verdnatura/vn-ansible
verdnatura
/
vn-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refs #8025 Roles merged, passwords moved to global vars, rename .yaml to .yml

This commit is contained in:
Juan Ferrer 2024-09-24 09:38:05 +02:00
parent c7299d8499
commit 9868439750
74 changed files with 228 additions and 327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible.cfg
View File

@ -3,7 +3,7 @@ roles_path = ./roles
inventory = ./hosts inventory = ./hosts
gathering = smart gathering = smart
interpreter_python = auto_silent interpreter_python = auto_silent
remote_user = root remote_user = awx-user
host_key_checking = False host_key_checking = False
[privilege_escalation] [privilege_escalation]

7
group_vars/all.yaml
View File

@ -1,7 +0,0 @@
awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es
resolv:
domain: verdnatura.es
search: verdnatura.es
resolvers:
- '10.0.0.4'
- '10.0.0.5'

42
group_vars/all.yml Normal file
View File

@ -0,0 +1,42 @@
awx_pub_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjeIZVyppFK/dqOUa1PxgSeRVWk7MFmANYvSs+VHHnD4/BE//K8AxlxnyLl4e6jAcBFoIu1JLxbRKdOhx+Zgkq5OmEzp/XKzfEvnEU5CP+W2+5MwfkUQ3TetJsOoHiP/qYWPqqqfDFqNM1xs9am5Frv9BVu5pFiSO9oS14xVAlUOwnONQnRtAbuBOmMldpzxmuFY+Rs3G2MmokcOYrs5Z3TdCOG9bDGg8erzWklLW+aRYdXqMEZpwIZPcOFy6JXEyZ/9IpCLBN58IMr0RypFbgWb2Vo05iTI5j99Pzn//FgAhe6BXRyHSGOJ29hmKugt9sIY1N/H6aYqtTVR5EEIngY1XHtFywU1+qtYHMs8PB9Hl87zUkla0+S5Zn8q92y7DQFsOZ9ND6syEzWhiCP1ic3Wo76TVbuNoTW/XvgZnemx1epuOqDj9S7iGTSHMvvSop8z5hU2EQiVkgRPl4cM2fi0vF513ivq5IbCgg2VfXUOLM5E5y0TI7lzBriTtCuIk= awx@awx.verdnatura.es
resolv:
domain: verdnatura.es
search: verdnatura.es
resolvers:
- '10.0.0.4'
- '10.0.0.5'
nslcd_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30343461633538323832316231383362626636653864353535346461353937313131336135396162
3866623238353638323961363239373236393339333134380a313561363030306165393965396234
65316535626434333331633438613639633163643765633064363833303461363834653864646464
3133313233353730620a343536316266393637623563313563613332646630643632366439343764
30383935303161646339393361393130613266663337373364626635646430326465
rndc_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
36386562613235363931396632656535383336313537636431643338353438313231623839313031
3830616135393732353265666664353963393366343461630a633365396165653761353762383739
66303862376465626435633964313237643230653463353662343831646464633639383336323863
6139333234386565620a653438613165626131653834633931343766343162653932373161653362
38303139333536656263656163623333313234393666353766363565633732366165
radius_ldap_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
31643037313539376337363739616361363339616235623433656131306539373030373731643934
3432656465343430366366646237326137656134346562360a306538303762313261616632643135
39316439653932396134646432633262326631363765643564306565636363356335653539656531
6234636463376364620a636133346337306437643939376531633564633737333133363065633031
61643731646163323636343837373761303930323961653663343135303731623133
radius_client_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62313333666335316231396365653635356639626563613738363137383434343437393833393934
6439646632303536393438306234323862363532393733630a356136393539363161346631623161
37636365653331333735353166646164613732303035613231353237343139623137396364643637
3261656465336435630a666466643734373830633933613266663631343730386530633839386239
62623434663130363637303035363434313566376661356362663238666166343534
awx_smtp_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62393936623766653737356136353765336265636136616330306537393638646663326663346138
3631616362363163393036613564623864383365633634660a366563363836363061623566393361
37633364633631333130346332613235303762316435313535613664323830656363353237373561
3866653365636431630a303262666662376662623862663461633361333037643863353135343836
61383730366664353730616331666139376234313562383163613736353231666533

