diff --git a/defaults/main.yml b/defaults/main.yml index 6bb5696..ecae41f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,4 +6,4 @@ common_postfix_recipient_canonical_maps: "" common_postfix_configure_sasl: false common_X11Forwarding: false common_swappiness: 5 - +common_set_root_password: false diff --git a/tasks/configure_postfix_relay.yml b/tasks/configure_postfix_relay.yml index 1a22d6f..088fe23 100644 --- a/tasks/configure_postfix_relay.yml +++ b/tasks/configure_postfix_relay.yml @@ -1,5 +1,5 @@ - name: Supprime exim - package: + ansible.builtin.package: name: - exim4-base - exim4-config @@ -7,71 +7,77 @@ state: absent - name: Installation postfix - package: + ansible.builtin.package: name: - postfix - libsasl2-modules state: present - name: Configuration postfix - template: + ansible.builtin.template: src: postfix-main.cf.j2 dest: /etc/postfix/main.cf + mode: u=rw,g=r,o=r notify: - restart postfix - name: Configuration postfix - template: + ansible.builtin.template: src: sasl-password-map dest: /etc/postfix/sasl-password-map - mode: 0600 + mode: u=rw,g=,o= owner: root group: root register: _sasl_password_map when: common_postfix_configure_sasl is true -- shell: | - cd /etc/postfix/ - postmap sasl-password-map +- name: Exécute postmap + ansible.builtin.command: postmap sasl-password-map + args: + chdir: /etc/postfix/ when: common_postfix_configure_sasl is true and _sasl_password_map.changed + changed_when: true - name: Configuration aliases postfix - template: + ansible.builtin.template: src: aliases.j2 dest: /etc/aliases + mode: u=rw,g=r,o=r register: aliases notify: - restart postfix -- shell: newaliases +- name: Exécute newaliases # noqa no-handler + ansible.builtin.command: newaliases when: aliases.changed + changed_when: true - name: Configure sender_canonical_maps_regexp - blockinfile: + ansible.builtin.blockinfile: dest: /etc/postfix/sender_canonical_maps_regexp marker: "#### {mark} SECTION CONTROLEE PAR ANSIBLE ####" owner: root group: root - mode: 0755 - create: yes + mode: u=rw,g=r,o=r + create: true block: | {{ common_postfix_sender_canonical_maps }} register: sender_canonical_maps_regexp - name: Configure recipient_canonical_maps_regexp - blockinfile: + ansible.builtin.blockinfile: dest: /etc/postfix/recipient_canonical_maps_regexp marker: "#### {mark} SECTION CONTROLEE PAR ANSIBLE ####" owner: root group: root - mode: 0755 - create: yes + mode: u=rw,g=r,o=r + create: true block: | {{ common_postfix_recipient_canonical_maps }} register: recipiend_canonical_maps_regexp -- name: postmap - command: postmap {{ item }} +- name: Exécute postmap + ansible.builtin.command: postmap {{ item }} args: chdir: /etc/postfix/ with_items: @@ -80,6 +86,4 @@ when: sender_canonical_maps_regexp.changed or recipiend_canonical_maps_regexp.changed notify: - restart postfix - - - + changed_when: true diff --git a/tasks/main.yml b/tasks/main.yml index f405960..c677cef 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,22 +1,22 @@ -- debug: - var: common_user_password_salt - -- name: definit le mdp de root - user: +- name: Définit le mdp de root + ansible.builtin.user: name: root state: present password: "{{ _pwd | password_hash('sha512', _salt) }}" vars: _pwd: "{{ common_rootpassword }}" _salt: "{{ common_user_password_salt }}" + # A ne faire que si demandé pour éviter de rapporter des changements qui n'en sont pas + when: common_set_root_password - name: Run the equivalent of "apt-get update" as a separate step ansible.builtin.apt: - update_cache: yes + update_cache: true + # Evite de rapporter des changements qui n'en sont pas changed_when: false -- name: installe paquets - package: +- name: Installe paquets + ansible.builtin.package: state: present name: - nftables @@ -38,14 +38,14 @@ - curl - name: Activation nftables - service: + ansible.builtin.service: name: nftables state: started - enabled: yes + enabled: true - name: Configuration ssh - import_role: - name: willshersystems.sshd + ansible.builtin.import_role: + name: willshersystems.sshd vars: sshd_skip_defaults: false sshd: @@ -55,32 +55,40 @@ PermitRootLogin: without-password X11Forwarding: "{{ common_X11Forwarding }}" -- name: horodatage history - template: src=historytime.sh dest=/etc/profile.d/historytime.sh +- name: Horodatage history + ansible.builtin.template: + src: historytime.sh + dest: /etc/profile.d/historytime.sh + mode: u=rw,g=r,o=r -- name: root bashrc - copy: src=root.bashrc dest=/root/.bashrc +- name: Root bashrc + ansible.builtin.copy: + src: root.bashrc + dest: /root/.bashrc + mode: u=rw,g=r,o=r -- name: "sudoers" - replace: +- name: Configure sudoers # noqa no-tabs + ansible.builtin.replace: path: /etc/sudoers regexp: "%sudo\tALL.*" replace: "%sudo\tALL=(ALL:ALL) NOPASSWD:ALL" -- import_tasks: configure_postfix_relay.yml +- name: Configure relai postfix + ansible.biultin.import_tasks: configure_postfix_relay.yml tags: configure_postfix_relay -- name: motd colors - template: +- name: Motd colors + ansible.builtin.template: src: update-motd.d/colors dest: /etc/update-motd.d/ - -- name: configure motd - template: + mode: u=rw,g=r,o=r + +- name: Configure motd + ansible.builtin.template: src: update-motd.d/{{ item }} dest: /etc/update-motd.d/ - mode: 0755 + mode: u=rwx,g=rx,o=rx with_items: - 01-linebreak - 05-header @@ -90,12 +98,12 @@ - 30-upgrades - 50-linebreak -- name: configuration swappiness - sysctl: +- name: Configuration swappiness + ansible.posix.sysctl: name: vm.swappiness value: "{{ common_swappiness }}" - sysctl_set: yes + sysctl_set: true state: present - reload: yes + reload: true tags: configure_swappiness when: ansible_virtualization_type == "kvm"