chiark - git - mdw - distorted-ansible/blob - roles/common/tasks/main.yml

   1 ### -*-yaml-*-
   2 ###
   3 ### Tasks applicable for all hosts.
   4
   5 ---
   6
   7 ###--------------------------------------------------------------------------
   8 ### General permissions.
   9
  10 - name: fix permissions in /root
  11   tags: [perms, root-perms]
  12   file: path=/root/ mode=0750 owner=root group=root
  13
  14 ###--------------------------------------------------------------------------
  15 ### PKI machinery.
  16
  17 - name: install common PKI files
  18   tags: [pki, pki-keys]
  19   copy: src=pki/{{ item }} dest=/etc/ca/
  20   with_items:
  21     - ca.cert
  22     - dh-param.pem
  23     - dh-param-2048.pem
  24     - openssl.conf
  25
  26 - name: install /etc/pki/CA link
  27   tags: [pki, pki-link]
  28   file: path=/etc/pki/CA/cacert.pem state=link src=../../ca/ca.cert
  29
  30 ###--------------------------------------------------------------------------
  31 ### NTP configuration.
  32
  33 - name: install NTP client configuration files
  34   tags: [ntp, ntp-client]
  35   copy: src=ntp-client/ntp.conf dest=/etc/
  36   when: ('ntp') not in server |default([])
  37   notify: restart ntpd
  38
  39 ###--------------------------------------------------------------------------
  40 ### Network databases.
  41
  42 - name: install netdb files
  43   tags: [netdb]
  44   copy: src=netdb/{{ item }} dest=/etc/
  45   with_items:
  46     - hosts
  47     - networks
  48     - services
  49
  50 ###--------------------------------------------------------------------------
  51 ### SSH configuration.
  52
  53 - name: install SSH configuration files
  54   tags: [ssh, ssh-config]
  55   copy: src=ssh-config/{{ item }} dest=/etc/ssh/
  56   notify:
  57     - make in /etc/ssh/
  58     - restart ssh
  59   with_items:
  60     - Makefile
  61     - ssh_config
  62     - sshd_config.m4
  63     - moduli
  64
  65 - name: "create root's .ssh/ directory"
  66   tags: [ssh, ssh-root]
  67   file: path=/root/.ssh/ state=directory mode=0750
  68
  69 - name: install main keys for root SSH access
  70   tags: [ssh, ssh-root]
  71   template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
  72   notify: make in /root/.ssh/
  73
  74 - name: install keys for root SSH access
  75   tags: [ssh, ssh-root]
  76   copy: src=ssh-root/{{ item }} dest=/root/.ssh/
  77   notify: make in /root/.ssh/
  78   with_items:
  79     - Makefile
  80     - config.m4
  81     - known_hosts.extra
  82
  83 ###--------------------------------------------------------------------------
  84 ### Backup machinery.
  85
  86 - name: install backup filters
  87   tags: [backup, backup-filters]
  88   copy: src=backup/filter.{{ item.label }} dest={{ item.dest }}/.rsync-backup
  89   with_items:
  90     - { label: 'home', dest: '/home' }
  91     - { label: 'var-spool', dest: '/var/spool' }
  92
  93 - name: install required backup scripts on non-Debian hosts
  94   tags: [backup, backup-scripts]
  95   copy: src=backup/fshash dest=/usr/local/bin/
  96   when: os != 'debian'
  97
  98 ###--------------------------------------------------------------------------
  99 ### Other miscellaneous files.
 100
 101 - name: install sudo configuration
 102   tags: [sudo]
 103   copy: src=sudo/sudoers dest=/etc/
 104
 105 - name: install common scripts
 106   tags: [scripts]
 107   copy: src=scripts/{{ item }} dest=/usr/local/bin/
 108   with_items:
 109     - fetch-unpack-archive
 110     - genx509
 111
 112 - name: install root Git configuration
 113   tags: [root-files]
 114   copy: src=root/gitconfig dest=/root/.gitconfig
 115
 116 ###----- That's all, folks --------------------------------------------------