introduce ssh_users_root

[noc.git] / ansible / roles / base / tasks / main.yml
diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml

index f209fe4..b9d8601 100644 (file)
--- a/ansible/roles/base/tasks/main.yml
+++ b/ansible/roles/base/tasks/main.yml
@@ -47,7 +47,7 @@
  - name: Set authorized keys for root user
    authorized_key:
      user: root
-    key: "{{ lookup('pipe','cat ssh/noc/*.pub') }}"
+    key: "{{ ssh_keys_root | join('\n') }}"
      exclusive: yes
  
  - name: disable apt suggests and recommends
@@ -70,16 +70,45 @@
        - lsof
        - haveged
        - net-tools
-      - ntp
        - screen
        - aptitude
        - unp
        - ca-certificates
        - file
+      - nano
        - zsh
        - python-apt
+      - command-not-found
+      - man-db
+      - lshw
      state: present
  
+- when: base_managed_ntpd
+  block:
+    - name: check that ISC ntpd is not installed
+      apt:
+        name: ntp
+        state: absent
+        purge: yes
+
+    - name: install openntpd
+      apt:
+        name: openntpd
+
+    - name: configure openntpd
+      copy:
+        dest: /etc/openntpd/ntpd.conf
+        content: |
+          # Use the ffgraz.net NTP server
+          servers ntp.ffgraz.net weight 3
+
+          # Use some servers announced from the NTP Pool
+          servers 0.debian.pool.ntp.org
+          servers 1.debian.pool.ntp.org
+
+      notify: restart openntpd
+
+
  - name: make sure grml-(etc|scripts)-core is not installed
    apt:
      name:
@@ -104,18 +133,20 @@
  
    when: ansible_service_mgr == "systemd"
  
-- name: install zshrc
-  with_items:
-    - src: "zprofile"
-      dest: "/etc/zsh/zprofile"
-    - src: "zshrc"
-      dest: "/etc/zsh/zshrc"
-    - src: "zshrc.skel"
-      dest: "/etc/skel/.zshrc"
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: 0644
+- block:
+    - name: workaround console-setup race condition (1/2)
+      file:
+        path: /etc/systemd/system/console-setup.service.d/
+        state: directory
+
+    - name: workaround console-setup race condition (2/2)
+      copy:
+        content: "[Unit]\nAfter=systemd-tmpfiles-setup.service\n"
+        dest: /etc/systemd/system/console-setup.service.d/override.conf
+        mode: 0644
+      # no need to relaod systemd here, it is only there to fix a boot-time race-condition
+
+  when: ansible_distribution == "Ubuntu"
  
  - name: set root default shell to zsh
    user:
@@ -123,10 +154,24 @@
      shell: /bin/zsh
  
  - name: set default shell for adduser
-  with_items:
-    - regexp: "^DSHELL"
-      line: "DSHELL=/bin/zsh"
+  with_dict:
+    DSHELL: /bin/zsh
    lineinfile:
      dest: /etc/adduser.conf
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
+    regexp: "^#?{{ item.key }}="
+    line: "{{ item.key }}={{ item.value }}"
+
+- name: Deploy default configuration for tools
+  with_dict:
+    /etc/htoprc: "{{ global_files_dir }}/common/htoprc"
+
+    /etc/zsh/zprofile: zprofile
+    /etc/zsh/zshrc: zshrc
+    /etc/skel/.zshrc: zshrc.skel
+
+  loop_control:
+    label: "{{ item.key }}"
+  copy:
+    mode: 0644
+    src: "{{ item.value }}"
+    dest: "{{ item.key }}"