~mdw / distorted-ansible / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
New role for Debian-specific configuration.
[distorted-ansible] / roles / common / tasks / main.yml
CommitLineData
f60b613f
MW		 1### -*-yaml-*-
2###
3### Tasks applicable for all hosts.
4
3f6c5992
MW		 5---
6
7###--------------------------------------------------------------------------
8### General permissions.
9
10- name: fix permissions in /root
11 tags: [perms, root-perms]
90f05477 12 file: path=/root/ mode=0750 owner=root group=root
3f6c5992
MW		 13
14###--------------------------------------------------------------------------
15### PKI machinery.
16
5fc6de27
MW		 17- name: install common PKI files
18 tags: [pki, pki-keys]
c2d9e197 19 copy: src=pki/{{ item }} dest=/etc/ca/
5fc6de27
MW		 20 with_items:
21 - ca.cert
22 - dh-param.pem
23 - dh-param-2048.pem
24 - openssl.conf
25
26- name: install /etc/pki/CA link
27 tags: [pki, pki-link]
28 file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert
29
3f6c5992
MW		 30###--------------------------------------------------------------------------
31### NTP configuration.
32
c65227e3 33- name: install NTP client configuration files
3f6c5992 34 tags: [ntp, ntp-client]
c2d9e197 35 copy: src=ntp-client/ntp.conf dest=/etc/
e305b9b0 36 when: ('ntp') not in server |default([])
3f6c5992
MW		 37 notify: restart ntpd
38
39###--------------------------------------------------------------------------
5fc6de27
MW		 40### Network databases.
41
42- name: install netdb files
9b7aea2f 43 tags: [netdb]
c2d9e197 44 copy: src=netdb/{{ item }} dest=/etc/
5fc6de27
MW		 45 with_items:
46 - hosts
47 - networks
48 - services
49
50###--------------------------------------------------------------------------
3f6c5992
MW		 51### SSH configuration.
52
53- name: install SSH configuration files
54 tags: [ssh, ssh-config]
c2d9e197 55 copy: src=ssh-config/{{ item }} dest=/etc/ssh/
e62fa6a0
MW		 56 notify:
57 - make in /etc/ssh/
58 - restart ssh
3f6c5992
MW		 59 with_items:
60 - Makefile
61 - ssh_config
62 - sshd_config.m4
63 - moduli
64
e595500b
MW		 65- name: "create root's .ssh/ directory"
66 tags: [ssh, ssh-root]
67 file: path=/root/.ssh/ state=directory mode=0750
68
3f6c5992
MW		 69- name: install main keys for root SSH access
70 tags: [ssh, ssh-root]
3f1ea36d 71 template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
90f05477 72 notify: make in /root/.ssh/
3f6c5992
MW		 73
74- name: install keys for root SSH access
75 tags: [ssh, ssh-root]
c2d9e197 76 copy: src=ssh-root/{{ item }} dest=/root/.ssh/
90f05477 77 notify: make in /root/.ssh/
3f6c5992
MW		 78 with_items:
79 - Makefile
80 - config.m4
81 - known_hosts.extra
82
5fc6de27
MW		 83###--------------------------------------------------------------------------
84### Backup machinery.
85
86- name: install backup filters
87 tags: [backup, backup-filters]
88 copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup
89 with_items:
90 - { label: 'home', dest: '/home' }
91 - { label: 'var-spool', dest: '/var/spool' }
92
93- name: install required backup scripts on non-Debian hosts
94 tags: [backup, backup-scripts]
c2d9e197 95 copy: src=backup/fshash dest=/usr/local/bin/
5fc6de27
MW		 96 when: os != 'debian'
97
98###--------------------------------------------------------------------------
99### Other miscellaneous files.
100
101- name: install sudo configuration
102 tags: [sudo]
c2d9e197 103 copy: src=sudo/sudoers dest=/etc/
5fc6de27
MW		 104
105- name: install common scripts
106 tags: [scripts]
c2d9e197 107 copy: src=scripts/{{ item }} dest=/usr/local/bin/
5fc6de27
MW		 108 with_items:
109 - fetch-unpack-archive
110 - genx509
111
112- name: install root Git configuration
113 tags: [root-files]
114 copy: src=root/gitconfig dest=/root/.gitconfig
115
3f6c5992 116###----- That's all, folks --------------------------------------------------
Ansible configuration for distorted.org.uk hosts