From 4998f1cf30d46c1f92f093f4b1384a81dba4423c Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Sun, 1 Mar 2015 16:00:36 +0059
Subject: [PATCH] finish common tasks, copy files, place some todos
---
common/defaults/main.yml | 1 +
common/files/fsmpi/issue.net | 8 ++
common/files/fsmpi/motd | 9 ++
common/files/keys/jens.pub | 1 +
common/files/keys/jensFS.pub | 1 +
common/files/keys/konstantin.pub | 1 +
common/files/keys/lars.pub | 1 +
common/files/keys/marcel.pub | 1 +
common/files/keys/marcelHome.pub | 1 +
common/files/keys/marcelWork.pub | 1 +
common/files/keys/patrick.pub | 1 +
common/files/keys/rikus.pub | 1 +
common/files/keys/rikusfsmpi.pub | 1 +
common/files/lldpd | 1 +
common/files/root/bashrc | 175 +++++++++++++++++++++++++++++++
common/files/root/gitconfig | 1 +
common/files/root/vimrc | 1 +
common/files/rwth_chain.pem | Bin 0 -> 4071 bytes
common/files/sudo/admin | 1 +
common/files/sudo/default | 1 +
common/handlers/main.yml | 14 +++
common/meta/main.yml | 1 +
common/tasks/dns.yml | 5 +-
common/tasks/inventory.yml | 6 --
common/tasks/logging.yml | 13 ++-
common/tasks/main.yml | 12 +++
common/tasks/ntpd.yml | 10 +-
common/tasks/shell.yml | 44 ++++++++
common/tasks/software.yml | 27 ++---
common/tasks/sshd.yml | 13 +--
common/tasks/ssl.yml | 6 +-
common/tasks/sudo.yml | 15 +--
common/templates/ntp.conf.j2 | 16 +++
common/templates/resolv.conf.j2 | 5 +
common/templates/rsyslog.conf.j2 | 118 +++++++++++++++++++++
common/templates/sshd_config.j2 | 1 +
common/vars/main.yml | 1 +
37 files changed, 462 insertions(+), 53 deletions(-)
create mode 100644 common/files/fsmpi/issue.net
create mode 100644 common/files/fsmpi/motd
create mode 100644 common/files/keys/jens.pub
create mode 100644 common/files/keys/jensFS.pub
create mode 100644 common/files/keys/konstantin.pub
create mode 100644 common/files/keys/lars.pub
create mode 100644 common/files/keys/marcel.pub
create mode 100644 common/files/keys/marcelHome.pub
create mode 100644 common/files/keys/marcelWork.pub
create mode 100644 common/files/keys/patrick.pub
create mode 100644 common/files/keys/rikus.pub
create mode 100644 common/files/keys/rikusfsmpi.pub
create mode 100644 common/files/lldpd
create mode 100644 common/files/root/bashrc
create mode 100644 common/files/root/gitconfig
create mode 100644 common/files/root/vimrc
create mode 100644 common/files/rwth_chain.pem
create mode 100644 common/files/sudo/admin
create mode 100644 common/files/sudo/default
delete mode 100644 common/tasks/inventory.yml
create mode 100644 common/tasks/shell.yml
create mode 100644 common/templates/ntp.conf.j2
create mode 100644 common/templates/resolv.conf.j2
create mode 100644 common/templates/rsyslog.conf.j2
create mode 100644 common/templates/sshd_config.j2
diff --git a/common/defaults/main.yml b/common/defaults/main.yml
index e69de29..802ac1f 100644
--- a/common/defaults/main.yml
+++ b/common/defaults/main.yml
@@ -0,0 +1 @@
+## TODO
diff --git a/common/files/fsmpi/issue.net b/common/files/fsmpi/issue.net
new file mode 100644
index 0000000..3dab4c4
--- /dev/null
+++ b/common/files/fsmpi/issue.net
@@ -0,0 +1,8 @@
+This device is property of the Fachschaft Mathematik/Physik/Informatik of the
+RWTH Aachen University.
+
+ =========== WARNING ===========
+
+All traffic to and from this device is monitored and logged.
+
+Access to this machine is for authorized personal only.
diff --git a/common/files/fsmpi/motd b/common/files/fsmpi/motd
new file mode 100644
index 0000000..7632daf
--- /dev/null
+++ b/common/files/fsmpi/motd
@@ -0,0 +1,9 @@
+#########################################################################
+# RWTH Aachen University -- Fachschaft Mathematik/Physik/Informatik #
+#########################################################################
+# #
+# If you have any problems send an eMail to #
+# #
+# admin@fsmpi.rwth-aachen.de #
+# #
+#########################################################################
diff --git a/common/files/keys/jens.pub b/common/files/keys/jens.pub
new file mode 100644
index 0000000..20c56b5
--- /dev/null
+++ b/common/files/keys/jens.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV0A9/518e6ET6Q31zIEbgTPm4xnZgTUuCgcmPgbkaad+SiTZ6laSAaOrhSkKw6HUMpBmBg5Fwz2wvrY552LZot4lywzuzyuX6FRDofcfY6MKwYgxkeosf0iWjeorHF2nBa1xA+9EZFVO4yQvqub3FmgA31zy5GZAFOxbdYRrl+TYku554+OP7wzEENnjrCqiCFDApFU2bmD182imMJNKDjOF+dJXgquczP3oLtLnHXE7ogenPiXybT8oCQORTHYlCeI/xd7V3ma606+kxHyZLLDsPs01zqRXQQEogM1i+5sBDaunqAkcANXgpb//5Kccn/rinQuQwBnKHpNhuT077 jensbrandt@X61t
diff --git a/common/files/keys/jensFS.pub b/common/files/keys/jensFS.pub
new file mode 100644
index 0000000..9e15849
--- /dev/null
+++ b/common/files/keys/jensFS.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7ezDqffwh1fRZn6Ae/DGnGEUzOzjcMnw7HSo09GT2R1e6/XuPVWRlBkjFgvRG1L+qr0uzLnYF+Os5E3pl57pwZw3dnST8HhAxHYlQdxu2046pUpbnDs0RtBYKnU+Wvaj+9cZMKgZvSu/ifb5qMJejivOgVxyaOu/EE7jIB6jnpyRao7l8GbBZ6h2DGOQWQZChxls3rI14QmYLGIUHmk38Zv+rU9DdT//GFd7SxnWsDp4hVEeqtdYOcQICv1MrPy2PVJsyPua89BrBFqXx0TfXcO40JR5PSQE/iXQlQlcLh3xVsmQT8ZYISTXTCpYKmcR/u4FfUXZsxxUPckcFyLYX jens@portal.fsmpi.rwth-aachen.de
diff --git a/common/files/keys/konstantin.pub b/common/files/keys/konstantin.pub
new file mode 100644
index 0000000..ed556f7
--- /dev/null
+++ b/common/files/keys/konstantin.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAqSGg7VTXDcivuV1KfdD2e+a1IkhjWnWZCaIPUk1NYoratF/SxKvVY0XWF/FG4HcMkPCNLdKukIzEoZhu3kQ0Qo7CfQ54fZkhkYhIKE+yzrOwc1X02s/roBPamY5TAr+rk15TBdDNssXkt5ZCjITL4J80GUhv52wb6hfkPUHZT1LGZFfdNdVkEcwCT3RWDM0GSx+qc+8z+w2N5Vcv3s0CPXWn+mt2ScALPnTxgImZi6osnIPL4r/vDNX1wFYU9bJP+Yag1UKhv86M/nbB3gqhj6q8ZkoIQ7wXcZdms5XSNTCsDQ0FYKLujXETRPdGHlm9fAh6TlztK7P0cNmogLjNpQ==
diff --git a/common/files/keys/lars.pub b/common/files/keys/lars.pub
new file mode 100644
index 0000000..52835b5
--- /dev/null
+++ b/common/files/keys/lars.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1QrgcrkyXbJKo90kwzUVyMjTvjSjvNpZhAdeH15DmvnyVcjxBOsfubtjlMchCl7SCg0HrHw7bmrVHXD8rWlN4RwzkDa25LfTdUocsd1ifuvV6d9x/UwBkYyenVxWxqZxkzSmyVXEJltUE7bzGFgU83Du/VIW4NoAQILLVwAb7mmExBXu3lgwadp3d59bm+alPkV1oTsjmHvq8MTvATHJgfjRRT+62VEGoTJFU6RuV1WRw246rb8hAjX1X6yzKH9NgTkC51A3vYj6dFPtmZKvZF3EWaFnbWhic7gnZKB6Lo6dkXiQjk10wAkWLdKdXFKEKGBho3YbX0WZBvXUjZzwKpDmkmrcGdO1dF17+Q+i8ybBqASHibQLUwle3zd0aM+IiqHJlghCopfAoDZP+nq01LAa2c9DX0bVLRKiPqyIl7MAOJuHLI0UazsN4pp9sKoIPYPwcDGHUF5JP1ZmxAw1zhgU2Lwsqt5AXwtkgeGFzJvllmo87RZrT/lGIYZ22o7+Qb3wTLZx60PG7+dUe+uGk0dDNbwCZxoo3GHbaKzjAi+KLWQBMzCe4CJ5gEoFunytiwJkQZKJdTKMLZ0+Im46v9VvTI9fSSNKQece88BZ6kmcgxuetWCYxjuH2amji0k/COLn31uNOqnlRZSNPCcKawYxdmw+EghwjrQtfg89QJw== lars@forge-2011-11-09
diff --git a/common/files/keys/marcel.pub b/common/files/keys/marcel.pub
new file mode 100644
index 0000000..e334852
--- /dev/null
+++ b/common/files/keys/marcel.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0+PCSlrG2mrPjE181QL7MmdNSBciVG+MBJpZN5385YJOU1nxDQ7Bi/P6hQh7y+iKJbrMN/zgThZGgfwptkr8ZpFspOgiycy84dK8MuKbr6epLhyrmbb0Xt21mENgVy+G7mOxak6bLgCOYvpGxVjKGNZHKIT0LT3NR9cFpDKaqlLUI9H2+1pwint6qdQfFNPH3YFMJ/8IO6LJb2klJMHaMNhKnMD18XFthDLZWnvbSRRMuuB70lFn+raFdzNZ+kT2QDC5TGRlmdW3R7nnw95B1/stuNsBVZXnvINsX4cKcyT7usUwkGlpeSz/w0LVEKVg0g3akBWkK3yK5qa6WDdGfQ== marcel@portal.fsmpi.rwth-aachen.de
diff --git a/common/files/keys/marcelHome.pub b/common/files/keys/marcelHome.pub
new file mode 100644
index 0000000..5a324ea
--- /dev/null
+++ b/common/files/keys/marcelHome.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfuaq8bmktvuZ4B5OajMmpJNj6ddaM4Q4495ddZfQUG6cauvzEoWVdw782a6chrjvPrJOmcL9Qcoc8lTuZu3NxwFRebIjDLrahpe/GZPceBcUF/PW6+pLjuMuOuSworfkBl48ILoQFlRX0hvT7043kJRXwSIKn98bQZAmS3Fw+GFDlTWv4a5r8eAbipEmPoAmvOGQ9zQcTHEOVpZsY4c05Sfiy+TQmapYPqCkkteG1Hv64W2owH924AWrx2ZWNSPSI5R9Y+WEWJpXZfNLxtmzTPp3igoLyGpfswW/7+RluUQ6L0CD425kySyZ6GldPET99bXzXqxD3e624PwzhIGyD marcel@mobilux.ac.straub-nv.de
diff --git a/common/files/keys/marcelWork.pub b/common/files/keys/marcelWork.pub
new file mode 100644
index 0000000..bf33ea4
--- /dev/null
+++ b/common/files/keys/marcelWork.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOrDiWcsSYcJouAfuTaY/AGAx9kkz1QqOuzKb6lKmF7WGfC0Yh3yZdNzUNpq2fo6OzIup9dZggy9QFKi69I05jd82+4Wyown0Xs44Y1u+MS/G5+7voPtrdY8Cxhm/eKsiCRxl3BTGaRcsiGCuqv1dbaRmsn+Bl7Y81rYjZvBv0jwOi1bKvu5fF+05wyPNuocVQ7yZISWXPjluV8jcW+qZzcXtkIIR5Ze/Cb26bCixY2WlRzbulBhVa/1yj0SCbcSSPYfmfhSnck4Tw/rCImfmdVCspoWZyWFVFyHn8eyXzMrp84sovzooOWLjuAOihNIoORo3z1K/DOC2BvAzDH2u9 marcel@mpiTux.pmi.rwth-aachen.de
diff --git a/common/files/keys/patrick.pub b/common/files/keys/patrick.pub
new file mode 100644
index 0000000..909b59c
--- /dev/null
+++ b/common/files/keys/patrick.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvdnGYcsNG3WLbRYVDnCDMdx53pGji2MiGsOQTtTLlUZ1OlSGf6XyvNzIYhaQABjvw7spRAqrDxwOKXo9Kd4hqVencrbMpIo0CLSZWMMjwzfye+F4hlZVEooWEZrG8wSMb+oYjCCbBUBlgFmnz1Khx6NnacnlAV/OqzJNPoLcovmZm/E/ftJp3WoMaYIkvZDVfUnY92R+iprW4gRfPJzjMPF+5Y3+LlfVCcZMNQ1UsRT8U/A8zTOkorvyBy8nsR1g+zWoCaHMKhX9pedFHj4NaHJI9vDMiXwhgNDsf43nj8Dd6mWPLZlPbcXmnVz200wIL0ysz0PjLIBhvmZYYkYNh ilmig@smaug
diff --git a/common/files/keys/rikus.pub b/common/files/keys/rikus.pub
new file mode 100644
index 0000000..0c6fa8a
--- /dev/null
+++ b/common/files/keys/rikus.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdSBzhclr9x4cVkOQ9c9qF3Fh3XWYYhVwK/GZwg46IXyhrKNx2c083ciNqke8vh+yTALbONhwyOlV/D6RsfYye+nSdsr/Cd68vRknt4S410Zd32/ug+w9WgSj3MWIuOVHwb75/BA2zbeKJf0PrBhBSPfkQXfPXkzXXjd678TgDYisz4hO4a41ELaIEzqEKMO4PMEetPBqEQ3SBAbtIReftznD2d60Uk4z/IS6WjdJM+TLyKwGE1tFt/w/+T8f+bGg8N5KIyLQPCGb5HLfmgJUcdfCSqAqADuMz4TMGkw2Gf/b8rDjjckbszQoUvqgt68usgvdwYwsAH9B9amzZZ99J hinrikus.wolf@x220
diff --git a/common/files/keys/rikusfsmpi.pub b/common/files/keys/rikusfsmpi.pub
new file mode 100644
index 0000000..85ad4f2
--- /dev/null
+++ b/common/files/keys/rikusfsmpi.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDB40n+Fy7PuPJup9bfuk86t1fEskIjsN9k2f1pIeDHfz7sv9+/EGQU6PEluusQgx6pHfH4FUUb+Bs324BGBnSrz3ixPA1jP/Tzq7CdvU3+YXYu5+KrQQdBlIAMUxfLGfZm7sAfsOl0v35157CNv1DcdzkCjQXEweglxKOPW/0PW0X0yN8hCauIhkIiwyUaGReEhYk57aIBpH3aNcaoA2BDNUw+50TbG20p/JQo8DQvqZFYi2aCs8G8d9pHig2Eq35U/gR5oZVuGTNIje4nVCtOq212quGPJu+qL/XvI1YEULVmU39x2C2omLdd/HJybA/zKlQzFYRTvJyDoR+FsIuD hinrikus@hoern1.fsmpi.rwth-aachen.de
diff --git a/common/files/lldpd b/common/files/lldpd
new file mode 100644
index 0000000..8ce98b5
--- /dev/null
+++ b/common/files/lldpd
@@ -0,0 +1 @@
+DAEMON_ARGS="-c"
diff --git a/common/files/root/bashrc b/common/files/root/bashrc
new file mode 100644
index 0000000..df6453a
--- /dev/null
+++ b/common/files/root/bashrc
@@ -0,0 +1,175 @@
+
+bash_prompt() {
+ case $TERM in
+ xterm*|rxvt*)
+ local TITLEBAR='\[\033]0;\u:${NEW_PWD}\007\]'
+ ;;
+ *)
+ local TITLEBAR=""
+ ;;
+ esac
+ local NONE="\[\033[0m\]" # unsets color to term's fg color
+
+ # regular colors
+ local K="\[\033[0;30m\]" # black
+ local R="\[\033[0;31m\]" # red
+ local G="\[\033[0;32m\]" # green
+ local Y="\[\033[0;33m\]" # yellow
+ local B="\[\033[0;34m\]" # blue
+ local M="\[\033[0;35m\]" # magenta
+ local C="\[\033[0;36m\]" # cyan
+ local W="\[\033[0;37m\]" # white
+
+ # emphasized (bolded) colors
+ local EMK="\[\033[1;30m\]"
+ local EMR="\[\033[1;31m\]"
+ local EMG="\[\033[1;32m\]"
+ local EMY="\[\033[1;33m\]"
+ local EMB="\[\033[1;34m\]"
+ local EMM="\[\033[1;35m\]"
+ local EMC="\[\033[1;36m\]"
+ local EMW="\[\033[1;37m\]"
+
+ # background colors
+ local BGK="\[\033[40m\]"
+ local BGR="\[\033[41m\]"
+ local BGG="\[\033[42m\]"
+ local BGY="\[\033[43m\]"
+ local BGB="\[\033[44m\]"
+ local BGM="\[\033[45m\]"
+ local BGC="\[\033[46m\]"
+ local BGW="\[\033[47m\]"
+
+ local UC=$G # user's color
+ [ $UID -eq "0" ] && UC=$R # root's color
+
+ PS1="$TITLEBAR ${EMW}\t [${UC}\u ${EMK}@ ${C}\h${EMW}] ${EMC}\w ${UC}\\$ ${NONE}"
+ # without colors: PS1="[\u@\h \${NEW_PWD}]\\$ "
+ # extra backslash in front of \$ to make bash colorize the prompt
+}
+
+#append_root() {
+# export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$1/lib
+# export PATH=$PATH:$1/bin
+# export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:$1/lib/pkgconfig
+# for D in $1/lib/python*/site-packages; do
+# export PYTHONPATH=$PYTHONPATH:$D
+# done
+#}
+
+prepend_root() {
+ echo "** prepend $1"
+ export LD_LIBRARY_PATH="$1/lib:$LD_LIBRARY_PATH"
+ export PATH="$1/bin:$PATH"
+ export PKG_CONFIG_PATH="$1/lib/pkgconfig:$PKG_CONFIG_PATH"
+ for D in $1/lib/python*/site-packages; do
+ export PYTHONPATH="$D:$PYTHONPATH"
+ done
+}
+
+append_element() {
+ local IFS=":"
+ for item in $1; do
+ if ! [[ $item == $2* ]]; then
+ echo -n "$item:"
+ fi
+ done
+ echo $2
+}
+
+prepend_element() {
+ local IFS=":"
+ echo $2
+ for item in $1; do
+ if ! [[ $item == $2* ]]; then
+ echo -n ":$item"
+ fi
+ done
+}
+
+remove_element() {
+ local IFS=":"
+ for item in $1; do
+ if ! [[ $item == $2* ]]; then
+ echo -n ":$item"
+ fi
+ done
+}
+
+list_path() {
+ local IFS=":"
+ for item in $1; do
+ echo $item
+ done
+}
+
+append_root() {
+ export LD_LIBRARY_PATH=$(append_element $LD_LIBRARY_PATH $1/lib)
+ export PATH=$(append_element $PATH $1/bin)
+ export PKG_CONFIG_PATH=$(append_element $PKG_CONFIG_PATH $1/lib/pkgconfig)
+ for D in $1/lib/python*/site-packages; do
+ export PYTHONPATH=$(append_element $PYTHONPATH $D)
+ done
+}
+
+
+remove_root() {
+ PATH=$(remove_element $PATH $1)
+ LD_LIBRARY_PATH=$(remove_element $LD_LIBRARY_PATH $1)
+ PKG_CONFIG_PATH=$(remove_element $PKG_CONFIG_PATH $1)
+ PYTHONPATH=$(remove_element $PYTHONPATH $1)
+}
+
+# Check for an interactive session
+[ -z "$PS1" ] && return
+
+if [ "$PS1" ]; then
+ shopt -s checkwinsize
+ shopt -s cdspell
+
+ # don't put duplicate lines in the history. See bash(1) for more options
+ # don't overwrite GNU Midnight Commander's setting of `ignorespace'.
+ HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
+ # ... or force ignoredups and ignorespace
+ HISTCONTROL=ignoreboth
+
+ # append to the history file, don't overwrite it
+ shopt -s histappend
+
+ alias ls='ls -h --color=auto'
+ alias l='ls -lh --color=auto'
+ alias ll='ls -Alh --color=auto'
+ alias ssh='ssh -A -X'
+ alias make='make -j 4'
+ alias ne='TERM=xterm ne'
+ alias ..='cd ..'
+ bash_prompt
+
+ export EDITOR=/usr/bin/vim
+
+ set bell-style none
+
+ # enhanced bash completition
+ if [ -f /etc/bash_completion ]; then
+ . /etc/bash_completion
+ fi
+ if [ -f ~/.bash_completion ]; then
+ . ~/.bash_completion
+ fi
+
+# if [ -z "$SSH_AUTH_SOCK" ] && [ "${SSH_AUTH_SOCK}xxx" = "xxx" ]; then
+# SSH_ENV="$HOME/.ssh/environment"
+# echo "Starting KeyChain"
+# # Source SSH settings, if applicable
+# keychain --nogui --eval id_rsa
+# . ~/.keychain/$HOSTNAME-sh &> /dev/null
+# . ~/.keychain/$HOSTNAME-sh-gpg &> /dev/null
+# fi
+
+ #prepend_root $HOME/.local
+
+ if [ -f $HOME/.bashrc.local ]
+ then
+ source $HOME/.bashrc.local
+ fi
+fi
diff --git a/common/files/root/gitconfig b/common/files/root/gitconfig
new file mode 100644
index 0000000..802ac1f
--- /dev/null
+++ b/common/files/root/gitconfig
@@ -0,0 +1 @@
+## TODO
diff --git a/common/files/root/vimrc b/common/files/root/vimrc
new file mode 100644
index 0000000..802ac1f
--- /dev/null
+++ b/common/files/root/vimrc
@@ -0,0 +1 @@
+## TODO
diff --git a/common/files/rwth_chain.pem b/common/files/rwth_chain.pem
new file mode 100644
index 0000000000000000000000000000000000000000..052f807ecbb36b9e086cd82d9ccd1a9759cad7c2
GIT binary patch
literal 4071
zcmXqLVtHZE#C%}^GZP~d6AS03k_QI7Y@Awc9&O)w85vnw84RKfxeYkkm_u3Egqd7i
z4TTK^K^!h&E*CdH-LTZ6)XY3X0RujeAh$3(NHD<L(@@1g2_(WSEDaKYC{qY<c2scB
z$xlkmQP5RzH!w7i6X!KBH!w0ZF*G!>G`5Hm=QXr6FfueY0D~xlI8?hu41_?2atU(>
zg@<@3I3^}%q~;ll8;F8LnT7d~L=~JJ4HXRJ;9lWm6cbENbSNq>$<R#%>(fg~HE3c~
zLiR2rD+6;ABR_*d6C)Q>6C)$T4g-#q$0zPo1>HAwvYhl;|A%7bW1)2Yp8A3*>gLHF
z<qJCR{#tYCMBmLf9t`TA%WV9DrdXu}FMl>Yc(29oO*fx>OpvnwUaJ#cGx_4|V;0rN
zWKaKg+n#xT|CXYd_<1|#T{V=t>Spw0p-`(-s>{!M{%W7SzXIm-tt@)IYPy5wL9dMY
zD;uTC8jT)5I2>Z|<G_Q=oNY5+=#~8YwJ`17{hQu*_X`)VGMQ>1Q`dBV_N8^LIYk+E
z*;_yQFSSs4Uu)RoTWG{{PWaN-?#$n{W`}p|yn3y%Z?B?A@~KNjm%>-*zu$AvBdD4&
zuv1+iDA?fnWl3h;?wf~}%}et5Gr^#2q58y=9~Uz*GcqtPZerYE(8RdLfS-*yR92Xg
z@jnZz0W%}xe*<oi06z;0GZQ15fh>r_$0Eiel6TeafQ)|ONt^wie($qFJ>FdWWMLo=
zl2&GsFc51H@!Wpw{0m$8`d2R1!kXVdauwL!OEHiEDG+24H4tvZ5>t&GAZdA)#s-5r
z1KS1G3oP5rGfGMdtn~GhQwj|A3X&7`QquDDQd0HP!6{6)C_leMH#t$ipfpK8xhO|J
zIWf5?M=!Z32UEKdN!lA1v2kd#F|x9<GcvL?PBmzpWZ(`HF<@%5Cc#;W$*DypAeW^U
zmFOiGmEbanpaU@sLe0d?pu{ZRUUy7~TSlSk>Pj|k>B;{~Te**L%LT8=i&=STX~=WK
zRM+~Dx8}df_}`2BtWN#ICpNWh@4WearaQw5b<@>O#Adua2HGm0`H!rlsuhmy;}
zr5|aS)F{L)nX$6)^BNY(K9|n*A@MnZ7V}JvE)^$k(JPg$)tJXRf5n44ukCJ$-;ulR
zxAn=18ZCdl#d6|JMyJESD%(aDxNyEpXm7pDGiNW~;`5(R8a-YetC6|##mg*}@D*!n
z7JNN0MO}T-67Q+(rurTm917Aec<$O_*&};wVebDRmZyu-&-Yzi{bRa5lk>fd$@Yoc
z`a^`aUQsrV%T5r8kxo@sI<3W;m+<{Zcaf1U2spXAd-^Fjy9R}Lx_LS~hPZ+Rb-8>!
zJzYIRoShxZbJHEmJ)IoWJ)IqWlgnKKBfY%yqdYUplKmV5UEQ1l9m|tLTzz~Uv)vsH
zLtULRe4T?_Lo2vETpSaf(*44m9P>k54T5q~B7&+SjWTjP-GXwG+{22Jj11BPLz62!
zsvJ`w>WV|$aso@j+{22a!u)c$A}gIjlk>u=Qk<P!qQXrLq9QyiJgXctAc}oM+_SM8
z8k%ca2GYY780=W->tqt)65?p&8{%2vAL3f>o0VPe>y{tk65?v=>k?Vz>*87E7XlV5
z56?pN1{cU5u2qgf5F7JDoU?=6LoyA+qawU=62na@TwNUfA#%kbP6lAPz+i*y3NIJO
zOprL2lcR5lJ46DeDLvHH&&ks@r8vpRD<jF-vBc9gx!e~N(7~SQf$PNO6zJ%Zp6(jp
z=;G|`7?|&zp6=@8=%1TZZj|b#9cWZ)8EF_=ZW<Nn7h;%c7H;Zm9u*Sd=vEr$nHLi3
z>0fNXm1UV!T<+rP>TH_pWKtLzYLMfd?(OXFnrR&D<>Y3XWa95-QXY}z<5pap?-!C|
z?i1zYX5ep>?&wiqQD%_u&*fh3;*wFClk8pP8kAaIRh6C@<dWr7ZjxzKkniYKRBG&M
zX;NtE<L+u&VpNoBp6XSaRpyvzY2aev>Xly>Rm4?QWE@fz6j&ajACY5X7UCIMQ0nZS
z?wjZ9Xy6<b?&N2l;_BsDSs3mYmY!!|oaCOIlo;rd98#iR74DuEZc)WmY*`#o5#-^V
zneU&G<7ViTXqgr48W85IpIi`B<d<t{ZtCq)YFSj2SrHW;mK_jak`fvckQkZfRpsIr
z92SzqRT<=KkelabSP@=TSWsRXsU7T|;$>!`onMu08th)^Ta=s|rETFGY*A$3>{#yV
z=$Pp5WEA4;WSHet4vt2TAPd*T5T`s}_we*cGpCG<9LxL^kDzk@OpCH)_mTpiJaCe(
ziVF8FjdBkyi!@3p@Co-SNXoRVii+?u;z|tn%keRC%Z)GyDoZgkElx6W%MJ|l^7YB}
zt4wmSD2X)oDvmIUDof5a%t&!DjEtxXE%y(OEJ=*;t4awEtK<p@4GN7g^a=<u3`z?$
za7**ef@B(xKoeKD^uW;Iq%`*`?Q}~IWBtM)kKz#Tw6qH6JV$Ng+`w{=@<<o1upomh
zC#Upsw|vJ?-(){ick?2{P|M^96VDtopP-at=OW*tyb#}Vm-I-Nupol~$3PE#C&xe+
z$8=YBUnfs@E=R-A6xVWBC;jq3PhZDKC&x4kXU9N{Bnv7JKq=PA(WNXSJTJ{L*eNZ!
zFes~-D?QONF*D8C(%Z{Bw=yR?(lyVe*gL={uP9GD+{ZtyG9oCu!ZO3RD8<LfGTq19
z)Y2%;%RkY})L+{*$Tiiph%430wJI&EB+V-`#W2(;+~3zIptQ<3z@^yBGb=dQEifh6
zKf|LUD>KJ4)H0wdpdh8v*)PAyI5$5sv>-4bQlBfi$}7?(FsG=Xq|hzN*HORJ#4tC?
zEiyZ#(8MpG%G1y>tgIl*(<dr9CnumdGSST<BG@ggG{QyOt*R<3)zpKl*wEK4**`5O
zB(k6&y)rAqwLI57FUQ=|EGIqH#Yx|^z%MA#$vw-`+r`Ysu_!9CBrP$+$0a4g(LJ@u
z(<sxAE7B~YEH}I)SwFNS+_JF5F{3IZ)HTYh*xWPC%{jf;!`Il`AgR1OCCs@hGBi2O
zx2(z~B+%HW!na7<w<<d)i>uJl#n>XF+?ESmNW1#EU>4k98Qg`sOJ0?;vtxcLtWbCI
z%5wB`O3yCL$j)@PEH`j+3=DO1baATi4J<Bq4vcgO3k-C3E%$N_3UN*5@^#7wm-5aT
zz9B*GVTLIlep!j`q3Pg4JG`VUDcH#=sLD0X*U12)uEIAw%-JwBD!d{m)F>>A%hN5W
zG9|*#z|++)Cn+x|CppVC%h%Zztk|)_HxY-S!AVAzAU#f8o-Ur{9vR7g{vp}repQa9
zpn}~u#IZa)BiYXvCYI%E=noRh!t@3g$RCt=gA3#jO1#14>FVbM@<w{PYo@QGfxB~X
zp?k1rlCevmD=73G9Zfu)T*@8G)6-qO9rHb%90Q$;oXva<O+1SW+<aU^xiS(hEL{Bq
zO_Qp^Qi2Q3Q_OPR{c=L{43dn3v)pr?atpk396j?xq71zwa#Fo~{SzJCOG-lxll_a$
zLrT3foVf!1^aJwE3!THm3xnOw%9C?T@;$vPL-Vx5v$KNqJ<`o8E6j5BLqi-(oV5Ks
zs+{w(${oWK%M6Xus|<a!%8R&)+*}e3ivv>AO+&m39V?@J(@i{s-J+5b%gPc>!ZIQq
zLvzxSvt2FR0wbNWa*Rp}i!wt>e2r4g%+m4`GYx~e{QQc|%nd6HLsN>9EUG+A&GXzN
zeT#!a-9iI>wWCVH%oB~%+#NI1^Gy=HgHugIoFXlvLi{39!##47407|6xdIEz+zb=b
z0umjy!%h9&GIBklGAg~?EDW<u98C(`0yDJTQ=Cf^OL8ndQ!26wEGx~c5*@2T!m@IT
zoh-xiJ-A9L5{;6w3-le+eVrT~-LnF-oE)LaHpL}9Fx<&0u%g^JJE^oREX1%PEj=?L
zzr@X`+`G84G{v{dF@OtHHFyO1x;nc!x`T>K$8=XWUq=&AQciJ!l$5TZmXi~<4Cd(X
z%;gy9>X_pm6jc<GlWkg=SLCX1npkd991>=c?&=lbWRPOvlx|{_W^NXlo11Q~9iE<7
zQEKSxYiVw3=9pAeT)<W0m0?yKQW9!bl^qdeY?7FjUS{D@<rd`|7+hJEkyhp7o0935
z6OrjzlIaze6dW1sU68F^5}E8*lHr=_R*=Z$Syd2`qaSAG>#ALvXH?)DTv_U$?--C3
zQ0iP@=;vi_P~@L)lILkr6lJcT?v|IGYY=W=nN?a|6_Op5>*ABcWtQodk?kK?;TdUS
zP@I-r<`-J%=IU3JmzkBEQI?aFWfI`+mg(XaV(1nani1h-YUym^o>G}&=u@F>l3A9g
z%~g?96zNwQ>|*Ypl2c-CnH65<=U!yu9_nWq<do$XnPr$^9$*=so)qNnpBY|MnCBOk
xn_(K^=$2b<k`-o}8_MOJYh>mh?wg-c;8W%984{^&=@H-*7L^@VZi}y!1OPS{O^N^j
literal 0
HcmV?d00001
diff --git a/common/files/sudo/admin b/common/files/sudo/admin
new file mode 100644
index 0000000..56838a9
--- /dev/null
+++ b/common/files/sudo/admin
@@ -0,0 +1 @@
+%admin ALL=(ALL:ALL) ALL
diff --git a/common/files/sudo/default b/common/files/sudo/default
new file mode 100644
index 0000000..802ac1f
--- /dev/null
+++ b/common/files/sudo/default
@@ -0,0 +1 @@
+## TODO
diff --git a/common/handlers/main.yml b/common/handlers/main.yml
index e69de29..0915dfa 100644
--- a/common/handlers/main.yml
+++ b/common/handlers/main.yml
@@ -0,0 +1,14 @@
+---
+# file: roles/common/handlers/main.yml
+
+- name: restart ntpd
+ service: name=ntp state=restarted
+
+- name: restart sshd
+ service: name=ssh state=restarted
+
+- name: restart lldpd
+ service: name=lldpd state=restarted
+
+- name: restart rsyslogd
+ service: name=rsyslog state=restarted
diff --git a/common/meta/main.yml b/common/meta/main.yml
index e69de29..802ac1f 100644
--- a/common/meta/main.yml
+++ b/common/meta/main.yml
@@ -0,0 +1 @@
+## TODO
diff --git a/common/tasks/dns.yml b/common/tasks/dns.yml
index 3822416..d61504e 100644
--- a/common/tasks/dns.yml
+++ b/common/tasks/dns.yml
@@ -1,7 +1,6 @@
---
-#file: roles/common/tasks/dns.yml
+# file: roles/common/tasks/dns.yml
-- name: be sure dns is configured
+- name: ensure dns is configured
template: src=resolv.conf.j2 dest=/etc/resolv.conf owner=root group=root mode=0644
tags: dns config
-
diff --git a/common/tasks/inventory.yml b/common/tasks/inventory.yml
deleted file mode 100644
index a1ffa4f..0000000
--- a/common/tasks/inventory.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-#file: roles/common/tasks/inventory.yml
-
-- name: be sure facter is installed
- apt: pkg=facter state=latest
- tags: inventory packages
diff --git a/common/tasks/logging.yml b/common/tasks/logging.yml
index 6b873b6..e4a7795 100644
--- a/common/tasks/logging.yml
+++ b/common/tasks/logging.yml
@@ -1,8 +1,13 @@
---
-#file: roles/common/task/logging.yml
+# file: roles/common/task/logging.yml
-- name: be sure that central logging works
- copy: src=rsyslog_client.conf dest=/etc/rsyslog.conf owner=root group=root mode=0644
+- name: ensure rsyslog is running and enabled
+ service: name=rsyslog state=running enabled=yes
+ tags: syslog service
+
+- name: ensure that central logging works
+ template: src=rsyslog.conf.j2 dest=/etc/rsyslog.conf owner=root group=root mode=0644
when: ansible_fqdn != "rumo.fsmpi.rwth-aachen.de"
- notify: restart rsyslogd
+ notify:
+ - restart rsyslogd
tags: syslog config
diff --git a/common/tasks/main.yml b/common/tasks/main.yml
index e69de29..743bf5c 100644
--- a/common/tasks/main.yml
+++ b/common/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+# file: roles/common/tasks/main.yml
+
+tasks:
+ - include: dns.yml
+ - include: ssl.yml
+ - include: sshd.yml
+ - include: sudo.yml
+ - include: logging.yml
+ - include: ntpd.yml
+ - include: shell.yml
+ - include: software.yml
diff --git a/common/tasks/ntpd.yml b/common/tasks/ntpd.yml
index ae56c94..e14e0df 100644
