set up or initialized Python project

.bin/ansible_aliases

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -euo pipefail
+
+alias ansible-galaxy="/usr/bin/ansible-galaxy"
+alias ansible-vault="/usr/bin/ansible-vault"
+alias ansible-playbook="/usr/bin/ansible-playbook"

.bin/skansible.sh

@@ -0,0 +1,187 @@
+#!/bin/bash
+set -euo pipefail
+
+SKATO_ANSIBLE_ROOT=$(dirname "$0")
+SKATO_ANSIBLE_ROOT=$(dirname "$SKATO_ANSIBLE_ROOT")
+export SKATO_ANSIBLE_ROOT
+printf "root=%s\n" "$SKATO_ANSIBLE_ROOT" > "./config" # INI format
+export SKATO_BOOTSTRAP_ROLE="${SKATO_ANSIBLE_ROOT}/roles/bootstrap"
+export SKANSIBLE_SECRETS="${SKATO_ANSIBLE_ROOT}/.secrets"
+
+if [[ -f "./ansible_aliases" ]]; then
+    source ./ansible_aliases
+fi
+
+# Relative directory paths for role templates/files
+export SKANSIBLE_ARIA="aria2"
+export SKANSIBLE_PROFTPD="proftpd"
+export SKANSIBLE_PROFTPD_CONFS="${SKANSIBLE_PROFTPD}/conf.d"
+# @NOTE below 4 filepaths have filenames that must correspond to 
+# the filenames in role ProFTPd templates'/files' Display settings 
+export SKANSIBLE_PROFTPD_CONFS_WELCOME="${SKANSIBLE_PROFTPD}/conf.d/WELCOME.txt"
+export SKANSIBLE_PROFTPD_CONFS_BANNER="${SKANSIBLE_PROFTPD}/conf.d/BANNER.txt"
+export SKANSIBLE_PROFTPD_CONFS_SUCCESS="${SKANSIBLE_PROFTPD}/conf.d/SUCCESS.txt"
+export SKANSIBLE_PROFTPD_CONFS_EXIT="${SKANSIBLE_PROFTPD}/conf.d/BYE.txt"
+export SKANSIBLE_SSHD_CONFS="sshd_config.d"
+export SKANSIBLE_SYSTEMD="systemd"
+export SKANSIBLE_SYSTEMD_USER_UNITS="${SKANSIBLE_SYSTEMD}/user"
+export SKANSIBLE_FAIL2BAN="fail2ban"
+export SKANSIBLE_FAIL2BAN_JAILS="${SKANSIBLE_FAIL2BAN}/jail.d"
+export SKANSIBLE_FAIL2BAN_FILTERS="${SKANSIBLE_FAIL2BAN}/filter.d"
+export SKANSIBLE_GITCONFIG_CONFS="gitconfig.d"
+# @NOTE files in here must have extension "key" with IDs in  
+# "gpg_keys" inventory variable list as basenames.
+export SKANSIBLE_GPG="gnupg"
+# @NOTE files in path below must have extensions "key" (private), 
+# "crt" (signed), or "pem" (public) with inventory host FQDN as basename
+export SKANSIBLE_SSL="ca-certificates"
+
+set-root () {
+    if [[ $# -eq 0 ]]; then
+        SKATO_ANSIBLE_ROOT=$(awk -F "=" '/root/ {print $2}' "./config")
+        export SKATO_ANSIBLE_ROOT
+    elif [[ -z "$1" ]]; then
+        SKATO_ANSIBLE_ROOT="$1"
+        export SKATO_ANSIBLE_ROOT
+        sed -i 's|^(root=).*||g' "./config"
+        sed -i "1 i\root=${SKATO_ANSIBLE_ROOT}" "./config"
+    fi
+}
+
+gxy () {
+    ansible-galaxy "$@"
+}
+
+vult () {
+    ansible-vault "$@"
+}
+
+play () {
+    ansible-playbook "$@"
+}
+
+import-gpg () {
+    for id in "$@";
+    do
+        gpg --export-secret-keys "$id" > "${SKATO_BOOTSTRAP_ROLE}/files/${SKANSIBLE_GPG}/${id}.key"
+        printf "Please manually add GPG key with 'id' of '%s' in 'users.\$username.gpg_keys' list of inventory file." "$id"
+    done
+    printf "Please manually change ID attribute of GPG keys in 'users.\$username.gpg_keys' list of inventory file."
+}
+
+import-ssl () {
+    for domain in "$@";
+    do
+        cp "/usr/local/share/ca-certificates/${domain}.key" "${SKATO_BOOTSTRAP_ROLE}/files/${SKANSIBLE_SSL}/${domain}.key"
+        cp "/usr/local/share/ca-certificates/${domain}.pem" "${SKATO_BOOTSTRAP_ROLE}/files/${SKANSIBLE_SSL}/${domain}.pem"
+        cp "/usr/local/share/ca-certificates/${domain}.crt" "${SKATO_BOOTSTRAP_ROLE}/files/${SKANSIBLE_SSL}/${domain}.crt"
+        printf "Please manually change 'fqdn' attribute in inventory group or host variable file to '%s'." "$domain"
+    done
+}
+
+import () {
+    case "$1" in
+        ssl) shift; import-ssl "$@";;
+        gpg) shift; import-gpg "$@";;
+        *) exit 1;;
+    esac
+}
+
+decrypt () {
+    while getopts "mv:i:d:" flag; do
+        case "$flag" in
+            m) METHOD=$OPTARG;;
+            v) VAULT_ID=$OPTARG;;
+            i) INPUT_FILE=$OPTARG;;
+            d) OUTPUT_PATH=$OPTARG;;
+            *) exit 1;;
+        esac
+    done
+
+    if ! [[ "$VAULT_ID" == *"@"* ]]; then
+        ID_TAG="$VAULT_ID"
+
+        if [[ "$METHOD" == "prompt" ]]; then
+            VAULT_ID="${VAULT_ID}@prompt"
+        elif [[ "$METHOD" == "file" ]]; then
+            if [[ -z "$INPUT_FILE" ]]; then
+                exit 1
+            else
+                VAULT_ID="${VAULT_ID}@${INPUT_FILE}"
+            fi
+        else
+            exit 1
+        fi
+    fi
+
+    if [[ -z "$OUTPUT_PATH" ]]; then
+        OUTPUT_FILE="${SKANSIBLE_SECRETS}/${ID_TAG}.txt"
+    else
+        mkdir -p "${SKANSIBLE_SECRETS}/${OUTPUT_PATH}"
+        OUTPUT_FILE="${SKANSIBLE_SECRETS}/${OUTPUT_PATH}/${ID_TAG}.txt"
+    fi
+
+    ansible-vault decrypt --vault-id "$VAULT_ID" --output "$OUTPUT_FILE" "$INPUT_FILE"
+}
+
+encrypt () {
+    while getopts "mv:d:pn:" flag; do
+        case "$flag" in
+            m) METHOD="$OPTARG";;
+            v) VAULT_ID="$OPTARG";;
+            d) PASS_PATH="$OPTARG";;
+            p) read -rp "Provide intended password: " PASSWORD;;
+            n) VAR_NAME="$OPTARG";;
+            *) exit 1;;
+        esac
+    done
+
+    while [[ -z "$PASSWORD" ]]; do
+        printf "Password missing. \nPlease specify a password. \n"
+        read -rp "Provide intended password: " PASSWORD
+    done
+
+    if ! [[ "$VAULT_ID" == *"@"* ]]; then
+        ID_TAG="${VAULT_ID}"
+
+        if [[ "$METHOD" ==  "prompt" ]]; then
+            VAULT_ID="${VAULT_ID}@prompt"
+        elif [[ "$METHOD" == "file" ]]; then
+            if [[ -z "$PASS_PATH" ]]; then
+                PASS_FILE="${SKANSIBLE_SECRETS}/${VAULT_ID}.txt"
+            else
+                mkdir -p "${SKANSIBLE_SECRETS}/${PASS_PATH}"
+                PASS_FILE="${SKANSIBLE_SECRETS}/${PASS_PATH}/${VAULT_ID}.txt"
+            fi
+            printf "%s\n" "$PASSWORD" > "$PASS_FILE"
+            VAULT_ID="${VAULT_ID}@${PASS_FILE}"
+        fi
+    fi
+
+    printf "Make sure to copy following to appropriate location in appropriate YAML file under %s: \n" "$SKATO_ANSIBLE_ROOT"
+    if [[ -z "$VAR_NAME" ]]; then
+        ansible-vault encrypt_string --name "$VAR_NAME" --stdin-name "$VAR_NAME" --vault-id "$VAULT_ID" --output - "$PASSWORD"
+    else
+        ansible-vault encrypt_string --stdin-name "$ID_TAG" --vault-id "$VAULT_ID" --output - "$PASSWORD"
+    fi
+    YAMLS_WITH_PASSWORDS=("${SKATO_BOOTSTRAP_ROLE}/vars/main/software.yml" "${SKATO_BOOTSTRAP_ROLE}/defaults/main/software.yml")
+    printf "Examples of common YAML files passwords may be in: \n"
+    printf "    1. any YAML file in %s \n" "${SKATO_ANSIBLE_ROOT}/hostvars"
+    printf "    2. any YAML file in %s \n" "${SKATO_ANSIBLE_ROOT}/groupvars"
+    for i in "${!YAMLS_WITH_PASSWORDS[@]}"; do
+        printf "    %u. %s \n" "$(( i + 3 ))" "${YAMLS_WITH_PASSWORDS[$i]}"
+    done
+}
+
+# source ./extensions.d/edit.sh
+
+case "$1" in
+    set-root) shift; set-root "$1";;
+    gxy) shift; gxy "$@";;
+    vult) shift; vult "$@";;
+    play) shift; play "$@";;
+    import) shift; import "$@";;
+    decrypt) shift; decrypt "$@";;
+    encrypt) shift; encrypt "$@";;
+    *) exit 1;;
+esac

.env

@@ -0,0 +1,28 @@
+SKATO_ANSIBLE_ROOT=$(dirname "$0")
+SKATO_ANSIBLE_ROOT=$(dirname "$SKATO_ANSIBLE_ROOT")
+SKATO_BOOTSTRAP_ROLE="${SKATO_ANSIBLE_ROOT}/roles/bootstrap"
+SKANSIBLE_SECRETS="${SKATO_ANSIBLE_ROOT}/.secrets"
+
+# Relative directory paths for role templates/files
+SKANSIBLE_ARIA="aria2"
+SKANSIBLE_PROFTPD="proftpd"
+SKANSIBLE_PROFTPD_CONFS="${SKANSIBLE_PROFTPD}/conf.d"
+# @NOTE below 4 filepaths have filenames that must correspond to 
+# the filenames in role ProFTPd templates'/files' Display settings 
+SKANSIBLE_PROFTPD_CONFS_WELCOME="${SKANSIBLE_PROFTPD}/conf.d/WELCOME.txt"
+SKANSIBLE_PROFTPD_CONFS_BANNER="${SKANSIBLE_PROFTPD}/conf.d/BANNER.txt"
+SKANSIBLE_PROFTPD_CONFS_SUCCESS="${SKANSIBLE_PROFTPD}/conf.d/SUCCESS.txt"
+SKANSIBLE_PROFTPD_CONFS_EXIT="${SKANSIBLE_PROFTPD}/conf.d/BYE.txt"
+SKANSIBLE_SSHD_CONFS="sshd_config.d"
+SKANSIBLE_SYSTEMD="systemd"
+SKANSIBLE_SYSTEMD_USER_UNITS="${SKANSIBLE_SYSTEMD}/user"
+SKANSIBLE_FAIL2BAN="fail2ban"
+SKANSIBLE_FAIL2BAN_JAILS="${SKANSIBLE_FAIL2BAN}/jail.d"
+SKANSIBLE_FAIL2BAN_FILTERS="${SKANSIBLE_FAIL2BAN}/filter.d"
+SKANSIBLE_GITCONFIG_CONFS="gitconfig.d"
+# @NOTE files in here must have extension "key" with IDs in  
+# "gpg_keys" inventory variable list as basenames.
+SKANSIBLE_GPG="gnupg"
+# @NOTE files in path below must have extensions "key" (private), 
+# "crt" (signed), or "pem" (public) with inventory host FQDN as basename
+SKANSIBLE_SSL="ca-certificates"

.gitignore

@@ -1,4 +1,4 @@
-.env/
+.venv/
 *.bak
 hosts.yml
 .secrets/*
@@ -17,3 +17,4 @@ motd
 banner
 .galaxy_cache/
 galaxy_token
+uv.lock

