Compare commits
4 Commits
f0b0d7c66c
...
6e5547a7c5
| Author | SHA1 | Date | |
|---|---|---|---|
|
6e5547a7c5 | ||
|
|
8904201e79 | ||
|
|
4ec5ee9ad7 | ||
|
|
0e07a1e2b3 |
@@ -2,7 +2,7 @@
|
||||
|
||||
namespace: uumas
|
||||
name: general
|
||||
version: 0.5.0
|
||||
version: 0.5.1
|
||||
readme: README.md
|
||||
authors:
|
||||
- uumas
|
||||
|
||||
23
roles/packages/tasks/apt.yml
Normal file
23
roles/packages/tasks/apt.yml
Normal file
@@ -0,0 +1,23 @@
|
||||
---
|
||||
|
||||
- name: Ensure packages defined in install_packages are installed
|
||||
apt:
|
||||
name: "{{ install_packages }}"
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- block:
|
||||
|
||||
- name: Enable backports
|
||||
apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main"
|
||||
filename: backports
|
||||
|
||||
- name: Install backports packages
|
||||
apt:
|
||||
name: "{{ backports_packages }}"
|
||||
state: present
|
||||
default_release: "{{ ansible_distribution_release }}-backports"
|
||||
|
||||
when: backports_packages is defined
|
||||
|
||||
@@ -1,28 +1,15 @@
|
||||
---
|
||||
|
||||
- name: Install packages
|
||||
apt:
|
||||
name: "{{ install_packages }}"
|
||||
state: present
|
||||
update_cache: yes
|
||||
- name: Include tasks for apt as package manager
|
||||
include_tasks: apt.yml
|
||||
when: ansible_pkg_mgr == 'apt'
|
||||
|
||||
- block:
|
||||
- name: Include tasks for other package manager
|
||||
include_tasks: other.yml
|
||||
when: ansible_pkg_mgr != 'apt'
|
||||
|
||||
- name: Enable backports
|
||||
apt_repository:
|
||||
repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main"
|
||||
filename: backports
|
||||
|
||||
- name: Install backports packages
|
||||
apt:
|
||||
name: "{{ backports_packages }}"
|
||||
state: present
|
||||
default_release: "{{ ansible_distribution_release }}-backports"
|
||||
|
||||
when: backports_packages is defined
|
||||
|
||||
- name: Delete packages
|
||||
apt:
|
||||
- name: Ensure packages defined in delete_packages not installed
|
||||
package:
|
||||
name: "{{ delete_packages }}"
|
||||
state: absent
|
||||
when: delete_packages is defined
|
||||
|
||||
7
roles/packages/tasks/other.yml
Normal file
7
roles/packages/tasks/other.yml
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
|
||||
- name: Ensure packages defined in install_packages are installed
|
||||
package:
|
||||
name: "{{ install_packages }}"
|
||||
state: present
|
||||
|
||||
4
roles/ssh/defaults/main.yml
Normal file
4
roles/ssh/defaults/main.yml
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
|
||||
sshd_x11_forwarding: false
|
||||
sshd_password_auth: false
|
||||
@@ -1,28 +1,15 @@
|
||||
---
|
||||
|
||||
- name: Disable SSH root login without password
|
||||
- name: Ensure sshd config options set correctly
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '^#?PermitRootLogin .*$'
|
||||
line: "PermitRootLogin prohibit-password"
|
||||
regexp: "^#?{{ item.key }} .*$"
|
||||
line: "{{ item.key }} {{ item.value }}"
|
||||
state: present
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: restart ssh
|
||||
with_dict:
|
||||
PermitRootLogin: 'prohibit-password'
|
||||
PasswordAuthentication: "{{ 'yes' if sshd_password_auth else 'no' }}"
|
||||
X11Forwarding: "{{ 'yes' if sshd_x11_forwarding else 'no' }}"
|
||||
|
||||
- name: Disable PasswordAuthentication
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '^#PasswordAuthentication .*$'
|
||||
line: "PasswordAuthentication no"
|
||||
state: present
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: restart ssh
|
||||
|
||||
- name: Disable X11 forwarding
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '^#?X11Forwarding .*$'
|
||||
line: "X11Forwarding no"
|
||||
state: present
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: restart ssh
|
||||
|
||||
Reference in New Issue
Block a user