--- - name: /tmp must be world-writable ansible.builtin.file: path: /tmp state: directory mode: "u=rwx,g=rwx,o=rwxt" when: evolinux_system_chmod_tmp | bool - name: Setting default locales ansible.builtin.lineinfile: dest: /etc/locale.gen line: "{{ item }}" create: yes state: present loop: - "en_US.UTF-8 UTF-8" - "fr_FR ISO-8859-1" - "fr_FR.UTF-8 UTF-8" register: default_locales when: evolinux_system_locales | bool - name: Reconfigure locales ansible.builtin.command: cmd: /usr/sbin/locale-gen when: evolinux_system_locales and default_locales is changed - name: Setting default timezone community.general.timezone: name: "{{ evolinux_system_timezone | mandatory }}" notify: restart cron when: evolinux_system_set_timezone | bool # TODO : find a way to force the console-data configuration # non-interactively (like tzdata ↑) - ansible.builtin.include_role: name: evolix/remount-usr - name: Ensure automagic vim conf is disabled ansible.builtin.lineinfile: dest: /etc/vim/vimrc regexp: 'let g:skip_defaults_vim =' line: 'let g:skip_defaults_vim = 1' when: evolinux_system_vim_skip_defaults | bool - name: Setting vim as default editor community.general.alternatives: name: editor path: /usr/bin/vim.basic when: evolinux_system_vim_default_editor | bool - name: Add "umask 027" to /etc/profile.d/evolinux.sh ansible.builtin.lineinfile: dest: /etc/profile.d/evolinux.sh line: "umask 027" create: yes state: present when: evolinux_system_profile | bool - name: Set /etc/adduser.conf DIR_MODE to 0700 ansible.builtin.replace: dest: /etc/adduser.conf regexp: "^DIR_MODE=0755$" replace: "DIR_MODE=0700" when: evolinux_system_dirmode_adduser | bool # TODO: trouver comment ne pas faire ça sur Xen Dom-U - name: Deactivating login on all tty except tty2 ansible.builtin.lineinfile: dest: /etc/securetty line: "tty2" create: yes state: present when: evolinux_system_restrict_securetty | bool - name: Setting TMOUT to disconnect inactive users ansible.builtin.lineinfile: dest: /etc/profile.d/evolinux.sh line: "export TMOUT={{ evolinux_system_timeout }}" regexp: "^export TMOUT=" create: yes state: present when: evolinux_system_set_timeout | bool #- name: Customizing /etc/fstab - name: Check if cron is installed ansible.builtin.shell: cmd: "set -o pipefail && dpkg -l cron 2>/dev/null | grep -q -E '^(i|h)i'" executable: /bin/bash check_mode: no failed_when: False changed_when: False register: is_cron_installed - name: Set verbose logging for cron deamon ansible.builtin.lineinfile: dest: /etc/default/cron line: "EXTRA_OPTS='-L 15'" create: yes state: present when: - is_cron_installed.rc == 0 - evolinux_system_cron_verboselog | bool - name: Modify default umask for cron deamon ansible.builtin.lineinfile: dest: /etc/default/cron line: "umask 022" create: yes state: present when: - is_cron_installed.rc == 0 - evolinux_system_cron_umask | bool - name: Randomize periodic crontabs ansible.builtin.replace: dest: /etc/crontab regexp: "{{ item.regexp }}" replace: "{{ item.replace }}" loop: - { regexp: '^17((\s*\*){4})', replace: '{{ 59|random(start=1) }}\1' } - { regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' } - { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' } - { regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' } when: - is_cron_installed.rc == 0 - evolinux_system_cron_random | bool - ansible.builtin.include_role: name: evolix/ntpd when: - evolinux_system_include_ntpd | bool - ansible.builtin.include_role: name: evolix/timesyncd when: - evolinux_system_include_timesyncd | bool ## alert5 - name: Install alert5 init script (jessie/stretch) ansible.builtin.template: src: system/alert5.sysvinit.j2 dest: /etc/init.d/alert5 force: false mode: "0755" when: - evolinux_system_alert5_init | bool - ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch" - name: Enable alert5 init script (jessie/stretch) ansible.builtin.service: name: alert5 enabled: yes when: - evolinux_system_alert5_init | bool - evolinux_system_alert5_enable | bool - ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch" - ansible.builtin.include_role: name: evolix/remount-usr - name: Install alert5 init script (buster and later) ansible.builtin.template: src: system/alert5.sh.j2 dest: /usr/share/scripts/alert5.sh force: false mode: "0755" when: - evolinux_system_alert5_init | bool - ansible_distribution_major_version is version('10', '>=') - name: Install alert5 service (buster and later) ansible.builtin.copy: src: alert5.service dest: /etc/systemd/system/alert5.service force: true mode: "0644" when: - evolinux_system_alert5_init | bool - ansible_distribution_major_version is version('10', '>=') - name: Enable alert5 init script (buster and later) ansible.builtin.systemd: name: alert5 daemon_reload: yes enabled: yes when: - evolinux_system_alert5_init | bool - evolinux_system_alert5_enable | bool - ansible_distribution_major_version is version('10', '>=') - not ansible_check_mode ## network interfaces - name: "Is there an \"allow-hotplug\" interface ?" ansible.builtin.command: cmd: grep allow-hotplug /etc/network/interfaces failed_when: False changed_when: False check_mode: no register: grep_hotplug_eni - name: "Network interfaces must be \"auto\" and not \"allow-hotplug\"" ansible.builtin.replace: dest: /etc/network/interfaces regexp: "allow-hotplug" replace: "auto" when: - evolinux_system_eni_auto | bool - grep_hotplug_eni.rc == 0 - ansible.builtin.meta: flush_handlers