mdw@git.distorted.org.uk Git - distorted-ansible/blob - roles/common/tasks/main.yml

   1 ### -*-yaml-*-
   2 ###
   3 ### Tasks applicable for all hosts.
   4
   5 ---
   6
   7 ###--------------------------------------------------------------------------
   8 ### General permissions.
   9
  10 - name: fix permissions in /root
  11   tags: [perms, root-perms]
  12   file: path=/root/ mode=0750 owner=root group=root
  13
  14 ###--------------------------------------------------------------------------
  15 ### PKI machinery.
  16
  17 - name: install PKI maintenance scripts
  18   tags: [pki, pki-scripts]
  19   copy: src=pki/{{ item }} dest=/etc/cron.daily/
  20   with_items:
  21     - update-ca-certs
  22     - check-x509-certs
  23
  24 - name: install common PKI files
  25   tags: [pki, pki-keys]
  26   copy: src=pki/{{ item }} dest=/etc/ca/
  27   with_items:
  28     - ca.cert
  29     - dh-param.pem
  30     - dh-param-2048.pem
  31     - openssl.conf
  32
  33 - name: install /etc/pki/CA link
  34   tags: [pki, pki-link]
  35   file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert
  36
  37 ###--------------------------------------------------------------------------
  38 ### NTP configuration.
  39
  40 - name: install NTP client configuration files
  41   tags: [ntp, ntp-client]
  42   copy: src=ntp-client/ntp.conf dest=/etc/
  43   when: ('ntp') not in server |default([])
  44   notify: restart ntpd
  45
  46 ###--------------------------------------------------------------------------
  47 ### Network databases.
  48
  49 - name: install netdb files
  50   tags: netdb
  51   copy: src=netdb/{{ item }} dest=/etc/
  52   with_items:
  53     - hosts
  54     - networks
  55     - services
  56
  57 ###--------------------------------------------------------------------------
  58 ### SSH configuration.
  59
  60 - name: install SSH configuration files
  61   tags: [ssh, ssh-config]
  62   copy: src=ssh-config/{{ item }} dest=/etc/ssh/
  63   notify: restart ssh
  64   with_items:
  65     - Makefile
  66     - ssh_config
  67     - sshd_config.m4
  68     - moduli
  69
  70 - name: "create root's .ssh/ directory"
  71   tags: [ssh, ssh-root]
  72   file: path=/root/.ssh/ state=directory mode=0750
  73
  74 - name: install main keys for root SSH access
  75   tags: [ssh, ssh-root]
  76   template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
  77   notify: make in /root/.ssh/
  78
  79 - name: install keys for root SSH access
  80   tags: [ssh, ssh-root]
  81   copy: src=ssh-root/{{ item }} dest=/root/.ssh/
  82   notify: make in /root/.ssh/
  83   with_items:
  84     - Makefile
  85     - config.m4
  86     - known_hosts.extra
  87
  88 ###--------------------------------------------------------------------------
  89 ### Backup machinery.
  90
  91 - name: install backup filters
  92   tags: [backup, backup-filters]
  93   copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup
  94   with_items:
  95     - { label: 'home', dest: '/home' }
  96     - { label: 'var-spool', dest: '/var/spool' }
  97
  98 - name: install required backup scripts on non-Debian hosts
  99   tags: [backup, backup-scripts]
 100   copy: src=backup/fshash dest=/usr/local/bin/
 101   when: os != 'debian'
 102
 103 ###--------------------------------------------------------------------------
 104 ### Other miscellaneous files.
 105
 106 - name: install sudo configuration
 107   tags: [sudo]
 108   copy: src=sudo/sudoers dest=/etc/
 109
 110 - name: install common scripts
 111   tags: [scripts]
 112   copy: src=scripts/{{ item }} dest=/usr/local/bin/
 113   with_items:
 114     - fetch-unpack-archive
 115     - genx509
 116
 117 - name: install root Git configuration
 118   tags: [root-files]
 119   copy: src=root/gitconfig dest=/root/.gitconfig
 120
 121 ###----- That's all, folks --------------------------------------------------