easylinux/proxmox-packer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: reworked most of the ansible playbooks and roles

Browse Source
This commit is contained in:
AJ Schroeder
2024-06-29 10:26:52 -05:00
parent 0eadf8fba9
commit b885f907db
22 changed files with 524 additions and 365 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
ansible/roles/clean/tasks/debian.yml
View File

@@ -1,81 +1,93 @@
---
# Tasks for setting custom facts.
- name: "Setting custom facts."
set_fact:
enable_cloudinit: "{{ enable_cloudinit | default('false') }}"
- name: Remove audit log files
ansible.builtin.file:
# # Tasks for removing the cloud-init package.
# - name: "Removing the cloud-init package."
# apt:
# name: cloud-init
# state: absent
# when: ansible_distribution == 'Ubuntu' and enable_cloudinit == 'false'
# Tasks to clean the audit logs.
- name: "Cleaning the audit logs."
file:
path: "{{ item }}"
state: absent
loop:
- "/var/log/audit/audit.log"
- "/var/log/wtmp"
- "/var/log/lastlog"
- /var/log/audit/audit.log
- /var/log/auth.log
- /var/log/btmp
- /var/log/dpkg.log
- /var/log/faillog
- /var/log/kern.log
- /var/log/lastlog
- /var/log/syslog
- /var/log/wtmp
- name: Check to see if the /var/log/audit directory exists
ansible.builtin.stat:
path: "/var/log/audit"
register: audit_directory
- name: Ensure /var/log/audit directory exists
ansible.builtin.file:
path: /var/log/audit
state: directory
mode: "0750"
owner: root
group: adm
when: audit_directory.stat.exists
- name: Ensure /var/log/audit/audit.log exists
ansible.builtin.file:
path: /var/log/audit/audit.log
state: touch
mode: "0640"
owner: root
group: adm
when: audit_directory.stat.exists
- name: Ensure wtmp and lastlog exist with the correct permissions
ansible.builtin.copy:
dest: "{{ item }}"
content: ""
mode: "0664"
owner: root
group: utmp
loop:
- "/var/log/wtmp"
- "/var/log/lastlog"
- name: Cleaning persistent udev rules
ansible.builtin.file:
# Tasks to clean the persistent udev rules.
- name: "Cleaning persistent udev rules."
file:
path: /etc/udev/rules.d/70-persistent-net.rules
state: absent
- name: "Cleaning the /tmp directories"
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- "/tmp/*"
- "/var/tmp/*"
# Tasks to find the /tmp directories.
- name: "Finding the /tmp directories."
find:
paths:
- /tmp
- /var/tmp
file_type: any
register: find_tmp_directories
# Tasks to clean the /tmp directories.
- name: "Cleaning the /tmp directories."
file:
path: "{{ item.path }}"
state: absent
loop: "{{ find_tmp_directories.files }}"
loop_control:
label: "{{ item.path }}"
# Tasks to find the SSH host keys.
- name: "Finding the SSH host keys."
find:
paths: /etc/ssh
patterns: 'ssh_host_*'
register: find_ssh_host_keys
# Tasks to clean the SSH host keys.
- name: "Cleaning the SSH host keys."
shell: |
rm -f /etc/ssh/ssh_host_*
- name: remove /etc/machine-id
file:
path: /etc/machine-id
path: "{{ item.path }}"
state: absent
loop: "{{ find_ssh_host_keys.files }}"
loop_control:
label: "{{ item.path }}"
- name: remove /var/lib/dbus/machine-id
file:
path: /var/lib/dbus/machine-id
state: absent
# Tasks to clean the machine-id.
- name: "Cleaning the machine-id."
block:
- name: "Emptying the /etc/machine-id."
community.general.filesize:
path: /etc/machine-id
size: 0
- name: "Removing /var/lib/dbus/machine-id."
file:
path: /var/lib/dbus/machine-id
state: absent
- name: "Creating a symbolic link to /etc/machine-id."
file:
src: /etc/machine-id
dest: /var/lib/dbus/machine-id
state: link
- name: generate new machine-id
command: systemd-machine-id-setup
- name: Cleaning the shell history
shell: |
unset HISTFILE
history -cw
echo > ~/.bash_history
rm -fr /root/.bash_history
# Tasks to clean the shell history.
- name: "Cleaning the shell history."
block:
- name: "Cleaning the shell history."
file:
path: "{{ ansible_env.HOME }}/.bash_history"
state: absent