Linux/Ansible/Config: Difference between revisions

From Wiki
< Linux‎ | Ansible
(Die Seite wurde neu angelegt: „= Config = == /srv/ansible-config/pb-machinex.yml == <blockquote><pre> --- - hosts: machinex become: true roles: - basic - bare-metal - exposed-mach…“)
 
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
= Config =
== /srv/ansible-config/pb-machinex.yml ==
== /srv/ansible-config/pb-machinex.yml ==
<blockquote><pre>
<blockquote><pre>
Line 111: Line 109:


</pre></blockquote>
</pre></blockquote>
[[Category:Linux/Ansible]]
[[Category:Linux]]

Latest revision as of 12:41, 17 May 2019

/srv/ansible-config/pb-machinex.yml

---
- hosts: machinex
  become: true
  roles:
  - basic
  - bare-metal
  - exposed-machine
  - munin-node


/srv/ansible-config/hosts.yml

all:
    children:
        cloud:
            hosts:
                cloudmachine.domain.com
        home:
            hosts:
                homemachine:


/srv/ansible-config/roles/<role-name>/tasks/main.yml

  • apt:
- name: update apt
  apt:
    update_cache: yes
    cache_valid_time: 3600

- name: install apt packages
  apt:
    name: ["aptitude", "git", "mc", "nmap"]
  • systemd:
- name: reload systemd config
  systemd:
    daemon_reload: yes

- name: restart fail2ban
  systemd:
    name: fail2ban
    state: restarted
  • copy files:
- name: copy openvpn client config files
  copy:
    src: ../files/
    dest: /etc/openvpn

- name: enable fail2ban config
  copy:
    src: /etc/fail2ban/fail2ban.conf
    dest: /etc/fail2ban/fail2ban.local
    remote_src: yes
  • edit files:
- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"

- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"
    create: yes                   # create if file does not exist (default: no)
    backup: yes                   # create a backup file (default: no)
    state: absent                 # the line should not be there
    state: present                # the line should be there (default)
    mode: '644'
    owner: root
    group: root
    insertbefore: BOF
    insertafter: EOF

- name: change sudoers
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%ADMIN ALL='
    line: '%ADMIN ALL=(ALL) NOPASSWD: ALL'
    validate: '/usr/sbin/visudo -cf %s'
  • delete/symlink/...:
- name: create symbolic link for conf
  file:
    src: "/etc/nginx/sites-available/homeserver"
    dest: "/etc/nginx/sites-enabled/homeserver"
    state: link

- name: remove file
  file:
    path: "/etc/nginx/sites-enabled/default"
    state: absent

- name: create folder
  file:
    path: "/srv/test"
    state: directory
Retrieved from "https://wiki.marcluerssen.de/index.php?title=Linux/Ansible/Config&oldid=2179"