...
 
Commits (152)
......@@ -40,4 +40,4 @@ Possible fixes
(If you can, link to the line of code that might be responsible for the problem)
/label ~bug
/cc @gethmann
/cc @vn4918
This diff is collapsed.
......@@ -2,8 +2,8 @@
- hosts: all
remote_user: root
vars:
ipa_host: "las{{ ip_suffix }}.las.kit.edu"
ipa_host_ip: "129.13.108.{{ ip_suffix }}"
ipa_host: "{{ computer_name }}.las.kit.edu"
ipa_host_ip: "129.13.238.{{ ip_suffix }}"
ipa_domain: las.kit.edu
vars_prompt:
- name: "ipa_pass"
......
......@@ -3,6 +3,5 @@
- name: install admin software
become: yes
dnf:
name: "{{ item }}"
name: "{{ admin_software }}"
state: present
with_items: "{{ admin_software }}"
[defaults]
inventory=hosts
inventory = hosts
roles_path = roles
fact_caching = jsonfile
fact_caching_connection = cachedir
fact_caching_timeout = 86400
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=3600s
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
remote_user=root
roles_path=roles
become=False
become_user="root"
become_ask_pass=True
become_method="sudo"
ansible_python_interpreter="/usr/bin/env python3"
[persistent_connection]
connection_timeout = 3600
command_timeout = 3600
[accelerate]
[selinux]
[colors]
[diff]
- hosts: dhcpd
vars:
- dhcpd:
domain: las.kit.edu
subnet: 129.13.108.0
netmask: 255.255.255.0
range_start: 129.13.108.74
range_end: 129.13.108.89
routers: 129.13.108.254
broadcast: 129.13.255.255
host_list: host-list-las
roles:
- dhcpd
......@@ -17,6 +17,7 @@ common_software:
client_software:
- gnuplot
- kpcli
- dino
admin_software:
- ansible
......@@ -35,13 +36,40 @@ desktop_software:
- thunderbird
- firefox
- libreoffice
- "https://download.bwsyncandshare.kit.edu/clients/bwSyncAndShare_Latest.x86_64.rpm"
- perl-Clipboard
- perl-Capture-Tiny
# Networking
# this should be the IP or in the sshd_config the "UseDNS" must be set to yes
ansible_server: 129.13.108.126
ansible_server: 129.13.238.126
ansible_server_ipv6: "2a00:1398:4:8200:6840:923e:1415:87f7"
nfs_server: 129.13.238.126
dns4:
- "129.13.64.5"
- "141.3.175.65" # extern
# use only two, so that IPv6 gets also at least one
# - "129.13.96.2"
dns6:
- "2a00:1398::1"
- "2a00:1398::2"
- "2a00:1398::e:1" # extern
domains:
- las.kit.edu
- scc.kit.edu
gw4: 129.13.238.65
ntp:
- ntp1.scc.kit.edu
- ntp2.scc.kit.edu
- ntp3.scc.kit.edu
- ntp4.scc.kit.edu
# Secure variables
# file: group_vars/all/vault.yml
sudoer: "{{ vault_sudoer }}"
......@@ -58,3 +86,5 @@ ipaserver2: "{{ vault_ipaserver2 }}"
ipaserver3: "{{ vault_ipaserver3 }}"
ipa_users: "{{ vault_ipa_users }}"
undine_password: "{{ vault_undine_password }}"
This diff is collapsed.
---
primary_dhcpd: 129.13.108.101
secondary_dhcpd: 129.13.108.126
---
nfs_server: 129.13.108.126
nfs_server: obelix.las.kit.edu
......@@ -67,6 +67,7 @@ texlivepackages:
- texlive-boondox
- biber
- texlive-newtx
- texlive-newtxtt # jacow
# biber dependencies
# gdbm-devel
# libdb-devel
......@@ -255,3 +256,8 @@ texlivepackages:
- texlive-fonttable
- texlive-tcolorbox
- texlive-appendixnumberbeamer
#
- texlive-textpos
# multi line table cells
- texlive-makecell
- texlive-svg
opera_path: /usr/local/share/Opera_18R2
opera_path: /usr/local/share/Opera_2020
......@@ -20,6 +20,10 @@ python3pkg:
- cmake
- python3-flake8
- python3-Cython
- nodejs
- nodejs-libs
- kf5-purpose-twitter
- npm
python2pkg: ""
......
