libretic/ansible-role-common
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Remise en forme

Browse source
This commit is contained in:
Navas 2024-08-09 12:27:09 +02:00
parent 2da550795a
commit 7cccb98b33
3 changed files with 63 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
defaults/main.yml
View file

@ -6,4 +6,4 @@ common_postfix_recipient_canonical_maps: ""
common_postfix_configure_sasl: false common_postfix_configure_sasl: false
common_X11Forwarding: false common_X11Forwarding: false
common_swappiness: 5 common_swappiness: 5
common_set_root_password: false

46
tasks/configure_postfix_relay.yml
View file

@ -1,5 +1,5 @@
- name: Supprime exim - name: Supprime exim
package: ansible.builtin.package:
name: name:
- exim4-base - exim4-base
- exim4-config - exim4-config
@ -7,71 +7,77 @@
state: absent state: absent
- name: Installation postfix - name: Installation postfix
package: ansible.builtin.package:
name: name:
- postfix - postfix
- libsasl2-modules - libsasl2-modules
state: present state: present
- name: Configuration postfix - name: Configuration postfix
template: ansible.builtin.template:
src: postfix-main.cf.j2 src: postfix-main.cf.j2
dest: /etc/postfix/main.cf dest: /etc/postfix/main.cf
mode: u=rw,g=r,o=r
notify: notify:
- restart postfix - restart postfix
- name: Configuration postfix - name: Configuration postfix
template: ansible.builtin.template:
src: sasl-password-map src: sasl-password-map
dest: /etc/postfix/sasl-password-map dest: /etc/postfix/sasl-password-map
mode: 0600 mode: u=rw,g=,o=
owner: root owner: root
group: root group: root
register: _sasl_password_map register: _sasl_password_map
when: common_postfix_configure_sasl is true when: common_postfix_configure_sasl is true
- shell: | - name: Exécute postmap
cd /etc/postfix/ ansible.builtin.command: postmap sasl-password-map
postmap sasl-password-map args:
chdir: /etc/postfix/
when: common_postfix_configure_sasl is true and _sasl_password_map.changed when: common_postfix_configure_sasl is true and _sasl_password_map.changed
changed_when: true
- name: Configuration aliases postfix - name: Configuration aliases postfix
template: ansible.builtin.template:
src: aliases.j2 src: aliases.j2
dest: /etc/aliases dest: /etc/aliases
mode: u=rw,g=r,o=r
register: aliases register: aliases
notify: notify:
- restart postfix - restart postfix
- shell: newaliases - name: Exécute newaliases # noqa no-handler
ansible.builtin.command: newaliases
when: aliases.changed when: aliases.changed
changed_when: true
- name: Configure sender_canonical_maps_regexp - name: Configure sender_canonical_maps_regexp
blockinfile: ansible.builtin.blockinfile:
dest: /etc/postfix/sender_canonical_maps_regexp dest: /etc/postfix/sender_canonical_maps_regexp
marker: "#### {mark} SECTION CONTROLEE PAR ANSIBLE ####" marker: "#### {mark} SECTION CONTROLEE PAR ANSIBLE ####"
owner: root owner: root
group: root group: root
mode: 0755 mode: u=rw,g=r,o=r
create: yes create: true
block: | block: |
{{ common_postfix_sender_canonical_maps }} {{ common_postfix_sender_canonical_maps }}
register: sender_canonical_maps_regexp register: sender_canonical_maps_regexp
- name: Configure recipient_canonical_maps_regexp - name: Configure recipient_canonical_maps_regexp
blockinfile: ansible.builtin.blockinfile:
dest: /etc/postfix/recipient_canonical_maps_regexp dest: /etc/postfix/recipient_canonical_maps_regexp
marker: "#### {mark} SECTION CONTROLEE PAR ANSIBLE ####" marker: "#### {mark} SECTION CONTROLEE PAR ANSIBLE ####"
owner: root owner: root
group: root group: root
mode: 0755 mode: u=rw,g=r,o=r
create: yes create: true
block: | block: |
{{ common_postfix_recipient_canonical_maps }} {{ common_postfix_recipient_canonical_maps }}
register: recipiend_canonical_maps_regexp register: recipiend_canonical_maps_regexp
- name: postmap - name: Exécute postmap
command: postmap {{ item }} ansible.builtin.command: postmap {{ item }}
args: args:
chdir: /etc/postfix/ chdir: /etc/postfix/
with_items: with_items:
@ -80,6 +86,4 @@
when: sender_canonical_maps_regexp.changed or recipiend_canonical_maps_regexp.changed when: sender_canonical_maps_regexp.changed or recipiend_canonical_maps_regexp.changed
notify: notify:
- restart postfix - restart postfix
changed_when: true

64
tasks/main.yml
View file

@ -1,22 +1,22 @@
- debug: - name: Définit le mdp de root
var: common_user_password_salt ansible.builtin.user:
- name: definit le mdp de root
user:
name: root name: root
state: present state: present
password: "{{ _pwd | password_hash('sha512', _salt) }}" password: "{{ _pwd | password_hash('sha512', _salt) }}"
vars: vars:
_pwd: "{{ common_rootpassword }}" _pwd: "{{ common_rootpassword }}"
_salt: "{{ common_user_password_salt }}" _salt: "{{ common_user_password_salt }}"
# A ne faire que si demandé pour éviter de rapporter des changements qui n'en sont pas
when: common_set_root_password
- name: Run the equivalent of "apt-get update" as a separate step - name: Run the equivalent of "apt-get update" as a separate step
ansible.builtin.apt: ansible.builtin.apt:
update_cache: yes update_cache: true
# Evite de rapporter des changements qui n'en sont pas
changed_when: false changed_when: false
- name: installe paquets - name: Installe paquets
package: ansible.builtin.package:
state: present state: present
name: name:
- nftables - nftables
@ -38,14 +38,14 @@
- curl - curl
- name: Activation nftables - name: Activation nftables
service: ansible.builtin.service:
name: nftables name: nftables
state: started state: started
enabled: yes enabled: true
- name: Configuration ssh - name: Configuration ssh
import_role: ansible.builtin.import_role:
name: willshersystems.sshd name: willshersystems.sshd
vars: vars:
sshd_skip_defaults: false sshd_skip_defaults: false
sshd: sshd:
@ -55,32 +55,40 @@
PermitRootLogin: without-password PermitRootLogin: without-password
X11Forwarding: "{{ common_X11Forwarding }}" X11Forwarding: "{{ common_X11Forwarding }}"
- name: horodatage history - name: Horodatage history
template: src=historytime.sh dest=/etc/profile.d/historytime.sh ansible.builtin.template:
src: historytime.sh
dest: /etc/profile.d/historytime.sh
mode: u=rw,g=r,o=r
- name: root bashrc - name: Root bashrc
copy: src=root.bashrc dest=/root/.bashrc ansible.builtin.copy:
src: root.bashrc
dest: /root/.bashrc
mode: u=rw,g=r,o=r
- name: "sudoers" - name: Configure sudoers # noqa no-tabs
replace: ansible.builtin.replace:
path: /etc/sudoers path: /etc/sudoers
regexp: "%sudo\tALL.*" regexp: "%sudo\tALL.*"
replace: "%sudo\tALL=(ALL:ALL) NOPASSWD:ALL" replace: "%sudo\tALL=(ALL:ALL) NOPASSWD:ALL"
- import_tasks: configure_postfix_relay.yml - name: Configure relai postfix
ansible.biultin.import_tasks: configure_postfix_relay.yml
tags: configure_postfix_relay tags: configure_postfix_relay
- name: motd colors - name: Motd colors
template: ansible.builtin.template:
src: update-motd.d/colors src: update-motd.d/colors
dest: /etc/update-motd.d/ dest: /etc/update-motd.d/
mode: u=rw,g=r,o=r
- name: configure motd - name: Configure motd
template: ansible.builtin.template:
src: update-motd.d/{{ item }} src: update-motd.d/{{ item }}
dest: /etc/update-motd.d/ dest: /etc/update-motd.d/
mode: 0755 mode: u=rwx,g=rx,o=rx
with_items: with_items:
- 01-linebreak - 01-linebreak
- 05-header - 05-header
@ -90,12 +98,12 @@
- 30-upgrades - 30-upgrades
- 50-linebreak - 50-linebreak
- name: configuration swappiness - name: Configuration swappiness
sysctl: ansible.posix.sysctl:
name: vm.swappiness name: vm.swappiness
value: "{{ common_swappiness }}" value: "{{ common_swappiness }}"
sysctl_set: yes sysctl_set: true
state: present state: present
reload: yes reload: true
tags: configure_swappiness tags: configure_swappiness
when: ansible_virtualization_type == "kvm" when: ansible_virtualization_type == "kvm"