From 3a2319c9c58886a7938deabafc66ad4bc128c9f8 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 31 May 2020 23:12:36 +0200 Subject: move core roles to subdir --- roles/base/tasks/Debian.yml | 116 ----------------------------------------- roles/base/tasks/OpenBSD.yml | 14 ----- roles/base/tasks/intel-nic.yml | 23 -------- roles/base/tasks/main.yml | 38 -------------- 4 files changed, 191 deletions(-) delete mode 100644 roles/base/tasks/Debian.yml delete mode 100644 roles/base/tasks/OpenBSD.yml delete mode 100644 roles/base/tasks/intel-nic.yml delete mode 100644 roles/base/tasks/main.yml (limited to 'roles/base/tasks') diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml deleted file mode 100644 index 13c3c9f9..00000000 --- a/roles/base/tasks/Debian.yml +++ /dev/null @@ -1,116 +0,0 @@ ---- -- name: load distrubtion specific variables - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution_release }}.yml" - - "{{ ansible_distribution }}.yml" - skip: true - -- name: disable recommends and suggests - copy: - src: 02no-recommends - dest: /etc/apt/apt.conf.d/ - -- name: install base system tools - apt: - name: - - htop - - dstat - - lsof - - gawk - - psmisc - - less - - debian-goodies - - screen - - mtr-tiny - - tcpdump - - iptraf-ng - - unp - - dbus - - libpam-systemd - - aptitude - - ca-certificates - - file - - man-db - - manpages - - nano - state: present - -- name: install extra packages - apt: - name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}" - state: present - -- name: install rngd - when: base_entropy_generator == 'rngd' - block: - - name: install rngd - apt: - name: "{{ base_rngd_package_name }}" - state: present - - - name: make sure haveged is removed/purged - apt: - name: haveged - state: absent - purge: yes - - -- name: install haveged - when: base_entropy_generator == 'haveged' - block: - - name: install haveged - apt: - name: haveged - state: present - - - name: make sure rngd is removed/purged - apt: - name: "{{ base_rngd_package_name }}" - state: absent - purge: yes - - -- name: Ensure /root is not world accessible - file: - path: /root - mode: 0700 - owner: root - group: root - state: directory - -- name: disable net/fs/misc kernel modules - copy: - content: | - {% for item in (base_modules_blacklist | map('extract', base_modules_blacklist_) | flatten | sort | list) %} - install {{ item }} /bin/true - {% endfor %} - dest: /etc/modprobe.d/disablemod.conf - owner: root - group: root - mode: 0644 - -- name: Change various sysctl-settings, look at the sysctl-vars file for documentation - loop: "{{ base_sysctl_config | combine(base_sysctl_config_user) | dict2items }}" - loop_control: - label: "{{ item.key }} = {{ item.value }}" - sysctl: - name: "{{ item.key }}" - value: "{{ item.value }}" - sysctl_set: yes - state: present - reload: yes - ignoreerrors: yes - -- name: set kernel command line options - lineinfile: - path: /etc/default/grub - regexp: '^#?GRUB_CMDLINE_LINUX=' - line: 'GRUB_CMDLINE_LINUX="{{ install.kernel_cmdline | join(" ") }}"' - when: install is defined and install.kernel_cmdline is defined - notify: update grub - -- name: apply stability fix/workaround for machines using intel NIC - when: base_intel_nic_stability_fix - import_tasks: intel-nic.yml diff --git a/roles/base/tasks/OpenBSD.yml b/roles/base/tasks/OpenBSD.yml deleted file mode 100644 index 4b64105c..00000000 --- a/roles/base/tasks/OpenBSD.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: install base system tools - openbsd_pkg: - name: - - htop - - screen-- - - mtr-- - - nano - state: present - -- name: install extra packages - openbsd_pkg: - name: "{{ base_packages_extra_host | union(base_packages_extra_group) }}" - state: present diff --git a/roles/base/tasks/intel-nic.yml b/roles/base/tasks/intel-nic.yml deleted file mode 100644 index 2b9be474..00000000 --- a/roles/base/tasks/intel-nic.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: fetch default link options for network interfaces - slurp: - src: /usr/lib/systemd/network/99-default.link - register: base_systemd_default_link_unit - -- name: disable TSO (intel nic stability fix) - vars: - default_link_options: "{{ (base_systemd_default_link_unit.content | b64decode | from_ini)['Link'] }}" - copy: - content: | - [Match] - MACAddress={{ ansible_default_ipv4.macaddress }} - - [Link] - {% for name, value in default_link_options.items() | sort(attribute='0') %} - {{ name }}={{ value }} - {% endfor %} - - TCPSegmentationOffload=false - GenericSegmentationOffload=false - GenericReceiveOffload=false - dest: /etc/systemd/network/00-disable-offloading.link diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml deleted file mode 100644 index 5484a3a6..00000000 --- a/roles/base/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: load os/distrubtion/version specific tasks - vars: - params: - files: - - "{{ ansible_distribution_release }}.yml" - - "{{ ansible_distribution }}.yml" - - "{{ ansible_os_family }}.yml" - loop: "{{ q('first_found', params) }}" - loop_control: - loop_var: tasks_file - include_tasks: "{{ tasks_file }}" - -- name: Remove startup message from screen - lineinfile: - regexp: "^startup_message" - line: "startup_message off" - dest: /etc/screenrc - mode: 0644 - tags: - - screen - -- name: install htop config (1/2) - loop: - - /root - - /etc/skel - file: - name: "{{ item }}/.config/htop/" - state: directory - mode: 0700 - -- name: install htop config (2/2) - loop: - - /root - - /etc/skel - copy: - src: "{{ global_files_dir }}/common/htoprc" - dest: "{{ item }}/.config/htop/" -- cgit v1.2.3