add files to build cobalamin and fix ipv6 in office terms

pull/12/head
Jordan Pryde 6 years ago
parent 7174bb3bc6
commit 79efa07285
  1. 1
      install-office-terminal.yml
  2. 13
      install-syscom.yml
  3. 4
      roles/auth/tasks/main.yml
  4. 2
      roles/auth/vars/main.yml
  5. 12
      roles/common/tasks/main.yml
  6. 1
      roles/core/tasks/main.yml
  7. 1
      roles/devel/tasks/main.yml
  8. 12
      roles/general-use-gui/tasks/main.yml
  9. 12
      roles/ipv6-disable-ra-privacy/files/10-ipv6-privacy.conf
  10. 9
      roles/ipv6-disable-ra-privacy/tasks/main.yml
  11. 5
      roles/ipv6-disable-ra-privacy/templates/10-ipv6-disable-ra.conf
  12. 2
      roles/nfs/tasks/main.yml

@ -14,4 +14,5 @@
- general-use
- general-use-gui
- audio-client
- ipv6-disable-ra-privacy
- cleanup

@ -0,0 +1,13 @@
---
- hosts: cobalamin.csclub.uwaterloo.ca
become: yes
become_method: sudo
roles:
- common
- core
- hardware
- generate-hosts
- auth
- csc-packages
- nfs
- cleanup

@ -35,7 +35,7 @@
file: path=/etc/sssd/sssd.conf owner=root group=root mode=0600
- name: configure PAM for syscom machine
when: syscom
when: "'syscom' in group_names"
blockinfile:
dest: /etc/pam.d/common-account
block: |
@ -45,7 +45,7 @@
account required pam_deny.so
- name: configure PAM for regular machine
when: not syscom
when: "'syscom' not in group_names"
blockinfile:
dest: /etc/pam.d/common-account
block: |

@ -1,2 +0,0 @@
---
syscom: False

@ -15,16 +15,4 @@
- name: Update apt and packages (if just installed unlikely)
package: update_cache=yes upgrade=safe
- name: ensure directories exist
file: path={{ item }} state=directory
with_items:
- /etc/opt/chrome/policies/managed/
- /etc/firefox
- name: copy chrome managed policy
copy: src={{ item.src }} dest={{ item.dest }} backup=no
with_items:
- { src: 'files/web-kerberos/chrome.json', dest: '/etc/opt/chrome/policies/managed/csc-kerberos.json' }
- { src: 'files/web-kerberos/firefox.js', dest: '/etc/firefox/syspref.js' }
- include: etckeeper.yml

@ -13,7 +13,6 @@
- rc
- bash-doc
- bash-completion
- bashdb
- name: Install Editors
apt: name={{ item }} state=latest

@ -58,6 +58,7 @@
- elfutils
- valgrind
- libc6-dbg
- bashdb
- name: Install interpreters
apt: name={{ item }} state=latest

@ -27,6 +27,18 @@
- midori
- flashplugin-installer
- name: ensure directories exist
file: path={{ item }} state=directory
with_items:
- /etc/opt/chrome/policies/managed/
- /etc/firefox
- name: copy chrome managed policy
copy: src={{ item.src }} dest={{ item.dest }} backup=no
with_items:
- { src: 'web-kerberos/chrome.json', dest: '/etc/opt/chrome/policies/managed/csc-kerberos.json' }
- { src: 'web-kerberos/firefox.js', dest: '/etc/firefox/syspref.js' }
- name: Install Mail Clients
apt: name={{ item }} state=latest
with_items:

@ -0,0 +1,12 @@
# IPv6 Privacy Extensions (RFC 4941)
# ---
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
# to use in autoconfiguration. Privacy extensions allow using a randomly
# generated IPv6 address, which increases privacy.
#
# Acceptable values:
# 0 - don’t use privacy extensions.
# 1 - generate privacy addresses
# 2 - prefer privacy addresses and use them over the normal addresses.
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0

@ -0,0 +1,9 @@
- name: copy over ipv6 kernel configs
copy: src={{ item.src }} dest={{ item.dest }}
with_items:
- { src: '10-ipv6-privacy.conf', dest: '/etc/sysctl.d/10-ipv6-privacy.conf' }
- name: Template disable ra
template: src={{ item.src }} dest={{ item.dest }}
with_items:
- { src: '10-ipv6-disable-ra.conf', dest: '/etc/sysctl.d/10-ipv6-disable-ra.conf' }

@ -0,0 +1,5 @@
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
{% for interface in ansible_interfaces %}
net.ipv6.conf.{{ interface }}.accept_ra = 0
{% endfor %}

@ -21,7 +21,7 @@
- /scratch
- name: Add fstab entry for users
mount: src="aspartame:/users" name=/users fstype=nfs opts="bg,vers=3,sec=krb5,nosuid,nodev" dump=0 passno=0 state=mounted
mount: src="aspartame:/users" name=/users fstype=nfs opts="bg,vers=3,sec=krb5p,nosuid,nodev" dump=0 passno=0 state=mounted
- name: Add fstab entry for music
mount: src="aspartame:/music" name=/music fstype=nfs opts="bg,vers=3,sec=sys,nolock,noatime,nosuid,nodev" dump=0 passno=0 state=mounted

Loading…
Cancel
Save