.python-version

@@ -0,0 +1 @@
+3.13

README.md

@@ -1,25 +1,39 @@
 # SUKAATO Ansible
 
-This repository is for automating the management of the configuration of, and the provisioning of software for, my virtual private servers using [Ansible](https://www.redhat.com/en/ansible-collaborative?intcmp=7015Y000003t7aWQAQ). This repository is especially useful for setting up the virtual private server(s) that is(/are) to host and serve my website(s). It is also meant to be useful for provisioning of software and the configuration of that software for personal or household LAN computers.
+This repository is for automating the management of the configuration of, and the provisioning of software for, my virtual private servers using [Ansible](https://www.redhat.com/en/ansible-collaborative?intcmp=7015Y000003t7aWQAQ). It's main purpose is to spin up the VPSs, create initial users and groups, import SSH or GPG keys, lock down SSH access or harden SSH, and then install and configure packages available to the given package manager of the operating system. The `bootstrap` role in here serves to abstract some of these tasks for our main playbook files.
 
-## Installation and Use
+## Variable Names and Their Scopes
 
-All files with file extension `.example` must be converted to [YAML](https://yaml.org/) files that follow their semantics and naming (or follow the minimum bare "namespace" nesting for dictionaries or lists thereof) *prior* to executing any given [play or task](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_intro.html). For more on semantics and naming conventions see the [mini-documentation](#mini-documentation).
+To be able to make use of the Ansible playbooks, it is necessary to specify some variables in or at relevant scopes, though some may have some defaults. The relevant scopes variables are defined in, for our purposes, are:
 
-> [!IMPORTANT]
-> Keep in mind files with the `.example` extension may also be present recursively under given [role](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html) directories (i.e., under path `${SUKAATO_ANSIBLE_PROJECT}/.ansible/roles/**/**/`).
+- Ansible **inventory scope**: corresponds to variables inside per-hostname files in `group_vars` or `host_vars` directories, or the inventory file itself, i.e. `hosts.ini` or `hosts.yml`. The inventory file has some enforced naming conventions to be covered later or elsewhere.
+- Ansible **role scope**: corresponds to variables found in files inside the `defaults` / `vars` directory in a role directory, or variables found in files inside subdirectory `main` in either `defaults` or `vars` directory of that role directory. There are favored conventional directory structures within which these variables are specified in the aforementioned directories, to be covered later or elsewhere.
 
-## Mini-Documentation
+Other variables that tend to have default definitions as is but that may be of interest are those found in Jinja templates of roles, in this case of the role `bootstrap`. Look through the `bootstrap` role's `templates` directory and you will discover them--most of them defined in role tasks or handlers that make reference to them. However, more information may be found elsewhere.
 
-### Available Roles
+### Inventory Scope
 
-To surmise, the available or planned [roles](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html) are as follows (and are all found under `${SUKAATO_ANSIBLE_PROJECT}/.ansible/roles`):
+Herein are listed the relevant variables at or in the *inventory* scope. These must be specified for a specific inventory host or group, typically in their corresponding files under `group_vars` or `host_vars`. Some variables must take in a dictionary type to be valid. To save space, there will be more detail on what keys are required or optional for such dictionaries [elsewhere](https://git.sukaato.moe/admin/skato-ansible/wiki/Inventory-Scope) and not here.
 
-role name | purpose
----|---
-lockdown | creating initial `sudo`-capable user, disabling system/SSH root login, setting up key-based SSH authentication, transferring GPG keys, configuring environment, hardening system
-bootstrap | installing programming language and server/container packages, installing extra system managers and essential utilities, configuring and running servers/services/containers
-postinstall | installing and configuring custom sets of packages, largely non-server related and not essential
+name | type | value validity rule
+---|---|---
+`fqdn` | `<str>` | fully qualified domain name
+`vps_service` | `<dict{<str>:<str\|bool\|list>}>` | valid fields providing data for spinning up new VPS
+`groups` | `<dict{$group_name:<dict>}>` | fields/keys that are group names with data configuring that group
+`users` | `<dict{$user_name:<dict>}>` | fields/keys that are user names with data configuring that user
+`keywords` | `<list[<str>]>` | strings that describe the VPS, useful for applying tags if allowed by API
+`custom_vars` | `<dict{<str>:<any>}>` | your own custom variables, though there are some reserved variable names for this namespace
+
+### Role Scope
+
+Herein are listed the relevant variables at or in the *role* scope. These must be specified for a set of role tasks expected to run in a playbook for the host specified for its play. Some variables must take in a dictionary type to be valid. To save space, there will be more detail on what keys are required or optional for such dictionaries [elsewhere](https://git.sukaato.moe/admin/skato-ansible/wiki/Role-Scope) and not here.
+
+name | type | value validity rule
+---|---|---
+`software` | `<dict{<str>:<dict>}>` | valid fields providing data for software installations
+`config` | `<dict{$software_name:<dict>}>` | software name fields providing data for configuring that software
+
+## Installation
 
