Update..
This commit is contained in:
@ -24,22 +24,80 @@
|
||||
tags:
|
||||
- symlink-sh
|
||||
|
||||
- name: (basic.yml) Check file '/etc/systemd/system.conf' exists
|
||||
stat:
|
||||
path: /etc/systemd/system
|
||||
register: etc_systemd_system_conf
|
||||
when:
|
||||
- set_default_limit_nofile|bool == true
|
||||
|
||||
- name: (basic.yml) Change DefaultLimitNOFILE to 1048576
|
||||
lineinfile:
|
||||
dest: /etc/systemd/system.conf
|
||||
state: present
|
||||
regexp: '^DefaultLimitNOFILE'
|
||||
line: 'DefaultLimitNOFILE=1048576'
|
||||
insertafter: '^#DefaultLimitNOFILE'
|
||||
when:
|
||||
- set_default_limit_nofile|bool == true
|
||||
- etc_systemd_system_conf.stat.exists == true
|
||||
- name: (basic.yml) Ensure directory '/etc/systemd/system.conf.d' exists
|
||||
file:
|
||||
path: /etc/systemd/system.conf.d
|
||||
state: directory
|
||||
mode: 0755
|
||||
group: root
|
||||
owner: root
|
||||
when:
|
||||
- copy_plain_files_systemd is defined
|
||||
- copy_plain_files_systemd|length > 0
|
||||
tags:
|
||||
- systemd-nofiles
|
||||
- systemd-config
|
||||
|
||||
- name: (basic.yml) Ensure files /etc/systemd/system.conf.d/*.conf exists
|
||||
copy:
|
||||
src: '{{ item.src_path }}'
|
||||
dest: '{{ item.dest_path }}'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
loop: "{{ copy_plain_files_systemd }}"
|
||||
loop_control:
|
||||
label: 'dest: {{ item.name }}'
|
||||
when:
|
||||
- copy_plain_files_systemd is defined
|
||||
- copy_plain_files_systemd|length > 0
|
||||
tags:
|
||||
- systemd-config
|
||||
|
||||
- name: (basic.yml) Ensure directory '/etc/sysctl.d' exists
|
||||
file:
|
||||
path: etc/sysctl.d
|
||||
state: directory
|
||||
mode: 0755
|
||||
group: root
|
||||
owner: root
|
||||
when:
|
||||
- copy_plain_files_sysctl is defined
|
||||
- copy_plain_files_sysctl|length > 0
|
||||
tags:
|
||||
- systctl-config
|
||||
|
||||
- name: (basic.yml) Ensure files /etc/sysctl.d/*.conf exists
|
||||
copy:
|
||||
src: '{{ item.src_path }}'
|
||||
dest: '{{ item.dest_path }}'
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
loop: "{{ copy_plain_files_sysctl }}"
|
||||
loop_control:
|
||||
label: 'dest: {{ item.name }}'
|
||||
when:
|
||||
- copy_plain_files_sysctl is defined
|
||||
- copy_plain_files_sysctl|length > 0
|
||||
tags:
|
||||
- systctl-config
|
||||
|
||||
#- name: (basic.yml) Check file '/etc/systemd/system.conf' exists
|
||||
# stat:
|
||||
# path: /etc/systemd/system
|
||||
# register: etc_systemd_system_conf
|
||||
# when:
|
||||
# - set_default_limit_nofile|bool == true
|
||||
#
|
||||
#- name: (basic.yml) Change DefaultLimitNOFILE to 1048576
|
||||
# lineinfile:
|
||||
# dest: /etc/systemd/system.conf
|
||||
# state: present
|
||||
# regexp: '^DefaultLimitNOFILE'
|
||||
# line: 'DefaultLimitNOFILE=1048576'
|
||||
# insertafter: '^#DefaultLimitNOFILE'
|
||||
# when:
|
||||
# - set_default_limit_nofile|bool == true
|
||||
# - etc_systemd_system_conf.stat.exists == true
|
||||
# tags:
|
||||
# - systemd-nofiles
|
||||
|
||||
@ -60,6 +60,8 @@
|
||||
notify: "Restart ssh"
|
||||
when:
|
||||
- create_sftp_group is defined and not create_sftp_group
|
||||
- ansible_facts['distribution'] == "Debian"
|
||||
- ansible_facts['distribution_major_version'] <= "10"
|
||||
tags:
|
||||
- sshd-config
|
||||
|
||||
@ -74,6 +76,46 @@
|
||||
notify: "Restart ssh"
|
||||
when:
|
||||
- create_sftp_group is defined and create_sftp_group
|
||||
- ansible_facts['distribution'] == "Debian"
|
||||
- ansible_facts['distribution_major_version'] <= "10"
|
||||
tags:
|
||||
- sshd-config
|
||||
|
||||
- name: (sshd.yml) Check if sshd_config contains activ parameter 'Subsystem sftp'..
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '^Subsystem\s+sftp(.+)$'
|
||||
state: absent
|
||||
check_mode: yes
|
||||
changed_when: false
|
||||
register: sshd_config_sftp
|
||||
tags:
|
||||
- sshd-config
|
||||
|
||||
- name: (sshd.yml) Ensure directory '/etc/ssh/sshd_config.d' exists
|
||||
file:
|
||||
path: /etc/ssh/sshd_config.d
|
||||
state: directory
|
||||
mode: 0755
|
||||
group: root
|
||||
owner: root
|
||||
when:
|
||||
- ansible_facts['distribution'] == "Debian"
|
||||
- ansible_facts['distribution_major_version'] > "10"
|
||||
tags:
|
||||
- sshd-config
|
||||
|
||||
- name: (sshd.yml) Create/Update file '/etc/ssh/sshd_config.d/50-sshd-local.conf' from template sshd_config.j2
|
||||
template:
|
||||
src: etc/ssh/sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config.d/50-sshd-local.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: "Restart ssh"
|
||||
when:
|
||||
- ansible_facts['distribution'] == "Debian"
|
||||
- ansible_facts['distribution_major_version'] > "10"
|
||||
tags:
|
||||
- sshd-config
|
||||
|
||||
|
||||
@ -25,16 +25,16 @@
|
||||
tags:
|
||||
- sudoers-remove
|
||||
|
||||
- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
|
||||
template:
|
||||
src: etc/sudoers.d/50-user.j2
|
||||
dest: /etc/sudoers.d/50-user
|
||||
#validate: visudo -cf %s
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0440
|
||||
tags:
|
||||
- sudoers-file-configuration
|
||||
#- name: (sudoers.yml) update specific sudoers configuration files (/etc/sudoers.d/)
|
||||
# template:
|
||||
# src: etc/sudoers.d/50-user.j2
|
||||
# dest: /etc/sudoers.d/50-user
|
||||
# #validate: visudo -cf %s
|
||||
# owner: root
|
||||
# group: root
|
||||
# mode: 0440
|
||||
# tags:
|
||||
# - sudoers-file-configuration
|
||||
|
||||
- name: (sudoers.yml) update global sudoers configuration file
|
||||
template:
|
||||
|
||||
Reference in New Issue
Block a user