-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirst_setup.yml
84 lines (64 loc) · 1.98 KB
/
first_setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
---
- name : first setup
become : yes
hosts : all
vars :
sshd_port: 4488
tasks :
- name : changing base console
shell : cmd=sudo usermod -s /bin/bash {{ ansible_user }}
- name : apt upgrading packages and update cache
apt : upgrade=yes
update_cache=yes
cache_valid_time=86400
- name : install Time Zone Database
apt : name=tzdata
state=latest
- name : setup Moscow timezone
timezone : name="Europe/Moscow"
- debug :
var : ansible_date_time.time
- debug :
var : ansible_date_time.tz_dst
- name: change ssh port
replace : path=/etc/ssh/sshd_config
regexp="#Port 22"
replace="Port '{{ sshd_port }}'"
- name : restriction root login
replace : path=/etc/ssh/sshd_config
regexp="#PermitRootLogin prohibit-password"
replace="PermitRootLogin no"
- name : restriction for PasswordAuthentication
lineinfile: dest=/etc/ssh/sshd_config
regexp="#PasswordAuthentication yes"
line="PasswordAuthentication no"
- name : coppy ssh_banner
copy : src=./ssh_banner
dest=/home/{{ ansible_user }}
- name : add banner
replace: path=/etc/ssh/sshd_config
regexp="#Banner none"
replace="Banner /home/{{ ansible_user }}/ssh_banner"
- name: Restart sshd
service :
name : sshd
state : restarted
- name: install UFW firewall
apt: name=ufw state=latest
- name: access to tcp port 80 and 443
ufw:
rule: allow
port: '{{ item }}'
proto: tcp
loop:
- 80
- 443
- '{{ sshd_port }}'
- name: activate ufw
ufw:
state: enabled
- shell: ufw status verbose
register: status
- debug:
var : status.stdout_lines
# ansible all -i hosts.txt -m setup