fedora: align with debian role

author: Emil Renner Berthing <esmil@labitat.dk> 2018-10-06 22:56:32 +0200
committer: Emil Renner Berthing <esmil@labitat.dk> 2018-11-11 11:24:34 +0100
commit: 2df419d71028a4f699a98d897439b89e15f4e72a (patch)
tree: 0917b0f6582bf26d4eecb029a0660834e4adef2e /roles
parent: 18a6c64179d45e94466f0598a49ea34fe23fe3eb (diff)
download: labitat-ansible-2df419d71028a4f699a98d897439b89e15f4e72a.tar.gz
labitat-ansible-2df419d71028a4f699a98d897439b89e15f4e72a.tar.xz
labitat-ansible-2df419d71028a4f699a98d897439b89e15f4e72a.zip
16 files changed, 186 insertions, 76 deletions
diff --git a/roles/fedora/defaults/main.yml b/roles/fedora/defaults/main.yml
index 4304fa0..41944d9 100644
--- a/roles/fedora/defaults/main.yml
+++ b/roles/fedora/defaults/main.yml
@@ -1,4 +1,28 @@
 ---
+use_resolved: true
+use_networkd: true
+use_timesyncd: true
+
+locale:
+  default:
+    LANG: 'en_US.UTF-8'
+
+systemd_conf: {}
+journald_conf: {}
+logind_conf: {}
+resolved_conf: {}
+timesyncd_conf: {}
+
+dnf_packages:
+  'glibc-langpack-en': present
+  'initscripts': present
+  'hostname': present
+  'dnf': present
+  'passwd': present
+  'vim-enhanced': present
+  'dnf-command(leaves)': present
+  'python-unversioned-command': present
+
 sudo_group: 'wheel'
 
 # vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/handlers/main.yml b/roles/fedora/handlers/main.yml
new file mode 100644
index 0000000..895bad8
--- /dev/null
+++ b/roles/fedora/handlers/main.yml
@@ -0,0 +1,14 @@
+---
+- name: restart resolved
+  systemd:
+    name: systemd-resolved.service
+    state: restarted
+  when: not chroot
+
+- name: restart timesyncd
+  systemd:
+    name: systemd-timesyncd.service
+    state: restarted
+  when: not chroot
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/tasks/hosts.yml b/roles/fedora/tasks/hosts.yml
new file mode 100644
index 0000000..46299d6
--- /dev/null
+++ b/roles/fedora/tasks/hosts.yml
@@ -0,0 +1,10 @@
+---
+- name: Configure /etc/hosts
+  template:
+    dest: '/etc/hosts'
+    src: hosts.j2
+    owner: root
+    group: root
+    mode: 0644
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/tasks/locale.yml b/roles/fedora/tasks/locale.yml
index a96d6ba..813abe7 100644
--- a/roles/fedora/tasks/locale.yml
+++ b/roles/fedora/tasks/locale.yml
@@ -1,5 +1,5 @@
 ---
-- name: Setting default locales
+- name: Setting default locale
   template:
     dest: '/etc/locale.conf'
     src: locale.conf.j2
diff --git a/roles/fedora/tasks/main.yml b/roles/fedora/tasks/main.yml
index 2e163a4..4492df5 100644
--- a/roles/fedora/tasks/main.yml
+++ b/roles/fedora/tasks/main.yml
@@ -1,6 +1,8 @@
 ---
 - import_tasks: dnf.yml
   tags: dnf
+- import_tasks: hosts.yml
+  tags: hosts
 - import_tasks: timezone.yml
   when: timezone is defined
   tags: timezone
@@ -10,5 +12,13 @@
 - import_tasks: hostname.yml
   when: hostname is defined
   tags: hostname
+- import_tasks: systemd.yml
+  tags: systemd
+- import_tasks: resolved.yml
+  tags: resolved
+- import_tasks: networkd.yml
+  tags: networkd
+- import_tasks: timesyncd.yml
+  tags: timesyncd
 
 # vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/tasks/networkd.yml b/roles/fedora/tasks/networkd.yml
new file mode 100644
index 0000000..de38fa4
--- /dev/null
+++ b/roles/fedora/tasks/networkd.yml
@@ -0,0 +1,15 @@
+---
+- name: Enable/disable systemd-networkd
+  systemd:
+    name: systemd-networkd.service
+    enabled: "{{ use_networkd|ternary('yes','no') }}"
+    masked:  "{{ use_networkd|ternary('no',omit) }}"
+    # let the current network daemons run undisturbed until reboot
+    # aka. don't cut the pipe we're connected through
+    #state:  "{{ use_networkd|ternary('started','stopped') }}"
+  when: not chroot
+- name: '- when in chroot'
+  command: "systemctl {{ use_networkd|ternary('enable','disable') }} systemd-networkd.service"
+  when: chroot
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/tasks/resolved.yml b/roles/fedora/tasks/resolved.yml
new file mode 100644
index 0000000..263f93d
--- /dev/null
+++ b/roles/fedora/tasks/resolved.yml
@@ -0,0 +1,39 @@
+---
+- name: Configure systemd-resolved
+  ini_file:
+    path: '/etc/systemd/resolved.conf'
+    no_extra_spaces: yes
+    section: "{{ item.key.split('.',1)[0] }}"
+    option:  "{{ item.key.split('.',1)[1] }}"
+    value:   "{{ item.value|ternary(item.value,omit) }}"
+    state:   "{{ item.value|ternary('present','absent') }}"
+  with_dict: '{{ resolved_conf }}'
+  when: use_resolved
+  notify: restart resolved
+
+- name: Enable/disable systemd-resolved
+  systemd:
+    name: systemd-resolved.service
+    enabled: "{{ use_resolved|ternary('yes','no') }}"
+    masked: no
+    state: "{{ use_resolved|ternary('started','stopped') }}"
+  when: not chroot
+- name: '- when in chroot'
+  command: 'systemctl {{ use_resolved|ternary("enable","disable") }} systemd-resolved.service'
+  when: chroot
+
+- name: Symlink /etc/resolv.conf
+  file:
+    path: '/etc/resolv.conf'
+    src: '/run/systemd/resolve/resolv.conf'
+    state: link
+    force: yes
+  when: use_resolved
+- name: Use myhostname and possibly resolved nss plugins
+  lineinfile:
+    path: /etc/nsswitch.conf
+    regexp: '^hosts:'
+    line: 'hosts:          files resolve [!UNAVAIL=return] dns myhostname'
+  when: use_resolved
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/tasks/systemd.yml b/roles/fedora/tasks/systemd.yml
new file mode 100644
index 0000000..56a5898
--- /dev/null
+++ b/roles/fedora/tasks/systemd.yml
@@ -0,0 +1,32 @@
+---
+- name: Configure systemd system.conf
+  ini_file:
+    path: '/etc/systemd/system.conf'
+    no_extra_spaces: yes
+    section: "{{ item.key.split('.',1)[0] }}"
+    option:  "{{ item.key.split('.',1)[1] }}"
+    value:   "{{ item.value|ternary(item.value,omit) }}"
+    state:   "{{ item.value|ternary('present','absent') }}"
+  with_dict: '{{ systemd_conf }}'
+
+- name: Configure journald.conf
+  ini_file:
+    path: '/etc/systemd/journald.conf'
+    no_extra_spaces: yes
+    section: "{{ item.key.split('.',1)[0] }}"
+    option:  "{{ item.key.split('.',1)[1] }}"
+    value:   "{{ item.value|ternary(item.value,omit) }}"
+    state:   "{{ item.value|ternary('present','absent') }}"
+  with_dict: '{{ journald_conf }}'
+
+- name: Configure logind.conf
+  ini_file:
+    path: '/etc/systemd/logind.conf'
+    no_extra_spaces: yes
+    section: "{{ item.key.split('.',1)[0] }}"
+    option:  "{{ item.key.split('.',1)[1] }}"
+    value:   "{{ item.value|ternary(item.value,omit) }}"
+    state:   "{{ item.value|ternary('present','absent') }}"
+  with_dict: '{{ logind_conf }}'
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/tasks/timesyncd.yml b/roles/fedora/tasks/timesyncd.yml
new file mode 100644
index 0000000..63949fc
--- /dev/null
+++ b/roles/fedora/tasks/timesyncd.yml
@@ -0,0 +1,25 @@
+---
+- name: Configure systemd-timesyncd
+  ini_file:
+    path: '/etc/systemd/timesyncd.conf'
+    no_extra_spaces: yes
+    section: "{{ item.key.split('.',1)[0] }}"
+    option:  "{{ item.key.split('.',1)[1] }}"
+    value:   "{{ item.value|ternary(item.value,omit) }}"
+    state:   "{{ item.value|ternary('present','absent') }}"
+  with_dict: '{{ timesyncd_conf }}'
+  when: use_timesyncd
+  notify: restart timesyncd
+
+- name: Enable systemd-timesyncd
+  systemd:
+    name: systemd-timesyncd.service
+    enabled: "{{ use_timesyncd|ternary('yes','no') }}"
+    masked: no
+    state: "{{ use_timesyncd|ternary('started','stopped') }}"
+  when: not chroot
+- name: '- when in chroot'
+  command: systemctl enable systemd-timesyncd.service
+  when: chroot
+
+# vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/tasks/timezone.yml b/roles/fedora/tasks/timezone.yml
index 90c2344..a917dd4 100644
--- a/roles/fedora/tasks/timezone.yml
+++ b/roles/fedora/tasks/timezone.yml
@@ -1,9 +1,14 @@
 ---
-- name: Create /etc/localtime
+- name: Configure timezone
+  timezone:
+    name: '{{ timezone }}'
+  when: not chroot
+- name: '- when in chroot'
   file:
     path: '/etc/localtime'
     src: '../usr/share/zoneinfo/{{ timezone }}'
     state: link
     force: yes
+  when: chroot
 
 # vim: set ts=2 sw=2 et:
diff --git a/roles/fedora/templates/hosts.j2 b/roles/fedora/templates/hosts.j2
new file mode 100644
index 0000000..695442d
--- /dev/null
+++ b/roles/fedora/templates/hosts.j2
@@ -0,0 +1,8 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+{% if hosts is defined %}
+
+{% for addr, names in hosts %}
+{{ addr }} {{ names|join(' ') }}
+{% endfor %}
+{% endif %}
diff --git a/roles/space_server/tasks/main.yml b/roles/space_server/tasks/main.yml
index 294d655..ba6e8ca 100644
--- a/roles/space_server/tasks/main.yml
+++ b/roles/space_server/tasks/main.yml
@@ -15,10 +15,6 @@
   tags: kernel
 - import_tasks: gettys.yml
   tags: gettys
-- import_tasks: timesyncd.yml
-  tags: timesyncd
-- import_tasks: resolved.yml
-  tags: resolved
 - import_tasks: networkd.yml
   tags: networkd
 - import_tasks: nftables.yml
diff --git a/roles/space_server/tasks/networkd.yml b/roles/space_server/tasks/networkd.yml
index 6b0ff48..0059ed6 100644
--- a/roles/space_server/tasks/networkd.yml
+++ b/roles/space_server/tasks/networkd.yml
@@ -44,17 +44,4 @@
     group: root
     mode: 0644
 
-- name: Enable systemd-networkd
-  systemd:
-    name: systemd-networkd.service
-    enabled: yes
-    masked: no
-    state: started
-  when: not chroot
-- name: '- when in chroot'
-  command: systemctl enable systemd-networkd.service
-  args:
-    creates: '/etc/systemd/system/multi-user.target.wants/systemd-networkd.service'
-  when: chroot
-
 # vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/tasks/resolved.yml b/roles/space_server/tasks/resolved.yml
deleted file mode 100644
index 1bbae10..0000000
--- a/roles/space_server/tasks/resolved.yml
+++ /dev/null
@@ -1,34 +0,0 @@
----
-#- name: Enable systemd-resolved
-#  systemd:
-#    name: systemd-resolved.service
-#    enabled: yes
-#    masked: no
-#    state: started
-#  when: not chroot
-#- name: '- when in chroot'
-#  command: systemctl enable systemd-resolved.service
-#  args:
-#    creates: '/etc/systemd/system/multi-user.target.wants/systemd-resolved.service'
-#  when: chroot
-#
-#- name: Use systemd-resolved
-#  lineinfile:
-#    path: '/etc/nsswitch.conf'
-#    regexp: '^hosts:'
-#    line: 'hosts: files resolve [!UNAVAIL=return] dns myhostname'
-
-- name: Disable systemd-resolved
-  systemd:
-    name: systemd-resolved.service
-    enabled: no
-    masked: no
-    state: stopped
-  when: not chroot
-- name: '- when in chroot'
-  command: systemctl disable systemd-resolved.service
-  args:
-    removes: '/etc/systemd/system/multi-user.target.wants/systemd-resolved.service'
-  when: chroot
-
-# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/tasks/timesyncd.yml b/roles/space_server/tasks/timesyncd.yml
deleted file mode 100644
index 3217889..0000000
--- a/roles/space_server/tasks/timesyncd.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: Enable systemd-timesyncd
-  systemd:
-    name: systemd-timesyncd.service
-    enabled: yes
-    masked: no
-    state: started
-  when: not chroot
-- name: '- when in chroot'
-  command: systemctl enable systemd-timesyncd.service
-  args:
-    creates: '/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service'
-  when: chroot
-
-# vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/vars/main.yml b/roles/space_server/vars/main.yml
index 0778f2e..d1e0918 100644
--- a/roles/space_server/vars/main.yml
+++ b/roles/space_server/vars/main.yml
@@ -1,6 +1,8 @@
 ---
 hostname: 'space'
 
+use_resolved: false
+
 locale:
   default:
     LANG: 'da_DK.UTF-8'
@@ -14,23 +16,15 @@ dnf_conf:
 
 dnf_packages:
   'glibc-langpack-da': present
-  'glibc-langpack-en': present
-  'initscripts': present
-  'hostname': present
   'iproute': present
   'dosfstools': present
   'btrfs-progs': present
-  'dnf': present
-  'dnf-command(leaves)': present
-  'python-unversioned-command': present
   'ansible': present
   'python3-netaddr': present # for dhcpd template
-  'vim-enhanced': present
   'git': present
   'diffutils': present
   'htop': present
   'man-db': present
-  'passwd': present
   'syslinux': present
   'systemd-container': present
author	Emil Renner Berthing <esmil@labitat.dk>	2018-10-06 22:56:32 +0200
committer	Emil Renner Berthing <esmil@labitat.dk>	2018-11-11 11:24:34 +0100
commit	2df419d71028a4f699a98d897439b89e15f4e72a (patch)
tree	0917b0f6582bf26d4eecb029a0660834e4adef2e /roles
parent	18a6c64179d45e94466f0598a49ea34fe23fe3eb (diff)
download	labitat-ansible-2df419d71028a4f699a98d897439b89e15f4e72a.tar.gz labitat-ansible-2df419d71028a4f699a98d897439b89e15f4e72a.tar.xz labitat-ansible-2df419d71028a4f699a98d897439b89e15f4e72a.zip