Update..

2020-09-26 13:47:54 +02:00
parent f78a7f3565
commit 52858bf02c
17 changed files with 2100 additions and 1021 deletions
--- a/roles/common/tasks/basic.yml
+++ b/roles/common/tasks/basic.yml
@ -21,6 +21,8 @@
    owner: root
    group: root
    state: link
+  when:
+    - "groups['file_server']|string is search(inventory_hostname)"
  tags:
    - symlink-sh

@ -43,3 +45,28 @@
    - etc_systemd_system_conf.stat.exists == true
  tags:
    - systemd-nofiles
+
+
+- name: (basic.yml) Check file '/etc/security/limits.conf.ORIG' exists
+  stat:
+    path: /etc/security/limits.conf.ORIG
+  register: etc_security_limits_conf_ORIG
+  tags:
+    - limits-conf
+
+- name: (basic.yml) Backup installation version of file '/etc/security/limits.conf'
+  command: cp -a /etc/security/limits.conf /etc/security/limits.conf.ORIG
+  when: etc_security_limits_conf_ORIG.stat.exists == False
+  tags:
+    - limits-conf
+
+- name: (basic.yml) Create new sshd_config from template limits.conf.j2
+  template:
+    src: etc/security/limits.conf.j2
+    dest: /etc/security/limits.conf
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+    - limits-conf
+
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -10,6 +10,13 @@
    - basic


+# tags supported inside sshd.yml
+#
+#    sshd-config
+- import_tasks: sshd.yml
+  tags: sshd
+
+
 # tags supported inside apt.yml
 #
 #   apt-update
--- a/roles/common/tasks/nis-install-server.yml
+++ b/roles/common/tasks/nis-install-server.yml
@ -134,13 +134,13 @@

 - name: (nis-install-server.yml) Ensure directoriy 'nis_base_home' (usually /data/home) exists
  file:
-    path: '{{  nis_base_home}}'
+    path: '{{ nis_base_home }}'
    owner: root
    group: root
    mode: '0755'
    state: directory
  when:
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - "groups['nis_server']|string is search(inventory_hostname)"
  tags:
    - nis-install
    - nis-install-server
--- a/roles/common/tasks/samba-install.yml
+++ b/roles/common/tasks/samba-install.yml
@ -35,6 +35,22 @@
    - samba-server


+- name: (samba-install.yml) Ensure file /etc/samba/users.map exists
+  copy:
+    src: "{{ role_path + '/files//etc/samba/users.map' }}"
+    dest: /etc/samba/users.map
+    owner: root
+    group: root
+    mode: 0644
+  when:
+    - "groups['samba_server']|string is search(inventory_hostname)"
+  notify:
+    - Restart smbd
+    - Restart nmbd
+  tags:
+    - samba-server
+
+
 - name: (samba-install.yml) /etc/samba/smb.conf
  template:
    dest: /etc/samba/smb.conf
--- a/roles/common/tasks/sshd.yml
+++ b/roles/common/tasks/sshd.yml
@ -0,0 +1,28 @@
+---
+
+- name: (sshd.yml) Check file '/etc/ssh/sshd_config.ORIG' exists
+  stat:
+    path: /etc/ssh/sshd_config.ORIG
+  register: etc_sshd_sshd_config_ORIG
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Backup installation version of file '/etc/ssh/sshd_config'
+  command: cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIG
+  when: etc_sshd_sshd_config_ORIG.stat.exists == False
+  tags:
+    - sshd-config
+
+- name: (sshd.yml) Create new sshd_config from template sshd_config.j2
+  template:
+    src: etc/ssh/sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: 0644
+    validate: 'sshd -f %s -T'
+    #backup: yes
+  notify: "Restart ssh"
+  tags:
+    - sshd-config
+