Browse Source

Update common/firewall roles to support Manjaro.

master
Dan Helfman 4 months ago
parent
commit
eb68c0a830
4 changed files with 70 additions and 11 deletions
  1. 1
    0
      hosts
  2. 46
    10
      roles/common/tasks/main.yml
  3. 17
    1
      roles/firewall/tasks/main.yml
  4. 6
    0
      site.yml

+ 1
- 0
hosts View File

@@ -1 +1,2 @@
1 1
 apps.torsion.org
2
+automation.dandy

+ 46
- 10
roles/common/tasks/main.yml View File

@@ -8,19 +8,35 @@
8 8
   tags:
9 9
     - common
10 10
 
11
-- name: update packages
11
+- name: update packages on Debian
12 12
   apt: upgrade=dist update_cache=yes cache_valid_time=3600
13
+  when: ansible_distribution == "Debian"
13 14
   tags:
14 15
     - common
15 16
 
16
-- name: install sudo
17
+- name: update packages on Manjaro
18
+  pacman:
19
+    update_cache: yes
20
+    upgrade: yes
21
+  when: ansible_distribution in ["Manjaro", "Manjaro-ARM"]
22
+  tags:
23
+    - common
24
+
25
+- name: install sudo on Debian
17 26
   apt: name=sudo
27
+  when: ansible_distribution == "Debian"
28
+  tags:
29
+    - common
30
+
31
+- name: install sudo on Manjaro
32
+  pacman: name=sudo
33
+  when: ansible_distribution in ["Manjaro", "Manjaro-ARM"]
18 34
   tags:
19 35
     - common
20 36
 
21 37
 - name: create user witten
22 38
   user: name=witten
23
-        groups=sudo
39
+        groups="{{ 'wheel' if ansible_distribution in ['Manjaro', 'Manjaro-ARM'] else 'sudo' }}"
24 40
         append=yes
25 41
         password="$6$GHKgFvTaNd$QKdelNLK2.xBpRzxobTArHdpCjArEUsC4wQoSy.UXn4iRpZjuGtuKSRAi14QmP.Cs.phWdH5LuFOnTwbTSXBB1"
26 42
         shell=/bin/bash
@@ -32,6 +48,12 @@
32 48
   tags:
33 49
     - common
34 50
 
51
+- name: disable manjaro user on Manjaro
52
+  user: name=manjaro shell=/usr/bin/false
53
+  when: ansible_distribution in ["Manjaro", "Manjaro-ARM"]
54
+  tags:
55
+    - common
56
+
35 57
 - name: remove unwanted SSH options
36 58
   lineinfile:
37 59
     dest: /etc/ssh/sshd_config
@@ -93,7 +115,7 @@
93 115
   tags:
94 116
     - common
95 117
 
96
-- name: install common packages
118
+- name: install common packages on Debian
97 119
   apt:
98 120
     name:
99 121
      - fail2ban
@@ -106,17 +128,30 @@
106 128
      - tmux
107 129
      - silversearcher-ag
108 130
      - vim
131
+  when: ansible_distribution == "Debian"
132
+  register: install_result
133
+  tags:
134
+    - common
135
+
136
+- name: install common packages on Manjaro
137
+  pacman:
138
+    name:
139
+     - less
140
+     - mosh
141
+     - tmux
142
+     - vim
143
+  when: ansible_distribution in ["Manjaro", "Manjaro-ARM"]
109 144
   register: install_result
110 145
   tags:
111 146
     - common
112 147
 
113
-- name: enable rsyslog
148
+- name: enable rsyslog on Debian
114 149
   command: systemctl enable rsyslog
115
-  when: install_result.changed
150
+  when: ansible_distribution == "Debian" and install_result.changed
116 151
   tags:
117 152
     - common
118 153
 
119
-- name: remove unwanted packages
154
+- name: remove unwanted packages on Debian
120 155
   apt:
121 156
     state: absent
122 157
     purge: yes
@@ -131,11 +166,13 @@
131 166
       - sasl2-bin
132 167
       - sendmail
133 168
       - upstart
169
+  when: ansible_distribution == "Debian"
134 170
   tags:
135 171
     - common
136 172
 
137
-- name: install cron for time syncing
173
+- name: install cron for time syncing on Debian
138 174
   cron: name="sync date" special_time="daily" user="root" job="rdate -s time.nist.gov" cron_file=rdate
175
+  when: ansible_distribution == "Debian"
139 176
   tags:
140 177
     - common
141 178
 
@@ -148,7 +185,6 @@
148 185
     - common
149 186
 
150 187
 - name: set system hostname 
151
-  hostname:
152
-    name: "{{ inventory_hostname }}"
188
+  command: hostname "{{ inventory_hostname }}"
153 189
   tags:
154 190
     - common

+ 17
- 1
roles/firewall/tasks/main.yml View File

@@ -1,5 +1,21 @@
1
-- name: install ufw
1
+- name: install ufw on Debian
2 2
   apt: name=ufw
3
+  when: ansible_distribution == "Debian"
4
+  tags:
5
+    - firewall
6
+
7
+- name: install ufw on Manjaro
8
+  pacman: name=ufw
9
+  when: ansible_distribution in ["Manjaro", "Manjaro-ARM"]
10
+  tags:
11
+    - firewall
12
+
13
+# So as not to firewall ourselves off, open up SSH first thing.
14
+- name: allow SSH port in firewall
15
+  ufw:
16
+    rule: allow
17
+    port: 22
18
+    proto: tcp
3 19
   tags:
4 20
     - firewall
5 21
 

+ 6
- 0
site.yml View File

@@ -43,3 +43,9 @@
43 43
       monitoring_hostname: monitoring.torsion.org
44 44
       monitoring_email_host: mail2.torsion.org
45 45
       monitoring_email_port: 587
46
+
47
+- hosts: automation.dandy
48
+  vars_files:
49
+    - group_vars/vault.yml
50
+  roles:
51
+    - common

Loading…
Cancel
Save