1 | ---
|
---|
2 |
|
---|
3 | - name: Check that IP address is setup
|
---|
4 | template: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
|
---|
5 | tags: system
|
---|
6 |
|
---|
7 | - name: Check that GW is setup
|
---|
8 | template: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
|
---|
9 | tags: system
|
---|
10 |
|
---|
11 | # Validate the sudoers file before saving
|
---|
12 | - name: Check that sudo is configured
|
---|
13 | lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes
|
---|
14 | with_items:
|
---|
15 | - fwadmin
|
---|
16 | - bruno
|
---|
17 | tags: system
|
---|
18 |
|
---|
19 | - name: Check that sshd is installed
|
---|
20 | urpmi: name=openssh-server state=installed update_cache=yes no_recommends=yes
|
---|
21 | tags: system
|
---|
22 |
|
---|
23 | - name: Check that sshd is configured
|
---|
24 | #lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes
|
---|
25 | lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes
|
---|
26 | notify:
|
---|
27 | - restart sshd
|
---|
28 | tags: system
|
---|
29 |
|
---|
30 | - name: Ensure the groups exists
|
---|
31 | group: name={{ item }} state=present
|
---|
32 | tags: system
|
---|
33 | with_items:
|
---|
34 | - fwadmin
|
---|
35 | - bruno
|
---|
36 |
|
---|
37 | - name: Ensure the accounts exists
|
---|
38 | user: name={{ item }} state=present group={{ item }} home=/home/{{ item }} move_home=yes
|
---|
39 | tags: system
|
---|
40 | with_items:
|
---|
41 | - fwadmin
|
---|
42 | - bruno
|
---|
43 |
|
---|
44 | - name: Copy special keys for remote access (git...)
|
---|
45 | copy: src=/users/bruno/prj/musique-ancienne.org/mondorescue.org/{{ item.f }} dest=/home/bruno/{{ item.f }} mode={{ item.m }} backup=yes owner=bruno group=bruno
|
---|
46 | with_items:
|
---|
47 | - { f: .ssh, m: 700 }
|
---|
48 | - { f: .ssh/id_rsa, m: 600 }
|
---|
49 | - { f: .ssh/id_rsa.pub, m: 644 }
|
---|
50 |
|
---|
51 | - name: Copy public keys for access
|
---|
52 | lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' mode=0600 backup=yes owner={{ item }} group={{ item }}
|
---|
53 | with_items:
|
---|
54 | - fwadmin
|
---|
55 | - bruno
|
---|
56 | tags: system
|
---|
57 |
|
---|
58 | - name: Check that sshd is running and enabled
|
---|
59 | service: name=sshd state=started enabled=yes
|
---|
60 | tags: system
|
---|
61 |
|
---|
62 | - name: Check that sshutout is installed
|
---|
63 | urpmi: name=sshutout state=installed update_cache=yes no_recommends=yes
|
---|
64 | tags: system
|
---|
65 |
|
---|
66 | - name: Check that sshutout is configured
|
---|
67 | template: src=templates/sshutout.conf dest=/etc/sshutout.conf owner=root group=root mode=0600 backup=yes
|
---|
68 | notify:
|
---|
69 | - restart sshutout
|
---|
70 | tags: system
|
---|
71 |
|
---|
72 | - name: Check that sshutout is running and enabled
|
---|
73 | service: name=sshutout state=started enabled=yes
|
---|
74 | tags: system
|
---|
75 |
|
---|
76 | - name: Setup backup script
|
---|
77 | copy: src=files/{{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755 backup=yes
|
---|
78 | with_items:
|
---|
79 | - mkbkp
|
---|
80 | tags: system
|
---|
81 |
|
---|
82 | - name: Setup autoupdate via cron
|
---|
83 | cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes
|
---|
84 | tags: system
|
---|
85 |
|
---|
86 | - name: Setup backup for bruno via cron
|
---|
87 | cron: name=bkp minute=43 hour=02 user=bruno job="/usr/local/bin/mkbkp" cron_file=bkp state=present backup=yes
|
---|
88 | tags: system
|
---|