ansible/akb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2021-11-10 15:51:37 +01:00
parent 6a4a07d564
commit fdb6f9cb47
9 changed files with 100 additions and 365 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
files/homedirs/DEFAULT/_profile.j2
View File

@ -46,7 +46,7 @@ export LANG="de_DE.utf8"
SERVER="{{ samba_server }}" SERVER="{{ samba_server }}"
USER="{{ item.item.name }}" USER="{{ item.item.name }}"
PASSWORD='{{ item.item.password }}' PASSWORD='{{ item.item.password }}'
VERSION="1.0" #VERSION="1.0"
# Use NTLMv2 password hashing and force packet signing # Use NTLMv2 password hashing and force packet signing
# #

59
group_vars/all/main.yml
View File

@ -675,11 +675,13 @@ microcode_intel_package:
microcode_amd_package: microcode_amd_package:
- amd64-microcode - amd64-microcode
firmware_packages: firmware_packages_ubuntu:
- firmware-linux - linux-firmware
- firmware-linux-free
firmware_non_free_packages: firmware_packages_debian:
- firmware-linux
firmware_non_free_packages_debian:
- firmware-linux-nonfree - firmware-linux-nonfree
apt_install_state: latest apt_install_state: latest
@ -1094,7 +1096,9 @@ nis_groups:
#nis_deleted_user: #nis_deleted_user:
remove_nis_users: remove_nis_users:
- name: frank - name: anna
- name: birgit
- name: jonas
nis_user: nis_user:
- name: chris - name: chris
@ -1113,16 +1117,6 @@ nis_user:
3865353333373661390a643564386432643532396632323664383330646430613033643130626430 3865353333373661390a643564386432643532396632323664383330646430613033643130626430
6139 6139
- name: anna
groups:
- intern
- verwaltung
- transfer
- scans
- lpadmin
is_samba_user: true
password: 'an20na11'
- name: buero - name: buero
groups: groups:
- intern - intern
@ -1161,16 +1155,6 @@ nis_user:
is_samba_user: true is_samba_user: true
password: '20jib15ran' password: '20jib15ran'
- name: jonas
groups:
- intern
- verwaltung
- transfer
- scans
- lpadmin
is_samba_user: true
password: '20jo11nas'
- name: julia - name: julia
groups: groups:
- verwaltung - verwaltung
@ -1223,13 +1207,6 @@ nis_user:
is_samba_user: true is_samba_user: true
password: '20_thomas/19-!' password: '20_thomas/19-!'
- name: birgit
groups:
- verwaltung
- scans
is_samba_user: true
password: '20-birgit_20%'
- name: stefan - name: stefan
groups: groups:
- verwaltung - verwaltung
@ -1313,7 +1290,6 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle.Bin' recycle_path: '@Recycle.Bin'
user: user:
- anna
- buero - buero
- chris - chris
- jibran - jibran
@ -1334,10 +1310,7 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle.Bin' recycle_path: '@Recycle.Bin'
user: user:
- anna
- jonas
- buero - buero
- birgit
- chris - chris
- jibran - jibran
- praktikum - praktikum
@ -1357,9 +1330,7 @@ samba_shares:
vfs_object_recycle: true vfs_object_recycle: true
recycle_path: '@Recycle.Bin' recycle_path: '@Recycle.Bin'
user: user:
- anna
- buero - buero
- birgit
- chris - chris
- jibran - jibran
- praktikum - praktikum
@ -1440,16 +1411,6 @@ samba_shares:
recycle_path: '@Recycle.Bin' recycle_path: '@Recycle.Bin'
user: user:
- thomas - thomas
- name: Birgit_Scans
path: /data/samba/Scans/Birgit_Scans
group_valid_users: scans
group_write_list: scans
file_create_mask: '0660'
dir_create_mask: '2770'
vfs_object_recycle: true
recycle_path: '@Recycle.Bin'
user:
- birgit
- name: Stefan_Scans - name: Stefan_Scans
path: /data/samba/Scans/Stefan_Scans path: /data/samba/Scans/Stefan_Scans
group_valid_users: scans group_valid_users: scans
@ -1469,7 +1430,6 @@ samba_shares:
vfs_object_recycle: false vfs_object_recycle: false
recycle_path: '@Recycle.Bin' recycle_path: '@Recycle.Bin'
user: user:
- anna
- buero - buero
- chris - chris
- kamera - kamera
@ -1486,7 +1446,6 @@ samba_shares:
vfs_object_recycle: false vfs_object_recycle: false
recycle_path: '@Recycle.Bin' recycle_path: '@Recycle.Bin'
user: user:
- anna
- buero - buero
- chris - chris
- kamera - kamera

27
roles/common/tasks/apt.yml
View File

@ -65,7 +65,7 @@
name: "{{ apt_initial_install_stretch }}" name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}" state: "{{ apt_install_state }}"
when: when:
- - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0 - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
- ansible_facts['distribution'] == "Debian" - ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9" - ansible_facts['distribution_major_version'] == "9"
tags: tags:
@ -138,10 +138,11 @@
- name: (apt.yml) Install CPU microcode (debian buster/bullseye) - name: (apt.yml) Install CPU microcode (debian buster/bullseye)
apt: apt:
name: "{{ microcode_package }}" name: "{{ microcode_intel_package }}"
state: present state: present
default_release: "{{ ansible_distribution_release }}" default_release: "{{ ansible_distribution_release }}"
when: when:
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian" - ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11" - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
- ansible_facts['processor']|string is search("Intel") - ansible_facts['processor']|string is search("Intel")
@ -226,9 +227,21 @@
# Firmware # Firmware
# --- # ---
- name: (apt.yml) Install Firmware packages - name: (apt.yml) Install Firmware packages (Ubuntu)
apt: apt:
name: "{{ firmware_packages }}" name: "{{ firmware_packages_ubuntu }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
tags:
- apt-initial-install
- apt-firmware
- name: (apt.yml) Install Firmware packages (Debian)
apt:
name: "{{ firmware_packages_debian }}"
state: present state: present
default_release: "{{ ansible_distribution_release }}" default_release: "{{ ansible_distribution_release }}"
when: when:
@ -238,14 +251,14 @@
- apt-firmware - apt-firmware
- name: (apt.yml) Install non-free Firmware packages - name: (apt.yml) Install non-free Firmware packages (Debian)
apt: apt:
name: "{{ firmware_non_free_packages }}" name: "{{ firmware_non_free_packages_debian }}"
state: present state: present
default_release: "{{ ansible_distribution_release }}" default_release: "{{ ansible_distribution_release }}"
when: when:
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian" - ansible_facts['distribution'] == "Debian"
- apt_debian_contrib_nonfree_enable
tags: tags:
- apt-initial-install - apt-initial-install
- apt-firmware - apt-firmware

275
roles/common/tasks/apt.yml.NEW
View File

@ -1,275 +0,0 @@
---
- name: (apt.yml) update configuration file - /etc/apt/sources.list
template:
src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
dest: /etc/apt/sources.list
owner: root
group: root
mode: 0644
register: apt_config_updated
when: apt_manage_sources_list|bool
tags:
- apt-configuration
- name: (apt.yml) apt update
apt:
update_cache: true
cache_valid_time: "{{ 0 if apt_config_updated is defined and apt_config_updated.changed else apt_update_cache_valid_time }}"
when: apt_update|bool
tags:
- apt-update
- apt-upgrade
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) dpkg --configure
command: >
dpkg --configure -a
args:
warn: false
changed_when: _dpkg_configure.stdout_lines | length
register: _dpkg_configure
when: apt_dpkg_configure|bool
tags:
- apt-dpkg-configure
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) apt upgrade
apt:
upgrade: "{{ apt_upgrade_type }}"
update_cache: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_upgrade|bool
tags:
- apt-upgrade
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) Initial install debian packages (stretch)
apt:
name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}"
when:
- - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (buster)
apt:
name: "{{ apt_initial_install_buster }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_buster is defined and apt_initial_install_buster|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (bullseye)
apt:
name: "{{ apt_initial_install_bullseye }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (bionic)
apt:
name: "{{ apt_initial_install_bionic }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (xenial)
apt:
name: "{{ apt_initial_install_xenial }}"
state: "{{ apt_install_state }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
tags:
- apt-initial-install
- name: (apt.yml) Ensure we have CPU microcode from backports (debian stretch)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (debian buster/bullseye)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (ubuntu bionic)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode (ubuntu xenial)
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install lxc_host related packages
apt:
name: "{{ apt_lxc_host_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_lxc_host_pkgs|bool
tags:
- apt-lxc-hosts-pkgs
- name: (apt.yml) Install compiler related packages
apt:
name: "{{ apt_compiler_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_compiler_pkgs|bool
tags:
- apt-compiler-pkgs
- name: (apt.yml) Install postgresql_server related packages
apt:
name: "{{ apt_postgresql_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_postgresql_pkgs|bool
tags:
- apt-postgresql-server-pkgs
- name: (apt.yml) Install webserver related packages
apt:
name: "{{ apt_webserver_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_webserver_pkgs|bool
tags:
- apt-webserver-pkgs
- name: (apt.yml) Install extra packages
apt:
name: "{{ apt_extra_pkgs }}"
state: "{{ apt_install_state }}"
when: apt_install_extra_pkgs|bool
tags:
- apt-extra-pkgs
- name: (apt.yml) Remove unwanted packages
apt:
name: "{{ apt_remove }}"
state: absent
purge: "{{ apt_remove_purge }}"
tags:
- apt-remove
- name: (apt.yml) autoremove
apt:
autoremove: true
dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
when: apt_autoremove|bool
tags:
- apt-autoremove
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-webserver-pkgs
- name: (apt.yml) clean
command: apt-get -y clean
args:
warn: false
changed_when: false
when: apt_clean|bool
tags:
- apt-clean
- apt-initial-install
- apt-microcode
- apt-compiler-pkgs
- apt-mysql-server-pkgs
- apt-webserver-pkgs
# Fix error if install/update of repository mysql-/mariadb-client breaks
# link '/etc/mysql/my.cnf' in case mysql/mariadb was installed from source
#
- name: (apt.yml) Check if file '/usr/local/mysql/etc/my.cnf' exists
stat:
path: /usr/local/mysql/etc/my.cnf
register: usr_local_mysql_etc_my_cnf
when: groups['mysql_server']|string is search(inventory_hostname) or
groups['apache2_webserver']|string is search(inventory_hostname) or
groups['nextcloud_server']|string is search(inventory_hostname)
tags:
- apt-webserver-pkgs
- apt-mysql-server-pkgs
- check_mysql_cnf
#- name: debug
# debug:
# msg:
# - usr_local_mysql_etc_my_cnf.stst.exists = {{ usr_local_mysql_etc_my_cnf.stat.exists }}
# - "Variable usr_local_mysql_etc_my_cnf: {{ usr_local_mysql_etc_my_cnf }}"
# tags:
# - check_mysql_cnf
- name: (apt.yml) Create a symbolic link /etc/my.cnf -> /usr/local/mysql/etc/my.cnf
file:
src: /usr/local/mysql/etc/my.cnf
dest: /etc/mysql/my.cnf
owner: root
group: root
state: link
when:
- (groups['mysql_server']|string is search(inventory_hostname) or
groups['apache2_webserver']|string is search(inventory_hostname) or
groups['nextcloud_server']|string is search(inventory_hostname))
- usr_local_mysql_etc_my_cnf.stat.exists
tags:
- apt-webserver-pkgs
- apt-mysql-server-pkgs
- check_mysql_cnf

7
roles/common/tasks/main.yml
View File

@ -101,6 +101,13 @@
- samba-remove-user - samba-remove-user
# tags supported inside system-remove-user.yml:
#
- import_tasks: system-remove-user.yml
tags:
- system-remove-user
# tags supported inside system-user.yml: # tags supported inside system-user.yml:
# #
# system-user # system-user

54
roles/common/tasks/nis-user.yml
View File

@ -1,32 +1,32 @@
--- ---
# --- ## # ---
# - Remove unwanted users ## # - Remove unwanted users
# --- ## # ---
##
- name: (nis_user.yml) Remove (old) users from system ## - name: (nis_user.yml) Remove (old) users from system
user: ## user:
name: '{{ item.name }}' ## name: '{{ item.name }}'
state: absent ## state: absent
with_items: ## with_items:
- "{{ remove_nis_users }}" ## - "{{ remove_nis_users }}"
loop_control: ## loop_control:
label: '{{ item.name }}' ## label: '{{ item.name }}'
tags: ## tags:
- nis-user ## - nis-user
- system-user ## - system-user
##
- name: (nis_user.yml) Remove home directory from deleted users ## - name: (nis_user.yml) Remove home directory from deleted users
file: ## file:
path: '{{ nis_base_home }}/{{ item.name }}' ## path: '{{ nis_base_home }}/{{ item.name }}'
state: absent ## state: absent
with_items: ## with_items:
- "{{ remove_nis_users }}" ## - "{{ remove_nis_users }}"
loop_control: ## loop_control:
label: '{{ item.name }}' ## label: '{{ item.name }}'
tags: ## tags:
- nis-user ## - nis-user
- system-user ## - system-user
# --- # ---
# - default user/groups # - default user/groups

6
roles/common/tasks/samba-remove-user.yml
View File

@ -36,7 +36,7 @@
register: samba_remove_nis_users_present register: samba_remove_nis_users_present
changed_when: "samba_remove_nis_users_present.rc == 0" changed_when: "samba_remove_nis_users_present.rc == 0"
failed_when: "samba_remove_nis_users_present.rc > 1" failed_when: "samba_remove_nis_users_present.rc > 1"
with_items: with_items:
- "{{ remove_nis_users }}" - "{{ remove_nis_users }}"
loop_control: loop_control:
label: '{{ item.name }}' label: '{{ item.name }}'
@ -47,11 +47,11 @@
- name: (samba-remove-user.yml) Remove (old) nis users from samba - name: (samba-remove-user.yml) Remove (old) nis users from samba
shell: > shell: >
smbpasswd -s -x {{ item.item.name }} smbpasswd -s -x {{ item.item.name }}
with_items: with_items:
- "{{ samba_remove_nis_users_present.results }}" - "{{ samba_remove_nis_users_present.results }}"
loop_control: loop_control:
label: '{{ item.item.name }}' label: '{{ item.item.name }}'
when: when:
- item.changed - item.changed
tags: tags:
- samba-user - samba-user

29
roles/common/tasks/system-remove-user.yml Normal file
View File

@ -0,0 +1,29 @@
---
# ---
# - Remove unwanted users
# ---
- name: (system-remove-user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (system-remove-user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user

6
roles/common/tasks/ubuntu-x11vnc-2004-amd64.yml
View File

@ -45,8 +45,10 @@
- name: "(ubuntu-x11vnc-2004-amd64.yml) Set permissions on /etc/x11vnc.pass" - name: "(ubuntu-x11vnc-2004-amd64.yml) Set permissions on /etc/x11vnc.pass"
file: file:
path: "/etc/x11vnc.pass" path: /etc/x11vnc.pass
mode: 0644 owner: root
group: root
mode: 0644
- name: "(ubuntu-x11vnc-2004-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service" - name: "(ubuntu-x11vnc-2004-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"
template: template: