- ansible_distribution == 'Debian'
- 11 < ansible_distribution_major_version|int
-- name: Enable/Start systemd-networkd.
+- name: Start systemd-networkd.
+ become: yes
+ systemd:
+ service: systemd-networkd
+ state: started
+ tags: actualizer
+
+- name: Enable systemd-networkd.
become: yes
systemd:
service: systemd-networkd
enabled: yes
+
+- name: Start systemd-resolved.
+ become: yes
+ systemd:
+ service: systemd-resolved
state: started
+ tags: actualizer
-- name: Enable/Start systemd-resolved.
+- name: Enable systemd-resolved.
become: yes
systemd:
service: systemd-resolved
enabled: yes
- state: started
- name: Link /etc/resolv.conf.
become: yes
loop:
- /etc/hostname
- /etc/mailname
- notify: Update hostname.
-#+END_SRC
-#+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
-#+BEGIN_SRC conf :tangle roles_t/front/handlers/main.yml :mkdirp yes
----
- name: Update hostname.
become: yes
command: hostname -F /etc/hostname
+ when: domain_name != ansible_hostname
+ tags: actualizer
#+END_SRC
** Add Administrator to System Groups
systemd:
service: ssh
state: reloaded
+ tags: actualizer
#+END_SRC
** Configure Monkey
dest: /etc/postfix/header_checks.cf
notify: Postmap header checks.
-- name: Enable/Start Postfix.
+- name: Start Postfix.
become: yes
systemd:
service: postfix
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Postfix.
+ become: yes
+ systemd:
+ service: postfix
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
systemd:
service: postfix
state: restarted
+ tags: actualizer
- name: Postmap header checks.
become: yes
- name: New aliases.
become: yes
command: newaliases
+ tags: actualizer
#+END_SRC
** Configure Dovecot IMAPd
dest: /etc/dovecot/local.conf
notify: Restart Dovecot.
-- name: Enable/Start Dovecot.
+- name: Start Dovecot.
become: yes
systemd:
service: dovecot
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Dovecot.
+ become: yes
+ systemd:
+ service: dovecot
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
systemd:
service: dovecot
state: restarted
+ tags: actualizer
#+END_SRC
** Configure Apache2 <<apache2-front>>
creates: /etc/apache2/sites-enabled/{{ domain_name }}.conf
notify: Restart Apache2.
-- name: Enable/Start Apache2.
+- name: Start Apache2.
become: yes
systemd:
service: apache2
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Apache2.
+ become: yes
+ systemd:
+ service: apache2
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
systemd:
service: apache2
state: restarted
+ tags: actualizer
#+END_SRC
Furthermore, the default web site and its HTTPS version is disabled so
group: root
notify: Restart WireGuard™.
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
become: yes
systemd:
service: wg-quick@wg0
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable WireGuard™.
+ become: yes
+ systemd:
+ service: wg-quick@wg0
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
systemd:
service: wg-quick@wg0
state: restarted
+ tags: actualizer
#+END_SRC
** Configure Kamailio
become: yes
systemd:
daemon-reload: yes
+ tags: actualizer
#+END_SRC
Finally, Kamailio can be configured and started.
dest: /etc/kamailio/kamailio-local.cfg
notify: Restart Kamailio.
-- name: Enable/Start Kamailio.
+- name: Start Kamailio.
become: yes
systemd:
service: kamailio
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Kamailio.
+ become: yes
+ systemd:
+ service: kamailio
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/front/handlers/main.yml][=roles_t/front/handlers/main.yml=]]
systemd:
service: kamailio
state: restarted
+ tags: actualizer
#+END_SRC
loop:
- { name: "core.{{ domain_priv }}", file: /etc/mailname }
- { name: "{{ inventory_hostname }}", file: /etc/hostname }
- notify: Update hostname.
-#+END_SRC
-#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
-#+BEGIN_SRC conf :tangle roles_t/core/handlers/main.yml :mkdirp yes
----
- name: Update hostname.
become: yes
command: hostname -F /etc/hostname
+ when: inventory_hostname != ansible_hostname
+ tags: actualizer
#+END_SRC
** Configure Systemd Resolved
become: yes
systemd:
daemon-reload: yes
+ tags: actualizer
- name: Restart Systemd resolved.
become: yes
systemd:
service: systemd-resolved
state: restarted
+ tags: actualizer
#+END_SRC
** Configure Netplan
- name: Apply netplan.
become: yes
command: netplan apply
+ tags: actualizer
#+END_SRC
** Configure DHCP For the Private Ethernet
dest: /etc/dhcp/dhcpd.conf
notify: Restart DHCP server.
-- name: Enable/Start DHCP server.
+- name: Start DHCP server.
become: yes
systemd:
service: isc-dhcp-server
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable DHCP server.
+ become: yes
+ systemd:
+ service: isc-dhcp-server
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
systemd:
service: isc-dhcp-server
state: restarted
+ tags: actualizer
#+END_SRC
** Configure BIND9
loop: [ domain, private, public_vpn, campus_vpn ]
notify: Reload BIND9.
-- name: Enable/Start BIND9.
+- name: Start BIND9.
become: yes
systemd:
service: bind9
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable BIND9.
+ become: yes
+ systemd:
+ service: bind9
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
systemd:
service: bind9
state: reloaded
+ tags: actualizer
#+END_SRC
Examples of the necessary zone files, for the "Install BIND9
dest: /etc/postfix/transport
notify: Postmap transport.
-- name: Enable/Start Postfix.
+- name: Start Postfix.
become: yes
systemd:
service: postfix
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Postfix.
+ become: yes
+ systemd:
+ service: postfix
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
systemd:
service: postfix
state: restarted
+ tags: actualizer
- name: Postmap transport.
become: yes
- name: New aliases.
become: yes
command: newaliases
+ tags: actualizer
#+END_SRC
** Configure Dovecot IMAPd
dest: /etc/dovecot/local.conf
notify: Restart Dovecot.
-- name: Enable/Start Dovecot.
+- name: Start Dovecot.
become: yes
systemd:
service: dovecot
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Dovecot.
+ become: yes
+ systemd:
+ service: dovecot
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
systemd:
service: dovecot
state: restarted
+ tags: actualizer
#+END_SRC
** Configure Fetchmail
when:
- members[item].status == 'current'
- members[item].password_fetchmail is defined
- tags: accounts
+ tags: accounts, actualizer
#+END_SRC
Finally, any former member's Fetchmail service on Core should be
loop: [ live, test, www, default-ssl ]
notify: Restart Apache2.
-- name: Enable/Start Apache2.
+- name: Start Apache2.
become: yes
systemd:
service: apache2
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Apache2.
+ become: yes
+ systemd:
+ service: apache2
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
systemd:
service: apache2
state: restarted
+ tags: actualizer
#+END_SRC
** Configure Website Updates
group: root
notify: Restart WireGuard™.
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
become: yes
systemd:
service: wg-quick@wg0
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable WireGuard™.
+ become: yes
+ systemd:
+ service: wg-quick@wg0
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
systemd:
service: wg-quick@wg0
state: restarted
+ tags: actualizer
#+END_SRC
** Configure NAGIOS
dest: /etc/nagios4/conf.d/institute.cfg
notify: Reload NAGIOS4.
-- name: Enable/Start NAGIOS4.
+- name: Start NAGIOS4.
become: yes
systemd:
service: nagios4
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable NAGIOS4.
+ become: yes
+ systemd:
+ service: nagios4
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/core/handlers/main.yml][=roles_t/core/handlers/main.yml=]]
systemd:
service: nagios4
state: reloaded
+ tags: actualizer
#+END_SRC
*** Configure NAGIOS Monitors for Core
- name: Apply netplan.
become: yes
command: netplan apply
+ tags: actualizer
#+END_SRC
Note that the =60-isp.yaml= file is only updated (created) if it does
dest: /etc/systemd/system/isc-dhcp-server.service.d/depend.conf
notify: Reload Systemd.
-- name: Enable/Start DHCP server.
+- name: Start DHCP server.
become: yes
systemd:
service: isc-dhcp-server
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable DHCP server.
+ become: yes
+ systemd:
+ service: isc-dhcp-server
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/gate/handlers/main.yml][=roles_t/gate/handlers/main.yml=]]
systemd:
service: isc-dhcp-server
state: restarted
+ tags: actualizer
- name: Reload Systemd.
become: yes
systemd:
daemon-reload: yes
+ tags: actualizer
#+END_SRC
If Gate is configured with ~./abbey config gate~ and then connected to
group: root
notify: Restart WireGuard™.
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
become: yes
systemd:
service: wg-quick@wg0
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable WireGuard™.
