add files to build cobalamin and fix ipv6 in office terms
This commit is contained in:
parent
7174bb3bc6
commit
79efa07285
|
@ -14,4 +14,5 @@
|
|||
- general-use
|
||||
- general-use-gui
|
||||
- audio-client
|
||||
- ipv6-disable-ra-privacy
|
||||
- cleanup
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
- hosts: cobalamin.csclub.uwaterloo.ca
|
||||
become: yes
|
||||
become_method: sudo
|
||||
roles:
|
||||
- common
|
||||
- core
|
||||
- hardware
|
||||
- generate-hosts
|
||||
- auth
|
||||
- csc-packages
|
||||
- nfs
|
||||
- cleanup
|
|
@ -35,7 +35,7 @@
|
|||
file: path=/etc/sssd/sssd.conf owner=root group=root mode=0600
|
||||
|
||||
- name: configure PAM for syscom machine
|
||||
when: syscom
|
||||
when: "'syscom' in group_names"
|
||||
blockinfile:
|
||||
dest: /etc/pam.d/common-account
|
||||
block: |
|
||||
|
@ -45,7 +45,7 @@
|
|||
account required pam_deny.so
|
||||
|
||||
- name: configure PAM for regular machine
|
||||
when: not syscom
|
||||
when: "'syscom' not in group_names"
|
||||
blockinfile:
|
||||
dest: /etc/pam.d/common-account
|
||||
block: |
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
---
|
||||
syscom: False
|
|
@ -15,16 +15,4 @@
|
|||
- name: Update apt and packages (if just installed unlikely)
|
||||
package: update_cache=yes upgrade=safe
|
||||
|
||||
- name: ensure directories exist
|
||||
file: path={{ item }} state=directory
|
||||
with_items:
|
||||
- /etc/opt/chrome/policies/managed/
|
||||
- /etc/firefox
|
||||
|
||||
- name: copy chrome managed policy
|
||||
copy: src={{ item.src }} dest={{ item.dest }} backup=no
|
||||
with_items:
|
||||
- { src: 'files/web-kerberos/chrome.json', dest: '/etc/opt/chrome/policies/managed/csc-kerberos.json' }
|
||||
- { src: 'files/web-kerberos/firefox.js', dest: '/etc/firefox/syspref.js' }
|
||||
|
||||
- include: etckeeper.yml
|
||||
|
|
|
@ -13,7 +13,6 @@
|
|||
- rc
|
||||
- bash-doc
|
||||
- bash-completion
|
||||
- bashdb
|
||||
|
||||
- name: Install Editors
|
||||
apt: name={{ item }} state=latest
|
||||
|
|
|
@ -58,6 +58,7 @@
|
|||
- elfutils
|
||||
- valgrind
|
||||
- libc6-dbg
|
||||
- bashdb
|
||||
|
||||
- name: Install interpreters
|
||||
apt: name={{ item }} state=latest
|
||||
|
|
|
@ -27,6 +27,18 @@
|
|||
- midori
|
||||
- flashplugin-installer
|
||||
|
||||
- name: ensure directories exist
|
||||
file: path={{ item }} state=directory
|
||||
with_items:
|
||||
- /etc/opt/chrome/policies/managed/
|
||||
- /etc/firefox
|
||||
|
||||
- name: copy chrome managed policy
|
||||
copy: src={{ item.src }} dest={{ item.dest }} backup=no
|
||||
with_items:
|
||||
- { src: 'web-kerberos/chrome.json', dest: '/etc/opt/chrome/policies/managed/csc-kerberos.json' }
|
||||
- { src: 'web-kerberos/firefox.js', dest: '/etc/firefox/syspref.js' }
|
||||
|
||||
- name: Install Mail Clients
|
||||
apt: name={{ item }} state=latest
|
||||
with_items:
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
# IPv6 Privacy Extensions (RFC 4941)
|
||||
# ---
|
||||
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
|
||||
# to use in autoconfiguration. Privacy extensions allow using a randomly
|
||||
# generated IPv6 address, which increases privacy.
|
||||
#
|
||||
# Acceptable values:
|
||||
# 0 - don’t use privacy extensions.
|
||||
# 1 - generate privacy addresses
|
||||
# 2 - prefer privacy addresses and use them over the normal addresses.
|
||||
net.ipv6.conf.all.use_tempaddr = 0
|
||||
net.ipv6.conf.default.use_tempaddr = 0
|
|
@ -0,0 +1,9 @@
|
|||
- name: copy over ipv6 kernel configs
|
||||
copy: src={{ item.src }} dest={{ item.dest }}
|
||||
with_items:
|
||||
- { src: '10-ipv6-privacy.conf', dest: '/etc/sysctl.d/10-ipv6-privacy.conf' }
|
||||
|
||||
- name: Template disable ra
|
||||
template: src={{ item.src }} dest={{ item.dest }}
|
||||
with_items:
|
||||
- { src: '10-ipv6-disable-ra.conf', dest: '/etc/sysctl.d/10-ipv6-disable-ra.conf' }
|
|
@ -0,0 +1,5 @@
|
|||
net.ipv6.conf.all.accept_ra = 0
|
||||
net.ipv6.conf.default.accept_ra = 0
|
||||
{% for interface in ansible_interfaces %}
|
||||
net.ipv6.conf.{{ interface }}.accept_ra = 0
|
||||
{% endfor %}
|
|
@ -21,7 +21,7 @@
|
|||
- /scratch
|
||||
|
||||
- name: Add fstab entry for users
|
||||
mount: src="aspartame:/users" name=/users fstype=nfs opts="bg,vers=3,sec=krb5,nosuid,nodev" dump=0 passno=0 state=mounted
|
||||
mount: src="aspartame:/users" name=/users fstype=nfs opts="bg,vers=3,sec=krb5p,nosuid,nodev" dump=0 passno=0 state=mounted
|
||||
|
||||
- name: Add fstab entry for music
|
||||
mount: src="aspartame:/music" name=/music fstype=nfs opts="bg,vers=3,sec=sys,nolock,noatime,nosuid,nodev" dump=0 passno=0 state=mounted
|
||||
|
|
Loading…
Reference in New Issue