add files to build cobalamin and fix ipv6 in office terms
This commit is contained in:
parent
7174bb3bc6
commit
79efa07285
|
@ -14,4 +14,5 @@
|
||||||
- general-use
|
- general-use
|
||||||
- general-use-gui
|
- general-use-gui
|
||||||
- audio-client
|
- audio-client
|
||||||
|
- ipv6-disable-ra-privacy
|
||||||
- cleanup
|
- cleanup
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
- hosts: cobalamin.csclub.uwaterloo.ca
|
||||||
|
become: yes
|
||||||
|
become_method: sudo
|
||||||
|
roles:
|
||||||
|
- common
|
||||||
|
- core
|
||||||
|
- hardware
|
||||||
|
- generate-hosts
|
||||||
|
- auth
|
||||||
|
- csc-packages
|
||||||
|
- nfs
|
||||||
|
- cleanup
|
|
@ -35,7 +35,7 @@
|
||||||
file: path=/etc/sssd/sssd.conf owner=root group=root mode=0600
|
file: path=/etc/sssd/sssd.conf owner=root group=root mode=0600
|
||||||
|
|
||||||
- name: configure PAM for syscom machine
|
- name: configure PAM for syscom machine
|
||||||
when: syscom
|
when: "'syscom' in group_names"
|
||||||
blockinfile:
|
blockinfile:
|
||||||
dest: /etc/pam.d/common-account
|
dest: /etc/pam.d/common-account
|
||||||
block: |
|
block: |
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
account required pam_deny.so
|
account required pam_deny.so
|
||||||
|
|
||||||
- name: configure PAM for regular machine
|
- name: configure PAM for regular machine
|
||||||
when: not syscom
|
when: "'syscom' not in group_names"
|
||||||
blockinfile:
|
blockinfile:
|
||||||
dest: /etc/pam.d/common-account
|
dest: /etc/pam.d/common-account
|
||||||
block: |
|
block: |
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
---
|
|
||||||
syscom: False
|
|
|
@ -15,16 +15,4 @@
|
||||||
- name: Update apt and packages (if just installed unlikely)
|
- name: Update apt and packages (if just installed unlikely)
|
||||||
package: update_cache=yes upgrade=safe
|
package: update_cache=yes upgrade=safe
|
||||||
|
|
||||||
- name: ensure directories exist
|
|
||||||
file: path={{ item }} state=directory
|
|
||||||
with_items:
|
|
||||||
- /etc/opt/chrome/policies/managed/
|
|
||||||
- /etc/firefox
|
|
||||||
|
|
||||||
- name: copy chrome managed policy
|
|
||||||
copy: src={{ item.src }} dest={{ item.dest }} backup=no
|
|
||||||
with_items:
|
|
||||||
- { src: 'files/web-kerberos/chrome.json', dest: '/etc/opt/chrome/policies/managed/csc-kerberos.json' }
|
|
||||||
- { src: 'files/web-kerberos/firefox.js', dest: '/etc/firefox/syspref.js' }
|
|
||||||
|
|
||||||
- include: etckeeper.yml
|
- include: etckeeper.yml
|
||||||
|
|
|
@ -13,7 +13,6 @@
|
||||||
- rc
|
- rc
|
||||||
- bash-doc
|
- bash-doc
|
||||||
- bash-completion
|
- bash-completion
|
||||||
- bashdb
|
|
||||||
|
|
||||||
- name: Install Editors
|
- name: Install Editors
|
||||||
apt: name={{ item }} state=latest
|
apt: name={{ item }} state=latest
|
||||||
|
|
|
@ -58,6 +58,7 @@
|
||||||
- elfutils
|
- elfutils
|
||||||
- valgrind
|
- valgrind
|
||||||
- libc6-dbg
|
- libc6-dbg
|
||||||
|
- bashdb
|
||||||
|
|
||||||
- name: Install interpreters
|
- name: Install interpreters
|
||||||
apt: name={{ item }} state=latest
|
apt: name={{ item }} state=latest
|
||||||
|
|
|
@ -27,6 +27,18 @@
|
||||||
- midori
|
- midori
|
||||||
- flashplugin-installer
|
- flashplugin-installer
|
||||||
|
|
||||||
|
- name: ensure directories exist
|
||||||
|
file: path={{ item }} state=directory
|
||||||
|
with_items:
|
||||||
|
- /etc/opt/chrome/policies/managed/
|
||||||
|
- /etc/firefox
|
||||||
|
|
||||||
|
- name: copy chrome managed policy
|
||||||
|
copy: src={{ item.src }} dest={{ item.dest }} backup=no
|
||||||
|
with_items:
|
||||||
|
- { src: 'web-kerberos/chrome.json', dest: '/etc/opt/chrome/policies/managed/csc-kerberos.json' }
|
||||||
|
- { src: 'web-kerberos/firefox.js', dest: '/etc/firefox/syspref.js' }
|
||||||
|
|
||||||
- name: Install Mail Clients
|
- name: Install Mail Clients
|
||||||
apt: name={{ item }} state=latest
|
apt: name={{ item }} state=latest
|
||||||
with_items:
|
with_items:
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
# IPv6 Privacy Extensions (RFC 4941)
|
||||||
|
# ---
|
||||||
|
# IPv6 typically uses a device's MAC address when choosing an IPv6 address
|
||||||
|
# to use in autoconfiguration. Privacy extensions allow using a randomly
|
||||||
|
# generated IPv6 address, which increases privacy.
|
||||||
|
#
|
||||||
|
# Acceptable values:
|
||||||
|
# 0 - don’t use privacy extensions.
|
||||||
|
# 1 - generate privacy addresses
|
||||||
|
# 2 - prefer privacy addresses and use them over the normal addresses.
|
||||||
|
net.ipv6.conf.all.use_tempaddr = 0
|
||||||
|
net.ipv6.conf.default.use_tempaddr = 0
|
|
@ -0,0 +1,9 @@
|
||||||
|
- name: copy over ipv6 kernel configs
|
||||||
|
copy: src={{ item.src }} dest={{ item.dest }}
|
||||||
|
with_items:
|
||||||
|
- { src: '10-ipv6-privacy.conf', dest: '/etc/sysctl.d/10-ipv6-privacy.conf' }
|
||||||
|
|
||||||
|
- name: Template disable ra
|
||||||
|
template: src={{ item.src }} dest={{ item.dest }}
|
||||||
|
with_items:
|
||||||
|
- { src: '10-ipv6-disable-ra.conf', dest: '/etc/sysctl.d/10-ipv6-disable-ra.conf' }
|
|
@ -0,0 +1,5 @@
|
||||||
|
net.ipv6.conf.all.accept_ra = 0
|
||||||
|
net.ipv6.conf.default.accept_ra = 0
|
||||||
|
{% for interface in ansible_interfaces %}
|
||||||
|
net.ipv6.conf.{{ interface }}.accept_ra = 0
|
||||||
|
{% endfor %}
|
|
@ -21,7 +21,7 @@
|
||||||
- /scratch
|
- /scratch
|
||||||
|
|
||||||
- name: Add fstab entry for users
|
- name: Add fstab entry for users
|
||||||
mount: src="aspartame:/users" name=/users fstype=nfs opts="bg,vers=3,sec=krb5,nosuid,nodev" dump=0 passno=0 state=mounted
|
mount: src="aspartame:/users" name=/users fstype=nfs opts="bg,vers=3,sec=krb5p,nosuid,nodev" dump=0 passno=0 state=mounted
|
||||||
|
|
||||||
- name: Add fstab entry for music
|
- name: Add fstab entry for music
|
||||||
mount: src="aspartame:/music" name=/music fstype=nfs opts="bg,vers=3,sec=sys,nolock,noatime,nosuid,nodev" dump=0 passno=0 state=mounted
|
mount: src="aspartame:/music" name=/music fstype=nfs opts="bg,vers=3,sec=sys,nolock,noatime,nosuid,nodev" dump=0 passno=0 state=mounted
|
||||||
|
|
Loading…
Reference in New Issue