init
This commit is contained in:
commit
3beb52ad22
24
.gitignore
vendored
Normal file
24
.gitignore
vendored
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# ---> Ansible
|
||||||
|
*.retry
|
||||||
|
|
||||||
|
# ---> Vim
|
||||||
|
# Swap
|
||||||
|
[._]*.s[a-v][a-z]
|
||||||
|
!*.svg # comment out if you don't need vector files
|
||||||
|
[._]*.sw[a-p]
|
||||||
|
[._]s[a-rt-v][a-z]
|
||||||
|
[._]ss[a-gi-z]
|
||||||
|
[._]sw[a-p]
|
||||||
|
|
||||||
|
# Session
|
||||||
|
Session.vim
|
||||||
|
Sessionx.vim
|
||||||
|
|
||||||
|
# Temporary
|
||||||
|
.netrwhist
|
||||||
|
*~
|
||||||
|
# Auto-generated tag files
|
||||||
|
tags
|
||||||
|
# Persistent undo
|
||||||
|
[._]*.un~
|
||||||
|
|
81
README.adoc
Normal file
81
README.adoc
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
System-template
|
||||||
|
===============
|
||||||
|
|
||||||
|
Configures the base for all servers for real administrators.
|
||||||
|
Any needed tools (vim, network-tools, progress, zsh, etc-keeper, ...).
|
||||||
|
Removes pains (vim-tiny, snap, ubuntu-adverts, ...).
|
||||||
|
Defines a standard for syslog (everything to `/var/log/%Y-%m-%d`).
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
------------
|
||||||
|
|
||||||
|
Debian-/Fedora-based distribution and a network-connection.
|
||||||
|
It needs the devices.facts, which cannot be installed by a role, so use the example below.
|
||||||
|
|
||||||
|
Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
TODO
|
||||||
|
|
||||||
|
Example Playbook
|
||||||
|
----------------
|
||||||
|
|
||||||
|
----
|
||||||
|
---
|
||||||
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
||||||
|
|
||||||
|
- name: ansible facts
|
||||||
|
hosts: all
|
||||||
|
remote_user: root
|
||||||
|
gather_facts: no
|
||||||
|
become: no
|
||||||
|
tasks:
|
||||||
|
- name: ansible-facts directory
|
||||||
|
file:
|
||||||
|
path: /etc/ansible/facts.d
|
||||||
|
state: directory
|
||||||
|
- name: devices.facts
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
check() {
|
||||||
|
v="$1"
|
||||||
|
shift
|
||||||
|
if "$@" >/dev/null
|
||||||
|
then
|
||||||
|
echo -n "\"$v\": true, "
|
||||||
|
else
|
||||||
|
echo -n "\"$v\": false, "
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
echo -n '{'
|
||||||
|
check random dd count=1 of=/dev/null status=none if=/dev/random
|
||||||
|
check urandom dd count=1 of=/dev/null status=none if=/dev/urandom
|
||||||
|
check hwrng dd count=1 of=/dev/null status=none if=/dev/hwrng
|
||||||
|
check hwclock hwclock --test 2>/dev/null
|
||||||
|
echo '"checked": true}'
|
||||||
|
dest: /etc/ansible/facts.d/devices.fact
|
||||||
|
mode: 0755
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
remote_user: root
|
||||||
|
become: false
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- import_role:
|
||||||
|
name: denkn.system
|
||||||
|
----
|
||||||
|
|
||||||
|
License
|
||||||
|
-------
|
||||||
|
|
||||||
|
AGPLv3
|
||||||
|
|
||||||
|
Author Information
|
||||||
|
------------------
|
||||||
|
|
||||||
|
Denis Knauf - https://git.denkn.at/deac/ansible-role-system
|
3
defaults/main.yml
Normal file
3
defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
has_hwrng: '{{ansible_virtualization_role != "guest" and ansible_local.devices.hwrng }}'
|
||||||
|
is_virt_guest: '{{ansible_virtualization_role == "guest"}}'
|
||||||
|
is_container: '{{ansible_virtualization_role == "guest" and ansible_virtualization_type == "lxc"}}'
|
1
files/cron-apt/action.d/6-upgrade
Normal file
1
files/cron-apt/action.d/6-upgrade
Normal file
|
@ -0,0 +1 @@
|
||||||
|
safe-upgrade -y
|
1
files/defaults.sudoers
Normal file
1
files/defaults.sudoers
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Defaults mailto="root@denkn.at"
|
33
files/nf.zsh-theme
Normal file
33
files/nf.zsh-theme
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# vim: ftype=zsh:
|
||||||
|
local return_code="%(?..%{$fg[red]%}%? ↵%{$reset_color%})"
|
||||||
|
|
||||||
|
if [[ $UID -eq 0 ]]
|
||||||
|
then
|
||||||
|
local user_name='%{$terminfo[bold]$fg[red]%}%n%{$reset_color%}'
|
||||||
|
local user_symbol='#'
|
||||||
|
else
|
||||||
|
local user_name='%{$terminfo[bold]$fg[green]%}%n%{$reset_color%}'
|
||||||
|
local user_symbol='$'
|
||||||
|
fi
|
||||||
|
|
||||||
|
local current_dir='%{$terminfo[bold]$fg[blue]%}%~ %{$reset_color%}'
|
||||||
|
local git_branch='$(git_prompt_info)'
|
||||||
|
local rvm_ruby='$(ruby_prompt_info)'
|
||||||
|
local venv_prompt='$(virtualenv_prompt_info)'
|
||||||
|
local host_name="%{$prompt_host_color%}%m %{$reset_color%}"
|
||||||
|
|
||||||
|
ZSH_THEME_RVM_PROMPT_OPTIONS="i v g"
|
||||||
|
|
||||||
|
PROMPT="${prompt_host_color}╭─${user_name}@${host_name}${current_dir}${rvm_ruby}${git_branch}${venv_prompt}%B${return_code}%b
|
||||||
|
${prompt_host_color}╰─%B${user_symbol}%b "
|
||||||
|
|
||||||
|
ZSH_THEME_GIT_PROMPT_PREFIX="%{$fg[yellow]%}‹"
|
||||||
|
ZSH_THEME_GIT_PROMPT_SUFFIX="› %{$reset_color%}"
|
||||||
|
|
||||||
|
ZSH_THEME_RUBY_PROMPT_PREFIX="%{$fg[red]%}‹"
|
||||||
|
ZSH_THEME_RUBY_PROMPT_SUFFIX="› %{$reset_color%}"
|
||||||
|
|
||||||
|
ZSH_THEME_VIRTUAL_ENV_PROMPT_PREFIX="%{$fg[green]%}‹"
|
||||||
|
ZSH_THEME_VIRTUAL_ENV_PROMPT_SUFFIX="› %{$reset_color%}"
|
||||||
|
ZSH_THEME_VIRTUALENV_PREFIX=$ZSH_THEME_VIRTUAL_ENV_PROMPT_PREFIX
|
||||||
|
ZSH_THEME_VIRTUALENV_SUFFIX=$ZSH_THEME_VIRTUAL_ENV_PROMPT_SUFFIX
|
30
files/rsyslog.conf
Normal file
30
files/rsyslog.conf
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
$umask 0027
|
||||||
|
|
||||||
|
$WorkDirectory /var/spool/rsyslog
|
||||||
|
|
||||||
|
module(load="imuxsock") # provides support for local system logging
|
||||||
|
module(load="imklog") # provides kernel logging support
|
||||||
|
module(load="builtin:omfile" fileOwner="root" fileGroup="syslog" fileCreateMode="0640")
|
||||||
|
|
||||||
|
template(name="logline" type="list") {
|
||||||
|
property(name="timestamp" dateFormat="rfc3339")
|
||||||
|
constant(value="\t")
|
||||||
|
property(name="syslogseverity-text")
|
||||||
|
constant(value="\t")
|
||||||
|
property(name="syslogfacility-text")
|
||||||
|
constant(value="\t")
|
||||||
|
property(name="programname")
|
||||||
|
constant(value="\t")
|
||||||
|
property(name="procid")
|
||||||
|
constant(value="\t")
|
||||||
|
property(name="structured-data")
|
||||||
|
constant(value="\t")
|
||||||
|
property(name="msg")
|
||||||
|
constant(value="\n")
|
||||||
|
}
|
||||||
|
|
||||||
|
template(name="logpath" type="string" string="/var/log/%$year%/%$now%")
|
||||||
|
|
||||||
|
action(type="omfile" dynaFile="logpath" template="logline")
|
||||||
|
|
||||||
|
$IncludeConfig /etc/rsyslog.d/*.conf
|
54
files/syslog-ng.conf
Normal file
54
files/syslog-ng.conf
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
@version: 3.19
|
||||||
|
@include "scl.conf"
|
||||||
|
|
||||||
|
# First, set some global options.
|
||||||
|
options {
|
||||||
|
chain_hostnames(off);
|
||||||
|
flush_lines(0);
|
||||||
|
use_dns(no);
|
||||||
|
use_fqdn(no);
|
||||||
|
owner("root");
|
||||||
|
group("adm");
|
||||||
|
perm(0640);
|
||||||
|
stats_freq(0);
|
||||||
|
bad_hostname("^gconfd$");
|
||||||
|
ts_format(iso);
|
||||||
|
frac_digits(6);
|
||||||
|
};
|
||||||
|
|
||||||
|
########################
|
||||||
|
# Sources
|
||||||
|
########################
|
||||||
|
# This is the default behavior of sysklogd package
|
||||||
|
# Logs may come from unix stream, but not from another machine.
|
||||||
|
#
|
||||||
|
source s_src {
|
||||||
|
system();
|
||||||
|
internal();
|
||||||
|
};
|
||||||
|
|
||||||
|
# If you wish to get logs from remote machine you should uncomment
|
||||||
|
# this and comment the above source line.
|
||||||
|
#
|
||||||
|
#source s_net { tcp(ip(127.0.0.1) port(1000)); };
|
||||||
|
|
||||||
|
########################
|
||||||
|
# Destinations
|
||||||
|
########################
|
||||||
|
|
||||||
|
destination d_local {
|
||||||
|
file("/var/log/$YEAR/$YEAR-$MONTH-$DAY"
|
||||||
|
template( "$R_ISODATE\t$PRIORITY\t$FACILITY\t$FACILITY_NUM\t$PROGRAM\t$PID\t$MSG\n")
|
||||||
|
create_dirs(yes) dir_group("syslog") dir_perm(0750) group("syslog") perm(0640)
|
||||||
|
);
|
||||||
|
};
|
||||||
|
log {
|
||||||
|
source( s_src);
|
||||||
|
#destination( d_net);
|
||||||
|
destination( d_local);
|
||||||
|
};
|
||||||
|
|
||||||
|
###
|
||||||
|
# Include all config files in /etc/syslog-ng/conf.d/
|
||||||
|
###
|
||||||
|
@include "/etc/syslog-ng/conf.d/*.conf"
|
6
files/systemd/system/logcompress.service
Normal file
6
files/systemd/system/logcompress.service
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Compress old logs in /var/log/%%Y
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/bin/find /var/log/ -regex '/var/log/2[0-9][0-9][0-9]/2[0-9][0-9][0-9]-[01][0-9]-[0-3][0-9]' -mtime +0 -exec xz {} +
|
8
files/systemd/system/logcompress.timer
Normal file
8
files/systemd/system/logcompress.timer
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Compress old logs in /var/log/%%Y daily
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=2:00
|
62
files/timer-mail
Executable file
62
files/timer-mail
Executable file
|
@ -0,0 +1,62 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
help() {
|
||||||
|
[ 0 -lt $# ] && >&2 echo "$*"
|
||||||
|
>&2 cat <<EOF
|
||||||
|
Usage: $0 [*options] command [*args]
|
||||||
|
|
||||||
|
Options:
|
||||||
|
-h
|
||||||
|
-t TO default: your login-user
|
||||||
|
-f FROM default: your login-user
|
||||||
|
-s SUBJECT default: "timer: [command *args]"
|
||||||
|
-v pipes output through
|
||||||
|
-e send email only on error (command exit-code != 0)
|
||||||
|
-o send email only if command writes on STDOUT or STDERR (default)
|
||||||
|
-a send always email
|
||||||
|
EOF
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
eval set -- "$(getopt -n "$0" "ht:f:s:aev" "$@")"
|
||||||
|
while [ 0 -lt $# ]
|
||||||
|
do
|
||||||
|
case "$1" in
|
||||||
|
-h) help ;;
|
||||||
|
-s) shift ; subject="$1" ;;
|
||||||
|
-t) shift ; to="$1" ;;
|
||||||
|
-f) shift ; from="$1" ;;
|
||||||
|
-e) on=error ;;
|
||||||
|
-o) on=output ;;
|
||||||
|
-a) on=always ;;
|
||||||
|
-v) verbose=true ;;
|
||||||
|
--) shift ; break ;;
|
||||||
|
*) help "Unknown option: $1" ;;
|
||||||
|
esac
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
subject="${subject:-timer: $*}"
|
||||||
|
on=${on:-output}
|
||||||
|
verbose=${verbose:-false}
|
||||||
|
to="${to:-${LOGNAME:-$USER}}"
|
||||||
|
from="${from:-${LOGNAME:-$USER}}"
|
||||||
|
|
||||||
|
output="$(mktemp)"
|
||||||
|
trap "rm -f -- $output" EXIT
|
||||||
|
|
||||||
|
if $verbose
|
||||||
|
then
|
||||||
|
2>&1 "$@" | tee $output
|
||||||
|
r=$?
|
||||||
|
else
|
||||||
|
>$output 2>&1 "$@"
|
||||||
|
r=$?
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ always = $on ] || [ error = $on -a 0 -lt $r ] || [ output = $on -a -s $output ]
|
||||||
|
then
|
||||||
|
<$output mail -s "$subject" -r "$from" -- "$to" || exit 97
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit $r
|
89
files/vimrc.local
Normal file
89
files/vimrc.local
Normal file
|
@ -0,0 +1,89 @@
|
||||||
|
"execute pathogen#infect()
|
||||||
|
|
||||||
|
if has("autocmd")
|
||||||
|
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")
|
||||||
|
\| exe "normal g'\"" | endif
|
||||||
|
endif
|
||||||
|
if has("autocmd")
|
||||||
|
filetype indent on
|
||||||
|
endif
|
||||||
|
set background=dark
|
||||||
|
set showcmd
|
||||||
|
set showmatch
|
||||||
|
set smartcase
|
||||||
|
set incsearch
|
||||||
|
syntax on
|
||||||
|
" Einrücken immer um ein Tab der Breite 2
|
||||||
|
set ts=2
|
||||||
|
set sts=2
|
||||||
|
set sw=2
|
||||||
|
set noexpandtab
|
||||||
|
set modeline
|
||||||
|
set modelines=5
|
||||||
|
|
||||||
|
set listchars=tab:>.,trail:.,eol:$
|
||||||
|
"set list
|
||||||
|
|
||||||
|
"paste-mode"
|
||||||
|
map <f5> :set paste!<cr>
|
||||||
|
imap <f5> <c-o>:set paste!<cr>
|
||||||
|
map ,p :set paste!<cr>
|
||||||
|
"Zeilenenden aufräumen"
|
||||||
|
map <f9> :%s/\s\+$//<cr>
|
||||||
|
"list-mode (Am Ende der Zeile ein $)"
|
||||||
|
map ,l :set list!<cr>
|
||||||
|
"Wrap (automatischer Zeilenumbruch)"
|
||||||
|
map ,w :set wrap!<cr>
|
||||||
|
"Zeilennummern"
|
||||||
|
map ,n :set number!<cr>
|
||||||
|
"Cursor durch vert-/hori-linien über den ganzen Puffer anzeugen"
|
||||||
|
map ,c :set cuc! cul!<cr>
|
||||||
|
|
||||||
|
function! ToggleVirtualedit()
|
||||||
|
if &virtualedit == ''
|
||||||
|
set virtualedit=all
|
||||||
|
else
|
||||||
|
set virtualedit=
|
||||||
|
endif
|
||||||
|
endfunction
|
||||||
|
map ,v :call ToggleVirtualedit()<cr>
|
||||||
|
|
||||||
|
"
|
||||||
|
" Philips Erweiterungen:
|
||||||
|
"
|
||||||
|
|
||||||
|
highlight TabHighlight ctermbg=darkgrey
|
||||||
|
highlight TooLongLines ctermbg=darkred ctermfg=yellow
|
||||||
|
|
||||||
|
" Coding standard window addition function
|
||||||
|
function! AddCodingStandard()
|
||||||
|
if !exists("w:cs_lines_id")
|
||||||
|
let w:cs_lines_id = matchadd("TooLongLines", "^.\\{101,}")
|
||||||
|
endif
|
||||||
|
|
||||||
|
if !exists("w:cs_tab_id")
|
||||||
|
let w:cs_tab_id = matchadd("TabHighlight", "\t")
|
||||||
|
endif
|
||||||
|
endfunction
|
||||||
|
|
||||||
|
" Coding standard removal function
|
||||||
|
function! RemoveCodingStandard()
|
||||||
|
if exists("w:cs_lines_id")
|
||||||
|
call matchdelete(w:cs_lines_id)
|
||||||
|
unlet w:cs_lines_id
|
||||||
|
endif
|
||||||
|
|
||||||
|
if exists("w:cs_tab_id")
|
||||||
|
call matchdelete(w:cs_tab_id)
|
||||||
|
unlet w:cs_tab_id
|
||||||
|
endif
|
||||||
|
endfunction
|
||||||
|
|
||||||
|
autocmd BufWinEnter * call AddCodingStandard()
|
||||||
|
autocmd BufWinLeave * call RemoveCodingStandard()
|
||||||
|
|
||||||
|
" tags (Welches Wort steht wo (in welcher Datei ...))
|
||||||
|
set tags=./tags
|
||||||
|
|
||||||
|
" gnuplot (highlighting)
|
||||||
|
au BufNewFile,BufRead *.plt,.gnuplot setf gnuplot
|
2
handlers/debian.yml
Normal file
2
handlers/debian.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
25
handlers/main.yml
Normal file
25
handlers/main.yml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
---
|
||||||
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
||||||
|
- name: restart services
|
||||||
|
systemd:
|
||||||
|
state: restarted
|
||||||
|
name: "{{item}}"
|
||||||
|
daemon-reload: yes
|
||||||
|
with_items:
|
||||||
|
- rsyslog
|
||||||
|
- ssh
|
||||||
|
- name: restart chrony
|
||||||
|
systemd:
|
||||||
|
state: restarted
|
||||||
|
name: chrony
|
||||||
|
daemon-reload: yes
|
||||||
|
- name: restart rng-tools
|
||||||
|
systemd:
|
||||||
|
state: restarted
|
||||||
|
name: rng-tools
|
||||||
|
daemon-reload: yes
|
||||||
|
- name: restart nullmailer
|
||||||
|
systemd:
|
||||||
|
state: restarted
|
||||||
|
name: nullmailer
|
||||||
|
daemon-reload: yes
|
16
meta/main.yml
Normal file
16
meta/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
galaxy_info:
|
||||||
|
author: Denis Knauf
|
||||||
|
description: System-template with stable, usable and needable configs
|
||||||
|
license: AGPL-3.0-or-later
|
||||||
|
min_ansible_version: 2.9
|
||||||
|
platforms:
|
||||||
|
- name: CentOS
|
||||||
|
versions: [7]
|
||||||
|
- name: RHEL
|
||||||
|
versions: [7]
|
||||||
|
- name: Debian
|
||||||
|
versions: [9,10,11]
|
||||||
|
- name: Ubuntu
|
||||||
|
version: [18.04,20.04]
|
||||||
|
galaxy_tags: []
|
||||||
|
dependencies: []
|
67
tasks/main.yml
Normal file
67
tasks/main.yml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
||||||
|
|
||||||
|
- name: directories
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: '{{item}}'
|
||||||
|
with_items:
|
||||||
|
- /etc/vim
|
||||||
|
#- /etc/syslog-ng
|
||||||
|
- /etc/sudoers.d
|
||||||
|
|
||||||
|
- name: configs
|
||||||
|
copy:
|
||||||
|
src: "{{item.key}}"
|
||||||
|
dest: "{{item.value}}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
backup: yes
|
||||||
|
with_dict:
|
||||||
|
vimrc.local: /etc/vim/vimrc.local
|
||||||
|
rsyslog.conf: /etc/rsyslog.conf
|
||||||
|
|
||||||
|
- name: 'configs (templates)'
|
||||||
|
template:
|
||||||
|
src: "{{item.key}}"
|
||||||
|
dest: "{{item.value}}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
backup: yes
|
||||||
|
with_dict:
|
||||||
|
tmux.conf.j2: /etc/tmux.conf
|
||||||
|
krb5.conf.j2: /etc/krb5.conf
|
||||||
|
|
||||||
|
- name: sudoers defaults
|
||||||
|
copy:
|
||||||
|
src: defaults.sudoers
|
||||||
|
dest: /etc/sudoers.d/defaults
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0440
|
||||||
|
|
||||||
|
- name: timer-mail
|
||||||
|
copy:
|
||||||
|
src: timer-mail
|
||||||
|
dest: /usr/local/bin/timer-mail
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- include_tasks: 'os-{{ansible_facts["os_family"]|lower}}.yml'
|
||||||
|
|
||||||
|
- name: motd
|
||||||
|
copy:
|
||||||
|
content: '{{motd}}'
|
||||||
|
dest: /etc/motd
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: post etckeeper commit
|
||||||
|
shell: |
|
||||||
|
set -e
|
||||||
|
dd if=/dev/urandom of=/etc/.etckeeper_random count=1
|
||||||
|
etckeeper commit 'post ansible sys'
|
28
tasks/ohmyzsh.yml
Normal file
28
tasks/ohmyzsh.yml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
- name: oh my zsh
|
||||||
|
tags: ohmyzsh
|
||||||
|
git:
|
||||||
|
repo: https://github.com/ohmyzsh/ohmyzsh
|
||||||
|
dest: /usr/share/oh-my-zsh
|
||||||
|
|
||||||
|
- name: oh my zsh theme
|
||||||
|
tags: ohmyzsh
|
||||||
|
copy:
|
||||||
|
src: nf.zsh-theme
|
||||||
|
dest: /usr/share/oh-my-zsh/custom/themes/nf.zsh-theme
|
||||||
|
|
||||||
|
- name: ".zshrc in user skeleton"
|
||||||
|
tags: ohmyzsh
|
||||||
|
template:
|
||||||
|
src: dotzshrc
|
||||||
|
dest: "/etc/skel/.zshrc"
|
||||||
|
- name: 'setup default user(s)'
|
||||||
|
tags: ohmyzsh
|
||||||
|
with_items: '{{sys_default_users}}'
|
||||||
|
user:
|
||||||
|
name: '{{item.name}}'
|
||||||
|
home: '{{item.home | default("/home/"+item.name)}}'
|
||||||
|
shell: '{{item.shell | default("/usr/bin/zsh")}}'
|
||||||
|
groups: [users]
|
||||||
|
createhome: yes
|
||||||
|
move_home: yes
|
||||||
|
append: yes
|
89
tasks/os-alpine.yml
Normal file
89
tasks/os-alpine.yml
Normal file
|
@ -0,0 +1,89 @@
|
||||||
|
---
|
||||||
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
||||||
|
|
||||||
|
- name: packages
|
||||||
|
apk:
|
||||||
|
update_cache: yes
|
||||||
|
name:
|
||||||
|
- vim
|
||||||
|
- ncdu
|
||||||
|
- htop
|
||||||
|
- tmux
|
||||||
|
- etckeeper
|
||||||
|
- syslog-ng
|
||||||
|
- zsh
|
||||||
|
- curl
|
||||||
|
- lsof
|
||||||
|
- knot-utils
|
||||||
|
- krb5
|
||||||
|
- apk-cron
|
||||||
|
- msmtp
|
||||||
|
- openssh-sftp-server
|
||||||
|
- python3
|
||||||
|
- name: upgrade
|
||||||
|
apk:
|
||||||
|
upgrade: yes
|
||||||
|
|
||||||
|
- include_tasks: sshd_config.yml
|
||||||
|
|
||||||
|
- name: create user syslog
|
||||||
|
register: _cruser
|
||||||
|
shell: |
|
||||||
|
getent passwd syslog
|
||||||
|
case $? in
|
||||||
|
0) exit 42 ;;
|
||||||
|
2) ;;
|
||||||
|
esac
|
||||||
|
adduser -S syslog
|
||||||
|
failed_when: '_cruser.rc not in [0,42]'
|
||||||
|
changed_when: '_cruser.rc == 0'
|
||||||
|
|
||||||
|
- name: create group syslog
|
||||||
|
register: _crgroup
|
||||||
|
shell: |
|
||||||
|
getent group syslog
|
||||||
|
case $? in
|
||||||
|
0) exit 42 ;;
|
||||||
|
2) ;;
|
||||||
|
esac
|
||||||
|
addgroup -S syslog
|
||||||
|
failed_when: '_crgroup.rc not in [0,42]'
|
||||||
|
changed_when: '_crgroup.rc == 0'
|
||||||
|
|
||||||
|
- name: Set timezone variables
|
||||||
|
file:
|
||||||
|
src: '/etc/zoneinfo/{{timezone}}'
|
||||||
|
dest: /etc/localtime
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
|
||||||
|
- name: setup msmtp
|
||||||
|
template:
|
||||||
|
dest: /etc/msmtprc
|
||||||
|
src: msmtprc.j2
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: 'vi -> vim'
|
||||||
|
file:
|
||||||
|
dest: /usr/bin/vi
|
||||||
|
src: vim
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
|
||||||
|
- name: 'python -> python3'
|
||||||
|
file:
|
||||||
|
dest: /usr/bin/python
|
||||||
|
src: python3
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
|
||||||
|
- name: enable services
|
||||||
|
service:
|
||||||
|
name: '{{item}}'
|
||||||
|
enabled: yes
|
||||||
|
state: restarted
|
||||||
|
with_items:
|
||||||
|
- sshd
|
||||||
|
- syslog-ng
|
214
tasks/os-debian.yml
Normal file
214
tasks/os-debian.yml
Normal file
|
@ -0,0 +1,214 @@
|
||||||
|
---
|
||||||
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
||||||
|
|
||||||
|
# pre dependencies:
|
||||||
|
|
||||||
|
- name: install packages
|
||||||
|
apt:
|
||||||
|
force: no
|
||||||
|
name:
|
||||||
|
- aptitude
|
||||||
|
- set_fact:
|
||||||
|
crap_packages:
|
||||||
|
- cloud-init
|
||||||
|
- vim-tiny
|
||||||
|
- landscape-common
|
||||||
|
- snapd
|
||||||
|
- ubuntu-advantage-tools
|
||||||
|
- unattended-upgrades
|
||||||
|
- name: remove unwanted packages
|
||||||
|
apt:
|
||||||
|
state: absent
|
||||||
|
name: '{{crap_packages}}'
|
||||||
|
- name: stay away packages
|
||||||
|
dpkg_selections:
|
||||||
|
selection: hold
|
||||||
|
name: '{{item}}'
|
||||||
|
with_items: '{{crap_packages}}'
|
||||||
|
- name: safe-upgrade
|
||||||
|
apt:
|
||||||
|
upgrade: safe
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
# check capabilities:
|
||||||
|
|
||||||
|
- name: check mailer
|
||||||
|
shell: |
|
||||||
|
aptitude search '~Pmail-transport-agent' | sed -ne '/^i/{s/^i *//;s/^ *.*//;s/ *.*//;p}' | grep \\S
|
||||||
|
register: mailer
|
||||||
|
failed_when: "mailer.rc != 1 and mailer.rc != 0"
|
||||||
|
changed_when: 'false'
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
has_nullmailer: '{{mailer.rc == 1 or mailer.stdout=="nullmailer"}}'
|
||||||
|
|
||||||
|
# installation packages:
|
||||||
|
|
||||||
|
- name: install packages
|
||||||
|
apt:
|
||||||
|
force: no
|
||||||
|
name: '{{lookup("flattened", items)}}'
|
||||||
|
update_cache: yes
|
||||||
|
vars:
|
||||||
|
items:
|
||||||
|
- '{{ [] if is_virt_guest else ["chrony", "smartmontools"] }}'
|
||||||
|
- cron-apt
|
||||||
|
- curl
|
||||||
|
- etckeeper
|
||||||
|
- file
|
||||||
|
- fizsh
|
||||||
|
- git
|
||||||
|
- haveged
|
||||||
|
- htop
|
||||||
|
- inetutils-ping
|
||||||
|
- knot-dnsutils
|
||||||
|
- krb5-user
|
||||||
|
- ldap-utils
|
||||||
|
- locales
|
||||||
|
- lsof
|
||||||
|
- lvm2
|
||||||
|
- mosh
|
||||||
|
- mtr-tiny
|
||||||
|
- ncdu
|
||||||
|
- net-tools
|
||||||
|
- '{{ ["nullmailer"] if has_nullmailer else [] }}'
|
||||||
|
- openssh-server
|
||||||
|
- progress
|
||||||
|
- pv
|
||||||
|
- '{{ ["rng-tools"] if has_hwrng else [] }}'
|
||||||
|
- rsync
|
||||||
|
- socat
|
||||||
|
- sudo
|
||||||
|
- rsyslog
|
||||||
|
- systemd
|
||||||
|
- systemd-sysv
|
||||||
|
- tmux
|
||||||
|
- inetutils-traceroute
|
||||||
|
- tzdata
|
||||||
|
- usrmerge
|
||||||
|
- vim-nox
|
||||||
|
- '{{ [] if is_container else ["xfsdump", "xfsprogs"] }}'
|
||||||
|
- '{{ needed_debs if needed_debs is defined else [] }}'
|
||||||
|
|
||||||
|
# remove garbage:
|
||||||
|
|
||||||
|
- name: 'no ubuntu adverts'
|
||||||
|
when: '"ubuntu" == ansible_distribution'
|
||||||
|
block:
|
||||||
|
- name: no ubuntu-motd-adverts
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/default/motd-news
|
||||||
|
line: ENABLED=0
|
||||||
|
regexp: '^ENABLED='
|
||||||
|
create: yes
|
||||||
|
- name: no ubuntu-cloudguest-adverts
|
||||||
|
file:
|
||||||
|
path: /etc/update-motd.d/51-cloudguest
|
||||||
|
state: absent
|
||||||
|
- name: 'no ubuntu-"documentation"-adverts'
|
||||||
|
copy:
|
||||||
|
dest: /etc/update-motd.d/10-help-text
|
||||||
|
mode: 0644
|
||||||
|
content: ''
|
||||||
|
|
||||||
|
# configure system:
|
||||||
|
|
||||||
|
- name: set alternatives
|
||||||
|
alternatives:
|
||||||
|
name: "{{item.key}}"
|
||||||
|
path: "{{item.value}}"
|
||||||
|
with_dict:
|
||||||
|
editor: /usr/bin/vim.nox
|
||||||
|
vim: /usr/bin/vim.nox
|
||||||
|
vimdiff: /usr/bin/vim.nox
|
||||||
|
vi: /usr/bin/vim.nox
|
||||||
|
view: /usr/bin/vim.nox
|
||||||
|
|
||||||
|
- name: copy configs
|
||||||
|
copy:
|
||||||
|
src: "{{item.key}}"
|
||||||
|
dest: "{{item.value}}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
with_dict:
|
||||||
|
cron-apt/action.d/6-upgrade: /etc/cron-apt/action.d/6-upgrade
|
||||||
|
notify:
|
||||||
|
- restart services
|
||||||
|
|
||||||
|
- name: copy configs
|
||||||
|
template:
|
||||||
|
src: "{{item.key}}"
|
||||||
|
dest: "{{item.value}}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
with_dict:
|
||||||
|
cron-apt/config.j2: /etc/cron-apt/config
|
||||||
|
notify:
|
||||||
|
- restart services
|
||||||
|
|
||||||
|
- name: generates locales
|
||||||
|
locale_gen:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: present
|
||||||
|
with_items: '{{locales}}'
|
||||||
|
- name: default locale
|
||||||
|
copy:
|
||||||
|
dest: /etc/default/locale
|
||||||
|
content: |
|
||||||
|
LANG=de_AT.UTF-8
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- include_tasks: sshd_config.yml
|
||||||
|
- include_tasks: ohmyzsh.yml
|
||||||
|
- include_tasks: systemd.yml
|
||||||
|
|
||||||
|
- name: update timezone
|
||||||
|
command: dpkg-reconfigure --frontend noninteractive tzdata
|
||||||
|
|
||||||
|
- name: setup mailname
|
||||||
|
copy:
|
||||||
|
dest: /etc/mailname
|
||||||
|
content: |
|
||||||
|
{{sys_mailname | default(ansible_fqdn) | mandatory}}
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
- name: setup nullmailer remote
|
||||||
|
when: "mailer.changed"
|
||||||
|
copy:
|
||||||
|
dest: /etc/nullmailer/remotes
|
||||||
|
content: |
|
||||||
|
{{mail_relay_host}} smtp
|
||||||
|
owner: root
|
||||||
|
group: mail
|
||||||
|
mode: 0640
|
||||||
|
notify:
|
||||||
|
- restart nullmailer
|
||||||
|
|
||||||
|
- name: setup nullmailer domain
|
||||||
|
when: "mailer.changed"
|
||||||
|
copy:
|
||||||
|
dest: /etc/nullmailer/defaultdomain
|
||||||
|
content: 'denkn.at'
|
||||||
|
owner: root
|
||||||
|
group: mail
|
||||||
|
mode: 0640
|
||||||
|
notify:
|
||||||
|
- restart nullmailer
|
||||||
|
|
||||||
|
- name: 'dig -> kdig and other knot-utils'
|
||||||
|
file:
|
||||||
|
state: link
|
||||||
|
path: '/usr/local/bin/{{item}}'
|
||||||
|
src: '../../bin/k{{item}}'
|
||||||
|
with_items: [dig, nsupdate]
|
||||||
|
|
||||||
|
- name: enable ssh
|
||||||
|
systemd:
|
||||||
|
name: ssh
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
57
tasks/os-redhat.yml
Normal file
57
tasks/os-redhat.yml
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
---
|
||||||
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
||||||
|
|
||||||
|
# installation packages:
|
||||||
|
|
||||||
|
- name: install packages
|
||||||
|
yum:
|
||||||
|
lock_timeout: 30
|
||||||
|
name: '{{lookup("flattened", items)}}'
|
||||||
|
vars:
|
||||||
|
items:
|
||||||
|
- '{{ [] if is_virt_guest else ["chrony", "smartmontools"] }}'
|
||||||
|
- yum-cron
|
||||||
|
- curl
|
||||||
|
- file
|
||||||
|
- etckeeper
|
||||||
|
- git
|
||||||
|
- '{{ [] if is_container else ["haveged", "lvm2"] }}'
|
||||||
|
- htop
|
||||||
|
#- inetutils-ping
|
||||||
|
#- knot-dnsutils
|
||||||
|
#- ldap-utils
|
||||||
|
- lsof
|
||||||
|
- net-tools
|
||||||
|
#- '{{ ["nullmailer"] if has_nullmailer else [] }}'
|
||||||
|
#- progress
|
||||||
|
- pv
|
||||||
|
- '{{ ["rng-tools"] if has_hwrng else [] }}'
|
||||||
|
- rsync
|
||||||
|
- socat
|
||||||
|
- sudo
|
||||||
|
- rsyslog
|
||||||
|
- systemd
|
||||||
|
- tmux
|
||||||
|
- tzdata
|
||||||
|
- vim
|
||||||
|
- '{{ [] if is_container else ["xfsdump", "xfsprogs"] }}'
|
||||||
|
- zsh
|
||||||
|
|
||||||
|
- include_tasks: sshd_config.yml
|
||||||
|
- include_tasks: systemd.yml
|
||||||
|
- include_tasks: ohmyzsh.yml
|
||||||
|
|
||||||
|
- name: setup mailname
|
||||||
|
copy:
|
||||||
|
dest: /etc/mailname
|
||||||
|
content: |
|
||||||
|
{{sys_mailname | default(ansible_fqdn) | mandatory}}
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: enable ssh
|
||||||
|
systemd:
|
||||||
|
name: sshd
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
46
tasks/sshd_config.yml
Normal file
46
tasks/sshd_config.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
||||||
|
|
||||||
|
- name: sshd_config
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
insertafter: '^\s*#\s*{{item.key}}\s+'
|
||||||
|
regexp: '^\s*{{item.key}}\s'
|
||||||
|
line: '{{item.key}} {{item.value}}'
|
||||||
|
with_dict:
|
||||||
|
Port: '{{ssh_port|default(22)}}'
|
||||||
|
PermitRootLogin: 'prohibit-password'
|
||||||
|
StrictModes: 'yes'
|
||||||
|
PubkeyAuthentication: 'yes'
|
||||||
|
KerberosAuthentication: 'no'
|
||||||
|
GSSAPIAuthentication: 'yes'
|
||||||
|
TCPKeepAlive: 'yes'
|
||||||
|
Ciphers: 'chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com'
|
||||||
|
MACs: 'hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256'
|
||||||
|
KexAlgorithms: 'curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256'
|
||||||
|
- name: sshd_config
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
insertbefore: '\s*#?\s*HostKey\s+'
|
||||||
|
regexp: '^# HostKeys for protocol'
|
||||||
|
line: '# HostKeys for protocol'
|
||||||
|
- name: sshd_config - prefer ed25519
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
insertafter: '^# HostKeys for protocol'
|
||||||
|
regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
|
||||||
|
line: 'HostKey /etc/ssh/ssh_host_ed25519_key'
|
||||||
|
- name: sshd_config - fallback rsa
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
insertafter: '^\s*HostKey\s+/etc/ssh/ssh_host_ed25519_key\s*$'
|
||||||
|
regexp: '^\s*HostKey\s+/etc/ssh/ssh_host_rsa_key\s*$'
|
||||||
|
line: 'HostKey /etc/ssh/ssh_host_rsa_key'
|
||||||
|
- name: 'sshd_config - absent dsa / ecdsa'
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
state: absent
|
||||||
|
regexp: '{{item}}'
|
||||||
|
with_list:
|
||||||
|
- '^\s*HostKey\s+/etc/ssh/ssh_host_dsa_key\s*$'
|
||||||
|
- '^\s*HostKey\s+/etc/ssh/ssh_host_ecdsa_key\s*$'
|
65
tasks/systemd.yml
Normal file
65
tasks/systemd.yml
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
---
|
||||||
|
# vim: set expandtab tabstop=2 shiftwidth=2:
|
||||||
|
|
||||||
|
- name: etckeeper initialized
|
||||||
|
shell: |
|
||||||
|
set -e
|
||||||
|
[ -f /etc/.git/config ] && exit 42
|
||||||
|
echo "Need to init"
|
||||||
|
etckeeper init
|
||||||
|
register: etckeeper_init
|
||||||
|
changed_when: 'etckeeper_init.rc == 0'
|
||||||
|
failed_when: 'etckeeper_init.rc not in [0,42]'
|
||||||
|
|
||||||
|
- name: set git-defaults
|
||||||
|
git_config:
|
||||||
|
name: '{{item.key}}'
|
||||||
|
repo: /etc
|
||||||
|
scope: local
|
||||||
|
value: '{{item.value}}'
|
||||||
|
with_dict:
|
||||||
|
user.email: '{{etckeeper.email}}'
|
||||||
|
user.name: '{{etckeeper.name}}'
|
||||||
|
- name: pre etckeeper commit
|
||||||
|
shell: |
|
||||||
|
set -e
|
||||||
|
dd if=/dev/urandom of=/etc/.etckeeper_random count=1
|
||||||
|
etckeeper commit 'pre ansible sys'
|
||||||
|
|
||||||
|
- name: create group syslog
|
||||||
|
group: {name: syslog, system: yes}
|
||||||
|
|
||||||
|
- name: enable rng-tools
|
||||||
|
when: has_hwrng
|
||||||
|
systemd:
|
||||||
|
name: rng-tools
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Set timezone variables
|
||||||
|
file:
|
||||||
|
src: '/usr/share/zoneinfo/{{timezone}}'
|
||||||
|
dest: /etc/localtime
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: install systemd-logcompress-jobs
|
||||||
|
copy:
|
||||||
|
src: "{{item}}"
|
||||||
|
dest: /etc/systemd/system
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
with_fileglob:
|
||||||
|
- "systemd/system/*"
|
||||||
|
|
||||||
|
- name: enable services
|
||||||
|
systemd:
|
||||||
|
name: "{{item}}"
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
with_items:
|
||||||
|
- rsyslog
|
||||||
|
- logcompress.timer
|
6
templates/cron-apt/config.j2
Normal file
6
templates/cron-apt/config.j2
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# Configuration for cron-apt. For further information about the possible
