ansible/akb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2021-11-10 15:51:37 +01:00
parent 6a4a07d564
commit fdb6f9cb47
9 changed files with 100 additions and 365 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/homedirs/DEFAULT/_profile.j2
View File

@ -46,7 +46,7 @@ export LANG="de_DE.utf8"
SERVER="{{ samba_server }}"
USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}'
VERSION="1.0"
#VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing
#

59
group_vars/all/main.yml
View File

@ -675,11 +675,13 @@ microcode_intel_package:
microcode_amd_package:
- amd64-microcode
firmware_packages:
- firmware-linux
- firmware-linux-free
firmware_packages_ubuntu:
- linux-firmware
firmware_non_free_packages:
firmware_packages_debian:
- firmware-linux
firmware_non_free_packages_debian:
- firmware-linux-nonfree
apt_install_state: latest
@ -1094,7 +1096,9 @@ nis_groups:
#nis_deleted_user:
remove_nis_users:
- name: frank
- name: anna
- name: birgit
- name: jonas
nis_user:
- name: chris
@ -1113,16 +1117,6 @@ nis_user:
3865353333373661390a643564386432643532396632323664383330646430613033643130626430
6139
- name: anna
groups:
- intern
- verwaltung
- transfer
- scans
- lpadmin
is_samba_user: true
password: 'an20na11'
- name: buero
groups:
- intern
@ -1161,16 +1155,6 @@ nis_user:
is_samba_user: true
password: '20jib15ran'
- name: jonas
groups:
- intern
- verwaltung
- transfer
- scans
- lpadmin
is_samba_user: true
password: '20jo11nas'
- name: julia
groups:
- verwaltung
@ -1223,13 +1207,6 @@ nis_user:
is_samba_user: true
password: '20_thomas/19-!'
- name: birgit
groups:
- verwaltung
- scans
is_samba_user: true
password: '20-birgit_20%'
- name: stefan
groups:
- verwaltung
@ -1313,7 +1290,6 @@ samba_shares:
vfs_object_recycle: true
recycle_path: '@Recycle.Bin'
user:
- anna
- buero
- chris
- jibran
@ -1334,10 +1310,7 @@ samba_shares:
vfs_object_recycle: true
recycle_path: '@Recycle.Bin'
user:
- anna
- jonas
- buero
- birgit
- chris
- jibran
- praktikum
@ -1357,9 +1330,7 @@ samba_shares:
vfs_object_recycle: true
recycle_path: '@Recycle.Bin'
user:
- anna
- buero
- birgit
- chris
- jibran
- praktikum
@ -1440,16 +1411,6 @@ samba_shares:
recycle_path: '@Recycle.Bin'
user:
- thomas
- name: Birgit_Scans
path: /data/samba/Scans/Birgit_Scans
group_valid_users: scans
group_write_list: scans
file_create_mask: '0660'
dir_create_mask: '2770'
vfs_object_recycle: true
recycle_path: '@Recycle.Bin'
user:
- birgit
- name: Stefan_Scans
path: /data/samba/Scans/Stefan_Scans
group_valid_users: scans
@ -1469,7 +1430,6 @@ samba_shares:
vfs_object_recycle: false
recycle_path: '@Recycle.Bin'
user:
- anna
- buero
- chris
- kamera
@ -1486,7 +1446,6 @@ samba_shares:
vfs_object_recycle: false
recycle_path: '@Recycle.Bin'
user:
- anna
- buero
- chris
- kamera

27
roles/common/tasks/apt.yml
View File

@ -65,7 +65,7 @@
name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}"
when:
- - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
- apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
tags:
@ -138,10 +138,11 @@
- name: (apt.yml) Install CPU microcode (debian buster/bullseye)
apt:
name: "{{ microcode_package }}"
name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
- ansible_facts['processor']|string is search("Intel")
@ -226,9 +227,21 @@
# Firmware
# ---
- name: (apt.yml) Install Firmware packages
- name: (apt.yml) Install Firmware packages (Ubuntu)
apt:
name: "{{ firmware_packages }}"
name: "{{ firmware_packages_ubuntu }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
tags:
- apt-initial-install
- apt-firmware
- name: (apt.yml) Install Firmware packages (Debian)
apt:
name: "{{ firmware_packages_debian }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
@ -238,14 +251,14 @@
- apt-firmware
- name: (apt.yml) Install non-free Firmware packages
- name: (apt.yml) Install non-free Firmware packages (Debian)
apt:
name: "{{ firmware_non_free_packages }}"
name: "{{ firmware_non_free_packages_debian }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian"
- apt_debian_contrib_nonfree_enable
tags:
- apt-initial-install
- apt-firmware

275
roles/common/tasks/apt.yml.NEW
View File

@ -1,275 +0,0 @@
---
- name: (apt.yml) update configuration file - /etc/apt/sources.list
template:
src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
dest: /etc/apt/sources.list
owner: root
group: root
mode: 0644
register: apt_config_updated
when: apt_manage_sources_list|bool
tags:
- apt-configuration
- name: (apt.yml) apt update
apt:
update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: apt_update|bool
tags:
- apt-update
- apt-upgrade
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) dpkg --configure
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) apt upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
tags:
- apt-upgrade
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) Initial install debian packages (stretch)
apt:
name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}"
when:
- - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (buster)
apt:
name: "{{ apt_initial_install_buster }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_buster is defined and apt_initial_install_buster|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (bullseye)
apt:
name: "{{ apt_initial_install_bullseye }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (bionic)
apt:
name: "{{ apt_initial_install_bionic }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (xenial)
apt:
name: "{{ apt_initial_install_xenial }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
tags:
- apt-initial-install
- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (debian buster/bullseye)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (ubuntu bionic)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (ubuntu xenial)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install lxc_host related packages
apt:
name: "{{ apt_lxc_host_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_lxc_host_pkgs|bool
tags:
- apt-lxc-hosts-pkgs
- name: (apt.yml) Install compiler related packages
apt:
name: "{{ apt_compiler_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_compiler_pkgs|bool
tags:
- apt-compiler-pkgs
- name: (apt.yml) Install postgresql_server related packages
apt:
name: "{{ apt_postgresql_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_postgresql_pkgs|bool
tags:
- apt-postgresql-server-pkgs
- name: (apt.yml) Install webserver related packages
apt:
name: "{{ apt_webserver_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_webserver_pkgs|bool
tags:
- apt-webserver-pkgs
- name: (apt.yml) Install extra packages
apt:
name: "{{ apt_extra_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_extra_pkgs|bool
tags:
- apt-extra-pkgs
- name: (apt.yml) Remove unwanted packages
apt:
name: "{{ apt_remove }}"
state: absent
purge: "{{ apt_remove_purge }}"
tags:
- apt-remove
- name: (apt.yml) autoremove
apt:
autoremove: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_autoremove|bool
tags:
- apt-autoremove
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) clean
command: apt-get -y clean
args:
warn: false
changed_when: false
when: apt_clean|bool
tags:
- apt-clean
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-mysql-server-pkgs
- apt-webserver-pkgs
# Fix error if install/update of repository mysql-/mariadb-client breaks
# link '/etc/mysql/my.cnf' in case mysql/mariadb was installed from source
#
- name: (apt.yml) Check if file '/usr/local/mysql/etc/my.cnf' exists
stat:
path: /usr/local/mysql/etc/my.cnf
register: usr_local_mysql_etc_my_cnf
when: groups['mysql_server']|string is search(inventory_hostname) or
groups['apache2_webserver']|string is search(inventory_hostname) or
groups['nextcloud_server']|string is search(inventory_hostname)
tags:
- apt-webserver-pkgs
- apt-mysql-server-pkgs
- check_mysql_cnf
#- name: debug
# debug:
# msg:
# - usr_local_mysql_etc_my_cnf.stst.exists = {{ usr_local_mysql_etc_my_cnf.stat.exists }}
# - "Variable usr_local_mysql_etc_my_cnf: {{ usr_local_mysql_etc_my_cnf }}"
# tags:
# - check_mysql_cnf
- name: (apt.yml) Create a symbolic link /etc/my.cnf -> /usr/local/mysql/etc/my.cnf
file:
src: /usr/local/mysql/etc/my.cnf
dest: /etc/mysql/my.cnf
owner: root
group: root
state: link
when:
- (groups['mysql_server']|string is search(inventory_hostname) or
groups['apache2_webserver']|string is search(inventory_hostname) or
groups['nextcloud_server']|string is search(inventory_hostname))
- usr_local_mysql_etc_my_cnf.stat.exists
tags:
- apt-webserver-pkgs
- apt-mysql-server-pkgs
- check_mysql_cnf

7
roles/common/tasks/main.yml
View File

@ -101,6 +101,13 @@
- samba-remove-user
# tags supported inside system-remove-user.yml:
#
- import_tasks: system-remove-user.yml
tags:
- system-remove-user
# tags supported inside system-user.yml:
#
# system-user

54
roles/common/tasks/nis-user.yml
View File

@ -1,32 +1,32 @@
---
# ---
# - Remove unwanted users
# ---
- name: (nis_user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (nis_user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
## # ---
## # - Remove unwanted users
## # ---
##
## - name: (nis_user.yml) Remove (old) users from system
## user:
## name: '{{ item.name }}'
## state: absent
## with_items:
## - "{{ remove_nis_users }}"
## loop_control:
## label: '{{ item.name }}'
## tags:
## - nis-user
## - system-user
##
## - name: (nis_user.yml) Remove home directory from deleted users
## file:
## path: '{{ nis_base_home }}/{{ item.name }}'
## state: absent
## with_items:
## - "{{ remove_nis_users }}"
## loop_control:
## label: '{{ item.name }}'
## tags:
## - nis-user
## - system-user
# ---
# - default user/groups

6
roles/common/tasks/samba-remove-user.yml
View File

@ -36,7 +36,7 @@
register: samba_remove_nis_users_present
changed_when: "samba_remove_nis_users_present.rc == 0"
failed_when: "samba_remove_nis_users_present.rc > 1"
with_items:
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
@ -47,11 +47,11 @@
- name: (samba-remove-user.yml) Remove (old) nis users from samba
shell: >
smbpasswd -s -x {{ item.item.name }}
with_items:
with_items:
- "{{ samba_remove_nis_users_present.results }}"
loop_control:
label: '{{ item.item.name }}'
when:
when:
- item.changed
tags:
- samba-user

29
roles/common/tasks/system-remove-user.yml Normal file
View File

@ -0,0 +1,29 @@
---
# ---
# - Remove unwanted users
# ---
- name: (system-remove-user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (system-remove-user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user

6
roles/common/tasks/ubuntu-x11vnc-2004-amd64.yml
View File

@ -45,8 +45,10 @@
- name: "(ubuntu-x11vnc-2004-amd64.yml) Set permissions on /etc/x11vnc.pass"
file:
path: "/etc/x11vnc.pass"
mode: 0644
path: /etc/x11vnc.pass
owner: root
group: root
mode: 0644
- name: "(ubuntu-x11vnc-2004-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"
template: