Browse Source

add various stuff

master
Jörg Thalheim 5 years ago
parent
commit
90c8b923e4
  1. 51
      ansible.cfg
  2. 2
      connection_plugins/lxc
  3. 7
      roles/common/defaults/main.yml
  4. 11
      roles/common/files/man-db.hook
  5. 0
      roles/common/files/man-db.service
  6. 2
      roles/common/files/resolv.conf
  7. 24
      roles/common/tasks/main.yml
  8. 4
      roles/common/templates/hosts.j2
  9. 2037
      roles/container/files/vim/autoload/plug.vim
  10. 35
      roles/container/files/vimrc
  11. 12
      roles/container/tasks/main.yml
  12. 2
      roles/container/tasks/ssh.yml
  13. 2
      roles/php/templates/php-fpm.conf.j2
  14. 236
      roles/php/templates/php.ini.j2

51
ansible.cfg

@ -1,7 +1,7 @@
# config file for ansible -- http://ansible.com/
# ==============================================
# nearly all parameters can be overridden in ansible-playbook
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
@ -71,22 +71,22 @@ timeout = 10
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
# if set, always use this private key file for authentication, same as
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file
# format of string {{ ansible_managed }} available within Jinja2
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified by {uid} on {host}
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False
@ -126,28 +126,28 @@ filter_plugins = /usr/share/ansible_plugins/filter_plugins
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1
# the CA certificate path used for validating SSL certs. This path
# the CA certificate path used for validating SSL certs. This path
# should exist on the controlling node, not the target nodes
# common locations:
# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
# Fedora : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Ubuntu : /usr/share/ca-certificates/cacert.org/cacert.org.crt
#ca_file_path =
#ca_file_path =
# the http user-agent string to use when fetching urls. Some web server
# operators block the default urllib user agent as it is frequently used
# by malicious attacks/scripts, so we set it to something unique to
# by malicious attacks/scripts, so we set it to something unique to
# avoid issues.
#http_user_agent = ansible-agent
# if set to a persistant type (not 'memory', for example 'redis') fact values
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
@ -161,8 +161,8 @@ fact_caching = memory
[privilege_escalation]
#become=True
#become_method='sudo'
#become_user='root'
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
@ -179,24 +179,24 @@ fact_caching = memory
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
# The path to use for the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
# very long hostnames or very long path names (caused by long user names or
# very long hostnames or very long path names (caused by long user names or
# deeply nested home directories) this can exceed the character limit on
# file socket names (108 characters for most platforms). In that case, you
# file socket names (108 characters for most platforms). In that case, you
# may wish to shorten the string below.
#
# Example:
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
@ -204,7 +204,7 @@ fact_caching = memory
#
pipelining = True
# if True, make ansible use scp if the connection type is ssh
# if True, make ansible use scp if the connection type is ssh
# (default is sftp)
#scp_if_ssh = True
@ -215,7 +215,7 @@ accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30
accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
@ -223,3 +223,8 @@ accelerate_daemon_timeout = 30
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependant context.
#special_context_filesystems=nfs,vboxsf,fuse

2
connection_plugins/lxc

@ -1 +1 @@
Subproject commit e6e168920486dc6e1249a6c8849cd98186fab6f5
Subproject commit e497737cd0cfdf9e57d94845b1096da425507c1d

7
roles/common/defaults/main.yml

@ -0,0 +1,7 @@
static_files:
- { from: locale.conf, to: /etc/locale.conf }
- { from: whois.conf, to: /etc/whois.conf }
- { from: resolv.conf, to: /etc/resolv.conf }
- { from: logind.conf, to: /etc/systemd/system/logind.conf }
- { from: locale.gen, to: /etc/locale.gen }
- { from: man-db.hook, to: /etc/pacman.d/hooks/man-db.hook }

11
roles/common/files/man-db.hook

@ -0,0 +1,11 @@
[Trigger]
Type = File
Operation = Install
Operation = Upgrade
Operation = Remove
Target = usr/share/man/*
[Action]
Description = Updating manpage index...
When = PostTransaction
Exec = /usr/bin/systemctl start --no-block man-db.service

0
roles/common/files/man-db.service

2
roles/common/files/resolv.conf

@ -4,6 +4,6 @@
#
nameserver 172.23.75.6
search eve.higgsboson.tk
search eve.evenet.dn42
# End of file

24
roles/common/tasks/main.yml

@ -1,30 +1,34 @@
- name: update pacman cache
pacman: update_cache=yes
- fetch: src=/etc/hosts dest=/tmp/fetched
- name: remove silver-searcher-git
pacman:
name="silver-searcher-git"
state=absent
- name: install essential packages
pacman:
name="htop,strace,the_silver_searcher,zsh,git,sudo"
name="htop,strace,zsh,git,sudo,neovim,python2-neovim,python-neovim,the_silver_searcher"
state=present
- name: install packages from repo
pacman:
name="neovim-git,ca-certificates-dn42"
name="ca-certificates-dn42,neovim-symlinks"
state=present
# fails on login, because it does not have the repo
ignore_errors: yes
- file: src=/usr/bin/nvim dest=/usr/local/bin/vim state=link
- locale_gen: name=de_DE.UTF-8 state=present
- locale_gen: name=en_DK.UTF-8 state=present
- command: /usr/bin/timedatectl set-timezone UTC
#- command: /usr/bin/timedatectl set-timezone UTC
- name: common configuration
template: src={{ item.from }}.j2 dest={{ item.to }} mode=0644 backup=no
with_items:
- { from: hosts, to: /etc/hosts }
- name: create directories for files
file: path="{{ item.to | dirname }}" recurse=yes state=directory
with_items: "{{static_files}}"
- name: common configuration
copy: src={{ item.from }} dest={{ item.to }}
with_items:
- { from: locale.conf, to: /etc/locale.conf }
- { from: whois.conf, to: /etc/whois.conf }
- { from: resolv.conf, to: /etc/resolv.conf }
- { from: logind.conf, to: /etc/systemd/system/logind.conf }
- { from: locale.gen, to: /etc/locale.gen }
copy: src="{{ item.from }}" dest={{ item.to }}
with_items: "{{static_files}}"

4
roles/common/templates/hosts.j2

@ -4,7 +4,7 @@
#
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 {{ ansible_nodename }}.lxc {{ ansible_nodename }} localhost
::1 {{ ansible_nodename }}.lxc {{ ansible_nodename }} localhost
127.0.0.1 {{ ansible_nodename }}.eve.evenet.dn42 {{ ansible_nodename }} localhost
::1 {{ ansible_nodename }}.eve.evenet.dn42 {{ ansible_nodename }} localhost
# End of file

2037
roles/container/files/vim/autoload/plug.vim
File diff suppressed because it is too large
View File

35
roles/container/files/vimrc

@ -3,34 +3,13 @@ set nocompatible " be iMproved
filetype off " required!
let mapleader="," " change the leader to be a comma vs slash
let iCanHazVundle=1
let vundle_readme=expand('~/.vim/bundle/Vundle.vim/README.md')
if !filereadable(vundle_readme)
echo "Installing Vundle.."
echo ""
silent !mkdir -p ~/.vim/bundle
silent !git clone https://github.com/gmarik/Vundle.vim.git ~/.vim/bundle/Vundle.vim
let iCanHazVundle=0
endif
set rtp+=~/.vim/bundle/Vundle.vim
call vundle#begin()
Plugin 'tpope/vim-rails'
Plugin 'scrooloose/nerdtree'
Plugin 'slim-template/vim-slim'
Plugin 'scrooloose/syntastic'
" not compatible with vim on servers
" Bundle 'Valloric/YouCompleteMe'
Plugin 'airblade/vim-gitgutter'
Plugin 'bronson/vim-trailing-whitespace'
call vundle#end()
if iCanHazVundle == 0
echo "Installing Bundles, please ignore key map error messages"
echo ""
:BundleInstall
endif
call plug#begin('~/.vim/plugged')
Plug 'scrooloose/nerdtree'
Plug 'scrooloose/syntastic'
Plug 'Valloric/YouCompleteMe'
Plug 'airblade/vim-gitgutter'
Plug 'bronson/vim-trailing-whitespace'
call plug#end()
syntax on
filetype plugin indent on

12
roles/container/tasks/main.yml

@ -16,15 +16,21 @@
- name: SSH Keys
copy: src=authorized_keys dest=/home/admin/.ssh/authorized_keys
- set_fact:
admins: "{{ base_admins + additional_admins }}"
- set_fact: admins="{{ base_admins + additional_admins }}"
- name: deploy dotfiles
copy: src="{{ item[0] }}" dest="{{ item[1].dest }}/.{{ item[0] }}" owner="{{ item[1].owner }}" group="{{ item[1].group }}"
with_nested:
- ['bashrc', 'dircolors', 'vimrc']
- ['bashrc', 'dircolors']
- admins
- name: Create ~/.config/nvim/autoload
file: path=/root/.config/nvim/autoload state=directory
- name: create neovim
copy: src="vimrc" dest="/root/.config/nvim/init.vim"
- name: install plug.vim
copy: src="vim/autoload/plug.vim" dest="/root/.config/nvim/autoload/plug.vim"
- mount: name=/run/systemd/journal/ src=/mnt/journal fstype=none opts=bind,ro state=present
- name: backup directory

2
roles/container/tasks/ssh.yml

@ -17,7 +17,7 @@
service: name=sshd.socket state=started enabled=yes
- name: sshd.service.d
file: path=/etc/systemd/system/sshd.service.d/ state=directory
file: path=/etc/systemd/system/sshd@.service.d/ state=directory
- name: ssh service KillMode
copy: src=sshd-killmode.conf dest=/etc/systemd/system/sshd@.service.d/killmode.conf
notify: Reload systemd

2
roles/php/templates/php-fpm.conf.j2

@ -14,7 +14,7 @@
; Relative path can also be used. They will be prefixed by:
; - the global prefix if it's been set (-p argument)
; - /usr otherwise
include=/etc/php/fpm.d/*.conf
include=/etc/php/php-fpm.d/*.conf
;;;;;;;;;;;;;;;;;;
; Global Options ;

