Added role common
parent
4862b9dd69
commit
d3494ed1b9
@ -0,0 +1,9 @@
|
||||
---
|
||||
|
||||
- name: Close storage for ansible credentials
|
||||
file:
|
||||
path: "/etc/ansible-credentials"
|
||||
state: directory
|
||||
owner: root
|
||||
group: ansible-credentials
|
||||
mode: 0700
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
- name: restart ssh
|
||||
systemd:
|
||||
status: restarted
|
||||
name: ssh
|
@ -0,0 +1,23 @@
|
||||
---
|
||||
|
||||
- name: Create group for access to ansible credentials
|
||||
group:
|
||||
name: ansible-credentials # TODO Export to variable
|
||||
state: present
|
||||
system: yes
|
||||
|
||||
- name: Configure storage for ansible credentials
|
||||
file:
|
||||
path: "/etc/ansible-credentials" # TODO Export to variable
|
||||
state: directory
|
||||
owner: root
|
||||
group: ansible-credentials
|
||||
mode: 0770
|
||||
|
||||
- name: Allow access to ansible credentials
|
||||
user:
|
||||
append: yes
|
||||
name: "{{ ansible_user }}"
|
||||
groups:
|
||||
- ansible-credentials
|
||||
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
|
||||
- name: Configure timezone
|
||||
timezone:
|
||||
name: "{{ TIMEZONE }}"
|
||||
when: TIMEZONE is defined
|
||||
|
||||
- name: Configure vim as defualt editor
|
||||
alternatives:
|
||||
name: editor
|
||||
path: /usr/bin/vim.basic
|
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
- name: Configure apt packages
|
||||
include_tasks: packages.yml
|
||||
|
||||
- name: Configure sshd
|
||||
include_tasks: sshd.yml
|
||||
|
||||
- name: Configure ufw
|
||||
include_tasks: ufw.yml
|
||||
|
||||
- name: Configure ansible credentials
|
||||
include_tasks: credentials.yml
|
||||
|
||||
- name: Configure locales
|
||||
include_tasks: locales.yml
|
@ -0,0 +1,27 @@
|
||||
---
|
||||
|
||||
- name: Update packages and install common packaged
|
||||
apt:
|
||||
name:
|
||||
- acl
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- cron
|
||||
- curl
|
||||
- git
|
||||
- gnupg2
|
||||
- htop
|
||||
- python
|
||||
- python-pip
|
||||
- software-properties-common
|
||||
- tmux
|
||||
- ufw
|
||||
- vim
|
||||
- wget
|
||||
- zsh
|
||||
state: latest
|
||||
allow_unauthenticated: no
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
autoclean: yes
|
||||
autoremove: yes
|
@ -0,0 +1,16 @@
|
||||
---
|
||||
|
||||
- name: Allow ssh on firewall
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 22
|
||||
proto: tcp
|
||||
|
||||
- name: Disable password authentication on ssh
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: "^PasswordAuthentication "
|
||||
line: "PasswordAuthentication no"
|
||||
notify: restart ssh
|
||||
|
||||
# TODO Collect SSH Host Keys
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
- name: Enable firewall with deny by default
|
||||
ufw:
|
||||
state: enabled
|
||||
policy: deny
|
Loading…
Reference in New Issue