forked from evolix/ansible-roles
Jérémy Lecour
6ed870e94e
If the condition is in a when attribute, the module is still evaluated. If it doesn't exist in the current verison of Ansible it will blow up.
152 lines
3.9 KiB
YAML
152 lines
3.9 KiB
YAML
---
|
|
|
|
- name: /tmp must be world-writable
|
|
file:
|
|
path: /tmp
|
|
state: directory
|
|
mode: "1777"
|
|
when: evolinux_system_chmod_tmp
|
|
|
|
- name: Setting default locales
|
|
lineinfile:
|
|
dest: /etc/locale.gen
|
|
line: "{{ item }}"
|
|
create: yes
|
|
state: present
|
|
with_items:
|
|
- "en_US.UTF-8 UTF-8"
|
|
- "fr_FR ISO-8859-1"
|
|
- "fr_FR.UTF-8 UTF-8"
|
|
register: default_locales
|
|
when: evolinux_system_locales
|
|
|
|
- name: Reconfigure locales
|
|
command: /usr/sbin/locale-gen
|
|
when: evolinux_system_locales and default_locales | changed
|
|
|
|
- name: Setting default timezone
|
|
lineinfile:
|
|
dest: /etc/timezone
|
|
regexp: '^\w+/\w+$'
|
|
line: "{{ evolinux_system_timezone | mandatory }}"
|
|
insertbefore: BOF
|
|
create: yes
|
|
register: change_timezone
|
|
when: evolinux_system_timezone != False
|
|
|
|
- name: Reconfigure tzdata
|
|
command: dpkg-reconfigure --frontend noninteractive tzdata
|
|
when: evolinux_system_timezone != False and change_timezone | changed
|
|
|
|
# TODO : find a way to force the console-data configuration
|
|
# non-interactively (like tzdata ↑)
|
|
|
|
- name: Setting vim as default editor
|
|
alternatives:
|
|
name: editor
|
|
path: /usr/bin/vim.basic
|
|
when: evolinux_system_vim_default
|
|
|
|
- name: Add "umask 027" to /etc/profile.d/evolinux.sh
|
|
lineinfile:
|
|
dest: /etc/profile.d/evolinux.sh
|
|
line: "umask 027"
|
|
create: yes
|
|
state: present
|
|
when: evolinux_system_profile
|
|
|
|
- name: Set /etc/adduser.conf DIR_MODE to 0700
|
|
replace:
|
|
dest: /etc/adduser.conf
|
|
regexp: "^DIR_MODE=.*$"
|
|
replace: "DIR_MODE=0700"
|
|
when: evolinux_system_dirmode_adduser
|
|
|
|
# TODO: trouver comment ne pas faire ça sur Xen Dom-U
|
|
|
|
- name: Deactivating login on all tty except tty2
|
|
lineinfile:
|
|
dest: /etc/securetty
|
|
line: "tty2"
|
|
create: yes
|
|
state: present
|
|
when: evolinux_system_dirmode_adduser
|
|
|
|
- name: Setting TMOUT to deconnect inactive users
|
|
lineinfile:
|
|
dest: /etc/profile
|
|
line: "export TMOUT=36000"
|
|
state: present
|
|
when: evolinux_system_dirmode_adduser
|
|
|
|
#- name: Customizing /etc/fstab
|
|
|
|
- name: Modify default umask for cron deamon
|
|
lineinfile:
|
|
dest: /etc/default/cron
|
|
line: "umask 022"
|
|
create: yes
|
|
state: present
|
|
when: evolinux_system_dirmode_adduser
|
|
|
|
- name: Randomize periodic crontabs
|
|
replace:
|
|
dest: /etc/crontab
|
|
regexp: "{{ item.regexp }}"
|
|
replace: "{{ item.replace }}"
|
|
backup: "{{ item.backup }}"
|
|
with_items:
|
|
- {regexp: '^17((\s*\*){4})', replace: '{{ 59|random(start=1) }}\1', backup: "yes"}
|
|
- {regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
|
|
- {regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
|
|
- {regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1', backup: "no"}
|
|
when: evolinux_system_dirmode_adduser
|
|
|
|
# NTP server address
|
|
|
|
- name: Configure NTP
|
|
replace:
|
|
dest: /etc/ntp.conf
|
|
regexp: "^server .*$"
|
|
replace: "server {{ evolinux_system_ntp_server }}"
|
|
backup: yes
|
|
when: evolinux_system_ntp_server != False
|
|
|
|
## alert5
|
|
|
|
- name: Install alert5 init script
|
|
template:
|
|
src: system/init_alert5.j2
|
|
dest: /etc/init.d/alert5
|
|
force: no
|
|
mode: "755"
|
|
when: evolinux_system_alert5_init
|
|
|
|
|
|
#TODO: switch service/systemd modules with Ansible 2.2+
|
|
|
|
- name: Enable alert5 init script
|
|
service:
|
|
name: alert5
|
|
enabled: yes
|
|
when: evolinux_system_alert5_init and evolinux_system_alert5_enable
|
|
|
|
# - name: Enable alert5 init script
|
|
# systemd:
|
|
# name: alert5
|
|
# daemon_reload: yes
|
|
# enabled: yes
|
|
# when: evolinux_system_alert5_init and evolinux_system_alert5_enable
|
|
|
|
## network interfaces
|
|
|
|
- name: "Network interfaces must be \"auto\" and not \"allow-hotplug\""
|
|
replace:
|
|
dest: /etc/network/interfaces
|
|
regexp: "allow-hotplug"
|
|
replace: "auto"
|
|
backup: yes
|
|
when: evolinux_system_eni_auto
|
|
|
|
- meta: flush_handlers
|