 > **TBC**
-> This README is yet unfinished. Check back later.
+> This README is yet unfinished and unverified. Check back later.

host_vars/vps1

@@ -2,7 +2,7 @@
 ---
 # vars file
 custom_vars:
-  generality:
+  shared:
     ssh_authorized_keys:
       - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIO0sbFLwfgSWpWwn4cy4cddKvV74efUMZVYTTjX2vnjAAAABHNzaDo= rika@hikiki
       - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHJqHHMplgqm8yiq4Qwisk67p9+f9sLM8tIAzuw2qkwpAAAABHNzaDo= rika@hikiki
@@ -56,6 +56,7 @@ groups:
   remote:
     group_name: remote
     type: system
+    id: ~
 users:
   # @NOTE key/field names MUST match value of 'username' key or field of its object
   senpai:
@@ -81,8 +82,8 @@ users:
       - sudo
       - "{{ groups.remote.group_name }}"
     services: [sshd]
-    ssh_authorized_keys: "{{ custom_vars.generality.ssh_authorized_keys }}" 
-    ssh_private_key_paths: "{{ custom_vars.generality.ssh_private_key_paths }}"
+    ssh_authorized_keys: "{{ custom_vars['shared']['ssh_authorized_keys'] }}" 
+    ssh_private_key_paths: "{{ custom_vars['shared']['ssh_private_key_paths'] }}"
     ssh_private_key_path_pref: 0
     gpg_keys:
       - id: 558041D5CF2AB23B # @NOTE professional
@@ -128,8 +129,8 @@ users:
     groups:
       - "{{ groups.remote.group_name }}"
     services: [proftpd,sftp,ftps]
-    ssh_authorized_keys: "{{ custom_vars.generality.ssh_authorized_keys }}" 
-    ssh_private_key_paths: "{{ custom_vars.generality.ssh_private_key_paths }}"
+    ssh_authorized_keys: "{{ custom_vars['shared']['ssh_authorized_keys'] }}" 
+    ssh_private_key_paths: "{{ custom_vars['shared']['ssh_private_key_paths'] }}"
     ssh_private_key_path_pref: 0
     gpg_keys: []
     gpg_keyid_pref: 0

playbooks/init.yml

@@ -13,7 +13,7 @@
         private_ip: true
         region: "{{ vps_service.region }}"
         root_pass: "{{ vps_service.password }}"
-        tags: "{{ hostvars[inventory_hostname].keywords }}" 
+        tags: "{{ keywords }}" 
         state: "{{ 'present' if vps_service.exists else 'absent' }}"
       tags:
         - vps_step

pyproject.toml

@@ -0,0 +1,12 @@
+[project]
+name = "skansible"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+requires-python = ">=3.13"
+dependencies = [
+    "ansible>=13.1.0",
+    "ansible-lint>=25.12.1",
+    "ansible-navigator>=25.12.0",
+    "click>=8.3.1",
+]

