From 06523efab1c6bc38c51556994089b217079b21d8 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Tue, 4 Jun 2019 03:20:59 +0200
Subject: [PATCH] Initial commit

---
 .gitignore                                |  2 +
 ansible.cfg                               | 35 ++++++++++++
 apt-upgrade.yml                           | 17 ++++++
 first_run.yml                             | 22 ++++++++
 git.yml                                   | 65 +++++++++++++++++++++++
 hosts                                     | 18 +++++++
 poweroff-clients.yml                      |  8 +++
 roles/ansible_dependencies/tasks/main.yml |  5 ++
 8 files changed, 172 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 ansible.cfg
 create mode 100644 apt-upgrade.yml
 create mode 100644 first_run.yml
 create mode 100644 git.yml
 create mode 100644 hosts
 create mode 100644 poweroff-clients.yml
 create mode 100644 roles/ansible_dependencies/tasks/main.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8793994
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.swp
+*.retry
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..c659472
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,35 @@
+# config file for ansible -- http://ansible.com/
+# ==============================================
+# exmaple:https://raw.github.com/ansible/ansible/devel/examples/ansible.cfg
+#
+# nearly all parameters can be overridden in ansible-playbook
+# or with command line flags. ansible will read ANSIBLE_CONFIG,
+# ansible.cfg in the current working directory, .ansible.cfg in
+# the home directory or /etc/ansible/ansible.cfg, whichever it
+# finds first
+
+[defaults]
+ansible_managed = Ansible managed file, do not edit directly
+#gathering = smart
+#fact_caching = jsonfile
+#fact_caching_connection = ~/.cache/
+#fact_caching_timeout = 86400
+#forks = 20
+inventory = ./hosts
+#remote_user = ansible
+#roles_path = ./roles
+#vault_password_file = open_the_vault.sh
+#retry_files_enabled = False
+#allow_world_readable_tmpfiles = True
+
+[privilege_escalation]
+become=True
+become_method=sudo
+become_ask_pass=True
+
+[ssh_connection]
+
+# By default, this option is disabled to preserve compatibility with
+# sudoers configurations that have requiretty (the default on many distros).
+#
+#pipelining = True
diff --git a/apt-upgrade.yml b/apt-upgrade.yml
new file mode 100644
index 0000000..fc9807b
--- /dev/null
+++ b/apt-upgrade.yml
@@ -0,0 +1,17 @@
+---
+
+- hosts: all
+  tasks:
+   - name: updates a server
+     apt: update_cache=yes
+   - name: upgrade a server
+     apt: upgrade=dist
+
+# Reboot if required
+# 
+#   - name: Check if a reboot is required
+#     register: file
+#     stat: path=/var/run/reboot-required get_md5=no
+#   - name: Reboot the server
+#     command: /sbin/reboot
+#     when: file.stat.exists == true
diff --git a/first_run.yml b/first_run.yml
new file mode 100644
index 0000000..9347c37
--- /dev/null
+++ b/first_run.yml
@@ -0,0 +1,22 @@
+---
+
+# Intended to be run once for every new server to secure the ssh connection allowing the team access
+# with their public keys. This script will lock itself out from every server it is run on.
+# Further playbooks are intended to be run by logging in as one of the created users.
+# It also ensures python2 is installed as it's necessary for the modules used in this playbook at
+# the time of this writing.
+
+# The used login data depends on the used server provider. In most cases the ansible_user will be
+# root, but we can't safely assume anything.
+# The following line is an example for securing a new vagrant maching, after running `vagrant up`:
+# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key'
+# For real providers it could look like:
+# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa'
+# If you don't have a ssh-key on the server and the server expects password authentication use:
+# ansible-playbook first_run.yml -i hosts -u root --ask-pass
+
+- hosts: first_run
+  roles:
+    - { role: ansible_dependencies }
+#    - { role: sudo_users }
+#    - { role: sshd_config }
diff --git a/git.yml b/git.yml
new file mode 100644
index 0000000..fece5e6
--- /dev/null
+++ b/git.yml
@@ -0,0 +1,65 @@
+---
+
+- hosts: ubuntu-pcs
+
+  tasks:
+  - name: Install/Update repository admin-stuff
+    git:
+      repo: https://git.oopen.de/script/admin-stuff
+      dest: /root/bin/admin-stuff
+    with_items:
+      - admin-stuff
+      - monitoring
+      - postfix
+
+
+- hosts: fileserver
+
+  tasks:
+  - name: Install/Update script repositories
+    git:
+      repo: https://git.oopen.de/script/{{ item }}
+      dest: /root/bin/{{ item }}
+    with_items:
+      - admin-stuff
+      - monitoring
+      - postfix
+      - samba
+
+  - name: Install/Update repository mailsystem
+    git:
+      repo: https://git.oopen.de/install/mailsystem
+      dest: /usr/local/src/mailsystem
+
+
+- hosts: gateway
+
+  tasks:
+  - name: Install/Update script repositories
+    git:
+      repo: https://git.oopen.de/script/{{ item }}
+      dest: /root/bin/{{ item }}
+    with_items:
+      - admin-stuff
+      - manage-gw-config
+      - monitoring
+      - postfix
+
+  - name: Install/Update install repositories
+    git:
+      repo: https://git.oopen.de/install/{{ item }}
+      dest: /usr/local/src/{{ item }}
+    with_items:
+      - mailsystem
+      - openvpn
+
+  - name: Install/Update repository ipt-gateway
+    git:
+      repo: https://git.oopen.de/firewall/ipt-gateway
+      dest: /usr/local/src/ipt-gateway
+
+  - name: Install/Update repository check_net
+    git:
+      repo: https://git.oopen.de/routing/check_net
+      dest: /usr/local/src/check_net
+
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..78608d6
--- /dev/null
+++ b/hosts
@@ -0,0 +1,18 @@
+
+[fileserver]
+file-ro.ro.netz
+
+[gateway]
+gw-ro.ro.netz
+
+[ubuntu-pcs]
+pc101.ro.netz
+pc102.ro.netz
+pc103.ro.netz
+pc104.ro.netz
+pc105.ro.netz
+pc106.ro.netz
+pc108.ro.netz
+pc109.ro.netz
+
+[first_run]
diff --git a/poweroff-clients.yml b/poweroff-clients.yml
new file mode 100644
index 0000000..884b3f3
--- /dev/null
+++ b/poweroff-clients.yml
@@ -0,0 +1,8 @@
+---
+  
+- hosts: ubuntu-pcs
+
+  tasks:
+  - name: Power off client pcs
+    shell: /sbin/poweroff
+
diff --git a/roles/ansible_dependencies/tasks/main.yml b/roles/ansible_dependencies/tasks/main.yml
new file mode 100644
index 0000000..b7cd5db
--- /dev/null
+++ b/roles/ansible_dependencies/tasks/main.yml
@@ -0,0 +1,5 @@
+- name: Ensure aptitude is present
+  raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
+
+- name: Ensure python2 is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)