neuro_ansible/parameters_for_new_computer.yaml

---
- name: install our repos
  hosts: all
  become: true

  tasks:
    - name: Make sure firewall service unit is diabled
      systemd_service:
        state: stopped
        enabled: false
        masked: true
        name: firewalld
      ignore_errors: true

    - name: remove other files
      include_tasks: yaml_sub/myrepo_clean.yaml
    - name: update file myrepo.repo
      import_tasks: yaml_sub/myrepo_data.yaml

    - name: ssh and sss
      dnf:
        name: "openssh,openssh-clients,openssh-server,sssd"
        state: present
        update_cache: true
        skip_broken: true
        nobest: false
        allowerasing: true
       
    - name: Set SELinux to disabled
      lineinfile:
        path: /etc/selinux/config
        regexp: '^SELINUX='
        line: SELINUX=disabled
        create: true

    - name: Set SSHd Config (TCPKeepAlive)
      lineinfile:
        path: /etc/ssh/sshd_config
        state: present
        line: "TCPKeepAlive yes"
        create: true
    - name: Set SSHd Config (ClientAliveInterval)
      lineinfile:
        path: /etc/ssh/sshd_config
        state: present
        line: "ClientAliveInterval 30"
    - name: Set SSHd Config (ClientAliveCountMax)
      lineinfile:
        path: /etc/ssh/sshd_config
        state: present
        line: "ClientAliveCountMax 500"

    - name: Set Services (sge_qmaster)
      lineinfile:
        path: /etc/services
        state: present
        line: "sge_qmaster 6444/tcp"
        create: true

    - name: Set Services (sge_execd)
      lineinfile:
        path: /etc/services
        state: present
        line: "sge_execd 6445/tcp"

    - name: Set Services (nrpe)
      lineinfile:
        path: /etc/services
        state: present
        line: "nrpe 5666/tcp # NRPE"

    - name: Set Cups
      lineinfile:
        path: /etc/cups/client.conf
        state: present
        line: "ServerName 10.10.10.16"
        create: true
    - name: Set LDAP (URI)
      lineinfile:
        path: /etc/openldap/ldap.conf
        state: present
        line: "URI ldap://10.10.1.31"
    - name: Set LDAP (BASE)
      lineinfile:
        path: /etc/openldap/ldap.conf
        state: present
        line: "BASE dc=nas1,dc=neuro,dc=itp"

    - name: sssd
      include_tasks: yaml_sub/sssd.yaml

    - name: set time zone
      timezone:
        name: Europe/Berlin

    - name: enable ping
      shell: "setcap cap_net_raw+p /bin/ping"

    - name: procmail
      dnf:
        name: "procmail"
        state: present
        update_cache: true
        skip_broken: true
        nobest: false
        allowerasing: true

    - name: esmtprc
      blockinfile:
        path: /etc/esmtprc
        state: present
        create: true
        block: |
          hostname = 134.102.55.235:25
          mda "/usr/bin/procmail -d %T"