--- # Enable and disable services. ## Cron ## - name: General | Software | Services | CROND | Enable service: name: "{{ crond }}" pattern: "{{ crond_pattern }}" state: started enabled: yes ## CUPS ## - name: General | Software | Services | CUPS | Disable service: name: "{{ cups }}" pattern: "{{ cups_pattern }}" state: stopped enabled: no - name: General | Software | Services | CUPS-Browse | Disable service: name: "{{ cups_browse }}" pattern: "{{ cups_browse_pattern }}" state: stopped enabled: no ## SSHD ## - name: General | Software | Services | SSHD | Configure lineinfile: path: "{{ sshd_config }}" regexp: '{{ item.key }}' line: '{{ item.value }} # MANAGED BY ANSIBLE' state: present create: yes backup: yes loop: - { "key": '^[\#]?AllowUsers', "value": 'AllowUsers {{ user }}'} - { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin no'} - { "key": '^[\#]?AllowTcpForwarding', "value": 'AllowTcpForwarding no'} - { "key": '^[\#]?ClientAliveInterval', "value": 'ClientAliveInterval 60'} - { "key": '^[\#]?ClientAliveCountMax', "value": 'ClientAliveCountMax 2'} - { "key": '^[\#]?Compression', "value": 'Compression no'} - { "key": '^[\#]?LogLevel', "value": 'LogLevel verbose'} - { "key": '^[\#]?MaxAuthTries', "value": 'MaxAuthTries 3'} - { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 2'} #- { "key": '^[\#]?Port', "value": 'Port '} - { "key": '^[\#]?TCPKeepAlive', "value": 'TCPKeepAlive no'} - { "key": '^[\#]?X11Forwarding', "value": 'X11Forwarding no'} - { "key": '^[\#]?AllowAgentForwarding', "value": 'AllowAgentForwarding no'} - { "key": '^[\#]?PermitEmptyPasswords', "value": 'PermitEmptyPasswords no'} - name: General | Software | Services | SSHD | Configure (PVE) lineinfile: path: "{{ sshd_config }}" regexp: '{{ item.key }}' line: '{{ item.value }} # MANAGED BY ANSIBLE' state: present create: yes backup: yes loop: - { "key": '^[\#]?AllowUsers', "value": 'AllowUsers root {{ user }}'} - { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin yes'} - { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 5'} when: "'pve' in ansible_kernel" - name: General | Software | Services | SSHD | Enable service: name: "{{ sshd }}" pattern: "{{ sshd_pattern }}" state: reloaded enabled: yes ## JournalCTL ## - name: General | Software | Services | JournalCTL | Reduce Log Size shell: journalctl --vacuum-size=100M when: ansible_system == "Linux" ignore_errors: yes