76 lines
1.4 KiB
YAML
76 lines
1.4 KiB
YAML
---
|
|
|
|
- name: Disable ssh password authentication
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^.*PasswordAuthentication yes"
|
|
line: "PasswordAuthentication no"
|
|
backrefs: yes
|
|
|
|
- name: Reload sshd service
|
|
service:
|
|
name: sshd
|
|
state: reloaded
|
|
|
|
|
|
- name: Update & upgrade system
|
|
apt:
|
|
update_cache: yes
|
|
upgrade: dist
|
|
|
|
- name: Install common required packages
|
|
apt:
|
|
name: "{{ commonRequirePackages }}"
|
|
state: present
|
|
|
|
- name: Remove useless stuff
|
|
apt:
|
|
name: "{{ commonDeletePackages }}"
|
|
state: absent
|
|
|
|
- name: Set the hostname
|
|
hostname:
|
|
name: "{{ cthostname }}"
|
|
|
|
- name: Set locales
|
|
locale_gen:
|
|
name: "{{ locales }}"
|
|
state: present
|
|
|
|
- name: Set the Timezone to {{ Area }}/{{ City }}
|
|
shell: "ln -sf /usr/share/zoneinfo/{{ Area}}/{{ City }} /etc/localtime"
|
|
|
|
- name: Fix /etc/hosts removing the old hostname
|
|
tags:
|
|
- hosts
|
|
lineinfile:
|
|
state: present
|
|
dest: /etc/hosts
|
|
line: "{{ ansible_default_ipv4.address }} {{ cthostname }} {{ domain }}"
|
|
regexp: "^{{ ansible_default_ipv4.address }}"
|
|
|
|
# On créé un utilisateur si il le faut.
|
|
- name: create user {{ username }}
|
|
user:
|
|
name: "{{ username }}"
|
|
system: yes
|
|
createhome: yes
|
|
when: create_user
|
|
|
|
# Régles de parefeu.
|
|
- name: Allow SSH connexions
|
|
ufw:
|
|
rule: limit
|
|
port: ssh
|
|
proto: tcp
|
|
|
|
|
|
- name: Set logging off
|
|
ufw:
|
|
logging: 'off'
|
|
|
|
- name: Deny everything and enable UFW
|
|
ufw:
|
|
state: enabled
|
|
policy: deny
|