From 64663f74d38c8e692293789ded90d275416fd881 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Mon, 7 Oct 2019 15:35:54 +0200 Subject: [PATCH] common: handle proxmox differently, install acpi, fix network interface names --- roles/common/tasks/Debian.yml | 55 ++++++++++++++++++++++++++++++++++ roles/common/tasks/Proxmox.yml | 25 ++++++++++++++++ roles/common/tasks/main.yml | 53 ++++++++++---------------------- 3 files changed, 96 insertions(+), 37 deletions(-) create mode 100644 roles/common/tasks/Debian.yml create mode 100644 roles/common/tasks/Proxmox.yml diff --git a/roles/common/tasks/Debian.yml b/roles/common/tasks/Debian.yml new file mode 100644 index 0000000..349efc6 --- /dev/null +++ b/roles/common/tasks/Debian.yml @@ -0,0 +1,55 @@ +--- + +- name: Install misc software + apt: name={{ item }} + with_items: + - dnsutils + - git + - htop + - less + - net-tools + - openssl + - psmisc + - pydf + - rsync + - sudo + - vim-nox + - zsh + - fail2ban + +- name: Install software on KVM VMs + apt: name={{ item }} + with_items: + - acpid + - qemu-guest-agent + when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm" + +- name: Configure misc software + copy: src={{ item.src }} dest={{ item.dest }} + with_items: + - { src: '.zshrc', dest: '/root/.zshrc' } + - { src: '.zshrc.local', dest: '/root/.zshrc.local' } + - { src: 'motd', dest: '/etc/motd' } + - { src: 'vimrc.local', dest: '/etc/vim/vimrc.local' } + +- name: Set shell for root user + user: name=root shell=/bin/zsh + +- name: Disable hibernation/resume + copy: src=resume dest=/etc/initramfs-tools/conf.d/resume + notify: update-initramfs + +# TODO template /etc/network/interfaces + +- name: Fix network interface names + copy: src={{ item }} dest=/etc/systemd/network/{{ item }} + with_items: + - 50-virtio-kernel-names.link + - 99-default.link + notify: update-initramfs + +- name: Prevent normal users from running su + lineinfile: + path: /etc/pam.d/su + regexp: '^.*auth\s+required\s+pam_wheel.so$' + line: 'auth required pam_wheel.so' diff --git a/roles/common/tasks/Proxmox.yml b/roles/common/tasks/Proxmox.yml new file mode 100644 index 0000000..e7a7a1e --- /dev/null +++ b/roles/common/tasks/Proxmox.yml @@ -0,0 +1,25 @@ +--- + +- name: Install misc software + apt: name={{ item }} + with_items: + - dnsutils + - htop + - less + - rsync + - vim-nox + - zsh + +- name: Configure misc software + copy: src={{ item.src }} dest={{ item.dest }} + with_items: + - { src: '.zshrc', dest: '/root/.zshrc' } + - { src: '.zshrc.local', dest: '/root/.zshrc.local' } + - { src: 'motd', dest: '/etc/motd' } + - { src: 'vimrc.local', dest: '/etc/vim/vimrc.local' } + +- name: Set shell for root user + user: name=root shell=/bin/zsh + +- name: Set vm.swappiness + sysctl: name=vm.swappiness value=10 diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 1a0fea0..c59523a 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,43 +1,22 @@ --- -- name: Install misc software - apt: name={{ item }} - with_items: - - dnsutils - - git - - htop - - less - - net-tools - - openssl - - psmisc - - pydf - - rsync - - sudo - - vim-nox - - zsh - - fail2ban +- name: Cleanup + apt: autoclean=yes + when: ansible_os_family == 'Debian' -- name: Install qemu-agent on KVM VMs - apt: name=qemu-guest-agent - when: ansible_virtualization_role == "guest" and ansible_virtualization_type == "kvm" +- name: Gather package facts + package_facts: + manager: apt + when: ansible_os_family == 'Debian' -- name: Configure misc software - copy: src={{ item.src }} dest={{ item.dest }} - with_items: - - { src: '.zshrc', dest: '/root/.zshrc' } - - { src: '.zshrc.local', dest: '/root/.zshrc.local' } - - { src: 'motd', dest: '/etc/motd' } - - { src: 'vimrc.local', dest: '/etc/vim/vimrc.local' } +- name: Proxmox + include: Proxmox.yml + when: ansible_os_family == 'Debian' and 'pve-manager' in ansible_facts.packages -- name: Set shell for root user - user: name=root shell=/bin/zsh +- name: Debian + include: Debian.yml + when: ansible_os_family == 'Debian' and 'pve-manager' not in ansible_facts.packages -- name: Disable hibernation/resume - copy: src=resume dest=/etc/initramfs-tools/conf.d/resume - notify: update-initramfs - -- name: Prevent normal users from running su - lineinfile: - path: /etc/pam.d/su - regexp: '^.*auth\s+required\s+pam_wheel.so$' - line: 'auth required pam_wheel.so' +- name: FreeBSD + include: FreeBSD.yml + when: ansible_distribution == 'FreeBSD'