274 lines
7.4 KiB
YAML
274 lines
7.4 KiB
YAML
---
|
|
# from Debian 13 /tmp is tmpfs
|
|
- name: /tmp bind mount in fstab
|
|
lineinfile:
|
|
dest: /etc/fstab
|
|
line: '/var/tmp /tmp none bind 0 0'
|
|
register: fstab_tmp
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 12) or
|
|
ansible_distribution == "Ubuntu" or
|
|
ansible_distribution == "RedHat" or
|
|
ansible_distribution == "AlmaLinux"
|
|
|
|
- name: mount /tmp
|
|
shell: 'mv /tmp/ /old-tmp; mkdir /tmp; mount /tmp; mv /old-tmp /tmp'
|
|
when:
|
|
- ((ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 12) or
|
|
ansible_distribution == "Ubuntu" or
|
|
ansible_distribution == "RedHat" or
|
|
ansible_distribution == "AlmaLinux")
|
|
and fstab_tmp.changed
|
|
|
|
##############################################################################
|
|
# debian-ubuntu /redhat
|
|
|
|
- name: include debian/ubuntu specific
|
|
include_tasks: debian.yml
|
|
when: (ansible_distribution == "Debian" or ansible_distribution == "Ubuntu")
|
|
|
|
- name: include redhat specific
|
|
include_tasks: redhat.yml
|
|
when: ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
|
|
|
|
##############################################################################
|
|
|
|
- name: remove install user
|
|
user:
|
|
name: install
|
|
state: absent
|
|
force: yes
|
|
|
|
- name: remove install user's home directory
|
|
file:
|
|
path: /home/install
|
|
state: absent
|
|
|
|
- name: "remove our key from root's authorized_keys (will use ansible user in future)"
|
|
authorized_key:
|
|
user: root
|
|
state: absent
|
|
key: "{{ mgmt_ssh_key }}"
|
|
|
|
- name: ntpd configuration
|
|
when:
|
|
- ansible_distribution == "Debian" or
|
|
ansible_distribution == "Ubuntu" or
|
|
(ansible_distribution == "RedHat" and ansible_distribution_major_version|int() == 9) or
|
|
(ansible_distribution == "AlmaLinux" and ansible_distribution_major_version|int() == 9)
|
|
block:
|
|
- name: find ntp.conf
|
|
tags: ntp
|
|
command: "find /etc -name ntp.conf"
|
|
register: find_ntpconf
|
|
|
|
- name: set ntpconf variable
|
|
set_fact:
|
|
ntpconf: "{{ find_ntpconf.stdout_lines[0] }}"
|
|
|
|
- name: ntp.conf remove factory ntp servers
|
|
tags: ntp
|
|
lineinfile:
|
|
dest: "{{ ntpconf }}"
|
|
regexp: '^(pool|server)\s'
|
|
state: absent
|
|
|
|
- name: ntp.conf set ntp server
|
|
tags: ntp
|
|
lineinfile:
|
|
dest: "{{ ntpconf }}"
|
|
regexp: '^(pool|server)\s'
|
|
line: "server {{ ntp }} iburst"
|
|
insertafter: '^# pool:'
|
|
|
|
- name: ntp.conf remove limited, debian9-99 ubuntu20-99
|
|
tags: ntp
|
|
replace:
|
|
path: "{{ ntpconf }}"
|
|
regexp: "noquery limited"
|
|
replace: "noquery"
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or
|
|
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
|
|
|
|
- name: ntp.conf set minsane 1
|
|
tags: ntp
|
|
replace:
|
|
path: "{{ ntpconf }}"
|
|
regexp: "minsane \\d+"
|
|
replace: "minsane 1"
|
|
|
|
- name: chrony configuration
|
|
when:
|
|
- ansible_distribution == "RedHat" and ansible_distribution_major_version|int() >= 10
|
|
block:
|
|
- name: chrony.conf remove factory ntp servers
|
|
tags: ntp
|
|
lineinfile:
|
|
dest: /etc/chrony.conf
|
|
regexp: '^(pool|server|sourcedir)\s'
|
|
state: absent
|
|
|
|
- name: chrony.conf set ntp server
|
|
tags: ntp
|
|
lineinfile:
|
|
dest: /etc/chrony.conf
|
|
regexp: '^(pool|server)\s'
|
|
line: "server {{ ntp }} iburst"
|
|
insertafter: '^# Please consider'
|
|
|
|
- name: chrony.conf set allow
|
|
tags: ntp
|
|
lineinfile:
|
|
dest: /etc/chrony.conf
|
|
regexp: '^allow\s'
|
|
line: "allow all"
|
|
insertafter: '^#allow'
|
|
|
|
- name: postfix master.cf debian8
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.jessie
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "8"
|
|
|
|
- name: postfix master.cf debian9-10
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.stretch
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- (ansible_distribution_major_version|int() == 9) or
|
|
(ansible_distribution_major_version|int() == 10)
|
|
|
|
- name: postfix master.cf debian11-12
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.bullseye
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11 and ansible_distribution_major_version|int() <= 12)
|
|
|
|
- name: postfix master.cf debian13-99
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.deb13
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 13)
|
|
|
|
- name: postfix master.cf ubuntu20
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.ubuntu20.04
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)
|
|
|
|
- name: postfix master.cf ubuntu22-99
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.ubuntu22.04
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)
|
|
|
|
- name: postfix master.cf redhat
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.redhat9
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
|
|
|
|
- name: enable postfix service on redhat
|
|
tags: postfix
|
|
systemd_service:
|
|
name: postfix
|
|
enabled: yes
|
|
when:
|
|
- ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
|
|
|
|
- name: postfix inet_protocols ipv4 (redhat)
|
|
tags: postfix
|
|
lineinfile:
|
|
dest: /etc/postfix/main.cf
|
|
regexp: '^inet_protocols\s'
|
|
line: "inet_protocols = ipv4"
|
|
when:
|
|
- ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
|
|
|
|
- name: postfix myhostname (redhat)
|
|
tags: postfix
|
|
lineinfile:
|
|
dest: /etc/postfix/main.cf
|
|
regexp: '^myhostname\s'
|
|
line: "myhostname = {{ hostname }}.{{ domain }}"
|
|
when:
|
|
- ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
|
|
|
|
- name: postfix relayhost
|
|
tags: postfix
|
|
lineinfile:
|
|
dest: /etc/postfix/main.cf
|
|
regexp: '^relayhost\s'
|
|
line: "relayhost = {{ postfix_relayhost }}"
|
|
when: postfix_relayhost is defined
|
|
|
|
- name: pvresize
|
|
tags:
|
|
- lvm
|
|
- vmware
|
|
shell: 'pvresize $(pvs --noheadings -o pv_name)'
|
|
|
|
- name: /data in fstab
|
|
tags: lvm
|
|
lineinfile:
|
|
dest: /etc/fstab
|
|
line: '/dev/mapper/vg00-data /data ext4 defaults 0 2'
|
|
register: fstab_data
|
|
|
|
- name: create /dev/vg00/data
|
|
tags: lvm
|
|
lvol:
|
|
vg: vg00
|
|
lv: data
|
|
size: "{{ datasize | default('50%FREE') }}"
|
|
when: fstab_data.changed
|
|
|
|
- name: ext4 filesystem on /dev/vg00/data
|
|
tags: lvm
|
|
filesystem:
|
|
dev: /dev/vg00/data
|
|
fstype: ext4
|
|
when: fstab_data.changed
|
|
|
|
- name: mount /data
|
|
tags: lvm
|
|
shell: 'mkdir -p /data && mount /data'
|
|
when: fstab_data.changed
|
|
|
|
- name: bash profile.d
|
|
file:
|
|
path: "/etc/profile.d"
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: bash vtysh pager
|
|
copy:
|
|
dest: "/etc/profile.d/vtysh.sh"
|
|
mode: 0644
|
|
content: "export VTYSH_PAGER='less -F'\n"
|
|
|
|
- name: set vm swappiness
|
|
lineinfile:
|
|
dest: /etc/sysctl.d/swappiness.conf
|
|
regexp: '^vm.swappiness\s='
|
|
line: "vm.swappiness = 2"
|
|
create: yes
|
|
|
|
# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:
|