ansible/akb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update..

Browse Source
This commit is contained in:
Christoph 2020-09-24 02:52:12 +02:00
parent 5b0db5da59
commit 0d2b61b611
13 changed files with 2001 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible.cfg
View File

@ -24,7 +24,7 @@ ansible_managed = ############################################ #
#forks = 20 #forks = 20
inventory = ./hosts inventory = ./hosts
remote_user = root remote_user = root
ask_pass=True #ask_pass=True
roles_path = ./roles roles_path = ./roles
vault_password_file = akb_the_vault.sh vault_password_file = akb_the_vault.sh
#retry_files_enabled = False #retry_files_enabled = False

528
group_vars/all/main.yml
View File

@ -1,5 +1,531 @@
--- ---
# ---
# vars used by roles/common/tasks/apt.yml
# ---
apt_manage_sources_list: true
apt_src_enable: true
apt_backports_enable: true
apt_debian_mirror: http://ftp.de.debian.org/debian/
apt_debian_contrib_nonfree_enable: true
# Ubuntu mirror
apt_ubuntu_mirror: http://archive.ubuntu.com/ubuntu
apt_update_cache_valid_time: 3600
apt_upgrade: true
apt_update: true
apt_clean: true
apt_autoremove: true
apt_dpkg_configure: true
apt_upgrade_type: dist
apt_upgrade_dpkg_options:
- force-confdef
- force-confold
apt_initial_install_stretch:
- apt-transport-https
- dbus
- openssh-server
- rssh
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- exuberant-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- realpath
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.24
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man-db
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
apt_initial_install_buster:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.28
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
apt_initial_install_xenial:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.22
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- ifupdown
- socat
apt_initial_install_bionic:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- bc
- figlet
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.26
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline5
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- ifupdown
- socat
microcode_package:
- intel-microcode
- amd64-microcode
apt_install_state: latest
apt_remove:
- apt-transport-tor
- tor
- tor-geoipdb
- torsocks
- netplan.io
apt_remove_purge: false
# ---
# Samba
# ---
apt_install_server_samba:
- samba
apt_install_client_samba:
- samba-client
- samba-common
# ---
# CUPS
# ---
apt_install_server_cups_buster:
- cups
apt_install_client_cups:
- cups
- cups-client
- cups-common
- cups-ppdc
- cups-bsd
- cups-filters-ippusbxd
- lsb-printing
- hpijs-ppds
- printer-driver-hpcups
# --- # ---
# NFS # NFS
# --- # ---
@ -12,7 +538,7 @@ nfs_server: 192.168.82.10
nfs_exports: nfs_exports:
- src: 192.168.82.10:/data/home - src: 192.168.82.10:/data/home
path: /data/home path: /data/home
mount_opts: users,rsize=8192,wsize=8192,hard,intr mount_opts: user,exec,rsize=8192,wsize=8192,hard,intr
export_opt: rw,fsid=0,root_squash,sync,subtree_check export_opt: rw,fsid=0,root_squash,sync,subtree_check
export_networks: export_networks:
- 192.168.82.0/24 - 192.168.82.0/24

15
hosts
View File

@ -7,7 +7,8 @@ ab5.akb.netz
ab7.akb.netz ab7.akb.netz
ab8.akb.netz ab8.akb.netz
ab9.akb.netz ab9.akb.netz
file-akb.akb.netz file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root
[client_pc] [client_pc]
ab1.akb.netz ab1.akb.netz
@ -37,13 +38,17 @@ ab8.akb.netz
ab9.akb.netz ab9.akb.netz
[file_server] [file_server]
file-akb.akb.netz file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root
[nfs_server] [nfs_server]
file-akb.akb.netz file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root
[nis_server] [nis_server]
file-akb.akb.netz file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root
[samba_server] [samba_server]
file-akb.akb.netz file-akb.akb.netz ansible_user=root
192.168.82.20 ansible_user=root

12
roles/common/handlers/main.yml
View File

@ -24,3 +24,15 @@
name: rpcbind name: rpcbind
daemon_reload: yes daemon_reload: yes
state: restarted state: restarted
- name: Restart smbd
service:
name: smbd
daemon_reload: yes
state: restarted
- name: Restart nmbd
service:
name: nmbd
daemon_reload: yes
state: restarted

183
roles/common/tasks/apt.yml Normal file
View File

@ -0,0 +1,183 @@
---
- name: (apt.yml) update configuration file - /etc/apt/sources.list
template:
src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
dest: /etc/apt/sources.list
owner: root
group: root
mode: 0644
register: apt_config_updated
when:
- ansible_facts['distribution'] == "Debian"
- apt_manage_sources_list|bool
tags:
- apt-configuration
- name: (apt.yml) apt update
apt:
update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: apt_update|bool
tags:
- apt-update
- apt-upgrade
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) dpkg --configure
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) apt upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
tags:
- apt-upgrade
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) Initial install debian packages (stretch)
apt:
name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (buster)
apt:
name: "{{ apt_initial_install_buster }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (bionic)
apt:
name: "{{ apt_initial_install_bionic }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (xenial)
apt:
name: "{{ apt_initial_install_xenial }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
tags:
- apt-initial-install
- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (debian buster)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (ubuntu bionic)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (ubuntu xenial)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Remove unwanted packages
apt:
name: "{{ apt_remove }}"
state: absent
purge: "{{ apt_remove_purge }}"
tags:
- apt-remove
- name: (apt.yml) autoremove
apt:
autoremove: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_autoremove|bool
tags:
- apt-autoremove
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) clean
command: apt-get -y clean
args:
warn: false
changed_when: false
when: apt_clean|bool
tags:
- apt-clean
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-mysql-server-pkgs
- apt-webserver-pkgs

45
roles/common/tasks/basic.yml Normal file
View File

@ -0,0 +1,45 @@
---
- name: (basic.yml) Ensure timezone is is correct
timezone: name={{ time_zone }}
tags:
- timezone
- name: (basic.yml) Ensure locales are present
locale_gen:
name: "{{ item }}"
state: present
with_items: "{{ locales }}"
tags:
- locales
- name: (basic.yml) Create a symbolic link /bin/sh -> bash
file:
src: bash
dest: /bin/sh
owner: root
group: root
state: link
tags:
- symlink-sh
- name: (basic.yml) Check file '/etc/systemd/system.conf' exists
stat:
path: /etc/systemd/system
register: etc_systemd_system_conf
when:
- set_default_limit_nofile|bool == true
- name: (basic.yml) Change DefaultLimitNOFILE to 1048576
lineinfile:
dest: /etc/systemd/system.conf
state: present
regexp: '^DefaultLimitNOFILE'
line: 'DefaultLimitNOFILE=1048576'
insertafter: '^#DefaultLimitNOFILE'
when:
- set_default_limit_nofile|bool == true
- etc_systemd_system_conf.stat.exists == true
tags:
- systemd-nofiles

32
roles/common/tasks/cups-install.yml Normal file
View File

@ -0,0 +1,32 @@
---
# ---
# Cups Server
# ---
- name: (cups-install.yml) Ensure CUPS packages server (buster) are installed.
package:
pkg: '{{ apt_install_server_cups_buster }}'
state: present
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
tags:
- cups-server
# ---
# Cups clients
# ---
- name: (cups.yml) Ensure CUPS packages clients are installed.
package:
pkg: "{{ apt_install_client_cups }}"
state: present
when:
- ansible_distribution_version == "18.04"
- ansible_architecture == "x86_64"
tags:
- cups-client

39
roles/common/tasks/main.yml
View File

@ -1,5 +1,44 @@
--- ---
# tags supported inside basic.yml
#
# timezone
# locales
# systemd-nofiles
- import_tasks: basic.yml
tags:
- basic
# tags supported inside apt.yml
#
# apt-update
# apt-upgrade
# apt-dpkg-configure
# apt-initial-install
# apt-microcode
# apt-remove
# apt-autoremove
# apt-clean
- import_tasks: apt.yml
tags: apt
# tags supported inside cups-install.yml:
#
# cups-server
# cups-client
- import_tasks: cups-install.yml
tags:
- cups
# tags supported inside samba-install.yml:
#
# samba-server
# samba-client
- import_tasks: samba-install.yml
tags:
- samba
# tags supported inside nfs.yml: # tags supported inside nfs.yml:
# #

121
roles/common/tasks/nis_samba_user.yml
View File

@ -1,121 +0,0 @@
---
# ---
# - Remove unwanted users
# ---
- name: (nis_samba_user.yml) Check if samba user exists for removable nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_deleted_user_present
changed_when: "samba_deleted_user_present.rc == 0"
failed_when: "samba_deleted_user_present.rc > 1"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (nis_samba_user.yml) Remove (old) users from samba
shell: "smbpasswd -s -x {{ item.name }}"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
when: samba_deleted_user_present is changed
tags:
- samba-user
- name: (nis_samba_user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (nis_samba_user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
# ---
# - default user/groups
# ---
- name: (nis_samba_user.yml) Ensure nis groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
loop: "{{ nis_groups }}"
loop_control:
label: '{{ item.name }}'
when: item.group_id is defined
notify: Renew nis databases
tags:
- nis-user
- system-user
#- meta: end_host
- name: (nis_samba_user.yml) Ensure nis users exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
#group: '{{ item.0.name | default(omit) }}'
groups: "{{ item.groups|join(', ') }}"
home: '{{ nis_base_home }}/{{ item.name }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password | password_hash('sha512') }}"
update_password: on_create
append: yes
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
notify: Renew nis databases
tags:
- nis-user
- system-user
- name: (nis_samba_user.yml) Check if samba user exists for nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_nis_user_present
changed_when: "samba_nis_user_present.rc > 0"
failed_when: "samba_nis_user_present.rc > 1"
with_items:
- "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- samba-user
- name: (nis_samba_user.yml) Add nis user to samba (with nis users password)
shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
- samba_nis_user_present is changed
notify: Renew nis databases
tags:
- samba-user

68
roles/common/tasks/samba-install.yml Normal file
View File

@ -0,0 +1,68 @@
---
# ---
# Samba Server
# ---
- name: (samba-install.yml) Ensure samba packages server (buster) are installed.
package:
pkg: '{{ apt_install_server_samba }}'
state: present
when:
- "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-server
# ---
# /etc/samba/smb.conf
# ---
- name: (samba-install.yml) Check if file '/etc/samba/smb.conf.ORIG exists'
stat:
path: /etc/samba/smb.conf.ORIG
register: smb_conf_exists
when:
- "groups['samba_server']|string is search(inventory_hostname)"
tags:
- samba-server
- name: (samba-install.yml) Backup existing file /etc/samba/smb.conf
command: cp -a /etc/samba/smb.conf /etc/samba/smb.conf.ORIG
when:
- "groups['samba_server']|string is search(inventory_hostname)"
- smb_conf_exists.stat.exists == False
tags:
- samba-server
- name: (samba-install.yml) /etc/samba/smb.conf
template:
dest: /etc/samba/smb.conf
src: etc/samba/smb.conf.j2
owner: root
group: root
mode: 0644
notify:
- Restart smbd
- Restart nmbd
tags:
- samba-server
# ---
# Samba clients
# ---
- name: (samba-install.yml) Ensure samba packages clients are installed.
package:
pkg: "{{ apt_install_client_samba }}"
state: present
when:
- "groups['nis_client']|string is search(inventory_hostname)"
- ansible_distribution == "Ubuntu"
tags:
- samba-client

18
roles/common/tasks/samba_user.yml
View File

@ -35,10 +35,9 @@
- name: (samba_user.yml) Check if samba user exists for nis user - name: (samba_user.yml) Check if samba user exists for nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}' shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_nis_user_present register: samba_nis_user_present
changed_when: "samba_nis_user_present.rc > 0" changed_when: "samba_nis_user_present.rc == 1"
failed_when: "samba_nis_user_present.rc > 1" failed_when: "samba_nis_user_present.rc > 1"
with_items: loop: "{{ nis_user }}"
- "{{ nis_user }}"
loop_control: loop_control:
label: '{{ item.name }}' label: '{{ item.name }}'
when: when:
@ -47,14 +46,13 @@
- samba-user - samba-user
- name: (samba_user.yml) Add nis user to samba (with nis users password) - name: (samba_user.yml) Add nis user to samba (with nis users password)
shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}" shell: >
loop: "{{ nis_user }}" (echo '{{ item.item.password }}'; echo '{{ item.item.password }}')
| smbpasswd -s -a {{ item.item.name }}
loop: "{{ samba_nis_user_present.results }}"
when: item.changed
loop_control: loop_control:
label: '{{ item.name }}' label: '{{ item.item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
- samba_nis_user_present is changed
notify: Renew nis databases
tags: tags:
- samba-user - samba-user

28
roles/common/templates/etc/apt/sources.list.Debian.j2 Normal file
View File

@ -0,0 +1,28 @@
# {{ ansible_managed }}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
{{ '# ' if not apt_src_enable else '' }}deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main
# {{ ansible_lsb.codename }}-updates, previously known as 'volatile'
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
# Contrib packages contain DFSG-compliant software,
# but have dependencies not in main (possibly packaged for Debian in non-free).
# Non-free contains software that does not comply with the DFSG.
{% if apt_debian_contrib_nonfree_enable %}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
{% endif %}
# # N.B. software from this repository may not have been tested as
# # extensively as that contained in the main release, although it includes
# # newer versions of some applications which may provide useful features.
{% if apt_backports_enable %}
deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
{% endif %}

1048
roles/common/templates/etc/samba/smb.conf.j2 Normal file
View File

File diff suppressed because it is too large Load Diff