ansible/flr-brb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2021-11-10 15:51:56 +01:00
parent c48fd888f4
commit 17e4c4a77b
8 changed files with 204 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
group_vars/all/main.yml
View File

@ -327,6 +327,123 @@ apt_initial_install_buster:
- socat
- wakeonlan
apt_initial_install_bullseye:
- apt-transport-https
- dbus
- openssh-server
- rush
- vim
- vim-common
- vim-doc
- mc
- screen
- tmux
- cron
- bc
- figlet
- rcconf
- sudo
- rsync
- dselect
- iputils-ping
- apt-utils
- aptitude
- zip
- unzip
- bzip2
- arj
- locate
- curl
- gawk
- mawk
- lynx
- links
- w3m
- universal-ctags
- mime-support
- file
- coreutils
- moreutils
- less
- sipcalc
- psmisc
- dnsutils
- rblcheck
- whois
- gettext
- gettext-base
- gettext-doc
- debian-keyring
- patch
- patchutils
- recode
- recode-doc
- librecode0
- librecode-dev
- sharutils
- perl
- perl-modules-5.32
- perl-doc
- libperl-dev
- libterm-readline-gnu-perl
- libterm-readline-perl-perl
- libterm-readkey-perl
- libmail-imapclient-perl
- libtime-duration-perl
- libtimedate-perl
- libwww-perl
- libpcre3
- libio-compress-perl
- libreadline-dev
- re2c
- util-linux
- parted
- lshw
- gdisk
- smartmontools
- tcpdump
- telnet
- unhide
- lsof
- hdparm
- groff
- iproute2
- bridge-utils
- vlan
- ethtool
- wipe
- iperf
- mtr
- iptraf
- wget
- logrotate
- rsyslog
- haveged
- rdate
- ntpdate
- wipe
- man
- groff
- iptables
- shellcheck
- ssl-cert
- ssl-cert-check
- git
- ftp
- htop
- net-tools
- lsb-release
- attr
- acl
- quota
- quotatool
- needrestart
- socat
- zsh
- lua5.4
- btrfs-progs
- fdisk
apt_initial_install_xenial:
- apt-transport-https
- dbus

36
roles/common/tasks/apt.yml
View File

@ -65,6 +65,7 @@
name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
tags:
@ -76,12 +77,25 @@
name: "{{ apt_initial_install_buster }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_buster is defined and apt_initial_install_buster|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
tags:
- apt-initial-install
- name: (apt.yml) Initial install debian packages (bullseye)
apt:
name: "{{ apt_initial_install_bullseye }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (bionic)
apt:
name: "{{ apt_initial_install_bionic }}"
@ -122,30 +136,15 @@
- apt-microcode
- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch)
apt:
name: "{{ microcode_amd_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- apt_backports_enable
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("AMD")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
- name: (apt.yml) Install CPU microcode (debian buster/bullseye)
apt:
name: "{{ microcode_intel_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
when:
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10"
- ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
- ansible_facts['processor']|string is search("Intel")
tags:
- apt-initial-install
@ -239,6 +238,7 @@
- apt-initial-install
- apt-firmware
- name: (apt.yml) Install Firmware packages (Debian)
apt:
name: "{{ firmware_packages_debian }}"

7
roles/common/tasks/main.yml
View File

@ -101,6 +101,13 @@
- samba-remove-user
# tags supported inside system-remove-user.yml:
#
- import_tasks: system-remove-user.yml
tags:
- system-remove-user
# tags supported inside system-user.yml:
#
# system-user

54
roles/common/tasks/nis-user.yml
View File

@ -1,32 +1,32 @@
---
# ---
# - Remove unwanted users
# ---
- name: (nis_user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (nis_user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
## # ---
## # - Remove unwanted users
## # ---
##
## - name: (nis_user.yml) Remove (old) users from system
## user:
## name: '{{ item.name }}'
## state: absent
## with_items:
## - "{{ remove_nis_users }}"
## loop_control:
## label: '{{ item.name }}'
## tags:
## - nis-user
## - system-user
##
## - name: (nis_user.yml) Remove home directory from deleted users
## file:
## path: '{{ nis_base_home }}/{{ item.name }}'
## state: absent
## with_items:
## - "{{ remove_nis_users }}"
## loop_control:
## label: '{{ item.name }}'
## tags:
## - nis-user
## - system-user
# ---
# - default user/groups

121
roles/common/tasks/nis_samba_user.yml
View File

@ -1,121 +0,0 @@
---
# ---
# - Remove unwanted users
# ---
- name: (nis_samba_user.yml) Check if samba user exists for removable nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_deleted_user_present
changed_when: "samba_deleted_user_present.rc == 0"
failed_when: "samba_deleted_user_present.rc > 1"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (nis_samba_user.yml) Remove (old) users from samba
shell: "smbpasswd -s -x {{ item.name }}"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
when: samba_deleted_user_present is changed
tags:
- samba-user
- name: (nis_samba_user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (nis_samba_user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
# ---
# - default user/groups
# ---
- name: (nis_samba_user.yml) Ensure nis groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
loop: "{{ nis_groups }}"
loop_control:
label: '{{ item.name }}'
when: item.group_id is defined
notify: Renew nis databases
tags:
- nis-user
- system-user
#- meta: end_host
- name: (nis_samba_user.yml) Ensure nis users exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
#group: '{{ item.0.name | default(omit) }}'
groups: "{{ item.groups|join(', ') }}"
home: '{{ nis_base_home }}/{{ item.name }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password | password_hash('sha512') }}"
update_password: on_create
append: yes
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
notify: Renew nis databases
tags:
- nis-user
- system-user
- name: (nis_samba_user.yml) Check if samba user exists for nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_nis_user_present
changed_when: "samba_nis_user_present.rc > 0"
failed_when: "samba_nis_user_present.rc > 1"
with_items:
- "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- samba-user
- name: (nis_samba_user.yml) Add nis user to samba (with nis users password)
shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
- samba_nis_user_present is changed
notify: Renew nis databases
tags:
- samba-user

6
roles/common/tasks/samba-install.yml
View File

@ -105,7 +105,7 @@
- samba-server
- name: Check if cleaning up trash dirs is configured
- name: (samba-install.yml) Check if cleaning up trash dirs is configured
lineinfile:
path: /root/bin/samba/conf/clean_samba_trash.conf
regexp: "^trash_dirs=*"
@ -117,7 +117,7 @@
- "groups['samba_server']|string is search(inventory_hostname)"
- name: Creates a cron job for cleaning up samba trash dirs
- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
cron:
name: '{{ samba_cronjob_trash_dirs.name }}'
minute: '{{ samba_cronjob_trash_dirs.minute }}'
@ -154,7 +154,7 @@
- samba-server
- name: Creates a cron job for cleaning up samba trash dirs
- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
cron:
name: '{{ samba_cronjob_permissions.name }}'
minute: '{{ samba_cronjob_permissions.minute }}'

29
roles/common/tasks/system-remove-user.yml Normal file
View File

@ -0,0 +1,29 @@
---
# ---
# - Remove unwanted users
# ---
- name: (system-remove-user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (system-remove-user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user