ansible/sprachenatelier
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2021-11-10 15:53:08 +01:00
parent 2ac714acc5
commit a9579060a4
9 changed files with 111 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
roles/common/tasks/apt.yml
View File

@ -65,6 +65,7 @@
name: "{{ apt_initial_install_stretch }}" name: "{{ apt_initial_install_stretch }}"
state: "{{ apt_install_state }}" state: "{{ apt_install_state }}"
when: when:
- apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
- ansible_facts['distribution'] == "Debian" - ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9" - ansible_facts['distribution_major_version'] == "9"
tags: tags:
@ -76,12 +77,25 @@
name: "{{ apt_initial_install_buster }}" name: "{{ apt_initial_install_buster }}"
state: "{{ apt_install_state }}" state: "{{ apt_install_state }}"
when: when:
- apt_initial_install_buster is defined and apt_initial_install_buster|length > 0
- ansible_facts['distribution'] == "Debian" - ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" - ansible_facts['distribution_major_version'] == "10"
tags: tags:
- apt-initial-install - apt-initial-install
- name: (apt.yml) Initial install debian packages (bullseye)
apt:
name: "{{ apt_initial_install_bullseye }}"
state: "{{ apt_install_state }}"
when:
- apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "11"
tags:
- apt-initial-install
- name: (apt.yml) Initial install ubuntu packages (bionic) - name: (apt.yml) Initial install ubuntu packages (bionic)
apt: apt:
name: "{{ apt_initial_install_bionic }}" name: "{{ apt_initial_install_bionic }}"
@ -122,30 +136,15 @@
- apt-microcode - apt-microcode
- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch) - name: (apt.yml) Install CPU microcode (debian buster/bullseye)
apt:
name: "{{ microcode_amd_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
when:
- apt_backports_enable
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
- ansible_facts['processor']|string is search("AMD")
tags:
- apt-initial-install
- apt-microcode
- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
apt: apt:
name: "{{ microcode_intel_package }}" name: "{{ microcode_intel_package }}"
state: present state: present
default_release: "{{ ansible_distribution_release }}" default_release: "{{ ansible_distribution_release }}"
when: when:
- apt_debian_contrib_nonfree_enable
- ansible_facts['distribution'] == "Debian" - ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
- ansible_facts['processor']|string is search("Intel") - ansible_facts['processor']|string is search("Intel")
tags: tags:
- apt-initial-install - apt-initial-install
@ -239,6 +238,7 @@
- apt-initial-install - apt-initial-install
- apt-firmware - apt-firmware
- name: (apt.yml) Install Firmware packages (Debian) - name: (apt.yml) Install Firmware packages (Debian)
apt: apt:
name: "{{ firmware_packages_debian }}" name: "{{ firmware_packages_debian }}"

6
roles/common/tasks/luks.yml Normal file
View File

@ -0,0 +1,6 @@
- name: (luks.ym) add new key to the LUKS container (container has to exist)
luks_device:
device: "{{ luks_device }}"
keyfile: "{{ role_path + '/files/vault/luks_default_passwd' }}"
new_keyfile: "{{ role_path + '/files/vault/luks_chris_passwd' }}"

7
roles/common/tasks/main.yml
View File

@ -101,6 +101,13 @@
- samba-remove-user - samba-remove-user
# tags supported inside system-remove-user.yml:
#
- import_tasks: system-remove-user.yml
tags:
- system-remove-user
# tags supported inside system-user.yml: # tags supported inside system-user.yml:
# #
# system-user # system-user

17
roles/common/tasks/nfs.yml
View File

@ -44,6 +44,23 @@
tags: tags:
- nfs-server - nfs-server
- name: Enable service rpc-statd and ensure it is not masked
systemd:
name: rpc-statd
enabled: yes
masked: no
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
- name: Make sure service rpc-statd is running
systemd:
state: started
name: rpc-statd
when:
- "groups['nfs_server']|string is search(inventory_hostname)"
tags:
- nfs-server
# --- # ---
# NFS clients # NFS clients
# --- # ---

54
roles/common/tasks/nis-user.yml
View File

@ -1,32 +1,32 @@
--- ---
# --- ## # ---
# - Remove unwanted users ## # - Remove unwanted users
# --- ## # ---
##
- name: (nis_user.yml) Remove (old) users from system ## - name: (nis_user.yml) Remove (old) users from system
user: ## user:
name: '{{ item.name }}' ## name: '{{ item.name }}'
state: absent ## state: absent
with_items: ## with_items:
- "{{ remove_nis_users }}" ## - "{{ remove_nis_users }}"
loop_control: ## loop_control:
label: '{{ item.name }}' ## label: '{{ item.name }}'
tags: ## tags:
- nis-user ## - nis-user
- system-user ## - system-user
##
- name: (nis_user.yml) Remove home directory from deleted users ## - name: (nis_user.yml) Remove home directory from deleted users
file: ## file:
path: '{{ nis_base_home }}/{{ item.name }}' ## path: '{{ nis_base_home }}/{{ item.name }}'
state: absent ## state: absent
with_items: ## with_items:
- "{{ remove_nis_users }}" ## - "{{ remove_nis_users }}"
loop_control: ## loop_control:
label: '{{ item.name }}' ## label: '{{ item.name }}'
tags: ## tags:
- nis-user ## - nis-user
- system-user ## - system-user
# --- # ---
# - default user/groups # - default user/groups

121
roles/common/tasks/nis_samba_user.yml
View File

@ -1,121 +0,0 @@
---
# ---
# - Remove unwanted users
# ---
- name: (nis_samba_user.yml) Check if samba user exists for removable nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_deleted_user_present
changed_when: "samba_deleted_user_present.rc == 0"
failed_when: "samba_deleted_user_present.rc > 1"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- samba-user
- name: (nis_samba_user.yml) Remove (old) users from samba
shell: "smbpasswd -s -x {{ item.name }}"
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
when: samba_deleted_user_present is changed
tags:
- samba-user
- name: (nis_samba_user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (nis_samba_user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ nis_deleted_user }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
# ---
# - default user/groups
# ---
- name: (nis_samba_user.yml) Ensure nis groups exists
group:
name: '{{ item.name }}'
state: present
gid: '{{ item.group_id | default(omit) }}'
loop: "{{ nis_groups }}"
loop_control:
label: '{{ item.name }}'
when: item.group_id is defined
notify: Renew nis databases
tags:
- nis-user
- system-user
#- meta: end_host
- name: (nis_samba_user.yml) Ensure nis users exists
user:
name: '{{ item.name }}'
state: present
uid: '{{ item.user_id | default(omit) }}'
#group: '{{ item.0.name | default(omit) }}'
groups: "{{ item.groups|join(', ') }}"
home: '{{ nis_base_home }}/{{ item.name }}'
shell: '{{ item.shell|d("/bin/bash") }}'
password: "{{ item.password | password_hash('sha512') }}"
update_password: on_create
append: yes
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
notify: Renew nis databases
tags:
- nis-user
- system-user
- name: (nis_samba_user.yml) Check if samba user exists for nis user
shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
register: samba_nis_user_present
changed_when: "samba_nis_user_present.rc > 0"
failed_when: "samba_nis_user_present.rc > 1"
with_items:
- "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
tags:
- samba-user
- name: (nis_samba_user.yml) Add nis user to samba (with nis users password)
shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}"
loop: "{{ nis_user }}"
loop_control:
label: '{{ item.name }}'
when:
- item.is_samba_user is defined and item.is_samba_user|bool
- samba_nis_user_present is changed
notify: Renew nis databases
tags:
- samba-user

29
roles/common/tasks/system-remove-user.yml Normal file
View File

@ -0,0 +1,29 @@
---
# ---
# - Remove unwanted users
# ---
- name: (system-remove-user.yml) Remove (old) users from system
user:
name: '{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user
- name: (system-remove-user.yml) Remove home directory from deleted users
file:
path: '{{ nis_base_home }}/{{ item.name }}'
state: absent
with_items:
- "{{ remove_nis_users }}"
loop_control:
label: '{{ item.name }}'
tags:
- nis-user
- system-user

4
roles/common/tasks/ubuntu-x11vnc-2004-amd64.yml
View File

@ -45,7 +45,9 @@
- name: "(ubuntu-x11vnc-2004-amd64.yml) Set permissions on /etc/x11vnc.pass" - name: "(ubuntu-x11vnc-2004-amd64.yml) Set permissions on /etc/x11vnc.pass"
file: file:
path: "/etc/x11vnc.pass" path: /etc/x11vnc.pass
owner: root
group: root
mode: 0644 mode: 0644
- name: "(ubuntu-x11vnc-2004-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service" - name: "(ubuntu-x11vnc-2004-amd64.yml) Transfer x11vnc.service.j2 to /lib/systemd/system/x11vnc.service"