bitfit/ansible_etalon
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source
This commit is contained in:
ROTTLER Tamas 2024-12-17 21:56:17 +01:00
commit f59f72cac7
6 changed files with 208 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
files/etcbackup.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/bash
BACKUPPATH=/var/backups
BACKUPFILE=etc.`hostname`.`date +%F`.tar.gz
tar -czf $BACKUPPATH/$BACKUPFILE -C / etc
chmod 0640 $BACKUPPATH/$BACKUPFILE
find $BACKUPPATH -name "etc.*.tar.gz" -mtime +28 -delete

6
files/history.sh Normal file
View File

@ -0,0 +1,6 @@
if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then
export HISTSIZE=2000
export HISTFILESIZE=2000
export HISTTIMEFORMAT='%F %T '
shopt -s histappend
fi

58
files/postfix_master.cf.patch.ubuntu22.04 Normal file
View File

@ -0,0 +1,58 @@
--- master.cf.orig 2022-09-04 21:21:54.582996894 +0000
+++ master.cf 2022-09-04 21:42:59.260083893 +0000
@@ -9,7 +9,8 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
-smtp inet n - y - - smtpd
+#smtp inet n - y - - smtpd
+localhost:smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
@@ -85,45 +86,3 @@
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
-# ====================================================================
-#
-# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
-#
-# Specify in cyrus.conf:
-# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
-#
-# Specify in main.cf one or more of the following:
-# mailbox_transport = lmtp:inet:localhost
-# virtual_transport = lmtp:inet:localhost
-#
-# ====================================================================
-#
-# Cyrus 2.1.5 (Amos Gouaux)
-# Also specify in main.cf: cyrus_destination_recipient_limit=1
-#
-#cyrus unix - n n - - pipe
-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-#
-# ====================================================================
-# Old example of delivery via Cyrus.
-#
-#old-cyrus unix - n n - - pipe
-# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
-#
-# ====================================================================
-#
-# See the Postfix UUCP_README file for configuration details.
-#
-uucp unix - n n - - pipe
- flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
-#
-# Other external delivery methods.
-#
-ifmail unix - n n - - pipe
- flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
-bsmtp unix - n n - - pipe
- flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
-scalemail-backend unix - n n - 2 pipe
- flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
-mailman unix - n n - - pipe
- flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

6
files/sources.list.lenny Normal file
View File

@ -0,0 +1,6 @@
# lenny sources.list - ANSIBLE MANAGED - do not edit!
deb http://archive.debian.org/debian lenny main non-free contrib
deb-src http://archive.debian.org/debian lenny main non-free contrib
deb http://archive.debian.org/debian-backports lenny-backports main non-free contrib

9
files/sources.list.squeeze Normal file
View File

@ -0,0 +1,9 @@
# squeeze sources.list - ANSIBLE MANAGED - do not edit!
deb http://archive.debian.org/debian/ squeeze main non-free contrib
deb-src http://archive.debian.org/debian/ squeeze main non-free contrib
deb http://archive.debian.org/debian squeeze-lts main contrib non-free
deb-src http://archive.debian.org/debian squeeze-lts main contrib non-free
deb http://archive.debian.org/debian-backports squeeze-backports main

146
tasks/main.yml
View File

@ -39,7 +39,52 @@
when: when:
- ansible_distribution == "Ubuntu" - ansible_distribution == "Ubuntu"
- name: apt sources.list jessie - name: disable systemd-networkd-wait-online.service on ubuntu
service:
name: systemd-networkd-wait-online.service
enabled: false
when:
- ansible_distribution == "Ubuntu"
- name: apt sources.list debian5
copy:
src: sources.list.lenny
dest: /etc/apt/sources.list
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version == "5"
tags: apt
- name: apt.conf allow-unauthenticated debian5
lineinfile:
dest: /etc/apt/apt.conf
line: 'APT::Get::AllowUnauthenticated "true";'
create: yes
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version == "5"
tags: apt
- name: apt sources.list debian6
copy:
src: sources.list.squeeze
dest: /etc/apt/sources.list
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version == "6"
tags: apt
- name: apt.conf check-valid-until debian6
lineinfile:
dest: /etc/apt/apt.conf
line: 'Acquire::Check-Valid-Until "0";'
create: yes
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version == "6"
tags: apt
- name: apt sources.list debian8
tags: apt tags: apt
copy: copy:
src: sources.list.jessie src: sources.list.jessie
@ -48,7 +93,7 @@
- ansible_distribution == "Debian" - ansible_distribution == "Debian"
- ansible_distribution_major_version == "8" - ansible_distribution_major_version == "8"
- name: apt sources.list stretch - name: apt sources.list debian9
tags: apt tags: apt
copy: copy:
src: sources.list.stretch src: sources.list.stretch
@ -57,7 +102,7 @@
- ansible_distribution == "Debian" - ansible_distribution == "Debian"
- ansible_distribution_major_version == "9" - ansible_distribution_major_version == "9"
- name: apt sources.list buster - name: apt sources.list debian10
tags: apt tags: apt
copy: copy:
src: sources.list.buster src: sources.list.buster
@ -66,7 +111,7 @@
- ansible_distribution == "Debian" - ansible_distribution == "Debian"
- ansible_distribution_major_version == "10" - ansible_distribution_major_version == "10"
- name: apt sources.list bullseye - name: apt sources.list debian11
tags: apt tags: apt
copy: copy:
src: sources.list.bullseye src: sources.list.bullseye
@ -74,15 +119,15 @@
when: when:
- (ansible_distribution == "Debian" and ansible_distribution_major_version == "11") - (ansible_distribution == "Debian" and ansible_distribution_major_version == "11")
- name: apt sources.list bookworm - name: apt sources.list debian12
tags: apt tags: apt
copy: copy:
src: sources.list.bookworm src: sources.list.bookworm
dest: /etc/apt/sources.list dest: /etc/apt/sources.list
when: when:
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() == 12)
- name: apt.conf allow unauthenticated jessie - name: apt.conf allow unauthenticated debian8
tags: apt tags: apt
lineinfile: lineinfile:
dest: /etc/apt/apt.conf dest: /etc/apt/apt.conf
@ -93,7 +138,7 @@
- ansible_distribution == "Debian" - ansible_distribution == "Debian"
- ansible_distribution_major_version == "8" - ansible_distribution_major_version == "8"
- name: apt.conf allow expired jessie - name: apt.conf allow expired debian8
tags: apt tags: apt
lineinfile: lineinfile:
dest: /etc/apt/apt.conf dest: /etc/apt/apt.conf
@ -146,7 +191,6 @@
- lsof - lsof
- make - make
- mc - mc
- mlocate
- mtr-tiny - mtr-tiny
- ngrep - ngrep
- openssl - openssl
@ -176,18 +220,19 @@
- mosh - mosh
state: present state: present
- name: install packages for debian -bullseye - name: install packages for debian0-11 ubuntu20
tags: apt tags: apt
apt: apt:
name: name:
- ntp - ntp
- ntpdate - ntpdate
- mlocate
state: present state: present
when: when:
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20) (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)
- name: install packages for debian buster and older - name: install packages for debian0-10
tags: apt tags: apt
apt: apt:
name: name:
@ -197,18 +242,19 @@
- ansible_distribution == "Debian" - ansible_distribution == "Debian"
- ansible_distribution_major_version|int() <= 10 - ansible_distribution_major_version|int() <= 10
- name: install packages for debian bullseye+ - name: install packages for debian11-99 ubuntu20-99
tags: apt tags: apt
apt: apt:
name: name:
- bind9-dnsutils - bind9-dnsutils
- rsyslog - rsyslog
- plocate
state: present state: present
when: when:
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
- name: install packages for debian bookworm+ - name: install packages for debian12-99 ubuntu22-99
tags: apt tags: apt
apt: apt:
name: name:
@ -216,7 +262,17 @@
- ntpsec-ntpdate - ntpsec-ntpdate
state: present state: present
when: when:
- ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12 - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) or
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)
- name: install packages for ubuntu22-99
tags: apt
apt:
name:
- iputils-ping
state: present
when:
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)
- name: open-vm-tools - name: open-vm-tools
apt: apt:
@ -273,7 +329,7 @@
src: sysstat_minutely.patch src: sysstat_minutely.patch
dest: /etc/cron.d/sysstat dest: /etc/cron.d/sysstat
- name: grub defaults, jessie - name: grub defaults, debian8
tags: grub tags: grub
patch: patch:
src: default_grub.patch.jessie src: default_grub.patch.jessie
@ -282,7 +338,7 @@
- ansible_distribution == "Debian" - ansible_distribution == "Debian"
- ansible_distribution_major_version == "8" - ansible_distribution_major_version == "8"
- name: grub defaults, stretch+ - name: grub defaults, debian9-11
tags: grub tags: grub
patch: patch:
src: default_grub.patch.stretch src: default_grub.patch.stretch
@ -290,7 +346,7 @@
when: when:
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12) - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12)
- name: grub defaults, bookworm+ - name: grub defaults, debian12-99
tags: grub tags: grub
patch: patch:
src: default_grub.patch.bookworm src: default_grub.patch.bookworm
@ -298,7 +354,7 @@
when: when:
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12)
- name: grub defaults, stretch+ - name: grub defaults, ubuntu20-99
tags: grub tags: grub
lineinfile: lineinfile:
path: /etc/default/grub path: /etc/default/grub
@ -327,7 +383,7 @@
command: "find /etc -name ntp.conf" command: "find /etc -name ntp.conf"
register: find_ntpconf register: find_ntpconf
- name: set ntpconf veriable - name: set ntpconf variable
set_fact: set_fact:
ntpconf: "{{ find_ntpconf.stdout_lines[0] }}" ntpconf: "{{ find_ntpconf.stdout_lines[0] }}"
@ -346,7 +402,7 @@
line: "server {{ ntp }} iburst" line: "server {{ ntp }} iburst"
insertafter: '^# pool:' insertafter: '^# pool:'
- name: ntp.conf stretch+ remove limited - name: ntp.conf remove limited, debian9-99 ubuntu20-99
tags: ntp tags: ntp
replace: replace:
path: "{{ ntpconf }}" path: "{{ ntpconf }}"
@ -363,7 +419,7 @@
regexp: "minsane \\d+" regexp: "minsane \\d+"
replace: "minsane 1" replace: "minsane 1"
- name: postfix master.cf jessie - name: postfix master.cf debian8
tags: postfix tags: postfix
patch: patch:
src: postfix_master.cf.patch.jessie src: postfix_master.cf.patch.jessie
@ -372,7 +428,7 @@
- ansible_distribution == "Debian" - ansible_distribution == "Debian"
- ansible_distribution_major_version == "8" - ansible_distribution_major_version == "8"
- name: postfix master.cf stretch-buster - name: postfix master.cf debian9-10
tags: postfix tags: postfix
patch: patch:
src: postfix_master.cf.patch.stretch src: postfix_master.cf.patch.stretch
@ -382,7 +438,7 @@
- (ansible_distribution_major_version|int() == 9) or - (ansible_distribution_major_version|int() == 9) or
(ansible_distribution_major_version|int() == 10) (ansible_distribution_major_version|int() == 10)
- name: postfix master.cf bullseye+ - name: postfix master.cf debian11-99
tags: postfix tags: postfix
patch: patch:
src: postfix_master.cf.patch.bullseye src: postfix_master.cf.patch.bullseye
@ -390,13 +446,21 @@
when: when:
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11)
- name: postfix master.cf ubuntu 20.04 - name: postfix master.cf ubuntu20
tags: postfix tags: postfix
patch: patch:
src: postfix_master.cf.patch.ubuntu20.04 src: postfix_master.cf.patch.ubuntu20.04
dest: /etc/postfix/master.cf dest: /etc/postfix/master.cf
when: when:
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)
- name: postfix master.cf ubuntu22-99
tags: postfix
patch:
src: postfix_master.cf.patch.ubuntu22.04
dest: /etc/postfix/master.cf
when:
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)
- name: postfix relayhost - name: postfix relayhost
tags: postfix tags: postfix
@ -439,4 +503,36 @@
shell: 'mkdir -p /data && mount /data' shell: 'mkdir -p /data && mount /data'
when: fstab_data.changed when: fstab_data.changed
- name: bash profile.d
file:
path: "/etc/profile.d"
state: directory
mode: 0755
- name: bash vtysh pager
copy:
dest: "/etc/profile.d/vtysh.sh"
mode: 0644
content: "export VTYSH_PAGER='less -F'\n"
- name: bash history
copy:
src: history.sh
dest: /etc/profile.d/history.sh
mode: 0644
- name: etcbackup
copy:
src: etcbackup.sh
dest: /usr/local/sbin/etcbackup.sh
mode: 0755
- name: etcbackup cron
lineinfile:
dest: /etc/cron.d/etcbackup
regexp: "/usr/local/sbin/etcbackup.sh"
line: "50 22 * * * root /usr/local/sbin/etcbackup.sh"
create: yes
# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: # vim: set tabstop=2 shiftwidth=2 expandtab smarttab: