diff --git a/roles/config-base-debian-os/defaults/main.yaml b/roles/config-base-debian-os/defaults/main.yaml deleted file mode 100644 index 1df9485..0000000 --- a/roles/config-base-debian-os/defaults/main.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -exim_dc_eximconfig_configtype: satellite -dc_other_hostnames: "{{ ansible_nodename }}" -dc_local_interfaces: 127.0.0.1 -dc_readhost: "{{ ansible_nodename }}" -dc_relay_domains: "" -dc_minimaldns: false -dc_relay_nets: "" -dc_smarthost: smtp.verdnatura.es -CFILEMODE: 644 -dc_use_split_config: false -dc_hide_mailname: true -dc_mailname_in_oh: true -dc_localdelivery: mail_spool \ No newline at end of file diff --git a/roles/config-base-debian-os/files/mymotd.sh b/roles/config-base-debian-os/files/mymotd.sh deleted file mode 100644 index f2693f2..0000000 --- a/roles/config-base-debian-os/files/mymotd.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -GREEN="\033[0;32m" -WHITE="\033[0;37m" -RED='\033[0;31m' -RESET="\033[0m" -#LAST_LOGIN_USER=$(lastlog | tail -n 1 | awk '{print $1}') -LAST_LOGIN_USER=$(last |head -n +2 | tail -n 1 | awk '{ print $1 }') -#LAST_LOGIN_TIME_HOUR=$(lastlog | tail -n 1 | awk '{print $4" "$5" "$6" "$7}') -LAST_LOGIN_TIME_HOUR=$(last |head -n +2 | tail -n 1 | awk '{ print $4" "$5" "$6" "$7" "$8" "$9 }') -#LAST_LOGIN_IP_FROM_USER=$(lastlog | tail -n 1 | awk '{print $3}') -LAST_LOGIN_IP_FROM_USER=$(last |head -n +2 | tail -n 1 | awk '{ print $3 }') -UPTIME_SYSTEM=$(uptime -p | tr -d ',') -NUMBER_USERS_CONNECTED=$(uptime | awk '{print $5" "$6}' | tr -d ",") -LIST_USERS_CONNECTED=$(w | tail -n +2) -KERNEL=$(uname -r) -PACKAGES=$(dpkg -l | tail -n +6 | wc -l) -SHELL=$(dpkg -l | grep bash | head -n 1 | awk '{ print $2 }') -BASH_VERSION_NUMBER=$(echo $BASH_VERSION | cut -c -6) -IP_LIST=$(for i in $(ip a | grep inet | grep -v "::" | awk {'print $2'}); do echo -e "ip -> $i"; done) -source /etc/os-release -echo -e "****************************************************************************" -echo -e "${WHITE} _${RESET}" -echo -e "${WHITE} | |${RESET}${GREEN} _${RESET}" -echo -e "${WHITE} _ _ ____ ____ _ | |${RESET}${GREEN} ____ ____| |_ _ _ ____ ____${RESET}" -echo -e "${WHITE}| | | / _ )/ ___) || |${RESET}${GREEN}| _ \ / _ | _) | | |/ ___) _ |${RESET}" -echo -e "${WHITE} \ V ( (/ /| | ( (_| |${RESET}${GREEN}| | | ( ( | | |_| |_| | | ( ( | |${RESET}" -echo -e "${WHITE} \_/ \____)_| \____|${RESET}${GREEN}|_| |_|\_||_|\___)____|_| \_||_|${RESET}" -echo -e "" -echo -e "${RED}Host:${RESET} $HOSTNAME" -echo -e "${RED}OS:${RESET} $PRETTY_NAME" -echo -e "${RED}IP:${RESET}\n$IP_LIST" -echo -e "${RED}Kernel:${RESET} $KERNEL" -echo -e "${RED}Packages:${RESET} $PACKAGES" -echo -e "${RED}Shell:${RESET} $SHELL $BASH_VERSION_NUMBER" -echo -e "${RED}Last Login:${RESET}\nUser -> $LAST_LOGIN_USER\nTime -> $LAST_LOGIN_TIME_HOUR\nIP -> $LAST_LOGIN_IP_FROM_USER" -echo -e "${RED}Uptime system:${RESET}\n$UPTIME_SYSTEM" -#echo -e "${RED}Number of Users connected to the system:${RESET}\n$NUMBER_USERS_CONNECTED" -echo -e "${RED}Users connected to the system:${RESET}\n$LIST_USERS_CONNECTED" -echo -e "" -echo -e "****************************************************************************" diff --git a/roles/config-base-debian-os/files/nslcd.conf b/roles/config-base-debian-os/files/nslcd.conf deleted file mode 100644 index 6d1bb91..0000000 --- a/roles/config-base-debian-os/files/nslcd.conf +++ /dev/null @@ -1,15 +0,0 @@ -# See nslcd.conf(5) for details. - -uid nslcd -gid nslcd - -uri ldap://ldap.verdnatura.es - -base dc=verdnatura,dc=es -binddn cn=nss,ou=admins,dc=verdnatura,dc=es -bindpw passwordblablabla -pagesize 500 - -filter group (&(objectClass=posixGroup)(cn=sysadmin)) -filter passwd (&(objectClass=posixAccount)(memberOf=cn=sysadmin,ou=dnGroups,dc=verdnatura,dc=es)) -pam_authz_search (&(objectClass=posixGroup)(cn=sysadmin)(memberuid=$username)) diff --git a/roles/config-base-debian-os/handlers/main.yaml b/roles/config-base-debian-os/handlers/main.yaml deleted file mode 100644 index 9cc3edf..0000000 --- a/roles/config-base-debian-os/handlers/main.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# restart exim4 service to apply changes -- name: restart exim4 - service: - name: "{{ exim_daemon }}" - state: restarted - -# restart nslcd service to apply changes -- name: restart nslcd - service: - name: "{{ nslcd_daemon }}" - state: restarted - -# update grub -- name: grub register - command: update-grub - -# update timezone -- name: update timezone - command: dpkg-reconfigure --frontend noninteractive tzdata \ No newline at end of file diff --git a/roles/config-base-debian-os/tasks/main.yaml b/roles/config-base-debian-os/tasks/main.yaml deleted file mode 100644 index 59fa600..0000000 --- a/roles/config-base-debian-os/tasks/main.yaml +++ /dev/null @@ -1,312 +0,0 @@ ---- - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# update packages -- name: update packages - apt: - name: "*" - state: latest - update_cache: true - force_apt_get: true -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# upgrade packages -- name: upgrade packages - apt: - upgrade: dist - state: latest - force_apt_get: true -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# install packages -- name: install some packages - apt: - name: "{{ item }}" - state: present - with_items: - - vim - - htop - - psmisc - - aptitude - - ncat - - nslcd - - exim4 - - usrmerge - - figlet - - rsyslog -# - iptables - - mlocate - - bind9-dnsutils - - task-spanish - - locales-all -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# DONT WORK BECAUSE THIS TASK ONLY CONFIGURE DEB PACKAGE , it needs to apply reconfigure , but dont works :( -# Reconfigure locales - enable en_US-UTF8 and es_ES-UTF8 -#- name: reconfigure locales enable en_US-UTF8 and es_ES-UTF8 -# debconf: -# name: locales -# question: locales/default_environment_locale -# value: en_US-UTF8, es_ES-UTF8 -# vtype: multiselect -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# !!! WE NEED ANSIBLE COLLECTIONS community.general to use this module 'locale_gen' -# WE ARE DOING THIS WITH ANOTHER ROLE config-locales -#- name: reconfigure locales enable es_ES.UTF-8 -# locale_gen: -# name: es_ES.UTF-8 -# state: present -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# DONT WORK BECAUSE THIS TASK ONLY CONFIGURE DEB PACKAGE , it needs to apply reconfigure , but dont works :( -# Reconfigure timezone - Europe/Madrid -#- name: reconfigure timezone Europe/Madrid -# debconf: -# name: tzdata -# question: "{{ item.question }}" -# value: "{{ item.value }}" -# vtype: select -# with_items: -# - question: "tzdata/Zones/Europe" -# value: "Madrid" -# - question: "tzdata/Areas" -# value: "Europe" -# - question: "tzdata/Zones/Etc" -# value: "UTC" -# notify: update timezone -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# !!! WE NEED ANSIBLE COLLECTIONS community.general to use this module 'timezone' -# WE ARE DOING THIS WITH ANOTHER ROLE config-tzdata -#- name: reconfigure timezone to Europe/Madrid -# timezone: -# hwclock: "UTC" -# name: "Europe/Madrid" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Reconfigure relayhost smtp to smtp.verdnatura.es -- name: reconfigure relayhost to smtp.verdnatura.es - lineinfile: - dest: "{{ exim_configuration_file }}" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: present - mode: 0644 - with_items: - - regexp: '^dc_eximconfig_configtype' - line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'" - - regexp: '^dc_other_hostnames' - line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es" - - regexp: '^dc_local_interfaces' - line: "dc_local_interfaces='{{ dc_local_interfaces }}'" - - regexp: '^dc_readhost' - line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es" - - regexp: '^dc_relay_domains' - line: "dc_relay_domains='{{ dc_relay_domains }}'" - - regexp: '^dc_minimaldns' - line: "dc_minimaldns='{{ dc_minimaldns }}'" - - regexp: '^dc_relay_nets' - line: "dc_relay_nets='{{ dc_relay_nets }}'" - - regexp: '^dc_smarthost' - line: "dc_smarthost='{{ dc_smarthost }}'" - - regexp: '^CFILEMODE' - line: "CFILEMODE='{{ CFILEMODE }}'" - - regexp: '^dc_use_split_config' - line: "dc_use_split_config='{{ dc_use_split_config }}'" - - regexp: '^dc_hide_mailname' - line: "dc_hide_mailname='{{ dc_hide_mailname }}'" - - regexp: '^dc_mailname_in_oh' - line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'" - - regexp: '^dc_localdelivery' - line: "dc_localdelivery='{{ dc_localdelivery }}'" - notify: restart exim4 - register: exim4_config -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# service should start on boot. -- name: service should start on boot - service: - name: "{{ exim_daemon }}" - enabled: yes -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# DONT WORK :( -#- name: reconfigure relayhost to smtp.verdnatura.es -# debconf: -# name: exim4-config -# question: "{{ item.name }}" -# value: "{{ item.value }}" -# vtype: string -# loop: -# - name: exim4/dc_smarthost -# value: smtp.verdnatura.es -# - name: exim4/dc_local_interfaces -# value: "" -# - name: exim4/dc_minimaldns -# value: 'false' -# - name: exim4/dc_readhost -# value: "{{ ansible_nodename }}" # var to define survey(encuesta) -# - name: exim4/dc_other_hostnames -# value: "" -# - name: exim4/dc_eximconfig_configtype -# value: "mail sent by smarthost; no local mail" -# - name: exim4/mailname -# value: "{{ ansible_nodename }}" # var to define survey(encuesta) -# - name: exim4/use_split_config -# value: 'false' -# -# generate master config -#- name: generate master config -# command: update-exim4.conf -# notify: apply reconfig -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# DONT WORK :( -# NEEDS to INSTALL more MODULES with -> ansible-galaxy collection install community.general -# -# Send mail to verify relay-host -#- name: sending mail to verify exim4 config works -# mail: -# host: smtp.verdnatura.es -# port: 465 -# subject: Verify Ansible playbook deployment exim4 -# body: Hello , this is an e-mail to verify exim4 config works on {{ ansible_facts['ansible_nodename'] }} -# to: -# - informatica@verdnatura.es -# - rubenb@verdnatura.es -# delegate_to: localhost -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Send mail to verify relay-host -# Create file with message -#- name: create file and add line -# lineinfile: -# path: /tmp/messagefileverify -# line: Verify send email from host {{ ansible_nodename }}'.verdnatura.es with mailx , bye. -# create: yes -# Send mail with module shell (shell module accepts pipes "|" , command module dont accept pipes) -- name: sending mail to verify exim4 config works - shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es sysadmin@verdnatura.es - when: exim4_config.changed -# Delete tmp file /tmp/messagefileverify -#- name: delete tmp file /tmp/messagefileverify -# file: -# path: /tmp/messagefileverify -# state: absent -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# configure centralized authentication [nslcd] -# paso1 - Copy -- name: copy file nslcd.conf - copy: - src: nslcd.conf - dest: /etc/nslcd.conf - owner: root - group: nslcd - mode: '0640' - backup: yes -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso2 - lineinfile password with vault -- name: add password with ansible vault to file nslcd.conf - lineinfile: - dest: /etc/nslcd.conf - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^bindpw" - line: "bindpw {{ bindpw_password }}" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso3 - editar lineas fichero /etc/nsswitch.conf -- name: edit file /etc/nsswitch.conf - lineinfile: - dest: /etc/nsswitch.conf - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^passwd:" - line: "passwd: files systemd ldap" - - regexp: "^group:" - line: "group: files systemd ldap" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso4 - reconfigure PAM to use LDAP -- name: reconfigure PAM to use LDAP - shell: pam-auth-update --enable ldap - notify: restart nslcd -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# service should start on boot. -- name: service should start on boot - service: - name: "{{ nslcd_daemon }}" - enabled: yes -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# configure sudo for sysadmin group -# paso1 - add sysadmin group to sudoers -- name: Add sysadmin group to sudoers - file: - path: /etc/sudoers.d/vn - state: touch - mode: u=rw,g=r,o=r -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# paso2 - add a line to /etc/sudoers.d/vn file -- name: add a line to /etc/sudoers.d/vn file - lineinfile: - path: "/etc/sudoers.d/vn" - line: "%sysadmin ALL=(ALL) NOPASSWD: ALL" -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Secure GRUB edition with password -# paso1 - Proteger grub -- name: GRUB password boot protection - blockinfile: - path: /etc/grub.d/40_custom - block: | - set superusers="{{ user_grub }}" - password_pbkdf2 {{ user_grub }} {{ code_grub }} - notify: grub register - tags: - - grub-password - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Enable VIM options -# step1 - create file vimrc.local -- name: create file vimrc.local - file: - path: "{{ path_vimrclocal }}" - state: touch - mode: '0644' -# step2 - add some options to the file -- name: add some options to vimrc.local - lineinfile: - path: "{{ path_vimrclocal }}" - line: "{{item.line}}" - state: present - with_items: - - line: syntax on - - line: set showcmd - - line: set showmatch - - line: set ignorecase - - line: set smartcase -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Add message to MOTD -- name: add motd message - copy: - src: mymotd.sh - dest: "{{ path_motd_script }}" - mode: '0644' - owner: root - group: root -#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff --git a/roles/config-base-debian-os/vars/main.yaml b/roles/config-base-debian-os/vars/main.yaml deleted file mode 100644 index b490cdd..0000000 --- a/roles/config-base-debian-os/vars/main.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -exim_configuration_file: /etc/exim4/update-exim4.conf.conf -exim_daemon: exim4 -user_grub: admin -code_grub: grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE2229139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA3857B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7 -nslcd_daemon: nslcd -bindpw_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30343461633538323832316231383362626636653864353535346461353937313131336135396162 - 3866623238353638323961363239373236393339333134380a313561363030306165393965396234 - 65316535626434333331633438613639633163643765633064363833303461363834653864646464 - 3133313233353730620a343536316266393637623563313563613332646630643632366439343764 - 30383935303161646339393361393130613266663337373364626635646430326465 -path_vimrclocal: /etc/vim/vimrc.local -path_motd_script: /etc/profile.d/mymotd.sh