majic-ansible-roles Files · roles/common/tasks/main.yml

Files @ 7d6c2d8f03bf

Branch filter:

Location: majic-ansible-roles/roles/common/tasks/main.yml - annotation

7d6c2d8f03bf 1.8 KiB text/x-yaml Show Source Show as Raw Download as Raw

branko

MAR-1: Make sure Python LDAP bindings are installed a bit earlier. Configure TLS if certificate file and private key are available.

626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
626eadba53b7
9eca957bb9db
9eca957bb9db
9eca957bb9db
9eca957bb9db

---

- name: Deploy pam-auth-update configuration file for enabling pam_umask
  copy: src=pam_umask dest=/usr/share/pam-configs/umask mode=644 owner=root group=root
  notify: Update PAM configuration

- name: Set login UMASK
  lineinfile: dest=/etc/login.defs state=present backrefs=yes regexp='^UMASK(\s+)' line='UMASK\g<1>027'

- name: Set home directory mask
  lineinfile: dest=/etc/adduser.conf state=present backrefs=yes regexp='^DIR_MODE=' line='DIR_MODE=0750'

- name: Install sudo
  apt: name=sudo state=present

- name: Install common packages
  apt: name="{{ item }}" state="present"
  with_items: common_packages

- name: Set-up operating system groups
  group: name="{{ item.name }}" gid="{{ item.gid }}" state=present
  with_items: os_groups

- name: Set-up operating system user groups
  group: name="{{ item.name }}" gid="{{ item.uid }}" state=present
  with_items: os_users

- name: Set-up operating system users
  user: name="{{ item.name }}" uid="{{ item.uid }}" group="{{ item.name }}"
        groups="{{ item.additional_groups }}" append=yes shell=/bin/bash state=present
        password="{{ item.password }}"
  with_items: os_users

- name: Set-up authorised keys
  authorized_key: user="{{ item.0.name }}" key="{{ item.1 }}"
  with_subelements:
    - os_users
    - authorized_keys

- name: Disable remote logins for root
  lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PermitRootLogin" line="PermitRootLogin no"
  notify:
    - Restart SSH

- name: Disable remote login authentication via password
  lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PasswordAuthentication" line="PasswordAuthentication no"
  notify:
    - Restart SSH

- name: Allow users to traverse directories to TLS private key files
  file: path=/etc/ssl/private/ mode=o+x