Added sda to expression

.ansible-lint

@@ -1,4 +1,2 @@
-skip_list: # or 'skip_list' to silence them completely
-  - experimental # all rules tagged as experimental
-  - unnamed-task # All tasks should be named
-  - fqcn-builtins
+skip_list:
+  - role-name

.drone.jsonnet

@@ -1,146 +0,0 @@
-// Distros to Test on ;)
-local distros = ['centos7',
-                 'rockylinux8', 
-                 'debian10', 
-                 'debian11'];
-
-/* Configuration of DIND */
-local docker_service() =
- {
-   name: 'docker',
-   image: 'docker:dind',
-   privileged: true,
-   volumes: [{ name: 'dockersock', path: '/var/run' },],
- };
-
-local email_notification() =
- {
-   name: 'notify by email',
-   image: 'drillster/drone-email',
-   settings:
-    { host: 
-        { from_secret: 'EMAIL_HOST' },
-      username:
-        { from_secret: 'EMAIL_USER' },
-      password:
-        { from_secret: 'EMAIL_PASS' },
-      from: 'drone@guise.net.nz'
-    }
-  };
-
-local test_distro(distribution) =
-  {
-    name: 'Molecule test on %(distribution)s' % { distribution: distribution },
-    volumes: [{ name: 'dockersock', path: '/var/run' },],
-    pull: true,
-    image: 'guisea/ansible-molecule:alpine-latest',
-    commands: [
-      'sleep 10', // give docker enough time to start
-      'mkdir ${DRONE_REPO_NAME}',
-      'rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}',
-      'cd ${DRONE_REPO_NAME}',
-      'molecule test'
-    ],
-    environment:
-     { MOLECULE_DISTRO: '%(distribution)s' % { distribution: distribution }
-     },
-  };
-
-local gen_pipeline(distro) = 
-  {kind: 'pipeline',
-   type: 'docker',
-   name: 'Test on %(distro)s' % { distro: distro },
-   steps: 
-    [test_distro(distro)],
-   services: 
-     [docker_service()],
-   volumes: 
-   [{
-     name: 'dockersock',
-     temp: {}, 
-   },],
-   trigger:
-   { event: {exclude: ['tag'],},},
-   when:
-     { event: {exclude: ['tag']},  
-     },
-  };
-
-local gen_release() =
-  {kind: 'pipeline',
-   type: 'docker',
-   image: 'guisea/ansible-molecule:alpine-latest',
-   name: 'Generate Release',
-   commands: [
-      'sleep 10', // give docker enough time to start
-      'env'
-      'mkdir ${DRONE_REPO_NAME}',
-      'rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}',
-      'cd ${DRONE_REPO_NAME}',
-      'apk update && apk add --no-cache curl',
-      'tar -czf ../${DRONE_REPO_NAME}.${DRONE_TAG}.tar.gz ./*', // Create an archive of the role
-      'curl --user ${GITEA_USER}:${GITEA_TOKEN} --upload-file ../${DRONE_REPO_NAME}.${DRONE_TAG}.tar.gz https://${GITEA_URL}/api/packages/${GITEA_REPOUSER}/generic/ansible-role-common/${DRONE_TAG}/${DRONE_REPO_NAME}.${DRONE_TAG}.tar.gz',
-   ],
-   environment:
-     { GITEA_USER: { from_secret: 'GITEA_USER' },
-       GITEA_TOKEN: { from_secret: 'GITEA_TOKEN' },
-       GITEA_REPOUSER: { from_secret: 'GITEA_REPOUSER'},
-       GITEA_URL: { from_secret: 'GITEA_URL' },
-     },
-   when:
-   { event: {include: ['tag']},  
-   },
-   trigger:
-   { event: {include: ['tag'],},},
-  };
-
-local gen_pipeline_release() =
-  {kind: 'pipeline',
-   type: 'docker',
-   name: 'Generate release from tag',
-   steps: 
-    [gen_release()],
-   when:
-     { event: {include: ['tag']},  
-     },
-   trigger:
-   { event: {include: ['tag'],},},
-  };
-
-// Generate the output
-[ 
-  gen_pipeline('centos7'),
-  gen_pipeline('rockylinux8'),
-  gen_pipeline('debian10'),
-  gen_pipeline('debian11'),
-  {kind: 'pipeline',
-   type: 'docker',
-   name: 'Notify normal',
-   clone: {disable: true},
-   steps: [email_notification()],
-   trigger:
-   { event: {exclude: ['tag'],},},
-   when:
-     {  status: [ 'success', 'failure' ] ,
-        event: {exclude: ['tag']}, 
-     },
-    depends_on: 
-      ['Test on %(distro)s' % { distro: distro }
-        for distro in distros]
-  },
-  gen_pipeline_release(),
-  {kind: 'pipeline',
-   type: 'docker',
-   clone: {disable: true},
-   name: 'Notify Tagged release',
-   steps: [email_notification()],
-   trigger:
-   { event: {include: ['tag'],},},
-   when:
-     {  status: [ 'success', 'failure' ] ,
-        event: {include: ['tag']}, 
-     },
-    depends_on: 
-      ['Generate release from tag']
-  },
-]

.drone.yml

@@ -1,210 +0,0 @@
----
-kind: pipeline
-name: runners
-steps:
-- commands:
-  - cd terraform
-  - terraform init
-  - terraform plan -out /data/runners.plan
-  - terraform apply /data/runners.plan
-  environment:
-    TF_VAR_linode_api_token:
-      from_secret: linode_api_token
-    TF_VAR_root_pass:
-      from_secret: root_pass
-    TF_VAR_ssh_pubkey:
-      from_secret: TF_VAR_ssh_pubkey
-  image: hashicorp/terraform:1.1.7
-  name: Provision with terraform
-  volumes:
-  - name: terraform-data
-    path: /data
-type: docker
-volumes:
-- host:
-    path: /mnt/nfs/swarm/runners
-  name: terraform-data
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on centos7
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: centos7
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on centos7
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on centos8
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: centos8
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on centos8
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on rockylinux8
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: rockylinux8
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on rockylinux8
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on debian10
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: debian10
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on debian10
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- runners
-kind: pipeline
-name: Test on debian11
-node:
-  linodrone: "true"
-services:
-- image: docker:dind
-  name: docker
-  privileged: true
-  volumes:
-  - name: dockersock
-    path: /var/run
-steps:
-- commands:
-  - sleep 10
-  - mkdir ${DRONE_REPO_NAME}
-  - rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}
-  - cd ${DRONE_REPO_NAME}
-  - molecule test
-  environment:
-    MOLECULE_DISTRO: debian11
-  image: guisea/ansible-molecule:latest
-  name: Molecule test on debian11
-  volumes:
-  - name: dockersock
-    path: /var/run
-type: docker
-volumes:
-- name: dockersock
-  temp: {}
----
-depends_on:
-- Test on centos7
-- Test on centos8
-- Test on rockylinux8
-- Test on debian10
-- Test on debian11
-kind: pipeline
-name: Notify
-steps:
-- image: drillster/drone-email
-  name: notify by email
-  settings:
-    from: drone@guise.net.nz
-    host: mail.guise.net.nz
-    password:
-      from_secret: EMAIL_PASS
-    username:
-      from_secret: EMAIL_USER
-type: docker
-when:
-  status:
-  - success
-  - failure

.gitignore

@@ -5,7 +5,7 @@
 *.idea
 # Ignore any retry files from ansible
 *.retry
-*/.terraform
+
 # Ignore roles
 roles/*
 !roles/.gitkeep

README.md

@@ -1,4 +1,4 @@
-# Common [![Build Status](https://drone.guise.net.nz/api/badges/ansible-roles/common/status.svg)](https://drone.guise.net.nz/ansible-roles/common) 
+Role Name
 =========
 
 A brief description of the role goes here.
@@ -23,11 +23,9 @@ Example Playbook
 
 Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
 
-```yaml
     - hosts: servers
       roles:
          - { role: username.rolename, x: 42 }
-```
 
 License
 -------

defaults/main.yml

@@ -1,20 +1,42 @@
 ---
-# defaults file for guisea.common
-domain: exampledomain.com
-ad_domain_joined: no
-win_timezone: New Zealand Standard Time
-vendors_hosts: []
+# defaults file for cybercinch.common
 
-dns_servers:
+# What is the domain name for this machine?
+common_domain: exampledomain.com
+
+# Timezone string for Windows nodes
+common_win_tz: New Zealand Standard Time
+
+# Timezone string for Linux nodes
+common_tz: Pacific/Auckland
+
+# Additional host entries to add to /etc/hosts if required
+# e.g 
+# common_vendors_hosts:
+#   - ip: 192.168.1.3
+#     name: an.alias.hostname
+#   - ip: 192.168.1.4
+#     name: another.alias.hostname
+common_vendors_hosts: []
+
+# What DNS Servers should we use by default
+common_dns_servers:
   - 1.0.0.1
   - 1.1.1.1
 
-ADMIN_GROUP: admins
-
+# The name of the security group for administrators
+common_admin_group: admins
 
+# Configuration of Grub boot timeout
 common_grub_timeout: 5
-postfix_configure: false
 
+# Should we configure postfix?
+common_postfix_configure: false
+
+# This relayhost will be set if common_postfix_configure is true
+common_postfix_relayhost: some.smtp.server
+
+# Common packages to install in the case of Linux
 common_packages:
   - nano
   - git
@@ -24,15 +46,23 @@ common_packages:
   - bind-utils
   - yum-utils
   - unzip
-  
-win_packages:
+
+# Common packages to install in the case of Windows
+common_win_packages:
   - notepadplusplus.install
   - firefoxesr
   - baretail
   - 7zip.install
   
-apply_win_updates: false
+common_apply_win_updates: false
 
-common_show_ipv6: false|bool
-common_root_pwd: l3tm31nN0w
-common_root_email: admin@somplace.co.nz
+# Does this node have ipv6?  If so set to true to add ipv4 and ipv6 to Dynamic MOTD
+common_show_ipv6: false
+
+# Want to change the root password?
+common_change_root_pwd: false
+# The crypted password you wish to set for root password
+# Only fires if common_change_root_pwd is true default = false
+common_root_pwd: $6$5GG7U/EyDL$L/UkIlhoVABnvjtJl0zGwryjgRF9wNZ5wIAIAVfViROiMUK0tUsuZmO.x87tpDYUJA0QR5pCo4yd.2sLgSlHU0
+# This email address is set as the forwarding address for root.  Used for notifications.
+common_root_email: anemail@someco.com

handlers/main.yml

@@ -1,33 +1,27 @@
 ---
 # handlers file for guisea.common
 - name: Restart Postfix
-  service:
+  service: 
     name: postfix
     state: reloaded
-
+    
 - name: Restart SSH
   service:
     name: sshd
     state: restarted
-
+    
 - name: Restart NTPD
   service:
     name: ntpd
     state: restarted
-
+    
 - name: reboot windows
   win_reboot:
-
+  
 - name: restart NetworkManager
   service:
     name: NetworkManager
     state: restarted
 
-- name: Check if grub.cfg exists
-  stat:
-    path: /boot/grub2/grub.cfg
-  register: grub_cfg
-
 - name: Update GRUB
   command: /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
-  when: grub_cfg.stat.exists

meta/main.yml

@@ -1,17 +1,45 @@
 ---
 galaxy_info:
-  author: guisea <aaron@guise.net.nz>
-  role_name: common # if absent directory name hosting role is used instead
-  namespace: cybercinch # if absent, author is used instead
-  description: Commonplace system setup
-  company: CyberCinch
+  author: Aaron Guise
+  namespace: cybercinch
+  role_name: ansible_role_common
+  description: 
   license: MIT
-  min_ansible_version: "2.9"
+  min_ansible_version: 2.9
 
   platforms:
     - name: EL
       versions:
         - all
-  galaxy_tags: []
-
-dependencies: []
+    - name: Windows
+      versions:
+        - all
+    - name: Amazon
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []  

molecule/default/converge.yml

@@ -2,6 +2,6 @@
 - name: Converge
   hosts: all
   tasks:
-    - name: "Include common"
+    - name: "Include ansi-ansible-role-common"
       include_role:
-        name: "common"
+        name: "ansi-ansible-role-common"

molecule/default/molecule.yml

@@ -5,17 +5,10 @@ driver:
   name: docker
 platforms:
   - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
-    command: ${MOLECULE_DOCKER_COMMAND:-""}
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    privileged: true
+    image: docker.io/pycontribs/centos:8
     pre_build_image: true
+    privileged: true
 provisioner:
   name: ansible
-# verifier:
-#  name: ansible
-lint: |
-  set -e
-  yamllint .
-  ansible-lint
+verifier:
+  name: ansible

molecule/default/verify.yml

@@ -5,6 +5,14 @@
   hosts: all
   gather_facts: false
   tasks:
+  - name: Capture output of dynamic motd
+    command: /usr/local/bin/dynmotd
+    register: motd
+    changed_when: false
+  
+  - debug:
+      msg: "{{ motd.stdout.split('\n') }}"
+
   - name: Example assertion
     assert:
       that: true

tasks/RedHat.yml

@@ -1,8 +1,8 @@
 ---
 # tasks file for common role
-- include_tasks: networking.yml
+- include: networking.yml
 