2
playbooks/debian-upgrade.yaml → playbooks/debian-upgrade.yml
View File

@ -2,4 +2,4 @@
tasks: tasks:
- name: Upgrade system - name: Upgrade system
import_role: import_role:
name: linux-upgrade name: debian-upgrade

0
playbooks/debian.yaml → playbooks/debian.yml
View File

0
playbooks/freeradius.yaml → playbooks/freeradius.yml
View File

0
playbooks/nsupdate.yaml → playbooks/nsupdate.yml
View File

0
playbooks/ping.yaml → playbooks/ping.yml
View File

0
playbooks/print-facts.yaml → playbooks/print-facts.yml
View File

0
playbooks/send-mail.yaml → playbooks/send-mail.yml
View File

0
playbooks/test.yaml → playbooks/test.yml
View File

0
playbooks/windows-update.yaml → playbooks/windows-update.yml
View File

0
roles/linux-relayhost/defaults/main.yaml → roles/debian-base/defaults/main.yaml
View File

0
roles/linux-motd/files/90-vn → roles/debian-base/files/motd
View File

0
roles/linux-nrpe/files/90-vn.cfg → roles/debian-base/files/nrpe.cfg
View File

0
roles/linux-profile/files/vn.sh → roles/debian-base/files/profile.sh
View File

0
roles/linux-tzdata/files/set_timezone.sh → roles/debian-base/files/set-timezone.sh
View File

0
roles/linux-sudoers/files/vn → roles/debian-base/files/sudoers
View File

0
roles/linux-ntp/files/timesync → roles/debian-base/files/timesync
View File

0
roles/linux-vim/files/vimrc.local → roles/debian-base/files/vimrc.local
View File

21
roles/debian-base/handlers/main.yml Normal file
View File

@ -0,0 +1,21 @@
- name: restart-timesyncd
service:
name: systemd-timesyncd
state: restarted
- name: restart-exim
service:
name: exim4
state: restarted
- name: restart-ssh
service:
name: ssh
state: restarted
- name: restart-fail2ban
service:
name: fail2ban
state: restarted
- name: restart-nrpe
service:
name: nagios-nrpe-server
state: restarted

4
roles/linux-bacula/tasks/main.yaml → roles/debian-base/tasks/bacula.yml
View File

@ -1,4 +1,4 @@
- name: Install packages - name: Install Bacula FD packages
apt: apt:
name: bacula-fd name: bacula-fd
state: present state: present
@ -14,7 +14,7 @@
group: bacula group: bacula
mode: '0640' mode: '0640'
backup: true backup: true
- name: Restart service - name: Restart Bacula FD service
service: service:
name: bacula-fd name: bacula-fd
state: restarted state: restarted

4
roles/linux-fail2ban/tasks/main.yaml → roles/debian-base/tasks/fail2ban.yml
View File

@ -1,11 +1,11 @@
- name: Install packages - name: Install fail2ban packages
apt: apt:
name: fail2ban name: fail2ban
state: present state: present
loop: loop:
- fail2ban - fail2ban
- rsyslog - rsyslog
- name: Configure service - name: Configure fail2ban service
template: template:
src: jail.local.j2 src: jail.local.j2
dest: /etc/fail2ban/jail.local dest: /etc/fail2ban/jail.local

10
roles/debian-base/tasks/install.yml Normal file
View File

@ -0,0 +1,10 @@
- name: Install base packages
apt:
name: "{{ item }}"
state: present
with_items:
- htop
- psmisc
- bash-completion
- screen
- aptitude

0
roles/linux-locale/tasks/main.yaml → roles/debian-base/tasks/locale.yml
View File

22
roles/debian-base/tasks/main.yaml
View File

@ -1,22 +0,0 @@
- name: Install base packages
apt:
name: "{{ item }}"
state: present
with_items:
- htop
- psmisc
- bash-completion
- screen
- aptitude
- include_role:
name: linux-sudoers
- include_role:
name: linux-motd
- include_role:
name: linux-profile
- include_role:
name: linux-vim
- include_role:
name: linux-locale
- include_role:
name: linux-nrpe

