aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/tasks
diff options
context:
space:
mode:
authorEmil Renner Berthing <esmil@labitat.dk>2018-09-22 15:29:45 +0200
committerEmil Renner Berthing <esmil@labitat.dk>2018-11-10 22:31:14 +0100
commit311893c3bc2bbd18669b5c80bf884e9d25889b74 (patch)
tree19b9b3664a9d29fcd30cf82ccf82037be5c9f726 /roles/space_server/tasks
parent9454fdbff511e965e4fd9eb187b7fe432dcd437e (diff)
downloadlabitat-ansible-311893c3bc2bbd18669b5c80bf884e9d25889b74.tar.gz
labitat-ansible-311893c3bc2bbd18669b5c80bf884e9d25889b74.tar.xz
labitat-ansible-311893c3bc2bbd18669b5c80bf884e9d25889b74.zip
space_server: update for Fedora 29
Diffstat (limited to 'roles/space_server/tasks')
-rw-r--r--roles/space_server/tasks/avahi.yml7
-rw-r--r--roles/space_server/tasks/bird.yml7
-rw-r--r--roles/space_server/tasks/kernel.yml8
-rw-r--r--roles/space_server/tasks/nftables.yml17
-rw-r--r--roles/space_server/tasks/radius.yml9
-rw-r--r--roles/space_server/tasks/sshd.yml4
-rw-r--r--roles/space_server/tasks/unbound.yml6
7 files changed, 32 insertions, 26 deletions
diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml
index 1161863..f4decb8 100644
--- a/roles/space_server/tasks/avahi.yml
+++ b/roles/space_server/tasks/avahi.yml
@@ -1,11 +1,10 @@
---
- name: Install avahi, tools and nss-mdns
dnf:
- name: '{{ item }}'
+ name:
+ - avahi-tools # pulls in avahi package
+ - nss-mdns
state: present
- with_items:
- - avahi-tools # pulls in avahi package
- - nss-mdns
tags:
- packages
diff --git a/roles/space_server/tasks/bird.yml b/roles/space_server/tasks/bird.yml
index cdf402b..aeaa7bd 100644
--- a/roles/space_server/tasks/bird.yml
+++ b/roles/space_server/tasks/bird.yml
@@ -1,11 +1,10 @@
---
- name: Install bird and bird6 packages
dnf:
- name: '{{ item }}'
+ name:
+ - bird
+ - bird6
state: present
- with_items:
- - bird
- - bird6
tags:
- packages
diff --git a/roles/space_server/tasks/kernel.yml b/roles/space_server/tasks/kernel.yml
index b87bccc..d22fa86 100644
--- a/roles/space_server/tasks/kernel.yml
+++ b/roles/space_server/tasks/kernel.yml
@@ -10,11 +10,15 @@
- '/etc/kernel'
- '/etc/kernel/install.d'
-- name: Mask grubby
+- name: Mask grub and grubby
file:
- path: '/etc/kernel/install.d/20-grubby.install'
+ path: '/etc/kernel/install.d/{{ item }}'
src: '/dev/null'
state: link
+ force: yes
+ with_items:
+ - 20-grub.install
+ - 20-grubby.install
- name: Create syslinux loader entry and menu
copy:
diff --git a/roles/space_server/tasks/nftables.yml b/roles/space_server/tasks/nftables.yml
index 1f56a93..a589980 100644
--- a/roles/space_server/tasks/nftables.yml
+++ b/roles/space_server/tasks/nftables.yml
@@ -14,14 +14,6 @@
tags:
- packages
-- name: Symlink to /etc/nftables.conf
- file:
- path: '/etc/sysconfig/nftables.conf'
- src: '../nftables.conf'
- state: link
- force: yes
- notify:
- - reload nftables
- name: Configure nftables
copy:
dest: '/etc/nftables.conf'
@@ -32,6 +24,15 @@
notify:
- reload nftables
+- name: Symlink to /etc/nftables.conf
+ file:
+ path: '/etc/sysconfig/nftables.conf'
+ src: '../nftables.conf'
+ state: link
+ force: yes
+ notify:
+ - reload nftables
+
- name: Enable nftables service
systemd:
name: nftables.service
diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml
index 972cc40..d66d8f6 100644
--- a/roles/space_server/tasks/radius.yml
+++ b/roles/space_server/tasks/radius.yml
@@ -1,12 +1,11 @@
---
- name: Install freeradius-python, curl and diffutils package
dnf:
- name: '{{ item }}'
+ name:
+ - freeradius-python
+ - curl
+ - diffutils
state: present
- with_items:
- - freeradius-python
- - curl
- - diffutils
tags:
- packages
diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml
index 63f3367..176ee5a 100644
--- a/roles/space_server/tasks/sshd.yml
+++ b/roles/space_server/tasks/sshd.yml
@@ -36,9 +36,11 @@
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
with_items:
+ - regexp: '^[# ]*PermitRootLogin'
+ line: 'PermitRootLogin no'
- regexp: '^PasswordAuthentication'
line: 'PasswordAuthentication no'
- - regexp: '^#*GSSAPIAuthentication'
+ - regexp: '^[# ]*GSSAPIAuthentication'
line: 'GSSAPIAuthentication no'
notify:
- restart sshd
diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml
index 81199b9..a3726a0 100644
--- a/roles/space_server/tasks/unbound.yml
+++ b/roles/space_server/tasks/unbound.yml
@@ -1,7 +1,9 @@
---
- name: Install unbound package
dnf:
- name: unbound
+ name:
+ - policycoreutils # needed for unbound-keygen.service
+ - unbound
state: present
tags:
- packages
@@ -37,4 +39,4 @@
group: root
mode: 0644
-# vim: set ts=2 sw=2 et ft=yaml:
+# vim: set ts=2 sw=2 et: