Initial commit

.gitignore

@@ -0,0 +1 @@
+env/*

README.md

@@ -0,0 +1,38 @@
+# Ansible från grunden
+Här finner du all exempelkod för boken *Ansible från grunden*
+(ISBN: 978-91-983300-9-0).
+
+Boken kommer att ges ut under sensommaren/hösten 2022.
+
+Boken kommer att finnas till försäljning hos [CyberInfo Sverige](https://www.cyberinfo.se/bocker/),
+[Bokus](https://www.bokus.com/cgi-bin/product_search.cgi?publisher=CyberInfo%20Sverige) och
+[Adlibris](https://www.adlibris.com/se/sok?filter=publisher%3ACyberInfo%20Sverige).
+
+
+## Baksidetexten
+**Ansible från grunden** lär ut det vi behöver för att komma igång med
+Ansible. Boken börjar med en genomgång av vad Ansible är, hur det används och
+vad det används till. Vi tittar också på hur man installerar Ansible i en
+virtuell Pythonmiljö.
+
+Därefter lär vi oss hur man kör ad hoc-kommandon för att snabbt
+fixa något; hur man skriver egna playbooks för att utföra en lång rad
+uppgifter; hur man skriver roller för att på ett enkelt sätt återanvända
+Ansible-kod. Vi lär oss också hur man krypterar filer som innehåller lösenord
+eller andra känsliga uppgifter. 
+
+Boken är uppbyggd av både enklare, mindre exempel, men också av ett par stora
+projekt som vi gång på gång modifierar och förbättrar. I boken finns cirka ett
+hundra exempel. Efter varje kapitel finns övningsuppgifter av varierande
+svårighetsgrad.
+
+Bokens huvudfokus är att managera Linuxsystem. Men det finns även ett kort
+kapitel som visar hur man kan använda Ansible för att managera Windows.
+
+För att få ut det mesta av boken bör man vara bekväm med att arbeta med
+Linux och kommandon. Man bör också vara van vid att arbeta med SSH. En
+generell kännedom om Apache och Postfix underlättar också, även om det inte är
+något krav.
+
+## Framsidan
+![Ansible från grunden](framsidan-ansible-fran-grunden.jpg)

ankeborg-demo-v2.yml

@@ -0,0 +1,21 @@
+- hosts: ankeborg
+  become: true
+  vars:
+    timezone: Europe/Stockholm
+
+  collections: 
+    - jackbenny.demo
+
+  tasks:
+    - name: Test my dummy module
+      dummy:
+        number: 51
+      register: the_num
+
+    - name: Print the return value
+      debug:
+        msg: "{{ the_num }}"
+
+  roles:
+    - base
+

ankeborg-demo.yml

@@ -0,0 +1,18 @@
+- hosts: ankeborg
+  become: true
+  vars:
+    timezone: Europe/Stockholm
+
+  tasks:
+    - name: Test my dummy module
+      jackbenny.demo.dummy:
+        number: 51
+      register: the_num
+
+    - name: Print the return value
+      debug:
+        msg: "{{ the_num }}"
+
+  roles:
+    - jackbenny.demo.base
+

ankeborg-jackbenny-postfix.yml

@@ -0,0 +1,13 @@
+- hosts: ankeborg
+  become: true
+  vars:
+    mail_hostname: "{{ inventory_hostname }}"
+    canonical_name: "{{ inventory_hostname_short }}.mynet.\
+      example.com"
+    relay_user: xxx
+    relay_password: yyy
+    external_email_address: me@example.com
+
+  roles:
+    - jackbenny.postfix
+

ankeborg-med-postfix-v2.yml

@@ -0,0 +1,21 @@
+- hosts: ankeborg
+  become: true
+  vars:
+    mail_hostname: "{{ inventory_hostname }}"
+    canonical_name: "{{ inventory_hostname_short }}.nixnet.\
+      example.tld"
+
+  pre_tasks:
+    - name: Update cache on Debian/Ubuntu
+      apt:
+        update_cache: yes
+      when: ansible_os_family == 'Debian'
+    - name: Update cache on RedHat/CentOS/Fedora
+      dnf:
+        update_cache: yes
+      when: ansible_os_family == 'RedHat'
+
+  roles:
+    - base
+    - postfix-v2
+

ankeborg-med-postfix-v3.yml

@@ -0,0 +1,11 @@
+- hosts: ankeborg
+  become: true
+  vars:
+    mail_hostname: "{{ inventory_hostname }}"
+    canonical_name: "{{ inventory_hostname_short }}.nixnet.\
+      example.tld"
+
+  roles:
+    - base-v2
+    - postfix-v3
+

ankeborg-med-postfix-v4.yml

@@ -0,0 +1,11 @@
+- hosts: ankeborg
+  become: true
+  vars:
+    mail_hostname: "{{ inventory_hostname }}"
+    canonical_name: "{{ inventory_hostname_short }}.nixnet.\
+      example.tld"
+
+  roles:
+    - base-v2
+    - postfix-v4
+