|
||||||
|
# configuration settings see /usr/share/doc/cron-apt/README.gz.
|
||||||
|
|
||||||
|
MAILTO="{{cron_apt_mailto | default('admin@denkn.at')}}"
|
||||||
|
MAILON=upgrade
|
||||||
|
APTCOMMAND=/usr/bin/aptitude
|
65
templates/dotzshrc
Normal file
65
templates/dotzshrc
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
# Path to your oh-my-zsh installation.
|
||||||
|
export ZSH="/usr/share/oh-my-zsh"
|
||||||
|
|
||||||
|
# Set name of the theme to load.
|
||||||
|
# Look in ~/.oh-my-zsh/themes/
|
||||||
|
# Optionally, if you set this to "random", it'll load a random theme each
|
||||||
|
# time that oh-my-zsh is loaded.
|
||||||
|
ZSH_THEME="nf"
|
||||||
|
|
||||||
|
# Uncomment the following line to use case-sensitive completion.
|
||||||
|
CASE_SENSITIVE="true"
|
||||||
|
|
||||||
|
# Uncomment the following line to disable bi-weekly auto-update checks.
|
||||||
|
DISABLE_AUTO_UPDATE="true"
|
||||||
|
|
||||||
|
# Uncomment the following line to change how often to auto-update (in days).
|
||||||
|
# export UPDATE_ZSH_DAYS=13
|
||||||
|
|
||||||
|
# Uncomment the following line to disable colors in ls.
|
||||||
|
# DISABLE_LS_COLORS="true"
|
||||||
|
|
||||||
|
# Uncomment the following line to disable auto-setting terminal title.
|
||||||
|
# DISABLE_AUTO_TITLE="true"
|
||||||
|
|
||||||
|
# Uncomment the following line to enable command auto-correction.
|
||||||
|
ENABLE_CORRECTION="true"
|
||||||
|
|
||||||
|
# Uncomment the following line to display red dots whilst waiting for completion.
|
||||||
|
COMPLETION_WAITING_DOTS="true"
|
||||||
|
|
||||||
|
# Uncomment the following line if you want to disable marking untracked files
|
||||||
|
# under VCS as dirty. This makes repository status check for large repositories
|
||||||
|
# much, much faster.
|
||||||
|
DISABLE_UNTRACKED_FILES_DIRTY="true"
|
||||||
|
|
||||||
|
# Uncomment the following line if you want to change the command execution time
|
||||||
|
# stamp shown in the history command output.
|
||||||
|
# The optional three formats: "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
|
||||||
|
HIST_STAMPS="yyyy-mm-dd"
|
||||||
|
|
||||||
|
# Would you like to use another custom folder than $ZSH/custom?
|
||||||
|
# ZSH_CUSTOM=/path/to/new-custom-folder
|
||||||
|
|
||||||
|
# Which plugins would you like to load? (plugins can be found in ~/.oh-my-zsh/plugins/*)
|
||||||
|
# Custom plugins may be added to ~/.oh-my-zsh/custom/plugins/
|
||||||
|
# Example format: plugins=(rails git textmate ruby lighthouse)
|
||||||
|
# Add wisely, as too many plugins slow down shell startup.
|
||||||
|
plugins=(bundler coffee common-aliases compleat encode64 extract gem git github gitignore gpg-agent history-substring-search mosh nmap perl postgres rails rake-fast rake rsync ruby safe-paste screen singlechar sudo)
|
||||||
|
|
||||||
|
prompt_host_color='%{$terminfo[bold]$fg[{{prompt_host_color}}]%}'
|
||||||
|
source "$ZSH/oh-my-zsh.sh"
|
||||||
|
|
||||||
|
# User configuration
|
||||||
|
|
||||||
|
export PATH="$PATH:$HOME/bin" EDITOR=vim
|
||||||
|
>/dev/null where keychain && eval `keychain --eval --quiet`
|
||||||
|
|
||||||
|
alias ip='command ip --color=auto'
|
||||||
|
|
||||||
|
zmodload zsh/terminfo
|
||||||
|
#bindkey -v
|
||||||
|
#bindkey -M vicmd 'v' edit-command-line
|
||||||
|
bindkey "\e[H" beginning-of-line
|
||||||
|
bindkey "\e[F" end-of-line
|
||||||
|
bindkey "$terminfo[kich1]" overwrite-mode
|
23
templates/krb5.conf.j2
Normal file
23
templates/krb5.conf.j2
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
[libdefaults]
|
||||||
|
{%if krb5_default_realm is defined%}
|
||||||
|
default_realm = {{krb5_default_realm|mandatory()}}
|
||||||
|
{%endif%}
|
||||||
|
allow_weak_crypto = false
|
||||||
|
permitted_enctypes = aes256-cts-hmac-sha1-96 camellia256-cts-cmac aes128-cts-hmac-sha1-96 camellia128-cts-cmac
|
||||||
|
default_tkt_enctypes = aes256-cts-hmac-sha1-96 camellia256-cts-cmac aes128-cts-hmac-sha1-96 camellia128-cts-cmac
|
||||||
|
default_tgs_enctypes = aes256-cts-hmac-sha1-96 camellia256-cts-cmac aes128-cts-hmac-sha1-96 camellia128-cts-cmac
|
||||||
|
|
||||||
|
[realms]
|
||||||
|
{% for realm, cfg in krb5_realms.items() %}
|
||||||
|
{{realm}} = {
|
||||||
|
{% for key, val in cfg.items() %}
|
||||||
|
{{key}} = {{val}}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
[domain_realm]
|
||||||
|
{% for domain, realm in krb5_domains.items() %}
|
||||||
|
{{domain}} = {{realm}}
|
||||||
|
.{{domain}} = {{realm}}
|
||||||
|
{% endfor %}
|
5
templates/msmtprc.j2
Normal file
5
templates/msmtprc.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
account default
|
||||||
|
host {{mail_relay_host}}
|
||||||
|
tls on
|
||||||
|
tls_starttls on
|
||||||
|
syslog LOG_MAIL
|
93
templates/sshd_config.j2
Normal file
93
templates/sshd_config.j2
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
# Package generated configuration file
|
||||||
|
# See the sshd_config(5) manpage for details
|
||||||
|
|
||||||
|
# What ports, IPs and protocols we listen for
|
||||||
|
Port {{ssh_port|default(22)}}
|
||||||
|
# Use these options to restrict which interfaces/protocols sshd will bind to
|
||||||
|
#ListenAddress ::
|
||||||
|
#ListenAddress 0.0.0.0
|
||||||
|
Protocol 2
|
||||||
|
# HostKeys for protocol version 2
|
||||||
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||||
|
HostKey /etc/ssh/ssh_host_rsa_key
|
||||||
|
#HostKey /etc/ssh/ssh_host_dsa_key
|
||||||
|
#HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
#Privilege Separation is turned on for security
|
||||||
|
#UsePrivilegeSeparation yes
|
||||||
|
|
||||||
|
# Lifetime and size of ephemeral version 1 server key
|
||||||
|
#KeyRegenerationInterval 3600
|
||||||
|
#ServerKeyBits 1024
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
SyslogFacility AUTH
|
||||||
|
LogLevel INFO
|
||||||
|
|
||||||
|
# Authentication:
|
||||||
|
LoginGraceTime 120
|
||||||
|
PermitRootLogin prohibit-password
|
||||||
|
StrictModes yes
|
||||||
|
|
||||||
|
#RSAAuthentication yes
|
||||||
|
PubkeyAuthentication yes
|
||||||
|
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
||||||
|
|
||||||
|
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||||
|
IgnoreRhosts yes
|
||||||
|
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
||||||
|
#RhostsRSAAuthentication no
|
||||||
|
# similar for protocol version 2
|
||||||
|
HostbasedAuthentication no
|
||||||
|
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
||||||
|
#IgnoreUserKnownHosts yes
|
||||||
|
|
||||||
|
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
||||||
|
PermitEmptyPasswords no
|
||||||
|
|
||||||
|
# Change to yes to enable challenge-response passwords (beware issues with
|
||||||
|
# some PAM modules and threads)
|
||||||
|
ChallengeResponseAuthentication no
|
||||||
|
|
||||||
|
# Change to no to disable tunnelled clear text passwords
|
||||||
|
#PasswordAuthentication yes
|
||||||
|
|
||||||
|
# Kerberos options
|
||||||
|
KerberosAuthentication no
|
||||||
|
#KerberosGetAFSToken no
|
||||||
|
#KerberosOrLocalPasswd yes
|
||||||
|
#KerberosTicketCleanup yes
|
||||||
|
|
||||||
|
# GSSAPI options
|
||||||
|
GSSAPIAuthentication yes
|
||||||
|
GSSAPICleanupCredentials no
|
||||||
|
|
||||||
|
X11Forwarding no
|
||||||
|
X11DisplayOffset 10
|
||||||
|
PrintMotd no
|
||||||
|
PrintLastLog yes
|
||||||
|
TCPKeepAlive yes
|
||||||
|
#UseLogin no
|
||||||
|
|
||||||
|
#MaxStartups 10:30:60
|
||||||
|
#Banner /etc/issue.net
|
||||||
|
|
||||||
|
# Allow client to pass locale environment variables
|
||||||
|
AcceptEnv LANG LC_*
|
||||||
|
|
||||||
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||||
|
|
||||||
|
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||||
|
# and session processing. If this is enabled, PAM authentication will
|
||||||
|
# be allowed through the ChallengeResponseAuthentication and
|
||||||
|
# PasswordAuthentication. Depending on your PAM configuration,
|
||||||
|
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||||
|
# the setting of "PermitRootLogin without-password".
|
||||||
|
# If you just want the PAM account and session checks to run without
|
||||||
|
# PAM authentication, then enable this but set PasswordAuthentication
|
||||||
|
# and ChallengeResponseAuthentication to 'no'.
|
||||||
|
UsePAM yes
|
||||||
|
|
||||||
|
# Ciphers
|
||||||
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
|
||||||
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
|
||||||
|
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
|
22
templates/tmux.conf.j2
Normal file
22
templates/tmux.conf.j2
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
bind C-s send-prefix
|
||||||
|
bind a last-window
|
||||||
|
bind C-a last-window
|
||||||
|
bind Space next-window
|
||||||
|
bind C-Space next-window
|
||||||
|
bind Bspace previous-window
|
||||||
|
bind C-Bspace previous-window
|
||||||
|
bind ` select-window -t0
|
||||||
|
bind 1 select-window -t1
|
||||||
|
bind 2 select-window -t2
|
||||||
|
bind 3 select-window -t3
|
||||||
|
bind 4 select-window -t4
|
||||||
|
bind 5 select-window -t5
|
||||||
|
bind 6 select-window -t6
|
||||||
|
bind 7 select-window -t7
|
||||||
|
bind 8 select-window -t8
|
||||||
|
bind 9 select-window -t9
|
||||||
|
bind 0 select-window -t10
|
||||||
|
bind Escape copy-mode
|
||||||
|
set -g status-keys vi
|
||||||
|
setw -g mode-keys vi
|
||||||
|
set -g status-style {{tmux_status_style}}
|
2
tests/inventory
Normal file
2
tests/inventory
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
localhost
|
||||||
|
|
5
tests/test.yml
Normal file
5
tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
remote_user: root
|
||||||
|
roles:
|
||||||
|
- system
|
2
vars/main.yml
Normal file
2
vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
# vars file for system
|
Loading…
Reference in a new issue