+++ /dev/null
-## Server-Management
--- /dev/null
+[global]
+workgroup = WORKGROUP
+security = user
+map to guest = Bad Password
+
+[fotospeicher]
+path = /srv/samba/fotospeicher/
+public = yes
+writable = yes
+comment = Netzwerkverzeichnis fuer Fotos
+printable = no
+guest ok = no
--- /dev/null
+[global]
+workgroup = WORKGROUP
+security = user
+map to guest = Bad Password
+
+[computerraum]
+path = /srv/samba/computerraum/
+public = yes
+writable = yes
+comment = Netzwerkverzeichnis fuer den Computerraum
+printable = no
+guest ok = yes
+
+[mediencenter]
+path = /srv/samba/mediencenter/
+public = yes
+writable = yes
+comment = Netzwerkverzeichnis fuer das LibreELEC-Mediencenter
+printable = no
+guest ok = yes
+
+[nawi]
+path = /srv/samba/nawi/
+public = yes
+writable = yes
+comment = Netzwerkverzeichnis fuer den NaWi-Raum
+printable = no
+guest ok = yes
--- /dev/null
+---
+- name: bootstrap CT "accountmgt"
+ hosts: accountmgt
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "accountmgt"
+ hosts: accountmgt
+ become: true
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/lam.yml
+
+# pct create
+# pct resize
--- /dev/null
+---
+- name: bootstrap CT "anmeldapp"
+ hosts: anmeldapp
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "anmeldapp"
+ hosts: anmeldapp
+ become: true
+ vars:
+ tasks:
+ - include_tasks: fsit-smgt/library/pocketbase.yml
--- /dev/null
+---
+- name: bootstrap CT "aptproxy"
+ hosts: aptproxy
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "aptproxy"
+ hosts: aptproxy
+ become: true
+ tasks:
+ - include_tasks: fsit-smgt/library/aptcacher-ng.yml
--- /dev/null
+---
+- name: bootstrap CT "backup01"
+ hosts: backup01
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "backup01"
+ hosts: backup01
+ become: true
+ vars:
+ export_root: /srv/nfs4
+ export_share: backups
+ export_dir: /srv/backups
+ export_dir_subdir: pve
+ root_ipaddr_string: 192.168.10.0/24(rw,fsid=0,no_subtree_check)
+ dir_ipaddr_string: 192.168.10.0/24(rw,no_root_squash,no_subtree_check)
+ tasks:
+ - include_tasks: fsit-smgt/library/nfs.yml
+
+ - name: make sure the sub-directory for backups from root exists
+ ansible.builtin.file:
+ path: "{{ export_dir }}/{{ export_dir_subdir }}"
+ state: directory
+ recurse: true
+ notify:
+ - restart nfs-kernel-server service
+
+ handlers:
+ - name: restart nfs-kernel-server service
+ ansible.builtin.service:
+ name: nfs-kernel-server.service
+ state: restarted
--- /dev/null
+---
+- name: bootstrap CT "bibliothek"
+ hosts: bibliothek
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "bibliothek"
+ hosts: bibliothek
+ become: true
+ vars:
+ koha_domain: .srv.lan
+ koha_libraryname: bibliothek
+ tasks:
+ - include_tasks: fsit-smgt/library/bibliothek_koha.yml
+# Stop , wenn install einmal schon gelaufen
+# Datei erstellen:
+
+ handlers:
+ - name: restart apache
+ service:
+ name: apache2
+ state: restarted
+#Connection to the memcached servers '__MEMCACHED_SERVERS__' failed. Are the unix socket permissions set properly? Is the host reachable?
+
--- /dev/null
+---
+- name: bootstrap CT "dns-server"
+ hosts: dns10 dns20 dns30 dns40
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "dns-server"
+ hosts: dns20
+ become: true
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/pi-hole.yml
+
+# pct create
+# pct resize
--- /dev/null
+---
+- name: bootstrap CT "druckerzentrale-buero"
+ hosts: druckerzentrale-buero
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "druckerzentrale-buero"
+ hosts: druckerzentrale-buero
+ become: true
+ vars_files:
+ - vars.yml
+ - ../password-file-server.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/cups.yml
--- /dev/null
+---
+- name: bootstrap CT "druckerzentrale"
+ hosts: druckerzentrale
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "druckerzentrale"
+ hosts: druckerzentrale
+ become: true
+ vars_files:
+ - vars.yml
+ - ../password-file-server.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/cups.yml
--- /dev/null
+---
+- name: bootstrap CT "helpdesk"
+ hosts: helpdesk
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "helpdesk"
+ hosts: helpdesk
+ become: true
+ vars:
+ tasks:
+ - include_tasks: fsit-smgt/library/glpi.yml
+
+#https://glpi-install.readthedocs.io/en/latest/prerequisites.html
+#https://glpi-install.readthedocs.io/en/latest/install/index.html
+#https://neptunet.fr/install-glpi10/
+#https://www.osradar.com/how-to-install-glpi-on-debian-10-buster/
+#
+#ANSIBLE
+#
+#sudo mysql_secure_installation
+#(mysql -u root -p)
+#mysql -u root -p -e "CREATE DATABASE glpidb;"
+#mysql -u root -p -e "GRANT ALL PRIVILEGES ON glpidb.* TO 'glpiuser'@'localhost' IDENTIFIED BY '9vkgKEedBltBr9WPbB5t';"
+#mysql -u root -p -e "FLUSH PRIVILEGES;"
+#
+#sudo rm /var/www/html/index.html
+#
+#wget https://github.com/DCS-Easyware/gsit/releases/download/GSIT-9.5.10/gsit-9.5.10.tgz
+#sudo tar xvfz gsit-9.5.10.tgz -C /var/www/html/ --strip-components=1
+#
+#sudo mv /var/www/html/config/* /etc/glpi/
+#kein chown auf www-data! wird spaeter sowieso als Fehler angezeigt
+#
+#sudo mv /var/www/html/files/* /var/lib/glpi/
+#sudo chown -R root:root /var/www/html/files/ ???
+#sudo chown -R www-data /var/lib/glpi/
+#
+#
+#ANSIBLE
+#
+#wget https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5%2B4.2/fusioninventory-9.5+4.2.zip
+#sudo unzip -d /var/www/html/plugins/ fusioninventory-9.5+4.2.zip
+#
+#sudo php /var/www/html/bin/console glpi:plugin:install --username=glpi fusioninventory
+#sudo php /var/www/html/bin/console glpi:plugin:activate fusioninventory
+#
+# sudo rm /var/www/html/install/install.php
--- /dev/null
+---
+- name: bootstrap CT "homes"
+ hosts: homes
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "homes"
+ hosts: homes
+ become: true
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/nfs.yml
+
+ handlers:
+ - name: restart nfs-kernel-server service
+ ansible.builtin.service:
+ name: nfs-kernel-server.service
+ state: restarted
+
+# root@pve01:~# pct create 110 local:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst --arch amd64 --cores 1 --features mount=nfs,nesting=1 --hostname homes --memory 512 --net0 name=eth0,bridge=vmbr10,firewall=1,ip=dhcp,type=veth --ostype debian --ssh-public-keys installbox.key.pub --storage fastpool --swap 512 --unprivileged 0
+# root@pve01:~# pct resize 110 rootfs 120G ????
