env-ansible/tasks/general/software/services.yml

---
# Enable and disable services.

## Cron ##

- name: General | Software | Services | Enable CROND
  service:
    name: "{{ crond }}"
    pattern: "{{ crond_pattern }}"
    state: started
    enabled: yes


## SSHFS ##

- name: General | Software | Services | Enable FuseFS (FreeBSD rc.conf)
  lineinfile:
    path: "{{ rc_conf }}"
    regexp: 'fusefs_enable='
    line: 'fusefs_enable="YES" # MANAGED BY ANSIBLE'
    state: present
    create: yes
    backup: yes
  when: ansible_system == "FreeBSD"

- name: General | Software | Services | Enable SSHFS (FreeBSD service)
  service:
    name: fusefs
    pattern: fusefs
    state: started
    enabled: yes
  when: ansible_system == "FreeBSD"


## CUPS ##

- name: General | Software | Services | Disable CUPS Daemon
  service:
    name: "{{ cups }}"
    pattern: "{{ cups_pattern }}"
    state: stopped
    enabled: no

- name: General | Software | Services | Disable CUPS-Browse Daemon
  service:
    name: "{{ cups_browse }}"
    pattern: "{{ cups_browse_pattern }}"
    state: stopped
    enabled: no


## SSHD ##

- name: General | Software | Services | Configure SSHD
  lineinfile:
    path: "{{ sshd_config }}"
    regexp: '{{ item.key }}'
    line: '{{ item.value }} # MANAGED BY ANSIBLE'
    state: present
    create: no
    backup: yes
  loop:
    - { "key": '^[\#]?AllowUsers',           "value": 'AllowUsers ling'}
    - { "key": '^[\#]?PermitRootLogin',      "value": 'PermitRootLogin no'}
    - { "key": '^[\#]?AllowTcpForwarding',   "value": 'AllowTcpForwarding no'}
    - { "key": '^[\#]?ClientAliveInterval',  "value": 'ClientAliveInterval 60'}
    - { "key": '^[\#]?ClientAliveCountMax',  "value": 'ClientAliveCountMax 2'}
    - { "key": '^[\#]?Compression',          "value": 'Compression no'}
    - { "key": '^[\#]?LogLevel',             "value": 'LogLevel verbose'}
    - { "key": '^[\#]?MaxAuthTries',         "value": 'MaxAuthTries 3'}
    - { "key": '^[\#]?MaxSessions',          "value": 'MaxSessions 2'}
    #- { "key": '^[\#]?Port',                 "value": 'Port '}
    - { "key": '^[\#]?TCPKeepAlive',         "value": 'TCPKeepAlive no'}
    - { "key": '^[\#]?X11Forwarding',        "value": 'X11Forwarding no'}
    - { "key": '^[\#]?AllowAgentForwarding', "value": 'AllowAgentForwarding no'}
    - { "key": '^[\#]?PermitEmptyPasswords', "value": 'PermitEmptyPasswords no'}

- name: General | Software | Services | Configure SSHD
  lineinfile:
    path: "{{ sshd_config }}"
    regexp: '{{ item.key }}'
    line: '{{ item.value }} # MANAGED BY ANSIBLE'
    state: present
    create: no
    backup: yes
  loop:
    - { "key": '^[\#]?AllowUsers',      "value": 'AllowUsers root ling'}
    - { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin yes'}
    - { "key": '^[\#]?MaxSessions',     "value": 'MaxSessions 5'}
  when: "'pve' in ansible_kernel"

- name: General | Software | Services | Enable SSHD
  service:
    name: "{{ sshd }}"
    pattern: "{{ sshd_pattern }}"
    state: reloaded
    enabled: yes
Reorganization including fixing blockinfile being used multiple times on the same file causing entries to get overwritten. 2021-02-03 07:36:51 -06:00			`---`
			`# Enable and disable services.`

Ensure cron is running. 2021-02-20 11:10:36 -06:00			`## Cron ##`

			`- name: General \| Software \| Services \| Enable CROND`
			`service:`
			`name: "{{ crond }}"`
			`pattern: "{{ crond_pattern }}"`
			`state: started`
			`enabled: yes`


Service works great on FreeBSD! Edits rc.conf! 2021-02-15 09:39:39 -06:00			`## SSHFS ##`
Add var and job for sshd config. 2021-02-15 09:22:26 -06:00
Add initial HUGO support, FreeBSD 13 support, and script for Ansible to hit dev branch. (#4) * Create HUGO file. * Add HUGO. * Add script for running system against development branch. * Add newline to end of file. * Comment unused blocks. * Add path of site that HUGO should host. * Newlines, comments, and HUGO path. (#2) (#3) * Create HUGO file. * Add HUGO. * Add script for running system against development branch. * Add newline to end of file. * Comment unused blocks. * Add path of site that HUGO should host. * FreeBSD is complaining about certbot not having dict object stdout. This whole playbook is supposed to be skipped though, lol. * FreeBSD 13 is still mad. Ansible 2.11.2, jinja 2.11.2 (same version number??), Python 3.8.10. * Fix root group to be existing variable. FreeBSD uses wheel. * Allow choosing Github branch dynamically. * `branch` needs to be at General level. Testing if this works... * Change other `localhost` to `everything`. * Update FreeBSD status. * Goodbye, Code-OSS on Linux! * Delete a terrible file. * Remove excess tag. * "Fix" SSHFS for FreeBSD. * Variablize FreeBSD's loading of fusefs. * Variablize /etc/rc.conf. Enable FuseFS more properly. * Add beginning ticks. * Add missing playbook. * Enable FreeBSD mount job. * Rearrange items to be more consistent with comment. * It seems FreeBSD removed the `gnome3` metapackage. Use `gnome3-lite` instead. Also add Telegram. * Python is to 3.8 now. * Expand on FreeBSD work. * Expand on FreeBSD work. * Add placeholders for Gitlab. * Add parameter for Gitlab install. * Add Gitlab playbook. * Ensure FreeBSD uses the correct Python install. * Add newline. * Fix NFS for FreeBSD workstations. * Remove unnecessary line, restricted install to Linux in playbook. * Fix mount options for FreeBSD. * Fix mount number, as well as system-specific facts. * Add placeholders for remote viewing. * Add RDP for FreeBSD. * Omg! It works! Add setting enforcement. * Always remove OSS. * Remove hosts from explicit dev testing. 2021-07-19 07:07:03 -05:00			`- name: General \| Software \| Services \| Enable FuseFS (FreeBSD rc.conf)`
			`lineinfile:`
			`path: "{{ rc_conf }}"`
			`regexp: 'fusefs_enable='`
			`line: 'fusefs_enable="YES" # MANAGED BY ANSIBLE'`
			`state: present`
			`create: yes`
			`backup: yes`
			`when: ansible_system == "FreeBSD"`

			`- name: General \| Software \| Services \| Enable SSHFS (FreeBSD service)`
Service works great on FreeBSD! Edits rc.conf! 2021-02-15 09:39:39 -06:00			`service:`
			`name: fusefs`
			`pattern: fusefs`
			`state: started`
			`enabled: yes`
Reorganization including fixing blockinfile being used multiple times on the same file causing entries to get overwritten. 2021-02-03 07:36:51 -06:00			`when: ansible_system == "FreeBSD"`

Add var and job for sshd config. 2021-02-15 09:22:26 -06:00
			`## CUPS ##`

Reorganization including fixing blockinfile being used multiple times on the same file causing entries to get overwritten. 2021-02-03 07:36:51 -06:00			`- name: General \| Software \| Services \| Disable CUPS Daemon`
			`service:`
			`name: "{{ cups }}"`
			`pattern: "{{ cups_pattern }}"`
			`state: stopped`
			`enabled: no`

			`- name: General \| Software \| Services \| Disable CUPS-Browse Daemon`
			`service:`
			`name: "{{ cups_browse }}"`
			`pattern: "{{ cups_browse_pattern }}"`
			`state: stopped`
Changes for SSHD. 2021-02-15 08:40:32 -06:00			`enabled: no`