8
roles/debian-base/tasks/main.yml Normal file
View File

@ -0,0 +1,8 @@
- import_tasks: install.yml
- import_tasks: sudoers.yml
- import_tasks: motd.yml
- import_tasks: profile.yml
- import_tasks: vim.yml
- import_tasks: locale.yml
- import_tasks: tzdata.yml
- import_tasks: nrpe.yml

4
roles/linux-motd/tasks/main.yaml → roles/debian-base/tasks/motd.yml
View File

@ -1,7 +1,7 @@
- name: Copy MOTD configuration file - name: Copy MOTD configuration file
copy: copy:
src: 90-vn src: motd
dest: "/etc/update-motd.d/" dest: /etc/update-motd.d/90-vn
mode: '755' mode: '755'
owner: root owner: root
group: root group: root

8
roles/linux-nrpe/tasks/main.yaml → roles/debian-base/tasks/nrpe.yml
View File

@ -1,19 +1,19 @@
- name: Install packages - name: Install NRPE packages
apt: apt:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
loop: loop:
- nagios-nrpe-server - nagios-nrpe-server
- nagios-plugins-contrib - nagios-plugins-contrib
- name: Set generic configuration - name: Set NRPE generic configuration
copy: copy:
src: 90-vn.cfg src: nrpe.cfg
dest: /etc/nagios/nrpe.d/90-vn.cfg dest: /etc/nagios/nrpe.d/90-vn.cfg
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
notify: restart-nrpe notify: restart-nrpe
- name: Create local configuration file - name: Create NRPE local configuration file
file: file:
path: /etc/nagios/nrpe.d/99-local.cfg path: /etc/nagios/nrpe.d/99-local.cfg
state: touch state: touch

4
roles/linux-profile/tasks/main.yaml → roles/debian-base/tasks/profile.yml
View File

@ -1,7 +1,7 @@
- name: Copy profile configuration file - name: Copy profile configuration file
copy: copy:
src: vn.sh src: profile.sh
dest: "/etc/profile.d/" dest: "/etc/profile.d/vn.sh"
mode: '644' mode: '644'
owner: root owner: root
group: root group: root

2
roles/linux-relayhost/tasks/main.yaml → roles/debian-base/tasks/relayhost.yml
View File

@ -1,4 +1,4 @@
- name: Install packages - name: Install exim packages
apt: apt:
name: exim4 name: exim4
state: present state: present

0
roles/linux-root/tasks/main.yaml → roles/debian-base/tasks/root.yaml
View File

4
roles/linux-sudoers/tasks/main.yaml → roles/debian-base/tasks/sudoers.yml
View File

@ -4,8 +4,8 @@
state: present state: present
- name: Copy sudoers configuration file - name: Copy sudoers configuration file
copy: copy:
src: vn src: sudoers
dest: "/etc/sudoers.d/" dest: "/etc/sudoers.d/vn"
mode: u=rw,g=r mode: u=rw,g=r
owner: root owner: root
group: root group: root

0
roles/linux-ntp/tasks/main.yaml → roles/debian-base/tasks/tymesyncd.yml
View File

2
roles/linux-tzdata/tasks/main.yaml → roles/debian-base/tasks/tzdata.yml
View File

@ -1,2 +1,2 @@
- name: Configure the time zone - name: Configure the time zone
script: set_timezone.sh script: set-timezone.sh

0
roles/linux-vim/tasks/main.yaml → roles/debian-base/tasks/vim.yml
View File

12
roles/debian-base/tasks/vn-repo.yml Normal file
View File

@ -0,0 +1,12 @@
- name: Download vn-host Debian package
get_url:
url: "{{ vn_host.url }}/{{ vn_host.package }}"
dest: "/tmp/{{ vn_host.package }}"
mode: '0644'
- name: Install package
apt:
deb: "/tmp/{{ vn_host.package }}"
- name: Delete package
file:
path: "/tmp/{{ vn_host.package }}"
state: absent

4
roles/linux-bacula/files/bacula-fd.conf.jd2 → roles/debian-base/templates/bacula-fd.conf.j2
View File

@ -1,10 +1,10 @@
Director { Director {
Name = bacula-dir Name = bacula-dir
Password = "$FDPASSWD" Password = "{{ FDPASSWD }}"
} }
Director { Director {
Name = bacula-mon Name = bacula-mon
Password = "$FDMPASSWD" Password = "{{ FDMPASSWD }}"
Monitor = yes Monitor = yes
} }
FileDaemon { FileDaemon {

