Select Git revision
k8s.yaml 19.42 KiB
---
- name: Basic setup and NFS common
hosts: allnodes
become: true
tasks:
- name: Add SSH keys
ansible.posix.authorized_key:
user: egi
state: present
key: '{{ item }}'
with_file:
- public_keys/andrea-manzi
- public_keys/enolfc
- public_keys/jhradil
- public_keys/nikl
- public_keys/pailozian
- public_keys/pospisilp
- public_keys/sustr
- public_keys/valtri
- name: Install nfs-common
apt:
name: nfs-common
update_cache: true
- name: Site install packages
package:
name:
- atop
- fail2ban
- git
- mc
- vim
- postfix
- name: Site remove packages
package:
name:
- unattended-upgrades
state: absent
- name: Site install cron-apt on non-production environments
when: site_name not in ["psnc-production1", "safespring-production2"]
block:
- name: Site install cron-apt package
package:
name:
- cron-apt
- name: Site cron-apt config
copy:
dest: /etc/cron-apt/config
content: |
MAILTO=notebooks-support@mailman.egi.eu
MAILON=upgrade
RUNSLEEP=600
mode: 0644
- name: Site cron-apt action
copy:
dest: /etc/cron-apt/action.d/9-upgrade
content: -q -q dist-upgrade
mode: 0644
- name: Mails settings
vars:
fip_hostname: "{{ lookup('dig', (groups['fip'][0], 'PTR') | join('/')) | regex_replace('\\.$', '') }}"
block:
- name: Global postfix settings
set_fact:
main:
# disable everything except TLSv1.2
smtpd_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
smtpd_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
smtp_tls_mandatory_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
smtp_tls_protocols: "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"
- name: Site-specific postfix settings (CESNET)