wilpig/rhel-public.yml

## rhel-public.yml
- hosts: all
  gather_facts: yes
  vars:
    ad_user: samiam
    ad_pass: samspassword

  tasks:
    - name: Copy EPEL8 GPG Key
      copy:
        src: 'files/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8'
        dest: '/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8'
        mode: '0400'
        owner: root
        group: root

    - block:
        - name: Check for EPEL pubkey
          shell: /bin/rpm --quiet -q gpg-pubkey-2f86d6a1-5cf7cefb
          args:
            warn: no
          check_mode: no
          register: epel
          changed_when: false
          failed_when: epel.rc > 0
      rescue:
        - name: Install EPEL8 GPG Key
          shell: /bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
          args:
            warn: no

    - name: Install EPEL
      package:
        name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

    - name: Install necessary packages for timesync
      package:
        name: ['chrony']

    - name: Enable time sync
      service:
        name: chronyd
        state: started
        enabled: yes

    - name: Set timezone to America/Chicago
      timezone:
        name: America/Chicago

    - name: Install necessary packages for windbind
      package:
        name: ['samba','samba-client','samba-winbind','samba-winbind-clients','oddjob','authselect-compat']
      register: winbind

    - name: Disable SELinux
      selinux:
        state: disabled

    - name: Copy samba config
      template:
        src: files/etc/samba/smb.conf
        dest: /etc/samba/smb.conf
        owner: root
        group: root
        mode: '0644'

    - name: register system with ad
      shell: |
        net time set -S adpig.ad.wilpig.org
        net ads join -U {{ad_user}}%{{ad_pass}} -S adpig.ad.wilpig.org --no-dns-updates
        echo '{{ad_pass}}' | kinit {{ad_user}}@AD.WILPIG.ORG
        authselect select winbind --force
        authconfig --enablemkhomedir --update
      when: winbind.changed

    - name: stop winbind
      service:
        name: winbind
        state: stopped
      when: winbind.changed

    - name: restart samba
      service:
        name: smb
        state: restarted
        enabled: yes
      when: winbind.changed

    - name: start winbind
      service:
        name: winbind
        state: started
        enabled: yes
      when: winbind.changed

    #  - name: Update nsswitch.cnf
    #    replace:
    #      path: /etc/nsswitch.conf
    #      regexp: '{{ item.regexp }}'
    #      replace:   '{{ item.line }}'
    #    loop:
    #      - { regexp: '^passwd:.*', line: 'passwd:         compat systemd winbind' }
    #      - { regexp: '^group:.*',  line: 'group:          compat systemd winbind' }
    #      - { regexp: 'shadow:.*',  line: 'shadow:         compat winbind' }

    - name: Install necessary packages for sending mail
      package:
        name: ['postfix']
        state: present

    - name: Set mail relay
      lineinfile:
        path: /etc/postfix/main.cf
        regexp: '{{ item.regexp }}'
        line:   '{{ item.line }}'
      loop:
        - { regexp: '^relayhost.*', line: 'relayhost = hosting.private.wilpig.org' }
        - { regexp: '^myhostname.*', line: 'myhostname = {{inventory_hostname}}' }
        - { regexp: '^mydestination.*', line: 'mydestination = $myhostname, {{inventory_hostname}}, localhost.private.wilpig.org, localhost' }

    - name: Send root mail to me
      lineinfile:
        path: /etc/aliases
        regexp: '^root\:.*'
        line: 'root:        wilbur@wilpig.org'
      register: aliases

    - name: Run newaliases
      command: newaliases
      when: aliases.changed

    - name: enable sudo usage
      lineinfile:
        path: /etc/sudoers.d/pig
        create: yes
        regexp: '^wilbur.*'
        line:   'wilbur        ALL=(ALL)       ALL'

    - name: Get a list of files in network-scripts directory
      find:
        path: /etc/sysconfig/network-scripts
        excludes: 'ifdown*,ifup*,network*,init*,route*'
      register: scripts

    - set_fact:
        files: '{{ scripts.files | map(attribute="path") | list | join(" ") }}'
      when: scripts.files is defined

    - block:
        - name: Set no peerdns to keep ifup-post from rebuilding /etc/resolv.conf
          lineinfile:
            path: '/etc/sysconfig/network-scripts/ifcfg-{{ item }}'
            regexp: '^PEERDNS=.*'
            line: PEERDNS=no
          loop: '{{ ansible_facts.interfaces }}'
          when: '(item != "lo") and
                 (item in files) and
                 ("_" not in item)' # vnics are causing parsing issues
      when: '(ansible_facts.interfaces is defined) and
             (files is defined)'

    - name: Disable networkmanager and resolv.conf
      ini_file:
        path: /etc/NetworkManager/NetworkManager.conf
        section: Resolve
        option: '{{ item.option }}'
        value: '{{ item.value }}'
      register: resolve
      loop:
        - { option: 'dns',             value: 'none' }

    - name: Update resolv.conf
      copy:
        dest: /etc/resolv.conf
        content: |
           search private.wilpig.org wilpig.org
           nameserver 10.0.0.253
           nameserver 10.0.0.1
           nameserver 10.0.0.251

    - name: Copy dnf.conf
      copy:
        src: files/etc/dnf/dnf.conf
        dest: /etc/dnf/dnf.conf
        mode: '0400'

    - name: Install useful packages
      package:
        name: ['vim','bash-completion','nfs-utils','htop','atop','iotop','bwm-ng','sysstat','git']

    - name: Install useful packages
      package:
        name: ['perl-JSON-PP']
      when: inventory_hostname_short in ['plex']

    - block:
        - name: Install necessary packages for proxmox
          package:
            name: ['qemu-guest-agent']

        - name: Enable qemu-guest-agent
          service:
            name: qemu-guest-agent
            state: started
            enabled: yes
      when: '"qemu" in ansible_system_vendor.lower()'

    - name: Install necessary packages for snmp
      package:
        name: ['net-snmp']

    - name: Add snmp communities
      lineinfile:
        path: /etc/snmp/snmpd.conf
        regexp: '{{ item.regexp }}'
        line:   '{{ item.line }}'
      register: snmpd
      loop:
        - { regexp: '^rocommunity pig',     line: 'rocommunity pig' }
        - { regexp: '^agentAddress  udp:{{ansible_default_ipv4.address}}:161',     line: 'agentAddress  udp:{{ansible_default_ipv4.address}}:161' }

    - name: Restart snmpd
      service:
        name: snmpd
        state: restarted
        enabled: yes
      when: snmpd.changed
	- hosts: all
	gather_facts: yes
	vars:
	ad_user: samiam
	ad_pass: samspassword

	tasks:
	- name: Copy EPEL8 GPG Key
	copy:
	src: 'files/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8'
	dest: '/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8'
	mode: '0400'
	owner: root
	group: root

	- block:
	- name: Check for EPEL pubkey
	shell: /bin/rpm --quiet -q gpg-pubkey-2f86d6a1-5cf7cefb
	args:
	warn: no
	check_mode: no
	register: epel
	changed_when: false
	failed_when: epel.rc > 0
	rescue:
	- name: Install EPEL8 GPG Key
	shell: /bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
	args:
	warn: no

	- name: Install EPEL
	package:
	name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

	- name: Install necessary packages for timesync
	package:
	name: ['chrony']

	- name: Enable time sync
	service:
	name: chronyd
	state: started
	enabled: yes

	- name: Set timezone to America/Chicago
	timezone:
	name: America/Chicago

	- name: Install necessary packages for windbind
	package:
	name: ['samba','samba-client','samba-winbind','samba-winbind-clients','oddjob','authselect-compat']
	register: winbind

	- name: Disable SELinux
	selinux:
	state: disabled

	- name: Copy samba config
	template:
	src: files/etc/samba/smb.conf
	dest: /etc/samba/smb.conf
	owner: root
	group: root
	mode: '0644'

	- name: register system with ad
	shell: \|
	net time set -S adpig.ad.wilpig.org
	net ads join -U {{ad_user}}%{{ad_pass}} -S adpig.ad.wilpig.org --no-dns-updates
	echo '{{ad_pass}}' \| kinit {{ad_user}}@AD.WILPIG.ORG
	authselect select winbind --force
	authconfig --enablemkhomedir --update
	when: winbind.changed

	- name: stop winbind
	service:
	name: winbind
	state: stopped
	when: winbind.changed

	- name: restart samba
	service:
	name: smb
	state: restarted
	enabled: yes
	when: winbind.changed

	- name: start winbind
	service:
	name: winbind
	state: started
	enabled: yes
	when: winbind.changed

	# - name: Update nsswitch.cnf
	# replace:
	# path: /etc/nsswitch.conf
	# regexp: '{{ item.regexp }}'
	# replace: '{{ item.line }}'
	# loop:
	# - { regexp: '^passwd:.*', line: 'passwd: compat systemd winbind' }
	# - { regexp: '^group:.*', line: 'group: compat systemd winbind' }
	# - { regexp: 'shadow:.*', line: 'shadow: compat winbind' }

	- name: Install necessary packages for sending mail
	package:
	name: ['postfix']
	state: present

	- name: Set mail relay
	lineinfile:
	path: /etc/postfix/main.cf
	regexp: '{{ item.regexp }}'
	line: '{{ item.line }}'
	loop:
	- { regexp: '^relayhost.*', line: 'relayhost = hosting.private.wilpig.org' }
	- { regexp: '^myhostname.*', line: 'myhostname = {{inventory_hostname}}' }
	- { regexp: '^mydestination.*', line: 'mydestination = $myhostname, {{inventory_hostname}}, localhost.private.wilpig.org, localhost' }

	- name: Send root mail to me
	lineinfile:
	path: /etc/aliases
	regexp: '^root\:.*'
	line: 'root: wilbur@wilpig.org'
	register: aliases

	- name: Run newaliases
	command: newaliases
	when: aliases.changed

	- name: enable sudo usage
	lineinfile:
	path: /etc/sudoers.d/pig
	create: yes
	regexp: '^wilbur.*'
	line: 'wilbur ALL=(ALL) ALL'

	- name: Get a list of files in network-scripts directory
	find:
	path: /etc/sysconfig/network-scripts
	excludes: 'ifdown,ifup,network,init,route*'
	register: scripts

	- set_fact:
	files: '{{ scripts.files \| map(attribute="path") \| list \| join(" ") }}'
	when: scripts.files is defined

	- block:
	- name: Set no peerdns to keep ifup-post from rebuilding /etc/resolv.conf
	lineinfile:
	path: '/etc/sysconfig/network-scripts/ifcfg-{{ item }}'
	regexp: '^PEERDNS=.*'
	line: PEERDNS=no
	loop: '{{ ansible_facts.interfaces }}'
	when: '(item != "lo") and
	(item in files) and
	("_" not in item)' # vnics are causing parsing issues
	when: '(ansible_facts.interfaces is defined) and
	(files is defined)'

	- name: Disable networkmanager and resolv.conf
	ini_file:
	path: /etc/NetworkManager/NetworkManager.conf
	section: Resolve
	option: '{{ item.option }}'
	value: '{{ item.value }}'
	register: resolve
	loop:
	- { option: 'dns', value: 'none' }

	- name: Update resolv.conf
	copy:
	dest: /etc/resolv.conf
	content: \|
	search private.wilpig.org wilpig.org
	nameserver 10.0.0.253
	nameserver 10.0.0.1
	nameserver 10.0.0.251

	- name: Copy dnf.conf
	copy:
	src: files/etc/dnf/dnf.conf
	dest: /etc/dnf/dnf.conf
	mode: '0400'

	- name: Install useful packages
	package:
	name: ['vim','bash-completion','nfs-utils','htop','atop','iotop','bwm-ng','sysstat','git']

	- name: Install useful packages
	package:
	name: ['perl-JSON-PP']
	when: inventory_hostname_short in ['plex']

	- block:
	- name: Install necessary packages for proxmox
	package:
	name: ['qemu-guest-agent']

	- name: Enable qemu-guest-agent
	service:
	name: qemu-guest-agent
	state: started
	enabled: yes
	when: '"qemu" in ansible_system_vendor.lower()'

	- name: Install necessary packages for snmp
	package:
	name: ['net-snmp']

	- name: Add snmp communities
	lineinfile:
	path: /etc/snmp/snmpd.conf
	regexp: '{{ item.regexp }}'
	line: '{{ item.line }}'
	register: snmpd
	loop:
	- { regexp: '^rocommunity pig', line: 'rocommunity pig' }
	- { regexp: '^agentAddress udp:{{ansible_default_ipv4.address}}:161', line: 'agentAddress udp:{{ansible_default_ipv4.address}}:161' }

	- name: Restart snmpd
	service:
	name: snmpd
	state: restarted
	enabled: yes
	when: snmpd.changed