refs #8025 Code reorganization
This commit is contained in:
parent
29bfaf6b33
commit
f033c92278
|
@ -50,4 +50,9 @@ awx_smtp_password: !vault |
|
||||||
3631616362363163393036613564623864383365633634660a366563363836363061623566393361
|
3631616362363163393036613564623864383365633634660a366563363836363061623566393361
|
||||||
37633364633631333130346332613235303762316435313535613664323830656363353237373561
|
37633364633631333130346332613235303762316435313535613664323830656363353237373561
|
||||||
3866653365636431630a303262666662376662623862663461633361333037643863353135343836
|
3866653365636431630a303262666662376662623862663461633361333037643863353135343836
|
||||||
61383730366664353730616331666139376234313562383163613736353231666533
|
61383730366664353730616331666139376234313562383163613736353231666533
|
||||||
|
grub_code: >
|
||||||
|
grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE22
|
||||||
|
29139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA385
|
||||||
|
7B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE
|
||||||
|
0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
- name: Delete default user
|
- name: Delete default user
|
||||||
user:
|
user:
|
||||||
name: "{{ name_user }}"
|
name: "{{ default_user }}"
|
||||||
state: absent
|
state: absent
|
||||||
remove: yes
|
remove: yes
|
||||||
- name: Change root password
|
- name: Change root password
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
password: "{{ ssh_password | password_hash('sha512') }}"
|
password: "{{ ssh_password | password_hash('sha512') }}"
|
||||||
- name: Configure bashrc
|
- name: Configure bashrc
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/root/.bashrc"
|
dest: /root/.bashrc
|
||||||
regexp: "{{item.regexp}}"
|
regexp: "{{item.regexp}}"
|
||||||
line: "{{item.line}}"
|
line: "{{item.line}}"
|
||||||
state: present
|
state: present
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
- name: Copy sudoers configuration file
|
- name: Copy sudoers configuration file
|
||||||
copy:
|
copy:
|
||||||
src: sudoers
|
src: sudoers
|
||||||
dest: "/etc/sudoers.d/vn"
|
dest: /etc/sudoers.d/vn
|
||||||
mode: u=rw,g=r
|
mode: u=rw,g=r
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
- name: Copy vim configuration file
|
- name: Copy vim configuration file
|
||||||
copy:
|
copy:
|
||||||
src: vimrc.local
|
src: vimrc.local
|
||||||
dest: "/etc/vim/"
|
dest: /etc/vim/
|
||||||
mode: '644'
|
mode: '644'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
|
@ -7,7 +7,7 @@ bantime = {{ fail2ban.bantime }}
|
||||||
findtime = {{ fail2ban.bantime }}
|
findtime = {{ fail2ban.bantime }}
|
||||||
maxretry = {{ fail2ban.maxretry }}
|
maxretry = {{ fail2ban.maxretry }}
|
||||||
destemail = {{ fail2ban.email }}
|
destemail = {{ fail2ban.email }}
|
||||||
sender = root@<fq-hostname>
|
sender = root@{{ ansible_fqdn }}
|
||||||
banaction = nftables-multiport
|
banaction = nftables-multiport
|
||||||
action = %(action_)s
|
action = %(action_)s
|
||||||
|
|
||||||
|
|
|
@ -1,20 +1,17 @@
|
||||||
- name: Checking if it's necessary to update
|
- name: Update APT package index
|
||||||
meta: end_host
|
|
||||||
when: update_enabled is not defined or not update_enabled
|
|
||||||
- name: update index of all packages
|
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
update_cache: true
|
update_cache: true
|
||||||
force_apt_get: true
|
force_apt_get: true
|
||||||
- name: update all packages to their latest version
|
- name: Update all packages to their latest version
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name: "*"
|
name: "*"
|
||||||
state: latest
|
state: latest
|
||||||
force_apt_get: true
|
force_apt_get: true
|
||||||
- name: upgrade the OS (apt-get full-upgrade)
|
- name: Upgrade the OS (apt-get full-upgrade)
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
upgrade: full
|
upgrade: full
|
||||||
force_apt_get: true
|
force_apt_get: true
|
||||||
- name: autoremove packages unused dependency packages
|
- name: Autoremove unused packages
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
autoremove: true
|
autoremove: true
|
||||||
force_apt_get: true
|
force_apt_get: true
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
- name: Replace /etc/hosts
|
- name: Replace /etc/hosts
|
||||||
template:
|
template:
|
||||||
src: hosts.j2
|
src: hosts.j2
|
||||||
dest: "/etc/hosts"
|
dest: /etc/hosts
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
- name: Replace /etc/resolv.conf
|
- name: Replace /etc/resolv.conf
|
||||||
template:
|
template:
|
||||||
src: resolv.j2
|
src: resolv.j2
|
||||||
dest: "/etc/resolv.conf"
|
dest: /etc/resolv.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
- name: grub-register
|
- name: grub-register
|
||||||
command: update-grub
|
command: update-grub
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
- name: GRUB password boot protection
|
- name: GRUB boot password protection
|
||||||
blockinfile:
|
blockinfile:
|
||||||
path: /etc/grub.d/40_custom
|
path: /etc/grub.d/40_custom
|
||||||
block: |
|
block: |
|
||||||
set superusers="{{ user_grub }}"
|
set superusers="{{ grub_user }}"
|
||||||
password_pbkdf2 {{ user_grub }} {{ code_grub }}
|
password_pbkdf2 {{ grub_user }} {{ grub_code }}
|
||||||
notify: grub-register
|
notify: grub-register
|
||||||
when: secure_grub_enabled
|
|
||||||
|
|
||||||
|
|
|
@ -1,2 +1 @@
|
||||||
user_grub: admin
|
grub_user: admin
|
||||||
code_grub: grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE2229139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA3857B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7
|
|
||||||
|
|
Loading…
Reference in New Issue