Erster Upload

2 years ago · 10faf80ff9
14 changed files with 204 additions and 0 deletions
--- a/Inventories/prod/inventory
+++ b/Inventories/prod/inventory
--- a/Inventories/test/group_vars/debian.yml
+++ b/Inventories/test/group_vars/debian.yml
--- a/Inventories/test/host_vars/ansible-test01.yml
+++ b/Inventories/test/host_vars/ansible-test01.yml
@ -0,0 +1,9 @@
+interface_name: eth0
+static_ip: 172.20.1.31
+netmask: 255.255.255.0
+gateway: 172.20.1.251
+dns_servers:
+  - 172.20.1.251
+  - 172.20.1.10
+  - 172.20.1.11
+  - 8.8.8.8
--- a/Inventories/test/host_vars/ansible-test02.yml
+++ b/Inventories/test/host_vars/ansible-test02.yml
@ -0,0 +1,9 @@
+interface_name: eth0
+static_ip: 172.20.1.32
+netmask: 255.255.255.0
+gateway: 172.20.1.251
+dns_servers:
+  - 172.20.1.251
+  - 172.20.1.10
+  - 172.20.1.11
+  - 8.8.8.8
--- a/Inventories/test/inventory
+++ b/Inventories/test/inventory
--- a/ansible-diskspace.yml
+++ b/ansible-diskspace.yml
@ -0,0 +1,21 @@
+---
+- name: check disk space
+#  hosts: "{{ hosts }}"
+  hosts: all
+  tasks:
+    - name: get disk usage
+      command: df -h
+      register: disk_usage
+    - name: check disk space available
+      shell: df -h / | awk 'NR==2 {print $5}'
+      register: disk_usage
+    # - name: send discord message when disk space is over 80%
+    #   uri:
+    #     url: "your-webhook"
+    #     method: POST
+    #     body_format: json
+    #     body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
+    #     headers:
+    #       Content-Type: application/json
+    #     status_code: 204
+    #   when: disk_usage.stdout[:-1]|int > 80
--- a/ansible-ping.yml
+++ b/ansible-ping.yml
--- a/ansible-reboot-required.yml
+++ b/ansible-reboot-required.yml
@ -0,0 +1,14 @@
+---
+- name: check if system reboot is required
+#  hosts: "{{ hosts }}"
+  hosts: all
+  become: yes
+  tasks:
+    - name: check if system reboot is required
+      become: true
+      stat:
+        path: /var/run/reboot-required
+      register: reboot_required
+    - debug:
+        msg: "Reboot is required"
+      when: reboot_required.stat.exists
--- a/ansible-set-static-ip.yml
+++ b/ansible-set-static-ip.yml
@ -0,0 +1,42 @@
+---
+- name: IP von DHCP auf Static ändern basierend auf individuellen envs Dateien
+  hosts: debian
+  become: yes
+  tasks:
+    - name: Zeige den Wert der Variable an
+      debug:
+        var: interface_name
+
+    - name: Überprüfe, ob NetworkManager installiert ist
+      command: dpkg-query -l network-manager
+      register: dpkg_query_result
+      ignore_errors: yes
+
+    - name: Setze statische IP wenn NetworkManager installiert ist
+      block:
+        - name: Deaktiviere DHCP im NetworkManager
+          command: "nmcli connection modify {{ interface_name }} ipv4.method manual ipv4.addresses '{{ static_ip }}/{{ netmask | ipaddr('prefix') }}' ipv4.gateway '{{ gateway }}' ipv4.dns '{{ dns_servers | join(',') }}'"
+        - name: Starte NetworkManager neu
+          service:
+            name: NetworkManager
+            state: restarted
+      when: dpkg_query_result.rc == 0
+
+    - name: Setze statische IP wenn NetworkManager NICHT installiert ist
+      block:
+        - name: Sichere die aktuelle Netzwerkkonfiguration
+          copy:
+            src: /etc/network/interfaces
+            dest: /etc/network/interfaces.backup
+        - name: Setze statische IP in /etc/network/interfaces
+          blockinfile:
+            path: /etc/network/interfaces
+            block: |
+              iface {{ interface_name }} inet static
+              address {{ static_ip }}
+              netmask {{ netmask }}
+              gateway {{ gateway }}
+              dns-nameservers {{ dns_servers | join(' ') }}
+        - name: Starte Netzwerk neu
+          command: systemctl restart networking
+      when: dpkg_query_result.rc != 0
--- a/ansible-update.yml
+++ b/ansible-update.yml
@ -0,0 +1,27 @@
+---
+- name: Update and upgrade apt packages
+  hosts: all
+  become: yes
+  tasks:
+    - name: Update packages with apt
+      when: ansible_pkg_mgr == 'apt'
+      apt:
+        update_cache: yes
+
+    - name: Update packages with yum
+      when: ansible_pkg_mgr == 'yum'
+      yum:
+        name: '*'
+        state: latest
+
+    - name: Upgrade packages with apt
+      when: ansible_pkg_mgr == 'apt'
+      apt:
+        upgrade: dist
+
+    - name: Upgrade packages with yum
+      when: ansible_pkg_mgr == 'yum'
+      yum:
+        name: '*'
+        state: latest
+        exclude: kernel*
--- a/ansible_add-ssh-key.yml
+++ b/ansible_add-ssh-key.yml
@ -0,0 +1,18 @@
+---
+- name: add ssh key
+#  hosts: "{{ hosts }}"
+  hosts: all
+  become: yes
+  tasks:
+  - name: install public keys
+    ansible.posix.authorized_key:
+      user: "{{ lookup('env','USER') }}"
+      state: present
+      key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+  - name: change sudoers file
+    lineinfile:
+      path: /etc/sudoers
+      state: present
+      regexp: '^%sudo'
+      line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+      validate: /usr/sbin/visudo -cf %s
--- a/ansible_docker-cleanup.yml
+++ b/ansible_docker-cleanup.yml
@ -0,0 +1,14 @@
+---
+- name: clean docker
+#  hosts: "{{ hosts }}"
+  hosts: all
+  tasks:
+    - name: prune non-dangling images
+      community.docker.docker_prune:
+        containers: false
+        images: true
+        images_filters:
+          dangling: false
+        networks: false
+        volumes: false
+        builder_cache: false
--- a/inventory.ini
+++ b/inventory.ini
@ -0,0 +1,3 @@
+[debian]
+ansible-test01 ansible_host=172.20.1.31 hostname=ansible-test01
+ansible-test02 ansible_host=172.20.1.167 hostname=ansible-test02
--- a/set-pw-rules.yml
+++ b/set-pw-rules.yml
@ -0,0 +1,47 @@
+---
+- name: Set Password Policies on Debian 11
+  hosts: all
+  become: yes
+  tasks:
+
+    - name: Install necessary packages
+      apt:
+        name:
+          - libpam-pwquality
+          - cracklib-runtime
+        state: present
+
+    - name: Set password quality requirements in PAM
+      lineinfile:
+        dest: /etc/security/pwquality.conf
+        regexp: "^{{ item.regexp }}"
+        line: "{{ item.line }}"
+        state: present
+      loop:
+        - { regexp: "^# minlen", line: "minlen = 10" }
+        - { regexp: "^# minclass", line: "minclass = 4" }
+        - { regexp: "^# maxrepeat", line: "maxrepeat = 3" }
+        - { regexp: "^# remember", line: "remember = 6" }
+        - { regexp: "^# retry", line: "retry = 3" }
+      notify:
+        - restart ssh
+
+    - name: Enforce password change every 180 days
+      lineinfile:
+        dest: /etc/login.defs
+        regexp: '^PASS_MAX_DAYS'
+        line: 'PASS_MAX_DAYS   180'
+        state: present
+
+    - name: Force existing users to comply with new policy upon next login
+      command: chage -m 1 -M 180 -W 15 -I 15 {{ item }}
+      with_fileglob:
+        - /home/*
+      loop_control:
+        loop_var: item
+      when: item is directory
+  handlers:
+    - name: restart ssh
+      service:
+        name: ssh
+        state: restarted