ccchb/ansible
ccchb/ansible
6
1
Fork 1
Code Issues 3 Pull requests Releases Wiki Activity

Compare commits

base: ccchb:2140a1428c99dffa2b984025daad59dd003922e2
Branches Tags
ccchb:master
..
compare: ccchb:4454b87c35a099f4ca0024f3fdfdbee2fab0ee38
Branches Tags
ccchb:master

No commits in common. "2140a1428c99dffa2b984025daad59dd003922e2" and "4454b87c35a099f4ca0024f3fdfdbee2fab0ee38" have entirely different histories.
2140a1428c ... 4454b87c35

5 changed files with 64 additions and 18 deletions
Show stats Expand all files Collapse all files

0
group_vars/debian.yml → group_vars/debian
View file

0
group_vars/freebsd.yml → group_vars/freebsd
View file

2
group_vars/mail.yml → group_vars/mail
View file

@ -7,6 +7,8 @@ dovecot_users:
zeltophil: '{BLF-CRYPT}$2y$05$rct9cKgRnB/X7tZW7MXNUeIfadqCRc..dCMG4DB1fZdefH1Qx6FAq' zeltophil: '{BLF-CRYPT}$2y$05$rct9cKgRnB/X7tZW7MXNUeIfadqCRc..dCMG4DB1fZdefH1Qx6FAq'
haecksen: '{BLF-CRYPT}$2y$05$e2R8ucHVPlZuI39Uy4iX3.EaRszPJ01itsPJfQa0FIeYzBuiGxUZW' haecksen: '{BLF-CRYPT}$2y$05$e2R8ucHVPlZuI39Uy4iX3.EaRszPJ01itsPJfQa0FIeYzBuiGxUZW'
ari: '{BLF-CRYPT}$2y$05$HixjVZIVDVBKy40ReKRKh.ewnuyNV/t84ANsOSjOuxz5BIgk/J7k6' ari: '{BLF-CRYPT}$2y$05$HixjVZIVDVBKy40ReKRKh.ewnuyNV/t84ANsOSjOuxz5BIgk/J7k6'
vorstand: '{BLF-CRYPT}$2y$05$Cw.dfEg54gvRIhT9bDCx1O7xS4TtWf/c7Hh9Owzaf23imfwltMd4e'
fritz: '{BLF-CRYPT}$2y$05$NFh8LBoHfkazQDy3iNiuWODSP.rib.jIEDyf/JUbyBnQbJ03FglI6'
mlmmj_lists: mlmmj_lists:
- name: 'vorstand' - name: 'vorstand'

64
roles/debian/tasks/main.yml
View file

@ -1,4 +1,39 @@
--- ---
- name: Install defaults
package:
name:
- zsh
- name: Download .zshrc from grml
get_url:
url: https://raw.githubusercontent.com/grml/grml-etc-core/v0.12.5/etc/zsh/zshrc
dest: /etc/zsh/zshrc
checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce
validate_certs: false
- name: Update SSH configuration
notify: reload sshd
replace:
dest: /etc/ssh/sshd_config
regexp: '^([\#\s]*)?{{ item.key }}\s+([\w_-]+)'
replace: "{{item.key}} {{item.value}}"
with_items:
- key: PermitRootLogin
value: without-password
- key: PasswordAuthentication
value: 'no'
- key: ChallengeResponseAuthentication
value: 'no'
- key: PrintLastLog
value: 'yes'
- key: UseDNS
value: 'no'
- name: Change shell of user root
user:
name: root
shell: /usr/bin/zsh
- name: Enable sshd - name: Enable sshd
systemd: systemd:
name: sshd name: sshd
@ -9,7 +44,32 @@
notify: restart network notify: restart network
when: ipv4 is defined or ipv6 is defined when: ipv4 is defined or ipv6 is defined
template: template:
src: interfaces.j2 src: systemd.network
dest: /etc/network/interfaces dest: /etc/systemd/network/main.network
owner: root owner: root
mode: 644 mode: 644
- name: enable systemd-networkd
notify: restart network
systemd:
name: systemd-networkd
state: started
enabled: yes
- name: disable networking
systemd:
name: networking
enabled: no
- name: start systemd-resolved
systemd:
name: systemd-resolved
state: started
enabled: yes
- name: symling /etc/resolve
file:
src: /run/systemd/resolve/stub-resolv.conf
dest: /etc/resolv.conf
state: link
force: yes

16
roles/debian/templates/interfaces.j2
View file

@ -1,16 +0,0 @@
# The primary network interface
allow-hotplug enp0s3
{% if ipv4 is defined %}
iface enp0s3 inet static
address {{ipv4}}/31
gateway {{ipv4route}}
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers {{ipv4route}}
dns-search emma.ccchb.de
{% endif %}
{% if ipv6 is defined %}
iface enp0s3 inet6 static
address {{ipv6}}/127
gateway {{ipv6route}}
{% endif %}