ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reduce output from ansible playbooks. Some minor changes.

Browse Source
This commit is contained in:
Christoph
2019-07-03 04:14:14 +02:00
parent 21fcd86115
commit 505cdbf120
25 changed files with 3158 additions and 615 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/common/tasks/apt.yml
View File

@ -104,7 +104,7 @@
state: "{{ apt_install_state }}"
when: apt_install_lxc_host_pkgs|bool
tags:
- apt-lxc-hosts-pkgs|bool
- apt-lxc-hosts-pkgs
- name: (apt.yml) Install compiler related packages
apt:
@ -112,7 +112,7 @@
state: "{{ apt_install_state }}"
when: apt_install_compiler_pkgs|bool
tags:
- apt-compiler-pkgs|bool
- apt-compiler-pkgs
- name: (apt.yml) Install postgresql_server related packages
apt:

11
roles/common/tasks/first-run.yml Normal file
View File

@ -0,0 +1,11 @@
---
- hosts: o25.oopen.de
tasks:
- name: Ensure aptitude is present
raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
- name: Ensure python2 is present (This is necessary for ansible to work properly)
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)

108
roles/common/tasks/git.yml
View File

@ -1,28 +1,41 @@
---
- name: (git.yml) include variables
include_vars: "{{ item }}"
with_first_found:
- "git-{{ inventory_hostname }}.yml"
- "git-{{ ansible_distribution_release }}.yml"
- "git-{{ ansible_distribution | lower }}.yml"
- git-default.yml
tags:
- git-default-repositories
- git-lxc-guest-repositories
- git-apache2-repositories
- git-nginx-repositories
- git-mysql-server-repositories
- git-postgresql-server-repositories
- git-nextcloud-server-repositories
- git-dns-server-repositories
- git-backup-server-repositories
- git-samba-server-repositories
- git-mailservers-repositories
- git-sympa-repositories
- git-other-repositories
#- name: (git.yml) include variables
# include_vars: "{{ item }}"
# with_first_found:
# - "git-{{ inventory_hostname }}.yml"
# - "git-{{ ansible_distribution_release }}.yml"
# - "git-{{ ansible_distribution | lower }}.yml"
# - git-default.yml
# tags:
# - git-default-repositories
# - git-lxc-guest-repositories
# - git-apache2-repositories
# - git-nginx-repositories
# - git-mysql-server-repositories
# - git-postgresql-server-repositories
# - git-nextcloud-server-repositories
# - git-dns-server-repositories
# - git-backup-server-repositories
# - git-samba-server-repositories
# - git-mailservers-repositories
# - git-sympa-repositories
# - git-other-repositories
# ---
# Firewall repository
# ---
- name: (git.yml) Install/Update firewall repository
git:
repo: "{{ git_firewall_repository.repo}}"
dest: "{{ git_firewall_repository.dest }}"
when: git_firewall_repository is defined and git_firewall_repository > 0
tags:
- git-firewall-repository
# ---
# Default reposotories
# ---
@ -32,6 +45,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_default_repositories }}'
loop_control:
label: "{{ item.name }}"
tags:
- git-default-repositories
@ -45,6 +60,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_lxc_guest_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['lxc_guest']|string is search(inventory_hostname)"
tags:
- git-lxc-guest-repositories
@ -59,11 +76,29 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_lxc_host_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['lxc_host']|string is search(inventory_hostname)"
tags:
- git-lxc-host-repositories
# ---
# Group [gateway_server] reposotories
# ---
- name: (git.yml) Install/Update gateway repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_gateway_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['gateway_server']|string is search(inventory_hostname)"
tags:
- git-gateway-server-repositories
# ---
# Group [apache2_webserver] reposotories
# ---
@ -73,6 +108,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_apache2_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['apache2_webserver']|string is search(inventory_hostname)"
tags:
- git-apache2-repositories
@ -87,6 +124,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_nginx_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['nginx_webserver']|string is search(inventory_hostname)"
tags:
- git-nginx-repositories
@ -101,6 +140,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_mysql_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['mysql_server']|string is search(inventory_hostname)"
tags:
- git-mysql-server-repositories
@ -115,6 +156,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_postgresql_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['postgresql_server']|string is search(inventory_hostname)"
tags:
- git-postgresql-server-repositories
@ -129,6 +172,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_nextcloud_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['nextcloud_server']|string is search(inventory_hostname)"
tags:
- git-nextcloud-server-repositories
@ -143,6 +188,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_dns_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['dns_server']|string is search(inventory_hostname)"
tags:
- git-dns-server-repositories
@ -157,6 +204,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_backup_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['backup_server']|string is search(inventory_hostname)"
ignore_errors: True
tags:
@ -172,6 +221,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_samba_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['samba_server']|string is search(inventory_hostname)"
ignore_errors: True
tags:
@ -183,18 +234,13 @@
# Group [mail_server] reposotories
# ---
#- name: include variables
# include_vars: "git-mailservers.yml"
# tags:
# - initial-setup
# - git
# - git-mailservers
- name: (git.yml) Install/Update default repositories
- name: (git.yml) Install/Update mail server repositories
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_mailserver_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['mail_server']|string is search(inventory_hostname)"
tags:
- git-mailservers-repositories
@ -209,6 +255,8 @@
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
with_items: '{{ git_sympa_repositories }}'
loop_control:
label: "{{ item.name }}"
when: "groups['sympa_list_server']|string is search(inventory_hostname)"
tags:
- git-sympa-repositories
@ -232,6 +280,8 @@
git:
repo: '{{ item.repo }}'
dest: '{{ item.dest }}'
loop_control:
label: "{{ item.name }}"
with_items: '{{ git_other_repositories }}'
tags:
- git-other-repositories

