Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
P
playbooks
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Locked Files
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Security & Compliance
Security & Compliance
Dependency List
License Compliance
Packages
Packages
List
Container Registry
Analytics
Analytics
CI / CD
Code Review
Insights
Issues
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nanahira
playbooks
Commits
53d22bfa
Commit
53d22bfa
authored
Feb 29, 2020
by
nanahira
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
move init out
parent
23138cde
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
7 additions
and
231 deletions
+7
-231
.gitignore
.gitignore
+2
-0
init.yml
init.yml
+2
-224
koishipro2ios.yml
koishipro2ios.yml
+1
-5
template.yml
template.yml
+2
-2
No files found.
.gitignore
View file @
53d22bfa
...
@@ -61,3 +61,5 @@ typings/
...
@@ -61,3 +61,5 @@ typings/
.next
.next
*.retry
*.retry
/roles/init
init.yml
View file @
53d22bfa
---
---
-
hosts
:
init
-
hosts
:
init
remote_user
:
root
remote_user
:
root
tasks
:
roles
:
-
name
:
authorized_key
-
init
authorized_key
:
user
:
"
{{
ansible_user_id
}}"
key
:
"
{{
lookup('file',
'../authorized_keys')
}}"
# when: "ansible_os_family == 'Debian' or ansible_distribution_major_version|int != 8"
-
name
:
sudoers
become
:
true
lineinfile
:
path
:
/etc/sudoers
insertafter
:
'
EOF'
line
:
'
{{
ansible_user_id
}}
ALL=(ALL:ALL)
NOPASSWD:
ALL'
validate
:
/usr/sbin/visudo -cf %s
when
:
"
ansible_user_id
!=
'root'"
-
name
:
timezone
become
:
true
timezone
:
name
:
Asia/Shanghai
-
name
:
disable password access
become
:
true
lineinfile
:
path
:
/etc/ssh/sshd_config
regexp
:
'
^#?PasswordAuthentication
(true|yes).*$'
line
:
'
PasswordAuthentication
no'
backrefs
:
true
when
:
"
(ansible_user_id
==
'root'
or
ansible_user_id
==
'nanahira'
or
ansible_user_id
==
'mycard'
or
ansible_user_id
==
'zh99998')
and
not
allow_password
is
defined"
# Only self-managed servers
notify
:
restart_sshd
-
name
:
sshd config
become
:
true
lineinfile
:
path
:
/etc/ssh/sshd_config
regexp
:
'
^#?GSSAPIAuthentication
(true|yes).*$'
line
:
'
GSSAPIAuthentication
no'
backrefs
:
true
notify
:
restart_sshd
-
name
:
sshd config
become
:
true
lineinfile
:
path
:
/etc/ssh/sshd_config
regexp
:
'
^#?UseDNS
(true|yes).*$'
line
:
'
UseDNS
no'
backrefs
:
true
notify
:
restart_sshd
-
name
:
swappiness
become
:
true
sysctl
:
name
:
vm.swappiness
value
:
1
sysctl_set
:
true
-
name
:
net.ipv4.ip_forward
become
:
true
sysctl
:
name
:
net.ipv4.ip_forward
value
:
1
sysctl_set
:
true
-
name
:
fs.inotify.max_user_watches
become
:
true
sysctl
:
name
:
fs.inotify.max_user_watches
value
:
524288
sysctl_set
:
true
-
name
:
net.ipv4.conf.all.rp_filter
become
:
true
sysctl
:
name
:
net.ipv4.conf.all.rp_filter
value
:
0
sysctl_set
:
true
-
name
:
net.ipv4.conf.default.rp_filter
become
:
true
sysctl
:
name
:
net.ipv4.conf.default.rp_filter
value
:
0
sysctl_set
:
true
-
name
:
TCP BBR
become
:
true
sysctl
:
name
:
net.core.default_qdisc
value
:
fq
sysctl_set
:
true
when
:
"
ansible_os_family
==
'Debian'
or
ansible_distribution_major_version|int
>
7"
-
name
:
TCP BBR
become
:
true
sysctl
:
name
:
net.ipv4.tcp_congestion_control
value
:
bbr
sysctl_set
:
true
when
:
"
ansible_os_family
==
'Debian'
or
ansible_distribution_major_version|int
>
7"
-
name
:
limit
become
:
true
pam_limits
:
domain
:
'
{{
ansible_user_id
}}'
limit_type
:
'
-'
limit_item
:
nofile
value
:
1048576
-
name
:
apt upgrade
become
:
true
apt
:
update_cache
:
true
upgrade
:
dist
when
:
"
ansible_os_family
==
'Debian'"
-
name
:
yum update
become
:
true
yum
:
name
:
'
*'
update_cache
:
true
state
:
latest
when
:
"
ansible_os_family
==
'RedHat'
and
ansible_distribution_major_version|int
==
7"
-
name
:
dnf update
become
:
true
dnf
:
name
:
'
*'
#update_cache: true
state
:
latest
when
:
"
ansible_os_family
==
'RedHat'
and
ansible_distribution_major_version|int
==
8"
-
name
:
fixup iptables with qemu
become
:
true
iptables
:
chain
:
FORWARD
flush
:
true
when
:
'
hypervisor
is
defined'
-
name
:
apt
become
:
true
apt
:
update_cache
:
true
state
:
latest
name
:
curl,wget,git,vim,sudo,byobu,iftop,iotop,build-essential,p7zip-full,xclip,astyle,python-setuptools,python-dev,tcpdump,rsync,htop,locales,mtr,dnsutils,net-tools,traceroute,tar,unzip,iperf,nmap,mosh
when
:
"
ansible_os_family
==
'Debian'"
-
name
:
Ubuntu packages
become
:
true
apt
:
update_cache
:
true
state
:
latest
name
:
ctags
when
:
"
ansible_distribution
==
'Ubuntu'"
-
name
:
Debian packages
become
:
true
apt
:
update_cache
:
true
state
:
latest
name
:
universal-ctags
when
:
"
ansible_distribution
==
'Debian'"
-
name
:
apt autoremove
become
:
true
apt
:
autoremove
:
true
when
:
"
ansible_os_family
==
'Debian'"
-
name
:
epel
7
become
:
true
yum
:
state
:
latest
name
:
epel-release
when
:
"
ansible_os_family
==
'RedHat'
and
ansible_distribution_major_version|int
==
7"
-
name
:
yum
become
:
true
yum
:
state
:
latest
name
:
curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,ctags,xclip,traceroute,tar,unzip,iperf,nmap,libselinux-python,mosh
# astyle
when
:
"
ansible_os_family
==
'RedHat'
and
ansible_distribution_major_version|int
==
7"
-
name
:
epel
8
become
:
true
dnf
:
state
:
latest
name
:
epel-release
when
:
"
ansible_os_family
==
'RedHat'
and
ansible_distribution_major_version|int
==
8"
-
name
:
dnf
become
:
true
dnf
:
state
:
latest
name
:
curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,ctags,astyle,traceroute,tar,unzip,nmap,python3-libselinux,mosh
# xclip
when
:
"
ansible_os_family
==
'RedHat'
and
ansible_distribution_major_version|int
==
8"
-
name
:
dnf autoremove
become
:
true
dnf
:
autoremove
:
true
when
:
"
ansible_os_family
==
'RedHat'
and
ansible_distribution_major_version|int
==
8"
-
name
:
disable selinux
become
:
true
selinux
:
state
:
disabled
when
:
"
ansible_os_family
==
'RedHat'"
-
name
:
disable selinux
lineinfile
:
path
:
/etc/selinux/config
regexp
:
'
^SELINUX='
line
:
'
SELINUX=disabled'
backrefs
:
true
when
:
"
ansible_os_family
==
'RedHat'"
-
name
:
vim
unarchive
:
src
:
https://minio.mycard.moe:9000/nanahira/nanahira-vim.tar.gz
dest
:
'
~'
creates
:
'
~/.vim'
remote_src
:
true
-
name
:
ctags link
become
:
true
file
:
src
:
/usr/bin/ctags
path
:
/usr/local/bin/ctags
state
:
link
-
name
:
git user.email
git_config
:
name
:
user.email
scope
:
global
value
:
78877@qq.com
-
name
:
git user.name
git_config
:
name
:
user.name
scope
:
global
value
:
purerosefallen
-
name
:
git push.default
git_config
:
name
:
push.default
scope
:
global
value
:
simple
-
name
:
git ssh
known_hosts
:
name
:
github.com
key
:
"
{{
lookup('pipe',
'ssh-keyscan
github.com')
}}"
handlers
:
-
name
:
restart_sshd
become
:
true
systemd
:
name
:
sshd
state
:
restarted
koishipro2ios.yml
View file @
53d22bfa
...
@@ -10,8 +10,4 @@
...
@@ -10,8 +10,4 @@
synchronize
:
synchronize
:
src
:
/home/nanahira/ygo/koishipro2/koishipro2ios/
src
:
/home/nanahira/ygo/koishipro2/koishipro2ios/
dest
:
'
{{
deploy_path
}}'
dest
:
'
{{
deploy_path
}}'
delete
:
no
archive
:
yes
recursive
:
true
verify_host
:
no
checksum
:
true
archive
:
no
template.yml
View file @
53d22bfa
...
@@ -117,7 +117,7 @@
...
@@ -117,7 +117,7 @@
apt
:
apt
:
update_cache
:
true
update_cache
:
true
state
:
latest
state
:
latest
name
:
curl,wget,git,vim,sudo,byobu,iftop,iotop,build-essential,p7zip-full,tcpdump,rsync,htop,locales,mtr,dnsutils,net-tools,traceroute,tar,unzip,iperf,nmap,dnsutils,open-vm-tools
name
:
curl,wget,git,vim,sudo,byobu,iftop,iotop,build-essential,p7zip-full,tcpdump,rsync,htop,locales,mtr,dnsutils,net-tools,traceroute,tar,unzip,iperf,
iperf3,
nmap,dnsutils,open-vm-tools
when
:
"
ansible_os_family
==
'Debian'"
when
:
"
ansible_os_family
==
'Debian'"
-
name
:
apt autoremove
-
name
:
apt autoremove
become
:
true
become
:
true
...
@@ -134,7 +134,7 @@
...
@@ -134,7 +134,7 @@
become
:
true
become
:
true
yum
:
yum
:
state
:
latest
state
:
latest
name
:
curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,traceroute,tar,unzip,iperf,nmap,libselinux-python,open-vm-tools
name
:
curl,wget,git,vim,sudo,byobu,iftop,iotop,gcc,gcc-c++,make,autoconf,p7zip,p7zip-plugins,tcpdump,rsync,htop,mtr,net-tools,traceroute,tar,unzip,iperf,
iperf3,
nmap,libselinux-python,open-vm-tools
when
:
"
ansible_os_family
==
'RedHat'
and
ansible_distribution_major_version|int
==
7"
when
:
"
ansible_os_family
==
'RedHat'
and
ansible_distribution_major_version|int
==
7"
-
name
:
epel
8
-
name
:
epel
8
become
:
true
become
:
true
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment