davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Upload

Browse source
This commit is contained in:
David Rotermund 2024-04-20 02:23:17 +02:00
parent 3ebf9d1d81
commit 7940c31b95
6 changed files with 343 additions and 255 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
update_jobs/hourly_update.yaml
View file

@ -4,7 +4,6 @@
become: true become: true
tasks: tasks:
- name: block shutdown - name: block shutdown
blockinfile: blockinfile:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules

32
install_desktop_packages.yaml → update_jobs/install_desktop_packages.yaml
View file

@ -4,12 +4,34 @@
become: true become: true
tasks: tasks:
- name: block shutdown
blockinfile:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
state: present
create: true
owner: "root"
group: "root"
mode: "0666"
block: |
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.login1.power-off") == 0 ||
action.id.indexOf("org.freedesktop.login1.reboot") == 0) {
return polkit.Result.AUTH_ADMIN;
}
});
- name: Make sure systemd-oomd service unit is stopped
systemd_service:
state: stopped
name: systemd-oomd
- name: Install base system - name: Install base system
include_tasks: yaml_sub/install_base_system.yaml include_tasks: yaml_sub/install_base_system.yaml
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: install movie tools - name: install movie tools
@ -41,3 +63,13 @@
- name: disable tracker - name: disable tracker
shell: 'for f in /etc/xdg/autostart/tracker*.desktop; do echo "Hidden=true" | tee -a "$f"; done' shell: 'for f in /etc/xdg/autostart/tracker*.desktop; do echo "Hidden=true" | tee -a "$f"; done'
- name: Make sure systemd-oomd service unit is started
systemd_service:
state: started
name: systemd-oomd
- name: stop shutdown embargo
ansible.builtin.file:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
state: "absent"

56
update_jobs/update_to_version.yaml Normal file
View file

@ -0,0 +1,56 @@
---
- name: upgrade to next version
hosts: all
become: true
tasks:
- name: block shutdown
blockinfile:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
state: present
create: true
owner: "root"
group: "root"
mode: "0666"
block: |
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.login1.power-off") == 0 ||
action.id.indexOf("org.freedesktop.login1.reboot") == 0) {
return polkit.Result.AUTH_ADMIN;
}
});
- name: Make sure systemd-oomd service unit is stopped
systemd_service:
state: stopped
name: systemd-oomd
- name: remove other files
include_tasks: ../yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: ../yaml_sub/myrepo_data.yaml
- name: install system-upgrade
dnf:
name: "dnf-command(system-upgrade)"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: upgrade version
shell: "dnf -y system-upgrade download --refresh --releasever={{version}} --allowerasing --best --skip-broken; dnf system-upgrade reboot"
- name: Make sure systemd-oomd service unit is started
systemd_service:
state: started
name: systemd-oomd
- name: stop shutdown embargo
ansible.builtin.file:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
state: "absent"

1
update_jobs/yaml_sub Symbolic link
View file

@ -0,0 +1 @@
../yaml_sub

97
yaml_sub/install_base_system.yaml
View file

@ -1,10 +1,10 @@
--- ---
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: update system (base) - name: update system (base)
dnf: dnf:
name: "*" name: "*"
state: latest state: latest
@ -13,15 +13,15 @@
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Load group list - name: Load group list
include_vars: include_vars:
file: yaml_sub/groups_39.yaml file: yaml_sub/groups_39.yaml
- name: Install groups - name: Install groups
dnf: dnf:
name: "{{ groupnames }}" name: "{{ groupnames }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
@ -32,15 +32,15 @@
allowerasing: true allowerasing: true
exclude: ghdl,sddm-x11 exclude: ghdl,sddm-x11
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 1 list - name: Load package 1 list
include_vars: include_vars:
file: yaml_sub/packages_1.yaml file: yaml_sub/packages_1.yaml
- name: Install package 1 - name: Install package 1
dnf: dnf:
name: "{{ package1names }}" name: "{{ package1names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
@ -50,15 +50,15 @@
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 2 list - name: Load package 2 list
include_vars: include_vars:
file: yaml_sub/packages_2.yaml file: yaml_sub/packages_2.yaml
- name: Install package 2 - name: Install package 2
dnf: dnf:
name: "{{ package2names }}" name: "{{ package2names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
@ -68,15 +68,15 @@
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 3 list - name: Load package 3 list
include_vars: include_vars:
file: yaml_sub/packages_3.yaml file: yaml_sub/packages_3.yaml
- name: Install package 3 - name: Install package 3
dnf: dnf:
name: "{{ package3names }}" name: "{{ package3names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
@ -86,12 +86,12 @@
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Install cuda - name: Install cuda
dnf: dnf:
name: cuda name: cuda
enablerepo: "*" enablerepo: "*"
@ -101,12 +101,12 @@
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Make sure firewall service unit is diabled - name: Make sure firewall service unit is diabled
systemd_service: systemd_service:
state: stopped state: stopped
enabled: false enabled: false
@ -114,15 +114,15 @@
name: firewalld name: firewalld
ignore_errors: true ignore_errors: true
- name: mount_info - name: mount_info
include_tasks: yaml_sub/mount_info.yaml include_tasks: yaml_sub/mount_info.yaml
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: ssh - name: ssh
dnf: dnf:
name: "openssh,openssh-clients,openssh-server" name: "openssh,openssh-clients,openssh-server"
state: present state: present
@ -131,70 +131,72 @@
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: Set SELinux to disabled - name: Set SELinux to disabled
lineinfile: lineinfile:
path: /etc/selinux/config path: /etc/selinux/config
regexp: '^SELINUX=' regexp: "^SELINUX="
line: SELINUX=disabled line: SELINUX=disabled
create: true create: true
- name: Set SSHd Config (TCPKeepAlive) - name: Set SSHd Config (TCPKeepAlive)
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
state: present state: present
line: "TCPKeepAlive yes" line: "TCPKeepAlive yes"
create: true create: true
- name: Set SSHd Config (ClientAliveInterval)
- name: Set SSHd Config (ClientAliveInterval)
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
state: present state: present
line: "ClientAliveInterval 30" line: "ClientAliveInterval 30"
- name: Set SSHd Config (ClientAliveCountMax)
- name: Set SSHd Config (ClientAliveCountMax)
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
state: present state: present
line: "ClientAliveCountMax 500" line: "ClientAliveCountMax 500"
- name: Set Services (sge_qmaster) - name: Set Services (sge_qmaster)
lineinfile: lineinfile:
path: /etc/services path: /etc/services
state: present state: present
line: "sge_qmaster 6444/tcp" line: "sge_qmaster 6444/tcp"
create: true create: true
- name: Set Services (sge_execd) - name: Set Services (sge_execd)
lineinfile: lineinfile:
path: /etc/services path: /etc/services
state: present state: present
line: "sge_execd 6445/tcp" line: "sge_execd 6445/tcp"
- name: Set Services (nrpe) - name: Set Services (nrpe)
lineinfile: lineinfile:
path: /etc/services path: /etc/services
state: present state: present
line: "nrpe 5666/tcp # NRPE" line: "nrpe 5666/tcp # NRPE"
- name: Set Cups - name: Set Cups
lineinfile: lineinfile:
path: /etc/cups/client.conf path: /etc/cups/client.conf
state: present state: present
line: "ServerName 10.10.10.16" line: "ServerName 10.10.0.8"
create: true create: true
- name: ldap - name: ldap
include_tasks: yaml_sub/ldap.yaml include_tasks: yaml_sub/ldap.yaml
- name: sssd - name: sssd
include_tasks: yaml_sub/sssd.yaml include_tasks: yaml_sub/sssd.yaml
- name: set time zone - name: set time zone
timezone: timezone:
name: Europe/Berlin name: Europe/Berlin
- name: enable ping - name: enable ping
shell: "setcap cap_net_raw+p /bin/ping" shell: "setcap cap_net_raw+p /bin/ping"
- name: procmail - name: procmail
dnf: dnf:
name: "procmail" name: "procmail"
state: present state: present
@ -203,7 +205,7 @@
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: esmtprc - name: esmtprc
blockinfile: blockinfile:
path: /etc/esmtprc path: /etc/esmtprc
state: present state: present
@ -212,13 +214,13 @@
hostname = 134.102.55.235:25 hostname = 134.102.55.235:25
mda "/usr/bin/procmail -d %T" mda "/usr/bin/procmail -d %T"
- name: Link for chrome - name: Link for chrome
file: file:
src: /opt/google/chrome/chrome src: /opt/google/chrome/chrome
dest: /bin/chrome dest: /bin/chrome
state: link state: link
- name: set /etc/profile - name: set /etc/profile
blockinfile: blockinfile:
path: /etc/profile.d/sge.sh path: /etc/profile.d/sge.sh
state: present state: present
@ -248,4 +250,3 @@
export PATH export PATH
shlib_path_name=/opt/sge/lib/lx-amd64/:$LD_LIBRARY_PATH shlib_path_name=/opt/sge/lib/lx-amd64/:$LD_LIBRARY_PATH
export shlib_path_name export shlib_path_name

13
yaml_sub/myrepo_data.yaml
View file

@ -50,11 +50,11 @@
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[oneAPI] # [oneAPI]
name=oneAPI # name=oneAPI
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/oneAPI # baseurl=http://10.10.0.11/repos/Fedora/AllVersion/oneAPI
enabled=1 # enabled=1
gpgcheck=0 # gpgcheck=0
[Opera] [Opera]
name=Opera name=Opera
@ -88,7 +88,7 @@
[SGE] [SGE]
name=SGE name=SGE
baseurl=http://10.10.0.11/repos/Fedora/32/sge/copr-be.cloud.fedoraproject.org/results/loveshack/SGE/fedora-32-x86_64 baseurl=http://10.10.0.11/repos/Fedora/37/sge/copr-be.cloud.fedoraproject.org/results/loveshack/SGE/fedora-37-x86_64
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
@ -115,4 +115,3 @@
baseurl=http://10.10.0.11/repos/Fedora/$releasever/docker baseurl=http://10.10.0.11/repos/Fedora/$releasever/docker
enabled=0 enabled=0
gpgcheck=0 gpgcheck=0