common: update and integrate ntp

2024-11-18 17:01:54 +01:00 · 2024-11-18 17:01:54 +01:00 · 4624241254
commit 4624241254
parent 6a8b97a9a6
8 changed files with 125 additions and 75 deletions
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@ -1,7 +1,13 @@
 ---

+- name: Restart chrony
+  service: name=chrony state=restarted
+
 - name: Restart journald
  service: name=systemd-journald state=restarted

+- name: update-grub
+  command: update-grub
+
 - name: update-initramfs
  command: update-initramfs -u -k all
--- a/roles/common/tasks/Debian.yml
+++ b/roles/common/tasks/Debian.yml
@ -0,0 +1,79 @@
+---
+
+- name: Install misc software
+  apt:
+    name:
+    - ca-certificates
+    - dnsutils
+    - git
+    - htop
+    - less
+    - mtr-tiny
+    - net-tools
+    - openssl
+    - psmisc
+    - pydf
+    - rsync
+    - sudo
+    - vim-nox
+    - wget
+    - zsh
+    - fail2ban
+
+- name: Install software on KVM VMs
+  apt:
+    name:
+    - acpid
+    - qemu-guest-agent
+  when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
+
+- name: Configure misc software
+  copy: src={{ item.src }} dest={{ item.dest }}
+  diff: no
+  with_items:
+  - { src: ".zshrc", dest: "/root/.zshrc" }
+  - { src: ".zshrc.local", dest: "/root/.zshrc.local" }
+  - { src: "motd", dest: "/etc/motd" }
+  - { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
+
+- name: Set shell for root user
+  user: name=root shell=/bin/zsh
+
+- name: Disable hibernation/resume
+  copy: src=resume dest=/etc/initramfs-tools/conf.d/resume
+  notify: update-initramfs
+
+- name: Enable serial console on KVM VMs
+  lineinfile:
+    path: "/etc/default/grub"
+    state: "present"
+    regexp: "^#?GRUB_CMDLINE_LINUX=.*"
+    line: "GRUB_CMDLINE_LINUX=\"console=ttyS0,115200 console=tty0\""
+  notify: update-grub
+  when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
+
+- name: Prevent normal users from running su
+  lineinfile:
+    path: /etc/pam.d/su
+    regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
+    line: "auth       required   pam_wheel.so"
+
+- name: Configure journald retention
+  lineinfile:
+    path: "/etc/systemd/journald.conf"
+    state: "present"
+    regexp: "^#?MaxRetentionSec=.*"
+    line: "MaxRetentionSec=7day"
+  notify: Restart journald
+
+- name: Set logrotate.conf to daily
+  replace:
+    path: "/etc/logrotate.conf"
+    regexp: "(?:weekly|monthly)"
+    replace: "daily"
+
+- name: Set logrotate.conf rotation to 7
+  replace:
+    path: "/etc/logrotate.conf"
+    regexp: "rotate [0-9]+"
+    replace: "rotate 7"
--- a/roles/common/tasks/Proxmox.yml
+++ b/roles/common/tasks/Proxmox.yml
@ -0,0 +1,25 @@
+---
+
+- name: Install misc software
+  apt:
+    name:
+    - dnsutils
+    - htop
+    - ipmitool
+    - less
+    - rsync
+    - vim-nox
+    - wget
+    - zsh
+
+- name: Configure misc software
+  copy: src={{ item.src }} dest={{ item.dest }}
+  diff: no
+  with_items:
+  - { src: ".zshrc", dest: "/root/.zshrc" }
+  - { src: ".zshrc.local", dest: "/root/.zshrc.local" }
+  - { src: "motd", dest: "/etc/motd" }
+  - { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
+
+- name: Set shell for root user
+  user: name=root shell=/bin/zsh
--- a/roles/common/tasks/chrony.yml
+++ b/roles/common/tasks/chrony.yml
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -1,76 +1,21 @@
 ---

- name: Install misc software
-  apt:
-    name:
-    - ca-certificates
-    - dnsutils
-    - git
-    - htop
-    - less
-    - mtr-tiny
-    - net-tools
-    - openssl
-    - psmisc
-    - pydf
-    - rsync
-    - sudo
-    - vim-nox
-    - zsh
-    - fail2ban
+- name: Cleanup
+  apt: autoclean=yes
+  when: ansible_os_family == "Debian"

- name: Install software on KVM VMs
-  apt:
-    name:
-    - acpid
-    - qemu-guest-agent
-  when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm"
+- name: Gather package facts
+  package_facts:
+    manager: apt
+  when: ansible_os_family == "Debian"

- name: Configure misc software
-  copy: src={{ item.src }} dest={{ item.dest }}
-  diff: no
-  with_items:
-  - { src: ".zshrc", dest: "/root/.zshrc" }
-  - { src: ".zshrc.local", dest: "/root/.zshrc.local" }
-  - { src: "motd", dest: "/etc/motd" }
-  - { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
+- name: Proxmox
+  include: Proxmox.yml
+  when: ansible_os_family == "Debian" and "pve-manager" in ansible_facts.packages

- name: Set shell for root user
-  user: name=root shell=/bin/zsh
+- name: Debian
+  include: Debian.yml
+  when: ansible_os_family == "Debian" and "pve-manager" not in ansible_facts.packages

- name: Disable hibernation/resume
-  copy: src=resume dest=/etc/initramfs-tools/conf.d/resume
-  notify: update-initramfs
-
- name: use new-style network interface names
-  file: path=/etc/systemd/network/{{ item }} state=absent
-  with_items:
-  - 50-virtio-kernel-names.link
-  - 99-default.link
-  notify: update-initramfs
-
- name: Prevent normal users from running su
-  lineinfile:
-    path: /etc/pam.d/su
-    regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
-    line: "auth       required   pam_wheel.so"
-
- name: Configure journald retention
-  lineinfile:
-    path: "/etc/systemd/journald.conf"
-    state: "present"
-    regexp: "^#?MaxRetentionSec=.*"
-    line: "MaxRetentionSec=7day"
-  notify: Restart journald
-
- name: Set logrotate.conf to daily
-  replace:
-    path: "/etc/logrotate.conf"
-    regexp: "(?:weekly|monthly)"
-    replace: "daily"
-
- name: Set logrotate.conf rotation to 7
-  replace:
-    path: "/etc/logrotate.conf"
-    regexp: "rotate [0-9]+"
-    replace: "rotate 7"
+- name: Setup chrony
+  include: chrony.yml
--- a/roles/common/templates/chrony.conf.j2
+++ b/roles/common/templates/chrony.conf.j2
--- a/roles/ntp/handlers/main.yml
+++ b/roles/ntp/handlers/main.yml
@ -1,4 +0,0 @@
---
-
- name: Restart chrony
-  service: name=chrony state=restarted
--- a/site.yml
+++ b/site.yml
@ -5,7 +5,6 @@
  roles:
  - common
  - apt
-  - ntp
  - node_exporter

 - name: Setup gateway servers