Files
@ 467a66f3ec65
Branch filter:
Location: majic-ansible-roles/roles/common/tasks/main.yml - annotation
467a66f3ec65
2.6 KiB
text/x-yaml
MAR-5: Added handler for reloading systemd configuration to common role. Dropped installation of supervisor as part of web server role. Updted web server role to create directory for storing WSGI application sockets. Updated web server role to use correct directory for storing PHP website sockets.
626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 284ed92d40bb 284ed92d40bb 284ed92d40bb 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 9eca957bb9db 9eca957bb9db 76ed37089b33 0ad9410c243a 76ed37089b33 76ed37089b33 284ed92d40bb 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 941f4f372672 a6633bcc83d1 | ---
- name: Deploy pam-auth-update configuration file for enabling pam_umask
copy: src=pam_umask dest=/usr/share/pam-configs/umask mode=644 owner=root group=root
notify: Update PAM configuration
- name: Set login UMASK
lineinfile: dest=/etc/login.defs state=present backrefs=yes regexp='^UMASK(\s+)' line='UMASK\g<1>027'
- name: Set home directory mask
lineinfile: dest=/etc/adduser.conf state=present backrefs=yes regexp='^DIR_MODE=' line='DIR_MODE=0750'
- name: Install sudo
apt: name=sudo state=present
- name: Install ssl-cert package
apt: name=ssl-cert state=present
- name: Install common packages
apt: name="{{ item }}" state="present"
with_items: common_packages
- name: Set-up operating system groups
group: name="{{ item.name }}" gid="{{ item.gid }}" state=present
with_items: os_groups
- name: Set-up operating system user groups
group: name="{{ item.name }}" gid="{{ item.uid }}" state=present
with_items: os_users
- name: Set-up operating system users
user: name="{{ item.name }}" uid="{{ item.uid }}" group="{{ item.name }}"
groups="{{ item.additional_groups }}" append=yes shell=/bin/bash state=present
password="{{ item.password }}"
with_items: os_users
- name: Set-up authorised keys
authorized_key: user="{{ item.0.name }}" key="{{ item.1 }}"
with_subelements:
- os_users
- authorized_keys
- name: Disable remote logins for root
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PermitRootLogin" line="PermitRootLogin no"
notify:
- Restart SSH
- name: Disable remote login authentication via password
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PasswordAuthentication" line="PasswordAuthentication no"
notify:
- Restart SSH
- name: Deploy CA certificates
copy: src="{{ item }}" dest="/etc/ssl/certs/{{ item | basename }}" mode=644 owner=root group=root
with_items: ca_certificates
notify:
- Update CA certificate cache
- name: Install ferm (for firewall management)
apt: name=ferm state=installed
- name: Configure ferm init script coniguration file
copy: src=ferm dest=/etc/default/ferm owner=root group=root mode=644
notify:
- Restart ferm
- name: Create directory for storing ferm configuration files
file: dest="/etc/ferm/conf.d/" mode=750 state=directory owner=root group=root
- name: Deploy main ferm configuration file
copy: src=ferm.conf dest=/etc/ferm/ferm.conf
notify:
- Restart ferm
- name: Deploy ferm base rules
template: src=00-base.conf.j2 dest=/etc/ferm/conf.d/00-base.conf
owner=root group=root mode=640
notify:
- Restart ferm
- name: Enable ferm service
service: name=ferm enabled=yes state=started
|