280 lines
9.8 KiB
YAML
280 lines
9.8 KiB
YAML
---
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Reconfigure locales - enable en_US-UTF8 and es_ES-UTF8
|
|
- name: reconfigure locales enable en_US-UTF8 and es_ES-UTF8
|
|
debconf:
|
|
name: locales
|
|
question: locales/default_environment_locale
|
|
value: en_US-UTF8, es_ES-UTF8
|
|
vtype: multiselect
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Reconfigure timezone - Europe/Madrid
|
|
- name: reconfigure timezone Europe/Madrid
|
|
debconf:
|
|
name: tzdata
|
|
question: tzdata/Zones/Europe
|
|
value: Madrid
|
|
vtype: select
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# update packages
|
|
- name: update packages
|
|
apt:
|
|
name: "*"
|
|
state: latest
|
|
update_cache: true
|
|
force_apt_get: true
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# upgrade packages
|
|
- name: upgrade packages
|
|
apt:
|
|
upgrade: dist
|
|
state: latest
|
|
force_apt_get: true
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# install packages
|
|
- name: install some packages (vim htop psmisc aptitude)
|
|
apt:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- vim
|
|
- htop
|
|
- psmisc
|
|
- aptitude
|
|
- ncat
|
|
- nslcd
|
|
- exim4
|
|
- usrmerge
|
|
- figlet
|
|
- rsyslog
|
|
# - iptables
|
|
- mlocate
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Reconfigure relayhost smtp to smtp.verdnatura.es
|
|
- name: reconfigure relayhost to smtp.verdnatura.es
|
|
lineinfile:
|
|
dest: "{{ exim_configuration_file }}"
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
state: present
|
|
mode: 0644
|
|
with_items:
|
|
- regexp: '^dc_eximconfig_configtype'
|
|
line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'"
|
|
- regexp: '^dc_other_hostnames'
|
|
line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es"
|
|
- regexp: '^dc_local_interfaces'
|
|
line: "dc_local_interfaces='{{ dc_local_interfaces }}'"
|
|
- regexp: '^dc_readhost'
|
|
line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es"
|
|
- regexp: '^dc_relay_domains'
|
|
line: "dc_relay_domains='{{ dc_relay_domains }}'"
|
|
- regexp: '^dc_minimaldns'
|
|
line: "dc_minimaldns='{{ dc_minimaldns }}'"
|
|
- regexp: '^dc_relay_nets'
|
|
line: "dc_relay_nets='{{ dc_relay_nets }}'"
|
|
- regexp: '^dc_smarthost'
|
|
line: "dc_smarthost='{{ dc_smarthost }}'"
|
|
- regexp: '^CFILEMODE'
|
|
line: "CFILEMODE='{{ CFILEMODE }}'"
|
|
- regexp: '^dc_use_split_config'
|
|
line: "dc_use_split_config='{{ dc_use_split_config }}'"
|
|
- regexp: '^dc_hide_mailname'
|
|
line: "dc_hide_mailname='{{ dc_hide_mailname }}'"
|
|
- regexp: '^dc_mailname_in_oh'
|
|
line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'"
|
|
- regexp: '^dc_localdelivery'
|
|
line: "dc_localdelivery='{{ dc_localdelivery }}'"
|
|
notify: restart exim4
|
|
register: exim4_config
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# service should start on boot.
|
|
- name: service should start on boot
|
|
service:
|
|
name: "{{ exim_daemon }}"
|
|
enabled: yes
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# DONT WORK :(
|
|
#- name: reconfigure relayhost to smtp.verdnatura.es
|
|
# debconf:
|
|
# name: exim4-config
|
|
# question: "{{ item.name }}"
|
|
# value: "{{ item.value }}"
|
|
# vtype: string
|
|
# loop:
|
|
# - name: exim4/dc_smarthost
|
|
# value: smtp.verdnatura.es
|
|
# - name: exim4/dc_local_interfaces
|
|
# value: ""
|
|
# - name: exim4/dc_minimaldns
|
|
# value: 'false'
|
|
# - name: exim4/dc_readhost
|
|
# value: "{{ ansible_nodename }}" # var to define survey(encuesta)
|
|
# - name: exim4/dc_other_hostnames
|
|
# value: ""
|
|
# - name: exim4/dc_eximconfig_configtype
|
|
# value: "mail sent by smarthost; no local mail"
|
|
# - name: exim4/mailname
|
|
# value: "{{ ansible_nodename }}" # var to define survey(encuesta)
|
|
# - name: exim4/use_split_config
|
|
# value: 'false'
|
|
#
|
|
# generate master config
|
|
#- name: generate master config
|
|
# command: update-exim4.conf
|
|
# notify: apply reconfig
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# DONT WORK :(
|
|
# NEEDS to INSTALL more MODULES with -> ansible-galaxy collection install community.general
|
|
#
|
|
# Send mail to verify relay-host
|
|
#- name: sending mail to verify exim4 config works
|
|
# mail:
|
|
# host: smtp.verdnatura.es
|
|
# port: 465
|
|
# subject: Verify Ansible playbook deployment exim4
|
|
# body: Hello , this is an e-mail to verify exim4 config works on {{ ansible_facts['ansible_nodename'] }}
|
|
# to:
|
|
# - informatica@verdnatura.es
|
|
# - rubenb@verdnatura.es
|
|
# delegate_to: localhost
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Send mail to verify relay-host
|
|
# Create file with message
|
|
#- name: create file and add line
|
|
# lineinfile:
|
|
# path: /tmp/messagefileverify
|
|
# line: Verify send email from host {{ ansible_nodename }}'.verdnatura.es with mailx , bye.
|
|
# create: yes
|
|
# Send mail with module shell (shell module accepts pipes "|" , command module dont accept pipes)
|
|
- name: sending mail to verify exim4 config works
|
|
shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es sysadmin@verdnatura.es
|
|
when: exim4_config.changed
|
|
# Delete tmp file /tmp/messagefileverify
|
|
#- name: delete tmp file /tmp/messagefileverify
|
|
# file:
|
|
# path: /tmp/messagefileverify
|
|
# state: absent
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# configure centralized authentication [nslcd]
|
|
# paso1 - Copy
|
|
- name: copy file nslcd.conf
|
|
copy:
|
|
src: nslcd.conf
|
|
dest: /etc/nslcd.conf
|
|
owner: root
|
|
group: nslcd
|
|
mode: '0640'
|
|
backup: yes
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# paso2 - lineinfile password with vault
|
|
- name: add password with ansible vault to file nslcd.conf
|
|
lineinfile:
|
|
dest: /etc/nslcd.conf
|
|
regexp: "{{item.regexp}}"
|
|
line: "{{item.line}}"
|
|
state: present
|
|
with_items:
|
|
- regexp: "^bindpw"
|
|
line: "bindpw {{ bindpw_password }}"
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# paso3 - editar lineas fichero /etc/nsswitch.conf
|
|
- name: edit file /etc/nsswitch.conf
|
|
lineinfile:
|
|
dest: /etc/nsswitch.conf
|
|
regexp: "{{item.regexp}}"
|
|
line: "{{item.line}}"
|
|
state: present
|
|
with_items:
|
|
- regexp: "^passwd:"
|
|
line: "passwd: files systemd ldap"
|
|
- regexp: "^group:"
|
|
line: "group: files systemd ldap"
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# paso4 - reconfigure PAM to use LDAP
|
|
- name: reconfigure PAM to use LDAP
|
|
shell: pam-auth-update --enable ldap
|
|
notify: restart nslcd
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# service should start on boot.
|
|
- name: service should start on boot
|
|
service:
|
|
name: "{{ nslcd_daemon }}"
|
|
enabled: yes
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# configure sudo for sysadmin group
|
|
# paso1 - add sysadmin group to sudoers
|
|
- name: Add sysadmin group to sudoers
|
|
file:
|
|
path: /etc/sudoers.d/vn
|
|
state: touch
|
|
mode: u=rw,g=r,o=r
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# paso2 - add a line to /etc/sudoers.d/vn file
|
|
- name: add a line to /etc/sudoers.d/vn file
|
|
lineinfile:
|
|
path: "/etc/sudoers.d/vn"
|
|
line: "%sysadmin ALL=(ALL) NOPASSWD: ALL"
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Secure GRUB edition with password
|
|
# paso1 - Proteger grub
|
|
- name: GRUB password boot protection
|
|
blockinfile:
|
|
path: /etc/grub.d/40_custom
|
|
block: |
|
|
set superusers="{{ user_grub }}"
|
|
password_pbkdf2 {{ user_grub }} {{ code_grub }}
|
|
notify: grub register
|
|
tags:
|
|
- grub-password
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Enable VIM options
|
|
# step1 - create file vimrc.local
|
|
- name: create file vimrc.local
|
|
file:
|
|
path: "{{ path_vimrclocal }}"
|
|
state: touch
|
|
mode: '0644'
|
|
# step2 - add some options to the file
|
|
- name: add some options to vimrc.local
|
|
lineinfile:
|
|
path: "{{ path_vimrclocal }}"
|
|
line: "{{item.line}}"
|
|
state: present
|
|
with_items:
|
|
- line: syntax on
|
|
- line: set showcmd
|
|
- line: set showmatch
|
|
- line: set ignorecase
|
|
- line: set smartcase
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Add message to MOTD
|
|
- name: add motd message
|
|
shell: echo "verdnatura" | figlet >> /etc/motd
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |