From: Ullli Date: Tue, 27 Jun 2023 07:34:04 +0000 (+0200) Subject: in Zukunft lieber öffters committen... X-Git-Url: https://freie-schul-it.de/gitweb/fsit-smgt.git/commitdiff_plain/b86e31cd045be334f3bf843fd833c1cf6efab08f?ds=sidebyside;hp=-c in Zukunft lieber öffters committen... --- b86e31cd045be334f3bf843fd833c1cf6efab08f diff --git a/examples/files/dns-pihole_custom.list b/examples/files/dns-pihole_custom.list new file mode 100644 index 0000000..e69de29 diff --git a/examples/files/dns20-pihole_04-pihole-static-dhcp.conf b/examples/files/dns20-pihole_04-pihole-static-dhcp.conf new file mode 100644 index 0000000..e69de29 diff --git a/examples/files/rumba_smb.conf b/examples/files/rumba_smb.conf new file mode 100644 index 0000000..999aa2e --- /dev/null +++ b/examples/files/rumba_smb.conf @@ -0,0 +1,12 @@ +[global] +workgroup = WORKGROUP +security = user +map to guest = Bad Password + +[fotospeicher] +path = /srv/samba/fotospeicher/ +public = yes +writable = yes +comment = Netzwerkverzeichnis fuer Fotos +printable = no +guest ok = no diff --git a/examples/files/samba_smb.conf b/examples/files/samba_smb.conf new file mode 100644 index 0000000..4c4d3fc --- /dev/null +++ b/examples/files/samba_smb.conf @@ -0,0 +1,28 @@ +[global] +workgroup = WORKGROUP +security = user +map to guest = Bad Password + +[computerraum] +path = /srv/samba/computerraum/ +public = yes +writable = yes +comment = Netzwerkverzeichnis fuer den Computerraum +printable = no +guest ok = yes + +[mediencenter] +path = /srv/samba/mediencenter/ +public = yes +writable = yes +comment = Netzwerkverzeichnis fuer das LibreELEC-Mediencenter +printable = no +guest ok = yes + +[nawi] +path = /srv/samba/nawi/ +public = yes +writable = yes +comment = Netzwerkverzeichnis fuer den NaWi-Raum +printable = no +guest ok = yes diff --git a/examples/playbooks-for-server/install_accountmgt.yml b/examples/playbooks-for-server/install_accountmgt.yml new file mode 100644 index 0000000..00be12b --- /dev/null +++ b/examples/playbooks-for-server/install_accountmgt.yml @@ -0,0 +1,18 @@ +--- +- name: bootstrap CT "accountmgt" + hosts: accountmgt + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "accountmgt" + hosts: accountmgt + become: true + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/lam.yml + +# pct create +# pct resize diff --git a/examples/playbooks-for-server/install_anmeldapp.yml b/examples/playbooks-for-server/install_anmeldapp.yml new file mode 100644 index 0000000..6699b53 --- /dev/null +++ b/examples/playbooks-for-server/install_anmeldapp.yml @@ -0,0 +1,14 @@ +--- +- name: bootstrap CT "anmeldapp" + hosts: anmeldapp + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "anmeldapp" + hosts: anmeldapp + become: true + vars: + tasks: + - include_tasks: fsit-smgt/library/pocketbase.yml diff --git a/examples/playbooks-for-server/install_aptproxy.yml b/examples/playbooks-for-server/install_aptproxy.yml new file mode 100644 index 0000000..f96f506 --- /dev/null +++ b/examples/playbooks-for-server/install_aptproxy.yml @@ -0,0 +1,13 @@ +--- +- name: bootstrap CT "aptproxy" + hosts: aptproxy + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "aptproxy" + hosts: aptproxy + become: true + tasks: + - include_tasks: fsit-smgt/library/aptcacher-ng.yml diff --git a/examples/playbooks-for-server/install_backup01.yml b/examples/playbooks-for-server/install_backup01.yml new file mode 100644 index 0000000..c08043c --- /dev/null +++ b/examples/playbooks-for-server/install_backup01.yml @@ -0,0 +1,34 @@ +--- +- name: bootstrap CT "backup01" + hosts: backup01 + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "backup01" + hosts: backup01 + become: true + vars: + export_root: /srv/nfs4 + export_share: backups + export_dir: /srv/backups + export_dir_subdir: pve + root_ipaddr_string: 192.168.10.0/24(rw,fsid=0,no_subtree_check) + dir_ipaddr_string: 192.168.10.0/24(rw,no_root_squash,no_subtree_check) + tasks: + - include_tasks: fsit-smgt/library/nfs.yml + + - name: make sure the sub-directory for backups from root exists + ansible.builtin.file: + path: "{{ export_dir }}/{{ export_dir_subdir }}" + state: directory + recurse: true + notify: + - restart nfs-kernel-server service + + handlers: + - name: restart nfs-kernel-server service + ansible.builtin.service: + name: nfs-kernel-server.service + state: restarted diff --git a/examples/playbooks-for-server/install_bibliothek.yml b/examples/playbooks-for-server/install_bibliothek.yml new file mode 100644 index 0000000..7de9cad --- /dev/null +++ b/examples/playbooks-for-server/install_bibliothek.yml @@ -0,0 +1,26 @@ +--- +- name: bootstrap CT "bibliothek" + hosts: bibliothek + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "bibliothek" + hosts: bibliothek + become: true + vars: + koha_domain: .srv.lan + koha_libraryname: bibliothek + tasks: + - include_tasks: fsit-smgt/library/bibliothek_koha.yml +# Stop , wenn install einmal schon gelaufen +# Datei erstellen: + + handlers: + - name: restart apache + service: + name: apache2 + state: restarted +#Connection to the memcached servers '__MEMCACHED_SERVERS__' failed. Are the unix socket permissions set properly? Is the host reachable? + diff --git a/examples/playbooks-for-server/install_dns-server.yml b/examples/playbooks-for-server/install_dns-server.yml new file mode 100644 index 0000000..d5333ef --- /dev/null +++ b/examples/playbooks-for-server/install_dns-server.yml @@ -0,0 +1,18 @@ +--- +- name: bootstrap CT "dns-server" + hosts: dns10 dns20 dns30 dns40 + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "dns-server" + hosts: dns20 + become: true + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/pi-hole.yml + +# pct create +# pct resize diff --git a/examples/playbooks-for-server/install_druckerzentrale-buero.yml b/examples/playbooks-for-server/install_druckerzentrale-buero.yml new file mode 100644 index 0000000..4be627b --- /dev/null +++ b/examples/playbooks-for-server/install_druckerzentrale-buero.yml @@ -0,0 +1,16 @@ +--- +- name: bootstrap CT "druckerzentrale-buero" + hosts: druckerzentrale-buero + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "druckerzentrale-buero" + hosts: druckerzentrale-buero + become: true + vars_files: + - vars.yml + - ../password-file-server.yml + tasks: + - include_tasks: fsit-smgt/library/cups.yml diff --git a/examples/playbooks-for-server/install_druckerzentrale.yml b/examples/playbooks-for-server/install_druckerzentrale.yml new file mode 100644 index 0000000..22b46a2 --- /dev/null +++ b/examples/playbooks-for-server/install_druckerzentrale.yml @@ -0,0 +1,16 @@ +--- +- name: bootstrap CT "druckerzentrale" + hosts: druckerzentrale + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "druckerzentrale" + hosts: druckerzentrale + become: true + vars_files: + - vars.yml + - ../password-file-server.yml + tasks: + - include_tasks: fsit-smgt/library/cups.yml diff --git a/examples/playbooks-for-server/install_helpdesk.yml b/examples/playbooks-for-server/install_helpdesk.yml new file mode 100644 index 0000000..487a06f --- /dev/null +++ b/examples/playbooks-for-server/install_helpdesk.yml @@ -0,0 +1,50 @@ +--- +- name: bootstrap CT "helpdesk" + hosts: helpdesk + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "helpdesk" + hosts: helpdesk + become: true + vars: + tasks: + - include_tasks: fsit-smgt/library/glpi.yml + +#https://glpi-install.readthedocs.io/en/latest/prerequisites.html +#https://glpi-install.readthedocs.io/en/latest/install/index.html +#https://neptunet.fr/install-glpi10/ +#https://www.osradar.com/how-to-install-glpi-on-debian-10-buster/ +# +#ANSIBLE +# +#sudo mysql_secure_installation +#(mysql -u root -p) +#mysql -u root -p -e "CREATE DATABASE glpidb;" +#mysql -u root -p -e "GRANT ALL PRIVILEGES ON glpidb.* TO 'glpiuser'@'localhost' IDENTIFIED BY '9vkgKEedBltBr9WPbB5t';" +#mysql -u root -p -e "FLUSH PRIVILEGES;" +# +#sudo rm /var/www/html/index.html +# +#wget https://github.com/DCS-Easyware/gsit/releases/download/GSIT-9.5.10/gsit-9.5.10.tgz +#sudo tar xvfz gsit-9.5.10.tgz -C /var/www/html/ --strip-components=1 +# +#sudo mv /var/www/html/config/* /etc/glpi/ +#kein chown auf www-data! wird spaeter sowieso als Fehler angezeigt +# +#sudo mv /var/www/html/files/* /var/lib/glpi/ +#sudo chown -R root:root /var/www/html/files/ ??? +#sudo chown -R www-data /var/lib/glpi/ +# +# +#ANSIBLE +# +#wget https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5%2B4.2/fusioninventory-9.5+4.2.zip +#sudo unzip -d /var/www/html/plugins/ fusioninventory-9.5+4.2.zip +# +#sudo php /var/www/html/bin/console glpi:plugin:install --username=glpi fusioninventory +#sudo php /var/www/html/bin/console glpi:plugin:activate fusioninventory +# +# sudo rm /var/www/html/install/install.php diff --git a/examples/playbooks-for-server/install_homes.yml b/examples/playbooks-for-server/install_homes.yml new file mode 100644 index 0000000..eecd2e1 --- /dev/null +++ b/examples/playbooks-for-server/install_homes.yml @@ -0,0 +1,24 @@ +--- +- name: bootstrap CT "homes" + hosts: homes + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "homes" + hosts: homes + become: true + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/nfs.yml + + handlers: + - name: restart nfs-kernel-server service + ansible.builtin.service: + name: nfs-kernel-server.service + state: restarted + +# root@pve01:~# pct create 110 local:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst --arch amd64 --cores 1 --features mount=nfs,nesting=1 --hostname homes --memory 512 --net0 name=eth0,bridge=vmbr10,firewall=1,ip=dhcp,type=veth --ostype debian --ssh-public-keys installbox.key.pub --storage fastpool --swap 512 --unprivileged 0 +# root@pve01:~# pct resize 110 rootfs 120G ???? diff --git a/examples/playbooks-for-server/install_installbox.yml b/examples/playbooks-for-server/install_installbox.yml new file mode 100644 index 0000000..e3f68b6 --- /dev/null +++ b/examples/playbooks-for-server/install_installbox.yml @@ -0,0 +1,13 @@ +--- +- name: bootstrap CT "installbox" + hosts: installbox + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "installbox" + hosts: installbox + become: true + tasks: + - include_tasks: fsit-smgt/library/ansible.yml diff --git a/examples/playbooks-for-server/install_intranet.yml b/examples/playbooks-for-server/install_intranet.yml new file mode 100644 index 0000000..4efa8ee --- /dev/null +++ b/examples/playbooks-for-server/install_intranet.yml @@ -0,0 +1,13 @@ +--- +- name: bootstrap CT "intranet" + hosts: intranet + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "intranet" + hosts: intranet + become: true + tasks: + - include_tasks: fsit-smgt/library/lighttpd.yml diff --git a/examples/playbooks-for-server/install_ldap.yml b/examples/playbooks-for-server/install_ldap.yml new file mode 100644 index 0000000..cd872c3 --- /dev/null +++ b/examples/playbooks-for-server/install_ldap.yml @@ -0,0 +1,18 @@ +--- +- name: bootstrap CT "ldap" + hosts: ldap + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "ldap" + hosts: ldap + become: true + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/openldap.yml + +# pct create +# pct resize diff --git a/examples/playbooks-for-server/install_lists.yml b/examples/playbooks-for-server/install_lists.yml new file mode 100644 index 0000000..df7e499 --- /dev/null +++ b/examples/playbooks-for-server/install_lists.yml @@ -0,0 +1,18 @@ +--- +- name: bootstrap CT "lists" + hosts: lists + remote_user: root + vars_files: + - vars.yml + tasks: + - include_tasks: fsit-smgt/library/bootstrap.yml +- name: install CT "lists" + hosts: lists + become: true + vars: + sympa_lang: de + sympa_domain: lists.freie-schule-leipzig.de + sympa_listmaster: digital@freie-schule-leipzig.de + sympa_wwsympa_url: http://192.168.30.236/wws + tasks: + - include_tasks: fsit-smgt/library/sympa.yml diff --git a/examples/server-mgt-with-ansible/README.md b/examples/server-mgt-with-ansible/README.md new file mode 100644 index 0000000..add9f42 --- /dev/null +++ b/examples/server-mgt-with-ansible/README.md @@ -0,0 +1,17 @@ +# Servermanagement + +Ansible-Konfigurations-Management der Maschinen auf den Proxmox-Servern + +## Virtuelle Server +install über PXE und debianpreseed (gleiches, wie bei den clients) +dann weiter über host-gruppe_server_ und playbook + + +## Container +install über Proxmox-Image +dabei wird der ssh-key vom ansible-User der installbox eingegeben +dann weiter über playbook: ... + + +## Proxmox +nicht geplant diff --git a/examples/server-mgt-with-ansible/add-new-client.sh b/examples/server-mgt-with-ansible/add-new-client.sh new file mode 100755 index 0000000..4ae79bd --- /dev/null +++ b/examples/server-mgt-with-ansible/add-new-client.sh @@ -0,0 +1,110 @@ +#!/bin/bash + +# Wir brauchen: $ip $newhostname $macen $macwl +# Der neue Rechner muss mit PXE und Preseed fertig sein + +ip="$1" +newhostname="$2" + +# Nach den Werten fragen und in Variable schreiben, +# wenn diese beim Aufruf vergessen wurden. +if [ -z $ip ] +then + read -p "ip-Adresse des neuen Rechners: " ip +fi +if [ -z $newhostname ] +then + read -p "Hostname des neuen Rechners: " newhostname +fi + +# temporaere hosts-Datei fuer ansible +echo "$ip" > temphosts +#cat temphosts + +# Pruefe, ob $ip in custom-list +# wenn ja --> Abbruch +#if grep ${ip} files/dns-pihole_custom.list +#then +# echo "IP bereits in dns-pihole_custom.list eingetragen" +# echo " bitte entfernen oder andere IP auswählen! Abbruch :-(" +# exit 1 +#fi + +# suche in ../client-mgt/hosts nach $newhostname +# wenn nein +# stop, +# Echo nicht in hosts dazhei, eingetragen, dann weiter +if grep ${newhostname} ../client-mgt/hosts +then + echo "Rechnername in hosts-Datei eingetragen, suupi!" +else + echo "Rechnername fehlt in ../client-mgt/hosts. Abbruch :-(" + exit 1 +fi + +# suche in /home/ansible/.ssh/known_hosts nach $ip +# wenn ja +ssh-keygen -f "/home/ansible/.ssh/known_hosts" -R "$ip" +#if grep ${ip} $HOME/.ssh/known_hosts + +ssh -o BatchMode=yes -o ConnectTimeout=5 -o StrictHostKeyChecking=no ${ip} 'exit 0' +if [ $? != 0 ] +then + echo "Host nicht per SSH erreichbar! Abbruch :-(" + exit 1 +fi + +# MAC-Adressen finden +macen=$(ssh ${ip} cat /sys/class/net/en*/address) +echo "MAC-Ethernet: $macen" +macwl=$(ssh ${ip} cat /sys/class/net/wl*/address) +echo "MAC-WLAN: $macwl" + +if [ -z $macwl ] +then + echo "dhcp-host=${macen},${ip},${newhostname}" >> files/dns20-pihole_04-pihole-static-dhcp.conf +else + echo "dhcp-host=${macen},${macwl},${ip},${newhostname}" >> files/dns20-pihole_04-pihole-static-dhcp.conf +fi + +# Hostnamen aendern +oldhostname=$(ssh ${ip} hostname) +ssh ${ip} sudo hostnamectl set-hostname ${newhostname} +# change in /etc/hosts +ssh ${ip} sudo sed -i "s/$oldhostname/$newhostname/" /etc/hosts + +echo "$ip $newhostname" >> files/dns-pihole_custom.list + +echo +echo "Prüfe, ob Host perAnsible erreichbar ist" +ansible ${ip} -i temphosts -m ping + +echo +echo "Alle DNS-Server mit neuen Listen versorgen" +ansible-playbook pihole-update.yml + +echo +echo "pruefen, ob DNS-Aufloesung fuer neuen Host funktioniert" +ping -c 3 ${newhostname} + +# temporaere Dateien loeschen" +rm temphosts + +echo +echo "+++ pihole static-dhcp file +++" +tail files/dns20-pihole_04-pihole-static-dhcp.conf + +echo +echo "+++ pihole custom list" +tail files/dns-pihole_custom.list + +echo +echo "fertig?" +echo "fertig!" +echo " :-)" + +### +#ansible ${ip} -i newhost -m ping +#ansible ${ip} -i newhost -m gather_facts +#ansible ${ip} -i newhost -m ansible.builtin.setup -a 'filter=ansible_wlp4s0' + diff --git a/examples/server-mgt-with-ansible/hosts b/examples/server-mgt-with-ansible/hosts new file mode 100644 index 0000000..8bc22b9 --- /dev/null +++ b/examples/server-mgt-with-ansible/hosts @@ -0,0 +1,10 @@ +[baremetal] + +[virtualmachines] + +[container] + +[proxmox] + +[all:vars] +ansible_python_interpreter=/usr/bin/python3 diff --git a/examples/server-mgt-with-ansible/pihole-update.yml b/examples/server-mgt-with-ansible/pihole-update.yml new file mode 100644 index 0000000..bbfcedb --- /dev/null +++ b/examples/server-mgt-with-ansible/pihole-update.yml @@ -0,0 +1,5 @@ +--- +- name: update pihole settings on internal dns-servers + hosts: dns10 dns20 dns30 + tasks: + - include_tasks: fsit-smgt/library/pihole-update.yml diff --git a/examples/server-mgt-with-ansible/update-all-server.yml b/examples/server-mgt-with-ansible/update-all-server.yml new file mode 100644 index 0000000..23144f6 --- /dev/null +++ b/examples/server-mgt-with-ansible/update-all-server.yml @@ -0,0 +1,19 @@ +--- +- name: update all CTs + hosts: container + become: yes + tasks: + - name: Update and upgrade apt packages + apt: + update_cache: yes + upgrade: yes + autoremove: yes +- name: update all Baremetals + hosts: baremetal + become: yes + tasks: + - name: Update and upgrade apt packages + apt: + update_cache: yes + upgrade: yes + autoremove: yes diff --git a/examples/server-mgt-with-ansible/vars.yml b/examples/server-mgt-with-ansible/vars.yml new file mode 100644 index 0000000..cdd65d0 --- /dev/null +++ b/examples/server-mgt-with-ansible/vars.yml @@ -0,0 +1 @@ +aptproxy: ip.ip.ip.ip diff --git a/files/lighttpd-intranet_FuBK-Testbild.png b/files/lighttpd-intranet_FuBK-Testbild.png new file mode 100644 index 0000000..2880f66 Binary files /dev/null and b/files/lighttpd-intranet_FuBK-Testbild.png differ diff --git a/files/lighttpd-intranet_index.html b/files/lighttpd-intranet_index.html new file mode 100644 index 0000000..4e3492f --- /dev/null +++ b/files/lighttpd-intranet_index.html @@ -0,0 +1,12 @@ + + + + + + Intranet - Testbild + + + FuBK_Testbild +

Ups... Hier gibt es nur das alte Fernseh-Testbild.

