--- - name: Check that IP address is setup copy: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes tags: system - name: Check that GW is setup copy: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes tags: system # Validate the sudoers file before saving - name: Check that sudo is configured lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes with_items: - fwadmin - bruno tags: system - name: Check that sshd is installed urpmi: name=openssh-server state=installed update_cache=yes no-recommends=yes tags: system - name: Check that sshd is configured #lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes notify: - restart sshd tags: system - name: Ensure the fwadmin group exists group: name=fwadmin state=present tags: system - name: Ensure the fwadmin account exists user: name=fwadmin state=present group=fwadmin home=/home/fwadmin move_home=yes tags: system - name: Copy public for fwadmin access lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' owner={{item }} group={{item }} mode=0600 backup=yes with_items: - fwadmin - bruno tags: system - name: Check that sshd is running and enabled service: name=sshd state=running enabled=yes tags: system - name: Check that sshutout is installed urpmi: name=sshutout state=installed update_cache=yes no-recommends=yes tags: system - name: Check that sshutout is configured copy: src=templates/sshutout.conf dest=/etc/sshtout.conf owner=root group=root mode=0600 backup=yes notify: - restart sshutout tags: system - name: Check that sshutout is running and enabled service: name=sshutout state=running enabled=yes tags: system - name: Setup autoupdate via cron cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes tags: system