Compare commits

...

2 commits

5 changed files with 18 additions and 64 deletions

View file

@ -7,8 +7,6 @@ dovecot_users:
zeltophil: '{BLF-CRYPT}$2y$05$rct9cKgRnB/X7tZW7MXNUeIfadqCRc..dCMG4DB1fZdefH1Qx6FAq'
haecksen: '{BLF-CRYPT}$2y$05$e2R8ucHVPlZuI39Uy4iX3.EaRszPJ01itsPJfQa0FIeYzBuiGxUZW'
ari: '{BLF-CRYPT}$2y$05$HixjVZIVDVBKy40ReKRKh.ewnuyNV/t84ANsOSjOuxz5BIgk/J7k6'
vorstand: '{BLF-CRYPT}$2y$05$Cw.dfEg54gvRIhT9bDCx1O7xS4TtWf/c7Hh9Owzaf23imfwltMd4e'
fritz: '{BLF-CRYPT}$2y$05$NFh8LBoHfkazQDy3iNiuWODSP.rib.jIEDyf/JUbyBnQbJ03FglI6'
mlmmj_lists:
- name: 'vorstand'

View file

@ -1,39 +1,4 @@
---
- name: Install defaults
package:
name:
- zsh
- name: Download .zshrc from grml
get_url:
url: https://raw.githubusercontent.com/grml/grml-etc-core/v0.12.5/etc/zsh/zshrc
dest: /etc/zsh/zshrc
checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce
validate_certs: false
- name: Update SSH configuration
notify: reload sshd
replace:
dest: /etc/ssh/sshd_config
regexp: '^([\#\s]*)?{{ item.key }}\s+([\w_-]+)'
replace: "{{item.key}} {{item.value}}"
with_items:
- key: PermitRootLogin
value: without-password
- key: PasswordAuthentication
value: 'no'
- key: ChallengeResponseAuthentication
value: 'no'
- key: PrintLastLog
value: 'yes'
- key: UseDNS
value: 'no'
- name: Change shell of user root
user:
name: root
shell: /usr/bin/zsh
- name: Enable sshd
systemd:
name: sshd
@ -44,32 +9,7 @@
notify: restart network
when: ipv4 is defined or ipv6 is defined
template:
src: systemd.network
dest: /etc/systemd/network/main.network
src: interfaces.j2
dest: /etc/network/interfaces
owner: root
mode: 644
- name: enable systemd-networkd
notify: restart network
systemd:
name: systemd-networkd
state: started
enabled: yes
- name: disable networking
systemd:
name: networking
enabled: no
- name: start systemd-resolved
systemd:
name: systemd-resolved
state: started
enabled: yes
- name: symling /etc/resolve
file:
src: /run/systemd/resolve/stub-resolv.conf
dest: /etc/resolv.conf
state: link
force: yes

View file

@ -0,0 +1,16 @@
# The primary network interface
allow-hotplug enp0s3
{% if ipv4 is defined %}
iface enp0s3 inet static
address {{ipv4}}/31
gateway {{ipv4route}}
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers {{ipv4route}}
dns-search emma.ccchb.de
{% endif %}
{% if ipv6 is defined %}
iface enp0s3 inet6 static
address {{ipv6}}/127
gateway {{ipv6route}}
{% endif %}