+ + diff --git a/library/ansible.yml b/library/ansible.yml new file mode 100644 index 0000000..5fdc0cc --- /dev/null +++ b/library/ansible.yml @@ -0,0 +1,8 @@ +--- +- name: install server specific packages + ansible.builtin.apt: + update_cache: yes + pkg: + - ansible + - ansible-lint +... diff --git a/library/aptcacher-ng.yml b/library/aptcacher-ng.yml new file mode 100644 index 0000000..5f2677d --- /dev/null +++ b/library/aptcacher-ng.yml @@ -0,0 +1,7 @@ +--- +- name: install server specific packages + ansible.builtin.apt: + update_cache: yes + pkg: + - apt-cacher-ng +... diff --git a/library/bootstrap.yml b/library/bootstrap.yml new file mode 100644 index 0000000..d47c83f --- /dev/null +++ b/library/bootstrap.yml @@ -0,0 +1,59 @@ +--- +- name: remove apt-config-file derived from preseeding + ansible.builtin.file: + path: /etc/apt/apt.conf + state: absent + when: ("baremetal" in group_names) +- name: create apt-proxy config file + ansible.builtin.template: + src: fsit-smgt/templates/apt-proxy_01proxy.j2 + dest: /etc/apt/apt.conf.d/01proxy + when: ("DMZ" not in group_names) +- name: remove apt-config-file only for aptproxy + ansible.builtin.file: + path: /etc/apt/apt.conf.d/01proxy + state: absent + when: ("aptproxy" in inventory_hostname) +- name: copy apt-unattended-upgrades config file + ansible.builtin.copy: + src: fsit-smgt/files/apt-unattended-upgrades_10periodic + dest: /etc/apt/apt.conf.d/10periodic +- name: Update and upgrade apt packages + ansible.builtin.apt: + update_cache: yes + upgrade: yes + autoremove: true +- name: install core-packages + ansible.builtin.apt: +# update_cache: yes + pkg: + - sudo + - gnupg + - htop + - ncdu + - vim + - tmux + - gnupg2 +- name: install core-packages for bare-metal-server + ansible.builtin.apt: + pkg: + - inxi + when: ("baremetal" in group_names) +- name: add ansible user to server + ansible.builtin.user: + name: ansible + shell: /bin/bash +- name: allow "ansible"-user to have passwordless sudo + ansible.builtin.copy: + src: fsit-smgt/files/sudo_ansible + dest: /etc/sudoers.d/ansible + owner: root + group: root + mode: 0440 +- name: add installbox-ansible-user _public_ ssh-key to the servers authorized_keys file + ansible.builtin.authorized_key: + user: ansible + state: present + manage_dir: yes + key: "{{ lookup('file', '/home/ansible/.ssh/id_ed25519.pub') }}" +... diff --git a/library/cups.yml b/library/cups.yml new file mode 100644 index 0000000..aa61834 --- /dev/null +++ b/library/cups.yml @@ -0,0 +1,26 @@ +--- +- name: install server specific packages + ansible.builtin.apt: + update_cache: yes + pkg: + - cups + - hplip + - printer-driver-gutenprint +- name: cups reset settings + # https://github.com/OpenPrinting/cups/issues/158 + ansible.builtin.command: + cmd: cupsctl --no-remote-admin --no-remote-any --no-share-printers +- name: cups settings + ansible.builtin.command: + cmd: cupsctl --remote-admin --remote-any --share-printers +- name: cups service neustarten + ansible.builtin.command: + cmd: systemctl restart cups +- name: create lpadmin user + ansible.builtin.user: + name: lpadmin + append: true + groups: lpadmin + update_password: always + password: "{{ lpadminuser|password_hash('sha512') }}" +... diff --git a/library/glpi.yml b/library/glpi.yml new file mode 100644 index 0000000..f03132d --- /dev/null +++ b/library/glpi.yml @@ -0,0 +1,65 @@ +--- +- name: install server specific packages + ansible.builtin.apt: + update_cache: yes + pkg: + - apache2 + - php + - libapache2-mod-php + - mariadb-server + - php-mysqli + - php-mbstring + - php-curl + - php-gd + - php-simplexml + - php-intl + - php-ldap + - php-apcu + - php-xmlrpc + - php-cas + - php-zip + - php-bz2 + - php-imap + - unzip +- name: create dirs for glpi + ansible.builtin.file: + path: /etc/glpi + state: directory + owner: www-data +- name: create dirs for glpi + ansible.builtin.file: + path: /var/lib/glpi + state: directory + owner: www-data + group: www-data +- name: create dirs for glpi + ansible.builtin.file: + path: /var/log/glpi + state: directory + owner: www-data +- name: create dirs for glpi + ansible.builtin.file: + path: /var/www/html/inc + state: directory +- name: write config to file + ansible.builtin.copy: + dest: /var/www/html/inc/downstream.php + content: | + check? +#- name: enable koha-plack +# ansible.builtin.command: +# cmd: koha-plack --enable {{ koha_libraryname }} +# notify: restart apache + +#CHECK! +- name: start koha-plack + ansible.builtin.command: + cmd: koha-plack --start {{ koha_libraryname }} +# notify: restart apache +- name: apache restart + ansible.builtin.command: + cmd: systemctl restart apache2 + +# only once -> check how? +- name: install german language-pack + ansible.builtin.command: + cmd: koha-translate --install de-DE + +# thanks to +# https://wiki.koha-community.org/wiki/Koha_on_Debian +# https://zefanjas.de/wie-man-koha-installiert-und-fuer-schulen-einrichtet-teil-1/ +... diff --git a/library/lam.yml b/library/lam.yml new file mode 100644 index 0000000..0825c96 --- /dev/null +++ b/library/lam.yml @@ -0,0 +1,7 @@ +--- +- name: install server specific packages + ansible.builtin.apt: + update_cache: yes + pkg: + - ldap-account-manager +... diff --git a/library/lighttpd.yml b/library/lighttpd.yml new file mode 100644 index 0000000..e99b71f --- /dev/null +++ b/library/lighttpd.yml @@ -0,0 +1,42 @@ +--- +- name: install server specific packages + apt: + pkg: + - lighttpd + - rsync +- name: lighttpd - change simple-vhost config + ansible.builtin.replace: + path: /etc/lighttpd/conf-available/10-simple-vhost.conf + regexp: 'www.example.com' + replace: 'testbild' +# - name: lighttpd - aktiviere simple-vhost +# command: lighty-enable-mod simple-vhost +- name: lighttpd - reload service + command: service lighttpd force-reload +- name: lighttpd - erstelle "Testbild" vhost Verzeichnis + file: + path: /srv/testbild/htdocs + state: directory +- name: lighttpd - kopiere Testbild Webseite + copy: + src: files/lighttpd-intranet_index.html + dest: /srv/testbild/htdocs/index.html + owner: root + group: root + mode: 0644 +- name: lighttpd - kopiere Testbild + copy: + src: files/lighttpd-intranet_FuBK-Testbild.png + dest: /srv/testbild/htdocs/FuBK-Testbild.png + owner: root + group: root + mode: 0644 +- name: lighttpd - erstelle vhost "Intranet" Verzeichnis + file: + path: /srv/intranet/htdocs + state: directory +- name: lighttpd - erstelle vhost "digitales" Verzeichnis + file: + path: /srv/digitales/htdocs + state: directory +... diff --git a/library/nfs.yml b/library/nfs.yml new file mode 100644 index 0000000..b2a9a5c --- /dev/null +++ b/library/nfs.yml @@ -0,0 +1,50 @@ +- name: install server specific packages + ansible.builtin.apt: + pkg: + - nfs-kernel-server + - rsync +- name: make sure the export paths exists + ansible.builtin.file: + path: "{{ export_root }}/{{ export_share }}/" + state: directory + recurse: true + notify: + - restart nfs-kernel-server service +- name: make sure the directory to share exists + ansible.builtin.file: + path: "{{ export_dir }}" + state: directory + recurse: true + notify: + - restart nfs-kernel-server service +#- name: copy exports files +# ansible.builtin.copy: +# src: files/nfs_exports +# dest: /etc/exports +# backup: yes +# notify: +# - restart nfs-kernel-server service +- name: configure exports + ansible.builtin.blockinfile: + dest: /etc/exports + insertbefore: EOF + block: | + {{ export_root }} {{ root_ipaddr_string }} + {{ export_root }}/{{ export_share }}/ {{ dir_ipaddr_string }} + notify: + - restart nfs-kernel-server service + +#- name: copy fstab file +# ansible.builtin.copy: +# src: files/nfs_fstab +# dest: /etc/fstab +# backup: yes +- name: bind mount exported dir + ansible.posix.mount: + path: "{{ export_root }}/{{ export_share }}/" + src: "{{ export_dir }}" + fstype: none + state: mounted + opts: bind + +# https://salsa.debian.org/andi/debian-lan-ansible/-/blob/master/roles/nfsserver/tasks/main.yml diff --git a/library/openldap.yml b/library/openldap.yml new file mode 100644 index 0000000..9cd7ef1 --- /dev/null +++ b/library/openldap.yml @@ -0,0 +1,8 @@ +--- +- name: install server specific packages + ansible.builtin.apt: + update_cache: yes + pkg: + - slapd + - ldap-utils +... diff --git a/library/pi-hole.yml b/library/pi-hole.yml new file mode 100644 index 0000000..461820e --- /dev/null +++ b/library/pi-hole.yml @@ -0,0 +1,13 @@ +--- +- name: check if we are installing + stat: path=/etc/pihole + register: pihole + +- name: download pi-hole script + get_url: + url: https://install.pi-hole.net + dest: /home/ansible/basic-install.sh + owner: ansible + group: ansible + when: not pihole.stat.exists +... diff --git a/library/pihole-update.yml b/library/pihole-update.yml new file mode 100644 index 0000000..4512cf5 --- /dev/null +++ b/library/pihole-update.yml @@ -0,0 +1,27 @@ +--- +- name: kopiere pihole custom.list + copy: + src: files/dns-pihole_custom.list + dest: /etc/pihole/custom.list + owner: root + group: root + mode: 0644 +- name: kopiere pihole dns20-static-dhcp-liste nach dns20 + copy: + src: files/dns20-pihole_04-pihole-static-dhcp.conf + dest: /etc/dnsmasq.d/04-pihole-static-dhcp.conf + owner: root + group: root + mode: 0644 + backup: yes + when: inventory_hostname == 'dns20' +- name: kopiere TFTP config-Datei + copy: + src: files/dns-pihole_10-TFTP.conf + dest: /etc/dnsmasq.d/10-TFTP.conf + owner: root + group: root + mode: 0644 +- name: pihole neustarten + command: pihole restartdns +# ansible.builtin.shell benutzen? diff --git a/library/pocketbase.yml b/library/pocketbase.yml new file mode 100644 index 0000000..91da2a7 --- /dev/null +++ b/library/pocketbase.yml @@ -0,0 +1,2 @@ +--- +... diff --git a/library/sympa.yml b/library/sympa.yml new file mode 100644 index 0000000..65cd471 --- /dev/null +++ b/library/sympa.yml @@ -0,0 +1,31 @@ +--- +- name: install server specific packages + ansible.builtin.apt: + update_cache: yes + pkg: + - sympa +- name: edit config file + ansible.builtin.lineinfile: + path: /etc/sympa/sympa/sympa.conf + regexp: '^lang*' + line: 'lang {{ sympa_lang }}' + backup: true +- name: edit config file + ansible.builtin.lineinfile: + path: /etc/sympa/sympa/sympa.conf + regexp: '^domain*' + line: 'domain {{ sympa_domain }}' + backup: true +- name: edit config file + ansible.builtin.lineinfile: + path: /etc/sympa/sympa/sympa.conf + regexp: '^listmaster*' + line: 'listmaster {{ sympa_listmaster }}' + backup: true +- name: edit config file + ansible.builtin.lineinfile: + path: /etc/sympa/sympa/sympa.conf + regexp: '^wwsympa_url*' + line: 'wwsympa_url {{ sympa_wwsympa_url }}' + backup: true +...