ProjectSegfault/ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make the denier, allower

Browse Source
This commit is contained in:
Midou36O 2024-01-06 19:33:33 +01:00
parent 0bfd2360cc
commit 0efcaa83f7
Signed by: midou
GPG Key ID: 1D134A95FE521A7A
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
all/playbook.yaml
View File

@ -74,7 +74,6 @@
name: ufw name: ufw
enabled: true enabled: true
state: started state: started
- name: Disable dmesg logging to console - name: Disable dmesg logging to console
ansible.posix.sysctl: ansible.posix.sysctl:
name: kernel.printk name: kernel.printk
@ -105,7 +104,6 @@
value: "60" value: "60"
state: present state: present
sysctl_set: true sysctl_set: true
- name: Bashrc skel - name: Bashrc skel
ansible.builtin.template: ansible.builtin.template:
src: templates/bashrc.j2 src: templates/bashrc.j2
@ -146,7 +144,6 @@
src: templates/prompt.j2 src: templates/prompt.j2
dest: /root/.prompt dest: /root/.prompt
mode: preserve mode: preserve
- name: Add user - name: Add user
ansible.builtin.user: ansible.builtin.user:
name: "{{ item.name }}" name: "{{ item.name }}"
@ -163,14 +160,12 @@
key: "{{ lookup('file', 'files/' + item.name + '.pub') }}" key: "{{ lookup('file', 'files/' + item.name + '.pub') }}"
with_items: with_items:
- "{{ users }}" - "{{ users }}"
- name: "Allow admin users to sudo without a password" - name: "Allow admin users to sudo without a password"
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
dest: "/etc/sudoers" # path: in version 2.3 dest: "/etc/sudoers" # path: in version 2.3
state: "present" state: "present"
regexp: "^%sudo" regexp: "^%sudo"
line: "%sudo ALL=(ALL) NOPASSWD: ALL" line: "%sudo ALL=(ALL) NOPASSWD: ALL"
- name: Sshd configuration file update - name: Sshd configuration file update
ansible.builtin.template: ansible.builtin.template:
src: templates/sshd_config.j2 src: templates/sshd_config.j2
@ -187,7 +182,6 @@
dest: "/etc/borgmatic/config.yaml" dest: "/etc/borgmatic/config.yaml"
state: "absent" state: "absent"
regexp: "^.*encryption_passphrase" regexp: "^.*encryption_passphrase"
handlers: handlers:
- name: Restart sshd - name: Restart sshd
ansible.builtin.service: ansible.builtin.service:
@ -244,4 +238,4 @@
port: "{{ item.port }}" port: "{{ item.port }}"
proto: "{{ item.proto }}" proto: "{{ item.proto }}"
with_items: with_items:
- "{{ ufw_deny_rules }}" - "{{ ufw_allow_rules }}"