verdnatura/vn-ansible
verdnatura
/
vn-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

delete unused role

This commit is contained in:
Ruben Blanco 2024-05-22 12:12:57 +02:00
parent 8f183effde
commit 9207640d52
6 changed files with 0 additions and 416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
roles/config-base-debian-os/defaults/main.yaml
View File

@ -1,14 +0,0 @@
---
exim_dc_eximconfig_configtype: satellite
dc_other_hostnames: "{{ ansible_nodename }}"
dc_local_interfaces: 127.0.0.1
dc_readhost: "{{ ansible_nodename }}"
dc_relay_domains: ""
dc_minimaldns: false
dc_relay_nets: ""
dc_smarthost: smtp.verdnatura.es
CFILEMODE: 644
dc_use_split_config: false
dc_hide_mailname: true
dc_mailname_in_oh: true
dc_localdelivery: mail_spool

40
roles/config-base-debian-os/files/mymotd.sh
View File

@ -1,40 +0,0 @@
#!/bin/bash
GREEN="\033[0;32m"
WHITE="\033[0;37m"
RED='\033[0;31m'
RESET="\033[0m"
#LAST_LOGIN_USER=$(lastlog | tail -n 1 | awk '{print $1}')
LAST_LOGIN_USER=$(last |head -n +2 | tail -n 1 | awk '{ print $1 }')
#LAST_LOGIN_TIME_HOUR=$(lastlog | tail -n 1 | awk '{print $4" "$5" "$6" "$7}')
LAST_LOGIN_TIME_HOUR=$(last |head -n +2 | tail -n 1 | awk '{ print $4" "$5" "$6" "$7" "$8" "$9 }')
#LAST_LOGIN_IP_FROM_USER=$(lastlog | tail -n 1 | awk '{print $3}')
LAST_LOGIN_IP_FROM_USER=$(last |head -n +2 | tail -n 1 | awk '{ print $3 }')
UPTIME_SYSTEM=$(uptime -p | tr -d ',')
NUMBER_USERS_CONNECTED=$(uptime | awk '{print $5" "$6}' | tr -d ",")
LIST_USERS_CONNECTED=$(w | tail -n +2)
KERNEL=$(uname -r)
PACKAGES=$(dpkg -l | tail -n +6 | wc -l)
SHELL=$(dpkg -l | grep bash | head -n 1 | awk '{ print $2 }')
BASH_VERSION_NUMBER=$(echo $BASH_VERSION | cut -c -6)
IP_LIST=$(for i in $(ip a | grep inet | grep -v "::" | awk {'print $2'}); do echo -e "ip -> $i"; done)
source /etc/os-release
echo -e "****************************************************************************"
echo -e "${WHITE} _${RESET}"
echo -e "${WHITE} | |${RESET}${GREEN} _${RESET}"
echo -e "${WHITE} _ _ ____ ____ _ | |${RESET}${GREEN} ____ ____| |_ _ _ ____ ____${RESET}"
echo -e "${WHITE}| | | / _ )/ ___) || |${RESET}${GREEN}| _ \ / _ | _) | | |/ ___) _ |${RESET}"
echo -e "${WHITE} \ V ( (/ /| | ( (_| |${RESET}${GREEN}| | | ( ( | | |_| |_| | | ( ( | |${RESET}"
echo -e "${WHITE} \_/ \____)_| \____|${RESET}${GREEN}|_| |_|\_||_|\___)____|_| \_||_|${RESET}"
echo -e ""
echo -e "${RED}Host:${RESET} $HOSTNAME"
echo -e "${RED}OS:${RESET} $PRETTY_NAME"
echo -e "${RED}IP:${RESET}\n$IP_LIST"
echo -e "${RED}Kernel:${RESET} $KERNEL"
echo -e "${RED}Packages:${RESET} $PACKAGES"
echo -e "${RED}Shell:${RESET} $SHELL $BASH_VERSION_NUMBER"
echo -e "${RED}Last Login:${RESET}\nUser -> $LAST_LOGIN_USER\nTime -> $LAST_LOGIN_TIME_HOUR\nIP -> $LAST_LOGIN_IP_FROM_USER"
echo -e "${RED}Uptime system:${RESET}\n$UPTIME_SYSTEM"
#echo -e "${RED}Number of Users connected to the system:${RESET}\n$NUMBER_USERS_CONNECTED"
echo -e "${RED}Users connected to the system:${RESET}\n$LIST_USERS_CONNECTED"
echo -e ""
echo -e "****************************************************************************"

15
roles/config-base-debian-os/files/nslcd.conf
View File

@ -1,15 +0,0 @@
# See nslcd.conf(5) for details.
uid nslcd
gid nslcd
uri ldap://ldap.verdnatura.es
base dc=verdnatura,dc=es
binddn cn=nss,ou=admins,dc=verdnatura,dc=es
bindpw passwordblablabla
pagesize 500
filter group (&(objectClass=posixGroup)(cn=sysadmin))
filter passwd (&(objectClass=posixAccount)(memberOf=cn=sysadmin,ou=dnGroups,dc=verdnatura,dc=es))
pam_authz_search (&(objectClass=posixGroup)(cn=sysadmin)(memberuid=$username))

20
roles/config-base-debian-os/handlers/main.yaml
View File

@ -1,20 +0,0 @@
---
# restart exim4 service to apply changes
- name: restart exim4
service:
name: "{{ exim_daemon }}"
state: restarted
# restart nslcd service to apply changes
- name: restart nslcd
service:
name: "{{ nslcd_daemon }}"
state: restarted
# update grub
- name: grub register
command: update-grub
# update timezone
- name: update timezone
command: dpkg-reconfigure --frontend noninteractive tzdata

312
roles/config-base-debian-os/tasks/main.yaml
View File

@ -1,312 +0,0 @@
---
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# update packages
- name: update packages
apt:
name: "*"
state: latest
update_cache: true
force_apt_get: true
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# upgrade packages
- name: upgrade packages
apt:
upgrade: dist
state: latest
force_apt_get: true
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# install packages
- name: install some packages
apt:
name: "{{ item }}"
state: present
with_items:
- vim
- htop
- psmisc
- aptitude
- ncat
- nslcd
- exim4
- usrmerge
- figlet
- rsyslog
# - iptables
- mlocate
- bind9-dnsutils
- task-spanish
- locales-all
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK BECAUSE THIS TASK ONLY CONFIGURE DEB PACKAGE , it needs to apply reconfigure , but dont works :(
# Reconfigure locales - enable en_US-UTF8 and es_ES-UTF8
#- name: reconfigure locales enable en_US-UTF8 and es_ES-UTF8
# debconf:
# name: locales
# question: locales/default_environment_locale
# value: en_US-UTF8, es_ES-UTF8
# vtype: multiselect
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# !!! WE NEED ANSIBLE COLLECTIONS community.general to use this module 'locale_gen'
# WE ARE DOING THIS WITH ANOTHER ROLE config-locales
#- name: reconfigure locales enable es_ES.UTF-8
# locale_gen:
# name: es_ES.UTF-8
# state: present
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK BECAUSE THIS TASK ONLY CONFIGURE DEB PACKAGE , it needs to apply reconfigure , but dont works :(
# Reconfigure timezone - Europe/Madrid
#- name: reconfigure timezone Europe/Madrid
# debconf:
# name: tzdata
# question: "{{ item.question }}"
# value: "{{ item.value }}"
# vtype: select
# with_items:
# - question: "tzdata/Zones/Europe"
# value: "Madrid"
# - question: "tzdata/Areas"
# value: "Europe"
# - question: "tzdata/Zones/Etc"
# value: "UTC"
# notify: update timezone
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# !!! WE NEED ANSIBLE COLLECTIONS community.general to use this module 'timezone'
# WE ARE DOING THIS WITH ANOTHER ROLE config-tzdata
#- name: reconfigure timezone to Europe/Madrid
# timezone:
# hwclock: "UTC"
# name: "Europe/Madrid"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Reconfigure relayhost smtp to smtp.verdnatura.es
- name: reconfigure relayhost to smtp.verdnatura.es
lineinfile:
dest: "{{ exim_configuration_file }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
mode: 0644
with_items:
- regexp: '^dc_eximconfig_configtype'
line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'"
- regexp: '^dc_other_hostnames'
line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es"
- regexp: '^dc_local_interfaces'
line: "dc_local_interfaces='{{ dc_local_interfaces }}'"
- regexp: '^dc_readhost'
line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es"
- regexp: '^dc_relay_domains'
line: "dc_relay_domains='{{ dc_relay_domains }}'"
- regexp: '^dc_minimaldns'
line: "dc_minimaldns='{{ dc_minimaldns }}'"
- regexp: '^dc_relay_nets'
line: "dc_relay_nets='{{ dc_relay_nets }}'"
- regexp: '^dc_smarthost'
line: "dc_smarthost='{{ dc_smarthost }}'"
- regexp: '^CFILEMODE'
line: "CFILEMODE='{{ CFILEMODE }}'"
- regexp: '^dc_use_split_config'
line: "dc_use_split_config='{{ dc_use_split_config }}'"
- regexp: '^dc_hide_mailname'
line: "dc_hide_mailname='{{ dc_hide_mailname }}'"
- regexp: '^dc_mailname_in_oh'
line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'"
- regexp: '^dc_localdelivery'
line: "dc_localdelivery='{{ dc_localdelivery }}'"
notify: restart exim4
register: exim4_config
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# service should start on boot.
- name: service should start on boot
service:
name: "{{ exim_daemon }}"
enabled: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK :(
#- name: reconfigure relayhost to smtp.verdnatura.es
# debconf:
# name: exim4-config
# question: "{{ item.name }}"
# value: "{{ item.value }}"
# vtype: string
# loop:
# - name: exim4/dc_smarthost
# value: smtp.verdnatura.es
# - name: exim4/dc_local_interfaces
# value: ""
# - name: exim4/dc_minimaldns
# value: 'false'
# - name: exim4/dc_readhost
# value: "{{ ansible_nodename }}" # var to define survey(encuesta)
# - name: exim4/dc_other_hostnames
# value: ""
# - name: exim4/dc_eximconfig_configtype
# value: "mail sent by smarthost; no local mail"
# - name: exim4/mailname
# value: "{{ ansible_nodename }}" # var to define survey(encuesta)
# - name: exim4/use_split_config
# value: 'false'
#
# generate master config
#- name: generate master config
# command: update-exim4.conf
# notify: apply reconfig
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK :(
# NEEDS to INSTALL more MODULES with -> ansible-galaxy collection install community.general
#
# Send mail to verify relay-host
#- name: sending mail to verify exim4 config works
# mail:
# host: smtp.verdnatura.es
# port: 465
# subject: Verify Ansible playbook deployment exim4
# body: Hello , this is an e-mail to verify exim4 config works on {{ ansible_facts['ansible_nodename'] }}
# to:
# - informatica@verdnatura.es
# - rubenb@verdnatura.es
# delegate_to: localhost
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Send mail to verify relay-host
# Create file with message
#- name: create file and add line
# lineinfile:
# path: /tmp/messagefileverify
# line: Verify send email from host {{ ansible_nodename }}'.verdnatura.es with mailx , bye.
# create: yes
# Send mail with module shell (shell module accepts pipes "|" , command module dont accept pipes)
- name: sending mail to verify exim4 config works
shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es sysadmin@verdnatura.es
when: exim4_config.changed
# Delete tmp file /tmp/messagefileverify
#- name: delete tmp file /tmp/messagefileverify
# file:
# path: /tmp/messagefileverify
# state: absent
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# configure centralized authentication [nslcd]
# paso1 - Copy
- name: copy file nslcd.conf
copy:
src: nslcd.conf
dest: /etc/nslcd.conf
owner: root
group: nslcd
mode: '0640'
backup: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso2 - lineinfile password with vault
- name: add password with ansible vault to file nslcd.conf
lineinfile:
dest: /etc/nslcd.conf
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^bindpw"
line: "bindpw {{ bindpw_password }}"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso3 - editar lineas fichero /etc/nsswitch.conf
- name: edit file /etc/nsswitch.conf
lineinfile:
dest: /etc/nsswitch.conf
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^passwd:"
line: "passwd: files systemd ldap"
- regexp: "^group:"
line: "group: files systemd ldap"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso4 - reconfigure PAM to use LDAP
- name: reconfigure PAM to use LDAP
shell: pam-auth-update --enable ldap
notify: restart nslcd
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# service should start on boot.
- name: service should start on boot
service:
name: "{{ nslcd_daemon }}"
enabled: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# configure sudo for sysadmin group
# paso1 - add sysadmin group to sudoers
- name: Add sysadmin group to sudoers
file:
path: /etc/sudoers.d/vn
state: touch
mode: u=rw,g=r,o=r
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso2 - add a line to /etc/sudoers.d/vn file
- name: add a line to /etc/sudoers.d/vn file
lineinfile:
path: "/etc/sudoers.d/vn"
line: "%sysadmin ALL=(ALL) NOPASSWD: ALL"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Secure GRUB edition with password
# paso1 - Proteger grub
- name: GRUB password boot protection
blockinfile:
path: /etc/grub.d/40_custom
block: |
set superusers="{{ user_grub }}"
password_pbkdf2 {{ user_grub }} {{ code_grub }}
notify: grub register
tags:
- grub-password
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Enable VIM options
# step1 - create file vimrc.local
- name: create file vimrc.local
file:
path: "{{ path_vimrclocal }}"
state: touch
mode: '0644'
# step2 - add some options to the file
- name: add some options to vimrc.local
lineinfile:
path: "{{ path_vimrclocal }}"
line: "{{item.line}}"
state: present
with_items:
- line: syntax on
- line: set showcmd
- line: set showmatch
- line: set ignorecase
- line: set smartcase
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Add message to MOTD
- name: add motd message
copy:
src: mymotd.sh
dest: "{{ path_motd_script }}"
mode: '0644'
owner: root
group: root
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

15
roles/config-base-debian-os/vars/main.yaml
View File

@ -1,15 +0,0 @@
---
exim_configuration_file: /etc/exim4/update-exim4.conf.conf
exim_daemon: exim4
user_grub: admin
code_grub: grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE2229139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA3857B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7
nslcd_daemon: nslcd
bindpw_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30343461633538323832316231383362626636653864353535346461353937313131336135396162
3866623238353638323961363239373236393339333134380a313561363030306165393965396234
65316535626434333331633438613639633163643765633064363833303461363834653864646464
3133313233353730620a343536316266393637623563313563613332646630643632366439343764
30383935303161646339393361393130613266663337373364626635646430326465
path_vimrclocal: /etc/vim/vimrc.local
path_motd_script: /etc/profile.d/mymotd.sh