common: update and integrate ntp

2024-11-18 17:01:54 +01:00 · 2024-11-18 17:01:54 +01:00 · 4624241254
commit 4624241254
parent 6a8b97a9a6
8 changed files with 125 additions and 75 deletions
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@ -1,7 +1,13 @@
 ---
 - name: Restart chrony
  service: name=chrony state=restarted
 - name: Restart journald
  service: name=systemd-journald state=restarted
 - name: update-grub
  command: update-grub
 - name: update-initramfs
  command: update-initramfs -u -k all
--- a/roles/common/tasks/Debian.yml
+++ b/roles/common/tasks/Debian.yml
@ -0,0 +1,79 @@
 ---
 - name: Install misc software
  apt:
    name:
    - ca-certificates
    - dnsutils
    - git
    - htop
    - less
    - mtr-tiny
    - net-tools
    - openssl
    - psmisc
    - pydf
    - rsync
    - sudo
    - vim-nox
    - wget
    - zsh
    - fail2ban
 - name: Install software on KVM VMs
  apt:
    name:
    - acpid
    - qemu-guest-agent
  when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
 - name: Configure misc software
  copy: src={{ item.src }} dest={{ item.dest }}
  diff: no
  with_items:
  - { src: ".zshrc", dest: "/root/.zshrc" }
  - { src: ".zshrc.local", dest: "/root/.zshrc.local" }
  - { src: "motd", dest: "/etc/motd" }
  - { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
 - name: Set shell for root user
  user: name=root shell=/bin/zsh
 - name: Disable hibernation/resume
  copy: src=resume dest=/etc/initramfs-tools/conf.d/resume
  notify: update-initramfs
 - name: Enable serial console on KVM VMs
  lineinfile:
    path: "/etc/default/grub"
    state: "present"
    regexp: "^#?GRUB_CMDLINE_LINUX=.*"
    line: "GRUB_CMDLINE_LINUX=\"console=ttyS0,115200 console=tty0\""
  notify: update-grub
  when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
 - name: Prevent normal users from running su
  lineinfile:
    path: /etc/pam.d/su
    regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
    line: "auth       required   pam_wheel.so"
 - name: Configure journald retention
  lineinfile:
    path: "/etc/systemd/journald.conf"
    state: "present"
    regexp: "^#?MaxRetentionSec=.*"
    line: "MaxRetentionSec=7day"
  notify: Restart journald
 - name: Set logrotate.conf to daily
  replace:
    path: "/etc/logrotate.conf"
    regexp: "(?:weekly|monthly)"
    replace: "daily"
 - name: Set logrotate.conf rotation to 7
  replace:
    path: "/etc/logrotate.conf"
    regexp: "rotate [0-9]+"
    replace: "rotate 7"
--- a/roles/common/tasks/Proxmox.yml
+++ b/roles/common/tasks/Proxmox.yml
@ -0,0 +1,25 @@
 ---
 - name: Install misc software
  apt:
    name:
    - dnsutils
    - htop
    - ipmitool
    - less
    - rsync
    - vim-nox
    - wget
    - zsh
 - name: Configure misc software
  copy: src={{ item.src }} dest={{ item.dest }}
  diff: no
  with_items:
  - { src: ".zshrc", dest: "/root/.zshrc" }
  - { src: ".zshrc.local", dest: "/root/.zshrc.local" }
  - { src: "motd", dest: "/etc/motd" }
  - { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
 - name: Set shell for root user
  user: name=root shell=/bin/zsh
--- a/roles/common/tasks/chrony.yml
+++ b/roles/common/tasks/chrony.yml
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -1,76 +1,21 @@
 ---
- name: Install misc software
+- name: Cleanup
-  apt:
+  apt: autoclean=yes
-    name:
+  when: ansible_os_family == "Debian"
    - ca-certificates
    - dnsutils
    - git
    - htop
    - less
    - mtr-tiny
    - net-tools
    - openssl
    - psmisc
    - pydf
    - rsync
    - sudo
    - vim-nox
    - zsh
    - fail2ban
- name: Install software on KVM VMs
+- name: Gather package facts
-  apt:
+  package_facts:
-    name:
+    manager: apt
-    - acpid
+  when: ansible_os_family == "Debian"
    - qemu-guest-agent
  when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
- name: Configure misc software
+- name: Proxmox
-  copy: src={{ item.src }} dest={{ item.dest }}
+  include: Proxmox.yml
-  diff: no
+  when: ansible_os_family == "Debian" and "pve-manager" in ansible_facts.packages
  with_items:
  - { src: ".zshrc", dest: "/root/.zshrc" }
  - { src: ".zshrc.local", dest: "/root/.zshrc.local" }
  - { src: "motd", dest: "/etc/motd" }
  - { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
- name: Set shell for root user
+- name: Debian
-  user: name=root shell=/bin/zsh
+  include: Debian.yml
  when: ansible_os_family == "Debian" and "pve-manager" not in ansible_facts.packages
- name: Disable hibernation/resume
+- name: Setup chrony
-  copy: src=resume dest=/etc/initramfs-tools/conf.d/resume
+  include: chrony.yml
  notify: update-initramfs
 - name: use new-style network interface names
  file: path=/etc/systemd/network/{{ item }} state=absent
  with_items:
  - 50-virtio-kernel-names.link
  - 99-default.link
  notify: update-initramfs
 - name: Prevent normal users from running su
  lineinfile:
    path: /etc/pam.d/su
    regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
    line: "auth       required   pam_wheel.so"
 - name: Configure journald retention
  lineinfile:
    path: "/etc/systemd/journald.conf"
    state: "present"
    regexp: "^#?MaxRetentionSec=.*"
    line: "MaxRetentionSec=7day"
  notify: Restart journald
 - name: Set logrotate.conf to daily
  replace:
    path: "/etc/logrotate.conf"
    regexp: "(?:weekly|monthly)"
    replace: "daily"
 - name: Set logrotate.conf rotation to 7
  replace:
    path: "/etc/logrotate.conf"
    regexp: "rotate [0-9]+"
    replace: "rotate 7"
--- a/roles/common/templates/chrony.conf.j2
+++ b/roles/common/templates/chrony.conf.j2
--- a/roles/ntp/handlers/main.yml
+++ b/roles/ntp/handlers/main.yml
@ -1,4 +0,0 @@
 ---
 - name: Restart chrony
  service: name=chrony state=restarted
--- a/site.yml
+++ b/site.yml
@ -5,7 +5,6 @@
  roles:
  - common
  - apt
  - ntp
  - node_exporter
 - name: Setup gateway servers