- name: Set authorized keys for root user
authorized_key:
user: root
- ### TODO: this lookup doesn't work if the playbook lives in another directory
- ### replace this with variables!!!
- key: "{{ lookup('pipe','cat ../ssh/noc/*.pub') }}"
+ key: "{{ noc_ssh_keys | join('\n') }}"
exclusive: yes
- name: disable apt suggests and recommends
- lsof
- haveged
- net-tools
- - ntp
- screen
- aptitude
- unp
- ca-certificates
- file
+ - nano
- zsh
- python-apt
state: present
+- name: check that ISC ntpd is not installed
+ apt:
+ name: ntp
+ state: absent
+ purge: yes
+
+- name: install openntpd
+ apt:
+ name: openntpd
+
+- name: configure openntpd
+ copy:
+ dest: /etc/openntpd/ntpd.conf
+ content: |
+ # Use the ffgraz.net NTP server
+ servers ntp.ffgraz.net weight 3
+
+ # Use some servers announced from the NTP Pool
+ servers 0.debian.pool.ntp.org
+ servers 1.debian.pool.ntp.org
+
+ notify: restart openntpd
+
- name: make sure grml-(etc|scripts)-core is not installed
apt:
name:
when: ansible_service_mgr == "systemd"
+- block:
+ - name: workaround console-setup race condition (1/2)
+ file:
+ path: /etc/systemd/system/console-setup.service.d/
+ state: directory
+
+ - name: workaround console-setup race condition (2/2)
+ copy:
+ content: "[Unit]\nAfter=systemd-tmpfiles-setup.service\n"
+ dest: /etc/systemd/system/console-setup.service.d/override.conf
+ mode: 0644
+ # no need to relaod systemd here, it is only there to fix a boot-time race-condition
+
+ when: ansible_distribution == "Ubuntu"
+
- name: install zshrc
with_items:
- src: "zprofile"
shell: /bin/zsh
- name: set default shell for adduser
- with_items:
- - regexp: "^DSHELL"
- line: "DSHELL=/bin/zsh"
+ with_dict:
+ DSHELL: /bin/zsh
lineinfile:
dest: /etc/adduser.conf
- regexp: "{{ item.regexp }}"
- line: "{{ item.line }}"
+ regexp: "^#?{{ item.key }}="
+ line: "{{ item.key }}={{ item.value }}"
projects / noc.git / blobdiff