93 lines
2.4 KiB
YAML
93 lines
2.4 KiB
YAML
- name: load distribution-specific variables
|
|
include_vars: '{{ item }}'
|
|
with_first_found:
|
|
- '{{ ansible_distribution }}.yml'
|
|
- '{{ ansible_os_family }}.yml'
|
|
- defaults.yml
|
|
tags:
|
|
- always
|
|
- name: load burp secrets
|
|
include_vars: '{{ item }}'
|
|
with_fileglob: vault/burp/{{ ansible_fqdn }}
|
|
tags:
|
|
- always
|
|
|
|
- name: ensure burp is installed
|
|
package:
|
|
name={{ burp_client_packages|join(',') }}
|
|
state=present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure burp server is configured for client
|
|
template:
|
|
src=server-clientconf.j2
|
|
dest=/etc/burp/clientconfdir/{{ ansible_fqdn }}
|
|
owner=burp
|
|
group=burp
|
|
mode=0400
|
|
delegate_to: '{{ burp_server_hostname }}'
|
|
|
|
- name: ensure burp pre-backup script is installed
|
|
copy:
|
|
src=scripts/{{ inventory_hostname }}/{{ burp_backup_script_pre|basename }}
|
|
dest={{ burp_backup_script_pre }}
|
|
mode=0755
|
|
when: burp_backup_script_pre is defined
|
|
- name: ensure burp post-backup script is installed
|
|
copy:
|
|
src=scripts/{{ inventory_hostname }}/{{ burp_backup_script_post|basename }}
|
|
dest={{ burp_backup_script_post }}
|
|
mode=0755
|
|
when: burp_backup_script_post is defined
|
|
- name: ensure burp pre-restore script is installed
|
|
copy:
|
|
src: scripts/{{ inventory_hostname }}/{{ burp_restore_script_pre|basename }}
|
|
dest: '{{ burp_restore_script_pre }}'
|
|
owner: root
|
|
group: root
|
|
mode: u=rwx,go=rx
|
|
when: burp_restore_script_pre is defined
|
|
- name: ensure burp post-restore script is installed
|
|
copy:
|
|
src: scripts/{{ inventory_hostname }}/{{ burp_restore_script_post|basename }}
|
|
dest: '{{ burp_restore_script_post }}'
|
|
owner: root
|
|
group: root
|
|
mode: u=rwx,go=rx
|
|
when: burp_restore_script_post is defined
|
|
- name: ensure burp client is configured
|
|
template:
|
|
src=burp.conf.j2
|
|
dest=/etc/burp/burp.conf
|
|
mode=0600
|
|
- name: ensure burp client certificate is available
|
|
command:
|
|
burp -c /etc/burp/burp.conf -g
|
|
creates=/etc/burp/ssl_cert-client.pem
|
|
|
|
- name: ensure auto backup systemd units are installed
|
|
copy:
|
|
src: '{{ item }}'
|
|
dest: /etc/systemd/system/
|
|
mode: u=rw,go=r
|
|
loop:
|
|
- burp-backup.service
|
|
- burp-backup.timer
|
|
notify:
|
|
- reload systemd
|
|
tags:
|
|
- systemd
|
|
- name: ensure auto backup timer is enabled
|
|
systemd:
|
|
name: burp-backup.timer
|
|
enabled: true
|
|
state: started
|
|
tags:
|
|
- service
|
|
|
|
- name: ensure legacy burp crontab file is removed
|
|
file:
|
|
path: /etc/cron.d/burp-backup
|
|
state: absent
|