0
roles/linux-fail2ban/templates/jail.local.j2 → roles/debian-base/templates/jail.local.j2
View File

3
roles/linux-fail2ban/vars/main.yaml → roles/debian-base/vars/main.yml
View File

@ -3,3 +3,6 @@ fail2ban:
bantime: 600 bantime: 600
maxretry: 4 maxretry: 4
ignore: 127.0.0.0/8 10.0.0.0/16 ignore: 127.0.0.0/8 10.0.0.0/16
vn_host:
url: http://apt.verdnatura.es/pool/main/v/vn-host
package: vn-host_2.0.2_all.deb

2
roles/linux-auth/files/nslcd.conf → roles/debian-guest/files/nslcd.conf
View File

@ -8,7 +8,7 @@ idle_timelimit 60
base dc=verdnatura,dc=es base dc=verdnatura,dc=es
binddn cn=nss,ou=admins,dc=verdnatura,dc=es binddn cn=nss,ou=admins,dc=verdnatura,dc=es
bindpw passwordblablabla bindpw password
pagesize 500 pagesize 500
filter group (&(objectClass=posixGroup)(cn=sysadmin)) filter group (&(objectClass=posixGroup)(cn=sysadmin))

2
roles/linux-auth/tasks/main.yaml → roles/debian-guest/tasks/auth.yml
View File

@ -19,7 +19,7 @@
state: present state: present
with_items: with_items:
- regexp: "^bindpw" - regexp: "^bindpw"
line: "bindpw {{ bindpw_password }}" line: "bindpw {{ nslcd_password }}"
- name: Configure nsswitch to use NSLCD - name: Configure nsswitch to use NSLCD
lineinfile: lineinfile:
dest: /etc/nsswitch.conf dest: /etc/nsswitch.conf

3
roles/debian-guest/tasks/main.yaml
View File

@ -1,3 +0,0 @@
- include_role:
name: linux-auth
when: false

2
roles/debian-guest/tasks/main.yml Normal file
View File

@ -0,0 +1,2 @@
- include_tasks: auth.yml
when: false

0
roles/linux-autofs/files/auto.homes → roles/debian-qemu/files/auto.homes
View File

0
roles/linux-autofs/files/homes.autofs → roles/debian-qemu/files/homes.autofs
View File

4
roles/debian-qemu/tasks/agent.yml Normal file
View File

@ -0,0 +1,4 @@
- name: Install QEMU guest agent
apt:
name: qemu-guest-agent
state: present

0
roles/linux-autofs/handlers/main.yaml → roles/debian-qemu/tasks/autofs.yml
View File

4
roles/debian-qemu/tasks/main.yaml → roles/debian-qemu/tasks/hotplug.yml
View File

@ -1,7 +1,3 @@
- name: Install QEMU guest agent
apt:
name: qemu-guest-agent
state: present
- name: Configure udev hotplug rules - name: Configure udev hotplug rules
copy: copy:
src: 80-hotplug-cpu-mem.rules src: 80-hotplug-cpu-mem.rules

3
roles/debian-qemu/tasks/main.yml Normal file
View File

@ -0,0 +1,3 @@
- import_tasks: agent.yml
- import_tasks: hotplug.yml
- import_tasks: autofs.yml

1
roles/debian-qemu/vars/main.yml Normal file
View File

@ -0,0 +1 @@
homes_path: /mnt/homes

0
roles/linux-upgrade/tasks/main.yaml → roles/debian-upgrade/tasks/main.yaml
View File

156
roles/freeradius/tasks/main.yaml
View File

@ -1,156 +0,0 @@
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Install and configure FREERADIUS TOTP
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# install packages if there are not present in the system
- name: install packagesfor freeradiusotp if is not in the system
apt:
name: "{{ item }}"
state: present
with_items:
- freeradius
- freeradius-ldap
- libpam-google-authenticator
- python3-qrcode
- zip
- mutt
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config symbolic files to enable modules
- name: create a symbolic link
ansible.builtin.file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: freerad
group: freerad
state: link
force: yes
loop:
# - { src: '"{{ freeradius_mods_enabled_folder }}"ldap', dest: '"{{ freeradius_mods_available_folder }}"ldap' }
# - { src: '"{{ freeradius_mods_enabled_folder }}"pam', dest: '"{{ freeradius_mods_available_folder }}"pam' }
- { src: '{{ freeradius_mods_available_folder }}ldap', dest: '{{ freeradius_mods_enabled_folder }}ldap' }
- { src: '{{ freeradius_mods_available_folder }}pam', dest: '{{ freeradius_mods_enabled_folder }}pam' }
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/sites-enabled/default
- name: config default file
ansible.builtin.template:
src: default.j2
dest: "{{ freeradius_default_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/mods-available/ldap
#- name: config ldap file
# ansible.builtin.template:
# src: ldap.j2
# dest: "{{ freeradius_mod_ldap }}"
# owner: freerad
# group: freerad
# mode: '0640'
# backup: yes
# paso1 - copy
- name: copy file ldap
copy:
src: ldap
dest: "{{ freeradius_mod_ldap }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
# paso2 - lineinfile password with vault
- name: add password with ansible vault to file ldap
lineinfile:
dest: "{{ freeradius_mod_ldap }}"
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^ password ="
line: " password = {{ bindradiusldap_password }}"
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/dictionary
- name: config dictionary file
ansible.builtin.template:
src: dictionary.j2
dest: "{{ freeradius_dictionary_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/clients.conf
- name: config clients.conf file
ansible.builtin.template:
src: clients.j2
dest: "{{ freeradius_clients_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/policy.d/filter
- name: config filter file
ansible.builtin.template:
src: filter.j2
dest: "{{ freeradius_filter_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/freeradius/3.0/radiusd.conf
- name: config radius.conf file
ansible.builtin.template:
src: radiusd.j2
dest: "{{ freeradius_base_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
notify: restart freeradius
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /etc/pam.d/radiusd
- name: config pam radiusd file
ansible.builtin.template:
src: radiusdpam.j2
dest: "{{ freeradius_pam_config }}"
owner: root
group: root
mode: '0644'
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# config default file /lib/systemd/system/freeradius.service
- name: config freeradius systemd service file
ansible.builtin.template:
src: freeradiusservice.j2
dest: "{{ freeradius_service_config }}"
owner: root
group: root
mode: '0644'
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# force systemd to reread configs
- name: Just force systemd to reread configs (2.4 and above)
ansible.builtin.systemd_service:
daemon_reload: true
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

97
roles/freeradius/tasks/main.yml Normal file
View File

@ -0,0 +1,97 @@
- name: Install packagesfor freeradiusotp
apt:
name: "{{ item }}"
state: present
with_items:
- freeradius
- freeradius-ldap
- libpam-google-authenticator
- python3-qrcode
- zip
- mutt
- name: Create a symbolic link
ansible.builtin.file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: freerad
group: freerad
state: link
force: yes
loop:
- { src: '{{ freeradius_mods_available_folder }}ldap', dest: '{{ freeradius_mods_enabled_folder }}ldap' }
- { src: '{{ freeradius_mods_available_folder }}pam', dest: '{{ freeradius_mods_enabled_folder }}pam' }
- name: config default file
ansible.builtin.template:
src: default.j2
dest: "{{ freeradius_default_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
- name: Copy LDAP file
copy:
src: ldap
dest: "{{ freeradius_mod_ldap }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
- name: Add password to LDAP file
lineinfile:
dest: "{{ freeradius_mod_ldap }}"
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^ password ="
line: " password = {{ radius_ldap_password }}"
- name: Config dictionary file
ansible.builtin.template:
src: dictionary.j2
dest: "{{ freeradius_dictionary_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
- name: Config clients.conf file
ansible.builtin.template:
src: clients.j2
dest: "{{ freeradius_clients_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
- name: Config filter file
ansible.builtin.template:
src: filter.j2
dest: "{{ freeradius_filter_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
- name: Config radius.conf file
ansible.builtin.template:
src: radiusd.j2
dest: "{{ freeradius_base_config }}"
owner: freerad
group: freerad
mode: '0640'
backup: yes
notify: restart freeradius
- name: Config pam radiusd file
ansible.builtin.template:
src: radiusdpam.j2
dest: "{{ freeradius_pam_config }}"
owner: root
group: root
mode: '0644'
- name: Config freeradius systemd service file
ansible.builtin.template:
src: freeradiusservice.j2
dest: "{{ freeradius_service_config }}"
owner: root
group: root
mode: '0644'
- name: Just force systemd to reread configs (2.4 and above)
ansible.builtin.systemd_service:
daemon_reload: true

