This repository has been archived by the owner on Nov 19, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
bbb.yml
98 lines (78 loc) · 2.68 KB
/
bbb.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
- hosts: all
vars:
debian_flavor: ubuntu
iconfig_system_locale: 'en_US.UTF-8'
config_system_language: 'en_US.UTF-8'
hostname: FIXME
domainnname: FIXME
scriptoptlemail: FIXME
scriptoptsturnsrv: FIXME: turn.linuxmuster.net
scriptoptsturnpw: FIXME
scriptoptversion: xenial-220
required_packages:
- ufw
- fail2ban
- vim
- language-pack-en
- apt-transport-https
- software-properties-common
- net-tools
- python3-apt
- openssh-server
- pwgen
ssh_port: 22
http_port: 80
https_port: 443
tasks:
- name: get lsb_release
shell: lsb_release -cs
register: release
- set_fact:
lsb_release={{ release.stdout }}
- name: Get system type
shell: uname -s
register: unames
- set_fact:
system={{ unames.stdout }}
- name: Get system architecture
shell: uname -m
register: unamem
- set_fact:
arch={{ unamem.stdout }}
- name: Update APT package cache
apt: update_cache=yes
- name: Upgrade APT to the latest packages
apt: upgrade=safe
- name: Install required packages
apt: state=present pkg={{ item }}
with_items: "{{ required_packages }}"
- name: Fix hosts file for FQDN
lineinfile:
state=present
dest=/etc/hosts
line="{{ ansible_default_ipv4.address }} {{ hostname }}.{{ domainnname }} {{ hostname }}"
regexp="^{{ ansible_default_ipv4.address }}"
- name: Change the hostname
hostname:
name="{{ hostname }}"
- name: Update APT package cache
apt: update_cache=yes
- name: Disallow ssh password authentication
lineinfile: dest=/etc/ssh/sshd_config
regexp="^PasswordAuthentication"
line="PasswordAuthentication no"
state=present
notify: Restart ssh
- name: Disallow root SSH access with passwords
lineinfile: dest=/etc/ssh/sshd_config
regexp="^PermitRootLogin"
line="PermitRootLogin without-password"
state=present
notify: Restart ssh
- name: Run /root/bbb-install.sh -v {{ scriptoptversion }} -s {{ hostname }}.{{ domainnname }} -e {{ scriptoptlemail }} -g -c {{ scriptoptsturnsrv }}:{{ scriptoptsturnpw }}
script: files/bbb-install.sh -v {{ scriptoptversion }} -s {{ hostname }}.{{ domainnname }} -e {{ scriptoptlemail }} -g -c {{ scriptoptsturnsrv }}:{{ scriptoptsturnpw }} > bbb-install.log
handlers:
- name: Restart ssh
service: name=ssh state=restarted
- name: Restart nginx
service: name=nginx state=restarted