From dc2a2cfa3141927976f8ffa0ef5a17058d9e5dcd Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 17 Jul 2015 11:20:06 +0100
Subject: [PATCH] Install Debian packages and mail configuration.

A certain amount of upheaval here.  I've not bothered to split out the
individual changes.
---
 hosts/hosts.lisp               |  18 ++++-
 roles/debian/handlers/main.yml |  16 ++++
 roles/debian/tasks/main.yml    |  51 +++++++++++++
 vars/pkglists.yml              | 162 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 244 insertions(+), 3 deletions(-)
 create mode 100644 roles/debian/handlers/main.yml
 create mode 100644 vars/pkglists.yml

diff --git a/hosts/hosts.lisp b/hosts/hosts.lisp
index b39cf12..79676b6 100644
--- a/hosts/hosts.lisp
+++ b/hosts/hosts.lisp
@@ -24,11 +24,15 @@
 (defhost jem
   :vm-host ibanez
   :os :debian
+  :mail-mode :usersat
+  :mail-daemon :heavy
+  :print-client t
   :server #(:multihome :login :rsync :http :nfs :mail))
 
 (defhost artist
   :vm-host ibanez
   :os :debian
+  :mail-mode :usersat
   :server #(:router :login :http :rsync :mail))
 
 ;; Other servers.
@@ -36,7 +40,8 @@
 (defhost vampire
   :os :debian
   :location house
-  :server #(:router :ntp :vpn :nfs))
+  :mail-mode :usersat
+  :server #(:router :ntp :vpn :nfs :print))
 
 (defhost groove
   :os :debian
@@ -48,11 +53,13 @@
 (defhost gibson
   :os :debian
   :location house
+  :mail-daemon :heavy
   :client t)
 
 (defhost crybaby
   :os :debian
   :location :mobile
+  :mail-daemon :heavy
   :client t)
 
 (defhost haze
@@ -79,16 +86,21 @@
 (defhost telecaster
   :vm-host fender
   :os :debian
-  :server #(:multihome :dns :ftp :http :rsync :munin :nfs))
+  :mail-mode :srv
+  :mail-daemon :heavy
+  :server #(:multihome :dns :ftp :http :rsync :munin :nfs :mail))
 
 (defhost stratocaster
   :vm-host fender
   :os :debian
-  :server #(:multihome :login :rsync :http :nfs :mail-hub))
+  :mail-mode :hub
+  :mail-daemon :heavy
+  :server #(:multihome :login :rsync :http :nfs :mail))
 
 (defhost jazz
   :vm-host fender
   :os :debian
+  :mail-mode :usersat
   :server #(:multihome :login :http :mail :vpn))
 
 ;;;----- That's all, folks --------------------------------------------------
diff --git a/roles/debian/handlers/main.yml b/roles/debian/handlers/main.yml
new file mode 100644
index 0000000..8f26393
--- /dev/null
+++ b/roles/debian/handlers/main.yml
@@ -0,0 +1,16 @@
+### -*-yaml-*-
+###
+### Handlers, mostly for kicking services.
+
+---
+
+###--------------------------------------------------------------------------
+### Rebuliding remote configuration files.
+
+###--------------------------------------------------------------------------
+### Restarting services in obvious ways.
+
+- name: restart exim
+  service: name=exim4 state=restarted
+
+###----- That's all, folks --------------------------------------------------
diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml
index 70bf371..87d33f6 100644
--- a/roles/debian/tasks/main.yml
+++ b/roles/debian/tasks/main.yml
@@ -5,6 +5,36 @@
 ---
 
 ###--------------------------------------------------------------------------
+### Necessary packages.
+
+- name: read required package lists
+  tags: [pkgs]
+  include_vars: vars/pkglists.yml
+
+- name: install universally applicable Debian packages
+  tags: [pkgs]
+  apt: name={{ item }} state=installed
+  with_items: pkglist.base
+
+- name: install Debian packages for physical hosts
+  tags: [pkgs]
+  apt: name={{ item }} state=installed
+  with_items: pkglist.physical
+  when: vm_host is not defined
+
+- name: install Debian packages for servers
+  tags: [pkgs]
+  apt: name={{ item }} state=installed
+  with_items: pkglist.server
+  when: server is defined
+
+- name: install Debian packages for VM hosts
+  tags: [pkgs]
+  apt: name={{ item }} state=installed
+  with_items: pkglist.vmhost
+  when: (vm_role |default('none')) == 'host'
+
+###--------------------------------------------------------------------------
 ### PKI machinery.
 
 - name: install PKI maintenance scripts
@@ -14,4 +44,25 @@
     - update-ca-certs
     - check-x509-certs
 
+###--------------------------------------------------------------------------
+### Mail configuration.
+
+- name: build mail configuration files
+  tags: [mail, mail-config]
+  local_action: command make chdir={{ rootdir }}/exim-config/
+  run_once: true
+
+- name: install appropriate email configuration
+  tags: [mail, mail-config]
+  copy: src=exim-config/exim4-{{ mail_mode |default('satellite')}}.conf
+        dest=/etc/exim4/exim4.conf
+  notify: restart exim
+
+### FIXME: set up certificates and so on. [mail, mail-pki]
+
+###--------------------------------------------------------------------------
+### Some unpleasant hacks.
+
+# - name: Trap for yaid
+
 ###----- That's all, folks --------------------------------------------------
diff --git a/vars/pkglists.yml b/vars/pkglists.yml
new file mode 100644
index 0000000..0a2b8e7
--- /dev/null
+++ b/vars/pkglists.yml
@@ -0,0 +1,162 @@
+### -*-yaml-*-
+###
+### Lists of Debian packages required by various kinds of hosts.
+
+---
+
+pkglist:
+
+  ## The basic packages required by all distorted.org.uk hosts.
+  base:
+    - acpi-support-base
+    - adns-tools
+    - apt-listchanges
+    - apt-utils
+    - aptitude
+    - at
+    - attr
+    - bash-completion
+    - bc
+    - bind9-host
+    - bsd-mailx
+    - bsdmainutils
+    - bsdutils
+    - build-essential
+    - bzip2
+    - ca-certificates
+    - chiark-really
+    - cpio
+    - cpp
+    - cron
+    - curl
+    - dc
+    - debian-archive-keyring
+    - debian-goodies
+    - debsums
+    - dmsetup
+    - dnsutils
+    - dpkg-dev
+    - ed
+    - elinks
+    - etckeeper
+    - ethtool
+    - exim4
+    - exim4-daemon-{{ mail_daemon |default('light') }}
+    - file
+    - finger
+    - ftp
+    - g++
+    - gawk
+    - gcc
+    - git
+    - git-man
+    - gnupg
+    - ifupdown
+    - info
+    - initramfs-tools
+    - install-info
+    - iproute
+    - iptables
+    - iputils-ping
+    - klibc-utils
+    - kmod
+    - krb5-config
+    - krb5-user
+    - less
+    - ldnsutils
+    - libfile-fnmatch-perl
+    - linux-base
+    - linux-libc-dev
+    - locales
+    - logrotate
+    - lsof
+    - ltrace
+    - lvm2
+    - m4
+    - make
+    - manpages
+    - mawk
+    - mime-support
+    - mlocate
+    - mmv
+    - molly-guard
+    - mosh
+    - net-tools
+    - netbase
+    - netcat-openbsd
+    - ntp
+    - ntpdate
+    - openssh-blacklist
+    - openssh-blacklist-extra
+    - openssh-client
+    - openssh-server
+    - openssl
+    - parallel
+    - passwd
+    - patch
+    - perl
+    - pkg-config
+    - procps
+    - psmisc
+    - python-apt
+    - python
+    - rdist
+    - reportbug
+    - rlwrap
+    - rsync
+    - screen
+    - scrub
+    - seccure
+    - sensible-utils
+    - sharutils
+    - sqlite3
+    - strace
+    - sudo
+    - syslog-ng-core
+    - tcpd
+    - tcpdump
+    - traceroute
+    - tshark
+    - tzdata
+    - udev
+    - unbound
+    - unbound-anchor
+    - unbound-host
+    - userv
+    - w3m
+    - wget
+    - xz-utils
+    - zile
+
+  ## Packages common to all servers.
+  server:
+    - acct
+    - emacs23-nox
+    - fail2ban
+    - ipset
+    - mtr-tiny
+    - munin-node
+    - xtables-addons-common
+    - xtables-addons-dkms
+
+  ## Packages common to physical hosts.
+  physical:
+    - console-setup
+    - console-setup-linux
+    - cpufrequtils
+    - cryptsetup
+    - hdparm
+    - kbd
+    - smartmontools
+    - vlan
+
+  ## Packages for VM hosts.
+  vmhost:
+    - debootstrap
+    - guestfish
+    - guestmount
+    - libguestfs-tools
+    - kpartx
+    - parted
+    - qemu-kvm
+    - virt-top
-- 
2.11.0