Initial commit

2019-06-04 03:20:59 +02:00 · 2019-06-04 03:20:59 +02:00 · 06523efab1
commit 06523efab1
8 changed files with 172 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 *.swp
 *.retry
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,35 @@
 # config file for ansible -- http://ansible.com/
 # ==============================================
 # exmaple:https://raw.github.com/ansible/ansible/devel/examples/ansible.cfg
 #
 # nearly all parameters can be overridden in ansible-playbook
 # or with command line flags. ansible will read ANSIBLE_CONFIG,
 # ansible.cfg in the current working directory, .ansible.cfg in
 # the home directory or /etc/ansible/ansible.cfg, whichever it
 # finds first
 [defaults]
 ansible_managed = Ansible managed file, do not edit directly
 #gathering = smart
 #fact_caching = jsonfile
 #fact_caching_connection = ~/.cache/
 #fact_caching_timeout = 86400
 #forks = 20
 inventory = ./hosts
 #remote_user = ansible
 #roles_path = ./roles
 #vault_password_file = open_the_vault.sh
 #retry_files_enabled = False
 #allow_world_readable_tmpfiles = True
 [privilege_escalation]
 become=True
 become_method=sudo
 become_ask_pass=True
 [ssh_connection]
 # By default, this option is disabled to preserve compatibility with
 # sudoers configurations that have requiretty (the default on many distros).
 #
 #pipelining = True
--- a/apt-upgrade.yml
+++ b/apt-upgrade.yml
@ -0,0 +1,17 @@
 ---
 - hosts: all
  tasks:
   - name: updates a server
     apt: update_cache=yes
   - name: upgrade a server
     apt: upgrade=dist
 # Reboot if required
 # 
 #   - name: Check if a reboot is required
 #     register: file
 #     stat: path=/var/run/reboot-required get_md5=no
 #   - name: Reboot the server
 #     command: /sbin/reboot
 #     when: file.stat.exists == true
--- a/first_run.yml
+++ b/first_run.yml
@ -0,0 +1,22 @@
 ---
 # Intended to be run once for every new server to secure the ssh connection allowing the team access
 # with their public keys. This script will lock itself out from every server it is run on.
 # Further playbooks are intended to be run by logging in as one of the created users.
 # It also ensures python2 is installed as it's necessary for the modules used in this playbook at
 # the time of this writing.
 # The used login data depends on the used server provider. In most cases the ansible_user will be
 # root, but we can't safely assume anything.
 # The following line is an example for securing a new vagrant maching, after running `vagrant up`:
 # ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key'
 # For real providers it could look like:
 # ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa'
 # If you don't have a ssh-key on the server and the server expects password authentication use:
 # ansible-playbook first_run.yml -i hosts -u root --ask-pass
 - hosts: first_run
  roles:
    - { role: ansible_dependencies }
 #    - { role: sudo_users }
 #    - { role: sshd_config }
--- a/git.yml
+++ b/git.yml
@ -0,0 +1,65 @@
 ---
 - hosts: ubuntu-pcs
  tasks:
  - name: Install/Update repository admin-stuff
    git:
      repo: https://git.oopen.de/script/admin-stuff
      dest: /root/bin/admin-stuff
    with_items:
      - admin-stuff
      - monitoring
      - postfix
 - hosts: fileserver
  tasks:
  - name: Install/Update script repositories
    git:
      repo: https://git.oopen.de/script/{{ item }}
      dest: /root/bin/{{ item }}
    with_items:
      - admin-stuff
      - monitoring
      - postfix
      - samba
  - name: Install/Update repository mailsystem
    git:
      repo: https://git.oopen.de/install/mailsystem
      dest: /usr/local/src/mailsystem
 - hosts: gateway
  tasks:
  - name: Install/Update script repositories
    git:
      repo: https://git.oopen.de/script/{{ item }}
      dest: /root/bin/{{ item }}
    with_items:
      - admin-stuff
      - manage-gw-config
      - monitoring
      - postfix
  - name: Install/Update install repositories
    git:
      repo: https://git.oopen.de/install/{{ item }}
      dest: /usr/local/src/{{ item }}
    with_items:
      - mailsystem
      - openvpn
  - name: Install/Update repository ipt-gateway
    git:
      repo: https://git.oopen.de/firewall/ipt-gateway
      dest: /usr/local/src/ipt-gateway
  - name: Install/Update repository check_net
    git:
      repo: https://git.oopen.de/routing/check_net
      dest: /usr/local/src/check_net
--- a/18
+++ b/18
@ -0,0 +1,18 @@
 [fileserver]
 file-ro.ro.netz
 [gateway]
 gw-ro.ro.netz
 [ubuntu-pcs]
 pc101.ro.netz
 pc102.ro.netz
 pc103.ro.netz
 pc104.ro.netz
 pc105.ro.netz
 pc106.ro.netz
 pc108.ro.netz
 pc109.ro.netz
 [first_run]
--- a/poweroff-clients.yml
+++ b/poweroff-clients.yml
@ -0,0 +1,8 @@
 ---
 - hosts: ubuntu-pcs
  tasks:
  - name: Power off client pcs
    shell: /sbin/poweroff
--- a/roles/ansible_dependencies/tasks/main.yml
+++ b/roles/ansible_dependencies/tasks/main.yml
@ -0,0 +1,5 @@
 - name: Ensure aptitude is present
  raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
 - name: Ensure python2 is present (This is necessary for ansible to work properly)
  raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)