236
roles/php/templates/php.ini.j2

@ -201,10 +201,6 @@ engine = On
; http://php.net/short-open-tag
short_open_tag = Off
; Allow ASP-style <% %> tags.
; http://php.net/asp-tags
asp_tags = Off
; The number of significant digits displayed in floating point numbers.
; http://php.net/precision
precision = 14
@ -696,13 +692,6 @@ default_charset = "UTF-8"
; http://php.net/output-encoding
;output_encoding =
; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
; to disable this feature and it will be removed in a future version.
; If post reading is disabled through enable_post_data_reading,
; $HTTP_RAW_POST_DATA is *NOT* populated.
; http://php.net/always-populate-raw-post-data
;always_populate_raw_post_data = -1
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
@ -885,19 +874,14 @@ extension=gettext.so
;extension=intl.so
;extension=ldap.so
;extension=mcrypt.so
;extension=mssql.so
;extension=mysqli.so
;extension=mysql.so
;extension=odbc.so
zend_extension=opcache.so
;extension=openssl.so
;extension=pdo_mysql.so
;extension=pdo_odbc.so
;extension=pdo_pgsql.so
;extension=pdo_sqlite.so
;extension=pgsql.so
;extension=phar.so
;extension=posix.so
;extension=pspell.so
;extension=shmop.so
;extension=snmp.so
@ -910,12 +894,7 @@ zend_extension=opcache.so
;extension=tidy.so
;extension=xmlrpc.so
;extension=xsl.so
;extension=zip.so
; Extensions enabled by ansible
{% for item in php_extensions %}
extension={{item}}.so
{% endfor %}
extension=zip.so
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
@ -974,10 +953,6 @@ date.timezone = UTC
; Default is 0, which does not produce any errors.
;intl.error_level = E_WARNING
[sqlite]
; http://php.net/sqlite.assoc-case
;sqlite.assoc_case = 0
[sqlite3]
;sqlite3.extension_dir =
@ -993,6 +968,10 @@ date.timezone = UTC
; http://php.net/pcre.recursion-limit
;pcre.recursion_limit=100000
;Enables or disables JIT compilation of patterns. This requires the PCRE
;library to be compiled with JIT support.
;pcre.jit=1
[Pdo]
; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
; http://php.net/pdo-odbc.connection-pooling
@ -1036,7 +1015,7 @@ smtp_port = 25
; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
; the 5th parameter to mail().
;mail.force_extra_parameters =
; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
@ -1126,64 +1105,6 @@ ibase.dateformat = "%Y-%m-%d"
; Default time format.
ibase.timeformat = "%H:%M:%S"
[MySQL]
; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
; http://php.net/mysql.allow_local_infile
mysql.allow_local_infile = On
; Allow or prevent persistent links.
; http://php.net/mysql.allow-persistent
mysql.allow_persistent = On
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/mysql.cache_size
mysql.cache_size = 2000
; Maximum number of persistent links. -1 means no limit.
; http://php.net/mysql.max-persistent
mysql.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/mysql.max-links
mysql.max_links = -1
; Default port number for mysql_connect(). If unset, mysql_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
; at MYSQL_PORT.
; http://php.net/mysql.default-port
mysql.default_port =
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/mysql.default-socket
mysql.default_socket =
; Default host for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysql.default-host
mysql.default_host =
; Default user for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysql.default-user
mysql.default_user =
; Default password for mysql_connect() (doesn't apply in safe mode).
; Note that this is generally a *bad* idea to store passwords in this file.
; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
; and reveal this password! And of course, any users with read access to this
; file will be able to reveal the password as well.
; http://php.net/mysql.default-password
mysql.default_password =
; Maximum time (in seconds) for connect timeout. -1 means no limit
; http://php.net/mysql.connect-timeout
mysql.connect_timeout = 60
; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
; SQL-Errors will be displayed.
; http://php.net/mysql.trace-mode
mysql.trace_mode = Off
[MySQLi]
; Maximum number of persistent links. -1 means no limit.
@ -1338,45 +1259,6 @@ pgsql.ignore_notice = 0
; http://php.net/pgsql.log-notice
pgsql.log_notice = 0
[Sybase-CT]
; Allow or prevent persistent links.
; http://php.net/sybct.allow-persistent
sybct.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
; http://php.net/sybct.max-persistent
sybct.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/sybct.max-links
sybct.max_links = -1
; Minimum server message severity to display.
; http://php.net/sybct.min-server-severity
sybct.min_server_severity = 10
; Minimum client message severity to display.
; http://php.net/sybct.min-client-severity
sybct.min_client_severity = 10
; Set per-context timeout
; http://php.net/sybct.timeout
;sybct.timeout=
;sybct.packet_size
; The maximum time in seconds to wait for a connection attempt to succeed before returning failure.
; Default: one minute
;sybct.login_timeout=
; The name of the host you claim to be connecting from, for display by sp_who.
; Default: none
;sybct.hostname=
; Allows you to define how often deadlocks are to be retried. -1 means "forever".
; Default: 0
;sybct.deadlock_retry_count=
[bcmath]
; Number of decimal digits for all bcmath functions.
; http://php.net/bcmath.scale
@ -1627,64 +1509,31 @@ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
; http://php.net/session.upload-progress.min-freq
;session.upload_progress.min_freq = "1"
[MSSQL]
; Allow or prevent persistent links.
mssql.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
mssql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1 means no limit.
mssql.max_links = -1
; Minimum error severity to display.
mssql.min_error_severity = 10
; Minimum message severity to display.
mssql.min_message_severity = 10
; Compatibility mode with old versions of PHP 3.0.
mssql.compatibility_mode = Off
; Connect timeout
;mssql.connect_timeout = 5
; Query timeout
;mssql.timeout = 60
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textlimit = 4096
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textsize = 4096
; Limits the number of records in each batch. 0 = all records in one batch.
;mssql.batchsize = 0
; Specify how datetime and datetim4 columns are returned
; On => Returns data converted to SQL server settings
; Off => Returns values as YYYY-MM-DD hh:mm:ss
;mssql.datetimeconvert = On
; Use NT authentication when connecting to the server
mssql.secure_connection = Off
; Specify max number of processes. -1 = library default
; msdlib defaults to 25
; FreeTDS defaults to 4096
;mssql.max_procs = -1
; Specify client character set.
; If empty or not set the client charset from freetds.conf is used
; This is only used when compiled with FreeTDS
;mssql.charset = "ISO-8859-1"
; Only write session data when session data is changed. Enabled by default.
; http://php.net/session.lazy-write
;session.lazy_write = On
[Assertion]
; Switch whether to compile assertions at all (to have no overhead at run-time)
; -1: Do not compile at all
; 0: Jump over assertion at run-time
; 1: Execute assertions
; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1)
; Default Value: 1
; Development Value: 1
; Production Value: -1
; http://php.net/zend.assertions
zend.assertions = -1
; Assert(expr); active by default.
; http://php.net/assert.active
;assert.active = On
; Issue a PHP warning for each failed assertion.
; Throw an AssertationException on failed assertions
; http://php.net/assert.exception
;assert.exception = On
; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active)
; http://php.net/assert.warning
;assert.warning = On
@ -1728,7 +1577,7 @@ mssql.secure_connection = Off
[mbstring]
; language for internal character representation.
; This affects mb_send_mail() and mbstrig.detect_order.
; This affects mb_send_mail() and mbstring.detect_order.
; http://php.net/mbstring.language
;mbstring.language = Japanese
@ -1918,11 +1767,6 @@ opcache.enable=1
; size of the optimized code.
;opcache.save_comments=1
; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments"
; may be always stored (save_comments=1), but not loaded by applications
; that don't need them anyway.
;opcache.load_comments=1
; If enabled, a fast shutdown sequence is used for the accelerated code
;opcache.fast_shutdown=0
@ -1972,6 +1816,31 @@ opcache.enable=1
; Useful for internal debugging only.
;opcache.protect_memory=0
; Allows calling OPcache API functions only from PHP scripts which path is
; started from specified string. The default "" means no restriction
;opcache.restrict_api=
; Mapping base of shared memory segments (for Windows only). All the PHP
; processes have to map shared memory into the same address space. This
; directive allows to manually fix the "Unable to reattach to base address"
; errors.
;opcache.mmap_base=
; Enables and sets the second level cache directory.
; It should improve performance when SHM memory is full, at server restart or
; SHM reset. The default "" disables file based caching.
;opcache.file_cache=
; Enables or disables opcode caching in shared memory.
;opcache.file_cache_only=0
; Enables or disables checksum validation when script loaded from file cache.
;opcache.file_cache_consistency_checks=1
; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
; This should improve performance, but requires appropriate OS configuration.
;opcache.huge_code_pages=1
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
@ -1995,6 +1864,9 @@ opcache.enable=1
; SSL stream context option.
;openssl.capath=
[apc]
apc.enable_cli=1
; Local Variables:
; tab-width: 4
; End:
Loading…
Cancel
Save