ansible_etalon/tasks/main.yml

---
- name: /tmp bind mount in fstab
  lineinfile:
    dest: /etc/fstab
    line: '/var/tmp        /tmp            none    bind    0       0'
  register: fstab_tmp

- name: mount /tmp
  shell: 'mv /tmp/ /old-tmp; mkdir /tmp; mount /tmp; mv /old-tmp /tmp'
  when: fstab_tmp.changed

- name: apt.conf proxy
  lineinfile:
    dest: /etc/apt/apt.conf
    regexp: '^Acquire::http::Proxy'
    line: 'Acquire::http::Proxy "{{ aptproxy }}";'
    create: yes
  when:
    - aptproxy is defined

- name: remove nano
  tags: apt
  apt:
    name: nano
    state: absent
    purge: yes

- name: remove ubuntu cloud init, etc.
  tags: apt
  apt:
    name:
      - cloud-init
      - cloud-guest-utils
      - cloud-initramfs-dyn-netconf
      - cloud-initramfs-copymods
      - netplan.io
    state: absent
    purge: yes
  when:
    - ansible_distribution == "Ubuntu"

- name: disable systemd-networkd-wait-online.service on ubuntu
  service:
    name: systemd-networkd-wait-online.service
    enabled: false
  when:
    - ansible_distribution == "Ubuntu"

- name: apt sources.list debian5
  copy:
    src: sources.list.lenny
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "5"
  tags: apt
  
- name: apt.conf allow-unauthenticated debian5
  lineinfile:
    dest: /etc/apt/apt.conf
    line: 'APT::Get::AllowUnauthenticated "true";'
    create: yes
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "5"
  tags: apt

- name: apt sources.list debian6
  copy:
    src: sources.list.squeeze
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "6"
  tags: apt

- name: apt.conf check-valid-until debian6
  lineinfile:
    dest: /etc/apt/apt.conf
    line: 'Acquire::Check-Valid-Until "0";'
    create: yes
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "6"
  tags: apt

- name: apt sources.list debian8
  tags: apt
  copy:
    src: sources.list.jessie
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: apt sources.list debian9
  tags: apt
  copy:
    src: sources.list.stretch
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "9"

- name: apt sources.list debian10
  tags: apt
  copy:
    src: sources.list.buster
    dest: /etc/apt/sources.list
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "10"

- name: apt sources.list debian11
  tags: apt
  copy:
    src: sources.list.bullseye
    dest: /etc/apt/sources.list
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version == "11")

- name: apt sources.list debian12
  tags: apt
  copy:
    src: sources.list.bookworm
    dest: /etc/apt/sources.list
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() == 12)

- name: apt.conf allow unauthenticated debian8
  tags: apt
  lineinfile:
    dest: /etc/apt/apt.conf
    regexp: '^APT::Get::AllowUnauthenticated'
    line: 'APT::Get::AllowUnauthenticated "1";'
    create: yes
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: apt.conf allow expired debian8
  tags: apt
  lineinfile:
    dest: /etc/apt/apt.conf
    regexp: '^Acquire::Check-Valid-Until'
    line: 'Acquire::Check-Valid-Until "0";'
    create: yes
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: apt update
  tags: apt
  apt:
    update_cache: yes

- name: install packages
  tags: apt
  apt:
    name: aptitude
    state: present

- name: apt full-upgrade
  tags: apt
  apt:
    upgrade: full

- name: install common packages for all opsys versions
  tags: apt
  apt:
    name: 
      - bind9-host
      - bzip2
      - curl
      - file
      - git
      - bsd-mailx
      - iotop
      - libpam-systemd
      - locales
      - lsof
      - make
      - mc
      - mtr-tiny
      - ngrep
      - openssl
      - parted
      - patch
      - postfix
      - psmisc
      - pwgen
      - rename
      - rsync
      - screen
      - strace
      - subversion
      - sysstat
      - tcpdump
      - telnet
      - unzip
      - vim
      - w3m
      - xz-utils
      - zip
      - libfile-slurp-perl
      - libjson-perl
      - net-tools
      - man
      - ifupdown
      - mosh
    state: present

- name: install packages for debian0-11 ubuntu20
  tags: apt
  apt:
    name:
      - ntp
      - ntpdate
      - mlocate
    state: present
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)

- name: install packages for debian0-10
  tags: apt
  apt:
    name:
      - dnsutils
    state: present
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() <= 10

- name: install packages for debian11-99 ubuntu20-99
  tags: apt
  apt:
    name:
      - bind9-dnsutils
      - rsyslog
      - plocate
    state: present
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: install packages for debian12-99 ubuntu22-99
  tags: apt
  apt:
    name:
      - ntpsec
      - ntpsec-ntpdate
    state: present
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)

- name: install packages for ubuntu22-99
  tags: apt
  apt:
    name:
      - iputils-ping
    state: present
  when:
    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)

- name: open-vm-tools
  apt:
    name: open-vm-tools
    state: present
    purge: yes
  tags:
    - vmware
    - apt

- name: remove install user
  user:
    name: install
    state: absent
    force: yes

- name: remove install user's home directory
  file:
    path: /home/install
    state: absent

- name: "remove our key from root's authorized_keys"
  authorized_key:
    user: root
    state: absent
    key: "{{ mgmt_ssh_key }}"

- name: copy pf6 package
  tags: pf6
  copy:
    src: pf6_1_all.deb
    dest: /tmp

- name: install pf6 package
  tags: pf6
  apt:
    deb: /tmp/pf6_1_all.deb

- name: sysstat enable
  tags: sysstat
  lineinfile:
    dest: /etc/default/sysstat
    regexp: "^ENABLED="
    line: 'ENABLED="true"'

- name: sysstat every minute
  tags: sysstat
  patch:
    src: sysstat_minutely.patch
    dest: /etc/cron.d/sysstat

- name: grub defaults, debian8
  tags: grub
  patch:
    src: default_grub.patch.jessie
    dest: /etc/default/grub
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: grub defaults, debian9-11
  tags: grub
  patch:
    src: default_grub.patch.stretch
    dest: /etc/default/grub
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12)

- name: grub defaults, debian12-99
  tags: grub
  patch:
    src: default_grub.patch.bookworm
    dest: /etc/default/grub
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12)

- name: grub defaults, ubuntu20-99
  tags: grub
  lineinfile:
    path: /etc/default/grub
    regexp: "^GRUB_CMDLINE_LINUX="
    line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"'
  when:
    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: update-grub
  tags: grub
  command: update-grub

- name: edit locale.gen
  tags: locales
  replace:
    dest: /etc/locale.gen
    regexp: '^#\s*(hu_HU|en_US)'
    replace: '\1'

- name: run locale-gen
  tags: locales
  command: locale-gen

- name: find ntp.conf
  tags: ntp
  command: "find /etc -name ntp.conf"
  register: find_ntpconf

- name: set ntpconf variable
  set_fact:
    ntpconf: "{{ find_ntpconf.stdout_lines[0] }}"

- name: ntp.conf remove factory ntp servers
  tags: ntp
  lineinfile:
    dest: "{{ ntpconf }}"
    regexp: '^(pool|server)\s'
    state: absent

- name: ntp.conf set ntp server
  tags: ntp
  lineinfile:
    dest: "{{ ntpconf }}"
    regexp: '^(pool|server)\s'
    line: "server {{ ntp }} iburst"
    insertafter: '^# pool:'

- name: ntp.conf remove limited, debian9-99 ubuntu20-99
  tags: ntp
  replace:
    path: "{{ ntpconf }}"
    regexp: "noquery limited"
    replace: "noquery"
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: ntp.conf set minsane 1
  tags: ntp
  replace:
    path: "{{ ntpconf }}"
    regexp: "minsane \\d+"
    replace: "minsane 1"

- name: postfix master.cf debian8
  tags: postfix
  patch:
    src: postfix_master.cf.patch.jessie
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: postfix master.cf debian9-10
  tags: postfix
  patch:
    src: postfix_master.cf.patch.stretch
    dest: /etc/postfix/master.cf
  when:
    - ansible_distribution == "Debian"
    - (ansible_distribution_major_version|int() == 9) or
      (ansible_distribution_major_version|int() == 10)

- name: postfix master.cf debian11-99
  tags: postfix
  patch:
    src: postfix_master.cf.patch.bullseye
    dest: /etc/postfix/master.cf
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11)

- name: postfix master.cf ubuntu20
  tags: postfix
  patch:
    src: postfix_master.cf.patch.ubuntu20.04
    dest: /etc/postfix/master.cf
  when:
    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)

- name: postfix master.cf ubuntu22-99
  tags: postfix
  patch:
    src: postfix_master.cf.patch.ubuntu22.04
    dest: /etc/postfix/master.cf
  when:
    - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)

- name: postfix relayhost
  tags: postfix
  lineinfile:
    dest: /etc/postfix/main.cf
    regexp: '^relayhost\s'
    line: "relayhost = {{ postfix_relayhost }}"
  when: postfix_relayhost is defined

- name: pvresize
  tags:
    - lvm
    - vmware
  shell: 'pvresize $(pvs --noheadings -o pv_name)'

- name: /data in fstab
  tags: lvm
  lineinfile:
    dest: /etc/fstab
    line: '/dev/mapper/vg00-data /data           ext4    defaults        0       2'
  register: fstab_data

- name: create /dev/vg00/data
  tags: lvm
  lvol:
    vg: vg00
    lv: data
    size: "{{ datasize | default('50%FREE') }}"
  when: fstab_data.changed

- name: ext4 filesystem on /dev/vg00/data
  tags: lvm
  filesystem:
    dev: /dev/vg00/data
    fstype: ext4
  when: fstab_data.changed

- name: mount /data
  tags: lvm
  shell: 'mkdir -p /data && mount /data'
  when: fstab_data.changed

- name: bash profile.d
  file:
    path: "/etc/profile.d"
    state: directory
    mode: 0755

- name: bash vtysh pager
  copy:
    dest: "/etc/profile.d/vtysh.sh"
    mode: 0644
    content: "export VTYSH_PAGER='less -F'\n"

- name: bash history
  copy:
    src: history.sh
    dest: /etc/profile.d/history.sh
    mode: 0644

- name: etcbackup
  copy:
    src: etcbackup.sh
    dest: /usr/local/sbin/etcbackup.sh
    mode: 0755

- name: etcbackup cron
  lineinfile:
    dest: /etc/cron.d/etcbackup
    regexp: "/usr/local/sbin/etcbackup.sh"
    line: "50 22   * * *   root   /usr/local/sbin/etcbackup.sh"
    create: yes


# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: