vn-ansible/linux/base-config-debian/roles/base-config-debian-os/tasks/main.yaml

---

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Reconfigure locales - enable en_US-UTF8 and es_ES-UTF8
- name: reconfigure locales enable en_US-UTF8 and es_ES-UTF8
  debconf:
    name: locales
    question: locales/default_environment_locale
    value: en_US-UTF8, es_ES-UTF8
    vtype: multiselect
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Reconfigure timezone - Europe/Madrid
- name: reconfigure timezone Europe/Madrid
  debconf:
    name: tzdata
    question: tzdata/Zones/Europe
    value: Madrid
    vtype: select
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# update packages
- name: update packages
  apt:
    name: "*"
    state: latest
    update_cache: true
    force_apt_get: true
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# upgrade packages
- name: upgrade packages
  apt:
    upgrade: dist
    state: latest
    force_apt_get: true
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# install packages
- name: install some packages (vim htop psmisc aptitude)
  apt:
    name: "{{ item }}"
    state: present
  with_items:
    - vim
    - htop
    - psmisc
    - aptitude
    - nslcd
    - exim4
    - fail2ban
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Reconfigure relayhost smtp to smtp.verdnatura.es
- name: reconfigure relayhost to smtp.verdnatura.es
  lineinfile:
    dest: "{{ exim_configuration_file }}"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: present
    mode: 0644
  with_items:
    - regexp: '^dc_eximconfig_configtype'
      line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'"
    - regexp: '^dc_other_hostnames'
      line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es"
    - regexp: '^dc_local_interfaces'
      line: "dc_local_interfaces='{{ dc_local_interfaces }}'"
    - regexp: '^dc_readhost'
      line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es"
    - regexp: '^dc_relay_domains'
      line: "dc_relay_domains='{{ dc_relay_domains }}'"
    - regexp: '^dc_minimaldns'
      line: "dc_minimaldns='{{ dc_minimaldns }}'"
    - regexp: '^dc_relay_nets'
      line: "dc_relay_nets='{{ dc_relay_nets }}'"
    - regexp: '^dc_smarthost'
      line: "dc_smarthost='{{ dc_smarthost }}'"
    - regexp: '^CFILEMODE'
      line: "CFILEMODE='{{ CFILEMODE }}'"
    - regexp: '^dc_use_split_config'
      line: "dc_use_split_config='{{ dc_use_split_config }}'"
    - regexp: '^dc_hide_mailname'
      line: "dc_hide_mailname='{{ dc_hide_mailname }}'"
    - regexp: '^dc_mailname_in_oh'
      line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'"
    - regexp: '^dc_localdelivery'
      line: "dc_localdelivery='{{ dc_localdelivery }}'"
  notify: restart exim4
  register: exim4_config
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK :(
#- name: reconfigure relayhost to smtp.verdnatura.es
#  debconf:
#    name: exim4-config
#    question: "{{ item.name }}"
#    value: "{{ item.value }}"
#    vtype: string
#  loop:
#    - name: exim4/dc_smarthost
#      value: smtp.verdnatura.es
#    - name: exim4/dc_local_interfaces
#      value: ""
#    - name: exim4/dc_minimaldns
#      value: 'false'
#    - name: exim4/dc_readhost
#      value: "{{ ansible_nodename }}"  # var to define survey(encuesta)
#    - name: exim4/dc_other_hostnames
#      value: ""
#    - name: exim4/dc_eximconfig_configtype
#      value: "mail sent by smarthost; no local mail"
#    - name: exim4/mailname
#      value: "{{ ansible_nodename }}"  # var to define survey(encuesta)
#    - name: exim4/use_split_config
#      value: 'false'
#
# generate master config
#- name: generate master config
#  command: update-exim4.conf
#  notify: apply reconfig
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK :(
# NEEDS to INSTALL more MODULES with -> ansible-galaxy collection install community.general
#
# Send mail to verify relay-host
#- name: sending mail to verify exim4 config works
#  mail:
#    host: smtp.verdnatura.es
#    port: 465
#    subject: Verify Ansible playbook deployment exim4
#    body: Hello , this is an e-mail to verify exim4 config works on {{ ansible_facts['ansible_nodename'] }}
#    to: 
#    - informatica@verdnatura.es
#    - rubenb@verdnatura.es
#  delegate_to: localhost
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Send mail to verify relay-host
# Create file with message
#- name: create file and add line
#  lineinfile:
#    path: /tmp/messagefileverify
#    line: Verify send email from host {{ ansible_nodename }}'.verdnatura.es with mailx , bye.
#    create: yes
# Send mail with module shell (shell module accepts pipes "|" , command module dont accept pipes)
- name: sending mail to verify exim4 config works
  shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es informatica@verdnatura.es
  when: exim4_config.changed
# Delete tmp file /tmp/messagefileverify
#- name: delete tmp file /tmp/messagefileverify
#  file:
#    path: /tmp/messagefileverify
#    state: absent
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# configure centralized authentication [nslcd]
# paso1 - Copy

# paso2 - lineinfile password with vault

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Proteger grub
- name: GRUB se password boot protection
  blockinfile:
    path: /etc/grub.d/40_custom
    block: |
      set superusers="{{ user_grub }}"
      password_pbkdf2 {{ user_grub }} {{ code_grub }}
  register: grub_register

# update grub
- name: update grub config
  command: update-grub
  when: grub_register.changed

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Install and configure FAIL2BAN
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
install and config exim4 2023-10-13 11:24:56 +00:00			`---`

add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
install and config exim4 2023-10-13 11:24:56 +00:00			`# Reconfigure locales - enable en_US-UTF8 and es_ES-UTF8`
			`- name: reconfigure locales enable en_US-UTF8 and es_ES-UTF8`
			`debconf:`
			`name: locales`
			`question: locales/default_environment_locale`
			`value: en_US-UTF8, es_ES-UTF8`
			`vtype: multiselect`
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
install and config exim4 2023-10-13 11:24:56 +00:00
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
install and config exim4 2023-10-13 11:24:56 +00:00			`# Reconfigure timezone - Europe/Madrid`
			`- name: reconfigure timezone Europe/Madrid`
change module timezone to debconf 2023-10-13 11:45:50 +00:00			`debconf:`
			`name: tzdata`
			`question: tzdata/Zones/Europe`
			`value: Madrid`
			`vtype: select`
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
install and config exim4 2023-10-13 11:24:56 +00:00
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
install and config exim4 2023-10-13 11:24:56 +00:00			`# update packages`
			`- name: update packages`
			`apt:`
			`name: "*"`
			`state: latest`
modify update and upgrade packages 2023-10-16 05:40:25 +00:00			`update_cache: true`
			`force_apt_get: true`
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
install and config exim4 2023-10-13 11:24:56 +00:00
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
install and config exim4 2023-10-13 11:24:56 +00:00			`# upgrade packages`
			`- name: upgrade packages`
			`apt:`
			`upgrade: dist`
			`state: latest`
modify update and upgrade packages 2023-10-16 05:40:25 +00:00			`force_apt_get: true`
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
install and config exim4 2023-10-13 11:24:56 +00:00
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
reconfigure relayhost with exim4 2023-10-13 12:49:11 +00:00			`# install packages`
			`- name: install some packages (vim htop psmisc aptitude)`
install and config exim4 2023-10-13 11:24:56 +00:00			`apt:`
reconfigure relayhost with exim4 2023-10-13 12:49:11 +00:00			`name: "{{ item }}"`
install and config exim4 2023-10-13 11:24:56 +00:00			`state: present`
reconfigure relayhost with exim4 2023-10-13 12:49:11 +00:00			`with_items:`
			`- vim`
			`- htop`
			`- psmisc`
			`- aptitude`
			`- nslcd`
			`- exim4`
add grub config 2023-10-17 08:04:48 +00:00			`- fail2ban`
			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
reconfigure relayhost with exim4 2023-10-13 12:49:11 +00:00
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
install and config exim4 2023-10-13 11:24:56 +00:00			`# Reconfigure relayhost smtp to smtp.verdnatura.es`
			`- name: reconfigure relayhost to smtp.verdnatura.es`
exim changes 2023-10-16 11:48:20 +00:00			`lineinfile:`
			`dest: "{{ exim_configuration_file }}"`
			`regexp: "{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`state: present`
			`mode: 0644`
			`with_items:`
			`- regexp: '^dc_eximconfig_configtype'`
			`line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'"`
			`- regexp: '^dc_other_hostnames'`
add domain lines exim4 2023-10-16 13:13:31 +00:00			`line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es"`
exim changes 2023-10-16 11:48:20 +00:00			`- regexp: '^dc_local_interfaces'`
			`line: "dc_local_interfaces='{{ dc_local_interfaces }}'"`
			`- regexp: '^dc_readhost'`
add domain lines exim4 2023-10-16 13:13:31 +00:00			`line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es"`
exim changes 2023-10-16 11:48:20 +00:00			`- regexp: '^dc_relay_domains'`
			`line: "dc_relay_domains='{{ dc_relay_domains }}'"`
			`- regexp: '^dc_minimaldns'`
			`line: "dc_minimaldns='{{ dc_minimaldns }}'"`
			`- regexp: '^dc_relay_nets'`
			`line: "dc_relay_nets='{{ dc_relay_nets }}'"`
			`- regexp: '^dc_smarthost'`
			`line: "dc_smarthost='{{ dc_smarthost }}'"`
			`- regexp: '^CFILEMODE'`
			`line: "CFILEMODE='{{ CFILEMODE }}'"`
			`- regexp: '^dc_use_split_config'`
			`line: "dc_use_split_config='{{ dc_use_split_config }}'"`
			`- regexp: '^dc_hide_mailname'`
			`line: "dc_hide_mailname='{{ dc_hide_mailname }}'"`
			`- regexp: '^dc_mailname_in_oh'`
			`line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'"`
			`- regexp: '^dc_localdelivery'`
			`line: "dc_localdelivery='{{ dc_localdelivery }}'"`
			`notify: restart exim4`
add register and when to exim4 2023-10-17 09:23:27 +00:00			`register: exim4_config`
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
exim4 test 2023-10-16 07:51:12 +00:00
exim changes 2023-10-16 11:48:20 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# DONT WORK :(`
			`#- name: reconfigure relayhost to smtp.verdnatura.es`
			`# debconf:`
			`# name: exim4-config`
			`# question: "{{ item.name }}"`
			`# value: "{{ item.value }}"`
			`# vtype: string`
			`# loop:`
			`# - name: exim4/dc_smarthost`
			`# value: smtp.verdnatura.es`
			`# - name: exim4/dc_local_interfaces`
			`# value: ""`
			`# - name: exim4/dc_minimaldns`
			`# value: 'false'`
			`# - name: exim4/dc_readhost`
			`# value: "{{ ansible_nodename }}" # var to define survey(encuesta)`
			`# - name: exim4/dc_other_hostnames`
			`# value: ""`
			`# - name: exim4/dc_eximconfig_configtype`
			`# value: "mail sent by smarthost; no local mail"`
			`# - name: exim4/mailname`
			`# value: "{{ ansible_nodename }}" # var to define survey(encuesta)`
			`# - name: exim4/use_split_config`
			`# value: 'false'`
			`#`
test 2023-10-16 09:10:49 +00:00			`# generate master config`
exim changes 2023-10-16 11:48:20 +00:00			`#- name: generate master config`
			`# command: update-exim4.conf`
			`# notify: apply reconfig`
			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
reconfigure relayhost with exim4 2023-10-13 12:49:11 +00:00
delete print hostname 2023-10-16 13:24:14 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
add grub config 2023-10-17 08:04:48 +00:00			`# DONT WORK :(`
delete print hostname 2023-10-16 13:24:14 +00:00			`# NEEDS to INSTALL more MODULES with -> ansible-galaxy collection install community.general`
			`#`
added verify send mail 2023-10-16 06:08:52 +00:00			`# Send mail to verify relay-host`
comment send mail 2023-10-16 06:33:12 +00:00			`#- name: sending mail to verify exim4 config works`
			`# mail:`
			`# host: smtp.verdnatura.es`
			`# port: 465`
			`# subject: Verify Ansible playbook deployment exim4`
			`# body: Hello , this is an e-mail to verify exim4 config works on {{ ansible_facts['ansible_nodename'] }}`
			`# to:`
			`# - informatica@verdnatura.es`
			`# - rubenb@verdnatura.es`
			`# delegate_to: localhost`
delete print hostname 2023-10-16 13:24:14 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`

add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# Send mail to verify relay-host`
update mail 2023-10-17 08:59:24 +00:00			`# Create file with message`
update mail 2023-10-17 09:08:29 +00:00			`#- name: create file and add line`
			`# lineinfile:`
			`# path: /tmp/messagefileverify`
			`# line: Verify send email from host {{ ansible_nodename }}'.verdnatura.es with mailx , bye.`
			`# create: yes`
update send mail 2023-10-17 09:18:17 +00:00			`# Send mail with module shell (shell module accepts pipes "\|" , command module dont accept pipes)`
add grub config 2023-10-17 08:04:48 +00:00			`- name: sending mail to verify exim4 config works`
update send mail 2023-10-17 09:18:17 +00:00			`shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." \| mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es informatica@verdnatura.es`
add register and when to exim4 2023-10-17 09:23:27 +00:00			`when: exim4_config.changed`
update mail 2023-10-17 08:59:24 +00:00			`# Delete tmp file /tmp/messagefileverify`
update mail 2023-10-17 09:08:29 +00:00			`#- name: delete tmp file /tmp/messagefileverify`
			`# file:`
			`# path: /tmp/messagefileverify`
			`# state: absent`
add grub config 2023-10-17 08:04:48 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`

delete print hostname 2023-10-16 13:24:14 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# configure centralized authentication [nslcd]`
			`# paso1 - Copy`

			`# paso2 - lineinfile password with vault`
added verify send mail 2023-10-16 06:08:52 +00:00
delete print hostname 2023-10-16 13:24:14 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
added verify send mail 2023-10-16 06:08:52 +00:00
delete print hostname 2023-10-16 13:24:14 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# Proteger grub`
add grub config 2023-10-17 08:04:48 +00:00			`- name: GRUB se password boot protection`
			`blockinfile:`
			`path: /etc/grub.d/40_custom`
			`block: \|`
update grub 2023-10-17 08:19:35 +00:00			`set superusers="{{ user_grub }}"`
			`password_pbkdf2 {{ user_grub }} {{ code_grub }}`
add when to update grub 2023-10-17 08:48:34 +00:00			`register: grub_register`
add update grub 2023-10-17 08:07:51 +00:00
			`# update grub`
			`- name: update grub config`
			`command: update-grub`
add when to update grub 2023-10-17 08:48:34 +00:00			`when: grub_register.changed`
add update grub 2023-10-17 08:07:51 +00:00
delete print hostname 2023-10-16 13:24:14 +00:00			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`

			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# Install and configure FAIL2BAN`
			`#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`