-- name: Ensure common packages (RHEL)
+- name: Ensure common packages
   yum: 
     name: "{{ common_packages }}"
     state: present
@@ -10,7 +10,7 @@
   when: ansible_distribution != 'OracleLinux'
   tags: packages
 
-- name: Ensure common packages (OracleLinux)
+- name: Ensure common packages
   yum:
     name: "{{ common_packages }}"
     state: present
@@ -24,21 +24,8 @@
   register: se
   tags: security
 
-# - name: SELinux Management
-#  block:
-#    -  name: selinux | Ensure SELinux status
-#       selinux:
-#        state: disabled
-#       register: sestate
-#    - name: selinux | Message Output
-#      debug:
-#        msg: "SELinux {{ sestate.msg }}"
-#      when: sestate.changed
-#  when: se.stat.exists
-#  tags: security
-
 - name: Create admin group
-  group: name={{ ADMIN_GROUP }} state=present
+  group: name={{ common_admin_group }} state=present
 
 - name: Configure yum limit
   lineinfile:
@@ -49,29 +36,33 @@
 
 - name: Ensure Helpers are present
   copy:
-    src: "{{ helpers.src }}"
-    dest: "{{ helpers.dest }}"
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
     mode: u+rwx,g+rx,o+rx
   with_items:
     - src: helpers/reload_scsi_devices
       dest: /usr/local/bin/reload_scsi_devices
     - src: helpers/reload_scsi_hosts
       dest: /usr/local/bin/reload_scsi_hosts
-  loop_control:
-    loop_var: helpers
     
 - name: Ensure Hostname is set
   hostname: 
-    name: "{{ inventory_hostname }}.{{ domain }}"
-  when: ansible_virtualization_type != "docker"
+    name: "{{ inventory_hostname }}.{{ common_domain }}"
+  when: 
+    - ansible_virtualization_type != "docker"
     
 - name: Change root password
   user:  
     name: root 
-    password: "{{ common_root_pwd | password_hash('sha512') }}"
+    password: "{{ common_root_pwd }}"
   changed_when: false
+  when: common_change_root_pwd
   tags: rootpw
 
-- include_tasks: grub.yml
-- include_tasks: communication.yml
-- include_tasks: motd.yml
+- name: Set timezone
+  timezone:
+    name: "{{ common_tz }}"
+
+- include: grub.yml
+- include: communication.yml
+- include: motd.yml

tasks/Windows.yml

@@ -11,14 +11,14 @@
     state: present
     update_password: always
   changed_when: false
-
+  
 - name: Ensure System Culture Set
   win_region:
     location: 183
     format: en-NZ
     unicode_language: en-NZ
     copy_settings: true
-
+    
 - name: Ensure DNS is set
   win_dns_client:
     adapter_names: "*"
@@ -40,7 +40,7 @@
   with_items:
     - 'C:\Temp'
     - 'C:\Tools'
-
+  
 #- name: Ensure Profile Tool Present
 #  win_copy:
 #    src: Defprof.exe
@@ -61,3 +61,4 @@
     name: "{{ item }}"
     state: present
   with_items: "{{ win_packages }}"
+

tasks/common.yml

@@ -1,5 +0,0 @@
----
-- include_tasks: networking.yml
-- include_tasks: communication.yml
-- include_tasks: grub.yml
-- include_tasks: motd.yml

tasks/communication.yml

@@ -3,42 +3,37 @@
   block:
     - name: postfix | Apply postfix configuration
       lineinfile:
-        dest: "{{ configurations.dest }}"
-        regexp: "{{ configurations.regexp }}"
-        line: "{{ configurations.line }}"
+        dest: "{{item.dest}}"
+        regexp: "{{item.regexp}}"
+        line: "{{item.line}}"
         insertafter: EOF
       notify: Restart Postfix
       when: "'SMTP0' not in inventory_hostname"
       with_items:
-        - {
-            dest: /etc/postfix/main.cf,
+        - { dest: /etc/postfix/main.cf,
             regexp: "^.?inet_protocols =",
-            line: "inet_protocols = ipv4",
+            line: "inet_protocols = ipv4"
           }
-        - {
-            dest: /etc/postfix/main.cf,
+        - { dest: /etc/postfix/main.cf,
             regexp: "^.?inet_interfaces =",
-            line: "inet_interfaces = all",
+            line: "inet_interfaces = all"
           }
-        - {
-            dest: /etc/postfix/main.cf,
+        - { dest: /etc/postfix/main.cf,
             regexp: "^.?relayhost =",
-            line: "relayhost = {{ relayhost }}",
+            line: "relayhost = {{ common_postfix_relayhost }}"
           }
         - {
             dest: /etc/postfix/main.cf,
             regexp: "^.?smtp_randomize_addresses =",
-            line: "smtp_randomize_addresses = no",
+            line: "smtp_randomize_addresses = no"
           }
-      loop_control:
-        loop_var: configurations
 
     - name: postfix | Ensure Postfix is Started/Enabled
       service:
         name: postfix
         state: started
         enabled: yes
-  when: postfix_configure
+  when: common_postfix_configure
 
 - name: Ensure root forwarding address is set
   lineinfile:

tasks/grub.yml

@@ -18,9 +18,7 @@
     option: GRUB_TIMEOUT
     value: "{{ common_grub_timeout }}"
     no_extra_spaces: yes
-  when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version > '6'"
-  notify:
-    - Check if grub.cfg exists 
-    - Update GRUB
+  when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'"
+  notify: Update GRUB
   tags:
     - grub

tasks/main.yml

@@ -1,9 +1,2 @@
 ---
-- name: Include tasks only if one of the files exist, otherwise skip the task
-  include_tasks: "{{ item }}"
-  vars:
-    params:
-      files:
-        - "{{ ansible_os_family }}.yml"
-        - "common.yml"
-  loop: "{{ q('first_found', params, errors='ignore') }}"
+- include: "{{ ansible_os_family }}.yml"

tasks/motd.yml

@@ -16,4 +16,4 @@
     dest: /etc/profile.d/motd.sh
     regexp: "^/usr/local/bin/dynmotd"
     line: "/usr/local/bin/dynmotd"
-    create: yes
+    create: yes

tasks/networking.yml

@@ -1,58 +1,54 @@
 ---
+- name: Ensure resolvers set
+  template:
+    src: etc.resolv.conf.j2
+    dest: /etc/resolv.conf
+    mode: u+rw,a+r
+  tags: dns
+  when: 
+    - ansible_virtualization_type != "docker"
+
 - name: Ensure DNS and SSH common config
   template:
-    src: "{{ network_config.src }}"
-    dest: "{{ network_config.dest }}"
-    mode: "{{ network_config.mode }}"
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
     backup: yes
   with_items:
-    - {
-        src: etc.sysconfig.network.j2,
+    - { src: etc.sysconfig.network.j2,
         dest: /etc/sysconfig/network,
-        mode: u+rw,
-        a+r,
+        mode: u+rw,a+r
       }
-    - { src: etc.resolv.conf.j2, dest: /etc/resolv.conf, mode: u+rw, a+r }
-  when: ansible_virtualization_type != "docker"
-  loop_control:
-    loop_var: network_config
   tags: dns
 
 - name: Ensure hosts file correct
   lineinfile:
     dest: /etc/hosts
-    regexp: "{{ hosts_config.regexp }}"
-    line: "{{ hosts_config.line }}"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
     backrefs: yes
     backup: yes
   with_items:
-    - {
-        regexp: "^127.0.0.1.+localdomain4$",
-        line: "127.0.0.1   localhost {{ inventory_hostname }}",
+    - {regexp: "^127.0.0.1.+localdomain4$",
+         line: "127.0.0.1   localhost {{ inventory_hostname }}"
       }
-    - {
-        regexp: "^::1.+localdomain6$",
-        line: "::1         localhost {{ inventory_hostname }}",
+    - {regexp: "^::1.+localdomain6$",
+         line: "::1         localhost {{ inventory_hostname }}"
       }
-    - {
-        regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
-        line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
+    - {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
+         line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ common_domain }} {{ inventory_hostname }}"
       }
-    - {
-        regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
-        line: "127.0.0.1   localhost {{ inventory_hostname }}",
+    - {regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
+       line: "127.0.0.1   localhost {{ inventory_hostname }}"
       }
-    - {
-        regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
-        line: "::1         localhost {{ inventory_hostname }}",
+    - {regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
+       line: "::1         localhost {{ inventory_hostname }}"
       }
-    - {
-        regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
-        line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
+    - {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
+       line: "{{ ansible_default_ipv4.address }}  {{ inventory_hostname }}.{{ common_domain }} {{ inventory_hostname }}"
       }
-  loop_control:
-    loop_var: hosts_config
-  when: ansible_virtualization_type != "docker"
+  when: 
+    - ansible_virtualization_type != "docker"
 
 - name: Ensure NetworkManager does not fiddle DNS
   ini_file:
@@ -68,13 +64,11 @@
 
 - name: Ensure correct permissions (hosts/resolv.conf)
   file:
-    path: "{{ perm_config }}"
+    path: "{{item}}"
     state: touch
     mode: u+rw,g+r,a+r
   with_items:
     - /etc/resolv.conf
     - /etc/hosts
-  loop_control:
-    loop_var: perm_config
   changed_when: false
-  tags: dns
+  tags: dns

templates/dynmotd

@@ -15,21 +15,21 @@
 #      /usr/local/bin/dynmotd
 #
 
-USER=`whoami`
-HOSTNAME=`uname -n | cut -d. -f1`
-IP=`ip route get 1 | awk '{print $NF;exit}'`
-NUM_CPU=`lscpu | grep "CPU(s):" | head -n 1 | awk '{print $2}'`
-ROOT=`df -x fuse.gvfs-fuse-daemon -Ph | egrep -i 'root|logvol|vda' | awk '{print $4}' | tr -d '\n'`
-HOME=`df -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
-FILESYSTEMS=`cat /etc/fstab | grep -v '#' | grep -v 'swap' | awk '{if(NF>0) {print $2}}'`
-BACKUP=`df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
-OS_RELEASE=`awk -F= '$1=="PRETTY_NAME" { print $2 ;}' /etc/os-release | sed -e 's/^"//' -e 's/"$//'`
-MEMORY=`free -m | grep "Mem" | awk '{print $2,"-",$3,"-",$4}'`
-SWAP=`free -m | grep "Swap" | awk '{print $2,"-",$3,"-",$4}'`
-PSA=`ps -Afl | wc -l`
+USER=`/usr/bin/whoami`
+HOSTNAME=`/usr/bin/uname -n | /usr/bin/cut -d. -f1`
+IP=`/usr/sbin/ip route get 1 | grep -Po '(?<=src.)[\w\d.]+'`
+IP6=`/sbin/ip -6 addr | awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
+NUM_CPU=`/usr/bin/lscpu | /usr/bin/grep "CPU(s):" | /usr/bin/head -n 1 | /usr/bin/awk '{print $2}'`
+ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda|sda' | awk '{print $4}' | tr -d '\n'`
+HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
+BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
+
+MEMORY=`/usr/bin/free -m | /usr/bin/grep "Mem" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
+SWAP=`/usr/bin/free -m | /usr/bin/grep "Swap" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
+PSA=`/usr/bin/ps -Afl | wc -l`
 
 # time of day
-HOUR=$(date +"%H")
+HOUR=$(/usr/bin/date +"%H")
 if [ $HOUR -lt 12  -a $HOUR -ge 0 ]
 then    TIME="morning"
 elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
@@ -39,17 +39,17 @@ else
 fi
 
 #System uptime
-uptime=`cat /proc/uptime | cut -f1 -d.`
+uptime=`/usr/bin/cat /proc/uptime | cut -f1 -d.`
 upDays=$((uptime/60/60/24))
 upHours=$((uptime/60/60%24))
 upMins=$((uptime/60%60))
 upSecs=$((uptime%60))
 
 #System load
-LOADAVG=`cat /proc/loadavg`
-LOAD1=`echo $LOADAVG | awk {'print $1'}`
-LOAD5=`echo $LOADAVG | awk {'print $2'}`
-LOAD15=`echo $LOADAVG | awk {'print $3'}`
+LOADAVG=`/usr/bin/cat /proc/loadavg`
+LOAD1=`echo $LOADAVG | /usr/bin/awk {'print $1'}`
+LOAD5=`echo $LOADAVG | /usr/bin/awk {'print $2'}`
+LOAD15=`echo $LOADAVG | /usr/bin/awk {'print $3'}`
 
 echo ""
 echo -e "\e[7m--- GOOD $TIME $USER ----\e[0m"
@@ -61,12 +61,16 @@ COLOR_COLUMN="\e[1m-"
 COLOR_VALUE="\e[31m"
 RESET_COLORS="\e[0m"
 echo -e "
-===========================================================================
+==========================================================================
  $COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
- $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
- $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE $OS_RELEASE $RESET_COLORS
+{% if common_show_ipv6 == true %}
+ $COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS  
+ $COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS  
+{% else %} $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
+{% endif %}
+ $COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `cat {{ ansible_distribution_file_path }}` $RESET_COLORS
  $COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
-=========================================================================== $RESET_COLORS
+========================================================================== $RESET_COLORS
  $COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
  $COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
  $COLOR_COLUMN- CPU usage$RESET_COLORS...........: $COLOR_VALUE $LOAD1 - $LOAD5 - $LOAD15 (1-5-15 min) $RESET_COLORS
@@ -74,10 +78,7 @@ echo -e "
  $COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
  $COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
  $COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
- $COLOR_COLUMN- Disk space$RESET_COLORS..........: "
-for FS in ${FILESYSTEMS}; do
-echo -e " $COLOR_COLUMN- ..........$RESET_COLORS..........: $COLOR_VALUE `df -H ${FS} | grep -v 'Filesystem' | grep -v '^[[:space:]]*$' | awk '{print $6 " " $4}'` remaining $RESET_COLORS"
-done
-echo -e "
-===========================================================================
+ $COLOR_COLUMN- Disk space$RESET_COLORS..........: $COLOR_VALUE $ROOT remaining $RESET_COLORS
+==========================================================================
+`/usr/bin/cat /etc/motd`
 "

templates/etc.hosts.j2

@@ -4,7 +4,7 @@
 127.0.0.1   localhost {{ ansible_hostname }}
 ::1         localhost {{ ansible_hostname }}
 
-{{ ansible_default_ipv4.address }}  {{ ansible_hostname }}.{{ domain }} {{ ansible_hostname }}
+{{ ansible_default_ipv4.address }}  {{ ansible_hostname }}.{{ common_domain }} {{ ansible_hostname }}
 
 {# note: below block takes a list of ip -> name mappings
    applying them to the hosts file should the variable be

templates/etc.resolv.conf.j2

@@ -2,9 +2,9 @@
 ## DO NOT edit manually as changes will be overwritten ##
 
 # Search Domain
-search {{ domain }}
+search {{ common_domain }}
 
 # Use servers configured via Ansible
-{% for server in dns_servers %}
+{% for server in common_dns_servers %}
 nameserver {{ server }}
 {% endfor %}

templates/etc.sysconfig.network.j2

@@ -2,4 +2,4 @@
 ## DO NOT edit manually as changes will be overwritten ##
 
 NETWORKING=yes
-HOSTNAME={{ inventory_hostname }}.{{ domain }}
+HOSTNAME={{ inventory_hostname }}.{{ common_domain }}

terraform/.terraform.lock.hcl

@@ -1,22 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/linode/linode" {
-  version     = "1.16.0"
-  constraints = "1.16.0"
-  hashes = [
-    "h1:JpBtHnebAi6yr/aDdlk8EybaEiEY+VPtFP3o0QoMTng=",
-    "zh:03c867440797b82012cd5d97f58fef5885dc0248683227299a39af836df222db",
-    "zh:0486be7f72d6ea73d10140e23be8c1d2772b2d8be28c7bb39c73be83601405cf",
-    "zh:181929d6880cac6500f4af1f3799385c47ccd69872cacf1042a3a48e445b2b02",
-    "zh:18b7f6cc1ddf86e28322638607e1f84c1e9d56824c26903e22d4d12352f20b6e",
-    "zh:4e65e7f9e17c334ff7047fc2dd8fc479c2509cba66834d89e2033a45e9275fe3",
-    "zh:6077eda3fdf77a5158d9dc1a0c38492e23f7d679b1ac96382ba92ebe92e19266",
-    "zh:642e7c96867c519176d84228a7f9104352212ae3c999b409eee1076b7ed90a96",
-    "zh:6451f5117125fad9884214fe2f2635a2bed95912e64cf1c66a57c38558dfe907",
-    "zh:83b957b30da19586393b9aea2cc93524a7d4c43dd07d11129a11d29c2b4bfb21",
-    "zh:852954fe6cfe5278bd7c3d1079a9832bbf8c58436486489ed85154c0a0600633",
-    "zh:a2385c51147a3c40707f7bfceb673c077e1054e8af6fb4c808cef56f995b8193",
-    "zh:d21cd5cb5a635d18547430fe6cdfe3c6898541f9f3adc110edbf8d6e0439390d",
-  ]
-}

terraform/drone-runners.tf

@@ -1,58 +0,0 @@
-variable "drone_instances" {
-  description = "How many runner instances should there be?"
-  default = 3
-}
-variable "root_pass" {
-  description = "Root password to set on the node"
-}
-
-variable "linode_api_token" {
-  description = "Linode API Token"
-}
-
-variable "ssh_pubkey" {
-    description = "SSH key to be allowed access by default"
-}
-
-terraform {
-  required_providers {
-    linode = {
-      source = "linode/linode"
-      version = "1.16.0"
-    }
-  }
- backend "local" {
-         path = "/data/runner.tfstate"  
- }
-}
-
-provider "linode" {
-  token = var.linode_api_token
-}
-
-resource "linode_instance" "terraform-drone" {
-  connection { 
-               type = "ssh"
-               user = "root"
-               password = var.root_pass    
-               host     = self.ip_address  
-             }
-
-        count = var.drone_instances
-        image = "private/15818922"
-        label = "drone-runner-${count.index + 1}"
-        group = "docker"
-        tags = ["tag_Testing","docker"]
-        region = "ap-southeast"
-        type = "g6-standard-2"
-        authorized_keys = [ var.ssh_pubkey ]
-        root_pass = var.root_pass
-
-  provisioner "remote-exec" {
-    inline = [
-        "yum upgrade -y && systemctl restart docker",
-        "docker rm -f runner",
-        "docker run --detach --volume=/var/run/docker.sock:/var/run/docker.sock --env=DRONE_RPC_PROTO=https --env=DRONE_RPC_HOST=drone.guise.net.nz --env=DRONE_RPC_SECRET=super-duper-secret --env=DRONE_RUNNER_CAPACITY=2 --env=DRONE_RUNNER_NAME=drone-runner-${count.index + 1} --env=DRONE_RUNNER_LABELS='linodrone:true' --env=--publish=3000:3000 --restart=always --name=runner drone/drone-runner-docker:1"
-    ]
-  }
-}

utils.libsonnet

@@ -1,42 +0,0 @@
-{
-docker_service()::
- {
-   name: 'docker',
-   image: 'docker:dind',
-   privileged: true,
-   volumes: [{ name: 'dockersock', path: '/var/run' },],
- },
-
-email_notification()::
- {
-   name: 'notify by email',
-   image: 'drillster/drone-email',
-   settings:
-    { host: 'mail.guise.net.nz',
-      username:
-        { from_secret: 'EMAIL_USER' },
-      password:
-        { from_secret: 'EMAIL_PASS' },
-      from: 'drone@guise.net.nz'
-    },
-   when:
-     {  status: [ 'changed', 'failure' ] },
-  },
-
-test_distro(distribution)::
-  {
-    name: 'Test on %(distribution)s' % { distribution: distribution },
-    volumes: [{ name: 'dockersock', path: '/var/run' },],
-    image: 'guisea/ansible-molecule:latest',
-    commands: [
-      'sleep 10', // give docker enough time to start
-      'mkdir ${DRONE_REPO_NAME}',
-      'rsync -a . ${DRONE_REPO_NAME} --exclude ${DRONE_REPO_NAME}',
-      'cd ${DRONE_REPO_NAME}',
-      'molecule test'
-    ],
-    environment:
-     { MOLECULE_DISTRO: '%(distribution)s' % { distribution: distribution }
-     },
-  },
-}