Compare commits

..

3 Commits

14 changed files with 2178 additions and 256 deletions

View File

@ -147,7 +147,7 @@ filter_plugins = /usr/share/ansible_plugins/filter_plugins
# avoid issues. # avoid issues.
#http_user_agent = ansible-agent #http_user_agent = ansible-agent
# if set to a persistant type (not 'memory', for example 'redis') fact values # if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when # from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers # wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their # without having to talk to them in the same playbook run to get their
@ -161,8 +161,8 @@ fact_caching = memory
[privilege_escalation] [privilege_escalation]
#become=True #become=True
#become_method='sudo' #become_method=sudo
#become_user='root' #become_user=root
#become_ask_pass=False #become_ask_pass=False
[paramiko_connection] [paramiko_connection]
@ -223,3 +223,8 @@ accelerate_daemon_timeout = 30
# is "no". # is "no".
#accelerate_multi_key = yes #accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependant context.
#special_context_filesystems=nfs,vboxsf,fuse

@ -1 +1 @@
Subproject commit e6e168920486dc6e1249a6c8849cd98186fab6f5 Subproject commit e497737cd0cfdf9e57d94845b1096da425507c1d

View File

@ -0,0 +1,7 @@
static_files:
- { from: locale.conf, to: /etc/locale.conf }
- { from: whois.conf, to: /etc/whois.conf }
- { from: resolv.conf, to: /etc/resolv.conf }
- { from: logind.conf, to: /etc/systemd/system/logind.conf }
- { from: locale.gen, to: /etc/locale.gen }
- { from: man-db.hook, to: /etc/pacman.d/hooks/man-db.hook }

View File

@ -0,0 +1,11 @@
[Trigger]
Type = File
Operation = Install
Operation = Upgrade
Operation = Remove
Target = usr/share/man/*
[Action]
Description = Updating manpage index...
When = PostTransaction
Exec = /usr/bin/systemctl start --no-block man-db.service

View File

View File

@ -4,6 +4,6 @@
# #
nameserver 172.23.75.6 nameserver 172.23.75.6
search eve.higgsboson.tk search eve.evenet.dn42
# End of file # End of file

View File

@ -1,24 +1,34 @@
- name: update pacman cache - name: update pacman cache
pacman: update_cache=yes pacman: update_cache=yes
- fetch: src=/etc/hosts dest=/tmp/fetched
- name: remove silver-searcher-git
pacman:
name="silver-searcher-git"
state=absent
- name: install essential packages - name: install essential packages
pacman: pacman:
name="htop,strace,the_silver_searcher,zsh,git,sudo,neovim-git,ca-certificates-dn42" name="htop,strace,zsh,git,sudo,neovim,python2-neovim,python-neovim,the_silver_searcher"
state=present state=present
- name: install packages from repo
pacman:
name="ca-certificates-dn42,neovim-symlinks"
state=present
# fails on login, because it does not have the repo
ignore_errors: yes
- file: src=/usr/bin/nvim dest=/usr/local/bin/vim state=link - file: src=/usr/bin/nvim dest=/usr/local/bin/vim state=link
- locale_gen: name=de_DE.UTF-8 state=present - locale_gen: name=de_DE.UTF-8 state=present
- locale_gen: name=en_DK.UTF-8 state=present - locale_gen: name=en_DK.UTF-8 state=present
- command: /usr/bin/timedatectl set-timezone UTC #- command: /usr/bin/timedatectl set-timezone UTC
- name: common configuration - name: common configuration
template: src={{ item.from }}.j2 dest={{ item.to }} mode=0644 backup=no template: src={{ item.from }}.j2 dest={{ item.to }} mode=0644 backup=no
with_items: with_items:
- { from: hosts, to: /etc/hosts } - { from: hosts, to: /etc/hosts }
- name: create directories for files
file: path="{{ item.to | dirname }}" recurse=yes state=directory
with_items: "{{static_files}}"
- name: common configuration - name: common configuration
copy: src={{ item.from }} dest={{ item.to }} copy: src="{{ item.from }}" dest={{ item.to }}
with_items: with_items: "{{static_files}}"
- { from: locale.conf, to: /etc/locale.conf }
- { from: whois.conf, to: /etc/whois.conf }
- { from: resolv.conf, to: /etc/resolv.conf }
- { from: logind.conf, to: /etc/systemd/system/logind.conf }
- { from: locale.gen, to: /etc/locale.gen }

View File

@ -4,7 +4,7 @@
# #
#<ip-address> <hostname.domain.org> <hostname> #<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 {{ ansible_nodename }}.lxc {{ ansible_nodename }} localhost 127.0.0.1 {{ ansible_nodename }}.eve.evenet.dn42 {{ ansible_nodename }} localhost
::1 {{ ansible_nodename }}.lxc {{ ansible_nodename }} localhost ::1 {{ ansible_nodename }}.eve.evenet.dn42 {{ ansible_nodename }} localhost
# End of file # End of file

File diff suppressed because it is too large Load Diff

View File

@ -3,34 +3,13 @@ set nocompatible " be iMproved
filetype off " required! filetype off " required!
let mapleader="," " change the leader to be a comma vs slash let mapleader="," " change the leader to be a comma vs slash
let iCanHazVundle=1 call plug#begin('~/.vim/plugged')
let vundle_readme=expand('~/.vim/bundle/Vundle.vim/README.md') Plug 'scrooloose/nerdtree'
if !filereadable(vundle_readme) Plug 'scrooloose/syntastic'
echo "Installing Vundle.." Plug 'Valloric/YouCompleteMe'
echo "" Plug 'airblade/vim-gitgutter'
silent !mkdir -p ~/.vim/bundle Plug 'bronson/vim-trailing-whitespace'
silent !git clone https://github.com/gmarik/Vundle.vim.git ~/.vim/bundle/Vundle.vim call plug#end()
let iCanHazVundle=0
endif
set rtp+=~/.vim/bundle/Vundle.vim
call vundle#begin()
Plugin 'tpope/vim-rails'
Plugin 'scrooloose/nerdtree'
Plugin 'slim-template/vim-slim'
Plugin 'scrooloose/syntastic'
" not compatible with vim on servers
" Bundle 'Valloric/YouCompleteMe'
Plugin 'airblade/vim-gitgutter'
Plugin 'bronson/vim-trailing-whitespace'
call vundle#end()
if iCanHazVundle == 0
echo "Installing Bundles, please ignore key map error messages"
echo ""
:BundleInstall
endif
syntax on syntax on
filetype plugin indent on filetype plugin indent on

View File

@ -6,11 +6,6 @@
with_items: masked_services with_items: masked_services
- user: name=root shell=/bin/bash - user: name=root shell=/bin/bash
- name: delete oh-my-zsh repo
file: path=/root/.oh-my-zsh state=absent
- name: delete .zshrc
file: path=/root/.zshrs state=absent
- name: Allow wheel group to use sudo - name: Allow wheel group to use sudo
lineinfile: "dest=/etc/sudoers state=present regexp='^%wheel' line='%wheel ALL=(ALL) NOPASSWD: ALL'" lineinfile: "dest=/etc/sudoers state=present regexp='^%wheel' line='%wheel ALL=(ALL) NOPASSWD: ALL'"
- name: Write mirrorlist - name: Write mirrorlist
@ -21,15 +16,21 @@
- name: SSH Keys - name: SSH Keys
copy: src=authorized_keys dest=/home/admin/.ssh/authorized_keys copy: src=authorized_keys dest=/home/admin/.ssh/authorized_keys
- set_fact: - set_fact: admins="{{ base_admins + additional_admins }}"
admins: "{{ base_admins + additional_admins }}"
- name: deploy dotfiles - name: deploy dotfiles
copy: src="{{ item[0] }}" dest="{{ item[1].dest }}/.{{ item[0] }}" owner="{{ item[1].owner }}" group="{{ item[1].group }}" copy: src="{{ item[0] }}" dest="{{ item[1].dest }}/.{{ item[0] }}" owner="{{ item[1].owner }}" group="{{ item[1].group }}"
with_nested: with_nested:
- ['bashrc', 'dircolors', 'vimrc'] - ['bashrc', 'dircolors']
- admins - admins
- name: Create ~/.config/nvim/autoload
file: path=/root/.config/nvim/autoload state=directory
- name: create neovim
copy: src="vimrc" dest="/root/.config/nvim/init.vim"
- name: install plug.vim
copy: src="vim/autoload/plug.vim" dest="/root/.config/nvim/autoload/plug.vim"
- mount: name=/run/systemd/journal/ src=/mnt/journal fstype=none opts=bind,ro state=present - mount: name=/run/systemd/journal/ src=/mnt/journal fstype=none opts=bind,ro state=present
- name: backup directory - name: backup directory

View File

@ -17,7 +17,7 @@
service: name=sshd.socket state=started enabled=yes service: name=sshd.socket state=started enabled=yes
- name: sshd.service.d - name: sshd.service.d
file: path=/etc/systemd/system/sshd.service.d/ state=directory file: path=/etc/systemd/system/sshd@.service.d/ state=directory
- name: ssh service KillMode - name: ssh service KillMode
copy: src=sshd-killmode.conf dest=/etc/systemd/system/sshd@.service.d/killmode.conf copy: src=sshd-killmode.conf dest=/etc/systemd/system/sshd@.service.d/killmode.conf
notify: Reload systemd notify: Reload systemd

View File

@ -14,7 +14,7 @@
; Relative path can also be used. They will be prefixed by: ; Relative path can also be used. They will be prefixed by:
; - the global prefix if it's been set (-p argument) ; - the global prefix if it's been set (-p argument)
; - /usr otherwise ; - /usr otherwise
include=/etc/php/fpm.d/*.conf include=/etc/php/php-fpm.d/*.conf
;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;
; Global Options ; ; Global Options ;

View File

@ -201,10 +201,6 @@ engine = On
; http://php.net/short-open-tag ; http://php.net/short-open-tag
short_open_tag = Off short_open_tag = Off
; Allow ASP-style <% %> tags.
; http://php.net/asp-tags
asp_tags = Off
; The number of significant digits displayed in floating point numbers. ; The number of significant digits displayed in floating point numbers.
; http://php.net/precision ; http://php.net/precision
precision = 14 precision = 14
@ -696,13 +692,6 @@ default_charset = "UTF-8"
; http://php.net/output-encoding ; http://php.net/output-encoding
;output_encoding = ;output_encoding =
; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
; to disable this feature and it will be removed in a future version.
; If post reading is disabled through enable_post_data_reading,
; $HTTP_RAW_POST_DATA is *NOT* populated.
; http://php.net/always-populate-raw-post-data
;always_populate_raw_post_data = -1
;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ; ; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;
@ -885,19 +874,14 @@ extension=gettext.so
;extension=intl.so ;extension=intl.so
;extension=ldap.so ;extension=ldap.so
;extension=mcrypt.so ;extension=mcrypt.so
;extension=mssql.so
;extension=mysqli.so ;extension=mysqli.so
;extension=mysql.so
;extension=odbc.so ;extension=odbc.so
zend_extension=opcache.so zend_extension=opcache.so
;extension=openssl.so
;extension=pdo_mysql.so ;extension=pdo_mysql.so
;extension=pdo_odbc.so ;extension=pdo_odbc.so
;extension=pdo_pgsql.so ;extension=pdo_pgsql.so
;extension=pdo_sqlite.so ;extension=pdo_sqlite.so
;extension=pgsql.so ;extension=pgsql.so
;extension=phar.so
;extension=posix.so
;extension=pspell.so ;extension=pspell.so
;extension=shmop.so ;extension=shmop.so
;extension=snmp.so ;extension=snmp.so
@ -910,12 +894,7 @@ zend_extension=opcache.so
;extension=tidy.so ;extension=tidy.so
;extension=xmlrpc.so ;extension=xmlrpc.so
;extension=xsl.so ;extension=xsl.so
;extension=zip.so extension=zip.so
; Extensions enabled by ansible
{% for item in php_extensions %}
extension={{item}}.so
{% endfor %}
;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;
; Module Settings ; ; Module Settings ;
@ -974,10 +953,6 @@ date.timezone = UTC
; Default is 0, which does not produce any errors. ; Default is 0, which does not produce any errors.
;intl.error_level = E_WARNING ;intl.error_level = E_WARNING
[sqlite]
; http://php.net/sqlite.assoc-case
;sqlite.assoc_case = 0
[sqlite3] [sqlite3]
;sqlite3.extension_dir = ;sqlite3.extension_dir =
@ -993,6 +968,10 @@ date.timezone = UTC
; http://php.net/pcre.recursion-limit ; http://php.net/pcre.recursion-limit
;pcre.recursion_limit=100000 ;pcre.recursion_limit=100000
;Enables or disables JIT compilation of patterns. This requires the PCRE
;library to be compiled with JIT support.
;pcre.jit=1
[Pdo] [Pdo]
; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
; http://php.net/pdo-odbc.connection-pooling ; http://php.net/pdo-odbc.connection-pooling
@ -1036,7 +1015,7 @@ smtp_port = 25
; Force the addition of the specified parameters to be passed as extra parameters ; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of ; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode. ; the 5th parameter to mail().
;mail.force_extra_parameters = ;mail.force_extra_parameters =
; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
@ -1126,64 +1105,6 @@ ibase.dateformat = "%Y-%m-%d"
; Default time format. ; Default time format.
ibase.timeformat = "%H:%M:%S" ibase.timeformat = "%H:%M:%S"
[MySQL]
; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
; http://php.net/mysql.allow_local_infile
mysql.allow_local_infile = On
; Allow or prevent persistent links.
; http://php.net/mysql.allow-persistent
mysql.allow_persistent = On
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/mysql.cache_size
mysql.cache_size = 2000
; Maximum number of persistent links. -1 means no limit.
; http://php.net/mysql.max-persistent
mysql.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/mysql.max-links
mysql.max_links = -1
; Default port number for mysql_connect(). If unset, mysql_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
; at MYSQL_PORT.
; http://php.net/mysql.default-port
mysql.default_port =
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/mysql.default-socket
mysql.default_socket =
; Default host for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysql.default-host
mysql.default_host =
; Default user for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysql.default-user
mysql.default_user =
; Default password for mysql_connect() (doesn't apply in safe mode).
; Note that this is generally a *bad* idea to store passwords in this file.
; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
; and reveal this password! And of course, any users with read access to this
; file will be able to reveal the password as well.
; http://php.net/mysql.default-password
mysql.default_password =
; Maximum time (in seconds) for connect timeout. -1 means no limit
; http://php.net/mysql.connect-timeout
mysql.connect_timeout = 60
; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
; SQL-Errors will be displayed.
; http://php.net/mysql.trace-mode
mysql.trace_mode = Off
[MySQLi] [MySQLi]
; Maximum number of persistent links. -1 means no limit. ; Maximum number of persistent links. -1 means no limit.
@ -1338,45 +1259,6 @@ pgsql.ignore_notice = 0
; http://php.net/pgsql.log-notice ; http://php.net/pgsql.log-notice
pgsql.log_notice = 0 pgsql.log_notice = 0
[Sybase-CT]
; Allow or prevent persistent links.
; http://php.net/sybct.allow-persistent
sybct.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
; http://php.net/sybct.max-persistent
sybct.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/sybct.max-links
sybct.max_links = -1
; Minimum server message severity to display.
; http://php.net/sybct.min-server-severity
sybct.min_server_severity = 10
; Minimum client message severity to display.
; http://php.net/sybct.min-client-severity
sybct.min_client_severity = 10
; Set per-context timeout
; http://php.net/sybct.timeout
;sybct.timeout=
;sybct.packet_size
; The maximum time in seconds to wait for a connection attempt to succeed before returning failure.
; Default: one minute
;sybct.login_timeout=
; The name of the host you claim to be connecting from, for display by sp_who.
; Default: none
;sybct.hostname=
; Allows you to define how often deadlocks are to be retried. -1 means "forever".
; Default: 0
;sybct.deadlock_retry_count=
[bcmath] [bcmath]
; Number of decimal digits for all bcmath functions. ; Number of decimal digits for all bcmath functions.
; http://php.net/bcmath.scale ; http://php.net/bcmath.scale
@ -1627,64 +1509,31 @@ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
; http://php.net/session.upload-progress.min-freq ; http://php.net/session.upload-progress.min-freq
;session.upload_progress.min_freq = "1" ;session.upload_progress.min_freq = "1"
[MSSQL] ; Only write session data when session data is changed. Enabled by default.
; Allow or prevent persistent links. ; http://php.net/session.lazy-write
mssql.allow_persistent = On ;session.lazy_write = On
; Maximum number of persistent links. -1 means no limit.
mssql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1 means no limit.
mssql.max_links = -1
; Minimum error severity to display.
mssql.min_error_severity = 10
; Minimum message severity to display.
mssql.min_message_severity = 10
; Compatibility mode with old versions of PHP 3.0.
mssql.compatibility_mode = Off
; Connect timeout
;mssql.connect_timeout = 5
; Query timeout
;mssql.timeout = 60
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textlimit = 4096
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textsize = 4096
; Limits the number of records in each batch. 0 = all records in one batch.
;mssql.batchsize = 0
; Specify how datetime and datetim4 columns are returned
; On => Returns data converted to SQL server settings
; Off => Returns values as YYYY-MM-DD hh:mm:ss
;mssql.datetimeconvert = On
; Use NT authentication when connecting to the server
mssql.secure_connection = Off
; Specify max number of processes. -1 = library default
; msdlib defaults to 25
; FreeTDS defaults to 4096
;mssql.max_procs = -1
; Specify client character set.
; If empty or not set the client charset from freetds.conf is used
; This is only used when compiled with FreeTDS
;mssql.charset = "ISO-8859-1"
[Assertion] [Assertion]
; Switch whether to compile assertions at all (to have no overhead at run-time)
; -1: Do not compile at all
; 0: Jump over assertion at run-time
; 1: Execute assertions
; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1)
; Default Value: 1
; Development Value: 1
; Production Value: -1
; http://php.net/zend.assertions
zend.assertions = -1
; Assert(expr); active by default. ; Assert(expr); active by default.
; http://php.net/assert.active ; http://php.net/assert.active
;assert.active = On ;assert.active = On
; Issue a PHP warning for each failed assertion. ; Throw an AssertationException on failed assertions
; http://php.net/assert.exception
;assert.exception = On
; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active)
; http://php.net/assert.warning ; http://php.net/assert.warning
;assert.warning = On ;assert.warning = On
@ -1728,7 +1577,7 @@ mssql.secure_connection = Off
[mbstring] [mbstring]
; language for internal character representation. ; language for internal character representation.
; This affects mb_send_mail() and mbstrig.detect_order. ; This affects mb_send_mail() and mbstring.detect_order.
; http://php.net/mbstring.language ; http://php.net/mbstring.language
;mbstring.language = Japanese ;mbstring.language = Japanese
@ -1918,11 +1767,6 @@ opcache.enable=1
; size of the optimized code. ; size of the optimized code.
;opcache.save_comments=1 ;opcache.save_comments=1
; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments"
; may be always stored (save_comments=1), but not loaded by applications
; that don't need them anyway.
;opcache.load_comments=1
; If enabled, a fast shutdown sequence is used for the accelerated code ; If enabled, a fast shutdown sequence is used for the accelerated code
;opcache.fast_shutdown=0 ;opcache.fast_shutdown=0
@ -1972,6 +1816,31 @@ opcache.enable=1
; Useful for internal debugging only. ; Useful for internal debugging only.
;opcache.protect_memory=0 ;opcache.protect_memory=0
; Allows calling OPcache API functions only from PHP scripts which path is
; started from specified string. The default "" means no restriction
;opcache.restrict_api=
; Mapping base of shared memory segments (for Windows only). All the PHP
; processes have to map shared memory into the same address space. This
; directive allows to manually fix the "Unable to reattach to base address"
; errors.
;opcache.mmap_base=
; Enables and sets the second level cache directory.
; It should improve performance when SHM memory is full, at server restart or
; SHM reset. The default "" disables file based caching.
;opcache.file_cache=
; Enables or disables opcode caching in shared memory.
;opcache.file_cache_only=0
; Enables or disables checksum validation when script loaded from file cache.
;opcache.file_cache_consistency_checks=1
; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
; This should improve performance, but requires appropriate OS configuration.
;opcache.huge_code_pages=1
[curl] [curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an ; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path. ; absolute path.
@ -1995,6 +1864,9 @@ opcache.enable=1
; SSL stream context option. ; SSL stream context option.
;openssl.capath= ;openssl.capath=
[apc]
apc.enable_cli=1
; Local Variables: ; Local Variables:
; tab-width: 4 ; tab-width: 4
; End: ; End: