Commit | Line | Data |
---|---|---|
f60b613f MW |
1 | ### -*-yaml-*- |
2 | ### | |
3 | ### Tasks applicable for all hosts. | |
4 | ||
3f6c5992 MW |
5 | --- |
6 | ||
7 | ###-------------------------------------------------------------------------- | |
8 | ### General permissions. | |
9 | ||
10 | - name: fix permissions in /root | |
11 | tags: [perms, root-perms] | |
90f05477 | 12 | file: path=/root/ mode=0750 owner=root group=root |
3f6c5992 MW |
13 | |
14 | ###-------------------------------------------------------------------------- | |
15 | ### PKI machinery. | |
16 | ||
17 | - name: install PKI maintenance scripts | |
5fc6de27 | 18 | tags: [pki, pki-scripts] |
c2d9e197 | 19 | copy: src=pki/{{ item }} dest=/etc/cron.daily/ |
3f6c5992 MW |
20 | with_items: |
21 | - update-ca-certs | |
22 | - check-x509-certs | |
23 | ||
5fc6de27 MW |
24 | - name: install common PKI files |
25 | tags: [pki, pki-keys] | |
c2d9e197 | 26 | copy: src=pki/{{ item }} dest=/etc/ca/ |
5fc6de27 MW |
27 | with_items: |
28 | - ca.cert | |
29 | - dh-param.pem | |
30 | - dh-param-2048.pem | |
31 | - openssl.conf | |
32 | ||
33 | - name: install /etc/pki/CA link | |
34 | tags: [pki, pki-link] | |
35 | file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert | |
36 | ||
3f6c5992 MW |
37 | ###-------------------------------------------------------------------------- |
38 | ### NTP configuration. | |
39 | ||
c65227e3 | 40 | - name: install NTP client configuration files |
3f6c5992 | 41 | tags: [ntp, ntp-client] |
c2d9e197 | 42 | copy: src=ntp-client/ntp.conf dest=/etc/ |
e305b9b0 | 43 | when: ('ntp') not in server |default([]) |
3f6c5992 MW |
44 | notify: restart ntpd |
45 | ||
46 | ###-------------------------------------------------------------------------- | |
5fc6de27 MW |
47 | ### Network databases. |
48 | ||
49 | - name: install netdb files | |
50 | tags: netdb | |
c2d9e197 | 51 | copy: src=netdb/{{ item }} dest=/etc/ |
5fc6de27 MW |
52 | with_items: |
53 | - hosts | |
54 | - networks | |
55 | - services | |
56 | ||
57 | ###-------------------------------------------------------------------------- | |
3f6c5992 MW |
58 | ### SSH configuration. |
59 | ||
60 | - name: install SSH configuration files | |
61 | tags: [ssh, ssh-config] | |
c2d9e197 | 62 | copy: src=ssh-config/{{ item }} dest=/etc/ssh/ |
3f6c5992 MW |
63 | notify: restart ssh |
64 | with_items: | |
65 | - Makefile | |
66 | - ssh_config | |
67 | - sshd_config.m4 | |
68 | - moduli | |
69 | ||
e595500b MW |
70 | - name: "create root's .ssh/ directory" |
71 | tags: [ssh, ssh-root] | |
72 | file: path=/root/.ssh/ state=directory mode=0750 | |
73 | ||
3f6c5992 MW |
74 | - name: install main keys for root SSH access |
75 | tags: [ssh, ssh-root] | |
3f1ea36d | 76 | template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base |
90f05477 | 77 | notify: make in /root/.ssh/ |
3f6c5992 MW |
78 | |
79 | - name: install keys for root SSH access | |
80 | tags: [ssh, ssh-root] | |
c2d9e197 | 81 | copy: src=ssh-root/{{ item }} dest=/root/.ssh/ |
90f05477 | 82 | notify: make in /root/.ssh/ |
3f6c5992 MW |
83 | with_items: |
84 | - Makefile | |
85 | - config.m4 | |
86 | - known_hosts.extra | |
87 | ||
5fc6de27 MW |
88 | ###-------------------------------------------------------------------------- |
89 | ### Backup machinery. | |
90 | ||
91 | - name: install backup filters | |
92 | tags: [backup, backup-filters] | |
93 | copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup | |
94 | with_items: | |
95 | - { label: 'home', dest: '/home' } | |
96 | - { label: 'var-spool', dest: '/var/spool' } | |
97 | ||
98 | - name: install required backup scripts on non-Debian hosts | |
99 | tags: [backup, backup-scripts] | |
c2d9e197 | 100 | copy: src=backup/fshash dest=/usr/local/bin/ |
5fc6de27 MW |
101 | when: os != 'debian' |
102 | ||
103 | ###-------------------------------------------------------------------------- | |
104 | ### Other miscellaneous files. | |
105 | ||
106 | - name: install sudo configuration | |
107 | tags: [sudo] | |
c2d9e197 | 108 | copy: src=sudo/sudoers dest=/etc/ |
5fc6de27 MW |
109 | |
110 | - name: install common scripts | |
111 | tags: [scripts] | |
c2d9e197 | 112 | copy: src=scripts/{{ item }} dest=/usr/local/bin/ |
5fc6de27 MW |
113 | with_items: |
114 | - fetch-unpack-archive | |
115 | - genx509 | |
116 | ||
117 | - name: install root Git configuration | |
118 | tags: [root-files] | |
119 | copy: src=root/gitconfig dest=/root/.gitconfig | |
120 | ||
3f6c5992 | 121 | ###----- That's all, folks -------------------------------------------------- |