130 lines
3.8 KiB
YAML
130 lines
3.8 KiB
YAML
---
|
|
# Enable and disable services.
|
|
|
|
## Cron ##
|
|
|
|
- name: General | Software | Services | CROND | Enable
|
|
service:
|
|
name: "{{ crond }}"
|
|
pattern: "{{ crond_pattern }}"
|
|
state: started
|
|
enabled: yes
|
|
when: ansible_virtualization_type != 'docker'
|
|
register: cron_status
|
|
until: cron_status.state == "started"
|
|
retries: 3
|
|
delay: 3
|
|
|
|
|
|
## CUPS ##
|
|
|
|
- name: General | Software | Services | CUPS | Disable
|
|
service:
|
|
name: "{{ cups }}"
|
|
pattern: "{{ cups_pattern }}"
|
|
state: stopped
|
|
enabled: no
|
|
ignore_errors: yes
|
|
|
|
- name: General | Software | Services | CUPS-Browse | Disable
|
|
service:
|
|
name: "{{ cups_browse }}"
|
|
pattern: "{{ cups_browse_pattern }}"
|
|
state: stopped
|
|
enabled: no
|
|
ignore_errors: yes
|
|
|
|
|
|
## SSHD ##
|
|
|
|
- name: General | Software | Services | SSHD | Configure
|
|
lineinfile:
|
|
path: "{{ sshd_config }}"
|
|
regexp: '{{ item.key }}'
|
|
line: '{{ item.value }} # MANAGED BY ANSIBLE'
|
|
state: present
|
|
create: yes
|
|
backup: yes
|
|
loop:
|
|
- { "key": '^[\#]?AllowUsers', "value": 'AllowUsers {{ user }}'}
|
|
- { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin no'}
|
|
- { "key": '^[\#]?AllowTcpForwarding', "value": 'AllowTcpForwarding no'}
|
|
- { "key": '^[\#]?ClientAliveInterval', "value": 'ClientAliveInterval 60'}
|
|
- { "key": '^[\#]?ClientAliveCountMax', "value": 'ClientAliveCountMax 2'}
|
|
- { "key": '^[\#]?Compression', "value": 'Compression no'}
|
|
- { "key": '^[\#]?LogLevel', "value": 'LogLevel verbose'}
|
|
- { "key": '^[\#]?MaxAuthTries', "value": 'MaxAuthTries 3'}
|
|
- { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 2'}
|
|
- { "key": '^[\#]?Port', "value": 'Port {{ sshd_port }}'}
|
|
- { "key": '^[\#]?TCPKeepAlive', "value": 'TCPKeepAlive no'}
|
|
- { "key": '^[\#]?X11Forwarding', "value": 'X11Forwarding no'}
|
|
- { "key": '^[\#]?AllowAgentForwarding', "value": 'AllowAgentForwarding no'}
|
|
- { "key": '^[\#]?PermitEmptyPasswords', "value": 'PermitEmptyPasswords no'}
|
|
|
|
- name: General | Software | Services | SSHD | Configure (PVE)
|
|
lineinfile:
|
|
path: "{{ sshd_config }}"
|
|
regexp: '{{ item.key }}'
|
|
line: '{{ item.value }} # MANAGED BY ANSIBLE'
|
|
state: present
|
|
create: yes
|
|
backup: yes
|
|
loop:
|
|
- { "key": '^[\#]?AllowUsers', "value": 'AllowUsers root {{ user }}'}
|
|
- { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin yes'}
|
|
- { "key": '^[\#]?MaxSessions', "value": 'MaxSessions 5'}
|
|
when: "'pve' in ansible_kernel"
|
|
|
|
- name: General | Software | Services | SSHD | Enable
|
|
service:
|
|
name: "{{ sshd }}"
|
|
pattern: "{{ sshd_pattern }}"
|
|
state: reloaded
|
|
enabled: yes
|
|
when: ansible_virtualization_type != 'docker'
|
|
register: sshd_status
|
|
until: sshd_status.state == "started"
|
|
retries: 3
|
|
delay: 3
|
|
|
|
|
|
## JournalCTL ##
|
|
|
|
- name: General | Software | Services | JournalCTL | Reduce Log Size
|
|
shell: journalctl --vacuum-size=100M
|
|
when: ansible_system == "Linux"
|
|
ignore_errors: yes
|
|
|
|
|
|
## Bluetooth ##
|
|
# Do people seriously depend on Bluetooth? Plug your devices in, silly!
|
|
|
|
- name: General | Software | Services | Bluetooth | Disable
|
|
service:
|
|
name: "{{ bluetooth }}"
|
|
pattern: "{{ bluetooth_pattern }}"
|
|
state: stopped
|
|
enabled: no
|
|
ignore_errors: yes
|
|
|
|
## NTP ##
|
|
|
|
- name: General | Software | Services | NTP | Enable
|
|
service:
|
|
name: "{{ ntp_server }}"
|
|
pattern: "{{ ntp_server }}"
|
|
state: started
|
|
enabled: yes
|
|
when: ansible_virtualization_type != 'docker'
|
|
register: ntp_status
|
|
until: ntp_status.state == "started"
|
|
retries: 3
|
|
delay: 3
|
|
|
|
## Timezone ##
|
|
|
|
# TBD/TODO:
|
|
# Add a field to general.yml config file which gets applied via timedatectl and /etc/localtime.
|
|
# Example of what to do to file:
|
|
# /etc/localtime -> ../usr/share/zoneinfo/America/Phoenix
|