linting
This commit is contained in:
parent
a7b16cb3bc
commit
20a93c9fcb
@ -6,12 +6,12 @@
|
||||
command: localectl set-keymap {{ arch_base_keymap }}
|
||||
|
||||
- name: Update_pacman_repos
|
||||
become: yes
|
||||
pacman: update_cache=yes
|
||||
become: true
|
||||
pacman: update_cache=true
|
||||
|
||||
- name: Restart sshd
|
||||
service: name=sshd state=restarted
|
||||
become: yes
|
||||
become: true
|
||||
|
||||
- name: restart_sysctl
|
||||
service: name=systemd-sysctl state=restarted
|
||||
|
@ -1,29 +1,30 @@
|
||||
- name: install base-devel package
|
||||
pacman:
|
||||
state: present # not required. choices: absent;latest;present. Desired state of the package.
|
||||
name: ['base-devel'] # not required. Name or list of names of the packages to install, upgrade, or remove.
|
||||
update_cache: yes
|
||||
become: yes
|
||||
name: ["base-devel"] # not required. Name or list of names of the packages to install, upgrade, or remove.
|
||||
update_cache: true
|
||||
become: true
|
||||
|
||||
- name: Create aur_builder user
|
||||
user:
|
||||
name: aur_builder
|
||||
group: wheel
|
||||
become: yes
|
||||
become: true
|
||||
|
||||
- name: Allow aur_builder to run pacman as root
|
||||
lineinfile:
|
||||
path: /etc/sudoers.d/11-install-aur_builder
|
||||
line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
|
||||
create: yes
|
||||
validate: 'visudo -cf %s'
|
||||
become: yes
|
||||
line: "aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman"
|
||||
create: true
|
||||
validate: "visudo -cf %s"
|
||||
mode: 0600
|
||||
become: true
|
||||
|
||||
- name: install yay
|
||||
aur:
|
||||
state: present
|
||||
name: yay
|
||||
use: makepkg
|
||||
skip_pgp_check: yes
|
||||
become: yes
|
||||
skip_pgp_check: true
|
||||
become: true
|
||||
become_user: aur_builder
|
||||
|
@ -1,19 +1,19 @@
|
||||
- name: upgrade arch-keyring
|
||||
pacman:
|
||||
state: latest # not required. choices: absent;latest;present. Desired state of the package.
|
||||
state: latest # noqa package-latest
|
||||
name: archlinux-keyring
|
||||
force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases.
|
||||
force: true
|
||||
update_cache: false
|
||||
become: yes
|
||||
become: true
|
||||
when: system_upgrade and ansible_facts['os_family'] == "Archlinux"
|
||||
|
||||
- name: upgrade system
|
||||
pacman:
|
||||
state: latest # not required. choices: absent;latest;present. Desired state of the package.
|
||||
upgrade: true # not required. Whether or not to upgrade whole system.
|
||||
force: true # not required. When removing package - force remove package, without any checks. When update_cache - force redownload repo databases.
|
||||
state: latest # noqa package-latest
|
||||
upgrade: true
|
||||
force: true
|
||||
update_cache: false
|
||||
become: yes
|
||||
become: true
|
||||
when: system_upgrade and ansible_facts['os_family'] == "Archlinux"
|
||||
register: upgrade
|
||||
|
||||
@ -21,33 +21,34 @@
|
||||
reboot:
|
||||
reboot_timeout: 3600
|
||||
when: upgrade.changed and "linux" in upgrade.packages and system_upgrade and ansible_facts['os_family'] == "Archlinux"
|
||||
become: yes
|
||||
become: true
|
||||
|
||||
- name: launch arch base install software
|
||||
pacman:
|
||||
state: present # not required. choices: absent;latest;present. Desired state of the package.
|
||||
name: "{{system_base_softwares_arch}}"
|
||||
become: yes
|
||||
state: present
|
||||
name: "{{ system_base_softwares_arch }}"
|
||||
become: true
|
||||
when: ansible_facts['os_family'] == "Archlinux"
|
||||
|
||||
- name: install aur workstation soft
|
||||
aur:
|
||||
name: "{{ system_base_aur_soft }}"
|
||||
state: present
|
||||
become: yes
|
||||
become: true
|
||||
become_user: aur_builder
|
||||
when: ansible_facts['os_family'] == "Archlinux" and system_base_aur_soft
|
||||
|
||||
- name: launch debian base install software
|
||||
apt:
|
||||
state: present # not required. choices: absent;latest;present. Desired state of the package.
|
||||
name: "{{system_base_softwares_debian}}"
|
||||
update_cache: yes
|
||||
become: yes
|
||||
state: present
|
||||
name: "{{ system_base_softwares_debian }}"
|
||||
update_cache: true
|
||||
become: true
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: GITHUB | Get current version of bat
|
||||
shell: >
|
||||
set -o pipefail
|
||||
warn=False
|
||||
curl --silent https://github.com/sharkdp/bat/releases/latest |
|
||||
grep 'tag' |
|
||||
@ -66,12 +67,12 @@
|
||||
- name: DEBIAN | Install deb from github
|
||||
become: true
|
||||
apt:
|
||||
deb: "{{debian_url}}"
|
||||
deb: "{{ debian_url }}"
|
||||
when: ansible_facts['os_family'] == "Debian"
|
||||
|
||||
- name: pass user shell to zsh
|
||||
user:
|
||||
name: "{{user.name}}" # required. Name of the user to create, remove or modify.
|
||||
shell: /bin/zsh # not required. Optionally set the user's shell.,On macOS, before version 2.5, the default shell for non-system users was /usr/bin/false. Since 2.5, the default shell for non-system users on macOS is /bin/bash.
|
||||
state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
|
||||
become: yes
|
||||
name: "{{ user.name }}"
|
||||
shell: /bin/zsh
|
||||
state: present
|
||||
become: true
|
||||
|
@ -1,6 +1,6 @@
|
||||
- name: add repo main contrib
|
||||
apt_repository:
|
||||
repo: deb http://ftp.fr.debian.org/debian/ stable main contrib non-free
|
||||
state: present # not required. choices: absent;present. A source string state.
|
||||
update_cache: yes # not required. Run the equivalent of C(apt-get update) when a change occurs. Cache updates are run after making changes.
|
||||
become: yes
|
||||
state: present
|
||||
update_cache: true
|
||||
become: true
|
||||
|
@ -1,6 +1,5 @@
|
||||
|
||||
- name: Ensure hostname set
|
||||
hostname:
|
||||
name: "{{ inventory_hostname }}"
|
||||
use: systemd
|
||||
become: yes
|
||||
become: true
|
||||
|
@ -1,22 +1,30 @@
|
||||
---
|
||||
- name: Set keymap
|
||||
copy: content="KEYMAP={{ arch_base_keymap }}\n" dest=/etc/vconsole.conf
|
||||
copy:
|
||||
content: "KEYMAP={{ arch_base_keymap }}\n"
|
||||
dest: /etc/vconsole.conf
|
||||
mode: 0644
|
||||
notify: Update keymap
|
||||
become: yes
|
||||
become: true
|
||||
|
||||
- name: Generate locales
|
||||
locale_gen:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ arch_base_locales }}"
|
||||
become: yes
|
||||
become: true
|
||||
|
||||
- name: Set locale
|
||||
lineinfile: dest=/etc/locale.conf line="LANG={{ arch_base_locale }}" regexp="^LANG=" create=yes
|
||||
become: yes
|
||||
lineinfile:
|
||||
dest: /etc/locale.conf
|
||||
line: "LANG={{ arch_base_locale }}"
|
||||
regexp: "^LANG="
|
||||
create: true
|
||||
mode: 0644
|
||||
become: true
|
||||
|
||||
- name: Set timezone
|
||||
become: yes
|
||||
become: true
|
||||
command: timedatectl set-timezone {{ arch_base_timezone }}
|
||||
args:
|
||||
creates: /etc/localtime
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
#- include_tasks: hostname.yml
|
||||
- include_tasks: hostname.yml
|
||||
- include_tasks: hosts.yml
|
||||
- include_tasks: tasks.sysctl.yml
|
||||
- include_tasks: dhcpcd.yml
|
||||
|
@ -1,23 +1,23 @@
|
||||
---
|
||||
- name: Configure pacman color
|
||||
replace: dest=/etc/pacman.conf regexp="^#(Color)" replace="\1"
|
||||
become: yes
|
||||
become: true
|
||||
|
||||
- name: Configure more pacman visuals
|
||||
replace: dest=/etc/pacman.conf regexp="#(VerbosePkgLists)" replace="\1\nILoveCandy"
|
||||
become: yes
|
||||
become: true
|
||||
|
||||
- name: Configure pacman multilib repo
|
||||
become: yes
|
||||
become: true
|
||||
replace: dest=/etc/pacman.conf regexp="^#(\[multilib\])\n^#(.*)$" replace="\1\n\2"
|
||||
notify: Update_pacman_repos
|
||||
when: ansible_architecture == "x86_64"
|
||||
|
||||
- name: add local repo to mirrorlist
|
||||
become: yes
|
||||
become: true
|
||||
lineinfile:
|
||||
path: /etc/pacman.d/mirrorlist
|
||||
line: "Server= {{system_arch_local_mirror}}/$repo/os/$arch"
|
||||
line: "Server= {{ system_arch_local_mirror }}/$repo/os/$arch"
|
||||
state: present
|
||||
insertbefore: BOF
|
||||
when: system_arch_local_mirror is defined
|
||||
@ -27,8 +27,7 @@
|
||||
path: "/etc/ssl/certs/ca-certificates.crt" # required. The full path of the file/object to get the facts of.
|
||||
register: cacertificates
|
||||
|
||||
|
||||
- name: reinstall certificate for old system
|
||||
command: "pacman -Sy ca-certificates-utils openssl --noconfirm"
|
||||
become: yes
|
||||
become: true
|
||||
when: not cacertificates.stat.exists
|
||||
|
@ -1,15 +1,15 @@
|
||||
- name: copy ssh config for user
|
||||
become: yes
|
||||
become: true
|
||||
copy:
|
||||
dest: /home/{{item}}/.ssh/ # required. Remote absolute path where the file should be copied to. If I(src) is a directory, this must be a directory too. If I(dest) is a nonexistent path and if either I(dest) ends with "/" or I(src) is a directory, I(dest) is created. If I(src) and I(dest) are files, the parent directory of I(dest) isn't created: the task fails if it doesn't already exist.
|
||||
src: "ssh/config" # not required. Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync.
|
||||
force: yes # not required. the default is C(yes), which will replace the remote file when contents are different than the source. If C(no), the file will only be transferred if the destination does not exist.
|
||||
remote_src: no # not required. If C(no), it will search for I(src) at originating/master machine.,If C(yes) it will go to the remote/target machine for the I(src). Default is C(no).,Currently I(remote_src) does not support recursive copying.,I(remote_src) only works with C(mode=preserve) as of version 2.6.
|
||||
mode: "600" # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)). As of version 2.3, the mode may also be the special string C(preserve). C(preserve) means that the file will be given the same permissions as the source file.
|
||||
selevel: s0 # not required. Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the C(range). C(_default) feature works as for I(seuser).
|
||||
owner: "{{item}}" # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
|
||||
dest: /home/{{ item }}/.ssh/
|
||||
src: "ssh/config"
|
||||
force: true
|
||||
remote_src: false
|
||||
mode: "600"
|
||||
selevel: s0
|
||||
owner: "{{ item }}"
|
||||
with_items:
|
||||
- "{{user.name}}"
|
||||
- "{{ user.name }}"
|
||||
- name: ensure root ssh directory exist
|
||||
become: true
|
||||
file:
|
||||
@ -19,44 +19,44 @@
|
||||
mode: 0700
|
||||
|
||||
- name: copy ssh config for root
|
||||
become: yes
|
||||
become: true
|
||||
copy:
|
||||
dest: /root/.ssh/ # required. Remote absolute path where the file should be copied to. If I(src) is a directory, this must be a directory too. If I(dest) is a nonexistent path and if either I(dest) ends with "/" or I(src) is a directory, I(dest) is created. If I(src) and I(dest) are files, the parent directory of I(dest) isn't created: the task fails if it doesn't already exist.
|
||||
src: "ssh/config" # not required. Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync.
|
||||
force: yes # not required. the default is C(yes), which will replace the remote file when contents are different than the source. If C(no), the file will only be transferred if the destination does not exist.
|
||||
remote_src: no # not required. If C(no), it will search for I(src) at originating/master machine.,If C(yes) it will go to the remote/target machine for the I(src). Default is C(no).,Currently I(remote_src) does not support recursive copying.,I(remote_src) only works with C(mode=preserve) as of version 2.6.
|
||||
mode: "600" # not required. Mode the file or directory should be. For those used to I(/usr/bin/chmod) remember that modes are actually octal numbers. You must either add a leading zero so that Ansible's YAML parser knows it is an octal number (like C(0644) or C(01777)) or quote it (like C('644') or C('1777')) so Ansible receives a string and can do its own conversion from string into number. Giving Ansible a number without following one of these rules will end up with a decimal number which will have unexpected results. As of version 1.8, the mode may be specified as a symbolic mode (for example, C(u+rwx) or C(u=rw,g=r,o=r)). As of version 2.3, the mode may also be the special string C(preserve). C(preserve) means that the file will be given the same permissions as the source file.
|
||||
selevel: s0 # not required. Level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the C(range). C(_default) feature works as for I(seuser).
|
||||
owner: "root" # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
|
||||
dest: /root/.ssh/
|
||||
src: "ssh/config"
|
||||
force: true
|
||||
remote_src: false
|
||||
mode: "600"
|
||||
selevel: s0
|
||||
owner: "root"
|
||||
|
||||
- name: ensure key directory exist
|
||||
become: true
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ item.keyfile | dirname }}"
|
||||
owner: "{{item.user}}"
|
||||
owner: "{{ item.user }}"
|
||||
mode: 0700
|
||||
with_items: "{{privatekeytodeploy}}"
|
||||
with_items: "{{ privatekeytodeploy }}"
|
||||
|
||||
- name: Install ssh private key
|
||||
become: yes
|
||||
become: true
|
||||
copy:
|
||||
content: "{{ item.privatekey }}"
|
||||
dest: "{{ item.keyfile }}"
|
||||
mode: 0600
|
||||
owner: "{{item.user}}"
|
||||
with_items: "{{privatekeytodeploy}}"
|
||||
owner: "{{ item.user }}"
|
||||
with_items: "{{ privatekeytodeploy }}"
|
||||
|
||||
- name: Deploy SSH-Keys to remote host
|
||||
authorized_key:
|
||||
user: "{{item.user}}"
|
||||
key: "{{item.sshkey}}"
|
||||
exclusive: no
|
||||
with_items: "{{keystodeploy}}"
|
||||
become: yes
|
||||
user: "{{ item.user }}"
|
||||
key: "{{ item.sshkey }}"
|
||||
exclusive: false
|
||||
with_items: "{{ keystodeploy }}"
|
||||
become: true
|
||||
|
||||
- name: les connexions par mot de passe sont désactivées
|
||||
become: yes
|
||||
become: true
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^#?PasswordAuthentication"
|
||||
@ -65,7 +65,7 @@
|
||||
notify: Restart sshd
|
||||
|
||||
- name: Remove root SSH access
|
||||
become: yes
|
||||
become: true
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^PermitRootLogin"
|
||||
|
@ -7,4 +7,4 @@
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: restart_sysctl
|
||||
become: True
|
||||
become: true
|
||||
|
@ -1,12 +1,12 @@
|
||||
---
|
||||
- name: Enable timesync
|
||||
command: timedatectl set-ntp true
|
||||
become: yes
|
||||
become: true
|
||||
args:
|
||||
creates: /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
|
||||
|
||||
- name: Set timezone and hardware clock
|
||||
timezone:
|
||||
hwclock: '{{ time.hwclock }}'
|
||||
name: '{{ time.timezone }}'
|
||||
become: yes
|
||||
hwclock: "{{ time.hwclock }}"
|
||||
name: "{{ time.timezone }}"
|
||||
become: true
|
||||
|
@ -1,16 +1,15 @@
|
||||
---
|
||||
- name: create system user
|
||||
become: yes
|
||||
become: true
|
||||
user:
|
||||
name: "{{item.name}}"
|
||||
system: yes
|
||||
name: "{{ item.name }}"
|
||||
system: true
|
||||
home: "{{ item.home | default('/') }}"
|
||||
shell: "{{ item.shell |default('/usr/bin/nologin') }}"
|
||||
with_items: "{{system_user}}"
|
||||
|
||||
with_items: "{{ system_user }}"
|
||||
|
||||
- name: create system group
|
||||
group:
|
||||
name: "{{item.name}}"
|
||||
with_items: "{{system_group}}"
|
||||
become: yes
|
||||
name: "{{ item.name }}"
|
||||
with_items: "{{ system_group }}"
|
||||
become: true
|
||||
|
Loading…
Reference in New Issue
Block a user