--- - name: /tmp bind mount in fstab lineinfile: dest: /etc/fstab line: '/var/tmp /tmp none bind 0 0' register: fstab_tmp - name: mount /tmp shell: 'mv /tmp/ /old-tmp; mkdir /tmp; mount /tmp; mv /old-tmp /tmp' when: fstab_tmp.changed - name: apt.conf proxy lineinfile: dest: /etc/apt/apt.conf regexp: '^Acquire::http::Proxy' line: 'Acquire::http::Proxy "{{ aptproxy }}";' create: yes when: - aptproxy is defined - name: remove nano tags: apt apt: name: nano state: absent purge: yes - name: remove ubuntu cloud init, etc. tags: apt apt: name: - cloud-init - cloud-guest-utils - cloud-initramfs-dyn-netconf - cloud-initramfs-copymods - netplan.io state: absent purge: yes when: - ansible_distribution == "Ubuntu" - name: disable systemd-networkd-wait-online.service on ubuntu service: name: systemd-networkd-wait-online.service enabled: false when: - ansible_distribution == "Ubuntu" - name: apt sources.list debian5 copy: src: sources.list.lenny dest: /etc/apt/sources.list when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "5" tags: apt - name: apt.conf allow-unauthenticated debian5 lineinfile: dest: /etc/apt/apt.conf line: 'APT::Get::AllowUnauthenticated "true";' create: yes when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "5" tags: apt - name: apt sources.list debian6 copy: src: sources.list.squeeze dest: /etc/apt/sources.list when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "6" tags: apt - name: apt.conf check-valid-until debian6 lineinfile: dest: /etc/apt/apt.conf line: 'Acquire::Check-Valid-Until "0";' create: yes when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "6" tags: apt - name: apt sources.list debian8 tags: apt copy: src: sources.list.jessie dest: /etc/apt/sources.list when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "8" - name: apt sources.list debian9 tags: apt copy: src: sources.list.stretch dest: /etc/apt/sources.list when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "9" - name: apt sources.list debian10 tags: apt copy: src: sources.list.buster dest: /etc/apt/sources.list when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "10" - name: apt sources.list debian11 tags: apt copy: src: sources.list.bullseye dest: /etc/apt/sources.list when: - (ansible_distribution == "Debian" and ansible_distribution_major_version == "11") - name: apt sources.list debian12 tags: apt copy: src: sources.list.bookworm dest: /etc/apt/sources.list when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() == 12) - name: apt.conf allow unauthenticated debian8 tags: apt lineinfile: dest: /etc/apt/apt.conf regexp: '^APT::Get::AllowUnauthenticated' line: 'APT::Get::AllowUnauthenticated "1";' create: yes when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "8" - name: apt.conf allow expired debian8 tags: apt lineinfile: dest: /etc/apt/apt.conf regexp: '^Acquire::Check-Valid-Until' line: 'Acquire::Check-Valid-Until "0";' create: yes when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "8" - name: apt update tags: apt apt: update_cache: yes - name: install packages tags: apt apt: name: aptitude state: present - name: apt full-upgrade tags: apt apt: upgrade: full - name: install common packages for all opsys versions tags: apt apt: name: - bind9-host - bzip2 - curl - file - git - bsd-mailx - iotop - libpam-systemd - locales - lsof - make - mc - mtr-tiny - ngrep - openssl - parted - patch - postfix - psmisc - pwgen - rename - rsync - screen - strace - subversion - sysstat - tcpdump - telnet - unzip - vim - w3m - xz-utils - zip - libfile-slurp-perl - libjson-perl - net-tools - man - ifupdown - mosh state: present - name: install packages for debian0-11 ubuntu20 tags: apt apt: name: - ntp - ntpdate - mlocate state: present when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20) - name: install packages for debian0-10 tags: apt apt: name: - dnsutils state: present when: - ansible_distribution == "Debian" - ansible_distribution_major_version|int() <= 10 - name: install packages for debian11-99 ubuntu20-99 tags: apt apt: name: - bind9-dnsutils - rsyslog - plocate state: present when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) - name: install packages for debian12-99 ubuntu22-99 tags: apt apt: name: - ntpsec - ntpsec-ntpdate state: present when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) - name: install packages for ubuntu22-99 tags: apt apt: name: - iputils-ping state: present when: - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) - name: open-vm-tools apt: name: open-vm-tools state: present purge: yes tags: - vmware - apt - name: remove install user user: name: install state: absent force: yes - name: remove install user's home directory file: path: /home/install state: absent - name: "remove our key from root's authorized_keys" authorized_key: user: root state: absent key: "{{ mgmt_ssh_key }}" - name: copy pf6 package tags: pf6 copy: src: pf6_1_all.deb dest: /tmp - name: install pf6 package tags: pf6 apt: deb: /tmp/pf6_1_all.deb - name: sysstat enable tags: sysstat lineinfile: dest: /etc/default/sysstat regexp: "^ENABLED=" line: 'ENABLED="true"' - name: sysstat every minute tags: sysstat patch: src: sysstat_minutely.patch dest: /etc/cron.d/sysstat - name: grub defaults, debian8 tags: grub patch: src: default_grub.patch.jessie dest: /etc/default/grub when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "8" - name: grub defaults, debian9-11 tags: grub patch: src: default_grub.patch.stretch dest: /etc/default/grub when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12) - name: grub defaults, debian12-99 tags: grub patch: src: default_grub.patch.bookworm dest: /etc/default/grub when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) - name: grub defaults, ubuntu20-99 tags: grub lineinfile: path: /etc/default/grub regexp: "^GRUB_CMDLINE_LINUX=" line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' when: - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) - name: update-grub tags: grub command: update-grub - name: edit locale.gen tags: locales replace: dest: /etc/locale.gen regexp: '^#\s*(hu_HU|en_US)' replace: '\1' - name: run locale-gen tags: locales command: locale-gen - name: find ntp.conf tags: ntp command: "find /etc -name ntp.conf" register: find_ntpconf - name: set ntpconf variable set_fact: ntpconf: "{{ find_ntpconf.stdout_lines[0] }}" - name: ntp.conf remove factory ntp servers tags: ntp lineinfile: dest: "{{ ntpconf }}" regexp: '^(pool|server)\s' state: absent - name: ntp.conf set ntp server tags: ntp lineinfile: dest: "{{ ntpconf }}" regexp: '^(pool|server)\s' line: "server {{ ntp }} iburst" insertafter: '^# pool:' - name: ntp.conf remove limited, debian9-99 ubuntu20-99 tags: ntp replace: path: "{{ ntpconf }}" regexp: "noquery limited" replace: "noquery" when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) - name: ntp.conf set minsane 1 tags: ntp replace: path: "{{ ntpconf }}" regexp: "minsane \\d+" replace: "minsane 1" - name: postfix master.cf debian8 tags: postfix patch: src: postfix_master.cf.patch.jessie dest: /etc/postfix/master.cf when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "8" - name: postfix master.cf debian9-10 tags: postfix patch: src: postfix_master.cf.patch.stretch dest: /etc/postfix/master.cf when: - ansible_distribution == "Debian" - (ansible_distribution_major_version|int() == 9) or (ansible_distribution_major_version|int() == 10) - name: postfix master.cf debian11-99 tags: postfix patch: src: postfix_master.cf.patch.bullseye dest: /etc/postfix/master.cf when: - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) - name: postfix master.cf ubuntu20 tags: postfix patch: src: postfix_master.cf.patch.ubuntu20.04 dest: /etc/postfix/master.cf when: - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20) - name: postfix master.cf ubuntu22-99 tags: postfix patch: src: postfix_master.cf.patch.ubuntu22.04 dest: /etc/postfix/master.cf when: - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22) - name: postfix relayhost tags: postfix lineinfile: dest: /etc/postfix/main.cf regexp: '^relayhost\s' line: "relayhost = {{ postfix_relayhost }}" when: postfix_relayhost is defined - name: pvresize tags: - lvm - vmware shell: 'pvresize $(pvs --noheadings -o pv_name)' - name: /data in fstab tags: lvm lineinfile: dest: /etc/fstab line: '/dev/mapper/vg00-data /data ext4 defaults 0 2' register: fstab_data - name: create /dev/vg00/data tags: lvm lvol: vg: vg00 lv: data size: "{{ datasize | default('50%FREE') }}" when: fstab_data.changed - name: ext4 filesystem on /dev/vg00/data tags: lvm filesystem: dev: /dev/vg00/data fstype: ext4 when: fstab_data.changed - name: mount /data tags: lvm shell: 'mkdir -p /data && mount /data' when: fstab_data.changed - name: bash profile.d file: path: "/etc/profile.d" state: directory mode: 0755 - name: bash vtysh pager copy: dest: "/etc/profile.d/vtysh.sh" mode: 0644 content: "export VTYSH_PAGER='less -F'\n" - name: bash history copy: src: history.sh dest: /etc/profile.d/history.sh mode: 0644 - name: etcbackup copy: src: etcbackup.sh dest: /usr/local/sbin/etcbackup.sh mode: 0755 - name: etcbackup cron lineinfile: dest: /etc/cron.d/etcbackup regexp: "/usr/local/sbin/etcbackup.sh" line: "50 22 * * * root /usr/local/sbin/etcbackup.sh" create: yes # vim: set tabstop=2 shiftwidth=2 expandtab smarttab: