539 lines
12 KiB
YAML
539 lines
12 KiB
YAML
---
|
|
- name: /tmp bind mount in fstab
|
|
lineinfile:
|
|
dest: /etc/fstab
|
|
line: '/var/tmp /tmp none bind 0 0'
|
|
register: fstab_tmp
|
|
|
|
- name: mount /tmp
|
|
shell: 'mv /tmp/ /old-tmp; mkdir /tmp; mount /tmp; mv /old-tmp /tmp'
|
|
when: fstab_tmp.changed
|
|
|
|
- name: apt.conf proxy
|
|
lineinfile:
|
|
dest: /etc/apt/apt.conf
|
|
regexp: '^Acquire::http::Proxy'
|
|
line: 'Acquire::http::Proxy "{{ aptproxy }}";'
|
|
create: yes
|
|
when:
|
|
- aptproxy is defined
|
|
|
|
- name: remove nano
|
|
tags: apt
|
|
apt:
|
|
name: nano
|
|
state: absent
|
|
purge: yes
|
|
|
|
- name: remove ubuntu cloud init, etc.
|
|
tags: apt
|
|
apt:
|
|
name:
|
|
- cloud-init
|
|
- cloud-guest-utils
|
|
- cloud-initramfs-dyn-netconf
|
|
- cloud-initramfs-copymods
|
|
- netplan.io
|
|
state: absent
|
|
purge: yes
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
|
|
- name: disable systemd-networkd-wait-online.service on ubuntu
|
|
service:
|
|
name: systemd-networkd-wait-online.service
|
|
enabled: false
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
|
|
- name: apt sources.list debian5
|
|
copy:
|
|
src: sources.list.lenny
|
|
dest: /etc/apt/sources.list
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "5"
|
|
tags: apt
|
|
|
|
- name: apt.conf allow-unauthenticated debian5
|
|
lineinfile:
|
|
dest: /etc/apt/apt.conf
|
|
line: 'APT::Get::AllowUnauthenticated "true";'
|
|
create: yes
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "5"
|
|
tags: apt
|
|
|
|
- name: apt sources.list debian6
|
|
copy:
|
|
src: sources.list.squeeze
|
|
dest: /etc/apt/sources.list
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "6"
|
|
tags: apt
|
|
|
|
- name: apt.conf check-valid-until debian6
|
|
lineinfile:
|
|
dest: /etc/apt/apt.conf
|
|
line: 'Acquire::Check-Valid-Until "0";'
|
|
create: yes
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "6"
|
|
tags: apt
|
|
|
|
- name: apt sources.list debian8
|
|
tags: apt
|
|
copy:
|
|
src: sources.list.jessie
|
|
dest: /etc/apt/sources.list
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "8"
|
|
|
|
- name: apt sources.list debian9
|
|
tags: apt
|
|
copy:
|
|
src: sources.list.stretch
|
|
dest: /etc/apt/sources.list
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "9"
|
|
|
|
- name: apt sources.list debian10
|
|
tags: apt
|
|
copy:
|
|
src: sources.list.buster
|
|
dest: /etc/apt/sources.list
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "10"
|
|
|
|
- name: apt sources.list debian11
|
|
tags: apt
|
|
copy:
|
|
src: sources.list.bullseye
|
|
dest: /etc/apt/sources.list
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version == "11")
|
|
|
|
- name: apt sources.list debian12
|
|
tags: apt
|
|
copy:
|
|
src: sources.list.bookworm
|
|
dest: /etc/apt/sources.list
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() == 12)
|
|
|
|
- name: apt.conf allow unauthenticated debian8
|
|
tags: apt
|
|
lineinfile:
|
|
dest: /etc/apt/apt.conf
|
|
regexp: '^APT::Get::AllowUnauthenticated'
|
|
line: 'APT::Get::AllowUnauthenticated "1";'
|
|
create: yes
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "8"
|
|
|
|
- name: apt.conf allow expired debian8
|
|
tags: apt
|
|
lineinfile:
|
|
dest: /etc/apt/apt.conf
|
|
regexp: '^Acquire::Check-Valid-Until'
|
|
line: 'Acquire::Check-Valid-Until "0";'
|
|
create: yes
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "8"
|
|
|
|
# ha veletlenul /dev/sdb lesz a bootdisk, elhasalna a grub-pc non-interacive
|
|
# upgrade-je a kovetkezo lepesben
|
|
- name: set debconf grub-pc/install_devices to /dev/sdb if needed
|
|
tags: apt
|
|
shell: 'mount | grep -q "/dev/sdb1 .* /boot" && (echo "set grub-pc/install_devices /dev/sdb" | debconf-communicate) || true'
|
|
|
|
- name: apt update
|
|
tags: apt
|
|
apt:
|
|
update_cache: yes
|
|
|
|
- name: install packages
|
|
tags: apt
|
|
apt:
|
|
name: aptitude
|
|
state: present
|
|
|
|
- name: apt full-upgrade
|
|
tags: apt
|
|
apt:
|
|
upgrade: full
|
|
|
|
- name: reset grub-pc/install_devices if changed 4 steps earlier
|
|
tags: apt
|
|
shell: 'mount | grep -q "/dev/sdb1 .* /boot" && (echo "set grub-pc/install_devices /dev/sda" | debconf-communicate) || true'
|
|
|
|
- name: install common packages for all opsys versions
|
|
tags: apt
|
|
apt:
|
|
name:
|
|
- bind9-host
|
|
- bzip2
|
|
- curl
|
|
- file
|
|
- git
|
|
- bsd-mailx
|
|
- iotop
|
|
- libpam-systemd
|
|
- locales
|
|
- lsof
|
|
- make
|
|
- mc
|
|
- mtr-tiny
|
|
- ngrep
|
|
- openssl
|
|
- parted
|
|
- patch
|
|
- postfix
|
|
- psmisc
|
|
- pwgen
|
|
- rename
|
|
- rsync
|
|
- screen
|
|
- strace
|
|
- subversion
|
|
- sysstat
|
|
- tcpdump
|
|
- telnet
|
|
- unzip
|
|
- vim
|
|
- w3m
|
|
- xz-utils
|
|
- zip
|
|
- libfile-slurp-perl
|
|
- libjson-perl
|
|
- net-tools
|
|
- man
|
|
- ifupdown
|
|
- mosh
|
|
state: present
|
|
|
|
- name: install packages for debian0-11 ubuntu20
|
|
tags: apt
|
|
apt:
|
|
name:
|
|
- ntp
|
|
- ntpdate
|
|
- mlocate
|
|
state: present
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() <= 11) or
|
|
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)
|
|
|
|
- name: install packages for debian0-10
|
|
tags: apt
|
|
apt:
|
|
name:
|
|
- dnsutils
|
|
state: present
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version|int() <= 10
|
|
|
|
- name: install packages for debian11-99 ubuntu20-99
|
|
tags: apt
|
|
apt:
|
|
name:
|
|
- bind9-dnsutils
|
|
- rsyslog
|
|
- plocate
|
|
state: present
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
|
|
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
|
|
|
|
- name: install packages for debian12-99 ubuntu22-99
|
|
tags: apt
|
|
apt:
|
|
name:
|
|
- ntpsec
|
|
- ntpsec-ntpdate
|
|
state: present
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12) or
|
|
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)
|
|
|
|
- name: install packages for ubuntu22-99
|
|
tags: apt
|
|
apt:
|
|
name:
|
|
- iputils-ping
|
|
state: present
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)
|
|
|
|
- name: open-vm-tools
|
|
apt:
|
|
name: open-vm-tools
|
|
state: present
|
|
purge: yes
|
|
tags:
|
|
- vmware
|
|
- apt
|
|
|
|
- name: remove install user
|
|
user:
|
|
name: install
|
|
state: absent
|
|
force: yes
|
|
|
|
- name: remove install user's home directory
|
|
file:
|
|
path: /home/install
|
|
state: absent
|
|
|
|
- name: "remove our key from root's authorized_keys"
|
|
authorized_key:
|
|
user: root
|
|
state: absent
|
|
key: "{{ mgmt_ssh_key }}"
|
|
|
|
- name: "disable sshd X11Forwarding"
|
|
copy:
|
|
content: "X11Forwarding no"
|
|
dest: /etc/ssh/sshd_config.d/x11forwarding.conf
|
|
|
|
- name: copy pf6 package
|
|
tags: pf6
|
|
copy:
|
|
src: pf6_1_all.deb
|
|
dest: /tmp
|
|
|
|
- name: install pf6 package
|
|
tags: pf6
|
|
apt:
|
|
deb: /tmp/pf6_1_all.deb
|
|
|
|
- name: sysstat enable
|
|
tags: sysstat
|
|
lineinfile:
|
|
dest: /etc/default/sysstat
|
|
regexp: "^ENABLED="
|
|
line: 'ENABLED="true"'
|
|
|
|
- name: sysstat every minute
|
|
tags: sysstat
|
|
patch:
|
|
src: sysstat_minutely.patch
|
|
dest: /etc/cron.d/sysstat
|
|
|
|
- name: grub defaults, debian8
|
|
tags: grub
|
|
patch:
|
|
src: default_grub.patch.jessie
|
|
dest: /etc/default/grub
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "8"
|
|
|
|
- name: grub defaults, debian9-11
|
|
tags: grub
|
|
patch:
|
|
src: default_grub.patch.stretch
|
|
dest: /etc/default/grub
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9 and ansible_distribution_major_version|int() < 12)
|
|
|
|
- name: grub defaults, debian12-99
|
|
tags: grub
|
|
patch:
|
|
src: default_grub.patch.bookworm
|
|
dest: /etc/default/grub
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 12)
|
|
|
|
- name: grub defaults, ubuntu20-99
|
|
tags: grub
|
|
lineinfile:
|
|
path: /etc/default/grub
|
|
regexp: "^GRUB_CMDLINE_LINUX="
|
|
line: 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"'
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
|
|
|
|
- name: update-grub
|
|
tags: grub
|
|
command: update-grub
|
|
|
|
- name: edit locale.gen
|
|
tags: locales
|
|
replace:
|
|
dest: /etc/locale.gen
|
|
regexp: '^#\s*(hu_HU|en_US)'
|
|
replace: '\1'
|
|
|
|
- name: run locale-gen
|
|
tags: locales
|
|
command: locale-gen
|
|
|
|
- name: find ntp.conf
|
|
tags: ntp
|
|
command: "find /etc -name ntp.conf"
|
|
register: find_ntpconf
|
|
|
|
- name: set ntpconf variable
|
|
set_fact:
|
|
ntpconf: "{{ find_ntpconf.stdout_lines[0] }}"
|
|
|
|
- name: ntp.conf remove factory ntp servers
|
|
tags: ntp
|
|
lineinfile:
|
|
dest: "{{ ntpconf }}"
|
|
regexp: '^(pool|server)\s'
|
|
state: absent
|
|
|
|
- name: ntp.conf set ntp server
|
|
tags: ntp
|
|
lineinfile:
|
|
dest: "{{ ntpconf }}"
|
|
regexp: '^(pool|server)\s'
|
|
line: "server {{ ntp }} iburst"
|
|
insertafter: '^# pool:'
|
|
|
|
- name: ntp.conf remove limited, debian9-99 ubuntu20-99
|
|
tags: ntp
|
|
replace:
|
|
path: "{{ ntpconf }}"
|
|
regexp: "noquery limited"
|
|
replace: "noquery"
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or
|
|
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
|
|
|
|
- name: ntp.conf set minsane 1
|
|
tags: ntp
|
|
replace:
|
|
path: "{{ ntpconf }}"
|
|
regexp: "minsane \\d+"
|
|
replace: "minsane 1"
|
|
|
|
- name: postfix master.cf debian8
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.jessie
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- ansible_distribution_major_version == "8"
|
|
|
|
- name: postfix master.cf debian9-10
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.stretch
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- ansible_distribution == "Debian"
|
|
- (ansible_distribution_major_version|int() == 9) or
|
|
(ansible_distribution_major_version|int() == 10)
|
|
|
|
- name: postfix master.cf debian11-99
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.bullseye
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11)
|
|
|
|
- name: postfix master.cf ubuntu20
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.ubuntu20.04
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() == 20)
|
|
|
|
- name: postfix master.cf ubuntu22-99
|
|
tags: postfix
|
|
patch:
|
|
src: postfix_master.cf.patch.ubuntu22.04
|
|
dest: /etc/postfix/master.cf
|
|
when:
|
|
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 22)
|
|
|
|
- name: postfix relayhost
|
|
tags: postfix
|
|
lineinfile:
|
|
dest: /etc/postfix/main.cf
|
|
regexp: '^relayhost\s'
|
|
line: "relayhost = {{ postfix_relayhost }}"
|
|
when: postfix_relayhost is defined
|
|
|
|
- name: pvresize
|
|
tags:
|
|
- lvm
|
|
- vmware
|
|
shell: 'pvresize $(pvs --noheadings -o pv_name)'
|
|
|
|
- name: /data in fstab
|
|
tags: lvm
|
|
lineinfile:
|
|
dest: /etc/fstab
|
|
line: '/dev/mapper/vg00-data /data ext4 defaults 0 2'
|
|
register: fstab_data
|
|
|
|
- name: create /dev/vg00/data
|
|
tags: lvm
|
|
lvol:
|
|
vg: vg00
|
|
lv: data
|
|
size: "{{ datasize | default('50%FREE') }}"
|
|
when: fstab_data.changed
|
|
|
|
- name: ext4 filesystem on /dev/vg00/data
|
|
tags: lvm
|
|
filesystem:
|
|
dev: /dev/vg00/data
|
|
fstype: ext4
|
|
when: fstab_data.changed
|
|
|
|
- name: mount /data
|
|
tags: lvm
|
|
shell: 'mkdir -p /data && mount /data'
|
|
when: fstab_data.changed
|
|
|
|
- name: bash profile.d
|
|
file:
|
|
path: "/etc/profile.d"
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: bash vtysh pager
|
|
copy:
|
|
dest: "/etc/profile.d/vtysh.sh"
|
|
mode: 0644
|
|
content: "export VTYSH_PAGER='less -F'\n"
|
|
|
|
- name: bash history
|
|
copy:
|
|
src: history.sh
|
|
dest: /etc/profile.d/history.sh
|
|
mode: 0644
|
|
|
|
- name: etcbackup
|
|
copy:
|
|
src: etcbackup.sh
|
|
dest: /usr/local/sbin/etcbackup.sh
|
|
mode: 0755
|
|
|
|
- name: etcbackup cron
|
|
lineinfile:
|
|
dest: /etc/cron.d/etcbackup
|
|
regexp: "/usr/local/sbin/etcbackup.sh"
|
|
line: "50 22 * * * root /usr/local/sbin/etcbackup.sh"
|
|
create: yes
|
|
|
|
|
|
# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:
|