Linux/Ansible/Config
/srv/ansible-config/pb-machinex.yml
--- - hosts: machinex become: true roles: - basic - bare-metal - exposed-machine - munin-node
/srv/ansible-config/hosts.yml
all: children: cloud: hosts: cloudmachine.domain.com home: hosts: homemachine:
/srv/ansible-config/roles/<role-name>/tasks/main.yml
- apt:
- name: update apt apt: update_cache: yes cache_valid_time: 3600 - name: install apt packages apt: name: ["aptitude", "git", "mc", "nmap"]
- systemd:
- name: reload systemd config systemd: daemon_reload: yes - name: restart fail2ban systemd: name: fail2ban state: restarted
- copy files:
- name: copy openvpn client config files copy: src: ../files/ dest: /etc/openvpn - name: enable fail2ban config copy: src: /etc/fail2ban/fail2ban.conf dest: /etc/fail2ban/fail2ban.local remote_src: yes
- edit files:
- name: enable openvpn in /etc/default/openvpn lineinfile: path: /etc/default/openvpn line: AUTOSTART="all" - name: enable openvpn in /etc/default/openvpn lineinfile: path: /etc/default/openvpn line: AUTOSTART="all" create: yes # create if file does not exist (default: no) backup: yes # create a backup file (default: no) state: absent # the line should not be there state: present # the line should be there (default) mode: '644' owner: root group: root insertbefore: BOF insertafter: EOF - name: change sudoers lineinfile: path: /etc/sudoers state: present regexp: '^%ADMIN ALL=' line: '%ADMIN ALL=(ALL) NOPASSWD: ALL' validate: '/usr/sbin/visudo -cf %s'
- delete/symlink/...:
- name: create symbolic link for conf file: src: "/etc/nginx/sites-available/homeserver" dest: "/etc/nginx/sites-enabled/homeserver" state: link - name: remove file file: path: "/etc/nginx/sites-enabled/default" state: absent - name: create folder file: path: "/srv/test" state: directory