Added base patch management role

2023-05-07 12:01:52 +02:00
parent 2fd69c736b
commit 0ca263c251
14 changed files with 325 additions and 0 deletions
--- a/roles/unattended-upgrades/tasks/main.yml
+++ b/roles/unattended-upgrades/tasks/main.yml
@ -0,0 +1,12 @@
+---
+# tasks file for unattended-upgrades
+
+- name: Check if Postfix is already configured
+  stat:
+    path: /etc/postfix/sasl_passwd.db
+  register: postfix_configured
+
+- import_tasks: postfix.yml
+  when: postfix_configured.stat.exists == false
+
+- import_tasks: unattended-upgrades.yml
--- a/roles/unattended-upgrades/tasks/postfix.yml
+++ b/roles/unattended-upgrades/tasks/postfix.yml
@ -0,0 +1,55 @@
+- name: Install postfix and mail client
+  apt:
+    update_cache: true
+    pkg:
+    - bsd-mailx
+    - postfix
+    - libsasl2-modules
+
+- name: Insert postfix main configuration
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main.cf
+    backup: true
+  notify: restart_postfix
+  
+- name: Setup credentials
+  template:
+    src: mail_credentials.j2
+    dest: /etc/postfix/sasl_passwd
+    mode: 0600
+
+- name: Generate sasl.db file
+  command: postmap /etc/postfix/sasl_passwd
+
+- name: Delete credentials file
+  file:
+    name: /etc/postfix/sasl_passwd
+    state: absent
+
+- name: SMTP header tasks
+  block:
+  - name: Add custom from header configuration
+    template:
+      src: mail_headers.j2
+      dest: /etc/postfix/smtp_header_checks
+      mode: 0600
+      backup: true
+
+  - name: Add postfix-pcre package
+    apt:
+      name: postfix-pcre
+  when: custom_smtp_header
+
+- name: SMTP masquerade tasks
+  block:
+  - name: Add SMTP masquerade file
+    template:
+      src: mail_generic.j2
+      dest: /etc/postfix/generic
+      mode: 0600
+      backup: true
+
+  - name: Generate generic.db file
+    command: postmap /etc/postfix/generic
+  when: smtp_masquerade
--- a/roles/unattended-upgrades/tasks/unattended-upgrades.yml
+++ b/roles/unattended-upgrades/tasks/unattended-upgrades.yml
@ -0,0 +1,25 @@
+- name: Install unattended-upgrades package
+  apt:
+    name: unattended-upgrades
+    state: present
+
+- name: Setup unattended-upgrades config
+  template:
+    src: unattended-upgrades.j2
+    dest: /etc/apt/apt.conf.d/52unattended-upgrades
+    backup: true
+  notify: restart_unattended-upgrades
+
+- name: Setup reboot notifier script
+  template:
+    src: reboot_alert.sh.j2
+    dest: /usr/local/sbin/reboot_alert.sh
+    backup: true
+    mode: +x
+
+- name: Setup cron to launch notifier script
+  cron:
+    name: "alert if reboot is required"
+    minute: "0"
+    hour: "8"
+    job: "/usr/local/sbin/reboot_alert.sh"