Good ol' organization. Tasks folder started getting too busy, and still kind of is.

2021-01-31 18:02:37 -06:00
parent 47be3301e1
commit 0f0f9a3aeb
10 changed files with 18 additions and 12 deletions
--- a/tasks/general/cron.yml
+++ b/tasks/general/cron.yml
@ -0,0 +1,10 @@
+---
+
+- name: install cron job (ansible-pull)
+  cron:
+    user: ansible
+    name: "Ansible Sync"
+    minute: "*/15"
+    job: "{{ ansible_pull_exec }} -o -U https://github.com/Hyperling/ansible.git"
+    state: present
+    disabled: no
--- a/tasks/general/groups.yml
+++ b/tasks/general/groups.yml
@ -0,0 +1,6 @@
+---
+# Groups that do not come to all distros by default.
+
+- name: Ensure sudo group exists (Looking at you BSD!)
+  group:
+    name: sudo
--- a/tasks/general/harden.yml
+++ b/tasks/general/harden.yml
@ -0,0 +1,15 @@
+---
+
+- name: Remove CUPS Daemon
+  service:
+    name: "{{ cups }}"
+    pattern: "{{ cups_pattern }}"
+    state: stopped
+    enabled: no
+
+- name: Remove CUPS-Browse Daemon
+  service:
+    name: "{{ cups_browse }}"
+    pattern: "{{ cups_browse_pattern }}"
+    state: stopped
+    enabled: no
--- a/tasks/general/hardness_check_lynis.yml
+++ b/tasks/general/hardness_check_lynis.yml
@ -0,0 +1,16 @@
+---
+
+- name: Install Lynis
+  git: 
+    repo: https://github.com/CISOfy/lynis
+    dest: "{{ lynis_install_dir }}"
+    clone: yes
+    force: yes
+
+- name: Run Lynis Audit System
+  shell: "{{ lynis_install_dir }}/lynis --no-colors audit system > {{ lynis_report }} 2>&1"
+
+- name: Make Lynis Report Readable
+  file:
+    path: "{{ lynis_report }}"
+    mode: '0444'
--- a/tasks/general/packages.yml
+++ b/tasks/general/packages.yml
@ -0,0 +1,17 @@
+---
+
+- name: Install Repo Software
+  package: 
+    name:
+    - sudo
+    - htop
+    - neofetch
+    - "{{ sshfs }}"
+    - locate
+    state: present
+
+- name: Remove Repo Software
+  package: 
+    name:
+    - cowsay # Sorry ;)
+    state: present
--- a/tasks/general/sudo.yml
+++ b/tasks/general/sudo.yml
@ -0,0 +1,18 @@
+---
+# Ensure the proper users have sudo access.
+
+- name: Add Ansible Sudoers File
+  copy:
+    src: sudoers_ansible
+    dest: "{{ sudoers_install_dir }}"
+    owner: root
+    group: "{{ root_group }}"
+    mode: 0440
+
+- name: Add Sudo Group Sudoers File
+  copy:
+    src: sudoers_sudo
+    dest: "{{ sudoers_install_dir }}"
+    owner: root
+    group: "{{ root_group }}"
+    mode: 0440
--- a/tasks/general/users.yml
+++ b/tasks/general/users.yml
@ -0,0 +1,22 @@
+---
+# Create users for both desktop and server machines.
+
+# Scheduler
+- name: Create User Ansible
+  user:
+    name: ansible
+    comment: Ansible
+    system: yes
+
+
+# Superuser
+- name: Create User Hyperling
+  user:
+    name: ling
+    comment: Hyperling
+    groups: 
+      - sudo
+    append: yes
+    shell: /bin/bash
+    create_home: yes
+    generate_ssh_key: yes