1 | ---
|
---|
2 |
|
---|
3 | - name: Check that IP address is setup
|
---|
4 | copy: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
|
---|
5 | tags: system
|
---|
6 |
|
---|
7 | - name: Check that GW is setup
|
---|
8 | copy: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
|
---|
9 | tags: system
|
---|
10 |
|
---|
11 | # Validate the sudoers file before saving
|
---|
12 | - name: Check that sudo is configured
|
---|
13 | lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes
|
---|
14 | with_items:
|
---|
15 | - fwadmin
|
---|
16 | - bruno
|
---|
17 | tags: system
|
---|
18 |
|
---|
19 | - name: Check that sshd is installed
|
---|
20 | urpmi: name=openssh-server state=installed update_cache=yes no-recommends=yes
|
---|
21 | tags: system
|
---|
22 |
|
---|
23 | - name: Check that sshd is configured
|
---|
24 | #lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes
|
---|
25 | lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes
|
---|
26 | notify:
|
---|
27 | - restart sshd
|
---|
28 | tags: system
|
---|
29 |
|
---|
30 | - name: Ensure the fwadmin group exists
|
---|
31 | group: name=fwadmin state=present
|
---|
32 | tags: system
|
---|
33 |
|
---|
34 | - name: Ensure the fwadmin account exists
|
---|
35 | user: name=fwadmin state=present group=fwadmin home=/home/fwadmin move_home=yes
|
---|
36 | tags: system
|
---|
37 |
|
---|
38 | - name: Copy public for fwadmin access
|
---|
39 | lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' owner={{item }} group={{item }} mode=0600 backup=yes
|
---|
40 | with_items:
|
---|
41 | - fwadmin
|
---|
42 | - bruno
|
---|
43 | tags: system
|
---|
44 |
|
---|
45 | - name: Check that sshd is running and enabled
|
---|
46 | service: name=sshd state=running enabled=yes
|
---|
47 | tags: system
|
---|
48 |
|
---|
49 | - name: Check that sshutout is installed
|
---|
50 | urpmi: name=sshutout state=installed update_cache=yes no-recommends=yes
|
---|
51 | tags: system
|
---|
52 |
|
---|
53 | - name: Check that sshutout is configured
|
---|
54 | copy: src=templates/sshutout.conf dest=/etc/sshtout.conf owner=root group=root mode=0600 backup=yes
|
---|
55 | notify:
|
---|
56 | - restart sshutout
|
---|
57 | tags: system
|
---|
58 |
|
---|
59 | - name: Check that sshutout is running and enabled
|
---|
60 | service: name=sshutout state=running enabled=yes
|
---|
61 | tags: system
|
---|
62 |
|
---|
63 | - name: Setup autoupdate via cron
|
---|
64 | cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes
|
---|
65 | tags: system
|
---|