X-Git-Url: https://git.distorted.org.uk/~mdw/distorted-ansible/blobdiff_plain/5137085234783e2eeaa327b492891e8f238e71e2..90f05477844d2f94c3e104ef655e23fcb5fab229:/roles/common/tasks/main.yml diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 75ec1ff..e740eaa 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -9,33 +9,57 @@ - name: fix permissions in /root tags: [perms, root-perms] - file: name=/root mode=0750 owner=root group=root + file: path=/root/ mode=0750 owner=root group=root ###-------------------------------------------------------------------------- ### PKI machinery. - name: install PKI maintenance scripts - tags: [pki] - copy: src=pki/{{ item }} dest=/etc/cron.daily + tags: [pki, pki-scripts] + copy: src=pki/{{ item }} dest=/etc/cron.daily/ with_items: - update-ca-certs - check-x509-certs +- name: install common PKI files + tags: [pki, pki-keys] + copy: src=pki/{{ item }} dest=/etc/ca/ + with_items: + - ca.cert + - dh-param.pem + - dh-param-2048.pem + - openssl.conf + +- name: install /etc/pki/CA link + tags: [pki, pki-link] + file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert + ###-------------------------------------------------------------------------- ### NTP configuration. -- name: install NTP configuration files +- name: install NTP client configuration files tags: [ntp, ntp-client] - copy: src=ntp-client/ntp.conf dest=/etc - when: server is not defined or 'ntp' not in server + copy: src=ntp-client/ntp.conf dest=/etc/ + when: ('ntp') not in server |default([]) notify: restart ntpd ###-------------------------------------------------------------------------- +### Network databases. + +- name: install netdb files + tags: netdb + copy: src=netdb/{{ item }} dest=/etc/ + with_items: + - hosts + - networks + - services + +###-------------------------------------------------------------------------- ### SSH configuration. - name: install SSH configuration files tags: [ssh, ssh-config] - copy: src=ssh-config/{{ item }} dest=/etc/ssh + copy: src=ssh-config/{{ item }} dest=/etc/ssh/ notify: restart ssh with_items: - Makefile @@ -45,16 +69,49 @@ - name: install main keys for root SSH access tags: [ssh, ssh-root] - template: src=ssh-root-authkeys dest=/root/.ssh/authkeys.base - notify: make in /root/.ssh + template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base + notify: make in /root/.ssh/ - name: install keys for root SSH access tags: [ssh, ssh-root] - copy: src=ssh-root/{{ item }} dest=/root/.ssh - notify: make in /root/.ssh + copy: src=ssh-root/{{ item }} dest=/root/.ssh/ + notify: make in /root/.ssh/ with_items: - Makefile - config.m4 - known_hosts.extra +###-------------------------------------------------------------------------- +### Backup machinery. + +- name: install backup filters + tags: [backup, backup-filters] + copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup + with_items: + - { label: 'home', dest: '/home' } + - { label: 'var-spool', dest: '/var/spool' } + +- name: install required backup scripts on non-Debian hosts + tags: [backup, backup-scripts] + copy: src=backup/fshash dest=/usr/local/bin/ + when: os != 'debian' + +###-------------------------------------------------------------------------- +### Other miscellaneous files. + +- name: install sudo configuration + tags: [sudo] + copy: src=sudo/sudoers dest=/etc/ + +- name: install common scripts + tags: [scripts] + copy: src=scripts/{{ item }} dest=/usr/local/bin/ + with_items: + - fetch-unpack-archive + - genx509 + +- name: install root Git configuration + tags: [root-files] + copy: src=root/gitconfig dest=/root/.gitconfig + ###----- That's all, folks --------------------------------------------------