- name: fix permissions in /root
tags: [perms, root-perms]
- file: name=/root mode=0750 owner=root group=root
+ file: path=/root/ mode=0750 owner=root group=root
###--------------------------------------------------------------------------
### PKI machinery.
- name: install PKI maintenance scripts
- tags: [pki]
- copy: src=pki/{{ item }} dest=/etc/cron.daily
+ tags: [pki, pki-scripts]
+ copy: src=pki/{{ item }} dest=/etc/cron.daily/
with_items:
- update-ca-certs
- check-x509-certs
+- name: install common PKI files
+ tags: [pki, pki-keys]
+ copy: src=pki/{{ item }} dest=/etc/ca/
+ with_items:
+ - ca.cert
+ - dh-param.pem
+ - dh-param-2048.pem
+ - openssl.conf
+
+- name: install /etc/pki/CA link
+ tags: [pki, pki-link]
+ file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert
+
###--------------------------------------------------------------------------
### NTP configuration.
-- name: install NTP configuration files
+- name: install NTP client configuration files
tags: [ntp, ntp-client]
- copy: src=ntp-client/ntp.conf dest=/etc
- when: server is not defined or 'ntp' not in server
+ copy: src=ntp-client/ntp.conf dest=/etc/
+ when: ('ntp') not in server |default([])
notify: restart ntpd
###--------------------------------------------------------------------------
+### Network databases.
+
+- name: install netdb files
+ tags: netdb
+ copy: src=netdb/{{ item }} dest=/etc/
+ with_items:
+ - hosts
+ - networks
+ - services
+
+###--------------------------------------------------------------------------
### SSH configuration.
- name: install SSH configuration files
tags: [ssh, ssh-config]
- copy: src=ssh-config/{{ item }} dest=/etc/ssh
- notify: restart ssh
+ copy: src=ssh-config/{{ item }} dest=/etc/ssh/
+ notify:
+ - make in /etc/ssh/
+ - restart ssh
with_items:
- Makefile
- ssh_config
- sshd_config.m4
- moduli
+- name: "create root's .ssh/ directory"
+ tags: [ssh, ssh-root]
+ file: path=/root/.ssh/ state=directory mode=0750
+
- name: install main keys for root SSH access
tags: [ssh, ssh-root]
- template: src=ssh-root-authkeys dest=/root/.ssh/authkeys.base
- notify: make in /root/.ssh
+ template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
+ notify: make in /root/.ssh/
- name: install keys for root SSH access
tags: [ssh, ssh-root]
- copy: src=ssh-root/{{ item }} dest=/root/.ssh
- notify: make in /root/.ssh
+ copy: src=ssh-root/{{ item }} dest=/root/.ssh/
+ notify: make in /root/.ssh/
with_items:
- Makefile
- config.m4
- known_hosts.extra
+###--------------------------------------------------------------------------
+### Backup machinery.
+
+- name: install backup filters
+ tags: [backup, backup-filters]
+ copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup
+ with_items:
+ - { label: 'home', dest: '/home' }
+ - { label: 'var-spool', dest: '/var/spool' }
+
+- name: install required backup scripts on non-Debian hosts
+ tags: [backup, backup-scripts]
+ copy: src=backup/fshash dest=/usr/local/bin/
+ when: os != 'debian'
+
+###--------------------------------------------------------------------------
+### Other miscellaneous files.
+
+- name: install sudo configuration
+ tags: [sudo]
+ copy: src=sudo/sudoers dest=/etc/
+
+- name: install common scripts
+ tags: [scripts]
+ copy: src=scripts/{{ item }} dest=/usr/local/bin/
+ with_items:
+ - fetch-unpack-archive
+ - genx509
+
+- name: install root Git configuration
+ tags: [root-files]
+ copy: src=root/gitconfig dest=/root/.gitconfig
+
###----- That's all, folks --------------------------------------------------
~mdw / distorted-ansible / blobdiff