chiark - git - mdw - distorted-ansible/blob - roles/common/tasks/main.yml

   1 ### -*-yaml-*-
   2 ###
   3 ### Tasks applicable for all hosts.
   4
   5 ---
   6
   7 ###--------------------------------------------------------------------------
   8 ### General permissions.
   9
  10 - name: fix permissions in /root
  11   tags: [perms, root-perms]
  12   file: name=/root mode=0750 owner=root group=root
  13
  14 ###--------------------------------------------------------------------------
  15 ### PKI machinery.
  16
  17 - name: install PKI maintenance scripts
  18   tags: [pki, pki-scripts]
  19   copy: src=pki/{{ item }} dest=/etc/cron.daily
  20   with_items:
  21     - update-ca-certs
  22     - check-x509-certs
  23
  24 - name: install common PKI files
  25   tags: [pki, pki-keys]
  26   copy: src=pki/{{ item }} dest=/etc/ca
  27   with_items:
  28     - ca.cert
  29     - dh-param.pem
  30     - dh-param-2048.pem
  31     - openssl.conf
  32
  33 - name: install /etc/pki/CA link
  34   tags: [pki, pki-link]
  35   file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert
  36
  37 ###--------------------------------------------------------------------------
  38 ### NTP configuration.
  39
  40 - name: install NTP configuration files
  41   tags: [ntp, ntp-client]
  42   copy: src=ntp-client/ntp.conf dest=/etc
  43   when: ('ntp') not in server |default([])
  44   notify: restart ntpd
  45
  46 ###--------------------------------------------------------------------------
  47 ### Network databases.
  48
  49 - name: install netdb files
  50   tags: netdb
  51   copy: src=netdb/{{ item }} dest=/etc
  52   with_items:
  53     - hosts
  54     - networks
  55     - services
  56
  57 ###--------------------------------------------------------------------------
  58 ### SSH configuration.
  59
  60 - name: install SSH configuration files
  61   tags: [ssh, ssh-config]
  62   copy: src=ssh-config/{{ item }} dest=/etc/ssh
  63   notify: restart ssh
  64   with_items:
  65     - Makefile
  66     - ssh_config
  67     - sshd_config.m4
  68     - moduli
  69
  70 - name: install main keys for root SSH access
  71   tags: [ssh, ssh-root]
  72   template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
  73   notify: make in /root/.ssh
  74
  75 - name: install keys for root SSH access
  76   tags: [ssh, ssh-root]
  77   copy: src=ssh-root/{{ item }} dest=/root/.ssh
  78   notify: make in /root/.ssh
  79   with_items:
  80     - Makefile
  81     - config.m4
  82     - known_hosts.extra
  83
  84 ###--------------------------------------------------------------------------
  85 ### Backup machinery.
  86
  87 - name: install backup filters
  88   tags: [backup, backup-filters]
  89   copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup
  90   with_items:
  91     - { label: 'home', dest: '/home' }
  92     - { label: 'var-spool', dest: '/var/spool' }
  93
  94 - name: install required backup scripts on non-Debian hosts
  95   tags: [backup, backup-scripts]
  96   copy: src=backup/fshash dest=/usr/local/bin
  97   when: os != 'debian'
  98
  99 ###--------------------------------------------------------------------------
 100 ### Other miscellaneous files.
 101
 102 - name: install sudo configuration
 103   tags: [sudo]
 104   copy: src=sudo/sudoers dest=/etc
 105
 106 - name: install common scripts
 107   tags: [scripts]
 108   copy: src=scripts/{{ item }} dest=/usr/local/bin
 109   with_items:
 110     - fetch-unpack-archive
 111     - genx509
 112
 113 - name: install root Git configuration
 114   tags: [root-files]
 115   copy: src=root/gitconfig dest=/root/.gitconfig
 116
 117 ###----- That's all, folks --------------------------------------------------