2016-11-07 14:00:57 +01:00
|
|
|
---
|
2016-12-23 20:05:06 +01:00
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
- name: /tmp must be world-writable
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.file:
|
2016-11-07 14:00:57 +01:00
|
|
|
path: /tmp
|
|
|
|
state: directory
|
2017-05-19 22:32:22 +02:00
|
|
|
mode: "u=rwx,g=rwx,o=rwxt"
|
2021-05-09 23:06:42 +02:00
|
|
|
when: evolinux_system_chmod_tmp | bool
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Setting default locales
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2016-11-07 14:00:57 +01:00
|
|
|
dest: /etc/locale.gen
|
|
|
|
line: "{{ item }}"
|
2016-12-23 14:12:13 +01:00
|
|
|
create: yes
|
2016-11-07 14:00:57 +01:00
|
|
|
state: present
|
2021-05-04 14:18:40 +02:00
|
|
|
loop:
|
2016-11-07 14:00:57 +01:00
|
|
|
- "en_US.UTF-8 UTF-8"
|
|
|
|
- "fr_FR ISO-8859-1"
|
|
|
|
- "fr_FR.UTF-8 UTF-8"
|
2016-12-23 14:12:13 +01:00
|
|
|
register: default_locales
|
2021-05-09 23:06:42 +02:00
|
|
|
when: evolinux_system_locales | bool
|
2016-12-23 14:12:13 +01:00
|
|
|
|
|
|
|
- name: Reconfigure locales
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: /usr/sbin/locale-gen
|
2019-12-31 15:34:48 +01:00
|
|
|
when: evolinux_system_locales and default_locales is changed
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2016-12-28 15:06:36 +01:00
|
|
|
- name: Setting default timezone
|
2023-03-18 18:35:54 +01:00
|
|
|
community.general.timezone:
|
2017-07-12 10:23:21 +02:00
|
|
|
name: "{{ evolinux_system_timezone | mandatory }}"
|
|
|
|
notify: restart cron
|
2021-05-09 23:06:42 +02:00
|
|
|
when: evolinux_system_set_timezone | bool
|
2016-12-28 15:06:36 +01:00
|
|
|
|
|
|
|
# TODO : find a way to force the console-data configuration
|
|
|
|
# non-interactively (like tzdata ↑)
|
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.include_role:
|
2019-11-29 14:00:25 +01:00
|
|
|
name: evolix/remount-usr
|
2017-05-23 14:55:31 +02:00
|
|
|
|
2017-07-12 10:15:47 +02:00
|
|
|
- name: Ensure automagic vim conf is disabled
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2017-07-12 10:15:47 +02:00
|
|
|
dest: /etc/vim/vimrc
|
|
|
|
regexp: 'let g:skip_defaults_vim ='
|
|
|
|
line: 'let g:skip_defaults_vim = 1'
|
2021-05-09 23:06:42 +02:00
|
|
|
when: evolinux_system_vim_skip_defaults | bool
|
2017-07-12 10:15:47 +02:00
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
- name: Setting vim as default editor
|
2023-03-18 18:35:54 +01:00
|
|
|
community.general.alternatives:
|
2016-11-07 14:00:57 +01:00
|
|
|
name: editor
|
|
|
|
path: /usr/bin/vim.basic
|
2021-05-09 23:06:42 +02:00
|
|
|
when: evolinux_system_vim_default_editor | bool
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Add "umask 027" to /etc/profile.d/evolinux.sh
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2016-11-07 14:00:57 +01:00
|
|
|
dest: /etc/profile.d/evolinux.sh
|
|
|
|
line: "umask 027"
|
|
|
|
create: yes
|
|
|
|
state: present
|
2021-05-09 23:06:42 +02:00
|
|
|
when: evolinux_system_profile | bool
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Set /etc/adduser.conf DIR_MODE to 0700
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.replace:
|
2016-11-07 14:00:57 +01:00
|
|
|
dest: /etc/adduser.conf
|
2017-10-07 22:59:06 +02:00
|
|
|
regexp: "^DIR_MODE=0755$"
|
2016-11-07 14:00:57 +01:00
|
|
|
replace: "DIR_MODE=0700"
|
2021-05-09 23:06:42 +02:00
|
|
|
when: evolinux_system_dirmode_adduser | bool
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
# TODO: trouver comment ne pas faire ça sur Xen Dom-U
|
|
|
|
|
|
|
|
- name: Deactivating login on all tty except tty2
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2016-11-07 14:00:57 +01:00
|
|
|
dest: /etc/securetty
|
|
|
|
line: "tty2"
|
|
|
|
create: yes
|
|
|
|
state: present
|
2021-05-09 23:06:42 +02:00
|
|
|
when: evolinux_system_restrict_securetty | bool
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2017-07-12 09:34:46 +02:00
|
|
|
- name: Setting TMOUT to disconnect inactive users
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2017-07-11 00:29:06 +02:00
|
|
|
dest: /etc/profile.d/evolinux.sh
|
2022-07-06 14:24:38 +02:00
|
|
|
line: "export TMOUT={{ evolinux_system_timeout }}"
|
|
|
|
regexp: "^export TMOUT="
|
2017-07-11 00:29:06 +02:00
|
|
|
create: yes
|
2016-11-07 14:00:57 +01:00
|
|
|
state: present
|
2021-05-09 23:06:42 +02:00
|
|
|
when: evolinux_system_set_timeout | bool
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
#- name: Customizing /etc/fstab
|
|
|
|
|
2019-10-21 15:25:00 +02:00
|
|
|
- name: Check if cron is installed
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'"
|
2021-05-18 14:04:54 +02:00
|
|
|
executable: /bin/bash
|
|
|
|
check_mode: no
|
2019-10-21 15:25:00 +02:00
|
|
|
failed_when: False
|
|
|
|
changed_when: False
|
|
|
|
register: is_cron_installed
|
|
|
|
|
2017-07-11 00:42:38 +02:00
|
|
|
- name: Set verbose logging for cron deamon
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2017-07-11 00:42:38 +02:00
|
|
|
dest: /etc/default/cron
|
|
|
|
line: "EXTRA_OPTS='-L 15'"
|
|
|
|
create: yes
|
|
|
|
state: present
|
2021-05-09 23:06:42 +02:00
|
|
|
when:
|
|
|
|
- is_cron_installed.rc == 0
|
|
|
|
- evolinux_system_cron_verboselog | bool
|
2017-07-11 00:42:38 +02:00
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
- name: Modify default umask for cron deamon
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2016-11-07 14:00:57 +01:00
|
|
|
dest: /etc/default/cron
|
|
|
|
line: "umask 022"
|
|
|
|
create: yes
|
|
|
|
state: present
|
2021-05-09 23:06:42 +02:00
|
|
|
when:
|
|
|
|
- is_cron_installed.rc == 0
|
|
|
|
- evolinux_system_cron_umask | bool
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Randomize periodic crontabs
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.replace:
|
2016-11-07 14:00:57 +01:00
|
|
|
dest: /etc/crontab
|
|
|
|
regexp: "{{ item.regexp }}"
|
|
|
|
replace: "{{ item.replace }}"
|
2021-05-04 14:18:40 +02:00
|
|
|
loop:
|
2021-08-27 11:01:26 +02:00
|
|
|
- { regexp: '^17((\s*\*){4})', replace: '{{ 59|random(start=1) }}\1' }
|
|
|
|
- { regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
|
|
|
- { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
|
|
|
- { regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
2021-05-09 23:06:42 +02:00
|
|
|
when:
|
|
|
|
- is_cron_installed.rc == 0
|
|
|
|
- evolinux_system_cron_random | bool
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2023-03-20 23:33:19 +01:00
|
|
|
- ansible.builtin.include_role:
|
2019-11-29 14:00:25 +01:00
|
|
|
name: evolix/ntpd
|
2023-08-04 11:47:42 +02:00
|
|
|
when:
|
|
|
|
- evolinux_system_include_ntpd | bool
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
## alert5
|
|
|
|
|
2017-10-06 01:09:48 +02:00
|
|
|
- name: Install alert5 init script (jessie/stretch)
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.template:
|
2017-10-05 00:25:13 +02:00
|
|
|
src: system/alert5.sysvinit.j2
|
2016-11-07 14:00:57 +01:00
|
|
|
dest: /etc/init.d/alert5
|
2023-06-28 13:22:59 +02:00
|
|
|
force: false
|
2017-03-23 16:59:43 +01:00
|
|
|
mode: "0755"
|
2017-10-05 00:25:13 +02:00
|
|
|
when:
|
2021-05-09 23:06:42 +02:00
|
|
|
- evolinux_system_alert5_init | bool
|
2017-10-06 01:09:48 +02:00
|
|
|
- ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2017-10-06 01:09:48 +02:00
|
|
|
- name: Enable alert5 init script (jessie/stretch)
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.service:
|
2017-10-05 00:25:13 +02:00
|
|
|
name: alert5
|
|
|
|
enabled: yes
|
|
|
|
when:
|
2021-05-09 23:06:42 +02:00
|
|
|
- evolinux_system_alert5_init | bool
|
|
|
|
- evolinux_system_alert5_enable | bool
|
2017-10-06 01:09:48 +02:00
|
|
|
- ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"
|
2017-02-09 17:36:49 +01:00
|
|
|
|
2017-01-04 18:58:39 +01:00
|
|
|
|
2017-10-05 00:25:13 +02:00
|
|
|
|
2021-05-01 17:51:50 +02:00
|
|
|
- name: Install alert5 init script (buster and later)
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.template:
|
2017-10-05 00:25:13 +02:00
|
|
|
src: system/alert5.sh.j2
|
|
|
|
dest: /usr/share/scripts/alert5.sh
|
2023-06-28 13:22:59 +02:00
|
|
|
force: false
|
2017-10-05 00:25:13 +02:00
|
|
|
mode: "0755"
|
|
|
|
when:
|
2021-05-09 23:06:42 +02:00
|
|
|
- evolinux_system_alert5_init | bool
|
2020-02-25 10:45:35 +01:00
|
|
|
- ansible_distribution_major_version is version('10', '>=')
|
2017-10-05 00:25:13 +02:00
|
|
|
|
2021-05-01 17:51:50 +02:00
|
|
|
- name: Install alert5 service (buster and later)
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.copy:
|
2017-10-05 00:25:13 +02:00
|
|
|
src: alert5.service
|
|
|
|
dest: /etc/systemd/system/alert5.service
|
2023-06-28 13:22:59 +02:00
|
|
|
force: true
|
2019-11-28 10:59:29 +01:00
|
|
|
mode: "0644"
|
2017-10-05 00:25:13 +02:00
|
|
|
when:
|
2021-05-09 23:06:42 +02:00
|
|
|
- evolinux_system_alert5_init | bool
|
2020-02-25 10:45:35 +01:00
|
|
|
- ansible_distribution_major_version is version('10', '>=')
|
2017-10-05 00:25:13 +02:00
|
|
|
|
2021-05-01 17:51:50 +02:00
|
|
|
- name: Enable alert5 init script (buster and later)
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.systemd:
|
2017-01-04 18:58:39 +01:00
|
|
|
name: alert5
|
2017-10-05 00:25:13 +02:00
|
|
|
daemon_reload: yes
|
2017-01-04 18:58:39 +01:00
|
|
|
enabled: yes
|
2017-10-05 00:25:13 +02:00
|
|
|
when:
|
2021-05-09 23:06:42 +02:00
|
|
|
- evolinux_system_alert5_init | bool
|
|
|
|
- evolinux_system_alert5_enable | bool
|
2020-02-25 10:45:35 +01:00
|
|
|
- ansible_distribution_major_version is version('10', '>=')
|
2021-12-23 16:56:43 +01:00
|
|
|
- not ansible_check_mode
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
## network interfaces
|
|
|
|
|
2017-04-21 14:12:15 +02:00
|
|
|
- name: "Is there an \"allow-hotplug\" interface ?"
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.command:
|
|
|
|
cmd: grep allow-hotplug /etc/network/interfaces
|
2017-04-21 14:12:15 +02:00
|
|
|
failed_when: False
|
|
|
|
changed_when: False
|
|
|
|
check_mode: no
|
|
|
|
register: grep_hotplug_eni
|
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
- name: "Network interfaces must be \"auto\" and not \"allow-hotplug\""
|
2023-03-18 18:35:54 +01:00
|
|
|
ansible.builtin.replace:
|
2016-11-07 14:00:57 +01:00
|
|
|
dest: /etc/network/interfaces
|
|
|
|
regexp: "allow-hotplug"
|
|
|
|
replace: "auto"
|
2021-05-09 23:06:42 +02:00
|
|
|
when:
|
|
|
|
- evolinux_system_eni_auto | bool
|
|
|
|
- grep_hotplug_eni.rc == 0
|
2017-01-03 17:02:23 +01:00
|
|
|
|
2023-03-18 18:35:54 +01:00
|
|
|
- ansible.builtin.meta: flush_handlers
|