refactor

author: Freya Murphy <freya@freyacat.org> 2026-04-30 20:40:58 -0400
committer: Freya Murphy <freya@freyacat.org> 2026-04-30 20:40:58 -0400
commit: 8dc2b003c64904dffa931efbdaa99a1334430a7d (patch)
tree: 9de942343fa6d870837e58d7e2b686cfb70b55d8 /roles
parent: initial (diff)
download: ansible-8dc2b003c64904dffa931efbdaa99a1334430a7d.tar.gz
ansible-8dc2b003c64904dffa931efbdaa99a1334430a7d.tar.bz2
ansible-8dc2b003c64904dffa931efbdaa99a1334430a7d.zip
23 files changed, 162 insertions, 104 deletions
diff --git a/roles/alpine/tasks/caddy.yml b/roles/alpine/tasks/caddy.yml
deleted file mode 100644
index b76caee..0000000
--- a/roles/alpine/tasks/caddy.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-- name: Install caddy
-  apk:
-    name:
-      - caddy
-    state: present
-
-- name: Configure caddy
-  copy:
-    src: Caddyfile
-    dest: /etc/caddy/Caddyfile
-    owner: root
-    group: root
-    mode: '0664'
-
-- name: Ensure Caddy log file exists
-  file:
-    path: /var/log/caddy
-    state: touch
-    owner: caddy
-    group: caddy
-    mode: '0664'
-
-- name: Enable caddy service
-  service:
-    name: caddy
-    enabled: true
-    state: started
diff --git a/roles/alpine/tasks/chrony.yml b/roles/alpine/tasks/chrony.yml
index be76de5..79c7b1d 100644
--- a/roles/alpine/tasks/chrony.yml
+++ b/roles/alpine/tasks/chrony.yml
@@ -1,7 +1,6 @@
 - name: Install chrony
   apk:
-    name:
-      - chrony
+    name: chrony
     state: present
 
 - name: Enable chronyd service
diff --git a/roles/alpine/tasks/main.yml b/roles/alpine/tasks/main.yml
index ab96669..26dba82 100644
--- a/roles/alpine/tasks/main.yml
+++ b/roles/alpine/tasks/main.yml
@@ -1,13 +1,2 @@
-# baseline
 - import_tasks: repos.yml
-- import_tasks: packages.yml
-- import_tasks: certs.yml
-
-# programs
-- import_tasks: zsh.yml
-- import_tasks: tmux.yml
-
-# services
-- import_tasks: caddy.yml
 - import_tasks: chrony.yml
-- import_tasks: ssh.yml
diff --git a/roles/alpine/tasks/packages.yml b/roles/alpine/tasks/packages.yml
deleted file mode 100644
index 8dedc53..0000000
--- a/roles/alpine/tasks/packages.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-- name: Install base packages
-  apk:
-    name:
-      - alpine-base
-      - bash
-      - bind-tools
-      - busybox-mdev-openrc
-      - cfdisk
-      - coreutils
-      - curl
-      - dosfstools
-      - e2fsprogs
-      - git
-      - htop
-      - jq
-      - linux-firmware-none
-      - linux-virt
-      - lsblk
-      - man-db
-      - man-pages
-      - neovim
-      - openssl
-      - p7zip
-      - python3
-      - ripgrep
-      - rsync
-      - sed
-      - shadow
-      - syslinux
-      - xauth
-    state: present
diff --git a/roles/alpine/tasks/zsh.yml b/roles/alpine/tasks/zsh.yml
deleted file mode 100644
index 27f45d2..0000000
--- a/roles/alpine/tasks/zsh.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-- name: Install zsh
-  apk:
-    name:
-      - zsh
-    state: present
-
-- name: Configure zsh
-  copy:
-    src: zshrc
-    dest: /etc/zsh/zshrc.d/freya.zsh
-    owner: root
-    group: root
-    mode: '0664'
-
-- name: Ensure root user shell is zsh
-  user:
-    name: root
-    shell: /bin/zsh
diff --git a/roles/alpine/files/Caddyfile b/roles/common/files/Caddyfile
index 8d4e967..9850012 100644
--- a/roles/alpine/files/Caddyfile
+++ b/roles/common/files/Caddyfile
@@ -8,7 +8,7 @@
 
 (logs) {
 	log {
-		output file /var/log/caddy {
+		output file /var/log/caddy.log {
 			roll_size 10mb
 			roll_keep 7
 			roll_keep_for 720h
diff --git a/roles/alpine/files/freyanet.crt b/roles/common/files/freyanet.crt
index 36309d8..36309d8 100644
--- a/roles/alpine/files/freyanet.crt
+++ b/roles/common/files/freyanet.crt
diff --git a/roles/alpine/files/sshd_config b/roles/common/files/sshd_config
index f2ec50e..f2ec50e 100644
--- a/roles/alpine/files/sshd_config
+++ b/roles/common/files/sshd_config
diff --git a/roles/alpine/files/tmux-window.sh b/roles/common/files/tmux/tmux-window.sh
index 1cdacf0..1cdacf0 100644
--- a/roles/alpine/files/tmux-window.sh
+++ b/roles/common/files/tmux/tmux-window.sh
diff --git a/roles/alpine/files/tmux.conf b/roles/common/files/tmux/tmux.conf
index f468d55..f468d55 100644
--- a/roles/alpine/files/tmux.conf
+++ b/roles/common/files/tmux/tmux.conf
diff --git a/roles/alpine/files/zshrc b/roles/common/files/zshrc
index fc01188..fc01188 100644
--- a/roles/alpine/files/zshrc
+++ b/roles/common/files/zshrc
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
new file mode 100644
index 0000000..91826d6
--- /dev/null
+++ b/roles/common/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: Update CA Certificates
+  command: update-ca-certificates
diff --git a/roles/common/tasks/caddy.yml b/roles/common/tasks/caddy.yml
new file mode 100644
index 0000000..3d2541e
--- /dev/null
+++ b/roles/common/tasks/caddy.yml
@@ -0,0 +1,49 @@
+- name: Install caddy
+  package:
+    name: caddy
+    state: present
+
+- name: Ensure caddy group exists
+  group:
+    name: caddy
+    system: yes
+    state: present
+
+- name: Ensure caddy user exists
+  user:
+    name: caddy
+    group: caddy
+    system: yes
+    create_home: no
+    shell: /usr/sbin/nologin
+    state: present
+
+- name: Create caddy configuration directory
+  file:
+    path: /etc/caddy
+    state: directory
+    owner: caddy
+    group: caddy
+    mode: '0755'
+
+- name: Configure caddy
+  copy:
+    src: Caddyfile
+    dest: /etc/caddy/Caddyfile
+    owner: caddy
+    group: caddy
+    mode: '0664'
+
+- name: Ensure Caddy log file exists
+  file:
+    path: /var/log/caddy.log
+    state: touch
+    owner: caddy
+    group: caddy
+    mode: '0664'
+
+- name: Enable caddy service
+  service:
+    name: caddy
+    enabled: true
+    state: started
diff --git a/roles/alpine/tasks/certs.yml b/roles/common/tasks/certs.yml
index 4d18cbe..cce2e73 100644
--- a/roles/alpine/tasks/certs.yml
+++ b/roles/common/tasks/certs.yml
@@ -1,5 +1,5 @@
 - name: Install ca-certificates
-  apk:
+  package:
     name: ca-certificates
     state: present
 
@@ -10,6 +10,4 @@
     owner: root
     group: root
     mode: '0664'
-
-- name: Update CA certs
-  command: update-ca-certificates
+  notify: Update CA Certificates
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000..74088a6
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,11 @@
+# baseline
+- import_tasks: packages.yml
+- import_tasks: certs.yml
+
+# programs
+- import_tasks: zsh.yml
+- import_tasks: tmux.yml
+
+# services
+- import_tasks: caddy.yml
+- import_tasks: ssh.yml
diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml
new file mode 100644
index 0000000..60fd285
--- /dev/null
+++ b/roles/common/tasks/packages.yml
@@ -0,0 +1,12 @@
+- name: Install base packages
+  package:
+    name: "{{ base_packages }}"
+    state: present
+
+- name: Install keys packages
+  package:
+    name:
+      - "{{ man_pkg }}"
+      - "{{ man_pages_pkg }}"
+      - "{{ bind_pkg }}"
+      - "{{ passwd_pkg }}"
diff --git a/roles/alpine/tasks/ssh.yml b/roles/common/tasks/ssh.yml
index c92405e..36498fb 100644
--- a/roles/alpine/tasks/ssh.yml
+++ b/roles/common/tasks/ssh.yml
@@ -1,17 +1,21 @@
 - name: Install openssh
-  apk:
-    name:
-      - openssh
+  package:
+    name: "{{ openssh_pkg }}"
     state: present
 
 - name: Configure sshd
   copy:
     src: sshd_config
-    dest: /etc/ssh/sshd_config
+    dest: /etc/ssh/sshd_config.d/10-freya.conf
     owner: root
     group: root
     mode: '0664'
 
+- name: Remove old sshd config
+  file:
+    path: /etc/shh/sshd_config.d/freya.yml
+    state: absent
+
 - name: Configure sshd authorized keys
   template:
     src: authorized_keys.j2
@@ -22,6 +26,6 @@
 
