vn-ansible/roles/config-base-debian-os/tasks/main.yaml

304 lines
11 KiB
YAML

---
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# update packages
- name: update packages
apt:
name: "*"
state: latest
update_cache: true
force_apt_get: true
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# upgrade packages
- name: upgrade packages
apt:
upgrade: dist
state: latest
force_apt_get: true
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# install packages
- name: install some packages
apt:
name: "{{ item }}"
state: present
with_items:
- vim
- htop
- psmisc
- aptitude
- ncat
- nslcd
- exim4
- usrmerge
- figlet
- rsyslog
# - iptables
- mlocate
- task-spanish
- locales-all
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK BECAUSE THIS TASK ONLY CONFIGURE DEB PACKAGE , it needs to apply reconfigure , but dont works :(
# Reconfigure locales - enable en_US-UTF8 and es_ES-UTF8
#- name: reconfigure locales enable en_US-UTF8 and es_ES-UTF8
# debconf:
# name: locales
# question: locales/default_environment_locale
# value: en_US-UTF8, es_ES-UTF8
# vtype: multiselect
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# !!! WE NEED ANSIBLE COLLECTIONS community.general to use this module 'locale_gen'
- name: reconfigure locales enable es_ES.UTF-8
locale_gen:
name: es_ES.UTF-8
state: present
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK BECAUSE THIS TASK ONLY CONFIGURE DEB PACKAGE , it needs to apply reconfigure , but dont works :(
# Reconfigure timezone - Europe/Madrid
#- name: reconfigure timezone Europe/Madrid
# debconf:
# name: tzdata
# question: "{{ item.question }}"
# value: "{{ item.value }}"
# vtype: select
# with_items:
# - question: "tzdata/Zones/Europe"
# value: "Madrid"
# - question: "tzdata/Areas"
# value: "Europe"
# - question: "tzdata/Zones/Etc"
# value: "UTC"
# notify: update timezone
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# !!! WE NEED ANSIBLE COLLECTIONS community.general to use this module 'timezone'
- name: reconfigure timezone to Europe/Madrid
timezone:
hwclock: "UTC"
name: "Europe/Madrid"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Reconfigure relayhost smtp to smtp.verdnatura.es
- name: reconfigure relayhost to smtp.verdnatura.es
lineinfile:
dest: "{{ exim_configuration_file }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
mode: 0644
with_items:
- regexp: '^dc_eximconfig_configtype'
line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'"
- regexp: '^dc_other_hostnames'
line: "dc_other_hostnames='{{ dc_other_hostnames }}'.verdnatura.es"
- regexp: '^dc_local_interfaces'
line: "dc_local_interfaces='{{ dc_local_interfaces }}'"
- regexp: '^dc_readhost'
line: "dc_readhost='{{ dc_readhost }}'.verdnatura.es"
- regexp: '^dc_relay_domains'
line: "dc_relay_domains='{{ dc_relay_domains }}'"
- regexp: '^dc_minimaldns'
line: "dc_minimaldns='{{ dc_minimaldns }}'"
- regexp: '^dc_relay_nets'
line: "dc_relay_nets='{{ dc_relay_nets }}'"
- regexp: '^dc_smarthost'
line: "dc_smarthost='{{ dc_smarthost }}'"
- regexp: '^CFILEMODE'
line: "CFILEMODE='{{ CFILEMODE }}'"
- regexp: '^dc_use_split_config'
line: "dc_use_split_config='{{ dc_use_split_config }}'"
- regexp: '^dc_hide_mailname'
line: "dc_hide_mailname='{{ dc_hide_mailname }}'"
- regexp: '^dc_mailname_in_oh'
line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'"
- regexp: '^dc_localdelivery'
line: "dc_localdelivery='{{ dc_localdelivery }}'"
notify: restart exim4
register: exim4_config
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# service should start on boot.
