[distorted-ansible] / roles / common / tasks / main.yml

### -*-yaml-*-
###
### Tasks applicable for all hosts.

---

###--------------------------------------------------------------------------
### General permissions.

- name: fix permissions in /root
  tags: [perms, root-perms]
  file: name=/root mode=0750 owner=root group=root

###--------------------------------------------------------------------------
### PKI machinery.

- name: install PKI maintenance scripts
  tags: [pki]
  copy: src=pki/{{ item }} dest=/etc/cron.daily
  with_items:
    - update-ca-certs
    - check-x509-certs

###--------------------------------------------------------------------------
### NTP configuration.

- name: install NTP configuration files
  tags: [ntp, ntp-client]
  copy: src=ntp-client/ntp.conf dest=/etc
  when: server is not defined or 'ntp' not in server
  notify: restart ntpd

###--------------------------------------------------------------------------
### SSH configuration.

- name: install SSH configuration files
  tags: [ssh, ssh-config]
  copy: src=ssh-config/{{ item }} dest=/etc/ssh
  notify: restart ssh
  with_items:
    - Makefile
    - ssh_config
    - sshd_config.m4
    - moduli

- name: install main keys for root SSH access
  tags: [ssh, ssh-root]
  template: src=ssh-root-authkeys dest=/root/.ssh/authkeys.base
  notify: make in /root/.ssh

- name: install keys for root SSH access
  tags: [ssh, ssh-root]
  copy: src=ssh-root/{{ item }} dest=/root/.ssh
  notify: make in /root/.ssh
  with_items:
    - Makefile
    - config.m4
    - known_hosts.extra

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
f60b613f MW	1	### --yaml--
	2	###
	3	### Tasks applicable for all hosts.
	4
3f6c5992 MW	5	---
	6
	7	###--------------------------------------------------------------------------
	8	### General permissions.
	9
	10	- name: fix permissions in /root
	11	tags: [perms, root-perms]
	12	file: name=/root mode=0750 owner=root group=root
	13
	14	###--------------------------------------------------------------------------
	15	### PKI machinery.
	16
	17	- name: install PKI maintenance scripts
	18	tags: [pki]
	19	copy: src=pki/{{ item }} dest=/etc/cron.daily
	20	with_items:
	21	- update-ca-certs
	22	- check-x509-certs
	23
	24	###--------------------------------------------------------------------------
	25	### NTP configuration.
	26
	27	- name: install NTP configuration files
	28	tags: [ntp, ntp-client]
	29	copy: src=ntp-client/ntp.conf dest=/etc
	30	when: server is not defined or 'ntp' not in server
	31	notify: restart ntpd
	32
	33	###--------------------------------------------------------------------------
	34	### SSH configuration.
	35
	36	- name: install SSH configuration files
	37	tags: [ssh, ssh-config]
	38	copy: src=ssh-config/{{ item }} dest=/etc/ssh
	39	notify: restart ssh
	40	with_items:
	41	- Makefile
	42	- ssh_config
	43	- sshd_config.m4
	44	- moduli
	45
	46	- name: install main keys for root SSH access
	47	tags: [ssh, ssh-root]
	48	template: src=ssh-root-authkeys dest=/root/.ssh/authkeys.base
51370852	49	notify: make in /root/.ssh
3f6c5992 MW	50
	51	- name: install keys for root SSH access
	52	tags: [ssh, ssh-root]
	53	copy: src=ssh-root/{{ item }} dest=/root/.ssh
51370852	54	notify: make in /root/.ssh
3f6c5992 MW	55	with_items:
	56	- Makefile
	57	- config.m4
	58	- known_hosts.extra
	59
	60	###----- That's all, folks --------------------------------------------------