roles/bootstrap/handlers/proftpd.yml

@@ -14,7 +14,7 @@
         group: "{{ item[0]['group'] | default(item[0]['username']) }}"
         path: "{{ item[0]['home'] | default('/home/' ~ item[0]['username']) }}/{{ item[1]['username'] }}"
         state: directory
-      loop: "{{ hostvars[inventory_hostname]['users'].values() | product(config['proftpd']['vusers'].values()) }}"
+      loop: "{{ hostvars[inventory_hostname]['users'].values() | product(config['proftpd']['users'].values()) }}"
     - name: Create ProFTPd FTP public directory for anonymous logins
       when: "'ftps' in item.value['services']"
       ansible.builtin.file:
@@ -65,7 +65,7 @@
             owner: root
             path: "{{ item.value }}"
             state: touch
-          loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['auth_filepaths']) }}"
+          loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['auth_paths']) }}"
         - name: Create the virtual users
           when: "not 'caddy' in item.value['services'] and not 'httpd' in item.value['services'] and not 'www-data' in item.value['services'] and not 'http' in item.value['services'] and not 'https' in item.value['services']"
           ansible.builtin.command:
@@ -73,14 +73,14 @@
               - ftpasswd
               - --passwd
               - "--name={{ item.value['username'] }}"
-              - "--uid=$(id -u {{ item.value['id_of'] }})"
-              - "--gid=$(id -g {{ item.value['gid_of'] }})"
+              - "--uid=$(id -u {{ item.value['id'] }})"
+              - "--gid=$(id -g {{ item.value['gid'] }})"
               - "--home={{ hostvars[inventory_hostname]['users']['ftp']['home'] | default('/srv/ftp') }}/{{ item.value['username'] }}"
               - --shell=/sbin/nologin
-              - --file={{ config['proftpd']['auth_filepaths']['users_path'] }}
+              - --file={{ config['proftpd']['auth_paths']['users'] }}
               - --stdin
             stdin: "{{ item.value['password'] }}"
-          loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['vusers']) }}"
+          loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['users']) }}"
         - name: Create the virtual groups of virtual users
           when: "not 'caddy' in item.value['services'] and not 'httpd' in item.value['services'] and not 'www-data' in item.value['services'] and not 'http' in item.value['services'] and not 'https' in item.value['services']"
           ansible.builtin.command:
@@ -88,10 +88,10 @@
               - ftpasswd
               - --group
               - "--name={{ item.value['username'] }}"
-              - "--gid=$(id -g {{ item.value['gid_of'] }})"
+              - "--gid=$(id -g {{ item.value['gid'] }})"
               - "--member={{ item.value['username'] }}"
-              - --file={{ config['proftpd']['auth_filepaths']['groups_path'] }}
-          loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['vusers']) }}"
+              - --file={{ config['proftpd']['auth_paths']['groups'] }}
+          loop: "{{ lookup('ansible.builtin.dict', config['proftpd']['users']) }}"
     # @TODO create tasks in block integrating LDAP users to ProFTPd
     # - name: Integrate LDAP users into ProFTPd
     - name: Create ProFTPd FTPS virtual host
@@ -108,9 +108,9 @@
         validate: proftpd --configtest
       vars:
         ftp_server_name: "{{ config['proftpd']['name'].uppercase() }}'s Archive'"
-        allowed_users: "{{ ','.join(list(map(lambda u: u['username'], filter(lambda u: not 'http' in u['services'] and not 'https' in u['services'] and not 'httpd' in u['services'] and not 'caddy' in u['services'] and not 'www-data' in u['services'], config['proftpd']['vusers'].values())))) }}"
+        allowed_users: "{{ ','.join(list(map(lambda u: u['username'], filter(lambda u: not 'http' in u['services'] and not 'https' in u['services'] and not 'httpd' in u['services'] and not 'caddy' in u['services'] and not 'www-data' in u['services'], config['proftpd']['users'].values())))) }}"
         anon_root: "{{ map(lambda u: u['home'], filter(lambda u: 'ftps' in u['services'] or 'proftpd' in u['services'], hostvars[inventory_hostname]['users'].values())) | list | random }}/public"
-        anon_user: "{{ config['proftpd']['vusers']['smuggler']['username'] }}"
+        anon_user: "{{ config['proftpd']['users']['smuggler']['username'] }}"
     - name: Set ProFTPd jail in fail2ban
       block:
         - name: Create fail2ban system configuration directory

roles/bootstrap/meta/main.yml

@@ -1,12 +1,9 @@
 # SPDX-License-Identifier: MIT-0
 galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
+  author: Alex Tavarez
+  description: A role that aids in the deployment and bootstrapping of a new VPS.
+  company: SUKAATO
+  issue_tracker_url: https://git.sukaato.moe/admin/skato-ansible/issues
 
