drpuur
/
wo-bisch-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wo-bisch-server/ansible/roles/common/tasks/main.yml

173 lines
3.3 KiB
YAML
Raw Blame History

---
- name: install basic packages
yum:
name: "{{ packages }}"
vars:
packages:
- langpacks-en
- langpacks-de
- glibc-all-langpacks
- podman
- sysstat
- mailx
- bind-utils
- epel-release
- setroubleshoot-server
- socat
- unzip
- wget
- git
- bzip2
- name: Enable SELinux
selinux:
policy: targeted
state: enforcing
- name: disable kdump
systemd:
name: kdump
enabled: no
- name: Add Group appuser
group:
name: appuser
gid: 1000
state: present
- name: Add User appuser
user:
name: appuser
shell: /bin/bash
uid: 1000
group: appuser
- name: Change permission of /home/appuser
file:
path: /home/appuser
state: directory
owner: appuser
group: appuser
mode: '0755'
- name: Create /home/appuser/wo-bisch-web
file:
path: /home/appuser/wo-bisch-web
state: directory
owner: appuser
group: appuser
mode: '0755'
- name: Allow apache to read files in /home/appuser/wo-bisch-web
sefcontext:
target: '/home/appuser/wo-bisch-web(/.*)?'
setype: httpd_sys_content_t
state: present
notify:
- Restore selinux context
- name: allow root SSH with key only
lineinfile: dest=/etc/ssh/sshd_config
regexp="^PermitRootLogin"
line="PermitRootLogin without-password"
state=present
notify: Restart ssh
- name: create /etc/hosts from template
template:
src: hosts.j2
dest: /etc/hosts
owner: root
group: root
backup: yes
mode: '0644'
- name: install zabbix agent
yum:
name: zabbix40-agent
- name: enable zabbix agent
systemd:
name: zabbix-agent
enabled: yes
- name: zabbix config
lineinfile: dest=/etc/zabbix/zabbix_agentd.conf
regexp="^Server="
line="Server={{ zabbix_server_ip }}"
state=present
notify: Restart zabbix-agent
- name: install postfix
yum:
name: postfix
- name: enable postfix
systemd:
name: postfix
enabled: yes
- name: postfix config
lineinfile: dest=/etc/postfix/main.cf
regexp="^relayhost"
line="relayhost = [{{ mailserver }}]:25"
state=present
notify: Restart postfix
- name: postfix config
lineinfile: dest=/etc/postfix/main.cf
regexp="^myhostname"
line="myhostname = {{ ansible_hostname }}.{{ my_domain }}"
state=present
notify: Restart postfix
- name: create .forward file
copy:
dest: "/root/.forward"
content: "{{ mail_forward_address }}\n"
- name: install fail2ban
yum:
name: fail2ban
- name: enable fail2ban
systemd:
name: fail2ban
enabled: yes
- name: copy fail2ban config
copy:
src: jail.local
dest: /etc/fail2ban/jail.local
mode: '0644'
notify: Restart fail2ban
- name: setup firewalld rules - services
firewalld:
service: "{{ item }}"
permanent: yes
state: enabled
loop:
- ssh
- http
- https
notify: reload firewalld
- name: setup firewalld rules - remove services
firewalld:
service: "{{ item }}"
permanent: yes
state: disabled
loop:
- cockpit
notify: reload firewalld
- name: setup firewalld rules - ports
firewalld:
port: "{{ item }}"
permanent: yes
state: enabled
loop:
- 10050/tcp
notify: reload firewalld
Reference in New Issue View Git Blame Copy Permalink