drpuur
/
mailserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mailserver/ansible/roles/common/tasks/main.yml

111 lines
1.9 KiB
YAML
Raw Blame History

---
- name: install basic packages
yum:
name: "{{ packages }}"
vars:
packages:
- langpacks-en
- langpacks-de
- glibc-all-langpacks
- sysstat
- mailx
- bind-utils
- epel-release
- setroubleshoot-server
- telnet
- git
- yum-utils
- wget
- unzip
- tar
- name: Enable SELinux
selinux:
policy: targeted
state: enforcing
- name: disable kdump
systemd:
name: kdump
enabled: no
- name: allow root SSH with key only
lineinfile: dest=/etc/ssh/sshd_config
regexp="^PermitRootLogin"
line="PermitRootLogin without-password"
state=present
notify: Restart ssh
- name: create /etc/hosts from template
template:
src: hosts.j2
dest: /etc/hosts
owner: root
group: root
backup: yes
mode: '0644'
- name: install fail2ban
yum:
name: fail2ban
- name: enable fail2ban
systemd:
name: fail2ban
enabled: yes
- name: copy fail2ban config
copy:
src: jail.local
dest: /etc/fail2ban/jail.local
mode: '0644'
notify: Restart fail2ban
- name: setup firewalld rules - services
firewalld:
service: "{{ item }}"
permanent: yes
state: enabled
immediate: yes
loop:
- ssh
- http
- https
- smtp
- smtps
- imap
- imaps
- pop3
- pop3s
- managesieve
notify: reload firewalld
- name: setup firewalld rules - remove services
firewalld:
service: "{{ item }}"
permanent: yes
state: disabled
immediate: yes
loop:
- cockpit
notify: reload firewalld
- name: setup firewalld rules - ports
firewalld:
port: "{{ item }}"
permanent: yes
state: enabled
immediate: yes
loop:
- 10050/tcp
- 587/tcp
notify: reload firewalld
- name: Create ~/.forward
copy:
content: 'joerg.lehmann@nbit.ch'
dest: "/root/.forward"
owner: root
group: root
mode: '0644'
Reference in New Issue View Git Blame Copy Permalink