Files
@ ec982756013f
Branch filter:
Location: majic-ansible-roles/roles/common/tasks/main.yml - annotation
ec982756013f
1.6 KiB
text/x-yaml
MAR-1: Explicitly enable the slapd service. Added configuration of system logger for separating slapd log messages.
626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 626eadba53b7 | ---
- name: Deploy pam-auth-update configuration file for enabling pam_umask
copy: src=pam_umask dest=/usr/share/pam-configs/umask mode=644 owner=root group=root
notify: Update PAM configuration
- name: Set login UMASK
lineinfile: dest=/etc/login.defs state=present backrefs=yes regexp='^UMASK(\s+)' line='UMASK\g<1>027'
- name: Set home directory mask
lineinfile: dest=/etc/adduser.conf state=present backrefs=yes regexp='^DIR_MODE=' line='DIR_MODE=0750'
- name: Install sudo
apt: name=sudo state=present
- name: Install common packages
apt: name="{{ item }}" state="present"
with_items: common_packages
- name: Set-up operating system groups
group: name="{{ item.name }}" gid="{{ item.gid }}" state=present
with_items: os_groups
- name: Set-up operating system user groups
group: name="{{ item.name }}" gid="{{ item.uid }}" state=present
with_items: os_users
- name: Set-up operating system users
user: name="{{ item.name }}" uid="{{ item.uid }}" group="{{ item.name }}"
groups="{{ item.additional_groups }}" append=yes shell=/bin/bash state=present
password="{{ item.password }}"
with_items: os_users
- name: Set-up authorised keys
authorized_key: user="{{ item.0.name }}" key="{{ item.1 }}"
with_subelements:
- os_users
- authorized_keys
- name: Disable remote logins for root
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PermitRootLogin" line="PermitRootLogin no"
notify:
- Restart SSH
- name: Disable remote login authentication via password
lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PasswordAuthentication" line="PasswordAuthentication no"
notify:
- Restart SSH
|