diff --git a/files/etcbackup.sh b/files/etcbackup.sh deleted file mode 100644 index 6ee8d1a..0000000 --- a/files/etcbackup.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -BACKUPPATH=/var/backups -BACKUPFILE=etc.`hostname`.`date +%F`.tar.gz - -tar -czf $BACKUPPATH/$BACKUPFILE -C / etc -chmod 0640 $BACKUPPATH/$BACKUPFILE - -find $BACKUPPATH -name "etc.*.tar.gz" -mtime +28 -delete diff --git a/files/history.sh b/files/history.sh deleted file mode 100644 index 7c97ebe..0000000 --- a/files/history.sh +++ /dev/null @@ -1,6 +0,0 @@ -if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then - export HISTSIZE=2000 - export HISTFILESIZE=2000 - export HISTTIMEFORMAT='%F %T ' - shopt -s histappend -fi diff --git a/files/postfix_master.cf.patch.redhat9 b/files/postfix_master.cf.patch.redhat9 new file mode 100644 index 0000000..5b2cbad --- /dev/null +++ b/files/postfix_master.cf.patch.redhat9 @@ -0,0 +1,66 @@ +--- master.cf.orig 2025-01-11 03:03:36.486240098 +0100 ++++ master.cf 2025-01-11 03:08:16.675586910 +0100 +@@ -9,7 +9,8 @@ + # service type private unpriv chroot wakeup maxproc command + args + # (yes) (yes) (no) (never) (100) + # ========================================================================== +-smtp inet n - n - - smtpd ++#smtp inet n - n - - smtpd ++localhost:smtp inet n - n - - smtpd + #smtp inet n - n - 1 postscreen + #smtpd pass - - n - - smtpd + #dnsblog unix - - n - 0 dnsblog +@@ -81,53 +82,3 @@ + #maildrop unix - n n - - pipe + # flags=DRXhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} + # +-# ==================================================================== +-# +-# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +-# +-# Specify in cyrus.conf: +-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +-# +-# Specify in main.cf one or more of the following: +-# mailbox_transport = lmtp:inet:localhost +-# virtual_transport = lmtp:inet:localhost +-# +-# ==================================================================== +-# +-# Cyrus 2.1.5 (Amos Gouaux) +-# Also specify in main.cf: cyrus_destination_recipient_limit=1 +-# +-#cyrus unix - n n - - pipe +-# flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} +-# +-# ==================================================================== +-# +-# Old example of delivery via Cyrus. +-# +-#old-cyrus unix - n n - - pipe +-# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} +-# +-# ==================================================================== +-# +-# See the Postfix UUCP_README file for configuration details. +-# +-#uucp unix - n n - - pipe +-# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +-# +-# ==================================================================== +-# +-# Other external delivery methods. +-# +-#ifmail unix - n n - - pipe +-# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +-# +-#bsmtp unix - n n - - pipe +-# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +-# +-#scalemail-backend unix - n n - 2 pipe +-# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +-# ${nexthop} ${user} ${extension} +-# +-#mailman unix - n n - - pipe +-# flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +-# ${nexthop} ${user} diff --git a/files/sysstat_minutely.patch b/files/sysstat_minutely.patch deleted file mode 100644 index c5bef8f..0000000 --- a/files/sysstat_minutely.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- sysstat.ori 2017-09-18 00:57:17.685443243 +0200 -+++ sysstat 2017-09-18 00:57:32.997442999 +0200 -@@ -2,8 +2,8 @@ - # script is located - PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin - --# Activity reports every 10 minutes everyday --5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 -+# Activity reports -+* * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 - - # Additional run at 23:59 to rotate the statistics file - 59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2 diff --git a/tasks/debian.yml b/tasks/debian.yml new file mode 100644 index 0000000..9281a51 --- /dev/null +++ b/tasks/debian.yml @@ -0,0 +1,340 @@ +--- +############################################################################## +# debian / ubuntu + +- name: apt.conf proxy + lineinfile: + dest: /etc/apt/apt.conf + regexp: '^Acquire::http::Proxy' + line: 'Acquire::http::Proxy "{{ aptproxy }}";' + create: yes + when: + - aptproxy