Configure a new Core without starting services.
authorMatt Birkholz <matt@birchwood-abbey.net>
Thu, 18 Sep 2025 19:49:42 +0000 (13:49 -0600)
committerMatt Birkholz <matt@birchwood-abbey.net>
Thu, 18 Sep 2025 20:15:50 +0000 (14:15 -0600)
Tasks that actually start services are tagged with ~actualizer~.  Thus
~ansible-playbook~ can be given the ~--skip-tags actualizer~ command
line option to configure a new Core without actually setting the
static IP address, domain name, etc. nor starting any services.

The intention is to work through any problems configuring core
services on new hardware running, probably, a new OS version /without/
disturbing actual Core services.

This required splitting many Enable/Start tasks in two: the latter
tagged as the "actualizer".

README.org
roles_t/all/tasks/main.yml
roles_t/campus/handlers/main.yml
roles_t/campus/tasks/main.yml
roles_t/core/handlers/main.yml
roles_t/core/tasks/main.yml
roles_t/front/handlers/main.yml
roles_t/front/tasks/main.yml
roles_t/gate/handlers/main.yml
roles_t/gate/tasks/main.yml

index c682817995b748d670c1484d0be8faf06cd6a82f..f74d242e860fec6256b267eca79c411c0b082e54 100644 (file)
@@ -1203,19 +1203,31 @@ follows these recommendations (and /not/ the suggestion to enable
   - ansible_distribution == 'Debian'
   - 11 < ansible_distribution_major_version|int
 
-- name: Enable/Start systemd-networkd.
+- name: Start systemd-networkd.
+  become: yes
+  systemd:
+    service: systemd-networkd
+    state: started
+  tags: actualizer
+
+- name: Enable systemd-networkd.
   become: yes
   systemd:
     service: systemd-networkd
     enabled: yes
+
+- name: Start systemd-resolved.
+  become: yes
+  systemd:
+    service: systemd-resolved
     state: started
+  tags: actualizer
 
-- name: Enable/Start systemd-resolved.
+- name: Enable systemd-resolved.
   become: yes
   systemd:
     service: systemd-resolved
     enabled: yes
-    state: started
 
 - name: Link /etc/resolv.conf.
   become: yes
@@ -1315,15 +1327,12 @@ delivery.
   loop:
   - /etc/hostname
   - /etc/mailname
-  notify: Update hostname.
-#+END_SRC
 
-#+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
-#+BEGIN_SRC conf :tangle roles_t/front/handlers/main.yml :mkdirp yes
----
 - name: Update hostname.
   become: yes
   command: hostname -F /etc/hostname
+  when: domain_name != ansible_hostname
+  tags: actualizer
 #+END_SRC
 
 ** Add Administrator to System Groups
@@ -1376,6 +1385,7 @@ those stored in [[file:Secret/ssh_front/etc/ssh/][=Secret/ssh_front/etc/ssh/=]]
   systemd:
     service: ssh
     state: reloaded
+  tags: actualizer
 #+END_SRC
 
 ** Configure Monkey
@@ -1623,12 +1633,18 @@ start and enable the service.
     dest: /etc/postfix/header_checks.cf
   notify: Postmap header checks.
 
-- name: Enable/Start Postfix.
+- name: Start Postfix.
   become: yes
   systemd:
     service: postfix
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Postfix.
+  become: yes
+  systemd:
+    service: postfix
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
@@ -1639,6 +1655,7 @@ start and enable the service.
   systemd:
     service: postfix
     state: restarted
+  tags: actualizer
 
 - name: Postmap header checks.
   become: yes
@@ -1684,6 +1701,7 @@ created by a more specialized role.
 - name: New aliases.
   become: yes
   command: newaliases
+  tags: actualizer
 #+END_SRC
 
 ** Configure Dovecot IMAPd
@@ -1726,12 +1744,18 @@ and enables it to start at every reboot.
     dest: /etc/dovecot/local.conf
   notify: Restart Dovecot.
 
-- name: Enable/Start Dovecot.
+- name: Start Dovecot.
   become: yes
   systemd:
     service: dovecot
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Dovecot.
+  become: yes
+  systemd:
+    service: dovecot
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
@@ -1742,6 +1766,7 @@ and enables it to start at every reboot.
   systemd:
     service: dovecot
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 ** Configure Apache2 <<apache2-front>>
@@ -1928,12 +1953,18 @@ e.g. =/etc/apache2/sites-available/small.example.org.conf= and runs
     creates: /etc/apache2/sites-enabled/{{ domain_name }}.conf
   notify: Restart Apache2.
 
-- name: Enable/Start Apache2.
+- name: Start Apache2.
   become: yes
   systemd:
     service: apache2
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Apache2.
+  become: yes
+  systemd:
+    service: apache2
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
@@ -1944,6 +1975,7 @@ e.g. =/etc/apache2/sites-available/small.example.org.conf= and runs
   systemd:
     service: apache2
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 Furthermore, the default web site and its HTTPS version is disabled so
@@ -2090,12 +2122,18 @@ The following tasks install WireGuard™, configure it with
     group: root
   notify: Restart WireGuard™.
 
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
   become: yes
   systemd:
     service: wg-quick@wg0
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable WireGuard™.
+  become: yes
+  systemd:
+    service: wg-quick@wg0
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
@@ -2106,6 +2144,7 @@ The following tasks install WireGuard™, configure it with
   systemd:
     service: wg-quick@wg0
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 ** Configure Kamailio
@@ -2178,6 +2217,7 @@ not be started before the ~wg0~ device has appeared.
   become: yes
   systemd:
     daemon-reload: yes
+  tags: actualizer
 #+END_SRC
 
 Finally, Kamailio can be configured and started.
@@ -2193,12 +2233,18 @@ Finally, Kamailio can be configured and started.
     dest: /etc/kamailio/kamailio-local.cfg
   notify: Restart Kamailio.
 
-- name: Enable/Start Kamailio.
+- name: Start Kamailio.
   become: yes
   systemd:
     service: kamailio
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Kamailio.
+  become: yes
+  systemd:
+    service: kamailio
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
@@ -2209,6 +2255,7 @@ Finally, Kamailio can be configured and started.
   systemd:
     service: kamailio
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 
@@ -2258,15 +2305,12 @@ proper email delivery.
   loop:
   - { name: "core.{{ domain_priv }}", file: /etc/mailname }
   - { name: "{{ inventory_hostname }}", file: /etc/hostname }
-  notify: Update hostname.
-#+END_SRC
 
-#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
-#+BEGIN_SRC conf :tangle roles_t/core/handlers/main.yml :mkdirp yes
----
 - name: Update hostname.
   become: yes
   command: hostname -F /etc/hostname
+  when: inventory_hostname != ansible_hostname
+  tags: actualizer
 #+END_SRC
 
 ** Configure Systemd Resolved
@@ -2302,12 +2346,14 @@ list, and to disable its cache and stub listener.
   become: yes
   systemd:
     daemon-reload: yes
+  tags: actualizer
 
 - name: Restart Systemd resolved.
   become: yes
   systemd:
     service: systemd-resolved
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 ** Configure Netplan
@@ -2360,6 +2406,7 @@ core_ethernet:              enp0s3
 - name: Apply netplan.
   become: yes
   command: netplan apply
+  tags: actualizer
 #+END_SRC
 
 ** Configure DHCP For the Private Ethernet
@@ -2436,12 +2483,18 @@ the real [[file:private/core-dhcpd.conf][=private/core-dhcpd.conf=]] (/not/ the
     dest: /etc/dhcp/dhcpd.conf
   notify: Restart DHCP server.
 
-- name: Enable/Start DHCP server.
+- name: Start DHCP server.
   become: yes
   systemd:
     service: isc-dhcp-server
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable DHCP server.
+  become: yes
+  systemd:
+    service: isc-dhcp-server
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
@@ -2452,6 +2505,7 @@ the real [[file:private/core-dhcpd.conf][=private/core-dhcpd.conf=]] (/not/ the
   systemd:
     service: isc-dhcp-server
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 ** Configure BIND9
@@ -2493,12 +2547,18 @@ The following tasks install and configure BIND9 on Core.
   loop: [ domain, private, public_vpn, campus_vpn ]
   notify: Reload BIND9.
 
-- name: Enable/Start BIND9.
+- name: Start BIND9.
   become: yes
   systemd:
     service: bind9
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable BIND9.
+  become: yes
+  systemd:
+    service: bind9
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
@@ -2509,6 +2569,7 @@ The following tasks install and configure BIND9 on Core.
     systemd:
       service: bind9
       state: reloaded
+    tags: actualizer
 #+END_SRC
 
 Examples of the necessary zone files, for the "Install BIND9
@@ -2943,12 +3004,18 @@ enable the service.  Whenever =/etc/postfix/transport= is changed, the
     dest: /etc/postfix/transport
   notify: Postmap transport.
 
-- name: Enable/Start Postfix.
+- name: Start Postfix.
   become: yes
   systemd:
     service: postfix
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Postfix.
+  become: yes
+  systemd:
+    service: postfix
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
@@ -2959,6 +3026,7 @@ enable the service.  Whenever =/etc/postfix/transport= is changed, the
   systemd:
     service: postfix
     state: restarted
+  tags: actualizer
 
 - name: Postmap transport.
   become: yes
@@ -3000,6 +3068,7 @@ installed by more specialized roles.
 - name: New aliases.
   become: yes
   command: newaliases
+  tags: actualizer
 #+END_SRC
 
 ** Configure Dovecot IMAPd
@@ -3041,12 +3110,18 @@ and enables it to start at every reboot.
     dest: /etc/dovecot/local.conf
   notify: Restart Dovecot.
 
-- name: Enable/Start Dovecot.
+- name: Start Dovecot.
   become: yes
   systemd:
     service: dovecot
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Dovecot.
+  become: yes
+  systemd:
+    service: dovecot
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
@@ -3057,6 +3132,7 @@ and enables it to start at every reboot.
   systemd:
     service: dovecot
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 ** Configure Fetchmail
@@ -3160,7 +3236,7 @@ provided the Core service.
   when:
   - members[item].status == 'current'
   - members[item].password_fetchmail is defined
-  tags: accounts
+  tags: accounts, actualizer
 #+END_SRC
 
 Finally, any former member's Fetchmail service on Core should be
@@ -3393,12 +3469,18 @@ The ~a2ensite~ command enables them.
   loop: [ live, test, www, default-ssl ]
   notify: Restart Apache2.
 
-- name: Enable/Start Apache2.
+- name: Start Apache2.
   become: yes
   systemd:
     service: apache2
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Apache2.
+  become: yes
+  systemd:
+    service: apache2
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
@@ -3409,6 +3491,7 @@ The ~a2ensite~ command enables them.
   systemd:
     service: apache2
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 ** Configure Website Updates
@@ -3503,12 +3586,18 @@ The following tasks install WireGuard™, configure it with
     group: root
   notify: Restart WireGuard™.
 
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
   become: yes
   systemd:
     service: wg-quick@wg0
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable WireGuard™.
+  become: yes
+  systemd:
+    service: wg-quick@wg0
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
@@ -3519,6 +3608,7 @@ The following tasks install WireGuard™, configure it with
   systemd:
     service: wg-quick@wg0
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 ** Configure NAGIOS
@@ -3581,12 +3671,18 @@ Core and Campus (and thus Gate) machines.
     dest: /etc/nagios4/conf.d/institute.cfg
   notify: Reload NAGIOS4.
 
-- name: Enable/Start NAGIOS4.
+- name: Start NAGIOS4.
   become: yes
   systemd:
     service: nagios4
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable NAGIOS4.
+  become: yes
+  systemd:
+    service: nagios4
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
@@ -3597,6 +3693,7 @@ Core and Campus (and thus Gate) machines.
   systemd:
     service: nagios4
     state: reloaded
+  tags: actualizer
 #+END_SRC
 
 *** Configure NAGIOS Monitors for Core
@@ -4601,6 +4698,7 @@ new network plan.
 - name: Apply netplan.
   become: yes
   command: netplan apply
+  tags: actualizer
 #+END_SRC
 
 Note that the =60-isp.yaml= file is only updated (created) if it does
@@ -4820,12 +4918,18 @@ addresses (or perhaps finding no ~wild~ interface at all?).
     dest: /etc/systemd/system/isc-dhcp-server.service.d/depend.conf
   notify: Reload Systemd.
 
-- name: Enable/Start DHCP server.
+- name: Start DHCP server.
   become: yes
   systemd:
     service: isc-dhcp-server
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable DHCP server.
+  become: yes
+  systemd:
+    service: isc-dhcp-server
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/gate/handlers/main.yml][=roles_t/gate/handlers/main.yml=]]
@@ -4836,11 +4940,13 @@ addresses (or perhaps finding no ~wild~ interface at all?).
   systemd:
     service: isc-dhcp-server
     state: restarted
+  tags: actualizer
 
 - name: Reload Systemd.
   become: yes
   systemd:
     daemon-reload: yes
+  tags: actualizer
 #+END_SRC
 
 If Gate is configured with ~./abbey config gate~ and then connected to
@@ -4952,12 +5058,18 @@ The following tasks install WireGuard™, configure it with
     group: root
   notify: Restart WireGuard™.
 
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
   become: yes
   systemd:
     service: wg-quick@wg0
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable WireGuard™.
+  become: yes
+  systemd:
+    service: wg-quick@wg0
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/gate/handlers/main.yml][=roles_t/gate/handlers/main.yml=]]
@@ -4968,6 +5080,7 @@ The following tasks install WireGuard™, configure it with
   systemd:
     service: wg-quick@wg0
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 
@@ -5018,6 +5131,7 @@ Clients should be using the expected host name.
   become: yes
   command: hostname -F /etc/hostname
   when: inventory_hostname != ansible_hostname
+  tags: actualizer
 #+END_SRC
 
 ** Configure Systemd Timesyncd
@@ -5045,6 +5159,7 @@ and file timestamps.
   systemd:
     service: systemd-timesyncd
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 ** Add Administrator to System Groups
@@ -5114,12 +5229,18 @@ tasks below.
   - { p: inet_interfaces, v: loopback-only }
   notify: Restart Postfix.
 
-- name: Enable/Start Postfix.
+- name: Start Postfix.
   become: yes
   systemd:
     service: postfix
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Postfix.
+  become: yes
+  systemd:
+    service: postfix
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]]
@@ -5130,6 +5251,7 @@ tasks below.
   systemd:
     service: postfix
     state: restarted
+  tags: actualizer
 #+END_SRC
 
 ** Set Domain Name
@@ -5189,12 +5311,18 @@ Role]].
     dest: /etc/nagios/nrpe.d/institute.cfg
   notify: Reload NRPE server.
 
-- name: Enable/Start NRPE server.
+- name: Start NRPE server.
   become: yes
   systemd:
     service: nagios-nrpe-server
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable NRPE server.
+  become: yes
+  systemd:
+    service: nagios-nrpe-server
+    enabled: yes
 #+END_SRC
 
 #+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]]
@@ -5205,6 +5333,7 @@ Role]].
   systemd:
     service: nagios-nrpe-server
     state: reloaded
+  tags: actualizer
 #+END_SRC
 
 
index a3871b3420462b74902dee63c0044a10b241cfe1..be4f3a997e0985e8d310f12f8847c283e34219d9 100644 (file)
   - ansible_distribution == 'Debian'
   - 11 < ansible_distribution_major_version|int
 
-- name: Enable/Start systemd-networkd.
+- name: Start systemd-networkd.
+  become: yes
+  systemd:
+    service: systemd-networkd
+    state: started
+  tags: actualizer
+
+- name: Enable systemd-networkd.
   become: yes
   systemd:
     service: systemd-networkd
     enabled: yes
+
+- name: Start systemd-resolved.
+  become: yes
+  systemd:
+    service: systemd-resolved
     state: started
+  tags: actualizer
 
-- name: Enable/Start systemd-resolved.
+- name: Enable systemd-resolved.
   become: yes
   systemd:
     service: systemd-resolved
     enabled: yes
-    state: started
 
 - name: Link /etc/resolv.conf.
   become: yes
index be1797fc558968a811f4dc101adbcfc9e6d5952a..58eeef395b29e9fd7835bd5621568816f8690877 100644 (file)
@@ -4,15 +4,18 @@
   systemd:
     service: systemd-timesyncd
     state: restarted
+  tags: actualizer
 
 - name: Restart Postfix.
   become: yes
   systemd:
     service: postfix
     state: restarted
+  tags: actualizer
 
 - name: Reload NRPE server.
   become: yes
   systemd:
     service: nagios-nrpe-server
     state: reloaded
+  tags: actualizer
index 2290779dedc67feeacc748433ba0153802277f08..3e32d16753b50b9c80f480933139b86387a5b429 100644 (file)
@@ -19,6 +19,7 @@
   become: yes
   command: hostname -F /etc/hostname
   when: inventory_hostname != ansible_hostname
+  tags: actualizer
 
 - name: Configure timesyncd.
   become: yes
   - { p: inet_interfaces, v: loopback-only }
   notify: Restart Postfix.
 
-- name: Enable/Start Postfix.
+- name: Start Postfix.
   become: yes
   systemd:
     service: postfix
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Postfix.
+  become: yes
+  systemd:
+    service: postfix
+    enabled: yes
 
 - name: Set domain name.
   become: yes
     dest: /etc/nagios/nrpe.d/institute.cfg
   notify: Reload NRPE server.
 
-- name: Enable/Start NRPE server.
+- name: Start NRPE server.
   become: yes
   systemd:
     service: nagios-nrpe-server
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable NRPE server.
+  become: yes
+  systemd:
+    service: nagios-nrpe-server
+    enabled: yes
index d804487a32ab290bbb09b429bf169b05a3a74393..ad8d3416f43f8133da3e43fcf8bb67544f15a90f 100644 (file)
@@ -1,40 +1,43 @@
 ---
-- name: Update hostname.
-  become: yes
-  command: hostname -F /etc/hostname
-
 - name: Reload Systemd.
   become: yes
   systemd:
     daemon-reload: yes
+  tags: actualizer
 
 - name: Restart Systemd resolved.
   become: yes
   systemd:
     service: systemd-resolved
     state: restarted
+  tags: actualizer
 
 - name: Apply netplan.
   become: yes
   command: netplan apply
+  tags: actualizer
 
 - name: Restart DHCP server.
   become: yes
   systemd:
     service: isc-dhcp-server
     state: restarted
+  tags: actualizer
 
 - name: Reload BIND9.
   become: yes
   systemd:
     service: bind9
     state: reloaded
+  tags: actualizer
+
 
 - name: Restart Postfix.
   become: yes
   systemd:
     service: postfix
     state: restarted
+  tags: actualizer
 
 - name: Postmap transport.
   become: yes
 - name: New aliases.
   become: yes
   command: newaliases
+  tags: actualizer
 
 - name: Restart Dovecot.
   become: yes
   systemd:
     service: dovecot
     state: restarted
+  tags: actualizer
 
 - name: Restart Apache2.
   become: yes
   systemd:
     service: apache2
     state: restarted
+  tags: actualizer
 
 - name: Restart WireGuard™.
   become: yes
   systemd:
     service: wg-quick@wg0
     state: restarted
+  tags: actualizer
 
 - name: Reload NAGIOS4.
   become: yes
   systemd:
     service: nagios4
     state: reloaded
+  tags: actualizer
 
 - name: Import root PGP key.
   become: no
index 2710d7350c2db22600ef9f505fd3e824e5b2924f..74c48192859fa309dbd9a8eab46055a1d64a59e5 100644 (file)
   loop:
   - { name: "core.{{ domain_priv }}", file: /etc/mailname }
   - { name: "{{ inventory_hostname }}", file: /etc/hostname }
-  notify: Update hostname.
+
+- name: Update hostname.
+  become: yes
+  command: hostname -F /etc/hostname
+  when: inventory_hostname != ansible_hostname
+  tags: actualizer
 
 - name: Configure resolved.
   become: yes
     dest: /etc/dhcp/dhcpd.conf
   notify: Restart DHCP server.
 
-- name: Enable/Start DHCP server.
+- name: Start DHCP server.
   become: yes
   systemd:
     service: isc-dhcp-server
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable DHCP server.
+  become: yes
+  systemd:
+    service: isc-dhcp-server
+    enabled: yes
 
 - name: Install BIND9.
   become: yes
   loop: [ domain, private, public_vpn, campus_vpn ]
   notify: Reload BIND9.
 
-- name: Enable/Start BIND9.
+- name: Start BIND9.
   become: yes
   systemd:
     service: bind9
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable BIND9.
+  become: yes
+  systemd:
+    service: bind9
+    enabled: yes
 
 - name: Add {{ ansible_user }} to system groups.
   become: yes
     dest: /etc/postfix/transport
   notify: Postmap transport.
 
-- name: Enable/Start Postfix.
+- name: Start Postfix.
   become: yes
   systemd:
     service: postfix
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Postfix.
+  become: yes
+  systemd:
+    service: postfix
+    enabled: yes
 
 - name: Install institute email aliases.
   become: yes
     dest: /etc/dovecot/local.conf
   notify: Restart Dovecot.
 
-- name: Enable/Start Dovecot.
+- name: Start Dovecot.
   become: yes
   systemd:
     service: dovecot
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Dovecot.
+  become: yes
+  systemd:
+    service: dovecot
+    enabled: yes
 
 - name: Install fetchmail.
   become: yes
   when:
   - members[item].status == 'current'
   - members[item].password_fetchmail is defined
-  tags: accounts
+  tags: accounts, actualizer
 
 - name: Stop former user fetchmail services.
   become: yes
   loop: [ live, test, www, default-ssl ]
   notify: Restart Apache2.
 
-- name: Enable/Start Apache2.
+- name: Start Apache2.
   become: yes
   systemd:
     service: apache2
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Apache2.
+  become: yes
+  systemd:
+    service: apache2
+    enabled: yes
 
 - name: "Install Monkey's webupdate script."
   become: yes
     group: root
   notify: Restart WireGuard™.
 
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
   become: yes
   systemd:
     service: wg-quick@wg0
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable WireGuard™.
+  become: yes
+  systemd:
+    service: wg-quick@wg0
+    enabled: yes
 
 - name: Install NAGIOS4.
   become: yes
     dest: /etc/nagios4/conf.d/institute.cfg
   notify: Reload NAGIOS4.
 
-- name: Enable/Start NAGIOS4.
+- name: Start NAGIOS4.
   become: yes
   systemd:
     service: nagios4
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable NAGIOS4.
+  become: yes
+  systemd:
+    service: nagios4
+    enabled: yes
 
 - name: Install backup script.
   become: yes
index 0db39f3119ddec6851be69331cfddf52bbffcb1a..21f962a4a13b013e710d48af8f8c8ac961762008 100644 (file)
@@ -1,19 +1,17 @@
 ---
-- name: Update hostname.
-  become: yes
-  command: hostname -F /etc/hostname
-
 - name: Reload SSH server.
   become: yes
   systemd:
     service: ssh
     state: reloaded
+  tags: actualizer
 
 - name: Restart Postfix.
   become: yes
   systemd:
     service: postfix
     state: restarted
+  tags: actualizer
 
 - name: Postmap header checks.
   become: yes
 - name: New aliases.
   become: yes
   command: newaliases
+  tags: actualizer
 
 - name: Restart Dovecot.
   become: yes
   systemd:
     service: dovecot
     state: restarted
+  tags: actualizer
 
 - name: Restart Apache2.
   become: yes
   systemd:
     service: apache2
     state: restarted
+  tags: actualizer
 
 - name: Restart WireGuard™.
   become: yes
   systemd:
     service: wg-quick@wg0
     state: restarted
+  tags: actualizer
 
 - name: Reload Systemd.
   become: yes
   systemd:
     daemon-reload: yes
+  tags: actualizer
 
 - name: Restart Kamailio.
   become: yes
   systemd:
     service: kamailio
     state: restarted
+  tags: actualizer
index 1203e7dac4b23d552a4f67ddec5114d777769432..58a52c8695d1cca9655f5600a54e30cfc7a8bc5d 100644 (file)
   loop:
   - /etc/hostname
   - /etc/mailname
-  notify: Update hostname.
+
+- name: Update hostname.
+  become: yes
+  command: hostname -F /etc/hostname
+  when: domain_name != ansible_hostname
+  tags: actualizer
 
 - name: Add {{ ansible_user }} to system groups.
   become: yes
     dest: /etc/postfix/header_checks.cf
   notify: Postmap header checks.
 
-- name: Enable/Start Postfix.
+- name: Start Postfix.
   become: yes
   systemd:
     service: postfix
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Postfix.
+  become: yes
+  systemd:
+    service: postfix
+    enabled: yes
 
 - name: Install institute email aliases.
   become: yes
     dest: /etc/dovecot/local.conf
   notify: Restart Dovecot.
 
-- name: Enable/Start Dovecot.
+- name: Start Dovecot.
   become: yes
   systemd:
     service: dovecot
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Dovecot.
+  become: yes
+  systemd:
+    service: dovecot
+    enabled: yes
 
 - name: Install Apache2.
   become: yes
     creates: /etc/apache2/sites-enabled/{{ domain_name }}.conf
   notify: Restart Apache2.
 
-- name: Enable/Start Apache2.
+- name: Start Apache2.
   become: yes
   systemd:
     service: apache2
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Apache2.
+  become: yes
+  systemd:
+    service: apache2
+    enabled: yes
 
 - name: Disable default vhosts.
   become: yes
     group: root
   notify: Restart WireGuard™.
 
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
   become: yes
   systemd:
     service: wg-quick@wg0
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable WireGuard™.
+  become: yes
+  systemd:
+    service: wg-quick@wg0
+    enabled: yes
 
 - name: Install Kamailio.
   become: yes
     dest: /etc/kamailio/kamailio-local.cfg
   notify: Restart Kamailio.
 
-- name: Enable/Start Kamailio.
+- name: Start Kamailio.
   become: yes
   systemd:
     service: kamailio
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable Kamailio.
+  become: yes
+  systemd:
+    service: kamailio
+    enabled: yes
index 857346dfa9bd9f91cfd0e3f715117de0d8e59a7f..2028a5911c32f1ed531b3d2bdf41fe89c12e8e45 100644 (file)
@@ -2,20 +2,24 @@
 - name: Apply netplan.
   become: yes
   command: netplan apply
+  tags: actualizer
 
 - name: Restart DHCP server.
   become: yes
   systemd:
     service: isc-dhcp-server
     state: restarted
+  tags: actualizer
 
 - name: Reload Systemd.
   become: yes
   systemd:
     daemon-reload: yes
+  tags: actualizer
 
 - name: Restart WireGuard™.
   become: yes
   systemd:
     service: wg-quick@wg0
     state: restarted
+  tags: actualizer
index 9b3aa91802d0a4cc2bea5419acb59289796e80bc..d6510b8b5321de77b3b4dfe5957f9d929e166169 100644 (file)
     dest: /etc/systemd/system/isc-dhcp-server.service.d/depend.conf
   notify: Reload Systemd.
 
-- name: Enable/Start DHCP server.
+- name: Start DHCP server.
   become: yes
   systemd:
     service: isc-dhcp-server
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable DHCP server.
+  become: yes
+  systemd:
+    service: isc-dhcp-server
+    enabled: yes
+
 
 - name: Install WireGuard™.
   become: yes
     group: root
   notify: Restart WireGuard™.
 
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
   become: yes
   systemd:
     service: wg-quick@wg0
-    enabled: yes
     state: started
+  tags: actualizer
+
+- name: Enable WireGuard™.
+  become: yes
+  systemd:
+    service: wg-quick@wg0
+    enabled: yes