Make the denier, allower
This commit is contained in:
@@ -74,7 +74,6 @@
|
|||||||
name: ufw
|
name: ufw
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
- name: Disable dmesg logging to console
|
- name: Disable dmesg logging to console
|
||||||
ansible.posix.sysctl:
|
ansible.posix.sysctl:
|
||||||
name: kernel.printk
|
name: kernel.printk
|
||||||
@@ -105,7 +104,6 @@
|
|||||||
value: "60"
|
value: "60"
|
||||||
state: present
|
state: present
|
||||||
sysctl_set: true
|
sysctl_set: true
|
||||||
|
|
||||||
- name: Bashrc skel
|
- name: Bashrc skel
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/bashrc.j2
|
src: templates/bashrc.j2
|
||||||
@@ -146,7 +144,6 @@
|
|||||||
src: templates/prompt.j2
|
src: templates/prompt.j2
|
||||||
dest: /root/.prompt
|
dest: /root/.prompt
|
||||||
mode: preserve
|
mode: preserve
|
||||||
|
|
||||||
- name: Add user
|
- name: Add user
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
@@ -163,14 +160,12 @@
|
|||||||
key: "{{ lookup('file', 'files/' + item.name + '.pub') }}"
|
key: "{{ lookup('file', 'files/' + item.name + '.pub') }}"
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ users }}"
|
- "{{ users }}"
|
||||||
|
|
||||||
- name: "Allow admin users to sudo without a password"
|
- name: "Allow admin users to sudo without a password"
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: "/etc/sudoers" # path: in version 2.3
|
dest: "/etc/sudoers" # path: in version 2.3
|
||||||
state: "present"
|
state: "present"
|
||||||
regexp: "^%sudo"
|
regexp: "^%sudo"
|
||||||
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
|
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
|
||||||
|
|
||||||
- name: Sshd configuration file update
|
- name: Sshd configuration file update
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: templates/sshd_config.j2
|
src: templates/sshd_config.j2
|
||||||
@@ -187,7 +182,6 @@
|
|||||||
dest: "/etc/borgmatic/config.yaml"
|
dest: "/etc/borgmatic/config.yaml"
|
||||||
state: "absent"
|
state: "absent"
|
||||||
regexp: "^.*encryption_passphrase"
|
regexp: "^.*encryption_passphrase"
|
||||||
|
|
||||||
handlers:
|
handlers:
|
||||||
- name: Restart sshd
|
- name: Restart sshd
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
@@ -244,4 +238,4 @@
|
|||||||
port: "{{ item.port }}"
|
port: "{{ item.port }}"
|
||||||
proto: "{{ item.proto }}"
|
proto: "{{ item.proto }}"
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ ufw_deny_rules }}"
|
- "{{ ufw_allow_rules }}"
|
||||||
|
|||||||
Reference in New Issue
Block a user