(defhost jem
:vm-host ibanez
:os :debian
+ :mail-mode :usersat
+ :mail-daemon :heavy
+ :print-client t
:server #(:multihome :login :rsync :http :nfs :mail))
(defhost artist
:vm-host ibanez
:os :debian
+ :mail-mode :usersat
:server #(:router :login :http :rsync :mail))
;; Other servers.
(defhost vampire
:os :debian
:location house
- :server #(:router :ntp :vpn :nfs))
+ :mail-mode :usersat
+ :server #(:router :ntp :vpn :nfs :print))
(defhost groove
:os :debian
(defhost gibson
:os :debian
:location house
+ :mail-daemon :heavy
:client t)
(defhost crybaby
:os :debian
:location :mobile
+ :mail-daemon :heavy
:client t)
(defhost haze
(defhost telecaster
:vm-host fender
:os :debian
- :server #(:multihome :dns :ftp :http :rsync :munin :nfs))
+ :mail-mode :srv
+ :mail-daemon :heavy
+ :server #(:multihome :dns :ftp :http :rsync :munin :nfs :mail))
(defhost stratocaster
:vm-host fender
:os :debian
- :server #(:multihome :login :rsync :http :nfs :mail-hub))
+ :mail-mode :hub
+ :mail-daemon :heavy
+ :server #(:multihome :login :rsync :http :nfs :mail))
(defhost jazz
:vm-host fender
:os :debian
+ :mail-mode :usersat
:server #(:multihome :login :http :mail :vpn))
;;;----- That's all, folks --------------------------------------------------
--- /dev/null
+### -*-yaml-*-
+###
+### Handlers, mostly for kicking services.
+
+---
+
+###--------------------------------------------------------------------------
+### Rebuliding remote configuration files.
+
+###--------------------------------------------------------------------------
+### Restarting services in obvious ways.
+
+- name: restart exim
+ service: name=exim4 state=restarted
+
+###----- That's all, folks --------------------------------------------------
---
###--------------------------------------------------------------------------
+### Necessary packages.
+
+- name: read required package lists
+ tags: [pkgs]
+ include_vars: vars/pkglists.yml
+
+- name: install universally applicable Debian packages
+ tags: [pkgs]
+ apt: name={{ item }} state=installed
+ with_items: pkglist.base
+
+- name: install Debian packages for physical hosts
+ tags: [pkgs]
+ apt: name={{ item }} state=installed
+ with_items: pkglist.physical
+ when: vm_host is not defined
+
+- name: install Debian packages for servers
+ tags: [pkgs]
+ apt: name={{ item }} state=installed
+ with_items: pkglist.server
+ when: server is defined
+
+- name: install Debian packages for VM hosts
+ tags: [pkgs]
+ apt: name={{ item }} state=installed
+ with_items: pkglist.vmhost
+ when: (vm_role |default('none')) == 'host'
+
+###--------------------------------------------------------------------------
### PKI machinery.
- name: install PKI maintenance scripts
- update-ca-certs
- check-x509-certs
+###--------------------------------------------------------------------------
+### Mail configuration.
+
+- name: build mail configuration files
+ tags: [mail, mail-config]
+ local_action: command make chdir={{ rootdir }}/exim-config/
+ run_once: true
+
+- name: install appropriate email configuration
+ tags: [mail, mail-config]
+ copy: src=exim-config/exim4-{{ mail_mode |default('satellite')}}.conf
+ dest=/etc/exim4/exim4.conf
+ notify: restart exim
+
+### FIXME: set up certificates and so on. [mail, mail-pki]
+
+###--------------------------------------------------------------------------
+### Some unpleasant hacks.
+
+# - name: Trap for yaid
+
###----- That's all, folks --------------------------------------------------
--- /dev/null
+### -*-yaml-*-
+###
+### Lists of Debian packages required by various kinds of hosts.
+
+---
+
+pkglist:
+
+ ## The basic packages required by all distorted.org.uk hosts.
+ base:
+ - acpi-support-base
+ - adns-tools
+ - apt-listchanges
+ - apt-utils
+ - aptitude
+ - at
+ - attr
+ - bash-completion
+ - bc
+ - bind9-host
+ - bsd-mailx
+ - bsdmainutils
+ - bsdutils
+ - build-essential
+ - bzip2
+ - ca-certificates
+ - chiark-really
+ - cpio
+ - cpp
+ - cron
+ - curl
+ - dc
+ - debian-archive-keyring
+ - debian-goodies
+ - debsums
+ - dmsetup
+ - dnsutils
+ - dpkg-dev
+ - ed
+ - elinks
+ - etckeeper
+ - ethtool
+ - exim4
+ - exim4-daemon-{{ mail_daemon |default('light') }}
+ - file
+ - finger
+ - ftp
+ - g++
+ - gawk
+ - gcc
+ - git
+ - git-man
+ - gnupg
+ - ifupdown
+ - info
+ - initramfs-tools
+ - install-info
+ - iproute
+ - iptables
+ - iputils-ping
+ - klibc-utils
+ - kmod
+ - krb5-config
+ - krb5-user
+ - less
+ - ldnsutils
+ - libfile-fnmatch-perl
+ - linux-base
+ - linux-libc-dev
+ - locales
+ - logrotate
+ - lsof
+ - ltrace
+ - lvm2
+ - m4
+ - make
+ - manpages
+ - mawk
+ - mime-support
+ - mlocate
+ - mmv
+ - molly-guard
+ - mosh
+ - net-tools
+ - netbase
+ - netcat-openbsd
+ - ntp
+ - ntpdate
+ - openssh-blacklist
+ - openssh-blacklist-extra
+ - openssh-client
+ - openssh-server
+ - openssl
+ - parallel
+ - passwd
+ - patch
+ - perl
+ - pkg-config
+ - procps
+ - psmisc
+ - python-apt
+ - python
+ - rdist
+ - reportbug
+ - rlwrap
+ - rsync
+ - screen
+ - scrub
+ - seccure
+ - sensible-utils
+ - sharutils
+ - sqlite3
+ - strace
+ - sudo
+ - syslog-ng-core
+ - tcpd
+ - tcpdump
+ - traceroute
+ - tshark
+ - tzdata
+ - udev
+ - unbound
+ - unbound-anchor
+ - unbound-host
+ - userv
+ - w3m
+ - wget
+ - xz-utils
+ - zile
+
+ ## Packages common to all servers.
+ server:
+ - acct
+ - emacs23-nox
+ - fail2ban
+ - ipset
+ - mtr-tiny
+ - munin-node
+ - xtables-addons-common
+ - xtables-addons-dkms
+
+ ## Packages common to physical hosts.
+ physical:
+ - console-setup
+ - console-setup-linux
+ - cpufrequtils
+ - cryptsetup
+ - hdparm
+ - kbd
+ - smartmontools
+ - vlan
+
+ ## Packages for VM hosts.
+ vmhost:
+ - debootstrap
+ - guestfish
+ - guestmount
+ - libguestfs-tools
+ - kpartx
+ - parted
+ - qemu-kvm
+ - virt-top
~mdw / distorted-ansible / commitdiff