Better names. :)
This commit is contained in:
@ -1,6 +1,6 @@
|
||||
---
|
||||
# Groups that do not come to all distros by default.
|
||||
|
||||
- name: Ensure sudo group exists (Looking at you BSD!)
|
||||
- name: General | Account Management | Groups | Sudo (Looking at you BSD!)
|
||||
group:
|
||||
name: sudo
|
||||
|
||||
@ -6,11 +6,11 @@
|
||||
# openssh_keypair:
|
||||
# path: /root/.ssh/id_rsa
|
||||
|
||||
- name: SSH Key | Root | Create
|
||||
- name: General | Account Management | SSH Key | Root | Create
|
||||
shell: ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa <<< n
|
||||
args:
|
||||
executable: "{{ bash_exec.stdout }}"
|
||||
ignore_errors: yes
|
||||
|
||||
- name: SSH Key | Root | Copy to 1337
|
||||
- name: General | Account Management | SSH Key | Root | Copy to 1337
|
||||
shell: ssh-copy-id -i /root/.ssh/id_rsa ling@leet
|
||||
@ -1,20 +1,20 @@
|
||||
---
|
||||
# Mount shares that all systems should have.
|
||||
|
||||
- name: Mounts | Create 1337 Folder
|
||||
- name: General | Account Management | Mounts | Create 1337 Folder
|
||||
file:
|
||||
path: /mnt/leet
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: Mounts | Create fstab Entries
|
||||
- name: General | Account Management | Mounts | Create fstab Entries
|
||||
blockinfile:
|
||||
path: /etc/fstab
|
||||
block: |
|
||||
ling@leet: /mnt/leet fuse.sshfs defaults,_netdev,allow_other,delay_connect 0 0
|
||||
backup: yes
|
||||
|
||||
- name: Mounts | Mount All
|
||||
- name: General | Account Management | Mounts | Mount All
|
||||
shell: mount -a
|
||||
args:
|
||||
warn: false
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
# Ensure the proper users have sudo access.
|
||||
|
||||
- name: Add Ansible Sudoers File
|
||||
- name: General | Account Management | Sudo | Copy Ansible
|
||||
copy:
|
||||
src: sudoers_ansible
|
||||
dest: "{{ sudoers_install_dir }}"
|
||||
@ -9,7 +9,7 @@
|
||||
group: "{{ root_group }}"
|
||||
mode: 0440
|
||||
|
||||
- name: Add Sudo Group Sudoers File
|
||||
- name: General | Account Management | Sudo | Copy Sudo Group
|
||||
copy:
|
||||
src: sudoers_sudo
|
||||
dest: "{{ sudoers_install_dir }}"
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
# Create users for both desktop and server machines.
|
||||
|
||||
# Scheduler
|
||||
- name: Create User Ansible
|
||||
- name: General | Account Management | User | Ansible
|
||||
user:
|
||||
name: ansible
|
||||
comment: Ansible
|
||||
@ -10,7 +10,7 @@
|
||||
|
||||
|
||||
# Superuser
|
||||
- name: Create User Hyperling
|
||||
- name: General | Account Management | User | Hyperling
|
||||
user:
|
||||
name: ling
|
||||
comment: Hyperling
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
|
||||
- name: install cron job (ansible-pull)
|
||||
- name: General | Cron | Ansible | Create Main Job
|
||||
cron:
|
||||
user: ansible
|
||||
name: "Ansible Sync"
|
||||
|
||||
@ -1,13 +1,13 @@
|
||||
---
|
||||
|
||||
- name: Remove CUPS Daemon
|
||||
- name: General | Software | Harden | Remove CUPS Daemon
|
||||
service:
|
||||
name: "{{ cups }}"
|
||||
pattern: "{{ cups_pattern }}"
|
||||
state: stopped
|
||||
enabled: no
|
||||
|
||||
- name: Remove CUPS-Browse Daemon
|
||||
- name: General | Software | Harden | Remove CUPS-Browse Daemon
|
||||
service:
|
||||
name: "{{ cups_browse }}"
|
||||
pattern: "{{ cups_browse_pattern }}"
|
||||
|
||||
@ -1,16 +1,16 @@
|
||||
---
|
||||
# Cross-platform package management.
|
||||
|
||||
- name: Repo Cache Refresh (Apt and Pacman)
|
||||
- name: General | Software | Packages | Cache Refresh (Apt and Pacman)
|
||||
package:
|
||||
update_cache: yes
|
||||
when: ansible_pkg_mgr in ["apt", "pacman"]
|
||||
|
||||
- name: Repo Cache Refresh (FreeBSD)
|
||||
- name: General | Software | Packages | Cache Refresh (FreeBSD)
|
||||
shell: pkg update
|
||||
when: ansible_system == "FreeBSD"
|
||||
|
||||
- name: Repo Install Software
|
||||
- name: General | Software | Packages | Install Software
|
||||
package:
|
||||
name:
|
||||
- bash
|
||||
@ -20,7 +20,7 @@
|
||||
- "{{ locate }}"
|
||||
state: present
|
||||
|
||||
- name: Repo Update Software (Disabled)
|
||||
- name: General | Software | Packages | Update Software (Disabled)
|
||||
package:
|
||||
name:
|
||||
- ansible
|
||||
@ -29,14 +29,14 @@
|
||||
state: latest
|
||||
when: "1 == 0"
|
||||
|
||||
- name: Repo Remove Software
|
||||
- name: General | Software | Packages | Remove Software
|
||||
package:
|
||||
name:
|
||||
- cowsay # Sorry ;)
|
||||
state: absent
|
||||
|
||||
# TODO: Confirm if Ubuntu still uses snap for critical components like GNOME.
|
||||
- name: Repo Remove Software (Besides Ubuntu)
|
||||
- name: General | Software | Packages | Remove Software (Besides Ubuntu)
|
||||
package:
|
||||
name:
|
||||
- snapd
|
||||
|
||||
@ -1,16 +1,16 @@
|
||||
---
|
||||
|
||||
- name: Install Lynis
|
||||
- name: General | Tests | Lynis | Install
|
||||
git:
|
||||
repo: https://github.com/CISOfy/lynis
|
||||
dest: "{{ lynis_install_dir }}"
|
||||
clone: yes
|
||||
force: yes
|
||||
|
||||
- name: Run Lynis Audit System
|
||||
- name: General | Tests | Lynis | Run System Audit
|
||||
shell: "{{ lynis_install_dir }}/lynis --no-colors audit system > {{ lynis_report }} 2>&1"
|
||||
|
||||
- name: Make Lynis Report Readable
|
||||
- name: General | Tests | Lynis | Make Report Readable
|
||||
file:
|
||||
path: "{{ lynis_report }}"
|
||||
mode: '0444'
|
||||
Reference in New Issue
Block a user