--- a/common/tasks/ntpd.yml
+++ b/common/tasks/ntpd.yml
@@ -1,18 +1,16 @@
---
# file: roles/common/tasks/ntp.yml
-# ntpd
-- name: be sure ntpd is installed
+
+- name: ensure ntpd is installed
apt: pkg=ntp state=latest
tags: ntpd packages
-- name: be sure ntpd configured
+- name: ensure ntpd configured
template: src=ntp.conf.j2 dest=/etc/ntp.conf
notify:
- restart ntpd
tags: ntpd config
-- name: be sure ntpd is running and enabled
+- name: ensure ntpd is running and enabled
service: name=ntpd state=running enabled=yes
tags: ntpd service
-
-
diff --git a/common/tasks/shell.yml b/common/tasks/shell.yml
new file mode 100644
index 0000000..379eb16
--- /dev/null
+++ b/common/tasks/shell.yml
@@ -0,0 +1,44 @@
+---
+# file: roles/common/tasks/shell.yml
+
+- name: ensure installation of basic shell commands
+ apt: state=latest name={{ item }}
+ with_items:
+ - git
+ - vim
+ - vim-scripts
+ - vim-addon-manager
+ - zsh
+ tags: packages shell
+
+- name: ensure zsh-grml is available
+ get_url: src=http://git.grml.org/f/grml-etc-core/etc/zsh/zshrc dest=/etc/zsh/zshrc owner=root group=root mode=0644
+ tags: config shell
+
+- name: ensure zsh-grml is the default
+ get_url: src=http://git.grml.org/f/grml-etc-core/etc/skel/.zshrc dest=/etc/skel/.zshrc owner=root group=root mode=0640
+ tags: config shell
+
+- name: ensure deployment of greeter
+ copy: src=fsmpi/motd dest=/etc/motd owner=root group=root mode=0644
+ tags: config shell fsmpi
+
+- name: ensure deployment of issue.net
+ copy: src=fsmpi/issue.net dest=/etc/issue.net owner=root group=root mode=0644
+ tags: config shell fsmpi
+
+- name: ensure deployment of a fancy bashrc for root
+ copy: src=root/bashrc dest=/root/.bashrc owner=root group=root mode=0640
+ tags: config shell root
+
+- name: ensure deployment of a fancy vimrc for root
+ copy: src=root/vimrc dest=/root/.vimrc owner=root group=root mode=0640
+ tags: config shell root
+
+- name: ensure deployment of a fancy gitconfig for root
+ copy: src=root/gitconfig dest=/root/.gitconfig owner=root group=root mode=0640
+ tags: config shell root
+
+- name: ensure a properly configured root account
+ user: name=root shell=/bin/zsh
+ tags: config shell root
diff --git a/common/tasks/software.yml b/common/tasks/software.yml
index 4b69e36..675e9b3 100644
--- a/common/tasks/software.yml
+++ b/common/tasks/software.yml
@@ -1,15 +1,10 @@
---
# file: roles/common/tasks/software.yml
-- name: essential software
+- name: ensure installaton of some essential software
apt: state=latest name={{ item }}
with_items:
- - git
- rsync
- - vim
- - vim-scripts
- - vim-addon-manager
- - zsh
- screen
- sysstat
- tcpdump
@@ -19,26 +14,26 @@
- htop
tags: packages shell
-- name: be sure zsh-grml is available
- get_url: src=http://git.grml.org/f/grml-etc-core/etc/zsh/zshrc dest=/etc/zsh/zshrc owner=root group=root mode=0644
- tags: config shell
+- name: ensure facter is installed
+ apt: name=facter state=latest
+ tags: inventory packages
-- name: be sure zsh-grml is the default
- get_url: src=http://git.grml.org/f/grml-etc-core/etc/skel/.zshrc dest=/etc/skel/.zshrc
- tags: config shell
-
-- name: be sure lldpd is installed
+- name: ensure lldpd is installed
apt: state=latest name=lldpd
tags: lldpd packages
-- name: be sure lldpd is configured
+- name: ensure lldpd is configured
copy: src=lldpd dest=/etc/default/lldpd owner=root group=root mode=0644
notify:
- restart lldpd
tags: lldpd config
+- name: ensure lldpd is enabled and running
+ service: name=lldpd state=running enabled=yes
+ tags: lldpd service
+
- name: remove unused packages
- shell: apt-get autoremove -y
+ command: apt-get autoremove -y
tags: packages clean
- name: update apt cache and upgrade existing packages
diff --git a/common/tasks/sshd.yml b/common/tasks/sshd.yml
index 938331a..5c37745 100644
--- a/common/tasks/sshd.yml
+++ b/common/tasks/sshd.yml
@@ -1,21 +1,21 @@
---
# file: roles/common/tasks/sshd.yml
-# sshd
-- name: be sure sshd is installed
+
+- name: ensure sshd is installed
apt: pkg=openssh-server state=latest
tags: sshd packages
-- name: be sure sshd configured
+- name: ensure sshd configured
template: src=sshd_config.j2 dest=/etc/ssh/sshd_config
notify:
- restart sshd
tags: sshd config
-- name: be sure sshd is running and enabled
+- name: ensure sshd is running and enabled
service: name=ssh state=running enabled=yes
tags: sshd service
-- name: be sure every ssh-key is installed
+- name: ensure every ssh-key is installed
authorized_key: user=root key="{{ item }}"
with_file:
- keys/patrick.pub
@@ -29,6 +29,3 @@
- keys/lars.pub
- keys/konstantin.pub
tags: sshd
-
-
-
diff --git a/common/tasks/ssl.yml b/common/tasks/ssl.yml
index 1b3d815..c164be1 100644
--- a/common/tasks/ssl.yml
+++ b/common/tasks/ssl.yml
@@ -1,8 +1,6 @@
---
-# file:roles/common/tasks/ssl.yml
+# file: roles/common/tasks/ssl.yml
-- name: be sure RWTH CA Chain is installed
+- name: ensure RWTH CA Chain is installed
copy: src=rwth_chain.pem dest=/etc/ssl/certs/rwth_chain.pem owner=root group=root mode=0644
tags: ssl rwthCA
-
-
diff --git a/common/tasks/sudo.yml b/common/tasks/sudo.yml
index 687b8cd..9a7ee2f 100644
--- a/common/tasks/sudo.yml
+++ b/common/tasks/sudo.yml
@@ -1,16 +1,19 @@
---
# file: roles/common/tasks/sudo.yml
-- name: be sure sudo is installed
+- name: ensure sudo is installed
apt: state=latest pkg=sudo
tags: sudo packages
-- name: be sure users of group admins are in the sudoers
- copy: src=sudo_default dest=/etc/sudoers.d/group_admins owner=root group=root mode=0440
+- name: ensure we got a sane sudo config
+ copy: src=sudo/default dest=/etc/sudoers owner=root group=root mode=0440
+ tags: sudo config
+
+## TODO place this one in ad-auth
+- name: ensure users of group admin are in the sudoers
+ copy: src=sudo/admin dest=/etc/sudoers.d/admin owner=root group=root mode=0440
tags: sudo config
- name: check whole sudo config
- shell: visudo -q -c -f /etc/sudoers
+ command: visudo -q -c -f /etc/sudoers
tags: sudo test
-
-
diff --git a/common/templates/ntp.conf.j2 b/common/templates/ntp.conf.j2
new file mode 100644
index 0000000..1ea2f97
--- /dev/null
+++ b/common/templates/ntp.conf.j2
@@ -0,0 +1,16 @@
+driftfile /var/lib/ntp/ntp.drift
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
+restrict 127.0.0.1
+restrict ::1
+
+{% for server in ntpservers %}
+ server {{ server }} iburst
+{% endfor %}
diff --git a/common/templates/resolv.conf.j2 b/common/templates/resolv.conf.j2
new file mode 100644
index 0000000..14ed062
--- /dev/null
+++ b/common/templates/resolv.conf.j2
@@ -0,0 +1,5 @@
+## TODO
+domain fsmpi.rwth-aachen.de
+search fsmpi.rwth-aachen.de
+nameserver 134.130.5.1
+nameserver 134.130.4.1
diff --git a/common/templates/rsyslog.conf.j2 b/common/templates/rsyslog.conf.j2
new file mode 100644
index 0000000..c05785f
--- /dev/null
+++ b/common/templates/rsyslog.conf.j2
@@ -0,0 +1,118 @@
+## TODO
+$ModLoad imuxsock # provides support for local system logging
+$ModLoad imklog # provides kernel logging support
+#$ModLoad immark # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#$ModLoad imudp
+#$UDPServerRun 514
+
+# provides TCP syslog reception
+#$ModLoad imtcp
+#$InputTCPServerRun 514
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+$ActionQueueType LinkedList # use asynchronous processing
+$ActionQueueFileName srvrfwd # set file name, also enables disk mode
+$ActionResumeRetryCount -1 # infinite retries on insert failure
+$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
+*.* @@rumo.fsmpi.rwth-aachen.de:514
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files. Log by facility.
+#
+auth,authpriv.* /var/log/auth.log
+*.*;auth,authpriv.none -/var/log/syslog
+#cron.* /var/log/cron.log
+daemon.* -/var/log/daemon.log
+kern.* -/var/log/kern.log
+lpr.* -/var/log/lpr.log
+mail.* -/var/log/mail.log
+user.* -/var/log/user.log
+
+#
+# Logging for the mail system. Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info -/var/log/mail.info
+mail.warn -/var/log/mail.warn
+mail.err /var/log/mail.err
+
+#
+# Logging for INN news system.
+#
+news.crit /var/log/news/news.crit
+news.err /var/log/news/news.err
+news.notice -/var/log/news/news.notice
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+ auth,authpriv.none;\
+ news.none;mail.none -/var/log/debug
+*.=info;*.=notice;*.=warn;\
+ auth,authpriv.none;\
+ cron,daemon.none;\
+ mail,news.none -/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg :omusrmsg:*
+
+#
+# I like to have messages displayed on the console, but only on a virtual
+# console I usually leave idle.
+#
+#daemon,mail.*;\
+# news.=crit;news.=err;news.=notice;\
+# *.=debug;*.=info;\
+# *.=notice;*.=warn /dev/tty8
+
+# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
+# you must invoke `xconsole' with the `-file' option:
+#
+# $ xconsole -file /dev/xconsole [...]
+#
+# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
+# busy site..
+#
+daemon.*;mail.*;\
+ news.err;\
+ *.=debug;*.=info;\
+ *.=notice;*.=warn |/dev/xconsole
diff --git a/common/templates/sshd_config.j2 b/common/templates/sshd_config.j2
new file mode 100644
index 0000000..802ac1f
--- /dev/null
+++ b/common/templates/sshd_config.j2
@@ -0,0 +1 @@
+## TODO
diff --git a/common/vars/main.yml b/common/vars/main.yml
index e69de29..802ac1f 100644
--- a/common/vars/main.yml
+++ b/common/vars/main.yml
@@ -0,0 +1 @@
+## TODO
--
GitLab