iloth_ansible/roles/common/tasks/main.yml

---

- name: Disable ssh password authentication
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^.*PasswordAuthentication yes"
    line: "PasswordAuthentication no"
    backrefs: yes

- name: Reload sshd service
  service:
    name: sshd
    state: reloaded


- name: Update & upgrade system
  apt:
    update_cache: yes
    upgrade: dist

- name: Install common required packages
  apt:
    name: "{{ commonRequirePackages }}"
    state: present

- name: Remove useless stuff
  apt:
    name: "{{ commonDeletePackages }}"
    state: absent

- name: Set the hostname
  hostname:
    name: "{{ cthostname }}"

- name: Set locales
  locale_gen:
    name: "{{ locales }}"
    state: present

- name: Set the Timezone to {{ Area }}/{{ City }}
  shell: "ln -sf /usr/share/zoneinfo/{{ Area}}/{{ City }} /etc/localtime"

- name: Fix /etc/hosts removing the old hostname
  tags:
    - hosts
  lineinfile:
    state: present
    dest: /etc/hosts
    line: "{{ ansible_default_ipv4.address }} {{ cthostname }} {{ domain }}"
    regexp: "^{{ ansible_default_ipv4.address }}"

# On créé un utilisateur si il le faut.
- name: create user {{ username }}
  user:
    name: "{{ username }}"
    system: yes
    createhome: yes
  when: create_user

# Régles de parefeu.
- name: Allow SSH connexions
  ufw:
    rule: limit
    port: ssh
    proto: tcp


- name: Set logging off
  ufw:
    logging: 'off'

- name: Deny everything and enable UFW
  ufw:
    state: enabled
    policy: deny
import du dossier ansible 2020-04-19 03:28:50 +02:00			`---`
Add mastodon service 2021-01-01 23:39:04 +01:00
			`- name: Disable ssh password authentication`
			`lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: "^.*PasswordAuthentication yes"`
			`line: "PasswordAuthentication no"`
			`backrefs: yes`

			`- name: Reload sshd service`
			`service:`
			`name: sshd`
			`state: reloaded`


import du dossier ansible 2020-04-19 03:28:50 +02:00			`- name: Update & upgrade system`
			`apt:`
			`update_cache: yes`
			`upgrade: dist`

			`- name: Install common required packages`
			`apt:`
			`name: "{{ commonRequirePackages }}"`
Serivce mattermost 2020-04-22 22:54:07 +02:00			`state: present`
import du dossier ansible 2020-04-19 03:28:50 +02:00
			`- name: Remove useless stuff`
			`apt:`
			`name: "{{ commonDeletePackages }}"`
			`state: absent`

			`- name: Set the hostname`
			`hostname:`
			`name: "{{ cthostname }}"`

			`- name: Set locales`
			`locale_gen:`
			`name: "{{ locales }}"`
			`state: present`

			`- name: Set the Timezone to {{ Area }}/{{ City }}`
			`shell: "ln -sf /usr/share/zoneinfo/{{ Area}}/{{ City }} /etc/localtime"`

			`- name: Fix /etc/hosts removing the old hostname`
			`tags:`
			`- hosts`
			`lineinfile:`
			`state: present`
			`dest: /etc/hosts`
			`line: "{{ ansible_default_ipv4.address }} {{ cthostname }} {{ domain }}"`
			`regexp: "^{{ ansible_default_ipv4.address }}"`

Add mastodon service 2021-01-01 23:39:04 +01:00			`# On créé un utilisateur si il le faut.`
			`- name: create user {{ username }}`
			`user:`
			`name: "{{ username }}"`
			`system: yes`
			`createhome: yes`
			`when: create_user`

			`# Régles de parefeu.`
import du dossier ansible 2020-04-19 03:28:50 +02:00			`- name: Allow SSH connexions`
			`ufw:`
			`rule: limit`
			`port: ssh`
			`proto: tcp`

Add mastodon service 2021-01-01 23:39:04 +01:00
import du dossier ansible 2020-04-19 03:28:50 +02:00			`- name: Set logging off`
			`ufw:`
			`logging: 'off'`

			`- name: Deny everything and enable UFW`
			`ufw:`
			`state: enabled`
			`policy: deny`