diff --git a/ansible.cfg b/ansible.cfg index f917a56..e5b1de3 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -3,7 +3,7 @@ roles_path = ./roles inventory = ./hosts gathering = smart interpreter_python = auto_silent -remote_user = root +remote_user = awx-user host_key_checking = False [privilege_escalation] diff --git a/group_vars/all.yaml b/group_vars/all.yaml deleted file mode 100644 index 9414cf6..0000000 --- a/group_vars/all.yaml +++ /dev/null @@ -1,7 +0,0 @@ -awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es -resolv: - domain: verdnatura.es - search: verdnatura.es -resolvers: - - '10.0.0.4' - - '10.0.0.5' diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..9625d61 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,42 @@ +awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es +resolv: + domain: verdnatura.es + search: verdnatura.es +resolvers: + - '10.0.0.4' + - '10.0.0.5' +nslcd_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 30343461633538323832316231383362626636653864353535346461353937313131336135396162 + 3866623238353638323961363239373236393339333134380a313561363030306165393965396234 + 65316535626434333331633438613639633163643765633064363833303461363834653864646464 + 3133313233353730620a343536316266393637623563313563613332646630643632366439343764 + 30383935303161646339393361393130613266663337373364626635646430326465 +rndc_key: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 36386562613235363931396632656535383336313537636431643338353438313231623839313031 + 3830616135393732353265666664353963393366343461630a633365396165653761353762383739 + 66303862376465626435633964313237643230653463353662343831646464633639383336323863 + 6139333234386565620a653438613165626131653834633931343766343162653932373161653362 + 38303139333536656263656163623333313234393666353766363565633732366165 +radius_ldap_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31643037313539376337363739616361363339616235623433656131306539373030373731643934 + 3432656465343430366366646237326137656134346562360a306538303762313261616632643135 + 39316439653932396134646432633262326631363765643564306565636363356335653539656531 + 6234636463376364620a636133346337306437643939376531633564633737333133363065633031 + 61643731646163323636343837373761303930323961653663343135303731623133 +radius_client_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62313333666335316231396365653635356639626563613738363137383434343437393833393934 + 6439646632303536393438306234323862363532393733630a356136393539363161346631623161 + 37636365653331333735353166646164613732303035613231353237343139623137396364643637 + 3261656465336435630a666466643734373830633933613266663631343730386530633839386239 + 62623434663130363637303035363434313566376661356362663238666166343534 +awx_smtp_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 62393936623766653737356136353765336265636136616330306537393638646663326663346138 + 3631616362363163393036613564623864383365633634660a366563363836363061623566393361 + 37633364633631333130346332613235303762316435313535613664323830656363353237373561 + 3866653365636431630a303262666662376662623862663461633361333037643863353135343836 + 61383730366664353730616331666139376234313562383163613736353231666533 \ No newline at end of file diff --git a/playbooks/debian-upgrade.yaml b/playbooks/debian-upgrade.yml similarity index 70% rename from playbooks/debian-upgrade.yaml rename to playbooks/debian-upgrade.yml index de568cd..8215cb2 100644 --- a/playbooks/debian-upgrade.yaml +++ b/playbooks/debian-upgrade.yml @@ -2,4 +2,4 @@ tasks: - name: Upgrade system import_role: - name: linux-upgrade + name: debian-upgrade diff --git a/playbooks/debian.yaml b/playbooks/debian.yml similarity index 100% rename from playbooks/debian.yaml rename to playbooks/debian.yml diff --git a/playbooks/freeradius.yaml b/playbooks/freeradius.yml similarity index 100% rename from playbooks/freeradius.yaml rename to playbooks/freeradius.yml diff --git a/playbooks/nsupdate.yaml b/playbooks/nsupdate.yml similarity index 100% rename from playbooks/nsupdate.yaml rename to playbooks/nsupdate.yml diff --git a/playbooks/ping.yaml b/playbooks/ping.yml similarity index 100% rename from playbooks/ping.yaml rename to playbooks/ping.yml diff --git a/playbooks/print-facts.yaml b/playbooks/print-facts.yml similarity index 100% rename from playbooks/print-facts.yaml rename to playbooks/print-facts.yml diff --git a/playbooks/send-mail.yaml b/playbooks/send-mail.yml similarity index 100% rename from playbooks/send-mail.yaml rename to playbooks/send-mail.yml diff --git a/playbooks/test.yaml b/playbooks/test.yml similarity index 100% rename from playbooks/test.yaml rename to playbooks/test.yml diff --git a/playbooks/windows-update.yaml b/playbooks/windows-update.yml similarity index 100% rename from playbooks/windows-update.yaml rename to playbooks/windows-update.yml diff --git a/roles/linux-relayhost/defaults/main.yaml b/roles/debian-base/defaults/main.yaml similarity index 100% rename from roles/linux-relayhost/defaults/main.yaml rename to roles/debian-base/defaults/main.yaml diff --git a/roles/linux-motd/files/90-vn b/roles/debian-base/files/motd similarity index 100% rename from roles/linux-motd/files/90-vn rename to roles/debian-base/files/motd diff --git a/roles/linux-nrpe/files/90-vn.cfg b/roles/debian-base/files/nrpe.cfg similarity index 100% rename from roles/linux-nrpe/files/90-vn.cfg rename to roles/debian-base/files/nrpe.cfg diff --git a/roles/linux-profile/files/vn.sh b/roles/debian-base/files/profile.sh similarity index 100% rename from roles/linux-profile/files/vn.sh rename to roles/debian-base/files/profile.sh diff --git a/roles/linux-tzdata/files/set_timezone.sh b/roles/debian-base/files/set-timezone.sh similarity index 100% rename from roles/linux-tzdata/files/set_timezone.sh rename to roles/debian-base/files/set-timezone.sh diff --git a/roles/linux-sudoers/files/vn b/roles/debian-base/files/sudoers similarity index 100% rename from roles/linux-sudoers/files/vn rename to roles/debian-base/files/sudoers diff --git a/roles/linux-ntp/files/timesync b/roles/debian-base/files/timesync similarity index 100% rename from roles/linux-ntp/files/timesync rename to roles/debian-base/files/timesync diff --git a/roles/linux-vim/files/vimrc.local b/roles/debian-base/files/vimrc.local similarity index 100% rename from roles/linux-vim/files/vimrc.local rename to roles/debian-base/files/vimrc.local diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml new file mode 100644 index 0000000..524348c --- /dev/null +++ b/roles/debian-base/handlers/main.yml @@ -0,0 +1,21 @@ +- name: restart-timesyncd + service: + name: systemd-timesyncd + state: restarted +- name: restart-exim + service: + name: exim4 + state: restarted +- name: restart-ssh + service: + name: ssh + state: restarted +- name: restart-fail2ban + service: + name: fail2ban + state: restarted +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted + diff --git a/roles/linux-bacula/tasks/main.yaml b/roles/debian-base/tasks/bacula.yml similarity index 85% rename from roles/linux-bacula/tasks/main.yaml rename to roles/debian-base/tasks/bacula.yml index 88f96de..a786645 100644 --- a/roles/linux-bacula/tasks/main.yaml +++ b/roles/debian-base/tasks/bacula.yml @@ -1,4 +1,4 @@ -- name: Install packages +- name: Install Bacula FD packages apt: name: bacula-fd state: present @@ -14,7 +14,7 @@ group: bacula mode: '0640' backup: true -- name: Restart service +- name: Restart Bacula FD service service: name: bacula-fd state: restarted diff --git a/roles/linux-fail2ban/tasks/main.yaml b/roles/debian-base/tasks/fail2ban.yml similarity index 76% rename from roles/linux-fail2ban/tasks/main.yaml rename to roles/debian-base/tasks/fail2ban.yml index 8b2aacc..f1a7042 100644 --- a/roles/linux-fail2ban/tasks/main.yaml +++ b/roles/debian-base/tasks/fail2ban.yml @@ -1,11 +1,11 @@ -- name: Install packages +- name: Install fail2ban packages apt: name: fail2ban state: present loop: - fail2ban - rsyslog -- name: Configure service +- name: Configure fail2ban service template: src: jail.local.j2 dest: /etc/fail2ban/jail.local diff --git a/roles/debian-base/tasks/install.yml b/roles/debian-base/tasks/install.yml new file mode 100644 index 0000000..e02d485 --- /dev/null +++ b/roles/debian-base/tasks/install.yml @@ -0,0 +1,10 @@ +- name: Install base packages + apt: + name: "{{ item }}" + state: present + with_items: + - htop + - psmisc + - bash-completion + - screen + - aptitude \ No newline at end of file diff --git a/roles/linux-locale/tasks/main.yaml b/roles/debian-base/tasks/locale.yml similarity index 100% rename from roles/linux-locale/tasks/main.yaml rename to roles/debian-base/tasks/locale.yml diff --git a/roles/debian-base/tasks/main.yaml b/roles/debian-base/tasks/main.yaml deleted file mode 100644 index ee0a9c0..0000000 --- a/roles/debian-base/tasks/main.yaml +++ /dev/null @@ -1,22 +0,0 @@ -- name: Install base packages - apt: - name: "{{ item }}" - state: present - with_items: - - htop - - psmisc - - bash-completion - - screen - - aptitude -- include_role: - name: linux-sudoers -- include_role: - name: linux-motd -- include_role: - name: linux-profile -- include_role: - name: linux-vim -- include_role: - name: linux-locale -- include_role: - name: linux-nrpe \ No newline at end of file diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml new file mode 100644 index 0000000..ed03574 --- /dev/null +++ b/roles/debian-base/tasks/main.yml @@ -0,0 +1,8 @@ +- import_tasks: install.yml +- import_tasks: sudoers.yml +- import_tasks: motd.yml +- import_tasks: profile.yml +- import_tasks: vim.yml +- import_tasks: locale.yml +- import_tasks: tzdata.yml +- import_tasks: nrpe.yml diff --git a/roles/linux-motd/tasks/main.yaml b/roles/debian-base/tasks/motd.yml similarity index 65% rename from roles/linux-motd/tasks/main.yaml rename to roles/debian-base/tasks/motd.yml index 7a7ec8f..a51f73b 100644 --- a/roles/linux-motd/tasks/main.yaml +++ b/roles/debian-base/tasks/motd.yml @@ -1,7 +1,7 @@ - name: Copy MOTD configuration file copy: - src: 90-vn - dest: "/etc/update-motd.d/" + src: motd + dest: /etc/update-motd.d/90-vn mode: '755' owner: root group: root diff --git a/roles/linux-nrpe/tasks/main.yaml b/roles/debian-base/tasks/nrpe.yml similarity index 72% rename from roles/linux-nrpe/tasks/main.yaml rename to roles/debian-base/tasks/nrpe.yml index 25b4c1d..b76f672 100644 --- a/roles/linux-nrpe/tasks/main.yaml +++ b/roles/debian-base/tasks/nrpe.yml @@ -1,19 +1,19 @@ -- name: Install packages +- name: Install NRPE packages apt: name: "{{ item }}" state: present loop: - nagios-nrpe-server - nagios-plugins-contrib -- name: Set generic configuration +- name: Set NRPE generic configuration copy: - src: 90-vn.cfg + src: nrpe.cfg dest: /etc/nagios/nrpe.d/90-vn.cfg owner: root group: root mode: '0644' notify: restart-nrpe -- name: Create local configuration file +- name: Create NRPE local configuration file file: path: /etc/nagios/nrpe.d/99-local.cfg state: touch diff --git a/roles/linux-profile/tasks/main.yaml b/roles/debian-base/tasks/profile.yml similarity index 64% rename from roles/linux-profile/tasks/main.yaml rename to roles/debian-base/tasks/profile.yml index d6ca52e..65a7b53 100644 --- a/roles/linux-profile/tasks/main.yaml +++ b/roles/debian-base/tasks/profile.yml @@ -1,7 +1,7 @@ - name: Copy profile configuration file copy: - src: vn.sh - dest: "/etc/profile.d/" + src: profile.sh + dest: "/etc/profile.d/vn.sh" mode: '644' owner: root group: root diff --git a/roles/linux-relayhost/tasks/main.yaml b/roles/debian-base/tasks/relayhost.yml similarity index 98% rename from roles/linux-relayhost/tasks/main.yaml rename to roles/debian-base/tasks/relayhost.yml index db2c7f2..1af0549 100644 --- a/roles/linux-relayhost/tasks/main.yaml +++ b/roles/debian-base/tasks/relayhost.yml @@ -1,4 +1,4 @@ -- name: Install packages +- name: Install exim packages apt: name: exim4 state: present diff --git a/roles/linux-root/tasks/main.yaml b/roles/debian-base/tasks/root.yaml similarity index 100% rename from roles/linux-root/tasks/main.yaml rename to roles/debian-base/tasks/root.yaml diff --git a/roles/linux-sudoers/tasks/main.yaml b/roles/debian-base/tasks/sudoers.yml similarity index 78% rename from roles/linux-sudoers/tasks/main.yaml rename to roles/debian-base/tasks/sudoers.yml index f512867..83bee94 100644 --- a/roles/linux-sudoers/tasks/main.yaml +++ b/roles/debian-base/tasks/sudoers.yml @@ -4,8 +4,8 @@ state: present - name: Copy sudoers configuration file copy: - src: vn - dest: "/etc/sudoers.d/" + src: sudoers + dest: "/etc/sudoers.d/vn" mode: u=rw,g=r owner: root group: root diff --git a/roles/linux-ntp/tasks/main.yaml b/roles/debian-base/tasks/tymesyncd.yml similarity index 100% rename from roles/linux-ntp/tasks/main.yaml rename to roles/debian-base/tasks/tymesyncd.yml diff --git a/roles/linux-tzdata/tasks/main.yaml b/roles/debian-base/tasks/tzdata.yml similarity index 55% rename from roles/linux-tzdata/tasks/main.yaml rename to roles/debian-base/tasks/tzdata.yml index 60872cf..f5e34a8 100644 --- a/roles/linux-tzdata/tasks/main.yaml +++ b/roles/debian-base/tasks/tzdata.yml @@ -1,2 +1,2 @@ - name: Configure the time zone - script: set_timezone.sh + script: set-timezone.sh diff --git a/roles/linux-vim/tasks/main.yaml b/roles/debian-base/tasks/vim.yml similarity index 100% rename from roles/linux-vim/tasks/main.yaml rename to roles/debian-base/tasks/vim.yml diff --git a/roles/debian-base/tasks/vn-repo.yml b/roles/debian-base/tasks/vn-repo.yml new file mode 100644 index 0000000..c0fdfff --- /dev/null +++ b/roles/debian-base/tasks/vn-repo.yml @@ -0,0 +1,12 @@ +- name: Download vn-host Debian package + get_url: + url: "{{ vn_host.url }}/{{ vn_host.package }}" + dest: "/tmp/{{ vn_host.package }}" + mode: '0644' +- name: Install package + apt: + deb: "/tmp/{{ vn_host.package }}" +- name: Delete package + file: + path: "/tmp/{{ vn_host.package }}" + state: absent diff --git a/roles/linux-bacula/files/bacula-fd.conf.jd2 b/roles/debian-base/templates/bacula-fd.conf.j2 similarity index 88% rename from roles/linux-bacula/files/bacula-fd.conf.jd2 rename to roles/debian-base/templates/bacula-fd.conf.j2 index 5f02660..e205166 100644 --- a/roles/linux-bacula/files/bacula-fd.conf.jd2 +++ b/roles/debian-base/templates/bacula-fd.conf.j2 @@ -1,10 +1,10 @@ Director { Name = bacula-dir - Password = "$FDPASSWD" + Password = "{{ FDPASSWD }}" } Director { Name = bacula-mon - Password = "$FDMPASSWD" + Password = "{{ FDMPASSWD }}" Monitor = yes } FileDaemon { diff --git a/roles/linux-fail2ban/templates/jail.local.j2 b/roles/debian-base/templates/jail.local.j2 similarity index 100% rename from roles/linux-fail2ban/templates/jail.local.j2 rename to roles/debian-base/templates/jail.local.j2 diff --git a/roles/linux-fail2ban/vars/main.yaml b/roles/debian-base/vars/main.yml similarity index 53% rename from roles/linux-fail2ban/vars/main.yaml rename to roles/debian-base/vars/main.yml index dc675b0..a0b2eab 100644 --- a/roles/linux-fail2ban/vars/main.yaml +++ b/roles/debian-base/vars/main.yml @@ -3,3 +3,6 @@ fail2ban: bantime: 600 maxretry: 4 ignore: 127.0.0.0/8 10.0.0.0/16 +vn_host: + url: http://apt.verdnatura.es/pool/main/v/vn-host + package: vn-host_2.0.2_all.deb diff --git a/roles/linux-auth/files/nslcd.conf b/roles/debian-guest/files/nslcd.conf similarity index 94% rename from roles/linux-auth/files/nslcd.conf rename to roles/debian-guest/files/nslcd.conf index 0a12872..858edce 100644 --- a/roles/linux-auth/files/nslcd.conf +++ b/roles/debian-guest/files/nslcd.conf @@ -8,7 +8,7 @@ idle_timelimit 60 base dc=verdnatura,dc=es binddn cn=nss,ou=admins,dc=verdnatura,dc=es -bindpw passwordblablabla +bindpw password pagesize 500 filter group (&(objectClass=posixGroup)(cn=sysadmin)) diff --git a/roles/linux-auth/tasks/main.yaml b/roles/debian-guest/tasks/auth.yml similarity index 93% rename from roles/linux-auth/tasks/main.yaml rename to roles/debian-guest/tasks/auth.yml index da30777..d576a73 100644 --- a/roles/linux-auth/tasks/main.yaml +++ b/roles/debian-guest/tasks/auth.yml @@ -19,7 +19,7 @@ state: present with_items: - regexp: "^bindpw" - line: "bindpw {{ bindpw_password }}" + line: "bindpw {{ nslcd_password }}" - name: Configure nsswitch to use NSLCD lineinfile: dest: /etc/nsswitch.conf diff --git a/roles/debian-guest/tasks/main.yaml b/roles/debian-guest/tasks/main.yaml deleted file mode 100644 index e1125c9..0000000 --- a/roles/debian-guest/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- include_role: - name: linux-auth - when: false diff --git a/roles/debian-guest/tasks/main.yml b/roles/debian-guest/tasks/main.yml new file mode 100644 index 0000000..3245538 --- /dev/null +++ b/roles/debian-guest/tasks/main.yml @@ -0,0 +1,2 @@ +- include_tasks: auth.yml + when: false diff --git a/roles/linux-autofs/files/auto.homes b/roles/debian-qemu/files/auto.homes similarity index 100% rename from roles/linux-autofs/files/auto.homes rename to roles/debian-qemu/files/auto.homes diff --git a/roles/linux-autofs/files/homes.autofs b/roles/debian-qemu/files/homes.autofs similarity index 100% rename from roles/linux-autofs/files/homes.autofs rename to roles/debian-qemu/files/homes.autofs diff --git a/roles/debian-qemu/tasks/agent.yml b/roles/debian-qemu/tasks/agent.yml new file mode 100644 index 0000000..db2b4ee --- /dev/null +++ b/roles/debian-qemu/tasks/agent.yml @@ -0,0 +1,4 @@ +- name: Install QEMU guest agent + apt: + name: qemu-guest-agent + state: present diff --git a/roles/linux-autofs/handlers/main.yaml b/roles/debian-qemu/tasks/autofs.yml similarity index 100% rename from roles/linux-autofs/handlers/main.yaml rename to roles/debian-qemu/tasks/autofs.yml diff --git a/roles/debian-qemu/tasks/main.yaml b/roles/debian-qemu/tasks/hotplug.yml similarity index 82% rename from roles/debian-qemu/tasks/main.yaml rename to roles/debian-qemu/tasks/hotplug.yml index cab7e7f..4dc9a34 100644 --- a/roles/debian-qemu/tasks/main.yaml +++ b/roles/debian-qemu/tasks/hotplug.yml @@ -1,7 +1,3 @@ -- name: Install QEMU guest agent - apt: - name: qemu-guest-agent - state: present - name: Configure udev hotplug rules copy: src: 80-hotplug-cpu-mem.rules diff --git a/roles/debian-qemu/tasks/main.yml b/roles/debian-qemu/tasks/main.yml new file mode 100644 index 0000000..3820ce9 --- /dev/null +++ b/roles/debian-qemu/tasks/main.yml @@ -0,0 +1,3 @@ +- import_tasks: agent.yml +- import_tasks: hotplug.yml +- import_tasks: autofs.yml diff --git a/roles/debian-qemu/vars/main.yml b/roles/debian-qemu/vars/main.yml new file mode 100644 index 0000000..05ae960 --- /dev/null +++ b/roles/debian-qemu/vars/main.yml @@ -0,0 +1 @@ +homes_path: /mnt/homes diff --git a/roles/linux-upgrade/tasks/main.yaml b/roles/debian-upgrade/tasks/main.yaml similarity index 100% rename from roles/linux-upgrade/tasks/main.yaml rename to roles/debian-upgrade/tasks/main.yaml diff --git a/roles/freeradius/tasks/main.yaml b/roles/freeradius/tasks/main.yaml deleted file mode 100644 index c3c8dc0..0000000 --- a/roles/freeradius/tasks/main.yaml +++ /dev/null @@ -1,156 +0,0 @@ -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# Install and configure FREERADIUS TOTP -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# install packages if there are not present in the system -- name: install packagesfor freeradiusotp if is not in the system - apt: - name: "{{ item }}" - state: present - with_items: - - freeradius - - freeradius-ldap - - libpam-google-authenticator - - python3-qrcode - - zip - - mutt -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config symbolic files to enable modules -- name: create a symbolic link - ansible.builtin.file: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: freerad - group: freerad - state: link - force: yes - loop: -# - { src: '"{{ freeradius_mods_enabled_folder }}"ldap', dest: '"{{ freeradius_mods_available_folder }}"ldap' } -# - { src: '"{{ freeradius_mods_enabled_folder }}"pam', dest: '"{{ freeradius_mods_available_folder }}"pam' } - - { src: '{{ freeradius_mods_available_folder }}ldap', dest: '{{ freeradius_mods_enabled_folder }}ldap' } - - { src: '{{ freeradius_mods_available_folder }}pam', dest: '{{ freeradius_mods_enabled_folder }}pam' } -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/sites-enabled/default -- name: config default file - ansible.builtin.template: - src: default.j2 - dest: "{{ freeradius_default_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/mods-available/ldap -#- name: config ldap file -# ansible.builtin.template: -# src: ldap.j2 -# dest: "{{ freeradius_mod_ldap }}" -# owner: freerad -# group: freerad -# mode: '0640' -# backup: yes -# paso1 - copy -- name: copy file ldap - copy: - src: ldap - dest: "{{ freeradius_mod_ldap }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# paso2 - lineinfile password with vault -- name: add password with ansible vault to file ldap - lineinfile: - dest: "{{ freeradius_mod_ldap }}" - regexp: "{{item.regexp}}" - line: "{{item.line}}" - state: present - with_items: - - regexp: "^ password =" - line: " password = {{ bindradiusldap_password }}" -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/dictionary -- name: config dictionary file - ansible.builtin.template: - src: dictionary.j2 - dest: "{{ freeradius_dictionary_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/clients.conf -- name: config clients.conf file - ansible.builtin.template: - src: clients.j2 - dest: "{{ freeradius_clients_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/policy.d/filter -- name: config filter file - ansible.builtin.template: - src: filter.j2 - dest: "{{ freeradius_filter_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/freeradius/3.0/radiusd.conf -- name: config radius.conf file - ansible.builtin.template: - src: radiusd.j2 - dest: "{{ freeradius_base_config }}" - owner: freerad - group: freerad - mode: '0640' - backup: yes - notify: restart freeradius -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /etc/pam.d/radiusd -- name: config pam radiusd file - ansible.builtin.template: - src: radiusdpam.j2 - dest: "{{ freeradius_pam_config }}" - owner: root - group: root - mode: '0644' -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# config default file /lib/systemd/system/freeradius.service -- name: config freeradius systemd service file - ansible.builtin.template: - src: freeradiusservice.j2 - dest: "{{ freeradius_service_config }}" - owner: root - group: root - mode: '0644' -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -# force systemd to reread configs -- name: Just force systemd to reread configs (2.4 and above) - ansible.builtin.systemd_service: - daemon_reload: true -# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ \ No newline at end of file diff --git a/roles/freeradius/tasks/main.yml b/roles/freeradius/tasks/main.yml new file mode 100644 index 0000000..78a9f2a --- /dev/null +++ b/roles/freeradius/tasks/main.yml @@ -0,0 +1,97 @@ +- name: Install packagesfor freeradiusotp + apt: + name: "{{ item }}" + state: present + with_items: + - freeradius + - freeradius-ldap + - libpam-google-authenticator + - python3-qrcode + - zip + - mutt +- name: Create a symbolic link + ansible.builtin.file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: freerad + group: freerad + state: link + force: yes + loop: + - { src: '{{ freeradius_mods_available_folder }}ldap', dest: '{{ freeradius_mods_enabled_folder }}ldap' } + - { src: '{{ freeradius_mods_available_folder }}pam', dest: '{{ freeradius_mods_enabled_folder }}pam' } +- name: config default file + ansible.builtin.template: + src: default.j2 + dest: "{{ freeradius_default_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Copy LDAP file + copy: + src: ldap + dest: "{{ freeradius_mod_ldap }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Add password to LDAP file + lineinfile: + dest: "{{ freeradius_mod_ldap }}" + regexp: "{{item.regexp}}" + line: "{{item.line}}" + state: present + with_items: + - regexp: "^ password =" + line: " password = {{ radius_ldap_password }}" +- name: Config dictionary file + ansible.builtin.template: + src: dictionary.j2 + dest: "{{ freeradius_dictionary_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Config clients.conf file + ansible.builtin.template: + src: clients.j2 + dest: "{{ freeradius_clients_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Config filter file + ansible.builtin.template: + src: filter.j2 + dest: "{{ freeradius_filter_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes +- name: Config radius.conf file + ansible.builtin.template: + src: radiusd.j2 + dest: "{{ freeradius_base_config }}" + owner: freerad + group: freerad + mode: '0640' + backup: yes + notify: restart freeradius +- name: Config pam radiusd file + ansible.builtin.template: + src: radiusdpam.j2 + dest: "{{ freeradius_pam_config }}" + owner: root + group: root + mode: '0644' +- name: Config freeradius systemd service file + ansible.builtin.template: + src: freeradiusservice.j2 + dest: "{{ freeradius_service_config }}" + owner: root + group: root + mode: '0644' +- name: Just force systemd to reread configs (2.4 and above) + ansible.builtin.systemd_service: + daemon_reload: true diff --git a/roles/freeradius/templates/clients.j2 b/roles/freeradius/templates/clients.j2 index 0e865ae..fc6b9b3 100644 --- a/roles/freeradius/templates/clients.j2 +++ b/roles/freeradius/templates/clients.j2 @@ -1,4 +1,4 @@ client opnsense { ipaddr = 0.0.0.0/0 - secret = {{ bindradiusclient_password }} + secret = {{ radius_client_password }} } \ No newline at end of file diff --git a/roles/freeradius/vars/main.yaml b/roles/freeradius/vars/main.yaml index 53ea0da..5d83bfc 100644 --- a/roles/freeradius/vars/main.yaml +++ b/roles/freeradius/vars/main.yaml @@ -1,5 +1,3 @@ ---- -# vars file freeradius_base_folder: /etc/freeradius/3.0/ freeradius_mods_available_folder: "{{ freeradius_base_folder }}mods-available/" freeradius_mods_enabled_folder: "{{ freeradius_base_folder }}mods-enabled/" @@ -11,19 +9,5 @@ freeradius_clients_config: "{{ freeradius_base_folder }}clients.conf" freeradius_mod_ldap: "{{ freeradius_mods_available_folder }}ldap" freeradius_filter_config: "{{ freeradius_base_folder }}policy.d/filter" freeradius_daemon: freeradius -bindradiusldap_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31643037313539376337363739616361363339616235623433656131306539373030373731643934 - 3432656465343430366366646237326137656134346562360a306538303762313261616632643135 - 39316439653932396134646432633262326631363765643564306565636363356335653539656531 - 6234636463376364620a636133346337306437643939376531633564633737333133363065633031 - 61643731646163323636343837373761303930323961653663343135303731623133 -bindradiusclient_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62313333666335316231396365653635356639626563613738363137383434343437393833393934 - 6439646632303536393438306234323862363532393733630a356136393539363161346631623161 - 37636365653331333735353166646164613732303035613231353237343139623137396364643637 - 3261656465336435630a666466643734373830633933613266663631343730386530633839386239 - 62623434663130363637303035363434313566376661356362663238666166343534 freeradius_pam_config: /etc/pam.d/radiusd freeradius_service_config: /lib/systemd/system/freeradius.service diff --git a/roles/linux-auth/vars/main.yaml b/roles/linux-auth/vars/main.yaml deleted file mode 100644 index 1bc5a44..0000000 --- a/roles/linux-auth/vars/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ -bindpw_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30343461633538323832316231383362626636653864353535346461353937313131336135396162 - 3866623238353638323961363239373236393339333134380a313561363030306165393965396234 - 65316535626434333331633438613639633163643765633064363833303461363834653864646464 - 3133313233353730620a343536316266393637623563313563613332646630643632366439343764 - 30383935303161646339393361393130613266663337373364626635646430326465 diff --git a/roles/linux-autofs/tasks/main.yaml b/roles/linux-autofs/tasks/main.yaml deleted file mode 100644 index bfdb347..0000000 --- a/roles/linux-autofs/tasks/main.yaml +++ /dev/null @@ -1,38 +0,0 @@ -- name: Install packages for autofs - apt: - name: "{{ item }}" - state: present - with_items: - - nfs-common - - autofs - - libnfs-utils - - autofs-ldap -- name: Create homes directory - ansible.builtin.file: - path: "{{ path_mnt_homes }}" - state: directory - mode: '0755' -- name: Configure nsswitch - lineinfile: - path: /etc/nsswitch.conf - line: "automount: files" - notify: restart nslcd -- name: Add file homes.autofs configured to autofs - copy: - src: homes.autofs - dest: /etc/auto.master.d/homes.autofs - owner: root - group: root - mode: '0644' -- name: Add file /etc/auto.homes configured to the systemd - copy: - src: auto.homes - dest: /etc/auto.homes - owner: root - group: root - mode: '0644' - notify: restart autofs -- name: Service autofs service - service: - name: autofs - enabled: yes diff --git a/roles/linux-autofs/vars/main.yaml b/roles/linux-autofs/vars/main.yaml deleted file mode 100644 index 71f712c..0000000 --- a/roles/linux-autofs/vars/main.yaml +++ /dev/null @@ -1 +0,0 @@ -path_mnt_homes: /mnt/homes diff --git a/roles/linux-fail2ban/handlers/main.yaml b/roles/linux-fail2ban/handlers/main.yaml deleted file mode 100644 index d5fc7c4..0000000 --- a/roles/linux-fail2ban/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart-fail2ban - service: - name: fail2ban - state: restarted diff --git a/roles/linux-hostname/tasks/main.yaml b/roles/linux-hostname/tasks/main.yml similarity index 100% rename from roles/linux-hostname/tasks/main.yaml rename to roles/linux-hostname/tasks/main.yml diff --git a/roles/linux-nrpe/handlers/main.yaml b/roles/linux-nrpe/handlers/main.yaml deleted file mode 100644 index 0399734..0000000 --- a/roles/linux-nrpe/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart-nrpe - service: - name: nagios-nrpe-server - state: restarted diff --git a/roles/linux-ntp/handlers/main.yaml b/roles/linux-ntp/handlers/main.yaml deleted file mode 100644 index 530fefe..0000000 --- a/roles/linux-ntp/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart systemd-timesyncd - service: - name: systemd-timesyncd - state: restarted \ No newline at end of file diff --git a/roles/linux-relayhost/handlers/main.yaml b/roles/linux-relayhost/handlers/main.yaml deleted file mode 100644 index 21e507a..0000000 --- a/roles/linux-relayhost/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart-exim - service: - name: exim4 - state: restarted \ No newline at end of file diff --git a/roles/linux-root/handlers/main.yaml b/roles/linux-root/handlers/main.yaml deleted file mode 100644 index 4ca2b3a..0000000 --- a/roles/linux-root/handlers/main.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Restart SSH service - service: - name: ssh - state: restarted \ No newline at end of file diff --git a/roles/linux-secure-grub/handlers/main.yaml b/roles/linux-secure-grub/handlers/main.yml similarity index 100% rename from roles/linux-secure-grub/handlers/main.yaml rename to roles/linux-secure-grub/handlers/main.yml diff --git a/roles/linux-secure-grub/tasks/main.yaml b/roles/linux-secure-grub/tasks/main.yml similarity index 100% rename from roles/linux-secure-grub/tasks/main.yaml rename to roles/linux-secure-grub/tasks/main.yml diff --git a/roles/linux-vn-repo/tasks/main.yaml b/roles/linux-vn-repo/tasks/main.yaml deleted file mode 100644 index d515adf..0000000 --- a/roles/linux-vn-repo/tasks/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- name: Download vn-host Debian package - get_url: - url: "{{ repo_url }}" - dest: "{{ package_path }}" - mode: '0644' -- name: Install package - apt: - deb: "{{ package_path }}" -- name: Delete package - file: - path: "{{ package_path }}" - state: absent diff --git a/roles/linux-vn-repo/vars/main.yaml b/roles/linux-vn-repo/vars/main.yaml deleted file mode 100644 index a66fb2a..0000000 --- a/roles/linux-vn-repo/vars/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ -repo_url: http://apt.verdnatura.es/pool/main/v/vn-host/vn-host_2.0.2_all.deb -package_path: /tmp/vn-host_2.0.2_all.deb diff --git a/roles/nsupdate/meta/main.yaml b/roles/nsupdate/meta/main.yml similarity index 100% rename from roles/nsupdate/meta/main.yaml rename to roles/nsupdate/meta/main.yml diff --git a/roles/nsupdate/tasks/main.yaml b/roles/nsupdate/tasks/main.yml similarity index 87% rename from roles/nsupdate/tasks/main.yaml rename to roles/nsupdate/tasks/main.yml index f4e541c..797156d 100644 --- a/roles/nsupdate/tasks/main.yaml +++ b/roles/nsupdate/tasks/main.yml @@ -1,7 +1,7 @@ - name: Add or modify DNS records A to some IP community.general.nsupdate: key_name: "rndc-key" - key_secret: "{{ bind9secretkey_password }}" + key_secret: "{{ rndc_key }}" key_algorithm: "hmac-md5" server: "ns1.verdnatura.es" zone: "{{ zone_record }}" diff --git a/roles/nsupdate/vars/main.yaml b/roles/nsupdate/vars/main.yaml deleted file mode 100644 index 1960e50..0000000 --- a/roles/nsupdate/vars/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ -bind9secretkey_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36386562613235363931396632656535383336313537636431643338353438313231623839313031 - 3830616135393732353265666664353963393366343461630a633365396165653761353762383739 - 66303862376465626435633964313237643230653463353662343831646464633639383336323863 - 6139333234386565620a653438613165626131653834633931343766343162653932373161653362 - 38303139333536656263656163623333313234393666353766363565633732366165 diff --git a/roles/send-mail/tasks/main.yaml b/roles/send-mail/tasks/main.yml similarity index 87% rename from roles/send-mail/tasks/main.yaml rename to roles/send-mail/tasks/main.yml index 1b06a29..02b8597 100644 --- a/roles/send-mail/tasks/main.yaml +++ b/roles/send-mail/tasks/main.yml @@ -3,7 +3,7 @@ host: smtp.verdnatura.es port: 465 username: awx@verdnatura.es - password: "{{ bindsecretawx_password }}" + password: "{{ awx_smtp_password }}" to: sysadmin@verdnatura.es subject: Ansible-test body: System {{ ansible_hostname }} has been send successfully mail. diff --git a/roles/send-mail/vars/main.yaml b/roles/send-mail/vars/main.yaml deleted file mode 100644 index 3286258..0000000 --- a/roles/send-mail/vars/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ -bindsecretawx_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62393936623766653737356136353765336265636136616330306537393638646663326663346138 - 3631616362363163393036613564623864383365633634660a366563363836363061623566393361 - 37633364633631333130346332613235303762316435313535613664323830656363353237373561 - 3866653365636431630a303262666662376662623862663461633361333037643863353135343836 - 61383730366664353730616331666139376234313562383163613736353231666533