diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 604f594..ac28e22 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -327,6 +327,123 @@ apt_initial_install_buster: - socat - wakeonlan +apt_initial_install_bullseye: + - apt-transport-https + - dbus + - openssh-server + - rush + - vim + - vim-common + - vim-doc + - mc + - screen + - tmux + - cron + - bc + - figlet + - rcconf + - sudo + - rsync + - dselect + - iputils-ping + - apt-utils + - aptitude + - zip + - unzip + - bzip2 + - arj + - locate + - curl + - gawk + - mawk + - lynx + - links + - w3m + - universal-ctags + - mime-support + - file + - coreutils + - moreutils + - less + - sipcalc + - psmisc + - dnsutils + - rblcheck + - whois + - gettext + - gettext-base + - gettext-doc + - debian-keyring + - patch + - patchutils + - recode + - recode-doc + - librecode0 + - librecode-dev + - sharutils + - perl + - perl-modules-5.32 + - perl-doc + - libperl-dev + - libterm-readline-gnu-perl + - libterm-readline-perl-perl + - libterm-readkey-perl + - libmail-imapclient-perl + - libtime-duration-perl + - libtimedate-perl + - libwww-perl + - libpcre3 + - libio-compress-perl + - libreadline-dev + - re2c + - util-linux + - parted + - lshw + - gdisk + - smartmontools + - tcpdump + - telnet + - unhide + - lsof + - hdparm + - groff + - iproute2 + - bridge-utils + - vlan + - ethtool + - wipe + - iperf + - mtr + - iptraf + - wget + - logrotate + - rsyslog + - haveged + - rdate + - ntpdate + - wipe + - man + - groff + - iptables + - shellcheck + - ssl-cert + - ssl-cert-check + - git + - ftp + - htop + - net-tools + - lsb-release + - attr + - acl + - quota + - quotatool + - needrestart + - socat + - zsh + - lua5.4 + - btrfs-progs + - fdisk + apt_initial_install_xenial: - apt-transport-https - dbus diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 202deb7..8d113ca 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -65,6 +65,7 @@ name: "{{ apt_initial_install_stretch }}" state: "{{ apt_install_state }}" when: + - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0 - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version'] == "9" tags: @@ -76,12 +77,25 @@ name: "{{ apt_initial_install_buster }}" state: "{{ apt_install_state }}" when: + - apt_initial_install_buster is defined and apt_initial_install_buster|length > 0 - ansible_facts['distribution'] == "Debian" - ansible_facts['distribution_major_version'] == "10" tags: - apt-initial-install +- name: (apt.yml) Initial install debian packages (bullseye) + apt: + name: "{{ apt_initial_install_bullseye }}" + state: "{{ apt_install_state }}" + when: + - apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0 + - ansible_facts['distribution'] == "Debian" + - ansible_facts['distribution_major_version'] == "11" + tags: + - apt-initial-install + + - name: (apt.yml) Initial install ubuntu packages (bionic) apt: name: "{{ apt_initial_install_bionic }}" @@ -122,30 +136,15 @@ - apt-microcode -- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch) - apt: - name: "{{ microcode_amd_package }}" - state: present - default_release: "{{ ansible_distribution_release }}-backports" - when: - - apt_backports_enable - - apt_debian_contrib_nonfree_enable - - ansible_facts['distribution'] == "Debian" - - ansible_facts['distribution_major_version'] == "9" - - ansible_facts['processor']|string is search("AMD") - tags: - - apt-initial-install - - apt-microcode - - -- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster) +- name: (apt.yml) Install CPU microcode (debian buster/bullseye) apt: name: "{{ microcode_intel_package }}" state: present default_release: "{{ ansible_distribution_release }}" when: + - apt_debian_contrib_nonfree_enable - ansible_facts['distribution'] == "Debian" - - ansible_facts['distribution_major_version'] == "10" + - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11" - ansible_facts['processor']|string is search("Intel") tags: - apt-initial-install @@ -239,6 +238,7 @@ - apt-initial-install - apt-firmware + - name: (apt.yml) Install Firmware packages (Debian) apt: name: "{{ firmware_packages_debian }}" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 4afb43f..a705dc2 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -101,6 +101,13 @@ - samba-remove-user +# tags supported inside system-remove-user.yml: +# +- import_tasks: system-remove-user.yml + tags: + - system-remove-user + + # tags supported inside system-user.yml: # # system-user diff --git a/roles/common/tasks/nis-user.yml b/roles/common/tasks/nis-user.yml index 409c438..b7754ed 100644 --- a/roles/common/tasks/nis-user.yml +++ b/roles/common/tasks/nis-user.yml @@ -1,32 +1,32 @@ --- -# --- -# - Remove unwanted users -# --- - -- name: (nis_user.yml) Remove (old) users from system - user: - name: '{{ item.name }}' - state: absent - with_items: - - "{{ remove_nis_users }}" - loop_control: - label: '{{ item.name }}' - tags: - - nis-user - - system-user - -- name: (nis_user.yml) Remove home directory from deleted users - file: - path: '{{ nis_base_home }}/{{ item.name }}' - state: absent - with_items: - - "{{ remove_nis_users }}" - loop_control: - label: '{{ item.name }}' - tags: - - nis-user - - system-user +## # --- +## # - Remove unwanted users +## # --- +## +## - name: (nis_user.yml) Remove (old) users from system +## user: +## name: '{{ item.name }}' +## state: absent +## with_items: +## - "{{ remove_nis_users }}" +## loop_control: +## label: '{{ item.name }}' +## tags: +## - nis-user +## - system-user +## +## - name: (nis_user.yml) Remove home directory from deleted users +## file: +## path: '{{ nis_base_home }}/{{ item.name }}' +## state: absent +## with_items: +## - "{{ remove_nis_users }}" +## loop_control: +## label: '{{ item.name }}' +## tags: +## - nis-user +## - system-user # --- # - default user/groups diff --git a/roles/common/tasks/nis_samba_user.yml b/roles/common/tasks/nis_samba_user.yml deleted file mode 100644 index 31fe77b..0000000 --- a/roles/common/tasks/nis_samba_user.yml +++ /dev/null @@ -1,121 +0,0 @@ ---- - -# --- -# - Remove unwanted users -# --- - -- name: (nis_samba_user.yml) Check if samba user exists for removable nis user - shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}' - register: samba_deleted_user_present - changed_when: "samba_deleted_user_present.rc == 0" - failed_when: "samba_deleted_user_present.rc > 1" - with_items: - - "{{ nis_deleted_user }}" - loop_control: - label: '{{ item.name }}' - tags: - - samba-user - - -- name: (nis_samba_user.yml) Remove (old) users from samba - shell: "smbpasswd -s -x {{ item.name }}" - with_items: - - "{{ nis_deleted_user }}" - loop_control: - label: '{{ item.name }}' - when: samba_deleted_user_present is changed - tags: - - samba-user - - -- name: (nis_samba_user.yml) Remove (old) users from system - user: - name: '{{ item.name }}' - state: absent - with_items: - - "{{ nis_deleted_user }}" - loop_control: - label: '{{ item.name }}' - tags: - - nis-user - - system-user - -- name: (nis_samba_user.yml) Remove home directory from deleted users - file: - path: '{{ nis_base_home }}/{{ item.name }}' - state: absent - with_items: - - "{{ nis_deleted_user }}" - loop_control: - label: '{{ item.name }}' - tags: - - nis-user - - system-user - -# --- -# - default user/groups -# --- - -- name: (nis_samba_user.yml) Ensure nis groups exists - group: - name: '{{ item.name }}' - state: present - gid: '{{ item.group_id | default(omit) }}' - loop: "{{ nis_groups }}" - loop_control: - label: '{{ item.name }}' - when: item.group_id is defined - notify: Renew nis databases - tags: - - nis-user - - system-user - -#- meta: end_host - -- name: (nis_samba_user.yml) Ensure nis users exists - user: - name: '{{ item.name }}' - state: present - uid: '{{ item.user_id | default(omit) }}' - #group: '{{ item.0.name | default(omit) }}' - groups: "{{ item.groups|join(', ') }}" - home: '{{ nis_base_home }}/{{ item.name }}' - shell: '{{ item.shell|d("/bin/bash") }}' - password: "{{ item.password | password_hash('sha512') }}" - update_password: on_create - append: yes - loop: "{{ nis_user }}" - loop_control: - label: '{{ item.name }}' - notify: Renew nis databases - tags: - - nis-user - - system-user - - -- name: (nis_samba_user.yml) Check if samba user exists for nis user - shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}' - register: samba_nis_user_present - changed_when: "samba_nis_user_present.rc > 0" - failed_when: "samba_nis_user_present.rc > 1" - with_items: - - "{{ nis_user }}" - loop_control: - label: '{{ item.name }}' - when: - - item.is_samba_user is defined and item.is_samba_user|bool - tags: - - samba-user - -- name: (nis_samba_user.yml) Add nis user to samba (with nis users password) - shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}" - loop: "{{ nis_user }}" - loop_control: - label: '{{ item.name }}' - when: - - item.is_samba_user is defined and item.is_samba_user|bool - - samba_nis_user_present is changed - notify: Renew nis databases - tags: - - samba-user - diff --git a/roles/common/tasks/samba-install.yml b/roles/common/tasks/samba-install.yml index cc353ca..41ab72f 100644 --- a/roles/common/tasks/samba-install.yml +++ b/roles/common/tasks/samba-install.yml @@ -105,7 +105,7 @@ - samba-server -- name: Check if cleaning up trash dirs is configured +- name: (samba-install.yml) Check if cleaning up trash dirs is configured lineinfile: path: /root/bin/samba/conf/clean_samba_trash.conf regexp: "^trash_dirs=*" @@ -117,7 +117,7 @@ - "groups['samba_server']|string is search(inventory_hostname)" -- name: Creates a cron job for cleaning up samba trash dirs +- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs cron: name: '{{ samba_cronjob_trash_dirs.name }}' minute: '{{ samba_cronjob_trash_dirs.minute }}' @@ -154,7 +154,7 @@ - samba-server -- name: Creates a cron job for cleaning up samba trash dirs +- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs cron: name: '{{ samba_cronjob_permissions.name }}' minute: '{{ samba_cronjob_permissions.minute }}' diff --git a/roles/common/tasks/samba-remove-user.yml b/roles/common/tasks/samba-remove-user.yml index a246c4e..c3919df 100644 --- a/roles/common/tasks/samba-remove-user.yml +++ b/roles/common/tasks/samba-remove-user.yml @@ -10,7 +10,7 @@ register: samba_remove_system_users_present changed_when: "samba_remove_system_users_present.rc == 0" failed_when: "samba_remove_system_users_present.rc > 1" - with_items: + with_items: - "{{ remove_system_users }}" loop_control: label: '{{ item.name }}' @@ -21,11 +21,11 @@ - name: (samba-remove-user.yml) Remove (old) system users from samba shell: > smbpasswd -s -x {{ item.item.name }} - with_items: + with_items: - "{{ samba_remove_system_users_present.results }}" loop_control: label: '{{ item.item.name }}' - when: + when: - item.changed tags: - samba-user diff --git a/roles/common/tasks/system-remove-user.yml b/roles/common/tasks/system-remove-user.yml new file mode 100644 index 0000000..97bff14 --- /dev/null +++ b/roles/common/tasks/system-remove-user.yml @@ -0,0 +1,29 @@ +--- + +# --- +# - Remove unwanted users +# --- + +- name: (system-remove-user.yml) Remove (old) users from system + user: + name: '{{ item.name }}' + state: absent + with_items: + - "{{ remove_nis_users }}" + loop_control: + label: '{{ item.name }}' + tags: + - nis-user + - system-user + +- name: (system-remove-user.yml) Remove home directory from deleted users + file: + path: '{{ nis_base_home }}/{{ item.name }}' + state: absent + with_items: + - "{{ remove_nis_users }}" + loop_control: + label: '{{ item.name }}' + tags: + - nis-user + - system-user