3
roles/common/tasks/main.yml
View File

@ -86,8 +86,11 @@
# tags supportetd inside git.yml
#
# git-firewall-repository
# git-default-repositories
# git-lxc-host-repositories
# git-lxc-guest-repositories
# git-gateway-server-repositories
# git-apache2-repositories
# git-nginx-repositories
# git-mysql-server-repositories

22
roles/common/tasks/sudoers.yml
View File

@ -1,16 +1,16 @@
---
- name: (sudoers.yml) include variables
include_vars: "{{ item }}"
with_first_found:
- "sudoers-{{ inventory_hostname }}.yml"
- "sudoers-{{ ansible_distribution_release }}.yml"
- "sudoers-{{ ansible_distribution | lower }}.yml"
- "sudoers-default.yml"
tags:
- sudoers-remove
- sudoers-file-configuration
- sudoers-global-configuration
#- name: (sudoers.yml) include variables
# include_vars: "{{ item }}"
# with_first_found:
# - "sudoers-{{ inventory_hostname }}.yml"
# - "sudoers-{{ ansible_distribution_release }}.yml"
# - "sudoers-{{ ansible_distribution | lower }}.yml"
# - "sudoers-default.yml"
# tags:
# - sudoers-remove
# - sudoers-file-configuration
# - sudoers-global-configuration
- name: (sudoers.yml) Remove user entries in file /etc/sudoers
lineinfile:

29
roles/common/tasks/users-systemfiles.yml
View File

@ -8,13 +8,18 @@
stat:
path: "~{{ item.name }}/.bashrc.ORIG"
register: bashrc_user_orig_exists
with_items: "{{ default_user }}"
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- bash
- name: (users-systemfiles.yml) Backup existing users .bashrc file
command: cp ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
with_items: "{{ bashrc_user_orig_exists.results }}"
loop: "{{ bashrc_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
#with_items: "{{ bashrc_user_orig_exists.results }}"
when: item.stat.exists == False
tags:
- bash
@ -26,7 +31,9 @@
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
with_items: "{{ default_user }}"
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc')
tags:
- bash
@ -63,13 +70,17 @@
stat:
path: "~{{ item.name }}/.profile.ORIG"
register: profile_user_orig_exists
with_items: "{{ default_user }}"
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- profile
- name: (users-systemfiles.yml) Backup existing users .profile file
command: cp ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
with_items: "{{ profile_user_orig_exists.results }}"
loop: "{{ profile_user_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when: item.stat.exists == False
tags:
- profile
@ -81,7 +92,9 @@
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
with_items: "{{ default_user }}"
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile')
tags:
- profile
@ -121,7 +134,9 @@
owner: "{{ item.name }}"
group: "{{ item.name }}"
mode: 0644
with_items: "{{ default_user }}"
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc')
tags:
- vim

52
roles/common/tasks/users.yml
View File

@ -9,7 +9,9 @@
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
with_items: '{{ default_user }}'
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
when: item.group_id is defined
tags:
- groups-exists
@ -24,7 +26,9 @@
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password }}"
update_password: on_create
with_items: '{{ default_user }}'
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- users-exists
@ -36,6 +40,8 @@
with_subelements:
- '{{ default_user }}'
- ssh_keys
loop_control:
label: "{{ item.0.name }}"
tags:
- authorized_key
@ -48,7 +54,9 @@
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
with_items: '{{ extra_user }}'
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
when:
- extra_user is defined and extra_user|length > 0
- item.group_id is defined
@ -65,7 +73,9 @@
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password }}"
update_password: on_create
with_items: '{{ extra_user }}'
loop: "{{ default_user }}"
loop_control:
label: '{{ item.name }}'
when: extra_user is defined and extra_user|length > 0
tags:
- users-exists
@ -78,6 +88,8 @@
with_subelements:
- '{{ extra_user }}'
- ssh_keys
loop_control:
label: "{{ item.0.name }}"
when: extra_user is defined and extra_user|length > 0
tags:
- authorized_key
@ -87,14 +99,16 @@
# - Take care backup host has rsa key to connect via ssh to the other hosts
# ---
- name: (users.yml) Copy ssh rsa private key to user root of backup server
- name: (users.yml) Copy ssh rsa private key to user root on backup server
copy:
src: '{{ item.priv_key_src }}'
dest: '{{ item.priv_key_dest }}'
owner: root
group: root
mode: '0600'
with_items: '{{ ssh_keypair_backup_server }}'
loop: "{{ ssh_keypair_backup_server }}"
loop_control:
label: '{{ item.priv_key_dest }}'
when:
- ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
- insert_ssh_keypair_backup_server|bool
@ -103,14 +117,16 @@
- keypair-backup-server
- name: (users.yml) Copy ssh rsa public key to user root of backup server
- name: (users.yml) Copy ssh rsa public key to user root on backup server
copy:
src: '{{ item.pub_key_src }}'
dest: '{{ item.pub_key_dest }}'
owner: root
group: root
mode: '0644'
with_items: '{{ ssh_keypair_backup_server }}'
loop: "{{ ssh_keypair_backup_server }}"
loop_control:
label: '{{ item.pub_key_dest }}'
when:
- ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
- insert_ssh_keypair_backup_server|bool
@ -124,7 +140,9 @@
user: "{{ item.backup_user }}"
key: "{{ lookup('file', item.pub_key_src) }}"
state: present
with_items: '{{ ssh_keypair_backup_server }}'
loop: "{{ ssh_keypair_backup_server }}"
loop_control:
label: 'authorized_keys - user: {{ item.backup_user }}'
when: ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
tags:
- authorized_key
@ -146,7 +164,10 @@
when:
- insert_root_ssh_keypair|bool
- groups['backup_server']|string is not search(inventory_hostname)
with_items: '{{ root_ssh_keypair }}'
loop: "{{ root_ssh_keypair }}"
loop_control:
label: 'dest: {{ item.priv_key_dest }}'
#with_items: '{{ root_ssh_keypair }}'
tags:
- insert_root_ssh_keypair
- root-defaut-ssh-keypair
@ -158,8 +179,10 @@
owner: root
group: root
mode: '0644'
with_items: '{{ root_ssh_keypair }}'
#when: groups['oopen_server']|string is search(inventory_hostname)
loop: "{{ root_ssh_keypair }}"
loop_control:
label: 'dest: {{ item.pub_key_dest }}'
#with_items: '{{ root_ssh_keypair }}'
when:
- insert_root_ssh_keypair|bool
- groups['backup_server']|string is not search(inventory_hostname)
@ -172,7 +195,10 @@
user: root
key: "{{ lookup('file', item.pub_key_src) }}"
state: present
with_items: '{{ root_ssh_keypair }}'
loop: "{{ root_ssh_keypair }}"
loop_control:
label: 'authorized_keys - user: root'
#with_items: '{{ root_ssh_keypair }}'
when: inventory_hostname == item.target
tags:
- authorized_key

26
roles/common/tasks/webadmin-user.yml
View File

@ -10,6 +10,8 @@
state: present
gid: '{{ item.group_id | default(omit) }}'
with_items: '{{ webadmin_user }}'
loop_control:
label: "{{ item.name }}"
when:
- groups['webadmin']|string is search(inventory_hostname)
- webadmin_user is defined
@ -29,6 +31,8 @@
password: "{{ item.password }}"
update_password: on_create
with_items: '{{ webadmin_user }}'
loop_control:
label: "{{ item.name }}"
when:
- groups['webadmin']|string is search(inventory_hostname)
- webadmin_user is defined
@ -44,6 +48,8 @@
with_subelements:
- '{{ webadmin_user }}'
- ssh_keys
loop_control:
label: "{{ item.0.name }}"
when:
- groups['webadmin']|string is search(inventory_hostname)
- webadmin_user is defined
@ -62,6 +68,8 @@
when:
- insert_webadmin_ssh_keypair|bool
with_items: '{{ webadmin_ssh_keypair }}'
loop_control:
label: 'dest: {{ item.priv_key_dest }}'
tags:
- webadmin
- webadmin-defaut-ssh-keypair
@ -74,6 +82,8 @@
group: '{{ item.login }}'
mode: '0644'
with_items: '{{ webadmin_ssh_keypair }}'
loop_control:
label: 'dest: {{ item.pub_key_dest }}'
when:
- insert_webadmin_ssh_keypair|bool
tags:
@ -102,6 +112,8 @@
key: "{{ lookup('file', item.pub_key_src) }}"
state: present
with_items: '{{ webadmin_ssh_keypair }}'
loop_control:
label: 'authorized_keys - webadmin: root'
when: inventory_hostname == item.target
tags:
- webadmin
@ -118,6 +130,8 @@
path: "~{{ item.name }}/.bashrc.ORIG"
register: bashrc_webadmin_orig_exists
with_items: "{{ webadmin_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- webadmin
- bash
@ -125,6 +139,8 @@
- name: (webadmin-user.yml) Backup existing webadmin's .bashrc file
command: cp ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
with_items: "{{ bashrc_webadmin_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when: item.stat.exists == False
tags:
- webadmin
@ -138,6 +154,8 @@
group: "{{ item.name }}"
mode: 0644
with_items: "{{ webadmin_user }}"
loop_control:
label: '{{ item.name }}'
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc')
tags:
- webadmin
@ -152,6 +170,8 @@
path: "~{{ item.name }}/.profile.ORIG"
register: profile_webadmin_orig_exists
with_items: "{{ webadmin_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- webadmin
- profile
@ -159,6 +179,8 @@
- name: (webadmin-user.yml) Backup existing users .profile file
command: cp ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
with_items: "{{ profile_webadmin_orig_exists.results }}"
loop_control:
label: '{{ item.item.name }}'
when: item.stat.exists == False
tags:
- webadmin
@ -172,6 +194,8 @@
group: "{{ item.name }}"
mode: 0644
with_items: "{{ webadmin_user }}"
loop_control:
label: '{{ item.name }}'
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile')
tags:
- webadmin
@ -189,6 +213,8 @@
group: "{{ item.name }}"
mode: 0644
with_items: "{{ webadmin_user }}"
loop_control:
label: '{{ item.name }}'
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc')
tags:
- webadmin

55
roles/common/templates/etc/ssh/sshd_config.j2
View File

@ -161,7 +161,11 @@ HostbasedAuthentication no
# The allow/deny directives are processed in the following order: DenyUsers,
# AllowUsers, DenyGroups, and finally AllowGroups.
# By default, login is allowed for all users.
#AllowUsers chris cityslang sysadm
{% if (fact_sshd_allowed_users is defined) and fact_sshd_allowed_users %}
AllowUsers {{ fact_sshd_allowed_users }}
{% else %}
#AllowUsers back chris sysadm cityslang christoph
{% endif %}
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
@ -184,6 +188,55 @@ UsePAM yes
#UseLogin no
#-----------------------------
# Cryptography
#-----------------------------
# Specifies the available KEX (Key Exchange) algorithms.
# The default is:
## curve25519-sha256@libssh.org,
## ecdh-sha2-nistp256,
## ecdh-sha2-nistp384,
## ecdh-sha2-nistp521,
## diffie-hellman-group-exchange-sha256,
## diffie-hellman-group14-sha1.
{% if (fact_sshd_kexalgorithms is defined) and fact_sshd_kexalgorithms %}
KexAlgorithms {{ fact_sshd_kexalgorithms }}
{% else %}
#KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
{% endif %}
# Specifies the ciphers allowed for protocol version 2.
# The default is:
## aes128-ctr,
## aes192-ctr,
## aes256-ctr,
## aes128-gcm@openssh.com,
## aes256-gcm@openssh.com,
## chacha20-poly1305@openssh.com.
{% if (fact_sshd_ciphers is defined) and fact_sshd_ciphers %}
Ciphers {{ fact_sshd_ciphers }}
{% else %}
#Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
{% endif %}
# Specifies the available MAC (message authentication code) algorithms.
# The default is:
## umac-64-etm@openssh.com,
## umac-128-etm@openssh.com,
## hmac-sha2-256-etm@openssh.com,
## hmac-sha2-512-etm@openssh.com,
## umac-64@openssh.com,
## umac-128@openssh.com,
## hmac-sha2-256,
## hmac-sha2-512.
{% if (fact_sshd_macs is defined) and fact_sshd_macs %}
MACs {{ fact_sshd_macs }}
{% else %}
#MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
{% endif %}
#-----------------------------
# Logging
#-----------------------------

218
roles/common/vars/git-debian.yml
View File

@ -1,218 +0,0 @@
# vars file for git
---
# ---
# all servers
# ---
git_default_repositories:
# script repositories (destination /root/bin/)
- name: admin-stuff
repo: https://git.oopen.de/script/admin-stuff
dest: /root/bin/admin-stuff
- name: postfix
repo: https://git.oopen.de/script/postfix
dest: /root/bin/postfix
# install repositories (destination: /usr/local/src/)
- name: mailsystem
repo: https://git.oopen.de/install/mailsystem
dest: /usr/local/src/mailsystem
# ---
# group [lxc_host]
# ---
git_lxc_host_repositories:
# Monitoring
- name: monitoring
repo: https://git.oopen.de/script/monitoring
dest: /root/bin/monitoring
# LXC
- name: LXC
repo: https://git.oopen.de/script/LXC
dest: /root/bin/LXC
# firewall
- name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ---
# group [lxc_guest]
# ---
git_lxc_guest_repositories:
# dehydrated-cron
- name: dehydrated-cron
repo: https://git.codecoop.org/so36intern/dehydrated-cron.git
dest: /usr/local/src/dehydrated-cron
# firewall
- name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ---
# group [apache2_webserver]
# ---
git_apache2_repositories:
# script repositories (destination /root/bin/)
- name: apache2
repo: https://git.oopen.de/script/apache2
dest: /root/bin/apache2
# install repositories (destination: /usr/local/src/)
- name: apache2
repo: https://git.oopen.de/install/apache2
dest: /usr/local/src/apache2
- name: php
repo: https://git.oopen.de/install/php
dest: /usr/local/src/php
# ---
# group [nginx_webserver]
# ---
git_nginx_repositories: []
# ---
# group [mysql_server]
# ---
git_mysql_repositories:
# script repositories (destination /root/bin/)
- name: mysql
repo: https://git.oopen.de/script/mysql
dest: /root/bin/mysql
# install repositories (destination: /usr/local/src/)
- name: mysql
repo: https://git.oopen.de/install/mysql
dest: /usr/local/src/mysql
# ---
# group [postgresql_server]
# ---
git_postgresql_repositories:
# script repositories (destination /root/bin/)
- name: postgres
repo: https://git.oopen.de/script/postgres
dest: /root/bin/postgres
# ---
# group [nextcloud_server]
# ---
git_nextcloud_repositories:
# script repositories (destination /root/bin/)
- name: nextcloud
repo: https://git.oopen.de/script/nextcloud
dest: /root/bin/nextcloud
# install repositories (destination: /usr/local/src/)
- name: nextcloud
repo: https://git.oopen.de/install/nextcloud
dest: /usr/local/src/nextcloud
# ---
# group [dns_server]
# ---
git_dns_repositories:
# script repositories (destination /root/bin/)
- name: bind
repo: https://git.oopen.de/script/bind
dest: /root/bin/bind
# ---
# group [backup_server]
# ---
git_backup_repositories:
# script repositories (destination /root/bin/)
- name: backup-rcopy
repo: https://git.oopen.de/backup/backup-rcopy
dest: /root/crontab/backup-rcopy
# ---
# group [samba_server]
# ---
git_samba_repositories:
# script repositories (destination /root/bin/)
- name: samba
repo: https://git.oopen.de/script/samba
dest: /root/bin/samba
# ---
# group [mail_server]
# ---
git_mailserver_repositories:
# script repositories (destination /root/bin/)
- name: apache2
repo: https://git.oopen.de/script/apache2
dest: /root/bin/apache2
- name: postfix
repo: https://git.oopen.de/script/postfix
dest: /root/bin/postfix
- name: monitoring
repo: https://git.oopen.de/script/monitoring
dest: /root/bin/monitoring
# install repositories (destination: /usr/local/src/)
- name: apache2
repo: https://git.oopen.de/install/apache2
dest: /usr/local/src/apache2
- name: php
repo: https://git.oopen.de/install/php
dest: /usr/local/src/php
- name: mailsystem
repo: https://git.oopen.de/install/mailsystem
dest: /usr/local/src/mailsystem
# let's encrypt
- name: dehydrated-cron
repo: https://git.codecoop.org/so36intern/dehydrated-cron.git
dest: /usr/local/src/dehydrated-cron
# firewall
- name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server
# ---
# group [sympa_list_servers]
# ---
git_sympa_repositories:
# install repositories (destination: /usr/local/src/)
- name: sympa
repo: https://git.oopen.de/install/sympa
dest: /usr/local/src/sympa
# ---
# Use this for host specific repositories defined in files git-<hostname>.yaml
#
# Leave empty here
# ---
git_other_repositories: []

87
roles/common/vars/sudoers-debian.yml
View File

@ -1,87 +0,0 @@
# vars file for sudoers
---
# ---
# /etc/sudoers
# ---
sudoers_defaults:
- env_reset
- mail_badpass
- 'secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"'
sudoers_host_aliases: []
sudoers_user_aliases: []
sudoers_cmnd_aliases: []
sudoers_runas_aliases: []
sudoers_user_privileges:
- name: root
entry: 'ALL=(ALL:ALL) ALL'
sudoers_group_privileges: []
sudoers_remove_user:
- back
- www-data
# ---
# /etc/sudoers.d/50-user
# ---
sudoers_file_defaults: []
sudoers_file_host_aliases: []
sudoers_file_user_aliases: []
sudoers_file_cmnd_aliases: []
sudoers_file_runas_aliases: []
sudoers_file_user_back_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/rsync'
- 'ALL=(root) NOPASSWD: /usr/bin/find'
- 'ALL=(root) NOPASSWD: /usr/bin/realpath'
sudoers_file_user_back_postgres_privileges:
- 'ALL=(postgres) NOPASSWD: /usr/bin/psql'
- 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dump'
- 'ALL=(postgres) NOPASSWD: /usr/bin/pg_dumpall'
sudoers_file_user_back_disk_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/which'
- 'ALL=(root) NOPASSWD: /sbin/hdparm -I /dev/*'
- 'ALL=(root) NOPASSWD: /sbin/fdisk'
- 'ALL=(root) NOPASSWD: /sbin/sgdisk'
- 'ALL=(root) NOPASSWD: /sbin/sfdisk -d /dev/*'
- 'ALL=(root) NOPASSWD: /bin/dd if=/dev/*'
- 'ALL=(root) NOPASSWD: /sbin/parted'
- 'ALL=(root) NOPASSWD: /sbin/gdisk'
sudoers_file_user_webadmin_disk_privileges:
- 'ALL=(root) NOPASSWD: /usr/bin/mailq'
- 'ALL=(root) NOPASSWD: /usr/bin/tail'
- 'ALL=(root) NOPASSWD: /usr/bin/view'
sudoers_file_dns_server_privileges:
- name: manage-bind
entry: 'ALL=(root) NOPASSWD: /usr/local/bin/bind_*'
- name: manage-bind
entry: 'ALL=(root) NOPASSWD: /root/bin/bind/bind_*'
- name: chris
entry: 'ALL=(root) NOPASSWD: /root/bin/bind/*'
sudoers_file_postfixadmin_privileges:
- name: www-data
entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-mailbox-postdeletion.sh'
- name: www-data
entry: 'ALL=(vmail)NOPASSWD: /usr/local/bin/postfixadmin-domain-postdeletion.sh'
sudoers_file_user_privileges: []
sudoers_file_group_privileges: []