ansible_user: root
user_account: richter
ip_suffix: 118
loc: 620
os: Fedora 28
computer_name: Amnesix
loc: 622
os: Fedora 32
computer_name: amnesix
ansible_user: root
user_account: gethmann
ip_suffix: 113
ip_suffix: 73
loc: 618
os: Fedora 27
computer_name: Asterix
os: Fedora 31
computer_name: asterix
extra_software:
- subversion # for ANKA software
- borgbackup
- mosh # ssh alternative
# keepass compatible console client
# keepass compatible console client
- kpcli
- perl-Clipboard
- perl-Capture-Tiny
......@@ -18,10 +18,55 @@ extra_software:
- neovim
- ShellCheck
- inkscape-table
# - fd-find
# - fd-find
- ripgrep
- fzf # fuzzy finder
- fd-find
- gsl-devel # Needed to compile Eva Burkhards code
- mupdf # better alternative to pdftk than pdfseparate+pdfunite
- evince # for fixing RIP errors when printing LaTeX posters
- screen
# PDL for undulator/wiggler Opera script
- perl-PDL
# Installing dependencies:
- perl-Devel-Peek
- perl-Inline
- perl-Inline-C
- perl-Pegex
- freeglut
- perl-B-Utils
- perl-Class-Load
- perl-Class-Tiny
- perl-Data-Dump-Streamer
- perl-Devel-OverloadInfo
- perl-Devel-PartialDump
- perl-Devel-REPL
- perl-Devel-REPL-Plugin-Completion
- perl-Devel-REPL-Plugin-DDS
- perl-Devel-REPL-Plugin-LexEnv
- perl-Devel-REPL-Plugin-MultiLine-PPI
- perl-File-HomeDir
- perl-File-Map
- perl-Filter-Simple
- perl-Getopt-Long-Descriptive
- perl-IPC-System-Simple
- perl-Lexical-Persistence
- perl-Module-Compile
- perl-Module-Pluggable
- perl-Moose
- perl-MooseX-Getopt
- perl-MooseX-Object-Pluggable
- perl-MooseX-Role-Parameterized
- perl-OpenGL
- perl-PPI
- perl-Parse-RecDescent
- perl-PerlIO-Layers
- perl-Pod-Parser
- perl-Prima
- perl-Text-Balanced
- perl-YAML-LibYAML
- perl-autodie
# Installing weak dependencies:
- perl-Text-Bidi
# End of PDL
- snapd
ansible_user: root
user_account: gutknecht
ip_suffix: 94
loc: 620
os: Fedora 31
computer_name: falbala
extra_software:
- zsh
ansible_user: root
user_account: widmann
ip_suffix: 112
loc: 618
os: Fedora 28
computer_name: Gutemine
user_account: blomley
loc: -119
os: Fedora 30
computer_name: faulus
extra_software:
- subversion # ANKA software
- zsh
ip_suffix: 83
ansible_user: root
user_account: gethmann
ip_suffix: 91
loc: 618
os: Fedora 32
computer_name: galantine
extra_software:
- zsh
ansible_user: root
user_account: blomley
loc: -119
os: Fedora 30
computer_name: gutemine
extra_software:
- subversion # ANKA software
- zsh
ansible_user: root
user_account: gethmann
ip_suffix: 92
loc: 618
os: Fedora 31
computer_name: homoeopatix
extra_software:
- zsh
......@@ -2,5 +2,8 @@ ansible_user: root
user_account: damminsek
ip_suffix: 117
loc: 620
os: Fedora 27
computer_name: Idefix
os: Fedora 31
computer_name: idefix
extra_software:
- mupdf
ansible_user: root
ansible_ssh_user: root
ansible_remote_user: gethmann
remote_user: gethmann
ip_suffix: 100
loc: 612
os: CentOS 7.4
computer_name: kantine
# ansible_connection: local
ansible_user: root
user_account: petri
ip_suffix: 122
loc: 621
os: Fedora 26
computer_name: Falbala
extra_software:
- freecad
ansible_user: bernhard
user_account: bernhard
ip_suffix: 127
loc: 622
os: Fedora 27
computer_name: Majestix
ansible_user: gethmann
ansible_user: root
user_account: bernhard
ip_suffix: 93
loc: -10.
loc: -119
os: ubuntu
computer_name: Taubenus
ansible_user: root
user_account: gethmann
ip_suffix: -gethmann
computer_name: lysander
loc: 618
os: Fedora 28
os: Fedora 32
extra_software:
- subversion # for ANKA software
- borgbackup
......
ansible_user: root
ansible_ssh_user: root
user_account: bernhard
ip_suffix: 70
loc: 601
os: Fedora 31
computer_name: majestix
ansible_user: root
user_account: fatehi
ip_suffix: 97
loc: 620
os: Fedora 31
computer_name: methusalix
......@@ -2,8 +2,8 @@ ansible_user: root
user_account: gethmann
ip_suffix: 126
loc: 618
os: Fedora 27
computer_name: Obelix
os: Fedora 31
computer_name: obelix
extra_software:
- borgbackup
......@@ -2,8 +2,8 @@ ansible_user: root
user_account: ning
ip_suffix: 115
loc: 619
os: Fedora 29
computer_name: Costa Y Bravo
os: Fedora 31
computer_name: pepe
extra_software:
- python-qt5
......
......@@ -3,5 +3,5 @@ ansible_user: root
user_account: rossmanith
ip_suffix: 116
loc: 619
os: Fedora 27
computer_name: Spürnix
os: Fedora 29
computer_name: spuernix
......@@ -3,4 +3,4 @@ user_account: tong
ip_suffix: 120
loc: 621
os: Fedora 28
computer_name: Teefax
computer_name: teefax
ansible_user: root
user_account: bernhard
loc: -119
os: Fedora 31
computer_name: titania
ip_suffix: 105
extra_software:
- subversion # ANKA software
- zsh
ansible_user: root
user_account: fatehi
ip_suffix: 96
loc: 619
os: Fedora 31
computer_name: troubadix
ansible_user: root
user_account: tong
loc: -119
os: Fedora 31
computer_name: ueberdrus
extra_software:
- subversion # ANKA software
ip_suffix: 74
# stable
[clients]
las112.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las116.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
# las122.las.kit.edu
las126.las.kit.edu
las-gethmann.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
falbala.las.kit.edu
faulus.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
majestix.las.kit.edu
methusalix.las.kit.edu
obelix.las.kit.edu
pepe.las.kit.edu
spuernix.las.kit.edu
teefax.las.kit.edu
troubadix.las.kit.edu
titania.las.kit.edu
ueberdrus.las.kit.edu
[desktop]
las112.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las116.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
# las122.las.kit.edu
las-gethmann.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
falbala.las.kit.edu
faulus.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
majestix.las.kit.edu
methusalix.las.kit.edu
pepe.las.kit.edu
spuernix.las.kit.edu
teefax.las.kit.edu
troubadix.las.kit.edu
titania.las.kit.edu
ueberdrus.las.kit.edu
[graphics]
las113.las.kit.edu
las-gethmann.las.kit.edu
las118.las.kit.edu
asterix.las.kit.edu
lysander.las.kit.edu
amnesix.las.kit.edu
galantine.las.kit.edu
homoeopatix.las.kit.edu
[lasarchiv]
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu
las127.las.kit.edu
las-gethmann.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
falbala.las.kit.edu
faulus.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
majestix.las.kit.edu
methusalix.las.kit.edu
obelix.las.kit.edu
pepe.las.kit.edu
teefax.las.kit.edu
troubadix.las.kit.edu
titania.las.kit.edu
ueberdrus.las.kit.edu
[python]
las112.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
las-gethmann.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
falbala.las.kit.edu
faulus.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
methusalix.las.kit.edu
pepe.las.kit.edu
teefax.las.kit.edu
troubadix.las.kit.edu
titania.las.kit.edu
ueberdrus.las.kit.edu
[kdev] # KDevelope
[jabref]
[zotero]
las113.las.kit.edu
las117.las.kit.edu
las-gethmann.las.kit.edu
idefix.las.kit.edu
[pynaff]
las-gethmann.las.kit.edu
las113.las.kit.edu
las126.las.kit.edu
lysander.las.kit.edu
asterix.las.kit.edu
obelix.las.kit.edu
[pycharm]
las-gethmann.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
lysander.las.kit.edu
asterix.las.kit.edu
pepe.las.kit.edu
idefix.las.kit.edu
ueberdrus.las.kit.edu
[chrome]
las-gethmann.las.kit.edu
lysander.las.kit.edu
[rdp]
amnesix.las.kit.edu
asterix.las.kit.edu
faulus.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
methusalix.las.kit.edu
troubadix.las.kit.edu
ueberdrus.las.kit.edu
[latex]
las112.las.kit.edu
las-gethmann.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
falbala.las.kit.edu
faulus.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
methusalix.las.kit.edu
pepe.las.kit.edu
teefax.las.kit.edu
troubadix.las.kit.edu
titania.las.kit.edu
ueberdrus.las.kit.edu
[opera]
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las126.las.kit.edu
las127.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
majestix.las.kit.edu
methusalix.las.kit.edu
obelix.las.kit.edu
pepe.las.kit.edu
troubadix.las.kit.edu
lysander.las.kit.edu ansible_python_interpreter=/usr/bin/python3
[mad8]
# depercated for Fedora >=26
[nfs-server]
las126.las.kit.edu
[nfsserver]
obelix.las.kit.edu
# developement
[dhcpd]
las101.las.kit.edu
las126.las.kit.edu
[lab]
# las93.las.kit.edu
faulus.las.kit.edu ansible_python_interpreter=/usr/bin/python3
gutemine.las.kit.edu ansible_python_interpreter=/usr/bin/python3
titania.las.kit.edu ansible_python_interpreter=/usr/bin/python3
ueberdrus.las.kit.edu ansible_python_interpreter=/usr/bin/python3
[rpmbuild]
las113.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu
lysander.las.kit.edu
[elegant]
las113.las.kit.edu
las117.las.kit.edu
las126.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
falbala.las.kit.edu ansible_python_interpreter=/usr/bin/python3
galantine.las.kit.edu ansible_python_interpreter=/usr/bin/python3
homoeopatix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
idefix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
lysander.las.kit.edu ansible_python_interpreter=/usr/bin/python3
majestix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
methusalix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
obelix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
pepe.las.kit.edu ansible_python_interpreter=/usr/bin/python3
spuernix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
[epics]
las112.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu
faulus.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
majestix.las.kit.edu
pepe.las.kit.edu
titania.las.kit.edu
ueberdrus.las.kit.edu
[ripgrep]
las101.las.kit.edu
las113.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu
lysander.las.kit.edu
[inovesa]
las113.las.kit.edu
asterix.las.kit.edu
obelix.las.kit.edu # ansible_connection=local
galantine.las.kit.edu
homoeopatix.las.kit.edu
pepe.las.kit.edu
[ipynb] # Jupyter notebook
las117.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
las-gethmann.las.kit.edu
idefix.las.kit.edu
teefax.las.kit.edu
lysander.las.kit.edu
# semi stable
[tgu]
las115.las.kit.edu
pepe.las.kit.edu
faulus.las.kit.edu
gutemine.las.kit.edu
[local]
127.0.0.1 ansible_connection=local
# 127.0.0.1 ansible_connection=local
[admin_pcs]
las101.las.kit.edu
las113.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu
homoeopatix.las.kit.edu
lysander.las.kit.edu
[server]
las101.las.kit.edu
- hosts: lab
vars:
- dhcpd:
domain: maglab
subnet: 192.168.0.0
netmask: 255.255.255.0
range_start: 192.168.0.1
range_end: 192.168.0.100
routers: 192.168.0.10
broadcast: 192.168.0.255
host_list: host-list-maglab
roles:
- dhcpd
- lab
---
- include: common.yml
- include: clients.yml
tags: client
- include: lasarchiv.yml
- include: opera.yml
- include: desktop.yml
- include: elegant.yml
- include: epics.yml
- hosts: nfs-server
- hosts: nfsserver
roles:
- nfs-server
tags: nfs-server
......