+ become: yes
+ systemd:
+ service: wg-quick@wg0
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/gate/handlers/main.yml][=roles_t/gate/handlers/main.yml=]]
systemd:
service: wg-quick@wg0
state: restarted
+ tags: actualizer
#+END_SRC
become: yes
command: hostname -F /etc/hostname
when: inventory_hostname != ansible_hostname
+ tags: actualizer
#+END_SRC
** Configure Systemd Timesyncd
systemd:
service: systemd-timesyncd
state: restarted
+ tags: actualizer
#+END_SRC
** Add Administrator to System Groups
- { p: inet_interfaces, v: loopback-only }
notify: Restart Postfix.
-- name: Enable/Start Postfix.
+- name: Start Postfix.
become: yes
systemd:
service: postfix
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Postfix.
+ become: yes
+ systemd:
+ service: postfix
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]]
systemd:
service: postfix
state: restarted
+ tags: actualizer
#+END_SRC
** Set Domain Name
dest: /etc/nagios/nrpe.d/institute.cfg
notify: Reload NRPE server.
-- name: Enable/Start NRPE server.
+- name: Start NRPE server.
become: yes
systemd:
service: nagios-nrpe-server
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable NRPE server.
+ become: yes
+ systemd:
+ service: nagios-nrpe-server
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]]
systemd:
service: nagios-nrpe-server
state: reloaded
+ tags: actualizer
#+END_SRC
loop:
- { name: "core.{{ domain_priv }}", file: /etc/mailname }
- { name: "{{ inventory_hostname }}", file: /etc/hostname }
- notify: Update hostname.
+
+- name: Update hostname.
+ become: yes
+ command: hostname -F /etc/hostname
+ when: inventory_hostname != ansible_hostname
+ tags: actualizer
- name: Configure resolved.
become: yes
dest: /etc/dhcp/dhcpd.conf
notify: Restart DHCP server.
-- name: Enable/Start DHCP server.
+- name: Start DHCP server.
become: yes
systemd:
service: isc-dhcp-server
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable DHCP server.
+ become: yes
+ systemd:
+ service: isc-dhcp-server
+ enabled: yes
- name: Install BIND9.
become: yes
loop: [ domain, private, public_vpn, campus_vpn ]
notify: Reload BIND9.
-- name: Enable/Start BIND9.
+- name: Start BIND9.
become: yes
systemd:
service: bind9
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable BIND9.
+ become: yes
+ systemd:
+ service: bind9
+ enabled: yes
- name: Add {{ ansible_user }} to system groups.
become: yes
dest: /etc/postfix/transport
notify: Postmap transport.
-- name: Enable/Start Postfix.
+- name: Start Postfix.
become: yes
systemd:
service: postfix
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Postfix.
+ become: yes
+ systemd:
+ service: postfix
+ enabled: yes
- name: Install institute email aliases.
become: yes
dest: /etc/dovecot/local.conf
notify: Restart Dovecot.
-- name: Enable/Start Dovecot.
+- name: Start Dovecot.
become: yes
systemd:
service: dovecot
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Dovecot.
+ become: yes
+ systemd:
+ service: dovecot
+ enabled: yes
- name: Install fetchmail.
become: yes
when:
- members[item].status == 'current'
- members[item].password_fetchmail is defined
- tags: accounts
+ tags: accounts, actualizer
- name: Stop former user fetchmail services.
become: yes
loop: [ live, test, www, default-ssl ]
notify: Restart Apache2.
-- name: Enable/Start Apache2.
+- name: Start Apache2.
become: yes
systemd:
service: apache2
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable Apache2.
+ become: yes
+ systemd:
+ service: apache2
+ enabled: yes
- name: "Install Monkey's webupdate script."
become: yes
group: root
notify: Restart WireGuard™.
-- name: Enable/Start WireGuard™ on boot.
+- name: Start WireGuard™.
become: yes
systemd:
service: wg-quick@wg0
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable WireGuard™.
+ become: yes
+ systemd:
+ service: wg-quick@wg0
+ enabled: yes
- name: Install NAGIOS4.
become: yes
dest: /etc/nagios4/conf.d/institute.cfg
notify: Reload NAGIOS4.
-- name: Enable/Start NAGIOS4.
+- name: Start NAGIOS4.
become: yes
systemd:
service: nagios4
- enabled: yes
state: started
+ tags: actualizer
+
+- name: Enable NAGIOS4.
+ become: yes
+ systemd:
+ service: nagios4
+ enabled: yes
- name: Install backup script.
become: yes