Commit | Line | Data |
---|---|---|
f60b613f MW |
1 | ### -*-yaml-*- |
2 | ### | |
3 | ### Tasks applicable for all hosts. | |
4 | ||
3f6c5992 MW |
5 | --- |
6 | ||
7 | ###-------------------------------------------------------------------------- | |
8 | ### General permissions. | |
9 | ||
10 | - name: fix permissions in /root | |
11 | tags: [perms, root-perms] | |
12 | file: name=/root mode=0750 owner=root group=root | |
13 | ||
14 | ###-------------------------------------------------------------------------- | |
15 | ### PKI machinery. | |
16 | ||
17 | - name: install PKI maintenance scripts | |
5fc6de27 | 18 | tags: [pki, pki-scripts] |
3f6c5992 MW |
19 | copy: src=pki/{{ item }} dest=/etc/cron.daily |
20 | with_items: | |
21 | - update-ca-certs | |
22 | - check-x509-certs | |
23 | ||
5fc6de27 MW |
24 | - name: install common PKI files |
25 | tags: [pki, pki-keys] | |
26 | copy: src=pki/{{ item }} dest=/etc/ca | |
27 | with_items: | |
28 | - ca.cert | |
29 | - dh-param.pem | |
30 | - dh-param-2048.pem | |
31 | - openssl.conf | |
32 | ||
33 | - name: install /etc/pki/CA link | |
34 | tags: [pki, pki-link] | |
35 | file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert | |
36 | ||
3f6c5992 MW |
37 | ###-------------------------------------------------------------------------- |
38 | ### NTP configuration. | |
39 | ||
40 | - name: install NTP configuration files | |
41 | tags: [ntp, ntp-client] | |
42 | copy: src=ntp-client/ntp.conf dest=/etc | |
e305b9b0 | 43 | when: ('ntp') not in server |default([]) |
3f6c5992 MW |
44 | notify: restart ntpd |
45 | ||
46 | ###-------------------------------------------------------------------------- | |
5fc6de27 MW |
47 | ### Network databases. |
48 | ||
49 | - name: install netdb files | |
50 | tags: netdb | |
51 | copy: src=netdb/{{ item }} dest=/etc | |
52 | with_items: | |
53 | - hosts | |
54 | - networks | |
55 | - services | |
56 | ||
57 | ###-------------------------------------------------------------------------- | |
3f6c5992 MW |
58 | ### SSH configuration. |
59 | ||
60 | - name: install SSH configuration files | |
61 | tags: [ssh, ssh-config] | |
62 | copy: src=ssh-config/{{ item }} dest=/etc/ssh | |
63 | notify: restart ssh | |
64 | with_items: | |
65 | - Makefile | |
66 | - ssh_config | |
67 | - sshd_config.m4 | |
68 | - moduli | |
69 | ||
70 | - name: install main keys for root SSH access | |
71 | tags: [ssh, ssh-root] | |
3f1ea36d | 72 | template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base |
51370852 | 73 | notify: make in /root/.ssh |
3f6c5992 MW |
74 | |
75 | - name: install keys for root SSH access | |
76 | tags: [ssh, ssh-root] | |
77 | copy: src=ssh-root/{{ item }} dest=/root/.ssh | |
51370852 | 78 | notify: make in /root/.ssh |
3f6c5992 MW |
79 | with_items: |
80 | - Makefile | |
81 | - config.m4 | |
82 | - known_hosts.extra | |
83 | ||
5fc6de27 MW |
84 | ###-------------------------------------------------------------------------- |
85 | ### Backup machinery. | |
86 | ||
87 | - name: install backup filters | |
88 | tags: [backup, backup-filters] | |
89 | copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup | |
90 | with_items: | |
91 | - { label: 'home', dest: '/home' } | |
92 | - { label: 'var-spool', dest: '/var/spool' } | |
93 | ||
94 | - name: install required backup scripts on non-Debian hosts | |
95 | tags: [backup, backup-scripts] | |
96 | copy: src=backup/fshash dest=/usr/local/bin | |
97 | when: os != 'debian' | |
98 | ||
99 | ###-------------------------------------------------------------------------- | |
100 | ### Other miscellaneous files. | |
101 | ||
102 | - name: install sudo configuration | |
103 | tags: [sudo] | |
104 | copy: src=sudo/sudoers dest=/etc | |
105 | ||
106 | - name: install common scripts | |
107 | tags: [scripts] | |
108 | copy: src=scripts/{{ item }} dest=/usr/local/bin | |
109 | with_items: | |
110 | - fetch-unpack-archive | |
111 | - genx509 | |
112 | ||
113 | - name: install root Git configuration | |
114 | tags: [root-files] | |
115 | copy: src=root/gitconfig dest=/root/.gitconfig | |
116 | ||
3f6c5992 | 117 | ###----- That's all, folks -------------------------------------------------- |