Fix hostname, iptables, openssh-sftp an xbps

2018-07-26 12:28:49 +02:00
parent e347803f62
commit 9c065bf40d
6 changed files with 37 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,6 +6,8 @@ common_apt_repositories:
  - "deb http://cdn.debian.net/debian {{ ansible_distribution_release }}-backports main contrib non-free"
  - "deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main contrib non-free"
 common_apt_upgrade_policy: ""
+common_xbps: False
+common_xbps_upgrade_policy: True

 common_hostname: True
 common_hostname_hosts_additional: []
--- a/tasks/hostname.yml
+++ b/tasks/hostname.yml
@@ -1,8 +1,18 @@
 ---
- name: set hostname
+- name: set hostname for debian
  hostname:
    name: "{{ inventory_hostname_short }}"
-  ignore_errors: yes
+  when: ansible_os_family == "Debian"
+
+- name: check hostname for void
+  command: hostname
+  register: hostname
+  when: ansible_os_family != "Debian"
+  changed_when: False
+
+- name: set hostname for void
+  command: hostname "{{ inventory_hostname_short }}"
+  when: ansible_os_family != "Debian" and hostname.stdout != inventory_hostname_short

 - name: /etc/hostname
  copy:
--- a/tasks/iptables.yml
+++ b/tasks/iptables.yml
@@ -1,13 +1,24 @@
 ---
 - name: iptables - install iptables-persistent
  package: name=iptables-persistent
+  when: ansible_os_family == "Debian"
+
+- name: iptables - install iptables
+  package: name=iptables
+  when: ansible_os_family != "Debian"

 - name: /etc/iptables/rules.v4
  template: "dest=/etc/iptables/rules.v4 src={{ common_iptables_v4 }} owner=root group=root mode=0644"
  notify:
    iptables restore

+- name: iptables - setup service for IPv4
+  service: name=iptables enabled=yes
+
 - name: /etc/iptables/rules.v6
  template: "dest=/etc/iptables/rules.v6 src={{ common_iptables_v6 }} owner=root group=root mode=0644"
  notify:
    iptables restore
+
+- name: iptables - setup service for IPv6
+  service: name=ip6tables enabled=yes
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -11,6 +11,10 @@
  when: common_apt
  tags: ['common', 'apt']

+- import_tasks: xbps.yml
+  when: common_xbps
+  tags: ['common', 'xbps']
+
 - import_tasks: locales.yml
  when: common_locales
  tags: ['common', 'locales']
--- a/tasks/openssh.yml
+++ b/tasks/openssh.yml
@@ -21,7 +21,7 @@
      src: sshd_config.j2
      owner: root
      group: root
-      mode: 0600
+      mode: 0644
      validate: '/usr/sbin/sshd -T -f %s'
  notify: reload openssh

--- a/tasks/xbps.yml
+++ b/tasks/xbps.yml
@@ -0,0 +1,7 @@
+- name: install basic tools
+  xbps: "name={{ item }} update_cache=yes"
+  with_items: "{{ common_basic_packages }}"
+
+- name: apt - upgrade system
+  xbps: "upgrade={{ common_xbps_upgrade_policy }}"
+  when: common_xbps_upgrade_policy