Linux/Ansible

From Wiki
< Linux
Revision as of 15:00, 11 November 2018 by Marcluer (talk | contribs)

/srv/ansible-config/roles/<role-name>/tasks/main.yml

  • apt:
- name: update apt
  apt:
    update_cache: yes
    cache_valid_time: 3600

- name: install apt packages
  apt:
    name: ["aptitude", "git", "mc", "nmap"]
  • systemd:
- name: reload systemd config
  systemd:
    daemon_reload: yes

- name: restart fail2ban
  systemd:
    name: fail2ban
    state: restarted
  • copy files:
- name: copy openvpn client config files
  copy:
    src: ../files/
    dest: /etc/openvpn

- name: enable fail2ban config
  copy:
    src: /etc/fail2ban/fail2ban.conf
    dest: /etc/fail2ban/fail2ban.local
    remote_src: yes
  • edit files:
- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"

- name: enable openvpn in /etc/default/openvpn
  lineinfile:
    path: /etc/default/openvpn
    line: AUTOSTART="all"
    create: yes                   # create if file does not exist (default: no)
    backup: yes                   # create a backup file (default: no)
    state: absent                 # the line should not be there
    state: present                # the line should be there (default)
    mode: '644'
    owner: root
    group: root
    insertbefore: BOF
    insertafter: EOF

- name: change sudoers
  lineinfile:
    path: /etc/sudoers
    state: present
    regexp: '^%ADMIN ALL='
    line: '%ADMIN ALL=(ALL) NOPASSWD: ALL'
    validate: '/usr/sbin/visudo -cf %s'