Add var and job for sshd config. 2021-02-15 09:22:26 -06:00
			`## SSHD ##`
Changes for SSHD. 2021-02-15 08:40:32 -06:00
Fix names. 2021-02-15 10:34:06 -06:00			`- name: General \| Software \| Services \| Configure SSHD`
Add var and job for sshd config. 2021-02-15 09:22:26 -06:00			`lineinfile:`
			`path: "{{ sshd_config }}"`
			`regexp: '{{ item.key }}'`
			`line: '{{ item.value }} # MANAGED BY ANSIBLE'`
			`state: present`
			`create: no`
			`backup: yes`
			`loop:`
Additional changes for Proxmox. 2021-02-20 10:54:19 -06:00			`- { "key": '^[\#]?AllowUsers', "value": 'AllowUsers ling'}`
Proxmox servers still need root shell access. 2021-02-20 10:26:08 -06:00			`- { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin no'}`
Add var and job for sshd config. 2021-02-15 09:22:26 -06:00			`- { "key": '^[\#]?AllowTcpForwarding', "value": 'AllowTcpForwarding no'}`
Additional changes for Proxmox. 2021-02-20 10:54:19 -06:00			`- { "key": '^[\#]?ClientAliveInterval', "value": 'ClientAliveInterval 60'}`
Add var and job for sshd config. 2021-02-15 09:22:26 -06:00			`- { "key": '^[\#]?ClientAliveCountMax', "value": 'ClientAliveCountMax 2'}`
			`- { "key": '^[\#]?Compression', "value": 'Compression no'}`
			`- { "key": '^[\#]?LogLevel', "value": 'LogLevel verbose'}`
			`- { "key": '^[\#]?MaxAuthTries', "value": 'MaxAuthTries 3'}`
			`- { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 2'}`
			`#- { "key": '^[\#]?Port', "value": 'Port '}`
			`- { "key": '^[\#]?TCPKeepAlive', "value": 'TCPKeepAlive no'}`
			`- { "key": '^[\#]?X11Forwarding', "value": 'X11Forwarding no'}`
			`- { "key": '^[\#]?AllowAgentForwarding', "value": 'AllowAgentForwarding no'}`
Additional changes for Proxmox. 2021-02-20 10:54:19 -06:00			`- { "key": '^[\#]?PermitEmptyPasswords', "value": 'PermitEmptyPasswords no'}`
Add var and job for sshd config. 2021-02-15 09:22:26 -06:00
PVE servers need root shell. 2021-02-20 10:03:04 -06:00			`- name: General \| Software \| Services \| Configure SSHD`
			`lineinfile:`
			`path: "{{ sshd_config }}"`
			`regexp: '{{ item.key }}'`
			`line: '{{ item.value }} # MANAGED BY ANSIBLE'`
			`state: present`
			`create: no`
			`backup: yes`
			`loop:`
Additional changes for Proxmox. 2021-02-20 10:54:19 -06:00			`- { "key": '^[\#]?AllowUsers', "value": 'AllowUsers root ling'}`
Proxmox servers still need root shell access. 2021-02-20 10:26:08 -06:00			`- { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin yes'}`
Additional changes for Proxmox. 2021-02-20 10:54:19 -06:00			`- { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 5'}`
Proxmox servers still need root shell access. 2021-02-20 10:26:08 -06:00			`when: "'pve' in ansible_kernel"`
PVE servers need root shell. 2021-02-20 10:03:04 -06:00
Fix names. 2021-02-15 10:34:06 -06:00			`- name: General \| Software \| Services \| Enable SSHD`
Add var and job for sshd config. 2021-02-15 09:22:26 -06:00			`service:`
			`name: "{{ sshd }}"`
			`pattern: "{{ sshd_pattern }}"`
Service works great on FreeBSD! Edits rc.conf! 2021-02-15 09:39:39 -06:00			`state: reloaded`
Add var and job for sshd config. 2021-02-15 09:22:26 -06:00			`enabled: yes`