normalize some arguments positions
This commit is contained in:
parent
42d1cb7906
commit
a94c94018c
|
@ -16,12 +16,12 @@
|
|||
- name: "Security directives for Evolinux (Debian 10 or later)"
|
||||
blockinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
marker: "# {mark} EVOLINUX PASSWORD RESTRICTIONS"
|
||||
block: |
|
||||
Match Address {{ evolinux_ssh_password_auth_addresses | join(',') }}
|
||||
PasswordAuthentication yes
|
||||
Match Group evolix
|
||||
PasswordAuthentication no
|
||||
marker: "# {mark} EVOLINUX PASSWORD RESTRICTIONS"
|
||||
insertafter: EOF
|
||||
validate: '/usr/sbin/sshd -T -f %s'
|
||||
notify: reload sshd
|
||||
|
@ -32,10 +32,10 @@
|
|||
- name: Security directives for Evolinux (Jessie/Stretch)
|
||||
blockinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
marker: "# {mark} EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
|
||||
block: |
|
||||
Match Address {{ evolinux_ssh_password_auth_addresses | join(',') }}
|
||||
PasswordAuthentication yes
|
||||
marker: "# {mark} EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
|
||||
insertafter: EOF
|
||||
validate: '/usr/sbin/sshd -T -f %s'
|
||||
notify: reload sshd
|
||||
|
|
|
@ -26,9 +26,9 @@
|
|||
- name: Begin marker for IP addresses
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
|
||||
insertbefore: '^# Main interface'
|
||||
create: no
|
||||
|
||||
- name: End marker for IP addresses
|
||||
lineinfile:
|
||||
|
@ -47,7 +47,6 @@
|
|||
- name: Configure IP addresses
|
||||
blockinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR IPS"
|
||||
content: |
|
||||
# Main interface
|
||||
|
@ -66,26 +65,26 @@
|
|||
# Privilegied IPv4 addresses for semi-public services
|
||||
# (no need to add again TRUSTEDIPS)
|
||||
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
|
||||
create: no
|
||||
register: minifirewall_config_ips
|
||||
|
||||
- name: Begin marker for ports
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
|
||||
insertbefore: '^# Protected services'
|
||||
create: no
|
||||
|
||||
- name: End marker for ports
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
|
||||
insertafter: '^SERVICESUDP3='
|
||||
create: no
|
||||
|
||||
- name: Configure ports
|
||||
blockinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR PORTS"
|
||||
content: |
|
||||
# Protected services
|
||||
|
@ -104,70 +103,71 @@
|
|||
# Private services (IPv4)
|
||||
SERVICESTCP3='{{ minifirewall_private_ports_tcp | join(' ') }}'
|
||||
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
|
||||
create: no
|
||||
register: minifirewall_config_ports
|
||||
|
||||
- name: Configure DNSSERVEURS
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "DNSSERVEURS='{{ minifirewall_dns_servers | join(' ') }}'"
|
||||
regexp: "DNSSERVEURS='.*'"
|
||||
create: no
|
||||
when: minifirewall_dns_servers is not none
|
||||
|
||||
- name: Configure HTTPSITES
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'"
|
||||
regexp: "HTTPSITES='.*'"
|
||||
create: no
|
||||
when: minifirewall_http_sites is not none
|
||||
|
||||
- name: Configure HTTPSSITES
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "HTTPSSITES='{{ minifirewall_https_sites | join(' ') }}'"
|
||||
regexp: "HTTPSSITES='.*'"
|
||||
create: no
|
||||
when: minifirewall_https_sites is not none
|
||||
|
||||
- name: Configure FTPSITES
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "FTPSITES='{{ minifirewall_ftp_sites | join(' ') }}'"
|
||||
regexp: "FTPSITES='.*'"
|
||||
create: no
|
||||
when: minifirewall_ftp_sites is not none
|
||||
|
||||
- name: Configure SSHOK
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "SSHOK='{{ minifirewall_ssh_ok | join(' ') }}'"
|
||||
regexp: "SSHOK='.*'"
|
||||
create: no
|
||||
when: minifirewall_ssh_ok is not none
|
||||
|
||||
- name: Configure SMTPOK
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "SMTPOK='{{ minifirewall_smtp_ok | join(' ') }}'"
|
||||
regexp: "SMTPOK='.*'"
|
||||
create: no
|
||||
when: minifirewall_smtp_ok is not none
|
||||
|
||||
- name: Configure SMTPSECUREOK
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "SMTPSECUREOK='{{ minifirewall_smtp_secure_ok | join(' ') }}'"
|
||||
regexp: "SMTPSECUREOK='.*'"
|
||||
create: no
|
||||
when: minifirewall_smtp_secure_ok is not none
|
||||
|
||||
- name: Configure NTPOK
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
create: no
|
||||
line: "NTPOK='{{ minifirewall_ntp_ok | join(' ') }}'"
|
||||
regexp: "NTPOK='.*'"
|
||||
create: no
|
||||
when: minifirewall_ntp_ok is not none
|
||||
|
||||
- name: evomaintenance
|
||||
|
|
|
@ -77,6 +77,7 @@
|
|||
- name: adjustments for grsec kernel
|
||||
blockinfile:
|
||||
dest: /etc/munin/plugin-conf.d/munin-node
|
||||
marker: "# {mark} GRSECURITY CUSTOMIZATIONS"
|
||||
block: |
|
||||
|
||||
[processes]
|
||||
|
|
|
@ -78,10 +78,10 @@
|
|||
- name: "Rbenv is initialized in profile for {{ username }}"
|
||||
blockinfile:
|
||||
dest: '~{{ username }}/.profile'
|
||||
marker: "# {mark} ANSIBLE MANAGED RBENV INIT"
|
||||
block: |
|
||||
export PATH="{{ rbenv_root }}/bin:$PATH"
|
||||
eval "$(rbenv init -)"
|
||||
marker: "# {mark} ANSIBLE MANAGED RBENV INIT"
|
||||
become_user: "{{ username }}"
|
||||
become: yes
|
||||
tags:
|
||||
|
|
Loading…
Reference in a new issue