switched to roles

- all tasks/* have been moved to their own roles in roles/*
- each file && template is now oragnized per-role
- annotated each task which still isn't idempotent !TODO!

roles/blog/tasks/main.yml

@@ -4,6 +4,7 @@
     repo: "https://github.com/CPunch/openpunk.git"
     dest: "/var/www/{{ domain }}"
 
+# TODO: make idempotent
 - name: Build blog
   command:
     cmd: hugo
@@ -11,7 +12,7 @@
 
 - name: Install updateBlog script
   template:
-    src: templates/blog/updateBlog
+    src: templates/updateBlog
     dest: /usr/local/bin/updateBlog
     mode: u+rx
 

roles/deadswitch/tasks/main.yml

@@ -6,13 +6,13 @@
 
 - name: Install deadswitch script
   copy:
-    src: static/blog/deadswitch
+    src: deadswitch
     dest: /usr/local/bin/deadswitch
     mode: u+rx
 
 - name: Install imdead.sh
   copy:
-    src: static/blog/imdead.sh
+    src: imdead.sh
     dest: /root/deadman/imdead.sh
     mode: u+rx
 
@@ -22,6 +22,7 @@
     dest: /root/deadman/dead.patch
     mode: u+rw
 
+# TODO: make idempotent
 - name: Install deadtrigger
   file:
     name: /root/.deadtrigger

roles/essential/tasks/main.yml

@@ -1,7 +1,9 @@
 ---
+# TODO: make idempotent
 - name: Add Gitea repo key
   shell: curl -s https://packaging.gitlab.io/gitea/gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/morph027-gitea.gpg --import
 
+# TODO: make idempotent
 - name: Set key perms
   shell: sudo chmod 644 /etc/apt/trusted.gpg.d/morph027-gitea.gpg
 
@@ -30,6 +32,7 @@
       - zsh # :D
       - python3-certbot-nginx
 
+# TODO: make idempotent
 - name: Setup default shell (zsh)
   shell: chsh -s /usr/bin/zsh
 
@@ -41,6 +44,6 @@
 
 - name: Install .zshrc
   copy:
-    src: static/.zshrc
+    src: .zshrc
     dest: /root/.zshrc
     force: no

roles/firewall/tasks/main.yml

@@ -23,7 +23,7 @@
 
 - name: Copy fail2ban jail config
   copy:
-    src: static/fail2ban/jails.local
+    src: jails.local
     dest: /etc/fail2ban/jail.d/jails.local
 
 - name: Enable fail2ban service

roles/git/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Setup git config
   copy:
-    src: static/.gitconfig
+    src: .gitconfig
     dest: /root/.gitconfig
     owner: root
     mode: u=rw,g=,o=
@@ -9,6 +9,7 @@
 # make sure our vps trusts the github.com key signature. we pipe the output
 # of ssh-keyscan into .ssh/known_hosts
 
+# TODO: make idempotent
 - name: Scan for SSH host keys
   command: ssh-keyscan github.com 2>/dev/null
   register: ssh_scan

roles/gitea/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Configure Gitea
   template:
-    src: templates/gitea/app.ini
+    src: app.ini
     dest: /etc/gitea/app.ini
     owner: gitea
     force: no # we don't want to kill our existing config D:

roles/goaccess/tasks/main.yml

@@ -1,5 +1,5 @@
 ---
 - name: Copy goaccess config
   copy:
-    src: static/goaccess/goaccess.conf
+    src: goaccess.conf
     dest: /etc/goaccess/goaccess.conf

roles/nginx/tasks/main.yml

@@ -1,9 +1,12 @@
 ---
+
+# TODO: make idempotent
 - name: Remove default nginx config
   file:
     name: /etc/nginx/sites-enabled
     state: absent
 
+# TODO: make idempotent
 - name: Restore sites-enabled
   file:
     name: /etc/nginx/sites-enabled
@@ -11,7 +14,7 @@
 
 - name: Install system nginx config
   copy:
-    src: static/nginx/nginx.conf
+    src: nginx.conf
     dest: /etc/nginx/nginx.conf
 
 # setup our configs for each host (we don't want to 
@@ -20,19 +23,19 @@
 
 - name: Install nginx config for {{ domain }}
   template:
-    src: templates/nginx/site.conf
+    src: templates/site.conf
     dest: /etc/nginx/conf.d/{{ domain }}.conf
     force: no
 
 - name: Install nginx config for git.{{ domain }}
   template:
-    src: templates/nginx/gitea.conf
+    src: templates/gitea.conf
     dest: /etc/nginx/conf.d/git.{{ domain }}.conf
     force: no
 
 - name: Install nginx config for our Hidden Service
   template:
-    src: templates/nginx/tor.conf
+    src: templates/tor.conf
     dest: /etc/nginx/conf.d/tor-{{ domain }}.conf
     force: no
 

roles/tor/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: Install torrc
   template:
-    src: templates/tor/torrc
+    src: torrc
     dest: /etc/tor/torrc
     owner: root
     group: root
@@ -23,7 +23,7 @@
     group: debian-tor
     mode: u=rw,g=,o=
 
-- name: Reload Tor
+- name: Enable Tor Service
   systemd:
     name: tor
     enabled: yes

run.yml

@@ -9,13 +9,13 @@
       prompt: domain pointing to the vps
       private: no
 
-  tasks:
-    - import_tasks: tasks/essential.yml
-    - import_tasks: tasks/firewall.yml
-    - import_tasks: tasks/blog.yml
-    - import_tasks: tasks/gitea.yml
-    - import_tasks: tasks/tor.yml
-    - import_tasks: tasks/nginx.yml
-    - import_tasks: tasks/git.yml
-    - import_tasks: tasks/goaccess.yml
-    - import_tasks: tasks/deadswitch.yml
+  roles:
+    - essential
+    - git
+    - deadswitch
+    - firewall
+    - blog
+    - gitea
+    - nginx
+    - goaccess
+    - tor