Hyperling
b162731c29
* Add at and reword comment. * Add cronie, thought this was already done but last pull request got wonky. * Zypper is not happy about asking Brave repo to be added multiple times. * Replace deprecated `include` commands. * Add gcc. * Add another cc command for openSUSE. * include_tasks is not supporting ignore_errors like include used to, move to individual tasks. * Do a better job of removing libreoffice from local package manager. * Enhance reports. * Add basic VIM setup. * Undo some lynis changes, fix folder permissions so users can view. * Change lynis back to chdir and local execution. * Add doas. * Add check against old usage of setup.sh BRANCH. * Greatly reduce number of tasks, create temp file while building report. * Create temp file while building report.
87 lines
2.7 KiB
YAML
87 lines
2.7 KiB
YAML
---
|
|
# Enable and disable services.
|
|
|
|
## Cron ##
|
|
|
|
- name: General | Software | Services | CROND | Enable
|
|
service:
|
|
name: "{{ crond }}"
|
|
pattern: "{{ crond_pattern }}"
|
|
state: started
|
|
enabled: yes
|
|
|
|
|
|
## CUPS ##
|
|
|
|
- name: General | Software | Services | CUPS | Disable
|
|
service:
|
|
name: "{{ cups }}"
|
|
pattern: "{{ cups_pattern }}"
|
|
state: stopped
|
|
enabled: no
|
|
ignore_errors: yes
|
|
|
|
- name: General | Software | Services | CUPS-Browse | Disable
|
|
service:
|
|
name: "{{ cups_browse }}"
|
|
pattern: "{{ cups_browse_pattern }}"
|
|
state: stopped
|
|
enabled: no
|
|
ignore_errors: yes
|
|
|
|
|
|
## SSHD ##
|
|
|
|
- name: General | Software | Services | SSHD | Configure
|
|
lineinfile:
|
|
path: "{{ sshd_config }}"
|
|
regexp: '{{ item.key }}'
|
|
line: '{{ item.value }} # MANAGED BY ANSIBLE'
|
|
state: present
|
|
create: yes
|
|
backup: yes
|
|
loop:
|
|
- { "key": '^[\#]?AllowUsers', "value": 'AllowUsers {{ user }}'}
|
|
- { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin no'}
|
|
- { "key": '^[\#]?AllowTcpForwarding', "value": 'AllowTcpForwarding no'}
|
|
- { "key": '^[\#]?ClientAliveInterval', "value": 'ClientAliveInterval 60'}
|
|
- { "key": '^[\#]?ClientAliveCountMax', "value": 'ClientAliveCountMax 2'}
|
|
- { "key": '^[\#]?Compression', "value": 'Compression no'}
|
|
- { "key": '^[\#]?LogLevel', "value": 'LogLevel verbose'}
|
|
- { "key": '^[\#]?MaxAuthTries', "value": 'MaxAuthTries 3'}
|
|
- { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 2'}
|
|
#- { "key": '^[\#]?Port', "value": 'Port '}
|
|
- { "key": '^[\#]?TCPKeepAlive', "value": 'TCPKeepAlive no'}
|
|
- { "key": '^[\#]?X11Forwarding', "value": 'X11Forwarding no'}
|
|
- { "key": '^[\#]?AllowAgentForwarding', "value": 'AllowAgentForwarding no'}
|
|
- { "key": '^[\#]?PermitEmptyPasswords', "value": 'PermitEmptyPasswords no'}
|
|
|
|
- name: General | Software | Services | SSHD | Configure (PVE)
|
|
lineinfile:
|
|
path: "{{ sshd_config }}"
|
|
regexp: '{{ item.key }}'
|
|
line: '{{ item.value }} # MANAGED BY ANSIBLE'
|
|
state: present
|
|
create: yes
|
|
backup: yes
|
|
loop:
|
|
- { "key": '^[\#]?AllowUsers', "value": 'AllowUsers root {{ user }}'}
|
|
- { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin yes'}
|
|
- { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 5'}
|
|
when: "'pve' in ansible_kernel"
|
|
|
|
- name: General | Software | Services | SSHD | Enable
|
|
service:
|
|
name: "{{ sshd }}"
|
|
pattern: "{{ sshd_pattern }}"
|
|
state: reloaded
|
|
enabled: yes
|
|
|
|
|
|
## JournalCTL ##
|
|
|
|
- name: General | Software | Services | JournalCTL | Reduce Log Size
|
|
shell: journalctl --vacuum-size=100M
|
|
when: ansible_system == "Linux"
|
|
ignore_errors: yes
|