Página inicial Explorar Ajuda
Entrar
blaine
/
infra
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: a85957aa1b
Branches Tags
infra
/
roles
/
bootstrap
/
tasks
/
main.yml

main.yml 1.7 KB
Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. ---
    2. 

  2. - name: Install Python without using Ansible modules
    3. 

  3.   raw: >
    4. 

  4.        bash -c "test -e /usr/bin/python3 || 
    5. 

  5.        (test -e /usr/bin/yum && yum install -y python3) || 
    6. 

  6.        (apt install -y python3 python-apt) || 
    7. 

  7.        grep -i LibreELEC /etc/os-release"
    8. 

  8.   changed_when: false
    9. 

  9. 

  10. - name: Gather facts now that Python is installed
    11. 

  11.   setup:
    12. 

  12. 

  13. - name: Install sudo and lsb (RPM)
    14. 

  14.   package:
    15. 

  15.     name:
    16. 

  16.       - sudo
    17. 

  17.       - "{% if ansible_distribution_major_version != '9' %}redhat-lsb-core{% else %}python3-libselinux{% endif %}"
    18. 

  18.     state: present
    19. 

  19.   when:
    20. 

  20.     - ansible_distribution == 'CentOS' or ansible_distribution == 'Fedora'
    21. 

  21. 

  22. - name: Install sudo and lsb (DEB)
    23. 

  23.   package:
    24. 

  24.     name:
    25. 

  25.       - sudo
    26. 

  26.       - lsb-release
    27. 

  27.     state: present
    28. 

  28.   when:
    29. 

  29.     - ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
    30. 

  30. 

  31. - name: Install SELinux Python Modules (Fedora)
    32. 

  32.   package:
    33. 

  33.     name:
    34. 

  34.       - python3-libselinux
    35. 

  35.     state: present
    36. 

  36.   when:
    37. 

  37.     - ansible_distribution == 'Fedora'
    38. 

  38. 

  39. - name: Gather facts again now that lsb is installed
    40. 

  40.   setup:
    41. 

  41. 

  42. - name: Creating ansible user
    43. 

  43.   user:
    44. 

  44.     name: ansible
    45. 

  45.     state: present
    46. 

  46.     shell: /bin/bash
    47. 

  47.     uid: "{{ ansible_creation_uid }}"
    48. 

  48.     create_home: yes
    49. 

  49.   when:
    50. 

  50.     - ansible_os_family != 'LibreELEC'
    51. 

  51. 

  52. - name: Adding ansible as a sudoer
    53. 

  53.   copy:
    54. 

  54.     src: 10_ansible
    55. 

  55.     dest: /etc/sudoers.d/10_ansible
    56. 

  56.     owner: root
    57. 

  57.     group: root
    58. 

  58.     mode: '0640'
    59. 

  59.   when:
    60. 

  60.     - ansible_os_family != 'LibreELEC'
    61. 

  61. 

  62. - import_role:
    63. 

  63.     name: common
    64. 

  64. 

  65. - name: Ensure only key-based SSH logins are allowed
    66. 

  66.   lineinfile:
    67. 

  67.     path: /etc/ssh/sshd_config
    68. 

  68.     regexp: '^PasswordAuthentication'
    69. 

  69.     line: 'PasswordAuthentication no'
    70. 

  70.     state: present
    71. 

  71.   notify:
    72. 

  72.     - Restart sshd
    73. 

  73.   when:
    74. 

  74.     - ansible_os_family != 'LibreELEC' # / is mounted RO in LibreELEC
    75.