Home Verkennen Help
Inloggen
ffdo-infrastruktur
/
ffdo-ansible-l2tp
spiegel van https://github.com/ffdo/ffdo-ansible-l2tp.git
9
0
Vork 0
Bestanden Issues 0 Wiki
Aftakking: master
Aftakkingen Labels
ffdo-ansible...
/
roles
/
common
/
tasks
/
main.yml

main.yml 3.2 KB
Permalink Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. ---
    2. 

  2. # Allgemeine Konfigurationen für alle Server
    3. 

  3. 

  4. - name: Enable syntax highlighting in vim by default
    5. 

  5.   lineinfile:
    6. 

  6.     dest: ~/.vimrc
    7. 

  7.     regexp: '^syntax '
    8. 

  8.     line: 'syntax on'
    9. 

  9.     owner: root
    10. 

  10.     group: root
    11. 

  11.     mode: 0644
    12. 

  12.     create: yes
    13. 

  13. 

  14. - name: Update .bash_profile file
    15. 

  15.   template:
    16. 

  16.     src: bash_profile.j2
    17. 

  17.     dest: ~/.bash_profile
    18. 

  18. 

  19. - name: Flush all handlers
    20. 

  20.   meta: flush_handlers
    21. 

  21. 

  22. - name: add default repo
    23. 

  23.   #Freifunk- und Rollen-Repos erst in den jeweiligen Rollen
    24. 

  24.   apt_repository:
    25. 

  25.     repo: "{{ item }}"
    26. 

  26.     state: present
    27. 

  27.   with_items:
    28. 

  28.     - "deb http://cdn-fastly.deb.debian.org/debian/ {{ ansible_distribution_release }} main"
    29. 

  29.     - "deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main"
    30. 

  30.   when: ansible_distribution == "Debian"
    31. 

  31. 

  32. - name: Eventuelles CDROM-Repo von der Installation entfernen
    33. 

  33.   lineinfile:
    34. 

  34.     dest: /etc/apt/sources.list
    35. 

  35.     state: absent
    36. 

  36.     regexp: 'cdrom'
    37. 

  37. 

  38. - name: install common packages
    39. 

  39.   apt:
    40. 

  40.     pkg: "{{ item }}"
    41. 

  41.     update_cache: yes
    42. 

  42.     state: present
    43. 

  43.   with_items:
    44. 

  44.     - vim
    45. 

  45.     - wget
    46. 

  46.     - vnstat
    47. 

  47.     - tmux
    48. 

  48.     - pastebinit
    49. 

  49.     - htop
    50. 

  50.     - jnettop
    51. 

  51.     - iotop
    52. 

  52.     - tcpdump
    53. 

  53.     - screen
    54. 

  54.     - strace
    55. 

  55.     - socat
    56. 

  56.     - dnsutils
    57. 

  57.     - host
    58. 

  58.     - apt-transport-https
    59. 

  59.     - tshark
    60. 

  60.     - dwdiff
    61. 

  61.     - molly-guard
    62. 

  62.     - git
    63. 

  63.     - iperf3
    64. 

  64.     - mtr-tiny
    65. 

  65.     - dhcpdump
    66. 

  66.     - dhcping
    67. 

  67.     - irqbalance
    68. 

  68.     - build-essential
    69. 

  69.     - ethtool
    70. 

  70.     - mc
    71. 

  71.     - net-tools
    72. 

  72. 

  73. - name: uninstall unneeded packages
    74. 

  74.   apt:
    75. 

  75.     pkg: "{{ item }}"
    76. 

  76.     update_cache: yes
    77. 

  77.     state: absent
    78. 

  78.   with_items:
    79. 

  79.     - rpcbind
    80. 

  80. 

  81. - name: Verzeichniss für SSH-Schlüsseldatei erstellen
    82. 

  82.   file: path=/root/.ssh state=directory
    83. 

  83. 

  84. - name: SSH-Schlüsseldatei generieren
    85. 

  85.   template:
    86. 

  86.     src: authorized_keys.j2
    87. 

  87.     dest: /root/.ssh/authorized_keys
    88. 

  88.   when: administratorenteam is defined
    89. 

  89. 

  90. - name: SSH-Dämon Passwortanmeldung abschalten
    91. 

  91.   lineinfile:
    92. 

  92.     dest: /etc/ssh/sshd_config
    93. 

  93.     regexp: "^[#]?PasswordAuthentication"
    94. 

  94.     line: "PasswordAuthentication no"
    95. 

  95.   notify: reload sshd
    96. 

  96. 

  97. - locale_gen: name=de_DE.UTF-8 state=present
    98. 

  98. 

  99. - name: "Collect lograte files to update"
    100. 

  100.   find:
    101. 

  101.      paths: /etc/logrotate.d/
    102. 

  102.   register: logrotate_result
    103. 

  103. 

  104. - name: "Update logrotate cycle in /etc/logrotate.d/"
    105. 

  105.   replace:
    106. 

  106.     path: "{{item.path}}"
    107. 

  107.     regexp: 'daily|weekly|monthly'
    108. 

  108.     replace: '{{logrotate.cycle}}'
    109. 

  109.   with_items: '{{ logrotate_result.files }}'
    110. 

  110. 

  111. - name: "Update logrotate count in /etc/logrotate.d/"
    112. 

  112.   replace:
    113. 

  113.     path: "{{item.path}}"
    114. 

  114.     regexp: 'rotate[ \t]+[0-9]+'
    115. 

  115.     replace: 'rotate {{logrotate.count}}'
    116. 

  116.   with_items: '{{ logrotate_result.files }}'
    117. 

  117. 

  118. - name: Logrotate Rotationszyklus und Anzahl anpassen
    119. 

  119.   template:
    120. 

  120.     src: logrotate.conf.j2
    121. 

  121.     dest: /etc/logrotate.conf
    122. 

  122.   when: logrotate is defined
    123. 

  123. 

  124. - name: Setze Timeout für das stopen von Interfaces
    125. 

  125.   lineinfile:
    126. 

  126.     dest: /lib/systemd/system/networking.service.d/network-pre.conf
    127. 

  127.     line: "[Service]"
    128. 

  128.     state: present
    129. 

  129.   when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"
    130. 

  130. 

  131. - name: Setze Timeout für das stopen von Interfaces
    132. 

  132.   lineinfile:
    133. 

  133.     dest: /lib/systemd/system/networking.service.d/network-pre.conf
    134. 

  134.     regexp: "^TimeoutStopSec="
    135. 

  135.     line: "TimeoutStopSec=60"
    136. 

  136.     state: present
    137. 

  137.   when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"
    138.