Files
@ a717a6ccd782
Branch filter:
Location: majic-ansible-roles/roles/common/tasks/main.yml - annotation
a717a6ccd782
4.3 KiB
text/x-yaml
MAR-65: Disable Emacs electric-indent-mode by default via common role (if Emacs is installed via common_packages).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | 626eadba53b7 626eadba53b7 babda105c9cf babda105c9cf babda105c9cf babda105c9cf babda105c9cf babda105c9cf babda105c9cf babda105c9cf babda105c9cf 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 f4e9cd36dad4 626eadba53b7 626eadba53b7 626eadba53b7 284ed92d40bb 284ed92d40bb 284ed92d40bb a561d73e3242 a561d73e3242 a561d73e3242 626eadba53b7 626eadba53b7 922cda0a1834 626eadba53b7 a717a6ccd782 a717a6ccd782 a717a6ccd782 a717a6ccd782 a717a6ccd782 626eadba53b7 fe6cdb2443c7 922cda0a1834 626eadba53b7 626eadba53b7 fe6cdb2443c7 922cda0a1834 626eadba53b7 626eadba53b7 fe6cdb2443c7 fe6cdb2443c7 1b05bae8e440 922cda0a1834 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 fe6cdb2443c7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 9eca957bb9db 9eca957bb9db 76ed37089b33 1b05bae8e440 922cda0a1834 76ed37089b33 284ed92d40bb 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 a561d73e3242 a561d73e3242 a561d73e3242 a561d73e3242 a561d73e3242 941f4f372672 a561d73e3242 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 | ---
- name: Enable use of proxy for retrieving system packages via apt
template: src="apt_proxy.j2" dest="/etc/apt/apt.conf.d/00proxy"
owner=root group=root mode=644
when: apt_proxy is defined
- name: Disable use of proxy for retrieving system packages via apt
file: path="/etc/apt/apt.conf.d/00proxy" state=absent
when: apt_proxy is undefined
- name: Deploy pam-auth-update configuration file for enabling pam_umask
copy: src=pam_umask dest=/usr/share/pam-configs/umask mode=644 owner=root group=root
notify: Update PAM configuration
- name: Set login UMASK
lineinfile: dest=/etc/login.defs state=present backrefs=yes regexp='^UMASK(\s+)' line='UMASK\g<1>027'
- name: Set home directory mask
lineinfile: dest=/etc/adduser.conf state=present backrefs=yes regexp='^DIR_MODE=' line='DIR_MODE=0750'
- name: Deploy bash profile configuration for fancier prompts
template: src="bash_prompt.sh.j2" dest="/etc/profile.d/bash_prompt.sh"
owner=root group=root mode=644
- name: Replace default and skeleton bashrc
copy: src="{{ item.key }}" dest="{{ item.value }}"
owner=root group=root mode=644
with_dict:
skel_bashrc: "/etc/skel/.bashrc"
bashrc: "/etc/bash.bashrc"
- name: Install sudo
apt: name=sudo state=present
- name: Install ssl-cert package
apt: name=ssl-cert state=present
- name: Install rcconf (workaround for systemctl broken handling of SysV)
apt: name=rcconf state=present
- name: Install common packages
apt: name="{{ item }}" state="present"
with_items: "{{ common_packages }}"
- name: Disable electric-indent-mode for Emacs by default for all users
copy: src="01disable-electric-indent-mode.el" dest="/etc/emacs/site-start.d/01disable-electric-indent-mode.el"
owner=root group=root mode=644
when: "'emacs24' in common_packages or 'emacs24-nox' in common_packages"
- name: Set-up operating system groups
group: name="{{ item.name }}" gid="{{ item.gid | default(omit) }}" state=present
with_items: "{{ os_groups }}"
- name: Set-up operating system user groups
group: name="{{ item.name }}" gid="{{ item.uid | default(omit) }}" state=present
with_items: "{{ os_users }}"
- name: Set-up operating system users
user: name="{{ item.name }}" uid="{{ item.uid | default(omit) }}" group="{{ item.name }}"
groups="{{ ",".join(item.additional_groups | default([])) }}" append=yes shell=/bin/bash state=present
password="{{ item.password | default('!') }}" update_password=on_create
with_items: "{{ os_users }}"
- name: Set-up authorised keys
authorized_key: user="{{ item.0.name }}" key="{{ item.1 }}"
with_subelements:
- "{{ os_users | selectattr('authorized_keys', 'defined') | list }}"
- authorized_keys
- name: Disable remote logins for root
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PermitRootLogin" line="PermitRootLogin no"
notify:
- Restart SSH
- name: Disable remote login authentication via password
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PasswordAuthentication" line="PasswordAuthentication no"
notify:
- Restart SSH
- name: Deploy CA certificates
copy: content="{{ item.value }}" dest="/usr/local/share/ca-certificates/{{ item.key }}.crt" mode=644 owner=root group=root
with_dict: "{{ ca_certificates }}"
notify:
- Update CA certificate cache
- name: Install ferm (for firewall management)
apt: name=ferm state=installed
- name: Configure ferm init script coniguration file
copy: src=ferm dest=/etc/default/ferm owner=root group=root mode=644
notify:
- Restart ferm
- name: Create directory for storing ferm configuration files
file: dest="/etc/ferm/conf.d/" mode=750 state=directory owner=root group=root
- name: Deploy main ferm configuration file
copy: src=ferm.conf dest=/etc/ferm/ferm.conf
notify:
- Restart ferm
- name: Deploy ferm base rules
template: src=00-base.conf.j2 dest=/etc/ferm/conf.d/00-base.conf
owner=root group=root mode=640
notify:
- Restart ferm
- name: Enable ferm service on boot (workaround for systemctl broken handling of SysV)
command: rcconf -on ferm
register: result
changed_when: result.stderr == ""
- name: Enable ferm service
service: name=ferm state=started
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|