- hosts: rdp
roles:
- rdp
client
remote 141.52.8.19
port 1194
dev tap
proto udp
auth-user-pass
nobind
comp-lzo no
tls-version-min 1.2
ca /etc/ssl/certs/ca-bundle.crt
verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, OU=Steinbuch Centre for Computing, CN=ovpn.scc.kit.edu" subject
cipher AES-256-CBC
auth SHA384
reneg-sec 43200
verb 3
script-security 2
......@@ -41,7 +41,7 @@ ErrorPolicy stop-printer
UUID urn:uuid:c20b481d-848e-30e6-5eab-8ba9fb397809
Info Oki MC851(PS)
Location Library
DeviceURI socket://129.13.108.106/
DeviceURI socket://oki.las.kit.edu/
State Idle
StateTime 1414591314
Type 8433756
......
......@@ -3,4 +3,6 @@
tags: printer
- import_tasks: basic_software.yml
- import_tasks: kill_x.yml
- import_tasks: vpn.yml
- import_tasks: ms_fonts.yml
tags: fonts
......@@ -2,7 +2,7 @@
- name: install fonts
become: true
dnf:
name: https://kent.dl.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm
name: "https://sourceforge.net/projects/mscorefonts2/files/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm/download?use_mirror=netcologne&ts=1566291689&use_mirror=netcologne"
state: installed
tags: fonts
when: ansible_distribution == "Fedora"
---
- name: install OpenVPN client
become: yes
dnf:
name: ["openvpn", "NetworkManager-openvpn"]
state: present
# - name: install network manager for ansible
# become: yes
# dnf:
# name: ["NetworkManager-glib", "libnm-qt-devel", "nm-connection-editor", "libsemanage-python", "policycoreutils-python"]
# state: present
- name: get configuration file from SCC
# https://www.scc.kit.edu/dienste/10100.php
become: yes
copy:
src: kit-vpn2vlan.ovpn
dest: /etc/kit-vpn2vlan.ovpn
backup: yes
when: ansible_distribution == "Fedora"
# unfortunately you have to install the VPN on your own using the GUI tool NetworkManager.
# Configuration file for NetworkManager.
#
# See "man 5 NetworkManager.conf" for details.
#
# The directories /usr/lib/NetworkManager/conf.d/ and /run/NetworkManager/conf.d/
# can contain additional configuration snippets installed by packages. These files are
# read before NetworkManager.conf and have thus lowest priority.
# The directory /etc/NetworkManager/conf.d/ can contain additional configuration
# snippets. Those snippets are merged last and overwrite the settings from this main
# file.
#
# The files within one conf.d/ directory are read in asciibetical order.
#
# If /etc/NetworkManager/conf.d/ contains a file with the same name as
# /usr/lib/NetworkManager/conf.d/, the latter file is shadowed and thus ignored.
# Hence, to disable loading a file from /usr/lib/NetworkManager/conf.d/ you can
# put an empty file to /etc with the same name. The same applies with respect
# to the directory /run/NetworkManager/conf.d where files in /run shadow
# /usr/lib and are themselves shadowed by files under /etc.
#
# If two files define the same key, the one that is read afterwards will overwrite
# the previous one.
[main]
#plugins=ifcfg-rh,ibft
dhcp=dhclient
[logging]
# When debugging NetworkManager, enabling debug logging is of great help.
#
# Logfiles contain no passwords and little sensitive information. But please
# check before posting the file online. You can also personally hand over the
# logfile to a NM developer to treat it confidential. Meet us on #nm on freenode.
# Please post full logfiles except minimal modifications of private data.
#
# You can also change the log-level at runtime via
# $ nmcli general logging level TRACE domains ALL
# However, usually it's cleaner to enable debug logging
# in the configuration and restart NetworkManager so that
# debug logging is enabled from the start.
#
# You will find the logfiles in syslog, for example via
# $ journalctl -u NetworkManager
#
# Note that debug logging of NetworkManager can be quite verbose. Some messages
# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst
# in man journald.conf). Please disable rate-limiting before collecting debug logs.
#
#level=TRACE
#domains=ALL
[commands]
# What kind of upgrade to perform:
# default = all available upgrades
# security = only the security upgrades
upgrade_type = security
random_sleep = 0
# To just receive updates use dnf-automatic-notifyonly.timer
# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes
# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = yes
[emitters]
# Name to use for this system in messages that are emitted. Default is the
# hostname.
# system_name = my-host
# How to send messages. Valid options are stdio, email and motd. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via includes motd, /etc/motd file will have the messages. if
# emit_via includes command_email, then messages will be send via a shell
# command compatible with sendmail.
# Default is email,stdio.
# If emit_via is None or left blank, no messages will be sent.
emit_via = motd,stdio
[email]
# The address to send email messages from.
email_from = root@localhost
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
[command]
# The shell command to execute. This is a Python format string, as used in
# str.format(). The format function will pass a shell-quoted argument called
# `body`.
# command_format = "cat"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
[command_email]
# The shell command to use to send email. This is a Python format string,
# as used in str.format(). The format function will pass shell-quoted arguments
# called body, subject, email_from, email_to.
# command_format = "mail -s {subject} -r {email_from} {email_to}"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
# The address to send email messages from.
email_from = root@localhost
# List of addresses to send messages to.
email_to = root
[base]
# This section overrides dnf.conf
# Use this to filter DNF core messages
debuglevel = 1
-----BEGIN CERTIFICATE-----
MIIKcjCCCVqgAwIBAgIMIKiiExs4FR9L2Kp4MA0GCSqGSIb3DQEBCwUAMHsxCzAJ
BgNVBAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxEjAQBgNVBAcM
CUthcmxzcnVoZTEqMCgGA1UECgwhS2FybHNydWhlIEluc3RpdHV0ZSBvZiBUZWNo
bm9sb2d5MQ8wDQYDVQQDDAZLSVQtQ0EwHhcNMTkwMzEzMTU0MDU0WhcNMjEwNjE0
MTU0MDU0WjCBhDELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVt
YmVyZzESMBAGA1UEBwwJS2FybHNydWhlMSowKAYDVQQKDCFLYXJsc3J1aGUgSW5z
dGl0dXRlIG9mIFRlY2hub2xvZ3kxGDAWBgNVBAMMD3dlYi5sYXMua2l0LmVkdTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKLgVunuUl0m3520OuAnewPw
N+zG0A295N4wSIS5KYflOxfmGBKKnAwefSzNvUIIOnyr+rrD2GdVG4ZMjQXmATAm
ibiQLVAYsPu+yTOfWUmwKDJCYLOCH1VkwPJbebSMTTuSGC3uRaKdtCucXX6TnHqY
jB0LPs730+KVPDFIiKps6U/SqfOmoCTr5owDiZXM75rl4sPtHSvNpsfFC1Ls6RIm
z2moISu0Q1wLdU6sPUMmvjRtv+pkPD6nMLfO0j9y6SL2z7AbOVJt+JcXZLteGW11
nQnRDOkHwpldy8xrYczIHd6bMp0hllVHSE8LsXs9H16yOy7LNkUMS8SfGFVlam84
yn5/h7jFUgHY1BCsORyfR2w5MznOWH+HIy2U+RKA3u1JlPQZtH1Q6hHR6oSRgx8O
4cf4lqgUELM2TydxEBiEupcHhiIHwleGHfTXL3ChtxSu/VyJZQcIiZ8gSDVTDrG7
bAX5rnXEoTeqvenLJAv8cAECl9J22wUCzSz3MzFpalDQY2+P7mpPxYKcRcQQxCpo
wVuKiiRw+JjN51AKkmELtZ5a/SD5JOy9PvmfAN1OUqJguxO+MbhYfp2If47Gy0ht
WuYZ47H8VFIPbVD7a8uVKX1VWKBaBvW5N4Cl7Wu/2yny3Zw+yw2XZFpPvmSNlq/T
8CYw0kFOQynCDzhrKASnAgMBAAGjggXqMIIF5jAJBgNVHRMEAjAAMA4GA1UdDwEB
/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU/hB/iqc12SwT
I7iIPJPSnPnKgLcwHwYDVR0jBBgwFoAUBBq/HJORPdPZPbDeEyPlmnD0LggwaAYD
VR0RBGEwX4IPZG5mLmxhcy5raXQuZWR1ghFtdW5pbi5sYXMua2l0LmVkdYIQcHlw
aS5sYXMua2l0LmVkdYIWc2hhcmVsYXRleC5sYXMua2l0LmVkdYIPd2ViLmxhcy5r
aXQuZWR1MH0GA1UdHwR2MHQwOKA2oDSGMmh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUv
a2l0LWNhLWcyL3B1Yi9jcmwvY2FjcmwuY3JsMDigNqA0hjJodHRwOi8vY2RwMi5w
Y2EuZGZuLmRlL2tpdC1jYS1nMi9wdWIvY3JsL2NhY3JsLmNybDCBzQYIKwYBBQUH
AQEEgcAwgb0wMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnBjYS5kZm4uZGUvT0NT
UC1TZXJ2ZXIvT0NTUDBCBggrBgEFBQcwAoY2aHR0cDovL2NkcDEucGNhLmRmbi5k
ZS9raXQtY2EtZzIvcHViL2NhY2VydC9jYWNlcnQuY3J0MEIGCCsGAQUFBzAChjZo
dHRwOi8vY2RwMi5wY2EuZGZuLmRlL2tpdC1jYS1nMi9wdWIvY2FjZXJ0L2NhY2Vy
dC5jcnQwWQYDVR0gBFIwUDAIBgZngQwBAgIwDQYLKwYBBAGBrSGCLB4wDwYNKwYB
BAGBrSGCLAEBBDARBg8rBgEEAYGtIYIsAQEEAwkwEQYPKwYBBAGBrSGCLAIBBAMJ
MIIDXgYKKwYBBAHWeQIEAgSCA04EggNKA0gAdwBvU3asMfAxGdiZAKRRFf93FRwR
2QLBACkGjbIImjfZEwAAAWl3tsubAAAEAwBIMEYCIQDleY52tBqLOUlBzrb6Dz5M
uWEXellG3NnTfBaN87g67AIhAPHCGa4Y2xNiGoTecdUngDbbj+xdQyBLFR1mFrQV
m0V9AHcAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFpd7bMqAAA
BAMASDBGAiEA/mfu1lL6ri+Ib4fRjPRkLiSzriZQgHOt+ew5UVI0YHoCIQDXtv2r
HG6aNaa9YCunjpA7Bc3w/RBjkCWmwKKoRzKzlwB2AKrnC388uNVmyGwvFpecn0Rf
aasOtFNVibL3egMBBPPNAAABaXe2y7QAAAQDAEcwRQIgOWYMd92nC6diBFP9EJk2
rvjYZMq92BSuGBKjy8P+OQQCIQCq2c2bqSRqX8biZ/WrpUgUs3CxOiX+OnUkci49
RXxCFwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABaXe2y+AA
AAQDAEcwRQIhALRrZGVHHpPLjOWbrs6xb+DCeRnXDyfZR5ttNezHZirFAiA80IU7
FTBq3H7kswcnSiK3RAs0WLd5h5NpV+CsmeNzmgB1AKS5CZC0GFgUh7sTosxncAo8
NZgE+RvfuON3zQ7IDdwQAAABaXe2y+AAAAQDAEYwRAIgbb9xvS1vv31chFtfr/nl
9GPzyx9Uo2vjIJKgk8KcTKkCIAtl6Zgda9Bnj47yTfVkbM3Tzc6ZvxOToqVVWO9v
Z4a9AHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFpd7bL2wAA
BAMARzBFAiBD2wzVFDMmTRHKnF0vZN4Yia4Z2xe11iBpYtQU5mZ3vQIhAOgfeMi9
7x96dZRZLsTs8J00KGz4NJcHX9RHRXyjeXQlAHUARJRlLrDuzq/EQAfYqP4owNrm
gr7YyzG1P9MzlrW2gagAAAFpd7bScAAABAMARjBEAh8PGD3UXg5AeqX1KK2rEZWY
jDyVOKXiaNM5uyEzGPIgAiEAuSLcjMd8cDtFuRotM+Jn9aIXiJIIcRpexcoA26PL
PJkwDQYJKoZIhvcNAQELBQADggEBAE5OhnWn7XdXaIbX16SpWHV/Qfb/4+Hzzf6F
KVl6bUJJ/maIUkmrjUWVYxHSfkL0Kx6aYL/WEdjZD0S40rjCZkEETJo3Lqy+WDgT
ChgWEGzRBvqoNDVkywevsE77K5w2HaGKogWvD8IeOu/YOfZYKqTYYFz4ej7/PUit
8TNbY0pYyEhXoKmoXsBJUvY0Fc03GJZDTevC6iEqCQOlMLprQxT/KuYthIHc/lv/
qCIlbzsml0poyglupVIwzhvarFsQUPyZGoSEHcMG82Ors9VJbTaBk28uvdtORX9m
gCkCBwb7DRxZb5US49rygRGROHqRaqlC/ASoXSznJgxUj8jL7Lc=
-----END CERTIFICATE-----
subject= /C=DE/ST=Baden-Wuerttemberg/L=Karlsruhe/O=Karlsruhe Institute of Technology/CN=KIT-CA
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIMHDrUjCTtki6w9JCuMA0GCSqGSIb3DQEBCwUAMIGVMQsw
CQYDVQQGEwJERTFFMEMGA1UEChM8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVz
IERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLEwdERk4t
UEtJMS0wKwYDVQQDEyRERk4tVmVyZWluIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
IDIwHhcNMTYxMTAzMTUyNTQ4WhcNMzEwMjIyMjM1OTU5WjB7MQswCQYDVQQGEwJE
RTEbMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlLYXJsc3J1
aGUxKjAoBgNVBAoMIUthcmxzcnVoZSBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEP
MA0GA1UEAwwGS0lULUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
1cwA90GCGWXXCQ+V4MkCc9CaPcYU0hrUc0mTyvbQ3DuOMey+w5aFI8JkmAD5CHsj
jDWe/uuANc6OR828xLoN6EV4AsNMhD9HMelYZrGuBS2nsOVlGzIIf8t+RX7pDVQg
Dc/UvczziO45HmLCoYeUDcqn9Qho8Jnuh4nXJdPCRB4UvcwtRCpYkgCeC+Llxfe4
IpdnvABTX1kwYR4TVmnAg3Mel5tLoV+WcxTdwJMpsbjFz8P11qMta53Nactef4gx
BWMSEpDlnGL+swzkUfd1s+3NQkFKBbAZ6ehZivOZc4ah4iRxB1T/5v2Tza+Hyao0
4f5SbkkD2Y1p0Z5vdMVEPwIDAQABo4ICBTCCAgEwEgYDVR0TAQH/BAgwBgEB/wIB
ATAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0gBCIwIDANBgsrBgEEAYGtIYIsHjAPBg0r
BgEEAYGtIYIsAQEEMB0GA1UdDgQWBBQEGr8ck5E909k9sN4TI+WacPQuCDAfBgNV
HSMEGDAWgBST49gyJtrV8UqlkUrg6kviogzP4TCBjwYDVR0fBIGHMIGEMECgPqA8
hjpodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWcyLWNhL3B1Yi9j
cmwvY2FjcmwuY3JsMECgPqA8hjpodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2dsb2Jh
bC1yb290LWcyLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIHdBggrBgEFBQcBAQSB0DCB
zTAzBggrBgEFBQcwAYYnaHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZl
ci9PQ1NQMEoGCCsGAQUFBzAChj5odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2Jh
bC1yb290LWcyLWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDBKBggrBgEFBQcwAoY+
aHR0cDovL2NkcDIucGNhLmRmbi5kZS9nbG9iYWwtcm9vdC1nMi1jYS9wdWIvY2Fj
ZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBAH+/QKluUYGThHAZeh5I
erhZdIN9B488jjjexsfs1p0IHjKAElUaxHdjTfHc2zENqfPtc+EKRJL04MOUWJj7
8BSR2MOWu8WrOVXYmIZAJAzH1L1eFNR6cem3d1nsnjqtqw21EQ+/O/kXb9lIK/sv
YDwudINFcdWE5UmOic9ZHSwFPb4oEeM97tG18WQkiVzKF1cM6nzLHWp78uRLwD1Q
ek1y7eX5gc8iQSvv33wTlh0ppmbDqfaMTR/X/ED7SFfd5S9CF07EXj/XWlv7ps2g
afR793FaPrPloGvghtC7pKT8uOMNBXC02Xq6drN6JlU+5k+bbSRcAd40Bqn6vyYA
RKQ=
-----END CERTIFICATE-----
subject= /C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIJAOML1fivJdmBMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJERTErMCkGA1UECgwiVC1TeXN0ZW1zIEVudGVycHJpc2UgU2VydmljZXMg
R21iSDEfMB0GA1UECwwWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjElMCMGA1UEAwwc
VC1UZWxlU2VjIEdsb2JhbFJvb3QgQ2xhc3MgMjAeFw0xNjAyMjIxMzM4MjJaFw0z
MTAyMjIyMzU5NTlaMIGVMQswCQYDVQQGEwJERTFFMEMGA1UEChM8VmVyZWluIHp1
ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUu
IFYuMRAwDgYDVQQLEwdERk4tUEtJMS0wKwYDVQQDEyRERk4tVmVyZWluIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDLYNf/ZqFBzdL6h5eKc6uZTepnOVqhYIBHFU6MlbLlz87TV0uNzvhWbBVV
dgfqRv3IA0VjPnDUq1SAsSOcvjcoqQn/BV0YD8SYmTezIPZmeBeHwp0OzEoy5xad
rg6NKXkHACBU3BVfSpbXeLY008F0tZ3pv8B3Teq9WQfgWi9sPKUA3DW9ZQ2PfzJt
8lpqS2IB7qw4NFlFNkkF2njKam1bwIFrEczSPKiL+HEayjvigN0WtGd6izbqTpEp
PbNRXK2oDL6dNOPRDReDdcQ5HrCUCxLx1WmOJfS4PSu/wI7DHjulv1UQqyquF5de
M87I8/QJB+MChjFGawHFEAwRx1npAgMBAAGjggF0MIIBcDAOBgNVHQ8BAf8EBAMC
AQYwHQYDVR0OBBYEFJPj2DIm2tXxSqWRSuDqS+KiDM/hMB8GA1UdIwQYMBaAFL9Z
IDYAeaCgImuM1fJh0rgsy4JKMBIGA1UdEwEB/wQIMAYBAf8CAQIwMwYDVR0gBCww
KjAPBg0rBgEEAYGtIYIsAQEEMA0GCysGAQQBga0hgiweMAgGBmeBDAECAjBMBgNV
HR8ERTBDMEGgP6A9hjtodHRwOi8vcGtpMDMzNi50ZWxlc2VjLmRlL3JsL1RlbGVT
ZWNfR2xvYmFsUm9vdF9DbGFzc18yLmNybDCBhgYIKwYBBQUHAQEEejB4MCwGCCsG
AQUFBzABhiBodHRwOi8vb2NzcDAzMzYudGVsZXNlYy5kZS9vY3NwcjBIBggrBgEF
BQcwAoY8aHR0cDovL3BraTAzMzYudGVsZXNlYy5kZS9jcnQvVGVsZVNlY19HbG9i
YWxSb290X0NsYXNzXzIuY2VyMA0GCSqGSIb3DQEBCwUAA4IBAQCHC/8+AptlyFYt
1juamItxT9q6Kaoh+UYu9bKkD64ROHk4sw50unZdnugYgpZi20wz6N35at8yvSxM
R2BVf+d0a7Qsg9h5a7a3TVALZge17bOXrerufzDmmf0i4nJNPoRb7vnPmep/11I5
LqyYAER+aTu/de7QCzsazeX3DyJsR4T2pUeg/dAaNH2t0j13s+70103/w+jlkk9Z
PpBHEEqwhVjAb3/4ru0IQp4e1N8ULk2PvJ6Uw+ft9hj4PEnnJqinNtgs3iLNi4LY
2XjiVRKjO4dEthEL1QxSr2mMDwbf0KJTi1eYe8/9ByT0/L3D/UqSApcb8re2z2WK
GqK1chk5
-----END CERTIFICATE-----
subject= /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2
-----BEGIN CERTIFICATE-----
MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
BSeOE6Fuwg==
-----END CERTIFICATE-----
......@@ -78,3 +78,28 @@
service:
name: smartd
state: restarted
- name: enable automatic
become: yes
systemd:
name: dnf-automatic.timer
state: started
enabled: yes
- name: enable automatic service
become: yes
service:
name: dnf-automatic.service
state: restarted
enabled: yes
- name: reload nm
become: yes
command: "nmcli connection reload"
- name: restart network
become: yes
shell: |
nmcli connection down {{ ansible_default_ipv4.interface }}
nmcli connection up {{ ansible_default_ipv4.interface }}
exit 0
---
- name: copy certificate to the hosts
become: yes
copy:
src: web.las.pub
dest: /etc/pki/ca-trust/source/anchors/web.las.pem
notify:
- "update-ca-trust"
......@@ -26,5 +26,4 @@
- name: set hostname
become: yes
hostname:
name: "las{{ ip_suffix }}.las.kit.edu"
name: "{{ computer_name }}.las.kit.edu"
---
- name: Set secret for stable privacy
become: yes
template:
src: 60-ipv6-stable-secret.j2
dest: /etc/sysctl.d/60-ipv6-stable-secret.conf
backup: yes
---
- import_tasks: etckeeper.yml
- import_tasks: hostname.yml
# - import_tasks: networking.yml
- import_tasks: networking.yml
- import_tasks: ipv6.yml
- import_tasks: sshd.yml
when: "'laptop' not in group_names"
- import_tasks: sudoer.yml
- import_tasks: sysupdate.yml
tags: update
- import_tasks: ntp.yml
- import_tasks: yumrepos.yml
tags: lasrepo
- import_tasks: software.yml
- import_tasks: smartd.yml
tags: smartd
- import_tasks: sysrq.yml
- import_tasks: certificate.yml
---
- name: Install ifcfg-KITnet
become: yes
template:
src: KITnet.j2
dest: /etc/sysconfig/network-scripts/ifcfg-KITnet
backup: yes
notify:
- reload nm
- restart network
- name: Set dhclient as dhcp client for NetworkManager (admin issue 19)
become: yes
copy:
src: NetworkManager.conf
dest: /etc/NetworkManager/NetworkManager.conf
notify:
- reload nm
- restart network
......@@ -19,3 +19,15 @@
- enable smartd
- restart smartd
when: (ansible_distribution == "Fedora" or ansible_distribution == "CentOS")
- name: configure smartd on Ubuntu
become: yes
lineinfile:
line: "DEVICESCAN -H -m {{ admin_mail }} -M exec /usr/libexec/smartmontools/smartdnotify -n standby,10,q -s (S/../.././02|L/../../6/03) -W 4,35,40"
regexp: ^DEVICESCAN .*$
backup: yes
path: /etc/smartd.conf
notify:
- enable smartd
- restart smartd
when: (ansible_distribution == "Ubuntu")
......@@ -2,14 +2,12 @@
- name: install common software
become: true
package:
name: "{{ item }}"
name: "{{ common_software }}"
state: present
with_items: "{{ common_software }}"
- name: install extra software
become: true
package:
name: "{{ item }}"
name: "{{ extra_software }}"
state: present
with_items: "{{ extra_software }}"
when: extra_software is defined
......@@ -58,13 +58,19 @@
backup: yes
notify: restart sshd
- name: Delete rootlogin-conf by anaconda
become: yes
file:
name: /etc/sysconfig/sshd-permitrootlogin
state: absent
- name: Add root key
become: yes
authorized_key:
user: root
state: present
key: "{{ rootkey }}"
key_options: 'from="{{ ansible_server }}"'
key_options: 'from="{{ ansible_server }},{{ ansible_server_ipv6 }}"'
notify: restart sshd
- name: Enable tunnel
......
......@@ -3,6 +3,6 @@
become: yes
sysctl:
name: kernel.sysrq
value: 1
value: '1'
state: present
sysctl_file: /etc/sysctl.d/90-sysrq.conf
---
- name: Updating the system
become: yes
package: name=* state=latest
package:
name: "*"
state: latest
tags:
- skip_ansible_lint
when: ansible_distribution != "Ubuntu"
- name: install autoupdate for Fedora
become: yes
package:
name: "dnf-automatic"
state: installed
when: ansible_distribution == "Fedora"
- name: configure autoupdate
become: yes
copy:
src: automatic.conf
dest: /etc/dnf/automatic.conf
mode: 0644
owner: root
group: root
when: ansible_distribution == "Fedora"
notify:
- enable automatic
# {{ ansible_managed }}
net.ipv6.conf.default.stable_secret=fd00:0:0:0:0:0:0:{{ ip_suffix }}
# {{ ansible_managed }}
# https://developer.gnome.org/NetworkManager/stable/nm-settings-ifcfg-rh.html
#
{% if ansible_default_ipv6.interface.startswith('en') %}
DEVICE={{ ansible_default_ipv6.interface }}
HWADDR={{ ansible_default_ipv6.macaddress }}
{% else %}
DEVICE={{ ansible_default_ipv4.interface }}
HWADDR={{ ansible_default_ipv4.macaddress }}
{% endif %}
AUTOCONNECT_PRIORITY=500
BOOTPROTO=dhcp
BROWSER_ONLY=no
DEFROUTE=yes
DHCP_SEND_HOSTNAME=no
ETHTOOL_OPTS="autoneg on"
GATEWAY={{ gw4 }}
IPV4_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_PRIVACY=no
IPV6_PRIVACY_PREFER_PUBLIC_IP=yes
NAME=KITnet
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes
PROXY_METHOD=none
TYPE=Ethernet
# ZONE=
{% for dns in dns4 %}
DNS{{ loop.index }}={{ dns }}
{% endfor %}
DOMAIN="{{ domains | join(' ')}}"
This diff is collapsed.
---
- name: dhcpd installed
- name: Load OS dependent variables
include_vars: '{{ item }}'
with_first_found:
- files:
- 'vars/{{ ansible_os_family }}.yml'
errors: ignore
tags: dhcpd
- name: dhcpd installed (Debian)
become: true
dnf:
name: dhcp
state: installed
package:
name: "{{ pkg_name }}"
state: present
notify:
- start dhcpd
- enable dhcpd
......@@ -11,17 +19,15 @@
- name: copy mac addresses and config
become: true
copy:
src: "{{ item }}"
dest: "/etc/dhcp/{{ item }}"
src: "{{ dhcpd.host_list }}"
dest: "/etc/dhcp/{{ dhcpd.host_list }}"
backup: yes
owner: root
group: root
validate: /sbin/dhcpd -t -cf %s
owner: dhcpd
group: dhcpd
mode: 0644
validate: "{{ bin_path }} -t -cf %s"
decrypt: yes
notify: restart dhcpd
with_items:
- "host-list-las"