763653066373863353061323363353334
-38383662303030666361316364303561363961623030613339323861313562383730646437373030
-62383537656663383331353937393735343130666634616238323532366164636164613463346265
-31373263613561616636636364393539306335343766343262356661383935373530663436376433
-64316162363461643337373465643035343730633132303137313734633536313131323530326632
-34316232323033363461313262633761326639663731356530343165626139383636383135353865
-35336465353964346134393535393731316135383832396538343464333232623431323933653439
-62623764363230396632343636373864313465373661626532353162303539373731363337373566
-32323664363864303034323432383932386363646536626334613663333130666362376632626633
-37613639343835613039353333323632316566376266363738386263323966396338383064386630
-65323939633439663137616266373933333164316436306563316635323865306139383863313636
-65326636376339643135303736343132306462363737396533366264356530663638366234613630
-35656332313364343735666536333065306539333161356337333737383164336136313763386236
-37343931636634356562323230386464316432663838373063653165376232373164396165326562
-62653234373332323461633333353133663336383165333035363566323162383237333932373462
-65336333343364666563313736633463636462656636636263356136303865626236386237666266
-64626138393462636663643635613737333764366565383234646231623437636465333237656336
-35666435353434303061633230366464346266303330383837613438383363643237656566313964
-31323734356537373266353935333034333232363931623432336663373937346561393639326136
-64306131356334303462643533356634613439613735313162663662623130356561656666326133
-66633330643561613761393363313763383938353938643434303863653539383639613236393236
-33393066363837663534336234373336616562363064653333313962623966356662383131663964
-33653438616533616336653130386131353533636561633665343462653461353563316139653130
-31613334363663336263636666376533396430373434653961346633386635646435323361393832
-33316439313436666236373435396262396230626162373964643038623537323562373833613765
-36383364323335376635323232383732646663623763303062656335613732393234383332626137
-36306463376635303161366338303639313639626362383865623632663563393866373736376262
-66393532346135386133326133346664393831363064313534353939666262343061663961333862
-38353337636138623362303365383365323535363036363033356165376163643730346366363131
-30653631333731646337643234303831653538326263366232313331343664336162646333626638
-39643832346431393032343637303330386461343663643334376365666334343033303638366631
-61333532343630373138363161633062613032343733393736376465383730363635663636363262
-38653230376666383763366534623733303961333939363662313230626466383534663333303766
-31323064666632623232666261393862636430373134616235373838383232633438653166313730
-30336562303338613764356130356330653638346537626139336230313436663362653137363739
-63366135396261626563666238353131653462656662326464373665323837613730326664313066
-62386166613036656533353336343339373862666464333961313765626238623261313562663835
-37663164623633616335343733396664333238656561653166636465343436346235386436333437
-32303036386666376464366136636263336439613762343161666433623462663830336464646534
-63666163346264333336346666316131316431333266663634633730663465643661396133646330
-66623831633064643265313764633230353934613638363133623034363837326137383461386632
-34313532636236363639623031313462373865383132333965346465383039393561313662313334
-65613561346138616231376235343664383935366262396462353835376333306165346231323635
-30343639333762343361376138666262613231613835393536343930616337633539336466333762
-39656630653065666662663636353062306634326339616335326164313233313936373039353363
-63346464623830373239656235346436636136373536383237386233306366613535633965333063
-31376462376165316463383837383238626361353635653536383630323633313937616637386639
-33383863376435393062623439323137643237356130333336313438353762353336376534343530
-39323135636665333233383564306136323235636663636565663365353837306635333638653663
-36616666306538653965663162653963336639376138386264323530393032323032663235326131
-38633565323265643962343231613837616361353531393536303133333639306363616534623362
-34326461396139336162626562383737653565633933383964626565343766393433353136643730
-38623034623538663566316239326636366465306236646630316664333536393265626334336136
-30323134393334313936366134653461646638653131323966626666333066323431626666626361
-38313263326236616532353235366332373966613934643334353665303663393039346263386564
-35346234393862666537613363303464376338313866346131633735383433363038313538313436
-66623636306239336437623361313136303032626166336430393530363966636635373331306265
-33633538333931653761646162313162336237626363303730383036386634643932366231326637
-35366266646534353233393361386133376339303831323631623539643033663034366138393039
-39383537363762666637396265376237386237343839346638373439346632333061343031663265
-39326461666633393163373362326464313236333163623461633234326437303732636136633533
-31343031653062316330396165353435373465613661306337373362363833383863313339376634
-32306337613963633731333865626264623834613530376632633939643032373138653333663233
-31656165326666376135633131323362386531653533653161303361663634323438613766356132
-66356436343763623463343163363966343539653966383338393964636435313666386336373831
-62313565653637613262616263313533333931633462623233666433646365373262306565373637
-61366663373364663961623338393732366364636639326532396136323566303034306535366435
-32316366636362346531363364313139313764626565613662306638336533666163653439373533
-62633065643337333366383131353661326139663336643030323836353837626536383331646135
-30323063333739636430316532646532323763663661306636623664316133306361653831333434
-61313433326362336533383665323162326134663039663663353333633030616465323932363162
-34386331386164363234653838633933653862386139353239636237663335356630386364346266
-65633438393465666136623163636638626565653631623563613532393634646430316661623233
-39663865306561613532376639663266623263393531313938616639383262646632623165656631
-32663664383130353639373231393637613435663366333165663464646332626361336138326635
-33646439663465666338373936333939306362653239303337333639643461363932376237353466
-63663763353166356531666461303738626463373932633930663132633033356630656537643462
-36633937643535653635303032373166336664383863353364393832383330353133366431353035
-65663432363834366430343461316237343335396238666134646665613532356361346562633365
-63353566326361663632333838343564313032333937386330626238346435633835386432363836
-34373333323663316431623834636238666363356531646365313336613936313331643933373439
-65346638306566353965343037653934333632383232366537313662313432333136316335336431
-62323064663633396633623737326336636633346562316539636231366363633639333861653534
-38373465666532386638313536316136616364323861326137373465613833623339386265316265
-39343739393237353736653130356535616137353233376366666630623930613733333764616533
-63656366383634356135336466383633616637373165646231656631656132666636333438613761
-64333534653465353539306563616638666434383539643536663566366263343835633637666434
-39383762353830613139633939643765653234393365316236393939303633353539643838356433
-37646139383162353532393235333566613536623637623238353634343866653565663966613037
-39343931363161376566363966653161383339373666306531396664353639353336323835316565
-62383763343438366362343733313632326537353166393233376336313031663431393962663465
-64363933363164363134306265656634643364633131353534653266623736636132656362646665
-65356465303130376534626133363536633136663465323333386138306534343963366338643166
-34333536353966333230346632633339373430346331626264613333376536613738366239326235
-34393065326431663966393731383530386636343163313963383334313963356338313139626339
-38323135366464333462643662643765646433366233343233313363633661636266643263363665
-63303331663935333732303961326137323164366637666235616639396662313634303130303239
-63663065313439393166323930303264643664626462396566356330353838646366306636666135
-65323264323062333937386230363763346666336236643639623061663762363430656566333939
-30333263323631666361623136336330333531636161363162363639623336336265636561623435
-38323337643533396536303532353930353961346130316331633532666163396165613464626265
-61386465613739303764373632383365313462653662303864363563646162396639333439633565
-39303232393838396331343865623333303262336631306564326363383130623661666131363365
-63383232306266646565656132663162313934346461623763313633366365326535346531346363
-37316139616664636636666130653964613365666233316238666363356361353838393532656437
-30303463306236616330373239653632343937353235336466386331303537333365636463616565
-39343964623665346566656435373139353131366432323865636135613131633336376537393462
-64643130393439643939393931636439626330333663306639313932316662613635666164343033
-61633931653839616337386336653934373731393361363262383039656563656165663866653463
-30333130646339623936623231643936633838626165323338363438306330313932623131643362
-35643030343663313033623536336564376432616131653633623034366232663662636261393130
-38343233336631376265343361626164323465346565326566363836396336616365666361386362
-62306366336465323038336561373661336364653466333962353639396266396439613665396565
-31383734383731653833356230393830313631326530346637353261616435666666313637653135
-34373934663561396330643339353338363439373131303865633834643637623335393363653932
-63386666363434616562393934323335333433663161383731386234616637653761396465343261
-62376264313338356536383063633562663664386263373431666630636335653433633336356238
-31363365663334306639386361353565333131383635336661393231383635306438303862643630
-32393561643831333366393335383331383939653737366565653661323164636262346439336166
-65363439653631366235383864646536326264353836316130626666653939663734343838376434
-30323232393536666434373138323732373735643965646432623631383263393435616566346336
-33393566623338356265336437386439376430613665313936393532343939663662663066353738
-65343963383136373936613363363665656232646265303837373962353432626563643966386665
-38316635316431616238373038333661336638306434653065326431633262363838616134666138
-33623861313665663032323130623033326635353365303038383661656263396636666538636638
-35386330633632396338376631623462326532616433383537633063323863343733356166636233
-39326437646466333939623064623834616136316236356161633062326435616563653432666230
-62303963653961356466653261373164646633373036303264663139383765303933663937326464
-653761383338613261393762653934303361

