refs #8025 Code reorganization

This commit is contained in:
Juan Ferrer 2024-09-24 10:37:09 +02:00
parent 29bfaf6b33
commit f033c92278
10 changed files with 22 additions and 23 deletions

View File

@ -51,3 +51,8 @@ awx_smtp_password: !vault |
37633364633631333130346332613235303762316435313535613664323830656363353237373561 37633364633631333130346332613235303762316435313535613664323830656363353237373561
3866653365636431630a303262666662376662623862663461633361333037643863353135343836 3866653365636431630a303262666662376662623862663461633361333037643863353135343836
61383730366664353730616331666139376234313562383163613736353231666533 61383730366664353730616331666139376234313562383163613736353231666533
grub_code: >
grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE22
29139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA385
7B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE
0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7

View File

@ -1,6 +1,6 @@
- name: Delete default user - name: Delete default user
user: user:
name: "{{ name_user }}" name: "{{ default_user }}"
state: absent state: absent
remove: yes remove: yes
- name: Change root password - name: Change root password
@ -9,7 +9,7 @@
password: "{{ ssh_password | password_hash('sha512') }}" password: "{{ ssh_password | password_hash('sha512') }}"
- name: Configure bashrc - name: Configure bashrc
lineinfile: lineinfile:
dest: "/root/.bashrc" dest: /root/.bashrc
regexp: "{{item.regexp}}" regexp: "{{item.regexp}}"
line: "{{item.line}}" line: "{{item.line}}"
state: present state: present

View File

@ -5,7 +5,7 @@
- name: Copy sudoers configuration file - name: Copy sudoers configuration file
copy: copy:
src: sudoers src: sudoers
dest: "/etc/sudoers.d/vn" dest: /etc/sudoers.d/vn
mode: u=rw,g=r mode: u=rw,g=r
owner: root owner: root
group: root group: root

View File

@ -5,7 +5,7 @@
- name: Copy vim configuration file - name: Copy vim configuration file
copy: copy:
src: vimrc.local src: vimrc.local
dest: "/etc/vim/" dest: /etc/vim/
mode: '644' mode: '644'
owner: root owner: root
group: root group: root

View File

@ -7,7 +7,7 @@ bantime = {{ fail2ban.bantime }}
findtime = {{ fail2ban.bantime }} findtime = {{ fail2ban.bantime }}
maxretry = {{ fail2ban.maxretry }} maxretry = {{ fail2ban.maxretry }}
destemail = {{ fail2ban.email }} destemail = {{ fail2ban.email }}
sender = root@<fq-hostname> sender = root@{{ ansible_fqdn }}
banaction = nftables-multiport banaction = nftables-multiport
action = %(action_)s action = %(action_)s

View File

@ -1,20 +1,17 @@
- name: Checking if it's necessary to update - name: Update APT package index
meta: end_host
when: update_enabled is not defined or not update_enabled
- name: update index of all packages
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true update_cache: true
force_apt_get: true force_apt_get: true
- name: update all packages to their latest version - name: Update all packages to their latest version
ansible.builtin.apt: ansible.builtin.apt:
name: "*" name: "*"
state: latest state: latest
force_apt_get: true force_apt_get: true
- name: upgrade the OS (apt-get full-upgrade) - name: Upgrade the OS (apt-get full-upgrade)
ansible.builtin.apt: ansible.builtin.apt:
upgrade: full upgrade: full
force_apt_get: true force_apt_get: true
- name: autoremove packages unused dependency packages - name: Autoremove unused packages
ansible.builtin.apt: ansible.builtin.apt:
autoremove: true autoremove: true
force_apt_get: true force_apt_get: true

View File

@ -7,7 +7,7 @@
- name: Replace /etc/hosts - name: Replace /etc/hosts
template: template:
src: hosts.j2 src: hosts.j2
dest: "/etc/hosts" dest: /etc/hosts
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
@ -15,7 +15,7 @@
- name: Replace /etc/resolv.conf - name: Replace /etc/resolv.conf
template: template:
src: resolv.j2 src: resolv.j2
dest: "/etc/resolv.conf" dest: /etc/resolv.conf
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'

View File

@ -1,9 +1,7 @@
- name: GRUB password boot protection - name: GRUB boot password protection
blockinfile: blockinfile:
path: /etc/grub.d/40_custom path: /etc/grub.d/40_custom
block: | block: |
set superusers="{{ user_grub }}" set superusers="{{ grub_user }}"
password_pbkdf2 {{ user_grub }} {{ code_grub }} password_pbkdf2 {{ grub_user }} {{ grub_code }}
notify: grub-register notify: grub-register
when: secure_grub_enabled

View File

@ -1,2 +1 @@
user_grub: admin grub_user: admin
code_grub: grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE2229139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA3857B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7