ankeborg-med-postfix.yml

@@ -0,0 +1,21 @@
+- hosts: ankeborg
+  become: true
+  vars:
+    mail_hostname: "{{ inventory_hostname }}"
+    canonical_name: "{{ inventory_hostname_short }}.nixnet.\
+      example.tld"
+
+  pre_tasks:
+    - name: Update cache on Debian/Ubuntu
+      apt:
+        update_cache: yes
+      when: ansible_os_family == 'Debian'
+    - name: Update cache on RedHat/CentOS/Fedora
+      dnf:
+        update_cache: yes
+      when: ansible_os_family == 'RedHat'
+
+  roles:
+    - base
+    - postfix
+

ankeborg.yml

@@ -0,0 +1,16 @@
+- hosts: ankeborg
+  become: true
+
+  pre_tasks:
+    - name: Update cache on Debian/Ubuntu
+      apt:
+        update_cache: yes
+      when: ansible_os_family == 'Debian'
+    - name: Update cache on RedHat/CentOS/Fedora
+      dnf:
+        update_cache: yes
+      when: ansible_os_family == 'RedHat'
+
+  roles:
+    - base
+

ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+inventory = $HOME/ansible/hosts

create-password.py

@@ -0,0 +1,6 @@
+import crypt, getpass
+password = (crypt.crypt(getpass.getpass(),
+    crypt.mksalt(crypt.METHOD_SHA512)))
+f = open("newuser.pass", "w")
+f.write(password)
+f.close()

create-user.yml

@@ -0,0 +1,12 @@
+- name: Min första Play
+  hosts: ankeborg
+  become: true
+  tasks:
+    - name: Skapa användaren Kalle
+      user:
+        name: kalle
+        password: "$6$WAFtsM1BDHKlAGcF$jyMA41xQONrF0y\
+          /EuydPutK.CfVCJzfIzdb8qnw.Q75oOMUMrUoNSXJ2r\
+          tzwvTjX2xAmz0FxUy51vS2tc8zVs/"
+        shell: /bin/bash
+        create_home: yes

files/index.php

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>Bara ett test</title>
+  </head>
+  <body>
+
+  <?php echo "<h1>Hejsan!</h1>" ?>
+
+  </body>
+</html>
+

free-test.yml

@@ -0,0 +1,11 @@
+- hosts: all
+  strategy: free
+  tasks:
+    - name: Run whoami
+      command:
+        cmd: whoami
+
+    - name: Run uptime
+      command:
+        cmd: uptime
+

group_vars/ankeborg.yml

@@ -0,0 +1,3 @@
+ansible_user: jake
+ansible_become_pass: peak-airspeed
+ansible_become_method: sudo

hanterare-exempel1.yml

@@ -0,0 +1,18 @@
+- name: Playbook för att demonstrera hanterare
+  hosts: tjatte.nixnet.jke
+  become: yes
+  tasks:
+    - name: Installera MariaDB
+      dnf:
+        name: mariadb-server
+        state: present
+        update_cache: yes
+      notify: Aktivera MariaDB
+
+  handlers:
+    - name: Aktivera MariaDB
+      systemd:
+        name: mariadb
+        state: started
+        enabled: yes
+

host_vars/joakim.nixnet.jke.yml

@@ -0,0 +1,2 @@
+ansible_become_method: su
+ansible_become_pass: speech-fargo

host_vars/knatte.nixnet.jke.yml

@@ -0,0 +1,2 @@
+ansible_become_method: su
+ansible_become_pass: speech-fargo

host_vars/win10-lab.yml

@@ -0,0 +1,8 @@
+ansible_user: Jack-Benny
+ansible_password: blue-panter
+ansible_connection: winrm
+ansible_winrm_transport: basic
+ansible_winrm_server_cert_validation: ignore
+ansible_winrm_scheme: https
+ansible_port: 5986
+

hosts

@@ -0,0 +1,8 @@
+[ankeborg]
+knatte.nixnet.jke ansible_host=192.168.0.29
+fnatte.nixnet.jke ansible_host=192.168.0.24
+tjatte.nixnet.jke ansible_host=192.168.0.42
+joakim.nixnet.jke ansible_host=192.168.0.47
+
+[win10]
+win10-lab ansible_host=192.168.0.40

import-include.yml

@@ -0,0 +1,13 @@
+- name: Testa import_tasks och include_tasks
+  hosts: localhost
+  tasks: 
+    - include_tasks: x.yml  # import_tasks fungerar
+      with_items: [1, 2, 3] # inte för loopar
+
+- name: Läsa taggar fungerar bara med import
+  hosts: localhost
+  vars:
+    - testar: hejsan
+  tasks:
+    - import_tasks: y.yml
+

index.php

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <title>Bara ett test</title>
+  </head>
+  <body>
+
+  <?php echo "<h1>Hejsan!</h1>" ?>
+
+  </body>
+</html>
+

install-vim.yml

@@ -0,0 +1,8 @@
+- hosts: all
+  become: yes
+  tasks:
+    - name: Install vim
+      package:
+        name: vim
+        state: present
+

jinja-hostvars.yml

@@ -0,0 +1,7 @@
+- hosts: localhost
+
+  tasks:
+  - name: Lista hela hostvars
+    debug:
+      msg: "{{ hostvars }}"
+

jinja-if.yml

@@ -0,0 +1,14 @@
+- hosts: localhost
+  vars:
+    namn:
+      - Knatte
+      - Tjatte
+      - Fnatte
+      - Joakim
+
+  tasks:
+  - name: If-test
+    template:
+      src: testfil_if.j2
+      dest: testfil_if.txt
+

jinja-ip-adresser.yml

@@ -0,0 +1,9 @@
+- name: Extract test
+  hosts: localhost
+
+  tasks:
+  - name: Lista IP
+    debug:
+      msg: "{{ groups['ankeborg'] | map('extract', 
+        hostvars, ['ansible_host']) }}"
+

jinja-knatte-ip.yml

@@ -0,0 +1,9 @@
+- name: Extract test
+  hosts: localhost
+
+  tasks:
+  - name: Lista IP
+    debug:
+      msg: "{{ ['knatte.nixnet.jke'] | map('extract',
+        hostvars, ['ansible_host']) }}"
+

jinja-loop.yml

@@ -0,0 +1,14 @@
+- hosts: localhost
+  vars:
+    namn:
+      - Knatte
+      - Tjatte
+      - Fnatte
+      - Joakim
+
+  tasks:
+    - name: Loop-test
+      template:
+        src: testfil_loop.j2
+        dest: testfil_loop.txt
+

jinja-losen.yml

@@ -0,0 +1,9 @@
+- name: Extract test
+  hosts: localhost
+
+  tasks:
+  - name: Lista alla lösenord
+    debug:
+      msg: "{{ groups['ankeborg'] | map('extract',
+        hostvars, ['ansible_become_pass']) }}"
+

jinja-map.yml

@@ -0,0 +1,41 @@
+- name: Map test
+  hosts: localhost
+  vars:
+    namn: [
+      {
+        "fornamn": "Knatte",
+        "efternamn": "Anka",
+        "tel": 07012345678,
+        "adress": {
+          "stad": "Ankeborg",
+          "gata": "Ankvägen 1"
+        }
+      },
+      {
+        "fornamn": "Joakim",
+        "efternamn": "von Anka",
+        "tel": 070987654321,
+        "adress": {
+          "stad": "Ankeborg",
+          "gata": "Pengavägen 1"
+        },
+      },
+      {
+        "fornamn": "Oppfinnar-Jocke",
+        "efternamn": "Johansson",
+        "tel": 070123123123,
+        "adress": {
+          "stad": "Ankeborg",
+          "gata": "Laboratorievägen 1"
+        },
+      }]
+
+  tasks:
+  - name: Lista alla gator
+    debug:
+      msg="{{ namn | map(attribute='fornamn') }}"
+  - name: Lista alla städerna
+    debug:
+      msg="{{ namn | map(attribute='adress')
+        | map(attribute='gata') | join(', ') }}"
+

jinja-testing-numbers.yml

@@ -0,0 +1,28 @@
+- hosts: localhost
+  vars:
+    num1: 5
+    num2: 10
+    lista: [2, 2, 9, 1, 5, 2, 1]
+    namn: ["Knatte", "Fnatte", "Knatte", "Knatte"]
+
+  tasks:
+    - name: Utföra aritmetik
+      debug:
+        msg: "{{ num1 * num2 }}"
+
+    - name: Hitta minsta talet
+      debug:
+        msg: "{{ lista|min }}"
+
+    - name: Hitta största talet
+      debug:
+        msg: "{{ lista|max }}"
+
+    - name: Lista bara unika tal
+      debug:
+        msg: "{{ lista|unique }}"
+
+    - name: Unique fungerar även på strängar
+      debug:
+        msg: "{{ namn|unique }}"
+

jinja-testing.yml

@@ -0,0 +1,20 @@
+- hosts: localhost
+  vars:
+    text: Hej alla glada
+    num1: 5
+    num2: 10
+
+  tasks:
+    - name: Skriv ut variablerna
+      debug:
+        msg: "Texten är: {{ text }}. Talen är {{ num1 }}
+          och {{ num2 }}."
+
+    - name: Omvandla till versaler
+      debug:
+        msg: "{{ text|upper }}"
+
+    - name: Byt ut text och gör allt till gemener
+      debug:
+        msg: "{{ text|replace('glada','utvecklare')|lower }}"
+

jinja-vardnamn.yml

@@ -0,0 +1,8 @@
+- name: Extract test
+  hosts: localhost
+
+  tasks:
+  - name: Lista värdnamnen
+    debug:
+      msg: "{{ groups['ankeborg'] }}"
+

memtest-v2.yml

@@ -0,0 +1,12 @@
+- name: Kör ett kommando om mer än 1500 mb ledigt minne
+  hosts: ankeborg
+  tasks:
+    - name: Kör echo
+      when: ansible_memfree_mb >= 1500
+      command:
+        cmd: echo "Bara ett test"
+      register: utdata
+
+    - name: Skriv ut utdata
+      debug:
+        var: utdata.stdout_lines

memtest.yml

@@ -0,0 +1,7 @@
+- name: Kör ett kommando om mer än 1500 mb ledigt minne
+  hosts: ankeborg
+  tasks:
+    - name: Kör echo
+      when: ansible_memfree_mb >= 1500
+      command:
+        cmd: echo "Bara ett test"

minfil.txt

@@ -0,0 +1 @@
+Hejsan

newuser.pass

@@ -0,0 +1 @@
+$6$WAFtsM1BDHKlAGcF$jyMA41xQONrF0y/EuydPutK.CfVCJzfIzdb8qnw.Q75oOMUMrUoNSXJ2rtzwvTjX2xAmz0FxUy51vS2tc8zVs/

roles/base-v2/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - role: update_cache
+

roles/base-v2/tasks/main.yml

@@ -0,0 +1,13 @@
+- name: Install common tools
+  package:
+    name: "{{ item }}"
+  with_items:
+    - curl
+    - gnupg
+    - vim
+    - ca-certificates
+
+- name: Set the timezone to Stockholm
+  timezone:
+    name: Europe/Stockholm
+

roles/base/tasks/main.yml

@@ -0,0 +1,13 @@
+- name: Install common tools
+  package:
+    name: "{{ item }}"
+  with_items:
+    - curl
+    - gnupg
+    - vim
+    - ca-certificates
+
+- name: Set the timezone to Stockholm
+  timezone:
+    name: Europe/Stockholm
+

roles/my_role/defaults/main.yml

@@ -0,0 +1 @@
+my_number: 10

roles/my_role/library/dummy.py

@@ -0,0 +1,35 @@
+#!/usr/bin/python
+from ansible.module_utils.basic import AnsibleModule
+
+def run_module():
+    # definiera argument till modulen
+    module_args = dict(
+        number=dict(type='int', required=True),
+        )
+
+    # skapa en dict för resultatet
+    result = dict(
+        changed=False,
+        number=0,
+        )
+
+    # inställningar för modulen
+    module = AnsibleModule(
+        argument_spec=module_args,
+        supports_check_mode=False
+        )
+
+    # logiken för modulen
+    result['number'] = module.params['number']
+    if result['number'] > 50:
+        result['changed']=True
+
+    # returnera resultatet som json
+    module.exit_json(**result)
+
+def main():
+    run_module()
+
+if __name__ == '__main__':
+    main()
+

roles/my_role/tasks/main.yml

@@ -0,0 +1,4 @@
+- name: Testa vår egna modul
+  dummy:
+    number: "{{ my_number }}"
+

roles/postfix-v2/defaults/main.yml

@@ -0,0 +1,7 @@
+mail_hostname: vm.nixnet.jke
+canonical_name: vm.nixnet.example.tld
+relay_host: email-smtp.eu-west-1.amazonaws.com
+relay_port: 465
+relay_user: 
+relay_password: 
+

roles/postfix-v2/files/aliases

@@ -0,0 +1,14 @@
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
+noc: root
+security: root
+root: jake
+jake: vm-mail@cyberinfo.se
+

roles/postfix-v2/handlers/main.yml

@@ -0,0 +1,18 @@
+- name: Activate and restart Postfix
+  service:
+    name: postfix
+    enabled: yes
+    state: restarted
+
+- name: Generate SASL
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sasl_passwd
+
+- name: Generate aliases
+  command:
+    cmd: /usr/sbin/postalias /etc/aliases
+
+- name: Generate sender_canonical
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sender_canonical
+

roles/postfix-v2/tasks/main.yml

@@ -0,0 +1,43 @@
+- name: Check that a username and password is supplied
+  assert:
+    that:
+      - (relay_user is defined) and (relay_user is not none)
+      - (relay_password is defined) and 
+          (relay_password is not none)
+    fail_msg: "'relay_user' and 'relay_password' must be set"
+    success_msg: "username and password for relay is set"
+
+- name: Install Postfix and s-nail
+  package:
+    state: present
+    name: "{{ item }}"
+  with_items:
+    - postfix
+    - s-nail
+  notify: Activate and restart Postfix
+
+- name: Configure Postfix
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main cf
+  notify: Activate and restart Postfix
+
+- name: Copy Postfix authentication
+  template:
+    src: sasl_passwd.j2
+    dest: /etc/postfix/sasl_passwd
+    mode: 0600
+  notify: Generate SASL
+
+- name: Copy alisases
+  copy:
+    src: aliases
+    dest: /etc/aliases
+  notify: Generate aliases
+
+- name: Copy sender_canonical
+  template:
+    src: sender_canonical.j2
+    dest: /etc/postfix/sender_canonical
+  notify: Generate sender_canonical
+

roles/postfix-v2/templates/main.cf.j2

@@ -0,0 +1,29 @@
+biff = no
+append_dot_mydomain = no
+compatibility_level = 2
+myhostname = {{ mail_hostname }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = {{ mail_hostname }}
+mydestination = $myhostname, {{ mail_hostname }}, localhost
+relayhost = [{{ relay_host }}]:{{ relay_port }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = localhost
+inet_protocols = all
+
+# enable SASL authentication
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_security_options = noanonymous
+smtp_sasl_tls_security_options = noanonymous
+
+# Enable STARTTLS encryption
+smtp_use_tls = yes
+smtp_tls_wrappermode = yes
+smtp_tls_security_level = encrypt
+
+# Setup sender canonical mapping
+sender_canonical_maps = hash:/etc/postfix/sender_canonical
+

roles/postfix-v2/templates/sasl_passwd.j2

@@ -0,0 +1,2 @@
+[{{ relay_host }}]:{{ relay_port }} {{ relay_user }}:{{ relay_password }}
+

roles/postfix-v2/templates/sender_canonical.j2

@@ -0,0 +1,3 @@
+root    root@{{ canonical_name }}
+jake    jake@{{ canonical_name }}
+

roles/postfix-v3/defaults/main.yml

@@ -0,0 +1,7 @@
+mail_hostname: vm.nixnet.jke
+canonical_name: vm.nixnet.example.tld
+relay_host: email-smtp.eu-west-1.amazonaws.com
+relay_port: 465
+relay_user: 
+relay_password: 
+

roles/postfix-v3/files/aliases

@@ -0,0 +1,14 @@
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
+noc: root
+security: root
+root: jake
+jake: vm-mail@cyberinfo.se
+

roles/postfix-v3/handlers/main.yml

@@ -0,0 +1,18 @@
+- name: Activate and restart Postfix
+  service:
+    name: postfix
+    enabled: yes
+    state: restarted
+
+- name: Generate SASL
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sasl_passwd
+
+- name: Generate aliases
+  command:
+    cmd: /usr/sbin/postalias /etc/aliases
+
+- name: Generate sender_canonical
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sender_canonical
+

roles/postfix-v3/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - role: update_cache
+

roles/postfix-v3/tasks/main.yml

@@ -0,0 +1,43 @@
+- name: Check that a username and password is supplied
+  assert:
+    that:
+      - (relay_user is defined) and (relay_user is not none)
+      - (relay_password is defined) and 
+          (relay_password is not none)
+    fail_msg: "'relay_user' and 'relay_password' must be set"
+    success_msg: "username and password for relay is set"
+
+- name: Install Postfix and s-nail
+  package:
+    state: present
+    name: "{{ item }}"
+  with_items:
+    - postfix
+    - s-nail
+  notify: Activate and restart Postfix
+
+- name: Configure Postfix
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main cf
+  notify: Activate and restart Postfix
+
+- name: Copy Postfix authentication
+  template:
+    src: sasl_passwd.j2
+    dest: /etc/postfix/sasl_passwd
+    mode: 0600
+  notify: Generate SASL
+
+- name: Copy alisases
+  copy:
+    src: aliases
+    dest: /etc/aliases
+  notify: Generate aliases
+
+- name: Copy sender_canonical
+  template:
+    src: sender_canonical.j2
+    dest: /etc/postfix/sender_canonical
+  notify: Generate sender_canonical
+

roles/postfix-v3/templates/main.cf.j2

@@ -0,0 +1,29 @@
+biff = no
+append_dot_mydomain = no
+compatibility_level = 2
+myhostname = {{ mail_hostname }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = {{ mail_hostname }}
+mydestination = $myhostname, {{ mail_hostname }}, localhost
+relayhost = [{{ relay_host }}]:{{ relay_port }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = localhost
+inet_protocols = all
+
+# enable SASL authentication
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_security_options = noanonymous
+smtp_sasl_tls_security_options = noanonymous
+
+# Enable STARTTLS encryption
+smtp_use_tls = yes
+smtp_tls_wrappermode = yes
+smtp_tls_security_level = encrypt
+
+# Setup sender canonical mapping
+sender_canonical_maps = hash:/etc/postfix/sender_canonical
+

roles/postfix-v3/templates/sasl_passwd.j2

@@ -0,0 +1,2 @@
+[{{ relay_host }}]:{{ relay_port }} {{ relay_user }}:{{ relay_password }}
+

roles/postfix-v3/templates/sender_canonical.j2

@@ -0,0 +1,3 @@
+root    root@{{ canonical_name }}
+jake    jake@{{ canonical_name }}
+

roles/postfix-v4/defaults/main.yml

@@ -0,0 +1,7 @@
+mail_hostname: vm.nixnet.jke
+canonical_name: vm.nixnet.example.tld
+relay_host: email-smtp.eu-west-1.amazonaws.com
+relay_port: 465
+relay_user: 
+relay_password: 
+

roles/postfix-v4/files/aliases

@@ -0,0 +1,14 @@
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
+noc: root
+security: root
+root: jake
+jake: vm-mail@cyberinfo.se
+

roles/postfix-v4/handlers/main.yml

@@ -0,0 +1,18 @@
+- name: Activate and restart Postfix
+  service:
+    name: postfix
+    enabled: yes
+    state: restarted
+
+- name: Generate SASL
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sasl_passwd
+
+- name: Generate aliases
+  command:
+    cmd: /usr/sbin/postalias /etc/aliases
+
+- name: Generate sender_canonical
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sender_canonical
+

roles/postfix-v4/meta/main.yml

@@ -0,0 +1,3 @@
+dependencies:
+  - role: update_cache
+

roles/postfix-v4/tasks/configure-postfix.yml

@@ -0,0 +1,6 @@
+- name: Configure Postfix
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main.cf
+  notify: Activate and restart Postfix
+

roles/postfix-v4/tasks/copy-aliases.yml

@@ -0,0 +1,6 @@
+- name: Copy alisases
+  copy:
+    src: aliases
+    dest: /etc/aliases
+  notify: Generate aliases
+

roles/postfix-v4/tasks/copy-postfix-auth.yml

@@ -0,0 +1,7 @@
+- name: Copy Postfix authentication
+  template:
+    src: sasl_passwd.j2
+    dest: /etc/postfix/sasl_passwd
+    mode: 0600
+  notify: Generate SASL
+

roles/postfix-v4/tasks/copy-sender-canonical.yml

@@ -0,0 +1,6 @@
+- name: Copy sender_canonical
+  template:
+    src: sender_canonical.j2
+    dest: /etc/postfix/sender_canonical
+  notify: Generate sender_canonical
+

roles/postfix-v4/tasks/install-postfix.yml

@@ -0,0 +1,9 @@
+- name: Install Postfix and s-nail
+  package:
+    state: present
+    name: "{{ item }}"
+  with_items:
+    - postfix
+    - s-nail
+  notify: Activate and restart Postfix
+

roles/postfix-v4/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: Check that a username and password is supplied
+  assert:
+    that:
+      - (relay_user is defined) and (relay_user is not none)
+      - (relay_password is defined) and
+          (relay_password is not none)
+    fail_msg: "'relay_user' and 'relay_password' must be set"
+    success_msg: "username and password for relay is set"
+
+- import_tasks: install-postfix.yml
+- import_tasks: configure-postfix.yml
+- import_tasks: copy-postfix-auth.yml
+- import_tasks: copy-aliases.yml
+- import_tasks: copy-sender-canonical.yml
+

roles/postfix-v4/templates/main.cf.j2

@@ -0,0 +1,29 @@
+biff = no
+append_dot_mydomain = no
+compatibility_level = 2
+myhostname = {{ mail_hostname }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = {{ mail_hostname }}
+mydestination = $myhostname, {{ mail_hostname }}, localhost
+relayhost = [{{ relay_host }}]:{{ relay_port }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = localhost
+inet_protocols = all
+
+# enable SASL authentication
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_security_options = noanonymous
+smtp_sasl_tls_security_options = noanonymous
+
+# Enable STARTTLS encryption
+smtp_use_tls = yes
+smtp_tls_wrappermode = yes
+smtp_tls_security_level = encrypt
+
+# Setup sender canonical mapping
+sender_canonical_maps = hash:/etc/postfix/sender_canonical
+

roles/postfix-v4/templates/sasl_passwd.j2

@@ -0,0 +1,2 @@
+[{{ relay_host }}]:{{ relay_port }} {{ relay_user }}:{{ relay_password }}
+

roles/postfix-v4/templates/sender_canonical.j2

@@ -0,0 +1,3 @@
+root    root@{{ canonical_name }}
+jake    jake@{{ canonical_name }}
+

roles/postfix/defaults/main.yml

@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.1;AES256
+38326433663334316231393964323861326634316138663137343462303639383539613232633865
+6462656338656163373330366635373431366638353365610a646133313831346534393736323737
+38616533373133383766303538643635326535303232633837653737616362323432313964653837
+6136306639613862340a316165623962356265646434383833303136656633656334343335633032
+33346234633833363936383937623835313130373133626231326361666566636161353361616361
+35323032383266643561636536616533333264613730623064663838346431353030393330336565
+31653864396466303338626535343063633139383731326430356436626530373766353033366237
+32343930373739306139643263306266333235383764656137326165646531646330383663306166
+31376366366465663862383834343233363163383839663263393637353762346333663136633563
+62393730363237666232353439623832623162363330616165653230653866663065613533393833
+62343261356164653835383866343139303136316235323530356136663730613234383563653562
+37346236366538366638633462326161333337316630333239643263303737663531373965386631
+3834

roles/postfix/files/aliases

@@ -0,0 +1,14 @@
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
+noc: root
+security: root
+root: jake
+jake: vm-mail@cyberinfo.se
+

roles/postfix/handlers/main.yml

@@ -0,0 +1,18 @@
+- name: Activate and restart Postfix
+  service:
+    name: postfix
+    enabled: yes
+    state: restarted
+
+- name: Generate SASL
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sasl_passwd
+
+- name: Generate aliases
+  command:
+    cmd: /usr/sbin/postalias /etc/aliases
+
+- name: Generate sender_canonical
+  command:
+    cmd: /usr/sbin/postmap /etc/postfix/sender_canonical
+

roles/postfix/tasks/main.yml

@@ -0,0 +1,34 @@
+- name: Install Postfix and s-nail
+  package:
+    state: present
+    name: "{{ item }}"
+  with_items:
+    - postfix
+    - s-nail
+  notify: Activate and restart Postfix
+
+- name: Configure Postfix
+  template:
+    src: main.cf.j2
+    dest: /etc/postfix/main.cf
+  notify: Activate and restart Postfix
+
+- name: Copy Postfix authentication
+  template:
+    src: sasl_passwd.j2
+    dest: /etc/postfix/sasl_passwd
+    mode: 0600
+  notify: Generate SASL
+
+- name: Copy alisases
+  copy:
+    src: aliases
+    dest: /etc/aliases
+  notify: Generate aliases
+
+- name: Copy sender_canonical
+  template:
+    src: sender_canonical.j2
+    dest: /etc/postfix/sender_canonical
+  notify: Generate sender_canonical
+

roles/postfix/templates/main.cf.j2

@@ -0,0 +1,29 @@
+biff = no
+append_dot_mydomain = no
+compatibility_level = 2
+myhostname = {{ mail_hostname }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = {{ mail_hostname }}
+mydestination = $myhostname, {{ mail_hostname }}, localhost
+relayhost = [{{ relay_host }}]:{{ relay_port }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = localhost
+inet_protocols = all
+
+# enable SASL authentication
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_security_options = noanonymous
+smtp_sasl_tls_security_options = noanonymous
+
+# Enable STARTTLS encryption
+smtp_use_tls = yes
+smtp_tls_wrappermode = yes
+smtp_tls_security_level = encrypt
+
+# Setup sender canonical mapping
+sender_canonical_maps = hash:/etc/postfix/sender_canonical
+

roles/postfix/templates/sasl_passwd.j2

@@ -0,0 +1,2 @@
+[{{ relay_host }}]:{{ relay_port }} {{ relay_user }}:{{ relay_password }}
+

roles/postfix/templates/sender_canonical.j2

@@ -0,0 +1,3 @@
+root    root@{{ canonical_name }}
+jake    jake@{{ canonical_name }}
+

roles/update_cache/tasks/main.yml

@@ -0,0 +1,9 @@
+- name: Update cache on Debian/Ubuntu
+  apt:
+    update_cache: yes
+  when: ansible_os_family == 'Debian'
+- name: Update cache on RedHat/CentOS/Fedora
+  dnf:
+    update_cache: yes
+  when: ansible_os_family == 'RedHat'
+

roles/update_windows/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: Update Windows
+  ansible.windows.win_updates:
+    category_names: "*"
+    reboot: yes
+

skapa-webbservrar-v2.yml

@@ -0,0 +1,17 @@
+- name: Sätt upp en webbsida med PHP-stöd
+  become: true
+  hosts: ankeborg
+  tasks:
+    - import_tasks: tasks/installera-apache-php.yml
+    - import_tasks: tasks/aktivera-apache.yml
+    - import_tasks: tasks/firewalld-http.yml
+    - import_tasks: tasks/skapa-webbsida.yml
+
+- name: Testa webbservrarna
+  hosts: localhost
+  tasks:
+    - name: Anslut till servrarna
+      import_tasks: tasks/testa-webbservrarna.yml 
+      vars: 
+        min_grupp: ankeborg
+

skapa-webbservrar-v3.yml

@@ -0,0 +1,20 @@
+- name: Sätt upp en webbsida med PHP-stöd
+  become: true
+  hosts: ankeborg
+  tasks:
+    - import_tasks: tasks/installera-apache-php-v3.yml
+    - import_tasks: tasks/skapa-webbsida-v3.yml
+
+  handlers:
+    - import_tasks: tasks/aktivera-apache.yml
+    - import_tasks: tasks/firewalld-http.yml
+    - import_tasks: tasks/radera-exempelsida-v3.yml
+
+- name: Testa webbservrarna
+  hosts: localhost
+  tasks:
+    - name: Anslut till servrarna
+      import_tasks: tasks/testa-webbservrarna.yml 
+      vars: 
+        min_grupp: ankeborg
+

skapa-webbservrar.yml

@@ -0,0 +1,67 @@
+- name: Sätt upp en webbsida med PHP-stöd
+  become: true
+  hosts: ankeborg
+  tasks:
+    - name: Installera Apache och PHP i Debian
+      when: ansible_os_family == 'Debian'
+      apt:
+        update_cache: yes
+        name: "{{ item }}"
+        state: present
+        install_recommends: yes
+      with_items:
+        - apache2
+        - libapache2-mod-php
+
+    - name: Installera Apache och PHP i RedHat
+      when: ansible_os_family == 'RedHat' 
+      dnf:
+        name:  "{{ item }}"
+        state: present
+        update_cache: yes
+        install_weak_deps: yes
+      with_items:
+        - httpd
+        - php
+
+    - name: Aktivera Apache i Debian
+      when: ansible_os_family == 'Debian'
+      systemd:
+        name: apache2
+        enabled: yes
+        state: started
+
+    - name: Aktivera Apache i RedHat
+      when: ansible_os_family == 'RedHat'
+      systemd:
+        name: httpd
+        enabled: yes
+        state: started
+
+    - name: Öppna brandväggen i RedHat
+      when: ansible_os_family == 'RedHat'
+      firewalld:
+        service: http
+        permanent: yes
+        immediate: yes
+        state: enabled
+
+    - name: Ta bort eventuell exempelsida
+      file:
+        path: /var/www/html/index.html
+        state: absent
+
+    - name: Kopiera PHP-filen till värdarna
+      copy:
+        src: index.php
+        dest: /var/www/html/index.php
+
+- name: Testa webbservrarna
+  hosts: localhost
+  tasks:
+    - name: Anslut till webbservrarna
+      uri:
+        url: "http://{{ item }}"
+      with_items: "{{ groups['ankeborg'] | map('extract', \
+        hostvars, ['ansible_host']) }}"
+

tasks/aktivera-apache-v3.yml

@@ -0,0 +1,18 @@
+- name: Aktivera Apache i Debian
+  tags:
+    - apache
+    - systemd
+  systemd:
+    name: apache2
+    enabled: yes
+    state: started
+
+- name: Aktivera Apache i RedHat
+  tags:
+    - apache
+    - systemd
+  systemd:
+    name: httpd
+    enabled: yes
+    state: started
+

tasks/aktivera-apache.yml

@@ -0,0 +1,20 @@
+- name: Aktivera Apache i Debian
+  tags:
+    - apache
+    - systemd
+  when: ansible_os_family == 'Debian'
+  systemd:
+    name: apache2
+    enabled: yes
+    state: started
+
+- name: Aktivera Apache i RedHat
+  tags:
+    - apache
+    - systemd
+  when: ansible_os_family == 'RedHat'
+  systemd:
+    name: httpd
+    enabled: yes
+    state: started
+

tasks/firewalld-http.yml

@@ -0,0 +1,10 @@
+- name: Öppna brandväggen i RedHat
+  tags:
+    - firewall
+  when: ansible_os_family == 'RedHat'
+  firewalld:
+    service: http
+    permanent: yes
+    immediate: yes
+    state: enabled
+

tasks/firewalld-httpd-v3.yml

@@ -0,0 +1,9 @@
+- name: Öppna brandväggen i RedHat
+  tags:
+    - firewall
+  firewalld:
+    service: http
+    permanent: yes
+    immediate: yes
+    state: enabled
+

tasks/installera-apache-php-v3.yml

@@ -0,0 +1,34 @@
+- name: Installera Apache och PHP i Debian
+  tags:
+    - apache
+    - package
+  when: ansible_os_family == 'Debian'
+  apt:
+    update_cache: yes
+    name: "{{ item }}"
+    state: present
+    install_recommends: yes
+  with_items:
+    - apache2
+    - libapache2-mod-php
+  notify: 
+    - Ta bort eventuell exempelsida
+    - Aktivera Apache i Debian
+
+- name: Installera Apache och PHP i RedHat
+  tags:
+    - apache
+    - package
+  when: ansible_os_family == 'RedHat' 
+  dnf:
+    name:  "{{ item }}"
+    state: present
+    update_cache: yes
+    install_weak_deps: yes
+  with_items:
+    - httpd
+    - php
+  notify: 
+    - Ta bort eventuell exempelsida
+    - Aktivera Apache i RedHat
+    - Öppna brandväggen i RedHat

tasks/installera-apache-php.yml

@@ -0,0 +1,28 @@
+- name: Installera Apache och PHP i Debian
+  tags:
+    - apache
+    - package
+  when: ansible_os_family == 'Debian'
+  apt:
+    update_cache: yes
+    name: "{{ item }}"
+    state: present
+    install_recommends: yes
+  with_items:
+    - apache2
+    - libapache2-mod-php
+
+- name: Installera Apache och PHP i RedHat
+  tags:
+    - apache
+    - package
+  when: ansible_os_family == 'RedHat' 
+  dnf:
+    name:  "{{ item }}"
+    state: present
+    update_cache: yes
+    install_weak_deps: yes
+  with_items:
+    - httpd
+    - php
+

tasks/radera-exempelsida-v3.yml

@@ -0,0 +1,8 @@
+- name: Ta bort eventuell exempelsida
+  tags:
+    - index
+    - remove
+  file:
+    path: /var/www/html/index.html
+    state: absent
+

tasks/skapa-webbsida-v3.yml

@@ -0,0 +1,8 @@
+- name: Kopiera PHP-filen till värdarna
+  tags:
+    - index
+    - copy
+  copy:
+    src: ../files/index.php
+    dest: /var/www/html/index.php
+

tasks/skapa-webbsida.yml

@@ -0,0 +1,16 @@
+- name: Ta bort eventuell exempelsida
+  tags:
+    - index
+    - remove
+  file:
+    path: /var/www/html/index.html
+    state: absent
+
+- name: Kopiera PHP-filen till värdarna
+  tags:
+    - index
+    - copy
+  copy:
+    src: ../files/index.php
+    dest: /var/www/html/index.php
+

tasks/testa-webbservrarna.yml

@@ -0,0 +1,8 @@
+- name: Anslut till webbservrarna
+  tags:
+    - connect
+  uri:
+    url: "http://{{ item }}"
+  with_items: "{{ groups[min_grupp] | map('extract', \
+    hostvars, ['ansible_host']) }}"
+

test_my_role.yml

@@ -0,0 +1,6 @@
+- hosts: ankeborg
+  vars:
+    my_number: 45
+  roles:
+    - my_role 
+

testfil_if.j2

@@ -0,0 +1,10 @@
+{% for item in namn %}
+{% if item == "Joakim" %}
+ * {{ item }} är deras farbror
+{% elif "tte" in item %}
+ * {{ item }} bor med {{ "kalle anka"|title }}
+{% else %}
+ * {{ item }}
+{% endif %}
+{% endfor %}
+

testfil_if.txt

@@ -0,0 +1,5 @@
+ * Knatte bor med Kalle Anka
+ * Tjatte bor med Kalle Anka
+ * Fnatte bor med Kalle Anka
+ * Joakim är deras farbror
+

testfil_loop.j2

@@ -0,0 +1,4 @@
+{% for item in namn %}
+ * {{ item }}
+{% endfor %}
+

testfil_loop.txt

@@ -0,0 +1,5 @@
+ * Knatte
+ * Tjatte
+ * Fnatte
+ * Joakim
+