Combine playbooks
This commit is contained in:
parent
12cb7842e7
commit
0686e1fc9a
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,3 +1,2 @@
|
|||||||
secrets/common.yml
|
group_vars/**
|
||||||
secrets/valkyrie.yml
|
host_vars/**
|
||||||
secrets/yggdrasil.yml
|
|
||||||
|
@ -1 +1 @@
|
|||||||
{{ hostname }}.{{ domain }}
|
{{ ansible_hostname }}.{{ domain }}
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
address {
|
address {
|
||||||
email-domain {{ hostname }}.{{ domain }};
|
email-domain {{ ansible_hostname }}.{{ domain }};
|
||||||
};
|
};
|
||||||
|
@ -35,10 +35,10 @@ smtp_tls_wrappermode = yes
|
|||||||
|
|
||||||
|
|
||||||
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
|
||||||
myhostname = {{ hostname }}.{{ domain }}
|
myhostname = {{ ansible_hostname }}.{{ domain }}
|
||||||
alias_maps = hash:/etc/aliases
|
alias_maps = hash:/etc/aliases
|
||||||
alias_database = hash:/etc/aliases
|
alias_database = hash:/etc/aliases
|
||||||
mydestination = $myhostname, {{ hostname }}, localhost
|
mydestination = $myhostname, {{ ansible_hostname }}, localhost
|
||||||
relayhost = [{{ postfix_smtp_server }}]:{{ postfix_smtp_port }}
|
relayhost = [{{ postfix_smtp_server }}]:{{ postfix_smtp_port }}
|
||||||
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
|
||||||
mailbox_size_limit = 0
|
mailbox_size_limit = 0
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
/usr/sbin/sendmail -t <<SYSTEMDMAIL
|
/usr/sbin/sendmail -t <<SYSTEMDMAIL
|
||||||
To: root
|
To: root
|
||||||
From: systemd <systemd>
|
From: systemd <systemd>
|
||||||
Subject: systemctl status $1 on {{ hostname }}
|
Subject: systemctl status $1 on {{ ansible_hostname }}
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
/usr/sbin/sendmail -t <<SYSTEMDMAIL
|
/usr/sbin/sendmail -t <<SYSTEMDMAIL
|
||||||
To: root
|
To: root
|
||||||
From: systemd <systemd>
|
From: systemd <systemd>
|
||||||
Subject: zpool status $1 on {{ hostname }}
|
Subject: zpool status $1 on {{ ansible_hostname }}
|
||||||
Content-Transfer-Encoding: 8bit
|
Content-Transfer-Encoding: 8bit
|
||||||
Content-Type: text/plain; charset=UTF-8
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
|
||||||
|
@ -1,9 +1,5 @@
|
|||||||
---
|
---
|
||||||
- hosts: yggdrasil
|
- hosts: the_nine_worlds
|
||||||
|
|
||||||
vars_files:
|
|
||||||
- secrets/common.yml
|
|
||||||
- secrets/yggdrasil.yml
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_tasks: tasks/sshd.yml
|
- import_tasks: tasks/sshd.yml
|
||||||
@ -12,15 +8,19 @@
|
|||||||
- import_tasks: tasks/mail.yml
|
- import_tasks: tasks/mail.yml
|
||||||
- import_tasks: tasks/unattended-upgrades.yml
|
- import_tasks: tasks/unattended-upgrades.yml
|
||||||
- import_tasks: tasks/fail2ban.yml
|
- import_tasks: tasks/fail2ban.yml
|
||||||
- import_tasks: tasks/systemd-mail.yml
|
|
||||||
- import_tasks: tasks/zfs-scrub.yml
|
|
||||||
- import_tasks: tasks/zfs-trim.yml
|
|
||||||
- import_tasks: tasks/fstrim.yml
|
- import_tasks: tasks/fstrim.yml
|
||||||
- import_tasks: tasks/zfsutils-cron.yml
|
|
||||||
- import_tasks: tasks/ups.yml
|
|
||||||
- import_tasks: tasks/smart.yml
|
|
||||||
- import_tasks: tasks/logs.yml
|
- import_tasks: tasks/logs.yml
|
||||||
- import_tasks: tasks/motd.yml
|
- import_tasks: tasks/motd.yml
|
||||||
- import_tasks: tasks/utils.yml
|
- import_tasks: tasks/utils.yml
|
||||||
- import_tasks: tasks/user.yml
|
- import_tasks: tasks/user.yml
|
||||||
- import_tasks: tasks/root-shell.yml
|
- import_tasks: tasks/root-shell.yml
|
||||||
|
|
||||||
|
- hosts: yggdrasil
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- import_tasks: tasks/systemd-mail.yml
|
||||||
|
- import_tasks: tasks/zfs-scrub.yml
|
||||||
|
- import_tasks: tasks/zfs-trim.yml
|
||||||
|
- import_tasks: tasks/zfsutils-cron.yml
|
||||||
|
- import_tasks: tasks/ups.yml
|
||||||
|
- import_tasks: tasks/smart.yml
|
@ -13,6 +13,6 @@
|
|||||||
- name: Configure logcheck ignores
|
- name: Configure logcheck ignores
|
||||||
template:
|
template:
|
||||||
src: ./filesystem/common/etc/logcheck/ignore.d.server/hostname.j2
|
src: ./filesystem/common/etc/logcheck/ignore.d.server/hostname.j2
|
||||||
dest: /etc/logcheck/ignore.d.server/{{ hostname }}
|
dest: /etc/logcheck/ignore.d.server/{{ ansible_hostname }}
|
||||||
group: logcheck
|
group: logcheck
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
- name: Set MotD
|
- name: Set MotD
|
||||||
copy:
|
copy:
|
||||||
src: ./filesystem/{{ hostname }}/etc/motd
|
src: ./filesystem/{{ ansible_hostname }}/etc/motd
|
||||||
dest: /etc/motd
|
dest: /etc/motd
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
20
valkyrie.yml
20
valkyrie.yml
@ -1,20 +0,0 @@
|
|||||||
---
|
|
||||||
- hosts: valkyrie
|
|
||||||
|
|
||||||
vars_files:
|
|
||||||
- secrets/common.yml
|
|
||||||
- secrets/valkyrie.yml
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- import_tasks: tasks/sshd.yml
|
|
||||||
- import_tasks: tasks/firewall.yml
|
|
||||||
- import_tasks: tasks/ntp.yml
|
|
||||||
- import_tasks: tasks/mail.yml
|
|
||||||
- import_tasks: tasks/unattended-upgrades.yml
|
|
||||||
- import_tasks: tasks/fail2ban.yml
|
|
||||||
- import_tasks: tasks/fstrim.yml
|
|
||||||
- import_tasks: tasks/logs.yml
|
|
||||||
- import_tasks: tasks/motd.yml
|
|
||||||
- import_tasks: tasks/utils.yml
|
|
||||||
- import_tasks: tasks/user.yml
|
|
||||||
- import_tasks: tasks/root-shell.yml
|
|
@ -1,3 +1,5 @@
|
|||||||
|
# Set the variables and move to group_vars/<group> and host_vars/<host> as required and encrypt.
|
||||||
|
|
||||||
# Ansible variables
|
# Ansible variables
|
||||||
ansible_port:
|
ansible_port:
|
||||||
ansible_become_password:
|
ansible_become_password:
|
||||||
@ -6,7 +8,6 @@ ansible_become_password:
|
|||||||
ssh_user:
|
ssh_user:
|
||||||
|
|
||||||
# Machine variables
|
# Machine variables
|
||||||
hostname:
|
|
||||||
domain:
|
domain:
|
||||||
subnet_address:
|
subnet_address:
|
||||||
subnet_masklen:
|
subnet_masklen:
|
Loading…
Reference in New Issue
Block a user