diff --git a/evolinux-base/README.md b/evolinux-base/README.md index 243d4b5f..7e51066c 100644 --- a/evolinux-base/README.md +++ b/evolinux-base/README.md @@ -19,11 +19,11 @@ Various tasks for Evolinux setup. * `provider_online` : * `provider_orange_fce` : -Each task file is included in the `main.yml` file with a condition based on a variable like `evolinux_tasks_hostname` (mostly `True` by default). The variables can be set to `False` to disable groups of tasks. Finer grained tasks disabling is done in each group of tasks. - ## Available variables -Main variables are : +Each tasks group is included in the `main.yml` file with a condition based on a variable like `evolinux_hostname_include` (mostly `True` by default). The variables can be set to `False` to disable a . Finer grained tasks disabling is done in each group of tasks. + +Main variables are: * `general_alert_email`: email address to send various alert messages (default: `root@localhost`). * `apt_alert_email`: email address to send APT messages to (default: `general_alert_email`). diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml index 9eb05354..3076d48d 100644 --- a/evolinux-base/defaults/main.yml +++ b/evolinux-base/defaults/main.yml @@ -11,7 +11,10 @@ postfix_alias_email: Null # hostname -evolinux_tasks_hostname: True +evolinux_hostname_include: True + +evolinux_hostname_hosts: True +evolinux_hostname_mailname: True evolinux_hostname: "{{ ansible_hostname }}" evolinux_domain: "{{ ansible_domain }}" @@ -20,7 +23,7 @@ evolinux_internal_hostname: "{{ evolinux_hostname }}" # kernel -evolinux_tasks_kernel: True +evolinux_kernel_include: True evolinux_kernel_reboot_after_panic: True evolinux_kernel_disable_tcp_timestamps: True @@ -29,65 +32,115 @@ evolinux_kernel_cve20165696: True # apt -evolinux_tasks_apt: True +evolinux_apt_include: True -evolinux_apt_upgrade: True -evolinux_apt_repositories_components: "main" +evolinux_apt_conf: True evolinux_apt_hooks: True +evolinux_apt_disable_originals: True +evolinux_apt_disable_debsrc: True +evolinux_apt_basic_sources: True +evolinux_apt_public_sources: True +evolinux_apt_upgrade: True evolinux_apt_remove_aptitude: True +evolinux_apt_repositories_components: "main" + # fstab -evolinux_tasks_fstab: True +evolinux_fstab_include: True + +evolinux_fstab_var_tmp: True # packages -evolinux_tasks_packages: True +evolinux_packages_include: True -evolinux_delete_nfs: True +evolinux_packages_system: True +evolinux_packages_diagnostic: True +evolinux_packages_hardware: True +evolinux_packages_common: True +evolinux_packages_serveur_base: True +evolinux_packages_invalid_mta: True +evolinux_packages_delete_nfs: True +evolinux_packages_listchanges: True # system -evolinux_tasks_system: True +evolinux_system_include: True -evolinux_ntp_server: Null -evolinux_timezone: "Europe/Paris" +evolinux_system_chmod_tmp: True +evolinux_system_locales: True +evolinux_system_timezone: "Europe/Paris" +evolinux_system_vim_default: True +evolinux_system_profile: True +evolinux_system_dirmode_adduser: True +evolinux_system_alert5_init: True +evolinux_system_alert5_enable: True +evolinux_system_eni_auto: True +evolinux_system_ntp_server: False # root -evolinux_tasks_root: True +evolinux_root_include: True + +evolinux_root_chmod: True +evolinux_root_bashrc: True +evolinux_root_bash_history: True +evolinux_root_umask: True +evolinux_root_gitconfig: True +evolinux_root_bash_history_appendonly: True +evolinux_root_vim_default: True +evolinux_root_vim_conf: True # ssh -evolinux_tasks_ssh: True +evolinux_ssh_include: True evolinux_ssh_password_auth_addresses: [] +evolinux_ssh_match_address: True evolinux_ssh_disable_root: True +evolinux_ssh_disable_acceptenv: True # postfix -evolinux_tasks_postfix: True +evolinux_postfix_include: True +evolinux_postfix_packages: True +evolinux_postfix_users_alias_root: True +evolinux_postfix_mailer_alias_root: True +evolinux_postfix_root_alias: True evolinux_postfix_purge_exim: True # logs -evolinux_tasks_logs: True +evolinux_logs_include: True + +evolinux_logs_logrotate_confs: True +evolinux_logs_default_rotate: True +evolinux_logs_disable_logrotate_rsyslog: True +evolinux_logs_rsyslog_conf: True # default www -evolinux_tasks_default_www: True +evolinux_default_www_include: True + +evolinux_default_www_files: True +evolinux_default_www_ssl_cert: True +evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}" + +evolinux_default_www_nginx_vhost: True +evolinux_default_www_nginx_enabled: False + +evolinux_default_www_apache_vhost: True +evolinux_default_www_apache_enabled: False evolinux_default_www_redirect_url: "http://evolix.fr" -evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}" -evolinux_default_www_nginx_enabled: False -evolinux_default_www_apache_enabled: False # hardware -evolinux_tasks_hardware: True +evolinux_hardware_include: True # providers -evolinux_tasks_provider_online: False -evolinux_tasks_provider_orange_fce: False +evolinux_provider_online_include: False +evolinux_provider_orange_fce_include: False diff --git a/evolinux-base/templates/apt/evolix_public.list.j2 b/evolinux-base/files/apt/evolix_public.list similarity index 100% rename from evolinux-base/templates/apt/evolix_public.list.j2 rename to evolinux-base/files/apt/evolix_public.list diff --git a/evolinux-base/tasks/apt.yml b/evolinux-base/tasks/apt.yml index 3cf6ad18..d9dc2433 100644 --- a/evolinux-base/tasks/apt.yml +++ b/evolinux-base/tasks/apt.yml @@ -10,6 +10,7 @@ with_items: - "APT::Install-Recommends \"0\";" - "APT::Install-Suggests \"0\";" + when: evolinux_apt_conf - name: DPKg invoke hooks lineinfile: @@ -31,12 +32,14 @@ with_items: # - '.+\.debian\.org' - 'cdrom:' + when: evolinux_apt_disable_originals - name: deb-src repositories are disabled replace: dest: /etc/apt/sources.list regexp: '^(deb-src.+)' replace: '# \1' + when: evolinux_apt_disable_debsrc - name: Basic sources list is installed lineinfile: @@ -46,14 +49,16 @@ - "deb http://security.debian.org/ jessie/updates {{ evolinux_apt_repositories_components | mandatory }}" - "deb http://mirror.evolix.org/debian/ jessie {{ evolinux_apt_repositories_components | mandatory }}" - "deb http://mirror.evolix.org/debian/ jessie-updates {{ evolinux_apt_repositories_components | mandatory }}" + when: evolinux_apt_basic_sources - name: Evolix public list is installed - template: - src: apt/evolix_public.list.j2 + copy: + src: apt/evolix_public.list dest: /etc/apt/sources.list.d/evolix_public.list force: yes backup: yes mode: 0640 + when: evolinux_apt_public_sources - name: Remove Aptitude apt: diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml index 1224a4d4..f14febb0 100644 --- a/evolinux-base/tasks/default_www.yml +++ b/evolinux-base/tasks/default_www.yml @@ -4,6 +4,7 @@ path: /var/www state: directory mode: 0755 + when: evolinux_default_www_files - name: images are copied copy: @@ -12,37 +13,40 @@ mode: 0755 directory_mode: 0755 follow: yes + when: evolinux_default_www_files - name: index is copied template: src: default_www/index.html.j2 dest: /var/www/index.html mode: 0755 + when: evolinux_default_www_files # SSL cert -- name: ssl-cert package is installed - apt: - name: ssl-cert - state: installed +- block: + - name: ssl-cert package is installed + apt: + name: ssl-cert + state: installed -- name: Create private key and csr for default site ({{ ansible_fqdn }}) - command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "{{ evolinux_default_www_ssl_subject }}" - args: - creates: "/etc/ssl/private/{{ ansible_fqdn }}.key" + - name: Create private key and csr for default site ({{ ansible_fqdn }}) + command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "{{ evolinux_default_www_ssl_subject }}" + args: + creates: "/etc/ssl/private/{{ ansible_fqdn }}.key" -- name: Adjust rights on private key - file: - path: /etc/ssl/private/{{ ansible_fqdn }}.key - owner: root - group: ssl-cert - mode: 0640 - -- name: Create certificate for default site - command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt - args: - creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt" + - name: Adjust rights on private key + file: + path: /etc/ssl/private/{{ ansible_fqdn }}.key + owner: root + group: ssl-cert + mode: 0640 + - name: Create certificate for default site + command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt + args: + creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt" + when: evolinux_default_www_ssl_cert # Nginx vhost @@ -60,8 +64,7 @@ # force: yes notify: reload nginx tags: - - nginx - + - nginx - name: nginx vhost is enabled file: @@ -71,9 +74,9 @@ notify: reload nginx when: evolinux_default_www_nginx_enabled tags: - - nginx + - nginx - when: nginx_sites_available.stat.exists + when: evolinux_default_www_nginx_vhost and nginx_sites_available.stat.exists # Apache vhost @@ -92,8 +95,7 @@ # force: yes notify: reload apache tags: - - apache - + - apache - name: Apache vhost is enabled file: @@ -103,6 +105,6 @@ notify: reload apache when: evolinux_default_www_apache_enabled tags: - - apache + - apache - when: apache_sites_available.stat.exists + when: evolinux_default_www_apache_vhost and apache_sites_available.stat.exists diff --git a/evolinux-base/tasks/fstab.yml b/evolinux-base/tasks/fstab.yml index 000b225e..0b742a6d 100644 --- a/evolinux-base/tasks/fstab.yml +++ b/evolinux-base/tasks/fstab.yml @@ -49,5 +49,6 @@ fstype: tmpfs opts: defaults,noexec,nosuid,nodev,size=1024m state: mounted + when: evolinux_fstab_var_tmp - meta: flush_handlers diff --git a/evolinux-base/tasks/hostname.yml b/evolinux-base/tasks/hostname.yml index c7db7635..0eba3719 100644 --- a/evolinux-base/tasks/hostname.yml +++ b/evolinux-base/tasks/hostname.yml @@ -8,6 +8,7 @@ dest: /etc/hosts regexp: '^127.0.0.1(\s+)localhost.*$' replace: '127.0.0.1\1localhost.localdomain localhost' + when: evolinux_hostname_hosts - name: Set ip+fqdn+hostname in /etc/hosts lineinfile: @@ -15,30 +16,35 @@ regexp: '^{{ ansible_default_ipv4.address }}\s+' line: "{{ ansible_default_ipv4.address }} {{ evolinux_fqdn }} {{ evolinux_hostname }}" insertafter: '127.0.0.1\s+localhost.localdomain' + when: evolinux_hostname_hosts - name: 127.0.1.1 is removed lineinfile: dest: /etc/hosts regexp: '^127.0.1.1\s+' state: absent + when: evolinux_hostname_hosts - name: /etc/mailname is up-to-date copy: dest: /etc/mailname content: "{{ evolinux_fqdn }}\n" force: yes + when: evolinux_hostname_mailname -- name: override ansible_hostname fact +# Override facts + +- name: Override ansible_hostname fact set_fact: ansible_hostname: "{{ evolinux_hostname }}" when: ansible_hostname != evolinux_hostname -- name: override ansible_domain fact +- name: Override ansible_domain fact set_fact: ansible_domain: "{{ evolinux_domain }}" when: ansible_domain != evolinux_domain -- name: override ansible_fqdn fact +- name: Override ansible_fqdn fact set_fact: ansible_fqdn: "{{ evolinux_fqdn }}" when: ansible_fqdn != evolinux_fqdn diff --git a/evolinux-base/tasks/logs.yml b/evolinux-base/tasks/logs.yml index f98eed98..e9bc986c 100644 --- a/evolinux-base/tasks/logs.yml +++ b/evolinux-base/tasks/logs.yml @@ -8,6 +8,7 @@ dest: /etc/rsyslog.conf mode: 0644 notify: restart rsyslog + when: evolinux_logs_rsyslog_conf - name: Disable logrotate default conf command: mv /etc/logrotate.d/rsyslog /etc/logrotate.d/rsyslog.disabled @@ -15,14 +16,17 @@ removes: /etc/logrotate.d/rsyslog creates: /etc/logrotate.d/rsyslog.disabled notify: restart rsyslog + when: evolinux_logs_disable_logrotate_rsyslog - name: Copy many logrotate files copy: src: logs/logrotate.d/ dest: /etc/logrotate.d/ + when: evolinux_logs_logrotate_confs - name: Configure logrotate.conf replace: dest: /etc/logrotate.conf regexp: "rotate [0-9]*" replace: "rotate 12" + when: evolinux_logs_default_rotate diff --git a/evolinux-base/tasks/main.yml b/evolinux-base/tasks/main.yml index 3069a6e5..44eb7f70 100644 --- a/evolinux-base/tasks/main.yml +++ b/evolinux-base/tasks/main.yml @@ -1,56 +1,56 @@ --- - name: Hostname include: hostname.yml - when: evolinux_tasks_hostname + when: evolinux_hostname_include - name: Kernel tuning include: kernel.yml - when: evolinux_tasks_kernel + when: evolinux_kernel_include - name: Apt configuration and packages install include: apt.yml - when: evolinux_tasks_apt + when: evolinux_apt_include - name: Fstab configuration include: fstab.yml - when: evolinux_tasks_fstab + when: evolinux_fstab_include - name: Packages include: packages.yml - when: evolinux_tasks_packages + when: evolinux_packages_include - name: System settings include: system.yml - when: evolinux_tasks_system + when: evolinux_system_include - name: Root user configuration include: root.yml - when: evolinux_tasks_root + when: evolinux_root_include - name: SSH configuration include: ssh.yml - when: evolinux_tasks_ssh + when: evolinux_ssh_include - name: Postfix include: postfix.yml - when: evolinux_tasks_postfix + when: evolinux_postfix_include - name: Logs management include: logs.yml - when: evolinux_tasks_logs + when: evolinux_logs_include - name: Default index page include: default_www.yml - when: evolinux_tasks_default_www + when: evolinux_default_www_include - name: Hardware drivers and tools include: hardware.yml - when: evolinux_tasks_hardware + when: evolinux_hardware_include - name: Customize for Online.net include: provider_online.yml - when: evolinux_tasks_provider_online + when: evolinux_provider_online_include - name: Customize for Orange FCE include: provider_orange_fce.yml - when: evolinux_tasks_provider_orange_fce + when: evolinux_provider_orange_fce_include diff --git a/evolinux-base/tasks/packages.yml b/evolinux-base/tasks/packages.yml index 86a33a68..642ee963 100644 --- a/evolinux-base/tasks/packages.yml +++ b/evolinux-base/tasks/packages.yml @@ -13,6 +13,7 @@ - pv - apg - conntrack + when: evolinux_packages_system - name: Install/Update diagnostic tools apt: @@ -26,6 +27,7 @@ - iotop - tcpdump - mtr-tiny + when: evolinux_packages_diagnostic - name: Install/Update hardware tools apt: @@ -34,7 +36,7 @@ - hdparm - smartmontools - lm-sensors - + when: evolinux_packages_hardware - name: Install/Update common tools apt: @@ -50,12 +52,13 @@ - rsync - bc - pinentry-curses + when: evolinux_packages_common - name: Install/Update serveur-base meta-package command: "apt-get install -yq --allow-unauthenticated serveur-base" register: install_server_base changed_when: not (install_server_base.stdout | search("0 upgraded") and install_server_base.stdout | search("0 newly installed")) - + when: evolinux_packages_serveur_base - name: is an MTA installed? command: "dpkg -S /usr/sbin/sendmail" @@ -66,7 +69,7 @@ - name: Install lsb-invalid-mta apt: name: lsb-invalid-mta - when: mta_installed.rc != 0 + when: evolinux_packages_invalid_mta and mta_installed.rc != 0 - name: Deleting rpcbin and nfs-common @@ -76,7 +79,7 @@ with_items: - rpcbind - nfs-common - when: evolinux_delete_nfs + when: evolinux_packages_delete_nfs # TODO: use ini_file when Ansible > 2.1 (no_extra_spaces: yes) @@ -89,3 +92,4 @@ with_items: - { option: "confirm", value: "1" } - { option: "which", value: "both" } + when: evolinux_packages_listchanges diff --git a/evolinux-base/tasks/postfix.yml b/evolinux-base/tasks/postfix.yml index 70cc2566..efbbf131 100644 --- a/evolinux-base/tasks/postfix.yml +++ b/evolinux-base/tasks/postfix.yml @@ -7,6 +7,7 @@ with_items: - postfix - mailgraph + when: evolinux_postfix_packages tags: - packages - postfix @@ -25,6 +26,7 @@ line: "{{ item }}: root" with_items: "{{ non_root_users_list.stdout_lines }}" notify: newaliases + when: evolinux_postfix_users_alias_root tags: - postfix @@ -38,6 +40,7 @@ - abuse - mailer-daemon notify: newaliases + when: evolinux_postfix_mailer_alias_root tags: - postfix @@ -47,6 +50,7 @@ regexp: "^root:" line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}" notify: newaliases + when: evolinux_postfix_root_alias tags: - postfix @@ -66,4 +70,3 @@ tags: - packages - postfix - diff --git a/evolinux-base/tasks/root.yml b/evolinux-base/tasks/root.yml index fd7e406f..aecd31cb 100644 --- a/evolinux-base/tasks/root.yml +++ b/evolinux-base/tasks/root.yml @@ -5,8 +5,7 @@ path: /root state: directory mode: 0700 - tags: - - root + when: evolinux_root_chmod - name: "Customize root's bashrc..." lineinfile: @@ -18,8 +17,7 @@ - "export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoreboth" - "export HISTSIZE=65535" - "export HISTTIMEFORMAT=\"%c : \"" - tags: - - root + when: evolinux_root_bashrc ## .bash_history should be append-only @@ -28,38 +26,31 @@ content: "" dest: "/root/.bash_history" force: no - tags: - - root + when: evolinux_root_bash_history - name: Set umask in /root/.profile lineinfile: dest: "/root/.profile" line: "umask 0077" regexp: "umask [0-9]+" - tags: - - root + when: evolinux_root_umask - name: Custom git config for root copy: src: root/gitconfig dest: "/root/.gitconfig" force: no - tags: - - root + when: evolinux_root_gitconfig - name: Is .bash_history append-only shell: lsattr /root/.bash_history | grep -E "^.*a.* " register: bash_history_append_only failed_when: False changed_when: False - tags: - - root - name: Set .bash_history append-only command: chattr +a /root/.bash_history - when: bash_history_append_only.rc != 0 - tags: - - root + when: evolinux_root_bash_history_appendonly and bash_history_append_only.rc != 0 - name: Setting vim as selected-editor lineinfile: @@ -67,6 +58,7 @@ regexp: '^SELECTED_EDITOR=' line: "SELECTED_EDITOR=\"/usr/bin/vim.basic\"" create: yes + when: evolinux_root_vim_default - name: Setting vim root configuration lineinfile: @@ -83,3 +75,4 @@ - "set softtabstop=0" - "set shiftwidth=4" - "set smarttab" + when: evolinux_root_vim_conf diff --git a/evolinux-base/tasks/ssh.yml b/evolinux-base/tasks/ssh.yml index 69dbcb04..c733676f 100644 --- a/evolinux-base/tasks/ssh.yml +++ b/evolinux-base/tasks/ssh.yml @@ -11,7 +11,7 @@ line: "\nMatch Address {{ evolinux_ssh_password_auth_addresses | join(',') }}\n PasswordAuthentication yes" validate: '/usr/sbin/sshd -T -f %s' notify: reload sshd - when: grep_matchaddress_ssh.rc != 0 and evolinux_ssh_password_auth_addresses != [] + when: evolinux_ssh_match_address and grep_matchaddress_ssh.rc != 0 and evolinux_ssh_password_auth_addresses != [] - name: Modify Match Address sshd directive replace: @@ -21,7 +21,7 @@ validate: '/usr/sbin/sshd -T -f %s' with_items: "{{ evolinux_ssh_password_auth_addresses }}" notify: reload sshd - when: grep_matchaddress_ssh.rc == 0 + when: evolinux_ssh_match_address and grep_matchaddress_ssh.rc == 0 - name: disable SSH access for root replace: @@ -35,3 +35,4 @@ dest: /etc/ssh/sshd_config regexp: '^AcceptEnv' replace: "#AcceptEnv" + when: evolinux_ssh_disable_acceptenv diff --git a/evolinux-base/tasks/system.yml b/evolinux-base/tasks/system.yml index 826a7a36..94c5e6e5 100644 --- a/evolinux-base/tasks/system.yml +++ b/evolinux-base/tasks/system.yml @@ -12,6 +12,7 @@ path: /tmp state: directory mode: 01777 + when: evolinux_system_chmod_tmp - name: Setting default locales lineinfile: @@ -24,23 +25,25 @@ - "fr_FR ISO-8859-1" - "fr_FR.UTF-8 UTF-8" register: default_locales + when: evolinux_system_locales - name: Reconfigure locales command: /usr/sbin/locale-gen - when: default_locales | changed + when: evolinux_system_locales and default_locales | changed - name: Setting default timezone lineinfile: dest: /etc/timezone regexp: '^\w+/\w+$' - line: "{{ evolinux_timezone | mandatory }}" + line: "{{ evolinux_system_timezone | mandatory }}" insertbefore: BOF create: yes register: change_timezone + when: evolinux_system_timezone != False - name: Reconfigure tzdata command: dpkg-reconfigure --frontend noninteractive tzdata - when: change_timezone | changed + when: evolinux_system_timezone != False and change_timezone | changed # TODO : find a way to force the console-data configuration # non-interactively (like tzdata ↑) @@ -49,6 +52,7 @@ alternatives: name: editor path: /usr/bin/vim.basic + when: evolinux_system_vim_default - name: Add "umask 027" to /etc/profile.d/evolinux.sh lineinfile: @@ -56,12 +60,14 @@ line: "umask 027" create: yes state: present + when: evolinux_system_profile - name: Set /etc/adduser.conf DIR_MODE to 0700 replace: dest: /etc/adduser.conf regexp: "^DIR_MODE=.*$" replace: "DIR_MODE=0700" + when: evolinux_system_dirmode_adduser # TODO: trouver comment ne pas faire ça sur Xen Dom-U @@ -71,12 +77,14 @@ line: "tty2" create: yes state: present + when: evolinux_system_dirmode_adduser - name: Setting TMOUT to deconnect inactive users lineinfile: dest: /etc/profile line: "export TMOUT=36000" state: present + when: evolinux_system_dirmode_adduser #- name: Customizing /etc/fstab @@ -86,6 +94,7 @@ line: "umask 022" create: yes state: present + when: evolinux_system_dirmode_adduser - name: Randomize periodic crontabs replace: @@ -98,6 +107,7 @@ - {regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"} - {regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"} - {regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"} + when: evolinux_system_dirmode_adduser # NTP server address @@ -105,9 +115,9 @@ replace: dest: /etc/ntp.conf regexp: "^server .*$" - replace: "server {{ evolinux_ntp_server }}" + replace: "server {{ evolinux_system_ntp_server }}" backup: yes - when: evolinux_ntp_server | default(False) + when: evolinux_system_ntp_server != False ## alert5 @@ -117,11 +127,13 @@ dest: /etc/init.d/alert5 force: no mode: 0755 + when: evolinux_system_alert5_init - name: Enable alert5 init script service: name: alert5 enabled: yes + when: evolinux_system_alert5_init and evolinux_system_alert5_enable ## network interfaces @@ -131,3 +143,4 @@ regexp: "allow-hotplug" replace: "auto" backup: yes + when: evolinux_system_eni_auto