Files
@ 626eadba53b7
Branch filter:
Location: majic-ansible-roles/roles/common/tasks/main.yml - annotation
626eadba53b7
1.6 KiB
text/x-yaml
MAR-2: Added the 'common' role for some basic server set-up.
626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 | ---
- name: Deploy pam-auth-update configuration file for enabling pam_umask
copy: src=pam_umask dest=/usr/share/pam-configs/umask mode=644 owner=root group=root
notify: Update PAM configuration
- name: Set login UMASK
lineinfile: dest=/etc/login.defs state=present backrefs=yes regexp='^UMASK(\s+)' line='UMASK\g<1>027'
- name: Set home directory mask
lineinfile: dest=/etc/adduser.conf state=present backrefs=yes regexp='^DIR_MODE=' line='DIR_MODE=0750'
- name: Install sudo
apt: name=sudo state=present
- name: Install common packages
apt: name="{{ item }}" state="present"
with_items: common_packages
- name: Set-up operating system groups
group: name="{{ item.name }}" gid="{{ item.gid }}" state=present
with_items: os_groups
- name: Set-up operating system user groups
group: name="{{ item.name }}" gid="{{ item.uid }}" state=present
with_items: os_users
- name: Set-up operating system users
user: name="{{ item.name }}" uid="{{ item.uid }}" group="{{ item.name }}"
groups="{{ item.additional_groups }}" append=yes shell=/bin/bash state=present
password="{{ item.password }}"
with_items: os_users
- name: Set-up authorised keys
authorized_key: user="{{ item.0.name }}" key="{{ item.1 }}"
with_subelements:
- os_users
- authorized_keys
- name: Disable remote logins for root
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PermitRootLogin" line="PermitRootLogin no"
notify:
- Restart SSH
- name: Disable remote login authentication via password
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PasswordAuthentication" line="PasswordAuthentication no"
notify:
- Restart SSH
|