env-ansible/tasks/general/software/services.yml

---
# Enable and disable services.

## Cron ##

- name: General | Software | Services | CROND | Enable
  service:
    name: "{{ crond }}"
    pattern: "{{ crond_pattern }}"
    state: started
    enabled: yes


## SSHFS ##

- name: General | Software | Services | SSHFS | Enable FuseFS (FreeBSD rc.conf)
  lineinfile:
    path: "{{ rc_conf }}"
    regexp: 'fusefs_enable='
    line: 'fusefs_enable="YES" # MANAGED BY ANSIBLE'
    state: present
    create: yes
    backup: yes
  when: ansible_system == "FreeBSD"

- name: General | Software | Services | SSHFS | Enable SSHFS (FreeBSD service)
  service:
    name: fusefs
    pattern: fusefs
    state: started
    enabled: yes
  when: ansible_system == "FreeBSD"


## CUPS ##

- name: General | Software | Services | CUPS | Disable
  service:
    name: "{{ cups }}"
    pattern: "{{ cups_pattern }}"
    state: stopped
    enabled: no

- name: General | Software | Services | CUPS-Browse | Disable
  service:
    name: "{{ cups_browse }}"
    pattern: "{{ cups_browse_pattern }}"
    state: stopped
    enabled: no


## SSHD ##

- name: General | Software | Services | SSHD | Configure
  lineinfile:
    path: "{{ sshd_config }}"
    regexp: '{{ item.key }}'
    line: '{{ item.value }} # MANAGED BY ANSIBLE'
    state: present
    create: no
    backup: yes
  loop:
    - { "key": '^[\#]?AllowUsers',           "value": 'AllowUsers {{ user }}'}
    - { "key": '^[\#]?PermitRootLogin',      "value": 'PermitRootLogin no'}
    - { "key": '^[\#]?AllowTcpForwarding',   "value": 'AllowTcpForwarding no'}
    - { "key": '^[\#]?ClientAliveInterval',  "value": 'ClientAliveInterval 60'}
    - { "key": '^[\#]?ClientAliveCountMax',  "value": 'ClientAliveCountMax 2'}
    - { "key": '^[\#]?Compression',          "value": 'Compression no'}
    - { "key": '^[\#]?LogLevel',             "value": 'LogLevel verbose'}
    - { "key": '^[\#]?MaxAuthTries',         "value": 'MaxAuthTries 3'}
    - { "key": '^[\#]?MaxSessions',          "value": 'MaxSessions 2'}
    #- { "key": '^[\#]?Port',                 "value": 'Port '}
    - { "key": '^[\#]?TCPKeepAlive',         "value": 'TCPKeepAlive no'}
    - { "key": '^[\#]?X11Forwarding',        "value": 'X11Forwarding no'}
    - { "key": '^[\#]?AllowAgentForwarding', "value": 'AllowAgentForwarding no'}
    - { "key": '^[\#]?PermitEmptyPasswords', "value": 'PermitEmptyPasswords no'}

- name: General | Software | Services | SSHD | Configure (PVE)
  lineinfile:
    path: "{{ sshd_config }}"
    regexp: '{{ item.key }}'
    line: '{{ item.value }} # MANAGED BY ANSIBLE'
    state: present
    create: no
    backup: yes
  loop:
    - { "key": '^[\#]?AllowUsers',      "value": 'AllowUsers root {{ user }}'}
    - { "key": '^[\#]?PermitRootLogin', "value": 'PermitRootLogin yes'}
    - { "key": '^[\#]?MaxSessions',     "value": 'MaxSessions 5'}
  when: "'pve' in ansible_kernel"

- name: General | Software | Services | SSHD | Enable
  service:
    name: "{{ sshd }}"
    pattern: "{{ sshd_pattern }}"
    state: reloaded
    enabled: yes


## JournalCTL ##

- name: General | Software | Services | JournalCTL | Reduce Log Size
  shell: journalctl --vacuum-size=100M
  when: ansible_system == "Linux"
  ignore_errors: yes