193 lines
6.9 KiB
YAML
193 lines
6.9 KiB
YAML
---
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Reconfigure locales - enable en_US-UTF8 and es_ES-UTF8
|
|
- name: reconfigure locales enable en_US-UTF8 and es_ES-UTF8
|
|
debconf:
|
|
name: locales
|
|
question: locales/default_environment_locale
|
|
value: en_US-UTF8, es_ES-UTF8
|
|
vtype: multiselect
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Reconfigure timezone - Europe/Madrid
|
|
- name: reconfigure timezone Europe/Madrid
|
|
debconf:
|
|
name: tzdata
|
|
question: tzdata/Zones/Europe
|
|
value: Madrid
|
|
vtype: select
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# update packages
|
|
- name: update packages
|
|
apt:
|
|
name: "*"
|
|
state: latest
|
|
update_cache: true
|
|
force_apt_get: true
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# upgrade packages
|
|
- name: upgrade packages
|
|
apt:
|
|
upgrade: dist
|
|
state: latest
|
|
force_apt_get: true
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# install packages
|
|
- name: install some packages (vim htop psmisc aptitude)
|
|
apt:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- vim
|
|
- htop
|
|
- psmisc
|
|
- aptitude
|
|
- nslcd
|
|
- exim4
|
|
- fail2ban
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Reconfigure relayhost smtp to smtp.verdnatura.es
|
|
- name: reconfigure relayhost to smtp.verdnatura.es
|
|
lineinfile:
|
|
dest: "{{ exim_configuration_file }}"
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
state: present
|
|
mode: 0644
|
|
with_items:
|
|
- regexp: '^dc_eximconfig_configtype'
|
|
line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'"
|
|
- regexp: '^dc_other_hostnames'
|
|
line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es"
|
|
- regexp: '^dc_local_interfaces'
|
|
line: "dc_local_interfaces='{{ dc_local_interfaces }}'"
|
|
- regexp: '^dc_readhost'
|
|
line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es"
|
|
- regexp: '^dc_relay_domains'
|
|
line: "dc_relay_domains='{{ dc_relay_domains }}'"
|
|
- regexp: '^dc_minimaldns'
|
|
line: "dc_minimaldns='{{ dc_minimaldns }}'"
|
|
- regexp: '^dc_relay_nets'
|
|
line: "dc_relay_nets='{{ dc_relay_nets }}'"
|
|
- regexp: '^dc_smarthost'
|
|
line: "dc_smarthost='{{ dc_smarthost }}'"
|
|
- regexp: '^CFILEMODE'
|
|
line: "CFILEMODE='{{ CFILEMODE }}'"
|
|
- regexp: '^dc_use_split_config'
|
|
line: "dc_use_split_config='{{ dc_use_split_config }}'"
|
|
- regexp: '^dc_hide_mailname'
|
|
line: "dc_hide_mailname='{{ dc_hide_mailname }}'"
|
|
- regexp: '^dc_mailname_in_oh'
|
|
line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'"
|
|
- regexp: '^dc_localdelivery'
|
|
line: "dc_localdelivery='{{ dc_localdelivery }}'"
|
|
notify: restart exim4
|
|
register: exim4_config
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# DONT WORK :(
|
|
#- name: reconfigure relayhost to smtp.verdnatura.es
|
|
# debconf:
|
|
# name: exim4-config
|
|
# question: "{{ item.name }}"
|
|
# value: "{{ item.value }}"
|
|
# vtype: string
|
|
# loop:
|
|
# - name: exim4/dc_smarthost
|
|
# value: smtp.verdnatura.es
|
|
# - name: exim4/dc_local_interfaces
|
|
# value: ""
|
|
# - name: exim4/dc_minimaldns
|
|
# value: 'false'
|
|
# - name: exim4/dc_readhost
|
|
# value: "{{ ansible_nodename }}" # var to define survey(encuesta)
|
|
# - name: exim4/dc_other_hostnames
|
|
# value: ""
|
|
# - name: exim4/dc_eximconfig_configtype
|
|
# value: "mail sent by smarthost; no local mail"
|
|
# - name: exim4/mailname
|
|
# value: "{{ ansible_nodename }}" # var to define survey(encuesta)
|
|
# - name: exim4/use_split_config
|
|
# value: 'false'
|
|
#
|
|
# generate master config
|
|
#- name: generate master config
|
|
# command: update-exim4.conf
|
|
# notify: apply reconfig
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# DONT WORK :(
|
|
# NEEDS to INSTALL more MODULES with -> ansible-galaxy collection install community.general
|
|
#
|
|
# Send mail to verify relay-host
|
|
#- name: sending mail to verify exim4 config works
|
|
# mail:
|
|
# host: smtp.verdnatura.es
|
|
# port: 465
|
|
# subject: Verify Ansible playbook deployment exim4
|
|
# body: Hello , this is an e-mail to verify exim4 config works on {{ ansible_facts['ansible_nodename'] }}
|
|
# to:
|
|
# - informatica@verdnatura.es
|
|
# - rubenb@verdnatura.es
|
|
# delegate_to: localhost
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Send mail to verify relay-host
|
|
# Create file with message
|
|
#- name: create file and add line
|
|
# lineinfile:
|
|
# path: /tmp/messagefileverify
|
|
# line: Verify send email from host {{ ansible_nodename }}'.verdnatura.es with mailx , bye.
|
|
# create: yes
|
|
# Send mail with module shell (shell module accepts pipes "|" , command module dont accept pipes)
|
|
- name: sending mail to verify exim4 config works
|
|
shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es informatica@verdnatura.es
|
|
when: exim4_config.changed
|
|
# Delete tmp file /tmp/messagefileverify
|
|
#- name: delete tmp file /tmp/messagefileverify
|
|
# file:
|
|
# path: /tmp/messagefileverify
|
|
# state: absent
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# configure centralized authentication [nslcd]
|
|
# paso1 - Copy
|
|
|
|
# paso2 - lineinfile password with vault
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Proteger grub
|
|
- name: GRUB se password boot protection
|
|
blockinfile:
|
|
path: /etc/grub.d/40_custom
|
|
block: |
|
|
set superusers="{{ user_grub }}"
|
|
password_pbkdf2 {{ user_grub }} {{ code_grub }}
|
|
register: grub_register
|
|
|
|
# update grub
|
|
- name: update grub config
|
|
command: update-grub
|
|
when: grub_register.changed
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Install and configure FAIL2BAN
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |