diff --git a/files/etcbackup.sh b/files/etcbackup.sh new file mode 100644 index 0000000..6ee8d1a --- /dev/null +++ b/files/etcbackup.sh @@ -0,0 +1,8 @@ +#!/bin/bash +BACKUPPATH=/var/backups +BACKUPFILE=etc.`hostname`.`date +%F`.tar.gz + +tar -czf $BACKUPPATH/$BACKUPFILE -C / etc +chmod 0640 $BACKUPPATH/$BACKUPFILE + +find $BACKUPPATH -name "etc.*.tar.gz" -mtime +28 -delete diff --git a/files/history.sh b/files/history.sh new file mode 100644 index 0000000..7c97ebe --- /dev/null +++ b/files/history.sh @@ -0,0 +1,6 @@ +if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then + export HISTSIZE=2000 + export HISTFILESIZE=2000 + export HISTTIMEFORMAT='%F %T ' + shopt -s histappend +fi diff --git a/files/postfix_master.cf.patch.ubuntu22.04 b/files/postfix_master.cf.patch.ubuntu22.04 new file mode 100644 index 0000000..aebdd3b --- /dev/null +++ b/files/postfix_master.cf.patch.ubuntu22.04 @@ -0,0 +1,58 @@ +--- master.cf.orig 2022-09-04 21:21:54.582996894 +0000 ++++ master.cf 2022-09-04 21:42:59.260083893 +0000 +@@ -9,7 +9,8 @@ + # service type private unpriv chroot wakeup maxproc command + args + # (yes) (yes) (no) (never) (100) + # ========================================================================== +-smtp inet n - y - - smtpd ++#smtp inet n - y - - smtpd ++localhost:smtp inet n - y - - smtpd + #smtp inet n - y - 1 postscreen + #smtpd pass - - y - - smtpd + #dnsblog unix - - y - 0 dnsblog +@@ -85,45 +86,3 @@ + maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} + # +-# ==================================================================== +-# +-# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +-# +-# Specify in cyrus.conf: +-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +-# +-# Specify in main.cf one or more of the following: +-# mailbox_transport = lmtp:inet:localhost +-# virtual_transport = lmtp:inet:localhost +-# +-# ==================================================================== +-# +-# Cyrus 2.1.5 (Amos Gouaux) +-# Also specify in main.cf: cyrus_destination_recipient_limit=1 +-# +-#cyrus unix - n n - - pipe +-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +-# +-# ==================================================================== +-# Old example of delivery via Cyrus. +-# +-#old-cyrus unix - n n - - pipe +-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +-# +-# ==================================================================== +-# +-# See the Postfix UUCP_README file for configuration details. +-# +-uucp unix - n n - - pipe +- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +-# +-# Other external delivery methods. +-# +-ifmail unix - n n - - pipe +- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +-bsmtp unix - n n - - pipe +- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +-scalemail-backend unix - n n - 2 pipe +- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +-mailman unix - n n - - pipe +- flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} diff --git a/files/sources.list.lenny b/files/sources.list.lenny new file mode 100644 index 0000000..890a4f1 --- /dev/null +++ b/files/sources.list.lenny @@ -0,0 +1,6 @@ +# lenny sources.list - ANSIBLE MANAGED - do not edit! + +deb http://archive.debian.org/debian lenny main non-free contrib +deb-src http://archive.debian.org/debian lenny main non-free contrib + +deb http://archive.debian.org/debian-backports lenny-backports main non-free contrib diff --git a/files/sources.list.squeeze b/files/sources.list.squeeze new file mode 100644 index 0000000..5010896 --- /dev/null +++ b/files/sources.list.squeeze @@ -0,0 +1,9 @@ +# squeeze sources.list - ANSIBLE MANAGED - do not edit! + +deb http://archive.debian.org/debian/ squeeze main non-free contrib +deb-src http://archive.debian.org/debian/ squeeze main non-free contrib + +deb http://archive.debian.org/debian squeeze-lts main contrib non-free +deb-src http://archive.debian.org/debian squeeze-lts main contrib non-free + +deb http://archive.debian.org/debian-backports squeeze-backports main diff --git a/tasks/main.yml b/tasks/main.yml index fef6bdd..d7a5564 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -39,7 +39,52 @@ when: - ansible_distribution == "Ubuntu" -- name: apt sources.list jessie +- name: disable systemd-networkd-wait-online.service on ubuntu + service: + name: systemd-networkd-wait-online.service + enabled: false + when: + - ansible_distribution == "Ubuntu" + +- name: apt sources.list debian5 + copy: + src: sources.list.lenny + dest: /etc/apt/sources.list + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "5" + tags: apt + +- name: apt.conf allow-unauthenticated debian5 + lineinfile: + dest: /etc/apt/apt.conf + line: 'APT::Get::AllowUnauthenticated "true";' + create: yes + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "5" + tags: apt + +- name: apt sources.list debian6 + copy: + src: sources.list.squeeze + dest: /etc/apt/sources.list + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "6" + tags: apt + +- name: apt.conf check-valid-until debian6 + lineinfile: + dest: /etc/apt/apt.conf + line: 'Acquire::Check-Valid-Until "0";' + create: yes + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version == "6" + tags: apt + +- name: apt sources.list debian8 tags: apt copy: src: sources.list.jessie @@ -48,7 +93,7 @@ - ansible_distribution == "Debian" - ansible_distribution_major_version == "8" -- name: apt sources.list stretch +- name: apt sources.list debian9 tags: apt copy: src: sources.list.stretch @@ -57,7 +102,7 @@ - ansible_distribution == "Debian" - ansible_distribution_major_version == "9" -- name: apt sources.list buster +- name: apt sources.list debian10 tags: apt copy: src: sources.list.buster @@ -66,7 +111,7 @@ - ansible_distribution == "Debian" - ansible_distribution_major_version == "10" -- name: apt sources.list bullseye +- name: apt sources.list debian11 tags: apt copy: src: sources.list.bullseye @@ -74,15 +119,15 @@ when: - (ansible_distribution == "Debian" and ansible_distribution_major_version == "11") -- name: apt sources.list bookworm +- name: apt sources.list debian12 tags: apt copy: src: sources.list.bookworm dest: /etc/apt/sources.list when: - - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) + - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() == 12) -- name: apt.conf allow unauthenticated jessie +- name: apt.conf allow unauthenticated debian8 tags: apt lineinfile: dest: /etc/apt/apt.conf @@ -93,7 +138,7 @@ - ansible_distribution == "Debian" - ansible_distribution_major_version == "8" -- name: apt.conf allow expired jessie +- name: apt.conf allow expired debian8 tags: apt lineinfile: dest: /etc/apt/apt.conf @@ -136,7 +181,6 @@ - lsof - make - mc - - mlocate - mtr-tiny - ngrep - openssl @@ -166,18 +210,19 @@ - mosh state: present -- name: install packages for debian -bullseye +- name: install packages for debian0-11 ubuntu20 tags: apt apt: name: - ntp - ntpdate + - mlocate state: present when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20) -- name: install packages for debian buster and older +- name: install packages for debian0-10 tags: apt apt: name: @@ -187,18 +232,19 @@ - ansible_distribution == "Debian" - ansible_distribution_major_version|int() <= 10 -- name: install packages for debian bullseye+ +- name: install packages for debian11-99 ubuntu20-99 tags: apt apt: name: - bind9-dnsutils - rsyslog + - plocate state: present when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) -- name: install packages for debian bookworm+ +- name: install packages for debian12-99 ubuntu22-99 tags: apt apt: name: @@ -206,7 +252,17 @@ - ntpsec-ntpdate state: present when: - - ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12 + - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) + +- name: install packages for ubuntu22-99 + tags: apt + apt: + name: + - iputils-ping + state: present + when: + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) - name: open-vm-tools apt: @@ -258,7 +314,7 @@ src: sysstat_minutely.patch dest: /etc/cron.d/sysstat -- name: grub defaults, jessie +- name: grub defaults, debian8 tags: grub patch: src: default_grub.patch.jessie @@ -267,7 +323,7 @@ - ansible_distribution == "Debian" - ansible_distribution_major_version == "8" -- name: grub defaults, stretch+ +- name: grub defaults, debian9-11 tags: grub patch: src: default_grub.patch.stretch @@ -275,7 +331,7 @@ when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12) -- name: grub defaults, bookworm+ +- name: grub defaults, debian12-99 tags: grub patch: src: default_grub.patch.bookworm @@ -283,7 +339,7 @@ when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) -- name: grub defaults, stretch+ +- name: grub defaults, ubuntu20-99 tags: grub lineinfile: path: /etc/default/grub @@ -312,7 +368,7 @@ command: "find /etc -name ntp.conf" register: find_ntpconf -- name: set ntpconf veriable +- name: set ntpconf variable set_fact: ntpconf: "{{ find_ntpconf.stdout_lines[0] }}" @@ -331,7 +387,7 @@ line: "server {{ ntp }} iburst" insertafter: '^# pool:' -- name: ntp.conf stretch+ remove limited +- name: ntp.conf remove limited, debian9-99 ubuntu20-99 tags: ntp replace: path: "{{ ntpconf }}" @@ -348,7 +404,7 @@ regexp: "minsane \\d+" replace: "minsane 1" -- name: postfix master.cf jessie +- name: postfix master.cf debian8 tags: postfix patch: src: postfix_master.cf.patch.jessie @@ -357,7 +413,7 @@ - ansible_distribution == "Debian" - ansible_distribution_major_version == "8" -- name: postfix master.cf stretch-buster +- name: postfix master.cf debian9-10 tags: postfix patch: src: postfix_master.cf.patch.stretch @@ -367,7 +423,7 @@ - (ansible_distribution_major_version|int() == 9) or (ansible_distribution_major_version|int() == 10) -- name: postfix master.cf bullseye+ +- name: postfix master.cf debian11-99 tags: postfix patch: src: postfix_master.cf.patch.bullseye @@ -375,13 +431,21 @@ when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) -- name: postfix master.cf ubuntu 20.04 +- name: postfix master.cf ubuntu20 tags: postfix patch: src: postfix_master.cf.patch.ubuntu20.04 dest: /etc/postfix/master.cf when: - - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20) + +- name: postfix master.cf ubuntu22-99 + tags: postfix + patch: + src: postfix_master.cf.patch.ubuntu22.04 + dest: /etc/postfix/master.cf + when: + - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) - name: postfix relayhost tags: postfix @@ -424,4 +488,36 @@ shell: 'mkdir -p /data && mount /data' when: fstab_data.changed +- name: bash profile.d + file: + path: "/etc/profile.d" + state: directory + mode: 0755 + +- name: bash vtysh pager + copy: + dest: "/etc/profile.d/vtysh.sh" + mode: 0644 + content: "export VTYSH_PAGER='less -F'\n" + +- name: bash history + copy: + src: history.sh + dest: /etc/profile.d/history.sh + mode: 0644 + +- name: etcbackup + copy: + src: etcbackup.sh + dest: /usr/local/sbin/etcbackup.sh + mode: 0755 + +- name: etcbackup cron + lineinfile: + dest: /etc/cron.d/etcbackup + regexp: "/usr/local/sbin/etcbackup.sh" + line: "50 22 * * * root /usr/local/sbin/etcbackup.sh" + create: yes + + # vim: set tabstop=2 shiftwidth=2 expandtab smarttab: