This role replaces having single playbooks for generic debian tasks.
See the test directory for example usage.
See variables with defaults in defaults/main.yml
tasks to set up standard apt configuration and updates.
generic_manage_apt: true
if the proxy var is not empty, it gets included in apt.conf
apt_proxy_url: http://someproxyserver:9999
apt_default_release: jessie
apt_include_testing: false
The role will update package lists, if it changes the repo, otherwise not.
set up the debian box with mail capability to send mails to a smarthost
generic_manage_smtp: true
smtp_upstream: <upstream smarthost smtp server>
smtp_sender_fqdn: <domain/server name to use in mails>
This enable a debian system to do automatic upgrade of certain packages.
Currently it is security updates that gets updated
Disables or enables unattended upgrades
generic_manage_unattended_upgrade: true
Enable ldap lookups for users
Disables or enables ldap use
generic_manage_ldap: false
ldap server parameters
ldap_uri: ldap://someldapserver
ldap_basedc: dc=mydomain,dc=cm
ldap_binddn: cn=admin,dcmydomain,dc=com
ldap_bindpw: somepassword
This relates to configuring logging in to the host, not outgoing.
Basic config is very restrictive, and allows for specific named users to have other permissions. This uses the Match user
option in sshd_config
Enable/disable sshd config
generic_manage_sshd: true
Add users with special permission
sshd_users:
- { username: "{{ansible_ssh_user}}", AllowTcpForwarding: "yes", PermitTTY: "yes" }
This is a list, and may be more than one entry. The options and the associated value is copied directly to the sshd_config
file. Default is to disallow ttys and forwarding - ie. not very usefull. See an sshd_config
for the list of options
This is basic config using /etc/network/interfaces
, and may set DHCP and gateway and such.
Note: Default false, since it might cause lost of connectvity
generic_manage_network: false
define interfaces.
- gateway empty or None => no gateway set
- static_ip empty or None => dhcp
interfaces:
ens3:
subnet:
description: "int_LAN - internal network"
gateway: 192.168.0.1
subnet: "192.168.0.0/24"
static_ip: 192.168.0.10
The structure with subnet
allows for defining it in e.g. group_vars/all
and reuse it for multiple machines