group_vars/servers/vars

@@ -1,8 +1,5 @@
 certbot_email: "{{ vault_certbot_email }}"
 
-cockpit_2fa: true
-cockpit_has_reverse_proxy: true
-
 host_fqdn: "{{ vault_host_fqdn }}"
 
 porkbun_apikey: "{{ vault_porkbun_apikey }}"

playbooks/bootstrap.yml

@@ -10,7 +10,7 @@
 
     - role: os_el
       become: true
-      when: ansible_distribution in [ "AlmaLinux", "CentOS", "Rocky" ]
+      when: ansible_distribution in [ "AlmaLinux", "CentOS" ]
 
     # Upgrade all packages and install the basic-bitch ones
     - role: base_system

roles/base_system/tasks/upgrade.yml

@@ -4,16 +4,16 @@
     name: "*"
     state: latest
     update_cache: true
-  when: ansible_facts.pkg_mgr == "apt"
+  when: ansible_distribution in [ "Debian", "Ubuntu" ]
 
 - name: Upgrade all packages with ‹dnf›
   ansible.builtin.dnf:
     name: "*"
     state: latest
-  when: ansible_facts.pkg_mgr == "dnf"
+  when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora" ]
 
 - name: Upgrade all packages with ‹zypper›
   community.general.zypper:
     name: "*"
     state: latest
-  when: ansible_facts.pkg_mgr == "zypper"
+  when: "'openSUSE' in ansible_distribution"

roles/cockpit/defaults/main.yml

@@ -3,9 +3,3 @@
 # reverse proxy (adjusts the origin, so that the Cockpit doesn't drop sessions,
 # and checks for SSL/TLS connections)
 cockpit_has_reverse_proxy: false
-
-# Boolean variable that denotes whether to install dependencies for 2FA auth
-# to Cockpit (Google Authenticator and QR encoding utilities for enrolling the
-# OTP), also installs the rule to the ‹pam.d› so that the 2FA is required for
-# logging in to the Cockpit.
-cockpit_2fa: false

roles/cockpit/tasks/install.yml

@@ -3,11 +3,3 @@
   ansible.builtin.package:
     name: cockpit
     state: present
-
-- name: Install deps for 2FA in Cockpit
-  ansible.builtin.package:
-    name:
-      - google-authenticator
-      - qrencode-libs
-    state: present
-  when: cockpit_2fa

roles/cockpit/tasks/main.yml

@@ -12,16 +12,6 @@
     group: root
   when: cockpit_has_reverse_proxy
 
-- name: Require 2FA for logging into the Cockpit
-  ansible.builtin.lineinfile:
-    line: auth required pam_google_authenticator.so nullok
-    path: /etc/pam.d/cockpit
-    create: true
-    mode: 0644
-    owner: root
-    group: root
-  when: cockpit_2fa
-
 - name: Enable cockpit
   ansible.builtin.service:
     name: "cockpit.socket"

roles/editor_helix/tasks/install_Rocky.yml

@@ -1 +0,0 @@
-install_fedora-family.yml

roles/editor_helix/tasks/install_fedora-family.yml

@@ -1,4 +1,11 @@
 ---
+- name: Enable the Copr
+  community.general.copr:
+    name: varlad/helix
+    state: enabled
+  when: ansible_distribution not in ("AlmaLinux")
+  become: true
+
 - name: Install the Helix
   ansible.builtin.package:
     name: helix

roles/secrets_hcv/tasks/install_Rocky.yml

@@ -1 +0,0 @@
-install_el.yml

roles/secrets_hcv/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Install HC Vault via package manager
-  when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Rocky", "Ubuntu"]
+  when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Ubuntu"]
   tags: install
   block:
     - name: Enable repository

roles/shell_zsh/tasks/install.yml

@@ -34,4 +34,4 @@
     name: yad
     state: present
   become: true
-  when: 'ansible_distribution not in [ "AlmaLinux", "Rocky" ] and "openSUSE" not in ansible_distribution'
+  when: 'ansible_distribution not in [ "AlmaLinux" ] and "openSUSE" not in ansible_distribution'

roles/ssh_server/tasks/main.yml

@@ -55,4 +55,4 @@
 
 - name: Set trusted CA
   ansible.builtin.include_tasks: trusted_ca.yml
-  when: ssh_server_auth_trusted_ca
+  when: sshd_auth_trusted_ca

roles/yubikey_pam/tasks/install.yml

@@ -3,7 +3,7 @@
   ansible.builtin.package:
     name: pam_yubico
     state: present
-  when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora", "Rocky" ]
+  when: ansible_distribution in [ "AlmaLinux", "CentOS", "Fedora" ]
 
 - name: Enable PPA on Ubuntu
   ansible.builtin.apt_repository: