bitfit/ansible_etalon
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

v220904

Browse Source
This commit is contained in:
root 2022-09-04 16:11:49 +02:00
commit d0ecf1d2c8
14 changed files with 639 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
files/default_grub.patch.jessie Normal file
View File

@ -0,0 +1,20 @@
--- grub.ori 2017-09-18 01:04:28.265436361 +0200
+++ grub 2017-09-18 01:04:50.625436003 +0200
@@ -6,7 +6,7 @@
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
-GRUB_CMDLINE_LINUX_DEFAULT="quiet"
+GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX=""
# Uncomment to enable BadRAM filtering, modify to suit your needs
@@ -15,7 +15,7 @@
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
# Uncomment to disable graphical terminal (grub-pc only)
-#GRUB_TERMINAL=console
+GRUB_TERMINAL=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE

21
files/default_grub.patch.stretch Normal file
View File

@ -0,0 +1,21 @@
--- grub.ori 2017-09-18 01:04:28.265436361 +0200
+++ grub 2017-09-18 01:04:50.625436003 +0200
@@ -6,7 +6,7 @@
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
-GRUB_CMDLINE_LINUX_DEFAULT="quiet"
-GRUB_CMDLINE_LINUX=""
+GRUB_CMDLINE_LINUX_DEFAULT=""
+GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"
# Uncomment to enable BadRAM filtering, modify to suit your needs
@@ -15,7 +15,7 @@
#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
# Uncomment to disable graphical terminal (grub-pc only)
-#GRUB_TERMINAL=console
+GRUB_TERMINAL=console
# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE

14
files/ntp.conf.patch.jessie Normal file
View File

@ -0,0 +1,14 @@
--- ntp.conf.ori 2017-09-18 01:26:51.409414891 +0200
+++ ntp.conf 2017-09-18 01:27:24.501414362 +0200
@@ -18,10 +18,7 @@
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
-server 0.debian.pool.ntp.org iburst
-server 1.debian.pool.ntp.org iburst
-server 2.debian.pool.ntp.org iburst
-server 3.debian.pool.ntp.org iburst
+server 10.93.163.98 iburst
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for

19
files/ntp.conf.patch.stretch Normal file
View File

@ -0,0 +1,19 @@
--- ntp.conf.ori 2017-08-08 22:44:37.000000000 +0200
+++ ntp.conf 2018-01-30 03:01:54.819979694 +0100
@@ -17,10 +17,12 @@
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
-pool 0.debian.pool.ntp.org iburst
-pool 1.debian.pool.ntp.org iburst
-pool 2.debian.pool.ntp.org iburst
-pool 3.debian.pool.ntp.org iburst
+#pool 0.debian.pool.ntp.org iburst
+#pool 1.debian.pool.ntp.org iburst
+#pool 2.debian.pool.ntp.org iburst
+#pool 3.debian.pool.ntp.org iburst
+
+server 10.93.163.98 iburst
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for

BIN
files/pf6_1_all.deb Normal file
View File

Binary file not shown.

58
files/postfix_master.cf.patch.bullseye Normal file
View File

@ -0,0 +1,58 @@
--- master.cf.ori 2021-08-20 02:16:35.192277663 +0200
+++ master.cf 2021-08-20 02:25:29.161747244 +0200
@@ -9,7 +9,8 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
-smtp inet n - y - - smtpd
+#smtp inet n - y - - smtpd
+localhost:smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
@@ -81,45 +82,3 @@
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

59
files/postfix_master.cf.patch.jessie Normal file
View File

@ -0,0 +1,59 @@
--- master.cf.ori 2017-09-18 01:30:54.865410999 +0200
+++ master.cf 2017-09-18 01:31:42.905410232 +0200
@@ -9,7 +9,7 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
-smtp inet n - - - - smtpd
+localhost:smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
@@ -78,47 +78,4 @@
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}

60
files/postfix_master.cf.patch.stretch Normal file
View File

@ -0,0 +1,60 @@
--- master.cf.ori 2018-01-30 03:12:29.079969555 +0100
+++ master.cf 2018-01-30 03:13:27.699968618 +0100
@@ -9,7 +9,8 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
-smtp inet n - y - - smtpd
+#smtp inet n - y - - smtpd
+localhost:smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
@@ -78,47 +79,3 @@
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
- ${nexthop} ${user}
-

9
files/sources.list.bullseye Normal file
View File

@ -0,0 +1,9 @@
deb http://deb.debian.org/debian/ bullseye main contrib non-free
deb-src http://deb.debian.org/debian/ bullseye main contrib non-free
deb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free
deb-src http://deb.debian.org/debian-security/ bullseye-security main contrib non-free
deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free
deb-src http://deb.debian.org/debian/ bullseye-updates main contrib non-free

12
files/sources.list.buster Normal file
View File

@ -0,0 +1,12 @@
deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free
deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free
deb-src http://deb.debian.org/debian-security/ buster/updates main contrib non-free
deb http://deb.debian.org/debian buster-updates main contrib non-free
deb-src http://deb.debian.org/debian buster-updates main contrib non-free
#deb http://deb.debian.org/debian buster-backports main contrib non-free
#deb-src http://deb.debian.org/debian buster-backports main contrib non-free

11
files/sources.list.jessie Normal file
View File

@ -0,0 +1,11 @@
deb http://archive.debian.org/debian/ jessie main contrib non-free
#deb-src http://httpredir.debian.org/debian/ jessie main contrib non-free
deb http://security.debian.org/ jessie/updates main contrib non-free
#deb-src http://security.debian.org/ jessie/updates main contrib non-free
# jessie-updates, previously known as 'volatile'
#deb http://httpredir.debian.org/debian/ jessie-updates main contrib non-free
#deb-src http://httpredir.debian.org/debian/ jessie-updates main contrib non-free
deb http://archive.debian.org/debian/ jessie-backports main

9
files/sources.list.stretch Normal file
View File

@ -0,0 +1,9 @@
deb http://httpredir.debian.org/debian/ stretch main contrib non-free
deb-src http://httpredir.debian.org/debian/ stretch main contrib non-free
deb http://security.debian.org/debian-security stretch/updates main contrib non-free
deb-src http://security.debian.org/debian-security stretch/updates main contrib non-free
# deb http://httpredir.debian.org/debian/ stretch-backports main

13
files/sysstat_minutely.patch Normal file
View File

@ -0,0 +1,13 @@
--- sysstat.ori 2017-09-18 00:57:17.685443243 +0200
+++ sysstat 2017-09-18 00:57:32.997442999 +0200
@@ -2,8 +2,8 @@
# script is located
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
-# Activity reports every 10 minutes everyday
-5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
+# Activity reports
+* * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
# Additional run at 23:59 to rotate the statistics file
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2

334
tasks/main.yml Normal file
View File

@ -0,0 +1,334 @@
---
- name: /tmp bind mount in fstab
lineinfile:
dest: /etc/fstab
line: '/var/tmp /tmp none bind 0 0'
register: fstab_tmp
- name: mount /tmp
shell: 'mv /tmp/ /old-tmp; mkdir /tmp; mount /tmp; mv /old-tmp /tmp'
when: fstab_tmp.changed
- name: apt.conf proxy
lineinfile:
dest: /etc/apt/apt.conf
regexp: '^Acquire::http::Proxy'
line: 'Acquire::http::Proxy "{{ aptproxy }}";'
create: yes
when:
- aptproxy is defined
- name: remove nano
tags: apt
apt:
name: nano
state: absent
purge: yes
- name: apt sources.list jessie
tags: apt
copy:
src: sources.list.jessie
dest: /etc/apt/sources.list
when:
- ansible_distribution_major_version == "8"
- name: apt sources.list stretch
tags: apt
copy:
src: sources.list.stretch
dest: /etc/apt/sources.list
when:
- ansible_distribution_major_version == "9"
- name: apt sources.list buster
tags: apt
copy:
src: sources.list.buster
dest: /etc/apt/sources.list
when:
- ansible_distribution_major_version == "10"
- name: apt sources.list bullseye
tags: apt
copy:
src: sources.list.bullseye
dest: /etc/apt/sources.list
when:
- ansible_distribution_major_version == "11"
- name: apt.conf allow unauthenticated jessie
tags: apt
lineinfile:
dest: /etc/apt/apt.conf
regexp: '^APT::Get::AllowUnauthenticated'
line: 'APT::Get::AllowUnauthenticated "1";'
create: yes
when:
- ansible_distribution_major_version == "8"
- name: apt.conf allow expired jessie
tags: apt
lineinfile:
dest: /etc/apt/apt.conf
regexp: '^Acquire::Check-Valid-Until'
line: 'Acquire::Check-Valid-Until "0";'
create: yes
when:
- ansible_distribution_major_version == "8"
- name: apt update
tags: apt
apt:
update_cache: yes
- name: install packages
tags: apt
apt:
name: aptitude
state: present
- name: apt full-upgrade
tags: apt
apt:
upgrade: full
- name: install packages
tags: apt
apt:
name: "{{ item }}"
state: present
with_items:
- bind9-host
- bzip2
- curl
#- dnsutils
#- bind9-dnsutils
- bind9utils
- file
- git
#- heirloom-mailx
- bsd-mailx
- iotop
- libpam-systemd
- locales
- lsof
- make
- mc
- mlocate
- mtr-tiny
- ngrep
- ntp
- ntpdate
- openssl
- parted
- patch
- postfix
- psmisc
- pwgen
- rename
- rsync
- screen
- strace
- subversion
- sysstat
- tcpdump
- telnet
- unzip
- vim
- w3m
- xz-utils
- zip
- libfile-slurp-perl
- libjson-perl
- net-tools
- man
- name: open-vm-tools
apt:
name: open-vm-tools
state: present
purge: yes
tags:
- vmware
- apt
- name: remove install user
user:
name: install
state: absent
force: yes
- name: remove install user's home directory
file:
path: /home/install
state: absent
- name: "remove our key from root's authorized_keys"
authorized_key:
user: root
state: absent
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWZi5nTI6zo3+cgGx5l163pEQXJ3aUyerqbHfQl9p8aB2bbe+vQl+Uc2Vrv8fvytAZizjPIIYdW5RqFAXrbNP+OpyFAONNZpX0omB8HLoHzOnmWpaCjMZp9XAdvWPknWFWWkwR5G5rbP5+dKeREzl4cAvW4GauEjaK4kUJF3K2HumVF6U3bzyDwnI+7h0zEbHddSOwAP1Opzla+WSdF+ZsiMdcVZE/mFxzd8sv1ZoO36sVZ1vItEAcols4qEAfwW8Gk/UjXI1XFRD1UrksAUxAc4ypu5oBVWtjMa429ZrCRbH2iU+TPbuUSXHJQMgTqsUgHrS9XkuS3EdbPA/aDMD1jhoYz2zyfAoCGdEBOuATlaoCOpOeSc9XIsasdVNwvtX2LCTlQe+LLOQzKiLaHEr/QmnLs8es8b68wtDlFIA2QAXYIfs8l+gBv3t3BIw7VPbMe8nb6hbTHFObDlVCyvXO2/6ZkOfRMgswFsQnGAqciowPxsjVer+I5hEBCMHgb6pxcUECxcxsc9P/w/z9LxGts9Ozyq55jzWMwvnFdarkzpMfWtt3QX7XG5B8OD4ghuMkX60GgvT7v1E7yTI/JtwXrsAc6jl1Qo4+TDdEYuBXe/LqyQzQ7GD1OoGRHIKCWyAQ9JiHcbUYX9p+vafXf0l1jelSg3O+cU+q+oZdGP178w== root@kavics'
- name: copy pf6 package
tags: pf6
copy:
src: pf6_1_all.deb
dest: /tmp
- name: install pf6 package
tags: pf6
apt:
deb: /tmp/pf6_1_all.deb
- name: sysstat enable
tags: sysstat
lineinfile:
dest: /etc/default/sysstat
regexp: "^ENABLED="
line: 'ENABLED="true"'
- name: sysstat every minute
tags: sysstat
patch:
src: sysstat_minutely.patch
dest: /etc/cron.d/sysstat
- name: grub defaults, jessie
tags: grub
patch:
src: default_grub.patch.jessie
dest: /etc/default/grub
when:
- ansible_distribution_major_version == "8"
- name: grub defaults, stretch+
tags: grub
patch:
src: default_grub.patch.stretch
dest: /etc/default/grub
when:
- ansible_distribution_major_version|int() >= 9
- name: update-grub
tags: grub
command: update-grub
- name: edit locale.gen
tags: locales
replace:
dest: /etc/locale.gen
regexp: '^#\s*(hu_HU|en_US)'
replace: '\1'
- name: run locale-gen
tags: locales
command: locale-gen
#- name: ntp.conf jessie
# tags: ntp
# patch:
# src: ntp.conf.patch.jessie
# dest: /etc/ntp.conf
# when:
# - ansible_distribution_major_version == "8"
#
#- name: ntp.conf stretch
# tags: ntp
# patch:
# src: ntp.conf.patch.stretch
# dest: /etc/ntp.conf
# when:
# - ansible_distribution_major_version|int() >= 9
- name: ntp.conf remove factory ntp servers
tags: ntp
lineinfile:
dest: /etc/ntp.conf
regexp: '^(pool|server)\s'
state: absent
- name: ntp.conf set ntp server
tags: ntp
lineinfile:
dest: /etc/ntp.conf
regexp: '^(pool|server)\s'
line: "server {{ ntp }} iburst"
insertafter: '^# pool:'
- name: ntp.conf stretch+ remove limited
tags: ntp
replace:
path: /etc/ntp.conf
regexp: "noquery limited"
replace: "noquery"
when:
- ansible_distribution_major_version|int() >= 9
- name: postfix master.cf jessie
tags: postfix
patch:
src: postfix_master.cf.patch.jessie
dest: /etc/postfix/master.cf
when:
- ansible_distribution_major_version == "8"
- name: postfix master.cf stretch-buster
tags: postfix
patch:
src: postfix_master.cf.patch.stretch
dest: /etc/postfix/master.cf
when:
- (ansible_distribution_major_version|int() == 9) or
(ansible_distribution_major_version|int() == 10)
- name: postfix master.cf bullseye
tags: postfix
patch:
src: postfix_master.cf.patch.bullseye
dest: /etc/postfix/master.cf
when:
- ansible_distribution_major_version|int() == 11
- name: postfix relay
tags: postfix
lineinfile:
dest: /etc/postfix/main.cf
regexp: '^relayhost\s'
line: "relayhost = mail-out.i.hwstudio.hu"
- name: pvresize /dev/sdb
tags:
- lvm
- vmware
command: 'pvresize /dev/sdb'
- name: /data in fstab
tags: lvm
lineinfile:
dest: /etc/fstab
line: '/dev/mapper/vg00-data /data ext4 defaults 0 2'
register: fstab_data
- name: create /dev/vg00/data
tags: lvm
lvol:
vg: vg00
lv: data
size: "{{ datasize | default('50%FREE') }}"
when: fstab_data.changed
- name: ext4 filesystem on /dev/vg00/data
tags: lvm
filesystem:
dev: /dev/vg00/data
fstype: ext4
when: fstab_data.changed
- name: mount /data
tags: lvm
shell: 'mkdir -p /data && mount /data'
when: fstab_data.changed
# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: