ctic.yml

---
- name: Computadores da CTIC
  hosts: ctic
  vars:
    ansible_python_interpreter: /usr/bin/python3
  gather_facts: true
  roles:
    - code
    - docker
    # - teamviewer
    # - virtualbox
    # - rambox
    # - ingressa_ldap
    # - rke
  tasks:
  # - name: Instalar os pacotes para o Ansible #do buster-backports - Linux Debian
  #   apt: name=ansible state=latest #default_release=buster-backports
    - name: Pacotes padroes da CTIC
      ansible.builtin.apt:
        pkg:
          - ipcalc
          - ansible
          - keepassx
          - git
          - gparted
          - vinagre
          - tcpdump
          - dnsutils
          - python3-pip

    - name: Instala pacotes pip
      ansible.builtin.pip:
        name:
          - pywinrm
          - paramiko
          - cryptography
        executable: pip3

    - name: Adiciona no grupo docker
      ansible.builtin.user:
        name: "{{ item }}"
        groups: docker
        append: true
      with_items:
        - rmartins
        - humbertos
        - marcelo.alejandro
        - davi.iahn
        - davi.m12
      when: ansible_os_family == 'Debian'

##################  Maquina do RICARDO  ##################
# Não executar o Mestre.yml, executar apenas o ctic.yml #
- hosts: sje-lin-ctic-38319.maquinas.sj.ifsc.edu.br
  #any_errors_fatal: true
  roles:
    - kubernetes
    - ingressa_ldap_gdm
    - teams_microsoft
    # - softwares_remotos # ruim no buster
    - role: geerlingguy.nfs
      nfs_exports: [ "/dados *(rw,sync,no_root_squash)" ]
    # - role: bertvv.samba
    #   samba_shares:
    #     - name: ctic
    #       comment: 'O local mais seguro de todos'
    #       path: /dados
    #       browseable: yes
    #       create_mode: '777'
    #       directory_mode: '777'
    #       valid_users: '%S'
    #       writable: yes
    #       read_only: no
    #       guest_ok: yes
    #   samba_users:
    #     - name: USERNAME
    #       password: PASSWORD
  tasks:
  - name: Pacotes do Ricardo
    ansible.builtin.apt:
      state: latest
      pkg:
      - k3b
      - keychain
      - dcfldd
      - lm-sensors
      # - nautilus-dropbox # ruim no buster
      - unzip
      - vlan
      - python3-tk
      - python3-setuptools
      # - gir1.2-appindicator3-0.1 # Não é mais necessário
      # - python-appindicator # ruim no buster
      - vinagre
      - virtualenv
      - konsole
      - nfs-common
      - curl
      - ethtool
      - samba
      - usbutils
      - sshfs
      - net-tools
  - name: Configuração do Ansible
    ansible.builtin.copy:
      content: |
        [defaults]
        forks          = 50
        gathering = implicit
        host_key_checking = False
        remote_user = root
        vault_password_file = /home/rmartins/.ssh/v

      owner: rmartins
      group: rmartins
      mode: '0644'
      dest: /home/rmartins/.ansible.cfg

  - name: Configuração do ssh
    ansible.builtin.lineinfile:
      path: /etc/ssh/ssh_config
      insertafter: "^#   StrictHostKeyChecking ask"
      firstmatch: true
      regexp: "{{ item.regexp }}"
      line: "{{ item.line }}"
    loop:
      - { regexp: "StrictHostKeyChecking ask", line: "StrictHostKeyChecking no"}
      - { regexp: "#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k", line: "UserKnownHostsFile=/dev/null"}
##########################################################

# Windows Ricardo

- hosts: sj-ctic-38319.maquinas.sj.ifsc.edu.br
  roles:
    - ingressa_ldap