[distorted-ansible] / roles / common / tasks / main.yml

### -*-yaml-*-
###
### Tasks applicable for all hosts.

---

###--------------------------------------------------------------------------
### General permissions.

- name: fix permissions in /root
  tags: [perms, root-perms]
  file: path=/root/ mode=0750 owner=root group=root

###--------------------------------------------------------------------------
### PKI machinery.

- name: install PKI maintenance scripts
  tags: [pki, pki-scripts]
  copy: src=pki/{{ item }} dest=/etc/cron.daily/
  with_items:
    - update-ca-certs
    - check-x509-certs

- name: install common PKI files
  tags: [pki, pki-keys]
  copy: src=pki/{{ item }} dest=/etc/ca/
  with_items:
    - ca.cert
    - dh-param.pem
    - dh-param-2048.pem
    - openssl.conf

- name: install /etc/pki/CA link
  tags: [pki, pki-link]
  file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert

###--------------------------------------------------------------------------
### NTP configuration.

- name: install NTP client configuration files
  tags: [ntp, ntp-client]
  copy: src=ntp-client/ntp.conf dest=/etc/
  when: ('ntp') not in server |default([])
  notify: restart ntpd

###--------------------------------------------------------------------------
### Network databases.

- name: install netdb files
  tags: [netdb]
  copy: src=netdb/{{ item }} dest=/etc/
  with_items:
    - hosts
    - networks
    - services

###--------------------------------------------------------------------------
### SSH configuration.

- name: install SSH configuration files
  tags: [ssh, ssh-config]
  copy: src=ssh-config/{{ item }} dest=/etc/ssh/
  notify:
    - make in /etc/ssh/
    - restart ssh
  with_items:
    - Makefile
    - ssh_config
    - sshd_config.m4
    - moduli

- name: "create root's .ssh/ directory"
  tags: [ssh, ssh-root]
  file: path=/root/.ssh/ state=directory mode=0750

- name: install main keys for root SSH access
  tags: [ssh, ssh-root]
  template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
  notify: make in /root/.ssh/

- name: install keys for root SSH access
  tags: [ssh, ssh-root]
  copy: src=ssh-root/{{ item }} dest=/root/.ssh/
  notify: make in /root/.ssh/
  with_items:
    - Makefile
    - config.m4
    - known_hosts.extra

###--------------------------------------------------------------------------
### Backup machinery.

- name: install backup filters
  tags: [backup, backup-filters]
  copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup
  with_items:
    - { label: 'home', dest: '/home' }
    - { label: 'var-spool', dest: '/var/spool' }

- name: install required backup scripts on non-Debian hosts
  tags: [backup, backup-scripts]
  copy: src=backup/fshash dest=/usr/local/bin/
  when: os != 'debian'

###--------------------------------------------------------------------------
### Other miscellaneous files.

- name: install sudo configuration
  tags: [sudo]
  copy: src=sudo/sudoers dest=/etc/

- name: install common scripts
  tags: [scripts]
  copy: src=scripts/{{ item }} dest=/usr/local/bin/
  with_items:
    - fetch-unpack-archive
    - genx509

- name: install root Git configuration
  tags: [root-files]
  copy: src=root/gitconfig dest=/root/.gitconfig

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
f60b613f MW	1	### --yaml--
	2	###
	3	### Tasks applicable for all hosts.
	4
3f6c5992 MW	5	---
	6
	7	###--------------------------------------------------------------------------
	8	### General permissions.
	9
	10	- name: fix permissions in /root
	11	tags: [perms, root-perms]
90f05477	12	file: path=/root/ mode=0750 owner=root group=root
3f6c5992 MW	13
	14	###--------------------------------------------------------------------------
	15	### PKI machinery.
	16
	17	- name: install PKI maintenance scripts
5fc6de27	18	tags: [pki, pki-scripts]
c2d9e197	19	copy: src=pki/{{ item }} dest=/etc/cron.daily/
3f6c5992 MW	20	with_items:
	21	- update-ca-certs
	22	- check-x509-certs
	23
5fc6de27 MW	24	- name: install common PKI files
5fc6de27 MW	25	tags: [pki, pki-keys]
c2d9e197	26	copy: src=pki/{{ item }} dest=/etc/ca/
5fc6de27 MW	27	with_items:
	28	- ca.cert
	29	- dh-param.pem
	30	- dh-param-2048.pem
	31	- openssl.conf
	32
	33	- name: install /etc/pki/CA link
	34	tags: [pki, pki-link]
	35	file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert
	36
3f6c5992 MW	37	###--------------------------------------------------------------------------
	38	### NTP configuration.
	39
c65227e3	40	- name: install NTP client configuration files
3f6c5992	41	tags: [ntp, ntp-client]
c2d9e197	42	copy: src=ntp-client/ntp.conf dest=/etc/
e305b9b0	43	when: ('ntp') not in server \|default([])
3f6c5992 MW	44	notify: restart ntpd
	45
	46	###--------------------------------------------------------------------------
5fc6de27 MW	47	### Network databases.
	48
	49	- name: install netdb files
9b7aea2f	50	tags: [netdb]
c2d9e197	51	copy: src=netdb/{{ item }} dest=/etc/
5fc6de27 MW	52	with_items:
	53	- hosts
	54	- networks
	55	- services
	56
	57	###--------------------------------------------------------------------------
3f6c5992 MW	58	### SSH configuration.
	59
	60	- name: install SSH configuration files
	61	tags: [ssh, ssh-config]
c2d9e197	62	copy: src=ssh-config/{{ item }} dest=/etc/ssh/
e62fa6a0 MW	63	notify:
	64	- make in /etc/ssh/
	65	- restart ssh
3f6c5992 MW	66	with_items:
	67	- Makefile
	68	- ssh_config
	69	- sshd_config.m4
	70	- moduli
	71
e595500b MW	72	- name: "create root's .ssh/ directory"
	73	tags: [ssh, ssh-root]
	74	file: path=/root/.ssh/ state=directory mode=0750
	75
3f6c5992 MW	76	- name: install main keys for root SSH access
3f6c5992 MW	77	tags: [ssh, ssh-root]
3f1ea36d	78	template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
90f05477	79	notify: make in /root/.ssh/
3f6c5992 MW	80
	81	- name: install keys for root SSH access
	82	tags: [ssh, ssh-root]
c2d9e197	83	copy: src=ssh-root/{{ item }} dest=/root/.ssh/
90f05477	84	notify: make in /root/.ssh/
3f6c5992 MW	85	with_items:
	86	- Makefile
	87	- config.m4
	88	- known_hosts.extra
	89
5fc6de27 MW	90	###--------------------------------------------------------------------------
	91	### Backup machinery.
	92
	93	- name: install backup filters
	94	tags: [backup, backup-filters]
	95	copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup
	96	with_items:
	97	- { label: 'home', dest: '/home' }
	98	- { label: 'var-spool', dest: '/var/spool' }
	99
	100	- name: install required backup scripts on non-Debian hosts
	101	tags: [backup, backup-scripts]
c2d9e197	102	copy: src=backup/fshash dest=/usr/local/bin/
5fc6de27 MW	103	when: os != 'debian'
	104
	105	###--------------------------------------------------------------------------
	106	### Other miscellaneous files.
	107
	108	- name: install sudo configuration
	109	tags: [sudo]
c2d9e197	110	copy: src=sudo/sudoers dest=/etc/
5fc6de27 MW	111
	112	- name: install common scripts
	113	tags: [scripts]
c2d9e197	114	copy: src=scripts/{{ item }} dest=/usr/local/bin/
5fc6de27 MW	115	with_items:
	116	- fetch-unpack-archive
	117	- genx509
	118
	119	- name: install root Git configuration
	120	tags: [root-files]
	121	copy: src=root/gitconfig dest=/root/.gitconfig
	122
3f6c5992	123	###----- That's all, folks --------------------------------------------------