Update

parent ed04ecef
......@@ -5,14 +5,16 @@
- import_playbook: ssh.yml
- import_playbook: os.yml
- import_playbook: firewall.yml
- import_playbook: postfix.yml
- import_playbook: unattended-upgrades.yml
- import_playbook: unbound.yml
# for hosts marked "createuser"
- import_playbook: create_user.yml
- import_playbook: force_password_change.yml
- import_playbook: postfix.yml
- import_playbook: unattended-upgrades.yml
# for hosts marked "tls"
- import_playbook: tls.yml
- import_playbook: certbot.yml
# for hosts marked "nginx"
#- import_playbook: nginx.yml
\ No newline at end of file
---
- hosts: ssh
- hosts: createuser
tasks:
- name: Add primary user
user:
......
---
# TODO: Run only when the user has not logged in even once
# https://github.com/ansible/ansible/issues/18917#issuecomment-578394140
- hosts: ssh
- hosts: createuser
name: Ensure the user will set up a password on first login
become: yes
tasks:
......
......@@ -2,4 +2,7 @@
server-01.example.com
[tls]
server-01.example.com
[createuser]
server-01.example.com
\ No newline at end of file
......@@ -22,6 +22,16 @@
apt:
name: apparmor-utils
state: present
- name: Install htop
become: yes
apt:
name: htop
state: present
- name: Install net-tools
become: yes
apt:
name: net-tools
state: present
roles:
- sys-upgrade
- role: dev-sec.os-hardening
......
......@@ -4,7 +4,6 @@
- sys-upgrade
- role: dev-sec.ssh-hardening
become: true
- ssh
vars:
# Otherwise Ansible outputs error messages: "sftp transfer mechanism failed"
sftp_enabled: true
......
......@@ -7,4 +7,5 @@
state: present
roles:
- role: jnv.unattended-upgrades
become: yes
unattended_mail: 'root'
\ No newline at end of file
......@@ -6,6 +6,11 @@
apt:
name: unbound
state: present
- name: Install dnsutils
become: yes
apt:
name: dnsutils
state: present
- name: Set unbound as system resolver
become: yes
shell:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment