base role supports openbsd now too

author: Christian Pointner <equinox@spreadspace.org> 2019-12-26 23:24:40 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2019-12-26 23:24:40 +0100
commit: f5b24e7977b5e453bde40b52f1cf7bbc1bb67ae2 (patch)
tree: 303bd1a0a0dc86e2a2a9d5a77fb75b496044094e /roles/base
parent: zsh and sshd role support debian and openbsd now (diff)
3 files changed, 149 insertions, 124 deletions
diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml
new file mode 100644
index 00000000..25195ad2
--- /dev/null
+++ b/roles/base/tasks/Debian.yml
@@ -0,0 +1,124 @@
+---
+- name: load distrubtion specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - files:
+        - "{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution }}.yml"
+      skip: true
+
+- name: disable recommends and suggests
+  copy:
+    src: 02no-recommends
+    dest: /etc/apt/apt.conf.d/
+
+- name: install base system tools
+  apt:
+    name:
+    - htop
+    - dstat
+    - lsof
+    - gawk
+    - psmisc
+    - less
+    - debian-goodies
+    - screen
+    - mtr-tiny
+    - tcpdump
+    - iptraf-ng
+    - unp
+    - dbus
+    - libpam-systemd
+    - aptitude
+    - ca-certificates
+    - file
+    - man-db
+    - manpages
+    - nano
+    state: present
+
+- name: install extra packages
+  apt:
+    name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}"
+    state: present
+
+- name: install rngd
+  when: base_entropy_generator == 'rngd'
+  block:
+  - name: install rngd
+    apt:
+      name: "{{ base_rngd_package_name }}"
+      state: present
+
+  - name: make sure haveged is removed/purged
+    apt:
+      name: haveged
+      state: absent
+      purge: yes
+
+
+- name: install haveged
+  when: base_entropy_generator == 'haveged'
+  block:
+  - name: install haveged
+    apt:
+      name: haveged
+      state: present
+
+  - name: make sure rngd is removed/purged
+    apt:
+      name: "{{ base_rngd_package_name }}"
+      state: absent
+      purge: yes
+
+
+- name: Ensure /root is not world accessible
+  file:
+    path: /root
+    mode: 0700
+    owner: root
+    group: root
+    state: directory
+
+- name: disable net/fs/misc kernel modules
+  loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"
+  lineinfile:
+    dest: /etc/modprobe.d/disablemod.conf
+    line: "install {{ item }} /bin/true"
+    create: yes
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
+  loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}"
+  loop_control:
+    label: "{{ item.key }} = {{ item.value }}"
+  sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.value }}"
+    sysctl_set: yes
+    state: present
+    reload: yes
+    ignoreerrors: yes
+
+- name: set kernel command line options
+  lineinfile:
+    path: /etc/default/grub
+    regexp: '^#?GRUB_CMDLINE_LINUX='
+    line: 'GRUB_CMDLINE_LINUX="{{ install.kernel_cmdline | join(" ") }}"'
+  when: install is defined and install.kernel_cmdline is defined
+  notify: update grub
+
+- name: disable TSO (intel nic stability fix)
+  when: base_intel_nic_stability_fix
+  copy:
+    content: |
+      [Match]
+      MACAddress={{ ansible_default_ipv4.macaddress }}
+
+      [Link]
+      TCPSegmentationOffload=false
+      GenericSegmentationOffload=false
+      GenericReceiveOffload=false
+    dest: /etc/systemd/network/00-disable-offloading.link
diff --git a/roles/base/tasks/OpenBSD.yml b/roles/base/tasks/OpenBSD.yml
new file mode 100644
index 00000000..4b64105c
--- /dev/null
+++ b/roles/base/tasks/OpenBSD.yml
@@ -0,0 +1,14 @@
+---
+- name: install base system tools
+  openbsd_pkg:
+    name:
+    - htop
+    - screen--
+    - mtr--
+    - nano
+    state: present
+
+- name: install extra packages
+  openbsd_pkg:
+    name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}"
+    state: present
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 3f1d9bee..5484a3a6 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -1,72 +1,15 @@
 ---
-- name: load distrubtion specific variables
-  include_vars: "{{ item }}"
-  with_first_found:
-    - files:
-        - "{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution }}.yml"
-      skip: true
-
-- name: disable recommends and suggests
-  copy:
-    src: 02no-recommends
-    dest: /etc/apt/apt.conf.d/
-
-- name: install base system tools
-  apt:
-    name:
-    - htop
-    - dstat
-    - lsof
-    - gawk
-    - psmisc
-    - less
-    - debian-goodies
-    - screen
-    - mtr-tiny
-    - tcpdump
-    - iptraf-ng
-    - unp
-    - dbus
-    - libpam-systemd
-    - aptitude
-    - ca-certificates
-    - file
-    - man-db
-    - manpages
-    - nano
-    state: present
-
-
-- name: install rngd
-  when: base_entropy_generator == 'rngd'
-  block:
-  - name: install rngd
-    apt:
-      name: "{{ base_rngd_package_name }}"
-      state: present
-
-  - name: make sure haveged is removed/purged
-    apt:
-      name: haveged
-      state: absent
-      purge: yes
-
-
-- name: install haveged
-  when: base_entropy_generator == 'haveged'
-  block:
-  - name: install haveged
-    apt:
-      name: haveged
-      state: present
-
-  - name: make sure rngd is removed/purged
-    apt:
-      name: "{{ base_rngd_package_name }}"
-      state: absent
-      purge: yes
-
+- name: load os/distrubtion/version specific tasks
+  vars:
+    params:
+      files:
+      - "{{ ansible_distribution_release }}.yml"
+      - "{{ ansible_distribution }}.yml"
+      - "{{ ansible_os_family }}.yml"
+  loop: "{{ q('first_found', params) }}"
+  loop_control:
+    loop_var: tasks_file
+  include_tasks: "{{ tasks_file }}"
 
 - name: Remove startup message from screen
   lineinfile:
@@ -93,59 +36,3 @@
   copy:
     src: "{{ global_files_dir }}/common/htoprc"
     dest: "{{ item }}/.config/htop/"
-
-- name: Ensure /root is not world accessible
-  file:
-    path: /root
-    mode: 0700
-    owner: root
-    group: root
-    state: directory
-
-- name: disable net/fs/misc kernel modules
-  loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}"
-  lineinfile:
-    dest: /etc/modprobe.d/disablemod.conf
-    line: "install {{ item }} /bin/true"
-    create: yes
-    owner: root
-    group: root
-    mode: 0644
-
-- name: Change various sysctl-settings, look at the sysctl-vars file for documentation
-  loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}"
-  loop_control:
-    label: "{{ item.key }} = {{ item.value }}"
-  sysctl:
-    name: "{{ item.key }}"
-    value: "{{ item.value }}"
-    sysctl_set: yes
-    state: present
-    reload: yes
-    ignoreerrors: yes
-
-- name: install extra packages
-  apt:
-    name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}"
-    state: present
-
-- name: set kernel command line options
-  lineinfile:
-    path: /etc/default/grub
-    regexp: '^#?GRUB_CMDLINE_LINUX='
-    line: 'GRUB_CMDLINE_LINUX="{{ install.kernel_cmdline | join(" ") }}"'
-  when: install is defined and install.kernel_cmdline is defined
-  notify: update grub
-
-- name: disable TSO (intel nic stability fix)
-  when: base_intel_nic_stability_fix
-  copy:
-    content: |
-      [Match]
-      MACAddress={{ ansible_default_ipv4.macaddress }}
-
-      [Link]
-      TCPSegmentationOffload=false
-      GenericSegmentationOffload=false
-      GenericReceiveOffload=false
-    dest: /etc/systemd/network/00-disable-offloading.link
author	Christian Pointner <equinox@spreadspace.org>	2019-12-26 23:24:40 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2019-12-26 23:24:40 +0100
commit	f5b24e7977b5e453bde40b52f1cf7bbc1bb67ae2 (patch)
tree	303bd1a0a0dc86e2a2a9d5a77fb75b496044094e /roles/base
parent	zsh and sshd role support debian and openbsd now (diff)