--- #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Reconfigure locales - enable en_US-UTF8 and es_ES-UTF8 - name: reconfigure locales enable en_US-UTF8 and es_ES-UTF8 debconf: name: locales question: locales/default_environment_locale value: en_US-UTF8, es_ES-UTF8 vtype: multiselect #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Reconfigure timezone - Europe/Madrid - name: reconfigure timezone Europe/Madrid debconf: name: tzdata question: tzdata/Zones/Europe value: Madrid vtype: select #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # update packages - name: update packages apt: name: "*" state: latest update_cache: true force_apt_get: true #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # upgrade packages - name: upgrade packages apt: upgrade: dist state: latest force_apt_get: true #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # install packages - name: install some packages (vim htop psmisc aptitude) apt: name: "{{ item }}" state: present with_items: - vim - htop - psmisc - aptitude - nslcd - exim4 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Reconfigure relayhost smtp to smtp.verdnatura.es - name: reconfigure relayhost to smtp.verdnatura.es lineinfile: dest: "{{ exim_configuration_file }}" regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present mode: 0644 with_items: - regexp: '^dc_eximconfig_configtype' line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'" - regexp: '^dc_other_hostnames' line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es" - regexp: '^dc_local_interfaces' line: "dc_local_interfaces='{{ dc_local_interfaces }}'" - regexp: '^dc_readhost' line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es" - regexp: '^dc_relay_domains' line: "dc_relay_domains='{{ dc_relay_domains }}'" - regexp: '^dc_minimaldns' line: "dc_minimaldns='{{ dc_minimaldns }}'" - regexp: '^dc_relay_nets' line: "dc_relay_nets='{{ dc_relay_nets }}'" - regexp: '^dc_smarthost' line: "dc_smarthost='{{ dc_smarthost }}'" - regexp: '^CFILEMODE' line: "CFILEMODE='{{ CFILEMODE }}'" - regexp: '^dc_use_split_config' line: "dc_use_split_config='{{ dc_use_split_config }}'" - regexp: '^dc_hide_mailname' line: "dc_hide_mailname='{{ dc_hide_mailname }}'" - regexp: '^dc_mailname_in_oh' line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'" - regexp: '^dc_localdelivery' line: "dc_localdelivery='{{ dc_localdelivery }}'" notify: restart exim4 register: exim4_config #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # DONT WORK :( #- name: reconfigure relayhost to smtp.verdnatura.es # debconf: # name: exim4-config # question: "{{ item.name }}" # value: "{{ item.value }}" # vtype: string # loop: # - name: exim4/dc_smarthost # value: smtp.verdnatura.es # - name: exim4/dc_local_interfaces # value: "" # - name: exim4/dc_minimaldns # value: 'false' # - name: exim4/dc_readhost # value: "{{ ansible_nodename }}" # var to define survey(encuesta) # - name: exim4/dc_other_hostnames # value: "" # - name: exim4/dc_eximconfig_configtype # value: "mail sent by smarthost; no local mail" # - name: exim4/mailname # value: "{{ ansible_nodename }}" # var to define survey(encuesta) # - name: exim4/use_split_config # value: 'false' # # generate master config #- name: generate master config # command: update-exim4.conf # notify: apply reconfig #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # DONT WORK :( # NEEDS to INSTALL more MODULES with -> ansible-galaxy collection install community.general # # Send mail to verify relay-host #- name: sending mail to verify exim4 config works # mail: # host: smtp.verdnatura.es # port: 465 # subject: Verify Ansible playbook deployment exim4 # body: Hello , this is an e-mail to verify exim4 config works on {{ ansible_facts['ansible_nodename'] }} # to: # - informatica@verdnatura.es # - rubenb@verdnatura.es # delegate_to: localhost #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Send mail to verify relay-host # Create file with message #- name: create file and add line # lineinfile: # path: /tmp/messagefileverify # line: Verify send email from host {{ ansible_nodename }}'.verdnatura.es with mailx , bye. # create: yes # Send mail with module shell (shell module accepts pipes "|" , command module dont accept pipes) - name: sending mail to verify exim4 config works shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es informatica@verdnatura.es when: exim4_config.changed # Delete tmp file /tmp/messagefileverify #- name: delete tmp file /tmp/messagefileverify # file: # path: /tmp/messagefileverify # state: absent #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # configure centralized authentication [nslcd] # paso1 - Copy - name: copy file nslcd.conf copy: src: nslcd.conf dest: /etc/nslcd.conf owner: root group: nslcd mode: '0640' backup: yes #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # paso2 - lineinfile password with vault - name: add password with ansible vault to file nslcd.conf lineinfile: dest: /etc/nslcd.conf regexp: "{{item.regexp}}" line: "{{item.line}}" state: present with_items: - regexp: "^bindpw" line: "bindpw {{ bindpw_password }}" #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # paso3 - editar lineas fichero /etc/nsswitch.conf - name: edit file /etc/nsswitch.conf lineinfile: dest: /etc/nsswitch.conf regexp: "{{item.regexp}}" line: "{{item.line}}" state: present with_items: - regexp: "^passwd:" line: "passwd: files systemd ldap" - regexp: "^group:" line: "group: files systemd ldap" #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # paso4 - reconfigure PAM to use LDAP - name: reconfigure PAM to use LDAP shell: pam-auth-update --enable ldap notify: restart nslcd #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # configure sudo for sysadmin group # paso1 - add sysadmin group to sudoers - name: Add sysadmin group to sudoers file: path: /etc/sudoers.d/vn state: touch mode: u=rw,g=r,o=r #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # paso2 - add a line to /etc/sudoers.d/vn file - name: add a line to /etc/sudoers.d/vn file lineinfile: path: "/etc/sudoers.d/vn" line: "%sysadmin ALL=(ALL) NOPASSWD: ALL" #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Secure GRUB edition with password # paso1 - Proteger grub - name: GRUB password boot protection blockinfile: path: /etc/grub.d/40_custom block: | set superusers="{{ user_grub }}" password_pbkdf2 {{ user_grub }} {{ code_grub }} register: grub_register #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # paso2 - update grub - name: update grub config command: update-grub when: grub_register.changed #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++