space_server: update for Fedora 29

7 files changed, 32 insertions, 26 deletions

diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml
index 1161863..f4decb8 100644
--- a/roles/space_server/tasks/avahi.yml
+++ b/roles/space_server/tasks/avahi.yml
@@ -1,11 +1,10 @@
 ---
 - name: Install avahi, tools and nss-mdns
   dnf:
-    name: '{{ item }}'
+    name:
+    - avahi-tools # pulls in avahi package
+    - nss-mdns
     state: present
-  with_items:
-  - avahi-tools # pulls in avahi package
-  - nss-mdns
   tags:
   - packages
 
diff --git a/roles/space_server/tasks/bird.yml b/roles/space_server/tasks/bird.yml
index cdf402b..aeaa7bd 100644
--- a/roles/space_server/tasks/bird.yml
+++ b/roles/space_server/tasks/bird.yml
@@ -1,11 +1,10 @@
 ---
 - name: Install bird and bird6 packages
   dnf:
-    name: '{{ item }}'
+    name:
+    - bird
+    - bird6
     state: present
-  with_items:
-  - bird
-  - bird6
   tags:
   - packages
 
diff --git a/roles/space_server/tasks/kernel.yml b/roles/space_server/tasks/kernel.yml
index b87bccc..d22fa86 100644
--- a/roles/space_server/tasks/kernel.yml
+++ b/roles/space_server/tasks/kernel.yml
@@ -10,11 +10,15 @@
   - '/etc/kernel'
   - '/etc/kernel/install.d'
 
-- name: Mask grubby
+- name: Mask grub and grubby
   file:
-    path: '/etc/kernel/install.d/20-grubby.install'
+    path: '/etc/kernel/install.d/{{ item }}'
     src: '/dev/null'
     state: link
+    force: yes
+  with_items:
+  - 20-grub.install
+  - 20-grubby.install
 
 - name: Create syslinux loader entry and menu
   copy:
diff --git a/roles/space_server/tasks/nftables.yml b/roles/space_server/tasks/nftables.yml
index 1f56a93..a589980 100644
--- a/roles/space_server/tasks/nftables.yml
+++ b/roles/space_server/tasks/nftables.yml
@@ -14,14 +14,6 @@
   tags:
   - packages
 
-- name: Symlink to /etc/nftables.conf
-  file:
-    path: '/etc/sysconfig/nftables.conf'
-    src: '../nftables.conf'
-    state: link
-    force: yes
-  notify:
-  - reload nftables
 - name: Configure nftables
   copy:
     dest: '/etc/nftables.conf'
@@ -32,6 +24,15 @@
   notify:
   - reload nftables
 
+- name: Symlink to /etc/nftables.conf
+  file:
+    path: '/etc/sysconfig/nftables.conf'
+    src: '../nftables.conf'
+    state: link
+    force: yes
+  notify:
+  - reload nftables
+
 - name: Enable nftables service
   systemd:
     name: nftables.service
diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml
index 972cc40..d66d8f6 100644
--- a/roles/space_server/tasks/radius.yml
+++ b/roles/space_server/tasks/radius.yml
@@ -1,12 +1,11 @@
 ---
 - name: Install freeradius-python, curl and diffutils package
   dnf:
-    name: '{{ item }}'
+    name:
+    - freeradius-python
+    - curl
+    - diffutils
     state: present
-  with_items:
-  - freeradius-python
-  - curl
-  - diffutils
   tags:
   - packages
 
diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml
index 63f3367..176ee5a 100644
--- a/roles/space_server/tasks/sshd.yml
+++ b/roles/space_server/tasks/sshd.yml
@@ -36,9 +36,11 @@
     regexp: '{{ item.regexp }}'
     line: '{{ item.line }}'
   with_items:
+  - regexp: '^[# ]*PermitRootLogin'
+    line: 'PermitRootLogin no'
   - regexp: '^PasswordAuthentication'
     line: 'PasswordAuthentication no'
-  - regexp: '^#*GSSAPIAuthentication'
+  - regexp: '^[# ]*GSSAPIAuthentication'
     line: 'GSSAPIAuthentication no'
   notify:
   - restart sshd
diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml
index 81199b9..a3726a0 100644
--- a/roles/space_server/tasks/unbound.yml
+++ b/roles/space_server/tasks/unbound.yml
@@ -1,7 +1,9 @@
 ---
 - name: Install unbound package
   dnf:
-    name: unbound
+    name:
+    - policycoreutils # needed for unbound-keygen.service
+    - unbound
     state: present
   tags:
   - packages
@@ -37,4 +39,4 @@
     group: root
     mode: 0644
 
-# vim: set ts=2 sw=2 et ft=yaml:
+# vim: set ts=2 sw=2 et: