update..

2021-04-18 13:56:36 +02:00
parent 2339cdd6e8
commit d22a65ad9a
74 changed files with 4289 additions and 537 deletions
--- a/roles/common/tasks/config_files_mailsystem_scripts.yml
+++ b/roles/common/tasks/config_files_mailsystem_scripts.yml
@ -0,0 +1,15 @@
+---
+
+- name: (config_files_mailsystem_scripts.yml) Copy config file templates mailsystem scripts
+  template:
+    src: '{{ item.src_path }}'
+    dest: '{{ item.dest_path }}'
+    owner: root
+    group: root
+    mode: '0644'
+  loop: "{{ template_files_mailsystem_script }}"
+  loop_control:
+    label: 'dest: {{ item.name }}'
+  when:
+    - template_files_mailsystem_script is defined
+    - template_files_mailsystem_script|length > 0
--- a/roles/common/tasks/copy_files.yml
+++ b/roles/common/tasks/copy_files.yml
@ -0,0 +1,37 @@
+---
+
+
+
+- name: (copy_files.yml) Copy plain files
+  copy:
+    src: '{{ item.src_path }}'
+    dest: '{{ item.dest_path }}'
+    owner: root
+    group: root
+    mode: '0644'
+  loop: "{{ copy_plain_files }}"
+  loop_control:
+    label: 'dest: {{ item.name }}'
+  when: 
+    - copy_plain_files is defined
+    - copy_plain_files|length > 0
+  tags:
+    - copy-files
+    - copy-plain-files
+
+- name: (copy_files.yml) Copy template files
+  template:
+    src: '{{ item.src_path }}'
+    dest: '{{ item.dest_path }}'
+    owner: root
+    group: root
+    mode: '0644'
+  loop: "{{ copy_template_files }}"
+  loop_control:
+    label: 'dest: {{ item.name }}'
+  when:
+    - copy_template_files is defined
+    - copy_template_files|length > 0
+  tags:
+    - copy-files
+    - copy-template-files
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -109,6 +109,30 @@
 - import_tasks: git.yml
  tags: git

+
+# tags supported inside copy_files.yml:
+#
+#   copy-files
+#   copy-plain-files
+#   copy-template-files
+- import_tasks: copy_files.yml
+  tags:
+    - copy-files
+
+# tags supported inside symlink_files.yml:
+#
+#   symlink-files
+- import_tasks: symlink_files.yml
+  tags:
+    - symlink-files
+
+
+# tags supported inside config_files_mailsystem_scripts.yml:
+#
+- import_tasks: config_files_mailsystem_scripts.yml
+  tags:
+    - config-files-mailsystem
+
 # tags supportetd inside caching-nameserver.yml
 #
 # apt-caching-nameserver
--- a/roles/common/tasks/symlink_files.yml
+++ b/roles/common/tasks/symlink_files.yml
@ -0,0 +1,17 @@
+---
+
+- name: (symlink_files.yml) Symlink files
+  file:
+    src: '{{ item.src_path }}'
+    dest: '{{ item.dest_path }}'
+    owner: root
+    group: root
+    state: link
+  loop: "{{ symlink_files }}"
+  loop_control:
+    label: 'dest: {{ item.name }}'
+  when: 
+    - symlink_files is defined
+    - symlink_files|length > 0
+  tags:
+    - symlink-files
--- a/roles/common/tasks/users.yml
+++ b/roles/common/tasks/users.yml
@ -95,6 +95,19 @@
  tags:
    - authorized_key

+- name: (users.yml) other entries authorized_key files
+  authorized_key:
+    user: "{{ item.user }}"
+    key: "{{ item.key }}"
+    state: present
+  loop: "{{ entries_authorized_key }}"
+  loop_control:
+    label: "{{ item.user }}"
+  when:
+     - entries_authorized_key is defined
+     - entries_authorized_key|length > 0
+
+
 # ---
 # - extra system groups
 # ---
@ -144,8 +157,9 @@
  loop_control:
    label: '{{ item.priv_key_dest }}'
  when: 
-    - ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
    - insert_ssh_keypair_backup_server|bool
+    - ssh_keypair_backup_server is defined
+    - ssh_keypair_backup_server|length > 0
  tags:
    - insert-ssh-keypair-backup-server
    - keypair-backup-server
@ -162,8 +176,9 @@
  loop_control:
    label: '{{ item.pub_key_dest }}'
  when:
-    - ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
    - insert_ssh_keypair_backup_server|bool
+    - ssh_keypair_backup_server is defined
+    - ssh_keypair_backup_server|length > 0
  tags:
    - insert-ssh-keypair-backup-server
    - keypair-backup-server
@ -177,7 +192,9 @@
  loop: "{{ ssh_keypair_backup_server }}"
  loop_control:
    label: 'authorized_keys - user: {{ item.backup_user }}'
-  when: ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
+  when: 
+    - ssh_keypair_backup_server is defined
+    - ssh_keypair_backup_server|length > 0
  tags:
    - authorized_key
    - keypair-backup-server
@ -192,26 +209,76 @@
    path: /root/.ssh
    state: directory

- name: (users.yml) Copy default ed25519 ssh private key to user root
+- name: (users.yml) Copy (backup) ed25519 ssh private key to user root
  copy:
    src: '{{ item.priv_key_src }}'
    dest: '{{ item.priv_key_dest }}'
    owner: root
    group: root
    mode: '0600'
-  #when: groups['oopen_server']|string is search(inventory_hostname)
  when: 
-    - insert_root_ssh_keypair|bool
-    - groups['backup_server']|string is not search(inventory_hostname)
+    - insert_keypair_backup_client|bool
+    - ssh_keypair_backup_client is defined
+    - ssh_keypair_backup_client|length > 0
+  loop: "{{ ssh_keypair_backup_client }}"
+  loop_control:
+    label: 'dest: {{ item.priv_key_dest }}'
+  tags:
+    - insert_ssh_keypair_backup_server
+
+- name: (users.yml) Copy (backup) ed25519 ssh public key to user root
+  copy:
+    src: '{{ item.pub_key_src }}'
+    dest: '{{ item.pub_key_dest }}'
+    owner: root
+    group: root
+    mode: '0644'
+  when: 
+    - insert_keypair_backup_client|bool
+    - ssh_keypair_backup_client is defined
+    - ssh_keypair_backup_client|length > 0
+  loop: "{{ ssh_keypair_backup_client }}"
+  loop_control:
+    label: 'dest: {{ item.pub_key_dest }}'
+  tags:
+    - insert_ssh_keypair_backup_server
+
+- name: (users.yml) Ensure authorized_key (root) on backup hosts contains public key
+  authorized_key:
+    user: root
+    key: "{{ lookup('file', item.pub_key_src) }}"
+    state: present
+  loop: "{{ ssh_keypair_backup_client }}"
+  loop_control:
+    label: 'authorized_keys - user: root'
+  when:
+    - inventory_hostname == item.target
+    - ssh_keypair_backup_client is defined
+    - ssh_keypair_backup_client|length > 0
+  tags:
+    - authorized_key
+    - ssh-keypair-backup-server
+
+
+- name: (users.yml) Copy further ssh private key(s) to user root
+  copy:
+    src: '{{ item.priv_key_src }}'
+    dest: '{{ item.priv_key_dest }}'
+    owner: root
+    group: root
+    mode: '0600'
  loop: "{{ root_ssh_keypair }}"
  loop_control:
    label: 'dest: {{ item.priv_key_dest }}'
-  #with_items: '{{ root_ssh_keypair }}'
+  when: 
+    - insert_root_ssh_keypair|bool
+    - root_ssh_keypair is defined
+    - root_ssh_keypair|length > 0
  tags:
    - insert_root_ssh_keypair
    - root-defaut-ssh-keypair

- name: (users.yml) Copy default ed25519 ssh public key  to user root
+- name: (users.yml) Copy further ssh public key(s) to user root
  copy:
    src: '{{ item.pub_key_src }}'
    dest: '{{ item.pub_key_dest }}'
@ -221,25 +288,11 @@
  loop: "{{ root_ssh_keypair }}"
  loop_control:
    label: 'dest: {{ item.pub_key_dest }}'
-  #with_items: '{{ root_ssh_keypair }}'
  when: 
    - insert_root_ssh_keypair|bool
-    - groups['backup_server']|string is not search(inventory_hostname)
+    - root_ssh_keypair is defined
+    - root_ssh_keypair|length > 0
  tags:
    - insert_root_ssh_keypair
    - root-defaut-ssh-keypair

- name: (users.yml) Ensure authorized_key (root) on backup hosts contains public key
-  authorized_key:
-    user: root
-    key: "{{ lookup('file', item.pub_key_src) }}"
-    state: present
-  loop: "{{ root_ssh_keypair }}"
-  loop_control:
-    label: 'authorized_keys - user: root'
-  #with_items: '{{ root_ssh_keypair }}'
-  when: inventory_hostname == item.target
-  tags:
-    - authorized_key
-    - root-defaut-ssh-keypair
-