2016-11-07 14:00:57 +01:00
|
|
|
---
|
2016-12-23 20:05:06 +01:00
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
- name: /tmp must be world-writable
|
|
|
|
file:
|
|
|
|
path: /tmp
|
|
|
|
state: directory
|
2017-01-05 11:58:01 +01:00
|
|
|
mode: "1777"
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_chmod_tmp
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Setting default locales
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/locale.gen
|
|
|
|
line: "{{ item }}"
|
2016-12-23 14:12:13 +01:00
|
|
|
create: yes
|
2016-11-07 14:00:57 +01:00
|
|
|
state: present
|
|
|
|
with_items:
|
|
|
|
- "en_US.UTF-8 UTF-8"
|
|
|
|
- "fr_FR ISO-8859-1"
|
|
|
|
- "fr_FR.UTF-8 UTF-8"
|
2016-12-23 14:12:13 +01:00
|
|
|
register: default_locales
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_locales
|
2016-12-23 14:12:13 +01:00
|
|
|
|
|
|
|
- name: Reconfigure locales
|
|
|
|
command: /usr/sbin/locale-gen
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_locales and default_locales | changed
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2016-12-28 15:06:36 +01:00
|
|
|
- name: Setting default timezone
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/timezone
|
|
|
|
regexp: '^\w+/\w+$'
|
2017-01-03 16:37:23 +01:00
|
|
|
line: "{{ evolinux_system_timezone | mandatory }}"
|
2016-12-28 15:06:36 +01:00
|
|
|
insertbefore: BOF
|
|
|
|
create: yes
|
|
|
|
register: change_timezone
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_timezone != False
|
2016-12-28 15:06:36 +01:00
|
|
|
|
|
|
|
- name: Reconfigure tzdata
|
|
|
|
command: dpkg-reconfigure --frontend noninteractive tzdata
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_timezone != False and change_timezone | changed
|
2016-12-28 15:06:36 +01:00
|
|
|
|
|
|
|
# TODO : find a way to force the console-data configuration
|
|
|
|
# non-interactively (like tzdata ↑)
|
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
- name: Setting vim as default editor
|
|
|
|
alternatives:
|
|
|
|
name: editor
|
|
|
|
path: /usr/bin/vim.basic
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_vim_default
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Add "umask 027" to /etc/profile.d/evolinux.sh
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/profile.d/evolinux.sh
|
|
|
|
line: "umask 027"
|
|
|
|
create: yes
|
|
|
|
state: present
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_profile
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Set /etc/adduser.conf DIR_MODE to 0700
|
|
|
|
replace:
|
|
|
|
dest: /etc/adduser.conf
|
|
|
|
regexp: "^DIR_MODE=.*$"
|
|
|
|
replace: "DIR_MODE=0700"
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_dirmode_adduser
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
# TODO: trouver comment ne pas faire ça sur Xen Dom-U
|
|
|
|
|
|
|
|
- name: Deactivating login on all tty except tty2
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/securetty
|
|
|
|
line: "tty2"
|
|
|
|
create: yes
|
|
|
|
state: present
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_dirmode_adduser
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Setting TMOUT to deconnect inactive users
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/profile
|
|
|
|
line: "export TMOUT=36000"
|
|
|
|
state: present
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_dirmode_adduser
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
#- name: Customizing /etc/fstab
|
|
|
|
|
|
|
|
- name: Modify default umask for cron deamon
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/default/cron
|
|
|
|
line: "umask 022"
|
|
|
|
create: yes
|
|
|
|
state: present
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_dirmode_adduser
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Randomize periodic crontabs
|
|
|
|
replace:
|
|
|
|
dest: /etc/crontab
|
|
|
|
regexp: "{{ item.regexp }}"
|
|
|
|
replace: "{{ item.replace }}"
|
|
|
|
backup: "{{ item.backup }}"
|
|
|
|
with_items:
|
|
|
|
- {regexp: '^17((\s*\*){4})', replace: '{{ 59|random(start=1) }}\1', backup: "yes"}
|
|
|
|
- {regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
|
|
|
|
- {regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
|
|
|
|
- {regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_dirmode_adduser
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
# NTP server address
|
|
|
|
|
|
|
|
- name: Configure NTP
|
|
|
|
replace:
|
|
|
|
dest: /etc/ntp.conf
|
|
|
|
regexp: "^server .*$"
|
2017-01-03 16:37:23 +01:00
|
|
|
replace: "server {{ evolinux_system_ntp_server }}"
|
2016-11-07 14:00:57 +01:00
|
|
|
backup: yes
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_ntp_server != False
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
## alert5
|
|
|
|
|
|
|
|
- name: "Install alert5 init script"
|
|
|
|
template:
|
|
|
|
src: system/init_alert5.j2
|
|
|
|
dest: /etc/init.d/alert5
|
2016-12-26 12:11:37 +01:00
|
|
|
force: no
|
2017-01-05 11:58:01 +01:00
|
|
|
mode: "755"
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_alert5_init
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Enable alert5 init script
|
|
|
|
service:
|
|
|
|
name: alert5
|
|
|
|
enabled: yes
|
2017-01-04 18:58:39 +01:00
|
|
|
when:
|
|
|
|
- ansible_version.major == 2
|
|
|
|
- ansible_version.minor < 2
|
|
|
|
- evolinux_system_alert5_init
|
|
|
|
- evolinux_system_alert5_enable
|
|
|
|
|
|
|
|
- name: Enable alert5 init script
|
|
|
|
systemd:
|
|
|
|
name: alert5
|
|
|
|
daemon_reload: yes
|
|
|
|
enabled: yes
|
|
|
|
when:
|
|
|
|
- ansible_version.major == 2
|
|
|
|
- ansible_version.minor >= 2
|
|
|
|
- evolinux_system_alert5_init
|
|
|
|
- evolinux_system_alert5_enable
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
## network interfaces
|
|
|
|
|
|
|
|
- name: "Network interfaces must be \"auto\" and not \"allow-hotplug\""
|
|
|
|
replace:
|
|
|
|
dest: /etc/network/interfaces
|
|
|
|
regexp: "allow-hotplug"
|
|
|
|
replace: "auto"
|
|
|
|
backup: yes
|
2017-01-03 16:37:23 +01:00
|
|
|
when: evolinux_system_eni_auto
|
2017-01-03 17:02:23 +01:00
|
|
|
|
|
|
|
- meta: flush_handlers
|