systemd is a System and Service Manager that "runs as PID 1 and starts the rest of the system".
This repo contains an Ansible role for configuring systemd on Debian, this role has been designed to be as generic as possible in order to enable to it be used to configure any systemd service.
On Debian Buster and Bullseye when the backports repo is enabled this role will install systemd from backports, the Webarchitects apt Ansible role can be used to enable backports.
See the defaults/main.yml file for the default variables and meta/argument_specs.yml for the variable specification.
Set the systemd variable to false to prevent any tasks in this role being run.
The systemd variable defaults to true.
The systemd_delete_broken_symlinks variable is a boolean, when true is results in this role deleting broken symlinks found in the /etc/systemd directory, it defaults to false.
The systemd_delete_devnull_symlinks variable is a boolean, when true is results in this role deleting symlinks that point to /dev/null in the /etc/systemd directory, it defaults to false.
The systemd_timesyncd_reboot variable is a boolean, when true servers which have incorrect clocks will be rebooted by this role in an attempt to correct their clocks, it defaults to false.
This variable is only used if there is a item in the systemd_units list with the name systemd-timesyncd.
The systemd_tz variable is a string for the time zone to be used when configuring systemd-timesyncd, (the hardware clock is set to UTC), it defaults to Etc/UTC, which is fine for a server however for a desktop or laptop you will want to use a value like Europe/London.
This variable is only used if there is a item in the systemd_units list with the name systemd-timesyncd.
The systemd_units array is a list of systemd units to configure, for example:
systemd_units:
- name: systemd-timesyncd
files:
- path: /etc/systemd/timesyncd.conf.d/timesyncd.conf
comment: |
Entries in this file show the compile time defaults.
You can change settings by editing this file.
Defaults can be restored by simply deleting this file.
See timesyncd.conf(5) for details.
conf:
Time:
NTP: 0.pool.ntp.org 1.pool.ntp.org 3.pool.ntp.org 2.pool.ntp.org
state: present
pkgs:
- systemd-timesyncd
state: enabled
verify: systemd-timesyncd.service
- name: systemd-networkd
files:
- path: /etc/systemd/network/eth0.network
state: templated
comment: Additional IP address added to the eth0 interface.
conf:
Match:
Name: eth0
Type: ether
Network:
Address:
- 192.168.0.2/24
- 192.168.0.3/24
Gateway: 192.168.0.1
verify: networking.serviceThe systemd_units list variables follow:
The name for the systemd_units list item is the name of the systemd unit to configure.
It is used as the name for the Ansible systemd module:
This parameter takes the name of exactly one unit to work with.
When no extension is given, it is implied to a
.serviceas systemd.When using in a chroot environment you always need to specify the name of the unit with the extension. For example,
crond.service.
You can generate a YAML list of all the unit names:
systemctl list-unit-files | jc --systemctl-luf | jp [].unit_file | yq -PSee also the systemd unit configuration documentation.
The files variable for the systemd_units list item is an array of files to be configured for the unit, items in the files list can use the following variables:
The path for the item in the files list is used for the full filesystem path to the file to configure, this variables is required.
The comment for the item in the files list can be used for adding commented text to the top of the file.
The conf dictionary for the item in the files list defines the systemd file contents in the form of a YAML dictionary.
The depth of the dictionary defines the type of file that will be configured, fir example to enerate a systemd environment file (conf depth zero):
conf:
Time:The dictionary is converted into a file containing an empty section:
[Time]To generate a systemd environment file (conf depth one):
conf:
FOO: barThe dictionary is converted into a environmental variables file:
FOO=barSee the systemd environment configuration documentation.
To generate generate a systemd unit file without any duplicated entries (conf depth two):
conf:
Unit:
Description: Docker Compose container starterThe dictionary is converted into a file:
[Unit]
Description=Docker Compose container starterWhen duplicate entries are allowed a YAML list is used (conf depth three):
conf:
Network:
Address:
- 192.168.0.2/24
- 192.168.0.3/24The list items are are converted into duplicated keys:
[Network]
Address=192.168.0.2/24
Address=192.168.0.3/24Note that the documentation for the general syntax of systemd configuration files includes:
Boolean arguments used in configuration files can be written in various formats. For positive settings the strings
1,yes,trueandonare equivalent. For negative settings, the strings0,no,falseandoffare equivalent.
If you want a value that is used as a boolean in a systemd unit file to be treated as a string you need to quote it, for example "yes", if you don't quote it then Ansible will consider numbers to be integers in the case of 1 or 0 and unquoted true and false will be booleans, the unit template, templates/unit.j2 is set to lower case booleans to avoid them becoming True and False.
Also note that duplicated sections are allowed by systemd however this role doesn't support duplicated sections in the same file.
When files are updated or deleted backups are created based on the existing file name but prefixed with a leading . and suffixed with a timestamp in ISO8601 format and the file extension .bak.
The state of the item in the files list can optionally be set to one of four states when the systemd_units item is enabled or stopped, if the systemd_units item is set to absent all the items in the files list will be deleted, if the state of the item in the files list is not set then it defaults to present, the the four states are:
absent- the file will be deleted.edited- if the file exists it will be edited using the Ansible ini module, as long as there are no duplicates, if there are duplicates or the file doesn't exist it cannot be edited. Theeditedoption cannot remove variables however unlike thetemplatedoption, it preserves existing comments.present- if the file exists it will be edited using the Ansible ini module, as long as there are no duplicates, if there are duplicates or it doesn't exist it will be created using the templates/unit.j2 template,presentis the default state.templated- the file will be created if it does not exist or updated if it already exists using the templates/unit.j2 template.
Don't confuse the state of the items in the files list with the state of the systemd_unit.
The optional pkgs list of .deb packages for the systemd_units list item will be installed when the state is present and removed when absent.
The systemd_units list item state can be optionally set to one of three states, if it is not set it defaults to enabled:
absent, will result in the systemd unit being uninstalled, this means that the service will be stopped,.debpackages listed in thepkgslist will be removed and any files listed in thefilesarray will be deleted.enabled, will result in the systemd unit being being installed,enabledandstarted. If any unit files are changed when the role is run the systemd unit will berestarted.stopped, will result in the systemd unit being installed, but it will bestoppedand notenabled.
A optional systemd service name to be passed to systemd-analyze verify, the file extension is required.
A list of services that can be verified can be generated using:
systemctl list-unit-files | jc --systemctl-luf -pyIf verify is not defined and there is an existing service that has a name that matches the name, or the name with .service appended then tis service will be verified.
This role can be included in another role along these lines (this has been based on this gist):
- name: Include systemd role
ansible.builtin.include_role:
name: systemd
tasks_from: unit_present.yml
loop: "{{ docker_systemd_units }}"
loop_control:
loop_var: systemd_unit
label: "{{ systemd_unit.name }}"
vars:
docker_systemd_units:
- name: docker-compose
state: enabled
files:
- path: /etc/systemd/docker-compose.conf
conf:
DOCKER_COMPOSE_VERSION: native
- path: /etc/systemd/service/docker-compose.service
conf:
Unit:
Description: Docker Compose container starter
After: docker.service network-online.target
Requires: docker.service network-online.target
Service:
User: mailcow
Group: mailcow
EnvironmentFile: /etc/systemd/docker-compose.conf
WorkingDirectory: /opt/mailcow-dockerized
Type: oneshot
RemainAfterExit: "yes"
ExecStart: docker compose up -d
ExecStop: docker compose down
Install:
WantedBy: multi-user.targetYou can read existing systemd files as YAML on the command line using jc, for example:
cat /etc/systemd/timesyncd.conf | jc --ini -py---
Time:
NTP: 0.pool.ntp.org 1.pool.ntp.org 3.pool.ntp.org 2.pool.ntp.orgNote that the jc --ini parser doesn't support duplicate keys, however the --ini-dup parset that is due to be released in version 1.22.5 does, however it returms all values as a list, for example:
cat /etc/systemd/timesyncd.conf | jc --ini-dup -py---
Time:
NTP:
- 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.orgThis role requires Ansible 2.13 or newer, JC and JMESPath to be installed using pip3 on the Ansible controller.
The primary URL of this repo is https://git.coop/webarch/systemd however it is also mirrored to GitHub and available via Ansible Galaxy.
If you use this role please use a tagged release, see the release notes.
Copyright 2022-2024 Chris Croome, <chris@webarchitects.co.uk>.
This role is released under the same terms as Ansible itself, the GNU GPLv3.