2
roles/freeradius/templates/clients.j2
View File

@ -1,4 +1,4 @@
client opnsense { client opnsense {
ipaddr = 0.0.0.0/0 ipaddr = 0.0.0.0/0
secret = {{ bindradiusclient_password }} secret = {{ radius_client_password }}
} }

16
roles/freeradius/vars/main.yaml
View File

@ -1,5 +1,3 @@
---
# vars file
freeradius_base_folder: /etc/freeradius/3.0/ freeradius_base_folder: /etc/freeradius/3.0/
freeradius_mods_available_folder: "{{ freeradius_base_folder }}mods-available/" freeradius_mods_available_folder: "{{ freeradius_base_folder }}mods-available/"
freeradius_mods_enabled_folder: "{{ freeradius_base_folder }}mods-enabled/" freeradius_mods_enabled_folder: "{{ freeradius_base_folder }}mods-enabled/"
@ -11,19 +9,5 @@ freeradius_clients_config: "{{ freeradius_base_folder }}clients.conf"
freeradius_mod_ldap: "{{ freeradius_mods_available_folder }}ldap" freeradius_mod_ldap: "{{ freeradius_mods_available_folder }}ldap"
freeradius_filter_config: "{{ freeradius_base_folder }}policy.d/filter" freeradius_filter_config: "{{ freeradius_base_folder }}policy.d/filter"
freeradius_daemon: freeradius freeradius_daemon: freeradius
bindradiusldap_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
31643037313539376337363739616361363339616235623433656131306539373030373731643934
3432656465343430366366646237326137656134346562360a306538303762313261616632643135
39316439653932396134646432633262326631363765643564306565636363356335653539656531
6234636463376364620a636133346337306437643939376531633564633737333133363065633031
61643731646163323636343837373761303930323961653663343135303731623133
bindradiusclient_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62313333666335316231396365653635356639626563613738363137383434343437393833393934
6439646632303536393438306234323862363532393733630a356136393539363161346631623161
37636365653331333735353166646164613732303035613231353237343139623137396364643637
3261656465336435630a666466643734373830633933613266663631343730386530633839386239
62623434663130363637303035363434313566376661356362663238666166343534
freeradius_pam_config: /etc/pam.d/radiusd freeradius_pam_config: /etc/pam.d/radiusd
freeradius_service_config: /lib/systemd/system/freeradius.service freeradius_service_config: /lib/systemd/system/freeradius.service

7
roles/linux-auth/vars/main.yaml
View File

@ -1,7 +0,0 @@
bindpw_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
30343461633538323832316231383362626636653864353535346461353937313131336135396162
3866623238353638323961363239373236393339333134380a313561363030306165393965396234
65316535626434333331633438613639633163643765633064363833303461363834653864646464
3133313233353730620a343536316266393637623563313563613332646630643632366439343764
30383935303161646339393361393130613266663337373364626635646430326465

38
roles/linux-autofs/tasks/main.yaml
View File

@ -1,38 +0,0 @@
- name: Install packages for autofs
apt:
name: "{{ item }}"
state: present
with_items:
- nfs-common
- autofs
- libnfs-utils
- autofs-ldap
- name: Create homes directory
ansible.builtin.file:
path: "{{ path_mnt_homes }}"
state: directory
mode: '0755'
- name: Configure nsswitch
lineinfile:
path: /etc/nsswitch.conf
line: "automount: files"
notify: restart nslcd
- name: Add file homes.autofs configured to autofs
copy:
src: homes.autofs
dest: /etc/auto.master.d/homes.autofs
owner: root
group: root
mode: '0644'
- name: Add file /etc/auto.homes configured to the systemd
copy:
src: auto.homes
dest: /etc/auto.homes
owner: root
group: root
mode: '0644'
notify: restart autofs
- name: Service autofs service
service:
name: autofs
enabled: yes

