Hyperling
904dda6883
* Add openSUSE for initial testing. * Add package names for openSUSE Zypper. * Add commands for Zypper. Do apt clean after autoremove. * Add cronie to openSUSE. * Remove warn parameter for newer version of Ansible. * Commenting warn worked, removing it completely. * Add libvulkan1 since it's a dependency for GNOME. * Fix order of lynis and nmap. Thought I had already done this before? * Start adding package names for openSUSE. * Create the sshd_config file if it is not already present. * Fix OS in conditional. * Save the command for checking ansible variables. * Use openSUSE family since Tumbleweed and Leap are considered different distros. * Get rid of 2nd flathub repo, no longer use the dl. version.. * Add status update for openSUSE. * Reword sentence. * Add Brave Browser to openSUSE. * Script is running successfully now when Workstation is enabled. * Add status of openSUSE Leap. * Add space. * No longer use install-new-recommends.
85 lines
2.6 KiB
YAML
85 lines
2.6 KiB
YAML
---
|
|
# Enable and disable services.
|
|
|
|
## Cron ##
|
|
|
|
- name: General | Software | Services | CROND | Enable
|
|
service:
|
|
name: "{{ crond }}"
|
|
pattern: "{{ crond_pattern }}"
|
|
state: started
|
|
enabled: yes
|
|
|
|
|
|
## CUPS ##
|
|
|
|
- name: General | Software | Services | CUPS | Disable
|
|
service:
|
|
name: "{{ cups }}"
|
|
pattern: "{{ cups_pattern }}"
|
|
state: stopped
|
|
enabled: no
|
|
|
|
- name: General | Software | Services | CUPS-Browse | Disable
|
|
service:
|
|
name: "{{ cups_browse }}"
|
|
pattern: "{{ cups_browse_pattern }}"
|
|
state: stopped
|
|
enabled: no
|
|
|
|
|
|
## SSHD ##
|
|
|
|
- name: General | Software | Services | SSHD | Configure
|
|
lineinfile:
|
|
path: "{{ sshd_config }}"
|
|
regexp: '{{ item.key }}'
|
|
line: '{{ item.value }} # MANAGED BY ANSIBLE'
|
|
state: present
|
|
create: yes
|
|
backup: yes
|
|
loop:
|
|
- { "key": '^[\#]?AllowUsers', "value": 'AllowUsers {{ user }}'}
|
|
- { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin no'}
|
|
- { "key": '^[\#]?AllowTcpForwarding', "value": 'AllowTcpForwarding no'}
|
|
- { "key": '^[\#]?ClientAliveInterval', "value": 'ClientAliveInterval 60'}
|
|
- { "key": '^[\#]?ClientAliveCountMax', "value": 'ClientAliveCountMax 2'}
|
|
- { "key": '^[\#]?Compression', "value": 'Compression no'}
|
|
- { "key": '^[\#]?LogLevel', "value": 'LogLevel verbose'}
|
|
- { "key": '^[\#]?MaxAuthTries', "value": 'MaxAuthTries 3'}
|
|
- { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 2'}
|
|
#- { "key": '^[\#]?Port', "value": 'Port '}
|
|
- { "key": '^[\#]?TCPKeepAlive', "value": 'TCPKeepAlive no'}
|
|
- { "key": '^[\#]?X11Forwarding', "value": 'X11Forwarding no'}
|
|
- { "key": '^[\#]?AllowAgentForwarding', "value": 'AllowAgentForwarding no'}
|
|
- { "key": '^[\#]?PermitEmptyPasswords', "value": 'PermitEmptyPasswords no'}
|
|
|
|
- name: General | Software | Services | SSHD | Configure (PVE)
|
|
lineinfile:
|
|
path: "{{ sshd_config }}"
|
|
regexp: '{{ item.key }}'
|
|
line: '{{ item.value }} # MANAGED BY ANSIBLE'
|
|
state: present
|
|
create: yes
|
|
backup: yes
|
|
loop:
|
|
- { "key": '^[\#]?AllowUsers', "value": 'AllowUsers root {{ user }}'}
|
|
- { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin yes'}
|
|
- { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 5'}
|
|
when: "'pve' in ansible_kernel"
|
|
|
|
- name: General | Software | Services | SSHD | Enable
|
|
service:
|
|
name: "{{ sshd }}"
|
|
pattern: "{{ sshd_pattern }}"
|
|
state: reloaded
|
|
enabled: yes
|
|
|
|
|
|
## JournalCTL ##
|
|
|
|
- name: General | Software | Services | JournalCTL | Reduce Log Size
|
|
shell: journalctl --vacuum-size=100M
|
|
when: ansible_system == "Linux"
|
|
ignore_errors: yes
|