API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 28th, 2017
102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.55 KB | None | 0 0
raw download clone embed print report
  1. - hosts: all
  2. gather_facts: false
  3.  
  4. pre_tasks:
  5. - name: install python needed for ansible modules to work
  6. raw: sudo bash -c "test -e /usr/bin/python || (apt -qqy update && apt install -qy python-minimal)"
  7.  
  8. tasks:
  9. - name: Add server user
  10. user: name={{ ubuntu_common_server_user_name }}
  11. password="{{ ubuntu_common_server_password | password_hash('sha512') }}"
  12. shell=/bin/bash
  13. update_password=always
  14.  
  15. - name: Add authorized keys for server user
  16. authorized_key: user={{ ubuntu_common_server_user_name }} key="{{ lookup('file', item) }}"
  17. with_items: ubuntu_common_server_public_keys
  18.  
  19. - name: Add server user to sudoers
  20. lineinfile: dest=/etc/sudoers
  21. regexp="{{ ubuntu_common_server_user_name }} ALL"
  22. line="{{ ubuntu_common_server_user_name }} ALL=(ALL) ALL"
  23. state=present
  24.  
  25. - name: update APT package cache
  26. apt: update_cache=yes cache_valid_time=3600
  27.  
  28. - name: Upgrade APT to the latest packages
  29. apt: upgrade=safe
  30.  
  31. - name: Install required packages
  32. apt: state=installed pkg={{ item }}
  33. with_items: ubuntu_common_required_packages
  34.  
  35. - name: Setup ufw
  36. ufw: state=enabled policy=deny
  37.  
  38. - name: Allow ssh traffic
  39. ufw: rule=allow port={{ ubuntu_common_ssh_port}} proto=tcp
  40.  
  41. - name: Set up Postfix to relay mail
  42. debconf: name=postfix
  43. question='{{ item.question }}'
  44. value='{{ item.value }}'
  45. vtype='{{ item.vtype }}'
  46. with_items:
  47. - { question: 'postfix/mailname', value: 'pixellane.com', vtype: 'string' }
  48. - { question: 'postfix/main_mailer_type', value: 'Internet Site', vtype: 'string' }
  49.  
  50. - name: Email log summary daily
  51. lineinfile: dest=/etc/cron.daily/00logwatch
  52. regexp="^/usr/sbin/logwatch"
  53. line="/usr/sbin/logwatch --output mail --mailto {{ ubuntu_common_logwatch_email }} --detail high"
  54. state=present create=yes
  55.  
  56. - name: Disallow password authentication
  57. lineinfile: dest=/etc/ssh/sshd_config
  58. regexp="^PasswordAuthentication"
  59. line="PasswordAuthentication no"
  60. state=present
  61. notify: Restart ssh
  62.  
  63. - name: Disallow root SSH access
  64. lineinfile: dest=/etc/ssh/sshd_config
  65. regexp="^PermitRootLogin"
  66. line="PermitRootLogin-= no"
  67. state=present
  68. notify: Restart ssh
  69. tags:
  70. - becareful
  71.  
  72. handlers:
  73. - name: Restart ssh
  74. service: name=ssh state=restarted
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!