main #31

Merged
juan merged 154 commits from main into lab 2024-10-16 15:22:43 +00:00
10 changed files with 22 additions and 23 deletions
Showing only changes of commit f033c92278 - Show all commits

View File

@ -51,3 +51,8 @@ awx_smtp_password: !vault |
37633364633631333130346332613235303762316435313535613664323830656363353237373561
3866653365636431630a303262666662376662623862663461633361333037643863353135343836
61383730366664353730616331666139376234313562383163613736353231666533
grub_code: >
grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE22
29139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA385
7B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE
0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7

View File

@ -1,6 +1,6 @@
- name: Delete default user
user:
name: "{{ name_user }}"
name: "{{ default_user }}"
state: absent
remove: yes
- name: Change root password
@ -9,7 +9,7 @@
password: "{{ ssh_password | password_hash('sha512') }}"
- name: Configure bashrc
lineinfile:
dest: "/root/.bashrc"
dest: /root/.bashrc
regexp: "{{item.regexp}}"
line: "{{item.line}}"
state: present

View File

@ -5,7 +5,7 @@
- name: Copy sudoers configuration file
copy:
src: sudoers
dest: "/etc/sudoers.d/vn"
dest: /etc/sudoers.d/vn
mode: u=rw,g=r
owner: root
group: root

View File

@ -5,7 +5,7 @@
- name: Copy vim configuration file
copy:
src: vimrc.local
dest: "/etc/vim/"
dest: /etc/vim/
mode: '644'
owner: root
group: root

View File

@ -7,7 +7,7 @@ bantime = {{ fail2ban.bantime }}
findtime = {{ fail2ban.bantime }}
maxretry = {{ fail2ban.maxretry }}
destemail = {{ fail2ban.email }}
sender = root@<fq-hostname>
sender = root@{{ ansible_fqdn }}
banaction = nftables-multiport
action = %(action_)s

View File

@ -1,20 +1,17 @@
- name: Checking if it's necessary to update
meta: end_host
when: update_enabled is not defined or not update_enabled
- name: update index of all packages
- name: Update APT package index
ansible.builtin.apt:
update_cache: true
force_apt_get: true
- name: update all packages to their latest version
- name: Update all packages to their latest version
ansible.builtin.apt:
name: "*"
state: latest
force_apt_get: true
- name: upgrade the OS (apt-get full-upgrade)
- name: Upgrade the OS (apt-get full-upgrade)
ansible.builtin.apt:
upgrade: full
force_apt_get: true
- name: autoremove packages unused dependency packages
- name: Autoremove unused packages
ansible.builtin.apt:
autoremove: true
force_apt_get: true

View File

@ -7,7 +7,7 @@
- name: Replace /etc/hosts
template:
src: hosts.j2
dest: "/etc/hosts"
dest: /etc/hosts
owner: root
group: root
mode: '0644'
@ -15,7 +15,7 @@
- name: Replace /etc/resolv.conf
template:
src: resolv.j2
dest: "/etc/resolv.conf"
dest: /etc/resolv.conf
owner: root
group: root
mode: '0644'

View File

@ -1,9 +1,7 @@
- name: GRUB password boot protection
- name: GRUB boot password protection
blockinfile:
path: /etc/grub.d/40_custom
block: |
set superusers="{{ user_grub }}"
password_pbkdf2 {{ user_grub }} {{ code_grub }}
set superusers="{{ grub_user }}"
password_pbkdf2 {{ grub_user }} {{ grub_code }}
notify: grub-register
when: secure_grub_enabled

View File

@ -1,2 +1 @@
user_grub: admin
code_grub: grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE2229139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA3857B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7
grub_user: admin