123 lines
2.9 KiB
YAML
123 lines
2.9 KiB
YAML
---
|
|
# tasks file for config
|
|
#
|
|
#
|
|
|
|
- name: Determine OS variant
|
|
register: variant
|
|
ansible.builtin.shell: grep VARIANT_ID /etc/os-release | sed 's/VARIANT_ID=//g'
|
|
- name: Create /etc/sysusers.d directory
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.file:
|
|
dest: /etc/sysusers.d
|
|
state: directory
|
|
|
|
- name: Fix parsec bug in Fedora-39
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.copy:
|
|
src: parsec.conf
|
|
dest: /etc/sysusers.d/parsec.conf
|
|
setype: etc_t
|
|
when: variant.stdout=="iot"
|
|
|
|
- name: Enable Cockpit Service
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.systemd_service:
|
|
name: cockpit.socket
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Enable Cockpit in firewalld
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.posix.firewalld:
|
|
service: cockpit
|
|
permanent: yes
|
|
state: enabled
|
|
when: variant.stdout=="iot"
|
|
|
|
- name: Enable Avahi Service
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.systemd_service:
|
|
name: avahi-daemon
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Enable mdns in Firewall
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.posix.firewalld:
|
|
service: mdns
|
|
permanent: yes
|
|
state: enabled
|
|
when: variant.stdout=="iot"
|
|
|
|
- name: Modify nsswitch file for mdns lookups
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/nsswitch.conf
|
|
regexp: '^hosts:'
|
|
line: 'hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname'
|
|
notify: restart_avahi
|
|
|
|
- name: Set hostname to {{ hostname }}
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.hostname:
|
|
name: "{{ hostname }}"
|
|
notify: restart_avahi
|
|
|
|
- name: Enable Zerotier
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.systemd_service:
|
|
name: zerotier-one
|
|
state: started
|
|
enabled: yes
|
|
when: (zerotier_network is defined) and (zerotier_network|length>0)
|
|
|
|
- name: Mask Fedora countme timer
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.systemd_service:
|
|
name: rpm-ostree-countme.timer
|
|
state: stopped
|
|
masked: true
|
|
|
|
- name: Set {{ ansible_user }} user to linger
|
|
become: yes
|
|
become_method: sudo
|
|
command: loginctl enable-linger {{ ansible_user }}
|
|
args:
|
|
creates: /var/lib/systemd/linger/{{ ansible_user }}
|
|
|
|
- name: Set update zincati wariness to {{update_wariness}}
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.copy:
|
|
dest: /etc/zincati/config.d/10-update-wariness.toml
|
|
content: |
|
|
[identity]
|
|
rollout_wariness = {{update_wariness}}
|
|
|
|
- name: Set update schedule for zincati
|
|
become: yes
|
|
become_method: sudo
|
|
ansible.builtin.copy:
|
|
dest: /etc/zincati/config.d/20-update-schedule.toml
|
|
content: |
|
|
[updates]
|
|
strategy = "periodic"
|
|
|
|
[[updates.periodic.window]]
|
|
days = {{ update_schedule_days }}
|
|
start_time = {{ update_schedule_starttime }}
|
|
length_minutes = {{ update_schedule_length }}
|
|
|
|
|