diff options
28 files changed, 437 insertions, 0 deletions
diff --git a/main.yml b/main.yml new file mode 100644 index 0000000..0d2c7b4 --- /dev/null +++ b/main.yml @@ -0,0 +1,5 @@ +--- +- hosts: all + remote_user: root + roles: + - common diff --git a/roles/common/files/bashrc b/roles/common/files/bashrc new file mode 100644 index 0000000..1a1ae1e --- /dev/null +++ b/roles/common/files/bashrc @@ -0,0 +1,52 @@ +# .bashrc + +# User specific aliases and functions + +alias rm='rm -i' +alias cp='cp -i' +alias mv='mv -i' +alias pop='popd' +alias up='popd' +alias myip='wget http://checkip.dyndns.org/ -O - -o /dev/null | awk "{ print \$6 }" | cut -d\< -f1' +alias f='find . -name' +alias beep='echo -e "\a"' +alias screenoff='xset dpms force off' +alias ltx='tmux ls' +alias atx='tmux attach -t' + +# Source global definitions +if [ -f /etc/bashrc ]; then + . /etc/bashrc +fi + +# Define personal variables +if [ -f $HOME/bin/setvars ]; then + . $HOME/bin/setvars +fi + +# Print fedora linux logo in interactive shell +if [ -n "$PS1" ]; then + if which linux_logo >/dev/null 2>&1; then + linux_logo -L 12 -F "Bienvenue sur l'hôte #H\n#V, Compilé #C \n#P #X #T, #R, #U" + fi +fi + +HISTSIZE=1500 +HISTIGNORE="history:exit:logout:[ ]*" + +RESET='\[$(tput sgr0)\]' +BOLD='\[$(tput bold)\]' +ULINE='\[$(tput smul)\]' + +BLUE='\[$(tput setaf 4)\]' +GREEN='\[$(tput setaf 2)\]' +RED='\[$(tput setaf 1)\]' +YELLOW='\[$(tput setaf 3)\]' +CYAN='\[$(tput setaf 6)\]' + +if [ $UID -eq 0 ]; then + PS1="$BOLD$RED\h$BLUE:$YELLOW\w$RED\\$ $RESET$RED" +else + PS1="$BOLD$GREEN\u$BLUE@$YELLOW\h$BLUE:\w$GREEN\\$ $RESET$GREEN" +fi +PS2='suite-> ' diff --git a/roles/common/files/cacert.pem b/roles/common/files/cacert.pem new file mode 100644 index 0000000..e7dfc82 --- /dev/null +++ b/roles/common/files/cacert.pem @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- diff --git a/roles/common/files/diskcheck.sh b/roles/common/files/diskcheck.sh new file mode 100755 index 0000000..820642d --- /dev/null +++ b/roles/common/files/diskcheck.sh @@ -0,0 +1,4 @@ +#!/usr/bin/bash +smartctl -t long /dev/sda +smartctl -t long /dev/sdb +smartctl -t long /dev/sdc diff --git a/roles/common/files/diskreport.sh b/roles/common/files/diskreport.sh new file mode 100755 index 0000000..95ae60a --- /dev/null +++ b/roles/common/files/diskreport.sh @@ -0,0 +1,4 @@ +#!/usr/bin/bash +smartctl -HAl error /dev/sda +smartctl -HAl error /dev/sdb +smartctl -HAl error /dev/sdc diff --git a/roles/common/files/eaureport.sh b/roles/common/files/eaureport.sh new file mode 100755 index 0000000..c7ee285 --- /dev/null +++ b/roles/common/files/eaureport.sh @@ -0,0 +1,8 @@ +#!/usr/bin/bash + +aureport -a -ts yesterday -te today +aureport -n -ts yesterday -te today +aureport -r -ts yesterday -te today +aureport -ma -i -ts yesterday -te today +aureport -l --failed -i -ts yesterday -te today +aureport -l --success -i -ts yesterday -te today diff --git a/roles/common/files/emacs.rc b/roles/common/files/emacs.rc new file mode 100644 index 0000000..29cc4fb --- /dev/null +++ b/roles/common/files/emacs.rc @@ -0,0 +1,17 @@ +;; .emacs + +(custom-set-variables + ;; uncomment to always end a file with a newline + ;'(require-final-newline t) + ;; uncomment to disable loading of "default.el" at startup + ;'(inhibit-default-init t) + ;; default to unified diffs + '(diff-switches "-u")) + +;;; uncomment for CJK utf-8 support for non-Asian users +;; (require 'un-define) +(menu-bar-mode 0) + +;; pour mutt: +(server-start) +(add-to-list 'auto-mode-alist '("/mutt" . mail-mode)) diff --git a/roles/common/files/id_rsa.pub b/roles/common/files/id_rsa.pub new file mode 100644 index 0000000..d5de22c --- /dev/null +++ b/roles/common/files/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDJtcIjcWlTvrND2a9L7yCGTJXykNbPq/k/ybySQ8cWGhiecIx4xUlR6CizRu+ZwyjtScDwjOUn6a36OzXYU9x3MPoE41mwUUkDb+MLvc+PCIx/l2e8zsYmlf9Bcvmu3nT41ijfxKl+srGQ+MoIkmBysU4obhnhyJ1Mgz6qHvctOJkTknA4TdUsL3OCw+il72HWyQkI/dJuq/NP4mxpRqF9BDLOuxCsN5wSU3ZcU+JSKIrw9XOII2Yp/PzUzPlpFcycVYCoYuSPjF8lAqSJQW6qKTBey3Q6RodSqyFOHUqSKhOt+tPPl6KWV45ETX5Eugk1crm33nzzquAy3LUItqByZykOvwSs+gsRoAR2Q6W9uBtGx7GACni9CjwbJSbkGX71UW0Kfe1vZrbgAOFe1wS3GGJqMDym1v5LwdvdVjrukcGV8a3oBDJXgawFom9bkxTah8Sm8iQKVGy4MDj9m+MH7GAKI0XhzKbJZtiOb2F0CvZ/t8ByfAoov1hvmgYyqHaUyWWIDowubSJc9ly3EazS1CTkbGciof8JoxRr7TUCp1WDTT3n2lTqxLuiaYHa+emguK2qYcUei2f/Y3xkrhhsK9Z7NAHLhUfDXASgBkUiRyeM87vWc5+8fOBWvKJvf69bcoemNZUJlzW/Jjya8aV5egrdK4oeUFWxv6K6A2wQRRauvlcLx/vTUhbqxPdL9U6bsO/nZbi2kK8v4ZrX1KCGy5iJs0rRbAY8AvbDrCH3eV5XfBCXULgRqGRQ1hhsSYzAgSVUmnrrvL1s1OiQ3e8s4yzclzkVtoDMqAi22S0fgiczi3tZ4alE4l5usaxYjIYo1uOrF8474QbXGmhMuUv0guyTu1aid6fbsAIdXWQXVdGbPdozgTJt0sD+v1Ea+xpybLPvt1yFBz6e8uFhXn7i10IyPW99Wlbb3lNlUkrshdkJ53IMLKi9PqcvCd/O4C8HyhE+6mSQe09/rg0woWP4f2ZWd3E2cpkK+aAwRP8aCZqhebPjBvaS13a4D8hMrsQiR3HKMSay5gSQkJFjEho7Uzj6moFPu00UdOJdDqg9Ss/WZgi5SmULuaTAfyisGJddN8Sq2PSI57xmtGnCpxKVW4IfmZNF9ruBq+SFPWpxTDduYLs3GXNZiM6yC8gehuCUwGOrzbFPM7kryiy1DJlZ1PzQ0Ndkig5KtqYMwsQP26r575D/eV8VnzfSaRZXk233yA3B3hGS8gIn7h+qMzlpJDl5iYU7ZweHl5Ns0ddnaDMh3ie+XNE13OsTm0fxOmUyS7CrogAqIFbkUZ13oENaLeLqrQkkke7aJrSDUbx7bevnPOeAo2WSeR2Zq6YbVsT/1I8sSQ8wZyfnMLqYLkOb fantom@fedoraproject.org diff --git a/roles/common/files/root.pem b/roles/common/files/root.pem new file mode 100644 index 0000000..eb9913d --- /dev/null +++ b/roles/common/files/root.pem @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIIGxzCCBK+gAwIBAgIJAPh0szidm4XLMA0GCSqGSIb3DQEBCwUAMIGdMQswCQYD +VQQGEwJGUjEWMBQGA1UECBMNSWxlLWRlLUZyYW5jZTENMAsGA1UEBxMERXZyeTEa +MBgGA1UEChMRTWF0dGhpZXUgU2F1bG5pZXIxIjAgBgNVBAMTGU1hdHRoaWV1IFNh +dWxuaWVyIFJvb3QgQ0ExJzAlBgkqhkiG9w0BCQEWGGZhbnRvbUBmZWRvcmFwcm9q +ZWN0Lm9yZzAeFw0xMzA4MjAwMjM5MDJaFw0yMzA4MTgwMjM5MDJaMIGdMQswCQYD +VQQGEwJGUjEWMBQGA1UECBMNSWxlLWRlLUZyYW5jZTENMAsGA1UEBxMERXZyeTEa +MBgGA1UEChMRTWF0dGhpZXUgU2F1bG5pZXIxIjAgBgNVBAMTGU1hdHRoaWV1IFNh +dWxuaWVyIFJvb3QgQ0ExJzAlBgkqhkiG9w0BCQEWGGZhbnRvbUBmZWRvcmFwcm9q +ZWN0Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL19KTkGd6tN +yVBUEqxrHyX5GTR2/jVtBXuMESluJ27CmzBLl79ITk/iVvMgPmqkoGMJzGnDYrUW +LkCu6F6+1P1MQhGvyN8sIVc7rm8kDVidsjeoYHRIDfVYCkoGdojfGjBn84IiS9wn +GY1XoltmHNSvQckt+wj2/vE3+gWTkYlTr5M0cknRrz5a4HM0bc4TL3MivE0rmy0G +UkqQ1J4T6+JDK9G0CkUuZ7JJ3RSL+wl23+Kvu2i4XEleLe2UkYIV/j1/dGhLDiTV +AgFFNFKQvVSy/RTYjjOFmxsBaqrxZ+M4l+sTPEY81WsRVGJaMMlJ0W8gODFbMJGb +7wiF51JZKmX2eu8Q8pSpz8grja+ORU2G1goJBYRdHASmIs8a78R/by+dHLpeweZH +5jegddSWXtrm9ioUJZJV9WQvIKeFsa7i6gEiCUSy/IQXWcsEVN90vJ/c/4HNxgQS +SQ/ZXKy7EkNURM6pwF9zLiv+9TZYo0+1swqrxnITZ6YWHiI5KkiHAMCcuol3UDhx +cEMrFKhRWc5NSVcD9w1ftuVWZxbjuWTfQtgylRvVofbT8911Tz/TuBOeq7cl2iye +6GLQ5rgQNYUQcBJZ6v+W2eLBuX3kSVGUGpE7O3xqDW/gGKrQJVxtlHzmqSdv5iPy +wT8Xr0009E1lVtIr+sHrcQxb5+XDz3MFAgMBAAGjggEGMIIBAjAdBgNVHQ4EFgQU +BZCbv0I448Da7UeBD2I5ue6L+GAwgdIGA1UdIwSByjCBx4AUBZCbv0I448Da7UeB +D2I5ue6L+GChgaOkgaAwgZ0xCzAJBgNVBAYTAkZSMRYwFAYDVQQIEw1JbGUtZGUt +RnJhbmNlMQ0wCwYDVQQHEwRFdnJ5MRowGAYDVQQKExFNYXR0aGlldSBTYXVsbmll +cjEiMCAGA1UEAxMZTWF0dGhpZXUgU2F1bG5pZXIgUm9vdCBDQTEnMCUGCSqGSIb3 +DQEJARYYZmFudG9tQGZlZG9yYXByb2plY3Qub3JnggkA+HSzOJ2bhcswDAYDVR0T +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAeIszChr/fUR6H+net1CJ9WQUbl5u +3qGfFdYmkZwsEPJruTwTLfoRNJAdqmVJWQwyhrixeFvv985KbKemZ1hjrDsfrEhM +Ughxec1ZdS2571WE62ZjznI6e5Vig/9ZiUHrtj65HkZ3/Kq8OMWhFl+IcHHb/dKP +BrE+rMT8uuK54y2dH1EgVCWQX+ubVrLsQA4rlDTZ5N9NZFlgwkrpuBkCOua4XSo9 +CxQfuLmemhqM7uYeO/qIJFUexDBxpgqnCgiXH8KvSbeOWy/5/pC4X6Fc4F0hJNo5 +dgtZyhHX8RLjkU8X6fSxrAoVnLnRuWqx8fg2O+l1zsQLX2kpnhdOqyspvSMIa77i +IEWfbwU1DnEQoIqFjV44RLtyp9YGNai0zncjAvPsn0WzOvc+L4KsvNAaeJkhJM5m +IqQGR0/HDI/dfMsPWsnCCY99trDc3loRJnyd8rX39YKrleOtW5SCKiG+SSRwKWRC +lV9fhEYARaezOkBo/s2T/Z288TazTK82vL4I5BXJwJS4I/jpN0nVE3w7tNg2Oenu +NcnjreFw4SozDzPolXVCVm/+6yVXDYaooONg3Xz0iOFqa0RpJx9biWJR20UkHUDk +zW79/SFQtGaDzbZxKEc+vsPbhOYuOxHlvYgoA26RtoeiSuM8LQc7JOb7AGsKj9N7 +/eeZtulc5h5vZ2E= +-----END CERTIFICATE----- diff --git a/roles/common/files/rpmreport.sh b/roles/common/files/rpmreport.sh new file mode 100755 index 0000000..25ca420 --- /dev/null +++ b/roles/common/files/rpmreport.sh @@ -0,0 +1,3 @@ +#!/usr/bin/bash + +rpm -Va | grep -v /lib/modules/ diff --git a/roles/common/files/selinuxresto.sh b/roles/common/files/selinuxresto.sh new file mode 100755 index 0000000..22ff769 --- /dev/null +++ b/roles/common/files/selinuxresto.sh @@ -0,0 +1,2 @@ +#!/usr/bin/bash +touch /.autorelabel && echo 'SELinux: autorelabel au prochain reboot' diff --git a/roles/common/files/updates-fantom.repo b/roles/common/files/updates-fantom.repo new file mode 100644 index 0000000..e6c00d6 --- /dev/null +++ b/roles/common/files/updates-fantom.repo @@ -0,0 +1,26 @@ +[updates-fantom] +name=Fedora $releasever - $basearch - Updates on Casper's server +failovermethod=priority +baseurl=https://mirror.casperlefantom.net/pub/fedora/linux/updates/$releasever/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch +skip_if_unavailable=False + +[updates-debuginfo-fantom] +name=Fedora $releasever - $basearch - Updates - Debug on Casper's server +failovermethod=priority +baseurl=https://mirror.casperlefantom.net/pub/fedora/linux/updates/$releasever/$basearch/debug/ +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch +skip_if_unavailable=False + +[updates-source-fantom] +name=Fedora $releasever - Updates Source on Casper's server +failovermethod=priority +baseurl=https://mirror.casperlefantom.net/pub/fedora/linux/updates/$releasever/SRPMS/ +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch +skip_if_unavailable=False diff --git a/roles/common/files/updates-testing-fantom.repo b/roles/common/files/updates-testing-fantom.repo new file mode 100644 index 0000000..88542b2 --- /dev/null +++ b/roles/common/files/updates-testing-fantom.repo @@ -0,0 +1,26 @@ +[updates-testing-fantom] +name=Fedora $releasever - $basearch - Test Updates on Casper's server +failovermethod=priority +baseurl=https://mirror.casperlefantom.net/pub/fedora/linux/updates/testing/$releasever/$basearch/ +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch +skip_if_unavailable=False + +[updates-testing-debuginfo-fantom] +name=Fedora $releasever - $basearch - Test Updates Debug on Casper's server +failovermethod=priority +baseurl=https://mirror.casperlefantom.net/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/ +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch +skip_if_unavailable=False + +[updates-testing-source-fantom] +name=Fedora $releasever - Test Updates Source on Casper's server +failovermethod=priority +baseurl=https://mirror.casperlefantom.net/pub/fedora/linux/updates/testing/$releasever/SRPMS/ +enabled=0 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch +skip_if_unavailable=False diff --git a/roles/common/files/z-aidereport.sh b/roles/common/files/z-aidereport.sh new file mode 100755 index 0000000..fa56fe4 --- /dev/null +++ b/roles/common/files/z-aidereport.sh @@ -0,0 +1,4 @@ +#!/usr/bin/bash + +aide --update --verbose=20 +cp -f /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz && echo "Updated database file: aide.db.gz" diff --git a/roles/common/handlers/aide.yml b/roles/common/handlers/aide.yml new file mode 100644 index 0000000..4d5cdfc --- /dev/null +++ b/roles/common/handlers/aide.yml @@ -0,0 +1,2 @@ +- name: initialize aide + script: files/aideinit.sh diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml new file mode 100644 index 0000000..c99692e --- /dev/null +++ b/roles/common/handlers/main.yml @@ -0,0 +1,2 @@ +- include: ssh.yml +- include: aide.yml diff --git a/roles/common/handlers/ssh.yml b/roles/common/handlers/ssh.yml new file mode 100644 index 0000000..d63f84c --- /dev/null +++ b/roles/common/handlers/ssh.yml @@ -0,0 +1,2 @@ +- name: restart sshd + service: name=sshd state=restarted diff --git a/roles/common/tasks/ca.yml b/roles/common/tasks/ca.yml new file mode 100644 index 0000000..2bf0e0d --- /dev/null +++ b/roles/common/tasks/ca.yml @@ -0,0 +1,8 @@ +- name: Installation de mon autorité de certification + copy: src=root.pem dest=/etc/pki/ca-trust/source/anchors/root.pem mode=444 + +- name: Installation de l'autorité de certification CACert + copy: src=cacert.pem dest=/etc/pki/ca-trust/source/anchors/cacert.pem mode=444 + +- name: Mise à jour de la base de confiance CA + command: /usr/bin/update-ca-trust diff --git a/roles/common/tasks/cron.yml b/roles/common/tasks/cron.yml new file mode 100644 index 0000000..01846f5 --- /dev/null +++ b/roles/common/tasks/cron.yml @@ -0,0 +1,24 @@ +- name: Rapport disques durs + copy: src=diskreport.sh dest=/etc/cron.daily/diskreport.sh mode=755 + when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host" + +- name: Rapport SELinux + copy: src=eaureport.sh dest=/etc/cron.daily/eaureport.sh mode=755 + when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host" + +- name: Rapport RPM Verify + copy: src=rpmreport.sh dest=/etc/cron.daily/rpmreport.sh mode=755 + when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host" + +- name: Relabel système de fichier + copy: src=selinuxresto.sh dest=/etc/cron.monthly/selinuxresto.sh mode=755 + when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host" + +- name: Tests disques durs + copy: src=diskcheck.sh dest=/etc/cron.weekly/diskcheck.sh mode=755 + when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host" + +- name: Installation du HIDS AIDE + copy: src=z-aidereport.sh dest=/etc/cron.daily/z-aidereport.sh mode=755 + when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host" + notify: initialize aide diff --git a/roles/common/tasks/logo.yml b/roles/common/tasks/logo.yml new file mode 100644 index 0000000..bbb55e5 --- /dev/null +++ b/roles/common/tasks/logo.yml @@ -0,0 +1,14 @@ +- name: Téléchargement du paquet pour F20 + get_url: dest=/tmp/linux_logo.rpm url=http://fantom.fedorapeople.org/linux_logo-5.11-6.fc20.x86_64.rpm + when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64" + +- name: Téléchargement du paquet pour F21 + get_url: dest=/tmp/linux_logo.rpm url=http://fantom.fedorapeople.org/linux_logo-5.11-6.fc21.x86_64.rpm + when: ansible_distribution_version|int == 21 and ansible_architecture == "x86_64" + +- name: Installation du paquet + yum: pkg=/tmp/linux_logo.rpm state=installed + +- name: Ajout du paquet linux_logo en Exclude (yum) + lineinfile: dest=/etc/yum.conf create=yes state=present insertafter=EOF + line="exclude=linux_logo" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..c302662 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,30 @@ +- name: Configutation démon SSH + include: ssh.yml + +- name: Installation des fichiers RC + include: rc.yml + +- name: Installation des points de montage standard + include: mnt.yml + +- name: Configurations variables fichier setvars + include: setvars.yml + +- name: Configuration démon Cron + include: cron.yml + +- name: Gestion des Autorités de Certification + include: ca.yml + +- name: Configuration Yum + include: yum.yml + +- name: Installation linux_logo Fedora + include: logo.yml + when: ansible_distribution == "Fedora" + +- name: Mise à jour et dépôt de mise à jour + include: update.yml + +- name: Installation des logiciels de base + include: pkgs.yml diff --git a/roles/common/tasks/mnt.yml b/roles/common/tasks/mnt.yml new file mode 100644 index 0000000..60c2397 --- /dev/null +++ b/roles/common/tasks/mnt.yml @@ -0,0 +1,23 @@ +- name: Point de montage nfs1 + file: name=/mnt/nfs1/ state=directory + +- name: Point de montage nfs2 + file: name=/mnt/nfs2/ state=directory + +- name: Point de montage iso1 + file: name=/mnt/iso1/ state=directory + +- name: Point de montage iso2 + file: name=/mnt/iso2/ state=directory + +- name: Point de montage lv1 + file: name=/mnt/lv1/ state=directory + +- name: Point de montage lv2 + file: name=/mnt/lv2/ state=directory + +- name: Point de montage part1 + file: name=/mnt/part1/ state=directory + +- name: Point de montage part2 + file: name=/mnt/part2/ state=directory diff --git a/roles/common/tasks/pkgs.yml b/roles/common/tasks/pkgs.yml new file mode 100644 index 0000000..71438f0 --- /dev/null +++ b/roles/common/tasks/pkgs.yml @@ -0,0 +1,52 @@ +- name: Installation des paquets + yum: name={{ item }} state=present + with_items: + - aide + - emacs-nox + - iotop + - nmap + - yum-plugin-fastestmirror + - yum-plugin-verify + - screen + - powertop + - postfix + - ipset + - patch + - gpm + - elinks + - vim-enhanced + - mutt + - nfs-utils + - tcpdump + - bind-utils + - tar + +- name: Installation des paquets Centos + yum: name={{ item }} state=present + with_items: + - ntp + when: ansible_distribution == "CentOS" + +- name: Installation des paquets Fedora + yum: name={{ item }} state=present + with_items: + - tmux + - htop + - glances + - iftop + - bvi + - whois + - systemd-analyze + - rpmconf + - colordiff + - mined + - fpaste + - wget + - bash-completion + - pbzip2 + - pxz + - scapy + - testdisk + - steghide + - chrony + when: ansible_distribution == "Fedora" diff --git a/roles/common/tasks/rc.yml b/roles/common/tasks/rc.yml new file mode 100644 index 0000000..a7ce235 --- /dev/null +++ b/roles/common/tasks/rc.yml @@ -0,0 +1,11 @@ +- name: Root bashrc + copy: src=bashrc dest=/root/.bashrc mode=644 + +- name: Root emacs rc + copy: src=emacs.rc dest=/root/.emacs mode=644 + +- name: Squelette bashrc + copy: src=bashrc dest=/etc/skel/.bashrc mode=644 + +- name: Squelette emacs rc + copy: src=emacs.rc dest=/etc/skel/.emacs mode=644 diff --git a/roles/common/tasks/setvars.yml b/roles/common/tasks/setvars.yml new file mode 100644 index 0000000..5ace00c --- /dev/null +++ b/roles/common/tasks/setvars.yml @@ -0,0 +1,3 @@ +- name: Configuration de la variable EDITOR + lineinfile: dest=/root/bin/setvars create=yes state=present + line="export EDITOR=emacs" diff --git a/roles/common/tasks/ssh.yml b/roles/common/tasks/ssh.yml new file mode 100644 index 0000000..09fae77 --- /dev/null +++ b/roles/common/tasks/ssh.yml @@ -0,0 +1,7 @@ +- name: Installation de la clé ssh pour l'utilisateur root + authorized_key: user=root key="{{lookup('file', 'id_rsa.pub') }}" manage_dir=yes + +- name: Accès uniquement par clé ssh + lineinfile: dest=/etc/ssh/sshd_config state=present backrefs=yes regexp="^PasswordAuthentication yes" + line="PasswordAuthentication no" + notify: restart sshd diff --git a/roles/common/tasks/update.yml b/roles/common/tasks/update.yml new file mode 100644 index 0000000..065576d --- /dev/null +++ b/roles/common/tasks/update.yml @@ -0,0 +1,15 @@ +- name: Installation du miroir local updates + copy: src=updates-fantom.repo dest=/etc/yum.repos.d/updates-fantom.repo + when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64" + +- name: Désactivation du dépôt Updates + lineinfile: dest=/etc/yum.repos.d/fedora-updates.repo state=present backrefs=yes regexp="^enabled=1" + line="enabled=0" + when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64" + +- name: Installation du miroir updates-testing + copy: src=updates-testing-fantom.repo dest=/etc/yum.repos.d/updates-testing-fantom.repo + when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64" + +- name: Mise à jour de tous les paquets du système + yum: name=* state=latest diff --git a/roles/common/tasks/yum.yml b/roles/common/tasks/yum.yml new file mode 100644 index 0000000..d7584c0 --- /dev/null +++ b/roles/common/tasks/yum.yml @@ -0,0 +1,12 @@ +- name: Affichage historique + lineinfile: dest=/etc/yum.conf create=yes state=present insertafter=EOF + line="history_list_view=cmds" + +- name: Clean requirements on remove + lineinfile: dest=/etc/yum.conf create=yes state=present insertafter=EOF + line="clean_requirements_on_remove=1" + +- name: Désactivation delta rpm + lineinfile: dest=/etc/yum.conf create=yes state=present insertafter=EOF + line="deltarpm=0" + when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64" |