inventories/pvjjk-1vos-niinisalo/hosts.yml

@@ -1,9 +0,0 @@
----
-pvjjk_1vos_niinisalo:
-  hosts:
-    argo.aito.tjas:
-      hostname: argo.aito.tjas
-    olympus.juva.tjas:
-      hostname: olympus.juva.tjas
-  vars:
-    ansible_python_interpreter: /usr/bin/python3

maintainer.sh

@@ -18,7 +18,7 @@ echo "
    \`--'    \`-----'   \`--' \`--' \`-----'
 "
 echo "
-TIETOJÄRJESTELMÄASENTAJIEN INTRA
+TIETOJÄRJESTELMÄASENTAJIEN INFRA
 MAINTAINER SCRIPT
 "
 echo -n "${normal}"

protect.sh

@@ -18,23 +18,23 @@ echo "
    \`--'    \`-----'   \`--' \`--' \`-----'
 "
 echo "
-TIETOJÄRJESTELMÄASENTAJIEN INTRA
+TIETOJÄRJESTELMÄASENTAJIEN INFRA
 PROTECT SCRIPT
 "
 echo -n "${normal}"
 action=$1
 
 encrypt() {
-    execute "ansible-vault encrypt --vault-id $1@vault/$1" $1
+    execute "ansible-vault encrypt --vault-id infra@vault/infra"
 }
 
 decrypt() {
-    execute "ansible-vault decrypt --vault-id $1@vault/$1" $1
+    execute "ansible-vault decrypt --vault-id infra@vault/infra"
 }
 
 list() {
     i=0
-    for file in inventories/$1/group_vars/* inventories/$1/host_vars/*;
+    for file in inventories/hosts.yml inventories/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -43,7 +43,7 @@ list() {
 
 execute() {
 i=0
-for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
+for file in inventories/hosts.yml inventories/host_vars/*;
     do
         i=$((i + 1))
         echo $i")"$file
@@ -55,15 +55,15 @@ for file in inventories/$2/group_vars/* inventories/$2/host_vars/*;
 case $action in
     encrypt)
         echo "${underline}Encrypting...${nounderline}"
-        encrypt pvjjk-1vos-niinisalo
+        encrypt
         ;;
     decrypt)
         echo "${underline}Decrypting...${nounderline}"
-        decrypt pvjjk-1vos-niinisalo
+        decrypt
         ;;
     list)
         echo "${underline}Listing...${nounderline}"
-        list pvjjk-1vos-niinisalo
+        list
         ;;
     *)
         echo "${underline}HELP${nounderline}"

tasks.yml

@@ -8,8 +8,6 @@
   tasks:
     - name: "Installer"
       import_tasks: tasks/installer.yml
-      vars:
-        ansible_python_interpreter: "/root/.venv/ansible/bin/python3"
       when:
         - inventory_hostname == "olympus.juva.tjas"
       tags:
@@ -18,8 +16,6 @@
 
     - name: "Maintenance"
       import_tasks: tasks/maintenance.yml
-      vars:
-        ansible_python_interpreter: "/root/.venv/ansible/bin/python3"
       when:
         - inventory_hostname == "olympus.juva.tjas"
       tags:
@@ -28,8 +24,6 @@
 
     - name: "Deployer"
       import_tasks: tasks/deployer.yml
-      vars:
-        ansible_python_interpreter: "/root/.venv/ansible/bin/python3"
       when:
         - inventory_hostname == "olympus.juva.tjas"
       tags:

tasks/deployer.yml

@@ -1,4 +1,10 @@
 ---
+- name: "Migrater"
+  ansible.builtin.import_tasks:
+    file: 'tasks/migrater.yml'
+  tags:
+    - migrater
+
 - name: "Deployer - SSH - Add Authorized Keys"
   ansible.builtin.template:
     src: './files/ssh/authorized_keys'
@@ -68,7 +74,7 @@
 
 - name: "Deployer - Yggdrasil - Build Image"
   containers.podman.podman_image:
-    name: pvjjk-1vos-niinisalo/yggdrasil
+    name: tjas-infra/yggdrasil
     tag: latest
     path: "/root/data/yggdrasil"
     build:
@@ -79,7 +85,7 @@
 - name: "Deployer - Yggdrasil - Run Container"
   containers.podman.podman_container:
     name: yggdrasil
-    image: pvjjk-1vos-niinisalo/yggdrasil:latest
+    image: tjas-infra/yggdrasil:latest
     state: started
     recreate: on
     network: host
@@ -121,7 +127,6 @@
     restart_policy: always
     env:
       MYSQL_ROOT_PASSWORD: "{{ config.mariadb.users.root.password }}"
-  register: deployerTaskM2
   when:
     - (deployerTaskM1 is defined and deployerTaskM1.changed) or deployerTaskM1 is undefined
   tags:
@@ -133,8 +138,6 @@
     host: "127.0.0.1"
     port: "3306"
     delay: 10
-  when:
-    - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
   tags:
     - mariadb
     - database
@@ -146,8 +149,6 @@
   register: task
   ignore_errors: yes
   changed_when: task.stdout.find("This installation of MariaDB is already upgraded") == -1
-  when:
-    - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
   tags:
     - mariadb
     - database
@@ -166,7 +167,6 @@
     label: "{{ user }}"
     loop_var: "user"
   when:
-    - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
     - config.mariadb.users is defined
     - config.mariadb.users[user] is defined
     - config.mariadb.users[user].username is defined
@@ -187,7 +187,6 @@
     label: "{{ user }}"
     loop_var: "user"
   when:
-    - (deployerTaskM2 is defined and deployerTaskM2.changed) or deployerTaskM2 is undefined
     - config.mariadb.users is defined
     - config.mariadb.users[user] is defined
     - config.mariadb.users[user].username is defined
@@ -199,8 +198,7 @@
 
 - name: "Deployer - Kea - Install"
   ansible.builtin.apt:
-    name:
-      - kea
+    name: kea
     state: latest
 
 - name: "Deployer - Kea - Configure - DHCP4"
@@ -393,6 +391,79 @@
     - powerdns-authorative
     - dns
 
+- name: "Deployer - PowerDNS Authorative - Configure - Create Zone"
+  ansible.builtin.uri:
+    url: "http://127.0.0.1:8081/api/v1/servers/localhost/zones"
+    method: POST
+    headers:
+      X-API-Key: "{{ config.powerdns.apiKey }}"
+    status_code:
+      - 201
+      - 409
+    body_format: json
+    body: "{{ zone | to_json }}"
+  register: task
+  vars:
+    zone:
+      name: "tjas."
+      kind: native
+      ttl: 86400
+  changed_when:
+    - task.status == 201
+  failed_when:
+    - task.status != 201
+    - task.status != 409
+  tags:
+    - powerdns-authorative
+    - dns
+
+- name: "Deployer - PowerDNS Authorative - Configure - Create Records"
+  ansible.builtin.uri:
+    url: "http://127.0.0.1:8081/api/v1/servers/localhost/zones/tjas."
+    method: PATCH
+    headers:
+      X-API-Key: "{{ config.powerdns.apiKey }}"
+    status_code:
+      - 204
+    body_format: json
+    body: "{{ records | to_json }}"
+  register: task
+  vars:
+    records:
+      rrsets:
+        - name: "tjas."
+          type: A
+          ttl: 3600
+          changetype: REPLACE
+          records:
+            - content: "192.168.2.10"
+              disabled: false
+        - name: "tjas."
+          type: AAAA
+          ttl: 3600
+          changetype: REPLACE
+          records:
+            - content: "201:a6d:ce01:bbe7:2189:66fe:bdb0:17ae"
+              disabled: false
+        - name: "*.tjas."
+          type: A
+          ttl: 3600
+          changetype: REPLACE
+          records:
+            - content: "192.168.2.10"
+              disabled: false
+        - name: "*.tjas."
+          type: AAAA
+          ttl: 3600
+          changetype: REPLACE
+          records:
+            - content: "201:a6d:ce01:bbe7:2189:66fe:bdb0:17ae"
+              disabled: false
+  changed_when:
+    - task.status == 204
+  tags:
+    - powerdns-authorative
+    - dns
 
 - name: "Deployer - PowerDNS Recursor - Configure - Create Folder"
   ansible.builtin.file:
@@ -570,6 +641,21 @@
     - openssl
     - www
 
+- name: "Deployer - OpenSSL - Configure - Copy Certificate / Root"
+  ansible.builtin.copy:
+    src: "/root/data/openssl/root/cert.pem"
+    dest: "/usr/local/share/ca-certificates/root.crt"
+  tags:
+    - openssl
+    - www
+
+- name: "Deployer - OpenSSL - Configure - CA Certificates Update"
+  ansible.builtin.command:
+    cmd: update-ca-certificates
+  tags:
+    - openssl
+    - www
+
 - name: "Deployer - OpenSSL - Configure - Generate Certificate / Intermediate"
   community.crypto.x509_certificate:
     path: "/root/data/openssl/{{ cert }}/cert.pem"
@@ -599,6 +685,7 @@
     ownca_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/cert.pem"
     ownca_privatekey_path: "/root/data/openssl/{{ config.openssl.certificates[cert].issuer }}/privkey.pem"
     ownca_not_after: "+30d"
+  register: deployerTaskO1
   loop: "{{ config.openssl.certificates.keys() | list }}"
   loop_control:
     label: "{{ cert }}"
@@ -695,14 +782,22 @@
       - "/root/data/openssl/{{ hostname }}/:/etc/nginx/certs/:ro"
     restart_policy: always
   when:
-    - (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined
+    - (deployerTaskN1 is defined and deployerTaskN1.changed) or deployerTaskN1 is undefined or (deployerTaskN2 is defined and deployerTaskN2.changed) or deployerTaskN2 is undefined or (deployerTaskO1 is defined and deployerTaskO1.changed) or deployerTaskO1 is undefined
   tags:
     - nginx
     - www
 
