chiark - git - mdw - distorted-ansible/blob - roles/common/tasks/main.yml

   1 ### -*-yaml-*-
   2 ###
   3 ### Tasks applicable for all hosts.
   4
   5 ---
   6
   7 ###--------------------------------------------------------------------------
   8 ### General permissions.
   9
  10 - name: fix permissions in /root
  11   tags: [perms, root-perms]
  12   file: path=/root/ mode=0750 owner=root group=root
  13
  14 ###--------------------------------------------------------------------------
  15 ### PKI machinery.
  16
  17 - name: install PKI maintenance scripts
  18   tags: [pki, pki-scripts]
  19   copy: src=pki/{{ item }} dest=/etc/cron.daily/
  20   with_items:
  21     - update-ca-certs
  22     - check-x509-certs
  23
  24 - name: install common PKI files
  25   tags: [pki, pki-keys]
  26   copy: src=pki/{{ item }} dest=/etc/ca/
  27   with_items:
  28     - ca.cert
  29     - dh-param.pem
  30     - dh-param-2048.pem
  31     - openssl.conf
  32
  33 - name: install /etc/pki/CA link
  34   tags: [pki, pki-link]
  35   file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert
  36
  37 ###--------------------------------------------------------------------------
  38 ### NTP configuration.
  39
  40 - name: install NTP client configuration files
  41   tags: [ntp, ntp-client]
  42   copy: src=ntp-client/ntp.conf dest=/etc/
  43   when: ('ntp') not in server |default([])
  44   notify: restart ntpd
  45
  46 ###--------------------------------------------------------------------------
  47 ### Network databases.
  48
  49 - name: install netdb files
  50   tags: [netdb]
  51   copy: src=netdb/{{ item }} dest=/etc/
  52   with_items:
  53     - hosts
  54     - networks
  55     - services
  56
  57 ###--------------------------------------------------------------------------
  58 ### SSH configuration.
  59
  60 - name: install SSH configuration files
  61   tags: [ssh, ssh-config]
  62   copy: src=ssh-config/{{ item }} dest=/etc/ssh/
  63   notify:
  64     - make in /etc/ssh/
  65     - restart ssh
  66   with_items:
  67     - Makefile
  68     - ssh_config
  69     - sshd_config.m4
  70     - moduli
  71
  72 - name: "create root's .ssh/ directory"
  73   tags: [ssh, ssh-root]
  74   file: path=/root/.ssh/ state=directory mode=0750
  75
  76 - name: install main keys for root SSH access
  77   tags: [ssh, ssh-root]
  78   template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
  79   notify: make in /root/.ssh/
  80
  81 - name: install keys for root SSH access
  82   tags: [ssh, ssh-root]
  83   copy: src=ssh-root/{{ item }} dest=/root/.ssh/
  84   notify: make in /root/.ssh/
  85   with_items:
  86     - Makefile
  87     - config.m4
  88     - known_hosts.extra
  89
  90 ###--------------------------------------------------------------------------
  91 ### Backup machinery.
  92
  93 - name: install backup filters
  94   tags: [backup, backup-filters]
  95   copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup
  96   with_items:
  97     - { label: 'home', dest: '/home' }
  98     - { label: 'var-spool', dest: '/var/spool' }
  99
 100 - name: install required backup scripts on non-Debian hosts
 101   tags: [backup, backup-scripts]
 102   copy: src=backup/fshash dest=/usr/local/bin/
 103   when: os != 'debian'
 104
 105 ###--------------------------------------------------------------------------
 106 ### Other miscellaneous files.
 107
 108 - name: install sudo configuration
 109   tags: [sudo]
 110   copy: src=sudo/sudoers dest=/etc/
 111
 112 - name: install common scripts
 113   tags: [scripts]
 114   copy: src=scripts/{{ item }} dest=/usr/local/bin/
 115   with_items:
 116     - fetch-unpack-archive
 117     - genx509
 118
 119 - name: install root Git configuration
 120   tags: [root-files]
 121   copy: src=root/gitconfig dest=/root/.gitconfig
 122
 123 ###----- That's all, folks --------------------------------------------------