- name: service should start on boot
service:
name: "{{ exim_daemon }}"
enabled: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK :(
#- name: reconfigure relayhost to smtp.verdnatura.es
# debconf:
# name: exim4-config
# question: "{{ item.name }}"
# value: "{{ item.value }}"
# vtype: string
# loop:
# - name: exim4/dc_smarthost
# value: smtp.verdnatura.es
# - name: exim4/dc_local_interfaces
# value: ""
# - name: exim4/dc_minimaldns
# value: 'false'
# - name: exim4/dc_readhost
# value: "{{ ansible_nodename }}" # var to define survey(encuesta)
# - name: exim4/dc_other_hostnames
# value: ""
# - name: exim4/dc_eximconfig_configtype
# value: "mail sent by smarthost; no local mail"
# - name: exim4/mailname
# value: "{{ ansible_nodename }}" # var to define survey(encuesta)
# - name: exim4/use_split_config
# value: 'false'
#
# generate master config
#- name: generate master config
# command: update-exim4.conf
# notify: apply reconfig
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# DONT WORK :(
# NEEDS to INSTALL more MODULES with -> ansible-galaxy collection install community.general
#
# Send mail to verify relay-host
#- name: sending mail to verify exim4 config works
# mail:
# host: smtp.verdnatura.es
# port: 465
# subject: Verify Ansible playbook deployment exim4
# body: Hello , this is an e-mail to verify exim4 config works on {{ ansible_facts['ansible_nodename'] }}
# to:
# - informatica@verdnatura.es
# - rubenb@verdnatura.es
# delegate_to: localhost
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Send mail to verify relay-host
# Create file with message
#- name: create file and add line
# lineinfile:
# path: /tmp/messagefileverify
# line: Verify send email from host {{ ansible_nodename }}'.verdnatura.es with mailx , bye.
# create: yes
# Send mail with module shell (shell module accepts pipes "|" , command module dont accept pipes)
- name: sending mail to verify exim4 config works
shell: echo "Verify send email from host {{ ansible_nodename }}.verdnatura.es with mailx , bye." | mailx -s "test mail verify exim4 for the host {{ ansible_nodename }}.verdnatura.es" -c rubenb@verdnatura.es,nada@verdnatura.es,juan@verdnatura.es,davidl@verdnatura.es sysadmin@verdnatura.es
when: exim4_config.changed
# Delete tmp file /tmp/messagefileverify
#- name: delete tmp file /tmp/messagefileverify
# file:
# path: /tmp/messagefileverify
# state: absent
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# configure centralized authentication [nslcd]
# paso1 - Copy
- name: copy file nslcd.conf
copy:
src: nslcd.conf
dest: /etc/nslcd.conf
owner: root
group: nslcd
mode: '0640'
backup: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso2 - lineinfile password with vault
- name: add password with ansible vault to file nslcd.conf
lineinfile:
dest: /etc/nslcd.conf
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^bindpw"
line: "bindpw {{ bindpw_password }}"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso3 - editar lineas fichero /etc/nsswitch.conf
- name: edit file /etc/nsswitch.conf
lineinfile:
dest: /etc/nsswitch.conf
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present
with_items:
- regexp: "^passwd:"
line: "passwd: files systemd ldap"
- regexp: "^group:"
line: "group: files systemd ldap"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso4 - reconfigure PAM to use LDAP
- name: reconfigure PAM to use LDAP
shell: pam-auth-update --enable ldap
notify: restart nslcd
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# service should start on boot.
- name: service should start on boot
service:
name: "{{ nslcd_daemon }}"
enabled: yes
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# configure sudo for sysadmin group
# paso1 - add sysadmin group to sudoers
- name: Add sysadmin group to sudoers
file:
path: /etc/sudoers.d/vn
state: touch
mode: u=rw,g=r,o=r
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# paso2 - add a line to /etc/sudoers.d/vn file
- name: add a line to /etc/sudoers.d/vn file
lineinfile:
path: "/etc/sudoers.d/vn"
line: "%sysadmin ALL=(ALL) NOPASSWD: ALL"
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Secure GRUB edition with password
# paso1 - Proteger grub
- name: GRUB password boot protection
blockinfile:
path: /etc/grub.d/40_custom
block: |
set superusers="{{ user_grub }}"
password_pbkdf2 {{ user_grub }} {{ code_grub }}
notify: grub register
tags:
- grub-password
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Enable VIM options
# step1 - create file vimrc.local
- name: create file vimrc.local
file:
path: "{{ path_vimrclocal }}"
state: touch
mode: '0644'
# step2 - add some options to the file
- name: add some options to vimrc.local
lineinfile:
path: "{{ path_vimrclocal }}"
line: "{{item.line}}"
state: present
with_items:
- line: syntax on
- line: set showcmd
- line: set showmatch
- line: set ignorecase
- line: set smartcase
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Add message to MOTD
- name: add motd message
shell: echo "verdnatura" | figlet >> /etc/motd
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++