diff options
Diffstat (limited to 'roles/space_server/tasks')
-rw-r--r-- | roles/space_server/tasks/avahi.yml | 7 | ||||
-rw-r--r-- | roles/space_server/tasks/bird.yml | 7 | ||||
-rw-r--r-- | roles/space_server/tasks/kernel.yml | 8 | ||||
-rw-r--r-- | roles/space_server/tasks/nftables.yml | 17 | ||||
-rw-r--r-- | roles/space_server/tasks/radius.yml | 9 | ||||
-rw-r--r-- | roles/space_server/tasks/sshd.yml | 4 | ||||
-rw-r--r-- | roles/space_server/tasks/unbound.yml | 6 |
7 files changed, 32 insertions, 26 deletions
diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml index 1161863..f4decb8 100644 --- a/roles/space_server/tasks/avahi.yml +++ b/roles/space_server/tasks/avahi.yml @@ -1,11 +1,10 @@ --- - name: Install avahi, tools and nss-mdns dnf: - name: '{{ item }}' + name: + - avahi-tools # pulls in avahi package + - nss-mdns state: present - with_items: - - avahi-tools # pulls in avahi package - - nss-mdns tags: - packages diff --git a/roles/space_server/tasks/bird.yml b/roles/space_server/tasks/bird.yml index cdf402b..aeaa7bd 100644 --- a/roles/space_server/tasks/bird.yml +++ b/roles/space_server/tasks/bird.yml @@ -1,11 +1,10 @@ --- - name: Install bird and bird6 packages dnf: - name: '{{ item }}' + name: + - bird + - bird6 state: present - with_items: - - bird - - bird6 tags: - packages diff --git a/roles/space_server/tasks/kernel.yml b/roles/space_server/tasks/kernel.yml index b87bccc..d22fa86 100644 --- a/roles/space_server/tasks/kernel.yml +++ b/roles/space_server/tasks/kernel.yml @@ -10,11 +10,15 @@ - '/etc/kernel' - '/etc/kernel/install.d' -- name: Mask grubby +- name: Mask grub and grubby file: - path: '/etc/kernel/install.d/20-grubby.install' + path: '/etc/kernel/install.d/{{ item }}' src: '/dev/null' state: link + force: yes + with_items: + - 20-grub.install + - 20-grubby.install - name: Create syslinux loader entry and menu copy: diff --git a/roles/space_server/tasks/nftables.yml b/roles/space_server/tasks/nftables.yml index 1f56a93..a589980 100644 --- a/roles/space_server/tasks/nftables.yml +++ b/roles/space_server/tasks/nftables.yml @@ -14,14 +14,6 @@ tags: - packages -- name: Symlink to /etc/nftables.conf - file: - path: '/etc/sysconfig/nftables.conf' - src: '../nftables.conf' - state: link - force: yes - notify: - - reload nftables - name: Configure nftables copy: dest: '/etc/nftables.conf' @@ -32,6 +24,15 @@ notify: - reload nftables +- name: Symlink to /etc/nftables.conf + file: + path: '/etc/sysconfig/nftables.conf' + src: '../nftables.conf' + state: link + force: yes + notify: + - reload nftables + - name: Enable nftables service systemd: name: nftables.service diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml index 972cc40..d66d8f6 100644 --- a/roles/space_server/tasks/radius.yml +++ b/roles/space_server/tasks/radius.yml @@ -1,12 +1,11 @@ --- - name: Install freeradius-python, curl and diffutils package dnf: - name: '{{ item }}' + name: + - freeradius-python + - curl + - diffutils state: present - with_items: - - freeradius-python - - curl - - diffutils tags: - packages diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml index 63f3367..176ee5a 100644 --- a/roles/space_server/tasks/sshd.yml +++ b/roles/space_server/tasks/sshd.yml @@ -36,9 +36,11 @@ regexp: '{{ item.regexp }}' line: '{{ item.line }}' with_items: + - regexp: '^[# ]*PermitRootLogin' + line: 'PermitRootLogin no' - regexp: '^PasswordAuthentication' line: 'PasswordAuthentication no' - - regexp: '^#*GSSAPIAuthentication' + - regexp: '^[# ]*GSSAPIAuthentication' line: 'GSSAPIAuthentication no' notify: - restart sshd diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml index 81199b9..a3726a0 100644 --- a/roles/space_server/tasks/unbound.yml +++ b/roles/space_server/tasks/unbound.yml @@ -1,7 +1,9 @@ --- - name: Install unbound package dnf: - name: unbound + name: + - policycoreutils # needed for unbound-keygen.service + - unbound state: present tags: - packages @@ -37,4 +39,4 @@ group: root mode: 0644 -# vim: set ts=2 sw=2 et ft=yaml: +# vim: set ts=2 sw=2 et: |