main #31
|
@ -51,3 +51,8 @@ awx_smtp_password: !vault |
|
|||
37633364633631333130346332613235303762316435313535613664323830656363353237373561
|
||||
3866653365636431630a303262666662376662623862663461633361333037643863353135343836
|
||||
61383730366664353730616331666139376234313562383163613736353231666533
|
||||
grub_code: >
|
||||
grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE22
|
||||
29139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA385
|
||||
7B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE
|
||||
0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
- name: Delete default user
|
||||
user:
|
||||
name: "{{ name_user }}"
|
||||
name: "{{ default_user }}"
|
||||
state: absent
|
||||
remove: yes
|
||||
- name: Change root password
|
||||
|
@ -9,7 +9,7 @@
|
|||
password: "{{ ssh_password | password_hash('sha512') }}"
|
||||
- name: Configure bashrc
|
||||
lineinfile:
|
||||
dest: "/root/.bashrc"
|
||||
dest: /root/.bashrc
|
||||
regexp: "{{item.regexp}}"
|
||||
line: "{{item.line}}"
|
||||
state: present
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
- name: Copy sudoers configuration file
|
||||
copy:
|
||||
src: sudoers
|
||||
dest: "/etc/sudoers.d/vn"
|
||||
dest: /etc/sudoers.d/vn
|
||||
mode: u=rw,g=r
|
||||
owner: root
|
||||
group: root
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
- name: Copy vim configuration file
|
||||
copy:
|
||||
src: vimrc.local
|
||||
dest: "/etc/vim/"
|
||||
dest: /etc/vim/
|
||||
mode: '644'
|
||||
owner: root
|
||||
group: root
|
|
@ -7,7 +7,7 @@ bantime = {{ fail2ban.bantime }}
|
|||
findtime = {{ fail2ban.bantime }}
|
||||
maxretry = {{ fail2ban.maxretry }}
|
||||
destemail = {{ fail2ban.email }}
|
||||
sender = root@<fq-hostname>
|
||||
sender = root@{{ ansible_fqdn }}
|
||||
banaction = nftables-multiport
|
||||
action = %(action_)s
|
||||
|
||||
|
|
|
@ -1,20 +1,17 @@
|
|||
- name: Checking if it's necessary to update
|
||||
meta: end_host
|
||||
when: update_enabled is not defined or not update_enabled
|
||||
- name: update index of all packages
|
||||
- name: Update APT package index
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
force_apt_get: true
|
||||
- name: update all packages to their latest version
|
||||
- name: Update all packages to their latest version
|
||||
ansible.builtin.apt:
|
||||
name: "*"
|
||||
state: latest
|
||||
force_apt_get: true
|
||||
- name: upgrade the OS (apt-get full-upgrade)
|
||||
- name: Upgrade the OS (apt-get full-upgrade)
|
||||
ansible.builtin.apt:
|
||||
upgrade: full
|
||||
force_apt_get: true
|
||||
- name: autoremove packages unused dependency packages
|
||||
- name: Autoremove unused packages
|
||||
ansible.builtin.apt:
|
||||
autoremove: true
|
||||
force_apt_get: true
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
- name: Replace /etc/hosts
|
||||
template:
|
||||
src: hosts.j2
|
||||
dest: "/etc/hosts"
|
||||
dest: /etc/hosts
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
@ -15,7 +15,7 @@
|
|||
- name: Replace /etc/resolv.conf
|
||||
template:
|
||||
src: resolv.j2
|
||||
dest: "/etc/resolv.conf"
|
||||
dest: /etc/resolv.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
- name: GRUB password boot protection
|
||||
- name: GRUB boot password protection
|
||||
blockinfile:
|
||||
path: /etc/grub.d/40_custom
|
||||
block: |
|
||||
set superusers="{{ user_grub }}"
|
||||
password_pbkdf2 {{ user_grub }} {{ code_grub }}
|
||||
set superusers="{{ grub_user }}"
|
||||
password_pbkdf2 {{ grub_user }} {{ grub_code }}
|
||||
notify: grub-register
|
||||
when: secure_grub_enabled
|
||||
|
||||
|
|
|
@ -1,2 +1 @@
|
|||
user_grub: admin
|
||||
code_grub: grub.pbkdf2.sha512.10000.C91C8756466E7DB535C77DB7FBDBF3D33A39A0712DE3A9AFD38BE2229139E86F23C4E007E6B76DDFDBBE4B2B32764B4EFFECF208C70BA9FECC6BB3FF68A6BA05.8EA3857B795AF29FF5C6E003E31EC4D79B84813175C7A56A8A12F3F30A19B501D7127C0307277FB37073EE0246BCFDA9BD4EDDC3A1EE8176D25CD37B7FB07AF7
|
||||
grub_user: admin
|
||||
|
|
Loading…
Reference in New Issue