Added role common
parent
4862b9dd69
commit
d3494ed1b9
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Close storage for ansible credentials
|
||||||
|
file:
|
||||||
|
path: "/etc/ansible-credentials"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: ansible-credentials
|
||||||
|
mode: 0700
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: restart ssh
|
||||||
|
systemd:
|
||||||
|
status: restarted
|
||||||
|
name: ssh
|
@ -0,0 +1,23 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Create group for access to ansible credentials
|
||||||
|
group:
|
||||||
|
name: ansible-credentials # TODO Export to variable
|
||||||
|
state: present
|
||||||
|
system: yes
|
||||||
|
|
||||||
|
- name: Configure storage for ansible credentials
|
||||||
|
file:
|
||||||
|
path: "/etc/ansible-credentials" # TODO Export to variable
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: ansible-credentials
|
||||||
|
mode: 0770
|
||||||
|
|
||||||
|
- name: Allow access to ansible credentials
|
||||||
|
user:
|
||||||
|
append: yes
|
||||||
|
name: "{{ ansible_user }}"
|
||||||
|
groups:
|
||||||
|
- ansible-credentials
|
||||||
|
|
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Configure timezone
|
||||||
|
timezone:
|
||||||
|
name: "{{ TIMEZONE }}"
|
||||||
|
when: TIMEZONE is defined
|
||||||
|
|
||||||
|
- name: Configure vim as defualt editor
|
||||||
|
alternatives:
|
||||||
|
name: editor
|
||||||
|
path: /usr/bin/vim.basic
|
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Configure apt packages
|
||||||
|
include_tasks: packages.yml
|
||||||
|
|
||||||
|
- name: Configure sshd
|
||||||
|
include_tasks: sshd.yml
|
||||||
|
|
||||||
|
- name: Configure ufw
|
||||||
|
include_tasks: ufw.yml
|
||||||
|
|
||||||
|
- name: Configure ansible credentials
|
||||||
|
include_tasks: credentials.yml
|
||||||
|
|
||||||
|
- name: Configure locales
|
||||||
|
include_tasks: locales.yml
|
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Update packages and install common packaged
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- acl
|
||||||
|
- apt-transport-https
|
||||||
|
- ca-certificates
|
||||||
|
- cron
|
||||||
|
- curl
|
||||||
|
- git
|
||||||
|
- gnupg2
|
||||||
|
- htop
|
||||||
|
- python
|
||||||
|
- python-pip
|
||||||
|
- software-properties-common
|
||||||
|
- tmux
|
||||||
|
- ufw
|
||||||
|
- vim
|
||||||
|
- wget
|
||||||
|
- zsh
|
||||||
|
state: latest
|
||||||
|
allow_unauthenticated: no
|
||||||
|
update_cache: yes
|
||||||
|
cache_valid_time: 3600
|
||||||
|
autoclean: yes
|
||||||
|
autoremove: yes
|
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Allow ssh on firewall
|
||||||
|
ufw:
|
||||||
|
rule: allow
|
||||||
|
port: 22
|
||||||
|
proto: tcp
|
||||||
|
|
||||||
|
- name: Disable password authentication on ssh
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
regexp: "^PasswordAuthentication "
|
||||||
|
line: "PasswordAuthentication no"
|
||||||
|
notify: restart ssh
|
||||||
|
|
||||||
|
# TODO Collect SSH Host Keys
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Enable firewall with deny by default
|
||||||
|
ufw:
|
||||||
|
state: enabled
|
||||||
|
policy: deny
|
Loading…
Reference in New Issue