Commit d3165b4a authored by Paul's avatar Paul
Browse files

refactor base role

parent 330c0466
Pipeline #5117 canceled with stage
---
- name: reload sysctl
sysctl:
reload: true
- name: reload systemd
systemd:
daemon_reload: yes
- name: restart journald
systemd:
name: systemd-journald
- name: restart systemd-networkd
systemd:
state: restarted
name: systemd-networkd
- name: restart prometheus-fastd-exporter
systemd:
daemon_reload: yes
enabled: yes
state: restarted
name: prometheus-fastd-exporter.service
- name: restart fastd
systemd:
name: fastd
- name: reload iptables
systemd:
state: restarted
name: netfilter-persistent.service
- name: restart sshd
systemd:
state: restarted
name: sshd.service
......@@ -2,20 +2,29 @@
- name: copy base configs
tags: [etc]
notify:
- reload systemd
- reload sysctl
- restart journald
copy:
src: etc/
dest: /etc
- name: copy host specific configs
tags: [etc]
notify:
- reload systemd
- reload sysctl
- restart journald
copy:
src: host/{{ inventory_hostname }}/etc/
dest: /etc
- name: Disable root login with password
tags: [base]
notify: restart sshd
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PermitRootLogin"
......@@ -33,21 +42,19 @@
tags: [base]
block:
- name: enable en_US locals
lineinfile: dest=/etc/locale.gen line="en_US.UTF-8 UTF-8"
lineinfile:
dest: /etc/locale.gen
line: "en_US.UTF-8 UTF-8"
- name: enable de_DE locals
lineinfile: dest=/etc/locale.gen line="de_DE.UTF-8 UTF-8"
lineinfile:
dest: /etc/locale.gen
line: "de_DE.UTF-8 UTF-8"
- name: generate locales
command: locale-gen
- name: copy scripts
tags: [base]
copy:
src: scripts/
dest: /usr/local/lib/ffhl/
mode: a+x
- name: reload sysctl
command: sysctl -p --system
......@@ -12,6 +12,7 @@
state: directory
- name: copy gwvpn config
notify: restart-fastd
copy:
src: mesh-gwvpn/
dest: /etc/fastd/ffhl_mesh_gwvpn
......@@ -19,12 +20,14 @@
- name: apply fastd.conf template
notify: restart-fastd
template:
src: mesh-gwvpn/fastd.conf
dest: /etc/fastd/ffhl_mesh_gwvpn/fastd.conf
- name: create fastd-up script
notify: restart-fastd
template:
src: mesh-gwvpn/fastd-up
dest: /etc/fastd/ffhl_mesh_gwvpn/fastd-up
......@@ -32,11 +35,9 @@
# enable fastd@ffhl_mesh_gwvpn service
- name: enable gwvpn
systemd:
name: fastd@ffhl_mesh_gwvpn.service
state: restarted
enabled: yes
# download public keys to your local machine
......
......@@ -5,21 +5,16 @@
import_tasks: base.yml
- name: install packages
include: software.yml
tags: [software, base, apt]
import_tasks: software.yml
- name: configure network
include: network.yml
tags: [network]
import_tasks: network.yml
- name: gwvpn
tags: [gwvpn, fastd]
include: gwvpn.yml
- name: reload systemd
systemd:
daemon_reload: yes
import_tasks: gwvpn.yml
- include: units.yml
- import_tasks: units.yml
tags: [base, units]
......@@ -23,9 +23,13 @@
notify: reload iptables
block:
- name: iptables4 template
template: src=iptables/rules.v4 dest=/etc/iptables/rules.v4
template:
src: iptables/rules.v4
dest: /etc/iptables/rules.v4
- name: iptables6 template
template: src=iptables/rules.v6 dest=/etc/iptables/rules.v6
template:
src: iptables/rules.v6
dest: /etc/iptables/rules.v6
# sometimes disabled (dunno why)
......
---
- name: install python3-apt
shell:
cmd: apt-get install -y python3-apt
warn: no
- name: add appropriate source.list
tags: [apt]
......@@ -82,18 +77,17 @@
# install prometheus-fastd-exporter
- name: install prometheus-fastd-exporter
tags: [prometheus-fastd-exporter, fastd]
notify: restart prometheus-fastd-exporter
block:
- name: download prometheus-fastd-exporter
get_url:
url: https://freifunk-luebeck.pages.chaotikum.org/prometheus-fastd-exporter/prometheus-fastd-exporter.deb
dest: /tmp/prometheus-fastd-exporter.deb
- name: install prometheus-fastd-exporter
command: dpkg -i --force-confold /tmp/prometheus-fastd-exporter.deb
- name: enable prometheus-fastd-exporter
systemd:
daemon_reload: yes
state: restarted
enabled: yes
name: prometheus-fastd-exporter
- name: download prometheus-fastd-exporter
get_url:
url: https://freifunk-luebeck.pages.chaotikum.org/prometheus-fastd-exporter/prometheus-fastd-exporter.deb
dest: /tmp/prometheus-fastd-exporter.deb
- name: install prometheus-fastd-exporter
apt:
state: present
deb: /tmp/prometheus-fastd-exporter.deb
- name: enable prometheus-fastd-exporter
systemd:
enabled: yes
name: prometheus-fastd-exporter
---
# - name: stop bird
# systemd:
# state: stopped
# name: bird.service
# - name: restart services
# systemd:
# enabled: no
......@@ -12,21 +7,6 @@
# with_items:
# - batman.service
- name: restart services
systemd:
daemon_reload: yes
state: restarted
enabled: yes
name: "{{ item }}"
with_items:
- haveged.service
- netfilter-persistent.service
- systemd-networkd.service
- systemd-journald
- fastd
- prometheus-fastd-exporter
- name: stop, mask and disable selected services
tags: [systemd]
systemd:
......
---
- name: check and add apt sources.list contents
lineinfile:
path: /etc/apt/sources.list
regexp: '^deb .* main'
line: deb http://deb.debian.org/debian bullseye main
- name: update the system
apt:
update_cache: yes
upgrade: safe
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment