--- - name: /tmp must be world-writable file: path: /tmp state: directory mode: "1777" when: evolinux_system_chmod_tmp - name: Setting default locales lineinfile: dest: /etc/locale.gen line: "{{ item }}" create: yes state: present with_items: - "en_US.UTF-8 UTF-8" - "fr_FR ISO-8859-1" - "fr_FR.UTF-8 UTF-8" register: default_locales when: evolinux_system_locales - name: Reconfigure locales command: /usr/sbin/locale-gen when: evolinux_system_locales and default_locales | changed - name: Setting default timezone lineinfile: dest: /etc/timezone regexp: '^\w+/\w+$' line: "{{ evolinux_system_timezone | mandatory }}" insertbefore: BOF create: yes register: change_timezone when: evolinux_system_timezone != False - name: Reconfigure tzdata command: dpkg-reconfigure --frontend noninteractive tzdata when: evolinux_system_timezone != False and change_timezone | changed # TODO : find a way to force the console-data configuration # non-interactively (like tzdata ↑) - name: Setting vim as default editor alternatives: name: editor path: /usr/bin/vim.basic when: evolinux_system_vim_default - name: Add "umask 027" to /etc/profile.d/evolinux.sh lineinfile: dest: /etc/profile.d/evolinux.sh line: "umask 027" create: yes state: present when: evolinux_system_profile - name: Set /etc/adduser.conf DIR_MODE to 0700 replace: dest: /etc/adduser.conf regexp: "^DIR_MODE=.*$" replace: "DIR_MODE=0700" when: evolinux_system_dirmode_adduser # TODO: trouver comment ne pas faire ça sur Xen Dom-U - name: Deactivating login on all tty except tty2 lineinfile: dest: /etc/securetty line: "tty2" create: yes state: present when: evolinux_system_dirmode_adduser - name: Setting TMOUT to deconnect inactive users lineinfile: dest: /etc/profile line: "export TMOUT=36000" state: present when: evolinux_system_dirmode_adduser #- name: Customizing /etc/fstab - name: Modify default umask for cron deamon lineinfile: dest: /etc/default/cron line: "umask 022" create: yes state: present when: evolinux_system_dirmode_adduser - name: Randomize periodic crontabs replace: dest: /etc/crontab regexp: "{{ item.regexp }}" replace: "{{ item.replace }}" backup: "{{ item.backup }}" with_items: - {regexp: '^17((\s*\*){4})', replace: '{{ 59|random(start=1) }}\1', backup: "yes"} - {regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"} - {regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"} - {regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"} when: evolinux_system_dirmode_adduser # NTP server address - name: Configure NTP replace: dest: /etc/ntp.conf regexp: "^server .*$" replace: "server {{ evolinux_system_ntp_server }}" backup: yes when: evolinux_system_ntp_server != False ## alert5 - name: "Install alert5 init script" template: src: system/init_alert5.j2 dest: /etc/init.d/alert5 force: no mode: "755" when: evolinux_system_alert5_init - name: Enable alert5 init script service: name: alert5 enabled: yes when: - ansible_version.major == 2 - ansible_version.minor < 2 - evolinux_system_alert5_init - evolinux_system_alert5_enable - name: Enable alert5 init script systemd: name: alert5 daemon_reload: yes enabled: yes when: - ansible_version.major == 2 - ansible_version.minor >= 2 - evolinux_system_alert5_init - evolinux_system_alert5_enable ## network interfaces - name: "Network interfaces must be \"auto\" and not \"allow-hotplug\"" replace: dest: /etc/network/interfaces regexp: "allow-hotplug" replace: "auto" backup: yes when: evolinux_system_eni_auto - meta: flush_handlers