124 lines
2.7 KiB
YAML
124 lines
2.7 KiB
YAML
---
|
|
|
|
- name: Include apache role
|
|
include_role:
|
|
name: "apache"
|
|
|
|
- name: Add elements to user account template
|
|
file:
|
|
path: "/etc/skel/{{ item.path }}"
|
|
state: "{{ item.state }}"
|
|
mode: "{{ item.mode }}"
|
|
with_items:
|
|
- { path: log, mode: "0750", state: directory }
|
|
- { path: awstats, mode: "0750", state: directory }
|
|
- { path: www, mode: "0750", state: directory }
|
|
|
|
- name: Copy apache empty log files if missing
|
|
copy:
|
|
src: "log/{{ item }}"
|
|
dest: "/etc/skel/log/{{ item }}"
|
|
mode: "0644"
|
|
force: no
|
|
with_items:
|
|
- access.log
|
|
- error.log
|
|
|
|
- name: Install userlogrotate
|
|
copy:
|
|
src: userlogrotate
|
|
dest: /etc/cron.weekly/userlogrotate
|
|
mode: "0755"
|
|
|
|
- name: Force DIR_MODE to 0750 in /etc/adduser.conf
|
|
lineinfile:
|
|
dest: /etc/adduser.conf
|
|
regexp: '^DIR_MODE='
|
|
line: 'DIR_MODE=0750'
|
|
|
|
- include: apache.yml
|
|
|
|
- include: php.yml
|
|
|
|
- include: phpmyadmin.yml
|
|
|
|
- include: awstats.yml
|
|
|
|
- name: Remove read permission on some folders (/, /etc, ...)
|
|
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
|
|
register: command_result
|
|
changed_when: "'changed' in command_result.stdout"
|
|
failed_when: False
|
|
with_items:
|
|
- /
|
|
- /etc
|
|
- /usr
|
|
- /usr/bin
|
|
- /var
|
|
- /var/log
|
|
- /home
|
|
- /bin
|
|
- /sbin
|
|
- /lib
|
|
- /usr/lib
|
|
- /usr/include
|
|
- /usr/bin
|
|
- /usr/sbin
|
|
- /usr/share
|
|
- /usr/share/doc
|
|
- /etc/default
|
|
|
|
- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
|
|
shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
|
|
register: command_result
|
|
changed_when: "'changed' in command_result.stdout"
|
|
failed_when: False
|
|
with_items:
|
|
- /var/log/apt
|
|
- /var/lib/dpkg
|
|
- /var/log/munin
|
|
- /var/backups
|
|
- /var/cache/apt
|
|
- /etc/init.d
|
|
- /etc/apt
|
|
- /etc/apache2
|
|
- /etc/network
|
|
- /etc/phpmyadmin
|
|
- /var/log/installer
|
|
|
|
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
|
|
shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
|
|
register: command_result
|
|
changed_when: "'changed' in command_result.stdout"
|
|
failed_when: False
|
|
with_items:
|
|
- /bin/ping
|
|
- /bin/ping6
|
|
- /usr/bin/fping
|
|
- /usr/bin/fping6
|
|
- /usr/bin/mtr
|
|
|
|
- name: Set 640 permission on some files (/var/log/evolix.log, ...)
|
|
shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
|
|
register: command_result
|
|
changed_when: "'changed' in command_result.stdout"
|
|
failed_when: False
|
|
with_items:
|
|
- /var/log/evolix.log
|
|
- /etc/warnquota.conf
|
|
|
|
- name: Remove some log files (/var/log/mail.err, ...)
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /var/log/debug
|
|
- /var/log/mail.err
|
|
- /var/log/mail.warn
|
|
|
|
- name: Install Evoadmin
|
|
include_role:
|
|
name: evoadmin
|
|
vars:
|
|
evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}"
|