Linux/Ansible/Config
/srv/ansible-config/pb-machinex.yml
--- - hosts: machinex become: true roles: - basic - bare-metal - exposed-machine - munin-node
/srv/ansible-config/hosts.yml
all:
children:
cloud:
hosts:
cloudmachine.domain.com
home:
hosts:
homemachine:
/srv/ansible-config/roles/<role-name>/tasks/main.yml
- apt:
- name: update apt
apt:
update_cache: yes
cache_valid_time: 3600
- name: install apt packages
apt:
name: ["aptitude", "git", "mc", "nmap"]
- systemd:
- name: reload systemd config
systemd:
daemon_reload: yes
- name: restart fail2ban
systemd:
name: fail2ban
state: restarted
- copy files:
- name: copy openvpn client config files
copy:
src: ../files/
dest: /etc/openvpn
- name: enable fail2ban config
copy:
src: /etc/fail2ban/fail2ban.conf
dest: /etc/fail2ban/fail2ban.local
remote_src: yes
- edit files:
- name: enable openvpn in /etc/default/openvpn
lineinfile:
path: /etc/default/openvpn
line: AUTOSTART="all"
- name: enable openvpn in /etc/default/openvpn
lineinfile:
path: /etc/default/openvpn
line: AUTOSTART="all"
create: yes # create if file does not exist (default: no)
backup: yes # create a backup file (default: no)
state: absent # the line should not be there
state: present # the line should be there (default)
mode: '644'
owner: root
group: root
insertbefore: BOF
insertafter: EOF
- name: change sudoers
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%ADMIN ALL='
line: '%ADMIN ALL=(ALL) NOPASSWD: ALL'
validate: '/usr/sbin/visudo -cf %s'
- delete/symlink/...:
- name: create symbolic link for conf
file:
src: "/etc/nginx/sites-available/homeserver"
dest: "/etc/nginx/sites-enabled/homeserver"
state: link
- name: remove file
file:
path: "/etc/nginx/sites-enabled/default"
state: absent
- name: create folder
file:
path: "/srv/test"
state: directory