--- /dev/null
+---
+- name: bootstrap CT "installbox"
+ hosts: installbox
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "installbox"
+ hosts: installbox
+ become: true
+ tasks:
+ - include_tasks: fsit-smgt/library/ansible.yml
--- /dev/null
+---
+- name: bootstrap CT "intranet"
+ hosts: intranet
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "intranet"
+ hosts: intranet
+ become: true
+ tasks:
+ - include_tasks: fsit-smgt/library/lighttpd.yml
--- /dev/null
+---
+- name: bootstrap CT "ldap"
+ hosts: ldap
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "ldap"
+ hosts: ldap
+ become: true
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/openldap.yml
+
+# pct create
+# pct resize
--- /dev/null
+---
+- name: bootstrap CT "lists"
+ hosts: lists
+ remote_user: root
+ vars_files:
+ - vars.yml
+ tasks:
+ - include_tasks: fsit-smgt/library/bootstrap.yml
+- name: install CT "lists"
+ hosts: lists
+ become: true
+ vars:
+ sympa_lang: de
+ sympa_domain: lists.freie-schule-leipzig.de
+ sympa_listmaster: digital@freie-schule-leipzig.de
+ sympa_wwsympa_url: http://192.168.30.236/wws
+ tasks:
+ - include_tasks: fsit-smgt/library/sympa.yml
--- /dev/null
+# Servermanagement
+
+Ansible-Konfigurations-Management der Maschinen auf den Proxmox-Servern
+
+## Virtuelle Server
+install über PXE und debianpreseed (gleiches, wie bei den clients)
+dann weiter über host-gruppe_server_ und playbook
+
+
+## Container
+install über Proxmox-Image
+dabei wird der ssh-key vom ansible-User der installbox eingegeben
+dann weiter über playbook: ...
+
+
+## Proxmox
+nicht geplant
--- /dev/null
+#!/bin/bash
+
+# Wir brauchen: $ip $newhostname $macen $macwl
+# Der neue Rechner muss mit PXE und Preseed fertig sein
+
+ip="$1"
+newhostname="$2"
+
+# Nach den Werten fragen und in Variable schreiben,
+# wenn diese beim Aufruf vergessen wurden.
+if [ -z $ip ]
+then
+ read -p "ip-Adresse des neuen Rechners: " ip
+fi
+if [ -z $newhostname ]
+then
+ read -p "Hostname des neuen Rechners: " newhostname
+fi
+
+# temporaere hosts-Datei fuer ansible
+echo "$ip" > temphosts
+#cat temphosts
+
+# Pruefe, ob $ip in custom-list
+# wenn ja --> Abbruch
+#if grep ${ip} files/dns-pihole_custom.list
+#then
+# echo "IP bereits in dns-pihole_custom.list eingetragen"
+# echo " bitte entfernen oder andere IP auswählen! Abbruch :-("
+# exit 1
+#fi
+
+# suche in ../client-mgt/hosts nach $newhostname
+# wenn nein
+# stop,
+# Echo nicht in hosts dazhei, eingetragen, dann weiter
+if grep ${newhostname} ../client-mgt/hosts
+then
+ echo "Rechnername in hosts-Datei eingetragen, suupi!"
+else
+ echo "Rechnername fehlt in ../client-mgt/hosts. Abbruch :-("
+ exit 1
+fi
+
+# suche in /home/ansible/.ssh/known_hosts nach $ip
+# wenn ja
+ssh-keygen -f "/home/ansible/.ssh/known_hosts" -R "$ip"
+#if grep ${ip} $HOME/.ssh/known_hosts
+
+ssh -o BatchMode=yes -o ConnectTimeout=5 -o StrictHostKeyChecking=no ${ip} 'exit 0'
+if [ $? != 0 ]
+then
+ echo "Host nicht per SSH erreichbar! Abbruch :-("
+ exit 1
+fi
+
+# MAC-Adressen finden
+macen=$(ssh ${ip} cat /sys/class/net/en*/address)
+echo "MAC-Ethernet: $macen"
+macwl=$(ssh ${ip} cat /sys/class/net/wl*/address)
+echo "MAC-WLAN: $macwl"
+
+if [ -z $macwl ]
+then
+ echo "dhcp-host=${macen},${ip},${newhostname}" >> files/dns20-pihole_04-pihole-static-dhcp.conf
+else
+ echo "dhcp-host=${macen},${macwl},${ip},${newhostname}" >> files/dns20-pihole_04-pihole-static-dhcp.conf
+fi
+
+# Hostnamen aendern
+oldhostname=$(ssh ${ip} hostname)
+ssh ${ip} sudo hostnamectl set-hostname ${newhostname}
+# change in /etc/hosts
+ssh ${ip} sudo sed -i "s/$oldhostname/$newhostname/" /etc/hosts
+
+echo "$ip $newhostname" >> files/dns-pihole_custom.list
+
+echo
+echo "Prüfe, ob Host perAnsible erreichbar ist"
+ansible ${ip} -i temphosts -m ping
+
+echo
+echo "Alle DNS-Server mit neuen Listen versorgen"
+ansible-playbook pihole-update.yml
+
+echo
+echo "pruefen, ob DNS-Aufloesung fuer neuen Host funktioniert"
+ping -c 3 ${newhostname}
+
+# temporaere Dateien loeschen"
+rm temphosts
+
+echo
+echo "+++ pihole static-dhcp file +++"
+tail files/dns20-pihole_04-pihole-static-dhcp.conf
+
+echo
+echo "+++ pihole custom list"
+tail files/dns-pihole_custom.list
+
+echo
+echo "fertig?"
+echo "fertig!"
+echo " :-)"
+
+###
+#ansible ${ip} -i newhost -m ping
+#ansible ${ip} -i newhost -m gather_facts
+#ansible ${ip} -i newhost -m ansible.builtin.setup -a 'filter=ansible_wlp4s0'
+
--- /dev/null
+[baremetal]
+
+[virtualmachines]
+
+[container]
+
+[proxmox]
+
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3
--- /dev/null
+---
+- name: update pihole settings on internal dns-servers
+ hosts: dns10 dns20 dns30
+ tasks:
+ - include_tasks: fsit-smgt/library/pihole-update.yml
--- /dev/null
+---
+- name: update all CTs
+ hosts: container
+ become: yes
+ tasks:
+ - name: Update and upgrade apt packages
+ apt:
+ update_cache: yes
+ upgrade: yes
+ autoremove: yes
+- name: update all Baremetals
+ hosts: baremetal
+ become: yes
+ tasks:
+ - name: Update and upgrade apt packages
+ apt:
+ update_cache: yes
+ upgrade: yes
+ autoremove: yes
--- /dev/null
+aptproxy: ip.ip.ip.ip
--- /dev/null
+<!doctype html>
+<html lang="de">
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>Intranet - Testbild</title>
+ </head>
+ <body>
+ <img src="FuBK-Testbild.png" alt="FuBK_Testbild">
+ <p>Ups... Hier gibt es nur das alte Fernseh-Testbild.</p>
+ </body>
+</html>
--- /dev/null
+---
+- name: install server specific packages
+ ansible.builtin.apt:
+ update_cache: yes
+ pkg:
+ - ansible
+ - ansible-lint
+...
--- /dev/null
+---
+- name: install server specific packages
+ ansible.builtin.apt:
+ update_cache: yes
+ pkg:
+ - apt-cacher-ng
+...
--- /dev/null
+---
+- name: remove apt-config-file derived from preseeding
+ ansible.builtin.file:
+ path: /etc/apt/apt.conf
+ state: absent
+ when: ("baremetal" in group_names)
+- name: create apt-proxy config file
+ ansible.builtin.template:
+ src: fsit-smgt/templates/apt-proxy_01proxy.j2
+ dest: /etc/apt/apt.conf.d/01proxy
+ when: ("DMZ" not in group_names)
+- name: remove apt-config-file only for aptproxy
+ ansible.builtin.file:
+ path: /etc/apt/apt.conf.d/01proxy
+ state: absent
+ when: ("aptproxy" in inventory_hostname)
+- name: copy apt-unattended-upgrades config file
+ ansible.builtin.copy:
+ src: fsit-smgt/files/apt-unattended-upgrades_10periodic
+ dest: /etc/apt/apt.conf.d/10periodic
+- name: Update and upgrade apt packages
+ ansible.builtin.apt:
+ update_cache: yes
+ upgrade: yes
+ autoremove: true
+- name: install core-packages
+ ansible.builtin.apt:
+# update_cache: yes
+ pkg:
+ - sudo
+ - gnupg
+ - htop
+ - ncdu
+ - vim
+ - tmux
+ - gnupg2
+- name: install core-packages for bare-metal-server
+ ansible.builtin.apt:
+ pkg:
+ - inxi
+ when: ("baremetal" in group_names)
+- name: add ansible user to server
+ ansible.builtin.user:
+ name: ansible
+ shell: /bin/bash
+- name: allow "ansible"-user to have passwordless sudo
+ ansible.builtin.copy:
+ src: fsit-smgt/files/sudo_ansible
+ dest: /etc/sudoers.d/ansible
+ owner: root
+ group: root
+ mode: 0440
+- name: add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file
+ ansible.builtin.authorized_key:
+ user: ansible
+ state: present
+ manage_dir: yes
+ key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}"
+...
--- /dev/null
+---
+- name: install server specific packages
+ ansible.builtin.apt:
+ update_cache: yes
+ pkg:
+ - cups
+ - hplip
+ - printer-driver-gutenprint
+- name: cups reset settings
+ # https://github.com/OpenPrinting/cups/issues/158
+ ansible.builtin.command:
+ cmd: cupsctl --no-remote-admin --no-remote-any --no-share-printers
+- name: cups settings
+ ansible.builtin.command:
+ cmd: cupsctl --remote-admin --remote-any --share-printers
+- name: cups service neustarten
+ ansible.builtin.command:
+ cmd: systemctl restart cups
+- name: create lpadmin user
+ ansible.builtin.user:
+ name: lpadmin
+ append: true
+ groups: lpadmin
+ update_password: always
+ password: "{{ lpadminuser|password_hash('sha512') }}"
+...
--- /dev/null
+---
+- name: install server specific packages
+ ansible.builtin.apt:
+ update_cache: yes
+ pkg:
+ - apache2
+ - php
+ - libapache2-mod-php
+ - mariadb-server
+ - php-mysqli
+ - php-mbstring
+ - php-curl
+ - php-gd
+ - php-simplexml
+ - php-intl
+ - php-ldap
+ - php-apcu
+ - php-xmlrpc
+ - php-cas
+ - php-zip
+ - php-bz2
+ - php-imap
+ - unzip
+- name: create dirs for glpi
+ ansible.builtin.file:
+ path: /etc/glpi
+ state: directory
+ owner: www-data
+- name: create dirs for glpi
+ ansible.builtin.file:
+ path: /var/lib/glpi
+ state: directory
+ owner: www-data
+ group: www-data
+- name: create dirs for glpi
+ ansible.builtin.file:
+ path: /var/log/glpi
+ state: directory
+ owner: www-data
+- name: create dirs for glpi
+ ansible.builtin.file:
+ path: /var/www/html/inc
+ state: directory
+- name: write config to file
+ ansible.builtin.copy:
+ dest: /var/www/html/inc/downstream.php
+ content: |
+ <?php
+ define('GLPI_CONFIG_DIR', '/etc/glpi/');
+ if (file_exists(GLPI_CONFIG_DIR . '/local_define.php')) {
+ require_once GLPI_CONFIG_DIR . '/local_define.php';
+ }
+- name: write config to file
+ ansible.builtin.copy:
+ dest: /etc/glpi/local_define.php
+ content: |
+ <?php
+ define('GLPI_VAR_DIR', '/var/lib/glpi');
+#php.ini
+
+#-name: get glpi
+
+...
+
+
--- /dev/null
+---
+- name: One way to avoid apt_key once it is removed from your distro
+ block:
+ - name: check if keyring-file is present
+ ansible.builtin.stat:
+ path: /usr/share/keyrings/koha-keyring.gpg
+ register: stat_keyring
+ - name: somerepo |no apt key
+ ansible.builtin.shell:
+ cmd: wget -qO - https://debian.koha-community.org/koha/gpg.asc | gpg --dearmor -o /usr/share/keyrings/koha-keyring.gpg
+ when: not stat_keyring.stat.exists
+ - name: check if repo-file is present
+ ansible.builtin.stat:
+ path: /etc/apt/sources.list.d/koha.list
+ register: stat_repo
+ - name: somerepo | apt source
+ ansible.builtin.apt_repository:
+ repo: "deb [signed-by=/usr/share/keyrings/koha-keyring.gpg] https://debian.koha-community.org/koha stable main"
+ state: present
+ filename: koha
+ when: not stat_repo.stat.exists
+- name: install server specific packages
+ ansible.builtin.apt:
+ update_cache: yes
+ pkg:
+ - mariadb-server
+ - koha-common
+- name: edit config file
+ ansible.builtin.lineinfile:
+ path: /etc/koha/koha-sites.conf
+ regexp: 'DOMAIN=*'
+ line: 'DOMAIN="{{ koha_domain }}"'
+- name: apache enable a2enmod rewrite
+ ansible.builtin.command:
+ cmd: /usr/sbin/a2enmod rewrite
+# notify: restart apache
+- name: apache enable a2enmod cgi
+ ansible.builtin.command:
+ cmd: /usr/sbin/a2enmod cgi
+# notify: restart apache
+- name: apache restart
+ ansible.builtin.command:
+ cmd: systemctl restart apache2
+
+# once only
+#- name: create library instance
+# ansible.builtin.command:
+# cmd: koha-create --create-db {{ koha_libraryname }}
+
+
+- name: enable apache module for koha-plack
+ ansible.builtin.command:
+ cmd: a2enmod headers proxy_http
+# notify: restart apache
+
+#only once -> check?
+#- name: enable koha-plack
+# ansible.builtin.command:
+# cmd: koha-plack --enable {{ koha_libraryname }}
+# notify: restart apache
+
+#CHECK!
+- name: start koha-plack
+ ansible.builtin.command:
+ cmd: koha-plack --start {{ koha_libraryname }}
+# notify: restart apache
+- name: apache restart
+ ansible.builtin.command:
+ cmd: systemctl restart apache2
+
+# only once -> check how?
+- name: install german language-pack
+ ansible.builtin.command:
+ cmd: koha-translate --install de-DE
+
+# thanks to
+# https://wiki.koha-community.org/wiki/Koha_on_Debian
+# https://zefanjas.de/wie-man-koha-installiert-und-fuer-schulen-einrichtet-teil-1/
+...
--- /dev/null
+---
+- name: install server specific packages
+ ansible.builtin.apt:
+ update_cache: yes
+ pkg:
+ - ldap-account-manager
+...
--- /dev/null
+---
+- name: install server specific packages
+ apt:
+ pkg:
+ - lighttpd
+ - rsync
+- name: lighttpd - change simple-vhost config
+ ansible.builtin.replace:
+ path: /etc/lighttpd/conf-available/10-simple-vhost.conf
+ regexp: 'www.example.com'
+ replace: 'testbild'
+# - name: lighttpd - aktiviere simple-vhost
+# command: lighty-enable-mod simple-vhost
+- name: lighttpd - reload service
+ command: service lighttpd force-reload
+- name: lighttpd - erstelle "Testbild" vhost Verzeichnis
+ file:
+ path: /srv/testbild/htdocs
+ state: directory
+- name: lighttpd - kopiere Testbild Webseite
+ copy:
+ src: files/lighttpd-intranet_index.html
+ dest: /srv/testbild/htdocs/index.html
+ owner: root
+ group: root
+ mode: 0644
+- name: lighttpd - kopiere Testbild
+ copy:
+ src: files/lighttpd-intranet_FuBK-Testbild.png
+ dest: /srv/testbild/htdocs/FuBK-Testbild.png
+ owner: root
+ group: root
+ mode: 0644
+- name: lighttpd - erstelle vhost "Intranet" Verzeichnis
+ file:
+ path: /srv/intranet/htdocs
+ state: directory
+- name: lighttpd - erstelle vhost "digitales" Verzeichnis
+ file:
+ path: /srv/digitales/htdocs
+ state: directory
+...
--- /dev/null
+- name: install server specific packages
+ ansible.builtin.apt:
+ pkg:
+ - nfs-kernel-server
+ - rsync
+- name: make sure the export paths exists
+ ansible.builtin.file:
+ path: "{{ export_root }}/{{ export_share }}/"
+ state: directory
+ recurse: true
+ notify:
+ - restart nfs-kernel-server service
+- name: make sure the directory to share exists
+ ansible.builtin.file:
+ path: "{{ export_dir }}"
+ state: directory
+ recurse: true
+ notify:
+ - restart nfs-kernel-server service
+#- name: copy exports files
+# ansible.builtin.copy:
+# src: files/nfs_exports
+# dest: /etc/exports
+# backup: yes
+# notify:
+# - restart nfs-kernel-server service
+- name: configure exports
+ ansible.builtin.blockinfile:
+ dest: /etc/exports
+ insertbefore: EOF
+ block: |
+ {{ export_root }} {{ root_ipaddr_string }}
+ {{ export_root }}/{{ export_share }}/ {{ dir_ipaddr_string }}
+ notify:
+ - restart nfs-kernel-server service
+
+#- name: copy fstab file
+# ansible.builtin.copy:
+# src: files/nfs_fstab
+# dest: /etc/fstab
+# backup: yes
+- name: bind mount exported dir
+ ansible.posix.mount:
+ path: "{{ export_root }}/{{ export_share }}/"
+ src: "{{ export_dir }}"
+ fstype: none
+ state: mounted
+ opts: bind
+
+# https://salsa.debian.org/andi/debian-lan-ansible/-/blob/master/roles/nfsserver/tasks/main.yml
--- /dev/null
+---
+- name: install server specific packages
+ ansible.builtin.apt:
+ update_cache: yes
+ pkg:
+ - slapd
+ - ldap-utils
+...
--- /dev/null
+---
+- name: check if we are installing
+ stat: path=/etc/pihole
+ register: pihole
+
+- name: download pi-hole script
+ get_url:
+ url: https://install.pi-hole.net
+ dest: /home/ansible/basic-install.sh
+ owner: ansible
+ group: ansible
+ when: not pihole.stat.exists
+...
--- /dev/null
+---
+- name: kopiere pihole custom.list
+ copy:
+ src: files/dns-pihole_custom.list
+ dest: /etc/pihole/custom.list
+ owner: root
+ group: root
+ mode: 0644
+- name: kopiere pihole dns20-static-dhcp-liste nach dns20
+ copy:
+ src: files/dns20-pihole_04-pihole-static-dhcp.conf
+ dest: /etc/dnsmasq.d/04-pihole-static-dhcp.conf
+ owner: root
+ group: root
+ mode: 0644
+ backup: yes
+ when: inventory_hostname == 'dns20'
+- name: kopiere TFTP config-Datei
+ copy:
+ src: files/dns-pihole_10-TFTP.conf
+ dest: /etc/dnsmasq.d/10-TFTP.conf
+ owner: root
+ group: root
+ mode: 0644
+- name: pihole neustarten
+ command: pihole restartdns
+# ansible.builtin.shell benutzen?
--- /dev/null
+---
+- name: install server specific packages
+ ansible.builtin.apt:
+ update_cache: yes
+ pkg:
+ - sympa
+- name: edit config file
+ ansible.builtin.lineinfile:
+ path: /etc/sympa/sympa/sympa.conf
+ regexp: '^lang*'
+ line: 'lang {{ sympa_lang }}'
+ backup: true
+- name: edit config file
+ ansible.builtin.lineinfile:
+ path: /etc/sympa/sympa/sympa.conf
+ regexp: '^domain*'
+ line: 'domain {{ sympa_domain }}'
+ backup: true
+- name: edit config file
+ ansible.builtin.lineinfile:
+ path: /etc/sympa/sympa/sympa.conf
+ regexp: '^listmaster*'
+ line: 'listmaster {{ sympa_listmaster }}'
+ backup: true
+- name: edit config file
+ ansible.builtin.lineinfile:
+ path: /etc/sympa/sympa/sympa.conf
+ regexp: '^wwsympa_url*'
+ line: 'wwsympa_url {{ sympa_wwsympa_url }}'
+ backup: true
+...
projects / fsit-smgt.git / commitdiff