   # Choose a valid license ID from https://spdx.org - some suggested licenses:
   # - BSD-3-Clause (default)
@@ -16,20 +13,13 @@ galaxy_info:
   # - Apache-2.0
   # - CC-BY-4.0
   license: license (GPL-2.0-or-later, MIT, etc)
+  min_ansible_version: "2.1"
+  galaxy_tags:
+    - sukaato
+    - vps
+    - server
+    - web
 
-  min_ansible_version: 2.1
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
+dependencies:
+  - community.general
+  # - containers.podman

roles/bootstrap/templates/aria2/aria2.conf.j2

@@ -15,7 +15,7 @@ rpc-allow-origin-all=true
 rpc-max-request-size=10M
 rpc-listen-all=true
 rpc-listen-port=6800
-rpc-secret={{ config.aria.secret }}
+rpc-secret={{ config['aria']['api_key'] }}
 # rpc-certificate=
 # rpc-private-key=
 # rpc-secure=true

roles/bootstrap/templates/proftpd/conf.d/vhost@vps1-fq.dn.conf.example.j2

@@ -20,8 +20,8 @@
 
         # AuthOrder mod_auth_pam.c mod_auth_unix.c*
         AuthOrder mod_auth_file.c
-        AuthUserFile {{ config.proftpd.auth_filepaths.users_path }}
-        AuthGroupFile {{ config.proftpd.auth_filepaths.groups_path }}
+        AuthUserFile {{ config.proftpd.auth_paths.users }}
+        AuthGroupFile {{ config.proftpd.auth_paths.groups }}
         AuthFileOptions SyntaxCheck
 
         TLSEngine on

roles/bootstrap/vars/main/software.yml

@@ -249,16 +249,16 @@ config:
       editor: nvim
   proftpd:
     name: "{{ hostvars[inventory_hostname].fqdn.split('.')[0] }}"
-    auth_filepaths:
-      users_path: /etc/proftpd/ftpd.passwd
-      groups_path: /etc/proftpd/ftpd.group
+    auth_paths:
+      users: /etc/proftpd/ftpd.passwd
+      groups: /etc/proftpd/ftpd.group
     msg:
       welcome: "Our head librarians Furcas and Marbas welcome you!"  
-    vusers:
+    users:
       webmaster:
         username: webmaster
-        id_of: "{{ ['caddy', 'www-data'][0] }}"
-        gid_of: "{{ ['caddy', 'www-data'][0] }}"
+        id: "{{ ['caddy', 'www-data'][0] }}"
+        gid: "{{ ['caddy', 'www-data'][0] }}"
         # @TODO create vaulted password for this ProFTPd virtual user
         password: !vault |
           $ANSIBLE_VAULT;1.2;AES256;vps1-webmaster
@@ -270,8 +270,8 @@ config:
         services: [http,https]
       smuggler:
         username: smuggler
-        id_of: "{{ hostvars[inventory_hostname].users.ftp.username }}"
-        gid_of: "{{ hostvars[inventory_hostname].users.ftp.group | default(hostvars[inventory_hostname].users.ftp.username) }}"
+        id: "{{ hostvars[inventory_hostname].users.ftp.username }}"
+        gid: "{{ hostvars[inventory_hostname].users.ftp.group | default(hostvars[inventory_hostname].users.ftp.username) }}"
         # @TODO create vaulted password for this ProFTPd virtual user
         password: !vault |
           $ANSIBLE_VAULT;1.2;AES256;vps1-smuggler
@@ -293,5 +293,5 @@ config:
     phone_region: US
   aria:
     checksum: ~
-    secret: ~
+    api_key: ~
 

tasks.org

@@ -3,6 +3,11 @@
 #+language: en
 
 * PLANNED
+** DONE [#A] Write documentation on the expected conventional names to be used in the inventory file
+** DONE [#A] Write documentation on the expected conventional paths to be used in the inventory file
+** TODO [#A] Create Python Click library/package- based CLI
+** TODO [#A] Soft-code relative paths for role files/templates in Ansible tasks/plays
+** TODO [#A] Soft-code project root and paths to passwords/secrets files for Ansible tasks/plays
 ** TODO [#A] Rewrite dot notation usage of keys for accessing values in custom dictionary variables to bracket notation usage of keys across whole project
 
 * IN PROGRESS