From 86f60f40dd650fcf9ac23e40b9afa8357d00e2c2 Mon Sep 17 00:00:00 2001 From: Oleg Broytman Date: Sat, 31 Aug 2019 21:59:34 +0300 Subject: [PATCH] Feat: Move common playbooks and roles Some playbooks and roles are distribution-independent. --- playbooks/debian/add-apache-vhost | 2 +- playbooks/debian/add-dns-domain | 2 +- playbooks/debian/init-system.sh | 4 +++- playbooks/debian/roles/phd/tasks/main.yml | 6 ++++++ playbooks/debian/roles/root/README.txt | 1 - playbooks/debian/roles/sshd/README.txt | 1 - playbooks/{debian => }/init-system.yml | 2 +- playbooks/roles/README.txt | 1 + playbooks/roles/root/README.txt | 1 + playbooks/{debian => }/roles/root/meta/main.yml | 0 playbooks/{debian => }/roles/root/tasks/main.yml | 0 playbooks/{debian => }/roles/root/tasks/mc.yml | 0 playbooks/{debian => }/roles/root/tasks/root.yml | 0 playbooks/roles/sshd/README.txt | 1 + playbooks/{debian => }/roles/sshd/handlers/main.yml | 0 playbooks/{debian => }/roles/sshd/tasks/main.yml | 11 ++++++++++- playbooks/{debian => }/update-root.yml | 0 17 files changed, 25 insertions(+), 7 deletions(-) delete mode 100644 playbooks/debian/roles/root/README.txt delete mode 100644 playbooks/debian/roles/sshd/README.txt rename playbooks/{debian => }/init-system.yml (76%) create mode 100644 playbooks/roles/README.txt create mode 100644 playbooks/roles/root/README.txt rename playbooks/{debian => }/roles/root/meta/main.yml (100%) rename playbooks/{debian => }/roles/root/tasks/main.yml (100%) rename playbooks/{debian => }/roles/root/tasks/mc.yml (100%) rename playbooks/{debian => }/roles/root/tasks/root.yml (100%) create mode 100644 playbooks/roles/sshd/README.txt rename playbooks/{debian => }/roles/sshd/handlers/main.yml (100%) rename playbooks/{debian => }/roles/sshd/tasks/main.yml (65%) rename playbooks/{debian => }/update-root.yml (100%) diff --git a/playbooks/debian/add-apache-vhost b/playbooks/debian/add-apache-vhost index 514c86b..0d2c502 100755 --- a/playbooks/debian/add-apache-vhost +++ b/playbooks/debian/add-apache-vhost @@ -9,6 +9,6 @@ vhost="$1" shift cd "`dirname \"$0\"`" && -ANSIBLE_ROLES_PATH=debian/roles \ +ANSIBLE_ROLES_PATH=debian/roles:roles \ exec ../run-role add-apache-vhost "$@" \ -e virtual_host="$vhost" -e gather_facts=true diff --git a/playbooks/debian/add-dns-domain b/playbooks/debian/add-dns-domain index 38c14b5..30a1c13 100755 --- a/playbooks/debian/add-dns-domain +++ b/playbooks/debian/add-dns-domain @@ -9,6 +9,6 @@ domain="$1" shift cd "`dirname \"$0\"`" && -ANSIBLE_ROLES_PATH=debian/roles \ +ANSIBLE_ROLES_PATH=debian/roles:roles \ exec ../run-role add-dns-domain "$@" \ -e domain="$domain" -e gather_facts=true diff --git a/playbooks/debian/init-system.sh b/playbooks/debian/init-system.sh index 2363c80..c44eb83 100755 --- a/playbooks/debian/init-system.sh +++ b/playbooks/debian/init-system.sh @@ -9,9 +9,11 @@ host="$1" shift cd "`dirname \"$0\"`" && +ANSIBLE_ROLES_PATH=roles:../roles && +export ANSIBLE_ROLES_PATH && # Passwordless access isn't configured yet; use `ssh` connection sharing. # `sudo` isn't configured yet too; use `su` and ask for root password. -ansible-playbook init-system.yml "$@" -e hosts="$host" \ +ansible-playbook ../init-system.yml "$@" -e hosts="$host" \ --become-method=su -K && exec ansible-playbook init-system2.yml "$@" -e hosts="$host" diff --git a/playbooks/debian/roles/phd/tasks/main.yml b/playbooks/debian/roles/phd/tasks/main.yml index a8ea36e..a26a738 100644 --- a/playbooks/debian/roles/phd/tasks/main.yml +++ b/playbooks/debian/roles/phd/tasks/main.yml @@ -30,6 +30,12 @@ group: phd groups: "{{ system_groups }}" + - name: Remove mc directories + file: + path: "{{ item }}" + state: absent + loop: ['~/.cache/mc', '~/.config/mc', '~/.local/share/mc'] + - name: Upload and extract home archive unarchive: src: ~/archive/STORE/phd/Home/phd.tar.bz2 diff --git a/playbooks/debian/roles/root/README.txt b/playbooks/debian/roles/root/README.txt deleted file mode 100644 index e970e2a..0000000 --- a/playbooks/debian/roles/root/README.txt +++ /dev/null @@ -1 +0,0 @@ -Init new Debian system: setup ~root by copying files from ~phd. diff --git a/playbooks/debian/roles/sshd/README.txt b/playbooks/debian/roles/sshd/README.txt deleted file mode 100644 index f1ea9db..0000000 --- a/playbooks/debian/roles/sshd/README.txt +++ /dev/null @@ -1 +0,0 @@ -Init new Debian system: configure sshd. diff --git a/playbooks/debian/init-system.yml b/playbooks/init-system.yml similarity index 76% rename from playbooks/debian/init-system.yml rename to playbooks/init-system.yml index b1dbd68..e5722c8 100644 --- a/playbooks/debian/init-system.yml +++ b/playbooks/init-system.yml @@ -1,4 +1,4 @@ -- name: Setup Debain system +- name: Setup Linux system hosts: "{{ hosts | default('all') }}" gather_facts: false roles: diff --git a/playbooks/roles/README.txt b/playbooks/roles/README.txt new file mode 100644 index 0000000..46b2b6a --- /dev/null +++ b/playbooks/roles/README.txt @@ -0,0 +1 @@ +Common roles. diff --git a/playbooks/roles/root/README.txt b/playbooks/roles/root/README.txt new file mode 100644 index 0000000..7fb362b --- /dev/null +++ b/playbooks/roles/root/README.txt @@ -0,0 +1 @@ +Setup new Linux system: setup ~root by copying files from ~phd. diff --git a/playbooks/debian/roles/root/meta/main.yml b/playbooks/roles/root/meta/main.yml similarity index 100% rename from playbooks/debian/roles/root/meta/main.yml rename to playbooks/roles/root/meta/main.yml diff --git a/playbooks/debian/roles/root/tasks/main.yml b/playbooks/roles/root/tasks/main.yml similarity index 100% rename from playbooks/debian/roles/root/tasks/main.yml rename to playbooks/roles/root/tasks/main.yml diff --git a/playbooks/debian/roles/root/tasks/mc.yml b/playbooks/roles/root/tasks/mc.yml similarity index 100% rename from playbooks/debian/roles/root/tasks/mc.yml rename to playbooks/roles/root/tasks/mc.yml diff --git a/playbooks/debian/roles/root/tasks/root.yml b/playbooks/roles/root/tasks/root.yml similarity index 100% rename from playbooks/debian/roles/root/tasks/root.yml rename to playbooks/roles/root/tasks/root.yml diff --git a/playbooks/roles/sshd/README.txt b/playbooks/roles/sshd/README.txt new file mode 100644 index 0000000..4b0149d --- /dev/null +++ b/playbooks/roles/sshd/README.txt @@ -0,0 +1 @@ +Setup new Linux system: configure sshd. diff --git a/playbooks/debian/roles/sshd/handlers/main.yml b/playbooks/roles/sshd/handlers/main.yml similarity index 100% rename from playbooks/debian/roles/sshd/handlers/main.yml rename to playbooks/roles/sshd/handlers/main.yml diff --git a/playbooks/debian/roles/sshd/tasks/main.yml b/playbooks/roles/sshd/tasks/main.yml similarity index 65% rename from playbooks/debian/roles/sshd/tasks/main.yml rename to playbooks/roles/sshd/tasks/main.yml index 9f76108..d1c96ab 100644 --- a/playbooks/debian/roles/sshd/tasks/main.yml +++ b/playbooks/roles/sshd/tasks/main.yml @@ -1,5 +1,6 @@ - name: Check sshd - shell: "grep -c '^PermitRootLogin' /etc/ssh/sshd_config || :" + become: true + shell: "grep -c '^PermitRootLogin prohibit-password' /etc/ssh/sshd_config || :" register: sshd changed_when: sshd.stdout == "0" @@ -7,6 +8,14 @@ msg: "sshd has already been configured" when: sshd.stdout != "0" +- name: "Setup sshd: disable root login" + become: true + lineinfile: + path: /etc/ssh/sshd_config + regexp: "^PermitRootLogin yes" + state: absent + when: sshd.stdout == "0" + - name: Configure sshd become: true lineinfile: diff --git a/playbooks/debian/update-root.yml b/playbooks/update-root.yml similarity index 100% rename from playbooks/debian/update-root.yml rename to playbooks/update-root.yml -- 2.39.2