is defined + +- name: remove nano + tags: apt + apt: + name: nano + state: absent + purge: yes + +- name: remove ubuntu cloud init, etc. + tags: apt + apt: + name: + - cloud-init + - cloud-guest-utils + - cloud-initramfs-dyn-netconf + - cloud-initramfs-copymods + - netplan.io + state: absent + purge: yes + when: + - ansible_distribution == "Ubuntu" + +- name: disable systemd-networkd-wait-online.service on ubuntu + service: + name: systemd-networkd-wait-online.service + enabled: false + when: + - ansible_distribution == "Ubuntu" + +- name: apt sources.list debian5 + copy: + src: sources.list.lenny + dest: /etc/apt/sources.list + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "5" + tags: apt + +- name: apt.conf allow-unauthenticated debian5 + lineinfile: + dest: /etc/apt/apt.conf + line: 'APT::Get::AllowUnauthenticated "true";' + create: yes + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "5" + tags: apt + +- name: apt sources.list debian6 + copy: + src: sources.list.squeeze + dest: /etc/apt/sources.list + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "6" + tags: apt + +- name: apt.conf check-valid-until debian6 + lineinfile: + dest: /etc/apt/apt.conf + line: 'Acquire::Check-Valid-Until "0";' + create: yes + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "6" + tags: apt + +- name: apt sources.list debian8 + tags: apt + copy: + src: sources.list.jessie + dest: /etc/apt/sources.list + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "8" + +- name: apt sources.list debian9 + tags: apt + copy: + src: sources.list.stretch + dest: /etc/apt/sources.list + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "9" + +- name: apt sources.list debian10 + tags: apt + copy: + src: sources.list.buster + dest: /etc/apt/sources.list + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "10" + +- name: apt sources.list debian11 + tags: apt + copy: + src: sources.list.bullseye + dest: /etc/apt/sources.list + when: + - (ansible_distribution == "Debian" and ansible_distribution_major_version == "11") + +- name: apt sources.list debian12 + tags: apt + copy: + src: sources.list.bookworm + dest: /etc/apt/sources.list + when: + - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() == 12) + +- name: apt.conf allow unauthenticated debian8 + tags: apt + lineinfile: + dest: /etc/apt/apt.conf + regexp: '^APT::Get::AllowUnauthenticated' + line: 'APT::Get::AllowUnauthenticated "1";' + create: yes + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "8" + +- name: apt.conf allow expired debian8 + tags: apt + lineinfile: + dest: /etc/apt/apt.conf + regexp: '^Acquire::Check-Valid-Until' + line: 'Acquire::Check-Valid-Until "0";' + create: yes + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "8" + +# ha veletlenul /dev/sdb lesz a bootdisk, elhasalna a grub-pc non-interacive +# upgrade-je a kovetkezo lepesben +- name: set debconf grub-pc/install_devices to /dev/sdb if needed + tags: apt + shell: 'mount | grep -q "/dev/sdb1 .* /boot" && (echo "set grub-pc/install_devices /dev/sdb" | debconf-communicate) || true' + +- name: apt update + tags: apt + apt: + update_cache: yes + +- name: install packages + tags: apt + apt: + name: aptitude + state: present + +- name: apt full-upgrade + tags: apt + apt: + upgrade: full + +- name: reset grub-pc/install_devices if changed 4 steps earlier + tags: apt + shell: 'mount | grep -q "/dev/sdb1 .* /boot" && (echo "set grub-pc/install_devices /dev/sda" | debconf-communicate) || true' + +- name: install common packages for all opsys versions + tags: apt + apt: + name: + - bind9-host + - bzip2 + - curl + - file + - git + - bsd-mailx + - iotop + - libpam-systemd + - locales + - lsof + - make + - mc + - mtr-tiny + - ngrep + - openssl + - parted + - patch + - postfix + - psmisc + - pwgen + - rename + - rsync + - screen + - strace + - subversion + - sysstat + - tcpdump + - telnet + - unzip + - vim + - w3m + - xz-utils + - zip + - libfile-slurp-perl + - libjson-perl + - net-tools + - man + - ifupdown + - mosh + - python3-redis + state: present + +- name: install packages for debian0-11 ubuntu20 + tags: apt + apt: + name: + - ntp + - ntpdate + - mlocate + state: present + when: + - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20) + +- name: install packages for debian0-10 + tags: apt + apt: + name: + - dnsutils + state: present + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version|int() <= 10 + +- name: install packages for debian11-99 ubuntu20-99 + tags: apt + apt: + name: + - bind9-dnsutils + - rsyslog + - plocate + state: present + when: + - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) + +- name: install packages for debian12-99 ubuntu22-99 + tags: apt + apt: + name: + - ntpsec + - ntpsec-ntpdate + state: present + when: + - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) + +- name: install packages for ubuntu22-99 + tags: apt + apt: + name: + - iputils-ping + state: present + when: + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) + +- name: open-vm-tools + apt: + name: open-vm-tools + state: present + purge: yes + tags: + - vmware + - apt + +- name: copy pf6 package + tags: pf6 + copy: + src: pf6_1_all.deb + dest: /tmp + +- name: install pf6 package + tags: pf6 + apt: + deb: /tmp/pf6_1_all.deb + +- name: grub defaults, debian8 + tags: grub + patch: + src: default_grub.patch.jessie + dest: /etc/default/grub + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "8" + +- name: grub defaults, debian9-11 + tags: grub + patch: + src: default_grub.patch.stretch + dest: /etc/default/grub + when: + - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12) + +- name: grub defaults, debian12-99 + tags: grub + patch: + src: default_grub.patch.bookworm + dest: /etc/default/grub + when: + - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) + +- name: grub defaults, ubuntu20-99 + tags: grub + lineinfile: + path: /etc/default/grub + regexp: "^GRUB_CMDLINE_LINUX=" + line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' + when: + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) + +- name: update-grub + tags: grub + command: update-grub + +- name: edit locale.gen + tags: locales + replace: + dest: /etc/locale.gen + regexp: '^#\s*(hu_HU|en_US)' + replace: '\1' + +- name: run locale-gen + tags: locales + command: locale-gen + +# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: diff --git a/tasks/main.yml b/tasks/main.yml index 1edfe45..0db1332 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -9,279 +9,18 @@ shell: 'mv /tmp/ /old-tmp; mkdir /tmp; mount /tmp; mv /old-tmp /tmp' when: fstab_tmp.changed -- name: apt.conf proxy - lineinfile: - dest: /etc/apt/apt.conf - regexp: '^Acquire::http::Proxy' - line: 'Acquire::http::Proxy "{{ aptproxy }}";' - create: yes - when: - - aptproxy is defined +############################################################################## +# debian-ubuntu /redhat -- name: remove nano - tags: apt - apt: - name: nano - state: absent - purge: yes +- name: include debian/ubuntu specific + include_tasks: debian.yml + when: (ansible_distribution == "Debian" or ansible_distribution == "Ubuntu") -- name: remove ubuntu cloud init, etc. - tags: apt - apt: - name: - - cloud-init - - cloud-guest-utils - - cloud-initramfs-dyn-netconf - - cloud-initramfs-copymods - - netplan.io - state: absent - purge: yes - when: - - ansible_distribution == "Ubuntu" +- name: include redhat specific + include_tasks: redhat.yml + when: ansible_distribution == "RedHat" -- name: disable systemd-networkd-wait-online.service on ubuntu - service: - name: systemd-networkd-wait-online.service - enabled: false - when: - - ansible_distribution == "Ubuntu" - -- name: apt sources.list debian5 - copy: - src: sources.list.lenny - dest: /etc/apt/sources.list - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "5" - tags: apt - -- name: apt.conf allow-unauthenticated debian5 - lineinfile: - dest: /etc/apt/apt.conf - line: 'APT::Get::AllowUnauthenticated "true";' - create: yes - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "5" - tags: apt - -- name: apt sources.list debian6 - copy: - src: sources.list.squeeze - dest: /etc/apt/sources.list - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "6" - tags: apt - -- name: apt.conf check-valid-until debian6 - lineinfile: - dest: /etc/apt/apt.conf - line: 'Acquire::Check-Valid-Until "0";' - create: yes - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "6" - tags: apt - -- name: apt sources.list debian8 - tags: apt - copy: - src: sources.list.jessie - dest: /etc/apt/sources.list - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "8" - -- name: apt sources.list debian9 - tags: apt - copy: - src: sources.list.stretch - dest: /etc/apt/sources.list - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "9" - -- name: apt sources.list debian10 - tags: apt - copy: - src: sources.list.buster - dest: /etc/apt/sources.list - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "10" - -- name: apt sources.list debian11 - tags: apt - copy: - src: sources.list.bullseye - dest: /etc/apt/sources.list - when: - - (ansible_distribution == "Debian" and ansible_distribution_major_version == "11") - -- name: apt sources.list debian12 - tags: apt - copy: - src: sources.list.bookworm - dest: /etc/apt/sources.list - when: - - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() == 12) - -- name: apt.conf allow unauthenticated debian8 - tags: apt - lineinfile: - dest: /etc/apt/apt.conf - regexp: '^APT::Get::AllowUnauthenticated' - line: 'APT::Get::AllowUnauthenticated "1";' - create: yes - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "8" - -- name: apt.conf allow expired debian8 - tags: apt - lineinfile: - dest: /etc/apt/apt.conf - regexp: '^Acquire::Check-Valid-Until' - line: 'Acquire::Check-Valid-Until "0";' - create: yes - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "8" - -# ha veletlenul /dev/sdb lesz a bootdisk, elhasalna a grub-pc non-interacive -# upgrade-je a kovetkezo lepesben -- name: set debconf grub-pc/install_devices to /dev/sdb if needed - tags: apt - shell: 'mount | grep -q "/dev/sdb1 .* /boot" && (echo "set grub-pc/install_devices /dev/sdb" | debconf-communicate) || true' - -- name: apt update - tags: apt - apt: - update_cache: yes - -- name: install packages - tags: apt - apt: - name: aptitude - state: present - -- name: apt full-upgrade - tags: apt - apt: - upgrade: full - -- name: reset grub-pc/install_devices if changed 4 steps earlier - tags: apt - shell: 'mount | grep -q "/dev/sdb1 .* /boot" && (echo "set grub-pc/install_devices /dev/sda" | debconf-communicate) || true' - -- name: install common packages for all opsys versions - tags: apt - apt: - name: - - bind9-host - - bzip2 - - curl - - file - - git - - bsd-mailx - - iotop - - libpam-systemd - - locales - - lsof - - make - - mc - - mtr-tiny - - ngrep - - openssl - - parted - - patch - - postfix - - psmisc - - pwgen - - rename - - rsync - - screen - - strace - - subversion - - sysstat - - tcpdump - - telnet - - unzip - - vim - - w3m - - xz-utils - - zip - - libfile-slurp-perl - - libjson-perl - - net-tools - - man - - ifupdown - - mosh - state: present - -- name: install packages for debian0-11 ubuntu20 - tags: apt - apt: - name: - - ntp - - ntpdate - - mlocate - state: present - when: - - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20) - -- name: install packages for debian0-10 - tags: apt - apt: - name: - - dnsutils - state: present - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version|int() <= 10 - -- name: install packages for debian11-99 ubuntu20-99 - tags: apt - apt: - name: - - bind9-dnsutils - - rsyslog - - plocate - state: present - when: - - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) - -- name: install packages for debian12-99 ubuntu22-99 - tags: apt - apt: - name: - - ntpsec - - ntpsec-ntpdate - state: present - when: - - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) - -- name: install packages for ubuntu22-99 - tags: apt - apt: - name: - - iputils-ping - state: present - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) - -- name: open-vm-tools - apt: - name: open-vm-tools - state: present - purge: yes - tags: - - vmware - - apt +############################################################################## - name: remove install user user: @@ -294,90 +33,12 @@ path: /home/install state: absent -- name: "remove our key from root's authorized_keys" +- name: "remove our key from root's authorized_keys (will use ansible user in future)" authorized_key: user: root state: absent key: "{{ mgmt_ssh_key }}" -- name: "disable sshd X11Forwarding" - copy: - content: "X11Forwarding no" - dest: /etc/ssh/sshd_config.d/x11forwarding.conf - -- name: copy pf6 package - tags: pf6 - copy: - src: pf6_1_all.deb - dest: /tmp - -- name: install pf6 package - tags: pf6 - apt: - deb: /tmp/pf6_1_all.deb - -- name: sysstat enable - tags: sysstat - lineinfile: - dest: /etc/default/sysstat - regexp: "^ENABLED=" - line: 'ENABLED="true"' - -- name: sysstat every minute - tags: sysstat - patch: - src: sysstat_minutely.patch - dest: /etc/cron.d/sysstat - -- name: grub defaults, debian8 - tags: grub - patch: - src: default_grub.patch.jessie - dest: /etc/default/grub - when: - - ansible_distribution == "Debian" - - ansible_distribution_major_version == "8" - -- name: grub defaults, debian9-11 - tags: grub - patch: - src: default_grub.patch.stretch - dest: /etc/default/grub - when: - - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12) - -- name: grub defaults, debian12-99 - tags: grub - patch: - src: default_grub.patch.bookworm - dest: /etc/default/grub - when: - - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) - -- name: grub defaults, ubuntu20-99 - tags: grub - lineinfile: - path: /etc/default/grub - regexp: "^GRUB_CMDLINE_LINUX=" - line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' - when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) - -- name: update-grub - tags: grub - command: update-grub - -- name: edit locale.gen - tags: locales - replace: - dest: /etc/locale.gen - regexp: '^#\s*(hu_HU|en_US)' - replace: '\1' - -- name: run locale-gen - tags: locales - command: locale-gen - - name: find ntp.conf tags: ntp command: "find /etc -name ntp.conf" @@ -462,6 +123,40 @@ when: - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) +- name: postfix master.cf redhat + tags: postfix + patch: + src: postfix_master.cf.patch.redhat9 + dest: /etc/postfix/master.cf + when: + - ansible_distribution == "RedHat" + +- name: enable postfix service on redhat + tags: postfix + systemd_service: + name: postfix + enabled: yes + when: + - ansible_distribution == "RedHat" + +- name: postfix inet_protocols ipv4 (redhat) + tags: postfix + lineinfile: + dest: /etc/postfix/main.cf + regexp: '^inet_protocols\s' + line: "inet_protocols = ipv4" + when: + - ansible_distribution == "RedHat" + +- name: postfix myhostname (redhat) + tags: postfix + lineinfile: + dest: /etc/postfix/main.cf + regexp: '^myhostname\s' + line: "myhostname = {{ hostname }}.{{ domain }}" + when: + - ansible_distribution == "RedHat" + - name: postfix relayhost tags: postfix lineinfile: @@ -515,24 +210,11 @@ mode: 0644 content: "export VTYSH_PAGER='less -F'\n" -- name: bash history - copy: - src: history.sh - dest: /etc/profile.d/history.sh - mode: 0644 - -- name: etcbackup - copy: - src: etcbackup.sh - dest: /usr/local/sbin/etcbackup.sh - mode: 0755 - -- name: etcbackup cron +- name: set vm swappiness lineinfile: - dest: /etc/cron.d/etcbackup - regexp: "/usr/local/sbin/etcbackup.sh" - line: "50 22 * * * root /usr/local/sbin/etcbackup.sh" + dest: /etc/sysctl.d/swappiness.conf + regexp: '^vm.swappiness\s=' + line: "vm.swappiness = 2" create: yes - # vim: set tabstop=2 shiftwidth=2 expandtab smarttab: diff --git a/tasks/redhat.yml b/tasks/redhat.yml new file mode 100644 index 0000000..0927b1e --- /dev/null +++ b/tasks/redhat.yml @@ -0,0 +1,83 @@ +--- +############################################################################## +# redhat + +- name: dnf update + tags: dnf + dnf: + state: latest + update_only: yes + +- name: install packages + tags: dnf + dnf: + name: + - bind-utils + - bzip2 + - git + - s-nail + - iotop + - lsof + - make + - mc + - mtr + - patch + - postfix + - rsync + - strace + - sysstat + - tcpdump + - telnet + - zip + - unzip + - vim-enhanced + - perl-File-Slurp + - perl-JSON + - perl-English + - net-tools + - mlocate + - glibc-langpack-hu + - setools-console + - setroubleshoot-server + state: present + +- name: subscription-manager repo change for epel install + tags: dnf + shell: "subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms" + +- name: install epel-release + tags: dnf + dnf: + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm + disable_gpg_check: yes + +- name: install packages, 2nd round + tags: dnf + dnf: + name: + - ntpsec + - ngrep + - pwgen + - screen + - mosh + - w3m + - prename + - python3-redis + +- name: enable ntpd service + systemd_service: + name: ntpd + enabled: true + +- name: remove motd.d/insights-client + file: + path: /etc/motd.d/insights-client + state: absent + +- name: disable firewalld service + systemd_service: + name: firewalld + state: stopped + enabled: false + +# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: