mdw@git.distorted.org.uk Git - distorted-ansible/blob - roles/common/tasks/main.yml

   1 ---
   2
   3 ###--------------------------------------------------------------------------
   4 ### General permissions.
   5
   6 - name: fix permissions in /root
   7   tags: [perms, root-perms]
   8   file: name=/root mode=0750 owner=root group=root
   9
  10 ###--------------------------------------------------------------------------
  11 ### PKI machinery.
  12
  13 - name: install PKI maintenance scripts
  14   tags: [pki]
  15   copy: src=pki/{{ item }} dest=/etc/cron.daily
  16   with_items:
  17     - update-ca-certs
  18     - check-x509-certs
  19
  20 ###--------------------------------------------------------------------------
  21 ### NTP configuration.
  22
  23 - name: install NTP configuration files
  24   tags: [ntp, ntp-client]
  25   copy: src=ntp-client/ntp.conf dest=/etc
  26   when: server is not defined or 'ntp' not in server
  27   notify: restart ntpd
  28
  29 ###--------------------------------------------------------------------------
  30 ### SSH configuration.
  31
  32 - name: install SSH configuration files
  33   tags: [ssh, ssh-config]
  34   copy: src=ssh-config/{{ item }} dest=/etc/ssh
  35   notify: restart ssh
  36   with_items:
  37     - Makefile
  38     - ssh_config
  39     - sshd_config.m4
  40     - moduli
  41
  42 - name: install main keys for root SSH access
  43   tags: [ssh, ssh-root]
  44   template: src=ssh-root-authkeys dest=/root/.ssh/authkeys.base
  45
  46 - name: install keys for root SSH access
  47   tags: [ssh, ssh-root]
  48   copy: src=ssh-root/{{ item }} dest=/root/.ssh
  49   with_items:
  50     - Makefile
  51     - config.m4
  52     - known_hosts.extra
  53
  54 ###----- That's all, folks --------------------------------------------------