[3657] | 1 | ---
|
---|
| 2 |
|
---|
| 3 | - name: Check that IP address is setup
|
---|
| 4 | copy: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
|
---|
| 5 | tags: system
|
---|
| 6 |
|
---|
| 7 | - name: Check that GW is setup
|
---|
| 8 | copy: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
|
---|
| 9 | tags: system
|
---|
| 10 |
|
---|
| 11 | # Validate the sudoers file before saving
|
---|
| 12 | - name: Check that sudo is configured
|
---|
| 13 | lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes
|
---|
| 14 | with_items:
|
---|
| 15 | - fwadmin
|
---|
| 16 | - bruno
|
---|
| 17 | tags: system
|
---|
| 18 |
|
---|
| 19 | - name: Check that sshd is installed
|
---|
| 20 | urpmi: name=openssh-server state=installed update_cache=yes no-recommends=yes
|
---|
| 21 | tags: system
|
---|
| 22 |
|
---|
| 23 | - name: Check that sshd is configured
|
---|
| 24 | #lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes
|
---|
| 25 | lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes
|
---|
| 26 | notify:
|
---|
| 27 | - restart sshd
|
---|
| 28 | tags: system
|
---|
| 29 |
|
---|
| 30 | - name: Ensure the fwadmin group exists
|
---|
| 31 | group: name=fwadmin state=present
|
---|
| 32 | tags: system
|
---|
| 33 |
|
---|
| 34 | - name: Ensure the fwadmin account exists
|
---|
| 35 | user: name=fwadmin state=present group=fwadmin home=/home/fwadmin move_home=yes
|
---|
| 36 | tags: system
|
---|
| 37 |
|
---|
| 38 | - name: Copy public for fwadmin access
|
---|
| 39 | lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' owner={{item }} group={{item }} mode=0600 backup=yes
|
---|
| 40 | with_items:
|
---|
| 41 | - fwadmin
|
---|
| 42 | - bruno
|
---|
| 43 | tags: system
|
---|
| 44 |
|
---|
| 45 | - name: Check that sshd is running and enabled
|
---|
| 46 | service: name=sshd state=running enabled=yes
|
---|
| 47 | tags: system
|
---|
| 48 |
|
---|
| 49 | - name: Check that sshutout is installed
|
---|
| 50 | urpmi: name=sshutout state=installed update_cache=yes no-recommends=yes
|
---|
| 51 | tags: system
|
---|
| 52 |
|
---|
| 53 | - name: Check that sshutout is configured
|
---|
| 54 | copy: src=templates/sshutout.conf dest=/etc/sshtout.conf owner=root group=root mode=0600 backup=yes
|
---|
| 55 | notify:
|
---|
| 56 | - restart sshutout
|
---|
| 57 | tags: system
|
---|
| 58 |
|
---|
| 59 | - name: Check that sshutout is running and enabled
|
---|
| 60 | service: name=sshutout state=running enabled=yes
|
---|
| 61 | tags: system
|
---|
| 62 |
|
---|
| 63 | - name: Setup autoupdate via cron
|
---|
| 64 | cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes
|
---|
| 65 | tags: system
|
---|