[3657] | 1 | ---
|
---|
| 2 |
|
---|
| 3 | - name: Check that IP address is setup
|
---|
[3667] | 4 | template: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
|
---|
[3657] | 5 | tags: system
|
---|
| 6 |
|
---|
| 7 | - name: Check that GW is setup
|
---|
[3667] | 8 | template: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
|
---|
[3657] | 9 | tags: system
|
---|
| 10 |
|
---|
| 11 | # Validate the sudoers file before saving
|
---|
| 12 | - name: Check that sudo is configured
|
---|
| 13 | lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes
|
---|
| 14 | with_items:
|
---|
| 15 | - fwadmin
|
---|
| 16 | - bruno
|
---|
| 17 | tags: system
|
---|
| 18 |
|
---|
| 19 | - name: Check that sshd is installed
|
---|
| 20 | urpmi: name=openssh-server state=installed update_cache=yes no-recommends=yes
|
---|
| 21 | tags: system
|
---|
| 22 |
|
---|
| 23 | - name: Check that sshd is configured
|
---|
| 24 | #lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes
|
---|
| 25 | lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes
|
---|
| 26 | notify:
|
---|
| 27 | - restart sshd
|
---|
| 28 | tags: system
|
---|
| 29 |
|
---|
[3667] | 30 | - name: Ensure the groups exists
|
---|
| 31 | group: name={{ item }} state=present
|
---|
[3657] | 32 | tags: system
|
---|
[3667] | 33 | with_items:
|
---|
| 34 | - fwadmin
|
---|
| 35 | - bruno
|
---|
[3657] | 36 |
|
---|
[3667] | 37 | - name: Ensure the accounts exists
|
---|
| 38 | user: name={{ item }} state=present group={{ item }} home=/home/{{ item }} move_home=yes
|
---|
[3657] | 39 | tags: system
|
---|
[3667] | 40 | with_items:
|
---|
| 41 | - fwadmin
|
---|
| 42 | - bruno
|
---|
[3657] | 43 |
|
---|
[3667] | 44 | - name: Copy special keys for remote access (git...)
|
---|
| 45 | copy: src=/users/bruno/prj/musique-ancienne.org/mondorescue.org/{{ item.f }} dest=/home/bruno/{{ item.f }} mode={{ item.m }} backup=yes owner=bruno group=bruno
|
---|
[3657] | 46 | with_items:
|
---|
[3667] | 47 | - { f: .ssh, m: 700 }
|
---|
| 48 | - { f: .ssh/id_rsa, m: 600 }
|
---|
| 49 | - { f: .ssh/id_rsa.pub, m: 644 }
|
---|
| 50 |
|
---|
| 51 | - name: Copy public keys for access
|
---|
| 52 | lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' mode=0600 backup=yes owner={{ item }} group={{ item }}
|
---|
| 53 | with_items:
|
---|
[3657] | 54 | - fwadmin
|
---|
| 55 | - bruno
|
---|
| 56 | tags: system
|
---|
| 57 |
|
---|
| 58 | - name: Check that sshd is running and enabled
|
---|
| 59 | service: name=sshd state=running enabled=yes
|
---|
| 60 | tags: system
|
---|
| 61 |
|
---|
| 62 | - name: Check that sshutout is installed
|
---|
| 63 | urpmi: name=sshutout state=installed update_cache=yes no-recommends=yes
|
---|
| 64 | tags: system
|
---|
| 65 |
|
---|
| 66 | - name: Check that sshutout is configured
|
---|
[3667] | 67 | template: src=templates/sshutout.conf dest=/etc/sshutout.conf owner=root group=root mode=0600 backup=yes
|
---|
[3657] | 68 | notify:
|
---|
| 69 | - restart sshutout
|
---|
| 70 | tags: system
|
---|
| 71 |
|
---|
| 72 | - name: Check that sshutout is running and enabled
|
---|
| 73 | service: name=sshutout state=running enabled=yes
|
---|
| 74 | tags: system
|
---|
| 75 |
|
---|
[3670] | 76 | - name: Setup backup script
|
---|
| 77 | copy: src=files/{{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755 backup=yes
|
---|
| 78 | with_items:
|
---|
| 79 | - mkbkp
|
---|
| 80 | tags: system
|
---|
| 81 |
|
---|
[3657] | 82 | - name: Setup autoupdate via cron
|
---|
| 83 | cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes
|
---|
| 84 | tags: system
|
---|
[3670] | 85 |
|
---|
| 86 | - name: Setup backup for bruno via cron
|
---|
| 87 | cron: name=bkp minute=43 hour=02 user=bruno job="/usr/local/bin/mkbkp" cron_file=bkp state=present backup=yes
|
---|
| 88 | tags: system
|
---|