commit 860ebab4547a064472ae005f62e4dd11e5f9dad2 Author: Adrien Date: Mon Oct 8 19:27:53 2018 +0200 Externalize role diff --git a/files/hosts.allow b/files/hosts.allow new file mode 100644 index 0000000..5346bb6 --- /dev/null +++ b/files/hosts.allow @@ -0,0 +1,33 @@ +# +# hosts.allow This file contains access rules which are used to +# allow or deny connections to network services that +# either use the tcp_wrappers library or that have been +# started through a tcp_wrappers-enabled xinetd. +# +# See 'man 5 hosts_options' and 'man 5 hosts_access' +# for information on rule syntax. +# See 'man tcpd' for information on tcp_wrappers +# +sshd:ALL + +# Pour NFS +#portmap:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0 +#lockd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0 +#mountd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0 +#rquotad:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0 +#statd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0 + +# Pour Saned +#sane:172.16.0.0/255.255.255.0 + +# Pour ProFTPd +#in.ftpd:ALL + +# Pour le tftp +#in.tftpd:172.16.0.0/255.255.255.0 192.168.1.1 + +# Pour VMware +#vmware-authd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0 + +# Pour SNMP +#snmpd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0 diff --git a/files/hosts.deny b/files/hosts.deny new file mode 100644 index 0000000..d32e66f --- /dev/null +++ b/files/hosts.deny @@ -0,0 +1,14 @@ +# +# hosts.deny This file contains access rules which are used to +# deny connections to network services that either use +# the tcp_wrappers library or that have been +# started through a tcp_wrappers-enabled xinetd. +# +# The rules in this file can also be set up in +# /etc/hosts.allow with a 'deny' option instead. +# +# See 'man 5 hosts_options' and 'man 5 hosts_access' +# for information on rule syntax. +# See 'man tcpd' for information on tcp_wrappers +# +ALL:ALL EXCEPT 127.0.0.1:DENY diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..77ec7c8 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,56 @@ +--- +- name: Include vars for {{ ansible_os_family }} + include_vars: "{{ ansible_os_family }}.yml" + +- name: Install repo definition packages for {{ ansible_os_family }} + package: name="{{ item }}" update_cache=yes state=latest + with_items: + - epel-release + +- name: Install base packages for {{ ansible_os_family }} + package: name="{{ base_packages }}" update_cache=yes state=latest + +- name: echo 'LANG="{{ locale }}"' > /etc/locale.conf + template: src=locale.conf.j2 dest=/etc/locale.conf owner=root group=root mode=0644 + +# ln -sf ../usr/share/zoneinfo/Europe/Paris /etc/localtime +- name: timedatectl set-timezone "{{ timezone }}"; timedatectl set-local-rtc no + timezone: name={{ timezone }} hwclock=UTC + +# echo UTC >> /etc/adjtime + +#cat /etc/adjtime +#0.0 0 0.0 +#0 +#UTC + +- name: upgrade all packages + package: name=* update_cache=yes state=latest + +- name: Install install_pxe.sh script + copy: src=usr/local/sbin/install_pxe.sh dest=/usr/local/sbin/install_pxe.sh owner=root group=root mode=0755 + +- name: Enable rngd service + service: name=rngd state=started enabled=yes +- name: Ensure rngd service is started + service: name=rngd state=started + +- name: Compress logs + replace: path=/etc/logrotate.conf regexp='^#compress' replace='compress' + +- name: Verify if hosts.deny TCP_Wrappers file exists + stat: path="/etc/hosts.deny" + register: hostsdeny +- name: Verify if hosts.allow TCP_Wrappers file exists + stat: path="/etc/hosts.allow" + register: hostsallow + +- name: Install hosts.deny TCP_Wrappers file + copy: src="hosts.deny" dest="/etc/hosts.deny" owner=root group=root mode=0644 + when: + - not hostsdeny.stat.exists +- name: Install hosts.allow TCP_Wrappers file + copy: src="hosts.allow" dest="/etc/hosts.allow" owner=root group=root mode=0644 + when: + - not hostsallow.stat.exists + diff --git a/templates/locale.conf.j2 b/templates/locale.conf.j2 new file mode 100644 index 0000000..0de779a --- /dev/null +++ b/templates/locale.conf.j2 @@ -0,0 +1,5 @@ +{% if locale is defined %} +LANG="{{ locale }}" +{% else %} +LANG="en_US.UTF-8" +{% endif %} diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..e6115a0 --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,15 @@ +--- +base_packages: + - "@core" + - tcp_wrappers + - NetworkManager-config-server +# - aide + - chrony +# - libcap-ng-utils + - rng-tools + - usbutils + - pigz + - pxz + - patch + - bash-completion + - libselinux-python