 - name: Enable sshd service
   service:
-    name: sshd
+    name: "{{ openssh_service }}"
     enabled: true
     state: started
diff --git a/roles/alpine/tasks/tmux.yml b/roles/common/tasks/tmux.yml
index bc5626f..7f8a653 100644
--- a/roles/alpine/tasks/tmux.yml
+++ b/roles/common/tasks/tmux.yml
@@ -1,12 +1,11 @@
 - name: Install tmux
-  apk:
-    name:
-      - tmux
+  package:
+    name: tmux
     state: present
 
 - name: Configure tmux
   copy:
-    src: tmux.conf
+    src: tmux/tmux.conf
     dest: /etc/tmux.conf
     owner: root
     group: root
@@ -14,7 +13,7 @@
 
 - name: Configure tmux window script
   copy:
-    src: tmux-window.sh
+    src: tmux/tmux-window.sh
     dest: /usr/local/bin/tmux-window.sh
     owner: root
     group: root
diff --git a/roles/common/tasks/zsh.yml b/roles/common/tasks/zsh.yml
new file mode 100644
index 0000000..aabcfac
--- /dev/null
+++ b/roles/common/tasks/zsh.yml
@@ -0,0 +1,40 @@
+- name: Install zsh
+  package:
+    name: zsh
+    state: present
+
+- name: Ensure zshrc.d directory exists
+  file:
+    path: /etc/zsh/zshrc.d
+    state: directory
+    mode: '0755'
+
+- name: Enable zshrc.d loading
+  blockinfile:
+    path: /etc/zsh/zshrc
+    block: |
+      # Load modular zsh config
+      if [ -d /etc/zsh/zshrc.d ]; then
+        for file in /etc/zsh/zshrc.d/*.zsh; do
+          [ -r "$file" ] && source "$file"
+        done
+      fi
+  when: ansible_distribution == "Debian"
+
+- name: Configure zsh
+  copy:
+    src: zshrc
+    dest: /etc/zsh/zshrc.d/10-freya.zsh
+    owner: root
+    group: root
+    mode: '0664'
+
+- name: Remove old zsh config
+  file:
+    path: /etc/zsh/zshrc.d/freya.yml
+    state: absent
+
+- name: Ensure root user shell is zsh
+  user:
+    name: root
+    shell: /bin/zsh
diff --git a/roles/alpine/templates/authorized_keys.j2 b/roles/common/templates/authorized_keys.j2
index d9f6386..d9f6386 100644
--- a/roles/alpine/templates/authorized_keys.j2
+++ b/roles/common/templates/authorized_keys.j2
diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml
new file mode 100644
index 0000000..f65d49f
--- /dev/null
+++ b/roles/debian/tasks/main.yml
@@ -0,0 +1 @@
+- import_tasks: sources.yml
diff --git a/roles/debian/tasks/sources.yml b/roles/debian/tasks/sources.yml
new file mode 100644
index 0000000..f3bb287
--- /dev/null
+++ b/roles/debian/tasks/sources.yml
@@ -0,0 +1,10 @@
+- name: Configure APT repositories
+  template:
+    src: debian.sources.j2
+    dest: /etc/apt/sources.list.d/debian.sources
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Update APT cache
+  command: apt update
diff --git a/roles/debian/templates/debian.sources.j2 b/roles/debian/templates/debian.sources.j2
new file mode 100644
index 0000000..097c32b
--- /dev/null
+++ b/roles/debian/templates/debian.sources.j2
@@ -0,0 +1,20 @@
+# Modernized from /etc/apt/sources.list
+Types: deb deb-src
+URIs: http://deb.debian.org/debian/
+Suites: {{ debian_version }}
+Components: main non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+# Modernized from /etc/apt/sources.list
+Types: deb deb-src
+URIs: http://security.debian.org/debian-security/
+Suites: {{ debian_version }}-security
+Components: main non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+# Modernized from /etc/apt/sources.list
+Types: deb deb-src
+URIs: http://deb.debian.org/debian/
+Suites: {{ debian_version }}-updates
+Components: main non-free-firmware
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
author	Freya Murphy <freya@freyacat.org>	2026-04-30 20:40:58 -0400
committer	Freya Murphy <freya@freyacat.org>	2026-04-30 20:40:58 -0400
commit	8dc2b003c64904dffa931efbdaa99a1334430a7d (patch)
tree	9de942343fa6d870837e58d7e2b686cfb70b55d8 /roles
parent	initial (diff)
download	ansible-8dc2b003c64904dffa931efbdaa99a1334430a7d.tar.gz ansible-8dc2b003c64904dffa931efbdaa99a1334430a7d.tar.bz2 ansible-8dc2b003c64904dffa931efbdaa99a1334430a7d.zip