Postfix MTA & unattended upgrades

parent 01570842
......@@ -5,6 +5,8 @@
- import_playbook: ssh.yml
- import_playbook: os.yml
- import_playbook: firewall.yml
- import_playbook: unbound.yml
- import_playbook: create_user.yml
- import_playbook: force_password_change.yml
- import_playbook: unbound.yml
\ No newline at end of file
- import_playbook: postfix.yml
- import_playbook: unattended-upgrades.yml
\ No newline at end of file
---
# TODO: Run only when the user has not logged in even once
# https://github.com/ansible/ansible/issues/18917#issuecomment-578394140
- hosts: ssh
name: Ensure the user will set up a password on first login
......
......@@ -12,6 +12,11 @@
apt:
name: needrestart
state: present
- name: Install apparmor
become: yes
apt:
name: needrestart
state: present
roles:
- sys-upgrade
- role: dev-sec.os-hardening
......
---
- hosts: ssh
tasks:
- name: Send test email
become: yes
shell:
executable: /bin/bash
cmd: mail -s "Hello from $(hostname -f)" "user@$(hostname -f)" <<< "Hello world from $(hostname -f)"
roles:
- role: oefenweb.postfix
become: true
vars:
postfix_aliases:
- user: root
alias: ansible$root@cron.lelux.fi
- user: user
alias: ansible$user@cron.lelux.fi
\ No newline at end of file
......@@ -2,4 +2,6 @@
- src: dev-sec.ssh-hardening
- src: dev-sec.os-hardening
- src: weareinteractive.ufw
\ No newline at end of file
- src: weareinteractive.ufw
- src: oefenweb.postfix
- src: jnv.unattended-upgrades
\ No newline at end of file
- hosts: ssh
tasks:
- name: Install bsd-mailx
become: yes
apt:
name: bsd-mailx
state: present
roles:
- role: jnv.unattended-upgrades
unattended_mail: 'root'
\ No newline at end of file
......@@ -9,4 +9,4 @@
- name: Set unbound as system resolver
become: yes
shell:
cmd: printf "nameserver ::1\nnameserver 127.0.0.1" | tee /etc/resolv.conf && chattr +i /etc/resolv.conf
\ No newline at end of file
cmd: printf "nameserver ::1\nnameserver 127.0.0.1\n" | tee /etc/resolv.conf && chattr +i /etc/resolv.conf
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment