From 4624241254bc1870f1eaac9e763d62fa11e1811a Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Mon, 18 Nov 2024 17:01:54 +0100 Subject: [PATCH] common: update and integrate ntp --- roles/common/handlers/main.yml | 6 ++ roles/common/tasks/Debian.yml | 79 +++++++++++++++++ roles/common/tasks/Proxmox.yml | 25 ++++++ .../main.yml => common/tasks/chrony.yml} | 0 roles/common/tasks/main.yml | 85 ++++--------------- .../{ntp => common}/templates/chrony.conf.j2 | 0 roles/ntp/handlers/main.yml | 4 - site.yml | 1 - 8 files changed, 125 insertions(+), 75 deletions(-) create mode 100644 roles/common/tasks/Debian.yml create mode 100644 roles/common/tasks/Proxmox.yml rename roles/{ntp/tasks/main.yml => common/tasks/chrony.yml} (100%) rename roles/{ntp => common}/templates/chrony.conf.j2 (100%) delete mode 100644 roles/ntp/handlers/main.yml diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index 144df69..c20a8b6 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -1,7 +1,13 @@ --- +- name: Restart chrony + service: name=chrony state=restarted + - name: Restart journald service: name=systemd-journald state=restarted +- name: update-grub + command: update-grub + - name: update-initramfs command: update-initramfs -u -k all diff --git a/roles/common/tasks/Debian.yml b/roles/common/tasks/Debian.yml new file mode 100644 index 0000000..1df8504 --- /dev/null +++ b/roles/common/tasks/Debian.yml @@ -0,0 +1,79 @@ +--- + +- name: Install misc software + apt: + name: + - ca-certificates + - dnsutils + - git + - htop + - less + - mtr-tiny + - net-tools + - openssl + - psmisc + - pydf + - rsync + - sudo + - vim-nox + - wget + - zsh + - fail2ban + +- name: Install software on KVM VMs + apt: + name: + - acpid + - qemu-guest-agent + when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm" + +- name: Configure misc software + copy: src={{ item.src }} dest={{ item.dest }} + diff: no + with_items: + - { src: ".zshrc", dest: "/root/.zshrc" } + - { src: ".zshrc.local", dest: "/root/.zshrc.local" } + - { src: "motd", dest: "/etc/motd" } + - { src: "vimrc.local", dest: "/etc/vim/vimrc.local" } + +- name: Set shell for root user + user: name=root shell=/bin/zsh + +- name: Disable hibernation/resume + copy: src=resume dest=/etc/initramfs-tools/conf.d/resume + notify: update-initramfs + +- name: Enable serial console on KVM VMs + lineinfile: + path: "/etc/default/grub" + state: "present" + regexp: "^#?GRUB_CMDLINE_LINUX=.*" + line: "GRUB_CMDLINE_LINUX=\"console=ttyS0,115200 console=tty0\"" + notify: update-grub + when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm" + +- name: Prevent normal users from running su + lineinfile: + path: /etc/pam.d/su + regexp: "^.*auth\\s+required\\s+pam_wheel.so$" + line: "auth required pam_wheel.so" + +- name: Configure journald retention + lineinfile: + path: "/etc/systemd/journald.conf" + state: "present" + regexp: "^#?MaxRetentionSec=.*" + line: "MaxRetentionSec=7day" + notify: Restart journald + +- name: Set logrotate.conf to daily + replace: + path: "/etc/logrotate.conf" + regexp: "(?:weekly|monthly)" + replace: "daily" + +- name: Set logrotate.conf rotation to 7 + replace: + path: "/etc/logrotate.conf" + regexp: "rotate [0-9]+" + replace: "rotate 7" diff --git a/roles/common/tasks/Proxmox.yml b/roles/common/tasks/Proxmox.yml new file mode 100644 index 0000000..89df32e --- /dev/null +++ b/roles/common/tasks/Proxmox.yml @@ -0,0 +1,25 @@ +--- + +- name: Install misc software + apt: + name: + - dnsutils + - htop + - ipmitool + - less + - rsync + - vim-nox + - wget + - zsh + +- name: Configure misc software + copy: src={{ item.src }} dest={{ item.dest }} + diff: no + with_items: + - { src: ".zshrc", dest: "/root/.zshrc" } + - { src: ".zshrc.local", dest: "/root/.zshrc.local" } + - { src: "motd", dest: "/etc/motd" } + - { src: "vimrc.local", dest: "/etc/vim/vimrc.local" } + +- name: Set shell for root user + user: name=root shell=/bin/zsh diff --git a/roles/ntp/tasks/main.yml b/roles/common/tasks/chrony.yml similarity index 100% rename from roles/ntp/tasks/main.yml rename to roles/common/tasks/chrony.yml diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index ae685b5..a285da6 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,76 +1,21 @@ --- -- name: Install misc software - apt: - name: - - ca-certificates - - dnsutils - - git - - htop - - less - - mtr-tiny - - net-tools - - openssl - - psmisc - - pydf - - rsync - - sudo - - vim-nox - - zsh - - fail2ban +- name: Cleanup + apt: autoclean=yes + when: ansible_os_family == "Debian" -- name: Install software on KVM VMs - apt: - name: - - acpid - - qemu-guest-agent - when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm" +- name: Gather package facts + package_facts: + manager: apt + when: ansible_os_family == "Debian" -- name: Configure misc software - copy: src={{ item.src }} dest={{ item.dest }} - diff: no - with_items: - - { src: ".zshrc", dest: "/root/.zshrc" } - - { src: ".zshrc.local", dest: "/root/.zshrc.local" } - - { src: "motd", dest: "/etc/motd" } - - { src: "vimrc.local", dest: "/etc/vim/vimrc.local" } +- name: Proxmox + include: Proxmox.yml + when: ansible_os_family == "Debian" and "pve-manager" in ansible_facts.packages -- name: Set shell for root user - user: name=root shell=/bin/zsh +- name: Debian + include: Debian.yml + when: ansible_os_family == "Debian" and "pve-manager" not in ansible_facts.packages -- name: Disable hibernation/resume - copy: src=resume dest=/etc/initramfs-tools/conf.d/resume - notify: update-initramfs - -- name: use new-style network interface names - file: path=/etc/systemd/network/{{ item }} state=absent - with_items: - - 50-virtio-kernel-names.link - - 99-default.link - notify: update-initramfs - -- name: Prevent normal users from running su - lineinfile: - path: /etc/pam.d/su - regexp: "^.*auth\\s+required\\s+pam_wheel.so$" - line: "auth required pam_wheel.so" - -- name: Configure journald retention - lineinfile: - path: "/etc/systemd/journald.conf" - state: "present" - regexp: "^#?MaxRetentionSec=.*" - line: "MaxRetentionSec=7day" - notify: Restart journald - -- name: Set logrotate.conf to daily - replace: - path: "/etc/logrotate.conf" - regexp: "(?:weekly|monthly)" - replace: "daily" - -- name: Set logrotate.conf rotation to 7 - replace: - path: "/etc/logrotate.conf" - regexp: "rotate [0-9]+" - replace: "rotate 7" +- name: Setup chrony + include: chrony.yml diff --git a/roles/ntp/templates/chrony.conf.j2 b/roles/common/templates/chrony.conf.j2 similarity index 100% rename from roles/ntp/templates/chrony.conf.j2 rename to roles/common/templates/chrony.conf.j2 diff --git a/roles/ntp/handlers/main.yml b/roles/ntp/handlers/main.yml deleted file mode 100644 index 59b25e5..0000000 --- a/roles/ntp/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -- name: Restart chrony - service: name=chrony state=restarted diff --git a/site.yml b/site.yml index e7189fb..a75b633 100644 --- a/site.yml +++ b/site.yml @@ -5,7 +5,6 @@ roles: - common - apt - - ntp - node_exporter - name: Setup gateway servers