1
roles/linux-autofs/vars/main.yaml
View File

@ -1 +0,0 @@
path_mnt_homes: /mnt/homes

4
roles/linux-fail2ban/handlers/main.yaml
View File

@ -1,4 +0,0 @@
- name: restart-fail2ban
service:
name: fail2ban
state: restarted

0
roles/linux-hostname/tasks/main.yaml → roles/linux-hostname/tasks/main.yml
View File

4
roles/linux-nrpe/handlers/main.yaml
View File

@ -1,4 +0,0 @@
- name: restart-nrpe
service:
name: nagios-nrpe-server
state: restarted

4
roles/linux-ntp/handlers/main.yaml
View File

@ -1,4 +0,0 @@
- name: restart systemd-timesyncd
service:
name: systemd-timesyncd
state: restarted

4
roles/linux-relayhost/handlers/main.yaml
View File

@ -1,4 +0,0 @@
- name: restart-exim
service:
name: exim4
state: restarted

4
roles/linux-root/handlers/main.yaml
View File

@ -1,4 +0,0 @@
- name: Restart SSH service
service:
name: ssh
state: restarted

0
roles/linux-secure-grub/handlers/main.yaml → roles/linux-secure-grub/handlers/main.yml
View File

0
roles/linux-secure-grub/tasks/main.yaml → roles/linux-secure-grub/tasks/main.yml
View File

12
roles/linux-vn-repo/tasks/main.yaml
View File

@ -1,12 +0,0 @@
- name: Download vn-host Debian package
get_url:
url: "{{ repo_url }}"
dest: "{{ package_path }}"
mode: '0644'
- name: Install package
apt:
deb: "{{ package_path }}"
- name: Delete package
file:
path: "{{ package_path }}"
state: absent

2
roles/linux-vn-repo/vars/main.yaml
View File

@ -1,2 +0,0 @@
repo_url: http://apt.verdnatura.es/pool/main/v/vn-host/vn-host_2.0.2_all.deb
package_path: /tmp/vn-host_2.0.2_all.deb

0
roles/nsupdate/meta/main.yaml → roles/nsupdate/meta/main.yml
View File

2
roles/nsupdate/tasks/main.yaml → roles/nsupdate/tasks/main.yml
View File

@ -1,7 +1,7 @@
- name: Add or modify DNS records A to some IP - name: Add or modify DNS records A to some IP
community.general.nsupdate: community.general.nsupdate:
key_name: "rndc-key" key_name: "rndc-key"
key_secret: "{{ bind9secretkey_password }}" key_secret: "{{ rndc_key }}"
key_algorithm: "hmac-md5" key_algorithm: "hmac-md5"
server: "ns1.verdnatura.es" server: "ns1.verdnatura.es"
zone: "{{ zone_record }}" zone: "{{ zone_record }}"

7
roles/nsupdate/vars/main.yaml
View File

@ -1,7 +0,0 @@
bind9secretkey_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
36386562613235363931396632656535383336313537636431643338353438313231623839313031
3830616135393732353265666664353963393366343461630a633365396165653761353762383739
66303862376465626435633964313237643230653463353662343831646464633639383336323863
6139333234386565620a653438613165626131653834633931343766343162653932373161653362
38303139333536656263656163623333313234393666353766363565633732366165

2
roles/send-mail/tasks/main.yaml → roles/send-mail/tasks/main.yml
View File

@ -3,7 +3,7 @@
host: smtp.verdnatura.es host: smtp.verdnatura.es
port: 465 port: 465
username: awx@verdnatura.es username: awx@verdnatura.es
password: "{{ bindsecretawx_password }}" password: "{{ awx_smtp_password }}"
to: sysadmin@verdnatura.es to: sysadmin@verdnatura.es
subject: Ansible-test subject: Ansible-test
body: System {{ ansible_hostname }} has been send successfully mail. body: System {{ ansible_hostname }} has been send successfully mail.

7
roles/send-mail/vars/main.yaml
View File

@ -1,7 +0,0 @@
bindsecretawx_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62393936623766653737356136353765336265636136616330306537393638646663326663346138
3631616362363163393036613564623864383365633634660a366563363836363061623566393361
37633364633631333130346332613235303762316435313535613664323830656363353237373561
3866653365636431630a303262666662376662623862663461633361333037643863353135343836
61383730366664353730616331666139376234313562383163613736353231666533