diff options
-rw-r--r-- | playbooks/travel.yml | 21 | ||||
-rw-r--r-- | playbooks/untravel.yml | 21 | ||||
-rw-r--r-- | playbooks/update.yml | 7 | ||||
-rw-r--r-- | roles/common/files/reboot-auto.crontab | 2 | ||||
-rw-r--r-- | roles/common/tasks/aide.yml | 4 | ||||
-rw-r--r-- | roles/common/tasks/cron.yml | 7 | ||||
-rw-r--r-- | roles/common/tasks/logo.yml | 4 | ||||
-rw-r--r-- | roles/dnsserver/tasks/pkgs.yml | 4 | ||||
-rw-r--r-- | roles/torrelay/tasks/#main.yml# | 79 | ||||
-rw-r--r-- | roles/torrelay/tasks/main.yml | 8 |
10 files changed, 17 insertions, 140 deletions
diff --git a/playbooks/travel.yml b/playbooks/travel.yml deleted file mode 100644 index 3ef9e7e..0000000 --- a/playbooks/travel.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- hosts: blackbird - remote_user: root - tasks: - - name: Désactive le miroir du réseau local - ini_file: dest=/etc/yum.repos.d/updates-fantom.repo - section=updates-fantom - option=enabled - value=0 - - - name: Active le dépôt Updates - ini_file: dest=/etc/yum.repos.d/fedora-updates.repo - section=updates - option=enabled - value=1 - - - name: Active Delta RPM - ini_file: dest=/etc/yum.conf - section=main - option=deltarpm - value=1 diff --git a/playbooks/untravel.yml b/playbooks/untravel.yml deleted file mode 100644 index 1a04a0e..0000000 --- a/playbooks/untravel.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- hosts: blackbird - remote_user: root - tasks: - - name: Désactive le dépôt Updates - ini_file: dest=/etc/yum.repos.d/fedora-updates.repo - section=updates - option=enabled - value=0 - - - name: Active le miroir du réseau local - ini_file: dest=/etc/yum.repos.d/updates-fantom.repo - section=updates-fantom - option=enabled - value=1 - - - name: Désactive Delta RPM - ini_file: dest=/etc/yum.conf - section=main - option=deltarpm - value=0 diff --git a/playbooks/update.yml b/playbooks/update.yml index 58cd0be..844bb2d 100644 --- a/playbooks/update.yml +++ b/playbooks/update.yml @@ -13,10 +13,3 @@ register: update2 when: ansible_pkg_mgr == "dnf" -- hosts: - - reboot - remote_user: root - tasks: - - name: Reboot automatique - command: reboot - when: update1.changed == true or update2.changed == true diff --git a/roles/common/files/reboot-auto.crontab b/roles/common/files/reboot-auto.crontab new file mode 100644 index 0000000..c7b6983 --- /dev/null +++ b/roles/common/files/reboot-auto.crontab @@ -0,0 +1,2 @@ +# Reboot du Dimanche +40 4 * * 7 root systemctl reboot diff --git a/roles/common/tasks/aide.yml b/roles/common/tasks/aide.yml index 919a3a7..f14da74 100644 --- a/roles/common/tasks/aide.yml +++ b/roles/common/tasks/aide.yml @@ -1,10 +1,10 @@ - name: Installation du HIDS AIDE yum: name=aide state=present - when: ansible_distribution == "CentOS" + when: ansible_pkg_mgr == "yum" - name: Installation du HIDS AIDE dnf: name=aide state=present - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 + when: ansible_pkg_mgr == "dnf" - name: Activation Cron du HIDS AIDE copy: src=aidereport.sh dest=/etc/cron.daily/z-aidereport.sh mode=755 diff --git a/roles/common/tasks/cron.yml b/roles/common/tasks/cron.yml index 5abc63f..05013bf 100644 --- a/roles/common/tasks/cron.yml +++ b/roles/common/tasks/cron.yml @@ -1,10 +1,10 @@ - name: Installation démon Cron yum: name=crontabs state=present - when: ansible_distribution == "CentOS" + when: ansible_pkg_mgr == "yum" - name: Installation démon Cron dnf: name=crontabs state=present - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 + when: ansible_pkg_mgr == "dnf" - name: Rapport disques durs template: src=diskreport.sh.j2 dest=/etc/cron.daily/diskreport.sh mode=755 @@ -21,3 +21,6 @@ - name: Rapport d'uptime des machines physiques copy: src=uptimereport.sh dest=/etc/cron.weekly/a-uptimereport.sh mode=755 when: ansible_virtualization_role == "NA" or ansible_virtualization_role == "host" + +- name: Reboot automatique + copy: src=reboot-auto.crontab dest=/etc/cron.d/reboot-auto mode=644 diff --git a/roles/common/tasks/logo.yml b/roles/common/tasks/logo.yml index 5d08b63..2802bc4 100644 --- a/roles/common/tasks/logo.yml +++ b/roles/common/tasks/logo.yml @@ -11,11 +11,11 @@ section=main option=exclude value=linux_logo - when: ansible_distribution == "Fedora" and ansible_distribution_version|int <= 21 + when: ansible_pkg_mgr == "yum" - name: Ajout linux_logo en Exclude (dnf) ini_file: dest=/etc/dnf/dnf.conf section=main option=exclude value=linux_logo - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 + when: ansible_pkg_mgr == "dnf" diff --git a/roles/dnsserver/tasks/pkgs.yml b/roles/dnsserver/tasks/pkgs.yml index e112954..256b8d7 100644 --- a/roles/dnsserver/tasks/pkgs.yml +++ b/roles/dnsserver/tasks/pkgs.yml @@ -1,7 +1,7 @@ - name: Installation de bind yum: name=bind state=present - when: ansible_distribution == "CentOS" + when: ansible_pkg_mgr == "yum" - name: Installation de bind dnf: name=bind state=present - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 + when: ansible_pkg_mgr == "dnf" diff --git a/roles/torrelay/tasks/#main.yml# b/roles/torrelay/tasks/#main.yml# deleted file mode 100644 index 4865bea..0000000 --- a/roles/torrelay/tasks/#main.yml# +++ /dev/null @@ -1,79 +0,0 @@ -## paquet pourri -##- name: Installation du paquet centos6 Tor depuis torproject.org -## yum: name=https://deb.torproject.org/torproject.org/rpm/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/tor-{{ versionupstream }}-tor.1.rh6_7.{{ ansible_architecture }}.rpm state=present -## when: ansible_distribution == "CentOS" and ansible_distribution_major_version|int == 6 - -- name: Installation du paquet centos Tor depuis torproject.org - yum: name=https://deb.torproject.org/torproject.org/rpm/el/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}/tor-{{ versionupstream }}-tor.1.rh7_1_1503.{{ ansible_architecture }}.rpm state=present - when: ansible_distribution == "CentOS" and ansible_distribution_major_version|int == 7 - -- name: Installation du paquet Tor depuis le dépôt - yum: name=tor state=present - when: ansible_distribution == "Fedora" and ansible_distribution_version|int <= 21 - -- name: Installation du paquet Tor depuis le dépôt - dnf: name=tor state=present - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 - -- name: Installation de paquets optionnels depuis le dépôt - yum: name={{ item }} state=present - with_items: - - tor-arm - - proxychains - when: ansible_distribution == "Fedora" and ansible_distribution_version|int <= 21 - -- name: Installation de paquets optionnels depuis le dépôt - dnf: name={{ item }} state=present - with_items: - - tor-arm - - proxychains - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 - -- name: Configuration de proxychains - copy: src=proxychains.conf dest=/etc/proxychains.conf - mode=644 - when: ansible_distribution == "Fedora" - -- name: Création des répertoires de base - file: path=/usr/local/share/tor state=directory - -- name: Installation de la page d'accueil html - copy: src=tor-exit-notice.html dest=/usr/local/share/tor/tor-exit-notice.html - mode=644 - -- name: Configuration du service - template: src=keys.j2 dest=/etc/tor/torrc - owner=root - group=root - mode=644 - -- name: Ouverture des ports Firewalld standards - firewalld: port={{ item[0] }} permanent={{ item[1] }} state=enabled - with_nested: - - [ '9001/tcp', '9030/tcp' ] - - [ 'true', 'false' ] - when: ansible_distribution == "Fedora" and is_public is defined - -- name: Ouverture des ports Firewalld spéciaux - firewalld: service={{ item[0] }} permanent={{ item[1] }} state=enabled - with_nested: - - [ 'http', 'https' ] - - [ 'true', 'false' ] - when: ansible_distribution == "Fedora" and is_gardian is defined - -- name: Déploiement du module SELinux pour hidden_services - copy: src=tor-selinux-f22-policy-module.pp dest=/root/tor-selinux-f22-policy-module.pp - mode=644 - when: ansible_distribution == "Fedora" - -- name: Déploiement du module SELinux pour hidden_services - copy: src=tor-selinux-centos6.6-policy-module.pp dest=/root/tor-selinux-centos6.6-policy-module.pp - mode=644 - when: ansible_distribution == "CentOS" - -- name: Configuration du booleen SELinux - seboolean: name=tor_can_network_relay state=yes persistent=yes - when: ansible_selinux.status != "disabled" and is_gardian is defined - -- name: Activation et démarrage du relai Tor - service: name=tor state=started enabled=yes diff --git a/roles/torrelay/tasks/main.yml b/roles/torrelay/tasks/main.yml index a5d8072..49ff4be 100644 --- a/roles/torrelay/tasks/main.yml +++ b/roles/torrelay/tasks/main.yml @@ -8,25 +8,25 @@ - name: Installation du paquet Tor depuis le dépôt yum: name=tor state=present - when: ansible_distribution == "Fedora" and ansible_distribution_version|int <= 21 + when: ansible_distribution == "Fedora" and ansible_pkg_mgr == "yum" - name: Installation du paquet Tor depuis le dépôt dnf: name=tor state=present - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 + when: ansible_distribution == "Fedora" and ansible_pkg_mgr == "dnf" - name: Installation de paquets optionnels depuis le dépôt yum: name={{ item }} state=present with_items: - tor-arm - proxychains - when: ansible_distribution == "Fedora" and ansible_distribution_version|int <= 21 + when: ansible_distribution == "Fedora" and ansible_pkg_mgr == "yum" - name: Installation de paquets optionnels depuis le dépôt dnf: name={{ item }} state=present with_items: - tor-arm - proxychains - when: ansible_distribution == "Fedora" and ansible_distribution_version|int >= 22 + when: ansible_distribution == "Fedora" and ansible_pkg_mgr == "dnf" - name: Configuration de proxychains copy: src=proxychains.conf dest=/etc/proxychains.conf |