+- name: "Deployer - Uptime Kuma - Files - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/uptime-kuma/"
+    state: directory
+  tags:
+    - uptime-kuma
+    - status
+
 - name: "Deployer - Uptime Kuma - Pull Image"
   containers.podman.podman_image:
-    name: docker.io/louislam/uptime-kuma:latest
+    name: docker.io/louislam/uptime-kuma
     tag: latest
   register: deployerTaskU1
 
@@ -714,26 +809,79 @@
     recreate: on
     network: host
     volumes:
-      - "/root/data/uptime-kuma/:/app/data"
+      - "/root/data/uptime-kuma:/app/data"
+      - "/root/data/openssl/root/cert.pem:/usr/local/share/ca-certificates/root.crt"
     restart_policy: always
     env:
       HOST: 127.0.0.1
       PORT: 3001
+      NODE_EXTRA_CA_CERTS: /usr/local/share/ca-certificates/root.crt
   when:
     - (deployerTaskU1 is defined and deployerTaskU1.changed) or deployerTaskU1 is undefined
   tags:
     - uptime-kuma
     - status
 
+- name: "Deployer - Keycloak - Files - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/keycloak/"
+    state: directory
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keycloak - Files - Create Subfolders"
+  ansible.builtin.file:
+    dest: '/root/data/keycloak/{{ item.path }}'
+    state: directory
+  with_filetree: './files/keycloak/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'directory'
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keycloak - Files - Generating & Transferring Files"
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '/root/data/keycloak/{{ item.path }}'
+  register: deployerTaskC1
+  with_filetree: './files/keycloak/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+    - not item.path.endswith('.ttf')
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keycloak - Files - Transferring Files"
+  ansible.builtin.copy:
+    src: '{{ item.src }}'
+    dest: '/root/data/keycloak/{{ item.path }}'
+  register: deployerTaskC2
+  with_filetree: './files/keycloak/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+    - item.path.endswith('.ttf')
+  tags:
+    - keycloak
+    - sso
+
 - name: "Deployer - Keycloak - Pull Image"
   containers.podman.podman_image:
-    name: quay.io/keycloak/keycloak:latest
+    name: quay.io/keycloak/keycloak
     tag: latest
-  register: deployerTaskC1
+  register: deployerTaskC3
 
 - name: "Deployer - Keacloak - Run Container"
   containers.podman.podman_container:
-    name: keacloak
+    name: keycloak
     image: quay.io/keycloak/keycloak:latest
     state: started
     recreate: on
@@ -743,16 +891,643 @@
     restart_policy: always
     env:
       BIND: "127.0.0.1"
-      KEYCLOAK_ADMIN: "{{ config.keycloak.admin.username }}"
-      KEYCLOAK_ADMIN_PASSWORD: "{{ config.keycloak.admin.password }}"
+      KEYCLOAK_ADMIN: "{{ config.keycloak.users.admin.username }}"
+      KEYCLOAK_ADMIN_PASSWORD: "{{ config.keycloak.users.admin.password }}"
       PROXY_ADDRESS_FORWARDING: "true"
       KC_DB_URL: "jdbc:mariadb://127.0.0.1:3306/{{ config.mariadb.users['keycloak'].database }}?user={{ config.mariadb.users['keycloak'].username }}&password={{ config.mariadb.users['keycloak'].password }}"
       KC_FEATURES: "preview"
       JAVA_OPTS_APPEND: "-Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true"
-  command: "start --db mariadb --hostname-strict false --proxy-headers xforwarded --http-enabled true --spi-theme-welcome-theme=pvjjk-tjas --log-level=ERROR"
+    command: "start --db mariadb --hostname-strict false --proxy-headers xforwarded --http-enabled true --spi-theme-welcome-theme=pvjjk-tjas --log-level=ERROR"
   when:
-    - (deployerTaskC1 is defined and deployerTaskC1.changed) or deployerTaskC1 is undefined
+    - (deployerTaskC1 is defined and deployerTaskC1.changed) or deployerTaskC1 is undefined or (deployerTaskC2 is defined and deployerTaskC2.changed) or deployerTaskC2 is undefined or (deployerTaskC3 is defined and deployerTaskC3.changed) or deployerTaskC3 is undefined
   tags:
     - keycloak
     - sso
 
+- name: "Deployer - Keacloak - Configure - Wait"
+  ansible.builtin.wait_for:
+    host: "127.0.0.1"
+    port: 8080
+    delay: 30
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Groups : Create"
+  community.general.keycloak_group:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    name: "{{ group }}"
+  vars:
+    task_vars:
+      groups:
+        - admin
+        - users
+  loop: "{{ task_vars.groups }}"
+  loop_control:
+    label: "{{ group }}"
+    loop_var: group
+
+- name: "Deployer - Keacloak - Configure - Users : Create"
+  community.general.keycloak_user:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    username: "{{ config.keycloak.users[username].username }}"
+    email: "{{ username }}@tjas"
+    emailVerified: on
+    credentials:
+      - type: password
+        value: "{{ config.keycloak.users[username].password }}"
+        temporary: false
+    groups: "{{ config.keycloak.users[username].groups | map('regex_replace', '^(.*)$', '{\"name\": \"\\1\", \"state\": \"present\"}') | map('from_json') | list }}"
+    enabled: on
+    state: present
+  loop: "{{ config.keycloak.users.keys() | list }}"
+  loop_control:
+    label: "{{ username }}"
+    loop_var: username
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Modify"
+  community.general.keycloak_realm:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    displayName: "PVJJK TJAS"
+    display_name_html: ""
+    enabled: on
+    state: present
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Login"
+  community.general.keycloak_realm:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    rememberMe: on
+    loginWithEmailAllowed: off
+    duplicateEmailsAllowed: on
+    verifyEmail: off
+    editUsernameAllowed: on
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Themes"
+  community.general.keycloak_realm:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    loginTheme: "pvjjk-tjas"
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Client Scopes"
+  community.general.keycloak_clientscope:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    name: "groups"
+    protocol: openid-connect
+    protocol_mappers:
+      - name: groups
+        protocol: openid-connect
+        protocolMapper: oidc-group-membership-mapper
+        config:
+          claim.name: groups
+          userinfo.token.claim: "true"
+    state: present
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Client Scopes : Types"
+  community.general.keycloak_clientscope_type:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    default_clientscopes: "{{ default }}"
+    optional_clientscopes: "{{ optional }}"
+  vars:
+    default:
+      - acr
+      - basic
+      - email
+      - profile
+      - role_list
+      - roles
+      - saml_organization
+      - web-origins
+    optional:
+      - address
+      - groups
+      - microprofile-jwt
+      - offline_access
+      - organization
+      - phone
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - User Profile"
+  community.general.keycloak_userprofile:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    config:
+      kc_user_profile_config:
+        - unmanagedAttributePolicy: ADMIN_EDIT
+    state: present
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Users : Configure - Attributes"
+  community.general.keycloak_user:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    username: "{{ config.keycloak.users.admin.username }}"
+    email: "{{ config.keycloak.users.admin.username }}@tjas"
+    emailVerified: on
+    attributes:
+      - name: is_temporary_admin
+        values: "false"
+    state: present
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Clients"
+  community.general.keycloak_client:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    client_id: "{{ sso.client.id }}"
+    secret: "{{ sso.client.secret }}"
+    name: "{{ sso.client.name }}"
+    publicClient: false
+    baseUrl: "{{ sso.client.url.base }}"
+    redirectUris: "{{ sso.client.url.redirect }}"
+    default_client_scopes: "{{ default | ansible.builtin.difference(sso.scope.split(' ')[1:]) }}"
+    optional_client_scopes: "{{ optional + sso.scope.split(' ')[1:] }}"
+    state: present
+  vars:
+    default:
+      - acr
+      - basic
+      - email
+      - profile
+      - role_list
+      - roles
+      - saml_organization
+      - web-origins
+    optional:
+      - address
+      - microprofile-jwt
+      - offline_access
+      - organization
+      - phone
+  loop: "{{ hostvars | json_query('*.config[].*.integrations.sso') | flatten(1)  }}"
+  loop_control:
+    label: "{{ sso.client.id }}"
+    loop_var: "sso"
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Keacloak - Configure - Realms : Configure - Clients : Scopes"
+  community.general.keycloak_clientscope_type:
+    auth_keycloak_url: "http://127.0.0.1:8080"
+    auth_realm: master
+    auth_username: "{{ config.keycloak.users.admin.username }}"
+    auth_password: "{{ config.keycloak.users.admin.password }}"
+    realm: "master"
+    client_id: "{{ sso.client.id }}"
+    default_clientscopes: "{{ default | ansible.builtin.difference(sso.scope.split(' ')[1:]) }}"
+    optional_clientscopes: "{{ optional + sso.scope.split(' ')[1:] }}"
+  vars:
+    default:
+      - acr
+      - basic
+      - email
+      - profile
+      - role_list
+      - roles
+      - saml_organization
+      - web-origins
+    optional:
+      - address
+      - microprofile-jwt
+      - offline_access
+      - organization
+      - phone
+  loop: "{{ hostvars | json_query('*.config[].*.integrations.sso') | flatten(1)  }}"
+  loop_control:
+    label: "{{ sso.client.id }}"
+    loop_var: "sso"
+  tags:
+    - keycloak
+    - sso
+
+- name: "Deployer - Nextcloud - Files - Create Folder"
+  ansible.builtin.file:
+    path: "/root/data/nextcloud/{{ folder }}"
+    state: directory
+    owner: www-data
+    group: www-data
+  loop: "{{ folders }}"
+  loop_control:
+    label: "{{ folder }}"
+    loop_var: "folder"
+  vars:
+    folders:
+      - html
+      - config
+      - apps
+      - data
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Files - Create Subfolders"
+  ansible.builtin.file:
+    dest: '/root/data/nextcloud/{{ item.path }}'
+    state: directory
+    owner: www-data
+    group: www-data
+  with_filetree: './files/nextcloud/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'directory'
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Files - Generating & Transferring Files"
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '/root/data/nextcloud/{{ item.path }}'
+  register: deployerTaskE1
+  with_filetree: './files/nextcloud/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Pull Image"
+  containers.podman.podman_image:
+    name: docker.io/library/nextcloud
+    tag: production
+  register: deployerTaskE2
+
+- name: "Deployer - Nextcloud - Run Container"
+  containers.podman.podman_container:
+    name: nextcloud
+    image: "docker.io/library/nextcloud:production"
+    state: started
+    restart: yes
+    network_mode: host
+    volumes:
+      - "/root/data/nextcloud/html:/var/www/html"
+      - "/root/data/nextcloud/config:/var/www/html/config"
+      - "/root/data/nextcloud/apps:/var/www/html/custom_apps"
+      - "/root/data/nextcloud/data:/var/www/html/data"
+      - "/root/data/nextcloud/config/apache2/ports.conf:/etc/apache2/ports.conf:ro"
+      - "/root/data/nextcloud/config/apache2/sites-enabled/000-default.conf:/etc/apache2/sites-enabled/000-default.conf:ro"
+    restart_policy: always
+    env:
+      MYSQL_HOST: "127.0.0.1"
+      MYSQL_DATABASE: "{{ config.mariadb.users['nextcloud'].database }}"
+      MYSQL_USER: "{{ config.mariadb.users['nextcloud'].username }}"
+      MYSQL_PASSWORD: "{{ config.mariadb.users['nextcloud'].password }}"
+      NEXTCLOUD_ADMIN_USER: "{{ config.nextcloud.users.admin.username }}"
+      NEXTCLOUD_ADMIN_PASSWORD: "{{ config.nextcloud.users.admin.password }}"
+      NEXTCLOUD_TRUSTED_DOMAINS: "cloud.tjas"
+      OVERWRITEPROTOCOL: "https"
+  when:
+    - (deployerTaskE1 is defined and deployerTaskE1.changed) or deployerTaskE1 is undefined or (deployerTaskE2 is defined and deployerTaskE2.changed) or deployerTaskE2 is undefined
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Wait"
+  ansible.builtin.shell:
+    cmd: "podman logs nextcloud"
+  register: task
+  changed_when:
+    - task.stdout.find('Nextcloud was successfully installed') != -1
+  until:
+    - task.stdout.find('Nextcloud was successfully installed') != -1 or task.stdout.find('Searching for scripts (*.sh) to run, located in the folder') != -1
+  retries: 5
+  delay: 150
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Maintenance Mode : Disable"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ maintenance:mode --off"
+  register: task
+  ignore_errors: yes
+  changed_when:
+    - task.stdout != 'Maintenance mode already disabled'
+  retries: 5
+  delay: 150
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Upgrade"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ upgrade"
+  register: task
+  ignore_errors: yes
+  changed_when:
+    - task.stdout != 'No upgrade required.'
+  retries: 5
+  delay: 150
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Database : Add Missing Indices"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ db:add-missing-indices"
+  register: task
+  ignore_errors: yes
+  changed_when:
+    - task.stdout.find('table updated successfully') != -1
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Database : Add Missing Columns"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ db:add-missing-columns"
+  register: task
+  ignore_errors: yes
+  changed_when:
+    - task.stdout.find('Done') != -1
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Maintenance : Repair"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ maintenance:repair --include-expensive"
+  register: task
+  ignore_errors: yes
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Maintenance : Mimetypes : Database"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ maintenance:mimetype:update-db"
+  register: task
+  ignore_errors: yes
+  changed_when:
+    - task.stdout.find('Added mimetype') != -1
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Maintenance : Mimetypes : Javascript"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ maintenance:mimetype:update-js"
+  register: task
+  ignore_errors: yes
+  changed_when:
+    - task.stdout.find('mimetypelist.js is updated') != -1
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - System : Configure"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ config:system:set {{ entry.key }} --type={% if entry.value is defined and (entry.value == 'true' or entry.value == 'false') %}boolean{% else %}string{% endif %} --value={{ entry.value }}"
+  vars:
+    entries:
+      auth.webauthn.enabled: "false"
+  loop: "{{ entries | ansible.builtin.dict2items }}"
+  loop_control:
+    label: "{{ entry.key }}"
+    loop_var: "entry"
+  register: task
+  changed_when:
+    - task.stdout.find('set to string') != -1 or task.stdout.find('set to boolean') != -1
+  ignore_errors: yes
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Applications : Disable"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ app:disable {{ application.identifier }}"
+  vars:
+    applications:
+      - name: "Circles"
+        identifier: "circles"
+      - name: "Contacts Interaction"
+        identifier: "contactsinteraction"
+      - name: "Federation"
+        identifier: "federation"
+      - name: "First run wizard"
+        identifier: "firstrunwizard"
+      - name: "Nextcloud announcements"
+        identifier: "nextcloud_announcements"
+      - name: "Recommendations"
+        identifier: "recommendations"
+      - name: "Support"
+        identifier: "support"
+      - name: "Usage survey"
+        identifier: "survey_client"
+      - name: "User status"
+        identifier: "user_status"
+      - name: "Weather status"
+        identifier: "weather_status"
+  loop: "{{ applications }}"
+  loop_control:
+    label: "{{ application.name }}"
+    loop_var: "application"
+  register: task
+  changed_when:
+    - task.stdout.find('No such app enabled') == -1
+  ignore_errors: yes
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Applications : Enable"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ app:enable {{ application.identifier }}"
+  vars:
+    applications:
+      - name: "Calendar"
+        identifier: "calendar"
+      - name: "Contacts"
+        identifier: "contacts"
+      - name: "Tasks"
+        identifier: "tasks"
+      - name: "OpenID Connect Login"
+        identifier: "oidc_login"
+  loop: "{{ applications }}"
+  loop_control:
+    label: "{{ application.name }}"
+    loop_var: "application"
+  register: task
+  changed_when:
+    - task.stdout.find('already enabled') == -1
+  ignore_errors: yes
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Applications : Install"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ app:install {{ application.identifier }}"
+  vars:
+    applications:
+      - name: "Custom CSS"
+        identifier: theming_customcss
+      - name: "Welcome"
+        identifier: welcome
+      - name: "Unrounded Corners"
+        identifier: unroundedcorners
+      - name: "Whiteboard"
+        identifier: whiteboard
+  loop: "{{ applications }}"
+  loop_control:
+    label: "{{ application.name }}"
+    loop_var: "application"
+  register: task
+  changed_when:
+    - task.stdout.find('already installed') == -1
+  failed_when:
+    - task.stdout.find('installed') == -1
+    - task.stdout.find('already installed') == -1
+  ignore_errors: yes
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Applications : Update"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ app:update --all"
+  register: task
+  changed_when:
+    - task.stdout.find('updated') != -1
+  ignore_errors: yes
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Applications : Configure - OpenID Connect Login"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ config:system:set {{ entry.key }} --type={% if entry.value is defined and (entry.value == 'true' or entry.value == 'false') %}boolean{% else %}string{% endif %} --value={{ entry.value }}"
+  vars:
+    entries:
+      oidc_login_client_id: "{{ config.nextcloud.integrations.sso.client.id }}"
+      oidc_login_client_secret: "{{ config.nextcloud.integrations.sso.client.secret }}"
+      oidc_login_provider_url: "https://sso.tjas/realms/master"
+      oidc_login_end_session_redirect: "true"
+      oidc_login_logout_url: "https://cloud.tjas/apps/oidc_login/oidc"
+      oidc_login_auto_redirect: "true"
+      oidc_login_redir_fallback: "true"
+      "oidc_login_attributes id": "preferred_username"
+      "oidc_login_attributes mail": "email"
+      oidc_login_scope: "'{{ config.nextcloud.integrations.sso.scope }}'"
+      overwriteprotocol: "https"
+      allow_user_to_change_display_name: "false"
+      lost_password_link: disabled
+      oidc_login_button_text: "'PVJJK TJAS'"
+      oidc_login_hide_password_form: "true"
+      "oidc_login_attributes groups": "groups"
+      oidc_login_disable_registration: "false"
+      oidc_create_groups: "true"
+      oidc_login_webdav_enabled: "true"
+      oidc_login_password_authentication: "false"
+  loop: "{{ entries | ansible.builtin.dict2items }}"
+  loop_control:
+    label: "{{ entry.key }}"
+    loop_var: "entry"
+  register: task
+  changed_when:
+    - task.stdout.find('set to string') != -1 or task.stdout.find('set to boolean') != -1
+  ignore_errors: yes
+  tags:
+    - nextcloud
+    - cloud
+
+- name: "Deployer - Nextcloud - Configure - Maintenance Mode : Disable"
+  containers.podman.podman_container_exec:
+    name: nextcloud
+    user: www-data
+    command: "./occ maintenance:mode --off"
+  register: task
+  ignore_errors: yes
+  changed_when:
+    - task.stdout != 'Maintenance mode already disabled'
+  retries: 5
+  delay: 150
+  tags:
+    - nextcloud
+    - cloud

tasks/installer.yml

@@ -1,35 +1,35 @@
 ---
-- name: "Init : Python 3 : Install"
+- name: "Installer : Python 3 : Install"
   ansible.builtin.raw: apt install -y python3 python3-pip python3-setuptools python3-venv python3-dev
   register: task
   changed_when:
     - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
 
-- name: "Init: Python 3 : Libraries - APT"
+- name: "Installer: Python 3 : Libraries - APT"
   ansible.builtin.raw: apt install -y python3-apt
   register: task
   changed_when:
     - "task.stdout.find('0 upgraded, 0 newly installed, 0 to remove') == -1"
 
-- name: "Init : Python 3 : Configure - Virtual Environment : Test"
-  ansible.builtin.raw: "/root/.venv/ansible/bin/pip3"
+- name: "Installer : Python 3 : Configure - Virtual Environment : Test"
+  ansible.builtin.raw: "/opt/ansible/bin/pip3"
   register: task632
   changed_when: false
   failed_when: false
 
-- name: "Init : Python 3 : Configure - Virtual Environment : Delete"
+- name: "Installer : Python 3 : Configure - Virtual Environment : Delete"
   ansible.builtin.file:
-    path: "/root/.venv/ansible"
+    path: "/opt/ansible"
     state: absent
   when:
     - "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
 
-- name: "Init : Python 3 : Configure - Virtual Environment : Create"
+- name: "Installer : Python 3 : Configure - Virtual Environment : Create"
   ansible.builtin.pip:
     name: pip
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Installer : Tools : Install"
@@ -78,6 +78,13 @@
   tags:
     - motd
 
+- name: "Installer : Resolv.conf : Configure - Copy File"
+  ansible.builtin.template:
+    src: './files/resolv.conf'
+    dest: '/etc/resolv.conf'
+  tags:
+    - resolv
+
 - name: "Installer : Networking : Configure - Copy Configuration"
   ansible.builtin.template:
     src: './files/networking/interfaces'
@@ -96,18 +103,27 @@
 
 - name: "Installer : FirewallD : Dependencies - Packages"
   ansible.builtin.apt:
-    name:
+    name: "{{ package }}"
+    state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    packages:
       - python3-firewall
       - iptables
-    state: latest
+  loop: "{{ packages }}"
+  loop_control:
+    label: "{{ package }}"
+    loop_var: "package"
   tags:
     - firewalld
     - firewall
 
 - name: "Installer : FirewallD : Install"
   ansible.builtin.apt:
-    name: "firewalld"
+    name: firewalld
     state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
   tags:
     - firewalld
     - firewall
@@ -129,6 +145,7 @@
     immediate: true
     offline: true
   vars:
+    ansible_python_interpreter: /usr/bin/python3
     services:
       - http
       - https
@@ -143,12 +160,47 @@
     - firewalld
     - firewall
 
+- name: "Installer : Ansible : Dependencies - Packages (APT / Debian & Ubuntu & Linux Mint)"
+  ansible.builtin.apt:
+    name: "{{ packages }}"
+    state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    packages:
+      - sshpass
+      - lsb-release
+  loop: "{{ packages }}"
+  loop_control:
+    label: "{{ package }}"
+    loop_var: "package"
+
+- name: "Installer : Ansible : Dependencies - Python Libraries"
+  ansible.builtin.pip:
+    name: "{{ library }}"
+    state: latest
+    extra_args: --upgrade
+    virtualenv: /opt/ansible
+    virtualenv_command: "python3 -m venv"
+  vars:
+    libraries:
+      - cryptography
+      - dnspython
+      - hvac
+      - jmespath
+      - netaddr
+      - pexpect
+      - xmltodict
+  loop: "{{ libraries }}"
+  loop_control:
+    label: "{{ library }}"
+    loop_var: "library"
+
 - name: "Installer - Ansible - Python Library"
   ansible.builtin.pip:
     name: ansible
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
   tags:
     - ansible
@@ -162,7 +214,7 @@
 
 - name: "Installer : Ansible : Create Symbolic Links"
   ansible.builtin.file:
-    src: /root/.venv/ansible/bin/{{ binary }}
+    src: /opt/ansible/bin/{{ binary }}
     dest: /root/bin/{{ binary }}
     state: link
   vars:
@@ -185,34 +237,12 @@
   tags:
     - ansible
 
-- name: "Installer - Ansible - Dependencies - Python Libraries"
-  ansible.builtin.pip:
-    name: "{{ library }}"
-    state: latest
-    extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
-    virtualenv_command: "python3 -m venv"
-  vars:
-    libraries:
-      - cryptography
-      - dnspython
-      - hvac
-      - jmespath
-      - netaddr
-      - pexpect
-  loop: "{{ libraries }}"
-  loop_control:
-    label: "{{ library }}"
-    loop_var: "library"
-  tags:
-    - ansible
-
 - name: "Installer : MariaDB : Dependencies - Python Library : pymysql"
   ansible.builtin.pip:
     name: pymysql
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
   tags:
     - mariadb
@@ -220,37 +250,46 @@
 
 - name: "Installer : MariaDB : Dependencies - Package : mariadb-client"
   ansible.builtin.apt:
-    name: "mariadb-client"
+    name: mariadb-client
     state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
   tags:
     - mariadb
     - database
 
 - name: "Installer : Podman : Install"
   ansible.builtin.apt:
-    name:
+    name: "{{ package }}"
+    state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    packages:
       - podman
       - podman-compose
       - netavark
       - buildah
       - slirp4netns
-    state: latest
+  loop: "{{ packages }}"
+  loop_control:
+    label: "{{ package }}"
+    loop_var: "package"
   tags:
     - podman
 
 - name: "Installer : Schedule : Maintenance"
   ansible.builtin.cron:
-    name: "{{ location | upper }} - Infra - Maintenance"
+    name: "Tietojärjestelmäasentajien Infra - Maintenance"
     hour: "*/3"
     minute: "0"
-    job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t maintenance"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t maintenance"
   tags:
     - cron
 
 - name: "Installer : Schedule : Deployer"
   ansible.builtin.cron:
-    name: "{{ location | upper }} - Infra - Deployer"
+    name: "Tietojärjestelmäasentajien Infra - Deployer"
     minute: "*/5"
-    job: "/root/.venv/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/pvjjk-1vos-niinisalo/infra --accept-host-key --private-key /root/.ssh/keys/pvjjk-1vos-niinisalo/infra --vault-password-file /root/.ansible/vault/pvjjk-1vos-niinisalo tasks.yml -t deployer"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t deployer"
   tags:
     - cron

tasks/maintenance.yml

@@ -4,7 +4,7 @@
     name: "{{ library }}"
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
   vars:
     libraries:
@@ -24,7 +24,7 @@
     name: ansible
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Maintenance : MariaDB : Dependencies / Python Library : pymysql"
@@ -32,7 +32,7 @@
     name: pymysql
     state: latest
     extra_args: --upgrade
-    virtualenv: /root/.venv/ansible
+    virtualenv: /opt/ansible
     virtualenv_command: "python3 -m venv"
 
 - name: "Maintenance : Podman : Prune"

tasks/migrater.yml

@@ -0,0 +1,133 @@
+---
+- name: "Migrater - Copy Secrets"
+  ansible.builtin.copy:
+    src: "{{ file.src }}"
+    dest: "{{ file.dest }}"
+  vars:
+    files:
+      - src: /root/.ssh/keys/{{ location | lower | replace('.', '') | replace(' ', '-') }}/infra
+        dest: /root/.ssh/keys/infra
+      - src: /root/.ansible/vault/{{ location | lower | replace('.', '') | replace(' ', '-') }}/infra
+        dest: /root/.ansible/vault/infra
+  loop: "{{ files }}"
+  loop_control:
+    label: "{{ file }}"
+    loop_var: "file"
+  when:
+    - file.src is ansible.builtin.file
+
+- name: "Migrater : Python 3 : Configure - Virtual Environment : Test"
+  ansible.builtin.raw: "/opt/ansible/bin/pip3"
+  register: task632
+  changed_when: false
+  failed_when: false
+
+- name: "Migrater : Python 3 : Configure - Virtual Environment : Delete"
+  ansible.builtin.file:
+    path: "/opt/ansible"
+    state: absent
+  when:
+    - "task632.stdout.find(\"ModuleNotFoundError: No module named 'pip'\") != -1"
+
+- name: "Migrater : Python 3 : Configure - Virtual Environment : Create"
+  ansible.builtin.pip:
+    name: pip
+    state: latest
+    extra_args: --upgrade
+    virtualenv: /opt/ansible
+    virtualenv_command: "python3 -m venv"
+
+- name: "Migrater : Ansible : Dependencies - Packages"
+  ansible.builtin.apt:
+    name: "{{ package }}"
+    state: latest
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    packages:
+      - sshpass
+      - lsb-release
+  loop: "{{ packages }}"
+  loop_control:
+    label: "{{ package }}"
+    loop_var: "package"
+
+- name: "Migrater : Ansible : Dependencies - Python Libraries"
+  ansible.builtin.pip:
+    name: "{{ library }}"
+    state: latest
+    extra_args: --upgrade
+    virtualenv: /opt/ansible
+    virtualenv_command: "python3 -m venv"
+  vars:
+    libraries:
+      - cryptography
+      - dnspython
+      - hvac
+      - jmespath
+      - netaddr
+      - pexpect
+      - xmltodict
+  loop: "{{ libraries }}"
+  loop_control:
+    label: "{{ library }}"
+    loop_var: "library"
+
+- name: "Migrater - Ansible - Python Library"
+  ansible.builtin.pip:
+    name: ansible
+    state: latest
+    extra_args: --upgrade
+    virtualenv: /opt/ansible
+    virtualenv_command: "python3 -m venv"
+  tags:
+    - ansible
+
+- name: "Migrater : Ansible : Create Symbolic Links"
+  ansible.builtin.file:
+    src: /opt/ansible/bin/{{ binary }}
+    dest: /bin/{{ binary }}
+    state: link
+  vars:
+    binaries:
+      - ansible
+      - ansible-community
+      - ansible-config
+      - ansible-console
+      - ansible-doc
+      - ansible-galaxy
+      - ansible-inventory
+      - ansible-playbook
+      - ansible-pull
+      - ansible-test
+      - ansible-vault
+  loop: "{{ binaries }}"
+  loop_control:
+    label: "{{ binary }}"
+    loop_var: "binary"
+  tags:
+    - ansible
+
+- name: "Migrater - Schedule : Maintenance"
+  ansible.builtin.cron:
+    name: "Tietojärjestelmäasentajien Infra - Maintenance"
+    hour: "*/3"
+    minute: "0"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t maintenance"
+
+- name: "Migrater - Schedule : Maintenance"
+  ansible.builtin.cron:
+    name: "Tietojärjestelmäasentajien Infra - Maintenance"
+    minute: "*/5"
+    job: "/opt/ansible/bin/ansible-pull -U ssh://git@github.com/cwchristerw/tjas-infra -d /root/.ansible/pull/infra --accept-host-key --private-key /root/.ssh/keys/infra --vault-password-file /root/.ansible/vault/infra tasks.yml -t deployer"
+
+- name: "Migrater - Schedule : Deployer"
+  ansible.builtin.cron:
+    name: "{{ location | upper }} - Infra - Deployer"
+    state: absent
+
+- name: "Migrater - Schedule : Maintenance"
+  ansible.builtin.cron:
+    name: "{{ location | upper }} - Infra - Maintenance"
+    state: absent
+  tags:
+    - cron