66 lines
1.3 KiB
YAML
66 lines
1.3 KiB
YAML
---
|
|
- name: install stuff
|
|
apt:
|
|
name:
|
|
- samba
|
|
- rsnapshot
|
|
update_cache: yes
|
|
|
|
- name: include common role
|
|
include_role:
|
|
name: common
|
|
|
|
- name: install cron-apt
|
|
include_role:
|
|
name: cronapt
|
|
|
|
- name: create user for vault
|
|
user:
|
|
name: vault
|
|
state: present
|
|
shell: /bin/false
|
|
system: yes
|
|
createhome: yes
|
|
home: /var/vault
|
|
|
|
- name: create smb user vault
|
|
expect:
|
|
command: smbpasswd -a vault
|
|
responses:
|
|
New SMB password: "{{ networkvault_vault_password }}"
|
|
Retype new SMB password: "{{ networkvault_vault_password }}"
|
|
|
|
- name: generate /etc/samba/smb.conf
|
|
template:
|
|
src: smb.conf.j2
|
|
dest: /etc/samba/smb.conf
|
|
notify:
|
|
- restart smbd
|
|
|
|
- name: set permission for ro-share
|
|
file:
|
|
path: /var/cache/rsnapshot
|
|
mode: '0755'
|
|
state: directory
|
|
recurse: yes
|
|
|
|
- name: generate /etc/rsnapshot.conf
|
|
template:
|
|
src: rsnapshot.conf.j2
|
|
dest: /etc/rsnapshot.conf
|
|
notify:
|
|
- restart cron
|
|
|
|
- name: reboot at 6 in the morning to activate kernel-updates
|
|
cron:
|
|
name: "reboot"
|
|
minute: "0"
|
|
hour: "6"
|
|
job: "/usr/sbin/reboot"
|
|
|
|
- name: uninstall ssh service to seal vault
|
|
apt:
|
|
name:
|
|
- openssh-server
|
|
state: absent
|
|
when: networkvault_seal_vault is defined and networkvault_seal_vault == True |