X-Git-Url: https://git.realraum.at/?a=blobdiff_plain;f=ansible%2Froles%2Fbase%2Ftasks%2Fmain.yml;h=1bf424304f62214f0346f543633024228016ef1f;hb=6150678824b1a67026d65a04835947cc22d32864;hp=f209fe4bc5b9d217b9beedc6bd9c2d1c36018db2;hpb=dd82fdd89e6982c6c44092cd1d015965c35eee11;p=noc.git

diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml
index f209fe4..1bf4243 100644
--- a/ansible/roles/base/tasks/main.yml
+++ b/ansible/roles/base/tasks/main.yml
@@ -1,132 +1,7 @@
 ---
-- set_fact:
-    sshd_allowusers: >-
-      {{ [ 'root' ] | union(user_groups.noc)
-                    | union(sshd_allowusers_group | default([]))
-                    | union(sshd_allowusers_host  | default([])) }}
-
-- name: only allow pubkey auth for root
-  lineinfile:
-    dest: /etc/ssh/sshd_config
-    regexp: "^PermitRootLogin"
-    line: "PermitRootLogin without-password"
-  notify: restart ssh
-
-- name: limit allowed users (1/2)
-  when: sshd_allowgroup is not defined
-  lineinfile:
-    dest: /etc/ssh/sshd_config
-    regexp: "^#?AllowUsers"
-    line: "AllowUsers {{ ' '.join(sshd_allowusers) }}"
-  notify: restart ssh
-
-- block:
-    - name: "limit allowed users (2/2): Make sure AllowUsers is not in sshd_config"
-      lineinfile:
-        dest: /etc/ssh/sshd_config
-        regexp: "^AllowUsers"
-        state: absent
-      notify: restart ssh
-
-    - name: "limit allowed users (2/2): Set AllowGroups in sshd_config"
-      lineinfile:
-        dest: /etc/ssh/sshd_config
-        regexp: "^#?AllowGroups"
-        line: AllowGroups {{ sshd_allowgroup }}
-      notify: restart ssh
-
-    - name: "limit allowed users (2/2): Add allowed users to ssh group"
-      user:
-        name: "{{ item }}"
-        groups: "{{ sshd_allowgroup }}"
-        append: True
-      with_items: "{{ sshd_allowusers }}"
-
-  when: sshd_allowgroup is defined
-
-- name: Set authorized keys for root user
-  authorized_key:
-    user: root
-    key: "{{ lookup('pipe','cat ssh/noc/*.pub') }}"
-    exclusive: yes
-
-- name: disable apt suggests and recommends
-  copy:
-    src: 02no-recommends
-    dest: /etc/apt/apt.conf.d/
-    mode: 0644
-
-- name: install basic packages
-  apt:
-    name:
-      - less
-      - psmisc
-      - sudo
-      - htop
-      - dstat
-      - mtr-tiny
-      - tcpdump
-      - debian-goodies
-      - lsof
-      - haveged
-      - net-tools
-      - ntp
-      - screen
-      - aptitude
-      - unp
-      - ca-certificates
-      - file
-      - zsh
-      - python-apt
-    state: present
-
-- name: make sure grml-(etc|scripts)-core is not installed
-  apt:
-    name:
-      - grml-etc-core
-      - grml-scripts-core
-    state: absent
-    purge: yes
-
-- block:
-    - name: install systemd specific packages
-      apt:
-        name:
-          - dbus
-          - libpam-systemd
-        state: present
-
-    - name: set systemd-related environment variables
-      copy:
-        src: xdg_runtime_dir.sh
-        dest: /etc/profile.d/xdg_runtime_dir.sh
-        mode: 0644
-
-  when: ansible_service_mgr == "systemd"
-
-- name: install zshrc
-  with_items:
-    - src: "zprofile"
-      dest: "/etc/zsh/zprofile"
-    - src: "zshrc"
-      dest: "/etc/zsh/zshrc"
-    - src: "zshrc.skel"
-      dest: "/etc/skel/.zshrc"
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: 0644
-
-- name: set root default shell to zsh
-  user:
-    name: root
-    shell: /bin/zsh
-
-- name: set default shell for adduser
-  with_items:
-    - regexp: "^DSHELL"
-      line: "DSHELL=/bin/zsh"
-  lineinfile:
-    dest: /etc/adduser.conf
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
+- import_tasks: 01ssh.yml
+- import_tasks: 02debian.yml
+- import_tasks: 03ntp.yml
+- when: ansible_service_mgr == "systemd"
+  import_tasks: 04systemd.yml
+- import_tasks: 05tools.yml